2023-04-21 13:25:09 +00:00
|
|
|
{
|
|
|
|
"Event": {
|
|
|
|
"analysis": "1",
|
|
|
|
"date": "2020-02-14",
|
|
|
|
"extends_uuid": "",
|
|
|
|
"info": "XMRig & Masscan",
|
|
|
|
"publish_timestamp": "1581721636",
|
|
|
|
"published": true,
|
|
|
|
"threat_level_id": "3",
|
|
|
|
"timestamp": "1581721614",
|
|
|
|
"uuid": "5e47247f-bca8-473d-871d-447a950d210f",
|
|
|
|
"Orgc": {
|
|
|
|
"name": "wilbursecurity.com",
|
|
|
|
"uuid": "5e16d2bc-5c68-4ef1-bc80-47f5950d210f"
|
|
|
|
},
|
|
|
|
"Tag": [
|
|
|
|
{
|
|
|
|
"colour": "#33FF00",
|
2023-05-19 09:05:37 +00:00
|
|
|
"local": "0",
|
|
|
|
"name": "tlp:green",
|
|
|
|
"relationship_type": ""
|
2023-04-21 13:25:09 +00:00
|
|
|
},
|
|
|
|
{
|
|
|
|
"colour": "#a0a300",
|
2023-05-19 09:05:37 +00:00
|
|
|
"local": "0",
|
|
|
|
"name": "dnc:malware-type=\"CoinMiner\"",
|
|
|
|
"relationship_type": ""
|
2023-04-21 13:25:09 +00:00
|
|
|
}
|
|
|
|
],
|
|
|
|
"Attribute": [
|
|
|
|
{
|
|
|
|
"category": "Network activity",
|
|
|
|
"comment": "RDP login from this IP",
|
|
|
|
"deleted": false,
|
|
|
|
"disable_correlation": false,
|
|
|
|
"timestamp": "1581721504",
|
|
|
|
"to_ids": false,
|
|
|
|
"type": "ip-src",
|
|
|
|
"uuid": "5e4727a0-6578-4085-b8ac-4d46950d210f",
|
|
|
|
"value": "5.121.144.182"
|
|
|
|
}
|
|
|
|
],
|
|
|
|
"Object": [
|
|
|
|
{
|
|
|
|
"comment": "Masscan GUI",
|
|
|
|
"deleted": false,
|
|
|
|
"description": "File object describing a file with meta-information",
|
|
|
|
"meta-category": "file",
|
|
|
|
"name": "file",
|
|
|
|
"template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215",
|
|
|
|
"template_version": "19",
|
|
|
|
"timestamp": "1581720746",
|
|
|
|
"uuid": "5e4724aa-920c-422a-b4e7-4cdf950d210f",
|
|
|
|
"Attribute": [
|
|
|
|
{
|
|
|
|
"category": "Artifacts dropped",
|
|
|
|
"comment": "",
|
|
|
|
"data": "UEsDBBQACQAIAI22TlDaO7bZxmcAAAC4AgAgABwAOWY1NDRlMmY4NWQzNDFlN2M0MTQxNzQ0NzNmZDkwNTFVVAkAA6okR16qJEdedXgLAAEEIQAAAAQhAAAAGZUk9PNtLi1Arrr8sNiqR5QmfOKt+WmYheJ2WpBgnWuo3aAAjCcqOvSzTUb5SIZfFBiVRNGipgI7TVxPyrTLS4WTUzMOCtCOHvQHxuCaac6AZe4ZPLVDIE+W7Ge3SV2KH9aK0ylFMyVvXZ6Y9Aa/IXJFEqSl+Cqo3bjxJRzrI02r7RsEUCxX7+8e0F8mfCp8H1ZSRyvb0VMwt8OUirry665A9Y/O1W5AXChafwkTElT6ykwD2IWq+e6jmbaB526Jz+OSODHflQ6iLIPWhbjcrSmY2owfk82D7SkuEeFr6t8VJH5bw79T+MBzsECn0o6hls1KujB8PisI8UmIhS7OmjQtmYPlHWrALcTxYu+dFta3Oh/W5ccIfgioe1W0cJBfh45eOyHc0d3PgnGio2gEb9pNiLp4tllG+b2j+GilG3m0NDBkp/FIKR30pw4G8jE+V7pahn7vPkPy/Rl2Q0ass30oWQ6JtfiJGkf3q107ivsYYAo3WaylQZrb+eOHRm9mAjWEUzJq1x8GCz3pZMgdON5oFSZrdS4edG4UOQBXF+UC+EEhfbMrO9CyWds8nIz8/HNAjOvu2B7Nh2EDPRxRHHb/g3WuXc0m2NCJQh3RbCEbRJb6C2JBHXIZgpKedWbng659JjvQlZdGEgTXMHeKrUZo9RggikObBrQntWmG1Rp7HQJsnS81XuDIXE1pzzn+D4OwbiQpFwlZu91OIOgx0oQ+WWPDpz5IMiF2uydbV8OLOrugpFuJMAnk1lD5O0XVrGN89ESqkTFgxAnAV64gXCQMg1snGyEddVJUZCn7s0VIjjbgzUbq9yB4DeHiwgAMzhSZcR58EOeCCSwcnT9x25YFBQc+0USRnbkk2AK2zGIEAT/V10L3Gc50wotrdu6QZL5FyKOaDWITU8rWYe/qwwOfS9+KCOdD8/IEH2I7K9AiBs1DaNnf89lDwaiejNwJE9Q7LcC2htDShLbiDz/ak2VFl2KI+BjmoPbvUzIrlro7h7mHs4WAN08D+0ns8aRSHWuZCNv+m4f9c7w2e3WdAkM91op93wBEPC+WpZqMiTbsgCByhkiqpU5vf3ABe1of8Ghls1Pllq/AuURGBSte53heM9lMcBVU/q3YBefUhR8MEmzUBNuYo9dPwXseoMU8WbT5Vi52L62uRD445a6l7s3Ogh3exGyfowX8P7iBEeptRC5xuP2yjrnStmJLECDym9p9cBwXpU4vFynMQa7oMCEiAuX9YKlVRol1WZ4Wq8GC0W7GaTyOMY9rAeiWGfzE07Q2WWb0BKuyv9y8VMdCrQK1SnWG8LSiVJSU4NwOw71mIxQSfKJarwrNX5ywSYQyEc4TSkmUdQyKcd5xTcW6JDHtIvEjR16FDV49vJBAuyc+oKi3olhZ5BZJ/w/I12OrmUZL5QM4eFTezgOyvNpbNHKFc5fzb0aQ90OTCFvYtNbNtToMKvCxgCNq7kMxicBvEAW4enUwVqCpOHofVSK8Sm/qU75nc3nqL9KtBeKHfr1bM91cTBfoKbKx5zJ2zsGb7EZ7n7MlqwnNegZgV0KAXCNiBrmydtDorGgkYWSbzvwgD+wygHKH30ITRh9cAJGeCMExIMJhudmwTkPFHWJ+CbhzSqWgp4uT2s6+Vlwcg8ijwDPI2fQU1H97pw19WRAtmyiO09eT4F0AqpNiWfsf8e+cJuDM/+/06kvhMfsX7JD3AYp+0sdK+NozQOAHyPAdrlMqNTrzViOfCkY1B31y8bzxVA/4yLEqh1d9/tl9ygvokbvk9TwYvHJVQ2lD/6yrbVEGZuxd4yrcrMe7Pu+OA3d6ibw5oNlnRfIllJ/qNaMdlUnSE2MYsqnhz54FhIygflpmgB2SL1eQvmvbut3bes48sw+jE11CFKH/Ip/Xd8Sso8x9wXaJyJUFwnjHOCi5CyCBSKXLFbiScjLi6eCLr3WHDSZI/bb4FWUcXVQco1KBvWfQU2qnEWVY4A2An0oI4Ur3YqrFp5saKB1/qsMavTPzlEBjl8CKyFQ24KH0x6i/uxsQk89BrGliv6z3UM54DMG7grvs3NqhtZ16GILOhUsDoLX2i3/OHPGSOc+UR+NKcVWUix6pUPWo18mpF6xfDSOeFtMCfJLjlNb/lrHb5oWPTxK8a+0ZNtXQIPF3rZPaEbgt24sukJinQKPOmtLmFggqKpYar1fPTACrUWEF/PjRRjTFLl//eoB6rWETNJClwHze3XbMjTbbnj/brN6tAIcMQnQmxswlDYI1EKfn9QOEQefzsElpa9w+PMg5CyX/6rWPP/lFt/11kPkDpHxl1rvwAJiwvtaIwi1o6rp9RkQK59W6EQ6siqCn0lnYjwFd+wl4A2YV+31+6nr/8PjL+2rvFYfa5YGSevxfrLWYCmnB1r8LyELFIeEisM69wDvdngCSnKtvXKBWpH7IWqZUAX45hUnOOZQ9oB9STKZigg+H3apT9Ck4jcxOKRfGRB/27jX+3vU+CnvgP8OmAp/Y+NfM9/+wPg2xhlT2EPy3g6Mn3VKf6+NPq2xomYUaYJ5nUACaiUgCo+S/ewpgB49flieCpm71+X3wO/G/lU0dEONUhjn1SfWLtFD1rATnhAhHQCLCydEhcN0ms3Dm7i5Le1bFBQd2WW4rXEPog1A8HpQKhdiNbsw0s4ll2AaBw4gIA73d7iiJe4wld4q62iiPNsBYf3/QtRO5uUzxZox14KuhEZxnLelnYKWRzwiDenPRRimpV6KAZP5ashcQUZCA5NxjnRIzmhAgTndAdBfqsO6SgQ8ib7r9hFMMzN2+My9fLk7zx3xXBfkE3YgmDZrCvV/FHeptvqEwmkNBsM+ZCEHDEKGsDAOkfyRxxeErfFPFS+hj9o/1Saay1az3hwNnRHvK/bgSKgBu/+hEI29DTjss1gWnJ1nPXjulwf2LlMFg0++JUBU4X/6t/S+VOPyMmYjh7b7uCQvNem8X45zrU1xKuQreLGSXkoqz0z/fQsXuuM7nE6DRfK1Z/j3E52u8LsoQph8YKa3S94zFUcfZti1z/YFeYPTbczFfOgo7RvA6YxvULO6Wc7IQXZwH9gNKeBjVugCb+LaJhwOU0sviNHrJMDhJE97B18Dgbn79Zd99Zm44SWDeKwJwa08ZcM7txKpxI+3ZGv5LuVLvKzyMMDObf+pgK+BCzJsuyUeQ2ZoJiHb/4nn8Wc4n+CCi+LW5Z9fu2Xy1diRkyUku03b2H8/CNTuvYPrPsMfHqOjUInGTnTxrCif+MJ3m6aKulhLZmnuF5syCWSE2j4nWuFYZUmQkYLGhwyEb42fztzt/KjXjhFKxwq8lks6NqZ73hwwQ2e9m7hxz0gYo117tDmGR/4hB2uym4M3tvGYPsDh39yroNdgXBrTCOFdytY1boSd9oOKFVl7A1BzGjOLymp1sccA5eG5C6o86gTVekSjxvdOXG/zetNJAZfmGqw7NTjFK5AX8HZZPdp7GHdPgJSGqVkja9w+2lXx5emfxryWNILECaDDvfeU7Eg4mwxqn0QRzzdXw6cZhl2Q495bulvZsSUtbMWtvGrMlBST8dyKQjN48QYgU2FR1njmorO/fTOD/idld+/jsq+nXZ8DMnOrkq0+OSH3NmQtHopuUXNPGy0MPSkPoqI9gsvNwcjeE/+RPkkcsTjPY+MqI3xx5VpO6krwQniVNR4bTewFpLIzkMUmw4s5Y4dkLQ4zelq7Gp7etvhRK44QAi9YlhD/pCVJxJn6EDK8rON9keD8l1Epx0L2nXwjNBaiQmaf8KxRmVHAdy6JboPLD4xT/25JetpT15Whalp07ihbnFEKHljTUoHMUTB1vHae19R8XKAyxrCEmAcXfYxIVRUd+As1s4jtNwMHXwEc8Ym4NXjjXMgu/HNW7EKz8TFX57vj7InN9p8nZAUbWxD935KTNrxYYmKQsiphCBVpND5hjOUR1my4ullQMfMkhNb
|
|
|
|
"deleted": false,
|
|
|
|
"disable_correlation": false,
|
|
|
|
"object_relation": "malware-sample",
|
|
|
|
"timestamp": "1581720750",
|
|
|
|
"to_ids": true,
|
|
|
|
"type": "malware-sample",
|
|
|
|
"uuid": "5e4724ae-0264-4c62-a219-4618950d210f",
|
|
|
|
"value": "vint.exe|9f544e2f85d341e7c414174473fd9051"
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"category": "Artifacts dropped",
|
|
|
|
"comment": "",
|
|
|
|
"deleted": false,
|
|
|
|
"disable_correlation": false,
|
|
|
|
"object_relation": "filename",
|
|
|
|
"timestamp": "1581720756",
|
|
|
|
"to_ids": false,
|
|
|
|
"type": "filename",
|
|
|
|
"uuid": "5e4724b4-f83c-4c96-b87b-409c950d210f",
|
|
|
|
"value": "vint.exe"
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"category": "Artifacts dropped",
|
|
|
|
"comment": "",
|
|
|
|
"deleted": false,
|
|
|
|
"disable_correlation": false,
|
|
|
|
"object_relation": "md5",
|
|
|
|
"timestamp": "1581720756",
|
|
|
|
"to_ids": true,
|
|
|
|
"type": "md5",
|
|
|
|
"uuid": "5e4724b4-14d0-4d77-ae37-463b950d210f",
|
|
|
|
"value": "9f544e2f85d341e7c414174473fd9051"
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"category": "Artifacts dropped",
|
|
|
|
"comment": "",
|
|
|
|
"deleted": false,
|
|
|
|
"disable_correlation": false,
|
|
|
|
"object_relation": "sha1",
|
|
|
|
"timestamp": "1581720756",
|
|
|
|
"to_ids": true,
|
|
|
|
"type": "sha1",
|
|
|
|
"uuid": "5e4724b4-6fd8-4b05-b5e7-4ef8950d210f",
|
|
|
|
"value": "ce2da00e90c4ef14019f51c07073d126ab5b72c7"
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"category": "Artifacts dropped",
|
|
|
|
"comment": "",
|
|
|
|
"deleted": false,
|
|
|
|
"disable_correlation": false,
|
|
|
|
"object_relation": "sha256",
|
|
|
|
"timestamp": "1581720756",
|
|
|
|
"to_ids": true,
|
|
|
|
"type": "sha256",
|
|
|
|
"uuid": "5e4724b4-0638-4f5b-93bd-4eb4950d210f",
|
|
|
|
"value": "bc3aaf73490a37d0d3c80596ff635ade159bc2a75f43ecd49411ebf591f5386d"
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"category": "Other",
|
|
|
|
"comment": "",
|
|
|
|
"deleted": false,
|
|
|
|
"disable_correlation": true,
|
|
|
|
"object_relation": "size-in-bytes",
|
|
|
|
"timestamp": "1581720756",
|
|
|
|
"to_ids": false,
|
|
|
|
"type": "size-in-bytes",
|
|
|
|
"uuid": "5e4724b4-a6b8-474e-b68d-4716950d210f",
|
|
|
|
"value": "178176"
|
|
|
|
}
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"comment": "Coin Miner & Persistance",
|
|
|
|
"deleted": false,
|
|
|
|
"description": "File object describing a file with meta-information",
|
|
|
|
"meta-category": "file",
|
|
|
|
"name": "file",
|
|
|
|
"template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215",
|
|
|
|
"template_version": "19",
|
|
|
|
"timestamp": "1581720847",
|
|
|
|
"uuid": "5e47250f-e714-4403-ad5e-4117950d210f",
|
|
|
|
"Attribute": [
|
|
|
|
{
|
|
|
|
"category": "Artifacts dropped",
|
|
|
|
"comment": "",
|
|
|
|
"data": "UEsDBBQACQAIAMS2TlC9xpZ0E8goAAAIZQAgABwAODFhNGJjNzYxN2NlZTU3NjFmZDg4MzQxM2ExYTI2ZDNVVAkAAw8lR14PJUdedXgLAAEEIQAAAAQhAAAAQGyCM97USmrHz2P0NGqBoMeCv+FumSOzWJF9BNn5Y5z8sI+C+2MWuDcwNS9ueu9vx4HHN7fGuP+XX7o1CFTQO3sPu5/VUyDJOZiOZg35W8ZjRz2Npu+yLt1kC1v41r3EMi7bqSV+DDffGxm/n5X4RzX4VbFfaLH/PsCC5HLXikFGmCF5t3kq8CGcuYRU0yrTVrLuR94lUahdQa+bkCJtKrVwWe1xYFdYBXNUKdkTSieqa6UR72CVZIMtD+bvMRbgGlaqeWyRBWv2aY+jh/MbOqNdz/0/Ex7rNdiVYME/CqYsnxb/R0oiKTRrJ33q+7v1cqOVV3WxoKvQ4dEaAtJ6ECBw4dDS2/0ZlnEcwIswd01z4XwGQ5r/L8Tw0dKKvfD92FAH8zrxd0rxwMU/RiYtyq95K9L6oo/0GRRHiYAwgQqwzefmkV2rXeKct8xpoSLBApSkmw1p0cQKPcJuMvKJLgoPjJPCXP88CTJk8ED3Huqta1y0By+O9PboE/8l/N9Up2L2vq00pzgpwYCRdo7MprqZbbcARJBr/GGsfHZksU2TmbETUBXzEdyeStAGOYWvUZoZ0Ggz+hcaLRgAZceQnXkGV+fdiB3jW1itAy3UHYW9ZnBKclMRRaAsasU6LHH9AUSVgiGHq/1rlYOFEKigVQrMpBuXxkrM1tKY1TwZtPZRhTS6n+qfny4Zken5fAR4016os6Kgn4zjvVvy9LaaGw25kYeuLAWOYznhWqSrMtTiSNr5GDZ5kiMeL95UD4gzY9Y9YJxyHmsXkjnwoZeH1TNshq/ETqL2vwwn0kTkp2Lp81EdW52Kwocra9j6eviqnD3Z5ZZ6W7L6jG6AFhtC68cjvo4sUsydyK3MzDfc2BwaGqthUqMRdsdjduabhEf0DvaDBwNCdni+I4iE3VyaV8oI+QKszJ6yIIR+7vRkwS31SHxW1bjzERExErXjVQKBl3i2Lds4JM2qVMxn5tQw47jYhUNxSLWWdQEVeihExoll3f+ZAX9ffVm+3Sqze2DR6K8Nwipx6M60a+Vm8MrDhAVPvijhmNXV5lkmlLHczas2iSd3dZJpj5yGlBjt0hkSvyQjtqEFlD1TJPNVdEtcL/Pgb6k90v3H1ireNqyfY9f2TOpMSZohcguf5Cup2V8WfObp0tL/D+H9op2cJTXB5B6pzhNy+ymT+RB2timq21UjwTuGgRyT7VWLDlT5FA+PCBD/0HIxTZwUaykkISqGQr3bC/NiPnVDIRNIZAhw9tdm6L942CnFP344p5QI1KjiaXunKMCk2PzSSZYoEPi58gdAmeTSd1K+hARzSyK+k1uvCQ9qgvxsyg6KiguNGer9TjZ/GvUbzEmO7qWvnhZ2vTMLAJ/bGowRi/zbiFmrlArs4DbrS6EXtE2lA4zpwBfFnZmOLlVTBtzsvHWsZfCSNQUBVumYAm6hUn8fJiHRHuSDTSwsxSmR5VKUnVnSWX1Rz989wdxoErHMQLt0gNAEwWNNFHWjFxt1WMqQ6vzi7j2BQEtFlkCax6yCcac7Nmbu12LV0DbOBrbi+8LXoaAGxu+lip7YbMdSHf0bJxd+l4bJuW78mmDS9fjnQ5gh19V+M2jRlq3pDjDm7H7eP6bLwGFRDbK6vqz2duk3S9SuNkBWrKXl/aiWccVEuJ1/OyTXVO+6ofzpY9sR130mvrEV83/mcLneXhTk06o9xXKAFirr16BXiSU5jNBxv3ETAnWXTH0b4AUq9yxEcch5cE6CArN/Qj+cy3AbUOh0b/YvCfuYKuc8ggxH/opEx2VW8KNar1RNtdsYaIkkj++BuzRh0dvAb/jSHB7k1Ix29s/s9UH3DlL4ycAlDYapPh9YywXJSJMS1YzsVy+UisceLTzmuYBU+yuVirlTb+OwAaFY8WQOrQs1u76z3DI0rUyPG6OVfMScTrfdQrFOEeeqCVJ5fCHj7od7OdO15Kva0/dH+yJgJfAaQ/c5h93hOBscOQx7XgU9kfBWEWtnSjnmTdbA3lAh/o18VFV18I6TZEL8YghTF2zpFefnRUIuKGGpdBtDq2cqm+mLYmu2c+k6g9Mbmhq7PnoTM6HSSJU6tzrHw13hdh/XvHyJJI3/YC65WhcW7bbNwqy4ky8NUjoswCReEdWv0bJ6ILqRJQlsD4YNHs1LMUHBirkz1zit13d9w9Gbz9PXNxHXuWCZvroIMpjatH6wfHZfx+JU86YKvwSyekqg+LLhugk1xGtnaScU/42G950pHXegu35y6MK6Bv81nbDef+jbhLMkbEOwlv7hUkqrX1bJOhtPHGcBp8653SzfQya/+5iE35JoH6sr1Bv8qUfyWZdlGFjAS6rIUqsr3sW5mF9IGdN7rQOiezlDV6FJXpN5lG/B0YnpMpW7yWuYzsY+7mZDEvBXaVVC3doQvQjNsqulAatvDsI5IGgIuFwW5pxl+CcKRtNm7F/eKrEwyevaglApGGtDx4YUDXZH9Cm1yZ402McmFES2SXcuEhfiXPRfqUnJdjRRvq9yfZ95jUtqTMvOrLDkJk2mIc/IP/aSd6cCVLzR2acLUvmBbBoLRk3v1CxA+dVS4U9Q3mmVNwpOXc4ccYehWfuICgodOaaBG+/nkCl43iZp+aLqPK5qo4nhsBEq1BV5/cg2IXzAyDk0S++rJ6UNeRaFlP4j2teYpMcDQd9gI/XA/0e2CfSriQIu91E1UHAq1LYSnH968vSb8hjtSnmt6ztKbncTK7YKiAVojYuhUfWhEPtCyn15d2f1l0k7A/T73xU5bx4dKOVicf1RLAR4ZcQ3YHOOQu3U61CzLBMYlnFntQYa0NzUynxkhbF0eSWgzTQtp2qdxeZRqfELNTFu92S1Sd0S/peVpMKRAMc4tvFca1Jiu9lOkErxkvLpJFDvuVf69pVlIP2wovy5thxhIprNmaUGCB0JOoM8OLqwSmg59duOetvEAd8yb9PR9xiFmAeg4UjtXZ6j90C0sVEsRULJKga9ncIMb4NP89pWbX5Yj/kozPJq+1Nl/zKBihHv3xHDTtyYR2ygxDs/I0FwPKfclqg4t3nFYgK6ktyq72sItox49+5exVCdckhU1Em/c/1K46FWOmrhQx96uHqDFxNjeYhKPb8C72ZnKteV8siaq9FyZJI9r4e6nAcE4YYgQtwLNpiSUSFa7z3y+IhyATIGqcyqu8QI3OWhkmpu9W3286GSyvW2N3s2Imy8b654kRfyM1iuwbLGH0C2MDEmTBQfI38vKtDSFeawRKFb28U0QTEHNObKQVCvEQqF6huLmNv6gHn3vQUgEfOstaafexJBChDCjPLUgOvonVanVoh6dxyp8fJMkMsfgm/Y9EopAyUQxQgyrAfpkQjOb/7OiHezqn6jP8fa3Cf/N59eyDDINsPLpiwNAjRN9N+nBF3gKl5tLaxhcg/6IgFNIUCbfKC2e+12BqntSeiRthkYUwDMOPDx6IvqY2BvcwxD6rtyFIE19k+3alLjM6o0vmcvVD41xPJfjRCXRBLLy4xeG5kP58aKTnkLWHX8ZANpAy7FZluoHM2MToN5YHqyhM2JaRHgZ1ZnVF9ZipZD1CQt6jVlY51armu5HVRQf43P1DTZ4aHJlV5fqn60/TAFGC+NgGOkpfUDqitYSbO04jicWgDRD3QQ4ck0f9JoVx8/DLUBGcSvcgtq0UTbjwqSSJwxCs1oWnfpyIjjv3aGu3vKwKqPk0hNaODayueZj8JIo3u5IpZElrOI+R2lq9M814dOIEuse7wvWb+t+Z0qVUKkgr6wxWaIxsKxbNXr/2hEgnA5fzbJhikcNzvWG7rhkYCaQQRjmfitT/+IwcMWHhvGX+4qAwv6hKPyucoSsacKrlOTVOGaNkIBN/RCToFj7NMgRd6WbnyrdXKZBaCyKOF2OUNZnkhhPKz2u5/cWspHnorWr4eNOirs27QhZenrfo9P4MsUDxDK7ZhDaqR6Yc
|
|
|
|
"deleted": false,
|
|
|
|
"disable_correlation": false,
|
|
|
|
"object_relation": "malware-sample",
|
|
|
|
"timestamp": "1581720847",
|
|
|
|
"to_ids": true,
|
|
|
|
"type": "malware-sample",
|
|
|
|
"uuid": "5e47250f-f894-42bd-9b10-439f950d210f",
|
|
|
|
"value": "svshost.exe|81a4bc7617cee5761fd883413a1a26d3"
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"category": "Artifacts dropped",
|
|
|
|
"comment": "",
|
|
|
|
"deleted": false,
|
|
|
|
"disable_correlation": false,
|
|
|
|
"object_relation": "filename",
|
|
|
|
"timestamp": "1581720848",
|
|
|
|
"to_ids": false,
|
|
|
|
"type": "filename",
|
|
|
|
"uuid": "5e472510-d8e4-4bd2-b430-454a950d210f",
|
|
|
|
"value": "svshost.exe"
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"category": "Artifacts dropped",
|
|
|
|
"comment": "",
|
|
|
|
"deleted": false,
|
|
|
|
"disable_correlation": false,
|
|
|
|
"object_relation": "md5",
|
|
|
|
"timestamp": "1581720848",
|
|
|
|
"to_ids": true,
|
|
|
|
"type": "md5",
|
|
|
|
"uuid": "5e472510-9ebc-44c8-af83-4f3d950d210f",
|
|
|
|
"value": "81a4bc7617cee5761fd883413a1a26d3"
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"category": "Artifacts dropped",
|
|
|
|
"comment": "",
|
|
|
|
"deleted": false,
|
|
|
|
"disable_correlation": false,
|
|
|
|
"object_relation": "sha1",
|
|
|
|
"timestamp": "1581720848",
|
|
|
|
"to_ids": true,
|
|
|
|
"type": "sha1",
|
|
|
|
"uuid": "5e472510-b370-4459-9f6c-46ba950d210f",
|
|
|
|
"value": "f63b9e779dc48d49bb13ba0a2c31520d12cf2643"
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"category": "Artifacts dropped",
|
|
|
|
"comment": "",
|
|
|
|
"deleted": false,
|
|
|
|
"disable_correlation": false,
|
|
|
|
"object_relation": "sha256",
|
|
|
|
"timestamp": "1581720848",
|
|
|
|
"to_ids": true,
|
|
|
|
"type": "sha256",
|
|
|
|
"uuid": "5e472510-523c-4b2c-8779-4bcc950d210f",
|
|
|
|
"value": "ba94d5539a4ed65ac7a94a971dbb463a469f8671c767f515d271223078983442"
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"category": "Other",
|
|
|
|
"comment": "",
|
|
|
|
"deleted": false,
|
|
|
|
"disable_correlation": true,
|
|
|
|
"object_relation": "size-in-bytes",
|
|
|
|
"timestamp": "1581720848",
|
|
|
|
"to_ids": false,
|
|
|
|
"type": "size-in-bytes",
|
|
|
|
"uuid": "5e472510-200c-43bb-bd12-48cf950d210f",
|
|
|
|
"value": "6621184"
|
|
|
|
}
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"comment": "XMRig",
|
|
|
|
"deleted": false,
|
|
|
|
"description": "File object describing a file with meta-information",
|
|
|
|
"meta-category": "file",
|
|
|
|
"name": "file",
|
|
|
|
"template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215",
|
|
|
|
"template_version": "19",
|
|
|
|
"timestamp": "1581721041",
|
|
|
|
"uuid": "5e4725d1-b2c8-4dc7-9ee1-460c950d210f",
|
|
|
|
"Attribute": [
|
|
|
|
{
|
|
|
|
"category": "Artifacts dropped",
|
|
|
|
"comment": "",
|
|
|
|
"data": "UEsDBBQACQAIACq3TlB0ZwiWtUUoAADiYQAgABwAZTEzYzAwNjQyOGUzZDM5N2M0MmIzYzMwMTIyZDk5Y2NVVAkAA9AlR17QJUdedXgLAAEEIQAAAAQhAAAAomO4k/reHP+mWE7EFagjBvDlQGFhXrdSNxzB5De7X09gdv/DnejxJ7vA5TOsMil8NzNsAfYj5CbFUo1RHYrwRlHUjr44JpiBZI0NHkQTuASyJaTyGdzksNksyw36dJYINri5JdlRoHl9xt6XDGKwv4XjLTn9SRPUL0GfmBTwa3zQoWTh90t8U9BqoulqCycD2OWxUFYSZ1XscrDsIT4fZMXC+8NTyVKZNbHyA8vATQRqG32aS9BvtqA+Y6SXvH9r4BOfTyQwaMulJOBPuDC704kotrZTzv6UVVclWdsng7el/ALS3XaGC7efaWqe0Lbf023SANPNcHpRr9pOwIF0EdKltgp1u2c9WFGdeycSe34sMSalChSuO2z7l4NiLYKo+x85ti/htbLiiIPMhXCIrMY9C5jqLjaTgcVXMHL87d6USG5wOzgXAU05dcOQtAJMrhs5XCVMXkifwBNd5P+PRsAaiZWPylQet5Zje9afXHOFdDlW1naiBmH5EpGpiUP5WBpuyjSTqKHLyJzfmEiSn8oLzy9eyhu00SMpMuwOjCaGAwhpGmNWUIWdwLksKkVRydF+66SqUOLwva9x9WCoOgXsLQlZYw8shPsq3flD0hxnbuT3yUs/KTd33+WkG8ZEZHDRDEKtQKE2cSTxrDNKlMh9uZ0UuqRwMwjlafXDexWcq4qVuG2lonFwvuiyb8Tvv7xIKpgR1vq1vnjimZZ1A8QX1T3DX+vMIDt2kiHfv1pXOj4uhW/xahPgYKd1Wir3bnLmy5fLRECYv4EhcLgmsvhS3Eofp+mIV+WOh6bUxwthIMYLsNuveOtn1G6wkIcF3nUUnQfZZxvMF57QotMU71munvA0BMasDdLoIwhSw5yNcVmlKCmdAPzQE8LlB/rOcBtfQ3xiOSNgTDrQ6u3oraI0np7jYhz22f79ImHEQM5TBhPyP2AYPNOe4cHKXAqJfWj40Inpm3TsNOSFDQf3swdcRET2uyVlHk+LSBh7bMPxEuqekrAx62lJnE8YvWL5NYCx9aHYkPP0a8H1NCI8aXB6EpMe+jaMP3hilJuHZLyMmhAmfrob59KiwMLU/CYlb8pLBbvFacIprEI9tPCXR/V5KHL17IZ/Ai7yprqaBd6UAZ+ZBKmO7MYy9A5YoaX6b89o8e5luHvt8HRGwKCZKykSqCt7cf0Cy95IiKPnmiBK8IB5TWHAdLmLgDbYoqFnEzbKZAAymgGqV6TnQzXZ0n54YBhtGfX1opDXEMhA/4TOj6QjM6PrjNxp7fF9twQXwaZfmOlUtIAvZUnTiQwkDqLpoGXLXrsmhegqlfjVnJtG86nv/AT30p3jO4RVoIzbRXTTSTdOFeVUeXmunNzmuddkai60nWAuA3sfPh/2c3LdatV0ixTMqsXH+fIyCuPrKxqyD10Z6F+YQpOeOzEn8V0S+5T6G2/UFc7vAB7oNRCHrqqCUslOM8XERMFhQpdbA+u7Mf+cADyJ9K8hEIC4QXCeQD56+Duwld3AM1YIYym8a5phkH16Qa1xeDUfg8IoKCz89yqMSG57wlavZavM6MdPp57GjwT+CehF7ykKdCGS1fqx8WLyEnciioTr5sewkFpw+3yTzVfMaeDPmZM6NWuCP95Ba8OizwsgYDxfM2NcZ33MvDnZxoDojLo01vNzBQbMEW37CCX/EyW7mvdbl5sxxzrVfdsHXo9wdCMZm2Md9hwAQMdKONB+1JTjNth3iFs7CTeh46bB2mV+Xj1yxasHRLZ7NVAloSXwHaHZkv1m81nZcDRmdiJ/dkgBEO3RBTQH4RCeBWXv9AezHnfxR7fgGkojNunQ44QJqvZAhrcWtwA2UpapFqQ6OGtZJrr9D45FZz/Y9UUiEHqA1ex2iFDB137Mmh27aRjS3D3prbsJv2NbQjrCiFHglyLBxtFKNxYvyg0cnnDpL083l10esCEbFWauzehf3bEZIXuXOUmTsEccytdXRYIQ1a2YkE0uDbzGzMesdwa+3Tdlc9UfGiM9GlYvjfBnN/1el2D7zsFMnLp2prMeS0nBdJ/2GOhPRG3GJUK5uwOAzidJtc9D+5/Vn9/fhDVZPROoDEsVxi7foShONT7E+bhsboWJkQGKUAcuZEs6zMwA2lszcL1WkX0rwj1MtU3sKuzXPYtdDkPVdLoxzCTU4S8k75XmQRMNsSHCMYdXPJ8aZHiqBMTlnqr0v/YG7Oozduj/2Io2uciOuUdFLkaBt9xZvff366CKX985G/+AmhX8hnUxbwbYfVqacHJF8rzfN8QOmwFAhgGq82w+pQMd+t77VZSITVBPrII99uWDlKM4H3JXLu4xvs9jm3A9xO5OOspln9CT1x04swbT0Boa5p01iuYaUFFEkWu4jZ4LF4cIUjo4Njtnk54wMUMKjuHf0Itxnq445KpdkNv8XduVVjDyyYbyCZ1UB5XlXjkicISiZg/30IhOUVx0MdcYDjrf30f5XSj5OjGeeHyJUWO8kXJk3SdXUav9u6wEHQI6+G1DTWyDBV90WZDlYLdU5s2GdmTCRjt2sRMf9bGCQBtCKLcaY07ezxSDamFPO16SC93KAbPOSRABcvF5a1yT7LOvL+aaMrdgS5vQUJwxmOBEiqql+ggc9tI8YX4p6KwVNk5BSpCR8bg5AepCMeMd5vwykgMowuN4POjWNggTg3KUtKxjw0M3pOW0xiooZfZ7b041IcJJuXhP3EFctw3ylBsL65TDJQ0g7H6pWeY2G3Dmco8QO+CM+9rZqVHtvM1Tj60bgn/0hs4eKtR6C8a/TM8RcFS3vH0T1CoKkXVY+3xWxo8Rq9u/IrrdFAWdL8jSLCKDZggBjRdVSks4z9mBzzD9U6FMaRS90vbpaIuYIH+uj4L8sEVO54NGzZjw3/9yV0DFP7AWa/MsiuY19UAMOJLmUEEwTcpgpWPNmr9G0IABM9fmCoMOV83pt9yOc60ZlAK0ojxXKqLRniXVL9jAS9xjhy/I2lOXvaj/d83uxC6oIO06bz273Z22Y/fDNJN/Nc942w9f/UcTm4MMxuJL0zpRfUxGmPvx+qrakdv5oIgbFB13rBhZkUqbjSBCUsvxmVFvZThzrZTAKF9Po0pD8cbMUUnKcyYvA4sva3vHBIRBLaeefwBo7wusPScv2VPgcHkpTsPS4tl9xNU46sieB3/jwWa2N0MenNNjB4lU6pTs8kS0746NtMm+37uJ8gkp+4Q1eAVkydXi59sgEaLLKoZJu+wLltjHiVoOOdVMtUuaS+2LZj9D2PJvXamhmlDYmjwZK26wilsyf6EjZICk5tJQZnNqtbVzyOo3Scec2s8md53+DSWZeUALaCBYzVeIjxY0JwT0tgwKCLZ6+HPHGWUB8sdgoyfUG7cXBPuUS3FcvhOKQGTy921CNhkgR5wkbNNGQLu7K2mwHu+qVOjupz02pHaw3HWSfm9GU0dB/82uI3KMpO1wolyvvSRAIhtWPNAopc3SrERN3RAIeTI6de2C1fOPegLpAqTXSOZFfbDdCQ8iuJgzq2b7uJRO1QVwaggOt5ZAnIrvFWly0432nDy/VA7dkR1y+O9/hc4s6csw1gGmU6aRfrgWwX4Tq1oRXy3RxHrO232GcWwhEtyS72mmna6i5e2yyxwjLtgy4LvMr7HmUJTJ84ntUKjCkE1xVPetB5AWNeSQOzy3dqxLGkgjXcP8sM44r6GlSSQSrjr1Y1iCFe6zrHrL696T9yNnh7Pdxo6ujkrXnXL2ICqXeeLuGj3omj7kTMGfMrEKWCxUveAYM94+SOiujFFRlaMSAgeiP0N9/ac4tD1DmUcGFLWLsaJcxl+cDahQn48kJOxU/Sc7Z67gmxm27MOKrFz1g5snho3uIzMjGmUAYFW0dmp0qoL0Pn1vfemtg3UMkxoH1TAEf95BBh60OpcuW75AcTvCOfZQQ8Xr/dVt+du1bahhJOfA4w588H4u0SHYKp
|
|
|
|
"deleted": false,
|
|
|
|
"disable_correlation": false,
|
|
|
|
"object_relation": "malware-sample",
|
|
|
|
"timestamp": "1581721041",
|
|
|
|
"to_ids": true,
|
|
|
|
"type": "malware-sample",
|
|
|
|
"uuid": "5e4725d1-8cf8-49b1-91ee-4c11950d210f",
|
|
|
|
"value": "xmrig.exe|e13c006428e3d397c42b3c30122d99cc"
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"category": "Artifacts dropped",
|
|
|
|
"comment": "",
|
|
|
|
"deleted": false,
|
|
|
|
"disable_correlation": false,
|
|
|
|
"object_relation": "filename",
|
|
|
|
"timestamp": "1581721041",
|
|
|
|
"to_ids": false,
|
|
|
|
"type": "filename",
|
|
|
|
"uuid": "5e4725d1-b594-41b1-8cb0-4de0950d210f",
|
|
|
|
"value": "xmrig.exe"
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"category": "Artifacts dropped",
|
|
|
|
"comment": "",
|
|
|
|
"deleted": false,
|
|
|
|
"disable_correlation": false,
|
|
|
|
"object_relation": "md5",
|
|
|
|
"timestamp": "1581721041",
|
|
|
|
"to_ids": true,
|
|
|
|
"type": "md5",
|
|
|
|
"uuid": "5e4725d1-af38-4b5e-aee0-441d950d210f",
|
|
|
|
"value": "e13c006428e3d397c42b3c30122d99cc"
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"category": "Artifacts dropped",
|
|
|
|
"comment": "",
|
|
|
|
"deleted": false,
|
|
|
|
"disable_correlation": false,
|
|
|
|
"object_relation": "sha1",
|
|
|
|
"timestamp": "1581721041",
|
|
|
|
"to_ids": true,
|
|
|
|
"type": "sha1",
|
|
|
|
"uuid": "5e4725d1-d6e8-4671-b154-489f950d210f",
|
|
|
|
"value": "da8c372b94516ddc512bdf60cfb8609ad382702a"
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"category": "Artifacts dropped",
|
|
|
|
"comment": "",
|
|
|
|
"deleted": false,
|
|
|
|
"disable_correlation": false,
|
|
|
|
"object_relation": "sha256",
|
|
|
|
"timestamp": "1581721041",
|
|
|
|
"to_ids": true,
|
|
|
|
"type": "sha256",
|
|
|
|
"uuid": "5e4725d1-b2e4-4b76-8e35-4f56950d210f",
|
|
|
|
"value": "09b9d59ec4afdd479474db30a3b64e4c974a9e5711ab08e14bae2840e95b9aa1"
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"category": "Other",
|
|
|
|
"comment": "",
|
|
|
|
"deleted": false,
|
|
|
|
"disable_correlation": true,
|
|
|
|
"object_relation": "size-in-bytes",
|
|
|
|
"timestamp": "1581721041",
|
|
|
|
"to_ids": false,
|
|
|
|
"type": "size-in-bytes",
|
|
|
|
"uuid": "5e4725d1-ecd0-488a-86fb-4131950d210f",
|
|
|
|
"value": "6414848"
|
|
|
|
}
|
|
|
|
]
|
|
|
|
}
|
|
|
|
]
|
|
|
|
}
|
|
|
|
}
|