2023-04-21 13:25:09 +00:00
|
|
|
{
|
2023-12-14 14:30:15 +00:00
|
|
|
"Event": {
|
|
|
|
"analysis": "1",
|
|
|
|
"date": "2020-03-16",
|
|
|
|
"extends_uuid": "",
|
|
|
|
"info": "OSINT - revengeRAT targeting France",
|
|
|
|
"publish_timestamp": "1585060812",
|
|
|
|
"published": true,
|
|
|
|
"threat_level_id": "3",
|
|
|
|
"timestamp": "1585059006",
|
|
|
|
"uuid": "5e6f3fa2-ed28-484c-97ad-4b9e02de0b81",
|
|
|
|
"Orgc": {
|
|
|
|
"name": "CIRCL",
|
|
|
|
"uuid": "55f6ea5e-2c60-40e5-964f-47a8950d210f"
|
|
|
|
},
|
|
|
|
"Tag": [
|
|
|
|
{
|
|
|
|
"colour": "#0088cc",
|
|
|
|
"local": "0",
|
|
|
|
"name": "misp-galaxy:malpedia=\"Revenge RAT\"",
|
|
|
|
"relationship_type": ""
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"colour": "#0088cc",
|
|
|
|
"local": "0",
|
|
|
|
"name": "misp-galaxy:mitre-attack-pattern=\"Spearphishing Link - T1192\"",
|
|
|
|
"relationship_type": ""
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"colour": "#004646",
|
|
|
|
"local": "0",
|
|
|
|
"name": "type:OSINT",
|
|
|
|
"relationship_type": ""
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"colour": "#0071c3",
|
|
|
|
"local": "0",
|
|
|
|
"name": "osint:lifetime=\"perpetual\"",
|
|
|
|
"relationship_type": ""
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"colour": "#0087e8",
|
|
|
|
"local": "0",
|
|
|
|
"name": "osint:certainty=\"50\"",
|
|
|
|
"relationship_type": ""
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"colour": "#ffffff",
|
|
|
|
"local": "0",
|
|
|
|
"name": "tlp:white",
|
|
|
|
"relationship_type": ""
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"colour": "#001cad",
|
|
|
|
"local": "0",
|
|
|
|
"name": "estimative-language:likelihood-probability=\"very-likely\"",
|
|
|
|
"relationship_type": ""
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"colour": "#0026eb",
|
|
|
|
"local": "0",
|
|
|
|
"name": "estimative-language:confidence-in-analytic-judgment=\"moderate\"",
|
|
|
|
"relationship_type": ""
|
|
|
|
}
|
|
|
|
],
|
|
|
|
"Attribute": [
|
|
|
|
{
|
|
|
|
"category": "Network activity",
|
|
|
|
"comment": "",
|
|
|
|
"deleted": false,
|
|
|
|
"disable_correlation": false,
|
|
|
|
"timestamp": "1584349151",
|
|
|
|
"to_ids": true,
|
|
|
|
"type": "domain",
|
|
|
|
"uuid": "5e6f3fdf-0130-43b6-a63f-491902de0b81",
|
|
|
|
"value": "chezlepepertrtr.xyz"
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"category": "Network activity",
|
|
|
|
"comment": "",
|
|
|
|
"deleted": false,
|
|
|
|
"disable_correlation": false,
|
|
|
|
"timestamp": "1584349153",
|
|
|
|
"to_ids": true,
|
|
|
|
"type": "domain",
|
|
|
|
"uuid": "5e6f3fe1-9fb4-45e2-919a-491d02de0b81",
|
|
|
|
"value": "chezlepertrbhyyrevbtt.xyz"
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"category": "Network activity",
|
|
|
|
"comment": "",
|
|
|
|
"deleted": false,
|
|
|
|
"disable_correlation": false,
|
|
|
|
"timestamp": "1584349153",
|
|
|
|
"to_ids": true,
|
|
|
|
"type": "domain",
|
|
|
|
"uuid": "5e6f3fe1-b334-46c0-8ed7-42be02de0b81",
|
|
|
|
"value": "chez-le-pepere.club"
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"category": "Network activity",
|
|
|
|
"comment": "",
|
|
|
|
"deleted": false,
|
|
|
|
"disable_correlation": false,
|
|
|
|
"timestamp": "1584349153",
|
|
|
|
"to_ids": true,
|
|
|
|
"type": "domain",
|
|
|
|
"uuid": "5e6f3fe1-1734-453a-8b40-47af02de0b81",
|
|
|
|
"value": "chez-le-pepert.xyz"
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"category": "Network activity",
|
|
|
|
"comment": "C2",
|
|
|
|
"deleted": false,
|
|
|
|
"disable_correlation": false,
|
|
|
|
"timestamp": "1584349248",
|
|
|
|
"to_ids": true,
|
|
|
|
"type": "hostname",
|
|
|
|
"uuid": "5e6f4040-d600-40bf-b082-595602de0b81",
|
|
|
|
"value": "lerouteurmegoodvvvv.hopto.org"
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"category": "Payload installation",
|
|
|
|
"comment": "",
|
|
|
|
"deleted": false,
|
|
|
|
"disable_correlation": false,
|
|
|
|
"timestamp": "1584349463",
|
|
|
|
"to_ids": false,
|
|
|
|
"type": "sha256",
|
|
|
|
"uuid": "5e6f4117-d750-4136-9ee8-5ba502de0b81",
|
|
|
|
"value": "fe53c08e692d7ef6bfd379f9f34d48bd1f4b8c1c72c6d8d33d6e9ca234414aa9"
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"category": "Network activity",
|
|
|
|
"comment": "",
|
|
|
|
"deleted": false,
|
|
|
|
"disable_correlation": false,
|
|
|
|
"timestamp": "1585054230",
|
|
|
|
"to_ids": true,
|
|
|
|
"type": "ip-dst",
|
|
|
|
"uuid": "5e7a0216-a6d0-4181-ae1e-48e0950d210f",
|
|
|
|
"value": "105.235.129.138"
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"category": "Network activity",
|
|
|
|
"comment": "",
|
|
|
|
"deleted": false,
|
|
|
|
"disable_correlation": false,
|
|
|
|
"timestamp": "1585054349",
|
|
|
|
"to_ids": true,
|
|
|
|
"type": "hostname",
|
|
|
|
"uuid": "5e7a028d-8d90-47c8-bc09-4ed3950d210f",
|
|
|
|
"value": "froujholaqszeeddd.hopto.org"
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"category": "External analysis",
|
|
|
|
"comment": "",
|
|
|
|
"deleted": false,
|
|
|
|
"disable_correlation": false,
|
|
|
|
"timestamp": "1585054748",
|
|
|
|
"to_ids": false,
|
|
|
|
"type": "link",
|
|
|
|
"uuid": "5e7a041c-7ffc-407f-8723-4eac950d210f",
|
|
|
|
"value": "https://any.run/report/44b6bea1d0693d6c08b3a9c10f06c58bafc4bc43460b4416c213844fe287bae8/57650ad5-408d-47cc-943a-5a3a54c62bbe"
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"category": "External analysis",
|
|
|
|
"comment": "",
|
|
|
|
"deleted": false,
|
|
|
|
"disable_correlation": false,
|
|
|
|
"timestamp": "1585054805",
|
|
|
|
"to_ids": false,
|
|
|
|
"type": "link",
|
|
|
|
"uuid": "5e7a0455-3db0-4c1b-b3f1-4377950d210f",
|
|
|
|
"value": "https://www.bleepingcomputer.com/news/security/attackers-target-govt-and-financial-orgs-with-orcus-revenge-rats/"
|
|
|
|
}
|
|
|
|
],
|
|
|
|
"Object": [
|
|
|
|
{
|
|
|
|
"comment": "",
|
|
|
|
"deleted": false,
|
|
|
|
"description": "File object describing a file with meta-information",
|
|
|
|
"meta-category": "file",
|
|
|
|
"name": "file",
|
|
|
|
"template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215",
|
|
|
|
"template_version": "17",
|
|
|
|
"timestamp": "1584349517",
|
|
|
|
"uuid": "99971e8c-dd3a-4240-87b8-66e91484b41b",
|
|
|
|
"ObjectReference": [
|
|
|
|
{
|
|
|
|
"comment": "",
|
|
|
|
"object_uuid": "99971e8c-dd3a-4240-87b8-66e91484b41b",
|
|
|
|
"referenced_uuid": "0908af08-9b39-4a3f-96d8-d3418f91eb1a",
|
2023-04-21 13:25:09 +00:00
|
|
|
"relationship_type": "analysed-with",
|
2023-12-14 14:30:15 +00:00
|
|
|
"timestamp": "1584349533",
|
|
|
|
"uuid": "5e6f415d-f070-487b-a06d-403c02de0b81"
|
|
|
|
}
|
|
|
|
],
|
|
|
|
"Attribute": [
|
|
|
|
{
|
|
|
|
"category": "Payload installation",
|
|
|
|
"comment": "",
|
|
|
|
"deleted": false,
|
|
|
|
"disable_correlation": false,
|
|
|
|
"object_relation": "md5",
|
|
|
|
"timestamp": "1584349463",
|
|
|
|
"to_ids": true,
|
|
|
|
"type": "md5",
|
|
|
|
"uuid": "f1616c2c-45b0-4f2f-95e1-89835c829b42",
|
|
|
|
"value": "7434cdc8b2e9b33d195a38ce795a06e5"
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"category": "Payload installation",
|
|
|
|
"comment": "",
|
|
|
|
"deleted": false,
|
|
|
|
"disable_correlation": false,
|
|
|
|
"object_relation": "sha1",
|
|
|
|
"timestamp": "1584349463",
|
|
|
|
"to_ids": true,
|
|
|
|
"type": "sha1",
|
|
|
|
"uuid": "fba3cfcc-7f1f-40c6-84fb-82d433971553",
|
|
|
|
"value": "2544b6f5ed98151d36d466d2377897703c85a12e"
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"category": "Payload installation",
|
|
|
|
"comment": "",
|
|
|
|
"deleted": false,
|
|
|
|
"disable_correlation": false,
|
|
|
|
"object_relation": "sha256",
|
|
|
|
"timestamp": "1584349463",
|
|
|
|
"to_ids": true,
|
|
|
|
"type": "sha256",
|
|
|
|
"uuid": "62212b29-8bd3-40f1-abbe-a012f72974f6",
|
|
|
|
"value": "fe53c08e692d7ef6bfd379f9f34d48bd1f4b8c1c72c6d8d33d6e9ca234414aa9"
|
|
|
|
}
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"comment": "",
|
|
|
|
"deleted": false,
|
|
|
|
"description": "VirusTotal report",
|
|
|
|
"meta-category": "misc",
|
|
|
|
"name": "virustotal-report",
|
|
|
|
"template_uuid": "d7dd0154-e04f-4c34-a2fb-79f3a3a52aa4",
|
|
|
|
"template_version": "2",
|
|
|
|
"timestamp": "1584349533",
|
|
|
|
"uuid": "0908af08-9b39-4a3f-96d8-d3418f91eb1a",
|
|
|
|
"Attribute": [
|
|
|
|
{
|
|
|
|
"category": "Other",
|
|
|
|
"comment": "",
|
|
|
|
"deleted": false,
|
|
|
|
"disable_correlation": false,
|
|
|
|
"object_relation": "last-submission",
|
|
|
|
"timestamp": "1584349463",
|
|
|
|
"to_ids": false,
|
|
|
|
"type": "datetime",
|
|
|
|
"uuid": "00965ade-8b0b-41e7-a51e-761288895c48",
|
|
|
|
"value": "2020-03-16T04:39:28+00:00"
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"category": "External analysis",
|
|
|
|
"comment": "",
|
|
|
|
"deleted": false,
|
|
|
|
"disable_correlation": false,
|
|
|
|
"object_relation": "permalink",
|
|
|
|
"timestamp": "1584349463",
|
|
|
|
"to_ids": false,
|
|
|
|
"type": "link",
|
|
|
|
"uuid": "1c8cd1d5-336e-4aea-8647-6f780f834623",
|
|
|
|
"value": "https://www.virustotal.com/file/fe53c08e692d7ef6bfd379f9f34d48bd1f4b8c1c72c6d8d33d6e9ca234414aa9/analysis/1584333568/"
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"category": "Payload installation",
|
|
|
|
"comment": "",
|
|
|
|
"deleted": false,
|
|
|
|
"disable_correlation": true,
|
|
|
|
"object_relation": "detection-ratio",
|
|
|
|
"timestamp": "1584349463",
|
|
|
|
"to_ids": false,
|
|
|
|
"type": "text",
|
|
|
|
"uuid": "8456a355-978c-4973-a375-2c79dc434f61",
|
|
|
|
"value": "16/71"
|
|
|
|
}
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"comment": "",
|
|
|
|
"deleted": false,
|
|
|
|
"description": "Microblog post like a Twitter tweet or a post on a Facebook wall.",
|
|
|
|
"meta-category": "misc",
|
|
|
|
"name": "microblog",
|
|
|
|
"template_uuid": "8ec8c911-ddbe-4f5b-895b-fbff70c42a60",
|
|
|
|
"template_version": "18",
|
|
|
|
"timestamp": "1585058932",
|
|
|
|
"uuid": "5e6f42ae-ec38-430a-ae63-5b7c02de0b81",
|
|
|
|
"ObjectReference": [
|
|
|
|
{
|
|
|
|
"comment": "",
|
|
|
|
"object_uuid": "5e6f42ae-ec38-430a-ae63-5b7c02de0b81",
|
|
|
|
"referenced_uuid": "99971e8c-dd3a-4240-87b8-66e91484b41b",
|
2023-04-21 13:25:09 +00:00
|
|
|
"relationship_type": "references",
|
2023-12-14 14:30:15 +00:00
|
|
|
"timestamp": "1585058932",
|
|
|
|
"uuid": "5e7a1474-7218-4f29-8cdc-49dc950d210f"
|
|
|
|
}
|
|
|
|
],
|
|
|
|
"Attribute": [
|
|
|
|
{
|
|
|
|
"category": "Other",
|
|
|
|
"comment": "",
|
|
|
|
"deleted": false,
|
|
|
|
"disable_correlation": true,
|
|
|
|
"object_relation": "type",
|
|
|
|
"timestamp": "1584349870",
|
|
|
|
"to_ids": false,
|
|
|
|
"type": "text",
|
|
|
|
"uuid": "5e6f42ae-0d94-4050-80bb-5b7c02de0b81",
|
|
|
|
"value": "Twitter"
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"category": "External analysis",
|
|
|
|
"comment": "",
|
|
|
|
"deleted": false,
|
|
|
|
"disable_correlation": false,
|
|
|
|
"object_relation": "link",
|
|
|
|
"timestamp": "1584349870",
|
|
|
|
"to_ids": false,
|
|
|
|
"type": "link",
|
|
|
|
"uuid": "5e6f42ae-b850-4fbb-a21f-5b7c02de0b81",
|
|
|
|
"value": "https://twitter.com/H_Miser/status/1239455748121407490"
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"category": "Other",
|
|
|
|
"comment": "",
|
|
|
|
"deleted": false,
|
|
|
|
"disable_correlation": true,
|
|
|
|
"object_relation": "state",
|
|
|
|
"timestamp": "1584349870",
|
|
|
|
"to_ids": false,
|
|
|
|
"type": "text",
|
|
|
|
"uuid": "5e6f42ae-5124-4435-ae57-5b7c02de0b81",
|
|
|
|
"value": "Informative"
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"category": "Other",
|
|
|
|
"comment": "",
|
|
|
|
"deleted": false,
|
|
|
|
"disable_correlation": false,
|
|
|
|
"object_relation": "username",
|
|
|
|
"timestamp": "1584350374",
|
|
|
|
"to_ids": false,
|
|
|
|
"type": "text",
|
|
|
|
"uuid": "5e6f44a6-6a70-4230-9bad-700f02de0b81",
|
|
|
|
"value": "H_Miser"
|
|
|
|
}
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"comment": "",
|
|
|
|
"deleted": false,
|
|
|
|
"description": "File object describing a file with meta-information",
|
|
|
|
"meta-category": "file",
|
|
|
|
"name": "file",
|
|
|
|
"template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215",
|
|
|
|
"template_version": "19",
|
|
|
|
"timestamp": "1585059006",
|
|
|
|
"uuid": "5e7a01e6-6be8-4bfa-ae38-4bb8950d210f",
|
|
|
|
"ObjectReference": [
|
|
|
|
{
|
|
|
|
"comment": "",
|
|
|
|
"object_uuid": "5e7a01e6-6be8-4bfa-ae38-4bb8950d210f",
|
|
|
|
"referenced_uuid": "5e7a03f5-818c-4388-934b-4b0d950d210f",
|
2023-04-21 13:25:09 +00:00
|
|
|
"relationship_type": "connects-to",
|
2023-12-14 14:30:15 +00:00
|
|
|
"timestamp": "1585059006",
|
|
|
|
"uuid": "5e7a14be-03dc-4cdc-97ef-4ed7950d210f"
|
|
|
|
}
|
|
|
|
],
|
|
|
|
"Attribute": [
|
|
|
|
{
|
|
|
|
"category": "Payload delivery",
|
|
|
|
"comment": "",
|
|
|
|
"data": "UEsDBBQACQAIADVmeFCqr/zNc6MCAADuBAAgABwANzQzNGNkYzhiMmU5YjMzZDE5NWEzOGNlNzk1YTA2ZTVVVAkAA+YBel7mAXpedXgLAAEEIQAAAAQhAAAA8EMkx5OSvnK16nEMLmjdcwmA3PZF/7GctkN2kMBDNxH9Z1zI+IAUYkmFgi1uOKoKEhcNfchankx009cAKYykG3xtvroIrQiYZYfM6Bi1UYIE1nDqke9f8YvLlFUFnOIYHICggUHZt1RfZgUJgbD6pKZAIv/Be+oZ30S+fC1t493cIXa5kdm2aX/OgHtjyIxyGBhkm2TUNu4/Pl9tPZZBMbhmLsSxbbGiAjdY0BqKvttFGSd+UPfC+SbKAhmCvrGTOxiWJa2Hop9y4m9WGbIT5vgnWbAELMiIMMKqfdKhzq1uKhMU8T10/+FY0DPsSijy3zXXijbcvbERl97JQoooDkyh0DuYHppLZD4b0UVr6nNrn7o0Hf72S7XWRhFGDN0m9ARdHdVh0zLkyfiGBQUb01FHWajYdwStOVZ/6RGVxu2U100G757JMNxNWQM7q2+GeXXTYTvozdGoPAUocG0SLvjzNgGJ2+OU/V+xmriXhtA+jw3WUGM5IWCpgHX+1C/5wIsZW7/B00sDRFIh3QzGozSUvX4admiqc31x9/cgbAYRjwf1DdGASTCwzi5UrW4PS3d8wefH7VRhfJU5SNNXOEuhiv6p1e5vxfvf+5FF9zkrAEKERPBMKB+tQ4ioEFP4ENO1OehA5bSfvoKXdTQQEDHqnz+7k/BX9jU+qi/Qz7z0KuLGFjnLXMKNLrmnhhLvEiwMdYaJcjQ/YYVvS0X+ub0d2P1iv7hThg4YMiu7ckacxKsjHfFU5V2B51y2kwZxaIljjm+U42N4uso/7BfGr3t9Az9hv+8dxVgYv/4Cj42HZNCzffCAT8wdw552k6SSpABVeawZR3xwkaClkQhunfYTNadvUE+LzrRrrULptWSYlWiqbeZVqh/9EgcWnT6UsQrx30KIvG4jh2DhHJuQSuOZioWQBj1d+j+aQQ+2UGPlJfPLrKofba7j64jPf4kflnocu8IZ0seQ55D/fk//+Hhb+NJrimJAo6EETKbixLZuuV3gQh6YcUu/hPqxvtDA8E8uNA1kAC7mG/Df/7Xq+BlseDIxBxB+PmeHV6mMUa3NtdlyZMNXDrjRwhPB/XO2CTmQfQLMTYk/njt3Rj2/9Vg9N/tq94MiTNGHAofJmtMSFcme/BxYp7sFMChU9ArjY2nKU194bePm1qXj2S6e4YBR+lNLCxFwvJdfa+TiHXOc2lVrLpaK9fRJZRQFqSs+WyfHo42D6ub42UjaR3VFRxSmdIg1six/6ENmmPEiKokupjLpEwZ2xFLtHL6ai4sZ4fe9pmIWghQvwXRmGS5u1lquYspA6NW++VeKpSBNpq+RmCIDtyQVziO3Bd3slaCUKEXEzblCt+Qb7oiVQVdmJe2Vn9tBgLQ370gc2u0l/nB37s/O/kWY8Lx3POZDzfjzjeGpECthwPZ8w46RxFkt/AfDNLiwb8GyOtjo1DT78vx2OxbpAqD1QKd0ecCUKmKwvAXYQcSq7rL8rjFhHHeso4E8JEX65oiSAgp3GCH79ovuniYJnskDyd3+MEBBlXvQfJn+X2OyD8hDJQYWrns6U3WdFxNftSuru2xU9uSjX7GUIqPkQfG3WOEKHDmRsV6KqPofa5AiTGCn+8IP5H17FXFhdM5YH25yYDVvjz4mFun7QbZfLroht9mKCsO9B7vX5XTCNayNr0TPEYmopICCt5DOwoJKOprnsBsPAK9fSX+Ywq1Yxgcl3EySaOTxyUI/owVv5UmMsINSgxz7R7xgoy6cQR6ZA3je9KesxLPI+tIwt4xeKxb97Wb9wgo3FLgPE3moEiYue+ahreW2Kbddic7sJUTm5HNHvBPrrZEE4ekn+VZqmfQcoHTO5U2BIAuTE2ipNCoediU9S5LQa6W9ly5sfmkH59HgprpvP5hxH1QwGLZmHo1aSNykcBIFsX0kHHw6xlPrJEsDaGTaaVMDVpjQ485bVzqPTiWShAE617xIQEu6BeY8q9r/N/ur65kNj1K28OE3B6NhIycjicgHY2lJEKhBNsutd3eMg9XHXuBO/FjoqixdYnfOmR6QSCUJlXP0qyOPX6Wy+xfpezHEoKHFCZs61fbOvFlcKdkGcJjD+L0sx+UVFvdpp9t3CBSKoSVH88ld5dhhJO7HKC0HX5LIa1U8HAwyMJjlZ1P+6UgkoTEsxazw2je6cwNqGHZfhx2/9jdo6AgqlEMfT8P4U+ZJuVPUgUyHnPp4yBlzPKQnydsX/3FMne6xxg0yvDdDNQAeuEI0+3Rx+caDd4eBzYrwSmbOI2qyEjlPhRMPL+mLtxfWuIO177sSN3NmYBIzdBdte0gIn5O0hLsLnMi5Tj0cK6+qjne82bNAuQwhEYH0XNhoPjEedcll9ZnXr+X/WTpPppKr72n3NFPvOU5RTUmAF96eZjiJgdcyP/P/Ypye0WqgKx8lkmK+9MW9huHj1f2/MeTfvXK0y1Rowu1I4KiadqzHx0dul0fVw24jRg0WtlP1w+JoEeFJiP5xYVskgbfOSSGtu4Bz4FtHF1DQqTOs4l4qMl6QA1f3hR6LBtTQGnfTtCaLEPBQprOAyF4sWMgWxp/L3qZwcFYDvAochz5Jq7TVgXyV/cnbRTnlXxUeAzvxiJyccq15kkVVWdE4+WIpCtJB/Lm6ug/MBJSO4AFEsJ6U5d/Gbcspz8C9f9xC9V/7pcGAKmtUCkWWshoAhFNiJYErTwhv/EpvF8+siWKut1lsBqAHh7CrOQO+0qhofq0rDk0ezKxfzsHEd+OQe1TrroQ6xbhj7tOVlY7uAxzIhyL7VN2xJctJFlu9M/qUN7JthIggcU0TILTMQ7aIKIFrDZmuW5TNScVY5pmSoHxCSwzklzE/4yKh8XaRqj4qHPtH8MWs6HMoFMW0TqFhCJydC17Enxzy05Wf19VZhyFqxpSNsFSeHpT6/oRT7AYYl2YtnrUMH4FuKUNXa+7y11bJb/j8dpWqYKJINaxTV4gAVFuTSYXikZEYdbWCM9ZCaEqE8zQEM6/vMkVIUruyfw1V95alSqWmyboieW17Tva4sjAmJVz2/PZUslF1/wu52mmihIteWvbyQ3YEaOpU4txbqKSP6gIXPbcdEVncN1thI8xQsSzgpN/PAgOrEwrXz7SjXWySBhCAsp419HPBEvkvrByXZwsR2uY73XPyMc2bYOLCItspyFL0HAGXRpIKu7gJnocVzKI06Jn5BKapSdEJyHw1My9KN28DV6LkpLLUMIA+4bNsgfA1nIzfXK3YOBg9DgZOq12C65/9k4gfTek0mKlZubOTRNbZptlaq108W5fGX6zoJ7doLokN3yBBR9Uh7nFYoyEpySLt8SY69QpFg+WXkIm7J0vpn1h0OLKtIDZtI0vPIcjdTlOflEZ1hiNo+vLT17OsP9ldknaNtT9E8zNWx5dqiXuzN8WtBXN6VNyCS9O+wUtygoY/9LDvb9p2SmmMyXn8zEIxqqv/sk3Wo1WzlMu93fXkbAdtf5Cbbyaimepyci2Phlo8Q98j80vONAdpTqZWVR17D1ZauSlbdVpqbzb5JHo6I78xy4V2cbfVvF0g8n0cyHkuCFLVdiqAeXu9yrHOosaW+W/6UiNxmZpc5XmJSmcPb4FubFIds75m/Jt5AjYqL9ODeb/xNpJv41ABYYobfEdLPug7dtstWXamkCT7m+Qybc8JML3b/ziG8gNNq4VpqJnQJEbZ4J+pY47TiDCsIWc3KThsErsdw+eRwnb5d2v5pPoaRcy9bTSEiqKDUe3/CNcYsTH99lLH8xJ2S9LCwexOqMu4sT0ykOkRgaRYlTkay1MrZ4Zgx07qQRmS3AbPJf8hVdco2VVnqTdTvlLwc62fVAsJquyZcn3l2Qx0K8CtTd28dtTXhsjIE4uoTkwIb4alTSXSp3eByp5Inr1TLVyVA8e3VFkZKvUg3n4wbnVd76zST+CiqkA9BjK1Zucdc/oREBuGAAXSKd
|
|
|
|
"deleted": false,
|
|
|
|
"disable_correlation": false,
|
|
|
|
"object_relation": "malware-sample",
|
|
|
|
"timestamp": "1585054182",
|
|
|
|
"to_ids": true,
|
|
|
|
"type": "malware-sample",
|
|
|
|
"uuid": "5e7a01e6-0ebc-49ca-94f0-4160950d210f",
|
|
|
|
"value": "fe53c08e692d7ef6bfd379f9f34d48bd1f4b8c1c72c6d8d33d6e9ca234414aa9|7434cdc8b2e9b33d195a38ce795a06e5"
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"category": "Payload delivery",
|
|
|
|
"comment": "",
|
|
|
|
"deleted": false,
|
|
|
|
"disable_correlation": false,
|
|
|
|
"object_relation": "filename",
|
|
|
|
"timestamp": "1585054182",
|
|
|
|
"to_ids": false,
|
|
|
|
"type": "filename",
|
|
|
|
"uuid": "5e7a01e6-2814-48c5-90a1-4aa3950d210f",
|
|
|
|
"value": "fe53c08e692d7ef6bfd379f9f34d48bd1f4b8c1c72c6d8d33d6e9ca234414aa9"
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"category": "Payload delivery",
|
|
|
|
"comment": "",
|
|
|
|
"deleted": false,
|
|
|
|
"disable_correlation": false,
|
|
|
|
"object_relation": "md5",
|
|
|
|
"timestamp": "1585054182",
|
|
|
|
"to_ids": true,
|
|
|
|
"type": "md5",
|
|
|
|
"uuid": "5e7a01e6-8724-4798-857a-4daf950d210f",
|
|
|
|
"value": "7434cdc8b2e9b33d195a38ce795a06e5"
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"category": "Payload delivery",
|
|
|
|
"comment": "",
|
|
|
|
"deleted": false,
|
|
|
|
"disable_correlation": false,
|
|
|
|
"object_relation": "sha1",
|
|
|
|
"timestamp": "1585054182",
|
|
|
|
"to_ids": true,
|
|
|
|
"type": "sha1",
|
|
|
|
"uuid": "5e7a01e6-3074-43cd-99eb-4b30950d210f",
|
|
|
|
"value": "2544b6f5ed98151d36d466d2377897703c85a12e"
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"category": "Payload delivery",
|
|
|
|
"comment": "",
|
|
|
|
"deleted": false,
|
|
|
|
"disable_correlation": false,
|
|
|
|
"object_relation": "sha256",
|
|
|
|
"timestamp": "1585054182",
|
|
|
|
"to_ids": true,
|
|
|
|
"type": "sha256",
|
|
|
|
"uuid": "5e7a01e6-c5e0-4f6d-9e73-4e39950d210f",
|
|
|
|
"value": "fe53c08e692d7ef6bfd379f9f34d48bd1f4b8c1c72c6d8d33d6e9ca234414aa9"
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"category": "Other",
|
|
|
|
"comment": "",
|
|
|
|
"deleted": false,
|
|
|
|
"disable_correlation": true,
|
|
|
|
"object_relation": "size-in-bytes",
|
|
|
|
"timestamp": "1585054182",
|
|
|
|
"to_ids": false,
|
|
|
|
"type": "size-in-bytes",
|
|
|
|
"uuid": "5e7a01e6-2cb8-446d-a1ee-48c0950d210f",
|
|
|
|
"value": "323072"
|
|
|
|
}
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"comment": "",
|
|
|
|
"deleted": false,
|
|
|
|
"description": "An IP address (or domain or hostname) and a port seen as a tuple (or as a triple) in a specific time frame.",
|
|
|
|
"meta-category": "network",
|
|
|
|
"name": "ip-port",
|
|
|
|
"template_uuid": "9f8cea74-16fe-4968-a2b4-026676949ac6",
|
|
|
|
"template_version": "8",
|
|
|
|
"timestamp": "1585054708",
|
|
|
|
"uuid": "5e7a03f5-818c-4388-934b-4b0d950d210f",
|
|
|
|
"Attribute": [
|
|
|
|
{
|
|
|
|
"category": "Network activity",
|
|
|
|
"comment": "",
|
|
|
|
"deleted": false,
|
|
|
|
"disable_correlation": false,
|
|
|
|
"object_relation": "hostname",
|
|
|
|
"timestamp": "1585054709",
|
|
|
|
"to_ids": true,
|
|
|
|
"type": "hostname",
|
|
|
|
"uuid": "5e7a03f5-3f7c-4376-8f06-47cd950d210f",
|
|
|
|
"value": "lerouteurmegoodvvvv.hopto.org"
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"category": "Network activity",
|
|
|
|
"comment": "",
|
|
|
|
"deleted": false,
|
|
|
|
"disable_correlation": false,
|
|
|
|
"object_relation": "hostname",
|
|
|
|
"timestamp": "1585054709",
|
|
|
|
"to_ids": true,
|
|
|
|
"type": "hostname",
|
|
|
|
"uuid": "5e7a03f5-01d8-4f6c-a3a0-4134950d210f",
|
|
|
|
"value": "froujholaqszeeddd.hopto.org"
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"category": "Network activity",
|
|
|
|
"comment": "",
|
|
|
|
"deleted": false,
|
|
|
|
"disable_correlation": false,
|
|
|
|
"object_relation": "hostname",
|
|
|
|
"timestamp": "1585054709",
|
|
|
|
"to_ids": true,
|
|
|
|
"type": "hostname",
|
|
|
|
"uuid": "5e7a03f5-1fc4-42cc-8f43-49f7950d210f",
|
|
|
|
"value": "homodwanouli.publicvm.com"
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"category": "Network activity",
|
|
|
|
"comment": "",
|
|
|
|
"deleted": false,
|
|
|
|
"disable_correlation": false,
|
|
|
|
"object_relation": "hostname",
|
|
|
|
"timestamp": "1585054709",
|
|
|
|
"to_ids": true,
|
|
|
|
"type": "hostname",
|
|
|
|
"uuid": "5e7a03f5-1e94-4cca-96b0-4aec950d210f",
|
|
|
|
"value": "hamodinougadoo.zapto.org"
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"category": "Network activity",
|
|
|
|
"comment": "",
|
|
|
|
"deleted": false,
|
|
|
|
"disable_correlation": true,
|
|
|
|
"object_relation": "dst-port",
|
|
|
|
"timestamp": "1585054709",
|
|
|
|
"to_ids": false,
|
|
|
|
"type": "port",
|
|
|
|
"uuid": "5e7a03f5-bf40-448b-9ca2-4d2f950d210f",
|
|
|
|
"value": "1919"
|
|
|
|
}
|
|
|
|
]
|
|
|
|
}
|
2023-04-21 13:25:09 +00:00
|
|
|
]
|
2023-12-14 14:30:15 +00:00
|
|
|
}
|
2023-04-21 13:25:09 +00:00
|
|
|
}
|