adulau/misp-circl-feed
1
0
Fork 0
Code Issues 1 Pull requests Projects 1 Releases Packages Wiki Activity Actions
misp-circl-feed/feeds/circl/misp/4dd5ab8b-f4dd-4d69-9873-745dd8196b94.json

3083 lines
1 MiB
JSON
Raw Normal View History

chg: [feed] added
2023-04-21 13:25:09 +00:00
{
chg: [gen] updated
2023-12-14 14:30:15 +00:00
"Event": {
"analysis": "2",
"date": "2020-10-29",
"extends_uuid": "",
"info": "Ransomware Activity Targeting the Healthcare and Public Health Sector",
"publish_timestamp": "1603991779",
"published": true,
"threat_level_id": "1",
"timestamp": "1603991575",
"uuid": "4dd5ab8b-f4dd-4d69-9873-745dd8196b94",
"Orgc": {
"name": "CIRCL",
"uuid": "55f6ea5e-2c60-40e5-964f-47a8950d210f"
},
"Tag": [
{
"colour": "#004646",
"local": "0",
"name": "type:OSINT",
"relationship_type": ""
},
{
"colour": "#0071c3",
"local": "0",
"name": "osint:lifetime=\"perpetual\"",
"relationship_type": ""
},
{
"colour": "#0087e8",
"local": "0",
"name": "osint:certainty=\"50\"",
"relationship_type": ""
},
{
"colour": "#ffffff",
"local": "0",
"name": "tlp:white",
"relationship_type": ""
},
{
"colour": "#0088cc",
"local": "0",
"name": "misp-galaxy:ransomware=\"Ryuk ransomware\"",
"relationship_type": ""
}
],
"Attribute": [
{
"category": "External analysis",
"comment": "",
"deleted": false,
"disable_correlation": false,
"timestamp": "1603991132",
"to_ids": false,
"type": "link",
"uuid": "e8ed65aa-592a-45ec-b196-1b0c1691145f",
"value": "https://us-cert.cisa.gov/sites/default/files/publications/AA20-302A_Ransomware%20_Activity_Targeting_the_Healthcare_and_Public_Health_Sector.pdf"
},
{
"category": "Network activity",
"comment": "",
"deleted": false,
"disable_correlation": false,
"timestamp": "1603991163",
"to_ids": true,
"type": "domain",
"uuid": "bd941932-ac90-4601-8409-10e3503352eb",
"value": "kostunivo.com"
},
{
"category": "Network activity",
"comment": "",
"deleted": false,
"disable_correlation": false,
"timestamp": "1603991163",
"to_ids": true,
"type": "domain",
"uuid": "df0412b0-20bd-4f3e-a6a5-96163d3a46f0",
"value": "chishir.com"
},
{
"category": "Network activity",
"comment": "",
"deleted": false,
"disable_correlation": false,
"timestamp": "1603991163",
"to_ids": true,
"type": "domain",
"uuid": "a9fa2fee-1f3e-4005-8794-67dd692f2bcc",
"value": "mangoclone.com"
},
{
"category": "Network activity",
"comment": "",
"deleted": false,
"disable_correlation": false,
"timestamp": "1603991163",
"to_ids": true,
"type": "domain",
"uuid": "49b67fc9-c80b-41c6-b775-d90d9f7afbed",
"value": "onixcellent.com"
},
{
"category": "Network activity",
"comment": "This malware used the following legitimate domains to test internet connectivity",
"deleted": false,
"disable_correlation": false,
"timestamp": "1603991232",
"to_ids": false,
"type": "domain",
"uuid": "78b4e579-efca-47ce-9976-09679fb608b8",
"value": "ipecho.net"
},
{
"category": "Network activity",
"comment": "This malware used the following legitimate domains to test internet connectivity",
"deleted": false,
"disable_correlation": false,
"timestamp": "1603991232",
"to_ids": false,
"type": "hostname",
"uuid": "14e059ac-3e14-4f38-987e-117a51a92f94",
"value": "api.ipify.org"
},
{
"category": "Network activity",
"comment": "This malware used the following legitimate domains to test internet connectivity",
"deleted": false,
"disable_correlation": false,
"timestamp": "1603991232",
"to_ids": false,
"type": "hostname",
"uuid": "cfc4d6fe-aff7-4ef3-bc0e-3d9af364a148",
"value": "checkip.amazonaws.com"
},
{
"category": "Network activity",
"comment": "This malware used the following legitimate domains to test internet connectivity",
"deleted": false,
"disable_correlation": false,
"timestamp": "1603991232",
"to_ids": false,
"type": "hostname",
"uuid": "fe185fbe-a117-4afa-acc4-ceecbff4e21c",
"value": "ip.anysrc.net"
},
{
"category": "Network activity",
"comment": "This malware used the following legitimate domains to test internet connectivity",
"deleted": false,
"disable_correlation": false,
"timestamp": "1603991232",
"to_ids": false,
"type": "domain",
"uuid": "debf720a-8aff-41ce-8d1a-b2eaa16e775c",
"value": "wtfismyip.com"
},
{
"category": "Network activity",
"comment": "This malware used the following legitimate domains to test internet connectivity",
"deleted": false,
"disable_correlation": false,
"timestamp": "1603991232",
"to_ids": false,
"type": "domain",
"uuid": "e886f5b9-0b27-46b2-800d-8b2f5e3fb9e3",
"value": "ipinfo.io"
},
{
"category": "Network activity",
"comment": "This malware used the following legitimate domains to test internet connectivity",
"deleted": false,
"disable_correlation": false,
"timestamp": "1603991232",
"to_ids": false,
"type": "domain",
"uuid": "f1a39259-b44b-40c0-87fe-0eedb6f8aa4c",
"value": "icanhazip.com"
},
{
"category": "Network activity",
"comment": "This malware used the following legitimate domains to test internet connectivity",
"deleted": false,
"disable_correlation": false,
"timestamp": "1603991232",
"to_ids": false,
"type": "domain",
"uuid": "19f7be79-61a6-4dd0-8206-b7cf9654c0bf",
"value": "myexternalip.com"
},
{
"category": "Network activity",
"comment": "Anchor_DNSmalware historically used the following C2 servers.",
"deleted": false,
"disable_correlation": false,
"timestamp": "1603991265",
"to_ids": true,
"type": "ip-dst",
"uuid": "f30840fd-4dd7-4060-b255-0696fd7f30a6",
"value": "23.95.97.59"
},
{
"category": "Network activity",
"comment": "Anchor_DNSmalware historically used the following C2 servers.",
"deleted": false,
"disable_correlation": false,
"timestamp": "1603991265",
"to_ids": true,
"type": "ip-dst",
"uuid": "453c92d2-b801-497c-92b8-80128c0e13a3",
"value": "51.254.25.115"
},
{
"category": "Network activity",
"comment": "Anchor_DNSmalware historically used the following C2 servers.",
"deleted": false,
"disable_correlation": false,
"timestamp": "1603991265",
"to_ids": true,
"type": "ip-dst",
"uuid": "7895dbdd-0b55-4934-8464-39492814759c",
"value": "193.183.98.66"
},
{
"category": "Network activity",
"comment": "Anchor_DNSmalware historically used the following C2 servers.",
"deleted": false,
"disable_correlation": false,
"timestamp": "1603991265",
"to_ids": true,
"type": "ip-dst",
"uuid": "0b9b6e76-21bc-4cea-b477-d13cba119cb9",
"value": "91.217.137.37"
},
{
"category": "Network activity",
"comment": "Anchor_DNSmalware historically used the following C2 servers.",
"deleted": false,
"disable_correlation": false,
"timestamp": "1603991265",
"to_ids": true,
"type": "ip-dst",
"uuid": "519fd5a6-0028-42c7-9d27-ece7ebd38147",
"value": "87.98.175.85"
}
],
"Object": [
{
"comment": "",
"deleted": false,
"description": "Object describing a section of a Portable Executable",
"meta-category": "file",
"name": "pe-section",
"template_uuid": "198a17d2-a135-4b25-9a32-5aa4e632014a",
"template_version": "3",
"timestamp": "1603991371",
"uuid": "8e71181f-d0b5-4f70-8649-ca49186d6a73",
"Attribute": [
{
"category": "Other",
"comment": "",
"deleted": false,
"disable_correlation": true,
"object_relation": "name",
"timestamp": "1603991371",
"to_ids": false,
"type": "text",
"uuid": "97e0e022-f853-47f8-9e29-435701f0d3ca",
"value": ".text"
},
{
"category": "Other",
"comment": "",
"deleted": false,
"disable_correlation": true,
"object_relation": "size-in-bytes",
"timestamp": "1603991371",
"to_ids": false,
"type": "size-in-bytes",
"uuid": "9c621fb2-972a-4c29-803e-f48cbeeaad35",
"value": "86528"
},
{
"category": "Other",
"comment": "",
"deleted": false,
"disable_correlation": true,
"object_relation": "entropy",
"timestamp": "1603991371",
"to_ids": false,
"type": "float",
"uuid": "233545c6-6ff8-4278-a7de-dc897a68c370",
"value": "6.6439974526134"
},
{
"category": "Payload delivery",
"comment": "",
"deleted": false,
"disable_correlation": false,
"object_relation": "md5",
"timestamp": "1603991371",
"to_ids": true,
"type": "md5",
"uuid": "a3723fcd-e7e7-42aa-be93-961f5bfa0e1d",
"value": "1a6156069388cca0317d6fa11eb7843d"
},
{
"category": "Payload delivery",
"comment": "",
"deleted": false,
"disable_correlation": false,
"object_relation": "sha1",
"timestamp": "1603991371",
"to_ids": true,
"type": "sha1",
"uuid": "e9968912-ad27-48db-8299-a1a895366e7d",
"value": "65903d8afe5ecc31b2542ed69859ab09856aee00"
},
{
"category": "Payload delivery",
"comment": "",
"deleted": false,
"disable_correlation": false,
"object_relation": "sha256",
"timestamp": "1603991371",
"to_ids": true,
"type": "sha256",
"uuid": "79d991e6-9b7c-451a-aaa6-fb24e9c6c7da",
"value": "e0939125fa698405fb2d990540aa374f6fda817ded22a3085fca750c373688a8"
},
{
"category": "Payload delivery",
"comment": "",
"deleted": false,
"disable_correlation": false,
"object_relation": "sha512",
"timestamp": "1603991371",
"to_ids": true,
"type": "sha512",
"uuid": "104865e1-0cee-4618-ab54-be118cdcecaa",
"value": "aee1add5f8b677d8618808fd8dedf692c6da4a9debc4c42136388a3559cda29844db33111f24b124e123f625be0902fbd5a76375059e89f03d9a65b0c0ad18e8"
},
{
"category": "Payload delivery",
"comment": "",
"deleted": false,
"disable_correlation": false,
"object_relation": "ssdeep",
"timestamp": "1603991371",
"to_ids": true,
"type": "ssdeep",
"uuid": "84956700-7fb2-4de1-9271-d4dfb9e61c51",
"value": "1536:o72ygckp1A7zzVKurqjavQs0Axt7utz0zt8706LDKAxpamck:o72yxKFjavT08Mz0R8g6LDdqS"
}
]
},
{
"comment": "",
"deleted": false,
"description": "Object describing a section of a Portable Executable",
"meta-category": "file",
"name": "pe-section",
"template_uuid": "198a17d2-a135-4b25-9a32-5aa4e632014a",
"template_version": "3",
"timestamp": "1603991371",
"uuid": "f4d243fd-d0cc-4291-9f6c-23f7d9010f53",
"Attribute": [
{
"category": "Other",
"comment": "",
"deleted": false,
"disable_correlation": true,
"object_relation": "name",
"timestamp": "1603991371",
"to_ids": false,
"type": "text",
"uuid": "c788ee05-f966-4dd2-80db-fdd787a5e1d6",
"value": ".burden"
},
{
"category": "Other",
"comment": "",
"deleted": false,
"disable_correlation": true,
"object_relation": "size-in-bytes",
"timestamp": "1603991371",
"to_ids": false,
"type": "size-in-bytes",
"uuid": "11392549-0eeb-43dc-8d5d-cce4e19d17c6",
"value": "312832"
},
{
"category": "Other",
"comment": "",
"deleted": false,
"disable_correlation": true,
"object_relation": "entropy",
"timestamp": "1603991371",
"to_ids": false,
"type": "float",
"uuid": "8c645b38-ac22-4a28-ae2d-205a48abe17f",
"value": "6.428626197749"
},
{
"category": "Payload delivery",
"comment": "",
"deleted": false,
"disable_correlation": false,
"object_relation": "md5",
"timestamp": "1603991371",
"to_ids": true,
"type": "md5",
"uuid": "5fb12833-8298-4183-832f-b592e5b0456f",
"value": "a3c8febccc2edd615ff98e78b8ebf6c2"
},
{
"category": "Payload delivery",
"comment": "",
"deleted": false,
"disable_correlation": false,
"object_relation": "sha1",
"timestamp": "1603991371",
"to_ids": true,
"type": "sha1",
"uuid": "05b2edfc-c725-4ec6-8f8f-7325cf6e27e6",
"value": "071f15d61322c0480bb71690ed114f3736f7844c"
},
{
"category": "Payload delivery",
"comment": "",
"deleted": false,
"disable_correlation": false,
"object_relation": "sha256",
"timestamp": "1603991371",
"to_ids": true,
"type": "sha256",
"uuid": "22436322-e1a6-45d8-a1ac-a7597e6f9091",
"value": "c489a2b966c615504a618c46ab8dbbe94d5f11cec2219113c2d0b62e4bb497d2"
},
{
"category": "Payload delivery",
"comment": "",
"deleted": false,
"disable_correlation": false,
"object_relation": "sha512",
"timestamp": "1603991371",
"to_ids": true,
"type": "sha512",
"uuid": "cf4acdee-a285-4b82-8b8e-6b589aa29dc6",
"value": "6c15e95112868969184d511f5cc35bddd868e8e2a4c61b4c12bff45383e62a0a90fe1fde4bd56fa0dca1523ebf90c05e8a5e08966d3b6f85517156fd5d38d28b"
},
{
"category": "Payload delivery",
"comment": "",
"deleted": false,
"disable_correlation": false,
"object_relation": "ssdeep",
"timestamp": "1603991371",
"to_ids": true,
"type": "ssdeep",
"uuid": "d9841dd7-a0a2-470c-86cf-a1abf6f017c8",
"value": "6144:1TAstnaza+n4KNLJ5kqJnzW+2yNmBdD1fbjSVhqAiFePD:JA0naz9n4K75nxz6yNmBdD1zuVvOeP"
}
]
},
{
"comment": "",
"deleted": false,
"description": "Object describing a section of a Portable Executable",
"meta-category": "file",
"name": "pe-section",
"template_uuid": "198a17d2-a135-4b25-9a32-5aa4e632014a",
"template_version": "3",
"timestamp": "1603991371",
"uuid": "ec9e4c0b-dd07-4f4f-9a59-e29185e95015",
"Attribute": [
{
"category": "Other",
"comment": "",
"deleted": false,
"disable_correlation": true,
"object_relation": "name",
"timestamp": "1603991371",
"to_ids": false,
"type": "text",
"uuid": "ce9ace37-0b1e-44cd-b54c-25998e1129b2",
"value": ".rdata"
},
{
"category": "Other",
"comment": "",
"deleted": false,
"disable_correlation": true,
"object_relation": "size-in-bytes",
"timestamp": "1603991371",
"to_ids": false,
"type": "size-in-bytes",
"uuid": "e6e9eef1-b0e9-4958-8570-7dc7b86e3d5c",
"value": "29696"
},
{
"category": "Other",
"comment": "",
"deleted": false,
"disable_correlation": true,
"object_relation": "entropy",
"timestamp": "1603991371",
"to_ids": false,
"type": "float",
"uuid": "c58b12b6-39c1-44ba-9664-66e628915b99",
"value": "5.2358394051476"
},
{
"category": "Payload delivery",
"comment": "",
"deleted": false,
"disable_correlation": false,
"object_relation": "md5",
"timestamp": "1603991371",
"to_ids": true,
"type": "md5",
"uuid": "2354ed90-5ed4-4c20-8f13-ec609c01a23d",
"value": "913c3b34e97d59ce175470ee9505c267"
},
{
"category": "Payload delivery",
"comment": "",
"deleted": false,
"disable_correlation": false,
"object_relation": "sha1",
"timestamp": "1603991371",
"to_ids": true,
"type": "sha1",
"uuid": "270cfe3b-842c-47b3-aabb-263ecf40b550",
"value": "2c3902cde5e5aace5fee811860541bfd9781508f"
},
{
"category": "Payload delivery",
"comment": "",
"deleted": false,
"disable_correlation": false,
"object_relation": "sha256",
"timestamp": "1603991371",
"to_ids": true,
"type": "sha256",
"uuid": "311d39eb-0cab-47bf-afd3-3531186940da",
"value": "a00b87cda9fe28b5d8980eeb74c1e01e0d5e75f7e7f5df01045695a2f1ef05b8"
},
{
"category": "Payload delivery",
"comment": "",
"deleted": false,
"disable_correlation": false,
"object_relation": "sha512",
"timestamp": "1603991371",
"to_ids": true,
"type": "sha512",
"uuid": "8cf662e7-a811-42fb-b830-8ce4aec3fa37",
"value": "0749fd86bf367c472e4f4ae368ad22761218175e185ad9f9dfa3f9f5476be2b6e28592ed6c198652fd05cc29f873114b93560b2831f6ad5a2ebdd13feefb221b"
},
{
"category": "Payload delivery",
"comment": "",
"deleted": false,
"disable_correlation": false,
"object_relation": "ssdeep",
"timestamp": "1603991371",
"to_ids": true,
"type": "ssdeep",
"uuid": "7956f831-ce6a-4c43-9d34-7b4e2aa9c3ac",
"value": "768:ClWRQxRQUz8cIsWM/MWcdjD9vmq8LsmkABYV1:yhQU1IsWycd/qLsmkV1"
}
]
},
{
"comment": "",
"deleted": false,
"description": "Object describing a section of a Portable Executable",
"meta-category": "file",
"name": "pe-section",
"template_uuid": "198a17d2-a135-4b25-9a32-5aa4e632014a",
"template_version": "3",
"timestamp": "1603991371",
"uuid": "387d11bb-9594-4c6d-a113-32e869d193c4",
"Attribute": [
{
"category": "Other",
"comment": "",
"deleted": false,
"disable_correlation": true,
"object_relation": "name",
"timestamp": "1603991371",
"to_ids": false,
"type": "text",
"uuid": "64813e57-7de8-49ec-b9c9-b406b734e5df",
"value": ".data"
},
{
"category": "Other",
"comment": "",
"deleted": false,
"disable_correlation": true,
"object_relation": "size-in-bytes",
"timestamp": "1603991371",
"to_ids": false,
"type": "size-in-bytes",
"uuid": "88379f73-686b-4fa8-a5d1-6e94bf47918e",
"value": "2560"
},
{
"category": "Other",
"comment": "",
"deleted": false,
"disable_correlation": true,
"object_relation": "entropy",
"timestamp": "1603991371",
"to_ids": false,
"type": "float",
"uuid": "970ac15b-fe53-41e5-879c-bb8c2c544a12",
"value": "2.3240790910852"
},
{
"category": "Payload delivery",
"comment": "",
"deleted": false,
"disable_correlation": false,
"object_relation": "md5",
"timestamp": "1603991371",
"to_ids": true,
"type": "md5",
"uuid": "87bb9b02-f7d0-4d5e-b04f-abfdceb545c2",
"value": "745d3bc689a30f4cb1ca7b563751b8b3"
},
{
"category": "Payload delivery",
"comment": "",
"deleted": false,
"disable_correlation": false,
"object_relation": "sha1",
"timestamp": "1603991371",
"to_ids": true,
"type": "sha1",
"uuid": "db2a6225-bca9-4a0c-92a9-094d6413c2cc",
"value": "9d0ce5f872a3695ca92e74514841b0e7f9093ea8"
},
{
"category": "Payload delivery",
"comment": "",
"deleted": false,
"disable_correlation": false,
"object_relation": "sha256",
"timestamp": "1603991371",
"to_ids": true,
"type": "sha256",
"uuid": "f835730a-cceb-4979-a981-686aaea853f6",
"value": "876f6078e4cf21dfb3f605533fb1dbc6e75ebdc67b72b6fa84328fbc7b06bcc5"
},
{
"category": "Payload delivery",
"comment": "",
"deleted": false,
"disable_correlation": false,
"object_relation": "sha512",
"timestamp": "1603991371",
"to_ids": true,
"type": "sha512",
"uuid": "c61ef760-1aed-4ace-a913-d10fb0007780",
"value": "3969ae5746a8940d97aa43fd7b142afc0332e93f9ab337136966a1cb9d49de284672ce1f5807d7ff17302e2547130ed8989039652f229a3aa5c7f790402db23b"
},
{
"category": "Payload delivery",
"comment": "",
"deleted": false,
"disable_correlation": false,
"object_relation": "ssdeep",
"timestamp": "1603991371",
"to_ids": true,
"type": "ssdeep",
"uuid": "0a9b1fef-9761-42f5-a3b7-1d361d198678",
"value": "24:3lUhBSqe6uSkeKH6uSkeKn8888888jMuLcPmw:1IkjTk4TkhMu4Z"
}
]
},
{
"comment": "",
"deleted": false,
"description": "Object describing a section of a Portable Executable",
"meta-category": "file",
"name": "pe-section",
"template_uuid": "198a17d2-a135-4b25-9a32-5aa4e632014a",
"template_version": "3",
"timestamp": "1603991371",
"uuid": "080646bb-ad2d-49d0-af0b-8b45e1a669d9",
"Attribute": [
{
"category": "Other",
"comment": "",
"deleted": false,
"disable_correlation": true,
"object_relation": "name",
"timestamp": "1603991371",
"to_ids": false,
"type": "text",
"uuid": "23d96e74-534e-43c2-9ae9-4e940cedd733",
"value": ".gfids"
},
{
"category": "Other",
"comment": "",
"deleted": false,
"disable_correlation": true,
"object_relation": "size-in-bytes",
"timestamp": "1603991371",
"to_ids": false,
"type": "size-in-bytes",
"uuid": "82cf5215-3b94-4647-a91a-fbd0e8be46ca",
"value": "512"
},
{
"category": "Other",
"comment": "",
"deleted": false,
"disable_correlation": true,
"object_relation": "entropy",
"timestamp": "1603991371",
"to_ids": false,
"type": "float",
"uuid": "41f4fd74-f40e-498c-a2aa-5bd95c3ce9eb",
"value": "3.3163272910731"
},
{
"category": "Payload delivery",
"comment": "",
"deleted": false,
"disable_correlation": false,
"object_relation": "md5",
"timestamp": "1603991371",
"to_ids": true,
"type": "md5",
"uuid": "f7e29e7b-2794-4c76-981e-06d0bedf93fd",
"value": "18ce9dc21832eebc20c75a15c97067dd"
},
{
"category": "Payload delivery",
"comment": "",
"deleted": false,
"disable_correlation": false,
"object_relation": "sha1",
"timestamp": "1603991371",
"to_ids": true,
"type": "sha1",
"uuid": "3505c5b7-ff31-40c8-8814-3ee2c7294e46",
"value": "715f4b5127b0636939445631f846b13d51143559"
},
{
"category": "Payload delivery",
"comment": "",
"deleted": false,
"disable_correlation": false,
"object_relation": "sha256",
"timestamp": "1603991371",
"to_ids": true,
"type": "sha256",
"uuid": "c4d98f89-a8ef-428c-b830-4c56fde6dfd8",
"value": "c86128ee4d0f408fe829b30926f178285b283618cf6a1d0bcc0d26253b905bfb"
},
{
"category": "Payload delivery",
"comment": "",
"deleted": false,
"disable_correlation": false,
"object_relation": "sha512",
"timestamp": "1603991371",
"to_ids": true,
"type": "sha512",
"uuid": "8caf8a48-7001-480a-a962-b99d484699e8",
"value": "65aa354d80721111af432d0f1426cfea8adec9e7683008f733210b1d05b9bdf5dde731ac20882db0121080779bf2091f4e2080ad3e20a3ce9eabeafb6fd267cb"
},
{
"category": "Payload delivery",
"comment": "",
"deleted": false,
"disable_correlation": false,
"object_relation": "ssdeep",
"timestamp": "1603991371",
"to_ids": true,
"type": "ssdeep",
"uuid": "8fe156ae-b385-42e7-bcc3-72c383f6880c",
"value": "6:keAb7Joim/SlGWH/qlrQjkPalHoliWCyoXQ40+1P/n:kJWSlBHylqF4iWC5XQ40Snn"
}
]
},
{
"comment": "",
"deleted": false,
"description": "Object describing a section of a Portable Executable",
"meta-category": "file",
"name": "pe-section",
"template_uuid": "198a17d2-a135-4b25-9a32-5aa4e632014a",
"template_version": "3",
"timestamp": "1603991371",
"uuid": "22818e90-f9a9-4acc-8d3a-892a49138fb1",
"Attribute": [
{
"category": "Other",
"comment": "",
"deleted": false,
"disable_correlation": true,
"object_relation": "name",
"timestamp": "1603991371",
"to_ids": false,
"type": "text",
"uuid": "519793fb-57f9-436a-9efe-b0565e6353d3",
"value": ".tls"
},
{
"category": "Other",
"comment": "",
"deleted": false,
"disable_correlation": true,
"object_relation": "size-in-bytes",
"timestamp": "1603991371",
"to_ids": false,
"type": "size-in-bytes",
"uuid": "81017b21-ef2c-4552-8903-748aa7204b4c",
"value": "512"
},
{
"category": "Other",
"comment": "",
"deleted": false,
"disable_correlation": true,
"object_relation": "entropy",
"timestamp": "1603991371",
"to_ids": false,
"type": "float",
"uuid": "4bb935a4-786c-44cf-acaa-4f9368213ce3",
"value": "0.50325833477565"
},
{
"category": "Payload delivery",
"comment": "",
"deleted": false,
"disable_correlation": false,
"object_relation": "md5",
"timestamp": "1603991372",
"to_ids": true,
"type": "md5",
"uuid": "a6b8c355-89e6-4b1f-aabd-1d73b9c78ae9",
"value": "6bb7020411c567d010022987d099c31e"
},
{
"category": "Payload delivery",
"comment": "",
"deleted": false,
"disable_correlation": false,
"object_relation": "sha1",
"timestamp": "1603991372",
"to_ids": true,
"type": "sha1",
"uuid": "c5c1c81b-c60b-49fa-8db8-bc759f04280a",
"value": "2243e258f4527b44096ada9ea0bde07d8da965f1"
},
{
"category": "Payload delivery",
"comment": "",
"deleted": false,
"disable_correlation": false,
"object_relation": "sha256",
"timestamp": "1603991372",
"to_ids": true,
"type": "sha256",
"uuid": "4daf4024-a30a-4adf-992e-b90f7792ea7b",
"value": "b7e16632b656ff8dfe82039d030275d178e4e012a2205b596925814aa7df0874"
},
{
"category": "Payload delivery",
"comment": "",
"deleted": false,
"disable_correlation": false,
"object_relation": "sha512",
"timestamp": "1603991372",
"to_ids": true,
"type": "sha512",
"uuid": "0edd5eb1-e5db-4e76-9289-04b0bfb47cd7",
"value": "e948499a2269f607787d8617007bf1dc6af8acb495f324e951786752ad1e4c4adf5b986dcfd3142decaa18f26433a06404a21c749f1df0294d714feaf5feed70"
},
{
"category": "Payload delivery",
"comment": "",
"deleted": false,
"disable_correlation": false,
"object_relation": "ssdeep",
"timestamp": "1603991372",
"to_ids": true,
"type": "ssdeep",
"uuid": "499e9810-3674-4dac-8c63-e99b04ccc297",
"value": "3:F:F"
}
]
},
{
"comment": "",
"deleted": false,
"description": "Object describing a section of a Portable Executable",
"meta-category": "file",
"name": "pe-section",
"template_uuid": "198a17d2-a135-4b25-9a32-5aa4e632014a",
"template_version": "3",
"timestamp": "1603991372",
"uuid": "4eaa6d85-7fd1-41a2-ae7e-6e35356e62b5",
"Attribute": [
{
"category": "Other",
"comment": "",
"deleted": false,
"disable_correlation": true,
"object_relation": "name",
"timestamp": "1603991372",
"to_ids": false,
"type": "text",
"uuid": "feec3851-74c8-4be4-aa7b-bfe5f03eb027",
"value": ".rsrc"
},
{
"category": "Other",
"comment": "",
"deleted": false,
"disable_correlation": true,
"object_relation": "size-in-bytes",
"timestamp": "1603991372",
"to_ids": false,
"type": "size-in-bytes",
"uuid": "f8316991-5bd3-44a0-986a-559f1471418c",
"value": "512"
},
{
"category": "Payload delivery",
"comment": "",
"deleted": false,
"disable_correlation": false,
"object_relation": "md5",
"timestamp": "1603991372",
"to_ids": true,
"type": "md5",
"uuid": "bbe67d40-e90d-454e-9f63-befb4ffe235c",
"value": "4ae71336e44bf9bf79d2752e234818a5"
},
{
"category": "Payload delivery",
"comment": "",
"deleted": false,
"disable_correlation": false,
"object_relation": "sha1",
"timestamp": "1603991372",
"to_ids": true,
"type": "sha1",
"uuid": "54594228-6c0c-43a7-b5e4-6624e66275f2",
"value": "e129f27c5103bc5cc44bcdf0a15e160d445066ff"
},
{
"category": "Payload delivery",
"comment": "",
"deleted": false,
"disable_correlation": false,
"object_relation": "sha256",
"timestamp": "1603991372",
"to_ids": true,
"type": "sha256",
"uuid": "19e38adc-943c-4b0f-9976-0e184661646f",
"value": "374708fff7719dd5979ec875d56cd2286f6d3cf7ec317a3b25632aab28ec37bb"
},
{
"category": "Payload delivery",
"comment": "",
"deleted": false,
"disable_correlation": false,
"object_relation": "sha512",
"timestamp": "1603991372",
"to_ids": true,
"type": "sha512",
"uuid": "36961dcc-8d45-4ad9-a461-f693ea084f0b",
"value": "0b6cbac838dfe7f47ea1bd0df00ec282fdf45510c92161072ccfb84035390c4da743d9c3b954eaa1b0f86fc9861b23cc6c8667ab232c11c686432ebb5c8c3f27"
},
{
"category": "Payload delivery",
"comment": "",
"deleted": false,
"disable_correlation": false,
"object_relation": "ssdeep",
"timestamp": "1603991372",
"to_ids": true,
"type": "ssdeep",
"uuid": "d016e8d2-e20e-43ac-b875-03b543b6e97b",
"value": "3::"
}
]
},
{
"comment": "",
"deleted": false,
"description": "Object describing a section of a Portable Executable",
"meta-category": "file",
"name": "pe-section",
"template_uuid": "198a17d2-a135-4b25-9a32-5aa4e632014a",
"template_version": "3",
"timestamp": "1603991372",
"uuid": "1a683a48-3a2b-4e23-9bf3-ff147f81c7c7",
"Attribute": [
{
"category": "Other",
"comment": "",
"deleted": false,
"disable_correlation": true,
"object_relation": "name",
"timestamp": "1603991372",
"to_ids": false,
"type": "text",
"uuid": "0f05c263-4f17-4efb-9984-1ecf0fc9f8fa",
"value": ".reloc"
},
{
"category": "Other",
"comment": "",
"deleted": false,
"disable_correlation": true,
"object_relation": "size-in-bytes",
"timestamp": "1603991372",
"to_ids": false,
"type": "size-in-bytes",
"uuid": "235b1e45-1c05-4653-b647-cbe18c868d5b",
"value": "5120"
},
{
"category": "Other",
"comment": "",
"deleted": false,
"disable_correlation": true,
"object_relation": "entropy",
"timestamp": "1603991372",
"to_ids": false,
"type": "float",
"uuid": "f9102e80-aa12-4cf3-ba3c-f2cd0754a83d",
"value": "6.5792252046316"
},
{
"category": "Payload delivery",
"comment": "",
"deleted": false,
"disable_correlation": false,
"object_relation": "md5",
"timestamp": "1603991372",
"to_ids": true,
"type": "md5",
"uuid": "91bd1339-2c9e-473e-9983-87d76065cb92",
"value": "e15d79b564ee2b18a3a5abc9bfde36aa"
},
{
"category": "Payload delivery",
"comment": "",
"deleted": false,
"disable_correlation": false,
"object_relation": "sha1",
"timestamp": "1603991372",
"to_ids": true,
"type": "sha1",
"uuid": "13a6a54c-a274-441d-af00-bfe1a3aeccdc",
"value": "3b6f1f23b058d48e7ad34d881735f41cc6151b48"
},
{
"category": "Payload delivery",
"comment": "",
"deleted": false,
"disable_correlation": false,
"object_relation": "sha256",
"timestamp": "1603991372",
"to_ids": true,
"type": "sha256",
"uuid": "08220978-2b3d-46c7-9106-6da0301ed6f9",
"value": "0803b7bc445f44d22788d9adbcdcedc71ba3ceffe5ad4fccfac39ba65002c1dd"
},
{
"category": "Payload delivery",
"comment": "",
"deleted": false,
"disable_correlation": false,
"object_relation": "sha512",
"timestamp": "1603991372",
"to_ids": true,
"type": "sha512",
"uuid": "bfd11d45-0a79-44a9-888f-7e0129648a47",
"value": "b9c9c21587935b9ee013b8b8643c95bed56a9a5a076af537db132d71acda4ac0d02c34b9e0044149083a69a4085e115f2311eabb3d71b080fd593dd247464c82"
},
{
"category": "Payload delivery",
"comment": "",
"deleted": false,
"disable_correlation": false,
"object_relation": "ssdeep",
"timestamp": "1603991372",
"to_ids": true,
"type": "ssdeep",
"uuid": "db909ab6-1a40-47bc-abbb-46af062cfa4f",
"value": "96:TsB2U8zf3WznEUqv0NwgGDW53WHJHIrnHIDHH7HHPnnndnnn307wG:TsB4Qu0NtGDWwpqWnbvndnk0G"
}
]
},
{
"comment": "",
"deleted": false,
"description": "Object describing a Portable Executable",
"meta-category": "file",
"name": "pe",
"template_uuid": "cf7adecc-d4f0-4e88-9d90-f978ee151a07",
"template_version": "5",
"timestamp": "1603991372",
"uuid": "514a0357-fe50-4aff-ab00-30c627a5d58f",
"ObjectReference": [
{
"comment": "Section 0 of PE",
"object_uuid": "514a0357-fe50-4aff-ab00-30c627a5d58f",
"referenced_uuid": "8e71181f-d0b5-4f70-8649-ca49186d6a73",
"relationship_type": "includes",
"timestamp": "0",
"uuid": "f9e73c05-08f8-4c49-a752-a6fd06b9710d"
},
{
"comment": "Section 1 of PE",
"object_uuid": "514a0357-fe50-4aff-ab00-30c627a5d58f",
"referenced_uuid": "f4d243fd-d0cc-4291-9f6c-23f7d9010f53",
"relationship_type": "includes",
"timestamp": "0",
"uuid": "2634e009-c8a9-4864-b11e-8f379bb66df6"
},
{
"comment": "Section 2 of PE",
"object_uuid": "514a0357-fe50-4aff-ab00-30c627a5d58f",
"referenced_uuid": "ec9e4c0b-dd07-4f4f-9a59-e29185e95015",
"relationship_type": "includes",
"timestamp": "0",
"uuid": "ca817278-d61f-48df-9968-87f616eed25f"
},
{
"comment": "Section 3 of PE",
"object_uuid": "514a0357-fe50-4aff-ab00-30c627a5d58f",
"referenced_uuid": "387d11bb-9594-4c6d-a113-32e869d193c4",
"relationship_type": "includes",
"timestamp": "0",
"uuid": "d98c6dd1-0713-4d38-a50b-ad0190e8f0de"
},
{
"comment": "Section 4 of PE",
"object_uuid": "514a0357-fe50-4aff-ab00-30c627a5d58f",
"referenced_uuid": "080646bb-ad2d-49d0-af0b-8b45e1a669d9",
"relationship_type": "includes",
"timestamp": "0",
"uuid": "3c1340b3-a90f-4b7c-b971-c278041d2fd0"
},
{
"comment": "Section 5 of PE",
"object_uuid": "514a0357-fe50-4aff-ab00-30c627a5d58f",
"referenced_uuid": "22818e90-f9a9-4acc-8d3a-892a49138fb1",
"relationship_type": "includes",
"timestamp": "0",
"uuid": "8fa5fff1-ad77-4d4b-9257-06f11f2a2de7"
},
{
"comment": "Section 6 of PE",
"object_uuid": "514a0357-fe50-4aff-ab00-30c627a5d58f",
"referenced_uuid": "4eaa6d85-7fd1-41a2-ae7e-6e35356e62b5",
"relationship_type": "includes",
"timestamp": "0",
"uuid": "c5b6a68c-cb2e-4a23-8bfc-6908ba652d9e"
},
{
"comment": "Section 7 of PE",
"object_uuid": "514a0357-fe50-4aff-ab00-30c627a5d58f",
"referenced_uuid": "1a683a48-3a2b-4e23-9bf3-ff147f81c7c7",
"relationship_type": "includes",
"timestamp": "0",
"uuid": "3e16952b-269c-4fd3-903e-876bf37d11de"
}
],
"Attribute": [
{
"category": "Other",
"comment": "",
"deleted": false,
"disable_correlation": true,
"object_relation": "type",
"timestamp": "1603991372",
"to_ids": false,
"type": "text",
"uuid": "4ae55d3f-e383-4c74-8125-7a568dda603f",
"value": "exe"
},
{
"category": "Other",
"comment": "",
"deleted": false,
"disable_correlation": true,
"object_relation": "entrypoint-address",
"timestamp": "1603991372",
"to_ids": false,
"type": "text",
"uuid": "3b23a639-840f-432d-9563-e2a9aed8023d",
"value": "4211218"
},
{
"category": "Other",
"comment": "",
"deleted": false,
"disable_correlation": false,
"object_relation": "compilation-timestamp",
"timestamp": "1603991372",
"to_ids": false,
"type": "datetime",
"uuid": "95df4445-2ca2-430c-ac8a-592bfd9b8ce0",
"value": "2019-07-26T04:33:36+00:00"
},
{
"category": "Other",
"comment": "",
"deleted": false,
"disable_correlation": true,
"object_relation": "number-sections",
"timestamp": "1603991372",
"to_ids": false,
"type": "counter",
"uuid": "21c48ea2-ffa3-4d36-9070-53c7e16d7fd5",
"value": "8"
}
]
},
{
"comment": "",
"deleted": false,
"description": "File object describing a file with meta-information",
"meta-category": "file",
"name": "file",
"template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215",
"template_version": "20",
"timestamp": "1603991372",
"uuid": "cbec37bb-c9bb-471c-8238-0a925aa633bf",
"ObjectReference": [
{
"comment": "PE indicators",
"object_uuid": "cbec37bb-c9bb-471c-8238-0a925aa633bf",
"referenced_uuid": "514a0357-fe50-4aff-ab00-30c627a5d58f",
"relationship_type": "includes",
"timestamp": "0",
"uuid": "09e0275c-b59d-4a05-ab08-ad3707bbc953"
}
],
"Attribute": [
{
"category": "Payload delivery",
"comment": "",
"deleted": false,
"disable_correlation": true,
"object_relation": "filename",
"timestamp": "1603991372",
"to_ids": true,
"type": "filename",
"uuid": "2db85e23-a30f-4f56-8e1f-ddddd589f087",
"value": "52a1ca4e65a99f997db0314add8c3b84c6f257844eda73ae6e5debce6abc2bd4"
},
{
"category": "Other",
"comment": "",
"deleted": false,
"disable_correlation": true,
"object_relation": "size-in-bytes",
"timestamp": "1603991372",
"to_ids": false,
"type": "size-in-bytes",
"uuid": "b94cd0b6-f8e6-416a-a268-8ec02ed229e9",
"value": "439296"
},
{
"category": "Other",
"comment": "",
"deleted": false,
"disable_correlation": true,
"object_relation": "entropy",
"timestamp": "1603991372",
"to_ids": false,
"type": "float",
"uuid": "c9eca5af-f01d-4ccf-b39d-fe1f7ecba6b3",
"value": "6.4598925247235"
},
{
"category": "Payload delivery",
"comment": "",
"deleted": false,
"disable_correlation": false,
"object_relation": "md5",
"timestamp": "1603991372",
"to_ids": true,
"type": "md5",
"uuid": "61c9d210-f8ed-4d8c-97a2-0e29911e66e4",
"value": "19a36d6f300a39a4fa4b02ec31e05405"
},
{
"category": "Payload delivery",
"comment": "",
"deleted": false,
"disable_correlation": false,
"object_relation": "sha1",
"timestamp": "1603991372",
"to_ids": true,
"type": "sha1",
"uuid": "05333edc-f08b-44da-b169-d0cdde964804",
"value": "8c98a1b82cc925c3a2de77a07f25452d9083d26e"
},
{
"category": "Payload delivery",
"comment": "",
"deleted": false,
"disable_correlation": false,
"object_relation": "sha256",
"timestamp": "1603991372",
"to_ids": true,
"type": "sha256",
"uuid": "a1668143-911d-4f15-bc89-9986b80e290c",
"value": "52a1ca4e65a99f997db0314add8c3b84c6f257844eda73ae6e5debce6abc2bd4"
},
{
"category": "Payload delivery",
"comment": "",
"deleted": false,
"disable_correlation": false,
"object_relation": "sha512",
"timestamp": "1603991372",
"to_ids": true,
"type": "sha512",
"uuid": "bc4efc5c-bdc8-4530-b2c7-2a1269d77a91",
"value": "5ae63a270bf6efcf1e7d0b9d43ddea6592703d3e1ed5bea39c292bb999fe5f5c084f9f0fd930397b5247d425846a4e2066fc31a69d9b71381fedfc0fd7bb797e"
},
{
"category": "Payload delivery",
"comment": "",
"data": "UEsDBBQACQAIADCJXVHLAAvtIZsDAAC0BgAgABwAMTlhMzZkNmYzMDBhMzlhNGZhNGIwMmVjMzFlMDU0MDVVVAkAA0z3ml9M95pfdXgLAAEEIQAAAAQhAAAAfd58vMx9F7adFFmsAMBvaOfegMPf0TXkKy7koYwas5+U6u3oacyQTbW2pHIM45fO8lHednDumlnNrDHplF20GI7kZ/1smTUrdvUQSpWrAHZp9xtVEQbBYt2+SjRy8GIiIwe2T2xtMd0SccoQN6ch1wDuvrqJcMiO86hOXjFEtAWZwrpu2eA+nS4UXUl6lkXlvb7Yya++vX3u/jaXqQWRj/KWlhRtLAS1OUw+uBHZn0AjI313glPGUu/F5yNbVaWBYpXMtvz0NpzrIKOEQf8S7NbzxubrTkSMVm/KtzV1w0kB0/IJuKesU3CfHBJ4nQumd9FMPvMtLTleyYoA3TuO47y7KJ43X2NOXQhRxarsRAE4oGMPqfDTtmKrcPMg+bt62Vyd6ugdqlfkgXZFCqQIxzBE4qz/QLwz8AXdpNZK1d/i3BFnsBdh9iLG2LQWLAXOSWj6iCK+AnnxjpeVccpU6uG1TPbJx9uLGmnbpYiZNesLb7u1YdIVrVk5amjUf9E5SgsqGxa+kRFXowslLwYBYMhmrSyDp4Fd1ZJiBblZtMvHVhAIiyY5DRQt4uqtkAdJrQFPAGp1Mi1Um+PPiN2IPsFgPse00v5BDil6k2xj0RL3WpkQsyLLqBZE9EUhbjf3RIWTbXnx6wNwTKRtN2rqhcAvgSI6+y3UHd2Bfs7VLfQ0GoeP82t5zzNEqbjQmg7bLu+XhdQqpah0QGnbj+W6Et4wFyi/5SED1SSFJz3mJh8+keX0NU35q7khi3xqY0UaT1fwm2K3qKTwL43TK9kuwqdl9pMNTbleO4JoXH9Kor4VYnQGB8ZoLexGZvmbX3+bf5IXpNrbgmrqBWFzLrpXkdwEB2a67MDXv5iUmWJ0kfF2SBpoMEtWjfWX9gutGvFwwd+1hh7emcwwc+gmUST0xPsJP0yVJxR3eFCbJW+Fg1D/Ds1My278prN0vFcL68am6Avlm3f65E9grM0SjdfBR1augMLwpJAaPD+PkThM32h9auZLklKBoQ5QxdIUUzYqtc7ZkTJR5iqehEveZXg5jEAV3QPOAD3uIXA5DHvWtyGXCQlZJ2a5h21MMzFXGK6MaPV9X64WOF2qkwLpxm/UFqZIMOkiibGOq4f3+b1qT3o/uguEivkNfz8dMNtgWUc2wvKdxiHDS5MYnHtQjeDkiizcVN1FUPehZMX7A9e9W9fmCd2crq2xdP08w2UvYBX5jeJ50QZICWoeWyM+MOuDcpHQ0yYH0YLw1oS3zmt1ed6boo6EjW/YJp2aMTQu1RerGJV397BcG+7QYTMCZhVM7B6pbDKw1PNt6CgP2/AYfi5ERa4GRMIN7NmTbHqTL7p6xomEdKn1JC+jZj4loHkDxVqBNVoJMDDBr1WCGGMULCO04O+JNothkaa37OYDW3550q89PHB+g3CgKZaeC0U0DhxELdgHH97rPDt6uLDXdYbctVHDequeg5Lk1KI4+ukHzz2UmlD73EhE1rIYBB9WRcd+5VB7oKqd8WnUFyRHoYZIhQxgKEYbpQdMuRLB7brCdE+M3HGj+D0KGc1QeGKx76fVRsgp6blbEKn2cokD7Twx4ExlFBE/emOlBLJvjoTC4BEsVZyHtJ0xg3o/i8lgznDoGNjQJiIWmQoD+xMnlrYNZ9lk10nOVZ1DVokg2oh2iX3VZT9ZSh8bS8zSb3dO3yz1vkU660GBSyG7nCqcMn2Wj89pJccnQaxFHNY0aodaEDiuWoFq0h6418UEncQIEY7EOaWdcKHVo+2WTOrdn51QiFzjEaKfu5thxCWov2C9EWw8Bs6fXFoyNM/rvpeliku7eC5ndr/aM2OcQQiW+4OG/ukCQd/ZY6GMqAmRz/lXoEnkl54MBzjZ3liNTEr5v7BusbiYKhPVHy4kOaBIVlLdgzW92ERaTdLnnTetNrpd6PsHmTwCAhapMr9KjTuDPc8NrtcNxfyQ3RhKqq4IHHZI9X94WrpJl1TdriUi/w5CGBMS6ZuHjll3RPo48vrg/BZ+XdnHQ5MqzOxb7lZmFx6PUd/RKWjolMpAfUh1Dw/g5d6ys8mXNk1dqdZZiLeoXE6arbZ37W1L8gS8tw5bDS64V9/CSdSAlAXh7wZusDlLY0pu45UmYP7rDSkZbPrQDT5MxSSdWh07jHMfX+gWCHsF3A+zrWSVTjbSF2xaPc3pGlSVii5IxuUWfjf/a9jI2NUJdUkVozoSC9UHFK/IyKMAorwI9tdqiTWso7KU4NNn/qB/nFWctE6I5PtctouqBlGKqNzd8qWh82iWwygnF+SwhIvPaFqxI/tJTWOSma4pm5JAxvrp8ScrjNz6DxyvfGFyulPZF6YMIjBgqo8aHr9WH3YF7tN7swSvKRbbRZAfRsJ2g6lYpAb8DJcKnnoey9yCJ0jZ5Kjau63AuGfaziK+n74hX5AOMJS+Z5iaBLjq92mVdXaAwsGxe+165q5LRzmyDyLsTq6G+iXffY2rtpN0b/kQkPVlqUVQsXRrUKS+bkZWGXQ0wOUSvYBFgJW6Hk121+aqfY3qTPQoryxdEEZmRuGNGP4AanrDP+PzNFgrhnR+3iQZG+bA7QlCnmt0kG0H5qDsnHADYQAJL1F8D1OGakJTCicjjaf6dZga20IQ6RlJidJ9zVARjKyUT00Pc0Yr8yR3fKKup0KL9dCP0XprokU6Ujq9FkCQRsUJ0kQrlzWmuCmgt5Kj8Q8GtR5Qzvlrcl41QzHQ8LXVek3ldmGweZfoDvE8XfvSVWGyV7vKaYNiaOg6k/Invos9Qn7Cp2OuYl3p9TP+9b30nSRihn39kaIDqKaPOQDlqIwkz7WozLwpofzKeG85F6pPvLcECUFGllL5Pl17JZ4N1o2rcAhDw+8ZR2vtB8/SCB7GzjnJL8Pyh7QPWOooJSEdG5had6ExG7HjlNhT9vnRKLUdgivEIfgivDFT93IhDELhox4Lzo7oOG5NCDxLxMlitVVxYltw2WifM7w9Xta3Bof2hVjYw7dOyIIZta3BkGGSZsYl8iS3cEl2LtUsQ1NOtVqOKX0RMcSOZ+LwIArG7ikx0LqwQ1T/B1QiZItu+GX5p+RxEBBvKtlpO2XqVHj8hAVEAVNwais1l/jNaqfslrKCoNf/gxejD8tGaZVLKn3uJofoFRgBnOtXI9XfYjbM8TQebGyGqobL/4mqdBYLdad5OL06i3NvvO9dlAsA/Jr8P+PV87SU3wb0SvhG9vA/qHtUNiR16s7KwVf8P6gvFEuYrAvpYPcu3Oy9ACfRsWpbjb7fTQsgNou7Q6iZ2mqWG6dHe8sjI35iYvUP20k1F2JEdzzUH6O51exnBrZatEsjqgfQyQfxfxQQAOHqW2o2z1Mt5GDO9o5cpVh+OGihHmWq4R7BpZCCntkhq8ETlh5bkl6uOeaIhq4UXLTao6UfS3S4eTYKfGqXIqsSXUW4czGVO1mtKBYGPlXgQgr3gvzBqNKhEwEDUWv7GZsgFiciEVt1mdaOizjmwLdO5FDsHKjPs3MUSqMBkAxR2xAmnPbvi2rGzKKy1TO/3/w+gKEIib3/Ni+/X2wDjqOXdsxHJSvzZFCui6TwM5VOwj/bQBAKWjDTyN/o1zrWAKUm5MNmL9rTix7TtePAkROs3KmZw4O+h1SvDUmfRdGbeEFSxuRAxL3wLgHwNgI3zyvGKOnzD6XwPq81xNAW0EWjrOMbQ+jArcYVcUcH+vcU//3kpxt7LEBP3+QOk324A2BtgKlbPbFpobBUCHdjqCUci9ayVEdlTK0jsQrNAKLJwgwMvzZa6VY1hUjNX1hn4Q+4Ih2EV1N8q/75X4ZavI6eGMKb2NYhwEgEJ9ISQMPQn8rddjM9jfrLFqvdkvzTYmb3grGA6luVBOMJYZkrFoaK1IqnW5sBoyWYs+5kT64oErt5avk/5y8IvlhAWAA/x2mbK+Jjt37VoJCe0IKURW1XsUIHeA1EiXJR16iWCh
"deleted": false,
"disable_correlation": false,
"object_relation": "malware-sample",
"timestamp": "1603991372",
"to_ids": true,
"type": "malware-sample",
"uuid": "dfeec36f-d73c-4129-a1bb-bfb78d43e097",
"value": "52a1ca4e65a99f997db0314add8c3b84c6f257844eda73ae6e5debce6abc2bd4|19a36d6f300a39a4fa4b02ec31e05405"
},
{
"category": "Artifacts dropped",
"comment": "",
"deleted": false,
"disable_correlation": true,
"object_relation": "mimetype",
"timestamp": "1603991372",
"to_ids": false,
"type": "mime-type",
"uuid": "e91e33df-c383-4d43-b98c-f07055f210c0",
"value": "PE32 executable (GUI) Intel 80386, for MS Windows"
},
{
"category": "Payload delivery",
"comment": "",
"deleted": false,
"disable_correlation": false,
"object_relation": "ssdeep",
"timestamp": "1603991372",
"to_ids": true,
"type": "ssdeep",
"uuid": "a89354b8-2978-4bb3-ae1a-bd1c21e1b0f3",
"value": "12288:hjaid3A0naz9n4K75nxz6yNmBdD1zuVvOePD8+:gidQ0nVK75np6WmBdDtuBl"
}
]
},
{
"comment": "",
"deleted": false,
"description": "Object describing a section of a Portable Executable",
"meta-category": "file",
"name": "pe-section",
"template_uuid": "198a17d2-a135-4b25-9a32-5aa4e632014a",
"template_version": "3",
"timestamp": "1603991489",
"uuid": "5c1b581d-6404-4eaa-96c6-f3e0075bcbad",
"Attribute": [
{
"category": "Other",
"comment": "",
"deleted": false,
"disable_correlation": true,
"object_relation": "name",
"timestamp": "1603991489",
"to_ids": false,
"type": "text",
"uuid": "aa607192-4626-499c-9771-86233b4d5cbe",
"value": ".text"
},
{
"category": "Other",
"comment": "",
"deleted": false,
"disable_correlation": true,
"object_relation": "size-in-bytes",
"timestamp": "1603991489",
"to_ids": false,
"type": "size-in-bytes",
"uuid": "19b8d675-43cf-425d-8ce9-1c36217098b9",
"value": "94208"
},
{
"category": "Other",
"comment": "",
"deleted": false,
"disable_correlation": true,
"object_relation": "entropy",
"timestamp": "1603991489",
"to_ids": false,
"type": "float",
"uuid": "3fe4037f-1935-4250-a0d9-c333199f5f9f",
"value": "6.4101642781078"
},
{
"category": "Payload delivery",
"comment": "",
"deleted": false,
"disable_correlation": false,
"object_relation": "md5",
"timestamp": "1603991489",
"to_ids": true,
"type": "md5",
"uuid": "b0ff8ce3-fa33-4fc5-9c7a-b57c8ce9b233",
"value": "8628b0cf097fba619bd38b63a00f765e"
},
{
"category": "Payload delivery",
"comment": "",
"deleted": false,
"disable_correlation": false,
"object_relation": "sha1",
"timestamp": "1603991489",
"to_ids": true,
"type": "sha1",
"uuid": "704b6bcd-751e-4475-9c7e-7232cdd747c0",
"value": "012e64cce9c109fa4cceda31b367cbc612d90217"
},
{
"category": "Payload delivery",
"comment": "",
"deleted": false,
"disable_correlation": false,
"object_relation": "sha256",
"timestamp": "1603991489",
"to_ids": true,
"type": "sha256",
"uuid": "1db2bede-16ee-4d71-a543-d7b40d751206",
"value": "3a1db7508223187b2eb61c4833632690bfd94f02f9964885f2123c077ad3bf9e"
},
{
"category": "Payload delivery",
"comment": "",
"deleted": false,
"disable_correlation": false,
"object_relation": "sha512",
"timestamp": "1603991489",
"to_ids": true,
"type": "sha512",
"uuid": "7b32ff45-6cb9-4549-86a1-0f7e38a30c01",
"value": "5c8c8416d4c2409d676f90b5f2acd34059a1fae146dff985409adea43803db08958efd28d438c7d0d5b42e6df573ffdfed3205cfcd56f9fc881c47c4673399ba"
},
{
"category": "Payload delivery",
"comment": "",
"deleted": false,
"disable_correlation": false,
"object_relation": "ssdeep",
"timestamp": "1603991489",
"to_ids": true,
"type": "ssdeep",
"uuid": "91ace5e7-cba8-496b-9d3e-46c44d4d84fc",
"value": "1536:zRT2Q7d77gCfSveAhyXe9Me7FlVm4PerQkin5jEbM1JIqaNFZnEqo3l:zRT2QhnPSveAhyXAoNQki5j0M9l"
}
]
},
{
"comment": "",
"deleted": false,
"description": "Object describing a section of a Portable Executable",
"meta-category": "file",
"name": "pe-section",
"template_uuid": "198a17d2-a135-4b25-9a32-5aa4e632014a",
"template_version": "3",
"timestamp": "1603991489",
"uuid": "762b0e45-f3a3-4166-8b15-3a709565b2c1",
"Attribute": [
{
"category": "Other",
"comment": "",
"deleted": false,
"disable_correlation": true,
"object_relation": "name",
"timestamp": "1603991489",
"to_ids": false,
"type": "text",
"uuid": "514d8054-7224-4e6e-9fa8-af4760ba342d",
"value": ".rdata"
},
{
"category": "Other",
"comment": "",
"deleted": false,
"disable_correlation": true,
"object_relation": "size-in-bytes",
"timestamp": "1603991489",
"to_ids": false,
"type": "size-in-bytes",
"uuid": "c772b70d-0b56-4e66-bf19-72c924110458",
"value": "27136"
},
{
"category": "Other",
"comment": "",
"deleted": false,
"disable_correlation": true,
"object_relation": "entropy",
"timestamp": "1603991489",
"to_ids": false,
"type": "float",
"uuid": "a29f97d5-72d0-4ea2-a1b4-55e1f3961554",
"value": "4.9129159222507"
},
{
"category": "Payload delivery",
"comment": "",
"deleted": false,
"disable_correlation": false,
"object_relation": "md5",
"timestamp": "1603991489",
"to_ids": true,
"type": "md5",
"uuid": "7ca1304f-af54-48b1-931f-f1f15f85a6e4",
"value": "e22999a9929769d75082d70844d7c7a0"
},
{
"category": "Payload delivery",
"comment": "",
"deleted": false,
"disable_correlation": false,
"object_relation": "sha1",
"timestamp": "1603991489",
"to_ids": true,
"type": "sha1",
"uuid": "ceb217f9-c513-429d-9dcc-3e518cf6bf79",
"value": "18894f7ce836606b19174184eb76948233766a8a"
},
{
"category": "Payload delivery",
"comment": "",
"deleted": false,
"disable_correlation": false,
"object_relation": "sha256",
"timestamp": "1603991489",
"to_ids": true,
"type": "sha256",
"uuid": "9cc4dfe5-4090-40af-b6e2-84843b6ba86c",
"value": "9cce729e84759dd88a8c0300d76442d2867e4df619d0ce4b8a7dc720bebd63d9"
},
{
"category": "Payload delivery",
"comment": "",
"deleted": false,
"disable_correlation": false,
"object_relation": "sha512",
"timestamp": "1603991489",
"to_ids": true,
"type": "sha512",
"uuid": "20c3a877-f552-4844-89db-db92d8ca29e5",
"value": "25e2877febfe05947b39ae0c41f68caa45f18d59131d376555ede109adb5b4839d366439de41a98245896a01a5764548d1b7c2582c45eedc4f6aa1263dd67ec9"
},
{
"category": "Payload delivery",
"comment": "",
"deleted": false,
"disable_correlation": false,
"object_relation": "ssdeep",
"timestamp": "1603991489",
"to_ids": true,
"type": "ssdeep",
"uuid": "a042d966-2144-45df-8892-c2f6fd7e86c1",
"value": "384:CN2LWdqX4kO17qCwC1fdzaFflxuZ1uDC8SRN2AExwzvy5P:CSQcYeF98/fb65P"
}
]
},
{
"comment": "",
"deleted": false,
"description": "Object describing a section of a Portable Executable",
"meta-category": "file",
"name": "pe-section",
"template_uuid": "198a17d2-a135-4b25-9a32-5aa4e632014a",
"template_version": "3",
"timestamp": "1603991489",
"uuid": "ba247d9b-6233-460b-a4a2-b8e5e33db725",
"Attribute": [
{
"category": "Other",
"comment": "",
"deleted": false,
"disable_correlation": true,
"object_relation": "name",
"timestamp": "1603991489",
"to_ids": false,
"type": "text",
"uuid": "46f7a66b-f0c4-4b6e-b0ca-bf7eb8a02ed9",
"value": ".data"
},
{
"category": "Other",
"comment": "",
"deleted": false,
"disable_correlation": true,
"object_relation": "size-in-bytes",
"timestamp": "1603991489",
"to_ids": false,
"type": "size-in-bytes",
"uuid": "5d4b3675-029b-41cd-836c-3071e2d1bf67",
"value": "8704"
},
{
"category": "Other",
"comment": "",
"deleted": false,
"disable_correlation": true,
"object_relation": "entropy",
"timestamp": "1603991489",
"to_ids": false,
"type": "float",
"uuid": "23dc3dd4-7e53-4927-8bd8-375754c96ac3",
"value": "3.2256052928237"
},
{
"category": "Payload delivery",
"comment": "",
"deleted": false,
"disable_correlation": false,
"object_relation": "md5",
"timestamp": "1603991489",
"to_ids": true,
"type": "md5",
"uuid": "8f612f36-f7d7-4e96-9701-d042b9cb16f1",
"value": "2816ac35c958df0c0df066d1e4264f4f"
},
{
"category": "Payload delivery",
"comment": "",
"deleted": false,
"disable_correlation": false,
"object_relation": "sha1",
"timestamp": "1603991489",
"to_ids": true,
"type": "sha1",
"uuid": "3fd935e5-261e-49a0-848d-6f17acd78225",
"value": "45619f6852bad9f448f208c2746b31c95fd8291e"
},
{
"category": "Payload delivery",
"comment": "",
"deleted": false,
"disable_correlation": false,
"object_relation": "sha256",
"timestamp": "1603991489",
"to_ids": true,
"type": "sha256",
"uuid": "dce8098a-5f6e-41cc-8226-6c18fa9237f7",
"value": "065168dfc2127cd19931a0e1d2c73b4d271b9b1717d4ab867106743ef6d8ef49"
},
{
"category": "Payload delivery",
"comment": "",
"deleted": false,
"disable_correlation": false,
"object_relation": "sha512",
"timestamp": "1603991489",
"to_ids": true,
"type": "sha512",
"uuid": "a093f877-8b44-4972-8fe0-531d67cac19d",
"value": "6a16d31e84c3bc4dd1362435a3c7099fb171b17c8f1bfc4e41435e044f0f64b346f6525a333a21d7cad9a7a40e5e4b107077eff99b388f66c98aa13a822a54e0"
},
{
"category": "Payload delivery",
"comment": "",
"deleted": false,
"disable_correlation": false,
"object_relation": "ssdeep",
"timestamp": "1603991489",
"to_ids": true,
"type": "ssdeep",
"uuid": "bdbf6612-c62a-4fb7-b6fd-e9a539781646",
"value": "96:j3FuiBgtodYRBEmkVr+jHUhoSkb/heMlhiQL:7Fl51Zs0Ib/heMlhiI"
}
]
},
{
"comment": "",
"deleted": false,
"description": "Object describing a section of a Portable Executable",
"meta-category": "file",
"name": "pe-section",
"template_uuid": "198a17d2-a135-4b25-9a32-5aa4e632014a",
"template_version": "3",
"timestamp": "1603991489",
"uuid": "d06622bc-83da-486f-a8ec-d13a099f9594",
"Attribute": [
{
"category": "Other",
"comment": "",
"deleted": false,
"disable_correlation": true,
"object_relation": "name",
"timestamp": "1603991489",
"to_ids": false,
"type": "text",
"uuid": "af43e7f4-019f-4be2-8a4b-762ff67c6cab",
"value": ".pdata"
},
{
"category": "Other",
"comment": "",
"deleted": false,
"disable_correlation": true,
"object_relation": "size-in-bytes",
"timestamp": "1603991489",
"to_ids": false,
"type": "size-in-bytes",
"uuid": "809a2bb7-a18e-4afc-8f0f-00f71b09ce59",
"value": "5632"
},
{
"category": "Other",
"comment": "",
"deleted": false,
"disable_correlation": true,
"object_relation": "entropy",
"timestamp": "1603991489",
"to_ids": false,
"type": "float",
"uuid": "2aa6f58f-a509-4db5-97b1-f891eb3ab117",
"value": "5.1217357737132"
},
{
"category": "Payload delivery",
"comment": "",
"deleted": false,
"disable_correlation": false,
"object_relation": "md5",
"timestamp": "1603991489",
"to_ids": true,
"type": "md5",
"uuid": "1f9dde5f-567c-40d4-9f27-8a39d1e8faa4",
"value": "dac77eefc8154688c07f61f79acb6d43"
},
{
"category": "Payload delivery",
"comment": "",
"deleted": false,
"disable_correlation": false,
"object_relation": "sha1",
"timestamp": "1603991489",
"to_ids": true,
"type": "sha1",
"uuid": "1a142b6e-5bd2-4b8c-8244-36e5dadf4781",
"value": "8c9bdad92f57312b18f9554d2a6f37f9af15f0b5"
},
{
"category": "Payload delivery",
"comment": "",
"deleted": false,
"disable_correlation": false,
"object_relation": "sha256",
"timestamp": "1603991489",
"to_ids": true,
"type": "sha256",
"uuid": "ef8d823f-ba19-4a12-9aa5-a2e05a371ea4",
"value": "c34f816065ede3f5f70e851d85b8676710705b94674e1b4feaf210848c4a3d55"
},
{
"category": "Payload delivery",
"comment": "",
"deleted": false,
"disable_correlation": false,
"object_relation": "sha512",
"timestamp": "1603991489",
"to_ids": true,
"type": "sha512",
"uuid": "926fca81-0829-4e33-94dd-ca3612585679",
"value": "4c73d0cb21d888bb50b7383bbd7c43e4ca634882d6e57646ed8769c0f9ded1134dda1ba178bb9881866a023e9cca8e3f97dfd0b3ebf8410984046d15e835ce29"
},
{
"category": "Payload delivery",
"comment": "",
"deleted": false,
"disable_correlation": false,
"object_relation": "ssdeep",
"timestamp": "1603991489",
"to_ids": true,
"type": "ssdeep",
"uuid": "3bba77f1-6765-4bca-af7a-8bc58b4e3cac",
"value": "96:MEWeeoTZYyOirrNRGCA5c78SHZyAoIXx75ui5LCCR++JUXhkfZT6sO1UkfCGhZ8C:tZYRVx5otHcDgqi5LCP+JUhcJ6V1ffC8"
}
]
},
{
"comment": "",
"deleted": false,
"description": "Object describing a section of a Portable Executable",
"meta-category": "file",
"name": "pe-section",
"template_uuid": "198a17d2-a135-4b25-9a32-5aa4e632014a",
"template_version": "3",
"timestamp": "1603991489",
"uuid": "1baf4488-d4a7-4697-96f5-adaab26fd82c",
"Attribute": [
{
"category": "Other",
"comment": "",
"deleted": false,
"disable_correlation": true,
"object_relation": "name",
"timestamp": "1603991489",
"to_ids": false,
"type": "text",
"uuid": "802c4d4b-88af-4796-a92f-eca7b65f5162",
"value": ".rsrc"
},
{
"category": "Other",
"comment": "",
"deleted": false,
"disable_correlation": true,
"object_relation": "size-in-bytes",
"timestamp": "1603991489",
"to_ids": false,
"type": "size-in-bytes",
"uuid": "abb50d3b-3969-47f4-a408-4810b461c017",
"value": "317440"
},
{
"category": "Other",
"comment": "",
"deleted": false,
"disable_correlation": true,
"object_relation": "entropy",
"timestamp": "1603991489",
"to_ids": false,
"type": "float",
"uuid": "729c7a90-e30d-4ef8-8928-547b708c20ba",
"value": "7.9697842957611"
},
{
"category": "Payload delivery",
"comment": "",
"deleted": false,
"disable_correlation": false,
"object_relation": "md5",
"timestamp": "1603991489",
"to_ids": true,
"type": "md5",
"uuid": "1b6254f7-a5ff-4615-83ac-59ca0da90857",
"value": "da4a462a980ab048aaccd45ffe13f085"
},
{
"category": "Payload delivery",
"comment": "",
"deleted": false,
"disable_correlation": false,
"object_relation": "sha1",
"timestamp": "1603991489",
"to_ids": true,
"type": "sha1",
"uuid": "da14dd5f-c397-4a4a-9ade-ceea95fc3da0",
"value": "c0829122a4b089010035bb7b9c3de2bf32f95f15"
},
{
"category": "Payload delivery",
"comment": "",
"deleted": false,
"disable_correlation": false,
"object_relation": "sha256",
"timestamp": "1603991489",
"to_ids": true,
"type": "sha256",
"uuid": "1f889040-e82f-4d07-8c48-3680c42b8c1b",
"value": "c8cc02782a3ff32f45bbdf392b1bc1f2b519aa41ea953b02f8afb890857b613d"
},
{
"category": "Payload delivery",
"comment": "",
"deleted": false,
"disable_correlation": false,
"object_relation": "sha512",
"timestamp": "1603991489",
"to_ids": true,
"type": "sha512",
"uuid": "a1ea9187-a3f5-48b0-a882-d48a37a05647",
"value": "8a1769a1c442e00dfce0aed7520f6f5089c93f35231a7468ec75f6792e5897f313960bcb43454849908ed1a92b46e8e797f2b77060ac273e69feebe7aacf1de6"
},
{
"category": "Payload delivery",
"comment": "",
"deleted": false,
"disable_correlation": false,
"object_relation": "ssdeep",
"timestamp": "1603991489",
"to_ids": true,
"type": "ssdeep",
"uuid": "86fa1dc7-6a65-4923-9ea3-6a5286718f98",
"value": "6144:uk1181pk4Me9dSqPUNPjHyOOTZtJbutWE2d7O5GwyqUAP/Rgcfe7M9/OylWjJ:uDDzPUYhbvAiwgf8WfF"
}
]
},
{
"comment": "",
"deleted": false,
"description": "Object describing a section of a Portable Executable",
"meta-category": "file",
"name": "pe-section",
"template_uuid": "198a17d2-a135-4b25-9a32-5aa4e632014a",
"template_version": "3",
"timestamp": "1603991489",
"uuid": "670e5a03-ff66-4e61-8bb6-6a054d9095c9",
"Attribute": [
{
"category": "Other",
"comment": "",
"deleted": false,
"disable_correlation": true,
"object_relation": "name",
"timestamp": "1603991489",
"to_ids": false,
"type": "text",
"uuid": "4a1ebada-5451-4ec1-9cd7-0df352120e9b",
"value": ".reloc"
},
{
"category": "Other",
"comment": "",
"deleted": false,
"disable_correlation": true,
"object_relation": "size-in-bytes",
"timestamp": "1603991489",
"to_ids": false,
"type": "size-in-bytes",
"uuid": "007fb2a7-8c60-410d-9072-f5a40e1d7da6",
"value": "2560"
},
{
"category": "Other",
"comment": "",
"deleted": false,
"disable_correlation": true,
"object_relation": "entropy",
"timestamp": "1603991489",
"to_ids": false,
"type": "float",
"uuid": "eba2df00-d162-4bbc-bb17-a3d2abd71f3f",
"value": "3.3939335771088"
},
{
"category": "Payload delivery",
"comment": "",
"deleted": false,
"disable_correlation": false,
"object_relation": "md5",
"timestamp": "1603991489",
"to_ids": true,
"type": "md5",
"uuid": "801e8c8b-d438-4469-920b-3277f12b3367",
"value": "66c57a5b73ec1b0dc9e561accc7cd1d5"
},
{
"category": "Payload delivery",
"comment": "",
"deleted": false,
"disable_correlation": false,
"object_relation": "sha1",
"timestamp": "1603991489",
"to_ids": true,
"type": "sha1",
"uuid": "c27c9c02-0301-4218-ae5d-928aa92635b1",
"value": "1acda3cdc3d026eed2f3492885fe56d0d69a4d40"
},
{
"category": "Payload delivery",
"comment": "",
"deleted": false,
"disable_correlation": false,
"object_relation": "sha256",
"timestamp": "1603991489",
"to_ids": true,
"type": "sha256",
"uuid": "7e2532a9-fab3-49c5-ba4b-5df6e2c5090f",
"value": "b8247eed26046f4101e3eaf3480b35b562b34a54d89fb6a6d7223b7fe16d3efd"
},
{
"category": "Payload delivery",
"comment": "",
"deleted": false,
"disable_correlation": false,
"object_relation": "sha512",
"timestamp": "1603991489",
"to_ids": true,
"type": "sha512",
"uuid": "98f0719a-0b3b-47dd-b69c-07394326a330",
"value": "8cf040b10ec18aad20a7fbcb79bbbee0cf8cf7e9092eeb9ec82059b99d239693815241cef6fef59439d5fe82f97b4a405ac11b2d5d65a05233f0abd12d10cc1c"
},
{
"category": "Payload delivery",
"comment": "",
"deleted": false,
"disable_correlation": false,
"object_relation": "ssdeep",
"timestamp": "1603991489",
"to_ids": true,
"type": "ssdeep",
"uuid": "a081d600-5ef2-414b-9dfe-1562a381d789",
"value": "12:EDEmlHoAIgok4nnJdEM3EMUH83/2v0vvGI1YIPPZkcnXFY/rH//A/Q3wMoXAXogp:EDEhEM3EMUH8ev0vvpnXSwMp"
}
]
},
{
"comment": "",
"deleted": false,
"description": "Object describing a Portable Executable",
"meta-category": "file",
"name": "pe",
"template_uuid": "cf7adecc-d4f0-4e88-9d90-f978ee151a07",
"template_version": "5",
"timestamp": "1603991490",
"uuid": "41d3b2e1-81c2-4c49-ace8-98e8b040a5ab",
"ObjectReference": [
{
"comment": "Section 0 of PE",
"object_uuid": "41d3b2e1-81c2-4c49-ace8-98e8b040a5ab",
"referenced_uuid": "5c1b581d-6404-4eaa-96c6-f3e0075bcbad",
"relationship_type": "includes",
"timestamp": "0",
"uuid": "9013f538-ba60-4023-845d-8fbb9b00d9b5"
},
{
"comment": "Section 1 of PE",
"object_uuid": "41d3b2e1-81c2-4c49-ace8-98e8b040a5ab",
"referenced_uuid": "762b0e45-f3a3-4166-8b15-3a709565b2c1",
"relationship_type": "includes",
"timestamp": "0",
"uuid": "98c6ccdf-038b-423d-bb0d-04eddd06b56d"
},
{
"comment": "Section 2 of PE",
"object_uuid": "41d3b2e1-81c2-4c49-ace8-98e8b040a5ab",
"referenced_uuid": "ba247d9b-6233-460b-a4a2-b8e5e33db725",
"relationship_type": "includes",
"timestamp": "0",
"uuid": "704e9aa1-eca7-47b5-937d-486ec651074a"
},
{
"comment": "Section 3 of PE",
"object_uuid": "41d3b2e1-81c2-4c49-ace8-98e8b040a5ab",
"referenced_uuid": "d06622bc-83da-486f-a8ec-d13a099f9594",
"relationship_type": "includes",
"timestamp": "0",
"uuid": "3a00ab7f-609c-45e5-afa3-5d14bddfb09c"
},
{
"comment": "Section 4 of PE",
"object_uuid": "41d3b2e1-81c2-4c49-ace8-98e8b040a5ab",
"referenced_uuid": "1baf4488-d4a7-4697-96f5-adaab26fd82c",
"relationship_type": "includes",
"timestamp": "0",
"uuid": "b1d1ccaf-a698-4ed2-8798-aaf097f4ef12"
},
{
"comment": "Section 5 of PE",
"object_uuid": "41d3b2e1-81c2-4c49-ace8-98e8b040a5ab",
"referenced_uuid": "670e5a03-ff66-4e61-8bb6-6a054d9095c9",
"relationship_type": "includes",
"timestamp": "0",
"uuid": "8f120765-fc4a-4a6d-86d0-16732a31e609"
}
],
"Attribute": [
{
"category": "Other",
"comment": "",
"deleted": false,
"disable_correlation": true,
"object_relation": "type",
"timestamp": "1603991489",
"to_ids": false,
"type": "text",
"uuid": "486e3932-d51e-4000-bd11-753d66315993",
"value": "exe"
},
{
"category": "Other",
"comment": "",
"deleted": false,
"disable_correlation": true,
"object_relation": "entrypoint-address",
"timestamp": "1603991489",
"to_ids": false,
"type": "text",
"uuid": "c1361483-c6dc-45eb-9107-47796a8ec087",
"value": "5368723276"
},
{
"category": "Other",
"comment": "",
"deleted": false,
"disable_correlation": false,
"object_relation": "compilation-timestamp",
"timestamp": "1603991489",
"to_ids": false,
"type": "datetime",
"uuid": "23810586-aa5f-4b00-9a8e-741272cb552b",
"value": "2020-10-20T14:37:52+00:00"
},
{
"category": "Other",
"comment": "",
"deleted": false,
"disable_correlation": true,
"object_relation": "number-sections",
"timestamp": "1603991489",
"to_ids": false,
"type": "counter",
"uuid": "df3b183e-841b-4d2a-a1c2-8c5025c5ba4c",
"value": "6"
}
]
},
{
"comment": "",
"deleted": false,
"description": "File object describing a file with meta-information",
"meta-category": "file",
"name": "file",
"template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215",
"template_version": "20",
"timestamp": "1603991490",
"uuid": "d2b2cfec-65d0-498d-b201-ed5065badc7e",
"ObjectReference": [
{
"comment": "PE indicators",
"object_uuid": "d2b2cfec-65d0-498d-b201-ed5065badc7e",
"referenced_uuid": "41d3b2e1-81c2-4c49-ace8-98e8b040a5ab",
"relationship_type": "includes",
"timestamp": "0",
"uuid": "622ee50a-21e0-4e65-a727-f228a7fe691f"
}
],
"Attribute": [
{
"category": "Payload delivery",
"comment": "",
"deleted": false,
"disable_correlation": true,
"object_relation": "filename",
"timestamp": "1603991489",
"to_ids": true,
"type": "filename",
"uuid": "729d777f-6107-4783-8a11-f8db4a656dca",
"value": "7226219330a9bb9da14b7f056be6cab2e42e37a4a19fab6dfa626094f6b57c55"
},
{
"category": "Other",
"comment": "",
"deleted": false,
"disable_correlation": true,
"object_relation": "size-in-bytes",
"timestamp": "1603991489",
"to_ids": false,
"type": "size-in-bytes",
"uuid": "51426c67-87d3-42ec-8b1e-1a90b7491f95",
"value": "456704"
},
{
"category": "Other",
"comment": "",
"deleted": false,
"disable_correlation": true,
"object_relation": "entropy",
"timestamp": "1603991490",
"to_ids": false,
"type": "float",
"uuid": "87e94eb7-812a-4518-815f-d0af32838ba6",
"value": "7.6463870355623"
},
{
"category": "Payload delivery",
"comment": "",
"deleted": false,
"disable_correlation": false,
"object_relation": "md5",
"timestamp": "1603991490",
"to_ids": true,
"type": "md5",
"uuid": "4ee95f7f-e328-40b6-82ae-d220e069f93c",
"value": "64e0ad30c95db4ecd8ef0c3f8c2a86a0"
},
{
"category": "Payload delivery",
"comment": "",
"deleted": false,
"disable_correlation": false,
"object_relation": "sha1",
"timestamp": "1603991490",
"to_ids": true,
"type": "sha1",
"uuid": "5a7cd1bf-374a-4246-82f4-fc13300ecb96",
"value": "a6c8ce5f6db05cee6d144780a9c15822f86e9e76"
},
{
"category": "Payload delivery",
"comment": "",
"deleted": false,
"disable_correlation": false,
"object_relation": "sha256",
"timestamp": "1603991490",
"to_ids": true,
"type": "sha256",
"uuid": "2ba0b6da-0e86-4ad6-a496-ba541612444d",
"value": "7226219330a9bb9da14b7f056be6cab2e42e37a4a19fab6dfa626094f6b57c55"
},
{
"category": "Payload delivery",
"comment": "",
"deleted": false,
"disable_correlation": false,
"object_relation": "sha512",
"timestamp": "1603991490",
"to_ids": true,
"type": "sha512",
"uuid": "e7b5cd33-0401-4327-b145-477ebca3df6f",
"value": "076035f2d2f2822adc7303fe5f89752b645745cb4bfab18ef1ed0fbb38d28ed7e008cdd52d1ca0fb178982cf1b1767faa2be0ba449c6cfc5079caa37cd615fda"
},
{
"category": "Payload delivery",
"comment": "",
"data": "UEsDBBQACQAIAG+JXVFyZEYBE8EFAAD4BgAgABwANjRlMGFkMzBjOTVkYjRlY2Q4ZWYwYzNmOGMyYTg2YTBVVAkAA8L3ml/C95pfdXgLAAEEIQAAAAQhAAAAbi/4GWziOFMXjiJiYWZPufm+kMCk0yiY736RrNmehInq1MWL0q7SZuZVlgDaPQyiIrVb0iKvTQWfAMSo+0WNKv5xx4Py1zAgnqK9qjMJWpRyDS2R6AE74s76JxibYpE9Bz3coYJOr7NZBCElXbndgHyzGfxNrcNIROp47AJE+g2efTJw8dxOrs8mBblQh5oT4/ERiTKyaGfoR4JbwCzwc3yyRtIEN6lfKcKTiPoMVxeUBiAIblNqK+CYJVXxK1Juvft2Bkaas9IIXovjhVxyBiMaaYKXNAo9LRWJiSKB4HAmQVdSKCHI6RAqmTcqlfPwg/mHMRgexNT9WnMZERyTGcnIZPgp1aWxK1rimFc/2Op1UGO/awZs0oKvidHSwNUvoq2X5jGnHEOZpqlCmkIsXMfZJOhDPYHINg3ZjyA84J3y3nHBw6hIbBQ7rMkyMkM3R6TQZCobfqU9AC3yLnW5P60yRjOscpiLTi3LQ38cfH2bjL+p+dPjmPJC92w5zkldw+sbi8RzprF0r5UNItX3EriRMJxkECHh/LPyv/RODNR90e5wKkLF6dWqPrLYgfpzYsShm4yOLja53+5ZGgUj9DN8//ldvIe6RY0VFB+yC9bErPU1AJ97x7GfM1i+2rJiG5QMgWmJepRZSt5qrkwpeUVQjLY836JMz3IqI51NcOPTLNE9MDtnDl2N7qpwPpt4y6NF9cdLJjlDKTZ6Tx27qRBpIngh6rIrUDQZgVDslF9uxyhtz6MRtjcAtUeUR9+oWiM1gT/LcvD5AgIpECy43joiELrepmoVKL/4Dq3dLK2UhBbkULA9lEqrIH43a+uDYaU7Ka8BoZqwyOF8nu4h0Kf+dQ+gVtiqzCmgKzjefOMpRcIIHeGKlPvAuz6OI8pCH0b5fdcdFnOdd/JEgWlyb9Xoblb6nQOfT7xE5FKBhzut5BLbv3y9DXT7imH+3rKGsN6LrjWuP3untoPfDpJ4u9J4OaI9lnNuMvRL5GEASsLmrSHDRNtDNvEyBzf59WnJNfID9d0HalcLgvpj00u67HR9fQo9dWQ6vcM8keEeIWs/PPL1dyzRGFDSv6nQXFXNm52adcTGQFHuZ0GMqJXgbe0CvIt835S2z0AdmMJyuBIphba8fe98osXGhcO4t8H1whcCLm6RWSdRu/Yf6ZoBTLCK7sR66zaZa1z9WnD8rAZtNXHz9l/9xBfnWFehMhsi6HuWtZxesipcSLJumZpjkm2qP+x2FikSXZv5nmoqwKTbQj6ehjXS37w1F0kbyJrwscg/DDMoLT2x9Q9SiHsZ2xpk/PmtTZrGQ9+IPvK9JaypHzU4CGw6RUeXKMAP6AoZeDuIV8QG/mvo63gzER+iBK/pW7qf63jWHvCzIhSpXkPlUKDvPpWfjik3EkrGW9E1hDfOczROiIyBkcQzTuuoajYGRgrNvGxlg7bsUL2FCDT9zBcCOkReQmlHISF46KXd2ndacsxv2TpiAZdVCp0wl0PTgs9lkcAu1+p4jt8MgHV/wOaANlSGu6PoqgHWUz4PBfhn7rUjz7/giEXj+H9HYHKW75pw+yqED9ztcw6CE34xUJzksiUFo+RBt/bPR4sX+QLdwn8m1xCb3Dtp2ZlFZrNVYMYFixd7WAV+Jpxc4ymOxhwTlU3TflMH4e+dK+zeBkxAI9Vjy68A2+5Mlns659ebIuMIf9WnE93EEuUOSj/9geBMqwus/+VaaKEri4hrsrc1PPYg9sni5WnMAow2sWJHWjw7rR71bv4PhZHY/YInQnnXXjFbu3oMnV31rRmDhXrmh/4V3qJjiWj4JGpkhgALMdhE0xiWju60YEVn+32UI2QY2Y0RwfyjPDJZ8rEzBXmHZdIhEB7yULwGMmjncTKkoh0SGTmZN4CXcWuWtOy7NWncxBwf4nqu9AbKTi/Wm0afLlw2a0PH6JFsp35gcPGWilKNE1xnIBcWZZFw7RYOO99WhxABnaYY0Osf/TiF1nkCW5Kg8cP6mNO8e9NskYxne5GQ3YeinFdO5+1uIg1ZHP0kspamBkJuXGTxSsretbNV1JKRe3bqOKgwlwDNof6DhfCJvk1XeckQMG6wdWlMXzNCOjB/AFOicxwHdklHczur1X6Bt4ZdeqoJtSYv2h428adZIhusIw7brRn/9zU6X7qKEeMnuUSsC0qlWraQnmLcDh6iBQYPfCFnFnYnlqkmZX27B+Dt9OFwIK1rCKRrEnx7GDhZ2sE+jDR+Xlpj72jUDcr8uSD3yKIeBt1UE7aqh/gxW1j99qeTHNY9A0OsDddGDoaDyrxHYQxe1u8EcQuIZejeJnMJen+MbTOBn9/KsBCCLkMPLquZ1kmgxcJJ7xRI7RFAJyi/7qCz9k/e6ooPIhFS0CbSx1WsnG4yuX1qwYI8CPn3nG5+DDFynyb2EKYGZpzk59bTbcoUieo51wnbrKxNCn1QaQacNShLP3P+waWIyH1biIc335rOuuyOMJxrTpusjv7GXIWjMTgisHNld6lGaUfudcAuP63EOL7oo9Rx/+ZqgL4JQKrhZJI0cf3JuS+D9sjECv3hov2HltkcIJTa24Zrp17545R7GmqU7zhD7HMnu8XntHzL5Y9bIle+ckWrnmear+yKENL0OibBawHjWcTE4B/zOz3SF/XfFzHRRmIZ5OiS6g0hWQPw9eoCaBHmdO22YOqT7Z9NnbuxUvacLu28foeWmH+lIKsg/OKhwxvMybRJI/WREXQwXAxiRo9N4I1aoRPgzA7ajsTsveOFvTAH/2vJXTELnUGznxqjP7hTV2elyDCJlLLA5os/FZfmlD7BnEKjv9yKEM8HKFO32OEr5h165MvpwH1h1UeaEYpUod6OXdq1UGg+nyC6TFNFLPmqMTlxJnJUUVQt6h/xNYxKjiN9RnAmSWM8/jMUFCMI4XD5dWcVn3UDaCGLseYkTZk2bBaHtJT5uvBlfG3rDNAfmoCiW3RUa5xscpuZq+BeCb89ibzUzSL1AUpnZ6nz3KclGKlb25WVt1p0LfrGraXOkidD3QRkv4WDYLORSKCUH/HK94AkwFjncTK1CiBLuU5UZRr/3aCgdY9ijntCb2j9d+kwlsMp+1mW73IlYhf2tmsOGxNgI/KOeG0jGTtw/w+sMPjrzzg1F+3Pxb1+nIvh5BNPvEJWkOtdOqZXUzf+bAmSLIwufAx94mg9B6oN0OE5Dtllp+Gd3y5KFFNN1oSY6WuE+GiKM8Mh4wH+rKfBP+qPAtKuUjcYQK5RJ0nAb3tim7m703clLNet65a9pIX91uW0MLORpYp4Jd9fKcfpy02VQdmnlu2P09DbGZ7G5qoKWBsB5arpVEIFuDCrRzxZJB7cGch2w8AI/D/4BZEaaIWUYYyrcJ8kmIuaCLj8iXSPysjc7botS+bv1UrtSl6nRUhkfnlI2sJjuu3JlaKCSKbH1TyNRdbNHrLQePwH0cRiDkarW6RSpGPflKtbXrpeHuuy6qNfxshZ5lBRlKhR7eBTTGhriCj86GZZ1QnN0YrDNFVgtsQB9bQIh1d31VY9P2c81ojQbA79RMhZF90rws/w+J6OMqxsa/s4doeUaoBE6fFVisbhTtMHx3T4yi+NVCT5d8myH7LItBBbkBCW2Xl2j1Lj23eXGnKzxBiYpiIbVpZlHNs/IW6csH5eB5GQNO+1mcTF4K03rrr3g4Fvco3sJFluB4kgfoDd1vq3F0/sE9l07kRJFKWWcp6CQKQFhNgS5lt1J5DNyx1clK2dYhMFgmNX5udLP9O5IAOiMPZK6mlPb1E+aCAby4B1ZJVps+ym0tJi3iIy/HtCdsECytW3p38HLcn75GVfh2lyEs8y9CvainuWQ8i9jIWEiw8jx3fT3Ha0wqNJD90yBaMuvC3tN36skPyAp1uDyVERbWDDa8a5Gk8kAmb3yRfbP/feDc2h8Pws9xcvNTZlpUVhXOK3YiQ8SJqJGGPlOA
"deleted": false,
"disable_correlation": false,
"object_relation": "malware-sample",
"timestamp": "1603991490",
"to_ids": true,
"type": "malware-sample",
"uuid": "ea43ee11-2276-4fdc-ab02-7274e6897cad",
"value": "7226219330a9bb9da14b7f056be6cab2e42e37a4a19fab6dfa626094f6b57c55|64e0ad30c95db4ecd8ef0c3f8c2a86a0"
},
{
"category": "Artifacts dropped",
"comment": "",
"deleted": false,
"disable_correlation": true,
"object_relation": "mimetype",
"timestamp": "1603991490",
"to_ids": false,
"type": "mime-type",
"uuid": "b15372b3-153d-4fea-a42c-06e982187ead",
"value": "PE32+ executable (GUI) x86-64, for MS Windows"
},
{
"category": "Payload delivery",
"comment": "",
"deleted": false,
"disable_correlation": false,
"object_relation": "ssdeep",
"timestamp": "1603991490",
"to_ids": true,
"type": "ssdeep",
"uuid": "170407ce-5fa6-4971-b03e-935b7efd0a3e",
"value": "6144:HRTFhPSF8Paki5jVsOmVhk1181pk4Me9dSqPUNPjHyOOTZtJbutWE2d7O5GwyqUd:xTFhayJhDDzPUYhbvAiwgf8Wf"
}
]
},
{
"comment": "",
"deleted": false,
"description": "Object describing a section of a Portable Executable",
"meta-category": "file",
"name": "pe-section",
"template_uuid": "198a17d2-a135-4b25-9a32-5aa4e632014a",
"template_version": "3",
"timestamp": "1603991490",
"uuid": "050c7b9c-4024-4168-85b1-f97902fe2936",
"Attribute": [
{
"category": "Other",
"comment": "",
"deleted": false,
"disable_correlation": true,
"object_relation": "name",
"timestamp": "1603991490",
"to_ids": false,
"type": "text",
"uuid": "ebcd6dcb-a7e3-44b0-a4b0-a22b427e04c7",
"value": ".text"
},
{
"category": "Other",
"comment": "",
"deleted": false,
"disable_correlation": true,
"object_relation": "size-in-bytes",
"timestamp": "1603991491",
"to_ids": false,
"type": "size-in-bytes",
"uuid": "22a350f0-ca47-49aa-b02a-1ae2bd3ae9de",
"value": "152064"
},
{
"category": "Other",
"comment": "",
"deleted": false,
"disable_correlation": true,
"object_relation": "entropy",
"timestamp": "1603991491",
"to_ids": false,
"type": "float",
"uuid": "7d28fde3-5b8c-4ee4-aa2b-5b990b5ff867",
"value": "6.6052856838404"
},
{
"category": "Payload delivery",
"comment": "",
"deleted": false,
"disable_correlation": false,
"object_relation": "md5",
"timestamp": "1603991491",
"to_ids": true,
"type": "md5",
"uuid": "90b7909d-1d22-419c-a8c5-797f7070b4a4",
"value": "edee007de593e1861ea16ccc7896b994"
},
{
"category": "Payload delivery",
"comment": "",
"deleted": false,
"disable_correlation": false,
"object_relation": "sha1",
"timestamp": "1603991491",
"to_ids": true,
"type": "sha1",
"uuid": "3b94ee8b-f3a5-45de-bae7-983dd6c5cacd",
"value": "ba15d5b14529d48e69b792c75a5e2805c022f581"
},
{
"category": "Payload delivery",
"comment": "",
"deleted": false,
"disable_correlation": false,
"object_relation": "sha256",
"timestamp": "1603991491",
"to_ids": true,
"type": "sha256",
"uuid": "979c1b1e-2001-46f0-973d-2d0d6e0c5e64",
"value": "be905ad9e082e89616e7f463cce7e095de736f1137123217fa17a92a65fd879e"
},
{
"category": "Payload delivery",
"comment": "",
"deleted": false,
"disable_correlation": false,
"object_relation": "sha512",
"timestamp": "1603991491",
"to_ids": true,
"type": "sha512",
"uuid": "6b408218-4ea2-4186-a91e-f24ce9dc436c",
"value": "644ef58d45fa41690aa304ce17755317315cb6a5f68e978d3ef799916d20a841268d8a243e21000f15f25f23ad75f4cffc8b7dd605b133116efa82a03f937fbe"
},
{
"category": "Payload delivery",
"comment": "",
"deleted": false,
"disable_correlation": false,
"object_relation": "ssdeep",
"timestamp": "1603991491",
"to_ids": true,
"type": "ssdeep",
"uuid": "36dd5358-a933-4575-9f65-e9b10375141f",
"value": "3072:9Sff7ZHL6xD6Ww18AI7IKu3uK8HRvbMEaQlV4yOsjfC2dc6Id+usLKh84xf:ofzZHL6B9lXud8HVCu6y++nKnf"
}
]
},
{
"comment": "",
"deleted": false,
"description": "Object describing a section of a Portable Executable",
"meta-category": "file",
"name": "pe-section",
"template_uuid": "198a17d2-a135-4b25-9a32-5aa4e632014a",
"template_version": "3",
"timestamp": "1603991491",
"uuid": "954fee15-e83f-4f4d-9f5c-a2f8ccb3a875",
"Attribute": [
{
"category": "Other",
"comment": "",
"deleted": false,
"disable_correlation": true,
"object_relation": "name",
"timestamp": "1603991491",
"to_ids": false,
"type": "text",
"uuid": "7f195744-59a8-4292-8e57-bcaa1cd684b6",
"value": ".rdata"
},
{
"category": "Other",
"comment": "",
"deleted": false,
"disable_correlation": true,
"object_relation": "size-in-bytes",
"timestamp": "1603991491",
"to_ids": false,
"type": "size-in-bytes",
"uuid": "776fd6c2-30b1-46e2-b44e-2609b49aab3f",
"value": "31744"
},
{
"category": "Other",
"comment": "",
"deleted": false,
"disable_correlation": true,
"object_relation": "entropy",
"timestamp": "1603991491",
"to_ids": false,
"type": "float",
"uuid": "da6d0644-7f97-493e-a643-64e6a6ea3b15",
"value": "5.4091697426739"
},
{
"category": "Payload delivery",
"comment": "",
"deleted": false,
"disable_correlation": false,
"object_relation": "md5",
"timestamp": "1603991491",
"to_ids": true,
"type": "md5",
"uuid": "17651591-9ead-432b-80c9-2e4338cbc271",
"value": "90c85145d202c19869bd1a5ac80b374d"
},
{
"category": "Payload delivery",
"comment": "",
"deleted": false,
"disable_correlation": false,
"object_relation": "sha1",
"timestamp": "1603991491",
"to_ids": true,
"type": "sha1",
"uuid": "6856f538-e625-4bf4-92da-4995e03e2b48",
"value": "4cb6f10702eb9978e83fdc5abf59c96d3a9471dc"
},
{
"category": "Payload delivery",
"comment": "",
"deleted": false,
"disable_correlation": false,
"object_relation": "sha256",
"timestamp": "1603991491",
"to_ids": true,
"type": "sha256",
"uuid": "b361d1c3-f56a-4480-bc1a-3d4887f13938",
"value": "84adacf982f9376f59cce36f7b9fa9bf121c025c2d1d96c356e805ef1f367df6"
},
{
"category": "Payload delivery",
"comment": "",
"deleted": false,
"disable_correlation": false,
"object_relation": "sha512",
"timestamp": "1603991491",
"to_ids": true,
"type": "sha512",
"uuid": "7a83feee-17cf-4e96-9202-aa4acb355807",
"value": "1fd581de5f096583d3cb05e268b8dc12caddfa640fa92b8c0c7f6ff88ae98e569cb24d7de74749cc1fd6dd94eed4399099dfd3e91c82f65449ef2a6c03754715"
},
{
"category": "Payload delivery",
"comment": "",
"deleted": false,
"disable_correlation": false,
"object_relation": "ssdeep",
"timestamp": "1603991491",
"to_ids": true,
"type": "ssdeep",
"uuid": "2f07e0a3-8951-4261-aa78-c1e206377683",
"value": "768:8zS7WGQxRupzKhasWsQcdrD9vmMcESgG0utxx:8Y0upehasWfcdHHZox"
}
]
},
{
"comment": "",
"deleted": false,
"description": "Object describing a section of a Portable Executable",
"meta-category": "file",
"name": "pe-section",
"template_uuid": "198a17d2-a135-4b25-9a32-5aa4e632014a",
"template_version": "3",
"timestamp": "1603991491",
"uuid": "0f22fabc-a2d0-4eef-84f4-660448755f0d",
"Attribute": [
{
"category": "Other",
"comment": "",
"deleted": false,
"disable_correlation": true,
"object_relation": "name",
"timestamp": "1603991491",
"to_ids": false,
"type": "text",
"uuid": "a82eaa6a-c9fe-44b6-8d4d-f599abee622e",
"value": ".data"
},
{
"category": "Other",
"comment": "",
"deleted": false,
"disable_correlation": true,
"object_relation": "size-in-bytes",
"timestamp": "1603991491",
"to_ids": false,
"type": "size-in-bytes",
"uuid": "72d77f88-a4f2-44fc-aa77-dea98331ba1f",
"value": "2560"
},
{
"category": "Other",
"comment": "",
"deleted": false,
"disable_correlation": true,
"object_relation": "entropy",
"timestamp": "1603991491",
"to_ids": false,
"type": "float",
"uuid": "90d0fd64-d9bb-4294-92a8-aa255d51d979",
"value": "2.2540053613635"
},
{
"category": "Payload delivery",
"comment": "",
"deleted": false,
"disable_correlation": false,
"object_relation": "md5",
"timestamp": "1603991491",
"to_ids": true,
"type": "md5",
"uuid": "a990fbac-2db6-4efd-822d-613229eb7e06",
"value": "2457774d56190d412f14388f33ec8d96"
},
{
"category": "Payload delivery",
"comment": "",
"deleted": false,
"disable_correlation": false,
"object_relation": "sha1",
"timestamp": "1603991491",
"to_ids": true,
"type": "sha1",
"uuid": "032bb116-08e2-4c3f-bd72-6c6b85b5c8df",
"value": "a719f436f5a6800255ebc58c102daf5df595ae8a"
},
{
"category": "Payload delivery",
"comment": "",
"deleted": false,
"disable_correlation": false,
"object_relation": "sha256",
"timestamp": "1603991491",
"to_ids": true,
"type": "sha256",
"uuid": "b532e9d4-f4b5-4ceb-a025-db7dd3f4c295",
"value": "95087c98db9b51b386f0f84238a3fb6ecc4866446dda14a24e2cea9e0f7ec94f"
},
{
"category": "Payload delivery",
"comment": "",
"deleted": false,
"disable_correlation": false,
"object_relation": "sha512",
"timestamp": "1603991491",
"to_ids": true,
"type": "sha512",
"uuid": "6b6e90e3-ada9-4ada-87ab-5fbcb6e05cd6",
"value": "bb37e6c93c4869f086cfafeccc10d6f311420e2e9edf9ba69660fd162fdbc60f90af7caf414428f8195b88c3498b3b7ffc9e90aad02aa7137c7d9b26e713035d"
},
{
"category": "Payload delivery",
"comment": "",
"deleted": false,
"disable_correlation": false,
"object_relation": "ssdeep",
"timestamp": "1603991491",
"to_ids": true,
"type": "ssdeep",
"uuid": "83ce75ae-f8d0-419e-a6f3-fc6d2a5cf793",
"value": "24:QUakj6uSkeKv6uSkeK8hBSqlhhhhhhIlaqADiLau:QbkjTk4TkvkShhhhhhIlX5Lau"
}
]
},
{
"comment": "",
"deleted": false,
"description": "Object describing a section of a Portable Executable",
"meta-category": "file",
"name": "pe-section",
"template_uuid": "198a17d2-a135-4b25-9a32-5aa4e632014a",
"template_version": "3",
"timestamp": "1603991491",
"uuid": "970305b9-a8e2-4c41-b13e-baedc1fcb2d2",
"Attribute": [
{
"category": "Other",
"comment": "",
"deleted": false,
"disable_correlation": true,
"object_relation": "name",
"timestamp": "1603991491",
"to_ids": false,
"type": "text",
"uuid": "216f30bb-7f67-4ace-8475-684ca4aa1680",
"value": ".rsrc"
},
{
"category": "Other",
"comment": "",
"deleted": false,
"disable_correlation": true,
"object_relation": "size-in-bytes",
"timestamp": "1603991491",
"to_ids": false,
"type": "size-in-bytes",
"uuid": "4ab7eb2a-42a9-4c78-9b74-f1806f6da191",
"value": "512"
},
{
"category": "Other",
"comment": "",
"deleted": false,
"disable_correlation": true,
"object_relation": "entropy",
"timestamp": "1603991491",
"to_ids": false,
"type": "float",
"uuid": "a67dde5c-fa8b-4ad9-b509-d9b43735719f",
"value": "4.8758109283269"
},
{
"category": "Payload delivery",
"comment": "",
"deleted": false,
"disable_correlation": false,
"object_relation": "md5",
"timestamp": "1603991491",
"to_ids": true,
"type": "md5",
"uuid": "3bc5f1aa-12d4-46ad-9cd9-43a1e164dfcd",
"value": "f3e6202957c64cde0b282dd98e1540a9"
},
{
"category": "Payload delivery",
"comment": "",
"deleted": false,
"disable_correlation": false,
"object_relation": "sha1",
"timestamp": "1603991491",
"to_ids": true,
"type": "sha1",
"uuid": "941f27b2-b305-4871-b9cd-3511b97589d0",
"value": "2ba824e365c566f035a8d8beb848a24f53b1c042"
},
{
"category": "Payload delivery",
"comment": "",
"deleted": false,
"disable_correlation": false,
"object_relation": "sha256",
"timestamp": "1603991491",
"to_ids": true,
"type": "sha256",
"uuid": "49ccf64b-e650-4c21-b916-c11b736fd0f7",
"value": "71331d65af96c12f7fbe7a0accfd16eee2a8a51c6cc64988c90f73c60ec0ac0b"
},
{
"category": "Payload delivery",
"comment": "",
"deleted": false,
"disable_correlation": false,
"object_relation": "sha512",
"timestamp": "1603991491",
"to_ids": true,
"type": "sha512",
"uuid": "2c69e8d3-1bbf-4d2c-99ed-4ee821d8b145",
"value": "b6640410dfd80eb0a3164034150f782ee61099101ee33649b2bd825fea9889c47950e2dc4a2a26ac363e907f8b6e12be7efcc2e4d8aa69d546547800a5d07e96"
},
{
"category": "Payload delivery",
"comment": "",
"deleted": false,
"disable_correlation": false,
"object_relation": "ssdeep",
"timestamp": "1603991491",
"to_ids": true,
"type": "ssdeep",
"uuid": "fd3d9517-915e-4cc3-a486-b21b4f1453d9",
"value": "6:Mf7wtxM3iSnjUglRu9TbX+A1WBRu9TNNSTfUTdNciW7N2x8RTdN9TIHC:Mf7wtxM3iSnRuV1aMN2U5Nci62xA5NEC"
}
]
},
{
"comment": "",
"deleted": false,
"description": "Object describing a section of a Portable Executable",
"meta-category": "file",
"name": "pe-section",
"template_uuid": "198a17d2-a135-4b25-9a32-5aa4e632014a",
"template_version": "3",
"timestamp": "1603991491",
"uuid": "dabfb04d-bde6-45e7-ac84-2682f064aabd",
"Attribute": [
{
"category": "Other",
"comment": "",
"deleted": false,
"disable_correlation": true,
"object_relation": "name",
"timestamp": "1603991491",
"to_ids": false,
"type": "text",
"uuid": "8d1a3a66-0ff9-46a2-ad91-030a1c1b0053",
"value": ".reloc"
},
{
"category": "Other",
"comment": "",
"deleted": false,
"disable_correlation": true,
"object_relation": "size-in-bytes",
"timestamp": "1603991491",
"to_ids": false,
"type": "size-in-bytes",
"uuid": "4b11a043-d6df-4fe5-b83d-e864cbb12b22",
"value": "6144"
},
{
"category": "Other",
"comment": "",
"deleted": false,
"disable_correlation": true,
"object_relation": "entropy",
"timestamp": "1603991491",
"to_ids": false,
"type": "float",
"uuid": "906b2fb5-a171-4337-9f22-758c17aac2bb",
"value": "6.6473789608356"
},
{
"category": "Payload delivery",
"comment": "",
"deleted": false,
"disable_correlation": false,
"object_relation": "md5",
"timestamp": "1603991491",
"to_ids": true,
"type": "md5",
"uuid": "8dcc1a2a-6b53-4b90-b407-4bb1bacb43e5",
"value": "bf78a1b65ef4e25cffa0cbd72af0e3b7"
},
{
"category": "Payload delivery",
"comment": "",
"deleted": false,
"disable_correlation": false,
"object_relation": "sha1",
"timestamp": "1603991491",
"to_ids": true,
"type": "sha1",
"uuid": "b41567fe-e332-4c58-8ccb-011474d923f9",
"value": "cafee546a66223bbc32bb9e1883ac477512e4b07"
},
{
"category": "Payload delivery",
"comment": "",
"deleted": false,
"disable_correlation": false,
"object_relation": "sha256",
"timestamp": "1603991491",
"to_ids": true,
"type": "sha256",
"uuid": "48c625b2-af6a-427c-8dd8-ea0a58d43ee3",
"value": "d70774a79851ac7ce413ed5dc4f5c9ca86b6eea09983540abc62ccabfc3e094f"
},
{
"category": "Payload delivery",
"comment": "",
"deleted": false,
"disable_correlation": false,
"object_relation": "sha512",
"timestamp": "1603991491",
"to_ids": true,
"type": "sha512",
"uuid": "4770e563-a7a2-42e5-9458-d5784ce5d6d7",
"value": "0a676dfebc7d14de83e38bbb0b7dded5c525e1f4056cddad4b1a81ccbb8d00954aa43f07bd830834f39bab1336a298f33589c9e55675bbfd14a3479fd97f0c57"
},
{
"category": "Payload delivery",
"comment": "",
"deleted": false,
"disable_correlation": false,
"object_relation": "ssdeep",
"timestamp": "1603991492",
"to_ids": true,
"type": "ssdeep",
"uuid": "bcc83d0b-7121-4dcf-abff-c09ad635b3d0",
"value": "96:5VyDjQLs2CXEu+vhyYEN59aOCHyFSyee6cz8idTXKsYMbXpZ3pjPH7HH2nnndnnJ:6DMgRIhyYENbaOCSF1J8C3XTVvbWndnJ"
}
]
},
{
"comment": "",
"deleted": false,
"description": "Object describing a Portable Executable",
"meta-category": "file",
"name": "pe",
"template_uuid": "cf7adecc-d4f0-4e88-9d90-f978ee151a07",
"template_version": "5",
"timestamp": "1603991492",
"uuid": "e1461615-ebab-47e2-ac5a-051652516fb7",
"ObjectReference": [
{
"comment": "Section 0 of PE",
"object_uuid": "e1461615-ebab-47e2-ac5a-051652516fb7",
"referenced_uuid": "050c7b9c-4024-4168-85b1-f97902fe2936",
"relationship_type": "includes",
"timestamp": "0",
"uuid": "bd96db4f-7ca4-40e6-92b0-6b1c550d8d76"
},
{
"comment": "Section 1 of PE",
"object_uuid": "e1461615-ebab-47e2-ac5a-051652516fb7",
"referenced_uuid": "954fee15-e83f-4f4d-9f5c-a2f8ccb3a875",
"relationship_type": "includes",
"timestamp": "0",
"uuid": "24cf69c2-4dc7-4df2-a779-e22f6ca322fc"
},
{
"comment": "Section 2 of PE",
"object_uuid": "e1461615-ebab-47e2-ac5a-051652516fb7",
"referenced_uuid": "0f22fabc-a2d0-4eef-84f4-660448755f0d",
"relationship_type": "includes",
"timestamp": "0",
"uuid": "d5372c89-00a2-47b8-a35a-63dd86713e41"
},
{
"comment": "Section 3 of PE",
"object_uuid": "e1461615-ebab-47e2-ac5a-051652516fb7",
"referenced_uuid": "970305b9-a8e2-4c41-b13e-baedc1fcb2d2",
"relationship_type": "includes",
"timestamp": "0",
"uuid": "175adafc-7cff-47a9-bb78-1982011fcdbb"
},
{
"comment": "Section 4 of PE",
"object_uuid": "e1461615-ebab-47e2-ac5a-051652516fb7",
"referenced_uuid": "dabfb04d-bde6-45e7-ac84-2682f064aabd",
"relationship_type": "includes",
"timestamp": "0",
"uuid": "40b04a13-ed85-4db3-8900-5a2cd650ce35"
}
],
"Attribute": [
{
"category": "Other",
"comment": "",
"deleted": false,
"disable_correlation": true,
"object_relation": "type",
"timestamp": "1603991492",
"to_ids": false,
"type": "text",
"uuid": "10ba84db-cf36-42d9-9354-01fe032ea0bb",
"value": "exe"
},
{
"category": "Other",
"comment": "",
"deleted": false,
"disable_correlation": true,
"object_relation": "entrypoint-address",
"timestamp": "1603991492",
"to_ids": false,
"type": "text",
"uuid": "60ebf62d-f316-4c5b-b5ad-fc397f2e0c46",
"value": "4271906"
},
{
"category": "Other",
"comment": "",
"deleted": false,
"disable_correlation": false,
"object_relation": "compilation-timestamp",
"timestamp": "1603991492",
"to_ids": false,
"type": "datetime",
"uuid": "89fb5504-b4a1-418d-9688-2d0ffaeb3638",
"value": "2020-10-19T12:12:22+00:00"
},
{
"category": "Other",
"comment": "",
"deleted": false,
"disable_correlation": true,
"object_relation": "number-sections",
"timestamp": "1603991492",
"to_ids": false,
"type": "counter",
"uuid": "916336f7-ab65-408c-b6b0-2aee742891ce",
"value": "5"
}
]
},
{
"comment": "",
"deleted": false,
"description": "File object describing a file with meta-information",
"meta-category": "file",
"name": "file",
"template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215",
"template_version": "20",
"timestamp": "1603991492",
"uuid": "2dcdee70-2bf8-438e-a664-1c882d2984a0",
"ObjectReference": [
{
"comment": "PE indicators",
"object_uuid": "2dcdee70-2bf8-438e-a664-1c882d2984a0",
"referenced_uuid": "e1461615-ebab-47e2-ac5a-051652516fb7",
"relationship_type": "includes",
"timestamp": "0",
"uuid": "7d78e173-2113-4ec4-8369-73bc318f36c7"
}
],
"Attribute": [
{
"category": "Payload delivery",
"comment": "",
"deleted": false,
"disable_correlation": true,
"object_relation": "filename",
"timestamp": "1603991492",
"to_ids": true,
"type": "filename",
"uuid": "633bb448-7578-4198-acd5-de570d10dff1",
"value": "bd7bfae5915ee878f1f650324f07b5f567a297a3f8439834654e39d8268c5f0e"
},
{
"category": "Other",
"comment": "",
"deleted": false,
"disable_correlation": true,
"object_relation": "size-in-bytes",
"timestamp": "1603991492",
"to_ids": false,
"type": "size-in-bytes",
"uuid": "168aff72-e77b-411b-833a-4cec3ddf5b66",
"value": "194048"
},
{
"category": "Other",
"comment": "",
"deleted": false,
"disable_correlation": true,
"object_relation": "entropy",
"timestamp": "1603991492",
"to_ids": false,
"type": "float",
"uuid": "b5ace514-f3aa-438b-a3e6-a5421cbe0832",
"value": "6.5821086581542"
},
{
"category": "Payload delivery",
"comment": "",
"deleted": false,
"disable_correlation": false,
"object_relation": "md5",
"timestamp": "1603991492",
"to_ids": true,
"type": "md5",
"uuid": "4dd5fa26-876b-48db-8afb-182dc74c151b",
"value": "999f5046d3b65438ab0b46c51a04568c"
},
{
"category": "Payload delivery",
"comment": "",
"deleted": false,
"disable_correlation": false,
"object_relation": "sha1",
"timestamp": "1603991492",
"to_ids": true,
"type": "sha1",
"uuid": "e23a0cee-eccb-43e5-8088-424e35998280",
"value": "3cbb5953a299a95ef49fc0a0fb31e8fea63f3099"
},
{
"category": "Payload delivery",
"comment": "",
"deleted": false,
"disable_correlation": false,
"object_relation": "sha256",
"timestamp": "1603991492",
"to_ids": true,
"type": "sha256",
"uuid": "8d4582d4-0ba6-4628-9a54-4f353da02113",
"value": "bd7bfae5915ee878f1f650324f07b5f567a297a3f8439834654e39d8268c5f0e"
},
{
"category": "Payload delivery",
"comment": "",
"deleted": false,
"disable_correlation": false,
"object_relation": "sha512",
"timestamp": "1603991492",
"to_ids": true,
"type": "sha512",
"uuid": "abb15be3-9988-4a03-a4d4-e4296cdc7cec",
"value": "ccc9a45f617942eb7fd8db89cba571fdd359dab98435f8c989a45f4082bb5ed712a2775bb5bfa59f3b560f8d0cab15f45b375676aed84c85a79ddb662b2d7033"
},
{
"category": "Payload delivery",
"comment": "",
"data": "UEsDBBQACQAIAHCJXVGlCLuampQBAAD2AgAgABwAOTk5ZjUwNDZkM2I2NTQzOGFiMGI0NmM1MWEwNDU2OGNVVAkAA8T3ml/E95pfdXgLAAEEIQAAAAQhAAAAHvvxfdOnSQ0vvSVN5fhVydyTZ6eYHfE3moR6JumNOldz6fsqK7N/L1gwcPUoU/cBw5DY9QOnJm81ElG1ImM1Ig9CFszAixTWlX16kXBYStz+QcPqGE5/qDlA0wwvOA7nSMvTZMURIUHuYscNinEn4bVc9uL5Rsq5jdpgoeJCYtS9ppVpxfLH0ef8JnOxYnx9IyYCHZNmCSZdp2D7NoxEIeDV06MC8YnyVgW3FPY/KoWhEgsmmcVRD8sQd9bJifc6xGdQJ/a3tbQhN8BUHzlCLsmjRtVITZbdYryeuSbVYU2zDk0JMxf2nltyDHyIsenLgiSeFPVqllebt3+0HDP9OmLqcgZQdSaLBuvE6pLMdlWnWL/b+Y9/C1ajyxwTOiiY+CQB4U+RFLgBnXk4wZZuGj7jf5rEeev5x9j/dGUNhRqlLi3NRkfoP4c8HH9mtUlVJZX30nP7d/idtm1dvUKud1rh/49vbQVjKZrlKCnUa/7cmT4WCE8gaSAZaK3F84W1mSnyzd24z951IIAzXxaG1cU42F6bG+1a7NoezUvVvWia++stFtK8psLqhRGYKbxVrlSZB5HIIcxEq070f9kzYRJZu1yjHbYwBvw/+jKYHW6m/ielosTTc00TVKcllPdhNUgMDhIvBr9R7k1H9eoGWfaevWRgSt535GkOUqXwiLfCAWe97WGy2P+7iXTboxEZJVgu07k2beOEhcEpHq8WWWRtgzUps4V+shccAj0XfZFEpgeV2FNj5pqFH+eV0tluo3R6hXFTU6+7Nk3g320U7S9Rvo9qWd5AvyJT3b71svadOKsFvF5GRso/s5eRdk6OPddrvz8bUixjQemlKdYT7vHuw7p2FI53xpDMA138GJSK+YKdGojBaXkZOxQkxoJVrOPQnGnvLR1JVpAS43AgZRFyZ3MkJAOZ+tArU7YgF/66rv+J/2051oMcri+pvmwI5/Usonst0evan4Id2DXk437ap4JQW1AraGj1JxnQ9/JV9i6linpSFhA0spTaX2IsrrbMM5KsnL7KySXUKBQpPfYxEJTTvi2tuo3ner1BSfYCr+RHpY5KwEMpPQ5xkwGrjSHQbVcb34d7s0D16q7L/6PPLH6VGEfQFcHNq+oLwgPC7FkPvVsyu2UXrRmbN1AQ1N6KlQVqG467GeE0zuwM7GAxjij/YPYY8ImnneYU+vWA/O8/T3ix9OuPhdbjaSGYaZkw61C+657uCTmBmqR0gpf37HsaSHwXVyA4kFKOku9KbyC52g1/tFianUi2NsiICFcCiiUVzdt/bk8zY5IhlkwtJD6SP3d3zMRWhDNOEiv12EWidl7XKLa8oFMc5rNiF1ngCA11+9FDPOAKEyUyw/wwHBTGf93djJW6xClgm5zJkWVZU5FaVfAi5r7/vZCKQwFc3fs5iJy3OdC73O1fe7nXuOQ3JsbRn2oOJ4uo1tGYdI4114GphcqvH1z81+I41xlGvXtTXPKywkSW/jBXvKLONtf2IMUS+Wqur92QFfLZ/7weI17cmGTq1Gu/6kAjMYK++unACwBaF6kQvUghouq0Fwgphti0Ajh2tcGtgtINlaV9hsA2lqTGcdNODWsEL3Zs088HLbEbk9D7PTgWQNAOjEFg8iVso6JEG58Gk5VpXTVUIauCw3wdw/EIKapMMkfixtclNzt5j51YRNPRQBniQkshBtZDYU/O8411IgSmY2xROuWJ04DpDhfiLkipDt3XPlBVzdpv0ypGsPzrxOod2BSG0qttM9IqVhsQgT4mZZKM5vmYQdk01ix6hZBhc0nPXAj1IbO9M4uOIpufv2kuHHk6HtK20y4Xh31sC927D6Y/TmrOIq3QRgjt6JBhJoEZcMmVVgVj6pT4OEfhICTyqoYVaKGqbVUmR6ksumoLLCu/S7XuDgSkc+uaQ0mxOMn177h/nrMlv7PP56LuLpruV3S2ywq9BsKShUmbwtpFbu7EKLO9lWvuEscOTv94w5MPYTkbmqz8USCCQ3aIRw67DXHRvK/tErRrGLs1bavSo6s2sx2UEZZmOEGIJCU0BOXdz4qX5TvHTLIvN9MGIV/nRRM04muKTvk1/Vk1T8OBQp9CXEjgo4a7u5SMbQVysQY81bCl+001inTLgrXWROVKDK6v/dlQxRDCsyY9g9oVvQpNbS/tVaLqEWq1+tivsx3qSbuun1SOZrwI9S66ESCKS3WSfpeyxe3joqJoL1NqwQtwtcFTtwDn3eltUio5pOHTDTWQB4bA8aiqRmdnzB0AaYv+BHTjLwf+RKn9db4f2AVAwmDVmpjGD2HKCt/XLfOpFs1FG06rSFNWYTlaSJS/SqQ/gBvefr/YU6ssQz/WefYQM2aMeXHSaRjcvXdueLb1dJPC76Dq33QHQlkl3+YqpdJSIJY4OSUPLu5dcCz5zRJ+fSiHtwQjrIsb+0JXE8t1jhixOzC0WfZwZmmiBLRQEHv7CswHpfvlwGFdr30zFpZtdaT7i0KT2nrgzpllpv5r6o+HlIwOFXD3shAFyWU028WV5+A82+35GHRLd4ruiDybIE+E+7fpm7WmYfjVjvXnIp+tOxniaHxbXrdq7LoZ2/5B5OQmowJHkRcRW7ak8X+P3ybCwqVtFzbhaQqVIoVcjw1Yx+pk86ZqsRtUejKk+x+lAXerdjCfQzQDwtv4MqO5/DzmEo/LlDWn+SOsABtrpOM55lRf9ChkvIXc/o+js92tnmZZiwpjmdkL7+P7ZDOGpOt2yu0/16em+EJdaZYzz6Ys5fiGwuQ7ov0Hs7qdOsTv/0rW6dwIZzt38d4FycZ7WOJDwDuAwdLI64WcAT8yZ1BfJVmtx8KSVopalIT1j/2i8rtccQYlhM1Vlvp1krjGv1njXh2U5XZqcwE5DXxK8o3rY3YHUudyiMACPM0zvmQkAnh4T7VRuNUq7fzE6HMUBm9+NLiwkCNmeW8uD+6BysCj/IAz148rsCeJSAtGP0mYKEtTdtD5EcTlXVeOt3a42G3D0H4foHHXvxJzBRCRHv11x0zsvnTJABdhH8lJI7JEqlawuB9qGve5F1y6D4a9q5ggTCpqn6i/gSvfySSVwcqDbhblBWNfXdb2Eg2xIwtcOIwCD3k+VW6S62Oz9e9d1MpA/Ig1e/wR5OiCbHeN6lY3bLa4l7YqzqUfnWkm5wuVn6J6rNfY7ji1DV7Op5jnk56G1/VBS3R/nZFg4ok8m0ZY6pc7TWGS/k3hgjpHfl34TvyDmSAoeqlWEOmH3EV7nreqUkTJMtHI5EPozdrzUv0HJP8aFOV+Agd86aGdpMJCl/PTqJdu1yuE9A6asG27FpnB/34g+OCePXLeHjv9l5eX0J7634v0LE/IIJCdAj+0Pq4efu+9H44FrZZJbka7fGjB7Q3mpL1Dhxehr+z6OZ7r7kL0VNuSB4BsM+MNX1kxkSdJLay+Ov6zWLUGdl2a4qAZ/Lqx9DCWXf4OWnPea59yXO2hVlBzbpHKwSw9rQdmVfuZdevb/hGhAhAe0wreLYF0sM4QemfwESjKWMOC9/oloSroWt8RJlsbPthfiZTR6NVcVgdUbwCooMFWDhcGY86Tf3WmOk/G3/+IbwV5npjSkGQHPoTGHcJcJzeZSHx9/Ab/U8HeiRKPV15HDOVhk8DdieuIDERYpefTVvT63ESZ2XPAEH9fHGKmwAH5ypmJRZOERtLZogCYksJVr+bS6yABo6e6QYhuV0HIdiFDIsbcRdnMmXBW4JnMbU5BACj5SwJD02bSHGi8I6cn+L4WBenVkNcpQr+PSdmiCoLnpBIw6YNOOtfLF4i9N8I17j6UT8tDa/mL3b0YqYqKhEZw2YBQTUNnPwo512N032iZ2Fexf+cSORrg9iy0kniu7eYxaOZNQIaj86aD+1tLqKQtBnyaHTQpVF5znSyOZuVeGm3BUzZATz2a+VDztVysSC09ONAgJ726UUC1lw5fmzGqn5
"deleted": false,
"disable_correlation": false,
"object_relation": "malware-sample",
"timestamp": "1603991492",
"to_ids": true,
"type": "malware-sample",
"uuid": "003ff8f0-4b7e-4dd3-9e33-d4b0fa2a7c3e",
"value": "bd7bfae5915ee878f1f650324f07b5f567a297a3f8439834654e39d8268c5f0e|999f5046d3b65438ab0b46c51a04568c"
},
{
"category": "Artifacts dropped",
"comment": "",
"deleted": false,
"disable_correlation": true,
"object_relation": "mimetype",
"timestamp": "1603991492",
"to_ids": false,
"type": "mime-type",
"uuid": "1583ba21-a69a-44ba-af47-d7646f1c1fed",
"value": "PE32 executable (GUI) Intel 80386, for MS Windows"
},
{
"category": "Payload delivery",
"comment": "",
"deleted": false,
"disable_correlation": false,
"object_relation": "ssdeep",
"timestamp": "1603991492",
"to_ids": true,
"type": "ssdeep",
"uuid": "ac5e8f7f-6c59-48e0-8293-e0b8ba2e748c",
"value": "3072:jSff7ZHL6xD6Ww18AI7IKu3uK8HRvbMEaQlV4yOsjfC2dc6Id+usLKh84x2Y0pzF:WfzZHL6B9lXud8HVCu6y++nKn2t79ptB"
}
]
}
chg: [feed] added
2023-04-21 13:25:09 +00:00
]
chg: [gen] updated
2023-12-14 14:30:15 +00:00
}
chg: [feed] added
2023-04-21 13:25:09 +00:00
}
Reference in a new issue Copy permalink