307 lines
2.5 MiB
JSON
307 lines
2.5 MiB
JSON
|
{
|
||
|
"Event": {
|
||
|
"analysis": "2",
|
||
|
"date": "2020-01-20",
|
||
|
"extends_uuid": "",
|
||
|
"info": "XMRig and OPSEC Fail",
|
||
|
"publish_timestamp": "1580456249",
|
||
|
"published": true,
|
||
|
"threat_level_id": "3",
|
||
|
"timestamp": "1580456204",
|
||
|
"uuid": "5e263cf3-b1f8-4393-ad21-42a3950d210f",
|
||
|
"Orgc": {
|
||
|
"name": "wilbursecurity.com",
|
||
|
"uuid": "5e16d2bc-5c68-4ef1-bc80-47f5950d210f"
|
||
|
},
|
||
|
"Tag": [
|
||
|
{
|
||
|
"colour": "#a0a300",
|
||
|
"name": "dnc:malware-type=\"CoinMiner\""
|
||
|
},
|
||
|
{
|
||
|
"colour": "#ffffff",
|
||
|
"name": "tlp:white"
|
||
|
}
|
||
|
],
|
||
|
"Attribute": [
|
||
|
{
|
||
|
"category": "Payload delivery",
|
||
|
"comment": "",
|
||
|
"deleted": false,
|
||
|
"disable_correlation": false,
|
||
|
"timestamp": "1579564422",
|
||
|
"to_ids": true,
|
||
|
"type": "ip-src",
|
||
|
"uuid": "5e263d86-9a94-4774-a2a8-e44d950d210f",
|
||
|
"value": "178.131.149.179"
|
||
|
},
|
||
|
{
|
||
|
"category": "Payload delivery",
|
||
|
"comment": "mimikatz",
|
||
|
"deleted": false,
|
||
|
"disable_correlation": false,
|
||
|
"timestamp": "1579564422",
|
||
|
"to_ids": true,
|
||
|
"type": "md5",
|
||
|
"uuid": "5e263d86-e684-4c9b-8423-e44d950d210f",
|
||
|
"value": "53a0a94fcd38c422caf334b44638c03d"
|
||
|
},
|
||
|
{
|
||
|
"category": "Payload delivery",
|
||
|
"comment": "mimikatz",
|
||
|
"deleted": false,
|
||
|
"disable_correlation": false,
|
||
|
"timestamp": "1579564422",
|
||
|
"to_ids": true,
|
||
|
"type": "sha1",
|
||
|
"uuid": "5e263d86-2834-4ae7-8a02-e44d950d210f",
|
||
|
"value": "edfc0f18255a9a1974e9a720861d5e99d169bd9f"
|
||
|
},
|
||
|
{
|
||
|
"category": "Payload delivery",
|
||
|
"comment": "mimikatz",
|
||
|
"deleted": false,
|
||
|
"disable_correlation": false,
|
||
|
"timestamp": "1579564422",
|
||
|
"to_ids": true,
|
||
|
"type": "sha256",
|
||
|
"uuid": "5e263d86-9ad4-4ef9-bd3e-e44d950d210f",
|
||
|
"value": "4585b220fd13925aff301e9ac234ea6edbd25848d437d2a107bc0173e6f9a0b9"
|
||
|
},
|
||
|
{
|
||
|
"category": "External analysis",
|
||
|
"comment": "",
|
||
|
"deleted": false,
|
||
|
"disable_correlation": false,
|
||
|
"timestamp": "1579564687",
|
||
|
"to_ids": false,
|
||
|
"type": "link",
|
||
|
"uuid": "5e263e8f-d970-4643-9162-42e9950d210f",
|
||
|
"value": "https://www.wilbursecurity.com/2020/01/xmrig-and-opsec-fail/"
|
||
|
}
|
||
|
],
|
||
|
"Object": [
|
||
|
{
|
||
|
"comment": "",
|
||
|
"deleted": false,
|
||
|
"description": "Registry key object describing a Windows registry key with value and last-modified timestamp",
|
||
|
"meta-category": "file",
|
||
|
"name": "registry-key",
|
||
|
"template_uuid": "8b3228ad-6d82-4fe6-b2ae-05426308f1d5",
|
||
|
"template_version": "4",
|
||
|
"timestamp": "1579564666",
|
||
|
"uuid": "5e263e7a-6a24-47ca-b012-44ea950d210f",
|
||
|
"Attribute": [
|
||
|
{
|
||
|
"category": "Persistence mechanism",
|
||
|
"comment": "",
|
||
|
"deleted": false,
|
||
|
"disable_correlation": false,
|
||
|
"object_relation": "key",
|
||
|
"timestamp": "1579564666",
|
||
|
"to_ids": true,
|
||
|
"type": "regkey",
|
||
|
"uuid": "5e263e7a-00e0-4636-9fba-4704950d210f",
|
||
|
"value": "HKCR\\exefile\\shell\\open\\command"
|
||
|
},
|
||
|
{
|
||
|
"category": "Persistence mechanism",
|
||
|
"comment": "",
|
||
|
"deleted": false,
|
||
|
"disable_correlation": true,
|
||
|
"object_relation": "name",
|
||
|
"timestamp": "1579564666",
|
||
|
"to_ids": false,
|
||
|
"type": "text",
|
||
|
"uuid": "5e263e7a-8180-4396-9415-40e5950d210f",
|
||
|
"value": "(Default)"
|
||
|
},
|
||
|
{
|
||
|
"category": "Persistence mechanism",
|
||
|
"comment": "",
|
||
|
"deleted": false,
|
||
|
"disable_correlation": false,
|
||
|
"object_relation": "data",
|
||
|
"timestamp": "1579564666",
|
||
|
"to_ids": false,
|
||
|
"type": "text",
|
||
|
"uuid": "5e263e7a-1024-4b76-b314-41ea950d210f",
|
||
|
"value": "%WINDIR%\\svchost.com \"%%1\" %%*"
|
||
|
}
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"comment": "Netshta",
|
||
|
"deleted": false,
|
||
|
"description": "File object describing a file with meta-information",
|
||
|
"meta-category": "file",
|
||
|
"name": "file",
|
||
|
"template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215",
|
||
|
"template_version": "18",
|
||
|
"timestamp": "1579564794",
|
||
|
"uuid": "5e263efa-11e4-4f2b-911d-4ea6950d210f",
|
||
|
"Attribute": [
|
||
|
{
|
||
|
"category": "Artifacts dropped",
|
||
|
"comment": "",
|
||
|
"data": "UEsDBBQACQAIAHu/NFBLJFOGOVkAAACiAAAgABwAODMwNzc3OGVhMTY4M2JiYjAwZWVjYjZmNzYxMzE0ZTJVVAkAA/o+Jl76PiZedXgLAAEEIQAAAAQhAAAA2vNE0c/9NeDqARzntwuR1RcXfd0BtP/YjMyBz89YBJ/OwXtQz9oQ5ZqMK6icVZ/WmfKsFIUQVvtFsmp+l1UzdDe/aGSNEHW8zxhcPS4MKjS+ue/sQrzx802fPzE5pKV38KqOTox39kGCkgBOFTMGjqr9t1WbzXY7umFR1IkQ/5Dvz1J//neKjSTem0wNoCl41ksuq3O/ovDoq/KOD4/hAJ8SsNae9eDYI4nyIPlaaS9Vkx8EyRWwt44BwkLiYa4nhnyOudLi66uCQmzP3eV/P7I0Jrh530dIsigO8KekgBBISpqzGL2SahQNa7nPtFQ+b3kDW4vcoPXMaPy0P7M5IXdnqkYU4sM+70ijWJAPMngvNL2KIz7KpgzarF2jJFzueBfb3VUFmYx9hUBZjN9T8F+diZD5qyiovTtHtXnbHVAPowTqdHvIO/WveNLgQi6AukPXx6ZKwSUFu4lDtuq+cXG7UUFzq3f489BqrO5HUXxvSdeLnQdEvOvpwNk0KCFXllF7wem/55RIFIBsKOECS1rAhib+vopXJNfq19EoKtal7nKUhueW7Jmj9PFpXZoB8ceI26SqWDTedbAEyi4uiv14s9oe7I6kG06n06vWu7HD2MAqf8hdnp3t7mmoaZTxQ9jl7nYpdSWulsDbg8n3EQW098DCRrKSFz/USNTWZ6CsdGD+21/JOoJysEnKiiNk89uwskjDjnZHvj+4uqr8I7FdZtWPd/CtVGC5Xsbt5IUf8cywbEqiAgS0606NYMuZcSRU56sLPWzW2uPoeUBVWwXgNM3BJlXwRB9ZdixRMp8VqFvvyGYnq7onL3jiepcsARiSGydQVTZk5N/7z3Bqiju7gMsWEnylraA3VvzKzFF5YEZT9YgqZwtZZEBPlqKmkxMuhQLrJw18LCLuKCuqpOts2czxGp+ZAb0Grn+edRIOEuY+vfrqM8knI9vf+hNI4rRYMyPtjL56cLCSck4g17d2GJ0a+AM8mD8r7jAMM9e3dIHBcWBdmk7WVLSCNuF9Mm5Spzs+f56YPuHOuLJXmzSImqkErBfA1DtkkZhBh+35lHsuwLaHexJP2LMNyPeDIYuxods+X7Aq4gLMU7h6Aiva8vHeWZI+0YtZ6/1lHkjpGQ6e80P0b3aFLQdFXjt/OKiUywcoqDRSj8rHCb+1AZEJTw3+7scnnFaCfo/nEnUQxBdXvyM7bgZHK8fxyty2S+a/IA+hu/IsMLU5k3H9seRPf2CdJhYJ4BB6aFcEE0QiaDrc+PryjMoLzdb8s35SDmt0LBrbJApuUrLpXdlc5HIfHDkTdJBO+yPsVb5kgM29SrlAuyJrqR6taAQLZQ5pcg94ECQnYa2bgSTlwgtSlE49pltlINV0RasZgJRGQk+Y/fXt2lOKp2XfLkgw5nIeYdouQHq+LBl4fDTMi7Or3YLRM+PMoscnc4w7GZsmkFr2i29+nhx7rv/KuelMfqiITgk8jey2d5DH9/T5+lxJZjibTUp0UNEPUQkI+yuULQ+WSMI78QsMhNjRm4QeEV5WeCS+Qmv0I9pA3p7CGmtvJ+JL804TR/AJXY3cU5Nof0XrxHQA1H135nrvC8YrrSZHKZLYrxhIEUv1At8bPCKnG2yXLAFaUhbxfsfIrUNcefoXZk0vaqGz5WMbMtmGLBJ4VJLViATlWcR5izWtwjE9moVmODahySPuHm3EPfA1I1M7691e607vLuWf3JWDf9P0jSuiZJ/wc2f8ryKd/pHOBrOqkXtF5aQrLzzCkqb9/0iznZe/mQdgP1C9UOu3UPX69vqrfy1MNbqjdP5ECUH21flp3NSJY+1uomVozeRdTQ/qiY20hc5AkOuwvrO9VvSPJ9oxnocpPCHVM07kEzjmTNp5iIWvzeZS3QjsRNqtpDBG7ITAxtO0EwSiFGKjiqQPuldidIQIMyw4lesn99dnZ5vNHnaPV1p5O0mGE3ecspG1ketjZvTnQQjHu/qyJgZsEryGYFbiWyfPWyIDaPfNpGRpPPtx9dC+39A1VwCf1PZ050OHU2XYtN/SY/pnbMQ0t2vSNxF8cpbPNmapmikATxV/vgABEX8mpYmx71MdMYxDP7bMFn4FpKJWa8JX0ElLM7RZT/SQbIzho0A2Oz6dpy7eRDauu0MYe2zdoo8yGCcFrIyLaxsG6rtS2UgLhpxa59m1DEPckVbxiX5IRPH2mYkBUoyyzH7/eeya9VJJ1SP2EpX1kOCjObewDfMqe7cCbCRmA13qjY/pIEN+8M61byVaS7eZ5R56KmgZTh0SX+duw+xrpm5NrqHrnUvDHtY75Ap5cLSRyZU6HHC5hZGvAL2depz/Nh6UyjUgNcmhbr3NN4Jx4afmoMxSHrrssKz9x0kPILXNE5nvbFP4hOHJpm8fe1ZtbvQB99LNXTXXbUB5Thwpcka9TRnxm0Gnn7Nrm7z/ptUWWzyh1Lo6+L00A8g4F4U7sJOrkCmd3D6shovHXZvUMelmniGy/rOJrDjCYs1NoxuIbcPXAkL/9/rsVD/RxR9IGcM1E2WGHdHgxvKPERwePE6TnzLQdY3V+FzPXfx+HRZP1FT4c7No9Aye75s13/IwPIyi3YTCfnQeuiDbdYXvzBQadaep4kmZMWYxG8HAkb7JwE8MPzHSVD20Fr3ZFYsLqyt1Q1kfPm75nmf2Uhz9B9YsVRnrFNi5rrMlojfXXZqBhfhbSyiZxa2PPgkR8plZA3YjKIRKLUvI52OT84eEvAyvjAZ9cvFnWg2nl5u6/fHg/gIQwyOO2jvMptXUkWIWjRfDIcDKwa4kBmjqlAJS14CP9tWwC0v4/LCh89wvuwZb23yJT9A4M2Fb1GApGq03HTQFP0zr0oN4LDa7Hc5hPQ9W6LIAKimCiu2O6rHnJt8YE3GdmU6dpjIaepuZHuCcXB6QNznTvTv0Z/3g+76cHsJuaOuxoZ5d+jD6dpVZYnNSQ7vMGfX1QCLLY9JgqQun+lc+xUrKf/p70tOku8dLbGwPXgToxG+Jjnr0q9szYQYpgD7yo/tulIzopQKuqxET07LvaZUBIuyFQhjWUv9k9DZ6MGVxq1cSSCqHS/bGfrjicA5X0sTrkChm5qpdW9rZ/x3nlV/s+W5SLnk6O0sCSLb9EpnteS3josAt64P0l6KfOJHj80P52oIMXQJLLpe4Za24Q+G4AUkgFy3hfYT9RQk3KALBsIwAkxU8lqjzlkZieylubqpJWF4TTv9yyMYY++7+P8swJpr8wL26FZhHVL0QQLArGcfj+vMTEcfOUB3DK1ZEI0eZiteGmgap/wgwnShmNEGOjhnxfqxzDAayLU+tCnbmhuWCpiXkuMhx+gk82gX47LLHOVuCh4x/QYI9/Rw5OjjOLq6ue3lk/PVnn1JDkYgnd6DEllm+oPUev7yglEyC3HjKmhSk8NAEY+tDj0iTMi6JfLMowGboM62ZHZvYlf6lj8hy0ocr1Ge4LDPpQPHhOIEhe29I2MemMGcluI+lAo9FJR661LztDPLMKRRBaYVxJey2utdWwxbdUO7K6eDKDKQyjFS+mBbhAJNfamZmq4Hwaz3GBNQx8cSMQ9joYjSWbnHWtc+szCejCd70AbC18uI7RBVuWKbFA+QM8JzVT/fHDE81Y01RlGESD/CxFqA/CVWYFevVY9E9UeXhe+a4pvyZRB0q9iEgN6YBo+q+ifcVuRnuDcsnHNjL2V40jDLAZqHYT09VYEmnVoyeVcVMHj/Me7xJHMmTTE8KQBDvKWszx9U38NzXXsFF2ljLrCT2LZfFfbRVSi+DGAnmZDvlIaUZMJcC3Vp0d9slUGVixS9RpPoHs0P3UaMK7+6ZNQBMx2Dcnjg5/yDXtckaIDpmNrijlhvwSoqbBX9OdobinhqKiUPGUv3PAIul/PGz2xuyfaIX2JlF9XBBTHZyn+lRgwm2VqLRdzlyRlNgomhDmgmPPIKlolo+RgcQQT
|
||
|
"deleted": false,
|
||
|
"disable_correlation": false,
|
||
|
"object_relation": "malware-sample",
|
||
|
"timestamp": "1579564800",
|
||
|
"to_ids": true,
|
||
|
"type": "malware-sample",
|
||
|
"uuid": "5e263f00-c008-4aa5-b75d-49b2950d210f",
|
||
|
"value": "svchost.com|8307778ea1683bbb00eecb6f761314e2"
|
||
|
},
|
||
|
{
|
||
|
"category": "Artifacts dropped",
|
||
|
"comment": "",
|
||
|
"deleted": false,
|
||
|
"disable_correlation": false,
|
||
|
"object_relation": "filename",
|
||
|
"timestamp": "1579564806",
|
||
|
"to_ids": false,
|
||
|
"type": "filename",
|
||
|
"uuid": "5e263f06-63bc-4175-8b92-4531950d210f",
|
||
|
"value": "svchost.com"
|
||
|
},
|
||
|
{
|
||
|
"category": "Artifacts dropped",
|
||
|
"comment": "",
|
||
|
"deleted": false,
|
||
|
"disable_correlation": false,
|
||
|
"object_relation": "md5",
|
||
|
"timestamp": "1579564807",
|
||
|
"to_ids": true,
|
||
|
"type": "md5",
|
||
|
"uuid": "5e263f07-3344-408a-b4ef-4d36950d210f",
|
||
|
"value": "8307778ea1683bbb00eecb6f761314e2"
|
||
|
},
|
||
|
{
|
||
|
"category": "Artifacts dropped",
|
||
|
"comment": "",
|
||
|
"deleted": false,
|
||
|
"disable_correlation": false,
|
||
|
"object_relation": "sha1",
|
||
|
"timestamp": "1579564813",
|
||
|
"to_ids": true,
|
||
|
"type": "sha1",
|
||
|
"uuid": "5e263f0d-8a3c-4ccc-a1e5-4f65950d210f",
|
||
|
"value": "108fca5ebe2d0d5adeba289ca83ded2d04b331de"
|
||
|
},
|
||
|
{
|
||
|
"category": "Artifacts dropped",
|
||
|
"comment": "",
|
||
|
"deleted": false,
|
||
|
"disable_correlation": false,
|
||
|
"object_relation": "sha256",
|
||
|
"timestamp": "1579564821",
|
||
|
"to_ids": true,
|
||
|
"type": "sha256",
|
||
|
"uuid": "5e263f15-2290-4d88-9c16-4702950d210f",
|
||
|
"value": "04fe59457894f9154e79eed78f3eefb076e6c6c06a21c25e831cd383b915d5e0"
|
||
|
},
|
||
|
{
|
||
|
"category": "Other",
|
||
|
"comment": "",
|
||
|
"deleted": false,
|
||
|
"disable_correlation": true,
|
||
|
"object_relation": "size-in-bytes",
|
||
|
"timestamp": "1579564827",
|
||
|
"to_ids": false,
|
||
|
"type": "size-in-bytes",
|
||
|
"uuid": "5e263f1b-7aa8-45fe-9864-401b950d210f",
|
||
|
"value": "41472"
|
||
|
}
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"comment": "XMRig",
|
||
|
"deleted": false,
|
||
|
"description": "File object describing a file with meta-information",
|
||
|
"meta-category": "file",
|
||
|
"name": "file",
|
||
|
"template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215",
|
||
|
"template_version": "18",
|
||
|
"timestamp": "1579564884",
|
||
|
"uuid": "5e263f54-c52c-4000-92c7-4270950d210f",
|
||
|
"Attribute": [
|
||
|
{
|
||
|
"category": "Artifacts dropped",
|
||
|
"comment": "",
|
||
|
"data": "UEsDBBQACQAIACwANVDBQKYNTb4dAAB4RQAgABwAMTA5YTRlZDVlZTAwMzc0ZjY0NjQ0MzQ0MDExYjUxNTdVVAkAA1Q/Jl5UPyZedXgLAAEEIQAAAAQhAAAAZfy1/Al7Fi+KUVHqy5CfHq4cjizVXTUptnAImXzdYpaYBOyK71BEBzW8ryRPv4df6njFNGUJf4rt+vdzW/HyRFwUmwgIbNIMJ+tTQpmZfBN3tF9h0rE1goeqVweXToCc1DN3pQ1Vh2FgINIOTKgHHjWqICka0CK8TCmFd93zru5cYQ0eievvH5CBScbM9YHurhUCSsdgVJMByWrZxr0cAZZRWBD8PNK1Ylih+SXThppgmsyZlSG7tkQTD/Z4riekh+yix76RBM3s5YkJ9TEu8l4eT1vIn60DgpoG2u3t/AtHPijykeAPiIF8q8chEmIEqmkqbyqeo2r3BYHCMNbJIO0tSUWdUvQndkY7fYqhaq3da2d2jR7euuIhsDs8aRD6jjrEXe9j5OFO7+d42WrssY6eEpAZnPX/mX4emc2S2KFH78O6m7yUkb6poL9AqKSJ9HAWmt/frfMnZlPjQNJt66HE6mN1s98B4WbQkLKIzAXQ3pMcPxlX/l1ra9ySfiDSeg2vSgn4J+NtWi5zIp4N841wgkfXWDf9ZdL/vtHbhk6mOVAQKONl7twC+U2aFMS63DBd/Ml2PaeaJTCgM9itukZfgaQaRLcQdt7C4iRbmm1bUCi8q5ZuNPCo50t47H0wG7TpWegMzrpSGoPsJzKzuh4erPDZqEzOpMgVHFsWIh46iUwD0SdvdrK+b8JWyye/cnA/HZLt+emhFhiLE050Y3FGitdQt8woJXPH181L1t7oUA202JlO9w12upy+l8mu7j0BnMYZX2QLgN77CtIDcaJx4tZLsVnLdoysmo3YZrCQWa5fpniiukISFPzBX/pvpYA4l0AQB7h+5ooxJRbI4VcPwSIw7yPoVtZ3SUoOYlmSv6aV4nTKlz01lNTl0PP+WcePEWI5xHA4a8t5Fmk+AJYB9vrKYdbKnTh4ZvAu4CXs7SeJ24Pa6VRIcHDXmkN94Kom4FisDKrpopn0F8Xazw7AwULqcK3bHMz8y6CCV8nXU6pTvFD8wMDjiinOQGcPmiVpSpd9OfnhHPCWnh/ehkn7CTx3iafdslknX+yktzkl5nT8xoD/TSPFbLq/g+l/S8A/sMZGNSZBu+UAbwjN1tG6a3zk7gknuDNQSly8YbIwSg5EVSvXcFSbdP/A/gCsCPPZjOIjIoRqTFmnpgyQjWcirmOT+2C2oQ49RfXaAQJC7X5sHGjIlMBhD3ROaxlwFVfAeVCZEUiI880nL9fCdey4KGsBEuvvsTHnxpjzkPRlFqkiDdjwMr0u/7HQzDa/dXrcKRqlxOYDP9zmV9SmEo78mwuZlHszwI176gwFQUpaXZefPBUmF5nO4usvGdi19C1YsX92QRCIeVJPoeJC04/dPVGqnbShfcS2AxjUKpvQZY5OHGZ+ZrI9kk85S1PO5QXqmItYyQ+6GpmPjliPorKHqn+/TnmjXxZd62BU/SuUOrvwoVosEgsxZBY+BULemN0Pn1HIJT+7FzTIKVwZ7eKW3CVwsOLjQY0f7QaJVlTyJFVIQvRfNAGxpMXlYdfVrhpSi2B0sQ4lzRypXEfq18YsfAVU1TrKYH8Za9CbVTVaHwRjiLMJSt9l9wsibu12spvukZDS4dHph/NqcOpdvl6BYnAVdjsvlv5sR8jcIGLGj8KASxSJvxZO23v5AZjt/zpNxh+R2Id6juX1CVOj2HbrpTx3iAOEr9aHuh7AcXWUZjc1J1jH4jDR2kd8rYjIIR1/KRISPnzonKcywl6DBAMRsY5DdHaI9NdcSpdvvPIGdCQOBnugSGO28Fhe3VZnpnmwD7ukQw6OlLY2iKf16UVkWLtXZNUAqA+YQEd4RtIFFv6wvKrMs2tciuBXd/TlKLuUo5jBW3gALfgdBZHkNPh7bqLSjkCqetdYZEnom/SrXo3dNyML1nAOixrLQ0/1NUbR7QY1UYM6WuG2ST2e5sZbcQTAJJ9ct6gm0asFxTIZEVlqtBtBq30KdPPzjNwOp+/3Pg5Fd0604zbsKFeZ81EPCYHbvINvbEmlypGzXp2hC8EqDLSYEJhqb+gTrAnNYZEXL4pQt9oH1P39CVN6SgmSrJt2IoFbOhhV8JddlSqks3e0/Cjl6u01kKYnZ3KfQ+ZBhYLKHFGOLz6bwk42DL2wyXQcKvZhcWOxZr75Z9LUvnUWNoLNLcotJqTR+5Tw2ve4ED1tlHgVl1n/5rTH9+piqM7fX4lHGuG0Pm1Gt9DcBePO4Z9HRBluh4ptUcKGhR/ApPOjD3fuUHL3eZwLrg3kIspiXuVWge/rJr8KNEyLVFm45fnUODrwkLZA3X5BQ4n6PRsAXYDxsGSDug6RtAEkEDumkkXC9dkNMqVcn+6EWJRi/+QczNfzHeKOKO2KFVVW3x9K+mhzNlv+ejTL5vtQvhkoue2ppMf80UotEsX6sJUPSRGbbgZNCgWK+Tj2ROv1kmeHN6RebF44B3HOYhNls4rAsBQseTtveMZL8QcwHw2VS0vyYXwee5kBMOT7F3eGa4ziLXI63QzcT9R8eo6mLZFe+vb1jv2Yn2H0eIOwXxkkvE2N9y5Wqr5ouMDrVREzoTYXGFP1SXtHDZiRbgqXavCupvR5BIYP5AHcs3lW70Xu9tyTyaX9xPGT997/OyUJ+iXZcMD/Od0uDUFPksmVWxQmOJ8JVAd0S6DEuNoFapkem6L0Nc8JqhKbCQtCStA+4PSqwA2bBuV7sijk8yMyYlJaiZVzxGTWP5+kaue07drX/7l2n1kBKNP/qrmB15Qn+7rbu8l9TATHvyCkLr25X3wb8RujbauaWnHMCjh3KClnrWILeJBwJ4W1GnE/HmGwReWmHky2b9LTKcuH7U3XKuJSqYfxVA6Gl55GJNMMQAEQVueZgEjTa9wIqQrIzS9RsaHoBGV9w7jLZUhamIvYdQdJDdcLHdV2pSDrrX2RAkzgeJ8NRCnkStM60WlrX/STRO09/c/gxY7toH3FBDhVDyX6sy7QDPMW3YmWcQX9nDO/Fxha28GYqHXnvv9Nngw0bbI0ESnCFAjp1FB9UlggasSQMs9yFYcy3jpJN+NJ0/SfG/dm9ofM/OFD/jDKqO1oSgoKHuRJOoUTgiV2HQOUIbdX336dqHCgstsHY+9mcx6MXbpGrs+bp59gStFkSN1bZK7l3loK2hph5C5lBQv6A1LJ2gHUUEfM/pg/bn4TyDHQLLcExSPhJ4vAYF2R27KpbJodyIgDdZrJWzEXEUheHwc2zljZHCv7DW/88lw63jEiQX3lnBxm6y0/iNaxJNkoozHTMcKy1YImVgb96IJsOpYokVa9s4OLUK6Mavoj56AoaD5zBjIvpGGmjkNnqrFK8d8yL4EeN+B3++Yb5ljQn8pNfOqQyvRK/5WXDiY3IOzhPjCw6aM1NgjYe9jrqHAc8l0/deCjmwrEWsW2CwiP1BKWMWgAe3TD55fzwdF6++3hfh+9eVQQPRhGyweRVr3bHZcQrQZ7ObXgCMts2if5AXxcKySA/7TxDM4IPXXh3GNeIBgqio8Ybn/F7WlYk9OsERddfJzjhhrN4HAjumXpoS/diMsCuatoRb8+pB1vZ4ujDt5sT0Onldez4/PErwsbLfhD2BMM8CBtgFqHyBQIs5POL9emOwGbeD+4pyQH83ifRdxH0OkURBKZ5V2sM2aeYwhrrzURSZaOxHiBz6ORN5mrX9yOcZOhob4Cra1b4p2usQ//Hs1BpIArM18+j4sM7D41LDcbvT4rKNdmdzZBix4MLlImdcQhmQCZHz5Xah6Hr09Rf4visdQf2//RUFdWOD3g4HU3wdHbQ7/B22cXRAYJGs6IamlxI3SQ5Qgu3+vxwL3NsxfOmAicHsy0p41YKWyBzaNK07oe/HykrypSvebPmiHTVH3ZZPC6lPKGIA2CFnpTrs7lCQT2C+4nCWCwGxcRlSw3ME0jBXTGVNVHzH4Et2akrFkdmxog/F9etaarXA
|
||
|
"deleted": false,
|
||
|
"disable_correlation": false,
|
||
|
"object_relation": "malware-sample",
|
||
|
"timestamp": "1579564885",
|
||
|
"to_ids": true,
|
||
|
"type": "malware-sample",
|
||
|
"uuid": "5e263f55-4370-462e-afcd-47e7950d210f",
|
||
|
"value": "xmrig.exe|109a4ed5ee00374f64644344011b5157"
|
||
|
},
|
||
|
{
|
||
|
"category": "Artifacts dropped",
|
||
|
"comment": "",
|
||
|
"deleted": false,
|
||
|
"disable_correlation": false,
|
||
|
"object_relation": "filename",
|
||
|
"timestamp": "1579564891",
|
||
|
"to_ids": false,
|
||
|
"type": "filename",
|
||
|
"uuid": "5e263f5b-a258-4f50-a6e6-4d3d950d210f",
|
||
|
"value": "xmrig.exe"
|
||
|
},
|
||
|
{
|
||
|
"category": "Artifacts dropped",
|
||
|
"comment": "",
|
||
|
"deleted": false,
|
||
|
"disable_correlation": false,
|
||
|
"object_relation": "md5",
|
||
|
"timestamp": "1579564891",
|
||
|
"to_ids": true,
|
||
|
"type": "md5",
|
||
|
"uuid": "5e263f5b-db2c-483b-b0c8-466e950d210f",
|
||
|
"value": "109a4ed5ee00374f64644344011b5157"
|
||
|
},
|
||
|
{
|
||
|
"category": "Artifacts dropped",
|
||
|
"comment": "",
|
||
|
"deleted": false,
|
||
|
"disable_correlation": false,
|
||
|
"object_relation": "sha1",
|
||
|
"timestamp": "1579564891",
|
||
|
"to_ids": true,
|
||
|
"type": "sha1",
|
||
|
"uuid": "5e263f5b-906c-4d55-8a02-46ed950d210f",
|
||
|
"value": "9998376fb8d72284fe7337ce31589fdc0cf6f38b"
|
||
|
},
|
||
|
{
|
||
|
"category": "Artifacts dropped",
|
||
|
"comment": "",
|
||
|
"deleted": false,
|
||
|
"disable_correlation": false,
|
||
|
"object_relation": "sha256",
|
||
|
"timestamp": "1579564891",
|
||
|
"to_ids": true,
|
||
|
"type": "sha256",
|
||
|
"uuid": "5e263f5b-9190-414c-a4fa-4a42950d210f",
|
||
|
"value": "b4c7a760698a1f4abe9265caddc621feeb4515bbc9faa314ef2e5c0d1e1c504b"
|
||
|
},
|
||
|
{
|
||
|
"category": "Other",
|
||
|
"comment": "",
|
||
|
"deleted": false,
|
||
|
"disable_correlation": true,
|
||
|
"object_relation": "size-in-bytes",
|
||
|
"timestamp": "1579564891",
|
||
|
"to_ids": false,
|
||
|
"type": "size-in-bytes",
|
||
|
"uuid": "5e263f5b-96f4-43aa-96cf-4a2e950d210f",
|
||
|
"value": "4552704"
|
||
|
}
|
||
|
]
|
||
|
}
|
||
|
]
|
||
|
}
|
||
|
}
|