2023-04-21 13:25:09 +00:00
|
|
|
{
|
|
|
|
"Event": {
|
|
|
|
"analysis": "0",
|
|
|
|
"date": "2019-02-06",
|
|
|
|
"extends_uuid": "",
|
|
|
|
"info": "Malicious XLS claiming to be from Deloitte",
|
|
|
|
"publish_timestamp": "1549483522",
|
|
|
|
"published": true,
|
|
|
|
"threat_level_id": "3",
|
|
|
|
"timestamp": "1549476362",
|
|
|
|
"uuid": "5c5b1d6e-d824-4fbe-969b-3aea950d210f",
|
|
|
|
"Orgc": {
|
|
|
|
"name": "CIRCL",
|
|
|
|
"uuid": "55f6ea5e-2c60-40e5-964f-47a8950d210f"
|
|
|
|
},
|
|
|
|
"Tag": [
|
|
|
|
{
|
|
|
|
"colour": "#004646",
|
2023-05-19 09:05:37 +00:00
|
|
|
"local": "0",
|
|
|
|
"name": "type:OSINT",
|
|
|
|
"relationship_type": ""
|
2023-04-21 13:25:09 +00:00
|
|
|
},
|
|
|
|
{
|
|
|
|
"colour": "#0071c3",
|
2023-05-19 09:05:37 +00:00
|
|
|
"local": "0",
|
|
|
|
"name": "osint:lifetime=\"perpetual\"",
|
|
|
|
"relationship_type": ""
|
2023-04-21 13:25:09 +00:00
|
|
|
},
|
|
|
|
{
|
|
|
|
"colour": "#0087e8",
|
2023-05-19 09:05:37 +00:00
|
|
|
"local": "0",
|
|
|
|
"name": "osint:certainty=\"50\"",
|
|
|
|
"relationship_type": ""
|
2023-04-21 13:25:09 +00:00
|
|
|
},
|
|
|
|
{
|
|
|
|
"colour": "#ffffff",
|
2023-05-19 09:05:37 +00:00
|
|
|
"local": "0",
|
|
|
|
"name": "tlp:white",
|
|
|
|
"relationship_type": ""
|
2023-04-21 13:25:09 +00:00
|
|
|
},
|
|
|
|
{
|
|
|
|
"colour": "#0088cc",
|
2023-05-19 09:05:37 +00:00
|
|
|
"local": "0",
|
|
|
|
"name": "misp-galaxy:mitre-enterprise-attack-attack-pattern=\"Spearphishing Attachment - T1193\"",
|
|
|
|
"relationship_type": ""
|
2023-04-21 13:25:09 +00:00
|
|
|
},
|
|
|
|
{
|
|
|
|
"colour": "#0088cc",
|
2023-05-19 09:05:37 +00:00
|
|
|
"local": "0",
|
|
|
|
"name": "misp-galaxy:mitre-enterprise-attack-attack-pattern=\"Scripting - T1064\"",
|
|
|
|
"relationship_type": ""
|
2023-04-21 13:25:09 +00:00
|
|
|
}
|
|
|
|
],
|
|
|
|
"Attribute": [
|
|
|
|
{
|
|
|
|
"category": "External analysis",
|
|
|
|
"comment": "Screenshot of the XLS document",
|
|
|
|
"data": "/9j/4AAQSkZJRgABAQAAAQABAAD/2wBDAAgGBgcGBQgHBwcJCQgKDBQNDAsLDBkSEw8UHRofHh0aHBwgJC4nICIsIxwcKDcpLDAxNDQ0Hyc5PTgyPC4zNDL/2wBDAQkJCQwLDBgNDRgyIRwhMjIyMjIyMjIyMjIyMjIyMjIyMjIyMjIyMjIyMjIyMjIyMjIyMjIyMjIyMjIyMjIyMjL/wAARCAOwBzQDASIAAhEBAxEB/8QAHwAAAQUBAQEBAQEAAAAAAAAAAAECAwQFBgcICQoL/8QAtRAAAgEDAwIEAwUFBAQAAAF9AQIDAAQRBRIhMUEGE1FhByJxFDKBkaEII0KxwRVS0fAkM2JyggkKFhcYGRolJicoKSo0NTY3ODk6Q0RFRkdISUpTVFVWV1hZWmNkZWZnaGlqc3R1dnd4eXqDhIWGh4iJipKTlJWWl5iZmqKjpKWmp6ipqrKztLW2t7i5usLDxMXGx8jJytLT1NXW19jZ2uHi4+Tl5ufo6erx8vP09fb3+Pn6/8QAHwEAAwEBAQEBAQEBAQAAAAAAAAECAwQFBgcICQoL/8QAtREAAgECBAQDBAcFBAQAAQJ3AAECAxEEBSExBhJBUQdhcRMiMoEIFEKRobHBCSMzUvAVYnLRChYkNOEl8RcYGRomJygpKjU2Nzg5OkNERUZHSElKU1RVVldYWVpjZGVmZ2hpanN0dXZ3eHl6goOEhYaHiImKkpOUlZaXmJmaoqOkpaanqKmqsrO0tba3uLm6wsPExcbHyMnK0tPU1dbX2Nna4uPk5ebn6Onq8vP09fb3+Pn6/9oADAMBAAIRAxEAPwCHwn4M1LxJokWpWlymTkMjKPlwSOpPPStw/D/xNB9wxN/wJR/WmeAjE/w2uEeCeeSKRTCkELSned+MqoPy8nPt0wcVDZ3g/wCEt0samtwoEqJFbzs0ckTbgE4I3GMHkAAAnGeNwr0MZnGMp4idNT0Ta2Xe3Y8dYSg0m47+ZzNxqd1BM8RlyyEgkCoDrV1n/WH8hWv4TtRf+PtPVs7ReeZx/sEt/wCy11V5oFlF4f8AFVxFKSNTjF/ZEEfNboY5SV4+7ukCn6fjX0lPMIQpUvaK8pRi/vaX/BOGOCdRycXom19yv/wDzz+2rr/nofyo/tq6/wCeh/Kuw1zRbBrMare3GozWdlodhJFbiSISAzSOiR7wgG1cckqSc57YrIsNI8PXGm6/q0v9q/YdPe2WBFeMSsJX2HdwR1x0xxXTDG0pQcuXbR6dW7W9SZYOSklffz8rmN/bV1/z0P5Uf21df89D+VdGfCOlrpDq1xdjU00Ma0z/AC+QEyf3eMbs4B5z/hWi/gDSrrVNJt9Nub2WyvJirX/mRSRMBGXKgDBV/lYYIPr7UPH4Zb+fTtf/ACdvTYPqVX+n/Xc4v+2rr/nofyo/tq6/56H8q7jwnouiL4m8K6laJdSWuqR3MsMN2yFonhz8zYXBHQgDGDg5OMVh3k1rqPw2Gsy208upXeteWbm4uBJJt8ouAW8sZUIANowNwyMD5alY6m6ijGOjt97bW3lYr6k1FtvXX8Fcw/7auv8Anofyo/tq6/56H8q6LwtP9j8D+K5vtt7ZYayHn2QzKuZSML86dc4PzDgnr0p3hjwvp3iPRrnVL251NZrSR5b45MrSoVLZQ7Sd+eoJb171c8VCnKfPGyi0r2vur/8AAIjhXOMeV6yv+Bzf9tXX/PQ/lR/bV1/z0P5Vq6tpWh6TZ2ccyak19e6ct/GUkjMcXmE+WjfKC2Ap3MMdBgc4F3xR4V0PQbO8hXVQNUszADFLdQk3JcDdsiU70xuB+bt6jmmsZQvFW+J2Wny/PQPqdTXy8znf7auv+eh/Kj+2rr/nofyrX+IwLfEXWh2V4QB6DyI6566s2tJzC81tI4GT9nuY5gOSMEoxAPB4PNbUKkatOE7W5lexnVo+znKO9i1/bV1/z0P5Uf21df8APQ/lXTTa1rI+GMVwNY1IXL68YzMLyTzNn2ctt3bs7cjOOmaS+8H6dpfh29ubqSZdS0z7L9qtY7oSYErBcE+UAjckgZfAwTnIzzrFwi2qkUteVW1108lpqjZ4S6Tg76X7d/8AJnNf21df89D+VH9tXX/PQ/lXReLPCmmeHtKtru2kvp3v3DWvmDYIotoJ8z5OXycAAjjnsai+Gi4+IOln/rr/AOinrRYmnKhKvBXSv0tt/VjN4ZxqRpyert+Jhf21df8APQ/lR/bV1/z0P5V3VhNb6p4X8JznUdQv5DrqQG9uwqXMbMpKhc+YCudr4JbOMcdnQKyQWsbSPKR4+MbSSY3SbQwycADnGeABXJ/aMVvDX/g+h0fUNdJHB/21df8APQ/lR/bV1/z0P5V2d/p8WpQNDJcXaxXXjSa0miDptOS/zr8m4ELhcEkcZx2DYvBGh391BHa3d9boNal0mY3DI24xo7krgDGdmBnPX8KuOY0LXmrfK/YmWAne0dTjv7auv+eh/Kj+2rr/AJ6H8q1vFnh6z0O30p4I723nvEleW1vHRpIQrALnaAOck1zOyu6hOnWgqkFp6HNVpOlLlluaH9tXX/PQ/lR/bV1/z0P5Vn7KNla8i7GdkaH9tXX/AD0P5Uf21df89D+VZ+yjZRyLsFkaH9tXX/PQ/lR/bV1/z0P5Vn7KNlHIuwWRof21df8APQ/lR/bV1/z0P5Vn7KNlHIuwWRof21df89D+VH9tXX/PQ/lWfso2Uci7BZGh/bV1/wA9D+VH9tXX/PQ/lWfso2Uci7BZGh/bV1/z0P5Uf21df89D+VZ+yjZRyLsFkaH9tXX/AD0P5Uf21df89D+VZ+yjZRyLsFkaH9tXX/PQ/lR/bV1/z0P5Vn7KNlHIuwWRof21df8APQ/lR/bV1/z0P5Vn7KNlHIuwWRof21df89D+VH9tXX/PQ/lWfso2Uci7BZGh/bV1/wA9D+VH9tXX/PQ/lWfso2Uci7BZGh/bV1/z0P5Uf21df89D+VZ+yjZRyLsFkaH9tXX/AD0P5Uf21df89D+VZ+yjZRyLsFkaH9tXX/PQ/lR/bV1/z0P5Vn7KNlHIuwWRof21df8APQ/lR/bV1/z0P5Vn7KNlHIuwWRof21df89D+VH9tXX/PQ/lWfso2Uci7BZGh/bV1/wA9D+VH9tXX/PQ/lWfso2Uci7BZGh/bV1/z0P5Uf21df89D+VZ+yjZRyLsFkaH9tXX/AD0P5Uf21df89D+VZ+yjZRyLsFkaH9tXX/PQ/lR/bV1/z0P5Vn7KNlHIuwWRof21df8APQ/lR/bV1/z0P5Vn7KNlHIuwWRof21df89D+VH9tXX/PQ/lWfso2Uci7BZGh/bV1/wA9D+VH9tXX/PQ/lWfso2Uci7BZGh/bV1/z0P5Uf21df89D+VZ+yjZRyLsFkaH9tXX/AD0P5Uf21df89D+VZ+yjYaORdgsjQ/tq6/56Gj+2rr/noaz9p9KNp9KPZrsFkaH9tXX/AD0NH9tXX/PQ1n7T6UbT6UezXYLI0P7auv8AnoaP7auv+ehrP2n0o2n0o9muwWRof21df89DR/bV1/z0NZ+0+lG0+lHs12CyND+2rr/noaP7auv+ehrP2n0o2n0o9muwWRof21df89DR/bV1/wA9DWftPpRtPpR7NdgsjQ/tq6/56Gj+2rr/AJ6Gs/afSjafSj2a7BZGh/bV1/z0NH9tXX/PQ1n7T6UbT6UezXYLI0P7auv+eho/tq6/56Gs/afSjafSj2a7BZGh/bV1/wA9DR/bV1/z0NZ+0+lG0+lHs12CyND+2rr/AJ6Gj+2rr/noaz9p9KNp9KPZrsFkaH9tXX/PQ0f21df89DWftPpRtPpR7NdgsjQ/tq6/56Gj+2rr/noaz9p9KNp9KPZrsFkaH9tXX/PQ0f21df8APQ1n7T6UbT6UezXYLI0P7auv+eho/tq6/wCehrP2n0o2n0o9muwWRof21df89DR/bV1/z0NZ+0+lG0+lHs12CyND+2rr/noaP7auv+ehrP2n0o2n0o9muwWRof21df8APQ0f21df89DWftPpRtPpR7NdgsjQ/tq6/wCeho/tq6/56Gs/afSjaf
|
|
|
|
"deleted": false,
|
|
|
|
"disable_correlation": false,
|
|
|
|
"timestamp": "1549476101",
|
|
|
|
"to_ids": false,
|
|
|
|
"type": "attachment",
|
|
|
|
"uuid": "5c5b2105-4abc-486b-b212-cb89950d210f",
|
|
|
|
"value": "index.jpeg"
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"category": "Network activity",
|
|
|
|
"comment": "Spoofed email - Pierre.Laporte@deloitte-canada.com via MTA",
|
|
|
|
"deleted": false,
|
|
|
|
"disable_correlation": false,
|
|
|
|
"timestamp": "1549476160",
|
|
|
|
"to_ids": true,
|
|
|
|
"type": "ip-src",
|
|
|
|
"uuid": "5c5b2140-e72c-496a-85a8-d0a9950d210f",
|
|
|
|
"value": "95.211.163.26"
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"category": "Network activity",
|
|
|
|
"comment": "Spoofed domain",
|
|
|
|
"deleted": false,
|
|
|
|
"disable_correlation": false,
|
|
|
|
"timestamp": "1549476340",
|
|
|
|
"to_ids": true,
|
|
|
|
"type": "domain",
|
|
|
|
"uuid": "5c5b21f4-5cc8-4fa6-9ce6-4731950d210f",
|
|
|
|
"value": "deloitte-canada.com"
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"category": "Network activity",
|
|
|
|
"comment": "",
|
|
|
|
"deleted": false,
|
|
|
|
"disable_correlation": false,
|
|
|
|
"timestamp": "1549476361",
|
|
|
|
"to_ids": true,
|
|
|
|
"type": "ip-dst",
|
|
|
|
"uuid": "5c5b2209-a91c-4c59-b6b9-4c62950d210f",
|
|
|
|
"value": "95.211.163.26"
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"category": "Network activity",
|
|
|
|
"comment": "",
|
|
|
|
"deleted": false,
|
|
|
|
"disable_correlation": false,
|
|
|
|
"timestamp": "1549476362",
|
|
|
|
"to_ids": true,
|
|
|
|
"type": "ip-dst",
|
|
|
|
"uuid": "5c5b220a-f3cc-47e2-af51-435e950d210f",
|
|
|
|
"value": "95.211.242.210"
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"category": "Network activity",
|
|
|
|
"comment": "",
|
|
|
|
"deleted": false,
|
|
|
|
"disable_correlation": false,
|
|
|
|
"timestamp": "1549476362",
|
|
|
|
"to_ids": true,
|
|
|
|
"type": "ip-dst",
|
|
|
|
"uuid": "5c5b220a-f484-4dfe-96f1-4c98950d210f",
|
|
|
|
"value": "95.211.143.214"
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"category": "Network activity",
|
|
|
|
"comment": "",
|
|
|
|
"deleted": false,
|
|
|
|
"disable_correlation": false,
|
|
|
|
"timestamp": "1549476362",
|
|
|
|
"to_ids": true,
|
|
|
|
"type": "ip-dst",
|
|
|
|
"uuid": "5c5b220a-c5d8-438d-ad6a-4051950d210f",
|
|
|
|
"value": "134.19.181.154"
|
|
|
|
}
|
|
|
|
],
|
|
|
|
"Object": [
|
|
|
|
{
|
|
|
|
"comment": "Spoofed email - Pierre.Laporte@deloitte-canada.com",
|
|
|
|
"deleted": false,
|
|
|
|
"description": "File object describing a file with meta-information",
|
|
|
|
"meta-category": "file",
|
|
|
|
"name": "file",
|
|
|
|
"template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215",
|
|
|
|
"template_version": "15",
|
|
|
|
"timestamp": "1549475312",
|
|
|
|
"uuid": "5c5b1d9a-4b6c-4631-972a-81b0950d210f",
|
|
|
|
"ObjectReference": [
|
|
|
|
{
|
|
|
|
"comment": "",
|
|
|
|
"object_uuid": "5c5b1d9a-4b6c-4631-972a-81b0950d210f",
|
|
|
|
"referenced_uuid": "0a0f1632-6e99-446c-b282-62e5e71d9795",
|
|
|
|
"relationship_type": "analysed-with",
|
|
|
|
"timestamp": "1549475312",
|
|
|
|
"uuid": "5c5b1df0-e2c8-486b-8cb2-d0a902de0b81"
|
|
|
|
}
|
|
|
|
],
|
|
|
|
"Attribute": [
|
|
|
|
{
|
|
|
|
"category": "Payload delivery",
|
|
|
|
"comment": "",
|
|
|
|
"data": "UEsDBBQACQAIAOONRk7+6a/TdloAAADmAAAgABwAYmRjOTI4ZTIwNjRmYWYzOTUwYWVmOTU1YzFjOWZhOGNVVAkAA5odW1yaHVtcdXgLAAEEIQAAAAQhAAAAlvcvCzkV9fnMIkuIzLMjMAwFiA/r5wPuavqaI2FO3KaIzaTAPoVknmUzv8sKEs+gG1YsOY8ZWw3ZFfk3j3uqnViRmHhjj+HB2mMPx+NY68+t5mYhvXf61/HZqWve336qOlG8OWG0FbaVYKWGSLfuD81mH1vdXTAfNoBSptszZpABVfOc6vJ1gW2DUsuSgpQUQSaiC6nuX4SZN1uNvOxySwgSLic8wN6/p0TbWc11L7MmpXFqtU2jzP7VJdCJnlppX4VM4qcWH5GDGlSHL0hZuwBZv4oMc67tQ0fzD8BDoXM/yrd2osINOtK3cZ0R7hEVxRdcdlquAkdF0fS9ZzT0TvKZbJVjrseBlybd3LvXC5lXqB24fGaNGo+xRy9g9wi9Eee3fyhXQs9tsTTnR/5ztzVaaF/r/PETvlOLyPSweEWQMWZO1qcjjCKqttDyJknzqFcZNEftPkX8fEYKRUio0MRISbg/zApAFza0xoVDsqDuLkRoMsCokE6+RUxlbQf/MqAk5BfsJZdzcXn0QMWmeC6I+YjxdZ5eIp0IPPEffGGSiJt6sxkjPtNptuPtr5iqDW1+9UfxO4DWFyAwndLTTFFKZ6QTVR78ITdRggdBeBSdzrj2A08Xf6RUlkraw5XdD22ieCHUzIzjJIb9oHNQh+EDkq2gNc3Dv0IlaJNoCVGycEmoRGivUwEn+MxPEyCoirZcs8r+R+O88hB9P3lZJST36d4wP0N2JRLXYDo54SR/Sv+wq1xD4wS0lca0X4I6LcJ7jve6DQXwxwLnjVa3B0Y529b7Aw1zxrdnDSq60wpVn7Xw14+JvCQYp0mrJ/Y/gtR+bUCDkZxjYmksUwVH9uTdmp092cFDPZf9kYBthFzNfFHG9rI2WlaJS3aKmybKuwhi+kZOs2lMjihkIwTolLD6E0lF5yFOXRtwcW4NrIPjwkqWJ2+sopW95xiijUAAIh+GXFuPKBCJdolSlZLxTKptYfBA75EQH1ATGGCm8TUFYLdq2sIE8kWwp5kanyr2kJgtJc7jgXDxRAZC64WQOdW3OIjGmjKRK4s6VV/4dWjAJRrcBjRFF8GqIbnYygr1DRiQ5XlNVtFZ58AbSZ55ZyXySTtfXuLyDwYBhBFmKUjqr25qyRJA2egTAmkYpPQuknMjGqlAlC1RwQX44z1+qNM/1i0A0SofjAjqb38Sz/QFqF0e0bAspxa1tEym/9S9+esPfn7njHSvdOX3ApN8ELbUtLMGwUfpncJt3LZaqWwL8Nie52xbjR72rIlFHLriL9Dcbr49t5BGHfAUM8f2iHDPiaS3kCCDxCCgnbeZbv2vul1pcRl6hiS4/gbLCdVLOhrJJ/eAVs4hqdgki3gtwiiy6BeZ0lquzu6E9ABJ7a9NMXUKZATUjwR78OGhVpGIxGv4n1PvzK4fzPZhDhqJHRpiKzLvg5P2ALIbuWuPDwfN85FdfdWzjqA64mW7lrmxFn2W/CQBlRUJ2mBnBgGiiADG2GK4gpyic8KZBg9/bJKqp6z958+cpKpfCxX5j/OGYRm85kuqRvfD2TLL73sVteoSUSGlE8tP5NxFfToafhmlFDQcOaXr0s/m01QRN1NHmVPJpLPuZa/8M+F2ZS9XerbBMav++la64VT6wn9A/+NllQEe1uhqxZP0M/cDsWp1XxmCuMcgLdhNzUO9zeDCA6rV9qHPRQ53LCgejoCIFHbyjUv06qJg9wquttkPjaXnl7xUdd/z6pKnmVlwxD7mjbqGRC0KqYWB0lI3EQ4WUQIVI+9GoSsWdHvbNX2rib1fMHyamp4MCZBX2qQSozH77qDkSEDxdQWRYG/PSDEI7Y12ApvaILIXO/JfvQ3eQU0d28VQJetAvFg7HlBcJnCjMWhoXUDUc3ERvS98y+Yn2qns4zUy+pfzgBQjmdVNG6zZDthWTYOggGlkFRLwzvelvIce79mhrPqJVxltniXma0e5wbMmsbO70vH8T2YYm+QDh5YMFOWqwqDRHc2C6DFVuZmD5jhrY6z8A4eOsIb71YzJEchOxMIQZ5+ZHtkgzOhMAFBjMYeQIT/SNrLP3TEibvDL8g0IG/Fl6SdbN1B61xsLVV+Ew2xVwIBl9wUua4OBYo6RN79SQa6AUweuipIPIAlfancikVdY2zCSB6ZNcJqhqPTR6Kdp0/yLD6Sks9b3v4f4Le88H7YZh+BgDqWVBocSDrapbos9av5A+sLbfQWedH6Xy2u9HAA0X5IQAfYWd8FIpWf5KQhzUEWozLEKmOdQ1F2D0mEXs7Rvgyr39SkA+6kDyvunEQ/zZyxObzghitovljjJowLZ+UukRtlVXyHlRaegoqMKWU66ZItca/EHfU0tp8rY0gngW20C0orQJmjF3G4H921i8z243S9gtotDpZditNSgnuwMLf9lOIH5plTw4jbYq5Rdf1aFXLjyXBxrms5keU9iG/rXQIV8wRrzDSyWoI9kBXJfpVbSlv1ha/Bh3z9652yOskn+6riNGAV1UV3n08RloxBDCpRcd+j7ptIHmFdrSo8ZsMBgt/s2vhyaOHbtkzbsnSRvusIYOHkp97RsqgwsNEedW1pQW2auSYTO7Vo0GZdKEFUSIToN5c4aXlnrGQHsoGtay6FwbsoGNZWyjEhZRy1aIsTBXy4kQRp1ndgmORmad1s5d8eRfZ4eNDTTePdIwQxM/SSaLlC65/wJQ5EZRM9jut16JwlQG5qAzSFzXoNKIGTbLj45PnrHxC+S4WjgO32+mavI1SZzzB6e1rfF4Tvss+vf3dUm+sJXjOpk8pmecFKdtFW5aFXuTqsOGDYyWsmbm5ORi4PR9iUuaXpxeIJmSKnFcKpqvktoMsiopo2np4x3WLPw2eDikz8uofFMRiLWMFuS34oom9SQQKY1jvQYZh9Cz4m7UjRQ2w1hsQmWB5GxYKgsa8vK9hV2g5Rg6cq+XcQ4g50f18fHiNJqQ7PWmockdTn80sknDWl+UICJpHyJ1gGWibEsdtoI8zsRZoJvwhnTl94gY+cZrZVxzfbGRtH5SI5iNrKR7mH98v7yLUex5bHlXQe/duBCDUDcZv4OMSL7LFsGq2H0ang02bt66LM6LOX2KFz34UqIbdusElyb6l7wa6lJkyB7+zmZEu900hRhqucfWPAmdTw7Nt6fAGn7tq1bDJ22um52kUKjSCHcnjWWQChhlzCFywCVF4Pfg7f0/RwpJHYQv2mhBI5c32IOkTHNxO5/GS9ls6M7E326rY/YCi5R7C2hQ2tO3f0pL1VbM2wcov1nKQP4fRgXmelFweicBrlWRDojH3UVOMBTCJfQMFYQzsTlz8tbc0basqT7VsGcGu55hqDAfIIpfGHNBmv16IiuIpFURIPS5UL3Z/MZBKxeMBAR/ycdlu0h5LB0G+2Agyy3w3ri5pMqHmVTTBezRgYHnO8fDGF1kcFoL6MXkKkXSGmlXlSFyXyqqI03gui1c2JCPVqLa+h/joFqBd6u+Ec+7tSgckgnNy+jhOjdNpovC14fhF+aSXDaXxswyk8KGHAT6xT5eoS0fYripVfUuYwM9hikFgrl63cHCkx69V8W9dpt6fINEpt4F/UQHkc2ArbQJyefKXKF3cV1Its0FhVIwtbNoGg6UFb9Z/RZXyz20qXaBxR4P5/3FCOKpYwXhXS/X5sLMV5g9qKdX43BzhhoBVfLD7d9sw1aRJneFS+W6jDnUeSQeXhJnkSJ23s5nMOEAxwuPJaO5wdTH5UO6LymPHHmNvnN7sGl2czapZaMMNKXvPzEalOg4PsVfsx8X9cUHqBmwuJ1incFlW9XqtkaWeia15k+NdjvdIEiboSOlWnkopt9LC5hejUFHdJVvBpNNxU2mOXq4M95f+qFkNSP459Fl22B/vtKK/N/4Af7/tDOjX+1+GzWuRXkh3XZOJs6B5TXl9dJ/hUTNQQOzd1OnTF9oBaD4Bb/I5TBOLjKok
|
|
|
|
"deleted": false,
|
|
|
|
"disable_correlation": false,
|
|
|
|
"object_relation": "malware-sample",
|
|
|
|
"timestamp": "1549475226",
|
|
|
|
"to_ids": true,
|
|
|
|
"type": "malware-sample",
|
|
|
|
"uuid": "5c5b1d9a-4d68-4d50-bd5d-81b0950d210f",
|
|
|
|
"value": "Tax_Billing.xls|bdc928e2064faf3950aef955c1c9fa8c"
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"category": "Payload delivery",
|
|
|
|
"comment": "",
|
|
|
|
"deleted": false,
|
|
|
|
"disable_correlation": false,
|
|
|
|
"object_relation": "filename",
|
|
|
|
"timestamp": "1549475226",
|
|
|
|
"to_ids": false,
|
|
|
|
"type": "filename",
|
|
|
|
"uuid": "5c5b1d9a-1f14-4484-b873-81b0950d210f",
|
|
|
|
"value": "Tax_Billing.xls"
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"category": "Payload delivery",
|
|
|
|
"comment": "",
|
|
|
|
"deleted": false,
|
|
|
|
"disable_correlation": false,
|
|
|
|
"object_relation": "md5",
|
|
|
|
"timestamp": "1549475226",
|
|
|
|
"to_ids": true,
|
|
|
|
"type": "md5",
|
|
|
|
"uuid": "5c5b1d9a-15b0-4227-986e-81b0950d210f",
|
|
|
|
"value": "bdc928e2064faf3950aef955c1c9fa8c"
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"category": "Payload delivery",
|
|
|
|
"comment": "",
|
|
|
|
"deleted": false,
|
|
|
|
"disable_correlation": false,
|
|
|
|
"object_relation": "sha1",
|
|
|
|
"timestamp": "1549475227",
|
|
|
|
"to_ids": true,
|
|
|
|
"type": "sha1",
|
|
|
|
"uuid": "5c5b1d9b-5fa4-46d6-9d00-81b0950d210f",
|
|
|
|
"value": "9f9d41aabb5e58d765f5ff4d930e6dab5fa2a613"
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"category": "Payload delivery",
|
|
|
|
"comment": "",
|
|
|
|
"deleted": false,
|
|
|
|
"disable_correlation": false,
|
|
|
|
"object_relation": "sha256",
|
|
|
|
"timestamp": "1549475227",
|
|
|
|
"to_ids": true,
|
|
|
|
"type": "sha256",
|
|
|
|
"uuid": "5c5b1d9b-41f0-4135-b254-81b0950d210f",
|
|
|
|
"value": "2f00e0bb89d863ee7834ae9cb69d98f8e826e6d328fcdd833d91d62634f675ce"
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"category": "Other",
|
|
|
|
"comment": "",
|
|
|
|
"deleted": false,
|
|
|
|
"disable_correlation": true,
|
|
|
|
"object_relation": "size-in-bytes",
|
|
|
|
"timestamp": "1549475227",
|
|
|
|
"to_ids": false,
|
|
|
|
"type": "size-in-bytes",
|
|
|
|
"uuid": "5c5b1d9b-4530-4411-b4db-81b0950d210f",
|
|
|
|
"value": "58880"
|
|
|
|
}
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"comment": "",
|
|
|
|
"deleted": false,
|
|
|
|
"description": "VirusTotal report",
|
|
|
|
"meta-category": "misc",
|
|
|
|
"name": "virustotal-report",
|
|
|
|
"template_uuid": "d7dd0154-e04f-4c34-a2fb-79f3a3a52aa4",
|
|
|
|
"template_version": "2",
|
|
|
|
"timestamp": "1549475312",
|
|
|
|
"uuid": "0a0f1632-6e99-446c-b282-62e5e71d9795",
|
|
|
|
"Attribute": [
|
|
|
|
{
|
|
|
|
"category": "Other",
|
|
|
|
"comment": "",
|
|
|
|
"deleted": false,
|
|
|
|
"disable_correlation": false,
|
|
|
|
"object_relation": "last-submission",
|
|
|
|
"timestamp": "1549475312",
|
|
|
|
"to_ids": false,
|
|
|
|
"type": "datetime",
|
|
|
|
"uuid": "b9506ea8-26cc-4d66-8391-4ba4c520d28f",
|
|
|
|
"value": "2019-02-06T17:35:34"
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"category": "External analysis",
|
|
|
|
"comment": "",
|
|
|
|
"deleted": false,
|
|
|
|
"disable_correlation": false,
|
|
|
|
"object_relation": "permalink",
|
|
|
|
"timestamp": "1549475312",
|
|
|
|
"to_ids": false,
|
|
|
|
"type": "link",
|
|
|
|
"uuid": "67dc6c75-2606-4f36-ae58-03d54e2161a1",
|
|
|
|
"value": "https://www.virustotal.com/file/2f00e0bb89d863ee7834ae9cb69d98f8e826e6d328fcdd833d91d62634f675ce/analysis/1549474534/"
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"category": "Other",
|
|
|
|
"comment": "",
|
|
|
|
"deleted": false,
|
|
|
|
"disable_correlation": true,
|
|
|
|
"object_relation": "detection-ratio",
|
|
|
|
"timestamp": "1549475312",
|
|
|
|
"to_ids": false,
|
|
|
|
"type": "text",
|
|
|
|
"uuid": "46f85060-e7ce-48bf-853f-286855dbc63b",
|
|
|
|
"value": "10/59"
|
|
|
|
}
|
|
|
|
]
|
|
|
|
}
|
|
|
|
]
|
|
|
|
}
|
|
|
|
}
|