2023-04-21 13:25:09 +00:00
{
2023-12-14 14:30:15 +00:00
"Event" : {
"analysis" : "2" ,
"date" : "2018-03-31" ,
"extends_uuid" : "" ,
"info" : "OSINT - Crypter-as-a-Service Helps jRAT Fly Under The Radar" ,
"publish_timestamp" : "1522493199" ,
"published" : true ,
"threat_level_id" : "3" ,
"timestamp" : "1522493184" ,
"uuid" : "5abf6421-c1b8-477b-a9d2-9c0902de0b81" ,
"Orgc" : {
"name" : "CIRCL" ,
"uuid" : "55f6ea5e-2c60-40e5-964f-47a8950d210f"
} ,
"Tag" : [
{
"colour" : "#ffffff" ,
"local" : "0" ,
"name" : "tlp:white" ,
"relationship_type" : ""
} ,
{
"colour" : "#0088cc" ,
"local" : "0" ,
"name" : "misp-galaxy:rat=\"jRAT\"" ,
"relationship_type" : ""
} ,
{
"colour" : "#00223b" ,
"local" : "0" ,
"name" : "osint:source-type=\"blog-post\"" ,
"relationship_type" : ""
} ,
{
"colour" : "#0088cc" ,
"local" : "0" ,
"name" : "misp-galaxy:tool=\"qrat\"" ,
"relationship_type" : ""
} ,
{
"colour" : "#0088cc" ,
"local" : "0" ,
"name" : "misp-galaxy:rat=\"Quaverse\"" ,
"relationship_type" : ""
}
] ,
"Attribute" : [
{
"category" : "External analysis" ,
"comment" : "" ,
"deleted" : false ,
"disable_correlation" : false ,
"timestamp" : "1522492734" ,
"to_ids" : false ,
"type" : "link" ,
"uuid" : "5abf642d-5fa8-4bac-bf78-73e102de0b81" ,
"value" : "https://www.trustwave.com/Resources/SpiderLabs-Blog/Crypter-as-a-Service-Helps-jRAT-Fly-Under-The-Radar/" ,
"Tag" : [
{
"colour" : "#00223b" ,
"local" : "0" ,
"name" : "osint:source-type=\"blog-post\"" ,
"relationship_type" : ""
}
]
} ,
{
"category" : "Payload delivery" ,
"comment" : "Analyzed samples" ,
"deleted" : false ,
"disable_correlation" : false ,
"timestamp" : "1522492484" ,
"to_ids" : true ,
"type" : "md5" ,
"uuid" : "5abf6444-4ca4-45dd-8726-be5302de0b81" ,
"value" : "1eb3f344a0274bfa38c67f6b10650dcf"
} ,
{
"category" : "Payload delivery" ,
"comment" : "Analyzed samples" ,
"deleted" : false ,
"disable_correlation" : false ,
"timestamp" : "1522492485" ,
"to_ids" : true ,
"type" : "md5" ,
"uuid" : "5abf6445-9c80-40f4-a5ac-be5302de0b81" ,
"value" : "64d72c5c86d3638034cd83178abcb82f"
} ,
{
"category" : "Payload delivery" ,
"comment" : "Analyzed samples" ,
"deleted" : false ,
"disable_correlation" : false ,
"timestamp" : "1522492485" ,
"to_ids" : true ,
"type" : "md5" ,
"uuid" : "5abf6445-2224-46ea-84ca-be5302de0b81" ,
"value" : "c52247ecffb2f7a42ef6fa0336671545"
} ,
{
"category" : "Payload delivery" ,
"comment" : "Analyzed samples" ,
"deleted" : false ,
"disable_correlation" : false ,
"timestamp" : "1522492486" ,
"to_ids" : true ,
"type" : "md5" ,
"uuid" : "5abf6446-89d4-4118-883c-be5302de0b81" ,
"value" : "ae77ffba57049418e5a720bf77d178a5"
} ,
{
"category" : "Payload delivery" ,
"comment" : "Analyzed samples" ,
"deleted" : false ,
"disable_correlation" : false ,
"timestamp" : "1522492486" ,
"to_ids" : true ,
"type" : "md5" ,
"uuid" : "5abf6446-c920-40b2-9756-be5302de0b81" ,
"value" : "2f021a10804ac5db5ceb43b42f785a23"
} ,
{
"category" : "Payload delivery" ,
"comment" : "Analyzed samples" ,
"deleted" : false ,
"disable_correlation" : false ,
"timestamp" : "1522492487" ,
"to_ids" : true ,
"type" : "md5" ,
"uuid" : "5abf6447-4110-4acd-926f-be5302de0b81" ,
"value" : "daa0833d16cd9b6937803d1637284ad1"
} ,
{
"category" : "Payload delivery" ,
"comment" : "Analyzed samples" ,
"deleted" : false ,
"disable_correlation" : false ,
"timestamp" : "1522492487" ,
"to_ids" : true ,
"type" : "md5" ,
"uuid" : "5abf6447-68f0-439b-82ed-be5302de0b81" ,
"value" : "6392741705126cb97a837cbb046cfe73"
} ,
{
"category" : "Payload delivery" ,
"comment" : "Analyzed samples" ,
"deleted" : false ,
"disable_correlation" : false ,
"timestamp" : "1522492488" ,
"to_ids" : true ,
"type" : "md5" ,
"uuid" : "5abf6448-ef50-4db5-af30-be5302de0b81" ,
"value" : "8ae2c573bc0e0492efeabe78495c591e"
} ,
{
"category" : "External analysis" ,
"comment" : "" ,
"data" : " i V B O R w 0 K G g o A A A A N S U h E U g A A A f A A A A Q A C A Y A A A A e B g t Y A A A g A E l E Q V R 4 X u x d B 3 g U 1 d r + U k k I E K o Q O q J e A R U E B R V s i I q K A o o U F Z A r K C r Y C y q I A t c K o l c Q E U V U U E Q R U E A U s A F i 91 p + C 0 r v L f S Q n v 95 z 8 k 3 e / b s z O 4 S k 5 D N f v s 8 e Z K d n T l z 5 p 3 J v u f 9 a k x B Q U E B y U s Q E A Q E A U F A E B A E I g q B G C H w i L p f M l l B Q B A Q B A Q B Q U A h I A Q u D 4 I g I A g I A o K A I B C B C A i B R + B N k y k L A o K A I C A I C A J C 4 P I M C A K C g C A g C A g C E Y i A E H g E 3 j S Z s i A g C A g C g o A g I A Q u z 4 A g I A g I A o K A I B C B C A i B R + B N k y k L A o K A I C A I C A J C 4 P I M C A K C g C A g C A g C E Y i A E H g E 3 j S Z s i A g C A g C g o A g I A Q u z 4 A g I A g I A o K A I B C B C A i B R + B N k y k L A o K A I C A I C A J C 4 P I M C A K C g C A g C A g C E Y i A E H g E 3 j S Z s i A g C A g C g o A g I A Q u z 4 A g I A g I A o K A I B C B C A i B R + B N k y k L A o K A I C A I C A J C 4 P I M C A K C g C A g C A g C E Y i A E H g E 3 j S Z s i A g C A g C g o A g I A Q u z 4 A g I A g I A o K A I B C B C A i B R + B N k y k L A o K A I C A I C A J C 4 P I M C A K C g C A g C A g C E Y i A E H g E 3 j S Z s i A g C A g C g o A g I A Q u z 4 A g I A g I A o K A I B C B C A i B R + B N k y k L A o K A I C A I C A J C 4 P I M C A K C g C A g C A g C E Y i A E H g E 3 j S Z s i A g C A g C g o A g I A Q u z 4 A g I A g I A o K A I B C B C A i B R + B N k y k L A o K A I C A I C A J C 4 P I M C A K C g C A g C A g C E Y i A E H g E 3 j S Z s i A g C A g C g o A g I A Q u z 4 A g I A g I A o K A I B C B C A i B R + B N k y k L A o K A I C A I C A J C 4 P I M C A K C g C A g C A g C E Y i A E H g E 3 j S Z s i A g C A g C g o A g I A Q u z 4 A g I A g I A o K A I B C B C A i B R + B N k y k L A o K A I C A I C A J C 4 P I M C A K C g C A g C A g C E Y i A E H g E 3 j S Z s i A g C A g C g o A g I A Q u z 4 A g I A g I A o K A I B C B C A i B R + B N k y k L A o K A I C A I C A J C 4 P I M C A K C g C A g C A g C E Y i A E H g E 3 j S Z s i A g C A g C g o A g I A Q u z 4 A g I A g I A o K A I B C B C A i B R + B N k y k L A o K A I C A I C A J C 4 P I M C A K C g C A g C A g C E Y i A E H g E 3 j S Z s i A g C A g C g o A g I A Q u z 4 A g I A g I A o K A I B C B C A i B R + B N k y k L A o K A I C A I C A J C 4 P I M C A K C g C A g C A g C E Y i A E H g E 3 j S Z s i A g C A g C g o A g I A Q u z 4 A g I A g I A o K A I B C B C A i B R + B N k y k L A o K A I C A I C A J C 4 P I M C A K C g C A g C A g C E Y i A E H g E 3 j S Z s i A g C A g C g o A g I A Q u z 4 A g I A g I A o K A I B C B C A i B R + B N k y k L A o K A I C A I C A J C 4 P I M C A K C g C A g C A g C E Y i A E H g E 3 j S Z s i A g C A g C g o A g I A Q u z 4 A g I A g I A o K A I B C B C A i B R + B N k y k L A o K A I C A I C A J C 4 P / g G S g o K P g H R 5 f M o R k Z G b R //341eOXKlSklJaVkTlQMo8bExBTDKDKEICAICALRiYAQuHHfbULOz88nbIuLi1N75ebmEkjHfB8bG0v4wX55eXnqM+zD7+Pj49WxPBb2xefYF7/NY82xsD+fx+1YjM9j81g//PADjRgxgn799Vd1vjPPPJMefvhhOvnkk9UccD5s57F5HviMz2XOC9vxnudsH+s2L3Ms4BUKH8bLxtrt31EIPzq/pOSqBQFBwB2BqCdwLxWN7dnZ2ZSYmKiILycnR5FZhQoV1PusrCyKjY2h+PgERdbYF4QKQgIZZWdnUWJiBUVgIDIcn5SU5IyFYxISEtR7HIv9cDy2Z2Zmqs/wHufMycE89Fh5ebmUm5vnzAtj43yfffYZDRo0kLZu3arGyM8vUGNXr16dpkyZQl26dHHOzdeEY/ma8HhgHnjhc4yBa8QceF54j88wD32N2Q4euD5sw+c8FvbDdWh8MFaCgw/2Zyz1PHLVNdqLGyFy+eoSBAQBQUAI3EEgHNM3K08cBAIlijHIyJ9wQUYgbk3eeYpgmZyZYE1iA0kxseFYJm8QYG5ujiI6TdZ56sdrLHy2e/duevrpp+mll15SxM9KVqt7KP18Sk1NpZtvvpmGDBlCtWvXdoicCIsIf8Jlsva/pny1AME8eEGC68SxvLgxxwJeMTF6QeK7pniKjY0rvKZc51gQNxYbfI2MByvzUP+4ospDISSfCwKCQHlFIKoUeDjEbe8D1cmqFL+zsjL9lCQrbRAJyBoEXKGCVtpQqBiPFS/em+SNsUFcICtbaduq3VbHIMZNmzbRNddcQ99++60zBs6nzfxYAGgXAJvp27RpQ2+99RY1bNjQWRjYip+tByBnnhfmYloi+Jo0HrBEaKWNY1ml49iCArz3qXS9IMlV+GiVzthW8FP8GMt8hSLpUJ+X139euS5BQBCIbgSihsCDkbfbZ2wWZ3WsCRbqGEo7XpE1yIjVMt6DsPBeq/YcQowWiJDNzaaJnRUtiI5N2abSZhM7m6OZ+Jk0Z8+eTaNHj6a1a9c6ah2fYT/tgwd5k/oML8wB25s2bUrDhw+nrl27UsWKFdUiA3PQ5nptnsffPqXtM4tjzngxwUJpQ1Wz2wDXwcea1gNzLFNp88JIq/RcZx58P3ju/C8ajKiFxKP7i0yuXhCIRgSigsDDJW9zPw5Y8/l7tU+bfbQgM1NZMxnZxM/+XxA5m8UD/b8+n7aptFmlYsHAQWaIMEdg2quvvur4zs1gMiZr/NYEqP3heDHRwhc/YMAAeuyxx/z80Kb1AHNkpY3fpqmf/eNsPeAFCvvHtdsA16Txsokfpn4QPbsR8B7H+kzuMLFrcz0vSux/TjfCFhKPxq8wuWZBIHoRiFoCN8naJni8523aLO4jFCY2jgAH6cE/jveHDx9WJmQQmqmGzffYbipM81y8WPAdC+XsS1Vbt24tPfroo7RkyVJFzDqqXM8V/m7Mg89lK28em03seN+hQwd65JFHqHnzZsrcznMz58ELAZ4nj2u+Z3XP8zDnDFwqVkx2gv04Mt0ka7ZMsGrnhYBN3iZBe5G1kHj0fpnJlQsC0YZAuSdwL/M432j+3O23adrWatjnw2bVycFrMGnPmjWL1q1b55ixTbJmYuHzaDO3j5w54EybwGEKR6R3niJl3nfr1i20a9fuwrQuTk3TyhpjMXnD/83EzsFsvvdIe/OlsdWsWZPS0uoUzkWntXEqGROo15z1vNRVOgsWJnM+tlKlSmqhMHjwYBURb5rYgS9HouOcHMXOWLE74EiIXAg82r7C5HoFgehFIOoI3E15u5E3yET7vHUeNytvX/Q4fMfxSnE//vjjNHHihMKgNW26ZlM7K1j8dlPHtsLVhKvTtEIra30ukCgTJ8jZn7w1IZsWATf/OD4PJH7/Y/XYgb51PlYvIrRlgAPnsL9W++3plVemUlpamhNdb6azYQz2j2O+wN2NwE1yt4md/42FxKP3C02uXBCIJgTKNYG7mcaDKW/TnM1ky/5eM00sO1sTO4jp66+/pmuu6UO7du1ygsaCkTdI0ke4WmnzeZn4tDlbR4+bxG8qbah0TfTahO4j/rzCeWjlzqbxQJXuU+2BKt1eROgFCSwCdmCcJm+d+87zYIsBL0DY1D9w4EB68skn/ZS26VvX/nLk0+vIfCZwL9L2MqkLgUfTV5hcqyAQvQhEJYG7KW6TvPlvjjwHUfoKtGQ7Udh4bJCWdccddzjpVDbhMrG5K1xvRWuTd6BP23dsoGoH4aKKmvZr+x/rvmiw88eDK21T8fMiQke5B/rafYuI0047jeBqqFq1qiJ7Jm+2anAUu6m+wyVxm7SFxKP3S02uXBCIFgSihsCD+bqZsM3fpo8bpASy4WA2rRR1AZY335xB9957nxNpbZrJ/ZW1t2k7NFn7TOpuJKkVbiBZszqGydwXie5T7W7m+2BjIWWMyBwrmPIOdCO0bNmS3nnnHapWrZrjnjCD2WBSZ0sB5sGR92Y0um1Wt9W5mNGj5atLrlMQEASigsDDJW9Wz9gfZM0vKHEmb3zGqV4gn9dff13lVXP0uen/bdSoETVp0sRRw2ZeM5ubbZM+E6hJTOxH9kV5g6x1Ix
"deleted" : false ,
"disable_correlation" : false ,
"timestamp" : "1522492946" ,
"to_ids" : false ,
"type" : "attachment" ,
"uuid" : "5abf659e-4cb8-4867-934a-bffd02de0b81" ,
"value" : "6a01676411d5a7970b01b7c95a2ed1970b-800wi.png" ,
"Tag" : [
{
"colour" : "#00223b" ,
"local" : "0" ,
"name" : "osint:source-type=\"blog-post\"" ,
"relationship_type" : ""
}
]
} ,
{
"category" : "External analysis" ,
"comment" : "Sample malicious emails" ,
"data" : " R 0 l G O D l h q Q L 9 A f f / A I m I h / v b j f f Y s 6 q q q g 9 w 17 i 3 u P z 8 t e z B d v //4C+M3aCfn9//////69/f35VteLj+/ovZ+Pu1XY4vAPPz86jMyMXz9Km3ycLCwl22/t2OL8W7urnb83FucNjY2NPS02siSwBduaSJkAABiExNTfz8yrZeALyZqW93naSHZrdXgP+3n7Khpl+3t+zr6+Pj4nTB/pbcuc3NzQAvjpa028nV5FoAcOz//5KTo82wncjIyNbw01sALQtbXf/kmX3D3sioTVOg3qSou8+ogPDDlNPRyS+JlJ7j/wAAAN+23tnViMF0IdHOzazw8Nf8/OLa1Xyr2cTd4b6DZqrb8NjV1NeHj///wBg5gCMjdYelu/zP38TAvtrY1YYvgiFLmr29v0uNySksUfXw55/e3kue4wBVmpPG9tPZ3FxaKpF6P4fX/22RuyIjJFwAACl6wJ5LJFRl2Rk2Xy4AXf7tzY20jfzhtDZQzK6wswABLq+cgc7u/3+y5TUuh4/f///IkqTK9gQn4d/i5QAAXbSzssfGw87Jya6urX0nJ8zQ0vDww9TV10Ci5tuWV9nW2C8AgdvZ2Ln7vvj42VInJ4qx9rHo/9fm9J/r/0U8Z6vN7MvKyOHh4djZ2+r079vc3b7cxtv7tLHK8I5ZYYfS8MPFx6WgrS4AAKinqOzo5mXG/qSprOjp6uuzg0+t7GY5ZvDw2u/u7i4ALqteL9rw8Obm5cfM0R5esN3c2biW2pOJ2tva21dlhNjYvHediNDP0NXZ1d3Ak+fn6F623jlchNv83gAvs4DZ/bKy+Piyss/Mybb+4Oj/5P7m5EYyqZ1TAJzE5f/vwX0qAGJgYeHp9cj/3uP/zI/e34jW1qqMQYYsWf/y1f/qnYB92//4x0/A9vLLrHWczwUnX6urzsSi3C4uANUODl4uAPDwrN/fn/Dwylqs8PDw0s7w8KS72uGfT8vLzMjHyaqnm4HJpcJ9KaHBlv/43wAuLuDfw7LAztm6prnfksPYuNacddvq+fj4+PDw8P///////yH/C05FVFNDQVBFMi4wAwEAAAAh/wtYTVAgRGF0YVhNUDw/eHBhY2tldCBiZWdpbj0i77u/IiBpZD0iVzVNME1wQ2VoaUh6cmVTek5UY3prYzlkIj8+IDx4OnhtcG1ldGEgeG1sbnM6eD0iYWRvYmU6bnM6bWV0YS8iIHg6eG1wdGs9IkFkb2JlIFhNUCBDb3JlIDUuNi1jMTM4IDc5LjE1OTgyNCwgMjAxNi8wOS8xNC0wMTowOTowMSAgICAgICAgIj4gPHJkZjpSREYgeG1sbnM6cmRmPSJodHRwOi8vd3d3LnczLm9yZy8xOTk5LzAyLzIyLXJkZi1zeW50YXgtbnMjIj4gPHJkZjpEZXNjcmlwdGlvbiByZGY6YWJvdXQ9IiIgeG1sbnM6eG1wPSJodHRwOi8vbnMuYWRvYmUuY29tL3hhcC8xLjAvIiB4bWxuczp4bXBNTT0iaHR0cDovL25zLmFkb2JlLmNvbS94YXAvMS4wL21tLyIgeG1sbnM6c3RSZWY9Imh0dHA6Ly9ucy5hZG9iZS5jb20veGFwLzEuMC9zVHlwZS9SZXNvdXJjZVJlZiMiIHhtcDpDcmVhdG9yVG9vbD0iQWRvYmUgUGhvdG9zaG9wIENDIDIwMTcgKFdpbmRvd3MpIiB4bXBNTTpJbnN0YW5jZUlEPSJ4bXAuaWlkOkQwREEyMTU1MkQ3MDExRTg4Nzc2RTNBOTVFMTkzMkUwIiB4bXBNTTpEb2N1bWVudElEPSJ4bXAuZGlkOkQwREEyMTU2MkQ3MDExRTg4Nzc2RTNBOTVFMTkzMkUwIj4gPHhtcE1NOkRlcml2ZWRGcm9tIHN0UmVmOmluc3RhbmNlSUQ9InhtcC5paWQ6RDBEQTIxNTMyRDcwMTFFODg3NzZFM0E5NUUxOTMyRTAiIHN0UmVmOmRvY3VtZW50SUQ9InhtcC5kaWQ6RDBEQTIxNTQyRDcwMTFFODg3NzZFM0E5NUUxOTMyRTAiLz4gPC9yZGY6RGVzY3JpcHRpb24+IDwvcmRmOlJERj4gPC94OnhtcG1ldGE+IDw/eHBhY2tldCBlbmQ9InIiPz4B//79/Pv6+fj39vX08/Lx8O/u7ezr6uno5+bl5OPi4eDf3t3c29rZ2NfW1dTT0tHQz87NzMvKycjHxsXEw8LBwL++vby7urm4t7a1tLOysbCvrq2sq6qpqKempaSjoqGgn56dnJuamZiXlpWUk5KRkI+OjYyLiomIh4aFhIOCgYB/fn18e3p5eHd2dXRzcnFwb25tbGtqaWhnZmVkY2JhYF9eXVxbWllYV1ZVVFNSUVBPTk1MS0pJSEdGRURDQkFAPz49PDs6OTg3NjU0MzIxMC8uLSwrKikoJyYlJCMiISAfHh0cGxoZGBcWFRQTEhEQDw4NDAsKCQgHBgUEAwIBAAAh+QQFlgD/ACwAAAAAqQL9AQAI/wAHCBxIsKDBgwgTKlzIsKHDhxAjSpxIsaLFixgzatzIsaPHjyBDihxJEqK/kyhTqlzJsqXLlzBjypxJs6bNmzhz6tzJs6fPn0CDCh1KtKjRo0iTyhSotKnTp1CjSp1KtarVq1izasXJdKvXr2DDih1LtqzZs1q7ol3Ltq3bt3Djyp17Ui3du3jz6t3Lt+9au34DCx5MuLBhw4BZ0vhyCQqUw5AjS55MubLPxCoptfnypY1nb5Qsix5NurTpu5hRzmjj4wmQL6896zlNu7bt27iVpvZ3qc2TOV9oBSsCxEfnJ7mTK1/OvOkNBc+jQ1eQVEGLlamo20zNr02wLxLaWP/59o1WmyJ62kRbicDEOpXdbuSJKWdUnvb3Tcxv6Uv6jUv47RSgSwOeVN9+7OnX3IIMNkiTditBaFR2qaTUggIVbjdAS5cUYcV3cHCgxghw+LaZNwkOgGB79tGEX4EtDQjjTTOqVCOBCjqo44463tCSj0lld50/QnK1IUtfBGPFACMA0MBJuXRh3hNtJFjAJSjRYUGOMr3IZYw53ujilwkiGJOYPKap5mkSptSmURemEmdOqbXRxQkc4OEPAyfZY4UanFVpownqmLDAnjjooKAceDy3gT/xQbeOl/nN54ukZZ7UXi8KKIBlgF4e8xyW/sjRKQWLQjfKAu0VMIowJnD/6qk/Xrq6gKkKoGrmmrz2KhqQKwEbZKdDGtlSG99oQYQCThAhCADQWNFZZ2X68qgc4CSjX3vXtkiroZQWOKOMJgRhAx2jNAHqtu75g666JjwaX6Xu+tHep+XacKCX+Morn68AB1zVdP5Bh9SbJyFc1IU3FHtTamp8w8s8RAAAAB4aYGKFd0UImhJ+2NpwzwYgr3rSyCc/Gq6CdES3K7nzzcPufJR+m0fINjMa3aQKDmhtzTijKfDQRNMlbEpHT2hdkcay5MU3dkwQRhithGHKORrI0MWdZTKAQy/g2FDyof5Y6+57NlNa3wJevxxmzzOnDffNYedssqZzI0py3EGT/1n034C/pbDCQs3pj+EaurTHNyEIYgrVptSzwjdWdGFPpgLM6mW3bBuKd6X40RH2gYPut24eXj/aMr2bQyrfvSiti+XaNXPr+q6B5647WUmf1LtQTJ8UPE27HfLNCNBA44ACGhCRixVXBMNPpgxocGiAuP7bH3TZzoyf1zcEUYjbpufdsgJbss4ydLqW2ukNPNNsQgHQqRy3u+z7vfv+/GNF8P+EAwqGVtKC371kN/7wAjQKUQg8cCB547EEIPpHwQpaUDIIJBIneOGFQgAADN/IhSkuSMISmjAvGUTJBLxwAkuMYnonjKEMZ1iWFNLwhjjMoVdsqMMe+vCHSeEhEP+HSMQiNs2ISEyiEol3pCU68YlPFCIUp0jFE0qxiljM4v6uqMUuelFgAumHGMdIxjKa8YxoTKMa18jGNrrxjXCMoxznSMc62vGOeMyjHvfIxz768Y+ADKQgB0nINoaxkIhMpCIXychGOvKRkIykJCdJyUrK8ZCWzKQmN8nJTnryk6AMpSgpiclRmvKUqEylKlfJyla6sh+lfKUsZ0nLWt
"deleted" : false ,
"disable_correlation" : false ,
"timestamp" : "1522492946" ,
"to_ids" : false ,
"type" : "attachment" ,
"uuid" : "5abf65e2-70f8-455b-a6a7-73e602de0b81" ,
"value" : "6a0133f264aa62970b01bb09fd6017970d-800wi.gif" ,
"Tag" : [
{
"colour" : "#00223b" ,
"local" : "0" ,
"name" : "osint:source-type=\"blog-post\"" ,
"relationship_type" : ""
}
]
} ,
{
"category" : "Network activity" ,
"comment" : "One thing we noticed right away is that all the samples we collected attempted to download a jar file from https://vvrhhhnaijyj6s2m[.]onion[dot]top. We followed the onion link and found it is a service hosted by QUAverse." ,
"deleted" : false ,
"disable_correlation" : false ,
"timestamp" : "1522492979" ,
"to_ids" : true ,
"type" : "url" ,
"uuid" : "5abf6633-5e18-4ccb-88ed-bdd602de0b81" ,
"value" : "https://vvrhhhnaijyj6s2m.onion.top"
} ,
{
"category" : "Support Tool" ,
"comment" : "Config of jRAT" ,
"deleted" : false ,
"disable_correlation" : false ,
"timestamp" : "1522493112" ,
"to_ids" : false ,
"type" : "text" ,
"uuid" : "5abf66b8-94b4-4306-bc6b-9b3a02de0b81" ,
"value" : "{\r\n\t\"NETWORK\": [\r\n\t\t{\r\n\t\t\t\"PORT\": 1999,\r\n\t\t\t\"DNS\": \"174.127.99.225\"\r\n\t\t},\r\n\t\t{\r\n\t\t\t\"PORT\": 4987,\r\n\t\t\t\"DNS\": \"174.127.99.225\"\r\n\t\t}\r\n\t],\r\n\t\"INSTALL\": true,\r\n\t\"MODULE_PATH\": \"taM/Xkc/WE.xFP\",\r\n\t\"PLUGIN_FOLDER\": \"cHvEFmnnAYl\",\r\n\t\"JRE_FOLDER\": \"syeyIK\",\r\n\t\"JAR_FOLDER\": \"WEAvkYONVeS\",\r\n\t\"JAR_EXTENSION\": \"OSTZIm\",\r\n\t\"ENCRYPT_KEY\": \"gGgQBEKfxHgELZmseiHwZkjdB\",\r\n\t\"DELAY_INSTALL\": 2,\r\n\t\"NICKNAME\": \"User\",\r\n\t\"VMWARE\": false,\r\n\t\"PLUGIN_EXTENSION\": \"oCYYC\",\r\n\t\"WEBSITE_PROJECT\": \"https://jrat.io\",\r\n\t\"JAR_NAME\": \"dzjQhyXWvSo\",\r\n\t\"SECURITY\": [\r\n\t\t{\r\n\t\t\t\"REG\": [\r\n\t\t\t\t{\r\n\t\t\t\t\t\"VALUE\": \"\\\"SaveZoneInformation\\\"=dword:00000001\\r\\n\",\r\n\t\t\t\t\t\"KEY\": \"[HKEY_CURRENT_USER\\\\Software\\\\Microsoft\\\\Windows\\\\CurrentVersion\\\\Policies\\\\Attachments]\"\r\n\t\t\t\t},\r\n\t\t\t\t{\r\n\t\t\t\t\t\"VALUE\": \"\\\"LowRiskFileTypes\\\"=\\\".avi;.bat;.com;.cmd;.exe;.htm;.html;.lnk;.mpg;.mpeg;.mov;.mp3;.msi;.m3u;.rar;.reg;.txt;.vbs;.wav;.zip;.jar;\\\"\\r\\n\",\r\n\t\t\t\t\t\"KEY\": \"[HKEY_CURRENT_USER\\\\Software\\\\Microsoft\\\\Windows\\\\CurrentVersion\\\\Policies\\\\Associations]\"\r\n\t\t\t\t},\r\n\t\t\t\t{\r\n\t\t\t\t\t\"VALUE\": \"\\\"SaveZoneInformation\\\"=-\\r\\n\",\r\n\t\t\t\t\t\"KEY\": \"[HKEY_LOCAL_MACHINE\\\\SOFTWARE\\\\Microsoft\\\\Windows\\\\CurrentVersion\\\\Policies\\\\Attachments]\"\r\n\t\t\t\t},\r\n\t\t\t\t{\r\n\t\t\t\t\t\"VALUE\": \"\\\"LowRiskFileTypes\\\"=-\\r\\n\",\r\n\t\t\t\t\t\"KEY\": \"[HKEY_LOCAL_MACHINE\\\\SOFTWARE\\\\Microsoft\\\\Windows\\\\CurrentVersion\\\\Policies\\\\Associations]\"\r\n\t\t\t\t}\r\n\t\t\t],\r\n\t\t\t\"NAME\": \"Open-File Security Warning\"\r\n\t\t},\r\n\t\t{\r\n\t\t\t\"REG\": [\r\n\t\t\t\t{\r\n\t\t\t\t\t\"VALUE\": \"\\\"SEE_MASK_NOZONECHECKS\\\"=\\\"1\\\"\\r\\n\",\r\n\t\t\t\t\t\"KEY\": \"[HKEY_CURRENT_USER\\\\Environment]\"\r\n\t\t\t\t},\r\n\t\t\t\t{\r\n\t\t\t\t\t\"VALUE\": \"\\\"SEE_MASK_NOZONECHECKS\\\"=\\\"1\\\"\\r\\n\",\r\n\t\t\t\t\t\"KEY\": \"[HKEY_LOCAL_MACHINE\\\\SYSTEM\\\\CurrentControlSet\\\\Control\\\\Session Manager\\\\Environment]\"\r\n\t\t\t\t}\r\n\t\t\t],\r\n\t\t\t\"NAME\": \"Disable Zone Checking\"\r\n\t\t},\r\n\t\t{\r\n\t\t\t\"REG\": [\r\n\t\t\t\t{\r\n\t\t\t\t\t\"VALUE\": \"\\\"ConsentPromptBehaviorAdmin\\\"=dword:00000000\\r\\n\\\"ConsentPromptBehaviorUser\\\"=dword:00000000\\r\\n\\\"EnableLUA\\\"=dword:00000000\\r\\n\\\"PromptOnSecureDesktop\\\"=dword:00000000\\r\\n\",\r\n\t\t\t\t\t\"KEY\": \"[HKEY_LOCAL_MACHINE\\\\SOFTWARE\\\\Microsoft\\\\Windows\\\\CurrentVersion\\\\Policies\\\\System]\"\r\n\t\t\t\t}\r\n\t\t\t],\r\n\t\t\t\"PROCESS\": [\r\n\t\t\t\t\"UserAccountControlSettings.exe\"\r\n\t\t\t],\r\n\t\t\t\"NAME\": \"User Account Control\"\r\n\t\t},\r\n\t\t{\r\n\t\t\t\"REG\": [\r\n\t\t\t\t{\r\n\t\t\t\t\t\"VALUE\": \"\\\"DisableTaskMgr\\\"=dword:00000002\\r\\n\",\r\n\t\t\t\t\t\"KEY\": \"[HKEY_CURRENT_USER\\\\Software\\\\Microsoft\\\\Windows\\\\CurrentVersion\\\\Policies\\\\System]\"\r\n\t\t\t\t}\r\n\t\t\t],\r\n\t\t\t\"PROCESS\": [\r\n\t\t\t\t\"Taskmgr.exe\"\r\n\t\t\t],\r\n\t\t\t\"NAME\": \"Task Manager\"\r\n\t\t},\r\n\t\t{\r\n\t\t\t\"REG\": [\r\n\t\t\t\t{\r\n\t\t\t\t\t\"VALUE\": \"\\\"DisableConfig\\\"=dword:00000001\\r\\n\\\"DisableSR\\\"=dword:00000001\\r\\n\",\r\n\t\t\t\t\t\"KEY\": \"[HKEY_LOCAL_MACHINE\\\\SOFTWARE\\\\Policies\\\\Microsoft\\\\Windows NT\\\\SystemRestore]\"\r\n\t\t\t\t}\r\n\t\t\t],\r\n\t\t\t\"NAME\": \"Restore System\"\r\n\t\t},\r\n\t\t{\r\n\t\t\t\"PROCESS\": [\r\n\t\t\t\t\"ProcessHacker.exe\"\r\n\t\t\t],\r\n\t\t\t\"NAME\": \"Process Hacker\"\r\n\t\t},\r\n\t\t{\r\n\t\t\t\"PROCESS\": [\r\n\t\t\t\t\"procexp.exe\"\r\n\t\t\t],\r\n\t\t\t\"NAME\": \"MsConfig\"\r\n\t\t},\r\n\t\t{\r\n\t\t\t\"PROCESS\": [\r\n\t\t\t\t\"MSASCui.exe\",\r\n\t\t\t\t\"MsMpEng.exe\",\r\n\t\t\t\t\"MpUXSrv.exe\",\r\n\t\t\t\t\"MpCmdRun.exe\",\r\n\t\t\t\t\"NisSrv.exe\",\r\n\t\t\t\t\"ConfigSecurityPolicy.exe\"\r\n\t\t\t],\r\n\t\t\t\"NAME\": \"Windows Defender\"\r\n\t\t},\r\n\t\t{\r\n\t\t\t\"PROCESS\" : [ \ r
} ,
{
"category" : "Network activity" ,
"comment" : "On port 1999" ,
"deleted" : false ,
"disable_correlation" : false ,
"timestamp" : "1522493153" ,
"to_ids" : true ,
"type" : "ip-dst|port" ,
"uuid" : "5abf66e1-b310-4869-bcf2-bca202de0b81" ,
"value" : "174.127.99.225|1999"
} ,
{
"category" : "Network activity" ,
"comment" : "On port 4987" ,
"deleted" : false ,
"disable_correlation" : false ,
"timestamp" : "1522493154" ,
"to_ids" : true ,
"type" : "ip-dst|port" ,
"uuid" : "5abf66e2-5c9c-4390-ba87-bca202de0b81" ,
"value" : "174.127.99.225|4987"
} ,
{
"category" : "External analysis" ,
"comment" : "" ,
"deleted" : false ,
"disable_correlation" : false ,
"timestamp" : "1522493181" ,
"to_ids" : false ,
"type" : "link" ,
"uuid" : "5abf66fd-8984-4e4c-9b22-bdd602de0b81" ,
"value" : "https://pastebin.com/raw/PvKLJAWP"
}
] ,
"Object" : [
{
"comment" : "" ,
"deleted" : false ,
"description" : "File object describing a file with meta-information" ,
"meta-category" : "file" ,
"name" : "file" ,
"template_uuid" : "688c46fb-5edb-40a3-8273-1af7923e2215" ,
"template_version" : "7" ,
"timestamp" : "1522492579" ,
"uuid" : "9f8377a2-614a-4c95-b23c-9843916ce750" ,
"ObjectReference" : [
{
"comment" : "" ,
"object_uuid" : "9f8377a2-614a-4c95-b23c-9843916ce750" ,
"referenced_uuid" : "4887e799-a946-45b9-b17d-829e83965fb8" ,
2023-04-21 13:25:09 +00:00
"relationship_type" : "analysed-with" ,
2023-12-14 14:30:15 +00:00
"timestamp" : "1522492595" ,
"uuid" : "5abf64b3-5948-455a-9540-4fee02de0b81"
}
] ,
"Attribute" : [
{
"category" : "Payload delivery" ,
"comment" : "Analyzed samples" ,
"deleted" : false ,
"disable_correlation" : false ,
"object_relation" : "sha1" ,
"timestamp" : "1522492576" ,
"to_ids" : true ,
"type" : "sha1" ,
"uuid" : "5abf64a0-e220-4c7c-93fe-4fee02de0b81" ,
"value" : "edcbc508c19118f11daac029020f2a55f5cdc115"
} ,
{
"category" : "Payload delivery" ,
"comment" : "Analyzed samples" ,
"deleted" : false ,
"disable_correlation" : false ,
"object_relation" : "sha256" ,
"timestamp" : "1522492577" ,
"to_ids" : true ,
"type" : "sha256" ,
"uuid" : "5abf64a1-291c-49cc-8cc1-4fee02de0b81" ,
"value" : "a42909490789d8ceb0c62f3a8cfd8d9d6e94d4e4199c4d31dffb6a2b36a67771"
} ,
{
"category" : "Payload delivery" ,
"comment" : "Analyzed samples" ,
"deleted" : false ,
"disable_correlation" : false ,
"object_relation" : "md5" ,
"timestamp" : "1522492577" ,
"to_ids" : true ,
"type" : "md5" ,
"uuid" : "5abf64a1-b698-4031-bd66-4fee02de0b81" ,
"value" : "2f021a10804ac5db5ceb43b42f785a23"
}
]
} ,
{
"comment" : "" ,
"deleted" : false ,
"description" : "VirusTotal report" ,
"meta-category" : "misc" ,
"name" : "virustotal-report" ,
"template_uuid" : "d7dd0154-e04f-4c34-a2fb-79f3a3a52aa4" ,
"template_version" : "1" ,
"timestamp" : "1522492578" ,
"uuid" : "4887e799-a946-45b9-b17d-829e83965fb8" ,
"Attribute" : [
{
"category" : "External analysis" ,
"comment" : "Analyzed samples" ,
"deleted" : false ,
"disable_correlation" : false ,
"object_relation" : "permalink" ,
"timestamp" : "1522492578" ,
"to_ids" : false ,
"type" : "link" ,
"uuid" : "5abf64a2-60b8-4859-8de4-4fee02de0b81" ,
"value" : "https://www.virustotal.com/file/a42909490789d8ceb0c62f3a8cfd8d9d6e94d4e4199c4d31dffb6a2b36a67771/analysis/1522272575/"
} ,
{
"category" : "Other" ,
"comment" : "Analyzed samples" ,
"deleted" : false ,
"disable_correlation" : true ,
"object_relation" : "detection-ratio" ,
"timestamp" : "1522492578" ,
"to_ids" : false ,
"type" : "text" ,
"uuid" : "5abf64a2-1e6c-4181-bf62-4fee02de0b81" ,
"value" : "24/60"
} ,
{
"category" : "Other" ,
"comment" : "Analyzed samples" ,
"deleted" : false ,
"disable_correlation" : false ,
"object_relation" : "last-submission" ,
"timestamp" : "1522492578" ,
"to_ids" : false ,
"type" : "datetime" ,
"uuid" : "5abf64a2-300c-4d8e-93e1-4fee02de0b81" ,
"value" : "2018-03-28T21:29:35"
}
]
} ,
{
"comment" : "" ,
"deleted" : false ,
"description" : "File object describing a file with meta-information" ,
"meta-category" : "file" ,
"name" : "file" ,
"template_uuid" : "688c46fb-5edb-40a3-8273-1af7923e2215" ,
"template_version" : "7" ,
"timestamp" : "1522492582" ,
"uuid" : "506f740b-a199-4f1e-b7ba-67e253b26d05" ,
"ObjectReference" : [
{
"comment" : "" ,
"object_uuid" : "506f740b-a199-4f1e-b7ba-67e253b26d05" ,
"referenced_uuid" : "19044ae8-56c6-4576-b6d2-67ea8f010aa1" ,
2023-04-21 13:25:09 +00:00
"relationship_type" : "analysed-with" ,
2023-12-14 14:30:15 +00:00
"timestamp" : "1522492595" ,
"uuid" : "5abf64b3-f5c4-44e9-bb40-4fee02de0b81"
}
] ,
"Attribute" : [
{
"category" : "Payload delivery" ,
"comment" : "Analyzed samples" ,
"deleted" : false ,
"disable_correlation" : false ,
"object_relation" : "sha1" ,
"timestamp" : "1522492579" ,
"to_ids" : true ,
"type" : "sha1" ,
"uuid" : "5abf64a3-1188-4129-80df-4fee02de0b81" ,
"value" : "ff179cd437f2e4b93758adbe77e19e34610074ec"
} ,
{
"category" : "Payload delivery" ,
"comment" : "Analyzed samples" ,
"deleted" : false ,
"disable_correlation" : false ,
"object_relation" : "sha256" ,
"timestamp" : "1522492579" ,
"to_ids" : true ,
"type" : "sha256" ,
"uuid" : "5abf64a3-5358-4932-b03e-4fee02de0b81" ,
"value" : "eb42177017e06ac8afc21f8d3b713417bf25da0f3de678a52625cf9f6bf5a050"
} ,
{
"category" : "Payload delivery" ,
"comment" : "Analyzed samples" ,
"deleted" : false ,
"disable_correlation" : false ,
"object_relation" : "md5" ,
"timestamp" : "1522492580" ,
"to_ids" : true ,
"type" : "md5" ,
"uuid" : "5abf64a4-371c-4b84-8a38-4fee02de0b81" ,
"value" : "ae77ffba57049418e5a720bf77d178a5"
}
]
} ,
{
"comment" : "" ,
"deleted" : false ,
"description" : "VirusTotal report" ,
"meta-category" : "misc" ,
"name" : "virustotal-report" ,
"template_uuid" : "d7dd0154-e04f-4c34-a2fb-79f3a3a52aa4" ,
"template_version" : "1" ,
"timestamp" : "1522492580" ,
"uuid" : "19044ae8-56c6-4576-b6d2-67ea8f010aa1" ,
"Attribute" : [
{
"category" : "External analysis" ,
"comment" : "Analyzed samples" ,
"deleted" : false ,
"disable_correlation" : false ,
"object_relation" : "permalink" ,
"timestamp" : "1522492580" ,
"to_ids" : false ,
"type" : "link" ,
"uuid" : "5abf64a4-4468-4e18-9d35-4fee02de0b81" ,
"value" : "https://www.virustotal.com/file/eb42177017e06ac8afc21f8d3b713417bf25da0f3de678a52625cf9f6bf5a050/analysis/1522335324/"
} ,
{
"category" : "Other" ,
"comment" : "Analyzed samples" ,
"deleted" : false ,
"disable_correlation" : true ,
"object_relation" : "detection-ratio" ,
"timestamp" : "1522492581" ,
"to_ids" : false ,
"type" : "text" ,
"uuid" : "5abf64a5-7660-4946-bbb2-4fee02de0b81" ,
"value" : "29/59"
} ,
{
"category" : "Other" ,
"comment" : "Analyzed samples" ,
"deleted" : false ,
"disable_correlation" : false ,
"object_relation" : "last-submission" ,
"timestamp" : "1522492581" ,
"to_ids" : false ,
"type" : "datetime" ,
"uuid" : "5abf64a5-0124-4e58-a6dd-4fee02de0b81" ,
"value" : "2018-03-29T14:55:24"
}
]
} ,
{
"comment" : "" ,
"deleted" : false ,
"description" : "File object describing a file with meta-information" ,
"meta-category" : "file" ,
"name" : "file" ,
"template_uuid" : "688c46fb-5edb-40a3-8273-1af7923e2215" ,
"template_version" : "7" ,
"timestamp" : "1522492584" ,
"uuid" : "ebbafa48-355a-4f73-9227-d05329f24cb7" ,
"ObjectReference" : [
{
"comment" : "" ,
"object_uuid" : "ebbafa48-355a-4f73-9227-d05329f24cb7" ,
"referenced_uuid" : "fc2df7b7-772d-4ad1-97fb-be696f3a14d2" ,
2023-04-21 13:25:09 +00:00
"relationship_type" : "analysed-with" ,
2023-12-14 14:30:15 +00:00
"timestamp" : "1522492596" ,
"uuid" : "5abf64b4-5f38-42a3-b89e-4fee02de0b81"
}
] ,
"Attribute" : [
{
"category" : "Payload delivery" ,
"comment" : "Analyzed samples" ,
"deleted" : false ,
"disable_correlation" : false ,
"object_relation" : "sha1" ,
"timestamp" : "1522492581" ,
"to_ids" : true ,
"type" : "sha1" ,
"uuid" : "5abf64a5-9cc8-4586-b366-4fee02de0b81" ,
"value" : "54b13ce9069beee3cd0a2ffe3bb404d5d92144ed"
} ,
{
"category" : "Payload delivery" ,
"comment" : "Analyzed samples" ,
"deleted" : false ,
"disable_correlation" : false ,
"object_relation" : "sha256" ,
"timestamp" : "1522492582" ,
"to_ids" : true ,
"type" : "sha256" ,
"uuid" : "5abf64a6-86a4-4a7c-ad74-4fee02de0b81" ,
"value" : "aefe7a967c92cb76af1defac59d88a2d57d0c6526c94f782ac0e19935be1e30c"
} ,
{
"category" : "Payload delivery" ,
"comment" : "Analyzed samples" ,
"deleted" : false ,
"disable_correlation" : false ,
"object_relation" : "md5" ,
"timestamp" : "1522492582" ,
"to_ids" : true ,
"type" : "md5" ,
"uuid" : "5abf64a6-70f0-444f-b74c-4fee02de0b81" ,
"value" : "6392741705126cb97a837cbb046cfe73"
}
]
} ,
{
"comment" : "" ,
"deleted" : false ,
"description" : "VirusTotal report" ,
"meta-category" : "misc" ,
"name" : "virustotal-report" ,
"template_uuid" : "d7dd0154-e04f-4c34-a2fb-79f3a3a52aa4" ,
"template_version" : "1" ,
"timestamp" : "1522492582" ,
"uuid" : "fc2df7b7-772d-4ad1-97fb-be696f3a14d2" ,
"Attribute" : [
{
"category" : "External analysis" ,
"comment" : "Analyzed samples" ,
"deleted" : false ,
"disable_correlation" : false ,
"object_relation" : "permalink" ,
"timestamp" : "1522492583" ,
"to_ids" : false ,
"type" : "link" ,
"uuid" : "5abf64a7-1990-458d-a62d-4fee02de0b81" ,
"value" : "https://www.virustotal.com/file/aefe7a967c92cb76af1defac59d88a2d57d0c6526c94f782ac0e19935be1e30c/analysis/1522121609/"
} ,
{
"category" : "Other" ,
"comment" : "Analyzed samples" ,
"deleted" : false ,
"disable_correlation" : true ,
"object_relation" : "detection-ratio" ,
"timestamp" : "1522492583" ,
"to_ids" : false ,
"type" : "text" ,
"uuid" : "5abf64a7-7ba0-45e3-9966-4fee02de0b81" ,
"value" : "30/59"
} ,
{
"category" : "Other" ,
"comment" : "Analyzed samples" ,
"deleted" : false ,
"disable_correlation" : false ,
"object_relation" : "last-submission" ,
"timestamp" : "1522492583" ,
"to_ids" : false ,
"type" : "datetime" ,
"uuid" : "5abf64a7-98c0-4d7e-9346-4fee02de0b81" ,
"value" : "2018-03-27T03:33:29"
}
]
} ,
{
"comment" : "" ,
"deleted" : false ,
"description" : "File object describing a file with meta-information" ,
"meta-category" : "file" ,
"name" : "file" ,
"template_uuid" : "688c46fb-5edb-40a3-8273-1af7923e2215" ,
"template_version" : "7" ,
"timestamp" : "1522492586" ,
"uuid" : "bf58b01a-22fa-49d9-82b7-e3bfad752bd0" ,
"ObjectReference" : [
{
"comment" : "" ,
"object_uuid" : "bf58b01a-22fa-49d9-82b7-e3bfad752bd0" ,
"referenced_uuid" : "c9dec079-cde4-4d06-ac74-b79ef362ad00" ,
2023-04-21 13:25:09 +00:00
"relationship_type" : "analysed-with" ,
2023-12-14 14:30:15 +00:00
"timestamp" : "1522492596" ,
"uuid" : "5abf64b4-2580-4bf0-b65b-4fee02de0b81"
}
] ,
"Attribute" : [
{
"category" : "Payload delivery" ,
"comment" : "Analyzed samples" ,
"deleted" : false ,
"disable_correlation" : false ,
"object_relation" : "sha1" ,
"timestamp" : "1522492584" ,
"to_ids" : true ,
"type" : "sha1" ,
"uuid" : "5abf64a8-6470-492b-b8ea-4fee02de0b81" ,
"value" : "cf1f9dba740778df3bea9a7903b030aa9b916d90"
} ,
{
"category" : "Payload delivery" ,
"comment" : "Analyzed samples" ,
"deleted" : false ,
"disable_correlation" : false ,
"object_relation" : "sha256" ,
"timestamp" : "1522492584" ,
"to_ids" : true ,
"type" : "sha256" ,
"uuid" : "5abf64a8-0f50-4083-8294-4fee02de0b81" ,
"value" : "7aff36d38eaad0bd01d04c71dbafa4e637008be17e06397c9191826671be4964"
} ,
{
"category" : "Payload delivery" ,
"comment" : "Analyzed samples" ,
"deleted" : false ,
"disable_correlation" : false ,
"object_relation" : "md5" ,
"timestamp" : "1522492584" ,
"to_ids" : true ,
"type" : "md5" ,
"uuid" : "5abf64a8-8660-4174-986d-4fee02de0b81" ,
"value" : "64d72c5c86d3638034cd83178abcb82f"
}
]
} ,
{
"comment" : "" ,
"deleted" : false ,
"description" : "VirusTotal report" ,
"meta-category" : "misc" ,
"name" : "virustotal-report" ,
"template_uuid" : "d7dd0154-e04f-4c34-a2fb-79f3a3a52aa4" ,
"template_version" : "1" ,
"timestamp" : "1522492585" ,
"uuid" : "c9dec079-cde4-4d06-ac74-b79ef362ad00" ,
"Attribute" : [
{
"category" : "External analysis" ,
"comment" : "Analyzed samples" ,
"deleted" : false ,
"disable_correlation" : false ,
"object_relation" : "permalink" ,
"timestamp" : "1522492585" ,
"to_ids" : false ,
"type" : "link" ,
"uuid" : "5abf64a9-d1d4-49a9-8a98-4fee02de0b81" ,
"value" : "https://www.virustotal.com/file/7aff36d38eaad0bd01d04c71dbafa4e637008be17e06397c9191826671be4964/analysis/1522274126/"
} ,
{
"category" : "Other" ,
"comment" : "Analyzed samples" ,
"deleted" : false ,
"disable_correlation" : true ,
"object_relation" : "detection-ratio" ,
"timestamp" : "1522492586" ,
"to_ids" : false ,
"type" : "text" ,
"uuid" : "5abf64aa-f510-47f9-9a22-4fee02de0b81" ,
"value" : "26/49"
} ,
{
"category" : "Other" ,
"comment" : "Analyzed samples" ,
"deleted" : false ,
"disable_correlation" : false ,
"object_relation" : "last-submission" ,
"timestamp" : "1522492586" ,
"to_ids" : false ,
"type" : "datetime" ,
"uuid" : "5abf64aa-e2d8-4be0-a606-4fee02de0b81" ,
"value" : "2018-03-28T21:55:26"
}
]
} ,
{
"comment" : "" ,
"deleted" : false ,
"description" : "File object describing a file with meta-information" ,
"meta-category" : "file" ,
"name" : "file" ,
"template_uuid" : "688c46fb-5edb-40a3-8273-1af7923e2215" ,
"template_version" : "7" ,
"timestamp" : "1522492589" ,
"uuid" : "4496c403-6bc9-4d06-9f90-c56776eaaa02" ,
"ObjectReference" : [
{
"comment" : "" ,
"object_uuid" : "4496c403-6bc9-4d06-9f90-c56776eaaa02" ,
"referenced_uuid" : "faaf775c-f3bc-4c06-986d-0eda27ef4706" ,
2023-04-21 13:25:09 +00:00
"relationship_type" : "analysed-with" ,
2023-12-14 14:30:15 +00:00
"timestamp" : "1522492596" ,
"uuid" : "5abf64b4-e394-4ff7-ab8b-4fee02de0b81"
}
] ,
"Attribute" : [
{
"category" : "Payload delivery" ,
"comment" : "Analyzed samples" ,
"deleted" : false ,
"disable_correlation" : false ,
"object_relation" : "sha1" ,
"timestamp" : "1522492586" ,
"to_ids" : true ,
"type" : "sha1" ,
"uuid" : "5abf64aa-0dc4-48f3-97ee-4fee02de0b81" ,
"value" : "a495a93bec5e5cd234dc13c680e15a5e331d19b1"
} ,
{
"category" : "Payload delivery" ,
"comment" : "Analyzed samples" ,
"deleted" : false ,
"disable_correlation" : false ,
"object_relation" : "sha256" ,
"timestamp" : "1522492587" ,
"to_ids" : true ,
"type" : "sha256" ,
"uuid" : "5abf64ab-8654-4b9e-909a-4fee02de0b81" ,
"value" : "8e4e858584704d7df6b0c3221a2b1d169f072e40aec0cc74340dbe4b6b15e60f"
} ,
{
"category" : "Payload delivery" ,
"comment" : "Analyzed samples" ,
"deleted" : false ,
"disable_correlation" : false ,
"object_relation" : "md5" ,
"timestamp" : "1522492587" ,
"to_ids" : true ,
"type" : "md5" ,
"uuid" : "5abf64ab-45e0-442a-8417-4fee02de0b81" ,
"value" : "1eb3f344a0274bfa38c67f6b10650dcf"
}
]
} ,
{
"comment" : "" ,
"deleted" : false ,
"description" : "VirusTotal report" ,
"meta-category" : "misc" ,
"name" : "virustotal-report" ,
"template_uuid" : "d7dd0154-e04f-4c34-a2fb-79f3a3a52aa4" ,
"template_version" : "1" ,
"timestamp" : "1522492587" ,
"uuid" : "faaf775c-f3bc-4c06-986d-0eda27ef4706" ,
"Attribute" : [
{
"category" : "External analysis" ,
"comment" : "Analyzed samples" ,
"deleted" : false ,
"disable_correlation" : false ,
"object_relation" : "permalink" ,
"timestamp" : "1522492587" ,
"to_ids" : false ,
"type" : "link" ,
"uuid" : "5abf64ab-d81c-4d74-b375-4fee02de0b81" ,
"value" : "https://www.virustotal.com/file/8e4e858584704d7df6b0c3221a2b1d169f072e40aec0cc74340dbe4b6b15e60f/analysis/1522335418/"
} ,
{
"category" : "Other" ,
"comment" : "Analyzed samples" ,
"deleted" : false ,
"disable_correlation" : true ,
"object_relation" : "detection-ratio" ,
"timestamp" : "1522492588" ,
"to_ids" : false ,
"type" : "text" ,
"uuid" : "5abf64ac-ea60-4fcb-95bf-4fee02de0b81" ,
"value" : "31/59"
} ,
{
"category" : "Other" ,
"comment" : "Analyzed samples" ,
"deleted" : false ,
"disable_correlation" : false ,
"object_relation" : "last-submission" ,
"timestamp" : "1522492588" ,
"to_ids" : false ,
"type" : "datetime" ,
"uuid" : "5abf64ac-6abc-4be2-a17a-4fee02de0b81" ,
"value" : "2018-03-29T14:56:58"
}
]
} ,
{
"comment" : "" ,
"deleted" : false ,
"description" : "File object describing a file with meta-information" ,
"meta-category" : "file" ,
"name" : "file" ,
"template_uuid" : "688c46fb-5edb-40a3-8273-1af7923e2215" ,
"template_version" : "7" ,
"timestamp" : "1522492591" ,
"uuid" : "e063f17d-444d-4129-ae42-2a5fe0de69cc" ,
"ObjectReference" : [
{
"comment" : "" ,
"object_uuid" : "e063f17d-444d-4129-ae42-2a5fe0de69cc" ,
"referenced_uuid" : "c825cfef-d1db-481f-a382-9735dd1720cb" ,
2023-04-21 13:25:09 +00:00
"relationship_type" : "analysed-with" ,
2023-12-14 14:30:15 +00:00
"timestamp" : "1522492596" ,
"uuid" : "5abf64b4-f49c-453a-a00b-4fee02de0b81"
}
] ,
"Attribute" : [
{
"category" : "Payload delivery" ,
"comment" : "Analyzed samples" ,
"deleted" : false ,
"disable_correlation" : false ,
"object_relation" : "sha1" ,
"timestamp" : "1522492589" ,
"to_ids" : true ,
"type" : "sha1" ,
"uuid" : "5abf64ad-26f8-427c-9d5b-4fee02de0b81" ,
"value" : "82822da7d5cf63fd472895c389d0a7e8a9e698c7"
} ,
{
"category" : "Payload delivery" ,
"comment" : "Analyzed samples" ,
"deleted" : false ,
"disable_correlation" : false ,
"object_relation" : "sha256" ,
"timestamp" : "1522492589" ,
"to_ids" : true ,
"type" : "sha256" ,
"uuid" : "5abf64ad-985c-4e4f-9c2b-4fee02de0b81" ,
"value" : "8ab8abba46e9b64ce27b03a25dabd69706bf90e2ebede22b211a2da37676ce55"
} ,
{
"category" : "Payload delivery" ,
"comment" : "Analyzed samples" ,
"deleted" : false ,
"disable_correlation" : false ,
"object_relation" : "md5" ,
"timestamp" : "1522492589" ,
"to_ids" : true ,
"type" : "md5" ,
"uuid" : "5abf64ad-9d0c-479e-a23e-4fee02de0b81" ,
"value" : "c52247ecffb2f7a42ef6fa0336671545"
}
]
} ,
{
"comment" : "" ,
"deleted" : false ,
"description" : "VirusTotal report" ,
"meta-category" : "misc" ,
"name" : "virustotal-report" ,
"template_uuid" : "d7dd0154-e04f-4c34-a2fb-79f3a3a52aa4" ,
"template_version" : "1" ,
"timestamp" : "1522492590" ,
"uuid" : "c825cfef-d1db-481f-a382-9735dd1720cb" ,
"Attribute" : [
{
"category" : "External analysis" ,
"comment" : "Analyzed samples" ,
"deleted" : false ,
"disable_correlation" : false ,
"object_relation" : "permalink" ,
"timestamp" : "1522492590" ,
"to_ids" : false ,
"type" : "link" ,
"uuid" : "5abf64ae-d24c-44f7-a725-4fee02de0b81" ,
"value" : "https://www.virustotal.com/file/8ab8abba46e9b64ce27b03a25dabd69706bf90e2ebede22b211a2da37676ce55/analysis/1522276988/"
} ,
{
"category" : "Other" ,
"comment" : "Analyzed samples" ,
"deleted" : false ,
"disable_correlation" : true ,
"object_relation" : "detection-ratio" ,
"timestamp" : "1522492590" ,
"to_ids" : false ,
"type" : "text" ,
"uuid" : "5abf64ae-332c-4626-86e2-4fee02de0b81" ,
"value" : "31/60"
} ,
{
"category" : "Other" ,
"comment" : "Analyzed samples" ,
"deleted" : false ,
"disable_correlation" : false ,
"object_relation" : "last-submission" ,
"timestamp" : "1522492590" ,
"to_ids" : false ,
"type" : "datetime" ,
"uuid" : "5abf64ae-8c44-4904-b8c6-4fee02de0b81" ,
"value" : "2018-03-28T22:43:08"
}
]
} ,
{
"comment" : "" ,
"deleted" : false ,
"description" : "File object describing a file with meta-information" ,
"meta-category" : "file" ,
"name" : "file" ,
"template_uuid" : "688c46fb-5edb-40a3-8273-1af7923e2215" ,
"template_version" : "7" ,
"timestamp" : "1522492594" ,
"uuid" : "45b7f55b-64f2-4363-807a-aa68041fb61b" ,
"ObjectReference" : [
{
"comment" : "" ,
"object_uuid" : "45b7f55b-64f2-4363-807a-aa68041fb61b" ,
"referenced_uuid" : "92284358-1b21-472b-9385-89fb4fa7e8ef" ,
2023-04-21 13:25:09 +00:00
"relationship_type" : "analysed-with" ,
2023-12-14 14:30:15 +00:00
"timestamp" : "1522492596" ,
"uuid" : "5abf64b4-e984-46f0-86d8-4fee02de0b81"
}
] ,
"Attribute" : [
{
"category" : "Payload delivery" ,
"comment" : "Analyzed samples" ,
"deleted" : false ,
"disable_correlation" : false ,
"object_relation" : "sha1" ,
"timestamp" : "1522492591" ,
"to_ids" : true ,
"type" : "sha1" ,
"uuid" : "5abf64af-ec7c-4c45-8388-4fee02de0b81" ,
"value" : "ae7a6b6235a4d827cef54152bca237a30cff9f1e"
} ,
{
"category" : "Payload delivery" ,
"comment" : "Analyzed samples" ,
"deleted" : false ,
"disable_correlation" : false ,
"object_relation" : "sha256" ,
"timestamp" : "1522492591" ,
"to_ids" : true ,
"type" : "sha256" ,
"uuid" : "5abf64af-30b8-4647-ad91-4fee02de0b81" ,
"value" : "445a73d4dc4c76b73d35233b2bfba3ee178eb2605def1542c2267375db1ee24c"
} ,
{
"category" : "Payload delivery" ,
"comment" : "Analyzed samples" ,
"deleted" : false ,
"disable_correlation" : false ,
"object_relation" : "md5" ,
"timestamp" : "1522492592" ,
"to_ids" : true ,
"type" : "md5" ,
"uuid" : "5abf64b0-9584-4150-8795-4fee02de0b81" ,
"value" : "daa0833d16cd9b6937803d1637284ad1"
}
]
} ,
{
"comment" : "" ,
"deleted" : false ,
"description" : "VirusTotal report" ,
"meta-category" : "misc" ,
"name" : "virustotal-report" ,
"template_uuid" : "d7dd0154-e04f-4c34-a2fb-79f3a3a52aa4" ,
"template_version" : "1" ,
"timestamp" : "1522492592" ,
"uuid" : "92284358-1b21-472b-9385-89fb4fa7e8ef" ,
"Attribute" : [
{
"category" : "External analysis" ,
"comment" : "Analyzed samples" ,
"deleted" : false ,
"disable_correlation" : false ,
"object_relation" : "permalink" ,
"timestamp" : "1522492592" ,
"to_ids" : false ,
"type" : "link" ,
"uuid" : "5abf64b0-3598-45c7-a58c-4fee02de0b81" ,
"value" : "https://www.virustotal.com/file/445a73d4dc4c76b73d35233b2bfba3ee178eb2605def1542c2267375db1ee24c/analysis/1522142541/"
} ,
{
"category" : "Other" ,
"comment" : "Analyzed samples" ,
"deleted" : false ,
"disable_correlation" : true ,
"object_relation" : "detection-ratio" ,
"timestamp" : "1522492593" ,
"to_ids" : false ,
"type" : "text" ,
"uuid" : "5abf64b1-43c4-4ce3-9e6c-4fee02de0b81" ,
"value" : "33/59"
} ,
{
"category" : "Other" ,
"comment" : "Analyzed samples" ,
"deleted" : false ,
"disable_correlation" : false ,
"object_relation" : "last-submission" ,
"timestamp" : "1522492593" ,
"to_ids" : false ,
"type" : "datetime" ,
"uuid" : "5abf64b1-50c0-46e8-b52d-4fee02de0b81" ,
"value" : "2018-03-27T09:22:21"
}
]
} ,
{
"comment" : "" ,
"deleted" : false ,
"description" : "File object describing a file with meta-information" ,
"meta-category" : "file" ,
"name" : "file" ,
"template_uuid" : "688c46fb-5edb-40a3-8273-1af7923e2215" ,
"template_version" : "7" ,
"timestamp" : "1522492596" ,
"uuid" : "7eebf218-879f-46fc-a3cc-d636fd99abe7" ,
"ObjectReference" : [
{
"comment" : "" ,
"object_uuid" : "7eebf218-879f-46fc-a3cc-d636fd99abe7" ,
"referenced_uuid" : "e91e2a7b-10e6-4190-9b38-817b7eced5b9" ,
2023-04-21 13:25:09 +00:00
"relationship_type" : "analysed-with" ,
2023-12-14 14:30:15 +00:00
"timestamp" : "1522492596" ,
"uuid" : "5abf64b4-e80c-4b8c-b66e-4fee02de0b81"
}
] ,
"Attribute" : [
{
"category" : "Payload delivery" ,
"comment" : "Analyzed samples" ,
"deleted" : false ,
"disable_correlation" : false ,
"object_relation" : "sha1" ,
"timestamp" : "1522492593" ,
"to_ids" : true ,
"type" : "sha1" ,
"uuid" : "5abf64b1-c510-4852-ad72-4fee02de0b81" ,
"value" : "3fd3e9a0b0e9cfceccbc0fef6eb19da2e066bc6e"
} ,
{
"category" : "Payload delivery" ,
"comment" : "Analyzed samples" ,
"deleted" : false ,
"disable_correlation" : false ,
"object_relation" : "sha256" ,
"timestamp" : "1522492593" ,
"to_ids" : true ,
"type" : "sha256" ,
"uuid" : "5abf64b2-c4b4-4736-8ce6-4fee02de0b81" ,
"value" : "a0c261c86f3e46f1b6ccd5bc8f706ffe77ff70528ca7961fd8fbd6529a1be993"
} ,
{
"category" : "Payload delivery" ,
"comment" : "Analyzed samples" ,
"deleted" : false ,
"disable_correlation" : false ,
"object_relation" : "md5" ,
"timestamp" : "1522492594" ,
"to_ids" : true ,
"type" : "md5" ,
"uuid" : "5abf64b2-ffbc-4bf3-a80c-4fee02de0b81" ,
"value" : "8ae2c573bc0e0492efeabe78495c591e"
}
]
} ,
{
"comment" : "" ,
"deleted" : false ,
"description" : "VirusTotal report" ,
"meta-category" : "misc" ,
"name" : "virustotal-report" ,
"template_uuid" : "d7dd0154-e04f-4c34-a2fb-79f3a3a52aa4" ,
"template_version" : "1" ,
"timestamp" : "1522492594" ,
"uuid" : "e91e2a7b-10e6-4190-9b38-817b7eced5b9" ,
"Attribute" : [
{
"category" : "External analysis" ,
"comment" : "Analyzed samples" ,
"deleted" : false ,
"disable_correlation" : false ,
"object_relation" : "permalink" ,
"timestamp" : "1522492594" ,
"to_ids" : false ,
"type" : "link" ,
"uuid" : "5abf64b2-c0d8-4443-8392-4fee02de0b81" ,
"value" : "https://www.virustotal.com/file/a0c261c86f3e46f1b6ccd5bc8f706ffe77ff70528ca7961fd8fbd6529a1be993/analysis/1522275361/"
} ,
{
"category" : "Other" ,
"comment" : "Analyzed samples" ,
"deleted" : false ,
"disable_correlation" : true ,
"object_relation" : "detection-ratio" ,
"timestamp" : "1522492595" ,
"to_ids" : false ,
"type" : "text" ,
"uuid" : "5abf64b3-3f1c-4128-bddf-4fee02de0b81" ,
"value" : "29/59"
} ,
{
"category" : "Other" ,
"comment" : "Analyzed samples" ,
"deleted" : false ,
"disable_correlation" : false ,
"object_relation" : "last-submission" ,
"timestamp" : "1522492595" ,
"to_ids" : false ,
"type" : "datetime" ,
"uuid" : "5abf64b3-f7e0-4ada-bc17-4fee02de0b81" ,
"value" : "2018-03-28T22:16:01"
}
]
}
2023-04-21 13:25:09 +00:00
]
2023-12-14 14:30:15 +00:00
}
2023-04-21 13:25:09 +00:00
}
