2023-04-21 13:25:09 +00:00
|
|
|
{
|
|
|
|
"Event": {
|
|
|
|
"analysis": "0",
|
|
|
|
"date": "2019-12-27",
|
|
|
|
"extends_uuid": "",
|
|
|
|
"info": "OSINT - The #BronzeUnion/#LuckyMouse/#APT27 infection checker",
|
|
|
|
"publish_timestamp": "1577444887",
|
|
|
|
"published": true,
|
|
|
|
"threat_level_id": "3",
|
|
|
|
"timestamp": "1577444825",
|
|
|
|
"uuid": "5e05dbcc-074c-40d1-884b-2a2402de0b81",
|
|
|
|
"Orgc": {
|
|
|
|
"name": "CIRCL",
|
|
|
|
"uuid": "55f6ea5e-2c60-40e5-964f-47a8950d210f"
|
|
|
|
},
|
|
|
|
"Tag": [
|
|
|
|
{
|
|
|
|
"colour": "#004646",
|
2023-05-19 09:05:37 +00:00
|
|
|
"local": "0",
|
|
|
|
"name": "type:OSINT",
|
|
|
|
"relationship_type": ""
|
2023-04-21 13:25:09 +00:00
|
|
|
},
|
|
|
|
{
|
|
|
|
"colour": "#0071c3",
|
2023-05-19 09:05:37 +00:00
|
|
|
"local": "0",
|
|
|
|
"name": "osint:lifetime=\"perpetual\"",
|
|
|
|
"relationship_type": ""
|
2023-04-21 13:25:09 +00:00
|
|
|
},
|
|
|
|
{
|
|
|
|
"colour": "#0087e8",
|
2023-05-19 09:05:37 +00:00
|
|
|
"local": "0",
|
|
|
|
"name": "osint:certainty=\"50\"",
|
|
|
|
"relationship_type": ""
|
2023-04-21 13:25:09 +00:00
|
|
|
},
|
|
|
|
{
|
|
|
|
"colour": "#ffffff",
|
2023-05-19 09:05:37 +00:00
|
|
|
"local": "0",
|
|
|
|
"name": "tlp:white",
|
|
|
|
"relationship_type": ""
|
2023-04-21 13:25:09 +00:00
|
|
|
},
|
|
|
|
{
|
|
|
|
"colour": "#0088cc",
|
2023-05-19 09:05:37 +00:00
|
|
|
"local": "0",
|
|
|
|
"name": "misp-galaxy:mitre-enterprise-attack-intrusion-set=\"Threat Group-3390\"",
|
|
|
|
"relationship_type": ""
|
2023-04-21 13:25:09 +00:00
|
|
|
},
|
|
|
|
{
|
|
|
|
"colour": "#0088cc",
|
2023-05-19 09:05:37 +00:00
|
|
|
"local": "0",
|
|
|
|
"name": "misp-galaxy:mitre-intrusion-set=\"Threat Group-3390 - G0027\"",
|
|
|
|
"relationship_type": ""
|
2023-04-21 13:25:09 +00:00
|
|
|
},
|
|
|
|
{
|
|
|
|
"colour": "#10c700",
|
2023-05-19 09:05:37 +00:00
|
|
|
"local": "0",
|
|
|
|
"name": "misp-galaxy:threat-actor=\"Emissary Panda\"",
|
|
|
|
"relationship_type": ""
|
2023-04-21 13:25:09 +00:00
|
|
|
}
|
|
|
|
],
|
|
|
|
"Object": [
|
|
|
|
{
|
|
|
|
"comment": "",
|
|
|
|
"deleted": false,
|
|
|
|
"description": "Microblog post like a Twitter tweet or a post on a Facebook wall.",
|
|
|
|
"meta-category": "misc",
|
|
|
|
"name": "microblog",
|
|
|
|
"template_uuid": "8ec8c911-ddbe-4f5b-895b-fbff70c42a60",
|
|
|
|
"template_version": "10",
|
|
|
|
"timestamp": "1577443247",
|
|
|
|
"uuid": "5e05dc58-f414-4b69-ad6c-783502de0b81",
|
|
|
|
"ObjectReference": [
|
|
|
|
{
|
|
|
|
"comment": "",
|
|
|
|
"object_uuid": "5e05dc58-f414-4b69-ad6c-783502de0b81",
|
|
|
|
"referenced_uuid": "5e05dd70-9208-40c5-b67c-4c5702de0b81",
|
|
|
|
"relationship_type": "includes",
|
|
|
|
"timestamp": "1577443106",
|
|
|
|
"uuid": "5e05df22-a30c-46a6-80ed-2a3702de0b81"
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"comment": "",
|
|
|
|
"object_uuid": "5e05dc58-f414-4b69-ad6c-783502de0b81",
|
|
|
|
"referenced_uuid": "5e05dd38-b9ec-482d-be27-7d2f02de0b81",
|
|
|
|
"relationship_type": "includes",
|
|
|
|
"timestamp": "1577443202",
|
|
|
|
"uuid": "5e05df82-e260-4699-9323-466902de0b81"
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"comment": "",
|
|
|
|
"object_uuid": "5e05dc58-f414-4b69-ad6c-783502de0b81",
|
|
|
|
"referenced_uuid": "5e05dd58-1b74-45da-8f3e-7d3802de0b81",
|
|
|
|
"relationship_type": "includes",
|
|
|
|
"timestamp": "1577443223",
|
|
|
|
"uuid": "5e05df97-5c38-4f01-858b-40c102de0b81"
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"comment": "",
|
|
|
|
"object_uuid": "5e05dc58-f414-4b69-ad6c-783502de0b81",
|
|
|
|
"referenced_uuid": "a205acac-b463-4e5a-8362-6cf764f34d83",
|
|
|
|
"relationship_type": "references",
|
|
|
|
"timestamp": "1577443247",
|
|
|
|
"uuid": "5e05dfaf-32c8-4e3a-b92c-4fe502de0b81"
|
|
|
|
}
|
|
|
|
],
|
|
|
|
"Attribute": [
|
|
|
|
{
|
|
|
|
"category": "Other",
|
|
|
|
"comment": "",
|
|
|
|
"deleted": false,
|
|
|
|
"disable_correlation": true,
|
|
|
|
"object_relation": "type",
|
|
|
|
"timestamp": "1577442392",
|
|
|
|
"to_ids": false,
|
|
|
|
"type": "text",
|
|
|
|
"uuid": "5e05dc58-8e54-4ab5-a504-783502de0b81",
|
|
|
|
"value": "Twitter"
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"category": "Other",
|
|
|
|
"comment": "",
|
|
|
|
"deleted": false,
|
|
|
|
"disable_correlation": false,
|
|
|
|
"object_relation": "post",
|
|
|
|
"timestamp": "1577442392",
|
|
|
|
"to_ids": false,
|
|
|
|
"type": "text",
|
|
|
|
"uuid": "5e05dc58-dbd8-4d65-8cf0-783502de0b81",
|
|
|
|
"value": "The #BronzeUnion/#LuckyMouse/#APT27 infection checker. Possibly from http://cert.ir\r\nMD5: 86c9e95dcf69f6eca2a176407dcb99ff\r\nRahaSecIOC-x86.exe"
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"category": "External analysis",
|
|
|
|
"comment": "",
|
|
|
|
"deleted": false,
|
|
|
|
"disable_correlation": false,
|
|
|
|
"object_relation": "link",
|
|
|
|
"timestamp": "1577442392",
|
|
|
|
"to_ids": false,
|
|
|
|
"type": "link",
|
|
|
|
"uuid": "5e05dc58-bd40-482c-8e53-783502de0b81",
|
|
|
|
"value": "https://twitter.com/Vishnyak0v/status/1210476931143098368"
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"category": "Other",
|
|
|
|
"comment": "",
|
|
|
|
"deleted": false,
|
|
|
|
"disable_correlation": false,
|
|
|
|
"object_relation": "hashtag",
|
|
|
|
"timestamp": "1577442392",
|
|
|
|
"to_ids": false,
|
|
|
|
"type": "text",
|
|
|
|
"uuid": "5e05dc58-2b84-4691-bd5b-783502de0b81",
|
|
|
|
"value": "#BronzeUnion"
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"category": "Other",
|
|
|
|
"comment": "",
|
|
|
|
"deleted": false,
|
|
|
|
"disable_correlation": false,
|
|
|
|
"object_relation": "hashtag",
|
|
|
|
"timestamp": "1577442392",
|
|
|
|
"to_ids": false,
|
|
|
|
"type": "text",
|
|
|
|
"uuid": "5e05dc58-20a4-42b4-a09b-783502de0b81",
|
|
|
|
"value": "#LuckyMouse"
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"category": "Other",
|
|
|
|
"comment": "",
|
|
|
|
"deleted": false,
|
|
|
|
"disable_correlation": false,
|
|
|
|
"object_relation": "hashtag",
|
|
|
|
"timestamp": "1577442392",
|
|
|
|
"to_ids": false,
|
|
|
|
"type": "text",
|
|
|
|
"uuid": "5e05dc58-4a18-45ae-8c3a-783502de0b81",
|
|
|
|
"value": "#APT27"
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"category": "Other",
|
|
|
|
"comment": "",
|
|
|
|
"deleted": false,
|
|
|
|
"disable_correlation": false,
|
|
|
|
"object_relation": "verified-username",
|
|
|
|
"timestamp": "1577442392",
|
|
|
|
"to_ids": false,
|
|
|
|
"type": "text",
|
|
|
|
"uuid": "5e05dc58-25e8-4910-a5b8-783502de0b81",
|
|
|
|
"value": "Unverified"
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"category": "Other",
|
|
|
|
"comment": "",
|
|
|
|
"deleted": false,
|
|
|
|
"disable_correlation": true,
|
|
|
|
"object_relation": "state",
|
|
|
|
"timestamp": "1577442392",
|
|
|
|
"to_ids": false,
|
|
|
|
"type": "text",
|
|
|
|
"uuid": "5e05dc58-e6a4-451f-9e5a-783502de0b81",
|
|
|
|
"value": "Informative"
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"category": "Other",
|
|
|
|
"comment": "",
|
|
|
|
"deleted": false,
|
|
|
|
"disable_correlation": false,
|
|
|
|
"object_relation": "username",
|
|
|
|
"timestamp": "1577442392",
|
|
|
|
"to_ids": false,
|
|
|
|
"type": "text",
|
|
|
|
"uuid": "5e05dc58-5d50-41f9-b821-783502de0b81",
|
|
|
|
"value": "Vishnyak0v"
|
|
|
|
}
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"comment": "Screenshot of IDA from the tweet",
|
|
|
|
"deleted": false,
|
|
|
|
"description": "File object describing a file with meta-information",
|
|
|
|
"meta-category": "file",
|
|
|
|
"name": "file",
|
|
|
|
"template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215",
|
|
|
|
"template_version": "18",
|
|
|
|
"timestamp": "1577442616",
|
|
|
|
"uuid": "5e05dd38-b9ec-482d-be27-7d2f02de0b81",
|
|
|
|
"Attribute": [
|
|
|
|
{
|
|
|
|
"category": "External analysis",
|
|
|
|
"comment": "",
|
|
|
|
"data": "/9j/4AAQSkZJRgABAQEAYABgAAD/2wBDAAMCAgMCAgMDAwMEAwMEBQgFBQQEBQoHBwYIDAoMDAsKCwsNDhIQDQ4RDgsLEBYQERMUFRUVDA8XGBYUGBIUFRT/2wBDAQMEBAUEBQkFBQkUDQsNFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBT/wgARCAEAArADASIAAhEBAxEB/8QAHAABAAIDAQEBAAAAAAAAAAAAAAUGAwQHAgEI/8QAGgEBAQEBAQEBAAAAAAAAAAAAAAIBAwQFBv/aAAwDAQACEAMQAAAB/VIK7rTMZ9KYO+wnnc57P3aO9cwXmZ9RvP7tuZozzCXiG/PZo+5rx0mEsOtIbennwbTpy+55cseTNvw0l6PVp49/B6GGOl9Fu7IQE/xBGgAAAAAAAAAAAAAAAAAAAAAAAAAAYK7Yozrs0+feWHj2ADW3dkZgAA1t3Zam20aydkYAGjWbwnQADHkAAAAAAAAAAAAAAAAAAAAAAAAAISOtmH1+ytRtydu1U9WOROfydtTtJ82nbtSs1jkMU+I6Fj26nH9C+so69R+ZD6V11ufOJpnUoXfHz6S6S9Pn5JM9CY5r46azeMb/AFh2nj+z1fSVQMvR3DKlub+TxXvDhoAAAAAAAAAAAAAAAAAAAAAAAGlozev3ylal23vVlJj+lNnmOp1nS77Q9Pqujjnfi75O8VerdU0KutSdi1vHkxynpsh4b5Y6bq9Jok3u+6rxY/Hvy4aO7lfUbi6ZLoT7qaQEtLZILhk61BttLd3RGEm18ub7V+XqNkLAAAAAAAAAAAAAAAAAAAA0o2a1PTkTOQ9gvKXdoPT1UfVrfWnxr6uzwVaZt+bnNbguja3G+fzdh28RWtPbvgutaVs07zkO/wBSwfVjnknf88OTdW91/jtZ+dG+25ha7I5uWTt2aD511KL6C48Ob5uhIigStqdKps1MF+OadJy+nrp7hEhlAAAAAAAAAAAAAAAAAAARtWuVL986kvNeOuVjB0io9sjNa3x1q5s3bQ5NORiNTintjShOV7U3qbW5GW2v2DzojzGSvqYInYlzVn4+s812c7sFZZFNz5trfKT5bu7xV7i1oiNtaULIc62lOjPXPRFRxRlzVmzeeiEm4BOgAAAAAAAAAAAAAAAAAAAa9RtUf2mcrdkc6Uy5uuUzHd3oyoY7mxUPFyZlYjrwbXvU+4VWrKc8p2K7PZlT1rqKtguCVDlLQrKTnt5vygdAeW/FVtqoos3Pu2UGVtKlQw3U2l+Lu3Kbcfrz1WrKcgToAAAAAAAAAAAAAAAAAAAGGFsCsK987+2xIT7MTShWLr3m1c8TFmV/7kz6tYKu2KznmZ9UtTr2vCDj+fK2KXuXdoViPjw3dQJDryt6mY23dWa+dGUD5boCle+eXJUsGVdFUs/lZBGgAAAAAAAAAAAAAAAAAAAAAAAYtJG+u97NC1v0XfsFRydYuHmsI2ye6bsWtutSZTdsOSkSjbL4o/QeDBv5uL+eeva/OrHeWJAfOfOQyzpkZqTydgcNkVkDgspsVE2syA9zidqdj2XMEaAAAAAAAAAAAAAAAAAAAAAAABjxacT65ltuuWyNjMUHbWaHqKi/Nxs/umT25M+ZDmq7NI16L3nedKtaXHOoRG3V762bRh7PlRXyv4c8/Q83PZKbuCiRcOlqPYelTanVuY6q57sNu2Tm9xqpdSdCM6K5rP1lrUW6111/lT1vPy6F95zefVu6ovnkvjUpdXf1A9zzuO3yOcmOgOfyldbZjpuzm2z7T7T2Z1DlueWZqU3avqg6McumOZzm7cFFsldJbFSonny6b7otm69JRySQ5celua5VdFcj8c56+5vj7umfOd7cdLjsxet6ust52atVWkRoAAADDmY1Ns3AaAAAAABjyGA0A1dpmBugAAAAAREuTIVQAAAAAAAAAAAAAGDzstYIrWq3fek5eZxfTn2B59eOgaAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB4idqK65ZBy0AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAACDSOj7fobnyKzmnJx+x17ZfevrxEj41M2Zt6OL5fTdzRWTJyaez86dZaG9y3HhCyXnRu8+hJfOfzNHdhNn18N/NpRc1O6vqDrJjNoaFpjb+QPNZI/W3orLOUy3eJsjhQAAAAAAAAAAAAAAAAAAAAAAAGtEyfn05HQk1675G+/fr0Tg3skdO42fcrISW8+Gx0tF715o3Ku+vLtm5j06qeWvWn69dc3/ej4lcB5aAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA0tCUw+mY2f092NpVo3UZVfNm0/LxiNjJK6z0m7Qq9eNl9meUTo2H7LfhZ6M79NaTw7s7W4izZ44V+5R2a+u7BTvm+ujIQE/wBdCNAAAAAAAAAAAAAAAAAAAAAAAAAAA//EAC4QAAIDAAEDAwQCAQMFAAAAAAMEAQIFBgATFBESFRAgUGAWMCMhMTIkJTM1QP/aAAgBAQABBQL6bOoTMG1u+MH5dlN0hKiHXmXvJlOOsNUacPxPUeagZt50ohNk0dMeeWj2W41K86jI1L6LQuo1zk6Be9w3KWGi1tYSOldSzBLP2TWstXo7vj3tctXh3JGggYgtVIxzj/NuoCfq1xzOcHfCTI3Q+rJCIgKUWGoAVeOpURtx9OwTcfQPQqNo0+g5Cy8XWGQDSYnaBQAD6XUFdq1fdX4ZP3J5i6F9hC2pmgDC4CrjNYiQimhIUMJokExi5MZC35k4Bsi41eZyP1Q8EsJUYsXNifWOq3rafsMyFefvOyJWhXAA+tmRU+5Z5d37xkoWv5PZr3M5kQ8zFnVEKb6hKLXuYDaF1e58mbxbnYBaulN1W36/D6WkbymPA/kC7LPkr6jBUWG/lKtXAZFJ2EQ1qZ3qy953U3mTaebDBRVrN+INsE97L6a0M6endNzWsvvK6xi6ItoPl0fYcz13181lpomjmamxYBm+QFXKjEK8mR/w8gxGvKB+TKYYKlbCFajQyHY0lEy/V10WeuO8FozoKpX6qWl7rL1UWveo6VtFq9M6KqROoZFLHWXRbs/01UpV36LIDVhNIKAfyTlL3XqS3YdpI195FgzKRpztVXyZ0clZxbpWzdczuWFj6RGWVJoRWLEfUomiJLkebZtvMJBt2c1tfLwAGhgHJVGbvlG8F1eNGNHDacM5jf8Ak44wNrE/QDsDWG7KxER+nb+rjdEg9PPAzVmdxNSZ2FodjVXl1DTzhCR1VtHqWUtHNhz1U671e8J4ZW83bFqkDRL1rWKV6ecpnpRPrFtFer62qu2zG0nZSNcErW3U4AswNtfoeuIjyrNWxNNDSAq4J0f0s97H6MUKW9vZRXaG4usyNxf8U4DyF7DL4Z1WGllq3ou5hNMafQMZj2NpPaE4CNk+uRZLelRzD0bQbKMJy6xmNwib+1A8hw4tElHeMadYdUeQs70VCldJj3H5HnY2up1TEYEWcRyLr4Pejf49ctKR6VFiaS+zdZ6zNsN8QWE6p55clyiw9A2SD6PLFiWMO4+mMhuy58n/ALY+q7YDPkRqL5YlNlIHaaveB1rcIeGpT7k/xJS0AMGiq0NncVUYraL1c2AJu05AC7iu/RhSeQDGFt5DSGm9nJZLj/i9S3HmQ4CSK6a7s5+lV1aZoCE7Dut13qegSj8kbtCsZ2hDywDjZF9C8eyjliPSP7yDoYf4vSX8tGudqeODG0FJTfzsBNjBs+dXjJgvr8enzK8bY8e3GWbL3zL5SOjPZ0ziZs9TPtSywirEy1/ODCxIWeK3mZ/RU7Xa7LEur59lGcu/+DAg0Y/59g0LAPyOyfGMoxWE33rgP0jyEJyfMqSPN5Gu/nJvhfps60ZKmlvXzwn5P2dlPSY0DL8mKbrD1p2F9tgimNrtFWQ6ryAItH5ZWaZvI19CEtNd+z7tUFy8hvTF0eWSiWNJhl0e8Qmtk7sa5+q6LH8MpPrVvfFn6dtZWlFOQCb0ldhV0zTI01xbpS5TPLJAtTaYbs3vFX0/m4
|
|
|
|
"deleted": false,
|
|
|
|
"disable_correlation": false,
|
|
|
|
"object_relation": "attachment",
|
|
|
|
"timestamp": "1577442617",
|
|
|
|
"to_ids": false,
|
|
|
|
"type": "attachment",
|
|
|
|
"uuid": "5e05dd39-0684-485f-b50a-7d2f02de0b81",
|
|
|
|
"value": "EMx6WdSXUAEgz_A.jpeg"
|
|
|
|
}
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"comment": "Screenshot of IDA from the tweet",
|
|
|
|
"deleted": false,
|
|
|
|
"description": "File object describing a file with meta-information",
|
|
|
|
"meta-category": "file",
|
|
|
|
"name": "file",
|
|
|
|
"template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215",
|
|
|
|
"template_version": "18",
|
|
|
|
"timestamp": "1577442648",
|
|
|
|
"uuid": "5e05dd58-1b74-45da-8f3e-7d3802de0b81",
|
|
|
|
"Attribute": [
|
|
|
|
{
|
|
|
|
"category": "External analysis",
|
|
|
|
"comment": "",
|
|
|
|
"data": "/9j/4AAQSkZJRgABAQEAYABgAAD/2wBDAAMCAgMCAgMDAwMEAwMEBQgFBQQEBQoHBwYIDAoMDAsKCwsNDhIQDQ4RDgsLEBYQERMUFRUVDA8XGBYUGBIUFRT/2wBDAQMEBAUEBQkFBQkUDQsNFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBT/wgARCAHVAvEDASIAAhEBAxEB/8QAHAABAAMBAQEBAQAAAAAAAAAAAAQFBgMHAgEI/8QAGQEBAQEBAQEAAAAAAAAAAAAAAAECAwQF/9oADAMBAAIQAxAAAAH+qae4rOvXjZVED1e7RRYseS06U3zrV4qPzObKTQ/GtW3eFnrrYxqjpJNnUUXe7NY/nLj1+c1bZzDlQKz1/L1fTL/kar8z3HNuvzM9fRnV1tR1zdPI89sM26mwa/y3W96C/wDIDGgAAAAAAAAAAAAAAAAAAAAAAAAAAAHHtF0iRZtN6c/kj4+fXO33SW1SqyN96zd08WUXlJ8R3S7jQujnqJWU1fy+mD0Of795Kt8faRPvMZruaSOGgAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAEeRH0qLaLM75q7uku+NynLrx+vm6gfPxxtBLm2fr5V8HQ1XLcC2PPZnf86fO1w42VTtj7f9l/Xx16fFhyZzeZrtiwucn87yrndr7DCbem5ya6ivXx95+LZfXLjRTZH7nETTZbU9emf0NDftQq2/iLl5fb45efvI4dd9IPbn9Yz93NNP6dKdYfOOfx0nwtdK/r8Scc5cC5revSP3++ecw/2T8YlfN/P2SLO/frb5+fqRdftZdxlqJv53ziv1VFYb6TYRrdX9TaH0tgOOwAAAAAAFPcQ+sqMprOX1c6LzHZW3neW2Gv+vdjDcN/ztobvp2+Vr9j2HbxbqY1vx9E+bH5qNTR1VrG5Wi+bis7rWdT3HngY0AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAhTY+lN9Svz2YtsTsevl1Cz+ridvdnpV7W9u1R86Vd13G3/OfGLn9lB1vP8A3pIs4+X+vx4/LwcMt6RUZthUzP2yFwvo3j50/wAWcjnnHfOy+c4oNJJq/V1uKK9qe/SqhbaD4OOc+tJ9GNvrDtuZSXbc+bO9NRxsyMrURWaWXby3TDdtPNzMly0P5vGXm7Lld+Zd9/145yv3f/HZztqe47+nxj1+PH9DhlvSKjNsKSxamTgbn8+hmw8X9LvOd8xsdVx75y+e9W+q+LKnuPi7wky0/O972tdY8IGNAAAAAAAMlrY+r5p6dzk9eWV1MGfjeeh613lJA1Vfzs37OAFAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAZPWcNu37G4NWCvsJQzgoLPcmKrmXKhVfOHziyRAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAADMaer9Hqg1WwrvT68VZaP77ejIUnpvTzfEw83R2GOfmlV6t9dLl6fZ2nKcph5gTQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAqKt83e9+vWi+rtrrR12ta3mOGua1jLy3cvDS/VwZxdrfsg5UAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAABTXNDqzbHz+/7c9CxO25aDFAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAVNtm9vnnoZO85/QHOhmgAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAKi3VFlKjct2V1On6xV5etyw8jv7tgqajlx1qgrda2LJTpL9neBqWV+eXi1inuOcCUAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAABEl+e9Zq7fzz0Ozn+5i9mvjpRWXo326ZqPm639meSYvpkzweH6+Xvvfxn1jzI/3Ua3nKe4OQJQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAFdY5LpNaOdgTyggAAACvsCggAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAABX2Ch5/6M7SX5DqPdNjSvPz0btiLi5v+NHSW+g/uNuPm71LLQ+F2vHP/AEmkjs4urY/6NdAlcjj1zv16sye91kPn8dg8x9Btmxc3FzNw8ouZnfVmMlxu3LA9evobzqxxz2imy+t7mR55uiHa5arxjevNpNbT9zN7rdpRZ7eWQbDJc/X22I4UAAAAAAAAAAAAAAAAAAABTXOQ6TXvz951CmtKu0LAxQOboAAAAAOXUAAAAAAAAAAAAAOXUAAAAAAAAAAAAAAAAAAAAAFLdYfqs59Xx6ZtbLIbDFxWmoNtvNLdZvSctQ4fbl3k2ptqnjbSrtKOocS3qe8/dFnraS0kR/nz6tBzoAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAADL6jM9ZphyoAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAADL6in9OcpoOXX6E+MH6dFszV32+8yDnNl9201n+d/nb6QLTp57F42H0nakv4CwFh9kiquhmZX7++rMak30H5/HMauDa25mTymYzSzLDqfVbac+moOgp7i6yfS4488QbR31vNfNzx58uVZeKtc3d8d9a2HqaztZNlntDrQY0AAAAAAAAAAAAAAAAAAAAAyGvpukuP2DOwCUAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB5Z6nXdpj+XozU8s9TM0ONAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAZLW1/SWA50hy9P1xpdzQKXtVoq+JdK/95p4zRxOxHJABAJ6v61LZy4xzlo8Jq1fn7rQBE/ZmUiR4syHbMI6yET9ZlGdk0Sss7SJLUor2QfGtfaukakkZoAAAAAAAAAAAAAAAAAAApqufP8A0B6M+QajbwvdKzz/ANMtMvNLjZsTE0nqJfPrjSvHrNQ9q43M/WkJHzmrLj/rXDlylDJfWm6+nNLVa94cYOL6M54857egN4x/XS9HTP1G5S+fXGpaz579egMyiy/oqbw3LfN4+cB6Cu8PP1LKszu1W1cPQO+vzOaRvVDj/Seu0OYcIE0AAAAAAAAAAAAAAAAAKirfIajvufn6c6AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAprmn6de9jmrHt0tFXV5uoUH6t8oJMzbM9+a3olHGTSqSPGjZSbrV8y63UMxKxzvWI/e3i2zL883WM9zy0rEcO03zK12bu2Vl87fslLy0SDO4AlAAAAAAAAAAAAAAAAAAAAAAAAAAAAR5ETV4QetZ7O9x+5Sb6M2/1npNt9Fq4KaSRnq6thXfNNOmm/aaMxo49xK8W4ry7WXz28nzjbt/Mb8098+bkaBm5z40wyMvRqynXTDEzdS0pYOoee09wYBmgAAAAAAAAAAAAAAAAAAAAAAAAAAAOXWFp+18eN7c3XC1x3NZWM/B9l/8AmX1vefP3jKn049GjUfXlu864HpvGt1ceR8TpR89AmqmFoyZPRyQGKAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA+PsRfyW3Axfistm5TQ/x3W6jcVtAg+W/Qnssjyuy93P1H78+ovNv2Nz8r8c9YeQw/e9qYHF4e5Mhr/l6DloAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAACujW1Vjncwcf358dHaYiil9UjZq86bndKKfrVbYz8Rqbd5rx83H1DhmY2ul5defSNY3LzH0l0h8qDhwxufvzvb+qzWL++d2PPFVmM+mPK9rtYzMpAjeMzN31uYfnsjz8vQ/vA0fXHrTL096egIGKut50xnHnnbd/KL3fPdMfBdN9A+aSdNL3wW06YkxMPacs33TPdV0vTNVNu7j+fdpz9DPOt9vRXm9fz4+qcMLPt2zy+wPQOEWD0737zTZTlcsBFxn0XhlI81vufnPa43kjIaDr1noS9P2FafEnTp5xu/TqYONAAAAAAcSOv6WAoAAAFNcmchrQCESTRaAAAAAAAAAAjk
|
|
|
|
"deleted": false,
|
|
|
|
"disable_correlation": false,
|
|
|
|
"object_relation": "attachment",
|
|
|
|
"timestamp": "1577442648",
|
|
|
|
"to_ids": false,
|
|
|
|
"type": "attachment",
|
|
|
|
"uuid": "5e05dd58-a590-4321-ad0d-7d3802de0b81",
|
|
|
|
"value": "EMx6WdRXYAAAazi.jpeg"
|
|
|
|
}
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"comment": "Screenshot of IDA from the tweet",
|
|
|
|
"deleted": false,
|
|
|
|
"description": "File object describing a file with meta-information",
|
|
|
|
"meta-category": "file",
|
|
|
|
"name": "file",
|
|
|
|
"template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215",
|
|
|
|
"template_version": "18",
|
|
|
|
"timestamp": "1577442672",
|
|
|
|
"uuid": "5e05dd70-9208-40c5-b67c-4c5702de0b81",
|
|
|
|
"Attribute": [
|
|
|
|
{
|
|
|
|
"category": "External analysis",
|
|
|
|
"comment": "",
|
|
|
|
"data": "/9j/4AAQSkZJRgABAQEAYABgAAD/2wBDAAMCAgMCAgMDAwMEAwMEBQgFBQQEBQoHBwYIDAoMDAsKCwsNDhIQDQ4RDgsLEBYQERMUFRUVDA8XGBYUGBIUFRT/2wBDAQMEBAUEBQkFBQkUDQsNFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBT/wgARCAEjAakDASIAAhEBAxEB/8QAHAABAAMBAQEBAQAAAAAAAAAAAAQFBgMCBwEI/8QAGQEBAQEBAQEAAAAAAAAAAAAAAAECAwQF/9oADAMBAAIQAxAAAAH+qTGd5s4Xzv8APpY+pVFn8o82tx7x3b3c9jyyldb9Lra7I/N19ero7Ntu2S03K94uesOsu2f0HltfJyfXd1EXPeU1dVB1dxA/YfLyZ/bDrUdroIE/K76aplufO6zjnayt4xPI2UnHbEj9Mn3luIHL577MfZImck7l3Nobfz6jz4M7mHz/ALz6A+X/AFDR491vn1z7Vfv2YaH8xfC6yDNwudfQvUSXyzz6E0AAABz6A5dQAAA59AA4dxz6AABy6gAArbJpmruU6QONce1ftFuqyy3mltaq7xrL3VbI6ZuBw0AAAAAAAAAAAAAAAAAAAAAAjSYe1RN6ePVi1pbql8uudHp6Ps1fSNJ88CaAAAAAAAAAAAAAAAAAAAAAQpsfam6W/H0Zl4vavPcxTbWg7NN0jSfPAmgAAAAAAAAAAAAAAAAAAAAFbZc9sv3vXrx3xe1eTUHF72Duze3HtyyE0AAAAAAAAAAAAAAAAAAAAAqrVtmI2k9+zEjF7V49VmJ+iVnSzpXj3xyE0AAAAAAAAAAAAAAAAAAAAAqrVtScNFC75mYva1HO1OX3EP1S9mZ7vxl0r63hrRPyDE9HkQR6rMvRdCLJKRJYFp5o85vlDe6foaAAAAAAAAAAAYzZw/TPnX5sIv2eeo+UW91ytBH2/bEw/H6Fxtosj9HuvBcw08aXM6iovObMaf0lxXHc8/Dwy37rm786lbtmQMtuG9ZbppUtfgfpPX19A40AAAAAAAAAABn9Bx6zH0+1ufo4z/nvd+Tp8/vvc64rudj1zaHW1Fn59Y/RcPzczO2rvBfuFZyXSkznZvkSoNEqLfmDNAAAAAAAAAAAAAAV9hmOkm3GD3fSU93QXPPWWuJEPpPcS0i83ewpbzFy1hlt30lTGmXXOx5BJlKX6K7qrvOZZLWkBzoAAAAAAAAAAAAACivVVFuq9yJf5a/6OHuh0NkqtjRNJl1X2PnuV0fcU1yQGaAAAAAAAAAAAAAAAAAAK3Syj53U9c8+uJ22K5Yy2W58Z+RJ70P5TRdMNbd/To2Q89PTsXzzSVfqPjx46Jh5vbvq2Z8456hipc5apn+U8mlcM9x1qFXS4a5jhsWUGrV9UaVRZ6XfMla6zcMb7l17I8jZsdhfVPtbNek0bDXvO3g41z6VW5NkYvZdp6YnYcrXTM/G9edT2xm48ug5WnsuzVhfsxd8YtgPEWakhdJK2s92DWosS1Y5c+MpJXebNZCk9GbG4WAi+JorJcgQusgQOVoI/rsOceYKnxctzj4koqfNwoMUVW0mXS3W5+sTsMvXmhsOs6z8Zq+d8yvn+/j9YCz20XTG0O59WHl0AAAAAAAAAAAAAAAAAAKraR+00n1YvH5i/LraxudZ0XnT5/8AQJA46ARpIAAAAAAAAAAAAAAAAAAAcO8Pc/fdN39EtYUKQSJ9bD5W+51f6e+/mP0k+RltTwoYoAAAAAAAAAAAAAAAAAADj2r9oPXrG9mL2luqXx6tOPWDtHm+K7pNIPLoAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAD/8QALBAAAgMAAQMEAgEEAgMAAAAAAwQBAgUABhMUEBESUBUxIBYhJEAiMCMzYP/aAAgBAQABBQL1A3Rg3Pyynk16gRssZpJzPPsKrrMbyK3DOjCwvuCY0b2+FfyQPYRYNX08off9FnRucAXviIaopO8NdmjFLmHriI8FuDrQ4OVI2QWTSbq8rwzowMek8AXvi9GD1XpwZe5chIENx4aSertDyh0vBKEdEMg3BlLxN8GgP+XUyHnB1EtG6reMY2kSLSO3TOnxbHIaws/VIGaa6Oc9hsW4sLwd1LL01d9NUgy1Wm6zL18XKASSg2EzNXN3fNBreRs8wYr/AE8BK5U7Zf8AibntZT5MKbHBUstpLL/AgFhK02tb8Qtz/wBPU9AMeQpmSrxJWQLkoSucnniPQmYYlWECXa5VYnwnJrytwZuToYWgxkLLukUMobyqr3q8cNWQhSCuX06jzyNNN4Zj9Q+nzr8z6Qw8K6MJqdO5QycYP4wVNQDWZW0Wry46E/6qjpW/p26dz+dx0J/AwBsUGOoqfxuOhY/k5mKaPP6Zx+LKBSD6ur3NxrNvaTZd7EmPeMnpRXHcZsaoRgczOlVPn4v10lrBWNHtU5TcziNGkkCz9Rk7iTodFT69xXyqMK2MKI9opjgo1xNO2TnY9HB5n192KjMXU95ZOYJeKa4HTbehbNSy+oSMJjt86fXNK1bGdKprfj/8n98UxM5A2lnC1VDYxg5qwrAX+uMz2CskLdZq5gGmfaMnqtXYc6i0LZ2bkab91hzNqfXHXGzSwaWJZUdy+jSonQM4ArZSwKqr/XNNeKQ5j2sb5hZn+0ZO61oOOhGdbL7quGG3zD9dcdSQVcR58YXe9CioceghXQSCGi4frnWLKWbWqcbnchuf1ktbBXNOil0c9OmV06qSDLfXlcXBbyRQT0KWgBz4e6lWsUr9c7YobFESQM3rdqf1kq7AnOpwmNlpiuDLSJUyf2AG6MG5+WU8kG0qyI+nmupW30aru7CmeUzowsL7gmNGZ9oh4MjCejFeeRTyDa4gu+pmKguyx4wvW0+1Y2KfjrbIaJRPvH+z1Mh5wdRLRuq3jGNpEi0jt0zp8z0GRntlNwkVV8fT2xmOPMLC8HdSy9NXfhAtxUWJajDU4eYAklA7LC2tWfeokL02s1aSWwlSIj0BGeUPmFjI08q2nzuGqwNVvzMvJEiDF79I0GRJpNxGf0n/ALJWqhO/tURNbqMVWRBw4lfek10tKWgoveYsZ2orE0hDAZqn5L0YN44U9kLK9bRavpasXqINFx/9Fx0LH+1prtXOZHR7teliCdFlVHufjiey2FemMuT8lmlz7yMuSUgHolrXmPeMnpRXHc0vL8GQM5/Tynz8X6eS1grGnQQ+U3M4jXM/S8tTzwwO2otWsvhjk6VIeLftiNqDCIj5VgxqULUmnf4gNDACvEo8N68a2F1AbQvc3976lxDPphTT+gcV8qjOUI9a1+NaY4KNczEiRkXVOSA5/bvfKtICLX8u0fKtMKPh4ZyjLlQdmcIRJXHYQOXVvobWV0nbN0F0pXFUFgLaCzq+d9B1A6VJPqHSdC5SPagGitaxi9kUn70gKyYaJSHWf0YzZLsriY5hbrWk+elyBx3raCH1Gvlfl1/x0XJwCpVdbgUqgDdOllf1xnPE4c2HnMMzHvGd08LOMe9xhyEbZ6H1V3fhemrUui0xVRbF6jX3LnP2JMeSKmu0vFzmhz66y47GsKtiehRVMOVhzUyg2JNk+RtfWNNeKRvv1pE+8B3WiavMlmR4LVWIm2mfxxuMtxH6GiSj1LSk6gseiypyizK6bBxKCKwEsTG0uZs5lmmSFFZucBlcosXVEMma8+5Rwr961U929quiSaZjE2MA42RbtpvWP+L96nK8F616GH2F17kMyG0UVQoUajlCm0CgidSjRaRnzIyanv492exy0+TnaDHjkJoT2yljN3+lS3XeNoXKCsjhfWDdfp5tsg7+tx1JF1hFJ6pZ8JDEoAEXTASKipT1UzoXuQIzCCiuvFkwXigaD4TPVKatIpwCS6s0SXHJ1hNUtmJ2HfOVLWyobTCPw0ajrSTA7g85AOWloIxoLFTCzytK054wYmmeqPhFQl5ZJewpWIGBDtEWSXubxxe1VKLj8YpuUXEKOyPnbrEwmCKiQ+GgvjZ6heyOKVWFQeih+RE5lj
|
|
|
|
"deleted": false,
|
|
|
|
"disable_correlation": false,
|
|
|
|
"object_relation": "attachment",
|
|
|
|
"timestamp": "1577442672",
|
|
|
|
"to_ids": false,
|
|
|
|
"type": "attachment",
|
|
|
|
"uuid": "5e05dd70-3670-47cb-bfc8-4d6502de0b81",
|
|
|
|
"value": "EMx6WdXWoAA5Vuc.jpeg"
|
|
|
|
}
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"comment": "Detection files containing IoCs",
|
|
|
|
"deleted": false,
|
|
|
|
"description": "File object describing a file with meta-information",
|
|
|
|
"meta-category": "file",
|
|
|
|
"name": "file",
|
|
|
|
"template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215",
|
|
|
|
"template_version": "17",
|
|
|
|
"timestamp": "1577442853",
|
|
|
|
"uuid": "a205acac-b463-4e5a-8362-6cf764f34d83",
|
|
|
|
"ObjectReference": [
|
|
|
|
{
|
|
|
|
"comment": "",
|
|
|
|
"object_uuid": "a205acac-b463-4e5a-8362-6cf764f34d83",
|
|
|
|
"referenced_uuid": "e70083a4-bcfb-4e83-99ed-1cd8d96c271a",
|
|
|
|
"relationship_type": "analysed-with",
|
|
|
|
"timestamp": "1577442736",
|
|
|
|
"uuid": "5e05ddb0-7d5c-4b9a-910e-784002de0b81"
|
|
|
|
}
|
|
|
|
],
|
|
|
|
"Attribute": [
|
|
|
|
{
|
|
|
|
"category": "Payload delivery",
|
|
|
|
"comment": "",
|
|
|
|
"deleted": false,
|
|
|
|
"disable_correlation": false,
|
|
|
|
"object_relation": "md5",
|
|
|
|
"timestamp": "1577442853",
|
|
|
|
"to_ids": false,
|
|
|
|
"type": "md5",
|
|
|
|
"uuid": "7ec08d01-b53e-42c1-8d2d-0066c80d0d13",
|
|
|
|
"value": "86c9e95dcf69f6eca2a176407dcb99ff"
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"category": "Payload delivery",
|
|
|
|
"comment": "",
|
|
|
|
"deleted": false,
|
|
|
|
"disable_correlation": false,
|
|
|
|
"object_relation": "sha1",
|
|
|
|
"timestamp": "1577442853",
|
|
|
|
"to_ids": false,
|
|
|
|
"type": "sha1",
|
|
|
|
"uuid": "79a4addc-a5ed-45e3-a5c4-03650df8d978",
|
|
|
|
"value": "5933884f3ed5d98c0bf0158d262d9f3142c4d052"
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"category": "Payload delivery",
|
|
|
|
"comment": "",
|
|
|
|
"deleted": false,
|
|
|
|
"disable_correlation": false,
|
|
|
|
"object_relation": "sha256",
|
|
|
|
"timestamp": "1577442853",
|
|
|
|
"to_ids": false,
|
|
|
|
"type": "sha256",
|
|
|
|
"uuid": "9fa5f53b-eb28-477b-9fed-fd6aebbd2278",
|
|
|
|
"value": "caa63ee08af3716c6dc7495a448daa923ac8e8992f6cab3b7ec3f3e6e087bb02"
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"category": "Other",
|
|
|
|
"comment": "",
|
|
|
|
"deleted": false,
|
|
|
|
"disable_correlation": true,
|
|
|
|
"object_relation": "state",
|
|
|
|
"timestamp": "1577442854",
|
|
|
|
"to_ids": false,
|
|
|
|
"type": "text",
|
|
|
|
"uuid": "5e05de26-93ac-4af0-be47-4e5902de0b81",
|
|
|
|
"value": "Harmless"
|
|
|
|
}
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"comment": "",
|
|
|
|
"deleted": false,
|
|
|
|
"description": "VirusTotal report",
|
|
|
|
"meta-category": "misc",
|
|
|
|
"name": "virustotal-report",
|
|
|
|
"template_uuid": "d7dd0154-e04f-4c34-a2fb-79f3a3a52aa4",
|
|
|
|
"template_version": "2",
|
|
|
|
"timestamp": "1577442736",
|
|
|
|
"uuid": "e70083a4-bcfb-4e83-99ed-1cd8d96c271a",
|
|
|
|
"Attribute": [
|
|
|
|
{
|
|
|
|
"category": "Other",
|
|
|
|
"comment": "",
|
|
|
|
"deleted": false,
|
|
|
|
"disable_correlation": false,
|
|
|
|
"object_relation": "last-submission",
|
|
|
|
"timestamp": "1577442729",
|
|
|
|
"to_ids": false,
|
|
|
|
"type": "datetime",
|
|
|
|
"uuid": "6edbd36a-1f7e-43af-ab42-663c45666546",
|
|
|
|
"value": "2019-12-24T18:47:46"
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"category": "Payload delivery",
|
|
|
|
"comment": "",
|
|
|
|
"deleted": false,
|
|
|
|
"disable_correlation": false,
|
|
|
|
"object_relation": "permalink",
|
|
|
|
"timestamp": "1577442729",
|
|
|
|
"to_ids": false,
|
|
|
|
"type": "link",
|
|
|
|
"uuid": "bc334003-d71c-46af-b865-5ee28c66e97b",
|
|
|
|
"value": "https://www.virustotal.com/file/caa63ee08af3716c6dc7495a448daa923ac8e8992f6cab3b7ec3f3e6e087bb02/analysis/1577213266/"
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"category": "Payload delivery",
|
|
|
|
"comment": "",
|
|
|
|
"deleted": false,
|
|
|
|
"disable_correlation": true,
|
|
|
|
"object_relation": "detection-ratio",
|
|
|
|
"timestamp": "1577442729",
|
|
|
|
"to_ids": false,
|
|
|
|
"type": "text",
|
|
|
|
"uuid": "98a2f33e-c7ef-4d0b-a993-a5973224115b",
|
|
|
|
"value": "10/70"
|
|
|
|
}
|
|
|
|
]
|
|
|
|
}
|
|
|
|
]
|
|
|
|
}
|
|
|
|
}
|