667 lines
259 KiB
JSON
667 lines
259 KiB
JSON
|
{
|
||
|
"Event": {
|
||
|
"analysis": "2",
|
||
|
"date": "2019-06-28",
|
||
|
"extends_uuid": "",
|
||
|
"info": "OSINT - OSX/Linker: New Mac malware attempts zero-day Gatekeeper bypass",
|
||
|
"publish_timestamp": "1561711858",
|
||
|
"published": true,
|
||
|
"threat_level_id": "3",
|
||
|
"timestamp": "1561711324",
|
||
|
"uuid": "5d159a21-59d4-4881-a9e6-41ca02de0b81",
|
||
|
"Orgc": {
|
||
|
"name": "CIRCL",
|
||
|
"uuid": "55f6ea5e-2c60-40e5-964f-47a8950d210f"
|
||
|
},
|
||
|
"Tag": [
|
||
|
{
|
||
|
"colour": "#004646",
|
||
|
"name": "type:OSINT"
|
||
|
},
|
||
|
{
|
||
|
"colour": "#0071c3",
|
||
|
"name": "osint:lifetime=\"perpetual\""
|
||
|
},
|
||
|
{
|
||
|
"colour": "#0087e8",
|
||
|
"name": "osint:certainty=\"50\""
|
||
|
},
|
||
|
{
|
||
|
"colour": "#ffffff",
|
||
|
"name": "tlp:white"
|
||
|
},
|
||
|
{
|
||
|
"colour": "#001b43",
|
||
|
"name": "ms-caro-malware-full:malware-platform=\"MacOS_X\""
|
||
|
}
|
||
|
],
|
||
|
"Attribute": [
|
||
|
{
|
||
|
"category": "External analysis",
|
||
|
"comment": "",
|
||
|
"deleted": false,
|
||
|
"disable_correlation": false,
|
||
|
"timestamp": "1561696822",
|
||
|
"to_ids": false,
|
||
|
"type": "link",
|
||
|
"uuid": "5d159a36-2c3c-49c1-8f94-40a102de0b81",
|
||
|
"value": "https://www.intego.com/mac-security-blog/osx-linker-new-mac-malware-attempts-zero-day-gatekeeper-bypass/"
|
||
|
},
|
||
|
{
|
||
|
"category": "External analysis",
|
||
|
"comment": "",
|
||
|
"deleted": false,
|
||
|
"disable_correlation": false,
|
||
|
"timestamp": "1561696963",
|
||
|
"to_ids": false,
|
||
|
"type": "text",
|
||
|
"uuid": "5d159ac3-a82c-4763-bf23-458102de0b81",
|
||
|
"value": "Last week, Intego researchers discovered new Mac malware, OSX/Linker, that attempts to leverage a recently disclosed zero-day flaw in macOS' Gatekeeper protection.\r\n\r\nLet's examine what we know about this latest Mac malware campaign.\r\nWhat is the back story?\r\n\r\nBefore digging into the OSX/Linker malware, it would be helpful, for context, to discuss the \"MacOS X GateKeeper Bypass\" vulnerability that was publicly disclosed by Filippo Cavallarin on May 24. Gatekeeper is a technology included in macOS that is supposed to check apps downloaded from the Internet for either a revoked developer signature, or for certain specific malware that Apple chooses to detect, before allowing an app to run."
|
||
|
},
|
||
|
{
|
||
|
"category": "External analysis",
|
||
|
"comment": "",
|
||
|
"deleted": false,
|
||
|
"disable_correlation": false,
|
||
|
"timestamp": "1561697000",
|
||
|
"to_ids": false,
|
||
|
"type": "link",
|
||
|
"uuid": "5d159ae8-17fc-4746-a7de-eac102de0b81",
|
||
|
"value": "https://www.virustotal.com/gui/ip-address/108.168.175.167/relations"
|
||
|
},
|
||
|
{
|
||
|
"category": "Network activity",
|
||
|
"comment": "you can check whether any Macs connected to the following IP address over NFS ports (e.g. TCP or UDP ports 111 or 875, or TCP port 2049) between May 24 and June 18",
|
||
|
"deleted": false,
|
||
|
"disable_correlation": false,
|
||
|
"timestamp": "1561697035",
|
||
|
"to_ids": true,
|
||
|
"type": "ip-dst",
|
||
|
"uuid": "5d159b0b-d57c-453b-989a-eac102de0b81",
|
||
|
"value": "108.168.175.167"
|
||
|
}
|
||
|
],
|
||
|
"Object": [
|
||
|
{
|
||
|
"comment": "",
|
||
|
"deleted": false,
|
||
|
"description": "File object describing a file with meta-information",
|
||
|
"meta-category": "file",
|
||
|
"name": "file",
|
||
|
"template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215",
|
||
|
"template_version": "17",
|
||
|
"timestamp": "1561711279",
|
||
|
"uuid": "5d159b9d-39c0-44b3-8927-4a4802de0b81",
|
||
|
"ObjectReference": [
|
||
|
{
|
||
|
"comment": "",
|
||
|
"object_uuid": "5d159b9d-39c0-44b3-8927-4a4802de0b81",
|
||
|
"referenced_uuid": "818eadb9-e542-4def-b9e9-a8ecee1b9737",
|
||
|
"relationship_type": "analysed-with",
|
||
|
"timestamp": "1561711280",
|
||
|
"uuid": "5d15d2b0-0978-4fc1-9e92-64c6950d210f"
|
||
|
}
|
||
|
],
|
||
|
"Attribute": [
|
||
|
{
|
||
|
"category": "Payload delivery",
|
||
|
"comment": "",
|
||
|
"data": "UEsDBBQACQAIAMsl3E7qQXWQPqEAALa+AAAgABwANmRjMTg1NGFiNDk3ZDcwZGZjNGEwN2QwNWVlNTlhZDRVVAkAA52bFV2dmxVddXgLAAEEIQAAAAQhAAAA1V7os/H/2Ip5z1g8KQgg2NZN/PW9/WnEYpAuFy7MYxMszUlVRGpeTCIr2Mucx38za3mgySFxXb0VhlQFPmNDmoZsEvTEEtBywWFGiI7ezJWHS1tWPQXh6PUAyGmU3dYDP6hmm/dHB/G7P7jh8kl1FhNaf+079xarmCNFWGWfnRPz5WWX6ms6B9qehn3wlCDwpbumYiWB1r8Ev0KRKqt/M9t4fiJQUodjP44FgRUf6dfTeU0u9pUcxOYcQUiUdPCPFB5a3ldC8YnxEdXD4CdMOwEDIv9yE5SH/mvMHofB4DAvWNDtKczQZY4n5y59ms+7A5fNqMAQUZ8mNzqj/co1RakhScqp8peBCMMGvcZgto9vRZfVvkaM51a/hF1kewuqQYlXsyRwUG/5mc2cQQINWliC2oSi2nx+Es0kXfyQ5o0jKHnuSW9PRvO8jRyOhLm5VrTFeGRrLruaPHVse69iMRSxqvV6jW4ge1ug+ewjTrRdwjf0dGUTZX95544gK4nN1iywonIh37/e49toelsQelMNO7xZSN7zsv1pePo6bxzDbGDxwTtfhg5QFCPLbn+dR0oObJwCcbRh44874IB6AANYnNOnVtJ8kjn+gz7LM5h8NR9Ge1/8YnEiZrclTI5jGNUPBOT26QlTRBRRms8PHRJQ4IAnVD1RxFZWdeNx6DBuxffnl9cO2tI/BNMY/kMMd10lcNazj/iNVbz1yx3xZnm/hlFwQS+GosZw7taikun3fXjjzL7kePadFdU5L4H83gLuzchPI+dQ6IujqDofhgwGg1Td3gjwxkG660tTeI/+0pgTFEGYf03+hFqCZDgwdB6bJ8NofjW8Flb7NkOpKm/n0gNJDYyOUUoUkeGZ9Ltt8NuUx8Ib2YdFOOKgw4bXtsnriwS9BW/gq706wxWiV8GB0xTgg2Fj2Xkk/pfut3koI5/nmVNgBCSJw+9BsWR3FBjdeXGmY0Ye3Bzwr9HprWQB71ja4U+YAOznbJUBxw+zgJO/CX28aFGe5BtZI8qq/ByBbRRiMbvieUbKnZd7p1X3EXL+ZPzTs0/qwRm2RfpnbPfaNsXHa6ibTabisEr1mcQoF3BMs4TAHnXPKO6nsy1qcabTifreaguroH+hJEhKZbnVvuPpGv3DgWnI4NK9TmykUATrxnOYFa/6+mfIa9JPPX8nAvrErDSlR0v50tWMe+BUmQaEQ2cKGXzbgk40D5r6oPHuHpW/47FWalph2SwyNs+KlEE4cn7hmx0nk5G2bQCiLalusQhXa8L7Se3Heh3yvEC38EBeUICqdwxjuFq+DlXICYT+vyRTX11p3sy7p5/CgsSKA2bIqbUntw0FNlfK1zVdQ/SZaeIip7DVkztqiQGK04ULeQ9XNK2ZGqzSdi2YXXPQbBynfJQ96N79cn1nlzHOlTq5lIbTYPo6L+qI+8d1s3JIRP52vmaux9ezxSvTtDIcxUA5qu2lU0Qgr+/UKcI7Ieu0pbSy5xiaScWNK9qM7MABVghZXqR/EZlS/BmGA3hbTU8fvvX89ZidxG8W0slQ1TvViceIgSURGakxT7xJ4WHL/Rt9aUPoTlLu2IpOjrDo9nYWpNWYHppsi7sOwtb8OZi9b6uJV4yBGN3OtZ/suufa61tLI8S3YszgHfpKxmXxst3KR2HeER9yxQ/SsPa8kpe+03QZ0mjiUnKuOZry7FmcrZiyCHoRe2fTbhXkZ0oLCm0Th5vIA21TaJ/kv2XpKF6f3N5hcnaF/d0YInJnpuO4rILIOdmFSWmpFWKhIWbHGxCWHxc40VBEJf76m82qfQs9HwxbP+r1zuMoRJHliATC2XrNR4pfEn+uFWV+wCFenGSJtDJZMpqJFiLQqhwBNtf1BADZVYhV3JI9fTMTm3/e8d/f2bZmcQCIXs1xvsGTbgEoT7uXo90WMbUeSpg4hnUwTsTzqrImaD4R5vJQgVep2oseT5u6TP4fjDa1oAryaeE2JrMOH5leZJSFvRe4fjKvmTU/r5OEgCwqaJL3jaMvE0h2u/EgJJ6tpgICB/+3G2oBbka19w7raVvrRf+4gd14wLVIw+jUmzKQ2TPGA3Y9J1UQ0Qu6TkxNkDe8mIgv/W5UdvtUW+97iXGY9HYERwxLI++bd93NN+MnutCISVAGSzQOQhNPhjM2WNufNks4O55oYroKf+6EZvRZ/Ai+5TAhav4MZHb7ReFpL7/UnXgm6pOJzpJk1S1eA+us0LxeMJt/JHOM1zg3ezsPs4Imbw9C9blxvGwu25IVN19Mrp91DCXeZNQdxVYzx3ftVwyjXU+6bNH7693vnmzDkEvdLZRLiCQSv2dbDlc/9lQ/4pEJ2vvB3akJ+GNZVc0EPX54yhrojc8gq09RLm7A/HhtPFKvgcL9e+GJgXgGDCOQS6Jn4H5N9Bpka4kOCdaFWXoUiFg30uZh6uNbBizmUV6eIDL6StxJhmzYQjj8D0hoJTOeIR5Lwb3mcMDwyMDkOX5J0QHQr9o/SSJKYHYXro2J/vW06ir5EZdSCuNYKGXVyMY+lm/kly0Ypy82DJnWmnlRcwXwKEQjxvYx7jKRRMUyejuzFMgPb4Sp4RrSclx2WaHPHir2on+71cS2c4F3ZmWhtRw35X9nP9uL/sf/bI/gkr05LzPLRzKVFzxmXyUODlSCk1cLJ8BFM0/YHF7grhYRPEX/ZxO3a+eH3r7dqINnH9AUSlI+aUMYGUDPkSyTqLHvPHFjab444MWjSFNa7487CpvzcP6cPUyLyLNh6jaKcwE7cZ8MFU+dHguxa9AtpzMTFlQGFVFASnp5HAcfIQJ+QnUi4/wgS7KlDhkwo7D+kTppLc+HAOL9wgT4NF3kBNpp42Lbnv9Qm8ptPMlcdKDUtgREXCRTe/VSvPZDbRh0tpgpoUxy00o8YgkRabnGvwKCNQxhJ3lVJbIN/NOUsfJ9+KruTgV0xbVL4y44iGn0g1hBrLi7r1sF5woeX3rgJCoM4jKY/m1KOlUg5tmpzdMy429EX9+z03QTLWiZLs8+97cvnH0SlGRtajiVKFRTIgmIDreVmQQSHLkGyEWxaQLwnkMGfelnI0uotK9f9xTGlZE5mTReC/dXFTY44BTD+ERls6VtiTLlwVRNNI9LYNHRxS28HYkvxN/6dEx2z5o9fxfgcyVIh924lt3w3Es1Xj3apUW/P55F5kcvx9suDbvW+81feGEvEc1+2taJg6yaFCvzsJTEmO/lYZK/2zW37RJc+dYqnftgePOHEo7JnlQio+cvKRFVTmeMdFy5IOrsvH/xqOQJjNYtqBXrnGAAxIC7MNR0Q1YUYR1AZCHEPQ4DMiG6h/vrBL46YFC53fTIilrccUa21uCKjQ/OB82hWZ7tH+xa2LJsHsJ0MnKC8RDPBrWIco0Am+AuDCNT38kjzUwzO5Uqc1QthOFP4UvTUCtq+vkNUnkagIuxQxXoshAUZDChVc1joNaRhzuzGB6ManZEuiew2kX1ZN5d6XEtbuVKcbi5UkeDOOEyTBnm6zKIOK2oJBvfua+LwfF3mOEf/j+Gai3AnnE0Hxse5OYZTofQ38tH6eb35/zb0Qw2fiuyurAGvGEQLpEUC9+n5TCc4CpzbrlSwtGv4yMo7wTyK+IOA2fptxBnFJuuBuv6AMD4F5PcwvfhQIwvmsOEVX2RVPz23YEc4XaLZuiWcFDSGEaIrXFcNmRvlX3naouEbXymmbePnJtq3ZHO4hE7BiErjF/3dOqoSyarWtORDCABrM5P6DJTGjRasGd5X2Y2eofK7bSV1hQoWzftlb4qrb51w8rpuhK989/9eEKiTx6rIF75SLMjOjYxgxsM+eeB5/iI4Utt09KF+yTsPh2DbcWCBgj5moLEAikYnnk7B2//5iZ5JV04IhLzvfQJ1ScmFvHfZXHchiBguiUBphpbdX5Tl2qAOFmIHHgKx+irTYVu4B+Z61E1Pz0N0V1zZqg/TM
|
||
|
"deleted": false,
|
||
|
"disable_correlation": false,
|
||
|
"object_relation": "malware-sample",
|
||
|
"timestamp": "1561697182",
|
||
|
"to_ids": true,
|
||
|
"type": "malware-sample",
|
||
|
"uuid": "5d159b9e-5ff8-4157-8927-403802de0b81",
|
||
|
"value": "f6bf5b8bb2400aad4ac844f2b94a4e556907f35b44c5ff462fb4e70c0208c9de|6dc1854ab497d70dfc4a07d05ee59ad4"
|
||
|
},
|
||
|
{
|
||
|
"category": "Payload delivery",
|
||
|
"comment": "",
|
||
|
"deleted": false,
|
||
|
"disable_correlation": false,
|
||
|
"object_relation": "filename",
|
||
|
"timestamp": "1561697182",
|
||
|
"to_ids": false,
|
||
|
"type": "filename",
|
||
|
"uuid": "5d159b9e-f6a8-4f5c-a341-4a0002de0b81",
|
||
|
"value": "f6bf5b8bb2400aad4ac844f2b94a4e556907f35b44c5ff462fb4e70c0208c9de"
|
||
|
},
|
||
|
{
|
||
|
"category": "Payload delivery",
|
||
|
"comment": "",
|
||
|
"deleted": false,
|
||
|
"disable_correlation": false,
|
||
|
"object_relation": "md5",
|
||
|
"timestamp": "1561697182",
|
||
|
"to_ids": true,
|
||
|
"type": "md5",
|
||
|
"uuid": "5d159b9e-4ca8-40a3-b4b4-437b02de0b81",
|
||
|
"value": "6dc1854ab497d70dfc4a07d05ee59ad4"
|
||
|
},
|
||
|
{
|
||
|
"category": "Payload delivery",
|
||
|
"comment": "",
|
||
|
"deleted": false,
|
||
|
"disable_correlation": false,
|
||
|
"object_relation": "sha1",
|
||
|
"timestamp": "1561697182",
|
||
|
"to_ids": true,
|
||
|
"type": "sha1",
|
||
|
"uuid": "5d159b9e-a480-4896-9e60-48c802de0b81",
|
||
|
"value": "ef628dc0b4e861827d4acce584f5740de16e86e3"
|
||
|
},
|
||
|
{
|
||
|
"category": "Payload delivery",
|
||
|
"comment": "",
|
||
|
"deleted": false,
|
||
|
"disable_correlation": false,
|
||
|
"object_relation": "sha256",
|
||
|
"timestamp": "1561697182",
|
||
|
"to_ids": true,
|
||
|
"type": "sha256",
|
||
|
"uuid": "5d159b9e-afec-4096-966c-4a0b02de0b81",
|
||
|
"value": "f6bf5b8bb2400aad4ac844f2b94a4e556907f35b44c5ff462fb4e70c0208c9de"
|
||
|
},
|
||
|
{
|
||
|
"category": "Other",
|
||
|
"comment": "",
|
||
|
"deleted": false,
|
||
|
"disable_correlation": true,
|
||
|
"object_relation": "size-in-bytes",
|
||
|
"timestamp": "1561697182",
|
||
|
"to_ids": false,
|
||
|
"type": "size-in-bytes",
|
||
|
"uuid": "5d159b9e-5ff4-48c8-a5c3-486802de0b81",
|
||
|
"value": "48822"
|
||
|
}
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"comment": "",
|
||
|
"deleted": false,
|
||
|
"description": "File object describing a file with meta-information",
|
||
|
"meta-category": "file",
|
||
|
"name": "file",
|
||
|
"template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215",
|
||
|
"template_version": "17",
|
||
|
"timestamp": "1561711279",
|
||
|
"uuid": "5d159b9e-b564-4227-bfdd-464602de0b81",
|
||
|
"ObjectReference": [
|
||
|
{
|
||
|
"comment": "",
|
||
|
"object_uuid": "5d159b9e-b564-4227-bfdd-464602de0b81",
|
||
|
"referenced_uuid": "4b8b54b1-b3a1-4ed4-a324-468df8df0874",
|
||
|
"relationship_type": "analysed-with",
|
||
|
"timestamp": "1561711280",
|
||
|
"uuid": "5d15d2b0-7020-4239-924a-64c6950d210f"
|
||
|
}
|
||
|
],
|
||
|
"Attribute": [
|
||
|
{
|
||
|
"category": "Payload delivery",
|
||
|
"comment": "",
|
||
|
"data": "UEsDBBQACQAIAMsl3E5YO88/BLUAAMHjAAAgABwAMDNiYzdiNTFjMWVjYmUzZmI4MzNjZTM0NjRkNWUzNmZVVAkAA56bFV2emxVddXgLAAEEIQAAAAQhAAAAaM/A5eqKvTAbxdPLem5JkS7rbIg7zM0zBKR1jsHJ9dTuQL1fSWO6vyFl9HCJ6hARM3aVqiGC45ZIdrs7yuzP8aa8FxtkGV+Po4Mm2sGzORG10boWcP3hANOCgBT5tLhmT5rD0WaYXmH/+UgIQ+4wL2WDmcqvLNjR2UkShykVagAxMd/ZYK/FxG7pm0stZrtSX+B0Jowhq2X9P9R6WLnJTbkLkcOtDd7zFRjNCD0OamjHL/1awk/9JdZ9ez7o6aHvxl/If5/bEuomW1dOzfDFMGONreXlvbGH8jVBTtW8tGmsjOfeiIX5bUEc8MgVz56VNaTj//267FljH5DrBhSfloUvbKVPtmRuuwoGoPamg+jTety6VgAsrt/qeWaBOzkw8IFqv/hO5UJemJ37BwARV+9GUEB3q0qHeEnrRvGT4qNTTw3/GhZkw05vZQpGhR3gKJTCH44nqmcyp0Znt/XBuXbQ6u62DAOGc6sYv0sxoysJNQzXQ4K+o1ZS8U+CB1z+oV+Brj4i2i/72gFAKr6cX4f89JIpA2oPMoN2TZDyy0IDvKTQFHkQ2AWUkVNkX5ansG1Fp+pQ6HwNWnmk+XfBQTRRX/wofppqcJfbyWp32XZTnAmOQ0ezQWSQDNN/I/4y1XBvgoOE81sumOFNyGpeLPrEW84pPIQOtX0lCXkCWO26OpgeifzoIFFaVKKjdZ8FzJOf3BzZKcVLq8rAO6V2pJ28OdFJHG3g4O5diju36E0Wkgpeu5JPZ3frtW6amyiVBQ4VrtKvYnmyjD7lFUAlBZWLDw5BMHO+3YRkA9QtdkdfKbpe1WN7RXKqLKlXOHgiHj0Nw42wSzjlsoVmP/5kj2j4clBIqJa8QsOJvULeXe6MiDap1hbgp1nGCSvQXjAf1DOunuwyFAilLA9RzQR1gJfSo0jECo3Dyhy+mI2Gh+rEVgIm1aqw2ywWyk7VQ3riy1sIVfcRcDTb09esfkGacW17IxxPyMsVuqrxrXdO3MfxR1FYVoh7Xf5wrhPzTk26b1OJtNZUPoc2c/kFWY+hEhnaSWo0BB+1Y+O3t/FvKCkm/wAPdjb+rpNlO1qMVyG7LyjYsksyCStjPMTBAUm2bS6Az5cy6EwB8UAHTjYD6c3S0hwxs2WMcy2B61Y//vXCxoeReApvpaF2bkMlo5Wvu76fT+ykiLFzsCNBAWkzJCws973B4Ijc8JE2/JzWJAji81d+mErHgxC5HsLmKnpzBDuKqDMxSzjxTXKW/GXRRtpHhChukVIh5Yg6bRLdNAr3A+MH5Eot84CyQyHxJv93J8Etq1iTy235SVYV5ljSTeBPL7ZGBpbZflwAowcdNASEoaAF4cexi7qFXqyo+/kwGv/VuoYfcFJXVXVTqfelbuODeCw4mpA1mN74GEa5LO9entu0Q+gYVcrFYNsCHfTsQKX37oKdPdZUgUtRIvBlukEjB8Fcno4trVOI4EfC/enYmsMA6fUwAOzdTDR571UTs598MjHh+S2CvcEF7oVkvvt8vIhA0S6Z/ISf/FrJiA6lWxAXgZzBedU6800rzA7Fv0/gLRETf8OG/57YLOqBHOD48KIfgFmokzsVGKq0g+U7hK0q9s1b2VKYFjz1/V9hJyBz+vh7a8qqxFrMt2kmc2TnTC1uHwCkTC2SsFfbCwrYKtJ7+1HqNBgT7rAXXH6kGl60urgTQJzGfYiCr4NNMu/qDBFfi7pYoOVP5j0bgCCTHtVf8BClRbqRRxqNdHYXoxMlRomd8as27Ba/oDGYgTdwlP13RDo460CYG1Wj5P4rEAnGRvfpy3SxdZTbkoIF2ZeSLRyM/zGpie0F4lFzYKIp/9BGw/sht6xR12g9fl4gvcdEZxaYh/B3OLFsJUyeDqvX2ble0UbIn25r9akJvmdUIaLH5LJ51tItvYWrUlSzU+v+V/C17ymlrBRq7Ks0bTcPW14Cj5nHVVAM6imyQQbn6saGizrhLvqJICz2EIjSJAll27WthkRwayonvq/Uy2D3w/qVdi8WOlBLtsJ//Urbj3Ak4Ll+dlmjM47yfpB+JZe7JV4vtRdzKQEsbcwJm+gefeHbDzTvOa/lrMeBGIGxJGuhJ+xaSFuXSjAQoB7y/Vj4yhpvkrnW+FtvUMyNB5TbQWWOkN3Sytgltv7z9U94b2WDk+CTQ2mga2H9/+QMns4fUYFQ/u6jnU1BWvY9eowYQ948tbNANS5kiFmVibMBT9D8NWIz/ijpat+6l8iLg/wjilTHil90x9Q9DmcqaCLgwIWQGxAMlucYJ/RLDfqTRxNF/o4TIeNW4VXISV0KxNepgsV4LZCf+CclGc2cDYcXCnsgbdqqZAS9cKbMbXwPbOs01C5NfaU0CXxnYcZMAdBmboUcThj23zdcTlRRTC/U2lxaWohK0Y4a5BvNS0bWK67rukM3tH2Ka4UoX3EDwxxowLqVB6oiKDJE1nIy4pe479gfWxOCklhq2pqeVonjiudnrw8C2WIMo6exqygBoZnefsrX/3okgCj7MBkQOBStjRqKnlINS5sM3PVjg5uqjV+ien0F0SX9P1sYeQoJA3Kx4IsXQaJ4AVzuqrObsmBFk56D7AahBruPpEzub6OPlB/V2IpKxzVjxkjg2oQk5aj+GVK5ai/idt3i8cv3yiHG3glivYad8d31cn15Ly8QbKmh85OqEs/15xtXQ8cbVziVlSeelmbJAEU3HjJX/w4wDt1WvuZ2qnqRrM44Qza9vkj8WCn5kjKb2do6k7LfGBsRR5XxdKZyU8J+FhWN1XaGbjqoMneZ/3yXCYCxSzMacWMH1gdnWymyOyIaQGxpku7M4K1boE/5PqvOskfE+z5r4E8gCz8amxA0LoHrDMpc1yIPbXQmwbOy74SQuD8/hQ07GhvbcVeNMoxQkZL5tGd7X1Hg5Ohm/dEAXaZFOWoYJ5nrpw5sxn9faQ+2IITN1AIg7C4Ky5Zg9+i7LSE/srEm7/lwQ/qQGEJoK33bGi3nOpFfJ//HUXI53NuFPZLDKfIeuaMWioBPKNHfgruUzYK7b8qSU/rIC1TNzSxSZhCaNWm4LwLfkuyaWz4U2e7P7XrVlZ7GzV7a3TFsIOCSsQlC3Vf5E94JVugmg5vdPZZDsZxUQzWMk9OXMhCEps0QD7jSeH9f0AWlcb0j6PYTiO3BMJY6QZFwwaSNDKzs5+l4fJtKsjxYQ6YH3qYA31n5JnAKqGhu/pCwO7dxcbJtckLsG70hQJQxZK6+f2msjo9bmohAGMfaqNa2N3PyWhdiPwbCRfmzQMZ33qui6Nep1PzrygwCC3hzs9IXrsX9JtJ4NbnCpZAi34cQvAxlJt8zrXXfLcIONCtMJ5iBDSNZIJ8txceD9PxTwPllurvdYgxl3GyaoEUPsb67699XpaN9uSvgiB+reErPjT3v5wd/E1HpabF0urwlUAcrQBdgpKyoelAbJ9ywiozNJkc3z/MADH5Ew0h5MQPrNmktmUcsnlRJAsmdGrxlP7C3Aq/eAY5GEl0WnsEYZ7IpWK9t61IWElbiG+zHCSQtoPQkQnRURxlubvQfC9LKWt03pPvqK94wNmfAeBSO0Fqduv91t6FXsHTKCNnsM4ByuQXJElyguO22K8SuVH3yGDgtThj6bB6VqPAZhPwn46AyNyE+FDKYOrnhvJ8SPFJudHnK7ZQTpyW2eGbeIgj/504dnBWB6FcLnF109Z+0BoNFD7WrS0nmbSSdBG4n5dNZCUfBNNhvqY2e0yMDGlWc9NR3CKEosCFdqID3RxZ92feVs9Pl0VwouIel5jBhFgcd/+LCk5fn6dzvSMKO9Nig32pVcoLflRoQcbix5FeG2q9knA1MzHti+EIJ5vG44ZW0ura0lSPP9djZau4kbiI9Cs/6eCg+QySrUOJPv9AiIwNhrk+b/F/fFfs/6H3ZDOg4n9LmzrDaAZlSfrw1KNLJ4Prh34AExXgDF1fJ/f
|
||
|
"deleted": false,
|
||
|
"disable_correlation": false,
|
||
|
"object_relation": "malware-sample",
|
||
|
"timestamp": "1561697182",
|
||
|
"to_ids": true,
|
||
|
"type": "malware-sample",
|
||
|
"uuid": "5d159b9e-5eb8-4623-9d62-4c8302de0b81",
|
||
|
"value": "d53ebf9fe70bce05a00fb6dded971f49b070ed8e10beb0e40d48e3495b274a23|03bc7b51c1ecbe3fb833ce3464d5e36f"
|
||
|
},
|
||
|
{
|
||
|
"category": "Payload delivery",
|
||
|
"comment": "",
|
||
|
"deleted": false,
|
||
|
"disable_correlation": false,
|
||
|
"object_relation": "filename",
|
||
|
"timestamp": "1561697182",
|
||
|
"to_ids": false,
|
||
|
"type": "filename",
|
||
|
"uuid": "5d159b9e-815c-4f7d-9c86-4dc102de0b81",
|
||
|
"value": "d53ebf9fe70bce05a00fb6dded971f49b070ed8e10beb0e40d48e3495b274a23"
|
||
|
},
|
||
|
{
|
||
|
"category": "Payload delivery",
|
||
|
"comment": "",
|
||
|
"deleted": false,
|
||
|
"disable_correlation": false,
|
||
|
"object_relation": "md5",
|
||
|
"timestamp": "1561697183",
|
||
|
"to_ids": true,
|
||
|
"type": "md5",
|
||
|
"uuid": "5d159b9f-45b4-458e-b93b-46fb02de0b81",
|
||
|
"value": "03bc7b51c1ecbe3fb833ce3464d5e36f"
|
||
|
},
|
||
|
{
|
||
|
"category": "Payload delivery",
|
||
|
"comment": "",
|
||
|
"deleted": false,
|
||
|
"disable_correlation": false,
|
||
|
"object_relation": "sha1",
|
||
|
"timestamp": "1561697183",
|
||
|
"to_ids": true,
|
||
|
"type": "sha1",
|
||
|
"uuid": "5d159b9f-2c98-4d51-954c-43af02de0b81",
|
||
|
"value": "22c26271ec6c901d74936520e14ee0330f097ab6"
|
||
|
},
|
||
|
{
|
||
|
"category": "Payload delivery",
|
||
|
"comment": "",
|
||
|
"deleted": false,
|
||
|
"disable_correlation": false,
|
||
|
"object_relation": "sha256",
|
||
|
"timestamp": "1561697183",
|
||
|
"to_ids": true,
|
||
|
"type": "sha256",
|
||
|
"uuid": "5d159b9f-354c-48bf-b191-450d02de0b81",
|
||
|
"value": "d53ebf9fe70bce05a00fb6dded971f49b070ed8e10beb0e40d48e3495b274a23"
|
||
|
},
|
||
|
{
|
||
|
"category": "Other",
|
||
|
"comment": "",
|
||
|
"deleted": false,
|
||
|
"disable_correlation": true,
|
||
|
"object_relation": "size-in-bytes",
|
||
|
"timestamp": "1561697183",
|
||
|
"to_ids": false,
|
||
|
"type": "size-in-bytes",
|
||
|
"uuid": "5d159b9f-8dc8-4c63-a24d-4be802de0b81",
|
||
|
"value": "58305"
|
||
|
}
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"comment": "",
|
||
|
"deleted": false,
|
||
|
"description": "File object describing a file with meta-information",
|
||
|
"meta-category": "file",
|
||
|
"name": "file",
|
||
|
"template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215",
|
||
|
"template_version": "17",
|
||
|
"timestamp": "1561711279",
|
||
|
"uuid": "5d159be0-51a8-406b-858b-48b602de0b81",
|
||
|
"ObjectReference": [
|
||
|
{
|
||
|
"comment": "",
|
||
|
"object_uuid": "5d159be0-51a8-406b-858b-48b602de0b81",
|
||
|
"referenced_uuid": "acffc28c-bf93-447e-b63c-68c2dd2b85eb",
|
||
|
"relationship_type": "analysed-with",
|
||
|
"timestamp": "1561711280",
|
||
|
"uuid": "5d15d2b0-d1e4-431b-90da-64c6950d210f"
|
||
|
}
|
||
|
],
|
||
|
"Attribute": [
|
||
|
{
|
||
|
"category": "Payload delivery",
|
||
|
"comment": "",
|
||
|
"data": "UEsDBBQACQAIAO4l3E4ibnMm6pUAAAAQDgAgABwAYjkyODE3MmM2NzY4OWI5OGM5NGQxZGIyODNhOGNmMTVVVAkAA+CbFV3gmxVddXgLAAEEIQAAAAQhAAAAO42hAyCM7fPo1EvHMXkZxXoKkM18dxzfGLdBEQ00sjH5pINOFzJXsZsmKx1wO8pdTTd4gWhJXaq+ZVie5zlqXjGH9OB7rd82wYlroeXelCtc/5d2u6JpnerKhaq3hz9/HoG00mCfnM61YaKCRHohByqEcoHgbKfxoQpghYXnkf0ABoDXq5SMufxmcvf3iPmcIEivsDQQtx1m27y/InaU2MedBtQufGnt7VtXWb88aDcvT6zICw9T+/CP9dLkh6/ZbkTg98FyH7Pbo86ZHdDaEUc7KMBCAKlhEAvCvpalDHIssQy9s1BhfKcfXOTf/tlJHKkoiulHG/l0BAHxz4PgLv1/XApISxoXDlt0sazo3yxto8dMcEi1rCORGwT3FxoDe73cgK3a/n5Y0pxmP7Nqu3cdo9ERUQ//ulQd86k5daZSAY/x5y/7MtH0LVSfq+curdcoSEpvzaH96gHzy453mKOOfKT5Yyr6YTJccTA9VfY1mE3dL0Tym54SeWudK6ZrGI6ZYNT5J1t36kSUKl519OdJFQDwZp4mbb5JJCgmSLCV12i+TnbUXzOBDjs6od50pZ81S1M83p6zx/zJX9n0eP+4IIDqyJu4hTR6Tu2+rw+7JvV/uDQDcVosPfgiqMR+6CegEIcye1A/Oi9TJ5kfqYQQgHOZDQ9VZFz0qglWqKUeCx6yMCOnixX1warRhg55RnB4S90SJF9sq9YYxkHL61EyuoZotV49PkOQI66+n4BwqW6nZ5bwQO231WivjFPsmLLgkctUShHwZBVGNFx8dv0mfzf5EGOSti3o6yRdXQwrAW/gASFcHEmI+bg3AIWd3kcoQJ9/M6TKqinJQT090aFhWrcofXKYWd8mZ2vEwEya58m/Z9S6h83QjuqgV3m7mt4wODiY+/7V5GDGpA4OLLMIc9xV0vuyCJjoCAxZp5fVNKtc3dtQo/ip5X1zoGFvyy+tOvxzXVSZmiLrF4etaYIvJiujcvF+3rhXdqpDCu3bWg3kYU1leIKDL2wQEJRA/CPt4G0Rv70H/RY2A7rJVIvXn32uo7kQlWt84XskLL9uzQtAaEr0cmsWqE9FMMvNPDeYAwbArS2nOlb/FdOSvCT+W5wZJPuP56OhcGnttO61WHAVLw+BQ8ozAiwA7HFuT5EhwCT+7IHFVVJCgTBPtrkT59sjJeUnUBp3hkXLrXBJ4Tr+jTAgKwd+0kiVBDx/QYN2fsaqHm9ON9By4SDEyB1kQtsDIJj3JTrorBpB/BQj1hitRcbLmLSQe/DcLtkG2aWZVmtukAD0bag0wjjWyJes6kadQ7Y1pSnbtPBi4041RMWkiXHgh9DTQcQJBCFpFTHFyxGrD/v+no1180ObTbtS6/cys7eBI0hp9yV2WCJxGDiMcjsicO+uSlpXx6hVGPS8YHu390FAyyNtjTG6tIiMUpO5w9Wjq3cj67tlLJLIkd6Ey8UPBKyttgzWFNaxYUFIJ4scbhoB69J9R8vwhmU06l7GZ4OeXW08/hqAUr4IEPGjMZnKZV0jm5CdFqFA4CLRyju+EIFzmjtQyFnurvaIJB9UQJVRpe74gXHj56Txc8fpwstfwZspZIds2yqFMkV+kpV7T0c4GBaPU3VfQR692ZDl/EuS0692WfKlocFRdQ2yGAOKJI8upnh8Urm8kLESMACjkzi9RDMsadjacLhbu9uCnC4jGzcL3sM5BAyL6KEYgCsx6RZkaUF92Q30zYFbLScfnq7sW32rpD6NDI5eZ0yZFUOhHA0DGqH+BK/tq6cQjgI+YJVXFlu3jTI0XDKX2i9c9u4eFffTcd2nLriY1+O7wAoh2NVr0VBhTZbzUWD2kFa/NEwEYl1NgUBOtFuMO29+BIDOEnMyWLXWCl66HBbcePX0u+9RCMI4j1uXTX+HoHATFjDzxSHZInUMzbv8OuigWfl7Z/kSsQIZP1pUs/x9vOGModb3yqfjy6fiRYefgg71t1jwX251gPWgL4qXngfONDflMmWCkqcGT//WnkKogHdXsB5f0O6FshZghLsfIa7t57AQUJuDCe9xDpzvR4x60kKw7DlMZKSecE83rfBjsEopsys6XJC0/cg+DJd/sIH1CxAKBwpVkuPRjWrIfnArgA0FHTFCMAzTJZEgFdS4p9IajQKk2D+zGWLxpkBSgKubk41FauioDhgvk71nHI548DKk9PXFi13pawc4tFmQqOchRQCXyydf/wyQ0s1KGniUfWq5scdEHw+wnLx9dCrZZHSrocb4UGEbz4ivNOXIlXob6jyn2hHQwUDdzDoAsRfUB0qOMkj/MEKtX3e01zzoipZuu2QkmJZUyaEx4UOzU5mDXbGtyl+i4CVQ7gTlOLxFSPyOyDmH4Cwz0HmAISCfbAjX9G6yCHj3mNHCZRLfaYIgbFZDD7rP8HXByYOlBwDGf5MMTPNVOzr9kN9SiL2Rz1vvEBgCmWP7cmwuF0ubhiTaHd7Comr+lYOcPFjE5lkOSPBsOEZDNUp4pNfEJwpCQSMGaAyWbQnc1w1WzypgsY8Ds5GFZBvkYRo255tPARmhGNAwMTkCMj1dojE7682n16YF4xQpqfMUzq9Sy5WUhVOm9Sq3weFwp7ojy9FTM9StdjS+og1swMKAcTnkMrbA30q9wGLl1emOZPweT+D953JktXnV7FaXbVzC7Al6Gs0Nq/UWtpz0qxKfXfNtoPPB+1kV7Bgz9zOjSZZDS/2zdR967gYvQnUlAl0top80CKukdcxoMZokAsrjh3f0P/drcrDPnMoOjp90Eua8lPwo7p8+g5Tkin1SLdrCiokXJs9mw2BVj2VrpWGmVvynXswqi7YNgN34riSYHzDvaWpSowR9Vp48U0AXfl2qHsnENViWPLb537mN50dHIVDNgFpmzFYSp+h9GmmVZenLg8u0pJnNRTPWK7YeciDmyb9GzRYhZhVKIBmOnNohxQhFLD6IoSn3P49BO9W/lPdtFT4NRr4r2FnkQw9X66escU/4xPLe0vGYL27PaxkzhT3tUcfUls+jC8zHSbdZFmtuW3BEGGnSteNL++IEeL32zTjdPJupt0QdJ+Ls3RWxI8QHQgPnglIyoBODPr0OXfngP7fwVdXVvI+DxeloFddIVlAVbR3NUrRBFkUta7RXAjJIlcH8CUPyjNWgKFq+JwwwaFF5BGSD7+vY7TTq/rpxElg0Ln2qiSHbH8GWq7IF9FxfCFMl8hPqlGe/h4rwN2Fe5T58mPAcsy/fO7NG74UDLKKPvyTjmBcZvr9aW0Kmvej5ShntYR0UsxwqLBkDubQs9leO93Sohc2a0Ed2y27hplvkpgjU6wFPamYhMhUZvUNBaIWuSk7W7aVy+A1FOPdEawKneAcZISHMuY0lpy5xoEbexIU0iSkukJUYZSEb9HG60BpCTeB+kOqCOJui1sJ/qYsC7NjPkJNb1IUDEJaQDsaVNVVX1NrIdKsDDlGJ8mGAUto0OVWnKtMGOo9ylXwcNv9un8fYoJL3uNx5j4bU1deJprOmiCpnxTiAUPLdVksfYi9fcQzXyDiPrqdfu/bDHcDoGVbvpI5PWupf0FxVsPmpfmgnxuZ+ibyweX7h32knoQ+X/RP1hDVQ9XsXHiJNDxj/1swnUpR0rIilziqsZEd+sQ5NhX1bWctQ4ffJI+G85e0jwBwNVechKdqgZzPNHly+rZ0TSybyKls5wyaZ+2G1mZuJ8GgkRHXFYwimZ79kzyEkoTXtyULXJ5zrtMTJw37kJRdaYW6G4lkDG1kYLc34vkbciRvapXmdZDKAeYEofnBAvq9wqkylq7SqhtsE4HBi84/WBvJeL+daE2o3mmRJ6C6ngFGbuAZZchlGFNC1Mz84fFqaNHvsRx9AJqtkyZt3HSA+ODF/H3A7K+g9Bp27dGkdn2e8++LpOlbkKNmMofOJQu+OMG3qpA0TNVPikc/KojR9YtZ92BQiMABmGbpSrf
|
||
|
"deleted": false,
|
||
|
"disable_correlation": false,
|
||
|
"object_relation": "malware-sample",
|
||
|
"timestamp": "1561697248",
|
||
|
"to_ids": true,
|
||
|
"type": "malware-sample",
|
||
|
"uuid": "5d159be0-1c50-4132-820a-4b3c02de0b81",
|
||
|
"value": "9356ef24e81ae6c4c38839383156a2a00c3f183a31860b7bc566f92f1f1a3f9c|b928172c67689b98c94d1db283a8cf15"
|
||
|
},
|
||
|
{
|
||
|
"category": "Payload delivery",
|
||
|
"comment": "",
|
||
|
"deleted": false,
|
||
|
"disable_correlation": false,
|
||
|
"object_relation": "filename",
|
||
|
"timestamp": "1561697248",
|
||
|
"to_ids": false,
|
||
|
"type": "filename",
|
||
|
"uuid": "5d159be0-a804-4975-8b21-435702de0b81",
|
||
|
"value": "9356ef24e81ae6c4c38839383156a2a00c3f183a31860b7bc566f92f1f1a3f9c"
|
||
|
},
|
||
|
{
|
||
|
"category": "Payload delivery",
|
||
|
"comment": "",
|
||
|
"deleted": false,
|
||
|
"disable_correlation": false,
|
||
|
"object_relation": "md5",
|
||
|
"timestamp": "1561697248",
|
||
|
"to_ids": true,
|
||
|
"type": "md5",
|
||
|
"uuid": "5d159be0-673c-4e0c-ae0f-4c3102de0b81",
|
||
|
"value": "b928172c67689b98c94d1db283a8cf15"
|
||
|
},
|
||
|
{
|
||
|
"category": "Payload delivery",
|
||
|
"comment": "",
|
||
|
"deleted": false,
|
||
|
"disable_correlation": false,
|
||
|
"object_relation": "sha1",
|
||
|
"timestamp": "1561697248",
|
||
|
"to_ids": true,
|
||
|
"type": "sha1",
|
||
|
"uuid": "5d159be0-094c-4421-99a9-422602de0b81",
|
||
|
"value": "826b1abf68c39a6ab56a5eb6da16a5e4084a0a75"
|
||
|
},
|
||
|
{
|
||
|
"category": "Payload delivery",
|
||
|
"comment": "",
|
||
|
"deleted": false,
|
||
|
"disable_correlation": false,
|
||
|
"object_relation": "sha256",
|
||
|
"timestamp": "1561697248",
|
||
|
"to_ids": true,
|
||
|
"type": "sha256",
|
||
|
"uuid": "5d159be0-c5ec-4fdf-b90e-4d8002de0b81",
|
||
|
"value": "9356ef24e81ae6c4c38839383156a2a00c3f183a31860b7bc566f92f1f1a3f9c"
|
||
|
},
|
||
|
{
|
||
|
"category": "Other",
|
||
|
"comment": "",
|
||
|
"deleted": false,
|
||
|
"disable_correlation": true,
|
||
|
"object_relation": "size-in-bytes",
|
||
|
"timestamp": "1561697248",
|
||
|
"to_ids": false,
|
||
|
"type": "size-in-bytes",
|
||
|
"uuid": "5d159be0-d0a4-4fc0-9f8d-4a9102de0b81",
|
||
|
"value": "921600"
|
||
|
}
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"comment": "",
|
||
|
"deleted": false,
|
||
|
"description": "File object describing a file with meta-information",
|
||
|
"meta-category": "file",
|
||
|
"name": "file",
|
||
|
"template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215",
|
||
|
"template_version": "17",
|
||
|
"timestamp": "1561711279",
|
||
|
"uuid": "5d159be2-63dc-4773-94bc-498502de0b81",
|
||
|
"ObjectReference": [
|
||
|
{
|
||
|
"comment": "",
|
||
|
"object_uuid": "5d159be2-63dc-4773-94bc-498502de0b81",
|
||
|
"referenced_uuid": "a2ed7979-f68c-402d-a8fa-701ea3ef90d4",
|
||
|
"relationship_type": "analysed-with",
|
||
|
"timestamp": "1561711280",
|
||
|
"uuid": "5d15d2b0-2b10-4ed6-8362-64c6950d210f"
|
||
|
}
|
||
|
],
|
||
|
"Attribute": [
|
||
|
{
|
||
|
"category": "Payload delivery",
|
||
|
"comment": "",
|
||
|
"data": "UEsDBBQACQAIAO8l3E7JyOjxWs4AAAAAoAAgABwAODkzNTdhMWIyZTMyZjJiOWJkZGZmOTRiODEzNjgxMGJVVAkAA+KbFV3imxVddXgLAAEEIQAAAAQhAAAA20NyTyDNylXhOGKROlWRDMXaEKDk2BeWQ/t4s8oHGILeinqPJXdl7hFO30kwlmpOfKbx0S1HwqTp3lYwdS0OETV2/u+L7kJuWYtUZ3QWrBO7QoKUL5bALVjtBRqBaWNdxAWzWZeCj/YeFIt2cyX3k/oCwSm1BmfPY3CMSqQsWNCByLN/YvnAMzxy2qAnnNDw19Em23KQ6ZRmmU68cXpD/2k8J+DU2ouVA2ec1pPe/LOhqHEj3grZ4oB9mZks+q9osTC4J4yIm7uo58fxiXF91SsnqtSwXii9SgduP4duGHoBafLMKJPcuvUGyVp95FE4hx/4HBgrmafViWWw39wwumPPtf5EExQ0IanGwLdwar4p3vC2YR8fftaFYD9QSMi5X3oJxweVp4As9IkWyGWNXhSXkB1QFI0g5SOTLaTmPyVWhgr7t1Vj0w7b9s7UthLm3ESboOjqOgL6Lk6blTndsOKuep0BQP8D+SNzmFNhWw/lHohQIaHzEU9lIwBTd21BnmS47OlQlPLanY1rUXhBvoLldnbWp3S4p4SJ41Ctd45kM42waz+c0FrKRn8dEqDiAs4TILNXMk+PXB0mAEV6sKU6RUkjAmfCuKW2VEs9srKLrJBMLDXPd3S5Ti9AKpRA6iaVf5HP0j9nnEkxUIVM7wyF1ZZ94JeJi7vXOl0mwwCdEUIBDf9B67oAU3AV0tI2cFxhZKmGNnmFMQfD5aXPARCBpRicq/Ca1qpVBA2KAShBg8piCmuO7DjMFA9JcuL8C2HWImdzw1dXi1x7lNvdYyHyg2MBF25yDxVTBwsYCY71FIvUFdzKtbWO0aNvGMhle2fLl7+AYHvhIiJYUHhRg3J2fb7lc4gbLvtPguR2Fq3mhFaEjDEmXrE2puBImCX8TH7tPsyNKy3twaRFkV8cj40wTIsb4N/4S5pEDhUN3ZY4o/T6nUEJTlaR5P17Gkn02XfVbZn/YKgiFFdn7uL6uTLXmK9w+4YSpCA2pCdsy0q+i//X/NQlZdKBkiwfIVDwdt9tJolPKCuT+ARNabh1abQsIJOYX0k2ORNgfRa/lYmantfa+yHpYG+OAbu2OiWmMT4CdKEFO1TEYvhEdizddQQExEu1eY6Gha9bHmY0fWnOx5ioBPsiS5RXvTSdahaJ4fLuyF9ZvDVur3FfciLJZ13kZ/GsXJJ4fb1A1lTaBHwWlYBIjq6TsoNP3aL42vdy3CzAkCuINZkWewsHSYJAw5oYUL1hhQQsNfLYbrXbIBj8YvwmJC5VKw58xsjEAIgCi1RmHCNBf+eWTtY8D/KM/TM2r3fkqabBdQfvfoy2cpLuOTFtw3uBqwh+tkRryssmNFZi/sBbTcWt5mY5ZWZNREqR+jHC94B/TD5QY9OK3hM63rZDfoFGTcpUcjNnYAz5Qt8pKHcf6bvTPnf4esrrPt6QhBjk8VMcb4qlAqD42WvGY4MdDM61Uro/osRZleYFAY40dRrluyuKhYAfUdDgs7lnVTMCEUbshYLqCdJ0cPP9HWxAIE/OORi3YW2PdpL1H77Z+rx4PwZowiNbxaSIg6c7jjdS7RiZwzH5pUpcmPLcn+W17DjgnQT3+esn+sC+ik/ry12N4aC6V5eBlIqriIfLYIYbFSLRh+DXYuWrT+C3iMtphjkUIdUqZl2VBUfIKxN3QpfLX76inu1AhY6DbWyCsypIsydmM3PI+bFs70cDjP0gWC3lE3QQjh3170Af9IuW48YXpIacFj7EqDiw3J64aTXbTkirgFtmsdx+/iPifBUYaXmhwA5FYflvzKfM9766xDMtN4juPrSgYo4WMJ2q7/AjLq4+AA2BCduIkUv3XrGAGGr+GAYieruOvDTPHh0qawiJXHOU0sLiYkx4Fmbf/Trj2rZJmIcYjhUfj+QVLtkALj21duk7cGCuJ7WuRCsEdeOT8jKtGD8imdWL36T6neiNu/wrMUBbcApw0rvxPecML8d5jQpl5IOIbE7rpttSYhH570+ndJOmmswzDWElK2un/eYEzKVRBE9w7yh8CXZSoeLZkb4hrJHKT+gsX4EVhNRb2CYXphIWvxPa11KRU/r+8CzmGHuXcz69QZnfCV2RUeFhmxvii0ku1FFDqI80hp7ROvu+nfBZYa8/KNVNRZ+XmJ8jllpjFREQNtZIwhAG7FUzOt5aSeW5kFUt/lJKhb9aRaPpwA9e6vnSxCqXApYhDFlWCFot68GGpu/HISV9HXPHqx707qenF7tokptVW3oxtJz/ie49sTNfVbw3OJrpo5hwWw2T53w6nbT6sfwUI4iyLZdB3WzfuAN3i8E3NRR6W6tCExOoBKx1O5oeXVILiUs2xqF2i+xmgJQxwNFuY4jstJZk4dCIFaq5og1QK+BkmBfi/maiaVZg1Bdk6cCNQtL5vbgbkr9CTAhTZ24IDXhFJGexLZbz2fKZe14EuhQIha7O0cbN1793bSTq7TlqfsHJ7JEglyXwHOq4wv9J+wt1qOuhXmL51AqAk1Wvgkr3MKqdlRqiLz1J36xDGOaaYlAEdCa12ec7ISxr1pDYWtyXTobWrYiDFoPaPRa54+AqhnKlvoIIJnIgYoydxMY0YuFRTVLyXgZeMW2OuyY7QIVt3PX3lL34/AHNO5cEtLvUPm4NZ1+CKZ454cbdfedxcIDKOcTJpEHnO4jxkCU+GLlvZIPuSPKxzFOK615QbK8uc9jHDYli7ZtnS4uox7BR2/qElUkimQHkahQkQt6JM23dqM7FOAqcYBYIsG0rKgauD8QLE9g3C+Qbx162etnj0cBpktqBltpWJxV5BLhkOft+BmfUBpqAn+d+I1m3HTOd1RhAK8NsDFp32dTq6H722N5PePvPomARNhGvJz0PRMl0Ek06n6+U5PG6V5SJoSEKj+vxkJkP7M+qZ0D1kISmgz89WNKlrPnlEAebokNj301OFKVL+DPlt7fON3Ip3luy78gk8lDhQOpL+E+GIWl2tf/nXvRhmvTUkkIz4ZgrFKQ4mwWM1/KOAUobSz2Oha0+u9whZpFqpVyO6n/oNiJ27LpnZoBJYL8sgzPz0lZ3Mf7Xm1ePuxZG439v6Pn1FTsMUCoNM+0twOnXJYCS1CG1clC6VqNa6qvgcRpe95Z1vd0yAj4jKTcIv3lEcL7LyOYaQZdR5Gq48crNjb6YZqLzf8PL9603eMZJzyOYuOFvc6Wl1wqU51y1XqZRTU33uPLyPJbnKQtMv7pv8px0l8PCquu5YEOvvDSXu9T8px9DKMonV8X3eowhmWxyqlw30cXuoqcnpLrJexQMXUA7M395IBrZwlsaDfLfdit0T7/PtH6LdGyS1zIrXUnlbh7JHbFdQ40bTAnu+DnCmQmHfjSxNyz/8x3uKn8491K0Hhq6UmHEoD3hgcd4Mw9844Zb18FpeQ+C1Tg+bxKcCutcuGMbLXue/my+FcelJQKCHJH5wyG1ZgDE428HXLs7HzAiBn2nUB4WMjanjG+CFgxqor68tlpdhrCSiv29geJzVA6uCsK6x0JWTpQbztQWx7xrrP80mttPmOZgEhb3mrKid9R28Ywk2KPaaDYeBNue4htG9x3ltdRKMJ7oRpW3Sfnjn1YixpB4Zumbav0dRwmTAJxHyktXOpscTH0aK2+yZrjw7E/uQxdh4E561Nog8pzinyOSXaxb3SDYM54YSpuHYfDcCKBjcr1o1RsFAjKM49scyycbnHI1dpO2N3gGLVbfjiUFb5P6FNZWm7k3NSuSIpvAhi2NNSWYPuciCU6Wu6IP9fqtzEvua9EU9xPtPWgepkMPN/HCGxIr9UkagRDZ48futP2C1sPl6sBBFw3aPvBBTU/4JNzRDSp7WpR+e0AvRR55N8+fKhCWLJj8g/KgMKMN8OjSNlhl9q+SHI8pb4OmZq3QhXGTUUN72G0bBxtVq21ss8rpiS0ah//NGnfNcfFZWVQZr4Y+RcYUK4zP4DRQ00
|
||
|
"deleted": false,
|
||
|
"disable_correlation": false,
|
||
|
"object_relation": "malware-sample",
|
||
|
"timestamp": "1561697250",
|
||
|
"to_ids": true,
|
||
|
"type": "malware-sample",
|
||
|
"uuid": "5d159be2-5838-4931-9257-436002de0b81",
|
||
|
"value": "cdf9137b9dd78d79532a8f8c2f65917601b87f8f25b68027b139db88c6529145|89357a1b2e32f2b9bddff94b8136810b"
|
||
|
},
|
||
|
{
|
||
|
"category": "Payload delivery",
|
||
|
"comment": "",
|
||
|
"deleted": false,
|
||
|
"disable_correlation": false,
|
||
|
"object_relation": "filename",
|
||
|
"timestamp": "1561697250",
|
||
|
"to_ids": false,
|
||
|
"type": "filename",
|
||
|
"uuid": "5d159be2-3f9c-4070-8e21-461d02de0b81",
|
||
|
"value": "cdf9137b9dd78d79532a8f8c2f65917601b87f8f25b68027b139db88c6529145"
|
||
|
},
|
||
|
{
|
||
|
"category": "Payload delivery",
|
||
|
"comment": "",
|
||
|
"deleted": false,
|
||
|
"disable_correlation": false,
|
||
|
"object_relation": "md5",
|
||
|
"timestamp": "1561697250",
|
||
|
"to_ids": true,
|
||
|
"type": "md5",
|
||
|
"uuid": "5d159be2-d4b4-4d97-9e14-406a02de0b81",
|
||
|
"value": "89357a1b2e32f2b9bddff94b8136810b"
|
||
|
},
|
||
|
{
|
||
|
"category": "Payload delivery",
|
||
|
"comment": "",
|
||
|
"deleted": false,
|
||
|
"disable_correlation": false,
|
||
|
"object_relation": "sha1",
|
||
|
"timestamp": "1561697250",
|
||
|
"to_ids": true,
|
||
|
"type": "sha1",
|
||
|
"uuid": "5d159be2-ed60-466b-aa51-47a702de0b81",
|
||
|
"value": "56f2779d7ba90aa83a463be40f6ef9d9d030355e"
|
||
|
},
|
||
|
{
|
||
|
"category": "Payload delivery",
|
||
|
"comment": "",
|
||
|
"deleted": false,
|
||
|
"disable_correlation": false,
|
||
|
"object_relation": "sha256",
|
||
|
"timestamp": "1561697250",
|
||
|
"to_ids": true,
|
||
|
"type": "sha256",
|
||
|
"uuid": "5d159be2-d538-42e6-8dac-4d0a02de0b81",
|
||
|
"value": "cdf9137b9dd78d79532a8f8c2f65917601b87f8f25b68027b139db88c6529145"
|
||
|
},
|
||
|
{
|
||
|
"category": "Other",
|
||
|
"comment": "",
|
||
|
"deleted": false,
|
||
|
"disable_correlation": true,
|
||
|
"object_relation": "size-in-bytes",
|
||
|
"timestamp": "1561697250",
|
||
|
"to_ids": false,
|
||
|
"type": "size-in-bytes",
|
||
|
"uuid": "5d159be2-6744-4470-900b-43fb02de0b81",
|
||
|
"value": "10485760"
|
||
|
}
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"comment": "",
|
||
|
"deleted": false,
|
||
|
"description": "VirusTotal report",
|
||
|
"meta-category": "misc",
|
||
|
"name": "virustotal-report",
|
||
|
"template_uuid": "d7dd0154-e04f-4c34-a2fb-79f3a3a52aa4",
|
||
|
"template_version": "2",
|
||
|
"timestamp": "1561711279",
|
||
|
"uuid": "4b8b54b1-b3a1-4ed4-a324-468df8df0874",
|
||
|
"Attribute": [
|
||
|
{
|
||
|
"category": "Other",
|
||
|
"comment": "",
|
||
|
"deleted": false,
|
||
|
"disable_correlation": false,
|
||
|
"object_relation": "last-submission",
|
||
|
"timestamp": "1561697183",
|
||
|
"to_ids": false,
|
||
|
"type": "datetime",
|
||
|
"uuid": "eccd6e7a-052f-432b-88b2-790c76d89f47",
|
||
|
"value": "2019-06-28T03:10:00"
|
||
|
},
|
||
|
{
|
||
|
"category": "Payload delivery",
|
||
|
"comment": "",
|
||
|
"deleted": false,
|
||
|
"disable_correlation": false,
|
||
|
"object_relation": "permalink",
|
||
|
"timestamp": "1561697183",
|
||
|
"to_ids": false,
|
||
|
"type": "link",
|
||
|
"uuid": "029edbb5-a154-4db0-a3e1-632521a58ce8",
|
||
|
"value": "https://www.virustotal.com/file/d53ebf9fe70bce05a00fb6dded971f49b070ed8e10beb0e40d48e3495b274a23/analysis/1561691400/"
|
||
|
},
|
||
|
{
|
||
|
"category": "Payload delivery",
|
||
|
"comment": "",
|
||
|
"deleted": false,
|
||
|
"disable_correlation": true,
|
||
|
"object_relation": "detection-ratio",
|
||
|
"timestamp": "1561697183",
|
||
|
"to_ids": false,
|
||
|
"type": "text",
|
||
|
"uuid": "002fe056-a0a5-4311-8807-0c91c3f87678",
|
||
|
"value": "12/55"
|
||
|
}
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"comment": "",
|
||
|
"deleted": false,
|
||
|
"description": "VirusTotal report",
|
||
|
"meta-category": "misc",
|
||
|
"name": "virustotal-report",
|
||
|
"template_uuid": "d7dd0154-e04f-4c34-a2fb-79f3a3a52aa4",
|
||
|
"template_version": "2",
|
||
|
"timestamp": "1561711279",
|
||
|
"uuid": "acffc28c-bf93-447e-b63c-68c2dd2b85eb",
|
||
|
"Attribute": [
|
||
|
{
|
||
|
"category": "Other",
|
||
|
"comment": "",
|
||
|
"deleted": false,
|
||
|
"disable_correlation": false,
|
||
|
"object_relation": "last-submission",
|
||
|
"timestamp": "1561697248",
|
||
|
"to_ids": false,
|
||
|
"type": "datetime",
|
||
|
"uuid": "7f85ac63-9dc1-48ab-a228-2f9b70fef7e6",
|
||
|
"value": "2019-06-28T03:29:24"
|
||
|
},
|
||
|
{
|
||
|
"category": "Payload delivery",
|
||
|
"comment": "",
|
||
|
"deleted": false,
|
||
|
"disable_correlation": false,
|
||
|
"object_relation": "permalink",
|
||
|
"timestamp": "1561697248",
|
||
|
"to_ids": false,
|
||
|
"type": "link",
|
||
|
"uuid": "bef88d9e-1dc1-4f97-ad3b-468f6a2a19c3",
|
||
|
"value": "https://www.virustotal.com/file/9356ef24e81ae6c4c38839383156a2a00c3f183a31860b7bc566f92f1f1a3f9c/analysis/1561692564/"
|
||
|
},
|
||
|
{
|
||
|
"category": "Payload delivery",
|
||
|
"comment": "",
|
||
|
"deleted": false,
|
||
|
"disable_correlation": true,
|
||
|
"object_relation": "detection-ratio",
|
||
|
"timestamp": "1561697248",
|
||
|
"to_ids": false,
|
||
|
"type": "text",
|
||
|
"uuid": "2379bbf3-23d5-4ebf-96d3-0a1a77f4e1f8",
|
||
|
"value": "9/54"
|
||
|
}
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"comment": "",
|
||
|
"deleted": false,
|
||
|
"description": "VirusTotal report",
|
||
|
"meta-category": "misc",
|
||
|
"name": "virustotal-report",
|
||
|
"template_uuid": "d7dd0154-e04f-4c34-a2fb-79f3a3a52aa4",
|
||
|
"template_version": "2",
|
||
|
"timestamp": "1561711280",
|
||
|
"uuid": "818eadb9-e542-4def-b9e9-a8ecee1b9737",
|
||
|
"Attribute": [
|
||
|
{
|
||
|
"category": "Other",
|
||
|
"comment": "",
|
||
|
"deleted": false,
|
||
|
"disable_correlation": false,
|
||
|
"object_relation": "last-submission",
|
||
|
"timestamp": "1561697182",
|
||
|
"to_ids": false,
|
||
|
"type": "datetime",
|
||
|
"uuid": "5bd40a85-9bc4-4c28-adda-8fa3821d47b5",
|
||
|
"value": "2019-06-28T03:10:12"
|
||
|
},
|
||
|
{
|
||
|
"category": "Payload delivery",
|
||
|
"comment": "",
|
||
|
"deleted": false,
|
||
|
"disable_correlation": false,
|
||
|
"object_relation": "permalink",
|
||
|
"timestamp": "1561697182",
|
||
|
"to_ids": false,
|
||
|
"type": "link",
|
||
|
"uuid": "aac8c9f0-111b-46c0-b7ab-e287effa62b5",
|
||
|
"value": "https://www.virustotal.com/file/f6bf5b8bb2400aad4ac844f2b94a4e556907f35b44c5ff462fb4e70c0208c9de/analysis/1561691412/"
|
||
|
},
|
||
|
{
|
||
|
"category": "Payload delivery",
|
||
|
"comment": "",
|
||
|
"deleted": false,
|
||
|
"disable_correlation": true,
|
||
|
"object_relation": "detection-ratio",
|
||
|
"timestamp": "1561697182",
|
||
|
"to_ids": false,
|
||
|
"type": "text",
|
||
|
"uuid": "8ed97b32-2310-4c7e-a2b7-b1a2f10ea6bb",
|
||
|
"value": "11/58"
|
||
|
}
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"comment": "",
|
||
|
"deleted": false,
|
||
|
"description": "VirusTotal report",
|
||
|
"meta-category": "misc",
|
||
|
"name": "virustotal-report",
|
||
|
"template_uuid": "d7dd0154-e04f-4c34-a2fb-79f3a3a52aa4",
|
||
|
"template_version": "2",
|
||
|
"timestamp": "1561711280",
|
||
|
"uuid": "a2ed7979-f68c-402d-a8fa-701ea3ef90d4",
|
||
|
"Attribute": [
|
||
|
{
|
||
|
"category": "Other",
|
||
|
"comment": "",
|
||
|
"deleted": false,
|
||
|
"disable_correlation": false,
|
||
|
"object_relation": "last-submission",
|
||
|
"timestamp": "1561697250",
|
||
|
"to_ids": false,
|
||
|
"type": "datetime",
|
||
|
"uuid": "219e65be-3ab2-4fe3-8a96-fb4f81d7ab7a",
|
||
|
"value": "2019-06-28T03:09:09"
|
||
|
},
|
||
|
{
|
||
|
"category": "Payload delivery",
|
||
|
"comment": "",
|
||
|
"deleted": false,
|
||
|
"disable_correlation": false,
|
||
|
"object_relation": "permalink",
|
||
|
"timestamp": "1561697250",
|
||
|
"to_ids": false,
|
||
|
"type": "link",
|
||
|
"uuid": "6630b0d4-6947-423d-a0a5-517579836259",
|
||
|
"value": "https://www.virustotal.com/file/cdf9137b9dd78d79532a8f8c2f65917601b87f8f25b68027b139db88c6529145/analysis/1561691349/"
|
||
|
},
|
||
|
{
|
||
|
"category": "Payload delivery",
|
||
|
"comment": "",
|
||
|
"deleted": false,
|
||
|
"disable_correlation": true,
|
||
|
"object_relation": "detection-ratio",
|
||
|
"timestamp": "1561697250",
|
||
|
"to_ids": false,
|
||
|
"type": "text",
|
||
|
"uuid": "be04d14c-b55e-459f-a5de-a6bc9febb98f",
|
||
|
"value": "3/54"
|
||
|
}
|
||
|
]
|
||
|
}
|
||
|
]
|
||
|
}
|
||
|
}
|