misp-circl-feed/feeds/circl/misp/5cffb200-f430-44b2-83a2-c922950d210f.json

812 lines
120 KiB
JSON
Raw Normal View History

2023-04-21 13:25:09 +00:00
{
"Event": {
"analysis": "0",
"date": "2019-06-11",
"extends_uuid": "",
"info": "Dharma Ransomware sample",
"publish_timestamp": "1560264111",
"published": true,
"threat_level_id": "3",
"timestamp": "1560263911",
"uuid": "5cffb200-f430-44b2-83a2-c922950d210f",
"Orgc": {
"name": "CIRCL",
"uuid": "55f6ea5e-2c60-40e5-964f-47a8950d210f"
},
"Tag": [
{
"colour": "#004646",
"name": "type:OSINT"
},
{
"colour": "#0071c3",
"name": "osint:lifetime=\"perpetual\""
},
{
"colour": "#0087e8",
"name": "osint:certainty=\"50\""
},
{
"colour": "#ffffff",
"name": "tlp:white"
},
{
"colour": "#0088cc",
"name": "misp-galaxy:ransomware=\"Dharma Ransomware\""
},
{
"colour": "#0088cc",
"name": "misp-galaxy:ransomware=\"Virus-Encoder\""
}
],
"Attribute": [
{
"category": "External analysis",
"comment": "",
"deleted": false,
"disable_correlation": false,
"timestamp": "1560261252",
"to_ids": false,
"type": "link",
"uuid": "5cffb284-faf4-4802-b6b8-7f1e950d210f",
"value": "https://www.virustotal.com/gui/file/bb966a50449436af561df9fb818217ff2c72ef3eea5b2f52646e3befe7d20b54/detection"
},
{
"category": "Artifacts dropped",
"comment": "",
"deleted": false,
"disable_correlation": false,
"timestamp": "1560261560",
"to_ids": true,
"type": "mutex",
"uuid": "5cffb3b8-af68-4c12-a266-7303950d210f",
"value": "Global\\syncronize_K8DWMVA"
},
{
"category": "Artifacts dropped",
"comment": "",
"deleted": false,
"disable_correlation": false,
"timestamp": "1560261693",
"to_ids": true,
"type": "mutex",
"uuid": "5cffb43d-af50-4598-b611-72f8950d210f",
"value": "Global\\syncronize_K8DWMVU"
},
{
"category": "Artifacts dropped",
"comment": "",
"deleted": false,
"disable_correlation": false,
"timestamp": "1560261844",
"to_ids": true,
"type": "filename",
"uuid": "5cffb4d4-65a4-461f-9138-c804950d210f",
"value": "%WINDIR%\\system32\\996E.exe"
},
{
"category": "Artifacts dropped",
"comment": "",
"deleted": false,
"disable_correlation": false,
"timestamp": "1560261844",
"to_ids": true,
"type": "filename",
"uuid": "5cffb4d4-20b8-43f0-b3e4-c804950d210f",
"value": "%USERPROFILE%\\\u00e3\u20ac\u0152\u00e5\u00bc\u20ac\u00e5\u00a7\u2039\u00e3\u20ac\u008d\u00e8\u008f\u0153\u00e5\u008d\u2022\\\u00e7\u00a8\u2039\u00e5\u00ba\u008f\\\u00e5\u0090\u00af\u00e5\u0160\u00a8\\996E.exe"
},
{
"category": "Artifacts dropped",
"comment": "",
"deleted": false,
"disable_correlation": false,
"timestamp": "1560261844",
"to_ids": true,
"type": "filename",
"uuid": "5cffb4d4-9518-4a8e-babf-c804950d210f",
"value": "%ALLUSERSPROFILE%\\\u00e3\u20ac\u0152\u00e5\u00bc\u20ac\u00e5\u00a7\u2039\u00e3\u20ac\u008d\u00e8\u008f\u0153\u00e5\u008d\u2022\\\u00e7\u00a8\u2039\u00e5\u00ba\u008f\\\u00e5\u0090\u00af\u00e5\u0160\u00a8\\996E.exe"
},
{
"category": "External analysis",
"comment": "",
"deleted": false,
"disable_correlation": false,
"timestamp": "1560261930",
"to_ids": false,
"type": "link",
"uuid": "5cffb52a-0430-44a6-85ec-c7e9950d210f",
"value": "https://www.hybrid-analysis.com/sample/bb966a50449436af561df9fb818217ff2c72ef3eea5b2f52646e3befe7d20b54"
}
],
"Object": [
{
"comment": "",
"deleted": false,
"description": "File object describing a file with meta-information",
"meta-category": "file",
"name": "file",
"template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215",
"template_version": "17",
"timestamp": "1560261210",
"uuid": "5cffb25a-bbdc-467c-9fae-c805950d210f",
"Attribute": [
{
"category": "Payload delivery",
"comment": "",
"data": "UEsDBBQACQAIAK9uy07xj8AUvxIBAAByAQAgABwAY2RlNzViNGM1OTY4MmIxMDg4YWMwOWFmZmE4YTlkMzJVVAkAA1qy/1xasv9cdXgLAAEEIQAAAAQhAAAAuIUu446zoMDd50yYZ0imffCeTrfi97OYaeOhkxNUkJmXmAAQe+V0XT+thz55hpNK59Nsv1xMjl9XRz/O+qtAvFHBLzHokkkXlg5AmaK8sWywYb/sEuGn0jZEQ1c7CGSuReHyeOQjocexmbIxTFZx8fL/nJ6MZe9BY7ysCFeJOPqhPsoLILMJcwbKrjd+akh8CR3j9jd59dVbHVKhfG1xbmeuXPGM3Q5DWBwPXGA7Bq1EZTRsYQGEYbmCKIXK27k9ApRwl5HThXAfhU5wUmOb+r5gmMnqbBlDgHmqKweviwmnj6Hw22Glm7rF1uwurB4mOJK745y5WtLWYimy6OxEZhaa7QE/d6RqJ/7jnLgXyGk3YymP96vy5+j3xNoSoQnRwMJ4aWHUN9m3QZv/KYuDzfy75g5ArUKjC0nvQ7IwRF5R/4rnXa/3eAjqXlfNrEJ5Vzmxt3NKLhGBqF8eP6ZoK6gbGaXpGjmMyI+xpNjx9hkCTCiPNQN7FDhkzRspZuuHhsEoGEWY8uV40mQwDMSzhLxKdWorCv3qxHEYOqO8GYP3bxbBolrXKOlJLDK2mxwKXdeOfshWIcHhrLXlMDa91LvDdIpNN7rIngMDP5WcZQy3kfqohkHfNjBCnU4l/cz26N7e60uCJK+1HRC3yg3sUHLVaeZvc4HLIgpS5BTcQTh394qdfIGFAmxBEQTg0+6SzkP9eIJ/PkMEkssorex4rj/Kabzmd35LMp9mje6FPD7VB3nasf4ljq+RUsm+g3ji4i91vFfxNnP302dTk8t0dY7Hr7fG1iYjSM/yy5be2jS4j0WryYR3CYGBUygbTj8/bxjkOCJrJw83tt2xzsowyGUmtZq91LmrvlsSyqIbb5Yn3weTj9XobN/BPYYGQ6ptUVmayEG0ZwFSYznJfhAmiuWxTzstZ9YAR1pQPaJTr1BGABrajfL0r6hBPz2ed2/pQ01z9RNG2CN6q/Yxpvhpma9uDr+5BRNEVCmUwdi9Nf9XDxfS8Vuj+nZ/meYC1ePbc5X78v/26Aaav5PSAtQLCdj0WbrhM+HL9YU0hwrAItm9sMGRcQ9HOrAEW6MfZBfLPdavB+N8O77i4+yXJ1E6oVdjENQuFgjvbXeSFTxybpJ6tHASKP+J3F4wSZUwTaGmfbjB+OuKBr7tQTorIFem25erFk4It80MM3e2aeAF0xJTkGpbNX/5o0Lkv4sa7NRoNh9wILNWj1Yby6JHdT7h8p8R4jx/QlKDdXcMg8yqZRczxxZBT1Eys+dPcQMIuNDJCsL1epoZRyw2BWL6JIoM+ljNhTPT27aPprZxf3nd7FNgpOUbwlsCCsGTmeHLH6KQZ00VYc5b8tYrSwZVin+lgCjrQ/PqP9jTrGyaOLrfRgmG8qOKZKmm++AJtNP9t1OemuNXJnt/W4V5jGCO0YNWl6Gd1ypsbvBvhYhwYICILn3yt+epfRPtqG9tiUNjAz5cMa3vjngqM6BxFWRFTUNiwQyLTqwACxarQJLMIvJ70MhkJztDYYiSLPe+aooDwWUP52dSWWgSMvjBxEEHJnbpUSIv+rnqJNf4GNrJCsQMSRWn6YulYvL5SnVDhfAM0XfrXmjPPK4SC8Q6zK9BJD8pEKnkc3qWQFCi5sOqie9aa3lj1e9Dwuvqw2RbmLCKZw0VHa9gtsUUdpjOdxNDtY0V1+N32lxf45Jx/NhIJiSVAP4YQutLuGeKEH1kFf8beYCKmBrIceLEok9Snbu5Hjav0Z9I0S1Kv44m2+8RhvECBaaZ9+ia/kSzTCSwdZfP49jDqcKaKfmWOhf/K/otiCNkOmYRp4445jJ6RssvUjZtsli6B0KQOQq0o5MQaYMfih1CWixQLmsC+LZAiOFAM+UUJtJE0LjcYrrE8WpxMCrRLXywuhhvRfEMuTEdwtUkgJccs2wUxfzZqhnKyadDFFc1LN6A89OgEQC69seWaUNEmlT42jy0oMPJxGZD9eaOmqs+lCuefhZ3x66Kf9GvOJoBsRPeKAMQNaXzx+JPGAW+MmFoeAhmfYQKQ5MrxAW6FXQtrHAp4xLWlAODbn1aOfpLAMczO5nNoh6OpFTHYho5U5HTcaYc1UipcamNnNLiNX4SGatB0GI0YQ5fhP2W/unnX3Hac/AFSTNEaoyjxRuWphUIYgOqnkh8K3DhDovxaPvw964EbR/agso5mA16UrOdHbkWzEPM7hZD1p+48LsEaTWOMOoyI/ete9cYBTOchQe4ZnpC3O59QTynlKZoAHi0fmqOC329/O+inWERDTsjjS38RNZDE38tyhT2yNqktCfQkSDvRm3YQvbnoqGKfll63OUshEh4YF4gRWtKDCAFRsoh5LLbjqkaaOiF7j3+/qKnoLkEsh+nD1Q1QYbWUwbC+K/Qz/V/737Ezx50AeYfDc3nIqRZHJ9AUxZJ4AngqMDSB3H2xFSB4zF85oUR70MfPYmAzCvbZ5B1z8KiZl/oyTAcz3RvNZOTNPXY5fGXH4UcD9rH26lxtbpVq7kcaG1FNEhB+/2lDSB089Te67P0mt9Ad1nILmqetu7tyC9QRRYCp+rfqK8CVBdOkZXTe1fYzFSwOyh19gXV4mpXjb1zug3c0OhGAJdiY2D8dYJat/0slKXW1/oE1zA/9y2JkGQu+RxW35JrI2tSbkms9/7daxiUTmz5C93smsr04acpyRk8+/MihVcT/i7gwg+ZtWKK/DHFmpt5mgu9PYYVXr41YDLkzLlaNEOVFvVHO3za9NsPyw1HbjOS9LrtZiQFlcHUtuj/2OtqXm1j4JI1Xm1Fd5DpyiPuQwCsGKaH8Kvm27FAsCqhrFk5LKP38VnngcdJOVC49NRD4luwTDJwuh7wyzib2GiQaKJlyu3hBXoMh+A8ZLMArbfajHAa0y5f+k2XMwzDu55D0ZXZhtvOt2GLK4sucAUeLKks1SRmd079+5v45Lofun/Mvay+ExJeetSovotSfRPP7TSOVn1u7s8i/2rlS+G1v5/TYEhJ730W/BdvPrHNhWLxmFKsug0c77zZBVwvNbBb+5pYAWoIJaRJF3Mi2i41KEsAdgVY8qw/DPtq/jpcGhtwE22B/SdhZ7OBRlAIslnoWj+Mvmd67c911hU5Yx1kcnhBBa/EH35GQEV9B5SIcck5rj28ZTKpi+jhtv/WnqrCJ6UYK6PMTmFyLCYPyljcjgnohE2krNwyv17geKD0QacUEi7AHmMqz6qQH5nK52k6BGGQPlM2msM3ptUTl20492TxyiR7pvbeBKOgDKlCc7WvNRJxobZzEDFIkogBQQmLC9okAKbbnKpchedyXn8vr9QX1FCgj1POxDe/mRwE8NR2mn2Hkc5rcBvW/922RjTV0lHJngUbVy/QNAvfIJZnWl23/IUt7x7NPwzpD8VJ93oK3lr1SpFhE1Z/7ckMCDWfECW9o7+JhJEs3xsE6TJFVoXEPr2gdgRZPvLwH5j7BRZLexc7uoF7xKDYOyL6B5M11S2RRaZPbaQunWima3sEcuXaz/uh3Oz9bkTj7wknQ5frtSr4tfqKRqMzuvJ5cLZqgZiBDbBOH6LUaj7p4Uo8DPJdxTerT2erc4e5Gj+Omtj98aGND+PDpB0u1OdJksyT9KOyL8pJxwVivPAcc63DmWk2FzvboGp3kKh3onFjIh1SX1krTatFiCCgmG3hzPTApjn/8R/jBJ7lUNd+CO6nKmjCEHK3Kq1KupLwVhpJkyayrq61YSyNq4mpvLTk+awgJA8+T5qzfID1XCmB82hZX1TtmRUpd8x/Vq4aqfjitrwzRYT048NxKznmuFfxnXDN1ygMILOqMmmIBbNiWXz4pADs6yXLQneCA3L79khTRYe+14lCk2GHe1ejSsXQ7rIUXuS4o6T0bHAmkvDInnILFnB8nrcC8/C7GCHkfYfw97b3vxhI2OVtaNYzpD85Y0ILctn0SODeBsXbzJt+VQ8X6F
"deleted": false,
"disable_correlation": false,
"object_relation": "malware-sample",
"timestamp": "1560261210",
"to_ids": true,
"type": "malware-sample",
"uuid": "5cffb25a-b918-45c3-9fdc-c805950d210f",
"value": "bb966a50449436af561df9fb818217ff2c72ef3eea5b2f52646e3befe7d20b54.bin|cde75b4c59682b1088ac09affa8a9d32"
},
{
"category": "Payload delivery",
"comment": "",
"deleted": false,
"disable_correlation": false,
"object_relation": "filename",
"timestamp": "1560261211",
"to_ids": false,
"type": "filename",
"uuid": "5cffb25b-84e8-40ed-bbf2-c805950d210f",
"value": "bb966a50449436af561df9fb818217ff2c72ef3eea5b2f52646e3befe7d20b54.bin"
},
{
"category": "Payload delivery",
"comment": "",
"deleted": false,
"disable_correlation": false,
"object_relation": "md5",
"timestamp": "1560261211",
"to_ids": true,
"type": "md5",
"uuid": "5cffb25b-da68-4bae-b4e1-c805950d210f",
"value": "cde75b4c59682b1088ac09affa8a9d32"
},
{
"category": "Payload delivery",
"comment": "",
"deleted": false,
"disable_correlation": false,
"object_relation": "sha1",
"timestamp": "1560261211",
"to_ids": true,
"type": "sha1",
"uuid": "5cffb25b-dc74-462e-94a2-c805950d210f",
"value": "ffcba94f675e61f0b84e41163431fe62e8eba93b"
},
{
"category": "Payload delivery",
"comment": "",
"deleted": false,
"disable_correlation": false,
"object_relation": "sha256",
"timestamp": "1560261211",
"to_ids": true,
"type": "sha256",
"uuid": "5cffb25b-64a0-4411-a7f4-c805950d210f",
"value": "bb966a50449436af561df9fb818217ff2c72ef3eea5b2f52646e3befe7d20b54"
},
{
"category": "Other",
"comment": "",
"deleted": false,
"disable_correlation": true,
"object_relation": "size-in-bytes",
"timestamp": "1560261211",
"to_ids": false,
"type": "size-in-bytes",
"uuid": "5cffb25b-31a8-4346-8d39-c805950d210f",
"value": "94720"
}
]
},
{
"comment": "",
"deleted": false,
"description": "Object describing a section of a Portable Executable",
"meta-category": "file",
"name": "pe-section",
"template_uuid": "198a17d2-a135-4b25-9a32-5aa4e632014a",
"template_version": "2",
"timestamp": "1560262630",
"uuid": "7996b4b6-4218-487c-b44f-b692014499a5",
"Attribute": [
{
"category": "Other",
"comment": "",
"deleted": false,
"disable_correlation": true,
"object_relation": "name",
"timestamp": "1560262631",
"to_ids": false,
"type": "text",
"uuid": "9440dca8-a32e-4ea3-967f-a697cbe84b40",
"value": ".text"
},
{
"category": "Other",
"comment": "",
"deleted": false,
"disable_correlation": true,
"object_relation": "size-in-bytes",
"timestamp": "1560262631",
"to_ids": false,
"type": "size-in-bytes",
"uuid": "6ff23e67-08d6-4c9c-9ae5-3c8e52e16d73",
"value": "40448"
},
{
"category": "Other",
"comment": "",
"deleted": false,
"disable_correlation": true,
"object_relation": "entropy",
"timestamp": "1560262631",
"to_ids": false,
"type": "float",
"uuid": "fb1b5b5d-83c0-4b37-9b74-ee5d3b7e0290",
"value": "5.9960482530521"
},
{
"category": "Payload delivery",
"comment": "",
"deleted": false,
"disable_correlation": false,
"object_relation": "md5",
"timestamp": "1560262631",
"to_ids": true,
"type": "md5",
"uuid": "aa737ffe-ef31-4ab4-8cd7-4c5552c5b16f",
"value": "a089253c3119b6d705e6f8891c3efc7f"
},
{
"category": "Payload delivery",
"comment": "",
"deleted": false,
"disable_correlation": false,
"object_relation": "sha1",
"timestamp": "1560262631",
"to_ids": true,
"type": "sha1",
"uuid": "59e347d8-7b1b-4852-bfe5-7cd6c7562382",
"value": "2d8a3402038ad0dbf58cc87ae1e13c0b88338940"
},
{
"category": "Payload delivery",
"comment": "",
"deleted": false,
"disable_correlation": false,
"object_relation": "sha256",
"timestamp": "1560262631",
"to_ids": true,
"type": "sha256",
"uuid": "ed660fde-8117-42b0-94e3-4be833b2af18",
"value": "cdb6cc8ce78283d4bbab3f1527e681972ec3310dea3d22c11ed461438b463ffc"
},
{
"category": "Payload delivery",
"comment": "",
"deleted": false,
"disable_correlation": false,
"object_relation": "sha512",
"timestamp": "1560262631",
"to_ids": true,
"type": "sha512",
"uuid": "78466251-218c-42f5-8428-d8cb08804ea3",
"value": "cabb1030f9710181d127eb4352e7e1cedbee93b114e60b979a6bf8962e399146de0e759d20f852702be99c9277e5edbcb7936dde6d448c6ba5871d01d17619ea"
},
{
"category": "Payload delivery",
"comment": "",
"deleted": false,
"disable_correlation": false,
"object_relation": "ssdeep",
"timestamp": "1560262631",
"to_ids": true,
"type": "ssdeep",
"uuid": "c96cbe9c-6cd3-4c1d-aaa8-d0bca31f034a",
"value": "768:bBNNi5pl+CVzfqqXHKuAZTAr4I9saBGpwpB7+Evlw1wTg2AyQoRE:bBwl+KXpsqN5vlwWYyhE"
}
]
},
{
"comment": "",
"deleted": false,
"description": "Object describing a section of a Portable Executable",
"meta-category": "file",
"name": "pe-section",
"template_uuid": "198a17d2-a135-4b25-9a32-5aa4e632014a",
"template_version": "2",
"timestamp": "1560262631",
"uuid": "6553476c-da2b-4912-b792-1c1a66a974ac",
"Attribute": [
{
"category": "Other",
"comment": "",
"deleted": false,
"disable_correlation": true,
"object_relation": "name",
"timestamp": "1560262631",
"to_ids": false,
"type": "text",
"uuid": "5005c76c-5e6a-48fc-adc8-eac71e252c03",
"value": ".rdata"
},
{
"category": "Other",
"comment": "",
"deleted": false,
"disable_correlation": true,
"object_relation": "size-in-bytes",
"timestamp": "1560262631",
"to_ids": false,
"type": "size-in-bytes",
"uuid": "f75fc266-c282-4e43-aab1-49e80e286c0b",
"value": "10240"
},
{
"category": "Other",
"comment": "",
"deleted": false,
"disable_correlation": true,
"object_relation": "entropy",
"timestamp": "1560262631",
"to_ids": false,
"type": "float",
"uuid": "9547fbe0-98ef-4978-8c5b-3d81b67c09bb",
"value": "7.934634534506"
},
{
"category": "Payload delivery",
"comment": "",
"deleted": false,
"disable_correlation": false,
"object_relation": "md5",
"timestamp": "1560262631",
"to_ids": true,
"type": "md5",
"uuid": "29f11f89-e436-4ea2-b4f0-a0ff57730a88",
"value": "ec25b0d78eb75da6d2c3442f37e14483"
},
{
"category": "Payload delivery",
"comment": "",
"deleted": false,
"disable_correlation": false,
"object_relation": "sha1",
"timestamp": "1560262631",
"to_ids": true,
"type": "sha1",
"uuid": "deae458d-adbe-4ef9-b170-05690f092908",
"value": "1d13e7c63fcef26e1525cf0e1fe6d1eaddc069af"
},
{
"category": "Payload delivery",
"comment": "",
"deleted": false,
"disable_correlation": false,
"object_relation": "sha256",
"timestamp": "1560262631",
"to_ids": true,
"type": "sha256",
"uuid": "4dc58246-f784-4eae-a8c7-8a54deaa035d",
"value": "409f08d916d46107980530f3ebb777329742c891d12d78dfc7da4d84ae0d7378"
},
{
"category": "Payload delivery",
"comment": "",
"deleted": false,
"disable_correlation": false,
"object_relation": "sha512",
"timestamp": "1560262631",
"to_ids": true,
"type": "sha512",
"uuid": "2ca32899-d9a5-4a30-be46-24cde81b25e0",
"value": "46b388ef10cbe9659a98092806f4b145baead82bd88558376d6c2f8170f209ce1d48d0806fc4dada69ad580db3064b2d5495bf0283c3a2f364a21d4fea474401"
},
{
"category": "Payload delivery",
"comment": "",
"deleted": false,
"disable_correlation": false,
"object_relation": "ssdeep",
"timestamp": "1560262631",
"to_ids": true,
"type": "ssdeep",
"uuid": "b176ca0c-16d2-49d9-b9ba-f46bfb3d3f55",
"value": "192:dcbI+LyvzbIQusOo8Vdpk0rsJUiPKDkBMnRKE9sfb8e:GLe37usOo8Vd6ciPKDkAKBfb8e"
}
]
},
{
"comment": "",
"deleted": false,
"description": "Object describing a section of a Portable Executable",
"meta-category": "file",
"name": "pe-section",
"template_uuid": "198a17d2-a135-4b25-9a32-5aa4e632014a",
"template_version": "2",
"timestamp": "1560262631",
"uuid": "c39231fe-0086-4273-99d8-af059f62726b",
"Attribute": [
{
"category": "Other",
"comment": "",
"deleted": false,
"disable_correlation": true,
"object_relation": "name",
"timestamp": "1560262631",
"to_ids": false,
"type": "text",
"uuid": "d48fd9bf-3e9d-454e-a709-c0ae0066d380",
"value": ".data"
},
{
"category": "Other",
"comment": "",
"deleted": false,
"disable_correlation": true,
"object_relation": "size-in-bytes",
"timestamp": "1560262631",
"to_ids": false,
"type": "size-in-bytes",
"uuid": "11831991-0caa-4ba1-971e-04b99bf703f9",
"value": "43008"
},
{
"category": "Other",
"comment": "",
"deleted": false,
"disable_correlation": true,
"object_relation": "entropy",
"timestamp": "1560262631",
"to_ids": false,
"type": "float",
"uuid": "1947d27e-6d29-444c-b308-9f08f6a18135",
"value": "7.9825769147348"
},
{
"category": "Payload delivery",
"comment": "",
"deleted": false,
"disable_correlation": false,
"object_relation": "md5",
"timestamp": "1560262631",
"to_ids": true,
"type": "md5",
"uuid": "80af7503-9adf-4b9b-82c4-13db7cb504ad",
"value": "0da80d06d2d6dc225daae951b2901c29"
},
{
"category": "Payload delivery",
"comment": "",
"deleted": false,
"disable_correlation": false,
"object_relation": "sha1",
"timestamp": "1560262632",
"to_ids": true,
"type": "sha1",
"uuid": "faea2dce-ce15-45d0-9289-5a7b1bc6c066",
"value": "87c60db200881b7f71ef5a6ab4c90539c7959506"
},
{
"category": "Payload delivery",
"comment": "",
"deleted": false,
"disable_correlation": false,
"object_relation": "sha256",
"timestamp": "1560262632",
"to_ids": true,
"type": "sha256",
"uuid": "782eb604-c782-4064-a0e9-33ca42f225ca",
"value": "859c6c8407b1f60ce3deea11cc41352c3f900aba6b7a808625850336fd39c2be"
},
{
"category": "Payload delivery",
"comment": "",
"deleted": false,
"disable_correlation": false,
"object_relation": "sha512",
"timestamp": "1560262632",
"to_ids": true,
"type": "sha512",
"uuid": "8ea56e36-c3d9-4ecb-8d30-07b36a35f357",
"value": "6019897e209c2ff7921d5053b7432807f20f1165ba322b7026fc9f6f453a2a57ef60e41605f062cfa6c86cd4763b3de4f8e13419351228e742f8e925c0ce9af5"
},
{
"category": "Payload delivery",
"comment": "",
"deleted": false,
"disable_correlation": false,
"object_relation": "ssdeep",
"timestamp": "1560262632",
"to_ids": true,
"type": "ssdeep",
"uuid": "e401c300-5d81-4a8e-9216-c5a0d7ef8351",
"value": "768:rRuy6EAFLZYEl2doxbadck/ZzOAHJx7wHrLtu1CaRw5:FFAFLZYEKox+2yZzOcJwqCsQ"
}
]
},
{
"comment": "",
"deleted": false,
"description": "Object describing a Portable Executable",
"meta-category": "file",
"name": "pe",
"template_uuid": "cf7adecc-d4f0-4e88-9d90-f978ee151a07",
"template_version": "3",
"timestamp": "1560262632",
"uuid": "961d6906-3cf1-4681-baa0-1083e3236558",
"ObjectReference": [
{
"comment": "Section 0 of PE",
"object_uuid": "961d6906-3cf1-4681-baa0-1083e3236558",
"referenced_uuid": "7996b4b6-4218-487c-b44f-b692014499a5",
"relationship_type": "included-in",
"timestamp": "1560262802",
"uuid": "5cffb7e8-af30-4b98-8de6-4a49950d2111"
},
{
"comment": "Section 1 of PE",
"object_uuid": "961d6906-3cf1-4681-baa0-1083e3236558",
"referenced_uuid": "6553476c-da2b-4912-b792-1c1a66a974ac",
"relationship_type": "included-in",
"timestamp": "1560262802",
"uuid": "5cffb7e8-92e8-4459-ac98-42e1950d2111"
},
{
"comment": "Section 2 of PE",
"object_uuid": "961d6906-3cf1-4681-baa0-1083e3236558",
"referenced_uuid": "c39231fe-0086-4273-99d8-af059f62726b",
"relationship_type": "included-in",
"timestamp": "1560262803",
"uuid": "5cffb7e8-4800-41ad-939f-4e8e950d2111"
}
],
"Attribute": [
{
"category": "Other",
"comment": "",
"deleted": false,
"disable_correlation": true,
"object_relation": "type",
"timestamp": "1560262632",
"to_ids": false,
"type": "text",
"uuid": "fb66d454-dc71-406a-89cd-c1e0bcad0548",
"value": "exe"
},
{
"category": "Other",
"comment": "",
"deleted": false,
"disable_correlation": true,
"object_relation": "entrypoint-address",
"timestamp": "1560262632",
"to_ids": false,
"type": "text",
"uuid": "30c64a59-7d95-441b-a123-b6b0304f7253",
"value": "4237776"
},
{
"category": "Other",
"comment": "",
"deleted": false,
"disable_correlation": false,
"object_relation": "compilation-timestamp",
"timestamp": "1560262632",
"to_ids": false,
"type": "datetime",
"uuid": "00aa2e35-c12e-4439-86f6-e4641b2fcc6c",
"value": "2017-03-02T23:49:06"
},
{
"category": "Other",
"comment": "",
"deleted": false,
"disable_correlation": true,
"object_relation": "number-sections",
"timestamp": "1560262632",
"to_ids": false,
"type": "counter",
"uuid": "5ff8891e-8afa-49e3-8011-51632a028aa5",
"value": "3"
}
]
},
{
"comment": "",
"deleted": false,
"description": "File object describing a file with meta-information",
"meta-category": "file",
"name": "file",
"template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215",
"template_version": "11",
"timestamp": "1560262876",
"uuid": "41f3bbc0-3498-4e46-b709-ecf8ab06b7f7",
"ObjectReference": [
{
"comment": "PE indicators",
"object_uuid": "41f3bbc0-3498-4e46-b709-ecf8ab06b7f7",
"referenced_uuid": "961d6906-3cf1-4681-baa0-1083e3236558",
"relationship_type": "included-in",
"timestamp": "1560262803",
"uuid": "5cffb7e9-f9d4-4c2a-8905-41c8950d2111"
},
{
"comment": "",
"object_uuid": "41f3bbc0-3498-4e46-b709-ecf8ab06b7f7",
"referenced_uuid": "1e50392c-b19d-4eed-b377-f9d969518f18",
"relationship_type": "analysed-with",
"timestamp": "1560262876",
"uuid": "5cffb8dc-a020-48b5-892d-421c950d210f"
}
],
"Attribute": [
{
"category": "Payload delivery",
"comment": "",
"deleted": false,
"disable_correlation": true,
"object_relation": "filename",
"timestamp": "1560262632",
"to_ids": true,
"type": "filename",
"uuid": "75f285a9-7c3b-4a7d-a457-011a2592ddd3",
"value": "bb966a50449436af561df9fb818217ff2c72ef3eea5b2f52646e3befe7d20b54.bin"
},
{
"category": "Other",
"comment": "",
"deleted": false,
"disable_correlation": true,
"object_relation": "size-in-bytes",
"timestamp": "1560262632",
"to_ids": false,
"type": "size-in-bytes",
"uuid": "997d12bf-126e-493e-83f6-411d74aacb40",
"value": "94720"
},
{
"category": "Other",
"comment": "",
"deleted": false,
"disable_correlation": true,
"object_relation": "entropy",
"timestamp": "1560262632",
"to_ids": false,
"type": "float",
"uuid": "87b1f78e-d4cc-4e7b-8c0b-351aabd47567",
"value": "7.4429543683099"
},
{
"category": "Payload delivery",
"comment": "",
"deleted": false,
"disable_correlation": false,
"object_relation": "md5",
"timestamp": "1560262632",
"to_ids": true,
"type": "md5",
"uuid": "f1ae75b0-0ee9-4527-a9c8-2a84e56b8878",
"value": "cde75b4c59682b1088ac09affa8a9d32"
},
{
"category": "Payload delivery",
"comment": "",
"deleted": false,
"disable_correlation": false,
"object_relation": "sha1",
"timestamp": "1560262632",
"to_ids": true,
"type": "sha1",
"uuid": "cb51e4d0-a5a8-408a-8df8-f0d74e9fe7c5",
"value": "ffcba94f675e61f0b84e41163431fe62e8eba93b"
},
{
"category": "Payload delivery",
"comment": "",
"deleted": false,
"disable_correlation": false,
"object_relation": "sha256",
"timestamp": "1560262632",
"to_ids": true,
"type": "sha256",
"uuid": "1ca5c048-3ba5-42db-96d4-fa30353fb6f9",
"value": "bb966a50449436af561df9fb818217ff2c72ef3eea5b2f52646e3befe7d20b54"
},
{
"category": "Payload delivery",
"comment": "",
"deleted": false,
"disable_correlation": false,
"object_relation": "sha512",
"timestamp": "1560262632",
"to_ids": true,
"type": "sha512",
"uuid": "6b11e47b-4251-4229-9df0-173874cc98d0",
"value": "6e1d6b8683205cb6e4334183d92ae746c33400dcd1eedd763109b2246513cd7b03f49fe6c607686286d38817e2d23d694eb8f6ad551fcce58311079a76b3c4ae"
},
{
"category": "Artifacts dropped",
"comment": "",
"deleted": false,
"disable_correlation": true,
"object_relation": "mimetype",
"timestamp": "1560262632",
"to_ids": false,
"type": "mime-type",
"uuid": "a1bb8df4-d42f-4a5b-be41-58a6682ab0f1",
"value": "PE32 executable (GUI) Intel 80386, for MS Windows"
},
{
"category": "Payload delivery",
"comment": "",
"deleted": false,
"disable_correlation": false,
"object_relation": "ssdeep",
"timestamp": "1560262632",
"to_ids": true,
"type": "ssdeep",
"uuid": "9dd12c06-d947-4f78-a12d-d5047cd68a38",
"value": "1536:mBwl+KXpsqN5vlwWYyhY9S4AaFAFLZYEKox+2yZzOcJwqCsQ:Qw+asqN5aW/hL0FABKa6S"
}
]
},
{
"comment": "",
"deleted": false,
"description": "VirusTotal report",
"meta-category": "misc",
"name": "virustotal-report",
"template_uuid": "d7dd0154-e04f-4c34-a2fb-79f3a3a52aa4",
"template_version": "2",
"timestamp": "1560262876",
"uuid": "1e50392c-b19d-4eed-b377-f9d969518f18",
"Attribute": [
{
"category": "Other",
"comment": "",
"deleted": false,
"disable_correlation": false,
"object_relation": "last-submission",
"timestamp": "1560262632",
"to_ids": false,
"type": "datetime",
"uuid": "0a544a91-ac88-45c7-b030-a0405cfcb72c",
"value": "2019-02-02T18:08:36"
},
{
"category": "Payload delivery",
"comment": "",
"deleted": false,
"disable_correlation": false,
"object_relation": "permalink",
"timestamp": "1560262632",
"to_ids": false,
"type": "link",
"uuid": "70f70408-602e-4f78-8918-d0e24a4d06cf",
"value": "https://www.virustotal.com/file/bb966a50449436af561df9fb818217ff2c72ef3eea5b2f52646e3befe7d20b54/analysis/1549130916/"
},
{
"category": "Payload delivery",
"comment": "",
"deleted": false,
"disable_correlation": true,
"object_relation": "detection-ratio",
"timestamp": "1560262632",
"to_ids": false,
"type": "text",
"uuid": "aeab3071-f51a-4f34-8f4d-96ca079c2125",
"value": "59/69"
}
]
}
]
}
}