misp-circl-feed/feeds/circl/misp/5dee2bc3-47ac-4784-a52a-4da2950d210f.json

6595 lines
1.8 MiB
JSON
Raw Normal View History

2023-04-21 13:25:09 +00:00
{
"Event": {
"analysis": "0",
"date": "2019-12-09",
"extends_uuid": "",
"info": "OSINT - BfV Cyber-Brief Nr. 01/2019 - Hinweis auf aktuelle Angriffskampagne -",
"publish_timestamp": "1576068733",
"published": true,
"threat_level_id": "1",
"timestamp": "1576068623",
"uuid": "5dee2bc3-47ac-4784-a52a-4da2950d210f",
"Orgc": {
"name": "CIRCL",
"uuid": "55f6ea5e-2c60-40e5-964f-47a8950d210f"
},
"Tag": [
{
"colour": "#0088cc",
2023-05-19 09:05:37 +00:00
"local": "0",
"name": "misp-galaxy:mitre-attack-pattern=\"External Remote Services - T1133\"",
"relationship_type": ""
2023-04-21 13:25:09 +00:00
},
{
"colour": "#0088cc",
2023-05-19 09:05:37 +00:00
"local": "0",
"name": "misp-galaxy:mitre-attack-pattern=\"Command-Line Interface - T1059\"",
"relationship_type": ""
2023-04-21 13:25:09 +00:00
},
{
"colour": "#0088cc",
2023-05-19 09:05:37 +00:00
"local": "0",
"name": "misp-galaxy:mitre-attack-pattern=\"Execution through API - T1106\"",
"relationship_type": ""
2023-04-21 13:25:09 +00:00
},
{
"colour": "#0088cc",
2023-05-19 09:05:37 +00:00
"local": "0",
"name": "misp-galaxy:mitre-attack-pattern=\"Rundll32 - T1085\"",
"relationship_type": ""
2023-04-21 13:25:09 +00:00
},
{
"colour": "#0088cc",
2023-05-19 09:05:37 +00:00
"local": "0",
"name": "misp-galaxy:mitre-attack-pattern=\"Service Execution - T1035\"",
"relationship_type": ""
2023-04-21 13:25:09 +00:00
},
{
"colour": "#0088cc",
2023-05-19 09:05:37 +00:00
"local": "0",
"name": "misp-galaxy:mitre-attack-pattern=\"User Execution - T1204\"",
"relationship_type": ""
2023-04-21 13:25:09 +00:00
},
{
"colour": "#0088cc",
2023-05-19 09:05:37 +00:00
"local": "0",
"name": "misp-galaxy:mitre-attack-pattern=\"DLL Search Order Hijacking - T1038\"",
"relationship_type": ""
2023-04-21 13:25:09 +00:00
},
{
"colour": "#0088cc",
2023-05-19 09:05:37 +00:00
"local": "0",
"name": "misp-galaxy:mitre-attack-pattern=\"Kernel Modules and Extensions - T1215\"",
"relationship_type": ""
2023-04-21 13:25:09 +00:00
},
{
"colour": "#0088cc",
2023-05-19 09:05:37 +00:00
"local": "0",
"name": "misp-galaxy:mitre-attack-pattern=\"Port Knocking - T1205\"",
"relationship_type": ""
2023-04-21 13:25:09 +00:00
},
{
"colour": "#0088cc",
2023-05-19 09:05:37 +00:00
"local": "0",
"name": "misp-galaxy:mitre-attack-pattern=\"Redundant Access - T1108\"",
"relationship_type": ""
2023-04-21 13:25:09 +00:00
},
{
"colour": "#0088cc",
2023-05-19 09:05:37 +00:00
"local": "0",
"name": "misp-galaxy:mitre-attack-pattern=\"Binary Padding - T1009\"",
"relationship_type": ""
2023-04-21 13:25:09 +00:00
},
{
"colour": "#0088cc",
2023-05-19 09:05:37 +00:00
"local": "0",
"name": "misp-galaxy:mitre-attack-pattern=\"Code Signing - T1116\"",
"relationship_type": ""
2023-04-21 13:25:09 +00:00
},
{
"colour": "#0088cc",
2023-05-19 09:05:37 +00:00
"local": "0",
"name": "misp-galaxy:mitre-attack-pattern=\"Deobfuscate/Decode Files or Information - T1140\"",
"relationship_type": ""
2023-04-21 13:25:09 +00:00
},
{
"colour": "#0088cc",
2023-05-19 09:05:37 +00:00
"local": "0",
"name": "misp-galaxy:mitre-attack-pattern=\"Disabling Security Tools - T1089\"",
"relationship_type": ""
2023-04-21 13:25:09 +00:00
},
{
"colour": "#0088cc",
2023-05-19 09:05:37 +00:00
"local": "0",
"name": "misp-galaxy:mitre-attack-pattern=\"Execution Guardrails - T1480\"",
"relationship_type": ""
2023-04-21 13:25:09 +00:00
},
{
"colour": "#0088cc",
2023-05-19 09:05:37 +00:00
"local": "0",
"name": "misp-galaxy:mitre-attack-pattern=\"File Deletion - T1107\"",
"relationship_type": ""
2023-04-21 13:25:09 +00:00
},
{
"colour": "#0088cc",
2023-05-19 09:05:37 +00:00
"local": "0",
"name": "misp-galaxy:mitre-attack-pattern=\"Modify Registry - T1112\"",
"relationship_type": ""
2023-04-21 13:25:09 +00:00
},
{
"colour": "#0088cc",
2023-05-19 09:05:37 +00:00
"local": "0",
"name": "misp-galaxy:mitre-attack-pattern=\"Process Injection - T1055\"",
"relationship_type": ""
2023-04-21 13:25:09 +00:00
},
{
"colour": "#0088cc",
2023-05-19 09:05:37 +00:00
"local": "0",
"name": "misp-galaxy:mitre-attack-pattern=\"Rootkit - T1014\"",
"relationship_type": ""
2023-04-21 13:25:09 +00:00
},
{
"colour": "#0088cc",
2023-05-19 09:05:37 +00:00
"local": "0",
"name": "misp-galaxy:mitre-attack-pattern=\"Software Packing - T1045\"",
"relationship_type": ""
2023-04-21 13:25:09 +00:00
},
{
"colour": "#0088cc",
2023-05-19 09:05:37 +00:00
"local": "0",
"name": "misp-galaxy:mitre-attack-pattern=\"Timestomp - T1099\"",
"relationship_type": ""
2023-04-21 13:25:09 +00:00
},
{
"colour": "#0088cc",
2023-05-19 09:05:37 +00:00
"local": "0",
"name": "misp-galaxy:mitre-attack-pattern=\"Commonly Used Port - T1043\"",
"relationship_type": ""
2023-04-21 13:25:09 +00:00
},
{
"colour": "#0088cc",
2023-05-19 09:05:37 +00:00
"local": "0",
"name": "misp-galaxy:mitre-attack-pattern=\"Connection Proxy - T1090\"",
"relationship_type": ""
2023-04-21 13:25:09 +00:00
},
{
"colour": "#0088cc",
2023-05-19 09:05:37 +00:00
"local": "0",
"name": "misp-galaxy:mitre-attack-pattern=\"Custom Command and Control Protocol - T1094\"",
"relationship_type": ""
2023-04-21 13:25:09 +00:00
},
{
"colour": "#0088cc",
2023-05-19 09:05:37 +00:00
"local": "0",
"name": "misp-galaxy:mitre-attack-pattern=\"Custom Cryptographic Protocol - T1024\"",
"relationship_type": ""
2023-04-21 13:25:09 +00:00
},
{
"colour": "#0088cc",
2023-05-19 09:05:37 +00:00
"local": "0",
"name": "misp-galaxy:mitre-attack-pattern=\"Fallback Channels - T1008\"",
"relationship_type": ""
2023-04-21 13:25:09 +00:00
},
{
"colour": "#0088cc",
2023-05-19 09:05:37 +00:00
"local": "0",
"name": "misp-galaxy:mitre-attack-pattern=\"Remote Access Tools - T1219\"",
"relationship_type": ""
2023-04-21 13:25:09 +00:00
},
{
"colour": "#004646",
2023-05-19 09:05:37 +00:00
"local": "0",
"name": "type:OSINT",
"relationship_type": ""
2023-04-21 13:25:09 +00:00
},
{
"colour": "#0071c3",
2023-05-19 09:05:37 +00:00
"local": "0",
"name": "osint:lifetime=\"perpetual\"",
"relationship_type": ""
2023-04-21 13:25:09 +00:00
},
{
"colour": "#0087e8",
2023-05-19 09:05:37 +00:00
"local": "0",
"name": "osint:certainty=\"50\"",
"relationship_type": ""
2023-04-21 13:25:09 +00:00
},
{
"colour": "#ffffff",
2023-05-19 09:05:37 +00:00
"local": "0",
"name": "tlp:white",
"relationship_type": ""
2023-04-21 13:25:09 +00:00
},
{
"colour": "#10c300",
2023-05-19 09:05:37 +00:00
"local": "0",
"name": "misp-galaxy:threat-actor=\"Axiom\"",
"relationship_type": ""
2023-04-21 13:25:09 +00:00
}
],
"Attribute": [
{
"category": "External analysis",
"comment": "",
"data": "JVBERi0xLjMNJeLjz9MNCjczIDAgb2JqDTw8L0xpbmVhcml6ZWQgMS9MIDEyMTk4NzAvTyA3Ni9FIDU4MTQ2Ni9OIDE5L1QgMTIxODI5MC9IIFsgMTYxNiA1NjldPj4NZW5kb2JqDSAgICAgICAgICAgDQp4cmVmDQo3MyA2Ng0KMDAwMDAwMDAxNiAwMDAwMCBuDQowMDAwMDAyMTg1IDAwMDAwIG4NCjAwMDAwMDIzOTggMDAwMDAgbg0KMDAwMDAwMjQ0MCAwMDAwMCBuDQowMDAwMDAzMDYxIDAwMDAwIG4NCjAwMDAwMDU3NzAgMDAwMDAgbg0KMDAwMDAwODQ5MSAwMDAwMCBuDQowMDAwMDExMjgyIDAwMDAwIG4NCjAwMDAwMTM5MTkgMDAwMDAgbg0KMDAwMDAxNjcyOSAwMDAwMCBuDQowMDAwMDE5NTEyIDAwMDAwIG4NCjAwMDAwMTk5NTEgMDAwMDAgbg0KMDAwMDAyMDQxNyAwMDAwMCBuDQowMDAwMDIwNTk3IDAwMDAwIG4NCjAwMDAwMjA2NTEgMDAwMDAgbg0KMDAwMDAyMTAxNCAwMDAwMCBuDQowMDAwMDIxMjI5IDAwMDAwIG4NCjAwMDAwMjE2MTIgMDAwMDAgbg0KMDAwMDAyMTgyMyAwMDAwMCBuDQowMDAwMDI0NjI2IDAwMDAwIG4NCjAwMDAwMjYzMTUgMDAwMDAgbg0KMDAwMDAzMTI4MCAwMDAwMCBuDQowMDAwMDM2MTA1IDAwMDAwIG4NCjAwMDAwMzYyNTkgMDAwMDAgbg0KMDAwMDAzNjMxNyAwMDAwMCBuDQowMDAwMDM2MzcxIDAwMDAwIG4NCjAwMDAwMzY0NjYgMDAwMDAgbg0KMDAwMDAzNzA1NCAwMDAwMCBuDQowMDAwMDM3MjYxIDAwMDAwIG4NCjAwMDAwMzc1NDUgMDAwMDAgbg0KMDAwMDA0NTkwNyAwMDAwMCBuDQowMDAwMDQ1OTQ2IDAwMDAwIG4NCjAwMDA0OTkzMzQgMDAwMDAgbg0KMDAwMDU2OTg3MyAwMDAwMCBuDQowMDAwNTc5MDM3IDAwMDAwIG4NCjAwMDA1NzkxMDkgMDAwMDAgbg0KMDAwMDU3OTIyMyAwMDAwMCBuDQowMDAwNTc5MzQ2IDAwMDAwIG4NCjAwMDA1NzkzODkgMDAwMDAgbg0KMDAwMDU3OTUwMiAwMDAwMCBuDQowMDAwNTc5NjE2IDAwMDAwIG4NCjAwMDA1Nzk3NTUgMDAwMDAgbg0KMDAwMDU3OTc5OCAwMDAwMCBuDQowMDAwNTc5ODg3IDAwMDAwIG4NCjAwMDA1ODAwMjIgMDAwMDAgbg0KMDAwMDU4MDA2NSAwMDAwMCBuDQowMDAwNTgwMjU3IDAwMDAwIG4NCjAwMDA1ODAyOTkgMDAwMDAgbg0KMDAwMDU4MDM3OCAwMDAwMCBuDQowMDAwNTgwNDY0IDAwMDAwIG4NCjAwMDA1ODA1MDYgMDAwMDAgbg0KMDAwMDU4MDU0OCAwMDAwMCBuDQowMDAwNTgwNTkxIDAwMDAwIG4NCjAwMDA1ODA2MzQgMDAwMDAgbg0KMDAwMDU4MDcyMiAwMDAwMCBuDQowMDAwNTgwNzY1IDAwMDAwIG4NCjAwMDA1ODA4ODMgMDAwMDAgbg0KMDAwMDU4MDkyNiAwMDAwMCBuDQowMDAwNTgxMDUxIDAwMDAwIG4NCjAwMDA1ODEwOTQgMDAwMDAgbg0KMDAwMDU4MTIwMCAwMDAwMCBuDQowMDAwNTgxMjQzIDAwMDAwIG4NCjAwMDA1ODEzMzcgMDAwMDAgbg0KMDAwMDU4MTM4MCAwMDAwMCBuDQowMDAwNTgxNDIzIDAwMDAwIG4NCjAwMDAwMDE2MTYgMDAwMDAgbg0KdHJhaWxlcg0KPDwvU2l6ZSAxMzkvUm9vdCA3NCAwIFIvSW5mbyA3MiAwIFIvSURbPDkzNEZFRDAzQzk0OUE3QjZCNzg3NzRFMUY4N0EyNDU0PjwwNjkyMUMxMkM1QUQ0NzQzQjFBRjlDM0FDRTA5NkU0Qz5dL1ByZXYgMTIxODI3OT4+DQpzdGFydHhyZWYNCjANCiUlRU9GDQogICAgICAgICAgDQoxMzggMCBvYmoNPDwvRmlsdGVyL0ZsYXRlRGVjb2RlL0kgNjUwL0wgNjM0L0xlbmd0aCA0NzQvTyA2MTgvUyA0NzY+PnN0cmVhbQ0KaN5iYGBgYmBg92dgZWDgn8MgwoAAIkAxNgYWBo4XLIIsChoQwZ7kBD4JA8VA+WTZxg+OOsIGDDyebHsFWNYxeAVwijF0G3AcY5j7gOsLA5MDAwOj+IOgOc8tvZLnanqeC54DNZfpjMzljjqWoJrLHW0WC3QOXvRyf9wl7KfEdEZWUggo2KeRABScqA4SVNjM3ggU3Mxu8kjBVf20QbGfEktQHdMZuchei5YgoPi8XRmbbgiuev5yUQW3QbXuWql1dbPUN916oHPwLFABSLxadx3YRlct7FKyCC0XoeaUZKGIwJSlAUEHyAcggsXFA0SxhkYAKSVlYwsQj9k4AiwIZoMIMYgGBpBwaChYLVCna2gHkCEoGhqW1gExBM6IQFAuLhAjwSazpWV0kBr2QG2GDEImKUBaHoj1wS5RZxBm8DiguYPVlmENg4gP05YDoQcYJzCYJjCZMLA3iDgwJjCEMbAmcJ1hOOfg84MzkoHdgEGNgfkA4wEmVQZRBuYrAo4NDLxXT7ncZJTVYOBmYDjAfIIhhoEjQTCOIaSBV4PxIYOoArsMfyeD2ALGcww6DWsN4Ckqm4Hj8hKIazhrgbQjg1DDcSDNCMSqQOzBIDRZEsJnnAoQYABXybT4DQplbmRzdHJlYW0NZW5kb2JqDTc0IDAgb2JqDTw8L01ldGFkYXRhIDcxIDAgUi9PcGVuQWN0aW9uIDc1IDAgUi9PdXRsaW5lcyAxMDcgMCBSL1BhZ2VMYWJlbHMgNjUgMCBSL1BhZ2VMYXlvdXQvT25lQ29sdW1uL1BhZ2VNb2RlL1VzZU91dGxpbmVzL1BhZ2VzIDY2IDAgUi9UeXBlL0NhdGFsb2cvVmlld2VyUHJlZmVyZW5jZXM8PC9DZW50ZXJXaW5kb3cgdHJ1ZS9GaXRXaW5kb3cgdHJ1ZT4+Pj4NZW5kb2JqDTc1IDAgb2JqDTw8L0RbNzYgMCBSL0ZpdF0vUy9Hb1RvPj4NZW5kb2JqDTc2IDAgb2JqDTw8L0JsZWVkQm94WzAgMC4wMDAyNDQxIDU5NS4yNzU1NyA4NDEuODkwMDFdL0NvbnRlbnRzWzc3IDAgUiA3OCAwIFIgNzkgMCBSIDgwIDAgUiA4MSAwIFIgODIgMCBSIDkxIDAgUiA5MiAwIFJdL0Nyb3BCb3hbMCAwIDU5NS4yNzYgODQxLjg5MDAxXS9NZWRpYUJveFswIDAgNTk1LjI3NiA4NDEuODkwMDFdL1BhcmVudCA2NyAwIFIvUmVzb3VyY2VzPDwvQ29sb3JTcGFjZTw8L0NTMCA4NiAwIFI+Pi9FeHRHU3RhdGU8PC9HUzEgOTYgMCBSL0dTNSA5NyAwIFI+Pi9Gb250PDwvRjAgODMgMCBSL0YyIDg0IDAgUi9GNCA4NSAwIFI+Pi9Qcm9jU2V0Wy9QREYvVGV4dC9JbWFnZUMvSW1hZ2VCL0ltYWdlSV0vUHJvcGVydGllczw8L01DMCAxMDMgMCBSPj4vWE9iamVjdDw8L0ltMSAxMDQgMCBSL0ltMiAxMDUgMCBSL0ltMyAxMDYgMCBSPj4+Pi9Sb3RhdGUgMC9UcmltQm94WzAgMC4wMDAyNDQxIDU5NS4yNzU1NyA4NDEuODkwMDFdL1R5cGUvUGFnZS91MnBNYXRbMSAwIDAgLTEgMCA4NDEuODkwMDFdL3hiMSAwL3hiMiA1OTUuMjc1NTcveHQxIDAveHQyIDU5NS4yNzU1Ny95YjEgMC4wMDAyNDQxL3liMiA4NDEuODkwMDEveXQxIDAuMDAwMjQ0MS95dDIgODQxLjg5MDAxPj4NZW5kb2
"deleted": false,
"disable_correlation": false,
"timestamp": "1575889901",
"to_ids": false,
"type": "attachment",
"uuid": "5dee2bed-38b4-451c-8af4-425b950d210f",
"value": "broschuere-2019-12-bfv-cyber-brief-2019-01.pdf"
},
{
"category": "External analysis",
"comment": "",
"data": "RGV0ZWt0aW9uc3JlZ2Vsbg0KWWFyYSBSdWxlcyAoZXNwZWNpYWxseSBmb3IgbWVtb3J5IHNjYW5uaW5nKQ0KcnVsZSBjYjJfMDENCnsNCiAgc3RyaW5nczoNCiAgICAkZTEgPSAiR2xvYmFsXFxCRkVfTm90aWZ5X0V2ZW50X3s2NWEwOTdmZS02MTAyLTQ0NmEtOWY5Yy01NWRmYzNmNDExMDE1fSIgYXNjaWkgbm9jYXNlDQogICAgJGUyID0gIkdsb2JhbFxcQkZFX05vdGlmeV9FdmVudF97NjVhMDk3ZmUtNjEwMi00NDZhLTlmOWMtNTVkZmMzZjQxMTAxNH0iIGFzY2lpIG5vY2FzZQ0KICAgICRlMyA9ICJHbG9iYWxcXEJGRV9Ob3RpZnlfRXZlbnRfezY1YTA5N2ZlLTYxMDItNDQ2YS05ZjljLTU1ZGZjM2Y0MTEwMTZ9IiBhc2NpaSBub2Nhc2UNCiAgICAkZTQgPSAiXFxCYXNlTmFtZWRPYmplY3RzXFx7QjJCODdDQ0EtNjZCQy00QzI0LTg5QjItQzIzQzlFQUMyQTY2fSIgd2lkZQ0KICAgICRlNSA9ICJCRkVfTm90aWZ5X0V2ZW50X3s3RDAwRkEzQy1GQkRDLTRBOEQtQUVFQi0zRjU1QTQ4OTBEMkF9IiBub2Nhc2UNCiAgY29uZGl0aW9uOg0KICAgIChhbnkgb2YgKCRlKikpDQp9DQpydWxlIGNiMl8wMg0Kew0KICBzdHJpbmdzOg0KICAgICRhMSA9ICJJUFNlY01pbmlQb3J0IiB3aWRlIGZ1bGx3b3JkDQogICAgJGEyID0gIm5kaXM2ZnciIHdpZGUgZnVsbHdvcmQNCiAgICAkYTMgPSAiVENQSVAiIHdpZGUgZnVsbHdvcmQNCiAgICAkYTQgPSAiTkRJUy5TWVMiIGFzY2lpIGZ1bGx3b3JkDQogICAgJGE1ID0gIm50b3Nrcm5sLmV4ZSIgYXNjaWkgZnVsbHdvcmQNCiAgICAkYTYgPSAiXFxCYXNlTmFtZWRPYmplY3RzXFx7QjJCODdDQ0EtNjZCQy00QzI0LTg5QjItQzIzQzlFQUMyQTY2fSIgd2lkZQ0KICAgICRhNyA9ICJcXERldmljZVxcTnVsbCIgd2lkZQ0KICAgICRhOCA9ICJcXERldmljZSIgd2lkZQ0KICAgICRhOSA9ICJcXERyaXZlciIgd2lkZQ0KICAgICRiMSA9IHsgNjYgODEgNz8gPz8gNzAgMTcgfQ0KICAgICRiMiA9IHsgODEgNz8gPz8gMDcgRTAgMTUgMDAgfQ0KICAgICRiMyA9IHsgOEIgNDYgMTggM0QgMDMgNjAgMTUgMDAgfQ0KICBjb25kaXRpb246DQogICAgKDYgb2YgKCRhKikpIGFuZCAoMiBvZiAoJGIqKSkNCn0NCnJ1bGUgY2IyXzAzDQp7DQogIHN0cmluZ3M6DQogICAgJGIxID0geyAwRiBCNyA/PyAxNiBbMC0xXSAoODEgRT8gfCAyNSkgMDAgMjAgWzAtMl0gWzhdIDhCID8/IDUwIDQxIEI5IDQwIDAwIDAwIDAwIDQxIEI4IDAwIDEwIDAwIDAwIH0NCiAgICAkYjIgPSB7IDhCIDQwIDI4IFs1LThdIDQ4IDAzIEM4IDQ4IDhCIEMxIFs1LThdIDQ4IDg5IDQxIDI4IH0NCiAgICAkYjMgPSB7IDQ4IDZCID8/IDI4IFs1LThdIDhCID8/ID8/IDEwIFs1LThdIDQ4IDZCID8/IDI4IFs1LThdIDhCID8/ID8/IDE0IH0NCiAgICAkYjQgPSB7IDgzIEI/IDkwIDAwIDAwIDAwIDAwIDBGIDg0IFs5LTEyXSA4MyBCPyA5NCAwMCAwMCAwMCAwMCAwRiA4NCB9DQogICAgJGI1ID0geyAoNDUgfCA0RCkgKDMxIHwgMzMpIEMwIEJBIDAxIDAwIDAwIDAwIFsxMC0xNl0gRkYgNT8gMjggWzAtMV0gKDg0IHwgODUpIEMwIH0NCiAgY29uZGl0aW9uOg0KICAgICg0IG9mICgkYiopKQ0KfQ0KcnVsZSBjYjJfMDQNCnsNCiAgc3RyaW5nczoNCiAgICAkYjEgPSB7IDRDIDhEIDQxIDI0IDMzIEQyIEI5IDAzIDAwIDFGIDAwIEZGIDk/IEY4IDAwIDAwIDAwIDQ4IDg1IEMwIDc0IH0NCiAgICAkYjIgPSB7IDRDIDhCIDQ/IDA4IEJBIDAxIDAwIDAwIDAwIDQ5IDhCIEM/IEZGIEQwIDg1IEMwIFsyLTZdIEM3IDQ/IDFDIDAxIDAwIDAwIDAwIEI4IDAxIDAwIDAwIDAwIH0NCiAgICAkYjMgPSB7IDhCIDRCIEU0IDhCIDUzIEVDIDQxIEI4IDAwIDQwIDAwIDAwIDQ/IDBCIEM/IEZGIDk/IEI4IDAwIDAwIDAwIEVCIH0NCiAgY29uZGl0aW9uOg0KICAgICgyIG9mICgkYiopKQ0KfQ0KcnVsZSBjYjJfMDUNCnsNCiAgc3RyaW5nczoNCiAgICAkYTEgPSAiLWsgbmV0c3ZjcyIgYXNjaWkNCiAgICAkYTIgPSAic3ZjaG9zdC5leGUiIGFzY2lpIGZ1bGx3b3JkDQogICAgJGEzID0gIiVTeXN0ZW1Sb290JVxcU3lzdGVtMzJcXG50b3Nrcm5sLmV4ZSIgYXNjaWkNCiAgICAkYTQgPSAiR2xvYmFsXFxCRkVfTm90aWZ5X0V2ZW50X3s2NWEwOTdmZS02MTAyLTQ0NmEtOWY5Yy01NWRmYzNmNDExMDE1fSIgYXNjaWkNCiAgICAkYTUgPSAiR2xvYmFsXFxCRkVfTm90aWZ5X0V2ZW50X3s2NWEwOTdmZS02MTAyLTQ0NmEtOWY5Yy01NWRmYzNmNDExMDE0fSIgYXNjaWkNCiAgICAkYTYgPSAiR2xvYmFsXFxCRkVfTm90aWZ5X0V2ZW50X3s2NWEwOTdmZS02MTAyLTQ0NmEtOWY5Yy01NWRmYzNmNDExMDE2fSIgYXNjaWkNCiAgICAkYTcgPSAiY21kLmV4ZSIgd2lkZQ0KICAgICRhOCA9ICIsWE1MIiB3aWRlDQogICAgJGE5ID0gIlxccnVuZGxsMzIuZXhlIiB3aWRlDQogICAgJGExMCA9ICJcXGNvbmhvc3QuZXhlIiB3aWRlDQogICAgJGExMSA9ICJcXGNtZC5leGUiIHdpZGUNCiAgICAkYTEyID0gIk50UXVlcnlJbmZvcm1hdGlvblByb2Nlc3MiIGFzY2lpDQogICAgJGExMyA9ICJEZXRvdXJzISIgYXNjaWkgZnVsbHdvcmQNCiAgICAkYTE0ID0gIkxvYWRpbmcgbW9kaWZpZWQgYnVpbGQgb2YgZGV0b3VycyBsaWJyYXJ5IGRlc2lnbmVkIGZvciBNUEMtSEMgcGxheWVyIChodHRwOi8vc291cmNlZm9yZ2UubmV0L3Byb2plY3RzL21wYy1oYy8pIiBhc2NpaQ0KICAgICRhMTUgPSAiQ09OT1VUJCIgd2lkZSBmdWxsd29yZA0KICAgICRhMTYgPSB7IEM2IDA/IEU5IDQ/IDg/IDQ/IDA1IFsyXSA4OSA0PyAwMSB9DQogIGNvbmRpdGlvbjoNCiAgICAoMTIgb2YgKCRhKikpDQp9DQoNClJlZ2lzdHJ5IEtleXMNCkhLTE1cU09GVFdSRVxNaWNyb3NvZnRcT2xlXA0KCWxwVmFsdWVOYW1lOiBHVUlEIChjcmVhdGUpDQoJbHBEYXRhOiBYWFhYWC1YWFhYWC1YWFhYWC1YWFhYWC1YWFhYWCAgKHJlYWQvd3JpdGUpDQoNCkhLTE1cU3lzdGVtXEN1cnJlbnRDb250cm9sU2V0XFNlcnZpY2VzXHRtcFhYWFggDQoJbHBWYWx1ZU5hbWU6IFR5cGUNCglscERhdGE6IDB4MSAod3JpdGUpDQoJbHBWYWx1ZU5hbWU6IEVycm9yQ29udHJvbA0KCWxwRGF0YTogMHgxICh3cml0ZS
"deleted": false,
"disable_correlation": false,
"timestamp": "1575964760",
"to_ids": false,
"type": "attachment",
"uuid": "5def5058-16e0-4979-b098-40af950d210f",
"value": "anlage-2019-12-bfv-cyber-brief-2019-01.txt"
},
{
"category": "Payload delivery",
"comment": "",
"deleted": false,
"disable_correlation": false,
"timestamp": "1575966184",
"to_ids": true,
"type": "filename",
"uuid": "5def55e8-180c-44e8-b55a-4516950d210f",
"value": "\\??\\%WINDIR%\\TEMP\\tmpXXXX.tmp"
},
{
"category": "Payload delivery",
"comment": "",
"deleted": false,
"disable_correlation": false,
"timestamp": "1575966188",
"to_ids": true,
"type": "filename",
"uuid": "5def55ec-a86c-46aa-be96-44fd950d210f",
"value": "\\??\\%WINDIR%\\TEMP\\NtXXXX.tmp"
},
{
"category": "Network activity",
"comment": "Possible C2 DNS Domain Name",
"deleted": false,
"disable_correlation": false,
"timestamp": "1575989094",
"to_ids": false,
"type": "other",
"uuid": "5defaf66-c2b0-401b-b786-41b6950d210f",
"value": "*.dick.mooo.com"
},
{
"category": "Network activity",
"comment": "Possible C2 HTTP header",
"deleted": false,
"disable_correlation": false,
"timestamp": "1575989159",
"to_ids": false,
"type": "other",
"uuid": "5defafa7-c2d8-4682-9307-4b4b950d210f",
"value": "GET [Offset 0x10C in \"config\"] HTTP/1.1\\r\\n\r\nCookie: SN= [bin2hex(data_to_send)]\r\nAccept: text/html, */*\r\nUser-Agent: Mozilla/5.0 (Windows NT 6.2; WOW64) Chrome/53.0.2785.148\r\nHost: [Offset 0x8 in \"config\"]\r\nConnection: Keep-Alive"
}
],
"Object": [
{
"comment": "",
"deleted": false,
"description": "An object describing a YARA rule (or a YARA rule name) along with its version.",
"meta-category": "misc",
"name": "yara",
"template_uuid": "b5acf82e-ecca-4868-82fe-9dbdf4d808c3",
"template_version": "4",
"timestamp": "1575895015",
"uuid": "5dee3f11-02e4-406f-ab0b-ba86950d210f",
"Attribute": [
{
"category": "Other",
"comment": "",
"deleted": false,
"disable_correlation": false,
"object_relation": "yara-rule-name",
"timestamp": "1575895015",
"to_ids": false,
"type": "text",
"uuid": "5dee3f11-5d4c-437f-9c0f-ba86950d210f",
"value": "rule cb2_01"
},
{
"category": "Payload installation",
"comment": "",
"deleted": false,
"disable_correlation": false,
"object_relation": "yara",
"timestamp": "1575895015",
"to_ids": true,
"type": "yara",
"uuid": "5dee3f5b-8bf8-4ed4-a9c3-ba86950d210f",
"value": "{\r\nstrings:\r\n$e1 = \u00e2\u20ac\u017eGlobal\\\\BFE_Notify_Event_{65a097fe-6102-446a-9f9c-55dfc3f411015}\u00e2\u20ac\u009d ascii nocase\r\n$e2 = \u00e2\u20ac\u017eGlobal\\\\BFE_Notify_Event_{65a097fe-6102-446a-9f9c-55dfc3f411014}\u00e2\u20ac\u009d ascii nocase\r\n$e3 = \u00e2\u20ac\u017eGlobal\\\\BFE_Notify_Event_{65a097fe-6102-446a-9f9c-55dfc3f411016}\u00e2\u20ac\u009d ascii nocase\r\n$e4 = \u00e2\u20ac\u017e\\\\BaseNamedObjects\\\\{B2B87CCA-66BC-4C24-89B2-C23C9EAC2A66}\u00e2\u20ac\u009d wide\r\n$e5 = \u00e2\u20ac\u017eBFE_Notify_Event_{7D00FA3C-FBDC-4A8D-AEEB-3F55A4890D2A}\u00e2\u20ac\u009d nocase\r\ncondition:\r\n}\r\n(any of ($e*))\r\n}"
},
{
"category": "Other",
"comment": "",
"deleted": false,
"disable_correlation": false,
"object_relation": "context",
"timestamp": "1575895015",
"to_ids": false,
"type": "text",
"uuid": "5dee3fe7-16bc-446b-8d2c-a11c950d210f",
"value": "memory"
}
]
},
{
"comment": "",
"deleted": false,
"description": "An object describing a YARA rule (or a YARA rule name) along with its version.",
"meta-category": "misc",
"name": "yara",
"template_uuid": "b5acf82e-ecca-4868-82fe-9dbdf4d808c3",
"template_version": "4",
"timestamp": "1575895002",
"uuid": "5dee3fda-b550-4d4b-9edb-a11c950d210f",
"Attribute": [
{
"category": "Other",
"comment": "",
"deleted": false,
"disable_correlation": false,
"object_relation": "context",
"timestamp": "1575895003",
"to_ids": false,
"type": "text",
"uuid": "5dee3fdb-4160-49d4-be06-a11c950d210f",
"value": "memory"
},
{
"category": "Other",
"comment": "",
"deleted": false,
"disable_correlation": false,
"object_relation": "yara-rule-name",
"timestamp": "1575895003",
"to_ids": false,
"type": "text",
"uuid": "5dee3fdb-4dd0-4c43-ac9a-a11c950d210f",
"value": "rule cb2_02"
},
{
"category": "Payload installation",
"comment": "",
"deleted": false,
"disable_correlation": false,
"object_relation": "yara",
"timestamp": "1575895003",
"to_ids": true,
"type": "yara",
"uuid": "5dee3fdb-9cd4-4a54-a4e8-a11c950d210f",
"value": "{\r\n strings:\r\n $a1 = \"IPSecMiniPort\" wide fullword\r\n $a2 = \"ndis6fw\" wide fullword\r\n $a3 = \"TCPIP\" wide fullword\r\n $a4 = \"NDIS.SYS\" ascii fullword\r\n $a5 = \"ntoskrnl.exe\" ascii fullword\r\n $a6 = \"\\\\BaseNamedObjects\\\\{B2B87CCA-66BC-4C24-89B2-C23C9EAC2A66}\" wide\r\n $a7 = \"\\\\Device\\\\Null\" wide\r\n $a8 = \"\\\\Device\" wide\r\n $a9 = \"\\\\Driver\" wide\r\n $b1 = { 66 81 7? ?? 70 17 }\r\n $b2 = { 81 7? ?? 07 E0 15 00 }\r\n $b3 = { 8B 46 18 3D 03 60 15 00 }\r\n condition:\r\n (6 of ($a*)) and (2 of ($b*))\r\n}"
}
]
},
{
"comment": "",
"deleted": false,
"description": "An object describing a YARA rule (or a YARA rule name) along with its version.",
"meta-category": "misc",
"name": "yara",
"template_uuid": "b5acf82e-ecca-4868-82fe-9dbdf4d808c3",
"template_version": "4",
"timestamp": "1575897971",
"uuid": "5dee4b73-07c0-4f1b-b723-b9de950d210f",
"Attribute": [
{
"category": "Other",
"comment": "",
"deleted": false,
"disable_correlation": false,
"object_relation": "context",
"timestamp": "1575897971",
"to_ids": false,
"type": "text",
"uuid": "5dee4b73-2224-4a92-9c01-b9de950d210f",
"value": "memory"
},
{
"category": "Other",
"comment": "",
"deleted": false,
"disable_correlation": false,
"object_relation": "yara-rule-name",
"timestamp": "1575897975",
"to_ids": false,
"type": "text",
"uuid": "5dee4b77-ab20-400c-b770-b9de950d210f",
"value": "rule cb2_03"
},
{
"category": "Payload installation",
"comment": "",
"deleted": false,
"disable_correlation": false,
"object_relation": "yara",
"timestamp": "1575897981",
"to_ids": true,
"type": "yara",
"uuid": "5dee4b7d-054c-463d-89cc-b9de950d210f",
"value": "{\r\n strings:\r\n $b1 = { 0F B7 ?? 16 [0-1] (81 E? | 25) 00 20 [0-2] [8] 8B ?? 50 41 B9 40 00 00 00 41 B8 00 10 00 00 }\r\n $b2 = { 8B 40 28 [5-8] 48 03 C8 48 8B C1 [5-8] 48 89 41 28 }\r\n $b3 = { 48 6B ?? 28 [5-8] 8B ?? ?? 10 [5-8] 48 6B ?? 28 [5-8] 8B ?? ?? 14 }\r\n $b4 = { 83 B? 90 00 00 00 00 0F 84 [9-12] 83 B? 94 00 00 00 00 0F 84 }\r\n $b5 = { (45 | 4D) (31 | 33) C0 BA 01 00 00 00 [10-16] FF 5? 28 [0-1] (84 | 85) C0 }\r\n condition:\r\n (4 of ($b*))\r\n}"
}
]
},
{
"comment": "",
"deleted": false,
"description": "An object describing a YARA rule (or a YARA rule name) along with its version.",
"meta-category": "misc",
"name": "yara",
"template_uuid": "b5acf82e-ecca-4868-82fe-9dbdf4d808c3",
"template_version": "4",
"timestamp": "1575898010",
"uuid": "5dee4b9a-8b60-4fef-b39c-ba61950d210f",
"Attribute": [
{
"category": "Other",
"comment": "",
"deleted": false,
"disable_correlation": false,
"object_relation": "context",
"timestamp": "1575898010",
"to_ids": false,
"type": "text",
"uuid": "5dee4b9a-f338-488e-8522-ba61950d210f",
"value": "memory"
},
{
"category": "Other",
"comment": "",
"deleted": false,
"disable_correlation": false,
"object_relation": "yara-rule-name",
"timestamp": "1575898014",
"to_ids": false,
"type": "text",
"uuid": "5dee4b9e-8934-4741-90c1-ba61950d210f",
"value": "rule cb2_04"
},
{
"category": "Payload installation",
"comment": "",
"deleted": false,
"disable_correlation": false,
"object_relation": "yara",
"timestamp": "1575898016",
"to_ids": true,
"type": "yara",
"uuid": "5dee4ba0-4660-4d38-ac50-ba61950d210f",
"value": "{\r\n strings:\r\n $b1 = { 4C 8D 41 24 33 D2 B9 03 00 1F 00 FF 9? F8 00 00 00 48 85 C0 74 }\r\n $b2 = { 4C 8B 4? 08 BA 01 00 00 00 49 8B C? FF D0 85 C0 [2-6] C7 4? 1C 01 00 00 00 B8 01 00 00 00 }\r\n $b3 = { 8B 4B E4 8B 53 EC 41 B8 00 40 00 00 4? 0B C? FF 9? B8 00 00 00 EB }\r\n condition:\r\n (2 of ($b*))\r\n}"
}
]
},
{
"comment": "",
"deleted": false,
"description": "An object describing a YARA rule (or a YARA rule name) along with its version.",
"meta-category": "misc",
"name": "yara",
"template_uuid": "b5acf82e-ecca-4868-82fe-9dbdf4d808c3",
"template_version": "4",
"timestamp": "1575898705",
"uuid": "5dee4e51-f448-4a0a-815c-b79e950d210f",
"Attribute": [
{
"category": "Other",
"comment": "",
"deleted": false,
"disable_correlation": false,
"object_relation": "context",
"timestamp": "1575898705",
"to_ids": false,
"type": "text",
"uuid": "5dee4e51-ebd4-4aca-89eb-b79e950d210f",
"value": "memory"
},
{
"category": "Other",
"comment": "",
"deleted": false,
"disable_correlation": false,
"object_relation": "yara-rule-name",
"timestamp": "1575898705",
"to_ids": false,
"type": "text",
"uuid": "5dee4e51-94d8-4b26-8fcc-b79e950d210f",
"value": "rule cb2_05"
},
{
"category": "Payload installation",
"comment": "",
"deleted": false,
"disable_correlation": false,
"object_relation": "yara",
"timestamp": "1575898705",
"to_ids": true,
"type": "yara",
"uuid": "5dee4e51-ef24-48e6-b9df-b79e950d210f",
"value": "{\r\n strings:\r\n $a1 = \"-k netsvcs\" ascii\r\n $a2 = \"svchost.exe\" ascii fullword\r\n $a3 = \"%SystemRoot%\\\\System32\\\\ntoskrnl.exe\" ascii\r\n $a4 = \"Global\\\\BFE_Notify_Event_{65a097fe-6102-446a-9f9c-55dfc3f411015}\" ascii\r\n $a5 = \"Global\\\\BFE_Notify_Event_{65a097fe-6102-446a-9f9c-55dfc3f411014}\" ascii\r\n $a6 = \"Global\\\\BFE_Notify_Event_{65a097fe-6102-446a-9f9c-55dfc3f411016}\" ascii\r\n $a7 = \"cmd.exe\" wide\r\n $a8 = \",XML\" wide\r\n $a9 = \"\\\\rundll32.exe\" wide\r\n $a10 = \"\\\\conhost.exe\" wide\r\n $a11 = \"\\\\cmd.exe\" wide\r\n $a12 = \"NtQueryInformationProcess\" ascii\r\n $a13 = \"Detours!\" ascii fullword\r\n $a14 = \"Loading modified build of detours library designed for MPC-HC player (http://sourceforge.net/projects/mpc-hc/)\" ascii\r\n $a15 = \"CONOUT$\" wide fullword\r\n $a16 = { C6 0? E9 4? 8? 4? 05 [2] 89 4? 01 }\r\n condition:\r\n (12 of ($a*))\r\n}"
}
]
},
{
"comment": "\tlpValueName: GUID (create)\r\n\tlpData: XXXXX-XXXXX-XXXXX-XXXXX-XXXXX (read/write)",
"deleted": false,
"description": "Registry key object describing a Windows registry key with value and last-modified timestamp",
"meta-category": "file",
"name": "registry-key",
"template_uuid": "8b3228ad-6d82-4fe6-b2ae-05426308f1d5",
"template_version": "4",
"timestamp": "1575899650",
"uuid": "5dee5202-0d70-4bd5-801e-4504950d210f",
"Attribute": [
{
"category": "Persistence mechanism",
"comment": "",
"deleted": false,
"disable_correlation": false,
"object_relation": "name",
"timestamp": "1575899651",
"to_ids": false,
"type": "text",
"uuid": "5dee5203-7bc0-45f0-b8c9-4397950d210f",
"value": "HKLM\\SOFTWRE\\Microsoft\\Ole\\"
},
{
"category": "Other",
"comment": "",
"deleted": false,
"disable_correlation": true,
"object_relation": "root-keys",
"timestamp": "1575899666",
"to_ids": false,
"type": "text",
"uuid": "5dee5212-56ec-49ef-b914-4912950d210f",
"value": "HKLM"
}
]
},
{
"comment": "\tlpValueName: Type\r\n\tlpData: 0x1 (write)\r\n\tlpValueName: ErrorControl\r\n\tlpData: 0x1 (write)\r\n\tlpValueName: Start\r\n\tlpData: 0x3 (write)",
"deleted": false,
"description": "Registry key object describing a Windows registry key with value and last-modified timestamp",
"meta-category": "file",
"name": "registry-key",
"template_uuid": "8b3228ad-6d82-4fe6-b2ae-05426308f1d5",
"template_version": "4",
"timestamp": "1575900513",
"uuid": "5dee5561-9df0-484c-bbb3-47ba950d210f",
"Attribute": [
{
"category": "Persistence mechanism",
"comment": "",
"deleted": false,
"disable_correlation": false,
"object_relation": "name",
"timestamp": "1575900513",
"to_ids": false,
"type": "text",
"uuid": "5dee5561-8dbc-4346-b337-4b3c950d210f",
"value": "HKLM\\System\\CurrentControlSet\\Services\\tmpXXXX"
},
{
"category": "Other",
"comment": "",
"deleted": false,
"disable_correlation": true,
"object_relation": "root-keys",
"timestamp": "1575900514",
"to_ids": false,
"type": "text",
"uuid": "5dee5562-9030-442a-8ca1-46f2950d210f",
"value": "HKLM"
}
]
},
{
"comment": "Intermediate Loader (disk)\r\nType: PE32+ executable (DLL) (console) x86-64, for MS Windows",
"deleted": false,
"description": "File object describing a file with meta-information",
"meta-category": "file",
"name": "file",
"template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215",
"template_version": "18",
"timestamp": "1575984424",
"uuid": "5def9c6b-dcd8-4fb6-95da-476d950d210f",
"ObjectReference": [
{
"comment": "",
"object_uuid": "5def9c6b-dcd8-4fb6-95da-476d950d210f",
"referenced_uuid": "5def9ce1-f250-4d35-a51f-4b21950d210f",
"relationship_type": "contains",
"timestamp": "1575984396",
"uuid": "5def9d0c-9eac-4490-a93e-419b950d210f"
},
{
"comment": "",
"object_uuid": "5def9c6b-dcd8-4fb6-95da-476d950d210f",
"referenced_uuid": "5def9ca7-d33c-4f2e-83bc-45d0950d210f",
"relationship_type": "contains",
"timestamp": "1575984424",
"uuid": "5def9d28-e8b0-422f-a452-4c24950d210f"
}
],
"Attribute": [
{
"category": "Payload delivery",
"comment": "",
"deleted": false,
"disable_correlation": false,
"object_relation": "imphash",
"timestamp": "1575984235",
"to_ids": true,
"type": "imphash",
"uuid": "5def9c6b-e284-45e6-b8b7-41ab950d210f",
"value": "1fb46361b3762772e68127b42d1b1d5e"
},
{
"category": "Payload delivery",
"comment": "",
"deleted": false,
"disable_correlation": false,
"object_relation": "ssdeep",
"timestamp": "1575984240",
"to_ids": true,
"type": "ssdeep",
"uuid": "5def9c70-354c-4b37-b6ce-4ce2950d210f",
"value": "3072:3ZvhT4Xd7ncWKby0T+SQ0IYevsxtjg9RfnJHarO:3LT4tVKO0wLsxt0TnJHaO"
}
]
},
{
"comment": "Intermediate Loader (disk)\r\nType: PE32+ executable (DLL) (console) x86-64, for MS Windows",
"deleted": false,
"description": "Object describing a section of a Portable Executable",
"meta-category": "file",
"name": "pe-section",
"template_uuid": "198a17d2-a135-4b25-9a32-5aa4e632014a",
"template_version": "3",
"timestamp": "1575984441",
"uuid": "5def9ca7-d33c-4f2e-83bc-45d0950d210f",
"ObjectReference": [
{
"comment": "",
"object_uuid": "5def9ca7-d33c-4f2e-83bc-45d0950d210f",
"referenced_uuid": "5def9c6b-dcd8-4fb6-95da-476d950d210f",
"relationship_type": "contained-within",
"timestamp": "1575984441",
"uuid": "5def9d39-51ac-4427-9ff2-40dd950d210f"
}
],
"Attribute": [
{
"category": "Other",
"comment": "",
"deleted": false,
"disable_correlation": true,
"object_relation": "name",
"timestamp": "1575984295",
"to_ids": false,
"type": "text",
"uuid": "5def9ca7-1614-46e9-a9cf-44b7950d210f",
"value": ".text"
},
{
"category": "Payload delivery",
"comment": "",
"deleted": false,
"disable_correlation": false,
"object_relation": "ssdeep",
"timestamp": "1575984296",
"to_ids": true,
"type": "ssdeep",
"uuid": "5def9ca8-de1c-4ddb-a7d2-4fb3950d210f",
"value": "768:zRWRzPlgivs6/lR/T4XxMJefllEHWcVDkPKbgB:S2ivhT4Xd7EWchkPKby"
}
]
},
{
"comment": "Intermediate Loader (disk)\r\nType: PE32+ executable (DLL) (console) x86-64, for MS Windows",
"deleted": false,
"description": "Object describing a section of a Portable Executable",
"meta-category": "file",
"name": "pe-section",
"template_uuid": "198a17d2-a135-4b25-9a32-5aa4e632014a",
"template_version": "3",
"timestamp": "1575984462",
"uuid": "5def9ce1-f250-4d35-a51f-4b21950d210f",
"ObjectReference": [
{
"comment": "",
"object_uuid": "5def9ce1-f250-4d35-a51f-4b21950d210f",
"referenced_uuid": "5def9c6b-dcd8-4fb6-95da-476d950d210f",
"relationship_type": "contained-within",
"timestamp": "1575984462",
"uuid": "5def9d4e-f0a0-42cf-927c-43a8950d210f"
}
],
"Attribute": [
{
"category": "Other",
"comment": "",
"deleted": false,
"disable_correlation": true,
"object_relation": "name",
"timestamp": "1575984353",
"to_ids": false,
"type": "text",
"uuid": "5def9ce1-8cf8-4c0f-97eb-4699950d210f",
"value": ".data"
},
{
"category": "Payload delivery",
"comment": "",
"deleted": false,
"disable_correlation": false,
"object_relation": "ssdeep",
"timestamp": "1575984354",
"to_ids": true,
"type": "ssdeep",
"uuid": "5def9ce2-4a80-4e88-b6a4-48bb950d210f",
"value": "1536:5Q0PgGT9YX/sLPdK0skw7KjgrrdqsE7ynJHarO7:5Q0IYevsxtjg9RfnJHarO"
}
]
},
{
"comment": "",
"deleted": false,
"description": "File object describing a file with meta-information",
"meta-category": "file",
"name": "file",
"template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215",
"template_version": "18",
"timestamp": "1575984853",
"uuid": "5def9ed5-d278-4e6d-996d-4cc2950d210f",
"Attribute": [
{
"category": "Other",
"comment": "",
"deleted": false,
"disable_correlation": true,
"object_relation": "text",
"timestamp": "1575984854",
"to_ids": false,
"type": "text",
"uuid": "5def9ed6-64e4-4f87-adab-4a86950d210f",
"value": "Reflective DLL Loading Shellcode Type 1 (used by Intermediate Loader and Loader, disk and memory)"
},
{
"category": "Payload delivery",
"comment": "",
"deleted": false,
"disable_correlation": false,
"object_relation": "md5",
"timestamp": "1575984854",
"to_ids": true,
"type": "md5",
"uuid": "5def9ed6-cc84-4bda-b70e-4de2950d210f",
"value": "25c735f0e64464e8c75db3d225912add"
},
{
"category": "Payload delivery",
"comment": "",
"deleted": false,
"disable_correlation": false,
"object_relation": "sha1",
"timestamp": "1575984854",
"to_ids": true,
"type": "sha1",
"uuid": "5def9ed6-8750-43aa-a711-4dff950d210f",
"value": "ec8fd561551db21c86766296611c1d8df9bf98c5"
},
{
"category": "Payload delivery",
"comment": "",
"deleted": false,
"disable_correlation": false,
"object_relation": "ssdeep",
"timestamp": "1575984854",
"to_ids": true,
"type": "ssdeep",
"uuid": "5def9ed6-7934-4e59-b707-4eb3950d210f",
"value": "48:sKuCvM5L7NuPFi6YaLC8DNx+xlWEsOQGSmY0X1BHT5Hp5iwjS9d6ybxnAOmq/a7D:srCvk3NuH7LC4qlWST1B8Ma427a7D"
},
{
"category": "Other",
"comment": "",
"deleted": false,
"disable_correlation": true,
"object_relation": "size-in-bytes",
"timestamp": "1575984854",
"to_ids": false,
"type": "size-in-bytes",
"uuid": "5def9ed6-d964-4cff-8354-401c950d210f",
"value": "4410"
}
]
},
{
"comment": "",
"deleted": false,
"description": "File object describing a file with meta-information",
"meta-category": "file",
"name": "file",
"template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215",
"template_version": "16",
"timestamp": "1575987747",
"uuid": "e53b7231-54cc-40b6-aced-498328713c3d",
"Attribute": [
{
"category": "Payload delivery",
"comment": "",
"deleted": false,
"disable_correlation": true,
"object_relation": "filename",
"timestamp": "1575987747",
"to_ids": true,
"type": "filename",
"uuid": "a4deeac4-b9b3-4233-9867-2d9c8ccdd251",
"value": "driver1.sys"
},
{
"category": "Payload delivery",
"comment": "",
"deleted": false,
"disable_correlation": false,
"object_relation": "sha1",
"timestamp": "1575987752",
"to_ids": true,
"type": "sha1",
"uuid": "ad6b22fd-aacc-4e77-8523-49fea6fae3e8",
"value": "8b966bc4c4adde90f51f68a78aa326b761981fb4"
},
{
"category": "Other",
"comment": "",
"deleted": false,
"disable_correlation": true,
"object_relation": "path",
"timestamp": "1575987757",
"to_ids": false,
"type": "text",
"uuid": "cd70d1ce-4fc0-4b13-92cf-9513527f36af",
"value": "system.dat-output/"
},
{
"category": "Other",
"comment": "",
"deleted": false,
"disable_correlation": false,
"object_relation": "fullpath",
"timestamp": "1575987763",
"to_ids": false,
"type": "text",
"uuid": "a54b7708-2570-4fbf-90e4-2c3a5e814a78",
"value": "system.dat-output/driver1.sys"
},
{
"category": "Other",
"comment": "",
"deleted": false,
"disable_correlation": true,
"object_relation": "text",
"timestamp": "1575987769",
"to_ids": false,
"type": "text",
"uuid": "9bfde3ca-1ae8-44ff-9405-71d9a1af91fe",
"value": "variante-A/"
}
]
},
{
"comment": "",
"deleted": false,
"description": "File object describing a file with meta-information",
"meta-category": "file",
"name": "file",
"template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215",
"template_version": "16",
"timestamp": "1575987769",
"uuid": "3c622f17-8eec-4e87-bd09-be3a072530b6",
"Attribute": [
{
"category": "Payload delivery",
"comment": "",
"deleted": false,
"disable_correlation": true,
"object_relation": "filename",
"timestamp": "1575987770",
"to_ids": true,
"type": "filename",
"uuid": "1cad6631-9b6b-43e4-960b-c7114b5a0408",
"value": "payload.dll"
},
{
"category": "Payload delivery",
"comment": "",
"deleted": false,
"disable_correlation": false,
"object_relation": "sha1",
"timestamp": "1575987770",
"to_ids": true,
"type": "sha1",
"uuid": "7a74d6f4-929d-4bc1-8a92-c276383a6732",
"value": "611b4c014d4a29b632c167a613b677c08d206d1e"
},
{
"category": "Other",
"comment": "",
"deleted": false,
"disable_correlation": true,
"object_relation": "path",
"timestamp": "1575987770",
"to_ids": false,
"type": "text",
"uuid": "d4aa1049-d5cf-45ba-b536-600edd866110",
"value": "system.dat-output/"
},
{
"category": "Other",
"comment": "",
"deleted": false,
"disable_correlation": false,
"object_relation": "fullpath",
"timestamp": "1575987770",
"to_ids": false,
"type": "text",
"uuid": "21ad2622-8d87-49e2-affe-668c8e71538a",
"value": "system.dat-output/payload.dll"
},
{
"category": "Other",
"comment": "",
"deleted": false,
"disable_correlation": true,
"object_relation": "text",
"timestamp": "1575987770",
"to_ids": false,
"type": "text",
"uuid": "7d825852-e232-4141-8c60-9d5789ab61bb",
"value": "variante-A/"
}
]
},
{
"comment": "",
"deleted": false,
"description": "File object describing a file with meta-information",
"meta-category": "file",
"name": "file",
"template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215",
"template_version": "16",
"timestamp": "1575987770",
"uuid": "1a9c8641-e1f9-4716-9fbd-212be3259b9e",
"Attribute": [
{
"category": "Payload delivery",
"comment": "",
"deleted": false,
"disable_correlation": true,
"object_relation": "filename",
"timestamp": "1575987770",
"to_ids": true,
"type": "filename",
"uuid": "760892b1-4060-49ee-a19f-64d099f2cc14",
"value": "payload"
},
{
"category": "Payload delivery",
"comment": "",
"deleted": false,
"disable_correlation": false,
"object_relation": "sha1",
"timestamp": "1575987770",
"to_ids": true,
"type": "sha1",
"uuid": "346ec09f-cb59-4953-a5f1-f2531492cf54",
"value": "fd04c0168b844d17828ee03a1e5249e7986ce9ba"
},
{
"category": "Other",
"comment": "",
"deleted": false,
"disable_correlation": true,
"object_relation": "path",
"timestamp": "1575987770",
"to_ids": false,
"type": "text",
"uuid": "a19780da-ddf1-4ed4-b0c1-e26c63bfa9c2",
"value": "system.dat-output/"
},
{
"category": "Other",
"comment": "",
"deleted": false,
"disable_correlation": false,
"object_relation": "fullpath",
"timestamp": "1575987770",
"to_ids": false,
"type": "text",
"uuid": "e54e59e9-5a1c-4325-a209-7c45317095d3",
"value": "system.dat-output/payload"
},
{
"category": "Other",
"comment": "",
"deleted": false,
"disable_correlation": true,
"object_relation": "text",
"timestamp": "1575987770",
"to_ids": false,
"type": "text",
"uuid": "558dc516-da6a-4e05-af39-a979d7ba1a80",
"value": "variante-A/"
}
]
},
{
"comment": "",
"deleted": false,
"description": "File object describing a file with meta-information",
"meta-category": "file",
"name": "file",
"template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215",
"template_version": "16",
"timestamp": "1575987770",
"uuid": "3b726112-4fbb-4986-8753-bb42dfb25f3a",
"Attribute": [
{
"category": "Payload delivery",
"comment": "",
"deleted": false,
"disable_correlation": true,
"object_relation": "filename",
"timestamp": "1575987771",
"to_ids": true,
"type": "filename",
"uuid": "f0861e3d-c4a9-4384-818d-a6d8a22e00ba",
"value": "system.dat"
},
{
"category": "Payload delivery",
"comment": "",
"deleted": false,
"disable_correlation": false,
"object_relation": "sha1",
"timestamp": "1575987771",
"to_ids": true,
"type": "sha1",
"uuid": "7fa3d8a7-c77a-4132-8fb4-0ee339580829",
"value": "5e00d36388ce0fe4bbd0624d674f2f007f7e500a"
},
{
"category": "Other",
"comment": "",
"deleted": false,
"disable_correlation": true,
"object_relation": "path",
"timestamp": "1575987771",
"to_ids": false,
"type": "text",
"uuid": "434b0e7e-fa09-4ab9-a63a-dac74baf1fb5",
"value": "system.dat/"
},
{
"category": "Other",
"comment": "",
"deleted": false,
"disable_correlation": false,
"object_relation": "fullpath",
"timestamp": "1575987771",
"to_ids": false,
"type": "text",
"uuid": "0632e398-2897-40e8-a538-c167e18c37bd",
"value": "system.dat"
},
{
"category": "Other",
"comment": "",
"deleted": false,
"disable_correlation": true,
"object_relation": "text",
"timestamp": "1575987771",
"to_ids": false,
"type": "text",
"uuid": "33015db6-622c-4198-aeb3-a0afaa031da0",
"value": "variante-A/"
}
]
},
{
"comment": "",
"deleted": false,
"description": "File object describing a file with meta-information",
"meta-category": "file",
"name": "file",
"template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215",
"template_version": "16",
"timestamp": "1575987771",
"uuid": "9e7700e2-a2d3-4fc8-91e3-bdae4dad5240",
"Attribute": [
{
"category": "Payload delivery",
"comment": "",
"deleted": false,
"disable_correlation": true,
"object_relation": "filename",
"timestamp": "1575987771",
"to_ids": true,
"type": "filename",
"uuid": "de0dbd8d-7771-4d28-9b5c-5d17b4569331",
"value": "driver1.sys"
},
{
"category": "Payload delivery",
"comment": "",
"deleted": false,
"disable_correlation": false,
"object_relation": "sha1",
"timestamp": "1575987771",
"to_ids": true,
"type": "sha1",
"uuid": "4879fcbf-8547-4b93-9e95-86f61cfeeaca",
"value": "8b966bc4c4adde90f51f68a78aa326b761981fb4"
},
{
"category": "Other",
"comment": "",
"deleted": false,
"disable_correlation": true,
"object_relation": "path",
"timestamp": "1575987771",
"to_ids": false,
"type": "text",
"uuid": "b5f7df5b-f1dc-4ee8-a655-6a59b70ace90",
"value": "TmsmHttp64.dll-output/"
},
{
"category": "Other",
"comment": "",
"deleted": false,
"disable_correlation": false,
"object_relation": "fullpath",
"timestamp": "1575987771",
"to_ids": false,
"type": "text",
"uuid": "cb0d01f2-30a7-4780-aaeb-2e95b6a904e4",
"value": "TmsmHttp64.dll-output/driver1.sys"
},
{
"category": "Other",
"comment": "",
"deleted": false,
"disable_correlation": true,
"object_relation": "text",
"timestamp": "1575987771",
"to_ids": false,
"type": "text",
"uuid": "bc770932-de98-441f-8a41-9ef2ecebc3da",
"value": "variante-B/"
}
]
},
{
"comment": "",
"deleted": false,
"description": "File object describing a file with meta-information",
"meta-category": "file",
"name": "file",
"template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215",
"template_version": "16",
"timestamp": "1575987772",
"uuid": "52cf0eab-5342-49e6-80df-6d2a3e6d00dc",
"Attribute": [
{
"category": "Payload delivery",
"comment": "",
"deleted": false,
"disable_correlation": true,
"object_relation": "filename",
"timestamp": "1575987772",
"to_ids": true,
"type": "filename",
"uuid": "12f97435-7724-4ab7-9b93-8834187f6a07",
"value": "driver2.sys"
},
{
"category": "Payload delivery",
"comment": "",
"deleted": false,
"disable_correlation": false,
"object_relation": "sha1",
"timestamp": "1575987772",
"to_ids": true,
"type": "sha1",
"uuid": "8ba75150-6831-4f57-aef6-3e891e9cb14b",
"value": "003b5d82a9e208e0bc2f339d46bb907cbf588bc1"
},
{
"category": "Other",
"comment": "",
"deleted": false,
"disable_correlation": true,
"object_relation": "path",
"timestamp": "1575987772",
"to_ids": false,
"type": "text",
"uuid": "f02233de-ae87-4807-8b26-2ed3fc20b2f7",
"value": "TmsmHttp64.dll-output/"
},
{
"category": "Other",
"comment": "",
"deleted": false,
"disable_correlation": false,
"object_relation": "fullpath",
"timestamp": "1575987772",
"to_ids": false,
"type": "text",
"uuid": "eac0ccd1-7156-4853-a129-74f80a4ccb86",
"value": "TmsmHttp64.dll-output/driver2.sys"
},
{
"category": "Other",
"comment": "",
"deleted": false,
"disable_correlation": true,
"object_relation": "text",
"timestamp": "1575987772",
"to_ids": false,
"type": "text",
"uuid": "4fcd8bda-14e2-4d3a-8f69-2d06c5e92e54",
"value": "variante-B/"
}
]
},
{
"comment": "",
"deleted": false,
"description": "File object describing a file with meta-information",
"meta-category": "file",
"name": "file",
"template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215",
"template_version": "16",
"timestamp": "1575987773",
"uuid": "43c6c9cb-dbcc-498a-9346-3799c8ad30e1",
"Attribute": [
{
"category": "Payload delivery",
"comment": "",
"deleted": false,
"disable_correlation": true,
"object_relation": "filename",
"timestamp": "1575987773",
"to_ids": true,
"type": "filename",
"uuid": "3396a7fc-2c73-4bb2-8e9f-2ab256175e17",
"value": "payload.dll"
},
{
"category": "Payload delivery",
"comment": "",
"deleted": false,
"disable_correlation": false,
"object_relation": "sha1",
"timestamp": "1575987773",
"to_ids": true,
"type": "sha1",
"uuid": "0771eb14-ad2a-46a2-9c2a-69082f50f4c0",
"value": "a224a276213eaecc91f0b36a66809b9cb2e7b244"
},
{
"category": "Other",
"comment": "",
"deleted": false,
"disable_correlation": true,
"object_relation": "path",
"timestamp": "1575987773",
"to_ids": false,
"type": "text",
"uuid": "5f6032c6-477b-431c-80fe-c95f150d3002",
"value": "TmsmHttp64.dll-output/"
},
{
"category": "Other",
"comment": "",
"deleted": false,
"disable_correlation": false,
"object_relation": "fullpath",
"timestamp": "1575987773",
"to_ids": false,
"type": "text",
"uuid": "4accbfd4-a91c-4278-96a3-639cceb842b3",
"value": "TmsmHttp64.dll-output/payload.dll"
},
{
"category": "Other",
"comment": "",
"deleted": false,
"disable_correlation": true,
"object_relation": "text",
"timestamp": "1575987773",
"to_ids": false,
"type": "text",
"uuid": "15ee230b-405c-4890-9a52-6d8379e6f1c5",
"value": "variante-B/"
}
]
},
{
"comment": "",
"deleted": false,
"description": "File object describing a file with meta-information",
"meta-category": "file",
"name": "file",
"template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215",
"template_version": "16",
"timestamp": "1575987773",
"uuid": "da3cb9c5-efb4-4445-8c88-6d779bba3c3c",
"Attribute": [
{
"category": "Payload delivery",
"comment": "",
"deleted": false,
"disable_correlation": true,
"object_relation": "filename",
"timestamp": "1575987773",
"to_ids": true,
"type": "filename",
"uuid": "d1dc3f12-971e-4bc9-bcc6-2545b9821fcb",
"value": "payload"
},
{
"category": "Payload delivery",
"comment": "",
"deleted": false,
"disable_correlation": false,
"object_relation": "sha1",
"timestamp": "1575987774",
"to_ids": true,
"type": "sha1",
"uuid": "1140d28d-6aef-4a17-8960-7962f6d9da51",
"value": "a2dd0e1f27fcaa51f42a7f5d4f2d50d8f4500bd9"
},
{
"category": "Other",
"comment": "",
"deleted": false,
"disable_correlation": true,
"object_relation": "path",
"timestamp": "1575987774",
"to_ids": false,
"type": "text",
"uuid": "36ac9694-d62f-4012-87bc-83f19a17cc8c",
"value": "TmsmHttp64.dll-output/"
},
{
"category": "Other",
"comment": "",
"deleted": false,
"disable_correlation": false,
"object_relation": "fullpath",
"timestamp": "1575987774",
"to_ids": false,
"type": "text",
"uuid": "123bb160-fbca-4fa4-824c-4c860304edf8",
"value": "TmsmHttp64.dll-output/payload"
},
{
"category": "Other",
"comment": "",
"deleted": false,
"disable_correlation": true,
"object_relation": "text",
"timestamp": "1575987774",
"to_ids": false,
"type": "text",
"uuid": "fa9c45da-49d6-4ff4-a33e-e2921a5800d7",
"value": "variante-B/"
}
]
},
{
"comment": "",
"deleted": false,
"description": "File object describing a file with meta-information",
"meta-category": "file",
"name": "file",
"template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215",
"template_version": "16",
"timestamp": "1575987774",
"uuid": "feb320b1-5ae5-4e21-a031-19746f89f645",
"Attribute": [
{
"category": "Payload delivery",
"comment": "",
"deleted": false,
"disable_correlation": true,
"object_relation": "filename",
"timestamp": "1575987774",
"to_ids": true,
"type": "filename",
"uuid": "a0087c3a-0ef7-4496-8786-7dd13be5b1b0",
"value": "TmsmHttp64.dll"
},
{
"category": "Payload delivery",
"comment": "",
"deleted": false,
"disable_correlation": false,
"object_relation": "sha1",
"timestamp": "1575987774",
"to_ids": true,
"type": "sha1",
"uuid": "7f3f1b1a-2d33-4e07-87dd-877ea31abbbf",
"value": "2da100999d323c0628df4878409269ac8f131cee"
},
{
"category": "Other",
"comment": "",
"deleted": false,
"disable_correlation": true,
"object_relation": "path",
"timestamp": "1575987774",
"to_ids": false,
"type": "text",
"uuid": "a1c5e7e5-dbad-4976-8b01-ae14494c89d2",
"value": "TmsmHttp64.dll/"
},
{
"category": "Other",
"comment": "",
"deleted": false,
"disable_correlation": false,
"object_relation": "fullpath",
"timestamp": "1575987774",
"to_ids": false,
"type": "text",
"uuid": "8d7347b8-d5ed-4b3b-8c0f-235ba89b9d40",
"value": "TmsmHttp64.dll"
},
{
"category": "Other",
"comment": "",
"deleted": false,
"disable_correlation": true,
"object_relation": "text",
"timestamp": "1575987774",
"to_ids": false,
"type": "text",
"uuid": "6ad0dccb-ce91-40c6-b3e9-b13c4a63b5f4",
"value": "variante-B/"
}
]
},
{
"comment": "",
"deleted": false,
"description": "File object describing a file with meta-information",
"meta-category": "file",
"name": "file",
"template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215",
"template_version": "16",
"timestamp": "1575987775",
"uuid": "b9d511cf-df43-4672-b8f9-d7537ac9d1ae",
"Attribute": [
{
"category": "Payload delivery",
"comment": "",
"deleted": false,
"disable_correlation": true,
"object_relation": "filename",
"timestamp": "1575987775",
"to_ids": true,
"type": "filename",
"uuid": "a7c5a375-4d32-4182-b2b0-5b08cb91462c",
"value": "driver1.sys"
},
{
"category": "Payload delivery",
"comment": "",
"deleted": false,
"disable_correlation": false,
"object_relation": "sha1",
"timestamp": "1575987775",
"to_ids": true,
"type": "sha1",
"uuid": "427768f0-f29f-4c0f-8d92-7e047eb722b1",
"value": "8b966bc4c4adde90f51f68a78aa326b761981fb4"
},
{
"category": "Other",
"comment": "",
"deleted": false,
"disable_correlation": true,
"object_relation": "path",
"timestamp": "1575987775",
"to_ids": false,
"type": "text",
"uuid": "2060d75f-bc36-4506-a1a6-e81c48aa4ab5",
"value": "iiscfg64.dll-output/"
},
{
"category": "Other",
"comment": "",
"deleted": false,
"disable_correlation": false,
"object_relation": "fullpath",
"timestamp": "1575987775",
"to_ids": false,
"type": "text",
"uuid": "16d54e63-3c73-4a2d-95c9-b2bbaa743dd1",
"value": "iiscfg64.dll-output/driver1.sys"
},
{
"category": "Other",
"comment": "",
"deleted": false,
"disable_correlation": true,
"object_relation": "text",
"timestamp": "1575987775",
"to_ids": false,
"type": "text",
"uuid": "2225bacb-d4a4-4be5-aa45-68e48c9ae031",
"value": "variante-C/"
}
]
},
{
"comment": "",
"deleted": false,
"description": "File object describing a file with meta-information",
"meta-category": "file",
"name": "file",
"template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215",
"template_version": "16",
"timestamp": "1575987775",
"uuid": "24f69e0a-39f7-4a2d-b91e-6c8a2f66d762",
"Attribute": [
{
"category": "Payload delivery",
"comment": "",
"deleted": false,
"disable_correlation": true,
"object_relation": "filename",
"timestamp": "1575987775",
"to_ids": true,
"type": "filename",
"uuid": "42fee2c7-86d4-4cfa-86cc-e60951c2c67e",
"value": "driver2.sys"
},
{
"category": "Payload delivery",
"comment": "",
"deleted": false,
"disable_correlation": false,
"object_relation": "sha1",
"timestamp": "1575987776",
"to_ids": true,
"type": "sha1",
"uuid": "6618ce0e-c3b0-449e-bc62-cb715b9a0765",
"value": "3bb1daf9c5b39a026af5fd5a6c321cd3d0be04d6"
},
{
"category": "Other",
"comment": "",
"deleted": false,
"disable_correlation": true,
"object_relation": "path",
"timestamp": "1575987778",
"to_ids": false,
"type": "text",
"uuid": "9684661a-3ce7-4700-9623-58b99430187a",
"value": "iiscfg64.dll-output/"
},
{
"category": "Other",
"comment": "",
"deleted": false,
"disable_correlation": false,
"object_relation": "fullpath",
"timestamp": "1575987780",
"to_ids": false,
"type": "text",
"uuid": "d6186802-76cf-41ac-b839-5b8e86d0cc62",
"value": "iiscfg64.dll-output/driver2.sys"
},
{
"category": "Other",
"comment": "",
"deleted": false,
"disable_correlation": true,
"object_relation": "text",
"timestamp": "1575987780",
"to_ids": false,
"type": "text",
"uuid": "d60c4a70-1b00-4fb5-815f-dd7b5d0addef",
"value": "variante-C/"
}
]
},
{
"comment": "",
"deleted": false,
"description": "File object describing a file with meta-information",
"meta-category": "file",
"name": "file",
"template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215",
"template_version": "16",
"timestamp": "1575987780",
"uuid": "b33abe59-884c-4a46-acd4-5edbd734a6ae",
"Attribute": [
{
"category": "Payload delivery",
"comment": "",
"deleted": false,
"disable_correlation": true,
"object_relation": "filename",
"timestamp": "1575987781",
"to_ids": true,
"type": "filename",
"uuid": "8f42ebb4-a197-4588-8f13-f3d46653b780",
"value": "payload.dll"
},
{
"category": "Payload delivery",
"comment": "",
"deleted": false,
"disable_correlation": false,
"object_relation": "sha1",
"timestamp": "1575987783",
"to_ids": true,
"type": "sha1",
"uuid": "4c16f2de-39bf-4b08-98fe-6ae380618d6c",
"value": "76bd5e3261609041f29bb429bc1741303e61f328"
},
{
"category": "Other",
"comment": "",
"deleted": false,
"disable_correlation": true,
"object_relation": "path",
"timestamp": "1575987790",
"to_ids": false,
"type": "text",
"uuid": "5fb218b4-9f33-4785-a348-ed05fe1398e5",
"value": "iiscfg64.dll-output/"
},
{
"category": "Other",
"comment": "",
"deleted": false,
"disable_correlation": false,
"object_relation": "fullpath",
"timestamp": "1575987792",
"to_ids": false,
"type": "text",
"uuid": "cfccb869-8395-40a2-8d99-5751fdef10ff",
"value": "iiscfg64.dll-output/payload.dll"
},
{
"category": "Other",
"comment": "",
"deleted": false,
"disable_correlation": true,
"object_relation": "text",
"timestamp": "1575987792",
"to_ids": false,
"type": "text",
"uuid": "741b2b22-a8ca-4171-a93f-944279ebf4c4",
"value": "variante-C/"
}
]
},
{
"comment": "",
"deleted": false,
"description": "File object describing a file with meta-information",
"meta-category": "file",
"name": "file",
"template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215",
"template_version": "16",
"timestamp": "1575987792",
"uuid": "e1ded9f0-7ece-454e-9cdb-cd7da4d80057",
"Attribute": [
{
"category": "Payload delivery",
"comment": "",
"deleted": false,
"disable_correlation": true,
"object_relation": "filename",
"timestamp": "1575987792",
"to_ids": true,
"type": "filename",
"uuid": "590cf735-09c5-4dd3-ab86-a4db40c87d75",
"value": "payload"
},
{
"category": "Payload delivery",
"comment": "",
"deleted": false,
"disable_correlation": false,
"object_relation": "sha1",
"timestamp": "1575987792",
"to_ids": true,
"type": "sha1",
"uuid": "f313dc69-ebe6-40cb-9e5d-81b0c611e857",
"value": "b0cfca2501096b914b0aedd35403d4505729c90c"
},
{
"category": "Other",
"comment": "",
"deleted": false,
"disable_correlation": true,
"object_relation": "path",
"timestamp": "1575987792",
"to_ids": false,
"type": "text",
"uuid": "e0cebffc-3816-463d-8ea3-1c5ea377b446",
"value": "iiscfg64.dll-output/"
},
{
"category": "Other",
"comment": "",
"deleted": false,
"disable_correlation": false,
"object_relation": "fullpath",
"timestamp": "1575987792",
"to_ids": false,
"type": "text",
"uuid": "4b42b447-fbae-4b4f-b390-8bde0838750c",
"value": "iiscfg64.dll-output/payload"
},
{
"category": "Other",
"comment": "",
"deleted": false,
"disable_correlation": true,
"object_relation": "text",
"timestamp": "1575987792",
"to_ids": false,
"type": "text",
"uuid": "73fb4244-3552-4f4b-bdfb-b337a7de7d8b",
"value": "variante-C/"
}
]
},
{
"comment": "",
"deleted": false,
"description": "File object describing a file with meta-information",
"meta-category": "file",
"name": "file",
"template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215",
"template_version": "16",
"timestamp": "1575987793",
"uuid": "0840514f-9f4b-437d-93bf-ecb8dd861021",
"Attribute": [
{
"category": "Payload delivery",
"comment": "",
"deleted": false,
"disable_correlation": true,
"object_relation": "filename",
"timestamp": "1575987793",
"to_ids": true,
"type": "filename",
"uuid": "01ef05d5-7967-4437-9f7f-b1e014493bd8",
"value": "iiscfg64.dll"
},
{
"category": "Payload delivery",
"comment": "",
"deleted": false,
"disable_correlation": false,
"object_relation": "sha1",
"timestamp": "1575987793",
"to_ids": true,
"type": "sha1",
"uuid": "b40bc9f4-5de2-409c-81ae-18fbd86510a7",
"value": "61032695b15bfcd1fbeceb015b16cea21bfaa791"
},
{
"category": "Other",
"comment": "",
"deleted": false,
"disable_correlation": true,
"object_relation": "path",
"timestamp": "1575987793",
"to_ids": false,
"type": "text",
"uuid": "ceb3f29a-37cc-4d3f-94db-93bbd0a64389",
"value": "iiscfg64.dll/"
},
{
"category": "Other",
"comment": "",
"deleted": false,
"disable_correlation": false,
"object_relation": "fullpath",
"timestamp": "1575987793",
"to_ids": false,
"type": "text",
"uuid": "c27ff479-d3f2-4485-a97c-231d0cddd268",
"value": "iiscfg64.dll"
},
{
"category": "Other",
"comment": "",
"deleted": false,
"disable_correlation": true,
"object_relation": "text",
"timestamp": "1575987793",
"to_ids": false,
"type": "text",
"uuid": "8d3a3697-f69d-4055-a08f-67dc42e664b3",
"value": "variante-C/"
}
]
},
{
"comment": "",
"deleted": false,
"description": "File object describing a file with meta-information",
"meta-category": "file",
"name": "file",
"template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215",
"template_version": "16",
"timestamp": "1575987794",
"uuid": "e37faa3a-3ad6-467b-a031-9be5cd3c86c4",
"Attribute": [
{
"category": "Payload delivery",
"comment": "",
"deleted": false,
"disable_correlation": true,
"object_relation": "filename",
"timestamp": "1575987794",
"to_ids": true,
"type": "filename",
"uuid": "17fe1e41-c3a2-41a3-95e9-c90fdc306f35",
"value": "driver1.sys"
},
{
"category": "Payload delivery",
"comment": "",
"deleted": false,
"disable_correlation": false,
"object_relation": "sha1",
"timestamp": "1575987794",
"to_ids": true,
"type": "sha1",
"uuid": "f3041977-fc76-4c31-92b7-688397f33fe2",
"value": "857197c37751dcbc10a89fa962d60e428952ce93"
},
{
"category": "Other",
"comment": "",
"deleted": false,
"disable_correlation": true,
"object_relation": "path",
"timestamp": "1575987794",
"to_ids": false,
"type": "text",
"uuid": "0bc32570-ddcc-445c-a66c-0709276d463a",
"value": "instapi64.dll-output/"
},
{
"category": "Other",
"comment": "",
"deleted": false,
"disable_correlation": false,
"object_relation": "fullpath",
"timestamp": "1575987794",
"to_ids": false,
"type": "text",
"uuid": "7c28f727-d7b1-4cdb-9c80-2384f9077615",
"value": "instapi64.dll-output/driver1.sys"
},
{
"category": "Other",
"comment": "",
"deleted": false,
"disable_correlation": true,
"object_relation": "text",
"timestamp": "1575987794",
"to_ids": false,
"type": "text",
"uuid": "6846af6a-b4f1-4e5d-a2b5-90b66492303b",
"value": "variante-C/"
}
]
},
{
"comment": "",
"deleted": false,
"description": "File object describing a file with meta-information",
"meta-category": "file",
"name": "file",
"template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215",
"template_version": "16",
"timestamp": "1575987795",
"uuid": "cd6c577a-b5fe-472a-bd47-595bffa6660d",
"Attribute": [
{
"category": "Payload delivery",
"comment": "",
"deleted": false,
"disable_correlation": true,
"object_relation": "filename",
"timestamp": "1575987795",
"to_ids": true,
"type": "filename",
"uuid": "5a692765-8588-43f4-9889-1d45118c2b2d",
"value": "driver2.sys"
},
{
"category": "Payload delivery",
"comment": "",
"deleted": false,
"disable_correlation": false,
"object_relation": "sha1",
"timestamp": "1575987795",
"to_ids": true,
"type": "sha1",
"uuid": "6004dfed-3909-4675-ac14-fff7c5aa72a3",
"value": "dbe2e361989dd3e7d7c9e3c6aed69f2237c9aa02"
},
{
"category": "Other",
"comment": "",
"deleted": false,
"disable_correlation": true,
"object_relation": "path",
"timestamp": "1575987795",
"to_ids": false,
"type": "text",
"uuid": "8e7b7233-e367-4592-9614-57d917ed44b2",
"value": "instapi64.dll-output/"
},
{
"category": "Other",
"comment": "",
"deleted": false,
"disable_correlation": false,
"object_relation": "fullpath",
"timestamp": "1575987795",
"to_ids": false,
"type": "text",
"uuid": "ad60fbed-fa5f-46ae-bead-49fee2e4979a",
"value": "instapi64.dll-output/driver2.sys"
},
{
"category": "Other",
"comment": "",
"deleted": false,
"disable_correlation": true,
"object_relation": "text",
"timestamp": "1575987796",
"to_ids": false,
"type": "text",
"uuid": "6810310d-908f-42bd-a998-1ec122bdb7ef",
"value": "variante-C/"
}
]
},
{
"comment": "",
"deleted": false,
"description": "File object describing a file with meta-information",
"meta-category": "file",
"name": "file",
"template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215",
"template_version": "16",
"timestamp": "1575987796",
"uuid": "45ee5414-ac33-49c7-bf60-f92b0e2b4f98",
"Attribute": [
{
"category": "Payload delivery",
"comment": "",
"deleted": false,
"disable_correlation": true,
"object_relation": "filename",
"timestamp": "1575987796",
"to_ids": true,
"type": "filename",
"uuid": "7c63c4a5-acda-45d8-a42f-326847d81f38",
"value": "payload.dll"
},
{
"category": "Payload delivery",
"comment": "",
"deleted": false,
"disable_correlation": false,
"object_relation": "sha1",
"timestamp": "1575987796",
"to_ids": true,
"type": "sha1",
"uuid": "de5770b1-0a29-428d-8887-0f905db574f5",
"value": "b8d35d436888b2f6d4ff2a958d48ca1df17e799e"
},
{
"category": "Other",
"comment": "",
"deleted": false,
"disable_correlation": true,
"object_relation": "path",
"timestamp": "1575987796",
"to_ids": false,
"type": "text",
"uuid": "55834e8e-af7a-4982-8418-09d4a112cd9b",
"value": "instapi64.dll-output/"
},
{
"category": "Other",
"comment": "",
"deleted": false,
"disable_correlation": false,
"object_relation": "fullpath",
"timestamp": "1575987796",
"to_ids": false,
"type": "text",
"uuid": "ecfbacab-d8b0-459e-9387-eb6271489bbb",
"value": "instapi64.dll-output/payload.dll"
},
{
"category": "Other",
"comment": "",
"deleted": false,
"disable_correlation": true,
"object_relation": "text",
"timestamp": "1575987796",
"to_ids": false,
"type": "text",
"uuid": "41ca6b41-3d6e-4a2f-9f5f-7e4eb5e8a892",
"value": "variante-C/"
}
]
},
{
"comment": "",
"deleted": false,
"description": "File object describing a file with meta-information",
"meta-category": "file",
"name": "file",
"template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215",
"template_version": "16",
"timestamp": "1575987796",
"uuid": "598a154c-dcd5-43d5-b2c3-1f5cbf1c4c1d",
"Attribute": [
{
"category": "Payload delivery",
"comment": "",
"deleted": false,
"disable_correlation": true,
"object_relation": "filename",
"timestamp": "1575987797",
"to_ids": true,
"type": "filename",
"uuid": "58d18dad-7b60-49ca-99c0-1a0c3aadabfd",
"value": "payload"
},
{
"category": "Payload delivery",
"comment": "",
"deleted": false,
"disable_correlation": false,
"object_relation": "sha1",
"timestamp": "1575987797",
"to_ids": true,
"type": "sha1",
"uuid": "0cc006f2-0fbd-4b61-9c21-b67c4ffe54c7",
"value": "e01c7793450e8b140fa13f88901fe041ea34be38"
},
{
"category": "Other",
"comment": "",
"deleted": false,
"disable_correlation": true,
"object_relation": "path",
"timestamp": "1575987797",
"to_ids": false,
"type": "text",
"uuid": "6897e0b7-3b25-4a52-8b73-5c1fc004cfa4",
"value": "instapi64.dll-output/"
},
{
"category": "Other",
"comment": "",
"deleted": false,
"disable_correlation": false,
"object_relation": "fullpath",
"timestamp": "1575987797",
"to_ids": false,
"type": "text",
"uuid": "55b1321d-f11c-476c-9fa6-9c0368b0a294",
"value": "instapi64.dll-output/payload"
},
{
"category": "Other",
"comment": "",
"deleted": false,
"disable_correlation": true,
"object_relation": "text",
"timestamp": "1575987797",
"to_ids": false,
"type": "text",
"uuid": "3405ab81-a1a1-401a-a25e-193153abdc55",
"value": "variante-C/"
}
]
},
{
"comment": "",
"deleted": false,
"description": "File object describing a file with meta-information",
"meta-category": "file",
"name": "file",
"template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215",
"template_version": "16",
"timestamp": "1575987797",
"uuid": "a1bda197-5c10-413b-ab26-edeee972ded8",
"Attribute": [
{
"category": "Payload delivery",
"comment": "",
"deleted": false,
"disable_correlation": true,
"object_relation": "filename",
"timestamp": "1575987797",
"to_ids": true,
"type": "filename",
"uuid": "0c080201-50e5-46df-9e3b-bd8842ebdb33",
"value": "instapi64.dll"
},
{
"category": "Payload delivery",
"comment": "",
"deleted": false,
"disable_correlation": false,
"object_relation": "sha1",
"timestamp": "1575987797",
"to_ids": true,
"type": "sha1",
"uuid": "e38290eb-2b9f-4957-a7ea-2cd9dfa8058b",
"value": "8821beab255d943185c114c58f1996b40d5e1368"
},
{
"category": "Other",
"comment": "",
"deleted": false,
"disable_correlation": true,
"object_relation": "path",
"timestamp": "1575987797",
"to_ids": false,
"type": "text",
"uuid": "f134a09a-e17b-44f4-8bee-c0a8943050fe",
"value": "instapi64.dll/"
},
{
"category": "Other",
"comment": "",
"deleted": false,
"disable_correlation": false,
"object_relation": "fullpath",
"timestamp": "1575987797",
"to_ids": false,
"type": "text",
"uuid": "c7f12e33-6ede-4845-b172-0f41f82cdeb0",
"value": "instapi64.dll"
},
{
"category": "Other",
"comment": "",
"deleted": false,
"disable_correlation": true,
"object_relation": "text",
"timestamp": "1575987797",
"to_ids": false,
"type": "text",
"uuid": "2caa64f7-e3bd-4b19-8c79-be15e9d4ff38",
"value": "variante-C/"
}
]
},
{
"comment": "",
"deleted": false,
"description": "File object describing a file with meta-information",
"meta-category": "file",
"name": "file",
"template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215",
"template_version": "16",
"timestamp": "1575987798",
"uuid": "775b5784-ad3b-424e-b2af-7d89a1f81050",
"Attribute": [
{
"category": "Payload delivery",
"comment": "",
"deleted": false,
"disable_correlation": true,
"object_relation": "filename",
"timestamp": "1575987798",
"to_ids": true,
"type": "filename",
"uuid": "5dbe5ee0-0670-4396-a861-bfa1913d3910",
"value": "driver1.sys"
},
{
"category": "Payload delivery",
"comment": "",
"deleted": false,
"disable_correlation": false,
"object_relation": "sha1",
"timestamp": "1575987798",
"to_ids": true,
"type": "sha1",
"uuid": "654b4216-502f-4283-a0e7-d86a08c24c59",
"value": "74cace25311ac0abead7bd94e039ef080e550328"
},
{
"category": "Other",
"comment": "",
"deleted": false,
"disable_correlation": true,
"object_relation": "path",
"timestamp": "1575987798",
"to_ids": false,
"type": "text",
"uuid": "5eb1bffc-d3d4-417b-bdb5-ad2c59025daf",
"value": "payload-output/"
},
{
"category": "Other",
"comment": "",
"deleted": false,
"disable_correlation": false,
"object_relation": "fullpath",
"timestamp": "1575987798",
"to_ids": false,
"type": "text",
"uuid": "a48b5dec-83e6-4ec1-9adb-78f4ae677ac5",
"value": "payload-output/driver1.sys"
},
{
"category": "Other",
"comment": "",
"deleted": false,
"disable_correlation": true,
"object_relation": "text",
"timestamp": "1575987798",
"to_ids": false,
"type": "text",
"uuid": "f35b1da7-0566-429a-8fff-4f949772bcce",
"value": "variante-CR/"
}
]
},
{
"comment": "",
"deleted": false,
"description": "File object describing a file with meta-information",
"meta-category": "file",
"name": "file",
"template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215",
"template_version": "16",
"timestamp": "1575987798",
"uuid": "9db8e7fb-7fb4-45c8-89e4-a3a0c6abd021",
"Attribute": [
{
"category": "Payload delivery",
"comment": "",
"deleted": false,
"disable_correlation": true,
"object_relation": "filename",
"timestamp": "1575987798",
"to_ids": true,
"type": "filename",
"uuid": "d135602f-0ff0-4206-bac4-b5c2455a1190",
"value": "driver2.sys"
},
{
"category": "Payload delivery",
"comment": "",
"deleted": false,
"disable_correlation": false,
"object_relation": "sha1",
"timestamp": "1575987798",
"to_ids": true,
"type": "sha1",
"uuid": "5fa7d7de-a571-4e3d-b3d0-1a413777d3a1",
"value": "c539ca5aa16de324551c913b61d22652e66de93f"
},
{
"category": "Other",
"comment": "",
"deleted": false,
"disable_correlation": true,
"object_relation": "path",
"timestamp": "1575987799",
"to_ids": false,
"type": "text",
"uuid": "9a009eb2-e751-443a-8a96-bfe4b863e0d2",
"value": "payload-output/"
},
{
"category": "Other",
"comment": "",
"deleted": false,
"disable_correlation": false,
"object_relation": "fullpath",
"timestamp": "1575987799",
"to_ids": false,
"type": "text",
"uuid": "cb02330a-80cd-46f7-8984-57a1e4a37701",
"value": "payload-output/driver2.sys"
},
{
"category": "Other",
"comment": "",
"deleted": false,
"disable_correlation": true,
"object_relation": "text",
"timestamp": "1575987799",
"to_ids": false,
"type": "text",
"uuid": "c0dfb13c-1c73-4203-949a-b4c8919d869a",
"value": "variante-CR/"
}
]
},
{
"comment": "",
"deleted": false,
"description": "File object describing a file with meta-information",
"meta-category": "file",
"name": "file",
"template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215",
"template_version": "16",
"timestamp": "1575987799",
"uuid": "b4db253c-2bcf-451c-ba44-15a673a3a3c4",
"Attribute": [
{
"category": "Payload delivery",
"comment": "",
"deleted": false,
"disable_correlation": true,
"object_relation": "filename",
"timestamp": "1575987799",
"to_ids": true,
"type": "filename",
"uuid": "04ec2ce7-efc9-40f3-944d-75416c3dc7ea",
"value": "payload.dll"
},
{
"category": "Payload delivery",
"comment": "",
"deleted": false,
"disable_correlation": false,
"object_relation": "sha1",
"timestamp": "1575987799",
"to_ids": true,
"type": "sha1",
"uuid": "cdec202a-0b53-4765-bc16-d1985b2bc6ca",
"value": "595392a8c3eb723bdca1885db2598fea1fa2b516"
},
{
"category": "Other",
"comment": "",
"deleted": false,
"disable_correlation": true,
"object_relation": "path",
"timestamp": "1575987799",
"to_ids": false,
"type": "text",
"uuid": "8270bebc-18dd-4d00-88ff-3683dfa9c286",
"value": "payload-output/"
},
{
"category": "Other",
"comment": "",
"deleted": false,
"disable_correlation": false,
"object_relation": "fullpath",
"timestamp": "1575987799",
"to_ids": false,
"type": "text",
"uuid": "bcaf59b5-b1d5-463e-8531-b620a2d54832",
"value": "payload-output/payload.dll"
},
{
"category": "Other",
"comment": "",
"deleted": false,
"disable_correlation": true,
"object_relation": "text",
"timestamp": "1575987799",
"to_ids": false,
"type": "text",
"uuid": "5147f676-898a-4a31-878b-7dded92d2ea3",
"value": "variante-CR/"
}
]
},
{
"comment": "",
"deleted": false,
"description": "File object describing a file with meta-information",
"meta-category": "file",
"name": "file",
"template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215",
"template_version": "16",
"timestamp": "1575987800",
"uuid": "cde94a42-8107-4e34-af08-ec8294eceea5",
"Attribute": [
{
"category": "Payload delivery",
"comment": "",
"deleted": false,
"disable_correlation": true,
"object_relation": "filename",
"timestamp": "1575987801",
"to_ids": true,
"type": "filename",
"uuid": "57a7ab88-bae2-4bd1-a76d-13619afeb20e",
"value": "payload"
},
{
"category": "Payload delivery",
"comment": "",
"deleted": false,
"disable_correlation": false,
"object_relation": "sha1",
"timestamp": "1575987801",
"to_ids": true,
"type": "sha1",
"uuid": "374422b9-e790-4564-b91f-1623599642d3",
"value": "48f2da6aeaef0cc342ea4bf9ff20aa8bfcde9872"
},
{
"category": "Other",
"comment": "",
"deleted": false,
"disable_correlation": true,
"object_relation": "path",
"timestamp": "1575987801",
"to_ids": false,
"type": "text",
"uuid": "d9a9e410-dbb7-4b48-a45f-5645e047dcbd",
"value": "payload/"
},
{
"category": "Other",
"comment": "",
"deleted": false,
"disable_correlation": false,
"object_relation": "fullpath",
"timestamp": "1575987801",
"to_ids": false,
"type": "text",
"uuid": "2fb9caa6-f4a4-48f0-bcf0-99436299425d",
"value": "payload"
},
{
"category": "Other",
"comment": "",
"deleted": false,
"disable_correlation": true,
"object_relation": "text",
"timestamp": "1575987801",
"to_ids": false,
"type": "text",
"uuid": "52f3e211-5765-4d38-acf9-8fb6b20694a1",
"value": "variante-CR/"
}
]
},
{
"comment": "",
"deleted": false,
"description": "File object describing a file with meta-information",
"meta-category": "file",
"name": "file",
"template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215",
"template_version": "16",
"timestamp": "1575987801",
"uuid": "7f91bef0-d377-48e7-b126-6e7a5d3720ea",
"Attribute": [
{
"category": "Payload delivery",
"comment": "",
"deleted": false,
"disable_correlation": true,
"object_relation": "filename",
"timestamp": "1575987801",
"to_ids": true,
"type": "filename",
"uuid": "3c01e0b0-83de-4034-b979-34f4ab32d633",
"value": "driver1.sys"
},
{
"category": "Payload delivery",
"comment": "",
"deleted": false,
"disable_correlation": false,
"object_relation": "sha1",
"timestamp": "1575987801",
"to_ids": true,
"type": "sha1",
"uuid": "6aab8c09-098c-432d-8a8d-8b9faef94648",
"value": "74cace25311ac0abead7bd94e039ef080e550328"
},
{
"category": "Other",
"comment": "",
"deleted": false,
"disable_correlation": true,
"object_relation": "path",
"timestamp": "1575987801",
"to_ids": false,
"type": "text",
"uuid": "eecf25f7-02d8-4dbd-9025-7da7d71a9bc0",
"value": "payload-output/"
},
{
"category": "Other",
"comment": "",
"deleted": false,
"disable_correlation": false,
"object_relation": "fullpath",
"timestamp": "1575987801",
"to_ids": false,
"type": "text",
"uuid": "27c91851-45dc-43ad-a923-4a28d6087ed0",
"value": "payload-output/driver1.sys"
},
{
"category": "Other",
"comment": "",
"deleted": false,
"disable_correlation": true,
"object_relation": "text",
"timestamp": "1575987801",
"to_ids": false,
"type": "text",
"uuid": "a048b3b3-dc07-425a-9e31-700c7dc66a70",
"value": "variante-CRS/"
}
]
},
{
"comment": "",
"deleted": false,
"description": "File object describing a file with meta-information",
"meta-category": "file",
"name": "file",
"template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215",
"template_version": "16",
"timestamp": "1575987801",
"uuid": "991c177a-7a0f-4926-95f6-4ac179a5a295",
"Attribute": [
{
"category": "Payload delivery",
"comment": "",
"deleted": false,
"disable_correlation": true,
"object_relation": "filename",
"timestamp": "1575987802",
"to_ids": true,
"type": "filename",
"uuid": "74bbbab0-d5b9-4408-8541-68d781935dc6",
"value": "driver2.sys"
},
{
"category": "Payload delivery",
"comment": "",
"deleted": false,
"disable_correlation": false,
"object_relation": "sha1",
"timestamp": "1575987802",
"to_ids": true,
"type": "sha1",
"uuid": "20aaeac2-e8f8-43e2-8242-7aca18ce3c58",
"value": "174101153536112422c594f6c3038aa47f3fd14e"
},
{
"category": "Other",
"comment": "",
"deleted": false,
"disable_correlation": true,
"object_relation": "path",
"timestamp": "1575987802",
"to_ids": false,
"type": "text",
"uuid": "d89b05d1-3803-4dc3-9709-e5af5ecb1477",
"value": "payload-output/"
},
{
"category": "Other",
"comment": "",
"deleted": false,
"disable_correlation": false,
"object_relation": "fullpath",
"timestamp": "1575987802",
"to_ids": false,
"type": "text",
"uuid": "b1a30f6c-3354-4a0d-99af-1d24e85017a7",
"value": "payload-output/driver2.sys"
},
{
"category": "Other",
"comment": "",
"deleted": false,
"disable_correlation": true,
"object_relation": "text",
"timestamp": "1575987802",
"to_ids": false,
"type": "text",
"uuid": "c7cd0d4e-0a27-493c-a564-18b159357c00",
"value": "variante-CRS/"
}
]
},
{
"comment": "",
"deleted": false,
"description": "File object describing a file with meta-information",
"meta-category": "file",
"name": "file",
"template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215",
"template_version": "16",
"timestamp": "1575987802",
"uuid": "7b7ecfce-2bd5-46ae-b601-3e9eebc90db3",
"Attribute": [
{
"category": "Payload delivery",
"comment": "",
"deleted": false,
"disable_correlation": true,
"object_relation": "filename",
"timestamp": "1575987802",
"to_ids": true,
"type": "filename",
"uuid": "a9a447c0-a487-4c14-bfa7-e16c5c80de88",
"value": "payload.dll"
},
{
"category": "Payload delivery",
"comment": "",
"deleted": false,
"disable_correlation": false,
"object_relation": "sha1",
"timestamp": "1575987802",
"to_ids": true,
"type": "sha1",
"uuid": "ca59ec8e-35e9-4855-8b73-da9f52beb34a",
"value": "3c8edeadaeb644341402d99ca8a0629368cb0125"
},
{
"category": "Other",
"comment": "",
"deleted": false,
"disable_correlation": true,
"object_relation": "path",
"timestamp": "1575987802",
"to_ids": false,
"type": "text",
"uuid": "44b1d8fe-75d8-4a89-bb22-2da7161351b8",
"value": "payload-output/"
},
{
"category": "Other",
"comment": "",
"deleted": false,
"disable_correlation": false,
"object_relation": "fullpath",
"timestamp": "1575987802",
"to_ids": false,
"type": "text",
"uuid": "5f34c9cb-b948-422d-b3fd-de6cb78702b0",
"value": "payload-output/payload.dll"
},
{
"category": "Other",
"comment": "",
"deleted": false,
"disable_correlation": true,
"object_relation": "text",
"timestamp": "1575987802",
"to_ids": false,
"type": "text",
"uuid": "bd68fd96-3afd-410a-beda-72995ea890ae",
"value": "variante-CRS/"
}
]
},
{
"comment": "",
"deleted": false,
"description": "File object describing a file with meta-information",
"meta-category": "file",
"name": "file",
"template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215",
"template_version": "16",
"timestamp": "1575987803",
"uuid": "25f6a294-0dd2-4b0b-a3af-416e51364afd",
"Attribute": [
{
"category": "Payload delivery",
"comment": "",
"deleted": false,
"disable_correlation": true,
"object_relation": "filename",
"timestamp": "1575987803",
"to_ids": true,
"type": "filename",
"uuid": "8a92fabd-e779-4000-8862-bfadfbaafbe9",
"value": "payload"
},
{
"category": "Payload delivery",
"comment": "",
"deleted": false,
"disable_correlation": false,
"object_relation": "sha1",
"timestamp": "1575987803",
"to_ids": true,
"type": "sha1",
"uuid": "46b49236-94c0-42f0-befb-daf69988dd89",
"value": "7cfe9d75b3f7bb31a6d0c86da7a43f4bb9bdc7bd"
},
{
"category": "Other",
"comment": "",
"deleted": false,
"disable_correlation": true,
"object_relation": "path",
"timestamp": "1575987803",
"to_ids": false,
"type": "text",
"uuid": "b004c998-638f-4e5f-8b54-b2d8247214ef",
"value": "payload/"
},
{
"category": "Other",
"comment": "",
"deleted": false,
"disable_correlation": false,
"object_relation": "fullpath",
"timestamp": "1575987803",
"to_ids": false,
"type": "text",
"uuid": "e849ecd2-5ef6-4250-8e0c-bad265c62976",
"value": "payload"
},
{
"category": "Other",
"comment": "",
"deleted": false,
"disable_correlation": true,
"object_relation": "text",
"timestamp": "1575987803",
"to_ids": false,
"type": "text",
"uuid": "d6b33df9-ecdb-42c5-8b67-c798f544ce0d",
"value": "variante-CRS/"
}
]
},
{
"comment": "",
"deleted": false,
"description": "File object describing a file with meta-information",
"meta-category": "file",
"name": "file",
"template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215",
"template_version": "16",
"timestamp": "1575987803",
"uuid": "3f909ac6-2c3b-46a9-be2c-94af99524de4",
"Attribute": [
{
"category": "Payload delivery",
"comment": "",
"deleted": false,
"disable_correlation": true,
"object_relation": "filename",
"timestamp": "1575987803",
"to_ids": true,
"type": "filename",
"uuid": "513e9515-8dec-4b2d-9f95-2dbec26817f7",
"value": "driver1.sys"
},
{
"category": "Payload delivery",
"comment": "",
"deleted": false,
"disable_correlation": false,
"object_relation": "sha1",
"timestamp": "1575987803",
"to_ids": true,
"type": "sha1",
"uuid": "e912dd4a-40da-480b-995b-6aac7b4de25f",
"value": "2b319b44451abb0596b9187e06f1fb7b4ace969d"
},
{
"category": "Other",
"comment": "",
"deleted": false,
"disable_correlation": true,
"object_relation": "path",
"timestamp": "1575987803",
"to_ids": false,
"type": "text",
"uuid": "240b8cb9-dcf5-4bc3-8b10-1272c89171c6",
"value": "tsmgetst.dll-output/"
},
{
"category": "Other",
"comment": "",
"deleted": false,
"disable_correlation": false,
"object_relation": "fullpath",
"timestamp": "1575987803",
"to_ids": false,
"type": "text",
"uuid": "8cab9865-cb76-4fe3-9a13-4c24caf68632",
"value": "tsmgetst.dll-output/driver1.sys"
},
{
"category": "Other",
"comment": "",
"deleted": false,
"disable_correlation": true,
"object_relation": "text",
"timestamp": "1575987803",
"to_ids": false,
"type": "text",
"uuid": "bb8e05bc-72e4-4b25-a2c8-cbf5de8259ba",
"value": "variante-D/"
}
]
},
{
"comment": "",
"deleted": false,
"description": "File object describing a file with meta-information",
"meta-category": "file",
"name": "file",
"template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215",
"template_version": "16",
"timestamp": "1575987804",
"uuid": "d470790a-b3bf-4ced-94f7-ca7401ddc629",
"Attribute": [
{
"category": "Payload delivery",
"comment": "",
"deleted": false,
"disable_correlation": true,
"object_relation": "filename",
"timestamp": "1575987804",
"to_ids": true,
"type": "filename",
"uuid": "7b3343b8-77ab-411a-b5dc-6256756be56a",
"value": "driver2.sys"
},
{
"category": "Payload delivery",
"comment": "",
"deleted": false,
"disable_correlation": false,
"object_relation": "sha1",
"timestamp": "1575987804",
"to_ids": true,
"type": "sha1",
"uuid": "5db818ab-2ea6-4293-a18c-fc96910337d9",
"value": "30d1dd1dd4f0ace7a4f2c24e31fb6a0ee33e8a3a"
},
{
"category": "Other",
"comment": "",
"deleted": false,
"disable_correlation": true,
"object_relation": "path",
"timestamp": "1575987804",
"to_ids": false,
"type": "text",
"uuid": "c428d855-0b2c-4222-bd6d-a4eb670025cb",
"value": "tsmgetst.dll-output/"
},
{
"category": "Other",
"comment": "",
"deleted": false,
"disable_correlation": false,
"object_relation": "fullpath",
"timestamp": "1575987804",
"to_ids": false,
"type": "text",
"uuid": "341ed724-7bf8-4e15-aa3d-2572528a6e45",
"value": "tsmgetst.dll-output/driver2.sys"
},
{
"category": "Other",
"comment": "",
"deleted": false,
"disable_correlation": true,
"object_relation": "text",
"timestamp": "1575987804",
"to_ids": false,
"type": "text",
"uuid": "27dde819-5ec0-4561-9b66-4da3cb8d8885",
"value": "variante-D/"
}
]
},
{
"comment": "",
"deleted": false,
"description": "File object describing a file with meta-information",
"meta-category": "file",
"name": "file",
"template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215",
"template_version": "16",
"timestamp": "1575987805",
"uuid": "fcda7810-080c-47f0-9216-a7cf669e4396",
"Attribute": [
{
"category": "Payload delivery",
"comment": "",
"deleted": false,
"disable_correlation": true,
"object_relation": "filename",
"timestamp": "1575987805",
"to_ids": true,
"type": "filename",
"uuid": "68b66cb2-10c6-4da1-80cf-121f59dd9b22",
"value": "dsefix.exe"
},
{
"category": "Payload delivery",
"comment": "",
"deleted": false,
"disable_correlation": false,
"object_relation": "sha1",
"timestamp": "1575987805",
"to_ids": true,
"type": "sha1",
"uuid": "a87ba6fd-ae07-4e32-bb89-730e23b64675",
"value": "2bc358ddc72f59ba0373b8635ab08ad747c12180"
},
{
"category": "Other",
"comment": "",
"deleted": false,
"disable_correlation": true,
"object_relation": "path",
"timestamp": "1575987805",
"to_ids": false,
"type": "text",
"uuid": "b262f99d-7a61-48f0-b23e-1f2a0b367eff",
"value": "tsmgetst.dll-output/"
},
{
"category": "Other",
"comment": "",
"deleted": false,
"disable_correlation": false,
"object_relation": "fullpath",
"timestamp": "1575987805",
"to_ids": false,
"type": "text",
"uuid": "eb26faf5-0ba0-4fcf-8601-540a07baa366",
"value": "tsmgetst.dll-output/dsefix.exe"
},
{
"category": "Other",
"comment": "",
"deleted": false,
"disable_correlation": true,
"object_relation": "text",
"timestamp": "1575987805",
"to_ids": false,
"type": "text",
"uuid": "b770136e-de79-4483-8a6c-b3bfa7b151d3",
"value": "variante-D/"
}
]
},
{
"comment": "",
"deleted": false,
"description": "File object describing a file with meta-information",
"meta-category": "file",
"name": "file",
"template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215",
"template_version": "16",
"timestamp": "1575987805",
"uuid": "06d8a210-3a92-47eb-8fd2-0147b7281d7f",
"Attribute": [
{
"category": "Payload delivery",
"comment": "",
"deleted": false,
"disable_correlation": true,
"object_relation": "filename",
"timestamp": "1575987805",
"to_ids": true,
"type": "filename",
"uuid": "1b0fbe66-70e0-4486-ab08-78459230ec33",
"value": "payload.dll"
},
{
"category": "Payload delivery",
"comment": "",
"deleted": false,
"disable_correlation": false,
"object_relation": "sha1",
"timestamp": "1575987805",
"to_ids": true,
"type": "sha1",
"uuid": "8a2ed718-4eec-49cd-86ea-cd34dfb07c0b",
"value": "df7732ce1a393c59889ae61321e7da3d3f1a1980"
},
{
"category": "Other",
"comment": "",
"deleted": false,
"disable_correlation": true,
"object_relation": "path",
"timestamp": "1575987805",
"to_ids": false,
"type": "text",
"uuid": "54c444b6-a079-4bde-bd73-b505634f6f12",
"value": "tsmgetst.dll-output/"
},
{
"category": "Other",
"comment": "",
"deleted": false,
"disable_correlation": false,
"object_relation": "fullpath",
"timestamp": "1575987805",
"to_ids": false,
"type": "text",
"uuid": "07b36798-7d26-4d17-9eeb-09d483350068",
"value": "tsmgetst.dll-output/payload.dll"
},
{
"category": "Other",
"comment": "",
"deleted": false,
"disable_correlation": true,
"object_relation": "text",
"timestamp": "1575987805",
"to_ids": false,
"type": "text",
"uuid": "94aaadc0-7546-426d-8b6a-6e9dcc444cda",
"value": "variante-D/"
}
]
},
{
"comment": "",
"deleted": false,
"description": "File object describing a file with meta-information",
"meta-category": "file",
"name": "file",
"template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215",
"template_version": "16",
"timestamp": "1575987806",
"uuid": "9a724f07-1f2b-48bb-bb25-32dfe637569b",
"Attribute": [
{
"category": "Payload delivery",
"comment": "",
"deleted": false,
"disable_correlation": true,
"object_relation": "filename",
"timestamp": "1575987806",
"to_ids": true,
"type": "filename",
"uuid": "6d7fff32-8485-4d6d-a9d0-1384a4b462a9",
"value": "payload"
},
{
"category": "Payload delivery",
"comment": "",
"deleted": false,
"disable_correlation": false,
"object_relation": "sha1",
"timestamp": "1575987806",
"to_ids": true,
"type": "sha1",
"uuid": "c15275e5-91d3-4ce7-a472-655f1b75ad71",
"value": "aaa6eeaf422b5a8451121513c66c6bd7cb3b9da3"
},
{
"category": "Other",
"comment": "",
"deleted": false,
"disable_correlation": true,
"object_relation": "path",
"timestamp": "1575987806",
"to_ids": false,
"type": "text",
"uuid": "0bb7ebd3-4ec0-48fc-a1c1-99aac9c256ee",
"value": "tsmgetst.dll-output/"
},
{
"category": "Other",
"comment": "",
"deleted": false,
"disable_correlation": false,
"object_relation": "fullpath",
"timestamp": "1575987806",
"to_ids": false,
"type": "text",
"uuid": "9ce2d46a-e8bd-4c65-97ad-a0c2e6161f44",
"value": "tsmgetst.dll-output/payload"
},
{
"category": "Other",
"comment": "",
"deleted": false,
"disable_correlation": true,
"object_relation": "text",
"timestamp": "1575987806",
"to_ids": false,
"type": "text",
"uuid": "2f930862-332c-46e8-9a43-979246b13f31",
"value": "variante-D/"
}
]
},
{
"comment": "",
"deleted": false,
"description": "File object describing a file with meta-information",
"meta-category": "file",
"name": "file",
"template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215",
"template_version": "16",
"timestamp": "1575987806",
"uuid": "dbd342d8-a43b-4f22-8be9-921186cdbf83",
"Attribute": [
{
"category": "Payload delivery",
"comment": "",
"deleted": false,
"disable_correlation": true,
"object_relation": "filename",
"timestamp": "1575987807",
"to_ids": true,
"type": "filename",
"uuid": "5c47f000-fea1-4523-be53-378bb16084ab",
"value": "tsmgetst.dll"
},
{
"category": "Payload delivery",
"comment": "",
"deleted": false,
"disable_correlation": false,
"object_relation": "sha1",
"timestamp": "1575987807",
"to_ids": true,
"type": "sha1",
"uuid": "c225a035-92a1-4325-9062-07cf1e50c6b4",
"value": "ffce6895a5bcade8631676ac67c1f919505d4f19"
},
{
"category": "Other",
"comment": "",
"deleted": false,
"disable_correlation": true,
"object_relation": "path",
"timestamp": "1575987807",
"to_ids": false,
"type": "text",
"uuid": "2dd1d2e5-45ac-4e65-9a4c-845e9dd209fd",
"value": "tsmgetst.dll/"
},
{
"category": "Other",
"comment": "",
"deleted": false,
"disable_correlation": false,
"object_relation": "fullpath",
"timestamp": "1575987807",
"to_ids": false,
"type": "text",
"uuid": "51e3d818-4659-4b58-bce2-67fce22bf4da",
"value": "tsmgetst.dll"
},
{
"category": "Other",
"comment": "",
"deleted": false,
"disable_correlation": true,
"object_relation": "text",
"timestamp": "1575987807",
"to_ids": false,
"type": "text",
"uuid": "a8f74a53-e97d-4430-a14f-7d4f204f047d",
"value": "variante-D/"
}
]
},
{
"comment": "",
"deleted": false,
"description": "File object describing a file with meta-information",
"meta-category": "file",
"name": "file",
"template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215",
"template_version": "16",
"timestamp": "1575987807",
"uuid": "67abe83f-ef66-40d7-90e7-90ffe1513e52",
"Attribute": [
{
"category": "Payload delivery",
"comment": "",
"deleted": false,
"disable_correlation": true,
"object_relation": "filename",
"timestamp": "1575987807",
"to_ids": true,
"type": "filename",
"uuid": "ca98aadf-df58-4603-84c2-fe9704b16c3e",
"value": "decrypted_strings.txt"
},
{
"category": "Payload delivery",
"comment": "",
"deleted": false,
"disable_correlation": false,
"object_relation": "sha1",
"timestamp": "1575987807",
"to_ids": true,
"type": "sha1",
"uuid": "0e52f205-4c49-4413-b1c9-283f99733edc",
"value": "3b1f3ed2eeb746733b3c2bb483a481ce2d7f7cf1"
},
{
"category": "Other",
"comment": "",
"deleted": false,
"disable_correlation": true,
"object_relation": "path",
"timestamp": "1575987807",
"to_ids": false,
"type": "text",
"uuid": "961a3381-3cd7-4a35-b756-6922b7c6340d",
"value": "sigc-2.4.dll-output/"
},
{
"category": "Other",
"comment": "",
"deleted": false,
"disable_correlation": false,
"object_relation": "fullpath",
"timestamp": "1575987807",
"to_ids": false,
"type": "text",
"uuid": "117e3ffe-d774-4c8c-9cdd-97c87ef81b75",
"value": "sigc-2.4.dll-output/decrypted_strings.txt"
},
{
"category": "Other",
"comment": "",
"deleted": false,
"disable_correlation": true,
"object_relation": "text",
"timestamp": "1575987807",
"to_ids": false,
"type": "text",
"uuid": "5b004ccc-22c4-4e7a-b868-8d62fb396355",
"value": "variante-E/"
}
]
},
{
"comment": "",
"deleted": false,
"description": "File object describing a file with meta-information",
"meta-category": "file",
"name": "file",
"template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215",
"template_version": "16",
"timestamp": "1575987808",
"uuid": "97a2f864-44e3-4ab4-ab05-2053d5e1ccf4",
"Attribute": [
{
"category": "Payload delivery",
"comment": "",
"deleted": false,
"disable_correlation": true,
"object_relation": "filename",
"timestamp": "1575987808",
"to_ids": true,
"type": "filename",
"uuid": "36169373-c561-471f-8485-a95f4aeab591",
"value": "driver1.sys"
},
{
"category": "Payload delivery",
"comment": "",
"deleted": false,
"disable_correlation": false,
"object_relation": "sha1",
"timestamp": "1575987808",
"to_ids": true,
"type": "sha1",
"uuid": "eedc9e87-ada9-4701-a4f6-0847025c3756",
"value": "98c32b4093ed1d7cba6fdcd7667f7ba10ba7a94c"
},
{
"category": "Other",
"comment": "",
"deleted": false,
"disable_correlation": true,
"object_relation": "path",
"timestamp": "1575987808",
"to_ids": false,
"type": "text",
"uuid": "6eae7664-da78-416e-af3c-533ea74db309",
"value": "sigc-2.4.dll-output/"
},
{
"category": "Other",
"comment": "",
"deleted": false,
"disable_correlation": false,
"object_relation": "fullpath",
"timestamp": "1575987808",
"to_ids": false,
"type": "text",
"uuid": "9155dc1c-73f0-4b7c-9198-7e9ad9a26f23",
"value": "sigc-2.4.dll-output/driver1.sys"
},
{
"category": "Other",
"comment": "",
"deleted": false,
"disable_correlation": true,
"object_relation": "text",
"timestamp": "1575987808",
"to_ids": false,
"type": "text",
"uuid": "e15e9a08-d520-4295-ac55-c71d3a766c2f",
"value": "variante-E/"
}
]
},
{
"comment": "",
"deleted": false,
"description": "File object describing a file with meta-information",
"meta-category": "file",
"name": "file",
"template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215",
"template_version": "16",
"timestamp": "1575987808",
"uuid": "3b43ab98-c605-43ec-8951-c456fa02c3bf",
"Attribute": [
{
"category": "Payload delivery",
"comment": "",
"deleted": false,
"disable_correlation": true,
"object_relation": "filename",
"timestamp": "1575987808",
"to_ids": true,
"type": "filename",
"uuid": "a82cbb8f-6f59-49ab-8be3-7246ba3f7b9a",
"value": "driver2.sys"
},
{
"category": "Payload delivery",
"comment": "",
"deleted": false,
"disable_correlation": false,
"object_relation": "sha1",
"timestamp": "1575987808",
"to_ids": true,
"type": "sha1",
"uuid": "2d2cdd3c-93a8-402c-8023-1c4563fc80f9",
"value": "ca00eafde42f1456de01140556d8c3002866cc74"
},
{
"category": "Other",
"comment": "",
"deleted": false,
"disable_correlation": true,
"object_relation": "path",
"timestamp": "1575987809",
"to_ids": false,
"type": "text",
"uuid": "2eb6848b-de23-4f81-b722-6e0502d4e21d",
"value": "sigc-2.4.dll-output/"
},
{
"category": "Other",
"comment": "",
"deleted": false,
"disable_correlation": false,
"object_relation": "fullpath",
"timestamp": "1575987809",
"to_ids": false,
"type": "text",
"uuid": "be106e96-9202-4381-bc09-c479d3e82830",
"value": "sigc-2.4.dll-output/driver2.sys"
},
{
"category": "Other",
"comment": "",
"deleted": false,
"disable_correlation": true,
"object_relation": "text",
"timestamp": "1575987809",
"to_ids": false,
"type": "text",
"uuid": "f59ce2c1-3a53-4507-bc58-091b0887cbc6",
"value": "variante-E/"
}
]
},
{
"comment": "",
"deleted": false,
"description": "File object describing a file with meta-information",
"meta-category": "file",
"name": "file",
"template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215",
"template_version": "16",
"timestamp": "1575987809",
"uuid": "0db0c06d-d056-44c1-84e0-e3e6e13ce850",
"Attribute": [
{
"category": "Payload delivery",
"comment": "",
"deleted": false,
"disable_correlation": true,
"object_relation": "filename",
"timestamp": "1575987809",
"to_ids": true,
"type": "filename",
"uuid": "1144ce0d-d79e-4762-8d1a-824ea6f43dbe",
"value": "payload.dll"
},
{
"category": "Payload delivery",
"comment": "",
"deleted": false,
"disable_correlation": false,
"object_relation": "sha1",
"timestamp": "1575987809",
"to_ids": true,
"type": "sha1",
"uuid": "2af0e9d2-e16e-40a5-9c81-d9b4ad452583",
"value": "54f7d7c145bbae0979ad0b42689a9008ab3d3883"
},
{
"category": "Other",
"comment": "",
"deleted": false,
"disable_correlation": true,
"object_relation": "path",
"timestamp": "1575987809",
"to_ids": false,
"type": "text",
"uuid": "dbef5c15-a413-4529-93ad-a8bf6a43a076",
"value": "sigc-2.4.dll-output/"
},
{
"category": "Other",
"comment": "",
"deleted": false,
"disable_correlation": false,
"object_relation": "fullpath",
"timestamp": "1575987809",
"to_ids": false,
"type": "text",
"uuid": "b228e372-5282-4b98-8780-b86269cf7b43",
"value": "sigc-2.4.dll-output/payload.dll"
},
{
"category": "Other",
"comment": "",
"deleted": false,
"disable_correlation": true,
"object_relation": "text",
"timestamp": "1575987809",
"to_ids": false,
"type": "text",
"uuid": "e0541166-1031-4798-8d98-66aff6d322af",
"value": "variante-E/"
}
]
},
{
"comment": "",
"deleted": false,
"description": "File object describing a file with meta-information",
"meta-category": "file",
"name": "file",
"template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215",
"template_version": "16",
"timestamp": "1575987809",
"uuid": "ba639956-fe15-45ce-a72c-666cb163e56e",
"Attribute": [
{
"category": "Payload delivery",
"comment": "",
"deleted": false,
"disable_correlation": true,
"object_relation": "filename",
"timestamp": "1575987810",
"to_ids": true,
"type": "filename",
"uuid": "cffeddb4-cabe-42ae-8581-c62997cf882a",
"value": "payload"
},
{
"category": "Payload delivery",
"comment": "",
"deleted": false,
"disable_correlation": false,
"object_relation": "sha1",
"timestamp": "1575987810",
"to_ids": true,
"type": "sha1",
"uuid": "ea0f9d4b-4b26-4383-ae72-d315fd6f62d3",
"value": "10ceb3bd963708895c394303651dde0da315490e"
},
{
"category": "Other",
"comment": "",
"deleted": false,
"disable_correlation": true,
"object_relation": "path",
"timestamp": "1575987817",
"to_ids": false,
"type": "text",
"uuid": "8010c9d0-998c-4aef-b61d-62b31c6775d3",
"value": "sigc-2.4.dll-output/"
},
{
"category": "Other",
"comment": "",
"deleted": false,
"disable_correlation": false,
"object_relation": "fullpath",
"timestamp": "1575987817",
"to_ids": false,
"type": "text",
"uuid": "a78f8d1b-1146-45f4-a597-99bceb749b2c",
"value": "sigc-2.4.dll-output/payload"
},
{
"category": "Other",
"comment": "",
"deleted": false,
"disable_correlation": true,
"object_relation": "text",
"timestamp": "1575987817",
"to_ids": false,
"type": "text",
"uuid": "9794cd36-ec7b-4d30-abba-8dda63e86981",
"value": "variante-E/"
}
]
},
{
"comment": "",
"deleted": false,
"description": "File object describing a file with meta-information",
"meta-category": "file",
"name": "file",
"template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215",
"template_version": "16",
"timestamp": "1575987818",
"uuid": "7df5bc4b-4499-492b-9962-61ed0d12c542",
"Attribute": [
{
"category": "Payload delivery",
"comment": "",
"deleted": false,
"disable_correlation": true,
"object_relation": "filename",
"timestamp": "1575987818",
"to_ids": true,
"type": "filename",
"uuid": "0ea7778f-94c4-47e7-89b4-16a45f7880a7",
"value": "ShutDownEvent.dll"
},
{
"category": "Payload delivery",
"comment": "",
"deleted": false,
"disable_correlation": false,
"object_relation": "sha1",
"timestamp": "1575987818",
"to_ids": true,
"type": "sha1",
"uuid": "6e0c47e6-dc98-4f6d-80a7-230e9d550a5a",
"value": "11d6619900369643ebe6c0bbf6a28178cfa620bd"
},
{
"category": "Other",
"comment": "",
"deleted": false,
"disable_correlation": true,
"object_relation": "path",
"timestamp": "1575987818",
"to_ids": false,
"type": "text",
"uuid": "3d938816-d4b9-4dab-ac77-041ac532fc09",
"value": "sigc-2.4.dll-output/"
},
{
"category": "Other",
"comment": "",
"deleted": false,
"disable_correlation": false,
"object_relation": "fullpath",
"timestamp": "1575987818",
"to_ids": false,
"type": "text",
"uuid": "c416ee09-bd5a-4b9f-9e9f-d479c7af5e4c",
"value": "sigc-2.4.dll-output/ShutDownEvent.dll"
},
{
"category": "Other",
"comment": "",
"deleted": false,
"disable_correlation": true,
"object_relation": "text",
"timestamp": "1575987818",
"to_ids": false,
"type": "text",
"uuid": "c07eceb6-388d-479f-8993-07f1077b984f",
"value": "variante-E/"
}
]
},
{
"comment": "",
"deleted": false,
"description": "File object describing a file with meta-information",
"meta-category": "file",
"name": "file",
"template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215",
"template_version": "16",
"timestamp": "1575987818",
"uuid": "08a0fa08-4b39-4c16-8574-bdb7d3e91283",
"Attribute": [
{
"category": "Payload delivery",
"comment": "",
"deleted": false,
"disable_correlation": true,
"object_relation": "filename",
"timestamp": "1575987818",
"to_ids": true,
"type": "filename",
"uuid": "5445e872-6a2b-4594-8c10-fafe88e7166d",
"value": "ShutDownEvent"
},
{
"category": "Payload delivery",
"comment": "",
"deleted": false,
"disable_correlation": false,
"object_relation": "sha1",
"timestamp": "1575987818",
"to_ids": true,
"type": "sha1",
"uuid": "bf1a8601-3a2b-4795-8127-925b9b59e3d0",
"value": "3efae65475cb1f6a34e11e012c53dac0412674d4"
},
{
"category": "Other",
"comment": "",
"deleted": false,
"disable_correlation": true,
"object_relation": "path",
"timestamp": "1575987818",
"to_ids": false,
"type": "text",
"uuid": "98bbc810-1c7b-44bb-ba15-b7c79ec777f6",
"value": "sigc-2.4.dll-output/"
},
{
"category": "Other",
"comment": "",
"deleted": false,
"disable_correlation": false,
"object_relation": "fullpath",
"timestamp": "1575987818",
"to_ids": false,
"type": "text",
"uuid": "392f9238-40d7-4a93-8828-e59331d21ba8",
"value": "sigc-2.4.dll-output/ShutDownEvent"
},
{
"category": "Other",
"comment": "",
"deleted": false,
"disable_correlation": true,
"object_relation": "text",
"timestamp": "1575987819",
"to_ids": false,
"type": "text",
"uuid": "ed049484-6d1b-48c6-bf2a-4d8aed5b098a",
"value": "variante-E/"
}
]
},
{
"comment": "",
"deleted": false,
"description": "File object describing a file with meta-information",
"meta-category": "file",
"name": "file",
"template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215",
"template_version": "16",
"timestamp": "1575987819",
"uuid": "48852a64-fa9d-4d5c-a7f1-45699a8882a2",
"Attribute": [
{
"category": "Payload delivery",
"comment": "",
"deleted": false,
"disable_correlation": true,
"object_relation": "filename",
"timestamp": "1575987819",
"to_ids": true,
"type": "filename",
"uuid": "de9ad445-a999-4904-9b6e-fbd0ace23499",
"value": "start_function.bin"
},
{
"category": "Payload delivery",
"comment": "",
"deleted": false,
"disable_correlation": false,
"object_relation": "sha1",
"timestamp": "1575987819",
"to_ids": true,
"type": "sha1",
"uuid": "25c6969f-62d4-4a24-8397-a03c6730ae36",
"value": "ee2a177f2e2ae8679b28caa8aba222d3fd80cdbb"
},
{
"category": "Other",
"comment": "",
"deleted": false,
"disable_correlation": true,
"object_relation": "path",
"timestamp": "1575987819",
"to_ids": false,
"type": "text",
"uuid": "c4d60f34-0e67-4b39-9e95-1cbe4de44bb5",
"value": "sigc-2.4.dll-output/"
},
{
"category": "Other",
"comment": "",
"deleted": false,
"disable_correlation": false,
"object_relation": "fullpath",
"timestamp": "1575987819",
"to_ids": false,
"type": "text",
"uuid": "eb174491-f504-46ad-9670-211fdfe67332",
"value": "sigc-2.4.dll-output/start_function.bin"
},
{
"category": "Other",
"comment": "",
"deleted": false,
"disable_correlation": true,
"object_relation": "text",
"timestamp": "1575987819",
"to_ids": false,
"type": "text",
"uuid": "bbef6d4a-8ca8-4cff-b157-d46daa696505",
"value": "variante-E/"
}
]
},
{
"comment": "",
"deleted": false,
"description": "File object describing a file with meta-information",
"meta-category": "file",
"name": "file",
"template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215",
"template_version": "16",
"timestamp": "1575987819",
"uuid": "fdca2f4c-bd45-4336-9e95-794b4a0526a8",
"Attribute": [
{
"category": "Payload delivery",
"comment": "",
"deleted": false,
"disable_correlation": true,
"object_relation": "filename",
"timestamp": "1575987820",
"to_ids": true,
"type": "filename",
"uuid": "6c5d27d9-0e28-4b2d-a05e-4d85fe3488b9",
"value": "sysmon-implant.dll"
},
{
"category": "Payload delivery",
"comment": "",
"deleted": false,
"disable_correlation": false,
"object_relation": "sha1",
"timestamp": "1575987820",
"to_ids": true,
"type": "sha1",
"uuid": "4bcf6b6e-046e-49ee-a225-a87ce3d71847",
"value": "045e728362773c358b07e416d3cd3e66af71549c"
},
{
"category": "Other",
"comment": "",
"deleted": false,
"disable_correlation": true,
"object_relation": "path",
"timestamp": "1575987820",
"to_ids": false,
"type": "text",
"uuid": "53646f4b-8d29-44c4-8cf9-38e3d034615d",
"value": "sigc-2.4.dll-output/"
},
{
"category": "Other",
"comment": "",
"deleted": false,
"disable_correlation": false,
"object_relation": "fullpath",
"timestamp": "1575987820",
"to_ids": false,
"type": "text",
"uuid": "9a04fd56-ec5b-4ade-90fc-824dc38b33f2",
"value": "sigc-2.4.dll-output/sysmon-implant.dll"
},
{
"category": "Other",
"comment": "",
"deleted": false,
"disable_correlation": true,
"object_relation": "text",
"timestamp": "1575987820",
"to_ids": false,
"type": "text",
"uuid": "90fc3e3e-a29b-4a5b-9f7f-955e75bb2235",
"value": "variante-E/"
}
]
},
{
"comment": "",
"deleted": false,
"description": "File object describing a file with meta-information",
"meta-category": "file",
"name": "file",
"template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215",
"template_version": "16",
"timestamp": "1575987820",
"uuid": "997205fd-5ead-4a86-aba6-f2e99ddfce0b",
"Attribute": [
{
"category": "Payload delivery",
"comment": "",
"deleted": false,
"disable_correlation": true,
"object_relation": "filename",
"timestamp": "1575987820",
"to_ids": true,
"type": "filename",
"uuid": "8ebe640a-1420-44b6-a996-e3ba65a1e0af",
"value": "sysmon-implant"
},
{
"category": "Payload delivery",
"comment": "",
"deleted": false,
"disable_correlation": false,
"object_relation": "sha1",
"timestamp": "1575987820",
"to_ids": true,
"type": "sha1",
"uuid": "a53e5241-b1a7-4849-ba68-b085124d22d4",
"value": "b3f04f4e41afe17117204e0b48162886b58932ce"
},
{
"category": "Other",
"comment": "",
"deleted": false,
"disable_correlation": true,
"object_relation": "path",
"timestamp": "1575987820",
"to_ids": false,
"type": "text",
"uuid": "9ddd244d-853c-4e2a-996a-7647237088e6",
"value": "sigc-2.4.dll-output/"
},
{
"category": "Other",
"comment": "",
"deleted": false,
"disable_correlation": false,
"object_relation": "fullpath",
"timestamp": "1575987820",
"to_ids": false,
"type": "text",
"uuid": "31156b06-eb58-44ad-b85a-7ef6925b0d38",
"value": "sigc-2.4.dll-output/sysmon-implant"
},
{
"category": "Other",
"comment": "",
"deleted": false,
"disable_correlation": true,
"object_relation": "text",
"timestamp": "1575987821",
"to_ids": false,
"type": "text",
"uuid": "b0821253-c7ca-4377-8880-9ad5d65ec1ec",
"value": "variante-E/"
}
]
},
{
"comment": "",
"deleted": false,
"description": "File object describing a file with meta-information",
"meta-category": "file",
"name": "file",
"template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215",
"template_version": "16",
"timestamp": "1575987821",
"uuid": "1919f62b-5793-4c0f-ae20-518c4011c9cd",
"Attribute": [
{
"category": "Payload delivery",
"comment": "",
"deleted": false,
"disable_correlation": true,
"object_relation": "filename",
"timestamp": "1575987821",
"to_ids": true,
"type": "filename",
"uuid": "c16a388b-33e9-4239-8b21-370c204d9a78",
"value": "sigc-2.4.dll"
},
{
"category": "Payload delivery",
"comment": "",
"deleted": false,
"disable_correlation": false,
"object_relation": "sha1",
"timestamp": "1575987821",
"to_ids": true,
"type": "sha1",
"uuid": "5e7bffed-87b9-4c9b-ab83-da2a8abffeb9",
"value": "c11675257b9927cabd6e5e259021070a95266566"
},
{
"category": "Other",
"comment": "",
"deleted": false,
"disable_correlation": true,
"object_relation": "path",
"timestamp": "1575987821",
"to_ids": false,
"type": "text",
"uuid": "6f35c6db-c7b6-45af-ae64-11d100b84132",
"value": "sigc-2.4.dll/"
},
{
"category": "Other",
"comment": "",
"deleted": false,
"disable_correlation": false,
"object_relation": "fullpath",
"timestamp": "1575987821",
"to_ids": false,
"type": "text",
"uuid": "31fd7be9-34b4-4daa-b2a3-7fd52868b2b8",
"value": "sigc-2.4.dll"
},
{
"category": "Other",
"comment": "",
"deleted": false,
"disable_correlation": true,
"object_relation": "text",
"timestamp": "1575987821",
"to_ids": false,
"type": "text",
"uuid": "cd4c56e2-90fc-4cca-a86f-2fdc24511887",
"value": "variante-E/"
}
]
},
{
"comment": "",
"deleted": false,
"description": "File object describing a file with meta-information",
"meta-category": "file",
"name": "file",
"template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215",
"template_version": "16",
"timestamp": "1575987822",
"uuid": "44190615-3989-4246-962b-0dcc4e5cd3c2",
"Attribute": [
{
"category": "Payload delivery",
"comment": "",
"deleted": false,
"disable_correlation": true,
"object_relation": "filename",
"timestamp": "1575987822",
"to_ids": true,
"type": "filename",
"uuid": "4a0ad29b-1c89-4461-a24f-f881dbb8962d",
"value": "decrypted_strings.txt"
},
{
"category": "Payload delivery",
"comment": "",
"deleted": false,
"disable_correlation": false,
"object_relation": "sha1",
"timestamp": "1575987822",
"to_ids": true,
"type": "sha1",
"uuid": "fc50ad18-6d07-4f2c-a0ae-2666b81259b0",
"value": "08a4fa8b98d2c7efcfcc7710586e498c34be6b3f"
},
{
"category": "Other",
"comment": "",
"deleted": false,
"disable_correlation": true,
"object_relation": "path",
"timestamp": "1575987822",
"to_ids": false,
"type": "text",
"uuid": "8c031c21-0598-473f-9fe5-5e7e8365b2ca",
"value": "glmf-2.0.dll-output/"
},
{
"category": "Other",
"comment": "",
"deleted": false,
"disable_correlation": false,
"object_relation": "fullpath",
"timestamp": "1575987822",
"to_ids": false,
"type": "text",
"uuid": "2b5661c9-f680-4fdb-9cb6-bd044694a75d",
"value": "glmf-2.0.dll-output/decrypted_strings.txt"
},
{
"category": "Other",
"comment": "",
"deleted": false,
"disable_correlation": true,
"object_relation": "text",
"timestamp": "1575987822",
"to_ids": false,
"type": "text",
"uuid": "1d0b60fc-18c5-4a6e-9dad-1abeaccd4d44",
"value": "variante-F/"
}
]
},
{
"comment": "",
"deleted": false,
"description": "File object describing a file with meta-information",
"meta-category": "file",
"name": "file",
"template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215",
"template_version": "16",
"timestamp": "1575987822",
"uuid": "32ce7962-26dc-4ae7-9159-c0e362795392",
"Attribute": [
{
"category": "Payload delivery",
"comment": "",
"deleted": false,
"disable_correlation": true,
"object_relation": "filename",
"timestamp": "1575987822",
"to_ids": true,
"type": "filename",
"uuid": "a1fa0fce-33d4-41b3-a9bc-14d5139bf9e3",
"value": "driver1.sys"
},
{
"category": "Payload delivery",
"comment": "",
"deleted": false,
"disable_correlation": false,
"object_relation": "sha1",
"timestamp": "1575987822",
"to_ids": true,
"type": "sha1",
"uuid": "82413f0b-a59d-45eb-a420-0a5aee64bb54",
"value": "894c71f4fb27aa0285797a2735b23c0aecd81d74"
},
{
"category": "Other",
"comment": "",
"deleted": false,
"disable_correlation": true,
"object_relation": "path",
"timestamp": "1575987822",
"to_ids": false,
"type": "text",
"uuid": "8a6126de-2e8d-41a1-a30b-789110e8b4a1",
"value": "glmf-2.0.dll-output/"
},
{
"category": "Other",
"comment": "",
"deleted": false,
"disable_correlation": false,
"object_relation": "fullpath",
"timestamp": "1575987822",
"to_ids": false,
"type": "text",
"uuid": "5029e60d-86f1-4cdd-aac9-1325adfc96df",
"value": "glmf-2.0.dll-output/driver1.sys"
},
{
"category": "Other",
"comment": "",
"deleted": false,
"disable_correlation": true,
"object_relation": "text",
"timestamp": "1575987822",
"to_ids": false,
"type": "text",
"uuid": "7096bfd3-227a-4ed4-b2eb-de1917508ff3",
"value": "variante-F/"
}
]
},
{
"comment": "",
"deleted": false,
"description": "File object describing a file with meta-information",
"meta-category": "file",
"name": "file",
"template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215",
"template_version": "16",
"timestamp": "1575987823",
"uuid": "c14890d7-e0e9-438c-a359-40718f2426a5",
"Attribute": [
{
"category": "Payload delivery",
"comment": "",
"deleted": false,
"disable_correlation": true,
"object_relation": "filename",
"timestamp": "1575987823",
"to_ids": true,
"type": "filename",
"uuid": "b865beed-b47a-4d9f-8b13-2eea99483d5b",
"value": "driver2.sys"
},
{
"category": "Payload delivery",
"comment": "",
"deleted": false,
"disable_correlation": false,
"object_relation": "sha1",
"timestamp": "1575987823",
"to_ids": true,
"type": "sha1",
"uuid": "bb4f8cb0-0876-40f9-930b-96f6bd9e8fe7",
"value": "1994fdc0a26198e84c9e15ae071e3f759f85cfd0"
},
{
"category": "Other",
"comment": "",
"deleted": false,
"disable_correlation": true,
"object_relation": "path",
"timestamp": "1575987823",
"to_ids": false,
"type": "text",
"uuid": "f8360dda-fea2-425f-bbf7-60bad982e067",
"value": "glmf-2.0.dll-output/"
},
{
"category": "Other",
"comment": "",
"deleted": false,
"disable_correlation": false,
"object_relation": "fullpath",
"timestamp": "1575987823",
"to_ids": false,
"type": "text",
"uuid": "fe1fa5a4-7fee-4c31-93b1-dd6eb49cd7f2",
"value": "glmf-2.0.dll-output/driver2.sys"
},
{
"category": "Other",
"comment": "",
"deleted": false,
"disable_correlation": true,
"object_relation": "text",
"timestamp": "1575987823",
"to_ids": false,
"type": "text",
"uuid": "18808305-a67e-4e27-ac2d-210e9d89b97d",
"value": "variante-F/"
}
]
},
{
"comment": "",
"deleted": false,
"description": "File object describing a file with meta-information",
"meta-category": "file",
"name": "file",
"template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215",
"template_version": "16",
"timestamp": "1575987823",
"uuid": "64707a06-5849-4739-ae9b-592b2c5d40c0",
"Attribute": [
{
"category": "Payload delivery",
"comment": "",
"deleted": false,
"disable_correlation": true,
"object_relation": "filename",
"timestamp": "1575987823",
"to_ids": true,
"type": "filename",
"uuid": "8ce318a8-e77a-4310-bdc8-e2c7d1e29b82",
"value": "payload.dll"
},
{
"category": "Payload delivery",
"comment": "",
"deleted": false,
"disable_correlation": false,
"object_relation": "sha1",
"timestamp": "1575987824",
"to_ids": true,
"type": "sha1",
"uuid": "0d675749-2ba0-48c4-80c9-919f4fb9395e",
"value": "550ceb58c15537c991ddf772200a888c0823eb06"
},
{
"category": "Other",
"comment": "",
"deleted": false,
"disable_correlation": true,
"object_relation": "path",
"timestamp": "1575987824",
"to_ids": false,
"type": "text",
"uuid": "8e8b34a0-5f7d-4f1b-9dc1-c575fb034fc9",
"value": "glmf-2.0.dll-output/"
},
{
"category": "Other",
"comment": "",
"deleted": false,
"disable_correlation": false,
"object_relation": "fullpath",
"timestamp": "1575987824",
"to_ids": false,
"type": "text",
"uuid": "d8c79ed7-cf1f-4e45-8898-7b04572638ce",
"value": "glmf-2.0.dll-output/payload.dll"
},
{
"category": "Other",
"comment": "",
"deleted": false,
"disable_correlation": true,
"object_relation": "text",
"timestamp": "1575987824",
"to_ids": false,
"type": "text",
"uuid": "fa2b1c81-15d3-4d24-940b-0e5d09dc883c",
"value": "variante-F/"
}
]
},
{
"comment": "",
"deleted": false,
"description": "File object describing a file with meta-information",
"meta-category": "file",
"name": "file",
"template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215",
"template_version": "16",
"timestamp": "1575987824",
"uuid": "e0551fbd-a6c4-45e4-b42c-21576008ca5b",
"Attribute": [
{
"category": "Payload delivery",
"comment": "",
"deleted": false,
"disable_correlation": true,
"object_relation": "filename",
"timestamp": "1575987824",
"to_ids": true,
"type": "filename",
"uuid": "dc011e03-b743-4491-b275-2b189cd9e151",
"value": "payload"
},
{
"category": "Payload delivery",
"comment": "",
"deleted": false,
"disable_correlation": false,
"object_relation": "sha1",
"timestamp": "1575987824",
"to_ids": true,
"type": "sha1",
"uuid": "b545d5f3-789e-493e-af1b-ce3dff9ad3a1",
"value": "48bc1d610f3f9219ad9f47f44368c2ef2eb4d64c"
},
{
"category": "Other",
"comment": "",
"deleted": false,
"disable_correlation": true,
"object_relation": "path",
"timestamp": "1575987824",
"to_ids": false,
"type": "text",
"uuid": "f747fd41-1b15-41a6-9437-39680f26e5a0",
"value": "glmf-2.0.dll-output/"
},
{
"category": "Other",
"comment": "",
"deleted": false,
"disable_correlation": false,
"object_relation": "fullpath",
"timestamp": "1575987824",
"to_ids": false,
"type": "text",
"uuid": "ab9f9ecf-af93-460b-a806-9faf7531d42a",
"value": "glmf-2.0.dll-output/payload"
},
{
"category": "Other",
"comment": "",
"deleted": false,
"disable_correlation": true,
"object_relation": "text",
"timestamp": "1575987824",
"to_ids": false,
"type": "text",
"uuid": "bf4d0450-5702-4126-a6c5-e4dbd60c5d41",
"value": "variante-F/"
}
]
},
{
"comment": "",
"deleted": false,
"description": "File object describing a file with meta-information",
"meta-category": "file",
"name": "file",
"template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215",
"template_version": "16",
"timestamp": "1575987824",
"uuid": "321b5b53-85a3-40e8-8840-8521b66fb118",
"Attribute": [
{
"category": "Payload delivery",
"comment": "",
"deleted": false,
"disable_correlation": true,
"object_relation": "filename",
"timestamp": "1575987825",
"to_ids": true,
"type": "filename",
"uuid": "63a21960-264d-484d-9f9c-1c35ae0cb8c9",
"value": "start_function.bin"
},
{
"category": "Payload delivery",
"comment": "",
"deleted": false,
"disable_correlation": false,
"object_relation": "sha1",
"timestamp": "1575987825",
"to_ids": true,
"type": "sha1",
"uuid": "35e9b5ff-48e7-4ff1-a08e-560a282e8a7a",
"value": "263ca823e42eea1f062bf375a4204f01aa883ad1"
},
{
"category": "Other",
"comment": "",
"deleted": false,
"disable_correlation": true,
"object_relation": "path",
"timestamp": "1575987825",
"to_ids": false,
"type": "text",
"uuid": "f9426754-0afe-4aba-8bf5-edb4d091d08e",
"value": "glmf-2.0.dll-output/"
},
{
"category": "Other",
"comment": "",
"deleted": false,
"disable_correlation": false,
"object_relation": "fullpath",
"timestamp": "1575987825",
"to_ids": false,
"type": "text",
"uuid": "5f41e4ba-ee85-4eaa-b541-c4fca3e2bbf5",
"value": "glmf-2.0.dll-output/start_function.bin"
},
{
"category": "Other",
"comment": "",
"deleted": false,
"disable_correlation": true,
"object_relation": "text",
"timestamp": "1575987825",
"to_ids": false,
"type": "text",
"uuid": "cb52dcb1-27ae-4da8-b101-f613c109bf92",
"value": "variante-F/"
}
]
},
{
"comment": "",
"deleted": false,
"description": "File object describing a file with meta-information",
"meta-category": "file",
"name": "file",
"template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215",
"template_version": "16",
"timestamp": "1575987825",
"uuid": "681bdb7d-a852-4a13-9c90-55774971b482",
"Attribute": [
{
"category": "Payload delivery",
"comment": "",
"deleted": false,
"disable_correlation": true,
"object_relation": "filename",
"timestamp": "1575987825",
"to_ids": true,
"type": "filename",
"uuid": "d7b38903-4f4d-4394-b288-414cf71efe55",
"value": "sysmon-implant.dll"
},
{
"category": "Payload delivery",
"comment": "",
"deleted": false,
"disable_correlation": false,
"object_relation": "sha1",
"timestamp": "1575987826",
"to_ids": true,
"type": "sha1",
"uuid": "7109a2fa-e931-491a-a391-d3fc08208971",
"value": "045e728362773c358b07e416d3cd3e66af71549c"
},
{
"category": "Other",
"comment": "",
"deleted": false,
"disable_correlation": true,
"object_relation": "path",
"timestamp": "1575987826",
"to_ids": false,
"type": "text",
"uuid": "b92149c7-7dad-431a-bce2-cb8a60cb85f7",
"value": "glmf-2.0.dll-output/"
},
{
"category": "Other",
"comment": "",
"deleted": false,
"disable_correlation": false,
"object_relation": "fullpath",
"timestamp": "1575987826",
"to_ids": false,
"type": "text",
"uuid": "10639a82-2398-42bb-b6d8-a0f82932a418",
"value": "glmf-2.0.dll-output/sysmon-implant.dll"
},
{
"category": "Other",
"comment": "",
"deleted": false,
"disable_correlation": true,
"object_relation": "text",
"timestamp": "1575987827",
"to_ids": false,
"type": "text",
"uuid": "995a9102-a3bf-45e5-8b6f-1c006bee7608",
"value": "variante-F/"
}
]
},
{
"comment": "",
"deleted": false,
"description": "File object describing a file with meta-information",
"meta-category": "file",
"name": "file",
"template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215",
"template_version": "16",
"timestamp": "1575987827",
"uuid": "5ec73a7f-829e-472a-9666-05b92c769b14",
"Attribute": [
{
"category": "Payload delivery",
"comment": "",
"deleted": false,
"disable_correlation": true,
"object_relation": "filename",
"timestamp": "1575987827",
"to_ids": true,
"type": "filename",
"uuid": "1f01af1f-aae2-4bc9-b0bc-2192e75794f7",
"value": "sysmon-implant"
},
{
"category": "Payload delivery",
"comment": "",
"deleted": false,
"disable_correlation": false,
"object_relation": "sha1",
"timestamp": "1575987827",
"to_ids": true,
"type": "sha1",
"uuid": "7fdd86a0-3a9f-4018-a003-fbcc2cab420e",
"value": "b3f04f4e41afe17117204e0b48162886b58932ce"
},
{
"category": "Other",
"comment": "",
"deleted": false,
"disable_correlation": true,
"object_relation": "path",
"timestamp": "1575987827",
"to_ids": false,
"type": "text",
"uuid": "84ed1e2e-6af1-4990-ade0-143f8d9e3b1d",
"value": "glmf-2.0.dll-output/"
},
{
"category": "Other",
"comment": "",
"deleted": false,
"disable_correlation": false,
"object_relation": "fullpath",
"timestamp": "1575987827",
"to_ids": false,
"type": "text",
"uuid": "e6a7d834-25f9-4501-b6d6-41ef8567b7ff",
"value": "glmf-2.0.dll-output/sysmon-implant"
},
{
"category": "Other",
"comment": "",
"deleted": false,
"disable_correlation": true,
"object_relation": "text",
"timestamp": "1575987827",
"to_ids": false,
"type": "text",
"uuid": "10254175-05f3-4a1b-81f7-35a106df7c07",
"value": "variante-F/"
}
]
},
{
"comment": "",
"deleted": false,
"description": "File object describing a file with meta-information",
"meta-category": "file",
"name": "file",
"template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215",
"template_version": "16",
"timestamp": "1575987827",
"uuid": "0032d7b5-43be-4a6c-bc62-56a5298cbaa7",
"Attribute": [
{
"category": "Payload delivery",
"comment": "",
"deleted": false,
"disable_correlation": true,
"object_relation": "filename",
"timestamp": "1575987828",
"to_ids": true,
"type": "filename",
"uuid": "d40643c4-009d-419f-8aa1-6cf23bed1955",
"value": "glmf-2.0.dll"
},
{
"category": "Payload delivery",
"comment": "",
"deleted": false,
"disable_correlation": false,
"object_relation": "sha1",
"timestamp": "1575987828",
"to_ids": true,
"type": "sha1",
"uuid": "852e5958-0cef-4b7a-8188-6cd4c50f1755",
"value": "39d8e4abc92ba068e30597cad0d195af4fe8372b"
},
{
"category": "Other",
"comment": "",
"deleted": false,
"disable_correlation": true,
"object_relation": "path",
"timestamp": "1575987828",
"to_ids": false,
"type": "text",
"uuid": "d37bb216-a074-4885-b179-75ece3166133",
"value": "glmf-2.0.dll/"
},
{
"category": "Other",
"comment": "",
"deleted": false,
"disable_correlation": false,
"object_relation": "fullpath",
"timestamp": "1575987828",
"to_ids": false,
"type": "text",
"uuid": "a0aee896-34d6-4e0b-8274-b1e1aeebc70e",
"value": "glmf-2.0.dll"
},
{
"category": "Other",
"comment": "",
"deleted": false,
"disable_correlation": true,
"object_relation": "text",
"timestamp": "1575987828",
"to_ids": false,
"type": "text",
"uuid": "96614bdf-47e0-4c36-99fe-fc09d1bddbd4",
"value": "variante-F/"
}
]
},
{
"comment": "",
"deleted": false,
"description": "File object describing a file with meta-information",
"meta-category": "file",
"name": "file",
"template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215",
"template_version": "18",
"timestamp": "1575988850",
"uuid": "5defae0e-25f0-4dd9-94b4-451e950d210f",
"ObjectReference": [
{
"comment": "",
"object_uuid": "5defae0e-25f0-4dd9-94b4-451e950d210f",
"referenced_uuid": "5defae31-f31c-427b-ad96-48d4950d210f",
"relationship_type": "contains",
"timestamp": "1575988850",
"uuid": "5defae72-5724-4bfb-b64f-4ddd950d210f"
}
],
"Attribute": [
{
"category": "Other",
"comment": "",
"deleted": false,
"disable_correlation": true,
"object_relation": "text",
"timestamp": "1575988751",
"to_ids": false,
"type": "text",
"uuid": "5defae0f-e91c-4c1d-b6a0-4c83950d210f",
"value": "Intermediate Loader Payload DLL (memory only)"
},
{
"category": "Payload delivery",
"comment": "",
"deleted": false,
"disable_correlation": false,
"object_relation": "ssdeep",
"timestamp": "1575988751",
"to_ids": true,
"type": "ssdeep",
"uuid": "5defae0f-1f78-4b9d-88ed-4ca4950d210f",
"value": "1536:B6Lf7rVA8vhTjRmIeYQv9jB0dMSI/qe9lD9:QLfrvhTjRNeYA9ieSbGlD9"
}
]
},
{
"comment": "",
"deleted": false,
"description": "Object describing a section of a Portable Executable",
"meta-category": "file",
"name": "pe-section",
"template_uuid": "198a17d2-a135-4b25-9a32-5aa4e632014a",
"template_version": "3",
"timestamp": "1575988876",
"uuid": "5defae31-f31c-427b-ad96-48d4950d210f",
"ObjectReference": [
{
"comment": "",
"object_uuid": "5defae31-f31c-427b-ad96-48d4950d210f",
"referenced_uuid": "5defae0e-25f0-4dd9-94b4-451e950d210f",
"relationship_type": "contained-within",
"timestamp": "1575988875",
"uuid": "5defae8b-4744-4853-9c3d-4243950d210f"
}
],
"Attribute": [
{
"category": "Other",
"comment": "",
"deleted": false,
"disable_correlation": true,
"object_relation": "name",
"timestamp": "1575988785",
"to_ids": false,
"type": "text",
"uuid": "5defae31-f1c8-4c3d-97dd-4296950d210f",
"value": ".text"
},
{
"category": "Payload delivery",
"comment": "",
"deleted": false,
"disable_correlation": false,
"object_relation": "ssdeep",
"timestamp": "1575988785",
"to_ids": true,
"type": "ssdeep",
"uuid": "5defae31-6900-4825-a85e-43da950d210f",
"value": "768:466RwzXvMmLrVAhu5ljDhTb/YWD8ChD/1gIeYQhtbpY8B0z5MSuN/:46Lf7rVA8vhTjRmIeYQv9jB0dMSI/"
}
]
},
{
"comment": "",
"deleted": false,
"description": "File object describing a file with meta-information",
"meta-category": "file",
"name": "file",
"template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215",
"template_version": "18",
"timestamp": "1575988950",
"uuid": "5defaed6-e44c-4af8-8d06-4993950d210f",
"Attribute": [
{
"category": "Other",
"comment": "",
"deleted": false,
"disable_correlation": true,
"object_relation": "text",
"timestamp": "1575988951",
"to_ids": false,
"type": "text",
"uuid": "5defaed7-a944-45e3-802e-4e42950d210f",
"value": "WinNTI Payload DLL (Decrypted PE, unloaded/injected state, memory only)"
},
{
"category": "Payload delivery",
"comment": "",
"deleted": false,
"disable_correlation": false,
"object_relation": "ssdeep",
"timestamp": "1575988951",
"to_ids": true,
"type": "ssdeep",
"uuid": "5defaed7-4db8-46a1-9910-45cd950d210f",
"value": "12288:iUCXzbtTwr9ZnO7CMXvXD03WvR+WZj1EusOLw4owntX4SncgcP:ODbtTOnO7CMX7WeIWZgO7owtIScj"
}
]
},
{
"comment": "",
"deleted": false,
"description": "File object describing a file with meta-information",
"meta-category": "file",
"name": "file",
"template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215",
"template_version": "18",
"timestamp": "1575989052",
"uuid": "5defaf3c-d7e4-423c-82ad-4838950d210f",
"Attribute": [
{
"category": "Other",
"comment": "",
"deleted": false,
"disable_correlation": true,
"object_relation": "text",
"timestamp": "1575989052",
"to_ids": false,
"type": "text",
"uuid": "5defaf3c-4ee0-4cc9-be4f-47ac950d210f",
"value": "Reflective DLL Loading Shellcode Type 2a (loads injected WinNTI Payload DLL, calls DllMain, memory only)"
},
{
"category": "Payload delivery",
"comment": "",
"deleted": false,
"disable_correlation": false,
"object_relation": "md5",
"timestamp": "1575989052",
"to_ids": true,
"type": "md5",
"uuid": "5defaf3c-1e3c-4002-842c-4760950d210f",
"value": "119d144147662013ee85e8ee00024cc4"
},
{
"category": "Payload delivery",
"comment": "",
"deleted": false,
"disable_correlation": false,
"object_relation": "sha256",
"timestamp": "1575989052",
"to_ids": true,
"type": "sha256",
"uuid": "5defaf3c-6f84-4243-b12f-4a91950d210f",
"value": "bd1cde125389590f75b808a27401de15b03f70795311881c5da3e079a44e39ef"
},
{
"category": "Payload delivery",
"comment": "",
"deleted": false,
"disable_correlation": false,
"object_relation": "sha1",
"timestamp": "1575989052",
"to_ids": true,
"type": "sha1",
"uuid": "5defaf3c-4fec-4afb-a988-42f0950d210f",
"value": "715a1b53556be0f51951547b86ec8d38a74ec7d9"
},
{
"category": "Payload delivery",
"comment": "",
"deleted": false,
"disable_correlation": false,
"object_relation": "ssdeep",
"timestamp": "1575989052",
"to_ids": true,
"type": "ssdeep",
"uuid": "5defaf3c-db60-4769-86ce-46c1950d210f",
"value": "48:FyaxW8RrvmX2EJtzXFurCXgj9e0tQ380Fon/keb5B7003/s:tepfzFiCwj9eVM0IkebX0Es"
},
{
"category": "Other",
"comment": "",
"deleted": false,
"disable_correlation": true,
"object_relation": "size-in-bytes",
"timestamp": "1575989052",
"to_ids": false,
"type": "size-in-bytes",
"uuid": "5defaf3c-3efc-4167-aba9-49f4950d210f",
"value": "2048"
}
]
},
{
"comment": "",
"deleted": false,
"description": "File object describing a file with meta-information",
"meta-category": "file",
"name": "file",
"template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215",
"template_version": "18",
"timestamp": "1575989927",
"uuid": "5defb18f-9100-4e25-ae16-4f69950d210f",
"ObjectReference": [
{
"comment": "",
"object_uuid": "5defb18f-9100-4e25-ae16-4f69950d210f",
"referenced_uuid": "5defb221-e110-4c86-99bd-409e950d210f",
"relationship_type": "contains",
"timestamp": "1575989927",
"uuid": "5defb27b-7e50-4754-9612-45f5950d210f"
}
],
"Attribute": [
{
"category": "Other",
"comment": "",
"deleted": false,
"disable_correlation": true,
"object_relation": "text",
"timestamp": "1575989647",
"to_ids": false,
"type": "text",
"uuid": "5defb18f-5ebc-446c-8d09-480d950d210f",
"value": "Reflective DLL Loading Shellcode Type 2b (loads injected WinNTI Payload DLL, calls DllMain, memory only)"
},
{
"category": "Payload delivery",
"comment": "",
"deleted": false,
"disable_correlation": false,
"object_relation": "md5",
"timestamp": "1575989647",
"to_ids": true,
"type": "md5",
"uuid": "5defb18f-ef98-4efe-beed-46ac950d210f",
"value": "42560fde33e1e5f83e61bcdfa77b5b9c"
},
{
"category": "Payload delivery",
"comment": "",
"deleted": false,
"disable_correlation": false,
"object_relation": "sha256",
"timestamp": "1575989647",
"to_ids": true,
"type": "sha256",
"uuid": "5defb18f-fdc8-4c7e-8205-4a80950d210f",
"value": "5aa25bb6795f0e72176b6d7b5f9808c8c4685ce4ca1ab34e0ce4e41eaf19ad61"
},
{
"category": "Payload delivery",
"comment": "",
"deleted": false,
"disable_correlation": false,
"object_relation": "sha1",
"timestamp": "1575989648",
"to_ids": true,
"type": "sha1",
"uuid": "5defb190-3034-4396-bd90-4e99950d210f",
"value": "29fee2e1138592a3c3167176849dee3f193bf4a8"
},
{
"category": "Payload delivery",
"comment": "",
"deleted": false,
"disable_correlation": false,
"object_relation": "ssdeep",
"timestamp": "1575989648",
"to_ids": true,
"type": "ssdeep",
"uuid": "5defb190-a8dc-464e-89a3-44de950d210f",
"value": "48:/D7DxQaGZDz5b546czuXZUa0Gr2z44uLGswLBaZalxIJegXGplDYriXhwaul:3DxPGZTMzOmnG6zqLGsYBaMlCJegW3YD"
}
]
},
{
"comment": "",
"deleted": false,
"description": "File object describing a file with meta-information",
"meta-category": "file",
"name": "file",
"template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215",
"template_version": "18",
"timestamp": "1576051459",
"uuid": "5defb1ce-bf24-489f-9676-47fc950d210f",
"ObjectReference": [
{
"comment": "",
"object_uuid": "5defb1ce-bf24-489f-9676-47fc950d210f",
"referenced_uuid": "5defb221-e110-4c86-99bd-409e950d210f",
"relationship_type": "contains",
"timestamp": "1576051459",
"uuid": "5df0a303-f5ac-4e8d-95a4-4f11950d210f"
}
],
"Attribute": [
{
"category": "Other",
"comment": "",
"deleted": false,
"disable_correlation": true,
"object_relation": "text",
"timestamp": "1575989711",
"to_ids": false,
"type": "text",
"uuid": "5defb1cf-6cec-4d52-a2f1-47da950d210f",
"value": "Sysmon Implant (Decrypted PE, memory only)"
},
{
"category": "Payload delivery",
"comment": "",
"deleted": false,
"disable_correlation": false,
"object_relation": "md5",
"timestamp": "1575989711",
"to_ids": true,
"type": "md5",
"uuid": "5defb1cf-1e00-4513-907b-413f950d210f",
"value": "3bb87749da36ebd1a564ee85e9f0fff0"
},
{
"category": "Payload delivery",
"comment": "",
"deleted": false,
"disable_correlation": false,
"object_relation": "sha256",
"timestamp": "1575989711",
"to_ids": true,
"type": "sha256",
"uuid": "5defb1cf-a874-443f-904b-46d5950d210f",
"value": "806df629a0e58a70b4936bb9a28eafe555ff4ce190039bb26215782a93cff4cb"
},
{
"category": "Payload delivery",
"comment": "",
"deleted": false,
"disable_correlation": false,
"object_relation": "sha1",
"timestamp": "1575989711",
"to_ids": true,
"type": "sha1",
"uuid": "5defb1cf-3fd0-4f3a-a1b4-4f1b950d210f",
"value": "8a2356303356e2850a15401ee8b5727b152e200b"
},
{
"category": "Payload delivery",
"comment": "",
"deleted": false,
"disable_correlation": false,
"object_relation": "imphash",
"timestamp": "1575989711",
"to_ids": true,
"type": "imphash",
"uuid": "5defb1cf-482c-455a-aea3-4f94950d210f",
"value": "f3c01ba3a71e1e0ef157c3b8cb0ad625"
},
{
"category": "Payload delivery",
"comment": "",
"deleted": false,
"disable_correlation": false,
"object_relation": "ssdeep",
"timestamp": "1575989711",
"to_ids": true,
"type": "ssdeep",
"uuid": "5defb1cf-4548-44bc-9205-4593950d210f",
"value": "1536:vGzAkyjIOsTCT2IP+W0k+0X4a3Ro1MeAJhN9tdN9VtdNz9Tl1caSQZ/26XvX:vGzAkyE3TCqk+pIgMeAJhN9tdN9VtdNn"
},
{
"category": "Other",
"comment": "",
"deleted": false,
"disable_correlation": true,
"object_relation": "size-in-bytes",
"timestamp": "1575989711",
"to_ids": false,
"type": "size-in-bytes",
"uuid": "5defb1cf-6048-4c7b-94b8-453f950d210f",
"value": "90112"
}
]
},
{
"comment": "code section",
"deleted": false,
"description": "Object describing a section of a Portable Executable",
"meta-category": "file",
"name": "pe-section",
"template_uuid": "198a17d2-a135-4b25-9a32-5aa4e632014a",
"template_version": "3",
"timestamp": "1576051530",
"uuid": "5defb221-e110-4c86-99bd-409e950d210f",
"ObjectReference": [
{
"comment": "",
"object_uuid": "5defb221-e110-4c86-99bd-409e950d210f",
"referenced_uuid": "5defb1ce-bf24-489f-9676-47fc950d210f",
"relationship_type": "contained-within",
"timestamp": "1576051530",
"uuid": "5df0a34a-a170-4e25-869b-47bb950d210f"
}
],
"Attribute": [
{
"category": "Payload delivery",
"comment": "",
"deleted": false,
"disable_correlation": false,
"object_relation": "md5",
"timestamp": "1575989793",
"to_ids": true,
"type": "md5",
"uuid": "5defb221-3068-4900-a034-4bd7950d210f",
"value": "5e5dd13d6986f521c24e816f3a0880cc"
},
{
"category": "Payload delivery",
"comment": "",
"deleted": false,
"disable_correlation": false,
"object_relation": "sha1",
"timestamp": "1575989794",
"to_ids": true,
"type": "sha1",
"uuid": "5defb222-dd1c-4a35-a66e-4bbd950d210f",
"value": "9a3ca3a368fee2f2f9d824e6d8ffd1ef2ed62c72"
},
{
"category": "Payload delivery",
"comment": "",
"deleted": false,
"disable_correlation": false,
"object_relation": "sha256",
"timestamp": "1575989794",
"to_ids": true,
"type": "sha256",
"uuid": "5defb222-8a98-4a68-b836-46ed950d210f",
"value": "28afc1eb9d37322257c9ee628b82ca1e44af29e2e40f28d70ee544a63113638f"
},
{
"category": "Payload delivery",
"comment": "",
"deleted": false,
"disable_correlation": false,
"object_relation": "ssdeep",
"timestamp": "1575989794",
"to_ids": true,
"type": "ssdeep",
"uuid": "5defb222-4ea0-4a7b-b41b-401a950d210f",
"value": "768:TiDxzGr+GAJxxtgyZiCcJ5Ev7AT5sFlloZ8RBT2I/HqhPO0i1+i5X4aFV/O3wds:6GzAkyjIOsTCT2IP+W0k+0X4a3Ro1Me"
}
]
},
{
"comment": "",
"deleted": false,
"description": "File object describing a file with meta-information",
"meta-category": "file",
"name": "file",
"template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215",
"template_version": "18",
"timestamp": "1576051948",
"uuid": "5df0a4ec-ea3c-43b7-a298-42f5950d210f",
"Attribute": [
{
"category": "Other",
"comment": "",
"deleted": false,
"disable_correlation": true,
"object_relation": "text",
"timestamp": "1576051948",
"to_ids": false,
"type": "text",
"uuid": "5df0a4ec-3348-4a80-b9c6-4bc0950d210f",
"value": "Kernel Driver Type 1 (temporarily dropped to disk, deleted after loading)"
},
{
"category": "Payload delivery",
"comment": "",
"deleted": false,
"disable_correlation": false,
"object_relation": "md5",
"timestamp": "1576051948",
"to_ids": true,
"type": "md5",
"uuid": "5df0a4ec-e0dc-4646-bd0a-4bbd950d210f",
"value": "1801319eb2b82016ae6a33ee18fcc3ad"
},
{
"category": "Payload delivery",
"comment": "",
"deleted": false,
"disable_correlation": false,
"object_relation": "sha256",
"timestamp": "1576051948",
"to_ids": true,
"type": "sha256",
"uuid": "5df0a4ec-9640-4d9c-a2cb-40a3950d210f",
"value": "ebdb8cfc3207b411a4d898489c8825cb2187221a473f2fbf7a43cbf637f2fe57"
},
{
"category": "Payload delivery",
"comment": "",
"deleted": false,
"disable_correlation": false,
"object_relation": "sha1",
"timestamp": "1576051948",
"to_ids": true,
"type": "sha1",
"uuid": "5df0a4ec-4118-4208-8dfe-4188950d210f",
"value": "7bbed9fbff45b15dbf5cedfa3636a3caad65650f"
},
{
"category": "Payload delivery",
"comment": "",
"deleted": false,
"disable_correlation": false,
"object_relation": "imphash",
"timestamp": "1576051948",
"to_ids": true,
"type": "imphash",
"uuid": "5df0a4ec-d3bc-4ab8-8830-4c7e950d210f",
"value": "c22f9228e1c400cb179800b69544162b"
},
{
"category": "Payload delivery",
"comment": "",
"deleted": false,
"disable_correlation": false,
"object_relation": "ssdeep",
"timestamp": "1576051948",
"to_ids": true,
"type": "ssdeep",
"uuid": "5df0a4ec-a20c-499b-a0a8-4e04950d210f",
"value": "768:jZh+oyCeGqt/P76bbwYCmKGqV+VNQNDBKTW1/bz2vTvQtCK:jiCeB/Gbbi0qV6QNBK+QTvQQK"
},
{
"category": "Other",
"comment": "",
"deleted": false,
"disable_correlation": true,
"object_relation": "size-in-bytes",
"timestamp": "1576051948",
"to_ids": false,
"type": "size-in-bytes",
"uuid": "5df0a4ec-259c-4f29-9e12-41a0950d210f",
"value": "47104"
}
]
},
{
"comment": "",
"deleted": false,
"description": "File object describing a file with meta-information",
"meta-category": "file",
"name": "file",
"template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215",
"template_version": "18",
"timestamp": "1576053667",
"uuid": "5df0a8fd-0cec-45d5-8023-1706950d210f",
"ObjectReference": [
{
"comment": "",
"object_uuid": "5df0a8fd-0cec-45d5-8023-1706950d210f",
"referenced_uuid": "5df0ab37-3e44-44c5-85cf-4021950d210f",
"relationship_type": "contains",
"timestamp": "1576053667",
"uuid": "5df0aba3-e164-4fa5-a8f5-1eab950d210f"
}
],
"Attribute": [
{
"category": "Other",
"comment": "",
"deleted": false,
"disable_correlation": true,
"object_relation": "text",
"timestamp": "1576052990",
"to_ids": false,
"type": "text",
"uuid": "5df0a8fe-14dc-48cf-acd4-1706950d210f",
"value": "Kernel Driver Type 2a (temporarily dropped to disk, deleted after loading, Example 1)"
},
{
"category": "Payload delivery",
"comment": "",
"deleted": false,
"disable_correlation": false,
"object_relation": "md5",
"timestamp": "1576052990",
"to_ids": true,
"type": "md5",
"uuid": "5df0a8fe-068c-44ef-84ab-1706950d210f",
"value": "50f624b3fb6ca04f352e0463a43df86f"
},
{
"category": "Payload delivery",
"comment": "",
"deleted": false,
"disable_correlation": false,
"object_relation": "sha256",
"timestamp": "1576052990",
"to_ids": true,
"type": "sha256",
"uuid": "5df0a8fe-b910-4d77-97f3-1706950d210f",
"value": "3c25dcb33e018c21a3dc709c54495c0e504aeee78d7f103deaf19c1d802d57da"
},
{
"category": "Payload delivery",
"comment": "",
"deleted": false,
"disable_correlation": false,
"object_relation": "sha1",
"timestamp": "1576052990",
"to_ids": true,
"type": "sha1",
"uuid": "5df0a8fe-e42c-406e-9e84-1706950d210f",
"value": "3c404486a5c443e43c1b7691de7801cece44a733"
},
{
"category": "Payload delivery",
"comment": "",
"deleted": false,
"disable_correlation": false,
"object_relation": "imphash",
"timestamp": "1576052990",
"to_ids": true,
"type": "imphash",
"uuid": "5df0a8fe-62c4-410b-9bae-1706950d210f",
"value": "fcccb379816ade76b537359d17969ca4"
},
{
"category": "Payload delivery",
"comment": "",
"deleted": false,
"disable_correlation": false,
"object_relation": "ssdeep",
"timestamp": "1576052990",
"to_ids": true,
"type": "ssdeep",
"uuid": "5df0a8fe-d60c-4e0d-bda8-1706950d210f",
"value": "768:pQIbhJi7OB1/HzktBgWb8oiICMvahoICS4AIHOyMKIoAj:pQIDRBW4o8+ICS4AltoA"
},
{
"category": "Other",
"comment": "",
"deleted": false,
"disable_correlation": true,
"object_relation": "size-in-bytes",
"timestamp": "1576052990",
"to_ids": false,
"type": "size-in-bytes",
"uuid": "5df0a8fe-c674-4426-a838-1706950d210f",
"value": "44624"
}
]
},
{
"comment": "",
"deleted": false,
"description": "Object describing a section of a Portable Executable",
"meta-category": "file",
"name": "pe-section",
"template_uuid": "198a17d2-a135-4b25-9a32-5aa4e632014a",
"template_version": "3",
"timestamp": "1576053693",
"uuid": "5df0ab37-3e44-44c5-85cf-4021950d210f",
"ObjectReference": [
{
"comment": "",
"object_uuid": "5df0ab37-3e44-44c5-85cf-4021950d210f",
"referenced_uuid": "5df0a8fd-0cec-45d5-8023-1706950d210f",
"relationship_type": "contained-within",
"timestamp": "1576053693",
"uuid": "5df0abbd-d070-4b5e-8f4a-1eab950d210f"
}
],
"Attribute": [
{
"category": "Payload delivery",
"comment": "",
"deleted": false,
"disable_correlation": false,
"object_relation": "md5",
"timestamp": "1576053559",
"to_ids": true,
"type": "md5",
"uuid": "5df0ab37-81a4-4c8f-8df0-43ee950d210f",
"value": "1e615b812bd1b6c205e27c4c5067fd8a"
},
{
"category": "Other",
"comment": "",
"deleted": false,
"disable_correlation": true,
"object_relation": "name",
"timestamp": "1576053559",
"to_ids": false,
"type": "text",
"uuid": "5df0ab37-feb4-49af-93ac-47a8950d210f",
"value": ".text"
},
{
"category": "Payload delivery",
"comment": "",
"deleted": false,
"disable_correlation": false,
"object_relation": "sha1",
"timestamp": "1576053560",
"to_ids": true,
"type": "sha1",
"uuid": "5df0ab38-6830-4ce3-875c-487f950d210f",
"value": "26d6f5c9a779dba2104fedb90d00bc1ff0aa5195"
},
{
"category": "Payload delivery",
"comment": "",
"deleted": false,
"disable_correlation": false,
"object_relation": "sha256",
"timestamp": "1576053560",
"to_ids": true,
"type": "sha256",
"uuid": "5df0ab38-0920-426c-8c1f-448d950d210f",
"value": "8cfa0f9caec35a80078db887a7cf80a4e903abdb010b3045ef6f54724ba0c4d2"
},
{
"category": "Payload delivery",
"comment": "",
"deleted": false,
"disable_correlation": false,
"object_relation": "ssdeep",
"timestamp": "1576053560",
"to_ids": true,
"type": "ssdeep",
"uuid": "5df0ab38-4904-44b0-8fdf-445d950d210f",
"value": "384:BQIbhd3i7OGK10mXEGHzktMgM+mJ/RWb8oirUj0HM:BQIbhJi7OB1/HzktBgWb8oiICM"
}
]
},
{
"comment": "dumped from memory with moddump",
"deleted": false,
"description": "File object describing a file with meta-information",
"meta-category": "file",
"name": "file",
"template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215",
"template_version": "18",
"timestamp": "1576054215",
"uuid": "5df0ac98-e890-4c6a-b708-30d9950d210f",
"ObjectReference": [
{
"comment": "",
"object_uuid": "5df0ac98-e890-4c6a-b708-30d9950d210f",
"referenced_uuid": "5df0acec-e3d4-4767-abe7-4bf6950d210f",
"relationship_type": "contains",
"timestamp": "1576054215",
"uuid": "5df0adc7-67d4-4ed6-9fdb-412e950d210f"
}
],
"Attribute": [
{
"category": "Other",
"comment": "",
"deleted": false,
"disable_correlation": true,
"object_relation": "text",
"timestamp": "1576053913",
"to_ids": false,
"type": "text",
"uuid": "5df0ac99-c028-4b62-82b7-30d9950d210f",
"value": "Kernel Driver Type 2b (temporarily dropped to disk, deleted after loading, Example 2)"
},
{
"category": "Payload delivery",
"comment": "",
"deleted": false,
"disable_correlation": false,
"object_relation": "md5",
"timestamp": "1576053913",
"to_ids": true,
"type": "md5",
"uuid": "5df0ac99-5df8-46cb-8313-30d9950d210f",
"value": "b96dfbc749b99bc672c74708373bbc97"
},
{
"category": "Payload delivery",
"comment": "",
"deleted": false,
"disable_correlation": false,
"object_relation": "sha256",
"timestamp": "1576053913",
"to_ids": true,
"type": "sha256",
"uuid": "5df0ac99-28b8-4251-a4d7-30d9950d210f",
"value": "5af2edd199b6c4ea731449b202ea96faef6c11d1ac0ca7b22aa9023e0186621f"
},
{
"category": "Payload delivery",
"comment": "",
"deleted": false,
"disable_correlation": false,
"object_relation": "sha1",
"timestamp": "1576053913",
"to_ids": true,
"type": "sha1",
"uuid": "5df0ac99-7fbc-4bb1-a7ce-30d9950d210f",
"value": "4e45d9b0bc282cc93113c7ba51b1b4ac173a208d"
},
{
"category": "Payload delivery",
"comment": "",
"deleted": false,
"disable_correlation": false,
"object_relation": "ssdeep",
"timestamp": "1576053913",
"to_ids": true,
"type": "ssdeep",
"uuid": "5df0ac99-836c-4182-bf69-30d9950d210f",
"value": "768:Zhf9ozikYw7rhcCMsahoICS4AIvm7tSw5iZ:W1Yw7rH7ICS4ANtSw5M"
},
{
"category": "Other",
"comment": "",
"deleted": false,
"disable_correlation": true,
"object_relation": "size-in-bytes",
"timestamp": "1576053913",
"to_ids": false,
"type": "size-in-bytes",
"uuid": "5df0ac99-8110-4ca7-b3e7-30d9950d210f",
"value": "34816"
}
]
},
{
"comment": "",
"deleted": false,
"description": "Object describing a section of a Portable Executable",
"meta-category": "file",
"name": "pe-section",
"template_uuid": "198a17d2-a135-4b25-9a32-5aa4e632014a",
"template_version": "3",
"timestamp": "1576056010",
"uuid": "5df0acec-e3d4-4767-abe7-4bf6950d210f",
"ObjectReference": [
{
"comment": "",
"object_uuid": "5df0acec-e3d4-4767-abe7-4bf6950d210f",
"referenced_uuid": "5df0ac98-e890-4c6a-b708-30d9950d210f",
"relationship_type": "contained-within",
"timestamp": "1576056010",
"uuid": "5df0b4ca-5688-48e8-b90e-30af950d210f"
}
],
"Attribute": [
{
"category": "Payload delivery",
"comment": "",
"deleted": false,
"disable_correlation": false,
"object_relation": "md5",
"timestamp": "1576053996",
"to_ids": true,
"type": "md5",
"uuid": "5df0acec-885c-40f7-a54b-4c9c950d210f",
"value": "ace45cab5b340beed180fce546f16bd6"
},
{
"category": "Other",
"comment": "",
"deleted": false,
"disable_correlation": true,
"object_relation": "name",
"timestamp": "1576053996",
"to_ids": false,
"type": "text",
"uuid": "5df0acec-99d4-4fc2-8c82-46d1950d210f",
"value": ".text"
},
{
"category": "Payload delivery",
"comment": "",
"deleted": false,
"disable_correlation": false,
"object_relation": "sha1",
"timestamp": "1576053996",
"to_ids": true,
"type": "sha1",
"uuid": "5df0acec-5854-4f7b-a275-4b10950d210f",
"value": "d058fcef882a6bfa993cefb2371f1eb5d187e356"
},
{
"category": "Payload delivery",
"comment": "",
"deleted": false,
"disable_correlation": false,
"object_relation": "ssdeep",
"timestamp": "1576053996",
"to_ids": true,
"type": "ssdeep",
"uuid": "5df0acec-c5f0-43b8-bac9-403d950d210f",
"value": "384:Hh/HusRuVIL7ozi1B82zfR27rhp0p0HM:Hhf9ozikYw7rhcCM"
}
]
},
{
"comment": "",
"deleted": false,
"description": "File object describing a file with meta-information",
"meta-category": "file",
"name": "file",
"template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215",
"template_version": "17",
"timestamp": "1576068620",
"uuid": "fbb2308c-ed30-4bdc-97ff-53b4136cf37f",
"ObjectReference": [
{
"comment": "",
"object_uuid": "fbb2308c-ed30-4bdc-97ff-53b4136cf37f",
"referenced_uuid": "7286a3d2-41c0-4688-9e21-85ec78ff23e0",
"relationship_type": "analysed-with",
"timestamp": "1576068624",
"uuid": "5df0e610-860c-4a9e-ba7f-4e39950d210f"
}
],
"Attribute": [
{
"category": "Payload delivery",
"comment": "",
"deleted": false,
"disable_correlation": false,
"object_relation": "md5",
"timestamp": "1575987808",
"to_ids": true,
"type": "md5",
"uuid": "6dec703d-9fd1-4b96-93a4-929d56321073",
"value": "0eded1c3a20039a504bc256fcc892023"
},
{
"category": "Payload delivery",
"comment": "",
"deleted": false,
"disable_correlation": false,
"object_relation": "sha1",
"timestamp": "1575987808",
"to_ids": true,
"type": "sha1",
"uuid": "5fdb47e8-b769-47b5-bafe-4faec6303216",
"value": "98c32b4093ed1d7cba6fdcd7667f7ba10ba7a94c"
},
{
"category": "Payload delivery",
"comment": "",
"deleted": false,
"disable_correlation": false,
"object_relation": "sha256",
"timestamp": "1575987808",
"to_ids": true,
"type": "sha256",
"uuid": "362b5ec1-f148-40bc-8c65-e09bd411a0b2",
"value": "02a7dd784a87fd08b50515aa5ea7db5bebe95d13ee8df1e75d903c744827e01b"
}
]
},
{
"comment": "",
"deleted": false,
"description": "VirusTotal report",
"meta-category": "misc",
"name": "virustotal-report",
"template_uuid": "d7dd0154-e04f-4c34-a2fb-79f3a3a52aa4",
"template_version": "2",
"timestamp": "1576068621",
"uuid": "7286a3d2-41c0-4688-9e21-85ec78ff23e0",
"Attribute": [
{
"category": "Other",
"comment": "",
"deleted": false,
"disable_correlation": false,
"object_relation": "last-submission",
"timestamp": "1575987808",
"to_ids": false,
"type": "datetime",
"uuid": "154a18b8-bb22-4a9d-9ac4-6d1789cc9d0b",
"value": "2019-12-06T23:44:03"
},
{
"category": "Payload delivery",
"comment": "",
"deleted": false,
"disable_correlation": false,
"object_relation": "permalink",
"timestamp": "1575987808",
"to_ids": false,
"type": "link",
"uuid": "54d15f31-0cc6-419e-b6a3-0e9c5a0afa8a",
"value": "https://www.virustotal.com/file/02a7dd784a87fd08b50515aa5ea7db5bebe95d13ee8df1e75d903c744827e01b/analysis/1575675843/"
},
{
"category": "Payload delivery",
"comment": "",
"deleted": false,
"disable_correlation": true,
"object_relation": "detection-ratio",
"timestamp": "1575987808",
"to_ids": false,
"type": "text",
"uuid": "bb4ad868-327d-4b86-ba53-fdb5e6577626",
"value": "30/70"
}
]
},
{
"comment": "",
"deleted": false,
"description": "File object describing a file with meta-information",
"meta-category": "file",
"name": "file",
"template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215",
"template_version": "17",
"timestamp": "1576068621",
"uuid": "b9b6c463-ab69-4bc2-a053-248497aa95d5",
"ObjectReference": [
{
"comment": "",
"object_uuid": "b9b6c463-ab69-4bc2-a053-248497aa95d5",
"referenced_uuid": "42bd75dc-5e99-4c09-bfca-66b22cb28fa1",
"relationship_type": "analysed-with",
"timestamp": "1576068624",
"uuid": "5df0e610-2aa8-4123-b206-4d39950d210f"
}
],
"Attribute": [
{
"category": "Payload delivery",
"comment": "",
"deleted": false,
"disable_correlation": false,
"object_relation": "md5",
"timestamp": "1575987801",
"to_ids": true,
"type": "md5",
"uuid": "b6be6615-f4aa-4a32-9571-d349b17d4dd7",
"value": "5979cf5018c03be2524b87b7dda64a1a"
},
{
"category": "Payload delivery",
"comment": "",
"deleted": false,
"disable_correlation": false,
"object_relation": "sha1",
"timestamp": "1575987801",
"to_ids": true,
"type": "sha1",
"uuid": "dfbd6acb-74a8-415d-8dde-021c012913f4",
"value": "74cace25311ac0abead7bd94e039ef080e550328"
},
{
"category": "Payload delivery",
"comment": "",
"deleted": false,
"disable_correlation": false,
"object_relation": "sha256",
"timestamp": "1575987801",
"to_ids": true,
"type": "sha256",
"uuid": "fb5afda0-c54c-406b-b9e2-1e646af66b89",
"value": "e038450d226cc02529a34a0c89cdd3af4c033066bb9db57274d0cadb52bb1065"
}
]
},
{
"comment": "",
"deleted": false,
"description": "VirusTotal report",
"meta-category": "misc",
"name": "virustotal-report",
"template_uuid": "d7dd0154-e04f-4c34-a2fb-79f3a3a52aa4",
"template_version": "2",
"timestamp": "1576068621",
"uuid": "42bd75dc-5e99-4c09-bfca-66b22cb28fa1",
"Attribute": [
{
"category": "Other",
"comment": "",
"deleted": false,
"disable_correlation": false,
"object_relation": "last-submission",
"timestamp": "1575987801",
"to_ids": false,
"type": "datetime",
"uuid": "1d38133b-f3bd-448f-9908-10c295194de9",
"value": "2019-12-07T05:03:09"
},
{
"category": "Payload delivery",
"comment": "",
"deleted": false,
"disable_correlation": false,
"object_relation": "permalink",
"timestamp": "1575987801",
"to_ids": false,
"type": "link",
"uuid": "37ec8e23-3055-4264-8436-3a030b9f0ca0",
"value": "https://www.virustotal.com/file/e038450d226cc02529a34a0c89cdd3af4c033066bb9db57274d0cadb52bb1065/analysis/1575694989/"
},
{
"category": "Payload delivery",
"comment": "",
"deleted": false,
"disable_correlation": true,
"object_relation": "detection-ratio",
"timestamp": "1575987801",
"to_ids": false,
"type": "text",
"uuid": "ee80466c-fe51-4735-86b4-6f4aa9d731d7",
"value": "50/71"
}
]
},
{
"comment": "",
"deleted": false,
"description": "File object describing a file with meta-information",
"meta-category": "file",
"name": "file",
"template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215",
"template_version": "17",
"timestamp": "1576068621",
"uuid": "00c6f164-f4b4-4e2c-a3ef-63c88e36f381",
"ObjectReference": [
{
"comment": "",
"object_uuid": "00c6f164-f4b4-4e2c-a3ef-63c88e36f381",
"referenced_uuid": "9fe4012e-2085-4dcf-9f99-f73e92b3c7b0",
"relationship_type": "analysed-with",
"timestamp": "1576068624",
"uuid": "5df0e610-6d0c-4c92-9c53-42e3950d210f"
}
],
"Attribute": [
{
"category": "Payload delivery",
"comment": "",
"deleted": false,
"disable_correlation": false,
"object_relation": "md5",
"timestamp": "1575987803",
"to_ids": true,
"type": "md5",
"uuid": "b045cd75-5588-450c-9e45-c47d567e5d9c",
"value": "8e61219b18d36748ce956099277cc29b"
},
{
"category": "Payload delivery",
"comment": "",
"deleted": false,
"disable_correlation": false,
"object_relation": "sha1",
"timestamp": "1575987803",
"to_ids": true,
"type": "sha1",
"uuid": "7a22a8ce-b81b-4725-a45b-3a02e3446e9e",
"value": "7cfe9d75b3f7bb31a6d0c86da7a43f4bb9bdc7bd"
},
{
"category": "Payload delivery",
"comment": "",
"deleted": false,
"disable_correlation": false,
"object_relation": "sha256",
"timestamp": "1575987803",
"to_ids": true,
"type": "sha256",
"uuid": "f1640970-916c-43c6-8c87-9ea4be4d1e0a",
"value": "14f40d1ca0019f38bb80e9d772952efbf643c34a2e236440e2e03ac9be1c5442"
}
]
},
{
"comment": "",
"deleted": false,
"description": "VirusTotal report",
"meta-category": "misc",
"name": "virustotal-report",
"template_uuid": "d7dd0154-e04f-4c34-a2fb-79f3a3a52aa4",
"template_version": "2",
"timestamp": "1576068621",
"uuid": "9fe4012e-2085-4dcf-9f99-f73e92b3c7b0",
"Attribute": [
{
"category": "Other",
"comment": "",
"deleted": false,
"disable_correlation": false,
"object_relation": "last-submission",
"timestamp": "1575987803",
"to_ids": false,
"type": "datetime",
"uuid": "34250df9-11b9-403a-b2c9-3ba00de86ea7",
"value": "2019-12-06T23:43:55"
},
{
"category": "Payload delivery",
"comment": "",
"deleted": false,
"disable_correlation": false,
"object_relation": "permalink",
"timestamp": "1575987803",
"to_ids": false,
"type": "link",
"uuid": "8006653e-147d-4441-b2ea-e52446ea404f",
"value": "https://www.virustotal.com/file/14f40d1ca0019f38bb80e9d772952efbf643c34a2e236440e2e03ac9be1c5442/analysis/1575675835/"
},
{
"category": "Payload delivery",
"comment": "",
"deleted": false,
"disable_correlation": true,
"object_relation": "detection-ratio",
"timestamp": "1575987803",
"to_ids": false,
"type": "text",
"uuid": "4312e489-eda6-46e2-a403-03acf16bf20b",
"value": "18/58"
}
]
},
{
"comment": "",
"deleted": false,
"description": "File object describing a file with meta-information",
"meta-category": "file",
"name": "file",
"template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215",
"template_version": "17",
"timestamp": "1576068621",
"uuid": "f005a213-c2ee-448d-80f3-a58ff20fdb4c",
"ObjectReference": [
{
"comment": "",
"object_uuid": "f005a213-c2ee-448d-80f3-a58ff20fdb4c",
"referenced_uuid": "8d2143a2-20d9-4de0-a833-5b13445c2fac",
"relationship_type": "analysed-with",
"timestamp": "1576068624",
"uuid": "5df0e610-a9f8-400e-a89f-485d950d210f"
}
],
"Attribute": [
{
"category": "Payload delivery",
"comment": "",
"deleted": false,
"disable_correlation": false,
"object_relation": "md5",
"timestamp": "1575987798",
"to_ids": true,
"type": "md5",
"uuid": "42559795-5183-485b-9b2c-aa20b7b2d72c",
"value": "516dcd4ecee6ac02c6a1a34ea8310917"
},
{
"category": "Payload delivery",
"comment": "",
"deleted": false,
"disable_correlation": false,
"object_relation": "sha1",
"timestamp": "1575987798",
"to_ids": true,
"type": "sha1",
"uuid": "79b9356c-38b0-43a9-b217-ab6b28229556",
"value": "c539ca5aa16de324551c913b61d22652e66de93f"
},
{
"category": "Payload delivery",
"comment": "",
"deleted": false,
"disable_correlation": false,
"object_relation": "sha256",
"timestamp": "1575987798",
"to_ids": true,
"type": "sha256",
"uuid": "97cda9cd-5053-4371-b9d1-ef2e992b65e2",
"value": "555413c77e8d97df2e26522984baef65b09269825fb80a6bffb5b456e009211a"
}
]
},
{
"comment": "",
"deleted": false,
"description": "VirusTotal report",
"meta-category": "misc",
"name": "virustotal-report",
"template_uuid": "d7dd0154-e04f-4c34-a2fb-79f3a3a52aa4",
"template_version": "2",
"timestamp": "1576068622",
"uuid": "8d2143a2-20d9-4de0-a833-5b13445c2fac",
"Attribute": [
{
"category": "Other",
"comment": "",
"deleted": false,
"disable_correlation": false,
"object_relation": "last-submission",
"timestamp": "1575987798",
"to_ids": false,
"type": "datetime",
"uuid": "720d70b9-3733-4b91-87fb-aa02de08fa7e",
"value": "2019-12-07T05:03:11"
},
{
"category": "Payload delivery",
"comment": "",
"deleted": false,
"disable_correlation": false,
"object_relation": "permalink",
"timestamp": "1575987798",
"to_ids": false,
"type": "link",
"uuid": "dbe684a8-0e46-445d-bea5-e9fe78e093f0",
"value": "https://www.virustotal.com/file/555413c77e8d97df2e26522984baef65b09269825fb80a6bffb5b456e009211a/analysis/1575694991/"
},
{
"category": "Payload delivery",
"comment": "",
"deleted": false,
"disable_correlation": true,
"object_relation": "detection-ratio",
"timestamp": "1575987798",
"to_ids": false,
"type": "text",
"uuid": "7013e7a4-f70f-4510-a6cd-9ab0fb64c593",
"value": "42/71"
}
]
},
{
"comment": "",
"deleted": false,
"description": "File object describing a file with meta-information",
"meta-category": "file",
"name": "file",
"template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215",
"template_version": "17",
"timestamp": "1576068622",
"uuid": "25b3b742-2893-462b-a181-8a9c046f7995",
"ObjectReference": [
{
"comment": "",
"object_uuid": "25b3b742-2893-462b-a181-8a9c046f7995",
"referenced_uuid": "ee0c2e26-c418-4f6f-9e6d-86952c212952",
"relationship_type": "analysed-with",
"timestamp": "1576068624",
"uuid": "5df0e610-e104-42ae-bc71-4b2c950d210f"
}
],
"Attribute": [
{
"category": "Payload delivery",
"comment": "",
"deleted": false,
"disable_correlation": false,
"object_relation": "md5",
"timestamp": "1575987805",
"to_ids": true,
"type": "md5",
"uuid": "c6711285-e41b-4895-bfb7-a28069871238",
"value": "b4e66b445b39d0368bbe4b91a3cd98ff"
},
{
"category": "Payload delivery",
"comment": "",
"deleted": false,
"disable_correlation": false,
"object_relation": "sha1",
"timestamp": "1575987805",
"to_ids": true,
"type": "sha1",
"uuid": "437010aa-bb38-4b54-a9a0-b3a285fd7882",
"value": "2bc358ddc72f59ba0373b8635ab08ad747c12180"
},
{
"category": "Payload delivery",
"comment": "",
"deleted": false,
"disable_correlation": false,
"object_relation": "sha256",
"timestamp": "1575987805",
"to_ids": true,
"type": "sha256",
"uuid": "ed9a2c74-410f-44e5-a1e6-ebe0ce2654ca",
"value": "1865013aaca0f12679e35f06c4dad4e00d6372415ee8390b17b4f910fee1f7a2"
}
]
},
{
"comment": "",
"deleted": false,
"description": "VirusTotal report",
"meta-category": "misc",
"name": "virustotal-report",
"template_uuid": "d7dd0154-e04f-4c34-a2fb-79f3a3a52aa4",
"template_version": "2",
"timestamp": "1576068622",
"uuid": "ee0c2e26-c418-4f6f-9e6d-86952c212952",
"Attribute": [
{
"category": "Other",
"comment": "",
"deleted": false,
"disable_correlation": false,
"object_relation": "last-submission",
"timestamp": "1575987805",
"to_ids": false,
"type": "datetime",
"uuid": "235c859e-25ec-4c50-ad5c-c53120f02538",
"value": "2019-12-07T05:03:15"
},
{
"category": "Payload delivery",
"comment": "",
"deleted": false,
"disable_correlation": false,
"object_relation": "permalink",
"timestamp": "1575987805",
"to_ids": false,
"type": "link",
"uuid": "a1d0af80-6400-4aa0-8790-c5177337582e",
"value": "https://www.virustotal.com/file/1865013aaca0f12679e35f06c4dad4e00d6372415ee8390b17b4f910fee1f7a2/analysis/1575694995/"
},
{
"category": "Payload delivery",
"comment": "",
"deleted": false,
"disable_correlation": true,
"object_relation": "detection-ratio",
"timestamp": "1575987805",
"to_ids": false,
"type": "text",
"uuid": "fda8a4b8-913d-482f-8357-7948be048ddf",
"value": "21/71"
}
]
},
{
"comment": "",
"deleted": false,
"description": "File object describing a file with meta-information",
"meta-category": "file",
"name": "file",
"template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215",
"template_version": "17",
"timestamp": "1576068622",
"uuid": "26bfe728-c018-44e4-b6d6-c54af3d2b14a",
"ObjectReference": [
{
"comment": "",
"object_uuid": "26bfe728-c018-44e4-b6d6-c54af3d2b14a",
"referenced_uuid": "77072cd3-da5c-4204-b37d-72fc44ed0384",
"relationship_type": "analysed-with",
"timestamp": "1576068625",
"uuid": "5df0e611-2164-40d6-bb81-4f9e950d210f"
}
],
"Attribute": [
{
"category": "Payload delivery",
"comment": "",
"deleted": false,
"disable_correlation": false,
"object_relation": "md5",
"timestamp": "1575987808",
"to_ids": true,
"type": "md5",
"uuid": "c4d6439a-470b-4e2a-ba60-6210987a5add",
"value": "52efa5da09fde23dd067c571389f49fa"
},
{
"category": "Payload delivery",
"comment": "",
"deleted": false,
"disable_correlation": false,
"object_relation": "sha1",
"timestamp": "1575987808",
"to_ids": true,
"type": "sha1",
"uuid": "03ed2cac-3a22-4608-9235-7b6dcc9fd474",
"value": "ca00eafde42f1456de01140556d8c3002866cc74"
},
{
"category": "Payload delivery",
"comment": "",
"deleted": false,
"disable_correlation": false,
"object_relation": "sha256",
"timestamp": "1575987808",
"to_ids": true,
"type": "sha256",
"uuid": "4d7f912d-fbcc-43ad-ab15-41382a70dfdc",
"value": "4f18df68ce89ba55b1bff0b1aac72a54c19862241f0fac9f957f8626114db418"
}
]
},
{
"comment": "",
"deleted": false,
"description": "VirusTotal report",
"meta-category": "misc",
"name": "virustotal-report",
"template_uuid": "d7dd0154-e04f-4c34-a2fb-79f3a3a52aa4",
"template_version": "2",
"timestamp": "1576068622",
"uuid": "77072cd3-da5c-4204-b37d-72fc44ed0384",
"Attribute": [
{
"category": "Other",
"comment": "",
"deleted": false,
"disable_correlation": false,
"object_relation": "last-submission",
"timestamp": "1575987808",
"to_ids": false,
"type": "datetime",
"uuid": "5f351c9c-4286-44da-a31a-0e8708cddf21",
"value": "2019-12-07T05:03:17"
},
{
"category": "Payload delivery",
"comment": "",
"deleted": false,
"disable_correlation": false,
"object_relation": "permalink",
"timestamp": "1575987808",
"to_ids": false,
"type": "link",
"uuid": "0b92f081-eca4-46d9-ab89-9edc194a1649",
"value": "https://www.virustotal.com/file/4f18df68ce89ba55b1bff0b1aac72a54c19862241f0fac9f957f8626114db418/analysis/1575694997/"
},
{
"category": "Payload delivery",
"comment": "",
"deleted": false,
"disable_correlation": true,
"object_relation": "detection-ratio",
"timestamp": "1575987808",
"to_ids": false,
"type": "text",
"uuid": "ad5b6315-0d03-472b-8421-f2d5bf52d2db",
"value": "36/70"
}
]
},
{
"comment": "",
"deleted": false,
"description": "File object describing a file with meta-information",
"meta-category": "file",
"name": "file",
"template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215",
"template_version": "17",
"timestamp": "1576068622",
"uuid": "dab61fb6-c519-46a1-b060-fa178764d6da",
"ObjectReference": [
{
"comment": "",
"object_uuid": "dab61fb6-c519-46a1-b060-fa178764d6da",
"referenced_uuid": "2254d0a1-5768-49d1-8f6f-55ef72367d31",
"relationship_type": "analysed-with",
"timestamp": "1576068625",
"uuid": "5df0e611-87dc-49f9-b42a-4d65950d210f"
}
],
"Attribute": [
{
"category": "Payload delivery",
"comment": "",
"deleted": false,
"disable_correlation": false,
"object_relation": "md5",
"timestamp": "1575987776",
"to_ids": true,
"type": "md5",
"uuid": "840523be-28e4-4d3e-9690-3f05f73290a1",
"value": "5f8bf3dd940ef09ce25a8b3912c92220"
},
{
"category": "Payload delivery",
"comment": "",
"deleted": false,
"disable_correlation": false,
"object_relation": "sha1",
"timestamp": "1575987776",
"to_ids": true,
"type": "sha1",
"uuid": "10c571f4-acaa-454c-8740-cc1f39f3b148",
"value": "3bb1daf9c5b39a026af5fd5a6c321cd3d0be04d6"
},
{
"category": "Payload delivery",
"comment": "",
"deleted": false,
"disable_correlation": false,
"object_relation": "sha256",
"timestamp": "1575987776",
"to_ids": true,
"type": "sha256",
"uuid": "c35e1fac-0ec0-411d-a100-c5fdb867b993",
"value": "38136d8d4146e75f03714f14d847777bf1cd17ddc942b95446b72954dfbd9f3e"
}
]
},
{
"comment": "",
"deleted": false,
"description": "VirusTotal report",
"meta-category": "misc",
"name": "virustotal-report",
"template_uuid": "d7dd0154-e04f-4c34-a2fb-79f3a3a52aa4",
"template_version": "2",
"timestamp": "1576068622",
"uuid": "2254d0a1-5768-49d1-8f6f-55ef72367d31",
"Attribute": [
{
"category": "Other",
"comment": "",
"deleted": false,
"disable_correlation": false,
"object_relation": "last-submission",
"timestamp": "1575987776",
"to_ids": false,
"type": "datetime",
"uuid": "a7071fb2-fb26-46c7-967e-d255748b6d85",
"value": "2019-12-07T05:03:08"
},
{
"category": "Payload delivery",
"comment": "",
"deleted": false,
"disable_correlation": false,
"object_relation": "permalink",
"timestamp": "1575987776",
"to_ids": false,
"type": "link",
"uuid": "25d6382c-3518-4ea4-b664-ed4370405b1d",
"value": "https://www.virustotal.com/file/38136d8d4146e75f03714f14d847777bf1cd17ddc942b95446b72954dfbd9f3e/analysis/1575694988/"
},
{
"category": "Payload delivery",
"comment": "",
"deleted": false,
"disable_correlation": true,
"object_relation": "detection-ratio",
"timestamp": "1575987776",
"to_ids": false,
"type": "text",
"uuid": "c6ffd21b-553b-45ae-ac1d-4ae5f5f5f085",
"value": "35/71"
}
]
},
{
"comment": "",
"deleted": false,
"description": "File object describing a file with meta-information",
"meta-category": "file",
"name": "file",
"template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215",
"template_version": "17",
"timestamp": "1576068623",
"uuid": "53d444c2-5449-4082-b85a-e61c3760d6c4",
"ObjectReference": [
{
"comment": "",
"object_uuid": "53d444c2-5449-4082-b85a-e61c3760d6c4",
"referenced_uuid": "f3154e62-2ff1-4769-af0a-6115e01096bc",
"relationship_type": "analysed-with",
"timestamp": "1576068625",
"uuid": "5df0e611-ad68-46a3-b353-416f950d210f"
}
],
"Attribute": [
{
"category": "Payload delivery",
"comment": "",
"deleted": false,
"disable_correlation": false,
"object_relation": "md5",
"timestamp": "1575987775",
"to_ids": true,
"type": "md5",
"uuid": "b5693a8c-90db-4363-86ac-45ad624497f0",
"value": "d747323e83fa4f20cc55647a6d5dc198"
},
{
"category": "Payload delivery",
"comment": "",
"deleted": false,
"disable_correlation": false,
"object_relation": "sha1",
"timestamp": "1575987775",
"to_ids": true,
"type": "sha1",
"uuid": "cce74e43-2622-4be2-8bb4-e0e33cc36f6c",
"value": "8b966bc4c4adde90f51f68a78aa326b761981fb4"
},
{
"category": "Payload delivery",
"comment": "",
"deleted": false,
"disable_correlation": false,
"object_relation": "sha256",
"timestamp": "1575987775",
"to_ids": true,
"type": "sha256",
"uuid": "ee447a93-ffa2-4535-bd9a-ec9403ef44c7",
"value": "f39cdc437f4c8d7d4d80b8d1d17c9c75e54340df912a56afc1f9a4e7ce5e4cfb"
}
]
},
{
"comment": "",
"deleted": false,
"description": "VirusTotal report",
"meta-category": "misc",
"name": "virustotal-report",
"template_uuid": "d7dd0154-e04f-4c34-a2fb-79f3a3a52aa4",
"template_version": "2",
"timestamp": "1576068623",
"uuid": "f3154e62-2ff1-4769-af0a-6115e01096bc",
"Attribute": [
{
"category": "Other",
"comment": "",
"deleted": false,
"disable_correlation": false,
"object_relation": "last-submission",
"timestamp": "1575987775",
"to_ids": false,
"type": "datetime",
"uuid": "021742ea-6364-4256-9c75-b0300898408f",
"value": "2019-12-07T05:03:07"
},
{
"category": "Payload delivery",
"comment": "",
"deleted": false,
"disable_correlation": false,
"object_relation": "permalink",
"timestamp": "1575987775",
"to_ids": false,
"type": "link",
"uuid": "95770780-45d2-4e03-afda-e0127a4f7b52",
"value": "https://www.virustotal.com/file/f39cdc437f4c8d7d4d80b8d1d17c9c75e54340df912a56afc1f9a4e7ce5e4cfb/analysis/1575694987/"
},
{
"category": "Payload delivery",
"comment": "",
"deleted": false,
"disable_correlation": true,
"object_relation": "detection-ratio",
"timestamp": "1575987775",
"to_ids": false,
"type": "text",
"uuid": "eb78fef4-df41-47c0-86a3-fd96f8b840b4",
"value": "40/71"
}
]
},
{
"comment": "",
"deleted": false,
"description": "File object describing a file with meta-information",
"meta-category": "file",
"name": "file",
"template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215",
"template_version": "17",
"timestamp": "1576068623",
"uuid": "93f8b76b-2456-44b4-9a7c-cdb0166ccacc",
"ObjectReference": [
{
"comment": "",
"object_uuid": "93f8b76b-2456-44b4-9a7c-cdb0166ccacc",
"referenced_uuid": "017ca493-a3dc-4bc8-a384-6efaf630477a",
"relationship_type": "analysed-with",
"timestamp": "1576068626",
"uuid": "5df0e612-0cfc-4062-93dc-4791950d210f"
}
],
"Attribute": [
{
"category": "Payload delivery",
"comment": "",
"deleted": false,
"disable_correlation": false,
"object_relation": "md5",
"timestamp": "1575987801",
"to_ids": true,
"type": "md5",
"uuid": "a9c92db4-eae9-430f-b2e2-9f4086645605",
"value": "b8ffea5aa357e8bac5efc03f8e202292"
},
{
"category": "Payload delivery",
"comment": "",
"deleted": false,
"disable_correlation": false,
"object_relation": "sha1",
"timestamp": "1575987801",
"to_ids": true,
"type": "sha1",
"uuid": "e97d8e7d-df36-4856-b6e5-be57dd12a379",
"value": "48f2da6aeaef0cc342ea4bf9ff20aa8bfcde9872"
},
{
"category": "Payload delivery",
"comment": "",
"deleted": false,
"disable_correlation": false,
"object_relation": "sha256",
"timestamp": "1575987801",
"to_ids": true,
"type": "sha256",
"uuid": "1ac53e5c-81b2-4a16-adce-fb15df20284d",
"value": "7c09b14a34114e5b6861530ac19ab1aaadf9e8c9a7fbbde96542c21175b094e0"
}
]
},
{
"comment": "",
"deleted": false,
"description": "VirusTotal report",
"meta-category": "misc",
"name": "virustotal-report",
"template_uuid": "d7dd0154-e04f-4c34-a2fb-79f3a3a52aa4",
"template_version": "2",
"timestamp": "1576068623",
"uuid": "017ca493-a3dc-4bc8-a384-6efaf630477a",
"Attribute": [
{
"category": "Other",
"comment": "",
"deleted": false,
"disable_correlation": false,
"object_relation": "last-submission",
"timestamp": "1575987801",
"to_ids": false,
"type": "datetime",
"uuid": "09e20c69-0a59-449c-8b52-fdbea1126f57",
"value": "2019-12-07T05:03:12"
},
{
"category": "Payload delivery",
"comment": "",
"deleted": false,
"disable_correlation": false,
"object_relation": "permalink",
"timestamp": "1575987801",
"to_ids": false,
"type": "link",
"uuid": "6b479fca-6542-4050-8295-15bde38b7881",
"value": "https://www.virustotal.com/file/7c09b14a34114e5b6861530ac19ab1aaadf9e8c9a7fbbde96542c21175b094e0/analysis/1575694992/"
},
{
"category": "Payload delivery",
"comment": "",
"deleted": false,
"disable_correlation": true,
"object_relation": "detection-ratio",
"timestamp": "1575987801",
"to_ids": false,
"type": "text",
"uuid": "20f365c8-39e4-437e-b36b-b045cbc6dad6",
"value": "26/60"
}
]
}
]
}
}