2023-04-21 13:25:09 +00:00
{
"Event" : {
"analysis" : "2" ,
"date" : "2018-04-07" ,
"extends_uuid" : "" ,
"info" : "OSINT - New Matrix Ransomware Variants Installed Via Hacked Remote Desktop Services" ,
"publish_timestamp" : "1523391310" ,
"published" : true ,
"threat_level_id" : "3" ,
"timestamp" : "1523391291" ,
"uuid" : "5acb6516-f590-4456-8fd7-4243950d210f" ,
"Orgc" : {
"name" : "CIRCL" ,
"uuid" : "55f6ea5e-2c60-40e5-964f-47a8950d210f"
} ,
"Tag" : [
{
"colour" : "#0088cc" ,
2023-05-19 09:05:37 +00:00
"local" : "0" ,
"name" : "misp-galaxy:ransomware=\"Matrix\"" ,
"relationship_type" : ""
2023-04-21 13:25:09 +00:00
} ,
{
"colour" : "#ffffff" ,
2023-05-19 09:05:37 +00:00
"local" : "0" ,
"name" : "tlp:white" ,
"relationship_type" : ""
2023-04-21 13:25:09 +00:00
} ,
{
"colour" : "#2c4f00" ,
2023-05-19 09:05:37 +00:00
"local" : "0" ,
"name" : "malware_classification:malware-category=\"Ransomware\"" ,
"relationship_type" : ""
2023-04-21 13:25:09 +00:00
} ,
{
"colour" : "#00223b" ,
2023-05-19 09:05:37 +00:00
"local" : "0" ,
"name" : "osint:source-type=\"blog-post\"" ,
"relationship_type" : ""
2023-04-21 13:25:09 +00:00
} ,
{
"colour" : "#3b7500" ,
2023-05-19 09:05:37 +00:00
"local" : "0" ,
"name" : "circl:incident-classification=\"malware\"" ,
"relationship_type" : ""
2023-04-21 13:25:09 +00:00
}
] ,
"Attribute" : [
{
"category" : "External analysis" ,
"comment" : "" ,
"deleted" : false ,
"disable_correlation" : false ,
"timestamp" : "1523391244" ,
"to_ids" : false ,
"type" : "link" ,
"uuid" : "5acb6525-5b00-451c-9e62-430f950d210f" ,
"value" : "https://www.bleepingcomputer.com/news/security/new-matrix-ransomware-variants-installed-via-hacked-remote-desktop-services/" ,
"Tag" : [
{
"colour" : "#00223b" ,
2023-05-19 09:05:37 +00:00
"local" : "0" ,
"name" : "osint:source-type=\"blog-post\"" ,
"relationship_type" : ""
2023-04-21 13:25:09 +00:00
}
]
} ,
{
"category" : "External analysis" ,
"comment" : "" ,
"deleted" : false ,
"disable_correlation" : false ,
"timestamp" : "1523391244" ,
"to_ids" : false ,
"type" : "comment" ,
"uuid" : "5acb6534-0f10-4266-b5fc-4f1a950d210f" ,
"value" : "Two new Matrix Ransomware variants were discovered this week by MalwareHunterTeam that are being installed through hacked Remote Desktop services. While both of these variants encrypt your computer's files, one is a bit more advanced with more debugging messages and the use of cipher to wipe free space." ,
"Tag" : [
{
"colour" : "#00223b" ,
2023-05-19 09:05:37 +00:00
"local" : "0" ,
"name" : "osint:source-type=\"blog-post\"" ,
"relationship_type" : ""
2023-04-21 13:25:09 +00:00
}
]
} ,
{
"category" : "Payload delivery" ,
"comment" : "" ,
"deleted" : false ,
"disable_correlation" : false ,
"timestamp" : "1523391244" ,
"to_ids" : true ,
"type" : "filename" ,
"uuid" : "5acb659c-0d50-42b8-9be9-40f2950d210f" ,
"value" : "!ReadMe_To_Decrypt_Files!.rtf"
} ,
{
"category" : "Payload delivery" ,
"comment" : "" ,
"deleted" : false ,
"disable_correlation" : false ,
"timestamp" : "1523391245" ,
"to_ids" : true ,
"type" : "email-src" ,
"uuid" : "5acb659d-25ec-41ac-ae45-4e10950d210f" ,
"value" : "files4463@tuta.io"
} ,
{
"category" : "Payload delivery" ,
"comment" : "" ,
"deleted" : false ,
"disable_correlation" : false ,
"timestamp" : "1523391245" ,
"to_ids" : true ,
"type" : "email-src" ,
"uuid" : "5acb659d-0704-4e84-b9ce-46a2950d210f" ,
"value" : "files4463@protonmail.ch"
} ,
{
"category" : "Payload delivery" ,
"comment" : "" ,
"deleted" : false ,
"disable_correlation" : false ,
"timestamp" : "1523391246" ,
"to_ids" : true ,
"type" : "email-src" ,
"uuid" : "5acb659d-45ec-4971-aa43-4a49950d210f" ,
"value" : "files4463@gmail.com"
} ,
{
"category" : "Artifacts dropped" ,
"comment" : "!ReadMe_To_Decrypt_Files!.rtf ransomnote" ,
"data" : " / 9 j / 4 A A Q S k Z J R g A B A Q A A A Q A B A A D / 2 w B D A B A L C w s M C x A M D B A X D w 0 P F x s U E B A U G x 8 X F x c X F x 8 e F x o a G h o X H h 4 j J S c l I x 4 v L z M z L y 9 A Q E B A Q E B A Q E B A Q E B A Q E D / 2 w B D A R E P D x E T E R U S E h U U E R Q R F B o U F h Y U G i Y a G h w a G i Y w I x 4 e H h 4 j M C s u J y c n L i s 1 N T A w N T V A Q D 9 A Q E B A Q E B A Q E B A Q E D / w g A R C A T i A 4 M D A S I A A h E B A x E B / 8 Q A G g A B A A M B A Q E A A A A A A A A A A A A A A A I D B A U B B v / E A B g B A Q E B A Q E A A A A A A A A A A A A A A A A B A g M E / 9 o A D A M B A A I Q A x A A A A H q 2 u f r O 2 f G 7 F e r s G d a W b e U p 55 L U v S C 6 B B 56 F 0 C C 4 U r h S u F K 4 U r h S u F K 4 U r h S u F K M S w i S V i x Z Q T T z l r 3 w P a y a z K X I i S W Y v e x P X n h I i S V 2 B T e e I x L C B M u K V U y R 4 e r h S u F K 4 U r h S u F K 4 U r h S u F K 4 U r s p Y 9 t K T O a H t p S u F K 4 U q L j 1 d A g o 2 m B Y 64 t x e T z r N 1 M h O j z i a l v 52 g 0 x M 2 N k R K I V z 9 E q r Q A A A A A A A A B T D S M U 9 Q z Q 2 C q G g Z 46 h l 90 j N T v F P l 4 x y 1 C m O g U + X j J P Q M f m 0 Z f d I y S 0 i i G o Z Y 7 B R Z M Z m k Z Z 3 g A A A A A A A A B V a A K 4 X i E w q 8 u A F M r A h O k h p z i C l 1 x x B 0 52 T 8 v l z 16 s p 51 u T 1 p e p 57 X w 6 S j T O p e U + W b 4 y j n U q 7 K B 7 m s J e 57 T R P z 0 A z q v S 33 N M s 0 c / o A F c V Z Z 5 T E 1 q 4 l 0 K b S c K / T T I A M s 8 t h c r 8 J 2 Z J F 6 E T V K u w A o U R N P u W Z f 5 V 4 a L c 2 k A o V i x n m X T x b i Q I 1 X 4 D R 7 T W b Z x k A A A A A A A A A P P f C i 3 N W b f K R o x a q C 7 L r q O e O u M / v b u j 559 B X H D f Q j 57 o b / J f Z P M 69 A A j I R S E U h F I R S E U h F I R S E U h F I R S E U h F I R S E X v p F I R S E U h F I R S E U h F I R S E U h F I R S E U h F I R e 1 F i s l i s W K x Y r F j w v r w e v B 68 H r w e v B 68 H r w e v B 6 j 6 e n h 6 A e H r 30 j X c I + T H K a n X F s 4 S 47 x 13 W c 9 + 6 c 128 K N H m k o T g e s 8 D W 5 d 5 t V a C C Y g m I V y 8 J s U z U n E h b T a e R x d E V e 1 G h 74 e S 5 s j o K r B C d B b P m d G a 9 r s r u F t V i + 1 C J w m s q l p X 7 X Y k / K 7 F 9 r n i T T Z T N f J Z N K W e e w V 7 V N L C t Y 34 N 55 m 0 57 L k b I i q s P V d g g 9 q c o w l t e U G h X A v Q g X A M G 0 k q x n R c / W W s e g l 576 R B P m 7 u c a d X M 6 Z 7756 A A Z B 1 x b K N v L e K 23 z l q 2 t 71 z G V d Z r r l 6 V e X i n y 8 V + z E E x B M Q q 0 D P Z Y I J i q c h C Y Q T D z 0 A A e e S E J h 5 X Z 6 V W g q t F U 5 A C K Q e e h X Y K r P R V K Y 8 j M V r B 56 E J h 5 n 0 Z 7 M b q p e R 71 h i y 9 c c 6 / V V Z P m d O U c q P X L y d O 0 c i 7 o i m 4 O N 52 I n M r 6 v k c T d 0 P K w 9 G E y E v P C R I 8 S E f J j z 3 z 0 A A y D r i 2 M p 8 t Z / b I r H V R e K 55 T V H z 0 y e V w 3 j f b V D O r 5 w n L V P B t L F V g 95 M j q H K O q h 4 T 8 w b z 0 g e W Z 7 y V U 4 R T b k 3 x J V P S u 3 m 6 J d a q y x C e Y t 8 h O z N 7 V L W d v n u f G t K s s p 49 R O i + t F m P U s / I T P c t 1 J o l j v S f j x Z S h E t e e n m f R n s t K p b 5 Y R u Y h r h V b Z 69 r l l b z 7 D R Z m q N z n 6 S 9 G R F T n O h D J A 6 H u O J r n n 0 F U o x L M + j w y N U j L 5 s o L 5 R k A A Z B 1 x b d T d y 15 X a U C n N v 8 z f Y T 81 M z U 1 K L z I F q n I A A A R k A H n k h H 30 I y Z Q 9 k y V W u j n W b W e o a 5 e e + e i q 0 m V q a Q m Z o A H l d o A e e i C Y h M P K 7 R C Y A e Z d X q Z m l W Z p G Z p G b z U K / Z p Y J i E b R B M Q T E E x B M Q h c I J i r 2 w Q l 74e1 W j z 0 P P f P Q A D I O u J 2 U e 8 t a o 45 L s Y R s 9 y a R K m 49 A A A A A A r s o L 45 q z d 7 C Y A A A A A B H x W X e + e g A A A F V u I b X P 8 A T f H D I 3 K b g A A A D y K s u 989 A A A A A P K 7 M Z r 9 w 2 m p R e A A A A A I y g e + 0 3 H o A P P f P Q e D 3 H s M g 64 s t r t 5 a 8 e l 8 e j x 6 P H o 8 e j x 6 P H o 8 e j x 6 P H o 8 e j x 6 P H o 8 e j x 6 P H o 8 e j x 6 P H o 8 e j x 6 P H o 8 e j x 6 P H o 8 e j x 6 P H o 8 e j x 6 P H o 8 e j x 6 P H o 8 e j x 6 P H o 8 e j x 6 P H o 8 e j x 6 P H o 8 e j x 6 P H o 8 e j x 6 P H o 8 e j x 6 P H o 8 e j x 6 I P I m Z S 646 F t V v L Q L H 1 I i k I p C K Q i k I p C K Q i k I p C K Q i k I p C K Q i k I p C K Q i k I p C K Q i k I p C K Q i k I p C K Q i k I p C K Q i k I p C K Q i k I p C K Q i k I p C K Q i k I p C K Q i k I p C K Q i k I p C K Q i k I p C K Q i k I p C P v n o B U n M 5 I 646 F t V v L Q L 5 K M g A A A A A A A A A A A A A A A A A A A A A A A A A A A A A A A A A A A A A A A A A A A A A A A A A C P s Z A E Z w m c k d c d C 2 q 3 l o F 8 l G Q A A A A A A A A A A A A A A A A A A A A A A A A A A A A A A A A A A A A A A A A A A A A A A A A A B C U Z A E Z w m c k d c d C 2 q 3 l o F 8 l G Q A A A A A A A A A A A A A A A A A A A A A A A A A A A A A A A A A A A A A A A A A A A A A A A A A B C U Z A E Z w m c k d c d C 2 m 7 l o F 8 l G Q A A A A A A A A A A A A A A A A A A A A A A A A A A A A A A A A A A A A A A A A A A A A A A A A A B C U Z A E Z w m c k d c b 7 q b u W g X y U Z A A A A A A A A A A A A A A A A A A A A A A A A A A A A A A A A A A A A A A A A A A A A A A A A A A E J R k A R n C Z y R 1 x v u p u 5 a B f J R k A A A A A A A A A A A A A A A A K 7 O S d Z x 6 z u O b Q d l y d 5e5 X h 1 n N 559E4 t Z 3 n G s O q 4 d x 1 m C J 0 X E m d h x b z p s G Q 7 T l e n U c 3 E d 9 z q D s O Z Y b 3 D k d p y O o T A A A A A A A A A A A A A A B C U Z A E Z w m c k d c b 7 q b u W g X y U Z A A A A A A A A A A A A A A A A D i 9 q B x d P U H L z 9 w c n r B y s / d H J d Y c l 1 h y Y 9 g c O 7 r D B n 644 m z e M F f T G D z o D m u k O J P s D n x 6 Q 59 H X H D l 2 h j 2 A A A A A A A A A A A A A A A B C U Z A E Z w m c k d c b 7 q b u W g X y U Z A A A A A B m 0 H o B S X A A A I T B U W o T C m 4 A F J c A p u A A B A m A U l y i 49 U + l o A B U W l J c j I E C Y A C E w h E t Z N Y A A A A A Q m F V o A A A A A B C U Z A E Z w m c k d c b 7 a r e W g V K M g A A A A D F n 6 o 5 k + g M O b r j k 3 d A c r 3 q D k S 6 o 5 d 27 w x 5 e u O N L r j j S 645 t X X H M v 1 + n K r 7 I 5 U + k O N L q T K M n R 9 O R d 0 R y J 9 Q c p 1 R i y 9 c c u H X H H u 6 Q y 4 e w O V o 2 j k T 6 g 5 t P Y G b H 1 R y q u 1 A 5 m j c O O 7 A 5 O n a O V H r j n T 3 D k + d c Y s 3 W H K n 0 h z K O u O b H r j n 9 A A A A A A A I e + e g H k 6 v T m v X X G 62 q 3 l o F S j I A A A A A x x v g Y 90 b j n T 2 V m b Z 76 Z q N Y z 1 b f C 3 P o g V r J m C z V A o 1 w v M l O j 0 p v l 4 Z 4 W X F U d A h r o m W A A A A A A A A A A A A A A A A A A A A A A A A A A A A A A h 756 A R 898 M w 64 v t q t 5 a B U o y A A A A A A A A A A A A A A A A A A A A A A A A A A A A A A A A A A A A A A A A A A A A A A A A A A I e x k A R 898 M w 64 v t q t 5 a B U o y A A A A A O e t H v j w u o t g U 3 B K u 2 B O n 3 w l 754 X e T y C + v 0 t p 99 P a d N Z K M N B j t s r J y 8 o L f J R L q L Y m e y c j 15 Q W + e z I 2 Z 7 z J o 88 L P K 7 C r 2 d h D y m 88 u y 6 i w A A A A A A A A A A A A A A A A A A A F c o y A I + e + G Y d c X 21 W 8 t A q U Z A A A A A A A A A A A A A A A A A A A A A A A A A A A A A A A A A A A A A A A A A A A A A A A A A A F c o y A I + e + G Y d c X 21 W 8 t A q U Z A A A A A G C y t 3 k r M N 1 m i F c Z d E 8 V s X 1111 d 7 T D U 2 s n u b L V j h Z 0 a q P M 2 / 3 F f Z f X R N V 2 W 2 y u 6 u V S 3 c v X z s f c 0 t N M M / h p 9 o i a Z Z q z V L J 5 Z q 9 z 2 Y u i 6 m 7 l Q A A A A A A A A A A A A A A A A A A A A A A A K 5 R k A R 8 D M O u L 7 a r e W g V K M g A A A A A A A A A A A A A A A A A A A A A A A A A A A A A A A A A A A A A A A A A A A A A A A A A C u U Z A E A Z h 1 x f b T d y 0 C p Q m A A A A A Y r M 3 v e X W c 2 + z V G i u X d L m 3 x q h l r r X L J X q d J z / c 2 / T z / L O n X l h m 7 f O f f Z s r x T W 6 z D d Z d 7 j 9 N 7 F C X f L D O N V O X 3 U 62 G 7 L i 6 p Y Z V q 9 w 16 m 6 W M b Z 87 T m 6 c t u I 3 + Z P K 21 Z f L N 9 W f w 6 z z 3 z 6 A A A A A A A A A A A A A A A A A A A r l G Q B A G Y d c X W 1 W 8 t A q c J g A A A A A A A A A A A A A A A
"deleted" : false ,
"disable_correlation" : false ,
"timestamp" : "1523391246" ,
"to_ids" : false ,
"type" : "attachment" ,
"uuid" : "5acb65c4-ae24-453a-a1fd-4317950d210f" ,
"value" : "ransom-note.jpg"
} ,
{
"category" : "Artifacts dropped" ,
"comment" : "ransom background" ,
"data" : " / 9 j / 4 A A Q S k Z J R g A B A Q A A A Q A B A A D / 2 w B D A B A L C w s M C x A M D B A X D w 0 P F x s U E B A U G x 8 X F x c X F x 8 e F x o a G h o X H h 4 j J S c l I x 4 v L z M z L y 9 A Q E B A Q E B A Q E B A Q E B A Q E D / 2 w B D A R E P D x E T E R U S E h U U E R Q R F B o U F h Y U G i Y a G h w a G i Y w I x 4 e H h 4 j M C s u J y c n L i s 1 N T A w N T V A Q D 9 A Q E B A Q E B A Q E B A Q E D / w g A R C A E 7 A 8 g D A S I A A h E B A x E B / 8 Q A G Q A B A Q E B A Q E A A A A A A A A A A A A A A A I D A Q Q F / 8 Q A G Q E B A Q E B A Q E A A A A A A A A A A A A A A A E C A w Q F / 9 o A D A M B A A I Q A x A A A A H 4 D W s 9 M O 69 X z m l 55 r t r F Z I X o u H X q l 8 z 0 w 152 n b z y b Q s K 6 z K u r m 9 G a 5 t a M H V x x v E 3 m 3 y S e 7 S 1 k 2 h m G v V x e z C a y b 53 P J 9 f l X i + s 59 u 1 w r 1 T O n l b Y 3 l 1 v U 6 e X u 1 p 5 u a e g 8 b v N c u t d M 9 f L 30 d X y 9 v Z P L 30 d X y l 3 l D b r e D Q z m 3 l c + e z C a y a 5 X m a m o n 0 R L k 25 Z l 26 M u e j S b 8 s + q E w a V c 4 t k u K 4 u A s A A A A A A A A A A 9 V Y c x 6 b 7 y U y 9 H n 3 u K n P a b T y l O S m W + G t 52 h O m 8 S m q z v O 5 n 1 e P e 50 Z x n p s n g v D a z K 8 + X n 6 O z O e 0 7 + a 7 j P Z F l d y 0 l r l R N 9 q F l 85 y X u H o 8 + u O 2 n n 1 m + 87 m t q g 759 p 1 y 0 0 z z z 15 r a 5 m 4 y m t O d w u K v T k v H K a r v k 3 O 9 T L h v 59 t c c 9 p 41 f G c 1 r 28 Z u n Z T v n 9 H n 1 y 9 G m X c 9 S L s K i a r n J u a 7 F H e d z T a Z 4 t c l c T N T e Q W A A A A A A A A A A G 3 Z 0 w X b O O l J r E a 5 g D W X J 3 l g A A A A A A A A A B a a T f F 7 m 6 z w W A A N M 6 K j f B b z o k 6 Z 0 O d k 0 4 t c q k l T r l L 3 s r L Z 6 L P d 4 m 4 z u L z A A 0 j i X T M D b F S q M x c t s e z V Q I F g A A A A 0 l z d 5 Y N J c x Y A A A A a V N 4 u 6 p i L k 2 T d V H M d 9 J 0 y X R F r z m W 6 T U 9 X H 0 T x I z 1 w 1 w 9 F s s 977 w u W / O p G F R v z + u a n n 6 t Y 5 m b M q s 5 X e H K n N N N s 0 3 z H f D X L u u W g 3 x 5 n o 5 L X P L 0 + b 1 X H e c j P a 6 i 7 O + T 1 e a 8 f X C p 153 i X T k 8 a 4 c v O 3E3 l n t j r z + y O V n 0 T c V Z y v P 6 E h W Z z f C 5 v n K w Z 9 e P c l z 9 P n 9 G u X N c + 47 k 0 n Z q D z e v y b 78 + t Y s e j v O 8 u K I a a d y T 0 5 S m u z h 6 t c / P e O 951 z m m e 3 k 9 H n 9 G u N s 2e1 V F r P e d O a Z 9 l 5 X L M b m r l N S b R z N q k r y x a z r j D b E C 5 A A A A 2 y 4 m h S S V Z K p N s u J o L k A 72 W R Y A A A B r E p o L l 2 r m 8 u 1 m z 3 h Z V Z j X P i X r m h H C x 3 g 7 w A A A C + S y L A A A C 5 l 4 L O u p Z X A F g A A A H d c b m 4 X D I W A A d 1 x T Q X I A A A A A H p c 5 z 9 f J h v z 1 p r G e 6 Y 9 J 5 V c v H q f Q 3 j 3 b O b 7 O 2 U v a g Z 1 l e u G v O J 25 j 6 M L x 9E9 v P a O d U u O S 9 m 1 i e 3 E e f 0 Y a 5 a 8 r s 2 m z W a z P c N v P c e r k s 9 e x d k c 6 q M t 8 t c e e j z 7 y 8 d 7 O v J 2 i V G v C Z 0 o z 8 / o w 1 x 0 p p O m O n A 0 z T X K q U 8 + m e + u O d k 2 w 9 P m u f Z l 3 u e z C + a 5 a d m Z v b H u 0 1 G W + N z n v G y Y R t y 4 t P Z 147 Z l V c g d X L K 435 g u Q A A A A A A A A N 5 z T f B c e j F M 3 v l I 3 y k j T M m j M u 8 R x b 7 m T S O E 2 Y m 7 g Y t B d 2 C a 0 v B Z r z M W g m + A a z y V 15 m N u Z C 4 G b Q X R m N 2 C a 17 i s 76 v J S 1 y D O 3 M i 7 z k N 84 G + A l 8 k l o L d Z D W / O X t Q Z 3 n I 1 r k M 6 s i 748 F a Y i q z G + c F 7 t g S 4E05 B d K x L o z J r W P F 0 z G Q s A A A A A A A A A 9 n K n j 9 B y p s y b 1 c e O / R S e L 1 c 0 m v L p d m P b q b y j 0 e P X L 1 e b 15 T f a n i 5 e i N E 8 v N 51 x j f n c 9 v P 3 T e 4 + f t n r r j L e c 9 v N z 2 e P X A N c w A A A A A A A A A A A A A A A A A A A A A A A A A A A A A A A A A A A A A A A A A A P X 5 e J v 0 886 a 318 Z f T 3 y j a v O Z 3 n J Z 6 e + V N + u P O P Z h k P d z y d m 628 i 8 / R p 5 O L 6 N P G P X 3 x p f T z z r n 0 a e T i 74 F 5 h c g A A A A A A A A A A A A A A A A A A A A A A A A A A A A A A A A A A A A A A A A A A b 3 c c v d P N O X O E e n S 8 / E 9 V p 4 t 27 X k 7 e q Y 811 n T G N v P c a + f 3 Y T X O 6 F 8 n P R t e f i 57 e H j e n R P H t p p O n g 76 N L z 8 X f R q e F 7 C + N 7 p X x t 9 b j y 69 q a n z + 3 x I 76 V T 5 / c z 18 L v O n j A A A A A A A A A A A A A A A A A A A A A A A A A A A A A A A A A A A A A 9 v j 7 O e v s n z p 0 9 V e K l 9 G n h p P R f h o 9 X P K T 288 i a 9 m O K 59 e e M n r Z J 0 7 v 4 f W V z y G a 9 P i r X P 1 d 8 f Z v 0 d 83 U 9 P P L 0 9 b y J r 0 c w X H r r x d m / Q 8 y z 154E9 e W F H q n z F S b 8 w A A A A A A A A A A A A A A A A A A A A A A A A A A A A A A A A A A A A F v V P P 1 Y c 3 W e e d r v P z N N U 81 V 62 / C 11 T z c 9 N z f l n 1 Z 3 O c e / z S 5 v Y a 8 P d b v L z P R w x e j i + d p q z 56 r R r L P 2 + J D a k 87 f q + f u t n m e j K y B e Y A A A A A A A A A A A A A A A A A A A A A A A A A A A A A A A A A A A A A A A H t y 5 j j 0 + u c 0 3 v z z 7 S 9 r G j S v H V z 6 K 8 k p 7 O + Z O n p 8 m k 3 G 8 z i v o 5 S a 53 z e t O K 883 p z P m u O 3 c b m q Z K 381 m d / J d m n M u z p r G f L j R m u c h v z A A A A A A A A A A A A A A A A A A A A A A A A A A A A A A A A A A A A A A A A A A A A A A A A A A N c k t w A W A A A A A A A A A A A A A A A A A A A A A A A A A A A A A A A A A A A A A A A A A A A A A A A A a V P c 9 Z v O 0 7 F S X P e L 3 s 9 W b i m U 1 J c V K 13 h Z u K Z c C o q D R w 1 N x T P O 8 F R U l 8 G p u K S a m k 7 F S X x x p U 9 S b i k 7 F S X P e L 3 s 9 W b i m U 1 J c V K 13 h Z u K Z c C o q D R w 1 N x T P O 8 F R U l 8 G p u K S a m k 7 F S X x x p U 9 S b z t O x U l z 3 i 97 P V m 4 p l N S X F S t d 4 W b i m X A q K g 0 c N T c U z z v B U V J f B q b i k k X M L 6 m Z 2541 y l N I O L p c m n C H e X I B p n K a Z 0 N p c V w g W A A A A A A H d p r B p m g W G m c v e a Z g W G 3 J v J p m y F g A 0 l z b y 1 k L g A a S 5 t Y W W m a B Y a a T p 522 L A W H d 5 r z t M 0 C w A A d O L i U b r g 2 l c 2 m b I W G k S 8 O 2 F a T e C p u A A A A A A N 683 c 9 e b Y + o 5 n t z P b u d d X u f e p U 86 s 3 M 3 P N n Z r L D 0 e f X D a i d O 3 m m n Q 8 + u d 74 d r r P b k 2 I x 9 P m v L f l 5 z e s a z O j L t X G P q 8 m 1 z z S e Z 2 r s n f N 6 P P r l t p P M 9 e Z b 4 a 5 e v J 3 P Z c 2 u f e W m M X n v z 89 H n 1 l 0 6 Z 9E12 U n t l n v B c c h n S i b x z 0 y 6 e V 6 P P 6 J r H f K 2 p y 9 H n u K 0 z 2 m u 8 r u e 3 J 6 S a z X H a q F v n O z V e T 0 + f X L n r 8 n o J 7 j 6 J e a J n a S 2 Y 8 + s 643 f M Z r 1 I n P b H h 18 Q A A A A A A H a h L 244 a x J d Z j p X c x f J J d Z F u B K S L T w q s y 9 v P q a T B b Q N M y y q z R p y C 12 F i 4 S U k t 1 k W 4 E p I u O 8 L Q L 7 m W 6 y F J J 2 o V a E X W R d G f S 2 Y q R m r y N a 9 x L p y C N c i a V i a 1 Z C k m d Z g u k y T 0 Z T x r 0 + d w 17 i N Z g i 4 J V 5 F 0 Z i + S S 54 N O Q U L k A A A A A D 0 e f 0 e f P W + 31 d J r H P e H o 5 e U V G r X n j T P X n C 5 A A A A A A A A A A A A A A A A A A A A A A A A A A A A A A A A A A A A A A A A A A A A A A A A A A A A A A 9 H M G P R 6 Z w G u R r l v z F O l 735 p e Q a 4 B Y A A A A A A A A A A A A A A A A A A A A A A A A A A A A A A A A A A A A A A A A A A A A A A A A A A A A A B / 8 Q A K h A A A g I B A w Q B B A M B A Q E A A A A A A Q I A E R I D E y E Q I j E y Q z A z Q G A g I 0 F C U H D / 2 g A I A Q E A A Q U C 6 V K + l 5 l G V + b X 86 P / A I N f Q r 83 T H O p y F + 38 U K 1 M e B p k w q V j L j M e N o 9 E B x 74 P R U L R k I g 0 y Y V K w C z j y R R w N 7 R g U m F C J t N K 6 b T Q K S d p p R v a M C E g o R F W 4 E J B 0 y J i c M D Z 0 i I F L R V K 9 M e A p M V b n O B Q l Q p w O m R 0 0 o H y I U b h 1 K L G y v A P Q P Q P c g 7 U 91 V b j V g O 1 L z W K p a F C J t m F a m P G 2 Z g Q X Q m B C Y U I 6 K h a M h E + J U J h Q g D T J j I V m 2 Z y F x O C r U 2 m g U m H T a t t q 0 / d v b 8 Z R 2 Y j E f b + K D u 0 z N T 286 e r 5 P p q + Y v 29 O D 0 7 Q u S V a t G F Q G j V N 7 R f b L T i m a f t l p 25 s 6 X t l p x S C 6 k 5 / w D V m f H p z 1 T 4 t O f E n q G 0 x P j 0 + m n A c Z W K / E 3 o v 29 P p p
"deleted" : false ,
"disable_correlation" : false ,
"timestamp" : "1523391246" ,
"to_ids" : false ,
"type" : "attachment" ,
"uuid" : "5acb662e-ae24-4c24-b1e4-45b9950d210f" ,
"value" : "background.jpg"
} ,
{
"category" : "Payload delivery" ,
"comment" : "" ,
"deleted" : false ,
"disable_correlation" : false ,
"timestamp" : "1523391247" ,
"to_ids" : true ,
"type" : "filename" ,
"uuid" : "5acb688a-afe4-4118-9fa4-4d4c950d210f" ,
"value" : "#Decrypt_Files_ReadMe#.rtf"
} ,
{
"category" : "Payload delivery" ,
"comment" : "" ,
"deleted" : false ,
"disable_correlation" : false ,
"timestamp" : "1523391247" ,
"to_ids" : true ,
"type" : "email-src" ,
"uuid" : "5acb688b-04dc-4e65-9b64-4eab950d210f" ,
"value" : "restorfile@tutanota.com"
} ,
{
"category" : "Payload delivery" ,
"comment" : "" ,
"deleted" : false ,
"disable_correlation" : false ,
"timestamp" : "1523391247" ,
"to_ids" : true ,
"type" : "email-src" ,
"uuid" : "5acb688b-1d94-4570-94ce-4e30950d210f" ,
"value" : "restorefile@protonmail.com"
} ,
{
"category" : "Payload delivery" ,
"comment" : "" ,
"deleted" : false ,
"disable_correlation" : false ,
"timestamp" : "1523391248" ,
"to_ids" : true ,
"type" : "email-src" ,
"uuid" : "5acb688b-1de4-4f58-924d-445a950d210f" ,
"value" : "restorefile@qq.com"
} ,
{
"category" : "Artifacts dropped" ,
"comment" : "ransomnote wallpaper" ,
"data" : " / 9 j / 4 A A Q S k Z J R g A B A Q A A A Q A B A A D / 2 w B D A B A L C w s M C x A M D B A X D w 0 P F x s U E B A U G x 8 X F x c X F x 8 e F x o a G h o X H h 4 j J S c l I x 4 v L z M z L y 9 A Q E B A Q E B A Q E B A Q E B A Q E D / 2 w B D A R E P D x E T E R U S E h U U E R Q R F B o U F h Y U G i Y a G h w a G i Y w I x 4 e H h 4 j M C s u J y c n L i s 1 N T A w N T V A Q D 9 A Q E B A Q E B A Q E B A Q E D / w g A R C A E 7 A 8 g D A S I A A h E B A x E B / 8 Q A G Q A B A A M B A Q A A A A A A A A A A A A A A A A E C A w Q F / 8 Q A G Q E B A Q E B A Q E A A A A A A A A A A A A A A A E C A w Q F / 9 o A D A M B A A I Q A x A A A A H w G t s 9 M Y 3 L z p v e e b S z W M 2 J W L 6 L j M d U v M 6 a N c 7 S b z y b U K L S l J t K 0 j o z X N r Y w S Y i d q N 5 t s 0 q 3 i X F t S y j W V y j s w m s m 9 L m s d X K s T c z n N t F x d d Z 0 5 o 2 x v K W 9505 W 9 j m X 6E40 x r l L X T P X m d E r z N N U 5 n R K 8 q b X l R t L W M a E z b 1 m s 47 M F z j X K 8 z U 1 S v R S X N o s y m 9 j J v p N 8 k d V E x X t c 5 R v E u K 9 L g L A A A A A A A A A A O q 2 N c e n R F U z 3597 i 1 c 9 Z u a x Z S K p l v j p e d 1E6 b 0 q m r Z 3 z u a 9 P J v c 6 M q 56 b I q q + G 1 z n b N e e 81 r n t X f m 0 u M t l L L T l p L K 1 J u 0 0 W X i I J w 6 O e 89 t O e Z r W I q t y C c N M 7 y 30 w r O r V K L 54 L v F c 7 i 17 x N F Z X S e T U v N J l 5 + n n 11 y z 2 r C 3 R n N a z f G b t K q W 598 N c t 752 z 1 i c 72 F q z R W L m 0 0 s T E 5 p r E V W 0 V X F a 2 r e Q W A A A A A A A A A A G t p v B e 6 Y 3 t L W I v M C Y a y 5 J i w A A A A A A A A A A u m l b w q i W Y F g A A B t j N B c g A E 3 l z F h t j N B c k 2 l r H T k 3 m L z A A 0 o i W 9 A N s l h O h k L l v g m r 1 E g W A A A A E 3 l z T F i V 5 c x Y A A A A a W m 8 U 6 p i L k 2 T d r U j P f S u m U u i l 2 o j L Z i L V l r H o r C U z 1 x 1 w 3 u y z 3 v M F y 3 i U p h a m / P 1 x N c e n W k Z y 7 M 5 s i 0 w R a t E v t m m 4 x 3 w 1 x n X L R W + M Z 6 I r O u e P T z d V x M R X P a Z r Y c 3 T y 649 d J t n s i Y l 2 y i q z E x e d r R D d M N 8 N e f t y t b H o p a s 2 S x 1 S t p o r f C 6 x F + d n r x n J c + n n 6 N c o 1 z t j v C t k m t q V z d f L t r z 62 y j H o t W Y u L T F F a T k v T l V L N c O v X P m v l t e d o j X P b j 6 O f o 1 x u z n P a b U u s I k j T O Z Y v W 5 l a J u V b V N q R m 1 Z R e O b S u u V G 2 I F y A A A B t k T U F 0 r C 1 l U w b Y k 0 F y A T M t R Y A A A B r S s z U C 5 L 3 m 8 l 82 Q s m a p d c g l F y g s A A A A A L p a C w A A C V q y w L J T E q L 0 A s A A A A n X K 83 m v R k L A A J 1 x T Q X I A A A A A H S i O f q i t G + F 77 Z 57 q 0 6 T l W i 8 Z V 6 G 8 Z 2 z m 0 a 5 y r 0 G d s r 64 a x C d a 5 d P P r l v D T H a k W r Z N 6 R N T W y x D S K Y d H P r l r F p m 1 b G q L m Z w 1 x u O m K s 9 Z r a 60 i 1 b m u e 2 W u U d H P v L E p z 1 i m 9 F U 1 g j P W x n h 0 c + u O l m k 6 Y 6 R B O m U z U W m D n 0 z 31 w z u T c Z d H P c 9 e U z n s 59 I 1 y 0 m t Z v b G d p c 898 b m m + e x h T a L i 0 w z 1 i V 6 y t a I R J c 87 U 35 g u Q A A A A A A A A N 65 T N w L j o x R N 7 Z V G + V S T f M m i h d s 6 S t 2 Z N K Q T a c D V 6 w Z u q X Z g m t L 4 L N Y z F 1 S b Y o N q R V d Y z G 0 Z C 9 J h n S K D R S F 3 Y J r W c l j q 5 Z W 0 U M 7 R k X e u Q 3 p m N 8 U J e K k v O Z d J z g 1 v g V a h n e u R r X K Y Z 1 Z G t 8 U J b T K C 85 k 3 z o a n b C U t W C X V h b 3 x L o z J r b E t 6 Q Z C w A A A A A A A A D s l b j 9 L l i / R v z 8 V u m 8 v J v W 7 X L b o q x z X 6 K W X r e m O 8 L V u c b b W u e P p m R z 6 w a c 3 V k u N r 6 X n P N 0 5 T p S v Z m z j T p s n N H V K x z d O C s + v O 45 t I 6 r j l t p e b 5 p 6 Z m u W e m q 8 k a Z 78 g W A A A A A A A A A A A A A A A A A A A A A A A A A A A A A A A A A A A A d W e U Z 69 N + Q 10 T z Q n R p x j p v x y u 9 M 4 Y 6 u Z F d M c 6 a 305 J N e j i l e v C l T p p j C d l O Z L 1 u U d V e a a 1 v z m e q O W Z r o c 6 z q r z l 6 L c p N 9 O M d M 8 s n T T A a Z l 5 C 1 l V 4 K p E F i q 9 S F x R N i i 9 S F q h e p C Z K r w V A A A A A A A A A A A A A A A A A A A A A A A A B v e 7 l 7 + W u + u v P x u q y 8 m m m s 1 w u q 1 z x T 0 X T k d V l w 0 t G e t I u u c a d O l z x a a a m O X V S X m d c 3 P H H V N n K 65 l w z 685 r n j t p c 8 s 9 h e N 0 a s 8 T r o c 7 q i q t J x 24 j o 6 e T n n r j P X k v 1 U r C e u q 8 j q 5 r y p e q 4 t W Y S 8 Q I v Q t q w L 1 Q a K E m a y q V U g K A A A A A A A A A A A A A A A A A A A A A A A B 215649 P T t x Q d N u S T p n j s d U c s n T j m Z 7 I 47 T f T z 1 j X P o t z J r p 14 L N b 6 c W i d F I 517 J p z 56 d P P W N + f t c b P T q p z 2 u O p y 1 a 7 K 8 y O m u C z f T k H b X l T f U 5 J T W / N F x 0 a c t V 655 b G 7 n X P X y W z u Z F 5 V t I r a t h U I s k r b O 5 F s 9 B W 0 C Y k z C g A A A A A A A A A A A A A A A A A A A A A A A X d T n 6 u J v b X L n a X T C d t 504 J 1 v c c 0 6 a J z N r G M 9 E z r z x u T n j a 1 z z T f o T m r 3 Y z f O 10 u O a N d T m j S l 5 x P R S b y j q y X K e i F w j p 57 i B c A A A A A W q C 1 R M A A A B K A A m B M A A A A A A A A A A A A A A A A A A A A A A A A A A B 2258 + X t 12 w t Z a 2 U r M 46 M 6 Z V 0 W + N Y u O u m O m e t 865 X n 0 s Z X d z 6 z U 6 c u t T X T m T p r n v n o y p t c 5 x a m u e k K S 21 p i v S x S 68 u m W u M D f A A A A A A A A A A A A A A A A A A A A A A A A A A A A A A A A A A A A A A A A A A A A A A A A A A A A A B p S J Z m o v Q Q K A A A A A A A A A A A A A A A A A A A A A A A A A A A A A A A A A A A A A A A A A A A A A 0 t W c 9 a 3 p Z J p a p e s w s z B a 3 p Z l W 1 S 9 L V W 6 C 1 v S 7 M Q F q W q X Q a r e l m Y m J J p a p e B q t 6 W S t q 2 S a W q X h D S 1 Z S t 6 W S a W q X r M L M w W t 6 W Z V t U v S 1 V u g t b 0 u z E B a l q l 0 G q 3 p Z m J i S a W q X g a r e l k r a t k m l q l 4 Q 0 t W U r e l k m l q l 6 z C z M F r e l m V b V L 0 t V b o L W 9 L s x A W p a p d B q t 6 W Z i Y k m l q l 4 G q 3 p Z K i 5 o v K Z k 3 M N c p T S h E 2 s u T S C i Y u Q J j S k s T f M G x i v S g Q A A A A A B L e a 52 m d g I a Z y m m d A k x v W b z X z Z C w A W K r z N Z u j F a i 4 A A A m N M 5 R Z K u i s 6 Z R r l c B Y A T v N 869 G Q s A N U 3 m v V K i 5 L p a C w 0 r L E b 4 K F y A A A A A A B v b m n P W N s e k U 1 Z 7 M 7 S s 0 S l q w I v W t j V M 1 l h 0 c + u G 16 z O k 3 z T S Q 59 c 774 T a W e y l x T L o 57 y 2 i + c 3 r T W s 6 M 1 r j H q 5 N r m N K p u L I i e b p 5 t c 9 t K p 0 j H f C 8 u v J O e y 9 b r n M X T G l 6 b 88 d H P 0 z a p n r j v n r c T T S s 6 R E S z O d O q 5 o i J r T H b n s p p n p r j t X O + e 0 x N 5 p W J M 89 + f f C 2 + H T n p W a a z p n a u i Z W v k X t W r V 6 R q j n 1 p c a 568 y 16 M d b z 0 r W M 9 p w v n v z B c A A A A A A A A T a K y 2 t m N a 1 L p W g v b M W i p L 2 z L a i U m a C 6 g t a k K 0 o T S t C 3 U G m c w l r Z l 0 i s F p o s X o i 0 0 F 7 Z F v Q S 0 0 F 6 F l 1 E t 5 o W 85 C 8 V I v R Z a a F 1 z h G k U L r W g n b C T e m Z q d M o Z 2 j K V l U z e K j W M y 6 W x L r S p L z m N G Y v b I X i p L K j W l S 3 o X N 1 E t r U h Z g u Q A A A A A A A N G j P d F q z V d a w N M 5 W k 2 q x T e + U 3 G 2 V m o R h e e 2 k W n W k x m x r F N V p S 9 r l j 0 Z r l a 92 Y i 9 J 1 i s 6 X G a n U Z 5 R 0 m V G r O G 8 Q t p r f P T J j 0 65 R k 2 W v P 18 t x A 1 x A A A A A A A A A A A A A A A A A A A A A A A A A A A A A A A A A A A A 3 z 1 w z 22 p S E 3 t z J v e 3 P B u x h N r Y C N c m u e 9 u Z n r o o 1 z b 86 X o p m a a Z T e d r 5 a z U 4 X p Z s x m a 6 J 5 t p 0 t l S L j q y z i X r x g t 5 w 75 e W t G u V 7 Z E s o s 1 z g g X I A A A A A A A A A A A A A A A A A A A A A A A A A A A A A A A A A A A H / 8 Q A K h A A A g I B A w Q B A w U B A Q A A A A A A A Q I A E R I D E z I Q I S I x M z B A Q y A j Q V B g Q n D / 2 g A I A Q E A A Q U C 619 K p R E r 72 v 6 i v 6 X T H f U 7 h f j / F C t T H s N M m F S s K 4 z H t t H o g O P n F + N U L R k K w a Z M Z S s A s 15 F a O J v a a B S Y U I m 0 3 X a M C k n a a U b 2 m m B I K E Q L l A h I O m R M T h g b O m R A p a K p X p j 4 h S Q F u d 8 G
"deleted" : false ,
"disable_correlation" : false ,
"timestamp" : "1523391248" ,
"to_ids" : false ,
"type" : "attachment" ,
"uuid" : "5acb68b4-eaa8-43da-963b-4714950d210f" ,
"value" : "wallpaper.jpg"
} ,
{
"category" : "Payload delivery" ,
"comment" : "" ,
"deleted" : false ,
"disable_correlation" : false ,
"timestamp" : "1523280189" ,
"to_ids" : true ,
"type" : "sha256" ,
"uuid" : "5acb693d-4d94-4edb-b326-40a4950d210f" ,
"value" : "a26087bb88d654cd702f945e43d7feebd98cfc50531d2cdc0afa2b0437d25eea"
} ,
{
"category" : "Payload delivery" ,
"comment" : "" ,
"deleted" : false ,
"disable_correlation" : false ,
"timestamp" : "1523280190" ,
"to_ids" : true ,
"type" : "sha256" ,
"uuid" : "5acb693e-b984-43e9-8985-41e9950d210f" ,
"value" : "996ea85f12a17e8267dcc32eae9ad20cff44115182e707153006162711fbe3c9"
} ,
{
"category" : "External analysis" ,
"comment" : "" ,
"deleted" : false ,
"disable_correlation" : false ,
"timestamp" : "1523391249" ,
"to_ids" : false ,
"type" : "link" ,
"uuid" : "5accacb2-2a30-4de7-8c57-4094950d210f" ,
"value" : "http://id-ransomware.blogspot.lu/2016/12/matrix-ransomware.html"
}
] ,
"Object" : [
{
"comment" : "" ,
"deleted" : false ,
"description" : "File object describing a file with meta-information" ,
"meta-category" : "file" ,
"name" : "file" ,
"template_uuid" : "688c46fb-5edb-40a3-8273-1af7923e2215" ,
"template_version" : "7" ,
"timestamp" : "1523307058" ,
"uuid" : "8d158558-595e-4460-9706-acc37ae7f29f" ,
"ObjectReference" : [
{
"comment" : "" ,
"object_uuid" : "8d158558-595e-4460-9706-acc37ae7f29f" ,
"referenced_uuid" : "2b816db9-6c8d-4c0e-9efd-99a358d67736" ,
"relationship_type" : "analysed-with" ,
"timestamp" : "1523307060" ,
"uuid" : "5acbd234-1bb4-4d5e-a9a3-8fe202de0b81"
}
] ,
"Attribute" : [
{
"category" : "Payload delivery" ,
"comment" : "" ,
"deleted" : false ,
"disable_correlation" : false ,
"object_relation" : "sha1" ,
"timestamp" : "1523307055" ,
"to_ids" : true ,
"type" : "sha1" ,
"uuid" : "5acbd22f-7b98-47d2-a6ef-8fe202de0b81" ,
"value" : "be45c74a5dc7a4830be0167ef8ef26ffec37d4de"
} ,
{
"category" : "Payload delivery" ,
"comment" : "" ,
"deleted" : false ,
"disable_correlation" : false ,
"object_relation" : "sha256" ,
"timestamp" : "1523307056" ,
"to_ids" : true ,
"type" : "sha256" ,
"uuid" : "5acbd230-cb24-4520-8874-8fe202de0b81" ,
"value" : "a26087bb88d654cd702f945e43d7feebd98cfc50531d2cdc0afa2b0437d25eea"
} ,
{
"category" : "Payload delivery" ,
"comment" : "" ,
"deleted" : false ,
"disable_correlation" : false ,
"object_relation" : "md5" ,
"timestamp" : "1523307056" ,
"to_ids" : true ,
"type" : "md5" ,
"uuid" : "5acbd230-f714-4b91-a946-8fe202de0b81" ,
"value" : "b4d152a4a0dc40258f3dfae88dd1e2c0"
}
]
} ,
{
"comment" : "" ,
"deleted" : false ,
"description" : "VirusTotal report" ,
"meta-category" : "misc" ,
"name" : "virustotal-report" ,
"template_uuid" : "d7dd0154-e04f-4c34-a2fb-79f3a3a52aa4" ,
"template_version" : "1" ,
"timestamp" : "1523307057" ,
"uuid" : "2b816db9-6c8d-4c0e-9efd-99a358d67736" ,
"Attribute" : [
{
"category" : "External analysis" ,
"comment" : "" ,
"deleted" : false ,
"disable_correlation" : false ,
"object_relation" : "permalink" ,
"timestamp" : "1523307057" ,
"to_ids" : false ,
"type" : "link" ,
"uuid" : "5acbd231-7c70-4127-a4bd-8fe202de0b81" ,
"value" : "https://www.virustotal.com/file/a26087bb88d654cd702f945e43d7feebd98cfc50531d2cdc0afa2b0437d25eea/analysis/1523287281/"
} ,
{
"category" : "Other" ,
"comment" : "" ,
"deleted" : false ,
"disable_correlation" : true ,
"object_relation" : "detection-ratio" ,
"timestamp" : "1523307057" ,
"to_ids" : false ,
"type" : "text" ,
"uuid" : "5acbd231-b244-4747-8a04-8fe202de0b81" ,
"value" : "51/65"
} ,
{
"category" : "Other" ,
"comment" : "" ,
"deleted" : false ,
"disable_correlation" : false ,
"object_relation" : "last-submission" ,
"timestamp" : "1523307057" ,
"to_ids" : false ,
"type" : "datetime" ,
"uuid" : "5acbd231-0470-42cd-a4a9-8fe202de0b81" ,
"value" : "2018-04-09T15:21:21"
}
]
} ,
{
"comment" : "" ,
"deleted" : false ,
"description" : "File object describing a file with meta-information" ,
"meta-category" : "file" ,
"name" : "file" ,
"template_uuid" : "688c46fb-5edb-40a3-8273-1af7923e2215" ,
"template_version" : "7" ,
"timestamp" : "1523307061" ,
"uuid" : "949e2684-bf18-4920-8317-98d91d5c505c" ,
"ObjectReference" : [
{
"comment" : "" ,
"object_uuid" : "949e2684-bf18-4920-8317-98d91d5c505c" ,
"referenced_uuid" : "d21be9c3-bd7f-4349-8c2d-cea0804f2b37" ,
"relationship_type" : "analysed-with" ,
"timestamp" : "1523307060" ,
"uuid" : "5acbd234-6f3c-4bc9-b2c9-8fe202de0b81"
}
] ,
"Attribute" : [
{
"category" : "Payload delivery" ,
"comment" : "" ,
"deleted" : false ,
"disable_correlation" : false ,
"object_relation" : "sha1" ,
"timestamp" : "1523307058" ,
"to_ids" : true ,
"type" : "sha1" ,
"uuid" : "5acbd232-c024-44b6-8240-8fe202de0b81" ,
"value" : "ff70a421bbcf31ad76708912aeb362d9102695f4"
} ,
{
"category" : "Payload delivery" ,
"comment" : "" ,
"deleted" : false ,
"disable_correlation" : false ,
"object_relation" : "sha256" ,
"timestamp" : "1523307058" ,
"to_ids" : true ,
"type" : "sha256" ,
"uuid" : "5acbd232-0180-4d59-8f58-8fe202de0b81" ,
"value" : "996ea85f12a17e8267dcc32eae9ad20cff44115182e707153006162711fbe3c9"
} ,
{
"category" : "Payload delivery" ,
"comment" : "" ,
"deleted" : false ,
"disable_correlation" : false ,
"object_relation" : "md5" ,
"timestamp" : "1523307059" ,
"to_ids" : true ,
"type" : "md5" ,
"uuid" : "5acbd233-e7d8-4c03-86e3-8fe202de0b81" ,
"value" : "a42c211988a47c9843737ce26812584f"
}
]
} ,
{
"comment" : "" ,
"deleted" : false ,
"description" : "VirusTotal report" ,
"meta-category" : "misc" ,
"name" : "virustotal-report" ,
"template_uuid" : "d7dd0154-e04f-4c34-a2fb-79f3a3a52aa4" ,
"template_version" : "1" ,
"timestamp" : "1523307059" ,
"uuid" : "d21be9c3-bd7f-4349-8c2d-cea0804f2b37" ,
"Attribute" : [
{
"category" : "External analysis" ,
"comment" : "" ,
"deleted" : false ,
"disable_correlation" : false ,
"object_relation" : "permalink" ,
"timestamp" : "1523307059" ,
"to_ids" : false ,
"type" : "link" ,
"uuid" : "5acbd233-103c-4153-9fa1-8fe202de0b81" ,
"value" : "https://www.virustotal.com/file/996ea85f12a17e8267dcc32eae9ad20cff44115182e707153006162711fbe3c9/analysis/1523284651/"
} ,
{
"category" : "Other" ,
"comment" : "" ,
"deleted" : false ,
"disable_correlation" : true ,
"object_relation" : "detection-ratio" ,
"timestamp" : "1523307060" ,
"to_ids" : false ,
"type" : "text" ,
"uuid" : "5acbd234-8a9c-41c3-b96a-8fe202de0b81" ,
"value" : "52/67"
} ,
{
"category" : "Other" ,
"comment" : "" ,
"deleted" : false ,
"disable_correlation" : false ,
"object_relation" : "last-submission" ,
"timestamp" : "1523307060" ,
"to_ids" : false ,
"type" : "datetime" ,
"uuid" : "5acbd234-da28-404a-ab73-8fe202de0b81" ,
"value" : "2018-04-09T14:37:31"
}
]
} ,
{
"comment" : "" ,
"deleted" : false ,
"description" : "An IP address (or domain) and a port seen as a tuple (or as a triple) in a specific time frame." ,
"meta-category" : "network" ,
"name" : "ip-port" ,
"template_uuid" : "9f8cea74-16fe-4968-a2b4-026676949ac6" ,
"template_version" : "6" ,
"timestamp" : "1523363058" ,
"uuid" : "5accacf2-ed80-4799-b66f-4f5d950d210f" ,
"Attribute" : [
{
"category" : "Network activity" ,
"comment" : "" ,
"deleted" : false ,
"disable_correlation" : false ,
"object_relation" : "domain" ,
"timestamp" : "1523363059" ,
"to_ids" : true ,
"type" : "domain" ,
"uuid" : "5accacf3-15cc-4df8-9347-4642950d210f" ,
"value" : "murik.xyz"
} ,
{
"category" : "Network activity" ,
"comment" : "" ,
"deleted" : false ,
"disable_correlation" : false ,
"object_relation" : "ip" ,
"timestamp" : "1523363059" ,
"to_ids" : true ,
"type" : "ip-dst" ,
"uuid" : "5accacf3-e020-4185-b0d0-4475950d210f" ,
"value" : "212.8.244.111"
} ,
{
"category" : "Network activity" ,
"comment" : "" ,
"deleted" : false ,
"disable_correlation" : false ,
"object_relation" : "dst-port" ,
"timestamp" : "1523363060" ,
"to_ids" : false ,
"type" : "port" ,
"uuid" : "5accacf4-87a8-4eab-9e3c-4247950d210f" ,
"value" : "80"
}
]
}
]
}
}