2023-04-21 13:25:09 +00:00
|
|
|
{
|
|
|
|
"Event": {
|
|
|
|
"analysis": "0",
|
|
|
|
"date": "2020-03-03",
|
|
|
|
"extends_uuid": "",
|
|
|
|
"info": "Remcos RAT 02-28-20",
|
|
|
|
"publish_timestamp": "1593680881",
|
|
|
|
"published": true,
|
|
|
|
"threat_level_id": "3",
|
|
|
|
"timestamp": "1621850671",
|
|
|
|
"uuid": "5e5da86d-bfec-4b9a-ae77-57540a0a020f",
|
|
|
|
"Orgc": {
|
|
|
|
"name": "laskowski-tech.com",
|
|
|
|
"uuid": "5e157d76-c92c-4acd-a54e-4a01950d210f"
|
|
|
|
},
|
|
|
|
"Tag": [
|
|
|
|
{
|
|
|
|
"colour": "#0088cc",
|
2023-05-19 09:05:37 +00:00
|
|
|
"local": "0",
|
|
|
|
"name": "misp-galaxy:malpedia=\"Remcos\"",
|
|
|
|
"relationship_type": ""
|
2023-04-21 13:25:09 +00:00
|
|
|
},
|
|
|
|
{
|
|
|
|
"colour": "#700cf0",
|
2023-05-19 09:05:37 +00:00
|
|
|
"local": "0",
|
|
|
|
"name": "MalSpam",
|
|
|
|
"relationship_type": ""
|
2023-04-21 13:25:09 +00:00
|
|
|
},
|
|
|
|
{
|
|
|
|
"colour": "#595757",
|
2023-05-19 09:05:37 +00:00
|
|
|
"local": "0",
|
|
|
|
"name": "Remcos RAT",
|
|
|
|
"relationship_type": ""
|
2023-04-21 13:25:09 +00:00
|
|
|
},
|
|
|
|
{
|
|
|
|
"colour": "#0088cc",
|
2023-05-19 09:05:37 +00:00
|
|
|
"local": "0",
|
|
|
|
"name": "misp-galaxy:mitre-attack-pattern=\"Spearphishing Attachment - T1193\"",
|
|
|
|
"relationship_type": ""
|
2023-04-21 13:25:09 +00:00
|
|
|
},
|
|
|
|
{
|
|
|
|
"colour": "#0088cc",
|
2023-05-19 09:05:37 +00:00
|
|
|
"local": "0",
|
|
|
|
"name": "misp-galaxy:mitre-attack-pattern=\"Scripting - T1064\"",
|
|
|
|
"relationship_type": ""
|
2023-04-21 13:25:09 +00:00
|
|
|
},
|
|
|
|
{
|
|
|
|
"colour": "#0088cc",
|
2023-05-19 09:05:37 +00:00
|
|
|
"local": "0",
|
|
|
|
"name": "misp-galaxy:mitre-attack-pattern=\"Registry Run Keys / Startup Folder - T1060\"",
|
|
|
|
"relationship_type": ""
|
2023-04-21 13:25:09 +00:00
|
|
|
},
|
|
|
|
{
|
|
|
|
"colour": "#0088cc",
|
2023-05-19 09:05:37 +00:00
|
|
|
"local": "0",
|
|
|
|
"name": "misp-galaxy:mitre-attack-pattern=\"Indicator Blocking - T1054\"",
|
|
|
|
"relationship_type": ""
|
2023-04-21 13:25:09 +00:00
|
|
|
},
|
|
|
|
{
|
|
|
|
"colour": "#0088cc",
|
2023-05-19 09:05:37 +00:00
|
|
|
"local": "0",
|
|
|
|
"name": "misp-galaxy:mitre-attack-pattern=\"Timestomp - T1099\"",
|
|
|
|
"relationship_type": ""
|
2023-04-21 13:25:09 +00:00
|
|
|
},
|
|
|
|
{
|
|
|
|
"colour": "#0088cc",
|
2023-05-19 09:05:37 +00:00
|
|
|
"local": "0",
|
|
|
|
"name": "misp-galaxy:mitre-attack-pattern=\"Masquerading - T1036\"",
|
|
|
|
"relationship_type": ""
|
2023-04-21 13:25:09 +00:00
|
|
|
},
|
|
|
|
{
|
|
|
|
"colour": "#0088cc",
|
2023-05-19 09:05:37 +00:00
|
|
|
"local": "0",
|
|
|
|
"name": "misp-galaxy:mitre-attack-pattern=\"Indirect Command Execution - T1202\"",
|
|
|
|
"relationship_type": ""
|
2023-04-21 13:25:09 +00:00
|
|
|
},
|
|
|
|
{
|
|
|
|
"colour": "#0088cc",
|
2023-05-19 09:05:37 +00:00
|
|
|
"local": "0",
|
|
|
|
"name": "misp-galaxy:mitre-attack-pattern=\"Uncommonly Used Port - T1065\"",
|
|
|
|
"relationship_type": ""
|
2023-04-21 13:25:09 +00:00
|
|
|
},
|
|
|
|
{
|
|
|
|
"colour": "#ffffff",
|
2023-05-19 09:05:37 +00:00
|
|
|
"local": "0",
|
|
|
|
"name": "tlp:white",
|
|
|
|
"relationship_type": ""
|
2023-04-21 13:25:09 +00:00
|
|
|
}
|
|
|
|
],
|
|
|
|
"Attribute": [
|
|
|
|
{
|
|
|
|
"category": "Network activity",
|
|
|
|
"comment": "",
|
|
|
|
"deleted": false,
|
|
|
|
"disable_correlation": false,
|
|
|
|
"first_seen": "2020-02-27T00:00:00+00:00",
|
|
|
|
"last_seen": "2020-02-28T00:00:00+00:00",
|
|
|
|
"timestamp": "1583196456",
|
|
|
|
"to_ids": false,
|
|
|
|
"type": "domain",
|
|
|
|
"uuid": "5e5da928-2128-4c62-837d-11b70a0a020f",
|
|
|
|
"value": "usadroptop1.com"
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"category": "Network activity",
|
|
|
|
"comment": "",
|
|
|
|
"deleted": false,
|
|
|
|
"disable_correlation": false,
|
|
|
|
"first_seen": "2020-02-27T00:00:00+00:00",
|
|
|
|
"last_seen": "2020-02-28T00:00:00+00:00",
|
|
|
|
"timestamp": "1583196457",
|
|
|
|
"to_ids": false,
|
|
|
|
"type": "domain",
|
|
|
|
"uuid": "5e5da929-019c-48d8-bbab-11b70a0a020f",
|
|
|
|
"value": "usadroptop2.com"
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"category": "Network activity",
|
|
|
|
"comment": "",
|
|
|
|
"deleted": false,
|
|
|
|
"disable_correlation": false,
|
|
|
|
"first_seen": "2020-02-27T00:00:00+00:00",
|
|
|
|
"last_seen": "2020-02-28T00:00:00+00:00",
|
|
|
|
"timestamp": "1583196457",
|
|
|
|
"to_ids": false,
|
|
|
|
"type": "domain",
|
|
|
|
"uuid": "5e5da929-6504-4fcf-87d5-11b70a0a020f",
|
|
|
|
"value": "usadroptop3.com"
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"category": "Network activity",
|
|
|
|
"comment": "",
|
|
|
|
"deleted": false,
|
|
|
|
"disable_correlation": false,
|
|
|
|
"first_seen": "2020-02-27T00:00:00+00:00",
|
|
|
|
"last_seen": "2020-02-28T00:00:00+00:00",
|
|
|
|
"timestamp": "1583196457",
|
|
|
|
"to_ids": false,
|
|
|
|
"type": "domain",
|
|
|
|
"uuid": "5e5da929-86cc-4555-8657-11b70a0a020f",
|
|
|
|
"value": "usadroptop4.com"
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"category": "Network activity",
|
|
|
|
"comment": "",
|
|
|
|
"deleted": false,
|
|
|
|
"disable_correlation": false,
|
|
|
|
"first_seen": "2020-02-27T00:00:00+00:00",
|
|
|
|
"last_seen": "2020-02-28T00:00:00+00:00",
|
|
|
|
"timestamp": "1583196457",
|
|
|
|
"to_ids": false,
|
|
|
|
"type": "domain",
|
|
|
|
"uuid": "5e5da929-5f64-427d-bf21-11b70a0a020f",
|
|
|
|
"value": "usadroptop5.com"
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"category": "Network activity",
|
|
|
|
"comment": "",
|
|
|
|
"deleted": false,
|
|
|
|
"disable_correlation": false,
|
|
|
|
"first_seen": "2020-02-27T00:00:00+00:00",
|
|
|
|
"last_seen": "2020-02-28T00:00:00+00:00",
|
|
|
|
"timestamp": "1583196457",
|
|
|
|
"to_ids": false,
|
|
|
|
"type": "domain",
|
|
|
|
"uuid": "5e5da929-b96c-4d0a-8e04-11b70a0a020f",
|
|
|
|
"value": "usadroptop6.com"
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"category": "Network activity",
|
|
|
|
"comment": "",
|
|
|
|
"deleted": false,
|
|
|
|
"disable_correlation": false,
|
|
|
|
"first_seen": "2020-02-27T00:00:00+00:00",
|
|
|
|
"last_seen": "2020-02-28T00:00:00+00:00",
|
|
|
|
"timestamp": "1583196457",
|
|
|
|
"to_ids": false,
|
|
|
|
"type": "domain",
|
|
|
|
"uuid": "5e5da929-1a18-425c-a0d7-11b70a0a020f",
|
|
|
|
"value": "usadroptop7.com"
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"category": "Network activity",
|
|
|
|
"comment": "",
|
|
|
|
"deleted": false,
|
|
|
|
"disable_correlation": false,
|
|
|
|
"first_seen": "2020-02-27T00:00:00+00:00",
|
|
|
|
"last_seen": "2020-02-28T00:00:00+00:00",
|
|
|
|
"timestamp": "1583196457",
|
|
|
|
"to_ids": false,
|
|
|
|
"type": "domain",
|
|
|
|
"uuid": "5e5da929-2708-4ac3-a2be-11b70a0a020f",
|
|
|
|
"value": "usadroptop8.com"
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"category": "Network activity",
|
|
|
|
"comment": "",
|
|
|
|
"deleted": false,
|
|
|
|
"disable_correlation": false,
|
|
|
|
"first_seen": "2020-02-27T00:00:00+00:00",
|
|
|
|
"last_seen": "2020-02-28T00:00:00+00:00",
|
|
|
|
"timestamp": "1583196457",
|
|
|
|
"to_ids": false,
|
|
|
|
"type": "domain",
|
|
|
|
"uuid": "5e5da929-eba4-4b20-8af6-11b70a0a020f",
|
|
|
|
"value": "usadroptop9.com"
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"category": "Network activity",
|
|
|
|
"comment": "",
|
|
|
|
"deleted": false,
|
|
|
|
"disable_correlation": false,
|
|
|
|
"first_seen": "2020-02-27T00:00:00+00:00",
|
|
|
|
"last_seen": "2020-02-28T00:00:00+00:00",
|
|
|
|
"timestamp": "1583196457",
|
|
|
|
"to_ids": false,
|
|
|
|
"type": "domain",
|
|
|
|
"uuid": "5e5da929-027c-435c-a7ac-11b70a0a020f",
|
|
|
|
"value": "usadroptop10.com"
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"category": "Network activity",
|
|
|
|
"comment": "",
|
|
|
|
"deleted": false,
|
|
|
|
"disable_correlation": false,
|
|
|
|
"first_seen": "2020-02-27T00:00:00+00:00",
|
|
|
|
"last_seen": "2020-02-28T00:00:00+00:00",
|
|
|
|
"timestamp": "1583196457",
|
|
|
|
"to_ids": false,
|
|
|
|
"type": "domain",
|
|
|
|
"uuid": "5e5da929-df20-4dd3-9669-11b70a0a020f",
|
|
|
|
"value": "droptop1.com"
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"category": "Network activity",
|
|
|
|
"comment": "",
|
|
|
|
"deleted": false,
|
|
|
|
"disable_correlation": false,
|
|
|
|
"first_seen": "2020-02-27T00:00:00+00:00",
|
|
|
|
"last_seen": "2020-02-28T00:00:00+00:00",
|
|
|
|
"timestamp": "1583196457",
|
|
|
|
"to_ids": false,
|
|
|
|
"type": "domain",
|
|
|
|
"uuid": "5e5da929-460c-40a6-a502-11b70a0a020f",
|
|
|
|
"value": "droptop2.com"
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"category": "Network activity",
|
|
|
|
"comment": "",
|
|
|
|
"deleted": false,
|
|
|
|
"disable_correlation": false,
|
|
|
|
"first_seen": "2020-02-27T00:00:00+00:00",
|
|
|
|
"last_seen": "2020-02-28T00:00:00+00:00",
|
|
|
|
"timestamp": "1583196457",
|
|
|
|
"to_ids": false,
|
|
|
|
"type": "domain",
|
|
|
|
"uuid": "5e5da929-e748-49af-a038-11b70a0a020f",
|
|
|
|
"value": "droptop3.com"
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"category": "Network activity",
|
|
|
|
"comment": "",
|
|
|
|
"deleted": false,
|
|
|
|
"disable_correlation": false,
|
|
|
|
"first_seen": "2020-02-27T00:00:00+00:00",
|
|
|
|
"last_seen": "2020-02-28T00:00:00+00:00",
|
|
|
|
"timestamp": "1583196457",
|
|
|
|
"to_ids": false,
|
|
|
|
"type": "domain",
|
|
|
|
"uuid": "5e5da929-378c-46d1-b83e-11b70a0a020f",
|
|
|
|
"value": "droptop4.com"
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"category": "Network activity",
|
|
|
|
"comment": "",
|
|
|
|
"deleted": false,
|
|
|
|
"disable_correlation": false,
|
|
|
|
"first_seen": "2020-02-27T00:00:00+00:00",
|
|
|
|
"last_seen": "2020-02-28T00:00:00+00:00",
|
|
|
|
"timestamp": "1583196457",
|
|
|
|
"to_ids": false,
|
|
|
|
"type": "domain",
|
|
|
|
"uuid": "5e5da929-7128-4032-9491-11b70a0a020f",
|
|
|
|
"value": "droptop5.com"
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"category": "Network activity",
|
|
|
|
"comment": "",
|
|
|
|
"deleted": false,
|
|
|
|
"disable_correlation": false,
|
|
|
|
"first_seen": "2020-02-27T00:00:00+00:00",
|
|
|
|
"last_seen": "2020-02-28T00:00:00+00:00",
|
|
|
|
"timestamp": "1583196457",
|
|
|
|
"to_ids": false,
|
|
|
|
"type": "domain",
|
|
|
|
"uuid": "5e5da929-27c4-420c-81aa-11b70a0a020f",
|
|
|
|
"value": "droptop6.com"
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"category": "Network activity",
|
|
|
|
"comment": "",
|
|
|
|
"deleted": false,
|
|
|
|
"disable_correlation": false,
|
|
|
|
"first_seen": "2020-02-27T00:00:00+00:00",
|
|
|
|
"last_seen": "2020-02-28T00:00:00+00:00",
|
|
|
|
"timestamp": "1583196457",
|
|
|
|
"to_ids": false,
|
|
|
|
"type": "domain",
|
|
|
|
"uuid": "5e5da929-af38-4573-9493-11b70a0a020f",
|
|
|
|
"value": "droptop7.com"
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"category": "Network activity",
|
|
|
|
"comment": "",
|
|
|
|
"deleted": false,
|
|
|
|
"disable_correlation": false,
|
|
|
|
"first_seen": "2020-02-27T00:00:00+00:00",
|
|
|
|
"last_seen": "2020-02-28T00:00:00+00:00",
|
|
|
|
"timestamp": "1583196457",
|
|
|
|
"to_ids": false,
|
|
|
|
"type": "domain",
|
|
|
|
"uuid": "5e5da929-cc2c-410b-bfe7-11b70a0a020f",
|
|
|
|
"value": "droptop8.com"
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"category": "Network activity",
|
|
|
|
"comment": "",
|
|
|
|
"deleted": false,
|
|
|
|
"disable_correlation": false,
|
|
|
|
"first_seen": "2020-02-27T00:00:00+00:00",
|
|
|
|
"last_seen": "2020-02-28T00:00:00+00:00",
|
|
|
|
"timestamp": "1583196457",
|
|
|
|
"to_ids": false,
|
|
|
|
"type": "domain",
|
|
|
|
"uuid": "5e5da929-b144-49c1-b510-11b70a0a020f",
|
|
|
|
"value": "droptop9.com"
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"category": "Network activity",
|
|
|
|
"comment": "",
|
|
|
|
"deleted": false,
|
|
|
|
"disable_correlation": false,
|
|
|
|
"first_seen": "2020-02-27T00:00:00+00:00",
|
|
|
|
"last_seen": "2020-02-28T00:00:00+00:00",
|
|
|
|
"timestamp": "1583196457",
|
|
|
|
"to_ids": false,
|
|
|
|
"type": "domain",
|
|
|
|
"uuid": "5e5da929-f0b8-4fe3-a0f5-11b70a0a020f",
|
|
|
|
"value": "droptop10.com"
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"category": "Network activity",
|
|
|
|
"comment": "",
|
|
|
|
"deleted": false,
|
|
|
|
"disable_correlation": false,
|
|
|
|
"first_seen": "2020-02-28T00:00:00+00:00",
|
|
|
|
"last_seen": "2020-02-28T00:00:00+00:00",
|
|
|
|
"timestamp": "1583197877",
|
|
|
|
"to_ids": true,
|
|
|
|
"type": "ip-dst|port",
|
|
|
|
"uuid": "5e5daaf0-79a8-43aa-a307-57690a0a020f",
|
|
|
|
"value": "45.56.113.222|2500",
|
|
|
|
"Tag": [
|
|
|
|
{
|
|
|
|
"colour": "#e200a3",
|
2023-05-19 09:05:37 +00:00
|
|
|
"local": "0",
|
|
|
|
"name": "kill-chain:Command and Control",
|
|
|
|
"relationship_type": ""
|
2023-04-21 13:25:09 +00:00
|
|
|
}
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"category": "Network activity",
|
|
|
|
"comment": "",
|
|
|
|
"deleted": false,
|
|
|
|
"disable_correlation": false,
|
|
|
|
"first_seen": "2020-02-28T00:00:00+00:00",
|
|
|
|
"last_seen": "2020-02-28T00:00:00+00:00",
|
|
|
|
"timestamp": "1583197877",
|
|
|
|
"to_ids": true,
|
|
|
|
"type": "ip-dst|port",
|
|
|
|
"uuid": "5e5dab5f-6360-4a90-808f-11ba0a0a020f",
|
|
|
|
"value": "47.252.74.84|2501",
|
|
|
|
"Tag": [
|
|
|
|
{
|
|
|
|
"colour": "#e200a3",
|
2023-05-19 09:05:37 +00:00
|
|
|
"local": "0",
|
|
|
|
"name": "kill-chain:Command and Control",
|
|
|
|
"relationship_type": ""
|
2023-04-21 13:25:09 +00:00
|
|
|
}
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"category": "Artifacts dropped",
|
|
|
|
"comment": "",
|
|
|
|
"deleted": false,
|
|
|
|
"disable_correlation": false,
|
|
|
|
"first_seen": "2020-02-28T00:00:00+00:00",
|
|
|
|
"last_seen": "2020-02-28T00:00:00+00:00",
|
|
|
|
"timestamp": "1583197866",
|
|
|
|
"to_ids": false,
|
|
|
|
"type": "regkey|value",
|
|
|
|
"uuid": "5e5dae8c-bbec-4add-8b3f-14820a0a020f",
|
|
|
|
"value": "HKU\\S-1-5-21-1640332003-3587316399-2507620052-2742\\Software\\Microsoft\\Windows\\CurrentVersion\\RunOnce\\Kronprinser|%USERPROFILE%\\Lrredsskoens4\\TERRICOLE.exe",
|
|
|
|
"Tag": [
|
|
|
|
{
|
|
|
|
"colour": "#c5008e",
|
2023-05-19 09:05:37 +00:00
|
|
|
"local": "0",
|
|
|
|
"name": "kill-chain:Installation",
|
|
|
|
"relationship_type": ""
|
2023-04-21 13:25:09 +00:00
|
|
|
}
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"category": "External analysis",
|
|
|
|
"comment": "",
|
|
|
|
"deleted": false,
|
|
|
|
"disable_correlation": false,
|
|
|
|
"timestamp": "1583197953",
|
|
|
|
"to_ids": false,
|
|
|
|
"type": "link",
|
|
|
|
"uuid": "5e5daf01-461c-4c13-8ed6-11ba0a0a020f",
|
|
|
|
"value": "https://laskowski-tech.com/2020/03/03/remcos-rat-amsi-killing-in-the-wild-and-defender-evasion/"
|
|
|
|
}
|
|
|
|
],
|
|
|
|
"Object": [
|
|
|
|
{
|
|
|
|
"comment": "",
|
|
|
|
"deleted": false,
|
|
|
|
"description": "File object describing a file with meta-information",
|
|
|
|
"meta-category": "file",
|
|
|
|
"name": "file",
|
|
|
|
"template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215",
|
|
|
|
"template_version": "17",
|
|
|
|
"timestamp": "1583197914",
|
|
|
|
"uuid": "5e5daa68-3b4c-4207-a7b8-11b70a0a020f",
|
|
|
|
"Attribute": [
|
|
|
|
{
|
|
|
|
"category": "Payload delivery",
|
|
|
|
"comment": "",
|
|
|
|
"deleted": false,
|
|
|
|
"disable_correlation": false,
|
|
|
|
"object_relation": "md5",
|
|
|
|
"timestamp": "1583196776",
|
|
|
|
"to_ids": true,
|
|
|
|
"type": "md5",
|
|
|
|
"uuid": "5e5daa68-7498-47eb-b496-11b70a0a020f",
|
|
|
|
"value": "ce2d6bef0c6cfd91ca0bd692bf070fe7"
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"category": "Payload delivery",
|
|
|
|
"comment": "",
|
|
|
|
"deleted": false,
|
|
|
|
"disable_correlation": true,
|
|
|
|
"object_relation": "filename",
|
|
|
|
"timestamp": "1583197914",
|
|
|
|
"to_ids": true,
|
|
|
|
"type": "filename",
|
|
|
|
"uuid": "5e5daa68-ae30-4cca-9dbe-11b70a0a020f",
|
|
|
|
"value": "TERRICOLE.exe",
|
|
|
|
"Tag": [
|
|
|
|
{
|
|
|
|
"colour": "#c5008e",
|
2023-05-19 09:05:37 +00:00
|
|
|
"local": "0",
|
|
|
|
"name": "kill-chain:Installation",
|
|
|
|
"relationship_type": ""
|
2023-04-21 13:25:09 +00:00
|
|
|
}
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"category": "Payload delivery",
|
|
|
|
"comment": "",
|
|
|
|
"deleted": false,
|
|
|
|
"disable_correlation": false,
|
|
|
|
"object_relation": "sha1",
|
|
|
|
"timestamp": "1583196776",
|
|
|
|
"to_ids": true,
|
|
|
|
"type": "sha1",
|
|
|
|
"uuid": "5e5daa68-5f38-430b-b04b-11b70a0a020f",
|
|
|
|
"value": "71866e693115a2267657adbcc64e2680b1d3d602"
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"category": "Payload delivery",
|
|
|
|
"comment": "",
|
|
|
|
"deleted": false,
|
|
|
|
"disable_correlation": false,
|
|
|
|
"object_relation": "sha256",
|
|
|
|
"timestamp": "1583196776",
|
|
|
|
"to_ids": true,
|
|
|
|
"type": "sha256",
|
|
|
|
"uuid": "5e5daa68-d264-49f3-95fa-11b70a0a020f",
|
|
|
|
"value": "ee66c92d54e26d81966c3f8a6ebacf2298fd60696f3f0f67dc675bc61d93d14e"
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"category": "Other",
|
|
|
|
"comment": "",
|
|
|
|
"deleted": false,
|
|
|
|
"disable_correlation": true,
|
|
|
|
"object_relation": "size-in-bytes",
|
|
|
|
"timestamp": "1583196776",
|
|
|
|
"to_ids": false,
|
|
|
|
"type": "size-in-bytes",
|
|
|
|
"uuid": "5e5daa68-bae4-427d-8ac8-11b70a0a020f",
|
|
|
|
"value": "61476"
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"category": "Other",
|
|
|
|
"comment": "",
|
|
|
|
"deleted": false,
|
|
|
|
"disable_correlation": false,
|
|
|
|
"object_relation": "fullpath",
|
|
|
|
"timestamp": "1583196776",
|
|
|
|
"to_ids": false,
|
|
|
|
"type": "text",
|
|
|
|
"uuid": "5e5daa68-7bf0-43e3-9aaf-11b70a0a020f",
|
|
|
|
"value": "%USERPROFILE%\\Lrredsskoens4\\TERRICOLE.exe"
|
|
|
|
}
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"comment": "",
|
|
|
|
"deleted": false,
|
|
|
|
"description": "File object describing a file with meta-information",
|
|
|
|
"meta-category": "file",
|
|
|
|
"name": "file",
|
|
|
|
"template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215",
|
|
|
|
"template_version": "17",
|
|
|
|
"timestamp": "1583197897",
|
|
|
|
"uuid": "5e5daaa5-4044-4e77-afa6-11bb0a0a020f",
|
|
|
|
"Attribute": [
|
|
|
|
{
|
|
|
|
"category": "Payload delivery",
|
|
|
|
"comment": "",
|
|
|
|
"data": "UEsDBBQACQAIAL0GY1D/44lCa3UAAACaAAAgABwAOTRhNmIxMjNiNDk0Y2YzOTkwZDg3MmQwNDdiMDA3MWRVVAkAA6WqXV6lql1edXgLAAEEIQAAAAQhAAAAupJ7553s/zTA7KpN7U7PojxAiRfKpZ2hDG5595+Ip36dZhTAg1XTCYC72fkJ/Hd7zIasXFgosbqYpfWE/9R3n990s6y+mmmPvbO7Y/23pPUnd2W9oevFw/nijZmez9MVkOIUdMQG2I+/f3u+br+tvB9TylbywuOdVMPqDRib0JGlXkpwoHxzz96Dyr4zYqfbFvjF+x8h972M2q8WjUS5Ck5TTdqs13MZdqk6jRgiASrD/ARoAV0wsK4GFV3yTEo4iq8OGeoy8VmB5lCJNQPwC+pZIwsaB4POQBvOBEl0JE5TVpG/3NT8kMyqLN/eREljQfVGlIhZZGk6S1LN7ugovhp691Abaim0OnEeEI0NCQpqVkitjTzdKNVwwSSmfk41OoO/1ckeh5lN+VJcCvjKc4lZzQwvr9UUrnrKlu++D4GacceyWzl675cEGKTTgMxNgIXMK8jZL/jwYlU13k7V8/ubCs5yACnccHJsSauaCs0HEnWlWlbnZA4K3ETmVOYpbC607YzQVmClX8GrcU+HwyYdongr88xkObNpcBScUFCF/2rBybSJLXqNvlSmmuRoPi03SyFwNUB8Q5Nr9WI4AJVUgjOHCU/8cjxwTA6nvpx1MeIY2825MDwvg8vNgaJrKS7SX1/6pqOXciGr7uJInUztQazy0psZswlk8Ct/VIHZLNAj/CLr7YjCloogHJvDDRUUv7dl6Lgn3VCb2bDzmuOH8NJ38IpEX074YiLSzsXHmvz74IIQwlZf/OviKQgeV1+xoKJ1zTKq14O9uNCluKaiG6Rr1iJPQkphH8R2Yn86Vj5fzxzI4V67tV7J1gyC8UOXPQrlvf21b7r6Y/oTpKd6CjoaTocdAtI+QOnSMcn5q7q6Ked8ULu6pFjJz+PP+qSzNFia/FrVwdVtL5cX6+XpWKRPB/9x61W057QZEA+7sySctd27fPMvPKkTjS4ZWswtwwjt5cdZ3JQuBsUcAHjawPvVCqrztAvoZXYm//RFMoN6sLL+gcUVOp1SY8AbuIj4rWXAod4zk98u5rxIqenWe6doH75WTQkXYCPnPBfk3f/gbcnoefct5u09DFSWa/aoPWOx/s3iMBJnVGrXbzn6Qrthf++mmqCA/p9GH7dRQWaBG7oVEqXsWfmFq8JH11C14QhrY3FP+jSjTpXfS/oV6OFxVbfBkQVpiJcKImm8WbLbVkB604C0XuV++RYjwqFhveYqxozy2Mu7/TjR/8XYqQ6bh/9WGre8YrJZKN2ct11fYpGPDmP8L/rSNq9ZyTaL2zizdqfpY8kt0c24u16nubx7x+Vh0vH/pWJbdcHXabLvMfexuUAvxdZ2kJJ/WN2ZJuUH7HYe46776MM8JD08g6FZlCGl0HWykLmv0VRwbR3ZzY1xeQy85FPWm3+bcwS54ZrzcdXKGY2FF5EtSeE/9lUmvT3y1T39CaUIwhJC6zyniQHk/ycjYIVVsSvoDSqeP7xQlLz2NvA+QCWh+MCD317FDm0v2JGSXuUjfqEX9BeIgoRfMk9+yFavy1jF4adASkd3eLyDbUkOmHGQr+fLNPP/XisiomsAxBshM/ZHQh/2iyeVjABqQDTos2CIbdqhXxkYj0OontUGJV+ePVRZGPJFuIJZB6tiNHki2/5X2g8t7jJvHZalUSDMdT8R3NEnM/Ocv++imnP1+pRh2taa9xXMAXyNKevrtlyf8xK5E+3LrBKBHWx1EuAiRHGGtPmbas3J0S9J8RfTa3ZiDGCSs7s7H1UF0vJYaPOlt6xZ7PYW37awENPYOb8zEM/GNlEVwD7Qo7XeimFvSscbN8A0cjQiGRGZjHeIzTpFKWipqznITVHnKSAPaYFNdGixqlvBEcq99dKNBz8TEcc9UrcrxBvzTTRu8hH2KNb0PTDptzIKZLGmzt9RmigT+vNpvMBFp7YyAMetZpuCMNcy6cuXMbOtSL0E0+3c9VuJ91ZLpEzkjy8xTZ0hgwGvhWU6DhGdSpVWTot7kXDRKvqgizqQaNNa/eC8AQdj16VsyvS+4AX0HmpZR4d8eNFvEr+esFKueaJWTNwXshSS12pbhQms/jQF35DTEN/fimtT6cIrCAOuNLwJwmPPB6ojLC5cRdJa3ZyyxMeJFxU1hnMO88clTVKWNAv62Z10fWFTW+P0djgyrjLbNCdEza7DouXiPGzEuc/sF5wtlHn6HOPBliwcQ2sMvNxraUL6rR7F1TOus5qK92Oe8bD9q5HjLCYl9QejbygzmrwuYYdEFGbtU/O5dF1fyezoxrSYzFHmmlEDg6uptPGBWeVwD8p67i/v+KQfpQlBku/BUKEJMTwrYz6qJm7BzgMTxTzHluTwEzHt+9OWWx7tyhMqrDZk/B5nD9gWe2ySB7pgfRbQfph0Dgur0BGwLIstlx00atQtDaIrzOKGGqv3e0NrHDdj6Y4u2jraCdAZ+yYa+994aPKXxugIq0RWfCXqG8qs2FQPyE4NmDEGNFAr619kyJssDDItDCiIUWIpMxaWwyP0GAGupOwHgORxm3D3B7DKhI8b4dvgavHLFB1y2mIbJ+U/wZGLIOY78oD3hZ1Gct+wGvktWxhkxI8c8mIzlsTqXH9rO7QFQeLgB4V3HbSpRx4hKMH5JOFmVEI7Ntx9ZQJWxJeNV88L/k1FSzHj/oY013YzSAtEz6t5sFfi0BVUdnRMp3rhGgFvMneAcy9/45qb5C7Ksp4nkUQAxmV5JCwW9X49HBKkYZRXJGJVpVkf29CK+tIXR0Rim4FYPVN2KPZbduFZhqXoFTgezcxm7JhWzRVbLl2yQmPtCsqrqp0YXTEQ7L4C+YG0RxhquvGJVDCX+7c65h/tS5lUXDXDI/KOm5yIAMjlqsYPszgg3YzPSzahB2jMWpjseuho22xTH6zGLPauUZeQ8EXIxsIVvcDxyLmw8Ykd2NapZ3WmmDqRCIIlpEYeM5rqAN8tcIxvPpkzNhGgo7Tz+m4mqnzhL2ygCJ3Lkcmddp2AunwJqkxXxSaRT6wHZ5d1hstx/4DR9RX+AbBdLkvDHEtOUnt2bxXpZfsJmMe+cbnCKfIOWtk9iwzHLaoxynMWaRrsh06TkTpUTSFuZl1EvjwswG9zC6jRT8uXeXhYhUyoZ+7xFL7ZATORuj+1r3nTtAauu7Oru35AAXUXlc7vR83c/mvxVWLo9XcRkxx7MaPHXAObM+AuXK3DFdKZgD41MqzgT6wTiOwY4CHBQ3g+GKV7OphlKecg0BnGVN977XkrixCcgfPoxlPimZGA4gfqfzTv8EdMl/rVRWk5yULtL8Tm8V5ueCWXoqQOgHHQoPooLgPGYmLmgsYMJh+v3BL4MTNDsjjznEJ5yvkLS6/YGKxCaRnEPlkLsHEFcrrxMTbXzn9pDw3sx7lorlVM9CCVgjZBt4sJqFWmn/Bo6MSqjQU85qCtv4L9bRxGWqMejGSLqWlESOqmXvHB2goKiBn3WmDm7dzwFnBTydd00BLMennnuhQ+AxkPfdanhIHeIF+n3bESqejWwLthO8lnWl83uRPxPTbfMKYEGl3ysQbV+Kv32fG5DsQDG1fT9MwmJI5OwTtvTBVpK4oqVIv3baL738aIlPedOneN7AL7PWWJAbJPIxdNPJMXKL4SmQ7hoVmunEvZdex9s3hNOtsC/HFfDOXyJafDRffItXI053madzlxO8xjjMd02tt01fW2znyE9UcRo1uopl8wleNNAk1fOmOKz5rju3DgkfFk92hw5xtSPtzBY/xthZzYdx33YZzSwbDjnIu/Qjo1zkMesciH+iOU9gJtQ1fzqbDkalIFlmh6YnFIzKonGRFcqT1ikmqXYMXt2gjicrFjW6Ee601XOx3141prdJgQxLmEoEVRIueDaFIIZJyCKGJTNGq6QNbN7WXjPFxtO7M4hAGBLfsum6vXltUbcWQq8acO+t68G/j6hWZXIoP5YSMsaax4VpGTRl
|
|
|
|
"deleted": false,
|
|
|
|
"disable_correlation": false,
|
|
|
|
"object_relation": "malware-sample",
|
|
|
|
"timestamp": "1583197897",
|
|
|
|
"to_ids": true,
|
|
|
|
"type": "malware-sample",
|
|
|
|
"uuid": "5e5daaa5-50b4-4688-a742-11bb0a0a020f",
|
|
|
|
"value": "324.doc|94a6b123b494cf3990d872d047b0071d",
|
|
|
|
"Tag": [
|
|
|
|
{
|
|
|
|
"colour": "#8a0064",
|
2023-05-19 09:05:37 +00:00
|
|
|
"local": "0",
|
|
|
|
"name": "kill-chain:Delivery",
|
|
|
|
"relationship_type": ""
|
2023-04-21 13:25:09 +00:00
|
|
|
}
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"category": "Payload delivery",
|
|
|
|
"comment": "",
|
|
|
|
"deleted": false,
|
|
|
|
"disable_correlation": false,
|
|
|
|
"object_relation": "filename",
|
|
|
|
"timestamp": "1583196837",
|
|
|
|
"to_ids": false,
|
|
|
|
"type": "filename",
|
|
|
|
"uuid": "5e5daaa5-c9f8-42b1-88aa-11bb0a0a020f",
|
|
|
|
"value": "324.doc"
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"category": "Payload delivery",
|
|
|
|
"comment": "",
|
|
|
|
"deleted": false,
|
|
|
|
"disable_correlation": false,
|
|
|
|
"object_relation": "md5",
|
|
|
|
"timestamp": "1583196837",
|
|
|
|
"to_ids": true,
|
|
|
|
"type": "md5",
|
|
|
|
"uuid": "5e5daaa5-e150-490d-badb-11bb0a0a020f",
|
|
|
|
"value": "94a6b123b494cf3990d872d047b0071d"
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"category": "Payload delivery",
|
|
|
|
"comment": "",
|
|
|
|
"deleted": false,
|
|
|
|
"disable_correlation": false,
|
|
|
|
"object_relation": "sha1",
|
|
|
|
"timestamp": "1583196837",
|
|
|
|
"to_ids": true,
|
|
|
|
"type": "sha1",
|
|
|
|
"uuid": "5e5daaa5-7b8c-4a12-bb2d-11bb0a0a020f",
|
|
|
|
"value": "023831f60ab29aae1c0332cb6af80c890f4b9285"
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"category": "Payload delivery",
|
|
|
|
"comment": "",
|
|
|
|
"deleted": false,
|
|
|
|
"disable_correlation": false,
|
|
|
|
"object_relation": "sha256",
|
|
|
|
"timestamp": "1583196837",
|
|
|
|
"to_ids": true,
|
|
|
|
"type": "sha256",
|
|
|
|
"uuid": "5e5daaa5-501c-4e0f-bc12-11bb0a0a020f",
|
|
|
|
"value": "9c5d88aa18845bd266819994a6bda3253e2df91e942b1b5428a317ab6e189155"
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"category": "Other",
|
|
|
|
"comment": "",
|
|
|
|
"deleted": false,
|
|
|
|
"disable_correlation": true,
|
|
|
|
"object_relation": "size-in-bytes",
|
|
|
|
"timestamp": "1583196837",
|
|
|
|
"to_ids": false,
|
|
|
|
"type": "size-in-bytes",
|
|
|
|
"uuid": "5e5daaa5-46b0-4a9e-8929-11bb0a0a020f",
|
|
|
|
"value": "39424"
|
|
|
|
}
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"comment": "",
|
|
|
|
"deleted": false,
|
|
|
|
"description": "File object describing a file with meta-information",
|
|
|
|
"meta-category": "file",
|
|
|
|
"name": "file",
|
|
|
|
"template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215",
|
|
|
|
"template_version": "17",
|
|
|
|
"timestamp": "1583197897",
|
|
|
|
"uuid": "5e5daaba-4204-45ad-9ed7-11b70a0a020f",
|
|
|
|
"Attribute": [
|
|
|
|
{
|
|
|
|
"category": "Payload delivery",
|
|
|
|
"comment": "",
|
|
|
|
"data": "UEsDBBQACQAIAMkGY1AvCKmza3UAAACaAAAgABwAMjQ4MWY3MzFhY2YxYzc3ZGY3YWM0YjIzMTgyMWRjNzFVVAkAA7qqXV66ql1edXgLAAEEIQAAAAQhAAAAaAop/ErfL0GdJKWbWf3TMuGZ7+zlwuNHt/lcKieaRQM36uIQ5BSowxn2wc913u1KRsXe9QWV3RGtNmjcS1GY24mKI80mWcN4FqY0DzoYwbyVy5/Sf9C9pRC/YkisZosVdlNzTwKmAL5OePGnVswRQCq+EdIj14htwgOZ4C3rX+vkIkH3BESoJ1TwfLRFJwmiZkUDW3LwZcB7oRyBLS2sVRRRoq8ZLTGuntjDEDld8Gz8+6U9jGtlTpJ0e/L4ueG57+Wa1fBSduv8kF/glC4Jy/07LS0GfA+tkiPQpUpW1RqQH8OMdvEd/JrSXQx8XQJ74kN6B+7noLewH7dVzFZwCpO+mMH1pvKKPavLjIJ6D6TGk9pXQsKAODDF37rAeEr0tYiUYk8Btd3EdqEUBoQJpxVzBoTVbB1l2+owcD80FHAlVBUSNuwozN/zGBrNiuoOZJFZR4DcPO9SqRTVLjZSn68VhoJvpeYPP2vMV/fHgmdGLzwnX7vsvGPnS8Wxsznbo/kd+XRTxnClkhUCrgD4wWj4i5l5nY8A98W/bf3eslxNHXZamHSXhT7C82h9iwI0HK+jSqXHFqTQG700ko7dtUfgAZZVULGtj3g5ZG4zuwfFAZTc0XYe/w+b98zG8VB+bj8NL3t0Kk7xhDHwtfFCrasrc5dQgHs7fNY7w6rTozZrQjeSrce3FK7J2QBXFcyhB0/9UpWZqiEIW0vKlfKE+yqe+srY2YZGt0QKMKTgEsC979HfFYYPbxJSF0BEOcGwe/ZJaPa+hIZDCCph98xvYVIOZc3kPsxbzF0YutFyNG7/UB2flQBncvRbECWzd/sgG9PzCDBQbKGuzJSdxkfX31zBfLO7hpO2gwqDfIokz40iYjsDI3tIiFUDFLkOYnsCdV6lQjVmoUg2sHjAbjsE2x/Oo8ijKFEb7vbIo6EJdN+KHJecck9rrBzMH7PXCoKvbIzRGlhwVsckpwYM/+FKBbGxb7C6i8xrZgacF/8C/kaUoHqs5dOdpT+OhAQ5HEBscSH39xSbnc9BlgKkMUxZJNJi7kYOLcIpIjqUiI4zvBGbgSnjeeA5pBPiDvmOPKE1XqS6l3nPiNfsAVKJ4fT7vOJ21tIpkZJiRastTlXyk3ddtVvbPm6ds5iOmisvKVwBsiJxma2J5fZxm5wpm7X0JXGEiqiQf7O3JPul1O3JfhXZKg0o8miMGYpaznEH3es0mmFIOLQ0RRZFvYTZDdul03KNxwh5ctD5VbvXbESXYRu3mrXwUvUefWVCyiKBt/Fiyq6t6yi/r02MNDZdy8r7ZvsVPwzO4ZKCO9hF7UDXRP3E2pROSyjHlR1ADclP19kXVPGvRLtq/pgYf/KacnaGggHR798aI4Rgo1RZoMOSWG3vk3SzifBAOd0eH8R6pjOviZ7CSHqdT+RJEyoZ+kqIjmJc5myLEOb+XlJzecED9dtbQuosMfAZXonnDAp8vljj6zgiSR65KCxmdqUvK4KimvE5Y6Yxiwk5iV9FbqOXQmrc5+Arhh93jvROBtSg7zWi0fsWQK/27DHUnQ9v84judnpZFD/eXeH81gelmq5mduTr21KSe1nFZ8Bbq/DHSAjVhfuUWXUcL7q5v4783RSBqJzfeaWEqC0t9oIqAHD9ffIUpWg4f79E5gQVq87MUZ7rNzzjS7EJgZpvCy7mIE2/dfS5G0mQ9i9Z/5CN9LcPjF+fqjQV2C6TAkPMoxiNfpVWAg/SWW9bT65QhGy1ORGxiUm/DS7ehx5puQYMLC4ZHw2YdBRdYssmZt6zc8n4wbVxM1/8XlHPUhP9T9hLnTK3LTHWdyHZUKsAMRp6zecinLIh9kOnkN/lfovdNABrmHtIrqg4uGUFmyNurrZeiLHwD7Pvn6ScPwUyUQci7PdFhJPjE26NexVQFs71gmoKz9QB3Biz8U0OXhbA20LDtZa4qFjL8RAMQ1ZsE6qUaISxAHWxJ+tdVy3zgmo9Mi0smcYoUEZ2yxBCQDLFPZDiKy/5eCRdUDiBr7B2WVz+O9ix1iCXhyfSV3j8mUhUyLxQa5L6uGBQ0rIVkL0nzvWM9rHyHHxnhMuNk9/51DMSoqdQONXGSs+CPyMmS3CXzRwdxfwaa7Oh6ZZ5KVbQIGRQ3aX2oVKWgLhlmeF/XxDvxTil9cPfCLYm/ZCveRZBHY8pRj+lF9GKA5P4spxvJ0KCVkOV29nHNZYcgUGM3fpz4tW1UN1A2WI1pz86HX5mmBPFbbgDbYGYLcwykmkVMjUa9jTuS2zMi+913OChO1RyFn8wVZ2DGG5xgd92zBHFxo/x+MTCq8Bp7Sp/uRcIEw7mPCCKbyRK9YLJrLSr6IayIRLiDo+Oggyk8NSpIXUbf9k25Nw3+/nI60jcXRbbzZToqNWWaTq2ELHQUfg31LeeNcuyVGcK9/8kZGa9/hlrWeLBEQrfxaCQMMbtrYbLjqjJE94XPhRbsfvKZ6Zu21wZV5wpx06dSOt37C0aNokBKvk5rUfcTgh36qpjhEIHJ+5Aptpi+ALYmIOJeZflRLu2YsiPLvOwabfMNZyShXKlWgnBosZQzOMpj/sGYYRswrKDoI8OLr/Va22c19GvTagL/xLdALzsZ5NvCHTVWAK9Dv9N1sanZRJIbp4K2ICWGaXS9L3nashpOUAVpkLuiA/bhknbvNGuFQ0sUZCNy9rEQQmIvf5DgjLgmbY8gYKyQ7B8eVRbx2/0Chdoq8MzXJClGWwDE+lcDugrvICyejm/ruOJr1rIizbLN01eMmBMgmwr8iHK+m7uqd4y44s0nau3tWMCIzBjO5uGXEZn52PEVgSB2wlNMQPT0Pw6SPcnoSWdECQUl+Kh1f10WwCScoY++z3v3PrHj4ukNpteSKlspY4Ekry3LPOqXvAsjL1p+Md0PzEESu2nLZncSCU8/B17+8YMdbmYU/nBR7uCKX4ufOTh84WBDl10R2usblVKU5DZoNKVYXesyd+VClU1Nl8m4GByBMC7Llwtn4QaGNZ/OwroY22qgFZqYf913PSluJGF9k5Tyl96Nyvjjl21q6TiLXrrJuI8OoZtGxOwSjaDscV5hPyTe7SUqQZDMJwq73QZ1OmtJobatXHjfBtf51SfMLkschxWHdfEludnB5OuvHsKu/MiFFVV/tVqKoxpA9cV17/1Zz9ys7CZELdLmKZJtzDP56rtC8IedtEc95YPF6r8JzfUwjJW/wvfW3+E+XtNmq/DWIy6UXozQp/GFPL90MhrTw+Sd+NPFsrbooDJ0GQ4SR8XGj7OWqsAyy0gGxp7dtuKnFKfdwdVcWX0lDZj6NxG9X7NJ0KAELQa87nK0eDW4AThEQ2jAMRi27tb46xbsHO8KCKumg9MD6HZpr1tSmhhGF/Jh5g5LvjH4HVeQcHsAKBqdT3GTj2raoZyquPh+KYirqdSrEJS3fizBM9WBjdJy6RGlEwWaTznH1vmSlwwEM3Opv4zzJ/FYY4JZHNa0dkRslVJ3FpIMJYt9OJ7DpG8izSFxnNIMHXiSHClZCSB3K2KDAE7nqKSP7yVwTicwL5JHa3k+MtrPrHnztgYnOGf3JQ7zn0hji7NYRhIro4ALfllWqhPOqtp98p1cmIalUxo0u+IxkKLaC3pmM0d+b2/OOcaQ09toyDkPp184IUbgZTBGpYKh1xZjpSaScIR4rMADJ5n1mmTDDuhKgo5gnACzuI+aXAoAu2F5k3q7syf5sAKiFh305K8Ei41xAJWBiqN6aOuEyTxp1KYoR7XO3WbqsUyeWVJ+rlTxa9SZEEb6H0pnw1G5ac7STQViW/219f48WFfLbby4wucqXiBz11kcW/QOjBmal/mJC9HNYux7EWtsSzSET2uTocfuPwt5t8Uwr/cnvQigHsq3MeH3NRFEuqXX7aBTaiYtjFRJY5dhlTsLFCYzhJt2PzRkmmNqdbxqFS5zoU1j9XJmcNNl8hXeu0hj9A6LE
|
|
|
|
"deleted": false,
|
|
|
|
"disable_correlation": false,
|
|
|
|
"object_relation": "malware-sample",
|
|
|
|
"timestamp": "1583197897",
|
|
|
|
"to_ids": true,
|
|
|
|
"type": "malware-sample",
|
|
|
|
"uuid": "5e5daaba-33e0-41a1-9936-11b70a0a020f",
|
|
|
|
"value": "491.doc|2481f731acf1c77df7ac4b231821dc71",
|
|
|
|
"Tag": [
|
|
|
|
{
|
|
|
|
"colour": "#8a0064",
|
2023-05-19 09:05:37 +00:00
|
|
|
"local": "0",
|
|
|
|
"name": "kill-chain:Delivery",
|
|
|
|
"relationship_type": ""
|
2023-04-21 13:25:09 +00:00
|
|
|
}
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"category": "Payload delivery",
|
|
|
|
"comment": "",
|
|
|
|
"deleted": false,
|
|
|
|
"disable_correlation": false,
|
|
|
|
"object_relation": "filename",
|
|
|
|
"timestamp": "1583196858",
|
|
|
|
"to_ids": false,
|
|
|
|
"type": "filename",
|
|
|
|
"uuid": "5e5daaba-5c44-416c-a8f5-11b70a0a020f",
|
|
|
|
"value": "491.doc"
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"category": "Payload delivery",
|
|
|
|
"comment": "",
|
|
|
|
"deleted": false,
|
|
|
|
"disable_correlation": false,
|
|
|
|
"object_relation": "md5",
|
|
|
|
"timestamp": "1583196858",
|
|
|
|
"to_ids": true,
|
|
|
|
"type": "md5",
|
|
|
|
"uuid": "5e5daaba-72b8-496f-8419-11b70a0a020f",
|
|
|
|
"value": "2481f731acf1c77df7ac4b231821dc71"
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"category": "Payload delivery",
|
|
|
|
"comment": "",
|
|
|
|
"deleted": false,
|
|
|
|
"disable_correlation": false,
|
|
|
|
"object_relation": "sha1",
|
|
|
|
"timestamp": "1583196858",
|
|
|
|
"to_ids": true,
|
|
|
|
"type": "sha1",
|
|
|
|
"uuid": "5e5daaba-e3f0-4642-883e-11b70a0a020f",
|
|
|
|
"value": "545cada323b15eeca35a71726d6be830cc7f8b5d"
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"category": "Payload delivery",
|
|
|
|
"comment": "",
|
|
|
|
"deleted": false,
|
|
|
|
"disable_correlation": false,
|
|
|
|
"object_relation": "sha256",
|
|
|
|
"timestamp": "1583196858",
|
|
|
|
"to_ids": true,
|
|
|
|
"type": "sha256",
|
|
|
|
"uuid": "5e5daaba-8598-48ef-9199-11b70a0a020f",
|
|
|
|
"value": "66cc741a61fe877e9698d180c19a47495fd49bd9699726d92d88d5c55fe85d17"
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"category": "Other",
|
|
|
|
"comment": "",
|
|
|
|
"deleted": false,
|
|
|
|
"disable_correlation": true,
|
|
|
|
"object_relation": "size-in-bytes",
|
|
|
|
"timestamp": "1583196858",
|
|
|
|
"to_ids": false,
|
|
|
|
"type": "size-in-bytes",
|
|
|
|
"uuid": "5e5daaba-cfdc-4b9c-a12e-11b70a0a020f",
|
|
|
|
"value": "39424"
|
|
|
|
}
|
|
|
|
]
|
|
|
|
}
|
|
|
|
]
|
|
|
|
}
|
|
|
|
}
|