adulau/misp-circl-feed
1
0
Fork 0
Code Issues 1 Pull requests Projects 1 Releases Packages Wiki Activity Actions
misp-circl-feed/feeds/circl/misp/5c687e12-522c-41f4-a498-486d02de0b81.json

5017 lines
738 KiB
JSON
Raw Normal View History

chg: [feed] added
2023-04-21 13:25:09 +00:00
{
chg: [gen] updated
2023-12-14 14:30:15 +00:00
"Event": {
"analysis": "2",
"date": "2019-02-16",
"extends_uuid": "5c687cb3-08c4-46d3-9981-093702de0b81",
"info": "VMRay Analyzer Report for Sample #252574 (related amf-fr.org)",
"publish_timestamp": "1550352409",
"published": true,
"threat_level_id": "3",
"timestamp": "1550352119",
"uuid": "5c687e12-522c-41f4-a498-486d02de0b81",
"Orgc": {
"name": "CIRCL",
"uuid": "55f6ea5e-2c60-40e5-964f-47a8950d210f"
},
"Tag": [
{
"colour": "#004646",
"local": "0",
"name": "type:OSINT",
"relationship_type": ""
},
{
"colour": "#0071c3",
"local": "0",
"name": "osint:lifetime=\"perpetual\"",
"relationship_type": ""
},
{
"colour": "#0087e8",
"local": "0",
"name": "osint:certainty=\"50\"",
"relationship_type": ""
},
{
"colour": "#ffffff",
"local": "0",
"name": "tlp:white",
"relationship_type": ""
}
],
"Attribute": [
{
"category": "Other",
"comment": "Termination Reason",
"deleted": false,
"disable_correlation": false,
"timestamp": "1550351890",
"to_ids": false,
"type": "text",
"uuid": "980017ac-8689-4856-8609-a7e93799f9a1",
"value": "Timeout"
},
{
"category": "Other",
"comment": "VM User Domain",
"deleted": false,
"disable_correlation": false,
"timestamp": "1550351890",
"to_ids": false,
"type": "text",
"uuid": "7835ddd1-3eca-42d1-adbe-867661488e64",
"value": "YKYD69Q"
},
{
"category": "Other",
"comment": "VM Name",
"deleted": false,
"disable_correlation": false,
"timestamp": "1550351890",
"to_ids": false,
"type": "text",
"uuid": "e3a7649e-190f-4bfa-8b1a-b316f0b85a63",
"value": "win7_64_sp1-mso2016"
},
{
"category": "Other",
"comment": "Cybox Truncated",
"deleted": false,
"disable_correlation": false,
"timestamp": "1550351890",
"to_ids": false,
"type": "text",
"uuid": "5b3ba8d7-70c0-4252-823c-c67d07279b44",
"value": "False"
},
{
"category": "Other",
"comment": "VM Architecture",
"deleted": false,
"disable_correlation": false,
"timestamp": "1550351890",
"to_ids": false,
"type": "text",
"uuid": "15272f14-eff1-4d57-9bfe-eb50c88dddd3",
"value": "x86 64-bit"
},
{
"category": "Other",
"comment": "Execution Successful",
"deleted": false,
"disable_correlation": false,
"timestamp": "1550351890",
"to_ids": false,
"type": "text",
"uuid": "3c2bc824-66a1-47d9-a5da-cc6bf00f3487",
"value": "True"
},
{
"category": "Other",
"comment": "VM OS",
"deleted": false,
"disable_correlation": false,
"timestamp": "1550351890",
"to_ids": false,
"type": "text",
"uuid": "98278a38-fc12-4326-9dbf-cd4fefd3bab8",
"value": "Windows 7"
},
{
"category": "Other",
"comment": "VM Kernel Version",
"deleted": false,
"disable_correlation": false,
"timestamp": "1550351890",
"to_ids": false,
"type": "text",
"uuid": "fda97354-4f7b-4ee0-9231-35f0b1a95e45",
"value": "6.1.7601.17514 (3844dbb9-2017-4967-be7a-a4a2c20430fa)"
},
{
"category": "Other",
"comment": "VM Analysis Duration Time",
"deleted": false,
"disable_correlation": false,
"timestamp": "1550351890",
"to_ids": false,
"type": "text",
"uuid": "aa5c6047-8e3e-4b93-9030-50c3b0f76a89",
"value": "245.909"
},
{
"category": "Other",
"comment": "VM Username",
"deleted": false,
"disable_correlation": false,
"timestamp": "1550351890",
"to_ids": true,
"type": "text",
"uuid": "d5eb49cb-82cf-425a-aaa5-867e334de8bd",
"value": "aETAdzjz"
},
{
"category": "Persistence mechanism",
"comment": "",
"deleted": false,
"disable_correlation": false,
"timestamp": "1550351890",
"to_ids": false,
"type": "regkey",
"uuid": "c9a7758d-0ac7-42cc-a6c2-40791fe6899d",
"value": "HKEY_CLASSES_ROOT\\Licenses"
},
{
"category": "Persistence mechanism",
"comment": "",
"deleted": false,
"disable_correlation": false,
"timestamp": "1550351890",
"to_ids": false,
"type": "regkey",
"uuid": "fb07c709-9a1f-4e37-b483-75407bbb9230",
"value": "HKEY_CLASSES_ROOT\\TypeLib"
},
{
"category": "Persistence mechanism",
"comment": "",
"deleted": false,
"disable_correlation": false,
"timestamp": "1550351890",
"to_ids": false,
"type": "regkey",
"uuid": "2968c724-74e2-4077-ad10-ed897489aadf",
"value": "HKEY_CLASSES_ROOT\\TypeLib\\{00020905-0000-0000-C000-000000000046}"
},
{
"category": "Persistence mechanism",
"comment": "",
"deleted": false,
"disable_correlation": false,
"timestamp": "1550351890",
"to_ids": false,
"type": "regkey",
"uuid": "12dea9cb-410b-4691-8b7b-083f9d47c75a",
"value": "HKEY_CLASSES_ROOT\\TypeLib\\{00020905-0000-0000-C000-000000000046}\\8.7"
},
{
"category": "Persistence mechanism",
"comment": "",
"deleted": false,
"disable_correlation": false,
"timestamp": "1550351890",
"to_ids": false,
"type": "regkey",
"uuid": "07e706e6-0d49-4662-8b1b-5599df36dbaf",
"value": "HKEY_CLASSES_ROOT\\TypeLib\\{00020905-0000-0000-C000-000000000046}\\8.7\\409"
},
{
"category": "Persistence mechanism",
"comment": "",
"deleted": false,
"disable_correlation": false,
"timestamp": "1550351890",
"to_ids": false,
"type": "regkey",
"uuid": "9fcf4e94-d16b-4540-b69e-75fe834c4a88",
"value": "HKEY_CLASSES_ROOT\\TypeLib\\{00020905-0000-0000-C000-000000000046}\\8.7\\9"
},
{
"category": "Persistence mechanism",
"comment": "",
"deleted": false,
"disable_correlation": false,
"timestamp": "1550351890",
"to_ids": false,
"type": "regkey",
"uuid": "5d7889d3-396b-4ab6-a221-dee0d544bc1c",
"value": "HKEY_CLASSES_ROOT\\TypeLib\\{00020905-0000-0000-C000-000000000046}\\8.7\\0"
},
{
"category": "Persistence mechanism",
"comment": "",
"deleted": false,
"disable_correlation": false,
"timestamp": "1550351890",
"to_ids": false,
"type": "regkey",
"uuid": "88b4dff4-51b1-425d-a897-55fabb69f64b",
"value": "HKEY_CLASSES_ROOT\\TypeLib\\{00020905-0000-0000-C000-000000000046}\\8.7\\0\\win64"
},
{
"category": "Persistence mechanism",
"comment": "",
"deleted": false,
"disable_correlation": false,
"timestamp": "1550351890",
"to_ids": false,
"type": "regkey",
"uuid": "47554dfd-1690-4f7d-944d-fa95e510cfbc",
"value": "HKEY_CLASSES_ROOT\\TypeLib\\{000204EF-0000-0000-C000-000000000046}"
},
{
"category": "Persistence mechanism",
"comment": "",
"deleted": false,
"disable_correlation": false,
"timestamp": "1550351890",
"to_ids": false,
"type": "regkey",
"uuid": "8839c1e5-c3ae-4361-9d77-36ef93dee014",
"value": "HKEY_CLASSES_ROOT\\TypeLib\\{000204EF-0000-0000-C000-000000000046}\\4.2"
},
{
"category": "Persistence mechanism",
"comment": "",
"deleted": false,
"disable_correlation": false,
"timestamp": "1550351890",
"to_ids": false,
"type": "regkey",
"uuid": "dfc2f46a-8042-49c8-8960-58f12dd86c0b",
"value": "HKEY_CLASSES_ROOT\\TypeLib\\{000204EF-0000-0000-C000-000000000046}\\4.2\\9"
},
{
"category": "Persistence mechanism",
"comment": "",
"deleted": false,
"disable_correlation": false,
"timestamp": "1550351890",
"to_ids": false,
"type": "regkey",
"uuid": "ae28d749-b2ed-4147-91b3-78e2b65d02d8",
"value": "HKEY_CLASSES_ROOT\\TypeLib\\{000204EF-0000-0000-C000-000000000046}\\4.2\\9\\win64"
},
{
"category": "Persistence mechanism",
"comment": "",
"deleted": false,
"disable_correlation": false,
"timestamp": "1550351890",
"to_ids": false,
"type": "regkey",
"uuid": "fce43d53-c05e-4dfc-bfcd-e9bfc5b75b09",
"value": "HKEY_CLASSES_ROOT\\TypeLib\\{00020430-0000-0000-C000-000000000046}"
},
{
"category": "Persistence mechanism",
"comment": "",
"deleted": false,
"disable_correlation": false,
"timestamp": "1550351890",
"to_ids": false,
"type": "regkey",
"uuid": "795c1bae-831b-4b11-b279-32138c042af0",
"value": "HKEY_CLASSES_ROOT\\TypeLib\\{00020430-0000-0000-C000-000000000046}\\2.0"
},
{
"category": "Persistence mechanism",
"comment": "",
"deleted": false,
"disable_correlation": false,
"timestamp": "1550351890",
"to_ids": false,
"type": "regkey",
"uuid": "42636628-4a98-4515-84c4-efb048624d16",
"value": "HKEY_CLASSES_ROOT\\TypeLib\\{00020430-0000-0000-C000-000000000046}\\2.0\\0"
},
{
"category": "Persistence mechanism",
"comment": "",
"deleted": false,
"disable_correlation": false,
"timestamp": "1550351890",
"to_ids": false,
"type": "regkey",
"uuid": "e325f097-a49e-4bd4-8362-4281735c0279",
"value": "HKEY_CLASSES_ROOT\\TypeLib\\{00020430-0000-0000-C000-000000000046}\\2.0\\0\\win64"
},
{
"category": "Persistence mechanism",
"comment": "",
"deleted": false,
"disable_correlation": false,
"timestamp": "1550351891",
"to_ids": false,
"type": "regkey",
"uuid": "e2e3f385-135e-4d43-a9b0-2c3f543b77ed",
"value": "HKEY_CLASSES_ROOT\\TypeLib\\{2DF8D04C-5BFA-101B-BDE5-00AA0044DE52}"
},
{
"category": "Persistence mechanism",
"comment": "",
"deleted": false,
"disable_correlation": false,
"timestamp": "1550351891",
"to_ids": false,
"type": "regkey",
"uuid": "443e35c7-bed9-4736-acb7-8e27ca55d0d7",
"value": "HKEY_CLASSES_ROOT\\TypeLib\\{2DF8D04C-5BFA-101B-BDE5-00AA0044DE52}\\2.8"
},
{
"category": "Persistence mechanism",
"comment": "",
"deleted": false,
"disable_correlation": false,
"timestamp": "1550351891",
"to_ids": false,
"type": "regkey",
"uuid": "855e5151-6ffb-47c0-8324-e69fe2310bf1",
"value": "HKEY_CLASSES_ROOT\\TypeLib\\{2DF8D04C-5BFA-101B-BDE5-00AA0044DE52}\\2.8\\0"
},
{
"category": "Persistence mechanism",
"comment": "",
"deleted": false,
"disable_correlation": false,
"timestamp": "1550351891",
"to_ids": false,
"type": "regkey",
"uuid": "08ca55d9-a2dd-4360-b903-07e9d30e3f8a",
"value": "HKEY_CLASSES_ROOT\\TypeLib\\{2DF8D04C-5BFA-101B-BDE5-00AA0044DE52}\\2.8\\0\\win64"
},
{
"category": "Persistence mechanism",
"comment": "",
"deleted": false,
"disable_correlation": false,
"timestamp": "1550351891",
"to_ids": false,
"type": "regkey",
"uuid": "97f32545-5fb2-430b-b895-83b91b1a3b42",
"value": "HKEY_CURRENT_USER\\Software\\Microsoft\\VBA\\7.1\\Common"
},
{
"category": "Persistence mechanism",
"comment": "",
"deleted": false,
"disable_correlation": false,
"timestamp": "1550351891",
"to_ids": false,
"type": "regkey",
"uuid": "6f7de6d0-a260-4ba5-b58b-58c3679b32ea",
"value": "HKEY_CLASSES_ROOT\\Licenses\\8804558B-B773-11d1-BC3E-0000F87552E7"
},
{
"category": "Payload delivery",
"comment": "",
"deleted": false,
"disable_correlation": false,
"timestamp": "1550351891",
"to_ids": false,
"type": "filename",
"uuid": "ab0bc302-d9cf-49b7-a5d0-c794c3f25362",
"value": "\\device\\null"
},
{
"category": "Payload delivery",
"comment": "",
"deleted": false,
"disable_correlation": false,
"timestamp": "1550351891",
"to_ids": false,
"type": "filename",
"uuid": "ff164482-8a8c-4cc0-82a5-52aeb66539dc",
"value": "STD_OUTPUT_HANDLE"
},
{
"category": "Payload delivery",
"comment": "",
"deleted": false,
"disable_correlation": false,
"timestamp": "1550351891",
"to_ids": false,
"type": "filename",
"uuid": "693e271b-3966-4fb8-9787-de555149c589",
"value": "STD_INPUT_HANDLE"
},
{
"category": "Payload delivery",
"comment": "",
"deleted": false,
"disable_correlation": false,
"timestamp": "1550351891",
"to_ids": false,
"type": "filename",
"uuid": "311d4452-d95d-4391-a29f-ebf1287efd4c",
"value": "STD_ERROR_HANDLE"
},
{
"category": "Persistence mechanism",
"comment": "",
"deleted": false,
"disable_correlation": false,
"timestamp": "1550351891",
"to_ids": false,
"type": "regkey",
"uuid": "f5229ae9-caf0-4157-abf7-21c5e6c642b9",
"value": "HKEY_CURRENT_USER\\Software\\Policies\\Microsoft\\Windows\\System"
},
{
"category": "Persistence mechanism",
"comment": "",
"deleted": false,
"disable_correlation": false,
"timestamp": "1550351891",
"to_ids": false,
"type": "regkey",
"uuid": "d93d30ca-8cd9-4258-9355-7c77e0de39af",
"value": "HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Command Processor"
},
{
"category": "Persistence mechanism",
"comment": "",
"deleted": false,
"disable_correlation": false,
"timestamp": "1550351891",
"to_ids": false,
"type": "regkey",
"uuid": "ce3191d5-eecd-421e-9ac0-2a2f8c16a723",
"value": "HKEY_CURRENT_USER\\Software\\Microsoft\\Command Processor"
},
{
"category": "Payload delivery",
"comment": "",
"deleted": false,
"disable_correlation": false,
"timestamp": "1550351891",
"to_ids": false,
"type": "filename",
"uuid": "e1adf2b0-0fe3-4d55-810d-d22a5856138e",
"value": "conout$"
},
{
"category": "Artifacts dropped",
"comment": "",
"deleted": false,
"disable_correlation": false,
"timestamp": "1550351891",
"to_ids": false,
"type": "mutex",
"uuid": "f5ecdbfc-9c95-48d2-b9e7-c5dff3c080b4",
"value": "Global\\.net clr networking"
},
{
"category": "Persistence mechanism",
"comment": "",
"deleted": false,
"disable_correlation": false,
"timestamp": "1550351891",
"to_ids": false,
"type": "regkey",
"uuid": "f33b60a8-86aa-4318-a304-95c782b1939c",
"value": "HKEY_LOCAL_MACHINE\\Software\\Microsoft\\PowerShell\\1\\PowerShellEngine"
},
{
"category": "Persistence mechanism",
"comment": "",
"deleted": false,
"disable_correlation": false,
"timestamp": "1550351891",
"to_ids": false,
"type": "regkey",
"uuid": "cb9ad57a-983c-43eb-910b-1dc22121c017",
"value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\WSMAN"
},
{
"category": "Persistence mechanism",
"comment": "",
"deleted": false,
"disable_correlation": false,
"timestamp": "1550351891",
"to_ids": false,
"type": "regkey",
"uuid": "a22f23cb-3d81-4686-8581-9414b0aba1e1",
"value": "HKEY_LOCAL_MACHINE\\Software\\Microsoft\\PowerShell"
},
{
"category": "Persistence mechanism",
"comment": "",
"deleted": false,
"disable_correlation": false,
"timestamp": "1550351891",
"to_ids": false,
"type": "regkey",
"uuid": "6fdfde85-4599-44ab-aafc-956860f6e6c4",
"value": "HKEY_LOCAL_MACHINE\\Software\\Microsoft\\PowerShell\\1"
},
{
"category": "Persistence mechanism",
"comment": "",
"deleted": false,
"disable_correlation": false,
"timestamp": "1550351891",
"to_ids": false,
"type": "regkey",
"uuid": "7dc2a39a-4944-49c1-891d-03c4a89752d2",
"value": "HKEY_LOCAL_MACHINE\\System\\CurrentControlSet\\Control\\Session Manager\\Environment"
},
{
"category": "Persistence mechanism",
"comment": "",
"deleted": false,
"disable_correlation": false,
"timestamp": "1550351891",
"to_ids": false,
"type": "regkey",
"uuid": "f8c2aa57-b94e-42de-aeec-0ac698fd0abe",
"value": "HKEY_CURRENT_USER\\Environment"
},
{
"category": "Persistence mechanism",
"comment": "",
"deleted": false,
"disable_correlation": false,
"timestamp": "1550351891",
"to_ids": false,
"type": "regkey",
"uuid": "5c607639-ce58-4a7d-a96a-b31d0c1de7fa",
"value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\PowerShell\\1\\ShellIds\\Microsoft.PowerShell"
},
{
"category": "Persistence mechanism",
"comment": "",
"deleted": false,
"disable_correlation": false,
"timestamp": "1550351891",
"to_ids": false,
"type": "regkey",
"uuid": "73dd16a6-8e9b-4889-839e-2f6718a50041",
"value": "HKEY_LOCAL_MACHINE\\SYSTEM\\CurrentControlSet\\Services\\EventLog"
},
{
"category": "Persistence mechanism",
"comment": "",
"deleted": false,
"disable_correlation": false,
"timestamp": "1550351891",
"to_ids": false,
"type": "regkey",
"uuid": "61af2af0-272f-413d-b70a-07611f8539c3",
"value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\PowerShell\\1\\ShellIds"
},
{
"category": "Persistence mechanism",
"comment": "",
"deleted": false,
"disable_correlation": false,
"timestamp": "1550351891",
"to_ids": false,
"type": "regkey",
"uuid": "0f3708a6-7579-426a-9cbb-cff51cdbd0d7",
"value": "HKEY_CURRENT_USER\\SOFTWARE\\Microsoft\\Office\\11.0\\Word\\Resiliency"
},
{
"category": "Persistence mechanism",
"comment": "",
"deleted": false,
"disable_correlation": false,
"timestamp": "1550351891",
"to_ids": false,
"type": "regkey",
"uuid": "26d235e0-d8d7-4256-b82f-f9b190519b6d",
"value": "HKEY_CURRENT_USER\\Software"
},
{
"category": "Persistence mechanism",
"comment": "",
"deleted": false,
"disable_correlation": false,
"timestamp": "1550351891",
"to_ids": false,
"type": "regkey",
"uuid": "bcb91a4b-aa4c-40ac-aff6-5b32acd085b9",
"value": "HKEY_CURRENT_USER\\Software\\Microsoft"
},
{
"category": "Persistence mechanism",
"comment": "",
"deleted": false,
"disable_correlation": false,
"timestamp": "1550351891",
"to_ids": false,
"type": "regkey",
"uuid": "f10d6026-37f9-4894-8eb3-153f270ee3db",
"value": "HKEY_CURRENT_USER\\Software\\Microsoft\\Office"
},
{
"category": "Persistence mechanism",
"comment": "",
"deleted": false,
"disable_correlation": false,
"timestamp": "1550351891",
"to_ids": false,
"type": "regkey",
"uuid": "c0437d42-5bc3-4938-a16d-90a243afd4d3",
"value": "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\11.0"
},
{
"category": "Persistence mechanism",
"comment": "",
"deleted": false,
"disable_correlation": false,
"timestamp": "1550351891",
"to_ids": false,
"type": "regkey",
"uuid": "ee561233-deaa-4a0f-8583-83ed4fc026f1",
"value": "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\11.0\\Word"
},
{
"category": "Persistence mechanism",
"comment": "",
"deleted": false,
"disable_correlation": false,
"timestamp": "1550351891",
"to_ids": false,
"type": "regkey",
"uuid": "025dc9c2-2e5a-44ce-a136-c9c75a4d1a87",
"value": "HKEY_CURRENT_USER\\SOFTWARE\\Microsoft\\Office\\11.0\\Word"
},
{
"category": "Persistence mechanism",
"comment": "",
"deleted": false,
"disable_correlation": false,
"timestamp": "1550351891",
"to_ids": false,
"type": "regkey",
"uuid": "3c9637f6-32d8-45a7-b671-4eff38c122e7",
"value": "HKEY_CURRENT_USER\\SOFTWARE\\Microsoft\\Office\\11.0"
},
{
"category": "Persistence mechanism",
"comment": "",
"deleted": false,
"disable_correlation": false,
"timestamp": "1550351891",
"to_ids": false,
"type": "regkey",
"uuid": "f32b6230-41b9-4926-8e41-f651f5611b32",
"value": "HKEY_CURRENT_USER\\SOFTWARE\\Microsoft\\Office"
},
{
"category": "Persistence mechanism",
"comment": "",
"deleted": false,
"disable_correlation": false,
"timestamp": "1550351891",
"to_ids": false,
"type": "regkey",
"uuid": "ff576e31-f7fd-4c36-9424-0b47e46cffaa",
"value": "HKEY_CURRENT_USER\\SOFTWARE\\Microsoft"
},
{
"category": "Persistence mechanism",
"comment": "",
"deleted": false,
"disable_correlation": false,
"timestamp": "1550351891",
"to_ids": false,
"type": "regkey",
"uuid": "d0ebef78-8280-4ae0-bc5c-26b59d85615e",
"value": "HKEY_CURRENT_USER\\SOFTWARE\\Microsoft\\Office\\11.0\\Word\\File MRU"
},
{
"category": "Network activity",
"comment": "",
"deleted": false,
"disable_correlation": false,
"timestamp": "1550351891",
"to_ids": false,
"type": "domain",
"uuid": "8f016b30-31ec-49e4-ad5a-4d0ce5c37109",
"value": "amf-fr.org"
},
{
"category": "Network activity",
"comment": "",
"deleted": false,
"disable_correlation": false,
"timestamp": "1550351891",
"to_ids": false,
"type": "ip-dst|port",
"uuid": "5f8ceee8-e144-42b8-bac5-35d7719be983",
"value": "51.38.150.171|443"
},
{
"category": "Persistence mechanism",
"comment": "",
"deleted": false,
"disable_correlation": false,
"timestamp": "1550351891",
"to_ids": false,
"type": "regkey",
"uuid": "259b1821-d418-4510-aa04-b59e92dd3820",
"value": "HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\CurrentVersion\\Policies\\System"
},
{
"category": "Persistence mechanism",
"comment": "",
"deleted": false,
"disable_correlation": false,
"timestamp": "1550351891",
"to_ids": false,
"type": "regkey",
"uuid": "87f3ae04-29bd-479b-ba51-96c97f705aab",
"value": "HKEY_CURRENT_USER\\Software\\Microsoft\\Notepad"
},
{
"category": "Persistence mechanism",
"comment": "",
"deleted": false,
"disable_correlation": false,
"timestamp": "1550351891",
"to_ids": false,
"type": "regkey",
"uuid": "23e7606b-8811-45df-b726-dabedcfcdd32",
"value": "HKEY_CLASSES_ROOT\\.dll"
},
{
"category": "Persistence mechanism",
"comment": "",
"deleted": false,
"disable_correlation": false,
"timestamp": "1550351891",
"to_ids": false,
"type": "regkey",
"uuid": "1f697f8c-84b1-4339-9906-1142cf955bef",
"value": "HKEY_CLASSES_ROOT\\dllfile"
},
{
"category": "Persistence mechanism",
"comment": "",
"deleted": false,
"disable_correlation": false,
"timestamp": "1550351891",
"to_ids": false,
"type": "regkey",
"uuid": "b8d47eff-96ba-436c-aa6b-bbd5ffb71ba5",
"value": "HKEY_CLASSES_ROOT\\dllfile\\AutoRegister"
},
{
"category": "Persistence mechanism",
"comment": "",
"deleted": false,
"disable_correlation": false,
"timestamp": "1550351891",
"to_ids": false,
"type": "regkey",
"uuid": "97492285-8474-4867-ae94-ec61a5fee43d",
"value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows Script\\Features"
},
{
"category": "Persistence mechanism",
"comment": "",
"deleted": false,
"disable_correlation": false,
"timestamp": "1550351891",
"to_ids": false,
"type": "regkey",
"uuid": "90ec3953-0b63-4d04-9648-a9caa664dfbd",
"value": "HKEY_LOCAL_MACHINE\\Software\\Microsoft\\COM3"
},
{
"category": "Persistence mechanism",
"comment": "",
"deleted": false,
"disable_correlation": false,
"timestamp": "1550351891",
"to_ids": false,
"type": "regkey",
"uuid": "f67a93e6-2d47-4b5c-b9b0-a3c4c0d28952",
"value": "HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Windows NT\\CurrentVersion"
},
{
"category": "Persistence mechanism",
"comment": "",
"deleted": false,
"disable_correlation": false,
"timestamp": "1550351891",
"to_ids": false,
"type": "regkey",
"uuid": "13463837-8319-4893-96d4-d32a4bf2c6fa",
"value": "HKEY_LOCAL_MACHINE\\SYSTEM\\CurrentControlSet\\Services\\.NET CLR Networking\\Performance"
},
{
"category": "Persistence mechanism",
"comment": "",
"deleted": false,
"disable_correlation": false,
"timestamp": "1550351891",
"to_ids": false,
"type": "regkey",
"uuid": "a333fb2c-9866-4a78-9e52-b97ab50ec549",
"value": "HKEY_LOCAL_MACHINE\\SYSTEM\\CurrentControlSet\\Services\\.net clr networking\\Performance"
},
{
"category": "Persistence mechanism",
"comment": "",
"deleted": false,
"disable_correlation": false,
"timestamp": "1550351891",
"to_ids": false,
"type": "regkey",
"uuid": "4cf5eb52-9c30-4637-ac1f-9d66855e7edc",
"value": "HKEY_CURRENT_USER\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Connections"
},
{
"category": "Persistence mechanism",
"comment": "",
"deleted": false,
"disable_correlation": false,
"timestamp": "1550351891",
"to_ids": false,
"type": "regkey",
"uuid": "03ef6074-aaea-4605-a47c-44402d680d6e",
"value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Connections"
},
{
"category": "Persistence mechanism",
"comment": "",
"deleted": false,
"disable_correlation": false,
"timestamp": "1550351891",
"to_ids": false,
"type": "regkey",
"uuid": "02a75dd8-d84e-4901-9b20-df78e6681dba",
"value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings"
},
{
"category": "Network activity",
"comment": "",
"deleted": false,
"disable_correlation": false,
"timestamp": "1550351891",
"to_ids": false,
"type": "ip-dst|port",
"uuid": "09d3b623-b0fd-4d24-82d3-54f083bb737a",
"value": "185.10.68.189|443"
}
],
"Object": [
{
"comment": "",
"deleted": false,
"description": "File object describing a file with meta-information",
"meta-category": "file",
"name": "file",
"template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215",
"template_version": "16",
"timestamp": "1550352119",
"uuid": "72915d1f-518f-4c2e-a438-8c736e648eae",
"ObjectReference": [
{
"comment": "",
"object_uuid": "72915d1f-518f-4c2e-a438-8c736e648eae",
"referenced_uuid": "3ab643d5-68d0-4408-a644-cdd4da7df4ee",
chg: [feed] added
2023-04-21 13:25:09 +00:00
"relationship_type": "analysed-with",
chg: [gen] updated
2023-12-14 14:30:15 +00:00
"timestamp": "1550352119",
"uuid": "5c687ef7-a00c-4c12-a7af-079f02de0b81"
}
],
"Attribute": [
{
"category": "Payload delivery",
"comment": "",
"deleted": false,
"disable_correlation": false,
"object_relation": "md5",
"timestamp": "1550351891",
"to_ids": true,
"type": "md5",
"uuid": "b9bbce44-1ab4-4add-9f52-4b0ee35affc5",
"value": "efbcffc10763a287bdedfb6e892ae20c"
},
{
"category": "Payload delivery",
"comment": "",
"deleted": false,
"disable_correlation": false,
"object_relation": "sha1",
"timestamp": "1550351892",
"to_ids": true,
"type": "sha1",
"uuid": "a317ca54-b5b1-437e-8148-ab8d4395379f",
"value": "0dfe75a01e525bc599dff0c17204129b7ac3a437"
},
{
"category": "Payload delivery",
"comment": "",
"deleted": false,
"disable_correlation": false,
"object_relation": "sha256",
"timestamp": "1550351892",
"to_ids": true,
"type": "sha256",
"uuid": "f929587c-c7df-4abb-aefe-0bb2726c1861",
"value": "728bbbea8797c5e00a8737ebf6bebfffb3d84f9c86f144963a2940025329c28b"
},
{
"category": "Payload delivery",
"comment": "",
"deleted": false,
"disable_correlation": true,
"object_relation": "filename",
"timestamp": "1550351892",
"to_ids": true,
"type": "filename",
"uuid": "64cfe06e-1709-4620-a92c-cd32ce9899d6",
"value": "728bbbea8797c5e00a8737ebf6bebfffb3d84f9c86f144963a2940025329c28b.doc"
}
]
},
{
"comment": "",
"deleted": false,
"description": "Object describing a system process.",
"meta-category": "misc",
"name": "process",
"template_uuid": "02aeef94-ac23-455c-addb-731757ceafb5",
"template_version": "3",
"timestamp": "1550351892",
"uuid": "4713618f-9e55-4689-b548-3ee03de3f18e",
"ObjectReference": [
{
"comment": "",
"object_uuid": "4713618f-9e55-4689-b548-3ee03de3f18e",
"referenced_uuid": "a7157e4e-92f0-46f4-9527-0740de387c48",
chg: [feed] added
2023-04-21 13:25:09 +00:00
"relationship_type": "child-of",
chg: [gen] updated
2023-12-14 14:30:15 +00:00
"timestamp": "1550351900",
"uuid": "5c687e1c-92d0-48d3-a5d6-47a302de0b81"
},
{
"comment": "",
"object_uuid": "4713618f-9e55-4689-b548-3ee03de3f18e",
"referenced_uuid": "4713618f-9e55-4689-b548-3ee03de3f18e",
chg: [feed] added
2023-04-21 13:25:09 +00:00
"relationship_type": "created",
chg: [gen] updated
2023-12-14 14:30:15 +00:00
"timestamp": "1550351900",
"uuid": "5c687e1c-c3bc-4b2c-b4b7-4b0102de0b81"
},
{
"comment": "",
"object_uuid": "4713618f-9e55-4689-b548-3ee03de3f18e",
"referenced_uuid": "248da2ce-03f8-47fb-b4a0-07321377590f",
chg: [feed] added
2023-04-21 13:25:09 +00:00
"relationship_type": "created",
chg: [gen] updated
2023-12-14 14:30:15 +00:00
"timestamp": "1550351900",
"uuid": "5c687e1c-f364-4e2c-88d0-4e4702de0b81"
},
{
"comment": "",
"object_uuid": "4713618f-9e55-4689-b548-3ee03de3f18e",
"referenced_uuid": "a2907899-5858-4892-a2a3-3018be097ef4",
chg: [feed] added
2023-04-21 13:25:09 +00:00
"relationship_type": "modified-properties-of",
chg: [gen] updated
2023-12-14 14:30:15 +00:00
"timestamp": "1550351900",
"uuid": "5c687e1d-be34-40d6-814f-401802de0b81"
},
{
"comment": "",
"object_uuid": "4713618f-9e55-4689-b548-3ee03de3f18e",
"referenced_uuid": "c9a7758d-0ac7-42cc-a6c2-40791fe6899d",
chg: [feed] added
2023-04-21 13:25:09 +00:00
"relationship_type": "opened",
chg: [gen] updated
2023-12-14 14:30:15 +00:00
"timestamp": "1550351901",
"uuid": "5c687e1d-2328-4666-a221-4e3502de0b81"
},
{
"comment": "",
"object_uuid": "4713618f-9e55-4689-b548-3ee03de3f18e",
"referenced_uuid": "fb07c709-9a1f-4e37-b483-75407bbb9230",
chg: [feed] added
2023-04-21 13:25:09 +00:00
"relationship_type": "opened",
chg: [gen] updated
2023-12-14 14:30:15 +00:00
"timestamp": "1550351901",
"uuid": "5c687e1d-e718-43e8-8b10-421f02de0b81"
},
{
"comment": "",
"object_uuid": "4713618f-9e55-4689-b548-3ee03de3f18e",
"referenced_uuid": "2968c724-74e2-4077-ad10-ed897489aadf",
chg: [feed] added
2023-04-21 13:25:09 +00:00
"relationship_type": "opened",
chg: [gen] updated
2023-12-14 14:30:15 +00:00
"timestamp": "1550351901",
"uuid": "5c687e1d-8e8c-4ea8-86af-460202de0b81"
},
{
"comment": "",
"object_uuid": "4713618f-9e55-4689-b548-3ee03de3f18e",
"referenced_uuid": "12dea9cb-410b-4691-8b7b-083f9d47c75a",
chg: [feed] added
2023-04-21 13:25:09 +00:00
"relationship_type": "opened",
chg: [gen] updated
2023-12-14 14:30:15 +00:00
"timestamp": "1550351901",
"uuid": "5c687e1d-8f28-4e6d-b936-4a8a02de0b81"
},
{
"comment": "",
"object_uuid": "4713618f-9e55-4689-b548-3ee03de3f18e",
"referenced_uuid": "07e706e6-0d49-4662-8b1b-5599df36dbaf",
chg: [feed] added
2023-04-21 13:25:09 +00:00
"relationship_type": "opened",
chg: [gen] updated
2023-12-14 14:30:15 +00:00
"timestamp": "1550351901",
"uuid": "5c687e1d-f068-4d69-9ec6-46a002de0b81"
},
{
"comment": "",
"object_uuid": "4713618f-9e55-4689-b548-3ee03de3f18e",
"referenced_uuid": "9fcf4e94-d16b-4540-b69e-75fe834c4a88",
chg: [feed] added
2023-04-21 13:25:09 +00:00
"relationship_type": "opened",
chg: [gen] updated
2023-12-14 14:30:15 +00:00
"timestamp": "1550351901",
"uuid": "5c687e1d-5354-4cf2-9e09-4db702de0b81"
},
{
"comment": "",
"object_uuid": "4713618f-9e55-4689-b548-3ee03de3f18e",
"referenced_uuid": "5d7889d3-396b-4ab6-a221-dee0d544bc1c",
chg: [feed] added
2023-04-21 13:25:09 +00:00
"relationship_type": "opened",
chg: [gen] updated
2023-12-14 14:30:15 +00:00
"timestamp": "1550351901",
"uuid": "5c687e1d-0dc8-43c3-9e77-420d02de0b81"
},
{
"comment": "",
"object_uuid": "4713618f-9e55-4689-b548-3ee03de3f18e",
"referenced_uuid": "88b4dff4-51b1-425d-a897-55fabb69f64b",
chg: [feed] added
2023-04-21 13:25:09 +00:00
"relationship_type": "opened",
chg: [gen] updated
2023-12-14 14:30:15 +00:00
"timestamp": "1550351901",
"uuid": "5c687e1d-67e4-475d-bab5-428f02de0b81"
},
{
"comment": "",
"object_uuid": "4713618f-9e55-4689-b548-3ee03de3f18e",
"referenced_uuid": "47554dfd-1690-4f7d-944d-fa95e510cfbc",
chg: [feed] added
2023-04-21 13:25:09 +00:00
"relationship_type": "opened",
chg: [gen] updated
2023-12-14 14:30:15 +00:00
"timestamp": "1550351901",
"uuid": "5c687e1d-e438-4ac4-9a03-416202de0b81"
},
{
"comment": "",
"object_uuid": "4713618f-9e55-4689-b548-3ee03de3f18e",
"referenced_uuid": "8839c1e5-c3ae-4361-9d77-36ef93dee014",
chg: [feed] added
2023-04-21 13:25:09 +00:00
"relationship_type": "opened",
chg: [gen] updated
2023-12-14 14:30:15 +00:00
"timestamp": "1550351901",
"uuid": "5c687e1d-8ca8-4836-b7b9-409a02de0b81"
},
{
"comment": "",
"object_uuid": "4713618f-9e55-4689-b548-3ee03de3f18e",
"referenced_uuid": "dfc2f46a-8042-49c8-8960-58f12dd86c0b",
chg: [feed] added
2023-04-21 13:25:09 +00:00
"relationship_type": "opened",
chg: [gen] updated
2023-12-14 14:30:15 +00:00
"timestamp": "1550351901",
"uuid": "5c687e1d-fc00-42f8-92ef-414d02de0b81"
},
{
"comment": "",
"object_uuid": "4713618f-9e55-4689-b548-3ee03de3f18e",
"referenced_uuid": "ae28d749-b2ed-4147-91b3-78e2b65d02d8",
chg: [feed] added
2023-04-21 13:25:09 +00:00
"relationship_type": "opened",
chg: [gen] updated
2023-12-14 14:30:15 +00:00
"timestamp": "1550351901",
"uuid": "5c687e1d-991c-4793-a35e-4e8702de0b81"
},
{
"comment": "",
"object_uuid": "4713618f-9e55-4689-b548-3ee03de3f18e",
"referenced_uuid": "fce43d53-c05e-4dfc-bfcd-e9bfc5b75b09",
chg: [feed] added
2023-04-21 13:25:09 +00:00
"relationship_type": "opened",
chg: [gen] updated
2023-12-14 14:30:15 +00:00
"timestamp": "1550351901",
"uuid": "5c687e1d-a480-493e-b593-48e702de0b81"
},
{
"comment": "",
"object_uuid": "4713618f-9e55-4689-b548-3ee03de3f18e",
"referenced_uuid": "795c1bae-831b-4b11-b279-32138c042af0",
chg: [feed] added
2023-04-21 13:25:09 +00:00
"relationship_type": "opened",
chg: [gen] updated
2023-12-14 14:30:15 +00:00
"timestamp": "1550351901",
"uuid": "5c687e1d-fe84-4c31-9730-416f02de0b81"
},
{
"comment": "",
"object_uuid": "4713618f-9e55-4689-b548-3ee03de3f18e",
"referenced_uuid": "42636628-4a98-4515-84c4-efb048624d16",
chg: [feed] added
2023-04-21 13:25:09 +00:00
"relationship_type": "opened",
chg: [gen] updated
2023-12-14 14:30:15 +00:00
"timestamp": "1550351902",
"uuid": "5c687e1e-574c-4a94-b808-44ec02de0b81"
},
{
"comment": "",
"object_uuid": "4713618f-9e55-4689-b548-3ee03de3f18e",
"referenced_uuid": "e325f097-a49e-4bd4-8362-4281735c0279",
chg: [feed] added
2023-04-21 13:25:09 +00:00
"relationship_type": "opened",
chg: [gen] updated
2023-12-14 14:30:15 +00:00
"timestamp": "1550351902",
"uuid": "5c687e1e-88e0-455a-9f05-40a902de0b81"
},
{
"comment": "",
"object_uuid": "4713618f-9e55-4689-b548-3ee03de3f18e",
"referenced_uuid": "e2e3f385-135e-4d43-a9b0-2c3f543b77ed",
chg: [feed] added
2023-04-21 13:25:09 +00:00
"relationship_type": "opened",
chg: [gen] updated
2023-12-14 14:30:15 +00:00
"timestamp": "1550351902",
"uuid": "5c687e1e-8c38-488e-86d5-403402de0b81"
},
{
"comment": "",
"object_uuid": "4713618f-9e55-4689-b548-3ee03de3f18e",
"referenced_uuid": "443e35c7-bed9-4736-acb7-8e27ca55d0d7",
chg: [feed] added
2023-04-21 13:25:09 +00:00
"relationship_type": "opened",
chg: [gen] updated
2023-12-14 14:30:15 +00:00
"timestamp": "1550351902",
"uuid": "5c687e1e-003c-4040-8e4a-4e3802de0b81"
},
{
"comment": "",
"object_uuid": "4713618f-9e55-4689-b548-3ee03de3f18e",
"referenced_uuid": "855e5151-6ffb-47c0-8324-e69fe2310bf1",
chg: [feed] added
2023-04-21 13:25:09 +00:00
"relationship_type": "opened",
chg: [gen] updated
2023-12-14 14:30:15 +00:00
"timestamp": "1550351902",
"uuid": "5c687e1e-7fb0-49fe-a2ae-41aa02de0b81"
},
{
"comment": "",
"object_uuid": "4713618f-9e55-4689-b548-3ee03de3f18e",
"referenced_uuid": "08ca55d9-a2dd-4360-b903-07e9d30e3f8a",
chg: [feed] added
2023-04-21 13:25:09 +00:00
"relationship_type": "opened",
chg: [gen] updated
2023-12-14 14:30:15 +00:00
"timestamp": "1550351902",
"uuid": "5c687e1e-32d8-4100-9960-4fb602de0b81"
},
{
"comment": "",
"object_uuid": "4713618f-9e55-4689-b548-3ee03de3f18e",
"referenced_uuid": "97f32545-5fb2-430b-b895-83b91b1a3b42",
chg: [feed] added
2023-04-21 13:25:09 +00:00
"relationship_type": "opened",
chg: [gen] updated
2023-12-14 14:30:15 +00:00
"timestamp": "1550351902",
"uuid": "5c687e1e-b880-4ec7-9695-4f5402de0b81"
},
{
"comment": "",
"object_uuid": "4713618f-9e55-4689-b548-3ee03de3f18e",
"referenced_uuid": "6f7de6d0-a260-4ba5-b58b-58c3679b32ea",
chg: [feed] added
2023-04-21 13:25:09 +00:00
"relationship_type": "opened",
chg: [gen] updated
2023-12-14 14:30:15 +00:00
"timestamp": "1550351902",
"uuid": "5c687e1e-1544-48db-971e-4f1002de0b81"
}
],
"Attribute": [
{
"category": "Other",
"comment": "",
"deleted": false,
"disable_correlation": true,
"object_relation": "pid",
"timestamp": "1550351892",
"to_ids": false,
"type": "text",
"uuid": "39b44a9d-3986-4f63-b58b-732e92d74f8f",
"value": "2264"
},
{
"category": "Other",
"comment": "",
"deleted": false,
"disable_correlation": false,
"object_relation": "name",
"timestamp": "1550351892",
"to_ids": false,
"type": "text",
"uuid": "6bb773f7-86cd-4934-a703-0d3406f8b485",
"value": "winword.exe"
},
{
"category": "Other",
"comment": "",
"deleted": false,
"disable_correlation": true,
"object_relation": "parent-pid",
"timestamp": "1550351892",
"to_ids": false,
"type": "text",
"uuid": "35ba0997-d509-4f32-9b8b-e26af9b9efbc",
"value": "924"
}
]
},
{
"comment": "",
"deleted": false,
"description": "Object describing a system process.",
"meta-category": "misc",
"name": "process",
"template_uuid": "02aeef94-ac23-455c-addb-731757ceafb5",
"template_version": "3",
"timestamp": "1550351892",
"uuid": "a7157e4e-92f0-46f4-9527-0740de387c48",
"ObjectReference": [
{
"comment": "",
"object_uuid": "a7157e4e-92f0-46f4-9527-0740de387c48",
"referenced_uuid": "c9b962ff-144f-4eff-8505-627768660ed0",
chg: [feed] added
2023-04-21 13:25:09 +00:00
"relationship_type": "child-of",
chg: [gen] updated
2023-12-14 14:30:15 +00:00
"timestamp": "1550351902",
"uuid": "5c687e1e-9088-478f-8084-4e0b02de0b81"
},
{
"comment": "",
"object_uuid": "a7157e4e-92f0-46f4-9527-0740de387c48",
"referenced_uuid": "1a13e7cd-acca-4ed9-b641-b545c715af60",
chg: [feed] added
2023-04-21 13:25:09 +00:00
"relationship_type": "child-of",
chg: [gen] updated
2023-12-14 14:30:15 +00:00
"timestamp": "1550351902",
"uuid": "5c687e1e-c388-44f3-885d-4e9202de0b81"
},
{
"comment": "",
"object_uuid": "a7157e4e-92f0-46f4-9527-0740de387c48",
"referenced_uuid": "d9dfafca-d8bb-4c84-adce-89beb1814b15",
chg: [feed] added
2023-04-21 13:25:09 +00:00
"relationship_type": "child-of",
chg: [gen] updated
2023-12-14 14:30:15 +00:00
"timestamp": "1550351902",
"uuid": "5c687e1e-7240-4ef7-a1e4-479a02de0b81"
},
{
"comment": "",
"object_uuid": "a7157e4e-92f0-46f4-9527-0740de387c48",
"referenced_uuid": "7d0bf6db-603d-4e65-ab6c-5bb5011d4c0e",
chg: [feed] added
2023-04-21 13:25:09 +00:00
"relationship_type": "child-of",
chg: [gen] updated
2023-12-14 14:30:15 +00:00
"timestamp": "1550351902",
"uuid": "5c687e1e-f21c-42c6-b6b6-4c8002de0b81"
},
{
"comment": "",
"object_uuid": "a7157e4e-92f0-46f4-9527-0740de387c48",
"referenced_uuid": "a7157e4e-92f0-46f4-9527-0740de387c48",
chg: [feed] added
2023-04-21 13:25:09 +00:00
"relationship_type": "created",
chg: [gen] updated
2023-12-14 14:30:15 +00:00
"timestamp": "1550351902",
"uuid": "5c687e1e-d958-4bf2-bfdf-4bdc02de0b81"
},
{
"comment": "",
"object_uuid": "a7157e4e-92f0-46f4-9527-0740de387c48",
"referenced_uuid": "d53a6a39-a6fa-49ae-bb8a-bbdf64e79988",
chg: [feed] added
2023-04-21 13:25:09 +00:00
"relationship_type": "deleted",
chg: [gen] updated
2023-12-14 14:30:15 +00:00
"timestamp": "1550351902",
"uuid": "5c687e1e-6014-4c7b-b74e-48cb02de0b81"
},
{
"comment": "",
"object_uuid": "a7157e4e-92f0-46f4-9527-0740de387c48",
"referenced_uuid": "ab0bc302-d9cf-49b7-a5d0-c794c3f25362",
chg: [feed] added
2023-04-21 13:25:09 +00:00
"relationship_type": "created",
chg: [gen] updated
2023-12-14 14:30:15 +00:00
"timestamp": "1550351902",
"uuid": "5c687e1e-cf38-4be4-be0d-4ef602de0b81"
},
{
"comment": "",
"object_uuid": "a7157e4e-92f0-46f4-9527-0740de387c48",
"referenced_uuid": "ff164482-8a8c-4cc0-82a5-52aeb66539dc",
chg: [feed] added
2023-04-21 13:25:09 +00:00
"relationship_type": "opened",
chg: [gen] updated
2023-12-14 14:30:15 +00:00
"timestamp": "1550351902",
"uuid": "5c687e1e-09ac-4284-9b2d-405902de0b81"
},
{
"comment": "",
"object_uuid": "a7157e4e-92f0-46f4-9527-0740de387c48",
"referenced_uuid": "693e271b-3966-4fb8-9787-de555149c589",
chg: [feed] added
2023-04-21 13:25:09 +00:00
"relationship_type": "opened",
chg: [gen] updated
2023-12-14 14:30:15 +00:00
"timestamp": "1550351903",
"uuid": "5c687e1f-ccdc-4a62-a093-44e702de0b81"
},
{
"comment": "",
"object_uuid": "a7157e4e-92f0-46f4-9527-0740de387c48",
"referenced_uuid": "311d4452-d95d-4391-a29f-ebf1287efd4c",
chg: [feed] added
2023-04-21 13:25:09 +00:00
"relationship_type": "opened",
chg: [gen] updated
2023-12-14 14:30:15 +00:00
"timestamp": "1550351903",
"uuid": "5c687e1f-2bec-4700-b48b-442f02de0b81"
},
{
"comment": "",
"object_uuid": "a7157e4e-92f0-46f4-9527-0740de387c48",
"referenced_uuid": "f5229ae9-caf0-4157-abf7-21c5e6c642b9",
chg: [feed] added
2023-04-21 13:25:09 +00:00
"relationship_type": "opened",
chg: [gen] updated
2023-12-14 14:30:15 +00:00
"timestamp": "1550351903",
"uuid": "5c687e1f-307c-44d8-9590-453102de0b81"
},
{
"comment": "",
"object_uuid": "a7157e4e-92f0-46f4-9527-0740de387c48",
"referenced_uuid": "d93d30ca-8cd9-4258-9355-7c77e0de39af",
chg: [feed] added
2023-04-21 13:25:09 +00:00
"relationship_type": "opened",
chg: [gen] updated
2023-12-14 14:30:15 +00:00
"timestamp": "1550351903",
"uuid": "5c687e1f-dae8-4fb4-848f-4ece02de0b81"
},
{
"comment": "",
"object_uuid": "a7157e4e-92f0-46f4-9527-0740de387c48",
"referenced_uuid": "ce3191d5-eecd-421e-9ac0-2a2f8c16a723",
chg: [feed] added
2023-04-21 13:25:09 +00:00
"relationship_type": "opened",
chg: [gen] updated
2023-12-14 14:30:15 +00:00
"timestamp": "1550351903",
"uuid": "5c687e1f-8874-43e5-9895-416902de0b81"
}
],
"Attribute": [
{
"category": "Other",
"comment": "",
"deleted": false,
"disable_correlation": true,
"object_relation": "pid",
"timestamp": "1550351892",
"to_ids": false,
"type": "text",
"uuid": "5b2254c2-3265-405e-9ae9-1eb7592d9d2c",
"value": "2496"
},
{
"category": "Other",
"comment": "",
"deleted": false,
"disable_correlation": false,
"object_relation": "name",
"timestamp": "1550351892",
"to_ids": false,
"type": "text",
"uuid": "16e9909f-c45a-4b53-8c7c-bb2df53d7016",
"value": "cmd.exe"
},
{
"category": "Other",
"comment": "",
"deleted": false,
"disable_correlation": true,
"object_relation": "parent-pid",
"timestamp": "1550351892",
"to_ids": false,
"type": "text",
"uuid": "e5ca629c-eb2e-4666-ba6a-1d06d033f257",
"value": "2264"
}
]
},
{
"comment": "",
"deleted": false,
"description": "Object describing a system process.",
"meta-category": "misc",
"name": "process",
"template_uuid": "02aeef94-ac23-455c-addb-731757ceafb5",
"template_version": "3",
"timestamp": "1550351892",
"uuid": "c9b962ff-144f-4eff-8505-627768660ed0",
"ObjectReference": [
{
"comment": "",
"object_uuid": "c9b962ff-144f-4eff-8505-627768660ed0",
"referenced_uuid": "34614f0f-6f30-45fd-b710-ed9547534527",
chg: [feed] added
2023-04-21 13:25:09 +00:00
"relationship_type": "child-of",
chg: [gen] updated
2023-12-14 14:30:15 +00:00
"timestamp": "1550351904",
"uuid": "5c687e20-c9bc-4e44-a4ab-456002de0b81"
},
{
"comment": "",
"object_uuid": "c9b962ff-144f-4eff-8505-627768660ed0",
"referenced_uuid": "c9b962ff-144f-4eff-8505-627768660ed0",
chg: [feed] added
2023-04-21 13:25:09 +00:00
"relationship_type": "created",
chg: [gen] updated
2023-12-14 14:30:15 +00:00
"timestamp": "1550351904",
"uuid": "5c687e20-a96c-45b3-9881-490b02de0b81"
},
{
"comment": "",
"object_uuid": "c9b962ff-144f-4eff-8505-627768660ed0",
"referenced_uuid": "e1adf2b0-0fe3-4d55-810d-d22a5856138e",
chg: [feed] added
2023-04-21 13:25:09 +00:00
"relationship_type": "created",
chg: [gen] updated
2023-12-14 14:30:15 +00:00
"timestamp": "1550351904",
"uuid": "5c687e20-016c-41d2-af30-4b8302de0b81"
},
{
"comment": "",
"object_uuid": "c9b962ff-144f-4eff-8505-627768660ed0",
"referenced_uuid": "54a84dcf-3588-458f-a3d9-5ce8629e89e2",
chg: [feed] added
2023-04-21 13:25:09 +00:00
"relationship_type": "created",
chg: [gen] updated
2023-12-14 14:30:15 +00:00
"timestamp": "1550351904",
"uuid": "5c687e20-2ebc-4c20-8492-409102de0b81"
},
{
"comment": "",
"object_uuid": "c9b962ff-144f-4eff-8505-627768660ed0",
"referenced_uuid": "15e00eb8-9c77-47af-b71e-b15c945791fe",
chg: [feed] added
2023-04-21 13:25:09 +00:00
"relationship_type": "created",
chg: [gen] updated
2023-12-14 14:30:15 +00:00
"timestamp": "1550351904",
"uuid": "5c687e20-2efc-4cbb-a58d-49a802de0b81"
},
{
"comment": "",
"object_uuid": "c9b962ff-144f-4eff-8505-627768660ed0",
"referenced_uuid": "f5ecdbfc-9c95-48d2-b9e7-c5dff3c080b4",
chg: [feed] added
2023-04-21 13:25:09 +00:00
"relationship_type": "created",
chg: [gen] updated
2023-12-14 14:30:15 +00:00
"timestamp": "1550351904",
"uuid": "5c687e20-4a00-41f3-86a4-41a402de0b81"
},
{
"comment": "",
"object_uuid": "c9b962ff-144f-4eff-8505-627768660ed0",
"referenced_uuid": "a22f23cb-3d81-4686-8581-9414b0aba1e1",
chg: [feed] added
2023-04-21 13:25:09 +00:00
"relationship_type": "opened",
chg: [gen] updated
2023-12-14 14:30:15 +00:00
"timestamp": "1550351904",
"uuid": "5c687e20-238c-4f27-8081-486e02de0b81"
},
{
"comment": "",
"object_uuid": "c9b962ff-144f-4eff-8505-627768660ed0",
"referenced_uuid": "6fdfde85-4599-44ab-aafc-956860f6e6c4",
chg: [feed] added
2023-04-21 13:25:09 +00:00
"relationship_type": "opened",
chg: [gen] updated
2023-12-14 14:30:15 +00:00
"timestamp": "1550351904",
"uuid": "5c687e20-b7e0-4f5a-a64a-4e0a02de0b81"
},
{
"comment": "",
"object_uuid": "c9b962ff-144f-4eff-8505-627768660ed0",
"referenced_uuid": "7dc2a39a-4944-49c1-891d-03c4a89752d2",
chg: [feed] added
2023-04-21 13:25:09 +00:00
"relationship_type": "opened",
chg: [gen] updated
2023-12-14 14:30:15 +00:00
"timestamp": "1550351904",
"uuid": "5c687e20-caa0-4688-88de-4e2302de0b81"
},
{
"comment": "",
"object_uuid": "c9b962ff-144f-4eff-8505-627768660ed0",
"referenced_uuid": "f8c2aa57-b94e-42de-aeec-0ac698fd0abe",
chg: [feed] added
2023-04-21 13:25:09 +00:00
"relationship_type": "opened",
chg: [gen] updated
2023-12-14 14:30:15 +00:00
"timestamp": "1550351904",
"uuid": "5c687e20-ddd4-4d81-878e-454a02de0b81"
},
{
"comment": "",
"object_uuid": "c9b962ff-144f-4eff-8505-627768660ed0",
"referenced_uuid": "5c607639-ce58-4a7d-a96a-b31d0c1de7fa",
chg: [feed] added
2023-04-21 13:25:09 +00:00
"relationship_type": "opened",
chg: [gen] updated
2023-12-14 14:30:15 +00:00
"timestamp": "1550351904",
"uuid": "5c687e20-d0d4-4d7c-be4e-43fd02de0b81"
},
{
"comment": "",
"object_uuid": "c9b962ff-144f-4eff-8505-627768660ed0",
"referenced_uuid": "f33b60a8-86aa-4318-a304-95c782b1939c",
chg: [feed] added
2023-04-21 13:25:09 +00:00
"relationship_type": "opened",
chg: [gen] updated
2023-12-14 14:30:15 +00:00
"timestamp": "1550351904",
"uuid": "5c687e20-9894-429e-9045-40b302de0b81"
},
{
"comment": "",
"object_uuid": "c9b962ff-144f-4eff-8505-627768660ed0",
"referenced_uuid": "cb9ad57a-983c-43eb-910b-1dc22121c017",
chg: [feed] added
2023-04-21 13:25:09 +00:00
"relationship_type": "opened",
chg: [gen] updated
2023-12-14 14:30:15 +00:00
"timestamp": "1550351904",
"uuid": "5c687e20-1ee8-4765-962a-4a4002de0b81"
},
{
"comment": "",
"object_uuid": "c9b962ff-144f-4eff-8505-627768660ed0",
"referenced_uuid": "73dd16a6-8e9b-4889-839e-2f6718a50041",
chg: [feed] added
2023-04-21 13:25:09 +00:00
"relationship_type": "opened",
chg: [gen] updated
2023-12-14 14:30:15 +00:00
"timestamp": "1550351904",
"uuid": "5c687e20-6aac-44d8-b4ac-45d502de0b81"
},
{
"comment": "",
"object_uuid": "c9b962ff-144f-4eff-8505-627768660ed0",
"referenced_uuid": "61af2af0-272f-413d-b70a-07611f8539c3",
chg: [feed] added
2023-04-21 13:25:09 +00:00
"relationship_type": "opened",
chg: [gen] updated
2023-12-14 14:30:15 +00:00
"timestamp": "1550351904",
"uuid": "5c687e20-eee0-4298-9693-4b9902de0b81"
},
{
"comment": "",
"object_uuid": "c9b962ff-144f-4eff-8505-627768660ed0",
"referenced_uuid": "5776026d-9220-4878-ae0d-3afdf6bd6194",
chg: [feed] added
2023-04-21 13:25:09 +00:00
"relationship_type": "opened",
chg: [gen] updated
2023-12-14 14:30:15 +00:00
"timestamp": "1550351904",
"uuid": "5c687e20-1a34-4038-bed5-47c202de0b81"
},
{
"comment": "",
"object_uuid": "c9b962ff-144f-4eff-8505-627768660ed0",
"referenced_uuid": "0f3708a6-7579-426a-9cbb-cff51cdbd0d7",
chg: [feed] added
2023-04-21 13:25:09 +00:00
"relationship_type": "opened",
chg: [gen] updated
2023-12-14 14:30:15 +00:00
"timestamp": "1550351905",
"uuid": "5c687e21-69d8-4021-9a07-437502de0b81"
},
{
"comment": "",
"object_uuid": "c9b962ff-144f-4eff-8505-627768660ed0",
"referenced_uuid": "26d235e0-d8d7-4256-b82f-f9b190519b6d",
chg: [feed] added
2023-04-21 13:25:09 +00:00
"relationship_type": "opened",
chg: [gen] updated
2023-12-14 14:30:15 +00:00
"timestamp": "1550351905",
"uuid": "5c687e21-7958-43b0-bcfd-460602de0b81"
},
{
"comment": "",
"object_uuid": "c9b962ff-144f-4eff-8505-627768660ed0",
"referenced_uuid": "bcb91a4b-aa4c-40ac-aff6-5b32acd085b9",
chg: [feed] added
2023-04-21 13:25:09 +00:00
"relationship_type": "opened",
chg: [gen] updated
2023-12-14 14:30:15 +00:00
"timestamp": "1550351905",
"uuid": "5c687e21-6434-42eb-847e-40ee02de0b81"
},
{
"comment": "",
"object_uuid": "c9b962ff-144f-4eff-8505-627768660ed0",
"referenced_uuid": "f10d6026-37f9-4894-8eb3-153f270ee3db",
chg: [feed] added
2023-04-21 13:25:09 +00:00
"relationship_type": "opened",
chg: [gen] updated
2023-12-14 14:30:15 +00:00
"timestamp": "1550351905",
"uuid": "5c687e21-7438-4edc-98b9-4b0102de0b81"
},
{
"comment": "",
"object_uuid": "c9b962ff-144f-4eff-8505-627768660ed0",
"referenced_uuid": "c0437d42-5bc3-4938-a16d-90a243afd4d3",
chg: [feed] added
2023-04-21 13:25:09 +00:00
"relationship_type": "opened",
chg: [gen] updated
2023-12-14 14:30:15 +00:00
"timestamp": "1550351905",
"uuid": "5c687e21-5a84-4a9c-bacf-4ba102de0b81"
},
{
"comment": "",
"object_uuid": "c9b962ff-144f-4eff-8505-627768660ed0",
"referenced_uuid": "ee561233-deaa-4a0f-8583-83ed4fc026f1",
chg: [feed] added
2023-04-21 13:25:09 +00:00
"relationship_type": "opened",
chg: [gen] updated
2023-12-14 14:30:15 +00:00
"timestamp": "1550351905",
"uuid": "5c687e21-ca58-414f-94de-4c8002de0b81"
},
{
"comment": "",
"object_uuid": "c9b962ff-144f-4eff-8505-627768660ed0",
"referenced_uuid": "025dc9c2-2e5a-44ce-a136-c9c75a4d1a87",
chg: [feed] added
2023-04-21 13:25:09 +00:00
"relationship_type": "opened",
chg: [gen] updated
2023-12-14 14:30:15 +00:00
"timestamp": "1550351905",
"uuid": "5c687e21-2e24-4e21-9331-447e02de0b81"
},
{
"comment": "",
"object_uuid": "c9b962ff-144f-4eff-8505-627768660ed0",
"referenced_uuid": "3c9637f6-32d8-45a7-b671-4eff38c122e7",
chg: [feed] added
2023-04-21 13:25:09 +00:00
"relationship_type": "opened",
chg: [gen] updated
2023-12-14 14:30:15 +00:00
"timestamp": "1550351905",
"uuid": "5c687e21-b190-4b0d-8aff-4e0102de0b81"
},
{
"comment": "",
"object_uuid": "c9b962ff-144f-4eff-8505-627768660ed0",
"referenced_uuid": "f32b6230-41b9-4926-8e41-f651f5611b32",
chg: [feed] added
2023-04-21 13:25:09 +00:00
"relationship_type": "opened",
chg: [gen] updated
2023-12-14 14:30:15 +00:00
"timestamp": "1550351905",
"uuid": "5c687e21-48d8-446a-938b-4a7e02de0b81"
},
{
"comment": "",
"object_uuid": "c9b962ff-144f-4eff-8505-627768660ed0",
"referenced_uuid": "ff576e31-f7fd-4c36-9424-0b47e46cffaa",
chg: [feed] added
2023-04-21 13:25:09 +00:00
"relationship_type": "opened",
chg: [gen] updated
2023-12-14 14:30:15 +00:00
"timestamp": "1550351905",
"uuid": "5c687e21-42a0-4480-aa0c-4db302de0b81"
},
{
"comment": "",
"object_uuid": "c9b962ff-144f-4eff-8505-627768660ed0",
"referenced_uuid": "d0ebef78-8280-4ae0-bc5c-26b59d85615e",
chg: [feed] added
2023-04-21 13:25:09 +00:00
"relationship_type": "opened",
chg: [gen] updated
2023-12-14 14:30:15 +00:00
"timestamp": "1550351905",
"uuid": "5c687e21-1b90-4122-959b-46bf02de0b81"
},
{
"comment": "",
"object_uuid": "c9b962ff-144f-4eff-8505-627768660ed0",
"referenced_uuid": "8f016b30-31ec-49e4-ad5a-4d0ce5c37109",
chg: [feed] added
2023-04-21 13:25:09 +00:00
"relationship_type": "read-from",
chg: [gen] updated
2023-12-14 14:30:15 +00:00
"timestamp": "1550351905",
"uuid": "5c687e21-9cec-45cb-bf89-4c1602de0b81"
},
{
"comment": "",
"object_uuid": "c9b962ff-144f-4eff-8505-627768660ed0",
"referenced_uuid": "eb012044-6124-4b96-8c56-690824570580",
chg: [feed] added
2023-04-21 13:25:09 +00:00
"relationship_type": "connected-to",
chg: [gen] updated
2023-12-14 14:30:15 +00:00
"timestamp": "1550351905",
"uuid": "5c687e21-1148-4432-bdbf-43c902de0b81"
}
],
"Attribute": [
{
"category": "Other",
"comment": "",
"deleted": false,
"disable_correlation": true,
"object_relation": "pid",
"timestamp": "1550351892",
"to_ids": false,
"type": "text",
"uuid": "07391edc-02ed-4391-90ca-87499d9a6d0d",
"value": "2520"
},
{
"category": "Other",
"comment": "",
"deleted": false,
"disable_correlation": false,
"object_relation": "name",
"timestamp": "1550351892",
"to_ids": false,
"type": "text",
"uuid": "db2122d9-58dc-410b-954a-dafd6870c974",
"value": "powershell.exe"
},
{
"category": "Other",
"comment": "",
"deleted": false,
"disable_correlation": true,
"object_relation": "parent-pid",
"timestamp": "1550351892",
"to_ids": false,
"type": "text",
"uuid": "f3c12178-5032-4529-b970-b8bd2290b550",
"value": "2496"
}
]
},
{
"comment": "",
"deleted": false,
"description": "Object describing a system process.",
"meta-category": "misc",
"name": "process",
"template_uuid": "02aeef94-ac23-455c-addb-731757ceafb5",
"template_version": "3",
"timestamp": "1550351893",
"uuid": "34614f0f-6f30-45fd-b710-ed9547534527",
"ObjectReference": [
{
"comment": "",
"object_uuid": "34614f0f-6f30-45fd-b710-ed9547534527",
"referenced_uuid": "880c63dd-1a2e-4fcc-9ad1-526e4aaeb635",
chg: [feed] added
2023-04-21 13:25:09 +00:00
"relationship_type": "child-of",
chg: [gen] updated
2023-12-14 14:30:15 +00:00
"timestamp": "1550351905",
"uuid": "5c687e21-06b8-4fee-9e08-40aa02de0b81"
},
{
"comment": "",
"object_uuid": "34614f0f-6f30-45fd-b710-ed9547534527",
"referenced_uuid": "07e706e6-0d49-4662-8b1b-5599df36dbaf",
chg: [feed] added
2023-04-21 13:25:09 +00:00
"relationship_type": "opened",
chg: [gen] updated
2023-12-14 14:30:15 +00:00
"timestamp": "1550351905",
"uuid": "5c687e22-1518-4e87-9b85-4f9602de0b81"
},
{
"comment": "",
"object_uuid": "34614f0f-6f30-45fd-b710-ed9547534527",
"referenced_uuid": "9fcf4e94-d16b-4540-b69e-75fe834c4a88",
chg: [feed] added
2023-04-21 13:25:09 +00:00
"relationship_type": "opened",
chg: [gen] updated
2023-12-14 14:30:15 +00:00
"timestamp": "1550351906",
"uuid": "5c687e22-9754-4a3e-a8f2-4ad102de0b81"
},
{
"comment": "",
"object_uuid": "34614f0f-6f30-45fd-b710-ed9547534527",
"referenced_uuid": "6f7de6d0-a260-4ba5-b58b-58c3679b32ea",
chg: [feed] added
2023-04-21 13:25:09 +00:00
"relationship_type": "opened",
chg: [gen] updated
2023-12-14 14:30:15 +00:00
"timestamp": "1550351906",
"uuid": "5c687e22-a7d4-4fb5-bae2-40c702de0b81"
}
],
"Attribute": [
{
"category": "Other",
"comment": "",
"deleted": false,
"disable_correlation": true,
"object_relation": "pid",
"timestamp": "1550351893",
"to_ids": false,
"type": "text",
"uuid": "4cca4b35-c876-4879-bc97-fd700a4a76cd",
"value": "2776"
},
{
"category": "Other",
"comment": "",
"deleted": false,
"disable_correlation": false,
"object_relation": "name",
"timestamp": "1550351893",
"to_ids": false,
"type": "text",
"uuid": "8edda909-799a-4b3a-b08e-4aef713c9d83",
"value": "winword.exe"
},
{
"category": "Other",
"comment": "",
"deleted": false,
"disable_correlation": true,
"object_relation": "parent-pid",
"timestamp": "1550351893",
"to_ids": false,
"type": "text",
"uuid": "12b2460b-30e3-4741-8a91-b6cba2b2b0d1",
"value": "2520"
}
]
},
{
"comment": "",
"deleted": false,
"description": "Object describing a system process.",
"meta-category": "misc",
"name": "process",
"template_uuid": "02aeef94-ac23-455c-addb-731757ceafb5",
"template_version": "3",
"timestamp": "1550351893",
"uuid": "1a13e7cd-acca-4ed9-b641-b545c715af60",
"ObjectReference": [
{
"comment": "",
"object_uuid": "1a13e7cd-acca-4ed9-b641-b545c715af60",
"referenced_uuid": "9f59c034-f16b-4f0b-a1d7-89b547c92195",
chg: [feed] added
2023-04-21 13:25:09 +00:00
"relationship_type": "child-of",
chg: [gen] updated
2023-12-14 14:30:15 +00:00
"timestamp": "1550351906",
"uuid": "5c687e22-6a88-43bb-b162-4fd002de0b81"
},
{
"comment": "",
"object_uuid": "1a13e7cd-acca-4ed9-b641-b545c715af60",
"referenced_uuid": "1a13e7cd-acca-4ed9-b641-b545c715af60",
chg: [feed] added
2023-04-21 13:25:09 +00:00
"relationship_type": "created",
chg: [gen] updated
2023-12-14 14:30:15 +00:00
"timestamp": "1550351906",
"uuid": "5c687e22-0260-4ca9-8169-47b202de0b81"
},
{
"comment": "",
"object_uuid": "1a13e7cd-acca-4ed9-b641-b545c715af60",
"referenced_uuid": "f5229ae9-caf0-4157-abf7-21c5e6c642b9",
chg: [feed] added
2023-04-21 13:25:09 +00:00
"relationship_type": "opened",
chg: [gen] updated
2023-12-14 14:30:15 +00:00
"timestamp": "1550351906",
"uuid": "5c687e22-160c-403d-9f41-47fe02de0b81"
},
{
"comment": "",
"object_uuid": "1a13e7cd-acca-4ed9-b641-b545c715af60",
"referenced_uuid": "d93d30ca-8cd9-4258-9355-7c77e0de39af",
chg: [feed] added
2023-04-21 13:25:09 +00:00
"relationship_type": "opened",
chg: [gen] updated
2023-12-14 14:30:15 +00:00
"timestamp": "1550351906",
"uuid": "5c687e22-65e8-4b05-8bf7-4be402de0b81"
},
{
"comment": "",
"object_uuid": "1a13e7cd-acca-4ed9-b641-b545c715af60",
"referenced_uuid": "ce3191d5-eecd-421e-9ac0-2a2f8c16a723",
chg: [feed] added
2023-04-21 13:25:09 +00:00
"relationship_type": "opened",
chg: [gen] updated
2023-12-14 14:30:15 +00:00
"timestamp": "1550351906",
"uuid": "5c687e22-0e84-4d45-9481-424002de0b81"
}
],
"Attribute": [
{
"category": "Other",
"comment": "",
"deleted": false,
"disable_correlation": true,
"object_relation": "pid",
"timestamp": "1550351894",
"to_ids": false,
"type": "text",
"uuid": "4924d329-51ef-49b0-bc73-c09a7935be8c",
"value": "2792"
},
{
"category": "Other",
"comment": "",
"deleted": false,
"disable_correlation": false,
"object_relation": "name",
"timestamp": "1550351894",
"to_ids": false,
"type": "text",
"uuid": "706227e1-634d-49c8-ae5c-a481457cb863",
"value": "cmd.exe"
},
{
"category": "Other",
"comment": "",
"deleted": false,
"disable_correlation": true,
"object_relation": "parent-pid",
"timestamp": "1550351894",
"to_ids": false,
"type": "text",
"uuid": "bce67245-fb5d-49a8-9f94-d57a683b6523",
"value": "2496"
}
]
},
{
"comment": "",
"deleted": false,
"description": "Object describing a system process.",
"meta-category": "misc",
"name": "process",
"template_uuid": "02aeef94-ac23-455c-addb-731757ceafb5",
"template_version": "3",
"timestamp": "1550351894",
"uuid": "9f59c034-f16b-4f0b-a1d7-89b547c92195",
"ObjectReference": [
{
"comment": "",
"object_uuid": "9f59c034-f16b-4f0b-a1d7-89b547c92195",
"referenced_uuid": "259b1821-d418-4510-aa04-b59e92dd3820",
chg: [feed] added
2023-04-21 13:25:09 +00:00
"relationship_type": "opened",
chg: [gen] updated
2023-12-14 14:30:15 +00:00
"timestamp": "1550351906",
"uuid": "5c687e22-ad78-477c-8970-48d602de0b81"
},
{
"comment": "",
"object_uuid": "9f59c034-f16b-4f0b-a1d7-89b547c92195",
"referenced_uuid": "87f3ae04-29bd-479b-ba51-96c97f705aab",
chg: [feed] added
2023-04-21 13:25:09 +00:00
"relationship_type": "opened",
chg: [gen] updated
2023-12-14 14:30:15 +00:00
"timestamp": "1550351906",
"uuid": "5c687e22-b77c-416d-8779-443302de0b81"
}
],
"Attribute": [
{
"category": "Other",
"comment": "",
"deleted": false,
"disable_correlation": true,
"object_relation": "pid",
"timestamp": "1550351894",
"to_ids": false,
"type": "text",
"uuid": "9a137123-e2eb-4c72-9c87-d877977d5d42",
"value": "2800"
},
{
"category": "Other",
"comment": "",
"deleted": false,
"disable_correlation": false,
"object_relation": "name",
"timestamp": "1550351894",
"to_ids": false,
"type": "text",
"uuid": "77d34d1a-92d2-47c3-9bf7-1d30fe34fa11",
"value": "reg.exe"
},
{
"category": "Other",
"comment": "",
"deleted": false,
"disable_correlation": true,
"object_relation": "parent-pid",
"timestamp": "1550351894",
"to_ids": false,
"type": "text",
"uuid": "088f1799-557c-46ea-b729-5b45dba25897",
"value": "2792"
}
]
},
{
"comment": "",
"deleted": false,
"description": "Object describing a system process.",
"meta-category": "misc",
"name": "process",
"template_uuid": "02aeef94-ac23-455c-addb-731757ceafb5",
"template_version": "3",
"timestamp": "1550351894",
"uuid": "d9dfafca-d8bb-4c84-adce-89beb1814b15",
"Attribute": [
{
"category": "Other",
"comment": "",
"deleted": false,
"disable_correlation": true,
"object_relation": "pid",
"timestamp": "1550351894",
"to_ids": false,
"type": "text",
"uuid": "f7959907-b730-43d0-be73-07734ed9f247",
"value": "2808"
},
{
"category": "Other",
"comment": "",
"deleted": false,
"disable_correlation": false,
"object_relation": "name",
"timestamp": "1550351894",
"to_ids": false,
"type": "text",
"uuid": "08c1d9bc-1026-4655-8847-c32f110913d1",
"value": "certutil.exe"
},
{
"category": "Other",
"comment": "",
"deleted": false,
"disable_correlation": true,
"object_relation": "parent-pid",
"timestamp": "1550351894",
"to_ids": false,
"type": "text",
"uuid": "63808d45-2ef1-4073-8c92-b64a72630901",
"value": "2496"
}
]
},
{
"comment": "",
"deleted": false,
"description": "Object describing a system process.",
"meta-category": "misc",
"name": "process",
"template_uuid": "02aeef94-ac23-455c-addb-731757ceafb5",
"template_version": "3",
"timestamp": "1550351894",
"uuid": "7d0bf6db-603d-4e65-ab6c-5bb5011d4c0e",
"ObjectReference": [
{
"comment": "",
"object_uuid": "7d0bf6db-603d-4e65-ab6c-5bb5011d4c0e",
"referenced_uuid": "2d414b6f-8d6b-41be-b6fa-012a859aacc8",
chg: [feed] added
2023-04-21 13:25:09 +00:00
"relationship_type": "child-of",
chg: [gen] updated
2023-12-14 14:30:15 +00:00
"timestamp": "1550351906",
"uuid": "5c687e22-dc2c-4345-8113-493602de0b81"
},
{
"comment": "",
"object_uuid": "7d0bf6db-603d-4e65-ab6c-5bb5011d4c0e",
"referenced_uuid": "23e7606b-8811-45df-b726-dabedcfcdd32",
chg: [feed] added
2023-04-21 13:25:09 +00:00
"relationship_type": "opened",
chg: [gen] updated
2023-12-14 14:30:15 +00:00
"timestamp": "1550351907",
"uuid": "5c687e23-3250-4b62-a25e-466a02de0b81"
},
{
"comment": "",
"object_uuid": "7d0bf6db-603d-4e65-ab6c-5bb5011d4c0e",
"referenced_uuid": "1f697f8c-84b1-4339-9906-1142cf955bef",
chg: [feed] added
2023-04-21 13:25:09 +00:00
"relationship_type": "opened",
chg: [gen] updated
2023-12-14 14:30:15 +00:00
"timestamp": "1550351907",
"uuid": "5c687e23-79d4-40a6-93f6-401d02de0b81"
},
{
"comment": "",
"object_uuid": "7d0bf6db-603d-4e65-ab6c-5bb5011d4c0e",
"referenced_uuid": "b8d47eff-96ba-436c-aa6b-bbd5ffb71ba5",
chg: [feed] added
2023-04-21 13:25:09 +00:00
"relationship_type": "opened",
chg: [gen] updated
2023-12-14 14:30:15 +00:00
"timestamp": "1550351907",
"uuid": "5c687e23-eb5c-4146-b3c5-442202de0b81"
},
{
"comment": "",
"object_uuid": "7d0bf6db-603d-4e65-ab6c-5bb5011d4c0e",
"referenced_uuid": "97492285-8474-4867-ae94-ec61a5fee43d",
chg: [feed] added
2023-04-21 13:25:09 +00:00
"relationship_type": "opened",
chg: [gen] updated
2023-12-14 14:30:15 +00:00
"timestamp": "1550351907",
"uuid": "5c687e23-3fcc-4c1b-9cdf-478d02de0b81"
},
{
"comment": "",
"object_uuid": "7d0bf6db-603d-4e65-ab6c-5bb5011d4c0e",
"referenced_uuid": "90ec3953-0b63-4d04-9648-a9caa664dfbd",
chg: [feed] added
2023-04-21 13:25:09 +00:00
"relationship_type": "opened",
chg: [gen] updated
2023-12-14 14:30:15 +00:00
"timestamp": "1550351908",
"uuid": "5c687e24-c790-407e-ab5a-408a02de0b81"
}
],
"Attribute": [
{
"category": "Other",
"comment": "",
"deleted": false,
"disable_correlation": true,
"object_relation": "pid",
"timestamp": "1550351894",
"to_ids": false,
"type": "text",
"uuid": "88f3b6df-b30a-477f-bce6-aefd8534b561",
"value": "2816"
},
{
"category": "Other",
"comment": "",
"deleted": false,
"disable_correlation": false,
"object_relation": "name",
"timestamp": "1550351894",
"to_ids": false,
"type": "text",
"uuid": "09bc3286-b7b9-409e-af1d-af3a7243fdf3",
"value": "regsvr32.exe"
},
{
"category": "Other",
"comment": "",
"deleted": false,
"disable_correlation": true,
"object_relation": "parent-pid",
"timestamp": "1550351894",
"to_ids": false,
"type": "text",
"uuid": "d6b05a77-7647-4707-ab8f-09595e5c01a8",
"value": "2496"
}
]
},
{
"comment": "",
"deleted": false,
"description": "Object describing a system process.",
"meta-category": "misc",
"name": "process",
"template_uuid": "02aeef94-ac23-455c-addb-731757ceafb5",
"template_version": "3",
"timestamp": "1550351894",
"uuid": "2d414b6f-8d6b-41be-b6fa-012a859aacc8",
"ObjectReference": [
{
"comment": "",
"object_uuid": "2d414b6f-8d6b-41be-b6fa-012a859aacc8",
"referenced_uuid": "1a2c35db-7775-41b8-88cc-e83025d0125c",
chg: [feed] added
2023-04-21 13:25:09 +00:00
"relationship_type": "created",
chg: [gen] updated
2023-12-14 14:30:15 +00:00
"timestamp": "1550351908",
"uuid": "5c687e24-e1d4-4b39-b3ba-420c02de0b81"
},
{
"comment": "",
"object_uuid": "2d414b6f-8d6b-41be-b6fa-012a859aacc8",
"referenced_uuid": "3d1557ba-a402-4dbb-b600-c029a70d2f86",
chg: [feed] added
2023-04-21 13:25:09 +00:00
"relationship_type": "created",
chg: [gen] updated
2023-12-14 14:30:15 +00:00
"timestamp": "1550351908",
"uuid": "5c687e24-8bdc-4dcb-b490-40c902de0b81"
},
{
"comment": "",
"object_uuid": "2d414b6f-8d6b-41be-b6fa-012a859aacc8",
"referenced_uuid": "f67a93e6-2d47-4b5c-b9b0-a3c4c0d28952",
chg: [feed] added
2023-04-21 13:25:09 +00:00
"relationship_type": "opened",
chg: [gen] updated
2023-12-14 14:30:15 +00:00
"timestamp": "1550351908",
"uuid": "5c687e24-aff8-4fbc-b35b-46e502de0b81"
},
{
"comment": "",
"object_uuid": "2d414b6f-8d6b-41be-b6fa-012a859aacc8",
"referenced_uuid": "13463837-8319-4893-96d4-d32a4bf2c6fa",
chg: [feed] added
2023-04-21 13:25:09 +00:00
"relationship_type": "opened",
chg: [gen] updated
2023-12-14 14:30:15 +00:00
"timestamp": "1550351908",
"uuid": "5c687e24-7ef8-4593-983b-47ce02de0b81"
},
{
"comment": "",
"object_uuid": "2d414b6f-8d6b-41be-b6fa-012a859aacc8",
"referenced_uuid": "a333fb2c-9866-4a78-9e52-b97ab50ec549",
chg: [feed] added
2023-04-21 13:25:09 +00:00
"relationship_type": "opened",
chg: [gen] updated
2023-12-14 14:30:15 +00:00
"timestamp": "1550351908",
"uuid": "5c687e24-b8dc-49f6-93ff-412402de0b81"
},
{
"comment": "",
"object_uuid": "2d414b6f-8d6b-41be-b6fa-012a859aacc8",
"referenced_uuid": "df73e3cc-c5a4-4e81-9222-80f55e6cd9e3",
chg: [feed] added
2023-04-21 13:25:09 +00:00
"relationship_type": "opened",
chg: [gen] updated
2023-12-14 14:30:15 +00:00
"timestamp": "1550351908",
"uuid": "5c687e24-2a04-41de-846a-4e4802de0b81"
},
{
"comment": "",
"object_uuid": "2d414b6f-8d6b-41be-b6fa-012a859aacc8",
"referenced_uuid": "4cf5eb52-9c30-4637-ac1f-9d66855e7edc",
chg: [feed] added
2023-04-21 13:25:09 +00:00
"relationship_type": "opened",
chg: [gen] updated
2023-12-14 14:30:15 +00:00
"timestamp": "1550351908",
"uuid": "5c687e24-ef58-46a2-8a87-44f002de0b81"
},
{
"comment": "",
"object_uuid": "2d414b6f-8d6b-41be-b6fa-012a859aacc8",
"referenced_uuid": "03ef6074-aaea-4605-a47c-44402d680d6e",
chg: [feed] added
2023-04-21 13:25:09 +00:00
"relationship_type": "opened",
chg: [gen] updated
2023-12-14 14:30:15 +00:00
"timestamp": "1550351908",
"uuid": "5c687e24-8c80-4eb0-86e6-442d02de0b81"
},
{
"comment": "",
"object_uuid": "2d414b6f-8d6b-41be-b6fa-012a859aacc8",
"referenced_uuid": "02a75dd8-d84e-4901-9b20-df78e6681dba",
chg: [feed] added
2023-04-21 13:25:09 +00:00
"relationship_type": "opened",
chg: [gen] updated
2023-12-14 14:30:15 +00:00
"timestamp": "1550351908",
"uuid": "5c687e24-1968-422b-935d-494a02de0b81"
},
{
"comment": "",
"object_uuid": "2d414b6f-8d6b-41be-b6fa-012a859aacc8",
"referenced_uuid": "b90ef13c-4165-4108-adc3-53234995361a",
chg: [feed] added
2023-04-21 13:25:09 +00:00
"relationship_type": "opened",
chg: [gen] updated
2023-12-14 14:30:15 +00:00
"timestamp": "1550351908",
"uuid": "5c687e24-0ca0-4a50-b90b-406102de0b81"
},
{
"comment": "",
"object_uuid": "2d414b6f-8d6b-41be-b6fa-012a859aacc8",
"referenced_uuid": "6237df85-dc61-44f2-8119-fb59591a9b22",
chg: [feed] added
2023-04-21 13:25:09 +00:00
"relationship_type": "connected-to",
chg: [gen] updated
2023-12-14 14:30:15 +00:00
"timestamp": "1550351908",
"uuid": "5c687e24-feb0-4ece-8dcb-4a0b02de0b81"
}
],
"Attribute": [
{
"category": "Other",
"comment": "",
"deleted": false,
"disable_correlation": true,
"object_relation": "pid",
"timestamp": "1550351894",
"to_ids": false,
"type": "text",
"uuid": "42cd887d-52cb-4341-ba6d-41d52355349a",
"value": "2920"
},
{
"category": "Other",
"comment": "",
"deleted": false,
"disable_correlation": false,
"object_relation": "name",
"timestamp": "1550351894",
"to_ids": false,
"type": "text",
"uuid": "1f77bca0-42aa-419c-98fc-f7ea8e9a6d13",
"value": "powershell.exe"
},
{
"category": "Other",
"comment": "",
"deleted": false,
"disable_correlation": true,
"object_relation": "parent-pid",
"timestamp": "1550351894",
"to_ids": false,
"type": "text",
"uuid": "a945fdf1-aa04-401e-bf8e-0c8dbe915e26",
"value": "2816"
}
]
},
{
"comment": "",
"deleted": false,
"description": "Object describing a system process.",
"meta-category": "misc",
"name": "process",
"template_uuid": "02aeef94-ac23-455c-addb-731757ceafb5",
"template_version": "3",
"timestamp": "1550351894",
"uuid": "880c63dd-1a2e-4fcc-9ad1-526e4aaeb635",
"ObjectReference": [
{
"comment": "",
"object_uuid": "880c63dd-1a2e-4fcc-9ad1-526e4aaeb635",
"referenced_uuid": "a843f0a9-0bdc-45e9-9026-552fc2a6db83",
chg: [feed] added
2023-04-21 13:25:09 +00:00
"relationship_type": "child-of",
chg: [gen] updated
2023-12-14 14:30:15 +00:00
"timestamp": "1550351909",
"uuid": "5c687e25-1734-437b-8c7d-414102de0b81"
},
{
"comment": "",
"object_uuid": "880c63dd-1a2e-4fcc-9ad1-526e4aaeb635",
"referenced_uuid": "b6e96fa4-11c7-4d21-9f4d-3322335c6f38",
chg: [feed] added
2023-04-21 13:25:09 +00:00
"relationship_type": "child-of",
chg: [gen] updated
2023-12-14 14:30:15 +00:00
"timestamp": "1550351909",
"uuid": "5c687e25-aedc-41fc-a575-412902de0b81"
},
{
"comment": "",
"object_uuid": "880c63dd-1a2e-4fcc-9ad1-526e4aaeb635",
"referenced_uuid": "7130a770-0975-49c8-86ff-a9a719a229cf",
chg: [feed] added
2023-04-21 13:25:09 +00:00
"relationship_type": "child-of",
chg: [gen] updated
2023-12-14 14:30:15 +00:00
"timestamp": "1550351909",
"uuid": "5c687e25-d578-4f3f-aae1-46c702de0b81"
},
{
"comment": "",
"object_uuid": "880c63dd-1a2e-4fcc-9ad1-526e4aaeb635",
"referenced_uuid": "19cb0bdf-b056-4504-9bf5-0a59272da052",
chg: [feed] added
2023-04-21 13:25:09 +00:00
"relationship_type": "child-of",
chg: [gen] updated
2023-12-14 14:30:15 +00:00
"timestamp": "1550351909",
"uuid": "5c687e25-d3e4-46a2-bf6b-48c302de0b81"
},
{
"comment": "",
"object_uuid": "880c63dd-1a2e-4fcc-9ad1-526e4aaeb635",
"referenced_uuid": "a7157e4e-92f0-46f4-9527-0740de387c48",
chg: [feed] added
2023-04-21 13:25:09 +00:00
"relationship_type": "created",
chg: [gen] updated
2023-12-14 14:30:15 +00:00
"timestamp": "1550351909",
"uuid": "5c687e25-93b0-45fa-b06c-42ac02de0b81"
},
{
"comment": "",
"object_uuid": "880c63dd-1a2e-4fcc-9ad1-526e4aaeb635",
"referenced_uuid": "880c63dd-1a2e-4fcc-9ad1-526e4aaeb635",
chg: [feed] added
2023-04-21 13:25:09 +00:00
"relationship_type": "created",
chg: [gen] updated
2023-12-14 14:30:15 +00:00
"timestamp": "1550351909",
"uuid": "5c687e25-8c64-478e-af71-4c6402de0b81"
},
{
"comment": "",
"object_uuid": "880c63dd-1a2e-4fcc-9ad1-526e4aaeb635",
"referenced_uuid": "c506a7b6-efe2-4710-969f-5f5b055eaa1a",
chg: [feed] added
2023-04-21 13:25:09 +00:00
"relationship_type": "deleted",
chg: [gen] updated
2023-12-14 14:30:15 +00:00
"timestamp": "1550351909",
"uuid": "5c687e25-a154-48d1-b6cb-497d02de0b81"
},
{
"comment": "",
"object_uuid": "880c63dd-1a2e-4fcc-9ad1-526e4aaeb635",
"referenced_uuid": "ed5b3977-3470-446e-a6f0-af41b68e5353",
chg: [feed] added
2023-04-21 13:25:09 +00:00
"relationship_type": "deleted",
chg: [gen] updated
2023-12-14 14:30:15 +00:00
"timestamp": "1550351909",
"uuid": "5c687e25-5ba8-4180-93a8-43ce02de0b81"
},
{
"comment": "",
"object_uuid": "880c63dd-1a2e-4fcc-9ad1-526e4aaeb635",
"referenced_uuid": "f5229ae9-caf0-4157-abf7-21c5e6c642b9",
chg: [feed] added
2023-04-21 13:25:09 +00:00
"relationship_type": "opened",
chg: [gen] updated
2023-12-14 14:30:15 +00:00
"timestamp": "1550351909",
"uuid": "5c687e25-9114-49d4-92a3-4be202de0b81"
},
{
"comment": "",
"object_uuid": "880c63dd-1a2e-4fcc-9ad1-526e4aaeb635",
"referenced_uuid": "d93d30ca-8cd9-4258-9355-7c77e0de39af",
chg: [feed] added
2023-04-21 13:25:09 +00:00
"relationship_type": "opened",
chg: [gen] updated
2023-12-14 14:30:15 +00:00
"timestamp": "1550351909",
"uuid": "5c687e25-d000-4915-8238-4aaf02de0b81"
},
{
"comment": "",
"object_uuid": "880c63dd-1a2e-4fcc-9ad1-526e4aaeb635",
"referenced_uuid": "ce3191d5-eecd-421e-9ac0-2a2f8c16a723",
chg: [feed] added
2023-04-21 13:25:09 +00:00
"relationship_type": "opened",
chg: [gen] updated
2023-12-14 14:30:15 +00:00
"timestamp": "1550351909",
"uuid": "5c687e25-d810-4c5c-ad6b-45d302de0b81"
}
],
"Attribute": [
{
"category": "Other",
"comment": "",
"deleted": false,
"disable_correlation": true,
"object_relation": "pid",
"timestamp": "1550351894",
"to_ids": false,
"type": "text",
"uuid": "e80ee900-8211-4947-b9ee-cf06343939ae",
"value": "2992"
},
{
"category": "Other",
"comment": "",
"deleted": false,
"disable_correlation": false,
"object_relation": "name",
"timestamp": "1550351894",
"to_ids": false,
"type": "text",
"uuid": "00d673f6-dad3-4896-b4a3-7bbdb18ee127",
"value": "cmd.exe"
},
{
"category": "Other",
"comment": "",
"deleted": false,
"disable_correlation": true,
"object_relation": "parent-pid",
"timestamp": "1550351894",
"to_ids": false,
"type": "text",
"uuid": "9a3db6fc-d402-411a-8c03-293adbf890db",
"value": "2776"
}
]
},
{
"comment": "",
"deleted": false,
"description": "Object describing a system process.",
"meta-category": "misc",
"name": "process",
"template_uuid": "02aeef94-ac23-455c-addb-731757ceafb5",
"template_version": "3",
"timestamp": "1550351894",
"uuid": "a843f0a9-0bdc-45e9-9026-552fc2a6db83",
"ObjectReference": [
{
"comment": "",
"object_uuid": "a843f0a9-0bdc-45e9-9026-552fc2a6db83",
"referenced_uuid": "fa72dedc-50fd-4bf9-94c1-73b7d256b231",
chg: [feed] added
2023-04-21 13:25:09 +00:00
"relationship_type": "child-of",
chg: [gen] updated
2023-12-14 14:30:15 +00:00
"timestamp": "1550351909",
"uuid": "5c687e25-19d4-4434-b11c-43c902de0b81"
},
{
"comment": "",
"object_uuid": "a843f0a9-0bdc-45e9-9026-552fc2a6db83",
"referenced_uuid": "a843f0a9-0bdc-45e9-9026-552fc2a6db83",
chg: [feed] added
2023-04-21 13:25:09 +00:00
"relationship_type": "created",
chg: [gen] updated
2023-12-14 14:30:15 +00:00
"timestamp": "1550351909",
"uuid": "5c687e25-059c-42a7-9120-4aeb02de0b81"
},
{
"comment": "",
"object_uuid": "a843f0a9-0bdc-45e9-9026-552fc2a6db83",
"referenced_uuid": "8db13a1c-440f-41aa-92a6-41dc534e4efd",
chg: [feed] added
2023-04-21 13:25:09 +00:00
"relationship_type": "created",
chg: [gen] updated
2023-12-14 14:30:15 +00:00
"timestamp": "1550351909",
"uuid": "5c687e25-a830-4d8a-a8f3-4df902de0b81"
},
{
"comment": "",
"object_uuid": "a843f0a9-0bdc-45e9-9026-552fc2a6db83",
"referenced_uuid": "9521bc93-04e4-4844-9666-a0659854c7d7",
chg: [feed] added
2023-04-21 13:25:09 +00:00
"relationship_type": "created",
chg: [gen] updated
2023-12-14 14:30:15 +00:00
"timestamp": "1550351909",
"uuid": "5c687e25-89c0-4ec7-9453-44de02de0b81"
},
{
"comment": "",
"object_uuid": "a843f0a9-0bdc-45e9-9026-552fc2a6db83",
"referenced_uuid": "81e50c7c-f333-4e67-aedf-775eec9a4fe1",
chg: [feed] added
2023-04-21 13:25:09 +00:00
"relationship_type": "opened",
chg: [gen] updated
2023-12-14 14:30:15 +00:00
"timestamp": "1550351910",
"uuid": "5c687e26-55a4-4704-93f0-448902de0b81"
},
{
"comment": "",
"object_uuid": "a843f0a9-0bdc-45e9-9026-552fc2a6db83",
"referenced_uuid": "0f3708a6-7579-426a-9cbb-cff51cdbd0d7",
chg: [feed] added
2023-04-21 13:25:09 +00:00
"relationship_type": "opened",
chg: [gen] updated
2023-12-14 14:30:15 +00:00
"timestamp": "1550351910",
"uuid": "5c687e26-0624-4850-9079-4c3702de0b81"
},
{
"comment": "",
"object_uuid": "a843f0a9-0bdc-45e9-9026-552fc2a6db83",
"referenced_uuid": "bcb91a4b-aa4c-40ac-aff6-5b32acd085b9",
chg: [feed] added
2023-04-21 13:25:09 +00:00
"relationship_type": "opened",
chg: [gen] updated
2023-12-14 14:30:15 +00:00
"timestamp": "1550351910",
"uuid": "5c687e26-6660-41a7-af15-4e7a02de0b81"
}
],
"Attribute": [
{
"category": "Other",
"comment": "",
"deleted": false,
"disable_correlation": true,
"object_relation": "pid",
"timestamp": "1550351894",
"to_ids": false,
"type": "text",
"uuid": "a8ab8f25-8c91-49e8-9f1d-7eaced94887e",
"value": "3048"
},
{
"category": "Other",
"comment": "",
"deleted": false,
"disable_correlation": false,
"object_relation": "name",
"timestamp": "1550351894",
"to_ids": false,
"type": "text",
"uuid": "e3900919-950e-4ee8-923e-81a8342e2f66",
"value": "powershell.exe"
},
{
"category": "Other",
"comment": "",
"deleted": false,
"disable_correlation": true,
"object_relation": "parent-pid",
"timestamp": "1550351894",
"to_ids": false,
"type": "text",
"uuid": "3dde9650-9c02-4776-b668-857f2e5f6994",
"value": "2992"
}
]
},
{
"comment": "",
"deleted": false,
"description": "Object describing a system process.",
"meta-category": "misc",
"name": "process",
"template_uuid": "02aeef94-ac23-455c-addb-731757ceafb5",
"template_version": "3",
"timestamp": "1550351894",
"uuid": "fa72dedc-50fd-4bf9-94c1-73b7d256b231",
"ObjectReference": [
{
"comment": "",
"object_uuid": "fa72dedc-50fd-4bf9-94c1-73b7d256b231",
"referenced_uuid": "52974b70-ac9e-403f-acf4-7241c91dc77a",
chg: [feed] added
2023-04-21 13:25:09 +00:00
"relationship_type": "child-of",
chg: [gen] updated
2023-12-14 14:30:15 +00:00
"timestamp": "1550351910",
"uuid": "5c687e26-ed48-4aac-8b8b-4dfc02de0b81"
},
{
"comment": "",
"object_uuid": "fa72dedc-50fd-4bf9-94c1-73b7d256b231",
"referenced_uuid": "07e706e6-0d49-4662-8b1b-5599df36dbaf",
chg: [feed] added
2023-04-21 13:25:09 +00:00
"relationship_type": "opened",
chg: [gen] updated
2023-12-14 14:30:15 +00:00
"timestamp": "1550351910",
"uuid": "5c687e26-3b34-41af-aef5-420f02de0b81"
},
{
"comment": "",
"object_uuid": "fa72dedc-50fd-4bf9-94c1-73b7d256b231",
"referenced_uuid": "9fcf4e94-d16b-4540-b69e-75fe834c4a88",
chg: [feed] added
2023-04-21 13:25:09 +00:00
"relationship_type": "opened",
chg: [gen] updated
2023-12-14 14:30:15 +00:00
"timestamp": "1550351910",
"uuid": "5c687e26-a128-4e6b-9bf1-48a602de0b81"
},
{
"comment": "",
"object_uuid": "fa72dedc-50fd-4bf9-94c1-73b7d256b231",
"referenced_uuid": "6f7de6d0-a260-4ba5-b58b-58c3679b32ea",
chg: [feed] added
2023-04-21 13:25:09 +00:00
"relationship_type": "opened",
chg: [gen] updated
2023-12-14 14:30:15 +00:00
"timestamp": "1550351910",
"uuid": "5c687e26-dbe0-4a20-b615-446f02de0b81"
}
],
"Attribute": [
{
"category": "Other",
"comment": "",
"deleted": false,
"disable_correlation": true,
"object_relation": "pid",
"timestamp": "1550351894",
"to_ids": false,
"type": "text",
"uuid": "0251df7f-5998-4297-ba5d-068bf673ee99",
"value": "2064"
},
{
"category": "Other",
"comment": "",
"deleted": false,
"disable_correlation": false,
"object_relation": "name",
"timestamp": "1550351894",
"to_ids": false,
"type": "text",
"uuid": "cfdb4ca6-70e7-46d8-9a3c-897aa802a107",
"value": "winword.exe"
},
{
"category": "Other",
"comment": "",
"deleted": false,
"disable_correlation": true,
"object_relation": "parent-pid",
"timestamp": "1550351894",
"to_ids": false,
"type": "text",
"uuid": "5fa8229a-e960-4cc8-9cdf-d16a6d5c0e9b",
"value": "3048"
}
]
},
{
"comment": "",
"deleted": false,
"description": "Object describing a system process.",
"meta-category": "misc",
"name": "process",
"template_uuid": "02aeef94-ac23-455c-addb-731757ceafb5",
"template_version": "3",
"timestamp": "1550351894",
"uuid": "b6e96fa4-11c7-4d21-9f4d-3322335c6f38",
"ObjectReference": [
{
"comment": "",
"object_uuid": "b6e96fa4-11c7-4d21-9f4d-3322335c6f38",
"referenced_uuid": "c6289ecd-0fc8-4a2f-ae06-e4929e597e04",
chg: [feed] added
2023-04-21 13:25:09 +00:00
"relationship_type": "child-of",
chg: [gen] updated
2023-12-14 14:30:15 +00:00
"timestamp": "1550351910",
"uuid": "5c687e26-ae28-48b1-b037-493502de0b81"
},
{
"comment": "",
"object_uuid": "b6e96fa4-11c7-4d21-9f4d-3322335c6f38",
"referenced_uuid": "f5229ae9-caf0-4157-abf7-21c5e6c642b9",
chg: [feed] added
2023-04-21 13:25:09 +00:00
"relationship_type": "opened",
chg: [gen] updated
2023-12-14 14:30:15 +00:00
"timestamp": "1550351910",
"uuid": "5c687e26-c594-45ae-a109-438802de0b81"
},
{
"comment": "",
"object_uuid": "b6e96fa4-11c7-4d21-9f4d-3322335c6f38",
"referenced_uuid": "d93d30ca-8cd9-4258-9355-7c77e0de39af",
chg: [feed] added
2023-04-21 13:25:09 +00:00
"relationship_type": "opened",
chg: [gen] updated
2023-12-14 14:30:15 +00:00
"timestamp": "1550351910",
"uuid": "5c687e26-9de8-4a2b-958b-4f9102de0b81"
},
{
"comment": "",
"object_uuid": "b6e96fa4-11c7-4d21-9f4d-3322335c6f38",
"referenced_uuid": "ce3191d5-eecd-421e-9ac0-2a2f8c16a723",
chg: [feed] added
2023-04-21 13:25:09 +00:00
"relationship_type": "opened",
chg: [gen] updated
2023-12-14 14:30:15 +00:00
"timestamp": "1550351910",
"uuid": "5c687e26-9914-4d4a-8ed9-404a02de0b81"
}
],
"Attribute": [
{
"category": "Other",
"comment": "",
"deleted": false,
"disable_correlation": true,
"object_relation": "pid",
"timestamp": "1550351894",
"to_ids": false,
"type": "text",
"uuid": "ae60791f-eb05-45f6-9869-4f51e58c9abc",
"value": "1400"
},
{
"category": "Other",
"comment": "",
"deleted": false,
"disable_correlation": false,
"object_relation": "name",
"timestamp": "1550351894",
"to_ids": false,
"type": "text",
"uuid": "edcc5ceb-a315-4ed1-a77d-4452b892cca3",
"value": "cmd.exe"
},
{
"category": "Other",
"comment": "",
"deleted": false,
"disable_correlation": true,
"object_relation": "parent-pid",
"timestamp": "1550351894",
"to_ids": false,
"type": "text",
"uuid": "28220896-936f-4bf9-809f-9481312103af",
"value": "2992"
}
]
},
{
"comment": "",
"deleted": false,
"description": "Object describing a system process.",
"meta-category": "misc",
"name": "process",
"template_uuid": "02aeef94-ac23-455c-addb-731757ceafb5",
"template_version": "3",
"timestamp": "1550351894",
"uuid": "c6289ecd-0fc8-4a2f-ae06-e4929e597e04",
"ObjectReference": [
{
"comment": "",
"object_uuid": "c6289ecd-0fc8-4a2f-ae06-e4929e597e04",
"referenced_uuid": "259b1821-d418-4510-aa04-b59e92dd3820",
chg: [feed] added
2023-04-21 13:25:09 +00:00
"relationship_type": "opened",
chg: [gen] updated
2023-12-14 14:30:15 +00:00
"timestamp": "1550351910",
"uuid": "5c687e26-5bfc-48ac-8d0b-44dc02de0b81"
},
{
"comment": "",
"object_uuid": "c6289ecd-0fc8-4a2f-ae06-e4929e597e04",
"referenced_uuid": "87f3ae04-29bd-479b-ba51-96c97f705aab",
chg: [feed] added
2023-04-21 13:25:09 +00:00
"relationship_type": "opened",
chg: [gen] updated
2023-12-14 14:30:15 +00:00
"timestamp": "1550351910",
"uuid": "5c687e26-e874-4315-9c98-44ac02de0b81"
}
],
"Attribute": [
{
"category": "Other",
"comment": "",
"deleted": false,
"disable_correlation": true,
"object_relation": "pid",
"timestamp": "1550351894",
"to_ids": false,
"type": "text",
"uuid": "c7ea5a1e-af84-4a7f-83f1-2919612602ed",
"value": "1652"
},
{
"category": "Other",
"comment": "",
"deleted": false,
"disable_correlation": false,
"object_relation": "name",
"timestamp": "1550351894",
"to_ids": false,
"type": "text",
"uuid": "35bfa137-8840-411b-a04b-ee54ce3a7e2e",
"value": "reg.exe"
},
{
"category": "Other",
"comment": "",
"deleted": false,
"disable_correlation": true,
"object_relation": "parent-pid",
"timestamp": "1550351894",
"to_ids": false,
"type": "text",
"uuid": "e52795d0-d993-4608-b353-bb8c5e013aef",
"value": "1400"
}
]
},
{
"comment": "",
"deleted": false,
"description": "Object describing a system process.",
"meta-category": "misc",
"name": "process",
"template_uuid": "02aeef94-ac23-455c-addb-731757ceafb5",
"template_version": "3",
"timestamp": "1550351894",
"uuid": "7130a770-0975-49c8-86ff-a9a719a229cf",
"Attribute": [
{
"category": "Other",
"comment": "",
"deleted": false,
"disable_correlation": true,
"object_relation": "pid",
"timestamp": "1550351895",
"to_ids": false,
"type": "text",
"uuid": "e71fe848-f21b-4b23-9a13-1f9fcd893443",
"value": "872"
},
{
"category": "Other",
"comment": "",
"deleted": false,
"disable_correlation": false,
"object_relation": "name",
"timestamp": "1550351895",
"to_ids": false,
"type": "text",
"uuid": "ff5f4161-7f55-4076-bfd6-45977b612e83",
"value": "certutil.exe"
},
{
"category": "Other",
"comment": "",
"deleted": false,
"disable_correlation": true,
"object_relation": "parent-pid",
"timestamp": "1550351895",
"to_ids": false,
"type": "text",
"uuid": "690575e6-11f0-420b-b0dc-6338dcb12cc9",
"value": "2992"
}
]
},
{
"comment": "",
"deleted": false,
"description": "Object describing a system process.",
"meta-category": "misc",
"name": "process",
"template_uuid": "02aeef94-ac23-455c-addb-731757ceafb5",
"template_version": "3",
"timestamp": "1550351895",
"uuid": "19cb0bdf-b056-4504-9bf5-0a59272da052",
"ObjectReference": [
{
"comment": "",
"object_uuid": "19cb0bdf-b056-4504-9bf5-0a59272da052",
"referenced_uuid": "a003da6d-9fc0-4d1e-9278-e71e45b000a0",
chg: [feed] added
2023-04-21 13:25:09 +00:00
"relationship_type": "child-of",
chg: [gen] updated
2023-12-14 14:30:15 +00:00
"timestamp": "1550351911",
"uuid": "5c687e27-e078-404b-a829-4dbc02de0b81"
},
{
"comment": "",
"object_uuid": "19cb0bdf-b056-4504-9bf5-0a59272da052",
"referenced_uuid": "23e7606b-8811-45df-b726-dabedcfcdd32",
chg: [feed] added
2023-04-21 13:25:09 +00:00
"relationship_type": "opened",
chg: [gen] updated
2023-12-14 14:30:15 +00:00
"timestamp": "1550351911",
"uuid": "5c687e27-d7c0-4f5f-bcba-493b02de0b81"
},
{
"comment": "",
"object_uuid": "19cb0bdf-b056-4504-9bf5-0a59272da052",
"referenced_uuid": "1f697f8c-84b1-4339-9906-1142cf955bef",
chg: [feed] added
2023-04-21 13:25:09 +00:00
"relationship_type": "opened",
chg: [gen] updated
2023-12-14 14:30:15 +00:00
"timestamp": "1550351911",
"uuid": "5c687e27-41f4-40dd-8b6e-453702de0b81"
},
{
"comment": "",
"object_uuid": "19cb0bdf-b056-4504-9bf5-0a59272da052",
"referenced_uuid": "b8d47eff-96ba-436c-aa6b-bbd5ffb71ba5",
chg: [feed] added
2023-04-21 13:25:09 +00:00
"relationship_type": "opened",
chg: [gen] updated
2023-12-14 14:30:15 +00:00
"timestamp": "1550351911",
"uuid": "5c687e27-c728-4fda-a39f-4bac02de0b81"
},
{
"comment": "",
"object_uuid": "19cb0bdf-b056-4504-9bf5-0a59272da052",
"referenced_uuid": "97492285-8474-4867-ae94-ec61a5fee43d",
chg: [feed] added
2023-04-21 13:25:09 +00:00
"relationship_type": "opened",
chg: [gen] updated
2023-12-14 14:30:15 +00:00
"timestamp": "1550351911",
"uuid": "5c687e27-dbbc-48ee-8d08-4d2c02de0b81"
},
{
"comment": "",
"object_uuid": "19cb0bdf-b056-4504-9bf5-0a59272da052",
"referenced_uuid": "90ec3953-0b63-4d04-9648-a9caa664dfbd",
chg: [feed] added
2023-04-21 13:25:09 +00:00
"relationship_type": "opened",
chg: [gen] updated
2023-12-14 14:30:15 +00:00
"timestamp": "1550351911",
"uuid": "5c687e27-04fc-44be-9163-4c4902de0b81"
}
],
"Attribute": [
{
"category": "Other",
"comment": "",
"deleted": false,
"disable_correlation": true,
"object_relation": "pid",
"timestamp": "1550351895",
"to_ids": false,
"type": "text",
"uuid": "6fbd93e4-982e-4274-aa5e-6434929f076a",
"value": "528"
},
{
"category": "Other",
"comment": "",
"deleted": false,
"disable_correlation": false,
"object_relation": "name",
"timestamp": "1550351895",
"to_ids": false,
"type": "text",
"uuid": "ecccaa82-fc84-446c-bd79-41a6f500171b",
"value": "regsvr32.exe"
},
{
"category": "Other",
"comment": "",
"deleted": false,
"disable_correlation": true,
"object_relation": "parent-pid",
"timestamp": "1550351895",
"to_ids": false,
"type": "text",
"uuid": "148177b0-6c6e-454b-bf64-719db4ef657e",
"value": "2992"
}
]
},
{
"comment": "",
"deleted": false,
"description": "Object describing a system process.",
"meta-category": "misc",
"name": "process",
"template_uuid": "02aeef94-ac23-455c-addb-731757ceafb5",
"template_version": "3",
"timestamp": "1550351895",
"uuid": "a003da6d-9fc0-4d1e-9278-e71e45b000a0",
"ObjectReference": [
{
"comment": "",
"object_uuid": "a003da6d-9fc0-4d1e-9278-e71e45b000a0",
"referenced_uuid": "26856757-3649-4363-b5a9-68030b721470",
chg: [feed] added
2023-04-21 13:25:09 +00:00
"relationship_type": "created",
chg: [gen] updated
2023-12-14 14:30:15 +00:00
"timestamp": "1550351911",
"uuid": "5c687e27-4a0c-4fad-aa7d-4ad502de0b81"
},
{
"comment": "",
"object_uuid": "a003da6d-9fc0-4d1e-9278-e71e45b000a0",
"referenced_uuid": "b6f3370e-44ff-4d65-887c-3ade077174a8",
chg: [feed] added
2023-04-21 13:25:09 +00:00
"relationship_type": "created",
chg: [gen] updated
2023-12-14 14:30:15 +00:00
"timestamp": "1550351911",
"uuid": "5c687e27-4c58-4597-9330-4a4902de0b81"
},
{
"comment": "",
"object_uuid": "a003da6d-9fc0-4d1e-9278-e71e45b000a0",
"referenced_uuid": "5776026d-9220-4878-ae0d-3afdf6bd6194",
chg: [feed] added
2023-04-21 13:25:09 +00:00
"relationship_type": "opened",
chg: [gen] updated
2023-12-14 14:30:15 +00:00
"timestamp": "1550351911",
"uuid": "5c687e27-eee4-48ae-b343-40dc02de0b81"
},
{
"comment": "",
"object_uuid": "a003da6d-9fc0-4d1e-9278-e71e45b000a0",
"referenced_uuid": "45dac7ec-362e-49e2-a6ab-8d55e4d08276",
chg: [feed] added
2023-04-21 13:25:09 +00:00
"relationship_type": "opened",
chg: [gen] updated
2023-12-14 14:30:15 +00:00
"timestamp": "1550351911",
"uuid": "5c687e27-2e9c-4136-8e4e-490d02de0b81"
},
{
"comment": "",
"object_uuid": "a003da6d-9fc0-4d1e-9278-e71e45b000a0",
"referenced_uuid": "6237df85-dc61-44f2-8119-fb59591a9b22",
chg: [feed] added
2023-04-21 13:25:09 +00:00
"relationship_type": "connected-to",
chg: [gen] updated
2023-12-14 14:30:15 +00:00
"timestamp": "1550351911",
"uuid": "5c687e27-b964-426c-bed9-43a502de0b81"
}
],
"Attribute": [
{
"category": "Other",
"comment": "",
"deleted": false,
"disable_correlation": true,
"object_relation": "pid",
"timestamp": "1550351896",
"to_ids": false,
"type": "text",
"uuid": "a967c2c0-4810-4f5e-a60c-45aa1666a13e",
"value": "1888"
},
{
"category": "Other",
"comment": "",
"deleted": false,
"disable_correlation": false,
"object_relation": "name",
"timestamp": "1550351896",
"to_ids": false,
"type": "text",
"uuid": "bb06a91b-ecbc-46a4-bc97-ef8bd5643aba",
"value": "powershell.exe"
},
{
"category": "Other",
"comment": "",
"deleted": false,
"disable_correlation": true,
"object_relation": "parent-pid",
"timestamp": "1550351896",
"to_ids": false,
"type": "text",
"uuid": "71b7c29b-fd39-41ce-857c-eb07b612e0c6",
"value": "528"
}
]
},
{
"comment": "",
"deleted": false,
"description": "Object describing a system process.",
"meta-category": "misc",
"name": "process",
"template_uuid": "02aeef94-ac23-455c-addb-731757ceafb5",
"template_version": "3",
"timestamp": "1550351896",
"uuid": "52974b70-ac9e-403f-acf4-7241c91dc77a",
"ObjectReference": [
{
"comment": "",
"object_uuid": "52974b70-ac9e-403f-acf4-7241c91dc77a",
"referenced_uuid": "cb25832a-5c41-4d71-b9e1-3ab4dc65b0e0",
chg: [feed] added
2023-04-21 13:25:09 +00:00
"relationship_type": "child-of",
chg: [gen] updated
2023-12-14 14:30:15 +00:00
"timestamp": "1550351911",
"uuid": "5c687e27-dccc-496c-b68c-439702de0b81"
},
{
"comment": "",
"object_uuid": "52974b70-ac9e-403f-acf4-7241c91dc77a",
"referenced_uuid": "9b6515dd-130e-4c99-97ac-b252ba8321fa",
chg: [feed] added
2023-04-21 13:25:09 +00:00
"relationship_type": "child-of",
chg: [gen] updated
2023-12-14 14:30:15 +00:00
"timestamp": "1550351911",
"uuid": "5c687e27-a35c-4827-bd00-41d002de0b81"
},
{
"comment": "",
"object_uuid": "52974b70-ac9e-403f-acf4-7241c91dc77a",
"referenced_uuid": "9f1ca1ce-1035-482d-b529-a8bf66044797",
chg: [feed] added
2023-04-21 13:25:09 +00:00
"relationship_type": "child-of",
chg: [gen] updated
2023-12-14 14:30:15 +00:00
"timestamp": "1550351911",
"uuid": "5c687e27-1078-48b4-ab8e-482c02de0b81"
},
{
"comment": "",
"object_uuid": "52974b70-ac9e-403f-acf4-7241c91dc77a",
"referenced_uuid": "bb2b8e79-ecb6-4b02-9bde-ada74269494f",
chg: [feed] added
2023-04-21 13:25:09 +00:00
"relationship_type": "child-of",
chg: [gen] updated
2023-12-14 14:30:15 +00:00
"timestamp": "1550351911",
"uuid": "5c687e27-12cc-4733-a302-48c602de0b81"
},
{
"comment": "",
"object_uuid": "52974b70-ac9e-403f-acf4-7241c91dc77a",
"referenced_uuid": "a7157e4e-92f0-46f4-9527-0740de387c48",
chg: [feed] added
2023-04-21 13:25:09 +00:00
"relationship_type": "created",
chg: [gen] updated
2023-12-14 14:30:15 +00:00
"timestamp": "1550351911",
"uuid": "5c687e27-d20c-4dba-b1d4-46cc02de0b81"
},
{
"comment": "",
"object_uuid": "52974b70-ac9e-403f-acf4-7241c91dc77a",
"referenced_uuid": "52974b70-ac9e-403f-acf4-7241c91dc77a",
chg: [feed] added
2023-04-21 13:25:09 +00:00
"relationship_type": "created",
chg: [gen] updated
2023-12-14 14:30:15 +00:00
"timestamp": "1550351912",
"uuid": "5c687e28-a64c-4ee2-8d00-415302de0b81"
},
{
"comment": "",
"object_uuid": "52974b70-ac9e-403f-acf4-7241c91dc77a",
"referenced_uuid": "19c24c8e-9e77-470f-9f9f-a835a3631685",
chg: [feed] added
2023-04-21 13:25:09 +00:00
"relationship_type": "deleted",
chg: [gen] updated
2023-12-14 14:30:15 +00:00
"timestamp": "1550351912",
"uuid": "5c687e28-bbc0-440d-b7d2-4d1402de0b81"
},
{
"comment": "",
"object_uuid": "52974b70-ac9e-403f-acf4-7241c91dc77a",
"referenced_uuid": "9135f0d8-5dd2-4677-afc4-51f1488e9517",
chg: [feed] added
2023-04-21 13:25:09 +00:00
"relationship_type": "deleted",
chg: [gen] updated
2023-12-14 14:30:15 +00:00
"timestamp": "1550351912",
"uuid": "5c687e28-f6b4-4740-ae2e-48aa02de0b81"
},
{
"comment": "",
"object_uuid": "52974b70-ac9e-403f-acf4-7241c91dc77a",
"referenced_uuid": "f5229ae9-caf0-4157-abf7-21c5e6c642b9",
chg: [feed] added
2023-04-21 13:25:09 +00:00
"relationship_type": "opened",
chg: [gen] updated
2023-12-14 14:30:15 +00:00
"timestamp": "1550351912",
"uuid": "5c687e28-a64c-4ae8-a41d-4ff402de0b81"
},
{
"comment": "",
"object_uuid": "52974b70-ac9e-403f-acf4-7241c91dc77a",
"referenced_uuid": "d93d30ca-8cd9-4258-9355-7c77e0de39af",
chg: [feed] added
2023-04-21 13:25:09 +00:00
"relationship_type": "opened",
chg: [gen] updated
2023-12-14 14:30:15 +00:00
"timestamp": "1550351912",
"uuid": "5c687e28-b1e8-4d0a-b47c-4fff02de0b81"
},
{
"comment": "",
"object_uuid": "52974b70-ac9e-403f-acf4-7241c91dc77a",
"referenced_uuid": "ce3191d5-eecd-421e-9ac0-2a2f8c16a723",
chg: [feed] added
2023-04-21 13:25:09 +00:00
"relationship_type": "opened",
chg: [gen] updated
2023-12-14 14:30:15 +00:00
"timestamp": "1550351912",
"uuid": "5c687e28-c7e4-4aec-b603-488f02de0b81"
}
],
"Attribute": [
{
"category": "Other",
"comment": "",
"deleted": false,
"disable_correlation": true,
"object_relation": "pid",
"timestamp": "1550351896",
"to_ids": false,
"type": "text",
"uuid": "ea2fdcec-5f0a-4cee-a8c3-08e1c23c1b8e",
"value": "2336"
},
{
"category": "Other",
"comment": "",
"deleted": false,
"disable_correlation": false,
"object_relation": "name",
"timestamp": "1550351896",
"to_ids": false,
"type": "text",
"uuid": "95b87995-65c5-4da7-adef-46e4f9715395",
"value": "cmd.exe"
},
{
"category": "Other",
"comment": "",
"deleted": false,
"disable_correlation": true,
"object_relation": "parent-pid",
"timestamp": "1550351896",
"to_ids": false,
"type": "text",
"uuid": "cf003b7c-2185-4d05-85d0-af3f1168ae0a",
"value": "2064"
}
]
},
{
"comment": "",
"deleted": false,
"description": "Object describing a system process.",
"meta-category": "misc",
"name": "process",
"template_uuid": "02aeef94-ac23-455c-addb-731757ceafb5",
"template_version": "3",
"timestamp": "1550351896",
"uuid": "cb25832a-5c41-4d71-b9e1-3ab4dc65b0e0",
"ObjectReference": [
{
"comment": "",
"object_uuid": "cb25832a-5c41-4d71-b9e1-3ab4dc65b0e0",
"referenced_uuid": "f49ae108-cec3-468c-9515-e52be2f2fb4f",
chg: [feed] added
2023-04-21 13:25:09 +00:00
"relationship_type": "child-of",
chg: [gen] updated
2023-12-14 14:30:15 +00:00
"timestamp": "1550351912",
"uuid": "5c687e28-98e4-465f-bd70-4d9002de0b81"
},
{
"comment": "",
"object_uuid": "cb25832a-5c41-4d71-b9e1-3ab4dc65b0e0",
"referenced_uuid": "a843f0a9-0bdc-45e9-9026-552fc2a6db83",
chg: [feed] added
2023-04-21 13:25:09 +00:00
"relationship_type": "created",
chg: [gen] updated
2023-12-14 14:30:15 +00:00
"timestamp": "1550351912",
"uuid": "5c687e28-6ac4-463c-8682-4ef502de0b81"
},
{
"comment": "",
"object_uuid": "cb25832a-5c41-4d71-b9e1-3ab4dc65b0e0",
"referenced_uuid": "e0ccc2c6-f993-477f-8c05-29bc1ae627c6",
chg: [feed] added
2023-04-21 13:25:09 +00:00
"relationship_type": "created",
chg: [gen] updated
2023-12-14 14:30:15 +00:00
"timestamp": "1550351912",
"uuid": "5c687e28-d29c-49c1-91e5-449802de0b81"
},
{
"comment": "",
"object_uuid": "cb25832a-5c41-4d71-b9e1-3ab4dc65b0e0",
"referenced_uuid": "986b61a3-779e-49e4-94d0-f04e5546c9a8",
chg: [feed] added
2023-04-21 13:25:09 +00:00
"relationship_type": "created",
chg: [gen] updated
2023-12-14 14:30:15 +00:00
"timestamp": "1550351912",
"uuid": "5c687e28-2c9c-401b-820c-4a6702de0b81"
},
{
"comment": "",
"object_uuid": "cb25832a-5c41-4d71-b9e1-3ab4dc65b0e0",
"referenced_uuid": "a22f23cb-3d81-4686-8581-9414b0aba1e1",
chg: [feed] added
2023-04-21 13:25:09 +00:00
"relationship_type": "opened",
chg: [gen] updated
2023-12-14 14:30:15 +00:00
"timestamp": "1550351912",
"uuid": "5c687e28-4b94-4741-9cf3-4ae902de0b81"
},
{
"comment": "",
"object_uuid": "cb25832a-5c41-4d71-b9e1-3ab4dc65b0e0",
"referenced_uuid": "6fdfde85-4599-44ab-aafc-956860f6e6c4",
chg: [feed] added
2023-04-21 13:25:09 +00:00
"relationship_type": "opened",
chg: [gen] updated
2023-12-14 14:30:15 +00:00
"timestamp": "1550351912",
"uuid": "5c687e28-81f4-47e5-84f8-417002de0b81"
},
{
"comment": "",
"object_uuid": "cb25832a-5c41-4d71-b9e1-3ab4dc65b0e0",
"referenced_uuid": "4d0ffbfc-0be3-4499-a722-4b64db129025",
chg: [feed] added
2023-04-21 13:25:09 +00:00
"relationship_type": "opened",
chg: [gen] updated
2023-12-14 14:30:15 +00:00
"timestamp": "1550351912",
"uuid": "5c687e28-1ef0-4e32-8ea3-475502de0b81"
}
],
"Attribute": [
{
"category": "Other",
"comment": "",
"deleted": false,
"disable_correlation": true,
"object_relation": "pid",
"timestamp": "1550351896",
"to_ids": false,
"type": "text",
"uuid": "41fd5fc5-7652-486e-8358-3af2839c1f18",
"value": "2356"
},
{
"category": "Other",
"comment": "",
"deleted": false,
"disable_correlation": false,
"object_relation": "name",
"timestamp": "1550351896",
"to_ids": false,
"type": "text",
"uuid": "ca8922b4-f93a-4e04-b165-4967cf135661",
"value": "powershell.exe"
},
{
"category": "Other",
"comment": "",
"deleted": false,
"disable_correlation": true,
"object_relation": "parent-pid",
"timestamp": "1550351896",
"to_ids": false,
"type": "text",
"uuid": "c1d0b21c-30b9-49f2-b772-b0c68df78108",
"value": "2336"
}
]
},
{
"comment": "",
"deleted": false,
"description": "Object describing a system process.",
"meta-category": "misc",
"name": "process",
"template_uuid": "02aeef94-ac23-455c-addb-731757ceafb5",
"template_version": "3",
"timestamp": "1550351896",
"uuid": "f49ae108-cec3-468c-9515-e52be2f2fb4f",
"Attribute": [
{
"category": "Other",
"comment": "",
"deleted": false,
"disable_correlation": true,
"object_relation": "pid",
"timestamp": "1550351896",
"to_ids": false,
"type": "text",
"uuid": "429d695e-e5f5-4158-9285-5990d45308b0",
"value": "2504"
},
{
"category": "Other",
"comment": "",
"deleted": false,
"disable_correlation": false,
"object_relation": "name",
"timestamp": "1550351896",
"to_ids": false,
"type": "text",
"uuid": "556bf079-a3ca-4a53-a7d1-fc60dbe1a7a6",
"value": "winword.exe"
},
{
"category": "Other",
"comment": "",
"deleted": false,
"disable_correlation": true,
"object_relation": "parent-pid",
"timestamp": "1550351896",
"to_ids": false,
"type": "text",
"uuid": "c8faa126-3558-4a2a-bf51-1d664fb2318f",
"value": "2356"
}
]
},
{
"comment": "",
"deleted": false,
"description": "Object describing a system process.",
"meta-category": "misc",
"name": "process",
"template_uuid": "02aeef94-ac23-455c-addb-731757ceafb5",
"template_version": "3",
"timestamp": "1550351896",
"uuid": "9b6515dd-130e-4c99-97ac-b252ba8321fa",
"ObjectReference": [
{
"comment": "",
"object_uuid": "9b6515dd-130e-4c99-97ac-b252ba8321fa",
"referenced_uuid": "dab2040d-cfe8-4757-a6e9-dcca4230b6c2",
chg: [feed] added
2023-04-21 13:25:09 +00:00
"relationship_type": "child-of",
chg: [gen] updated
2023-12-14 14:30:15 +00:00
"timestamp": "1550351912",
"uuid": "5c687e28-c094-40b6-b076-416a02de0b81"
},
{
"comment": "",
"object_uuid": "9b6515dd-130e-4c99-97ac-b252ba8321fa",
"referenced_uuid": "9b6515dd-130e-4c99-97ac-b252ba8321fa",
chg: [feed] added
2023-04-21 13:25:09 +00:00
"relationship_type": "created",
chg: [gen] updated
2023-12-14 14:30:15 +00:00
"timestamp": "1550351912",
"uuid": "5c687e28-507c-4a0c-8b9a-4d4702de0b81"
},
{
"comment": "",
"object_uuid": "9b6515dd-130e-4c99-97ac-b252ba8321fa",
"referenced_uuid": "f5229ae9-caf0-4157-abf7-21c5e6c642b9",
chg: [feed] added
2023-04-21 13:25:09 +00:00
"relationship_type": "opened",
chg: [gen] updated
2023-12-14 14:30:15 +00:00
"timestamp": "1550351913",
"uuid": "5c687e29-a564-4b78-a30f-4b9002de0b81"
},
{
"comment": "",
"object_uuid": "9b6515dd-130e-4c99-97ac-b252ba8321fa",
"referenced_uuid": "d93d30ca-8cd9-4258-9355-7c77e0de39af",
chg: [feed] added
2023-04-21 13:25:09 +00:00
"relationship_type": "opened",
chg: [gen] updated
2023-12-14 14:30:15 +00:00
"timestamp": "1550351913",
"uuid": "5c687e29-ec34-4ab9-8e27-4f4602de0b81"
},
{
"comment": "",
"object_uuid": "9b6515dd-130e-4c99-97ac-b252ba8321fa",
"referenced_uuid": "ce3191d5-eecd-421e-9ac0-2a2f8c16a723",
chg: [feed] added
2023-04-21 13:25:09 +00:00
"relationship_type": "opened",
chg: [gen] updated
2023-12-14 14:30:15 +00:00
"timestamp": "1550351913",
"uuid": "5c687e29-3238-451b-aa27-4ed702de0b81"
}
],
"Attribute": [
{
"category": "Other",
"comment": "",
"deleted": false,
"disable_correlation": true,
"object_relation": "pid",
"timestamp": "1550351896",
"to_ids": false,
"type": "text",
"uuid": "ac842899-7160-4d6b-80c1-fa9deaab542c",
"value": "2724"
},
{
"category": "Other",
"comment": "",
"deleted": false,
"disable_correlation": false,
"object_relation": "name",
"timestamp": "1550351896",
"to_ids": false,
"type": "text",
"uuid": "fc121af0-bcc1-48a7-a915-0ca0d1418a4e",
"value": "cmd.exe"
},
{
"category": "Other",
"comment": "",
"deleted": false,
"disable_correlation": true,
"object_relation": "parent-pid",
"timestamp": "1550351896",
"to_ids": false,
"type": "text",
"uuid": "775972eb-d8fa-4cdd-8897-02cf028de937",
"value": "2336"
}
]
},
{
"comment": "",
"deleted": false,
"description": "Object describing a system process.",
"meta-category": "misc",
"name": "process",
"template_uuid": "02aeef94-ac23-455c-addb-731757ceafb5",
"template_version": "3",
"timestamp": "1550351896",
"uuid": "dab2040d-cfe8-4757-a6e9-dcca4230b6c2",
"ObjectReference": [
{
"comment": "",
"object_uuid": "dab2040d-cfe8-4757-a6e9-dcca4230b6c2",
"referenced_uuid": "259b1821-d418-4510-aa04-b59e92dd3820",
chg: [feed] added
2023-04-21 13:25:09 +00:00
"relationship_type": "opened",
chg: [gen] updated
2023-12-14 14:30:15 +00:00
"timestamp": "1550351913",
"uuid": "5c687e29-1dd8-46ff-91d3-4ed102de0b81"
},
{
"comment": "",
"object_uuid": "dab2040d-cfe8-4757-a6e9-dcca4230b6c2",
"referenced_uuid": "87f3ae04-29bd-479b-ba51-96c97f705aab",
chg: [feed] added
2023-04-21 13:25:09 +00:00
"relationship_type": "opened",
chg: [gen] updated
2023-12-14 14:30:15 +00:00
"timestamp": "1550351913",
"uuid": "5c687e29-145c-4ff8-b8ee-4ce502de0b81"
}
],
"Attribute": [
{
"category": "Other",
"comment": "",
"deleted": false,
"disable_correlation": true,
"object_relation": "pid",
"timestamp": "1550351896",
"to_ids": false,
"type": "text",
"uuid": "c6ee9fdd-8c5c-48e4-b6af-7a168af094c5",
"value": "2744"
},
{
"category": "Other",
"comment": "",
"deleted": false,
"disable_correlation": false,
"object_relation": "name",
"timestamp": "1550351896",
"to_ids": false,
"type": "text",
"uuid": "6cecc0d9-4840-4110-9011-240e7de18b12",
"value": "reg.exe"
},
{
"category": "Other",
"comment": "",
"deleted": false,
"disable_correlation": true,
"object_relation": "parent-pid",
"timestamp": "1550351896",
"to_ids": false,
"type": "text",
"uuid": "fe28b1c2-8207-4769-9afa-dca8428aaac1",
"value": "2724"
}
]
},
{
"comment": "",
"deleted": false,
"description": "Object describing a system process.",
"meta-category": "misc",
"name": "process",
"template_uuid": "02aeef94-ac23-455c-addb-731757ceafb5",
"template_version": "3",
"timestamp": "1550351896",
"uuid": "9f1ca1ce-1035-482d-b529-a8bf66044797",
"Attribute": [
{
"category": "Other",
"comment": "",
"deleted": false,
"disable_correlation": true,
"object_relation": "pid",
"timestamp": "1550351897",
"to_ids": false,
"type": "text",
"uuid": "4edd01a8-397a-4dd2-98d7-d27cfc991a63",
"value": "3008"
},
{
"category": "Other",
"comment": "",
"deleted": false,
"disable_correlation": false,
"object_relation": "name",
"timestamp": "1550351897",
"to_ids": false,
"type": "text",
"uuid": "7e09b10b-85b8-4b9d-91c0-15b25b69feb3",
"value": "certutil.exe"
},
{
"category": "Other",
"comment": "",
"deleted": false,
"disable_correlation": true,
"object_relation": "parent-pid",
"timestamp": "1550351897",
"to_ids": false,
"type": "text",
"uuid": "0cc543b8-3fcb-4584-a0bf-68fbf6cb4018",
"value": "2336"
}
]
},
{
"comment": "",
"deleted": false,
"description": "Object describing a system process.",
"meta-category": "misc",
"name": "process",
"template_uuid": "02aeef94-ac23-455c-addb-731757ceafb5",
"template_version": "3",
"timestamp": "1550351897",
"uuid": "bb2b8e79-ecb6-4b02-9bde-ada74269494f",
"ObjectReference": [
{
"comment": "",
"object_uuid": "bb2b8e79-ecb6-4b02-9bde-ada74269494f",
"referenced_uuid": "e670465d-b55a-4ef3-8c43-a7d6a8f6f511",
chg: [feed] added
2023-04-21 13:25:09 +00:00
"relationship_type": "child-of",
chg: [gen] updated
2023-12-14 14:30:15 +00:00
"timestamp": "1550351913",
"uuid": "5c687e29-dd84-4016-979d-4b2b02de0b81"
},
{
"comment": "",
"object_uuid": "bb2b8e79-ecb6-4b02-9bde-ada74269494f",
"referenced_uuid": "23e7606b-8811-45df-b726-dabedcfcdd32",
chg: [feed] added
2023-04-21 13:25:09 +00:00
"relationship_type": "opened",
chg: [gen] updated
2023-12-14 14:30:15 +00:00
"timestamp": "1550351913",
"uuid": "5c687e29-c43c-4658-9ab7-406602de0b81"
},
{
"comment": "",
"object_uuid": "bb2b8e79-ecb6-4b02-9bde-ada74269494f",
"referenced_uuid": "1f697f8c-84b1-4339-9906-1142cf955bef",
chg: [feed] added
2023-04-21 13:25:09 +00:00
"relationship_type": "opened",
chg: [gen] updated
2023-12-14 14:30:15 +00:00
"timestamp": "1550351913",
"uuid": "5c687e29-de40-4f03-be51-486b02de0b81"
},
{
"comment": "",
"object_uuid": "bb2b8e79-ecb6-4b02-9bde-ada74269494f",
"referenced_uuid": "b8d47eff-96ba-436c-aa6b-bbd5ffb71ba5",
chg: [feed] added
2023-04-21 13:25:09 +00:00
"relationship_type": "opened",
chg: [gen] updated
2023-12-14 14:30:15 +00:00
"timestamp": "1550351913",
"uuid": "5c687e29-24b4-4599-b566-4ed002de0b81"
},
{
"comment": "",
"object_uuid": "bb2b8e79-ecb6-4b02-9bde-ada74269494f",
"referenced_uuid": "97492285-8474-4867-ae94-ec61a5fee43d",
chg: [feed] added
2023-04-21 13:25:09 +00:00
"relationship_type": "opened",
chg: [gen] updated
2023-12-14 14:30:15 +00:00
"timestamp": "1550351913",
"uuid": "5c687e29-cc98-41e3-b0a5-45df02de0b81"
},
{
"comment": "",
"object_uuid": "bb2b8e79-ecb6-4b02-9bde-ada74269494f",
"referenced_uuid": "90ec3953-0b63-4d04-9648-a9caa664dfbd",
chg: [feed] added
2023-04-21 13:25:09 +00:00
"relationship_type": "opened",
chg: [gen] updated
2023-12-14 14:30:15 +00:00
"timestamp": "1550351913",
"uuid": "5c687e29-6e08-4aed-90a7-4f9402de0b81"
}
],
"Attribute": [
{
"category": "Other",
"comment": "",
"deleted": false,
"disable_correlation": true,
"object_relation": "pid",
"timestamp": "1550351897",
"to_ids": false,
"type": "text",
"uuid": "66db46fe-abff-4138-a594-9e1b69baa3db",
"value": "3040"
},
{
"category": "Other",
"comment": "",
"deleted": false,
"disable_correlation": false,
"object_relation": "name",
"timestamp": "1550351897",
"to_ids": false,
"type": "text",
"uuid": "6270d2e3-5f43-42c7-9b20-1aeac50e7bfd",
"value": "regsvr32.exe"
},
{
"category": "Other",
"comment": "",
"deleted": false,
"disable_correlation": true,
"object_relation": "parent-pid",
"timestamp": "1550351897",
"to_ids": false,
"type": "text",
"uuid": "db9955be-40b0-47b0-9e49-6345daed7651",
"value": "2336"
}
]
},
{
"comment": "",
"deleted": false,
"description": "Object describing a system process.",
"meta-category": "misc",
"name": "process",
"template_uuid": "02aeef94-ac23-455c-addb-731757ceafb5",
"template_version": "3",
"timestamp": "1550351897",
"uuid": "e670465d-b55a-4ef3-8c43-a7d6a8f6f511",
"ObjectReference": [
{
"comment": "",
"object_uuid": "e670465d-b55a-4ef3-8c43-a7d6a8f6f511",
"referenced_uuid": "d9b95f52-efdd-4083-abaa-20bf42be135a",
chg: [feed] added
2023-04-21 13:25:09 +00:00
"relationship_type": "created",
chg: [gen] updated
2023-12-14 14:30:15 +00:00
"timestamp": "1550351914",
"uuid": "5c687e2a-eb3c-4f7a-95b7-4bc202de0b81"
},
{
"comment": "",
"object_uuid": "e670465d-b55a-4ef3-8c43-a7d6a8f6f511",
"referenced_uuid": "3e0e85ee-ceb1-442e-a652-351e691cfc60",
chg: [feed] added
2023-04-21 13:25:09 +00:00
"relationship_type": "created",
chg: [gen] updated
2023-12-14 14:30:15 +00:00
"timestamp": "1550351914",
"uuid": "5c687e2a-d390-4621-8795-4a7202de0b81"
},
{
"comment": "",
"object_uuid": "e670465d-b55a-4ef3-8c43-a7d6a8f6f511",
"referenced_uuid": "a22f23cb-3d81-4686-8581-9414b0aba1e1",
chg: [feed] added
2023-04-21 13:25:09 +00:00
"relationship_type": "opened",
chg: [gen] updated
2023-12-14 14:30:15 +00:00
"timestamp": "1550351914",
"uuid": "5c687e2a-d548-4313-98cc-47b702de0b81"
},
{
"comment": "",
"object_uuid": "e670465d-b55a-4ef3-8c43-a7d6a8f6f511",
"referenced_uuid": "6fdfde85-4599-44ab-aafc-956860f6e6c4",
chg: [feed] added
2023-04-21 13:25:09 +00:00
"relationship_type": "opened",
chg: [gen] updated
2023-12-14 14:30:15 +00:00
"timestamp": "1550351914",
"uuid": "5c687e2a-2928-400d-b5cc-4d8802de0b81"
},
{
"comment": "",
"object_uuid": "e670465d-b55a-4ef3-8c43-a7d6a8f6f511",
"referenced_uuid": "7dc2a39a-4944-49c1-891d-03c4a89752d2",
chg: [feed] added
2023-04-21 13:25:09 +00:00
"relationship_type": "opened",
chg: [gen] updated
2023-12-14 14:30:15 +00:00
"timestamp": "1550351914",
"uuid": "5c687e2a-2980-4bb8-9274-4a3c02de0b81"
},
{
"comment": "",
"object_uuid": "e670465d-b55a-4ef3-8c43-a7d6a8f6f511",
"referenced_uuid": "f8c2aa57-b94e-42de-aeec-0ac698fd0abe",
chg: [feed] added
2023-04-21 13:25:09 +00:00
"relationship_type": "opened",
chg: [gen] updated
2023-12-14 14:30:15 +00:00
"timestamp": "1550351914",
"uuid": "5c687e2a-4cf0-4e44-be4f-4c9d02de0b81"
},
{
"comment": "",
"object_uuid": "e670465d-b55a-4ef3-8c43-a7d6a8f6f511",
"referenced_uuid": "2c56936f-2ddc-4102-ba4a-153ec9a0dad2",
chg: [feed] added
2023-04-21 13:25:09 +00:00
"relationship_type": "opened",
chg: [gen] updated
2023-12-14 14:30:15 +00:00
"timestamp": "1550351914",
"uuid": "5c687e2a-8f6c-4199-91d8-40bc02de0b81"
},
{
"comment": "",
"object_uuid": "e670465d-b55a-4ef3-8c43-a7d6a8f6f511",
"referenced_uuid": "8e656cc6-482e-4952-869a-6cba4d726f83",
chg: [feed] added
2023-04-21 13:25:09 +00:00
"relationship_type": "opened",
chg: [gen] updated
2023-12-14 14:30:15 +00:00
"timestamp": "1550351914",
"uuid": "5c687e2a-b2bc-43ea-a2ae-4df302de0b81"
},
{
"comment": "",
"object_uuid": "e670465d-b55a-4ef3-8c43-a7d6a8f6f511",
"referenced_uuid": "6237df85-dc61-44f2-8119-fb59591a9b22",
chg: [feed] added
2023-04-21 13:25:09 +00:00
"relationship_type": "connected-to",
chg: [gen] updated
2023-12-14 14:30:15 +00:00
"timestamp": "1550351914",
"uuid": "5c687e2a-be30-4dcf-96c1-406802de0b81"
}
],
"Attribute": [
{
"category": "Other",
"comment": "",
"deleted": false,
"disable_correlation": true,
"object_relation": "pid",
"timestamp": "1550351897",
"to_ids": false,
"type": "text",
"uuid": "5af2c6e2-8f3e-4e8d-b94a-6a70542d3adb",
"value": "1484"
},
{
"category": "Other",
"comment": "",
"deleted": false,
"disable_correlation": false,
"object_relation": "name",
"timestamp": "1550351897",
"to_ids": false,
"type": "text",
"uuid": "81a0f420-d2ec-4f21-ab55-fbadb3a88ef5",
"value": "powershell.exe"
},
{
"category": "Other",
"comment": "",
"deleted": false,
"disable_correlation": true,
"object_relation": "parent-pid",
"timestamp": "1550351897",
"to_ids": false,
"type": "text",
"uuid": "c49ca006-65cd-4790-b102-f08ed67bb796",
"value": "3040"
}
]
},
{
"comment": "",
"deleted": false,
"description": "File object describing a file with meta-information",
"meta-category": "file",
"name": "file",
"template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215",
"template_version": "16",
"timestamp": "1550351897",
"uuid": "248da2ce-03f8-47fb-b4a0-07321377590f",
"Attribute": [
{
"category": "Payload delivery",
"comment": "",
"deleted": false,
"disable_correlation": true,
"object_relation": "filename",
"timestamp": "1550351897",
"to_ids": false,
"type": "filename",
"uuid": "bb5fd50e-95cd-44b2-93e9-96000a00a01c",
"value": "Users\\aETAdzjz\\AppData\\Roaming\\N9OO5pxpBYkU.bat"
},
{
"category": "Other",
"comment": "",
"deleted": false,
"disable_correlation": false,
"object_relation": "fullpath",
"timestamp": "1550351897",
"to_ids": false,
"type": "text",
"uuid": "eccab234-da55-4632-9a19-b883ed497496",
"value": "%APPDATA%\\N9OO5pxpBYkU.bat"
},
{
"category": "Other",
"comment": "",
"deleted": false,
"disable_correlation": true,
"object_relation": "path",
"timestamp": "1550351897",
"to_ids": false,
"type": "text",
"uuid": "eba94abd-7ec1-4328-8d19-5bb5aca72c11",
"value": "Users\\aETAdzjz\\AppData\\Roaming\\N9OO5pxpBYkU.bat"
}
]
},
{
"comment": "",
"deleted": false,
"description": "Registry key object describing a Windows registry key with value and last-modified timestamp",
"meta-category": "file",
"name": "registry-key",
"template_uuid": "8b3228ad-6d82-4fe6-b2ae-05426308f1d5",
"template_version": "4",
"timestamp": "1550351897",
"uuid": "a2907899-5858-4892-a2a3-3018be097ef4",
"Attribute": [
{
"category": "Persistence mechanism",
"comment": "",
"deleted": false,
"disable_correlation": false,
"object_relation": "key",
"timestamp": "1550351897",
"to_ids": false,
"type": "regkey",
"uuid": "1dc36939-c65e-4c55-9150-8ce0b65571b0",
"value": "HKCU\\Software\\Microsoft\\Notepad"
},
{
"category": "Other",
"comment": "",
"deleted": false,
"disable_correlation": true,
"object_relation": "hive",
"timestamp": "1550351897",
"to_ids": false,
"type": "text",
"uuid": "3db22caa-6290-4035-97b7-90dda6ee343b",
"value": "INVALID"
},
{
"category": "Other",
"comment": "",
"deleted": false,
"disable_correlation": true,
"object_relation": "data-type",
"timestamp": "1550351897",
"to_ids": false,
"type": "text",
"uuid": "005ca5f1-459d-484e-bb81-492a07edff59",
"value": "REG_SZ"
},
{
"category": "Other",
"comment": "",
"deleted": false,
"disable_correlation": false,
"object_relation": "data",
"timestamp": "1550351897",
"to_ids": false,
"type": "text",
"uuid": "2bffc72e-801d-4c1c-b5f5-c8a7c9e48f70",
"value": "qE8zByJzpkyD"
},
{
"category": "Other",
"comment": "",
"deleted": false,
"disable_correlation": false,
"object_relation": "name",
"timestamp": "1550351897",
"to_ids": false,
"type": "text",
"uuid": "4bdec99a-519b-46f0-9e3c-f44c819e7e17",
"value": "aETAdzjz"
}
]
},
{
"comment": "",
"deleted": false,
"description": "File object describing a file with meta-information",
"meta-category": "file",
"name": "file",
"template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215",
"template_version": "16",
"timestamp": "1550351897",
"uuid": "d53a6a39-a6fa-49ae-bb8a-bbdf64e79988",
"Attribute": [
{
"category": "Payload delivery",
"comment": "",
"deleted": false,
"disable_correlation": true,
"object_relation": "filename",
"timestamp": "1550351897",
"to_ids": false,
"type": "filename",
"uuid": "ef79b65e-6e26-4312-8c7e-012a04080c37",
"value": "users\\aetadzjz\\appdata\\roaming\\n9oo5pxpbyku.bat"
},
{
"category": "Other",
"comment": "",
"deleted": false,
"disable_correlation": false,
"object_relation": "fullpath",
"timestamp": "1550351897",
"to_ids": false,
"type": "text",
"uuid": "e111a270-d02b-4745-a4f0-f7ebace098ff",
"value": "%APPDATA%\\n9oo5pxpbyku.bat"
},
{
"category": "Other",
"comment": "",
"deleted": false,
"disable_correlation": true,
"object_relation": "path",
"timestamp": "1550351897",
"to_ids": false,
"type": "text",
"uuid": "0185ab35-c474-45a8-b8f5-5e8f2dc22504",
"value": "users\\aetadzjz\\appdata\\roaming\\n9oo5pxpbyku.bat"
}
]
},
{
"comment": "",
"deleted": false,
"description": "File object describing a file with meta-information",
"meta-category": "file",
"name": "file",
"template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215",
"template_version": "16",
"timestamp": "1550351897",
"uuid": "54a84dcf-3588-458f-a3d9-5ce8629e89e2",
"Attribute": [
{
"category": "Payload delivery",
"comment": "",
"deleted": false,
"disable_correlation": true,
"object_relation": "filename",
"timestamp": "1550351897",
"to_ids": false,
"type": "filename",
"uuid": "1ec93b9a-29b3-4278-9615-e1a41558d172",
"value": "windows\\system32\\windowspowershell\\v1.0\\getevent.types.ps1xml"
},
{
"category": "Other",
"comment": "",
"deleted": false,
"disable_correlation": false,
"object_relation": "fullpath",
"timestamp": "1550351897",
"to_ids": false,
"type": "text",
"uuid": "b3d4b172-430f-442c-a4e9-cfd35c8c576e",
"value": "%WINDIR%\\system32\\windowspowershell\\v1.0\\getevent.types.ps1xml"
},
{
"category": "Other",
"comment": "",
"deleted": false,
"disable_correlation": true,
"object_relation": "path",
"timestamp": "1550351897",
"to_ids": false,
"type": "text",
"uuid": "6e7f414a-4f32-4de9-b1c6-41b1c14a3aa1",
"value": "windows\\system32\\windowspowershell\\v1.0\\getevent.types.ps1xml"
}
]
},
{
"comment": "",
"deleted": false,
"description": "File object describing a file with meta-information",
"meta-category": "file",
"name": "file",
"template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215",
"template_version": "16",
"timestamp": "1550351897",
"uuid": "15e00eb8-9c77-47af-b71e-b15c945791fe",
"Attribute": [
{
"category": "Payload delivery",
"comment": "",
"deleted": false,
"disable_correlation": true,
"object_relation": "filename",
"timestamp": "1550351897",
"to_ids": false,
"type": "filename",
"uuid": "9991d5f1-e4ff-4829-8128-174e9f6c0653",
"value": "windows\\microsoft.net\\framework64\\v2.0.50727\\config\\machine.config"
},
{
"category": "Other",
"comment": "",
"deleted": false,
"disable_correlation": false,
"object_relation": "fullpath",
"timestamp": "1550351897",
"to_ids": false,
"type": "text",
"uuid": "5f11b770-1cb9-461c-a755-cfd619ca07e1",
"value": "%WINDIR%\\microsoft.net\\framework64\\v2.0.50727\\config\\machine.config"
},
{
"category": "Other",
"comment": "",
"deleted": false,
"disable_correlation": true,
"object_relation": "path",
"timestamp": "1550351897",
"to_ids": false,
"type": "text",
"uuid": "aca6749e-5eb0-441e-9d54-9aca74306faf",
"value": "windows\\microsoft.net\\framework64\\v2.0.50727\\config\\machine.config"
}
]
},
{
"comment": "",
"deleted": false,
"description": "Registry key object describing a Windows registry key with value and last-modified timestamp",
"meta-category": "file",
"name": "registry-key",
"template_uuid": "8b3228ad-6d82-4fe6-b2ae-05426308f1d5",
"template_version": "4",
"timestamp": "1550351897",
"uuid": "5776026d-9220-4878-ae0d-3afdf6bd6194",
"Attribute": [
{
"category": "Other",
"comment": "",
"deleted": false,
"disable_correlation": true,
"object_relation": "hive",
"timestamp": "1550351898",
"to_ids": false,
"type": "text",
"uuid": "482684c0-1bf5-4b6c-8072-0928894b98d7",
"value": "HKEY_CURRENT_USER"
}
]
},
{
"comment": "",
"deleted": false,
"description": "Network socket object describes a local or remote network connections based on the socket data structure.",
"meta-category": "network",
"name": "network-socket",
"template_uuid": "48bbfd72-ef8e-4649-b14d-41b4b5a0eba2",
"template_version": "1",
"timestamp": "1550351898",
"uuid": "eb012044-6124-4b96-8c56-690824570580",
"ObjectReference": [
{
"comment": "",
"object_uuid": "eb012044-6124-4b96-8c56-690824570580",
"referenced_uuid": "5f8ceee8-e144-42b8-bac5-35d7719be983",
chg: [feed] added
2023-04-21 13:25:09 +00:00
"relationship_type": "contains",
chg: [gen] updated
2023-12-14 14:30:15 +00:00
"timestamp": "1550351914",
"uuid": "5c687e2a-437c-4c0e-814f-418902de0b81"
}
],
"Attribute": [
{
"category": "Network activity",
"comment": "",
"deleted": false,
"disable_correlation": false,
"object_relation": "ip-dst",
"timestamp": "1550351898",
"to_ids": false,
"type": "ip-dst",
"uuid": "e70d7790-643a-414f-bd05-fb52dadea184",
"value": "51.38.150.171"
},
{
"category": "Network activity",
"comment": "",
"deleted": false,
"disable_correlation": false,
"object_relation": "dst-port",
"timestamp": "1550351898",
"to_ids": false,
"type": "port",
"uuid": "4d3dbb6a-1075-4f71-a9ef-f0595539be10",
"value": "443"
}
]
},
{
"comment": "",
"deleted": false,
"description": "File object describing a file with meta-information",
"meta-category": "file",
"name": "file",
"template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215",
"template_version": "16",
"timestamp": "1550351898",
"uuid": "1a2c35db-7775-41b8-88cc-e83025d0125c",
"Attribute": [
{
"category": "Payload delivery",
"comment": "",
"deleted": false,
"disable_correlation": true,
"object_relation": "filename",
"timestamp": "1550351898",
"to_ids": false,
"type": "filename",
"uuid": "bf2ce2f6-984f-4aef-9c55-002c6d7e670b",
"value": "windows\\system32\\windowspowershell\\v1.0\\getevent.types.ps1xml"
},
{
"category": "Other",
"comment": "",
"deleted": false,
"disable_correlation": false,
"object_relation": "fullpath",
"timestamp": "1550351898",
"to_ids": false,
"type": "text",
"uuid": "4725a8c1-83f8-40a9-a724-67613e20831c",
"value": "%WINDIR%\\system32\\windowspowershell\\v1.0\\getevent.types.ps1xml"
},
{
"category": "Other",
"comment": "",
"deleted": false,
"disable_correlation": true,
"object_relation": "path",
"timestamp": "1550351898",
"to_ids": false,
"type": "text",
"uuid": "a547f901-da10-4320-95af-721573374741",
"value": "windows\\system32\\windowspowershell\\v1.0\\getevent.types.ps1xml"
}
]
},
{
"comment": "",
"deleted": false,
"description": "File object describing a file with meta-information",
"meta-category": "file",
"name": "file",
"template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215",
"template_version": "16",
"timestamp": "1550351898",
"uuid": "3d1557ba-a402-4dbb-b600-c029a70d2f86",
"Attribute": [
{
"category": "Payload delivery",
"comment": "",
"deleted": false,
"disable_correlation": true,
"object_relation": "filename",
"timestamp": "1550351898",
"to_ids": false,
"type": "filename",
"uuid": "a04151e1-29c4-4e85-85e3-f889b24ec399",
"value": "windows\\microsoft.net\\framework64\\v2.0.50727\\config\\machine.config"
},
{
"category": "Other",
"comment": "",
"deleted": false,
"disable_correlation": false,
"object_relation": "fullpath",
"timestamp": "1550351898",
"to_ids": false,
"type": "text",
"uuid": "7ae086c9-0c3f-40b9-887a-5c9e77cf6e51",
"value": "%WINDIR%\\microsoft.net\\framework64\\v2.0.50727\\config\\machine.config"
},
{
"category": "Other",
"comment": "",
"deleted": false,
"disable_correlation": true,
"object_relation": "path",
"timestamp": "1550351898",
"to_ids": false,
"type": "text",
"uuid": "af05c737-cd65-4160-8063-2fc38fbceabf",
"value": "windows\\microsoft.net\\framework64\\v2.0.50727\\config\\machine.config"
}
]
},
{
"comment": "",
"deleted": false,
"description": "Registry key object describing a Windows registry key with value and last-modified timestamp",
"meta-category": "file",
"name": "registry-key",
"template_uuid": "8b3228ad-6d82-4fe6-b2ae-05426308f1d5",
"template_version": "4",
"timestamp": "1550351898",
"uuid": "df73e3cc-c5a4-4e81-9222-80f55e6cd9e3",
"Attribute": [
{
"category": "Other",
"comment": "",
"deleted": false,
"disable_correlation": true,
"object_relation": "hive",
"timestamp": "1550351898",
"to_ids": false,
"type": "text",
"uuid": "0cad5055-f84a-414c-8c8a-5c1cc86617fb",
"value": "HKEY_CURRENT_USER"
}
]
},
{
"comment": "",
"deleted": false,
"description": "Registry key object describing a Windows registry key with value and last-modified timestamp",
"meta-category": "file",
"name": "registry-key",
"template_uuid": "8b3228ad-6d82-4fe6-b2ae-05426308f1d5",
"template_version": "4",
"timestamp": "1550351898",
"uuid": "b90ef13c-4165-4108-adc3-53234995361a",
"Attribute": [
{
"category": "Other",
"comment": "",
"deleted": false,
"disable_correlation": true,
"object_relation": "hive",
"timestamp": "1550351898",
"to_ids": false,
"type": "text",
"uuid": "ac9dec09-94a9-46bb-a899-951e56ed88f4",
"value": "HKEY_CURRENT_USER"
}
]
},
{
"comment": "",
"deleted": false,
"description": "Network socket object describes a local or remote network connections based on the socket data structure.",
"meta-category": "network",
"name": "network-socket",
"template_uuid": "48bbfd72-ef8e-4649-b14d-41b4b5a0eba2",
"template_version": "1",
"timestamp": "1550351898",
"uuid": "6237df85-dc61-44f2-8119-fb59591a9b22",
"ObjectReference": [
{
"comment": "",
"object_uuid": "6237df85-dc61-44f2-8119-fb59591a9b22",
"referenced_uuid": "09d3b623-b0fd-4d24-82d3-54f083bb737a",
chg: [feed] added
2023-04-21 13:25:09 +00:00
"relationship_type": "contains",
chg: [gen] updated
2023-12-14 14:30:15 +00:00
"timestamp": "1550351914",
"uuid": "5c687e2a-1284-4efa-b46a-4d9c02de0b81"
}
],
"Attribute": [
{
"category": "Network activity",
"comment": "",
"deleted": false,
"disable_correlation": false,
"object_relation": "ip-dst",
"timestamp": "1550351898",
"to_ids": false,
"type": "ip-dst",
"uuid": "234fab5a-83d2-4cbe-bd6f-548baf670191",
"value": "185.10.68.189"
},
{
"category": "Network activity",
"comment": "",
"deleted": false,
"disable_correlation": false,
"object_relation": "dst-port",
"timestamp": "1550351898",
"to_ids": false,
"type": "port",
"uuid": "2a74206d-6b31-48c4-9bdf-ac2b4ffcd02b",
"value": "443"
}
]
},
{
"comment": "",
"deleted": false,
"description": "File object describing a file with meta-information",
"meta-category": "file",
"name": "file",
"template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215",
"template_version": "16",
"timestamp": "1550351898",
"uuid": "c506a7b6-efe2-4710-969f-5f5b055eaa1a",
"Attribute": [
{
"category": "Payload delivery",
"comment": "",
"deleted": false,
"disable_correlation": true,
"object_relation": "filename",
"timestamp": "1550351898",
"to_ids": false,
"type": "filename",
"uuid": "88279a20-5340-42b9-b460-9d9f0991639b",
"value": "users\\aetadzjz\\appdata\\roaming\\temp.txt"
},
{
"category": "Other",
"comment": "",
"deleted": false,
"disable_correlation": false,
"object_relation": "fullpath",
"timestamp": "1550351898",
"to_ids": false,
"type": "text",
"uuid": "ac522148-2e78-439e-8ac1-db60b6f97ff7",
"value": "%APPDATA%\\temp.txt"
},
{
"category": "Other",
"comment": "",
"deleted": false,
"disable_correlation": true,
"object_relation": "path",
"timestamp": "1550351898",
"to_ids": false,
"type": "text",
"uuid": "b63e2178-6d20-4316-afdb-6a18c0bab7de",
"value": "users\\aetadzjz\\appdata\\roaming\\temp.txt"
}
]
},
{
"comment": "",
"deleted": false,
"description": "File object describing a file with meta-information",
"meta-category": "file",
"name": "file",
"template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215",
"template_version": "16",
"timestamp": "1550351898",
"uuid": "ed5b3977-3470-446e-a6f0-af41b68e5353",
"Attribute": [
{
"category": "Payload delivery",
"comment": "",
"deleted": false,
"disable_correlation": true,
"object_relation": "filename",
"timestamp": "1550351898",
"to_ids": false,
"type": "filename",
"uuid": "cffc5a6b-83e6-4f44-9021-7094600d40c0",
"value": "users\\aetadzjz\\appdata\\roaming\\7cixmlowr4y2f.bat"
},
{
"category": "Other",
"comment": "",
"deleted": false,
"disable_correlation": false,
"object_relation": "fullpath",
"timestamp": "1550351898",
"to_ids": false,
"type": "text",
"uuid": "d32d4bb8-02e3-4c71-8345-af7a733d232e",
"value": "%APPDATA%\\7cixmlowr4y2f.bat"
},
{
"category": "Other",
"comment": "",
"deleted": false,
"disable_correlation": true,
"object_relation": "path",
"timestamp": "1550351898",
"to_ids": false,
"type": "text",
"uuid": "16bc776f-0c26-4112-a0e9-7492e9724007",
"value": "users\\aetadzjz\\appdata\\roaming\\7cixmlowr4y2f.bat"
}
]
},
{
"comment": "",
"deleted": false,
"description": "File object describing a file with meta-information",
"meta-category": "file",
"name": "file",
"template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215",
"template_version": "16",
"timestamp": "1550351898",
"uuid": "8db13a1c-440f-41aa-92a6-41dc534e4efd",
"Attribute": [
{
"category": "Payload delivery",
"comment": "",
"deleted": false,
"disable_correlation": true,
"object_relation": "filename",
"timestamp": "1550351898",
"to_ids": false,
"type": "filename",
"uuid": "38af5538-4312-4ecd-821f-5e2f96edb5c2",
"value": "windows\\microsoft.net\\framework64\\v2.0.50727\\config\\machine.config"
},
{
"category": "Other",
"comment": "",
"deleted": false,
"disable_correlation": false,
"object_relation": "fullpath",
"timestamp": "1550351898",
"to_ids": false,
"type": "text",
"uuid": "c4570710-bbac-4281-a6d7-d9b7a7e56de4",
"value": "%WINDIR%\\microsoft.net\\framework64\\v2.0.50727\\config\\machine.config"
},
{
"category": "Other",
"comment": "",
"deleted": false,
"disable_correlation": true,
"object_relation": "path",
"timestamp": "1550351898",
"to_ids": false,
"type": "text",
"uuid": "57f9a523-db11-4180-b26a-bd45307f0e97",
"value": "windows\\microsoft.net\\framework64\\v2.0.50727\\config\\machine.config"
}
]
},
{
"comment": "",
"deleted": false,
"description": "File object describing a file with meta-information",
"meta-category": "file",
"name": "file",
"template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215",
"template_version": "16",
"timestamp": "1550351899",
"uuid": "9521bc93-04e4-4844-9666-a0659854c7d7",
"Attribute": [
{
"category": "Payload delivery",
"comment": "",
"deleted": false,
"disable_correlation": true,
"object_relation": "filename",
"timestamp": "1550351899",
"to_ids": false,
"type": "filename",
"uuid": "9b873744-c86c-487e-a4b3-4e83addefe3f",
"value": "users\\aetadzjz\\appdata\\local\\temp\\d1.doc"
},
{
"category": "Other",
"comment": "",
"deleted": false,
"disable_correlation": false,
"object_relation": "fullpath",
"timestamp": "1550351899",
"to_ids": false,
"type": "text",
"uuid": "f1191468-89d9-4cfb-b37c-ff592de73161",
"value": "%TEMP%\\d1.doc"
},
{
"category": "Other",
"comment": "",
"deleted": false,
"disable_correlation": true,
"object_relation": "path",
"timestamp": "1550351899",
"to_ids": false,
"type": "text",
"uuid": "92fffe01-16b0-45bf-969f-bb9169198d40",
"value": "users\\aetadzjz\\appdata\\local\\temp\\d1.doc"
}
]
},
{
"comment": "",
"deleted": false,
"description": "Registry key object describing a Windows registry key with value and last-modified timestamp",
"meta-category": "file",
"name": "registry-key",
"template_uuid": "8b3228ad-6d82-4fe6-b2ae-05426308f1d5",
"template_version": "4",
"timestamp": "1550351899",
"uuid": "81e50c7c-f333-4e67-aedf-775eec9a4fe1",
"Attribute": [
{
"category": "Other",
"comment": "",
"deleted": false,
"disable_correlation": true,
"object_relation": "hive",
"timestamp": "1550351899",
"to_ids": false,
"type": "text",
"uuid": "f3da37f7-bb64-4157-b600-dd51c9c52de1",
"value": "HKEY_CURRENT_USER"
}
]
},
{
"comment": "",
"deleted": false,
"description": "File object describing a file with meta-information",
"meta-category": "file",
"name": "file",
"template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215",
"template_version": "16",
"timestamp": "1550351899",
"uuid": "26856757-3649-4363-b5a9-68030b721470",
"Attribute": [
{
"category": "Payload delivery",
"comment": "",
"deleted": false,
"disable_correlation": true,
"object_relation": "filename",
"timestamp": "1550351899",
"to_ids": false,
"type": "filename",
"uuid": "228324c3-943b-4a89-87df-08422f77f857",
"value": "windows\\system32\\windowspowershell\\v1.0\\getevent.types.ps1xml"
},
{
"category": "Other",
"comment": "",
"deleted": false,
"disable_correlation": false,
"object_relation": "fullpath",
"timestamp": "1550351899",
"to_ids": false,
"type": "text",
"uuid": "23d2f358-65a5-4fb1-a48f-bb6661c9c212",
"value": "%WINDIR%\\system32\\windowspowershell\\v1.0\\getevent.types.ps1xml"
},
{
"category": "Other",
"comment": "",
"deleted": false,
"disable_correlation": true,
"object_relation": "path",
"timestamp": "1550351899",
"to_ids": false,
"type": "text",
"uuid": "556e5880-58e5-40cf-95a3-04a38f6d7716",
"value": "windows\\system32\\windowspowershell\\v1.0\\getevent.types.ps1xml"
}
]
},
{
"comment": "",
"deleted": false,
"description": "File object describing a file with meta-information",
"meta-category": "file",
"name": "file",
"template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215",
"template_version": "16",
"timestamp": "1550351899",
"uuid": "b6f3370e-44ff-4d65-887c-3ade077174a8",
"Attribute": [
{
"category": "Payload delivery",
"comment": "",
"deleted": false,
"disable_correlation": true,
"object_relation": "filename",
"timestamp": "1550351899",
"to_ids": false,
"type": "filename",
"uuid": "99419a50-6928-4935-b75a-b97c1aade26f",
"value": "windows\\microsoft.net\\framework64\\v2.0.50727\\config\\machine.config"
},
{
"category": "Other",
"comment": "",
"deleted": false,
"disable_correlation": false,
"object_relation": "fullpath",
"timestamp": "1550351899",
"to_ids": false,
"type": "text",
"uuid": "2ee445e7-4cf8-48ed-9220-7f36d9b6859c",
"value": "%WINDIR%\\microsoft.net\\framework64\\v2.0.50727\\config\\machine.config"
},
{
"category": "Other",
"comment": "",
"deleted": false,
"disable_correlation": true,
"object_relation": "path",
"timestamp": "1550351899",
"to_ids": false,
"type": "text",
"uuid": "4dfd289f-edd3-448c-ba77-da4d5c93f028",
"value": "windows\\microsoft.net\\framework64\\v2.0.50727\\config\\machine.config"
}
]
},
{
"comment": "",
"deleted": false,
"description": "Registry key object describing a Windows registry key with value and last-modified timestamp",
"meta-category": "file",
"name": "registry-key",
"template_uuid": "8b3228ad-6d82-4fe6-b2ae-05426308f1d5",
"template_version": "4",
"timestamp": "1550351899",
"uuid": "45dac7ec-362e-49e2-a6ab-8d55e4d08276",
"Attribute": [
{
"category": "Other",
"comment": "",
"deleted": false,
"disable_correlation": true,
"object_relation": "hive",
"timestamp": "1550351899",
"to_ids": false,
"type": "text",
"uuid": "b0e51f9d-f796-401f-894b-48ca55756e46",
"value": "HKEY_CURRENT_USER"
}
]
},
{
"comment": "",
"deleted": false,
"description": "File object describing a file with meta-information",
"meta-category": "file",
"name": "file",
"template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215",
"template_version": "16",
"timestamp": "1550351899",
"uuid": "19c24c8e-9e77-470f-9f9f-a835a3631685",
"Attribute": [
{
"category": "Payload delivery",
"comment": "",
"deleted": false,
"disable_correlation": true,
"object_relation": "filename",
"timestamp": "1550351899",
"to_ids": false,
"type": "filename",
"uuid": "c0a3ec2d-c5fc-40e7-92c1-abd8425fa1d5",
"value": "users\\aetadzjz\\appdata\\roaming\\temp.txt"
},
{
"category": "Other",
"comment": "",
"deleted": false,
"disable_correlation": false,
"object_relation": "fullpath",
"timestamp": "1550351899",
"to_ids": false,
"type": "text",
"uuid": "2ccae5b4-1153-45b7-8cbe-6e20434f1fe6",
"value": "%APPDATA%\\temp.txt"
},
{
"category": "Other",
"comment": "",
"deleted": false,
"disable_correlation": true,
"object_relation": "path",
"timestamp": "1550351899",
"to_ids": false,
"type": "text",
"uuid": "928c938a-131a-4010-9af1-5befa7621de1",
"value": "users\\aetadzjz\\appdata\\roaming\\temp.txt"
}
]
},
{
"comment": "",
"deleted": false,
"description": "File object describing a file with meta-information",
"meta-category": "file",
"name": "file",
"template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215",
"template_version": "16",
"timestamp": "1550351899",
"uuid": "9135f0d8-5dd2-4677-afc4-51f1488e9517",
"Attribute": [
{
"category": "Payload delivery",
"comment": "",
"deleted": false,
"disable_correlation": true,
"object_relation": "filename",
"timestamp": "1550351899",
"to_ids": false,
"type": "filename",
"uuid": "c5d1ab48-4cdb-4723-b304-6e52cb97347b",
"value": "users\\aetadzjz\\appdata\\roaming\\zxtlzequ7lyb.bat"
},
{
"category": "Other",
"comment": "",
"deleted": false,
"disable_correlation": false,
"object_relation": "fullpath",
"timestamp": "1550351899",
"to_ids": false,
"type": "text",
"uuid": "dcc8a011-a7d9-4c96-a367-60dd4e327b97",
"value": "%APPDATA%\\zxtlzequ7lyb.bat"
},
{
"category": "Other",
"comment": "",
"deleted": false,
"disable_correlation": true,
"object_relation": "path",
"timestamp": "1550351899",
"to_ids": false,
"type": "text",
"uuid": "57b5066f-c692-4e46-a35b-b1f50c4a9f27",
"value": "users\\aetadzjz\\appdata\\roaming\\zxtlzequ7lyb.bat"
}
]
},
{
"comment": "",
"deleted": false,
"description": "File object describing a file with meta-information",
"meta-category": "file",
"name": "file",
"template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215",
"template_version": "16",
"timestamp": "1550351899",
"uuid": "e0ccc2c6-f993-477f-8c05-29bc1ae627c6",
"Attribute": [
{
"category": "Payload delivery",
"comment": "",
"deleted": false,
"disable_correlation": true,
"object_relation": "filename",
"timestamp": "1550351899",
"to_ids": false,
"type": "filename",
"uuid": "b22b180c-7272-44ba-8caf-20a32313bc25",
"value": "windows\\microsoft.net\\framework64\\v2.0.50727\\config\\machine.config"
},
{
"category": "Other",
"comment": "",
"deleted": false,
"disable_correlation": false,
"object_relation": "fullpath",
"timestamp": "1550351899",
"to_ids": false,
"type": "text",
"uuid": "2c4df032-8641-4962-b524-144d0d2a63fb",
"value": "%WINDIR%\\microsoft.net\\framework64\\v2.0.50727\\config\\machine.config"
},
{
"category": "Other",
"comment": "",
"deleted": false,
"disable_correlation": true,
"object_relation": "path",
"timestamp": "1550351899",
"to_ids": false,
"type": "text",
"uuid": "760db7a8-5589-44f4-998a-ffe84ee18857",
"value": "windows\\microsoft.net\\framework64\\v2.0.50727\\config\\machine.config"
}
]
},
{
"comment": "",
"deleted": false,
"description": "File object describing a file with meta-information",
"meta-category": "file",
"name": "file",
"template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215",
"template_version": "16",
"timestamp": "1550351899",
"uuid": "986b61a3-779e-49e4-94d0-f04e5546c9a8",
"Attribute": [
{
"category": "Payload delivery",
"comment": "",
"deleted": false,
"disable_correlation": true,
"object_relation": "filename",
"timestamp": "1550351899",
"to_ids": false,
"type": "filename",
"uuid": "6b806ce6-cdbf-486d-b116-d76821198e5d",
"value": "users\\aetadzjz\\appdata\\local\\temp\\d1.doc"
},
{
"category": "Other",
"comment": "",
"deleted": false,
"disable_correlation": false,
"object_relation": "fullpath",
"timestamp": "1550351899",
"to_ids": false,
"type": "text",
"uuid": "001cdfe3-4e8c-4602-b17a-7be41a9baca6",
"value": "%TEMP%\\d1.doc"
},
{
"category": "Other",
"comment": "",
"deleted": false,
"disable_correlation": true,
"object_relation": "path",
"timestamp": "1550351899",
"to_ids": false,
"type": "text",
"uuid": "ed8523b6-8355-4c5b-9ab4-e02c9685776a",
"value": "users\\aetadzjz\\appdata\\local\\temp\\d1.doc"
}
]
},
{
"comment": "",
"deleted": false,
"description": "Registry key object describing a Windows registry key with value and last-modified timestamp",
"meta-category": "file",
"name": "registry-key",
"template_uuid": "8b3228ad-6d82-4fe6-b2ae-05426308f1d5",
"template_version": "4",
"timestamp": "1550351899",
"uuid": "4d0ffbfc-0be3-4499-a722-4b64db129025",
"Attribute": [
{
"category": "Other",
"comment": "",
"deleted": false,
"disable_correlation": true,
"object_relation": "hive",
"timestamp": "1550351900",
"to_ids": false,
"type": "text",
"uuid": "f34fa302-8880-435b-bd5f-e96aa7774167",
"value": "HKEY_CURRENT_USER"
}
]
},
{
"comment": "",
"deleted": false,
"description": "File object describing a file with meta-information",
"meta-category": "file",
"name": "file",
"template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215",
"template_version": "16",
"timestamp": "1550351900",
"uuid": "d9b95f52-efdd-4083-abaa-20bf42be135a",
"Attribute": [
{
"category": "Payload delivery",
"comment": "",
"deleted": false,
"disable_correlation": true,
"object_relation": "filename",
"timestamp": "1550351900",
"to_ids": false,
"type": "filename",
"uuid": "3a05fb8e-9ba5-45bb-925d-e0ef4c955323",
"value": "windows\\system32\\windowspowershell\\v1.0\\getevent.types.ps1xml"
},
{
"category": "Other",
"comment": "",
"deleted": false,
"disable_correlation": false,
"object_relation": "fullpath",
"timestamp": "1550351900",
"to_ids": false,
"type": "text",
"uuid": "36e8e14c-c2fe-4b61-9a42-c870f6aef9ae",
"value": "%WINDIR%\\system32\\windowspowershell\\v1.0\\getevent.types.ps1xml"
},
{
"category": "Other",
"comment": "",
"deleted": false,
"disable_correlation": true,
"object_relation": "path",
"timestamp": "1550351900",
"to_ids": false,
"type": "text",
"uuid": "4faf9bac-d493-44e6-ab93-d8214b23f26f",
"value": "windows\\system32\\windowspowershell\\v1.0\\getevent.types.ps1xml"
}
]
},
{
"comment": "",
"deleted": false,
"description": "File object describing a file with meta-information",
"meta-category": "file",
"name": "file",
"template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215",
"template_version": "16",
"timestamp": "1550351900",
"uuid": "3e0e85ee-ceb1-442e-a652-351e691cfc60",
"Attribute": [
{
"category": "Payload delivery",
"comment": "",
"deleted": false,
"disable_correlation": true,
"object_relation": "filename",
"timestamp": "1550351900",
"to_ids": false,
"type": "filename",
"uuid": "0b3afe11-d6c9-4c46-a26e-731a0d676c07",
"value": "windows\\microsoft.net\\framework64\\v2.0.50727\\config\\machine.config"
},
{
"category": "Other",
"comment": "",
"deleted": false,
"disable_correlation": false,
"object_relation": "fullpath",
"timestamp": "1550351900",
"to_ids": false,
"type": "text",
"uuid": "fc82c005-da14-486d-9814-17f6c3ea5ba2",
"value": "%WINDIR%\\microsoft.net\\framework64\\v2.0.50727\\config\\machine.config"
},
{
"category": "Other",
"comment": "",
"deleted": false,
"disable_correlation": true,
"object_relation": "path",
"timestamp": "1550351900",
"to_ids": false,
"type": "text",
"uuid": "8587bf98-0811-4078-8e1d-1c633b088f05",
"value": "windows\\microsoft.net\\framework64\\v2.0.50727\\config\\machine.config"
}
]
},
{
"comment": "",
"deleted": false,
"description": "Registry key object describing a Windows registry key with value and last-modified timestamp",
"meta-category": "file",
"name": "registry-key",
"template_uuid": "8b3228ad-6d82-4fe6-b2ae-05426308f1d5",
"template_version": "4",
"timestamp": "1550351900",
"uuid": "2c56936f-2ddc-4102-ba4a-153ec9a0dad2",
"Attribute": [
{
"category": "Other",
"comment": "",
"deleted": false,
"disable_correlation": true,
"object_relation": "hive",
"timestamp": "1550351900",
"to_ids": false,
"type": "text",
"uuid": "6328372c-bc6f-4a90-80a7-66661f4ee618",
"value": "HKEY_CURRENT_USER"
}
]
},
{
"comment": "",
"deleted": false,
"description": "Registry key object describing a Windows registry key with value and last-modified timestamp",
"meta-category": "file",
"name": "registry-key",
"template_uuid": "8b3228ad-6d82-4fe6-b2ae-05426308f1d5",
"template_version": "4",
"timestamp": "1550351900",
"uuid": "8e656cc6-482e-4952-869a-6cba4d726f83",
"Attribute": [
{
"category": "Other",
"comment": "",
"deleted": false,
"disable_correlation": true,
"object_relation": "hive",
"timestamp": "1550351900",
"to_ids": false,
"type": "text",
"uuid": "6b89dfe6-f1db-4b90-84e4-50aa7134f316",
"value": "HKEY_CURRENT_USER"
}
]
},
{
"comment": "",
"deleted": false,
"description": "Passive DNS records as expressed in draft-dulaunoy-dnsop-passive-dns-cof-01",
"meta-category": "network",
"name": "passive-dns",
"template_uuid": "b77b7b1c-66ab-4a41-8da4-83810f6d2d6c",
"template_version": "3",
"timestamp": "1550351900",
"uuid": "6f35cd0b-d6ac-44f0-919b-80a383c946ef",
"Attribute": [
{
"category": "Other",
"comment": "",
"deleted": false,
"disable_correlation": false,
"object_relation": "rrname",
"timestamp": "1550351900",
"to_ids": false,
"type": "text",
"uuid": "2d024c94-8f4a-47fe-94fb-fb4431bb1389",
"value": "amf-fr.org"
},
{
"category": "Other",
"comment": "",
"deleted": false,
"disable_correlation": false,
"object_relation": "rdata",
"timestamp": "1550351900",
"to_ids": false,
"type": "text",
"uuid": "3237e515-6140-472e-8a40-93f356d7b187",
"value": "51.38.150.171"
},
{
"category": "Other",
"comment": "",
"deleted": false,
"disable_correlation": true,
"object_relation": "rrtype",
"timestamp": "1550351900",
"to_ids": false,
"type": "text",
"uuid": "480b18ce-e416-4a1d-8af4-01acd3667f93",
"value": "A"
}
]
},
{
"comment": "",
"deleted": false,
"description": "Object describing the original file used to import data in MISP.",
"meta-category": "file",
"name": "original-imported-file",
"template_uuid": "4cd560e9-2cfe-40a1-9964-7b2e797ecac5",
"template_version": "2",
"timestamp": "1550351914",
"uuid": "5c687e2a-e898-40f8-b69b-4bb402de0b81",
"Attribute": [
{
"category": "External analysis",
"comment": "",
"data": "PHN0aXg6U1RJWF9QYWNrYWdlIHhtbG5zOkFkZHJlc3NPYmo9Imh0dHA6Ly9jeWJveC5taXRyZS5vcmcvb2JqZWN0cyNBZGRyZXNzT2JqZWN0LTIiIHhtbG5zOkN1c3RvbU9iaj0iaHR0cDovL2N5Ym94Lm1pdHJlLm9yZy9vYmplY3RzI0N1c3RvbU9iamVjdC0xIiB4bWxuczpETlNSZWNvcmRPYmo9Imh0dHA6Ly9jeWJveC5taXRyZS5vcmcvb2JqZWN0cyNETlNSZWNvcmRPYmplY3QtMiIgeG1sbnM6RmlsZU9iaj0iaHR0cDovL2N5Ym94Lm1pdHJlLm9yZy9vYmplY3RzI0ZpbGVPYmplY3QtMiIgeG1sbnM6TXV0ZXhPYmo9Imh0dHA6Ly9jeWJveC5taXRyZS5vcmcvb2JqZWN0cyNNdXRleE9iamVjdC0yIiB4bWxuczpOZXR3b3JrU29ja2V0T2JqPSJodHRwOi8vY3lib3gubWl0cmUub3JnL29iamVjdHMjTmV0d29ya1NvY2tldE9iamVjdC0yIiB4bWxuczpQb3J0T2JqPSJodHRwOi8vY3lib3gubWl0cmUub3JnL29iamVjdHMjUG9ydE9iamVjdC0yIiB4bWxuczpQcm9jZXNzT2JqPSJodHRwOi8vY3lib3gubWl0cmUub3JnL29iamVjdHMjUHJvY2Vzc09iamVjdC0yIiB4bWxuczpTb2NrZXRBZGRyZXNzT2JqPSJodHRwOi8vY3lib3gubWl0cmUub3JnL29iamVjdHMjU29ja2V0QWRkcmVzc09iamVjdC0xIiB4bWxuczpVUklPYmo9Imh0dHA6Ly9jeWJveC5taXRyZS5vcmcvb2JqZWN0cyNVUklPYmplY3QtMiIgeG1sbnM6Vk1SYXlBbmFseXplcj0iaHR0cDovL3ZtcmF5LmNvbS9hbmFseXplciIgeG1sbnM6V2luUmVnaXN0cnlLZXlPYmo9Imh0dHA6Ly9jeWJveC5taXRyZS5vcmcvb2JqZWN0cyNXaW5SZWdpc3RyeUtleU9iamVjdC0yIiB4bWxuczpjeWJveD0iaHR0cDovL2N5Ym94Lm1pdHJlLm9yZy9jeWJveC0yIiB4bWxuczpjeWJveENvbW1vbj0iaHR0cDovL2N5Ym94Lm1pdHJlLm9yZy9jb21tb24tMiIgeG1sbnM6Y3lib3hWb2NhYnM9Imh0dHA6Ly9jeWJveC5taXRyZS5vcmcvZGVmYXVsdF92b2NhYnVsYXJpZXMtMiIgeG1sbnM6aW5kaWNhdG9yPSJodHRwOi8vc3RpeC5taXRyZS5vcmcvSW5kaWNhdG9yLTIiIHhtbG5zOnN0aXg9Imh0dHA6Ly9zdGl4Lm1pdHJlLm9yZy9zdGl4LTEiIHhtbG5zOnN0aXhDb21tb249Imh0dHA6Ly9zdGl4Lm1pdHJlLm9yZy9jb21tb24tMSIgeG1sbnM6c3RpeFZvY2Ficz0iaHR0cDovL3N0aXgubWl0cmUub3JnL2RlZmF1bHRfdm9jYWJ1bGFyaWVzLTEiIHhtbG5zOnR0cD0iaHR0cDovL3N0aXgubWl0cmUub3JnL1RUUC0xIiB4bWxuczp4c2k9Imh0dHA6Ly93d3cudzMub3JnLzIwMDEvWE1MU2NoZW1hLWluc3RhbmNlIiB4c2k6c2NoZW1hTG9jYXRpb249IiAgaHR0cDovL2N5Ym94Lm1pdHJlLm9yZy9jb21tb24tMiBodHRwOi8vY3lib3gubWl0cmUub3JnL1hNTFNjaGVtYS9jb21tb24vMi4xL2N5Ym94X2NvbW1vbi54c2QgIGh0dHA6Ly9jeWJveC5taXRyZS5vcmcvY3lib3gtMiBodHRwOi8vY3lib3gubWl0cmUub3JnL1hNTFNjaGVtYS9jb3JlLzIuMS9jeWJveF9jb3JlLnhzZCAgaHR0cDovL2N5Ym94Lm1pdHJlLm9yZy9kZWZhdWx0X3ZvY2FidWxhcmllcy0yIGh0dHA6Ly9jeWJveC5taXRyZS5vcmcvWE1MU2NoZW1hL2RlZmF1bHRfdm9jYWJ1bGFyaWVzLzIuMS9jeWJveF9kZWZhdWx0X3ZvY2FidWxhcmllcy54c2QgIGh0dHA6Ly9jeWJveC5taXRyZS5vcmcvb2JqZWN0cyNBZGRyZXNzT2JqZWN0LTIgaHR0cDovL2N5Ym94Lm1pdHJlLm9yZy9YTUxTY2hlbWEvb2JqZWN0cy9BZGRyZXNzLzIuMS9BZGRyZXNzX09iamVjdC54c2QgIGh0dHA6Ly9jeWJveC5taXRyZS5vcmcvb2JqZWN0cyNDdXN0b21PYmplY3QtMSBodHRwOi8vY3lib3gubWl0cmUub3JnL1hNTFNjaGVtYS9vYmplY3RzL0N1c3RvbS8xLjEvQ3VzdG9tX09iamVjdC54c2QgIGh0dHA6Ly9jeWJveC5taXRyZS5vcmcvb2JqZWN0cyNETlNSZWNvcmRPYmplY3QtMiBodHRwOi8vY3lib3gubWl0cmUub3JnL1hNTFNjaGVtYS9vYmplY3RzL0ROU19SZWNvcmQvMi4xL0ROU19SZWNvcmRfT2JqZWN0LnhzZCAgaHR0cDovL2N5Ym94Lm1pdHJlLm9yZy9vYmplY3RzI0ZpbGVPYmplY3QtMiBodHRwOi8vY3lib3gubWl0cmUub3JnL1hNTFNjaGVtYS9vYmplY3RzL0ZpbGUvMi4xL0ZpbGVfT2JqZWN0LnhzZCAgaHR0cDovL2N5Ym94Lm1pdHJlLm9yZy9vYmplY3RzI011dGV4T2JqZWN0LTIgaHR0cDovL2N5Ym94Lm1pdHJlLm9yZy9YTUxTY2hlbWEvb2JqZWN0cy9NdXRleC8yLjEvTXV0ZXhfT2JqZWN0LnhzZCAgaHR0cDovL2N5Ym94Lm1pdHJlLm9yZy9vYmplY3RzI05ldHdvcmtTb2NrZXRPYmplY3QtMiBodHRwOi8vY3lib3gubWl0cmUub3JnL1hNTFNjaGVtYS9vYmplY3RzL05ldHdvcmtfU29ja2V0LzIuMS9OZXR3b3JrX1NvY2tldF9PYmplY3QueHNkICBodHRwOi8vY3lib3gubWl0cmUub3JnL29iamVjdHMjUG9ydE9iamVjdC0yIGh0dHA6Ly9jeWJveC5taXRyZS5vcmcvWE1MU2NoZW1hL29iamVjdHMvUG9ydC8yLjEvUG9ydF9PYmplY3QueHNkICBodHRwOi8vY3lib3gubWl0cmUub3JnL29iamVjdHMjUHJvY2Vzc09iamVjdC0yIGh0dHA6Ly9jeWJveC5taXRyZS5vcmcvWE1MU2NoZW1hL29iamVjdHMvUHJvY2Vzcy8yLjEvUHJvY2Vzc19PYmplY3QueHNkICBodHRwOi8vY3lib3gubWl0cmUub3JnL29iamVjdHMjU29ja2V0QWRkcmVzc09iamVjdC0xIGh0dHA6Ly9jeWJveC5taXRyZS5vcmcvWE1MU2NoZW1hL29iamVjdHMvU29ja2V0X0FkZHJlc3MvMS4xL1NvY2tldF9BZGRyZXNzX09iamVjdC54c2QgIGh0dHA6Ly9jeWJveC5taXRyZS5vcmcvb2JqZWN0cyNVUklPYmplY3QtMiBodHRwOi8vY3lib3gubWl0cmUub3JnL1hNTFNjaGVtYS9vYmplY3RzL1VSSS8yLjEvVVJJX09iamVjdC54c2QgIGh0dHA6Ly9jeWJveC5taXRyZS5vcmcvb2JqZWN0cyNXaW5SZWdpc3RyeUtleU9iamVjdC0yIGh0dHA6Ly9jeWJveC5taXRyZS5vcmcvWE1MU2NoZW1hL29iamVjdHMvV2luX1JlZ2lzdHJ5X0tleS8yLjEvV2luX1JlZ2lzdHJ5X0tleV9PYmplY3QueHNkICBodHRwOi8vc3RpeC5taXRyZS5vcmcvSW5kaWNhdG9yLTIgaHR0cDovL3N0aXgubWl0cmUub3JnL1hNTFNjaGVtYS9pbmRpY2F0b3IvMi4yL2luZGljYX
"deleted": false,
"disable_correlation": true,
"object_relation": "imported-sample",
"timestamp": "1550351914",
"to_ids": false,
"type": "attachment",
"uuid": "5c687e2a-45e8-4d61-9912-425602de0b81",
"value": "stix-report.xml"
},
{
"category": "Other",
"comment": "",
"deleted": false,
"disable_correlation": true,
"object_relation": "format",
"timestamp": "1550351914",
"to_ids": false,
"type": "text",
"uuid": "5c687e2a-1d24-4cb3-b539-4a1402de0b81",
"value": "STIX 1.1"
}
]
},
{
"comment": "",
"deleted": false,
"description": "VirusTotal report",
"meta-category": "misc",
"name": "virustotal-report",
"template_uuid": "d7dd0154-e04f-4c34-a2fb-79f3a3a52aa4",
"template_version": "2",
"timestamp": "1550352119",
"uuid": "3ab643d5-68d0-4408-a644-cdd4da7df4ee",
"Attribute": [
{
"category": "Other",
"comment": "",
"deleted": false,
"disable_correlation": false,
"object_relation": "last-submission",
"timestamp": "1550352119",
"to_ids": false,
"type": "datetime",
"uuid": "eb90d5c1-8be2-4876-8aaf-d90365018ed2",
"value": "2019-02-15T11:14:58"
},
{
"category": "External analysis",
"comment": "",
"deleted": false,
"disable_correlation": false,
"object_relation": "permalink",
"timestamp": "1550352119",
"to_ids": false,
"type": "link",
"uuid": "900a1158-f094-4221-b1a3-b8b07240c9f6",
"value": "https://www.virustotal.com/file/728bbbea8797c5e00a8737ebf6bebfffb3d84f9c86f144963a2940025329c28b/analysis/1550229298/"
},
{
"category": "Other",
"comment": "",
"deleted": false,
"disable_correlation": true,
"object_relation": "detection-ratio",
"timestamp": "1550352119",
"to_ids": false,
"type": "text",
"uuid": "965ad42b-6e53-44b7-82ed-b3642c077ea9",
"value": "33/59"
}
]
}
chg: [feed] added
2023-04-21 13:25:09 +00:00
]
chg: [gen] updated
2023-12-14 14:30:15 +00:00
}
chg: [feed] added
2023-04-21 13:25:09 +00:00
}
Reference in a new issue Copy permalink