misp-circl-feed/feeds/circl/misp/5e4886b7-3f14-4ab0-867f-4ea30a0a020f.json

652 lines
954 KiB
JSON
Raw Normal View History

2023-04-21 13:25:09 +00:00
{
"Event": {
"analysis": "0",
"date": "2020-02-16",
"extends_uuid": "",
"info": "IRS Doc Malware",
"publish_timestamp": "1593663211",
"published": true,
"threat_level_id": "3",
"timestamp": "1621850643",
"uuid": "5e4886b7-3f14-4ab0-867f-4ea30a0a020f",
"Orgc": {
"name": "laskowski-tech.com",
"uuid": "5e157d76-c92c-4acd-a54e-4a01950d210f"
},
"Tag": [
{
"colour": "#0088cc",
2023-05-19 09:05:37 +00:00
"local": "0",
"name": "misp-galaxy:mitre-attack-pattern=\"Spearphishing Attachment - T1193\"",
"relationship_type": ""
2023-04-21 13:25:09 +00:00
},
{
"colour": "#0088cc",
2023-05-19 09:05:37 +00:00
"local": "0",
"name": "misp-galaxy:mitre-attack-pattern=\"Command-Line Interface - T1059\"",
"relationship_type": ""
2023-04-21 13:25:09 +00:00
},
{
"colour": "#0088cc",
2023-05-19 09:05:37 +00:00
"local": "0",
"name": "misp-galaxy:mitre-attack-pattern=\"PowerShell - T1086\"",
"relationship_type": ""
2023-04-21 13:25:09 +00:00
},
{
"colour": "#0088cc",
2023-05-19 09:05:37 +00:00
"local": "0",
"name": "misp-galaxy:mitre-attack-pattern=\"Scripting - T1064\"",
"relationship_type": ""
2023-04-21 13:25:09 +00:00
},
{
"colour": "#0088cc",
2023-05-19 09:05:37 +00:00
"local": "0",
"name": "misp-galaxy:mitre-attack-pattern=\"Registry Run Keys / Startup Folder - T1060\"",
"relationship_type": ""
2023-04-21 13:25:09 +00:00
},
{
"colour": "#0088cc",
2023-05-19 09:05:37 +00:00
"local": "0",
"name": "misp-galaxy:mitre-attack-pattern=\"BITS Jobs - T1197\"",
"relationship_type": ""
2023-04-21 13:25:09 +00:00
},
{
"colour": "#0088cc",
2023-05-19 09:05:37 +00:00
"local": "0",
"name": "misp-galaxy:mitre-attack-pattern=\"Commonly Used Port - T1043\"",
"relationship_type": ""
2023-04-21 13:25:09 +00:00
},
{
"colour": "#0088cc",
2023-05-19 09:05:37 +00:00
"local": "0",
"name": "misp-galaxy:mitre-attack-pattern=\"Standard Cryptographic Protocol - T1032\"",
"relationship_type": ""
2023-04-21 13:25:09 +00:00
},
{
"colour": "#ffffff",
2023-05-19 09:05:37 +00:00
"local": "0",
"name": "tlp:white",
"relationship_type": ""
2023-04-21 13:25:09 +00:00
},
{
"colour": "#bf0dcc",
2023-05-19 09:05:37 +00:00
"local": "0",
"name": "maldoc",
"relationship_type": ""
2023-04-21 13:25:09 +00:00
}
],
"Attribute": [
{
"category": "Network activity",
"comment": "",
"deleted": false,
"disable_correlation": false,
"first_seen": "2020-02-15T00:00:00+00:00",
"last_seen": "2020-02-15T00:00:00+00:00",
"timestamp": "1581967401",
"to_ids": true,
"type": "ip-dst|port",
"uuid": "5e4886d0-aa58-46fb-9e0d-49e10a0a020f",
"value": "199.188.200.112|443",
"Tag": [
{
"colour": "#e200a3",
2023-05-19 09:05:37 +00:00
"local": "0",
"name": "kill-chain:Command and Control",
"relationship_type": ""
2023-04-21 13:25:09 +00:00
}
]
},
{
"category": "Network activity",
"comment": "legitmate OCSP CRL server",
"deleted": false,
"disable_correlation": false,
"first_seen": "2020-02-15T00:00:00+00:00",
"last_seen": "2020-02-15T00:00:00+00:00",
"timestamp": "1581967334",
"to_ids": false,
"type": "ip-dst|port",
"uuid": "5e48871a-d484-402c-af72-4ce50a0a020f",
"value": "151.139.128.14|80"
},
{
"category": "Payload delivery",
"comment": "",
"deleted": false,
"disable_correlation": false,
"timestamp": "1581967386",
"to_ids": true,
"type": "url",
"uuid": "5e48880c-0c00-401e-9e4b-4b3474656a8a",
"value": "http://siliconmadeinhk.com/Server2_36B4.exe",
"Tag": [
{
"colour": "#8a0064",
2023-05-19 09:05:37 +00:00
"local": "0",
"name": "kill-chain:Delivery",
"relationship_type": ""
2023-04-21 13:25:09 +00:00
}
]
},
{
"category": "Network activity",
"comment": "",
"deleted": false,
"disable_correlation": false,
"timestamp": "1581967386",
"to_ids": true,
"type": "domain",
"uuid": "5e48882f-b1c4-4e46-a8e1-4b2074656a8a",
"value": "siliconmadeinhk.com",
"Tag": [
{
"colour": "#8a0064",
2023-05-19 09:05:37 +00:00
"local": "0",
"name": "kill-chain:Delivery",
"relationship_type": ""
2023-04-21 13:25:09 +00:00
}
]
},
{
"category": "Network activity",
"comment": "",
"deleted": false,
"disable_correlation": false,
"timestamp": "1581967352",
"to_ids": true,
"type": "domain",
"uuid": "5e49291d-119c-48dd-83c5-4b5374656a8a",
"value": "binupload.com",
"Tag": [
{
"colour": "#e200a3",
2023-05-19 09:05:37 +00:00
"local": "0",
"name": "kill-chain:Command and Control",
"relationship_type": ""
2023-04-21 13:25:09 +00:00
}
]
},
{
"category": "Network activity",
"comment": "tied to \t\r\nbinupload.com",
"deleted": false,
"disable_correlation": false,
"timestamp": "1581967352",
"to_ids": true,
"type": "ip-dst",
"uuid": "5e4929ef-e944-47ed-91ea-472e74656a8a",
"value": "199.188.200.112",
"Tag": [
{
"colour": "#e200a3",
2023-05-19 09:05:37 +00:00
"local": "0",
"name": "kill-chain:Command and Control",
"relationship_type": ""
2023-04-21 13:25:09 +00:00
}
]
},
{
"category": "Network activity",
"comment": "tied to siliconmadeinhk.com",
"deleted": false,
"disable_correlation": false,
"first_seen": "2020-02-16T00:00:00+00:00",
"last_seen": "2020-02-17T00:00:00+00:00",
"timestamp": "1581967386",
"to_ids": true,
"type": "ip-dst",
"uuid": "5e4ae75c-ecfc-49f8-8cf5-03f60a0a020f",
"value": "185.222.202.237",
"Tag": [
{
"colour": "#8a0064",
2023-05-19 09:05:37 +00:00
"local": "0",
"name": "kill-chain:Delivery",
"relationship_type": ""
2023-04-21 13:25:09 +00:00
}
]
},
{
"category": "Network activity",
"comment": "tied to siliconmadeinhk.com",
"deleted": false,
"disable_correlation": false,
"timestamp": "1581967386",
"to_ids": true,
"type": "ip-dst",
"uuid": "5e4ae7a3-e4f8-4bb2-859f-155674656a8a",
"value": "89.208.229.55",
"Tag": [
{
"colour": "#8a0064",
2023-05-19 09:05:37 +00:00
"local": "0",
"name": "kill-chain:Delivery",
"relationship_type": ""
2023-04-21 13:25:09 +00:00
}
]
},
{
"category": "Network activity",
"comment": "tied to siliconmadeinhk.com",
"deleted": false,
"disable_correlation": false,
"timestamp": "1581967386",
"to_ids": true,
"type": "ip-dst",
"uuid": "5e4ae7a3-47e4-4d8c-815b-155674656a8a",
"value": "172.105.81.149",
"Tag": [
{
"colour": "#8a0064",
2023-05-19 09:05:37 +00:00
"local": "0",
"name": "kill-chain:Delivery",
"relationship_type": ""
2023-04-21 13:25:09 +00:00
}
]
},
{
"category": "Network activity",
"comment": "tied to siliconmadeinhk.com",
"deleted": false,
"disable_correlation": false,
"timestamp": "1581967386",
"to_ids": true,
"type": "ip-dst",
"uuid": "5e4ae7a3-e910-4288-9170-155674656a8a",
"value": "172.105.154.72",
"Tag": [
{
"colour": "#8a0064",
2023-05-19 09:05:37 +00:00
"local": "0",
"name": "kill-chain:Delivery",
"relationship_type": ""
2023-04-21 13:25:09 +00:00
}
]
},
{
"category": "Network activity",
"comment": "tied to siliconmadeinhk.com",
"deleted": false,
"disable_correlation": false,
"timestamp": "1581967386",
"to_ids": true,
"type": "ip-dst",
"uuid": "5e4ae7a3-ef8c-49f1-8f58-155674656a8a",
"value": "89.208.196.16",
"Tag": [
{
"colour": "#8a0064",
2023-05-19 09:05:37 +00:00
"local": "0",
"name": "kill-chain:Delivery",
"relationship_type": ""
2023-04-21 13:25:09 +00:00
}
]
},
{
"category": "Artifacts dropped",
"comment": "",
"deleted": false,
"disable_correlation": false,
"timestamp": "1581967556",
"to_ids": false,
"type": "regkey|value",
"uuid": "5e4ae897-bb28-47fe-811d-04470a0a020f",
"value": "Software\\Microsoft\\Windows\\CurrentVersion\\RunOnce|%USERPROFILE%\\PROTOZOA.vbs",
"Tag": [
{
"colour": "#c5008e",
2023-05-19 09:05:37 +00:00
"local": "0",
"name": "kill-chain:Installation",
"relationship_type": ""
2023-04-21 13:25:09 +00:00
}
]
},
{
"category": "External analysis",
"comment": "Walkthrough writeup of malware execution",
"deleted": false,
"disable_correlation": false,
"timestamp": "1581968008",
"to_ids": false,
"type": "link",
"uuid": "5e4aea88-9e20-4d2d-9b04-421b0a0a020f",
"value": "https://laskowski-tech.com/2020/02/17/what-is-this-bad-for-sure-racoon-stealer-maybe/"
},
{
"category": "Network activity",
"comment": "",
"deleted": false,
"disable_correlation": false,
"first_seen": "2020-02-15T00:00:00+00:00",
"last_seen": "2020-02-17T00:00:00+00:00",
"timestamp": "1581972550",
"to_ids": true,
"type": "hostname",
"uuid": "5e4afc46-fc7c-4164-819a-44c7950d210f",
"value": "server237-5.web-hosting.com"
}
],
"Object": [
{
"comment": "",
"deleted": false,
"description": "File object describing a file with meta-information",
"meta-category": "file",
"name": "file",
"template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215",
"template_version": "17",
"timestamp": "1581967575",
"uuid": "5e488f03-b2f8-4607-93af-4e030a0a020f",
"Attribute": [
{
"category": "Artifacts dropped",
"comment": "",
"data": "UEsDBBQACQAIAM4EUFDxOO1nmzIAAACQAAAgABwAOWRlYzk2M2RkOTY0NzE2NDA1YWRiZTllZjkwMDZkZTdVVAkAAwOPSF4Dj0hedXgLAAEEIQAAAAQhAAAAcE7xtZVZojZIjqK8INqNFa7zQSvcr0ZVL2DV1pIZXdCCdow35xaW5qjpFwraToSKjZ+sfYRXqBNz6086guOg9N20qcT6Jk57Mr48wAPUaKFCgw7neBJ3GDw4lWNB8ArPm8ukoySoJBaXXG96sMpQw10wE1BTBau7YWp3DwSoC2D45KoCNa/5IObxkYbDkHrKH80rcJLTAu++UXy7ummD6bBo8v0/Bh/128X3FETbasdsRQOJIbuSL79Xs95YswVZzzBIC2DZ3lniw0DOCb8mnPsU7XI+rE6l3Aab8yc3RhU9WFyJl31zezItkpv4JoHE/mWKcog218y+Abi5v3gtQ9cVuwx9MeSO7HmtZmG9Yooq3PwtuLbZVYg4HfR0KD4FSZAc1i5i7eHT4Yhwe1SxC7GEHrVAhlMvwuBLUUCo4PlZw3sK/dL405KbZGb7n7yyLv5zots+yywwchO76BrrMmTlzKy/rF0IB6ee2mX3t8HzeV0r+twzI48NQrMSMXlF9Y0hfYxDUFIRuRB0jQYgOKKTncxnlqDkLyHp3KBVFM+Z2PrTuQwse8ogR82E99IE3iBuEuBM5DDXN3SDNbRPxhlnX2DNmM59pO/0hUT6H+U4eOV/G/F3Xcbj0lLFVFZRDjYIYodhTReyg8UpIHVW6Vl0gBVuzuB6azp5DkndNvyUzS+DTAG+5ucLlbINi0ehmykSQvciW3g/IoGrUpLxVU0S9tAAtK+XDISjwD9s7vK2Z/9uT1OIFbDetBpsyydlQ7KtRrDt399MrNz2ijwkpVe8h4PxJLCk4/SUas1Uivv67ep7oIDZCrA+Nt7jnIGoL9vRFa0H7rwMQ1pFrKwW87HKYyUZpSqEcikBOEi+/YqfNVg2VWATEMUvgfpZtGV9wKZcRl7fHx5TdV+XZxtFPr5wT1ECWQbuBWYpy9ff9wrZhKeZUqlkqFteyO3ood8u4ZvdmIYrbOkpojYvVuoLR4rNyI0kKwLebVVbG50bNIpCU0DVqQFOfegYqX1FhwwCYqq9qq7jvBEU2Iut6ie+2Rcg6igZ47MT9+nwd7au1YFNGQQ0q5pqR7cMobfVrNB5al4D6hFW4Qo4XqQlHUb7gnGcbbnabL8Bb0m3WpBUQJIhZQZG2WV/ax/qgNB7tAItYKTFq9osKGpLcn9DDDdd8IJQh2i73xkXDp+JS53lssWx7MbcmVSLtNmLKpKM6SgijisM0kgEcfxQSUkGgxQhpd4buOmUTbMwodD+OJCo1/sGjbe6lp19m/esauVohKjxWzLKFS0Nxi3DCu1/1tFZC1b6dwZ563THIKhLBHedi1RzgwSHiB9Z0SZX0EruCqttS8fzqMi2Nw3J07uij98hlxlsarrFkUpFAk3eEp+qQCTCmcLQ9sKybtU7ogRwPN7hsZATtFvVFRFfKSZuteOdZdI1+fIBeZoeGrFF1rN/Rx96NeWLWJSkHHZWXbT/Bl5/DykS9T0ldBwaW12Dtacj6MvjNp++qrZB17jrvf1LYTvaRnkZbFbuA4v+Z7LCMd6zHQBvnAc6gD8HQPtyxhqWaCNVxgTw4HI6/0Ngxry5xhB90owA2fNNKZ4hyzn7xZeUv+onxmlsteq4wOWGh/vfooYb4gM8DAId0vTg/Hhccr7dQYS+B2arW3ex2xnp5VlJ8nDmNxmLrJKZ90eAeua1WghC2R8gg3GLu6mhw9LBIetrEEW1fJZeihoS/ZjFpwhprWVgfqlerIDOhtn7xF7vWMh2D+LVncPLyW6V6Iqey7e5RNalCZznmyINjf9fTVYC8cgSUXJil19SuqoIXa/fPQEfGgaDs6K6gGmRQQgLHEnfoEMczGWabGNnFih/YFVnyQj5rPDg15Az42I8uo00k3947f5ggfg/JUDS7UjQsBGYhimuOHObO5Yrh5zhi/P1nWY0Ve7xCPyymaOjDjAH6PFNsaSm9ZjAkDhbOEuHI3J6xJbyFNXqjpqbpdmEF73GoQjvJGT5PmDTfsPPyjfgrhoiU1LPBbNsBGl+LVvuPRlxx9EuhM1l70nPz3f7+aIdXiFouuAHHu+20rPDrm6MAD/70/cgOplahZGUGPFWhv9KDHt1PKqvujODemwMbvTN7RVTMkWRGzEl8BAAWdV89ZdCfVia44DvD01oBroaNb4TrvRLOs1tAc70KoEg4KnYwi2YN4VdDMARG7dz3VkJCJTRTVPK05RcRHpBoC/XBZvmCfow2sjE1iigndP+WQyEXR9jz0zz5e0aLuRDFU8yIFzJRGsTDFMCIsdHrukTdssCJyBo8NuhC86bozu4c7K08mjJ9KE/epGeHUbKX6cVH7WYA3JGyUarHT18bjiOqjHce/BNTLSS1GzqZLfxb6s1iA2zHAnyqsG0dpuH97deyvd8MPXkOC7+qqIjznKQAOXpQ67Pvl5PhIl5tdnZUqfZk9CTb/QmXdXWeSfDo9r9OsPkWOzfpuP37ltFYpKJ4EpQsSk/ytzvCdm1ISlKcTVpscv/0ice2dx4Y3JZn52m7xYwCBAwageSqyN+X2AFn8KCMYWuzg2N79garblJQGH6KoPPwvFK4WJ31RYF9xOf+6miDyrKl2SW9YHnSU/MSvDrIJtu2avMxhcMF5UdCK2V+Me+86mtjMTIPQW8W1NHXzSv3j/VfGaQIOuCQFGjJGs3glokjW+m+3ECY/9W11Yl3GkjRUh1jLJJ1yUJsbFXV6PXw3zDhFXJ/YOQmhPq9SHoZllAK1GXjOmOLCbBtusC3gMSgLQDrAOuhABqrSgajl73jV/0m9KR3fZ5qKY1LR1t6xzEZhlcXFTwRfZ3EI88n6UyU6VKc3udiuHLp2ueM4A0iklnegaseWEBdlC5gsm3x7Q3iIiUTE4uq4JRroZoOngh+MMkNMp4dQiCjtTf0XyNsOEjZydD897hE1g3peNgYEW4B9SuudIXRGrpwmW6tLxrND/cEovkrD8yxxaWOjOc9CxzEpXjU0b8ZJ73w+zOA4bo2bB9ODiRVhEyZxgwMHK2XHrAhKhJbVB9LLT4XMWHxsWam6SwGUs4FhDXxcedYluKPcv1xpP6algZ0bsCBFNqQCI35m6aLYgiqk77Cqxzbt5jbaeawIJn3aW/P8oT+3Jd5Atu0GawKFFFHNUpB3pf6paFWtcmvsYGjNpuZM/znhiLLzTFZ5RCEPTIxwggwmEDy88SWnNX2sRzcgAXG7YMhP0vrUE+iWCXmJW9fQab+dFZNVnsAeXO8snBeW+oDI/iScHJf3CKk7hZ0eWgw+OxM+maDTIO9sYmLb62KEv+BjeDNjT8ihzgEwzeZMFM/7NNe0ykc/UOEuzk2L7JnjYTc9IWyHPvQIIONs9d0rwos7BssMAH6GM2A2fpUoE9AwZJ2nuXPPmBOt2Dg05/9IRb+aAMD9JhlzqhV4LrfjCu1DS8KxEg9einzdJ5okCTUXrNzyzipNLe4Qw1/OfD3V1/JWQ12umBCgh3zpy+PhTP0pZ131zsU64eq7hNJULsqstrMq/LrFQsVDE3eInrAyuawfC8R5YiP3v0IOxGnixZCCg8DcfSftB60Xd0bsj78uSoDIIShIsK+jMMNBDh/GW8o2Yrp1ciEk7Z8+lgbuXsPTd5mUc36cSK5N6KJKHTcRUfIfpJmdp9OzSLb18IOCZaRTT7gj9NkVIyl+jxyLE0F/NIogoFk0JP5onnPrpSvoitMIeYJGYYrLYrCpJYjXqDSLCj3D3uG1b+E27+0AgedLgbIJJ08Boe2f7zF4aALQgTnADrMfyonPZs28dVdB+Z2SSzYVp35Y6AOrMEvD18DGe/bu8EJb6DQP+t7psReCD6h1J2VK8YwPiO7SwwgNW64MaUZ/YmcwqX37zuxLHJ5yQXgs0VVREWUyHVUH9StnsxKNL7360WRT0sR/ugSYOPxChJNoY0IbfgP3L8+OcRY4G2VpuyUmqffmEqsTGMS3owIB
"deleted": false,
"disable_correlation": false,
"object_relation": "malware-sample",
"timestamp": "1581967575",
"to_ids": true,
"type": "malware-sample",
"uuid": "5e488f03-ac5c-41e0-aaff-48b30a0a020f",
"value": "PROTOZOA.exe|9dec963dd964716405adbe9ef9006de7",
"Tag": [
{
"colour": "#c5008e",
2023-05-19 09:05:37 +00:00
"local": "0",
"name": "kill-chain:Installation",
"relationship_type": ""
2023-04-21 13:25:09 +00:00
}
]
},
{
"category": "Artifacts dropped",
"comment": "",
"deleted": false,
"disable_correlation": false,
"object_relation": "filename",
"timestamp": "1581813507",
"to_ids": false,
"type": "filename",
"uuid": "5e488f03-15ec-4d39-8f73-42350a0a020f",
"value": "PROTOZOA.exe"
},
{
"category": "Artifacts dropped",
"comment": "",
"deleted": false,
"disable_correlation": false,
"object_relation": "md5",
"timestamp": "1581813507",
"to_ids": true,
"type": "md5",
"uuid": "5e488f03-7ecc-4323-bcca-42230a0a020f",
"value": "9dec963dd964716405adbe9ef9006de7"
},
{
"category": "Artifacts dropped",
"comment": "",
"deleted": false,
"disable_correlation": false,
"object_relation": "sha1",
"timestamp": "1581813507",
"to_ids": true,
"type": "sha1",
"uuid": "5e488f03-7e74-42ed-9d93-4dc40a0a020f",
"value": "452d05a5ad2fdd2b8f45b878b2078900b9f072b2"
},
{
"category": "Artifacts dropped",
"comment": "",
"deleted": false,
"disable_correlation": false,
"object_relation": "sha256",
"timestamp": "1581813507",
"to_ids": true,
"type": "sha256",
"uuid": "5e488f03-348c-414e-a84c-40ea0a0a020f",
"value": "585f829c600736a9613d0870c6460068d9461a7be35c07149fe58143b2f24b6f"
},
{
"category": "Other",
"comment": "",
"deleted": false,
"disable_correlation": true,
"object_relation": "size-in-bytes",
"timestamp": "1581813507",
"to_ids": false,
"type": "size-in-bytes",
"uuid": "5e488f03-7384-48a9-b0a5-4e340a0a020f",
"value": "36864"
}
]
},
{
"comment": "",
"deleted": false,
"description": "File object describing a file with meta-information",
"meta-category": "file",
"name": "file",
"template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215",
"template_version": "17",
"timestamp": "1581967575",
"uuid": "5e488f10-027c-49ed-a39f-4f3e0a0a020f",
"Attribute": [
{
"category": "Artifacts dropped",
"comment": "",
"data": "UEsDBBQACQAIANQEUFAoHxDscgAAAGgAAAAgABwANzAxYTM0NjIyODcwODMzMjA2MzUyOTY5NTIxMDMwOWFVVAkAAxCPSF4Qj0hedXgLAAEEIQAAAAQhAAAA8ZIOsoPrG3Z5XHKyWGdvFkoV6A/eOpsiE50ZIXk3a+3v2/CbxATtYK3Uu+y14Fu/YmQaYlNX40Ve2ap7va0Q37FtGNRW8s5VcoewoIi7J5i52LY26na/9UmJkUmU5a6VZroEMS5t9DK0XST9gJm0Qmd3UEsHCCgfEOxyAAAAaAAAAFBLAwQKAAkAAADUBFBQZf6gRRgAAAAMAAAALQAcADcwMWEzNDYyMjg3MDgzMzIwNjM1Mjk2OTUyMTAzMDlhLmZpbGVuYW1lLnR4dFVUCQADEI9IXhCPSF51eAsAAQQhAAAABCEAAAAshUppe3PJz0V4VKaGN7Y2Q5D+kJs0v3BQSwcIZf6gRRgAAAAMAAAAUEsBAh4DFAAJAAgA1ARQUCgfEOxyAAAAaAAAACAAGAAAAAAAAQAAAKSBAAAAADcwMWEzNDYyMjg3MDgzMzIwNjM1Mjk2OTUyMTAzMDlhVVQFAAMQj0hedXgLAAEEIQAAAAQhAAAAUEsBAh4DCgAJAAAA1ARQUGX+oEUYAAAADAAAAC0AGAAAAAAAAQAAAKSB3AAAADcwMWEzNDYyMjg3MDgzMzIwNjM1Mjk2OTUyMTAzMDlhLmZpbGVuYW1lLnR4dFVUBQADEI9IXnV4CwABBCEAAAAEIQAAAFBLBQYAAAAAAgACANkAAABrAQAAAAA=",
"deleted": false,
"disable_correlation": false,
"object_relation": "malware-sample",
"timestamp": "1581967575",
"to_ids": true,
"type": "malware-sample",
"uuid": "5e488f10-fe1c-46b4-ad76-481e0a0a020f",
"value": "PROTOZOA.vbs|701a346228708332063529695210309a",
"Tag": [
{
"colour": "#c5008e",
2023-05-19 09:05:37 +00:00
"local": "0",
"name": "kill-chain:Installation",
"relationship_type": ""
2023-04-21 13:25:09 +00:00
}
]
},
{
"category": "Artifacts dropped",
"comment": "",
"deleted": false,
"disable_correlation": false,
"object_relation": "filename",
"timestamp": "1581813520",
"to_ids": false,
"type": "filename",
"uuid": "5e488f10-b4b4-4a7d-9a31-41380a0a020f",
"value": "PROTOZOA.vbs"
},
{
"category": "Artifacts dropped",
"comment": "",
"deleted": false,
"disable_correlation": false,
"object_relation": "md5",
"timestamp": "1581813520",
"to_ids": true,
"type": "md5",
"uuid": "5e488f10-57ec-4bf6-b936-49000a0a020f",
"value": "701a346228708332063529695210309a"
},
{
"category": "Artifacts dropped",
"comment": "",
"deleted": false,
"disable_correlation": false,
"object_relation": "sha1",
"timestamp": "1581813520",
"to_ids": true,
"type": "sha1",
"uuid": "5e488f10-d3b0-4884-a549-41bd0a0a020f",
"value": "651daa1d0e25c515d8ec9e40627efa0e572de9b7"
},
{
"category": "Artifacts dropped",
"comment": "",
"deleted": false,
"disable_correlation": false,
"object_relation": "sha256",
"timestamp": "1581813520",
"to_ids": true,
"type": "sha256",
"uuid": "5e488f10-fb94-4824-a1b5-4ffe0a0a020f",
"value": "ea755fc9ed86a2a8fd8712e76e1a8ebc2d871ec143b53f4abd3ef4d9150263fa"
},
{
"category": "Other",
"comment": "",
"deleted": false,
"disable_correlation": true,
"object_relation": "size-in-bytes",
"timestamp": "1581813520",
"to_ids": false,
"type": "size-in-bytes",
"uuid": "5e488f10-7f8c-4d27-8a4f-40a20a0a020f",
"value": "104"
}
]
},
{
"comment": "",
"deleted": false,
"description": "File object describing a file with meta-information",
"meta-category": "file",
"name": "file",
"template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215",
"template_version": "17",
"timestamp": "1581967386",
"uuid": "5e488f1f-6f84-4eec-8d89-4b990a0a020f",
"Attribute": [
{
"category": "Payload delivery",
"comment": "",
"data": "UEsDBBQACQAIANsEUFA9RU3GvbkKABHzCgAgABwAYjEwMjQ1MmU2ZDkyYTIxNzk5NWY0Y2E1NTIzZDBiODVVVAkAAx6PSF4fj0hedXgLAAEEIQAAAAQhAAAA66dnqTFtPkgwb6gQdYmaap+AF6tpMfhSxDuZXOKpvSr9V0+6EAIC2aMuC8chh+QooE7FKJV3t1JgC0dMnFn+bMcYKh8ZCCW9yPrqYTiSFEVe1DRg83Tn/penbiBmRNBz1/rVXPssmFu+KuzV76Xi306sX+niLPDVZUnf4KaxU379/R9UyBIGJz4eXjr6J8ulmiEVso0feqWWZ80juJd3Anu/X8qBqfLYetnxpW6+xlV2NAcllvANbsG08K/TVIeNRqMnaMI8QsDQmZBkuPdyNYuIaBKOcTx9SIYIIwVZDSjq2hO/f7KzTC+qUlykiQZOuZgh8A9oQRZ+Law7zhMQyylU7YM78jKHfaGPimSbx3WHL2W7V7oLF+c/xPPeVc8eCoVWCA7ZeBm8B2zgIitjlZjH78v2CkLfldQnu3OGPw8GvFZF0p588U3hD5gfjYhNrGaUPrHICrmBUtgkskKrpOfQwV0bvuXCm8ZKf2AZml5INi1/bhUI4039MJZsLoGk5ICr2OURnphYpw3ns1ctLsbWy+JjfkdKt8ScNxUwe1LYQe9hpivnepvrc6WCY85PZ9BKfeeUPxCdNbPTLST3SR3oG+BSp0KBBiV7pYp2nkp2L+5pEk/vNTCqNqXlCiaa1qpz8RRDGFGTwN2uQR4y5ufdfwcg4Qm64NQ4GAeuUONurITizyO8K4P9AZ+Pp3/u/4MVHqamdTyg6HTEfjy1ukHXBqztetFr26KVX5aAhXrXTDAd0uQJEdO3+9s1udow08GPWOmTp0jWxIVto3lwypNGjadG8EKx/04o8bdGe9U6cfQxrSpp5eGd5BHQjh8KfhK8a0ya2o39Kg+8ilY+rqcv6pbiVs/IkUp1vlOefABVSQgDXF+JE0tYt2Xw2cbwI2gXNbiJ4QySEgmR876nOIRmjNih2nEEo+qPPwh0f7ckw/0Ph6AK27WdCZGgYefz/AeN0NfiZAqvuXACXH2KF9xRNayU353vrwRLMxTaKZo8pVVbc988BUJBO5F7dCvMrAS52BItIMBS4cGM5zY6Xb0bWtwQV3R/JhDGw5Z0QfGtgd3ECCJSOdET+u0ajkzwp5HXPo55rL/VKmb2P2sxmHyMlaWLUbVNzv15jhmOi8Ldv4kyEBtft8cqVaEHpN5EzFb6+5JOmJtn0dtYXk59CoqkOVJeEE3l3zvRyhJKisgQaD+BP5o/SE5URV6nqHG1yoHUWNfsbs9qXGjUy69yrvk6/TfrkD19iFSIlAOjcXMhkLNfZgNbwSRK1LFIxXbLeEj7uDeJSLw4Tp0z7RFKtkUjZJKDzBepb5pnzTF022f1JGTyX06TPgeBCdpH594TS7OAUiDOlLl6XZYYcqqwJVy/qZk7V8m8XVFBZMTUzIRiRCcGboLvMQZC1L8uGJ90pl4VYdcGP4hHkgphEyS+xNNk9qk5Kyuag2wJvyaEe+lCze0bYVu4DCD8MD9yZP3tgM7fA6M4ZjbDSXduOgLAklxz+UjD8B3iUKCm7nw37f3vP38H6faQjzMhqn+RqS5RCoOdV24OBnmILpP8S6Md+0dDaZwNuKv8XaifYaU7Cnc7ck+IyEi+ib2y90PPFvHHbxnGlTqoSJ0R6A9n/sEpjLSYhj7SMpAQclVw6bVOWAXjcKjnjWGI4EAeAz8AsYSPxKx0Mrt52tgmibXzcqvUJxH6FVAC8jHDbuGQoodHiyt1fjfz+k5mIA2/LISv4htTz3mtoPxtmMfIJTR8aJF0o3NF6jcpTM+KPdGlr6AwvMzsIo6OgU4+cLojsJegWEywgbOtHNu7par02FxhPfIvxkwoxkNylnCU9TaVwMle9UKMt1Krdj/jmIZU+RXT3fTf2yS5iu6w84YtLPgIls/f5A1h/K4yx2Wj+ujQHc8JLgZkRZ786AEpH4AMjj1Ycora08qL826TVfaCl3VRhNrVwLosrN8Mw9QX02CamYzmV6HgtqvnmkhNTBxHlXeLpZYbaAP8kcvcyeatEXsJ7LAecCC4to21Z9s+8NvtYOeOEXm+ftNBaRGuTcm5rg5Ujv/kE2NGRpgZ2Ogp3arr6hQEjPkoiOLaVPis6g813uiXXbabWjxhAeIyjjwe+I3NdxE6PUAfwoue8lLjHQ9KvHHZqGShZNP6rFblJuWyON2EWEqwE1MW35KlvHvpa/YOou74nXd4N1tiOL9b4aeeC6W5cNAJGSbGKkL1FCfO1B9VdjiTVUhZ/rO/Brkc7yNx+Qn6HPLDqGXwzS68VrSUkXc4oMRw7I7gkrJRe1QiRbkV6cyPrN1hNVfKMOsT7VdP+zQnSIGpn8nKNTUqUR8eBkFpHXExWjngefle/MCIcrOjApvHlFJJtvqBcLysQj93ussw1uYJcg2a1KKFyUL0AP0b/Flplq86jqQM47VKklOdT17fTRXn9qkQauplWlKyTtH+v70/thNb11zJ5ch/4ovYfUcu+rEHYEODLNKWKX15h0BMuAq5oLsT9mucjKBzLB7TBBXB1PeRmXeNP5hg87S8/jb5moXbtooShjGwAKoBeRJlwz+PZKoBBhC7bV9jZ34LKjQNbB78RPUl7XYZmEe8hijVYK+SSxM+sBy2hN5ev9u76aqMKV+E5DXkPv68U+TTCiwY4kfeJgj1Lkc0LX0Q2jGKsWZ4Pj6f2Fx8SW2DIVWTamC2nhI9LAKRXpSAc7dFil4Ww5GS0136wJKn9louRzeZiJXXJT+102TX19dvDBHfEPcmsrr3hqGtemyCtXpTVw7Ic2BKwzZ3RjlZv1xSCrug/yy8vQq6sWoJPwviFduktcKKAJ4yX06QNCOm3Pge+rVl4FmD8Hq7x/4AjPhanQteeLTXjQ8ftc93FxpYoXoL2RIRD4TVLoQknYeY4NOeGb1E0I0qj6dRs/kuiP44cQosDAPvzLn7iWcKJhP0PvtLThzu+MMoLGW7enE+VHDpOeyxQJ2FHAHK3NETlCRqTQO9Lip4DQ1XekTDuMMMOVIFB2LlclhX6a9VLsjokpcm9Harf3LXfQSbLeJd7r8Xl6jns1s9eZ4waAuE+pPt9uv83HxUobrpApsz2yS8/mIEtu6VDAM7Xxq78eNVBvcVCGnBtS04g3coN94eiIIHC5RR9Am0zTEx7s4N1tVTI1eh+7UQ0iEMCa09GyNMagcW7AKEcCDmwMRpsD9lKldPfIurSWpWn1VI2qq8y414iJ7D5bBCnVVHYDHxkvShYqztiUfUS9Sf/oCgMwFkSGrPEnMPd31WR49m85YIwNheJjPgotzBLUnhBUTYcP4mAl+gaMgNj4/C2S7H1N7n6z2RMnhx5peEoanO0H9CICe+eoN57Y8s12+Z1GFZ34KaE6MTtKcBBxoJhY1FaCavNJAGbH47/H5H+3YeyRnZm7kw82z+AgOENHJEcNpbYxLAAOZgjbnmuAYb5ImJGEO8HUknj8yWAXuERVtRW7kTP5aOQ6HbJnWlIYuDVxxUS+h4tabL3etvMLULE4Yg3Ep8Q3jWlxe94RctOqBdqZJDssUDQ+L7PZqyFi5os560TMlZaMM+HMthksYxYsrHR6oq4YQldYidYgeZRR23qmQ64akVLVSK4Ul/PgBJYQ8l79e+gIVEUp0wEq+xWpSyb5q67qJpDCxpNOVxP1VNxaZoXEbeQHnDvA2Enf+bm1suQqKVCPfQzNmBedWrZf2i9iMum0vNU19rqhchH3ZUpAx6Wg1sE5DOz2DsrylMbOkqDctPdsfVF3EO5FrLh4Q+B0mI3TqpaTBI5Lhjx8xZgRewV9rBJFCQ+I2WE4/1ZiG1WWl4n2gZVlSN8ss7uHSSCGOfP7UG/mEyzgJPeGoor85217Qmca4fSJlfpAxB0lguYqtXKWyRlVNSJs/uvT5Gcvzhy+C1PB4Zj369jDHrpXLYTqVN/SoB+1yGu+WEa65Y/M1OZ9V5B/lGxEmtgnwWMjGchlT0zgcdrACDHb
"deleted": false,
"disable_correlation": false,
"object_relation": "malware-sample",
"timestamp": "1581967386",
"to_ids": true,
"type": "malware-sample",
"uuid": "5e488f1f-2a60-4413-81c7-41020a0a020f",
"value": "Irs letter with W2.doc|b102452e6d92a217995f4ca5523d0b85",
"Tag": [
{
"colour": "#8a0064",
2023-05-19 09:05:37 +00:00
"local": "0",
"name": "kill-chain:Delivery",
"relationship_type": ""
2023-04-21 13:25:09 +00:00
}
]
},
{
"category": "Payload delivery",
"comment": "",
"deleted": false,
"disable_correlation": false,
"object_relation": "filename",
"timestamp": "1581813535",
"to_ids": false,
"type": "filename",
"uuid": "5e488f1f-2d94-435d-82e3-44fa0a0a020f",
"value": "Irs letter with W2.doc"
},
{
"category": "Payload delivery",
"comment": "",
"deleted": false,
"disable_correlation": false,
"object_relation": "md5",
"timestamp": "1581813535",
"to_ids": true,
"type": "md5",
"uuid": "5e488f1f-20e0-4d04-a72e-4fb00a0a020f",
"value": "b102452e6d92a217995f4ca5523d0b85"
},
{
"category": "Payload delivery",
"comment": "",
"deleted": false,
"disable_correlation": false,
"object_relation": "sha1",
"timestamp": "1581813535",
"to_ids": true,
"type": "sha1",
"uuid": "5e488f1f-7d00-4704-8063-48cc0a0a020f",
"value": "ce297b51992a43698b61467beb7b1bae55605037"
},
{
"category": "Payload delivery",
"comment": "",
"deleted": false,
"disable_correlation": false,
"object_relation": "sha256",
"timestamp": "1581813535",
"to_ids": true,
"type": "sha256",
"uuid": "5e488f1f-6fbc-41db-b723-42610a0a020f",
"value": "5be14f4258ed8d96da626dff4c8980f121208c45595639ba1fbeb9f895debaa4"
},
{
"category": "Other",
"comment": "",
"deleted": false,
"disable_correlation": true,
"object_relation": "size-in-bytes",
"timestamp": "1581813535",
"to_ids": false,
"type": "size-in-bytes",
"uuid": "5e488f1f-8a9c-4299-a2af-4d320a0a020f",
"value": "717585"
}
]
},
{
"comment": "",
"deleted": false,
"description": "VirusTotal report",
"meta-category": "misc",
"name": "virustotal-report",
"template_uuid": "d7dd0154-e04f-4c34-a2fb-79f3a3a52aa4",
"template_version": "2",
"timestamp": "1581967933",
"uuid": "5e4aea3d-a5f8-42b5-9539-457e0a0a020f",
"Attribute": [
{
"category": "External analysis",
"comment": "",
"deleted": false,
"disable_correlation": false,
"object_relation": "permalink",
"timestamp": "1581967933",
"to_ids": false,
"type": "link",
"uuid": "5e4aea3d-deb0-46df-9a69-41200a0a020f",
"value": "https://www.virustotal.com/gui/file/585f829c600736a9613d0870c6460068d9461a7be35c07149fe58143b2f24b6f/detection"
},
{
"category": "External analysis",
"comment": "",
"deleted": false,
"disable_correlation": true,
"object_relation": "detection-ratio",
"timestamp": "1581967933",
"to_ids": false,
"type": "text",
"uuid": "5e4aea3d-2798-4a11-aed6-45810a0a020f",
"value": "7/72 initially, later 38/70"
}
]
}
]
}
}