2023-04-21 13:25:09 +00:00
{
2023-12-14 14:30:15 +00:00
"Event" : {
"analysis" : "2" ,
"date" : "2018-04-23" ,
"extends_uuid" : "" ,
"info" : "OSINT - New Orangeworm attack group targets the healthcare sector in the U.S., Europe, and Asia" ,
"publish_timestamp" : "1525369059" ,
"published" : true ,
"threat_level_id" : "3" ,
"timestamp" : "1525369039" ,
"uuid" : "5adeed17-3124-41c1-91b9-4a97950d210f" ,
"Orgc" : {
"name" : "CIRCL" ,
"uuid" : "55f6ea5e-2c60-40e5-964f-47a8950d210f"
} ,
"Tag" : [
{
"colour" : "#001534" ,
"local" : "0" ,
"name" : "ms-caro-malware-full:malware-type=\"Backdoor\"" ,
"relationship_type" : ""
} ,
{
"colour" : "#0088cc" ,
"local" : "0" ,
"name" : "misp-galaxy:threat-actor=\"Orangeworm\"" ,
"relationship_type" : ""
} ,
{
"colour" : "#ffffff" ,
"local" : "0" ,
"name" : "tlp:white" ,
"relationship_type" : ""
} ,
{
"colour" : "#00223b" ,
"local" : "0" ,
"name" : "osint:source-type=\"blog-post\"" ,
"relationship_type" : ""
}
] ,
"Attribute" : [
{
"category" : "External analysis" ,
"comment" : "" ,
"deleted" : false ,
"disable_correlation" : false ,
"timestamp" : "1525356889" ,
"to_ids" : false ,
"type" : "link" ,
"uuid" : "5adef6b2-0c40-42f2-b09a-4f47950d210f" ,
"value" : "https://www.symantec.com/blogs/threat-intelligence/orangeworm-targets-healthcare-us-europe-asia" ,
"Tag" : [
{
"colour" : "#00223b" ,
"local" : "0" ,
"name" : "osint:source-type=\"blog-post\"" ,
"relationship_type" : ""
}
]
} ,
{
"category" : "External analysis" ,
"comment" : "" ,
"deleted" : false ,
"disable_correlation" : false ,
"timestamp" : "1525356889" ,
"to_ids" : false ,
"type" : "comment" ,
"uuid" : "5adef6f8-b494-41ab-8387-4af4950d210f" ,
"value" : "Symantec has identified a new attack group dubbed Orangeworm deploying the Kwampirs backdoor in a targeted attack campaign against the healthcare sector and related industries.\r\n\r\nSymantec has identified a previously unknown group called Orangeworm that has been observed installing a custom backdoor called Trojan.Kwampirs within large international corporations that operate within the healthcare sector in the United States, Europe, and Asia.\r\n\r\nFirst identified in January 2015, Orangeworm has also conducted targeted attacks against organizations in related industries as part of a larger supply-chain attack in order to reach their intended victims. Known victims include healthcare providers, pharmaceuticals, IT solution providers for healthcare and equipment manufacturers that serve the healthcare industry, likely for the purpose of corporate espionage." ,
"Tag" : [
{
"colour" : "#00223b" ,
"local" : "0" ,
"name" : "osint:source-type=\"blog-post\"" ,
"relationship_type" : ""
}
]
} ,
{
"category" : "External analysis" ,
"comment" : "Sample dropper hashes" ,
"data" : " i V B O R w 0 K G g o A A A A N S U h E U g A A A h c A A A L c C A Y A A A B U 9 p I / A A A g A E l E Q V R 4 n O y 9 v Y 7 r v n b //fWDp0+uIKexpjCcG5ByLkB2Cldup5Nw0tjNFAFcGjgBppFKq9tFUrhyM9IFnIyuwHAxUnNyBckV8F/ojaRIivJ49tjzWx9gA3skilxcXCQXX2bWBAADQRAEQRDEjfj/GSPfgiAekclkAuq/xKNC9vtzmUwm+P++WwiCIAiCIH4W5FwQBEEQBHFT7s+5KGN4kwm8uLyPfAjip5GFmEwmCDPp/5/Kz0Nc3ig/gtBxa9slvgyzc1FP0JPJBBOpBbOwft4MKnza5p8XQ5zaM4SDaQiCuAmKPvmIznYW0jjxh+OH2O4fGaudC9d1gWSPrm0znJL6uZw2KsAYA2MpgnwLRzEoBCmr0zCw9w2mn6sDQRAGuj7J8L6ZAv4BjDEc/C8o7CvzJv5w/FbbJW6K3bHIeo0AOY5vtZuQnZAgwHpt+sjHIQ2AfIvXa7atLq+KXRNp56N1XErEXvdc2GRR5kMQf2BM28nSilG3Wixjr+tvJ13eVX8Nw1DMy1AGn68XZ4i9CRYJgHwLh5e5Lqefh6rMenyQxwvaDXk8PmO7ZQxv4iGOOdsZmlvqPBt7at5lgp2qyqEdF8s7F0usAiA/vqEEkJ0SIFhhOfSZM4ML4PwhKjdZDCs+P8/wizEUEbdrUjp4aXY8OMeljJ+xzQOk9Tveq1XmQxBEnzKG52wxb3YWiwjYOv2BvIzxvM3rVWWB2TkxZpskQNqsPE1lZCGcbV7vbBZYH094emdIAwBuhKLp22UMb5G0q9oicpFLcgplYorl2gXyI6r1UYFLDrjrJe2a/hRsbRc5tscZCsu5pSE5c9/kWywuOzBW2Wa+fe7mFWs5fj7WFzqdWdM5qyORYHXNvpSPA+uORHoNw9F0/OnTHECOSwFgWuC18QgX3YBWpUmwUHi0ynwI4g9EvnXUu3oyxQU5OOff2SJHf3FQvh2Rw8V6WU3cm11gLN+NXtCOFoYyslMCIEA1tEyxeT9ANcqI5QPT5bq3iBHKBDDd7BAgx/Y1q3deu++J++XWtguMm1vU33TznzOTrgaMkOOnY+1cVB04x9ZZIGkHgAFqRc+f1J24ahj7CT8Lq7LTxrts8A9grEDkVo36R92GIggV/Lm1zVm1cCeqXf3flt9RhoiPVQAgOSE8JYC7BvkW98/vsl3t3HIlv9++7w/7X0WdLrFunLRgpVxRiGQIFwngRnhRJi7xdswBW0dF/vrj3P0/DhGXU2zeUwQActqeIIjx1MeYycm8h9us+Ko7WCXivflYxLaMarGRoHmVhSHaVPkFTa+WdyHlnQwdfuVdIEnoSOTHYWm7NvBzy3fK8eiM+DsX9bklzEci3TbWAkmQir8NIlzCcup7EuqtTxX+SwS3Pv5wjkDj60w3K1ycukwESOkqMUGMZ7rBexoAyYLrp17/2NI/1EeaDiYTB5d1BFeZ4bgyppt3VK+q5/tZdbTROAXtsad/QBG5bbrqnsY7BheH/gsiFwAdifw8bG1Xg25u+d1y/CQmjP64O0E8JBSbYSwlYs/BFhEK+hX4b4fs9+dCsUUIgvjjkL1iS78lQhC/Bdq5IIgHhVZ+xCND9vtzoZ0LgiAIgiBuDjkXBEEQBEHcFHIuCIIgCIK4KRMA7J/+6Z/wt7/9DX/605++Wx6CIAiCIB4cutBJEA8KXYgjHhmy358LXegkCIIgCOLmkHNBEARBEMRNIeeCIAiCIIib8sDORYZwwgU2ekTKGN5D/u15S93b1o9Pl92RTh62fYjrKRF71N4E8VmGnQsh2JgUzpx/58VQ9ccy9jBpAg7Z5jsWKa/qn53j0ZevROxJebUvTe8aUSQZDLJlr1sgKsBYF3Sp972FvsaUqdZZN5g2+rhFwB1V/YbSPZ2kb4bsZMAGtfZ3Q/nvlwyhyk7LGF6tqzL2JBuuvhH1nCGUbKGMPS5NXY6gf94BHe43TZ5CGi6/sXLyfaKfxqSTKZZrYPval0+f5zDX6Nmkj2vz1I4v+FxfuXeyUG1zxNcx4FxkCBdnREUdl76IgO1zbagZwv0MBWNgrECELZ7lDlfGeD6uEQVj8r0C/1Dl0/xLA7uw8Fr5gCDl8pOirOreZeEEC6ScLAf4A7LNn6bm76s3Wn1dUybKGN4CSNv3c2ydEBkyvB7XdZsyFJF6kB0DXz/bdN3/h+xkwAYN7Xtr+e+RMt7jHBWVbs6neiLJEDoX7OrAXdPlGu75o5u0yg+cAeRNPHMAyE5I3DXMgURduNhCby5u146sQHReCJNlFk7gcLbHGEM638Kp04ySswixOEdtXrvLazuJWuskOfWccV2eNozV85A+rs1TPb7gJn3lnvEP/XGc+GKYiTRgCFLpEZgbFb2kReRKzwsWuS6LiuobIZuBfIvIZQCqf3y6NOCeByxAwMRcmnK78rR5aeUTvzflLZJq5FF/nwbo5HIjVpi+1+orGlVm+yRypfxSFqDSRb+MopNBqfuUBeDqgk6n/foNpIP0zQj7a+rVvVO1r1qGXv3gMteV5b8/hrpvp4+CRW7VXr2+KLV99Y1oV/2+LT+r84gCBsEumv93bSGWW8tSRMxV2jEv2wg500DbZnY60YxZijxle6z6VsQi3n4QsHSM/Fb6GKkT4/hkGKu/EJP99u2Lk6uImNuMKW7EokDWc/Wz3C5ifgGLuLlBHDfktmPcO5cFgdt+o27/tDee8G2kno/EuvfSCPYn9iebPH83AJhx56L8OPeeOTNVpPsSb8dcWOWV8TOO61/K7WRjvrUH3XjsKRb1Np24ii1mZyQqobNXbBHhxTflZZYPAJJFt30o76Yp35UfOLtn7E1bv5xs/oEhDepdkPcNpobvtfq6XEaV2TB9mgPCyszBzM1xKcSt2AVSvFdnEwbd+zgIuyRzbJ9jOHL9bNIx8RtY2x8g26C6fdUylPIOCXvH+7ss/+Mx3eww3zqYTBwc1y9wYg/7WQFxAedjFeQ4vlXr3+ICrJdLzNwEpwyo9AqszdsWFcsD0iDB3moL0scqAM4fJVBckLszOL00nV2OktM/VKt8xfGFnU4AfxUgOXF9SZOnvwqQH9/q3YNKhmh2wXYu7xCMkN9KHyN1YhpfBsbC72D6NO/0Wn4ArlvZCoDy7Yh8/lT1yXyL46yox44Ei8kes6LZ5TTtLiU44lfdPinmzY5o9qpoO54cCXZgjOF9M1W3/wt648lmCuN81KJLU9vfc1yK7WWT5zdxkwudZfyM7TztOmgZ43k7x+4Kay3fjsjzqhNPJhMsknoAkrZmp5sd+jt4JeJ9gmBXTQbavIzyTbF5F48UkkVzNml6ByCfY9caZYogWYh3OTjZlBi/v+YbTZn+oe6IzUDjYJu7mDnAdPPe1q+Y7aut6wHdC2fDC6XLNyrdNQg2aGhfpQxW2/6PSOdMvS/f8HzZ4X35Vl9S7SZJfxXUW+kZTskcT9Mplut6MC/fcMznsD0d8l+GBnWRMcdOY+T0D9Xxy/roSHeH7HQCf4VAOhpR5umvEORHvJWoZMAay80KQbLo3Wm4pZ6vylM1VsTXj9Vfir9CkF9QoBrHsdthXk/ixSVHsGomm6CV3Zm5QLCrJt3pEmv3jA+tnxtwda6ctEtRl6touw4XEb9SU7V/oR5PtPORZRr/kGK+deBw7WWT53cx2rkoLrnwcxl71dkg7/oXF+ToJq9FUq32TZeghHwD3nNk9erZguwV2zzAinc1VXmNkc9fIYDGSE3v6pWZUTYj0vcScjuMLbMaKLmBBv2BbbrZVR3nwyBmPZG39zeKCMq9Bdt0A6jq3bNBXfuG4U1keDzqOwUHH9nrFvO0Xtk1K65mIs1OSOq7OdPlunpfXJDb3F9qmG6wCxLsY5PRVDKdksqhhTODW08kIgUutdOLq+SsFgMpt7q31gl8rJS7MHKePl4i4PhWVpPgesnt0q1w4i9O2spvq4+rdNJ+WI0Vl/Fj9e+h0v8pA4rLHCvfx2p+QYEMp2TMODq+XGXbGeXMpfY3YDO36dLUd2quyvM7MB6cFBFz+TM+6ec0sDvj6Z3jmf
"deleted" : false ,
"disable_correlation" : false ,
"timestamp" : "1525356889" ,
"to_ids" : false ,
"type" : "attachment" ,
"uuid" : "5adf24e9-4768-4334-bbef-44fc950d210f" ,
"value" : "Untitled-6.png"
} ,
{
"category" : "External analysis" ,
"comment" : "Sample payload DLL hashes" ,
"data" : " i V B O R w 0 K G g o A A A A N S U h E U g A A A e U A A A F g C A Y A A A C F T W E J A A A g A E l E Q V R 4 n O y d z W r j z L b 3 V 172 V Y Q Q g u R L O H h g 5 B z w w N I F Z G C H M / A o I I 0 b e y I 4 b P D E J q M z i C E j D w 6 x 2 O Q C b A 8 M x x I e + B o s E U L I b e g d p F d l 1 V L J d j r u t N N 7 / a B 5 n i 6 X 6 n P V x 6 p S 63 + S 53 k O g i A I g i D 8 c f 7 f n y 6 A I A i C I A h v y K I s C I I g C E e C L M q C I A i C c C T I o i w I g i A I R 4 I s y o I g C I J w J M i i L A i C I A h H g i z K g i A I g n A k y K I s C I I g C E e C L M q C I A i C c C T I o i w I g i A I R 4 I s y o I g C I J w J M i i L A i C I A h H w j 92 R T g 5 O f m K c g i C I A j C v w X b d K B 2 L s q 7 E h A E 4 f C c n J z I u B M O i t j U c b D L 0 Z X j a 0 E Q B E E 4 E m R R F o S / i J O T E w i C 4 G D p J U k C J y c n E E X R w d I U v g + H t i d h N 59 e l L M s g 5 O T E + P A r V Q q W q d 6 n q f i n p y c Q K V S U X G j K C r 9 j a b 3 W Q M 5 O T m B 4 X D 4 q T Q E 4 U 9 D x x 3 + y b J M i / O Z 8 S K T 8 b 8 X v 9 u e h P 359 K L 8 + v o K A A C 2 b c N 4 P F b h S Z J A m q Z g 27 b q 3 M 1 m A 67 r Q p 7 n 6 m 6 D L 77422 a z + W z R B O G v B c f d Z D J R Y 8 a y L M j z H O 7 u 7 g 6 W j + M 4 k O c 5 t F q t T 6 c l k / r x 8 l X 2 J O z m Y M f X N z c 3 M J v N 1 A L 88 P A A r u s a P V 5 k P B 5 D m q Y f O h q j O z o c 4 H j E h n / Q E 6 b e t + d 5 K o 3 F Y l G I K w h / A 2 U L H x 8 j 3 A v C Z / k p F Y 63 K I r U / w d B A C c n J 5 A k S W m 6 N H w 4 H I L n e Z C m K Y x G I / W i C 38 W 54 E g C F Q e //mf/6mNU3wmSZKDt51Q5FftKYoi9SyPg3ZGbQ3TGw6H6jduQ7RMf/P8fbBFuVargW3b8Pj4CAAA8/kcOp3O1mdOT08BAOD5+VmF7WrszWYDeZ7DYDCA0Wik0sHd3WAwgF6vBwAAYRjCYDCAPM9hOp1q6eR5Dr7vw/39/S/VVxC+E/V6XXlBrusWJtrhcAhpmkKaptDv97emlWUZ5HkOjuOUpluv19XYe3p6gul0CrZtg+/76pSMxhkMBtBut9XEPRqNII5j+L//+z9wXVeN09VqBQBvHrzw59hlTwAAaZrC5eWl6m+6NuR5ruyNO2XUPnCexjk9CAKoVCqQ5zlMJhPo9XrGDeZ35qAvejWbTbi/v1dH19Vqde9nW62WWlixE0y74WazCQAA5+fnAACqQ3Axx84DeNtR9Xo9zUsGAGg0GgAAcHFxAWmafqySgnBEtNvt0ncwEBxHGHc2mxWuh56ensC2bbAsa+dRNW62y9LF8FqtBgBgPP7kcfC/9DoMF95OpwNpmkKWZbBYLMD3/a3lE36dQ9kTgmuAbdvw9PQEAKC8Z9u2C/HRDmzbBtd1AeBtngZ4m+vn8znMZjM4OTmBdrsNAO8287dw0EX5+voa0jSFTqcDruuCZVlb42NjYkcgl5eXH8o3CAJ1Vz0YDFT4dDqFyWSiOlEQ/jbQW9nnHYw4jn/LOxu/K10ENwm3t7cwm80+PD8I+/O77SmKIpjNZspL/hXwtAX//G2nJgddlLFxcGHeRafT0XbEyHK5BID34+2PsFgs1P8HQQCtVgsmk8mH0xGEvwUcR3j0awJPjbIs2/sdj7J0ebjpaJPH2XUs7fu+uq46xEtnwq+zjz3tw3q9/vAzlUoF5vP5p/I9dg7+75TxaMl0dF2pVJTXip4r7rDoCwF4n7TL00bCMFTp0h3bxcWFOuagHrQg/DthWZa6fyt7Z6Pb7YJt2+pfUeDR4a+ky8Px+PHm5ka96MXj9Ho9iOO4NK/r62sAgL3KJfxe9rGnMlqtlrKzdrttPMLexnQ6hTRNt/7T2e/OSb7ju2vyaTZB+Hpk3OkkSaJeLhJP+dcQmzoOdvWDfNFLEISj5+HhAQDk6Fr4+xFPWRCOEBl3wqERmzoOxFMWBEEQhG+CLMqCIAiCcCTIoiwIgiAIR8I/9okkH94QhK9Hxp1waMSmjp+9FmV5OUAQvhZ5KUc4NGJTx8GujZEcXwuCIAjCkSCLsiAIfwWVSuWvUwwS/v348kXZ87yCfiqArpNMtTdpfKr2VJYO1dpENROqq0x1mMvibwun6dF8sTxBEGg6oPt+Bo7mh+lSbVF65EHD+XeF8XOllLLjEtrmSZKUtin9BCr9nB6GcxWubXkiZW20re2w3vtMvGVa2mVt993u2njfIZ7nQZIk6ndKpVLR+g/7HOC9/lQzGYmiSP2d2yTvez6O6e+87zzP0/LJskz1ObU5qrPM06R1uLm5UfKAx8av2PtXEgSBZhs4fihoW2gDpm+k0/6hdkPz4fWk+twUky1y++Jj2NSGWN4kSbR5tsyGuVb0PvPpIeePL12UsRNRS5Pqp9q2ramOWJalxUclEhRWbzQakOc5xHEMYRiq9Pv9vtLapKIYVFkEpeR4fNSRHQ6H0Gw2Vfr1el2rRxiGBfk41Hm+u7tTaeZ5DpVKZecH/j3Pg5ubG/VMq9WCLMug1+tpcpY4aBaLhQofjUbKmD3P+5CCznq9Vnq2Ly8vxr5JkkTpn+Z5rumXYjjXqt6Hsjbi4VhnHHz7fiu33W5DmqbqDi2KokKbzufzvcUXjo3Hx0eYTCYQx7H62lUURdBoNMBxHLAsC1zX1Sa6NE01wZbVaqVkTCm2bcNoNCrd/KDNYNvipJZlWWEcA7z3ne/7mgjBZrPRxAXW6zU0m82CzaFADYZhXgBvojZof1dXVwfVR8dF6BB81N6/muvra802UOOe1n82mynBENd1YTwea2lEUbTz2+Tz+RwqlUqhXV3XVXaMPD4+auklSQK2batxjbbAnSme9v39vUoH52nf95Uilmn+QtVBVB78yk37QRZl6pXQnQvd7QZBAMvlUi2UOGm8vr5CFEXg+35BIebs7KyQ1+npKTiOA91uFwAAXl5e1O6o1Wqpz/Dto+VM4z8/PysBjMVioT6A7zgO2LatJoHhcFgQgT85OVEfSU+SROvkzWaj6kF3eVjmLMtgs9mo+iAmMQ7UkKbpU6OdTqelnyGkfYFKQO12G3q9HlQqldK+eXh4gJubG5UOTqyVSkXVGScYkw3wUwpsx7I2ouF0wbi7uyu0UVmb4uSAbdjpdGC5XMJ6vdY2Uzc3N2ryMbXRdwAVe7Isg/F4rLVRo9FQSj5JkoDv+zCbzdTvi8WiIJuKDAYDuL293Zn/dDqF2WwGWZbB4+NjYRzf3d0pdafLy0u1wFKvGNt6uVwaN5Vcjxn7NQgCbWHAcNp31P6Gw2HBI8SFl8fzPA9msxnU63W16aAeFN2IeJ6nTpk8z9PS+lV7/2ocxynYhu/7mv3QuabRaMBms9HaOgzDreqAURTBzc2NZpdIp9NRdoL0ej0tvX6/D5PJRJsb7+7uNHvrdDra4h5FETSbzR2130632wXXdb9sA//pRRknA75z4bvdu7s7uLi4UIMS4G0Qvby8wPPzs1KPoZMr7vgxfDweqw7BQdBut407ncfHR60zaPqm4+77+3s1+C3L0oymUqnA6+srZFkG9/f3hYUvTVOwbVtpe9LBe3Nzo4wGve88z6Hf78NwOITX11dN9YQO5MlkosIuLi4K+WZZpu1et3F5eal2fbe3t9BqtWAwGMBgMIDNZlPaNwDvmwGAN+Wt5+dnpcaFnr3neWrnSSfWVqul6jyZTNREX9ZGlPv7+9JFAzG1KZYfOTs7gyzL4OzsTPPMzs/PlfC6qY2OmaurK6Wyc319Dc1ms7B41Wo15f2sViu4vLzUvOfNZlNqO91ud6u3TMEN3NPTU2FRtSxLbWqr1apq//V6DY1GA5rNpvKe5/M5tFotcBwHms1mYaxiWJZl6hlefn6EHYah8qy63W7BI8Txw+NNp1NwXRfiOFbzS6fTUbbWaDRU2Wazmfpts9mo+ZDa0aHs/XfCbYO21Wq1Kiy4tK3xaNjkSCHj8RhqtVrpiYbv+6pN0VGjbDabnc5Wq9XSFvfxeKwcrM/QaDS0Dfzv5NOL8nq91uQYR6MRrFYrWK1WmocF8D7QaVyEHonR4535fA6DwQBc19WMYjqdquNlfrSAx5Q4SdGFIY5jaLfbKi4eZ/T7fb
"deleted" : false ,
"disable_correlation" : false ,
"timestamp" : "1525356890" ,
"to_ids" : false ,
"type" : "attachment" ,
"uuid" : "5adf2515-d258-4589-a5c5-1b99950d210f" ,
"value" : "Sample payload DLL_0.png"
} ,
{
"category" : "External analysis" ,
"comment" : "Sample C&Cs" ,
"data" : " i V B O R w 0 K G g o A A A A N S U h E U g A A A l 4 A A A D c C A Y A A A C h x q 98 A A A g A E l E Q V R 4 n O y 9 z 27 i z t L //+an71WMIp7I9jVkMYIsWGBfQPQIskI6UiR7HcGGJRtbs8YS0iOxwv4ccQGBBYtgZZFrwBYninIb/i1yqqe73QZDyL+ZfknRTIzd3a6q7q6ublK1PM9zaDQajUaj0Wjenf/vsxug0Wg0Go1G87egHS+NRqPRaDSaD0I7XhqNRqPRaDQfhHa8NBqNRqPRaD4I7XhpNBqNRqPRfBDa8dJoNBqNRqP5IP5f1Rtrtdp7tkOj0Wg0Go3mW1PlL3RVdryqFqj5mtRqNa0/jUaj0WjeiaoBKr3VqNFoNBqNRvNBaMdLo9FoNBqN5oM4meOVZRlqtZrwE8fxqYo/GbVaDZ7nAQAcxxHaGwTBUWU6jgPLsgrX4zhGrVZDkiRvavNHkCRJQWee57HQKb0L/5NlGQDAsiw4jvMp7dZoNBqN5jtxMsfr5eUFABBFEfI8h+u66Ha7pypeSRAEbzr0v9lsYNs28jyH7/sYDAbfwkn6DJ6engAAaZoiz3OYpskcWI1Go9FoNNX4sK1Gy7IKkSXP8+B5HvvMcRzmTPERFYrG8JG0OI4xGAwAQIjUqOqpws+fPwEAz8/PwnWK+sht4q9vNht2P9/W4XDIrsdxzCJD5Czy78pHzOT6+DJVkTWNRqPRaDTfg5M7Xt1uF7VaDWEYsm/RkXOV5zmiKMJgMGAOTBiGWC6XiKIIi8UC2+2WPffr1y8AQLPZhO/7LDLV7XZxcXEB3/cBvH7bstPp7KxnHw8PDwCAi4sL4frt7S3yPGdRnl+/fiFJEoRhiCiKkKYp0jRl9/d6PRZFk52kNE3RarWQ5zmSJMFgMGARpDRNEQQBgiCAaZqsTsMwMBqN4Lou8jwXnLzPwDRN5gDe3d19als0Go1Go/lunNzxiqII6/UaAFgUarlcYrFYoFarse1H2po0TROGYeDs7AwAcHl5ya5TtAf4HZGif+l5nl31lEH3DwYDRFEEwzCEz+fzOYs2kYNFUbGLiwsYhgHbttn95FwBr06YzNXVFYDfjh45MgCw3W5Rr9eRpqkQXTMMA2EYfoloV5qm8H0fi8WislOr0Wg0Go3mlXfZamw0GjBNE9PplF2jiA39NBqN96j64HooOkVRM54sy5hDRhGvU8O3dTweo9PpsIifaZqI4xjj8Rjr9brgkJ2SHz9+VL6XnMf5fH7ydmg0Go1G8yfzbme8bm5uWFTEsiwsl8ujyiGHgCJE9K/KoXpLPfvIsoxFvCg69/j4iCzLsFgs2H2maWK1WgGA4HjK1Ot1ACgc5g+CAFmWCX/s1PM8NBoNFkl8DwzDKDjLYRjCdV3lvbZtYzKZvFt7NBqNRqP5E3k3x4u2BB8fH3F3d8eiNYceEDcMg53Xoi1BckAo8kKH699ST1nd9O1M0zRZxKvRaAjX6awZ8Ops0fYlbTmq6HQ6cF0XzWaTtTdJElxdXbHtR9M00el0cHl5iVqthmazCdd1C9uhp4LfqqX6x+Ox8t5Wq4U0TZljzT/3Ff+MiEaj0Wg0X4FaXjGPjE45873R+tNoNBqN5v2oOs/qv1yv0Wg0Go1G80Fox0uj0Wg0Go3mg9COl0aj0Wg0Gs0HoR0vjUaj0Wg0mg9CO14ajUaj0Wg0H8T/O+TmtySk1nw+Wn8ajUaj0XwuBzle+s8RfF/0n5PQaDQajeb9qBrc0FuNGo1Go9FoNB+Edrw0n4bjOELKJPor+JrdWJb1oQnKP7o+jUaj+ZM5ueNFaWMoBU6WZcK1XROr4zjKzy3LguM4wjW53LKJQfWs53nsuSAICtd2pb6xLEt4P544jr9typyPdnqyLMNmsxFybs7nc9zc3LDPZf0mSSJck/XKo9J72fWqtlSr1eB5nnDNcZyCvfDXymyF2nKoLSVJAsuyYBjG0Q5REASF9yjjo+vbRRzHB5fDy/jYNlStl/SeJEnBVvnn+TaVjZMqO6R79o1LJG+5PNoGUdUjt7fKlkmVsd2yrILs+LbRu5C9q/o2f39Z/9tHEASCfFTvS+2RZUd9M0kS1i56nuYPqoP/Xa5Dnmv4ezV/Fyd1vCzLQhRFyPMceZ6zSdU0TXZts9mUPtvr9QrXa7UaRqNR4bppmliv16xcVf5C1bNJkmC5XLLnBoMBsizDeDxm1/I8h2mauLi4EJ6N4xij0Qh5niOKokJ7h8OhMqm0psjj4yNzsojVasXyb5bp17Ztdu3u7k5ZdpnNHGtLNMFEUSRcp0kjz3OkaYputwsAuLu7E2wJKCZ1P9aWHh4elP3kEPr9fmkOzs+u79RsNhumh+VyqXSAj0WO2AJAmqZM17ytynWnabpznIyiCKZpCs7XfD6H67pCIntqx83NDXt2tVrh9vaWleO6rmCLAAT7VPUt3/crOTR8my3LEpzCJEnQbrcRhqFwjR9/7+/v2Wd8O6lvB0GALMvYdd6OkiSplLc2yzIMBgNWxna7RaPREGRC/+90OgDA5rH1el1q/6ZpYjAYKD+L4xjNZlOQ82q1YnMNn99X8/dxMseLVsZkuIey2WwKjg7w2iHOzs6Ea3Ecw3XdwmRW5dnZbCZM+K7r4vHxsVA+rfJ5Op0Oez+5rUEQKCf17watIGn1SnoFfjsg9C9B1xzHEVaWNAjTyo9nOp2yROpU9mazgWEYlfVbhkrvZder1GUYhvKLCdPplA3KhmHAtu3CRBwEgdKBOtaWJpOJsp/wEQM+8iCv3oMgECI4nucpdbavPv6ZsuiEqj7ZRlSOEEUOyqIc8nWyPT7SuA+KENFzVSN5nufB8zw4joPFYoFms7kz8kq02208Pz9XqgN4tQ/XdTGfz9m1yWSC8XiMxWLBriVJgs1mg36/z67d3d1Vckh20e/3Ydv2wdF7vn/NZjNcX18r+wWxzyGnd1bR6/WOcugPeabRaCBNU+VnlmXBdV1l5Go4HGK9XgvXTqEXzZ/ByRyv5+dnLBYLZag6TdM3h/t5np6eEIZhpe1LFfV6nf3//PwcT09PwufT6RTD4XBnGfP5HO12G8DrwD+ZTI52Or8KaZqi1+sJq9dGo4F2u40gCPDr1y9EUQTDMOD7Ppu0fd9nA8p2u2UrRZIhrS6JfduMu/TL29gpQvVvtSV+ojEMozC5TiYT3N7e7iyjqi3x2348WZah2+2ylXW73YbneUJ0IU1T2LYtTNB8G2Wd7aovSRL2DOmVtm+q1LdarVg0ZpeDSeWHYcgcozAMWbSIv75YLDAcDpHneWEyJIes3W6j0WjA8zwWIRoOh8yR2XfcgMocj8e4u7uDbdtYr9elkVeeMAwFB9Y0zb32dnl5ie12y2RO97quy9r1/PzMbOcQqmzXt1qtwtgow4/tcp8OwxCNRgO9Xg+z2QwA2HiicvL5fkifpWnKZMVfD4KgEDEvg8arY8aMOI5h23bp57e3t8qoFx/53Idqy1O19azPv/45nHSrkQ8V0+BH0QJ+ED1FuN/3/dIQ91ugFeSuTkOha1o5eZ5XCP9/R0zTZBM+P+jS4JJlGfu83+8jDENMJhNhcr2+vgbwe2tNFUngnSxiMpmwbUZArV9+eyBNU9amt/JetlQWOeU5xJZms5ly2+Px8VGIql1fXzO50GD98vJSus1Pzo+8ui+r7+HhQdBfr9djDkKV+si5u7i4KL2nLCrtuq6wNfby8gLg1XbJ5q6vr7FardjzhmEgTVMm4yzLWLS10WjANE0AKBw34LeewjDEdrs9KFrCLxLW67VgB+Q8lr2/DL/le319/ebxZt92fVX4rcabmxvhDBTZZKfTEbYbSc7D4VBwJvj5g1940DVaGNDiROXUl9Hv99l2X5WIaLfbRa1Ww3A43CkjwzBKo14Ef/5ONV7JNkfbv/K1qrai+fqczPE6OzsTjIpfrfG4rntQyF1FvV4Xyq6yMuPh791ut0IETN6KVGGapjBB0ZZDrVZDGIbodrt/5MFJVccvC8Pvgj/LBfw+2E8TUxX90tYeTbzH8lZb4m05yzIhAsZvRZZxiC0tl8uDoqo/fvxgk3+z2Tx4sv7o+j6bXREv13WxXC4Pcs
"deleted" : false ,
"disable_correlation" : false ,
"timestamp" : "1525356890" ,
"to_ids" : false ,
"type" : "attachment" ,
"uuid" : "5adf25d7-a76c-4b3f-8624-4f17950d210f" ,
"value" : "Sample C and Cs_0.png"
} ,
{
"category" : "Payload delivery" ,
"comment" : "" ,
"deleted" : false ,
"disable_correlation" : false ,
"timestamp" : "1525356890" ,
"to_ids" : false ,
"type" : "yara" ,
"uuid" : "5adf267b-04bc-42bd-8ac0-466d950d210f" ,
"value" : "rule Kwampirs\r\n{\r\n meta:\r\n copyright = \"Symantec\"\r\n family = \"Kwampirs\"\r\n description = \"Kwampirs dropper and main payload components\"\r\n \r\n strings: \r\n $pubkey =\r\n {\r\n 06 02 00 00 00 A4 00 00 52 53 41 31 00 08 00 00\r\n 01 00 01 00 CD 74 15 BC 47 7E 0A 5E E4 35 22 A5\r\n 97 0C 65 BE E0 33 22 F2 94 9D F5 40 97 3C 53 F9\r\n E4 7E DD 67 CF 5F 0A 5E F4 AD C9 CF 27 D3 E6 31\r\n 48 B8 00 32 1D BE 87 10 89 DA 8B 2F 21 B4 5D 0A\r\n CD 43 D7 B4 75 C9 19 FE CC 88 4A 7B E9 1D 8C 11\r\n 56 A6 A7 21 D8 C6 82 94 C1 66 11 08 E6 99 2C 33\r\n 02 E2 3A 50 EA 58 D2 A7 36 EE 5A D6 8F 5D 5D D2\r\n 9E 04 24 4A CE 4C B6 91 C0 7A C9 5C E7 5F 51 28\r\n 4C 72 E1 60 AB 76 73 30 66 18 BE EC F3 99 5E 4B\r\n 4F 59 F5 56 AD 65 75 2B 8F 14 0C 0D 27 97 12 71\r\n 6B 49 08 84 61 1D 03 BA A5 42 92 F9 13 33 57 D9\r\n 59 B3 E4 05 F9 12 23 08 B3 50 9A DA 6E 79 02 36\r\n EE CE 6D F3 7F 8B C9 BE 6A 7E BE 8F 85 B8 AA 82\r\n C6 1E 14 C6 1A 28 29 59 C2 22 71 44 52 05 E5 E6\r\n FE 58 80 6E D4 95 2D 57 CB 99 34 61 E9 E9 B3 3D\r\n 90 DC 6C 26 5D 70 B4 78 F9 5E C9 7D 59 10 61 DF\r\n F7 E4 0C B3\r\n }\r\n \r\n $network_xor_key =\r\n {\r\n B7 E9 F9 2D F8 3E 18 57 B9 18 2B 1F 5F D9 A5 38\r\n C8 E7 67 E9 C6 62 9C 50 4E 8D 00 A6 59 F8 72 E0\r\n 91 42 FF 18 A6 D1 81 F2 2B C8 29 EB B9 87 6F 58\r\n C2 C9 8E 75 3F 71 ED 07 D0 AC CE 28 A1 E7 B5 68\r\n CD CF F1 D8 2B 26 5C 31 1E BC 52 7C 23 6C 3E 6B\r\n 8A 24 61 0A 17 6C E2 BB 1D 11 3B 79 E0 29 75 02\r\n D9 25 31 5F 95 E7 28 28 26 2B 31 EC 4D B3 49 D9\r\n 62 F0 3E D4 89 E4 CC F8 02 41 CC 25 15 6E 63 1B\r\n 10 3B 60 32 1C 0D 5B FA 52 DA 39 DF D1 42 1E 3E\r\n BD BC 17 A5 96 D9 43 73 3C 09 7F D2 C6 D4 29 83\r\n 3E 44 44 6C 97 85 9E 7B F0 EE 32 C3 11 41 A3 6B\r\n A9 27 F4 A3 FB 2B 27 2B B6 A6 AF 6B 39 63 2D 91\r\n 75 AE 83 2E 1E F8 5F B5 65 ED B3 40 EA 2A 36 2C\r\n A6 CF 8E 4A 4A 3E 10 6C 9D 28 49 66 35 83 30 E7\r\n 45 0E 05 ED 69 8D CF C5 40 50 B1 AA 13 74 33 0F\r\n DF 41 82 3B 1A 79 DC 3B 9D C3 BD EA B1 3E 04 33\r\n }\r\n \r\n $decrypt_string =\r\n {\r\n 85 DB 75 09 85 F6 74 05 89 1E B0 01 C3 85 FF 74\r\n 4F F6 C3 01 75 4A 85 F6 74 46 8B C3 D1 E8 33 C9\r\n 40 BA 02 00 00 00 F7 E2 0F 90 C1 F7 D9 0B C8 51\r\n E8 12 28 00 00 89 06 8B C8 83 C4 04 33 C0 85 DB\r\n 74 16 8B D0 83 E2 0F 8A 92 1C 33 02 10 32 14 38\r\n 40 88 11 41 3B C3 72 EA 66 C7 01 00 00 B0 01 C3\r\n 32 C0 C3\r\n }\r\n \r\n $init_strings =\r\n {\r\n 55 8B EC 83 EC 10 33 C9 B8 0D 00 00 00 BA 02 00\r\n 00 00 F7 E2 0F 90 C1 53 56 57 F7 D9 0B C8 51 E8\r\n B3 27 00 00 BF 05 00 00 00 8D 77 FE BB 4A 35 02\r\n 10 2B DE 89 5D F4 BA 48 35 02 10 4A BB 4C 35 02\r\n 10 83 C4 04 2B DF A3 C8 FC 03 10 C7 45 FC 00 00\r\n 00 00 8D 4F FC 89 55 F8 89 5D F0 EB 06\r\n }\r\n \r\n condition:\r\n 2 of them\r\n}"
} ,
{
"category" : "External analysis" ,
"comment" : "Sample configuration file names" ,
"data" : " i V B O R w 0 K G g o A A A A N S U h E U g A A A i 4 A A A C a C A Y A A A C O j s O V A A A g A E l E Q V R 4 n O 2 d T 4 g j y Z X / v / p 5 F j z g H e a y 8 K O o b U S m b r + L Y d c a U 5 v S Q Q d J V 0 M d J J 10 M A U p M J 4 f L q S D N f g w M i Z F g W 8 S d P s g s G n p U O C r l A c Z p K Q M 8 n E M v 4 O V 6 a J 3 a J Z l 1 o b d 9 c z s 7 j D x O 5 R f d E Q q M 5 W q U v 3 r e h 8 o u p W K j I h 88 S L i x Y t Q v o w Q Q o B h G I Z h G O Y R 8 L / u u w I M w z A M w z B p Y c O F Y R i G Y Z h H A x s u D M M w D M M 8 G t h w Y R i G Y R j m 0 c C G C 8 M w D M M w j w Y 2 X B i G Y R i G e T S 8 k z Z h J p O 5 z X o w D M M w D M N I 4 t 7 W k t p w S c q E Y d 5 W M p k M 6 z 3 D M M w d k + Q s 4 a 0 i h m E Y h m E e D Y / S c K l W q 8 j l c v d d D Y a 5 U 4 I g Q C a T Q b / f 3 + m + X C 6 H a r V 6 S 7 V i G I a 5 W x 684 Z L L 5 Z D J Z O T f Z D L R v m + 1 W n d q x O R y O b R a r T s r j 3 n Y k D G h / u 1 q W D A M w z D p 2 e m M y 33 g + z 5 s 28 Z g M J D X a r X a n Z V P K 9 X p d H p n Z T K P h 9 e v X w M A x u M x a r U a P M 9 D o V A A A L T b 7 b 2 W Z R h G q v M 2 / X 4 f n U 5 H p l 2 v 13 u t B 8 M w z H 3 y 4 D 0 u U S R 5 W Z K 8 M 6 q r P Z y m 1 W p p 9 w Z B g F a r h d l s h t l s J q + p + W Q y G f a + M B q W Z c G 2 b X Q 6 H X k t S i d V f S M P z W Q y 0 d J 5 n i d 1 j P S P 0 s f p 8 m Q y k W X T t W q 1 q m 0 V q f U h / e 33 + z I d f c c w D P M Q e Z S G S x z V a h W 2 b U M I A c d x U K / X I 9 P N 53 M I I V C p V N D t d g E A p 6 e n E E J A C A H T N H F 2 d o b B Y I B K p Y J K p Q I h B A z D A H C 1 g q U y h s P h n T 0 f 8 z j I Z r M A r g z c K J 0 M g g D D 4 R D L 5 R J C C L T b b Q R B g H q 9 j v F 4 D C E E F o u F l q e q f y p h X a 7 V a n A c R 94 T 9 k 5 W q 1 W p z 8 v l E s P h U B p T s 9 k M 3 W 4 X v u 8 D w I b h z z A M 8 x B 4 F I b L c D j U P C F x z G Y z m Z Z W n V H p m 80 m A K B U K s H 3 f Q R B g P P z c 1 k G D d x x l M t l A M C z Z 89 i y 2 A Y I F o n i U K h I L 0 t q 9 U K A J D P 5 w F A 2 x p t N B q x + U f p 8 r b 6 l E o l A F f e I Q B 49 e q V / N 6 y L G k g q d c Z h m E e C o / C c K E V a 9 y q U 8 V x H J k 2 T X o A + O d //md0Oh252jVNc19VZ54gl5eXME1T6l6UTgoh5JYS/+KHYRgmPY/CcEmLaZqYz+db041GIwBXbnbTNPH3f//38rsgCLZ6XBgmDs/zMBwOcXJyAiBaJ4MgQL/fx2AwgG3bAIDDw0MAbzwvac9OhXV5m6Gu1sfzPADA0dFRqrIYhmEeAg/+V0W74LouTNOUBwsrlUrsr4EozXK5hGEYsG1bnolRPS7NZhP1ej3VFhLz9Dg4OAAA1Ot1qT+O48hfFMXp5Hw+l1tHy+USlmXJMzB01iUtqi4DwPHxMTqdDjKZzEY+4fo4jgPLsnBxcXFdETAMw9wpGZHyfeZvw6vPgyCAaZryp6sMs42HqvesywzDvM0kjb1v1VYRwzAMwzBvN0/K48Iwu8J6zzAMc/ewx4VhGIZhmLcCNlwYhmEYhnk0sOHCMAzDMMyjYaefQ3P8EuYpwnrPMAzzcNjJcOFDisxTgw/nMgzD3D1JC0beKmIYhmEY5tHAhsstksvlbhyAcR95MAzDMMzbwt4MlyAIZHRlioECANVqFZ7nye9VcrmcjI4LXMVOoYBzlJbuU2O3TCYT+bnf78tyM5nMRsA6tV7h78PRpqvVqlZOEATI5XIArmLHUB6TyUS7puapPsPJyQnOz8+1+lSrVXl/ElTWBx98sJFHGtS6p0nTarW0trgO1NZRqG0QZYhNJhMtDdWFrqsya7Va8nO1WtXuiyv/NlHLJ73N5XKyLg/1jIxax9tA7Qv70K8wUf0PuHquKJmHdYnShfu1mnfUd8RN27Xf7+9dJlGofeu+SBob9pF+V9KMj+o8sw9ucxG6L11S+2wa4uR42wvuvRku5+fnGI/HWC6XePnyJYCrhi+VSrAsC4ZhoFKpaMro+74WgO7i4gKlUmkjb9M0MRwOYwWhRt8FIAVPr0VfLpfa96SMtm3LoHYAsF6v4bqu/LxarVAul+F5HlzXlXksFgsAkNeoLOAqthHFRzo+Psbz58+1uk6n062vaPc8T0bE/vjjjzfyuA0Gg4GMr7Nv+v2+bAPHcXB2dhaZTo0C3ul0pExN00S3243NX21fy7Ju5Rm2oUZ/Bq506b7qkmZQBu62jtv06zoDHfW/qHhklUplw9gYjUaoVCraNd/3IYSA7/uo1+vaPRQtXgjxqMMqLBYL2UcY5m1g71tFFHQuCAKMRiNtsCqVSjKYG03Os9lMfj+fz2Mj1SZNeCrT6RSz2QxBEOD8/By2bWuD82AwwHA4BAAUi0VphKiDPQ2gi8UCxWJxo4zBYKB9poi8rVZLRutVr6sDsuotII+T6onwPA+FQgHD4RCZTCYyD7Ku1dUgeR6irOXJZKI9G92nylO12FUvhrpipnp7nqdNjNVqVdbv5cuXG6vUdrst2+Dy8hLZbHajjmEqlQpev34NACiXy8jlcqk8VQ+FuBWj2m5RK6Swh5DkGuVVCutBv9+Xxrrv+7INwt4sylOtYy6X07wMUfUNyz/s7UxC1a9wnrlcDr7vwzTNyBWuqo+UB90T5w1pNptaX6TnjIuebRgGxuOxdk8aomSmenLU51GvE5eXl5H6EOXh9TwvMl9CbWfVkzocDlEoFCLvUetEehE1LhFReqjmobYFtVvYiI7rA3Hp1fvSjHuqnFRZx4196thGzxhFlKyS+od6T3hcVu/bZYwlz2VSmfQMUeNFlFxUeZHTIemZ4+QY5uzsTKsDtZcqg+t6ifZmuBwfH6Ner8M0TTQaDZTL5Y0J/ujoSHpYLi4uUCwWNS9M0gqw3W4nel1UaNK7vLzcMDwMw4BpmgiCAPl8XnpYVqsVSqUSyuWy9MK4rotarQbLslAulzcUha4FQSDvCdc/artI5fLyUvNEWJaF8XgsvQ9xeXQ6HQghsFwuUa/X0Ww2IYTAer3WJkzP89DtdrFer2WdafUVZ0BMp1PNe+B5nmbkXVxcaCvk9XqtTQhUL9VLoir/Ns9OEASYzWbSCAaAbrcb63UpFAqJ21B3QXjCiMLzPNneQgjM5/ON+rZaLW2lbxgGqtWqvLZcLlEoFGR60gPf99HpdGAYhjQCyFNQq9VkfuPxOHKw8X0f2WwWQgjYti0HFMo/yuvQbrfld47jpB6Ewnmu12tpbIXHjH6/D8MwNE+c53lSn+O8Ifl8Huv1WjOom81mYr3oHoKiwifpVZTM1uu1rK/rugiCAJPJBOVyWetXADAcDrX2A64MEMpXCCH1vtfryb4bllMQBKjX6/KecrmMVquFwWCASqWC5XK5cQ8ttKh81bAJj0uUXvVuW5aFVquFk5MTzWsVBIHWbq7rygVqXB+ISx8mzbhXKBSkJ81xHDlZphn74oiTVVL/UGXT7Xbh+76UwfPnzzVd6Pf7qcdYujc8xhJx40Vcf1XlleaZ08qRdHg8HqPX66FWq6V2VGxjb4aLOrhcXFyg1+tJi4sUx7IsWfH5fI58Pi+9MJ7noVwuJ5aR1uuyS52Bq06/WCxwdHQklSfsbh8MBlIB6Tpdm06n6Ha7OD093bByo7aLVE5PTwFcGXVxg2NUHo7jALjycJmmKTtNuVzGp59+CuBqMmo2m9pg7Pu+NK6Oj48jy1NXbtRetVpNeqouLy/RbDaxWq3kgEw0Gg0Abww4eibSjVKpFLuHSl4m2t5TjSHLsmK9LupWUdyK+rah8lVZh7m4uJDPSLJVtyoBYDabbQyA6jXLsqThDbzRA9Ugj4LKrNfrsfUjg7JYLOLy8hLA1SIgzhhTV1406aYhKc8w8/lc6hRwtZ1I+r0N1eAfDoc7bfdQ36ZBPu6sQ5TM1JUtTVb5fB7D4XDDuItqv8VigU6no+XheR5KpRIKhUJkG69WK9i2LT83Go2tRrzrutLoN01Tm1SixiXXdTfGDPUaHQcILxrpOhDfB+LSh9k27nmeh0qlIseB4+Nj2SfTjH27ympb/6CJmfotyeDk5ESmazabuLy8TD3G9no9mSfpl0rceBHVX8lDS/
"deleted" : false ,
"disable_correlation" : false ,
"timestamp" : "1525356891" ,
"to_ids" : false ,
"type" : "attachment" ,
"uuid" : "5ae03296-6130-4be2-9966-43eb950d210f" ,
"value" : "Sample configs.png"
} ,
{
"category" : "Network activity" ,
"comment" : "C&C" ,
"deleted" : false ,
"disable_correlation" : false ,
"timestamp" : "1525356891" ,
"to_ids" : true ,
"type" : "ip-dst" ,
"uuid" : "5ae98af5-3404-4d83-9ee8-4364950d210f" ,
"value" : "65.116.107.24"
} ,
{
"category" : "Network activity" ,
"comment" : "C&C" ,
"deleted" : false ,
"disable_correlation" : false ,
"timestamp" : "1525356892" ,
"to_ids" : true ,
"type" : "url" ,
"uuid" : "5ae98af6-95bc-4353-b9ff-438b950d210f" ,
"value" : "http://65.116.107.24/login/login.php?q=kt[REDACTED_BASE64_STRING]=="
} ,
{
"category" : "Network activity" ,
"comment" : "C&C" ,
"deleted" : false ,
"disable_correlation" : false ,
"timestamp" : "1525356892" ,
"to_ids" : true ,
"type" : "ip-dst" ,
"uuid" : "5ae98af7-2790-4cae-86a1-4904950d210f" ,
"value" : "13.44.61.126"
} ,
{
"category" : "Network activity" ,
"comment" : "C&C" ,
"deleted" : false ,
"disable_correlation" : false ,
"timestamp" : "1525356892" ,
"to_ids" : true ,
"type" : "url" ,
"uuid" : "5ae98af7-0880-4da7-9150-4772950d210f" ,
"value" : "http://13.44.61.126/main/indexmain.php?q=KT[REDACTED_BASE64_STRING]=="
} ,
{
"category" : "Network activity" ,
"comment" : "C&C" ,
"deleted" : false ,
"disable_correlation" : false ,
"timestamp" : "1525356893" ,
"to_ids" : true ,
"type" : "ip-dst" ,
"uuid" : "5ae98af8-81f0-48d9-9e4e-4f1f950d210f" ,
"value" : "56.28.111.63"
} ,
{
"category" : "Network activity" ,
"comment" : "C&C" ,
"deleted" : false ,
"disable_correlation" : false ,
"timestamp" : "1525356893" ,
"to_ids" : true ,
"type" : "url" ,
"uuid" : "5ae98af8-611c-4d06-88c3-4c1e950d210f" ,
"value" : "http://56.28.111.63/group/group/defaultmain.php?q=kt[REDACTED_BASE64_STRING]=="
} ,
{
"category" : "Network activity" ,
"comment" : "C&C" ,
"deleted" : false ,
"disable_correlation" : false ,
"timestamp" : "1525356894" ,
"to_ids" : true ,
"type" : "ip-dst" ,
"uuid" : "5ae98af9-6c78-41f3-89ae-4e7e950d210f" ,
"value" : "118.71.138.69"
} ,
{
"category" : "Network activity" ,
"comment" : "C&C" ,
"deleted" : false ,
"disable_correlation" : false ,
"timestamp" : "1525356894" ,
"to_ids" : true ,
"type" : "url" ,
"uuid" : "5ae98af9-e05c-492c-8038-42a2950d210f" ,
"value" : "http://118.71.138.69/new/main/default.php?q=KT[REDACTED_BASE64_STRING]=="
} ,
{
"category" : "Network activity" ,
"comment" : "C&C" ,
"deleted" : false ,
"disable_correlation" : false ,
"timestamp" : "1525356894" ,
"to_ids" : true ,
"type" : "ip-dst" ,
"uuid" : "5ae98afa-0e4c-4b25-a753-4827950d210f" ,
"value" : "117.32.65.101"
} ,
{
"category" : "Network activity" ,
"comment" : "C&C" ,
"deleted" : false ,
"disable_correlation" : false ,
"timestamp" : "1525356895" ,
"to_ids" : true ,
"type" : "url" ,
"uuid" : "5ae98afa-ce94-4831-bab9-4174950d210f" ,
"value" : "http://117.32.65.101/users/login.php?q=kt[REDACTED_BASE64_STRING]=="
} ,
{
"category" : "Network activity" ,
"comment" : "C&C" ,
"deleted" : false ,
"disable_correlation" : false ,
"timestamp" : "1525356895" ,
"to_ids" : true ,
"type" : "ip-dst" ,
"uuid" : "5ae98afa-ec3c-4db6-9cc9-408e950d210f" ,
"value" : "18.25.62.70"
} ,
{
"category" : "Network activity" ,
"comment" : "C&C" ,
"deleted" : false ,
"disable_correlation" : false ,
"timestamp" : "1525356896" ,
"to_ids" : true ,
"type" : "url" ,
"uuid" : "5ae98afb-1af0-4200-894e-4285950d210f" ,
"value" : "http://18.25.62.70/groupgroup/default.php?q=kt[REDACTED_BASE64_STRING]=="
} ,
{
"category" : "Network activity" ,
"comment" : "C&C" ,
"deleted" : false ,
"disable_correlation" : false ,
"timestamp" : "1525356896" ,
"to_ids" : true ,
"type" : "ip-dst" ,
"uuid" : "5ae98afb-fcf4-447f-a52a-4b26950d210f" ,
"value" : "92.137.43.17"
} ,
{
"category" : "Network activity" ,
"comment" : "C&C" ,
"deleted" : false ,
"disable_correlation" : false ,
"timestamp" : "1525356896" ,
"to_ids" : true ,
"type" : "url" ,
"uuid" : "5ae98afc-a388-4113-b9ff-49b3950d210f" ,
"value" : "http://92.137.43.17/group/group/home/login/home.php?q=KT[REDACTED_BASE64_STRING]=="
} ,
{
"category" : "Network activity" ,
"comment" : "C&C" ,
"deleted" : false ,
"disable_correlation" : false ,
"timestamp" : "1525356897" ,
"to_ids" : true ,
"type" : "ip-dst" ,
"uuid" : "5ae98afc-70a4-4c42-9700-4457950d210f" ,
"value" : "33.25.72.21"
} ,
{
"category" : "Network activity" ,
"comment" : "C&C" ,
"deleted" : false ,
"disable_correlation" : false ,
"timestamp" : "1525356897" ,
"to_ids" : true ,
"type" : "url" ,
"uuid" : "5ae98afd-cf80-4192-a5f5-4505950d210f" ,
"value" : "http://33.25.72.21/group/main.asp?q=KT[REDACTED_BASE64_STRING]=="
} ,
{
"category" : "Network activity" ,
"comment" : "C&C" ,
"deleted" : false ,
"disable_correlation" : false ,
"timestamp" : "1525356898" ,
"to_ids" : true ,
"type" : "ip-dst" ,
"uuid" : "5ae98afd-f244-44dc-a659-429a950d210f" ,
"value" : "16.48.37.37"
} ,
{
"category" : "Network activity" ,
"comment" : "C&C" ,
"deleted" : false ,
"disable_correlation" : false ,
"timestamp" : "1525356898" ,
"to_ids" : true ,
"type" : "url" ,
"uuid" : "5ae98afd-bc18-4a29-986f-408a950d210f" ,
"value" : "http://16.48.37.37/groupusers/default.php?q=kt[REDACTED_BASE64_STRING]=="
} ,
{
"category" : "Network activity" ,
"comment" : "C&C" ,
"deleted" : false ,
"disable_correlation" : false ,
"timestamp" : "1525356899" ,
"to_ids" : true ,
"type" : "ip-dst" ,
"uuid" : "5ae98afe-c690-48d6-8b66-45b0950d210f" ,
"value" : "91.29.51.11"
} ,
{
"category" : "Network activity" ,
"comment" : "C&C" ,
"deleted" : false ,
"disable_correlation" : false ,
"timestamp" : "1525356899" ,
"to_ids" : true ,
"type" : "url" ,
"uuid" : "5ae98afe-c06c-4303-b6aa-4baf950d210f" ,
"value" : "http://91.29.51.11/default/main.php?q=KT[REDACTED_BASE64_STRING]=="
} ,
{
"category" : "Payload delivery" ,
"comment" : "File contains a list of MD5 hashes of encoded modules downloaded by Trojan.Kwampirs" ,
"deleted" : false ,
"disable_correlation" : false ,
"timestamp" : "1525356899" ,
"to_ids" : true ,
"type" : "filename" ,
"uuid" : "5ae98b53-0b28-4c9e-95dd-4490950d210f" ,
"value" : "%WINDOWS&\\inf\\mkdiawb3.PNF"
} ,
{
"category" : "Payload delivery" ,
"comment" : "Last modified timestamp is used to vcontrol frequency in which Trojan.Kwampirs attempts to communicate with the C&C infrastructure" ,
"deleted" : false ,
"disable_correlation" : false ,
"timestamp" : "1525356900" ,
"to_ids" : true ,
"type" : "filename" ,
"uuid" : "5ae98b54-a0bc-44b9-9635-4bfd950d210f" ,
"value" : "%WINDOWS&\\inf\\mtmndkb32.PNF"
} ,
{
"category" : "Payload delivery" ,
"comment" : "Contains encrypted system information (e.g. MAC address)" ,
"deleted" : false ,
"disable_correlation" : false ,
"timestamp" : "1525356900" ,
"to_ids" : true ,
"type" : "filename" ,
"uuid" : "5ae98b54-3a80-40fd-8cc0-471c950d210f" ,
"value" : "%WINDOWS&\\inf\\digirps.PNF"
} ,
{
"category" : "Payload delivery" ,
"comment" : "Used to determine read/write permissions on remote machine" ,
"deleted" : false ,
"disable_correlation" : false ,
"timestamp" : "1525356901" ,
"to_ids" : true ,
"type" : "filename" ,
"uuid" : "5ae98b55-b92c-4bee-8389-4ade950d210f" ,
"value" : "%WINDOWS&\\inf\\e11.PNF"
}
] ,
"Object" : [
{
"comment" : "Sample payload DLL " ,
"deleted" : false ,
"description" : "File object describing a file with meta-information" ,
"meta-category" : "file" ,
"name" : "file" ,
"template_uuid" : "688c46fb-5edb-40a3-8273-1af7923e2215" ,
"template_version" : "11" ,
"timestamp" : "1525255147" ,
"uuid" : "5ae98bc6-4174-4cc1-b7ea-463d950d210f" ,
"Attribute" : [
{
"category" : "Payload delivery" ,
"comment" : "" ,
"deleted" : false ,
"disable_correlation" : false ,
"object_relation" : "md5" ,
"timestamp" : "1525255147" ,
"to_ids" : true ,
"type" : "md5" ,
"uuid" : "5ae98bc6-72a0-4c55-8b56-45f0950d210f" ,
"value" : "ec968325394f3e6821bf90fda321e09b"
} ,
{
"category" : "Payload delivery" ,
"comment" : "" ,
"deleted" : false ,
"disable_correlation" : true ,
"object_relation" : "filename" ,
"timestamp" : "1525255147" ,
"to_ids" : true ,
"type" : "filename" ,
"uuid" : "5ae98bc7-7898-409a-a8b6-4a44950d210f" ,
"value" : "%WINDOWS&\\system32\\WMIAMGMT.DLL"
} ,
{
"category" : "Other" ,
"comment" : "" ,
"deleted" : false ,
"disable_correlation" : true ,
"object_relation" : "state" ,
"timestamp" : "1525255147" ,
"to_ids" : false ,
"type" : "text" ,
"uuid" : "5ae98bc7-9730-494b-ac48-4b2f950d210f" ,
"value" : "Malicious"
}
]
} ,
{
"comment" : "Sample payload DLL " ,
"deleted" : false ,
"description" : "File object describing a file with meta-information" ,
"meta-category" : "file" ,
"name" : "file" ,
"template_uuid" : "688c46fb-5edb-40a3-8273-1af7923e2215" ,
"template_version" : "11" ,
"timestamp" : "1525255259" ,
"uuid" : "5ae98c5b-b9bc-4412-8524-41d7950d210f" ,
"Attribute" : [
{
"category" : "Payload delivery" ,
"comment" : "" ,
"deleted" : false ,
"disable_correlation" : false ,
"object_relation" : "md5" ,
"timestamp" : "1525255259" ,
"to_ids" : true ,
"type" : "md5" ,
"uuid" : "5ae98c5b-9a08-4486-857d-4e85950d210f" ,
"value" : "01cf05a07af57a7aafd0ad225a6fd300"
} ,
{
"category" : "Payload delivery" ,
"comment" : "" ,
"deleted" : false ,
"disable_correlation" : true ,
"object_relation" : "filename" ,
"timestamp" : "1525255260" ,
"to_ids" : true ,
"type" : "filename" ,
"uuid" : "5ae98c5c-e400-460f-aa60-4162950d210f" ,
"value" : "%WINDOWS&\\system32\\WMIASSN.DLL"
} ,
{
"category" : "Other" ,
"comment" : "" ,
"deleted" : false ,
"disable_correlation" : true ,
"object_relation" : "state" ,
"timestamp" : "1525255260" ,
"to_ids" : false ,
"type" : "text" ,
"uuid" : "5ae98c5c-9a48-41dd-a4f7-45d8950d210f" ,
"value" : "Malicious"
}
]
} ,
{
"comment" : "Sample payload DLL " ,
"deleted" : false ,
"description" : "File object describing a file with meta-information" ,
"meta-category" : "file" ,
"name" : "file" ,
"template_uuid" : "688c46fb-5edb-40a3-8273-1af7923e2215" ,
"template_version" : "11" ,
"timestamp" : "1525255282" ,
"uuid" : "5ae98c72-cc64-40f2-936c-4fe2950d210f" ,
"Attribute" : [
{
"category" : "Payload delivery" ,
"comment" : "" ,
"deleted" : false ,
"disable_correlation" : false ,
"object_relation" : "md5" ,
"timestamp" : "1525255282" ,
"to_ids" : true ,
"type" : "md5" ,
"uuid" : "5ae98c72-f0b8-43e9-a63f-4a95950d210f" ,
"value" : "d57df638c7befd7897c9013e90b678f0"
} ,
{
"category" : "Payload delivery" ,
"comment" : "" ,
"deleted" : false ,
"disable_correlation" : true ,
"object_relation" : "filename" ,
"timestamp" : "1525255283" ,
"to_ids" : true ,
"type" : "filename" ,
"uuid" : "5ae98c73-788c-4cf0-a6c4-48b8950d210f" ,
"value" : "%WINDOWS&\\system32\\wmiamgmt.dll"
} ,
{
"category" : "Other" ,
"comment" : "" ,
"deleted" : false ,
"disable_correlation" : true ,
"object_relation" : "state" ,
"timestamp" : "1525255283" ,
"to_ids" : false ,
"type" : "text" ,
"uuid" : "5ae98c73-481c-4a2e-bf3c-4317950d210f" ,
"value" : "Malicious"
}
]
} ,
{
"comment" : "Sample payload DLL " ,
"deleted" : false ,
"description" : "File object describing a file with meta-information" ,
"meta-category" : "file" ,
"name" : "file" ,
"template_uuid" : "688c46fb-5edb-40a3-8273-1af7923e2215" ,
"template_version" : "11" ,
"timestamp" : "1525255609" ,
"uuid" : "5ae98db9-d4f4-4f99-977c-41cf950d210f" ,
"Attribute" : [
{
"category" : "Payload delivery" ,
"comment" : "" ,
"deleted" : false ,
"disable_correlation" : false ,
"object_relation" : "md5" ,
"timestamp" : "1525255609" ,
"to_ids" : true ,
"type" : "md5" ,
"uuid" : "5ae98db9-8e64-44bc-8947-46f2950d210f" ,
"value" : "5c3499acfe0ad7563b367fbf7fb2928c"
} ,
{
"category" : "Payload delivery" ,
"comment" : "" ,
"deleted" : false ,
"disable_correlation" : true ,
"object_relation" : "filename" ,
"timestamp" : "1525255610" ,
"to_ids" : true ,
"type" : "filename" ,
"uuid" : "5ae98dba-e5ec-4301-9470-4b40950d210f" ,
"value" : "%WINDOWS&\\syswow64\\wmipapd.dll"
} ,
{
"category" : "Other" ,
"comment" : "" ,
"deleted" : false ,
"disable_correlation" : true ,
"object_relation" : "state" ,
"timestamp" : "1525255610" ,
"to_ids" : false ,
"type" : "text" ,
"uuid" : "5ae98dba-30e4-43a5-8b66-480e950d210f" ,
"value" : "Malicious"
}
]
} ,
{
"comment" : "Sample payload DLL " ,
"deleted" : false ,
"description" : "File object describing a file with meta-information" ,
"meta-category" : "file" ,
"name" : "file" ,
"template_uuid" : "688c46fb-5edb-40a3-8273-1af7923e2215" ,
"template_version" : "11" ,
"timestamp" : "1525255633" ,
"uuid" : "5ae98dd1-b830-415a-8f6b-4624950d210f" ,
"Attribute" : [
{
"category" : "Payload delivery" ,
"comment" : "" ,
"deleted" : false ,
"disable_correlation" : false ,
"object_relation" : "md5" ,
"timestamp" : "1525255633" ,
"to_ids" : true ,
"type" : "md5" ,
"uuid" : "5ae98dd1-3d18-4a8d-9808-4cd0950d210f" ,
"value" : "4b91ec8f5d4a008dd1da723748a633b6"
} ,
{
"category" : "Payload delivery" ,
"comment" : "" ,
"deleted" : false ,
"disable_correlation" : true ,
"object_relation" : "filename" ,
"timestamp" : "1525255633" ,
"to_ids" : true ,
"type" : "filename" ,
"uuid" : "5ae98dd1-93e8-4c08-92e5-4bbb950d210f" ,
"value" : "%WINDOWS&\\system32\\wmipapd.dll"
} ,
{
"category" : "Other" ,
"comment" : "" ,
"deleted" : false ,
"disable_correlation" : true ,
"object_relation" : "state" ,
"timestamp" : "1525255633" ,
"to_ids" : false ,
"type" : "text" ,
"uuid" : "5ae98dd1-b5bc-41e1-84b3-42e4950d210f" ,
"value" : "Malicious"
}
]
} ,
{
"comment" : "Sample payload DLL " ,
"deleted" : false ,
"description" : "File object describing a file with meta-information" ,
"meta-category" : "file" ,
"name" : "file" ,
"template_uuid" : "688c46fb-5edb-40a3-8273-1af7923e2215" ,
"template_version" : "11" ,
"timestamp" : "1525255653" ,
"uuid" : "5ae98de5-f138-42ba-b319-4480950d210f" ,
"Attribute" : [
{
"category" : "Payload delivery" ,
"comment" : "" ,
"deleted" : false ,
"disable_correlation" : false ,
"object_relation" : "md5" ,
"timestamp" : "1525255653" ,
"to_ids" : true ,
"type" : "md5" ,
"uuid" : "5ae98de5-d240-42ef-8e82-4c19950d210f" ,
"value" : "134846465b8c3f136ace0f2a6f15e534"
} ,
{
"category" : "Payload delivery" ,
"comment" : "" ,
"deleted" : false ,
"disable_correlation" : true ,
"object_relation" : "filename" ,
"timestamp" : "1525255654" ,
"to_ids" : true ,
"type" : "filename" ,
"uuid" : "5ae98de6-9960-4865-9462-4155950d210f" ,
"value" : "%WINDOWS&\\system32\\wmiassn.dll"
} ,
{
"category" : "Other" ,
"comment" : "" ,
"deleted" : false ,
"disable_correlation" : true ,
"object_relation" : "state" ,
"timestamp" : "1525255654" ,
"to_ids" : false ,
"type" : "text" ,
"uuid" : "5ae98de6-7a10-4529-a012-491b950d210f" ,
"value" : "Malicious"
}
]
} ,
{
"comment" : "Sample payload DLL " ,
"deleted" : false ,
"description" : "File object describing a file with meta-information" ,
"meta-category" : "file" ,
"name" : "file" ,
"template_uuid" : "688c46fb-5edb-40a3-8273-1af7923e2215" ,
"template_version" : "11" ,
"timestamp" : "1525255762" ,
"uuid" : "5ae98e52-6884-4b46-8b3c-48e2950d210f" ,
"Attribute" : [
{
"category" : "Payload delivery" ,
"comment" : "" ,
"deleted" : false ,
"disable_correlation" : false ,
"object_relation" : "md5" ,
"timestamp" : "1525255762" ,
"to_ids" : true ,
"type" : "md5" ,
"uuid" : "5ae98e52-0818-4da4-88dc-4e2e950d210f" ,
"value" : "9d2cb9d8e73fd879660d9390ba7de263"
} ,
{
"category" : "Payload delivery" ,
"comment" : "" ,
"deleted" : false ,
"disable_correlation" : true ,
"object_relation" : "filename" ,
"timestamp" : "1525255763" ,
"to_ids" : true ,
"type" : "filename" ,
"uuid" : "5ae98e53-81b0-46c1-9abe-47b7950d210f" ,
"value" : "%WINDOWS&\\system32\\WMIPAPD.DLL"
} ,
{
"category" : "Other" ,
"comment" : "" ,
"deleted" : false ,
"disable_correlation" : true ,
"object_relation" : "state" ,
"timestamp" : "1525255763" ,
"to_ids" : false ,
"type" : "text" ,
"uuid" : "5ae98e53-54dc-4ed3-8ec0-4e22950d210f" ,
"value" : "Malicious"
}
]
} ,
{
"comment" : "Sample payload DLL " ,
"deleted" : false ,
"description" : "File object describing a file with meta-information" ,
"meta-category" : "file" ,
"name" : "file" ,
"template_uuid" : "688c46fb-5edb-40a3-8273-1af7923e2215" ,
"template_version" : "11" ,
"timestamp" : "1525255776" ,
"uuid" : "5ae98e60-3740-4354-bec4-46f1950d210f" ,
"Attribute" : [
{
"category" : "Payload delivery" ,
"comment" : "" ,
"deleted" : false ,
"disable_correlation" : false ,
"object_relation" : "md5" ,
"timestamp" : "1525255777" ,
"to_ids" : true ,
"type" : "md5" ,
"uuid" : "5ae98e61-97f0-4de8-bd1d-48c1950d210f" ,
"value" : "939e76888bdeb628405e1b8be963273c"
} ,
{
"category" : "Payload delivery" ,
"comment" : "" ,
"deleted" : false ,
"disable_correlation" : true ,
"object_relation" : "filename" ,
"timestamp" : "1525255777" ,
"to_ids" : true ,
"type" : "filename" ,
"uuid" : "5ae98e61-21e0-4549-ad3d-48f8950d210f" ,
"value" : "%WINDOWS&\\system32\\wmiadrv.dll"
} ,
{
"category" : "Other" ,
"comment" : "" ,
"deleted" : false ,
"disable_correlation" : true ,
"object_relation" : "state" ,
"timestamp" : "1525255777" ,
"to_ids" : false ,
"type" : "text" ,
"uuid" : "5ae98e61-dc54-448d-a509-4188950d210f" ,
"value" : "Malicious"
}
]
} ,
{
"comment" : "Sample payload DLL " ,
"deleted" : false ,
"description" : "File object describing a file with meta-information" ,
"meta-category" : "file" ,
"name" : "file" ,
"template_uuid" : "688c46fb-5edb-40a3-8273-1af7923e2215" ,
"template_version" : "11" ,
"timestamp" : "1525255798" ,
"uuid" : "5ae98e76-a45c-4f1c-9f80-43b1950d210f" ,
"Attribute" : [
{
"category" : "Payload delivery" ,
"comment" : "" ,
"deleted" : false ,
"disable_correlation" : false ,
"object_relation" : "md5" ,
"timestamp" : "1525255798" ,
"to_ids" : true ,
"type" : "md5" ,
"uuid" : "5ae98e76-03dc-4d38-abd3-438e950d210f" ,
"value" : "de9b01a725d4f19da1c1470cf7a948ee"
} ,
{
"category" : "Payload delivery" ,
"comment" : "" ,
"deleted" : false ,
"disable_correlation" : true ,
"object_relation" : "filename" ,
"timestamp" : "1525255798" ,
"to_ids" : true ,
"type" : "filename" ,
"uuid" : "5ae98e76-5ea0-4776-a876-4b1c950d210f" ,
"value" : "%WINDOWS&\\system32\\wmipdpa.dll"
} ,
{
"category" : "Other" ,
"comment" : "" ,
"deleted" : false ,
"disable_correlation" : true ,
"object_relation" : "state" ,
"timestamp" : "1525255798" ,
"to_ids" : false ,
"type" : "text" ,
"uuid" : "5ae98e76-efc8-48ec-87c1-4f14950d210f" ,
"value" : "Malicious"
}
]
} ,
{
"comment" : "Sample payload DLL " ,
"deleted" : false ,
"description" : "File object describing a file with meta-information" ,
"meta-category" : "file" ,
"name" : "file" ,
"template_uuid" : "688c46fb-5edb-40a3-8273-1af7923e2215" ,
"template_version" : "11" ,
"timestamp" : "1525255819" ,
"uuid" : "5ae98e8b-8fe0-4d0a-ae73-475d950d210f" ,
"Attribute" : [
{
"category" : "Payload delivery" ,
"comment" : "" ,
"deleted" : false ,
"disable_correlation" : false ,
"object_relation" : "md5" ,
"timestamp" : "1525255819" ,
"to_ids" : true ,
"type" : "md5" ,
"uuid" : "5ae98e8b-0550-4f7a-9a78-4044950d210f" ,
"value" : "bb939a868021db963916cc0118aab8ee"
} ,
{
"category" : "Payload delivery" ,
"comment" : "" ,
"deleted" : false ,
"disable_correlation" : true ,
"object_relation" : "filename" ,
"timestamp" : "1525255820" ,
"to_ids" : true ,
"type" : "filename" ,
"uuid" : "5ae98e8c-7b10-4043-80ad-4559950d210f" ,
"value" : "%WINDOWS&\\system32\\wmipapd.dll"
} ,
{
"category" : "Other" ,
"comment" : "" ,
"deleted" : false ,
"disable_correlation" : true ,
"object_relation" : "state" ,
"timestamp" : "1525255820" ,
"to_ids" : false ,
"type" : "text" ,
"uuid" : "5ae98e8c-9fe8-4295-927d-4375950d210f" ,
"value" : "Malicious"
}
]
} ,
{
"comment" : "Sample payload DLL " ,
"deleted" : false ,
"description" : "File object describing a file with meta-information" ,
"meta-category" : "file" ,
"name" : "file" ,
"template_uuid" : "688c46fb-5edb-40a3-8273-1af7923e2215" ,
"template_version" : "11" ,
"timestamp" : "1525256905" ,
"uuid" : "5ae992c9-0f9c-4f49-8336-4944950d210f" ,
"Attribute" : [
{
"category" : "Payload delivery" ,
"comment" : "" ,
"deleted" : false ,
"disable_correlation" : false ,
"object_relation" : "md5" ,
"timestamp" : "1525256906" ,
"to_ids" : true ,
"type" : "md5" ,
"uuid" : "5ae992ca-c27c-4ca7-9113-4678950d210f" ,
"value" : "3289c9a1b534a19925a14a8f7c39187c"
} ,
{
"category" : "Payload delivery" ,
"comment" : "" ,
"deleted" : false ,
"disable_correlation" : true ,
"object_relation" : "filename" ,
"timestamp" : "1525256906" ,
"to_ids" : true ,
"type" : "filename" ,
"uuid" : "5ae992ca-0cc4-4e49-bdb1-43e4950d210f" ,
"value" : "%WINDOWS&\\system32\\wmiadrv.dll"
} ,
{
"category" : "Other" ,
"comment" : "" ,
"deleted" : false ,
"disable_correlation" : true ,
"object_relation" : "state" ,
"timestamp" : "1525256906" ,
"to_ids" : false ,
"type" : "text" ,
"uuid" : "5ae992ca-0084-4720-a202-47ea950d210f" ,
"value" : "Malicious"
}
]
} ,
{
"comment" : "Sample payload DLL " ,
"deleted" : false ,
"description" : "File object describing a file with meta-information" ,
"meta-category" : "file" ,
"name" : "file" ,
"template_uuid" : "688c46fb-5edb-40a3-8273-1af7923e2215" ,
"template_version" : "11" ,
"timestamp" : "1525256953" ,
"uuid" : "5ae992f9-d2a4-4abf-a7b6-429d950d210f" ,
"Attribute" : [
{
"category" : "Payload delivery" ,
"comment" : "" ,
"deleted" : false ,
"disable_correlation" : false ,
"object_relation" : "md5" ,
"timestamp" : "1525256954" ,
"to_ids" : true ,
"type" : "md5" ,
"uuid" : "5ae992fa-ae70-4c28-b612-4932950d210f" ,
"value" : "9d3839b39d699336993df1dd4501892b"
} ,
{
"category" : "Payload delivery" ,
"comment" : "" ,
"deleted" : false ,
"disable_correlation" : true ,
"object_relation" : "filename" ,
"timestamp" : "1525256954" ,
"to_ids" : true ,
"type" : "filename" ,
"uuid" : "5ae992fa-45dc-4aab-862d-4a0c950d210f" ,
"value" : "%WINDOWS&\\system32\\wmipapd.dll"
} ,
{
"category" : "Other" ,
"comment" : "" ,
"deleted" : false ,
"disable_correlation" : true ,
"object_relation" : "state" ,
"timestamp" : "1525256954" ,
"to_ids" : false ,
"type" : "text" ,
"uuid" : "5ae992fa-80e4-49ba-a52f-4566950d210f" ,
"value" : "Malicious"
}
]
} ,
{
"comment" : "Sample payload DLL " ,
"deleted" : false ,
"description" : "File object describing a file with meta-information" ,
"meta-category" : "file" ,
"name" : "file" ,
"template_uuid" : "688c46fb-5edb-40a3-8273-1af7923e2215" ,
"template_version" : "11" ,
"timestamp" : "1525256982" ,
"uuid" : "5ae99316-d028-4704-adad-469f950d210f" ,
"Attribute" : [
{
"category" : "Payload delivery" ,
"comment" : "" ,
"deleted" : false ,
"disable_correlation" : false ,
"object_relation" : "md5" ,
"timestamp" : "1525256982" ,
"to_ids" : true ,
"type" : "md5" ,
"uuid" : "5ae99316-5488-4a1d-85e5-4ee9950d210f" ,
"value" : "5c3499acfe0ad7563b367fbf7fb2928c"
} ,
{
"category" : "Payload delivery" ,
"comment" : "" ,
"deleted" : false ,
"disable_correlation" : true ,
"object_relation" : "filename" ,
"timestamp" : "1525256983" ,
"to_ids" : true ,
"type" : "filename" ,
"uuid" : "5ae99317-aca0-4690-9e4b-4821950d210f" ,
"value" : "%WINDOWS&\\system32\\wmipapd.dll"
} ,
{
"category" : "Other" ,
"comment" : "" ,
"deleted" : false ,
"disable_correlation" : true ,
"object_relation" : "state" ,
"timestamp" : "1525256983" ,
"to_ids" : false ,
"type" : "text" ,
"uuid" : "5ae99317-c360-4ed7-ae3e-4f82950d210f" ,
"value" : "Malicious"
}
]
} ,
{
"comment" : "Sample payload DLL " ,
"deleted" : false ,
"description" : "File object describing a file with meta-information" ,
"meta-category" : "file" ,
"name" : "file" ,
"template_uuid" : "688c46fb-5edb-40a3-8273-1af7923e2215" ,
"template_version" : "11" ,
"timestamp" : "1525257289" ,
"uuid" : "5ae99449-65ec-4419-aeb6-46a9950d210f" ,
"Attribute" : [
{
"category" : "Payload delivery" ,
"comment" : "" ,
"deleted" : false ,
"disable_correlation" : false ,
"object_relation" : "md5" ,
"timestamp" : "1525257290" ,
"to_ids" : true ,
"type" : "md5" ,
"uuid" : "5ae9944a-2258-48e3-9aef-41ed950d210f" ,
"value" : "fece72bd41cb0e06e05a847838fbde56"
} ,
{
"category" : "Payload delivery" ,
"comment" : "" ,
"deleted" : false ,
"disable_correlation" : true ,
"object_relation" : "filename" ,
"timestamp" : "1525257290" ,
"to_ids" : true ,
"type" : "filename" ,
"uuid" : "5ae9944b-a168-4505-ad62-4a0a950d210f" ,
"value" : "%WINDOWS&\\system32\\wmiassn.dll"
} ,
{
"category" : "Other" ,
"comment" : "" ,
"deleted" : false ,
"disable_correlation" : true ,
"object_relation" : "state" ,
"timestamp" : "1525257291" ,
"to_ids" : false ,
"type" : "text" ,
"uuid" : "5ae9944b-6018-4a91-9d6e-44dc950d210f" ,
"value" : "Malicious"
}
]
} ,
{
"comment" : "Sample payload DLL" ,
"deleted" : false ,
"description" : "File object describing a file with meta-information" ,
"meta-category" : "file" ,
"name" : "file" ,
"template_uuid" : "688c46fb-5edb-40a3-8273-1af7923e2215" ,
"template_version" : "11" ,
"timestamp" : "1525257389" ,
"uuid" : "5ae994ad-a768-4ee7-a1f4-4330950d210f" ,
"Attribute" : [
{
"category" : "Payload delivery" ,
"comment" : "" ,
"deleted" : false ,
"disable_correlation" : false ,
"object_relation" : "md5" ,
"timestamp" : "1525257389" ,
"to_ids" : true ,
"type" : "md5" ,
"uuid" : "5ae994ad-038c-474b-a8f9-42ca950d210f" ,
"value" : "bbd9e4204514c66c1babda178c01c213"
} ,
{
"category" : "Payload delivery" ,
"comment" : "" ,
"deleted" : false ,
"disable_correlation" : true ,
"object_relation" : "filename" ,
"timestamp" : "1525257389" ,
"to_ids" : true ,
"type" : "filename" ,
"uuid" : "5ae994ad-1060-4c6b-bdbe-47ba950d210f" ,
"value" : "%WINDOWS&\\system32\\wmiadrv.dll"
} ,
{
"category" : "Other" ,
"comment" : "" ,
"deleted" : false ,
"disable_correlation" : true ,
"object_relation" : "state" ,
"timestamp" : "1525257389" ,
"to_ids" : false ,
"type" : "text" ,
"uuid" : "5ae994ad-3048-43e1-baae-4002950d210f" ,
"value" : "Malicious"
}
]
} ,
{
"comment" : "Sample payload DLL" ,
"deleted" : false ,
"description" : "File object describing a file with meta-information" ,
"meta-category" : "file" ,
"name" : "file" ,
"template_uuid" : "688c46fb-5edb-40a3-8273-1af7923e2215" ,
"template_version" : "11" ,
"timestamp" : "1525257470" ,
"uuid" : "5ae994fe-1108-4bf7-a7fa-4497950d210f" ,
"Attribute" : [
{
"category" : "Payload delivery" ,
"comment" : "" ,
"deleted" : false ,
"disable_correlation" : false ,
"object_relation" : "md5" ,
"timestamp" : "1525257470" ,
"to_ids" : true ,
"type" : "md5" ,
"uuid" : "5ae994fe-9e70-49d4-806f-4f19950d210f" ,
"value" : "ee4206cf4227661d3e7ec846f0d69a43"
} ,
{
"category" : "Payload delivery" ,
"comment" : "" ,
"deleted" : false ,
"disable_correlation" : true ,
"object_relation" : "filename" ,
"timestamp" : "1525257471" ,
"to_ids" : true ,
"type" : "filename" ,
"uuid" : "5ae994ff-d0d0-4347-8e63-42ec950d210f" ,
"value" : "%WINDOWS&\\system32\\smipapd.dll"
} ,
{
"category" : "Other" ,
"comment" : "" ,
"deleted" : false ,
"disable_correlation" : true ,
"object_relation" : "state" ,
"timestamp" : "1525257471" ,
"to_ids" : false ,
"type" : "text" ,
"uuid" : "5ae994ff-8bb0-48f2-bf43-467a950d210f" ,
"value" : "Malicious"
}
]
} ,
{
"comment" : "Sample payload DLL" ,
"deleted" : false ,
"description" : "File object describing a file with meta-information" ,
"meta-category" : "file" ,
"name" : "file" ,
"template_uuid" : "688c46fb-5edb-40a3-8273-1af7923e2215" ,
"template_version" : "11" ,
"timestamp" : "1525257502" ,
"uuid" : "5ae9951e-7f10-41ac-b7bc-4234950d210f" ,
"Attribute" : [
{
"category" : "Payload delivery" ,
"comment" : "" ,
"deleted" : false ,
"disable_correlation" : false ,
"object_relation" : "md5" ,
"timestamp" : "1525257502" ,
"to_ids" : true ,
"type" : "md5" ,
"uuid" : "5ae9951e-3d80-4d2d-a0c0-469a950d210f" ,
"value" : "290d8e8524e57783e8cc1b9a3445dfe9"
} ,
{
"category" : "Payload delivery" ,
"comment" : "" ,
"deleted" : false ,
"disable_correlation" : true ,
"object_relation" : "filename" ,
"timestamp" : "1525257503" ,
"to_ids" : true ,
"type" : "filename" ,
"uuid" : "5ae9951f-1748-4c0c-acfa-4510950d210f" ,
"value" : "%WINDOWS&\\system32\\wmiamgmt.dll"
} ,
{
"category" : "Other" ,
"comment" : "" ,
"deleted" : false ,
"disable_correlation" : true ,
"object_relation" : "state" ,
"timestamp" : "1525257503" ,
"to_ids" : false ,
"type" : "text" ,
"uuid" : "5ae9951f-c918-4501-9dbb-4aa7950d210f" ,
"value" : "Malicious"
}
]
} ,
{
"comment" : "Sample dropper " ,
"deleted" : false ,
"description" : "File object describing a file with meta-information" ,
"meta-category" : "file" ,
"name" : "file" ,
"template_uuid" : "688c46fb-5edb-40a3-8273-1af7923e2215" ,
"template_version" : "11" ,
"timestamp" : "1525258266" ,
"uuid" : "5ae9981a-ad08-4334-99f4-471f950d210f" ,
"Attribute" : [
{
"category" : "Payload delivery" ,
"comment" : "" ,
"deleted" : false ,
"disable_correlation" : false ,
"object_relation" : "md5" ,
"timestamp" : "1525258266" ,
"to_ids" : true ,
"type" : "md5" ,
"uuid" : "5ae9981a-7548-4814-a9b9-42e2950d210f" ,
"value" : "0240ed7e45567f606793dafaff024acf"
} ,
{
"category" : "Payload delivery" ,
"comment" : "" ,
"deleted" : false ,
"disable_correlation" : true ,
"object_relation" : "filename" ,
"timestamp" : "1525258267" ,
"to_ids" : true ,
"type" : "filename" ,
"uuid" : "5ae9981b-9c88-46e5-aebc-4180950d210f" ,
"value" : "%WINDOWS&\\sysWOW64\\wmipsrce.exe"
} ,
{
"category" : "Other" ,
"comment" : "" ,
"deleted" : false ,
"disable_correlation" : true ,
"object_relation" : "state" ,
"timestamp" : "1525258267" ,
"to_ids" : false ,
"type" : "text" ,
"uuid" : "5ae9981b-225c-4c1b-a976-4334950d210f" ,
"value" : "Malicious"
}
]
} ,
{
"comment" : "Sample dropper " ,
"deleted" : false ,
"description" : "File object describing a file with meta-information" ,
"meta-category" : "file" ,
"name" : "file" ,
"template_uuid" : "688c46fb-5edb-40a3-8273-1af7923e2215" ,
"template_version" : "11" ,
"timestamp" : "1525258340" ,
"uuid" : "5ae99864-03f8-4a65-928a-4bde950d210f" ,
"Attribute" : [
{
"category" : "Payload delivery" ,
"comment" : "" ,
"deleted" : false ,
"disable_correlation" : false ,
"object_relation" : "md5" ,
"timestamp" : "1525258340" ,
"to_ids" : true ,
"type" : "md5" ,
"uuid" : "5ae99864-fdb8-4af0-936e-4c3b950d210f" ,
"value" : "047f70dbac6cd9a4d07abef606d89fb7"
} ,
{
"category" : "Payload delivery" ,
"comment" : "" ,
"deleted" : false ,
"disable_correlation" : true ,
"object_relation" : "filename" ,
"timestamp" : "1525258340" ,
"to_ids" : true ,
"type" : "filename" ,
"uuid" : "5ae99864-a030-4436-bdc7-4fa2950d210f" ,
"value" : "%WINDOWS&\\system32\\wmiapsrce.exe"
} ,
{
"category" : "Other" ,
"comment" : "" ,
"deleted" : false ,
"disable_correlation" : true ,
"object_relation" : "state" ,
"timestamp" : "1525258340" ,
"to_ids" : false ,
"type" : "text" ,
"uuid" : "5ae99864-92e4-4396-95de-409a950d210f" ,
"value" : "Malicious"
}
]
} ,
{
"comment" : "Sample dropper" ,
"deleted" : false ,
"description" : "File object describing a file with meta-information" ,
"meta-category" : "file" ,
"name" : "file" ,
"template_uuid" : "688c46fb-5edb-40a3-8273-1af7923e2215" ,
"template_version" : "11" ,
"timestamp" : "1525258443" ,
"uuid" : "5ae998cb-f5b4-4f8a-81c3-406e950d210f" ,
"Attribute" : [
{
"category" : "Payload delivery" ,
"comment" : "" ,
"deleted" : false ,
"disable_correlation" : false ,
"object_relation" : "md5" ,
"timestamp" : "1525258443" ,
"to_ids" : true ,
"type" : "md5" ,
"uuid" : "5ae998cb-dc18-48b1-ad47-425c950d210f" ,
"value" : "0240ed7e45567f606793dafaff024acf"
} ,
{
"category" : "Payload delivery" ,
"comment" : "" ,
"deleted" : false ,
"disable_correlation" : true ,
"object_relation" : "filename" ,
"timestamp" : "1525258444" ,
"to_ids" : true ,
"type" : "filename" ,
"uuid" : "5ae998cc-a3cc-4fe3-a126-4182950d210f" ,
"value" : "%WINDOWS&\\system32\\WMIAPSRVUX.EXE"
} ,
{
"category" : "Other" ,
"comment" : "" ,
"deleted" : false ,
"disable_correlation" : true ,
"object_relation" : "state" ,
"timestamp" : "1525258444" ,
"to_ids" : false ,
"type" : "text" ,
"uuid" : "5ae998cc-0ec8-4c60-a699-4909950d210f" ,
"value" : "Malicious"
}
]
} ,
{
"comment" : "Sample dropper" ,
"deleted" : false ,
"description" : "File object describing a file with meta-information" ,
"meta-category" : "file" ,
"name" : "file" ,
"template_uuid" : "688c46fb-5edb-40a3-8273-1af7923e2215" ,
"template_version" : "11" ,
"timestamp" : "1525258497" ,
"uuid" : "5ae99901-3fcc-473f-ab05-4c3e950d210f" ,
"Attribute" : [
{
"category" : "Payload delivery" ,
"comment" : "" ,
"deleted" : false ,
"disable_correlation" : false ,
"object_relation" : "md5" ,
"timestamp" : "1525258497" ,
"to_ids" : true ,
"type" : "md5" ,
"uuid" : "5ae99901-a9b4-4db0-b067-4580950d210f" ,
"value" : "2ae53de1a1f65a6d57e96dab26c73cda"
} ,
{
"category" : "Payload delivery" ,
"comment" : "" ,
"deleted" : false ,
"disable_correlation" : true ,
"object_relation" : "filename" ,
"timestamp" : "1525258498" ,
"to_ids" : true ,
"type" : "filename" ,
"uuid" : "5ae99902-5118-4c91-90c1-466d950d210f" ,
"value" : "%WINDOWS&\\system32\\wmiapsrce.exe"
} ,
{
"category" : "Other" ,
"comment" : "" ,
"deleted" : false ,
"disable_correlation" : true ,
"object_relation" : "state" ,
"timestamp" : "1525258498" ,
"to_ids" : false ,
"type" : "text" ,
"uuid" : "5ae99902-89a0-4c65-881f-4151950d210f" ,
"value" : "Malicious"
}
]
} ,
{
"comment" : "Sample dropper" ,
"deleted" : false ,
"description" : "File object describing a file with meta-information" ,
"meta-category" : "file" ,
"name" : "file" ,
"template_uuid" : "688c46fb-5edb-40a3-8273-1af7923e2215" ,
"template_version" : "11" ,
"timestamp" : "1525258621" ,
"uuid" : "5ae9997d-8770-4ab8-b19d-4c8f950d210f" ,
"Attribute" : [
{
"category" : "Payload delivery" ,
"comment" : "" ,
"deleted" : false ,
"disable_correlation" : false ,
"object_relation" : "md5" ,
"timestamp" : "1525258621" ,
"to_ids" : true ,
"type" : "md5" ,
"uuid" : "5ae9997d-879c-478c-a733-4fd8950d210f" ,
"value" : "47345640c135bd00d9f2969fabb4c9fa"
} ,
{
"category" : "Payload delivery" ,
"comment" : "" ,
"deleted" : false ,
"disable_correlation" : true ,
"object_relation" : "filename" ,
"timestamp" : "1525258622" ,
"to_ids" : true ,
"type" : "filename" ,
"uuid" : "5ae9997e-4854-46a3-8ee5-444c950d210f" ,
"value" : "%WINDOWS&\\system32\\WMIPSVRCE.EXE"
} ,
{
"category" : "Other" ,
"comment" : "" ,
"deleted" : false ,
"disable_correlation" : true ,
"object_relation" : "state" ,
"timestamp" : "1525258622" ,
"to_ids" : false ,
"type" : "text" ,
"uuid" : "5ae9997e-1330-449b-a910-458c950d210f" ,
"value" : "Malicious"
}
]
} ,
{
"comment" : "Sample dropper" ,
"deleted" : false ,
"description" : "File object describing a file with meta-information" ,
"meta-category" : "file" ,
"name" : "file" ,
"template_uuid" : "688c46fb-5edb-40a3-8273-1af7923e2215" ,
"template_version" : "11" ,
"timestamp" : "1525258680" ,
"uuid" : "5ae999b8-8d60-4297-a180-4bf7950d210f" ,
"Attribute" : [
{
"category" : "Payload delivery" ,
"comment" : "" ,
"deleted" : false ,
"disable_correlation" : false ,
"object_relation" : "md5" ,
"timestamp" : "1525258680" ,
"to_ids" : true ,
"type" : "md5" ,
"uuid" : "5ae999b8-a58c-43e5-b4d1-4696950d210f" ,
"value" : "cb9954509dc82e6bbed2aee202d88415"
} ,
{
"category" : "Payload delivery" ,
"comment" : "" ,
"deleted" : false ,
"disable_correlation" : true ,
"object_relation" : "filename" ,
"timestamp" : "1525258680" ,
"to_ids" : true ,
"type" : "filename" ,
"uuid" : "5ae999b8-c1fc-494f-a82b-4a83950d210f" ,
"value" : "%WINDOWS&\\system32\\wmipsrce.exe"
} ,
{
"category" : "Other" ,
"comment" : "" ,
"deleted" : false ,
"disable_correlation" : true ,
"object_relation" : "state" ,
"timestamp" : "1525258680" ,
"to_ids" : false ,
"type" : "text" ,
"uuid" : "5ae999b8-e054-42f7-8458-4411950d210f" ,
"value" : "Malicious"
}
]
} ,
{
"comment" : "Sample dropper" ,
"deleted" : false ,
"description" : "File object describing a file with meta-information" ,
"meta-category" : "file" ,
"name" : "file" ,
"template_uuid" : "688c46fb-5edb-40a3-8273-1af7923e2215" ,
"template_version" : "11" ,
"timestamp" : "1525259091" ,
"uuid" : "5ae99b53-9990-442f-8a80-4301950d210f" ,
"Attribute" : [
{
"category" : "Payload delivery" ,
"comment" : "" ,
"deleted" : false ,
"disable_correlation" : false ,
"object_relation" : "md5" ,
"timestamp" : "1525259091" ,
"to_ids" : true ,
"type" : "md5" ,
"uuid" : "5ae99b53-d044-4d61-b250-45ad950d210f" ,
"value" : "cb9954509dc82e6bbed2aee202d88415"
} ,
{
"category" : "Payload delivery" ,
"comment" : "" ,
"deleted" : false ,
"disable_correlation" : true ,
"object_relation" : "filename" ,
"timestamp" : "1525259092" ,
"to_ids" : true ,
"type" : "filename" ,
"uuid" : "5ae99b54-9340-422f-80ac-470e950d210f" ,
"value" : "%WINDOWS&\\system32\\WMIPSVRE.EXE"
} ,
{
"category" : "Other" ,
"comment" : "" ,
"deleted" : false ,
"disable_correlation" : true ,
"object_relation" : "state" ,
"timestamp" : "1525259092" ,
"to_ids" : false ,
"type" : "text" ,
"uuid" : "5ae99b54-d328-4a63-8386-495d950d210f" ,
"value" : "Malicious"
}
]
} ,
{
"comment" : "Sample dropper" ,
"deleted" : false ,
"description" : "File object describing a file with meta-information" ,
"meta-category" : "file" ,
"name" : "file" ,
"template_uuid" : "688c46fb-5edb-40a3-8273-1af7923e2215" ,
"template_version" : "11" ,
"timestamp" : "1525259181" ,
"uuid" : "5ae99bad-464c-4be6-8451-4552950d210f" ,
"Attribute" : [
{
"category" : "Payload delivery" ,
"comment" : "" ,
"deleted" : false ,
"disable_correlation" : false ,
"object_relation" : "md5" ,
"timestamp" : "1525259181" ,
"to_ids" : true ,
"type" : "md5" ,
"uuid" : "5ae99bad-6f10-4c44-8bad-4784950d210f" ,
"value" : "b680b119643876286030c4f6134dc4e3"
} ,
{
"category" : "Payload delivery" ,
"comment" : "" ,
"deleted" : false ,
"disable_correlation" : true ,
"object_relation" : "filename" ,
"timestamp" : "1525259182" ,
"to_ids" : true ,
"type" : "filename" ,
"uuid" : "5ae99bae-b364-4346-919d-408b950d210f" ,
"value" : "%WINDOWS&\\system32\\wmiapsrve.exe"
} ,
{
"category" : "Other" ,
"comment" : "" ,
"deleted" : false ,
"disable_correlation" : true ,
"object_relation" : "state" ,
"timestamp" : "1525259182" ,
"to_ids" : false ,
"type" : "text" ,
"uuid" : "5ae99bae-936c-453f-a3a2-47ff950d210f" ,
"value" : "Malicious"
}
]
} ,
{
"comment" : "Sample dropper" ,
"deleted" : false ,
"description" : "File object describing a file with meta-information" ,
"meta-category" : "file" ,
"name" : "file" ,
"template_uuid" : "688c46fb-5edb-40a3-8273-1af7923e2215" ,
"template_version" : "11" ,
"timestamp" : "1525259228" ,
"uuid" : "5ae99bdc-fca0-4cfe-9271-14db950d210f" ,
"Attribute" : [
{
"category" : "Payload delivery" ,
"comment" : "" ,
"deleted" : false ,
"disable_correlation" : false ,
"object_relation" : "md5" ,
"timestamp" : "1525259228" ,
"to_ids" : true ,
"type" : "md5" ,
"uuid" : "5ae99bdc-9a18-4bd4-8429-14db950d210f" ,
"value" : "fac94bc2dcfbef7c3b248927cb5abf6d"
} ,
{
"category" : "Payload delivery" ,
"comment" : "" ,
"deleted" : false ,
"disable_correlation" : true ,
"object_relation" : "filename" ,
"timestamp" : "1525259229" ,
"to_ids" : true ,
"type" : "filename" ,
"uuid" : "5ae99bdd-3298-42e8-aac7-14db950d210f" ,
"value" : "%WINDOWS&\\system32\\wmipvsre.exe"
} ,
{
"category" : "Other" ,
"comment" : "" ,
"deleted" : false ,
"disable_correlation" : true ,
"object_relation" : "state" ,
"timestamp" : "1525259229" ,
"to_ids" : false ,
"type" : "text" ,
"uuid" : "5ae99bdd-62ec-4d8d-a379-14db950d210f" ,
"value" : "Malicious"
}
]
} ,
{
"comment" : "Sample dropper" ,
"deleted" : false ,
"description" : "File object describing a file with meta-information" ,
"meta-category" : "file" ,
"name" : "file" ,
"template_uuid" : "688c46fb-5edb-40a3-8273-1af7923e2215" ,
"template_version" : "11" ,
"timestamp" : "1525259257" ,
"uuid" : "5ae99bf9-f24c-472f-b767-1226950d210f" ,
"Attribute" : [
{
"category" : "Payload delivery" ,
"comment" : "" ,
"deleted" : false ,
"disable_correlation" : false ,
"object_relation" : "md5" ,
"timestamp" : "1525259258" ,
"to_ids" : true ,
"type" : "md5" ,
"uuid" : "5ae99bfa-31b8-478b-b8f9-1226950d210f" ,
"value" : "856683aee9687f6fdf00cfd4dc4c2aef"
} ,
{
"category" : "Payload delivery" ,
"comment" : "" ,
"deleted" : false ,
"disable_correlation" : true ,
"object_relation" : "filename" ,
"timestamp" : "1525259258" ,
"to_ids" : true ,
"type" : "filename" ,
"uuid" : "5ae99bfa-1444-470a-83f4-1226950d210f" ,
"value" : "%WINDOWS&\\system32\\wmiapsvrce.exe"
} ,
{
"category" : "Other" ,
"comment" : "" ,
"deleted" : false ,
"disable_correlation" : true ,
"object_relation" : "state" ,
"timestamp" : "1525259258" ,
"to_ids" : false ,
"type" : "text" ,
"uuid" : "5ae99bfa-ee5c-4285-b107-1226950d210f" ,
"value" : "Malicious"
}
]
} ,
{
"comment" : "Sample dropper" ,
"deleted" : false ,
"description" : "File object describing a file with meta-information" ,
"meta-category" : "file" ,
"name" : "file" ,
"template_uuid" : "688c46fb-5edb-40a3-8273-1af7923e2215" ,
"template_version" : "11" ,
"timestamp" : "1525263327" ,
"uuid" : "5ae9abdf-465c-4bb6-9474-a8f4950d210f" ,
"Attribute" : [
{
"category" : "Payload delivery" ,
"comment" : "" ,
"deleted" : false ,
"disable_correlation" : false ,
"object_relation" : "md5" ,
"timestamp" : "1525263327" ,
"to_ids" : true ,
"type" : "md5" ,
"uuid" : "5ae9abdf-3648-49ee-8849-a8f4950d210f" ,
"value" : "847459c8379250d8be2b2d365be877f5"
} ,
{
"category" : "Payload delivery" ,
"comment" : "" ,
"deleted" : false ,
"disable_correlation" : true ,
"object_relation" : "filename" ,
"timestamp" : "1525263328" ,
"to_ids" : true ,
"type" : "filename" ,
"uuid" : "5ae9abe0-6948-43ab-92c5-a8f4950d210f" ,
"value" : "%WINDOWS&\\system32\\wmiapsrve.exe"
} ,
{
"category" : "Other" ,
"comment" : "" ,
"deleted" : false ,
"disable_correlation" : true ,
"object_relation" : "state" ,
"timestamp" : "1525263328" ,
"to_ids" : false ,
"type" : "text" ,
"uuid" : "5ae9abe0-ca48-4e03-9044-a8f4950d210f" ,
"value" : "Malicious"
}
]
} ,
{
"comment" : "Sample dropper" ,
"deleted" : false ,
"description" : "File object describing a file with meta-information" ,
"meta-category" : "file" ,
"name" : "file" ,
"template_uuid" : "688c46fb-5edb-40a3-8273-1af7923e2215" ,
"template_version" : "11" ,
"timestamp" : "1525263347" ,
"uuid" : "5ae9abf3-2210-4cc9-97e0-11f0950d210f" ,
"Attribute" : [
{
"category" : "Payload delivery" ,
"comment" : "" ,
"deleted" : false ,
"disable_correlation" : false ,
"object_relation" : "md5" ,
"timestamp" : "1525263347" ,
"to_ids" : true ,
"type" : "md5" ,
"uuid" : "5ae9abf3-2318-49cc-bb94-11f0950d210f" ,
"value" : "fac94bc2dcfbef7c3b248927cb5abf6d"
} ,
{
"category" : "Payload delivery" ,
"comment" : "" ,
"deleted" : false ,
"disable_correlation" : true ,
"object_relation" : "filename" ,
"timestamp" : "1525263347" ,
"to_ids" : true ,
"type" : "filename" ,
"uuid" : "5ae9abf3-ea98-4421-853d-11f0950d210f" ,
"value" : "%WINDOWS&\\system32\\WMIAPSRVE.EXE"
} ,
{
"category" : "Other" ,
"comment" : "" ,
"deleted" : false ,
"disable_correlation" : true ,
"object_relation" : "state" ,
"timestamp" : "1525263347" ,
"to_ids" : false ,
"type" : "text" ,
"uuid" : "5ae9abf3-b034-47de-a41c-11f0950d210f" ,
"value" : "Malicious"
}
]
} ,
{
"comment" : "Sample dropper" ,
"deleted" : false ,
"description" : "File object describing a file with meta-information" ,
"meta-category" : "file" ,
"name" : "file" ,
"template_uuid" : "688c46fb-5edb-40a3-8273-1af7923e2215" ,
"template_version" : "11" ,
"timestamp" : "1525263369" ,
"uuid" : "5ae9ac09-88b8-4b91-9890-a91b950d210f" ,
"Attribute" : [
{
"category" : "Payload delivery" ,
"comment" : "" ,
"deleted" : false ,
"disable_correlation" : false ,
"object_relation" : "md5" ,
"timestamp" : "1525263370" ,
"to_ids" : true ,
"type" : "md5" ,
"uuid" : "5ae9ac0a-95a4-469c-a5bd-a91b950d210f" ,
"value" : "fac94bc2dcfbef7c3b248927cb5abf6d"
} ,
{
"category" : "Payload delivery" ,
"comment" : "" ,
"deleted" : false ,
"disable_correlation" : true ,
"object_relation" : "filename" ,
"timestamp" : "1525263370" ,
"to_ids" : true ,
"type" : "filename" ,
"uuid" : "5ae9ac0a-1f88-4e47-a83d-a91b950d210f" ,
"value" : "%WINDOWS&\\system32\\WMIPRVSE.EXE"
} ,
{
"category" : "Other" ,
"comment" : "" ,
"deleted" : false ,
"disable_correlation" : true ,
"object_relation" : "state" ,
"timestamp" : "1525263370" ,
"to_ids" : false ,
"type" : "text" ,
"uuid" : "5ae9ac0a-9c44-47ae-8ec1-a91b950d210f" ,
"value" : "Malicious"
}
]
} ,
{
"comment" : "Sample dropper" ,
"deleted" : false ,
"description" : "File object describing a file with meta-information" ,
"meta-category" : "file" ,
"name" : "file" ,
"template_uuid" : "688c46fb-5edb-40a3-8273-1af7923e2215" ,
"template_version" : "11" ,
"timestamp" : "1525263391" ,
"uuid" : "5ae9ac1f-e6c0-4d66-b160-14e1950d210f" ,
"Attribute" : [
{
"category" : "Payload delivery" ,
"comment" : "" ,
"deleted" : false ,
"disable_correlation" : false ,
"object_relation" : "md5" ,
"timestamp" : "1525263391" ,
"to_ids" : true ,
"type" : "md5" ,
"uuid" : "5ae9ac1f-b18c-4c78-af46-14e1950d210f" ,
"value" : "cb9954509dc82e6bbed2aee202d88415"
} ,
{
"category" : "Payload delivery" ,
"comment" : "" ,
"deleted" : false ,
"disable_correlation" : true ,
"object_relation" : "filename" ,
"timestamp" : "1525263392" ,
"to_ids" : true ,
"type" : "filename" ,
"uuid" : "5ae9ac20-bf68-4484-8a28-14e1950d210f" ,
"value" : "%WINDOWS&\\system32\\WMIPRVSE.EXE"
} ,
{
"category" : "Other" ,
"comment" : "" ,
"deleted" : false ,
"disable_correlation" : true ,
"object_relation" : "state" ,
"timestamp" : "1525263392" ,
"to_ids" : false ,
"type" : "text" ,
"uuid" : "5ae9ac20-f808-4804-8205-14e1950d210f" ,
"value" : "Malicious"
}
]
} ,
{
"comment" : "Sample dropper" ,
"deleted" : false ,
"description" : "File object describing a file with meta-information" ,
"meta-category" : "file" ,
"name" : "file" ,
"template_uuid" : "688c46fb-5edb-40a3-8273-1af7923e2215" ,
"template_version" : "11" ,
"timestamp" : "1525263416" ,
"uuid" : "5ae9ac38-8598-4864-928d-1506950d210f" ,
"Attribute" : [
{
"category" : "Payload delivery" ,
"comment" : "" ,
"deleted" : false ,
"disable_correlation" : false ,
"object_relation" : "md5" ,
"timestamp" : "1525263416" ,
"to_ids" : true ,
"type" : "md5" ,
"uuid" : "5ae9ac38-4084-4acb-8a3c-1506950d210f" ,
"value" : "6277e675d335fd69a3ff13a465f6b0a8"
} ,
{
"category" : "Payload delivery" ,
"comment" : "" ,
"deleted" : false ,
"disable_correlation" : true ,
"object_relation" : "filename" ,
"timestamp" : "1525263416" ,
"to_ids" : true ,
"type" : "filename" ,
"uuid" : "5ae9ac39-3084-4490-9814-1506950d210f" ,
"value" : "%WINDOWS&\\system32\\wmipsrvce.exe"
} ,
{
"category" : "Other" ,
"comment" : "" ,
"deleted" : false ,
"disable_correlation" : true ,
"object_relation" : "state" ,
"timestamp" : "1525263417" ,
"to_ids" : false ,
"type" : "text" ,
"uuid" : "5ae9ac39-6730-44cb-bb91-1506950d210f" ,
"value" : "Malicious"
}
]
} ,
{
"comment" : "Sample dropper" ,
"deleted" : false ,
"description" : "File object describing a file with meta-information" ,
"meta-category" : "file" ,
"name" : "file" ,
"template_uuid" : "688c46fb-5edb-40a3-8273-1af7923e2215" ,
"template_version" : "11" ,
"timestamp" : "1525263517" ,
"uuid" : "5ae9ac9d-1eb8-4652-8010-a914950d210f" ,
"Attribute" : [
{
"category" : "Payload delivery" ,
"comment" : "" ,
"deleted" : false ,
"disable_correlation" : false ,
"object_relation" : "md5" ,
"timestamp" : "1525263518" ,
"to_ids" : true ,
"type" : "md5" ,
"uuid" : "5ae9ac9e-96c4-44a1-a6d0-a914950d210f" ,
"value" : "847459c8379250d8be2b2d365be877f5"
} ,
{
"category" : "Payload delivery" ,
"comment" : "" ,
"deleted" : false ,
"disable_correlation" : true ,
"object_relation" : "filename" ,
"timestamp" : "1525263518" ,
"to_ids" : true ,
"type" : "filename" ,
"uuid" : "5ae9ac9e-c540-4a14-add3-a914950d210f" ,
"value" : "%WINDOWS&\\system32\\wmiapsvre.exe"
} ,
{
"category" : "Other" ,
"comment" : "" ,
"deleted" : false ,
"disable_correlation" : true ,
"object_relation" : "state" ,
"timestamp" : "1525263518" ,
"to_ids" : false ,
"type" : "text" ,
"uuid" : "5ae9ac9e-f9a4-4971-9d71-a914950d210f" ,
"value" : "Malicious"
}
]
} ,
{
"comment" : "Sample dropper" ,
"deleted" : false ,
"description" : "File object describing a file with meta-information" ,
"meta-category" : "file" ,
"name" : "file" ,
"template_uuid" : "688c46fb-5edb-40a3-8273-1af7923e2215" ,
"template_version" : "11" ,
"timestamp" : "1525263602" ,
"uuid" : "5ae9acf2-866c-468d-9198-a8f4950d210f" ,
"Attribute" : [
{
"category" : "Payload delivery" ,
"comment" : "" ,
"deleted" : false ,
"disable_correlation" : false ,
"object_relation" : "md5" ,
"timestamp" : "1525263602" ,
"to_ids" : true ,
"type" : "md5" ,
"uuid" : "5ae9acf2-2e08-49a4-8713-a8f4950d210f" ,
"value" : "3bedc1c4c1023c141c2f977e846c476e"
} ,
{
"category" : "Payload delivery" ,
"comment" : "" ,
"deleted" : false ,
"disable_correlation" : true ,
"object_relation" : "filename" ,
"timestamp" : "1525263602" ,
"to_ids" : true ,
"type" : "filename" ,
"uuid" : "5ae9acf2-3b28-428e-a551-a8f4950d210f" ,
"value" : "%WINDOWS&\\system32\\wmipsvrce.exe"
} ,
{
"category" : "Other" ,
"comment" : "" ,
"deleted" : false ,
"disable_correlation" : true ,
"object_relation" : "state" ,
"timestamp" : "1525263603" ,
"to_ids" : false ,
"type" : "text" ,
"uuid" : "5ae9acf3-ef70-416f-8219-a8f4950d210f" ,
"value" : "Malicious"
}
]
} ,
{
"comment" : "Sample dropper" ,
"deleted" : false ,
"description" : "File object describing a file with meta-information" ,
"meta-category" : "file" ,
"name" : "file" ,
"template_uuid" : "688c46fb-5edb-40a3-8273-1af7923e2215" ,
"template_version" : "11" ,
"timestamp" : "1525263625" ,
"uuid" : "5ae9ad09-0074-4093-927f-1506950d210f" ,
"Attribute" : [
{
"category" : "Payload delivery" ,
"comment" : "" ,
"deleted" : false ,
"disable_correlation" : false ,
"object_relation" : "md5" ,
"timestamp" : "1525263625" ,
"to_ids" : true ,
"type" : "md5" ,
"uuid" : "5ae9ad09-8c84-42de-9e92-1506950d210f" ,
"value" : "ce3894ee6f3c2c2c828148f7f779aafe"
} ,
{
"category" : "Payload delivery" ,
"comment" : "" ,
"deleted" : false ,
"disable_correlation" : true ,
"object_relation" : "filename" ,
"timestamp" : "1525263625" ,
"to_ids" : true ,
"type" : "filename" ,
"uuid" : "5ae9ad09-81d0-41b1-a63e-1506950d210f" ,
"value" : "%WINDOWS&\\system32\\WMIAPVSRE.EXE"
} ,
{
"category" : "Other" ,
"comment" : "" ,
"deleted" : false ,
"disable_correlation" : true ,
"object_relation" : "state" ,
"timestamp" : "1525263625" ,
"to_ids" : false ,
"type" : "text" ,
"uuid" : "5ae9ad09-b37c-4271-91bc-1506950d210f" ,
"value" : "Malicious"
}
]
} ,
{
"comment" : "Sample dropper" ,
"deleted" : false ,
"description" : "File object describing a file with meta-information" ,
"meta-category" : "file" ,
"name" : "file" ,
"template_uuid" : "688c46fb-5edb-40a3-8273-1af7923e2215" ,
"template_version" : "11" ,
"timestamp" : "1525263663" ,
"uuid" : "5ae9ad2f-805c-4d81-b83c-a8d6950d210f" ,
"Attribute" : [
{
"category" : "Payload delivery" ,
"comment" : "" ,
"deleted" : false ,
"disable_correlation" : false ,
"object_relation" : "md5" ,
"timestamp" : "1525263663" ,
"to_ids" : true ,
"type" : "md5" ,
"uuid" : "5ae9ad2f-9288-4c16-b71e-a8d6950d210f" ,
"value" : "3b3a1062689ffa191e58d5507d39939d"
} ,
{
"category" : "Payload delivery" ,
"comment" : "" ,
"deleted" : false ,
"disable_correlation" : true ,
"object_relation" : "filename" ,
"timestamp" : "1525263664" ,
"to_ids" : true ,
"type" : "filename" ,
"uuid" : "5ae9ad30-1ee0-4278-832e-a8d6950d210f" ,
"value" : "%WINDOWS&\\system32\\wmiaprvse.exe"
} ,
{
"category" : "Other" ,
"comment" : "" ,
"deleted" : false ,
"disable_correlation" : true ,
"object_relation" : "state" ,
"timestamp" : "1525263664" ,
"to_ids" : false ,
"type" : "text" ,
"uuid" : "5ae9ad30-6488-4f0a-a706-a8d6950d210f" ,
"value" : "Malicious"
}
]
} ,
{
"comment" : "Sample dropper" ,
"deleted" : false ,
"description" : "File object describing a file with meta-information" ,
"meta-category" : "file" ,
"name" : "file" ,
"template_uuid" : "688c46fb-5edb-40a3-8273-1af7923e2215" ,
"template_version" : "11" ,
"timestamp" : "1525263931" ,
"uuid" : "5ae9ae3b-fcd8-4175-88c9-1271950d210f" ,
"Attribute" : [
{
"category" : "Payload delivery" ,
"comment" : "" ,
"deleted" : false ,
"disable_correlation" : false ,
"object_relation" : "md5" ,
"timestamp" : "1525263931" ,
"to_ids" : true ,
"type" : "md5" ,
"uuid" : "5ae9ae3b-db24-49a8-9596-1271950d210f" ,
"value" : "47345640c135bd00d9f2969fabb4c9fa"
} ,
{
"category" : "Payload delivery" ,
"comment" : "" ,
"deleted" : false ,
"disable_correlation" : true ,
"object_relation" : "filename" ,
"timestamp" : "1525263931" ,
"to_ids" : true ,
"type" : "filename" ,
"uuid" : "5ae9ae3b-392c-4a49-9491-1271950d210f" ,
"value" : "%WINDOWS&\\system32\\WMIAPSVRE.EXE"
} ,
{
"category" : "Other" ,
"comment" : "" ,
"deleted" : false ,
"disable_correlation" : true ,
"object_relation" : "state" ,
"timestamp" : "1525263931" ,
"to_ids" : false ,
"type" : "text" ,
"uuid" : "5ae9ae3b-5dbc-44e8-8208-1271950d210f" ,
"value" : "Malicious"
}
]
} ,
{
"comment" : "Sample dropper" ,
"deleted" : false ,
"description" : "File object describing a file with meta-information" ,
"meta-category" : "file" ,
"name" : "file" ,
"template_uuid" : "688c46fb-5edb-40a3-8273-1af7923e2215" ,
"template_version" : "11" ,
"timestamp" : "1525263969" ,
"uuid" : "5ae9ae61-7ff4-4b1d-9c77-1271950d210f" ,
"Attribute" : [
{
"category" : "Payload delivery" ,
"comment" : "" ,
"deleted" : false ,
"disable_correlation" : false ,
"object_relation" : "md5" ,
"timestamp" : "1525263969" ,
"to_ids" : true ,
"type" : "md5" ,
"uuid" : "5ae9ae61-e84c-4e65-8f37-1271950d210f" ,
"value" : "3bedc1c4c1023c141c2f977e846c476e"
} ,
{
"category" : "Payload delivery" ,
"comment" : "" ,
"deleted" : false ,
"disable_correlation" : true ,
"object_relation" : "filename" ,
"timestamp" : "1525263969" ,
"to_ids" : true ,
"type" : "filename" ,
"uuid" : "5ae9ae61-b6b4-4ff3-8402-1271950d210f" ,
"value" : "%WINDOWS&\\system32\\wmiapvsre.exe"
} ,
{
"category" : "Other" ,
"comment" : "" ,
"deleted" : false ,
"disable_correlation" : true ,
"object_relation" : "state" ,
"timestamp" : "1525263969" ,
"to_ids" : false ,
"type" : "text" ,
"uuid" : "5ae9ae61-3a80-404a-a6be-1271950d210f" ,
"value" : "Malicious"
}
]
} ,
{
"comment" : "Sample dropper" ,
"deleted" : false ,
"description" : "File object describing a file with meta-information" ,
"meta-category" : "file" ,
"name" : "file" ,
"template_uuid" : "688c46fb-5edb-40a3-8273-1af7923e2215" ,
"template_version" : "11" ,
"timestamp" : "1525263986" ,
"uuid" : "5ae9ae72-10dc-49a9-b36a-1226950d210f" ,
"Attribute" : [
{
"category" : "Payload delivery" ,
"comment" : "" ,
"deleted" : false ,
"disable_correlation" : false ,
"object_relation" : "md5" ,
"timestamp" : "1525263986" ,
"to_ids" : true ,
"type" : "md5" ,
"uuid" : "5ae9ae72-b62c-4f32-9960-1226950d210f" ,
"value" : "6277e675d335fd69a3ff13a465f6b0a8"
} ,
{
"category" : "Payload delivery" ,
"comment" : "" ,
"deleted" : false ,
"disable_correlation" : true ,
"object_relation" : "filename" ,
"timestamp" : "1525263987" ,
"to_ids" : true ,
"type" : "filename" ,
"uuid" : "5ae9ae73-3820-4c43-ba12-1226950d210f" ,
"value" : "%WINDOWS&\\system32\\wmiapsrve.exe"
} ,
{
"category" : "Other" ,
"comment" : "" ,
"deleted" : false ,
"disable_correlation" : true ,
"object_relation" : "state" ,
"timestamp" : "1525263987" ,
"to_ids" : false ,
"type" : "text" ,
"uuid" : "5ae9ae73-2b90-4176-aacb-1226950d210f" ,
"value" : "Malicious"
}
]
} ,
{
"comment" : "Sample dropper" ,
"deleted" : false ,
"description" : "File object describing a file with meta-information" ,
"meta-category" : "file" ,
"name" : "file" ,
"template_uuid" : "688c46fb-5edb-40a3-8273-1af7923e2215" ,
"template_version" : "11" ,
"timestamp" : "1525264053" ,
"uuid" : "5ae9aeb5-57e0-4f5f-88c2-1271950d210f" ,
"Attribute" : [
{
"category" : "Payload delivery" ,
"comment" : "" ,
"deleted" : false ,
"disable_correlation" : false ,
"object_relation" : "md5" ,
"timestamp" : "1525264054" ,
"to_ids" : true ,
"type" : "md5" ,
"uuid" : "5ae9aeb6-87c0-49e2-b461-1271950d210f" ,
"value" : "856683aee9687f6fdf00cfd4dc4c2aef"
} ,
{
"category" : "Payload delivery" ,
"comment" : "" ,
"deleted" : false ,
"disable_correlation" : true ,
"object_relation" : "filename" ,
"timestamp" : "1525264054" ,
"to_ids" : true ,
"type" : "filename" ,
"uuid" : "5ae9aeb6-d258-41e0-9e01-1271950d210f" ,
"value" : "%WINDOWS&\\system32\\wmipsvrce.exe"
} ,
{
"category" : "Other" ,
"comment" : "" ,
"deleted" : false ,
"disable_correlation" : true ,
"object_relation" : "state" ,
"timestamp" : "1525264054" ,
"to_ids" : false ,
"type" : "text" ,
"uuid" : "5ae9aeb6-d128-4254-9af2-1271950d210f" ,
"value" : "Malicious"
}
]
} ,
{
"comment" : "Sample dropper" ,
"deleted" : false ,
"description" : "File object describing a file with meta-information" ,
"meta-category" : "file" ,
"name" : "file" ,
"template_uuid" : "688c46fb-5edb-40a3-8273-1af7923e2215" ,
"template_version" : "11" ,
"timestamp" : "1525264074" ,
"uuid" : "5ae9aeca-6de0-4888-b26b-a916950d210f" ,
"Attribute" : [
{
"category" : "Payload delivery" ,
"comment" : "" ,
"deleted" : false ,
"disable_correlation" : false ,
"object_relation" : "md5" ,
"timestamp" : "1525264074" ,
"to_ids" : true ,
"type" : "md5" ,
"uuid" : "5ae9aeca-a5f4-4d26-ac55-a916950d210f" ,
"value" : "cb9954509dc82e6bbed2aee202d88415"
} ,
{
"category" : "Payload delivery" ,
"comment" : "" ,
"deleted" : false ,
"disable_correlation" : true ,
"object_relation" : "filename" ,
"timestamp" : "1525264075" ,
"to_ids" : true ,
"type" : "filename" ,
"uuid" : "5ae9aecb-fce4-4b2e-858c-a916950d210f" ,
"value" : "%WINDOWS&\\system32\\wmipsvrce.exe"
} ,
{
"category" : "Other" ,
"comment" : "" ,
"deleted" : false ,
"disable_correlation" : true ,
"object_relation" : "state" ,
"timestamp" : "1525264075" ,
"to_ids" : false ,
"type" : "text" ,
"uuid" : "5ae9aecb-11f8-4286-9c8c-a916950d210f" ,
"value" : "Malicious"
}
]
} ,
{
"comment" : "Sample dropper" ,
"deleted" : false ,
"description" : "File object describing a file with meta-information" ,
"meta-category" : "file" ,
"name" : "file" ,
"template_uuid" : "688c46fb-5edb-40a3-8273-1af7923e2215" ,
"template_version" : "11" ,
"timestamp" : "1525264175" ,
"uuid" : "5ae9af2f-c994-4e9a-b4e5-a8d7950d210f" ,
"Attribute" : [
{
"category" : "Payload delivery" ,
"comment" : "" ,
"deleted" : false ,
"disable_correlation" : false ,
"object_relation" : "md5" ,
"timestamp" : "1525264176" ,
"to_ids" : true ,
"type" : "md5" ,
"uuid" : "5ae9af30-0668-40a7-b99d-a8d7950d210f" ,
"value" : "fac94bc2dcfbef7c3b248927cb5abf6d"
} ,
{
"category" : "Payload delivery" ,
"comment" : "" ,
"deleted" : false ,
"disable_correlation" : true ,
"object_relation" : "filename" ,
"timestamp" : "1525264176" ,
"to_ids" : true ,
"type" : "filename" ,
"uuid" : "5ae9af30-8e9c-46de-bd37-a8d7950d210f" ,
"value" : "%WINDOWS&\\system32\\wmipsvrce.exe"
} ,
{
"category" : "Other" ,
"comment" : "" ,
"deleted" : false ,
"disable_correlation" : true ,
"object_relation" : "state" ,
"timestamp" : "1525264176" ,
"to_ids" : false ,
"type" : "text" ,
"uuid" : "5ae9af30-edfc-4168-96e6-a8d7950d210f" ,
"value" : "Malicious"
}
]
} ,
{
"comment" : "Sample dropper" ,
"deleted" : false ,
"description" : "File object describing a file with meta-information" ,
"meta-category" : "file" ,
"name" : "file" ,
"template_uuid" : "688c46fb-5edb-40a3-8273-1af7923e2215" ,
"template_version" : "11" ,
"timestamp" : "1525264194" ,
"uuid" : "5ae9af42-6da8-4148-9130-a91c950d210f" ,
"Attribute" : [
{
"category" : "Payload delivery" ,
"comment" : "" ,
"deleted" : false ,
"disable_correlation" : false ,
"object_relation" : "md5" ,
"timestamp" : "1525264194" ,
"to_ids" : true ,
"type" : "md5" ,
"uuid" : "5ae9af42-f1e8-4258-8797-a91c950d210f" ,
"value" : "847459c8379250d8be2b2d365be877f5"
} ,
{
"category" : "Payload delivery" ,
"comment" : "" ,
"deleted" : false ,
"disable_correlation" : true ,
"object_relation" : "filename" ,
"timestamp" : "1525264195" ,
"to_ids" : true ,
"type" : "filename" ,
"uuid" : "5ae9af43-4a28-49ae-8b0c-a91c950d210f" ,
"value" : "%WINDOWS&\\system32\\WMIPRVSE.EXE"
} ,
{
"category" : "Other" ,
"comment" : "" ,
"deleted" : false ,
"disable_correlation" : true ,
"object_relation" : "state" ,
"timestamp" : "1525264195" ,
"to_ids" : false ,
"type" : "text" ,
"uuid" : "5ae9af43-24a4-4b2c-bd81-a91c950d210f" ,
"value" : "Malicious"
}
]
} ,
{
"comment" : "Sample dropper" ,
"deleted" : false ,
"description" : "File object describing a file with meta-information" ,
"meta-category" : "file" ,
"name" : "file" ,
"template_uuid" : "688c46fb-5edb-40a3-8273-1af7923e2215" ,
"template_version" : "11" ,
"timestamp" : "1525264251" ,
"uuid" : "5ae9af7b-e280-4f48-988e-429d950d210f" ,
"Attribute" : [
{
"category" : "Payload delivery" ,
"comment" : "" ,
"deleted" : false ,
"disable_correlation" : false ,
"object_relation" : "md5" ,
"timestamp" : "1525264252" ,
"to_ids" : true ,
"type" : "md5" ,
"uuid" : "5ae9af7c-1374-493c-8029-45fc950d210f" ,
"value" : "cb9954509dc82e6bbed2aee202d88415"
} ,
{
"category" : "Payload delivery" ,
"comment" : "" ,
"deleted" : false ,
"disable_correlation" : true ,
"object_relation" : "filename" ,
"timestamp" : "1525264252" ,
"to_ids" : true ,
"type" : "filename" ,
"uuid" : "5ae9af7c-7cd8-4ae5-be84-4bf0950d210f" ,
"value" : "%WINDOWS&\\system32\\wmiapsrvcx.exe"
} ,
{
"category" : "Other" ,
"comment" : "" ,
"deleted" : false ,
"disable_correlation" : true ,
"object_relation" : "state" ,
"timestamp" : "1525264252" ,
"to_ids" : false ,
"type" : "text" ,
"uuid" : "5ae9af7c-65c8-49ca-b7de-4169950d210f" ,
"value" : "Malicious"
}
]
} ,
{
"comment" : "Sample dropper" ,
"deleted" : false ,
"description" : "File object describing a file with meta-information" ,
"meta-category" : "file" ,
"name" : "file" ,
"template_uuid" : "688c46fb-5edb-40a3-8273-1af7923e2215" ,
"template_version" : "11" ,
"timestamp" : "1525264272" ,
"uuid" : "5ae9af90-4b54-4f8b-bc95-d2ce950d210f" ,
"Attribute" : [
{
"category" : "Payload delivery" ,
"comment" : "" ,
"deleted" : false ,
"disable_correlation" : false ,
"object_relation" : "md5" ,
"timestamp" : "1525264272" ,
"to_ids" : true ,
"type" : "md5" ,
"uuid" : "5ae9af90-27b8-403c-afb1-d2ce950d210f" ,
"value" : "856683aee9687f6fdf00cfd4dc4c2aef"
} ,
{
"category" : "Payload delivery" ,
"comment" : "" ,
"deleted" : false ,
"disable_correlation" : true ,
"object_relation" : "filename" ,
"timestamp" : "1525264273" ,
"to_ids" : true ,
"type" : "filename" ,
"uuid" : "5ae9af91-9dcc-474f-8838-d2ce950d210f" ,
"value" : "%WINDOWS&\\system32\\wmiapsrvce.exe"
} ,
{
"category" : "Other" ,
"comment" : "" ,
"deleted" : false ,
"disable_correlation" : true ,
"object_relation" : "state" ,
"timestamp" : "1525264273" ,
"to_ids" : false ,
"type" : "text" ,
"uuid" : "5ae9af91-45c0-48dc-a409-d2ce950d210f" ,
"value" : "Malicious"
}
]
} ,
{
"comment" : "Sample dropper" ,
"deleted" : false ,
"description" : "File object describing a file with meta-information" ,
"meta-category" : "file" ,
"name" : "file" ,
"template_uuid" : "688c46fb-5edb-40a3-8273-1af7923e2215" ,
"template_version" : "11" ,
"timestamp" : "1525264295" ,
"uuid" : "5ae9afa7-0db8-4409-849e-a915950d210f" ,
"Attribute" : [
{
"category" : "Payload delivery" ,
"comment" : "" ,
"deleted" : false ,
"disable_correlation" : false ,
"object_relation" : "md5" ,
"timestamp" : "1525264295" ,
"to_ids" : true ,
"type" : "md5" ,
"uuid" : "5ae9afa7-a7e0-453b-b59d-a915950d210f" ,
"value" : "cb9954509dc82e6bbed2aee202d88415"
} ,
{
"category" : "Payload delivery" ,
"comment" : "" ,
"deleted" : false ,
"disable_correlation" : true ,
"object_relation" : "filename" ,
"timestamp" : "1525264296" ,
"to_ids" : true ,
"type" : "filename" ,
"uuid" : "5ae9afa8-e904-4e90-b984-a915950d210f" ,
"value" : "%WINDOWS&\\system32\\wmipevse.exe"
} ,
{
"category" : "Other" ,
"comment" : "" ,
"deleted" : false ,
"disable_correlation" : true ,
"object_relation" : "state" ,
"timestamp" : "1525264296" ,
"to_ids" : false ,
"type" : "text" ,
"uuid" : "5ae9afa8-2ca4-4fb7-bfab-a915950d210f" ,
"value" : "Malicious"
}
]
} ,
{
"comment" : "Sample dropper" ,
"deleted" : false ,
"description" : "File object describing a file with meta-information" ,
"meta-category" : "file" ,
"name" : "file" ,
"template_uuid" : "688c46fb-5edb-40a3-8273-1af7923e2215" ,
"template_version" : "11" ,
"timestamp" : "1525264324" ,
"uuid" : "5ae9afc4-cb78-4a3e-81a2-14e1950d210f" ,
"Attribute" : [
{
"category" : "Payload delivery" ,
"comment" : "" ,
"deleted" : false ,
"disable_correlation" : false ,
"object_relation" : "md5" ,
"timestamp" : "1525264324" ,
"to_ids" : true ,
"type" : "md5" ,
"uuid" : "5ae9afc4-9a54-4bf2-ab01-14e1950d210f" ,
"value" : "7e5f76c7b5bf606b0fdc17f4ba75de03"
} ,
{
"category" : "Payload delivery" ,
"comment" : "" ,
"deleted" : false ,
"disable_correlation" : true ,
"object_relation" : "filename" ,
"timestamp" : "1525264325" ,
"to_ids" : true ,
"type" : "filename" ,
"uuid" : "5ae9afc5-bacc-416b-ab40-14e1950d210f" ,
"value" : "%WINDOWS&\\system32\\wmiapsvrcec.exe"
} ,
{
"category" : "Other" ,
"comment" : "" ,
"deleted" : false ,
"disable_correlation" : true ,
"object_relation" : "state" ,
"timestamp" : "1525264325" ,
"to_ids" : false ,
"type" : "text" ,
"uuid" : "5ae9afc5-d384-4055-b5f4-14e1950d210f" ,
"value" : "Malicious"
}
]
} ,
{
"comment" : "Sample dropper" ,
"deleted" : false ,
"description" : "File object describing a file with meta-information" ,
"meta-category" : "file" ,
"name" : "file" ,
"template_uuid" : "688c46fb-5edb-40a3-8273-1af7923e2215" ,
"template_version" : "11" ,
"timestamp" : "1525264446" ,
"uuid" : "5ae9b03e-4250-45ba-a01a-451b950d210f" ,
"Attribute" : [
{
"category" : "Payload delivery" ,
"comment" : "" ,
"deleted" : false ,
"disable_correlation" : false ,
"object_relation" : "md5" ,
"timestamp" : "1525264446" ,
"to_ids" : true ,
"type" : "md5" ,
"uuid" : "5ae9b03e-db08-45bc-9b56-4f94950d210f" ,
"value" : "177bece20ba6cc644134709a391c4a98"
} ,
{
"category" : "Payload delivery" ,
"comment" : "" ,
"deleted" : false ,
"disable_correlation" : true ,
"object_relation" : "filename" ,
"timestamp" : "1525264446" ,
"to_ids" : true ,
"type" : "filename" ,
"uuid" : "5ae9b03e-bd50-4033-9784-470b950d210f" ,
"value" : "%WINDOWS&\\system32\\wmiapservex.exe"
} ,
{
"category" : "Other" ,
"comment" : "" ,
"deleted" : false ,
"disable_correlation" : true ,
"object_relation" : "state" ,
"timestamp" : "1525264446" ,
"to_ids" : false ,
"type" : "text" ,
"uuid" : "5ae9b03e-9ce0-456b-9bc4-4515950d210f" ,
"value" : "Malicious"
}
]
} ,
{
"comment" : "Sample dropper" ,
"deleted" : false ,
"description" : "File object describing a file with meta-information" ,
"meta-category" : "file" ,
"name" : "file" ,
"template_uuid" : "688c46fb-5edb-40a3-8273-1af7923e2215" ,
"template_version" : "11" ,
"timestamp" : "1525264464" ,
"uuid" : "5ae9b050-838c-45e0-ba07-a919950d210f" ,
"Attribute" : [
{
"category" : "Payload delivery" ,
"comment" : "" ,
"deleted" : false ,
"disable_correlation" : false ,
"object_relation" : "md5" ,
"timestamp" : "1525264464" ,
"to_ids" : true ,
"type" : "md5" ,
"uuid" : "5ae9b050-1ab0-42fb-98be-a919950d210f" ,
"value" : "fac94bc2dcfbef7c3b248927cb5abf6d"
} ,
{
"category" : "Payload delivery" ,
"comment" : "" ,
"deleted" : false ,
"disable_correlation" : true ,
"object_relation" : "filename" ,
"timestamp" : "1525264464" ,
"to_ids" : true ,
"type" : "filename" ,
"uuid" : "5ae9b050-7fc0-476a-8122-a919950d210f" ,
"value" : "%WINDOWS&\\system32\\wmiapvse.exe"
} ,
{
"category" : "Other" ,
"comment" : "" ,
"deleted" : false ,
"disable_correlation" : true ,
"object_relation" : "state" ,
"timestamp" : "1525264464" ,
"to_ids" : false ,
"type" : "text" ,
"uuid" : "5ae9b050-21fc-4c4a-a41b-a919950d210f" ,
"value" : "Malicious"
}
]
} ,
{
"comment" : "Sample dropper" ,
"deleted" : false ,
"description" : "File object describing a file with meta-information" ,
"meta-category" : "file" ,
"name" : "file" ,
"template_uuid" : "688c46fb-5edb-40a3-8273-1af7923e2215" ,
"template_version" : "11" ,
"timestamp" : "1525264499" ,
"uuid" : "5ae9b073-9948-4526-af40-1259950d210f" ,
"Attribute" : [
{
"category" : "Payload delivery" ,
"comment" : "" ,
"deleted" : false ,
"disable_correlation" : false ,
"object_relation" : "md5" ,
"timestamp" : "1525264499" ,
"to_ids" : true ,
"type" : "md5" ,
"uuid" : "5ae9b073-3fd4-44b2-b7cd-1259950d210f" ,
"value" : "fac94bc2dcfbef7c3b248927cb5abf6d"
} ,
{
"category" : "Payload delivery" ,
"comment" : "" ,
"deleted" : false ,
"disable_correlation" : true ,
"object_relation" : "filename" ,
"timestamp" : "1525264499" ,
"to_ids" : true ,
"type" : "filename" ,
"uuid" : "5ae9b073-69b4-4328-afdf-1259950d210f" ,
"value" : "%WINDOWS&\\system32\\wmipsvre.exe"
} ,
{
"category" : "Other" ,
"comment" : "" ,
"deleted" : false ,
"disable_correlation" : true ,
"object_relation" : "state" ,
"timestamp" : "1525264499" ,
"to_ids" : false ,
"type" : "text" ,
"uuid" : "5ae9b073-368c-43a0-b42d-1259950d210f" ,
"value" : "Malicious"
}
]
} ,
{
"comment" : "Sample dropper" ,
"deleted" : false ,
"description" : "File object describing a file with meta-information" ,
"meta-category" : "file" ,
"name" : "file" ,
"template_uuid" : "688c46fb-5edb-40a3-8273-1af7923e2215" ,
"template_version" : "11" ,
"timestamp" : "1525264519" ,
"uuid" : "5ae9b087-b410-44c3-b88e-a917950d210f" ,
"Attribute" : [
{
"category" : "Payload delivery" ,
"comment" : "" ,
"deleted" : false ,
"disable_correlation" : false ,
"object_relation" : "md5" ,
"timestamp" : "1525264520" ,
"to_ids" : true ,
"type" : "md5" ,
"uuid" : "5ae9b088-d06c-42a3-8267-a917950d210f" ,
"value" : "3b3a1062689ffa191e58d5507d39939d"
} ,
{
"category" : "Payload delivery" ,
"comment" : "" ,
"deleted" : false ,
"disable_correlation" : true ,
"object_relation" : "filename" ,
"timestamp" : "1525264520" ,
"to_ids" : true ,
"type" : "filename" ,
"uuid" : "5ae9b088-347c-47f3-a514-a917950d210f" ,
"value" : "%WINDOWS&\\system32\\wmiapsrvex.exe"
} ,
{
"category" : "Other" ,
"comment" : "" ,
"deleted" : false ,
"disable_correlation" : true ,
"object_relation" : "state" ,
"timestamp" : "1525264520" ,
"to_ids" : false ,
"type" : "text" ,
"uuid" : "5ae9b088-1470-4e03-87a0-a917950d210f" ,
"value" : "Malicious"
}
]
} ,
{
"comment" : "Sample dropper" ,
"deleted" : false ,
"description" : "File object describing a file with meta-information" ,
"meta-category" : "file" ,
"name" : "file" ,
"template_uuid" : "688c46fb-5edb-40a3-8273-1af7923e2215" ,
"template_version" : "11" ,
"timestamp" : "1525264552" ,
"uuid" : "5ae9b0a8-bd78-4b09-a3c4-14e1950d210f" ,
"Attribute" : [
{
"category" : "Payload delivery" ,
"comment" : "" ,
"deleted" : false ,
"disable_correlation" : false ,
"object_relation" : "md5" ,
"timestamp" : "1525264553" ,
"to_ids" : true ,
"type" : "md5" ,
"uuid" : "5ae9b0a9-66dc-4de2-97ab-14e1950d210f" ,
"value" : "b59e4942f7c68c584a35d59e32adce3a"
} ,
{
"category" : "Payload delivery" ,
"comment" : "" ,
"deleted" : false ,
"disable_correlation" : true ,
"object_relation" : "filename" ,
"timestamp" : "1525264553" ,
"to_ids" : true ,
"type" : "filename" ,
"uuid" : "5ae9b0a9-9244-4895-af09-14e1950d210f" ,
"value" : "%WINDOWS&\\system32\\wmiapsrve.exe"
} ,
{
"category" : "Other" ,
"comment" : "" ,
"deleted" : false ,
"disable_correlation" : true ,
"object_relation" : "state" ,
"timestamp" : "1525264553" ,
"to_ids" : false ,
"type" : "text" ,
"uuid" : "5ae9b0a9-d8ec-499e-b4d2-14e1950d210f" ,
"value" : "Malicious"
}
]
} ,
{
"comment" : "Sample dropper" ,
"deleted" : false ,
"description" : "File object describing a file with meta-information" ,
"meta-category" : "file" ,
"name" : "file" ,
"template_uuid" : "688c46fb-5edb-40a3-8273-1af7923e2215" ,
"template_version" : "11" ,
"timestamp" : "1525264635" ,
"uuid" : "5ae9b0fb-156c-4a3d-9cf5-a8d7950d210f" ,
"Attribute" : [
{
"category" : "Payload delivery" ,
"comment" : "" ,
"deleted" : false ,
"disable_correlation" : false ,
"object_relation" : "md5" ,
"timestamp" : "1525264635" ,
"to_ids" : true ,
"type" : "md5" ,
"uuid" : "5ae9b0fb-d900-495b-920d-a8d7950d210f" ,
"value" : "81e61e5f44a6a476983e7a90bdac6a55"
} ,
{
"category" : "Payload delivery" ,
"comment" : "" ,
"deleted" : false ,
"disable_correlation" : true ,
"object_relation" : "filename" ,
"timestamp" : "1525264635" ,
"to_ids" : true ,
"type" : "filename" ,
"uuid" : "5ae9b0fb-9d38-4fb9-a6d2-a8d7950d210f" ,
"value" : "%WINDOWS&\\system32\\WMIAPSRVCX.EXE"
} ,
{
"category" : "Other" ,
"comment" : "" ,
"deleted" : false ,
"disable_correlation" : true ,
"object_relation" : "state" ,
"timestamp" : "1525264635" ,
"to_ids" : false ,
"type" : "text" ,
"uuid" : "5ae9b0fb-bd7c-4cb7-80d7-a8d7950d210f" ,
"value" : "Malicious"
}
]
} ,
{
"comment" : "" ,
"deleted" : false ,
"description" : "File object describing a file with meta-information" ,
"meta-category" : "file" ,
"name" : "file" ,
"template_uuid" : "688c46fb-5edb-40a3-8273-1af7923e2215" ,
"template_version" : "7" ,
"timestamp" : "1525356904" ,
"uuid" : "f7491bdd-1ef0-4396-8ce0-9836ecc6cb69" ,
"ObjectReference" : [
{
"comment" : "" ,
"object_uuid" : "f7491bdd-1ef0-4396-8ce0-9836ecc6cb69" ,
"referenced_uuid" : "61af3dd7-d2d0-4190-b3b3-548c2731036a" ,
2023-04-21 13:25:09 +00:00
"relationship_type" : "analysed-with" ,
2023-12-14 14:30:15 +00:00
"timestamp" : "1525356921" ,
"uuid" : "5aeb1979-e400-4906-98aa-4eac02de0b81"
}
] ,
"Attribute" : [
{
"category" : "Payload delivery" ,
"comment" : "" ,
"deleted" : false ,
"disable_correlation" : false ,
"object_relation" : "md5" ,
"timestamp" : "1525356901" ,
"to_ids" : true ,
"type" : "md5" ,
"uuid" : "5aeb1965-73b4-427b-b296-443702de0b81" ,
"value" : "cb9954509dc82e6bbed2aee202d88415"
} ,
{
"category" : "Payload delivery" ,
"comment" : "" ,
"deleted" : false ,
"disable_correlation" : false ,
"object_relation" : "sha1" ,
"timestamp" : "1525356902" ,
"to_ids" : true ,
"type" : "sha1" ,
"uuid" : "5aeb1966-88f8-41a8-9df4-4d5202de0b81" ,
"value" : "c6a56cd07bfeb45b2fecdf938927e3c5a5a3e38e"
} ,
{
"category" : "Payload delivery" ,
"comment" : "" ,
"deleted" : false ,
"disable_correlation" : false ,
"object_relation" : "sha256" ,
"timestamp" : "1525356902" ,
"to_ids" : true ,
"type" : "sha256" ,
"uuid" : "5aeb1966-d85c-4ca8-9c84-4ca402de0b81" ,
"value" : "f8022b973900c783fd861ede7d0ac02f665c041b9cd0641be7318999fb82ce8f"
}
]
} ,
{
"comment" : "" ,
"deleted" : false ,
"description" : "VirusTotal report" ,
"meta-category" : "misc" ,
"name" : "virustotal-report" ,
"template_uuid" : "d7dd0154-e04f-4c34-a2fb-79f3a3a52aa4" ,
"template_version" : "1" ,
"timestamp" : "1525356902" ,
"uuid" : "61af3dd7-d2d0-4190-b3b3-548c2731036a" ,
"Attribute" : [
{
"category" : "Other" ,
"comment" : "" ,
"deleted" : false ,
"disable_correlation" : false ,
"object_relation" : "last-submission" ,
"timestamp" : "1525356902" ,
"to_ids" : false ,
"type" : "datetime" ,
"uuid" : "5aeb1966-941c-4475-a931-4b7602de0b81" ,
"value" : "2018-05-02T08:11:41"
} ,
{
"category" : "Other" ,
"comment" : "" ,
"deleted" : false ,
"disable_correlation" : true ,
"object_relation" : "detection-ratio" ,
"timestamp" : "1525356903" ,
"to_ids" : false ,
"type" : "text" ,
"uuid" : "5aeb1967-9ec8-47d7-bd4e-429902de0b81" ,
"value" : "49/67"
} ,
{
"category" : "External analysis" ,
"comment" : "" ,
"deleted" : false ,
"disable_correlation" : false ,
"object_relation" : "permalink" ,
"timestamp" : "1525356903" ,
"to_ids" : false ,
"type" : "link" ,
"uuid" : "5aeb1967-b0d0-42bd-a93e-4df202de0b81" ,
"value" : "https://www.virustotal.com/file/f8022b973900c783fd861ede7d0ac02f665c041b9cd0641be7318999fb82ce8f/analysis/1525248701/"
}
]
} ,
{
"comment" : "" ,
"deleted" : false ,
"description" : "File object describing a file with meta-information" ,
"meta-category" : "file" ,
"name" : "file" ,
"template_uuid" : "688c46fb-5edb-40a3-8273-1af7923e2215" ,
"template_version" : "7" ,
"timestamp" : "1525356906" ,
"uuid" : "a865d3fe-d34a-46f0-a584-b0407e02886b" ,
"ObjectReference" : [
{
"comment" : "" ,
"object_uuid" : "a865d3fe-d34a-46f0-a584-b0407e02886b" ,
"referenced_uuid" : "1e274a7c-acc3-4c97-8de6-2713c49af382" ,
2023-04-21 13:25:09 +00:00
"relationship_type" : "analysed-with" ,
2023-12-14 14:30:15 +00:00
"timestamp" : "1525356921" ,
"uuid" : "5aeb1979-e1b0-46f3-8d06-42cf02de0b81"
}
] ,
"Attribute" : [
{
"category" : "Payload delivery" ,
"comment" : "" ,
"deleted" : false ,
"disable_correlation" : false ,
"object_relation" : "md5" ,
"timestamp" : "1525356903" ,
"to_ids" : true ,
"type" : "md5" ,
"uuid" : "5aeb1967-01c8-4bc9-83de-4c9f02de0b81" ,
"value" : "3b3a1062689ffa191e58d5507d39939d"
} ,
{
"category" : "Payload delivery" ,
"comment" : "" ,
"deleted" : false ,
"disable_correlation" : false ,
"object_relation" : "sha1" ,
"timestamp" : "1525356904" ,
"to_ids" : true ,
"type" : "sha1" ,
"uuid" : "5aeb1968-79e4-40ff-8018-4ee102de0b81" ,
"value" : "ce3e75f6f8b187656d18618756da68aac135b334"
} ,
{
"category" : "Payload delivery" ,
"comment" : "" ,
"deleted" : false ,
"disable_correlation" : false ,
"object_relation" : "sha256" ,
"timestamp" : "1525356904" ,
"to_ids" : true ,
"type" : "sha256" ,
"uuid" : "5aeb1968-40e0-433d-9521-4e5c02de0b81" ,
"value" : "ea61bcd4774ce2b6ab364a7831f36e010214be2ba2e6daa7dcba10b7e229ddfa"
}
]
} ,
{
"comment" : "" ,
"deleted" : false ,
"description" : "VirusTotal report" ,
"meta-category" : "misc" ,
"name" : "virustotal-report" ,
"template_uuid" : "d7dd0154-e04f-4c34-a2fb-79f3a3a52aa4" ,
"template_version" : "1" ,
"timestamp" : "1525356905" ,
"uuid" : "1e274a7c-acc3-4c97-8de6-2713c49af382" ,
"Attribute" : [
{
"category" : "Other" ,
"comment" : "" ,
"deleted" : false ,
"disable_correlation" : false ,
"object_relation" : "last-submission" ,
"timestamp" : "1525356905" ,
"to_ids" : false ,
"type" : "datetime" ,
"uuid" : "5aeb1969-c000-40c0-b728-479302de0b81" ,
"value" : "2018-05-02T23:44:54"
} ,
{
"category" : "Other" ,
"comment" : "" ,
"deleted" : false ,
"disable_correlation" : true ,
"object_relation" : "detection-ratio" ,
"timestamp" : "1525356905" ,
"to_ids" : false ,
"type" : "text" ,
"uuid" : "5aeb1969-7f48-46ae-9f64-430202de0b81" ,
"value" : "44/61"
} ,
{
"category" : "External analysis" ,
"comment" : "" ,
"deleted" : false ,
"disable_correlation" : false ,
"object_relation" : "permalink" ,
"timestamp" : "1525356905" ,
"to_ids" : false ,
"type" : "link" ,
"uuid" : "5aeb1969-9edc-4fcd-956f-47ce02de0b81" ,
"value" : "https://www.virustotal.com/file/ea61bcd4774ce2b6ab364a7831f36e010214be2ba2e6daa7dcba10b7e229ddfa/analysis/1525304694/"
}
]
} ,
{
"comment" : "" ,
"deleted" : false ,
"description" : "File object describing a file with meta-information" ,
"meta-category" : "file" ,
"name" : "file" ,
"template_uuid" : "688c46fb-5edb-40a3-8273-1af7923e2215" ,
"template_version" : "7" ,
"timestamp" : "1525356909" ,
"uuid" : "6d1f2a52-688f-488d-8079-9fd7231bafe1" ,
"ObjectReference" : [
{
"comment" : "" ,
"object_uuid" : "6d1f2a52-688f-488d-8079-9fd7231bafe1" ,
"referenced_uuid" : "3e9b9cdf-67b5-4f5a-b249-8968780d6edd" ,
2023-04-21 13:25:09 +00:00
"relationship_type" : "analysed-with" ,
2023-12-14 14:30:15 +00:00
"timestamp" : "1525356921" ,
"uuid" : "5aeb1979-e2f8-4f40-aa72-442302de0b81"
}
] ,
"Attribute" : [
{
"category" : "Payload delivery" ,
"comment" : "" ,
"deleted" : false ,
"disable_correlation" : false ,
"object_relation" : "md5" ,
"timestamp" : "1525356906" ,
"to_ids" : true ,
"type" : "md5" ,
"uuid" : "5aeb196a-ac18-403e-8723-4b7d02de0b81" ,
"value" : "7e5f76c7b5bf606b0fdc17f4ba75de03"
} ,
{
"category" : "Payload delivery" ,
"comment" : "" ,
"deleted" : false ,
"disable_correlation" : false ,
"object_relation" : "sha1" ,
"timestamp" : "1525356906" ,
"to_ids" : true ,
"type" : "sha1" ,
"uuid" : "5aeb196a-e85c-44ff-84ca-404102de0b81" ,
"value" : "20c30a82cc974cf1ef21dbcd94dfba73d7c4b723"
} ,
{
"category" : "Payload delivery" ,
"comment" : "" ,
"deleted" : false ,
"disable_correlation" : false ,
"object_relation" : "sha256" ,
"timestamp" : "1525356906" ,
"to_ids" : true ,
"type" : "sha256" ,
"uuid" : "5aeb196b-3bbc-44fa-a766-451402de0b81" ,
"value" : "a37bf368f0285ac938e1477c1c0230d28e8f39717ddded2fd82b00190cdf090e"
}
]
} ,
{
"comment" : "" ,
"deleted" : false ,
"description" : "VirusTotal report" ,
"meta-category" : "misc" ,
"name" : "virustotal-report" ,
"template_uuid" : "d7dd0154-e04f-4c34-a2fb-79f3a3a52aa4" ,
"template_version" : "1" ,
"timestamp" : "1525356907" ,
"uuid" : "3e9b9cdf-67b5-4f5a-b249-8968780d6edd" ,
"Attribute" : [
{
"category" : "Other" ,
"comment" : "" ,
"deleted" : false ,
"disable_correlation" : false ,
"object_relation" : "last-submission" ,
"timestamp" : "1525356907" ,
"to_ids" : false ,
"type" : "datetime" ,
"uuid" : "5aeb196b-3f60-46bf-a12d-4eff02de0b81" ,
"value" : "2018-05-02T23:54:13"
} ,
{
"category" : "Other" ,
"comment" : "" ,
"deleted" : false ,
"disable_correlation" : true ,
"object_relation" : "detection-ratio" ,
"timestamp" : "1525356907" ,
"to_ids" : false ,
"type" : "text" ,
"uuid" : "5aeb196b-9198-4e89-9df3-41f002de0b81" ,
"value" : "51/67"
} ,
{
"category" : "External analysis" ,
"comment" : "" ,
"deleted" : false ,
"disable_correlation" : false ,
"object_relation" : "permalink" ,
"timestamp" : "1525356907" ,
"to_ids" : false ,
"type" : "link" ,
"uuid" : "5aeb196b-9170-4cdd-bdac-421002de0b81" ,
"value" : "https://www.virustotal.com/file/a37bf368f0285ac938e1477c1c0230d28e8f39717ddded2fd82b00190cdf090e/analysis/1525305253/"
}
]
} ,
{
"comment" : "" ,
"deleted" : false ,
"description" : "File object describing a file with meta-information" ,
"meta-category" : "file" ,
"name" : "file" ,
"template_uuid" : "688c46fb-5edb-40a3-8273-1af7923e2215" ,
"template_version" : "7" ,
"timestamp" : "1525356911" ,
"uuid" : "82912a16-0d33-442a-ad32-2f7b1974a1ba" ,
"ObjectReference" : [
{
"comment" : "" ,
"object_uuid" : "82912a16-0d33-442a-ad32-2f7b1974a1ba" ,
"referenced_uuid" : "3aeb74b0-13be-4c9a-9713-99b92c0f3b22" ,
2023-04-21 13:25:09 +00:00
"relationship_type" : "analysed-with" ,
2023-12-14 14:30:15 +00:00
"timestamp" : "1525356922" ,
"uuid" : "5aeb197a-6e30-4459-94fa-425002de0b81"
}
] ,
"Attribute" : [
{
"category" : "Payload delivery" ,
"comment" : "" ,
"deleted" : false ,
"disable_correlation" : false ,
"object_relation" : "md5" ,
"timestamp" : "1525356908" ,
"to_ids" : true ,
"type" : "md5" ,
"uuid" : "5aeb196c-1b6c-432f-93c4-46ab02de0b81" ,
"value" : "290d8e8524e57783e8cc1b9a3445dfe9"
} ,
{
"category" : "Payload delivery" ,
"comment" : "" ,
"deleted" : false ,
"disable_correlation" : false ,
"object_relation" : "sha1" ,
"timestamp" : "1525356908" ,
"to_ids" : true ,
"type" : "sha1" ,
"uuid" : "5aeb196c-8a20-4c57-a1c2-428002de0b81" ,
"value" : "3adbb352b23e8750d993e3df27904b0e5a466016"
} ,
{
"category" : "Payload delivery" ,
"comment" : "" ,
"deleted" : false ,
"disable_correlation" : false ,
"object_relation" : "sha256" ,
"timestamp" : "1525356909" ,
"to_ids" : true ,
"type" : "sha256" ,
"uuid" : "5aeb196d-0650-417f-a78a-44b902de0b81" ,
"value" : "15fc575b0278281541212e393f03278d47ea03d26693efeec8e16261735bc634"
}
]
} ,
{
"comment" : "" ,
"deleted" : false ,
"description" : "VirusTotal report" ,
"meta-category" : "misc" ,
"name" : "virustotal-report" ,
"template_uuid" : "d7dd0154-e04f-4c34-a2fb-79f3a3a52aa4" ,
"template_version" : "1" ,
"timestamp" : "1525356909" ,
"uuid" : "3aeb74b0-13be-4c9a-9713-99b92c0f3b22" ,
"Attribute" : [
{
"category" : "Other" ,
"comment" : "" ,
"deleted" : false ,
"disable_correlation" : false ,
"object_relation" : "last-submission" ,
"timestamp" : "1525356909" ,
"to_ids" : false ,
"type" : "datetime" ,
"uuid" : "5aeb196d-7bac-4208-83b6-473902de0b81" ,
"value" : "2018-05-02T23:42:09"
} ,
{
"category" : "Other" ,
"comment" : "" ,
"deleted" : false ,
"disable_correlation" : true ,
"object_relation" : "detection-ratio" ,
"timestamp" : "1525356910" ,
"to_ids" : false ,
"type" : "text" ,
"uuid" : "5aeb196e-246c-4a4f-9303-49ac02de0b81" ,
"value" : "50/68"
} ,
{
"category" : "External analysis" ,
"comment" : "" ,
"deleted" : false ,
"disable_correlation" : false ,
"object_relation" : "permalink" ,
"timestamp" : "1525356910" ,
"to_ids" : false ,
"type" : "link" ,
"uuid" : "5aeb196e-ace4-4977-b065-45d402de0b81" ,
"value" : "https://www.virustotal.com/file/15fc575b0278281541212e393f03278d47ea03d26693efeec8e16261735bc634/analysis/1525304529/"
}
]
} ,
{
"comment" : "" ,
"deleted" : false ,
"description" : "File object describing a file with meta-information" ,
"meta-category" : "file" ,
"name" : "file" ,
"template_uuid" : "688c46fb-5edb-40a3-8273-1af7923e2215" ,
"template_version" : "7" ,
"timestamp" : "1525356913" ,
"uuid" : "0f5e820b-d877-4907-bc53-935e590a0057" ,
"ObjectReference" : [
{
"comment" : "" ,
"object_uuid" : "0f5e820b-d877-4907-bc53-935e590a0057" ,
"referenced_uuid" : "b0bd7aa6-f585-43f8-8455-957d88f83037" ,
2023-04-21 13:25:09 +00:00
"relationship_type" : "analysed-with" ,
2023-12-14 14:30:15 +00:00
"timestamp" : "1525356922" ,
"uuid" : "5aeb197a-f8fc-4895-a01e-490302de0b81"
}
] ,
"Attribute" : [
{
"category" : "Payload delivery" ,
"comment" : "" ,
"deleted" : false ,
"disable_correlation" : false ,
"object_relation" : "md5" ,
"timestamp" : "1525356910" ,
"to_ids" : true ,
"type" : "md5" ,
"uuid" : "5aeb196e-ed88-41c8-9cc4-48cb02de0b81" ,
"value" : "6277e675d335fd69a3ff13a465f6b0a8"
} ,
{
"category" : "Payload delivery" ,
"comment" : "" ,
"deleted" : false ,
"disable_correlation" : false ,
"object_relation" : "sha1" ,
"timestamp" : "1525356911" ,
"to_ids" : true ,
"type" : "sha1" ,
"uuid" : "5aeb196f-e7d8-47ce-a28c-49ac02de0b81" ,
"value" : "3f5ea936f02187e3e6297c410e260e71ca11e14b"
} ,
{
"category" : "Payload delivery" ,
"comment" : "" ,
"deleted" : false ,
"disable_correlation" : false ,
"object_relation" : "sha256" ,
"timestamp" : "1525356911" ,
"to_ids" : true ,
"type" : "sha256" ,
"uuid" : "5aeb196f-3e5c-41c7-8cd9-475802de0b81" ,
"value" : "6f7173b7ae87b5f3262e24a5177dbbd4413d999627f767754f08d8289f359bb3"
}
]
} ,
{
"comment" : "" ,
"deleted" : false ,
"description" : "VirusTotal report" ,
"meta-category" : "misc" ,
"name" : "virustotal-report" ,
"template_uuid" : "d7dd0154-e04f-4c34-a2fb-79f3a3a52aa4" ,
"template_version" : "1" ,
"timestamp" : "1525356911" ,
"uuid" : "b0bd7aa6-f585-43f8-8455-957d88f83037" ,
"Attribute" : [
{
"category" : "Other" ,
"comment" : "" ,
"deleted" : false ,
"disable_correlation" : false ,
"object_relation" : "last-submission" ,
"timestamp" : "1525356911" ,
"to_ids" : false ,
"type" : "datetime" ,
"uuid" : "5aeb196f-2fec-4b91-8a76-4ba402de0b81" ,
"value" : "2018-05-02T23:50:05"
} ,
{
"category" : "Other" ,
"comment" : "" ,
"deleted" : false ,
"disable_correlation" : true ,
"object_relation" : "detection-ratio" ,
"timestamp" : "1525356912" ,
"to_ids" : false ,
"type" : "text" ,
"uuid" : "5aeb1970-4b80-4b70-abec-4e2002de0b81" ,
"value" : "53/67"
} ,
{
"category" : "External analysis" ,
"comment" : "" ,
"deleted" : false ,
"disable_correlation" : false ,
"object_relation" : "permalink" ,
"timestamp" : "1525356912" ,
"to_ids" : false ,
"type" : "link" ,
"uuid" : "5aeb1970-a68c-45db-8def-43fe02de0b81" ,
"value" : "https://www.virustotal.com/file/6f7173b7ae87b5f3262e24a5177dbbd4413d999627f767754f08d8289f359bb3/analysis/1525305005/"
}
]
} ,
{
"comment" : "" ,
"deleted" : false ,
"description" : "File object describing a file with meta-information" ,
"meta-category" : "file" ,
"name" : "file" ,
"template_uuid" : "688c46fb-5edb-40a3-8273-1af7923e2215" ,
"template_version" : "7" ,
"timestamp" : "1525356915" ,
"uuid" : "bda9edae-72a1-4ae8-905b-e8b58791c3f8" ,
"ObjectReference" : [
{
"comment" : "" ,
"object_uuid" : "bda9edae-72a1-4ae8-905b-e8b58791c3f8" ,
"referenced_uuid" : "eed7363d-d9df-4c60-8023-379e611f1e42" ,
2023-04-21 13:25:09 +00:00
"relationship_type" : "analysed-with" ,
2023-12-14 14:30:15 +00:00
"timestamp" : "1525356922" ,
"uuid" : "5aeb197a-1c20-4a1b-980d-432b02de0b81"
}
] ,
"Attribute" : [
{
"category" : "Payload delivery" ,
"comment" : "" ,
"deleted" : false ,
"disable_correlation" : false ,
"object_relation" : "md5" ,
"timestamp" : "1525356912" ,
"to_ids" : true ,
"type" : "md5" ,
"uuid" : "5aeb1970-51cc-4970-b40e-4aef02de0b81" ,
"value" : "939e76888bdeb628405e1b8be963273c"
} ,
{
"category" : "Payload delivery" ,
"comment" : "" ,
"deleted" : false ,
"disable_correlation" : false ,
"object_relation" : "sha1" ,
"timestamp" : "1525356913" ,
"to_ids" : true ,
"type" : "sha1" ,
"uuid" : "5aeb1971-5c10-4750-8406-410802de0b81" ,
"value" : "a59de3e9f8c0b684575df7cac9cfe2d84ba26d6f"
} ,
{
"category" : "Payload delivery" ,
"comment" : "" ,
"deleted" : false ,
"disable_correlation" : false ,
"object_relation" : "sha256" ,
"timestamp" : "1525356913" ,
"to_ids" : true ,
"type" : "sha256" ,
"uuid" : "5aeb1971-fdd0-40d4-b3c6-439102de0b81" ,
"value" : "7bb12284fc28fbb270507c410afdc21c60bde5d34d59de67f78796c09f5ccd9c"
}
]
} ,
{
"comment" : "" ,
"deleted" : false ,
"description" : "VirusTotal report" ,
"meta-category" : "misc" ,
"name" : "virustotal-report" ,
"template_uuid" : "d7dd0154-e04f-4c34-a2fb-79f3a3a52aa4" ,
"template_version" : "1" ,
"timestamp" : "1525356914" ,
"uuid" : "eed7363d-d9df-4c60-8023-379e611f1e42" ,
"Attribute" : [
{
"category" : "Other" ,
"comment" : "" ,
"deleted" : false ,
"disable_correlation" : false ,
"object_relation" : "last-submission" ,
"timestamp" : "1525356914" ,
"to_ids" : false ,
"type" : "datetime" ,
"uuid" : "5aeb1972-f48c-4a84-aa20-4f3802de0b81" ,
"value" : "2018-05-02T23:56:59"
} ,
{
"category" : "Other" ,
"comment" : "" ,
"deleted" : false ,
"disable_correlation" : true ,
"object_relation" : "detection-ratio" ,
"timestamp" : "1525356914" ,
"to_ids" : false ,
"type" : "text" ,
"uuid" : "5aeb1972-5a28-467a-a30b-425202de0b81" ,
"value" : "50/67"
} ,
{
"category" : "External analysis" ,
"comment" : "" ,
"deleted" : false ,
"disable_correlation" : false ,
"object_relation" : "permalink" ,
"timestamp" : "1525356914" ,
"to_ids" : false ,
"type" : "link" ,
"uuid" : "5aeb1972-5c7c-4efa-812a-40f402de0b81" ,
"value" : "https://www.virustotal.com/file/7bb12284fc28fbb270507c410afdc21c60bde5d34d59de67f78796c09f5ccd9c/analysis/1525305419/"
}
]
} ,
{
"comment" : "" ,
"deleted" : false ,
"description" : "File object describing a file with meta-information" ,
"meta-category" : "file" ,
"name" : "file" ,
"template_uuid" : "688c46fb-5edb-40a3-8273-1af7923e2215" ,
"template_version" : "7" ,
"timestamp" : "1525356918" ,
"uuid" : "043f490a-6ddc-4a71-b2ee-449dbc922568" ,
"ObjectReference" : [
{
"comment" : "" ,
"object_uuid" : "043f490a-6ddc-4a71-b2ee-449dbc922568" ,
"referenced_uuid" : "72bc8ab4-e347-4bf0-8ed4-ce5f95d0db56" ,
2023-04-21 13:25:09 +00:00
"relationship_type" : "analysed-with" ,
2023-12-14 14:30:15 +00:00
"timestamp" : "1525356922" ,
"uuid" : "5aeb197a-0c38-45ac-aaf8-4a2702de0b81"
}
] ,
"Attribute" : [
{
"category" : "Payload delivery" ,
"comment" : "" ,
"deleted" : false ,
"disable_correlation" : false ,
"object_relation" : "md5" ,
"timestamp" : "1525356915" ,
"to_ids" : true ,
"type" : "md5" ,
"uuid" : "5aeb1973-c1dc-4e06-a7f0-4a1402de0b81" ,
"value" : "fac94bc2dcfbef7c3b248927cb5abf6d"
} ,
{
"category" : "Payload delivery" ,
"comment" : "" ,
"deleted" : false ,
"disable_correlation" : false ,
"object_relation" : "sha1" ,
"timestamp" : "1525356915" ,
"to_ids" : true ,
"type" : "sha1" ,
"uuid" : "5aeb1973-e7b0-4ebd-b69b-4d9802de0b81" ,
"value" : "20b7e624eaa2da04867a9229e9aca41f952917c0"
} ,
{
"category" : "Payload delivery" ,
"comment" : "" ,
"deleted" : false ,
"disable_correlation" : false ,
"object_relation" : "sha256" ,
"timestamp" : "1525356915" ,
"to_ids" : true ,
"type" : "sha256" ,
"uuid" : "5aeb1973-1f70-420f-9ce4-48ef02de0b81" ,
"value" : "3e7181fd3e893e6b13cc40ed70afa549c8aaf37fe9bee22445b8bd912d7bc522"
}
]
} ,
{
"comment" : "" ,
"deleted" : false ,
"description" : "VirusTotal report" ,
"meta-category" : "misc" ,
"name" : "virustotal-report" ,
"template_uuid" : "d7dd0154-e04f-4c34-a2fb-79f3a3a52aa4" ,
"template_version" : "1" ,
"timestamp" : "1525356916" ,
"uuid" : "72bc8ab4-e347-4bf0-8ed4-ce5f95d0db56" ,
"Attribute" : [
{
"category" : "Other" ,
"comment" : "" ,
"deleted" : false ,
"disable_correlation" : false ,
"object_relation" : "last-submission" ,
"timestamp" : "1525356916" ,
"to_ids" : false ,
"type" : "datetime" ,
"uuid" : "5aeb1974-8f10-40c6-a1bc-498002de0b81" ,
"value" : "2018-04-26T05:35:08"
} ,
{
"category" : "Other" ,
"comment" : "" ,
"deleted" : false ,
"disable_correlation" : true ,
"object_relation" : "detection-ratio" ,
"timestamp" : "1525356916" ,
"to_ids" : false ,
"type" : "text" ,
"uuid" : "5aeb1974-3194-46b2-82c4-4db002de0b81" ,
"value" : "46/67"
} ,
{
"category" : "External analysis" ,
"comment" : "" ,
"deleted" : false ,
"disable_correlation" : false ,
"object_relation" : "permalink" ,
"timestamp" : "1525356916" ,
"to_ids" : false ,
"type" : "link" ,
"uuid" : "5aeb1974-229c-4d4d-8cfa-446302de0b81" ,
"value" : "https://www.virustotal.com/file/3e7181fd3e893e6b13cc40ed70afa549c8aaf37fe9bee22445b8bd912d7bc522/analysis/1524720908/"
}
]
} ,
{
"comment" : "" ,
"deleted" : false ,
"description" : "File object describing a file with meta-information" ,
"meta-category" : "file" ,
"name" : "file" ,
"template_uuid" : "688c46fb-5edb-40a3-8273-1af7923e2215" ,
"template_version" : "7" ,
"timestamp" : "1525356920" ,
"uuid" : "3b5e6f4e-964d-43ed-b937-946ece94d05b" ,
"ObjectReference" : [
{
"comment" : "" ,
"object_uuid" : "3b5e6f4e-964d-43ed-b937-946ece94d05b" ,
"referenced_uuid" : "44fd254d-c2d4-4ee6-8fca-43ed18455c97" ,
2023-04-21 13:25:09 +00:00
"relationship_type" : "analysed-with" ,
2023-12-14 14:30:15 +00:00
"timestamp" : "1525356922" ,
"uuid" : "5aeb197a-86bc-4600-af34-426702de0b81"
}
] ,
"Attribute" : [
{
"category" : "Payload delivery" ,
"comment" : "" ,
"deleted" : false ,
"disable_correlation" : false ,
"object_relation" : "md5" ,
"timestamp" : "1525356917" ,
"to_ids" : true ,
"type" : "md5" ,
"uuid" : "5aeb1975-7448-46ca-8d18-4f7102de0b81" ,
"value" : "5c3499acfe0ad7563b367fbf7fb2928c"
} ,
{
"category" : "Payload delivery" ,
"comment" : "" ,
"deleted" : false ,
"disable_correlation" : false ,
"object_relation" : "sha1" ,
"timestamp" : "1525356917" ,
"to_ids" : true ,
"type" : "sha1" ,
"uuid" : "5aeb1975-9c48-4de7-bf79-495402de0b81" ,
"value" : "d1e791f3f8c79d76d4629b9360e1104156682899"
} ,
{
"category" : "Payload delivery" ,
"comment" : "" ,
"deleted" : false ,
"disable_correlation" : false ,
"object_relation" : "sha256" ,
"timestamp" : "1525356918" ,
"to_ids" : true ,
"type" : "sha256" ,
"uuid" : "5aeb1976-16ac-4483-a455-412102de0b81" ,
"value" : "c5b9406fdbe2c7bb1d516d1d270568c54a6e0002a4506668aaad9ff13298c3f2"
}
]
} ,
{
"comment" : "" ,
"deleted" : false ,
"description" : "VirusTotal report" ,
"meta-category" : "misc" ,
"name" : "virustotal-report" ,
"template_uuid" : "d7dd0154-e04f-4c34-a2fb-79f3a3a52aa4" ,
"template_version" : "1" ,
"timestamp" : "1525356918" ,
"uuid" : "44fd254d-c2d4-4ee6-8fca-43ed18455c97" ,
"Attribute" : [
{
"category" : "Other" ,
"comment" : "" ,
"deleted" : false ,
"disable_correlation" : false ,
"object_relation" : "last-submission" ,
"timestamp" : "1525356918" ,
"to_ids" : false ,
"type" : "datetime" ,
"uuid" : "5aeb1976-f414-4f8e-bf56-40a802de0b81" ,
"value" : "2018-05-02T23:49:34"
} ,
{
"category" : "Other" ,
"comment" : "" ,
"deleted" : false ,
"disable_correlation" : true ,
"object_relation" : "detection-ratio" ,
"timestamp" : "1525356919" ,
"to_ids" : false ,
"type" : "text" ,
"uuid" : "5aeb1977-9cf4-48d2-a835-494102de0b81" ,
"value" : "52/67"
} ,
{
"category" : "External analysis" ,
"comment" : "" ,
"deleted" : false ,
"disable_correlation" : false ,
"object_relation" : "permalink" ,
"timestamp" : "1525356919" ,
"to_ids" : false ,
"type" : "link" ,
"uuid" : "5aeb1977-0154-4c93-97fd-475202de0b81" ,
"value" : "https://www.virustotal.com/file/c5b9406fdbe2c7bb1d516d1d270568c54a6e0002a4506668aaad9ff13298c3f2/analysis/1525304974/"
}
]
} ,
{
"comment" : "" ,
"deleted" : false ,
"description" : "File object describing a file with meta-information" ,
"meta-category" : "file" ,
"name" : "file" ,
"template_uuid" : "688c46fb-5edb-40a3-8273-1af7923e2215" ,
"template_version" : "7" ,
"timestamp" : "1525356922" ,
"uuid" : "7a13163b-13c1-4226-8036-8c1bb5afe2e1" ,
"ObjectReference" : [
{
"comment" : "" ,
"object_uuid" : "7a13163b-13c1-4226-8036-8c1bb5afe2e1" ,
"referenced_uuid" : "1c82ca99-3349-4041-a7d1-27347301b8f7" ,
2023-04-21 13:25:09 +00:00
"relationship_type" : "analysed-with" ,
2023-12-14 14:30:15 +00:00
"timestamp" : "1525356922" ,
"uuid" : "5aeb197a-5d90-4971-b0bf-4af502de0b81"
}
] ,
"Attribute" : [
{
"category" : "Payload delivery" ,
"comment" : "" ,
"deleted" : false ,
"disable_correlation" : false ,
"object_relation" : "md5" ,
"timestamp" : "1525356919" ,
"to_ids" : true ,
"type" : "md5" ,
"uuid" : "5aeb1977-6c88-46f4-8fee-425c02de0b81" ,
"value" : "0240ed7e45567f606793dafaff024acf"
} ,
{
"category" : "Payload delivery" ,
"comment" : "" ,
"deleted" : false ,
"disable_correlation" : false ,
"object_relation" : "sha1" ,
"timestamp" : "1525356920" ,
"to_ids" : true ,
"type" : "sha1" ,
"uuid" : "5aeb1978-a19c-4023-b70b-408d02de0b81" ,
"value" : "2646a18fdd6a7a2063b3443283ec1159696c1339"
} ,
{
"category" : "Payload delivery" ,
"comment" : "" ,
"deleted" : false ,
"disable_correlation" : false ,
"object_relation" : "sha256" ,
"timestamp" : "1525356920" ,
"to_ids" : true ,
"type" : "sha256" ,
"uuid" : "5aeb1978-c430-418e-a360-497202de0b81" ,
"value" : "14461260f9b3988d4eb4e46bc7d9861172266a9a01bf15c57916a9e4f9dc0618"
}
]
} ,
{
"comment" : "" ,
"deleted" : false ,
"description" : "VirusTotal report" ,
"meta-category" : "misc" ,
"name" : "virustotal-report" ,
"template_uuid" : "d7dd0154-e04f-4c34-a2fb-79f3a3a52aa4" ,
"template_version" : "1" ,
"timestamp" : "1525356920" ,
"uuid" : "1c82ca99-3349-4041-a7d1-27347301b8f7" ,
"Attribute" : [
{
"category" : "Other" ,
"comment" : "" ,
"deleted" : false ,
"disable_correlation" : false ,
"object_relation" : "last-submission" ,
"timestamp" : "1525356920" ,
"to_ids" : false ,
"type" : "datetime" ,
"uuid" : "5aeb1978-1898-48f6-8912-4fec02de0b81" ,
"value" : "2018-05-03T13:28:27"
} ,
{
"category" : "Other" ,
"comment" : "" ,
"deleted" : false ,
"disable_correlation" : true ,
"object_relation" : "detection-ratio" ,
"timestamp" : "1525356921" ,
"to_ids" : false ,
"type" : "text" ,
"uuid" : "5aeb1979-f550-4ab5-8d44-4ee302de0b81" ,
"value" : "52/67"
} ,
{
"category" : "External analysis" ,
"comment" : "" ,
"deleted" : false ,
"disable_correlation" : false ,
"object_relation" : "permalink" ,
"timestamp" : "1525356921" ,
"to_ids" : false ,
"type" : "link" ,
"uuid" : "5aeb1979-23ec-4f31-a937-4e5502de0b81" ,
"value" : "https://www.virustotal.com/file/14461260f9b3988d4eb4e46bc7d9861172266a9a01bf15c57916a9e4f9dc0618/analysis/1525354107/"
}
]
}
2023-04-21 13:25:09 +00:00
]
2023-12-14 14:30:15 +00:00
}
2023-04-21 13:25:09 +00:00
}