2023-04-21 13:25:09 +00:00
{
"Event" : {
"analysis" : "0" ,
"date" : "2022-04-20" ,
"extends_uuid" : "c65578dd-3d7d-4a1a-bc30-7d12af38a59a" ,
"info" : "A22-108A TraderTraitor North Korean State-Sponsored APT Targets Blockchain Companies" ,
"publish_timestamp" : "1650976852" ,
"published" : true ,
"threat_level_id" : "3" ,
"timestamp" : "1650976786" ,
"uuid" : "2ec1f538-1915-4636-8b38-101cb1efce5e" ,
"Orgc" : {
"name" : "CIRCL" ,
"uuid" : "55f6ea5e-2c60-40e5-964f-47a8950d210f"
} ,
"Tag" : [
{
"colour" : "#ffffff" ,
2023-05-19 09:05:37 +00:00
"local" : "0" ,
"name" : "tlp:white" ,
"relationship_type" : ""
2023-04-21 13:25:09 +00:00
} ,
{
"colour" : "#0088cc" ,
2023-05-19 09:05:37 +00:00
"local" : "0" ,
"name" : "misp-galaxy:mitre-attack-pattern=\"Private Keys - T1552.004\"" ,
"relationship_type" : ""
2023-04-21 13:25:09 +00:00
} ,
{
"colour" : "#0088cc" ,
2023-05-19 09:05:37 +00:00
"local" : "0" ,
"name" : "misp-galaxy:mitre-enterprise-attack-intrusion-set=\"Lazarus Group - G0032\"" ,
"relationship_type" : ""
2023-04-21 13:25:09 +00:00
} ,
{
"colour" : "#13eb00" ,
2023-05-19 09:05:37 +00:00
"local" : "0" ,
"name" : "misp-galaxy:threat-actor=\"Lazarus Group\"" ,
"relationship_type" : ""
2023-04-21 13:25:09 +00:00
} ,
{
"colour" : "#0088cc" ,
2023-05-19 09:05:37 +00:00
"local" : "0" ,
"name" : "misp-galaxy:mitre-attack-pattern=\"Web Protocols - T1071.001\"" ,
"relationship_type" : ""
2023-04-21 13:25:09 +00:00
} ,
{
"colour" : "#0088cc" ,
2023-05-19 09:05:37 +00:00
"local" : "0" ,
"name" : "misp-galaxy:mitre-attack-pattern=\"Spearphishing Attachment - T1566.001\"" ,
"relationship_type" : ""
2023-04-21 13:25:09 +00:00
} ,
{
"colour" : "#004646" ,
2023-05-19 09:05:37 +00:00
"local" : "0" ,
"name" : "type:OSINT" ,
"relationship_type" : ""
2023-04-21 13:25:09 +00:00
} ,
{
"colour" : "#0071c3" ,
2023-05-19 09:05:37 +00:00
"local" : "0" ,
"name" : "osint:lifetime=\"perpetual\"" ,
"relationship_type" : ""
2023-04-21 13:25:09 +00:00
} ,
{
"colour" : "#0087e8" ,
2023-05-19 09:05:37 +00:00
"local" : "0" ,
"name" : "osint:certainty=\"50\"" ,
"relationship_type" : ""
2023-04-21 13:25:09 +00:00
}
] ,
"Attribute" : [
{
"category" : "Other" ,
"comment" : "Imported from STIX header description" ,
"deleted" : false ,
"disable_correlation" : false ,
"timestamp" : "1650870667" ,
"to_ids" : false ,
"type" : "comment" ,
"uuid" : "26037bec-9923-48ed-9243-2fb493e14ca7" ,
"value" : "This STIX file provides indicators of compromise (IOCs) associated with malicious activity reported in CISA joint Cybersecurity Advisory (CSA), A22-108A TraderTraitor North Korean State-Sponsored APT Targets Blockchain Companies. \n\nThe Federal Bureau of Investigation (FBI), the Cybersecurity and CISA, and the U.S. Treasury Department (Treasury) are issuing this joint Cybersecurity Advisory (CSA) to highlight the cyber threat associated with cryptocurrency thefts and tactics used by a North Korean state-sponsored advanced persistent threat (APT) group since at least 2020. This group is commonly tracked by the cybersecurity industry as Lazarus Group, APT38, BlueNoroff, and Stardust Chollima.\n\nThe U.S. government has observed North Korean cyber actors targeting a variety of organizations in the blockchain technology and cryptocurrency industry, including cryptocurrency exchanges, decentralized finance (DeFi) protocols, play-to-earn cryptocurrency video games, cryptocurrency trading companies, venture capital funds investing in cryptocurrency, and individual holders of large amounts of cryptocurrency or valuable non-fungible tokens (NFTs). The activity described in this advisory involves social engineering of victims using a variety of communication platforms to \nencourage individuals to download trojanized cryptocurrency applications on Windows or macOS operating systems."
} ,
{
"category" : "Network activity" ,
"comment" : "" ,
"deleted" : false ,
"disable_correlation" : false ,
"timestamp" : "1650870667" ,
"to_ids" : true ,
"type" : "url" ,
"uuid" : "7996a879-2015-4978-b428-4504812f1cfb" ,
"value" : "https://github.com/dafomdev"
} ,
{
"category" : "Network activity" ,
"comment" : "" ,
"deleted" : false ,
"disable_correlation" : false ,
"timestamp" : "1650870667" ,
"to_ids" : true ,
"type" : "url" ,
"uuid" : "dbd3ad19-23ea-4be1-bee3-1003e226deeb" ,
"value" : "https://aideck.net/board.php"
} ,
{
"category" : "Network activity" ,
"comment" : "" ,
"deleted" : false ,
"disable_correlation" : false ,
"timestamp" : "1650870667" ,
"to_ids" : true ,
"type" : "url" ,
"uuid" : "2e3713bb-cf7a-46ad-bedc-5afa639e23bd" ,
"value" : "https://www.esilet.com/update/"
} ,
{
"category" : "Network activity" ,
"comment" : "" ,
"deleted" : false ,
"disable_correlation" : false ,
"timestamp" : "1650870667" ,
"to_ids" : true ,
"type" : "url" ,
"uuid" : "243da19b-2f73-4629-bf4a-d8e34f83ef9b" ,
"value" : "https://www.alticgo.com/update/"
} ,
{
"category" : "Network activity" ,
"comment" : "" ,
"deleted" : false ,
"disable_correlation" : false ,
"timestamp" : "1650870667" ,
"to_ids" : true ,
"type" : "domain" ,
"uuid" : "5d624335-16b2-4ada-8628-25466817873b" ,
"value" : "dafom.dev"
} ,
{
"category" : "Network activity" ,
"comment" : "" ,
"deleted" : false ,
"disable_correlation" : false ,
"timestamp" : "1650870667" ,
"to_ids" : true ,
"type" : "domain" ,
"uuid" : "6db08035-8790-451e-96f3-1e2b6f035aa8" ,
"value" : "tokenais.com"
} ,
{
"category" : "Network activity" ,
"comment" : "" ,
"deleted" : false ,
"disable_correlation" : false ,
"timestamp" : "1650870667" ,
"to_ids" : true ,
"type" : "domain" ,
"uuid" : "715a7786-5f1f-4f81-90b4-8eee729512cb" ,
"value" : "cryptais.com"
} ,
{
"category" : "Network activity" ,
"comment" : "" ,
"deleted" : false ,
"disable_correlation" : false ,
"timestamp" : "1650870667" ,
"to_ids" : true ,
"type" : "domain" ,
"uuid" : "f7a2638d-221b-41d8-beb9-626694e88b11" ,
"value" : "aideck.net"
} ,
{
"category" : "Network activity" ,
"comment" : "" ,
"deleted" : false ,
"disable_correlation" : false ,
"timestamp" : "1650870667" ,
"to_ids" : true ,
"type" : "domain" ,
"uuid" : "489cff95-9bef-4d3e-9985-fbf95229d146" ,
"value" : "infodigitalnew.com"
} ,
{
"category" : "Network activity" ,
"comment" : "" ,
"deleted" : false ,
"disable_correlation" : false ,
"timestamp" : "1650870667" ,
"to_ids" : true ,
"type" : "domain" ,
"uuid" : "72651b1a-ae81-4ecf-90e0-80739fc13e2d" ,
"value" : "vinoymas.ch"
} ,
{
"category" : "Network activity" ,
"comment" : "" ,
"deleted" : false ,
"disable_correlation" : false ,
"timestamp" : "1650870667" ,
"to_ids" : true ,
"type" : "domain" ,
"uuid" : "36778e65-f837-4dbb-91ce-977cefd0764b" ,
"value" : "sche-eg.org"
} ,
{
"category" : "Network activity" ,
"comment" : "" ,
"deleted" : false ,
"disable_correlation" : false ,
"timestamp" : "1650870667" ,
"to_ids" : true ,
"type" : "domain" ,
"uuid" : "adb9916c-b61e-4ce8-8cb0-515d4f65fffa" ,
"value" : "creaideck.com"
} ,
{
"category" : "Network activity" ,
"comment" : "" ,
"deleted" : false ,
"disable_correlation" : false ,
"timestamp" : "1650870667" ,
"to_ids" : true ,
"type" : "domain" ,
"uuid" : "cf1cb653-434b-470b-a245-126bd3478fff" ,
"value" : "alticgo.com"
} ,
{
"category" : "Network activity" ,
"comment" : "" ,
"deleted" : false ,
"disable_correlation" : false ,
"timestamp" : "1650870667" ,
"to_ids" : true ,
"type" : "domain" ,
"uuid" : "399bdc0f-5734-4f39-890d-c0e647d1749c" ,
"value" : "haciendadeclarevot.com"
} ,
{
"category" : "Network activity" ,
"comment" : "" ,
"deleted" : false ,
"disable_correlation" : false ,
"timestamp" : "1650870667" ,
"to_ids" : true ,
"type" : "domain" ,
"uuid" : "84b39b96-5d13-49c7-bd6b-0a8469eb69f6" ,
"value" : "greenvideo.nl"
} ,
{
"category" : "Network activity" ,
"comment" : "" ,
"deleted" : false ,
"disable_correlation" : false ,
"timestamp" : "1650870667" ,
"to_ids" : true ,
"type" : "domain" ,
"uuid" : "bc022016-fb5d-45f9-9372-b3c43a9330f7" ,
"value" : "dafnefonseca.com"
} ,
{
"category" : "Network activity" ,
"comment" : "" ,
"deleted" : false ,
"disable_correlation" : false ,
"timestamp" : "1650870667" ,
"to_ids" : true ,
"type" : "domain" ,
"uuid" : "7245b9dc-5913-4b90-b8fc-1a8e61c8eae2" ,
"value" : "esilet.com"
} ,
{
"category" : "Network activity" ,
"comment" : "" ,
"deleted" : false ,
"disable_correlation" : false ,
"timestamp" : "1650870667" ,
"to_ids" : true ,
"type" : "ip-dst" ,
"uuid" : "11e7a976-b7a7-43a8-8c0b-ac54e1fa198e" ,
"value" : "107.154.160.132"
} ,
{
"category" : "Network activity" ,
"comment" : "" ,
"deleted" : false ,
"disable_correlation" : false ,
"timestamp" : "1650870667" ,
"to_ids" : true ,
"type" : "ip-dst" ,
"uuid" : "fb1ccce0-70f7-40f6-b8c3-326a1e9de71d" ,
"value" : "46.16.62.238"
} ,
{
"category" : "Network activity" ,
"comment" : "" ,
"deleted" : false ,
"disable_correlation" : false ,
"timestamp" : "1650870667" ,
"to_ids" : true ,
"type" : "ip-dst" ,
"uuid" : "d062a3a9-5378-4a45-8725-0349cf73165b" ,
"value" : "185.66.41.17"
} ,
{
"category" : "Network activity" ,
"comment" : "" ,
"deleted" : false ,
"disable_correlation" : false ,
"timestamp" : "1650870667" ,
"to_ids" : true ,
"type" : "ip-dst" ,
"uuid" : "73c81e64-4c76-45a1-84a3-62ac4d328983" ,
"value" : "151.101.64.119"
} ,
{
"category" : "Network activity" ,
"comment" : "" ,
"deleted" : false ,
"disable_correlation" : false ,
"timestamp" : "1650870667" ,
"to_ids" : true ,
"type" : "ip-dst" ,
"uuid" : "71ad21b3-c3d8-4d15-9003-b29fc1f7cd0e" ,
"value" : "62.84.240.140"
} ,
{
"category" : "Network activity" ,
"comment" : "" ,
"deleted" : false ,
"disable_correlation" : false ,
"timestamp" : "1650870667" ,
"to_ids" : true ,
"type" : "ip-dst" ,
"uuid" : "5ed6e693-2f43-4f4b-a5b9-31da49a95e69" ,
"value" : "89.45.4.151"
} ,
{
"category" : "Network activity" ,
"comment" : "" ,
"deleted" : false ,
"disable_correlation" : false ,
"timestamp" : "1650870667" ,
"to_ids" : true ,
"type" : "ip-dst" ,
"uuid" : "3638076a-1226-417a-b353-66b300a01a77" ,
"value" : "199.188.103.115"
} ,
{
"category" : "Network activity" ,
"comment" : "" ,
"deleted" : false ,
"disable_correlation" : false ,
"timestamp" : "1650870667" ,
"to_ids" : true ,
"type" : "ip-dst" ,
"uuid" : "c039c944-a64f-4999-b621-b611b14084d3" ,
"value" : "45.14.227.58"
} ,
{
"category" : "Network activity" ,
"comment" : "" ,
"deleted" : false ,
"disable_correlation" : false ,
"timestamp" : "1650870667" ,
"to_ids" : true ,
"type" : "ip-dst" ,
"uuid" : "528afb1b-5401-440f-8da9-30f9c891e337" ,
"value" : "82.102.31.14"
} ,
{
"category" : "Network activity" ,
"comment" : "" ,
"deleted" : false ,
"disable_correlation" : false ,
"timestamp" : "1650870667" ,
"to_ids" : true ,
"type" : "ip-dst" ,
"uuid" : "5f9b3790-8f7e-4502-ad06-c97b93bea86f" ,
"value" : "104.168.98.156"
} ,
{
"category" : "Network activity" ,
"comment" : "" ,
"deleted" : false ,
"disable_correlation" : false ,
"timestamp" : "1650870667" ,
"to_ids" : true ,
"type" : "ip-dst" ,
"uuid" : "830ff7b0-9256-44d5-927c-7ab83552af3d" ,
"value" : "38.132.124.161"
} ,
{
"category" : "Network activity" ,
"comment" : "" ,
"deleted" : false ,
"disable_correlation" : false ,
"timestamp" : "1650870667" ,
"to_ids" : true ,
"type" : "ip-dst" ,
"uuid" : "59065e13-838f-46ac-9aec-254145111c62" ,
"value" : "160.153.235.20"
} ,
{
"category" : "Network activity" ,
"comment" : "" ,
"deleted" : false ,
"disable_correlation" : false ,
"timestamp" : "1650870667" ,
"to_ids" : true ,
"type" : "ip-dst" ,
"uuid" : "7aed108b-795d-4262-a796-912a107a8657" ,
"value" : "108.170.55.202"
}
] ,
"Object" : [
{
"comment" : "" ,
"deleted" : false ,
"description" : "File object describing a file with meta-information" ,
"meta-category" : "file" ,
"name" : "file" ,
"template_uuid" : "688c46fb-5edb-40a3-8273-1af7923e2215" ,
"template_version" : "24" ,
"timestamp" : "1650870667" ,
"uuid" : "8ffff14f-e41a-4105-993e-04e114299f75" ,
"Attribute" : [
{
"category" : "Payload delivery" ,
"comment" : "" ,
"deleted" : false ,
"disable_correlation" : false ,
"object_relation" : "md5" ,
"timestamp" : "1650870667" ,
"to_ids" : true ,
"type" : "md5" ,
"uuid" : "c2c04d47-875d-4cb5-8626-b5e72e520a7d" ,
"value" : "c2ea5011a91cd59d0396eb4fa8da7d21"
} ,
{
"category" : "Payload delivery" ,
"comment" : "" ,
"deleted" : false ,
"disable_correlation" : false ,
"object_relation" : "sha1" ,
"timestamp" : "1650870667" ,
"to_ids" : true ,
"type" : "sha1" ,
"uuid" : "108e505f-5257-4f90-ac5d-9d0d0a5023fa" ,
"value" : "b2d9ca7b6d1bbbe4864ea11dfca343b7e15597d8"
} ,
{
"category" : "Payload delivery" ,
"comment" : "" ,
"deleted" : false ,
"disable_correlation" : false ,
"object_relation" : "sha256" ,
"timestamp" : "1650870667" ,
"to_ids" : true ,
"type" : "sha256" ,
"uuid" : "79c7fc15-dd31-40f8-84dd-e3e2be3c172f" ,
"value" : "60b3cfe2ec3100caf4afde734cfd5147f78acf58ab17d4480196831db4aa5f18"
} ,
{
"category" : "Payload delivery" ,
"comment" : "" ,
"deleted" : false ,
"disable_correlation" : false ,
"object_relation" : "ssdeep" ,
"timestamp" : "1650870667" ,
"to_ids" : true ,
"type" : "ssdeep" ,
"uuid" : "3805400c-c7e5-4e12-8517-66a0d3fe90f2" ,
"value" : "1572864:LGLBnolF9kPEiKOabR2QEs1B1/LuUQrbecE6Xwijkca/pzpfaLtIP:LGVnoT9kPZK9tVEwBxWbecR5Faxzpf0M"
} ,
{
"category" : "Payload delivery" ,
"comment" : "" ,
"deleted" : false ,
"disable_correlation" : true ,
"object_relation" : "filename" ,
"timestamp" : "1650870667" ,
"to_ids" : true ,
"type" : "filename" ,
"uuid" : "05bb412b-e149-43d6-ade9-4ea7ffef01eb" ,
"value" : "DAFOM-1.0.0.dmg"
} ,
{
"category" : "Other" ,
"comment" : "" ,
"deleted" : false ,
"disable_correlation" : true ,
"object_relation" : "size-in-bytes" ,
"timestamp" : "1650870667" ,
"to_ids" : true ,
"type" : "size-in-bytes" ,
"uuid" : "192970bf-bdfd-4506-9b4a-40854a5b8f5a" ,
"value" : "92182575"
}
]
} ,
{
"comment" : "" ,
"deleted" : false ,
"description" : "File object describing a file with meta-information" ,
"meta-category" : "file" ,
"name" : "file" ,
"template_uuid" : "688c46fb-5edb-40a3-8273-1af7923e2215" ,
"template_version" : "24" ,
"timestamp" : "1650870668" ,
"uuid" : "1a3fc021-4199-4c1e-a651-1a44d7f13bf8" ,
"Attribute" : [
{
"category" : "Payload delivery" ,
"comment" : "" ,
"deleted" : false ,
"disable_correlation" : false ,
"object_relation" : "md5" ,
"timestamp" : "1650870668" ,
"to_ids" : true ,
"type" : "md5" ,
"uuid" : "dc66b8a9-462f-42ed-b7af-4f05b5e30193" ,
"value" : "930f6f729e5c4d5fb52189338e549e5e"
} ,
{
"category" : "Payload delivery" ,
"comment" : "" ,
"deleted" : false ,
"disable_correlation" : false ,
"object_relation" : "sha1" ,
"timestamp" : "1650870668" ,
"to_ids" : true ,
"type" : "sha1" ,
"uuid" : "99a3ad6f-7a43-432b-acd4-39672e4eab3c" ,
"value" : "8e67006585e49f51db96604487138e688df732d3"
} ,
{
"category" : "Payload delivery" ,
"comment" : "" ,
"deleted" : false ,
"disable_correlation" : false ,
"object_relation" : "sha256" ,
"timestamp" : "1650870668" ,
"to_ids" : true ,
"type" : "sha256" ,
"uuid" : "c29619c5-18ef-4514-88b1-248ffdee0f5a" ,
"value" : "5b40b73934c1583144f41d8463e227529fa7157e26e6012babd062e3fd7e0b03"
} ,
{
"category" : "Payload delivery" ,
"comment" : "" ,
"deleted" : false ,
"disable_correlation" : false ,
"object_relation" : "ssdeep" ,
"timestamp" : "1650870668" ,
"to_ids" : true ,
"type" : "ssdeep" ,
"uuid" : "cff001a0-a93a-4837-bbdf-d0214e6c178c" ,
"value" : "3145728:aMFJlKVvw4+zLruAsHrmo5Vvw4+zLruAsHrmob0dC/E:aUlKtw4+/r2HNtw4+/r2HnMCM"
} ,
{
"category" : "Payload delivery" ,
"comment" : "" ,
"deleted" : false ,
"disable_correlation" : true ,
"object_relation" : "filename" ,
"timestamp" : "1650870668" ,
"to_ids" : true ,
"type" : "filename" ,
"uuid" : "7f7362f1-ac6a-49dd-9355-4d6f6f1d7a2e" ,
"value" : "TokenAIS.app.zip"
} ,
{
"category" : "Other" ,
"comment" : "" ,
"deleted" : false ,
"disable_correlation" : true ,
"object_relation" : "size-in-bytes" ,
"timestamp" : "1650870668" ,
"to_ids" : true ,
"type" : "size-in-bytes" ,
"uuid" : "836dbacf-6523-4b16-873d-dd05428a3fb9" ,
"value" : "123728267"
}
]
} ,
{
"comment" : "" ,
"deleted" : false ,
"description" : "File object describing a file with meta-information" ,
"meta-category" : "file" ,
"name" : "file" ,
"template_uuid" : "688c46fb-5edb-40a3-8273-1af7923e2215" ,
"template_version" : "24" ,
"timestamp" : "1650870668" ,
"uuid" : "c640e02e-e9fc-4a5f-90f8-2f43d16cd256" ,
"Attribute" : [
{
"category" : "Payload delivery" ,
"comment" : "" ,
"deleted" : false ,
"disable_correlation" : false ,
"object_relation" : "md5" ,
"timestamp" : "1650870668" ,
"to_ids" : true ,
"type" : "md5" ,
"uuid" : "3366c3b0-2645-4cdc-9571-703f701c9ae6" ,
"value" : "4e5ebbecd22c939f0edf1d16d68e8490"
} ,
{
"category" : "Payload delivery" ,
"comment" : "" ,
"deleted" : false ,
"disable_correlation" : false ,
"object_relation" : "sha1" ,
"timestamp" : "1650870668" ,
"to_ids" : true ,
"type" : "sha1" ,
"uuid" : "b86c763e-ec4e-44ee-8f98-77b4a9a49e8c" ,
"value" : "f1606d4d374d7e2ba756bdd4df9b780748f6dc98"
} ,
{
"category" : "Payload delivery" ,
"comment" : "" ,
"deleted" : false ,
"disable_correlation" : false ,
"object_relation" : "sha256" ,
"timestamp" : "1650870668" ,
"to_ids" : true ,
"type" : "sha256" ,
"uuid" : "bb3ec41a-b689-471e-97a6-0d63b88057c6" ,
"value" : "f0e8c29e3349d030a97f4a8673387c2e21858cccd1fb9ebbf9009b27743b2e5b"
} ,
{
"category" : "Payload delivery" ,
"comment" : "" ,
"deleted" : false ,
"disable_correlation" : false ,
"object_relation" : "ssdeep" ,
"timestamp" : "1650870668" ,
"to_ids" : true ,
"type" : "ssdeep" ,
"uuid" : "6f56a372-7bcd-48c8-8598-dd9e42731148" ,
"value" : "1572864:jx9QOwiLDCUrJXsKMoGTwiCcKFI8jmrvGqjL2hX6QklBmrZgkZjMz+dPSpR0Xcpk:F9QOTPCUrdsKEw3coIg2Or6XBmrZgkZw"
} ,
{
"category" : "Payload delivery" ,
"comment" : "" ,
"deleted" : false ,
"disable_correlation" : true ,
"object_relation" : "filename" ,
"timestamp" : "1650870668" ,
"to_ids" : true ,
"type" : "filename" ,
"uuid" : "65ef4b61-2fa9-4da6-9ace-4fffe1d0be21" ,
"value" : "CryptAIS.dmg"
} ,
{
"category" : "Other" ,
"comment" : "" ,
"deleted" : false ,
"disable_correlation" : true ,
"object_relation" : "size-in-bytes" ,
"timestamp" : "1650870668" ,
"to_ids" : true ,
"type" : "size-in-bytes" ,
"uuid" : "e068a723-96ce-4b9d-85b5-6b9072a99676" ,
"value" : "84259810"
}
]
} ,
{
"comment" : "" ,
"deleted" : false ,
"description" : "File object describing a file with meta-information" ,
"meta-category" : "file" ,
"name" : "file" ,
"template_uuid" : "688c46fb-5edb-40a3-8273-1af7923e2215" ,
"template_version" : "24" ,
"timestamp" : "1650870668" ,
"uuid" : "5f15774e-c038-44b6-be0b-8f0a13cb36a3" ,
"Attribute" : [
{
"category" : "Payload delivery" ,
"comment" : "" ,
"deleted" : false ,
"disable_correlation" : false ,
"object_relation" : "md5" ,
"timestamp" : "1650870668" ,
"to_ids" : true ,
"type" : "md5" ,
"uuid" : "7c4f8a03-fbe2-4476-bad7-f11e8d3782ff" ,
"value" : "855b2f4c910602f895ee3c94118e979a"
} ,
{
"category" : "Payload delivery" ,
"comment" : "" ,
"deleted" : false ,
"disable_correlation" : false ,
"object_relation" : "sha1" ,
"timestamp" : "1650870668" ,
"to_ids" : true ,
"type" : "sha1" ,
"uuid" : "05ad484f-9c86-42d3-9514-f3f4ee8b0c29" ,
"value" : "ff17bd5abe9f4939918f27afbe0072c18df6db37"
} ,
{
"category" : "Payload delivery" ,
"comment" : "" ,
"deleted" : false ,
"disable_correlation" : false ,
"object_relation" : "sha256" ,
"timestamp" : "1650870668" ,
"to_ids" : true ,
"type" : "sha256" ,
"uuid" : "521b3551-8bfd-43b8-ba2f-8166fdddbb4e" ,
"value" : "e3d98cc4539068ce335f1240deb1d72a0b57b9ca5803254616ea4999b66703ad"
} ,
{
"category" : "Payload delivery" ,
"comment" : "" ,
"deleted" : false ,
"disable_correlation" : false ,
"object_relation" : "ssdeep" ,
"timestamp" : "1650870668" ,
"to_ids" : true ,
"type" : "ssdeep" ,
"uuid" : "724c8f1b-1774-4549-b274-bf3dee48651e" ,
"value" : "786432:LptZmVDkD1mQIiXUBkRbWGtqqLGAU6JXnjmDQ4YBXpleV0RnJYJKoSuDySLGh7yH:LpzKDgzRpWGwpAU6JXnJ46X+eC6cySiI"
} ,
{
"category" : "Payload delivery" ,
"comment" : "" ,
"deleted" : false ,
"disable_correlation" : true ,
"object_relation" : "filename" ,
"timestamp" : "1650870668" ,
"to_ids" : true ,
"type" : "filename" ,
"uuid" : "6317ea25-5cc4-47eb-b88f-73336580df7b" ,
"value" : "alticgo_r.exe"
} ,
{
"category" : "Other" ,
"comment" : "" ,
"deleted" : false ,
"disable_correlation" : true ,
"object_relation" : "size-in-bytes" ,
"timestamp" : "1650870668" ,
"to_ids" : true ,
"type" : "size-in-bytes" ,
"uuid" : "7b68ac4a-ccf5-4393-9da4-a9217291ee52" ,
"value" : "46745505"
}
]
} ,
{
"comment" : "" ,
"deleted" : false ,
"description" : "File object describing a file with meta-information" ,
"meta-category" : "file" ,
"name" : "file" ,
"template_uuid" : "688c46fb-5edb-40a3-8273-1af7923e2215" ,
"template_version" : "24" ,
"timestamp" : "1650870668" ,
"uuid" : "f6a8edf3-95d8-43dc-80e7-96e9d984f4f1" ,
"Attribute" : [
{
"category" : "Payload delivery" ,
"comment" : "" ,
"deleted" : false ,
"disable_correlation" : false ,
"object_relation" : "md5" ,
"timestamp" : "1650870668" ,
"to_ids" : true ,
"type" : "md5" ,
"uuid" : "c4090b27-85f8-49b6-b832-17413713124c" ,
"value" : "1c7d0ae1c4d2c0b70f75eab856327956"
} ,
{
"category" : "Payload delivery" ,
"comment" : "" ,
"deleted" : false ,
"disable_correlation" : false ,
"object_relation" : "sha1" ,
"timestamp" : "1650870668" ,
"to_ids" : true ,
"type" : "sha1" ,
"uuid" : "1277dedf-8d61-4860-86e5-fd1df8d4e595" ,
"value" : "f3263451f8988a9b02268f0fb6893f7c41b906d9"
} ,
{
"category" : "Payload delivery" ,
"comment" : "" ,
"deleted" : false ,
"disable_correlation" : false ,
"object_relation" : "sha256" ,
"timestamp" : "1650870668" ,
"to_ids" : true ,
"type" : "sha256" ,
"uuid" : "242266fd-9201-4119-b3d3-0e9de1927f59" ,
"value" : "765a79d22330098884e0f7ce692d61c40dfcf288826342f33d976d8314cfd819"
} ,
{
"category" : "Payload delivery" ,
"comment" : "" ,
"deleted" : false ,
"disable_correlation" : false ,
"object_relation" : "ssdeep" ,
"timestamp" : "1650870668" ,
"to_ids" : true ,
"type" : "ssdeep" ,
"uuid" : "bb82c857-1a3d-48dc-8a26-b246a9718ed5" ,
"value" : "786432:optZmVDkD1mZ1FggTqqLGAU6JXnjmDQ4YBXpleV0RnJYJKoSuDySLGh7yVPUXi7:opzKDginspAU6JXnJ46X+eC6cySihWVX"
} ,
{
"category" : "Payload delivery" ,
"comment" : "" ,
"deleted" : false ,
"disable_correlation" : true ,
"object_relation" : "filename" ,
"timestamp" : "1650870668" ,
"to_ids" : true ,
"type" : "filename" ,
"uuid" : "32b45678-2f5a-4871-8327-c36432a365d4" ,
"value" : "alticgo.exe"
} ,
{
"category" : "Other" ,
"comment" : "" ,
"deleted" : false ,
"disable_correlation" : true ,
"object_relation" : "size-in-bytes" ,
"timestamp" : "1650870668" ,
"to_ids" : true ,
"type" : "size-in-bytes" ,
"uuid" : "73b5015c-a087-4947-93e9-fcc670efe431" ,
"value" : "45656474"
}
]
} ,
{
"comment" : "" ,
"deleted" : false ,
"description" : "File object describing a file with meta-information" ,
"meta-category" : "file" ,
"name" : "file" ,
"template_uuid" : "688c46fb-5edb-40a3-8273-1af7923e2215" ,
"template_version" : "24" ,
"timestamp" : "1650870668" ,
"uuid" : "5a05da9e-a3ea-4ae5-b7a2-2bbe48efdb75" ,
"Attribute" : [
{
"category" : "Payload delivery" ,
"comment" : "" ,
"deleted" : false ,
"disable_correlation" : false ,
"object_relation" : "md5" ,
"timestamp" : "1650870668" ,
"to_ids" : true ,
"type" : "md5" ,
"uuid" : "9f90b4f9-e650-4be0-9eee-c1a680d08e2d" ,
"value" : "9578c2be6437dcc8517e78a5de1fa975"
} ,
{
"category" : "Payload delivery" ,
"comment" : "" ,
"deleted" : false ,
"disable_correlation" : false ,
"object_relation" : "sha1" ,
"timestamp" : "1650870668" ,
"to_ids" : true ,
"type" : "sha1" ,
"uuid" : "7cf22133-94f7-4405-8abf-298252ac191a" ,
"value" : "d2a77c31c3e169bec655068e96cf4e7fc52e77b8"
} ,
{
"category" : "Payload delivery" ,
"comment" : "" ,
"deleted" : false ,
"disable_correlation" : false ,
"object_relation" : "sha256" ,
"timestamp" : "1650870668" ,
"to_ids" : true ,
"type" : "sha256" ,
"uuid" : "6961a1d3-fcb6-435d-ab16-79a8a0752431" ,
"value" : "dced1acbbe11db2b9e7ae44a617f3c12d6613a8188f6a1ece0451e4cd4205156"
} ,
{
"category" : "Payload delivery" ,
"comment" : "" ,
"deleted" : false ,
"disable_correlation" : false ,
"object_relation" : "ssdeep" ,
"timestamp" : "1650870668" ,
"to_ids" : true ,
"type" : "ssdeep" ,
"uuid" : "24efbdf4-f4fb-4ac1-b287-79672382be45" ,
"value" : "384:sdaWs0fDTmKnY4FPk6hTyQUitnI/kmCgr7lUryESll4yg9RpEwrUifJ8ttJOdy:sdayCkY4Fei9mhy/L9RBrny6y"
} ,
{
"category" : "Payload delivery" ,
"comment" : "" ,
"deleted" : false ,
"disable_correlation" : true ,
"object_relation" : "filename" ,
"timestamp" : "1650870668" ,
"to_ids" : true ,
"type" : "filename" ,
"uuid" : "ceefb476-0da5-43cc-8fc3-dbd601168a58" ,
"value" : "Esilet-tmp60nxh; esilet-tmpg7lpp"
} ,
{
"category" : "Other" ,
"comment" : "" ,
"deleted" : false ,
"disable_correlation" : true ,
"object_relation" : "size-in-bytes" ,
"timestamp" : "1650870668" ,
"to_ids" : true ,
"type" : "size-in-bytes" ,
"uuid" : "2d80a80f-f4dd-4002-900b-af626f02f139" ,
"value" : "39156"
}
]
} ,
{
"comment" : "" ,
"deleted" : false ,
"description" : "File object describing a file with meta-information" ,
"meta-category" : "file" ,
"name" : "file" ,
"template_uuid" : "688c46fb-5edb-40a3-8273-1af7923e2215" ,
"template_version" : "24" ,
"timestamp" : "1650870668" ,
"uuid" : "2eca7f18-97d1-4fca-8dce-e864f318c4a3" ,
"Attribute" : [
{
"category" : "Payload delivery" ,
"comment" : "" ,
"deleted" : false ,
"disable_correlation" : false ,
"object_relation" : "md5" ,
"timestamp" : "1650870668" ,
"to_ids" : true ,
"type" : "md5" ,
"uuid" : "e84762bf-99ba-4aab-9581-24d6f183f91b" ,
"value" : "5d43baf1c9e9e3a939e5defd8f8fbd8d"
} ,
{
"category" : "Payload delivery" ,
"comment" : "" ,
"deleted" : false ,
"disable_correlation" : false ,
"object_relation" : "sha1" ,
"timestamp" : "1650870668" ,
"to_ids" : true ,
"type" : "sha1" ,
"uuid" : "5510d234-d1d3-4003-ba7f-d4af1b9c3108" ,
"value" : "d5ff73c043f3bb75dd749636307500b60a436550"
} ,
{
"category" : "Payload delivery" ,
"comment" : "" ,
"deleted" : false ,
"disable_correlation" : false ,
"object_relation" : "sha256" ,
"timestamp" : "1650870668" ,
"to_ids" : true ,
"type" : "sha256" ,
"uuid" : "b904756c-f755-496b-959e-7c6a3932c9e3" ,
"value" : "867c8b49d29ae1f6e4a7cd31b6fe7e278753a1ba03d4be338ed11fd1efc7dd36"
} ,
{
"category" : "Payload delivery" ,
"comment" : "" ,
"deleted" : false ,
"disable_correlation" : false ,
"object_relation" : "ssdeep" ,
"timestamp" : "1650870668" ,
"to_ids" : true ,
"type" : "ssdeep" ,
"uuid" : "b1034ad2-472a-4280-b244-138cbba54ac4" ,
"value" : "24576:y3SY+/2M3BMr7cdgSLBjbr4nzzy95VV7cEXV:ESZ2ESrHSV3D95oA"
} ,
{
"category" : "Payload delivery" ,
"comment" : "" ,
"deleted" : false ,
"disable_correlation" : true ,
"object_relation" : "filename" ,
"timestamp" : "1650870668" ,
"to_ids" : true ,
"type" : "filename" ,
"uuid" : "881dfa7d-3b01-4121-8c93-823fa21ce39d" ,
"value" : "win32.bin"
} ,
{
"category" : "Other" ,
"comment" : "" ,
"deleted" : false ,
"disable_correlation" : true ,
"object_relation" : "size-in-bytes" ,
"timestamp" : "1650870668" ,
"to_ids" : true ,
"type" : "size-in-bytes" ,
"uuid" : "1f57380d-fbd7-4e23-9f63-7134575d7e2d" ,
"value" : "2198684"
}
]
} ,
{
"comment" : "" ,
"deleted" : false ,
"description" : "File object describing a file with meta-information" ,
"meta-category" : "file" ,
"name" : "file" ,
"template_uuid" : "688c46fb-5edb-40a3-8273-1af7923e2215" ,
"template_version" : "24" ,
"timestamp" : "1650870668" ,
"uuid" : "4a8e5e68-b307-41cc-9c19-9830a8df094a" ,
"Attribute" : [
{
"category" : "Payload delivery" ,
"comment" : "" ,
"deleted" : false ,
"disable_correlation" : false ,
"object_relation" : "md5" ,
"timestamp" : "1650870668" ,
"to_ids" : true ,
"type" : "md5" ,
"uuid" : "6f6c3fde-1460-46fc-bb76-83d17afde5dc" ,
"value" : "8397ea747d2ab50da4f876a36d673272"
} ,
{
"category" : "Payload delivery" ,
"comment" : "" ,
"deleted" : false ,
"disable_correlation" : false ,
"object_relation" : "sha1" ,
"timestamp" : "1650870668" ,
"to_ids" : true ,
"type" : "sha1" ,
"uuid" : "0d28f9e9-7a6f-4822-abce-757165453f40" ,
"value" : "48a6d5141e25b6c63ad8da20b954b56afe589031"
} ,
{
"category" : "Payload delivery" ,
"comment" : "" ,
"deleted" : false ,
"disable_correlation" : false ,
"object_relation" : "sha256" ,
"timestamp" : "1650870668" ,
"to_ids" : true ,
"type" : "sha256" ,
"uuid" : "888a78ef-c8ca-4539-ac0b-db098945e7a4" ,
"value" : "89b5e248c222ebf2cb3b525d3650259e01cf7d8fff5e4aa15ccd7512b1e63957"
} ,
{
"category" : "Payload delivery" ,
"comment" : "" ,
"deleted" : false ,
"disable_correlation" : false ,
"object_relation" : "ssdeep" ,
"timestamp" : "1650870668" ,
"to_ids" : true ,
"type" : "ssdeep" ,
"uuid" : "3c4332b4-92d7-465e-bf80-1978c6ed3494" ,
"value" : "49152:KIH1kEh7zIXlDYwVhb26hRKtRwwfs62sRAdNhEJNDvOL3OXl5zpF+FqBNihzTvff:KIH1kEhI1LOJtm2spB"
} ,
{
"category" : "Payload delivery" ,
"comment" : "" ,
"deleted" : false ,
"disable_correlation" : true ,
"object_relation" : "filename" ,
"timestamp" : "1650870668" ,
"to_ids" : true ,
"type" : "filename" ,
"uuid" : "113c3bd9-54e3-4a0e-b8a6-ebd12a03bff2" ,
"value" : "darwin64.bin"
} ,
{
"category" : "Other" ,
"comment" : "" ,
"deleted" : false ,
"disable_correlation" : true ,
"object_relation" : "size-in-bytes" ,
"timestamp" : "1650870668" ,
"to_ids" : true ,
"type" : "size-in-bytes" ,
"uuid" : "30138ce7-7b80-4c91-8a01-483c68bad605" ,
"value" : "6757832"
}
]
} ,
{
"comment" : "" ,
"deleted" : false ,
"description" : "File object describing a file with meta-information" ,
"meta-category" : "file" ,
"name" : "file" ,
"template_uuid" : "688c46fb-5edb-40a3-8273-1af7923e2215" ,
"template_version" : "24" ,
"timestamp" : "1650870668" ,
"uuid" : "5352c2b0-dcaa-4896-9e86-c819ae4e25e7" ,
"Attribute" : [
{
"category" : "Payload delivery" ,
"comment" : "" ,
"deleted" : false ,
"disable_correlation" : false ,
"object_relation" : "md5" ,
"timestamp" : "1650870668" ,
"to_ids" : true ,
"type" : "md5" ,
"uuid" : "127b579f-18a8-46e8-8687-c7029b2fb22f" ,
"value" : "9a6307362e3331459d350a201ad66cd9"
} ,
{
"category" : "Payload delivery" ,
"comment" : "" ,
"deleted" : false ,
"disable_correlation" : false ,
"object_relation" : "sha1" ,
"timestamp" : "1650870668" ,
"to_ids" : true ,
"type" : "sha1" ,
"uuid" : "ff3a3e64-e6b4-4c9a-9894-642bcdef0e1f" ,
"value" : "3f2c1e60b5fac4cf1013e3e1fc688be490d71a84"
} ,
{
"category" : "Payload delivery" ,
"comment" : "" ,
"deleted" : false ,
"disable_correlation" : false ,
"object_relation" : "sha256" ,
"timestamp" : "1650870668" ,
"to_ids" : true ,
"type" : "sha256" ,
"uuid" : "376c8703-2a79-45e9-973d-8cfc77268128" ,
"value" : "8acd7c2708eb1119ba64699fd702ebd96c0d59a66cba5059f4e089f4b0914925"
} ,
{
"category" : "Payload delivery" ,
"comment" : "" ,
"deleted" : false ,
"disable_correlation" : false ,
"object_relation" : "ssdeep" ,
"timestamp" : "1650870668" ,
"to_ids" : true ,
"type" : "ssdeep" ,
"uuid" : "0f028ea5-08c5-41c3-a2f8-6978df24d26f" ,
"value" : "786432:AptZmVDkD1mjPNDeuxOTKQqqLGAU6JXnjmDQ4YBXpleV0RnJYJKoSuDySLGh7yV7:ApzKDgqPxeuLpAU6JXnJ46X+eC6cySiG"
} ,
{
"category" : "Payload delivery" ,
"comment" : "" ,
"deleted" : false ,
"disable_correlation" : true ,
"object_relation" : "filename" ,
"timestamp" : "1650870668" ,
"to_ids" : true ,
"type" : "filename" ,
"uuid" : "77fbb66d-91af-4977-b383-a437976d01df" ,
"value" : "alticgo.exe"
} ,
{
"category" : "Other" ,
"comment" : "" ,
"deleted" : false ,
"disable_correlation" : true ,
"object_relation" : "size-in-bytes" ,
"timestamp" : "1650870668" ,
"to_ids" : true ,
"type" : "size-in-bytes" ,
"uuid" : "591f465b-c66d-4d61-a2ae-1954f674f8f8" ,
"value" : "46745644"
}
]
} ,
{
"comment" : "" ,
"deleted" : false ,
"description" : "File object describing a file with meta-information" ,
"meta-category" : "file" ,
"name" : "file" ,
"template_uuid" : "688c46fb-5edb-40a3-8273-1af7923e2215" ,
"template_version" : "24" ,
"timestamp" : "1650870668" ,
"uuid" : "5294493f-c628-4b25-8479-5bd982d7e3ba" ,
"Attribute" : [
{
"category" : "Payload delivery" ,
"comment" : "" ,
"deleted" : false ,
"disable_correlation" : false ,
"object_relation" : "md5" ,
"timestamp" : "1650870668" ,
"to_ids" : true ,
"type" : "md5" ,
"uuid" : "75f041f6-7701-4494-af94-3b4ed22f4bde" ,
"value" : "1ca31319721740ecb79f4b9ee74cd9b0"
} ,
{
"category" : "Payload delivery" ,
"comment" : "" ,
"deleted" : false ,
"disable_correlation" : false ,
"object_relation" : "sha1" ,
"timestamp" : "1650870668" ,
"to_ids" : true ,
"type" : "sha1" ,
"uuid" : "c779c699-83fe-4296-ab8a-b82f31f4ba1d" ,
"value" : "41f855b54bf3db621b340b7c59722fb493ba39a5"
} ,
{
"category" : "Payload delivery" ,
"comment" : "" ,
"deleted" : false ,
"disable_correlation" : false ,
"object_relation" : "sha256" ,
"timestamp" : "1650870668" ,
"to_ids" : true ,
"type" : "sha256" ,
"uuid" : "9a72edf5-4ef5-4ede-aba5-8a9a4dec802e" ,
"value" : "9d9dda39af17a37d92b429b68f4a8fc0a76e93ff1bd03f06258c51b73eb40efa"
} ,
{
"category" : "Payload delivery" ,
"comment" : "" ,
"deleted" : false ,
"disable_correlation" : false ,
"object_relation" : "ssdeep" ,
"timestamp" : "1650870668" ,
"to_ids" : true ,
"type" : "ssdeep" ,
"uuid" : "a5b06022-8124-47f3-bce2-83b6ad75b1e2" ,
"value" : "6144:wAulcT94T94T97zDj1I/BkjhkbjZ8bZ87ZMSj71obV/7NobNo7NZTb7hMT5ETZ8I:wDskT1UBg2lirFbpR9mJGpmN"
} ,
{
"category" : "Payload delivery" ,
"comment" : "" ,
"deleted" : false ,
"disable_correlation" : true ,
"object_relation" : "filename" ,
"timestamp" : "1650870668" ,
"to_ids" : true ,
"type" : "filename" ,
"uuid" : "60606cd9-7237-465e-b0ce-ca7e533f0839" ,
"value" : "Esilet-tmpzpsb3; top.php"
} ,
{
"category" : "Other" ,
"comment" : "" ,
"deleted" : false ,
"disable_correlation" : true ,
"object_relation" : "size-in-bytes" ,
"timestamp" : "1650870668" ,
"to_ids" : true ,
"type" : "size-in-bytes" ,
"uuid" : "72a54b6d-08cc-4566-8057-ab5a99927f9d" ,
"value" : "522620"
}
]
} ,
{
"comment" : "" ,
"deleted" : false ,
"description" : "File object describing a file with meta-information" ,
"meta-category" : "file" ,
"name" : "file" ,
"template_uuid" : "688c46fb-5edb-40a3-8273-1af7923e2215" ,
"template_version" : "24" ,
"timestamp" : "1650870668" ,
"uuid" : "b829dfe6-4757-42cd-902f-f7cc427e4496" ,
"Attribute" : [
{
"category" : "Payload delivery" ,
"comment" : "" ,
"deleted" : false ,
"disable_correlation" : false ,
"object_relation" : "md5" ,
"timestamp" : "1650870668" ,
"to_ids" : true ,
"type" : "md5" ,
"uuid" : "420ae43f-1cb4-40d7-88fd-fc267c334a30" ,
"value" : "53d9af8829a9c7f6f177178885901c01"
} ,
{
"category" : "Payload delivery" ,
"comment" : "" ,
"deleted" : false ,
"disable_correlation" : false ,
"object_relation" : "sha1" ,
"timestamp" : "1650870668" ,
"to_ids" : true ,
"type" : "sha1" ,
"uuid" : "8891753b-b7ae-44bd-8891-e215be02de3b" ,
"value" : "ae9f4e39c576555faadee136c6c3b2d358ad90b9"
} ,
{
"category" : "Payload delivery" ,
"comment" : "" ,
"deleted" : false ,
"disable_correlation" : false ,
"object_relation" : "sha256" ,
"timestamp" : "1650870668" ,
"to_ids" : true ,
"type" : "sha256" ,
"uuid" : "9a8cd6cb-ef85-4273-9829-67773fc028b0" ,
"value" : "9ba02f8a985ec1a99ab7b78fa678f26c0273d91ae7cbe45b814e6775ec477598"
} ,
{
"category" : "Payload delivery" ,
"comment" : "" ,
"deleted" : false ,
"disable_correlation" : false ,
"object_relation" : "ssdeep" ,
"timestamp" : "1650870668" ,
"to_ids" : true ,
"type" : "ssdeep" ,
"uuid" : "e2a49849-2240-452b-be05-d0c6e1717f46" ,
"value" : "1572864:lffyoUnp5xmHVUTd+GgNPjFvp4YEbRU7h8cvjmUAm4Du73X0unpXkU:lfqHBmHo+BPj9CYEshLqcuAX0I0"
} ,
{
"category" : "Payload delivery" ,
"comment" : "" ,
"deleted" : false ,
"disable_correlation" : true ,
"object_relation" : "filename" ,
"timestamp" : "1650870668" ,
"to_ids" : true ,
"type" : "filename" ,
"uuid" : "c9ec0f23-8279-4251-ad86-7ba043594c1c" ,
"value" : "esilet.dmg"
} ,
{
"category" : "Other" ,
"comment" : "" ,
"deleted" : false ,
"disable_correlation" : true ,
"object_relation" : "size-in-bytes" ,
"timestamp" : "1650870668" ,
"to_ids" : true ,
"type" : "size-in-bytes" ,
"uuid" : "6ceefd53-5dd0-4cf4-bf77-b9c4c2fc9615" ,
"value" : "81688694"
}
]
} ,
{
"comment" : "" ,
"deleted" : false ,
"description" : "Object describing the original file used to import data in MISP." ,
"meta-category" : "file" ,
"name" : "original-imported-file" ,
"template_uuid" : "4cd560e9-2cfe-40a1-9964-7b2e797ecac5" ,
"template_version" : "2" ,
"timestamp" : "1650870668" ,
"uuid" : "6dd9b46f-56f9-457d-9787-7f4d5dd33857" ,
"Attribute" : [
{
"category" : "External analysis" ,
"comment" : "" ,
"data" : " P D 94 b W w g d m V y c 2 l v b j 0 i M S 4 w I i B l b m N v Z G l u Z z 0 i V V R G L T g i P z 4 K P C E t L S B H Z W 5 l c m F 0 Z W Q g Y n k g T V B F I D A u N C 43 Q S B v b i A w N C 8 y M C 8 y M D I y I C 0 t P g o 8 c 3 R p e D p T V E l Y X 1 B h Y 2 t h Z 2 U g e G 1 s b n M 6 R G 9 t Y W l u T m F t Z U 9 i a j 0 i a H R 0 c D o v L 2 N 5 Y m 94 L m 1 p d H J l L m 9 y Z y 9 v Y m p l Y 3 R z I 0 R v b W F p b k 5 h b W V P Y m p l Y 3 Q t M S I g e G 1 s b n M 6 R m l s Z U 9 i a j 0 i a H R 0 c D o v L 2 N 5 Y m 94 L m 1 p d H J l L m 9 y Z y 9 v Y m p l Y 3 R z I 0 Z p b G V P Y m p l Y 3 Q t M i I g e G 1 s b n M 6 V V J J T 2 J q P S J o d H R w O i 8 v Y 3 l i b 3 g u b W l 0 c m U u b 3 J n L 29 i a m V j d H M j V V J J T 2 J q Z W N 0 L T I i I H h t b G 5 z O k F k Z H J l c 3 N P Y m o 9 I m h 0 d H A 6 L y 9 j e W J v e C 5 t a X R y Z S 5 v c m c v b 2 J q Z W N 0 c y N B Z G R y Z X N z T 2 J q Z W N 0 L T I i I H h t b G 5 z O l R P V U 1 h c m t p b m c 9 I m h 0 d H A 6 L y 9 k Y X R h L W 1 h c m t p b m c u b W l 0 c m U u b 3 J n L 2 V 4 d G V u c 2 l v b n M v T W F y a 2 l u Z 1 N 0 c n V j d H V y Z S N U Z X J t c 19 P Z l 9 V c 2 U t M S I g e G 1 s b n M 6 d G x w T W F y a 2 l u Z z 0 i a H R 0 c D o v L 2 R h d G E t b W F y a 2 l u Z y 5 t a X R y Z S 5 v c m c v Z X h 0 Z W 5 z a W 9 u c y 9 N Y X J r a W 5 n U 3 R y d W N 0 d X J l I 1 R M U C 0 x I i B 4 b W x u c z p z d G l 4 V m 9 j Y W J z P S J o d H R w O i 8 v c 3 R p e C 5 t a X R y Z S 5 v c m c v Z G V m Y X V s d F 92 b 2 N h Y n V s Y X J p Z X M t M S I g e G 1 s b n M 6 Y 3 l i b 3 h W b 2 N h Y n M 9 I m h 0 d H A 6 L y 9 j e W J v e C 5 t a X R y Z S 5 v c m c v Z G V m Y X V s d F 92 b 2 N h Y n V s Y X J p Z X M t M i I g e G 1 s b n M 6 a W 5 k a W N h d G 9 y P S J o d H R w O i 8 v c 3 R p e C 5 t a X R y Z S 5 v c m c v S W 5 k a W N h d G 9 y L T I i I H h t b G 5 z O n R 0 c D 0 i a H R 0 c D o v L 3 N 0 a X g u b W l 0 c m U u b 3 J n L 1 R U U C 0 x I i B 4 b W x u c z p t Y X J r a W 5 n P S J o d H R w O i 8 v Z G F 0 Y S 1 t Y X J r a W 5 n L m 1 p d H J l L m 9 y Z y 9 N Y X J r a W 5 n L T E i I H h t b G 5 z O m N 5 Y m 94 Q 29 t b W 9 u P S J o d H R w O i 8 v Y 3 l i b 3 g u b W l 0 c m U u b 3 J n L 2 N v b W 1 v b i 0 y I i B 4 b W x u c z p z d G l 4 P S J o d H R w O i 8 v c 3 R p e C 5 t a X R y Z S 5 v c m c v c 3 R p e C 0 x I i B 4 b W x u c z p j e W J v e D 0 i a H R 0 c D o v L 2 N 5 Y m 94 L m 1 p d H J l L m 9 y Z y 9 j e W J v e C 0 y I i B 4 b W x u c z p z d G l 4 Q 29 t b W 9 u P S J o d H R w O i 8 v c 3 R p e C 5 t a X R y Z S 5 v c m c v Y 29 t b W 9 u L T E i I H h t b G 5 z O k N J U 0E9 I m h 0 d H A 6 L y 93 d 3 c u d X M t Y 2 V y d C 5 n b 3 Y v b m N j a W M i I H h t b G 5 z O n h s a W 5 r P S J o d H R w O i 8 v d 3 d 3 L n c z L m 9 y Z y 8 x O T k 5 L 3 h s a W 5 r I i B 4 b W x u c z p k c z 0 i a H R 0 c D o v L 3 d 3 d y 53 M y 5 v c m c v M j A w M C 8 w O S 94 b W x k c 2 l n I y I g e G 1 s b n M 6 e H M 9 I m h 0 d H A 6 L y 93 d 3 c u d z M u b 3 J n L z I w M D E v W E 1 M U 2 N o Z W 1 h I i B 4 b W x u c z p 4 c 2 k 9 I m h 0 d H A 6 L y 93 d 3 c u d z M u b 3 J n L z I w M D E v W E 1 M U 2 N o Z W 1 h L W l u c 3 R h b m N l I i B 4 c 2 k 6 c 2 N o Z W 1 h T G 9 j Y X R p b 249 I m h 0 d H A 6 L y 9 j e W J v e C 5 t a X R y Z S 5 v c m c v b 2 J q Z W N 0 c y N E b 21 h a W 5 O Y W 1 l T 2 J q Z W N 0 L T E g a H R 0 c D o v L 2 N 5 Y m 94 L m 1 p d H J l L m 9 y Z y 9 Y T U x T Y 2 h l b W E v b 2 J q Z W N 0 c y 9 E b 21 h a W 5 f T m F t Z S 8 x L j A v R G 9 t Y W l u X 0 5 h b W V f T 2 J q Z W N 0 L n h z Z C A g a H R 0 c D o v L 2 N 5 Y m 94 L m 1 p d H J l L m 9 y Z y 9 v Y m p l Y 3 R z I 0 Z p b G V P Y m p l Y 3 Q t M i B o d H R w O i 8 v Y 3 l i b 3 g u b W l 0 c m U u b 3 J n L 1 h N T F N j a G V t Y S 9 v Y m p l Y 3 R z L 0 Z p b G U v M i 4 x L 0 Z p b G V f T 2 J q Z W N 0 L n h z Z C A g a H R 0 c D o v L 2 N 5 Y m 94 L m 1 p d H J l L m 9 y Z y 9 v Y m p l Y 3 R z I 1 V S S U 9 i a m V j d C 0 y I G h 0 d H A 6 L y 9 j e W J v e C 5 t a X R y Z S 5 v c m c v W E 1 M U 2 N o Z W 1 h L 29 i a m V j d H M v V V J J L z I u M S 9 V U k l f T 2 J q Z W N 0 L n h z Z C A g a H R 0 c D o v L 2 N 5 Y m 94 L m 1 p d H J l L m 9 y Z y 9 v Y m p l Y 3 R z I 0 F k Z H J l c 3 N P Y m p l Y 3 Q t M i B o d H R w O i 8 v Y 3 l i b 3 g u b W l 0 c m U u b 3 J n L 1 h N T F N j a G V t Y S 9 v Y m p l Y 3 R z L 0 F k Z H J l c 3 M v M i 4 x L 0 F k Z H J l c 3 N f T 2 J q Z W N 0 L n h z Z C A g a H R 0 c D o v L 2 R h d G E t b W F y a 2 l u Z y 5 t a X R y Z S 5 v c m c v Z X h 0 Z W 5 z a W 9 u c y 9 N Y X J r a W 5 n U 3 R y d W N 0 d X J l I 1 R l c m 1 z X 0 9 m X 1 V z Z S 0 x I G h 0 d H A 6 L y 9 z d G l 4 L m 1 p d H J l L m 9 y Z y 9 Y T U x T Y 2 h l b W E v Z X h 0 Z W 5 z a W 9 u c y 9 t Y X J r a W 5 n L 3 R l c m 1 z X 29 m X 3 V z Z S 8 x L j A u M S 90 Z X J t c 19 v Z l 91 c 2 V f b W F y a 2 l u Z y 54 c 2 Q g I G h 0 d H A 6 L y 9 k Y X R h L W 1 h c m t p b m c u b W l 0 c m U u b 3 J n L 2 V 4 d G V u c 2 l v b n M v T W F y a 2 l u Z 1 N 0 c n V j d H V y Z S N U T F A t M S B o d H R w O i 8 v c 3 R p e C 5 t a X R y Z S 5 v c m c v W E 1 M U 2 N o Z W 1 h L 2 V 4 d G V u c 2 l v b n M v b W F y a 2 l u Z y 90 b H A v M S 4 x L j E v d G x w X 21 h c m t p b m c u e H N k I C B o d H R w O i 8 v c 3 R p e C 5 t a X R y Z S 5 v c m c v Z G V m Y X V s d F 92 b 2 N h Y n V s Y X J p Z X M t M S B o d H R w O i 8 v c 3 R p e C 5 t a X R y Z S 5 v c m c v W E 1 M U 2 N o Z W 1 h L 2 R l Z m F 1 b H R f d m 9 j Y W J 1 b G F y a W V z L z E u M S 4 x L 3 N 0 a X h f Z G V m Y X V s d F 92 b 2 N h Y n V s Y X J p Z X M u e H N k I C B o d H R w O i 8 v Y 3 l i b 3 g u b W l 0 c m U u b 3 J n L 2 R l Z m F 1 b H R f d m 9 j Y W J 1 b G F y a W V z L T I g a H R 0 c D o v L 2 N 5 Y m 94 L m 1 p d H J l L m 9 y Z y 9 Y T U x T Y 2 h l b W E v Z G V m Y X V s d F 92 b 2 N h Y n V s Y X J p Z X M v M i 4 x L 2 N 5 Y m 94 X 2 R l Z m F 1 b H R f d m 9 j Y W J 1 b G F y a W V z L n h z Z C A g a H R 0 c D o v L 3 N 0 a X g u b W l 0 c m U u b 3 J n L 0 l u Z G l j Y X R v c i 0 y I G h 0 d H A 6 L y 9 z d G l 4 L m 1 p d H J l L m 9 y Z y 9 Y T U x T Y 2 h l b W E v a W 5 k a W N h d G 9 y L z I u M S 4 x L 2 l u Z G l j Y X R v c i 54 c 2 Q g I G h 0 d H A 6 L y 9 z d G l 4 L m 1 p d H J l L m 9 y Z y 9 U V F A t M S B o d H R w O i 8 v c 3 R p e C 5 t a X R y Z S 5 v c m c v W E 1 M U 2 N o Z W 1 h L 3 R 0 c C 8 x L j E u M S 90 d H A u e H N k I C B o d H R w O i 8 v Z G F 0 Y S 1 t Y X J r a W 5 n L m 1 p d H J l L m 9 y Z y 9 N Y X J r a W 5 n L T E g a H R 0 c D o v L 3 N 0 a X g u b W l 0 c m U u b 3 J n L 1 h N T F N j a G V t Y S 9 k Y X R h X 21 h c m t p b m c v M S 4 x L j E v Z G F 0 Y V 9 t Y X J r a W 5 n L n h z Z C A g a H R 0 c D o v L 2 N 5 Y m 94 L m 1 p d H J l L m 9 y Z y 9 j b 21 t b 24 t M i B o d H R w O i 8 v Y 3 l i b 3 g u b W l 0 c m U u b 3 J n L 1 h N T F N j a G V t Y S 9 j b 21 t b 24 v M i 4 x L 2 N 5 Y m 94 X 2 N v b W 1 v b i 54 c 2 Q g I G h 0 d H A 6 L y 9 z d G l 4 L m 1 p d H J l L m 9 y Z y 9 z d G l 4 L T E g a H R 0 c D o v L 3 N 0 a X g u b W l 0 c m U u b 3 J n L 1 h N T F N j a G V t Y S 9 j b 3 J l L z E u M S 4 x L 3 N 0 a X h f Y 29 y Z S 54 c 2 Q g I G h 0 d H A 6 L y 9 j e W J v e C 5 t a X R y Z S 5 v c m c v Y 3 l i b 3 g t M i B o d H R w O i 8 v Y 3 l i b 3 g u b W l 0 c m U u b 3 J n L 1 h N T F N j a G V t Y S 9 j b 3 J l L z I u M S 9 j e W J v e F 9 j b 3 J l L n h z Z C A g a H R 0 c D o v L 3 N 0 a X g u b W l 0 c m U u b 3 J n L 2 N v b W 1 v b i 0 x I G h 0 d H A 6 L y 9 z d G l 4 L m 1 p d H J l L m 9 y Z y 9 Y T U x T Y 2 h l b W E v Y 29 t b W 9 u L z E u M S 4 x L 3 N 0 a X h f Y 29 t b W 9 u L n h z Z C I g a W Q 9 I k 5 Q R y 0 x N T Q 1 N z U 3 N C I g d m V y c 2 l v b j 0 i M S 4 x L j E i I H R p b W V z d G F t c D 0 i M j A y M i 0 w N C 0 y M F Q w M j o 1 N D o 1 O S I + C i A g I C A 8 c 3 R p e D p T V E l Y X 0 h l Y W R l c j 4 K I C A g I C A g I C A 8 c 3 R p e D
"deleted" : false ,
"disable_correlation" : true ,
"object_relation" : "imported-sample" ,
"timestamp" : "1650870668" ,
"to_ids" : false ,
"type" : "attachment" ,
"uuid" : "fcfd21b0-22a5-47bb-95db-3919d8e53040" ,
"value" : "A22-108A.stix.xml"
} ,
{
"category" : "Other" ,
"comment" : "" ,
"deleted" : false ,
"disable_correlation" : true ,
"object_relation" : "format" ,
"timestamp" : "1650870668" ,
"to_ids" : false ,
"type" : "text" ,
"uuid" : "797c3aea-2ed9-437c-8c1f-d081950cfb19" ,
"value" : "STIX 1.1"
}
]
}
]
}
}