2023-04-21 13:25:09 +00:00
|
|
|
{
|
|
|
|
"Event": {
|
|
|
|
"analysis": "2",
|
|
|
|
"date": "2018-10-16",
|
|
|
|
"extends_uuid": "",
|
|
|
|
"info": "OSINT - 2018-10-09 - HANCITOR INFECTION WITH ZEUS PANDA BANKER",
|
|
|
|
"publish_timestamp": "1557929899",
|
|
|
|
"published": true,
|
|
|
|
"threat_level_id": "3",
|
|
|
|
"timestamp": "1556197334",
|
|
|
|
"uuid": "5bc60f40-929c-4fed-b93d-44e9950d210f",
|
|
|
|
"Orgc": {
|
|
|
|
"name": "CIRCL",
|
|
|
|
"uuid": "55f6ea5e-2c60-40e5-964f-47a8950d210f"
|
|
|
|
},
|
|
|
|
"Tag": [
|
|
|
|
{
|
|
|
|
"colour": "#0088cc",
|
2023-05-19 09:05:37 +00:00
|
|
|
"local": "0",
|
|
|
|
"name": "misp-galaxy:banker=\"Panda Banker\"",
|
|
|
|
"relationship_type": ""
|
2023-04-21 13:25:09 +00:00
|
|
|
},
|
|
|
|
{
|
|
|
|
"colour": "#0088cc",
|
2023-05-19 09:05:37 +00:00
|
|
|
"local": "0",
|
|
|
|
"name": "misp-galaxy:mitre-enterprise-attack-attack-pattern=\"Spearphishing Attachment - T1193\"",
|
|
|
|
"relationship_type": ""
|
2023-04-21 13:25:09 +00:00
|
|
|
},
|
|
|
|
{
|
|
|
|
"colour": "#0088cc",
|
2023-05-19 09:05:37 +00:00
|
|
|
"local": "0",
|
|
|
|
"name": "misp-galaxy:mitre-enterprise-attack-attack-pattern=\"Input Capture - T1056\"",
|
|
|
|
"relationship_type": ""
|
2023-04-21 13:25:09 +00:00
|
|
|
},
|
|
|
|
{
|
|
|
|
"colour": "#ffffff",
|
2023-05-19 09:05:37 +00:00
|
|
|
"local": "0",
|
|
|
|
"name": "tlp:white",
|
|
|
|
"relationship_type": ""
|
2023-04-21 13:25:09 +00:00
|
|
|
},
|
|
|
|
{
|
|
|
|
"colour": "#001fc2",
|
2023-05-19 09:05:37 +00:00
|
|
|
"local": "0",
|
|
|
|
"name": "estimative-language:likelihood-probability=\"almost-certain\"",
|
|
|
|
"relationship_type": ""
|
2023-04-21 13:25:09 +00:00
|
|
|
},
|
|
|
|
{
|
|
|
|
"colour": "#0029ff",
|
2023-05-19 09:05:37 +00:00
|
|
|
"local": "0",
|
|
|
|
"name": "estimative-language:confidence-in-analytic-judgment=\"high\"",
|
|
|
|
"relationship_type": ""
|
2023-04-21 13:25:09 +00:00
|
|
|
},
|
|
|
|
{
|
|
|
|
"colour": "#6d0021",
|
2023-05-19 09:05:37 +00:00
|
|
|
"local": "0",
|
|
|
|
"name": "collaborative-intelligence:request=\"more-samples\"",
|
|
|
|
"relationship_type": ""
|
2023-04-21 13:25:09 +00:00
|
|
|
},
|
|
|
|
{
|
|
|
|
"colour": "#00223b",
|
2023-05-19 09:05:37 +00:00
|
|
|
"local": "0",
|
|
|
|
"name": "osint:source-type=\"blog-post\"",
|
|
|
|
"relationship_type": ""
|
2023-04-21 13:25:09 +00:00
|
|
|
}
|
|
|
|
],
|
|
|
|
"Attribute": [
|
|
|
|
{
|
|
|
|
"category": "Network activity",
|
|
|
|
"comment": "Hancitor - contacted urls - probably compromised hosts",
|
|
|
|
"deleted": false,
|
|
|
|
"disable_correlation": false,
|
|
|
|
"timestamp": "1539706791",
|
|
|
|
"to_ids": true,
|
|
|
|
"type": "domain",
|
|
|
|
"uuid": "5bc60fa7-12a8-469b-92a8-457b950d210f",
|
|
|
|
"value": "carvanadenver.com"
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"category": "Network activity",
|
|
|
|
"comment": "Hancitor - contacted urls - probably compromised hosts",
|
|
|
|
"deleted": false,
|
|
|
|
"disable_correlation": false,
|
|
|
|
"timestamp": "1539706792",
|
|
|
|
"to_ids": true,
|
|
|
|
"type": "domain",
|
|
|
|
"uuid": "5bc60fa8-1390-4f6f-bdab-4822950d210f",
|
|
|
|
"value": "carvanamemphis.com"
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"category": "Network activity",
|
|
|
|
"comment": "Hancitor - contacted urls - probably compromised hosts",
|
|
|
|
"deleted": false,
|
|
|
|
"disable_correlation": false,
|
|
|
|
"timestamp": "1539706794",
|
|
|
|
"to_ids": true,
|
|
|
|
"type": "domain",
|
|
|
|
"uuid": "5bc60faa-e614-4e33-a62f-4ea6950d210f",
|
|
|
|
"value": "carvananashville.com"
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"category": "Network activity",
|
|
|
|
"comment": "Hancitor - contacted urls - probably compromised hosts",
|
|
|
|
"deleted": false,
|
|
|
|
"disable_correlation": false,
|
|
|
|
"timestamp": "1539706795",
|
|
|
|
"to_ids": true,
|
|
|
|
"type": "domain",
|
|
|
|
"uuid": "5bc60fab-3c7c-40e9-acfd-4d52950d210f",
|
|
|
|
"value": "genesisatoxmoor.com"
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"category": "Network activity",
|
|
|
|
"comment": "Hancitor - contacted urls - probably compromised hosts",
|
|
|
|
"deleted": false,
|
|
|
|
"disable_correlation": false,
|
|
|
|
"timestamp": "1539706796",
|
|
|
|
"to_ids": true,
|
|
|
|
"type": "domain",
|
|
|
|
"uuid": "5bc60fac-8e38-4d50-ac7b-4958950d210f",
|
|
|
|
"value": "genesiseastlouisville.com"
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"category": "Network activity",
|
|
|
|
"comment": "Hancitor - contacted urls - probably compromised hosts",
|
|
|
|
"deleted": false,
|
|
|
|
"disable_correlation": false,
|
|
|
|
"timestamp": "1539706801",
|
|
|
|
"to_ids": true,
|
|
|
|
"type": "domain",
|
|
|
|
"uuid": "5bc60fb1-a934-48e0-88b6-4981950d210f",
|
|
|
|
"value": "genesisofeaslouisville.com"
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"category": "Network activity",
|
|
|
|
"comment": "Hancitor - contacted urls - probably compromised hosts",
|
|
|
|
"deleted": false,
|
|
|
|
"disable_correlation": false,
|
|
|
|
"timestamp": "1539706806",
|
|
|
|
"to_ids": true,
|
|
|
|
"type": "domain",
|
|
|
|
"uuid": "5bc60fb6-bf34-46c6-96e2-434c950d210f",
|
|
|
|
"value": "genesisofindiana.com"
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"category": "Network activity",
|
|
|
|
"comment": "Hancitor - contacted urls - probably compromised hosts",
|
|
|
|
"deleted": false,
|
|
|
|
"disable_correlation": false,
|
|
|
|
"timestamp": "1539706810",
|
|
|
|
"to_ids": true,
|
|
|
|
"type": "domain",
|
|
|
|
"uuid": "5bc60fba-c368-49d4-86eb-4608950d210f",
|
|
|
|
"value": "genesisofwestlouisville.com"
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"category": "Network activity",
|
|
|
|
"comment": "Hancitor - contacted urls - probably compromised hosts",
|
|
|
|
"deleted": false,
|
|
|
|
"disable_correlation": false,
|
|
|
|
"timestamp": "1539706813",
|
|
|
|
"to_ids": true,
|
|
|
|
"type": "domain",
|
|
|
|
"uuid": "5bc60fbd-e8cc-43a0-950b-44ac950d210f",
|
|
|
|
"value": "oxmoorusedcars.com"
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"category": "Network activity",
|
|
|
|
"comment": "Hancitor - contacted urls - probably compromised hosts",
|
|
|
|
"deleted": false,
|
|
|
|
"disable_correlation": false,
|
|
|
|
"timestamp": "1539706813",
|
|
|
|
"to_ids": true,
|
|
|
|
"type": "domain",
|
|
|
|
"uuid": "5bc60fbd-7070-4451-ae1a-4afc950d210f",
|
|
|
|
"value": "sellittooxmoor.com"
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"category": "Network activity",
|
|
|
|
"comment": "Hancitor - contacted urls - probably compromised hosts",
|
|
|
|
"deleted": false,
|
|
|
|
"disable_correlation": false,
|
|
|
|
"timestamp": "1539706814",
|
|
|
|
"to_ids": true,
|
|
|
|
"type": "domain",
|
|
|
|
"uuid": "5bc60fbe-2424-40dc-bf04-4fa1950d210f",
|
|
|
|
"value": "selltooxmoor.com"
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"category": "Network activity",
|
|
|
|
"comment": "Hancitor - contacted urls - probably compromised hosts",
|
|
|
|
"deleted": false,
|
|
|
|
"disable_correlation": false,
|
|
|
|
"timestamp": "1539706814",
|
|
|
|
"to_ids": true,
|
|
|
|
"type": "url",
|
|
|
|
"uuid": "5bc60fbe-04ac-4394-897c-40a7950d210f",
|
|
|
|
"value": "http://keywestresortsadvice.com/wp-content/plugins/google-privacy-policy/1"
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"category": "Network activity",
|
|
|
|
"comment": "Hancitor - contacted urls - probably compromised hosts",
|
|
|
|
"deleted": false,
|
|
|
|
"disable_correlation": false,
|
|
|
|
"timestamp": "1539706815",
|
|
|
|
"to_ids": true,
|
|
|
|
"type": "url",
|
|
|
|
"uuid": "5bc60fbf-5028-4b35-8f83-4da8950d210f",
|
|
|
|
"value": "http://keywestresortsadvice.com/wp-content/plugins/google-privacy-policy/2"
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"category": "Network activity",
|
|
|
|
"comment": "Hancitor - contacted urls - probably compromised hosts",
|
|
|
|
"deleted": false,
|
|
|
|
"disable_correlation": false,
|
|
|
|
"timestamp": "1539706815",
|
|
|
|
"to_ids": true,
|
|
|
|
"type": "url",
|
|
|
|
"uuid": "5bc60fbf-0f3c-4918-9d94-48e3950d210f",
|
|
|
|
"value": "http://keywestresortsadvice.com/wp-content/plugins/google-privacy-policy/3"
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"category": "Network activity",
|
|
|
|
"comment": "Hancitor - contacted urls - probably compromised hosts",
|
|
|
|
"deleted": false,
|
|
|
|
"disable_correlation": false,
|
|
|
|
"timestamp": "1539706816",
|
|
|
|
"to_ids": true,
|
|
|
|
"type": "url",
|
|
|
|
"uuid": "5bc60fc0-f440-4074-af1d-480e950d210f",
|
|
|
|
"value": "http://lonestarportablebuildings.com/wp-content/plugins/prevent-xmlrpc/1"
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"category": "Network activity",
|
|
|
|
"comment": "Hancitor - contacted urls - probably compromised hosts",
|
|
|
|
"deleted": false,
|
|
|
|
"disable_correlation": false,
|
|
|
|
"timestamp": "1539706816",
|
|
|
|
"to_ids": true,
|
|
|
|
"type": "url",
|
|
|
|
"uuid": "5bc60fc0-8c80-4f2e-b6ce-4063950d210f",
|
|
|
|
"value": "http://lonestarportablebuildings.com/wp-content/plugins/prevent-xmlrpc/2"
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"category": "Network activity",
|
|
|
|
"comment": "Hancitor - contacted urls - probably compromised hosts",
|
|
|
|
"deleted": false,
|
|
|
|
"disable_correlation": false,
|
|
|
|
"timestamp": "1539706817",
|
|
|
|
"to_ids": true,
|
|
|
|
"type": "url",
|
|
|
|
"uuid": "5bc60fc1-d628-4a0b-90bd-4fd1950d210f",
|
|
|
|
"value": "http://lonestarportablebuildings.com/wp-content/plugins/prevent-xmlrpc/3"
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"category": "Network activity",
|
|
|
|
"comment": "Hancitor - contacted urls - probably compromised hosts",
|
|
|
|
"deleted": false,
|
|
|
|
"disable_correlation": false,
|
|
|
|
"timestamp": "1539706817",
|
|
|
|
"to_ids": true,
|
|
|
|
"type": "url",
|
|
|
|
"uuid": "5bc60fc1-e268-4d7d-9d9d-4df0950d210f",
|
|
|
|
"value": "http://merisela.ru/wp-content/plugins/flagallery-skins/music_default/1"
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"category": "Network activity",
|
|
|
|
"comment": "Hancitor - contacted urls - probably compromised hosts",
|
|
|
|
"deleted": false,
|
|
|
|
"disable_correlation": false,
|
|
|
|
"timestamp": "1539706818",
|
|
|
|
"to_ids": true,
|
|
|
|
"type": "url",
|
|
|
|
"uuid": "5bc60fc2-b10c-4e72-8ee1-4e44950d210f",
|
|
|
|
"value": "http://merisela.ru/wp-content/plugins/flagallery-skins/music_default/2"
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"category": "Network activity",
|
|
|
|
"comment": "Hancitor - contacted urls - probably compromised hosts",
|
|
|
|
"deleted": false,
|
|
|
|
"disable_correlation": false,
|
|
|
|
"timestamp": "1539706818",
|
|
|
|
"to_ids": true,
|
|
|
|
"type": "url",
|
|
|
|
"uuid": "5bc60fc2-befc-4273-9340-4562950d210f",
|
|
|
|
"value": "http://merisela.ru/wp-content/plugins/flagallery-skins/music_default/3"
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"category": "Network activity",
|
|
|
|
"comment": "Hancitor - contacted urls - probably compromised hosts",
|
|
|
|
"deleted": false,
|
|
|
|
"disable_correlation": false,
|
|
|
|
"timestamp": "1539706819",
|
|
|
|
"to_ids": true,
|
|
|
|
"type": "url",
|
|
|
|
"uuid": "5bc60fc3-d3d4-469d-a86a-438e950d210f",
|
|
|
|
"value": "http://muneersiddiqui.com/wp-content/plugins/bwp-minify/includes/1"
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"category": "Network activity",
|
|
|
|
"comment": "Hancitor - contacted urls - probably compromised hosts",
|
|
|
|
"deleted": false,
|
|
|
|
"disable_correlation": false,
|
|
|
|
"timestamp": "1539706819",
|
|
|
|
"to_ids": true,
|
|
|
|
"type": "url",
|
|
|
|
"uuid": "5bc60fc3-ae50-4f4a-a216-4292950d210f",
|
|
|
|
"value": "http://muneersiddiqui.com/wp-content/plugins/bwp-minify/includes/2"
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"category": "Network activity",
|
|
|
|
"comment": "Hancitor - contacted urls - probably compromised hosts",
|
|
|
|
"deleted": false,
|
|
|
|
"disable_correlation": false,
|
|
|
|
"timestamp": "1539706820",
|
|
|
|
"to_ids": true,
|
|
|
|
"type": "url",
|
|
|
|
"uuid": "5bc60fc4-6030-4080-9f38-441d950d210f",
|
|
|
|
"value": "http://muneersiddiqui.com/wp-content/plugins/bwp-minify/includes/3"
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"category": "Network activity",
|
|
|
|
"comment": "Hancitor - contacted urls - probably compromised hosts",
|
|
|
|
"deleted": false,
|
|
|
|
"disable_correlation": false,
|
|
|
|
"timestamp": "1539706820",
|
|
|
|
"to_ids": true,
|
|
|
|
"type": "url",
|
|
|
|
"uuid": "5bc60fc4-4b38-4430-81d5-4f36950d210f",
|
|
|
|
"value": "http://surfsongnorthwildwood.com/wp-content/plugins/wordpress-hit-counter/1"
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"category": "Network activity",
|
|
|
|
"comment": "Hancitor - contacted urls - probably compromised hosts",
|
|
|
|
"deleted": false,
|
|
|
|
"disable_correlation": false,
|
|
|
|
"timestamp": "1539706821",
|
|
|
|
"to_ids": true,
|
|
|
|
"type": "url",
|
|
|
|
"uuid": "5bc60fc5-3300-4da2-aa86-4d2e950d210f",
|
|
|
|
"value": "http://surfsongnorthwildwood.com/wp-content/plugins/wordpress-hit-counter/2"
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"category": "Network activity",
|
|
|
|
"comment": "Hancitor - contacted urls - probably compromised hosts",
|
|
|
|
"deleted": false,
|
|
|
|
"disable_correlation": false,
|
|
|
|
"timestamp": "1539706821",
|
|
|
|
"to_ids": true,
|
|
|
|
"type": "url",
|
|
|
|
"uuid": "5bc60fc5-d628-4677-81dc-4820950d210f",
|
|
|
|
"value": "http://surfsongnorthwildwood.com/wp-content/plugins/wordpress-hit-counter/3"
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"category": "Network activity",
|
|
|
|
"comment": "Hancitor - contacted urls - probably compromised hosts",
|
|
|
|
"deleted": false,
|
|
|
|
"disable_correlation": false,
|
|
|
|
"timestamp": "1539706822",
|
|
|
|
"to_ids": true,
|
|
|
|
"type": "url",
|
|
|
|
"uuid": "5bc60fc6-74dc-49d3-b3fb-43aa950d210f",
|
|
|
|
"value": "http://www.socialmanagers.com/1"
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"category": "Network activity",
|
|
|
|
"comment": "Hancitor - contacted urls - probably compromised hosts",
|
|
|
|
"deleted": false,
|
|
|
|
"disable_correlation": false,
|
|
|
|
"timestamp": "1539706822",
|
|
|
|
"to_ids": true,
|
|
|
|
"type": "url",
|
|
|
|
"uuid": "5bc60fc6-366c-470d-82e7-445b950d210f",
|
|
|
|
"value": "http://www.socialmanagers.com/2"
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"category": "Network activity",
|
|
|
|
"comment": "Hancitor - contacted urls - probably compromised hosts",
|
|
|
|
"deleted": false,
|
|
|
|
"disable_correlation": false,
|
|
|
|
"timestamp": "1539706823",
|
|
|
|
"to_ids": true,
|
|
|
|
"type": "url",
|
|
|
|
"uuid": "5bc60fc7-7198-4c33-b9cc-4712950d210f",
|
|
|
|
"value": "http://www.socialmanagers.com/3"
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"category": "Network activity",
|
|
|
|
"comment": "Hancitor - contacted urls - probably compromised hosts",
|
|
|
|
"deleted": false,
|
|
|
|
"disable_correlation": false,
|
|
|
|
"timestamp": "1539706823",
|
|
|
|
"to_ids": true,
|
|
|
|
"type": "domain",
|
|
|
|
"uuid": "5bc60fc7-628c-46eb-8517-4eb3950d210f",
|
|
|
|
"value": "fornetodu.com"
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"category": "Network activity",
|
|
|
|
"comment": "Hancitor - contacted urls - probably compromised hosts",
|
|
|
|
"deleted": false,
|
|
|
|
"disable_correlation": false,
|
|
|
|
"timestamp": "1539706824",
|
|
|
|
"to_ids": true,
|
|
|
|
"type": "domain",
|
|
|
|
"uuid": "5bc60fc8-55cc-44ae-97e7-4bb8950d210f",
|
|
|
|
"value": "hehenforfi.ru"
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"category": "Network activity",
|
|
|
|
"comment": "Hancitor - contacted urls - probably compromised hosts",
|
|
|
|
"deleted": false,
|
|
|
|
"disable_correlation": false,
|
|
|
|
"timestamp": "1539706824",
|
|
|
|
"to_ids": true,
|
|
|
|
"type": "domain",
|
|
|
|
"uuid": "5bc60fc8-72b8-44c2-b570-4d83950d210f",
|
|
|
|
"value": "hersjustretleft.ru"
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"category": "Network activity",
|
|
|
|
"comment": "Hancitor - contacted urls - probably compromised hosts",
|
|
|
|
"deleted": false,
|
|
|
|
"disable_correlation": false,
|
|
|
|
"timestamp": "1539706825",
|
|
|
|
"to_ids": true,
|
|
|
|
"type": "domain",
|
|
|
|
"uuid": "5bc60fc9-fa08-4e0f-9a92-4f85950d210f",
|
|
|
|
"value": "sincirewdo.ru"
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"category": "Network activity",
|
|
|
|
"comment": "Hancitor - contacted urls - probably compromised hosts",
|
|
|
|
"deleted": false,
|
|
|
|
"disable_correlation": false,
|
|
|
|
"timestamp": "1539706829",
|
|
|
|
"to_ids": true,
|
|
|
|
"type": "domain",
|
|
|
|
"uuid": "5bc60fcd-54b4-4308-88e7-44da950d210f",
|
|
|
|
"value": "275aacaa1610.net"
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"category": "Network activity",
|
|
|
|
"comment": "Hancitor - contacted urls - probably compromised hosts",
|
|
|
|
"deleted": false,
|
|
|
|
"disable_correlation": false,
|
|
|
|
"timestamp": "1539706834",
|
|
|
|
"to_ids": true,
|
|
|
|
"type": "domain",
|
|
|
|
"uuid": "5bc60fd2-86d4-489e-9a70-4928950d210f",
|
|
|
|
"value": "275aacaa1698.net"
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"category": "Network activity",
|
|
|
|
"comment": "Hancitor - contacted urls - probably compromised hosts",
|
|
|
|
"deleted": false,
|
|
|
|
"disable_correlation": false,
|
|
|
|
"timestamp": "1539706840",
|
|
|
|
"to_ids": true,
|
|
|
|
"type": "domain",
|
|
|
|
"uuid": "5bc60fd8-8904-4b47-b2fa-484b950d210f",
|
|
|
|
"value": "nobotanri.ru"
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"category": "Network activity",
|
|
|
|
"comment": "Hancitor - contacted urls - probably compromised hosts",
|
|
|
|
"deleted": false,
|
|
|
|
"disable_correlation": false,
|
|
|
|
"timestamp": "1539706843",
|
|
|
|
"to_ids": true,
|
|
|
|
"type": "domain",
|
|
|
|
"uuid": "5bc60fdb-0730-4aae-9728-4f1f950d210f",
|
|
|
|
"value": "veintitna.ru"
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"category": "Network activity",
|
|
|
|
"comment": "Hancitor - contacted urls - probably compromised hosts",
|
|
|
|
"deleted": false,
|
|
|
|
"disable_correlation": false,
|
|
|
|
"timestamp": "1539706844",
|
|
|
|
"to_ids": true,
|
|
|
|
"type": "domain",
|
|
|
|
"uuid": "5bc60fdc-dad0-44a2-8c19-4851950d210f",
|
|
|
|
"value": "lachistontfi.ru"
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"category": "External analysis",
|
|
|
|
"comment": "Screenshot of the phishing",
|
|
|
|
"data": "/9j/4AAQSkZJRgABAQAASABIAAD/4QBMRXhpZgAATU0AKgAAAAgAAYdpAAQAAAABAAAAGgAAAAAAA6ABAAMAAAABAAEAAKACAAQAAAABAAADxqADAAQAAAABAAADhAAAAAD/7QA4UGhvdG9zaG9wIDMuMAA4QklNBAQAAAAAAAA4QklNBCUAAAAAABDUHYzZjwCyBOmACZjs+EJ+/8AAEQgDhAPGAwERAAIRAQMRAf/EAB8AAAEFAQEBAQEBAAAAAAAAAAABAgMEBQYHCAkKC//EALUQAAIBAwMCBAMFBQQEAAABfQECAwAEEQUSITFBBhNRYQcicRQygZGhCCNCscEVUtHwJDNicoIJChYXGBkaJSYnKCkqNDU2Nzg5OkNERUZHSElKU1RVVldYWVpjZGVmZ2hpanN0dXZ3eHl6g4SFhoeIiYqSk5SVlpeYmZqio6Slpqeoqaqys7S1tre4ubrCw8TFxsfIycrS09TV1tfY2drh4uPk5ebn6Onq8fLz9PX29/j5+v/EAB8BAAMBAQEBAQEBAQEAAAAAAAABAgMEBQYHCAkKC//EALURAAIBAgQEAwQHBQQEAAECdwABAgMRBAUhMQYSQVEHYXETIjKBCBRCkaGxwQkjM1LwFWJy0QoWJDThJfEXGBkaJicoKSo1Njc4OTpDREVGR0hJSlNUVVZXWFlaY2RlZmdoaWpzdHV2d3h5eoKDhIWGh4iJipKTlJWWl5iZmqKjpKWmp6ipqrKztLW2t7i5usLDxMXGx8jJytLT1NXW19jZ2uLj5OXm5+jp6vLz9PX29/j5+v/bAEMAAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAf/bAEMBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAf/dAAQAef/aAAwDAQACEQMRAD8A/qU/Zv8A2dvCP7XXgjR/2kf2mNIk+I+j/EaWbxP8JvhJ4nn+1/Djwj8OrsSp4O1PUPB6SvpereMtZ0mVdb1HUNZGo3WkXeoS6fYTRQRAMAfTX/Dvn9h3/o0/4D/+G58Pf/IlAB/w75/Yd/6NP+A//hufD3/yJQAf8O+f2Hf+jT/gP/4bnw9/8iUAH/Dvn9h3/o0/4D/+G58Pf/IlAB/w75/Yd/6NP+A//hufD3/yJQAo/wCCfP7Dmef2T/gPj/snPh7/AORD/L86AJP+He37Dn/RqPwI/wDDc+HP/kGgA/4d7fsOf9Go/Aj/AMNz4c/+QaAD/h3t+w5/0aj8CP8Aw3Phz/5BoAP+He37Dn/RqPwI/wDDc+HP/kGgA/4d7fsOf9Go/Aj/AMNz4c/+QaAD/h3t+w5/0aj8CP8Aw3Phz/5BoAP+He37Dn/RqPwI/wDDc+HP/kGgA/4d7fsOf9Go/Aj/AMNz4c/+QaAD/h3t+w5/0aj8CP8Aw3Phz/5BoAP+He37Dn/RqPwI/wDDc+HP/kGgBjf8E+P2HVP/ACaf8ByO3/FufDv9LJf8+nO4Ab/w75/Yd/6NP+A//hufD3/yJQAf8O+f2Hf+jT/gP/4bnw9/8iUAH/Dvn9h3/o0/4D/+G58Pf/IlAB/w75/Yd/6NP+A//hufD3/yJQAf8O+f2Hf+jT/gP/4bnw9/8iUAH/Dvn9h3/o0/4D/+G58Pf/IlAB/w75/Yd/6NP+A//hufD3/yJQAf8O+f2Hf+jT/gP/4bnw9/8iUAKP8Agnz+w5nn9k/4Dgev/CufDv8A8hn+X5c0ASf8O9v2HP8Ao1H4Ef8AhufDn/yDQAf8O9v2HP8Ao1H4Ef8AhufDn/yDQAf8O9v2HP8Ao1H4Ef8AhufDn/yDQAf8O9v2HP8Ao1H4Ef8AhufDn/yDQAf8O9v2HP8Ao1H4Ef8AhufDn/yDQAf8O9v2HP8Ao1H4Ef8AhufDn/yDQAf8O9v2HP8Ao1H4Ef8AhufDn/yDQAf8O9v2HP8Ao1H4Ef8AhufDn/yDQAf8O9v2HP8Ao1H4Ef8AhufDn/yDQAf8O9v2HP8Ao1H4Ef8AhufDn/yDQAf8O9v2HP8Ao1H4Ef8AhufDn/yDQAf8O9v2HP8Ao1H4Ef8AhufDn/yDQAf8O9v2HP8Ao1H4Ef8AhufDn/yDQAf8O9v2HP8Ao1H4Ef8AhufDn/yDQAf8O9v2HP8Ao1H4Ef8AhufDn/yDQAf8O9v2HP8Ao1H4Ef8AhufDn/yDQAf8O9v2HP8Ao1H4Ef8AhufDn/yDQAf8O9v2HP8Ao1H4Ef8AhufDn/yDQAf8O9v2HP8Ao1H4Ef8AhufDn/yDQAf8O9v2HP8Ao1H4Ef8AhufDn/yDQAf8O9v2HP8Ao1H4Ef8AhufDn/yDQAf8O9v2HP8Ao1H4Ef8AhufDn/yDQAf8O9v2HP8Ao1H4Ef8AhufDn/yDQAf8O9v2HP8Ao1H4Ef8AhufDn/yDQAf8O9v2HP8Ao1H4Ef8AhufDn/yDQAf8O9v2HP8Ao1H4Ef8AhufDn/yDQAf8O9v2HP8Ao1H4Ef8AhufDn/yDQAf8O9v2HP8Ao1H4Ef8AhufDn/yDQAf8O9v2HP8Ao1H4Ef8AhufDn/yDQAf8O9v2HP8Ao1H4Ef8AhufDn/yDQAf8O9v2HP8Ao1H4Ef8AhufDn/yDQAf8O9v2HP8Ao1H4Ef8AhufDn/yDQAf8O9v2HP8Ao1H4Ef8AhufDn/yDQAf8O9v2HP8Ao1H4Ef8AhufDn/yDQAf8O9v2HP8Ao1H4Ef8AhufDn/yDQAh/4J7fsOgcfsofAgn0/wCFc+HOf/JEfz9uMigCP/h3z+w7/wBGn/Af/wANz4e/+RKAD/h3z+w7/wBGn/Af/wANz4e/+RKAD/h3z+w7/wBGn/Af/wANz4e/+RKAD/h3z+w7/wBGn/Af/wANz4e/+RKAD/h3z+w7/wBGn/Af/wANz4e/+RKAD/h3z+w5/wBGn/Af/wANz4e/+RKAJR/wT2/YbIz/AMMo/Ajn/qnPhz/5BP8AP86AD/h3t+w5/wBGo/Aj/wANz4c/+QaAD/h3t+w5/wBGo/Aj/wANz4c/+QaAD/h3t+w5/wBGo/Aj/wANz4c/+QaAGN/wT3/YdH/Np/wHI/7Jz4d/LiyX/Ppg7gBv/Dvn9h3/AKNP+A//AIbnw9/8iUAH/Dvn9h3/AKNP+A//AIbnw9/8iUAH/Dvn9h3/AKNP+A//AIbnw9/8iUAH/Dvn9h3/AKNP+A//AIbnw9/8iUAH/Dvn9hz/AKNP+A//AIbnw9/8iUAS/wDDvb9hv/o1H4Ef+G58Of8AyDQAf8O9v2HP+jUfgR/4bnw5/wDINAB/w72/Yc/6NR+BH/hufDn/AMg0AH/Dvb9hz/o1H4Ef+G58Of8AyDQAf8O9v2HP+jUfgR/4bnw5/wDINAB/w72/Yc/6NR+BH/hufDn/AMg0AH/Dvb9hz/o1H4Ef+G58Of8AyDQAf8O9v2HP+jUfgR/4bnw5/wDINAB/w72/Yc/6NR+BH/hufDn/AMg0AH/Dvb9hz/o1H4Ef+G58Of8AyDQAf8O9v2HP+jUfgR/4bnw5/wDINAB/w72/Yc/6NR+BH/hufDn/AMg0AH/Dvb9hz/o1H4Ef+G58Of8AyDQAf8O9v2HP+jUfgR/4bnw5/wDINADG/wCCe/7Di4/4xQ+A5z/1Tnw7/SyX/PpzuAG/8O+f2Hf+jT/gP/4bnw9/8iUAH/Dvn9h3/o0/4D/+G58Pf/IlADl/4J8fsOHg/sofAgHt/wAW58O/1sm/z64+UAf/AMO9v2HP+jUfgR/4bnw5/wDINAB/w72/Yc/6NR+BH/hufDn/AMg0AebeMv2Cf2LLLxl8IrG0/Zc+CFvaaz4u8Q2mqQRfD7QI4r+1tvhz4z1KC3uo1swk8UV/Z2l4iSK4S4toZF2sgagD0n/h3t+w5/0aj8CP/Dc+HP8A5BoAP+He37Dn/RqPwI/8Nz4c/wDkGgA/4d7fsOf9Go/Aj/w3Phz/AOQaAD/h3t+w5/0aj8CP/Dc+HP8A5BoAq33/AAT5/Yejsb
|
|
|
|
"deleted": false,
|
|
|
|
"disable_correlation": false,
|
|
|
|
"timestamp": "1539707006",
|
|
|
|
"to_ids": false,
|
|
|
|
"type": "attachment",
|
|
|
|
"uuid": "5bc6107e-aef8-45a7-b83b-495e950d210f",
|
|
|
|
"value": "2018-10-09-Hancitor-image-02.jpg",
|
|
|
|
"Tag": [
|
|
|
|
{
|
|
|
|
"colour": "#0088cc",
|
2023-05-19 09:05:37 +00:00
|
|
|
"local": "0",
|
|
|
|
"name": "misp-galaxy:mitre-attack-pattern=\"Spearphishing Attachment - T1193\"",
|
|
|
|
"relationship_type": ""
|
2023-04-21 13:25:09 +00:00
|
|
|
}
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"category": "External analysis",
|
|
|
|
"comment": "",
|
|
|
|
"deleted": false,
|
|
|
|
"disable_correlation": false,
|
|
|
|
"timestamp": "1539707571",
|
|
|
|
"to_ids": false,
|
|
|
|
"type": "link",
|
|
|
|
"uuid": "5bc612b3-e6b8-4fb1-97a4-4961950d210f",
|
|
|
|
"value": "https://www.malware-traffic-analysis.net/2018/10/09/index.html"
|
|
|
|
}
|
|
|
|
],
|
|
|
|
"Object": [
|
|
|
|
{
|
|
|
|
"comment": "",
|
|
|
|
"deleted": false,
|
|
|
|
"description": "File object describing a file with meta-information",
|
|
|
|
"meta-category": "file",
|
|
|
|
"name": "file",
|
|
|
|
"template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215",
|
|
|
|
"template_version": "15",
|
|
|
|
"timestamp": "1540554869",
|
|
|
|
"uuid": "5bc61150-4614-4135-93e5-49ca950d210f",
|
|
|
|
"ObjectReference": [
|
|
|
|
{
|
|
|
|
"comment": "",
|
|
|
|
"object_uuid": "5bc61150-4614-4135-93e5-49ca950d210f",
|
|
|
|
"referenced_uuid": "5bc611db-b1b4-44a2-8fc6-404d950d210f",
|
|
|
|
"relationship_type": "drops",
|
|
|
|
"timestamp": "1539707395",
|
|
|
|
"uuid": "5bc61203-73ec-4c64-bb9f-4f06950d210f"
|
|
|
|
}
|
|
|
|
],
|
|
|
|
"Attribute": [
|
|
|
|
{
|
|
|
|
"category": "Payload delivery",
|
|
|
|
"comment": "",
|
|
|
|
"data": "UEsDBBQACQAIAFyDUE3qldLg57IAAAAEAQAgABwAZDI2MGEzZmYxOTdmNDYwZjRlNjI2NjE0ZGEyOGIzMmZVVAkAA1ARxltQEcZbdXgLAAEEIQAAAAQhAAAA2R74aU0joAbxfbkAefgcpfO9aEh7LKFkxIXKofVEfdduoU9URXGR6ZfI02vapMoKHHC29LdV56neiDqG1RFa9+YR2AtSkd2LC40p2+xKVvjRgDvnmsCF57qN04dANoiSLn4BZMZqIDpszK18beI8jsbHg3lzV2Jd4yvkgRX7rcBZLgY6ZnzZIdGWbsS01phIHXks8/U49kvDUZ2/H7AToh0t18bLbveBcCP+MgVESiPQ/JZ1DXoNen3GeND/51AgZ701AlZ8KuKkoymCX0+6WEaibcRt9ZnCGBhmQdGFP0fgMXJO+pu9nLu1kdiNbgyl3Yq7DO/8ROlAhrIAQiKq3uEEtGsOFSvKol3E/QLP5ONazcXSf6lmkqCMYdYI1l4Nb0+1Ql5LV3qS02j6UYXYlY/kPwv/xM+I2kVvRHu2Sx247xO9ys6yuHMpDoq9lTJoeXYoNpjeHZYwe+DLe47/Svi1sUMyaG9wJ34a2LadJbVeYYk1FOCc7VmfO5AzCImhKt1Wf2eo2Br6ZesPXfsqJ8cfpry1ZPEyUUeYbnVnF0vtLNjzcyi3Yb8tXaVFRMSMb0iuIqWV8XFFv1+UJgvgx+4NiVhUm85wJw9rM/JlLgabTkH50InLmVrFixk/Y2ghXkENapIHI6nicFIl7C92yL6ZbLDPBWZBq+WnDkbe9dRJmOPId2gr2VzyEZ7NXW76VaFYZ1NUoJeHibBg7ei9NUB91NBTej7X0iJfKjoiU9/OHYaQUECu3UFGQpvk2bn131O/vavXlk/kD6gx+STBtk6lxMcbOX/2hDxsX2Z0p6K7bOyiF92soMSsBFfn0aiCUXZw9k2B5sfOHmLXSISSnP5KgrXLLnW8uIt7YdSdm43JbMTV/dGRoQq4Zo03fLD0HoLzaGz1SOCJtZOdPq8qoeGy7eLsR/97BJ6Vmi6105xf4Mjs5FqTFWFFV1UATRcQSkApL7L+iAyg1MMIcM/Nim+3nUOo7ciFHeOMk41+kfkBC0Gr1jY7gJ1LZ8vex0aFec9cauRCmZ0Sg0WikX06Xpmkzq7deLiuZpto63VEaA0blK7HsP7cbdslrG9D6vNM0XOSxq6kAlY3le3TR25V/ZIlM8B/m105JkprOyG9b+TKRb6foUd7EWSIVynK3IaegHYsjVtrZOpuro00dZTEOVXfXCFu+wgBGvLiiBiiWYH65r6POomnp8TVI3JgyU7ovB66f+yEaIiBH24D/I8w0hqki5BEkCl4S5hUexVAAvGAJOCcZOI7TAcA52Os7vXtdcgoSBLR6ztr3UMMrbGvKCyg344rHI2MlNfcEtG03kd6CfuyND3S7suGU2jAxXpnPJMzcfucMosiTlFghJVVhgj1QEgO7Mbd/19Ldt2XO1Z3PI/YJGJWKvSQwkza61Hn9k8VY/e9qS+pA4zlg/MgT2Uge2c8/g9xWxtMEVpN8myjocRn+Lv63QhLuH6he/Up6hMii9likNmPnbA2XUXYB8ggUdJSlDKyXHbR1czoaJ/SYRmhFT55Vu4np8A9zLAnW6R0cLzJFd6egflgINxxSRQ6xD7rz/ljotavkru6Fj/5nB0kxWHT1biTesZaJblyz5ctaIBy40z0zdqklYnV75PMjoDdkxpi8AYXOezv92R5WeZvjO7ZguUic00k45BRIDc3IdFeAx7zC2p93yKVhapCIBBFBUbmJ8IVKUEYjy5CGQrSuMtHXH9obDDY6JvODKlcOpoz9u3w+Tvq8XdMZMc3MdszPr0p4I3baRvoPpqOjcphcl/TF2nN5KUFrUxEjTOJg1L0maxZkbCB+CQ3iERoqQbxVd2dTYEqVZu/0y7DGuq2fl9i/RXFO56EBiPRIbzvwNL9B4J2jS+v4+fV4ch4JIRp/Eu5rluDtBNJhSJZh6rkYt7t1i61TQbYObBEfW79rlhpxWowKt+4MkA7hEBEDhQsVX0wIZcs3AIJzegih+1hXIonLi7/wXeViAWyopN5dh7tCjAlBzE9iwytSQ/YmTZvL/vtjzQxgThvfizAM79MXzWqP77bs2yFp31ZNZDprF34cOG06ZwVOaejujhDTOdggIxbo+ro1DHi0bBw+oLHgVkuu4hxyaGdmTLrbAZHIkyYjhbVQlju/sGVK2ZU185a3MYyCZ3Lbg4x0Qp4f2ALTRt0Y437K3sGVtaJth3w9HR2yNIOW0FUaGGCqGQ9c1NaQ1VoBOsDNs5kZPGN+v/m40p9+XPrmubJkQcNH0CY0SftciTszv6UqYV7q3aKZ+Xw3JO0LKj704jLVftfYGPn5WeU04cradre3wew1c/lQEWyiLduu8UyRIK5EOGQ8pvrDVK/2Ebe0oyFaCC2EjcGsL4hSoHtLjGVcOMWQR759AjJke0RqdTTEN2FPVDd7ixphkMHqQ183vr7sF1ee/s+7jLowl/8KoIPvCUsrzRe2ciqO7c9s1YAtnMwj1Xn7ibBfjGLKxaeFBcUTILJFGI6IukhBpOq6guB49yOJTZ5ny2ONx8oTsYjU775ELe46SdFKg8H75L0x8MniOFnS8TzEtKlzVUewZjf8n73TqouzL6sijJNsFVnexhuaAq/qlUEETdceVPM1i5Rd4pR5vUJzSfqb6OUk2KIT7foxsvMOAK0ssK6fXojZFtcQB8NhYeLoYzvLv0SkuRfC5UYgtWxJ+q1oDnuQprM2zspkWXepze8X/ZN6uRo6dWcDA26fwMfc6IkQa+b0FgRNRkf7ajAQG2qw/yDTaRttaWSQ+H1qFVad9gHGoCSghN04u1GzFdP6Fs1pWrMiJOkcKzfiGKfi8aOR1builtkn14DiSbUrEzRONTGAcKs56quMfz8QT226e/E1zi6cKm9YwmurRrBNRnZX5DG6p17DXwJwmPBEkg83JFicHaZCt5hwFusxjhHA0P4hMn/A/IzpDk7BriFoJBdAB7Y9GHt7Wk2Ssvkz8/7m+TOQH3KL2fx6HIP9IqfLUkcCgHEg+TUGlQ50OLepzvigDA4KMEMB2L1ju3s8qOcH2Qo6GkAhJgoiAxAoIO+05fBEAjovfpWPUQ/HvqTSscsAmpKZcq92K1wC0Tv2Q2Tb+K7cp0N0e1d5Nb1XvlLXyEPBlm7NdPUeWnPuxx0P4XvptenTOzbO5ZEIvC1Ho60Z46FE+IAUbyH24KT4Ztu8a7nrFfyNny2ohpx1gDhkGVtab2GVCtKuPPfJTExd/MjXZFDOcQdg1ex0BxcHrgkWhx05nYRWnhCpMgzUi9OmPCAgpIOyU5aV4BYe/PLqqeBc52tBSijOfKrC+afeNcbPvnRJyg+7miam6RshfHzgaj4sE/dUoxucLAR14OUJJb5S1yZCgG4XmffWk2nCLyERSRtdWYARP2s+2thwK/JD2f4QLz9Aq0teDKPkxKFZfoJuDSQlYkJweKECzmneeY8SdCfsQFUQ4Gis+JvGuyNpGd1sMaEldXhHKnb3LHXcHK9PKMJXfM/BPq+OKs2mcxgByW1HdjtNn/MSavrJItYxjX4Tu61XvHgzXSLRagiSk9mphpBcUGn6tXWlkD0n+QEIwnebgYvEJ6NkZ5Kzl5zBeZPcxsigCcAi0EVXrS333boAVJ+aiPaWdqU171VmEYxxTzBHIBoxHVCdz7x+3QICoPDeiB7e6gEAeRe6Jsvr4jvo3OMBXPan5Refe7ODhjlwBdXmxnrrwd9NX2p8kSmf+mhx9y1xqPj1li4NvNpP2f/QFgpEZpY0AiIZzFerqkYKIaVlT+gxrZQspRFALhxf3AW+t76UVpDsmfSe9eMC23IOhgwDDt5GOk506U18mxBSsrbEAqz5zhpUmQos5LMa/9ExSiTXvs5SlfRrlWcWaWj2sK7J/tcalOmqO21LHwg57ezYf554Kmusr1oCw9Uv3NoSUHSfQuKmG5plBPJVJxBSmel+p+1jn+c8ae46qbR+UEPUi7zndJ+Zok8jxs8xK
|
|
|
|
"deleted": false,
|
|
|
|
"disable_correlation": false,
|
|
|
|
"object_relation": "malware-sample",
|
|
|
|
"timestamp": "1539707219",
|
|
|
|
"to_ids": true,
|
|
|
|
"type": "malware-sample",
|
|
|
|
"uuid": "5bc61153-a4a4-4a40-8db0-4873950d210f",
|
|
|
|
"value": "2018-10-09-Hancitor-malware-binary.exe|d260a3ff197f460f4e626614da28b32f"
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"category": "Payload delivery",
|
|
|
|
"comment": "",
|
|
|
|
"deleted": false,
|
|
|
|
"disable_correlation": false,
|
|
|
|
"object_relation": "filename",
|
|
|
|
"timestamp": "1539707220",
|
|
|
|
"to_ids": false,
|
|
|
|
"type": "filename",
|
|
|
|
"uuid": "5bc61154-8e38-436f-978a-446e950d210f",
|
|
|
|
"value": "2018-10-09-Hancitor-malware-binary.exe"
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"category": "Payload delivery",
|
|
|
|
"comment": "",
|
|
|
|
"deleted": false,
|
|
|
|
"disable_correlation": false,
|
|
|
|
"object_relation": "md5",
|
|
|
|
"timestamp": "1539707220",
|
|
|
|
"to_ids": true,
|
|
|
|
"type": "md5",
|
|
|
|
"uuid": "5bc61154-4ea0-4764-b4a2-425a950d210f",
|
|
|
|
"value": "d260a3ff197f460f4e626614da28b32f"
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"category": "Payload delivery",
|
|
|
|
"comment": "",
|
|
|
|
"deleted": false,
|
|
|
|
"disable_correlation": false,
|
|
|
|
"object_relation": "sha1",
|
|
|
|
"timestamp": "1539707221",
|
|
|
|
"to_ids": true,
|
|
|
|
"type": "sha1",
|
|
|
|
"uuid": "5bc61155-9454-4853-826f-4ecf950d210f",
|
|
|
|
"value": "06a045d5aa2cd0ec5d1b6f10da35fdec9dc836de"
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"category": "Payload delivery",
|
|
|
|
"comment": "",
|
|
|
|
"deleted": false,
|
|
|
|
"disable_correlation": false,
|
|
|
|
"object_relation": "sha256",
|
|
|
|
"timestamp": "1539707221",
|
|
|
|
"to_ids": true,
|
|
|
|
"type": "sha256",
|
|
|
|
"uuid": "5bc61155-e484-4062-8feb-4e75950d210f",
|
|
|
|
"value": "f5fa0a0f444d33c8485450beb01dd5b338c15996fd48670e2727bf3552e6a59d"
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"category": "Other",
|
|
|
|
"comment": "",
|
|
|
|
"deleted": false,
|
|
|
|
"disable_correlation": true,
|
|
|
|
"object_relation": "size-in-bytes",
|
|
|
|
"timestamp": "1539707222",
|
|
|
|
"to_ids": false,
|
|
|
|
"type": "size-in-bytes",
|
|
|
|
"uuid": "5bc61156-de68-475a-a73a-403e950d210f",
|
|
|
|
"value": "66560"
|
|
|
|
}
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"comment": "",
|
|
|
|
"deleted": false,
|
|
|
|
"description": "File object describing a file with meta-information",
|
|
|
|
"meta-category": "file",
|
|
|
|
"name": "file",
|
|
|
|
"template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215",
|
|
|
|
"template_version": "15",
|
|
|
|
"timestamp": "1556197334",
|
|
|
|
"uuid": "5bc61173-f948-4a64-bf3a-48da950d210f",
|
|
|
|
"ObjectReference": [
|
|
|
|
{
|
|
|
|
"comment": "",
|
|
|
|
"object_uuid": "5bc61173-f948-4a64-bf3a-48da950d210f",
|
|
|
|
"referenced_uuid": "5bc61150-4614-4135-93e5-49ca950d210f",
|
|
|
|
"relationship_type": "drops",
|
|
|
|
"timestamp": "1539707304",
|
|
|
|
"uuid": "5bc611a8-6e14-4ca9-b36e-4ba3950d210f"
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"comment": "",
|
|
|
|
"object_uuid": "5bc61173-f948-4a64-bf3a-48da950d210f",
|
|
|
|
"referenced_uuid": "5bc6107e-aef8-45a7-b83b-495e950d210f",
|
|
|
|
"relationship_type": "references",
|
|
|
|
"timestamp": "1556197334",
|
|
|
|
"uuid": "5cc1afd6-6ce8-48ac-a5e7-4b5e950d210f"
|
|
|
|
}
|
|
|
|
],
|
|
|
|
"Attribute": [
|
|
|
|
{
|
|
|
|
"category": "Payload delivery",
|
|
|
|
"comment": "",
|
|
|
|
"data": "UEsDBBQACQAIAHCDUE28ccMFBdcBAAAiAwAgABwAMTg3ZDIwZDdiYjFiODQ0NDU1ODdhNzA3MjIwMmQ4ZDBVVAkAA3MRxltzEcZbdXgLAAEEIQAAAAQhAAAAqmoBS4CTkkLga+U0DnoH+m2+6egrlqOVWDOlzsGOvKhU4yRS6keCjn7wSEKvldSYFDCSXnqCC2+CbPbWevJiHes6q9Y6ffR4A6Z2EIsKCAqTKb6RxqDsipPckOxtN+LSQrAfuzn7Toy10qOlofAIdUos7jQjCIHm+aBlWnEReUnZjkv+ye1vEP9FIVbZZsmBzoslLhX9ZN6H8fkELXYVJTKip/nw9812lz6iEZnA8tYjBPWrEw+BaWFfbdDT5jBnN+9uQz0mJGUfzLurGo937vt4hIrE9npnu5dhGwihF9Za/LZ+WF6pFB+c81L5aLBE8HfRDL2v7Gi9lld0Ic8qtt/koBAUjYpGbhll3QHSbbURekW51n8bin0BfJnB8Yx+YTAyvnUp2KgeB/wfmJ/7QCgQ3UnZxCXbxcix53piPeocswbFv5IDOuy572F4oqNeG5Q0PAg0g/J4AsIdh2kfZyo4j6ZZOXqAS9JKC75cIbgDVEoLldy2WJtNGKnGXs2YSP4hstqNwjGJLhD/J8BouhAfqO+6fn8rPyCq72gs0jh4nKVCowO/D21nvagYwafKU26acVVlOKm/cHXGXYQJJtdnQIaENNaKQNmLMOVv6yeEfcikqu3L6xcl71vlJ7aZF136e22pIfEKpxYp4mcdKECAiaop/4PkIIWXguUw7KuEf/aS9/y8+ESmuLaXjgUK0eS+8RC9+nFOh7Anfxf2Kkf/JrkWL5VycbDp1k5nH7Qjj7KnUUuDD/uQHCwRvj21FWaOXqddcv9WfgJLQegEFUogmLWey+c8avOEFT4DXUr3AgX8745nWBYeQAD8tnWy4lZ8/Nnh9AlMQnMxs40UxPykaF4Is1ercKsBtkcE6KDGKEeletD1zXeyGqw28LkkFTofnlo9Ltjvgl2nRtWrelYlwHTkj+0DtTTeaQntS6oWd+0pm34oax5WDANfxIWYnxkb1brMRhCml1RdBkvB0S9lY52XjTGd6TtxiTk/TAP4JKHgmq+f3UyJdbmg7ySrvV1Q39jgNNj2Dw26XtczVHqMVnmECpWlFjSaTUK9CqS6AQIE5DRQ0cBzPf41cLyoKcwVRyqz2QudTnCpmvZgEBEWjB1UFTgAVr50vCaaIxvW5hKvQ9er97EMd62qWoetrCLwrRev+/EC2df7s4l/AxUVg3Z8Wv1U4w5obo1bceXAqHkeT5pAoXxTt41Be/NOtzwt5GbqwghBoSNztqugpfmA3YrYhiUSjXTOlulcEuqAaLHMTCFzAMq00otZgfXw+t9+kHjbx2mydoOyBqPymLFxe16JITu1876GsP1bXZ1tbedtT7bMZfsGirEGHix0rl0JwIO1/Wdwr3KejfvD6OaJll9Z2yfeTTQrRwkvcLCRHKd/B8N+GR2zePoRxmZF6nHB0c1jgtpwUYQGo7Hb047DpsaGfFaTOL+BUU1vcdbV3hgeGyzKvtprc3cvdOADXll2YLaZ2kEA5cE9tRWQ91ZDDJGYILTOiBPi0UbTtIAjKrwZ9hqj/j+dREHyyd9Y6Nov3ySl7xc4E30CJCn8mdUOtzt9Z7epe9YD9qJj0GghN2FX6yrfuKHpBqVWVosOs6YtI3Ox07RdRswFz9CU7qbR0CzGGEQ0Qgj+oKcCtVepBGOp+W1JViP0soYAr3fYWS8YAkGupow926soazqwoBKJLNUgcDa96c2M/etFBxrGZo/Wv3SOsVrBMFC+A7iMR4lhiBfdNwphok4iBKwL+ne7mRoyzJAa2yyZYsA27uYUpaPVepGstmKOXkj78soKjNrMpkSMNXSGmNH5LhwT5C1Jcm3zuMCnGoWXrHrlYXV+gfEuqfRJaiNj95H7CblV28ytlU5UYmpuvUo5aMbaQ5pHAazLooZYWtjgj3I8mZgx27fBGJxRtjbj644EyhdCCufw9Z8opNLQy+mPOF8RRHrCDOuO4VYuYBHbgLDl+0Z880pNjBl6WafP501C7AE4Y6EOBkNGgLJuxRrC3BFtfCthdFquF/6s/xafNDg5yR/g30gBrQ61+3v5Rk5MrtuaTI1mpY+yU5VSZ98x2nyIN53ENufSe180mrCxcCpSuLvb27GWkU6MQzb/3ktDl6NgOLaXj/iLug5biuKael8+WMlhFo8nZzRTqk9PNRzNv8wWtRSqgxaP1arsr7XOzK8mRbgAp/wAWJ4XAxRDfZeKoALo6xcSy/lBJ1WJotNY6cgi8ColRHB03Z/IIwbc/Yal0O+z4VemMqpxtaeHC4kO9bqs+NrWf4dPxgeiXERbNVsn3PqHJvTD+TOFo6WvVN2bjgxzs9DR36jOAE5Re9rtpPzVCdI6SoQ8t/TGLGpQlycBIET28Xctu7WhiWW2HBFdRevwrhtBKLFoOgw8jG5UdOYdtaqeKa437/TqOXP2e3jHkBAKyrqm05+7esZri/7kd7vg1rNBXhKSwAQPcrVM44Oiixsz+RGW3OL5CRDWfKisJmLYie5vnDjGmJUe9+KQPt6AYnn5JQYtazNy3XDJCA0PdeKxt0IKjZSZzWnWI+m92Cqk1R+WOHUnYtQ34h45NQkkhV/tIVuUK0vqy1FV477vfEx6H2NVZQoD0o6u2i2TQhrvrLdGv+obt24Zj4y1Fyo2BZwHUC8k3MgFNMNeYh6Hf6X8YO7vIZV5rPX5YvpBSVgAVTDASYUbpzuwvtmWXzerqvRBciE9ZZgVNe6vrNp9De+tIB4HrUBQnU25sJsNWBjis88odp3Gu+0kKHIJw8DAUQA1Acoa8i56+6egWjWcBET1AEre0yxZpgcEmLyosexjWFQJgIBO+8e+2/wStPUldMXb3EZKXrDMrZqvVxrZS3WK4GAnbGK/q7KUYCjPwe6s7cghHwiqOTUbSXIsRmbLHsE78E6vA8pRNIaVYjQDBjb1smi/D2CR2jY0H3tdi4NGuvr3SXbecHOkNvlmBjVRzCvAbqv3jTg9rZjvFrRjXFo+qbxs1toxKm82sQUJ+/r6OaqXxx4yl1l/nOvjNn7Drkh6zWcGiBgDc8TNRei/HEGCwBC1RsX2X+7Sr1HtlDYBKwYeN2QJYFD/gx9SlJ6gF6yverzPOqvQEPdySJVp5IUirAPw1EG03j31G66whpkIpINebF3wqp6yccYW9rRJk4xYJTJ6Q/uOa8wSqzlSwn1aJ2w+d0nqW2x+RsBY9n1EJ3lIsITgCdyo347viYPnfbzslMnzkYC6r1qGoJH346rpgwr5suGi9pN0qwDMJPByQ+xx2pwJ7PwC8lJOyJy2w6LD9xwIUc21GNab4uR6ArXERMMwIFKjq+EzW2HYuzi3HeEufeDwAbctdvnCxY0CLqk4t8v7AysEH6cmfWElwgr6vhCj7E2+wsUOIFsEir5XoK609Dywgm8T07bFiHzxSRw087mL6+VwOFS7BML6gL27nXjrk3oYPZ6M1muCK62tz8P4OqTPUlZu++aTWh2FdVccuh1QeNgcNgPb691LvofRwElR3cufR7i7N7nP6t51xlmJ60z3oJMt2K8OxamDdh8eMUb4NkTKbWsdsymn8qtzHDwYOL91XKZZDfGp5Oe+MU0Cs0ea35r92Cm2sEhwl/9lmWvIBQlw5Dd9KcRdew33TE+Omyo/SsgPIF0SqaI4i5cvBv6PPN8I213BbwtJWRSraE9W2QObC/qnHSrWwIMuxZ2p12drcRvT5wh3rKdQnhHDZC5dEYGf+iW42I7wCT47ArgoC3GXpCugzo1WrUezmxVMd+EYNB/OZWYREQhPBGu0fHI+sEKAOYLqWbMQxkmV1V1p9rk/PNym9OzdiHWL3DSSvMd7kHiBeE7RXEbT1vmVYGCF+IYR0blFmB7yxcma28J3wVWmz0GtEsva+2mviCuguIC/R9QXoU8hhttraRq8VEyafDcbYAU0vGtvKFaCh56NGXR30XlLWwyss4kHiLjKRJYcAk29jXl/wEpME0
|
|
|
|
"deleted": false,
|
|
|
|
"disable_correlation": false,
|
|
|
|
"object_relation": "malware-sample",
|
|
|
|
"timestamp": "1539707255",
|
|
|
|
"to_ids": true,
|
|
|
|
"type": "malware-sample",
|
|
|
|
"uuid": "5bc61177-25a4-4a0b-a1eb-4361950d210f",
|
|
|
|
"value": "2018-10-09-downloaded-Word-doc-with-macro-for-Hancitor.doc|187d20d7bb1b84445587a7072202d8d0"
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"category": "Payload delivery",
|
|
|
|
"comment": "",
|
|
|
|
"deleted": false,
|
|
|
|
"disable_correlation": false,
|
|
|
|
"object_relation": "filename",
|
|
|
|
"timestamp": "1539707256",
|
|
|
|
"to_ids": false,
|
|
|
|
"type": "filename",
|
|
|
|
"uuid": "5bc61178-4d40-44b0-9c4e-41f3950d210f",
|
|
|
|
"value": "2018-10-09-downloaded-Word-doc-with-macro-for-Hancitor.doc"
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"category": "Payload delivery",
|
|
|
|
"comment": "",
|
|
|
|
"deleted": false,
|
|
|
|
"disable_correlation": false,
|
|
|
|
"object_relation": "md5",
|
|
|
|
"timestamp": "1539707257",
|
|
|
|
"to_ids": true,
|
|
|
|
"type": "md5",
|
|
|
|
"uuid": "5bc61179-eef8-4e86-b7cc-40c8950d210f",
|
|
|
|
"value": "187d20d7bb1b84445587a7072202d8d0"
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"category": "Payload delivery",
|
|
|
|
"comment": "",
|
|
|
|
"deleted": false,
|
|
|
|
"disable_correlation": false,
|
|
|
|
"object_relation": "sha1",
|
|
|
|
"timestamp": "1539707257",
|
|
|
|
"to_ids": true,
|
|
|
|
"type": "sha1",
|
|
|
|
"uuid": "5bc61179-0070-42ce-970c-4028950d210f",
|
|
|
|
"value": "1bb46c2a04c7ed0a624d827de84c69372c392df5"
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"category": "Payload delivery",
|
|
|
|
"comment": "",
|
|
|
|
"deleted": false,
|
|
|
|
"disable_correlation": false,
|
|
|
|
"object_relation": "sha256",
|
|
|
|
"timestamp": "1539707258",
|
|
|
|
"to_ids": true,
|
|
|
|
"type": "sha256",
|
|
|
|
"uuid": "5bc6117a-68c0-44da-a885-458c950d210f",
|
|
|
|
"value": "77c930bfbf405087f59a279927f32450362a47269237525318dc5d22094a331b"
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"category": "Other",
|
|
|
|
"comment": "",
|
|
|
|
"deleted": false,
|
|
|
|
"disable_correlation": true,
|
|
|
|
"object_relation": "size-in-bytes",
|
|
|
|
"timestamp": "1539707258",
|
|
|
|
"to_ids": false,
|
|
|
|
"type": "size-in-bytes",
|
|
|
|
"uuid": "5bc6117a-29c0-48cf-b020-45bd950d210f",
|
|
|
|
"value": "205312"
|
|
|
|
}
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"comment": "",
|
|
|
|
"deleted": false,
|
|
|
|
"description": "File object describing a file with meta-information",
|
|
|
|
"meta-category": "file",
|
|
|
|
"name": "file",
|
|
|
|
"template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215",
|
|
|
|
"template_version": "15",
|
|
|
|
"timestamp": "1540554869",
|
|
|
|
"uuid": "5bc611db-b1b4-44a2-8fc6-404d950d210f",
|
|
|
|
"ObjectReference": [
|
|
|
|
{
|
|
|
|
"comment": "",
|
|
|
|
"object_uuid": "5bc611db-b1b4-44a2-8fc6-404d950d210f",
|
|
|
|
"referenced_uuid": "5bc6126c-e1a8-4642-8f4a-41dd950d210f",
|
|
|
|
"relationship_type": "connected-to",
|
|
|
|
"timestamp": "1539707541",
|
|
|
|
"uuid": "5bc61295-f144-472f-bacc-42d8950d210f"
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"comment": "",
|
|
|
|
"object_uuid": "5bc611db-b1b4-44a2-8fc6-404d950d210f",
|
|
|
|
"referenced_uuid": "5bc60fc7-628c-46eb-8517-4eb3950d210f",
|
|
|
|
"relationship_type": "related-to",
|
|
|
|
"timestamp": "1539759185",
|
|
|
|
"uuid": "5bc6dc27-3384-42e1-9715-4634950d210f"
|
|
|
|
}
|
|
|
|
],
|
|
|
|
"Attribute": [
|
|
|
|
{
|
|
|
|
"category": "Payload installation",
|
|
|
|
"comment": "",
|
|
|
|
"data": "UEsDBBQACQAIAKiDUE31qxr8fa0BAAAwAgAgABwAZGU2Yzc5YzcxOTgwZjc2OTA3NmYxMzYxNDMwMjE2ZjhVVAkAA9sRxlvbEcZbdXgLAAEEIQAAAAQhAAAAaV5exXg+ZG8OH4M/WGhI3+UqxrK6MBgokFc3+uvVL79EP+ezOoXW3FMGd0gmaoFq2yxDJ77JJJ2bEcHV6d3ospFoS/M5PI4o7jD98vIsHCN7SRx+5NTdMdYMBOGpiGqeA0FRV4jD/hAK1slCiGW+ERg7vuuRPJJ4cfFh2nVPKIi6lz3V1NLheZdpiHcjf2YdgUgfuZs6HxYqoySwS7bGAFsteblHjvpSj2UpP5KReOHWVlwHDcV6rkyemGiySPwhAn9xy3WYf4Fbn1GyKqV3+51V9Lv9YTauIVK89lXpMoKYnLVsJbtMZfJ9ltO1ZnL3SX190JJtqvZbh3LHeFz735UlXpEJADMaSrRPvYBoI/fvYkbflVVOflXinWBUTBfzY7ziXbJb3YvaC0j05Y9j8iXCiB4GgdmAtE7q0Yk+GOVoNsdkqms3ZNsB/gQMZ+2XLZec3QcN3zmdqAsuCBcdRIWmzrGZ19fARe2fQn/CVJSdG3NlXp0areLbesA48c+a9PlJrdTJNGxWGnMbYLu7UGuturhFETur7NH7SYfY8ax2j+2/JYTMb3A9LPEwXYJalLsSJe4jVtG032Is2G+Ipp0Rm4ktRUFLHRNJ15AcDLWiMXi/FGiqqYhHhoTR/K0tDkMTQxSm50UulipX8UER4g8QtfDbTkJzqGqJSZR+Xt4pdjENVGFykEZoIKjAh4egv/DzIk4HwFPSSy1h+gOZROwkwajq2b9zgZm9FrsODHsQKGQr2kcAu9nQBljvU+L4fGri9GacI+WDQ78p6PzUcQ5ZmZEbOAOABAGSqOutSSufnVX37GAA1OAD2Wh3HCkCNeqeIF4wputIs6OYB01CEqe9AsuXbyAeMkB3lMIwkFzJMTj9N4ewCdyI5DDymhtvaKqMG6UJvy6wxWEv0zXbN3+htgrwEy9UfnnlGVeMgtauKOF6KIMrNj9hvGls/aUYe7QUBysbHdL5A1vvtahl1qdSNSLhkA+JhtUxqcWaeyxqQQTfYlYAIJIYuPsFUslhfawy8Mt1ZeRKM+FllbZLNYP9SjdSY+FLPmh9/oX39l0mcn2vEwjO1JHu3OQwCALDc4UxzRU1x2YbYB1LAt8BTg1N7WCD3CHaZQ8MvjMB/TBpW5jGKp0QRltWJIkjsZA2RB5rpaI/PZqlHiv3CQmX5SZqW0ZTXSap2Mepkki6mxpodyvg9s8yXc0G2eg2gzKpSkaIWgOa9Bqbf3zIoHPd8lLzCrJbHHXQNkyXTEALuqIekBSqXatDbYitTN5ZN942nop+sJTJlDIDeAH51a6FeXfFQEude5Nmqfe/wO2bJ2dtTaJ9/W8b0r6b1gqPkCTQid/PpqGe0CvhgdiB1ciaFtWKHekyJOQPYOWMBspVy9F/0lsKqWDj683vPp4I1Nj+jcX+pxW6RF3+e4tlma/td9dO6dHkGxY5PtflIjAFDjd8yL0eVVBDi0s+azI5RZjUObTFIoY/C1NOkCD8m7pKgkBMgBcY9IXbYAG4mLRLv9B6foBm+kcnKci46el3xDYdwdN6DJvb6H3nJEzIx1PKzDf35G3nxUSgF4dUmwRAcWau+aaAFcz1JuyOnIa21JfRo0T3+qOQ6TjKIoNeV012itKu7jobNoikQMyKBKzaYBhKiAqV2vTJXYQ1sUl5/YOjQMcKBlsu3RTqwSjpfh1ynU0/IO4hi9Pz8glN5Q8yB0VTbTqr64qfNlIJuh5EK8TVro7Azs0V5XYp+1QqYcRstb9xH8Uq3p6wskKhF/2wF7kUIn2dW4sDhTOVYFH7qc2vhKBfOSOJvhjFeUfviroMyr2vEMRjuGJ5cWoAaxWCxAdhR3CRPVBkstxPE+ZGmirWQ86RPWrVqnS5tD/XjcIHpU0uYI1/Y456BrxdsiHb1T2+7laPXPlbBd6dSnG7935SJI/4VrIiPVQirou8nFa4THQJ5XRFxoIW9wvWN+spTprbkf+8/cLtnYu14DeN+eaDTIhQwO3MIn83F2mUJxkCu3dlw9PCg7zXbo8o+sU8HEMmxsQpM5uHmHKQSGyZ0uT/V5wzwW4wKcWNJzKbvcwVcpzAm01g8Zgg6H4UqzDGg0qR64A4Sos1muqQOthQySYhDeVPBp0jCaOKzA8/69MGZBNYud6wxGMr1p9dX5oWoq8SkuQWyYx+6F+ExQwXdQrzOG0/vXV6pKVvVxBOuPhIh1QxPXmc4NJ5TEpIwebhYvJm+OYv9HDP/XeXNXXLNY9kjIrAvjOxKsR/FyUOGcBWLVm0FW+htP1eyQa+MdcsbmnU9VnyEyQX8+o1YElf25knGp7BVbZkM8bqZGE3EzTxDAd5V9yUVIfauemSO1kpi8/RCJA8YCPo74J4Qxjxn1IJxZ58pu+Xy1TCH14Kcmg7kO+Aqd3e+TvvzBh/r/99HKnOHcMSahMaN6h+aiSkESDqc6ri9kEv/mztDK1USV6LruvaROhLyHFJo28rO34AfQ/f3+GZWiHeRjCU8uL5czonpVpZD5WMlQYykc78oLPi9HCZoo/eZTI9Gu3GLx8SdG+AWSxaYXhUHo+AP04EBHINCOJEpfJQkAzBlSZOxxTrV89rg58ixkXXWAQ8sKC1YNOpgsf5ueiYqXiRhsEpaNYVR+UR3WsZQb4nrmSgPZJmYoAIqrYYhQKnrefSGyTsHDtLkQ+CAWiL3GzPiimgdHfudMDBMZUViG50gIGPIAq9TMw16WIjwkHODZsowE04rgblguYGr0QPCpGjvy05mkqSKZ4NCTwBXN806CAu3wsNB6rpLFX8Cvj3R7aoqcY3aehrCbEvot8QugO0/utysHy1StqKsBapMlucOtSZ2ZBjugmkzYxNsrTKgCG+WlRdlKRsm+cKZxbEk1KFsgaSR9VfSgwiCI67vnH/DcAPYOsg5kX36QbRP1jyPTI9d/4tPwwYTu0u+nzE3YnYMfQMHF2ZmDy3gkGOYRI316SA19QQeWnwwQATc9EHeYi1cSVA5yS0sjnjOD0nMyh58J6rBAlfg2Ixy2jLpbSpt83k0QVTqUSxSjO28Yx1m5wcMizXDwltCILrHaERYhSt0Yz9iD/fT6ZC2SvPb8BgkNXjxvIB0lg7m51L2tjWwLv8JbDfqZHZlW+G12glF/1H1vmr35N746wRzkN7MDiOYVWHobOgeV177QXEkKtwBicxPWl6zjSvmBR1nEvEjOEE4suppsUjbGk7tLd/0Miy90pulFk2di7C2UmXw/eU1S65P94eNIlDgIpl3YzGyP4ZrduxG2momzpb9oEhNb1Didtw/ykO8VTSS+LGaYvBCP/IrRap2t/qiq4KC58EMdsaa2l+orp8glLasilQrdmdajuC2F/jMtEQH4VjboLVbNyXwyG+b71ThvYjM0xeLcHdiqgclP/koXXI3V5/w6ToaXs8B2Sv7YPcudLtBeHQvPQ9Ckm5dsCS2A6mG3zasPSf0KjSzCZEPR8myD/mJX2JrbnpwEa6unRbRWWSxBST4upaMfvC/oy1DjyzPAYHj82QFCdJJdxvkAj1mTrXLVoS+9rMNJTgqBm2VaOH1M9GzmsvRuVLGmF9l3/qArvZYbGmryfY3ppcqh10S0XWq6ng6p35UyrxirHwmNYLpJB79/pjDhsdNp+1Rb1QYxd18YMDmFr/zo7OfwXmP4w8zPzhWtomLXVFGkjFswl0nj2BXvcqunRsOlhHKfdVB0pawYCOZ430oGqBGieNjqFhAMcyqEfbqRaR5SC1JZmtgNTsrHpclEPk/TObQLpOHLx0fIfC5ot0/ABvuYF3UgdcRje3gkct3ABRBU1Qhavkx9Xj1q/FVrp4vtBGcJ0AiThTqKDI09dTvxf9skaPtJdtLIPgJ9pY3npqdhi3K/MX/JJJmZ+ydVAq6y12aXVUxX7uRE3cl32/ZDFHMq0TZ1EcUGvl/UByi4gRgld5A6WWISjyooABtr8IHU7+bpNcrZ
|
|
|
|
"deleted": false,
|
|
|
|
"disable_correlation": false,
|
|
|
|
"object_relation": "malware-sample",
|
|
|
|
"timestamp": "1539707358",
|
|
|
|
"to_ids": true,
|
|
|
|
"type": "malware-sample",
|
|
|
|
"uuid": "5bc611de-10b4-436c-a4b0-4bf9950d210f",
|
|
|
|
"value": "2018-10-09-Zeus-Panda-Banker-caused-by-Hancitor.exe|de6c79c71980f769076f1361430216f8"
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"category": "Payload installation",
|
|
|
|
"comment": "",
|
|
|
|
"deleted": false,
|
|
|
|
"disable_correlation": false,
|
|
|
|
"object_relation": "filename",
|
|
|
|
"timestamp": "1539707362",
|
|
|
|
"to_ids": false,
|
|
|
|
"type": "filename",
|
|
|
|
"uuid": "5bc611e2-6f48-4ac9-b39e-499b950d210f",
|
|
|
|
"value": "2018-10-09-Zeus-Panda-Banker-caused-by-Hancitor.exe"
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"category": "Payload installation",
|
|
|
|
"comment": "",
|
|
|
|
"deleted": false,
|
|
|
|
"disable_correlation": false,
|
|
|
|
"object_relation": "md5",
|
|
|
|
"timestamp": "1539707367",
|
|
|
|
"to_ids": true,
|
|
|
|
"type": "md5",
|
|
|
|
"uuid": "5bc611e7-7eb4-40af-a18b-4448950d210f",
|
|
|
|
"value": "de6c79c71980f769076f1361430216f8"
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"category": "Payload installation",
|
|
|
|
"comment": "",
|
|
|
|
"deleted": false,
|
|
|
|
"disable_correlation": false,
|
|
|
|
"object_relation": "sha1",
|
|
|
|
"timestamp": "1539707372",
|
|
|
|
"to_ids": true,
|
|
|
|
"type": "sha1",
|
|
|
|
"uuid": "5bc611ec-0604-40fb-9392-4dbf950d210f",
|
|
|
|
"value": "ec830e664494b58f7d124883d6321e4aa0622fd3"
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"category": "Payload installation",
|
|
|
|
"comment": "",
|
|
|
|
"deleted": false,
|
|
|
|
"disable_correlation": false,
|
|
|
|
"object_relation": "sha256",
|
|
|
|
"timestamp": "1539707376",
|
|
|
|
"to_ids": true,
|
|
|
|
"type": "sha256",
|
|
|
|
"uuid": "5bc611f0-fffc-472a-97d2-4774950d210f",
|
|
|
|
"value": "b8ce490bc146c058abad4b6593d9e08adcf0b9d374616bca25df78e92ae7d753"
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"category": "Other",
|
|
|
|
"comment": "",
|
|
|
|
"deleted": false,
|
|
|
|
"disable_correlation": true,
|
|
|
|
"object_relation": "size-in-bytes",
|
|
|
|
"timestamp": "1539707377",
|
|
|
|
"to_ids": false,
|
|
|
|
"type": "size-in-bytes",
|
|
|
|
"uuid": "5bc611f1-4508-49f6-8790-44f2950d210f",
|
|
|
|
"value": "143360"
|
|
|
|
}
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"comment": "",
|
|
|
|
"deleted": false,
|
|
|
|
"description": "An IP address (or domain or hostname) and a port seen as a tuple (or as a triple) in a specific time frame.",
|
|
|
|
"meta-category": "network",
|
|
|
|
"name": "ip-port",
|
|
|
|
"template_uuid": "9f8cea74-16fe-4968-a2b4-026676949ac6",
|
|
|
|
"template_version": "7",
|
|
|
|
"timestamp": "1539707500",
|
|
|
|
"uuid": "5bc6126c-e1a8-4642-8f4a-41dd950d210f",
|
|
|
|
"Attribute": [
|
|
|
|
{
|
|
|
|
"category": "Network activity",
|
|
|
|
"comment": "",
|
|
|
|
"deleted": false,
|
|
|
|
"disable_correlation": false,
|
|
|
|
"object_relation": "hostname",
|
|
|
|
"timestamp": "1539707500",
|
|
|
|
"to_ids": true,
|
|
|
|
"type": "hostname",
|
|
|
|
"uuid": "5bc6126c-0aa0-4d80-b4ed-4582950d210f",
|
|
|
|
"value": "sincirewdo.ru",
|
|
|
|
"Tag": [
|
|
|
|
{
|
|
|
|
"colour": "#0088cc",
|
2023-05-19 09:05:37 +00:00
|
|
|
"local": "0",
|
|
|
|
"name": "misp-galaxy:mitre-attack-pattern=\"Exfiltration Over Command and Control Channel - T1041\"",
|
|
|
|
"relationship_type": ""
|
2023-04-21 13:25:09 +00:00
|
|
|
},
|
|
|
|
{
|
|
|
|
"colour": "#0088cc",
|
2023-05-19 09:05:37 +00:00
|
|
|
"local": "0",
|
|
|
|
"name": "misp-galaxy:mitre-attack-pattern=\"Data Encrypted - T1022\"",
|
|
|
|
"relationship_type": ""
|
2023-04-21 13:25:09 +00:00
|
|
|
}
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"category": "Network activity",
|
|
|
|
"comment": "",
|
|
|
|
"deleted": false,
|
|
|
|
"disable_correlation": false,
|
|
|
|
"object_relation": "ip",
|
|
|
|
"timestamp": "1539707503",
|
|
|
|
"to_ids": true,
|
|
|
|
"type": "ip-dst",
|
|
|
|
"uuid": "5bc6126f-4160-45ea-a9cc-43a8950d210f",
|
|
|
|
"value": "46.36.220.116",
|
|
|
|
"Tag": [
|
|
|
|
{
|
|
|
|
"colour": "#0088cc",
|
2023-05-19 09:05:37 +00:00
|
|
|
"local": "0",
|
|
|
|
"name": "misp-galaxy:mitre-attack-pattern=\"Exfiltration Over Command and Control Channel - T1041\"",
|
|
|
|
"relationship_type": ""
|
2023-04-21 13:25:09 +00:00
|
|
|
},
|
|
|
|
{
|
|
|
|
"colour": "#0088cc",
|
2023-05-19 09:05:37 +00:00
|
|
|
"local": "0",
|
|
|
|
"name": "misp-galaxy:mitre-attack-pattern=\"Data Encrypted - T1022\"",
|
|
|
|
"relationship_type": ""
|
2023-04-21 13:25:09 +00:00
|
|
|
}
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"category": "Network activity",
|
|
|
|
"comment": "",
|
|
|
|
"deleted": false,
|
|
|
|
"disable_correlation": true,
|
|
|
|
"object_relation": "dst-port",
|
|
|
|
"timestamp": "1539707504",
|
|
|
|
"to_ids": false,
|
|
|
|
"type": "port",
|
|
|
|
"uuid": "5bc61270-9038-46ea-bdfc-46b5950d210f",
|
|
|
|
"value": "443"
|
|
|
|
}
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"comment": "",
|
|
|
|
"deleted": false,
|
|
|
|
"description": "VirusTotal report",
|
|
|
|
"meta-category": "misc",
|
|
|
|
"name": "virustotal-report",
|
|
|
|
"template_uuid": "d7dd0154-e04f-4c34-a2fb-79f3a3a52aa4",
|
|
|
|
"template_version": "2",
|
|
|
|
"timestamp": "1540554869",
|
|
|
|
"uuid": "19ea9ed9-31ff-434e-9103-1ac956deda80",
|
|
|
|
"Attribute": [
|
|
|
|
{
|
|
|
|
"category": "Other",
|
|
|
|
"comment": "",
|
|
|
|
"deleted": false,
|
|
|
|
"disable_correlation": false,
|
|
|
|
"object_relation": "last-submission",
|
|
|
|
"timestamp": "1540554869",
|
|
|
|
"to_ids": false,
|
|
|
|
"type": "datetime",
|
|
|
|
"uuid": "e522f99e-fbff-4433-af0a-fb04c5972523",
|
|
|
|
"value": "2018-10-25T08:03:16"
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"category": "External analysis",
|
|
|
|
"comment": "",
|
|
|
|
"deleted": false,
|
|
|
|
"disable_correlation": false,
|
|
|
|
"object_relation": "permalink",
|
|
|
|
"timestamp": "1540554870",
|
|
|
|
"to_ids": false,
|
|
|
|
"type": "link",
|
|
|
|
"uuid": "5ece2f29-751a-4adf-8e2f-2519f39136ec",
|
|
|
|
"value": "https://www.virustotal.com/file/77c930bfbf405087f59a279927f32450362a47269237525318dc5d22094a331b/analysis/1540454596/"
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"category": "Other",
|
|
|
|
"comment": "",
|
|
|
|
"deleted": false,
|
|
|
|
"disable_correlation": true,
|
|
|
|
"object_relation": "detection-ratio",
|
|
|
|
"timestamp": "1540554870",
|
|
|
|
"to_ids": false,
|
|
|
|
"type": "text",
|
|
|
|
"uuid": "718456eb-82a9-4311-910f-0a9bba32082b",
|
|
|
|
"value": "42/59"
|
|
|
|
}
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"comment": "",
|
|
|
|
"deleted": false,
|
|
|
|
"description": "VirusTotal report",
|
|
|
|
"meta-category": "misc",
|
|
|
|
"name": "virustotal-report",
|
|
|
|
"template_uuid": "d7dd0154-e04f-4c34-a2fb-79f3a3a52aa4",
|
|
|
|
"template_version": "2",
|
|
|
|
"timestamp": "1540554870",
|
|
|
|
"uuid": "dc86f544-9003-4c61-9a8e-077f138279ad",
|
|
|
|
"Attribute": [
|
|
|
|
{
|
|
|
|
"category": "Other",
|
|
|
|
"comment": "",
|
|
|
|
"deleted": false,
|
|
|
|
"disable_correlation": false,
|
|
|
|
"object_relation": "last-submission",
|
|
|
|
"timestamp": "1540554871",
|
|
|
|
"to_ids": false,
|
|
|
|
"type": "datetime",
|
|
|
|
"uuid": "a88b5eac-e718-4121-9a2b-5c24b8a47e79",
|
|
|
|
"value": "2018-10-25T08:02:45"
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"category": "External analysis",
|
|
|
|
"comment": "",
|
|
|
|
"deleted": false,
|
|
|
|
"disable_correlation": false,
|
|
|
|
"object_relation": "permalink",
|
|
|
|
"timestamp": "1540554871",
|
|
|
|
"to_ids": false,
|
|
|
|
"type": "link",
|
|
|
|
"uuid": "b1d201bb-74a4-4a7b-909f-6ce3ac7db48a",
|
|
|
|
"value": "https://www.virustotal.com/file/b8ce490bc146c058abad4b6593d9e08adcf0b9d374616bca25df78e92ae7d753/analysis/1540454565/"
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"category": "Other",
|
|
|
|
"comment": "",
|
|
|
|
"deleted": false,
|
|
|
|
"disable_correlation": true,
|
|
|
|
"object_relation": "detection-ratio",
|
|
|
|
"timestamp": "1540554871",
|
|
|
|
"to_ids": false,
|
|
|
|
"type": "text",
|
|
|
|
"uuid": "ed0681ca-8f33-42f6-bab6-d5cd74d5ca06",
|
|
|
|
"value": "41/67"
|
|
|
|
}
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"comment": "",
|
|
|
|
"deleted": false,
|
|
|
|
"description": "VirusTotal report",
|
|
|
|
"meta-category": "misc",
|
|
|
|
"name": "virustotal-report",
|
|
|
|
"template_uuid": "d7dd0154-e04f-4c34-a2fb-79f3a3a52aa4",
|
|
|
|
"template_version": "2",
|
|
|
|
"timestamp": "1540554871",
|
|
|
|
"uuid": "109b564a-ee52-49b6-80a2-71b019a253a7",
|
|
|
|
"Attribute": [
|
|
|
|
{
|
|
|
|
"category": "Other",
|
|
|
|
"comment": "",
|
|
|
|
"deleted": false,
|
|
|
|
"disable_correlation": false,
|
|
|
|
"object_relation": "last-submission",
|
|
|
|
"timestamp": "1540554872",
|
|
|
|
"to_ids": false,
|
|
|
|
"type": "datetime",
|
|
|
|
"uuid": "ebc4448f-4b44-4fdc-addd-225a16d92414",
|
|
|
|
"value": "2018-10-25T08:03:33"
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"category": "External analysis",
|
|
|
|
"comment": "",
|
|
|
|
"deleted": false,
|
|
|
|
"disable_correlation": false,
|
|
|
|
"object_relation": "permalink",
|
|
|
|
"timestamp": "1540554872",
|
|
|
|
"to_ids": false,
|
|
|
|
"type": "link",
|
|
|
|
"uuid": "9fb7fb15-1025-436d-bac5-982ce981d6db",
|
|
|
|
"value": "https://www.virustotal.com/file/f5fa0a0f444d33c8485450beb01dd5b338c15996fd48670e2727bf3552e6a59d/analysis/1540454613/"
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"category": "Other",
|
|
|
|
"comment": "",
|
|
|
|
"deleted": false,
|
|
|
|
"disable_correlation": true,
|
|
|
|
"object_relation": "detection-ratio",
|
|
|
|
"timestamp": "1540554873",
|
|
|
|
"to_ids": false,
|
|
|
|
"type": "text",
|
|
|
|
"uuid": "4d17fe20-7297-492f-809d-f31b268bde7d",
|
|
|
|
"value": "42/64"
|
|
|
|
}
|
|
|
|
]
|
|
|
|
}
|
|
|
|
]
|
|
|
|
}
|
|
|
|
}
|