adulau/misp-circl-feed
1
0
Fork 0
Code Issues 1 Pull requests Projects 1 Releases Packages Wiki Activity Actions
misp-circl-feed/feeds/circl/misp/63a9a6fa-f518-4591-9dbe-d0bb0f0ea588.json

1109 lines
367 KiB
JSON
Raw Normal View History

chg: [feed] added
2023-04-21 13:25:09 +00:00
{
chg: [gen] updated
2023-12-14 14:30:15 +00:00
"Event": {
"analysis": "0",
"date": "2022-06-01",
"extends_uuid": "",
"info": "OSINT - First Exploitation of Follina Seen in the Wild",
"publish_timestamp": "1654068983",
"published": true,
"threat_level_id": "1",
"timestamp": "1654068974",
"uuid": "63a9a6fa-f518-4591-9dbe-d0bb0f0ea588",
"Orgc": {
"name": "CIRCL",
"uuid": "55f6ea5e-2c60-40e5-964f-47a8950d210f"
},
"Tag": [
{
"colour": "#004646",
"local": "0",
"name": "type:OSINT",
"relationship_type": ""
},
{
"colour": "#0071c3",
"local": "0",
"name": "osint:lifetime=\"perpetual\"",
"relationship_type": ""
},
{
"colour": "#ffffff",
"local": "0",
"name": "tlp:white",
"relationship_type": ""
}
],
"Object": [
{
"comment": "",
"deleted": false,
"description": "Metadata used to generate an executive level report",
"meta-category": "misc",
"name": "report",
"template_uuid": "70a68471-df22-4e3f-aa1a-5a3be19f82df",
"template_version": "5",
"timestamp": "1654067911",
"uuid": "720e9bd3-147a-4de6-8f78-3cebf19df900",
"ObjectReference": [
{
"comment": "",
"object_uuid": "720e9bd3-147a-4de6-8f78-3cebf19df900",
"referenced_uuid": "f02c6f09-7ff7-4ac1-a87c-d5c3ee629c67",
chg: [feed] added
2023-04-21 13:25:09 +00:00
"relationship_type": "references",
chg: [gen] updated
2023-12-14 14:30:15 +00:00
"timestamp": "1654067911",
"uuid": "bcdd0800-f01d-4e94-96ff-b6eec2b158e3"
}
],
"Attribute": [
{
"category": "External analysis",
"comment": "",
"deleted": false,
"disable_correlation": false,
"object_relation": "link",
"timestamp": "1654067862",
"to_ids": false,
"type": "link",
"uuid": "150bbd51-422e-4cae-b403-ccee6a59e9ce",
"value": "https://isc.sans.edu/forums/diary/First+Exploitation+of+Follina+Seen+in+the+Wild/28698/"
},
{
"category": "Other",
"comment": "",
"deleted": false,
"disable_correlation": false,
"object_relation": "summary",
"timestamp": "1654067862",
"to_ids": false,
"type": "text",
"uuid": "99038964-fa61-49fd-b511-38cb23687a8b",
"value": "For a few days, \"Follina\" is generating a lot of noise on the Internet, check our yesterday diary[1] about this new vulnerability if you need more details. It was time to hunt for some samples. For this purpose, I created a simple YARA rule on VT:"
}
]
},
{
"comment": "https://isc.sans.edu/forums/diary/First+Exploitation+of+Follina+Seen+in+the+Wild/28698/",
"deleted": false,
"description": "An object describing a YARA rule (or a YARA rule name) along with its version.",
"meta-category": "misc",
"name": "yara",
"template_uuid": "b5acf82e-ecca-4868-82fe-9dbdf4d808c3",
"template_version": "5",
"timestamp": "1654067893",
"uuid": "f02c6f09-7ff7-4ac1-a87c-d5c3ee629c67",
"Attribute": [
{
"category": "Other",
"comment": "",
"deleted": false,
"disable_correlation": true,
"object_relation": "context",
"timestamp": "1654067893",
"to_ids": false,
"type": "text",
"uuid": "c5f4d50d-b44d-473f-80dc-f8f331250050",
"value": "all"
},
{
"category": "Payload installation",
"comment": "",
"deleted": false,
"disable_correlation": false,
"object_relation": "yara",
"timestamp": "1654067893",
"to_ids": true,
"type": "yara",
"uuid": "edd3bc7d-badf-47ad-bad1-94fc84344464",
"value": "import \"vt\"\r\nrule hunt_0day_msdt\r\n{\r\n strings:\r\n $s1 = \"!\\\" TargetMode=\\\"External\\\"/>\" nocase wide ascii\r\n condition:\r\n new_file and all of ($s*) and vt.metadata.file_type == vt.FileType.DOCX\r\n}"
},
{
"category": "Other",
"comment": "",
"deleted": false,
"disable_correlation": false,
"object_relation": "yara-rule-name",
"timestamp": "1654067893",
"to_ids": false,
"type": "text",
"uuid": "8009c24b-aee1-44a1-b637-02e6b24da59e",
"value": "hunt_0day_msdt"
}
]
},
{
"comment": "",
"deleted": false,
"description": "Object describing a section of a Portable Executable",
"meta-category": "file",
"name": "pe-section",
"template_uuid": "198a17d2-a135-4b25-9a32-5aa4e632014a",
"template_version": "3",
"timestamp": "1654068048",
"uuid": "a6a4523b-bbc4-4ef1-9a20-79ccdfe72438",
"Attribute": [
{
"category": "Other",
"comment": "",
"deleted": false,
"disable_correlation": true,
"object_relation": "name",
"timestamp": "1654068048",
"to_ids": false,
"type": "text",
"uuid": "3354703e-1b68-4e69-b23b-b0f5fd24ab1e",
"value": ".text"
},
{
"category": "Other",
"comment": "",
"deleted": false,
"disable_correlation": true,
"object_relation": "size-in-bytes",
"timestamp": "1654068048",
"to_ids": false,
"type": "size-in-bytes",
"uuid": "47061638-cfb5-48d1-af10-b3cab39ccf40",
"value": "242688"
},
{
"category": "Other",
"comment": "",
"deleted": false,
"disable_correlation": true,
"object_relation": "entropy",
"timestamp": "1654068048",
"to_ids": false,
"type": "float",
"uuid": "e6861033-625c-4206-b251-86af6e752cfe",
"value": "7.986983162408"
},
{
"category": "Payload delivery",
"comment": "",
"deleted": false,
"disable_correlation": false,
"object_relation": "md5",
"timestamp": "1654068048",
"to_ids": true,
"type": "md5",
"uuid": "eb8773ff-d849-4c4e-81a9-afc42d4ae5aa",
"value": "748d499d87e7ad7fa3ed3b009047819e"
},
{
"category": "Payload delivery",
"comment": "",
"deleted": false,
"disable_correlation": false,
"object_relation": "sha1",
"timestamp": "1654068048",
"to_ids": true,
"type": "sha1",
"uuid": "47263e16-ba87-4f86-af47-f6abe08d2faf",
"value": "6d9480e53cd193a4fb367bb4c8c5488f6ae23e49"
},
{
"category": "Payload delivery",
"comment": "",
"deleted": false,
"disable_correlation": false,
"object_relation": "sha256",
"timestamp": "1654068048",
"to_ids": true,
"type": "sha256",
"uuid": "11aea04e-ba3e-4cc6-8e5c-597f22a4b4cd",
"value": "c0983e2f5fb8af3705f3d15ca5088851268b45f19d8b3af233074577fecd05f2"
},
{
"category": "Payload delivery",
"comment": "",
"deleted": false,
"disable_correlation": false,
"object_relation": "sha512",
"timestamp": "1654068048",
"to_ids": true,
"type": "sha512",
"uuid": "4bdac1ac-ba7c-4a51-861a-be39feeb5b4f",
"value": "ab376927339bccceafb2319943488eafdbeabe5d7fadce124cd533fb800fc35e968541ee748ff3d5c00dbfadd13cf6bf4bf324179cb66487751183d8bb89dc60"
},
{
"category": "Payload delivery",
"comment": "",
"deleted": false,
"disable_correlation": false,
"object_relation": "ssdeep",
"timestamp": "1654068048",
"to_ids": true,
"type": "ssdeep",
"uuid": "b75a1e0c-c396-4174-803c-06641e730e28",
"value": "6144:oS1Y14+vsB/IaggtLnFNvM75DmPYvdP1BGIi20:oS1V1IRgtLnLqcwv1v0"
}
]
},
{
"comment": "",
"deleted": false,
"description": "Object describing a section of a Portable Executable",
"meta-category": "file",
"name": "pe-section",
"template_uuid": "198a17d2-a135-4b25-9a32-5aa4e632014a",
"template_version": "3",
"timestamp": "1654068048",
"uuid": "b06c9bdf-72de-482c-b286-a5324007a390",
"Attribute": [
{
"category": "Other",
"comment": "",
"deleted": false,
"disable_correlation": true,
"object_relation": "name",
"timestamp": "1654068048",
"to_ids": false,
"type": "text",
"uuid": "97587851-4f4f-4ac8-b11b-7acae7bb3380",
"value": ".rsrc"
},
{
"category": "Other",
"comment": "",
"deleted": false,
"disable_correlation": true,
"object_relation": "size-in-bytes",
"timestamp": "1654068048",
"to_ids": false,
"type": "size-in-bytes",
"uuid": "b1bfb102-44ab-4700-9749-618ea1ca7642",
"value": "1536"
},
{
"category": "Other",
"comment": "",
"deleted": false,
"disable_correlation": true,
"object_relation": "entropy",
"timestamp": "1654068048",
"to_ids": false,
"type": "float",
"uuid": "5e539db7-3265-4524-aae9-fb77de740b91",
"value": "4.2376045113149"
},
{
"category": "Payload delivery",
"comment": "",
"deleted": false,
"disable_correlation": false,
"object_relation": "md5",
"timestamp": "1654068048",
"to_ids": true,
"type": "md5",
"uuid": "227afaec-8a65-4097-9595-afcc6e4969f7",
"value": "addbcfbd8863440f69633bc4d4174cc9"
},
{
"category": "Payload delivery",
"comment": "",
"deleted": false,
"disable_correlation": false,
"object_relation": "sha1",
"timestamp": "1654068048",
"to_ids": true,
"type": "sha1",
"uuid": "fa2eaa25-49a8-4297-97ef-54d44aaf1c78",
"value": "e228889c7d51e9c460ec7105076384374c8d111e"
},
{
"category": "Payload delivery",
"comment": "",
"deleted": false,
"disable_correlation": false,
"object_relation": "sha256",
"timestamp": "1654068048",
"to_ids": true,
"type": "sha256",
"uuid": "6d50239a-eba0-4e8c-9490-29ed7f5a3ea5",
"value": "1d5012ef474c7c47eaa5a32c2742914774858a0ca1e1a2cace8267c599f9d3ab"
},
{
"category": "Payload delivery",
"comment": "",
"deleted": false,
"disable_correlation": false,
"object_relation": "sha512",
"timestamp": "1654068048",
"to_ids": true,
"type": "sha512",
"uuid": "214583fa-da7d-496d-a9de-e33874192a78",
"value": "fa4d75afd981d76a68327bcce8e91b6aac7f8bab4af1724c8dfc3754d5ab56ff7b2b3fdcc69a23cb7af0b58a2c36b00f1ee3a9a815d484689345f45b47da6791"
},
{
"category": "Payload delivery",
"comment": "",
"deleted": false,
"disable_correlation": false,
"object_relation": "ssdeep",
"timestamp": "1654068048",
"to_ids": true,
"type": "ssdeep",
"uuid": "0778abde-4334-4b02-8f3a-93aae4b883f3",
"value": "24:1RXs10ytDM4ZhNLAXCzh3f3EPN8q79pdtj+lEbNFjMyi06:1ZsFto4lLzh3vEF7FpfbNtmD"
}
]
},
{
"comment": "",
"deleted": false,
"description": "Object describing a section of a Portable Executable",
"meta-category": "file",
"name": "pe-section",
"template_uuid": "198a17d2-a135-4b25-9a32-5aa4e632014a",
"template_version": "3",
"timestamp": "1654068048",
"uuid": "861a5640-fd98-4d32-a63d-ad22fa5d1bbf",
"Attribute": [
{
"category": "Other",
"comment": "",
"deleted": false,
"disable_correlation": true,
"object_relation": "name",
"timestamp": "1654068048",
"to_ids": false,
"type": "text",
"uuid": "90ca6422-327c-4fbe-b56f-9d097c09c9b7",
"value": ".reloc"
},
{
"category": "Other",
"comment": "",
"deleted": false,
"disable_correlation": true,
"object_relation": "size-in-bytes",
"timestamp": "1654068048",
"to_ids": false,
"type": "size-in-bytes",
"uuid": "386f289b-ce6e-4fbd-9d18-cb41f3c4ee4d",
"value": "512"
},
{
"category": "Other",
"comment": "",
"deleted": false,
"disable_correlation": true,
"object_relation": "entropy",
"timestamp": "1654068048",
"to_ids": false,
"type": "float",
"uuid": "222edd98-6550-4f94-9a15-eede00fcdabd",
"value": "1.5849625007212"
},
{
"category": "Payload delivery",
"comment": "",
"deleted": false,
"disable_correlation": false,
"object_relation": "md5",
"timestamp": "1654068048",
"to_ids": true,
"type": "md5",
"uuid": "2b018411-ebd5-441e-bf7f-161962ce4f6b",
"value": "941e632f8bdd05b1ce847314e9665e5e"
},
{
"category": "Payload delivery",
"comment": "",
"deleted": false,
"disable_correlation": false,
"object_relation": "sha1",
"timestamp": "1654068048",
"to_ids": true,
"type": "sha1",
"uuid": "9c4ef189-d4f9-4686-8cf0-437e66389f34",
"value": "b04baf4c43bf9e82a7973578d0a6fe2923274fb4"
},
{
"category": "Payload delivery",
"comment": "",
"deleted": false,
"disable_correlation": false,
"object_relation": "sha256",
"timestamp": "1654068048",
"to_ids": true,
"type": "sha256",
"uuid": "9986d7d9-7f4d-4f87-ac41-83ac6212460e",
"value": "2dc1777a724b8e416807779ab80c3fd747ecf0b53f1335e2d74a8c30337b69f0"
},
{
"category": "Payload delivery",
"comment": "",
"deleted": false,
"disable_correlation": false,
"object_relation": "sha512",
"timestamp": "1654068048",
"to_ids": true,
"type": "sha512",
"uuid": "039f5eb0-c022-45cf-8e7a-b7a569353152",
"value": "b934d6b5ab72156d37c4e1a461de4f21fb7bd21f1cc06ae0396e4272b99b10fc179caeb864a5346829ffee322bddcf8b57071b8f1401f1a1a8bea5d651268370"
},
{
"category": "Payload delivery",
"comment": "",
"deleted": false,
"disable_correlation": false,
"object_relation": "ssdeep",
"timestamp": "1654068048",
"to_ids": true,
"type": "ssdeep",
"uuid": "9e6b26bc-38ce-4215-9f55-c759d14d713c",
"value": "3:7llGl:Sl"
}
]
},
{
"comment": "",
"deleted": false,
"description": "Object describing a Portable Executable",
"meta-category": "file",
"name": "pe",
"template_uuid": "cf7adecc-d4f0-4e88-9d90-f978ee151a07",
"template_version": "5",
"timestamp": "1654068048",
"uuid": "54301995-d1c3-4473-a555-4c3b6b96a95c",
"ObjectReference": [
{
"comment": "Section 0 of PE",
"object_uuid": "54301995-d1c3-4473-a555-4c3b6b96a95c",
"referenced_uuid": "a6a4523b-bbc4-4ef1-9a20-79ccdfe72438",
"relationship_type": "includes",
"timestamp": "1654068048",
"uuid": "1e5836ac-85b0-442c-b52c-35677e6216db"
},
{
"comment": "Section 1 of PE",
"object_uuid": "54301995-d1c3-4473-a555-4c3b6b96a95c",
"referenced_uuid": "b06c9bdf-72de-482c-b286-a5324007a390",
"relationship_type": "includes",
"timestamp": "1654068048",
"uuid": "d99c553f-798d-446d-8937-f036847c0372"
},
{
"comment": "Section 2 of PE",
"object_uuid": "54301995-d1c3-4473-a555-4c3b6b96a95c",
"referenced_uuid": "861a5640-fd98-4d32-a63d-ad22fa5d1bbf",
"relationship_type": "includes",
"timestamp": "1654068048",
"uuid": "cd92a63f-34cb-42b9-a48a-17e93bce03ed"
}
],
"Attribute": [
{
"category": "Other",
"comment": "",
"deleted": false,
"disable_correlation": true,
"object_relation": "type",
"timestamp": "1654068048",
"to_ids": false,
"type": "text",
"uuid": "9882d69a-7703-40b6-a281-657278272f91",
"value": "exe"
},
{
"category": "Other",
"comment": "",
"deleted": false,
"disable_correlation": true,
"object_relation": "entrypoint-address",
"timestamp": "1654068048",
"to_ids": false,
"type": "text",
"uuid": "53f50f7b-c61d-4e50-9607-4cd63a4b79eb",
"value": "4212166"
},
{
"category": "Other",
"comment": "",
"deleted": false,
"disable_correlation": false,
"object_relation": "compilation-timestamp",
"timestamp": "1654068048",
"to_ids": false,
"type": "datetime",
"uuid": "b0826390-a8e7-479c-8aad-24308f0c6491",
"value": "2062-12-15T16:16:38+00:00"
},
{
"category": "Payload delivery",
"comment": "",
"deleted": false,
"disable_correlation": true,
"object_relation": "original-filename",
"timestamp": "1654068048",
"to_ids": true,
"type": "filename",
"uuid": "bcdef888-c539-41bc-948d-1f2ca797b651",
"value": "ssapyb.exe"
},
{
"category": "Payload delivery",
"comment": "",
"deleted": false,
"disable_correlation": true,
"object_relation": "internal-filename",
"timestamp": "1654068048",
"to_ids": true,
"type": "filename",
"uuid": "83c6d09d-8359-43b4-b530-05a0b2fcf292",
"value": "ssapyb.exe"
},
{
"category": "Other",
"comment": "",
"deleted": false,
"disable_correlation": true,
"object_relation": "file-description",
"timestamp": "1654068048",
"to_ids": false,
"type": "text",
"uuid": "3e45da00-bc45-468b-9e2d-61f2b7f9f8fa",
"value": "ssapyb"
},
{
"category": "Other",
"comment": "",
"deleted": false,
"disable_correlation": true,
"object_relation": "file-version",
"timestamp": "1654068048",
"to_ids": false,
"type": "text",
"uuid": "753764f7-6ce4-43ad-baec-5dec45d92a2a",
"value": "1.0.0.0"
},
{
"category": "Other",
"comment": "",
"deleted": false,
"disable_correlation": true,
"object_relation": "lang-id",
"timestamp": "1654068048",
"to_ids": false,
"type": "text",
"uuid": "a620a30c-94d4-4f66-a1fc-e0059f3f5e9f",
"value": "000004b0"
},
{
"category": "Other",
"comment": "",
"deleted": false,
"disable_correlation": true,
"object_relation": "product-name",
"timestamp": "1654068048",
"to_ids": false,
"type": "text",
"uuid": "1f8a2173-c5f0-4eba-8cd2-e56001e24787",
"value": "ssapyb"
},
{
"category": "Other",
"comment": "",
"deleted": false,
"disable_correlation": true,
"object_relation": "product-version",
"timestamp": "1654068048",
"to_ids": false,
"type": "text",
"uuid": "b035ae13-47f5-4a51-bbd3-48d26ae5ceda",
"value": "1.0.0.0"
},
{
"category": "Other",
"comment": "",
"deleted": false,
"disable_correlation": true,
"object_relation": "legal-copyright",
"timestamp": "1654068048",
"to_ids": false,
"type": "text",
"uuid": "f8c945ea-15ad-46b1-93c6-637ebde0c1d0",
"value": "Copyright \u00a9 2022"
},
{
"category": "Other",
"comment": "",
"deleted": false,
"disable_correlation": true,
"object_relation": "number-sections",
"timestamp": "1654068048",
"to_ids": false,
"type": "counter",
"uuid": "8a950f1f-53d2-4254-a742-7a303ac72515",
"value": "3"
}
]
},
{
"comment": "",
"deleted": false,
"description": "File object describing a file with meta-information",
"meta-category": "file",
"name": "file",
"template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215",
"template_version": "20",
"timestamp": "1654068048",
"uuid": "cea43a63-c963-41d3-8dac-32db1eda6861",
"ObjectReference": [
{
"comment": "PE indicators",
"object_uuid": "cea43a63-c963-41d3-8dac-32db1eda6861",
"referenced_uuid": "54301995-d1c3-4473-a555-4c3b6b96a95c",
"relationship_type": "includes",
"timestamp": "1654068048",
"uuid": "c593a409-dba4-43f7-94f8-29ad8f454dbd"
}
],
"Attribute": [
{
"category": "Payload delivery",
"comment": "",
"deleted": false,
"disable_correlation": true,
"object_relation": "filename",
"timestamp": "1654068048",
"to_ids": true,
"type": "filename",
"uuid": "bd83262d-3f71-48ee-8748-3cd25b585e00",
"value": "3206fe87e2874db37239d64779c1f504cfca528cef8f5c2214f8434b392aa25a"
},
{
"category": "Other",
"comment": "",
"deleted": false,
"disable_correlation": true,
"object_relation": "size-in-bytes",
"timestamp": "1654068048",
"to_ids": false,
"type": "size-in-bytes",
"uuid": "531794d5-dbcd-48c4-a58f-76eae51f104c",
"value": "245248"
},
{
"category": "Other",
"comment": "",
"deleted": false,
"disable_correlation": true,
"object_relation": "entropy",
"timestamp": "1654068048",
"to_ids": false,
"type": "float",
"uuid": "9ad4791f-9de8-4e9d-bfbb-c4a4144b092c",
"value": "7.9694694775347"
},
{
"category": "Payload delivery",
"comment": "",
"deleted": false,
"disable_correlation": false,
"object_relation": "md5",
"timestamp": "1654068048",
"to_ids": true,
"type": "md5",
"uuid": "34234db6-d1a8-4203-bc27-eea5aa3be926",
"value": "ca322dd565f02d6d8c374e220cf8078e"
},
{
"category": "Payload delivery",
"comment": "",
"deleted": false,
"disable_correlation": false,
"object_relation": "sha1",
"timestamp": "1654068048",
"to_ids": true,
"type": "sha1",
"uuid": "4b2d98c8-26b6-4623-b888-889c49a36112",
"value": "e07a5ab133d0e22fbb0a434653bf50a851031001"
},
{
"category": "Payload delivery",
"comment": "",
"deleted": false,
"disable_correlation": false,
"object_relation": "sha256",
"timestamp": "1654068048",
"to_ids": true,
"type": "sha256",
"uuid": "a282ff1d-7e6b-466d-b903-327d7e993c85",
"value": "3206fe87e2874db37239d64779c1f504cfca528cef8f5c2214f8434b392aa25a"
},
{
"category": "Payload delivery",
"comment": "",
"deleted": false,
"disable_correlation": false,
"object_relation": "sha512",
"timestamp": "1654068048",
"to_ids": true,
"type": "sha512",
"uuid": "702fae85-9339-46da-b1d8-feedde6b3369",
"value": "758766ecedc738e0b5a4c2778691e8ea28911a93fd0dc79095119af00f94bc9fe6f14eeb9a39f1cc979b3054f408a562a9d262b93c52135aa22abb173ea18a4e"
},
{
"category": "Payload delivery",
"comment": "",
"data": "UEsDBBQACQAIAJg6wVS5QjUU+agDAAC+AwAgABwAY2EzMjJkZDU2NWYwMmQ2ZDhjMzc0ZTIyMGNmODA3OGVVVAkAA1ATl2JQE5didXgLAAEEIQAAAAQhAAAAtaB5ovaUefVNDtO2AVSAwkY7KwjXtrhUJvoOIx6YhH7Lu8D/xYPtpdTo1ThsTimZom1HPyVHTyzoB69YqK1WHFTD+4OkFXGgSMZmKVoiGqxmuI7y+nfZsdNJYdkLn2CN77TC3iuzVCjp88KgZRUbmZymFIeRzJlVwiD1E6PwFHzTIXmaUElPLYQpAdjCYvNtNjD+XHnKFsh0QNWstptrSDAyq4azdXKrzVYXUi6NWWYZquSTKismNrcBLJRXJl6SC1S+eu20hzrc7oBDRjfvOMf4bhEiZxqL+9GdwKjbNLTnMPe0B1xpP3dKSpwMOk7GCMzVE0CeCwDffeR9x2KktjRmgvm1gBeDXlIyPOblbfCvzcJL6gXCwCz0IdAjm6kgXteXcJvshuiTwOHlqROrInoIkQRndnuv/X7HVEYnk6hgsGKQE41ue1ogkldUptTG7zEBaLNxpqCKOfF4ryzfb4JZXTBXKGYvzLUhAqCrSIeWatlt99iOlZ2I5/jA7wQ3zspgbPLSuHVXA8PZjt9MFRT05V44M3VYVdV4T2Ar4opqcIxtFOREY6DF4RW7omgxMCOLUmNZpUa5slvtHyefhzengaipkUyoN+ePUp9S7JZPf+s7NB7nGAgkMFem2oYyU3SRDuKbczGGGJMYKhymjG1F+hIL28L+8bm9qdt/nxH4CVNhxbXJXDr5D7pH+jkAc4tAGP2Fl9c59TTilnuKlw+vChmUR1qJG1ChSXGy6AeOOBkUJeze+yS6t9CgW1uX8zzhtsL2uecjBGdR6uftOc5QwNeRhsxN1gWTU+weH+VFjYyhdgwk7M9M5RzTo1XcL7CIR7+KpskJBDVkV+9Oj4AivBtrc+TzFHPGG9WIW4UIujEhGlAVtow+uxTQ55kqUYSVQCPf1qGW7h+3jYV5PMzWsI+4QTmBZ60qHwp7I5An+YFrtEVIJvx3Ms6U2FSIo+ktgSbWpjlyOJuNu3hP2wA1j5eNKls3DpAW95xWw1WNKUU1QDK1eDYamZHU4ccrtrA0Vtk1nL1f/KxuP7It/lceqBp19qfW7qE3cQgXBJlXX0bBevyQmM2cTVIWpTN2nIk2M6p/K0IhJDEzTXm6shMahlQRQAg+U8KK5YGIsZs76Wh4gNwl8gKaPYR8c5GBYLDl18Q1qie2XvcnXlYR150paX8bZqXkvsHxV7O6rXrIjqAjHuMC2dtSRcsdsjTvoQ/aJvG6D3ZXbDIaTzLpTwz9ivNI5NlXRW7MbSUdBScewL+r1r9sxDzgMdGv8bAb/7j9dGvdEFyvn2Mc5Bd5hhCcDdKG00iwLJyWqQiSR0K3UIgIzQ5I1JL1p28whAFXYk7S4XWWY0d63uuAYbfjhecNuo0weAO5C6MYJEwz6t3ekQD3TzHVEC9AjDSyx6/RxokYmrHyH87ofDoCkELJdTX4mkuTvmonndJ2l7wQ/kxUtndorbsx519JQPzZ7+/ic++VqtaWaQFhnjR99polTZDbODASaM0dmPtPFLv1EcLwo+IQK6EQvhA81PxXIlNNnxX4n9z0opfG9toYsOpVr46a5j9/8BbJK3jpjJHaTi9zCcDP7Ekb6DJexdjcuVyUZPiyhl1DUJdLHy99jjoyTPt4f/mf1qlUgXwuTgDeuBMAE+erTSlMKhSyCLKqp1Rbcyud0wAe3HW8ITxh9vY2D1P5JTSjgszdcqkTLtwbcua1te1RLMfuBcrWNbLvjQqbKx5Xpg0EZ4KrEtlBWinpuz13hMjujrGMbLEiIfds05ITts5NogzbTex/4H3YDGXKlz8gZaik4IVneAgf3aZeMWw1RFhq7wvPxBtkh/FNY/pwCM6RA2KRi6qGIdG6lR2EAevRwlyVew7Wq+C9R62LyFAiXN7aWlg1Z19spJ5K+yv8F7hCLjQ5ilU2pSDap0R06ubWZPx/qGPEBTbwyzZ6KY4uS73kCSGpTm8LgWtfWCTWj5ZsMk/11Y51OnZdENCtX9yet4wV6IuUCKlj+vNzpLN7/8wIToGA4XiLIIKO99L1ThEcqz3Y8sAei7+ZhrseQmjgBSAfkZeYMdyA3INQvsZ2z1UmrLHovpMSNwtThaOKgy/7TTIQ92kWiUhBDICZwiWaLNL8H3hUGkToHb2nZ4KN2Z7FLDjNeA2JPKovQzt5mJflKs6WFtPxyS2Ifn9XV2zyOWxhYYRYZmTz92NKhWPWu9NQ29FoQ+hapDkAD4/t90xi/X18LF5o6JmpuMuHfuNUALs+VmOc7C/T4x/7FoT6bJu4NF94gVbhULajHSsIsxQTdOWzYE45NelH9ARKdexXHxeXOwwQCjDd8kJbJRwNwdgX+Eg7fTaAJg+mTfjFK1tr5so6M36gwxtgtKsnNrPm9xlFqVRJwXIyT0cQ+uZq7TdvsL0FMaB/er5eBxVh1kCiwpQlKoWsA/p0AaJEYOK8kQtiPthAqEHvmNtu3AjqxzXLRKd6pPl4bY/ERAxzYCtjweVfh/WaGhHI5DTsyKj/9jBYHljQHECvItLAoaCVYkxJDk9jpe4bJFDfdCLeZiw69KGapXSdWRxJ/ehXiKhSdSQviMbWZYcD4EUG4qm+WHso9BVRY+KZZmKkh71K20tmeyPw9ai0vCgf03rzxgcfeEcZe7V5Vex9us2VKYRImxti4VMeK9+fhSiRK/VmCmbQch5Hqz+YkP9C61HmLsiQNP0n4WHyUCmGZA+njghFdHkj8d8CT/PZJ7UOIAvupl1b4fBlqJnxuQ24CJj1QXXkeD+Zz+eDZJ8RyEhfLM0ZVdN1N5M1kq3D4gbmWpMjFU79LHJxfMbPXcjT/7kg0G8iipgz/G4LE/prLeP+HgJAbHjf3+8yBQj/aF8fdeTO7B3h5DAf35uieUc0j5dn14fHto1F6nYtb1z/jeLHQNp4ZN+dY1iHuNCSQU+iY6rxZYw4mSMCbXWMSsHZXwkAFJw5JrhSNBqQgs2VsW2kZQyThkO2benQR3TmaTzC+UfaPgERnENkVagnpx/AM4m4GeHilv5sNgV3SmzigS33InkAXrU2ogiuL37kXzEt/wEHZ++sPSZCYhmSAtYuCplR9J9cgWLPgrTXm4irQcDDy39Eo3FA/mR9IjloU93y2iAMxz7f0dAvzzathlggTHGVgs5SdMZRwDFETlhC4lFjHAUUqZGTA7goVBWlI9gbuNYZqraCjQxucB0u8EI1znd4aaB/UN8YsMmkEfgouPWoQ6JIsno5kG01Ypnw7RHG0ZPTzs+uMAWNL48I6uGcz3/sjFdkorwx2yuaqcocRuhZE3zYyrLoUIic4m9PhmGWsTpfa2Y+WDfoJVL5sOvGnnWDp58xIDDFzlLod8ashF1lq1PQj8KIx9i9FuW9YXt7ev66xWRApXh1qBs2msssc6+1kG53UZeAw2OUD1Y8Nj4qdjhSbccWOqkrBydCh+pihhXyqFfaXHs8EYaGgvr8UJNHwDUmFoF6Wfri96VbH5bJgJqjXw3cBqZC3aYoPo8K9AMYeTezmCCwtCA0jGE04J1GqQDMI7wODj6DN06KpXWHVfZt9CpwDxrljxHCKXXcK5QZZzhrYa+sQ1uW7vB6BPzUTHLICTfA6k847zGGxBabWdRoK+o5MeFXDaO6SO+oex428/AWvO3TkYvVJGHSEfjRuWDqAyv0Dja4aQOlAturspXZr4QZuKJsG6qM+ytcC7EVUbCbL9ZFD0gY2XyUh/VX4JfeWArLrdia4eLK1k7cs7mFD5PPqL7s76qEu8nR6d6NmXVCExYtUQA3rojlxPBlez1B4lt4pSBGQNGFxo0JIngk9FZ7x48+pCHcBcjUElWfLtbdomcKYQaQHcrwRZ81y+W82rwMASrkxHVxL5s7nPMQJ0Ofh/matl1A2HU8eZCNq2xuq78b9HnMTrg66oumgrcS8KYzDjl5R+YkzkbrmIYoLgWcsdRdQnDwV7FRAR2gjxDzFS
"deleted": false,
"disable_correlation": false,
"object_relation": "malware-sample",
"timestamp": "1654068048",
"to_ids": true,
"type": "malware-sample",
"uuid": "df745403-5cbe-4e52-9eb7-390bd36a8ed0",
"value": "3206fe87e2874db37239d64779c1f504cfca528cef8f5c2214f8434b392aa25a|ca322dd565f02d6d8c374e220cf8078e"
},
{
"category": "Artifacts dropped",
"comment": "",
"deleted": false,
"disable_correlation": true,
"object_relation": "mimetype",
"timestamp": "1654068048",
"to_ids": false,
"type": "mime-type",
"uuid": "165dc5ac-99f5-4a92-a6a4-9801f485653d",
"value": "PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows"
},
{
"category": "Payload delivery",
"comment": "",
"deleted": false,
"disable_correlation": false,
"object_relation": "ssdeep",
"timestamp": "1654068048",
"to_ids": true,
"type": "ssdeep",
"uuid": "1359beac-c752-4ac6-a328-8530fea0dce6",
"value": "6144:XS1Y14+vsB/IaggtLnFNvM75DmPYvdP1BGIi2:XS1V1IRgtLnLqcwv1v"
}
]
},
{
"comment": "e07a5ab133d0e22fbb0a434653bf50a851031001: Enriched via the virustotal module",
"deleted": false,
"description": "VirusTotal report",
"meta-category": "misc",
"name": "virustotal-report",
"template_uuid": "d7dd0154-e04f-4c34-a2fb-79f3a3a52aa4",
"template_version": "4",
"timestamp": "1654068077",
"uuid": "637c4f30-117e-41ba-a877-a5c4e8c07198",
"Attribute": [
{
"category": "External analysis",
"comment": "e07a5ab133d0e22fbb0a434653bf50a851031001: Enriched via the virustotal module",
"deleted": false,
"disable_correlation": true,
"object_relation": "permalink",
"timestamp": "1654068077",
"to_ids": false,
"type": "link",
"uuid": "6b759205-b220-44bc-9f7c-1c9c1aa1a7a9",
"value": "https://www.virustotal.com/gui/file/3206fe87e2874db37239d64779c1f504cfca528cef8f5c2214f8434b392aa25a"
},
{
"category": "Other",
"comment": "e07a5ab133d0e22fbb0a434653bf50a851031001: Enriched via the virustotal module",
"deleted": false,
"disable_correlation": true,
"object_relation": "detection-ratio",
"timestamp": "1654068077",
"to_ids": false,
"type": "text",
"uuid": "62a92f71-6d70-4b7e-a18a-6dc2aafef36d",
"value": "37/69"
}
]
},
{
"comment": "e07a5ab133d0e22fbb0a434653bf50a851031001: Enriched via the virustotal module",
"deleted": false,
"description": "VirusTotal report",
"meta-category": "misc",
"name": "virustotal-report",
"template_uuid": "d7dd0154-e04f-4c34-a2fb-79f3a3a52aa4",
"template_version": "4",
"timestamp": "1654068077",
"uuid": "39168d95-f1fc-4c13-ac90-4ac6e39b3fc8",
"Attribute": [
{
"category": "External analysis",
"comment": "e07a5ab133d0e22fbb0a434653bf50a851031001: Enriched via the virustotal module",
"deleted": false,
"disable_correlation": true,
"object_relation": "permalink",
"timestamp": "1654068077",
"to_ids": false,
"type": "link",
"uuid": "53e13c68-a552-4c6d-ac14-1b43c7ca2e1b",
"value": "https://www.virustotal.com/gui/url/01230a4cfe6238655e83d3185a7837282020336d2a35f58c664f094cfdf8fd55"
},
{
"category": "Other",
"comment": "e07a5ab133d0e22fbb0a434653bf50a851031001: Enriched via the virustotal module",
"deleted": false,
"disable_correlation": true,
"object_relation": "detection-ratio",
"timestamp": "1654068077",
"to_ids": false,
"type": "text",
"uuid": "894db7ab-ff00-43ce-a09c-2af414ebd6a2",
"value": "10/94"
}
]
},
{
"comment": "e07a5ab133d0e22fbb0a434653bf50a851031001: Enriched via the virustotal module",
"deleted": false,
"description": "url object describes an url along with its normalized field (like extracted using faup parsing library) and its metadata.",
"meta-category": "network",
"name": "url",
"template_uuid": "60efb77b-40b5-4c46-871b-ed1ed999fce5",
"template_version": "9",
"timestamp": "1654068077",
"uuid": "3e847331-3f8d-4bb4-9196-5454be6c274b",
"Attribute": [
{
"category": "Network activity",
"comment": "e07a5ab133d0e22fbb0a434653bf50a851031001: Enriched via the virustotal module",
"deleted": false,
"disable_correlation": false,
"object_relation": "url",
"timestamp": "1654068077",
"to_ids": true,
"type": "url",
"uuid": "d7342537-0d4e-4150-8afe-49ed00777262",
"value": "http://coolrat.xyz/Client.exe"
}
]
},
{
"comment": "e07a5ab133d0e22fbb0a434653bf50a851031001: Enriched via the virustotal module",
"deleted": false,
"description": "VirusTotal report",
"meta-category": "misc",
"name": "virustotal-report",
"template_uuid": "d7dd0154-e04f-4c34-a2fb-79f3a3a52aa4",
"template_version": "4",
"timestamp": "1654068077",
"uuid": "03018ef9-6f30-4e0b-b7ec-315e4f471929",
"Attribute": [
{
"category": "External analysis",
"comment": "e07a5ab133d0e22fbb0a434653bf50a851031001: Enriched via the virustotal module",
"deleted": false,
"disable_correlation": true,
"object_relation": "permalink",
"timestamp": "1654068077",
"to_ids": false,
"type": "link",
"uuid": "8678c2a5-54a0-4fa3-a6ce-05aa133f7247",
"value": "https://www.virustotal.com/gui/ip_address/20.62.24.77"
},
{
"category": "Other",
"comment": "e07a5ab133d0e22fbb0a434653bf50a851031001: Enriched via the virustotal module",
"deleted": false,
"disable_correlation": true,
"object_relation": "detection-ratio",
"timestamp": "1654068077",
"to_ids": false,
"type": "text",
"uuid": "48a0da86-7e46-403b-893a-959bdd2a580d",
"value": "0/91"
}
]
},
{
"comment": "e07a5ab133d0e22fbb0a434653bf50a851031001: Enriched via the virustotal module",
"deleted": false,
"description": "A domain/hostname and IP address seen as a tuple in a specific time frame.",
"meta-category": "network",
"name": "domain-ip",
"template_uuid": "43b3b146-77eb-4931-b4cc-b66c60f28734",
"template_version": "10",
"timestamp": "1654068125",
"uuid": "70b7a5e1-3b48-4f49-ad9f-1a60606e5020",
"Attribute": [
{
"category": "Network activity",
"comment": "e07a5ab133d0e22fbb0a434653bf50a851031001: Enriched via the virustotal module",
"deleted": false,
"disable_correlation": false,
"object_relation": "ip",
"timestamp": "1654068125",
"to_ids": false,
"type": "ip-dst",
"uuid": "4646e8b5-325c-49f9-b7f3-787341b30184",
"value": "20.62.24.77"
}
]
},
{
"comment": "",
"deleted": false,
"description": "A domain/hostname and IP address seen as a tuple in a specific time frame.",
"meta-category": "network",
"name": "domain-ip",
"template_uuid": "43b3b146-77eb-4931-b4cc-b66c60f28734",
"template_version": "10",
"timestamp": "1654068677",
"uuid": "3f1d303a-8c58-42cd-899e-2c722f79d97d",
"Attribute": [
{
"category": "Network activity",
"comment": "",
"deleted": false,
"disable_correlation": false,
"object_relation": "domain",
"timestamp": "1654068677",
"to_ids": true,
"type": "domain",
"uuid": "c3f38d44-9205-4195-baef-24fd3b8d083b",
"value": "coolrat.xyz"
}
]
},
{
"comment": "",
"deleted": false,
"description": "File object describing a file with meta-information",
"meta-category": "file",
"name": "file",
"template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215",
"template_version": "20",
"timestamp": "1654068756",
"uuid": "7d7e3ed7-667f-4adf-8f35-e5ede8dd8924",
"Attribute": [
{
"category": "Payload delivery",
"comment": "",
"deleted": false,
"disable_correlation": true,
"object_relation": "filename",
"timestamp": "1654068756",
"to_ids": true,
"type": "filename",
"uuid": "d4355f5d-cdd1-416f-ad00-260cd4435a61",
"value": "fc6a9b001b8b07437b221d70343259d51a6ec580c625be1648e3f6acf09146fc"
},
{
"category": "Other",
"comment": "",
"deleted": false,
"disable_correlation": true,
"object_relation": "size-in-bytes",
"timestamp": "1654068756",
"to_ids": false,
"type": "size-in-bytes",
"uuid": "31db6ad5-da85-4ce6-bf85-bcccb2783f29",
"value": "15218"
},
{
"category": "Other",
"comment": "",
"deleted": false,
"disable_correlation": true,
"object_relation": "entropy",
"timestamp": "1654068756",
"to_ids": false,
"type": "float",
"uuid": "80ccc142-8095-4047-8509-e70ea97340c0",
"value": "7.2521670427369"
},
{
"category": "Payload delivery",
"comment": "",
"deleted": false,
"disable_correlation": false,
"object_relation": "md5",
"timestamp": "1654068756",
"to_ids": true,
"type": "md5",
"uuid": "8a176332-a12c-4b9b-bd51-cb556bb85dbd",
"value": "14aff46aaffbad783974ba819dba6e41"
},
{
"category": "Payload delivery",
"comment": "",
"deleted": false,
"disable_correlation": false,
"object_relation": "sha1",
"timestamp": "1654068756",
"to_ids": true,
"type": "sha1",
"uuid": "1d9e765f-9664-4523-9a2e-9aa0c7991bdc",
"value": "56951a72b332163d916046dd9c38e402f0ccd470"
},
{
"category": "Payload delivery",
"comment": "",
"deleted": false,
"disable_correlation": false,
"object_relation": "sha256",
"timestamp": "1654068756",
"to_ids": true,
"type": "sha256",
"uuid": "f233e438-384a-4e9e-b836-3ff4fb711f1f",
"value": "fc6a9b001b8b07437b221d70343259d51a6ec580c625be1648e3f6acf09146fc"
},
{
"category": "Payload delivery",
"comment": "",
"deleted": false,
"disable_correlation": false,
"object_relation": "sha512",
"timestamp": "1654068756",
"to_ids": true,
"type": "sha512",
"uuid": "d300ff8c-6d31-400f-b326-032fd0ceda92",
"value": "09edc30dbd5b21890ede1cfc7884a89a926635fcd11a4bda1a4823c3b26dc007d64506cbf8519f7cfdf49fdbaf801d88c95a77c01bf90b486992bb7051281cf0"
},
{
"category": "Payload delivery",
"comment": "",
"data": "UEsDBBQACQAIABI8wVT8K67GMCsAAHI7AAAgABwAMTRhZmY0NmFhZmZiYWQ3ODM5NzRiYTgxOWRiYTZlNDFVVAkAAxQWl2IUFpdidXgLAAEEIQAAAAQhAAAAvr78b/a7vz07jvd6NaQfuYkll0aF9PqgJ3NFgGzoos3TkSF8ItgusEDofB+VwfRBkzKxPSntLOYwIh7YFmR34ONhwn2sey6xd8RbDB25ycmIyV1CVNkWHw/2OGFdo0qNLKcHNc6GUj8jtyITlt2aEgYFogFW1pdpTWMQJ8nbyIJ2/sUx/L5j2G3CfreMCMfdnNqn7fPQvZWHFZAfU1QrczYKgGImVBo3ZA7hlRNRp40EQCHQvFyozy6/LYKtdhLe2RfUCAAEug0Avjj5Qc+JoC4oLd7aN5yLsaxwFhwoasRc32vf1YGY5xyIZcYLGLpd41nm4TmyO8EgmRhOvygsmwq9SrJE2EnYsw6gLL9OWRv745KXmukDCzLW0MH7VlfhIgflOSuIZoA8SEecqdhGP+5GGZmHH5bpbl6/Y4IjmCUelyFSc6zblRr81GNXoWxz3umUdNNmx/RIMC06kVu7P6G3BcakjzvUDH5FpdCvbQ4V6VZcaSNRcP1Nkzlw4MmhlHpN7Hr+djEVXTEATF9w9lLCeeZfpVtfmLlilNhjltKVvqSWborJQ8+9/MGPeL0USOk2PDigdVrhgj7cR6A8bc3XDfOrvfsGApz+f+qUVIz5das0Raz9jme2roc9V0hBXzdp1Cb5gsVEU/h0J+N3N9bj+Cz8upqhuVqmB+MfFOrqG8lQ1lgdCieNOnY6/L9M9yCVMCX1MxUOMp2EU5BcjyxTwgbLsgJqBHh7qtfieRmDoNhh2uyDciRfSGsIpJ92b5hf5pFKcXxL1lpbdg7W7Rb08WOCgktWPbLoxT2CAuNN92BGR2eIwZDjPU9D4Y7ptLr5WiTJNIBmH44NVUr3RK33AOSINjSXV3Pi/VIuyha34RL9+pRrjH0sc52hO8sUWFdQmWPxLE/Jem7u2TC5yB5dm9OAD2y2AL9HW/ks76yYes/f4PkacWy8POROke21Umu4jy0x07bVgqKCA8iriIcNseZe3dN5Q3EFt+qZvz280YKWqOS9LWTVgcOgdcoyhO/xxdVHoWhLTs4ilejcm7YOttc06VMtKxCZyQ1aVcVBG2CLlae6WWNxNqrv8ljZQdsQDHNVEfLNFqjhgCbm+cfXOKGkmc1gL+qg7e2RRigRPNOlhL2ZXDTmGgMN0TbM7H8cgvrcxcd9rQv9AvEVAC6KlCx/L/mQWHAaLD8cAKt1Oc+mcatpUseVP+kl7U9VKLaNg/vdiosLt3MwfzcFDSvbZXt4jf8QABp3sT8v2DOS2mEVPd1NIBKTKlGdK0e9Of+ifD8P2RsSA/ossOC+JDOasmz1r2rIZ5WV8cI0lE/I5lQc6hW1gnWKbweW9mKWg1LwkjgPLbxADBo9UwnB2UV2Y2QLgjzCmuNhBP/JaBvUggAZ08Qf9WolqQiR7PS63sWVE26otpo7YOx2xMinBGtOuZ/31qao77zB250P2EasItuZSisA5Gf3RJY1Et33WvkBHyHPChtUJSy30KmpJs7ADwjvHNIGndaM2/rbnX47t62mDzsOYx1bUvn5Ey3z/IgbcwtE/CRM1upY9YEovW5ajxooPeZgQHX6Qmf7K1lWkNDPxdTrVtMEGQsWFRkSyIZR7QzIPh/pW8299oO9P/16ETQYkeGjksz9sVB1e7LIrhvkpAlF0n7lb1iYf2Wn/aJWm51vxUVtmftZrYlaeKYt2tM826Rqv1bs8NmTK54MIZaXZL1N02fpwhq3GNXGmlknwd141+NI/NAbox1CkfbDV2axs9S8BB+xxV2KZ5EIMt0OyRvvM40KJgeA/kiy+y8ECMutcRaTvJ8b8YBoXDyN/Gz+fITrqcjzUUcFBj0jja0dYSyqP371z6wkc8praD0cNHKmh4VQ6n/C+XcPhp1CxcGzmGZEUFdQWe6MdoVQGXdZhqHlmf6iY+1D1kKxVoLVLEALK7y0eBxb/0mpL1s0QTJ+0VZRzzLpyK+EWGW63FZcEvqtpjYLW3Nuh0xeKSapD18+fgjxAFye3jBIwNKG+EPFmDPMU5fQ3bvAMHeoDfLbKGK5B2THbLtSlKnqcsHkpibuoUd/J5+MRjaNusNvSG2NOBonnLM8X0H/bTSR3CAOwOoxAo86YIHFQpT0PHW7FbzM8CoiYHsoHqyX3Ev9qGsiGiuMbSooYjuUpgcvvKDs754bXCbA9sg3PM63tgD2nmzGyUPYqCtT89u9NJ6fQBgPlH+7jxSh0mmj+Um4CtiRsEZ72ts1KSpmAAgfe2Un7qs+jUqr1pfdy/zHYDqFJNQjYiS8K+lEN5hjDeupl7lEKPe++Nc3tkDQ531xFbX6KFHAL63CR/y1MNqwG0CI01e2qwNYEbSCORdoPQpfkpiiaQxzGTECQBwtSOW8SlVl/4wH09ac27k5mU0qDb5YBrn/qEClmUT7ZC9YLpsZSFURcS8sJs+pMRoZPIjRwOjSu3yputQp7+BaJmUi/rCpbZItHyfoP2Dchh0sKesT5vElI2+OFStl/6OaodtNbrx7C6qWbHIIwc/xqWvaKZIVkzWfLqeP9fV4x2hIWuATpkE9ls7K0m5AADXISKbRDLGHz1jBFqY7Y1NI7enacbkXHI/mQZluZQwOamx3DV7g5i/VxEyBiLkius869ZAwTKvr6Uk0SNviNPtIqd2SAZGRxJZcV/4egyoZEwEzLhZmkjHR8I1Dsy7Lhs1ydeI/Q8otffsdeEvZiHkdXoWmqqro4MIqS7Cp4waMMYs0sAw5MNblfRacAkAHjU9AKCunRp64rHTxnFxnDTBMQwEWtK0pyeTb8d73Mw/aHe6VQV9NAAMwEJV0nuE5caWhABilb7XHJ7pwgJyOyThfGkJJ+eHrVJZHOCjCgbefx2KIxgd8Bw2Kvg4IDq52rUGJKcL+kmN26XT+qbXT3C7RZomo5CQeIrCLpxt9ZE7WyGsINlxFIOG2Q/Q/3dH8a2zcCgYhIaRz8z7yeo5ME9nQRxF7UW4TrXvbVGUczJ41KGl3nApmv97u+/MGxsRiGvAO1d69kStnoHKFNvHD3cWhu2IrDPh93g2i5PgBCeHtUDQX4slURP0i7nuAJJbXD9iURsmlAanJEy4LBu5z3ShG0MflCQQ7/gJU/1mihgl2Nx2Z3poGzrghUBFySu3ks4bXcY/4eg2ksFvsqiq+ET/SxnGVW9ZLhL2Q1KZmXHQ/uVFfqP5eI44ic8yjdw5vEWWkKx8kvoThWiZzgpOOOQV7l6rTfbQEXq9LKqBXbgXhdz3gyEbEDDEUwb4lvsYfdkhF4qrwxe6KxhMMNp/9I1DbhsUptk2p3j5Q0nJ/LgWIsSDZMlmdYvSE7vm11jTRvGZNHW1ZidzLWtFNwVuPgjtmdZ8Xca40GWEZQOt0qGNFdJeeTJdfUngazro/P2nEu9HblAazU4bb2/ofzv+NJNIVeYzmPDH3wB1GsKDYbvp0Hg33qUOoXddMm9IZ4lKTh7K8oSblOwxV0oC0H2aZipMenXcYPQfw1ZVmSjjMe1psgbpYstaElqpnyz5L4BG1rz90q5cBJtRpnxj+iWR1UN4lZYZwlS5omndBKabsAsr4JqRuemiCfU7XcauTpugtyCzUxB43Ibg8FaDbmAig0OF8uM4bs7k5B0Wn6XoOuf2NE9aaopSYyKLNFeiqDgw6HdZm07nBVY9lAkdrT4haywLClRwrHpKa6ANioahtEDn567qSyZl0T+h/LKn9naL2u5bElpBeAzL0IHt0DfXKXutDxEQOtFrhdER3Wzw1yX75cnUONrmTWvrU+GeYTehvA6FDv4w/wXhvU2WubjAnh9qkZwDEFkv2fxFWV8L7xPbYLi2AEg3K1aTxS1z1zh0eXWZgE6+6UESD1uB+NaFADBshErneGFYxl7CgRjqYhHLYGMstCHPjSnQRToDKnrYq86VMd+tKbPB/Tw3JqRTaPuiNX7ovaeZyjVnXvZTauTDCg6FMo5P4CkT/S0
"deleted": false,
"disable_correlation": false,
"object_relation": "malware-sample",
"timestamp": "1654068756",
"to_ids": true,
"type": "malware-sample",
"uuid": "e1d6a081-454d-4897-b453-b7213fc3785e",
"value": "fc6a9b001b8b07437b221d70343259d51a6ec580c625be1648e3f6acf09146fc|14aff46aaffbad783974ba819dba6e41"
},
{
"category": "Artifacts dropped",
"comment": "",
"deleted": false,
"disable_correlation": true,
"object_relation": "mimetype",
"timestamp": "1654068756",
"to_ids": false,
"type": "mime-type",
"uuid": "6b38eb78-c4ca-4a3d-95fe-78d9afbabfe6",
"value": "Microsoft Word 2007+"
},
{
"category": "Payload delivery",
"comment": "",
"deleted": false,
"disable_correlation": false,
"object_relation": "ssdeep",
"timestamp": "1654068756",
"to_ids": true,
"type": "ssdeep",
"uuid": "9f01d962-4451-42bc-87f9-50bab1d2d79b",
"value": "192:om8jmiDKgJrYd6aZzAY+ptQoMMMMMMMMMMMMMMMMMMMMMMMo0BM0lkbt3YBMgupR:H89D/VS3+Pf4PKb8wy+C1S3hcXSbX"
}
]
}
chg: [feed] added
2023-04-21 13:25:09 +00:00
]
chg: [gen] updated
2023-12-14 14:30:15 +00:00
}
chg: [feed] added
2023-04-21 13:25:09 +00:00
}
Reference in a new issue Copy permalink