2023-04-21 13:25:09 +00:00
{
"Event" : {
"analysis" : "0" ,
"date" : "2020-03-21" ,
"extends_uuid" : "" ,
"info" : "Lokibot Equation Editor Sample" ,
"publish_timestamp" : "1642616464" ,
"published" : true ,
"threat_level_id" : "3" ,
"timestamp" : "1621850735" ,
"uuid" : "5e761095-13f8-422c-837a-4aa60a0a020f" ,
"Orgc" : {
"name" : "laskowski-tech.com" ,
"uuid" : "5e157d76-c92c-4acd-a54e-4a01950d210f"
} ,
"Tag" : [
{
"colour" : "#6ed8f0" ,
2023-05-19 09:05:37 +00:00
"local" : "0" ,
"name" : "Lokibot" ,
"relationship_type" : ""
2023-04-21 13:25:09 +00:00
} ,
{
"colour" : "#ffffff" ,
2023-05-19 09:05:37 +00:00
"local" : "0" ,
"name" : "tlp:white" ,
"relationship_type" : ""
2023-04-21 13:25:09 +00:00
} ,
{
"colour" : "#4d3300" ,
2023-05-19 09:05:37 +00:00
"local" : "0" ,
"name" : "cert-ist:threat_targeted_system=\"Windows\"" ,
"relationship_type" : ""
2023-04-21 13:25:09 +00:00
} ,
{
"colour" : "#815500" ,
2023-05-19 09:05:37 +00:00
"local" : "0" ,
"name" : "cert-ist:malware_type=\"Stealer\"" ,
"relationship_type" : ""
2023-04-21 13:25:09 +00:00
} ,
{
"colour" : "#764e00" ,
2023-05-19 09:05:37 +00:00
"local" : "0" ,
"name" : "cert-ist:malware_type=\"Keylogger\"" ,
"relationship_type" : ""
2023-04-21 13:25:09 +00:00
} ,
{
"colour" : "#fea700" ,
2023-05-19 09:05:37 +00:00
"local" : "0" ,
"name" : "cert-ist:enriched" ,
"relationship_type" : ""
2023-04-21 13:25:09 +00:00
} ,
{
"colour" : "#372500" ,
2023-05-19 09:05:37 +00:00
"local" : "0" ,
"name" : "cert-ist:ioc_accuracy=\"medium\"" ,
"relationship_type" : ""
2023-04-21 13:25:09 +00:00
} ,
{
"colour" : "#0088cc" ,
2023-05-19 09:05:37 +00:00
"local" : "0" ,
"name" : "misp-galaxy:android=\"LokiBot\"" ,
"relationship_type" : ""
2023-04-21 13:25:09 +00:00
} ,
{
"colour" : "#0088cc" ,
2023-05-19 09:05:37 +00:00
"local" : "0" ,
"name" : "misp-galaxy:malpedia=\"LokiBot\"" ,
"relationship_type" : ""
2023-04-21 13:25:09 +00:00
} ,
{
"colour" : "#0088cc" ,
2023-05-19 09:05:37 +00:00
"local" : "0" ,
"name" : "misp-galaxy:malpedia=\"Loki Password Stealer (PWS)\"" ,
"relationship_type" : ""
2023-04-21 13:25:09 +00:00
} ,
{
"colour" : "#3a2600" ,
2023-05-19 09:05:37 +00:00
"local" : "0" ,
"name" : "cert-ist:threat_level=\"low\"" ,
"relationship_type" : ""
2023-04-21 13:25:09 +00:00
} ,
{
"colour" : "#f6a300" ,
2023-05-19 09:05:37 +00:00
"local" : "0" ,
"name" : "cert-ist:threat_type=\"malware_outbreak\"" ,
"relationship_type" : ""
2023-04-21 13:25:09 +00:00
}
] ,
"Attribute" : [
{
"category" : "Network activity" ,
"comment" : "" ,
"deleted" : false ,
"disable_correlation" : false ,
"timestamp" : "1584795949" ,
"to_ids" : true ,
"type" : "ip-dst" ,
"uuid" : "5e7610da-c138-4add-a2e7-46c674656a8a" ,
"value" : "23.95.132.48" ,
"Tag" : [
{
"colour" : "#e200a3" ,
2023-05-19 09:05:37 +00:00
"local" : "0" ,
"name" : "kill-chain:Command and Control" ,
"relationship_type" : ""
2023-04-21 13:25:09 +00:00
}
]
} ,
{
"category" : "Network activity" ,
"comment" : "" ,
"deleted" : false ,
"disable_correlation" : false ,
"timestamp" : "1584795959" ,
"to_ids" : true ,
"type" : "ip-dst" ,
"uuid" : "5e7610da-0c20-4a88-8ad4-4b3a74656a8a" ,
"value" : "216.170.122.34" ,
"Tag" : [
{
"colour" : "#8a0064" ,
2023-05-19 09:05:37 +00:00
"local" : "0" ,
"name" : "kill-chain:Delivery" ,
"relationship_type" : ""
2023-04-21 13:25:09 +00:00
}
]
} ,
{
"category" : "Payload delivery" ,
"comment" : "" ,
"deleted" : false ,
"disable_correlation" : false ,
"timestamp" : "1584796222" ,
"to_ids" : false ,
"type" : "vulnerability" ,
"uuid" : "5e76123e-c354-4178-9c1b-4a030a0a020f" ,
"value" : "CVE-2017-11882"
} ,
{
"category" : "Payload delivery" ,
"comment" : "" ,
"deleted" : false ,
"disable_correlation" : false ,
"timestamp" : "1584797893" ,
"to_ids" : true ,
"type" : "url" ,
"uuid" : "5e7618af-5184-4d5a-8d09-4fe574656a8a" ,
"value" : "http://shgshg9nationalobjwsdyindustrialgoogler.duckdns.org/shgdocument/vbc.exe" ,
"Tag" : [
{
"colour" : "#8a0064" ,
2023-05-19 09:05:37 +00:00
"local" : "0" ,
"name" : "kill-chain:Delivery" ,
"relationship_type" : ""
2023-04-21 13:25:09 +00:00
}
]
} ,
{
"category" : "Network activity" ,
"comment" : "" ,
"deleted" : false ,
"disable_correlation" : false ,
"timestamp" : "1584797913" ,
"to_ids" : true ,
"type" : "url" ,
"uuid" : "5e7618af-b0f0-416f-801f-4a2f74656a8a" ,
"value" : "http://23.95.132.48/~main/.isuoxiso/w.php/tOEYLz76bbT79" ,
"Tag" : [
{
"colour" : "#ff00b8" ,
2023-05-19 09:05:37 +00:00
"local" : "0" ,
"name" : "kill-chain:Actions on Objectives" ,
"relationship_type" : ""
2023-04-21 13:25:09 +00:00
} ,
{
"colour" : "#e200a3" ,
2023-05-19 09:05:37 +00:00
"local" : "0" ,
"name" : "kill-chain:Command and Control" ,
"relationship_type" : ""
2023-04-21 13:25:09 +00:00
}
]
} ,
{
"category" : "External analysis" ,
"comment" : "" ,
"deleted" : false ,
"disable_correlation" : false ,
"timestamp" : "1584798456" ,
"to_ids" : false ,
"type" : "link" ,
"uuid" : "5e761af8-9558-4dd8-8dfd-43b90a0a020f" ,
"value" : "https://laskowski-tech.com/2020/03/21/til-how-to-unpatch-office-and-get-that-sweet-execution/"
} ,
{
"category" : "External analysis" ,
"comment" : "Cert-IST Attack name" ,
"deleted" : false ,
"disable_correlation" : true ,
"timestamp" : "1584960604" ,
"to_ids" : false ,
"type" : "text" ,
"uuid" : "5e78945c-f8e0-45d1-9de0-23b8d5388438" ,
"value" : "Malspam-2020.03"
} ,
{
"category" : "External analysis" ,
"comment" : "Cert-IST External link" ,
"deleted" : false ,
"disable_correlation" : true ,
"timestamp" : "1584960604" ,
"to_ids" : false ,
"type" : "link" ,
"uuid" : "5e78945c-2344-4646-8551-2367d5388438" ,
"value" : "https://wws.cert-ist.com/private/fr/IocAttack_details?format=html&objectType=ATK&ref=CERT-IST/ATK-2020.024"
} ,
{
"category" : "External analysis" ,
"comment" : "Cert-IST Description" ,
"deleted" : false ,
"disable_correlation" : true ,
"timestamp" : "1584960604" ,
"to_ids" : false ,
"type" : "comment" ,
"uuid" : "5e78945c-ffd0-4060-a6c6-23d8d5388438" ,
"value" : "IOCs coming from a report published on the Laskowski Tech web site regarding a sample of Lokibot. The attack attempt involves an attached crafted Excel document."
} ,
{
"category" : "External analysis" ,
"comment" : "Cert-IST Malware Name" ,
"deleted" : false ,
"disable_correlation" : true ,
"timestamp" : "1584960604" ,
"to_ids" : false ,
"type" : "comment" ,
"uuid" : "5e78945c-0d70-4486-8ddf-2416d5388438" ,
"value" : "Lokibot"
} ,
{
"category" : "Other" ,
"comment" : "Cert-IST First Disclosed Date" ,
"deleted" : false ,
"disable_correlation" : true ,
"timestamp" : "1584960604" ,
"to_ids" : false ,
"type" : "datetime" ,
"uuid" : "5e78945c-8164-4dd9-be39-23cdd5388438" ,
"value" : "2020-03-20T23:00:00+00:00"
}
] ,
"Object" : [
{
"comment" : "" ,
"deleted" : false ,
"description" : "File object describing a file with meta-information" ,
"meta-category" : "file" ,
"name" : "file" ,
"template_uuid" : "688c46fb-5edb-40a3-8273-1af7923e2215" ,
"template_version" : "17" ,
"timestamp" : "1584795972" ,
"uuid" : "5e761144-d120-4a00-a22b-43d50a0a020f" ,
"Attribute" : [
{
"category" : "Payload delivery" ,
"comment" : "" ,
"data" : " U E s D B B Q A C Q A I A M Z o d V C / u 6 E D e o o N A A D c D Q A g A B w A N z F m M m M 1 Z W I 2 Z D J l O T g 0 N D d k M T c x N m N h Y 2 J h M m I 1 N j F V V A k A A 0 Q R d l 5 E E X Z e d X g L A A E E I Q A A A A Q h A A A A r C e m V A 645 V n 18 v t k g l L 3 k j f e o r h 5 Q F r s n v X o Y + 0 O + z C q z X s y u n U K Q n U 8 B Y 56 j A Q d P 0 H 7 z / 7 n P s c U C q e + / 5 u n r C I J S / 7 X s Q x 4 Q Z / j 64 W l O N r t 2 h 5 p B L z J s K 3 j L 8 J J Q X k J A 7 Z m a E + J 4 N j l S / e R r c z c 0 I f T e V w m A a A + G U N n p f M 5 m t D D U P J x U M A J J v Y 0 C V R g h i a 477 u X 56 r v l d R H M f e a 49 L B 3 G g k x f v A r W J D 1 Y x v b N S c g 5 O y z f 2 l 5 B k K j 45 g y K l g B b b t k 1 G J z B 9 y 7 J E C s 6 i j c R 53 H H u A p o U + Y 6 i B 9 f 3 e H m 6 P z V 7 e T V v x A X o x 9 I / w A O k S H J j a f g q L 8 p / u U 2 F r h g W E 0 Y V + v K 2 k c 8 k w L Y N P a b a q W + l P 0 A T 43 C r P J y 2 d o b 9 c Z 1 o C w H R R R j G O d T 9 b m g I g y I b G x V N I Q k t r j W T d F Z 5 H Z V c v 5 s 4 N B B V u A M L O b L n P r M t K x M E P 0 7 r I z N p 6 d P n v R 22 B 2 r d y o I j S U d t v O r N v D Z y 2 r 1 z K a E l i h 6 I E z G c a I 8 h M N Z j L E i W 77 o p + O e S i E P U f + U I K J w l d c 4 W K F Y p J z u y B f 1 F d L P b 0 E e v M r 8 Q K Q p T 5 B E x 6 n f U w E S H 98 W e F c J w m Q h Y v / m n m h a 1 + 79 z Y P P 7 P v Z 77 u h w W F S b 0 0 X Z q S + 0 k i T O v d O Z v q f m 7 v U v M 6 c m o Q H E H S g 7 i u U 913 j P F 3 d c r c M j p s 2 p R x f w l t q A Q 4 z i 0 e Y h i I y M T V V I f Q A A 4 M b f y l 2 T + H u K O o Z V 301 Q Z e + S E Q / 0 5 C H T q 2 C k y s F 2 h y + A m z E w c d a y V U w 8 S L K F S p F 68 a L V j 5 V w + M U S n 9 p u R X I L w p A q y g Z 13 S l e V A + S W s L L s 2 W Q f f H 1 E a 2 N p L U I O N e J y s U 3 H d q j Q i U L 7 Q O 9 q o g i W 9 v 1 w t b C p u D c A k k d L P a z G Y I J J X x T k G 76 G U d 3 b 3 W 4 V s F g S g 4 v y 5 L k f w W C z 34E0 d w r J N R M E L a k / l t w J T R n M w 4 r R T t 3 o 8 u 8 V q T U G W v X g X j N e 1 B R N k 7 / A I b J E 6 + d M v j 5 f X B R M r C i 0 G o S 92 + t 7 q Q 0 p F i N R S 6 Y e 5 b X 9 X 1 t f 0 o v d K U u z e T u b / S f V J G r 4 H U v 12 i B S b H M k 12 U 2013 B Y m l a r N 6 b X F 7 t Q R h o a Z i 9 g E c / P L w w k s z I 0 7 q z K X V n H 7 m 0 e G y d S I x 8 k l w H m e Q R d B V s d Z B I K i x C A b a c V b j r 2 G d D 7 x a K A x / 0 p w u 1 m b 1 n G 0 8 U U K 8 B P m p P z G K S S B T G F X 970 x s P A D r j 64 p L + c a c h d 4 t i 20 j s J y 9 K G A 7 g G u V g P t J 8 i W f 0 s A O 2 a z n e 6 z K j u u + j o s S r y s a m E 6 S O r O 4 h E O 4966 R c 7 j 0 u F B a L o T H c E m H H S G J t B E k U 78 G 1 P q 5 h a o z W K v B y z h R C U n r r u o I r d u L E l N f f F 6 v 5 v G L o E T t V y b m L Z Z r d o N + W X p p P E n J t 2 Z a R 5 n p T B t 25 m 5 D q A 0 J M 5 H s F p 6 x y 19 I w 0 A U U p M q M F m s V P Z l x j R R u M l d w L 0 T n l J w C V o L 52 A A M f Z i h A 8 O Q 41 c 6 q D X Z l 3 j p P W g S S x m y P 48 j 3 E K T R 96 T M 0 K a N T u m p v h j 6 m w l p 3 T f F N O o i j f + q s A C h a / L g 9 h z 94 q T R f p x 9 Y 6 a c N W w e X Z b + u U J U 5 / R h 9 Y + H t V 0 U V 8 q o u g j y b c s d j x q r / g 3 Q e f 8 S p + s d r Z N T F 2 Y k A H O 3 M l H z E w Y 0 8 F U r S 19 J E Q k q i T f b E q f H J 91 h x u E W n M R A E u o M 2 I G 0 + K t 4 F 2 z u 89 M C z E b O f 2 E b E 8 O N 19 k l l l d P 1 f f / S h h H H 2 M I 1 q g O Q L 75 H s i E Q 0 j G d s q f 35 i E 2 d S + d p U 0 P 0 y e e o U g J A f Y 2 m 0 n 3 S K A F v C g 4 H j X B x C g S I C 9 g t u Z W N 89 i 1 / l N G + Y Y z t i v F k v P + y 94 x u e + M o V B U k O H l l O C q g G d e + S e J 3 J U E h n U r 32 U f 9 d a Z 8 A D G I E 9 N E 8 / O 0 s m k 42 p n S + 1 W S J E U 7 O b p D M w l 0 O V K E A E u H F O Z F Q v Y K q q F H O L S 6 a 86 p p J 9 y + T J K o 11 E q 1 D e d o 4 h b 1 q o T 6 J Q o c S g H b I K e 48 R W L Q K H 6 S 3E6 E I P 5 p M i O p P 75 D c v O V m / S h B O E B H 9 S z P B k 9 t s E l Y m r H 7 K y 4 j K 481 N 68 D 9 Q R K z e z b 84 T l D 57 A o 5 x t T b w E s C q 83 P O 6 / Z N Y a d L + r K 1 + I 0 W Q m X Z s f n N 7 j s 8 + Y b Y k K w O p A 52 Y Q X F j Y a R D K l q l Z 6 O 9 V 7 s W Y N m / s r e H V t t r / 5 C R k s R W b J 2 I z A 60602 K U 0 4 n T + 5 u b k f N O 9 f 35 t 92 f m 7 p c B p G D 9 g t C B h g x d T k m o Q f w o 7 M y 3 V S 0 7 q 5 R C R u a x i 6 D t a b f E Q u f U j / Z 101 I w 1 x P a h / P m W 6 X e z S H O y 67 d s k Z u 5 p 1 h z 8 y V t N 5 o Q N 8 M m E C m w C q 7 + C J C Z a e B z I q Q R J 2 R 5 t 8 Z b 2 t x + 4 K r H 6 F u Z W w p r j K V K 0 B L y U + 8 g E c T Q I u N D E F i Z I 7 u 9 J J v S m p o z 17 i 5 K B b Q r f U w 6 z O u h Z W z D K 1 x I Z e K 6 l h x Q 2 A N L Z s O j s N m + x D 2 X f f h D E C o r d 0 2 A W w D 7 W o N A J S a 7 o F X M 3 p k K H 6 H t Z Y V L r W U v d o 1 S r l c 0 i j d s G Q e U S 6 / v m h l T y y 0 M R r Y F V X 31 r B o a j J P 31 W z H I c O / z N I r d l t v o l M z A k d I f Q O f c t k 2 u W Q X G V o h Q M Z c H J a t y p 1 p q X d i E I I B 4 t E 4 C r o g q I b I e N 9 s F I i X N 8 B P a E 4 z i K I I L 8 Z 2 J z n I H U J a / 7 B j x X 6 j Y q P 6 h R H n N Q r I T q M y o d 4 y H V z j j v t g Y x s i R E P n E Y a 0 t b / 8 m B u r T B n / 5 l l N c d E X + g O M 3 c a a c S y x C G S W C b 1 e u x w a n 9 U w 0 x q 6 r 7 m h G N D d I R Z h 5 K k U g d 55 k Q 3 M Y 3 e L z X V z 5593 N w 6 B u z A 7 l K R H Q D z P C K U 3 n r p h m b m 5 d / J q p i d e u + h B a E Z 0 c O 7 M n N K C R L + O v E H D 7 p 9 T a r Y r 7 l S z + 4 l U M D 2 U s H W H 9 u w v T y 21 I l c 3 A D J p 7 A M k s h G 9 p G v U q s I Q / B h z i N 5 E c W 1 A k g 3 K x t t n w I + / r e s h e o T F 1 Z o T N C v x c F L F U A q i 6 Q A X 7 U q 9 X i H 3 R O 6 m y l z C 6 Z u g A J X r J s o x S m U P 91 a K 7 z 3 j T t d w y X j N 6 / n A V k 65 e z g b v h B N M e + u P 5 D T U 2 N U A f r 7 T e O r M L v W + x p k M c r j H D a H f e a K R Q + 1 E c q C Q Z Q R s j E o 7 Z Z t y 2 I 5 L r o z y 7 z 5 s O 5 y J / B f E 29 L Q A K y u P o i f i 4 x t 1 M n M q 0 r 9 p M y 9 c W 821 B + k p s C / 0 f H 1 + 1 o s l a k z y Y W h a u S f J 2 H h E g F T L h I g C P K P u 6 U w 5 / 1 D 4 M w b T Q m 3 A Q X S X + K e D d q G n D k H b l M o V Y 30 R 4 O F 5 q x W + 71 L F X K I 0 j H Q T F v / C 24 Q M r R N u J p H 9 z T V P W G l f A o y D 4 r j V i n L B m l E L N M 3 / G b 6 w Y T q + 2 E G G Q G 73 J n H Y Z B d x x R O M k W v H 5 R 2 G b C 38 T T L F N d H f w J h a u / Q U w z 8 n c R j H J y 5 T k 5 t O 5 W m i O B H g P v 7 o J 6 / r v a M O 1 v d n q B Y L f Z 80 G G s b z p i A 6 G H c 3 g X 3 W x x C V c Q O C R l s k B N Z c Q t 3 q Z I o K 0 g 7 y i A E a p b 8 S Q X s q F w Y d o d P h W B P b u i n Z 7 R / C j + U x G A n L V K T 6 E O + u A i r 6 S q I m o Z 8 u n 6 K a y G e u L h S T k m r u + I i A p + + c d g F n x D n / c a I c U E Z W k V i U U P C j 2 o v 1 U E f N U l n z X E H z e Y z B u 4 F x p J e 7 F o p 3 k V G + m 8 u 0 d W + M v x z + Y b N G F q j 6 M J Q f t / N o m T U A B g t E H D X z V N Q 1 u y X z L 1 W D 5 e J + o Y m Q a P A E 5 z g c f Y A k P D 8 A 6 d M x o X n A O x 5 H V z Y t N B Z h P H 7 l u n O T a 6 S P U s W J y O Y w e Q l U S B L R k E g 1 C S g i b O C H E L c N m S y b k 4 Q P h W 6 O n 9 n 0 w / R s l q K Z 38 J 3 T u R q d Y 5 / e p P + O U T 810 J H M M 1 X / z Y e 0 P N G e w i a X x p m o w 2 P + 5 p g 5 w W b Y h a + Q T r N + 6 L K Q l Y L Q P s T i b b T Q o + C X 0 c E j i G l s x E K K e j C 183 y t k h m Y j e A I D H q V H 1 j O z P w A Q 6 Y 6 f A T n 1 R 0 n l R W f b a F d x v r J y 3 e s O X L R p s s U 2 S A B E 6 + D v K I 4 z t 0 J M q c A V 3 g 6 Y 6 T N Q 4 R u 6 N F k o C v W z 9 p H F d Z f L i 7 p D 3 V r J J z j w w y F f e q u 18 x 7 Y E 4 Q x / 0 z L H 2 D E a O 2 Z 9 + N / M G F / 9 f 0 z p K y S b q 9 K O i p 1 A N j j w M O u Y V t M 1 v a k f 6 L V j d E R o 4643 c V b F W 7 U w 8 Z I Y 4 E w n 7 W q g u g F Y / l j
"deleted" : false ,
"disable_correlation" : false ,
"object_relation" : "malware-sample" ,
"timestamp" : "1584795972" ,
"to_ids" : true ,
"type" : "malware-sample" ,
"uuid" : "5e761144-8a50-4a47-a598-47480a0a020f" ,
"value" : "SOA AS AT 29 FEB. 2020.xlsx|71f2c5eb6d2e98447d1716cacba2b561"
} ,
{
"category" : "Payload delivery" ,
"comment" : "" ,
"deleted" : false ,
"disable_correlation" : false ,
"object_relation" : "filename" ,
"timestamp" : "1584795972" ,
"to_ids" : false ,
"type" : "filename" ,
"uuid" : "5e761144-2224-44de-aa0b-43470a0a020f" ,
"value" : "SOA AS AT 29 FEB. 2020.xlsx"
} ,
{
"category" : "Payload delivery" ,
"comment" : "" ,
"deleted" : false ,
"disable_correlation" : false ,
"object_relation" : "md5" ,
"timestamp" : "1584795972" ,
"to_ids" : true ,
"type" : "md5" ,
"uuid" : "5e761144-cf18-4a6d-bfcf-4fe30a0a020f" ,
"value" : "71f2c5eb6d2e98447d1716cacba2b561"
} ,
{
"category" : "Payload delivery" ,
"comment" : "" ,
"deleted" : false ,
"disable_correlation" : false ,
"object_relation" : "sha1" ,
"timestamp" : "1584795972" ,
"to_ids" : true ,
"type" : "sha1" ,
"uuid" : "5e761144-5374-43ea-b647-4e440a0a020f" ,
"value" : "87fa9e824272c8ef8c465b589362b8a13941f403"
} ,
{
"category" : "Payload delivery" ,
"comment" : "" ,
"deleted" : false ,
"disable_correlation" : false ,
"object_relation" : "sha256" ,
"timestamp" : "1584795972" ,
"to_ids" : true ,
"type" : "sha256" ,
"uuid" : "5e761144-8a88-4376-b4dd-47900a0a020f" ,
"value" : "207e6fe2a7fae906d9cb12d5c1ce67b4c9f9a6c5e8787fb7dda9496834122b18"
} ,
{
"category" : "Other" ,
"comment" : "" ,
"deleted" : false ,
"disable_correlation" : true ,
"object_relation" : "size-in-bytes" ,
"timestamp" : "1584795972" ,
"to_ids" : false ,
"type" : "size-in-bytes" ,
"uuid" : "5e761144-5738-4b5c-bcf6-467c0a0a020f" ,
"value" : "908288"
}
]
} ,
{
"comment" : "" ,
"deleted" : false ,
"description" : "File object describing a file with meta-information" ,
"meta-category" : "file" ,
"name" : "file" ,
"template_uuid" : "688c46fb-5edb-40a3-8273-1af7923e2215" ,
"template_version" : "17" ,
"timestamp" : "1584797675" ,
"uuid" : "5e7617c8-b490-4181-b9ef-477a0a0a020f" ,
"Attribute" : [
{
"category" : "Artifacts dropped" ,
"comment" : "" ,
"data" : " U E s D B B Q A C Q A I A E B s d V D M 35 g 7 Q X g K A A A o E Q A g A B w A N T g 4 Z j c 0 M z V j M G Y 2 M G M 2 M j Z l Z j F h Y T Y 2 O D Z k N D k 4 Y z N V V A k A A 8 g X d l 7 I F 3 Z e d X g L A A E E I Q A A A A Q h A A A A C o F Q C a r 9 z H F H r E I F K a K p h l + U s u i 7 i / h X 7 g X S d y e j f H h p b 1 l i p 8 E R H D D / K k T 5 c 4 d 2 T 1 p y + + d n 9 s D m U 5 f 22 F a g L f S u c Z M e + 5 d c 84 e B Q B J m 3 z A m X P 9 g y K m u F p C O g m E q V x z Q 0 5 m z d A Y a w q 1 p I Y l d 6 c 5 Z 1 M + j N E S h P P X 5 Q x f x G L f D 4 m / n H V U 9 z y G 33 S c C o L C A x q g C 1 Z 5 + u M O d 3 J 562 a H a f 2 P E N 1 M y T r J V A B u F M u 9 L 6 o M L T r B y v N G X a U O k P E K R 82 k + o N t m T //S/nd7YAPG1D1t0+kBjNlTTzBaeM61ABlyEGwcI6vME6hLc1m6RdM+D2d/C+hT7Aeoim5mMWdGXdHFrcTBOHBPsLgYbztlaZQX5tpDOhU/jWPVoGm1nIX2X3tN/G4lSgoMobke3J976/Mt8TA4boKg8huUb4aT9j/+ndsPNKNhsaBsYT2D1cBNtyTrHQKFeZcwb66gDMWKMhP1T7I5mkZxMDi/BNTiC1E+SVy9y4drR0V5LPABexNYLDsY0QkJ3yKo8thR2INjwvH1GQqj2RwnWLKviYt6RkjJYQYmvU7W6X48bk4TPG8rf24nAKUR+yju1c+NSzKwaEu+181Vd4i3leVj++eJMg9XxMstLymC6eZ2SzvudPMZ83QUkt5YzCqDQ/q4xi0NoibUR7bWYM4GRtKIh7tj8JyPgYK7PkQwLavItW1qTkrDdkfrcPIK5kvNLVktghoqAv8U0pTjzvh6lLorjbXCFRBKl3DEk47SvFQVxC5hyErtDcVSgTTBWFZNpdJjvYmbNCIpOPRO/EWvnh73epduYKXX+ORBeoyOONgW9x6rOZDkeVTgAo76l41zrWr15L9OeIQCafqVmKJTMytvPoAjZswxjjuE3VNa500X7oXkRrt1V5QHIJAgTJSG6sR55wNGjwGc/GeylgFWbnjutUGYj5h18nDG+NqiASfeiFAF5ejlMZtJhjb7kAtnb07z05x3PGHamYnMNk3nFR4mzJOh+26Esx5WQ7qJizn60BGy7a7Tghk7Oxh3KPIZGMdTKamc+AZrNDmr0Gs7g7BTrM1YAMDhcJIQBU1gNTuQbPiMtLAz8vlxdmiyClGvrldG9u1v1ICob5BnvrKG4V0Vk6mX51LHqeWlEms/OmTruNfIVTW2Czno8tt0hOXd1Fw+v/cuUwvNP5ePkzzZM7Rgcvjpls4PGe4nphFeKiXu+mUaB73xJL7jQuGTIEhIZfXOJ0WfH20DODcAr1/4rQTdtsUa5IW87fymeDwOar/caXeu6pTutP4z0IB1G/wR08c0oGpU+2br7yqITgSVaGknnVV1cmNffVUWsjUYB0aBvCYY2E6fLPk0dwopeT2B2gbfNGbfoEK6KVxFuaU+SZJ0ZZLRCmRet2JyviXDBK7jt/ZCobdnCIvayu/XDuCNaAsPPq/5skYgbvEN1kWLT+G4CArZSgNEm/3piJimMGvNo62hNqh6DWbOajXGbz1JgNZhcrIWVDAUEPnZUcXQuBDiPSXaC25iw3fyXDo6hXgH7BYZGMz8av+ATqM3umRI8AlJqqczimV3c7PemUM1bg4uDlcTEo7oCuDUza0B0Xd3lP49Yi615QNtdLot8tTYnAeiUonO/6gNGqXPA/EeI44VrkFrGUDtDW2WaPcPNhob0Yk7BVitMsm3aFGSZ9BxTGtFCE9yG9Bx/rLdZ9Z37g2D3Z9GyHHyPmtVOZLN9plxyLiDJlN8NugzJUjVYlkLnDwv49TE5akuMhWJ2K3CiZwCrSK8XVDyck8Z4IcNhvUL4Zimqh2HzQ9PjXGpaPGgU2HqlLexliTYvJiA9IsA9XLjON1BDxtzwo2J38TbBkD1GKnaTzzFeC2+tFVscgwF11viBTa2GxoRfaB14XiFIrzA4+/jh/Bp5TDSwpPJrvtUnSe96ycfDXSKaHXIQ/gIwSDc3a/vR29TM8vt2WXM6Ih0JisoCf//Ycls7UoL54ZiRlOhx3JFcczT/0bNVIB0JUROu8Pyt6JUFadr8/E3xehoq6H/cQCp5yeZ4TOqiU/WhgM1T6pQDIVk4ndX51mzohf5NCMXxqqqY+k6jIki+CsOKCRzSiox8t0sEj31/hjyw4c0b2XEk4a0wmVCrHG4Qm8kNoRmEWLHQuGi7uLICGvkwK29JHBgs+nz7bfSrG5uMeOZj+70JGKfDav8JWC3aDNzI1XbQZWHQmErPeBHQcS9WbunxDCc2ku2Zx+1Ft/xHJsnHu7I8B5Q65wV1p3n1hyF0vhPHfcSNjGLGOAoEa4v2QWaVWD8Wmvs1ej5giu709BS2eWLx1PTgNeaCa9YeK7NG8EppJrrg8DV3J/ahnZJNvHssvStPTXZWBdCw0T1s52++sr+LIz8oq/WlqLd+4A++luTPmCr5WM54BktlC6Jm8EFXmg/u2FJNDrgjaqIIbHmHkMeMoPLzz/PMeZVXGCsOFMSdHp+nC/CuL5un8cA5s1vtXlCE5KW9QiVny2JaF88jMs8+S1bfM99YcIbIP3c7jMmbrmZhVFszbK8VDb33nQKNGT7efl/BUj32zVZfkMgJd+8M71mfYfbE325poAaQNuMQO1wtDJd+Z1A9FptyiAv0GwfVw4nzGj8bpIuVe+xWfZvIW2fwUovP1QKQ59R80ZN/iwsn6yMD9IyyMw03QhcuucxiaTxNsgDL9UPwNF9Pe+9ECJNPkhvZdX7KoZ+8E1WgFpUjPgcwEnV6I428PVfNfqyk2Yv4ik1I2tncczM3Gg7yRcIVUBrXH2gKSemGOvPwwsKJF3il4uwmd3cB/Vu3GyB87YE4yd0ajik0pKReGmV+rBXyNrDpSymQl4AmtuIGt+E2tyt9Y//iH+VUU1uiPTQ0fSdgvbFAEulS5j0WvnJNqNUV7kg6Z+MHzN0ORMveMI1d7/YyZmVpyqdygG1CcXkGQ56RYoD2HG3Kl9i3IhnDbexVDplgzGjAzCEPuKZnEavQnUj55H4yeNkkMIvhLsjn8janTrpLhGtETRSGiLr27HSoPVHKWik/Y1xEnbhWqnzLz3Km/bYzhtjr5kWWC1DcxyRfufKjdDqaUb7mKbQLqzqgA9mWwV8fmUBfjaDHfWNDm5xmDnIzoJncNuLOG6bQzICnYuPaq09yhoKy5D9IvWON7KANrIZj4A4rvMcXaAmafs7BQdjObhy0POC/l6WfudkfTpqqFPaW22ct7gunEdN1AkOrtekPptm1jELGfpQzyBExECWZsejDmPoBvJoOkztN0V6bHa4CvLY/3ndRYxHCgCe49AfNeDbVeTBbjHDxBmBTPQEI+puKmlenq4nXsgtJtJhK6rD5CAfFfEYGF3vXqHP++1lEeNYij1GLlzxNiqBabOXCWuzIsL7a0vSweu2Z355eDgZ9KIY5TqHVXwjKp48SF3nNe9+2Gwi1cFmron+m6QU+m1OtS/LyteDK0JfQdwH6QIDGLHYZ5z99xAOg2yzZAqzo5fzM+Ww4rwGUz6pLZgrQiMaI/w9+2FIESr8aFjXnQr5QamJoCsR9TDl9259DzaG4Q8I7/kTyiszkCaDCZXc7KdtZIGmtNNEgJq2guXLTs0qAoOlcUipkgMXEsXeJ3a+vzon0YyxUuXzLGJPqDsLC5pOMxRRTVQJgRFxERFoClO9H0KLo7NM+rrQu4W7GV+RfmgFcCkFJEu+4HWige3wCiBiOE5s+/l12EPFsqAhCShMNIKKG1kOUijzRI+77l6Id0kmxFaylN5MGGSWxl1hHM3v0UJEY/fcr8lmWZ6jRbcM1CsOMWJZFzsFm5QILThS/MXl2fJDgD6QvGCM1RBXA2D74TBGmkccjjIaV0T8AfNInXszjoGxcVMROUteiIx8y1Upt66a4d21kF3UPsrXUige18GZ4e8TxXQeJjjxrUNQIf2TWtbeEhSQAo4N34bHn87L03F+pb4rGwjcFt2nU/GLNtfzaw0S4pLZ/HceV777Zn
"deleted" : false ,
"disable_correlation" : false ,
"object_relation" : "malware-sample" ,
"timestamp" : "1584797675" ,
"to_ids" : true ,
"type" : "malware-sample" ,
"uuid" : "5e7617c8-bfc0-46ed-9f31-44fe0a0a020f" ,
"value" : "vbc.exe|588f7435c0f60c626ef1aa6686d498c3" ,
"Tag" : [
{
"colour" : "#6ed8f0" ,
2023-05-19 09:05:37 +00:00
"local" : "0" ,
"name" : "Lokibot" ,
"relationship_type" : ""
2023-04-21 13:25:09 +00:00
}
]
} ,
{
"category" : "Artifacts dropped" ,
"comment" : "" ,
"deleted" : false ,
"disable_correlation" : false ,
"object_relation" : "filename" ,
"timestamp" : "1584797640" ,
"to_ids" : false ,
"type" : "filename" ,
"uuid" : "5e7617c8-f4dc-4d53-8e10-4fb10a0a020f" ,
"value" : "vbc.exe"
} ,
{
"category" : "Artifacts dropped" ,
"comment" : "" ,
"deleted" : false ,
"disable_correlation" : false ,
"object_relation" : "md5" ,
"timestamp" : "1584797640" ,
"to_ids" : true ,
"type" : "md5" ,
"uuid" : "5e7617c8-ec08-473a-9407-48cf0a0a020f" ,
"value" : "588f7435c0f60c626ef1aa6686d498c3"
} ,
{
"category" : "Artifacts dropped" ,
"comment" : "" ,
"deleted" : false ,
"disable_correlation" : false ,
"object_relation" : "sha1" ,
"timestamp" : "1584797640" ,
"to_ids" : true ,
"type" : "sha1" ,
"uuid" : "5e7617c8-842c-4618-8f7d-47bc0a0a020f" ,
"value" : "8ae273618ff5a22bf2ee880d6ce8327aa8a1a4ba"
} ,
{
"category" : "Artifacts dropped" ,
"comment" : "" ,
"deleted" : false ,
"disable_correlation" : false ,
"object_relation" : "sha256" ,
"timestamp" : "1584797640" ,
"to_ids" : true ,
"type" : "sha256" ,
"uuid" : "5e7617c8-45d8-483c-ae90-4ab10a0a020f" ,
"value" : "d04f19307af75f77ec2e418bc6a16454906b93f1117fc5b4ba84a73764b089c4"
} ,
{
"category" : "Other" ,
"comment" : "" ,
"deleted" : false ,
"disable_correlation" : true ,
"object_relation" : "size-in-bytes" ,
"timestamp" : "1584797640" ,
"to_ids" : false ,
"type" : "size-in-bytes" ,
"uuid" : "5e7617c8-6360-4a90-b6d6-44560a0a020f" ,
"value" : "1124352"
}
]
}
]
}
}