misp-circl-feed/feeds/circl/misp/3410ad13-ef34-48c9-bc6f-b1b111a30e06.json

1453 lines
7.4 MiB
JSON
Raw Normal View History

2023-04-21 13:25:09 +00:00
{
2023-12-14 14:30:15 +00:00
"Event": {
"analysis": "2",
"date": "2022-06-23",
"extends_uuid": "",
"info": "OSINT - Russia's APT28 uses fear of nuclear war to spread Follina docs in Ukraine",
"publish_timestamp": "1655990694",
"published": true,
"threat_level_id": "2",
"timestamp": "1655990647",
"uuid": "3410ad13-ef34-48c9-bc6f-b1b111a30e06",
"Orgc": {
"name": "CIRCL",
"uuid": "55f6ea5e-2c60-40e5-964f-47a8950d210f"
},
"Tag": [
{
"colour": "#12e000",
"local": "0",
"name": "misp-galaxy:threat-actor=\"Sofacy\"",
"relationship_type": ""
},
{
"colour": "#004646",
"local": "0",
"name": "type:OSINT",
"relationship_type": ""
},
{
"colour": "#0071c3",
"local": "0",
"name": "osint:lifetime=\"perpetual\"",
"relationship_type": ""
},
{
"colour": "#ffffff",
"local": "0",
"name": "tlp:white",
"relationship_type": ""
},
{
"colour": "#0088cc",
"local": "0",
"name": "misp-galaxy:target-information=\"Ukraine\"",
"relationship_type": ""
},
{
"colour": "#0088cc",
"local": "0",
"name": "misp-galaxy:country=\"russia\"",
"relationship_type": ""
}
],
"Attribute": [
{
"category": "Network activity",
"comment": "",
"deleted": false,
"disable_correlation": false,
"timestamp": "1655989738",
"to_ids": true,
"type": "hostname",
"uuid": "a2b0de0e-0e43-4d68-8260-8dbe7ead5974",
"value": "www.specialityllc.com"
},
{
"category": "Network activity",
"comment": "",
"deleted": false,
"disable_correlation": false,
"timestamp": "1655989738",
"to_ids": true,
"type": "hostname",
"uuid": "76e69d5a-606d-46d8-a86b-85d37acaa083",
"value": "mail.sartoc.com"
},
{
"category": "Network activity",
"comment": "",
"deleted": false,
"disable_correlation": false,
"timestamp": "1655989738",
"to_ids": true,
"type": "url",
"uuid": "4a4402ed-6eaa-4d60-a9ec-583a0dd055e0",
"value": "http://kompartpomiar.pl/grafika/docx.exe"
},
{
"category": "Network activity",
"comment": "",
"deleted": false,
"disable_correlation": false,
"timestamp": "1655989738",
"to_ids": true,
"type": "url",
"uuid": "28df2d44-32c4-49c9-8278-4b0166168f37",
"value": "http://kompartpomiar.pl/grafika/SQLite.Interop.dll"
},
{
"category": "Network activity",
"comment": "",
"deleted": false,
"disable_correlation": false,
"timestamp": "1655989738",
"to_ids": true,
"type": "ip-dst",
"uuid": "d80ef005-49c3-4954-80ba-4e8464676148",
"value": "144.208.77.68"
},
{
"category": "Payload delivery",
"comment": "",
"deleted": false,
"disable_correlation": false,
"timestamp": "1655989772",
"to_ids": true,
"type": "sha256",
"uuid": "0256873d-b87d-4ac1-bd36-eb0729c0a837",
"value": "daaa271cee97853bf4e235b55cb34c1f03ea6f8d3c958f86728d41f418b0bf01"
},
{
"category": "Payload delivery",
"comment": "",
"deleted": false,
"disable_correlation": false,
"timestamp": "1655989772",
"to_ids": true,
"type": "sha256",
"uuid": "8e8a18c9-e530-4225-a4a1-e5a0f662b14d",
"value": "2318ae5d7c23bf186b88abecf892e23ce199381b22c8eb216ad1616ee8877933"
},
{
"category": "Payload delivery",
"comment": "",
"deleted": false,
"disable_correlation": false,
"timestamp": "1655989772",
"to_ids": true,
"type": "sha1",
"uuid": "a93a3baa-3e24-4012-9589-564cb41b570b",
"value": "ebb0e34f44089fd4cc750b5fe0dcc14f6bb85a11"
},
{
"category": "Payload delivery",
"comment": "",
"deleted": false,
"disable_correlation": false,
"timestamp": "1655989772",
"to_ids": true,
"type": "sha1",
"uuid": "70ba861c-a09a-417d-bd38-591fff364cce",
"value": "b1847c89143fad810b7a3686296b9c1e91ad087c"
},
{
"category": "Payload delivery",
"comment": "",
"deleted": false,
"disable_correlation": false,
"timestamp": "1655989772",
"to_ids": true,
"type": "md5",
"uuid": "71b683fa-9b57-4956-b6ff-3a65625e6da4",
"value": "eafa11070f213f16efc030f625a423d1"
}
],
"Object": [
{
"comment": "",
"deleted": false,
"description": "File object describing a file with meta-information",
"meta-category": "file",
"name": "file",
"template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215",
"template_version": "20",
"timestamp": "1655990007",
"uuid": "9b0ae517-772f-48ed-bfca-362cf0319f72",
"ObjectReference": [
{
"comment": "",
"object_uuid": "9b0ae517-772f-48ed-bfca-362cf0319f72",
"referenced_uuid": "ce610b88-badf-44db-993c-86a7a97a2cc8",
2023-06-14 17:31:25 +00:00
"relationship_type": "abuses",
2023-12-14 14:30:15 +00:00
"timestamp": "1655990007",
"uuid": "f6ea1866-2174-4aba-9ea7-efb217afdfd3"
}
],
"Attribute": [
{
"category": "Payload delivery",
"comment": "",
"deleted": false,
"disable_correlation": true,
"object_relation": "filename",
"timestamp": "1655989918",
"to_ids": true,
"type": "filename",
"uuid": "8255e714-9eaa-4bb4-a1cb-351b59cd4f5e",
"value": "daaa271cee97853bf4e235b55cb34c1f03ea6f8d3c958f86728d41f418b0bf01"
},
{
"category": "Other",
"comment": "",
"deleted": false,
"disable_correlation": true,
"object_relation": "size-in-bytes",
"timestamp": "1655989918",
"to_ids": false,
"type": "size-in-bytes",
"uuid": "6550b6eb-d6ba-46be-abc1-112ab129b9a3",
"value": "411760"
},
{
"category": "Other",
"comment": "",
"deleted": false,
"disable_correlation": true,
"object_relation": "entropy",
"timestamp": "1655989918",
"to_ids": false,
"type": "float",
"uuid": "949fd2fc-46d6-4862-ad15-a8b807cd997e",
"value": "7.9944351431945"
},
{
"category": "Payload delivery",
"comment": "",
"deleted": false,
"disable_correlation": false,
"object_relation": "md5",
"timestamp": "1655989918",
"to_ids": true,
"type": "md5",
"uuid": "10987579-441b-47d6-a093-fa71a28d7def",
"value": "eafa11070f213f16efc030f625a423d1"
},
{
"category": "Payload delivery",
"comment": "",
"deleted": false,
"disable_correlation": false,
"object_relation": "sha1",
"timestamp": "1655989918",
"to_ids": true,
"type": "sha1",
"uuid": "da5d4d24-5039-42d4-bb15-cc9fc81aa8e4",
"value": "b1847c89143fad810b7a3686296b9c1e91ad087c"
},
{
"category": "Payload delivery",
"comment": "",
"deleted": false,
"disable_correlation": false,
"object_relation": "sha256",
"timestamp": "1655989918",
"to_ids": true,
"type": "sha256",
"uuid": "34b9ad59-af15-41d0-8311-0a5a8ec13f70",
"value": "daaa271cee97853bf4e235b55cb34c1f03ea6f8d3c958f86728d41f418b0bf01"
},
{
"category": "Payload delivery",
"comment": "",
"deleted": false,
"disable_correlation": false,
"object_relation": "sha512",
"timestamp": "1655989918",
"to_ids": true,
"type": "sha512",
"uuid": "71bf21a1-3fda-486f-8ec0-869a73a9301a",
"value": "68a084c9a6dee3c315181c97e661454c61b442539f4875136828a87beef40ffff79a7f7c5df549890ce42ed636fa4404e673877379b849cd0e4e6c2ab2642d0a"
},
{
"category": "Payload delivery",
"comment": "",
"data": "UEsDBBQACQAIAH1p11R7Dj7Rlz8GAHBIBgAgABwAZWFmYTExMDcwZjIxM2YxNmVmYzAzMGY2MjVhNDIzZDFVVAkAA55mtGKeZrRidXgLAAEEIQAAAAQhAAAA2hz31Qr3XsTnJgaPBw/BogL5ycjZX8fueSBAKB6yO4wWasoNNc6ZIbUL2MxuEZIzq77MWGq49XS7norpSpgQqCebhj4LKOJljOkhxKpIHmqDDLFwVW2e8kR9lfETMs/ARgIP5o99oD+nGkyspECLlutyH0YtUeaIjO1M6PrvIM5tzLKIs74UJz29fqHxYgKn7G0H0ZdAQGu0KGX2wVwC70lgrXTQHi+9kqvrxmg8iMC32jz0aIgz8B9OCduihy0wwG0DewxjT46sG6jLtSp0ra5J2djpxxc8Qtvzg6F9xryMAg9NRC711Uo3qr4S2yC6qGx3YxmVLQXOjXjZTBSYtfb3+FLBENzGDEkgjSdDVb53gH0qNJXdpi5K2iQknggDvj4hULRwhkNAEXs5htkHq9mo2yr38PyzMLp2JLTQ6I4MW5XAIbABqgHJirpRXMKDfXGGN+6cqIgH6LwtKZA06zBgp54L1uHxLG5VR82h2vCXjfrFbuZw1tPDmc2CYI+pZo6rvBVTwVTK3OKnuKGQhYvywGRIp8X6jiUiMosY7qvyZFukom18rhD2tDaxZhUlxjXx2/Y0M21Re24AYIHH1ViODePgjmqJkeg3b0O5oLaDRyMj+zoKrRnau2tO+zfyYO8jls8zJ/QS6MGIZBlEtTSAZ8uZ9lugevVwNy4Vs1Azp87wEJ6vvyMjPm6/48qWw7pbMmh00kKqtUI/bqiUAE+rmo+Xt1mbXced5fiK8CvBDhbY19aikhYlofIKVi9/wc1jbHsqEp6vC4lyBpzVccecd9Uw6ZdHhJkHY/fMI/JnZ+k7cgxGtm/FhpqTowBbeFhPAHwonRZoxFvFXobSN560VDcxqtxf13FB0RsrG4eOo59hR7ZmHsrG8P5lnpzWEoA4GjimJx7rMoV03mFdgrnNZ20LEuguw6ybq9x5PMyNiYid861hdnd5lxpLub7UxBfKO/GpJkzRtNQYqQcbhQHf9P1ObGSUOwrAT2J/+f77xSQPIPgx/6tPTXPKu9H/Ig/tdFYDZCXRj3kxodkvtliGmO6XZvM5QmaPMZTaa7jCOnRGh3YLsPZSoBl4/6Pt4NtIEzUrVdc0Y+4p0kIGiZMOEhJKU62VItMixsTjalYEb+5D5LuWv1FBcsZ3o+J7/BsaiH+l7HgO3DMU1ygGu8BR1GeTPMrdTGlnuNwKemzAR9VGYZpRnxE4MyYhzrpd+HgYSL0kNuMNz3IxxfXLe7u0RwJGNNUDGpBaD5HaUHcMYsnSRM0EkhZ5fLpqFXrTVml7xACFAxCXaVgYTOm69sSlF/KVmxrEosmFCrZ7d9bqmRV1DTm96PlRHtXXlQTjwbWSdTOjO179n969yV5Bxyp+mEBaSzOFHmkWjJFTutWC5A3qsoI8gbyQxF1zBlXzcMcJG9dnMA1A5mGX/2uW6LAr9V113DMe+JAAV3Y4zmyvv+ZPAMqKPmaK+Zol8TlokvalvMIFGivju3VfdYK1Yie8OIMvRUqN66Ke3+lnSKyVx1eKAybk3/KKuMJ4s82pTiNY060Y+5CQxA6qBZBkIn3uN9dtuMaj0XWzi0bhAAsNAzF3w0a0HCdYA0My4Jwh1llPK3ESnOmomsKK0eaNSZo+v766WL6izruYUxw7z6qshxLjX+voHhRT7fGfJMeV4v/LYivgjcrLitW5FMnPZr/5t8rwP+hACKSqqo6K2mhQcJS9XUuyslpY3Bs7VPKS7nJFERuwbBb/mvF3+Qc9GZc5BZCiudzc4PPHR9otbLFLGTbOnxKKeODqhfSxgp8DgMC24EdJ9dlfJpl8QQm03HbpsnTYjOCaefa5iK2/3/amQZnA3LfB6N6minhlprMamxA4+LnLZkAVhauqKSRPvMezqz7bP4AHuAW65N4Z+g20WHjpt2jkGpqmo01s+f24iI74eq01WrG7WaZKdon/qsI2Cijwlv6VoxCoF8xB1TBlnJrqo5ynUPPOcdcBVZVtZr3c+VpsGgqqguSPiRXvMCt4Sb2LvTVn9oxIRIU675Nb1KxKzTJ3kq4G7veqRlQ3nJcnB/doBt5yczS3d4lsuGl8eK+elaYxcHxexra/xWvFFT1Tr9UNXZ/E5q6VZHc+60/MMGRuUp6eVfeoiRWzAwnGk6e2+mfN09uVQTv0EUkZc01v5Ezlu3GEfMk28R3U8qFhq98PXXRiD+eTLfc7Wps/PwQNAEwpyALsQjJKMzKtGHgv6IAGarIC3tenqjLFyOVuqRjLdDwLDso/x6TO9YlSfK1QyhC5jglSBqR2sAy7fXE0KWp7WVuxENpdJvLl0UC3s0fY07pILaUZYVu89aAP7eVLTF9RH8VQnpcf8lcEq2NjC0SlxjMvRpOF17yRYrFt0kio5MWCA7qOpmr4kgN6O2N2B4pMiEbZRFWanC2aVeRWyyke5ehXRoy1Ttya4J5JIZpqhgjNGZs2tfkAC7ov9qwECB2nzK8yJfRRKJ5vgf7nYvz7ss/CxGlpoAUmy6AXj5hMrGg8kBAMqoc+2g8zVuS5bB2/mj8EVNuqJ8a0Wvjkx3/r91XLfoVxt1rNVVAAJKRacfe1E/byJeL8DflbvVe0cv/H4c0BgnstWYkINojLyNRTsmy74i9vMkURhFMCB/HmSOq+Gpo8AHMuOohyyoeumyRtROORIcBPSmdXhYhJEWn2D7+RfrxPymIacQVidZeI+U0TcyGWdlDsbpniXCYvpGxvaNqFRxXoJQzSO3h243ctaSNtddD9iE5y79RsU0I7MRjEMU+aOaHEz+rlfwxAceNm72lDU1WXiTavlfrKN2IfwzfGqb/KfHrCazk9M6u8GI+xbw2mvgEqjkjEZikJHLuZT4he4D3PoIEFs/pep7kEVEa7cD3rvdz6Pcj9mqwDkKvCQsZunkT5jdAIdcpPONUgBSdAQBBtTgqtuJFjAPx+q+IVAaDqXgjATIExin8xGMhPwtRA40kY+8brFeLGktIAPYi+AE3vH55FJqgxlgNa4wa5WTQhPvoXHrDXne1XUCw+g70QXI0ygS3iwu3V/mqT2YNBP2I6gWnyy6EyslQJnt/9t9v1vL0dQhvpD3O92ZZghsnP05S4obALO9GXbMEr3TZa/z+OD2sv84J5909IjMQme/57fLvwj+0snS/gwAxpP+XlqdvNIeOwOakpvkq4fDfP3yEtQhJ9CXQVynpI9fe69TohYje1PP+/oVmKfPe8uQaPvo7zqjtYy3QHTPATFG2kAfR7y6pcS9sxJ1wCYnQiutZeU/GIYRQYqi6W5lXUyfki9oqQsFiJNzlpHISJT/w1/DiPDw3gteKnfJBYZJo/3t9+SZuHpOdVj25JlfTbjxETr3C4gwmno5Q0h/X1Ir5dSE+4lA+HeiNun19/ryS1Y9VJbcMNFqdY3/MuYlZRBO1oGNkfGDYfGfOvPb7nivaFitzK6fYGtD7o800WqROFsFXLL/w/ZE8K/O4rxpjkRCFrXddOjJldSUt5lVauc2zB0ovKlvqkKhxJtL2o3vqUUy9jcG/F6PnZ5drpEGGtD5PYwUNA/pu2ZRpsmvHMbX6GX7MxFVfBsjaMbGxOkx3ikG7LSHcSWpiEVlszjOovlgi8rpzBjgAcyPRxGr2sNHo9o6FhBAvN20R4d9QLk90dG9si+SftdDI/86bLl2R95lKXQt/H2qz6L72aZooJH8T5RAh5QzyPt3BoYzDT/Kb7/UGJzRXxkZsZFwjwXbRRJ5J0jUtw/EFwgJD5M6LhH9VG16+WnT5Mhy7h0qSHIBwodT+wLnc27smmVWEVkewDBygW3tfF0HtK5HxpKtTvpa9xCNuQXy6bvSegkwVO+BQ6JuA9VqduVmJeSqTQnNz9XtC+7MrPAHL2dzW5Cysb1etDTobUsyH3exxYrwOGOhqa377JFA/anbsDaGS54O1qrRWXmzv61SWUi4NTYAKn7SEK9e161E8rCFVfJ2
"deleted": false,
"disable_correlation": false,
"object_relation": "malware-sample",
"timestamp": "1655989918",
"to_ids": true,
"type": "malware-sample",
"uuid": "5ecb6e1b-5580-4f83-adbe-e96ae16f9631",
"value": "daaa271cee97853bf4e235b55cb34c1f03ea6f8d3c958f86728d41f418b0bf01|eafa11070f213f16efc030f625a423d1"
},
{
"category": "Artifacts dropped",
"comment": "",
"deleted": false,
"disable_correlation": true,
"object_relation": "mimetype",
"timestamp": "1655989918",
"to_ids": false,
"type": "mime-type",
"uuid": "f5e3d0ec-f642-45e4-bfb3-99c4c2d62069",
"value": "Microsoft Word 2007+"
},
{
"category": "Payload delivery",
"comment": "",
"deleted": false,
"disable_correlation": false,
"object_relation": "ssdeep",
"timestamp": "1655989918",
"to_ids": true,
"type": "ssdeep",
"uuid": "041c7184-806b-402d-b272-eb5decd2de6e",
"value": "6144:UOjcXgk3fb0pZmtcQPbfUNnweoafhcdP19F9vQZ/y7dmMcnFn5iQiM8poFDNsGrO:Rm4zmtVbC6P19Fa67dmxl5iNGFpd/LA"
}
]
},
{
"comment": "",
"deleted": false,
"description": "Vulnerability object describing a common vulnerability enumeration which can describe published, unpublished, under review or embargo vulnerability for software, equipments or hardware.",
"meta-category": "vulnerability",
"name": "vulnerability",
"template_uuid": "81650945-f186-437b-8945-9f31715d32da",
"template_version": "8",
"timestamp": "1655989975",
"uuid": "ce610b88-badf-44db-993c-86a7a97a2cc8",
"Attribute": [
{
"category": "External analysis",
"comment": "",
"deleted": false,
"disable_correlation": false,
"object_relation": "id",
"timestamp": "1655989975",
"to_ids": false,
"type": "vulnerability",
"uuid": "6fa5762f-5798-475a-975a-eba115f62180",
"value": "CVE-2022-30190"
},
{
"category": "Other",
"comment": "",
"deleted": false,
"disable_correlation": true,
"object_relation": "state",
"timestamp": "1655989975",
"to_ids": false,
"type": "text",
"uuid": "ce748279-85b3-44c9-aa20-0a8f551b71ee",
"value": "Published"
}
]
},
{
"comment": "CVE-2022-30190: Enriched via the cve_advanced module",
"deleted": false,
"description": "Vulnerability object describing a common vulnerability enumeration which can describe published, unpublished, under review or embargo vulnerability for software, equipments or hardware.",
"meta-category": "vulnerability",
"name": "vulnerability",
"template_uuid": "81650945-f186-437b-8945-9f31715d32da",
"template_version": "8",
"timestamp": "1655989988",
"uuid": "f793c30c-02de-4e84-8494-e06fc3013958",
"ObjectReference": [
{
"comment": "",
"object_uuid": "f793c30c-02de-4e84-8494-e06fc3013958",
"referenced_uuid": "ce610b88-badf-44db-993c-86a7a97a2cc8",
2023-06-14 17:31:25 +00:00
"relationship_type": "related-to",
2023-12-14 14:30:15 +00:00
"timestamp": "1655989988",
"uuid": "486f4b5f-4eb2-4d67-b5c6-2277098624a6"
}
],
"Attribute": [
{
"category": "External analysis",
"comment": "CVE-2022-30190: Enriched via the cve_advanced module",
"deleted": false,
"disable_correlation": false,
"object_relation": "id",
"timestamp": "1655989988",
"to_ids": false,
"type": "vulnerability",
"uuid": "617db3de-1932-432d-ab23-87be782e42ea",
"value": "CVE-2022-30190"
},
{
"category": "Other",
"comment": "CVE-2022-30190: Enriched via the cve_advanced module",
"deleted": false,
"disable_correlation": false,
"object_relation": "summary",
"timestamp": "1655989988",
"to_ids": false,
"type": "text",
"uuid": "134a2cc1-943c-432f-9245-0d71416e5eb1",
"value": "Microsoft\u00a0Windows\u00a0Support\u00a0Diagnostic\u00a0Tool\u00a0(MSDT)\u00a0Remote\u00a0Code\u00a0Execution\u00a0Vulnerability."
},
{
"category": "Other",
"comment": "CVE-2022-30190: Enriched via the cve_advanced module",
"deleted": false,
"disable_correlation": true,
"object_relation": "modified",
"timestamp": "1655989988",
"to_ids": false,
"type": "datetime",
"uuid": "f70618d2-1edc-450b-b9a0-ab38bd463508",
"value": "2022-06-07T18:15:00+00:00"
},
{
"category": "Other",
"comment": "CVE-2022-30190: Enriched via the cve_advanced module",
"deleted": false,
"disable_correlation": true,
"object_relation": "cvss-score",
"timestamp": "1655989988",
"to_ids": false,
"type": "float",
"uuid": "cd9d10b9-b8bd-4850-bdfd-a0a0c1f47325",
"value": "9.3"
},
{
"category": "Other",
"comment": "CVE-2022-30190: Enriched via the cve_advanced module",
"deleted": false,
"disable_correlation": true,
"object_relation": "published",
"timestamp": "1655989988",
"to_ids": false,
"type": "datetime",
"uuid": "073bba41-acc6-4cea-96a9-31e4fb976ff3",
"value": "2022-06-01T20:15:00+00:00"
},
{
"category": "Other",
"comment": "CVE-2022-30190: Enriched via the cve_advanced module",
"deleted": false,
"disable_correlation": true,
"object_relation": "state",
"timestamp": "1655989988",
"to_ids": false,
"type": "text",
"uuid": "bbaf59c3-fa3d-4faa-b40a-780c846648d3",
"value": "Published"
},
{
"category": "External analysis",
"comment": "CVE-2022-30190: Enriched via the cve_advanced module",
"deleted": false,
"disable_correlation": false,
"object_relation": "references",
"timestamp": "1655989988",
"to_ids": false,
"type": "link",
"uuid": "dbf2f5af-422c-4515-ae2e-1bd5dca71700",
"value": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2022-30190"
},
{
"category": "External analysis",
"comment": "CVE-2022-30190: Enriched via the cve_advanced module",
"deleted": false,
"disable_correlation": false,
"object_relation": "references",
"timestamp": "1655989988",
"to_ids": false,
"type": "link",
"uuid": "02483625-5c8f-4270-8e48-84fd095529c3",
"value": "http://packetstormsecurity.com/files/167438/Microsoft-Office-Word-MSDTJS-Code-Execution.html"
},
{
"category": "External analysis",
"comment": "CVE-2022-30190: Enriched via the cve_advanced module",
"deleted": false,
"disable_correlation": false,
"object_relation": "vulnerable_configuration",
"timestamp": "1655989988",
"to_ids": false,
"type": "cpe",
"uuid": "0b166f7c-ee17-4bbc-85e0-2154eb7c3cc0",
"value": "cpe:2.3:o:microsoft:windows_server_2012:r2:*:*:*:*:*:*:*"
},
{
"category": "External analysis",
"comment": "CVE-2022-30190: Enriched via the cve_advanced module",
"deleted": false,
"disable_correlation": false,
"object_relation": "vulnerable_configuration",
"timestamp": "1655989988",
"to_ids": false,
"type": "cpe",
"uuid": "7ed18d10-ac94-45a6-993c-0dd7fbeb51ae",
"value": "cpe:2.3:o:microsoft:windows_10:1607:*:*:*:*:*:*:*"
},
{
"category": "External analysis",
"comment": "CVE-2022-30190: Enriched via the cve_advanced module",
"deleted": false,
"disable_correlation": false,
"object_relation": "vulnerable_configuration",
"timestamp": "1655989988",
"to_ids": false,
"type": "cpe",
"uuid": "bc5ab69c-dc5f-4ab0-967b-f0145dd5b7db",
"value": "cpe:2.3:o:microsoft:windows_8.1:-:*:*:*:*:*:*:*"
},
{
"category": "External analysis",
"comment": "CVE-2022-30190: Enriched via the cve_advanced module",
"deleted": false,
"disable_correlation": false,
"object_relation": "vulnerable_configuration",
"timestamp": "1655989988",
"to_ids": false,
"type": "cpe",
"uuid": "83cbd940-6af7-4780-a6d9-53b6899953e6",
"value": "cpe:2.3:o:microsoft:windows_server_2016:-:*:*:*:*:*:*:*"
},
{
"category": "External analysis",
"comment": "CVE-2022-30190: Enriched via the cve_advanced module",
"deleted": false,
"disable_correlation": false,
"object_relation": "vulnerable_configuration",
"timestamp": "1655989988",
"to_ids": false,
"type": "cpe",
"uuid": "dec2bf2f-c26b-4d53-844c-3ce88911cc02",
"value": "cpe:2.3:o:microsoft:windows_server_2008:-:sp2:*:*:*:*:*:*"
},
{
"category": "External analysis",
"comment": "CVE-2022-30190: Enriched via the cve_advanced module",
"deleted": false,
"disable_correlation": false,
"object_relation": "vulnerable_configuration",
"timestamp": "1655989988",
"to_ids": false,
"type": "cpe",
"uuid": "d67cfe8e-0753-4aa6-8303-ce3937df8a6a",
"value": "cpe:2.3:o:microsoft:windows_server_2008:r2:sp1:*:*:*:*:*:*"
},
{
"category": "External analysis",
"comment": "CVE-2022-30190: Enriched via the cve_advanced module",
"deleted": false,
"disable_correlation": false,
"object_relation": "vulnerable_configuration",
"timestamp": "1655989988",
"to_ids": false,
"type": "cpe",
"uuid": "cf2bdf58-c65a-4dff-9da3-e0b1f1f78201",
"value": "cpe:2.3:o:microsoft:windows_7:-:sp1:*:*:*:*:*:*"
},
{
"category": "External analysis",
"comment": "CVE-2022-30190: Enriched via the cve_advanced module",
"deleted": false,
"disable_correlation": false,
"object_relation": "vulnerable_configuration",
"timestamp": "1655989988",
"to_ids": false,
"type": "cpe",
"uuid": "52d76c35-7951-4bce-bf07-7af04bbe52aa",
"value": "cpe:2.3:o:microsoft:windows_rt_8.1:-:*:*:*:*:*:*:*"
},
{
"category": "External analysis",
"comment": "CVE-2022-30190: Enriched via the cve_advanced module",
"deleted": false,
"disable_correlation": false,
"object_relation": "vulnerable_configuration",
"timestamp": "1655989988",
"to_ids": false,
"type": "cpe",
"uuid": "b3370482-2158-45a5-aac7-dbd7f16eb9c2",
"value": "cpe:2.3:o:microsoft:windows_server_2012:-:*:*:*:*:*:*:*"
},
{
"category": "External analysis",
"comment": "CVE-2022-30190: Enriched via the cve_advanced module",
"deleted": false,
"disable_correlation": false,
"object_relation": "vulnerable_configuration",
"timestamp": "1655989988",
"to_ids": false,
"type": "cpe",
"uuid": "2853e0b7-400b-4fe2-893a-92b8e332d963",
"value": "cpe:2.3:o:microsoft:windows_10:-:*:*:*:*:*:*:*"
},
{
"category": "External analysis",
"comment": "CVE-2022-30190: Enriched via the cve_advanced module",
"deleted": false,
"disable_correlation": false,
"object_relation": "vulnerable_configuration",
"timestamp": "1655989988",
"to_ids": false,
"type": "cpe",
"uuid": "ba365fb3-7702-4020-a383-bae48e22c884",
"value": "cpe:2.3:o:microsoft:windows_server_2019:-:*:*:*:*:*:*:*"
},
{
"category": "External analysis",
"comment": "CVE-2022-30190: Enriched via the cve_advanced module",
"deleted": false,
"disable_correlation": false,
"object_relation": "vulnerable_configuration",
"timestamp": "1655989988",
"to_ids": false,
"type": "cpe",
"uuid": "c48218bc-c1df-4a4d-a6d1-d61c29e1464b",
"value": "cpe:2.3:o:microsoft:windows_10:1809:*:*:*:*:*:*:*"
},
{
"category": "External analysis",
"comment": "CVE-2022-30190: Enriched via the cve_advanced module",
"deleted": false,
"disable_correlation": false,
"object_relation": "vulnerable_configuration",
"timestamp": "1655989988",
"to_ids": false,
"type": "cpe",
"uuid": "05af9124-6f8d-4746-9150-3713f7bbc465",
"value": "cpe:2.3:o:microsoft:windows_10:20h2:*:*:*:*:*:*:*"
},
{
"category": "External analysis",
"comment": "CVE-2022-30190: Enriched via the cve_advanced module",
"deleted": false,
"disable_correlation": false,
"object_relation": "vulnerable_configuration",
"timestamp": "1655989988",
"to_ids": false,
"type": "cpe",
"uuid": "2d05ac4a-5bc3-436a-aae4-f56f6985345d",
"value": "cpe:2.3:o:microsoft:windows_10:21h1:*:*:*:*:*:*:*"
},
{
"category": "External analysis",
"comment": "CVE-2022-30190: Enriched via the cve_advanced module",
"deleted": false,
"disable_correlation": false,
"object_relation": "vulnerable_configuration",
"timestamp": "1655989988",
"to_ids": false,
"type": "cpe",
"uuid": "9b75b5b6-f3ed-46d5-bfaa-8355f6e5fdc3",
"value": "cpe:2.3:o:microsoft:windows_server_2022:-:*:*:*:*:*:*:*"
},
{
"category": "External analysis",
"comment": "CVE-2022-30190: Enriched via the cve_advanced module",
"deleted": false,
"disable_correlation": false,
"object_relation": "vulnerable_configuration",
"timestamp": "1655989988",
"to_ids": false,
"type": "cpe",
"uuid": "9156c403-c396-429d-9130-16ceaa40607a",
"value": "cpe:2.3:o:microsoft:windows_11:-:*:*:*:*:*:arm64:*"
},
{
"category": "External analysis",
"comment": "CVE-2022-30190: Enriched via the cve_advanced module",
"deleted": false,
"disable_correlation": false,
"object_relation": "vulnerable_configuration",
"timestamp": "1655989988",
"to_ids": false,
"type": "cpe",
"uuid": "6190d0eb-090f-4cba-bb39-b7f2b5100abc",
"value": "cpe:2.3:o:microsoft:windows_11:-:*:*:*:*:*:x64:*"
},
{
"category": "External analysis",
"comment": "CVE-2022-30190: Enriched via the cve_advanced module",
"deleted": false,
"disable_correlation": false,
"object_relation": "vulnerable_configuration",
"timestamp": "1655989988",
"to_ids": false,
"type": "cpe",
"uuid": "f58ad1e1-603a-45dd-8dc4-a089cb36cf15",
"value": "cpe:2.3:o:microsoft:windows_10:21h2:*:*:*:*:*:*:*"
}
]
},
{
"comment": "",
"deleted": false,
"description": "Metadata used to generate an executive level report",
"meta-category": "misc",
"name": "report",
"template_uuid": "70a68471-df22-4e3f-aa1a-5a3be19f82df",
"template_version": "5",
"timestamp": "1655990131",
"uuid": "ef1b6703-890c-4019-b137-efa8b682371b",
"Attribute": [
{
"category": "External analysis",
"comment": "",
"deleted": false,
"disable_correlation": false,
"object_relation": "link",
"timestamp": "1655990131",
"to_ids": false,
"type": "link",
"uuid": "195fe785-cea5-4b57-ad6b-5a37125fd4d0",
"value": "https://otx.alienvault.com/pulse/62b44a9d13580736f8547cb8"
},
{
"category": "External analysis",
"comment": "",
"deleted": false,
"disable_correlation": false,
"object_relation": "link",
"timestamp": "1655990131",
"to_ids": false,
"type": "link",
"uuid": "db051bd7-c0f7-4f7d-8427-af2c358b133c",
"value": "https://blog.malwarebytes.com/threat-intelligence/2022/06/russias-apt28-uses-fear-of-nuclear-war-to-spread-follina-docs-in-ukraine/"
},
{
"category": "Other",
"comment": "",
"deleted": false,
"disable_correlation": false,
"object_relation": "summary",
"timestamp": "1655990131",
"to_ids": false,
"type": "text",
"uuid": "3eaa5829-6bf0-4e60-aca5-4727b688094e",
"value": "In a recent campaign, APT28, an advanced persistent threat actor linked with Russian intelligence, set its sights on Ukraine, targeting users with malware that steals credentials stored in browsers. APT28 (also known as Sofacy and Fancy Bear) is a notorious Russian threat actor that has been active since at least 2004 with its main activity being collecting intelligence for the Russian government. The group is known to have targeted US politicians, and US organizations, including US nuclear facilities."
},
{
"category": "Other",
"comment": "",
"deleted": false,
"disable_correlation": true,
"object_relation": "type",
"timestamp": "1655990131",
"to_ids": false,
"type": "text",
"uuid": "7d9f1e05-13bd-433b-8f86-b0be6ae7e46f",
"value": "Blog post"
}
]
},
{
"comment": "",
"deleted": false,
"description": "url object describes an url along with its normalized field (like extracted using faup parsing library) and its metadata.",
"meta-category": "network",
"name": "url",
"template_uuid": "60efb77b-40b5-4c46-871b-ed1ed999fce5",
"template_version": "9",
"timestamp": "1655990265",
"uuid": "b15f8aba-033f-4669-a02d-eda7a7c03e07",
"Attribute": [
{
"category": "Network activity",
"comment": "",
"deleted": false,
"disable_correlation": false,
"object_relation": "url",
"timestamp": "1655990265",
"to_ids": true,
"type": "url",
"uuid": "7836d744-6edc-46f4-b926-c33f22a0e597",
"value": "http://kitten-268.frge.io/article.html"
},
{
"category": "Network activity",
"comment": "",
"deleted": false,
"disable_correlation": false,
"object_relation": "host",
"timestamp": "1655990265",
"to_ids": true,
"type": "hostname",
"uuid": "dc71251d-0ee9-4dcd-9a3e-d9732a76d794",
"value": "kitten-268.frge.io"
},
{
"category": "Other",
"comment": "",
"deleted": false,
"disable_correlation": true,
"object_relation": "scheme",
"timestamp": "1655990265",
"to_ids": false,
"type": "text",
"uuid": "9b210707-b505-4137-9357-2ff86597a181",
"value": "http"
}
]
},
{
"comment": "kitten-268.frge.io: Enriched via the farsight_passivedns module",
"deleted": false,
"description": "Passive DNS records as expressed in draft-dulaunoy-dnsop-passive-dns-cof-07. See https://tools.ietf.org/id/draft-dulaunoy-dnsop-passive-dns-cof-07.html",
"first_seen": "2022-06-20T20:54:14+00:00",
"last_seen": "2022-06-22T22:48:01+00:00",
"meta-category": "network",
"name": "passive-dns",
"template_uuid": "b77b7b1c-66ab-4a41-8da4-83810f6d2d6c",
"template_version": "5",
"timestamp": "1655990334",
"uuid": "afb7dae5-8291-437f-b353-fca9c4a10258",
"ObjectReference": [
{
"comment": "",
"object_uuid": "afb7dae5-8291-437f-b353-fca9c4a10258",
"referenced_uuid": "b15f8aba-033f-4669-a02d-eda7a7c03e07",
2023-04-21 13:25:09 +00:00
"relationship_type": "related-to",
2023-12-14 14:30:15 +00:00
"timestamp": "1655990334",
"uuid": "43510f6f-6de6-4dfb-8780-0996d2c25081"
}
],
"Attribute": [
{
"category": "Other",
"comment": "Result from a rrset lookup on DNSDB about the hostname: kitten-268.frge.io",
"deleted": false,
"disable_correlation": false,
"object_relation": "rdata",
"timestamp": "1655990334",
"to_ids": false,
"type": "text",
"uuid": "98e360e9-9169-4516-91b1-401cfe61bdc4",
"value": "18.133.249.238"
},
{
"category": "Other",
"comment": "Result from a rrset lookup on DNSDB about the hostname: kitten-268.frge.io",
"deleted": false,
"disable_correlation": true,
"object_relation": "count",
"timestamp": "1655990334",
"to_ids": false,
"type": "counter",
"uuid": "7cf96d0a-33a1-4b05-8cee-cfe62e822f38",
"value": "88"
},
{
"category": "Other",
"comment": "Result from a rrset lookup on DNSDB about the hostname: kitten-268.frge.io",
"deleted": false,
"disable_correlation": true,
"object_relation": "time_first",
"timestamp": "1655990334",
"to_ids": false,
"type": "datetime",
"uuid": "8784a4e4-1f09-46e9-bc88-73d566ff75ce",
"value": "2022-06-20T20:54:14+00:00"
},
{
"category": "Other",
"comment": "Result from a rrset lookup on DNSDB about the hostname: kitten-268.frge.io",
"deleted": false,
"disable_correlation": true,
"object_relation": "time_last",
"timestamp": "1655990334",
"to_ids": false,
"type": "datetime",
"uuid": "725264e5-1243-4704-bc0b-d0bab4b52cc9",
"value": "2022-06-22T22:48:01+00:00"
},
{
"category": "Other",
"comment": "Result from a rrset lookup on DNSDB about the hostname: kitten-268.frge.io",
"deleted": false,
"disable_correlation": false,
"object_relation": "rrname",
"timestamp": "1655990334",
"to_ids": false,
"type": "text",
"uuid": "759965a9-2e71-4624-8502-375fde6db497",
"value": "kitten-268.frge.io."
},
{
"category": "Other",
"comment": "Result from a rrset lookup on DNSDB about the hostname: kitten-268.frge.io",
"deleted": false,
"disable_correlation": true,
"object_relation": "rrtype",
"timestamp": "1655990334",
"to_ids": false,
"type": "text",
"uuid": "c3f15a92-140e-465d-9b52-9474a4e3fb55",
"value": "A"
},
{
"category": "Network activity",
"comment": "Result from a rrset lookup on DNSDB about the hostname: kitten-268.frge.io",
"deleted": false,
"disable_correlation": true,
"object_relation": "bailiwick",
"timestamp": "1655990334",
"to_ids": true,
"type": "domain",
"uuid": "dec1d9bb-8d79-467d-956d-45a903872581",
"value": "frge.io"
}
]
},
{
"comment": "",
"deleted": false,
"description": "Object describing a section of a Portable Executable",
"meta-category": "file",
"name": "pe-section",
"template_uuid": "198a17d2-a135-4b25-9a32-5aa4e632014a",
"template_version": "3",
"timestamp": "1655990571",
"uuid": "7928bdab-a27f-4dbf-8a5f-68cb84400261",
"Attribute": [
{
"category": "Other",
"comment": "",
"deleted": false,
"disable_correlation": true,
"object_relation": "name",
"timestamp": "1655990571",
"to_ids": false,
"type": "text",
"uuid": "130d01c8-7940-4d92-830a-25849d5c70a1",
"value": ".text"
},
{
"category": "Other",
"comment": "",
"deleted": false,
"disable_correlation": true,
"object_relation": "size-in-bytes",
"timestamp": "1655990571",
"to_ids": false,
"type": "size-in-bytes",
"uuid": "4f5a4c0f-f701-4c85-ac6a-cce4213a7c3b",
"value": "5431296"
},
{
"category": "Other",
"comment": "",
"deleted": false,
"disable_correlation": true,
"object_relation": "entropy",
"timestamp": "1655990571",
"to_ids": false,
"type": "float",
"uuid": "e10ecd13-58b1-4312-892e-a8299fbf7721",
"value": "7.9973059211035"
},
{
"category": "Payload delivery",
"comment": "",
"deleted": false,
"disable_correlation": false,
"object_relation": "md5",
"timestamp": "1655990571",
"to_ids": true,
"type": "md5",
"uuid": "8d1d3e44-824d-4e84-b4e3-b78c3b8035e0",
"value": "2320acc1bfdb7507bd655f7c3753c2e4"
},
{
"category": "Payload delivery",
"comment": "",
"deleted": false,
"disable_correlation": false,
"object_relation": "sha1",
"timestamp": "1655990571",
"to_ids": true,
"type": "sha1",
"uuid": "02780d4c-5d17-4f53-aa7c-97fec37218f7",
"value": "cfb20c4dbf2de009a1dccac68a4c822d02f7ae94"
},
{
"category": "Payload delivery",
"comment": "",
"deleted": false,
"disable_correlation": false,
"object_relation": "sha256",
"timestamp": "1655990571",
"to_ids": true,
"type": "sha256",
"uuid": "1b752e3f-3d00-49e7-9517-e5ee045dc559",
"value": "5653418e1ea815c908243332a9a7a82e0e0767a202899a2008ca2c21dc11861b"
},
{
"category": "Payload delivery",
"comment": "",
"deleted": false,
"disable_correlation": false,
"object_relation": "sha512",
"timestamp": "1655990571",
"to_ids": true,
"type": "sha512",
"uuid": "36c30f7f-6642-4701-83d2-cb7bd7bb8a2a",
"value": "40b94a92923116d9b4b3886c4b10ab6979f8e4be238403bb169d1ec3c116d6fabc61ae776eb5cf0d09fe78911bb9f6bdcf27b7630f7559ae7597aa092b2087e1"
},
{
"category": "Payload delivery",
"comment": "",
"deleted": false,
"disable_correlation": false,
"object_relation": "ssdeep",
"timestamp": "1655990571",
"to_ids": true,
"type": "ssdeep",
"uuid": "21f3823b-6089-477f-a4b6-80f18758f545",
"value": "98304:gtClVkoOSfJNp8FUcwti78OqJ7TPBLYVrsk9N8ivyhAdsPSQx3UGgdv:globhH8FUcwti7TQlgVN8iNIShv"
}
]
},
{
"comment": "",
"deleted": false,
"description": "Object describing a section of a Portable Executable",
"meta-category": "file",
"name": "pe-section",
"template_uuid": "198a17d2-a135-4b25-9a32-5aa4e632014a",
"template_version": "3",
"timestamp": "1655990571",
"uuid": "b96756a1-2717-4426-95ff-3332fe2ac70b",
"Attribute": [
{
"category": "Other",
"comment": "",
"deleted": false,
"disable_correlation": true,
"object_relation": "name",
"timestamp": "1655990571",
"to_ids": false,
"type": "text",
"uuid": "650e7117-6687-4118-9e47-1420017e8427",
"value": ".rsrc"
},
{
"category": "Other",
"comment": "",
"deleted": false,
"disable_correlation": true,
"object_relation": "size-in-bytes",
"timestamp": "1655990571",
"to_ids": false,
"type": "size-in-bytes",
"uuid": "4c15abcc-00cd-4f4c-be47-9162eefd5d92",
"value": "1024"
},
{
"category": "Other",
"comment": "",
"deleted": false,
"disable_correlation": true,
"object_relation": "entropy",
"timestamp": "1655990571",
"to_ids": false,
"type": "float",
"uuid": "315d59a8-d965-4719-a68d-da99cda8d3b7",
"value": "3.1296610663897"
},
{
"category": "Payload delivery",
"comment": "",
"deleted": false,
"disable_correlation": false,
"object_relation": "md5",
"timestamp": "1655990571",
"to_ids": true,
"type": "md5",
"uuid": "68229cd9-a73f-400a-8b2a-1a52df879c9f",
"value": "5e813a8b2d0cb12dc8e7fc43e0149395"
},
{
"category": "Payload delivery",
"comment": "",
"deleted": false,
"disable_correlation": false,
"object_relation": "sha1",
"timestamp": "1655990571",
"to_ids": true,
"type": "sha1",
"uuid": "57ae40a7-972b-48d2-b02a-c82973619c87",
"value": "bc5083093539e54d748dd602eb0571ee5656744c"
},
{
"category": "Payload delivery",
"comment": "",
"deleted": false,
"disable_correlation": false,
"object_relation": "sha256",
"timestamp": "1655990571",
"to_ids": true,
"type": "sha256",
"uuid": "03bfee90-3ca0-4083-9972-fb21c9cdc32f",
"value": "6b330540046cfcc9d62b17ffbe2c15d5b6c7854a0ea16842cc99a05bb189fb78"
},
{
"category": "Payload delivery",
"comment": "",
"deleted": false,
"disable_correlation": false,
"object_relation": "sha512",
"timestamp": "1655990571",
"to_ids": true,
"type": "sha512",
"uuid": "c9d09084-096a-42d8-b1eb-d81bff2be279",
"value": "cd573468335c18df128bdba83002a71e275c8a1daed1cb2edbf4f0b919b593503b6898cf81b19afabb8aa40509f37099a50ef4bab0236848f63dbc8031f2d816"
},
{
"category": "Payload delivery",
"comment": "",
"deleted": false,
"disable_correlation": false,
"object_relation": "ssdeep",
"timestamp": "1655990571",
"to_ids": true,
"type": "ssdeep",
"uuid": "b3a6765b-22db-460b-b26b-a0909267750d",
"value": "12:Es9cmi3n6EtXRAHC5YArJyE60NaUGiq+jZAiN5prynthXF7YnqqD63JaMKPN5alQ:9cDR0EytrgjZhN4XFSD63fKPN8q"
}
]
},
{
"comment": "",
"deleted": false,
"description": "Object describing a Portable Executable",
"meta-category": "file",
"name": "pe",
"template_uuid": "cf7adecc-d4f0-4e88-9d90-f978ee151a07",
"template_version": "5",
"timestamp": "1655990571",
"uuid": "522f93b9-5306-4866-8983-1ed7fdabfecf",
"ObjectReference": [
{
"comment": "Section 0 of PE",
"object_uuid": "522f93b9-5306-4866-8983-1ed7fdabfecf",
"referenced_uuid": "7928bdab-a27f-4dbf-8a5f-68cb84400261",
"relationship_type": "includes",
"timestamp": "1655990571",
"uuid": "11f21892-d0ae-4cd1-a1a2-7618a4a2986d"
},
{
"comment": "Section 1 of PE",
"object_uuid": "522f93b9-5306-4866-8983-1ed7fdabfecf",
"referenced_uuid": "b96756a1-2717-4426-95ff-3332fe2ac70b",
"relationship_type": "includes",
"timestamp": "1655990571",
"uuid": "2a77390c-5b51-4670-aad3-b9487cd3922e"
}
],
"Attribute": [
{
"category": "Other",
"comment": "",
"deleted": false,
"disable_correlation": true,
"object_relation": "type",
"timestamp": "1655990571",
"to_ids": false,
"type": "text",
"uuid": "a878e14f-cc3b-4086-b526-2f0b74cba2f7",
"value": "exe"
},
{
"category": "Other",
"comment": "",
"deleted": false,
"disable_correlation": true,
"object_relation": "entrypoint-address",
"timestamp": "1655990571",
"to_ids": false,
"type": "text",
"uuid": "b330314e-8b80-46ed-9a36-64361e4913aa",
"value": "4194304"
},
{
"category": "Other",
"comment": "",
"deleted": false,
"disable_correlation": false,
"object_relation": "compilation-timestamp",
"timestamp": "1655990571",
"to_ids": false,
"type": "datetime",
"uuid": "cd8b6a29-8f3a-48c8-a6b4-9ab02ffa1092",
"value": "2048-12-25T08:35:47+00:00"
},
{
"category": "Payload delivery",
"comment": "",
"deleted": false,
"disable_correlation": true,
"object_relation": "original-filename",
"timestamp": "1655990571",
"to_ids": true,
"type": "filename",
"uuid": "4ed9f107-de36-424e-b237-6aa6b0aa2933",
"value": "docx.exe"
},
{
"category": "Payload delivery",
"comment": "",
"deleted": false,
"disable_correlation": true,
"object_relation": "internal-filename",
"timestamp": "1655990571",
"to_ids": true,
"type": "filename",
"uuid": "535142ab-cbf2-4044-b543-b237914a9552",
"value": "docx.exe"
},
{
"category": "Other",
"comment": "",
"deleted": false,
"disable_correlation": true,
"object_relation": "file-description",
"timestamp": "1655990571",
"to_ids": false,
"type": "text",
"uuid": "9e22f8a4-f0c0-4167-a839-b939071a12e6",
"value": "DocumentSaver"
},
{
"category": "Other",
"comment": "",
"deleted": false,
"disable_correlation": true,
"object_relation": "file-version",
"timestamp": "1655990571",
"to_ids": false,
"type": "text",
"uuid": "2a315266-c4f2-4852-a7ac-a692b8db1466",
"value": "1.0.0.0"
},
{
"category": "Other",
"comment": "",
"deleted": false,
"disable_correlation": true,
"object_relation": "lang-id",
"timestamp": "1655990571",
"to_ids": false,
"type": "text",
"uuid": "017d82c3-f6ba-49f5-a97a-f0af6b2d5641",
"value": "000004b0"
},
{
"category": "Other",
"comment": "",
"deleted": false,
"disable_correlation": true,
"object_relation": "product-name",
"timestamp": "1655990571",
"to_ids": false,
"type": "text",
"uuid": "cb0f3351-e9ee-4d75-b647-632c994e13f3",
"value": "DocumentSaver"
},
{
"category": "Other",
"comment": "",
"deleted": false,
"disable_correlation": true,
"object_relation": "product-version",
"timestamp": "1655990571",
"to_ids": false,
"type": "text",
"uuid": "2ee0fedb-39d2-45fd-9415-61d0ad9b1880",
"value": "1.0.0.0"
},
{
"category": "Other",
"comment": "",
"deleted": false,
"disable_correlation": true,
"object_relation": "legal-copyright",
"timestamp": "1655990571",
"to_ids": false,
"type": "text",
"uuid": "acea6c75-73e2-4c29-a217-bfc467858efa",
"value": "Copyright \u00a9 2022"
},
{
"category": "Other",
"comment": "",
"deleted": false,
"disable_correlation": true,
"object_relation": "entrypoint-section-at-position",
"timestamp": "1655990571",
"to_ids": false,
"type": "text",
"uuid": "1beda64b-5607-4446-a3bf-f1fc154bd3a8",
"value": ".text|0"
},
{
"category": "Other",
"comment": "",
"deleted": false,
"disable_correlation": true,
"object_relation": "number-sections",
"timestamp": "1655990571",
"to_ids": false,
"type": "counter",
"uuid": "a2427b6c-d4ef-4d3d-898b-1621e89367c7",
"value": "2"
}
]
},
{
"comment": "",
"deleted": false,
"description": "File object describing a file with meta-information",
"meta-category": "file",
"name": "file",
"template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215",
"template_version": "20",
"timestamp": "1655990571",
"uuid": "ed37f367-ef0e-471c-8635-9067d7dd01e7",
"ObjectReference": [
{
"comment": "PE indicators",
"object_uuid": "ed37f367-ef0e-471c-8635-9067d7dd01e7",
"referenced_uuid": "522f93b9-5306-4866-8983-1ed7fdabfecf",
"relationship_type": "includes",
"timestamp": "1655990571",
"uuid": "eba261c3-fd86-4e77-9ed3-d17e559ad477"
}
],
"Attribute": [
{
"category": "Payload delivery",
"comment": "",
"deleted": false,
"disable_correlation": true,
"object_relation": "filename",
"timestamp": "1655990571",
"to_ids": true,
"type": "filename",
"uuid": "8d77c7f5-a095-4938-a3c7-34f22ce6a7d3",
"value": "2318ae5d7c23bf186b88abecf892e23ce199381b22c8eb216ad1616ee8877933"
},
{
"category": "Other",
"comment": "",
"deleted": false,
"disable_correlation": true,
"object_relation": "size-in-bytes",
"timestamp": "1655990571",
"to_ids": false,
"type": "size-in-bytes",
"uuid": "12a19f0e-54e5-4982-9dab-cc8c7e653e09",
"value": "5433824"
},
{
"category": "Other",
"comment": "",
"deleted": false,
"disable_correlation": true,
"object_relation": "entropy",
"timestamp": "1655990571",
"to_ids": false,
"type": "float",
"uuid": "0d3340a6-a48b-4fb3-9108-494e7a0abfe6",
"value": "7.9971445004064"
},
{
"category": "Payload delivery",
"comment": "",
"deleted": false,
"disable_correlation": false,
"object_relation": "md5",
"timestamp": "1655990571",
"to_ids": true,
"type": "md5",
"uuid": "de5031f8-f401-4379-bcd0-346fa05ad534",
"value": "d3bddb5de864afd7e4f5e56027f4e5ea"
},
{
"category": "Payload delivery",
"comment": "",
"deleted": false,
"disable_correlation": false,
"object_relation": "sha1",
"timestamp": "1655990571",
"to_ids": true,
"type": "sha1",
"uuid": "32d2475f-5ab0-46a5-8754-4c969e5f0f8b",
"value": "ebb0e34f44089fd4cc750b5fe0dcc14f6bb85a11"
},
{
"category": "Payload delivery",
"comment": "",
"deleted": false,
"disable_correlation": false,
"object_relation": "sha256",
"timestamp": "1655990571",
"to_ids": true,
"type": "sha256",
"uuid": "e3aa5063-d4cc-4f8a-a73a-aadf95e3d2e3",
"value": "2318ae5d7c23bf186b88abecf892e23ce199381b22c8eb216ad1616ee8877933"
},
{
"category": "Payload delivery",
"comment": "",
"deleted": false,
"disable_correlation": false,
"object_relation": "sha512",
"timestamp": "1655990571",
"to_ids": true,
"type": "sha512",
"uuid": "de6c777e-179d-4349-96f5-1f542e4fcee0",
"value": "2905af78720fccb1167811b871d0509a6200c9cdc920409c337d30bf89e0be9c77195919e59e67c39dea0f8881d64f272825434e9e9a546df1b74451ee1e13a6"
},
{
"category": "Payload delivery",
"comment": "",
"data": "UEsDBBQACQAIANpq11RQasvV4PJRAODpUgAgABwAZDNiZGRiNWRlODY0YWZkN2U0ZjVlNTYwMjdmNGU1ZWFVVAkAAytptGIrabRidXgLAAEEIQAAAAQhAAAA2YnhGEtNGiRd8/4jFWtf7Me25N1MYX/bAX2I23so56PaJOeaKb4Vdbggy840MCJxPsZu3zfUd56grku5oRW7c/WQ/iGPNQgHJsbEz/O7lw66zCaKzOls/hPrEz281CxCfLIQt3kQA7ZnTo4FTsUDtsYgTjwE5z8z11/+UB3/fNjt7KVCsn+j9LQYkopDxwH+wrNHGRtfkVrTpthT9c/1AOQitw9rdz8ZhWtWd/3QXJc3R7wkmQ6RoS4FRykblm11l98kTXne1C2P+/ZnQwlZtC8mF+Uz1bXOxr+kopS0YqXdJ9vaPSmwitIh2MEKv2O0ntE/OhhkKnkprvdpJMNFGd/+T4X0Bb+IsX3HYzpFY+6jLFeaVALkdb+/fHG5pEHpgv/vl85EjPIdH/fweX+3T2iGQFOXzqS3zzzQIPkl6qK1HHxGdg77SjpKlcY7X/igxM4Mcina9BM1EGflyDqkVa2pYONygcJ3afVqaM/ajMcLIFXNcl8802lFgNMPdRtXy2OV8nXu5E10PAJHb5eid7vq3ebazGM3Y2hejeDxTJZ5zKEiLnpD6IpYlfJClMJL22McQyTgTWa7KaGQNhz9uJ0Tfiw/CFAHuy2qtb5F55EzPmOFscNopu4egbXgpPW8oybI+7wzLY7eYCRt8ngnQpimATfGhEVgs5f9IH2frCZIyGqy3mxVa9rTTEOSAkfC8I0xsB1nStaCgOrusYidlYwKbnNU5a9z0F7EmCJFFxtuZkdkg79K15ohJXUENP/MHkN8YAd1LRQ5sB/yU9FF3xeU7iMBdGPUEYLgMjnZayJGhrjUcUkh1FNZhDRBGMBAEJ6TXCb0hAMXiaDXRQ/+fZGyw7ACMt9+tHqDpZjyPmOzWYJ9y8U/AO35pFVlpi1K1yMUffBEkxu3N1D1I50lP8C7n428nfe0bSmoClz5B6yfZxLO/piJEN1fFozsPK802M0M6dYuXUzgNVbTTn5FDtPySHt9jVV9i7IiQr7uOgZTr8aEAcGS9cr2cx38rKwzkZ3B2edPCKPznaUUyO52YPpzJKTmR1slEXyabQFUvH+PHhRYcyuGU2H/BE0cr1UzLI1VMZrXzErX6pqaURzUZ1v2aO+SWKucp8gP6HI8spDEAOpkLngxXHynZZ4mQJYBCXbqW4cIbRJe7kAfNyIYYvrQaaWghuR3VYwuNClGLXy0X1LSh8WluWve/0J5XGml/XWcY5OcuSyPnkVUey2s/nsAjuKBSJUAymOmKJGju1GkSiGHXruwlIQ3ZjU1fAU6x1UPi0aw0gBOTVlLp8Ow173JD1emutuCl2rb9EnZF7ggQ/AVuuHWcQ+8Vq9FT0+HgbZb+x+G1JTBHbkRYCeYSwrw0dRYMeXzkaFbTMicGeITAvcEyFkOVuNJkcq8yTsMDdfeXDFrwys1WSIXjgVEtmLu0klE3n5mJHtYg9xtfMqLgZMMNCamIQEOdmVUP6LKVInocBfkMgJQxcPoZpxAcq0iaUmET4WKwIYxFRLFB9VPGmuhra0Y2wGhcy5PAel3lJXAUhu+SkPiC7J4Ny8gioZ4L6UhpFSqd5s2iMQWwl1gg/NGHPpEwc7UEoHk9J1JIyyINvPDU2XM3jWkQdWvFfx4/3woeKTPmQV+t1l0RIgrKTTG+Q47xg/CvR4xkLWwhzV3zBNJCqbCE7aOjtKJJgIfKaDXE9SR0vCtEJWKSQ+SeRcZlaG8/cHobOYMy8xsY0Canaz5o0GyGDm9NjHxpAT2ild43D2WUtfwxnh57625QvIhrlRktKhOXHbPIHFVZ89gOh8Lg2VjMbQAWutSkTMJRnDVbAOhd17HJYngVoBt9L7fqty8llPAffoi0gb6nA8op7Bg2zIfodjyy/OSScoJseR7bgsruMsCXL8bmhlLLdpzk5WMCClhM+yOnDw/c9csIszadkb3HUCxTsb22JigBdsfX8m9FgALAI3oseMz2v567an4CgbT9Nl5HqyJlDCfd5Xe5cJaZngPDtVxYwsj3+/NEDj2fmVQIPVzU70avlcs9j9GQQuD1bt2TFCGwviDg3dUZfd+/NQ8Tzn9mt0t/P6mnez5n3btEG1fCre8BTQtvq/mA1O83KRY21lpJGKJ1dKy0hAsLhPzUljxDtJmKrKC8axWOv0lmA7r37ApaJ7vi/QTMj068FRrdT3xmDx51Gh4ffTHWfkX4zjpKzeWIAwFm3N/1tg13yZWj0FNAdj9u0VJTyuC1TMOy6w5/kWxPkm29JuQtGIeypKB4G/SJ++98PoNOpj/t6e7oB0L3QgvoW9j2ZiHrpGdo1swXd5rTEHffXpaQwuodcrX/x+3v1BXJZyrYyNjZ8vwgJ2BckZmlz9lBdTpgd1pATu5/NBuLVW2TSWqAAw72FwwOgqT/3UPsG91xDz8lrmRX+wD9bhjkHl20BQ2HFOpbahUrTkMz14lFWMZtRawg9fZyt5jY9GWvnFDKqWmjkvs6G+OF87OJbYEB9ysijGrFfKjjbaF4ex1arTxIShorQ+YDbD7C9maJ2JbrKmlaOrwQTyzT7AnB86Tw/JN4AaghmDit0IFfZ6eHfknRwOTgSLjMRcmAyCm8BdNiZsPAT/pJvkoriZyyjaGdFTfKdmgPwGtZgVcDsgKjcZod4Yw43ShJB4tUm/AG2SCOc7iEMCCsaRMyPyJcQK7WFuYnMjJZt/QcQ6MsHezuaq3EC2fX7h0n02ddlH8RwqsFwdn/1+Y+2jKk7wSY3eQvQroJq44SD+fj+S91C4G2fad0u7NE6Wh3XUIc+FWwSAhVR/l18E3xEgAxqUw7NZxMPnYV7RqabuA19SfLiUy30O85HKheFFytMRW7Ut0qu/jPWUIuenhK8hg4f4P+Y+MLOsGFSUTZVWQRMNnEY6LqKT9NmROR1Ixoqo+cP91TTsZ7gRYrJ+Uu4Cw2gI5L+Os+7hZ+f1iPWRKuKswLuu2KZUMQPQmyQf4qDxzoqzVtJqm9Zp2JmONUIRubEXPvDrPYe3+DIvgA96m5eE+W6ZGi0WdIc9X2AwLiI3y0WrJRCqFNUQkj8hRxiaVcfU3QSbPSsG1SQgsiVD+M8VIQv9yssAORldhTikSc1KL7X8nAiWssp1xIkMzK9xOB4vZ32xHCI9vGjDvpAD+/hxUSIodAY0Vzo+DvNdLSIO4vHWMLvRLzFnf1YzIoahjMRHWJLTw1wmqKk42nnY9oSm7we/aA7+84pIyFAa5AcUcs4eLBZmc/ipJ3jZx+gZq+SmKkIOoG/QTMw3LL5SHZHAIvfGJ1ventM7oEBESG/hA02J+XBprYl/xnBuSXLio9jUSrSHFAd5C0hWMBYwWot72vAMsWJn7iGo61XqV5dY8GoZbNPs/WquUj1esSypY7533rcOgmtKuI3ROuq2nrYd/cn0FVWq9a1wimG0UjTGIIFHwJUMRZbiOm7di+25FN+rHdnJUgOQE5sFaNs8ij7gDq7ZM2bmCFpud4+LxvUyzZ8L0RyusepNcfOJRbdCjIHhNkKAMNTuqyX5LjTj8CbCuG5YHOjT4WUneSoVi9p2xBEt7tlh+9tszmFeJvnwUV+XT9CF/QPzjlzIRPlEsD8CiZ7w+a7rWs9PWsVlbLatykjkPox53t1kA7MR21I3MQHOuKzwlaj9XI9st7WMVgTnD5Q01eglkJJt45gnfv9x+Q5SmWkEZJ8drU8La1LnqM3ysMBEYQcdFwA45qXd0FgogCPLn6e9ugxatbzmbEeevbHvSZRupxX4xkI2NslgwmwBqwrLeJYTk1BVSPb0W3KUXgZ5UxTLA/MWxAke3sRjyvoG7EXngjQeeDfWx9O1LerPwqlugvQJJh4bkUMIcrhKZx+GL5JCE/MBvuaQYfZwMC0D9HzJdPlnBsO/hsg4UaseSz2d4th1vJVK+t0XxkxaTonOIUD/5w7esAhCjultCM3UXXZPzVB12MZofmOOQVd9rwn
"deleted": false,
"disable_correlation": false,
"object_relation": "malware-sample",
"timestamp": "1655990571",
"to_ids": true,
"type": "malware-sample",
"uuid": "f868cc7b-3001-4749-8f30-0bc0a319ca04",
"value": "2318ae5d7c23bf186b88abecf892e23ce199381b22c8eb216ad1616ee8877933|d3bddb5de864afd7e4f5e56027f4e5ea"
},
{
"category": "Artifacts dropped",
"comment": "",
"deleted": false,
"disable_correlation": true,
"object_relation": "mimetype",
"timestamp": "1655990571",
"to_ids": false,
"type": "mime-type",
"uuid": "f5584271-cfcd-42a9-83e7-3b0fd52bb85b",
"value": "PE32+ executable (GUI) x86-64 Mono/.Net assembly, for MS Windows"
},
{
"category": "Payload delivery",
"comment": "",
"deleted": false,
"disable_correlation": false,
"object_relation": "ssdeep",
"timestamp": "1655990571",
"to_ids": true,
"type": "ssdeep",
"uuid": "c5298e5a-ee52-4eae-b9e1-1f0ca987c330",
"value": "98304:TtClVkoOSfJNp8FUcwti78OqJ7TPBLYVrsk9N8ivyhAdsPSQx3UGgdN:TlobhH8FUcwti7TQlgVN8iNIShN"
}
]
}
2023-04-21 13:25:09 +00:00
]
2023-12-14 14:30:15 +00:00
}
2023-04-21 13:25:09 +00:00
}