misp-circl-feed/feeds/circl/misp/704d14e0-3a68-46a2-9b20-88a781463250.json

506 lines
754 KiB
JSON
Raw Normal View History

2023-04-21 13:25:09 +00:00
{
"Event": {
"analysis": "0",
"date": "2022-07-06",
"extends_uuid": "",
"info": "[TLP:WHITE] Joint CSA: North Korean State-Sponsored Cyber Actors Use Maui Ransomware to Target the Healthcare and Public Health Sector",
"publish_timestamp": "1666860340",
"published": true,
"threat_level_id": "1",
"timestamp": "1666860331",
"uuid": "704d14e0-3a68-46a2-9b20-88a781463250",
"Orgc": {
"name": "CIRCL",
"uuid": "55f6ea5e-2c60-40e5-964f-47a8950d210f"
},
"Tag": [
{
"colour": "#004646",
2023-05-19 09:05:37 +00:00
"local": "0",
"name": "type:OSINT",
"relationship_type": ""
2023-04-21 13:25:09 +00:00
},
{
"colour": "#0071c3",
2023-05-19 09:05:37 +00:00
"local": "0",
"name": "osint:lifetime=\"perpetual\"",
"relationship_type": ""
2023-04-21 13:25:09 +00:00
},
{
"colour": "#0087e8",
2023-05-19 09:05:37 +00:00
"local": "0",
"name": "osint:certainty=\"50\"",
"relationship_type": ""
2023-04-21 13:25:09 +00:00
},
{
"colour": "#ffffff",
2023-05-19 09:05:37 +00:00
"local": "0",
"name": "tlp:white",
"relationship_type": ""
2023-04-21 13:25:09 +00:00
},
{
"colour": "#0088cc",
2023-05-19 09:05:37 +00:00
"local": "0",
"name": "misp-galaxy:malpedia=\"Maui Ransomware\"",
"relationship_type": ""
2023-04-21 13:25:09 +00:00
},
{
"colour": "#0088cc",
2023-05-19 09:05:37 +00:00
"local": "0",
"name": "misp-galaxy:ransomware=\"Maui ransomware\"",
"relationship_type": ""
2023-04-21 13:25:09 +00:00
},
{
"colour": "#7f1796",
2023-05-19 09:05:37 +00:00
"local": "0",
"name": "target:healthcare",
"relationship_type": ""
2023-04-21 13:25:09 +00:00
},
{
"colour": "#0088cc",
2023-05-19 09:05:37 +00:00
"local": "0",
"name": "misp-galaxy:country=\"north korea\"",
"relationship_type": ""
2023-04-21 13:25:09 +00:00
},
{
"colour": "#000000",
2023-05-19 09:05:37 +00:00
"local": "0",
"name": "dnc:malware-type=\"Ransomware\"",
"relationship_type": ""
2023-04-21 13:25:09 +00:00
},
{
"colour": "#39b300",
2023-05-19 09:05:37 +00:00
"local": "0",
"name": "enisa:nefarious-activity-abuse=\"ransomware\"",
"relationship_type": ""
2023-04-21 13:25:09 +00:00
},
{
"colour": "#006c6c",
2023-05-19 09:05:37 +00:00
"local": "0",
"name": "ecsirt:malicious-code=\"ransomware\"",
"relationship_type": ""
2023-04-21 13:25:09 +00:00
},
{
"colour": "#2c4f00",
2023-05-19 09:05:37 +00:00
"local": "0",
"name": "malware_classification:malware-category=\"Ransomware\"",
"relationship_type": ""
2023-04-21 13:25:09 +00:00
},
{
"colour": "#00acd1",
2023-05-19 09:05:37 +00:00
"local": "0",
"name": "veris:action:malware:variety=\"Ransomware\"",
"relationship_type": ""
2023-04-21 13:25:09 +00:00
},
{
"colour": "#000000",
2023-05-19 09:05:37 +00:00
"local": "0",
"name": "Ransomware",
"relationship_type": ""
2023-04-21 13:25:09 +00:00
},
{
"colour": "#420053",
2023-05-19 09:05:37 +00:00
"local": "0",
"name": "ms-caro-malware:malware-type=\"Ransom\"",
"relationship_type": ""
2023-04-21 13:25:09 +00:00
},
{
"colour": "#001739",
2023-05-19 09:05:37 +00:00
"local": "0",
"name": "ms-caro-malware-full:malware-type=\"Ransom\"",
"relationship_type": ""
2023-04-21 13:25:09 +00:00
}
],
"Attribute": [
{
"category": "Payload delivery",
"comment": "",
"deleted": false,
"disable_correlation": false,
"timestamp": "1657532539",
"to_ids": true,
"type": "md5",
"uuid": "c7166501-5bd1-45d8-97e3-4634136c5457",
"value": "4118d9adce7350c3eedeb056a3335346"
},
{
"category": "Payload delivery",
"comment": "",
"deleted": false,
"disable_correlation": false,
"timestamp": "1657532539",
"to_ids": true,
"type": "md5",
"uuid": "9a2762d3-7826-4a8b-a1ea-39cd309a596a",
"value": "9b0e7c460a80f740d455a7521f0eada1"
},
{
"category": "Payload delivery",
"comment": "",
"deleted": false,
"disable_correlation": false,
"timestamp": "1657532539",
"to_ids": true,
"type": "md5",
"uuid": "e5748b36-87ab-4cf8-a6ad-9bc041f0581f",
"value": "fda3a19afa85912f6dc8452675245d6b"
},
{
"category": "Payload delivery",
"comment": "",
"deleted": false,
"disable_correlation": false,
"timestamp": "1657532539",
"to_ids": true,
"type": "md5",
"uuid": "6a01d26b-6d7a-4000-8a1a-67d923c04e69",
"value": "2d02f5499d35a8dffb4c8bc0b7fec5c2"
},
{
"category": "Payload delivery",
"comment": "",
"deleted": false,
"disable_correlation": false,
"timestamp": "1657532539",
"to_ids": true,
"type": "md5",
"uuid": "138f9eeb-2858-4dff-84e9-bf9d7589b72e",
"value": "c50b839f2fc3ce5a385b9ae1c05def3a"
},
{
"category": "Payload delivery",
"comment": "",
"deleted": false,
"disable_correlation": false,
"timestamp": "1657532539",
"to_ids": true,
"type": "md5",
"uuid": "c3284cf6-25c7-4f2b-881d-bce199505b0f",
"value": "a452a5f693036320b580d28ee55ae2a3"
},
{
"category": "Payload delivery",
"comment": "",
"deleted": false,
"disable_correlation": false,
"timestamp": "1657532539",
"to_ids": true,
"type": "md5",
"uuid": "857759e8-3c07-4b70-aade-5fe7b5da8460",
"value": "a6e1efd70a077be032f052bb75544358"
},
{
"category": "Payload delivery",
"comment": "",
"deleted": false,
"disable_correlation": false,
"timestamp": "1657532539",
"to_ids": true,
"type": "md5",
"uuid": "ef68bbc5-3aaa-40bc-ae02-a2e7d95feb5e",
"value": "802e7d6e80d7a60e17f9ffbd62fcbbeb"
},
{
"category": "Payload delivery",
"comment": "",
"deleted": false,
"disable_correlation": false,
"timestamp": "1657532589",
"to_ids": true,
"type": "sha256",
"uuid": "f6ae8d8a-5704-46f9-b403-a314c8096c23",
"value": "5b7ecf7e9d0715f1122baf4ce745c5fcd769dee48150616753fec4d6da16e99e"
},
{
"category": "Payload delivery",
"comment": "",
"deleted": false,
"disable_correlation": false,
"timestamp": "1657532589",
"to_ids": true,
"type": "sha256",
"uuid": "ce8554b9-1602-4476-bbc3-7869be2a91b5",
"value": "45d8ac1ac692d6bb0fe776620371fca02b60cac8db23c4cc7ab5df262da42b78"
},
{
"category": "Payload delivery",
"comment": "",
"deleted": false,
"disable_correlation": false,
"timestamp": "1657532589",
"to_ids": true,
"type": "sha256",
"uuid": "22449f76-157d-41ae-b5a5-f9b36266e279",
"value": "56925a1f7d853d814f80e98a1c4890b0a6a84c83a8eded34c585c98b2df6ab19"
},
{
"category": "Payload delivery",
"comment": "",
"deleted": false,
"disable_correlation": false,
"timestamp": "1657532589",
"to_ids": true,
"type": "sha256",
"uuid": "2536c3ce-4061-4f9c-b9c4-c06d6ecd0db3",
"value": "830207029d83fd46a4a89cd623103ba2321b866428aa04360376e6a390063570"
},
{
"category": "Payload delivery",
"comment": "",
"deleted": false,
"disable_correlation": false,
"timestamp": "1657532589",
"to_ids": true,
"type": "sha256",
"uuid": "2d0749f9-0913-4c9d-93f2-bcc69cb513b2",
"value": "458d258005f39d72ce47c111a7d17e8c52fe5fc7dd98575771640d9009385456"
},
{
"category": "Payload delivery",
"comment": "",
"deleted": false,
"disable_correlation": false,
"timestamp": "1657532589",
"to_ids": true,
"type": "sha256",
"uuid": "cec55dab-f351-4c61-a998-0f8b8c3f9851",
"value": "99b0056b7cc2e305d4ccb0ac0a8a270d3fceb21ef6fc2eb13521a930cea8bd9f"
},
{
"category": "Payload delivery",
"comment": "",
"deleted": false,
"disable_correlation": false,
"timestamp": "1657532589",
"to_ids": true,
"type": "sha256",
"uuid": "15fa7f34-5106-4671-b4c5-9073137ed92f",
"value": "3b9fe1713f638f85f20ea56fd09d20a96cd6d288732b04b073248b56cdaef878"
},
{
"category": "Payload delivery",
"comment": "",
"deleted": false,
"disable_correlation": false,
"timestamp": "1657532589",
"to_ids": true,
"type": "sha256",
"uuid": "34fea72d-0bcb-4fa1-9a16-07d70d376fcb",
"value": "87bdb1de1dd6b0b75879d8b8aef80b562ec4fad365d7abbc629bcfc1d386afa6"
}
],
"Object": [
{
"comment": "",
"deleted": false,
"description": "Metadata used to generate an executive level report",
"meta-category": "misc",
"name": "report",
"template_uuid": "70a68471-df22-4e3f-aa1a-5a3be19f82df",
"template_version": "5",
"timestamp": "1657282234",
"uuid": "6120480d-1d15-409f-a867-61d92d89b55f",
"Attribute": [
{
"category": "External analysis",
"comment": "",
"deleted": false,
"disable_correlation": false,
"object_relation": "link",
"timestamp": "1657282234",
"to_ids": false,
"type": "link",
"uuid": "657d3f21-21f8-4bce-bc86-8b72118215f2",
"value": "https://www.cisa.gov/uscert/ncas/alerts/aa22-187a"
},
{
"category": "External analysis",
"comment": "",
"deleted": false,
"disable_correlation": false,
"object_relation": "link",
"timestamp": "1657282234",
"to_ids": false,
"type": "link",
"uuid": "ed55e806-c3aa-4398-834c-c057dc09cafd",
"value": "https://www.cisa.gov/uscert/sites/default/files/publications/aa22-187a-north-korean%20state-sponsored-cyber-actors-use-maui-ransomware-to-target-the-hph-sector.pdf"
},
{
"category": "Other",
"comment": "",
"deleted": false,
"disable_correlation": false,
"object_relation": "summary",
"timestamp": "1657282234",
"to_ids": false,
"type": "text",
"uuid": "ce969de8-fc66-49a3-9b63-cde9861cdc2d",
"value": "Since May 2021, the FBI has observed and responded to multiple Maui ransomware incidents at HPH Sector organizations. North Korean state-sponsored cyber actors used Maui ransomware in these incidents to encrypt servers responsible for healthcare services\u2014including electronic health records services, diagnostics services, imaging services, and intranet services. In some cases, these incidents disrupted the services provided by the targeted HPH Sector organizations for prolonged periods. The initial access vector(s) for these incidents is unknown."
},
{
"category": "Other",
"comment": "",
"deleted": false,
"disable_correlation": true,
"object_relation": "type",
"timestamp": "1657282234",
"to_ids": false,
"type": "text",
"uuid": "65182fe5-d52b-4ebd-ba23-bf6e2b3f0ffa",
"value": "Alert"
},
{
"category": "External analysis",
"comment": "",
"data": "JVBERi0xLjYNJeLjz9MNCjQ0OSAwIG9iag08PC9MaW5lYXJpemVkIDEvTCA1NjY4NDUvTyA0NTEvRSAzNDAzNzAvTiA3L1QgNTY2MzQ4L0ggWyA1NjcgNDIzXT4+DWVuZG9iag0gICAgICAgICAgICAgDQo0ODUgMCBvYmoNPDwvRGVjb2RlUGFybXM8PC9Db2x1bW5zIDUvUHJlZGljdG9yIDEyPj4vRmlsdGVyL0ZsYXRlRGVjb2RlL0lEWzwxNEYyMzRCOEI2QUUwNjRCOTAxRDBBQTZBMEM0N0M3OT48RDExNjA5Qzc1OTM1Njg0MzhEQjgwMDIyREE4NUIyNjE+XS9JbmRleFs0NDkgNjVdL0luZm8gNDQ4IDAgUi9MZW5ndGggMTU5L1ByZXYgNTY2MzQ5L1Jvb3QgNDUwIDAgUi9TaXplIDUxNC9UeXBlL1hSZWYvV1sxIDMgMV0+PnN0cmVhbQ0KaN5iYmRgEGBgYmBgPgciGVeASKYnIJL9CpidBSJZu0EkCz9YRBLM/gZmXwbr6gSzz4DF3cHqt4DZGmDyP4i0WQ5mswFJxlXcILbOWRBZUQ4ilZaCxLV/g9hpP8Gm6YNIjyowOwlEyvaB2TlAkklBAWxaGYjUnAEiOb1AZI8ZiOQSB5J/TIB6GRkYA0AiQDcOUvI/A2PxM4AAAwDFRhq9DQplbmRzdHJlYW0NZW5kb2JqDXN0YXJ0eHJlZg0KMA0KJSVFT0YNCiAgICAgIA0KNTEzIDAgb2JqDTw8L0MgMzU4L0ZpbHRlci9GbGF0ZURlY29kZS9JIDM4MC9MZW5ndGggMzI4L08gMzQyL1MgMjIwPj5zdHJlYW0NCmjeYmBgYGZgYLrPwMrAIHKFQZgBAYSBYmwMLAwcP1oMGxgWszMu2iC8j43NQSWHQbOBgSFlpuXRB3DFLIpHFWYtmvJygqvKlUkGTjJBWTOeCHo6ABlay4LSLFmCfD1fTBBolVuVqqbZN69F0MtVGahlVZTnjJcvHEWWBAi0i3StBLMnMygbV3R0MDAIKYUDaSBDsBzMVUsHcRsYGAXNgAJgCZVyiIgLiMZwIRDIMrBt8AbSSkCsDRYJYRBkOMG4gMHpgHOB7A12EXYXxnqGWQ1xDHUJbgxyC/jWlC1j3hRyu+ueP0uSqGCo5bQpzNs81Bja2f0alAX/HFAUWCgg+Kb7EcvDmYIMxkduCW6MYC5zmMXAwO7fYMaQqQAPEDUGjpzJQJoRGLongLQ6A0d+NCiggI4ShavSZeBYcAOiivEcQIABAMxAZYQNCmVuZHN0cmVhbQ1lbmRvYmoNNDUwIDAgb2JqDTw8L0xhbmco/v8ARQBOAC0AVQBTKS9NYXJrSW5mbzw8L01hcmtlZCB0cnVlPj4vTWV0YWRhdGEgNDMgMCBSL091dGxpbmVzIDc0IDAgUi9QYWdlTGF5b3V0L09uZUNvbHVtbi9QYWdlcyA0NDcgMCBSL1N0cnVjdFRyZWVSb290IDk5IDAgUi9UeXBlL0NhdGFsb2c+Pg1lbmRvYmoNNDUxIDAgb2JqDTw8L0Fubm90cyA0ODYgMCBSL0NvbnRlbnRzWzQ1NCAwIFIgNDU1IDAgUiA0NTcgMCBSIDQ2MSAwIFIgNDYyIDAgUiA0NjMgMCBSIDQ2NCAwIFIgNDY2IDAgUl0vQ3JvcEJveFswLjAgMC4wIDYxMi4wIDc5Mi4wXS9Hcm91cCA1MTIgMCBSL01lZGlhQm94WzAuMCAwLjAgNjEyLjAgNzkyLjBdL1BhcmVudCA0NDcgMCBSL1Jlc291cmNlczw8L0V4dEdTdGF0ZTw8L0dTMCA0OTEgMCBSPj4vRm9udDw8L1RUMCA0OTMgMCBSL1RUMSA0OTUgMCBSL1RUMiA0OTcgMCBSL1RUMyA0OTkgMCBSL1RUNCA1MDEgMCBSL1RUNSA1MDMgMCBSL1RUNiA1MDUgMCBSL1RUNyA1MDcgMCBSPj4vUHJvY1NldFsvUERGL1RleHQvSW1hZ2VDXS9YT2JqZWN0PDwvSW0wIDQ2NSAwIFIvSW0xIDQ3OCAwIFIvSW0yIDQ4MCAwIFIvSW0zIDQ4MiAwIFIvSW00IDQ4NCAwIFI+Pj4+L1JvdGF0ZSAwL1N0cnVjdFBhcmVudHMgMC9UYWJzL1MvVHlwZS9QYWdlPj4NZW5kb2JqDTQ1MiAwIG9iag08PC9GaWx0ZXIvRmxhdGVEZWNvZGUvRmlyc3QgMjMyL0xlbmd0aCAxNjQ5L04gMjcvVHlwZS9PYmpTdG0+PnN0cmVhbQ0KaN60mFtT2zoQgP+KHtvpEOsuq9NhmnArPdBSwm1geHCDCx6CnXFMW/792ZXsJDaJg3PmjEeRLO1Kq+jblWQZakKJDA2RFrKQMIOvlnDLoArKDBKUFUcRTjQXkAsSKgm5JEzYEAqKMC00FDThTCooGMIF6kMz16AoLXbKLVGUEiGMgQIjQgsBBWimmkIBOhdcQgF6N1RBAfvSGgqQRIg1oKklh0JIlG+yRFMG1WCrpgpkGIMCWKkYWMzAsBucIiWnbo4+tz4HG10OPbpcuPrbT5+CvhsCXoLBEF6H8Jy9TOJgkOV3cR5cErq9Xb7cYCf0NvgSHAan8ai44dT2rIC/x0AOQwom4J0RZlkPTLkNhs8/C+zsKEkffbf9NM2K7e1yYLvxwLInDIflCHtuHUPbo9JUhqwdmNENB1a6B2vFOO8hHkyIHk4Cc2v5+mHZhsMa2bOKSQCpR2E03uMIpgEj7JpBD4fkVzSewjDHwbcsf4rGwU6fsB4Nvp+ULd9PjgkLhn1S5M9xMDyOpo8gmsa+r72/xcGwiIo4GEVOL5t4Pd//dBSnBWFU0mAnmnyJk/uHghimg93YN20JroL9cXQ/JYIH+1laDAbZ35strZVrI5yCq2AHt651P3pKxi/v+nkSjd/7mmQcg+toh7ar+RY9xcFpv3/97eSDEzw+c/XDIo+L0UM1Uay69BZJSoPDIhono356P44JDYZF/HRBwtDPEkXR4jyZFFkeXJUTUcy6aQ6iaYwizUH30lF2l6T3wWWS9tNpMnvfT/JpsfMQ5dWk5527AIMzOYpKEabYbBHPYA2cRWfZeZpAbzGRSjj5maEw2l3xML3hBh0XH6V0WRIQaTBhGduxjDkmlHpLmvfrHw1/PSbDuUvuHVg2IIfvrm/q5VA/hDGdLNRrt2w1rbJspZz1jPV+1PqcXKK0ZtmsjCNz7toxx1GbMxEu7tK5HvW2uD7L1O3BkaoyA3JvF93A2nC9F1i94AUKArrzAiaURf01TmB4wwl2z08qHrc84J19YYvx0hss7+gNS0ff0ClkwymkbnUK0+oUAvbH+aK1OUUNtTLRV+6w6BKMMrXSJ2jNIxY903sCXZCkzgdeM/Z/kv8fuL+tR3xWZ10tsG70Utbh7INteJpy/+Ja2GUd9h/nB3vXpyVug2x890bgzUrgGWxbnYhfbcIbqFfha+p1g3r4H1upV8upr+iuP2YhWHV95n6wCHHlB5iH7nBZehiUQaqBiNIrw+EMkfqhgIcekfJQAD2uORTYOiL9073jr1cL69MZjupkAOfpbmgsG3rDUBg2oOC8/Xyg150P1gXC+iliHgYrnddQrY57LsZBzdtPAcvhQ6nFHO3A8vysUMVFBLFqqVIJ5EwLy2bxDNTcupVcYBUsW2BVsGWsMjjGYRtgCnc50K+hup9H6eM4SclBVjwkIzLIssc6uWGd3OvDH4OL6w+VnlfbQrUNj7amnV+4v9T5bTFgI4z9HlPDWLZjHK7AWK3clJRPDhm4469Lc+kZaHBr1nANVwYQksZtj+Gsb2FkDUof75TGjwhqdeTkKCfxzg7XbMUBRuo/L8zsFpVk5WIoD9c7vOzLKmZL5sd4haqm61Gt7bycqwrVUKJ+N1SNrqO6d3jdh2PfElI8h53Pn29GVtWRXWvIhuA272e8/X5mTFdwX4PY1qY0YqiM3ngz96iH5W+FnWrEXkTV44gAC/wENYeRq0a85CshpGZZvORMuTaA0ArUb4XwOL5Lnp/qGLI6ht//udq9umiuvlfcMGYyxr
"deleted": false,
"disable_correlation": false,
"object_relation": "report-file",
"timestamp": "1657282234",
"to_ids": false,
"type": "attachment",
"uuid": "0dd6ed29-bb62-4b6d-ba10-afcce02978ff",
"value": "aa22-187a-north-korean state-sponsored-cyber-actors-use-maui-ransomware-to-target-the-hph-sector.pdf"
}
]
},
{
"comment": "",
"deleted": false,
"description": "File object describing a file with meta-information",
"meta-category": "file",
"name": "file",
"template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215",
"template_version": "24",
"timestamp": "1657531990",
"uuid": "d7942518-41c8-4d63-9981-2240d92984f1",
"Attribute": [
{
"category": "Payload delivery",
"comment": "",
"deleted": false,
"disable_correlation": false,
"object_relation": "sha256",
"timestamp": "1657531990",
"to_ids": true,
"type": "sha256",
"uuid": "f61491c0-29b9-424a-8990-2b89b8d9ac63",
"value": "5b7ecf7e9d0715f1122baf4ce745c5fcd769dee48150616753fec4d6da16e99e"
},
{
"category": "Payload delivery",
"comment": "",
"deleted": false,
"disable_correlation": true,
"object_relation": "filename",
"timestamp": "1657531990",
"to_ids": true,
"type": "filename",
"uuid": "46f089da-432c-46ad-a09d-988b0fa5cf11",
"value": "maui.exe"
}
]
},
{
"comment": "",
"deleted": false,
"description": "File object describing a file with meta-information",
"meta-category": "file",
"name": "file",
"template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215",
"template_version": "24",
"timestamp": "1657532400",
"uuid": "404a83c0-700c-4cbb-8def-2bb802bc8723",
"Attribute": [
{
"category": "Payload delivery",
"comment": "RSA private key",
"deleted": false,
"disable_correlation": false,
"object_relation": "filename",
"timestamp": "1657532400",
"to_ids": true,
"type": "filename",
"uuid": "45cad555-5fee-4324-a82e-f8f7f45b0ee2",
"value": "maui.evd"
}
]
},
{
"comment": "",
"deleted": false,
"description": "File object describing a file with meta-information",
"meta-category": "file",
"name": "file",
"template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215",
"template_version": "24",
"timestamp": "1657532407",
"uuid": "29f55101-c92f-427f-a48c-f1b422acc352",
"Attribute": [
{
"category": "Payload delivery",
"comment": "contains output from Maui execution",
"deleted": false,
"disable_correlation": false,
"object_relation": "filename",
"timestamp": "1657532407",
"to_ids": true,
"type": "filename",
"uuid": "59448f79-c973-41bc-a696-ac846313e21e",
"value": "maui.log"
}
]
},
{
"comment": "",
"deleted": false,
"description": "File object describing a file with meta-information",
"meta-category": "file",
"name": "file",
"template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215",
"template_version": "24",
"timestamp": "1657532413",
"uuid": "926e1339-d22d-4de0-b77e-987842bd5cd2",
"Attribute": [
{
"category": "Payload delivery",
"comment": "",
"deleted": false,
"disable_correlation": false,
"object_relation": "filename",
"timestamp": "1657532413",
"to_ids": true,
"type": "filename",
"uuid": "8ce4a136-10b4-4497-ae8d-eae8485ff94d",
"value": "aui.exe"
}
]
},
{
"comment": "",
"deleted": false,
"description": "File object describing a file with meta-information",
"meta-category": "file",
"name": "file",
"template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215",
"template_version": "24",
"timestamp": "1657532419",
"uuid": "b44ce2ec-2bed-4e6e-8277-fc5c2d9e8e04",
"Attribute": [
{
"category": "Payload delivery",
"comment": "RSA public key",
"deleted": false,
"disable_correlation": false,
"object_relation": "filename",
"timestamp": "1657532419",
"to_ids": true,
"type": "filename",
"uuid": "de3d4ea8-f424-4c2b-9467-cf92050b755a",
"value": "maui.key"
}
]
}
]
}
}