misp-circl-feed/feeds/circl/misp/0e887f03-5aa2-4a7b-b0f7-66208c6c657b.json

1486 lines
1.3 MiB
JSON
Raw Normal View History

2023-04-21 13:25:09 +00:00
{
"Event": {
"analysis": "2",
"date": "2022-01-28",
"extends_uuid": "",
"info": "OSINT - North Korea\u2019s Lazarus APT leverages Windows Update client, GitHub in latest campaign",
"publish_timestamp": "1643368423",
"published": true,
"threat_level_id": "2",
"timestamp": "1643368411",
"uuid": "0e887f03-5aa2-4a7b-b0f7-66208c6c657b",
"Orgc": {
"name": "CIRCL",
"uuid": "55f6ea5e-2c60-40e5-964f-47a8950d210f"
},
"Tag": [
{
"colour": "#0088cc",
2023-05-19 09:05:37 +00:00
"local": "0",
"name": "misp-galaxy:mitre-enterprise-attack-intrusion-set=\"Lazarus Group - G0032\"",
"relationship_type": ""
2023-04-21 13:25:09 +00:00
},
{
"colour": "#13eb00",
2023-05-19 09:05:37 +00:00
"local": "0",
"name": "misp-galaxy:threat-actor=\"Lazarus Group\"",
"relationship_type": ""
2023-04-21 13:25:09 +00:00
},
{
"colour": "#004646",
2023-05-19 09:05:37 +00:00
"local": "0",
"name": "type:OSINT",
"relationship_type": ""
2023-04-21 13:25:09 +00:00
},
{
"colour": "#0071c3",
2023-05-19 09:05:37 +00:00
"local": "0",
"name": "osint:lifetime=\"perpetual\"",
"relationship_type": ""
2023-04-21 13:25:09 +00:00
},
{
"colour": "#0087e8",
2023-05-19 09:05:37 +00:00
"local": "0",
"name": "osint:certainty=\"50\"",
"relationship_type": ""
2023-04-21 13:25:09 +00:00
},
{
"colour": "#ffffff",
2023-05-19 09:05:37 +00:00
"local": "0",
"name": "tlp:white",
"relationship_type": ""
2023-04-21 13:25:09 +00:00
}
],
"Attribute": [
{
"category": "Payload delivery",
"comment": "",
"deleted": false,
"disable_correlation": false,
"timestamp": "1643368128",
"to_ids": true,
"type": "sha256",
"uuid": "a80f5a34-353a-46b3-9fdc-114c972ab00f",
"value": "f14b1a91ed1ecd365088ba6de5846788f86689c6c2f2182855d5e0954d62af3b"
},
{
"category": "Payload delivery",
"comment": "",
"deleted": false,
"disable_correlation": false,
"timestamp": "1643368128",
"to_ids": true,
"type": "sha256",
"uuid": "88956f60-0e7f-4ec2-9761-3d9f198820f5",
"value": "c677a79b853d3858f8c8b86ccd8c76ebbd1508cc9550f1da2d30be491625b744"
},
{
"category": "Payload delivery",
"comment": "",
"deleted": false,
"disable_correlation": false,
"timestamp": "1643368128",
"to_ids": true,
"type": "sha256",
"uuid": "1893197b-59e0-4154-9277-4c877f17bf54",
"value": "9d18defe7390c59a1473f79a2407d072a3f365de9834b8d8be25f7e35a76d818"
},
{
"category": "Payload delivery",
"comment": "",
"deleted": false,
"disable_correlation": false,
"timestamp": "1643368128",
"to_ids": true,
"type": "sha256",
"uuid": "1cffc643-67f5-4791-9681-f897b103c810",
"value": "829eceee720b0a3e505efbd3262c387b92abdf46183d51a50489e2b157dac3b1"
},
{
"category": "Payload delivery",
"comment": "",
"deleted": false,
"disable_correlation": false,
"timestamp": "1643368128",
"to_ids": true,
"type": "sha256",
"uuid": "94ba792a-7c50-4784-b3d1-12fc6b0c9da6",
"value": "660e60cc1fd3e155017848a1f6befc4a335825a6ae04f3416b9b148ff156d143"
},
{
"category": "Payload delivery",
"comment": "",
"deleted": false,
"disable_correlation": false,
"timestamp": "1643368128",
"to_ids": true,
"type": "sha256",
"uuid": "8b130b66-db7e-440a-9c71-5e9f027ae456",
"value": "5098ec21c88e14d9039d232106560b3c87487b51b40d6fef28254c37e4865182"
},
{
"category": "Payload delivery",
"comment": "",
"deleted": false,
"disable_correlation": false,
"timestamp": "1643368128",
"to_ids": true,
"type": "sha256",
"uuid": "c4a4be82-39fb-4ffc-a7e5-3baa4de4d67f",
"value": "4216f63870e2cdfe499d09fce9caa301f9546f60a69c4032cb5fb6d5ceb9af32"
},
{
"category": "Payload delivery",
"comment": "",
"deleted": false,
"disable_correlation": false,
"timestamp": "1643368128",
"to_ids": true,
"type": "sha256",
"uuid": "78b06653-6b12-431b-b925-3383ed6e2bc6",
"value": "11b5944715da95e4a57ea54968439d955114088222fd2032d4e0282d12a58abb"
},
{
"category": "Network activity",
"comment": "",
"deleted": false,
"disable_correlation": false,
"timestamp": "1643368130",
"to_ids": true,
"type": "domain",
"uuid": "4766f4f1-84a0-40ae-8cf7-0aa91ae1ddd4",
"value": "markettrendingcenter.com"
},
{
"category": "Network activity",
"comment": "",
"deleted": false,
"disable_correlation": false,
"timestamp": "1643368130",
"to_ids": true,
"type": "domain",
"uuid": "db548277-c9b9-45da-8f10-019cba24e679",
"value": "lm-career.com"
}
],
"Object": [
{
"comment": "",
"deleted": false,
"description": "File object describing a file with meta-information",
"meta-category": "file",
"name": "file",
"template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215",
"template_version": "20",
"timestamp": "1643368256",
"uuid": "c1aaeb30-267b-4040-a69c-259060ee9ba2",
"Attribute": [
{
"category": "Payload delivery",
"comment": "",
"deleted": false,
"disable_correlation": true,
"object_relation": "filename",
"timestamp": "1643368256",
"to_ids": true,
"type": "filename",
"uuid": "1c3720cd-998e-46be-8839-1bd99df306d4",
"value": "0160375e19e606d06f672be6e43f70fa70093d2a30031affd2929a5c446d07c1"
},
{
"category": "Other",
"comment": "",
"deleted": false,
"disable_correlation": true,
"object_relation": "size-in-bytes",
"timestamp": "1643368256",
"to_ids": false,
"type": "size-in-bytes",
"uuid": "eebaa4c7-2cc1-4e0c-99a0-fdb5148154bf",
"value": "1293824"
},
{
"category": "Other",
"comment": "",
"deleted": false,
"disable_correlation": true,
"object_relation": "entropy",
"timestamp": "1643368256",
"to_ids": false,
"type": "float",
"uuid": "e4737a3c-4491-426a-a92a-3646c645b073",
"value": "6.8288845317702"
},
{
"category": "Payload delivery",
"comment": "",
"deleted": false,
"disable_correlation": false,
"object_relation": "md5",
"timestamp": "1643368256",
"to_ids": true,
"type": "md5",
"uuid": "609c6a1c-884d-4169-8309-f74f1371e174",
"value": "a27a9324d282d920e495832933d486ee"
},
{
"category": "Payload delivery",
"comment": "",
"deleted": false,
"disable_correlation": false,
"object_relation": "sha1",
"timestamp": "1643368256",
"to_ids": true,
"type": "sha1",
"uuid": "3b813a8c-23ab-4117-b445-6af529f1d1f0",
"value": "0ab8602cee94f36739b6649467ced514301e58fa"
},
{
"category": "Payload delivery",
"comment": "",
"deleted": false,
"disable_correlation": false,
"object_relation": "sha256",
"timestamp": "1643368256",
"to_ids": true,
"type": "sha256",
"uuid": "7cf8fce6-b43b-4ecf-9c8d-c08784d82ea5",
"value": "0160375e19e606d06f672be6e43f70fa70093d2a30031affd2929a5c446d07c1"
},
{
"category": "Payload delivery",
"comment": "",
"deleted": false,
"disable_correlation": false,
"object_relation": "sha512",
"timestamp": "1643368256",
"to_ids": true,
"type": "sha512",
"uuid": "c704c1d7-1a37-4331-af30-b6b52d2a8f5c",
"value": "76a3ced357d5fbae7bbb0288c4ddd23e2f8f77b7256f2555b34f666ff2ff7e5a1f1b68f0f53b859c41d57d5ab44129f910e0f1c7b9a51ca079dbbfac6973a96b"
},
{
"category": "Payload delivery",
"comment": "",
"data": "UEsDBBQACQAIAFxZPFQClLD7o9IMAAC+EwAgABwAYTI3YTkzMjRkMjgyZDkyMGU0OTU4MzI5MzNkNDg2ZWVVVAkAA0DP82FAz/NhdXgLAAEEIQAAAAQhAAAAairlOJjh2/yf5S0TJp11PBrsj00D9G4wyUKl5aYnNQgIdWGN0a8rFuY7QFzuqCOEU3v3RARuyR0s//gjPpE6C2rsTTyMXp29uavs0ZJfIZ+vHWx+Z6+Go3ce/Pv3ymIPVNgaCQXP1PRL+EfAnoYB8qlZeYPpz887K19BM46RSBqdbR+ER1xW6SectuHemiRiMhFm1WBNANaflrvFzh3vFQ+WAaajyyCaXBBtP2+3YoC/jf/IBTJQz0y++E+YNmjLBTKK383AtJCJ4+q2G4mR+UOr0fzrk3+k0Wg+WguC9zj2xZUjziYEPyTthsCLqH7MXipr1M/N63pqggJsmYmVI1lPDVdOpIzqfFl2ZwwbK55esiK0UfWAGtNkoFL6s+9petmLmeq3o575w+LRSisLEViaU+KMlbEfWK56S+SmYeodO/SRjujrc1He91+2zF5GGuYUZVNww8rwjTc3NI/OMx9zQWctiO2Jo7Y4cZER0JBUiH/5NqmdyYRW4G+IrEHZO9gqjNEliNjpmT+tqRgNnGfpSbCAX32VoOfPvaoFFh4yLa9r+W9oi1yozzEgR9JxSYDSpRDVKko1LxWciSSw6mWDygAdj+y0IjMZijff5i/tU2g4ebucK1v4hRYqhVtmc1nGru9Pi6CpyJ1ZLT1p8AKX81YYHA+m5KkNel1CGmpS4PUZ3ldp3ZGe1QlrIcsx18h7eI4PLFsgwq3YP+tnSqQ9clUT5XAhios7Ax2gveCswtua4pQopuITup9Di2b/FoiIoGNeTv2B2AgUrGRRS8rOCNfEF7gMlrRUNUcUADvKfW3apli/BDeamHU4Ny7d4mMBNWDrk5PhrVeLN8OEbYimbBpnN0Q9IUz01XBwj/ZegfphkYpRJyP+nIwP6vDaZiYPnD1JZ3mOhxZM7isdbuOkp/urB4SrQ731Xru90kha+Rcu68H4BzV+Fyh06bwHkPXywl8hX8LmU+NeTRRpU4Eye7AwLvi8MyVlRYSWBH3HatFnJ0Mlx1noYQPGwCDsBftOgOuCmqkqUKfgBLslqe1wocuHd5MncU/NTno4Y8DYNRgF98Z7ssOv1I9Snytp4CRQdwHwoPWdzZFb1itQ/lfvjvmxZMqRL91iy8qSF3zOUrLfgbPNJVLAVK3vOmYx74GgngQD3gDjSx8czyTjlmpqOSuh9sm1Z0i7oIiQCD8FuONUbUHGQYD0V0pV4VGpZRbqJZmoqQtvvBWUiNDbCGN5g9ilkagkoDK6/VkTYmZ2d9YFCWWohoQ5CZqys74CzT8uMWUSvk5xcfWgCm7IWCzIEejpUUBqlcWUCH0hcEzaDD2JLJmAXL97iGK0ko6jLeIOtQlsZM5T48yj/SKiJE5vQi7aROddSU7FkQrS7rV44RG6Wye/JfXdJ6DTqSV5tsshWy7ep/X/zXNazBl+ULku4U4lhs/81sz/s2g+jVEZNiNGdf/TTdNSHySjnYAyqrYUCVNIzuV5fDOWBmeTp1zsrnJED74+fSvjTCY9d3BzKutU6gpgOWyEY5nv2HEAh2qh1N3Xv1LzdkyuYi1QeAyIs/vXkVg5XYZHMy2fl6IOYSuNbBVBKtvui3u5o+OaR3k6r/2WAtTFbJQAGCDaCkBwoVR0t2aXKMJuJsiuCfpynlDM+FpokSQ0qEmK30X5bQKlDDViagtQynceMDfN9UFx6NmsXRAP3lQqNOPjCMdr+8SZiJgoejCgYCLHC6GJEzHASJLr0VVeEhCSqObLkCHC7PIRK4KkqxJJqYeHPIHqt6NVPhJ6SZurA9ZViN6oqwTgHQsFqHwvOOsq8T9juGqr5VuR1g1yy17nsot26IdBaI90HKu3xhVqstuXsyVk1Tw5s0q1RbdyUzpY8Xv6jVejNyvj3xsgTiM0Mxl3fPVLHqaMqJ6er9xOLbdFr8+YZT2Iv/KMLLXuYy6XSSa+pg4TqAwX57V4PWdVJwzy2ZdUkPs+4MjS8eVxb7+vLT2d0H6kdzRgbu56r0TMhnsGilbHw5meOXi6ARtrTRelhHuPXqeUxBifIGZ3ijLjVU6zEiKA4gR3vm60eBZcZvtWs4PW/EvuB78J121wqYYwjmRdzaPruUVW0B/cLulkx+vQoHHoFEpOJI/fMn612NQJb5DB0tXLv8ftlsr+Ba076czPNOsG0vXSxCUcfwD1hqlS/uIH3XS/5Ovxj6wdIMqGmvkMY5oXDS52Dg7CbhdRaVz178mPSWzjpwXW7X7GZoVh+eIYZOQBtyeKiPdYieS+o+RAHoq2D9YX5G26YDniGMFs6pqBN5EL/6lIwEOCWAqm/ZmtdMuRihgXdUSTEnK0tMNsq63KPX81WuHBevw9I97c6DfISv0sAGffOEAk+eYgLOqB1NNU4DV9r+Ehf4zesvI1nVcdjDxEuKM7g3cKLrmqq/1chVHMw2tmiCSGDC0VgAgoIn7m1CV4LFW15q6QhSHHuF0Yzv4EbUF6Ek5qZ6waGbyuA8+EkS+qUkPEhfVwvF6K5+9ensiYI8kyPnt0TDyLYVfMr76BOXxSmI27FPS9kyJvfbGYUpOPVIqUsU5mOjzf7i/p1cR91MCE+j3ja4Hecn0/gAjuBddfSVP9IynOxhtJRNEGzFLygMRRs5Lv2fYR9xTCaDWGZ49UzloEnAOYAng5kYSrd9BVZXpgnT04DrM5ob1Q5DSJ01r0xKQMdBiQOkdwrvODxzkEYF3uL5Wysprn6odyOH6AJTdEq0Op/hPbC3cHAb1uag++0lEKG/hlEt2/VF8OcjFVfWQjCs+7KPgCXgwDjMC2rYcsgfA+x2dhK5JuTYoTceWabjJk+fTtBlkj3fxYESOxFIP+2hySjjYta6vUD3k0uCuS+zNL75N3aYbA1n4+xX01QNrJGmcpdNjFVVf+ZeQ3BGuZKHubIGCAlG3FfltMlvQ2N3Ui0F0r337u7Pye75aZ/9p7czE0g6L0kxZxVsg6Y1c+UgBGXa2DdLsq3PUqL7Lroy7RmTADyE9w8v5IhlVe0tD5tdHjvqI1kg2QX7rwLDg1OfhELZa3+rYPpsmMKYNnTe593kLqsooILwc0f1qDm53HhYKb5vgv9L+rcoafQ5QioHbWrPF/BenmfcYDuIi5PzjmJX2TvAAL3R73QSRFnxszLpQPqwAyX+OCKglfRjJAORnfZBRaLcdtVOYCiZRFC5J1zNPpBYlc4S0MDIAO33nMLAh0aMUMDVbtyKVRKDHbNIqBLUqEA9ys+edhAOAtlzYnZcOaKUdRWpgA1Ippdg1Luh4O9GsJJkpCQtAX2RVv35XYqGfFYrDKel54T8Phnz/AK9q4c5BberxWZWs0x7DvRg/0NMoRLBojsoPLevHEnQq2QAPdQ578NI7eZPgBs4dQVYdnYw9DKpcpAsV3MNKDXnttt80abubmEp3CC7K7WRrmNKxDPYIv5AZG5T2Ufu707A2Yh22gA++ZN1U0tG4eRd6nFOmO4AapgoxQak3K2VObvlFpZYtxlSsIYcpxYu/jzHdxiaTFxIn/ozCuVAjKdCekIm4PLofbBh5raAvbxyI347qevGY1gHgD5Hw6JX5k0cc4a5xCsCntdNCzTvZAK4dVMzHY4Q/w65+GdqjWf3YlTPYQHQbKj3Q3H6jLxzqufHo/t/RhM+pJ5VZQKtp4LPcYPZuOlHYmVb+EvtwgrQouM+iHEUImL0Q3jpSBLTy5W8krwxFHHvhCGI0T8uyMy55dPC6pCyoK3x5hLAMiwkBpe7s6wVmE61oX0+cbY1MeKW2p/7X22pua4kP5v4ESrw4BD2I++wCM0fNnkivKJ9VPk3AFW03qkluN3g1fsq5/ygX1gv11rPK5cHGnQbCjteZtNX2bnbat2aCkRkPQI3NU1Yyb9303nTJIgpFL9CBw/jLZtwkDVizSMk92uaAMNhmPyKRykJeLMqSEcdgjGgnzqy0WsQw+CQJjz32OsaJyJDNP/C
"deleted": false,
"disable_correlation": false,
"object_relation": "malware-sample",
"timestamp": "1643368256",
"to_ids": true,
"type": "malware-sample",
"uuid": "62efdad8-ec98-4fee-9b03-37a939f9f47b",
"value": "0160375e19e606d06f672be6e43f70fa70093d2a30031affd2929a5c446d07c1|a27a9324d282d920e495832933d486ee"
},
{
"category": "Artifacts dropped",
"comment": "",
"deleted": false,
"disable_correlation": true,
"object_relation": "mimetype",
"timestamp": "1643368256",
"to_ids": false,
"type": "mime-type",
"uuid": "b592224b-94a7-44df-8e74-fd22ddc43f9f",
"value": "Composite Document File V2 Document, Little Endian, O%WINDIR%\\ Version 10.0, Code page: 1252, Author: Mickey, Template: Normal.dotm, Last Saved By: Challenger, Revision Number: 83, Name of Creating Application: Microsoft Office Word, Total Editing Time: 37:00, Create Time/Date: Fri Apr 24 03:18:00 2020, Last Saved Time/Date: Mon Oct 18 13:06:00 2021, Number of Pages: 1, Number of Words: 4, Number of Characters: 29, Security: 0"
},
{
"category": "Payload delivery",
"comment": "",
"deleted": false,
"disable_correlation": false,
"object_relation": "ssdeep",
"timestamp": "1643368256",
"to_ids": true,
"type": "ssdeep",
"uuid": "b0bb43b3-9fb9-403b-811d-61774e751b16",
"value": "24576:iguUgXlNfAEIk0AKDxj4eigeIAzTQYUrX:inUg/IVGge8"
}
]
},
{
"comment": "",
"deleted": false,
"description": "Object describing a section of a Portable Executable",
"meta-category": "file",
"name": "pe-section",
"template_uuid": "198a17d2-a135-4b25-9a32-5aa4e632014a",
"template_version": "3",
"timestamp": "1643368295",
"uuid": "621546b8-22b4-4034-bddc-90271cc81520",
"Attribute": [
{
"category": "Other",
"comment": "",
"deleted": false,
"disable_correlation": true,
"object_relation": "name",
"timestamp": "1643368295",
"to_ids": false,
"type": "text",
"uuid": "c6dc3359-eae1-4005-a12d-934302be7fee",
"value": ".text"
},
{
"category": "Other",
"comment": "",
"deleted": false,
"disable_correlation": true,
"object_relation": "size-in-bytes",
"timestamp": "1643368295",
"to_ids": false,
"type": "size-in-bytes",
"uuid": "1306c7f5-9ef0-448e-91ab-2a2b03ab4fac",
"value": "46592"
},
{
"category": "Other",
"comment": "",
"deleted": false,
"disable_correlation": true,
"object_relation": "entropy",
"timestamp": "1643368295",
"to_ids": false,
"type": "float",
"uuid": "09ef8f83-b679-4799-ad36-d06782752f91",
"value": "6.4148875927601"
},
{
"category": "Payload delivery",
"comment": "",
"deleted": false,
"disable_correlation": false,
"object_relation": "md5",
"timestamp": "1643368295",
"to_ids": true,
"type": "md5",
"uuid": "39871a43-e818-4b40-8538-6b876b3e94cf",
"value": "f0aed239794be6230b9ab92f5ab704d5"
},
{
"category": "Payload delivery",
"comment": "",
"deleted": false,
"disable_correlation": false,
"object_relation": "sha1",
"timestamp": "1643368295",
"to_ids": true,
"type": "sha1",
"uuid": "074a0050-a95d-4a80-bfcb-a24858205899",
"value": "27e39594216d890ab8efd47faf297662ca4c1a2b"
},
{
"category": "Payload delivery",
"comment": "",
"deleted": false,
"disable_correlation": false,
"object_relation": "sha256",
"timestamp": "1643368295",
"to_ids": true,
"type": "sha256",
"uuid": "979ebe32-0b9d-4edd-900a-eed75ad6c820",
"value": "c1c9a7786bbae2cda2fab4c8cae8d52d40b6aedab454dde6d58dd37bf6f134e0"
},
{
"category": "Payload delivery",
"comment": "",
"deleted": false,
"disable_correlation": false,
"object_relation": "sha512",
"timestamp": "1643368295",
"to_ids": true,
"type": "sha512",
"uuid": "fbee8059-ce26-4b9d-8911-1b40b21ba822",
"value": "c1a7afa5cba92b7a6ac1cdd339db46cfaeafa6f678a0ad3b81da0a5f61cdcda042ce2dd2046a5a2aa67fbecc7d06114135e24257f6597969051305085c7b59f5"
},
{
"category": "Payload delivery",
"comment": "",
"deleted": false,
"disable_correlation": false,
"object_relation": "ssdeep",
"timestamp": "1643368295",
"to_ids": true,
"type": "ssdeep",
"uuid": "08059034-1ad6-41a0-9ee7-e9189b5a6881",
"value": "768:HBaDwy8w8oX1pBEIHy3nFka0aY62QltTDbZ6L6ySIdJjGj9H3AJf3CQG8fPPdltt:QDwr3w1pyBFfEqbUUj9XAJ/CuFJ92e"
}
]
},
{
"comment": "",
"deleted": false,
"description": "Object describing a section of a Portable Executable",
"meta-category": "file",
"name": "pe-section",
"template_uuid": "198a17d2-a135-4b25-9a32-5aa4e632014a",
"template_version": "3",
"timestamp": "1643368295",
"uuid": "b8f14a3e-4a67-4d1a-9d84-c226fb0a1c4f",
"Attribute": [
{
"category": "Other",
"comment": "",
"deleted": false,
"disable_correlation": true,
"object_relation": "name",
"timestamp": "1643368295",
"to_ids": false,
"type": "text",
"uuid": "de49c12b-e34f-480a-acd4-a43b10928060",
"value": ".rdata"
},
{
"category": "Other",
"comment": "",
"deleted": false,
"disable_correlation": true,
"object_relation": "size-in-bytes",
"timestamp": "1643368295",
"to_ids": false,
"type": "size-in-bytes",
"uuid": "0d0ac01d-8897-4d2b-8cc7-969d20fe8b8c",
"value": "36352"
},
{
"category": "Other",
"comment": "",
"deleted": false,
"disable_correlation": true,
"object_relation": "entropy",
"timestamp": "1643368295",
"to_ids": false,
"type": "float",
"uuid": "c06d0c2a-aeb6-4006-ad35-f956213303d5",
"value": "4.8217559509854"
},
{
"category": "Payload delivery",
"comment": "",
"deleted": false,
"disable_correlation": false,
"object_relation": "md5",
"timestamp": "1643368295",
"to_ids": true,
"type": "md5",
"uuid": "c6d251d4-adfb-4670-aa37-edeaadaf636a",
"value": "a32f7745a4f081d4552edf2a136e4c53"
},
{
"category": "Payload delivery",
"comment": "",
"deleted": false,
"disable_correlation": false,
"object_relation": "sha1",
"timestamp": "1643368295",
"to_ids": true,
"type": "sha1",
"uuid": "04b11220-d4fb-479a-b766-8808d80f4567",
"value": "a4234384c78c294f4f9936a5ff1483b0194a9874"
},
{
"category": "Payload delivery",
"comment": "",
"deleted": false,
"disable_correlation": false,
"object_relation": "sha256",
"timestamp": "1643368295",
"to_ids": true,
"type": "sha256",
"uuid": "01052ccc-1428-452b-9617-1aba26e7f263",
"value": "6f8e1efdb5c256a50a99a63e8955c79eddf62d967a5914413cf00f164db21984"
},
{
"category": "Payload delivery",
"comment": "",
"deleted": false,
"disable_correlation": false,
"object_relation": "sha512",
"timestamp": "1643368295",
"to_ids": true,
"type": "sha512",
"uuid": "1173a8cf-b63f-47d9-a6c7-ee11c45c0aa7",
"value": "5854dc9e0929eb550f9956e4d04dbaa8bb1288c3203752466441d1a7fd7925fd37426e42fc93490f56defcab1e129dd84b975f4bf9f8093ba9ef12183328f0ee"
},
{
"category": "Payload delivery",
"comment": "",
"deleted": false,
"disable_correlation": false,
"object_relation": "ssdeep",
"timestamp": "1643368295",
"to_ids": true,
"type": "ssdeep",
"uuid": "21710e41-1080-49b3-bba9-f104ea738b0b",
"value": "768:gCcoWVQxhgWMEjLs0uR2NBdTmV9dlt7atMYBY65:gCBRgW/sWTdc9dltoYO"
}
]
},
{
"comment": "",
"deleted": false,
"description": "Object describing a section of a Portable Executable",
"meta-category": "file",
"name": "pe-section",
"template_uuid": "198a17d2-a135-4b25-9a32-5aa4e632014a",
"template_version": "3",
"timestamp": "1643368295",
"uuid": "20622269-6f11-4e6c-952f-ee9c004af16a",
"Attribute": [
{
"category": "Other",
"comment": "",
"deleted": false,
"disable_correlation": true,
"object_relation": "name",
"timestamp": "1643368295",
"to_ids": false,
"type": "text",
"uuid": "8709b76c-9a18-48bd-848a-4df22c02ea16",
"value": ".data"
},
{
"category": "Other",
"comment": "",
"deleted": false,
"disable_correlation": true,
"object_relation": "size-in-bytes",
"timestamp": "1643368295",
"to_ids": false,
"type": "size-in-bytes",
"uuid": "1e0f74c9-28f4-475b-af48-1e9c39187dbc",
"value": "131584"
},
{
"category": "Other",
"comment": "",
"deleted": false,
"disable_correlation": true,
"object_relation": "entropy",
"timestamp": "1643368295",
"to_ids": false,
"type": "float",
"uuid": "7c3e1f6e-f216-4151-b79a-330a81f2f97f",
"value": "6.1326950169619"
},
{
"category": "Payload delivery",
"comment": "",
"deleted": false,
"disable_correlation": false,
"object_relation": "md5",
"timestamp": "1643368295",
"to_ids": true,
"type": "md5",
"uuid": "21ee777a-2ca9-4e89-99d4-4853da30fd2b",
"value": "b09cf30705031f9ada3a712ada5736d5"
},
{
"category": "Payload delivery",
"comment": "",
"deleted": false,
"disable_correlation": false,
"object_relation": "sha1",
"timestamp": "1643368295",
"to_ids": true,
"type": "sha1",
"uuid": "9a670795-1321-4a05-9411-dfded67b4d77",
"value": "16eec00e49128d6bfd7baafe462c0e5d80d15d94"
},
{
"category": "Payload delivery",
"comment": "",
"deleted": false,
"disable_correlation": false,
"object_relation": "sha256",
"timestamp": "1643368295",
"to_ids": true,
"type": "sha256",
"uuid": "1735dec5-4992-4ab0-9efd-bb49d5baaf88",
"value": "50a28d8ef5327f37540d689f4009662ee98d59a18b1b23db1887c1d6f56cef48"
},
{
"category": "Payload delivery",
"comment": "",
"deleted": false,
"disable_correlation": false,
"object_relation": "sha512",
"timestamp": "1643368295",
"to_ids": true,
"type": "sha512",
"uuid": "d3bf5769-c4ff-4096-aefa-a5974bbb5075",
"value": "d57213ab62eb8c6c6a32bafdb7e63cc48abd1ff892b6fae902bf261650482388745f496106559f9e2c12dddecabcdc6593ccf2636a92e49ac9956f22af28117d"
},
{
"category": "Payload delivery",
"comment": "",
"deleted": false,
"disable_correlation": false,
"object_relation": "ssdeep",
"timestamp": "1643368295",
"to_ids": true,
"type": "ssdeep",
"uuid": "bf2ba318-c805-4e24-8f63-b4f2965044a2",
"value": "3072:KDfRKcjX7Fq8RNbujkIb6w/XWlIA9EC8aLuSsqVEGklPbuWHF2Z6bp:KfAcb7PNblIbRGCAOJquFDue2Zm"
}
]
},
{
"comment": "",
"deleted": false,
"description": "Object describing a section of a Portable Executable",
"meta-category": "file",
"name": "pe-section",
"template_uuid": "198a17d2-a135-4b25-9a32-5aa4e632014a",
"template_version": "3",
"timestamp": "1643368295",
"uuid": "23add241-c3b2-45ca-b030-640f6fff6bbd",
"Attribute": [
{
"category": "Other",
"comment": "",
"deleted": false,
"disable_correlation": true,
"object_relation": "name",
"timestamp": "1643368295",
"to_ids": false,
"type": "text",
"uuid": "f694fd3e-0ff6-44d3-81d2-8dbf970769a8",
"value": ".pdata"
},
{
"category": "Other",
"comment": "",
"deleted": false,
"disable_correlation": true,
"object_relation": "size-in-bytes",
"timestamp": "1643368295",
"to_ids": false,
"type": "size-in-bytes",
"uuid": "7a9a9831-9c51-4d4e-a59a-381cf8d4b542",
"value": "3584"
},
{
"category": "Other",
"comment": "",
"deleted": false,
"disable_correlation": true,
"object_relation": "entropy",
"timestamp": "1643368295",
"to_ids": false,
"type": "float",
"uuid": "75d54a4b-1b9e-44b5-8206-2ff2a8a5881b",
"value": "4.8448250072714"
},
{
"category": "Payload delivery",
"comment": "",
"deleted": false,
"disable_correlation": false,
"object_relation": "md5",
"timestamp": "1643368295",
"to_ids": true,
"type": "md5",
"uuid": "9a9dcae3-05db-4678-bb66-caec59f7bb1f",
"value": "5c3f6d30133d10d48d199e3bbff65923"
},
{
"category": "Payload delivery",
"comment": "",
"deleted": false,
"disable_correlation": false,
"object_relation": "sha1",
"timestamp": "1643368295",
"to_ids": true,
"type": "sha1",
"uuid": "437ed97b-f5c1-419f-b402-96924bb5cc23",
"value": "c5ae3b1dfa841405ab6c9f7a0ca3b57046af35c4"
},
{
"category": "Payload delivery",
"comment": "",
"deleted": false,
"disable_correlation": false,
"object_relation": "sha256",
"timestamp": "1643368295",
"to_ids": true,
"type": "sha256",
"uuid": "e590952f-ba00-48d4-8d2a-b6c8c2be2039",
"value": "c7a8677bf7e063ccb4509076f90b5dfd1a6c37d0e527bed5584d06fb1e5baf45"
},
{
"category": "Payload delivery",
"comment": "",
"deleted": false,
"disable_correlation": false,
"object_relation": "sha512",
"timestamp": "1643368295",
"to_ids": true,
"type": "sha512",
"uuid": "602aa7ff-e407-4c72-8b95-ca39e8d37983",
"value": "219eace4c63e99889915bd1168fed4c49930e2a65c9fcab793b60a564c9cda970cd594cf2f0ddf8aa6020faf395d8329398ff2cdeb45fb923d66b47194932302"
},
{
"category": "Payload delivery",
"comment": "",
"deleted": false,
"disable_correlation": false,
"object_relation": "ssdeep",
"timestamp": "1643368295",
"to_ids": true,
"type": "ssdeep",
"uuid": "4324b2ac-74bc-4fb7-b7c5-480fe21e8e9d",
"value": "96:gCjNiHYZdr3KEUFwqihpB/zvEqu+W2NuTwWiQeyaQ2DamCcUliQ:gGiHYvxUw1hpBrDpWXelBcliQ"
}
]
},
{
"comment": "",
"deleted": false,
"description": "Object describing a section of a Portable Executable",
"meta-category": "file",
"name": "pe-section",
"template_uuid": "198a17d2-a135-4b25-9a32-5aa4e632014a",
"template_version": "3",
"timestamp": "1643368295",
"uuid": "63f07c3f-03be-4782-a1ea-3ac329dcfe19",
"Attribute": [
{
"category": "Other",
"comment": "",
"deleted": false,
"disable_correlation": true,
"object_relation": "name",
"timestamp": "1643368295",
"to_ids": false,
"type": "text",
"uuid": "78fdbd58-fbc3-4978-a48e-67af9807c129",
"value": ".gfids"
},
{
"category": "Other",
"comment": "",
"deleted": false,
"disable_correlation": true,
"object_relation": "size-in-bytes",
"timestamp": "1643368295",
"to_ids": false,
"type": "size-in-bytes",
"uuid": "20640153-696a-4e59-bd2a-bb68e5777bd4",
"value": "512"
},
{
"category": "Other",
"comment": "",
"deleted": false,
"disable_correlation": true,
"object_relation": "entropy",
"timestamp": "1643368295",
"to_ids": false,
"type": "float",
"uuid": "026f6b1f-4fbe-450d-86d7-366ade7a3c49",
"value": "3.3224068006213"
},
{
"category": "Payload delivery",
"comment": "",
"deleted": false,
"disable_correlation": false,
"object_relation": "md5",
"timestamp": "1643368295",
"to_ids": true,
"type": "md5",
"uuid": "c3910e98-a61f-408b-a073-60b8963686e5",
"value": "77e0d0c0a0ec75ee8d0cb7aa217b54bc"
},
{
"category": "Payload delivery",
"comment": "",
"deleted": false,
"disable_correlation": false,
"object_relation": "sha1",
"timestamp": "1643368295",
"to_ids": true,
"type": "sha1",
"uuid": "fb847a5e-9aef-44fb-9aa0-661c5b1ef024",
"value": "7a6dd6e45e3064a5bf868a3476eb441b26cf9fa9"
},
{
"category": "Payload delivery",
"comment": "",
"deleted": false,
"disable_correlation": false,
"object_relation": "sha256",
"timestamp": "1643368295",
"to_ids": true,
"type": "sha256",
"uuid": "f4186ac7-41ef-49bf-9390-b2f79d718527",
"value": "68c518c2323a239bb752920566802e1933c4fad2b72f026f2418c4f6c4f64603"
},
{
"category": "Payload delivery",
"comment": "",
"deleted": false,
"disable_correlation": false,
"object_relation": "sha512",
"timestamp": "1643368295",
"to_ids": true,
"type": "sha512",
"uuid": "493520e9-0a55-44c5-91d6-2edd765b106d",
"value": "b8a721040d6ffac3b49a36dc2387583914e07d15f252c368a38fee47e2760d5b90514320aff9817424002fe18c4c807c500b884c48ac2eb923d93df5040934f4"
},
{
"category": "Payload delivery",
"comment": "",
"deleted": false,
"disable_correlation": false,
"object_relation": "ssdeep",
"timestamp": "1643368295",
"to_ids": true,
"type": "ssdeep",
"uuid": "e5b3cf0a-69d2-4a51-9c51-db8e17758a35",
"value": "3:7nrllrxl1lJr/iAhlt/tJ7/elnlItr/3j8/RlNhfJYiDSBloFelUn:UAgl6tEZoOSTocUn"
}
]
},
{
"comment": "",
"deleted": false,
"description": "Object describing a section of a Portable Executable",
"meta-category": "file",
"name": "pe-section",
"template_uuid": "198a17d2-a135-4b25-9a32-5aa4e632014a",
"template_version": "3",
"timestamp": "1643368295",
"uuid": "6d7032a0-0cdd-4498-8940-93ce1d0cc2b0",
"Attribute": [
{
"category": "Other",
"comment": "",
"deleted": false,
"disable_correlation": true,
"object_relation": "name",
"timestamp": "1643368295",
"to_ids": false,
"type": "text",
"uuid": "1877862d-85d2-45a7-9fd1-ad0eb3806332",
"value": ".rsrc"
},
{
"category": "Other",
"comment": "",
"deleted": false,
"disable_correlation": true,
"object_relation": "size-in-bytes",
"timestamp": "1643368295",
"to_ids": false,
"type": "size-in-bytes",
"uuid": "2ef6e290-3ce9-421e-9d55-377037f605ae",
"value": "1536"
},
{
"category": "Other",
"comment": "",
"deleted": false,
"disable_correlation": true,
"object_relation": "entropy",
"timestamp": "1643368295",
"to_ids": false,
"type": "float",
"uuid": "b66d4c8b-e8cd-4f89-b2ce-edf447f510d5",
"value": "4.1795068332011"
},
{
"category": "Payload delivery",
"comment": "",
"deleted": false,
"disable_correlation": false,
"object_relation": "md5",
"timestamp": "1643368295",
"to_ids": true,
"type": "md5",
"uuid": "f3085f5a-f0a6-4448-938a-51d7e822eba5",
"value": "6ad7e1cd7c023449d64b63c55d9e1f03"
},
{
"category": "Payload delivery",
"comment": "",
"deleted": false,
"disable_correlation": false,
"object_relation": "sha1",
"timestamp": "1643368295",
"to_ids": true,
"type": "sha1",
"uuid": "4b601d34-7ee8-45aa-a59c-41c10b35ca49",
"value": "298de049b63f759862b6d7aab081842c95580277"
},
{
"category": "Payload delivery",
"comment": "",
"deleted": false,
"disable_correlation": false,
"object_relation": "sha256",
"timestamp": "1643368295",
"to_ids": true,
"type": "sha256",
"uuid": "9d5fe819-aa17-4a26-99d5-bfe3b0121d13",
"value": "cab005c0cc2b47db9876d1241800c4c5ff1eb62b826a544f844ca98b40488259"
},
{
"category": "Payload delivery",
"comment": "",
"deleted": false,
"disable_correlation": false,
"object_relation": "sha512",
"timestamp": "1643368295",
"to_ids": true,
"type": "sha512",
"uuid": "131bdeb9-ac53-4e10-bfc5-4a995b44d14d",
"value": "c65c8418fc1983ae47a849dc1ccc2578d0dba1e63249e8099b5c16206bd64661e7396a6f25306b87936c42fbf5eae15f59f55a53c057b92c9a628738a3cae711"
},
{
"category": "Payload delivery",
"comment": "",
"deleted": false,
"disable_correlation": false,
"object_relation": "ssdeep",
"timestamp": "1643368295",
"to_ids": true,
"type": "ssdeep",
"uuid": "6f9d6125-23c5-4e45-80fb-219811fc082f",
"value": "24:yiDxLCLnZW08TgUt2N7feCtg1ez35W0YwPNr1PnRuV4MPgich:yExLqnZWfTToreCe1e75Wc1RuqSS"
}
]
},
{
"comment": "",
"deleted": false,
"description": "Object describing a section of a Portable Executable",
"meta-category": "file",
"name": "pe-section",
"template_uuid": "198a17d2-a135-4b25-9a32-5aa4e632014a",
"template_version": "3",
"timestamp": "1643368295",
"uuid": "4cdcd402-e02c-45ae-97c4-0c5939ac9d21",
"Attribute": [
{
"category": "Other",
"comment": "",
"deleted": false,
"disable_correlation": true,
"object_relation": "name",
"timestamp": "1643368295",
"to_ids": false,
"type": "text",
"uuid": "390ddc2b-5874-4f4c-b9e3-7b46292a6177",
"value": ".reloc"
},
{
"category": "Other",
"comment": "",
"deleted": false,
"disable_correlation": true,
"object_relation": "size-in-bytes",
"timestamp": "1643368295",
"to_ids": false,
"type": "size-in-bytes",
"uuid": "de73eef4-b811-41da-926a-8cc8b0e21ba5",
"value": "2048"
},
{
"category": "Other",
"comment": "",
"deleted": false,
"disable_correlation": true,
"object_relation": "entropy",
"timestamp": "1643368295",
"to_ids": false,
"type": "float",
"uuid": "6fabb372-0cab-4188-a1ed-099f5bc7ffa7",
"value": "5.4230113038396"
},
{
"category": "Payload delivery",
"comment": "",
"deleted": false,
"disable_correlation": false,
"object_relation": "md5",
"timestamp": "1643368295",
"to_ids": true,
"type": "md5",
"uuid": "84539c6e-52f5-4800-a417-354a1b37d0d2",
"value": "2aa0d7b076707d0010e22ea3700e2908"
},
{
"category": "Payload delivery",
"comment": "",
"deleted": false,
"disable_correlation": false,
"object_relation": "sha1",
"timestamp": "1643368295",
"to_ids": true,
"type": "sha1",
"uuid": "65a59f62-ee86-4361-ad4b-6f604f3665d9",
"value": "cb29d6dd2e0436c534cf50b2a3a1cea870178a60"
},
{
"category": "Payload delivery",
"comment": "",
"deleted": false,
"disable_correlation": false,
"object_relation": "sha256",
"timestamp": "1643368295",
"to_ids": true,
"type": "sha256",
"uuid": "7d411988-1383-4f37-89f2-ef6ff58e2fd0",
"value": "3a571b93f652c298c7bc1aa946ed3da514ad8340625e98dd6031f16f2398c42f"
},
{
"category": "Payload delivery",
"comment": "",
"deleted": false,
"disable_correlation": false,
"object_relation": "sha512",
"timestamp": "1643368295",
"to_ids": true,
"type": "sha512",
"uuid": "4af9cf47-7a0c-4bf6-bf17-e0cbc97653f8",
"value": "085678dc31d9ba8b3962ba83a18e3f7a60bebd6a4f194dcf8fe4f1e1d2e1bca1d4b75a9b12503e53f6d5615560d7d77a8769fb1548cf931b04185892daeb7c69"
},
{
"category": "Payload delivery",
"comment": "",
"deleted": false,
"disable_correlation": false,
"object_relation": "ssdeep",
"timestamp": "1643368295",
"to_ids": true,
"type": "ssdeep",
"uuid": "7d751f75-432f-4089-867d-76ff0b016ed7",
"value": "48:uo3X31nnHnnnruEP8P/vcvvf21PcPEvvXn:uYn1nnCvP8vv1PEvvXn"
}
]
},
{
"comment": "",
"deleted": false,
"description": "Object describing a Portable Executable",
"meta-category": "file",
"name": "pe",
"template_uuid": "cf7adecc-d4f0-4e88-9d90-f978ee151a07",
"template_version": "5",
"timestamp": "1643368295",
"uuid": "cb3799b8-19e7-4f2d-9783-0f711421d643",
"ObjectReference": [
{
"comment": "Section 0 of PE",
"object_uuid": "cb3799b8-19e7-4f2d-9783-0f711421d643",
"referenced_uuid": "621546b8-22b4-4034-bddc-90271cc81520",
"relationship_type": "includes",
"timestamp": "1643368295",
"uuid": "62e90514-a02b-4713-97f4-d00374c82761"
},
{
"comment": "Section 1 of PE",
"object_uuid": "cb3799b8-19e7-4f2d-9783-0f711421d643",
"referenced_uuid": "b8f14a3e-4a67-4d1a-9d84-c226fb0a1c4f",
"relationship_type": "includes",
"timestamp": "1643368295",
"uuid": "72ac01f2-ab2c-4b58-8dd5-f1ef750ba2d2"
},
{
"comment": "Section 2 of PE",
"object_uuid": "cb3799b8-19e7-4f2d-9783-0f711421d643",
"referenced_uuid": "20622269-6f11-4e6c-952f-ee9c004af16a",
"relationship_type": "includes",
"timestamp": "1643368295",
"uuid": "5a6df963-e94c-4916-a40e-5308ba0db7af"
},
{
"comment": "Section 3 of PE",
"object_uuid": "cb3799b8-19e7-4f2d-9783-0f711421d643",
"referenced_uuid": "23add241-c3b2-45ca-b030-640f6fff6bbd",
"relationship_type": "includes",
"timestamp": "1643368295",
"uuid": "85a7dc68-0b08-4b49-ac22-4b9961c984bc"
},
{
"comment": "Section 4 of PE",
"object_uuid": "cb3799b8-19e7-4f2d-9783-0f711421d643",
"referenced_uuid": "63f07c3f-03be-4782-a1ea-3ac329dcfe19",
"relationship_type": "includes",
"timestamp": "1643368295",
"uuid": "6d35a0bb-9883-4a42-bf9a-e508ec3759fd"
},
{
"comment": "Section 5 of PE",
"object_uuid": "cb3799b8-19e7-4f2d-9783-0f711421d643",
"referenced_uuid": "6d7032a0-0cdd-4498-8940-93ce1d0cc2b0",
"relationship_type": "includes",
"timestamp": "1643368295",
"uuid": "7f01f9c0-53d6-40f3-8c3f-67a8febe86de"
},
{
"comment": "Section 6 of PE",
"object_uuid": "cb3799b8-19e7-4f2d-9783-0f711421d643",
"referenced_uuid": "4cdcd402-e02c-45ae-97c4-0c5939ac9d21",
"relationship_type": "includes",
"timestamp": "1643368295",
"uuid": "dd00df07-ec30-43f4-bfb1-2d9a37081cba"
}
],
"Attribute": [
{
"category": "Other",
"comment": "",
"deleted": false,
"disable_correlation": true,
"object_relation": "type",
"timestamp": "1643368295",
"to_ids": false,
"type": "text",
"uuid": "6b11ac14-cf93-46c8-b8cd-03ed29f982c7",
"value": "dll"
},
{
"category": "Other",
"comment": "",
"deleted": false,
"disable_correlation": true,
"object_relation": "entrypoint-address",
"timestamp": "1643368295",
"to_ids": false,
"type": "text",
"uuid": "705e13ba-6d72-45fe-a1d3-b804da91f32e",
"value": "6442460944"
},
{
"category": "Other",
"comment": "",
"deleted": false,
"disable_correlation": false,
"object_relation": "compilation-timestamp",
"timestamp": "1643368295",
"to_ids": false,
"type": "datetime",
"uuid": "519c8ccb-c839-4aec-8134-2286a32e624d",
"value": "2022-01-18T06:13:32+00:00"
},
{
"category": "Payload delivery",
"comment": "",
"deleted": false,
"disable_correlation": true,
"object_relation": "original-filename",
"timestamp": "1643368295",
"to_ids": true,
"type": "filename",
"uuid": "e158192c-fcc7-44b9-b679-2c77f0107273",
"value": "wuaueng.dll"
},
{
"category": "Payload delivery",
"comment": "",
"deleted": false,
"disable_correlation": true,
"object_relation": "internal-filename",
"timestamp": "1643368295",
"to_ids": true,
"type": "filename",
"uuid": "27e4b0f8-4b74-47c3-8375-74c0d537000f",
"value": "wuaueng.dll"
},
{
"category": "Other",
"comment": "",
"deleted": false,
"disable_correlation": true,
"object_relation": "file-description",
"timestamp": "1643368295",
"to_ids": false,
"type": "text",
"uuid": "58e2b82f-d74c-447c-b05e-b31bf6cf315e",
"value": "Windows Update Agent"
},
{
"category": "Other",
"comment": "",
"deleted": false,
"disable_correlation": true,
"object_relation": "file-version",
"timestamp": "1643368295",
"to_ids": false,
"type": "text",
"uuid": "7db9a014-f3fc-4561-861c-04932b505c5b",
"value": "4.0.1.25"
},
{
"category": "Other",
"comment": "",
"deleted": false,
"disable_correlation": true,
"object_relation": "lang-id",
"timestamp": "1643368295",
"to_ids": false,
"type": "text",
"uuid": "baad5eb8-014c-4c31-afed-57c6f3036ef4",
"value": "000004b0"
},
{
"category": "Other",
"comment": "",
"deleted": false,
"disable_correlation": true,
"object_relation": "product-name",
"timestamp": "1643368295",
"to_ids": false,
"type": "text",
"uuid": "ef21b19a-305d-4bbd-af43-b3f77f53f11c",
"value": "Microsoft Configuration Application"
},
{
"category": "Other",
"comment": "",
"deleted": false,
"disable_correlation": true,
"object_relation": "product-version",
"timestamp": "1643368295",
"to_ids": false,
"type": "text",
"uuid": "9d719def-59ef-4cfd-af10-5bb6da08ba0e",
"value": "4.0.1.25"
},
{
"category": "Other",
"comment": "",
"deleted": false,
"disable_correlation": true,
"object_relation": "company-name",
"timestamp": "1643368295",
"to_ids": false,
"type": "text",
"uuid": "8f761a8f-cc88-44a3-bb5e-cb21b1b2b6c6",
"value": "Microsoft Corp"
},
{
"category": "Other",
"comment": "",
"deleted": false,
"disable_correlation": true,
"object_relation": "legal-copyright",
"timestamp": "1643368295",
"to_ids": false,
"type": "text",
"uuid": "d59db7cc-35e9-4747-9681-e0540871b47a",
"value": "Copyright (C) Microsoft Corp."
},
{
"category": "Other",
"comment": "",
"deleted": false,
"disable_correlation": true,
"object_relation": "number-sections",
"timestamp": "1643368295",
"to_ids": false,
"type": "counter",
"uuid": "3c975a0f-f1bb-47b5-9cd2-87214dcdef58",
"value": "7"
}
]
},
{
"comment": "",
"deleted": false,
"description": "File object describing a file with meta-information",
"meta-category": "file",
"name": "file",
"template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215",
"template_version": "20",
"timestamp": "1643368295",
"uuid": "8e0b53ea-8268-4007-90dc-56d8831db287",
"ObjectReference": [
{
"comment": "PE indicators",
"object_uuid": "8e0b53ea-8268-4007-90dc-56d8831db287",
"referenced_uuid": "cb3799b8-19e7-4f2d-9783-0f711421d643",
"relationship_type": "includes",
"timestamp": "1643368295",
"uuid": "955f10df-792e-4433-bf09-dfd86113bbac"
}
],
"Attribute": [
{
"category": "Payload delivery",
"comment": "",
"deleted": false,
"disable_correlation": true,
"object_relation": "filename",
"timestamp": "1643368295",
"to_ids": true,
"type": "filename",
"uuid": "3c22d64d-9666-4770-aa17-94dbe6897408",
"value": "829eceee720b0a3e505efbd3262c387b92abdf46183d51a50489e2b157dac3b1"
},
{
"category": "Other",
"comment": "",
"deleted": false,
"disable_correlation": true,
"object_relation": "size-in-bytes",
"timestamp": "1643368295",
"to_ids": false,
"type": "size-in-bytes",
"uuid": "ecfdc51e-ba40-48ae-9c9e-f6f356d53dd3",
"value": "232936"
},
{
"category": "Other",
"comment": "",
"deleted": false,
"disable_correlation": true,
"object_relation": "entropy",
"timestamp": "1643368295",
"to_ids": false,
"type": "float",
"uuid": "16d662aa-1edb-4a4e-8dcf-7cc69339aabb",
"value": "6.177766830583"
},
{
"category": "Payload delivery",
"comment": "",
"deleted": false,
"disable_correlation": false,
"object_relation": "md5",
"timestamp": "1643368295",
"to_ids": true,
"type": "md5",
"uuid": "58e929f5-8257-4ca3-b39f-f2e31967ebb6",
"value": "490c885dc7ba0f32c07ddfe02a04bbb9"
},
{
"category": "Payload delivery",
"comment": "",
"deleted": false,
"disable_correlation": false,
"object_relation": "sha1",
"timestamp": "1643368295",
"to_ids": true,
"type": "sha1",
"uuid": "3fb2e73a-1b27-4350-8456-27c9da307d90",
"value": "294690c1aee8dc7723858dafcb2a0ed273296641"
},
{
"category": "Payload delivery",
"comment": "",
"deleted": false,
"disable_correlation": false,
"object_relation": "sha256",
"timestamp": "1643368295",
"to_ids": true,
"type": "sha256",
"uuid": "c0ffd2cd-c9bd-4f4f-8808-240f22a4d6a0",
"value": "829eceee720b0a3e505efbd3262c387b92abdf46183d51a50489e2b157dac3b1"
},
{
"category": "Payload delivery",
"comment": "",
"deleted": false,
"disable_correlation": false,
"object_relation": "sha512",
"timestamp": "1643368295",
"to_ids": true,
"type": "sha512",
"uuid": "7351bd19-1c3a-4bba-87dc-9693db886e2b",
"value": "127f014d18b926433d56bfee85b350fe36cc26a1442ef8f16cf1c9e6cce95c2f83a8609b9d29e53b7b5617739f760ba4263bd6222870fd25309a16d46000d29c"
},
{
"category": "Payload delivery",
"comment": "",
"data": "UEsDBBQACQAIAHJZPFQ5DRT9d+UBAOiNAwAgABwANDkwYzg4NWRjN2JhMGYzMmMwN2RkZmUwMmEwNGJiYjlVVAkAA2fP82Fnz/NhdXgLAAEEIQAAAAQhAAAAJgxwQpsu8EWj6jhC4u0GSTSYLFYFVOCngmMjvT1VdHGEdWbrZ8ovTZFAyoqhtvrj6mnVEqeekPL8B1fHICakow4fYw86SmgplWUyT5mmeSj6Nd/wsHFw+GtpUmNmZhSgplDddudJLoCI1aBl6kMIKhEIQ+Q4csSkEtoigJ+FgHS0c92j3LQWMR8u0rwtDAhplKD1maSIW0lovaHFhPZHc2wo3w3m8gGpQWdwrG7kfoIL9ugxEk62tZlWvKM3sjFRowchtQUOqWF+BXwPrv4Z5/DvujsXoJevsSoZ8H60Y3AIVmRH+m2TTMLeZkVZuUNdQG2IGYXNqiNoIXxH1mhz/Nma9pwi3f3j3SGsa/9Xks+i5RDS2Tu60v6suM6e5Qn6aU+OUBiyFrvO0F38LTsI4KOFHkBjllFHKso9A7el/t4elK/UOVHPIWGgYbnSNh+es/YPxDr6y75klaziq8hpjst6y7kv/VfaQxKZsFIJ/9K+J3q2Dqe2KV8XbaqJjF2ih6B7Zj8yPEF9iUSoC1ZZYVVmQ2zbNxOBJ0XZ9bXQAVsWhmVtr8AYWLnOeBzMIEmRa0FPSHB9lu2cNItFem/oiJT8HoFfpbKMCddJ9JlvNHKcrYYK8Px20uAzr0EDbw1Mr3dvhGMJSdBPh7uSS5KzNb9x/3Y9OZHFPAOU1xyvDPF4dIWDIaVR0/hK4yon1EFtkpQsv6jZU9uaY1OQtTFwxRVF27BMa8tzoBC2MdTlJ1nZ+E3Hv2KjMd0Fq2yA/ENwxrBXOCyrutBueJq1T7/pbA/xImXZaZEiH9my9gSlAnRzE31c58fvMAb9hKaQClTuYqk2bWQrMTAnezNfeY8Djbi/AiHTT4qZM23OVlKpCPhY9c52zwOuIh5yvogWJWAPHFheB6oPxstcNRljLRumNDCgDd7YEDNCpOhjInzAzj+2SyBzr/fjgII826u1oEsmzLFizrwmK01QjiopAp0H87sN7EWswAlfBgLijwe8A5CU/+HkBeoJorlWXKTq+yPYNI6KXWrzbDxVN/LN3rldxqNE/C6DkEDA/i4ciIXdduJIr+9u/t1MsIroNwE1gZF4rToJHSWlc1JgBbmcRoess37j133IWmhU+XV6byl6wkE1C0fJ2TPDvhdLI4p0vz/ZJ5i+bnXQBDl0Fe248324Sm6VBqOBaL29SJJ4WHbn3WyRDzBTI7XUxH+caVMOLkXNUR4vhtw7PpblT9rXNlhg6p/5D0+2c8bMQ1fzfLW14mV7eYzVEB5m/K+rL5XpT9moWHIqFbA9//cdYwe+5cATc8tn7e6QzVJxx0SPHloCAULaPPzhjhP/E63yTsxgqZQ3+KLgeVXbMycfSGDvdAcJXLrHvZAcpsGz43668iu3c8gp9HL5euJgxwf7Ai8Dqi8HoKTqRlaDGNQjNZfBuQa1gVZeHVi8/KR5yu8yc8DullOlMS9cP3CAX2SQffcWz66PCP5RVRwZ6KqZ8ctYKVUZWrQ5e84PueCjvdTCesF+UdH2Sqs6MJbMUF4W/R2UsEQkLMvLUG4E1CyWNahNDD4bAILI48u0+82j/mxulspYVHiBGzpU7yxx0gvUoOSGYOLhtu1lb9MaD3Orbtljn+wJ+yJnhDWYz3A52faZGt3JfL5iVzubCgHRT26SelVNMgEAokXy3yjdTm56OdtDKD2dxnqak+8T5Ies3VMflwISHj6eXv1fzDiKlMOfyma9mFFjW7IJ/V1CMQ2IuAve45etBHPQkdGrx0Hsta9zKxCnZ6IBewYDi5gnGxrmCu2G7YiRk52tEhbxgq6hJeKEOfundt1aVO0aY3vNkO5LgNKV9EcShziHcO5DN91/8jurz7S9wjSRcajwoAU3CX+mrXdoHJCjc3QsunDU5Gv3Rs9hvd2i0KuEL1hclodL0xkGuSzYGGTg7rdS9AZcehtp6QRLd+cqBP2PXpAgTVNApt5Dy0KjrBOlsDkdGmaHhPvaZIJsvWexl/zuvIS7TMlOiL0cpgdh7FVVn2HS+OIonuzXhd72UCGFXxyfokTlU0C9nz0+g5Pv1gZc52QPW2G5U8csmQsYSOI5D80dvQM8k61fUOB7kURhyMSS387+29BhKmHWn7k8GK7ITMWZ84lfMzfYJt3ArdTniv71Cdu6zlQ0QdlIR1VFUhWpQnqBITwPaiXzHhHs3CepTDX6vKwI2czXp2klmFzjmtZJWT66yIqtlftb53CR7fBRS/+K7CgsEgnIOGJxS0oPWBSHNTYQHHrZesrmlJqBXbwc0ePQC8saFcMILZNK3hC2TK/0SMBFHzQYAujQlIG1ecW/8IJpuL5Mev8MCu4fn4WgOHZUa9wqMSUTjkFUAJPF/DoQ1dYYFNiupAppY4SaMKSR3bpagDWyvrbRTyxxGwbOJuLL8+FiYWpQ82a18DDeYoWN68ikbshxdlKCiIUmUuoS3TG3EF+eCsWxqOE3lV1/3uHoLYePY7h9fuKhvYdlYD46Dv+RCti0/R4QmFnUm/jOuM7d8zw+IXnqgvCeTwscOqMvMuHMzTmWjvgTK088kE0+kyQ4TUKOw/doBpBQo/Dh99Vsa2dW68VjfbAcQ1cVRHUbLWAAYX6bXlxMN/dulxsot3PJQaKH7p4kl8kdGFqGH51bpL0mMB1O2AxU9GlEIb0Lqh9tgNHpPWVB2s1wgN2ZNvSsMawBjc6t0DhEeuEvpKunvdNPtCe1nfGYBj0KrElAbL9Cn4uLW+WHVoG66TrKCJDeV/a9D/6fuN0dZLJ0ojZkjwV3rsG8Hr4JE7JNlhcrek3INfYnndFqrz8fyhgNQYTk5bKMjj5G8rIqoduvRaOY3IVS4luRczsBL2tg4lYRyxaeQKgRejkRr2Pr6kgyldouqQggbR97Ie7OuZaHZRnk9lEJVZ/SWph6gUNmKsUcQg4klS9MFC9U0K7hpYZuqbZngJY84pj7mYs9Sp9z3x8AhQFiKpxSM7gYbjvM8bgSJ9ifimqYS3rj0zGEZ91Ns1Z3w1SUiBqZ+FnmVhccCR8LINMovXJ6Hino/tB45Vqyfbx7pr7RE+XLpV72wK2NJ4gVvqxYVMYjtMgWNb7dmUdhO9+YFk5VT7vLxFmLNHcsLWi4CpRdo2xmuU1gpd1lb0mYA20RhwPoN1XBRZVXdW5+mCHm8SoIBlL6a/0HuksHEzRHgqkwRcB3Dhe72+yQVMTJqpcxXs3cKdFZ9AgZOmthJ64vLoU2I2MeIxPrM4C1pw5lTYc0/yzgKrZYHEdPevwyUi+29k0dYOTNQkNvkBeEnZtvOadyrOzKDq99F9Jis0U3XRMkULTQRkBxBOfZuCRjYrOIQk7YsRX2G+wmC0RzjhopDxTiwKYz3NlhrbnhziZf+Du471S4HxDoDG/JRVT26DsSPxL5NDjzMzQZldUDHTHAVRlxB9mqLe45UojyHMWejnRPV98bUC2PV7XfxvGpWSwO01/MbEPZ7mif4yQQP+parmvYgeyT/BfZptsmugsyYhdsXQUp8PRcXB3IS4AN0+b0STgTmO7cJDqcq6YIvLxwOdAyONpbuDfJ3g+cz+BgBsI11m1JnWdADs/gS+t7GMb6AMHwsYFYe2TyrXv0fMNxLrOe0QGNH45DljFIw2nPB4WKnVoPxftJFsx52tK7xeq2Ab7XoEg/qx8lLLM01w7nuUPUGp0mzuW8yAwFWp2C6KGdcIF50YRmUEtegduxd0+zv2OhGYDwSvyDCeop/Z4y5/OpXVRnXdE9t0HdSgIvf+WA7DmD7pwKdU2Bt66CyixaZ3KP5+/uejpKW6OQd/Lqny5DV0M/9PTFo147GTg8MyJjYEz99lUMWtDcQQUL/OiK9LL12Dyq5S5Epx7VczMp2d4fvPNACjF2B5xU/2GlnHiKwuukqfKB0MY2VFEE8LHOMSGGsdI90p6z+V0WTDgOxAZn2K0ihJU+zspmvaGDt/Tvw8k8VW
"deleted": false,
"disable_correlation": false,
"object_relation": "malware-sample",
"timestamp": "1643368295",
"to_ids": true,
"type": "malware-sample",
"uuid": "ee99c95c-6bd1-48e3-bbe4-2f379f6853a3",
"value": "829eceee720b0a3e505efbd3262c387b92abdf46183d51a50489e2b157dac3b1|490c885dc7ba0f32c07ddfe02a04bbb9"
},
{
"category": "Artifacts dropped",
"comment": "",
"deleted": false,
"disable_correlation": true,
"object_relation": "mimetype",
"timestamp": "1643368295",
"to_ids": false,
"type": "mime-type",
"uuid": "2f4e337f-a5a8-47c2-9a77-efe1744810a5",
"value": "PE32+ executable (DLL) (GUI) x86-64, for MS Windows"
},
{
"category": "Payload delivery",
"comment": "",
"deleted": false,
"disable_correlation": false,
"object_relation": "ssdeep",
"timestamp": "1643368295",
"to_ids": true,
"type": "ssdeep",
"uuid": "4a1f7df8-438f-4594-83a9-e9e4e9e538f8",
"value": "6144:frSYfjhA5JgZ9fAcb7PNblIbRGCAOJquFDue2ZmrYnp:TSYa5eZ9fAc/PBquOdchZjnp"
}
]
},
{
"comment": "",
"deleted": false,
"description": "Metadata used to generate an executive level report",
"meta-category": "misc",
"name": "report",
"template_uuid": "70a68471-df22-4e3f-aa1a-5a3be19f82df",
"template_version": "5",
"timestamp": "1643368411",
"uuid": "982836ee-05aa-4b35-92d7-b83579145ce3",
"Attribute": [
{
"category": "External analysis",
"comment": "",
"deleted": false,
"disable_correlation": false,
"object_relation": "link",
"timestamp": "1643368411",
"to_ids": false,
"type": "link",
"uuid": "b9af4626-d91e-4386-b8c1-ae2ee902eb8b",
"value": "https://blog.malwarebytes.com/threat-intelligence/2022/01/north-koreas-lazarus-apt-leverages-windows-update-client-github-in-latest-campaign/"
},
{
"category": "Other",
"comment": "",
"deleted": false,
"disable_correlation": false,
"object_relation": "summary",
"timestamp": "1643368411",
"to_ids": false,
"type": "text",
"uuid": "56c6c206-1bfa-46ed-9cd4-1f008d43b430",
"value": "North Korea\u2019s Lazarus APT leverages Windows Update client, GitHub in latest campaign"
},
{
"category": "Other",
"comment": "",
"deleted": false,
"disable_correlation": true,
"object_relation": "type",
"timestamp": "1643368411",
"to_ids": false,
"type": "text",
"uuid": "315b1758-a08f-40e2-9d48-ada459bbc9c8",
"value": "Blog post"
}
]
}
]
}
}