3723 lines
1.9 MiB
JSON
3723 lines
1.9 MiB
JSON
|
{
|
||
|
"Event": {
|
||
|
"analysis": "0",
|
||
|
"date": "2020-12-14",
|
||
|
"extends_uuid": "632aaf17-44db-4c3e-bf97-59820990491a",
|
||
|
"info": "OSINT - UNC2452 / SUNBURST @vxunderground OSINT related findings",
|
||
|
"publish_timestamp": "1607931326",
|
||
|
"published": true,
|
||
|
"threat_level_id": "1",
|
||
|
"timestamp": "1607931286",
|
||
|
"uuid": "f78232e7-0b7a-49f7-9e57-1482db2b6335",
|
||
|
"Orgc": {
|
||
|
"name": "CIRCL",
|
||
|
"uuid": "55f6ea5e-2c60-40e5-964f-47a8950d210f"
|
||
|
},
|
||
|
"Tag": [
|
||
|
{
|
||
|
"colour": "#004646",
|
||
|
"name": "type:OSINT"
|
||
|
},
|
||
|
{
|
||
|
"colour": "#0071c3",
|
||
|
"name": "osint:lifetime=\"perpetual\""
|
||
|
},
|
||
|
{
|
||
|
"colour": "#0087e8",
|
||
|
"name": "osint:certainty=\"50\""
|
||
|
},
|
||
|
{
|
||
|
"colour": "#ffffff",
|
||
|
"name": "tlp:white"
|
||
|
}
|
||
|
],
|
||
|
"Attribute": [
|
||
|
{
|
||
|
"category": "Payload delivery",
|
||
|
"comment": "",
|
||
|
"deleted": false,
|
||
|
"disable_correlation": false,
|
||
|
"timestamp": "1607930546",
|
||
|
"to_ids": true,
|
||
|
"type": "sha1",
|
||
|
"uuid": "85510dea-92e3-4135-87db-06da6bce4c2c",
|
||
|
"value": "1acf3108bf1e376c8848fbb25dc87424f2c2a39c"
|
||
|
},
|
||
|
{
|
||
|
"category": "Payload delivery",
|
||
|
"comment": "",
|
||
|
"deleted": false,
|
||
|
"disable_correlation": false,
|
||
|
"timestamp": "1607930546",
|
||
|
"to_ids": true,
|
||
|
"type": "sha1",
|
||
|
"uuid": "f37e202e-5d7a-4a1b-a2e0-8909ce5945fd",
|
||
|
"value": "e257236206e99f5a5c62035c9c59c57206728b28"
|
||
|
},
|
||
|
{
|
||
|
"category": "Payload delivery",
|
||
|
"comment": "",
|
||
|
"deleted": false,
|
||
|
"disable_correlation": false,
|
||
|
"timestamp": "1607930546",
|
||
|
"to_ids": true,
|
||
|
"type": "sha1",
|
||
|
"uuid": "a70342dd-16f8-415c-8796-d5139e24ad75",
|
||
|
"value": "bcb5a4dcbc60d26a5f619518f2cfc1b4bb4e4387"
|
||
|
},
|
||
|
{
|
||
|
"category": "Payload delivery",
|
||
|
"comment": "",
|
||
|
"deleted": false,
|
||
|
"disable_correlation": false,
|
||
|
"timestamp": "1607930546",
|
||
|
"to_ids": true,
|
||
|
"type": "sha1",
|
||
|
"uuid": "e6fe6399-3e40-4fbd-93e5-44fec18c2583",
|
||
|
"value": "5e643654179e8b4cfe1d3c1906a90a4c8d611cea"
|
||
|
},
|
||
|
{
|
||
|
"category": "Payload delivery",
|
||
|
"comment": "",
|
||
|
"deleted": false,
|
||
|
"disable_correlation": false,
|
||
|
"timestamp": "1607930546",
|
||
|
"to_ids": true,
|
||
|
"type": "sha1",
|
||
|
"uuid": "5d539d55-5211-42fa-a609-c2e471bfa43f",
|
||
|
"value": "ebe711516d0f5cd8126f4d53e375c90b7b95e8f2"
|
||
|
},
|
||
|
{
|
||
|
"category": "External analysis",
|
||
|
"comment": "",
|
||
|
"deleted": false,
|
||
|
"disable_correlation": false,
|
||
|
"timestamp": "1607930587",
|
||
|
"to_ids": false,
|
||
|
"type": "link",
|
||
|
"uuid": "ef7c91c3-3a91-48f9-a2fa-931cc4a228c2",
|
||
|
"value": "https://vxug.fakedoma.in/samples/Exotic/UNC2452/SolarWinds%20Breach/"
|
||
|
}
|
||
|
],
|
||
|
"Object": [
|
||
|
{
|
||
|
"comment": "",
|
||
|
"deleted": false,
|
||
|
"description": "Object describing a section of a Portable Executable",
|
||
|
"meta-category": "file",
|
||
|
"name": "pe-section",
|
||
|
"template_uuid": "198a17d2-a135-4b25-9a32-5aa4e632014a",
|
||
|
"template_version": "3",
|
||
|
"timestamp": "1607930760",
|
||
|
"uuid": "c35e55e1-dc94-49a7-a3a1-4018b4f17a04",
|
||
|
"Attribute": [
|
||
|
{
|
||
|
"category": "Other",
|
||
|
"comment": "",
|
||
|
"deleted": false,
|
||
|
"disable_correlation": true,
|
||
|
"object_relation": "name",
|
||
|
"timestamp": "1607930760",
|
||
|
"to_ids": false,
|
||
|
"type": "text",
|
||
|
"uuid": "29a6c4d1-e274-4b6e-87be-255f793e2ff5",
|
||
|
"value": ".text"
|
||
|
},
|
||
|
{
|
||
|
"category": "Other",
|
||
|
"comment": "",
|
||
|
"deleted": false,
|
||
|
"disable_correlation": true,
|
||
|
"object_relation": "size-in-bytes",
|
||
|
"timestamp": "1607930760",
|
||
|
"to_ids": false,
|
||
|
"type": "size-in-bytes",
|
||
|
"uuid": "7777aaed-c062-4b75-8c18-53ca12873aa0",
|
||
|
"value": "1018368"
|
||
|
},
|
||
|
{
|
||
|
"category": "Other",
|
||
|
"comment": "",
|
||
|
"deleted": false,
|
||
|
"disable_correlation": true,
|
||
|
"object_relation": "entropy",
|
||
|
"timestamp": "1607930760",
|
||
|
"to_ids": false,
|
||
|
"type": "float",
|
||
|
"uuid": "c9860ec0-4232-48df-9481-ac92801b5e06",
|
||
|
"value": "5.5695446259584"
|
||
|
},
|
||
|
{
|
||
|
"category": "Payload delivery",
|
||
|
"comment": "",
|
||
|
"deleted": false,
|
||
|
"disable_correlation": false,
|
||
|
"object_relation": "md5",
|
||
|
"timestamp": "1607930760",
|
||
|
"to_ids": true,
|
||
|
"type": "md5",
|
||
|
"uuid": "842c8449-8cdc-4027-bfe8-0d55fc724f20",
|
||
|
"value": "5a1c26db5b9b9a2d0a630e63ff83f0bf"
|
||
|
},
|
||
|
{
|
||
|
"category": "Payload delivery",
|
||
|
"comment": "",
|
||
|
"deleted": false,
|
||
|
"disable_correlation": false,
|
||
|
"object_relation": "sha1",
|
||
|
"timestamp": "1607930760",
|
||
|
"to_ids": true,
|
||
|
"type": "sha1",
|
||
|
"uuid": "bcb1a128-68d1-45d4-8b66-6d5f38f7b797",
|
||
|
"value": "18ea74745f5c8992a95ae40bfe2158c8d7e34acf"
|
||
|
},
|
||
|
{
|
||
|
"category": "Payload delivery",
|
||
|
"comment": "",
|
||
|
"deleted": false,
|
||
|
"disable_correlation": false,
|
||
|
"object_relation": "sha256",
|
||
|
"timestamp": "1607930760",
|
||
|
"to_ids": true,
|
||
|
"type": "sha256",
|
||
|
"uuid": "b175ac6d-4eb6-4e13-a39c-4d8130d40704",
|
||
|
"value": "02811d870295f78bf9aa3c9f42ca11f2838171fe73e70dbbc158fae590161573"
|
||
|
},
|
||
|
{
|
||
|
"category": "Payload delivery",
|
||
|
"comment": "",
|
||
|
"deleted": false,
|
||
|
"disable_correlation": false,
|
||
|
"object_relation": "sha512",
|
||
|
"timestamp": "1607930760",
|
||
|
"to_ids": true,
|
||
|
"type": "sha512",
|
||
|
"uuid": "e7364bdc-dafd-4a3e-bcb4-c8c59f8391aa",
|
||
|
"value": "c0e04da710f18443018aeef4ab387903f93f95a42b700a3a88b3ea7c35ae3821850f1583494172f5650a69a9acf8f9d63d1fca22aac115f1fdc4ec8b78c5d7e6"
|
||
|
},
|
||
|
{
|
||
|
"category": "Payload delivery",
|
||
|
"comment": "",
|
||
|
"deleted": false,
|
||
|
"disable_correlation": false,
|
||
|
"object_relation": "ssdeep",
|
||
|
"timestamp": "1607930760",
|
||
|
"to_ids": true,
|
||
|
"type": "ssdeep",
|
||
|
"uuid": "1c385fd7-be09-4cdf-a332-606181a5ba8f",
|
||
|
"value": "12288:6JKoHwfn/jz3bbO4Qag2I97PMieSLezPKT+BYvjenWHuhh9c0g8vkzK19QU:KEfDbO97P8TrK0YbenWH4c0g8vkzK19b"
|
||
|
}
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"comment": "",
|
||
|
"deleted": false,
|
||
|
"description": "Object describing a section of a Portable Executable",
|
||
|
"meta-category": "file",
|
||
|
"name": "pe-section",
|
||
|
"template_uuid": "198a17d2-a135-4b25-9a32-5aa4e632014a",
|
||
|
"template_version": "3",
|
||
|
"timestamp": "1607930761",
|
||
|
"uuid": "fdf86a09-fb48-495d-8bf3-50579e86edd8",
|
||
|
"Attribute": [
|
||
|
{
|
||
|
"category": "Other",
|
||
|
"comment": "",
|
||
|
"deleted": false,
|
||
|
"disable_correlation": true,
|
||
|
"object_relation": "name",
|
||
|
"timestamp": "1607930761",
|
||
|
"to_ids": false,
|
||
|
"type": "text",
|
||
|
"uuid": "ea591c12-7d54-4190-b8ab-ffee6c3be07d",
|
||
|
"value": ".rsrc"
|
||
|
},
|
||
|
{
|
||
|
"category": "Other",
|
||
|
"comment": "",
|
||
|
"deleted": false,
|
||
|
"disable_correlation": true,
|
||
|
"object_relation": "size-in-bytes",
|
||
|
"timestamp": "1607930761",
|
||
|
"to_ids": false,
|
||
|
"type": "size-in-bytes",
|
||
|
"uuid": "9da5a332-1220-482b-9147-75e99a489c08",
|
||
|
"value": "1536"
|
||
|
},
|
||
|
{
|
||
|
"category": "Other",
|
||
|
"comment": "",
|
||
|
"deleted": false,
|
||
|
"disable_correlation": true,
|
||
|
"object_relation": "entropy",
|
||
|
"timestamp": "1607930761",
|
||
|
"to_ids": false,
|
||
|
"type": "float",
|
||
|
"uuid": "bf6fdc37-fb1c-41fe-bd98-05cf7e27c864",
|
||
|
"value": "3.3927625723408"
|
||
|
},
|
||
|
{
|
||
|
"category": "Payload delivery",
|
||
|
"comment": "",
|
||
|
"deleted": false,
|
||
|
"disable_correlation": false,
|
||
|
"object_relation": "md5",
|
||
|
"timestamp": "1607930761",
|
||
|
"to_ids": true,
|
||
|
"type": "md5",
|
||
|
"uuid": "d6967720-07d1-410b-bb1a-865a055d44b2",
|
||
|
"value": "da27d86acfb9504441eebac21f66a5df"
|
||
|
},
|
||
|
{
|
||
|
"category": "Payload delivery",
|
||
|
"comment": "",
|
||
|
"deleted": false,
|
||
|
"disable_correlation": false,
|
||
|
"object_relation": "sha1",
|
||
|
"timestamp": "1607930761",
|
||
|
"to_ids": true,
|
||
|
"type": "sha1",
|
||
|
"uuid": "d3fd1a8b-83c8-443b-8cb4-64f08543632e",
|
||
|
"value": "939387cdbb29755bf192c2bfce2701c1a27354a6"
|
||
|
},
|
||
|
{
|
||
|
"category": "Payload delivery",
|
||
|
"comment": "",
|
||
|
"deleted": false,
|
||
|
"disable_correlation": false,
|
||
|
"object_relation": "sha256",
|
||
|
"timestamp": "1607930761",
|
||
|
"to_ids": true,
|
||
|
"type": "sha256",
|
||
|
"uuid": "af77388d-7b96-409d-82e6-6fce4d9ec10a",
|
||
|
"value": "016bbefdcbda1e07eca63a07fabe2dad2b25a4b78cd0bc6564c6d0ad3a6b7523"
|
||
|
},
|
||
|
{
|
||
|
"category": "Payload delivery",
|
||
|
"comment": "",
|
||
|
"deleted": false,
|
||
|
"disable_correlation": false,
|
||
|
"object_relation": "sha512",
|
||
|
"timestamp": "1607930761",
|
||
|
"to_ids": true,
|
||
|
"type": "sha512",
|
||
|
"uuid": "0efba345-1b24-4f23-95fd-6a0147caebc9",
|
||
|
"value": "713dece3f4687ea6e4591a7e9e3975ce0bfae2dda5a742b29e78ee5088ae148992995373177a1d5583c6da4877c99e813ba440e386705c2bd7b1ea8c2058e498"
|
||
|
},
|
||
|
{
|
||
|
"category": "Payload delivery",
|
||
|
"comment": "",
|
||
|
"deleted": false,
|
||
|
"disable_correlation": false,
|
||
|
"object_relation": "ssdeep",
|
||
|
"timestamp": "1607930761",
|
||
|
"to_ids": true,
|
||
|
"type": "ssdeep",
|
||
|
"uuid": "ecc669c8-844f-43aa-a285-2b37afa57330",
|
||
|
"value": "24:YE66ZyxF4iPXOL1+N0MnaOL1hyYinXF4OL1F3YOL15PNMMDqMM:YrjleBw0MjBhyXBB9hB7MM2MM"
|
||
|
}
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"comment": "",
|
||
|
"deleted": false,
|
||
|
"description": "Object describing a section of a Portable Executable",
|
||
|
"meta-category": "file",
|
||
|
"name": "pe-section",
|
||
|
"template_uuid": "198a17d2-a135-4b25-9a32-5aa4e632014a",
|
||
|
"template_version": "3",
|
||
|
"timestamp": "1607930761",
|
||
|
"uuid": "4a09fc7a-97ba-434d-a669-fc640686e880",
|
||
|
"Attribute": [
|
||
|
{
|
||
|
"category": "Other",
|
||
|
"comment": "",
|
||
|
"deleted": false,
|
||
|
"disable_correlation": true,
|
||
|
"object_relation": "name",
|
||
|
"timestamp": "1607930761",
|
||
|
"to_ids": false,
|
||
|
"type": "text",
|
||
|
"uuid": "c4e41937-dabe-4fca-b7a7-22048028098f",
|
||
|
"value": ".reloc"
|
||
|
},
|
||
|
{
|
||
|
"category": "Other",
|
||
|
"comment": "",
|
||
|
"deleted": false,
|
||
|
"disable_correlation": true,
|
||
|
"object_relation": "size-in-bytes",
|
||
|
"timestamp": "1607930761",
|
||
|
"to_ids": false,
|
||
|
"type": "size-in-bytes",
|
||
|
"uuid": "544072ea-6e62-4186-b27b-60a69ad71ac4",
|
||
|
"value": "512"
|
||
|
},
|
||
|
{
|
||
|
"category": "Other",
|
||
|
"comment": "",
|
||
|
"deleted": false,
|
||
|
"disable_correlation": true,
|
||
|
"object_relation": "entropy",
|
||
|
"timestamp": "1607930761",
|
||
|
"to_ids": false,
|
||
|
"type": "float",
|
||
|
"uuid": "26a034d3-61de-4d2d-98a9-31890a2536db",
|
||
|
"value": "1.9473387961876"
|
||
|
},
|
||
|
{
|
||
|
"category": "Payload delivery",
|
||
|
"comment": "",
|
||
|
"deleted": false,
|
||
|
"disable_correlation": false,
|
||
|
"object_relation": "md5",
|
||
|
"timestamp": "1607930761",
|
||
|
"to_ids": true,
|
||
|
"type": "md5",
|
||
|
"uuid": "15824c39-2aba-445a-a04e-114f3d0cd1b3",
|
||
|
"value": "a29f1db3dd779a4a629939ffeaa3835b"
|
||
|
},
|
||
|
{
|
||
|
"category": "Payload delivery",
|
||
|
"comment": "",
|
||
|
"deleted": false,
|
||
|
"disable_correlation": false,
|
||
|
"object_relation": "sha1",
|
||
|
"timestamp": "1607930761",
|
||
|
"to_ids": true,
|
||
|
"type": "sha1",
|
||
|
"uuid": "1cf0120c-3b17-4185-b447-1adf982233d3",
|
||
|
"value": "c306017f3277b148c4a8914a6c4e46abc1496c94"
|
||
|
},
|
||
|
{
|
||
|
"category": "Payload delivery",
|
||
|
"comment": "",
|
||
|
"deleted": false,
|
||
|
"disable_correlation": false,
|
||
|
"object_relation": "sha256",
|
||
|
"timestamp": "1607930761",
|
||
|
"to_ids": true,
|
||
|
"type": "sha256",
|
||
|
"uuid": "1b50cbfd-0808-4bca-9be6-9b14cf818f45",
|
||
|
"value": "6743e59441d06b5b27d6c2c9cc28ba3e4e81d8955aa0ecde9233cfac0b6e019b"
|
||
|
},
|
||
|
{
|
||
|
"category": "Payload delivery",
|
||
|
"comment": "",
|
||
|
"deleted": false,
|
||
|
"disable_correlation": false,
|
||
|
"object_relation": "sha512",
|
||
|
"timestamp": "1607930761",
|
||
|
"to_ids": true,
|
||
|
"type": "sha512",
|
||
|
"uuid": "127e0360-f208-4e95-8961-28b7d04b2bcf",
|
||
|
"value": "17a273facc124e6696eb6e1dc7c1c81c7dd478f2bff5b9160b6678dca0e460235b1f4a013e49f389a1d8d06bc0ca4471500219ee85e533a64afd2441f9bccef3"
|
||
|
},
|
||
|
{
|
||
|
"category": "Payload delivery",
|
||
|
"comment": "",
|
||
|
"deleted": false,
|
||
|
"disable_correlation": false,
|
||
|
"object_relation": "ssdeep",
|
||
|
"timestamp": "1607930761",
|
||
|
"to_ids": true,
|
||
|
"type": "ssdeep",
|
||
|
"uuid": "9f1c7bde-9015-4801-a37b-23c3fa042d82",
|
||
|
"value": "3:6/Pl:6/d"
|
||
|
}
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"comment": "",
|
||
|
"deleted": false,
|
||
|
"description": "Object describing a Portable Executable",
|
||
|
"meta-category": "file",
|
||
|
"name": "pe",
|
||
|
"template_uuid": "cf7adecc-d4f0-4e88-9d90-f978ee151a07",
|
||
|
"template_version": "5",
|
||
|
"timestamp": "1607930761",
|
||
|
"uuid": "a75bd08b-b215-436e-91f4-3382bbb70493",
|
||
|
"ObjectReference": [
|
||
|
{
|
||
|
"comment": "Section 0 of PE",
|
||
|
"object_uuid": "a75bd08b-b215-436e-91f4-3382bbb70493",
|
||
|
"referenced_uuid": "c35e55e1-dc94-49a7-a3a1-4018b4f17a04",
|
||
|
"relationship_type": "includes",
|
||
|
"timestamp": "0",
|
||
|
"uuid": "5b0a849d-2552-4595-8ee6-48a96479b621"
|
||
|
},
|
||
|
{
|
||
|
"comment": "Section 1 of PE",
|
||
|
"object_uuid": "a75bd08b-b215-436e-91f4-3382bbb70493",
|
||
|
"referenced_uuid": "fdf86a09-fb48-495d-8bf3-50579e86edd8",
|
||
|
"relationship_type": "includes",
|
||
|
"timestamp": "0",
|
||
|
"uuid": "ce8898aa-26da-4fda-a22f-246506a4cf2e"
|
||
|
},
|
||
|
{
|
||
|
"comment": "Section 2 of PE",
|
||
|
"object_uuid": "a75bd08b-b215-436e-91f4-3382bbb70493",
|
||
|
"referenced_uuid": "4a09fc7a-97ba-434d-a669-fc640686e880",
|
||
|
"relationship_type": "includes",
|
||
|
"timestamp": "0",
|
||
|
"uuid": "b8d3a2be-2eec-473a-81f4-e947cff33c22"
|
||
|
}
|
||
|
],
|
||
|
"Attribute": [
|
||
|
{
|
||
|
"category": "Other",
|
||
|
"comment": "",
|
||
|
"deleted": false,
|
||
|
"disable_correlation": true,
|
||
|
"object_relation": "type",
|
||
|
"timestamp": "1607930761",
|
||
|
"to_ids": false,
|
||
|
"type": "text",
|
||
|
"uuid": "270a384f-6766-44c7-b72a-3f0d57ba6ffb",
|
||
|
"value": "dll"
|
||
|
},
|
||
|
{
|
||
|
"category": "Other",
|
||
|
"comment": "",
|
||
|
"deleted": false,
|
||
|
"disable_correlation": true,
|
||
|
"object_relation": "entrypoint-address",
|
||
|
"timestamp": "1607930761",
|
||
|
"to_ids": false,
|
||
|
"type": "text",
|
||
|
"uuid": "6502104a-eb05-427b-bfdb-f7ee79c23040",
|
||
|
"value": "269460022"
|
||
|
},
|
||
|
{
|
||
|
"category": "Other",
|
||
|
"comment": "",
|
||
|
"deleted": false,
|
||
|
"disable_correlation": false,
|
||
|
"object_relation": "compilation-timestamp",
|
||
|
"timestamp": "1607930761",
|
||
|
"to_ids": false,
|
||
|
"type": "datetime",
|
||
|
"uuid": "6cc4faca-4fc0-4306-be20-1db05669ded4",
|
||
|
"value": "2020-05-11T21:32:40+00:00"
|
||
|
},
|
||
|
{
|
||
|
"category": "Payload delivery",
|
||
|
"comment": "",
|
||
|
"deleted": false,
|
||
|
"disable_correlation": true,
|
||
|
"object_relation": "original-filename",
|
||
|
"timestamp": "1607930761",
|
||
|
"to_ids": true,
|
||
|
"type": "filename",
|
||
|
"uuid": "0292fe32-b024-4f56-9ec4-17602d07b58d",
|
||
|
"value": "SolarWinds.Orion.Core.BusinessLayer.dll"
|
||
|
},
|
||
|
{
|
||
|
"category": "Payload delivery",
|
||
|
"comment": "",
|
||
|
"deleted": false,
|
||
|
"disable_correlation": true,
|
||
|
"object_relation": "internal-filename",
|
||
|
"timestamp": "1607930761",
|
||
|
"to_ids": true,
|
||
|
"type": "filename",
|
||
|
"uuid": "7247bec6-6273-46b4-b052-299de463166d",
|
||
|
"value": "SolarWinds.Orion.Core.BusinessLayer.dll"
|
||
|
},
|
||
|
{
|
||
|
"category": "Other",
|
||
|
"comment": "",
|
||
|
"deleted": false,
|
||
|
"disable_correlation": true,
|
||
|
"object_relation": "file-description",
|
||
|
"timestamp": "1607930761",
|
||
|
"to_ids": false,
|
||
|
"type": "text",
|
||
|
"uuid": "c2bef7fe-ce36-469c-98a6-e854526e7a0b",
|
||
|
"value": "SolarWinds.Orion.Core.BusinessLayer"
|
||
|
},
|
||
|
{
|
||
|
"category": "Other",
|
||
|
"comment": "",
|
||
|
"deleted": false,
|
||
|
"disable_correlation": true,
|
||
|
"object_relation": "file-version",
|
||
|
"timestamp": "1607930761",
|
||
|
"to_ids": false,
|
||
|
"type": "text",
|
||
|
"uuid": "bc7fddd6-90be-4f9e-9a52-d8201d6eb11f",
|
||
|
"value": "2020.2.5300.12432"
|
||
|
},
|
||
|
{
|
||
|
"category": "Other",
|
||
|
"comment": "",
|
||
|
"deleted": false,
|
||
|
"disable_correlation": true,
|
||
|
"object_relation": "lang-id",
|
||
|
"timestamp": "1607930761",
|
||
|
"to_ids": false,
|
||
|
"type": "text",
|
||
|
"uuid": "a1daa56a-c904-42a1-9e22-cda7bdb4900a",
|
||
|
"value": "000004b0"
|
||
|
},
|
||
|
{
|
||
|
"category": "Other",
|
||
|
"comment": "",
|
||
|
"deleted": false,
|
||
|
"disable_correlation": true,
|
||
|
"object_relation": "product-name",
|
||
|
"timestamp": "1607930761",
|
||
|
"to_ids": false,
|
||
|
"type": "text",
|
||
|
"uuid": "20247061-be8f-46c2-8e2e-13f87ca45dfe",
|
||
|
"value": "SolarWinds.Orion.Core.BusinessLayer"
|
||
|
},
|
||
|
{
|
||
|
"category": "Other",
|
||
|
"comment": "",
|
||
|
"deleted": false,
|
||
|
"disable_correlation": true,
|
||
|
"object_relation": "product-version",
|
||
|
"timestamp": "1607930761",
|
||
|
"to_ids": false,
|
||
|
"type": "text",
|
||
|
"uuid": "cefbf6be-e59c-4421-9ddb-b4b87ce56473",
|
||
|
"value": "2020.2.5300.12432"
|
||
|
},
|
||
|
{
|
||
|
"category": "Other",
|
||
|
"comment": "",
|
||
|
"deleted": false,
|
||
|
"disable_correlation": true,
|
||
|
"object_relation": "company-name",
|
||
|
"timestamp": "1607930761",
|
||
|
"to_ids": false,
|
||
|
"type": "text",
|
||
|
"uuid": "993e904e-9b93-46d4-82a5-9e417f115575",
|
||
|
"value": "SolarWinds Worldwide, LLC."
|
||
|
},
|
||
|
{
|
||
|
"category": "Other",
|
||
|
"comment": "",
|
||
|
"deleted": false,
|
||
|
"disable_correlation": true,
|
||
|
"object_relation": "legal-copyright",
|
||
|
"timestamp": "1607930761",
|
||
|
"to_ids": false,
|
||
|
"type": "text",
|
||
|
"uuid": "fe5215f2-831d-4c24-a478-fa0ecc9bce1b",
|
||
|
"value": "Copyright \u00a9 1999-2020 SolarWinds Worldwide, LLC. All Rights Reserved."
|
||
|
},
|
||
|
{
|
||
|
"category": "Other",
|
||
|
"comment": "",
|
||
|
"deleted": false,
|
||
|
"disable_correlation": true,
|
||
|
"object_relation": "number-sections",
|
||
|
"timestamp": "1607930761",
|
||
|
"to_ids": false,
|
||
|
"type": "counter",
|
||
|
"uuid": "6c6b2cac-39f1-4c86-ba5f-2a6a7603845c",
|
||
|
"value": "3"
|
||
|
}
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"comment": "",
|
||
|
"deleted": false,
|
||
|
"description": "File object describing a file with meta-information",
|
||
|
"meta-category": "file",
|
||
|
"name": "file",
|
||
|
"template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215",
|
||
|
"template_version": "20",
|
||
|
"timestamp": "1607931286",
|
||
|
"uuid": "da3da386-9fe0-4822-a352-64a138239031",
|
||
|
"ObjectReference": [
|
||
|
{
|
||
|
"comment": "PE indicators",
|
||
|
"object_uuid": "da3da386-9fe0-4822-a352-64a138239031",
|
||
|
"referenced_uuid": "a75bd08b-b215-436e-91f4-3382bbb70493",
|
||
|
"relationship_type": "includes",
|
||
|
"timestamp": "0",
|
||
|
"uuid": "1660ed0d-33cf-44e4-9bdd-7cd73a811f95"
|
||
|
},
|
||
|
{
|
||
|
"comment": "",
|
||
|
"object_uuid": "da3da386-9fe0-4822-a352-64a138239031",
|
||
|
"referenced_uuid": "3073a9b9-f747-4ec4-99c4-f6b5c93fbd7f",
|
||
|
"relationship_type": "analysed-with",
|
||
|
"timestamp": "0",
|
||
|
"uuid": "ef26f788-3b8d-47be-90be-cc55554ae23f"
|
||
|
}
|
||
|
],
|
||
|
"Attribute": [
|
||
|
{
|
||
|
"category": "Payload delivery",
|
||
|
"comment": "",
|
||
|
"deleted": false,
|
||
|
"disable_correlation": true,
|
||
|
"object_relation": "filename",
|
||
|
"timestamp": "1607930761",
|
||
|
"to_ids": true,
|
||
|
"type": "filename",
|
||
|
"uuid": "884f16b8-887f-4990-88bc-e382a11cb712",
|
||
|
"value": "ce77d116a074dab7a22a0fd4f2c1ab475f16eec42e1ded3c0b0aa8211fe858d6"
|
||
|
},
|
||
|
{
|
||
|
"category": "Other",
|
||
|
"comment": "",
|
||
|
"deleted": false,
|
||
|
"disable_correlation": true,
|
||
|
"object_relation": "size-in-bytes",
|
||
|
"timestamp": "1607930761",
|
||
|
"to_ids": false,
|
||
|
"type": "size-in-bytes",
|
||
|
"uuid": "1d119721-8ce7-4210-a31f-32fcedf7dc12",
|
||
|
"value": "1028072"
|
||
|
},
|
||
|
{
|
||
|
"category": "Other",
|
||
|
"comment": "",
|
||
|
"deleted": false,
|
||
|
"disable_correlation": true,
|
||
|
"object_relation": "entropy",
|
||
|
"timestamp": "1607930761",
|
||
|
"to_ids": false,
|
||
|
"type": "float",
|
||
|
"uuid": "a3e4fdf0-e401-4049-b45a-ca6f3309445f",
|
||
|
"value": "5.5800537860468"
|
||
|
},
|
||
|
{
|
||
|
"category": "Payload delivery",
|
||
|
"comment": "",
|
||
|
"deleted": false,
|
||
|
"disable_correlation": false,
|
||
|
"object_relation": "md5",
|
||
|
"timestamp": "1607930761",
|
||
|
"to_ids": true,
|
||
|
"type": "md5",
|
||
|
"uuid": "031bc075-648e-41c0-8bf9-226a6a0c0e83",
|
||
|
"value": "846e27a652a5e1bfbd0ddd38a16dc865"
|
||
|
},
|
||
|
{
|
||
|
"category": "Payload delivery",
|
||
|
"comment": "",
|
||
|
"deleted": false,
|
||
|
"disable_correlation": false,
|
||
|
"object_relation": "sha1",
|
||
|
"timestamp": "1607930761",
|
||
|
"to_ids": true,
|
||
|
"type": "sha1",
|
||
|
"uuid": "c58f3999-342c-4251-b4bc-7be99ef34ccd",
|
||
|
"value": "d130bd75645c2433f88ac03e73395fba172ef676"
|
||
|
},
|
||
|
{
|
||
|
"category": "Payload delivery",
|
||
|
"comment": "",
|
||
|
"deleted": false,
|
||
|
"disable_correlation": false,
|
||
|
"object_relation": "sha256",
|
||
|
"timestamp": "1607930761",
|
||
|
"to_ids": true,
|
||
|
"type": "sha256",
|
||
|
"uuid": "5fa64a98-3a91-41e9-9778-43fbb1befec6",
|
||
|
"value": "ce77d116a074dab7a22a0fd4f2c1ab475f16eec42e1ded3c0b0aa8211fe858d6"
|
||
|
},
|
||
|
{
|
||
|
"category": "Payload delivery",
|
||
|
"comment": "",
|
||
|
"deleted": false,
|
||
|
"disable_correlation": false,
|
||
|
"object_relation": "sha512",
|
||
|
"timestamp": "1607930761",
|
||
|
"to_ids": true,
|
||
|
"type": "sha512",
|
||
|
"uuid": "e0c94234-1ad1-4445-8006-d749d388b69d",
|
||
|
"value": "c26e275b4232be844f6c4062a4f42413099452085060ed4080b880b52800428cd32f69271c98977fa979a89355fbb3b485855ca3d51499bca12dfbf8c3168d2f"
|
||
|
},
|
||
|
{
|
||
|
"category": "Payload delivery",
|
||
|
"comment": "",
|
||
|
"data": "UEsDBBQACQAIAEE7jlGR+7XzxlYFAOivDwAgABwAODQ2ZTI3YTY1MmE1ZTFiZmJkMGRkZDM4YTE2ZGM4NjVVVAkAA4kT11+JE9dfdXgLAAEEIQAAAAQhAAAAQ6/IxEXU0PZol9U2hfgkfOjAiNSynfWpOU2ftgQQu8gVBHoBXZlK1etQcGrmoeCqr8CBLUqkN6o0d1uqRtpVrqi4FqU24WQEOTuSqYXcPqBJGVJDCFhz/NeuplVU+Onmss4QYgRlmxThB5pH8iLHImr4BcU08/U3QRKUgwN5J2yFYwzrmAgmW8vSrpdBD2uvrMF6sSQrqxRBxjXeWnADAu4EvEZzMje9SMCoE4tiGP5Rz5H9QNOaTYnQMP/Ghhkw3EDRB1bqm/NH3ElA5Eax/upYJokaZTbg+bNB2yXnGiOOX0Lrv0e54xtX54vofsuoZLnuK5Tp4aWofeReDE26vABzALIQvnbevekKHK1qeZ43zOiizyChejV9oZBFyyuDigmln0tME6ogOb7yypIXGJJxN1hUnuNnCv8TJAC7/5PVBddPYbMXwjWXLIb2PzqFrbvweK+bFcW5QM89W4PgjSH/8gjZ7zQNHzyM9UF+OT4FDYukNB2mgdIlYQAx7bOC84qWglupTBbaxF+/Dy9JHRRExN1zxqVDf53TcZO2zsQ6wJxHamNXt4eH5081EKyoued2cwRtHOjxrytaEIGTdMwDsos4D3lmJqIKgOEuCLQ/HXHRPAg3ozSAYCe5BSBD/Hd+crOdoo5+iBWvl3Xf+57L5ENwNWnjTlVBOFw4kbkxKCRl2QUz89KhwOgaetHVo7Tzm8UBEQcah5jyWzPZZK3tfDJ/BT8iyz9yn6TGTn8XS2yP5/hJAiFMVgjOveSb1af3n3SXT859OQktVORn6dgGj2ufXdhRHSCqBe61G0iYSuuPe1U2O5JNNhvIbLa3TkmHAACxzgGf46RORaaiCkAsIVGfpfsjKiaEapdODEbVmovHN7aCDU35DhyCJEQ750hCtGZhQhDYnaU+9OScWTzpA09MUX37v6fOKFonrVvpUUqJM9pmw+al3qPVIbSkFZqeJHGJJwTuStuzJxhy5f4E1wvglrokCo+HW4ucsqFTtst+HIprsOxmUoAkGL+H9Hwo8w2mwQPoOa8GnnsM1/dcvpYIzi5ZbyI3hmYhA0rLVyagOT+YxU/fOPTcJWxNcXJ0KtaDN8lEU0ERJ4ess0wrWAqheiyoXGwNVltDg7MedQs3KiA4PI21VCDKQkzloDeUnAc4L3lk/cGsvgFfbcwQp5VLl2m56IkuQimcuxE+rZIHRB4/7+ZlL8IlcEPNXx0MU4i41NgaNTyF/1XmrXywRwuqwyvaSkwlsffl9kvBg/+gxqGto5DsONQJa0OtkN2nXCPDhoH191Bbm24IjtCqOaq4IdYdA8rQ7qnpQdtjdsOOfNrDmSynbnWYpMIyoknWVZFgX5kt8R5QQhBLPyvlayaVBaUQUnPA426trOa6zMStHNOi+eilEOoTEwdpqNr6UNRZ4+Dwzrdhyd9e3hYGAPbo6oOmvcFwX/UxxEMztf9OKsQl2D/hIrvGVop4BLkt5ha5GSZhzDl0LUR8TRxxv/MIwZMPcEJw9TSMxIsqvUQLADU0r7UMEVcwnJZZ//DCuuN+SX7Rly56P82+yQu323xK1lLcydl093qU0LrMG1mnuSpgHOY+9936ZoWH/H2BoH4ZJiiE38++O7msahX8QDenxU+vpBee21GjWCtWI0HLzH8P1ipz4JZU/IhIXzi39zDrXOAS9fzMSdigdolSlti5r2wVSOXJreTgtw+tgkY4YwMbEHFzp1kUfG7+y+hbWS3ieQYi5w1oL1KStACaEVv1HIrRD1Sg59PcAcg066oeyiawY8340CQVXcUCeOzwmakZ47kBmCxqhGmx0UAaxUK4+1iE68LgSql+pkv2bbGPPBR3Y1tLRhdhGb4fAzTND7Gh5JUnrOs0oLHk+664FgpRRwk6ByL/p3ICQeK4I8cpWDBtjNLMKUGJCYZGDth/obIOMwKBgEOsFnLD4Wu2tomtH9BUziOFevoeqvYA6YhK+z71ShDCT2X2nP+U0gsag3gkNsPylwXSko1BWFUajqXP7Ma6t7Ryj0w7g+DmzU+2i+ysYFlszX7jEVQaxu6UMJblC3KSC6FyGhUUTG2+622463Utci5mbTuHwMOOexK96/uFZ6utNfEin6EFrR47a7hSxIP2Nzz1sYB2I19pLTVA95eaHUr+AUNgUJ0YonA5MJzDT6L7DRJM0FXU5CwnnOpK8JrS+npiV7luOgkri4OwXZ4Q7NFO6Ciy5Fgo1zrZKb5jvXvqglAJjsr9NXvm+2QQPRpiNSENh/Vfbf84qEtMgYCjgKCkIZAV0txsK9J4JlEf9SdZiNq78nNG56cE6Aai352QGzkA1ZEGpRi4sAoDT7dBt+dOmsIf1fHHdgkf6aLiLxsb/qdsymE+ITTRYIYJ7fVApDOMoghPbhsomNqumuN9jGLqmwNdFmeplQ4G5My9Ufg5OUTWZTlm2wh2VebqCPi1B0SpeXRUJaxXDdVtPnSh89vj2lPt/OTSISl+0yyUQsTyb0q1q15uGxADl5YYvWCEhFZf4K99hes6zRPGSZP3pziC5DwVXkJmn5HMNCATl5CnyMsLIIGeePrjWtZ7AeDus/9WJeqR2x1Jj1uUKX7XmZ/fsGUXP0iSf35GFwnj4bAR4wSufQsJ66SCBERr7gUolJ7w5I43dX7ijp8SwagqPV8ZAVBxKNm8i6Q0rz21sbyE1ZcSPAjL7S28K9HrEBAS4nwfmnaAueZr1LqoFzBs9/AKAKTW4dYYoQbPMGT8b/CDYQ21fq1ZA/AVBnzVXNRsRITZzCyphiLldJAWjFFVXAfUM3WxbFKHS21Xl3qyQgMHtNnAGmpamzafDOR7F5YpI5iDsRkbd9+6ULf0SBmlYYHaaZqfL2qhOwuJ3U2kYOF/wtpD8U7HCLVxIXMgdYpDHFHZsp1zNfN0WMoleBCRUrTOXL51XeGHIizosV8GEsU+NqbY4YM/pOLAIGci5buHTiVNA4Eu7yLqCgV/z9U41DRUTUZ9zxJuj139YXPYpFlgowTNWwH0TZvYLQ8EB+oOjKuYcfiJwzuwrY+sVqp987Enfen+lg18ZwuA0R1NJZN2H5paFotiaZSaVgOLWYfwMxOQoehVOe+kHzvYTww+5OXSCc46z4DGEtKfx+YSOY5BLl5xoZkVt/zxKX7m5qqsnyDN1mPFN40dwVcQUpGznQzZ2abm+SLx5XrBDCefd/+SuVaRt1bh4cnPnQ6X4hFf4YCqeKACFzUP5Pr10sc3r/iLk+XHZ7AZrXAWmYk20Lm6YbAbBVXorw7qImp6+wc2Ymxq+texZhg1X67QGdo0ZROG9GWSdvt0xxAp4S7YtIXICkKhQytoGSe6TLC/fD6u1Elbes4Iqn0BZyLakp8opJaaNp+JC6BQ1cGgXTUCoRzw5uZr9Bt925pjyCnd46Bn2+m5tMWX3rt+Xv9SnIgTYpxuRjX2/E02l8UyNxSnf20LnA3lSNgzNKD6psAuL0T7z7/OVI4GfrkOjdawGiLODzE/Cvd3CoUn1W/t1uG3JEhtLKjQYWTdTcM2/j0IdBF21ydABctmv0XhcUxqAct6NXSSptluLB1VynEAd+PZ9ZkOVgBkpvexGcnWvf/zJl/QE1/lPNk6wsxxGXs8MIEh11TFyeoD0SNKsX/Wvu19y0ywNZpRxWWRJC0PXtfLGB/++jn9nfFTRt+0Isu/SMZqqlz2Oiq7lVQF1bkDOdISi1qlbcMENs112dDJ1nWRScjOvlJQK5j5n/1idnxMJr8AIZzsC9yCS2+RkqBI5+4S+7/jO/tSQj56paUC8tfkrOGd7LgMgMY+ZVPWIdIoQX2sORJDWewS5cFnxxl7KRa5Yu0TuMdOpy4i2Elur9642yxFulq5gU2cWrMxvWy1J9ntVRMYhCsmp1BlD36bhBjbIqpMN7h7j+DMVTJddGW/xpwlCF2tRX/shOesfppF5d3qbu23qGajqs7wtz5pz3
|
||
|
"deleted": false,
|
||
|
"disable_correlation": false,
|
||
|
"object_relation": "malware-sample",
|
||
|
"timestamp": "1607930761",
|
||
|
"to_ids": true,
|
||
|
"type": "malware-sample",
|
||
|
"uuid": "c801ce8d-0c33-4906-8bb1-da25bacce8fc",
|
||
|
"value": "ce77d116a074dab7a22a0fd4f2c1ab475f16eec42e1ded3c0b0aa8211fe858d6|846e27a652a5e1bfbd0ddd38a16dc865"
|
||
|
},
|
||
|
{
|
||
|
"category": "Artifacts dropped",
|
||
|
"comment": "",
|
||
|
"deleted": false,
|
||
|
"disable_correlation": true,
|
||
|
"object_relation": "mimetype",
|
||
|
"timestamp": "1607930761",
|
||
|
"to_ids": false,
|
||
|
"type": "mime-type",
|
||
|
"uuid": "f66e1f39-2b44-4595-84e6-2786c861a0f6",
|
||
|
"value": "PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows"
|
||
|
},
|
||
|
{
|
||
|
"category": "Payload delivery",
|
||
|
"comment": "",
|
||
|
"deleted": false,
|
||
|
"disable_correlation": false,
|
||
|
"object_relation": "ssdeep",
|
||
|
"timestamp": "1607930761",
|
||
|
"to_ids": true,
|
||
|
"type": "ssdeep",
|
||
|
"uuid": "d1e04d25-5d80-4698-9095-d0a6c7efe789",
|
||
|
"value": "12288:5JKoHwfn/jz3bbO4Qag2I97PMieSLezPKT+BYvjenWHuhh9c0g8vkzK19Q:vEfDbO97P8TrK0YbenWH4c0g8vkzK19"
|
||
|
}
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"comment": "",
|
||
|
"deleted": false,
|
||
|
"description": "Object describing a section of a Portable Executable",
|
||
|
"meta-category": "file",
|
||
|
"name": "pe-section",
|
||
|
"template_uuid": "198a17d2-a135-4b25-9a32-5aa4e632014a",
|
||
|
"template_version": "3",
|
||
|
"timestamp": "1607930762",
|
||
|
"uuid": "9d50d8e5-8c9f-42d3-b0af-aba92a54dc19",
|
||
|
"Attribute": [
|
||
|
{
|
||
|
"category": "Other",
|
||
|
"comment": "",
|
||
|
"deleted": false,
|
||
|
"disable_correlation": true,
|
||
|
"object_relation": "name",
|
||
|
"timestamp": "1607930762",
|
||
|
"to_ids": false,
|
||
|
"type": "text",
|
||
|
"uuid": "30cc66ed-6a2e-4562-a96c-fed8a4f2332f",
|
||
|
"value": ".text"
|
||
|
},
|
||
|
{
|
||
|
"category": "Other",
|
||
|
"comment": "",
|
||
|
"deleted": false,
|
||
|
"disable_correlation": true,
|
||
|
"object_relation": "size-in-bytes",
|
||
|
"timestamp": "1607930762",
|
||
|
"to_ids": false,
|
||
|
"type": "size-in-bytes",
|
||
|
"uuid": "39f96b1d-f827-47dd-8b1a-320709384b70",
|
||
|
"value": "924672"
|
||
|
},
|
||
|
{
|
||
|
"category": "Other",
|
||
|
"comment": "",
|
||
|
"deleted": false,
|
||
|
"disable_correlation": true,
|
||
|
"object_relation": "entropy",
|
||
|
"timestamp": "1607930762",
|
||
|
"to_ids": false,
|
||
|
"type": "float",
|
||
|
"uuid": "09165408-d87e-4886-8ab5-025954fd4c12",
|
||
|
"value": "5.6441844251496"
|
||
|
},
|
||
|
{
|
||
|
"category": "Payload delivery",
|
||
|
"comment": "",
|
||
|
"deleted": false,
|
||
|
"disable_correlation": false,
|
||
|
"object_relation": "md5",
|
||
|
"timestamp": "1607930762",
|
||
|
"to_ids": true,
|
||
|
"type": "md5",
|
||
|
"uuid": "5c0872f1-daaa-4272-a776-789498ef0842",
|
||
|
"value": "cf450191b90401e1015aa2433d7d0b47"
|
||
|
},
|
||
|
{
|
||
|
"category": "Payload delivery",
|
||
|
"comment": "",
|
||
|
"deleted": false,
|
||
|
"disable_correlation": false,
|
||
|
"object_relation": "sha1",
|
||
|
"timestamp": "1607930762",
|
||
|
"to_ids": true,
|
||
|
"type": "sha1",
|
||
|
"uuid": "a30b699d-1698-4113-bd88-0f5831fa729b",
|
||
|
"value": "e812fddc3c622905954663d30b25fa8adcca6850"
|
||
|
},
|
||
|
{
|
||
|
"category": "Payload delivery",
|
||
|
"comment": "",
|
||
|
"deleted": false,
|
||
|
"disable_correlation": false,
|
||
|
"object_relation": "sha256",
|
||
|
"timestamp": "1607930762",
|
||
|
"to_ids": true,
|
||
|
"type": "sha256",
|
||
|
"uuid": "d74b6998-8f21-44e3-86b5-b46cec7b18c4",
|
||
|
"value": "e29b19ea0c58095c3ab7a19374734bba58effb01498c3f748824fed32326cb06"
|
||
|
},
|
||
|
{
|
||
|
"category": "Payload delivery",
|
||
|
"comment": "",
|
||
|
"deleted": false,
|
||
|
"disable_correlation": false,
|
||
|
"object_relation": "sha512",
|
||
|
"timestamp": "1607930762",
|
||
|
"to_ids": true,
|
||
|
"type": "sha512",
|
||
|
"uuid": "a54e65bb-446a-4bd4-8efd-66fe4b2ccf96",
|
||
|
"value": "612f4238bbf10e162cf33b6ec9e69d975fb67a1f78f9a6f5436460fcd7664909ab2aaceaa4466eaafdde23b62e2dffe51a4e5addcfc028211c77981f0d6f9d13"
|
||
|
},
|
||
|
{
|
||
|
"category": "Payload delivery",
|
||
|
"comment": "",
|
||
|
"deleted": false,
|
||
|
"disable_correlation": false,
|
||
|
"object_relation": "ssdeep",
|
||
|
"timestamp": "1607930762",
|
||
|
"to_ids": true,
|
||
|
"type": "ssdeep",
|
||
|
"uuid": "f824def2-d811-4ec5-9a91-12b5219e02fa",
|
||
|
"value": "24576:GdBfeHcrhCECR1R/zoi8SHoN0W8vB8O3IcL:qe8nK/zopSHoN0W8vB8u"
|
||
|
}
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"comment": "",
|
||
|
"deleted": false,
|
||
|
"description": "Object describing a section of a Portable Executable",
|
||
|
"meta-category": "file",
|
||
|
"name": "pe-section",
|
||
|
"template_uuid": "198a17d2-a135-4b25-9a32-5aa4e632014a",
|
||
|
"template_version": "3",
|
||
|
"timestamp": "1607930762",
|
||
|
"uuid": "712c68c3-179a-442b-b713-fab9eaa9b67e",
|
||
|
"Attribute": [
|
||
|
{
|
||
|
"category": "Other",
|
||
|
"comment": "",
|
||
|
"deleted": false,
|
||
|
"disable_correlation": true,
|
||
|
"object_relation": "name",
|
||
|
"timestamp": "1607930762",
|
||
|
"to_ids": false,
|
||
|
"type": "text",
|
||
|
"uuid": "4bedfd30-2c41-47c3-aba4-f4fff9444674",
|
||
|
"value": ".rsrc"
|
||
|
},
|
||
|
{
|
||
|
"category": "Other",
|
||
|
"comment": "",
|
||
|
"deleted": false,
|
||
|
"disable_correlation": true,
|
||
|
"object_relation": "size-in-bytes",
|
||
|
"timestamp": "1607930762",
|
||
|
"to_ids": false,
|
||
|
"type": "size-in-bytes",
|
||
|
"uuid": "279e2b18-a2ee-44cb-9754-d56d5660035e",
|
||
|
"value": "1536"
|
||
|
},
|
||
|
{
|
||
|
"category": "Other",
|
||
|
"comment": "",
|
||
|
"deleted": false,
|
||
|
"disable_correlation": true,
|
||
|
"object_relation": "entropy",
|
||
|
"timestamp": "1607930762",
|
||
|
"to_ids": false,
|
||
|
"type": "float",
|
||
|
"uuid": "52476f95-1cac-4995-ae75-0eb3763be6d4",
|
||
|
"value": "3.3987008123389"
|
||
|
},
|
||
|
{
|
||
|
"category": "Payload delivery",
|
||
|
"comment": "",
|
||
|
"deleted": false,
|
||
|
"disable_correlation": false,
|
||
|
"object_relation": "md5",
|
||
|
"timestamp": "1607930762",
|
||
|
"to_ids": true,
|
||
|
"type": "md5",
|
||
|
"uuid": "e15d2b4f-69f1-4e70-8f0d-1ef09b96da28",
|
||
|
"value": "005f91999efb988bc401181d2cf103de"
|
||
|
},
|
||
|
{
|
||
|
"category": "Payload delivery",
|
||
|
"comment": "",
|
||
|
"deleted": false,
|
||
|
"disable_correlation": false,
|
||
|
"object_relation": "sha1",
|
||
|
"timestamp": "1607930762",
|
||
|
"to_ids": true,
|
||
|
"type": "sha1",
|
||
|
"uuid": "bf883a99-7b50-47a3-9568-0e5423a3ce57",
|
||
|
"value": "3a6f37bdbd8f812efd0805a5e14f468da79832cc"
|
||
|
},
|
||
|
{
|
||
|
"category": "Payload delivery",
|
||
|
"comment": "",
|
||
|
"deleted": false,
|
||
|
"disable_correlation": false,
|
||
|
"object_relation": "sha256",
|
||
|
"timestamp": "1607930762",
|
||
|
"to_ids": true,
|
||
|
"type": "sha256",
|
||
|
"uuid": "f0b176ab-60da-4fac-a282-541dd163cad8",
|
||
|
"value": "4497bf92f774c9d57a1ad1cf5842e82c94efe82adb78ff3a90a015376361b284"
|
||
|
},
|
||
|
{
|
||
|
"category": "Payload delivery",
|
||
|
"comment": "",
|
||
|
"deleted": false,
|
||
|
"disable_correlation": false,
|
||
|
"object_relation": "sha512",
|
||
|
"timestamp": "1607930762",
|
||
|
"to_ids": true,
|
||
|
"type": "sha512",
|
||
|
"uuid": "52d42062-cf99-487e-b378-3288240ce4f5",
|
||
|
"value": "3da3a9c6f0e53126d2c2723262dbfb08716c02af82157a952da7f2d66540fafabe8db2e2f7c8091ec68f4463feb070bb37ae1b54c91a1d0a07fdf98a5518192e"
|
||
|
},
|
||
|
{
|
||
|
"category": "Payload delivery",
|
||
|
"comment": "",
|
||
|
"deleted": false,
|
||
|
"disable_correlation": false,
|
||
|
"object_relation": "ssdeep",
|
||
|
"timestamp": "1607930762",
|
||
|
"to_ids": true,
|
||
|
"type": "ssdeep",
|
||
|
"uuid": "4be07240-bf2d-4e8b-afcf-9d21c956d1fe",
|
||
|
"value": "24:LXsfQMKyxF4iPXOL1XNN9aOL1hninXF4OL1F3YOL1sPNelvq:LXsnjleBHJBhmBB9hB86i"
|
||
|
}
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"comment": "",
|
||
|
"deleted": false,
|
||
|
"description": "Object describing a section of a Portable Executable",
|
||
|
"meta-category": "file",
|
||
|
"name": "pe-section",
|
||
|
"template_uuid": "198a17d2-a135-4b25-9a32-5aa4e632014a",
|
||
|
"template_version": "3",
|
||
|
"timestamp": "1607930762",
|
||
|
"uuid": "6288dea8-53e7-4000-9bca-0ecc20bd35a4",
|
||
|
"Attribute": [
|
||
|
{
|
||
|
"category": "Other",
|
||
|
"comment": "",
|
||
|
"deleted": false,
|
||
|
"disable_correlation": true,
|
||
|
"object_relation": "name",
|
||
|
"timestamp": "1607930762",
|
||
|
"to_ids": false,
|
||
|
"type": "text",
|
||
|
"uuid": "957cdc36-5b00-48d5-8ea6-dec1a745a264",
|
||
|
"value": ".reloc"
|
||
|
},
|
||
|
{
|
||
|
"category": "Other",
|
||
|
"comment": "",
|
||
|
"deleted": false,
|
||
|
"disable_correlation": true,
|
||
|
"object_relation": "size-in-bytes",
|
||
|
"timestamp": "1607930762",
|
||
|
"to_ids": false,
|
||
|
"type": "size-in-bytes",
|
||
|
"uuid": "99a27047-22f9-45c8-8d25-ada5de687f71",
|
||
|
"value": "512"
|
||
|
},
|
||
|
{
|
||
|
"category": "Other",
|
||
|
"comment": "",
|
||
|
"deleted": false,
|
||
|
"disable_correlation": true,
|
||
|
"object_relation": "entropy",
|
||
|
"timestamp": "1607930762",
|
||
|
"to_ids": false,
|
||
|
"type": "float",
|
||
|
"uuid": "88da1e2c-8bc8-49b1-af8b-4701f34bc0b6",
|
||
|
"value": "1.9473387961876"
|
||
|
},
|
||
|
{
|
||
|
"category": "Payload delivery",
|
||
|
"comment": "",
|
||
|
"deleted": false,
|
||
|
"disable_correlation": false,
|
||
|
"object_relation": "md5",
|
||
|
"timestamp": "1607930762",
|
||
|
"to_ids": true,
|
||
|
"type": "md5",
|
||
|
"uuid": "ed445919-2408-4cb4-8ccc-28336a289792",
|
||
|
"value": "32e87d188187fe9b9f6afd9de48a41d6"
|
||
|
},
|
||
|
{
|
||
|
"category": "Payload delivery",
|
||
|
"comment": "",
|
||
|
"deleted": false,
|
||
|
"disable_correlation": false,
|
||
|
"object_relation": "sha1",
|
||
|
"timestamp": "1607930762",
|
||
|
"to_ids": true,
|
||
|
"type": "sha1",
|
||
|
"uuid": "2020e53f-841b-4160-921b-f7527fdf4398",
|
||
|
"value": "2e10d4aa9df60691736123b143dc3e1dc677330a"
|
||
|
},
|
||
|
{
|
||
|
"category": "Payload delivery",
|
||
|
"comment": "",
|
||
|
"deleted": false,
|
||
|
"disable_correlation": false,
|
||
|
"object_relation": "sha256",
|
||
|
"timestamp": "1607930762",
|
||
|
"to_ids": true,
|
||
|
"type": "sha256",
|
||
|
"uuid": "f87cb4d6-55c1-4b5e-827c-9d9e485be032",
|
||
|
"value": "ca16d1bd56e607403c1b0b5d74c6dc3b8366fa3d982146cc0ec2948099ecfbad"
|
||
|
},
|
||
|
{
|
||
|
"category": "Payload delivery",
|
||
|
"comment": "",
|
||
|
"deleted": false,
|
||
|
"disable_correlation": false,
|
||
|
"object_relation": "sha512",
|
||
|
"timestamp": "1607930762",
|
||
|
"to_ids": true,
|
||
|
"type": "sha512",
|
||
|
"uuid": "b35ce313-1666-47f0-9466-1434eabcaad3",
|
||
|
"value": "8e56b8ec1f8828ac8eef7bb7758987aad8f09be39ae0873c2c1ccefa49b8416a48787488ce21c96159cfa536f881151a3372e1cba0dc40b59f338329287fc010"
|
||
|
},
|
||
|
{
|
||
|
"category": "Payload delivery",
|
||
|
"comment": "",
|
||
|
"deleted": false,
|
||
|
"disable_correlation": false,
|
||
|
"object_relation": "ssdeep",
|
||
|
"timestamp": "1607930762",
|
||
|
"to_ids": true,
|
||
|
"type": "ssdeep",
|
||
|
"uuid": "c955f330-eea4-4c0b-a948-941e2d61253a",
|
||
|
"value": "3:HlZn:r"
|
||
|
}
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"comment": "",
|
||
|
"deleted": false,
|
||
|
"description": "Object describing a Portable Executable",
|
||
|
"meta-category": "file",
|
||
|
"name": "pe",
|
||
|
"template_uuid": "cf7adecc-d4f0-4e88-9d90-f978ee151a07",
|
||
|
"template_version": "5",
|
||
|
"timestamp": "1607930763",
|
||
|
"uuid": "4d4b2085-63f5-46b0-978e-15e1117a003d",
|
||
|
"ObjectReference": [
|
||
|
{
|
||
|
"comment": "Section 0 of PE",
|
||
|
"object_uuid": "4d4b2085-63f5-46b0-978e-15e1117a003d",
|
||
|
"referenced_uuid": "9d50d8e5-8c9f-42d3-b0af-aba92a54dc19",
|
||
|
"relationship_type": "includes",
|
||
|
"timestamp": "0",
|
||
|
"uuid": "184c262a-ade9-435a-84fa-036866a2b0fc"
|
||
|
},
|
||
|
{
|
||
|
"comment": "Section 1 of PE",
|
||
|
"object_uuid": "4d4b2085-63f5-46b0-978e-15e1117a003d",
|
||
|
"referenced_uuid": "712c68c3-179a-442b-b713-fab9eaa9b67e",
|
||
|
"relationship_type": "includes",
|
||
|
"timestamp": "0",
|
||
|
"uuid": "e1389070-a5f4-45e8-8eaa-70b0d51e8774"
|
||
|
},
|
||
|
{
|
||
|
"comment": "Section 2 of PE",
|
||
|
"object_uuid": "4d4b2085-63f5-46b0-978e-15e1117a003d",
|
||
|
"referenced_uuid": "6288dea8-53e7-4000-9bca-0ecc20bd35a4",
|
||
|
"relationship_type": "includes",
|
||
|
"timestamp": "0",
|
||
|
"uuid": "27b0a8ae-0428-46b4-9f8c-b2e8d4ea3f82"
|
||
|
}
|
||
|
],
|
||
|
"Attribute": [
|
||
|
{
|
||
|
"category": "Other",
|
||
|
"comment": "",
|
||
|
"deleted": false,
|
||
|
"disable_correlation": true,
|
||
|
"object_relation": "type",
|
||
|
"timestamp": "1607930762",
|
||
|
"to_ids": false,
|
||
|
"type": "text",
|
||
|
"uuid": "bdd9705c-df6e-41d4-86ba-29700e1a530f",
|
||
|
"value": "dll"
|
||
|
},
|
||
|
{
|
||
|
"category": "Other",
|
||
|
"comment": "",
|
||
|
"deleted": false,
|
||
|
"disable_correlation": true,
|
||
|
"object_relation": "entrypoint-address",
|
||
|
"timestamp": "1607930762",
|
||
|
"to_ids": false,
|
||
|
"type": "text",
|
||
|
"uuid": "070a6a12-2ed5-4791-83ee-d6783f3441a4",
|
||
|
"value": "269367810"
|
||
|
},
|
||
|
{
|
||
|
"category": "Other",
|
||
|
"comment": "",
|
||
|
"deleted": false,
|
||
|
"disable_correlation": false,
|
||
|
"object_relation": "compilation-timestamp",
|
||
|
"timestamp": "1607930762",
|
||
|
"to_ids": false,
|
||
|
"type": "datetime",
|
||
|
"uuid": "a01f0092-7407-4f90-b7db-e08912bcedb7",
|
||
|
"value": "2019-10-10T13:26:39+00:00"
|
||
|
},
|
||
|
{
|
||
|
"category": "Payload delivery",
|
||
|
"comment": "",
|
||
|
"deleted": false,
|
||
|
"disable_correlation": true,
|
||
|
"object_relation": "original-filename",
|
||
|
"timestamp": "1607930763",
|
||
|
"to_ids": true,
|
||
|
"type": "filename",
|
||
|
"uuid": "b266362d-6179-461f-a305-7e4b36a11273",
|
||
|
"value": "SolarWinds.Orion.Core.BusinessLayer.dll"
|
||
|
},
|
||
|
{
|
||
|
"category": "Payload delivery",
|
||
|
"comment": "",
|
||
|
"deleted": false,
|
||
|
"disable_correlation": true,
|
||
|
"object_relation": "internal-filename",
|
||
|
"timestamp": "1607930763",
|
||
|
"to_ids": true,
|
||
|
"type": "filename",
|
||
|
"uuid": "5f6129c7-f754-45cc-a452-a7b94268ecfa",
|
||
|
"value": "SolarWinds.Orion.Core.BusinessLayer.dll"
|
||
|
},
|
||
|
{
|
||
|
"category": "Other",
|
||
|
"comment": "",
|
||
|
"deleted": false,
|
||
|
"disable_correlation": true,
|
||
|
"object_relation": "file-description",
|
||
|
"timestamp": "1607930763",
|
||
|
"to_ids": false,
|
||
|
"type": "text",
|
||
|
"uuid": "72015710-035f-40ef-86d2-8ccfe43e919b",
|
||
|
"value": "SolarWinds.Orion.Core.BusinessLayer"
|
||
|
},
|
||
|
{
|
||
|
"category": "Other",
|
||
|
"comment": "",
|
||
|
"deleted": false,
|
||
|
"disable_correlation": true,
|
||
|
"object_relation": "file-version",
|
||
|
"timestamp": "1607930763",
|
||
|
"to_ids": false,
|
||
|
"type": "text",
|
||
|
"uuid": "e09534e4-eef0-424a-9d57-d1b2dd289d33",
|
||
|
"value": "2019.4.5200.8890"
|
||
|
},
|
||
|
{
|
||
|
"category": "Other",
|
||
|
"comment": "",
|
||
|
"deleted": false,
|
||
|
"disable_correlation": true,
|
||
|
"object_relation": "lang-id",
|
||
|
"timestamp": "1607930763",
|
||
|
"to_ids": false,
|
||
|
"type": "text",
|
||
|
"uuid": "ca1f8a6a-1a10-4103-a1a5-e87bf4a9fb8e",
|
||
|
"value": "000004b0"
|
||
|
},
|
||
|
{
|
||
|
"category": "Other",
|
||
|
"comment": "",
|
||
|
"deleted": false,
|
||
|
"disable_correlation": true,
|
||
|
"object_relation": "product-name",
|
||
|
"timestamp": "1607930763",
|
||
|
"to_ids": false,
|
||
|
"type": "text",
|
||
|
"uuid": "3bd805c9-d8f3-4880-b104-d5da1ec5b663",
|
||
|
"value": "SolarWinds.Orion.Core.BusinessLayer"
|
||
|
},
|
||
|
{
|
||
|
"category": "Other",
|
||
|
"comment": "",
|
||
|
"deleted": false,
|
||
|
"disable_correlation": true,
|
||
|
"object_relation": "product-version",
|
||
|
"timestamp": "1607930763",
|
||
|
"to_ids": false,
|
||
|
"type": "text",
|
||
|
"uuid": "42e3bd7a-8bf4-4c47-870e-b48fd96f820f",
|
||
|
"value": "2019.4.5200.8890"
|
||
|
},
|
||
|
{
|
||
|
"category": "Other",
|
||
|
"comment": "",
|
||
|
"deleted": false,
|
||
|
"disable_correlation": true,
|
||
|
"object_relation": "company-name",
|
||
|
"timestamp": "1607930763",
|
||
|
"to_ids": false,
|
||
|
"type": "text",
|
||
|
"uuid": "3c7bbfff-7412-4ab9-87e0-df07eb371b82",
|
||
|
"value": "SolarWinds Worldwide, LLC."
|
||
|
},
|
||
|
{
|
||
|
"category": "Other",
|
||
|
"comment": "",
|
||
|
"deleted": false,
|
||
|
"disable_correlation": true,
|
||
|
"object_relation": "legal-copyright",
|
||
|
"timestamp": "1607930763",
|
||
|
"to_ids": false,
|
||
|
"type": "text",
|
||
|
"uuid": "b7b616f4-8d36-4e95-98e1-617926db3f85",
|
||
|
"value": "Copyright \u00a9 1999-2019 SolarWinds Worldwide, LLC. All Rights Reserved."
|
||
|
},
|
||
|
{
|
||
|
"category": "Other",
|
||
|
"comment": "",
|
||
|
"deleted": false,
|
||
|
"disable_correlation": true,
|
||
|
"object_relation": "number-sections",
|
||
|
"timestamp": "1607930763",
|
||
|
"to_ids": false,
|
||
|
"type": "counter",
|
||
|
"uuid": "ca4c5b11-0ebb-4396-84cb-4be57a8eca43",
|
||
|
"value": "3"
|
||
|
}
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"comment": "",
|
||
|
"deleted": false,
|
||
|
"description": "File object describing a file with meta-information",
|
||
|
"meta-category": "file",
|
||
|
"name": "file",
|
||
|
"template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215",
|
||
|
"template_version": "20",
|
||
|
"timestamp": "1607930763",
|
||
|
"uuid": "fbe3a5fe-538b-4727-90d7-41a9d15a4c58",
|
||
|
"ObjectReference": [
|
||
|
{
|
||
|
"comment": "PE indicators",
|
||
|
"object_uuid": "fbe3a5fe-538b-4727-90d7-41a9d15a4c58",
|
||
|
"referenced_uuid": "4d4b2085-63f5-46b0-978e-15e1117a003d",
|
||
|
"relationship_type": "includes",
|
||
|
"timestamp": "0",
|
||
|
"uuid": "fe0ccb7a-76e3-4f88-bc38-e03398010504"
|
||
|
}
|
||
|
],
|
||
|
"Attribute": [
|
||
|
{
|
||
|
"category": "Payload delivery",
|
||
|
"comment": "",
|
||
|
"deleted": false,
|
||
|
"disable_correlation": true,
|
||
|
"object_relation": "filename",
|
||
|
"timestamp": "1607930763",
|
||
|
"to_ids": true,
|
||
|
"type": "filename",
|
||
|
"uuid": "35d03d99-c4f9-4edc-8bac-2c8f320ff303",
|
||
|
"value": "a25cadd48d70f6ea0c4a241d99c5241269e6faccb4054e62d16784640f8e53bc"
|
||
|
},
|
||
|
{
|
||
|
"category": "Other",
|
||
|
"comment": "",
|
||
|
"deleted": false,
|
||
|
"disable_correlation": true,
|
||
|
"object_relation": "size-in-bytes",
|
||
|
"timestamp": "1607930763",
|
||
|
"to_ids": false,
|
||
|
"type": "size-in-bytes",
|
||
|
"uuid": "8d61ff25-f89d-4b73-9099-605b7613e132",
|
||
|
"value": "934232"
|
||
|
},
|
||
|
{
|
||
|
"category": "Other",
|
||
|
"comment": "",
|
||
|
"deleted": false,
|
||
|
"disable_correlation": true,
|
||
|
"object_relation": "entropy",
|
||
|
"timestamp": "1607930763",
|
||
|
"to_ids": false,
|
||
|
"type": "float",
|
||
|
"uuid": "5b2b233c-0590-4f40-822e-4fe488231084",
|
||
|
"value": "5.6560901874991"
|
||
|
},
|
||
|
{
|
||
|
"category": "Payload delivery",
|
||
|
"comment": "",
|
||
|
"deleted": false,
|
||
|
"disable_correlation": false,
|
||
|
"object_relation": "md5",
|
||
|
"timestamp": "1607930763",
|
||
|
"to_ids": true,
|
||
|
"type": "md5",
|
||
|
"uuid": "3dbcc301-75ae-4680-9ea4-8d58b8a0a30a",
|
||
|
"value": "e18a6a21eb44e77ca8d739a72209c370"
|
||
|
},
|
||
|
{
|
||
|
"category": "Payload delivery",
|
||
|
"comment": "",
|
||
|
"deleted": false,
|
||
|
"disable_correlation": false,
|
||
|
"object_relation": "sha1",
|
||
|
"timestamp": "1607930763",
|
||
|
"to_ids": true,
|
||
|
"type": "sha1",
|
||
|
"uuid": "6bfc9f4d-5df3-4983-b4be-a2b87f00aa24",
|
||
|
"value": "5e643654179e8b4cfe1d3c1906a90a4c8d611cea"
|
||
|
},
|
||
|
{
|
||
|
"category": "Payload delivery",
|
||
|
"comment": "",
|
||
|
"deleted": false,
|
||
|
"disable_correlation": false,
|
||
|
"object_relation": "sha256",
|
||
|
"timestamp": "1607930763",
|
||
|
"to_ids": true,
|
||
|
"type": "sha256",
|
||
|
"uuid": "6a3684b5-48aa-404d-9589-14ae2e781924",
|
||
|
"value": "a25cadd48d70f6ea0c4a241d99c5241269e6faccb4054e62d16784640f8e53bc"
|
||
|
},
|
||
|
{
|
||
|
"category": "Payload delivery",
|
||
|
"comment": "",
|
||
|
"deleted": false,
|
||
|
"disable_correlation": false,
|
||
|
"object_relation": "sha512",
|
||
|
"timestamp": "1607930763",
|
||
|
"to_ids": true,
|
||
|
"type": "sha512",
|
||
|
"uuid": "f9501697-d61e-4b87-862a-d05a7a290eca",
|
||
|
"value": "17b4de6158de054c02849bb728b9767208d3f07ef18d4dc41963a370d34e9dbcf7cc4b729726903f1a7afd4ef7e8c1d781c20a3049a2c160dede23614352f11c"
|
||
|
},
|
||
|
{
|
||
|
"category": "Payload delivery",
|
||
|
"comment": "",
|
||
|
"data": "UEsDBBQACQAIAEI7jlGcSEJO6tcEAFhBDgAgABwAZTE4YTZhMjFlYjQ0ZTc3Y2E4ZDczOWE3MjIwOWMzNzBVVAkAA4sT11+LE9dfdXgLAAEEIQAAAAQhAAAALowhQTsd871gRUQHCAcgbXn3w0qOyo35Ln68CODPgkZYwlZsXdRu5+fayJjee+0DkwIhO7u7kxII/MNtSDwanoEf6fuQwx7XO0M0dIL6gQAeGI7bitwLuc0S/lxcXrChwt9+3+rUsEA3n45fBzy+7ztN0Rwla2ghAyy2X5hUqH77VXBd4Mq2FG2nzQ+pWxODaIEmdsO64P385TgaejAA/C5waTwFUse59wtzZE8bQrVY94t+17a6ttmNUTciJWbdzra27PUT2h2nv00D0z364JUOeHdtueJqA3TfLoSftqYLbwzJtLO5dU7Fr7nnkuWlynJmx8DSpOIfiDMJ79Wu2w35C+re0R+YpPJ5nwR947ZQr8ATvaXzcbVTtxcVLxGkkw1tRM16OKvZ3mA2ZKVfDQP/4TGvaELgznOR3IVWWJCI7GM5taj2oyNnKLMxXZeGPbhqwWoMRZXP5mxvZTLewbjBG3mqpYEqYxmnqATbEQDas1b0eaza7/A5JN3psTjOZcD0lNOObEgbuPalscydv04FnRAs0vRQT4qfr2KswpDNhQRtMEbHwwlW/FDn31Pt3ogiD36D9fVdjJIbIxX/WI1OF0yyQl4ar3h4YBwfQCELIHA0PMuNBRVUoLYZRBS+lKTq3BHCaNl/CS+Yh4Kq4tMog/0YepqecHdhwna+jb8XOJ3oXyNUl5lTmPxqaYW4KMpjtIVOqqBvB5aNVSNTqpPcw/fGG7RS/nvKup8JuQrSMM/u0RrrELUFtSZ/SO0WwEXnkZXc66gvPTufcrUC5IEhouG5orkKktOA1XtSETLCllJ+xP4cHrYGZlUFa29N/0MwGM5bhFBnhrVI1h89ULfrkQ2ZJBRF0wgPXw11LCFw+GE7RGY8IGsaAY0ubUkMFb8MFf8DFyVFARdoFfO/pwscJbiQFhngHB7vFlLf3A+bNGfv1LCdXscErKtyYaQge459bGUiId03GSnJack9qB1ZLIoafYvmgpSdfpUI+ORZhfVct7/KR0liH7mboh0C3O0/8d6QsN+61gPW9VG+UwDaPIo4Uhyi/I44lyO1Nk9eZTJAIQWseM7peo5QBGG31Ca9jnyl/XexBcK985qk5iqdL6GimMgmVeKp/3WN2BQKyDNQCKLN1hOTFDXeJIj34W9UcDYaZq26XWKa0R/ueEpp+NIKvbT2xMGXcZxf/WJCtX3GfVAafUftYjdyJIYw8knbxoc1SXQLLY9M/+AOcTzzKyRp/oTfWyi2gtEIdO5dBE/7h3ydLz7xOZaOXHjxfMjLGwQA1qN+OAZnMg9C6oipNMMmWNY3IC/XORsnAt8XMao/sWb6DKID6OOW0wyyNKY2PYhjLe5wQZLfFQAQvS6znL4IQXuPupNCRpUjKqiPL3td6lBTxTIMSfEEXKGlNdm9lB7rF/A+Kc+iPyL7tVpMGWhes5NBz1yRwyFXX6nNLTTcNB5QroBLfGkMRQDM4ncHAa51nns1ioIRRTagKXSO4KTPvjxaEB7OPoWAbv9aD7ZsdZcBMUkOWU0uIFvxmK+k1tyKZn5oDcKH+nH3kB9nez1dO5W2HJZ7rY56IF8+bJ03TBUV7qVjhfz1PsM5f5VzqfajSmOOl0hJtv/4dlvCQyKjrvePYZn+sudnCF7RR1eQpLtjBwdGiH9Ay9O3XJQGrvtmjmUYcwrNkl1I9ctDrksvvqTTD83dXmgafm5/rhVk0V99bBDemWcvEwgavdzl2KfYzxS9kG9hN1VM/XAZGILJ1TKQ1WKO34nxu785Jm4/KZmTA3gi35npd9zzt18SakSilRxmuOMBNULXM1GihhXbRvDtGdPmTa/n5VTFziIVYHpoHv0ObzbK3eg8WxgRU/Lsl/nsztWY2T5dl5OYXOyn7SDgU1/zMJgr8Ypxrr/pFapDRFLUge4SOOwcHoE5RwjmKhcMwuzf+FGBWNM45LqUum1EPK2bG1JSglyTKJwLApH9uL0EOEZALr9DNmjJvJ0ScUYUCwAvJitFNd3CWojPgSp2JXsLVn6Auxdkqa2FA++huVtK3QBqGPiqLpm6L1qlQkyP6UJe3oWHI4Y956Dxodgqaaa50cTyoAuLY0bA0p1cKEDTOhRRLQN8CxBwyoVlJnLX4DPqLXvASbfWn1qLEKCp2v42ktPGyhBG9miQZaraRpDRu0E+Yd6uHtTSWDDMTg4E/sTzi0w/+2Lg8VktWq+gq8p+VZYOYiHCrx2M1mZkhec7s+PqEVBlhVeyIG5sbqGVTVOsLvTWR8zt8DRR6M5gAoINwpSVF9VnTilkhJ2DMKEeNUkg2sk81f4Dq+rgISs9tl4otpVDuPRRH57EUvfE6n++d/bHZKjRa+zlaSpSmC+puDx9potafwb3GS/nXaQkvB33gIogIcA8HLvWf7mr5IN3dBv8wiB3WsoZYar/RauVFHGOyj4FjcnE12BtBYphvf/LHtPJqzzpkeri9XX3XICJ7xibe33k5d928cz6KHX5MwljAzZq37z+RF0NrpzsL+taivYmpz56K7x2/WQddDDuRG3S8jekXUFJVWcIOz/LaKw+zC03Vcd3ROB7XiHZECQsBi4QAxeFX6jftOHaPFCkMDBsbvUwBkTHoLmtZW64xqrMUQ2Dj1eCpJ8z4+yd1ATs/4Zs6erucbjlKtMG/uz1cR/r775mz6gPIGXxbhRD0jcLLnojyeG0rN/4MWkZNnmKznsKvkXoxdd41F5NxfwS6XCTN0tSIj5+NYTJ08N3c3GM3le5ii44wyvI1Ir7TkAaToSwtKjwhYvLJ/Rp7vOIvG2bIle5+RHyp9WgthH6qt5c/9ZgfaZ0xesIrh045GLxV39roMYjag6OkUY7BqL9NH36d4PwTrcbRXRrm3OgmN7BWRBTmYvKxPpvXmFxSZfOeh1ry7s0lN005cL0kzwsYEAvSgRnLDPGtCiNcXKrc84VpOvJef7WgOQ0NkxaO34HUWAG4Q0VGZv/vhhog0aHVhbW3Cdii4A1XXvNyjfBQlViFyPrrugL/RaIDc3/Nv57SVZqAl5WQLUD0PjFMPVp5dHuUY8oeuOxLBIU5O5wNqc9AU/64peiD0TC4WwtQ8VeVPsLPR/UX2nrzivnh5ZxIdQVwjiczkPatbBJRMKyPofxDy+mpAYnK0gd4dHC026ZyQ3JjTRPhPVO8fDXSznzcAV6byLqtlWVnkj3jHsQt9MSFPGbh72AMxFpP3x+FitPHuVJWhvWaSrRMJg+RcAeyRQUx1VxpXdD6MFKEdsCgkolxn9f2uZrV/Kiy3+aK18odStfikB/UJ9SInWOZcvse3C5he//KYDcHdxu6N2kcIdzrAzj+kCkjCJUr7N5XdwthmpFT3aJUOf+fSKZ0Q9ZD4pLaO7fMXETliRjHp37XXojSSCahUWFeCXDtax2iSkP1E5URqzhiuH0tVTyJxy/TH/XylXezCeeqEvg0alGw53a6BijoPpirri6x+Q7xB1zt2N15wINhnwKytRp1HP0GT/o+oyF3/QSm4+S3vYYLkp4cvZgLK9BkSERlMsFyIb0ZjKcVJdZN1Z8aU1rpI4pjnq4+W+ksw4t2bDauccymJO8yDGlbK4ZdaujTbcv0hu+1BBRIjexScQ65KrSbhmPCT6HuLqtamiP5qB5LMXn3W3bI/XTcel+xkiKrBR64AlGMuzeoWaqw4aQIp06zal6+X5YRp7SKCJrfMVvcSHDhGS2rhMxZAVPzYJ16wl4udJcJpYMRlgKTA4uR/81NnrKb+Qz+tKAB+hWy7NQ4F552YRJAu5vczoz+lO03ADrXiF/+q/d539NWJ4lCLHPRsXVkPRyt5gYdbuuSUoUmwbxGpS9XxRdMN0SEaeSpDhG3Rkxc0lPsLMjJnazq03FAxir5Zfaz31INu4AusP9/xusj9JiaAQ8AqI2Xg+cvmEgcobKX31NccAMK2dczfRjVafckF7b2s6gvY+Ohw
|
||
|
"deleted": false,
|
||
|
"disable_correlation": false,
|
||
|
"object_relation": "malware-sample",
|
||
|
"timestamp": "1607930763",
|
||
|
"to_ids": true,
|
||
|
"type": "malware-sample",
|
||
|
"uuid": "6646c6d5-d325-44c8-b2e2-6f79fede0f9e",
|
||
|
"value": "a25cadd48d70f6ea0c4a241d99c5241269e6faccb4054e62d16784640f8e53bc|e18a6a21eb44e77ca8d739a72209c370"
|
||
|
},
|
||
|
{
|
||
|
"category": "Artifacts dropped",
|
||
|
"comment": "",
|
||
|
"deleted": false,
|
||
|
"disable_correlation": true,
|
||
|
"object_relation": "mimetype",
|
||
|
"timestamp": "1607930763",
|
||
|
"to_ids": false,
|
||
|
"type": "mime-type",
|
||
|
"uuid": "f07e4a21-bcc8-44c2-b3fb-8d6700b59aaa",
|
||
|
"value": "PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows"
|
||
|
},
|
||
|
{
|
||
|
"category": "Payload delivery",
|
||
|
"comment": "",
|
||
|
"deleted": false,
|
||
|
"disable_correlation": false,
|
||
|
"object_relation": "ssdeep",
|
||
|
"timestamp": "1607930763",
|
||
|
"to_ids": true,
|
||
|
"type": "ssdeep",
|
||
|
"uuid": "8391c069-ade5-485b-95fb-80c4e2e29640",
|
||
|
"value": "24576:ldBfeHcrhCECR1R/zoi8SHoN0W8vB8O3Icu:5e8nK/zopSHoN0W8vB83"
|
||
|
}
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"comment": "",
|
||
|
"deleted": false,
|
||
|
"description": "Object describing a section of a Portable Executable",
|
||
|
"meta-category": "file",
|
||
|
"name": "pe-section",
|
||
|
"template_uuid": "198a17d2-a135-4b25-9a32-5aa4e632014a",
|
||
|
"template_version": "3",
|
||
|
"timestamp": "1607930764",
|
||
|
"uuid": "d1e0ec27-f60b-4a3c-931b-c7569be605db",
|
||
|
"Attribute": [
|
||
|
{
|
||
|
"category": "Other",
|
||
|
"comment": "",
|
||
|
"deleted": false,
|
||
|
"disable_correlation": true,
|
||
|
"object_relation": "name",
|
||
|
"timestamp": "1607930764",
|
||
|
"to_ids": false,
|
||
|
"type": "text",
|
||
|
"uuid": "b26d2207-a24d-4a8e-98cd-1b3299b0ea89",
|
||
|
"value": ".text"
|
||
|
},
|
||
|
{
|
||
|
"category": "Other",
|
||
|
"comment": "",
|
||
|
"deleted": false,
|
||
|
"disable_correlation": true,
|
||
|
"object_relation": "size-in-bytes",
|
||
|
"timestamp": "1607930764",
|
||
|
"to_ids": false,
|
||
|
"type": "size-in-bytes",
|
||
|
"uuid": "21bc5930-ee6a-4c21-bae5-8a06664078bf",
|
||
|
"value": "1018368"
|
||
|
},
|
||
|
{
|
||
|
"category": "Other",
|
||
|
"comment": "",
|
||
|
"deleted": false,
|
||
|
"disable_correlation": true,
|
||
|
"object_relation": "entropy",
|
||
|
"timestamp": "1607930764",
|
||
|
"to_ids": false,
|
||
|
"type": "float",
|
||
|
"uuid": "3a0c7663-908d-4b84-9982-fd4de2707f2a",
|
||
|
"value": "5.5694865540978"
|
||
|
},
|
||
|
{
|
||
|
"category": "Payload delivery",
|
||
|
"comment": "",
|
||
|
"deleted": false,
|
||
|
"disable_correlation": false,
|
||
|
"object_relation": "md5",
|
||
|
"timestamp": "1607930764",
|
||
|
"to_ids": true,
|
||
|
"type": "md5",
|
||
|
"uuid": "4a199c6d-4dbb-4777-8c15-97e281bd19db",
|
||
|
"value": "26ec41a94ea4d2a3fbfebbe0a32cfa0b"
|
||
|
},
|
||
|
{
|
||
|
"category": "Payload delivery",
|
||
|
"comment": "",
|
||
|
"deleted": false,
|
||
|
"disable_correlation": false,
|
||
|
"object_relation": "sha1",
|
||
|
"timestamp": "1607930764",
|
||
|
"to_ids": true,
|
||
|
"type": "sha1",
|
||
|
"uuid": "5577a80e-e23a-436d-865d-9a1b7619aff0",
|
||
|
"value": "c83bb058abe34b411897a5feea274a4926ec20da"
|
||
|
},
|
||
|
{
|
||
|
"category": "Payload delivery",
|
||
|
"comment": "",
|
||
|
"deleted": false,
|
||
|
"disable_correlation": false,
|
||
|
"object_relation": "sha256",
|
||
|
"timestamp": "1607930764",
|
||
|
"to_ids": true,
|
||
|
"type": "sha256",
|
||
|
"uuid": "168b3a46-e015-4c5b-9d9b-e992849ca472",
|
||
|
"value": "6127115190de534d0f57f23add63dbc8c414ed99789644c1fa7e932cdbb01519"
|
||
|
},
|
||
|
{
|
||
|
"category": "Payload delivery",
|
||
|
"comment": "",
|
||
|
"deleted": false,
|
||
|
"disable_correlation": false,
|
||
|
"object_relation": "sha512",
|
||
|
"timestamp": "1607930764",
|
||
|
"to_ids": true,
|
||
|
"type": "sha512",
|
||
|
"uuid": "fefd0377-b14b-4979-85c4-622abbcbef75",
|
||
|
"value": "b4b49fe5725fe8807331672049dd4804929da896e63181eb7022825331fa64ec0eb18dd33c112688e23062b77248adf307151a3bcf71bd1816f5f79640abdc2f"
|
||
|
},
|
||
|
{
|
||
|
"category": "Payload delivery",
|
||
|
"comment": "",
|
||
|
"deleted": false,
|
||
|
"disable_correlation": false,
|
||
|
"object_relation": "ssdeep",
|
||
|
"timestamp": "1607930764",
|
||
|
"to_ids": true,
|
||
|
"type": "ssdeep",
|
||
|
"uuid": "200b66fb-16b6-4087-82b9-2b54264d835d",
|
||
|
"value": "12288:6JKoHwfn/jz3bbO4Qag2I97PMieSLezPKT+cYvjenWHuhh9c0g8vkzE19Wa:KEfDbO97P8TrKhYbenWH4c0g8vkzE19j"
|
||
|
}
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"comment": "",
|
||
|
"deleted": false,
|
||
|
"description": "Object describing a section of a Portable Executable",
|
||
|
"meta-category": "file",
|
||
|
"name": "pe-section",
|
||
|
"template_uuid": "198a17d2-a135-4b25-9a32-5aa4e632014a",
|
||
|
"template_version": "3",
|
||
|
"timestamp": "1607930764",
|
||
|
"uuid": "efe9facc-a05f-44d0-901f-62e4e870ef95",
|
||
|
"Attribute": [
|
||
|
{
|
||
|
"category": "Other",
|
||
|
"comment": "",
|
||
|
"deleted": false,
|
||
|
"disable_correlation": true,
|
||
|
"object_relation": "name",
|
||
|
"timestamp": "1607930764",
|
||
|
"to_ids": false,
|
||
|
"type": "text",
|
||
|
"uuid": "26139e8c-e100-4569-af6f-ccfedfa6906f",
|
||
|
"value": ".rsrc"
|
||
|
},
|
||
|
{
|
||
|
"category": "Other",
|
||
|
"comment": "",
|
||
|
"deleted": false,
|
||
|
"disable_correlation": true,
|
||
|
"object_relation": "size-in-bytes",
|
||
|
"timestamp": "1607930764",
|
||
|
"to_ids": false,
|
||
|
"type": "size-in-bytes",
|
||
|
"uuid": "cb66ec54-f979-4792-a658-0406233b5e5b",
|
||
|
"value": "1536"
|
||
|
},
|
||
|
{
|
||
|
"category": "Other",
|
||
|
"comment": "",
|
||
|
"deleted": false,
|
||
|
"disable_correlation": true,
|
||
|
"object_relation": "entropy",
|
||
|
"timestamp": "1607930764",
|
||
|
"to_ids": false,
|
||
|
"type": "float",
|
||
|
"uuid": "a3f61a5e-aa20-4530-9260-6d8dcf176756",
|
||
|
"value": "3.389713791853"
|
||
|
},
|
||
|
{
|
||
|
"category": "Payload delivery",
|
||
|
"comment": "",
|
||
|
"deleted": false,
|
||
|
"disable_correlation": false,
|
||
|
"object_relation": "md5",
|
||
|
"timestamp": "1607930764",
|
||
|
"to_ids": true,
|
||
|
"type": "md5",
|
||
|
"uuid": "1d256d49-3288-45c8-a593-13551ac656c0",
|
||
|
"value": "9bd1855b2d66ddb1fb9bfb0be0907ac2"
|
||
|
},
|
||
|
{
|
||
|
"category": "Payload delivery",
|
||
|
"comment": "",
|
||
|
"deleted": false,
|
||
|
"disable_correlation": false,
|
||
|
"object_relation": "sha1",
|
||
|
"timestamp": "1607930764",
|
||
|
"to_ids": true,
|
||
|
"type": "sha1",
|
||
|
"uuid": "d91f9e3e-b9e7-446a-8a1e-befeec02bf86",
|
||
|
"value": "d0b5359a9a5744d632dbd321ca3a00c1a3f547b9"
|
||
|
},
|
||
|
{
|
||
|
"category": "Payload delivery",
|
||
|
"comment": "",
|
||
|
"deleted": false,
|
||
|
"disable_correlation": false,
|
||
|
"object_relation": "sha256",
|
||
|
"timestamp": "1607930764",
|
||
|
"to_ids": true,
|
||
|
"type": "sha256",
|
||
|
"uuid": "a66c7b16-9422-4a7e-af78-c90f9ebb1916",
|
||
|
"value": "7871935602a9354b0d04469b185dd7f20ddd0d80f45dd7946d6315c7352b8d8c"
|
||
|
},
|
||
|
{
|
||
|
"category": "Payload delivery",
|
||
|
"comment": "",
|
||
|
"deleted": false,
|
||
|
"disable_correlation": false,
|
||
|
"object_relation": "sha512",
|
||
|
"timestamp": "1607930764",
|
||
|
"to_ids": true,
|
||
|
"type": "sha512",
|
||
|
"uuid": "e4c9d18e-9dfb-4e31-abaf-1b5c69b2e0b0",
|
||
|
"value": "24b2c0c16a3e87a2469bf3315a59153f5ffb74518b50a1ee25cde89f81b919489dca38188f32ebe78b8d488dc30c291ebec665360240d926d297afba89942630"
|
||
|
},
|
||
|
{
|
||
|
"category": "Payload delivery",
|
||
|
"comment": "",
|
||
|
"deleted": false,
|
||
|
"disable_correlation": false,
|
||
|
"object_relation": "ssdeep",
|
||
|
"timestamp": "1607930764",
|
||
|
"to_ids": true,
|
||
|
"type": "ssdeep",
|
||
|
"uuid": "395e3935-1ca9-44d9-a108-36515bff2c3e",
|
||
|
"value": "24:YA66ZyxF4iPXOL1+N0ZaaOL1hyYinXF4OL1F3YOL15PNMZkqMZ:YPjleBw0gBhyXBB9hB7MzM"
|
||
|
}
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"comment": "",
|
||
|
"deleted": false,
|
||
|
"description": "Object describing a section of a Portable Executable",
|
||
|
"meta-category": "file",
|
||
|
"name": "pe-section",
|
||
|
"template_uuid": "198a17d2-a135-4b25-9a32-5aa4e632014a",
|
||
|
"template_version": "3",
|
||
|
"timestamp": "1607930764",
|
||
|
"uuid": "aacf1b7b-aa96-4762-896a-a97ba1bd5c0e",
|
||
|
"Attribute": [
|
||
|
{
|
||
|
"category": "Other",
|
||
|
"comment": "",
|
||
|
"deleted": false,
|
||
|
"disable_correlation": true,
|
||
|
"object_relation": "name",
|
||
|
"timestamp": "1607930764",
|
||
|
"to_ids": false,
|
||
|
"type": "text",
|
||
|
"uuid": "647774ef-f53d-473d-9429-67724f4b8b2d",
|
||
|
"value": ".reloc"
|
||
|
},
|
||
|
{
|
||
|
"category": "Other",
|
||
|
"comment": "",
|
||
|
"deleted": false,
|
||
|
"disable_correlation": true,
|
||
|
"object_relation": "size-in-bytes",
|
||
|
"timestamp": "1607930764",
|
||
|
"to_ids": false,
|
||
|
"type": "size-in-bytes",
|
||
|
"uuid": "a6085947-c708-44c8-bd93-150169ea147e",
|
||
|
"value": "512"
|
||
|
},
|
||
|
{
|
||
|
"category": "Other",
|
||
|
"comment": "",
|
||
|
"deleted": false,
|
||
|
"disable_correlation": true,
|
||
|
"object_relation": "entropy",
|
||
|
"timestamp": "1607930764",
|
||
|
"to_ids": false,
|
||
|
"type": "float",
|
||
|
"uuid": "a9915b7b-eb4e-44d8-85b3-346cadecb853",
|
||
|
"value": "1.9473387961876"
|
||
|
},
|
||
|
{
|
||
|
"category": "Payload delivery",
|
||
|
"comment": "",
|
||
|
"deleted": false,
|
||
|
"disable_correlation": false,
|
||
|
"object_relation": "md5",
|
||
|
"timestamp": "1607930764",
|
||
|
"to_ids": true,
|
||
|
"type": "md5",
|
||
|
"uuid": "6ca239fa-c698-4a75-953e-4118e4184f2b",
|
||
|
"value": "a29f1db3dd779a4a629939ffeaa3835b"
|
||
|
},
|
||
|
{
|
||
|
"category": "Payload delivery",
|
||
|
"comment": "",
|
||
|
"deleted": false,
|
||
|
"disable_correlation": false,
|
||
|
"object_relation": "sha1",
|
||
|
"timestamp": "1607930764",
|
||
|
"to_ids": true,
|
||
|
"type": "sha1",
|
||
|
"uuid": "58b0a624-87d4-41e0-a113-2600f978e6ec",
|
||
|
"value": "c306017f3277b148c4a8914a6c4e46abc1496c94"
|
||
|
},
|
||
|
{
|
||
|
"category": "Payload delivery",
|
||
|
"comment": "",
|
||
|
"deleted": false,
|
||
|
"disable_correlation": false,
|
||
|
"object_relation": "sha256",
|
||
|
"timestamp": "1607930764",
|
||
|
"to_ids": true,
|
||
|
"type": "sha256",
|
||
|
"uuid": "c7e6fff3-c9e7-4cb9-958b-a5741192a1f4",
|
||
|
"value": "6743e59441d06b5b27d6c2c9cc28ba3e4e81d8955aa0ecde9233cfac0b6e019b"
|
||
|
},
|
||
|
{
|
||
|
"category": "Payload delivery",
|
||
|
"comment": "",
|
||
|
"deleted": false,
|
||
|
"disable_correlation": false,
|
||
|
"object_relation": "sha512",
|
||
|
"timestamp": "1607930764",
|
||
|
"to_ids": true,
|
||
|
"type": "sha512",
|
||
|
"uuid": "d79d1f9e-9bed-4409-ab7e-f0b42019db3b",
|
||
|
"value": "17a273facc124e6696eb6e1dc7c1c81c7dd478f2bff5b9160b6678dca0e460235b1f4a013e49f389a1d8d06bc0ca4471500219ee85e533a64afd2441f9bccef3"
|
||
|
},
|
||
|
{
|
||
|
"category": "Payload delivery",
|
||
|
"comment": "",
|
||
|
"deleted": false,
|
||
|
"disable_correlation": false,
|
||
|
"object_relation": "ssdeep",
|
||
|
"timestamp": "1607930764",
|
||
|
"to_ids": true,
|
||
|
"type": "ssdeep",
|
||
|
"uuid": "d9820eb8-18b6-4587-867b-7a26d6d2d0c3",
|
||
|
"value": "3:6/Pl:6/d"
|
||
|
}
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"comment": "",
|
||
|
"deleted": false,
|
||
|
"description": "Object describing a Portable Executable",
|
||
|
"meta-category": "file",
|
||
|
"name": "pe",
|
||
|
"template_uuid": "cf7adecc-d4f0-4e88-9d90-f978ee151a07",
|
||
|
"template_version": "5",
|
||
|
"timestamp": "1607930765",
|
||
|
"uuid": "9934ff43-6bfc-42a6-baab-5d798458b78e",
|
||
|
"ObjectReference": [
|
||
|
{
|
||
|
"comment": "Section 0 of PE",
|
||
|
"object_uuid": "9934ff43-6bfc-42a6-baab-5d798458b78e",
|
||
|
"referenced_uuid": "d1e0ec27-f60b-4a3c-931b-c7569be605db",
|
||
|
"relationship_type": "includes",
|
||
|
"timestamp": "0",
|
||
|
"uuid": "597b0ebe-0cf1-44c3-90b1-b7edf865aad1"
|
||
|
},
|
||
|
{
|
||
|
"comment": "Section 1 of PE",
|
||
|
"object_uuid": "9934ff43-6bfc-42a6-baab-5d798458b78e",
|
||
|
"referenced_uuid": "efe9facc-a05f-44d0-901f-62e4e870ef95",
|
||
|
"relationship_type": "includes",
|
||
|
"timestamp": "0",
|
||
|
"uuid": "6273361c-9efb-45bf-bd24-ebe6b57a531e"
|
||
|
},
|
||
|
{
|
||
|
"comment": "Section 2 of PE",
|
||
|
"object_uuid": "9934ff43-6bfc-42a6-baab-5d798458b78e",
|
||
|
"referenced_uuid": "aacf1b7b-aa96-4762-896a-a97ba1bd5c0e",
|
||
|
"relationship_type": "includes",
|
||
|
"timestamp": "0",
|
||
|
"uuid": "a79b5f31-cd01-4704-ac0b-e7b68f09b0a7"
|
||
|
}
|
||
|
],
|
||
|
"Attribute": [
|
||
|
{
|
||
|
"category": "Other",
|
||
|
"comment": "",
|
||
|
"deleted": false,
|
||
|
"disable_correlation": true,
|
||
|
"object_relation": "type",
|
||
|
"timestamp": "1607930764",
|
||
|
"to_ids": false,
|
||
|
"type": "text",
|
||
|
"uuid": "15e6d33f-85b4-4736-8b39-e7fd11a9d362",
|
||
|
"value": "dll"
|
||
|
},
|
||
|
{
|
||
|
"category": "Other",
|
||
|
"comment": "",
|
||
|
"deleted": false,
|
||
|
"disable_correlation": true,
|
||
|
"object_relation": "entrypoint-address",
|
||
|
"timestamp": "1607930764",
|
||
|
"to_ids": false,
|
||
|
"type": "text",
|
||
|
"uuid": "87d15b63-d592-463e-a46e-a957f7862617",
|
||
|
"value": "269460022"
|
||
|
},
|
||
|
{
|
||
|
"category": "Other",
|
||
|
"comment": "",
|
||
|
"deleted": false,
|
||
|
"disable_correlation": false,
|
||
|
"object_relation": "compilation-timestamp",
|
||
|
"timestamp": "1607930764",
|
||
|
"to_ids": false,
|
||
|
"type": "datetime",
|
||
|
"uuid": "670de0fa-e420-4e80-9c5b-40d290eeda56",
|
||
|
"value": "2020-04-21T14:53:33+00:00"
|
||
|
},
|
||
|
{
|
||
|
"category": "Payload delivery",
|
||
|
"comment": "",
|
||
|
"deleted": false,
|
||
|
"disable_correlation": true,
|
||
|
"object_relation": "original-filename",
|
||
|
"timestamp": "1607930764",
|
||
|
"to_ids": true,
|
||
|
"type": "filename",
|
||
|
"uuid": "32838def-eb75-49c1-a6c9-13c317d69c2b",
|
||
|
"value": "SolarWinds.Orion.Core.BusinessLayer.dll"
|
||
|
},
|
||
|
{
|
||
|
"category": "Payload delivery",
|
||
|
"comment": "",
|
||
|
"deleted": false,
|
||
|
"disable_correlation": true,
|
||
|
"object_relation": "internal-filename",
|
||
|
"timestamp": "1607930764",
|
||
|
"to_ids": true,
|
||
|
"type": "filename",
|
||
|
"uuid": "0f8b68a3-6e90-477a-9f27-167127a8bbb4",
|
||
|
"value": "SolarWinds.Orion.Core.BusinessLayer.dll"
|
||
|
},
|
||
|
{
|
||
|
"category": "Other",
|
||
|
"comment": "",
|
||
|
"deleted": false,
|
||
|
"disable_correlation": true,
|
||
|
"object_relation": "file-description",
|
||
|
"timestamp": "1607930764",
|
||
|
"to_ids": false,
|
||
|
"type": "text",
|
||
|
"uuid": "13d5cd9b-3080-4c48-8139-5980a4190305",
|
||
|
"value": "SolarWinds.Orion.Core.BusinessLayer"
|
||
|
},
|
||
|
{
|
||
|
"category": "Other",
|
||
|
"comment": "",
|
||
|
"deleted": false,
|
||
|
"disable_correlation": true,
|
||
|
"object_relation": "file-version",
|
||
|
"timestamp": "1607930764",
|
||
|
"to_ids": false,
|
||
|
"type": "text",
|
||
|
"uuid": "f511df94-8bb9-429f-8395-35dd0784153e",
|
||
|
"value": "2020.2.5200.12394"
|
||
|
},
|
||
|
{
|
||
|
"category": "Other",
|
||
|
"comment": "",
|
||
|
"deleted": false,
|
||
|
"disable_correlation": true,
|
||
|
"object_relation": "lang-id",
|
||
|
"timestamp": "1607930764",
|
||
|
"to_ids": false,
|
||
|
"type": "text",
|
||
|
"uuid": "1447dd0d-d110-4233-b218-e41541efb10e",
|
||
|
"value": "000004b0"
|
||
|
},
|
||
|
{
|
||
|
"category": "Other",
|
||
|
"comment": "",
|
||
|
"deleted": false,
|
||
|
"disable_correlation": true,
|
||
|
"object_relation": "product-name",
|
||
|
"timestamp": "1607930764",
|
||
|
"to_ids": false,
|
||
|
"type": "text",
|
||
|
"uuid": "00128ad7-f5ec-4c5f-84ac-5e14e6416c78",
|
||
|
"value": "SolarWinds.Orion.Core.BusinessLayer"
|
||
|
},
|
||
|
{
|
||
|
"category": "Other",
|
||
|
"comment": "",
|
||
|
"deleted": false,
|
||
|
"disable_correlation": true,
|
||
|
"object_relation": "product-version",
|
||
|
"timestamp": "1607930764",
|
||
|
"to_ids": false,
|
||
|
"type": "text",
|
||
|
"uuid": "79e92ed6-d4eb-4b00-bb7a-e8acb3153cbf",
|
||
|
"value": "2020.2.5200.12394"
|
||
|
},
|
||
|
{
|
||
|
"category": "Other",
|
||
|
"comment": "",
|
||
|
"deleted": false,
|
||
|
"disable_correlation": true,
|
||
|
"object_relation": "company-name",
|
||
|
"timestamp": "1607930764",
|
||
|
"to_ids": false,
|
||
|
"type": "text",
|
||
|
"uuid": "58d46e8e-3259-40c6-b448-95b9ef6b003b",
|
||
|
"value": "SolarWinds Worldwide, LLC."
|
||
|
},
|
||
|
{
|
||
|
"category": "Other",
|
||
|
"comment": "",
|
||
|
"deleted": false,
|
||
|
"disable_correlation": true,
|
||
|
"object_relation": "legal-copyright",
|
||
|
"timestamp": "1607930764",
|
||
|
"to_ids": false,
|
||
|
"type": "text",
|
||
|
"uuid": "60045868-70d4-44d2-8ead-d8fe09fe4ef3",
|
||
|
"value": "Copyright \u00a9 1999-2020 SolarWinds Worldwide, LLC. All Rights Reserved."
|
||
|
},
|
||
|
{
|
||
|
"category": "Other",
|
||
|
"comment": "",
|
||
|
"deleted": false,
|
||
|
"disable_correlation": true,
|
||
|
"object_relation": "number-sections",
|
||
|
"timestamp": "1607930764",
|
||
|
"to_ids": false,
|
||
|
"type": "counter",
|
||
|
"uuid": "84b43a62-a06a-42b6-bbf3-ab53eeb8a725",
|
||
|
"value": "3"
|
||
|
}
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"comment": "",
|
||
|
"deleted": false,
|
||
|
"description": "File object describing a file with meta-information",
|
||
|
"meta-category": "file",
|
||
|
"name": "file",
|
||
|
"template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215",
|
||
|
"template_version": "20",
|
||
|
"timestamp": "1607931286",
|
||
|
"uuid": "7370a818-1f90-492f-9c8d-213e3414d8cf",
|
||
|
"ObjectReference": [
|
||
|
{
|
||
|
"comment": "PE indicators",
|
||
|
"object_uuid": "7370a818-1f90-492f-9c8d-213e3414d8cf",
|
||
|
"referenced_uuid": "9934ff43-6bfc-42a6-baab-5d798458b78e",
|
||
|
"relationship_type": "includes",
|
||
|
"timestamp": "0",
|
||
|
"uuid": "142c1816-46d8-4cd8-91f1-c31e342f7508"
|
||
|
},
|
||
|
{
|
||
|
"comment": "",
|
||
|
"object_uuid": "7370a818-1f90-492f-9c8d-213e3414d8cf",
|
||
|
"referenced_uuid": "aacff3c7-77c9-4c70-ab9c-9cea57951fa5",
|
||
|
"relationship_type": "analysed-with",
|
||
|
"timestamp": "0",
|
||
|
"uuid": "7120e3c6-4983-45d9-bfc2-074368f2a3b5"
|
||
|
}
|
||
|
],
|
||
|
"Attribute": [
|
||
|
{
|
||
|
"category": "Payload delivery",
|
||
|
"comment": "",
|
||
|
"deleted": false,
|
||
|
"disable_correlation": true,
|
||
|
"object_relation": "filename",
|
||
|
"timestamp": "1607930764",
|
||
|
"to_ids": true,
|
||
|
"type": "filename",
|
||
|
"uuid": "04e333d2-ce50-45e2-b2ac-7a27ef544de1",
|
||
|
"value": "019085a76ba7126fff22770d71bd901c325fc68ac55aa743327984e89f4b0134"
|
||
|
},
|
||
|
{
|
||
|
"category": "Other",
|
||
|
"comment": "",
|
||
|
"deleted": false,
|
||
|
"disable_correlation": true,
|
||
|
"object_relation": "size-in-bytes",
|
||
|
"timestamp": "1607930764",
|
||
|
"to_ids": false,
|
||
|
"type": "size-in-bytes",
|
||
|
"uuid": "c9708387-938e-4f93-9d57-ffccff58ad2b",
|
||
|
"value": "1028072"
|
||
|
},
|
||
|
{
|
||
|
"category": "Other",
|
||
|
"comment": "",
|
||
|
"deleted": false,
|
||
|
"disable_correlation": true,
|
||
|
"object_relation": "entropy",
|
||
|
"timestamp": "1607930764",
|
||
|
"to_ids": false,
|
||
|
"type": "float",
|
||
|
"uuid": "102832d7-23cd-4f7f-b463-427b850c2dd0",
|
||
|
"value": "5.5799968662039"
|
||
|
},
|
||
|
{
|
||
|
"category": "Payload delivery",
|
||
|
"comment": "",
|
||
|
"deleted": false,
|
||
|
"disable_correlation": false,
|
||
|
"object_relation": "md5",
|
||
|
"timestamp": "1607930764",
|
||
|
"to_ids": true,
|
||
|
"type": "md5",
|
||
|
"uuid": "bef99b8f-36c0-433e-9b95-2a600087bdef",
|
||
|
"value": "2c4a910a1299cdae2a4e55988a2f102e"
|
||
|
},
|
||
|
{
|
||
|
"category": "Payload delivery",
|
||
|
"comment": "",
|
||
|
"deleted": false,
|
||
|
"disable_correlation": false,
|
||
|
"object_relation": "sha1",
|
||
|
"timestamp": "1607930764",
|
||
|
"to_ids": true,
|
||
|
"type": "sha1",
|
||
|
"uuid": "b3099ae6-629a-4a10-a62d-9fe9e7d12d3d",
|
||
|
"value": "2f1a5a7411d015d01aaee4535835400191645023"
|
||
|
},
|
||
|
{
|
||
|
"category": "Payload delivery",
|
||
|
"comment": "",
|
||
|
"deleted": false,
|
||
|
"disable_correlation": false,
|
||
|
"object_relation": "sha256",
|
||
|
"timestamp": "1607930764",
|
||
|
"to_ids": true,
|
||
|
"type": "sha256",
|
||
|
"uuid": "db06229a-1736-427c-8bcd-68034923f0d6",
|
||
|
"value": "019085a76ba7126fff22770d71bd901c325fc68ac55aa743327984e89f4b0134"
|
||
|
},
|
||
|
{
|
||
|
"category": "Payload delivery",
|
||
|
"comment": "",
|
||
|
"deleted": false,
|
||
|
"disable_correlation": false,
|
||
|
"object_relation": "sha512",
|
||
|
"timestamp": "1607930764",
|
||
|
"to_ids": true,
|
||
|
"type": "sha512",
|
||
|
"uuid": "9bccc3c7-6aee-494c-9d16-2221c1450a9c",
|
||
|
"value": "5cbfefe612a40c8872a0faf3db8d3835dc514fb3df159610095b47c595c6caa1ada79cce2b10fb99e648990c3f54f63344d1fa7025090bfcd4e2c55d7210a28d"
|
||
|
},
|
||
|
{
|
||
|
"category": "Payload delivery",
|
||
|
"comment": "",
|
||
|
"data": "UEsDBBQACQAIAEI7jlFniD4xx1YFAOivDwAgABwAMmM0YTkxMGExMjk5Y2RhZTJhNGU1NTk4OGEyZjEwMmVVVAkAA4wT11+ME9dfdXgLAAEEIQAAAAQhAAAAXp67qAHUmSaQVJjlQThFSZlvVbwWjJsEiRX5vvrSnIOWU2RaoNszCsE9C3zc2dcq09ye7OW/tqeBcL02lW5vKnhIQipJS3ae7wu1mHjbrpLEF9L86KrScUEWAh1PpM4v9BnSuQ0ENX7OP1Ldn+atSXL2Mp6xq/hzTrG2VXDE9FSxwBxk0w+AV1Xj8plhUxpKfkN4Hfikp4/SyN0f8eKK+Cz/IjzpRexLBiE3bSTWGm96t5eUdA9tljr6fUsYhhciBAkaQ2lV1aUlmm+4/21AJ+ZtNwpIlBP+OItqWzNzlRt/xWF0FfjNCBR3SGWSpKPmVfh9ilWtR209TOHASuQKUgM/3iBnxmHDoWNWt/EPINJ0OF7ctksjCob7xvdMaApNQsRCuAgfzXCZxoKl74YasF+DOS8FZ5M+CSUoFKW5xMVyYjRhrxEfLsC9eMUz8GL+8jPjdRBCNNowRNsf6EH7+Sr7C9SZNpzFshb9k60CNufyCpwyZ18UMkNHPsMSep3es6JdtvIHcuM3Iddh9NhaP1ufmh/0lnrYZizGDHto7TSfpTNRkk9BZfwVBs689xXSMiAOT0EsxzX18q2rGVJ01Xo50a24TiqEkaDHA4xJ7Pa0bIiO3PKfIwoVRWGUDEzBelFaZpreIILs/ioxoBQvCPUqHFG3JrMg7w0MCu3z25aJdWUdurraTUf9eXtAstm8AXfl6AeR5YHDVUOHrUXRFvXhfCnb3F4uuzf+Naxs1PLCdZNLXXS+KtE0f9jw/1bUNVHdBFCI8+hxwOf5F4/8D9+Sn4oubjhTm9fXRO1rZNs5D25NjeS6aqPy2rGV1PekCinx/FgYjcync+5uim+coA0ZV84K3sgweIuvEAImdLEdOMAM3vmoOgUED3NCRb1fV7anUJDpvMKx1uedEo30rZRzUT/7BL/87z2ICfSaoqHZ5l+p9l+aJzuuZBHqB+HFYCBflISaH2RldJYJHNGcqM7TcO4YF1EsAG7oEvzetLyenPa6tI1tJxqQFrNC8bzxCC/5Sd2yeVyTdiFaMk5YJiuTCfbCha7KM6RctMfSThTHvuSsjmT3ZZOx8lK3griv29vECbyyhJwHQPldH4407TUfkW3sItlXJQMWZzWfUEkyddYLJYgPxwdWgdgByjL0vzLtc00JBqjZBCyvE+9tOzT890cKNX06QnxcDpPE+bW1fEZbMkHnTYUmFPrlInxjIAt/g+RG8FA/m1+6O8Rt6sEujQJYuhTtmiPstq2qe08xjklgn0q5xdfbjQgXPDRr58xvbcTYtaEC/ntQ+Vw3iJqya8a02uMydnrn835KeeEo4PJu/DzWxlf15M/nEtLjJil7X3Rde8FBoGArjxThMHf2X0mjs4c+sCBbABdGVpSTLOm0DE4521ReTj+Kw4qL40SO7PWQGcqW2IsQOolZukjKze2ZHYUDPZsx2dIiMX1p1wpJPoHmNCRWmfAOo7QE0UnskC0dkDvkh5F43GIXlq39MOrkMKUsr/6t04FYCPz9fur3jOYR11Tse2R4oBxaO6PhREGHgtmpBhhcyMls0ZEM3A2V0NH/UOv6wPRnBcq2PkQ530hpWK8c4lJXLeDUAwuRKV57dNvZb7C+CjLPaVseBZefe6rvsvlOJTbN7uxwsaaXoQWY/trn+FuTQiZ5fmUggnehpxf/8TR1jgBYSJt7a6h53l2z8HielT9NJ8oRbZxfRZXZ2ewz1dL0WXclYzskfqCqJWPMtc/MwAGlXUkfD8idx+iyM0dhwW3FwOv4g9FCsn6dJT8CdFf9hdixcq5eGF78XqtmoxBeinQOM47yd9McgyDRl7E3U/V6caX8iJeEycZgL0IYupF3MEbCjKv/3SL64r4J2CirIQhoa5ioT+yVjNwwChms+YqzpTLh4Jvo5x4D1YNrpDkIdb72ZW4P4PpWCncOPxJp50YDSDe9IQOLUsYqmazFdUx2I7xzZGivEjM2gGCNjP55VsvaOkGzFs7psMHeh98OMVXwktCiqZgh1hmMNjyEEb/8FyV1xSpsuXXIAU+wIKGDQ5oX9uoUGln8IMeleg72FQOvZUcNiYBMsVaOHm8ZhrLPIUx787MHAXnPCIvpKtSMy2VqJJwqIrLfNVu6az20LFNfkl9qFYaGq8+okok0rmWHKs11MrD2VHdkFkUudIYNPRFDje5sZyco7apQwTl5XJRbiG2Z/SerB04wQuYEw0QyY1R0IreK/Cc/PsfGltU58ylB28N7jmaX+49FDrCerVXshxPpDdc7dX+USQt4QD62VTaSdyqNRpI9ngfvmQRA9Yymbw0YAo3jt1E/t8MvSLVDTKR6LRMjNMeWFu0NoXoUvirQdAeq3gu47BwNxcqmsLFm2n6D1i2/JqMMQmhOfo/3v4fWTEiMBriiWGEAIlryq0M1vv4y2sPCesE75D4meXGri+TaI/VLTo4wL1AMNcyWiHJYQheAy5y6uYT5eYm8qA1cniAiiD+WCssyNmGP6de1Mw1hhRYCCEGAZsx5hcx1Jry1q9FCSEvJQJVi06Ka00LlQhG/fdsBZGu5STU7npR7HTp0dDekBIB/3T6htfqe/urcEV/Yp44s1rFhttAtNtBOpUEOGScbufnVX9zCazXRnjXFX/4XLB8e4Wsab1Bc3VX+C8BP0W5naeIXdfzr85WYkCiuWygfk8lUTz0r/v1OzA5ITnQorxJn7kuQvSgP42twJavtwDDahW7yvMCxdxnSUpTt06EwHL3GeumoKKF3vhmmLoMds58L6nt4Fw+4a37Uf8Ag6laqNlIM2iPJIS2a9ZeQnjDgpdaO0calfFjXWRxXOz8gOtbAkgGmDi6HXnleNfgB4nLybxAo0lHGrVwxaHiXqSybZA68GUhWIC93oBksnUJbYG3AGinsXzc7BXyupRMBUNVzYBTsrz9rU38xN1pvVy/UIf3Rey+xv4ivCQvZght6f8cDGYHx42WojJxRZoZW8LELY5mp3i9AVhuuHfEFxmRyK/qs/1UiJ5WpDybEyoGU1dePelPLGmCz0cbChcQN5lSREXOuh6JWHQKK7Zwp9syextWXrFBRRFuqv5+YnSY2MQV6jkFifu8gdm+U1w3QukMwPfTI2TWqCjH9OhoaZ0btl/7KiwPRzFPMBeD9SGnDbDHBtuG0WxZBiB9hkppLAzUDaxgZLUsjxb72zQqg0yZ1PdRZGzgWnO40nHC0C3pAg1W7vo1qO2fcTZd2Ldvj2Io3KsDVBWzZiGMZkiOFu5rokKiDFZymkLy95lkLM+JcrS+5h7APQQtw7+Krdl+JO/Ma92QrLmRnTLImNqeLMio05fyjJU2nN4SxInVcaQM8owtRJXU7QL5gPBiFbkwG2NUVBoShLCTro4m/Kd7m3XeuPYQze1goI0lM2sJhkt1xtOcPODbceazj449zXnNflEDUX4fyGOPnFeP8MPc0JyU0oqNVvU/D5p8UcpfQsZ7cWu4DFg8tWoL4lqrQ45oXr7WYJTs6t3GFIh+eXvfrcoy9vcs4ZSc7GrSMewVn0yf9MQLuRjhiPidc2m3vphswpwk/cPk8LpOk1iV7HZnATwe2L+9djHJLYeAll6aovXreNjC92Du2Jj2ulHNC9Q7owBQ4+4naQhb9bZnzHCkdeOCcpID6WfKy5W/0hm3MijVI2oH5KxhQMkvqZNmQ6o2cckY7XHQWtFkq6s/B8u2/bpASeOzLjXwODwv4dgbmvEfvU/rxV3uySQfmbcmauFKnL7Jy4kxvpRtHtNcE6q7yQSOkMfRBchgg9SO08LlMPfeQ4uh0SgUqh1bwJVbnXqFiDazNrs1/Sn2ysMTrrFw7cDjYhemGdXxgFyS86fj4GTURq8EKMWFxqYPDxINhP0IJPiXpUdNJEcmxSIhZQnWaf/Or62UdH3+1stdv4BxRZD923Ronj1waTJGz7HHr5Dhn3nI2v4VY3ojjmxeLXPBUe4
|
||
|
"deleted": false,
|
||
|
"disable_correlation": false,
|
||
|
"object_relation": "malware-sample",
|
||
|
"timestamp": "1607930764",
|
||
|
"to_ids": true,
|
||
|
"type": "malware-sample",
|
||
|
"uuid": "5438b429-6c1d-47c9-ad78-c6391a202d80",
|
||
|
"value": "019085a76ba7126fff22770d71bd901c325fc68ac55aa743327984e89f4b0134|2c4a910a1299cdae2a4e55988a2f102e"
|
||
|
},
|
||
|
{
|
||
|
"category": "Artifacts dropped",
|
||
|
"comment": "",
|
||
|
"deleted": false,
|
||
|
"disable_correlation": true,
|
||
|
"object_relation": "mimetype",
|
||
|
"timestamp": "1607930764",
|
||
|
"to_ids": false,
|
||
|
"type": "mime-type",
|
||
|
"uuid": "786ff4a1-4cde-4dcb-bfb7-407bd4a95947",
|
||
|
"value": "PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows"
|
||
|
},
|
||
|
{
|
||
|
"category": "Payload delivery",
|
||
|
"comment": "",
|
||
|
"deleted": false,
|
||
|
"disable_correlation": false,
|
||
|
"object_relation": "ssdeep",
|
||
|
"timestamp": "1607930764",
|
||
|
"to_ids": true,
|
||
|
"type": "ssdeep",
|
||
|
"uuid": "ccc02e49-51a2-4a21-8416-0c2317ed7ec8",
|
||
|
"value": "12288:dJKoHwfn/jz3bbO4Qag2I97PMieSLezPKT+cYvjenWHuhh9c0g8vkzE19Wv:rEfDbO97P8TrKhYbenWH4c0g8vkzE19e"
|
||
|
}
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"comment": "",
|
||
|
"deleted": false,
|
||
|
"description": "Object describing a section of a Portable Executable",
|
||
|
"meta-category": "file",
|
||
|
"name": "pe-section",
|
||
|
"template_uuid": "198a17d2-a135-4b25-9a32-5aa4e632014a",
|
||
|
"template_version": "3",
|
||
|
"timestamp": "1607930765",
|
||
|
"uuid": "95432908-2bb1-4cca-8b88-db3d0c4bcd6d",
|
||
|
"Attribute": [
|
||
|
{
|
||
|
"category": "Other",
|
||
|
"comment": "",
|
||
|
"deleted": false,
|
||
|
"disable_correlation": true,
|
||
|
"object_relation": "name",
|
||
|
"timestamp": "1607930765",
|
||
|
"to_ids": false,
|
||
|
"type": "text",
|
||
|
"uuid": "9d6dd696-fa53-481c-8c42-089d18a7259a",
|
||
|
"value": ".text"
|
||
|
},
|
||
|
{
|
||
|
"category": "Other",
|
||
|
"comment": "",
|
||
|
"deleted": false,
|
||
|
"disable_correlation": true,
|
||
|
"object_relation": "size-in-bytes",
|
||
|
"timestamp": "1607930765",
|
||
|
"to_ids": false,
|
||
|
"type": "size-in-bytes",
|
||
|
"uuid": "7864c578-24e3-4840-8e03-5e8f9c278902",
|
||
|
"value": "1001472"
|
||
|
},
|
||
|
{
|
||
|
"category": "Other",
|
||
|
"comment": "",
|
||
|
"deleted": false,
|
||
|
"disable_correlation": true,
|
||
|
"object_relation": "entropy",
|
||
|
"timestamp": "1607930765",
|
||
|
"to_ids": false,
|
||
|
"type": "float",
|
||
|
"uuid": "602efb82-2338-428f-8041-841980dc83c6",
|
||
|
"value": "5.5697311444704"
|
||
|
},
|
||
|
{
|
||
|
"category": "Payload delivery",
|
||
|
"comment": "",
|
||
|
"deleted": false,
|
||
|
"disable_correlation": false,
|
||
|
"object_relation": "md5",
|
||
|
"timestamp": "1607930765",
|
||
|
"to_ids": true,
|
||
|
"type": "md5",
|
||
|
"uuid": "d9607fc7-8d83-40f4-b7bc-3b8e51839167",
|
||
|
"value": "c4a55257e26e3b07339fa125f5223a72"
|
||
|
},
|
||
|
{
|
||
|
"category": "Payload delivery",
|
||
|
"comment": "",
|
||
|
"deleted": false,
|
||
|
"disable_correlation": false,
|
||
|
"object_relation": "sha1",
|
||
|
"timestamp": "1607930765",
|
||
|
"to_ids": true,
|
||
|
"type": "sha1",
|
||
|
"uuid": "b210f518-0549-4265-aa82-5912e23157ff",
|
||
|
"value": "6c2e6a1b9ebb7d0eedb9e11d8017ff6c795b9b98"
|
||
|
},
|
||
|
{
|
||
|
"category": "Payload delivery",
|
||
|
"comment": "",
|
||
|
"deleted": false,
|
||
|
"disable_correlation": false,
|
||
|
"object_relation": "sha256",
|
||
|
"timestamp": "1607930765",
|
||
|
"to_ids": true,
|
||
|
"type": "sha256",
|
||
|
"uuid": "13759646-d63d-4749-9a02-621fa0165f7c",
|
||
|
"value": "9e1e82ad740aba788850c5529e3eb84681b0a53b6c76ff5eadc6cb762823dba3"
|
||
|
},
|
||
|
{
|
||
|
"category": "Payload delivery",
|
||
|
"comment": "",
|
||
|
"deleted": false,
|
||
|
"disable_correlation": false,
|
||
|
"object_relation": "sha512",
|
||
|
"timestamp": "1607930765",
|
||
|
"to_ids": true,
|
||
|
"type": "sha512",
|
||
|
"uuid": "26dd4d5f-47d6-4dd2-8a7f-5986ac7157bf",
|
||
|
"value": "131e0b4fff35499da6e33f099f8fe96de1a65deec9522becbc8e55d0470f42f8d58cc2f3678eb2a82667bdcd96ed0f587464917290904f989678788a497849db"
|
||
|
},
|
||
|
{
|
||
|
"category": "Payload delivery",
|
||
|
"comment": "",
|
||
|
"deleted": false,
|
||
|
"disable_correlation": false,
|
||
|
"object_relation": "ssdeep",
|
||
|
"timestamp": "1607930765",
|
||
|
"to_ids": true,
|
||
|
"type": "ssdeep",
|
||
|
"uuid": "76524233-9eec-4f82-88d5-b65259c6f6f2",
|
||
|
"value": "12288:0x7m/z9aEBzvnvLtYAi6uLlYQ69BBpIvF1tjpH7BKi+0A8vca9owY:PaEBTvRBi6uL6dIvDtjpH9+0A8vca9oj"
|
||
|
}
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"comment": "",
|
||
|
"deleted": false,
|
||
|
"description": "Object describing a section of a Portable Executable",
|
||
|
"meta-category": "file",
|
||
|
"name": "pe-section",
|
||
|
"template_uuid": "198a17d2-a135-4b25-9a32-5aa4e632014a",
|
||
|
"template_version": "3",
|
||
|
"timestamp": "1607930765",
|
||
|
"uuid": "7d04169f-afa9-41b2-8992-c693a431abba",
|
||
|
"Attribute": [
|
||
|
{
|
||
|
"category": "Other",
|
||
|
"comment": "",
|
||
|
"deleted": false,
|
||
|
"disable_correlation": true,
|
||
|
"object_relation": "name",
|
||
|
"timestamp": "1607930765",
|
||
|
"to_ids": false,
|
||
|
"type": "text",
|
||
|
"uuid": "07078bbe-9887-4307-a2cb-259c994c96d9",
|
||
|
"value": ".rsrc"
|
||
|
},
|
||
|
{
|
||
|
"category": "Other",
|
||
|
"comment": "",
|
||
|
"deleted": false,
|
||
|
"disable_correlation": true,
|
||
|
"object_relation": "size-in-bytes",
|
||
|
"timestamp": "1607930765",
|
||
|
"to_ids": false,
|
||
|
"type": "size-in-bytes",
|
||
|
"uuid": "9d3331fc-865f-4ff3-ad8e-eeae43c356f7",
|
||
|
"value": "1536"
|
||
|
},
|
||
|
{
|
||
|
"category": "Other",
|
||
|
"comment": "",
|
||
|
"deleted": false,
|
||
|
"disable_correlation": true,
|
||
|
"object_relation": "entropy",
|
||
|
"timestamp": "1607930765",
|
||
|
"to_ids": false,
|
||
|
"type": "float",
|
||
|
"uuid": "58debcd3-e4de-4dad-a43e-b3665d1c8d3d",
|
||
|
"value": "3.4018646666713"
|
||
|
},
|
||
|
{
|
||
|
"category": "Payload delivery",
|
||
|
"comment": "",
|
||
|
"deleted": false,
|
||
|
"disable_correlation": false,
|
||
|
"object_relation": "md5",
|
||
|
"timestamp": "1607930765",
|
||
|
"to_ids": true,
|
||
|
"type": "md5",
|
||
|
"uuid": "ec54cd2f-e5c4-4e3d-b24d-e950810fb7b7",
|
||
|
"value": "7454e0d2a852d8d802490dbc6c07f42e"
|
||
|
},
|
||
|
{
|
||
|
"category": "Payload delivery",
|
||
|
"comment": "",
|
||
|
"deleted": false,
|
||
|
"disable_correlation": false,
|
||
|
"object_relation": "sha1",
|
||
|
"timestamp": "1607930765",
|
||
|
"to_ids": true,
|
||
|
"type": "sha1",
|
||
|
"uuid": "fd622511-809c-458d-bccc-28e3b9d3bd44",
|
||
|
"value": "b54275dd4daaa9467f91955b5b4670c20dfc4e49"
|
||
|
},
|
||
|
{
|
||
|
"category": "Payload delivery",
|
||
|
"comment": "",
|
||
|
"deleted": false,
|
||
|
"disable_correlation": false,
|
||
|
"object_relation": "sha256",
|
||
|
"timestamp": "1607930765",
|
||
|
"to_ids": true,
|
||
|
"type": "sha256",
|
||
|
"uuid": "ce67aaa2-f196-4ad6-912e-3aff8c28bab0",
|
||
|
"value": "e63d0b1280cd09f3d9236c4a7e428a000f0f87c6a707dbe2a6b5df3ceb24b48d"
|
||
|
},
|
||
|
{
|
||
|
"category": "Payload delivery",
|
||
|
"comment": "",
|
||
|
"deleted": false,
|
||
|
"disable_correlation": false,
|
||
|
"object_relation": "sha512",
|
||
|
"timestamp": "1607930765",
|
||
|
"to_ids": true,
|
||
|
"type": "sha512",
|
||
|
"uuid": "c43dbe58-0d94-4c82-899e-88d31e2e1cf3",
|
||
|
"value": "d982e2edba71923c7f9c4fdff636995fb475ba4146ea66dcb28b2b24c0e7f81742b4109ee9900ae7f9442ded32f1412311766cd374d88abdff2da317f752708d"
|
||
|
},
|
||
|
{
|
||
|
"category": "Payload delivery",
|
||
|
"comment": "",
|
||
|
"deleted": false,
|
||
|
"disable_correlation": false,
|
||
|
"object_relation": "ssdeep",
|
||
|
"timestamp": "1607930766",
|
||
|
"to_ids": true,
|
||
|
"type": "ssdeep",
|
||
|
"uuid": "9f694408-2bbc-4e8b-95cb-cb42df342310",
|
||
|
"value": "24:wpyQMKyxF4iPXOL1XNNP+aOL1hyYinXF4OL1F3YOL1sPN3Flvq3:wp2jleBHSBhyXBB9hB8Pi"
|
||
|
}
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"comment": "",
|
||
|
"deleted": false,
|
||
|
"description": "Object describing a section of a Portable Executable",
|
||
|
"meta-category": "file",
|
||
|
"name": "pe-section",
|
||
|
"template_uuid": "198a17d2-a135-4b25-9a32-5aa4e632014a",
|
||
|
"template_version": "3",
|
||
|
"timestamp": "1607930766",
|
||
|
"uuid": "9eb3ca01-80fb-4660-933b-05aa267d4a26",
|
||
|
"Attribute": [
|
||
|
{
|
||
|
"category": "Other",
|
||
|
"comment": "",
|
||
|
"deleted": false,
|
||
|
"disable_correlation": true,
|
||
|
"object_relation": "name",
|
||
|
"timestamp": "1607930766",
|
||
|
"to_ids": false,
|
||
|
"type": "text",
|
||
|
"uuid": "cc3d8e71-9f46-4ae8-8017-f7abd4d1f92b",
|
||
|
"value": ".reloc"
|
||
|
},
|
||
|
{
|
||
|
"category": "Other",
|
||
|
"comment": "",
|
||
|
"deleted": false,
|
||
|
"disable_correlation": true,
|
||
|
"object_relation": "size-in-bytes",
|
||
|
"timestamp": "1607930766",
|
||
|
"to_ids": false,
|
||
|
"type": "size-in-bytes",
|
||
|
"uuid": "9321f263-230d-4940-b7b5-c063882872d6",
|
||
|
"value": "512"
|
||
|
},
|
||
|
{
|
||
|
"category": "Other",
|
||
|
"comment": "",
|
||
|
"deleted": false,
|
||
|
"disable_correlation": true,
|
||
|
"object_relation": "entropy",
|
||
|
"timestamp": "1607930766",
|
||
|
"to_ids": false,
|
||
|
"type": "float",
|
||
|
"uuid": "cbf11ba1-559a-4981-aa48-6e1588de4dac",
|
||
|
"value": "1.9473387961876"
|
||
|
},
|
||
|
{
|
||
|
"category": "Payload delivery",
|
||
|
"comment": "",
|
||
|
"deleted": false,
|
||
|
"disable_correlation": false,
|
||
|
"object_relation": "md5",
|
||
|
"timestamp": "1607930766",
|
||
|
"to_ids": true,
|
||
|
"type": "md5",
|
||
|
"uuid": "6971af4b-4f08-4111-a1c4-2863ff56d8a4",
|
||
|
"value": "89642b60883c693211567f54fcde5631"
|
||
|
},
|
||
|
{
|
||
|
"category": "Payload delivery",
|
||
|
"comment": "",
|
||
|
"deleted": false,
|
||
|
"disable_correlation": false,
|
||
|
"object_relation": "sha1",
|
||
|
"timestamp": "1607930766",
|
||
|
"to_ids": true,
|
||
|
"type": "sha1",
|
||
|
"uuid": "84c2bedc-96ee-4d59-9c16-ad637657a02a",
|
||
|
"value": "0161b4dc14ed849384714b7d48e4ce8e31cee22d"
|
||
|
},
|
||
|
{
|
||
|
"category": "Payload delivery",
|
||
|
"comment": "",
|
||
|
"deleted": false,
|
||
|
"disable_correlation": false,
|
||
|
"object_relation": "sha256",
|
||
|
"timestamp": "1607930766",
|
||
|
"to_ids": true,
|
||
|
"type": "sha256",
|
||
|
"uuid": "4071bfcb-ba07-4f98-9a89-665f246147f7",
|
||
|
"value": "7e9191e9c1bd9624a97b0147d173abe2556a3b319dc1e1805d6ca2abc49c054b"
|
||
|
},
|
||
|
{
|
||
|
"category": "Payload delivery",
|
||
|
"comment": "",
|
||
|
"deleted": false,
|
||
|
"disable_correlation": false,
|
||
|
"object_relation": "sha512",
|
||
|
"timestamp": "1607930766",
|
||
|
"to_ids": true,
|
||
|
"type": "sha512",
|
||
|
"uuid": "5a245eef-3ef3-4a5c-915d-1aabaf4e76f6",
|
||
|
"value": "32837f59e1063a10eff10e71f8ab2f78205122c136ac48bd1e73cb877b375da94c4f6553e84a7080c3a36b8af4461efad16ab251c2c777100b69fb44826aa3cf"
|
||
|
},
|
||
|
{
|
||
|
"category": "Payload delivery",
|
||
|
"comment": "",
|
||
|
"deleted": false,
|
||
|
"disable_correlation": false,
|
||
|
"object_relation": "ssdeep",
|
||
|
"timestamp": "1607930766",
|
||
|
"to_ids": true,
|
||
|
"type": "ssdeep",
|
||
|
"uuid": "bcc92be7-237e-43b9-a5d1-85f5bb186f18",
|
||
|
"value": "3:L:L"
|
||
|
}
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"comment": "",
|
||
|
"deleted": false,
|
||
|
"description": "Object describing a Portable Executable",
|
||
|
"meta-category": "file",
|
||
|
"name": "pe",
|
||
|
"template_uuid": "cf7adecc-d4f0-4e88-9d90-f978ee151a07",
|
||
|
"template_version": "5",
|
||
|
"timestamp": "1607930766",
|
||
|
"uuid": "8ea7172c-eb93-4bf5-8baf-630fa26e5d2e",
|
||
|
"ObjectReference": [
|
||
|
{
|
||
|
"comment": "Section 0 of PE",
|
||
|
"object_uuid": "8ea7172c-eb93-4bf5-8baf-630fa26e5d2e",
|
||
|
"referenced_uuid": "95432908-2bb1-4cca-8b88-db3d0c4bcd6d",
|
||
|
"relationship_type": "includes",
|
||
|
"timestamp": "0",
|
||
|
"uuid": "f00bfac7-7317-454e-a280-dcce3753b723"
|
||
|
},
|
||
|
{
|
||
|
"comment": "Section 1 of PE",
|
||
|
"object_uuid": "8ea7172c-eb93-4bf5-8baf-630fa26e5d2e",
|
||
|
"referenced_uuid": "7d04169f-afa9-41b2-8992-c693a431abba",
|
||
|
"relationship_type": "includes",
|
||
|
"timestamp": "0",
|
||
|
"uuid": "387f4c22-a32f-4ddd-b46e-e66ce4ebc448"
|
||
|
},
|
||
|
{
|
||
|
"comment": "Section 2 of PE",
|
||
|
"object_uuid": "8ea7172c-eb93-4bf5-8baf-630fa26e5d2e",
|
||
|
"referenced_uuid": "9eb3ca01-80fb-4660-933b-05aa267d4a26",
|
||
|
"relationship_type": "includes",
|
||
|
"timestamp": "0",
|
||
|
"uuid": "64a99176-da1a-4eb4-ad43-c4ebd4bde080"
|
||
|
}
|
||
|
],
|
||
|
"Attribute": [
|
||
|
{
|
||
|
"category": "Other",
|
||
|
"comment": "",
|
||
|
"deleted": false,
|
||
|
"disable_correlation": true,
|
||
|
"object_relation": "type",
|
||
|
"timestamp": "1607930766",
|
||
|
"to_ids": false,
|
||
|
"type": "text",
|
||
|
"uuid": "5c497028-aca0-4325-afe5-c231e060e30b",
|
||
|
"value": "dll"
|
||
|
},
|
||
|
{
|
||
|
"category": "Other",
|
||
|
"comment": "",
|
||
|
"deleted": false,
|
||
|
"disable_correlation": true,
|
||
|
"object_relation": "entrypoint-address",
|
||
|
"timestamp": "1607930766",
|
||
|
"to_ids": false,
|
||
|
"type": "text",
|
||
|
"uuid": "f939a988-74bb-4c07-b27d-89e19b05e362",
|
||
|
"value": "269443494"
|
||
|
},
|
||
|
{
|
||
|
"category": "Other",
|
||
|
"comment": "",
|
||
|
"deleted": false,
|
||
|
"disable_correlation": false,
|
||
|
"object_relation": "compilation-timestamp",
|
||
|
"timestamp": "1607930766",
|
||
|
"to_ids": false,
|
||
|
"type": "datetime",
|
||
|
"uuid": "2f96d6b2-f926-4e96-8741-de436ab52701",
|
||
|
"value": "2020-03-24T08:52:34+00:00"
|
||
|
},
|
||
|
{
|
||
|
"category": "Payload delivery",
|
||
|
"comment": "",
|
||
|
"deleted": false,
|
||
|
"disable_correlation": true,
|
||
|
"object_relation": "original-filename",
|
||
|
"timestamp": "1607930766",
|
||
|
"to_ids": true,
|
||
|
"type": "filename",
|
||
|
"uuid": "e71a561c-35b4-4607-bdb9-63b6850e265a",
|
||
|
"value": "SolarWinds.Orion.Core.BusinessLayer.dll"
|
||
|
},
|
||
|
{
|
||
|
"category": "Payload delivery",
|
||
|
"comment": "",
|
||
|
"deleted": false,
|
||
|
"disable_correlation": true,
|
||
|
"object_relation": "internal-filename",
|
||
|
"timestamp": "1607930766",
|
||
|
"to_ids": true,
|
||
|
"type": "filename",
|
||
|
"uuid": "693fb47b-4640-48d4-ae2e-405d21a4d393",
|
||
|
"value": "SolarWinds.Orion.Core.BusinessLayer.dll"
|
||
|
},
|
||
|
{
|
||
|
"category": "Other",
|
||
|
"comment": "",
|
||
|
"deleted": false,
|
||
|
"disable_correlation": true,
|
||
|
"object_relation": "file-description",
|
||
|
"timestamp": "1607930766",
|
||
|
"to_ids": false,
|
||
|
"type": "text",
|
||
|
"uuid": "246efdf4-195f-43bb-bff6-54874de78a37",
|
||
|
"value": "SolarWinds.Orion.Core.BusinessLayer"
|
||
|
},
|
||
|
{
|
||
|
"category": "Other",
|
||
|
"comment": "",
|
||
|
"deleted": false,
|
||
|
"disable_correlation": true,
|
||
|
"object_relation": "file-version",
|
||
|
"timestamp": "1607930766",
|
||
|
"to_ids": false,
|
||
|
"type": "text",
|
||
|
"uuid": "f1340aad-9116-45bd-b68b-604853912c22",
|
||
|
"value": "2019.4.5200.9083"
|
||
|
},
|
||
|
{
|
||
|
"category": "Other",
|
||
|
"comment": "",
|
||
|
"deleted": false,
|
||
|
"disable_correlation": true,
|
||
|
"object_relation": "lang-id",
|
||
|
"timestamp": "1607930766",
|
||
|
"to_ids": false,
|
||
|
"type": "text",
|
||
|
"uuid": "f6a6bf58-6a86-4ed4-9227-32aba94e4e6f",
|
||
|
"value": "000004b0"
|
||
|
},
|
||
|
{
|
||
|
"category": "Other",
|
||
|
"comment": "",
|
||
|
"deleted": false,
|
||
|
"disable_correlation": true,
|
||
|
"object_relation": "product-name",
|
||
|
"timestamp": "1607930766",
|
||
|
"to_ids": false,
|
||
|
"type": "text",
|
||
|
"uuid": "093509e0-da7e-44e9-80e4-15c49b411e19",
|
||
|
"value": "SolarWinds.Orion.Core.BusinessLayer"
|
||
|
},
|
||
|
{
|
||
|
"category": "Other",
|
||
|
"comment": "",
|
||
|
"deleted": false,
|
||
|
"disable_correlation": true,
|
||
|
"object_relation": "product-version",
|
||
|
"timestamp": "1607930766",
|
||
|
"to_ids": false,
|
||
|
"type": "text",
|
||
|
"uuid": "06bd517b-8558-4497-9067-c0bd1bce26fe",
|
||
|
"value": "2019.4.5200.9083"
|
||
|
},
|
||
|
{
|
||
|
"category": "Other",
|
||
|
"comment": "",
|
||
|
"deleted": false,
|
||
|
"disable_correlation": true,
|
||
|
"object_relation": "company-name",
|
||
|
"timestamp": "1607930766",
|
||
|
"to_ids": false,
|
||
|
"type": "text",
|
||
|
"uuid": "1a0ef4b9-0495-4fcf-8dc6-4d789915ec7b",
|
||
|
"value": "SolarWinds Worldwide, LLC."
|
||
|
},
|
||
|
{
|
||
|
"category": "Other",
|
||
|
"comment": "",
|
||
|
"deleted": false,
|
||
|
"disable_correlation": true,
|
||
|
"object_relation": "legal-copyright",
|
||
|
"timestamp": "1607930766",
|
||
|
"to_ids": false,
|
||
|
"type": "text",
|
||
|
"uuid": "41e53ab3-8a0f-43f9-9a0b-8224f22ff67a",
|
||
|
"value": "Copyright \u00a9 1999-2020 SolarWinds Worldwide, LLC. All Rights Reserved."
|
||
|
},
|
||
|
{
|
||
|
"category": "Other",
|
||
|
"comment": "",
|
||
|
"deleted": false,
|
||
|
"disable_correlation": true,
|
||
|
"object_relation": "number-sections",
|
||
|
"timestamp": "1607930766",
|
||
|
"to_ids": false,
|
||
|
"type": "counter",
|
||
|
"uuid": "afe288a8-6702-4a5b-84a8-f2ed0718feaa",
|
||
|
"value": "3"
|
||
|
}
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"comment": "",
|
||
|
"deleted": false,
|
||
|
"description": "File object describing a file with meta-information",
|
||
|
"meta-category": "file",
|
||
|
"name": "file",
|
||
|
"template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215",
|
||
|
"template_version": "20",
|
||
|
"timestamp": "1607931286",
|
||
|
"uuid": "7794b113-2f04-424f-ae5a-dd801e020d01",
|
||
|
"ObjectReference": [
|
||
|
{
|
||
|
"comment": "PE indicators",
|
||
|
"object_uuid": "7794b113-2f04-424f-ae5a-dd801e020d01",
|
||
|
"referenced_uuid": "8ea7172c-eb93-4bf5-8baf-630fa26e5d2e",
|
||
|
"relationship_type": "includes",
|
||
|
"timestamp": "0",
|
||
|
"uuid": "17439c88-fd50-4597-b5ef-c6fecd6a90f4"
|
||
|
},
|
||
|
{
|
||
|
"comment": "",
|
||
|
"object_uuid": "7794b113-2f04-424f-ae5a-dd801e020d01",
|
||
|
"referenced_uuid": "96ffe3c5-a158-40f6-a5ff-156ac385d32e",
|
||
|
"relationship_type": "analysed-with",
|
||
|
"timestamp": "0",
|
||
|
"uuid": "f0cc10e8-da4a-4315-b89b-2e152235944c"
|
||
|
}
|
||
|
],
|
||
|
"Attribute": [
|
||
|
{
|
||
|
"category": "Payload delivery",
|
||
|
"comment": "",
|
||
|
"deleted": false,
|
||
|
"disable_correlation": true,
|
||
|
"object_relation": "filename",
|
||
|
"timestamp": "1607930766",
|
||
|
"to_ids": true,
|
||
|
"type": "filename",
|
||
|
"uuid": "5702c7b7-6bf6-4d94-8a64-11ddfe943085",
|
||
|
"value": "32519b85c0b422e4656de6e6c41878e95fd95026267daab4215ee59c107d6c77"
|
||
|
},
|
||
|
{
|
||
|
"category": "Other",
|
||
|
"comment": "",
|
||
|
"deleted": false,
|
||
|
"disable_correlation": true,
|
||
|
"object_relation": "size-in-bytes",
|
||
|
"timestamp": "1607930766",
|
||
|
"to_ids": false,
|
||
|
"type": "size-in-bytes",
|
||
|
"uuid": "f4c93af0-9cc1-455e-b086-ec16bb941515",
|
||
|
"value": "1011032"
|
||
|
},
|
||
|
{
|
||
|
"category": "Other",
|
||
|
"comment": "",
|
||
|
"deleted": false,
|
||
|
"disable_correlation": true,
|
||
|
"object_relation": "entropy",
|
||
|
"timestamp": "1607930766",
|
||
|
"to_ids": false,
|
||
|
"type": "float",
|
||
|
"uuid": "26fd9e32-39e5-47f9-bbd5-da12c7dbdc64",
|
||
|
"value": "5.5828269967379"
|
||
|
},
|
||
|
{
|
||
|
"category": "Payload delivery",
|
||
|
"comment": "",
|
||
|
"deleted": false,
|
||
|
"disable_correlation": false,
|
||
|
"object_relation": "md5",
|
||
|
"timestamp": "1607930766",
|
||
|
"to_ids": true,
|
||
|
"type": "md5",
|
||
|
"uuid": "d8b496e2-9ed1-42a2-a95c-60dbe8da4bb9",
|
||
|
"value": "b91ce2fa41029f6955bff20079468448"
|
||
|
},
|
||
|
{
|
||
|
"category": "Payload delivery",
|
||
|
"comment": "",
|
||
|
"deleted": false,
|
||
|
"disable_correlation": false,
|
||
|
"object_relation": "sha1",
|
||
|
"timestamp": "1607930766",
|
||
|
"to_ids": true,
|
||
|
"type": "sha1",
|
||
|
"uuid": "8797fef8-250b-4431-8ddc-b93f31e54632",
|
||
|
"value": "76640508b1e7759e548771a5359eaed353bf1eec"
|
||
|
},
|
||
|
{
|
||
|
"category": "Payload delivery",
|
||
|
"comment": "",
|
||
|
"deleted": false,
|
||
|
"disable_correlation": false,
|
||
|
"object_relation": "sha256",
|
||
|
"timestamp": "1607930766",
|
||
|
"to_ids": true,
|
||
|
"type": "sha256",
|
||
|
"uuid": "e58db661-a418-4a5a-afc6-185cde20debc",
|
||
|
"value": "32519b85c0b422e4656de6e6c41878e95fd95026267daab4215ee59c107d6c77"
|
||
|
},
|
||
|
{
|
||
|
"category": "Payload delivery",
|
||
|
"comment": "",
|
||
|
"deleted": false,
|
||
|
"disable_correlation": false,
|
||
|
"object_relation": "sha512",
|
||
|
"timestamp": "1607930766",
|
||
|
"to_ids": true,
|
||
|
"type": "sha512",
|
||
|
"uuid": "931ec39b-c913-47c5-9360-d303eefeee3c",
|
||
|
"value": "6a81f082f36ccbda48070772c5a97e1d7de61ad77465e7befe8cbd97df40dcc5da09c461311708e3d57527e323484b05cfd3e72a3c70e106e47f44cc77584bd7"
|
||
|
},
|
||
|
{
|
||
|
"category": "Payload delivery",
|
||
|
"comment": "",
|
||
|
"data": "UEsDBBQACQAIAEM7jlGNIdI7jz8FAFhtDwAgABwAYjkxY2UyZmE0MTAyOWY2OTU1YmZmMjAwNzk0Njg0NDhVVAkAA44T11+OE9dfdXgLAAEEIQAAAAQhAAAA1Kzk958JdG3GeT2fvAT3KOOgpfwAibLL+kei38FP616Ui5vo9KL06SLeKYHblcVj1OYqMkUGkUqdMb83l3cJDe04hQaOnpdKtJl1dhM+8wQAy/KE8Ymf2iHorchJEfL4/eRT5/HTXYnlM26BmMEndoHXVB/vGopHhPv7r/P8uKw1vVIrm9pmOzUAtuKQXI8FDjbDXi7OasoIY0aZYbf789TzUY20KomU3ZCpBdBDFTduRnKlpYw4ES0XLpWtC87Th8JljxN9dph878xCr+0pNBaYfO/0xrkc41CSXJYhy1shi2FLBttzh92GPiX3d01HhHseOiU9IizYWhaic4Pthf6R9FCVDr/FSKTzUoxEZjTR/tohN0DW7U0jSWxJ9NB+evsx0dOhpTleCkufd/GDb4gtn+I0SWq6C1A3C7i0jl9P6h4gjTtx1G6I9k18xV+86Q8CUIuKeWdsNIpC3XOWlnyeJgFBdSj/UbLD0Gz46tbjwaLD5s+ZOkc0oOKwZjbPXi57HeHTvT3ojPPAAdGUpiMurh696k3LBMUxEM9QjiIQtMDzdQVdwxrFq2gl4aOemikWQ7n0bYoEtjSEyy2Y7MIxZO6ZnN7sK0ZGH9BRgNzjrXrdggsNd3lgvfo4UaKtcK8TwAzcOh5ZCKtVoN+6tSJKFBQoC7Iftb/vnvT8PjhqMtwHJtu9RfIJG2+JUBklMqgV1ZQ4eAuWSC3CVOZGREx2mx2AZtGwk3GsGS0Bk3A6udPUmIniCJ0I4oJQKWXdrMgXfyJTzzg92XYfzLXTZLlcxP6EAAYcpgJiYP+YYic8sfh3KL2hOiUkUp11GiD3gU5jmNHWzzhQbZqFvw1P6Rp03xOIPXXSCy+tNFKfTia/qLRIybXQq0WmKfCoY1oRLXsd5Q/s0NadXne7HQIfnVyNp6ElJq76McTn8ndPcasdL8NO/m/8ZPKkMwNMxCaYsiw2rHkTP6sY3Hb/jZJJ+do+4Se8yQPxo9I5Tqkec9ZNxv1HwLfl6FOICUH05Lltg0a56hgtC3+T9P9cLuDI2byY9l4Br8fIEuhZIR9aLkSv4Bmd00m9Ugvo7NuWBRLWjkKAUcYfCOlu/0Q+VutE2Vti/fe/yJWRDAlPE8EEmQhhzGBSVAsKO7x4224ZmX4hCg3JXAIRQ0+8sf3msjEETjG5VDkbJol93ClC08efd89DJD76y4N+o3cztuy8oTkLcKYYNcNzq5w17qzOmR68TcWHEoLWmD6BH5xqotzveUhz6JOt0igxqEepjKJekd1VRwhSwVGuYWCBg2h2Z59D0q7GEXqf9d595KV/LQvEhrKin/CdmBbrp4OywcUIg6LoworsprVl0ErY3PPDps3YfHeKBxxDgmaPYmCbxk1KaKsUyizPSMg+Pq+dVaaRbV0ynAXKJqQJnMS8ZqzLkVXJc9SYrJwARlkYQWN38I5TXmhuBNW4nu3cSD4xKIjOyLKl4VLC7fHuHXqT+XZq7UP27QSGXXityBJR/g29ZsaxC/EBPGYqueCOJxqOaoIqB3CMO6JTSkVVVDgHO6orwnZz7eHrpvdK8CgsGTE4VKY0hxclxMty3NB5eGmbnXueb+yP3esEUWWlv7tCZvRoLouoZXAByieoHD0SSnZhpVv2AsxLtgKpwTux5sYK01Ibk14c4bREizCP1uxXLR6QTV9zxM7YdLqD6nIIxwTA0XCgBF+WYc8NKbakzVd1E6jZIbxyTbHwxzVF+2X7nMrQWmpeP8Qu9343w2IC5VVrzEMXAlgjVIt7IiOUNmLH9IhgsMsmXt5ZXd1fG4uZPVw/DbYhCP0wHRdl8dOxQ+KumVQnBtuxMjb9Yx7KdyS+p3fHkaid70nxaVI2phs2+2eF/gej0jJ+CpN24fX7FJYv3LupTpoD+mBg6bVy853mVUQoP/EBOSulYlcwggaXD20MZg/cKkfYlZBYTMjAb37gi+VyJ1Qs9lU4pp7c2SV63iZ+1CCX6RAcVZIkZvPovJpYOjlk5x1T2JxKKnQqioBoP3OMHsWfRIcyxz6IUQt2osD487/50JVomPbiXX/gIartBXKn3ScMQuM9SaTdMRW30ONzmJg/0z1UkcX/1CVsCzqdOYm/u2Ujtc+SPB4xYNZyxXql9wJIGY8Pb0UcD6ikhjExkpa/XuZ2lUscVLjH1+5a48FAAVAV84sFy6EI0BpPKsqakpm0hnthtgEm7iVLAxFFGV82WYMNsMIQCIw3+tOZoqng/ZnuXzRqAWAVsG5NrXAQDli8r2XOwYp8IayNdm70pNYPCg2M10yJcMhfVfUwMsC00sZJZ6sFHWMZP6zkO4qqQTYEQ/ZulnvbX+jUS/O5twOPvfcAwIN+1VYAcj2/EiH28i4ouH5EQtHhJ5KejGxQfM3toKVTqM0qa14G818qV/BViyzwx6DPDISoKumTarcmyvaAz8wGDshfq77nkZLoCDW1Lr+LYF/FrPatkerr+G+2JKvPjqbPYaEzc4iTl9PVPH3TaZH76WBkgpG4BcsyxVu5sdUd5kULp9dRWJ5vqQWEfpUxTJhxfZyY611gGbci/sHHkxoGU6wA2/03a/DlIyfyynNbR+eN8bkAkZlSnZi2dbOv1nhGs3oMWIBzZlKn843C4AX82HAFp6IYPYo/5EMaL8aYaapGsYYyRx2+KD1+WcV/Dd93HYFBXL1aSoXtTdVnXlhOEAiX+3N8o9AIaND6iUY/VxEgpzgy9rH79c3bJ1r/udO+k3pTw0MZncjpgRdarwVjGtY8r3ZVkBjPL3+RsqoD3cflIpK0WWwBvIYHCX+HGas/Vv4dT/vwRrZkQBH0059WNspxHiHkLpK5MHkEXpB7yLWdxKusw5P/MLx9O++X4oL6g2O3tb6d/5vcBJ7Sq9AB2h9XqL6hAH26kiEQNUjERrydiMC46nIp82/d20LAiVpei9gWk/tUcFX9hcO29JjmQ9/q4xUkoH+FEvuN+gQgMb5/g9TpTl+/ZLpM0rGM4ebx0aEHRT/jarUQem8MWugwUdF+IWUlivHSHW0Kte6yxhqhcRCwlbUGk/8s28Sy8k54DKEjbM0PW+GmirUKbulD/BZHv6OoB+pOyorYCLHyZveiMY+6IeEg7QNchedGuN4KEeI+pT4LZmdGvLh6GRXTcgDgcS0FJio8zx254mgXF1Cc5o8gI40wkneehxaazUriQRrNsYxRwqTmYEQ1h+zJWZrUbFp4pXhPOTA4xSB8UtCNI58j64P+QbidGy+lWPHTjCp5JukAjoSeAqwIekhzVLaUEoGgmDOBBFQivr7ehAmKaSbnIZEjPxxmDduJekKZlfHJLihbwBHCYG2nfsWCPaQmXQbOPTWUPbClHxBuoXj3lNwc7T0EQAHCBkPTUH7bGCWXkSbbWo8JVitOGorpCH1HLHmU0AtLBQSej3jthdL5OERVDclqXVDB9x/DmpxLO3enOWfqQ+ot+spoDFTR6Xp5YBnBfu6RN+MfpR2KeLkCuloysW0me2FSVdBVY86c7w24oDjtL4kyRzuYpK+VvxmDE3Kb40Myo4KYrR3eX+qTPxUhWB8eOSIJxurMV5MbnxFc+6bHLvJklJG5m1/i5QtNXgr+N4i7n5ZJIQBWW8QzYGBp97dLCAAjJCMTcJGLp+wt+aJLud4PvFvK7gi+XprCjGLuasbFWNGupb3NJMw9RJ54dYbOJ92UsUQdmMFeEdRWZLS4uxEvEvj80gw/wakMLvSJautb1AYvrCr38ItvVlvjuosjhBzIWrur3OEfwxiIWfQ4y17bGcuJtKkKEZWe02uTi0o2wYPuDWBs8+gjy2EV5lAqol1OUPmDR1BuFC5hhpLuHZvuAnvRkaL89zboAMjqPServX0VX1Oh7UsNjMgreDrda9+aWs/3oUtv9/hCKIOZPoUUE2f+aIQHfPntwjtaU64QKWvqvSS8GsArBG0vJzlZgEQ+jZx63E
|
||
|
"deleted": false,
|
||
|
"disable_correlation": false,
|
||
|
"object_relation": "malware-sample",
|
||
|
"timestamp": "1607930766",
|
||
|
"to_ids": true,
|
||
|
"type": "malware-sample",
|
||
|
"uuid": "7c426b57-0c0d-4708-8f48-e443169ee9b3",
|
||
|
"value": "32519b85c0b422e4656de6e6c41878e95fd95026267daab4215ee59c107d6c77|b91ce2fa41029f6955bff20079468448"
|
||
|
},
|
||
|
{
|
||
|
"category": "Artifacts dropped",
|
||
|
"comment": "",
|
||
|
"deleted": false,
|
||
|
"disable_correlation": true,
|
||
|
"object_relation": "mimetype",
|
||
|
"timestamp": "1607930766",
|
||
|
"to_ids": false,
|
||
|
"type": "mime-type",
|
||
|
"uuid": "726f79e9-cfb0-4d70-8a68-8652f61b831c",
|
||
|
"value": "PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows"
|
||
|
},
|
||
|
{
|
||
|
"category": "Payload delivery",
|
||
|
"comment": "",
|
||
|
"deleted": false,
|
||
|
"disable_correlation": false,
|
||
|
"object_relation": "ssdeep",
|
||
|
"timestamp": "1607930766",
|
||
|
"to_ids": true,
|
||
|
"type": "ssdeep",
|
||
|
"uuid": "9d2baea6-2ba8-43e5-8823-8b09cb88061e",
|
||
|
"value": "12288:Zx7m/z9aEBzvnvLtYAi6uLlYQ69BBpIvF1tjpH7BKi+0A8vca9owQ:6aEBTvRBi6uL6dIvDtjpH9+0A8vca9oD"
|
||
|
}
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"comment": "",
|
||
|
"deleted": false,
|
||
|
"description": "Object describing a section of a Portable Executable",
|
||
|
"meta-category": "file",
|
||
|
"name": "pe-section",
|
||
|
"template_uuid": "198a17d2-a135-4b25-9a32-5aa4e632014a",
|
||
|
"template_version": "3",
|
||
|
"timestamp": "1607930794",
|
||
|
"uuid": "4d9cc854-ade5-46a5-8df0-02ef90e5b8ea",
|
||
|
"Attribute": [
|
||
|
{
|
||
|
"category": "Other",
|
||
|
"comment": "",
|
||
|
"deleted": false,
|
||
|
"disable_correlation": true,
|
||
|
"object_relation": "name",
|
||
|
"timestamp": "1607930794",
|
||
|
"to_ids": false,
|
||
|
"type": "text",
|
||
|
"uuid": "59321a91-8be0-463c-8c4b-0858a31ccceb",
|
||
|
"value": ".text"
|
||
|
},
|
||
|
{
|
||
|
"category": "Other",
|
||
|
"comment": "",
|
||
|
"deleted": false,
|
||
|
"disable_correlation": true,
|
||
|
"object_relation": "size-in-bytes",
|
||
|
"timestamp": "1607930794",
|
||
|
"to_ids": false,
|
||
|
"type": "size-in-bytes",
|
||
|
"uuid": "16b4ce24-d0db-42e9-9112-1f5471f80233",
|
||
|
"value": "5632"
|
||
|
},
|
||
|
{
|
||
|
"category": "Other",
|
||
|
"comment": "",
|
||
|
"deleted": false,
|
||
|
"disable_correlation": true,
|
||
|
"object_relation": "entropy",
|
||
|
"timestamp": "1607930794",
|
||
|
"to_ids": false,
|
||
|
"type": "float",
|
||
|
"uuid": "63a2a64d-9cc6-492d-a520-3323c1932e8c",
|
||
|
"value": "5.4919156876928"
|
||
|
},
|
||
|
{
|
||
|
"category": "Payload delivery",
|
||
|
"comment": "",
|
||
|
"deleted": false,
|
||
|
"disable_correlation": false,
|
||
|
"object_relation": "md5",
|
||
|
"timestamp": "1607930794",
|
||
|
"to_ids": true,
|
||
|
"type": "md5",
|
||
|
"uuid": "18a1477a-f748-4345-b710-5d7db45d0264",
|
||
|
"value": "2109d02a31c7032f2bcabdf436b6726e"
|
||
|
},
|
||
|
{
|
||
|
"category": "Payload delivery",
|
||
|
"comment": "",
|
||
|
"deleted": false,
|
||
|
"disable_correlation": false,
|
||
|
"object_relation": "sha1",
|
||
|
"timestamp": "1607930794",
|
||
|
"to_ids": true,
|
||
|
"type": "sha1",
|
||
|
"uuid": "fc59ff35-78b1-4657-929c-75d4eeb12e89",
|
||
|
"value": "84d90343ae39a961e9e0f92127333b9cc9d62d33"
|
||
|
},
|
||
|
{
|
||
|
"category": "Payload delivery",
|
||
|
"comment": "",
|
||
|
"deleted": false,
|
||
|
"disable_correlation": false,
|
||
|
"object_relation": "sha256",
|
||
|
"timestamp": "1607930794",
|
||
|
"to_ids": true,
|
||
|
"type": "sha256",
|
||
|
"uuid": "124bb2fe-683d-4a43-b575-c4434ec79a62",
|
||
|
"value": "f04e002613102c556260dc57c5accb5db70b427a9c2fdd6f51419ff53499f173"
|
||
|
},
|
||
|
{
|
||
|
"category": "Payload delivery",
|
||
|
"comment": "",
|
||
|
"deleted": false,
|
||
|
"disable_correlation": false,
|
||
|
"object_relation": "sha512",
|
||
|
"timestamp": "1607930794",
|
||
|
"to_ids": true,
|
||
|
"type": "sha512",
|
||
|
"uuid": "02786a92-5495-44ac-a649-5da6a862d2fb",
|
||
|
"value": "3c343696c837d1efc28ae4a688b863c4dff41e3b80047cd2ec6c9d571a3f677f8c750a5dabc7530c56d04749e0972d4d13403f05d10635a69ac82707bc984f8d"
|
||
|
},
|
||
|
{
|
||
|
"category": "Payload delivery",
|
||
|
"comment": "",
|
||
|
"deleted": false,
|
||
|
"disable_correlation": false,
|
||
|
"object_relation": "ssdeep",
|
||
|
"timestamp": "1607930794",
|
||
|
"to_ids": true,
|
||
|
"type": "ssdeep",
|
||
|
"uuid": "0862c629-49c0-4f9f-a35c-c3c6fd8b1de0",
|
||
|
"value": "96:DKQSUZZa5aE8ibv1c8M1UBDawAjNXe+U8w15Gl+5DDGTBNF82gx:vqRzbt0GBDawA5uT8wSlyDDGTBNFS"
|
||
|
}
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"comment": "",
|
||
|
"deleted": false,
|
||
|
"description": "Object describing a section of a Portable Executable",
|
||
|
"meta-category": "file",
|
||
|
"name": "pe-section",
|
||
|
"template_uuid": "198a17d2-a135-4b25-9a32-5aa4e632014a",
|
||
|
"template_version": "3",
|
||
|
"timestamp": "1607930794",
|
||
|
"uuid": "3592e786-423d-4e1f-abad-4e12fe86fc0b",
|
||
|
"Attribute": [
|
||
|
{
|
||
|
"category": "Other",
|
||
|
"comment": "",
|
||
|
"deleted": false,
|
||
|
"disable_correlation": true,
|
||
|
"object_relation": "name",
|
||
|
"timestamp": "1607930794",
|
||
|
"to_ids": false,
|
||
|
"type": "text",
|
||
|
"uuid": "f8437a8e-85f2-46e1-9efe-9b963a4dab48",
|
||
|
"value": ".rsrc"
|
||
|
},
|
||
|
{
|
||
|
"category": "Other",
|
||
|
"comment": "",
|
||
|
"deleted": false,
|
||
|
"disable_correlation": true,
|
||
|
"object_relation": "size-in-bytes",
|
||
|
"timestamp": "1607930794",
|
||
|
"to_ids": false,
|
||
|
"type": "size-in-bytes",
|
||
|
"uuid": "fdef9cef-a5d5-45b9-bfb9-9519a149aa1b",
|
||
|
"value": "1024"
|
||
|
},
|
||
|
{
|
||
|
"category": "Other",
|
||
|
"comment": "",
|
||
|
"deleted": false,
|
||
|
"disable_correlation": true,
|
||
|
"object_relation": "entropy",
|
||
|
"timestamp": "1607930794",
|
||
|
"to_ids": false,
|
||
|
"type": "float",
|
||
|
"uuid": "86dc1631-47cd-481e-a3f3-613495d21ad9",
|
||
|
"value": "3.1419883961028"
|
||
|
},
|
||
|
{
|
||
|
"category": "Payload delivery",
|
||
|
"comment": "",
|
||
|
"deleted": false,
|
||
|
"disable_correlation": false,
|
||
|
"object_relation": "md5",
|
||
|
"timestamp": "1607930794",
|
||
|
"to_ids": true,
|
||
|
"type": "md5",
|
||
|
"uuid": "c64cb507-ebda-493c-8916-c3e7eaa0a018",
|
||
|
"value": "27193464e3effc6950cde66a4ad4757a"
|
||
|
},
|
||
|
{
|
||
|
"category": "Payload delivery",
|
||
|
"comment": "",
|
||
|
"deleted": false,
|
||
|
"disable_correlation": false,
|
||
|
"object_relation": "sha1",
|
||
|
"timestamp": "1607930794",
|
||
|
"to_ids": true,
|
||
|
"type": "sha1",
|
||
|
"uuid": "cc506e30-2538-454a-8edb-e9fbd9cdbb3d",
|
||
|
"value": "01d5d5696eadc1963ccbbf7ff2f79ba482ed17e1"
|
||
|
},
|
||
|
{
|
||
|
"category": "Payload delivery",
|
||
|
"comment": "",
|
||
|
"deleted": false,
|
||
|
"disable_correlation": false,
|
||
|
"object_relation": "sha256",
|
||
|
"timestamp": "1607930794",
|
||
|
"to_ids": true,
|
||
|
"type": "sha256",
|
||
|
"uuid": "67458d35-fd49-4cdd-bf7d-ec097283e63f",
|
||
|
"value": "a4c3bc5b8ba65bfff823212b5f2d76f618cbb12fd1e17db85ed1bbff35783336"
|
||
|
},
|
||
|
{
|
||
|
"category": "Payload delivery",
|
||
|
"comment": "",
|
||
|
"deleted": false,
|
||
|
"disable_correlation": false,
|
||
|
"object_relation": "sha512",
|
||
|
"timestamp": "1607930794",
|
||
|
"to_ids": true,
|
||
|
"type": "sha512",
|
||
|
"uuid": "3fad7cd3-b92b-47f4-a0f4-3e9686974db2",
|
||
|
"value": "394e55d211fd73d6d5a5aaabeeb6f0330cd6b6fba40a07bcdd789976097875da6d130ba8308478a1991d0217f0b22b0159f07232e7119dc36367784b176ae1e7"
|
||
|
},
|
||
|
{
|
||
|
"category": "Payload delivery",
|
||
|
"comment": "",
|
||
|
"deleted": false,
|
||
|
"disable_correlation": false,
|
||
|
"object_relation": "ssdeep",
|
||
|
"timestamp": "1607930794",
|
||
|
"to_ids": true,
|
||
|
"type": "ssdeep",
|
||
|
"uuid": "4a101441-e6f4-49e4-813f-4974a1a74256",
|
||
|
"value": "12:Essi3ntuAHeswYAB19aUGiqMZAiN5Eryi1qD41hPvYnqqf1qD41hoPN5Dlq5J:lIfs1FuZhNu8+PWN8+oPNnqX"
|
||
|
}
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"comment": "",
|
||
|
"deleted": false,
|
||
|
"description": "Object describing a section of a Portable Executable",
|
||
|
"meta-category": "file",
|
||
|
"name": "pe-section",
|
||
|
"template_uuid": "198a17d2-a135-4b25-9a32-5aa4e632014a",
|
||
|
"template_version": "3",
|
||
|
"timestamp": "1607930794",
|
||
|
"uuid": "55c48bc2-d156-453e-a905-2649d1b0ee23",
|
||
|
"Attribute": [
|
||
|
{
|
||
|
"category": "Other",
|
||
|
"comment": "",
|
||
|
"deleted": false,
|
||
|
"disable_correlation": true,
|
||
|
"object_relation": "name",
|
||
|
"timestamp": "1607930794",
|
||
|
"to_ids": false,
|
||
|
"type": "text",
|
||
|
"uuid": "427da0f8-d176-43b1-8b9e-197200c3c350",
|
||
|
"value": ".reloc"
|
||
|
},
|
||
|
{
|
||
|
"category": "Other",
|
||
|
"comment": "",
|
||
|
"deleted": false,
|
||
|
"disable_correlation": true,
|
||
|
"object_relation": "size-in-bytes",
|
||
|
"timestamp": "1607930794",
|
||
|
"to_ids": false,
|
||
|
"type": "size-in-bytes",
|
||
|
"uuid": "fe6116b4-5c3c-4144-b635-95f1bc421050",
|
||
|
"value": "512"
|
||
|
},
|
||
|
{
|
||
|
"category": "Other",
|
||
|
"comment": "",
|
||
|
"deleted": false,
|
||
|
"disable_correlation": true,
|
||
|
"object_relation": "entropy",
|
||
|
"timestamp": "1607930794",
|
||
|
"to_ids": false,
|
||
|
"type": "float",
|
||
|
"uuid": "7046efd1-7f31-48cf-a710-a67fc3c075eb",
|
||
|
"value": "1.5849625007212"
|
||
|
},
|
||
|
{
|
||
|
"category": "Payload delivery",
|
||
|
"comment": "",
|
||
|
"deleted": false,
|
||
|
"disable_correlation": false,
|
||
|
"object_relation": "md5",
|
||
|
"timestamp": "1607930794",
|
||
|
"to_ids": true,
|
||
|
"type": "md5",
|
||
|
"uuid": "a08999b6-9f47-42e6-9f33-2849a4938cd6",
|
||
|
"value": "6a8e92fdd78e813e24abd0a0932052b9"
|
||
|
},
|
||
|
{
|
||
|
"category": "Payload delivery",
|
||
|
"comment": "",
|
||
|
"deleted": false,
|
||
|
"disable_correlation": false,
|
||
|
"object_relation": "sha1",
|
||
|
"timestamp": "1607930794",
|
||
|
"to_ids": true,
|
||
|
"type": "sha1",
|
||
|
"uuid": "ad03d9a1-a5db-4200-8089-561c966d2752",
|
||
|
"value": "76e3423312516772e053f5d1861163dd27e99a8c"
|
||
|
},
|
||
|
{
|
||
|
"category": "Payload delivery",
|
||
|
"comment": "",
|
||
|
"deleted": false,
|
||
|
"disable_correlation": false,
|
||
|
"object_relation": "sha256",
|
||
|
"timestamp": "1607930794",
|
||
|
"to_ids": true,
|
||
|
"type": "sha256",
|
||
|
"uuid": "8282e5c0-3497-4c78-94c1-010fa4ef19fa",
|
||
|
"value": "f81e587fb1c7b55c7daeeee2bca68e619df3c815b316e439ef006fd91894aa09"
|
||
|
},
|
||
|
{
|
||
|
"category": "Payload delivery",
|
||
|
"comment": "",
|
||
|
"deleted": false,
|
||
|
"disable_correlation": false,
|
||
|
"object_relation": "sha512",
|
||
|
"timestamp": "1607930794",
|
||
|
"to_ids": true,
|
||
|
"type": "sha512",
|
||
|
"uuid": "e320b313-ce86-4f90-9505-f6c68a4451f0",
|
||
|
"value": "e91dae684ce94faddd8a4b69d745524f15494f22a55b87d4ef1dd5fa3b78e017a911d55148819ca2736e4c500742f82584dbb6cb9aa3a0b61fadf91a56b0dc3c"
|
||
|
},
|
||
|
{
|
||
|
"category": "Payload delivery",
|
||
|
"comment": "",
|
||
|
"deleted": false,
|
||
|
"disable_correlation": false,
|
||
|
"object_relation": "ssdeep",
|
||
|
"timestamp": "1607930794",
|
||
|
"to_ids": true,
|
||
|
"type": "ssdeep",
|
||
|
"uuid": "bb2ea448-e454-4a70-a121-4086742cfd5f",
|
||
|
"value": "3:n:n"
|
||
|
}
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"comment": "",
|
||
|
"deleted": false,
|
||
|
"description": "Object describing a Portable Executable",
|
||
|
"meta-category": "file",
|
||
|
"name": "pe",
|
||
|
"template_uuid": "cf7adecc-d4f0-4e88-9d90-f978ee151a07",
|
||
|
"template_version": "5",
|
||
|
"timestamp": "1607930795",
|
||
|
"uuid": "77c4c4d6-1725-4aa9-a5e3-ebdeb89500de",
|
||
|
"ObjectReference": [
|
||
|
{
|
||
|
"comment": "Section 0 of PE",
|
||
|
"object_uuid": "77c4c4d6-1725-4aa9-a5e3-ebdeb89500de",
|
||
|
"referenced_uuid": "4d9cc854-ade5-46a5-8df0-02ef90e5b8ea",
|
||
|
"relationship_type": "includes",
|
||
|
"timestamp": "0",
|
||
|
"uuid": "41d3a5f2-3e64-4e93-b276-e472e7dcd52c"
|
||
|
},
|
||
|
{
|
||
|
"comment": "Section 1 of PE",
|
||
|
"object_uuid": "77c4c4d6-1725-4aa9-a5e3-ebdeb89500de",
|
||
|
"referenced_uuid": "3592e786-423d-4e1f-abad-4e12fe86fc0b",
|
||
|
"relationship_type": "includes",
|
||
|
"timestamp": "0",
|
||
|
"uuid": "72f210fb-8f83-4d80-90db-610a5c279e88"
|
||
|
},
|
||
|
{
|
||
|
"comment": "Section 2 of PE",
|
||
|
"object_uuid": "77c4c4d6-1725-4aa9-a5e3-ebdeb89500de",
|
||
|
"referenced_uuid": "55c48bc2-d156-453e-a905-2649d1b0ee23",
|
||
|
"relationship_type": "includes",
|
||
|
"timestamp": "0",
|
||
|
"uuid": "bd30389c-d1e3-4d63-acc0-0df3350c48fb"
|
||
|
}
|
||
|
],
|
||
|
"Attribute": [
|
||
|
{
|
||
|
"category": "Other",
|
||
|
"comment": "",
|
||
|
"deleted": false,
|
||
|
"disable_correlation": true,
|
||
|
"object_relation": "type",
|
||
|
"timestamp": "1607930794",
|
||
|
"to_ids": false,
|
||
|
"type": "text",
|
||
|
"uuid": "6b0e3dad-9dab-4349-8dbb-69a865ece8c0",
|
||
|
"value": "dll"
|
||
|
},
|
||
|
{
|
||
|
"category": "Other",
|
||
|
"comment": "",
|
||
|
"deleted": false,
|
||
|
"disable_correlation": true,
|
||
|
"object_relation": "entrypoint-address",
|
||
|
"timestamp": "1607930794",
|
||
|
"to_ids": false,
|
||
|
"type": "text",
|
||
|
"uuid": "50bfe0d0-98ce-483a-921b-a8c844a1d758",
|
||
|
"value": "268448958"
|
||
|
},
|
||
|
{
|
||
|
"category": "Other",
|
||
|
"comment": "",
|
||
|
"deleted": false,
|
||
|
"disable_correlation": false,
|
||
|
"object_relation": "compilation-timestamp",
|
||
|
"timestamp": "1607930794",
|
||
|
"to_ids": false,
|
||
|
"type": "datetime",
|
||
|
"uuid": "5c660c80-b206-4aa5-97d5-fc1eb1d43b12",
|
||
|
"value": "2020-03-24T09:16:10+00:00"
|
||
|
},
|
||
|
{
|
||
|
"category": "Payload delivery",
|
||
|
"comment": "",
|
||
|
"deleted": false,
|
||
|
"disable_correlation": true,
|
||
|
"object_relation": "original-filename",
|
||
|
"timestamp": "1607930794",
|
||
|
"to_ids": true,
|
||
|
"type": "filename",
|
||
|
"uuid": "33633f3a-7a65-4d0d-81e2-f05d030da5c6",
|
||
|
"value": "App_Web_logoimagehandler.ashx.b6031896.dll"
|
||
|
},
|
||
|
{
|
||
|
"category": "Payload delivery",
|
||
|
"comment": "",
|
||
|
"deleted": false,
|
||
|
"disable_correlation": true,
|
||
|
"object_relation": "internal-filename",
|
||
|
"timestamp": "1607930794",
|
||
|
"to_ids": true,
|
||
|
"type": "filename",
|
||
|
"uuid": "216d3344-bd65-4ba4-a4b9-78ea53f8c3a6",
|
||
|
"value": "App_Web_logoimagehandler.ashx.b6031896.dll"
|
||
|
},
|
||
|
{
|
||
|
"category": "Other",
|
||
|
"comment": "",
|
||
|
"deleted": false,
|
||
|
"disable_correlation": true,
|
||
|
"object_relation": "file-version",
|
||
|
"timestamp": "1607930794",
|
||
|
"to_ids": false,
|
||
|
"type": "text",
|
||
|
"uuid": "9ba03fa4-257e-4e28-8e90-845489a775c9",
|
||
|
"value": "0.0.0.0"
|
||
|
},
|
||
|
{
|
||
|
"category": "Other",
|
||
|
"comment": "",
|
||
|
"deleted": false,
|
||
|
"disable_correlation": true,
|
||
|
"object_relation": "lang-id",
|
||
|
"timestamp": "1607930794",
|
||
|
"to_ids": false,
|
||
|
"type": "text",
|
||
|
"uuid": "0df9ea48-053d-49d5-b4bd-0d93926ed238",
|
||
|
"value": "000004b0"
|
||
|
},
|
||
|
{
|
||
|
"category": "Other",
|
||
|
"comment": "",
|
||
|
"deleted": false,
|
||
|
"disable_correlation": true,
|
||
|
"object_relation": "product-version",
|
||
|
"timestamp": "1607930794",
|
||
|
"to_ids": false,
|
||
|
"type": "text",
|
||
|
"uuid": "41e7a839-a769-434e-9719-c4eb0cfd1c9e",
|
||
|
"value": "0.0.0.0"
|
||
|
},
|
||
|
{
|
||
|
"category": "Other",
|
||
|
"comment": "",
|
||
|
"deleted": false,
|
||
|
"disable_correlation": true,
|
||
|
"object_relation": "number-sections",
|
||
|
"timestamp": "1607930794",
|
||
|
"to_ids": false,
|
||
|
"type": "counter",
|
||
|
"uuid": "96fd3132-fa70-477f-b734-14714f9f77df",
|
||
|
"value": "3"
|
||
|
}
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"comment": "",
|
||
|
"deleted": false,
|
||
|
"description": "File object describing a file with meta-information",
|
||
|
"meta-category": "file",
|
||
|
"name": "file",
|
||
|
"template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215",
|
||
|
"template_version": "20",
|
||
|
"timestamp": "1607931286",
|
||
|
"uuid": "d47e29ef-e08c-498c-a5c9-779a6a2b79f4",
|
||
|
"ObjectReference": [
|
||
|
{
|
||
|
"comment": "PE indicators",
|
||
|
"object_uuid": "d47e29ef-e08c-498c-a5c9-779a6a2b79f4",
|
||
|
"referenced_uuid": "77c4c4d6-1725-4aa9-a5e3-ebdeb89500de",
|
||
|
"relationship_type": "includes",
|
||
|
"timestamp": "0",
|
||
|
"uuid": "6ad17718-e683-4e99-850d-ec7b85e86164"
|
||
|
},
|
||
|
{
|
||
|
"comment": "",
|
||
|
"object_uuid": "d47e29ef-e08c-498c-a5c9-779a6a2b79f4",
|
||
|
"referenced_uuid": "a496eaac-08a1-4a65-b489-96cdb0868312",
|
||
|
"relationship_type": "analysed-with",
|
||
|
"timestamp": "0",
|
||
|
"uuid": "00cee022-6d31-4649-8ac5-05a4f9b219f2"
|
||
|
}
|
||
|
],
|
||
|
"Attribute": [
|
||
|
{
|
||
|
"category": "Payload delivery",
|
||
|
"comment": "",
|
||
|
"deleted": false,
|
||
|
"disable_correlation": true,
|
||
|
"object_relation": "filename",
|
||
|
"timestamp": "1607930794",
|
||
|
"to_ids": true,
|
||
|
"type": "filename",
|
||
|
"uuid": "52c8dee1-daea-444d-99a1-3a928f37aa9b",
|
||
|
"value": "c15abaf51e78ca56c0376522d699c978217bf041a3bd3c71d09193efa5717c71"
|
||
|
},
|
||
|
{
|
||
|
"category": "Other",
|
||
|
"comment": "",
|
||
|
"deleted": false,
|
||
|
"disable_correlation": true,
|
||
|
"object_relation": "size-in-bytes",
|
||
|
"timestamp": "1607930794",
|
||
|
"to_ids": false,
|
||
|
"type": "size-in-bytes",
|
||
|
"uuid": "efb3407a-91dd-4c6a-a1d0-db9b1fe20e91",
|
||
|
"value": "7680"
|
||
|
},
|
||
|
{
|
||
|
"category": "Other",
|
||
|
"comment": "",
|
||
|
"deleted": false,
|
||
|
"disable_correlation": true,
|
||
|
"object_relation": "entropy",
|
||
|
"timestamp": "1607930794",
|
||
|
"to_ids": false,
|
||
|
"type": "float",
|
||
|
"uuid": "31d75874-a40a-47a2-9751-9773c888c66f",
|
||
|
"value": "4.6224498216263"
|
||
|
},
|
||
|
{
|
||
|
"category": "Payload delivery",
|
||
|
"comment": "",
|
||
|
"deleted": false,
|
||
|
"disable_correlation": false,
|
||
|
"object_relation": "md5",
|
||
|
"timestamp": "1607930794",
|
||
|
"to_ids": true,
|
||
|
"type": "md5",
|
||
|
"uuid": "c86b2e0c-0132-4f8c-b899-517fcb62afa1",
|
||
|
"value": "56ceb6d0011d87b6e4d7023d7ef85676"
|
||
|
},
|
||
|
{
|
||
|
"category": "Payload delivery",
|
||
|
"comment": "",
|
||
|
"deleted": false,
|
||
|
"disable_correlation": false,
|
||
|
"object_relation": "sha1",
|
||
|
"timestamp": "1607930794",
|
||
|
"to_ids": true,
|
||
|
"type": "sha1",
|
||
|
"uuid": "85e87fca-e860-4948-a972-5a632cdf8627",
|
||
|
"value": "75af292f34789a1c782ea36c7127bf6106f595e8"
|
||
|
},
|
||
|
{
|
||
|
"category": "Payload delivery",
|
||
|
"comment": "",
|
||
|
"deleted": false,
|
||
|
"disable_correlation": false,
|
||
|
"object_relation": "sha256",
|
||
|
"timestamp": "1607930795",
|
||
|
"to_ids": true,
|
||
|
"type": "sha256",
|
||
|
"uuid": "6ccff341-9862-41e9-beb8-a69732db0514",
|
||
|
"value": "c15abaf51e78ca56c0376522d699c978217bf041a3bd3c71d09193efa5717c71"
|
||
|
},
|
||
|
{
|
||
|
"category": "Payload delivery",
|
||
|
"comment": "",
|
||
|
"deleted": false,
|
||
|
"disable_correlation": false,
|
||
|
"object_relation": "sha512",
|
||
|
"timestamp": "1607930795",
|
||
|
"to_ids": true,
|
||
|
"type": "sha512",
|
||
|
"uuid": "2a6f5518-fd8a-45b8-9a3c-0e443aaea535",
|
||
|
"value": "f7eac6ab99fe45ca46417cdca36ba27560d5f8a2f37f378ba97636662595d55fa34f749716971aa96a862e37e0199eb6cb905636e6ab0123cfa089adba450629"
|
||
|
},
|
||
|
{
|
||
|
"category": "Payload delivery",
|
||
|
"comment": "",
|
||
|
"data": "UEsDBBQACQAIAFI7jlFASn3muw0AAAAeAAAgABwANTZjZWI2ZDAwMTFkODdiNmU0ZDcwMjNkN2VmODU2NzZVVAkAA6sT11+rE9dfdXgLAAEEIQAAAAQhAAAAAwASDPiOMLiEA50QsMqUcV+4i6QmiXpDMpeQq//ulcHIyOrETaN2WUcwieOvxAkiA+ERw1cl3sEJ9WJX21jv7t+jC0nQ2Rd2Cq3j6dbvFqtm0/mJ9qZHEr7HsuJhaWpVsjF46FkIOPj1gbk+kKbCJEPDircB1Xo8MUBW7IrOKutXGdKeZ1urjy9rzHhsb7kJJ8xwiA1t0Gs9emb4jflJmzW0fpAJ3E1iVTp+cj/cus0SvJ/Fam3PZp7TP8zNoWvTm049bjGgam6P8mN59CHDUDqMZeULW/c7K3zTePKntjGpSHnfQRx5bTmJh22trnRA7hdcsj00ucvMnGUG4yIV+mYkBmOBXUuU2+tSbOQWNlXeb8Z7E3nEepfT/rVs6GW2+iYEzkhY8YvKEpq8z6dTojgBXNv3AYFen2TKfcCO9t9sS4/yVqaH5zcNbfmWHL9DOCzYUYi0lLp59t46lXjTophEDvDAOjwoWpA0tYSLB3vNozmFFCyd/lbw0iCagaYDTae5GODyKNWzK0zHlTBXJBwQakG1QAtWLjmsvclTyUFjNrrMWsGE5e0Ggf+tUsGrsNWiI0alJYl7hT4MzNDrnCnHifkZtfd3wBjUQORIBrhqOHvJTX2fYDjNrVRzJVnYMebZ4z7/PgqVBuRf/XDbG8YLiqQrMj/4cbswWDYdf+ooqZSrlXq8MiVUzqYm4a0pt2uYth/L3t3SkwfTTQ0zT8IuwarkRFuE8ev5/3HzycH9kYSs6iHfLa+xPVMjVWed8miA+mXuVWGslEjhQ8s7mx5gOTvKFKcRG1TiuszMFOG14qIr8O6eZjwqNbdX4wUSNiNeI9B2T6TRW/vld3pvQ5nDOR2K3pQAIM20p2Fbi3qz9xfXEoiMcUy504k6c5U2QlovRVijaKztgySN6nWKL6JSa8ALJrTv90lbB1ZngONk/z4KH/0gtywHTqfLsTTsPjvZ+SMI3D38zJNsTp3nEcsDrUufTo9KL7/BbR7CTCW1RLIXrmhyYx8Ahc+ZyrvDqJwgK0zNpEnPjsaJsWuiwt9h22uAzaxEO3SaoKnEi8D1Sd74T9s13p+HadNhVJcgApgR6ab9EpUONm7fHpziFz4mNEQ49P6sBS5en3wFguZwSz5i+GsJmLUiEaX1eHZ0FsiXg7w3xgwzR7+TjU7aEiCYiYaRRJKlI3tweTbZCdwyOeatISj3hmKMbUHbcsRNPub1vJODhWRt+roYdkNDZv4S/KBeDiYB2yCG34fnXCQn393jKW3RolwrK3aDHi3jdGoorcUJV9WeuYn7HLKizjmcSHwNJiE/WglbIwiu1B78Ok5iNT32mjf4YdMS5R5PVbVu6wVssi0BoED0J+dfVuSSsTXolkBTLi7oFjYnNRY82TlQMj+TNXkq0PMKjGfI85JIWgY/pgD9gJRbthpyIi4LpwWyWJgZLvL70tuL1koaGeYv+BlK53MukYxgj7PpFbSJVjrhOKFoGcm8j2Q4u8O3rj5ZovTrYuxoD222ABPF5rYVErptYmeyl/dFuM/4sCvD7h1CJnQwQZpTjeJvt6yXw4Ib/14K8DNKyJChWbymxVYWi4U4wXpGVMGCvUw4Vfus3Cp2ht/7lTySiZJ0hbFw6UDSVRij9xU1wgAHG67R0anWj/2Co4mvXAlCxoKCqbFHr1eYXv00FjN5DQ4iKdlbL1SYzr3Gzc38BJVvVhoSmH9bSGnOKKGLq1Jv/SDcQdlvPZ8aMJ85TU57wFG+oMHCCRINxRYf6CXwh/qdD0wWeAIKvUDkjRo46QOsEiOF4Z4CnZhadK3QZdEYHsn6k9eFqZ+Iy1+4QYBJK3o24Ta9gKaehEEK41SFqyk45Y8ItIxNidEBFZX0wNl2aj51l4CCUjeSDdm/TAqj2laAqWICrDoueHLxnvTrET+LLfrBdHIjAu08wT6UjHVkZf5BwigKQNSVReD+xDDBa0ztA5KfHI3+XFhe+3xzqiu7clB6OjPdU5TTipO6cx5T2sYyo3ff5EkkivB3VLrLH6TOcRVcOoupd6MUhyAXaR0FkTY4K7Fs0VfxTB0/17Y4D4Nd8RblGNjtFRXRV8p65SVTI1DJn9OvAqZ4z+GpMkEEw93ODs+v7opX1JooGtw40QlkioJTCDpMGRvsWUrZlM/xQmoitkz4ZoemylM2HlrfOXImX83UjhR3rbbEHEHO0SZE8wo3eRRUTHreLtiKzbrGHwFXsF6R6gEmuhrFxjPgszXSrarEzbjCnuZUBqhWhifIj2G4XmBzO8cmSrgqnyzMrS2kVqo6j8UyOTqnkVXQguyl372+CvQKmZhhZh/WghFF430jhP6UJMR6KnBGrXtXd3kf1UKEEwE203gdmfqdzTrMQ5YnjkuUj3l6qhL+sgQnFbRzTYnT5X5x7mbotXgXbElHPLnBiTcKQkDE9GcJq1w+E+Zk2gOpp/hevW8CFWI9A9NjMXG9WqeKdZ7LfBhQlY2QRUMffAYvi46cE0/xT+1Vi69GVDdWPmCI2ALQwzLYOfkinT7VQgoMB73ebzROpqFLNxCFJV3M8fMCJUtirn7J+xXKy6U6GZGJOan0y7mkjm+KD+bgezTnAK5p8wuBM1jWob3PzcnA6y8M/J6umlEodUegOo7dfBR8ue392t+KB4nbjVayUKt8x5oQeQUvfwAU24YFxfL8NlNm3lMxyX4Ta6DV7jmOEWmFc7zsQVWeNLcehRL1J3jBX76FnvclIcbvkDemxCuQtkvStHgQMNVwYz+ijlLAR/SwehGrt6wRkzcrXFk55FE4+IQNHMnD8mvCaFbnAi/madMn0HtrzEpGsLCpKL0WnsOa6ZBh+wu4+Sobkg7XFxpHiMMAF5Drgwx6HDcQocktQw40EZnnB3hxdegRj4zxnRXkatLCKjLvBChgb2HqWqNRSPlM36fLNpk/eSzQ1FIEOKf+2De4r4qtvXzowLqQBXRhySQU4eXQzftX3HnbImEZU/sPp3nzxhGP1z80uDhbK004fuDpHM/p2IcwSRQZmLiAHTABaBm14BxWNTURhTAQZLZ+/rF7eHcXt+0gb0rwxt5oMCX1aij18bffixWITPk1r265qygWxqIzcbuIooIj0SwE0JuT59MIaOlWi4n4qopO31DfrpI8zoifUEnqNfYRlbGFXb10MbETJI2c1URt8pxAuQy84EN1sagwZ6qMOBzd7ZR/13SIIjkmNzK69IvxkDLdsdxUjfuxh+OhjvnIOJIgMthiqGNHd1u4OTQZO78jQqVyn7vuTmHE9ejvPJ+y6wHKReizIC0onDFOz0xetYXk/EEJHlxSL2Y2p9rLtLnW/Gf+dmz9+dn63Y+LcbFMx4hQBuVZrSxBvx2T20QMFv+MrDf15hJFDBcuE9thfqe5sKKpFAjwwAWkRnMXNQ0qnG06Ei0xJ7Kr/4e8VPMevEWbgSa219FChguzwZenf/l6glVTCfATEcRi1pzX+S96yb2mlzdZboCzSjG6YnZHOqJnFtdmezuJjVKzuW45TMrrQ3gDUbI+b0YJ4Jh5u3Vqzc0BEZN9yK+n8AY0i69/4W20+NVbOp65T6NEX2ZxIzUBVYzK5mBHsDFoILQK26meX2BX7GKvfkw4xjVggM/wF62w87+aWmqTmXXOfq7WPv5ZTbMUlNLD6OZ/ac7mFKVHdKsJPoWKeELWJppHcZ5NuI4YmMTFbIy2UmSirhzyLMkupf4sR9cu+EqQrDFJ3rIDevjyeaBVDvuunFEHrXZ5NnUpwqoCcoExqzWL3ex+98Bo0bp7p8zwF8cqZYTtIFma9/7p/aVrP+3u6xfP9/tX7jj5js/lySx5aT/MteJzvHEeyoG9BRXrgS+xF1Vh3OaEIBa2LtR3zEJIBx3XHXiw0C0QnQIWg4nVom2g81wMxm+2mQ6jLVyrh/MAI3ot93W/oxC9CXeX/10Rz2jyyXi256Te5CLq71i6RCTKif
|
||
|
"deleted": false,
|
||
|
"disable_correlation": false,
|
||
|
"object_relation": "malware-sample",
|
||
|
"timestamp": "1607930795",
|
||
|
"to_ids": true,
|
||
|
"type": "malware-sample",
|
||
|
"uuid": "4c5766a7-8ddf-45f5-8cd8-7ff94c0fbab7",
|
||
|
"value": "c15abaf51e78ca56c0376522d699c978217bf041a3bd3c71d09193efa5717c71|56ceb6d0011d87b6e4d7023d7ef85676"
|
||
|
},
|
||
|
{
|
||
|
"category": "Artifacts dropped",
|
||
|
"comment": "",
|
||
|
"deleted": false,
|
||
|
"disable_correlation": true,
|
||
|
"object_relation": "mimetype",
|
||
|
"timestamp": "1607930795",
|
||
|
"to_ids": false,
|
||
|
"type": "mime-type",
|
||
|
"uuid": "8afba19d-ff87-43f1-863b-b4d62375833b",
|
||
|
"value": "PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows"
|
||
|
},
|
||
|
{
|
||
|
"category": "Payload delivery",
|
||
|
"comment": "",
|
||
|
"deleted": false,
|
||
|
"disable_correlation": false,
|
||
|
"object_relation": "ssdeep",
|
||
|
"timestamp": "1607930795",
|
||
|
"to_ids": true,
|
||
|
"type": "ssdeep",
|
||
|
"uuid": "963c5d34-e142-49ec-a747-fcbd0dfd2d3b",
|
||
|
"value": "192:8/SqRzbt0GBDawA5uT8wSlyDDGTBNFkQ:8/SyHKGBDax5uThDD6BNr"
|
||
|
}
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"comment": "",
|
||
|
"deleted": false,
|
||
|
"description": "File object describing a file with meta-information",
|
||
|
"meta-category": "file",
|
||
|
"name": "file",
|
||
|
"template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215",
|
||
|
"template_version": "22",
|
||
|
"timestamp": "1607931286",
|
||
|
"uuid": "a224f9a3-c58e-41e0-9841-460afdd9f409",
|
||
|
"ObjectReference": [
|
||
|
{
|
||
|
"comment": "",
|
||
|
"object_uuid": "a224f9a3-c58e-41e0-9841-460afdd9f409",
|
||
|
"referenced_uuid": "8329451d-10ab-4ecb-9cff-d5de9c33c5f6",
|
||
|
"relationship_type": "analysed-with",
|
||
|
"timestamp": "0",
|
||
|
"uuid": "ab920f06-daac-4070-982f-4874d769fdba"
|
||
|
}
|
||
|
],
|
||
|
"Attribute": [
|
||
|
{
|
||
|
"category": "Payload delivery",
|
||
|
"comment": "",
|
||
|
"deleted": false,
|
||
|
"disable_correlation": false,
|
||
|
"object_relation": "md5",
|
||
|
"timestamp": "1607930546",
|
||
|
"to_ids": true,
|
||
|
"type": "md5",
|
||
|
"uuid": "2d41293d-f60d-465c-be8c-32017b34c723",
|
||
|
"value": "3e329a4c9030b26ba152fb602a1d5893"
|
||
|
},
|
||
|
{
|
||
|
"category": "Payload delivery",
|
||
|
"comment": "",
|
||
|
"deleted": false,
|
||
|
"disable_correlation": false,
|
||
|
"object_relation": "sha1",
|
||
|
"timestamp": "1607930546",
|
||
|
"to_ids": true,
|
||
|
"type": "sha1",
|
||
|
"uuid": "1eed5e80-c7b6-4bcf-a923-0c2b27c9480b",
|
||
|
"value": "ebe711516d0f5cd8126f4d53e375c90b7b95e8f2"
|
||
|
},
|
||
|
{
|
||
|
"category": "Payload delivery",
|
||
|
"comment": "",
|
||
|
"deleted": false,
|
||
|
"disable_correlation": false,
|
||
|
"object_relation": "sha256",
|
||
|
"timestamp": "1607930546",
|
||
|
"to_ids": true,
|
||
|
"type": "sha256",
|
||
|
"uuid": "3fe4cd25-d386-41d7-b29b-c1a8cc4487ce",
|
||
|
"value": "d3c6785e18fba3749fb785bc313cf8346182f532c59172b69adfb31b96a5d0af"
|
||
|
}
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"comment": "",
|
||
|
"deleted": false,
|
||
|
"description": "VirusTotal report",
|
||
|
"meta-category": "misc",
|
||
|
"name": "virustotal-report",
|
||
|
"template_uuid": "d7dd0154-e04f-4c34-a2fb-79f3a3a52aa4",
|
||
|
"template_version": "3",
|
||
|
"timestamp": "1607931286",
|
||
|
"uuid": "8329451d-10ab-4ecb-9cff-d5de9c33c5f6",
|
||
|
"Attribute": [
|
||
|
{
|
||
|
"category": "Other",
|
||
|
"comment": "",
|
||
|
"deleted": false,
|
||
|
"disable_correlation": false,
|
||
|
"object_relation": "last-submission",
|
||
|
"timestamp": "1607930546",
|
||
|
"to_ids": false,
|
||
|
"type": "datetime",
|
||
|
"uuid": "32bebe83-ed53-4890-83a8-c1f30d094049",
|
||
|
"value": "2020-12-14T06:35:21+00:00"
|
||
|
},
|
||
|
{
|
||
|
"category": "Payload delivery",
|
||
|
"comment": "",
|
||
|
"deleted": false,
|
||
|
"disable_correlation": false,
|
||
|
"object_relation": "permalink",
|
||
|
"timestamp": "1607930546",
|
||
|
"to_ids": false,
|
||
|
"type": "link",
|
||
|
"uuid": "b25d78ff-0a83-49c4-97f6-7ce9590835e1",
|
||
|
"value": "https://www.virustotal.com/gui/file/d3c6785e18fba3749fb785bc313cf8346182f532c59172b69adfb31b96a5d0af/detection/f-d3c6785e18fba3749fb785bc313cf8346182f532c59172b69adfb31b96a5d0af-1607927721"
|
||
|
},
|
||
|
{
|
||
|
"category": "Payload delivery",
|
||
|
"comment": "",
|
||
|
"deleted": false,
|
||
|
"disable_correlation": true,
|
||
|
"object_relation": "detection-ratio",
|
||
|
"timestamp": "1607930546",
|
||
|
"to_ids": false,
|
||
|
"type": "text",
|
||
|
"uuid": "6f0be67d-1893-4872-888e-43da04eb4441",
|
||
|
"value": "0/70"
|
||
|
}
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"comment": "",
|
||
|
"deleted": false,
|
||
|
"description": "VirusTotal report",
|
||
|
"meta-category": "misc",
|
||
|
"name": "virustotal-report",
|
||
|
"template_uuid": "d7dd0154-e04f-4c34-a2fb-79f3a3a52aa4",
|
||
|
"template_version": "3",
|
||
|
"timestamp": "1607931286",
|
||
|
"uuid": "aacff3c7-77c9-4c70-ab9c-9cea57951fa5",
|
||
|
"Attribute": [
|
||
|
{
|
||
|
"category": "Other",
|
||
|
"comment": "",
|
||
|
"deleted": false,
|
||
|
"disable_correlation": false,
|
||
|
"object_relation": "last-submission",
|
||
|
"timestamp": "1607930764",
|
||
|
"to_ids": false,
|
||
|
"type": "datetime",
|
||
|
"uuid": "f6bd095c-e876-423c-bd2e-b06a1dc0ec61",
|
||
|
"value": "2020-12-14T06:24:36+00:00"
|
||
|
},
|
||
|
{
|
||
|
"category": "Payload delivery",
|
||
|
"comment": "",
|
||
|
"deleted": false,
|
||
|
"disable_correlation": false,
|
||
|
"object_relation": "permalink",
|
||
|
"timestamp": "1607930764",
|
||
|
"to_ids": false,
|
||
|
"type": "link",
|
||
|
"uuid": "f4faa1e8-50a9-45a6-bd0e-e6aa68c71657",
|
||
|
"value": "https://www.virustotal.com/gui/file/019085a76ba7126fff22770d71bd901c325fc68ac55aa743327984e89f4b0134/detection/f-019085a76ba7126fff22770d71bd901c325fc68ac55aa743327984e89f4b0134-1607927076"
|
||
|
},
|
||
|
{
|
||
|
"category": "Payload delivery",
|
||
|
"comment": "",
|
||
|
"deleted": false,
|
||
|
"disable_correlation": true,
|
||
|
"object_relation": "detection-ratio",
|
||
|
"timestamp": "1607930764",
|
||
|
"to_ids": false,
|
||
|
"type": "text",
|
||
|
"uuid": "fcef6a83-9fda-4149-bd1f-3cb0095da782",
|
||
|
"value": "4/69"
|
||
|
}
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"comment": "",
|
||
|
"deleted": false,
|
||
|
"description": "VirusTotal report",
|
||
|
"meta-category": "misc",
|
||
|
"name": "virustotal-report",
|
||
|
"template_uuid": "d7dd0154-e04f-4c34-a2fb-79f3a3a52aa4",
|
||
|
"template_version": "3",
|
||
|
"timestamp": "1607931286",
|
||
|
"uuid": "a496eaac-08a1-4a65-b489-96cdb0868312",
|
||
|
"Attribute": [
|
||
|
{
|
||
|
"category": "Other",
|
||
|
"comment": "",
|
||
|
"deleted": false,
|
||
|
"disable_correlation": false,
|
||
|
"object_relation": "last-submission",
|
||
|
"timestamp": "1607930795",
|
||
|
"to_ids": false,
|
||
|
"type": "datetime",
|
||
|
"uuid": "def1362d-ac36-4e3f-9364-f262bc26e8c2",
|
||
|
"value": "2020-12-14T06:47:17+00:00"
|
||
|
},
|
||
|
{
|
||
|
"category": "Payload delivery",
|
||
|
"comment": "",
|
||
|
"deleted": false,
|
||
|
"disable_correlation": false,
|
||
|
"object_relation": "permalink",
|
||
|
"timestamp": "1607930795",
|
||
|
"to_ids": false,
|
||
|
"type": "link",
|
||
|
"uuid": "14a0f1d8-d899-4f8d-89a0-a0e1648ec174",
|
||
|
"value": "https://www.virustotal.com/gui/file/c15abaf51e78ca56c0376522d699c978217bf041a3bd3c71d09193efa5717c71/detection/f-c15abaf51e78ca56c0376522d699c978217bf041a3bd3c71d09193efa5717c71-1607928437"
|
||
|
},
|
||
|
{
|
||
|
"category": "Payload delivery",
|
||
|
"comment": "",
|
||
|
"deleted": false,
|
||
|
"disable_correlation": true,
|
||
|
"object_relation": "detection-ratio",
|
||
|
"timestamp": "1607930795",
|
||
|
"to_ids": false,
|
||
|
"type": "text",
|
||
|
"uuid": "33f7e434-f388-47ad-8948-f47392130df7",
|
||
|
"value": "2/69"
|
||
|
}
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"comment": "",
|
||
|
"deleted": false,
|
||
|
"description": "VirusTotal report",
|
||
|
"meta-category": "misc",
|
||
|
"name": "virustotal-report",
|
||
|
"template_uuid": "d7dd0154-e04f-4c34-a2fb-79f3a3a52aa4",
|
||
|
"template_version": "3",
|
||
|
"timestamp": "1607931286",
|
||
|
"uuid": "96ffe3c5-a158-40f6-a5ff-156ac385d32e",
|
||
|
"Attribute": [
|
||
|
{
|
||
|
"category": "Other",
|
||
|
"comment": "",
|
||
|
"deleted": false,
|
||
|
"disable_correlation": false,
|
||
|
"object_relation": "last-submission",
|
||
|
"timestamp": "1607930766",
|
||
|
"to_ids": false,
|
||
|
"type": "datetime",
|
||
|
"uuid": "5c902c4a-bb50-4a28-9c0a-5b7036b66359",
|
||
|
"value": "2020-12-14T07:32:31+00:00"
|
||
|
},
|
||
|
{
|
||
|
"category": "Payload delivery",
|
||
|
"comment": "",
|
||
|
"deleted": false,
|
||
|
"disable_correlation": false,
|
||
|
"object_relation": "permalink",
|
||
|
"timestamp": "1607930766",
|
||
|
"to_ids": false,
|
||
|
"type": "link",
|
||
|
"uuid": "6f98031d-32e0-47b9-a557-c639ec483894",
|
||
|
"value": "https://www.virustotal.com/gui/file/32519b85c0b422e4656de6e6c41878e95fd95026267daab4215ee59c107d6c77/detection/f-32519b85c0b422e4656de6e6c41878e95fd95026267daab4215ee59c107d6c77-1607931151"
|
||
|
},
|
||
|
{
|
||
|
"category": "Payload delivery",
|
||
|
"comment": "",
|
||
|
"deleted": false,
|
||
|
"disable_correlation": true,
|
||
|
"object_relation": "detection-ratio",
|
||
|
"timestamp": "1607930766",
|
||
|
"to_ids": false,
|
||
|
"type": "text",
|
||
|
"uuid": "f61f4bff-ab4f-42fe-b893-b67cc407453a",
|
||
|
"value": "5/69"
|
||
|
}
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"comment": "",
|
||
|
"deleted": false,
|
||
|
"description": "VirusTotal report",
|
||
|
"meta-category": "misc",
|
||
|
"name": "virustotal-report",
|
||
|
"template_uuid": "d7dd0154-e04f-4c34-a2fb-79f3a3a52aa4",
|
||
|
"template_version": "3",
|
||
|
"timestamp": "1607931286",
|
||
|
"uuid": "3073a9b9-f747-4ec4-99c4-f6b5c93fbd7f",
|
||
|
"Attribute": [
|
||
|
{
|
||
|
"category": "Other",
|
||
|
"comment": "",
|
||
|
"deleted": false,
|
||
|
"disable_correlation": false,
|
||
|
"object_relation": "last-submission",
|
||
|
"timestamp": "1607930761",
|
||
|
"to_ids": false,
|
||
|
"type": "datetime",
|
||
|
"uuid": "8532b5ab-88bc-43cb-aad1-d5da8dfbd1ab",
|
||
|
"value": "2020-12-14T07:28:34+00:00"
|
||
|
},
|
||
|
{
|
||
|
"category": "Payload delivery",
|
||
|
"comment": "",
|
||
|
"deleted": false,
|
||
|
"disable_correlation": false,
|
||
|
"object_relation": "permalink",
|
||
|
"timestamp": "1607930761",
|
||
|
"to_ids": false,
|
||
|
"type": "link",
|
||
|
"uuid": "8f2785bc-d455-4f9b-8910-41ee2cbb635c",
|
||
|
"value": "https://www.virustotal.com/gui/file/ce77d116a074dab7a22a0fd4f2c1ab475f16eec42e1ded3c0b0aa8211fe858d6/detection/f-ce77d116a074dab7a22a0fd4f2c1ab475f16eec42e1ded3c0b0aa8211fe858d6-1607930914"
|
||
|
},
|
||
|
{
|
||
|
"category": "Payload delivery",
|
||
|
"comment": "",
|
||
|
"deleted": false,
|
||
|
"disable_correlation": true,
|
||
|
"object_relation": "detection-ratio",
|
||
|
"timestamp": "1607930761",
|
||
|
"to_ids": false,
|
||
|
"type": "text",
|
||
|
"uuid": "b06e1baa-7b52-4b85-b2f5-bd32986ee1e9",
|
||
|
"value": "6/70"
|
||
|
}
|
||
|
]
|
||
|
}
|
||
|
]
|
||
|
}
|
||
|
}
|