2023-04-21 13:25:09 +00:00
{
"Event" : {
"analysis" : "0" ,
"date" : "2022-07-06" ,
"extends_uuid" : "" ,
"info" : "[TLP:WHITE] Joint CSA: North Korean State-Sponsored Cyber Actors Use Maui Ransomware to Target the Healthcare and Public Health Sector" ,
"publish_timestamp" : "1666860340" ,
"published" : true ,
"threat_level_id" : "1" ,
"timestamp" : "1666860331" ,
"uuid" : "704d14e0-3a68-46a2-9b20-88a781463250" ,
"Orgc" : {
"name" : "CIRCL" ,
"uuid" : "55f6ea5e-2c60-40e5-964f-47a8950d210f"
} ,
"Tag" : [
{
"colour" : "#004646" ,
2023-05-19 09:05:37 +00:00
"local" : "0" ,
"name" : "type:OSINT" ,
"relationship_type" : ""
2023-04-21 13:25:09 +00:00
} ,
{
"colour" : "#0071c3" ,
2023-05-19 09:05:37 +00:00
"local" : "0" ,
"name" : "osint:lifetime=\"perpetual\"" ,
"relationship_type" : ""
2023-04-21 13:25:09 +00:00
} ,
{
"colour" : "#0087e8" ,
2023-05-19 09:05:37 +00:00
"local" : "0" ,
"name" : "osint:certainty=\"50\"" ,
"relationship_type" : ""
2023-04-21 13:25:09 +00:00
} ,
{
"colour" : "#ffffff" ,
2023-05-19 09:05:37 +00:00
"local" : "0" ,
"name" : "tlp:white" ,
"relationship_type" : ""
2023-04-21 13:25:09 +00:00
} ,
{
"colour" : "#0088cc" ,
2023-05-19 09:05:37 +00:00
"local" : "0" ,
"name" : "misp-galaxy:malpedia=\"Maui Ransomware\"" ,
"relationship_type" : ""
2023-04-21 13:25:09 +00:00
} ,
{
"colour" : "#0088cc" ,
2023-05-19 09:05:37 +00:00
"local" : "0" ,
"name" : "misp-galaxy:ransomware=\"Maui ransomware\"" ,
"relationship_type" : ""
2023-04-21 13:25:09 +00:00
} ,
{
"colour" : "#7f1796" ,
2023-05-19 09:05:37 +00:00
"local" : "0" ,
"name" : "target:healthcare" ,
"relationship_type" : ""
2023-04-21 13:25:09 +00:00
} ,
{
"colour" : "#0088cc" ,
2023-05-19 09:05:37 +00:00
"local" : "0" ,
"name" : "misp-galaxy:country=\"north korea\"" ,
"relationship_type" : ""
2023-04-21 13:25:09 +00:00
} ,
{
"colour" : "#000000" ,
2023-05-19 09:05:37 +00:00
"local" : "0" ,
"name" : "dnc:malware-type=\"Ransomware\"" ,
"relationship_type" : ""
2023-04-21 13:25:09 +00:00
} ,
{
"colour" : "#39b300" ,
2023-05-19 09:05:37 +00:00
"local" : "0" ,
"name" : "enisa:nefarious-activity-abuse=\"ransomware\"" ,
"relationship_type" : ""
2023-04-21 13:25:09 +00:00
} ,
{
"colour" : "#006c6c" ,
2023-05-19 09:05:37 +00:00
"local" : "0" ,
"name" : "ecsirt:malicious-code=\"ransomware\"" ,
"relationship_type" : ""
2023-04-21 13:25:09 +00:00
} ,
{
"colour" : "#2c4f00" ,
2023-05-19 09:05:37 +00:00
"local" : "0" ,
"name" : "malware_classification:malware-category=\"Ransomware\"" ,
"relationship_type" : ""
2023-04-21 13:25:09 +00:00
} ,
{
"colour" : "#00acd1" ,
2023-05-19 09:05:37 +00:00
"local" : "0" ,
"name" : "veris:action:malware:variety=\"Ransomware\"" ,
"relationship_type" : ""
2023-04-21 13:25:09 +00:00
} ,
{
"colour" : "#000000" ,
2023-05-19 09:05:37 +00:00
"local" : "0" ,
"name" : "Ransomware" ,
"relationship_type" : ""
2023-04-21 13:25:09 +00:00
} ,
{
"colour" : "#420053" ,
2023-05-19 09:05:37 +00:00
"local" : "0" ,
"name" : "ms-caro-malware:malware-type=\"Ransom\"" ,
"relationship_type" : ""
2023-04-21 13:25:09 +00:00
} ,
{
"colour" : "#001739" ,
2023-05-19 09:05:37 +00:00
"local" : "0" ,
"name" : "ms-caro-malware-full:malware-type=\"Ransom\"" ,
"relationship_type" : ""
2023-04-21 13:25:09 +00:00
}
] ,
"Attribute" : [
{
"category" : "Payload delivery" ,
"comment" : "" ,
"deleted" : false ,
"disable_correlation" : false ,
"timestamp" : "1657532539" ,
"to_ids" : true ,
"type" : "md5" ,
"uuid" : "c7166501-5bd1-45d8-97e3-4634136c5457" ,
"value" : "4118d9adce7350c3eedeb056a3335346"
} ,
{
"category" : "Payload delivery" ,
"comment" : "" ,
"deleted" : false ,
"disable_correlation" : false ,
"timestamp" : "1657532539" ,
"to_ids" : true ,
"type" : "md5" ,
"uuid" : "9a2762d3-7826-4a8b-a1ea-39cd309a596a" ,
"value" : "9b0e7c460a80f740d455a7521f0eada1"
} ,
{
"category" : "Payload delivery" ,
"comment" : "" ,
"deleted" : false ,
"disable_correlation" : false ,
"timestamp" : "1657532539" ,
"to_ids" : true ,
"type" : "md5" ,
"uuid" : "e5748b36-87ab-4cf8-a6ad-9bc041f0581f" ,
"value" : "fda3a19afa85912f6dc8452675245d6b"
} ,
{
"category" : "Payload delivery" ,
"comment" : "" ,
"deleted" : false ,
"disable_correlation" : false ,
"timestamp" : "1657532539" ,
"to_ids" : true ,
"type" : "md5" ,
"uuid" : "6a01d26b-6d7a-4000-8a1a-67d923c04e69" ,
"value" : "2d02f5499d35a8dffb4c8bc0b7fec5c2"
} ,
{
"category" : "Payload delivery" ,
"comment" : "" ,
"deleted" : false ,
"disable_correlation" : false ,
"timestamp" : "1657532539" ,
"to_ids" : true ,
"type" : "md5" ,
"uuid" : "138f9eeb-2858-4dff-84e9-bf9d7589b72e" ,
"value" : "c50b839f2fc3ce5a385b9ae1c05def3a"
} ,
{
"category" : "Payload delivery" ,
"comment" : "" ,
"deleted" : false ,
"disable_correlation" : false ,
"timestamp" : "1657532539" ,
"to_ids" : true ,
"type" : "md5" ,
"uuid" : "c3284cf6-25c7-4f2b-881d-bce199505b0f" ,
"value" : "a452a5f693036320b580d28ee55ae2a3"
} ,
{
"category" : "Payload delivery" ,
"comment" : "" ,
"deleted" : false ,
"disable_correlation" : false ,
"timestamp" : "1657532539" ,
"to_ids" : true ,
"type" : "md5" ,
"uuid" : "857759e8-3c07-4b70-aade-5fe7b5da8460" ,
"value" : "a6e1efd70a077be032f052bb75544358"
} ,
{
"category" : "Payload delivery" ,
"comment" : "" ,
"deleted" : false ,
"disable_correlation" : false ,
"timestamp" : "1657532539" ,
"to_ids" : true ,
"type" : "md5" ,
"uuid" : "ef68bbc5-3aaa-40bc-ae02-a2e7d95feb5e" ,
"value" : "802e7d6e80d7a60e17f9ffbd62fcbbeb"
} ,
{
"category" : "Payload delivery" ,
"comment" : "" ,
"deleted" : false ,
"disable_correlation" : false ,
"timestamp" : "1657532589" ,
"to_ids" : true ,
"type" : "sha256" ,
"uuid" : "f6ae8d8a-5704-46f9-b403-a314c8096c23" ,
"value" : "5b7ecf7e9d0715f1122baf4ce745c5fcd769dee48150616753fec4d6da16e99e"
} ,
{
"category" : "Payload delivery" ,
"comment" : "" ,
"deleted" : false ,
"disable_correlation" : false ,
"timestamp" : "1657532589" ,
"to_ids" : true ,
"type" : "sha256" ,
"uuid" : "ce8554b9-1602-4476-bbc3-7869be2a91b5" ,
"value" : "45d8ac1ac692d6bb0fe776620371fca02b60cac8db23c4cc7ab5df262da42b78"
} ,
{
"category" : "Payload delivery" ,
"comment" : "" ,
"deleted" : false ,
"disable_correlation" : false ,
"timestamp" : "1657532589" ,
"to_ids" : true ,
"type" : "sha256" ,
"uuid" : "22449f76-157d-41ae-b5a5-f9b36266e279" ,
"value" : "56925a1f7d853d814f80e98a1c4890b0a6a84c83a8eded34c585c98b2df6ab19"
} ,
{
"category" : "Payload delivery" ,
"comment" : "" ,
"deleted" : false ,
"disable_correlation" : false ,
"timestamp" : "1657532589" ,
"to_ids" : true ,
"type" : "sha256" ,
"uuid" : "2536c3ce-4061-4f9c-b9c4-c06d6ecd0db3" ,
"value" : "830207029d83fd46a4a89cd623103ba2321b866428aa04360376e6a390063570"
} ,
{
"category" : "Payload delivery" ,
"comment" : "" ,
"deleted" : false ,
"disable_correlation" : false ,
"timestamp" : "1657532589" ,
"to_ids" : true ,
"type" : "sha256" ,
"uuid" : "2d0749f9-0913-4c9d-93f2-bcc69cb513b2" ,
"value" : "458d258005f39d72ce47c111a7d17e8c52fe5fc7dd98575771640d9009385456"
} ,
{
"category" : "Payload delivery" ,
"comment" : "" ,
"deleted" : false ,
"disable_correlation" : false ,
"timestamp" : "1657532589" ,
"to_ids" : true ,
"type" : "sha256" ,
"uuid" : "cec55dab-f351-4c61-a998-0f8b8c3f9851" ,
"value" : "99b0056b7cc2e305d4ccb0ac0a8a270d3fceb21ef6fc2eb13521a930cea8bd9f"
} ,
{
"category" : "Payload delivery" ,
"comment" : "" ,
"deleted" : false ,
"disable_correlation" : false ,
"timestamp" : "1657532589" ,
"to_ids" : true ,
"type" : "sha256" ,
"uuid" : "15fa7f34-5106-4671-b4c5-9073137ed92f" ,
"value" : "3b9fe1713f638f85f20ea56fd09d20a96cd6d288732b04b073248b56cdaef878"
} ,
{
"category" : "Payload delivery" ,
"comment" : "" ,
"deleted" : false ,
"disable_correlation" : false ,
"timestamp" : "1657532589" ,
"to_ids" : true ,
"type" : "sha256" ,
"uuid" : "34fea72d-0bcb-4fa1-9a16-07d70d376fcb" ,
"value" : "87bdb1de1dd6b0b75879d8b8aef80b562ec4fad365d7abbc629bcfc1d386afa6"
}
] ,
"Object" : [
{
"comment" : "" ,
"deleted" : false ,
"description" : "Metadata used to generate an executive level report" ,
"meta-category" : "misc" ,
"name" : "report" ,
"template_uuid" : "70a68471-df22-4e3f-aa1a-5a3be19f82df" ,
"template_version" : "5" ,
"timestamp" : "1657282234" ,
"uuid" : "6120480d-1d15-409f-a867-61d92d89b55f" ,
"Attribute" : [
{
"category" : "External analysis" ,
"comment" : "" ,
"deleted" : false ,
"disable_correlation" : false ,
"object_relation" : "link" ,
"timestamp" : "1657282234" ,
"to_ids" : false ,
"type" : "link" ,
"uuid" : "657d3f21-21f8-4bce-bc86-8b72118215f2" ,
"value" : "https://www.cisa.gov/uscert/ncas/alerts/aa22-187a"
} ,
{
"category" : "External analysis" ,
"comment" : "" ,
"deleted" : false ,
"disable_correlation" : false ,
"object_relation" : "link" ,
"timestamp" : "1657282234" ,
"to_ids" : false ,
"type" : "link" ,
"uuid" : "ed55e806-c3aa-4398-834c-c057dc09cafd" ,
"value" : "https://www.cisa.gov/uscert/sites/default/files/publications/aa22-187a-north-korean%20state-sponsored-cyber-actors-use-maui-ransomware-to-target-the-hph-sector.pdf"
} ,
{
"category" : "Other" ,
"comment" : "" ,
"deleted" : false ,
"disable_correlation" : false ,
"object_relation" : "summary" ,
"timestamp" : "1657282234" ,
"to_ids" : false ,
"type" : "text" ,
"uuid" : "ce969de8-fc66-49a3-9b63-cde9861cdc2d" ,
"value" : "Since May 2021, the FBI has observed and responded to multiple Maui ransomware incidents at HPH Sector organizations. North Korean state-sponsored cyber actors used Maui ransomware in these incidents to encrypt servers responsible for healthcare services\u2014including electronic health records services, diagnostics services, imaging services, and intranet services. In some cases, these incidents disrupted the services provided by the targeted HPH Sector organizations for prolonged periods. The initial access vector(s) for these incidents is unknown."
} ,
{
"category" : "Other" ,
"comment" : "" ,
"deleted" : false ,
"disable_correlation" : true ,
"object_relation" : "type" ,
"timestamp" : "1657282234" ,
"to_ids" : false ,
"type" : "text" ,
"uuid" : "65182fe5-d52b-4ebd-ba23-bf6e2b3f0ffa" ,
"value" : "Alert"
} ,
{
"category" : "External analysis" ,
"comment" : "" ,
"data" : " J V B E R i 0 x L j Y N J e L j z 9 M N C j Q 0 O S A w I G 9 i a g 0 8 P C 9 M a W 5 l Y X J p e m V k I D E v T C A 1 N j Y 4 N D U v T y A 0 N T E v R S A z N D A z N z A v T i A 3 L 1 Q g N T Y 2 M z Q 4 L 0 g g W y A 1 N j c g N D I z X T 4 + D W V u Z G 9 i a g 0 g I C A g I C A g I C A g I C A g D Q o 0 O D U g M C B v Y m o N P D w v R G V j b 2 R l U G F y b X M 8 P C 9 D b 2 x 1 b W 5 z I D U v U H J l Z G l j d G 9 y I D E y P j 4 v R m l s d G V y L 0 Z s Y X R l R G V j b 2 R l L 0 l E W z w x N E Y y M z R C O E I 2 Q U U w N j R C O T A x R D B B Q T Z B M E M 0 N 0 M 3 O T 48 R D E x N j A 5 Q z c 1 O T M 1 N j g 0 M z h E Q j g w M D I y R E E 4 N U I y N j E + X S 9 J b m R l e F s 0 N D k g N j V d L 0 l u Z m 8 g N D Q 4 I D A g U i 9 M Z W 5 n d G g g M T U 5 L 1 B y Z X Y g N T Y 2 M z Q 5 L 1 J v b 3 Q g N D U w I D A g U i 9 T a X p l I D U x N C 9 U e X B l L 1 h S Z W Y v V 1 s x I D M g M V 0 + P n N 0 c m V h b Q 0 K a N 5 i Y m R g E G B g Y m B g P g c i G V e A S K Y n I J L 9 C p i d B S J Z u 0 E k C z 9 Y R B L M / g Z m X w b r 6 g S z z 4 D F 3 c H q t 4 D Z G m D y P 4 i 0 W Q 5 m s w F J x l X c I L b O W R B Z U Q 4 i l Z a C x L V / g 9 h p P 8 G m 6 Y N I j y o w O w l E y v a B 2 T l A k k l B A W x a G Y j U n A E i O b 1 A Z I 8 Z i O Q S B 5 J / T I B 6 G R k Y A 0 A i Q D c O U v I / A 2 P x M 4 A A A w D F R h q 9 D Q p l b m R z d H J l Y W 0 N Z W 5 k b 2 J q D X N 0 Y X J 0 e H J l Z g 0 K M A 0 K J S V F T 0 Y N C i A g I C A g I A 0 K N T E z I D A g b 2 J q D T w 8 L 0 M g M z U 4 L 0 Z p b H R l c i 9 G b G F 0 Z U R l Y 29 k Z S 9 J I D M 4 M C 9 M Z W 5 n d G g g M z I 4 L 0 8 g M z Q y L 1 M g M j I w P j 5 z d H J l Y W 0 N C m j e Y m B g Y G Z g Y L r P w M r A I H K F Q Z g B A Y S B Y m w M L A w c P 1 o M G x g W s z M u 2 i C 8 j 43 N Q S W H Q b O B g S F l p u X R B 3 D F L I p H F W Y t m v J y g q v K l U k G T j J B W T O e C H o 6 A B l a y 4 L S L F m C f D 1 f T B B o l V u V q q b Z N 69 F 0 M t V G a h l V Z T n j J c v H E W W B A i 0 i 3 S t B L M n M y g b V 3 R 0 M D A I K Y U D a S B D s B z M V U s H c R s Y G A X N g A J g C Z V y i I g L i M Z w I R D I M r B t 8 A b S S k C s D R Y J Y R B k O M G 4 g M H p g H O B 7 A 12 E X Y X x n q G W Q 1 x D H U J b g x y C / j W l C 1 j 3 h R y u + u e P 0 u S q G C o 5 b Q p z N s 81 B j a 2 f 0 a l A X / H F A U W C g g + K b 7 E c v D m Y I M x k d u C W 6 M Y C 5 z m M X A w O 7 f Y M a Q q Q A P E D U G j p z J Q J o R G L o n g L Q 6 A 0 d + N C i g g I 4 S h a v S Z e B Y c A O i i v E c Q I A B A M x A Z Y Q N C m V u Z H N 0 c m V h b Q 1 l b m R v Y m o N N D U w I D A g b 2 J q D T w 8 L 0 x h b m c o / v 8 A R Q B O A C 0 A V Q B T K S 9 N Y X J r S W 5 m b z w 8 L 0 1 h c m t l Z C B 0 c n V l P j 4 v T W V 0 Y W R h d G E g N D M g M C B S L 0 91 d G x p b m V z I D c 0 I D A g U i 9 Q Y W d l T G F 5 b 3 V 0 L 0 9 u Z U N v b H V t b i 9 Q Y W d l c y A 0 N D c g M C B S L 1 N 0 c n V j d F R y Z W V S b 290 I D k 5 I D A g U i 9 U e X B l L 0 N h d G F s b 2 c + P g 1 l b m R v Y m o N N D U x I D A g b 2 J q D T w 8 L 0 F u b m 90 c y A 0 O D Y g M C B S L 0 N v b n R l b n R z W z Q 1 N C A w I F I g N D U 1 I D A g U i A 0 N T c g M C B S I D Q 2 M S A w I F I g N D Y y I D A g U i A 0 N j M g M C B S I D Q 2 N C A w I F I g N D Y 2 I D A g U l 0 v Q 3 J v c E J v e F s w L j A g M C 4 w I D Y x M i 4 w I D c 5 M i 4 w X S 9 H c m 91 c C A 1 M T I g M C B S L 0 1 l Z G l h Q m 94 W z A u M C A w L j A g N j E y L j A g N z k y L j B d L 1 B h c m V u d C A 0 N D c g M C B S L 1 J l c 291 c m N l c z w 8 L 0 V 4 d E d T d G F 0 Z T w 8 L 0 d T M C A 0 O T E g M C B S P j 4 v R m 9 u d D w 8 L 1 R U M C A 0 O T M g M C B S L 1 R U M S A 0 O T U g M C B S L 1 R U M i A 0 O T c g M C B S L 1 R U M y A 0 O T k g M C B S L 1 R U N C A 1 M D E g M C B S L 1 R U N S A 1 M D M g M C B S L 1 R U N i A 1 M D U g M C B S L 1 R U N y A 1 M D c g M C B S P j 4 v U H J v Y 1 N l d F s v U E R G L 1 R l e H Q v S W 1 h Z 2 V D X S 9 Y T 2 J q Z W N 0 P D w v S W 0 w I D Q 2 N S A w I F I v S W 0 x I D Q 3 O C A w I F I v S W 0 y I D Q 4 M C A w I F I v S W 0 z I D Q 4 M i A w I F I v S W 0 0 I D Q 4 N C A w I F I + P j 4 + L 1 J v d G F 0 Z S A w L 1 N 0 c n V j d F B h c m V u d H M g M C 9 U Y W J z L 1 M v V H l w Z S 9 Q Y W d l P j 4 N Z W 5 k b 2 J q D T Q 1 M i A w I G 9 i a g 0 8 P C 9 G a W x 0 Z X I v R m x h d G V E Z W N v Z G U v R m l y c 3 Q g M j M y L 0 x l b m d 0 a C A x N j Q 5 L 0 4 g M j c v V H l w Z S 9 P Y m p T d G 0 + P n N 0 c m V h b Q 0 K a N 60 m F t T 2 z o Q g P + K H t v p E O s u q 9 N h m n A r P d B S w m 1 g e H C D C x 6 C n X F M W / 792 Z X s J D a J g 3 P m j E e R L O 1 K q + j b l W Q Z a k K J D A 2 R F r K Q M I O v l n D L o A r K D B K U F U c R T j Q X k A s S K g m 5 J E z Y E A q K M C 0 0 F D T h T C o o G M I F 6 k M z 16 A o L X b K L V G U E i G M g Q I j Q g s B B W i m m k I B O h d c Q g F 6 N 1 R B A f v S G g q Q R I g 1 o K k l h 0 J I l G + y R F M G 1 W C r p g p k G I M C W K k Y W M z A s B u c I i W n b o 4 + t z 4 H G 10 O P b p c u P r b T 5 + C v h s C X o L B E F 6 H 8 J y 9 T O J g k O V 3 c R 5 c E r q 9 X b 7 c Y C f 0 N v g S H A a n 8 a i 44 d T 2 r I C / x 0 A O Q w o m 4 J 0 R Z l k P T L k N h s 8 / C + z s K E k f f b f 9 N M 2 K 7e1 y Y L v x w L I n D I f l C H t u H U P b o 9 J U h q w d m N E N B 1 a 6 B 2 v F O O 8 h H k y I H k 4 C c 2 v 5 + m H Z h s M a 2 b O K S Q C p R 2E03 u M I p g E j 7 J p B D 4 f k V z S e w j D H w b c s f 4 r G w U 6 f s B 4 N v p + U L d 9 P j g k L h n 1 S 5 M 9 x M D y O p o 8 g m s a + r 72 / x c G w i I o 4 G E V O L 5 t 4 P d //dBSnBWFU0mAnmnyJk/uHghimg93YN20JroL9cXQ/JYIH+1laDAbZ35strZVrI5yCq2AHt651P3pKxi/v+nkSjd/7mmQcg+toh7ar+RY9xcFpv3/97eSDEzw+c/XDIo+L0UM1Uay69BZJSoPDIhono356P44JDYZF/HRBwtDPEkXR4jyZFFkeXJUTUcy6aQ6iaYwizUH30lF2l6T3wWWS9tNpMnvfT/JpsfMQ5dWk5527AIMzOYpKEabYbBHPYA2cRWfZeZpAbzGRSjj5maEw2l3xML3hBh0XH6V0WRIQaTBhGduxjDkmlHpLmvfrHw1/PSbDuUvuHVg2IIfvrm/q5VA/hDGdLNRrt2w1rbJspZz1jPV+1PqcXKK0ZtmsjCNz7toxx1GbMxEu7tK5HvW2uD7L1O3BkaoyA3JvF93A2nC9F1i94AUKArrzAiaURf01TmB4wwl2z08qHrc84J19YYvx0hss7+gNS0ff0ClkwymkbnUK0+oUAvbH+aK1OUUNtTLRV+6w6BKMMrXSJ2jNIxY903sCXZCkzgdeM/Z/kv8fuL+tR3xWZ10tsG70Utbh7INteJpy/+Ja2GUd9h/nB3vXpyVug2x890bgzUrgGWxbnYhfbcIbqFfha+p1g3r4H1upV8upr+iuP2YhWHV95n6wCHHlB5iH7nBZehiUQaqBiNIrw+EMkfqhgIcekfJQAD2uORTYOiL9073jr1cL69MZjupkAOfpbmgsG3rDUBg2oOC8/Xyg150P1gXC+iliHgYrnddQrY57LsZBzdtPAcvhQ6nFHO3A8vysUMVFBLFqqVIJ5EwLy2bxDNTcupVcYBUsW2BVsGWsMjjGYRtgCnc50K+hup9H6eM4SclBVjwkIzLIssc6uWGd3OvDH4OL6w+VnlfbQrUNj7amnV+4v9T5bTFgI4z9HlPDWLZjHK7AWK3clJRPDhm4469Lc+kZaHBr1nANVwYQksZtj+Gsb2FkDUof75TGjwhqdeTkKCfxzg7XbMUBRuo/L8zsFpVk5WIoD9c7vOzLKmZL5sd4haqm61Gt7bycqwrVUKJ+N1SNrqO6d3jdh2PfElI8h53Pn29GVtWRXWvIhuA272e8/X5mTFdwX4PY1qY0YqiM3ngz96iH5W+FnWrEXkTV44gAC/wENYeRq0a85CshpGZZvORMuTaA0ArUb4XwOL5Lnp/qGLI6ht//udq9umiuvlfcMGYyxr
"deleted" : false ,
"disable_correlation" : false ,
"object_relation" : "report-file" ,
"timestamp" : "1657282234" ,
"to_ids" : false ,
"type" : "attachment" ,
"uuid" : "0dd6ed29-bb62-4b6d-ba10-afcce02978ff" ,
"value" : "aa22-187a-north-korean state-sponsored-cyber-actors-use-maui-ransomware-to-target-the-hph-sector.pdf"
}
]
} ,
{
"comment" : "" ,
"deleted" : false ,
"description" : "File object describing a file with meta-information" ,
"meta-category" : "file" ,
"name" : "file" ,
"template_uuid" : "688c46fb-5edb-40a3-8273-1af7923e2215" ,
"template_version" : "24" ,
"timestamp" : "1657531990" ,
"uuid" : "d7942518-41c8-4d63-9981-2240d92984f1" ,
"Attribute" : [
{
"category" : "Payload delivery" ,
"comment" : "" ,
"deleted" : false ,
"disable_correlation" : false ,
"object_relation" : "sha256" ,
"timestamp" : "1657531990" ,
"to_ids" : true ,
"type" : "sha256" ,
"uuid" : "f61491c0-29b9-424a-8990-2b89b8d9ac63" ,
"value" : "5b7ecf7e9d0715f1122baf4ce745c5fcd769dee48150616753fec4d6da16e99e"
} ,
{
"category" : "Payload delivery" ,
"comment" : "" ,
"deleted" : false ,
"disable_correlation" : true ,
"object_relation" : "filename" ,
"timestamp" : "1657531990" ,
"to_ids" : true ,
"type" : "filename" ,
"uuid" : "46f089da-432c-46ad-a09d-988b0fa5cf11" ,
"value" : "maui.exe"
}
]
} ,
{
"comment" : "" ,
"deleted" : false ,
"description" : "File object describing a file with meta-information" ,
"meta-category" : "file" ,
"name" : "file" ,
"template_uuid" : "688c46fb-5edb-40a3-8273-1af7923e2215" ,
"template_version" : "24" ,
"timestamp" : "1657532400" ,
"uuid" : "404a83c0-700c-4cbb-8def-2bb802bc8723" ,
"Attribute" : [
{
"category" : "Payload delivery" ,
"comment" : "RSA private key" ,
"deleted" : false ,
"disable_correlation" : false ,
"object_relation" : "filename" ,
"timestamp" : "1657532400" ,
"to_ids" : true ,
"type" : "filename" ,
"uuid" : "45cad555-5fee-4324-a82e-f8f7f45b0ee2" ,
"value" : "maui.evd"
}
]
} ,
{
"comment" : "" ,
"deleted" : false ,
"description" : "File object describing a file with meta-information" ,
"meta-category" : "file" ,
"name" : "file" ,
"template_uuid" : "688c46fb-5edb-40a3-8273-1af7923e2215" ,
"template_version" : "24" ,
"timestamp" : "1657532407" ,
"uuid" : "29f55101-c92f-427f-a48c-f1b422acc352" ,
"Attribute" : [
{
"category" : "Payload delivery" ,
"comment" : "contains output from Maui execution" ,
"deleted" : false ,
"disable_correlation" : false ,
"object_relation" : "filename" ,
"timestamp" : "1657532407" ,
"to_ids" : true ,
"type" : "filename" ,
"uuid" : "59448f79-c973-41bc-a696-ac846313e21e" ,
"value" : "maui.log"
}
]
} ,
{
"comment" : "" ,
"deleted" : false ,
"description" : "File object describing a file with meta-information" ,
"meta-category" : "file" ,
"name" : "file" ,
"template_uuid" : "688c46fb-5edb-40a3-8273-1af7923e2215" ,
"template_version" : "24" ,
"timestamp" : "1657532413" ,
"uuid" : "926e1339-d22d-4de0-b77e-987842bd5cd2" ,
"Attribute" : [
{
"category" : "Payload delivery" ,
"comment" : "" ,
"deleted" : false ,
"disable_correlation" : false ,
"object_relation" : "filename" ,
"timestamp" : "1657532413" ,
"to_ids" : true ,
"type" : "filename" ,
"uuid" : "8ce4a136-10b4-4497-ae8d-eae8485ff94d" ,
"value" : "aui.exe"
}
]
} ,
{
"comment" : "" ,
"deleted" : false ,
"description" : "File object describing a file with meta-information" ,
"meta-category" : "file" ,
"name" : "file" ,
"template_uuid" : "688c46fb-5edb-40a3-8273-1af7923e2215" ,
"template_version" : "24" ,
"timestamp" : "1657532419" ,
"uuid" : "b44ce2ec-2bed-4e6e-8277-fc5c2d9e8e04" ,
"Attribute" : [
{
"category" : "Payload delivery" ,
"comment" : "RSA public key" ,
"deleted" : false ,
"disable_correlation" : false ,
"object_relation" : "filename" ,
"timestamp" : "1657532419" ,
"to_ids" : true ,
"type" : "filename" ,
"uuid" : "de3d4ea8-f424-4c2b-9467-cf92050b755a" ,
"value" : "maui.key"
}
]
}
]
}
}