2023-04-21 13:25:09 +00:00
{
"Event" : {
"analysis" : "2" ,
"date" : "2018-01-31" ,
"extends_uuid" : "" ,
"info" : "OSINT - Smominru Monero mining botnet making millions for operators" ,
"publish_timestamp" : "1518771269" ,
"published" : true ,
"threat_level_id" : "3" ,
"timestamp" : "1517540435" ,
"uuid" : "5a7238f2-7ea4-499a-89f6-450b02de0b81" ,
"Orgc" : {
"name" : "CIRCL" ,
"uuid" : "55f6ea5e-2c60-40e5-964f-47a8950d210f"
} ,
"Tag" : [
{
"colour" : "#ffffff" ,
2023-05-19 09:05:37 +00:00
"local" : "0" ,
"name" : "tlp:white" ,
"relationship_type" : ""
2023-04-21 13:25:09 +00:00
}
] ,
"Attribute" : [
{
"category" : "External analysis" ,
"comment" : "" ,
"deleted" : false ,
"disable_correlation" : false ,
"timestamp" : "1517488861" ,
"to_ids" : false ,
"type" : "text" ,
"uuid" : "5a723909-f0f0-4dfa-b8b7-44fe02de0b81" ,
"value" : "Even with recent volatility in the price of most cryptocurrencies, especially Bitcoin, interest among mainstream users and the media remains high. At the same time, Bitcoin alternatives like Monero and Ethereum continue their overall upward trend in value (Figure 1), putting them squarely in the crosshairs of threat actors looking for quick profits and anonymous transactions. Because obtaining these cryptocurrencies through legitimate mining mechanisms is quite resource-intensive, cybercriminals are stealing them, demanding ransomware payments in them, and harnessing other computers to mine them for free. Recently, Proofpoint researchers have been tracking the massive Smominru botnet, the combined computing power of which had earned millions of dollars for its operators."
} ,
{
"category" : "External analysis" ,
"comment" : "" ,
"deleted" : false ,
"disable_correlation" : false ,
"timestamp" : "1517488862" ,
"to_ids" : false ,
"type" : "link" ,
"uuid" : "5a723916-3788-47c7-a70a-432502de0b81" ,
"value" : "https://www.proofpoint.com/us/threat-insight/post/smominru-monero-mining-botnet-making-millions-operators"
} ,
{
"category" : "Payload delivery" ,
"comment" : "Since the end of May 2017, we have been monitoring a Monero miner that spreads using the EternalBlue Exploit (CVE-2017-0144)." ,
"deleted" : false ,
"disable_correlation" : false ,
"timestamp" : "1517488862" ,
"to_ids" : false ,
"type" : "vulnerability" ,
"uuid" : "5a723935-bf74-4ea6-ba45-ee7702de0b81" ,
"value" : "CVE-2017-0144"
} ,
{
"category" : "Payload delivery" ,
"comment" : "At least 25 hosts were conducting attacks via EternalBlue (CVE-2017-0144 SMB) to infect new nodes and increase the size of the botnet. The hosts all appear to sit behind the network autonomous system AS63199. Other researchers also reported attacks via MySQL [3], and we believe the actors are also likely using EsteemAudit (CVE-2017-0176), like most other EternalBlue attackers. The botnet\u00e2\u20ac\u2122s command and control (C&C) infrastructure is hosted behind SharkTech, who we notified of the abuse but did not receive a reply to abuse notification." ,
"deleted" : false ,
"disable_correlation" : false ,
"timestamp" : "1517488863" ,
"to_ids" : false ,
"type" : "vulnerability" ,
"uuid" : "5a723955-5430-48e4-976e-465a02de0b81" ,
"value" : "CVE-2017-0176"
} ,
{
"category" : "Network activity" ,
"comment" : "Attacking IP (via EB)" ,
"deleted" : false ,
"disable_correlation" : false ,
"timestamp" : "1517488863" ,
"to_ids" : true ,
"type" : "ip-dst" ,
"uuid" : "5a72399d-8ba0-4d8e-bd4a-4d4102de0b81" ,
"value" : "148.153.34.114"
} ,
{
"category" : "Network activity" ,
"comment" : "Attacking IP (via EB)" ,
"deleted" : false ,
"disable_correlation" : false ,
"timestamp" : "1517488864" ,
"to_ids" : true ,
"type" : "ip-dst" ,
"uuid" : "5a72399d-0d98-4599-89c2-4c9e02de0b81" ,
"value" : "118.193.81.70"
} ,
{
"category" : "Network activity" ,
"comment" : "Attacking IP (via EB)" ,
"deleted" : false ,
"disable_correlation" : false ,
"timestamp" : "1517488864" ,
"to_ids" : true ,
"type" : "ip-dst" ,
"uuid" : "5a72399e-cd14-491a-bb01-4cde02de0b81" ,
"value" : "118.193.31.14"
} ,
{
"category" : "Network activity" ,
"comment" : "Attacking IP (via EB)" ,
"deleted" : false ,
"disable_correlation" : false ,
"timestamp" : "1517488865" ,
"to_ids" : true ,
"type" : "ip-dst" ,
"uuid" : "5a72399e-0cbc-46d1-8db9-4aad02de0b81" ,
"value" : "118.193.28.58"
} ,
{
"category" : "Network activity" ,
"comment" : "Attacking IP (via EB)" ,
"deleted" : false ,
"disable_correlation" : false ,
"timestamp" : "1517488865" ,
"to_ids" : true ,
"type" : "ip-dst" ,
"uuid" : "5a72399f-5eec-49b8-9e5b-497102de0b81" ,
"value" : "164.52.12.110"
} ,
{
"category" : "Network activity" ,
"comment" : "Attacking IP (via EB)" ,
"deleted" : false ,
"disable_correlation" : false ,
"timestamp" : "1517488866" ,
"to_ids" : true ,
"type" : "ip-dst" ,
"uuid" : "5a72399f-4114-48f0-bd34-4ce902de0b81" ,
"value" : "148.153.24.98"
} ,
{
"category" : "Network activity" ,
"comment" : "Attacking IP (via EB)" ,
"deleted" : false ,
"disable_correlation" : false ,
"timestamp" : "1517488866" ,
"to_ids" : true ,
"type" : "ip-dst" ,
"uuid" : "5a7239a0-9fbc-4402-afa4-437302de0b81" ,
"value" : "164.52.13.58"
} ,
{
"category" : "Network activity" ,
"comment" : "Attacking IP (via EB)" ,
"deleted" : false ,
"disable_correlation" : false ,
"timestamp" : "1517488866" ,
"to_ids" : true ,
"type" : "ip-dst" ,
"uuid" : "5a7239a0-9a04-48d4-854d-440602de0b81" ,
"value" : "148.153.38.78"
} ,
{
"category" : "Network activity" ,
"comment" : "Attacking IP (via EB)" ,
"deleted" : false ,
"disable_correlation" : false ,
"timestamp" : "1517488867" ,
"to_ids" : true ,
"type" : "ip-dst" ,
"uuid" : "5a7239a0-1728-4a2c-b7a8-49ac02de0b81" ,
"value" : "118.193.22.58"
} ,
{
"category" : "Network activity" ,
"comment" : "Attacking IP (via EB)" ,
"deleted" : false ,
"disable_correlation" : false ,
"timestamp" : "1517488867" ,
"to_ids" : true ,
"type" : "ip-dst" ,
"uuid" : "5a7239a1-3eb8-4e05-8a34-42f502de0b81" ,
"value" : "103.241.229.122"
} ,
{
"category" : "Network activity" ,
"comment" : "Attacking IP (via EB)" ,
"deleted" : false ,
"disable_correlation" : false ,
"timestamp" : "1517488868" ,
"to_ids" : true ,
"type" : "ip-dst" ,
"uuid" : "5a7239a1-df5c-4a4f-9230-4cc102de0b81" ,
"value" : "148.153.39.186"
} ,
{
"category" : "Network activity" ,
"comment" : "Attacking IP (via EB)" ,
"deleted" : false ,
"disable_correlation" : false ,
"timestamp" : "1517488868" ,
"to_ids" : true ,
"type" : "ip-dst" ,
"uuid" : "5a7239a2-b0c0-4de5-89c2-4aaa02de0b81" ,
"value" : "148.153.14.246"
} ,
{
"category" : "Network activity" ,
"comment" : "Attacking IP (via EB)" ,
"deleted" : false ,
"disable_correlation" : false ,
"timestamp" : "1517488869" ,
"to_ids" : true ,
"type" : "ip-dst" ,
"uuid" : "5a7239a2-8e18-403a-b976-46cf02de0b81" ,
"value" : "118.193.31.110"
} ,
{
"category" : "Network activity" ,
"comment" : "Attacking IP (via EB)" ,
"deleted" : false ,
"disable_correlation" : false ,
"timestamp" : "1517488869" ,
"to_ids" : true ,
"type" : "ip-dst" ,
"uuid" : "5a7239a2-72dc-4348-bb4f-499d02de0b81" ,
"value" : "118.193.27.198"
} ,
{
"category" : "Network activity" ,
"comment" : "Attacking IP (via EB)" ,
"deleted" : false ,
"disable_correlation" : false ,
"timestamp" : "1517488870" ,
"to_ids" : true ,
"type" : "ip-dst" ,
"uuid" : "5a7239a3-1900-4d9f-91ae-482f02de0b81" ,
"value" : "164.52.25.106"
} ,
{
"category" : "Network activity" ,
"comment" : "Attacking IP (via EB)" ,
"deleted" : false ,
"disable_correlation" : false ,
"timestamp" : "1517488870" ,
"to_ids" : true ,
"type" : "ip-dst" ,
"uuid" : "5a7239a3-66e4-4708-9a76-47a002de0b81" ,
"value" : "164.52.1.46"
} ,
{
"category" : "Network activity" ,
"comment" : "Attacking IP (via EB)" ,
"deleted" : false ,
"disable_correlation" : false ,
"timestamp" : "1517488871" ,
"to_ids" : true ,
"type" : "ip-dst" ,
"uuid" : "5a7239a4-e710-43bf-98dd-490d02de0b81" ,
"value" : "148.153.36.34"
} ,
{
"category" : "Network activity" ,
"comment" : "Attacking IP (via EB)" ,
"deleted" : false ,
"disable_correlation" : false ,
"timestamp" : "1517488871" ,
"to_ids" : true ,
"type" : "ip-dst" ,
"uuid" : "5a7239a4-4890-4892-a9db-40e102de0b81" ,
"value" : "118.193.21.186"
} ,
{
"category" : "Network activity" ,
"comment" : "Attacking IP (via EB)" ,
"deleted" : false ,
"disable_correlation" : false ,
"timestamp" : "1517488872" ,
"to_ids" : true ,
"type" : "ip-dst" ,
"uuid" : "5a7239a5-9d44-4b30-a5a7-4baf02de0b81" ,
"value" : "164.52.12.162"
} ,
{
"category" : "Network activity" ,
"comment" : "Attacking IP (via EB)" ,
"deleted" : false ,
"disable_correlation" : false ,
"timestamp" : "1517488872" ,
"to_ids" : true ,
"type" : "ip-dst" ,
"uuid" : "5a7239a5-224c-4629-bb56-4b8e02de0b81" ,
"value" : "148.153.24.106"
} ,
{
"category" : "Network activity" ,
"comment" : "Attacking IP (via EB)" ,
"deleted" : false ,
"disable_correlation" : false ,
"timestamp" : "1517488873" ,
"to_ids" : true ,
"type" : "ip-dst" ,
"uuid" : "5a7239a5-8f14-4b49-85f3-4eb502de0b81" ,
"value" : "148.153.44.46"
} ,
{
"category" : "Network activity" ,
"comment" : "Attacking IP (via EB)" ,
"deleted" : false ,
"disable_correlation" : false ,
"timestamp" : "1517488873" ,
"to_ids" : true ,
"type" : "ip-dst" ,
"uuid" : "5a7239a6-f020-4087-81a4-42fe02de0b81" ,
"value" : "164.52.11.222"
} ,
{
"category" : "Network activity" ,
"comment" : "Attacking IP (via EB)" ,
"deleted" : false ,
"disable_correlation" : false ,
"timestamp" : "1517488874" ,
"to_ids" : true ,
"type" : "ip-dst" ,
"uuid" : "5a7239a6-861c-4d25-a9fd-4c0c02de0b81" ,
"value" : "118.193.29.6"
} ,
{
"category" : "Network activity" ,
"comment" : "Attacking IP (via EB)" ,
"deleted" : false ,
"disable_correlation" : false ,
"timestamp" : "1517488874" ,
"to_ids" : true ,
"type" : "ip-dst" ,
"uuid" : "5a7239a7-2978-41cc-8885-428902de0b81" ,
"value" : "148.153.8.86"
} ,
{
"category" : "Network activity" ,
"comment" : "Attacking IP (via EB)" ,
"deleted" : false ,
"disable_correlation" : false ,
"timestamp" : "1517488874" ,
"to_ids" : true ,
"type" : "ip-dst" ,
"uuid" : "5a7239a7-9454-42de-b5ae-481102de0b81" ,
"value" : "164.52.1.14"
} ,
{
"category" : "Payload delivery" ,
"comment" : "ups.rar" ,
"deleted" : false ,
"disable_correlation" : false ,
"timestamp" : "1517435618" ,
"to_ids" : true ,
"type" : "sha256" ,
"uuid" : "5a723ae2-140c-452f-889f-4daa02de0b81" ,
"value" : "da3b2e4da23aae505bf991cb68833d01d0c5b75645d246dfa9b6e403be1798c8"
} ,
{
"category" : "Payload delivery" ,
"comment" : "EternalBlue dropped" ,
"deleted" : false ,
"disable_correlation" : false ,
"timestamp" : "1517435618" ,
"to_ids" : true ,
"type" : "sha256" ,
"uuid" : "5a723ae2-c428-440c-9be4-4bb102de0b81" ,
"value" : "8ceb370e5f32dd732809c827f8eda38cc9b746d40adea3dca33b8c27ee38eb6f"
} ,
{
"category" : "Payload delivery" ,
"comment" : "EternalBlue dropped" ,
"deleted" : false ,
"disable_correlation" : false ,
"timestamp" : "1517435619" ,
"to_ids" : true ,
"type" : "sha256" ,
"uuid" : "5a723ae3-8304-4789-91de-4b0b02de0b81" ,
"value" : "5e15c97546a19759a8397e51e98a2d8168e6e27aff4dc518220459ed3184e4e2"
} ,
{
"category" : "Payload delivery" ,
"comment" : "64.rar" ,
"deleted" : false ,
"disable_correlation" : false ,
"timestamp" : "1517435619" ,
"to_ids" : true ,
"type" : "sha256" ,
"uuid" : "5a723ae3-feb8-4011-993a-493e02de0b81" ,
"value" : "2e3f534bd6b7d1cf18dc727820124faed92fb28f1d4626c9658587b9b3c09509"
} ,
{
"category" : "Payload delivery" ,
"comment" : "0107.rar (Smominru - Coin Miner)" ,
"deleted" : false ,
"disable_correlation" : false ,
"timestamp" : "1517435620" ,
"to_ids" : true ,
"type" : "sha256" ,
"uuid" : "5a723ae4-261c-4c19-b8cd-4cd602de0b81" ,
"value" : "b7f8b5cb8fc7bd5c14105fde118f5ac7a808e590e52f16c70128b4bd28aa4b5a"
} ,
{
"category" : "Payload delivery" ,
"comment" : "0121.rar (Smominru Coin Miner)" ,
"deleted" : false ,
"disable_correlation" : false ,
"timestamp" : "1517435620" ,
"to_ids" : true ,
"type" : "sha256" ,
"uuid" : "5a723ae4-1520-45c3-b378-412002de0b81" ,
"value" : "32e0712ff24e5f9ab8ee682a53514c501486f0836ef24125503335d86bd10a4e"
} ,
{
"category" : "Payload delivery" ,
"comment" : "0126.rar (Smominru Coin Miner)" ,
"deleted" : false ,
"disable_correlation" : false ,
"timestamp" : "1517435621" ,
"to_ids" : true ,
"type" : "sha256" ,
"uuid" : "5a723ae5-1970-44f3-bdbf-423e02de0b81" ,
"value" : "3b1824b41f3853376e21153d9125781dbb57b820d8a9a6cc037f82ea87f50973"
} ,
{
"category" : "Payload delivery" ,
"comment" : "0114.rar (Smominru - Coin Miner)" ,
"deleted" : false ,
"disable_correlation" : false ,
"timestamp" : "1517435621" ,
"to_ids" : true ,
"type" : "sha256" ,
"uuid" : "5a723ae5-64bc-4529-86ee-420e02de0b81" ,
"value" : "f1c36aebdcd92a04fd689d31944e5388e7e9b9421063ec4c98804ac7a04e6b0d"
} ,
{
"category" : "Network activity" ,
"comment" : "Smominru C&C (Binary Server)" ,
"deleted" : false ,
"disable_correlation" : false ,
"timestamp" : "1517435771" ,
"to_ids" : true ,
"type" : "ip-dst" ,
"uuid" : "5a723b7b-b10c-4792-977a-411302de0b81" ,
"value" : "209.58.186.145"
} ,
{
"category" : "Network activity" ,
"comment" : "Smominru C&C" ,
"deleted" : false ,
"disable_correlation" : false ,
"timestamp" : "1517435772" ,
"to_ids" : true ,
"type" : "ip-dst" ,
"uuid" : "5a723b7c-92ec-49fd-be05-47b102de0b81" ,
"value" : "103.95.29.8"
} ,
{
"category" : "Network activity" ,
"comment" : "Smominru C&C (WMI call)" ,
"deleted" : false ,
"disable_correlation" : false ,
"timestamp" : "1517435772" ,
"to_ids" : true ,
"type" : "ip-dst" ,
"uuid" : "5a723b7c-f44c-442c-a15d-43f102de0b81" ,
"value" : "45.58.140.194"
} ,
{
"category" : "Network activity" ,
"comment" : "Smominru C&C (binary server)" ,
"deleted" : false ,
"disable_correlation" : false ,
"timestamp" : "1517435772" ,
"to_ids" : true ,
"type" : "ip-dst" ,
"uuid" : "5a723b7d-5ee4-4b59-aae7-409102de0b81" ,
"value" : "170.178.171.162"
} ,
{
"category" : "Network activity" ,
"comment" : "Smominru C&C (WMI call) Sinkholed domain" ,
"deleted" : false ,
"disable_correlation" : false ,
"timestamp" : "1517435773" ,
"to_ids" : true ,
"type" : "ip-dst" ,
"uuid" : "5a723b7d-cf18-46da-b75d-42cb02de0b81" ,
"value" : "103.95.30.26"
} ,
{
"category" : "Network activity" ,
"comment" : "Smominru binary server" ,
"deleted" : false ,
"disable_correlation" : false ,
"timestamp" : "1517435773" ,
"to_ids" : true ,
"type" : "ip-dst" ,
"uuid" : "5a723b7d-39fc-4346-b8dc-4d2202de0b81" ,
"value" : "68.64.166.82"
} ,
{
"category" : "Network activity" ,
"comment" : "Smominru binary server" ,
"deleted" : false ,
"disable_correlation" : false ,
"timestamp" : "1517435774" ,
"to_ids" : true ,
"type" : "ip-dst" ,
"uuid" : "5a723b7e-8b04-4a40-862f-455402de0b81" ,
"value" : "27.255.79.151"
} ,
{
"category" : "Payload delivery" ,
"comment" : "Smominru C&C" ,
"deleted" : false ,
"disable_correlation" : false ,
"timestamp" : "1517488875" ,
"to_ids" : true ,
"type" : "filename" ,
"uuid" : "5a723b7e-eab4-493f-ba7b-4dbe02de0b81" ,
"value" : "down.my0709.xyz"
} ,
{
"category" : "Network activity" ,
"comment" : "Smominru C&C" ,
"deleted" : false ,
"disable_correlation" : false ,
"timestamp" : "1517435775" ,
"to_ids" : true ,
"type" : "ip-dst" ,
"uuid" : "5a723b7f-97d8-449f-8ed6-489b02de0b81" ,
"value" : "198.148.80.194"
}
] ,
"Object" : [
{
"comment" : "" ,
"deleted" : false ,
"description" : "An address used in a cryptocurrency" ,
"meta-category" : "financial" ,
"name" : "coin-address" ,
"template_uuid" : "d0e6997e-78da-4815-a6a1-cfc1c1cb8a46" ,
"template_version" : "2" ,
"timestamp" : "1517435390" ,
"uuid" : "5a7239fe-2ec0-4295-a0f1-ee7702de0b81" ,
"Attribute" : [
{
"category" : "Financial fraud" ,
"comment" : "" ,
"deleted" : false ,
"disable_correlation" : false ,
"object_relation" : "address" ,
"timestamp" : "1517435391" ,
"to_ids" : true ,
"type" : "btc" ,
"uuid" : "5a7239ff-8b94-41dd-91e0-ee7702de0b81" ,
"value" : "43Lm9q14s7GhMLpUsiXY3MH6G67Sn81B5DqmN46u8WnBXNvJmC6FwH3ZMwAmkEB1nHSrujgthFPQeQCFPCwwE7m7TpspYBd"
} ,
{
"category" : "Other" ,
"comment" : "" ,
"deleted" : false ,
"disable_correlation" : true ,
"object_relation" : "symbol" ,
"timestamp" : "1517435391" ,
"to_ids" : false ,
"type" : "text" ,
"uuid" : "5a7239ff-9bcc-43f2-8e1f-ee7702de0b81" ,
"value" : "XMR"
} ,
{
"category" : "Other" ,
"comment" : "" ,
"deleted" : false ,
"disable_correlation" : false ,
"object_relation" : "text" ,
"timestamp" : "1517435392" ,
"to_ids" : false ,
"type" : "text" ,
"uuid" : "5a723a00-2378-4cb9-8c44-ee7702de0b81" ,
"value" : "used after 2018-01-14"
}
]
} ,
{
"comment" : "" ,
"deleted" : false ,
"description" : "An address used in a cryptocurrency" ,
"meta-category" : "financial" ,
"name" : "coin-address" ,
"template_uuid" : "d0e6997e-78da-4815-a6a1-cfc1c1cb8a46" ,
"template_version" : "2" ,
"timestamp" : "1517435459" ,
"uuid" : "5a723a43-35dc-43c6-aebc-448102de0b81" ,
"Attribute" : [
{
"category" : "Financial fraud" ,
"comment" : "" ,
"deleted" : false ,
"disable_correlation" : false ,
"object_relation" : "address" ,
"timestamp" : "1517435460" ,
"to_ids" : true ,
"type" : "btc" ,
"uuid" : "5a723a44-1f80-459f-ab1f-4f7b02de0b81" ,
"value" : "47Tscy1QuJn1fxHiBRjWFtgHmvqkW71YZCQL33LeunfH4rsGEHx5UGTPdfXNJtMMATMz8bmaykGVuDFGWP3KyufBSdzxBb2"
} ,
{
"category" : "Other" ,
"comment" : "" ,
"deleted" : false ,
"disable_correlation" : true ,
"object_relation" : "symbol" ,
"timestamp" : "1517435460" ,
"to_ids" : false ,
"type" : "text" ,
"uuid" : "5a723a44-3498-4397-9114-49b602de0b81" ,
"value" : "XMR"
} ,
{
"category" : "Other" ,
"comment" : "" ,
"deleted" : false ,
"disable_correlation" : false ,
"object_relation" : "text" ,
"timestamp" : "1517435461" ,
"to_ids" : false ,
"type" : "text" ,
"uuid" : "5a723a45-3cb4-4b1b-80a1-4d6102de0b81" ,
"value" : "used from before 2017/05 till 2017/09\r\n\r\n \r\n\r\nMined 2000 Monero"
}
]
} ,
{
"comment" : "" ,
"deleted" : false ,
"description" : "An address used in a cryptocurrency" ,
"meta-category" : "financial" ,
"name" : "coin-address" ,
"template_uuid" : "d0e6997e-78da-4815-a6a1-cfc1c1cb8a46" ,
"template_version" : "2" ,
"timestamp" : "1517435512" ,
"uuid" : "5a723a78-fa6c-4f56-b48b-41ff02de0b81" ,
"Attribute" : [
{
"category" : "Financial fraud" ,
"comment" : "" ,
"deleted" : false ,
"disable_correlation" : false ,
"object_relation" : "address" ,
"timestamp" : "1517435512" ,
"to_ids" : true ,
"type" : "btc" ,
"uuid" : "5a723a78-bfe8-4820-84b5-4a5602de0b81" ,
"value" : "45bbP2muiJHD8Fd5tZyPAfC2RsajyEcsRVVMZ7Tm5qJjdTMprexz6yQ5DVQ1BbmjkMYm9nMid2QSbiGLvvfau7At5V18FzQ"
} ,
{
"category" : "Other" ,
"comment" : "" ,
"deleted" : false ,
"disable_correlation" : true ,
"object_relation" : "symbol" ,
"timestamp" : "1517435512" ,
"to_ids" : false ,
"type" : "text" ,
"uuid" : "5a723a78-7cb8-482c-baf0-447e02de0b81" ,
"value" : "XMR"
} ,
{
"category" : "Other" ,
"comment" : "" ,
"deleted" : false ,
"disable_correlation" : false ,
"object_relation" : "text" ,
"timestamp" : "1517435513" ,
"to_ids" : false ,
"type" : "text" ,
"uuid" : "5a723a79-95e4-426e-9a91-4ee402de0b81" ,
"value" : "from 2017/09 till 2018-01-13\r\n\r\nMined around 6800 Monero"
}
]
} ,
{
"comment" : "Smominru C&C" ,
"deleted" : false ,
"description" : "A domain and IP address seen as a tuple in a specific time frame." ,
"meta-category" : "network" ,
"name" : "domain-ip" ,
"template_uuid" : "43b3b146-77eb-4931-b4cc-b66c60f28734" ,
"template_version" : "5" ,
"timestamp" : "1517478243" ,
"uuid" : "5a72dd50-62b4-49c8-ba81-b1ce950d210f" ,
"Attribute" : [
{
"category" : "Network activity" ,
"comment" : "" ,
"deleted" : false ,
"disable_correlation" : false ,
"object_relation" : "ip" ,
"timestamp" : "1517478243" ,
"to_ids" : true ,
"type" : "ip-dst" ,
"uuid" : "5a72dd50-2b88-42d5-acde-b1ce950d210f" ,
"value" : "198.148.80.194"
} ,
{
"category" : "Network activity" ,
"comment" : "" ,
"deleted" : false ,
"disable_correlation" : false ,
"object_relation" : "domain" ,
"timestamp" : "1517478243" ,
"to_ids" : true ,
"type" : "domain" ,
"uuid" : "5a72dd50-a684-44f6-9cb4-b1ce950d210f" ,
"value" : "down.down0116.info"
}
]
} ,
{
"comment" : "Smominru C&C (Binary Server)" ,
"deleted" : false ,
"description" : "An IP address (or domain) and a port seen as a tuple (or as a triple) in a specific time frame." ,
"meta-category" : "network" ,
"name" : "ip-port" ,
"template_uuid" : "9f8cea74-16fe-4968-a2b4-026676949ac6" ,
"template_version" : "6" ,
"timestamp" : "1517478223" ,
"uuid" : "5a72e14f-c2c4-4a5b-b3b9-5bec950d210f" ,
"Attribute" : [
{
"category" : "Network activity" ,
"comment" : "" ,
"deleted" : false ,
"disable_correlation" : false ,
"object_relation" : "domain" ,
"timestamp" : "1517478223" ,
"to_ids" : true ,
"type" : "domain" ,
"uuid" : "5a72e14f-192c-4747-84e5-5bec950d210f" ,
"value" : "down.oo000oo.club"
} ,
{
"category" : "Network activity" ,
"comment" : "" ,
"deleted" : false ,
"disable_correlation" : false ,
"object_relation" : "ip" ,
"timestamp" : "1517478223" ,
"to_ids" : true ,
"type" : "ip-dst" ,
"uuid" : "5a72e14f-19fc-42c9-85b8-5bec950d210f" ,
"value" : "209.58.186.145"
} ,
{
"category" : "Network activity" ,
"comment" : "" ,
"deleted" : false ,
"disable_correlation" : false ,
"object_relation" : "dst-port" ,
"timestamp" : "1517478224" ,
"to_ids" : false ,
"type" : "port" ,
"uuid" : "5a72e150-385c-4dfb-a4a0-5bec950d210f" ,
"value" : "8888"
}
]
} ,
{
"comment" : "Smominru C&C" ,
"deleted" : false ,
"description" : "An IP address (or domain) and a port seen as a tuple (or as a triple) in a specific time frame." ,
"meta-category" : "network" ,
"name" : "ip-port" ,
"template_uuid" : "9f8cea74-16fe-4968-a2b4-026676949ac6" ,
"template_version" : "6" ,
"timestamp" : "1517478378" ,
"uuid" : "5a72e1ea-ce94-495a-ab42-7a86950d210f" ,
"Attribute" : [
{
"category" : "Network activity" ,
"comment" : "" ,
"deleted" : false ,
"disable_correlation" : false ,
"object_relation" : "domain" ,
"timestamp" : "1517478378" ,
"to_ids" : true ,
"type" : "domain" ,
"uuid" : "5a72e1ea-2f24-4c8c-b1fa-7a86950d210f" ,
"value" : "www.cyg2016.xyz"
} ,
{
"category" : "Network activity" ,
"comment" : "" ,
"deleted" : false ,
"disable_correlation" : false ,
"object_relation" : "ip" ,
"timestamp" : "1517478379" ,
"to_ids" : true ,
"type" : "ip-dst" ,
"uuid" : "5a72e1eb-0690-4781-890d-7a86950d210f" ,
"value" : "103.95.29.8"
} ,
{
"category" : "Network activity" ,
"comment" : "" ,
"deleted" : false ,
"disable_correlation" : false ,
"object_relation" : "dst-port" ,
"timestamp" : "1517478379" ,
"to_ids" : false ,
"type" : "port" ,
"uuid" : "5a72e1eb-f7fc-4b93-b7e4-7a86950d210f" ,
"value" : "8888"
}
]
} ,
{
"comment" : "Smominru C&C (Binary Server)" ,
"deleted" : false ,
"description" : "An IP address (or domain) and a port seen as a tuple (or as a triple) in a specific time frame." ,
"meta-category" : "network" ,
"name" : "ip-port" ,
"template_uuid" : "9f8cea74-16fe-4968-a2b4-026676949ac6" ,
"template_version" : "6" ,
"timestamp" : "1517478472" ,
"uuid" : "5a72e248-e0fc-4718-8b49-8f0b950d210f" ,
"Attribute" : [
{
"category" : "Network activity" ,
"comment" : "" ,
"deleted" : false ,
"disable_correlation" : false ,
"object_relation" : "domain" ,
"timestamp" : "1517478473" ,
"to_ids" : true ,
"type" : "domain" ,
"uuid" : "5a72e249-8258-4d48-8ee0-8f0b950d210f" ,
"value" : "down.mys2016.info"
} ,
{
"category" : "Network activity" ,
"comment" : "" ,
"deleted" : false ,
"disable_correlation" : false ,
"object_relation" : "ip" ,
"timestamp" : "1517478473" ,
"to_ids" : true ,
"type" : "ip-dst" ,
"uuid" : "5a72e249-80e4-4c04-94e8-8f0b950d210f" ,
"value" : "103.95.29.8"
} ,
{
"category" : "Network activity" ,
"comment" : "" ,
"deleted" : false ,
"disable_correlation" : false ,
"object_relation" : "dst-port" ,
"timestamp" : "1517478474" ,
"to_ids" : false ,
"type" : "port" ,
"uuid" : "5a72e24a-e768-4491-9ac5-8f0b950d210f" ,
"value" : "8888"
}
]
} ,
{
"comment" : "Smominru C&C (WMI call)" ,
"deleted" : false ,
"description" : "An IP address (or domain) and a port seen as a tuple (or as a triple) in a specific time frame." ,
"meta-category" : "network" ,
"name" : "ip-port" ,
"template_uuid" : "9f8cea74-16fe-4968-a2b4-026676949ac6" ,
"template_version" : "6" ,
"timestamp" : "1517478612" ,
"uuid" : "5a72e2d4-d378-4bfe-89bc-b1e2950d210f" ,
"Attribute" : [
{
"category" : "Network activity" ,
"comment" : "" ,
"deleted" : false ,
"disable_correlation" : false ,
"object_relation" : "domain" ,
"timestamp" : "1517478612" ,
"to_ids" : true ,
"type" : "domain" ,
"uuid" : "5a72e2d4-6c00-4ae9-b564-b1e2950d210f" ,
"value" : "wmi.mykings.top.info"
} ,
{
"category" : "Network activity" ,
"comment" : "" ,
"deleted" : false ,
"disable_correlation" : false ,
"object_relation" : "ip" ,
"timestamp" : "1517478612" ,
"to_ids" : true ,
"type" : "ip-dst" ,
"uuid" : "5a72e2d4-f494-469b-b4c1-b1e2950d210f" ,
"value" : "45.58.140.194"
} ,
{
"category" : "Network activity" ,
"comment" : "" ,
"deleted" : false ,
"disable_correlation" : false ,
"object_relation" : "dst-port" ,
"timestamp" : "1517478613" ,
"to_ids" : false ,
"type" : "port" ,
"uuid" : "5a72e2d5-5fc0-4bb0-822f-b1e2950d210f" ,
"value" : "8888"
}
]
} ,
{
"comment" : "Smominru C&C (WMI call)" ,
"deleted" : false ,
"description" : "An IP address (or domain) and a port seen as a tuple (or as a triple) in a specific time frame." ,
"meta-category" : "network" ,
"name" : "ip-port" ,
"template_uuid" : "9f8cea74-16fe-4968-a2b4-026676949ac6" ,
"template_version" : "6" ,
"timestamp" : "1517478716" ,
"uuid" : "5a72e33c-e520-40ad-991f-b1fb950d210f" ,
"Attribute" : [
{
"category" : "Network activity" ,
"comment" : "" ,
"deleted" : false ,
"disable_correlation" : false ,
"object_relation" : "domain" ,
"timestamp" : "1517478717" ,
"to_ids" : true ,
"type" : "domain" ,
"uuid" : "5a72e33d-9b10-4c7a-a604-b1fb950d210f" ,
"value" : "wmi.oo000oo.club"
} ,
{
"category" : "Network activity" ,
"comment" : "" ,
"deleted" : false ,
"disable_correlation" : false ,
"object_relation" : "ip" ,
"timestamp" : "1517478717" ,
"to_ids" : true ,
"type" : "ip-dst" ,
"uuid" : "5a72e33d-cc40-416f-9d28-b1fb950d210f" ,
"value" : "45.58.140.194"
} ,
{
"category" : "Network activity" ,
"comment" : "" ,
"deleted" : false ,
"disable_correlation" : false ,
"object_relation" : "dst-port" ,
"timestamp" : "1517478718" ,
"to_ids" : false ,
"type" : "port" ,
"uuid" : "5a72e33e-6250-4f01-8aff-b1fb950d210f" ,
"value" : "8888"
}
]
} ,
{
"comment" : "Smominru C&C" ,
"deleted" : false ,
"description" : "An IP address (or domain) and a port seen as a tuple (or as a triple) in a specific time frame." ,
"meta-category" : "network" ,
"name" : "ip-port" ,
"template_uuid" : "9f8cea74-16fe-4968-a2b4-026676949ac6" ,
"template_version" : "6" ,
"timestamp" : "1517479147" ,
"uuid" : "5a72e4eb-bb78-4f19-ae51-b1db950d210f" ,
"Attribute" : [
{
"category" : "Network activity" ,
"comment" : "" ,
"deleted" : false ,
"disable_correlation" : false ,
"object_relation" : "domain" ,
"timestamp" : "1517479147" ,
"to_ids" : true ,
"type" : "domain" ,
"uuid" : "5a72e4eb-4bc4-486c-99c2-b1db950d210f" ,
"value" : "xmr.5b6b7b.ru"
} ,
{
"category" : "Network activity" ,
"comment" : "" ,
"deleted" : false ,
"disable_correlation" : false ,
"object_relation" : "ip" ,
"timestamp" : "1517479148" ,
"to_ids" : true ,
"type" : "ip-dst" ,
"uuid" : "5a72e4ec-342c-4238-9164-b1db950d210f" ,
"value" : "45.58.140.194"
} ,
{
"category" : "Network activity" ,
"comment" : "" ,
"deleted" : false ,
"disable_correlation" : false ,
"object_relation" : "dst-port" ,
"timestamp" : "1517479148" ,
"to_ids" : false ,
"type" : "port" ,
"uuid" : "5a72e4ec-73e8-4b09-b260-b1db950d210f" ,
"value" : "8888"
}
]
} ,
{
"comment" : "Smominru C&C (binary server)" ,
"deleted" : false ,
"description" : "An IP address (or domain) and a port seen as a tuple (or as a triple) in a specific time frame." ,
"meta-category" : "network" ,
"name" : "ip-port" ,
"template_uuid" : "9f8cea74-16fe-4968-a2b4-026676949ac6" ,
"template_version" : "6" ,
"timestamp" : "1517480257" ,
"uuid" : "5a72e941-384c-4ed5-8bb4-4b0a950d210f" ,
"Attribute" : [
{
"category" : "Network activity" ,
"comment" : "" ,
"deleted" : false ,
"disable_correlation" : false ,
"object_relation" : "domain" ,
"timestamp" : "1517480257" ,
"to_ids" : true ,
"type" : "domain" ,
"uuid" : "5a72e941-dcc0-46d3-ba29-4246950d210f" ,
"value" : "64.myxmr.pw"
} ,
{
"category" : "Network activity" ,
"comment" : "" ,
"deleted" : false ,
"disable_correlation" : false ,
"object_relation" : "ip" ,
"timestamp" : "1517480257" ,
"to_ids" : true ,
"type" : "ip-dst" ,
"uuid" : "5a72e941-a440-41a2-b723-48d4950d210f" ,
"value" : "170.178.171.162"
} ,
{
"category" : "Network activity" ,
"comment" : "" ,
"deleted" : false ,
"disable_correlation" : false ,
"object_relation" : "dst-port" ,
"timestamp" : "1517480258" ,
"to_ids" : false ,
"type" : "port" ,
"uuid" : "5a72e942-23c4-4e85-9525-41b4950d210f" ,
"value" : "8888"
}
]
} ,
{
"comment" : "Smominru C&C (WMI call) - Sinkholed domain" ,
"deleted" : false ,
"description" : "An IP address (or domain) and a port seen as a tuple (or as a triple) in a specific time frame." ,
"meta-category" : "network" ,
"name" : "ip-port" ,
"template_uuid" : "9f8cea74-16fe-4968-a2b4-026676949ac6" ,
"template_version" : "6" ,
"timestamp" : "1517480825" ,
"uuid" : "5a72eb79-1514-4dc9-87d4-4763950d210f" ,
"Attribute" : [
{
"category" : "Network activity" ,
"comment" : "" ,
"deleted" : false ,
"disable_correlation" : false ,
"object_relation" : "domain" ,
"timestamp" : "1517480825" ,
"to_ids" : true ,
"type" : "domain" ,
"uuid" : "5a72eb79-d3a8-4ef6-ba17-4045950d210f" ,
"value" : "wmi.my0709.xyz"
} ,
{
"category" : "Network activity" ,
"comment" : "" ,
"deleted" : false ,
"disable_correlation" : false ,
"object_relation" : "ip" ,
"timestamp" : "1517480826" ,
"to_ids" : true ,
"type" : "ip-dst" ,
"uuid" : "5a72eb7a-1e88-4a3f-afe7-4663950d210f" ,
"value" : "103.95.30.26"
} ,
{
"category" : "Network activity" ,
"comment" : "" ,
"deleted" : false ,
"disable_correlation" : false ,
"object_relation" : "dst-port" ,
"timestamp" : "1517480826" ,
"to_ids" : false ,
"type" : "port" ,
"uuid" : "5a72eb7a-1190-4302-9678-4bf5950d210f" ,
"value" : "8888"
}
]
} ,
{
"comment" : "Smominru binary server" ,
"deleted" : false ,
"description" : "An IP address (or domain) and a port seen as a tuple (or as a triple) in a specific time frame." ,
"meta-category" : "network" ,
"name" : "ip-port" ,
"template_uuid" : "9f8cea74-16fe-4968-a2b4-026676949ac6" ,
"template_version" : "6" ,
"timestamp" : "1517481180" ,
"uuid" : "5a72ecdc-ad08-41d6-b1cc-8f0b950d210f" ,
"Attribute" : [
{
"category" : "Network activity" ,
"comment" : "" ,
"deleted" : false ,
"disable_correlation" : false ,
"object_relation" : "domain" ,
"timestamp" : "1517481180" ,
"to_ids" : true ,
"type" : "domain" ,
"uuid" : "5a72ecdc-f4dc-4bf4-ba96-8f0b950d210f" ,
"value" : "ftp.ruisgood.ru"
} ,
{
"category" : "Network activity" ,
"comment" : "" ,
"deleted" : false ,
"disable_correlation" : false ,
"object_relation" : "ip" ,
"timestamp" : "1517481181" ,
"to_ids" : true ,
"type" : "ip-dst" ,
"uuid" : "5a72ecdd-5588-44bd-b5be-8f0b950d210f" ,
"value" : "68.64.166.82"
} ,
{
"category" : "Network activity" ,
"comment" : "" ,
"deleted" : false ,
"disable_correlation" : false ,
"object_relation" : "dst-port" ,
"timestamp" : "1517481181" ,
"to_ids" : false ,
"type" : "port" ,
"uuid" : "5a72ecdd-9ec0-4659-8edd-8f0b950d210f" ,
"value" : "21"
}
]
} ,
{
"comment" : "Smominru binary server" ,
"deleted" : false ,
"description" : "An IP address (or domain) and a port seen as a tuple (or as a triple) in a specific time frame." ,
"meta-category" : "network" ,
"name" : "ip-port" ,
"template_uuid" : "9f8cea74-16fe-4968-a2b4-026676949ac6" ,
"template_version" : "6" ,
"timestamp" : "1517481280" ,
"uuid" : "5a72ed40-73e4-40d3-b0c0-b1fb950d210f" ,
"Attribute" : [
{
"category" : "Network activity" ,
"comment" : "" ,
"deleted" : false ,
"disable_correlation" : false ,
"object_relation" : "domain" ,
"timestamp" : "1517481281" ,
"to_ids" : true ,
"type" : "domain" ,
"uuid" : "5a72ed41-e808-4e0f-a381-b1fb950d210f" ,
"value" : "ftp.oo000oo.me"
} ,
{
"category" : "Network activity" ,
"comment" : "" ,
"deleted" : false ,
"disable_correlation" : false ,
"object_relation" : "ip" ,
"timestamp" : "1517481281" ,
"to_ids" : true ,
"type" : "ip-dst" ,
"uuid" : "5a72ed41-3f74-4d68-916b-b1fb950d210f" ,
"value" : "68.64.166.82"
} ,
{
"category" : "Network activity" ,
"comment" : "" ,
"deleted" : false ,
"disable_correlation" : false ,
"object_relation" : "dst-port" ,
"timestamp" : "1517481281" ,
"to_ids" : false ,
"type" : "port" ,
"uuid" : "5a72ed41-2ac8-4618-a365-b1fb950d210f" ,
"value" : "21"
}
]
} ,
{
"comment" : "Smominru binary server" ,
"deleted" : false ,
"description" : "An IP address (or domain) and a port seen as a tuple (or as a triple) in a specific time frame." ,
"meta-category" : "network" ,
"name" : "ip-port" ,
"template_uuid" : "9f8cea74-16fe-4968-a2b4-026676949ac6" ,
"template_version" : "6" ,
"timestamp" : "1517481308" ,
"uuid" : "5a72ed5c-1854-41db-ac03-5bf2950d210f" ,
"Attribute" : [
{
"category" : "Network activity" ,
"comment" : "" ,
"deleted" : false ,
"disable_correlation" : false ,
"object_relation" : "domain" ,
"timestamp" : "1517481308" ,
"to_ids" : true ,
"type" : "domain" ,
"uuid" : "5a72ed5c-8a7c-4a3b-a651-5bf2950d210f" ,
"value" : "ftp.ftp0118.info"
} ,
{
"category" : "Network activity" ,
"comment" : "" ,
"deleted" : false ,
"disable_correlation" : false ,
"object_relation" : "ip" ,
"timestamp" : "1517481309" ,
"to_ids" : true ,
"type" : "ip-dst" ,
"uuid" : "5a72ed5d-94b0-46fa-8863-5bf2950d210f" ,
"value" : "68.64.166.82"
} ,
{
"category" : "Network activity" ,
"comment" : "" ,
"deleted" : false ,
"disable_correlation" : false ,
"object_relation" : "dst-port" ,
"timestamp" : "1517481309" ,
"to_ids" : false ,
"type" : "port" ,
"uuid" : "5a72ed5d-8d1c-49b5-8024-5bf2950d210f" ,
"value" : "21"
}
]
} ,
{
"comment" : "Smominru binary server" ,
"deleted" : false ,
"description" : "An IP address (or domain) and a port seen as a tuple (or as a triple) in a specific time frame." ,
"meta-category" : "network" ,
"name" : "ip-port" ,
"template_uuid" : "9f8cea74-16fe-4968-a2b4-026676949ac6" ,
"template_version" : "6" ,
"timestamp" : "1517481332" ,
"uuid" : "5a72ed74-9234-4129-81bb-47f3950d210f" ,
"Attribute" : [
{
"category" : "Network activity" ,
"comment" : "" ,
"deleted" : false ,
"disable_correlation" : false ,
"object_relation" : "domain" ,
"timestamp" : "1517481333" ,
"to_ids" : true ,
"type" : "domain" ,
"uuid" : "5a72ed75-9880-448e-9b02-47c1950d210f" ,
"value" : "js.mys2016.info"
} ,
{
"category" : "Network activity" ,
"comment" : "" ,
"deleted" : false ,
"disable_correlation" : false ,
"object_relation" : "ip" ,
"timestamp" : "1517481333" ,
"to_ids" : true ,
"type" : "ip-dst" ,
"uuid" : "5a72ed75-ca30-4ea5-b0cd-449e950d210f" ,
"value" : "27.255.79.151"
} ,
{
"category" : "Network activity" ,
"comment" : "" ,
"deleted" : false ,
"disable_correlation" : false ,
"object_relation" : "dst-port" ,
"timestamp" : "1517481333" ,
"to_ids" : false ,
"type" : "port" ,
"uuid" : "5a72ed75-f48c-4c10-8388-4bc8950d210f" ,
"value" : "280"
}
]
} ,
{
"comment" : "Smominru C&C (Binary Server)" ,
"deleted" : false ,
"description" : "An IP address (or domain) and a port seen as a tuple (or as a triple) in a specific time frame." ,
"meta-category" : "network" ,
"name" : "ip-port" ,
"template_uuid" : "9f8cea74-16fe-4968-a2b4-026676949ac6" ,
"template_version" : "6" ,
"timestamp" : "1517481386" ,
"uuid" : "5a72edaa-8670-4ea1-a903-4e28950d210f" ,
"Attribute" : [
{
"category" : "Network activity" ,
"comment" : "" ,
"deleted" : false ,
"disable_correlation" : false ,
"object_relation" : "domain" ,
"timestamp" : "1517481386" ,
"to_ids" : true ,
"type" : "domain" ,
"uuid" : "5a72edaa-342c-4783-8194-406f950d210f" ,
"value" : "64.mymyxmra.ru"
} ,
{
"category" : "Network activity" ,
"comment" : "" ,
"deleted" : false ,
"disable_correlation" : false ,
"object_relation" : "ip" ,
"timestamp" : "1517481387" ,
"to_ids" : true ,
"type" : "ip-dst" ,
"uuid" : "5a72edab-b200-44bb-adeb-431e950d210f" ,
"value" : "170.178.171.162"
} ,
{
"category" : "Network activity" ,
"comment" : "" ,
"deleted" : false ,
"disable_correlation" : false ,
"object_relation" : "dst-port" ,
"timestamp" : "1517481387" ,
"to_ids" : false ,
"type" : "port" ,
"uuid" : "5a72edab-c7a0-4413-a928-4c03950d210f" ,
"value" : "8888"
}
]
} ,
{
"comment" : "Smominru C&C" ,
"deleted" : false ,
"description" : "An IP address (or domain) and a port seen as a tuple (or as a triple) in a specific time frame." ,
"meta-category" : "network" ,
"name" : "ip-port" ,
"template_uuid" : "9f8cea74-16fe-4968-a2b4-026676949ac6" ,
"template_version" : "6" ,
"timestamp" : "1517481481" ,
"uuid" : "5a72ee09-c0b0-48d0-9a90-4d69950d210f" ,
"Attribute" : [
{
"category" : "Network activity" ,
"comment" : "" ,
"deleted" : false ,
"disable_correlation" : false ,
"object_relation" : "domain" ,
"timestamp" : "1517481481" ,
"to_ids" : true ,
"type" : "domain" ,
"uuid" : "5a72ee09-54e0-4300-93b4-4f49950d210f" ,
"value" : "xmr.xmr5b.ru"
} ,
{
"category" : "Network activity" ,
"comment" : "" ,
"deleted" : false ,
"disable_correlation" : false ,
"object_relation" : "ip" ,
"timestamp" : "1517481482" ,
"to_ids" : true ,
"type" : "ip-dst" ,
"uuid" : "5a72ee0a-1624-4b74-b56a-4ee8950d210f" ,
"value" : "45.58.140.194"
} ,
{
"category" : "Network activity" ,
"comment" : "" ,
"deleted" : false ,
"disable_correlation" : false ,
"object_relation" : "dst-port" ,
"timestamp" : "1517481482" ,
"to_ids" : false ,
"type" : "port" ,
"uuid" : "5a72ee0a-d9b8-4825-82d7-4d2b950d210f" ,
"value" : "8888"
}
]
} ,
{
"comment" : "Smominru C&C" ,
"deleted" : false ,
"description" : "An IP address (or domain) and a port seen as a tuple (or as a triple) in a specific time frame." ,
"meta-category" : "network" ,
"name" : "ip-port" ,
"template_uuid" : "9f8cea74-16fe-4968-a2b4-026676949ac6" ,
"template_version" : "6" ,
"timestamp" : "1517481552" ,
"uuid" : "5a72ee50-f530-4793-8783-6767950d210f" ,
"Attribute" : [
{
"category" : "Network activity" ,
"comment" : "" ,
"deleted" : false ,
"disable_correlation" : false ,
"object_relation" : "domain" ,
"timestamp" : "1517481553" ,
"to_ids" : true ,
"type" : "domain" ,
"uuid" : "5a72ee51-4fc0-4d0d-8efb-6767950d210f" ,
"value" : "js.my0115.ru"
} ,
{
"category" : "Network activity" ,
"comment" : "" ,
"deleted" : false ,
"disable_correlation" : false ,
"object_relation" : "dst-port" ,
"timestamp" : "1517481553" ,
"to_ids" : false ,
"type" : "port" ,
"uuid" : "5a72ee51-7088-4a4d-9dc8-6767950d210f" ,
"value" : "8888"
}
]
} ,
{
"comment" : "Smominru C&C (WMI call)" ,
"deleted" : false ,
"description" : "An IP address (or domain) and a port seen as a tuple (or as a triple) in a specific time frame." ,
"meta-category" : "network" ,
"name" : "ip-port" ,
"template_uuid" : "9f8cea74-16fe-4968-a2b4-026676949ac6" ,
"template_version" : "6" ,
"timestamp" : "1517481587" ,
"uuid" : "5a72ee73-9cc0-4425-b60a-4260950d210f" ,
"Attribute" : [
{
"category" : "Network activity" ,
"comment" : "" ,
"deleted" : false ,
"disable_correlation" : false ,
"object_relation" : "domain" ,
"timestamp" : "1517481587" ,
"to_ids" : true ,
"type" : "domain" ,
"uuid" : "5a72ee73-add0-484f-a7fd-4ee3950d210f" ,
"value" : "wmi.my0115.ru"
} ,
{
"category" : "Network activity" ,
"comment" : "" ,
"deleted" : false ,
"disable_correlation" : false ,
"object_relation" : "ip" ,
"timestamp" : "1517481588" ,
"to_ids" : true ,
"type" : "ip-dst" ,
"uuid" : "5a72ee74-7974-4ccd-aa57-48be950d210f" ,
"value" : "103.95.30.26"
} ,
{
"category" : "Network activity" ,
"comment" : "" ,
"deleted" : false ,
"disable_correlation" : false ,
"object_relation" : "dst-port" ,
"timestamp" : "1517481588" ,
"to_ids" : false ,
"type" : "port" ,
"uuid" : "5a72ee74-fed8-4e91-9d7f-47b5950d210f" ,
"value" : "8888"
}
]
} ,
{
"comment" : "Smominru C&C (Binary Server)" ,
"deleted" : false ,
"description" : "An IP address (or domain) and a port seen as a tuple (or as a triple) in a specific time frame." ,
"meta-category" : "network" ,
"name" : "ip-port" ,
"template_uuid" : "9f8cea74-16fe-4968-a2b4-026676949ac6" ,
"template_version" : "6" ,
"timestamp" : "1517481613" ,
"uuid" : "5a72ee8d-cc5c-48e6-b05a-5bee950d210f" ,
"Attribute" : [
{
"category" : "Network activity" ,
"comment" : "" ,
"deleted" : false ,
"disable_correlation" : false ,
"object_relation" : "domain" ,
"timestamp" : "1517481613" ,
"to_ids" : true ,
"type" : "domain" ,
"uuid" : "5a72ee8d-0174-4c34-b302-5bee950d210f" ,
"value" : "down.my0115.ru"
} ,
{
"category" : "Network activity" ,
"comment" : "" ,
"deleted" : false ,
"disable_correlation" : false ,
"object_relation" : "ip" ,
"timestamp" : "1517481614" ,
"to_ids" : true ,
"type" : "ip-dst" ,
"uuid" : "5a72ee8e-7834-49ad-acf0-5bee950d210f" ,
"value" : "103.95.30.26"
} ,
{
"category" : "Network activity" ,
"comment" : "" ,
"deleted" : false ,
"disable_correlation" : false ,
"object_relation" : "dst-port" ,
"timestamp" : "1517481614" ,
"to_ids" : false ,
"type" : "port" ,
"uuid" : "5a72ee8e-99a4-4314-937e-5bee950d210f" ,
"value" : "8888"
}
]
} ,
{
"comment" : "Smominru C&C" ,
"deleted" : false ,
"description" : "A domain and IP address seen as a tuple in a specific time frame." ,
"meta-category" : "network" ,
"name" : "domain-ip" ,
"template_uuid" : "43b3b146-77eb-4931-b4cc-b66c60f28734" ,
"template_version" : "5" ,
"timestamp" : "1517481633" ,
"uuid" : "5a72eea1-0f08-4da7-a5a1-b1db950d210f" ,
"Attribute" : [
{
"category" : "Network activity" ,
"comment" : "" ,
"deleted" : false ,
"disable_correlation" : false ,
"object_relation" : "ip" ,
"timestamp" : "1517481633" ,
"to_ids" : true ,
"type" : "ip-dst" ,
"uuid" : "5a72eea1-5d20-4812-a933-b1db950d210f" ,
"value" : "103.95.30.26"
} ,
{
"category" : "Network activity" ,
"comment" : "" ,
"deleted" : false ,
"disable_correlation" : false ,
"object_relation" : "domain" ,
"timestamp" : "1517481634" ,
"to_ids" : true ,
"type" : "domain" ,
"uuid" : "5a72eea2-e5dc-4b35-9f01-b1db950d210f" ,
"value" : "down.my0709.xyz"
}
]
} ,
{
"comment" : "" ,
"deleted" : false ,
"description" : "File object describing a file with meta-information" ,
"meta-category" : "file" ,
"name" : "file" ,
"template_uuid" : "688c46fb-5edb-40a3-8273-1af7923e2215" ,
"template_version" : "7" ,
"timestamp" : "1517488879" ,
"uuid" : "1e2fd26e-d1ec-406d-bb1b-b4d72f61d52f" ,
"ObjectReference" : [
{
"comment" : "" ,
"object_uuid" : "1e2fd26e-d1ec-406d-bb1b-b4d72f61d52f" ,
"referenced_uuid" : "0b7e3026-09c1-4f49-af9a-07f5ceb0592b" ,
"relationship_type" : "analysed-with" ,
"timestamp" : "1518771268" ,
"uuid" : "5a730b04-c964-45f2-8265-4b3a02de0b81"
}
] ,
"Attribute" : [
{
"category" : "Payload delivery" ,
"comment" : "EternalBlue dropped" ,
"deleted" : false ,
"disable_correlation" : false ,
"object_relation" : "sha1" ,
"timestamp" : "1517488876" ,
"to_ids" : true ,
"type" : "sha1" ,
"uuid" : "5a730aec-ea98-4103-9143-470302de0b81" ,
"value" : "a56c110dcf859d83aa1fa5ad455e94539dfa8d12"
} ,
{
"category" : "Payload delivery" ,
"comment" : "EternalBlue dropped" ,
"deleted" : false ,
"disable_correlation" : false ,
"object_relation" : "md5" ,
"timestamp" : "1517488876" ,
"to_ids" : true ,
"type" : "md5" ,
"uuid" : "5a730aec-0a08-4fce-90b5-4eb102de0b81" ,
"value" : "1487e2b148f7a4869c212f78cb28d682"
} ,
{
"category" : "Payload delivery" ,
"comment" : "EternalBlue dropped" ,
"deleted" : false ,
"disable_correlation" : false ,
"object_relation" : "sha256" ,
"timestamp" : "1517488877" ,
"to_ids" : true ,
"type" : "sha256" ,
"uuid" : "5a730aed-5d18-427e-86aa-43c802de0b81" ,
"value" : "8ceb370e5f32dd732809c827f8eda38cc9b746d40adea3dca33b8c27ee38eb6f"
}
]
} ,
{
"comment" : "" ,
"deleted" : false ,
"description" : "VirusTotal report" ,
"meta-category" : "misc" ,
"name" : "virustotal-report" ,
"template_uuid" : "d7dd0154-e04f-4c34-a2fb-79f3a3a52aa4" ,
"template_version" : "1" ,
"timestamp" : "1517488877" ,
"uuid" : "0b7e3026-09c1-4f49-af9a-07f5ceb0592b" ,
"Attribute" : [
{
"category" : "External analysis" ,
"comment" : "EternalBlue dropped" ,
"deleted" : false ,
"disable_correlation" : false ,
"object_relation" : "permalink" ,
"timestamp" : "1517488877" ,
"to_ids" : false ,
"type" : "link" ,
"uuid" : "5a730aed-3e50-42bb-927c-450902de0b81" ,
"value" : "https://www.virustotal.com/file/8ceb370e5f32dd732809c827f8eda38cc9b746d40adea3dca33b8c27ee38eb6f/analysis/1517456055/"
} ,
{
"category" : "Other" ,
"comment" : "EternalBlue dropped" ,
"deleted" : false ,
"disable_correlation" : true ,
"object_relation" : "detection-ratio" ,
"timestamp" : "1517488878" ,
"to_ids" : false ,
"type" : "text" ,
"uuid" : "5a730aee-fe60-4ff3-a8a3-428102de0b81" ,
"value" : "45/65"
} ,
{
"category" : "Other" ,
"comment" : "EternalBlue dropped" ,
"deleted" : false ,
"disable_correlation" : false ,
"object_relation" : "last-submission" ,
"timestamp" : "1517488878" ,
"to_ids" : false ,
"type" : "datetime" ,
"uuid" : "5a730aee-cf3c-4a4b-b699-434c02de0b81" ,
"value" : "2018-02-01T03:34:15"
}
]
} ,
{
"comment" : "" ,
"deleted" : false ,
"description" : "File object describing a file with meta-information" ,
"meta-category" : "file" ,
"name" : "file" ,
"template_uuid" : "688c46fb-5edb-40a3-8273-1af7923e2215" ,
"template_version" : "7" ,
"timestamp" : "1517488882" ,
"uuid" : "b538582a-ca89-45a4-895c-35d517c9b279" ,
"ObjectReference" : [
{
"comment" : "" ,
"object_uuid" : "b538582a-ca89-45a4-895c-35d517c9b279" ,
"referenced_uuid" : "a804d5b1-7ca5-406d-9a56-e06577b0629d" ,
"relationship_type" : "analysed-with" ,
"timestamp" : "1518771268" ,
"uuid" : "5a730b05-66c8-4573-9dae-44f102de0b81"
}
] ,
"Attribute" : [
{
"category" : "Payload delivery" ,
"comment" : "0107.rar (Smominru - Coin Miner)" ,
"deleted" : false ,
"disable_correlation" : false ,
"object_relation" : "sha1" ,
"timestamp" : "1517488879" ,
"to_ids" : true ,
"type" : "sha1" ,
"uuid" : "5a730aef-b894-4a00-a320-40ae02de0b81" ,
"value" : "d789b6b33d739810cab2e3f5a55933dd16721823"
} ,
{
"category" : "Payload delivery" ,
"comment" : "0107.rar (Smominru - Coin Miner)" ,
"deleted" : false ,
"disable_correlation" : false ,
"object_relation" : "md5" ,
"timestamp" : "1517488879" ,
"to_ids" : true ,
"type" : "md5" ,
"uuid" : "5a730aef-2530-437d-925f-472102de0b81" ,
"value" : "ff604679b2e12040dea81f6ecffd5ea2"
} ,
{
"category" : "Payload delivery" ,
"comment" : "0107.rar (Smominru - Coin Miner)" ,
"deleted" : false ,
"disable_correlation" : false ,
"object_relation" : "sha256" ,
"timestamp" : "1517488880" ,
"to_ids" : true ,
"type" : "sha256" ,
"uuid" : "5a730af0-79dc-47e8-a72d-48d402de0b81" ,
"value" : "b7f8b5cb8fc7bd5c14105fde118f5ac7a808e590e52f16c70128b4bd28aa4b5a"
}
]
} ,
{
"comment" : "" ,
"deleted" : false ,
"description" : "VirusTotal report" ,
"meta-category" : "misc" ,
"name" : "virustotal-report" ,
"template_uuid" : "d7dd0154-e04f-4c34-a2fb-79f3a3a52aa4" ,
"template_version" : "1" ,
"timestamp" : "1517488880" ,
"uuid" : "a804d5b1-7ca5-406d-9a56-e06577b0629d" ,
"Attribute" : [
{
"category" : "External analysis" ,
"comment" : "0107.rar (Smominru - Coin Miner)" ,
"deleted" : false ,
"disable_correlation" : false ,
"object_relation" : "permalink" ,
"timestamp" : "1517488880" ,
"to_ids" : false ,
"type" : "link" ,
"uuid" : "5a730af0-28d8-461f-8bc1-48eb02de0b81" ,
"value" : "https://www.virustotal.com/file/b7f8b5cb8fc7bd5c14105fde118f5ac7a808e590e52f16c70128b4bd28aa4b5a/analysis/1517457171/"
} ,
{
"category" : "Other" ,
"comment" : "0107.rar (Smominru - Coin Miner)" ,
"deleted" : false ,
"disable_correlation" : true ,
"object_relation" : "detection-ratio" ,
"timestamp" : "1517488881" ,
"to_ids" : false ,
"type" : "text" ,
"uuid" : "5a730af1-ebd8-4440-a145-46e502de0b81" ,
"value" : "49/66"
} ,
{
"category" : "Other" ,
"comment" : "0107.rar (Smominru - Coin Miner)" ,
"deleted" : false ,
"disable_correlation" : false ,
"object_relation" : "last-submission" ,
"timestamp" : "1517488881" ,
"to_ids" : false ,
"type" : "datetime" ,
"uuid" : "5a730af1-2a48-4e30-b9dc-468602de0b81" ,
"value" : "2018-02-01T03:52:51"
}
]
} ,
{
"comment" : "" ,
"deleted" : false ,
"description" : "File object describing a file with meta-information" ,
"meta-category" : "file" ,
"name" : "file" ,
"template_uuid" : "688c46fb-5edb-40a3-8273-1af7923e2215" ,
"template_version" : "7" ,
"timestamp" : "1517488885" ,
"uuid" : "c7f56e48-5ca3-4ab4-8a44-d508a7c3f1b5" ,
"ObjectReference" : [
{
"comment" : "" ,
"object_uuid" : "c7f56e48-5ca3-4ab4-8a44-d508a7c3f1b5" ,
"referenced_uuid" : "857bce07-e7e4-4cfb-a435-fbb587cf250a" ,
"relationship_type" : "analysed-with" ,
"timestamp" : "1518771268" ,
"uuid" : "5a730b05-0150-4550-9b86-44a802de0b81"
}
] ,
"Attribute" : [
{
"category" : "Payload delivery" ,
"comment" : "0126.rar (Smominru Coin Miner)" ,
"deleted" : false ,
"disable_correlation" : false ,
"object_relation" : "sha1" ,
"timestamp" : "1517488882" ,
"to_ids" : true ,
"type" : "sha1" ,
"uuid" : "5a730af2-eea8-413a-b78a-492b02de0b81" ,
"value" : "6ca9bc55382736c6fb173afb789318ee7067f206"
} ,
{
"category" : "Payload delivery" ,
"comment" : "0126.rar (Smominru Coin Miner)" ,
"deleted" : false ,
"disable_correlation" : false ,
"object_relation" : "md5" ,
"timestamp" : "1517488882" ,
"to_ids" : true ,
"type" : "md5" ,
"uuid" : "5a730af2-b2c4-426d-b64b-42bb02de0b81" ,
"value" : "0224b573793d1780e3fec22739526c8f"
} ,
{
"category" : "Payload delivery" ,
"comment" : "0126.rar (Smominru Coin Miner)" ,
"deleted" : false ,
"disable_correlation" : false ,
"object_relation" : "sha256" ,
"timestamp" : "1517488883" ,
"to_ids" : true ,
"type" : "sha256" ,
"uuid" : "5a730af3-52d4-418d-8c97-40d102de0b81" ,
"value" : "3b1824b41f3853376e21153d9125781dbb57b820d8a9a6cc037f82ea87f50973"
}
]
} ,
{
"comment" : "" ,
"deleted" : false ,
"description" : "VirusTotal report" ,
"meta-category" : "misc" ,
"name" : "virustotal-report" ,
"template_uuid" : "d7dd0154-e04f-4c34-a2fb-79f3a3a52aa4" ,
"template_version" : "1" ,
"timestamp" : "1517488883" ,
"uuid" : "857bce07-e7e4-4cfb-a435-fbb587cf250a" ,
"Attribute" : [
{
"category" : "External analysis" ,
"comment" : "0126.rar (Smominru Coin Miner)" ,
"deleted" : false ,
"disable_correlation" : false ,
"object_relation" : "permalink" ,
"timestamp" : "1517488883" ,
"to_ids" : false ,
"type" : "link" ,
"uuid" : "5a730af3-4578-439d-b113-485d02de0b81" ,
"value" : "https://www.virustotal.com/file/3b1824b41f3853376e21153d9125781dbb57b820d8a9a6cc037f82ea87f50973/analysis/1517153840/"
} ,
{
"category" : "Other" ,
"comment" : "0126.rar (Smominru Coin Miner)" ,
"deleted" : false ,
"disable_correlation" : true ,
"object_relation" : "detection-ratio" ,
"timestamp" : "1517488884" ,
"to_ids" : false ,
"type" : "text" ,
"uuid" : "5a730af4-2254-4135-a0e4-4ed602de0b81" ,
"value" : "28/66"
} ,
{
"category" : "Other" ,
"comment" : "0126.rar (Smominru Coin Miner)" ,
"deleted" : false ,
"disable_correlation" : false ,
"object_relation" : "last-submission" ,
"timestamp" : "1517488884" ,
"to_ids" : false ,
"type" : "datetime" ,
"uuid" : "5a730af4-9a70-46ec-b537-492902de0b81" ,
"value" : "2018-01-28T15:37:20"
}
]
} ,
{
"comment" : "" ,
"deleted" : false ,
"description" : "File object describing a file with meta-information" ,
"meta-category" : "file" ,
"name" : "file" ,
"template_uuid" : "688c46fb-5edb-40a3-8273-1af7923e2215" ,
"template_version" : "7" ,
"timestamp" : "1517488888" ,
"uuid" : "994aa712-e77a-411f-bec0-cf4b547a61a1" ,
"ObjectReference" : [
{
"comment" : "" ,
"object_uuid" : "994aa712-e77a-411f-bec0-cf4b547a61a1" ,
"referenced_uuid" : "28763b93-461a-4389-8100-45731b4fcb27" ,
"relationship_type" : "analysed-with" ,
"timestamp" : "1518771268" ,
"uuid" : "5a730b05-a2e0-47fe-a4fe-4e3c02de0b81"
}
] ,
"Attribute" : [
{
"category" : "Payload delivery" ,
"comment" : "64.rar" ,
"deleted" : false ,
"disable_correlation" : false ,
"object_relation" : "sha1" ,
"timestamp" : "1517488885" ,
"to_ids" : true ,
"type" : "sha1" ,
"uuid" : "5a730af5-1824-4820-bb8e-44b902de0b81" ,
"value" : "53accdd58a67fe7bc7fbcaefa1e2b65c13aba9ff"
} ,
{
"category" : "Payload delivery" ,
"comment" : "64.rar" ,
"deleted" : false ,
"disable_correlation" : false ,
"object_relation" : "md5" ,
"timestamp" : "1517488886" ,
"to_ids" : true ,
"type" : "md5" ,
"uuid" : "5a730af6-8c40-43fa-959b-4ea502de0b81" ,
"value" : "6ca24e8ae6988ee1187be72c777e7397"
} ,
{
"category" : "Payload delivery" ,
"comment" : "64.rar" ,
"deleted" : false ,
"disable_correlation" : false ,
"object_relation" : "sha256" ,
"timestamp" : "1517488886" ,
"to_ids" : true ,
"type" : "sha256" ,
"uuid" : "5a730af6-91e8-4591-b16d-4a0402de0b81" ,
"value" : "2e3f534bd6b7d1cf18dc727820124faed92fb28f1d4626c9658587b9b3c09509"
}
]
} ,
{
"comment" : "" ,
"deleted" : false ,
"description" : "VirusTotal report" ,
"meta-category" : "misc" ,
"name" : "virustotal-report" ,
"template_uuid" : "d7dd0154-e04f-4c34-a2fb-79f3a3a52aa4" ,
"template_version" : "1" ,
"timestamp" : "1517488887" ,
"uuid" : "28763b93-461a-4389-8100-45731b4fcb27" ,
"Attribute" : [
{
"category" : "External analysis" ,
"comment" : "64.rar" ,
"deleted" : false ,
"disable_correlation" : false ,
"object_relation" : "permalink" ,
"timestamp" : "1517488887" ,
"to_ids" : false ,
"type" : "link" ,
"uuid" : "5a730af7-d48c-4b0b-be0c-452702de0b81" ,
"value" : "https://www.virustotal.com/file/2e3f534bd6b7d1cf18dc727820124faed92fb28f1d4626c9658587b9b3c09509/analysis/1517457638/"
} ,
{
"category" : "Other" ,
"comment" : "64.rar" ,
"deleted" : false ,
"disable_correlation" : true ,
"object_relation" : "detection-ratio" ,
"timestamp" : "1517488887" ,
"to_ids" : false ,
"type" : "text" ,
"uuid" : "5a730af7-12c8-4405-af2c-47c102de0b81" ,
"value" : "42/64"
} ,
{
"category" : "Other" ,
"comment" : "64.rar" ,
"deleted" : false ,
"disable_correlation" : false ,
"object_relation" : "last-submission" ,
"timestamp" : "1517488888" ,
"to_ids" : false ,
"type" : "datetime" ,
"uuid" : "5a730af8-d5c4-4360-b181-4c4002de0b81" ,
"value" : "2018-02-01T04:00:38"
}
]
} ,
{
"comment" : "" ,
"deleted" : false ,
"description" : "File object describing a file with meta-information" ,
"meta-category" : "file" ,
"name" : "file" ,
"template_uuid" : "688c46fb-5edb-40a3-8273-1af7923e2215" ,
"template_version" : "7" ,
"timestamp" : "1517488891" ,
"uuid" : "fae35839-05f9-4c5d-86f2-0694b89e6be3" ,
"ObjectReference" : [
{
"comment" : "" ,
"object_uuid" : "fae35839-05f9-4c5d-86f2-0694b89e6be3" ,
"referenced_uuid" : "38c84b61-e001-46f6-a99c-172c5e4e5d67" ,
"relationship_type" : "analysed-with" ,
"timestamp" : "1518771268" ,
"uuid" : "5a730b05-de7c-4803-ad11-495902de0b81"
}
] ,
"Attribute" : [
{
"category" : "Payload delivery" ,
"comment" : "0121.rar (Smominru Coin Miner)" ,
"deleted" : false ,
"disable_correlation" : false ,
"object_relation" : "sha1" ,
"timestamp" : "1517488888" ,
"to_ids" : true ,
"type" : "sha1" ,
"uuid" : "5a730af8-ba7c-4433-beba-416202de0b81" ,
"value" : "c788a27c9f18f1e732e34e60a73b83ccdcfd9a29"
} ,
{
"category" : "Payload delivery" ,
"comment" : "0121.rar (Smominru Coin Miner)" ,
"deleted" : false ,
"disable_correlation" : false ,
"object_relation" : "md5" ,
"timestamp" : "1517488889" ,
"to_ids" : true ,
"type" : "md5" ,
"uuid" : "5a730af9-6634-4f1e-9756-40de02de0b81" ,
"value" : "ebdc2be63b2fcb8fe22845c75850c9e6"
} ,
{
"category" : "Payload delivery" ,
"comment" : "0121.rar (Smominru Coin Miner)" ,
"deleted" : false ,
"disable_correlation" : false ,
"object_relation" : "sha256" ,
"timestamp" : "1517488889" ,
"to_ids" : true ,
"type" : "sha256" ,
"uuid" : "5a730af9-3898-4143-bd27-421302de0b81" ,
"value" : "32e0712ff24e5f9ab8ee682a53514c501486f0836ef24125503335d86bd10a4e"
}
]
} ,
{
"comment" : "" ,
"deleted" : false ,
"description" : "VirusTotal report" ,
"meta-category" : "misc" ,
"name" : "virustotal-report" ,
"template_uuid" : "d7dd0154-e04f-4c34-a2fb-79f3a3a52aa4" ,
"template_version" : "1" ,
"timestamp" : "1517488890" ,
"uuid" : "38c84b61-e001-46f6-a99c-172c5e4e5d67" ,
"Attribute" : [
{
"category" : "External analysis" ,
"comment" : "0121.rar (Smominru Coin Miner)" ,
"deleted" : false ,
"disable_correlation" : false ,
"object_relation" : "permalink" ,
"timestamp" : "1517488890" ,
"to_ids" : false ,
"type" : "link" ,
"uuid" : "5a730afa-b5b4-4ef0-9030-4a5302de0b81" ,
"value" : "https://www.virustotal.com/file/32e0712ff24e5f9ab8ee682a53514c501486f0836ef24125503335d86bd10a4e/analysis/1517399898/"
} ,
{
"category" : "Other" ,
"comment" : "0121.rar (Smominru Coin Miner)" ,
"deleted" : false ,
"disable_correlation" : true ,
"object_relation" : "detection-ratio" ,
"timestamp" : "1517488890" ,
"to_ids" : false ,
"type" : "text" ,
"uuid" : "5a730afa-eb88-472e-9db8-491e02de0b81" ,
"value" : "43/66"
} ,
{
"category" : "Other" ,
"comment" : "0121.rar (Smominru Coin Miner)" ,
"deleted" : false ,
"disable_correlation" : false ,
"object_relation" : "last-submission" ,
"timestamp" : "1517488891" ,
"to_ids" : false ,
"type" : "datetime" ,
"uuid" : "5a730afb-ff20-49ea-8d61-439d02de0b81" ,
"value" : "2018-01-31T11:58:18"
}
]
} ,
{
"comment" : "" ,
"deleted" : false ,
"description" : "File object describing a file with meta-information" ,
"meta-category" : "file" ,
"name" : "file" ,
"template_uuid" : "688c46fb-5edb-40a3-8273-1af7923e2215" ,
"template_version" : "7" ,
"timestamp" : "1517488894" ,
"uuid" : "959bcddc-d26f-44f7-9a79-07df0acb6a95" ,
"ObjectReference" : [
{
"comment" : "" ,
"object_uuid" : "959bcddc-d26f-44f7-9a79-07df0acb6a95" ,
"referenced_uuid" : "33bb45b6-d3bd-4cc1-bec6-84cb666c0c0d" ,
"relationship_type" : "analysed-with" ,
"timestamp" : "1518771268" ,
"uuid" : "5a730b05-8e28-4baf-9bc9-4f8d02de0b81"
}
] ,
"Attribute" : [
{
"category" : "Payload delivery" ,
"comment" : "EternalBlue dropped" ,
"deleted" : false ,
"disable_correlation" : false ,
"object_relation" : "sha1" ,
"timestamp" : "1517488891" ,
"to_ids" : true ,
"type" : "sha1" ,
"uuid" : "5a730afb-fd50-4da2-96af-4f8902de0b81" ,
"value" : "368ef0af957492ad0b55ce1351da1b44f67dbcb8"
} ,
{
"category" : "Payload delivery" ,
"comment" : "EternalBlue dropped" ,
"deleted" : false ,
"disable_correlation" : false ,
"object_relation" : "md5" ,
"timestamp" : "1517488892" ,
"to_ids" : true ,
"type" : "md5" ,
"uuid" : "5a730afc-08b8-4f2c-8c4a-498b02de0b81" ,
"value" : "f63e34b172bc6c88c002a2d25c738ea9"
} ,
{
"category" : "Payload delivery" ,
"comment" : "EternalBlue dropped" ,
"deleted" : false ,
"disable_correlation" : false ,
"object_relation" : "sha256" ,
"timestamp" : "1517488892" ,
"to_ids" : true ,
"type" : "sha256" ,
"uuid" : "5a730afc-2d2c-4a34-b967-454102de0b81" ,
"value" : "5e15c97546a19759a8397e51e98a2d8168e6e27aff4dc518220459ed3184e4e2"
}
]
} ,
{
"comment" : "" ,
"deleted" : false ,
"description" : "VirusTotal report" ,
"meta-category" : "misc" ,
"name" : "virustotal-report" ,
"template_uuid" : "d7dd0154-e04f-4c34-a2fb-79f3a3a52aa4" ,
"template_version" : "1" ,
"timestamp" : "1517488893" ,
"uuid" : "33bb45b6-d3bd-4cc1-bec6-84cb666c0c0d" ,
"Attribute" : [
{
"category" : "External analysis" ,
"comment" : "EternalBlue dropped" ,
"deleted" : false ,
"disable_correlation" : false ,
"object_relation" : "permalink" ,
"timestamp" : "1517488893" ,
"to_ids" : false ,
"type" : "link" ,
"uuid" : "5a730afd-5ae4-4e1d-976f-4e1e02de0b81" ,
"value" : "https://www.virustotal.com/file/5e15c97546a19759a8397e51e98a2d8168e6e27aff4dc518220459ed3184e4e2/analysis/1517462947/"
} ,
{
"category" : "Other" ,
"comment" : "EternalBlue dropped" ,
"deleted" : false ,
"disable_correlation" : true ,
"object_relation" : "detection-ratio" ,
"timestamp" : "1517488893" ,
"to_ids" : false ,
"type" : "text" ,
"uuid" : "5a730afd-1514-4e7f-8862-49ae02de0b81" ,
"value" : "37/63"
} ,
{
"category" : "Other" ,
"comment" : "EternalBlue dropped" ,
"deleted" : false ,
"disable_correlation" : false ,
"object_relation" : "last-submission" ,
"timestamp" : "1517488894" ,
"to_ids" : false ,
"type" : "datetime" ,
"uuid" : "5a730afe-2ad4-4d85-af66-4a4702de0b81" ,
"value" : "2018-02-01T05:29:07"
}
]
} ,
{
"comment" : "" ,
"deleted" : false ,
"description" : "File object describing a file with meta-information" ,
"meta-category" : "file" ,
"name" : "file" ,
"template_uuid" : "688c46fb-5edb-40a3-8273-1af7923e2215" ,
"template_version" : "7" ,
"timestamp" : "1517488897" ,
"uuid" : "eb0f9ec8-b388-422a-99dc-5d7a32e340b3" ,
"ObjectReference" : [
{
"comment" : "" ,
"object_uuid" : "eb0f9ec8-b388-422a-99dc-5d7a32e340b3" ,
"referenced_uuid" : "c38c22d3-60e6-4336-94d4-f9772f9e56fe" ,
"relationship_type" : "analysed-with" ,
"timestamp" : "1518771268" ,
"uuid" : "5a730b05-3230-49fc-b2f1-49ae02de0b81"
}
] ,
"Attribute" : [
{
"category" : "Payload delivery" ,
"comment" : "0114.rar (Smominru - Coin Miner)" ,
"deleted" : false ,
"disable_correlation" : false ,
"object_relation" : "sha1" ,
"timestamp" : "1517488894" ,
"to_ids" : true ,
"type" : "sha1" ,
"uuid" : "5a730afe-0fdc-4e97-bb5b-406d02de0b81" ,
"value" : "b8a53e651be77914428f6a3cefc797041ff3df51"
} ,
{
"category" : "Payload delivery" ,
"comment" : "0114.rar (Smominru - Coin Miner)" ,
"deleted" : false ,
"disable_correlation" : false ,
"object_relation" : "md5" ,
"timestamp" : "1517488895" ,
"to_ids" : true ,
"type" : "md5" ,
"uuid" : "5a730aff-4bd8-43e9-ac6d-47ea02de0b81" ,
"value" : "822b8150022ba179560ac42384ff997e"
} ,
{
"category" : "Payload delivery" ,
"comment" : "0114.rar (Smominru - Coin Miner)" ,
"deleted" : false ,
"disable_correlation" : false ,
"object_relation" : "sha256" ,
"timestamp" : "1517488895" ,
"to_ids" : true ,
"type" : "sha256" ,
"uuid" : "5a730aff-4a6c-4daf-90be-493202de0b81" ,
"value" : "f1c36aebdcd92a04fd689d31944e5388e7e9b9421063ec4c98804ac7a04e6b0d"
}
]
} ,
{
"comment" : "" ,
"deleted" : false ,
"description" : "VirusTotal report" ,
"meta-category" : "misc" ,
"name" : "virustotal-report" ,
"template_uuid" : "d7dd0154-e04f-4c34-a2fb-79f3a3a52aa4" ,
"template_version" : "1" ,
"timestamp" : "1517488896" ,
"uuid" : "c38c22d3-60e6-4336-94d4-f9772f9e56fe" ,
"Attribute" : [
{
"category" : "External analysis" ,
"comment" : "0114.rar (Smominru - Coin Miner)" ,
"deleted" : false ,
"disable_correlation" : false ,
"object_relation" : "permalink" ,
"timestamp" : "1517488896" ,
"to_ids" : false ,
"type" : "link" ,
"uuid" : "5a730b00-d828-4158-99c6-4f4702de0b81" ,
"value" : "https://www.virustotal.com/file/f1c36aebdcd92a04fd689d31944e5388e7e9b9421063ec4c98804ac7a04e6b0d/analysis/1517332171/"
} ,
{
"category" : "Other" ,
"comment" : "0114.rar (Smominru - Coin Miner)" ,
"deleted" : false ,
"disable_correlation" : true ,
"object_relation" : "detection-ratio" ,
"timestamp" : "1517488896" ,
"to_ids" : false ,
"type" : "text" ,
"uuid" : "5a730b00-cfac-4258-a9b1-4f4202de0b81" ,
"value" : "49/65"
} ,
{
"category" : "Other" ,
"comment" : "0114.rar (Smominru - Coin Miner)" ,
"deleted" : false ,
"disable_correlation" : false ,
"object_relation" : "last-submission" ,
"timestamp" : "1517488897" ,
"to_ids" : false ,
"type" : "datetime" ,
"uuid" : "5a730b01-39ac-4f84-93b3-498602de0b81" ,
"value" : "2018-01-30T17:09:31"
}
]
} ,
{
"comment" : "" ,
"deleted" : false ,
"description" : "File object describing a file with meta-information" ,
"meta-category" : "file" ,
"name" : "file" ,
"template_uuid" : "688c46fb-5edb-40a3-8273-1af7923e2215" ,
"template_version" : "7" ,
"timestamp" : "1517488900" ,
"uuid" : "055ccd02-bd02-4e47-9fd1-1e668f23f024" ,
"ObjectReference" : [
{
"comment" : "" ,
"object_uuid" : "055ccd02-bd02-4e47-9fd1-1e668f23f024" ,
"referenced_uuid" : "1718834e-3131-4711-92e4-4fd9e25abcb7" ,
"relationship_type" : "analysed-with" ,
"timestamp" : "1518771269" ,
"uuid" : "5a730b05-9ea0-4f53-a361-49d802de0b81"
}
] ,
"Attribute" : [
{
"category" : "Payload delivery" ,
"comment" : "ups.rar" ,
"deleted" : false ,
"disable_correlation" : false ,
"object_relation" : "sha1" ,
"timestamp" : "1517488897" ,
"to_ids" : true ,
"type" : "sha1" ,
"uuid" : "5a730b01-a8a0-4494-8ea7-4b8002de0b81" ,
"value" : "0b5616228f6556b320ac0d2f586504538abb638e"
} ,
{
"category" : "Payload delivery" ,
"comment" : "ups.rar" ,
"deleted" : false ,
"disable_correlation" : false ,
"object_relation" : "md5" ,
"timestamp" : "1517488898" ,
"to_ids" : true ,
"type" : "md5" ,
"uuid" : "5a730b02-ecac-48c3-9481-409b02de0b81" ,
"value" : "6b13994f83dad0d45764911a88564a7b"
} ,
{
"category" : "Payload delivery" ,
"comment" : "ups.rar" ,
"deleted" : false ,
"disable_correlation" : false ,
"object_relation" : "sha256" ,
"timestamp" : "1517488898" ,
"to_ids" : true ,
"type" : "sha256" ,
"uuid" : "5a730b02-df4c-4212-8585-439002de0b81" ,
"value" : "da3b2e4da23aae505bf991cb68833d01d0c5b75645d246dfa9b6e403be1798c8"
}
]
} ,
{
"comment" : "" ,
"deleted" : false ,
"description" : "VirusTotal report" ,
"meta-category" : "misc" ,
"name" : "virustotal-report" ,
"template_uuid" : "d7dd0154-e04f-4c34-a2fb-79f3a3a52aa4" ,
"template_version" : "1" ,
"timestamp" : "1517488899" ,
"uuid" : "1718834e-3131-4711-92e4-4fd9e25abcb7" ,
"Attribute" : [
{
"category" : "External analysis" ,
"comment" : "ups.rar" ,
"deleted" : false ,
"disable_correlation" : false ,
"object_relation" : "permalink" ,
"timestamp" : "1517488899" ,
"to_ids" : false ,
"type" : "link" ,
"uuid" : "5a730b03-589c-47de-a519-4d8702de0b81" ,
"value" : "https://www.virustotal.com/file/da3b2e4da23aae505bf991cb68833d01d0c5b75645d246dfa9b6e403be1798c8/analysis/1517457719/"
} ,
{
"category" : "Other" ,
"comment" : "ups.rar" ,
"deleted" : false ,
"disable_correlation" : true ,
"object_relation" : "detection-ratio" ,
"timestamp" : "1517488899" ,
"to_ids" : false ,
"type" : "text" ,
"uuid" : "5a730b03-0afc-42a7-a1b0-48e002de0b81" ,
"value" : "49/64"
} ,
{
"category" : "Other" ,
"comment" : "ups.rar" ,
"deleted" : false ,
"disable_correlation" : false ,
"object_relation" : "last-submission" ,
"timestamp" : "1517488900" ,
"to_ids" : false ,
"type" : "datetime" ,
"uuid" : "5a730b04-ae70-4fab-b15f-48c602de0b81" ,
"value" : "2018-02-01T04:01:59"
}
]
}
]
}
}