misp-circl-feed/feeds/circl/misp/5cbf6a0e-bfa4-458c-9b40-416a02de0b81.json

1612 lines
166 KiB
JSON
Raw Normal View History

2023-04-21 13:25:09 +00:00
{
"Event": {
"analysis": "2",
"date": "2019-04-23",
"extends_uuid": "",
"info": "OSINT - FINTEAM: Trojanized TeamViewer Against Government Targets",
"publish_timestamp": "1556049219",
"published": true,
"threat_level_id": "3",
"timestamp": "1556049198",
"uuid": "5cbf6a0e-bfa4-458c-9b40-416a02de0b81",
"Orgc": {
"name": "CIRCL",
"uuid": "55f6ea5e-2c60-40e5-964f-47a8950d210f"
},
"Tag": [
{
"colour": "#004646",
2023-05-19 09:05:37 +00:00
"local": "0",
"name": "type:OSINT",
"relationship_type": ""
2023-04-21 13:25:09 +00:00
},
{
"colour": "#0071c3",
2023-05-19 09:05:37 +00:00
"local": "0",
"name": "osint:lifetime=\"perpetual\"",
"relationship_type": ""
2023-04-21 13:25:09 +00:00
},
{
"colour": "#0087e8",
2023-05-19 09:05:37 +00:00
"local": "0",
"name": "osint:certainty=\"50\"",
"relationship_type": ""
2023-04-21 13:25:09 +00:00
},
{
"colour": "#ffffff",
2023-05-19 09:05:37 +00:00
"local": "0",
"name": "tlp:white",
"relationship_type": ""
2023-04-21 13:25:09 +00:00
},
{
"colour": "#0088cc",
2023-05-19 09:05:37 +00:00
"local": "0",
"name": "misp-galaxy:mitre-attack-pattern=\"Spearphishing Attachment - T1193\"",
"relationship_type": ""
2023-04-21 13:25:09 +00:00
},
{
"colour": "#0088cc",
2023-05-19 09:05:37 +00:00
"local": "0",
"name": "misp-galaxy:mitre-attack-pattern=\"Exfiltration Over Command and Control Channel - T1041\"",
"relationship_type": ""
2023-04-21 13:25:09 +00:00
},
{
"colour": "#0088cc",
2023-05-19 09:05:37 +00:00
"local": "0",
"name": "misp-galaxy:mitre-attack-pattern=\"Screen Capture - T1113\"",
"relationship_type": ""
2023-04-21 13:25:09 +00:00
}
],
"Attribute": [
{
"category": "External analysis",
"comment": "",
"deleted": false,
"disable_correlation": false,
"timestamp": "1556048432",
"to_ids": false,
"type": "text",
"uuid": "5cbf6a30-2d74-406a-bf99-47c702de0b81",
"value": "Recently, Check Point researchers spotted a targeted attack against officials within government finance authorities and representatives in several embassies in Europe. The attack, which starts with a malicious attachment disguised as a top secret US document, weaponizes TeamViewer, the popular remote access and desktop sharing software, to gain full control of the infected computer.\r\n\r\nBy investigating the entire infection chain and attack infrastructure, we were able to track previous operations that share many characteristics with this attack\u00e2\u20ac\u2122s inner workings. We also came across an online avatar of a Russian speaking hacker, who seems to be in charge of the tools developed and used in this attack.\r\n\r\nIn this article, we will discuss the infection chain, those targeted, the tools used and a possible attribution to one of the hackers behind the attack."
},
{
"category": "External analysis",
"comment": "",
"deleted": false,
"disable_correlation": false,
"timestamp": "1556048446",
"to_ids": false,
"type": "link",
"uuid": "5cbf6a3e-d13c-4103-b9f1-4e1202de0b81",
"value": "https://research.checkpoint.com/finteam-trojanized-teamviewer-against-government-targets/"
},
{
"category": "External analysis",
"comment": "The infection chain",
"data": "iVBORw0KGgoAAAANSUhEUgAABQMAAALuCAYAAAAaOgCIAAAABGdBTUEAALGPC/xhBQAAAAlwSFlzAAAh1QAAIdUBBJy0nQAA/7JJREFUeF7snQeYXFX9sP8WUEAEpSrdBhZAyoeoiFgQBRFQpEkRBBEEBZUmndB7753QQg299xpCEwi9JJAeWhISIOV8+56dM9y9uTO7szu7M7v7vs/ze5KduX3OLee9v3PO/wURERERERERERHpFygDRURERERERERE+gnKQBERERERERERkX6CMlBERERERERERKSfoAwUERERERERERHpJygDRURERERERERE+gnKQBERERERERERkX6CMlBERERERERERKSfoAwUERERERERERHpJ/RrGThixIhwzz339JkYMmRImDhxYmnvRERERERERERE2tJvZeAHH3wQtt566/DpT386/N///V+fiEUWWSScccYZcd9ERERERERERETy9FsZ+PDDD4c555yzUKr15vjGN74RBg0aVNpLERERERERERGRT+i3MpAMuiTQPvvZz4bvfve7YcMNNwwbbbRRr4l11lknzDvvvG1kIPGd73wn3H///aU9FRERERERERERaaXfysDjjjuuLM/IEPznP/8ZXnzxxfD666/3mrj77rujxMyKwBSrrbZaePLJJ0t7KyIiIiIiIiIiogyMMddcc4X99tsvfPTRR6VvewcvvfRSWGGFFdpIwBSzzTZbWHfddcPLL79cmlpERERERERERPo7ysCW6IsykJhjjjnClltuGd58880wc+bM0lwiIiIiIiIiItJfUQa2RF+VgcTcc88dm0CPHj1aISgiIiIiIiIi0s9RBrZEX5aBxAILLBAOPvjgMGHChNKcIiIiIiIiIiLSH1EGtkRfl4HE4osvHk477bQwadKk0twiIiIiIiIiItLfUAa2RH+QgcTSSy8dLr300l63nyIiIiIiIiIiUh+UgS3RX2Qgseyyy4bbbruttAQREREREREREelPKANboj/JwE996lNhpZVWCsOGDSstRURERERERERE+gvKwJboTzKQ+PSnPx1+85vfhDfffLO0JBERERERERER6Q8oA1uiv8lA4nOf+1zYdNNNw+jRo8PMmTNLSxQRERERERERkb6MMrAl+qMMJL7whS+EnXfeOYwZM6a0RBERERERERER6csoA1uiv8pAYsEFFwwDBgwIEyZMKC1VRERERERERET6KsrAlujPMpBYYoklwsknnxzee++90pJFRERERERERKQvogxsif4uA4llllkmXHzxxWHKlCmlpYuIiIiIiIiISF9DGdgSysD/C5/61Kfism699dYwbdq00hpERERERERERKQvoQxsCWVga3zmM58JP/jBD8JTTz1VWoOIiIiIiIiIiPQllIEtoQz8JBCCP/vZz8L48eNLaxERERERERERkb6CMrAllIFt49Of/nTYeOONw8SJE0trEhERERERERGRvoAysCV6qwx8+eWXw8orr9xG5NUrFlhggXDDDTeU1iQiIiIiIiIiIn0BZWBLVJKBDKRB9t1jjz0Whg4d2ql4/PHHw5NPPtmleOKJJwqXff3114dVVlmljcSrV3zpS18KF1xwQelIiIiIiIiIiIhIX0AZ2BKVZODbb78d/v73v4eNNtoobL/99uGvf/1rTbHddtuF9dZbL/zwhz/sUvzmN78J22yzzSzL/8tf/hK/QwgWBYOBLLvssuGrX/1qWHXVVcPaa68dpy+KtdZaKyy66KKxibAyUERERERERESkb6IMrCIDR48eHdZff/1w+OGHh3vvvTfcc889NcXNN98cttxyy/J6OhOf+tSn4oAe11xzTeE67r///vDAAw8UxoMPPhjOPffcsOGGG4aLLroovPjii+GFF16YJfj8mWeeCX/4wx/CbLPNFterDBQRERERERER6XsoA1uimgzcZJNNwo033lj6pDYYgGPfffctr6czgQxkMI8xY8aUllobNHEmq/Guu+4qfVLM1KlTY/bh7LPPHterDBQRERERERER6XsoA1uiPRnY2YE0mkUG0qRYGSgiIiIiIiIiIsrAllAGKgNFRERERERERPoDysCWUAYqA0VERERERERE+gPKwJaoJgMZSfiyyy6LIwtPmDChphg+fHjYbbfdyuvpTCADGcTk+eefL1xHtWCbkYDbbrutMlBERERERERERJSBRDUZuPbaa4fNNtssHHzwweHAAw+sKVjmGmusEeacc84w33zzdSq++MUvhmWXXTbsvvvu4aCDDipcT6UYMGBA2GGHHcI666wTRx6uhjJQRERERERERKTvowysIgNpmotIQ5Ide+yx4ZhjjqkpDj300CgTiRNOOKHmOP7448N2220XfvjDH4b999+/cB3txS677BJ+97vfKQNFREREREREREQZWE0Gpj4Db7zxxtIntfH+++9HIUhGX2eYPn16uO6668L2228fRo4cWfq0NuwzUEREREREREREEsrADsjAzg4gUg8ZOHjwYGWgiIiIiIiIiIjUBWWgMjCiDBQRERERERER6fsoA5WBEWWgiIiIiIiIiEjfRxnYARl4/fXXhxkzZkQ5V0u8++674ZBDDokysOj79uLjjz8O1157bZR5b775Zs3bwPRDhgxRBoqIiIiIiIiISEQZ2I4MXG+99cKAAQPCHXfcEW655ZaaAom49dZbhy233DLcfPPNnQpGEWY04ssuuyzceuuthdNUCqY/9dRTw8Ybbxzuvvvu0l4VowwUEREREREREen7KAOryMAxY8aENddcM6yxxhrhz3/+c5R6tcSf/vSnsNxyy4XPfe5z4Ytf/GKnYs4554yCbu655y78vr1g/pVXXjncd999pb0qRhkoIiIiIiIiItL3UQZWkYFkBv7xj38Ml1xySRg/fnwYO3ZsTfHGG2+Ef/3rX+X1NCqUgSIiIiIiIiIiAsrAluiuAUQmTpwY9t133/J6GhXKQBERERERERERAWVgSygDlYEiIiIiIiIiIv0BZWBLKAOVgSIiIiIiIiIi/QFlYEsoA5WBIiIiIiIiIiL9AWVgS7Q3gAhS7K233qo5XnzxxbDrrruW19OoUAaKiIiIiIiIiAgoA1uikgwcM2ZMWHPNNcPqq68eNt9887DZZpvVFGQVLrfccmH++ecPSy+9dM3xrW99KyyyyCJhnnnmCV//+tcLp2kvllhiifDjH/843HvvvaW9KkYZKCIiIiIiIiLS91EGVpGBZAaut9564cADDwy33HJLuOmmm2qKq6++Ovz5z3+Occcdd9Qct912WxgwYED47W9/GwYNGlQ4TXtx+umnRyl59913l/aqGGWgiIiIiIiIiEjfRxnYjgxEpN14442lT2rj/fffD4cddlgUep1h+vTp4brrrgt/+9vfwqhRo0qf1sbQoUPD9ttvH+66667SJ8UoA0VERERERERE+j7KwA7IwM4OIIIMPPTQQ8NBBx1U+qQ2kIGDBw+OMm/kyJGlT2vjscceC3/961+VgSIiIiIiIiIiogxUBrZSJAPPPfHU8P5VD4QJh11mGD0Th18W3jnlujDlgefCzCltz0cRERERERER6TrKQGVgpEgGnnP0iWHCMVeGtzY+xDB6LEZudlgY889Tw5SHhpVKp4iIiIiIiIjUC2VgOzJw4403jv328V2tMWHChHDwwQeHAw44oPD79mLKlClxEJLtttsuDB8+vHCa9uLhhx9WBhq9LzY5JLw/6L4w86NppRIqIiIiIiIiIvVAGVhFBo4ZMyZssMEGUZIdeeSRcTCQWgIRyEjAa6+9duH3HYmtt946/OQnPwn77LNPOPzwwwunqRRMv8suu4Q//OEP4b777ivtVTHKQKPZ4v1L7gozP/y4VEJFREREREREpB4oA6vIwMmTJ4czzjgj/Oc//wm77bZbp2LPPfeMUfRdR2KPPfYIe+21V9h9990Lv+9InHjiieH1118v7VUxlfsMvL+4bzfDqHOM3PJIZaCIiIiIiIhIN6MMrCID+xNFMtDRhKUnGf2PU5WBIiIiIiIiIt2MMlAZGFEGSqNRBoqIiIiIiIh0P8pAZWBEGS
"deleted": false,
"disable_correlation": false,
"timestamp": "1556048744",
"to_ids": false,
"type": "attachment",
"uuid": "5cbf6b68-94b8-4d3d-ab5f-465b02de0b81",
"value": "fig2-2.png"
},
{
"category": "Payload delivery",
"comment": "DLL",
"deleted": false,
"disable_correlation": false,
"timestamp": "1556048787",
"to_ids": true,
"type": "md5",
"uuid": "5cbf6b93-a6f4-4209-8988-464202de0b81",
"value": "013e87b874477fcad54ada4fa0a274a2"
},
{
"category": "Payload delivery",
"comment": "DLL",
"deleted": false,
"disable_correlation": false,
"timestamp": "1556048787",
"to_ids": true,
"type": "md5",
"uuid": "5cbf6b93-d258-45f6-98f7-4d7402de0b81",
"value": "799ab035023b655506c0d565996579b5"
},
{
"category": "Payload delivery",
"comment": "DLL",
"deleted": false,
"disable_correlation": false,
"timestamp": "1556048787",
"to_ids": true,
"type": "md5",
"uuid": "5cbf6b93-8084-4076-ae2f-4a0302de0b81",
"value": "e1167cb7f3735d4edec5f7219cea64ef"
},
{
"category": "Payload delivery",
"comment": "DLL",
"deleted": false,
"disable_correlation": false,
"timestamp": "1556048787",
"to_ids": true,
"type": "md5",
"uuid": "5cbf6b93-a7ec-4978-8a41-45cf02de0b81",
"value": "6cc0218d2b93a243721b088f177d8e8f"
},
{
"category": "Payload delivery",
"comment": "DLL",
"deleted": false,
"disable_correlation": false,
"timestamp": "1556048787",
"to_ids": true,
"type": "md5",
"uuid": "5cbf6b93-8134-4e33-a650-442902de0b81",
"value": "aad0d93a570e6230f843dcdf20041e1e"
},
{
"category": "Payload delivery",
"comment": "DLL",
"deleted": false,
"disable_correlation": false,
"timestamp": "1556048787",
"to_ids": true,
"type": "md5",
"uuid": "5cbf6b93-2ad4-442c-a2e9-4f4802de0b81",
"value": "1e741ebc08af09edc69f017e170b9852"
},
{
"category": "Payload delivery",
"comment": "DLL",
"deleted": false,
"disable_correlation": false,
"timestamp": "1556048787",
"to_ids": true,
"type": "md5",
"uuid": "5cbf6b93-0bec-4fce-9d79-4b2902de0b81",
"value": "c6ae889f3bee42cc19a728ba66fa3d99"
},
{
"category": "Payload delivery",
"comment": "DLL",
"deleted": false,
"disable_correlation": false,
"timestamp": "1556048787",
"to_ids": true,
"type": "md5",
"uuid": "5cbf6b93-6384-4770-b866-4ba202de0b81",
"value": "1675cdec4c0ff49993a1fcbdfad85e56"
},
{
"category": "Payload delivery",
"comment": "DLL",
"deleted": false,
"disable_correlation": false,
"timestamp": "1556048787",
"to_ids": true,
"type": "md5",
"uuid": "5cbf6b93-255c-43ca-b72d-4de402de0b81",
"value": "72de32fa52cc2fab2b0584c26657820f"
},
{
"category": "Payload delivery",
"comment": "DLL",
"deleted": false,
"disable_correlation": false,
"timestamp": "1556048787",
"to_ids": true,
"type": "md5",
"uuid": "5cbf6b93-088c-4d83-9c6d-480f02de0b81",
"value": "44038b936667f6ce2333af80086f877f"
},
{
"category": "Payload delivery",
"comment": "Document",
"deleted": false,
"disable_correlation": false,
"timestamp": "1556048806",
"to_ids": true,
"type": "md5",
"uuid": "5cbf6ba6-9694-417a-aaec-43d402de0b81",
"value": "4acf624ad87609d476180ecc4c96c355"
},
{
"category": "Payload delivery",
"comment": "Document",
"deleted": false,
"disable_correlation": false,
"timestamp": "1556048806",
"to_ids": true,
"type": "md5",
"uuid": "5cbf6ba6-07d0-4fe2-89b3-416902de0b81",
"value": "4dbe9dbfb53438d9ce410535355cd973"
},
{
"category": "Network activity",
"comment": "C&C",
"deleted": false,
"disable_correlation": false,
"timestamp": "1556048825",
"to_ids": true,
"type": "url",
"uuid": "5cbf6bb9-24bc-42bd-9f62-461702de0b81",
"value": "1c-ru.net/check/license"
},
{
"category": "Network activity",
"comment": "C&C",
"deleted": false,
"disable_correlation": false,
"timestamp": "1556048825",
"to_ids": true,
"type": "url",
"uuid": "5cbf6bb9-81a8-4146-a75d-4cdb02de0b81",
"value": "intersys32.com/3307/"
},
{
"category": "Network activity",
"comment": "C&C",
"deleted": false,
"disable_correlation": false,
"timestamp": "1556048825",
"to_ids": true,
"type": "url",
"uuid": "5cbf6bb9-9fb0-4ed7-bf1f-419f02de0b81",
"value": "146.0.72.180/3307/"
},
{
"category": "Network activity",
"comment": "C&C",
"deleted": false,
"disable_correlation": false,
"timestamp": "1556048825",
"to_ids": true,
"type": "url",
"uuid": "5cbf6bb9-56bc-4939-b104-4a2402de0b81",
"value": "146.0.72.180/newcpanel_gate/gate.php"
},
{
"category": "Network activity",
"comment": "C&C",
"deleted": false,
"disable_correlation": false,
"timestamp": "1556048825",
"to_ids": true,
"type": "url",
"uuid": "5cbf6bb9-fae4-40e3-8c27-43d902de0b81",
"value": "185.70.186.145/gate.php"
},
{
"category": "Network activity",
"comment": "C&C",
"deleted": false,
"disable_correlation": false,
"timestamp": "1556048825",
"to_ids": true,
"type": "url",
"uuid": "5cbf6bb9-d18c-41ee-a107-4a4002de0b81",
"value": "185.70.186.145/index.php"
},
{
"category": "Network activity",
"comment": "C&C",
"deleted": false,
"disable_correlation": false,
"timestamp": "1556048825",
"to_ids": true,
"type": "url",
"uuid": "5cbf6bb9-963c-49d3-85d9-42fc02de0b81",
"value": "193.109.69.5/3307/gate.php"
},
{
"category": "Network activity",
"comment": "C&C",
"deleted": false,
"disable_correlation": false,
"timestamp": "1556048825",
"to_ids": true,
"type": "url",
"uuid": "5cbf6bb9-fe58-4761-8fc5-497d02de0b81",
"value": "193.109.69.5/9125/gate.php"
},
{
"category": "Artifacts dropped",
"comment": "",
"deleted": false,
"disable_correlation": false,
"timestamp": "1556048849",
"to_ids": true,
"type": "yara",
"uuid": "5cbf6bd1-c00c-4b4e-a3d0-456d02de0b81",
"value": "rule \"TeamViwer_backdoor\"\r\n{\r\n\r\nmeta:\r\ndate = \"2019-04-14\"\r\ndescription = \"Detects malicious TeamViewer DLLs\"\r\n\r\nstrings:\r\n\r\n// PostMessageW hook function\r\n$x1 = {55 8b ec 8b 45 0c 3d 12 01 00 00 75 05 83 c8 ff eb 12 8b 55 14 52 8b 55 10 52 50 8b 45 08 50 e8}\r\n\r\ncondition:\r\nuint16(0) == 0x5a4d and $x1\r\n}"
},
{
"category": "Other",
"comment": "Banks being targeted on compromised system",
"deleted": false,
"disable_correlation": false,
"timestamp": "1556048966",
"to_ids": false,
"type": "comment",
"uuid": "5cbf6c46-0a70-4531-a13f-46a602de0b81",
"value": "bankofamerica.com,pacwestbancorp.com,alipay.com,cbbank.com,firstrepublic.com,chase.com\r\ncitibank.com,bankamerica.com,wellsfargo.com,citicorp.com,pncbank.com,us.hsbc.com,bnymellon.com\r\nusbank.com,suntrust.com,statestreet.com,capitalone.com,bbt.com,tdbank.com,rbs.com,regions.com\r\n53.com,ingdirect.com,keybank.com,ntrs.com,www4.bmo.com,usa.bnpparibas.com,mufg.jp,aibgroup.com\r\ncomerica.com,zionsbank.com,mibank.com,bbvabancomerusa.com,huntington.com,bank.etrade.com,synovus.com\r\nbancopopular.com,navyfcu.org,schwab.com,rbcbankusa.com,colonialbank.com,hudsoncitysavingsbank.com,db.com\r\npeoples.com,ncsecu.org,associatedbank.com,bankofoklahoma.com,mynycb.com,firsthorizon.com,firstcitizens.com\r\nastoriafederal.com,firstbankpr.com,commercebank.com,cnb.com,websterbank.com,fbopcorporation.com\r\nfrostbank.com,guarantygroup.com,amtrust.com,nypbt.com,wbpr.com,fult.com,penfed.org,tcfbank.com,lehman.com\r\nbancorpsouthonline.com,valleynationalbank.com,thesouthgroup.com,whitneybank.com,susquehanna.net,citizensonline.com\r\nucbh.com,raymondjames.com,firstbanks.com,wilmingtontrust.com,bankunited.com,thirdfederal.com,wintrustfinancial.com\r\nsterlingsavingsbank.com,boh.com,arvest.com,eastwestbank.com,efirstbank.com,theprivatebank.com,flagstar.com\r\nbecu.org,umb.com,firstmerit.com,corusbank.com,svb.com,prosperitybanktx.com,washingtonfederal.com\r\nucbi.com,metlife.com,ibc.com,cathaybank.com,trustmark.com,centralbancompany.com,umpquabank.com\r\npcbancorp.com,schoolsfirstfcu.org,mbfinancial.com,natpennbank.com,fnbcorporation.com,fnfg.com,golden1.com\r\nhancockbank.com,firstcitizensonline.com,ubsi-wv.com,firstmidwest.com,oldnational.com,ottobremer.org\r\nfirstinterstatebank.com,northwestsavingsbank.com,easternbank.com,suncoastfcu.org,santander.com\r\neverbank.com,bostonprivate.com,firstfedca.com,english.leumi.co.il,aacreditunion.org,rabobank.com\r\nparknationalbank.com,provbank.com,alliantcreditunion.org,capitolbancorp.com,newalliancebank.com\r\njohnsonbank.com,doralbank.com,fcfbank.com,pinnaclebancorp.net,providentnj.com,oceanbank.com\r\nssfcu.org,capfed.com,iberiabank.com,sdccu.com,americafirst.com,hncbank.com,bfcfinancial.com\r\namcore.com,nbtbank.com,centralpacificbank.com,banksterling.com,bannerbank.com,firstmerchants.com,communitybankna.com\r\nhsbc.com,rbs.co.uk,bankofinternet.com,ally.com,bankofindia.co.in,boi.com.sg,unionbankofindia.co.in,bankofindia.uk.com\r\nunionbankonline.co.in,hdfcbank.com,axisbank.com,icicibank.com,paypal.com,pnm.com,wmtransfer.com,skrill.com,neteller.com\r\npayeer.com,westernunion.com,payoneer.com,capitalone.com,moneygram.com,payza.com"
},
{
"category": "Other",
"comment": "Bitcoin market targeted on compromised system",
"deleted": false,
"disable_correlation": false,
"timestamp": "1556048998",
"to_ids": false,
"type": "comment",
"uuid": "5cbf6c66-ffe0-4a8c-9824-47fe02de0b81",
"value": "blockchain.info,cryptonator.com,bitpay.com,bitcoinpay.com,binance.com,bitfinex.com,okex.com\r\nhuobi.pro,bitflyer.jp,bitstamp.net,kraken.com,zb.com,upbit.com,bithumb.com,bittrex.com,bitflyer.jp\r\netherdelta.com,hitbtc.com,poloniex.com,coinone.co.kr,wex.nz,gate.io,exmo.com,exmo.me,yobit.net\r\nkorbit.co.kr,kucoin.com,livecoin.net,cex.io,c-cex.com,localbitcoins.net,localbitcoins.com,luno.com\r\nallcoin.com,anxpro.com,big.one,mercatox.com,therocktrading.com,okcoin.com,bleutrade.com,exchange.btcc.com\r\nbitkonan.com,coinbase.com,bitgo.com,greenaddress.it,strongcoin.com,xapo.com\r\nelectrum.org,etherscan.io,myetherwallet.com,bitcoin.com"
},
{
"category": "Other",
"comment": "Online services targeted on the compromised system",
"deleted": false,
"disable_correlation": false,
"timestamp": "1556049035",
"to_ids": false,
"type": "comment",
"uuid": "5cbf6c8b-a614-4dd5-8ac6-4f0302de0b81",
"value": "ebay,amazon,wish.com,aliexpress,flipkart.com,rakuten.com,walmart.com\r\ntarget.com,bestbuy.com,banggood.com,tinydeal.com,dx.com,zalando,jd.com\r\njd.id,gearbest.com,lightinthebox.com,miniinthebox.co"
}
],
"Object": [
{
"comment": "The infection flow starts with an XLSM document with malicious macros, which is sent to potential victims via e-mail under the subject \u00e2\u20ac\u0153Military Financing Program\u00e2\u20ac\u009d",
"deleted": false,
"description": "File object describing a file with meta-information",
"meta-category": "file",
"name": "file",
"template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215",
"template_version": "16",
"timestamp": "1556048684",
"uuid": "5cbf6b2c-3ab8-4c16-8a67-489a02de0b81",
"Attribute": [
{
"category": "Payload delivery",
"comment": "",
"deleted": false,
"disable_correlation": true,
"object_relation": "filename",
"timestamp": "1556048684",
"to_ids": true,
"type": "filename",
"uuid": "5cbf6b2c-8020-4a74-b2b7-4f6902de0b81",
"value": "Military Financing.xlsm"
},
{
"category": "Payload delivery",
"comment": "",
"deleted": false,
"disable_correlation": false,
"object_relation": "sha256",
"timestamp": "1556048684",
"to_ids": true,
"type": "sha256",
"uuid": "5cbf6b2c-c17c-47c8-b94a-42f902de0b81",
"value": "efe51c2453821310c7a34dca3054021d0f6d453b7133c381d75e3140901efd12"
},
{
"category": "Other",
"comment": "",
"deleted": false,
"disable_correlation": true,
"object_relation": "file-encoding",
"timestamp": "1556048684",
"to_ids": false,
"type": "text",
"uuid": "5cbf6b2c-a0d0-4dae-8e08-412c02de0b81",
"value": "Adobe-Standard-Encoding"
},
{
"category": "Other",
"comment": "",
"deleted": false,
"disable_correlation": true,
"object_relation": "state",
"timestamp": "1556048684",
"to_ids": false,
"type": "text",
"uuid": "5cbf6b2c-2024-4f15-aba4-4a2802de0b81",
"value": "Malicious"
}
]
},
{
"comment": "",
"deleted": false,
"description": "File object describing a file with meta-information",
"meta-category": "file",
"name": "file",
"template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215",
"template_version": "15",
"timestamp": "1556049067",
"uuid": "844728a6-db55-4b98-aac5-2958c52b5690",
"ObjectReference": [
{
"comment": "",
"object_uuid": "844728a6-db55-4b98-aac5-2958c52b5690",
"referenced_uuid": "d91efdf2-3005-4924-922f-9ce8b309d20d",
"relationship_type": "analysed-with",
"timestamp": "1556049070",
"uuid": "5cbf6cae-90b4-4406-89c3-4e7902de0b81"
}
],
"Attribute": [
{
"category": "Payload delivery",
"comment": "DLL",
"deleted": false,
"disable_correlation": false,
"object_relation": "md5",
"timestamp": "1556048787",
"to_ids": true,
"type": "md5",
"uuid": "35bd5ebf-7dba-4906-9a25-c060c9af6d5d",
"value": "1e741ebc08af09edc69f017e170b9852"
},
{
"category": "Payload delivery",
"comment": "DLL",
"deleted": false,
"disable_correlation": false,
"object_relation": "sha1",
"timestamp": "1556048787",
"to_ids": true,
"type": "sha1",
"uuid": "ea2d28ae-559f-4daf-ba6c-32baed400c5f",
"value": "6f7dfdcfd999c965f5f55fa96a62760f2e1821a7"
},
{
"category": "Payload delivery",
"comment": "DLL",
"deleted": false,
"disable_correlation": false,
"object_relation": "sha256",
"timestamp": "1556048787",
"to_ids": true,
"type": "sha256",
"uuid": "355a18ce-f148-49c8-9ea5-e2d7cfbe3b50",
"value": "68f543331aee74b8da5cb4351ef46d8102e912e44f9bd602a1d6a945e65492a8"
}
]
},
{
"comment": "",
"deleted": false,
"description": "VirusTotal report",
"meta-category": "misc",
"name": "virustotal-report",
"template_uuid": "d7dd0154-e04f-4c34-a2fb-79f3a3a52aa4",
"template_version": "2",
"timestamp": "1556049068",
"uuid": "d91efdf2-3005-4924-922f-9ce8b309d20d",
"Attribute": [
{
"category": "Other",
"comment": "DLL",
"deleted": false,
"disable_correlation": false,
"object_relation": "last-submission",
"timestamp": "1556048787",
"to_ids": false,
"type": "datetime",
"uuid": "a18a10e1-06c4-4742-a841-0e35bcbea718",
"value": "2019-04-23T17:40:32"
},
{
"category": "Payload delivery",
"comment": "DLL",
"deleted": false,
"disable_correlation": false,
"object_relation": "permalink",
"timestamp": "1556048787",
"to_ids": false,
"type": "link",
"uuid": "e355a052-de28-4864-b4a2-0c24c0bf27bc",
"value": "https://www.virustotal.com/file/68f543331aee74b8da5cb4351ef46d8102e912e44f9bd602a1d6a945e65492a8/analysis/1556041232/"
},
{
"category": "Payload delivery",
"comment": "DLL",
"deleted": false,
"disable_correlation": true,
"object_relation": "detection-ratio",
"timestamp": "1556048787",
"to_ids": false,
"type": "text",
"uuid": "909412c3-6e16-4f57-b98c-9f05c1b8c0b1",
"value": "25/70"
}
]
},
{
"comment": "",
"deleted": false,
"description": "File object describing a file with meta-information",
"meta-category": "file",
"name": "file",
"template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215",
"template_version": "15",
"timestamp": "1556049068",
"uuid": "dd76b439-cce9-4957-9a55-13d1eb572e3b",
"ObjectReference": [
{
"comment": "",
"object_uuid": "dd76b439-cce9-4957-9a55-13d1eb572e3b",
"referenced_uuid": "b2ff0fe0-cf2f-4d34-8122-6dd13acc61d4",
"relationship_type": "analysed-with",
"timestamp": "1556049070",
"uuid": "5cbf6cae-1f98-444f-886c-4ef902de0b81"
}
],
"Attribute": [
{
"category": "Payload delivery",
"comment": "Document",
"deleted": false,
"disable_correlation": false,
"object_relation": "md5",
"timestamp": "1556048806",
"to_ids": true,
"type": "md5",
"uuid": "d1d379bd-ee86-4a4d-a1ad-ca8208a26dbd",
"value": "4dbe9dbfb53438d9ce410535355cd973"
},
{
"category": "Payload delivery",
"comment": "Document",
"deleted": false,
"disable_correlation": false,
"object_relation": "sha1",
"timestamp": "1556048806",
"to_ids": true,
"type": "sha1",
"uuid": "1a09f115-f02d-4e5e-b9ef-6493c6327a59",
"value": "816b013c8be6e5708690645964b5d442c085041e"
},
{
"category": "Payload delivery",
"comment": "Document",
"deleted": false,
"disable_correlation": false,
"object_relation": "sha256",
"timestamp": "1556048806",
"to_ids": true,
"type": "sha256",
"uuid": "868e095d-2a9f-4452-aa3a-d1c16210e296",
"value": "efe51c2453821310c7a34dca3054021d0f6d453b7133c381d75e3140901efd12"
}
]
},
{
"comment": "",
"deleted": false,
"description": "VirusTotal report",
"meta-category": "misc",
"name": "virustotal-report",
"template_uuid": "d7dd0154-e04f-4c34-a2fb-79f3a3a52aa4",
"template_version": "2",
"timestamp": "1556049068",
"uuid": "b2ff0fe0-cf2f-4d34-8122-6dd13acc61d4",
"Attribute": [
{
"category": "Other",
"comment": "Document",
"deleted": false,
"disable_correlation": false,
"object_relation": "last-submission",
"timestamp": "1556048806",
"to_ids": false,
"type": "datetime",
"uuid": "3bfc3de0-329e-4230-829c-c56c374958ee",
"value": "2019-04-23T16:49:44"
},
{
"category": "Payload delivery",
"comment": "Document",
"deleted": false,
"disable_correlation": false,
"object_relation": "permalink",
"timestamp": "1556048806",
"to_ids": false,
"type": "link",
"uuid": "83b49148-89fd-4982-93c8-5e7ec843185c",
"value": "https://www.virustotal.com/file/efe51c2453821310c7a34dca3054021d0f6d453b7133c381d75e3140901efd12/analysis/1556038184/"
},
{
"category": "Payload delivery",
"comment": "Document",
"deleted": false,
"disable_correlation": true,
"object_relation": "detection-ratio",
"timestamp": "1556048806",
"to_ids": false,
"type": "text",
"uuid": "cbf9f8ae-f2ca-4ff8-a460-49bfdcd363c3",
"value": "39/61"
}
]
},
{
"comment": "",
"deleted": false,
"description": "File object describing a file with meta-information",
"meta-category": "file",
"name": "file",
"template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215",
"template_version": "15",
"timestamp": "1556049068",
"uuid": "4a680b06-e200-4a0c-83d3-89b373ef8503",
"ObjectReference": [
{
"comment": "",
"object_uuid": "4a680b06-e200-4a0c-83d3-89b373ef8503",
"referenced_uuid": "5ca1d1f5-8c98-41a1-b4b3-946d7cc6026e",
"relationship_type": "analysed-with",
"timestamp": "1556049070",
"uuid": "5cbf6cae-ada4-4477-843c-401802de0b81"
}
],
"Attribute": [
{
"category": "Payload delivery",
"comment": "DLL",
"deleted": false,
"disable_correlation": false,
"object_relation": "md5",
"timestamp": "1556048787",
"to_ids": true,
"type": "md5",
"uuid": "884e32d4-485a-421e-95fb-69f991830d20",
"value": "799ab035023b655506c0d565996579b5"
},
{
"category": "Payload delivery",
"comment": "DLL",
"deleted": false,
"disable_correlation": false,
"object_relation": "sha1",
"timestamp": "1556048787",
"to_ids": true,
"type": "sha1",
"uuid": "a649d04d-0ab5-48cc-92ff-737d333a1ac9",
"value": "43cd68e741a2207579c0f5ab4d34acd9cd9f703c"
},
{
"category": "Payload delivery",
"comment": "DLL",
"deleted": false,
"disable_correlation": false,
"object_relation": "sha256",
"timestamp": "1556048787",
"to_ids": true,
"type": "sha256",
"uuid": "0cd3a3ea-3567-4eef-9dd7-fe85c9c2d00a",
"value": "41f749bdca8c2abed3e1c8c520b6734b819e241af370eb5921fbecaa514171fe"
}
]
},
{
"comment": "",
"deleted": false,
"description": "VirusTotal report",
"meta-category": "misc",
"name": "virustotal-report",
"template_uuid": "d7dd0154-e04f-4c34-a2fb-79f3a3a52aa4",
"template_version": "2",
"timestamp": "1556049068",
"uuid": "5ca1d1f5-8c98-41a1-b4b3-946d7cc6026e",
"Attribute": [
{
"category": "Other",
"comment": "DLL",
"deleted": false,
"disable_correlation": false,
"object_relation": "last-submission",
"timestamp": "1556048787",
"to_ids": false,
"type": "datetime",
"uuid": "46d396cd-68ca-4399-a81c-dcd6930b4aba",
"value": "2019-04-23T17:39:46"
},
{
"category": "Payload delivery",
"comment": "DLL",
"deleted": false,
"disable_correlation": false,
"object_relation": "permalink",
"timestamp": "1556048787",
"to_ids": false,
"type": "link",
"uuid": "e07569c2-f663-4d58-b6ef-2784f32c276b",
"value": "https://www.virustotal.com/file/41f749bdca8c2abed3e1c8c520b6734b819e241af370eb5921fbecaa514171fe/analysis/1556041186/"
},
{
"category": "Payload delivery",
"comment": "DLL",
"deleted": false,
"disable_correlation": true,
"object_relation": "detection-ratio",
"timestamp": "1556048787",
"to_ids": false,
"type": "text",
"uuid": "922e99b9-ec3d-4853-8af1-b74221421dd9",
"value": "34/67"
}
]
},
{
"comment": "",
"deleted": false,
"description": "File object describing a file with meta-information",
"meta-category": "file",
"name": "file",
"template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215",
"template_version": "15",
"timestamp": "1556049068",
"uuid": "a98ac785-a670-485e-8de9-81be78a84acd",
"ObjectReference": [
{
"comment": "",
"object_uuid": "a98ac785-a670-485e-8de9-81be78a84acd",
"referenced_uuid": "b0818f5a-42aa-495c-a1c5-b486770e1093",
"relationship_type": "analysed-with",
"timestamp": "1556049070",
"uuid": "5cbf6cae-31a8-43de-8a94-462702de0b81"
}
],
"Attribute": [
{
"category": "Payload delivery",
"comment": "DLL",
"deleted": false,
"disable_correlation": false,
"object_relation": "md5",
"timestamp": "1556048787",
"to_ids": true,
"type": "md5",
"uuid": "1d897430-0363-4df9-9ddd-937061121cab",
"value": "72de32fa52cc2fab2b0584c26657820f"
},
{
"category": "Payload delivery",
"comment": "DLL",
"deleted": false,
"disable_correlation": false,
"object_relation": "sha1",
"timestamp": "1556048787",
"to_ids": true,
"type": "sha1",
"uuid": "dbc2a581-590a-4fec-ac2d-d2dd05c80120",
"value": "cf7909caccc91004cbbb0289835c0bb0fb4b58d2"
},
{
"category": "Payload delivery",
"comment": "DLL",
"deleted": false,
"disable_correlation": false,
"object_relation": "sha256",
"timestamp": "1556048787",
"to_ids": true,
"type": "sha256",
"uuid": "91137264-aee8-4cb8-9632-f77a7edca987",
"value": "3fd738d510d3f503a871d30c05a4ecda11fb7d1c63a628cdbfcc4164a8d867f4"
}
]
},
{
"comment": "",
"deleted": false,
"description": "VirusTotal report",
"meta-category": "misc",
"name": "virustotal-report",
"template_uuid": "d7dd0154-e04f-4c34-a2fb-79f3a3a52aa4",
"template_version": "2",
"timestamp": "1556049069",
"uuid": "b0818f5a-42aa-495c-a1c5-b486770e1093",
"Attribute": [
{
"category": "Other",
"comment": "DLL",
"deleted": false,
"disable_correlation": false,
"object_relation": "last-submission",
"timestamp": "1556048787",
"to_ids": false,
"type": "datetime",
"uuid": "d3fd8a5b-69b3-49b1-921f-8e96b2c8c8ad",
"value": "2019-04-23T17:39:45"
},
{
"category": "Payload delivery",
"comment": "DLL",
"deleted": false,
"disable_correlation": false,
"object_relation": "permalink",
"timestamp": "1556048787",
"to_ids": false,
"type": "link",
"uuid": "30298f00-f942-4a01-b6f7-f542f878c1ac",
"value": "https://www.virustotal.com/file/3fd738d510d3f503a871d30c05a4ecda11fb7d1c63a628cdbfcc4164a8d867f4/analysis/1556041185/"
},
{
"category": "Payload delivery",
"comment": "DLL",
"deleted": false,
"disable_correlation": true,
"object_relation": "detection-ratio",
"timestamp": "1556048787",
"to_ids": false,
"type": "text",
"uuid": "b171c6bf-8fcb-4272-8ba9-3dda7f6cf09f",
"value": "30/66"
}
]
},
{
"comment": "",
"deleted": false,
"description": "File object describing a file with meta-information",
"meta-category": "file",
"name": "file",
"template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215",
"template_version": "15",
"timestamp": "1556049069",
"uuid": "72399b1b-24f0-4118-96a3-5ad99ec976bb",
"ObjectReference": [
{
"comment": "",
"object_uuid": "72399b1b-24f0-4118-96a3-5ad99ec976bb",
"referenced_uuid": "d2fb9c7b-488e-4065-8473-56f9fea46380",
"relationship_type": "analysed-with",
"timestamp": "1556049070",
"uuid": "5cbf6cae-1540-4e30-84e8-4bd602de0b81"
}
],
"Attribute": [
{
"category": "Payload delivery",
"comment": "DLL",
"deleted": false,
"disable_correlation": false,
"object_relation": "md5",
"timestamp": "1556048787",
"to_ids": true,
"type": "md5",
"uuid": "be2ea57d-b6cf-43ab-8834-763cc9a6fb1b",
"value": "1675cdec4c0ff49993a1fcbdfad85e56"
},
{
"category": "Payload delivery",
"comment": "DLL",
"deleted": false,
"disable_correlation": false,
"object_relation": "sha1",
"timestamp": "1556048787",
"to_ids": true,
"type": "sha1",
"uuid": "fe9b05fc-5055-4e09-b41f-05fe645856d8",
"value": "376f8936258a0c6a2f29bbf9b2a55d9d7282d348"
},
{
"category": "Payload delivery",
"comment": "DLL",
"deleted": false,
"disable_correlation": false,
"object_relation": "sha256",
"timestamp": "1556048787",
"to_ids": true,
"type": "sha256",
"uuid": "bfba91d3-7fec-451b-b020-9e00f6ccb3d1",
"value": "a3d0d9b1b830fcb48f312634b2ec045e2859f051a9c415a37cd5ba30b70c1224"
}
]
},
{
"comment": "",
"deleted": false,
"description": "VirusTotal report",
"meta-category": "misc",
"name": "virustotal-report",
"template_uuid": "d7dd0154-e04f-4c34-a2fb-79f3a3a52aa4",
"template_version": "2",
"timestamp": "1556049069",
"uuid": "d2fb9c7b-488e-4065-8473-56f9fea46380",
"Attribute": [
{
"category": "Other",
"comment": "DLL",
"deleted": false,
"disable_correlation": false,
"object_relation": "last-submission",
"timestamp": "1556048787",
"to_ids": false,
"type": "datetime",
"uuid": "86c39be1-a7e5-40c5-919d-3ae8b35c8720",
"value": "2019-04-23T17:41:42"
},
{
"category": "Payload delivery",
"comment": "DLL",
"deleted": false,
"disable_correlation": false,
"object_relation": "permalink",
"timestamp": "1556048787",
"to_ids": false,
"type": "link",
"uuid": "1c870542-6483-47cf-839a-2e1f51f8eda5",
"value": "https://www.virustotal.com/file/a3d0d9b1b830fcb48f312634b2ec045e2859f051a9c415a37cd5ba30b70c1224/analysis/1556041302/"
},
{
"category": "Payload delivery",
"comment": "DLL",
"deleted": false,
"disable_correlation": true,
"object_relation": "detection-ratio",
"timestamp": "1556048787",
"to_ids": false,
"type": "text",
"uuid": "8d1105be-f922-4d67-8c93-a66c6e003a48",
"value": "35/66"
}
]
},
{
"comment": "",
"deleted": false,
"description": "File object describing a file with meta-information",
"meta-category": "file",
"name": "file",
"template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215",
"template_version": "15",
"timestamp": "1556049069",
"uuid": "b806bdf8-c5e7-45f9-8e37-444ee7c09c2d",
"ObjectReference": [
{
"comment": "",
"object_uuid": "b806bdf8-c5e7-45f9-8e37-444ee7c09c2d",
"referenced_uuid": "61f76b3b-866f-4009-82f3-60fb8d0d8324",
"relationship_type": "analysed-with",
"timestamp": "1556049070",
"uuid": "5cbf6cae-98e0-4737-8127-428b02de0b81"
}
],
"Attribute": [
{
"category": "Payload delivery",
"comment": "DLL",
"deleted": false,
"disable_correlation": false,
"object_relation": "md5",
"timestamp": "1556048787",
"to_ids": true,
"type": "md5",
"uuid": "604513c9-69e7-42bb-af3d-e49920dffdf9",
"value": "013e87b874477fcad54ada4fa0a274a2"
},
{
"category": "Payload delivery",
"comment": "DLL",
"deleted": false,
"disable_correlation": false,
"object_relation": "sha1",
"timestamp": "1556048787",
"to_ids": true,
"type": "sha1",
"uuid": "4789591b-b7ed-4c8d-a204-37d495e2d8a3",
"value": "32a175ba416fec7f85c405abd58384a7f40225da"
},
{
"category": "Payload delivery",
"comment": "DLL",
"deleted": false,
"disable_correlation": false,
"object_relation": "sha256",
"timestamp": "1556048787",
"to_ids": true,
"type": "sha256",
"uuid": "07238cf2-43b9-4082-a4fa-f5d0782753ca",
"value": "b4b5f7d0778c7954461536bca8943d3f87a7808bc33632ca899660b0f62f43aa"
}
]
},
{
"comment": "",
"deleted": false,
"description": "VirusTotal report",
"meta-category": "misc",
"name": "virustotal-report",
"template_uuid": "d7dd0154-e04f-4c34-a2fb-79f3a3a52aa4",
"template_version": "2",
"timestamp": "1556049069",
"uuid": "61f76b3b-866f-4009-82f3-60fb8d0d8324",
"Attribute": [
{
"category": "Other",
"comment": "DLL",
"deleted": false,
"disable_correlation": false,
"object_relation": "last-submission",
"timestamp": "1556048787",
"to_ids": false,
"type": "datetime",
"uuid": "ab449183-8ddc-49c7-a89a-8c520ff95a37",
"value": "2019-04-23T17:38:52"
},
{
"category": "Payload delivery",
"comment": "DLL",
"deleted": false,
"disable_correlation": false,
"object_relation": "permalink",
"timestamp": "1556048787",
"to_ids": false,
"type": "link",
"uuid": "f5c45e4a-99af-4f0e-b570-3173f5b0dd8e",
"value": "https://www.virustotal.com/file/b4b5f7d0778c7954461536bca8943d3f87a7808bc33632ca899660b0f62f43aa/analysis/1556041132/"
},
{
"category": "Payload delivery",
"comment": "DLL",
"deleted": false,
"disable_correlation": true,
"object_relation": "detection-ratio",
"timestamp": "1556048787",
"to_ids": false,
"type": "text",
"uuid": "82e67755-f1b0-46a1-b464-255c94526f04",
"value": "23/69"
}
]
},
{
"comment": "",
"deleted": false,
"description": "File object describing a file with meta-information",
"meta-category": "file",
"name": "file",
"template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215",
"template_version": "15",
"timestamp": "1556049069",
"uuid": "01581d8a-6268-4e99-963b-a4b8dae4f91b",
"ObjectReference": [
{
"comment": "",
"object_uuid": "01581d8a-6268-4e99-963b-a4b8dae4f91b",
"referenced_uuid": "81f1f4ef-811f-4d46-8ade-0ab42c570b53",
"relationship_type": "analysed-with",
"timestamp": "1556049070",
"uuid": "5cbf6cae-464c-45de-b45d-42e502de0b81"
}
],
"Attribute": [
{
"category": "Payload delivery",
"comment": "DLL",
"deleted": false,
"disable_correlation": false,
"object_relation": "md5",
"timestamp": "1556048787",
"to_ids": true,
"type": "md5",
"uuid": "f47bd07d-c2a1-43e5-97b2-fc572f86ff7b",
"value": "e1167cb7f3735d4edec5f7219cea64ef"
},
{
"category": "Payload delivery",
"comment": "DLL",
"deleted": false,
"disable_correlation": false,
"object_relation": "sha1",
"timestamp": "1556048787",
"to_ids": true,
"type": "sha1",
"uuid": "6174e019-b1b9-42eb-8ada-82a5056e9905",
"value": "9b32cbdba2f3f40f2072dbeb61b345c910e45b39"
},
{
"category": "Payload delivery",
"comment": "DLL",
"deleted": false,
"disable_correlation": false,
"object_relation": "sha256",
"timestamp": "1556048787",
"to_ids": true,
"type": "sha256",
"uuid": "7dfb5593-267e-44c5-8311-ec746a519508",
"value": "b2ab87d5408a19b0d65d49b74c0f3d879ac55c3e57117e4117ff500394e2ad17"
}
]
},
{
"comment": "",
"deleted": false,
"description": "VirusTotal report",
"meta-category": "misc",
"name": "virustotal-report",
"template_uuid": "d7dd0154-e04f-4c34-a2fb-79f3a3a52aa4",
"template_version": "2",
"timestamp": "1556049069",
"uuid": "81f1f4ef-811f-4d46-8ade-0ab42c570b53",
"Attribute": [
{
"category": "Other",
"comment": "DLL",
"deleted": false,
"disable_correlation": false,
"object_relation": "last-submission",
"timestamp": "1556048787",
"to_ids": false,
"type": "datetime",
"uuid": "51869580-7688-4e93-820b-a649004b6b92",
"value": "2019-04-23T17:38:49"
},
{
"category": "Payload delivery",
"comment": "DLL",
"deleted": false,
"disable_correlation": false,
"object_relation": "permalink",
"timestamp": "1556048787",
"to_ids": false,
"type": "link",
"uuid": "7604ebdf-694b-4ec7-8ae1-20e92f6005f6",
"value": "https://www.virustotal.com/file/b2ab87d5408a19b0d65d49b74c0f3d879ac55c3e57117e4117ff500394e2ad17/analysis/1556041129/"
},
{
"category": "Payload delivery",
"comment": "DLL",
"deleted": false,
"disable_correlation": true,
"object_relation": "detection-ratio",
"timestamp": "1556048787",
"to_ids": false,
"type": "text",
"uuid": "5cda701c-25d6-4e02-b737-b5d75e6c2ebb",
"value": "42/64"
}
]
},
{
"comment": "",
"deleted": false,
"description": "File object describing a file with meta-information",
"meta-category": "file",
"name": "file",
"template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215",
"template_version": "15",
"timestamp": "1556049069",
"uuid": "9e7b3d6a-7ea2-4cfd-865e-32d8c8f79d7a",
"ObjectReference": [
{
"comment": "",
"object_uuid": "9e7b3d6a-7ea2-4cfd-865e-32d8c8f79d7a",
"referenced_uuid": "01589ece-7e55-4ff5-8089-0e3c79e3bc60",
"relationship_type": "analysed-with",
"timestamp": "1556049070",
"uuid": "5cbf6cae-0aa4-4bf5-9d4a-482702de0b81"
}
],
"Attribute": [
{
"category": "Payload delivery",
"comment": "DLL",
"deleted": false,
"disable_correlation": false,
"object_relation": "md5",
"timestamp": "1556048787",
"to_ids": true,
"type": "md5",
"uuid": "1b349ee3-2339-43ff-94e9-b49458b2c86d",
"value": "c6ae889f3bee42cc19a728ba66fa3d99"
},
{
"category": "Payload delivery",
"comment": "DLL",
"deleted": false,
"disable_correlation": false,
"object_relation": "sha1",
"timestamp": "1556048787",
"to_ids": true,
"type": "sha1",
"uuid": "41f766d4-2a47-4cd9-a04f-e2e121a6e1b9",
"value": "18cb6155efbfa3311b919ae8e10fbf35680466a8"
},
{
"category": "Payload delivery",
"comment": "DLL",
"deleted": false,
"disable_correlation": false,
"object_relation": "sha256",
"timestamp": "1556048787",
"to_ids": true,
"type": "sha256",
"uuid": "13d24160-0c71-4f57-858d-aad82fd237c6",
"value": "8fbeaabbe09e9e2c97c49e5d9352001df044e7ce277f35d4a617add07216da07"
}
]
},
{
"comment": "",
"deleted": false,
"description": "VirusTotal report",
"meta-category": "misc",
"name": "virustotal-report",
"template_uuid": "d7dd0154-e04f-4c34-a2fb-79f3a3a52aa4",
"template_version": "2",
"timestamp": "1556049069",
"uuid": "01589ece-7e55-4ff5-8089-0e3c79e3bc60",
"Attribute": [
{
"category": "Other",
"comment": "DLL",
"deleted": false,
"disable_correlation": false,
"object_relation": "last-submission",
"timestamp": "1556048787",
"to_ids": false,
"type": "datetime",
"uuid": "7f532053-8e61-436f-80e6-642db2580516",
"value": "2019-04-23T17:41:19"
},
{
"category": "Payload delivery",
"comment": "DLL",
"deleted": false,
"disable_correlation": false,
"object_relation": "permalink",
"timestamp": "1556048787",
"to_ids": false,
"type": "link",
"uuid": "ffff54f9-ea34-4088-b94a-f2cd438010d2",
"value": "https://www.virustotal.com/file/8fbeaabbe09e9e2c97c49e5d9352001df044e7ce277f35d4a617add07216da07/analysis/1556041279/"
},
{
"category": "Payload delivery",
"comment": "DLL",
"deleted": false,
"disable_correlation": true,
"object_relation": "detection-ratio",
"timestamp": "1556048787",
"to_ids": false,
"type": "text",
"uuid": "77a783e8-0442-4a8c-a48a-06ee3e5afd7d",
"value": "12/66"
}
]
},
{
"comment": "",
"deleted": false,
"description": "File object describing a file with meta-information",
"meta-category": "file",
"name": "file",
"template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215",
"template_version": "15",
"timestamp": "1556049069",
"uuid": "df884a16-5a27-4416-99db-3e9912ebca78",
"ObjectReference": [
{
"comment": "",
"object_uuid": "df884a16-5a27-4416-99db-3e9912ebca78",
"referenced_uuid": "3b6a92d0-719d-4a15-a595-3074f0540e6c",
"relationship_type": "analysed-with",
"timestamp": "1556049071",
"uuid": "5cbf6caf-e050-4ce4-abd4-49bb02de0b81"
}
],
"Attribute": [
{
"category": "Payload delivery",
"comment": "DLL",
"deleted": false,
"disable_correlation": false,
"object_relation": "md5",
"timestamp": "1556048787",
"to_ids": true,
"type": "md5",
"uuid": "28f0562d-8a55-4283-971e-38e8bc6ec4eb",
"value": "aad0d93a570e6230f843dcdf20041e1e"
},
{
"category": "Payload delivery",
"comment": "DLL",
"deleted": false,
"disable_correlation": false,
"object_relation": "sha1",
"timestamp": "1556048787",
"to_ids": true,
"type": "sha1",
"uuid": "f26fc036-27d9-4a01-9d40-9fcfb2ae71eb",
"value": "57fe83b6465e52198bd76b8b987601f716009033"
},
{
"category": "Payload delivery",
"comment": "DLL",
"deleted": false,
"disable_correlation": false,
"object_relation": "sha256",
"timestamp": "1556048787",
"to_ids": true,
"type": "sha256",
"uuid": "1bbefe07-47f9-4089-9789-c17485f4df7c",
"value": "4e676f83ebb765ee3d2215b9e957b966947049fcffc251c2b2f97121a19ef4fc"
}
]
},
{
"comment": "",
"deleted": false,
"description": "VirusTotal report",
"meta-category": "misc",
"name": "virustotal-report",
"template_uuid": "d7dd0154-e04f-4c34-a2fb-79f3a3a52aa4",
"template_version": "2",
"timestamp": "1556049070",
"uuid": "3b6a92d0-719d-4a15-a595-3074f0540e6c",
"Attribute": [
{
"category": "Other",
"comment": "DLL",
"deleted": false,
"disable_correlation": false,
"object_relation": "last-submission",
"timestamp": "1556048787",
"to_ids": false,
"type": "datetime",
"uuid": "e233f21b-719a-474c-8b07-e588aa3d2788",
"value": "2019-04-23T17:39:59"
},
{
"category": "Payload delivery",
"comment": "DLL",
"deleted": false,
"disable_correlation": false,
"object_relation": "permalink",
"timestamp": "1556048787",
"to_ids": false,
"type": "link",
"uuid": "13cd1ac1-419f-4846-9315-77dd39ebb887",
"value": "https://www.virustotal.com/file/4e676f83ebb765ee3d2215b9e957b966947049fcffc251c2b2f97121a19ef4fc/analysis/1556041199/"
},
{
"category": "Payload delivery",
"comment": "DLL",
"deleted": false,
"disable_correlation": true,
"object_relation": "detection-ratio",
"timestamp": "1556048787",
"to_ids": false,
"type": "text",
"uuid": "0584b8de-b7e3-45d9-a5b2-44c1699e1b0c",
"value": "25/67"
}
]
},
{
"comment": "",
"deleted": false,
"description": "File object describing a file with meta-information",
"meta-category": "file",
"name": "file",
"template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215",
"template_version": "15",
"timestamp": "1556049070",
"uuid": "9e33914c-3535-460f-9164-a5708f650474",
"ObjectReference": [
{
"comment": "",
"object_uuid": "9e33914c-3535-460f-9164-a5708f650474",
"referenced_uuid": "069666d4-4b61-4682-b4a8-15e1157809b1",
"relationship_type": "analysed-with",
"timestamp": "1556049071",
"uuid": "5cbf6caf-8f4c-41da-bd00-44ac02de0b81"
}
],
"Attribute": [
{
"category": "Payload delivery",
"comment": "DLL",
"deleted": false,
"disable_correlation": false,
"object_relation": "md5",
"timestamp": "1556048787",
"to_ids": true,
"type": "md5",
"uuid": "d8b8537e-cdb4-4319-9577-2bf12e620350",
"value": "44038b936667f6ce2333af80086f877f"
},
{
"category": "Payload delivery",
"comment": "DLL",
"deleted": false,
"disable_correlation": false,
"object_relation": "sha1",
"timestamp": "1556048787",
"to_ids": true,
"type": "sha1",
"uuid": "8a5b5f83-33ec-497c-ac83-159905b7f6e3",
"value": "60dfcc9c2c6ec97538981dd38196607382256693"
},
{
"category": "Payload delivery",
"comment": "DLL",
"deleted": false,
"disable_correlation": false,
"object_relation": "sha256",
"timestamp": "1556048787",
"to_ids": true,
"type": "sha256",
"uuid": "c9485111-6d75-4a1e-b096-491b70c8f6e5",
"value": "9f262e3f57d8dbb1778b8eff2e82165719dd2cf85ce2f292c87d7080d085d0fa"
}
]
},
{
"comment": "",
"deleted": false,
"description": "VirusTotal report",
"meta-category": "misc",
"name": "virustotal-report",
"template_uuid": "d7dd0154-e04f-4c34-a2fb-79f3a3a52aa4",
"template_version": "2",
"timestamp": "1556049070",
"uuid": "069666d4-4b61-4682-b4a8-15e1157809b1",
"Attribute": [
{
"category": "Other",
"comment": "DLL",
"deleted": false,
"disable_correlation": false,
"object_relation": "last-submission",
"timestamp": "1556048787",
"to_ids": false,
"type": "datetime",
"uuid": "17ed0452-d09e-4583-8eb6-5be41a9ea4a8",
"value": "2019-04-23T17:41:36"
},
{
"category": "Payload delivery",
"comment": "DLL",
"deleted": false,
"disable_correlation": false,
"object_relation": "permalink",
"timestamp": "1556048787",
"to_ids": false,
"type": "link",
"uuid": "57085397-af38-489e-8aae-a67fbc224e25",
"value": "https://www.virustotal.com/file/9f262e3f57d8dbb1778b8eff2e82165719dd2cf85ce2f292c87d7080d085d0fa/analysis/1556041296/"
},
{
"category": "Payload delivery",
"comment": "DLL",
"deleted": false,
"disable_correlation": true,
"object_relation": "detection-ratio",
"timestamp": "1556048787",
"to_ids": false,
"type": "text",
"uuid": "8f91b43d-3ce6-4ed3-aa2f-e748a318b36c",
"value": "39/69"
}
]
},
{
"comment": "",
"deleted": false,
"description": "File object describing a file with meta-information",
"meta-category": "file",
"name": "file",
"template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215",
"template_version": "15",
"timestamp": "1556049070",
"uuid": "a8cbfe77-303e-4ed5-a426-8eef04f8c90f",
"ObjectReference": [
{
"comment": "",
"object_uuid": "a8cbfe77-303e-4ed5-a426-8eef04f8c90f",
"referenced_uuid": "ef8f35b5-6d4c-4f8d-beaf-3aa69c27f617",
"relationship_type": "analysed-with",
"timestamp": "1556049071",
"uuid": "5cbf6caf-d514-41cb-bea3-4ac002de0b81"
}
],
"Attribute": [
{
"category": "Payload delivery",
"comment": "DLL",
"deleted": false,
"disable_correlation": false,
"object_relation": "md5",
"timestamp": "1556048787",
"to_ids": true,
"type": "md5",
"uuid": "cf8135e3-2695-4af9-8cc1-e36b90825d45",
"value": "6cc0218d2b93a243721b088f177d8e8f"
},
{
"category": "Payload delivery",
"comment": "DLL",
"deleted": false,
"disable_correlation": false,
"object_relation": "sha1",
"timestamp": "1556048787",
"to_ids": true,
"type": "sha1",
"uuid": "7fbce6e9-a3c3-4f72-a249-2b53ccdb4101",
"value": "16115abc3b3ea066abcdabe64b5165b90a516cb6"
},
{
"category": "Payload delivery",
"comment": "DLL",
"deleted": false,
"disable_correlation": false,
"object_relation": "sha256",
"timestamp": "1556048787",
"to_ids": true,
"type": "sha256",
"uuid": "1ac38fff-440c-4fb2-8b51-bb8911b92ded",
"value": "fa7aab5d6e62cd1d9d5c92d793cbd3f570d9d4c3c6b1744a25382e93c679f570"
}
]
},
{
"comment": "",
"deleted": false,
"description": "VirusTotal report",
"meta-category": "misc",
"name": "virustotal-report",
"template_uuid": "d7dd0154-e04f-4c34-a2fb-79f3a3a52aa4",
"template_version": "2",
"timestamp": "1556049070",
"uuid": "ef8f35b5-6d4c-4f8d-beaf-3aa69c27f617",
"Attribute": [
{
"category": "Other",
"comment": "DLL",
"deleted": false,
"disable_correlation": false,
"object_relation": "last-submission",
"timestamp": "1556048787",
"to_ids": false,
"type": "datetime",
"uuid": "b02cfccf-7452-456d-b25a-434217cc59d6",
"value": "2019-04-23T17:39:57"
},
{
"category": "Payload delivery",
"comment": "DLL",
"deleted": false,
"disable_correlation": false,
"object_relation": "permalink",
"timestamp": "1556048787",
"to_ids": false,
"type": "link",
"uuid": "958325a3-46fe-4e63-8980-03632c66f874",
"value": "https://www.virustotal.com/file/fa7aab5d6e62cd1d9d5c92d793cbd3f570d9d4c3c6b1744a25382e93c679f570/analysis/1556041197/"
},
{
"category": "Payload delivery",
"comment": "DLL",
"deleted": false,
"disable_correlation": true,
"object_relation": "detection-ratio",
"timestamp": "1556048787",
"to_ids": false,
"type": "text",
"uuid": "dcce3632-fdb9-40fd-86e6-856e9e34ea19",
"value": "21/65"
}
]
}
]
}
}