misp-circl-feed/feeds/circl/misp/5e5709a4-8850-453e-9f11-275a0a0a020f.json

579 lines
3.7 MiB
JSON
Raw Normal View History

2023-04-21 13:25:09 +00:00
{
"Event": {
"analysis": "0",
"date": "2020-02-27",
"extends_uuid": "",
"info": "Racoon Stealer",
"publish_timestamp": "1593669025",
"published": true,
"threat_level_id": "3",
"timestamp": "1621850670",
"uuid": "5e5709a4-8850-453e-9f11-275a0a0a020f",
"Orgc": {
"name": "laskowski-tech.com",
"uuid": "5e157d76-c92c-4acd-a54e-4a01950d210f"
},
"Tag": [
{
"colour": "#bd472d",
2023-05-19 09:05:37 +00:00
"local": "0",
"name": "keylogger/infostealer",
"relationship_type": ""
2023-04-21 13:25:09 +00:00
},
{
"colour": "#ff9f0f",
2023-05-19 09:05:37 +00:00
"local": "0",
"name": "racoon",
"relationship_type": ""
2023-04-21 13:25:09 +00:00
},
{
"colour": "#0088cc",
2023-05-19 09:05:37 +00:00
"local": "0",
"name": "misp-galaxy:mitre-attack-pattern=\"Spearphishing Attachment - T1193\"",
"relationship_type": ""
2023-04-21 13:25:09 +00:00
},
{
"colour": "#0088cc",
2023-05-19 09:05:37 +00:00
"local": "0",
"name": "misp-galaxy:mitre-attack-pattern=\"PowerShell - T1086\"",
"relationship_type": ""
2023-04-21 13:25:09 +00:00
},
{
"colour": "#0088cc",
2023-05-19 09:05:37 +00:00
"local": "0",
"name": "misp-galaxy:mitre-attack-pattern=\"Command-Line Interface - T1059\"",
"relationship_type": ""
2023-04-21 13:25:09 +00:00
},
{
"colour": "#0088cc",
2023-05-19 09:05:37 +00:00
"local": "0",
"name": "misp-galaxy:mitre-attack-pattern=\"Commonly Used Port - T1043\"",
"relationship_type": ""
2023-04-21 13:25:09 +00:00
},
{
"colour": "#0088cc",
2023-05-19 09:05:37 +00:00
"local": "0",
"name": "misp-galaxy:mitre-attack-pattern=\"Remote File Copy - T1105\"",
"relationship_type": ""
2023-04-21 13:25:09 +00:00
},
{
"colour": "#0088cc",
2023-05-19 09:05:37 +00:00
"local": "0",
"name": "misp-galaxy:mitre-attack-pattern=\"Exfiltration Over Command and Control Channel - T1041\"",
"relationship_type": ""
2023-04-21 13:25:09 +00:00
},
{
"colour": "#0088cc",
2023-05-19 09:05:37 +00:00
"local": "0",
"name": "misp-galaxy:mitre-attack-pattern=\"Data Compressed - T1002\"",
"relationship_type": ""
2023-04-21 13:25:09 +00:00
},
{
"colour": "#0088cc",
2023-05-19 09:05:37 +00:00
"local": "0",
"name": "misp-galaxy:mitre-attack-pattern=\"Automated Collection - T1119\"",
"relationship_type": ""
2023-04-21 13:25:09 +00:00
},
{
"colour": "#0088cc",
2023-05-19 09:05:37 +00:00
"local": "0",
"name": "misp-galaxy:mitre-attack-pattern=\"Data from Local System - T1005\"",
"relationship_type": ""
2023-04-21 13:25:09 +00:00
},
{
"colour": "#ffffff",
2023-05-19 09:05:37 +00:00
"local": "0",
"name": "tlp:white",
"relationship_type": ""
2023-04-21 13:25:09 +00:00
}
],
"Attribute": [
{
"category": "Network activity",
"comment": "",
"deleted": false,
"disable_correlation": false,
"timestamp": "1582852772",
"to_ids": true,
"type": "url",
"uuid": "5e5868bc-0fe0-4390-80ab-d3b874656a8a",
"value": "http://35.228.134.218/gate/libs.zip",
"Tag": [
{
"colour": "#8a0064",
2023-05-19 09:05:37 +00:00
"local": "0",
"name": "kill-chain:Delivery",
"relationship_type": ""
2023-04-21 13:25:09 +00:00
}
]
},
{
"category": "Network activity",
"comment": "",
"deleted": false,
"disable_correlation": false,
"timestamp": "1582852772",
"to_ids": true,
"type": "url",
"uuid": "5e5868bc-1560-4807-9a76-d3b874656a8a",
"value": "http://35.228.134.218/gate/sqlite3.dll",
"Tag": [
{
"colour": "#8a0064",
2023-05-19 09:05:37 +00:00
"local": "0",
"name": "kill-chain:Delivery",
"relationship_type": ""
2023-04-21 13:25:09 +00:00
}
]
},
{
"category": "Network activity",
"comment": "",
"deleted": false,
"disable_correlation": false,
"timestamp": "1582852748",
"to_ids": true,
"type": "url",
"uuid": "5e5868bc-0900-4886-9566-d3b874656a8a",
"value": "http://35.228.134.218/gate/log.php",
"Tag": [
{
"colour": "#e200a3",
2023-05-19 09:05:37 +00:00
"local": "0",
"name": "kill-chain:Command and Control",
"relationship_type": ""
2023-04-21 13:25:09 +00:00
},
{
"colour": "#ff00b8",
2023-05-19 09:05:37 +00:00
"local": "0",
"name": "kill-chain:Actions on Objectives",
"relationship_type": ""
2023-04-21 13:25:09 +00:00
}
]
},
{
"category": "Network activity",
"comment": "",
"deleted": false,
"disable_correlation": false,
"timestamp": "1582852759",
"to_ids": true,
"type": "url",
"uuid": "5e5868bc-ea68-441d-a83a-d3b874656a8a",
"value": "http://109.201.143.181/1B5F/raccc_1B5F.exe",
"Tag": [
{
"colour": "#8a0064",
2023-05-19 09:05:37 +00:00
"local": "0",
"name": "kill-chain:Delivery",
"relationship_type": ""
2023-04-21 13:25:09 +00:00
}
]
},
{
"category": "Network activity",
"comment": "",
"deleted": false,
"disable_correlation": false,
"timestamp": "1582852285",
"to_ids": false,
"type": "hostname",
"uuid": "5e5868bd-1fdc-4ee8-a3ea-d3d374656a8a",
"value": "doc-0s-24-docs.googleusercontent.com"
},
{
"category": "External analysis",
"comment": "",
"deleted": false,
"disable_correlation": false,
"timestamp": "1582852349",
"to_ids": false,
"type": "link",
"uuid": "5e5868fd-03b8-4af4-8b39-8add0a0a020f",
"value": "https://laskowski-tech.com/2020/02/28/definitely-racoon-this-time/"
}
],
"Object": [
{
"comment": "",
"deleted": false,
"description": "File object describing a file with meta-information",
"meta-category": "file",
"name": "file",
"template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215",
"template_version": "17",
"timestamp": "1582852730",
"uuid": "5e5709b9-16d8-46eb-ab16-275d0a0a020f",
"Attribute": [
{
"category": "Artifacts dropped",
"comment": "",
"data": "UEsDBBQACQAIALcBW1DtR9L8alIAAADQAAAgABwAMjhjNjQzYTFmNjlmOWZjYTk0ODFhNGJjOWYzZjM4ZjNVVAkAA7kJV165CVdedXgLAAEEIQAAAAQhAAAAiJy2MpPdZzlQuIXOSmGRkuuwanLHrUCG95VYpdQ9yim69tPE13Cn8JHLV38IgWwmK3PpBE673nh1rM0vzUKoaEWuzALy7c4rEVAI0T8jkKU3iFgexNupDWDz6M3J7GWNbEM6zLIRy4lXUZFFlsZOYIOQfjD2Dkq5pDsrI3cTK+piqZkX4ZuOZpq1FaMP0fjD0GC2OKs7auV9e4oLP20sMm7Duuox22SZhtgpPcAoDibEeUtJN5V8fkNp/j9j9IqwqYQMdT7UhVN9dnA+sw1Pw3QjJSO5sDVdUt2yb/M8qc0K2TCr3R6/0XMKHn1LFIJugmLOoWvnjO1TtqYXD2yTEDJunl6gIeFvcxn3ZzYsD4qRmOBa6nzpErGAzzXGEbMfNdQzICCEZCvKOIQJKqU0Wdw37O/bGzPhG/B7LRqQsZPrRfePwEKyXWoOymhzo3fMhvHTWB8ZTvX6u8DwazQg+6CsfAVN0uLgCoBQe/qyXbWBhtK7Ld37o8zmefQcmxbcoDMo2Et6y8p9kjLSRky69sTOWsld9g82tGhEDWjxRVcf8M/u6o5cZ7ubFsxwyib5BoRH/wW8q1A9iEIWFbLMDXq/mAGeSLI9JK6xHIrgvfEVzcKeLXkFiovVfnOkqW7EYzkEGabbfH5qZqKb7e7lUOh5mdL45INktPGWJjqh5OciTKt+5wfYJpuHcpGVfNYRLOjdtPA4hORZSoy42zRKxhDq4T+ZtANNPdRQcdFz7rFGtna3Pb6hvONE6nqlf7im91KP/nuPzWjT6OO38atBCJ87mnYTP6SK77TzKltmGHiaO31GF2AUEXYf8QhPZ4PmBlZGWT1HJeVxqw2NGTmxJFdRotbBmGqnSs3n8wi8RGN0orFUOHRRWYcFncECJoUYdy++PgMZ8ehBokvitz+vMJ+OdYcpmjVXWzUn+vfB9yLVrffb6rL7DkPY8P5yRiyYKyDxbYLI80qWwu5nlpvV225I9t/oYCQIOT9GtW0vhSgeMPjNnPiO+JKQlgbuFTmQciac02FtMlljfbcY5HjvytAPGtzLtyV7PKSifCBmVNrFvP4RN8O7Jw0TtYH032zFkj4GUH1R42kogYcpVnjj5meR5FhpLbkO3eZGZI4ynNWJWIUdLyURPHAwxuZ+K3++UwbAGDaPpxO+01IZbsKHRT/G4uVFbbKHNfKUWiQAkSIKdKKB1WiImp7yQcelCxXAwB5/CaiPs8cn3ASHkmfnXoaAF4nksKD3Am+2D4Z+gMDY1fJo10z31mQUmFEhZPzWS2acc6YH9Z3zMwroZa+wo1d9gAWoPuP/jafnkE2rrUblbK/yz+o1c5Q02pR243YbM7M2Cl5yerIg8EQpGMFanjafgXPyVCvZhkZD3tXN3/ORP2HpL1lwbwzTNdVbA0qBPlQ+UWbL1u8TYHpDNge3B+Bctww6sfc5wyVWhoI02SzoDscg8wGbZXSK8WXKxiLTx2ZZF7sD2R+uGEAeYeqHvyekOK6So4B+cH8Tv2bapHSq7wO68AtBTwYvZ4+DT/v2NaO5rURg99OFnrBzshFK58paNEChv3P4ufX2z/5P2IG8nu3Cj3TeGnXwaE1UV3OitPuQYeFmnU92UfAxz7artVnCj5eVJ8eXyRUZha8j45ds0bS1p0FWo2asv4rsEwPVRoSakpjBiyloTz0AmZgOwgJrYS39+xR2QZD3UCJnyfBpds2ji+N+BOSc3HMvzg8c52KcN4k0x2izS4t7sVPI8IJOXZBDpVsIRFeVXnV12KukVsrZwtVgM6GhRfagnPKOb9SNxQLwy9lLMjLj32XHLYMGVgzyDqy6cVEG6Si3p3jHVZNkXrRdg7Yzvj4LWuFAxrOdcCDAn3sfmdbWkh7DD8Ixdcx/9UbX5BpERdmDc6+doSz3/vEcCGuPJBk+TQOQxiwT2gFSJAPlyixUPPnoC/UVJGac1lYzRK5BcHb+X7ZG3f3fqWm8iGyy++qb8pEALiMeWxwV7Q5551qsigD0A+V6ObDelp53h18Y362RMLJ2lCSjhluKvcyNvYoq7Y3hmjzBYqIR5Hgyuw89t3fPw0yYlpsVQ4v2UMrSgm+tmgg1QKhhix+nfkh3JuhawsWWWlpoQQ9tYrmONlXCR/T6vCkZTaEjhoOIFBrb7Xm75CBqnQa/4tGG2PG6tXsbtoUdNEuaerckoFbyOE1niEmuUESw3qb0YCs4QmqhVaGXbz0LG8jjF/5k9qWuOzJ43q4voo0IwpB3fRbCm1FVchSTyf0yRhhzZd9GvcYP6vLKu/tCpIoRLhelG11arKbb8L9BkFJzy2v9O4FGSEgn5ZfdZgNPx2yAzCsXNUxFhl3zZc1oJFFLoA6jYxwVBqL4BpE+k0kVVi2sOPvWT9xMFzuQzl5+suuhwgr5FxPkEZ/iI0J96iDipvVb6eU4mI7dR3G/yzPD0UNIjLmb24mwJ1RknW2K7HdqS/tZjZpv+bDgYoSCZqcbtrbseOtoS4aXeYazZpS36FacVb2mKRpOFbjAMAoVpRFXF+DjwD0GPyIRqJSLYKUGlj1srIGpAk4tG3Q2GFTQffNEM1PblS6uWlR6+dn51Vx3p4wBULXJqZnsyTNFR30j4YwuyVoaco9b/YSj6rl4kkg5xt91b7b9YWhaTVYdvjH8N5yaiBqyXl8Ih+FdJUheDeY5Y4suL/kXuuyOYoRrZCLuqg8IiQN2lIpf97WK4kzEGSMV/eO/kSqdwpqgp5Rddb2329K4Zr5G0kPNXMCvMlCtL477SF8qStMECyCQKebhgwh2uFNME9V8x5DbBxj+tisYCuRkilW+OX32cyzLN9BPl5iTBnitz4N773Akx+UqdCqo//XtdLG42KyX/z2g4MVfZ652M78u4hnjjgmjoMt7+Cty7lccy7eQHjOBjrIPEdp5IgYbJYNrMJzzi1W2TSaK5GYwgrXu2O6n75jXr3rs68X8/5xfWcAx3a79ETQbczQerDREVjqKbIXHwVbHgTGHMkr+ZOa4AoC9DlQHXyx/LVBTVNjSZGBGFO2r8ErX8i8rcWfQeb4j2lg0IWD5AsnerrkKGqfRI7DnpDNkHigYyfqqyQnmZN6IVQfnIm9h5wsaYHyKGus4sDopgK348rDJDZIAK6ZkwCeFK/DFpWVoZSCSihiPuqVYVCx/zh+tqsuHF26VB176NVkE3XWC4t4Gyo/7m1nlicdyjCr2n8Fd1z8VEKs9BwiG8q1b3fHx00S4bzNz+bMbXNrYmlBQqFIEgJSZrurhm4WMF4SH/anrrCXBiaKHTzEzqNY9JU/6ou2Pz8mabypOhL9FhR5/uqgGv7QWpl3G2JIW6/i/z/gGt5hGIG3S27sPUwXxzwQG0RbwezqQKK2+yBiIsbgKP+qHf/B+PrHHQLgeSXg0pFYmQ6IbSC2hhgDJGcb+fqLDkl8oUL+gWVCZri7G2mJiZ1wf9IZPMGRH+sQXVKBXfHWlGynHkTDt5xcdm0i5Ckpj3dMp+QENsLGNmBf7mI+DJSz+sb7fTmft6iFoPpXy7uOHqZKZOGKowM0hMrVH+kadMrsf8BpJWUHREkGbIzNknvrn29QopM/UONzAzetcoL83HnqJ1o277hdZpC2SmUBXyLXW6hXAtjnw5BYNYcjB/l8+f63wqYKmzMUC4zeLH6m2SFAOUs9sZxbdN6FnqggKJQCJXSg1CQLR22SVu2J2tnTejyxpKY6iGLMngYP7TCI7MbblooG7gV6PA5FQ9m/b1cuRi9DCS4TkSwyRmDTWEfq6GfSOKHKvpKLHQGBTrvpXpRdHPdSGj7uo+4JVPlldMaotCOFgz12qgk2l2tzaB35dNPDOo9RSzg7fE5fvEcdZLv7Kkqm0vmmSUlRPTpZo+y8TJpBBlxFctcBw2fIWgDhP0RLzQtDsnIaqvMc+WI16VG1HHM5R/9G7f8Q85okUaf21xTRApBRlFuhetbr52D
"deleted": false,
"disable_correlation": false,
"object_relation": "malware-sample",
"timestamp": "1582852730",
"to_ids": true,
"type": "malware-sample",
"uuid": "5e5709ba-8bb0-44c1-b43c-275d0a0a020f",
"value": "raccc_1B5F.exe|28c643a1f69f9fca9481a4bc9f3f38f3",
"Tag": [
{
"colour": "#c5008e",
2023-05-19 09:05:37 +00:00
"local": "0",
"name": "kill-chain:Installation",
"relationship_type": ""
2023-04-21 13:25:09 +00:00
}
]
},
{
"category": "Artifacts dropped",
"comment": "",
"deleted": false,
"disable_correlation": false,
"object_relation": "filename",
"timestamp": "1582852039",
"to_ids": false,
"type": "filename",
"uuid": "5e5709ba-4878-4369-9d4f-275d0a0a020f",
"value": "raccc_1B5F.exe"
},
{
"category": "Artifacts dropped",
"comment": "",
"deleted": false,
"disable_correlation": false,
"object_relation": "md5",
"timestamp": "1582852039",
"to_ids": true,
"type": "md5",
"uuid": "5e5709ba-b734-4439-a741-275d0a0a020f",
"value": "28c643a1f69f9fca9481a4bc9f3f38f3"
},
{
"category": "Artifacts dropped",
"comment": "",
"deleted": false,
"disable_correlation": false,
"object_relation": "sha1",
"timestamp": "1582852039",
"to_ids": true,
"type": "sha1",
"uuid": "5e5709ba-e6b8-4ba0-a198-275d0a0a020f",
"value": "904afe59f6438848be96fd26fdeab01267070d25"
},
{
"category": "Artifacts dropped",
"comment": "",
"deleted": false,
"disable_correlation": false,
"object_relation": "sha256",
"timestamp": "1582852039",
"to_ids": true,
"type": "sha256",
"uuid": "5e5709ba-8870-4d79-98fd-275d0a0a020f",
"value": "4478328408cf3c38b356eed6e86171a5c879663d79867c2b55ec8a0538d7588d"
},
{
"category": "Other",
"comment": "",
"deleted": false,
"disable_correlation": true,
"object_relation": "size-in-bytes",
"timestamp": "1582852039",
"to_ids": false,
"type": "size-in-bytes",
"uuid": "5e5709ba-029c-4423-a5ab-275d0a0a020f",
"value": "53248"
},
{
"category": "Other",
"comment": "",
"deleted": false,
"disable_correlation": false,
"object_relation": "fullpath",
"timestamp": "1582852039",
"to_ids": false,
"type": "text",
"uuid": "5e5867c7-a9dc-4c6d-8ba2-8add0a0a020f",
"value": "%APPDATA%\\raccc_1B5F.exe"
}
]
},
{
"comment": "",
"deleted": false,
"description": "File object describing a file with meta-information",
"meta-category": "file",
"name": "file",
"template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215",
"template_version": "17",
"timestamp": "1582852803",
"uuid": "5e5709ca-9564-4380-bee4-275a0a0a020f",
"Attribute": [
{
"category": "Artifacts dropped",
"comment": "",
"data": "UEsDBAoACQAAAMEBW1CeHkZWIAAAABQAAAAgABwANmZmZTBiMzAwOTMxNjcyMDk2ODEzOWMwMmFlMDZhYTJVVAkAA8oJV17KCVdedXgLAAEEIQAAAAQhAAAA69GQvedCA7qMU6mfCHy3d7XwGK8o2a10KDdYInTwxphQSwcInh5GViAAAAAUAAAAUEsDBAoACQAAAMEBW1B0OMEUFwAAAAsAAAAtABwANmZmZTBiMzAwOTMxNjcyMDk2ODEzOWMwMmFlMDZhYTIuZmlsZW5hbWUudHh0VVQJAAPKCVdeyglXXnV4CwABBCEAAAAEIQAAAI4XI0cNxSlmFbI9I7/LP+GVEZ6g6UgRUEsHCHQ4wRQXAAAACwAAAFBLAQIeAwoACQAAAMEBW1CeHkZWIAAAABQAAAAgABgAAAAAAAEAAACkgQAAAAA2ZmZlMGIzMDA5MzE2NzIwOTY4MTM5YzAyYWUwNmFhMlVUBQADyglXXnV4CwABBCEAAAAEIQAAAFBLAQIeAwoACQAAAMEBW1B0OMEUFwAAAAsAAAAtABgAAAAAAAEAAACkgYoAAAA2ZmZlMGIzMDA5MzE2NzIwOTY4MTM5YzAyYWUwNmFhMi5maWxlbmFtZS50eHRVVAUAA8oJV151eAsAAQQhAAAABCEAAABQSwUGAAAAAAIAAgDZAAAAGAEAAAAA",
"deleted": false,
"disable_correlation": false,
"object_relation": "malware-sample",
"timestamp": "1582852803",
"to_ids": true,
"type": "malware-sample",
"uuid": "5e5709ca-4858-43ab-a3c3-275a0a0a020f",
"value": "hrjytrj.cmd|6ffe0b3009316720968139c02ae06aa2",
"Tag": [
{
"colour": "#c5008e",
2023-05-19 09:05:37 +00:00
"local": "0",
"name": "kill-chain:Installation",
"relationship_type": ""
2023-04-21 13:25:09 +00:00
}
]
},
{
"category": "Artifacts dropped",
"comment": "",
"deleted": false,
"disable_correlation": false,
"object_relation": "filename",
"timestamp": "1582762442",
"to_ids": false,
"type": "filename",
"uuid": "5e5709ca-9830-418e-a33c-275a0a0a020f",
"value": "hrjytrj.cmd"
},
{
"category": "Artifacts dropped",
"comment": "",
"deleted": false,
"disable_correlation": false,
"object_relation": "md5",
"timestamp": "1582762442",
"to_ids": true,
"type": "md5",
"uuid": "5e5709ca-5e90-4157-906d-275a0a0a020f",
"value": "6ffe0b3009316720968139c02ae06aa2"
},
{
"category": "Artifacts dropped",
"comment": "",
"deleted": false,
"disable_correlation": false,
"object_relation": "sha1",
"timestamp": "1582762442",
"to_ids": true,
"type": "sha1",
"uuid": "5e5709ca-4944-4137-ac2c-275a0a0a020f",
"value": "c6d85ab5723e37dc81f8662d066e6260f76cad0f"
},
{
"category": "Artifacts dropped",
"comment": "",
"deleted": false,
"disable_correlation": false,
"object_relation": "sha256",
"timestamp": "1582762442",
"to_ids": true,
"type": "sha256",
"uuid": "5e5709ca-cca4-44e9-a565-275a0a0a020f",
"value": "40543a9b3f82e8321f21206489245abdd565d3d7c8bfaea9241506a4176a4504"
},
{
"category": "Other",
"comment": "",
"deleted": false,
"disable_correlation": true,
"object_relation": "size-in-bytes",
"timestamp": "1582762442",
"to_ids": false,
"type": "size-in-bytes",
"uuid": "5e5709ca-3ec0-47de-bea7-275a0a0a020f",
"value": "20"
}
]
},
{
"comment": "",
"deleted": false,
"description": "File object describing a file with meta-information",
"meta-category": "file",
"name": "file",
"template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215",
"template_version": "17",
"timestamp": "1582852717",
"uuid": "5e570b34-1438-42ee-98d1-275a0a0a020f",
"Attribute": [
{
"category": "Payload delivery",
"comment": "",
"data": "UEsDBBQACQAIAIICW1CIu8labV0AAGq+AwAgABwAYzE4NDdhMDRkNzlmMGM4NGE4OGRmYzJmNTU2ZTVhY2JVVAkAAzQLV140C1dedXgLAAEEIQAAAAQhAAAAYlxpCiKfLcPL3LOK2kmRmYOxMnYesXaqZwLglu7Q3xau0Eo4JZ5Q6CMPxFF9jG70EBxt12AEUC5AVRXaCDp24kBZN0xAnTTwbSy8abNEHuseWCcNaqwrC9PRmXPjA/93uG2zQ61B3XXChE+Cg3JmD1CfE7k+prfZ+eZ3MvtSmxJfpcljREyDiu/deqBMqAR/NRyy9TSzIiTnaxB3nJx9e1G5FakePeNrn/p+9I3m7/h9xLhHYgzgtweEkUgb0YafgdHnFrceyG63o32xa1HfnIiXtSVPWwOl6YFdtz4blPngiLI/ZWvfK3KeWxYNNkYjMmx+t0XYnNiA/K+65+tDcC7MMll9apwrGiPcjpwm97hBeSvEipPbOmP8OwEaukt7Wl1avGKz7yH3BGFLxacwfldJNkoXbeGjh5HLy0YzfXtGZztg80BNRPuFCssPFfGN++LIMzG3UjsbkxnerZbH9NXTI0s9ilXm8WJ8UZalaOie6DxFFg9rgyz7T7u68pam3+GmK8egZ3xP6/x+D/tQxwCn7X1Xm64sKzDuM7MxoSZIP0jWh/czZvvCaVpqzhZipToBgU/uKNzLzdZZoydyTRn+zandNfwqi8RnR4ZylkmdLsy/2DEv9iNBvVDyb3uUpvRe0qlgYv8rMOYfJ5QT6sQ3xE5P9npGGfN2TIclu20s4/ajlp+pn1afRCyAfaB7qJFxsX3xaukrBcKDWGL7IReEfklRc4RxeBDPP3x4pLHerzPWwT3pbAc7SOFqMT+MNNVu7kjb+QOL+bvIs4m49uDt54Jpvx5lvqcgw0Jji8HdcyXNbuWamUI3NCP+OrCh1jmXXSKR0XtdssraL7o7e3JRgS615RRMzKwiFPJPQrcRSbvIWxlt7b1GoYdEY9El2YvHeuCDgFfCuku+knx5jKd4R3ijhzL8wxP43uoXesWFH2uXQBJZqkiWsOS/gWeVHuAMh5PXzw3PnfFliikAz8lftJ9AYotX5z5NpjysTcBnYgc+R4uUfsaoz06dyzC6K46Jcs/N0+/nDKspcRZYmBtN9sK8D+7jvNDkiv4tHnZadLLi06v8C5B8QKfnmUy9j5B1GTEf237k95/de29wbI1usS42aC95cGUaSo4tm53dRsgPMqyArEqVEKs27X0elyYDwVoQ0PTLNmn/JrEhvEzpu/72zL9PPdbPNjW02XavKUkYGhE5Ya1/y+DelxeVZJxcoiRJVSnI/48YLTiva3hXZRQc9CdQ1JmI7YwiBP/NojxYUgKfOKwOb+tn4dt98UYW7D6WZvBhC9JGF3tT8R7Fcwp0PEAqFn7LWrhnFhJsRIQWP/XxZxB+0LlvRXoCA/xHrsP286WxHK2XSFnVctcqcbqS+HNX8MLHLT4l3qEuekTRJ82cN+op2/7xEK6ixFm4bnAXzRm4N3IbMsB8DFh80k6vTCPXFeMXqau81EMW6kc0/uzCMMyg9p1TGR3ymG0KzuzGy1WUy0iJUl89iQ+TZD5qKIiw5TE5AMuy2o7jAhUZ9JRQFUTn4/kG+QJ9VBy+2rUwXI9py4Kh8WZuC/yNc3sK28eSwxOjZVMT3FBItjDNS3Zc5qUbz+IS9eeXhOOEghnTBTxWMFHnYnzMQTq6tueZMvVOUDmqLJ3qw+YPe1yMd49OFDiP3h45To3+5b15En+wuI7Z1W3wcq2r0n9GDT6t551O9hHwvMFZTNA8Fsk/9KzKQFK6e5kxESPYEej/dcnS6Ubc5nsR3ncCpQTqjV33v7kw5VE9mN19Tsj+vASSwi/f7v2J9irSusq3lB4761illJONbP8E0Xhfyt68ZkGU4GLJm304jxmRhM4mkwCSVvFH2H0vqcgBFtnIxaDfjcLL0xZX5YWCPdAD+HDE0+Nv7CBnTZHZsA1+G5lrUFAWXnyRFEjeHVu/KFX9/ifOFd+RfbRgfsA3PunLHPm6iEbxl9rTQzrpVJlw92RRRaILheziNkrm5Ht31CMSpVkStYpK2/NCXBlCQiitJkrBfUqXD1QQxrcnB6YXiJERmOBQhvCYUWa+POzlC9fZ1HNyClfQQQLJsmqusoSyUXRDF2iItMfNORpekMU5N/6Pz6ZG+nTm/yeVHekRA4yQs/IKnboWV0UQUgXacLHS/PILbQaZQtUYKpbUbk6szSz1L9j7r5r8h6VXp/rBEkd9MAU9xhAslC/kcOA79pBj6cYsQ7r3M4999n6D7PfqvF0yShNXe0ITbrLSMuoFYR0rGDScJkgpjYLvVq653BTLzA5TkFpNJP7Psff6uVLHqmWDhF79keSF4ZNOLk49tLYNRNiocgh2LqYQUfqdkMZYUoajylGg0ArzuDYQlIDMbwj8R9oPqLRMuTy37WNFwHofWJOs/D6GuRvNOuY9Knk1zVgc8THM1W8qbjmdHNQPH/ctV1rARMQXQIZlNtg5s+KaLPg7oBv6BLpi52If3YgNXKUBLOy6d4qa9ne5aDaG/Q7LUY6OvsO/M161mT61A5vPyXkQh+9FrYOMuQBHQkR9sba2cDwhXP1D+sc4duGNfZztySTpFhbhBIZz5AG3lkjOzwampdjHNzVSeUZuVijDAFs47VPSZ8HlRrMnazeIjVZaSwbjTaOHI/pe/CISr76ysUTMChLjilVowJj0l+DTebXaqxlUL40WQCdh8sam4jbLX+VXdU5bQlWxckKwl0eO/dOy9P6Wz7xCaUxJsKWpzuhoX6MUTLrMATuNEsMKpGqVYnGwdbxqJicdBDTAfDwSFW5shhvyA2qSUUarWUkrPo5toe78tB4Z2KM7dcY8ZLyh6bJXIEStoTihBjPKsArO5/6ufvpzn1naY8FgKf/MJ5vZqmpsqwE8MT1LKWZhZHhzUeM4lKpKiBiXyxe1SdUNjTUFPv2GLb6iEQetYOcOGw6Fa5TQOlako1p/RwN1pnISSa7nqGgy4Pr0ihlvm8y+VtEoEIiVTxA6BuHDhFQOmq/nDoYpUTeHVQ3AZVMXtgmEsYc/ri+iaPrjvEBI7IKEdxav0OKv0ATVV62jcSW1kRibB1LEDVZjHEiRvZKzcvqfLpJL2TuvFQRaaY37Ui4IGIprxtQ62KKQeEbc/QcU855Pek4XVsg4C3piw0UBD843Mxg9IAVUvUK4SZNW5xZbZkpUi8NOcbsk3BRs+M/5Pu3A/GAWrPE1qtMFn9mWNxYRUqmHBZvIj8ew2Z9Sa4bwONqeKJVORQ9qeZoXMOTQvylgi74MZfVOKTvttZGcUKi3OXLxALYGxdJ+vxgD2B1ZbSAzCjuqSJ6xr2HGE9Sw+7pO3uimr+E3d0mDXQt6P5dm0Fg37u9gv6ZEIZ6vLWwqmbwIIdex6Xxf4GqboQ7f4dgFd07O2N4BCg9o9PcBlMfzCR+T3rtRDoPXG9NalRJEtMRhM7Io97C5SNUD/Q0F8BaX4h9V7DI8Rs0a7B9LyZ1jUVYcTFa38IUENwIER2Kf/T5d3CmajboAonaciQAFJm6fa23bQo9H6K36N8T6Pn37ZdYIlAJwKG/h376RbIjqvZyDzh7kYPxlmjV4XZd4bRaAL5hk+VtrcN2Jh11OashKd8jZWuKw84uB7uMk2r7zK4yf9qTTpSqVjpUmdrx7DE7nNMym5wuRfIflJeooKKJAuGoJljEiu6vxTWl5yur2LeB1S6SYfTpbQt6ZMbGvfmpCg6/Sbpsmrat7S7egeEZLFEh2khfDxAlhTqwO5qGCQLFmJxK/iD+SbpKgbiiHOWw40KGZyQJQZ7PUv/pm+1+Jis4HXA+dhSqVa/NT8g5GaK+Kmxal01N3bQN7faVzgeVw7J4Xb4+NnZQpKu3x5XW28gRe5+k8L3GW49KXJjxIWW6Krdm6RVLi3rB+d1U0VL60bEYPwoggt/8P/nFIdpZQIIaN6rfcA7/8yIg4R52YRTcUFW1YpUt9eKNVkyBblUu3II54y6BmN8lNEhvp+BR+E2T0SX
"deleted": false,
"disable_correlation": false,
"object_relation": "malware-sample",
"timestamp": "1582852717",
"to_ids": true,
"type": "malware-sample",
"uuid": "5e570b34-912c-47d2-9b5e-275a0a0a020f",
"value": "BANK.doc|c1847a04d79f0c84a88dfc2f556e5acb",
"Tag": [
{
"colour": "#8a0064",
2023-05-19 09:05:37 +00:00
"local": "0",
"name": "kill-chain:Delivery",
"relationship_type": ""
2023-04-21 13:25:09 +00:00
}
]
},
{
"category": "Payload delivery",
"comment": "",
"deleted": false,
"disable_correlation": false,
"object_relation": "filename",
"timestamp": "1582762804",
"to_ids": false,
"type": "filename",
"uuid": "5e570b34-830c-4b5c-9332-275a0a0a020f",
"value": "BANK.doc"
},
{
"category": "Payload delivery",
"comment": "",
"deleted": false,
"disable_correlation": false,
"object_relation": "md5",
"timestamp": "1582762804",
"to_ids": true,
"type": "md5",
"uuid": "5e570b34-e718-472b-81bc-275a0a0a020f",
"value": "c1847a04d79f0c84a88dfc2f556e5acb"
},
{
"category": "Payload delivery",
"comment": "",
"deleted": false,
"disable_correlation": false,
"object_relation": "sha1",
"timestamp": "1582762804",
"to_ids": true,
"type": "sha1",
"uuid": "5e570b34-f254-4709-8e50-275a0a0a020f",
"value": "b05a8cfc70d8ea97d1127feafac6c40320d4dd52"
},
{
"category": "Payload delivery",
"comment": "",
"deleted": false,
"disable_correlation": false,
"object_relation": "sha256",
"timestamp": "1582762804",
"to_ids": true,
"type": "sha256",
"uuid": "5e570b34-fac0-41cd-8c1c-275a0a0a020f",
"value": "f002c889dc7fffee97cfc41b25c1b27bb65704ca0c71a320a9ff58d95ba4131c"
},
{
"category": "Other",
"comment": "",
"deleted": false,
"disable_correlation": true,
"object_relation": "size-in-bytes",
"timestamp": "1582762804",
"to_ids": false,
"type": "size-in-bytes",
"uuid": "5e570b34-6268-4446-8b6e-275a0a0a020f",
"value": "245354"
}
]
},
{
"comment": "",
"deleted": false,
"description": "File object describing a file with meta-information",
"meta-category": "file",
"name": "file",
"template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215",
"template_version": "17",
"timestamp": "1582850872",
"uuid": "5e586338-8820-458f-86a8-8add0a0a020f",
"Attribute": [
{
"category": "Artifacts dropped",
"comment": "",
"data": "UEsDBBQACQAIAPoFXFB+vUYIJ+IqABsoKwAgABwAMTExN2NkMzQ3ZDA5YzQzYzFmMjA3OTQzOTA1NmFkYTNVVAkAAzhjWF44Y1hedXgLAAEEIQAAAAQhAAAAPmvWvRRePoF5DiJTT8A8k4Dfm0IUxVTxjS5UX06EF1i1OuOcC8qS32J4Kk9OjNpZOdvGWnLZoUBfo3R77UKIBiaEIhnQFsbtZUoMwNzr4T1P6JlXE8y8aHiL1N4G57es1BpJVK9SFi+JPtcxCQa0YgygiPa7kYxccLWvKQ4EUSxIDJlb/PpXM+a34FM+l+2LavxRowFwEYdIxlFqvlA08ygxdQA8vjAR9L3DCGCDz351TTFdQ219IzSmYKgtSurSvx2OjpX5zfWNjXhLBHbJ2C+KNWTH8tZTOUr4rSVyB5cX7FacmM9lH1zuZu9YzviGNAeq/ENzY0O01xoPrZ/7HgxOdaNOXSNMIew7VjBeYcu+BDBeWhM9ZuQN+4wfqyMSHKlbT3imDlz+LGTRUCYHWkhrfxoTpI2eKrRlJlocNGS+yuzKI7mSEgQ41kQe2fSA44oZV6iX3RLJ45tE0s4wj7UwvfYLTDb1qHoF0iQGTdo28HN93suuU0tBDY3cNqLXfjr1dxOX+sEApFI0twqjFoEGVxudBmxENWUqGzW3Ga0tws/G5hSxfdUUH+Prl/XQ3mKwla+0HQNwP3SswkPZbEcj9ZsyB2Js0+VNZQ8uqbfRbOjzVC0sZZmjscZnLKZcRdH3m1G3g88bz4paBALoNuVfURX1D+j/324617BhN0/zNd4qY7CwkM+2QKLwgDR9HCBGUl+N6B2H8YpSnpDDohjDlP7pDQ6xRA1e+8P4w//NzfflkIsx356tupoXuwuFDyVFszO8LgVlV5o8oh29g1WribBbPAkFXKeubDYMYoqrwRaJiIYyf+Fm+Rv3GtgTtb2A1wpNsbYGi8YAZIwdE/JY5Np6p6cZlygZtTIYwFufzSfnt3OIcir7d8EiriLY3q1SaL1hmuD/XdIKNyXha22c1BZmxLkdID6jon/waAavpxrrywoT4PtKPGM8ZUOzrWygAu/1FuL9RVkCGzUo43ptEnJScwT0PhmRPsEceI+xqyJC02PTXI52Ydtx+vJvFQ3zPH0OVETsK8o3N0x3rZmDkLvSWicjCG41axk0h44G2V2TDAc5oOl/kD+uGS8NndZ+zlTrfWPeYk1siEp9IRAlZgFF/xncnfjkKG4YW3M+JdGCx1k8edwvIUfcaN3U7QY3W9s8fxwqW4cJErnNurrRRzA35buXWwtK12kJIiuVTB+3wfGf5OJmknsfalLTltHcih2BcA3qFUj2UsiNvjoIOtWPxZt6mevmU201pHYMA6+Mz8NwQcqMce5Kz8Rvv0H1jeJnl7VF+j1SJwo7jE0QxDMRbnPmb0eQavAJ9nRrss27gTkazNudvC7Lomz8L29NuxyNigfeNzvEwtm41srzXq7yJwB/GSCB69sHV5MqsEf4BnDauTGt+0iKRKSq/7LiTgbb7jFEbH23IXHrr0oAPBm8RbJUXzZrz+Xh4d7dhAtCYYRrtotbCXfCPVqy838qrmyjkzndSh8j3HXE5aA7qlqwi2oWwOn0xTn3ftyZOU/Rvyb24H1gYQatucJGd9rdTCr+U1S/Pz1S2NguqZ7v1YQ/HBVZm1gdK7CWxhwK/+IbB2PCZ/MaI4C9rulBoirpVgaSrkcwh4xdRJ8iNIFYfkVza3YDqNQ2L4TzdcWTu2GTgVXURgyny7VxZGmnJI2kACD6SQ3ywYoB9ETiR7pApE4IIA8O84Yqui2vhXhKrWleqYgISAap70suBP8L3678ZrZkyNV4F2+VPuJntE1KGM1fkVmSclwFFLTSDJxUwp7O1/0suAbDaG4yCzS5XVM+iOMUD7U/PEjZy4odWQ9jf6SUz9crCvbXpaU5N0UWuOHVC+rtvms5lkq6+m4aBBE6vbsp3/jGDwr7hwPiezxGOCi4TH3DC5UmlSh3VbZWD1ELK28JA+Ny8CMW3G18tqnUPJlgog+FUDUGGv0Y7Ng7i5KQEpKXWyZeWAkqiMZ+5bjTV1yYFb7dIlCey26WfNog3zNFBuutglRAC+oHT8AW3YD0EMJu3/Z1V5hAVmJ4Qjq3YAopr7U8m2SvXPGYalafkXTvTXX5t/ke6PVFlY0EmdhZOX8YEx3K3M3oqNkfbkSbnXCaxg0s28LKir90gxyeCi906GXv2DnJIXirhFqPIke3QGgxaF7Cwr4OOnH86gvxmBJS3J9RslvmLz37pac07BNXRU/of1lCwharK22RW2xK7ZetqjMA6LJt96bD7rOAdy2hlfyDar3W3u8+kd3iniApGL64twgS+Ucw13JpSU8m1U/WS/aVHa7bsUGVmXPUFdGnSmy3dmW7k+1ldSrUk248VdOA65I2DCRbXHDZlzEQNpZBcmy02Ym5ApeK6eSQMOfzldNOwCb9CPzIxoxgWKDzDExUWEDGrgcyN2Pvq5KCO4qxYbruSvztn8yAPNTSk73eqhliN3qMJAiWxoIs93FtcCqXP9mv2i/fClJUeBDHeEou61j5KD58DKqtylEM2frHCJeUWOMtOfeOm0PTFky4hpHa3DEGXvYLlQR6lnnhLWd4865S+YK2nvliCipRdr9/NIpydKspTXSIqZ58Q6WzMqdkxS75STiQj5XWt+Etju95F4q+/QdX8jzUogvzstVF+77vpByG4xMlF6GCUWAuEaaxXvld0CjS3BGhbINw2XYAuWMfnhe+lTXs7qK/LlnMKV6Hravu44gX503pGsz8HcqptkmJC6F3chm8hy/fixY/zUvqwH6cl8sjNMvJ2VQ5fHqAhOBDterWMxtg7x5EO+5D7ggMREQUydZiHsG0DaB7Z5eGubiUBSxevliYbwTuU8M+eXkbhGuVuXZ5iOrb9I8n8xOSKwtc5RFndFiRnTwk9ib6GwjdTxu32SHE+0wkBIPaskDypCFgrUtMvUk9hFLUAQghmdh/r9IHW+PfTeR2XZPWPbJy4zclcfv9+M1taov7hK9SsMuKXSxKvQGtVps4vy9EGd8+IDEzAUMHkvrAzPDNiTsr54NxVdvtNNt5yxq6OW69CV0DgiCoO5NJy2chxUcHphhk/Mj/Obz+dp6y1yHzZe6fMlag+0AXoLwk4q9kPObd9J/yMuciAmCsCJS4Z3z/cXzxZcEJzAaWq/F0xclBSQ0BpStfvI2L8qTBXVgWzhGM4Yrl4SLHacln3VgMj6qDMchVJHAZe4WAtVkm+1NpdehDeOtHqjkpQSfsaFU3iqf3gLtaBv7ATbcH9NbRGhD5N7Zvk5qYicrKz0PiB3K6yCfXT1joTfOCMHIrG37ELEOhqMdhzxl/TDUCgHIQAI8fz4NYRP8UGoiMLzx6vauXL2ngcZ8xPisrUOkxBzd5eWQ0Ez1xZFELBKxC6Pu4SWAciKniazmapL1g8epHf+6Rrj50I1wrtjOEecRCICAAv1fWSNncgWfYdKgKewYcYkz/uk2a42zV2KFRc7lqkgx/t3MvDwQF8RmutzMD+2GQqsds6Pac7NyH9+zjit91+K4uTMywYlYW3OGNY3CU0N61md+py0wTJbbE3nqFOLXxZS2n5AroxDyNZuypIvJGKP0HgWgBKBYMtPX6Du5KRS6pSEk6DRV1QwQO4xdtVAtcqfDT31fI1FW3oyf5HevkZFggJVB9g4U7sYDpoYiOXcYK/3FCAgFoFIfj2xuB09X4NdUkYNxluHgjW5o9BrZXVa6uMdjSZ3iGtYbTiJz4H6omZBKQ/vqaI1jMMjFp1a9cMzHwaslW1jYkvIwC6st16+FwEN/nveOYQl6zs6rMYsKC5npSvI3AhX/Rb/xe/ozXuf3H/34d2Mut8ykX53nKh1zj1I6Hep32dvtPYdsQaQU7nqUfFbBsU8JbGFR4VW0QtaVQcSfRxOGCUm4JDqaBtRJlheC4zkxiWXpMXRDtutMZicgCgZC7l8XcvUEkb/V3DiN7vlwMHkLrJq+IoZMQKbVKF3Mjd6xSmz34eHD7SVBCVVNj/XWJzMo/Fv
"deleted": false,
"disable_correlation": false,
"object_relation": "malware-sample",
"timestamp": "1582850872",
"to_ids": true,
"type": "malware-sample",
"uuid": "5e586338-6e58-4227-859e-8add0a0a020f",
"value": "libs.zip|1117cd347d09c43c1f2079439056ada3"
},
{
"category": "Artifacts dropped",
"comment": "",
"deleted": false,
"disable_correlation": false,
"object_relation": "filename",
"timestamp": "1582850873",
"to_ids": false,
"type": "filename",
"uuid": "5e586339-f728-43b4-8540-8add0a0a020f",
"value": "libs.zip"
},
{
"category": "Artifacts dropped",
"comment": "",
"deleted": false,
"disable_correlation": false,
"object_relation": "md5",
"timestamp": "1582850873",
"to_ids": true,
"type": "md5",
"uuid": "5e586339-7714-464e-b21a-8add0a0a020f",
"value": "1117cd347d09c43c1f2079439056ada3"
},
{
"category": "Artifacts dropped",
"comment": "",
"deleted": false,
"disable_correlation": false,
"object_relation": "sha1",
"timestamp": "1582850873",
"to_ids": true,
"type": "sha1",
"uuid": "5e586339-a850-4fbf-b3fd-8add0a0a020f",
"value": "93c2ce5fc4924314318554e131cfbcd119f01ab6"
},
{
"category": "Artifacts dropped",
"comment": "",
"deleted": false,
"disable_correlation": false,
"object_relation": "sha256",
"timestamp": "1582850873",
"to_ids": true,
"type": "sha256",
"uuid": "5e586339-31e8-4901-b77c-8add0a0a020f",
"value": "4cfada7eb51a6c0cb26283f9c86784b2b2587c59c46a5d3dc0f06cad2c55ee97"
},
{
"category": "Other",
"comment": "",
"deleted": false,
"disable_correlation": true,
"object_relation": "size-in-bytes",
"timestamp": "1582850873",
"to_ids": false,
"type": "size-in-bytes",
"uuid": "5e586339-1c74-4b2c-aa26-8add0a0a020f",
"value": "2828315"
}
]
}
]
}
}