2023-04-21 13:25:09 +00:00
{
"Event" : {
"analysis" : "2" ,
"date" : "2022-06-23" ,
"extends_uuid" : "" ,
"info" : "OSINT - Russia's APT28 uses fear of nuclear war to spread Follina docs in Ukraine" ,
"publish_timestamp" : "1655990694" ,
"published" : true ,
"threat_level_id" : "2" ,
"timestamp" : "1655990647" ,
"uuid" : "3410ad13-ef34-48c9-bc6f-b1b111a30e06" ,
"Orgc" : {
"name" : "CIRCL" ,
"uuid" : "55f6ea5e-2c60-40e5-964f-47a8950d210f"
} ,
"Tag" : [
{
"colour" : "#12e000" ,
2023-05-19 09:05:37 +00:00
"local" : "0" ,
"name" : "misp-galaxy:threat-actor=\"Sofacy\"" ,
"relationship_type" : ""
2023-04-21 13:25:09 +00:00
} ,
{
"colour" : "#004646" ,
2023-05-19 09:05:37 +00:00
"local" : "0" ,
"name" : "type:OSINT" ,
"relationship_type" : ""
2023-04-21 13:25:09 +00:00
} ,
{
"colour" : "#0071c3" ,
2023-05-19 09:05:37 +00:00
"local" : "0" ,
"name" : "osint:lifetime=\"perpetual\"" ,
"relationship_type" : ""
2023-04-21 13:25:09 +00:00
} ,
{
"colour" : "#ffffff" ,
2023-05-19 09:05:37 +00:00
"local" : "0" ,
"name" : "tlp:white" ,
"relationship_type" : ""
2023-04-21 13:25:09 +00:00
} ,
{
"colour" : "#0088cc" ,
2023-05-19 09:05:37 +00:00
"local" : "0" ,
"name" : "misp-galaxy:target-information=\"Ukraine\"" ,
"relationship_type" : ""
2023-04-21 13:25:09 +00:00
} ,
{
"colour" : "#0088cc" ,
2023-05-19 09:05:37 +00:00
"local" : "0" ,
"name" : "misp-galaxy:country=\"russia\"" ,
"relationship_type" : ""
2023-04-21 13:25:09 +00:00
}
] ,
"Attribute" : [
{
"category" : "Network activity" ,
"comment" : "" ,
"deleted" : false ,
"disable_correlation" : false ,
"timestamp" : "1655989738" ,
"to_ids" : true ,
"type" : "hostname" ,
"uuid" : "a2b0de0e-0e43-4d68-8260-8dbe7ead5974" ,
"value" : "www.specialityllc.com"
} ,
{
"category" : "Network activity" ,
"comment" : "" ,
"deleted" : false ,
"disable_correlation" : false ,
"timestamp" : "1655989738" ,
"to_ids" : true ,
"type" : "hostname" ,
"uuid" : "76e69d5a-606d-46d8-a86b-85d37acaa083" ,
"value" : "mail.sartoc.com"
} ,
{
"category" : "Network activity" ,
"comment" : "" ,
"deleted" : false ,
"disable_correlation" : false ,
"timestamp" : "1655989738" ,
"to_ids" : true ,
"type" : "url" ,
"uuid" : "4a4402ed-6eaa-4d60-a9ec-583a0dd055e0" ,
"value" : "http://kompartpomiar.pl/grafika/docx.exe"
} ,
{
"category" : "Network activity" ,
"comment" : "" ,
"deleted" : false ,
"disable_correlation" : false ,
"timestamp" : "1655989738" ,
"to_ids" : true ,
"type" : "url" ,
"uuid" : "28df2d44-32c4-49c9-8278-4b0166168f37" ,
"value" : "http://kompartpomiar.pl/grafika/SQLite.Interop.dll"
} ,
{
"category" : "Network activity" ,
"comment" : "" ,
"deleted" : false ,
"disable_correlation" : false ,
"timestamp" : "1655989738" ,
"to_ids" : true ,
"type" : "ip-dst" ,
"uuid" : "d80ef005-49c3-4954-80ba-4e8464676148" ,
"value" : "144.208.77.68"
} ,
{
"category" : "Payload delivery" ,
"comment" : "" ,
"deleted" : false ,
"disable_correlation" : false ,
"timestamp" : "1655989772" ,
"to_ids" : true ,
"type" : "sha256" ,
"uuid" : "0256873d-b87d-4ac1-bd36-eb0729c0a837" ,
"value" : "daaa271cee97853bf4e235b55cb34c1f03ea6f8d3c958f86728d41f418b0bf01"
} ,
{
"category" : "Payload delivery" ,
"comment" : "" ,
"deleted" : false ,
"disable_correlation" : false ,
"timestamp" : "1655989772" ,
"to_ids" : true ,
"type" : "sha256" ,
"uuid" : "8e8a18c9-e530-4225-a4a1-e5a0f662b14d" ,
"value" : "2318ae5d7c23bf186b88abecf892e23ce199381b22c8eb216ad1616ee8877933"
} ,
{
"category" : "Payload delivery" ,
"comment" : "" ,
"deleted" : false ,
"disable_correlation" : false ,
"timestamp" : "1655989772" ,
"to_ids" : true ,
"type" : "sha1" ,
"uuid" : "a93a3baa-3e24-4012-9589-564cb41b570b" ,
"value" : "ebb0e34f44089fd4cc750b5fe0dcc14f6bb85a11"
} ,
{
"category" : "Payload delivery" ,
"comment" : "" ,
"deleted" : false ,
"disable_correlation" : false ,
"timestamp" : "1655989772" ,
"to_ids" : true ,
"type" : "sha1" ,
"uuid" : "70ba861c-a09a-417d-bd38-591fff364cce" ,
"value" : "b1847c89143fad810b7a3686296b9c1e91ad087c"
} ,
{
"category" : "Payload delivery" ,
"comment" : "" ,
"deleted" : false ,
"disable_correlation" : false ,
"timestamp" : "1655989772" ,
"to_ids" : true ,
"type" : "md5" ,
"uuid" : "71b683fa-9b57-4956-b6ff-3a65625e6da4" ,
"value" : "eafa11070f213f16efc030f625a423d1"
}
] ,
"Object" : [
{
"comment" : "" ,
"deleted" : false ,
"description" : "File object describing a file with meta-information" ,
"meta-category" : "file" ,
"name" : "file" ,
"template_uuid" : "688c46fb-5edb-40a3-8273-1af7923e2215" ,
"template_version" : "20" ,
"timestamp" : "1655990007" ,
"uuid" : "9b0ae517-772f-48ed-bfca-362cf0319f72" ,
"ObjectReference" : [
{
"comment" : "" ,
"object_uuid" : "9b0ae517-772f-48ed-bfca-362cf0319f72" ,
"referenced_uuid" : "ce610b88-badf-44db-993c-86a7a97a2cc8" ,
"relationship_type" : "abuses" ,
"timestamp" : "1655990007" ,
"uuid" : "f6ea1866-2174-4aba-9ea7-efb217afdfd3"
}
] ,
"Attribute" : [
{
"category" : "Payload delivery" ,
"comment" : "" ,
"deleted" : false ,
"disable_correlation" : true ,
"object_relation" : "filename" ,
"timestamp" : "1655989918" ,
"to_ids" : true ,
"type" : "filename" ,
"uuid" : "8255e714-9eaa-4bb4-a1cb-351b59cd4f5e" ,
"value" : "daaa271cee97853bf4e235b55cb34c1f03ea6f8d3c958f86728d41f418b0bf01"
} ,
{
"category" : "Other" ,
"comment" : "" ,
"deleted" : false ,
"disable_correlation" : true ,
"object_relation" : "size-in-bytes" ,
"timestamp" : "1655989918" ,
"to_ids" : false ,
"type" : "size-in-bytes" ,
"uuid" : "6550b6eb-d6ba-46be-abc1-112ab129b9a3" ,
"value" : "411760"
} ,
{
"category" : "Other" ,
"comment" : "" ,
"deleted" : false ,
"disable_correlation" : true ,
"object_relation" : "entropy" ,
"timestamp" : "1655989918" ,
"to_ids" : false ,
"type" : "float" ,
"uuid" : "949fd2fc-46d6-4862-ad15-a8b807cd997e" ,
"value" : "7.9944351431945"
} ,
{
"category" : "Payload delivery" ,
"comment" : "" ,
"deleted" : false ,
"disable_correlation" : false ,
"object_relation" : "md5" ,
"timestamp" : "1655989918" ,
"to_ids" : true ,
"type" : "md5" ,
"uuid" : "10987579-441b-47d6-a093-fa71a28d7def" ,
"value" : "eafa11070f213f16efc030f625a423d1"
} ,
{
"category" : "Payload delivery" ,
"comment" : "" ,
"deleted" : false ,
"disable_correlation" : false ,
"object_relation" : "sha1" ,
"timestamp" : "1655989918" ,
"to_ids" : true ,
"type" : "sha1" ,
"uuid" : "da5d4d24-5039-42d4-bb15-cc9fc81aa8e4" ,
"value" : "b1847c89143fad810b7a3686296b9c1e91ad087c"
} ,
{
"category" : "Payload delivery" ,
"comment" : "" ,
"deleted" : false ,
"disable_correlation" : false ,
"object_relation" : "sha256" ,
"timestamp" : "1655989918" ,
"to_ids" : true ,
"type" : "sha256" ,
"uuid" : "34b9ad59-af15-41d0-8311-0a5a8ec13f70" ,
"value" : "daaa271cee97853bf4e235b55cb34c1f03ea6f8d3c958f86728d41f418b0bf01"
} ,
{
"category" : "Payload delivery" ,
"comment" : "" ,
"deleted" : false ,
"disable_correlation" : false ,
"object_relation" : "sha512" ,
"timestamp" : "1655989918" ,
"to_ids" : true ,
"type" : "sha512" ,
"uuid" : "71bf21a1-3fda-486f-8ec0-869a73a9301a" ,
"value" : "68a084c9a6dee3c315181c97e661454c61b442539f4875136828a87beef40ffff79a7f7c5df549890ce42ed636fa4404e673877379b849cd0e4e6c2ab2642d0a"
} ,
{
"category" : "Payload delivery" ,
"comment" : "" ,
"data" : " U E s D B B Q A C Q A I A H 1 p 11 R 7 D j 7 R l z 8 G A H B I B g A g A B w A Z W F m Y T E x M D c w Z j I x M 2 Y x N m V m Y z A z M G Y 2 M j V h N D I z Z D F V V A k A A 55 m t G K e Z r R i d X g L A A E E I Q A A A A Q h A A A A 2 h z 31 Q r 3 X s T n J g a P B w / B o g L 5 y c j Z X 8 f u e S B A K B 6 y O 4 w W a s o N N c 6 Z I b U L 2 M x u E Z I z q 77 M W G q 49 X S 7 n o r p S p g Q q C e b h j 4 L K O J l j O k h x K p I H m q D D L F w V W 2e8 k R 9 l f E T M s / A R g I P 5 o 99 o D + n G k y s p E C L l u t y H 0 Y t U e a I j O 1 M 6 P r v I M 5 t z L K I s 74 U J z 29 f q H x Y g K n 7 G 0 H 0 Z d A Q G u 0 K G X 2 w V w C 70 l g r X T Q H i + 9 k q v r x m g 8 i M C 32 j z 0 a I g z 8 B 9 O C d u i h y 0 w w G 0 D e w x j T 46 s G 6 j L t S p 0 r a 5 J 2 d j p x x c 8 Q t v z g 6 F 9 x r y M A g 9 N R C 711 U o 3 q r 4 S 2 y C 6 q G x 3 Y x m V L Q X O j X j Z T B S Y t f b 3 + F L B E N z G D E k g j S d D V b 53 g H 0 q N J X d p i 5 K 2 i Q k n g g D v j 4 h U L R w h k N A E X s 5 h t k H q 9 m o 2 y r 38 P y z M L p 2 J L T Q 6 I 4 M W 5 X A I b A B q g H J i r p R X M K D f X G G N + 6 c q I g H 6 L w t K Z A 0 6 z B g p 54 L 1 u H x L G 5 V R 82 h 2 v C X j f r F b u Z w 1 t P D m c 2 C Y I + p Z o 6 r v B V T w V T K 3 O K n u K G Q h Y v y w G R I p 8 X 6 j i U i M o s Y 7 q v y Z F u k o m 18 r h D 2 t D a x Z h U l x j X x 2 / Y 0 M 21 R e 24 A Y I H H 1 V i O D e P g j m q J k e g 3 b 0 O 5 o L a D R y M j + z o K r R n a u 2 t O + z f y Y O 8 j l s 8 z J / Q S 6 M G I Z B l E t T S A Z 8 u Z 9 l u g e v V w N y 4 V s 1 A z p 87 w E J 6 v v y M j P m 6 / 48 q W w 7 p b M m h 0 0 k K q t U I / b q i U A E + r m o + X t 1 m b X c e d 5 f i K 8 C v B D h b Y 19 a i k h Y l o f I K V i 9 / w c 1 j b H s q E p 6 v C 4 l y B p z V c c e c d 9 U w 6 Z d H h J k H Y / f M I / J n Z + k 7 c g x G t m / F h p q T o w B b e F h P A H w o n R Z o x F v F X o b S N 560 V D c x q t x f 13 F B 0 R s r G 4 e O o 59 h R 7 Z m H s r G 8 P 5 l n p z W E o A 4 G j i m J x 7 r M o V 0 3 m F d g r n N Z 20 L E u g u w 6 y b q 9 x 5 P M y N i Y i d 861 h d n d 5 l x p L u b 7 U x B f K O / G p J k z R t N Q Y q Q c b h Q H f 9 P 1 O b G S U O w r A T 2 J / + f 77 x S Q P I P g x / 6 t P T X P K u 9 H / I g / t d F Y D Z C X R j 3 k x o d k v t l i G m O 6 X Z v M 5 Q m a P M Z T a a 7 j C O n R G h 3 Y L s P Z S o B l 4 / 6 P t 4 N t I E z U r V d c 0 Y + 4 p 0 k I G i Z M O E h J K U 62 V I t M i x s T j a l Y E b + 5 D 5 L u W v 1 F B c s Z 3 o + J 7 / B s a i H + l 7 H g O 3 D M U 1 y g G u 8 B R 1 G e T P M r d T G l n u N w K e m z A R 9 V G Y Z p R n x E 4 M y Y h z r p d + H g Y S L 0 k N u M N z 3 I x x f X L e 7 u 0 R w J G N N U D G p B a D 5 H a U H c M Y s n S R M 0 E k h Z 5 f L p q F X r T V m l 7 x A C F A x C X a V g Y T O m 69 s S l F / K V m x r E o s m F C r Z 7 d 9 b q m R V 1 D T m 96 P l R H t X X l Q T j w b W S d T O j O 179 n 969 y V 5 B x y p + m E B a S z O F H m k W j J F T u t W C 5 A 3 q s o I 8 g b y Q x F 1 z B l X z c M c J G 9 d n M A 1 A 5 m G X / 2 u W 6 L A r 9 V 113 D M e + J A A V 3 Y 4 z m y v v + Z P A M q K P m a K + Z o l 8 T l o k v a l v M I F G i v j u 3 V f d Y K 1 Y i e 8 O I M v R U q N 66 K e 3 + l n S K y V x 1 e K A y b k 3 / K K u M J 4 s 82 p T i N Y 0 60 Y + 5 C Q x A 6 q B Z B k I n 3 u N 9 d t u M a j 0 X W z i 0 b h A A s N A z F 3 w 0 a 0 H C d Y A 0 M y 4 J w h 1 l l P K 3 E S n O m o m s K K 0 e a N S Z o + v 766 W L 6 i z r u Y U x w 7 z 6 q s h x L j X + v o H h R T 7 f G f J M e V 4 v / L Y i v g j c r L i t W 5 F M n P Z r / 5 t 8 r w P + h A C K S q q o 6 K 2 m h Q c J S 9 X U u y s l p Y 3 B s 7 V P K S 7 n J F E R u w b B b / m v F 3 + Q c 9 G Z c 5 B Z C i u d z c 4 P P H R 9 o t b L F L G T b O n x K K e O D q h f S x g p 8 D g M C 24 E d J 9 d l f J p l 8 Q Q m 0 3 H b p s n T Y j O C a e f a 5 i K 2 / 3 / a m Q Z n A 3 L f B 6 N 6 m i n h l p r M a m x A 4 + L n L Z k A V h a u q K S R P v M e z q z 7 b P 4 A H u A W 65 N 4 Z + g 20 W H j p t 2 j k G p q m o 0 1 s + f 24 i I 74 e q 0 1 W r G 7 W a Z K d o n / q s I 2 C i j w l v 6 V o x C o F 8 x B 1 T B l n J r q o 5 y n U P P O c d c B V Z V t Z r 3 c + V p s G g q q g u S P i R X v M C t 4 S b 2 L v T V n 9 o x I R I U 675 N b 1 K x K z T J 3 k q 4 G 7 v e q R l Q 3 n J c n B / d o B t 5 y c z S 3 d 4 l s u G l 8 e K + e l a Y x c H x e x r a / x W v F F T 1 T r 9 U N X Z / E 5 q 6 V Z H c + 60 / M M G R u U p 6 e V f e o i R W z A w n G k 6e2 + m f N 0 9 u V Q T v 0 E U k Z c 0 1 v 5 E z l u 3 G E f M k 28 R 3 U 8 q F h q 98 P X X R i D + e T L f c 7 W p s / P w Q N A E w p y A L s Q j J K M z K t G H g v 6 I A G a r I C 3 t e n q j L F y O V u q R j L d D w L D s o / x 6 T O 9 Y l S f K 1 Q y h C 5 j g l S B q R 2 s A y 7 f X E 0 K W p 7 W V u x E N p d J v L l 0 U C 3 s 0 f Y 0 7 p I L a U Z Y V u 89 a A P 7 e V L T F 9 R H 8 V Q n p c f 8 l c E q 2 N j C 0 S l x j M v R p O F 17 y R Y r F t 0 k i o 5 M W C A 7 q O p m r 4 k g N 6 O 2 N 2 B 4 p M i E b Z R F W a n C 2 a V e R W y y k e 5 e h X R o y 1 T t y a 4 J 5 J I Z p q h g j N G Z s 2 t f k A C 7 o v 9 q w E C B 2 n z K 8 y J f R R K J 5 v g f 7 n Y v z 7 s s / C x G l p o A U m y 6 A X j 5 h M r G g 8 k B A M q o c + 2 g 8 z V u S 5 b B 2 / m j 8 E V N u q J 8 a 0 W v j k x 3 / r 91 X L f o V x t 1 r N V V A A J K R a c f e 1 E / b y J e L 8 D f l b v V e 0 c v / H 4 c 0 B g n s t W Y k I N o j L y N R T s m y 74 i 9 v M k U R h F M C B / H m S O q + G p o 8 A H M u O o h y y o e u m y R t R O O R I c B P S m d X h Y h J E W n 2 D 7 + R f r x P y m I a c Q V i d Z e I + U 0 T c y G W d l D s b p n i X C Y v p G x v a N q F R x X o J Q z S O 3 h 243 c t a S N t d d D 9 i E 5 y 79 R s U 0 I 7 M R j E M U + a O a H E z + r l f w x A c e N m 72 l D U 1 W X i T a v l f r K N 2 I f w z f G q b / K f H r C a z k 9 M 6 u 8 G I + x b w 2 m v g E q j k j E Z i k J H L u Z T 4 h e 4 D 3 P o I E F s / p e p 7 k E V E a 7 c D 3 r v d z 6 P c j 9 m q w D k K v C Q s Z u n k T 5 j d A I d c p P O N U g B S d A Q B B t T g q t u J F j A P x + q + I V A a D q X g j A T I E x i n 8 x G M h P w t R A 40 k Y + 8 b r F e L G k t I A P Y i + A E 3 v H 55 F J q g x l g N a 4 w a 5 W T Q h P v o X H r D X n e 1 X U C w + g 70 Q X I 0 y g S 3 i w u 3 V / m q T 2 Y N B P 2 I 6 g W n y y 6 E y s l Q J n t / 9 t 9 v 1 v L 0 d Q h v p D 3 O 92 Z Z g h s n P 0 5 S 4 o b A L O 9 G X b M E r 3 T Z a / z + O D 2 s v 84 J 5909 I j M Q m e / 57 f L v w j + 0 s n S / g w A x p P + X l q d v N I e O w O a k p v k q 4 f D f P 3 y E t Q h J 9 C X Q V y n p I 9 f e 69 T o h Y j e 1 P P + / o V m K f P e 8 u Q a P v o 7 z q j t Y y 3 Q H T P A T F G 2 k A f R 7 y 6 p c S 9 s x J 1 w C Y n Q i u t Z e U / G I Y R Q Y q i 6 W 5 l X U y f k i 9 o q Q s F i J N z l p H I S J T / w 1 / D i P D w 3 g t e K n f J B Y Z J o / 3 t 9 + S Z u H p O d V j 25 J l f T b j x E T r 3 C 4 g w m n o 5 Q 0 h / X 1 I r 5 d S E + 4 l A + H e i N u n 19 / r y S 1 Y 9 V J b c M N F q d Y 3 / M u Y l Z R B O 1 o G N k f G D Y f G f O v P b 7 n i v a F i t z K 6 f Y G t D 7 o 800 W q R O F s F X L L / w / Z E 8 K / O 4 r x p j k R C F r X d d O j J l d S U t 5 l V a u c 2 z B 0 o v K l v q k K h x J t L 2 o 3 v q U U y 9 j c G / F 6 P n Z 5 d r p E G G t D 5 P Y w U N A / p u 2 Z R p s m v H M b X 6 G X 7 M x F V f B s j a M b G x O k x 3 i k G 7 L S H c S W p i E V l s z j O o v l g i 8 r p z B j g A c y P R x G r 2 s N H o 9 o 6 F h B A v N 20 R 4 d 9 Q L k 90 d G 9 s i + S f t d D I / 86 b L l 2 R 95 l K X Q t / H 2 q z 6 L 72 a Z o o J H 8 T 5 R A h 5 Q z y P t 3 B o Y z D T / K b 7 / U G J z R X x k Z s Z F w j w X b R R J 5 J 0 j U t w / E F w g J D 5 M 6 L h H 9 V G 16 + W n T 5 M h y 7 h 0 q S H I B w o d T + w L n c 27 s m m V W E V k e w D B y g W 3 t f F 0 H t K 5 H x p K t T v p a 9 x C N u Q X y 6 b v S e g k w V O + B Q 6 J u A 9 V q d u V m J e S q T Q n N z 9 X t C + 7 M r P A H L 2 d z W 5 C y s b 1 e t D T o b U s y H 3 e x x Y r w O G O h q a 377 J F A / a n b s D a G S 54 O 1 q r R W X m z v 61 S W U i 4 N T Y A K n 7 S E K 9e161 E 8 r C F V f J 2
"deleted" : false ,
"disable_correlation" : false ,
"object_relation" : "malware-sample" ,
"timestamp" : "1655989918" ,
"to_ids" : true ,
"type" : "malware-sample" ,
"uuid" : "5ecb6e1b-5580-4f83-adbe-e96ae16f9631" ,
"value" : "daaa271cee97853bf4e235b55cb34c1f03ea6f8d3c958f86728d41f418b0bf01|eafa11070f213f16efc030f625a423d1"
} ,
{
"category" : "Artifacts dropped" ,
"comment" : "" ,
"deleted" : false ,
"disable_correlation" : true ,
"object_relation" : "mimetype" ,
"timestamp" : "1655989918" ,
"to_ids" : false ,
"type" : "mime-type" ,
"uuid" : "f5e3d0ec-f642-45e4-bfb3-99c4c2d62069" ,
"value" : "Microsoft Word 2007+"
} ,
{
"category" : "Payload delivery" ,
"comment" : "" ,
"deleted" : false ,
"disable_correlation" : false ,
"object_relation" : "ssdeep" ,
"timestamp" : "1655989918" ,
"to_ids" : true ,
"type" : "ssdeep" ,
"uuid" : "041c7184-806b-402d-b272-eb5decd2de6e" ,
"value" : "6144:UOjcXgk3fb0pZmtcQPbfUNnweoafhcdP19F9vQZ/y7dmMcnFn5iQiM8poFDNsGrO:Rm4zmtVbC6P19Fa67dmxl5iNGFpd/LA"
}
]
} ,
{
"comment" : "" ,
"deleted" : false ,
"description" : "Vulnerability object describing a common vulnerability enumeration which can describe published, unpublished, under review or embargo vulnerability for software, equipments or hardware." ,
"meta-category" : "vulnerability" ,
"name" : "vulnerability" ,
"template_uuid" : "81650945-f186-437b-8945-9f31715d32da" ,
"template_version" : "8" ,
"timestamp" : "1655989975" ,
"uuid" : "ce610b88-badf-44db-993c-86a7a97a2cc8" ,
"Attribute" : [
{
"category" : "External analysis" ,
"comment" : "" ,
"deleted" : false ,
"disable_correlation" : false ,
"object_relation" : "id" ,
"timestamp" : "1655989975" ,
"to_ids" : false ,
"type" : "vulnerability" ,
"uuid" : "6fa5762f-5798-475a-975a-eba115f62180" ,
"value" : "CVE-2022-30190"
} ,
{
"category" : "Other" ,
"comment" : "" ,
"deleted" : false ,
"disable_correlation" : true ,
"object_relation" : "state" ,
"timestamp" : "1655989975" ,
"to_ids" : false ,
"type" : "text" ,
"uuid" : "ce748279-85b3-44c9-aa20-0a8f551b71ee" ,
"value" : "Published"
}
]
} ,
{
"comment" : "CVE-2022-30190: Enriched via the cve_advanced module" ,
"deleted" : false ,
"description" : "Vulnerability object describing a common vulnerability enumeration which can describe published, unpublished, under review or embargo vulnerability for software, equipments or hardware." ,
"meta-category" : "vulnerability" ,
"name" : "vulnerability" ,
"template_uuid" : "81650945-f186-437b-8945-9f31715d32da" ,
"template_version" : "8" ,
"timestamp" : "1655989988" ,
"uuid" : "f793c30c-02de-4e84-8494-e06fc3013958" ,
"ObjectReference" : [
{
"comment" : "" ,
"object_uuid" : "f793c30c-02de-4e84-8494-e06fc3013958" ,
"referenced_uuid" : "ce610b88-badf-44db-993c-86a7a97a2cc8" ,
"relationship_type" : "related-to" ,
"timestamp" : "1655989988" ,
"uuid" : "486f4b5f-4eb2-4d67-b5c6-2277098624a6"
}
] ,
"Attribute" : [
{
"category" : "External analysis" ,
"comment" : "CVE-2022-30190: Enriched via the cve_advanced module" ,
"deleted" : false ,
"disable_correlation" : false ,
"object_relation" : "id" ,
"timestamp" : "1655989988" ,
"to_ids" : false ,
"type" : "vulnerability" ,
"uuid" : "617db3de-1932-432d-ab23-87be782e42ea" ,
"value" : "CVE-2022-30190"
} ,
{
"category" : "Other" ,
"comment" : "CVE-2022-30190: Enriched via the cve_advanced module" ,
"deleted" : false ,
"disable_correlation" : false ,
"object_relation" : "summary" ,
"timestamp" : "1655989988" ,
"to_ids" : false ,
"type" : "text" ,
"uuid" : "134a2cc1-943c-432f-9245-0d71416e5eb1" ,
"value" : "Microsoft\u00a0Windows\u00a0Support\u00a0Diagnostic\u00a0Tool\u00a0(MSDT)\u00a0Remote\u00a0Code\u00a0Execution\u00a0Vulnerability."
} ,
{
"category" : "Other" ,
"comment" : "CVE-2022-30190: Enriched via the cve_advanced module" ,
"deleted" : false ,
"disable_correlation" : true ,
"object_relation" : "modified" ,
"timestamp" : "1655989988" ,
"to_ids" : false ,
"type" : "datetime" ,
"uuid" : "f70618d2-1edc-450b-b9a0-ab38bd463508" ,
"value" : "2022-06-07T18:15:00+00:00"
} ,
{
"category" : "Other" ,
"comment" : "CVE-2022-30190: Enriched via the cve_advanced module" ,
"deleted" : false ,
"disable_correlation" : true ,
"object_relation" : "cvss-score" ,
"timestamp" : "1655989988" ,
"to_ids" : false ,
"type" : "float" ,
"uuid" : "cd9d10b9-b8bd-4850-bdfd-a0a0c1f47325" ,
"value" : "9.3"
} ,
{
"category" : "Other" ,
"comment" : "CVE-2022-30190: Enriched via the cve_advanced module" ,
"deleted" : false ,
"disable_correlation" : true ,
"object_relation" : "published" ,
"timestamp" : "1655989988" ,
"to_ids" : false ,
"type" : "datetime" ,
"uuid" : "073bba41-acc6-4cea-96a9-31e4fb976ff3" ,
"value" : "2022-06-01T20:15:00+00:00"
} ,
{
"category" : "Other" ,
"comment" : "CVE-2022-30190: Enriched via the cve_advanced module" ,
"deleted" : false ,
"disable_correlation" : true ,
"object_relation" : "state" ,
"timestamp" : "1655989988" ,
"to_ids" : false ,
"type" : "text" ,
"uuid" : "bbaf59c3-fa3d-4faa-b40a-780c846648d3" ,
"value" : "Published"
} ,
{
"category" : "External analysis" ,
"comment" : "CVE-2022-30190: Enriched via the cve_advanced module" ,
"deleted" : false ,
"disable_correlation" : false ,
"object_relation" : "references" ,
"timestamp" : "1655989988" ,
"to_ids" : false ,
"type" : "link" ,
"uuid" : "dbf2f5af-422c-4515-ae2e-1bd5dca71700" ,
"value" : "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2022-30190"
} ,
{
"category" : "External analysis" ,
"comment" : "CVE-2022-30190: Enriched via the cve_advanced module" ,
"deleted" : false ,
"disable_correlation" : false ,
"object_relation" : "references" ,
"timestamp" : "1655989988" ,
"to_ids" : false ,
"type" : "link" ,
"uuid" : "02483625-5c8f-4270-8e48-84fd095529c3" ,
"value" : "http://packetstormsecurity.com/files/167438/Microsoft-Office-Word-MSDTJS-Code-Execution.html"
} ,
{
"category" : "External analysis" ,
"comment" : "CVE-2022-30190: Enriched via the cve_advanced module" ,
"deleted" : false ,
"disable_correlation" : false ,
"object_relation" : "vulnerable_configuration" ,
"timestamp" : "1655989988" ,
"to_ids" : false ,
"type" : "cpe" ,
"uuid" : "0b166f7c-ee17-4bbc-85e0-2154eb7c3cc0" ,
"value" : "cpe:2.3:o:microsoft:windows_server_2012:r2:*:*:*:*:*:*:*"
} ,
{
"category" : "External analysis" ,
"comment" : "CVE-2022-30190: Enriched via the cve_advanced module" ,
"deleted" : false ,
"disable_correlation" : false ,
"object_relation" : "vulnerable_configuration" ,
"timestamp" : "1655989988" ,
"to_ids" : false ,
"type" : "cpe" ,
"uuid" : "7ed18d10-ac94-45a6-993c-0dd7fbeb51ae" ,
"value" : "cpe:2.3:o:microsoft:windows_10:1607:*:*:*:*:*:*:*"
} ,
{
"category" : "External analysis" ,
"comment" : "CVE-2022-30190: Enriched via the cve_advanced module" ,
"deleted" : false ,
"disable_correlation" : false ,
"object_relation" : "vulnerable_configuration" ,
"timestamp" : "1655989988" ,
"to_ids" : false ,
"type" : "cpe" ,
"uuid" : "bc5ab69c-dc5f-4ab0-967b-f0145dd5b7db" ,
"value" : "cpe:2.3:o:microsoft:windows_8.1:-:*:*:*:*:*:*:*"
} ,
{
"category" : "External analysis" ,
"comment" : "CVE-2022-30190: Enriched via the cve_advanced module" ,
"deleted" : false ,
"disable_correlation" : false ,
"object_relation" : "vulnerable_configuration" ,
"timestamp" : "1655989988" ,
"to_ids" : false ,
"type" : "cpe" ,
"uuid" : "83cbd940-6af7-4780-a6d9-53b6899953e6" ,
"value" : "cpe:2.3:o:microsoft:windows_server_2016:-:*:*:*:*:*:*:*"
} ,
{
"category" : "External analysis" ,
"comment" : "CVE-2022-30190: Enriched via the cve_advanced module" ,
"deleted" : false ,
"disable_correlation" : false ,
"object_relation" : "vulnerable_configuration" ,
"timestamp" : "1655989988" ,
"to_ids" : false ,
"type" : "cpe" ,
"uuid" : "dec2bf2f-c26b-4d53-844c-3ce88911cc02" ,
"value" : "cpe:2.3:o:microsoft:windows_server_2008:-:sp2:*:*:*:*:*:*"
} ,
{
"category" : "External analysis" ,
"comment" : "CVE-2022-30190: Enriched via the cve_advanced module" ,
"deleted" : false ,
"disable_correlation" : false ,
"object_relation" : "vulnerable_configuration" ,
"timestamp" : "1655989988" ,
"to_ids" : false ,
"type" : "cpe" ,
"uuid" : "d67cfe8e-0753-4aa6-8303-ce3937df8a6a" ,
"value" : "cpe:2.3:o:microsoft:windows_server_2008:r2:sp1:*:*:*:*:*:*"
} ,
{
"category" : "External analysis" ,
"comment" : "CVE-2022-30190: Enriched via the cve_advanced module" ,
"deleted" : false ,
"disable_correlation" : false ,
"object_relation" : "vulnerable_configuration" ,
"timestamp" : "1655989988" ,
"to_ids" : false ,
"type" : "cpe" ,
"uuid" : "cf2bdf58-c65a-4dff-9da3-e0b1f1f78201" ,
"value" : "cpe:2.3:o:microsoft:windows_7:-:sp1:*:*:*:*:*:*"
} ,
{
"category" : "External analysis" ,
"comment" : "CVE-2022-30190: Enriched via the cve_advanced module" ,
"deleted" : false ,
"disable_correlation" : false ,
"object_relation" : "vulnerable_configuration" ,
"timestamp" : "1655989988" ,
"to_ids" : false ,
"type" : "cpe" ,
"uuid" : "52d76c35-7951-4bce-bf07-7af04bbe52aa" ,
"value" : "cpe:2.3:o:microsoft:windows_rt_8.1:-:*:*:*:*:*:*:*"
} ,
{
"category" : "External analysis" ,
"comment" : "CVE-2022-30190: Enriched via the cve_advanced module" ,
"deleted" : false ,
"disable_correlation" : false ,
"object_relation" : "vulnerable_configuration" ,
"timestamp" : "1655989988" ,
"to_ids" : false ,
"type" : "cpe" ,
"uuid" : "b3370482-2158-45a5-aac7-dbd7f16eb9c2" ,
"value" : "cpe:2.3:o:microsoft:windows_server_2012:-:*:*:*:*:*:*:*"
} ,
{
"category" : "External analysis" ,
"comment" : "CVE-2022-30190: Enriched via the cve_advanced module" ,
"deleted" : false ,
"disable_correlation" : false ,
"object_relation" : "vulnerable_configuration" ,
"timestamp" : "1655989988" ,
"to_ids" : false ,
"type" : "cpe" ,
"uuid" : "2853e0b7-400b-4fe2-893a-92b8e332d963" ,
"value" : "cpe:2.3:o:microsoft:windows_10:-:*:*:*:*:*:*:*"
} ,
{
"category" : "External analysis" ,
"comment" : "CVE-2022-30190: Enriched via the cve_advanced module" ,
"deleted" : false ,
"disable_correlation" : false ,
"object_relation" : "vulnerable_configuration" ,
"timestamp" : "1655989988" ,
"to_ids" : false ,
"type" : "cpe" ,
"uuid" : "ba365fb3-7702-4020-a383-bae48e22c884" ,
"value" : "cpe:2.3:o:microsoft:windows_server_2019:-:*:*:*:*:*:*:*"
} ,
{
"category" : "External analysis" ,
"comment" : "CVE-2022-30190: Enriched via the cve_advanced module" ,
"deleted" : false ,
"disable_correlation" : false ,
"object_relation" : "vulnerable_configuration" ,
"timestamp" : "1655989988" ,
"to_ids" : false ,
"type" : "cpe" ,
"uuid" : "c48218bc-c1df-4a4d-a6d1-d61c29e1464b" ,
"value" : "cpe:2.3:o:microsoft:windows_10:1809:*:*:*:*:*:*:*"
} ,
{
"category" : "External analysis" ,
"comment" : "CVE-2022-30190: Enriched via the cve_advanced module" ,
"deleted" : false ,
"disable_correlation" : false ,
"object_relation" : "vulnerable_configuration" ,
"timestamp" : "1655989988" ,
"to_ids" : false ,
"type" : "cpe" ,
"uuid" : "05af9124-6f8d-4746-9150-3713f7bbc465" ,
"value" : "cpe:2.3:o:microsoft:windows_10:20h2:*:*:*:*:*:*:*"
} ,
{
"category" : "External analysis" ,
"comment" : "CVE-2022-30190: Enriched via the cve_advanced module" ,
"deleted" : false ,
"disable_correlation" : false ,
"object_relation" : "vulnerable_configuration" ,
"timestamp" : "1655989988" ,
"to_ids" : false ,
"type" : "cpe" ,
"uuid" : "2d05ac4a-5bc3-436a-aae4-f56f6985345d" ,
"value" : "cpe:2.3:o:microsoft:windows_10:21h1:*:*:*:*:*:*:*"
} ,
{
"category" : "External analysis" ,
"comment" : "CVE-2022-30190: Enriched via the cve_advanced module" ,
"deleted" : false ,
"disable_correlation" : false ,
"object_relation" : "vulnerable_configuration" ,
"timestamp" : "1655989988" ,
"to_ids" : false ,
"type" : "cpe" ,
"uuid" : "9b75b5b6-f3ed-46d5-bfaa-8355f6e5fdc3" ,
"value" : "cpe:2.3:o:microsoft:windows_server_2022:-:*:*:*:*:*:*:*"
} ,
{
"category" : "External analysis" ,
"comment" : "CVE-2022-30190: Enriched via the cve_advanced module" ,
"deleted" : false ,
"disable_correlation" : false ,
"object_relation" : "vulnerable_configuration" ,
"timestamp" : "1655989988" ,
"to_ids" : false ,
"type" : "cpe" ,
"uuid" : "9156c403-c396-429d-9130-16ceaa40607a" ,
"value" : "cpe:2.3:o:microsoft:windows_11:-:*:*:*:*:*:arm64:*"
} ,
{
"category" : "External analysis" ,
"comment" : "CVE-2022-30190: Enriched via the cve_advanced module" ,
"deleted" : false ,
"disable_correlation" : false ,
"object_relation" : "vulnerable_configuration" ,
"timestamp" : "1655989988" ,
"to_ids" : false ,
"type" : "cpe" ,
"uuid" : "6190d0eb-090f-4cba-bb39-b7f2b5100abc" ,
"value" : "cpe:2.3:o:microsoft:windows_11:-:*:*:*:*:*:x64:*"
} ,
{
"category" : "External analysis" ,
"comment" : "CVE-2022-30190: Enriched via the cve_advanced module" ,
"deleted" : false ,
"disable_correlation" : false ,
"object_relation" : "vulnerable_configuration" ,
"timestamp" : "1655989988" ,
"to_ids" : false ,
"type" : "cpe" ,
"uuid" : "f58ad1e1-603a-45dd-8dc4-a089cb36cf15" ,
"value" : "cpe:2.3:o:microsoft:windows_10:21h2:*:*:*:*:*:*:*"
}
]
} ,
{
"comment" : "" ,
"deleted" : false ,
"description" : "Metadata used to generate an executive level report" ,
"meta-category" : "misc" ,
"name" : "report" ,
"template_uuid" : "70a68471-df22-4e3f-aa1a-5a3be19f82df" ,
"template_version" : "5" ,
"timestamp" : "1655990131" ,
"uuid" : "ef1b6703-890c-4019-b137-efa8b682371b" ,
"Attribute" : [
{
"category" : "External analysis" ,
"comment" : "" ,
"deleted" : false ,
"disable_correlation" : false ,
"object_relation" : "link" ,
"timestamp" : "1655990131" ,
"to_ids" : false ,
"type" : "link" ,
"uuid" : "195fe785-cea5-4b57-ad6b-5a37125fd4d0" ,
"value" : "https://otx.alienvault.com/pulse/62b44a9d13580736f8547cb8"
} ,
{
"category" : "External analysis" ,
"comment" : "" ,
"deleted" : false ,
"disable_correlation" : false ,
"object_relation" : "link" ,
"timestamp" : "1655990131" ,
"to_ids" : false ,
"type" : "link" ,
"uuid" : "db051bd7-c0f7-4f7d-8427-af2c358b133c" ,
"value" : "https://blog.malwarebytes.com/threat-intelligence/2022/06/russias-apt28-uses-fear-of-nuclear-war-to-spread-follina-docs-in-ukraine/"
} ,
{
"category" : "Other" ,
"comment" : "" ,
"deleted" : false ,
"disable_correlation" : false ,
"object_relation" : "summary" ,
"timestamp" : "1655990131" ,
"to_ids" : false ,
"type" : "text" ,
"uuid" : "3eaa5829-6bf0-4e60-aca5-4727b688094e" ,
"value" : "In a recent campaign, APT28, an advanced persistent threat actor linked with Russian intelligence, set its sights on Ukraine, targeting users with malware that steals credentials stored in browsers. APT28 (also known as Sofacy and Fancy Bear) is a notorious Russian threat actor that has been active since at least 2004 with its main activity being collecting intelligence for the Russian government. The group is known to have targeted US politicians, and US organizations, including US nuclear facilities."
} ,
{
"category" : "Other" ,
"comment" : "" ,
"deleted" : false ,
"disable_correlation" : true ,
"object_relation" : "type" ,
"timestamp" : "1655990131" ,
"to_ids" : false ,
"type" : "text" ,
"uuid" : "7d9f1e05-13bd-433b-8f86-b0be6ae7e46f" ,
"value" : "Blog post"
}
]
} ,
{
"comment" : "" ,
"deleted" : false ,
"description" : "url object describes an url along with its normalized field (like extracted using faup parsing library) and its metadata." ,
"meta-category" : "network" ,
"name" : "url" ,
"template_uuid" : "60efb77b-40b5-4c46-871b-ed1ed999fce5" ,
"template_version" : "9" ,
"timestamp" : "1655990265" ,
"uuid" : "b15f8aba-033f-4669-a02d-eda7a7c03e07" ,
"Attribute" : [
{
"category" : "Network activity" ,
"comment" : "" ,
"deleted" : false ,
"disable_correlation" : false ,
"object_relation" : "url" ,
"timestamp" : "1655990265" ,
"to_ids" : true ,
"type" : "url" ,
"uuid" : "7836d744-6edc-46f4-b926-c33f22a0e597" ,
"value" : "http://kitten-268.frge.io/article.html"
} ,
{
"category" : "Network activity" ,
"comment" : "" ,
"deleted" : false ,
"disable_correlation" : false ,
"object_relation" : "host" ,
"timestamp" : "1655990265" ,
"to_ids" : true ,
"type" : "hostname" ,
"uuid" : "dc71251d-0ee9-4dcd-9a3e-d9732a76d794" ,
"value" : "kitten-268.frge.io"
} ,
{
"category" : "Other" ,
"comment" : "" ,
"deleted" : false ,
"disable_correlation" : true ,
"object_relation" : "scheme" ,
"timestamp" : "1655990265" ,
"to_ids" : false ,
"type" : "text" ,
"uuid" : "9b210707-b505-4137-9357-2ff86597a181" ,
"value" : "http"
}
]
} ,
{
"comment" : "kitten-268.frge.io: Enriched via the farsight_passivedns module" ,
"deleted" : false ,
"description" : "Passive DNS records as expressed in draft-dulaunoy-dnsop-passive-dns-cof-07. See https://tools.ietf.org/id/draft-dulaunoy-dnsop-passive-dns-cof-07.html" ,
"first_seen" : "2022-06-20T20:54:14+00:00" ,
"last_seen" : "2022-06-22T22:48:01+00:00" ,
"meta-category" : "network" ,
"name" : "passive-dns" ,
"template_uuid" : "b77b7b1c-66ab-4a41-8da4-83810f6d2d6c" ,
"template_version" : "5" ,
"timestamp" : "1655990334" ,
"uuid" : "afb7dae5-8291-437f-b353-fca9c4a10258" ,
"ObjectReference" : [
{
"comment" : "" ,
"object_uuid" : "afb7dae5-8291-437f-b353-fca9c4a10258" ,
"referenced_uuid" : "b15f8aba-033f-4669-a02d-eda7a7c03e07" ,
"relationship_type" : "related-to" ,
"timestamp" : "1655990334" ,
"uuid" : "43510f6f-6de6-4dfb-8780-0996d2c25081"
}
] ,
"Attribute" : [
{
"category" : "Other" ,
"comment" : "Result from a rrset lookup on DNSDB about the hostname: kitten-268.frge.io" ,
"deleted" : false ,
"disable_correlation" : false ,
"object_relation" : "rdata" ,
"timestamp" : "1655990334" ,
"to_ids" : false ,
"type" : "text" ,
"uuid" : "98e360e9-9169-4516-91b1-401cfe61bdc4" ,
"value" : "18.133.249.238"
} ,
{
"category" : "Other" ,
"comment" : "Result from a rrset lookup on DNSDB about the hostname: kitten-268.frge.io" ,
"deleted" : false ,
"disable_correlation" : true ,
"object_relation" : "count" ,
"timestamp" : "1655990334" ,
"to_ids" : false ,
"type" : "counter" ,
"uuid" : "7cf96d0a-33a1-4b05-8cee-cfe62e822f38" ,
"value" : "88"
} ,
{
"category" : "Other" ,
"comment" : "Result from a rrset lookup on DNSDB about the hostname: kitten-268.frge.io" ,
"deleted" : false ,
"disable_correlation" : true ,
"object_relation" : "time_first" ,
"timestamp" : "1655990334" ,
"to_ids" : false ,
"type" : "datetime" ,
"uuid" : "8784a4e4-1f09-46e9-bc88-73d566ff75ce" ,
"value" : "2022-06-20T20:54:14+00:00"
} ,
{
"category" : "Other" ,
"comment" : "Result from a rrset lookup on DNSDB about the hostname: kitten-268.frge.io" ,
"deleted" : false ,
"disable_correlation" : true ,
"object_relation" : "time_last" ,
"timestamp" : "1655990334" ,
"to_ids" : false ,
"type" : "datetime" ,
"uuid" : "725264e5-1243-4704-bc0b-d0bab4b52cc9" ,
"value" : "2022-06-22T22:48:01+00:00"
} ,
{
"category" : "Other" ,
"comment" : "Result from a rrset lookup on DNSDB about the hostname: kitten-268.frge.io" ,
"deleted" : false ,
"disable_correlation" : false ,
"object_relation" : "rrname" ,
"timestamp" : "1655990334" ,
"to_ids" : false ,
"type" : "text" ,
"uuid" : "759965a9-2e71-4624-8502-375fde6db497" ,
"value" : "kitten-268.frge.io."
} ,
{
"category" : "Other" ,
"comment" : "Result from a rrset lookup on DNSDB about the hostname: kitten-268.frge.io" ,
"deleted" : false ,
"disable_correlation" : true ,
"object_relation" : "rrtype" ,
"timestamp" : "1655990334" ,
"to_ids" : false ,
"type" : "text" ,
"uuid" : "c3f15a92-140e-465d-9b52-9474a4e3fb55" ,
"value" : "A"
} ,
{
"category" : "Network activity" ,
"comment" : "Result from a rrset lookup on DNSDB about the hostname: kitten-268.frge.io" ,
"deleted" : false ,
"disable_correlation" : true ,
"object_relation" : "bailiwick" ,
"timestamp" : "1655990334" ,
"to_ids" : true ,
"type" : "domain" ,
"uuid" : "dec1d9bb-8d79-467d-956d-45a903872581" ,
"value" : "frge.io"
}
]
} ,
{
"comment" : "" ,
"deleted" : false ,
"description" : "Object describing a section of a Portable Executable" ,
"meta-category" : "file" ,
"name" : "pe-section" ,
"template_uuid" : "198a17d2-a135-4b25-9a32-5aa4e632014a" ,
"template_version" : "3" ,
"timestamp" : "1655990571" ,
"uuid" : "7928bdab-a27f-4dbf-8a5f-68cb84400261" ,
"Attribute" : [
{
"category" : "Other" ,
"comment" : "" ,
"deleted" : false ,
"disable_correlation" : true ,
"object_relation" : "name" ,
"timestamp" : "1655990571" ,
"to_ids" : false ,
"type" : "text" ,
"uuid" : "130d01c8-7940-4d92-830a-25849d5c70a1" ,
"value" : ".text"
} ,
{
"category" : "Other" ,
"comment" : "" ,
"deleted" : false ,
"disable_correlation" : true ,
"object_relation" : "size-in-bytes" ,
"timestamp" : "1655990571" ,
"to_ids" : false ,
"type" : "size-in-bytes" ,
"uuid" : "4f5a4c0f-f701-4c85-ac6a-cce4213a7c3b" ,
"value" : "5431296"
} ,
{
"category" : "Other" ,
"comment" : "" ,
"deleted" : false ,
"disable_correlation" : true ,
"object_relation" : "entropy" ,
"timestamp" : "1655990571" ,
"to_ids" : false ,
"type" : "float" ,
"uuid" : "e10ecd13-58b1-4312-892e-a8299fbf7721" ,
"value" : "7.9973059211035"
} ,
{
"category" : "Payload delivery" ,
"comment" : "" ,
"deleted" : false ,
"disable_correlation" : false ,
"object_relation" : "md5" ,
"timestamp" : "1655990571" ,
"to_ids" : true ,
"type" : "md5" ,
"uuid" : "8d1d3e44-824d-4e84-b4e3-b78c3b8035e0" ,
"value" : "2320acc1bfdb7507bd655f7c3753c2e4"
} ,
{
"category" : "Payload delivery" ,
"comment" : "" ,
"deleted" : false ,
"disable_correlation" : false ,
"object_relation" : "sha1" ,
"timestamp" : "1655990571" ,
"to_ids" : true ,
"type" : "sha1" ,
"uuid" : "02780d4c-5d17-4f53-aa7c-97fec37218f7" ,
"value" : "cfb20c4dbf2de009a1dccac68a4c822d02f7ae94"
} ,
{
"category" : "Payload delivery" ,
"comment" : "" ,
"deleted" : false ,
"disable_correlation" : false ,
"object_relation" : "sha256" ,
"timestamp" : "1655990571" ,
"to_ids" : true ,
"type" : "sha256" ,
"uuid" : "1b752e3f-3d00-49e7-9517-e5ee045dc559" ,
"value" : "5653418e1ea815c908243332a9a7a82e0e0767a202899a2008ca2c21dc11861b"
} ,
{
"category" : "Payload delivery" ,
"comment" : "" ,
"deleted" : false ,
"disable_correlation" : false ,
"object_relation" : "sha512" ,
"timestamp" : "1655990571" ,
"to_ids" : true ,
"type" : "sha512" ,
"uuid" : "36c30f7f-6642-4701-83d2-cb7bd7bb8a2a" ,
"value" : "40b94a92923116d9b4b3886c4b10ab6979f8e4be238403bb169d1ec3c116d6fabc61ae776eb5cf0d09fe78911bb9f6bdcf27b7630f7559ae7597aa092b2087e1"
} ,
{
"category" : "Payload delivery" ,
"comment" : "" ,
"deleted" : false ,
"disable_correlation" : false ,
"object_relation" : "ssdeep" ,
"timestamp" : "1655990571" ,
"to_ids" : true ,
"type" : "ssdeep" ,
"uuid" : "21f3823b-6089-477f-a4b6-80f18758f545" ,
"value" : "98304:gtClVkoOSfJNp8FUcwti78OqJ7TPBLYVrsk9N8ivyhAdsPSQx3UGgdv:globhH8FUcwti7TQlgVN8iNIShv"
}
]
} ,
{
"comment" : "" ,
"deleted" : false ,
"description" : "Object describing a section of a Portable Executable" ,
"meta-category" : "file" ,
"name" : "pe-section" ,
"template_uuid" : "198a17d2-a135-4b25-9a32-5aa4e632014a" ,
"template_version" : "3" ,
"timestamp" : "1655990571" ,
"uuid" : "b96756a1-2717-4426-95ff-3332fe2ac70b" ,
"Attribute" : [
{
"category" : "Other" ,
"comment" : "" ,
"deleted" : false ,
"disable_correlation" : true ,
"object_relation" : "name" ,
"timestamp" : "1655990571" ,
"to_ids" : false ,
"type" : "text" ,
"uuid" : "650e7117-6687-4118-9e47-1420017e8427" ,
"value" : ".rsrc"
} ,
{
"category" : "Other" ,
"comment" : "" ,
"deleted" : false ,
"disable_correlation" : true ,
"object_relation" : "size-in-bytes" ,
"timestamp" : "1655990571" ,
"to_ids" : false ,
"type" : "size-in-bytes" ,
"uuid" : "4c15abcc-00cd-4f4c-be47-9162eefd5d92" ,
"value" : "1024"
} ,
{
"category" : "Other" ,
"comment" : "" ,
"deleted" : false ,
"disable_correlation" : true ,
"object_relation" : "entropy" ,
"timestamp" : "1655990571" ,
"to_ids" : false ,
"type" : "float" ,
"uuid" : "315d59a8-d965-4719-a68d-da99cda8d3b7" ,
"value" : "3.1296610663897"
} ,
{
"category" : "Payload delivery" ,
"comment" : "" ,
"deleted" : false ,
"disable_correlation" : false ,
"object_relation" : "md5" ,
"timestamp" : "1655990571" ,
"to_ids" : true ,
"type" : "md5" ,
"uuid" : "68229cd9-a73f-400a-8b2a-1a52df879c9f" ,
"value" : "5e813a8b2d0cb12dc8e7fc43e0149395"
} ,
{
"category" : "Payload delivery" ,
"comment" : "" ,
"deleted" : false ,
"disable_correlation" : false ,
"object_relation" : "sha1" ,
"timestamp" : "1655990571" ,
"to_ids" : true ,
"type" : "sha1" ,
"uuid" : "57ae40a7-972b-48d2-b02a-c82973619c87" ,
"value" : "bc5083093539e54d748dd602eb0571ee5656744c"
} ,
{
"category" : "Payload delivery" ,
"comment" : "" ,
"deleted" : false ,
"disable_correlation" : false ,
"object_relation" : "sha256" ,
"timestamp" : "1655990571" ,
"to_ids" : true ,
"type" : "sha256" ,
"uuid" : "03bfee90-3ca0-4083-9972-fb21c9cdc32f" ,
"value" : "6b330540046cfcc9d62b17ffbe2c15d5b6c7854a0ea16842cc99a05bb189fb78"
} ,
{
"category" : "Payload delivery" ,
"comment" : "" ,
"deleted" : false ,
"disable_correlation" : false ,
"object_relation" : "sha512" ,
"timestamp" : "1655990571" ,
"to_ids" : true ,
"type" : "sha512" ,
"uuid" : "c9d09084-096a-42d8-b1eb-d81bff2be279" ,
"value" : "cd573468335c18df128bdba83002a71e275c8a1daed1cb2edbf4f0b919b593503b6898cf81b19afabb8aa40509f37099a50ef4bab0236848f63dbc8031f2d816"
} ,
{
"category" : "Payload delivery" ,
"comment" : "" ,
"deleted" : false ,
"disable_correlation" : false ,
"object_relation" : "ssdeep" ,
"timestamp" : "1655990571" ,
"to_ids" : true ,
"type" : "ssdeep" ,
"uuid" : "b3a6765b-22db-460b-b26b-a0909267750d" ,
"value" : "12:Es9cmi3n6EtXRAHC5YArJyE60NaUGiq+jZAiN5prynthXF7YnqqD63JaMKPN5alQ:9cDR0EytrgjZhN4XFSD63fKPN8q"
}
]
} ,
{
"comment" : "" ,
"deleted" : false ,
"description" : "Object describing a Portable Executable" ,
"meta-category" : "file" ,
"name" : "pe" ,
"template_uuid" : "cf7adecc-d4f0-4e88-9d90-f978ee151a07" ,
"template_version" : "5" ,
"timestamp" : "1655990571" ,
"uuid" : "522f93b9-5306-4866-8983-1ed7fdabfecf" ,
"ObjectReference" : [
{
"comment" : "Section 0 of PE" ,
"object_uuid" : "522f93b9-5306-4866-8983-1ed7fdabfecf" ,
"referenced_uuid" : "7928bdab-a27f-4dbf-8a5f-68cb84400261" ,
"relationship_type" : "includes" ,
"timestamp" : "1655990571" ,
"uuid" : "11f21892-d0ae-4cd1-a1a2-7618a4a2986d"
} ,
{
"comment" : "Section 1 of PE" ,
"object_uuid" : "522f93b9-5306-4866-8983-1ed7fdabfecf" ,
"referenced_uuid" : "b96756a1-2717-4426-95ff-3332fe2ac70b" ,
"relationship_type" : "includes" ,
"timestamp" : "1655990571" ,
"uuid" : "2a77390c-5b51-4670-aad3-b9487cd3922e"
}
] ,
"Attribute" : [
{
"category" : "Other" ,
"comment" : "" ,
"deleted" : false ,
"disable_correlation" : true ,
"object_relation" : "type" ,
"timestamp" : "1655990571" ,
"to_ids" : false ,
"type" : "text" ,
"uuid" : "a878e14f-cc3b-4086-b526-2f0b74cba2f7" ,
"value" : "exe"
} ,
{
"category" : "Other" ,
"comment" : "" ,
"deleted" : false ,
"disable_correlation" : true ,
"object_relation" : "entrypoint-address" ,
"timestamp" : "1655990571" ,
"to_ids" : false ,
"type" : "text" ,
"uuid" : "b330314e-8b80-46ed-9a36-64361e4913aa" ,
"value" : "4194304"
} ,
{
"category" : "Other" ,
"comment" : "" ,
"deleted" : false ,
"disable_correlation" : false ,
"object_relation" : "compilation-timestamp" ,
"timestamp" : "1655990571" ,
"to_ids" : false ,
"type" : "datetime" ,
"uuid" : "cd8b6a29-8f3a-48c8-a6b4-9ab02ffa1092" ,
"value" : "2048-12-25T08:35:47+00:00"
} ,
{
"category" : "Payload delivery" ,
"comment" : "" ,
"deleted" : false ,
"disable_correlation" : true ,
"object_relation" : "original-filename" ,
"timestamp" : "1655990571" ,
"to_ids" : true ,
"type" : "filename" ,
"uuid" : "4ed9f107-de36-424e-b237-6aa6b0aa2933" ,
"value" : "docx.exe"
} ,
{
"category" : "Payload delivery" ,
"comment" : "" ,
"deleted" : false ,
"disable_correlation" : true ,
"object_relation" : "internal-filename" ,
"timestamp" : "1655990571" ,
"to_ids" : true ,
"type" : "filename" ,
"uuid" : "535142ab-cbf2-4044-b543-b237914a9552" ,
"value" : "docx.exe"
} ,
{
"category" : "Other" ,
"comment" : "" ,
"deleted" : false ,
"disable_correlation" : true ,
"object_relation" : "file-description" ,
"timestamp" : "1655990571" ,
"to_ids" : false ,
"type" : "text" ,
"uuid" : "9e22f8a4-f0c0-4167-a839-b939071a12e6" ,
"value" : "DocumentSaver"
} ,
{
"category" : "Other" ,
"comment" : "" ,
"deleted" : false ,
"disable_correlation" : true ,
"object_relation" : "file-version" ,
"timestamp" : "1655990571" ,
"to_ids" : false ,
"type" : "text" ,
"uuid" : "2a315266-c4f2-4852-a7ac-a692b8db1466" ,
"value" : "1.0.0.0"
} ,
{
"category" : "Other" ,
"comment" : "" ,
"deleted" : false ,
"disable_correlation" : true ,
"object_relation" : "lang-id" ,
"timestamp" : "1655990571" ,
"to_ids" : false ,
"type" : "text" ,
"uuid" : "017d82c3-f6ba-49f5-a97a-f0af6b2d5641" ,
"value" : "000004b0"
} ,
{
"category" : "Other" ,
"comment" : "" ,
"deleted" : false ,
"disable_correlation" : true ,
"object_relation" : "product-name" ,
"timestamp" : "1655990571" ,
"to_ids" : false ,
"type" : "text" ,
"uuid" : "cb0f3351-e9ee-4d75-b647-632c994e13f3" ,
"value" : "DocumentSaver"
} ,
{
"category" : "Other" ,
"comment" : "" ,
"deleted" : false ,
"disable_correlation" : true ,
"object_relation" : "product-version" ,
"timestamp" : "1655990571" ,
"to_ids" : false ,
"type" : "text" ,
"uuid" : "2ee0fedb-39d2-45fd-9415-61d0ad9b1880" ,
"value" : "1.0.0.0"
} ,
{
"category" : "Other" ,
"comment" : "" ,
"deleted" : false ,
"disable_correlation" : true ,
"object_relation" : "legal-copyright" ,
"timestamp" : "1655990571" ,
"to_ids" : false ,
"type" : "text" ,
"uuid" : "acea6c75-73e2-4c29-a217-bfc467858efa" ,
"value" : "Copyright \u00a9 2022"
} ,
{
"category" : "Other" ,
"comment" : "" ,
"deleted" : false ,
"disable_correlation" : true ,
"object_relation" : "entrypoint-section-at-position" ,
"timestamp" : "1655990571" ,
"to_ids" : false ,
"type" : "text" ,
"uuid" : "1beda64b-5607-4446-a3bf-f1fc154bd3a8" ,
"value" : ".text|0"
} ,
{
"category" : "Other" ,
"comment" : "" ,
"deleted" : false ,
"disable_correlation" : true ,
"object_relation" : "number-sections" ,
"timestamp" : "1655990571" ,
"to_ids" : false ,
"type" : "counter" ,
"uuid" : "a2427b6c-d4ef-4d3d-898b-1621e89367c7" ,
"value" : "2"
}
]
} ,
{
"comment" : "" ,
"deleted" : false ,
"description" : "File object describing a file with meta-information" ,
"meta-category" : "file" ,
"name" : "file" ,
"template_uuid" : "688c46fb-5edb-40a3-8273-1af7923e2215" ,
"template_version" : "20" ,
"timestamp" : "1655990571" ,
"uuid" : "ed37f367-ef0e-471c-8635-9067d7dd01e7" ,
"ObjectReference" : [
{
"comment" : "PE indicators" ,
"object_uuid" : "ed37f367-ef0e-471c-8635-9067d7dd01e7" ,
"referenced_uuid" : "522f93b9-5306-4866-8983-1ed7fdabfecf" ,
"relationship_type" : "includes" ,
"timestamp" : "1655990571" ,
"uuid" : "eba261c3-fd86-4e77-9ed3-d17e559ad477"
}
] ,
"Attribute" : [
{
"category" : "Payload delivery" ,
"comment" : "" ,
"deleted" : false ,
"disable_correlation" : true ,
"object_relation" : "filename" ,
"timestamp" : "1655990571" ,
"to_ids" : true ,
"type" : "filename" ,
"uuid" : "8d77c7f5-a095-4938-a3c7-34f22ce6a7d3" ,
"value" : "2318ae5d7c23bf186b88abecf892e23ce199381b22c8eb216ad1616ee8877933"
} ,
{
"category" : "Other" ,
"comment" : "" ,
"deleted" : false ,
"disable_correlation" : true ,
"object_relation" : "size-in-bytes" ,
"timestamp" : "1655990571" ,
"to_ids" : false ,
"type" : "size-in-bytes" ,
"uuid" : "12a19f0e-54e5-4982-9dab-cc8c7e653e09" ,
"value" : "5433824"
} ,
{
"category" : "Other" ,
"comment" : "" ,
"deleted" : false ,
"disable_correlation" : true ,
"object_relation" : "entropy" ,
"timestamp" : "1655990571" ,
"to_ids" : false ,
"type" : "float" ,
"uuid" : "0d3340a6-a48b-4fb3-9108-494e7a0abfe6" ,
"value" : "7.9971445004064"
} ,
{
"category" : "Payload delivery" ,
"comment" : "" ,
"deleted" : false ,
"disable_correlation" : false ,
"object_relation" : "md5" ,
"timestamp" : "1655990571" ,
"to_ids" : true ,
"type" : "md5" ,
"uuid" : "de5031f8-f401-4379-bcd0-346fa05ad534" ,
"value" : "d3bddb5de864afd7e4f5e56027f4e5ea"
} ,
{
"category" : "Payload delivery" ,
"comment" : "" ,
"deleted" : false ,
"disable_correlation" : false ,
"object_relation" : "sha1" ,
"timestamp" : "1655990571" ,
"to_ids" : true ,
"type" : "sha1" ,
"uuid" : "32d2475f-5ab0-46a5-8754-4c969e5f0f8b" ,
"value" : "ebb0e34f44089fd4cc750b5fe0dcc14f6bb85a11"
} ,
{
"category" : "Payload delivery" ,
"comment" : "" ,
"deleted" : false ,
"disable_correlation" : false ,
"object_relation" : "sha256" ,
"timestamp" : "1655990571" ,
"to_ids" : true ,
"type" : "sha256" ,
"uuid" : "e3aa5063-d4cc-4f8a-a73a-aadf95e3d2e3" ,
"value" : "2318ae5d7c23bf186b88abecf892e23ce199381b22c8eb216ad1616ee8877933"
} ,
{
"category" : "Payload delivery" ,
"comment" : "" ,
"deleted" : false ,
"disable_correlation" : false ,
"object_relation" : "sha512" ,
"timestamp" : "1655990571" ,
"to_ids" : true ,
"type" : "sha512" ,
"uuid" : "de6c777e-179d-4349-96f5-1f542e4fcee0" ,
"value" : "2905af78720fccb1167811b871d0509a6200c9cdc920409c337d30bf89e0be9c77195919e59e67c39dea0f8881d64f272825434e9e9a546df1b74451ee1e13a6"
} ,
{
"category" : "Payload delivery" ,
"comment" : "" ,
"data" : " U E s D B B Q A C Q A I A N p q 11 R Q a s v V 4 P J R A O D p U g A g A B w A Z D N i Z G R i N W R l O D Y 0 Y W Z k N 2 U 0 Z j V l N T Y w M j d m N G U 1 Z W F V V A k A A y t p t G I r a b R i d X g L A A E E I Q A A A A Q h A A A A 2 Y n h G E t N G i R d 8 / 4 j F W t f 7 M e 25 N 1 M Y X / b A X 2 I 23 s o 56 P a J O e a K b 4 V d b g g y 840 M C J x P s Z u 3 z f U d 56 g r k u 5 o R W 7 c / W Q / i G P N Q g H J s b E z / O 7 l w 66 z C a K z O l s / h P r E z 281 C x C f L I Q t 3 k Q A 7 Z n T o 4 F T s U D t s Y g T j w E 5 z 8 z 11 / + U B 3 / f N j t 7 K V C s n + j 9 L Q Y k o p D x w H + w r N H G R t f k V r T p t h T 9 c / 1 A O Q i t w 9 r d z 8 Z h W t W d / 3 Q X J c 3 R 7 w k m Q 6 R o S 4 F R y k b l m 11 l 98 k T X n e 1 C 2 P + / Z n Q w l Z t C 8 m F + U z 1 b X O x r + k o p S 0 Y q X d J 9 v a P S m w i t I h 2 M E K v 2 O 0 n t E / O h h k K n k p r v d p J M N F G d / + T 4 X 0 B b + I s X 3 H Y z p F Y + 6 j L F e a V A L k d b + / f H G 5 p E H p g v / v l 85 E j P I d H / f w e X + 3 T 2 i G Q F O X z q S 3 z z z Q I P k l 6 q K 1 H H x G d g 77 S j p K l c Y 7 X / i g x M 4 M c i n a 9 B M 1 E G f l y D q k V a 2 p Y O N y g c J 3 a f V q a M / a j M c L I F X N c l 8802 l F g N M P d R t X y 2 O V 8 n X u 5E10 P A J H b 5 e i d 7 v q 3 e b a z G M 3 Y 2 h e j e D x T J Z 5 z K E i L n p D 6 I p Y l f J C l M J L 22 M c Q y T g T W a 7 K a G Q N h z 9 u J 0 T f i w / C F A H u y 2 q t b 5 F 55 E z P m O F s c N o p u 4 e g b X g p P W 8 o y b I + 7 w z L Y 7 e Y C R t 8 n g n Q p i m A T f G h E V g s 5 f 9 I H 2 f r C Z I y G q y 3 m x V a 9 r T T E O S A k f C 8 I 0 x s B 1 n S t a C g O r u s Y i d l Y w K b n N U 5 a 9 z 0 F 7 E m C J F F x t u Z k d k g 79 K 15 o h J X U E N P / M H k N 8 Y A d 1 L R Q 5 s B / y U 9 F F 3 x e U 7 i M B d G P U E Y L g M j n Z a y J G h r j U c U k h 1 F N Z h D R B G M B A E J 6 T X C b 0 h A M X i a D X R Q / + f Z G y w 7 A C M t 9 + t H q D p Z j y P m O z W Y J 9 y 8 U / A O 35 p F V l p i 1 K 1 y M U f f B E k x u 3 N 1 D 1 I 50 l P 8 C 7 n 428 n f e 0 b S m o C l z 5 B 6 y f Z x L O / p i J E N 1 f F o z s P K 802 M 0 M 6 d Y u X U z g N V b T T n 5 F D t P y S H t 9 j V V 9 i 7 I i Q r 7 u O g Z T r 8 a E A c G S 9 c r 2 c x 38 r K w z k Z 3 B 2 e d P C K P z n a U U y O 52 Y P p z J K T m R 1 s l E X y a b Q F U v H + P H h R Y c y u G U 2 H / B E 0 c r 1 U z L I 1 V M Z r X z E r X 6 p q a U R z U Z 1 v 2 a O + S W K u c p 8 g P 6 H I 8 s p D E A O p k L n g x X H y n Z Z 4 m Q J Y B C X b q W 4 c I b R J e 7 k A f N y I Y Y v r Q a a W g h u R 3 V Y w u N C l G L X y 0 X 1 L S h 8 W l u W v e / 0 J 5 X G m l / X W c Y 5 O c u S y P n k V U e y 2 s / n s A j u K B S J U A y m O m K J G j u 1 G k S i G H X r u w l I Q 3 Z j U 1 f A U 6 x 1 U P i 0 a w 0 g B O T V l L p 8 O w 173 J D 1 e m u t u C l 2 r b 9 E n Z F 7 g g Q / A V u u H W c Q + 8 V q 9 F T 0 + H g b Z b + x + G 1 J T B H b k R Y C e Y S w r w 0 d R Y M e X z k a F b T M i c G e I T A v c E y F k O V u N J k c q 8 y T s M D d f e X D F r w y s 1 W S I X j g V E t m L u 0 k l E 3 n 5 m J H t Y g 9 x t f M q L g Z M M N C a m I Q E O d m V U P 6 L K V I n o c B f k M g J Q x c P o Z p x A c q 0 i a U m E T 4 W K w I Y x F R L F B 9 V P G m u h r a 0 Y 2 w G h c y 5 P A e l 3 l J X A U h u + S k P i C 7 J 4 N y 8 g i o Z 4 L 6 U h p F S q d 5 s 2 i M Q W w l 1 g g / N G H P p E w c 7 U E o H k 9 J 1 J I y y I N v P D U 2 X M 3 j W k Q d W v F f x 4 / 3 w o e K T P m Q V + t 1 l 0 R I g r K T T G + Q 47 x g / C v R 4 x k L W w h z V 3 z B N J C q b C E 7 a O j t K J J g I f K a D X E 9 S R 0 v C t E J W K S Q + S e R c Z l a G 8 / c H o b O Y M y 8 x s Y 0 C a n a z 5 o 0 G y G D m 9 N j H x p A T 2 i l d 43 D 2 W U t f w x n h 57625 Q v I h r l R k t K h O X H b P I H F V Z 89 g O h 8 L g 2 V j M b Q A W u t S k T M J R n D V b A O h d 17 H J Y n g V o B t 9 L 7 f q t y 8 l l P A f f o i 0 g b 6 n A 8 o p 7 B g 2 z I f o d j y y / O S S c o J s e R 7 b g s r u M s C X L 8 b m h l L L d p z k 5 W M C C l h M + y O n D w / c 9 c s I s z a d k b 3 H U C x T s b 22 J i g B d s f X 8 m 9 F g A L A I 3 o s e M z 2 v 567 a n 4 C g b T 9 N l 5 H q y J l D C f d 5 X e 5 c J a Z n g P D t V x Y w s j 3 + / N E D j 2 f m V Q I P V z U 70 a v l c s 9 j 9 G Q Q u D 1 b t 2 T F C G w v i D g 3 d U Z f d + / N Q 8 T z n 9 m t 0 t / P 6 m n e z 5 n 3 b t E G 1 f C r e 8 B T Q t v q / m A 1 O 83 K R Y 21 l p J G K J 1 d K y 0 h A s L h P z U l j x D t J m K r K C 8 a x W O v 0 l m A 7 r 37 A p a J 7 v i / Q T M j 0 68 F R r d T 3 x m D x 51 G h 4 f f T H W f k X 4 z j p K z e W I A w F m 3 N / 1 t g 13 y Z W j 0 F N A d j 9 u 0 V J T y u C 1 T M O y 6 w 5 / k W x P k m 29 J u Q t G I e y p K B 4 G / S J + + 98 P o N O p j / t 6e7 o B 0 L 3 Q g v o W 9 j 2 Z i H r p G d o 1 s w X d 5 r T E H f f X p a Q w u o d c r X / x + 3 v 1 B X J Z y r Y y N j Z 8 v w g J 2 B c k Z m l z 9 l B d T p g d 1 p A T u 5 / N B u L V W 2 T S W q A A w 72 F w w O g q T / 3 U P s G 91 x D z 8 l r m R X + w D 9 b h j k H l 20 B Q 2 H F O p b a h U r T k M z 14 l F W M Z t R a w g 9 f Z y t 5 j Y 9 G W v n F D K q W m j k v s 6 G + O F 87 O J b Y E B 9 y s i j G r F f K j j b a F 4 e x 1 a r T x I S h o r Q + Y D b D 7 C 9 m a J 2 J b r K m l a O r w Q T y z T 7 A n B 86 T w / J N 4 A a g h m D i t 0 I F f Z 6 e H f k n R w O T g S L j M R c m A y C m 8 B d N i Z s P A T / p J v k o r i Z y y j a G d F T f K d m g P w G t Z g V c D s g K j c Z o d 4 Y w 43 S h J B 4 t U m / A G 2 S C O c 7 i E M C C s a R M y P y J c Q K 7 W F u Y n M j J Z t / Q c Q 6 M s H e z u a q 3 E C 2 f X 7 h 0 n 0 2 d d l H 8 R w q s F w d n / 1 + Y + 2 j K k 7 w S Y 3 e Q v Q r o J q 44 S D + f j + S 91 C 4 G 2 f a d 0 u 7 N E 6 W h 3 X U I c + F W w S A h V R / l 18E3 x E g A x q U w 7 N Z x M P n Y V 7 R q a b u A 19 S f L i U y 30 O 85 H K h e F F y t M R W 7 U t 0 q u / j P W U I u e n h K 8 h g 4 f 4 P + Y + M L O s G F S U T Z V W Q R M N n E Y 6 L q K T 9 N m R O R 1 I x o q o + c P 91 T T s Z 7 g R Y r J + U u 4 C w 2 g I 5 L + O s + 7 h Z + f 1 i P W R K u K s w L u u 2 K Z U M Q P Q m y Q f 4 q D x z o q z V t J q m 9 Z p 2 J m O N U I R u b E X P v D r P Y e 3 + D I v g A 96 m 5 e E + W 6 Z G i 0 W d I c 9 X 2 A w L i I 3 y 0 W r J R C q F N U Q k j 8 h R x i a V c f U 3 Q S b P S s G 1 S Q g s i V D + M 8 V I Q v 9 y s s A O R l d h T i k S c 1 K L 7 X 8 n A i W s s p 1 x I k M z K 9 x O B 4 v Z 32 x H C I 9 v G j D v p A D + / h x U S I o d A Y 0 V z o + D v N d L S I O 4 v H W M L v R L z F n f 1 Y z I o a h j M R H W J L T w 1 w m q K k 42 n n Y 9 o S m 7 w e / a A 7 + 84 p I y F A a 5 A c U c s 4 e L B Z m c / i p J 3 j Z x + g Z q + S m K k I O o G / Q T M w 3 L L 5 S H Z H A I v f G J 1 v e n t M 7 o E B E S G / h A 0 2 J + X B p r Y l / x n B u S X L i o 9 j U S r S H F A d 5 C 0 h W M B Y w W o t 72 v A M s W J n 7 i G o 61 X q V 5 d Y 8 G o Z b N P s / W q u U j 1 e s S y p Y 7533 r c O g m t K u I 3 R O u q 2 n r Y d / c n 0 F V W q 9 a 1 w i m G 0 U j T G I I F H w J U M R Z b i O m 7 d i + 25 F N + r H d n J U g O Q E 5 s F a N s 8 i j 7 g D q 7 Z M 2 b m C F p u d 4 + L x v U y z Z 8 L 0 R y u s e p N c f O J R b d C j I H h N k K A M N T u q y X 5 L j T j 8 C b C u G 5 Y H O j T 4 W U n e S o V i 9 p 2 x B E t 7 t l h + 9 t s z m F e J v n w U V + X T 9 C F / Q P z j l z I R P l E s D 8 C i Z 7 w + a 7 r W s 9 P W s V l b L a t y k j k P o x 53 t 1 k A 7 M R 21 I 3 M Q H O u K z w l a j 9 X I 9 s t 7 W M V g T n D 5 Q 0 1 e g l k J J t 45 g n f v 9 x + Q 5 S m W k E Z J 8 d r U 8 L a 1 L n q M 3 y s M B E Y Q c d F w A 45 q X d 0 F g o g C P L n 6e9 u g x a t b z m b E e e v b H v S Z R u p x X 4 x k I 2 N s l g w m w B q w r L e J Y T k 1 B V S P b 0 W 3 K U X g Z 5 U x T L A / M W x A k e 3 s R j y v o G 7 E X n g j Q e e D f W x 9 O 1 L e r P w q l u g v Q J J h 4 b k U M I c r h K Z x + G L 5 J C E / M B v u a Q Y f Z w M C 0 D 9 H z J d P l n B s O / h s g 4 U a s e S z 2 d 4 t h 1 v J V K + t 0 X x k x a T o n O I U D / 5 w 7 e s A h C j u l t C M 3 U X X Z P z V B 12 M Z o f m O O Q V d 9 r w n
"deleted" : false ,
"disable_correlation" : false ,
"object_relation" : "malware-sample" ,
"timestamp" : "1655990571" ,
"to_ids" : true ,
"type" : "malware-sample" ,
"uuid" : "f868cc7b-3001-4749-8f30-0bc0a319ca04" ,
"value" : "2318ae5d7c23bf186b88abecf892e23ce199381b22c8eb216ad1616ee8877933|d3bddb5de864afd7e4f5e56027f4e5ea"
} ,
{
"category" : "Artifacts dropped" ,
"comment" : "" ,
"deleted" : false ,
"disable_correlation" : true ,
"object_relation" : "mimetype" ,
"timestamp" : "1655990571" ,
"to_ids" : false ,
"type" : "mime-type" ,
"uuid" : "f5584271-cfcd-42a9-83e7-3b0fd52bb85b" ,
"value" : "PE32+ executable (GUI) x86-64 Mono/.Net assembly, for MS Windows"
} ,
{
"category" : "Payload delivery" ,
"comment" : "" ,
"deleted" : false ,
"disable_correlation" : false ,
"object_relation" : "ssdeep" ,
"timestamp" : "1655990571" ,
"to_ids" : true ,
"type" : "ssdeep" ,
"uuid" : "c5298e5a-ee52-4eae-b9e1-1f0ca987c330" ,
"value" : "98304:TtClVkoOSfJNp8FUcwti78OqJ7TPBLYVrsk9N8ivyhAdsPSQx3UGgdN:TlobhH8FUcwti7TQlgVN8iNIShN"
}
]
}
]
}
}