2023-04-21 13:25:09 +00:00
|
|
|
{
|
|
|
|
"Event": {
|
|
|
|
"analysis": "0",
|
|
|
|
"date": "2020-04-22",
|
|
|
|
"extends_uuid": "",
|
|
|
|
"info": "Ursnif Campaign f1.pipen.at",
|
|
|
|
"publish_timestamp": "1592743573",
|
|
|
|
"published": true,
|
|
|
|
"threat_level_id": "3",
|
|
|
|
"timestamp": "1592743551",
|
|
|
|
"uuid": "5ea0b0dc-45d0-4d5e-bed5-4271950d210f",
|
|
|
|
"Orgc": {
|
|
|
|
"name": "The DFIR Report",
|
|
|
|
"uuid": "5e9e5d86-5b94-4ff6-b07e-4e3e950d210f"
|
|
|
|
},
|
|
|
|
"Tag": [
|
|
|
|
{
|
|
|
|
"colour": "#0088cc",
|
2023-05-19 09:05:37 +00:00
|
|
|
"local": "0",
|
|
|
|
"name": "misp-galaxy:malpedia=\"Gozi\"",
|
|
|
|
"relationship_type": ""
|
2023-04-21 13:25:09 +00:00
|
|
|
},
|
|
|
|
{
|
|
|
|
"colour": "#0ab4a7",
|
2023-05-19 09:05:37 +00:00
|
|
|
"local": "0",
|
|
|
|
"name": "Cobalt Strike",
|
|
|
|
"relationship_type": ""
|
2023-04-21 13:25:09 +00:00
|
|
|
},
|
|
|
|
{
|
|
|
|
"colour": "#bd8c8c",
|
2023-05-19 09:05:37 +00:00
|
|
|
"local": "0",
|
|
|
|
"name": "Ursnif",
|
|
|
|
"relationship_type": ""
|
2023-04-21 13:25:09 +00:00
|
|
|
},
|
|
|
|
{
|
|
|
|
"colour": "#ffffff",
|
2023-05-19 09:05:37 +00:00
|
|
|
"local": "0",
|
|
|
|
"name": "tlp:white",
|
|
|
|
"relationship_type": ""
|
2023-04-21 13:25:09 +00:00
|
|
|
},
|
|
|
|
{
|
|
|
|
"colour": "#0088cc",
|
2023-05-19 09:05:37 +00:00
|
|
|
"local": "0",
|
|
|
|
"name": "misp-galaxy:mitre-attack-pattern=\"Spearphishing Link - T1192\"",
|
|
|
|
"relationship_type": ""
|
2023-04-21 13:25:09 +00:00
|
|
|
},
|
|
|
|
{
|
|
|
|
"colour": "#0088cc",
|
2023-05-19 09:05:37 +00:00
|
|
|
"local": "0",
|
|
|
|
"name": "misp-galaxy:mitre-attack-pattern=\"User Execution - T1204\"",
|
|
|
|
"relationship_type": ""
|
2023-04-21 13:25:09 +00:00
|
|
|
},
|
|
|
|
{
|
|
|
|
"colour": "#0088cc",
|
2023-05-19 09:05:37 +00:00
|
|
|
"local": "0",
|
|
|
|
"name": "misp-galaxy:mitre-attack-pattern=\"Compile After Delivery - T1500\"",
|
|
|
|
"relationship_type": ""
|
2023-04-21 13:25:09 +00:00
|
|
|
},
|
|
|
|
{
|
|
|
|
"colour": "#0088cc",
|
2023-05-19 09:05:37 +00:00
|
|
|
"local": "0",
|
|
|
|
"name": "misp-galaxy:mitre-attack-pattern=\"Mshta - T1170\"",
|
|
|
|
"relationship_type": ""
|
2023-04-21 13:25:09 +00:00
|
|
|
},
|
|
|
|
{
|
|
|
|
"colour": "#0088cc",
|
2023-05-19 09:05:37 +00:00
|
|
|
"local": "0",
|
|
|
|
"name": "misp-galaxy:mitre-attack-pattern=\"Modify Registry - T1112\"",
|
|
|
|
"relationship_type": ""
|
2023-04-21 13:25:09 +00:00
|
|
|
},
|
|
|
|
{
|
|
|
|
"colour": "#0088cc",
|
2023-05-19 09:05:37 +00:00
|
|
|
"local": "0",
|
|
|
|
"name": "misp-galaxy:mitre-attack-pattern=\"Regsvr32 - T1117\"",
|
|
|
|
"relationship_type": ""
|
2023-04-21 13:25:09 +00:00
|
|
|
},
|
|
|
|
{
|
|
|
|
"colour": "#0088cc",
|
2023-05-19 09:05:37 +00:00
|
|
|
"local": "0",
|
|
|
|
"name": "misp-galaxy:mitre-attack-pattern=\"Commonly Used Port - T1043\"",
|
|
|
|
"relationship_type": ""
|
2023-04-21 13:25:09 +00:00
|
|
|
},
|
|
|
|
{
|
|
|
|
"colour": "#0088cc",
|
2023-05-19 09:05:37 +00:00
|
|
|
"local": "0",
|
|
|
|
"name": "misp-galaxy:mitre-attack-pattern=\"Standard Application Layer Protocol - T1071\"",
|
|
|
|
"relationship_type": ""
|
2023-04-21 13:25:09 +00:00
|
|
|
}
|
|
|
|
],
|
|
|
|
"Attribute": [
|
|
|
|
{
|
|
|
|
"category": "Network activity",
|
|
|
|
"comment": "",
|
|
|
|
"deleted": false,
|
|
|
|
"disable_correlation": false,
|
|
|
|
"first_seen": "2020-04-06T00:00:00+00:00",
|
|
|
|
"last_seen": "2020-04-21T00:00:00+00:00",
|
|
|
|
"timestamp": "1587593345",
|
|
|
|
"to_ids": true,
|
|
|
|
"type": "ip-dst",
|
|
|
|
"uuid": "5ea0bf72-a404-46cb-9e31-f094950d210f",
|
|
|
|
"value": "8.208.90.28",
|
|
|
|
"Tag": [
|
|
|
|
{
|
|
|
|
"colour": "#e200a3",
|
2023-05-19 09:05:37 +00:00
|
|
|
"local": "0",
|
|
|
|
"name": "kill-chain:Command and Control",
|
|
|
|
"relationship_type": ""
|
2023-04-21 13:25:09 +00:00
|
|
|
},
|
|
|
|
{
|
|
|
|
"colour": "#bd8c8c",
|
2023-05-19 09:05:37 +00:00
|
|
|
"local": "0",
|
|
|
|
"name": "Ursnif",
|
|
|
|
"relationship_type": ""
|
2023-04-21 13:25:09 +00:00
|
|
|
}
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"category": "Network activity",
|
|
|
|
"comment": "",
|
|
|
|
"deleted": false,
|
|
|
|
"disable_correlation": false,
|
|
|
|
"first_seen": "2020-04-21T00:00:00+00:00",
|
|
|
|
"last_seen": "2020-04-22T00:00:00+00:00",
|
|
|
|
"timestamp": "1587593345",
|
|
|
|
"to_ids": true,
|
|
|
|
"type": "ip-dst",
|
|
|
|
"uuid": "5ea0bf8a-3d60-4926-8e26-48d2950d210f",
|
|
|
|
"value": "47.241.106.208",
|
|
|
|
"Tag": [
|
|
|
|
{
|
|
|
|
"colour": "#e200a3",
|
2023-05-19 09:05:37 +00:00
|
|
|
"local": "0",
|
|
|
|
"name": "kill-chain:Command and Control",
|
|
|
|
"relationship_type": ""
|
2023-04-21 13:25:09 +00:00
|
|
|
},
|
|
|
|
{
|
|
|
|
"colour": "#bd8c8c",
|
2023-05-19 09:05:37 +00:00
|
|
|
"local": "0",
|
|
|
|
"name": "Ursnif",
|
|
|
|
"relationship_type": ""
|
2023-04-21 13:25:09 +00:00
|
|
|
}
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"category": "Network activity",
|
|
|
|
"comment": "",
|
|
|
|
"deleted": false,
|
|
|
|
"disable_correlation": false,
|
|
|
|
"timestamp": "1587593345",
|
|
|
|
"to_ids": true,
|
|
|
|
"type": "domain",
|
|
|
|
"uuid": "5ea0c030-71cc-4f22-8581-41d6950d210f",
|
|
|
|
"value": "dianer.at",
|
|
|
|
"Tag": [
|
|
|
|
{
|
|
|
|
"colour": "#bd8c8c",
|
2023-05-19 09:05:37 +00:00
|
|
|
"local": "0",
|
|
|
|
"name": "Ursnif",
|
|
|
|
"relationship_type": ""
|
2023-04-21 13:25:09 +00:00
|
|
|
},
|
|
|
|
{
|
|
|
|
"colour": "#e200a3",
|
2023-05-19 09:05:37 +00:00
|
|
|
"local": "0",
|
|
|
|
"name": "kill-chain:Command and Control",
|
|
|
|
"relationship_type": ""
|
2023-04-21 13:25:09 +00:00
|
|
|
}
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"category": "Network activity",
|
|
|
|
"comment": "",
|
|
|
|
"deleted": false,
|
|
|
|
"disable_correlation": false,
|
|
|
|
"timestamp": "1587593337",
|
|
|
|
"to_ids": true,
|
|
|
|
"type": "domain",
|
|
|
|
"uuid": "5ea0c031-7ac4-4bc9-831d-4e7b950d210f",
|
|
|
|
"value": "api10.dianer.at",
|
|
|
|
"Tag": [
|
|
|
|
{
|
|
|
|
"colour": "#bd8c8c",
|
2023-05-19 09:05:37 +00:00
|
|
|
"local": "0",
|
|
|
|
"name": "Ursnif",
|
|
|
|
"relationship_type": ""
|
2023-04-21 13:25:09 +00:00
|
|
|
},
|
|
|
|
{
|
|
|
|
"colour": "#e200a3",
|
2023-05-19 09:05:37 +00:00
|
|
|
"local": "0",
|
|
|
|
"name": "kill-chain:Command and Control",
|
|
|
|
"relationship_type": ""
|
2023-04-21 13:25:09 +00:00
|
|
|
}
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"category": "Network activity",
|
|
|
|
"comment": "",
|
|
|
|
"deleted": false,
|
|
|
|
"disable_correlation": false,
|
|
|
|
"timestamp": "1587593337",
|
|
|
|
"to_ids": true,
|
|
|
|
"type": "domain",
|
|
|
|
"uuid": "5ea0c031-6c9c-46f4-aaad-469f950d210f",
|
|
|
|
"value": "mobify.at",
|
|
|
|
"Tag": [
|
|
|
|
{
|
|
|
|
"colour": "#bd8c8c",
|
2023-05-19 09:05:37 +00:00
|
|
|
"local": "0",
|
|
|
|
"name": "Ursnif",
|
|
|
|
"relationship_type": ""
|
2023-04-21 13:25:09 +00:00
|
|
|
},
|
|
|
|
{
|
|
|
|
"colour": "#e200a3",
|
2023-05-19 09:05:37 +00:00
|
|
|
"local": "0",
|
|
|
|
"name": "kill-chain:Command and Control",
|
|
|
|
"relationship_type": ""
|
2023-04-21 13:25:09 +00:00
|
|
|
}
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"category": "Network activity",
|
|
|
|
"comment": "",
|
|
|
|
"deleted": false,
|
|
|
|
"disable_correlation": false,
|
|
|
|
"timestamp": "1587593344",
|
|
|
|
"to_ids": true,
|
|
|
|
"type": "domain",
|
|
|
|
"uuid": "5ea0c031-46c4-4615-a1d0-4bcf950d210f",
|
|
|
|
"value": "pipen.at",
|
|
|
|
"Tag": [
|
|
|
|
{
|
|
|
|
"colour": "#bd8c8c",
|
2023-05-19 09:05:37 +00:00
|
|
|
"local": "0",
|
|
|
|
"name": "Ursnif",
|
|
|
|
"relationship_type": ""
|
2023-04-21 13:25:09 +00:00
|
|
|
},
|
|
|
|
{
|
|
|
|
"colour": "#e200a3",
|
2023-05-19 09:05:37 +00:00
|
|
|
"local": "0",
|
|
|
|
"name": "kill-chain:Command and Control",
|
|
|
|
"relationship_type": ""
|
2023-04-21 13:25:09 +00:00
|
|
|
}
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"category": "Network activity",
|
|
|
|
"comment": "",
|
|
|
|
"deleted": false,
|
|
|
|
"disable_correlation": false,
|
|
|
|
"timestamp": "1587593338",
|
|
|
|
"to_ids": true,
|
|
|
|
"type": "domain",
|
|
|
|
"uuid": "5ea0c031-8064-4f69-9943-450d950d210f",
|
|
|
|
"value": "f1.pipen.at",
|
|
|
|
"Tag": [
|
|
|
|
{
|
|
|
|
"colour": "#bd8c8c",
|
2023-05-19 09:05:37 +00:00
|
|
|
"local": "0",
|
|
|
|
"name": "Ursnif",
|
|
|
|
"relationship_type": ""
|
2023-04-21 13:25:09 +00:00
|
|
|
},
|
|
|
|
{
|
|
|
|
"colour": "#e200a3",
|
2023-05-19 09:05:37 +00:00
|
|
|
"local": "0",
|
|
|
|
"name": "kill-chain:Command and Control",
|
|
|
|
"relationship_type": ""
|
2023-04-21 13:25:09 +00:00
|
|
|
}
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"category": "Network activity",
|
|
|
|
"comment": "",
|
|
|
|
"deleted": false,
|
|
|
|
"disable_correlation": false,
|
|
|
|
"timestamp": "1587593344",
|
|
|
|
"to_ids": true,
|
|
|
|
"type": "domain",
|
|
|
|
"uuid": "5ea0c031-33a0-4356-b3da-4ea2950d210f",
|
|
|
|
"value": "been.dianer.at",
|
|
|
|
"Tag": [
|
|
|
|
{
|
|
|
|
"colour": "#bd8c8c",
|
2023-05-19 09:05:37 +00:00
|
|
|
"local": "0",
|
|
|
|
"name": "Ursnif",
|
|
|
|
"relationship_type": ""
|
2023-04-21 13:25:09 +00:00
|
|
|
},
|
|
|
|
{
|
|
|
|
"colour": "#e200a3",
|
2023-05-19 09:05:37 +00:00
|
|
|
"local": "0",
|
|
|
|
"name": "kill-chain:Command and Control",
|
|
|
|
"relationship_type": ""
|
2023-04-21 13:25:09 +00:00
|
|
|
}
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"category": "Network activity",
|
|
|
|
"comment": "",
|
|
|
|
"deleted": false,
|
|
|
|
"disable_correlation": false,
|
|
|
|
"timestamp": "1587593344",
|
|
|
|
"to_ids": true,
|
|
|
|
"type": "domain",
|
|
|
|
"uuid": "5ea0c031-acc0-43a9-b3e3-4982950d210f",
|
|
|
|
"value": "deem.dianer.at",
|
|
|
|
"Tag": [
|
|
|
|
{
|
|
|
|
"colour": "#bd8c8c",
|
2023-05-19 09:05:37 +00:00
|
|
|
"local": "0",
|
|
|
|
"name": "Ursnif",
|
|
|
|
"relationship_type": ""
|
2023-04-21 13:25:09 +00:00
|
|
|
},
|
|
|
|
{
|
|
|
|
"colour": "#e200a3",
|
2023-05-19 09:05:37 +00:00
|
|
|
"local": "0",
|
|
|
|
"name": "kill-chain:Command and Control",
|
|
|
|
"relationship_type": ""
|
2023-04-21 13:25:09 +00:00
|
|
|
}
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"category": "Network activity",
|
|
|
|
"comment": "",
|
|
|
|
"deleted": false,
|
|
|
|
"disable_correlation": false,
|
|
|
|
"timestamp": "1587593337",
|
|
|
|
"to_ids": true,
|
|
|
|
"type": "domain",
|
|
|
|
"uuid": "5ea0c031-76f4-45d2-91eb-4e95950d210f",
|
|
|
|
"value": "vv.malorun.at",
|
|
|
|
"Tag": [
|
|
|
|
{
|
|
|
|
"colour": "#bd8c8c",
|
2023-05-19 09:05:37 +00:00
|
|
|
"local": "0",
|
|
|
|
"name": "Ursnif",
|
|
|
|
"relationship_type": ""
|
2023-04-21 13:25:09 +00:00
|
|
|
},
|
|
|
|
{
|
|
|
|
"colour": "#e200a3",
|
2023-05-19 09:05:37 +00:00
|
|
|
"local": "0",
|
|
|
|
"name": "kill-chain:Command and Control",
|
|
|
|
"relationship_type": ""
|
2023-04-21 13:25:09 +00:00
|
|
|
}
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"category": "Network activity",
|
|
|
|
"comment": "",
|
|
|
|
"deleted": false,
|
|
|
|
"disable_correlation": false,
|
|
|
|
"timestamp": "1587593337",
|
|
|
|
"to_ids": true,
|
|
|
|
"type": "domain",
|
|
|
|
"uuid": "5ea0c031-2f00-48a6-9ec5-4a66950d210f",
|
|
|
|
"value": "www.kamalak.at",
|
|
|
|
"Tag": [
|
|
|
|
{
|
|
|
|
"colour": "#bd8c8c",
|
2023-05-19 09:05:37 +00:00
|
|
|
"local": "0",
|
|
|
|
"name": "Ursnif",
|
|
|
|
"relationship_type": ""
|
2023-04-21 13:25:09 +00:00
|
|
|
},
|
|
|
|
{
|
|
|
|
"colour": "#e200a3",
|
2023-05-19 09:05:37 +00:00
|
|
|
"local": "0",
|
|
|
|
"name": "kill-chain:Command and Control",
|
|
|
|
"relationship_type": ""
|
2023-04-21 13:25:09 +00:00
|
|
|
}
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"category": "Network activity",
|
|
|
|
"comment": "",
|
|
|
|
"deleted": false,
|
|
|
|
"disable_correlation": false,
|
|
|
|
"timestamp": "1587593336",
|
|
|
|
"to_ids": true,
|
|
|
|
"type": "domain",
|
|
|
|
"uuid": "5ea0c031-85f8-4bf2-93c6-4d36950d210f",
|
|
|
|
"value": "free.up100n.at",
|
|
|
|
"Tag": [
|
|
|
|
{
|
|
|
|
"colour": "#bd8c8c",
|
2023-05-19 09:05:37 +00:00
|
|
|
"local": "0",
|
|
|
|
"name": "Ursnif",
|
|
|
|
"relationship_type": ""
|
2023-04-21 13:25:09 +00:00
|
|
|
},
|
|
|
|
{
|
|
|
|
"colour": "#e200a3",
|
2023-05-19 09:05:37 +00:00
|
|
|
"local": "0",
|
|
|
|
"name": "kill-chain:Command and Control",
|
|
|
|
"relationship_type": ""
|
2023-04-21 13:25:09 +00:00
|
|
|
}
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"category": "Network activity",
|
|
|
|
"comment": "",
|
|
|
|
"deleted": false,
|
|
|
|
"disable_correlation": false,
|
|
|
|
"timestamp": "1587593335",
|
|
|
|
"to_ids": true,
|
|
|
|
"type": "domain",
|
|
|
|
"uuid": "5ea0c031-71c4-4233-ac67-4d76950d210f",
|
|
|
|
"value": "ahah100.at",
|
|
|
|
"Tag": [
|
|
|
|
{
|
|
|
|
"colour": "#bd8c8c",
|
2023-05-19 09:05:37 +00:00
|
|
|
"local": "0",
|
|
|
|
"name": "Ursnif",
|
|
|
|
"relationship_type": ""
|
2023-04-21 13:25:09 +00:00
|
|
|
},
|
|
|
|
{
|
|
|
|
"colour": "#e200a3",
|
2023-05-19 09:05:37 +00:00
|
|
|
"local": "0",
|
|
|
|
"name": "kill-chain:Command and Control",
|
|
|
|
"relationship_type": ""
|
2023-04-21 13:25:09 +00:00
|
|
|
}
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"category": "Network activity",
|
|
|
|
"comment": "",
|
|
|
|
"deleted": false,
|
|
|
|
"disable_correlation": false,
|
|
|
|
"timestamp": "1587593327",
|
|
|
|
"to_ids": true,
|
|
|
|
"type": "domain",
|
|
|
|
"uuid": "5ea0c031-a808-4e2b-8f73-496b950d210f",
|
|
|
|
"value": "two.ahah100.at",
|
|
|
|
"Tag": [
|
|
|
|
{
|
|
|
|
"colour": "#bd8c8c",
|
2023-05-19 09:05:37 +00:00
|
|
|
"local": "0",
|
|
|
|
"name": "Ursnif",
|
|
|
|
"relationship_type": ""
|
2023-04-21 13:25:09 +00:00
|
|
|
},
|
|
|
|
{
|
|
|
|
"colour": "#e200a3",
|
2023-05-19 09:05:37 +00:00
|
|
|
"local": "0",
|
|
|
|
"name": "kill-chain:Command and Control",
|
|
|
|
"relationship_type": ""
|
2023-04-21 13:25:09 +00:00
|
|
|
}
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"category": "Network activity",
|
|
|
|
"comment": "",
|
|
|
|
"deleted": false,
|
|
|
|
"disable_correlation": false,
|
|
|
|
"timestamp": "1587593336",
|
|
|
|
"to_ids": true,
|
|
|
|
"type": "domain",
|
|
|
|
"uuid": "5ea0c031-c06c-4a9d-a243-41ce950d210f",
|
|
|
|
"value": "ahonpot.at",
|
|
|
|
"Tag": [
|
|
|
|
{
|
|
|
|
"colour": "#bd8c8c",
|
2023-05-19 09:05:37 +00:00
|
|
|
"local": "0",
|
|
|
|
"name": "Ursnif",
|
|
|
|
"relationship_type": ""
|
2023-04-21 13:25:09 +00:00
|
|
|
},
|
|
|
|
{
|
|
|
|
"colour": "#e200a3",
|
2023-05-19 09:05:37 +00:00
|
|
|
"local": "0",
|
|
|
|
"name": "kill-chain:Command and Control",
|
|
|
|
"relationship_type": ""
|
2023-04-21 13:25:09 +00:00
|
|
|
}
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"category": "Network activity",
|
|
|
|
"comment": "",
|
|
|
|
"deleted": false,
|
|
|
|
"disable_correlation": false,
|
|
|
|
"timestamp": "1587593336",
|
|
|
|
"to_ids": true,
|
|
|
|
"type": "domain",
|
|
|
|
"uuid": "5ea0c031-eab4-40ce-a731-4c3b950d210f",
|
|
|
|
"value": "targoo.at",
|
|
|
|
"Tag": [
|
|
|
|
{
|
|
|
|
"colour": "#bd8c8c",
|
2023-05-19 09:05:37 +00:00
|
|
|
"local": "0",
|
|
|
|
"name": "Ursnif",
|
|
|
|
"relationship_type": ""
|
2023-04-21 13:25:09 +00:00
|
|
|
},
|
|
|
|
{
|
|
|
|
"colour": "#e200a3",
|
2023-05-19 09:05:37 +00:00
|
|
|
"local": "0",
|
|
|
|
"name": "kill-chain:Command and Control",
|
|
|
|
"relationship_type": ""
|
2023-04-21 13:25:09 +00:00
|
|
|
}
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"category": "Network activity",
|
|
|
|
"comment": "",
|
|
|
|
"deleted": false,
|
|
|
|
"disable_correlation": false,
|
|
|
|
"timestamp": "1587593337",
|
|
|
|
"to_ids": true,
|
|
|
|
"type": "domain",
|
|
|
|
"uuid": "5ea0c031-bd40-4f0d-9e71-481f950d210f",
|
|
|
|
"value": "kamalak.at",
|
|
|
|
"Tag": [
|
|
|
|
{
|
|
|
|
"colour": "#bd8c8c",
|
2023-05-19 09:05:37 +00:00
|
|
|
"local": "0",
|
|
|
|
"name": "Ursnif",
|
|
|
|
"relationship_type": ""
|
2023-04-21 13:25:09 +00:00
|
|
|
},
|
|
|
|
{
|
|
|
|
"colour": "#e200a3",
|
2023-05-19 09:05:37 +00:00
|
|
|
"local": "0",
|
|
|
|
"name": "kill-chain:Command and Control",
|
|
|
|
"relationship_type": ""
|
2023-04-21 13:25:09 +00:00
|
|
|
}
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"category": "Network activity",
|
|
|
|
"comment": "",
|
|
|
|
"deleted": false,
|
|
|
|
"disable_correlation": false,
|
|
|
|
"timestamp": "1587593337",
|
|
|
|
"to_ids": true,
|
|
|
|
"type": "domain",
|
|
|
|
"uuid": "5ea0c031-c414-4113-bf4e-4570950d210f",
|
|
|
|
"value": "api5.malorun.at",
|
|
|
|
"Tag": [
|
|
|
|
{
|
|
|
|
"colour": "#bd8c8c",
|
2023-05-19 09:05:37 +00:00
|
|
|
"local": "0",
|
|
|
|
"name": "Ursnif",
|
|
|
|
"relationship_type": ""
|
2023-04-21 13:25:09 +00:00
|
|
|
},
|
|
|
|
{
|
|
|
|
"colour": "#e200a3",
|
2023-05-19 09:05:37 +00:00
|
|
|
"local": "0",
|
|
|
|
"name": "kill-chain:Command and Control",
|
|
|
|
"relationship_type": ""
|
2023-04-21 13:25:09 +00:00
|
|
|
}
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"category": "Network activity",
|
|
|
|
"comment": "",
|
|
|
|
"deleted": false,
|
|
|
|
"disable_correlation": false,
|
|
|
|
"timestamp": "1587593336",
|
|
|
|
"to_ids": true,
|
|
|
|
"type": "domain",
|
|
|
|
"uuid": "5ea0c031-e518-4d7d-82de-44db950d210f",
|
|
|
|
"value": "dxdeedle.host",
|
|
|
|
"Tag": [
|
|
|
|
{
|
|
|
|
"colour": "#bd8c8c",
|
2023-05-19 09:05:37 +00:00
|
|
|
"local": "0",
|
|
|
|
"name": "Ursnif",
|
|
|
|
"relationship_type": ""
|
2023-04-21 13:25:09 +00:00
|
|
|
},
|
|
|
|
{
|
|
|
|
"colour": "#e200a3",
|
2023-05-19 09:05:37 +00:00
|
|
|
"local": "0",
|
|
|
|
"name": "kill-chain:Command and Control",
|
|
|
|
"relationship_type": ""
|
2023-04-21 13:25:09 +00:00
|
|
|
}
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"category": "Network activity",
|
|
|
|
"comment": "VNC module",
|
|
|
|
"deleted": false,
|
|
|
|
"disable_correlation": false,
|
|
|
|
"first_seen": "2020-04-16T00:00:00+00:00",
|
|
|
|
"last_seen": "2020-04-16T00:00:00+00:00",
|
|
|
|
"timestamp": "1587593559",
|
|
|
|
"to_ids": true,
|
|
|
|
"type": "ip-dst",
|
|
|
|
"uuid": "5ea0c127-7bc4-420e-80a1-4906950d210f",
|
|
|
|
"value": "162.244.35.233",
|
|
|
|
"Tag": [
|
|
|
|
{
|
|
|
|
"colour": "#bd8c8c",
|
2023-05-19 09:05:37 +00:00
|
|
|
"local": "0",
|
|
|
|
"name": "Ursnif",
|
|
|
|
"relationship_type": ""
|
2023-04-21 13:25:09 +00:00
|
|
|
},
|
|
|
|
{
|
|
|
|
"colour": "#e200a3",
|
2023-05-19 09:05:37 +00:00
|
|
|
"local": "0",
|
|
|
|
"name": "kill-chain:Command and Control",
|
|
|
|
"relationship_type": ""
|
2023-04-21 13:25:09 +00:00
|
|
|
}
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"category": "Network activity",
|
|
|
|
"comment": "TVRAT",
|
|
|
|
"deleted": false,
|
|
|
|
"disable_correlation": false,
|
|
|
|
"first_seen": "2020-04-16T00:00:00+00:00",
|
|
|
|
"last_seen": "2020-04-17T00:00:00+00:00",
|
|
|
|
"timestamp": "1587593683",
|
|
|
|
"to_ids": true,
|
|
|
|
"type": "ip-dst",
|
|
|
|
"uuid": "5ea0c19a-ea44-47bf-81f6-4afa950d210f",
|
|
|
|
"value": "89.39.107.106",
|
|
|
|
"Tag": [
|
|
|
|
{
|
|
|
|
"colour": "#e200a3",
|
2023-05-19 09:05:37 +00:00
|
|
|
"local": "0",
|
|
|
|
"name": "kill-chain:Command and Control",
|
|
|
|
"relationship_type": ""
|
2023-04-21 13:25:09 +00:00
|
|
|
}
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"category": "Network activity",
|
|
|
|
"comment": "",
|
|
|
|
"deleted": false,
|
|
|
|
"disable_correlation": false,
|
|
|
|
"first_seen": "2020-04-16T00:00:00+00:00",
|
|
|
|
"last_seen": "2020-04-17T00:00:00+00:00",
|
|
|
|
"timestamp": "1587593773",
|
|
|
|
"to_ids": true,
|
|
|
|
"type": "ip-dst",
|
|
|
|
"uuid": "5ea0c214-bba4-482c-87f8-418b950d210f",
|
|
|
|
"value": "23.81.246.22",
|
|
|
|
"Tag": [
|
|
|
|
{
|
|
|
|
"colour": "#0ab4a7",
|
2023-05-19 09:05:37 +00:00
|
|
|
"local": "0",
|
|
|
|
"name": "Cobalt Strike",
|
|
|
|
"relationship_type": ""
|
2023-04-21 13:25:09 +00:00
|
|
|
},
|
|
|
|
{
|
|
|
|
"colour": "#e200a3",
|
2023-05-19 09:05:37 +00:00
|
|
|
"local": "0",
|
|
|
|
"name": "kill-chain:Command and Control",
|
|
|
|
"relationship_type": ""
|
2023-04-21 13:25:09 +00:00
|
|
|
}
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"category": "Network activity",
|
|
|
|
"comment": "",
|
|
|
|
"deleted": false,
|
|
|
|
"disable_correlation": false,
|
|
|
|
"first_seen": "2020-04-16T00:00:00+00:00",
|
|
|
|
"last_seen": "2020-04-17T00:00:00+00:00",
|
|
|
|
"timestamp": "1587593774",
|
|
|
|
"to_ids": true,
|
|
|
|
"type": "ip-dst",
|
|
|
|
"uuid": "5ea0c214-4adc-4fc8-8d3a-423e950d210f",
|
|
|
|
"value": "93.190.138.35",
|
|
|
|
"Tag": [
|
|
|
|
{
|
|
|
|
"colour": "#0ab4a7",
|
2023-05-19 09:05:37 +00:00
|
|
|
"local": "0",
|
|
|
|
"name": "Cobalt Strike",
|
|
|
|
"relationship_type": ""
|
2023-04-21 13:25:09 +00:00
|
|
|
},
|
|
|
|
{
|
|
|
|
"colour": "#e200a3",
|
2023-05-19 09:05:37 +00:00
|
|
|
"local": "0",
|
|
|
|
"name": "kill-chain:Command and Control",
|
|
|
|
"relationship_type": ""
|
2023-04-21 13:25:09 +00:00
|
|
|
}
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"category": "External analysis",
|
|
|
|
"comment": "",
|
|
|
|
"deleted": false,
|
|
|
|
"disable_correlation": false,
|
|
|
|
"timestamp": "1587732756",
|
|
|
|
"to_ids": false,
|
|
|
|
"type": "link",
|
|
|
|
"uuid": "5ea2e114-0484-477f-a0b2-4e78950d210f",
|
|
|
|
"value": "https://thedfirreport.com/2020/04/24/ursnif-via-lolbins/"
|
|
|
|
}
|
|
|
|
],
|
|
|
|
"Object": [
|
|
|
|
{
|
|
|
|
"comment": "",
|
|
|
|
"deleted": false,
|
|
|
|
"description": "File object describing a file with meta-information",
|
|
|
|
"meta-category": "file",
|
|
|
|
"name": "file",
|
|
|
|
"template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215",
|
|
|
|
"template_version": "20",
|
|
|
|
"timestamp": "1587589377",
|
|
|
|
"uuid": "5ea0b101-a724-46a5-9060-41b0950d210f",
|
|
|
|
"Attribute": [
|
|
|
|
{
|
|
|
|
"category": "Payload delivery",
|
|
|
|
"comment": "",
|
|
|
|
"data": "UEsDBBQACQAIAF2ollAvaMtYrjMDAH8zAwAgABwAOGExZmZjM2VhMjI4MGYzNGY5MWRmNzBlZjUzODg4MGJVVAkAAwGxoF4BsaBedXgLAAEEIQAAAAQhAAAAJXw0X5nZHO0qssJ4gDZFPeyZcIBZpn3KQmWVnxWCbxFG+25oK8SuXrT0BvUdC+idUwWpeTPN9VUR7ofTkoZYNCHJAlIHIv9brVcYrNgvrfMSwthbCNu/LsDjkcuHDvw8gvDgb2Kl90vomSQ7zQF5d7S4icQI24ktoEe1iGeeDFXxooieSn+NRWpQadyGXA2Wg62S4l1mcBD9WZTAnLlpGH+Aza0/WcIajWi6/hwBpchq/5cMhszuTKMEIRXS5bXi8i2JiuIyvxUdtqV4+h34XLQGulUqeKYrRNWVUraxLjqHK7QGI63s/ytGg0iUaIp3y6ceLbg6pfe3XaZePxMOEXIUZmkFuLh2gSh7mPzgdVTXOfiP7yxLxGKE2XNSJim5FR1iuqhYRuYYHewWTrVfz7C9dzadeRCx+yIW4ala3OhVLqXMr7iZHymtVwvT0JkaEyQxXfGo+zDCl7P+nsnBA12dbGhQ1id2kg4kLGwBoQvq6zm47HrKrBpnJds0jDvGeUFYdb1ONv+2VMk2Kl43wS18STvkPSDNs50JdBhWMakNCZKbt+3bQca/jwEiJl+qIbwN+XCCQOhcfspP1IctRlF+WispQjSGJmpiUB1YwnJcwimXUTNh1pkYB+JSuhYdy6Obb6Cp1IK6f3MR+GtfZsUjh1v8vSWsf9lj0XI/bI4iRAhMH2SL2RO9uHPZ3EaOZO3s+ZFEx3ZyQQZZ8T6kdprIm/56IaB6YbXJm3Bo/0F8Im7QtAl5VEcLXsa7N/eZWuv+PDgJlnEOVhhnhgSOGWmZB8mmgk8l6aQBHQEFucVrqcHw79Jjj1mP9CpaTZMWcWNgopDBNJhnCxi028NzOsxsjlEIDKgNJJgMkfNZ7folXaafqDjhaCSEbsrALvHRge6mXJJTYFtDUKGIK7OF3S8QzeoWgbvtxGnKK80rHjhtFAyCzaBxCYNT9Z6I60oqS5brzIEvEB6sbdBNrmCIlGvm2qjNq1OZEOTlVmNPGkLEWRHJG4q4R/RK7XkXYbhN5aqu1aMD8a7BAdMkTPhFBiwSbeFmx2Cul4efwt3ibtbmb6jC0urxXhJFGzJB9Sz/iJhWwv1TWMJJItufpXQAQc6itayKZsGrfvC8IA/8E5znpHpjb0xkDoJss+hLia8eeoGN6s+uW9wzLY2g6n2cu6NnaAGLnz7A6jBXH5OW2u7dqUb8X0C6fxfZReOGRc/cAEsb8dFanBLTEQ6sY7Sf3Hx/nKAjF0JAo5cFp20Qs26Gr3ZJ2BExufXXcVzcgMISUoKD3LKAyfSL7z6qhWsoS7uwr0+I/AJ33Tc0hWa87guAVC9jGiHMcw77gswTe6Q+btPW0fwfb3sGjaJhZqieGBhSGZJ/bW2R8Nwceh4pv4Wo6Udbae5q9FFhK+j+lPNcz//oZ+by/7VTGo3F13sOYtIFadjlpZrIHUZL4D4K76LArsQexL+0MCJ172vYSXz+maxIcksAwC2SDn0xYlHgNDo3D1MhQBGAvpKBJ6Kjct26F2uE5vkqj8TnykCLadkmioUgshk00vlOE8w+7hZ42FntP0uT1en+x3BsigH5cB+2o8iw8G8dcrsOMbqABlgzOVGCr8SJ5Zy0bK1+gY/qhTOIhpW3z2hk48WlwUP12wWFRCvWokoXNL8lBVS6wTwqGXpgnR1MJNx9qdqKWecEH3OfATvQUNNpzmAXEmFb5QgDlvGo0DP8H9gLaF5bGJc2sztIBtj/a3xlYUCYX/ZUSbJ0iRGM5KbbQ89iLQYdGBOJ/rUM9khPAfpnUugH7IeqoUB8DRYPwaaUsxtpPhjLYWslhQmfrXSzRdF0XjB97it3WYEGVGV4JatZA/HsgrxPoOsiG8vzsOIxBJWvRS4fpw7moI3VhSmRBso5s9MF8+OVmELzTtM6PFRl9geNQ1jMjo33NRdznthJEboW/m/9DVXzhKnt7V7Qdg6jWhTEwyTn30fKd0rVX5IdmGiyWPDn8EnWpKtZgqktoCUlbARCGdHW58vZ55kWS4048K24UGZDJctbqME7gfcHmDSszeum4FMWic8p/H6shTv83BVLZyOzeMmA1MlOQtWZaja3NDr7usmXV0/PWQbUdA9CjEzXM4HJXuugt0F8bYQQfKpEuWNSocgxY7XoblOVBVHBvlFV7TrW1BfDgwT+/m7KvufaCals6/SVSXduF4hM8UNXCQzD55gZQ8t/58wYXxTaoK20eMGGuNq47F8VpJQcJdD4roUJPivLdqhoUmkJfjBvk3o0PAdPa6VLKklX9dH9jeK5BHe5m99Yh1ZN+4gux2YKiCQuZuOJLBhbPj4ByKzrG3tXB8viIDo/eNseKl4FgYvuCcbVQPATHL/+axh5D3y0jmSOOQZxRexirPXCYF8bM30hzrz1KTcvInfDTQFa7kvnOsydyJ6Fa5rUT5dx+OthNWaLMpc995Sip7EtMWzRLXokQNIclI7Kd2LjQTftAcAF81zoC7HS9KaXOh5r2Wa0MdbP6Z6hjcomhhv9IXi/FixW6Olgo20wnL/1EY07sLef0nrVcnhOIC6blFGY6RE6mqOC/ZCgJRUQ9y1WKw/HgGk1QXGD73rwDtWy/QhOwgKxk/yKMtgptU1+cchk704dhh24gwBkXL2UYMbaiJu8jS7WEPLLTV8F2oKwgNryFTQMWJyKTzYDSjXM30PAN1dBTxNjZjOAXvtQcb90UGcR369h3+Guq0qFSx3O4TRiZzENp5r2RxZFdokRKA7zhPyclydYHzdXkx4X7NhAXg3or97xY2iIwhBb1+gxYekkYT1aDgSJ9P3hYjAxyx3TjZLCf2TmYIIIjf4pJUmYHJ/ufVz47CVxQJY0HOybFCTZfXhb/8Zry4AxboQmEl6nMRmkzSF1H/e7/9gbj8hoKlJ+FQZlhVJswodmbneX+KofUiOItoBpK5tphZzIbTWdTHzmQ+co9OcWqd4Cj6qC3pDhGVyiPQPb2sUURlqzL4Hlr1xA/xCXm8BbmvulJRjoPUKvshWQC8RkF9nYZa8FU13cjmGECm8QZYIQa+864me2CIayjZOmQ/BNcq3yVtkseUGYZXljDeFhEeWWYZbDaMxfNPhH3S9AY7mFsoryIKDxIeniilzia/ctqMfWERjSGxqdKOBGDBYhykQ9nb/FSdN+/nQUJL27GisJ/h/FQm2SAf2Pqbnkn06+QRN24F4MsgIPNLNpE+2ZUakrXKGlUgN4+ig6Wh5xFuAAzu2LS14nDhdboqdIo1AzgjQNn2gQsdMomC8QKqnKOXkPI8edppYCVocOta3UjCauEv7E+1nGIjXTIYTvqnHhN9WDiLcW7BHZdmjnb5JLwx83QpTpOsT2ZrR5Iw3NYGNh1XxG13tT1cLD6vSKVN87ZRPshZWFgheNxVkGOi8MQqGaoW5YP52Z/2Z7jaXjryEt2jxJp7sN9y6MbcW5WblgQlp7MqnqJbT9S2j7+Bn324Kpz8KXo9Er+rm6LPiIj+M4snrG8E2z9CXm01bZ4THKh4GnQ0xcqjfU7GVzHH3Q7e9XsfbM5dJog3XVS6NbVhtwRzktXcXDsUqU6s0CW3F4zkhLhboEN0J9vJqsn39fw/g/i8Yr2oxpodWV63hU5tyhlYTLArNt9rCrmP0SujPugcLlTstQMbmLGqsxyim/sF3n6bJCsdlGxOKtWlr6wkd8MtO6boQBa2ZNvk743zt7HXkq2DN4CxBJuSJppa0EWuS8Fb4U29R8MLZ2kGL5CNtRPEZ67F6Ux7tSRi124bnajbAApA1aV262MI/UxMMNYf6Au3QVEoRvSFiC1oxt1fPWJDs+QtHHXfabyRmMMn9KbCUCWCgCWKfWQDMPpyj02xePVmobwhGhQuc+JMtETy98xxwMRfd0SJdjik1L0AoqqRqsIs6CR+nfwPOWX6+VzNjHKi49CqplBYyZ8VAP8qkn/eAJKP8RLrgIDW0dsP
|
|
|
|
"deleted": false,
|
|
|
|
"disable_correlation": false,
|
|
|
|
"object_relation": "malware-sample",
|
|
|
|
"timestamp": "1587589377",
|
|
|
|
"to_ids": true,
|
|
|
|
"type": "malware-sample",
|
|
|
|
"uuid": "5ea0b101-6dd8-4339-a69f-4be6950d210f",
|
|
|
|
"value": "open_attach_a1i#793032.zip|8a1ffc3ea2280f34f91df70ef538880b"
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"category": "Payload delivery",
|
|
|
|
"comment": "",
|
|
|
|
"deleted": false,
|
|
|
|
"disable_correlation": false,
|
|
|
|
"object_relation": "filename",
|
|
|
|
"timestamp": "1587589378",
|
|
|
|
"to_ids": false,
|
|
|
|
"type": "filename",
|
|
|
|
"uuid": "5ea0b102-f630-4764-9c85-42fb950d210f",
|
|
|
|
"value": "open_attach_a1i#793032.zip"
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"category": "Payload delivery",
|
|
|
|
"comment": "",
|
|
|
|
"deleted": false,
|
|
|
|
"disable_correlation": false,
|
|
|
|
"object_relation": "md5",
|
|
|
|
"timestamp": "1587589378",
|
|
|
|
"to_ids": true,
|
|
|
|
"type": "md5",
|
|
|
|
"uuid": "5ea0b102-dc5c-4b3e-83b0-478b950d210f",
|
|
|
|
"value": "8a1ffc3ea2280f34f91df70ef538880b"
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"category": "Payload delivery",
|
|
|
|
"comment": "",
|
|
|
|
"deleted": false,
|
|
|
|
"disable_correlation": false,
|
|
|
|
"object_relation": "sha1",
|
|
|
|
"timestamp": "1587589378",
|
|
|
|
"to_ids": true,
|
|
|
|
"type": "sha1",
|
|
|
|
"uuid": "5ea0b102-2024-4764-983d-440f950d210f",
|
|
|
|
"value": "a5d8c89c49ae8d02cc1e6c32a223e0c00b3e6bf1"
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"category": "Payload delivery",
|
|
|
|
"comment": "",
|
|
|
|
"deleted": false,
|
|
|
|
"disable_correlation": false,
|
|
|
|
"object_relation": "sha256",
|
|
|
|
"timestamp": "1587589378",
|
|
|
|
"to_ids": true,
|
|
|
|
"type": "sha256",
|
|
|
|
"uuid": "5ea0b102-dc5c-4459-9afb-4ec3950d210f",
|
|
|
|
"value": "3440bc915d40d1bcab8d5ef946d18fe10419385559689ebf2ba36c9eae61faaf"
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"category": "Other",
|
|
|
|
"comment": "",
|
|
|
|
"deleted": false,
|
|
|
|
"disable_correlation": true,
|
|
|
|
"object_relation": "size-in-bytes",
|
|
|
|
"timestamp": "1587589378",
|
|
|
|
"to_ids": false,
|
|
|
|
"type": "size-in-bytes",
|
|
|
|
"uuid": "5ea0b102-8ebc-48ce-add2-4e2d950d210f",
|
|
|
|
"value": "209791"
|
|
|
|
}
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"comment": "",
|
|
|
|
"deleted": false,
|
|
|
|
"description": "File object describing a file with meta-information",
|
|
|
|
"meta-category": "file",
|
|
|
|
"name": "file",
|
|
|
|
"template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215",
|
|
|
|
"template_version": "20",
|
|
|
|
"timestamp": "1587589400",
|
|
|
|
"uuid": "5ea0b118-cffc-4507-a726-4372950d210f",
|
|
|
|
"Attribute": [
|
|
|
|
{
|
|
|
|
"category": "Artifacts dropped",
|
|
|
|
"comment": "",
|
|
|
|
"data": "UEsDBBQACQAIAGqollDJhF/S8AMCAADMAgAgABwAZDgxOTE3M2E4YmFiZGY2MjVjMjc3NGJiZjE3ZWQ3MTBVVAkAAxixoF4YsaBedXgLAAEEIQAAAAQhAAAA2xRJzFHI9g38CRCaso0+mJrAYO1vCS3KMU8eAcZZqx4+HYw2ZWxBXOk8axzRvxxfBEshIG0k4fWlQwXFsSb1JjdooaYPnXuHkX9LKfdg1bGgdG/PgGIbcw4WNCgSywQi0p+q9Cey3BsGNA4NmO5kaF/HDBHv+Ys7tS/nJCxCCOu9G3mb33sQnvkYQF/9kmJ+ywO6o61zjHPICOxOpDCgkrAHm7icejwk7cw6aaczoDkQcQ/ewaBPyy+gISsZSc8NIeS/9M66Ex4D/YRP/7vom+IcIIhRWkTFiRfFY7GnEWNdFxUyHATwYbQNxv8piN1UotbCJtnNY1uKrL3fCrcCMT60ARvE3CAguK3HhviqZ2FyShCOsJjfPqhiY9aH4RWO4WzgBgIH1S26MOpAudNjYkaMBD36uy02sDnxGVQ6dolttaYIlBmubwfDd7SY8poEc/c1vHEZLNQ2JhhDHPQG9XSDlLxr4D0YyojDr0h0sO5cQ+mlcw/4wIQw05aWITAujpfyWJbEx/8EFxuYRxT+B/yxKf93HwKHZ8/lI3PPULe9mlHjgYSgFunweRE3V0eP9cwXsYEolzuuIpGLmu8lvrE/7F3grVt0doEq2rpnFRLTzRS4KYmhNXv8sBWluXFleudg3PQ9cHvXXMB5BGOXSlmW/YdspIyI7KB4cqWjBW9ExdXKI0BLvb5syxx87O/UelHq90n1XZ1N3T5B5+fcky+P9ojbDM/eWvcRqYFJ56lUks22Kz33J3IetNLaIdWCkzi9+VPxsE+ZeQSnUwbC9Nr2fpZzrvkdv58th4RPT+e/7sOgYVVhmvutzua5bacHFuKqozCqY+4wzAZRz/JjJNlGex7XJDJOk0vGrTgjwAt5eKmPG8lQ5Mz2Ckzsokz55jTFOIRHULAl7EoXzl5n6B6YCTT8QZMaCe90e2NEvqqa+yr+iGvcBFJpUY6ouj2jVPBvQPYMaMHDowIamdO+eYzHQWdfITfsCgNLMuzO1WjDfARmDwrIEr/MwGtCWyTWa1afiiTOCXqNeEqGBhOpD3G/L70UrXwNVRL4F+o5iZkD9WTSnvZGo4bcHat3Ywa2NUnhRutioWRT37OKu0l53umQVCBZ13mrT2LO2ugdUvILbGoqv35toXtlaZLSjKWvroxB5XgSMot0VrCTJybOVsx4/Kptrv5yRrBT8ADnzOMD+mq5ZJqsluIc80kvLXu3yb29IfJrvJUjnhocEnoUw5oJsbaFL9xZcyn+plRQxCqBc53XgVCM9fr6VW+/rqV1tOyQRVJp6hcb78q11WC+U8ydshcqfKvEEeU2fbAQ2L7JrhEUbmzgErFdNoUx+vgA1uWCPbbWeENsxNrvitUWgyiR9SR5RHNeJbofLDXeOhg02UOnog6kQNqFOlh+tLrj2XxlouDXtzXDCFJfOMIzmtoRKg9VuHbkl/CEzr7N4XLNRXlRe6/dcryGE4gWcFKS1W1tFh1uWteTyw8R6LfM27yH2QuFzTIhOgXd/hjKXuAj/W64Gt3OdPKwtwJpXesphzNVD9PAr58VzUwGQ3i7y9jbxnIS0KgoBbg0FtQ+6Fbzkkfk9pwWf4dO3rtskAMVxnoRaS0MimJIqFEgQYru50NRagnMrR12L9HD0N5xfCP+hkPIk2s2m2dTF/Nu722++xlpq0H6gsR710sUd7j1LH4ihv8UMpwFmZpidTk1JOT0a0SDJDABmqbIcUGL8ZHUS0jBVqdh2CTr+79htZ67f06CxcLEb5vC/ixgfaldvt/4ITiwligaL2Wqzrt925waRni7w9XxrOjn7HzhSMb3+KJxiyV7dags+JJAyMtxSUsYHdUm8Oq/pfhw9n7wm7Zg/j/jsn3F2Gdo7XguiXrrI3OL5R6RvXeRg9EtmSpqqORqtZ6XaBEd9+UFGcLN+fSQbofSqGcbImx/K5wyIUlLFbB3Zg8vXPVEyQI2SrcUrfhfMiNIC9ElYzSoeHUb2ahwXw5vYB4mwGRL/nUqvnztk5RmqxzHKnESjLf16ijC2Fs0R6fePS6cOW+P5gNNQrkieIHcpkpDRV2Yb/E4iGyBvfmH/vacj+5y0Wk/nrxDQNBgU0ql8ErY+pbRhX+eO7p5uUo0M6fma0iYlYFG9d6lRZaIvwQOASZu+n8RmQDxxvi7dggRRLUGAekLrwub9bZqsH+IBY4eBCJO8rl2DoLW8bbUxD/6A77FPlYmihJpsTgVJaRF3MrKhfAz9YAmMDA//hTfUaVtbGKAfccWVQesdCKXj6+MbilVYwwlyBYFboeCOY8yI4dN6ynETRyG5JU+BLgm3KUdjPdc8ps9hpYkmQo0IXmBySB6V3sW4ZRpyvZ1COT30YP6Ko/EqVUcT6j9+YAZyJdv9nJEkAO0OwotSCmEVPk3vUq3HMM2Gtmr1oW4DqfqkiWBzkn8StD9wiNz/FtdeSdpvuoVJQJu6ETM13FfWbLy0g4DxoSe1Urp/Ti9JQd2BEBe3DiTa50f5ADAZtb+xfGgV3wd4vURW1iJduIjbh0eOysWPTkN+DiBuqLFAtqug+/VCR+993s+kKpOdP26mlpjS2GS13/nK7nOUFVrZ9JogG3NFr/D+fz24kmCV9HEGYyqZbW/aJEAdqyq8siJQb6KI8a22Kaenl3PRV1parwsusSNkBHFyFE5g3O4a5tsIo2U4T9mpG5oSMvQWtUg4yOF36/Pb4cT9jPxVPuFjl1Kkxl9CNhOAhosQj8gFP757AllaKd+LcTp5tJ5ZYnI3/uUcnheqPN0DoZskbY+D9UeYzoWgd/m77lLhmALPRmj1Als2esjcqzD8PMoefUtXdb27dGVaaGx6Xz/I0G443tESH0dYhbf3CnmWpZGXi22Hk7gOPJ9C8u7Eb7ynauS1AGYekg4zpBBVHKQBkMlNHeSvtiHMX01VmqoXWA1jt9GmxEO/I/IrGgUG7yw/MiJxyAXRsCjrjyb7IcigdBhSXzpyHak1j3+naLfrSDJLi88J+gBD/QLtHj9Ro1aJsPO9HXwNS8SZIrtY0gkwYYdfOI97hOtAGKg80OnTFpfVV1erk/Lkw1+GQc45/5yFy5rvkLCHVQ2SF4Gfo6Qov7rsWA1rJ2RtnHrXz2ojGd/l7j3edqULLm7P8ZYMCpUpnk7Q7Ri1/vJbPLG4hagd6UjBdpANNQXYGdKMw1ofx6PBWQo5DJEOCLKHhowQvSkr/31l99l1VcPlMJxBcB6//RD8SGpyAu6eD6VPfEbwnHAgCeyvHhL2lZzpj9/N396jcDd8ua/Ds8305Ks8Uz4qEslycLJUnopcqPnCVqdvsy5OkxvRhrBb3sTXe85PZxs/5+OdqZVqyo0g64oGL7DvG5GW3KQ6u4Q4xz/EFao7KuL73uDHp+fIqtQhI5YiEfctkgiS7CTvroFYhpypfoS85PsxupfomY80Kc/67TamDYFcAiasxfO/TMJClzxJG3vE6fov5W2hLwhUfYTjZO9H5xnGORar1nRPCuiolk/PoqSurKx5LjJbVBIFLJ2I0TBZ0m+YHJbIHmuoqNPagdSNFqkXkf7ZrLNBnB+qyEuu5Ay6EYL0d8oDMpU8Y2td/QzSjBY/iqpumWFf5JL1OnV/mrqNNctYdgsy9nConDQ/aIOlR1Bc4c94XphLLaUJG3356+kI4Z3pxNjh8+n6rvf3M9G+QVLGwMmUyAMuCs5Hd37RDBamjAxTtL+UVCPa/4qB9cZzibl4+v/Lka+Ame0kDCKvg5P31u/KFZ5AghmJGwkP8DA0J3eQWP5vLewEewuqtibyag2y/ddyR+YJg4601WnDlxwcHUdr/iI9MQsGKGs55LtOG9tDLPWpDcFDIGQUMS1x4FRrXz5ciENqc0w9x7F7LnZmcvhK0mu1xZXi00Y2bV+rWFVtLHH0oBMKFzJ92Rb7V94jJMqDXyUSwHkYZcspkKLRJTbN999FIhVax7BHi3+Qo
|
|
|
|
"deleted": false,
|
|
|
|
"disable_correlation": false,
|
|
|
|
"object_relation": "malware-sample",
|
|
|
|
"timestamp": "1587589401",
|
|
|
|
"to_ids": true,
|
|
|
|
"type": "malware-sample",
|
|
|
|
"uuid": "5ea0b119-3220-489b-8e6f-4c0f950d210f",
|
|
|
|
"value": "XikFYehxR.txt|d819173a8babdf625c2774bbf17ed710"
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"category": "Artifacts dropped",
|
|
|
|
"comment": "",
|
|
|
|
"deleted": false,
|
|
|
|
"disable_correlation": false,
|
|
|
|
"object_relation": "filename",
|
|
|
|
"timestamp": "1587589401",
|
|
|
|
"to_ids": false,
|
|
|
|
"type": "filename",
|
|
|
|
"uuid": "5ea0b119-0968-4c86-899e-48fa950d210f",
|
|
|
|
"value": "XikFYehxR.txt"
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"category": "Artifacts dropped",
|
|
|
|
"comment": "",
|
|
|
|
"deleted": false,
|
|
|
|
"disable_correlation": false,
|
|
|
|
"object_relation": "md5",
|
|
|
|
"timestamp": "1587589401",
|
|
|
|
"to_ids": true,
|
|
|
|
"type": "md5",
|
|
|
|
"uuid": "5ea0b119-4800-49d6-800f-48f3950d210f",
|
|
|
|
"value": "d819173a8babdf625c2774bbf17ed710"
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"category": "Artifacts dropped",
|
|
|
|
"comment": "",
|
|
|
|
"deleted": false,
|
|
|
|
"disable_correlation": false,
|
|
|
|
"object_relation": "sha1",
|
|
|
|
"timestamp": "1587589401",
|
|
|
|
"to_ids": true,
|
|
|
|
"type": "sha1",
|
|
|
|
"uuid": "5ea0b119-2e10-49cc-ad22-490b950d210f",
|
|
|
|
"value": "629e79904edfcbede3e7d4ff9240c8571d8e2291"
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"category": "Artifacts dropped",
|
|
|
|
"comment": "",
|
|
|
|
"deleted": false,
|
|
|
|
"disable_correlation": false,
|
|
|
|
"object_relation": "sha256",
|
|
|
|
"timestamp": "1587589401",
|
|
|
|
"to_ids": true,
|
|
|
|
"type": "sha256",
|
|
|
|
"uuid": "5ea0b119-122c-46a1-80a4-4880950d210f",
|
|
|
|
"value": "588058cd3661c48b372ad870ce3e03af62e61ffd917355895ac8342736704673"
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"category": "Other",
|
|
|
|
"comment": "",
|
|
|
|
"deleted": false,
|
|
|
|
"disable_correlation": true,
|
|
|
|
"object_relation": "size-in-bytes",
|
|
|
|
"timestamp": "1587589401",
|
|
|
|
"to_ids": false,
|
|
|
|
"type": "size-in-bytes",
|
|
|
|
"uuid": "5ea0b119-4638-4a08-abd5-4bcd950d210f",
|
|
|
|
"value": "183296"
|
|
|
|
}
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"comment": "",
|
|
|
|
"deleted": false,
|
|
|
|
"description": "File object describing a file with meta-information",
|
|
|
|
"meta-category": "file",
|
|
|
|
"name": "file",
|
|
|
|
"template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215",
|
|
|
|
"template_version": "20",
|
|
|
|
"timestamp": "1587589438",
|
|
|
|
"uuid": "5ea0b13e-4388-4958-95d6-480a950d210f",
|
|
|
|
"Attribute": [
|
|
|
|
{
|
|
|
|
"category": "Artifacts dropped",
|
|
|
|
"comment": "",
|
|
|
|
"data": "UEsDBBQACQAIAH2ollDvCIWqgZEBAADUAgAgABwAMzM0ZmMxOWU0YzEzNThkMDk3OWMwYTc0YTMyMTI3OGVVVAkAAz6xoF4+saBedXgLAAEEIQAAAAQhAAAALH7pQT9wRAUTX2Qxgp9rhIDGM7e7jM7C7/I+PDiPaZkv7zzKjLh6NIRjwqD+MNESloz6ftbj17Pd+opQ1z9CbB5XNJbWmYSVHzq+o61s/RV1jBR2w81oKxNlowGs1+8aOdupY+1HvEngjPgvHzGSr4YyY5Td5VEXDut5xdeelHeBm/pHzuoKkeQPK3BKSPTtM7ZleJLQ9Q8WNPCBuvi417OUmFzj7XZchAy2hFeas3y+0+AWUReZzb2eJ0WSK7FX3wtinm6Cvlg4ipseYh2OciEeqNLk419fhDIGlpmB3vZ6KVu48Ky3APOfWl0lmeIjwSDcerj5HanCp5VjAcmtNpU7eiHCAhNb0TqR0s1SK3nQF0HUZH6AOlxNrQSEeuY3cOn55VRCTZA3YTGF6NxzV+qmacFvcaz7gHXytPSw0wZWyHYTuQbTuBefUH3ojN/msqDw5EZmGprTiEx7TPI2q2qQr8BuDA4tsIvGDd7DIZxioUN1RgIMMAGfP+TX/mKYgKmv3bVxxWs8ATEqvnPLIXHWV4eQ/P3DHLHJOdpFv+gw1K8X2ruIvlI0GQCg9m7NxgR1qBJilOIzWTQEUAxjPhLO+YKKEDsbdr8bgbppn4vltNw187m5W54xek/eMKf7lt4gAIzSInEbRL9rnECz/yojnUVkQ2rv72PEI1hbXTN7EHgpA5tvznbBj8g+vvHt1J/WfxP9GUvPzAyrpudoWvmwrLfv/jnme8h+RWBgatMov7t29ADfl76CVq0gQGaGe1pKH1muigVgVIJXZDXxRZ7hRsqA9i5m3rFOSK2TgdOgHupsup7kceVv6q0yE4rSzL2HYDw2kIemRi8KEGxKvWqQ9RdodkxmpQ7XoUWCuQHlyYFvm7+paAbVUcQXIDCii3qAHvkycPPa3hG4J2DDw6F8YDShdBzFu1lpyMWdgQucvha3lDuzpLrpxvUd9qy87fgNws8LyAwmY4xaXXS8RVwocZSa1xVcQa6dQFSbR/5Fb4XljjbsxT8Z3x3WvnIhU7aoSeRLl+rAQXxDUwiaDplPcWTnjlylsYpAh6k7R+yvaTjGAXARxV1ey9eVjulm3IJyZ/CDQzBztALYuvetDV/kU+w30fhTyPBtjztv4LxK0HUjwwgTjiSCFHtg3hqr+sH0S5eOFwhSNT/iwqC+NsrkHiIWT5oKJyWTZGd8E0KP3rKMYA6IqtOwnDzQo8weJ7LI+CBxwSaGiWtv9gm5e+pcyTvV56KPR6zjdwXHKVISob2amLrD1nibvN8uMEv7/Tktaj4DtaFNpJyweTFUC9pjS6p+0+LnNuLRkKmMZlJUmV+o3Lp+OBmZg/YPg63sGMx3zPwARVkuXSfNFh/SACl4YCz31XfxLTmi2HuPS8QcfO2qTfKMHFjFbioLOhQH7DEjUofWd60r7Z4+VeDi5bB2hdyxG4bbm3wNar3vQSnTBP0He+mVpf2WYQ3C0AcTE/uXF/FduZR/+RYN0swCRgaIAqQN7ZmhEuB43ebpnDmVY+t/DqJ/XvOelRt97c57o2ZYxNMY3wvs5kyyXLpdFCU4NclrRwO3zktwZcbK3C35OKI+7dtO6bLqS+cGbHx0m0IIdsXeB8bqFSNUfgMRoyOEnYbS3IDrCRevmP+oKL/oTpBB1Lwj2XrKuZCq0mE6Gvn9sv008HkNXhqmaDCeiQgty/1kshySCEElHTgOp6B/km7QfyMDDmswhd5Uhf7K3h5Am+/+os4doKjeuaOT2lGys9D5YiQjBDtV1dCMPh+nKg7RihL1iYCvIRp5AawrDtRsDgOCAs+RnYTq3wMlLpcZ5w1ftXZkcoG3yEmn1Hv83Thi2q7SAFqJVU73e4FKv1JY4JEq7/894m2/YrRfiIJ3PyFsn8KM+odo6cKLxBcpF1tikFX2qPsRq/MB2KmdicUNBDwZCSOYlFLD403OEyXZlzo0xTz7aJWVsEzJeYdhrKXSUshbyJBwCOIhyH2E7GHS+hI39qp+jAIvTF1ZNemwg2XrvwKskvGvxKlYvZ6CyD7wMdPQjqmSpMUVL0h5kJnk8yoRFPwy18eCD6IRiYcrWlkrX8jNflStEvQ8e7FsPsa2fvWCP5PohM7vS4onYNpknU7hRvn6Cg22s30tBe3q2wKPmXfN9GoPlzl4NRtNYyAMFYlGzX5zDm+qAkOaFahOiaep+BumHxiIjzxqTXu7eaIQ2G+WTZQbhDR1szdqaVwjNzQpYE0U1h0ewO++sYy3mR+NbDeZIp6D+by7cUWvB4iWZovUfFAVfuupXVuXZvJR12BETjRv4jIKo5qYgLT9XG2peZTDCpnMVhRyYwyO+TtAjeEaYqZArZDkB/WSZ78ragwvFzBRC7WTbTivuCsmjm4pzJ7VaOctVtmMWA9Md9r294KBZUatve2AWW+cfgzg9mctCHsf9hDfMwngH2JjuH96z6C5etdPxCyTP/tVzGh3lxS00N9lpMkfn383ZAYlNxxio1Ssj+8xWSaO+VI4xv1Or1b2v7FN3xSTuOJtpdxoP6VziFGqQbhsx94NIIY3da1kPNTA0IG8Xo7zfvdgGN+1PcLaIaTEkp9cjUr5Cvbr6pUZrNg6Y8kvNbZ3sx+/rRUitZdXu7iyr1pDm+koCLLwbMrtfITBMpwtDbDpI5HAoPIwbJTCGcAGlaKCaRkK8mYpkwKlNPF0oFecUqWTEkczIK+SBVNKxkQqFZKU+gERjVgVdFdL1tW3ryR1uvRXbaZruVfEcFrtt6/Q059B2J9zRxlU8MYKBBWefJvqQ0y4r1ZTBfhnJ6+PKfanWtdc3ae5W7acGn5LEGKdpk2zOUHiH8S7SuR3VvYN0W9e8ngpIuShES+lFlM0JoqnnF0cyNX+Ml4vJ03EuT5lKJAEcjFMKj8dqVGfBhlqC4vOhoApj12SfKLMN+wgD4CG7DRe0UFxJ4qMR7xBKUx29QaZW7EJPsMKI6/6+vZyf5mzX5r/d2UJuXAdGk1kn+bPm0RtKqe9cv3mJcR/ID6SODOS/z8b5lycZ1cIIn5JvIhKqOkmqGZHhNJrldC88Secdk63hcsYH5+0MwELl2SqNhcKwJmuO4BcRaEr5QbC4sirDV/WjWyu9FYSoNoqhPNBJe6lH+5G4j1fxZsWB6NRWtvB78YdLGtnb/0CgSk4UsiabyaSvVK2CLQ/bMfFIiG0tglEMtmPqJE3xWEpPie1VMuajAOKXfrtwAk308O0XSfa8mf74smFmlGsfj/rMh/AirrGlWrfic29PRKSflbCfhrh/7CagM4BOFJirS34WE4BQC2IhEkesO/nsF+ddeNQVYZrwxOxyrA7u0F+QATlJI5tJBd8UeOk/cwF/OKnc8mlRra3INMtcPzruynX9iWkZh9NDFgxqvKHyId7ib5WBITJGk+M+9awxM2lIieBde5cPmdQBh4xDYfqepo8xa3QCm+9uPWCD0E2jeiBsuzV5znebz+cgb+E8xvy+UyG9uCdMvUULcBuoOrWoLg7x9FP7gnkKSmKz+rH+wRmBERlJ0lSr0tKDR47oqmfWqBSkHlAL3QfOwQJVQu90cIXBlVpruifZLWSNe5oGERSnaWjOHioPU3SbV5Z3kafd2RWFo/RVX0uv5tTCJw8QdtjJZGH4p0ysNUKeqE7/nyKrZud8Zi09ObAAqbKokqtmKyUcZXMHj70Bu+oXrOETWJmlaDBdlLqhweIEpdrjzVAGdublAgY7VuNchcf7g4J6O4oGYTJXv5pDYldu/k/7uAaz5MmJ3PqyDpYRxMniSIc28YgD1QM/Tb4l4bp68Uh9EpIkZAtAelvr3iwogJk2HQ3OHUWFuY1tXTys2XuIjgaMn/Yg4jg9ruxwRK/xbydScGrHvBbOqDHhqkUcpGaU3iAW9WlTnk7JXyWNFYIiwsBBVt/BEDJuexreKzDN7rhUWScg4FH2ErjKhV01F+TjXyqH9quyWXKOD
|
|
|
|
"deleted": false,
|
|
|
|
"disable_correlation": false,
|
|
|
|
"object_relation": "malware-sample",
|
|
|
|
"timestamp": "1587589439",
|
|
|
|
"to_ids": true,
|
|
|
|
"type": "malware-sample",
|
|
|
|
"uuid": "5ea0b13f-7298-4829-a24c-40e1950d210f",
|
|
|
|
"value": "n.dll|334fc19e4c1358d0979c0a74a321278e"
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"category": "Artifacts dropped",
|
|
|
|
"comment": "",
|
|
|
|
"deleted": false,
|
|
|
|
"disable_correlation": false,
|
|
|
|
"object_relation": "filename",
|
|
|
|
"timestamp": "1587589439",
|
|
|
|
"to_ids": false,
|
|
|
|
"type": "filename",
|
|
|
|
"uuid": "5ea0b13f-517c-49cc-a90f-4948950d210f",
|
|
|
|
"value": "n.dll"
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"category": "Artifacts dropped",
|
|
|
|
"comment": "",
|
|
|
|
"deleted": false,
|
|
|
|
"disable_correlation": false,
|
|
|
|
"object_relation": "md5",
|
|
|
|
"timestamp": "1587589439",
|
|
|
|
"to_ids": true,
|
|
|
|
"type": "md5",
|
|
|
|
"uuid": "5ea0b13f-12cc-4939-9eac-4372950d210f",
|
|
|
|
"value": "334fc19e4c1358d0979c0a74a321278e"
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"category": "Artifacts dropped",
|
|
|
|
"comment": "",
|
|
|
|
"deleted": false,
|
|
|
|
"disable_correlation": false,
|
|
|
|
"object_relation": "sha1",
|
|
|
|
"timestamp": "1587589439",
|
|
|
|
"to_ids": true,
|
|
|
|
"type": "sha1",
|
|
|
|
"uuid": "5ea0b13f-c250-4a26-bd07-4253950d210f",
|
|
|
|
"value": "aed74cbba6a3da72d16a205b2893865eddc2e936"
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"category": "Artifacts dropped",
|
|
|
|
"comment": "",
|
|
|
|
"deleted": false,
|
|
|
|
"disable_correlation": false,
|
|
|
|
"object_relation": "sha256",
|
|
|
|
"timestamp": "1587589439",
|
|
|
|
"to_ids": true,
|
|
|
|
"type": "sha256",
|
|
|
|
"uuid": "5ea0b13f-ae94-4d56-b7fc-44b9950d210f",
|
|
|
|
"value": "28b935ba6987b2784a654951d304ff2e86367b064d1a9201215892fe547b0d9a"
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"category": "Other",
|
|
|
|
"comment": "",
|
|
|
|
"deleted": false,
|
|
|
|
"disable_correlation": true,
|
|
|
|
"object_relation": "size-in-bytes",
|
|
|
|
"timestamp": "1587589439",
|
|
|
|
"to_ids": false,
|
|
|
|
"type": "size-in-bytes",
|
|
|
|
"uuid": "5ea0b13f-e300-4150-8109-4901950d210f",
|
|
|
|
"value": "185344"
|
|
|
|
}
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"comment": "",
|
|
|
|
"deleted": false,
|
|
|
|
"description": "File object describing a file with meta-information",
|
|
|
|
"meta-category": "file",
|
|
|
|
"name": "file",
|
|
|
|
"template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215",
|
|
|
|
"template_version": "20",
|
|
|
|
"timestamp": "1587589458",
|
|
|
|
"uuid": "5ea0b152-5c98-4557-8fc2-435b950d210f",
|
|
|
|
"Attribute": [
|
|
|
|
{
|
|
|
|
"category": "Artifacts dropped",
|
|
|
|
"comment": "",
|
|
|
|
"data": "UEsDBBQACQAIAImollB0H63kpMoCAACwBQAgABwAMWQ2ODY5MTk5ODEzYTkwOTA0NzgzMTJjMmVjMTNlYzlVVAkAA1KxoF5SsaBedXgLAAEEIQAAAAQhAAAAet5M4UoXl6Qgu08yA3lYxO4iZuRkD7yAZuXFg38JWb4yFNG1cf3dhzUHROx0xSo5GX3L7oZKa44I2K+yr7MQSUCxcfx3CxYMjoagiykBeOK7ZW7FP19HCvjPNpsOlmK4dBtyIgnMTBBJyqNh9AwKL6pwGhaKbL4BYi4ob5WvhAOXZDeQFDJIO73uza3EH/1iWjUj+u3bBb6kSwDzNIwI21eiHaMdV4JTRpzR/5ftXfPSQbPcgWjUFHJKfz/g2xWueH4dLJIgGIOXISifdsqPk3damgHruiu4QSsgGkDEL7ex7al0kVDFgZRUgAjY2Pe1vy+oZU72UR3S9VzIZhMTLHRD5KODDuNZxH0eRSBkNI0NqEzYg0wrml9CkchgKVM2E6/jAY328wIlqF8s0dExfLlecJU4CqELeePWTs4F+Clity0ZjI8WWDtbzzWi37LgOg4gEYTMfooFazX1a2bxgPUnTM+tYRyfW4PWLp7OALc/BUeVvNjV82jkM2biDKwLmhG1BhArJAb/qJeMO5aiK+mlgP1Tr+4iTMod3kIpF2S0efaGfCRZJEVvpb1TQRebHdE+247mO0hXSVd1ZbtmqA4ukUWsT1nFu0aqjAgx1E2xajLNzjFZwCmZukKhx3S/eXZ8J21VsLObkyy5kZfZSWcZCDBkm+grK13dKPfFxABaQFO6HvtUepDSRpso158MlZGHkLrgcIqlGpXoHiB3NLbeANxY28QHLOiQbk0bCCl/TyVoBmphlc0ZQSHQG7nhVrVc7shdOvS+UqZhobj51lro3865OspRMK5UnU5FP7aamjD4C51txARDy+uAP5I0qhygv/NmKHEjCDqfPVL+6+Uz79rPqOR47pdAuvis6KERRHttHqIdeIhaMeZ3xb6kOh98nf/oUyIQi7cYBV3sy3a3E94ZbUwW7TVAXkzCWwiYmqacJ4tfQ2kodxcIGqOEY0xeYpBhH/NpBO5pfQEhnarGQHmRWHD2HFL9yf3Ug4KM4SxcE5r4piEdPo72Xk6tu1E/WH7DIIiy9WprS0rr6QMdsqhRge/aFpx+t6ta+QstIzhk3WNNkuoF8b8llUmAAGrGthI+amYzro0dAzDWJBr2DWx3jPIJIvqsUAJHaMVj05zCHh/gSmtjdiP3wt2XtKdhn3MqvnqsDQa+FahhBMIsf44U5yH5OX+EqqF3+A5QjfzDjhLONOBpbuGs45sDFcdtybANhdClRHhzY1juG0uKZ95ErZUsVkeGfaepVlJyH4Rs/A2fMZBn53PPRwz9fthqzUmXwhcY4LUkuNlukL9Sb4PydFTlWNOSg8VTDqChkoeybK+Cqv85rWkqQVGk0X6nm1FVXqhufn/4HXfGFLfI7NeGYx4ar6yQJrHFXVj7U0CY3gHUskJrD2imq8CMZAOg/1AlT4DqEWm3Q696CYOzXsnxRj24fcabSIjLxv0kg2Kb8WV4Qs+gPTkx+FaiecP8w8FEwsyAC5JM2sSSjv9xCDJc8uSZ51uH0n/C6TdcTCrKUgV80nLKnTY5i9/SZu4/LdUCM1Kn4YsDJgku3vtuaCP+V6u+6lUKIA2jptAfgCodNh1apdbM4O0geU7y7GhloUS0yiYnuJ4+PjDL+tJ/SvuT0slWDprk7csZRSTO5cFXoj4KUkod/AospdYb76fdfxQnJZFoxG8q89cmigxCd+wsBxRZKrwwXSxBRkkWH/vFY+bRJ5urOyZftU/ME+ZUY9iWnaVi7eJPWMBNoYZJnJSHnNZ5hugjcmmhq40IAXFJSaekF1J707R7uIbv0ec89XHg2eskD/AY2Ue4SCQtmCuj5gwFBfXKqHM61wsks9NQGa6jE1l3DwLv3f0ILi3GCRnph2Nmj4wWPDfxpiOlwC0V/aF64tXe0BkIQPGytb6+Mep02xsA1YGpECixMaHknLZnETf4Yb8norzlMsvi54ROHnUb3yxT3/z6Pxqo+kxiKRF4+/nSjVWkvXsRpZB4LdA5oAEV5YQGgYbOanDeoUf0/YJ6i2OH3ZPTgJSA21pv67vIeAL7VmQPuV+oOWq/4nnDR+5nla4VwA1Gaa9Rank8OeZDNunQVMZ8zTZALBxESVFjWaNX8Vojk+J4Hsim25STQV//fPeYgo6w8R4Al6OSWGAq5CFOBj2L1ubZMBtQXGsp8rnDrvSZWtws88vV8gZCsryQ65sf1QOGtLnaRdK9F1eGzZKujV+WINZVSoyXcsjy7Lz7+F17V/37J/+HlRF1F9rP+cboaxq2M7z2RoAUZ680k2b3TMZZsIvkCMm4l0dJDHQO1NLLqfScJMv/HhvRtqxbOjf3rgVLBcF/PScCNepNcywICrWE9oWmkKykpyHEZIdKilB9PpIxdISlA42UqOU43g9nwbZtyWQ+1IPxg3xAM9LyJu8XX878q8gnCBVH3hA/eIBwATC2FtXHm9A2qR64AFw5cKMgfocl2xVA+P3+cvY6scHCwb78CPvY7uQn8oIfHYLFJa5F3aSaa8X9UF523UNQ4iMS8SjM+6gOLNnQT7yCmJLPM1j/xjzcXtPU3dJk9XOnQJyk6OR37mMCm+NLgwxFgKi6lupdGxenJa0j955AMznYAU0WZOteWethRpjb5/jpdszlNubuKCglFJqVwncAuYAZfRrrQp9tOtXIlq17cn0U//mST0kfUXlCJRjTBY1fFHbvwkVdyDVB4dFlNYRIkddxIVuUdTcif+++zbQc47/bbLofIhRmucV3BJ9eMZxK0MnkkFqikHJIzRZkZbb/8U/JFQkg9D09nnmZiYypL4Gvp6bp4bKav2OWRAXeGW58L2irW9dCbOlr1ESGyjmEh7OsgN7TxbEE7vbce1Qe1s7uXqAmIExkCr3j9Z5r7cywTJXBDgZ9cGEYQi7v2vMZccpRK+hOIEUM5pEjOJHIOk6nohiykbLagqgCeVbdqnf3CTanxj6vVTVH7897/5EMB4JhuejtIOtB9AtEG5fJsCBZone2MRAC9CowHNBb+O8UrNotd9EQdzYD8i6vqWJiXhZiKppHqG/Ds0+z+H5r71nfP1MIrmk4A80ixLUKtUKWigpxwc/8Ue6pfLeo+Dhs4r6Ez0gkIdH95ptEGQMslqyJ3qoFGpBfaKCIkh2ccgyZA2R6USb3dpnXHRy7SSnMHkv3gdoKAdXkaE2U2Dc6UxTMIhTjgpieKFPkJ6ArO4GIk0WflO38+nR+1d/rb0hQ8bG5E/qQmosUyXY+GP4hTUak1PVP+jFOWeegM+QZBWnMYSfhooLrwyjiUNwY3qe3SuyonpfGBk7bVZ41ur1uhX6bz/uJj5sLaLeJZrn5AL85TgmagTrrBV7s+kVghSE+sSdbaJDIDrIq6Xw94A/EmfK+nKKmrewPZCY4AVnk8oZ3LUfpMBgmTcGJYZw988l1n5BIvP+qbAVnClIb3Uns9S7M8bNKC5jEsvj2a4j0de/mPywoHUw2Xa7gR9JD8u7ioz9iu5rCnRvERL0B+P2JpVD9VVvFxa7ZdKqSOWCResxZJB9+UJotPrmMP9sCrLGnQ2NCm1OaNdi+05p9g68+I3wgH3xJnVS6N8SoGxleiHqu8W9pBJxVHUBKJ2EbUrH3INshcdHWR0HSsixwkj6UQBGBXthFCd1eAxBrFUn9nKXGppM+K+j0K0RVa0vy5NT0cOjVB7qdaYRnkleNVLD8K696hFAq2G9YpTRjsBqikh4fSg2L0D9phraA+Nz4IYXRmPWHjgr2f0KxoMqtDMJklba02JOnqtyfKL0eaCx4/25xcf9rpNEhMMD5Ve+8RUbCkwnfgbqajKDjLG2iiO11MmgFQYsZRjAj9zmKYM7etHv6g6f8f7sJE9lrErb6zl0vJ4W+koo8//U23jzFUZwaCkt2Af2kDXmAcXe6RirIH5/Nps5QNpce+WKm8grWf9jLeuBQQQqLMg0LvwymA2lTzhoskpHjxkDWr1
|
|
|
|
"deleted": false,
|
|
|
|
"disable_correlation": false,
|
|
|
|
"object_relation": "malware-sample",
|
|
|
|
"timestamp": "1587589458",
|
|
|
|
"to_ids": true,
|
|
|
|
"type": "malware-sample",
|
|
|
|
"uuid": "5ea0b152-c73c-4f6c-a492-41be950d210f",
|
|
|
|
"value": "artc.dll|1d6869199813a9090478312c2ec13ec9"
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"category": "Artifacts dropped",
|
|
|
|
"comment": "",
|
|
|
|
"deleted": false,
|
|
|
|
"disable_correlation": false,
|
|
|
|
"object_relation": "filename",
|
|
|
|
"timestamp": "1587589458",
|
|
|
|
"to_ids": false,
|
|
|
|
"type": "filename",
|
|
|
|
"uuid": "5ea0b152-77c8-4247-8dde-4d01950d210f",
|
|
|
|
"value": "artc.dll"
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"category": "Artifacts dropped",
|
|
|
|
"comment": "",
|
|
|
|
"deleted": false,
|
|
|
|
"disable_correlation": false,
|
|
|
|
"object_relation": "md5",
|
|
|
|
"timestamp": "1587589458",
|
|
|
|
"to_ids": true,
|
|
|
|
"type": "md5",
|
|
|
|
"uuid": "5ea0b152-36e4-4c1c-91d1-4bf5950d210f",
|
|
|
|
"value": "1d6869199813a9090478312c2ec13ec9"
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"category": "Artifacts dropped",
|
|
|
|
"comment": "",
|
|
|
|
"deleted": false,
|
|
|
|
"disable_correlation": false,
|
|
|
|
"object_relation": "sha1",
|
|
|
|
"timestamp": "1587589458",
|
|
|
|
"to_ids": true,
|
|
|
|
"type": "sha1",
|
|
|
|
"uuid": "5ea0b152-1cf4-467e-b7cd-49b7950d210f",
|
|
|
|
"value": "011e7948dc760e8c4d5f7a41bb037e9cabc1e262"
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"category": "Artifacts dropped",
|
|
|
|
"comment": "",
|
|
|
|
"deleted": false,
|
|
|
|
"disable_correlation": false,
|
|
|
|
"object_relation": "sha256",
|
|
|
|
"timestamp": "1587589458",
|
|
|
|
"to_ids": true,
|
|
|
|
"type": "sha256",
|
|
|
|
"uuid": "5ea0b152-365c-4902-a659-4ad3950d210f",
|
|
|
|
"value": "d2ac48ba8a476cd6166a0c35ebe276d136b1b82e865560b2564f39b5c7f3a3a9"
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"category": "Other",
|
|
|
|
"comment": "",
|
|
|
|
"deleted": false,
|
|
|
|
"disable_correlation": true,
|
|
|
|
"object_relation": "size-in-bytes",
|
|
|
|
"timestamp": "1587589459",
|
|
|
|
"to_ids": false,
|
|
|
|
"type": "size-in-bytes",
|
|
|
|
"uuid": "5ea0b153-cdc8-416c-a66b-48c0950d210f",
|
|
|
|
"value": "372736"
|
|
|
|
}
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"comment": "",
|
|
|
|
"deleted": false,
|
|
|
|
"description": "File object describing a file with meta-information",
|
|
|
|
"meta-category": "file",
|
|
|
|
"name": "file",
|
|
|
|
"template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215",
|
|
|
|
"template_version": "20",
|
|
|
|
"timestamp": "1587589580",
|
|
|
|
"uuid": "5ea0b1cc-e7e0-4612-bcfc-4c33950d210f",
|
|
|
|
"Attribute": [
|
|
|
|
{
|
|
|
|
"category": "Artifacts dropped",
|
|
|
|
"comment": "",
|
|
|
|
"data": "UEsDBBQACQAIAMqollCvtl+/MOYBAADoBQAgABwAZmMyMmQwYzNmMTVjNzYzY2NmMWE1ZjU2ZjM1Yjc5NWZVVAkAA8yxoF7MsaBedXgLAAEEIQAAAAQhAAAA+q8cIIto5sYfSWBd48FF5vFgdrpiiTDBRchSuuLGKVl6m8rPzaS7AW8LyzONy9aKNG2MUSviV5wzlwamte56F/a3eIpXGEW8rykLWIEHp1fhesy9J0diTyM57dpR0IW90WgYm5eiBnnl+gNEGeVnEir1G+0VJwUCbfh31KW7sxH3xcCFewKeQZkaaX8S1a4dJ1zfBL4HgN4fKIL5hs43nZ3YTZ1wKr+Puj7sRfWwlRvpiDuiIHV7ikL376wsHA7k7vTfTGgw11KMOPt9BkIIqaHgpw1IK51XYxdwLbgOXwDFs7DbRfjAB6L6n93Pe8nXpffUZvGEH4htjXN2HMM+RX5h7Iq38g38IzzkpbtrLdxwK9EEFHOU2WSc8yJwpkg9cBoDB9coV675yZ1yRpxxa0IKPz8h3DG/E+E8l8jBmRTC0DPvyXTqRPGrdaT5cYh2kkRpuGQSJfH6VKYzzp0a/zDrw666DQGJM8FB81DK0xrlZDYBlyL9hZhvFtek9fRXE9iENuH4wX6Dt7KjRZMiGZMWNvK4NKlUcwhBrLw0S73g0FJphRl/goxDSVjcGu4g0Xqbcrl4QOeR8kQihWnEGhyDGO/7bkUL/G/PqnnSe7JizbOA1tAx9hZF+ABlkGkovWSZ6C9uxugw5MfvqGO9+d9VNRGIkZIfRdAvRy8AG/kwYlld/n3FawTKhBqteWXi4rUxLrYwgLHbpia7YwbJxal6rV/MVwZQ+rSK5q/ZjoDlbwZoH6PlaUnAvDt9ZSM25k/saoHCk9327t5fMIm/2KUelOdPwY/xptpbrns+V0BLx9vMsEmTm4yQIRznnAtge25T9R027MCkZ/FGHWwXZ85atV05nLLF2TGV2gGycYyefpIy1dk94zdT9WN0KFvdml5qA15czge+owgz6HQYnozTpPtfA/Mlb94WJu0ZprKKZuK2hWSgEMtiucYHnJWP5ZutiUp/19YzBTWpgytHrNGJr3Tqiks6xE2A47CxO+Mo6waXV2IAznR032g+/kT+FkNT1ujimk6Rjg3nowDdPKXleoQiDpi2r2yGyPBqGucPAtEFz7BaOHc3mUSAHNpdo5eeO9fw6wCoKo621N/hYH1nrApp2wJ5bsLE+iT0lIfL8q05uh/JH+iw6NUmfZWGZt3nbdAY+lBk+OtPyDQ0QMFaixbBU026/eWytx1uS27Id5veZ3FmbVuhb9+8cBEqfDiamiTf48CrVTxedn41Eaih6lL6lO88t20RKUPvR8L04YryRmc0HBvsrDMpqF0JwwvxbcV7zRl2UaD3Ooe1KQHtxfsyCvktC007QmAT5ByuITzwkUDoz2s2JcTUfCzhoPvxVeDHV9EnE3NE4a4Lo6Qw7sKrfcHpolr9dlNja/mNx8LKCiSMKNmxaqY+U7w6dn6YIMbWZJFtGQhHunV/IWGaDkj4ZrRXjD5txC3HLPwj5HARyNhkp3tJ3kNhoncrcIGchrpbzROMqnChoM75TrblmhXBehKIz9f/yDdV3l6hBgtmBZQ4VLbJvgG9TRFZszXT8nmLPbY2q8XPjU1dUG99g7bf4xd3SV1iizMg3MBm5jWf13QJYe3xE49SeRf/ow8PUj2o18Jx/H4gIQqcOm7ZtAUfVEXCHGqM/JC9TwOOqvLG2H1UZGGSBBlWTUv4VxBtRJ2ZNjq1yOB/TTyHBPja0U7OOvdeI/XRy8nb3WA08C7M3WNOTf0eMt5vka7phMNIBgXIJPhhpPLDkOtLsTWjsZIdhQY4360miWPqNoIw5Dg1ZDmtocPBjdxdCbMB75BaQ+vtmhEXpSVDGpDbOGpRU1ONtC5A7e/o2hnhe1Dv05+spDoW/k5OxMiFweThYpNG2u9xbeuZ5hcWIEjzv4RmPlZlO2zzvSHd030XQksPAZztKuPiEimPA4mgP8hpdKESUcv0OpCm0c7vmsUbyXk18EnIhh+GpNIzlk/B83s7UQ9MhFpEjLnt4XVuFIgO5El5sODuKO1QtyCSo0Ec6kpgyeASJGVoltotJKDMMdFN2jg1fwiuAuyPcX1t6Bum92SIAolv5s8i7cea+uhYvoftQtBcma3Ijxse5N9g98AaXWLGyA02Y6BgFDmJOOLCnrtZulr3ZdqXoSMl/+5b+k+JgWK1MXJrt9fIsBv55sh/VU/X5AxLcY3+A6yw3wbWyzb7dplowVWNOlRskRs5Lwj7aGA8qeGH0m8TdgyEhsDqGilGh/RFJD6+Db/C4HF4suXvjXTFE1H2xVbp4xgpMeiYOCTBvprz5YjMl1HJg9pGZlVse5HE1hJPBrysNOeosyQkpS5C6sR8fmpNbn/TQUWP+xYvNwk1YP94jkJ/SlSHdLxK4UzWKjZo4CiQeJlrXd026zopL0H67tUVY4ohP/bXQevUiUo6JdWR34ay6tGPR3plcKWONjQw15+2GcCCjupwcHpvHrhibTwIqeMJb7ZVBBysobN7GbUIdJpFdlbkdHPkNf12kKXI7wZXOO307qmvCQTOYENeLpJVsxkOtf2IoqM9NMGdAimy4Da4zIlBMwGKsiBilwDsf8iHKHlULAQq/pABRVq6cPqnqeQICf0O+uZKjHwl4kpZKbNTeqIby38LfpU0L1hTR+cIFQbNA+u/eONWRcEWIIV6gfGBSfk/wqSZO6s5p0gIL9nfrPgy5aM5AEsoNtTIcGFFAzZ5aprPuHNtsDXi6VXvIFp48X4NrgnYAAAFqCjGwU5AYEV4QMDAzf3YFGwL3QS1tUgsY1SU0vQHAWW2Z5/XOtJVEB8rUqmdepVVwcb5TC6fVJ30uePBdqcMs6Kb9DKk3dyDuVkZiwwrSEzwTjxu3+41/LOJWVE8feGh4dZSkaBlPZGY+ycy8QxbI35YcPKGyq67Q5y1vaKr9/vq08jyVkzQlNqfe/LREIHJhAJhlgP316JJxmNArgxwJmxxnqz3kS26JT4EM+IYMFZJ0JMGoPP2nC9hdr528flc/bBlcDCenZxs2KEC7FFNA/ywAUxBViSY8jIv+K45L2YBISLcwdEXkUtur8T4Z+ANFKCqXZp5ZYP5c/UStLSlPEpil3fudeDv3Z0C2Pi+42zRZHry7lBt/8dXHLCMQVxGVVJ9/NGAUTCdrLZ12M/hdw7xcuYndC8YMqVGpQAIWnzA/jbH31pulv3dsGwzCWUfUsAqzF3+lcQOdfdjfso1IqukS3G2YBeRXgg7r3Z0basjHQP2io44szkXy8jL5yOvMcmWp5JRC/Ya9jWIlQsRRbAjvwb5cG53VCHQDYWagJss5e76OUu5YldOiQL4dxaeALspjCoVnvzzPgtD5Bb7m0M8ZM/B9jHXr1z4ONUcjieZj4tlDpN0ayuefURM1BKebtTxwAmp4ETwh/lEndzhhZl1aiYcTEeU3Npz/ooiViX4P+Hkxc0RPJW6SFwHocPAiUdOjECEwFtyLS6yYS9ukKBPm2Tw5cl8G6qFP17ENfRjrGqFpVkYyux68MaTm09EtG+lm4iE8IKgunDt4m/tlIoTvVqXsu9oANXkS6yue/KBrcCkgRRFH353d/Hqhf1A1hNWBqaK6wum+vpa6+aTrDdoLCGxb5SgUW3bAHXFapKfYcm7aehWBP7yeLyaoywOXVIdKKg1QbA2Dtn9XuwJOiQQio9vWg4ddkzR/zLPdig9JhWujsR1L7SEF3jq43ji0UaDO8MXvp3hh6AwX2Kok2Q4uVTiSIaZKCO7NC3YXKzpSMcS+SRvxpjlkirYgkp23qZTlzjbSLCMP4kLx+avywYVSJgVb+mGz9H6JhsawdobCiG7UbH4Nf3k+FIMnQv5H7bAR1nIX32tFHTRHvZ5vsoyO/qh2LdlTet4KH7F2e12HeFoXrTM5lD4tlx9SGl+7rCjNgjRgfpNhoL9/0JNofQ1wJ5FtziiUOyHWT/px/C/B1GpqGzD45lz1/wPazPYNMTRLF1MR+PtwEwAJt
|
|
|
|
"deleted": false,
|
|
|
|
"disable_correlation": false,
|
|
|
|
"object_relation": "malware-sample",
|
|
|
|
"timestamp": "1587589580",
|
|
|
|
"to_ids": true,
|
|
|
|
"type": "malware-sample",
|
|
|
|
"uuid": "5ea0b1cc-4ca8-4a6c-8157-4d15950d210f",
|
|
|
|
"value": "ldr.exe|fc22d0c3f15c763ccf1a5f56f35b795f"
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"category": "Artifacts dropped",
|
|
|
|
"comment": "",
|
|
|
|
"deleted": false,
|
|
|
|
"disable_correlation": false,
|
|
|
|
"object_relation": "filename",
|
|
|
|
"timestamp": "1587589581",
|
|
|
|
"to_ids": false,
|
|
|
|
"type": "filename",
|
|
|
|
"uuid": "5ea0b1cd-4060-4d63-8e21-40d9950d210f",
|
|
|
|
"value": "ldr.exe"
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"category": "Artifacts dropped",
|
|
|
|
"comment": "",
|
|
|
|
"deleted": false,
|
|
|
|
"disable_correlation": false,
|
|
|
|
"object_relation": "md5",
|
|
|
|
"timestamp": "1587589581",
|
|
|
|
"to_ids": true,
|
|
|
|
"type": "md5",
|
|
|
|
"uuid": "5ea0b1cd-30c4-4a48-b528-4f7d950d210f",
|
|
|
|
"value": "fc22d0c3f15c763ccf1a5f56f35b795f"
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"category": "Artifacts dropped",
|
|
|
|
"comment": "",
|
|
|
|
"deleted": false,
|
|
|
|
"disable_correlation": false,
|
|
|
|
"object_relation": "sha1",
|
|
|
|
"timestamp": "1587589581",
|
|
|
|
"to_ids": true,
|
|
|
|
"type": "sha1",
|
|
|
|
"uuid": "5ea0b1cd-1df8-44e7-9dbd-423d950d210f",
|
|
|
|
"value": "284afda4ceda3880864bf692f153ab0354ca7359"
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"category": "Artifacts dropped",
|
|
|
|
"comment": "",
|
|
|
|
"deleted": false,
|
|
|
|
"disable_correlation": false,
|
|
|
|
"object_relation": "sha256",
|
|
|
|
"timestamp": "1587589581",
|
|
|
|
"to_ids": true,
|
|
|
|
"type": "sha256",
|
|
|
|
"uuid": "5ea0b1cd-9638-4804-bad6-40d9950d210f",
|
|
|
|
"value": "08f3b51c8493c5ed8948ab35c956a465e0043094248d2f27a5d8fa9a696e3cbf"
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"category": "Other",
|
|
|
|
"comment": "",
|
|
|
|
"deleted": false,
|
|
|
|
"disable_correlation": true,
|
|
|
|
"object_relation": "size-in-bytes",
|
|
|
|
"timestamp": "1587589581",
|
|
|
|
"to_ids": false,
|
|
|
|
"type": "size-in-bytes",
|
|
|
|
"uuid": "5ea0b1cd-0d10-4d2d-923f-41e1950d210f",
|
|
|
|
"value": "387072"
|
|
|
|
}
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"comment": "",
|
|
|
|
"deleted": false,
|
|
|
|
"description": "File object describing a file with meta-information",
|
|
|
|
"meta-category": "file",
|
|
|
|
"name": "file",
|
|
|
|
"template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215",
|
|
|
|
"template_version": "20",
|
|
|
|
"timestamp": "1587589605",
|
|
|
|
"uuid": "5ea0b1e5-1dd0-45f4-a7ec-46d6950d210f",
|
|
|
|
"Attribute": [
|
|
|
|
{
|
|
|
|
"category": "Artifacts dropped",
|
|
|
|
"comment": "",
|
|
|
|
"data": "UEsDBBQACQAIANeollALrJdUkQAAAJEAAAAgABwAMDA5YjUzZmZmYjQwNGU3YjBkZDE0Nzk2MTdlOTY3YjlVVAkAA+WxoF7lsaBedXgLAAEEIQAAAAQhAAAA5DVZcCdPKxfpEPkX6RausqwihySatiBEByVhoWyiljpElg12JX9PcZbal+EA2aFZPamXpqZ1N+lxtjBTaRSEjlnltgBXsTUjLA7qqhxtKkBAe7op4DTCI+JWeIiNszPfMDzOarB/BJwtc0t2PsT8+BrTYkPx1wOBh4c12n+AReGI+SiG+vCb1qtwSyoHPNhQuVBLBwgLrJdUkQAAAJEAAABQSwMECgAJAAAA16iWUKL1JQ8YAAAADAAAAC0AHAAwMDliNTNmZmZiNDA0ZTdiMGRkMTQ3OTYxN2U5NjdiOS5maWxlbmFtZS50eHRVVAkAA+WxoF7lsaBedXgLAAEEIQAAAAQhAAAATVezZiSCLZLdoVu0DjK1fNXqX9+mCHW3UEsHCKL1JQ8YAAAADAAAAFBLAQIeAxQACQAIANeollALrJdUkQAAAJEAAAAgABgAAAAAAAEAAACkgQAAAAAwMDliNTNmZmZiNDA0ZTdiMGRkMTQ3OTYxN2U5NjdiOVVUBQAD5bGgXnV4CwABBCEAAAAEIQAAAFBLAQIeAwoACQAAANeollCi9SUPGAAAAAwAAAAtABgAAAAAAAEAAACkgfsAAAAwMDliNTNmZmZiNDA0ZTdiMGRkMTQ3OTYxN2U5NjdiOS5maWxlbmFtZS50eHRVVAUAA+WxoF51eAsAAQQhAAAABCEAAABQSwUGAAAAAAIAAgDZAAAAigEAAAAA",
|
|
|
|
"deleted": false,
|
|
|
|
"disable_correlation": false,
|
|
|
|
"object_relation": "malware-sample",
|
|
|
|
"timestamp": "1587589606",
|
|
|
|
"to_ids": true,
|
|
|
|
"type": "malware-sample",
|
|
|
|
"uuid": "5ea0b1e6-3764-479d-8bf7-4ba0950d210f",
|
|
|
|
"value": "Authtdvr.ps1|009b53fffb404e7b0dd1479617e967b9"
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"category": "Artifacts dropped",
|
|
|
|
"comment": "",
|
|
|
|
"deleted": false,
|
|
|
|
"disable_correlation": false,
|
|
|
|
"object_relation": "filename",
|
|
|
|
"timestamp": "1587589606",
|
|
|
|
"to_ids": false,
|
|
|
|
"type": "filename",
|
|
|
|
"uuid": "5ea0b1e6-7ecc-4ef3-9e0f-4e83950d210f",
|
|
|
|
"value": "Authtdvr.ps1"
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"category": "Artifacts dropped",
|
|
|
|
"comment": "",
|
|
|
|
"deleted": false,
|
|
|
|
"disable_correlation": false,
|
|
|
|
"object_relation": "md5",
|
|
|
|
"timestamp": "1587589606",
|
|
|
|
"to_ids": true,
|
|
|
|
"type": "md5",
|
|
|
|
"uuid": "5ea0b1e6-9140-4a66-bbad-480d950d210f",
|
|
|
|
"value": "009b53fffb404e7b0dd1479617e967b9"
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"category": "Artifacts dropped",
|
|
|
|
"comment": "",
|
|
|
|
"deleted": false,
|
|
|
|
"disable_correlation": false,
|
|
|
|
"object_relation": "sha1",
|
|
|
|
"timestamp": "1587589606",
|
|
|
|
"to_ids": true,
|
|
|
|
"type": "sha1",
|
|
|
|
"uuid": "5ea0b1e6-43c0-4c9b-a80c-4e41950d210f",
|
|
|
|
"value": "742d5399415e96bfe1a2dfd9af3b9e3cb8d8000c"
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"category": "Artifacts dropped",
|
|
|
|
"comment": "",
|
|
|
|
"deleted": false,
|
|
|
|
"disable_correlation": false,
|
|
|
|
"object_relation": "sha256",
|
|
|
|
"timestamp": "1587589606",
|
|
|
|
"to_ids": true,
|
|
|
|
"type": "sha256",
|
|
|
|
"uuid": "5ea0b1e6-dbbc-4b3f-aa96-4efa950d210f",
|
|
|
|
"value": "915ff83ab8e1a4ad1e9e63ea84bab24e36b88f9264c42085569786079232ff75"
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"category": "Other",
|
|
|
|
"comment": "",
|
|
|
|
"deleted": false,
|
|
|
|
"disable_correlation": true,
|
|
|
|
"object_relation": "size-in-bytes",
|
|
|
|
"timestamp": "1587589606",
|
|
|
|
"to_ids": false,
|
|
|
|
"type": "size-in-bytes",
|
|
|
|
"uuid": "5ea0b1e6-84cc-4774-9510-4fa3950d210f",
|
|
|
|
"value": "145"
|
|
|
|
}
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"comment": "",
|
|
|
|
"deleted": false,
|
|
|
|
"description": "File object describing a file with meta-information",
|
|
|
|
"meta-category": "file",
|
|
|
|
"name": "file",
|
|
|
|
"template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215",
|
|
|
|
"template_version": "20",
|
|
|
|
"timestamp": "1587589634",
|
|
|
|
"uuid": "5ea0b202-5a8c-4ab3-91da-40d5950d210f",
|
|
|
|
"Attribute": [
|
|
|
|
{
|
|
|
|
"category": "Artifacts dropped",
|
|
|
|
"comment": "",
|
|
|
|
"data": "UEsDBBQACQAIAOeollBN+Yg6TdMBAADWBQAgABwAODk3YjA3ZmVlYjIyZjhkZTczNzg3NDBjMzMwNTJmMWNVVAkAAwKyoF4CsqBedXgLAAEEIQAAAAQhAAAAcQr3LfhkMKhcitDhemRyajBLNOImNqst23mLd6CoR5Bsxj+qpt1lwP0SIYGS9A/ibjvpouTv9m2de8tkvr6KPbkr7jpcT25R0abmRBU3L8RAoauhsa8oFGZNADL9O3s9S/Snc9LAlU8IPUkf3sTN0miT0+rmJXV1YTTkFOxK2S4BT5cd62TuU7S2TZUX3hDZqBmAVbzcrVzElPZyFcdzw8c/9hw/gATyKLrueo5dEVkWvzItVESjLmRGD8GeWCQiBl1XQarwpPF4hZgO9lHNbqARH78WB24OuFxJNlywnHB0Q/Ff9QHNSz3FHn0loy+KsBMWIccHBVaVpK4cw05juf0RkGds2pE5YQ/sg+A5lFQctx8eHjNHZZnUeKJeX/RvniCQoC3skv/BNz3jTpTneNpwwSbv/f2wCBayLxJODEIQ72GI1z6kepIbgtBwjYzd/XQXeBz8iveDlvwnBza+NiG4Jyv7qNtnFuDPYrRM0BGL5QT7pP8SD/u+JIT7+MaTgIT81kTp5RV6XdXXOUkD3bVU+IArTggDm8jnyKV9iA8GDdsv1NwYtci1A41U0bz5WYsvxKFwwih6GHq3XbqmbFIZF7cnRHOEMcgMvOWMDQF+IZ60lWDl6+ktH/W3IWZFcWrCN3mOz627dR66r7MjPayiqmdsyaNujFIfrU4G7OTpGKFSw/k8BmmbLOm+vzG+1RFmRuslyuiJzZTsQg5jJtzzpxRCabdqlU7IpyAab2mtoVcrHywEmD67sTS9BojRWuSyGvjHA6m/9l1dBHMWYH2fnOzVZv8eZzSrQKd+U24dWkwDFGbf97+LHyXQVsft2LZzYa3qxCf7kXdiAQwTVg8wlRxtgUJa7Z9cVeLlOeBeTSfJetYDCvgoYzWPS36++AXqgVr67rEBjy+wJTqevKsaCCYvsEmCocLsA+DTkLF34P+6VqMitw84e6QFhTPY31Hel0EPAF+DyyFED9B4GeSoMFzqJCTfdTAnC5bVl2qrCMMGVUOL7Ud5bINn4ZdAkHqmlLAfRrDqoY6QLN9/8UGmTx8qCGjGGRWxM2+fDW/eNH+b4tAJmS5YY7V76UXXfE9m/xfu8UUeGR0VtBaRlv2UV/tMMLM8/al0pmrhs8U3b2f0zSQihQeV+sd8IGS3+EnRrrZAja1ho/pso+cgzwzCqmkh0MgDBFBdYQcU4bJscbHUOvSbPgToC6wqEsD3ULFZEBPpkNMTQHJ5jTbPEsMM7r4W0Sfhob/QTrX5YjgrjIbSAjCcDCoFE3QPmEgzPNK2HyO/k26f5aQIM9ptEm8tGGeS8ybvg8g2VnE8KvqpJ77DZdfbUEXuhiEwGfWFJCHwjFRpR8uVEIpUCp1cCE21Qxd1hQ3X5VATwYqmyvMSr4egcQXyht/SkpRv4fqe7q6fsAGuqxaObQDqE6rqeYHZhztNv3JVDOHcN+fsguvN+zObaQPVhLqLYPFrba3LkiwUj7HV9/v68mdwpVZROfAdRHtgfn3dQj7bKImfKrvOZqx7PChuw85oSqMaA9xJ0LgfuXCQBGNcbDNsdjAXVmNPfaM0iaRfebktcKQadSLS29F4LlMR2++Q74Tj6jxvqMEHFEbVmwQkZr2ErSyiJ+9d5httpUFqTNGHSzlQse4k2S7ur4JiSLRl+E6ez4cdOZH1kUr5ti9qirSUVuOX4cdrT5IBCGA74Fm3vmWQgLqkaCmttF2O0NqMWtAu+N0WIBiwZ9EV/syle3JjSm5UBlKSrp/q3gXR0jqTkPBdOfiK5pcB2pTrgnszKRigbDcAbGtbM32nEd2IUS/HwLxvVwyPZiqUtGbsm8Rv9zph5ysgAuqvA6CS2LvSn7sUP0IctRxrcCTVOLssHBSpdszMyklruxbeXrrpG4Nqi5IRcvRR/g5URv8ROlsbP8dE1xaYRzrVsVmSKRI6YrDIIZkDjHIJ8XRc5FHZ+h83xjoXvv+vNzmxBtYWQutUeRM/FYqQc2BWZlLbpHgraDHePXyYregI4HvY3t42R428+E43c7UjW6UG++ou1mb0AKx6rB4aJ1hSLQGwReIaYdLUBGaNRAlULSqXvcUtSBnkuVNp4h/C8EhaI9G7wOS41XXAXgYjff7GqMpPEUjnnxhn9bRHW9z8EWlY84fBxJP2iAy3eq/jt/EQcP9i5WbjLdzR78TkHybVSVeqdtfUzZdj/QqqXdVi0q7m/Fnnh2Lq7QrqR2NKoPlO0qWHErJSVzMdMofoIEfLtJZXIxwR7QohM8M1ybQsMK0wRRmPOxaVZKQ3Le89Gy/jSng9oPWyVEuI3GshQ0sJNi95mWKBFe/afPgQnPdikDKnOS85cztDvF7eshtExco1uFl2JNbE5qmyFdlzhf2yaFKIP2PCIfK9bEOqXDokbSMt2a/QDEohe1GR+R5jWCqghH2ddg4HoavYHdrswXu0z5DYcczw2nGgGBEnribXdLaUcv78uqjrPUJaz6BwdcF6HaT9sEYdXJU2CwcWy3sdUhLQ++6yiOq1asK5Z+GIkYU7N4NrOhAKJh2U8ZjLgCWJ3MKeaSYW1V/MyYCFduCgXURa8pc1Ignqg2WvnflI98/kE/+4h3NewGaElIrD4VICYqAnG+ZZreVdyjcWzmHp99Zm2GEaNoW3FiOGCVeyekztqs0n+cbWP08W7ry6c6XpMlk/ozQye9PpH9fsDWXAMU/ecmWBau3YTgj91Om4JtYrOxmkHuuYwb+FVVv98XYtIoodWve+JKDStjVQp417rULtldHp17LHB02I6B37OclcamH3HmoZz6kv8dFOVnq8Ui3NujNEPsdaZ/E8C/KjI4bQsEIpqw7JYOd0SAfuq9eqAXjCoKD6Ux6rrDsTHJ01Xd8DA1s/WKzuWCKEU7AyhXWpzVf/Xv0LMJFvtyVMUKnthjaL0/qA6l7//HblgGAKDgQf/mKLPzRnD4AZaHwjuqldJXTNSAJUeVdrT8RUVHECGJM+iBEYehWYhD1STSM+ZBD21xnOpT849ufF91wgnlxKjPexGM9bGGvHX/ZZG/mu2R0AHDpeDY24LlK8te1mS/pHYhz4KmSZj+fhU1ExL4MN/Cgsz5Vnz3GY/COIe8glNe45n+p6NMkqOTkFYPdP/hvIayM45cE08LJR5LVy28JJXypCMDry5hKn0aPdXFjbMuybmUE4DzxmOt9H05Knf0CK/h7nudpJODd8MvrYj8SRIG9f9/uSI8tkg9lpjTLOQs9WBub3Kmj/RHH9OtsZc9cfXxhvuLsU3vHOIYDs3xEPfPzNRjx2QwMxpzgEjmKPH2flLpXUpHneCsHNx4/gJz+Vs119wkr9s2/qvF00YlfN52ePOIaxM2u3qY0uebc209NTlptMjHVaVzRsE5WKEaTaGKCaZjV0Rw0IDJVk6us/RWnUvBLdg1ueuJ8UG8XQSTfHjvsviNjBDs7BIqUAfvP6WY/t6hEm8xPgYkn2RownrrW3rHws9hshXHWY7fWuaREEHPkg4Nh8AF12e0s+HxwFL2QomryRFFr2KS/Lc7pKkHCHhwBuRdw+1KMzgmM9rlMNjx41VUMziyK1ysJschs+2Qo3xx+xMf48RCj5DLSV3M5mWxu1yv+X9Ji59zo6NvNDjLyQF+VhrVMj+/NB/m844+VzbXpdr3TnogFzxcDgQXoVBApRheTQrHHMrlgfEF0aceBCvEETHmNTeKjh6+MBfPQzHeUhgu9Q35n7ucrmXiaj81HayFVsngYQKJKK/m/IOG6J6t6rWUCiDshtZe8IT3XE84ogPNbvI/gN45x8ru2iUSXohhXVKoL7zR18i+nqJxE3YF0Q6CdMHKU2jthHiBe6R7C2vdsre9nBQvAKG/xDJOCcrQNcfSoTXzYZ7evNkvSahcKKwhOZd0XArXzfWpRmSyM/o3KAFce4b5WkQD1tk7qa/DpHsuHvxShX/vI9+2oe39ZXsrFwgI/ZBn
|
|
|
|
"deleted": false,
|
|
|
|
"disable_correlation": false,
|
|
|
|
"object_relation": "malware-sample",
|
|
|
|
"timestamp": "1587589634",
|
|
|
|
"to_ids": true,
|
|
|
|
"type": "malware-sample",
|
|
|
|
"uuid": "5ea0b202-6f00-43e1-afc4-41de950d210f",
|
|
|
|
"value": "peuhop32.exe|897b07feeb22f8de7378740c33052f1c"
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"category": "Artifacts dropped",
|
|
|
|
"comment": "",
|
|
|
|
"deleted": false,
|
|
|
|
"disable_correlation": false,
|
|
|
|
"object_relation": "filename",
|
|
|
|
"timestamp": "1587589634",
|
|
|
|
"to_ids": false,
|
|
|
|
"type": "filename",
|
|
|
|
"uuid": "5ea0b202-0a84-4ff0-bdea-4bb2950d210f",
|
|
|
|
"value": "peuhop32.exe"
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"category": "Artifacts dropped",
|
|
|
|
"comment": "",
|
|
|
|
"deleted": false,
|
|
|
|
"disable_correlation": false,
|
|
|
|
"object_relation": "md5",
|
|
|
|
"timestamp": "1587589634",
|
|
|
|
"to_ids": true,
|
|
|
|
"type": "md5",
|
|
|
|
"uuid": "5ea0b202-a0a8-4408-89d1-4826950d210f",
|
|
|
|
"value": "897b07feeb22f8de7378740c33052f1c"
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"category": "Artifacts dropped",
|
|
|
|
"comment": "",
|
|
|
|
"deleted": false,
|
|
|
|
"disable_correlation": false,
|
|
|
|
"object_relation": "sha1",
|
|
|
|
"timestamp": "1587589634",
|
|
|
|
"to_ids": true,
|
|
|
|
"type": "sha1",
|
|
|
|
"uuid": "5ea0b202-4f54-4680-b9b0-434b950d210f",
|
|
|
|
"value": "e75260f9347068d26714f99719b5e65d7316f5e7"
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"category": "Artifacts dropped",
|
|
|
|
"comment": "",
|
|
|
|
"deleted": false,
|
|
|
|
"disable_correlation": false,
|
|
|
|
"object_relation": "sha256",
|
|
|
|
"timestamp": "1587589634",
|
|
|
|
"to_ids": true,
|
|
|
|
"type": "sha256",
|
|
|
|
"uuid": "5ea0b202-5ea0-442a-acab-4520950d210f",
|
|
|
|
"value": "a59d6490e8bb757d08ae3e0e800cc8b1b3d90b960e10d6ca46166a450111505a"
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"category": "Other",
|
|
|
|
"comment": "",
|
|
|
|
"deleted": false,
|
|
|
|
"disable_correlation": true,
|
|
|
|
"object_relation": "size-in-bytes",
|
|
|
|
"timestamp": "1587589634",
|
|
|
|
"to_ids": false,
|
|
|
|
"type": "size-in-bytes",
|
|
|
|
"uuid": "5ea0b202-bcb8-4785-a97e-4354950d210f",
|
|
|
|
"value": "382464"
|
|
|
|
}
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"comment": "",
|
|
|
|
"deleted": false,
|
|
|
|
"description": "File object describing a file with meta-information",
|
|
|
|
"meta-category": "file",
|
|
|
|
"name": "file",
|
|
|
|
"template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215",
|
|
|
|
"template_version": "20",
|
|
|
|
"timestamp": "1587589664",
|
|
|
|
"uuid": "5ea0b220-0a78-43c7-9f35-4e45950d210f",
|
|
|
|
"Attribute": [
|
|
|
|
{
|
|
|
|
"category": "Artifacts dropped",
|
|
|
|
"comment": "",
|
|
|
|
"data": "UEsDBBQACQAIAPaollDvCIWqgZEBAADUAgAgABwAMzM0ZmMxOWU0YzEzNThkMDk3OWMwYTc0YTMyMTI3OGVVVAkAAyCyoF4gsqBedXgLAAEEIQAAAAQhAAAAKtqGi8H2s/MKdYOyuGFQChwKL0zv+4K0xgDjZISCFTOI1ue52AH13F0X/eWCsTJTzfppIVZuGirE/LXggALVNRVBJY7uE+gvzXYyWPqLfvxqcISWtO8SORLbFsy8mdPtKWPdTLHvhsRF+mY0KWvoRc+s6yBo4zjWPUEpmXUY+BOL2FkD9Vuk0CLKw2IGKrui53hC6kcGQlJjz/NDFQp7NYhkqyw8iMJLb/gmpdlbx2T1l/9eVzPItRObUS34UTSEuNN3RXAVGftOZ3IgMkLNmsPH7/tAfe/Tfj+Td7FsAci2CsgfATWHXVrX4naykoTkjlP75F4AX3MKaLrJen+ygt4u7ETiFfpp++NMKVKcRTZdcEYboUh8MsuGE58m44X5W5E0KSoaVX4U7BNV4MJsteWL3tLgTWmNSolB5GNif3/9RBlBG8kKlKabD9QDcMdafG0vRDLGw3n/hzXwaoyuAnzT8opfBUDhxPN5mqij4QTI1VOmc83JZ/dr3tuJsHp5An3GeZJMgIr1oiK5bvwMr4IESm8q0VI8CKwCtoF9HpjV8v9gU65ienw8SX3Dmzw+4apHTDIO4M58rdS0S9jMicuve0eNpSLbDBi1MCuI+GUXrqxOOe7z9dS7WVRsNWHUfXIFC+7d/b37I4dW6jV37B1ZlX0DT+1L1flYTFHAPqfvqzMFYMovU6a56CAKYqIdrAhnStbVxek7Xi13b9CYicali0FRnfNKuZ1l51pTzcihwd10ms+kG66BSL9orxsty00KKNI5Qix1Pcv9cq99k/n4etqHaYpels1zzofKTiKFHdApH0dIoMHBGnajxf/g2Kbcb6+F7AyB9C8W8GzVUtO0rsvo9uOaDgVAXDSY5UKEFxuXpGOCK8shLPJzqbLbgZBHmlOMHQh5JM2ohp/CHv/bk7OQ3lQl+dXDEZwyUy9YjyJoNItp6u9H/exegAaf50AgY60ySJtoSbSxWBZuN5FM563qo3qoM8mg+WcD7p6vNwyBBau9bJNQhTYp7tz2nB/6rE1uRTPgbV7t5aeDQroCRhV9Dba8zGLBucAy9fOJ1JQu/ooQnuc9Ku+aK85JTOUFz8uhiFwHXVPOx3knNFqjAdFBS8hC2BSPXk6d8p9jI2B+jxD2ZZ9Z4WI0TVKl+xhYyoOOtr5viWAMKkczCyWFdWoOjGgi9wzKtwiGavx0u+cWPq9rOF3Q/zUoa/bELipEuxNRaaZbKJgBo+4ljTN4Hj4bkgt/Vleqft07pSDcwMUQw7BDfmvu6dm/RA6NOhThVI9fvJyQrrV7uKExQEWMXYBDqMunpy87P8bxHDwfSz3FabSBvXBCLM7A2eLowCCk0APvC/Z9w075bxBGfNEotD4jLmLGvp6cmOIuVG8VDZ0X8eF6jRgMgetigcEz615UQA6oS8q7PF0AGdjVYccVyGi5XhRoVEnrZBnUd6RwstMfEbjXH/La3nbw37KVRMOkbcFbUT0jRFp84gpwTgTxS99TXrJ4l3P4ckuPWL11p/S8pAcZEF9ksfSZoPpNHm94d2L2CG0TbGitfKaoGY12ixkgAqTJ0cuT475uIIYrDRMDiU4mE/eXAXjd05ltwByhjV9/KX4mg6c3j16/hw3kUnLmXUzpAMNKgDN5+OlAzZDvkWyY+zNwuWrufP12P16UtdqtTL+Qs8N6JbYof1zUp3JFG+QWc3gzoY/dgpBjQareykinUKhAbJdAaWNJ4XcIoe5YWVgdJJf9Am0CJE2ocl+a/TtP09tKF1Jld31pcWJcF502JdQPms15FUh1iaKZDhpOLSKJBkCUDKZzW3GjdxE63J1o9zm//kVfYdDtPowT9HRH6z0Di/QPaymz+oOUv+0rjMSmb7c0dmueJAGeL53b+g4T/0A38EgoOrf0OiSlH0d0XUtfpX4jPtjguG2zt4t3Jcqnmx1TNk4hgWDVQ1irj7iWDuU8GJW8YUZvV83pzX5bRp95cIjiYzY9yzlP+tgOKcdSS650COdbfYO2pQHPzFiegH4VK0QLJgx+/6irJoICO5re6TcewmBkypKxkt336opH7icTIUVnVrHMzDe9DDwSoX7smE67bHFNO52B8sZ0NOG7PjpX7zNUFtKFt94mgtARAV5yChyGf4VfaXUun1xNEknQBYGStG+12t0pM6yhwdVbwFkUDdEQPLPtEIzuQBSCaPFe/AGw9d3akfhaptmSrsGqXfM3p9fB0wYtg9Xh4yaXRazI6RMC81dBv/jjOHKg6FKNWOMHD/bSNUwNDVaQX5tq4EVoGGUc/mCSEig/oSsIPGDzH0xfQN5DQPQ9sPspLqH7G/HATxJb0I/hZnGMODq2fQUUy79RtYL/GqQ7/f0MoyUeOZh2KQMzMMRYTqsZr4Thx3jD8n0TFsICsSAYo/zGFGB80l7M+++GWecVqzpKy7I1giuhOcfrH9Pgmd/GdgHJWeSIb/TUY/FqZNtinX8e9DqM5PxoDmcOjyvMkp9yUXzXDT4xk8p6jcLKGvOMEiL48c+eazLs1AakFZ1BQtbTYmHz03huSyeWV8MaIAXL6eZpDiayIQ9I2MHALPT/bdRTP4kzPrs+zFv88fmGYh5S+13SoBCFSjNIRbEcM+aWdGPjS1HfSthNRKSJwScr6SfbTsWRMIaO2ALslmEVHkE0lfvw/nmjgDFP4ChMC1ns9tIy4HN0oB3zm9F/j1HTp2+Q+mfNqpBEBvj02DVLqnJew6l21MhFcFnwFoYPSHyjryJHeCG3eJ84OyjPX8tICWUtDSfVN+TaKWY5aFC8OAuDgq3FWoy0RNVeaBl9q+Ew+BKeHpc0u54KPw/VANZAHLRrPrZMStt1Ol7TEBtDimwCszDo0+9Gk3xwJfMAR3KxSzet0B8ZRf6a6iAi230oo/Qyl++XZgkJVBM4iPguXVifXA85yebLOVzOnIRghBVnBknf0gpHxhrEw9gU1TrTFDhASMTGTLZyFkQBwdk04/2De/i1yilXZewKzx8Xne9DEPj8RhS3W9rgrVW+qNb+5O3vagkXvjhh3Tk8MwTjIvYi/b6SEcZrbF/94qxl+LgIsViLKYzuNGM9MtWmVS6prbvRpOFFYvknibVWnMP+nSydueOwkTkzgLl8O4hKg8exDbk3OrWazF9m2A/vCcgxujxvJSeD76QxsM0RYZy/z1pvlAQOyFj/fg7CNBVanM//gveZ+nsWLnzm+VxVQXzSE9oJQ5l0eexwdaR4squPOBbIu0U8yBagbV7aeaP3g77vpy+qCNlewslVK1CYWSAJVZnJCK5f6HvlsHGdoTBmJ0jf0+baf/o8kRLvl0eS3UiyIY5Zq3Wli4K2jh3+cbZFxyrCkgQM3LhNSLeAheyeOaBUxP7gx699LKTRJFis0S4wbx02U5NET4d1gV54vCqfFdox+to7Dx9cWmJmA26sYBdVXPpRe6WWNpf+K0UdWXIK08XkY5MGwajXhW32/Snd3LG367aKiTgw9PWPjhHLCEncE0rGnvn1KSbo5EYLcqFuI2/NKPDb7ywMqtXz4LGRrbifHaUSKLRJ3oQfn5VO3vlTFG56wJ+R2DYoavcyokmMawNdWRZqgPZnEZD0PsdTiMnMSeeS7r7tGY7OKMnsVDrgzXeC9Q8c/PYxj30WeQXV3xJ28WpkOC69f33mLPyFddWv4d6z9Ogom0O3XHXk1g5FVjN+a0l9j/cir019pTJhcw+6cTtxJdyHWuWt5jvdsPR/K5TrBNFWyrVg3fVKJrwMMZU3myZW1gsxSXeoBz6xEWLazDMZuO8+ImrJp40qjMoMi1+mfXk0orus3tVk2y41HraLVfzTEcApf/Ah3woZpv1pNH9FA22aIWFi/pstuHpr3TGvT7wzV4pGnoLOoXVePpJJLtp9W22mq1aB0GfQi+0GVUVVvnuMZU9yHeNBCG8Xw3uDTUy5G37Lq08niaa40JvyOtyPI/CwWS
|
|
|
|
"deleted": false,
|
|
|
|
"disable_correlation": false,
|
|
|
|
"object_relation": "malware-sample",
|
|
|
|
"timestamp": "1587589664",
|
|
|
|
"to_ids": true,
|
|
|
|
"type": "malware-sample",
|
|
|
|
"uuid": "5ea0b220-4984-484e-948d-442e950d210f",
|
|
|
|
"value": "nww.dll|334fc19e4c1358d0979c0a74a321278e"
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"category": "Artifacts dropped",
|
|
|
|
"comment": "",
|
|
|
|
"deleted": false,
|
|
|
|
"disable_correlation": false,
|
|
|
|
"object_relation": "filename",
|
|
|
|
"timestamp": "1587589664",
|
|
|
|
"to_ids": false,
|
|
|
|
"type": "filename",
|
|
|
|
"uuid": "5ea0b220-86a0-451b-9962-4a46950d210f",
|
|
|
|
"value": "nww.dll"
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"category": "Artifacts dropped",
|
|
|
|
"comment": "",
|
|
|
|
"deleted": false,
|
|
|
|
"disable_correlation": false,
|
|
|
|
"object_relation": "md5",
|
|
|
|
"timestamp": "1587589664",
|
|
|
|
"to_ids": true,
|
|
|
|
"type": "md5",
|
|
|
|
"uuid": "5ea0b220-57d0-4d58-9c10-4534950d210f",
|
|
|
|
"value": "334fc19e4c1358d0979c0a74a321278e"
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"category": "Artifacts dropped",
|
|
|
|
"comment": "",
|
|
|
|
"deleted": false,
|
|
|
|
"disable_correlation": false,
|
|
|
|
"object_relation": "sha1",
|
|
|
|
"timestamp": "1587589664",
|
|
|
|
"to_ids": true,
|
|
|
|
"type": "sha1",
|
|
|
|
"uuid": "5ea0b220-81fc-41d5-bca0-426e950d210f",
|
|
|
|
"value": "aed74cbba6a3da72d16a205b2893865eddc2e936"
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"category": "Artifacts dropped",
|
|
|
|
"comment": "",
|
|
|
|
"deleted": false,
|
|
|
|
"disable_correlation": false,
|
|
|
|
"object_relation": "sha256",
|
|
|
|
"timestamp": "1587589664",
|
|
|
|
"to_ids": true,
|
|
|
|
"type": "sha256",
|
|
|
|
"uuid": "5ea0b220-7acc-4dfb-aa68-4399950d210f",
|
|
|
|
"value": "28b935ba6987b2784a654951d304ff2e86367b064d1a9201215892fe547b0d9a"
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"category": "Other",
|
|
|
|
"comment": "",
|
|
|
|
"deleted": false,
|
|
|
|
"disable_correlation": true,
|
|
|
|
"object_relation": "size-in-bytes",
|
|
|
|
"timestamp": "1587589664",
|
|
|
|
"to_ids": false,
|
|
|
|
"type": "size-in-bytes",
|
|
|
|
"uuid": "5ea0b220-116c-4cb6-a538-4e92950d210f",
|
|
|
|
"value": "185344"
|
|
|
|
}
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"comment": "",
|
|
|
|
"deleted": false,
|
|
|
|
"description": "File object describing a file with meta-information",
|
|
|
|
"meta-category": "file",
|
|
|
|
"name": "file",
|
|
|
|
"template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215",
|
|
|
|
"template_version": "20",
|
|
|
|
"timestamp": "1587589677",
|
|
|
|
"uuid": "5ea0b22d-41ac-43c4-a3d2-466b950d210f",
|
|
|
|
"Attribute": [
|
|
|
|
{
|
|
|
|
"category": "Artifacts dropped",
|
|
|
|
"comment": "",
|
|
|
|
"data": "UEsDBBQACQAIAP2ollB0H63kpMoCAACwBQAgABwAMWQ2ODY5MTk5ODEzYTkwOTA0NzgzMTJjMmVjMTNlYzlVVAkAAy2yoF4tsqBedXgLAAEEIQAAAAQhAAAASVl8cPrpc532bQN/iAiae+EHB+Q0ypYlAfdBg4w8rvDahkeJcuLc2qcFOw9p9VrpShlTjweoNU5J/HkvWIkUplzb1THYYGNLoBuwf8qwAt7MqElVSmM9Qf/6XOJvuhfEyBUDakAp1quNDQGRPE4s26hyQpa1u5FS3oQFS7zt1gsUbgDtrmH5GbhWHwjwkac4zatdz0SOslLjMJKE5b1h+E3ji4VXP/TIm/bx5lxNU76of/pOrE9vHK9mVBYx23xn6ciTXLTDt5WJhhqiLyfoN5qrfASfbE5aX62/YDWnUCTMlBR66vaqsDvJpIViVJ3DLWgsdRdLziPACtFJCutmmTL0lrbexbsP7JbJ/RmLLeA572GNtHzUofrgApOJtCcHpY20HnY1+aaf3PC5CsAF8vvsmBBv/5tY972k4KTP4fxuFEkpofLyX9ylkkCXyofWrZRoSaWT5+AFhJNePH+55Jzz+gInyZi+qUDn614FmefSwFODdPuSHXL7am+/rEmC2A0SZkQ0aYKSijp1nuKvbAYoDn/APwdimCSTPEWD9NLKximhTXqtNmwHrOLGAUaJy7GkFc39fcjgmjssYP4CQ7Cx92iBgBThrnzK8h4cJuALUZqY3+j4Ii6VWySWSyBN1fr4iOpHVzTWe1+5dm3oyORsL18oYT0bTbcWAHIfZthE0PMYxc5ShJb0fEC2senk3qDAb+R2fu78j/s0ZsWISZuBg473q7OYkAw2GaS3bWchOojB+N1vGf6F7pD2+IjCfaLG8HjcDQgLcW47N5jfIbl+3enNQHqXyYQf6s5BuJbVBTykHGIT7+n/O8lwFRvWAP2nZGXhk4nS/1rfGgudpUrdRivk2XEVX39A3qfkyvSnhs9KIq2OpN+Ge6s1vYeYLLmVmR9O4HfcekZO9RpzywCrvyLPN8fx9MaBstjiHD9iUW38S9NQY2gcj6nujiqEQdwsnuzIDKyncHTIi4niC0q60pCOAMBFU+FJgHHQ5XgSx2bfg5n51M++J5BzXMI1YNXn8h2MhD0spC88SX4awnywDQkk78mea1VjlRsN4zh9V4Z930yqDmkhLq2etyXil0BhtXGhJMwrsWsCtYZEgBrYAHgLnucYs4/sTDkO83QDc8qfC8t34iIg1cMzF4tm1th2GxXpKZWfEENCjxAvGIrHtUsCjn1NK9KqjF3XfZonWVlsUXEnBNwvJzwt01GKKqEszXtBVTEMtCTorQhPdxRr52ZhuCCiyZC7PUaauDb5+f8T3nr3BSOcNkQBxULzWGWTuRhkN5308wX2KJ5Xzz6k/3Fie3a0Zm4WmHwfruedWOHPKkRTEEwDARNM6PcOB6mvEdCqnKXOmqMQgtYFnciMR0JCGqoGv171XOigH1h3SsN1WAjpMWFxHNIiDPVOOCfm1HFFpy7BMOt71T+Huu4SOUcHNJovd9EcZgG9ySKyl2xX4GaFsNB8IZYxQIn1NUrs69VMX0mmNukPxUB/68KKQxX3GK+VI4gBGMPDPqY7zt5PIlamcZqUO2UqWWErTsUvChqES0iYVW9TjNJjq3CnxUN9gNSIzRZhI4PAkm9VVPANOvBtXnYgUVIgvPUVt/mmkr0K2pjtG7rbdwUC3IToPT/0LBIrBQkwuK9+3qODOppxKUlDd2I6fDsUnKRFRliyqW4h9GbAPl9iO6kbCYh/YNQKClurykWGK6+1G+lhz7SrnDUj2xxoX5QCRbAOins/zXKX/fRUsxMxsI8iZMd8tT1EysDOuZPGboH9luhGB3rEfq2hU1UXhC2Rdi6Z+/tBAGswgg0z+7RdL8PcEhXyb44exd7+dMjSv/T3yeL4KHiPMQSxmRxpmbFXKj9ZEbuVzRHNeHdXiKLcHe905b3EgMBprQqlbOABtuZP7jIXzvAKHlQ/8T2HmJrNY6GbgwqlALFi9RRuSwpLfesz9IpitpBey/cnFGgcmS1x/xLd1G8DbGOF68QdE5MZSUn7HEd9WUcIxz4u02RFkl82JCHD7XXCtfaP052MjHo998O5jVmTdBfxX7vwR/j1yQ1G5AoTHXQ95oJTCJbc+9nEXgwTUObD/Wr3bXfS3Bkmrb29h7t2E7x0Ls3NmVgr7UYUE2P309fdK6fZCBRNz0c03EzPLcXD5VR3HcUNlhmB9xEcBkLxU0m46cOcMyIm+dy7VTsuur968nR73HNXPjj0HHtrQV/b8zc+D1w3pPM45VNKwth0OK9J/J2/E87IvqGWh+SX7Dprj2V1RtlPcIe4UF38UEbYVJDG8A7S2M3W1YYA3u5+HT8nQEpr3nRMFanViSU38gHXqRqHdoqW5bmBj/zsxuI9ayS84f2I5/wpxz7man5BuK2jLa1cpBiwQ/bH32LAfltq8hLrT8BpygQQbBcrawHOmKtKBRh7/Egr9hOH8WqZFeRdamibLTxj02kse3ulJBvsXm5wmBJnmygklNvu1VnzTG/Aoh3qbjonniV8uM1raoYmkOBaXO6705zxvuCwBFnyspbzw6uPubaghXqEo5syCJ0UpsguOfq5Z5zc2etr6ui4BuM3XeYqxG57qdOs1SoLtXfoi2QL/j6eKPTHGBH8+lT+c5rNKJJMZ6LcsZb3r/OJLn4Q8tmqls6e9vr0646gH8R3ZtOEwV4uVTU0IdJy5ptmAB3M/mgMc1kBKMLBu71Q4IMLnCDJdm03uU9XmLJMcL3rRATjGc4PnWxQEDf6I343S/VhkuQjoVxRbgtm99CmrOkGBIDVhBFiP6H3+S/8l3KB8JwhwlB6TTcWjR9P9fugixryX00lU+snlOd27afWL3wMndI4eB0Llo1qmNgi+N6UEld7yxg+mIce4LQHezKKK3yiAuJxk289WbdYpYBbNNBVqwb71EEV/juBbZd3sD+NyENCwYwB8PBpqeLCqADc4bqtjwnhPRi/aitCFCqq3eMd86pzLt7khcNU0i1eK88EOnG65w/EbxfdWKvZKI+u7JjLWLZPhdxmiWbO3WTvA/4rt4EbLqwd6Eg5G3d4XVeaXPR41rlDl1VvtA78DNiJWw1ITVS8nP9tOgp1abPmy+FZSzmX6Ri/C/kNb1Zwu5SYsmjCiiDxwlSeB8yzxjeIefLX+DmnA0yAq1m3kjCkrCk6kKe1cmMus6ZUS/F2+y1iU+gfnZRLZa92QqPcGMuAQ7XAnnfg2YyfSlC6LJTMu/5vI734DoH3uXQS8XFuvPz6eEcDj+UVHr1bcE0fHpDGQiQdt0qrGSBhZLrFKQqAkFS+Dx7qsGhOpUn0Y21jS3RntwftYCczlFo5swrfnuJRz94YoR6XoQQ+xVXwmQ1w+u7DXfGc/b40wtq08gRN3tlwn5VR79wXPuxl75O+uTx+q6TbgJGUiwbU4hZ59YSYRiFM8LdbwI8lEXvd60pPewyCej9mJuDu3n40tJ27hhSEfeVIaPufpZIAbKOSx0xeviACD3joaXdwfKMrV9XEorX056tm9bidOp/B8iPbRAPd/UYAK88LGEdQG80efWEIwJbwM5JYD6Jis0Q3OhVCD2miguOlxxQ/WZZJW2eKddXY5eLKWN6Pgotj9cyvtwTcpIJo+wuM2noBTazo+rpIKeo3vEfPDiBaoParZkKc6O3OCiNNBTPBFMQh1/4SDNPSRYgrsYaa+cgVJjdrZ91lgOPrq04uZoB4SOM9ZFRi3TmdKD7R0L/+fLMrRiGoQEc3h/LoZCxFxoo+rpwIToXLhCbDo5qtq52b45638eVkq/ZrvNRgpdXdJY1/NuxH3H0njY6ZWQQYutunhvaVYhWev3BDtJxYd3KkjxtistXPILwvrJ8cXXYlaOs36Z3ueYvn/9sOFf8N4TVJakAMEWxmY0SgL9rf10I+DW8HYGiDUVBJ8u2tr9XEGfT3ZBxAKIBuEFVYzLc3PsENelviDEX7ckqGSEnqMK2uTInlnuehcr4ZWmOspJLjG4waxwn8oB
|
|
|
|
"deleted": false,
|
|
|
|
"disable_correlation": false,
|
|
|
|
"object_relation": "malware-sample",
|
|
|
|
"timestamp": "1587589678",
|
|
|
|
"to_ids": true,
|
|
|
|
"type": "malware-sample",
|
|
|
|
"uuid": "5ea0b22e-45ac-44a3-85c8-44a8950d210f",
|
|
|
|
"value": "atr.dll|1d6869199813a9090478312c2ec13ec9"
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"category": "Artifacts dropped",
|
|
|
|
"comment": "",
|
|
|
|
"deleted": false,
|
|
|
|
"disable_correlation": false,
|
|
|
|
"object_relation": "filename",
|
|
|
|
"timestamp": "1587589678",
|
|
|
|
"to_ids": false,
|
|
|
|
"type": "filename",
|
|
|
|
"uuid": "5ea0b22e-8398-42d3-935b-4607950d210f",
|
|
|
|
"value": "atr.dll"
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"category": "Artifacts dropped",
|
|
|
|
"comment": "",
|
|
|
|
"deleted": false,
|
|
|
|
"disable_correlation": false,
|
|
|
|
"object_relation": "md5",
|
|
|
|
"timestamp": "1587589678",
|
|
|
|
"to_ids": true,
|
|
|
|
"type": "md5",
|
|
|
|
"uuid": "5ea0b22e-4ae8-4a71-ab5f-4eb7950d210f",
|
|
|
|
"value": "1d6869199813a9090478312c2ec13ec9"
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"category": "Artifacts dropped",
|
|
|
|
"comment": "",
|
|
|
|
"deleted": false,
|
|
|
|
"disable_correlation": false,
|
|
|
|
"object_relation": "sha1",
|
|
|
|
"timestamp": "1587589678",
|
|
|
|
"to_ids": true,
|
|
|
|
"type": "sha1",
|
|
|
|
"uuid": "5ea0b22e-2048-4acd-bca9-4e8c950d210f",
|
|
|
|
"value": "011e7948dc760e8c4d5f7a41bb037e9cabc1e262"
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"category": "Artifacts dropped",
|
|
|
|
"comment": "",
|
|
|
|
"deleted": false,
|
|
|
|
"disable_correlation": false,
|
|
|
|
"object_relation": "sha256",
|
|
|
|
"timestamp": "1587589678",
|
|
|
|
"to_ids": true,
|
|
|
|
"type": "sha256",
|
|
|
|
"uuid": "5ea0b22e-0a38-421c-8771-4aa2950d210f",
|
|
|
|
"value": "d2ac48ba8a476cd6166a0c35ebe276d136b1b82e865560b2564f39b5c7f3a3a9"
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"category": "Other",
|
|
|
|
"comment": "",
|
|
|
|
"deleted": false,
|
|
|
|
"disable_correlation": true,
|
|
|
|
"object_relation": "size-in-bytes",
|
|
|
|
"timestamp": "1587589678",
|
|
|
|
"to_ids": false,
|
|
|
|
"type": "size-in-bytes",
|
|
|
|
"uuid": "5ea0b22e-be24-4747-b85a-4437950d210f",
|
|
|
|
"value": "372736"
|
|
|
|
}
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"comment": "",
|
|
|
|
"deleted": false,
|
|
|
|
"description": "File object describing a file with meta-information",
|
|
|
|
"meta-category": "file",
|
|
|
|
"name": "file",
|
|
|
|
"template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215",
|
|
|
|
"template_version": "20",
|
|
|
|
"timestamp": "1587589694",
|
|
|
|
"uuid": "5ea0b23e-7268-4c60-8e21-484a950d210f",
|
|
|
|
"Attribute": [
|
|
|
|
{
|
|
|
|
"category": "Artifacts dropped",
|
|
|
|
"comment": "",
|
|
|
|
"data": "UEsDBBQACQAIAAepllDJhF/S8AMCAADMAgAgABwAZDgxOTE3M2E4YmFiZGY2MjVjMjc3NGJiZjE3ZWQ3MTBVVAkAAz2yoF49sqBedXgLAAEEIQAAAAQhAAAAVYl3KiTekOS7UEQ5cH7zesx0blm1sKJzb4Vv5a6b2iLABKvTt3GnmVlfGyb9nTjS03nohJ7Orzisw0aID4qUnVFgdkU6m5l7yW63EAPDIBY/MquO6Ed+RSA83ykqvyWYpnACuylvWsmuWIm+DUFQh/lm+EexKKIQh0FlrPdkx8wT6ZPVa7Oi4JLKvfUb/wtS9wcukzohK6nc+7FL5tPJX0PV/eaQ22+DU9WfKlCZXVGAuvvWCJo4aNEDXC1uqyslOk5CzzezPNcXKPXDGX0f42hXCDCge//F6rIk41YW5uzTKrAt2ZnLmGqyntNgzv1LDnmC4zanBn4FXAfdxLqxJQ4JbIdyf5SZpFEHJzSEY0p0VBtwCHrG95hmIVTCzo2P0FhXeCT3k6ZLfirh49IfsY85nyHK8GmVQRBN4xEQK82VNBy+px34BZD+3DGNp1bgIVe2+ILhJPA0+v1TTnc26+hr2Rz5IN9N8McwxuovqccD76Jk0f7YgEGjapm88mwIUDIBUgZnhKn6p0tbp5g6hiDVpHkq175WrqREh4Up3ZzlfLv9h4iA/HowoxyBe7PNs+qWF6UaufXNiDYSqqiUQh7FUL6FVSMWTRZrbS6Z9MpJCnFFvDEIGIBANm0xwDCOiYpRwvCHUZiOUjtW0Y3LjatNa3c29dPn8jgdz8Jazj13K8guLYuzDXY2lPbPTqoGlgVeb3I+02IOP5UCf83Yad7AIYiTf6u6FxEwPRNtG7PrcfnTPVHtz+9m100venfiuA7mnnJfNeqfdIWNVsTQYtHU80yzf/Q7b7ll2Z2GOuTABwX2lfFDOIk30WUSC8bSLmrE8xrQgV9RgxwBQhWNEpmpV1zbFZjay6EuguX4nYYoylwd8CnE8XgUo/b5EprvFPg+n8pef8sCqj6AMnAGjz5IH6LCg68GhbqLIf+hKIsM9U4ZmDcmaCaM2SA7GUW/vaVg4P0/vNWt2Vkt17gw8rwsRXbpGfJG7GTOPc44JcpieWDzMrEw2RyyOqKrhK56cVdXCZG7IS/lu+C1OvZ0karwYyQEjRZlJZXNDqI86Oy2J1tthh9jbJyvJewFdiJuZXIirmvdZj9VPYpolb8XpRbf9engJJWcCDyhv8qeK5w7Z2U3KheRZY1EAcZU9GQqZDJZQv3RbZkRs8H4h/T5DKuu1RFATiG0a7HsFZnYMwqezKVGOBna2bpbfLca9LsjXpix0H0BYw3zw8jbDAu7GjMEhBRN3aH7Ekx3dqIlSxvgJUNlq3jfBIiB8yZ2ym5XxdVyjZr++0zWRtjXV7wZthcLwwmo8nyhEsUGqmsaYq4YRCPGT9Gx83rJUZDK69t+inM2EJJcqcAqu/lfhHEiiEkktW0cXssSGET2ug9Fu54auh5J4grtB8Z4c6D1acIam8WL8kE3Ivmyawn2uey3dVn1yG8qbq6QHSGouPDSuLEjFyGhgdvCSV9RpisyCEqYY//AVsQUFFTl5YXjPIq0oWYZHzaHz8zeDcqRJajjv72esWXhJxDBceRSxwreWTAeY2K6JGP7VdK57+TEt3817UBtaNnWRNH/yIvasFjYMvrCK8L0u5n+HXaLJhevQP6F+pZ05q5O3FXmzK6R0cBGVu6LGGiEBcbVS/Po6RUfJ0flqycy6Rfrgl+QuBShPSP0YhsYuEojMtBHSdIu6bByB9zLD/avA8BKbCPfUn8LjgUwyPUEjxBnim9S1qdx2/LvGsHEnFnlHHxFbfl5sKyqEEdFAhFiiw6otAzBisHBAxUZ2HyajAR+G6qSmjLqNZ9N7G/bId/G+445yYArjqVp8h07nBBjEfokr3Z/0H2hoorKA9Med61B++6N0S/4pL6wUX/ErHjIMuSWZa4jhz6Im085l9dzv+DNvgLJbq7MHRmZpiBM35P2TnHyqC9rCQ/CBngaHvLVToL8kyAjILl3kb7bLA1kbRIddPptOea+N+968/x7D+jDI2ksXlPrA0zGkpai+WSILbWn521txeyoVyTreRNvqdGeAnr2SRTRRAgpQxPqM2Wwd1puCWu9UNQYwrWRVN+UZyJJTZF/Vu2ekA3NOwJfyhX/OIiGR9IdRqOmWRirh+brYHhV46EWiV/re4bAG6/SHCoNNNYkLu3+ew443tB3khjqYWajWOTv+zxxph89mUJQx5fGsWm3dE0OI744OMTpIgDwCeH9DLwQkUCGkU7+DzN0DOX0pgr7NRpSvtOBHVPMCHndmVKNndrnRXcnmp4vQrDKeGBkcSWEEykqS9cn+Wjp7X95UPFIOh1mcq/nCylLVSBh83oUkMnxAL7LcNBz83oTpN/qoOXkz8SLvin2qJt5jUtE/6N3fdGalcUAbXv8rR4j1t/NHw3YzoZ0MEUOkMPdUd3gQ2FiePh9nrCvYpuvTfO/fmymhaFK3SovKnHjrHhZUemS3R82VhW+QQCAlIVe0qN/lzwLaJIMmDJ/yJK7EYK6NTuzAIz3T3cyVMdtAXLKDjS+hmLobADGgiLSGu6+6esFKq+oOkZ91bGCbtwBFp+MpwfkGG/zCHmE8MH6b4GQGp2lyrmR+0ZseRaHU8zt+p9b4rMXKDdBFjytgJgfN2lXL3Vrz36Ka4GDfuupzRx6ArBgkXHi0NPnQbDJsTIaosiPnIlfI0Qkk0HMnFluG2+6AZE1utZfmyZzo0xY6OseUJtK3xmLdZdddR6+Sgk0r9fgUnM20LizLCBuE0j1qdMTn31dVC93tHQFwgp5euYRSf4YObn/CU4MgY73BvJRZHbKWbHHzGmOMUAHmabDEbiRNXW7+1xbhrSdU6wjrhRaEKkuW3o9pCfyjv+ZgCEXUVR3cVyPPMEj/OP+KODyqkTF2PrLdbSeWIPvHKb2VGtoSI0b5N4SFxwuYNtgWcg4hlETMGyjdY5AQXWZ0uOlVdJkhOXZVDa7Mu1Z38tmTaQTfF3vVQw7wp0yI1u6hr1SkBGrlocqh/pjJ6pk/QAeo2fFLDOqgvUPktd6vjALGX0diTUUHJlsqXQFXSEF2zhqYcpQVFuoXqSJKVrv2BJKbMUL2LZvjpbbj6MS/epEcecQz2Xo75h+mailGRNTKaePGda2W+3iOOK15P1M4Ig81in7/cj9wUP3nTnR37pkbYOcyOmIbQU06ldC7l2UiCwcm5GuVEBhKZYKTpNFvZ+C0DCUKv12vg3dJ2iB8j27yS5N6hicSWcv7jGI7D95/jxmxdx19IvRr/ekSTrx8+/yBHw8bQaYmch/wGkYwaBfkdaJoOxaRpdrrLA69dNBloP1HL7ifktp0Nx3ccMAhdjsQkqpMJ+olfz2LpCIjg7+KpbWOxaYnO5LKCR8TQcpjiOobCpcnlac0WuPoUzSf35/HtKtfI9RnUsHvlrqm/KB298t/Gzy1x2w3cvMppXCBCRxmkNBPzieM1aa9tD4l2jN8KVy/tsVJLlK00M9RpsDJlUXaHjMPUj9tZ22gVvQCwZCiY3XuQTlDXMOnMqbVUscSi7YJjv3e7V0C4z9KoqxUk6hGoaGhZIr89MbEaZtjcL6nJ4hJi99NPchiyvfXp2MSRtcO7rf1p4nYLpRVuv8k9srDJhc6STjQY6Pk7tZ4HAM0lE4nnZqxA0MkulfGxSBFnTOo8Efw51top7DtL9E+LVXR8sFsLh/z4u5YDrA84e0mM+mkA2TV9mGKXJvxqhn+VXk3ElM04qY8uUkjn/r3h7dUXhUR9HHUrIsDjotFAKht3of55cH2mMoZd00URpISfLa9tJ/4esN5OHjhBRVwpLTVMaBb0gGQa2sQSsY8U70hhIHwuvTJVNrjpu0qhFXlYWBHRHF9i4OuvliV8bUHpy3b8LJ/OffGxdPNBl7jvhfZJS4RtbxXUcwza9asunAI+DXS4/JE+yJ0N0fxCas1ldt4IYTA6HPFXYEnALnPPeURax13X1sebMTRq2LfXBZrerObnvBl9+ClQv93w
|
|
|
|
"deleted": false,
|
|
|
|
"disable_correlation": false,
|
|
|
|
"object_relation": "malware-sample",
|
|
|
|
"timestamp": "1587589728",
|
|
|
|
"to_ids": true,
|
|
|
|
"type": "malware-sample",
|
|
|
|
"uuid": "5ea0b260-c5f8-479d-bcd3-4d99950d210f",
|
|
|
|
"value": "QaBJCQJnsODD.txt|d819173a8babdf625c2774bbf17ed710"
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"category": "Artifacts dropped",
|
|
|
|
"comment": "",
|
|
|
|
"deleted": false,
|
|
|
|
"disable_correlation": false,
|
|
|
|
"object_relation": "filename",
|
|
|
|
"timestamp": "1587589729",
|
|
|
|
"to_ids": false,
|
|
|
|
"type": "filename",
|
|
|
|
"uuid": "5ea0b261-5c6c-4f9a-8dd5-44d1950d210f",
|
|
|
|
"value": "QaBJCQJnsODD.txt"
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"category": "Artifacts dropped",
|
|
|
|
"comment": "",
|
|
|
|
"deleted": false,
|
|
|
|
"disable_correlation": false,
|
|
|
|
"object_relation": "md5",
|
|
|
|
"timestamp": "1587589729",
|
|
|
|
"to_ids": true,
|
|
|
|
"type": "md5",
|
|
|
|
"uuid": "5ea0b261-d208-4cf9-a51f-413a950d210f",
|
|
|
|
"value": "d819173a8babdf625c2774bbf17ed710"
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"category": "Artifacts dropped",
|
|
|
|
"comment": "",
|
|
|
|
"deleted": false,
|
|
|
|
"disable_correlation": false,
|
|
|
|
"object_relation": "sha1",
|
|
|
|
"timestamp": "1587589729",
|
|
|
|
"to_ids": true,
|
|
|
|
"type": "sha1",
|
|
|
|
"uuid": "5ea0b261-e4ac-48e2-8d91-400b950d210f",
|
|
|
|
"value": "629e79904edfcbede3e7d4ff9240c8571d8e2291"
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"category": "Artifacts dropped",
|
|
|
|
"comment": "",
|
|
|
|
"deleted": false,
|
|
|
|
"disable_correlation": false,
|
|
|
|
"object_relation": "sha256",
|
|
|
|
"timestamp": "1587589729",
|
|
|
|
"to_ids": true,
|
|
|
|
"type": "sha256",
|
|
|
|
"uuid": "5ea0b261-e200-4a2c-b8cf-4743950d210f",
|
|
|
|
"value": "588058cd3661c48b372ad870ce3e03af62e61ffd917355895ac8342736704673"
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"category": "Other",
|
|
|
|
"comment": "",
|
|
|
|
"deleted": false,
|
|
|
|
"disable_correlation": true,
|
|
|
|
"object_relation": "size-in-bytes",
|
|
|
|
"timestamp": "1587589729",
|
|
|
|
"to_ids": false,
|
|
|
|
"type": "size-in-bytes",
|
|
|
|
"uuid": "5ea0b261-33fc-4e68-ba47-46f2950d210f",
|
|
|
|
"value": "183296"
|
|
|
|
}
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"comment": "",
|
|
|
|
"deleted": false,
|
|
|
|
"description": "File object describing a file with meta-information",
|
|
|
|
"meta-category": "file",
|
|
|
|
"name": "file",
|
|
|
|
"template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215",
|
|
|
|
"template_version": "20",
|
|
|
|
"timestamp": "1587592897",
|
|
|
|
"uuid": "5ea0bec1-9598-455b-b114-49c4950d210f",
|
|
|
|
"Attribute": [
|
|
|
|
{
|
|
|
|
"category": "Artifacts dropped",
|
|
|
|
"comment": "",
|
|
|
|
"data": "UEsDBBQACQAIADOwllAIDU7bgM0CAMKgDAAgABwANDhlODFmYzlhOTVjODEwNjUxZDFiNWE0NWZjMTM1ZDVVVAkAA8G+oF7BvqBedXgLAAEEIQAAAAQhAAAAqycwB1PQABtLu8yKN1kg7sl/4ZwiS4WXp6WA3Jmn9LRYUcs4hoHCYiAHzPYxfi8LphP8qt5fqItp6UHgPnz07ia1OzKSQ3DrrmKHUDifcAk41Vtsj1YshWaLDsMTzOWqGC7P0UM5cwWQT5crZcs1poKisW+FCBlYm+wUfH7AD3ROdw/hnT/7rvmTXFvzScvhNDgwGS8ggw/0bO3hBwHCt/1GxX1xiF8yW0rSGOVg4aiQbYwe2m/lPORCkBJ7rkmKFiLLmJCGlvXMjO/7bp3eCzxqJS3uYFMxlr/5LAqiHEFx8HrYcWaB5ct0GEQm3j1rz646LBS4p5/5SvseaE/8cAmkraCCcbY/j9n1Tc9Yk4n9C6D7EvhnALTfWRsqM27j1a3XJI53zOt2X38w/L3uC9mQpIYMyrSqi4nraRm5vb/YOu3zGJMZyauGIPXix9fKW7vPTUSFu7ZkY3vdNS30095Vlc3lHAYuGXbhA4EwzO3W4HtYR5CIgY9xwdh/YmDIYc8KjnRwh0oo0UQ6+HoUzFVpx7r18KzZsxqZ6SQPwGHNfhLEZAuZQzgW6Kk4jfBs27aJhCMzfUHl8dgn/svs1CoXdgcNaRLovCVr34aAeyZWNxgWfy6hlwzevXmXtKpkOT2ObT5sc9zXirvtds6BvMb7u6V3yqxJW4ljLY3WvSBo3MbQKK6nVkMd5t+Cdb7TJ3u8PTANQioNMKocawvRWHMGEQdaCSec9SdOpuriBlHDgq8xUmK/soIqv9gNrK8m8RRo5Pm1GidwR31jYpSzZKHIGuXMxq3JTUSxjdaZX5FYP3jGl3q0B1aOYjb5G2SlpW0PM8ijJ8wVR3pE9QU+D8wx9GtdbWxI33N5MZ5EtOgNAnXPPY0a1hQPKF6/ZXMxJe2ELv1UWaGVy6ZF3Xps9n7FehQcyVPDmUUwTGHLZwPpwI2QDbPrti7ddUyl6d1pIAhUTyGKW/nhewogJgGXvTYtXG0kQeZMrsEu0DKXAsdGPFlToo5f8AmDJ30twDlCSPrGZhqMWIVBB1mLlp785qzixXfseFbjo5Bf759fOrgqwC7KZQgBEM6eVd4S6bTiJ8JhOeWfJZhDMpHlkUTs5NlFnSo0gtunaCWJS/c8pnLsg21nXPBzMTGEAoDeBwrLLz/PKaJab2VYfpV3kzzbnEtif07KOwLAOdK/hpW0e9CCLerh/4cGTEhqEEpOFI3ce8fL2l5yW1TSTllr95nO8HgqVN2J75TW6B1z+g9NYWfT/bumT/oucfLBx5N409hFYUI7JREl3gYLbLYQXgaHI0SltrMjJWMEWaVHhcgiUPHF0onRK91v0wgzHRwB+NrU63YHoOaLf7Jo/nvsob+sEM2TYwq3oxYsFgiG6MhZJkJ4OLL0Qr8VOiwSCpX93OGIt0KSl6H4bDRZdDuDe70UO34MZ17QwDB9Vthc1/VW0HC2wCFb6t1qliTU71djnc1/RsmnXpjU2g40FRMW7zTMLImNfqA8XtdROIQAgcNTYSjuy88bYrNfreB/DVZPAOS+72zjpK+LQvtii+yFCcHX+cJuklYxr8D4kO72ZOZ6UhdKJfvj4s3+MOeOK7bs7uvAKB+minSDIK7MbFkZQ9ltD5GmlUCuQO3kL7tHj4SV2s7oRjEKa+FLJbkUf4wYZh+2BlTr8i1nj1UqvhvWSFagAYwF27LiQ4iNuLnhGQOBqaLE5xbtv725qCFdOZkmUBDSKVLtZw3DqZ3Hj2QTdmF3cFa9Jtb5siO4Z4v6emApTCa/b8Dc9J/uw/tsHxkL0yxLEPO9Jic0sYUeWWzqDt46Gq3alPuE/Psj0LWr/eYRFX1pPnBAz7Ip1NtEr641YyJyObdPoZ10UuP5KeoLiYEUm+KHf8B+mLJ4BLo0x4vgnkqt9/TKW2z6U4eq4+MZibqc0v70VpBFRJAxB4OWM9LICJ1xavtmCnP/nPEb5d44hLbYJM7RJVmWzklOU4+cPwj/i0RXj+5f1gP+zVTMsEQs1CEioMrfmoMnnLkr2Ru7XLM1xEO1jaweCXG3ve+Z45xt/gYRDa9+nkNLD3lBW2+tp9OmK4kirWX1WpjFYkcGlQTDjvp5nl3izYBSnM4Pra29hcmrdKk4n/8JYow7uURcno/O9Cjnh7CFBHzjbMJFfhEaq7AbwoFrcuo++NEMDg3Grm6bY7L7ooLJo1WM6VWELfVt15djwZxKRJbdcza1x0trgxvjsnZs6A7Ao43kOAyVp+TjdSISeR2GRcyK5zwZxB4TblIMrrBlN5KWw7tUGFOA7CZ30u3dTYcNYnUbDFgJaYEHFNgHO+hI5kPm+34rx/0qYZQxl64ZAHvwyzXGzi9EKPpA66M5Sg+9rRhyzJ5qXTZAhJaFq/SDesf1hg3uZ4gIbGYIxl0MIige5zX8OrT944Zw1jqWgdxvmADEEUYLWyfKmlIOBxvhWz0JezR7BltyPdBRxuH+9nTHEiyXae9numTgSYNpbfAjrOsyDg2XjZ/Nc/AU3JbB5IaXg6ehMJDD5J2rPULT3/2ChQz2GmgaafGqVKd+VR124f8ON8iw2kU1YxsP+jVkM33uxCnmAYbQWWJlcu3FryWj3K9bbSN7yXXTCcIU4yfRSpbvFM3J5YKdmUeIeWCJNu6uyF1S7ZlpNtIkskgGiQrMP4wt10Ln6YOmhbzCVhgvpV5k/XPpPV3ShJ7qnbcHlyl/d0Dh9IAlJ5Zyaq9TKFEBuZBf/NrsIVMj7qWWID+OVyTUIF5LHvJA+D7Vj2jnncNfB+g9BnRlmy6WfpGX6WkSnxtCM7F83LINbBHwTIhT8E4yA2c4bf7eTf96ttSnmj25JD0ygeTqfN5GmZuqmjHv11hYXZ2Zx21Dk4v5bB1Vu9j4EPsWPdYKH7FhmWLAAhW3UbxpQPT6cPm/GRRNcSJfz29yS+6PjWsCTPErB0GkF1B/phCS6DfAccOVxjowDFfq8lVvunR+lHyie2aUJ0nQ1o7R+GfVqFUIkKKNfDv5uFmi3yBo9EhB0NE+h7XojZkqWYRLDCEwVH/i3RbR5lH0cqpJm3gjr96e7JnnpuQ8bny90c8BNbYS9pqixves+VyDYjB4qxxN0gsQ8GUvYQAIIyQu5Eo9XNOpf9SwBo7Pedfna/M3gOmIEmsjK/JYRHGJFs8VOTG0+A3OHbS3WoWfnwCzEQqvF65xziP2LertS3ruUO6f2+k83kJYE9uroT5iaL9prSFQwZ+K/uMJT7lQD2R45MGJbqgU8g6q3IJtXjE+1pH2yKxnSJK0Bst1H2Mi90CPuAib3O9oH5A99Pueyw2Z4rMMbpcDg9cWFBKa7n/5Sz9K/KCD5HyOeyDRBFO1vg7EP25NWGB4KUMCW911KuOKake799EWCVSwOldiRSgFv03LKiNZl/mN+NObeO0g0XgNYSQI2d3nNEl3gkC8IKK3aY7DYtPOt9NG6XDXfZp0i/nNNTUMefpLhbHAfn12dCuKj18QszlA6da0lH92j9nkkrW7KhiHr1fBsDPjR9mGvVkaoyToLc70NHbZC8LA8SsaVmj4KtCEOWcMOQiboS87hIXn2TgbgN6gZ9mJoHPstTBGs04WHkXkMjao6NAgRFy1R+lf4mGbJLucITPOCi+FQVjPPqF4SLJb4vOth/hi84KCbNwPXKN7q9sWArXKOtj6NbDXcNYTYosrQgw+SLVwkZSVXh7zPn5YWnhF2XQ3hG7Tgz9AlOh0rS8VhwB0PI+6xdN282NcvYd5iMY8WVXpQNTF2GQRwAFcynrfoQzEx3ud+t3iTJtaIkuTOdy63glE75e2IEFuvIJmso9fbkwOHdxenB2Dj0ZGdaSEwlyVCnpjUz0f26szekU4uitlF/7Lo+VO07vBr66Ybqku43LFUy4WABpXp0QA1Wfkq4tuMTZ31eJmjJ2ojRRQHxr7Gbt+Unie6Sj7gEGBXyVsoT+ndhy9G8yBgA
|
|
|
|
"deleted": false,
|
|
|
|
"disable_correlation": false,
|
|
|
|
"object_relation": "malware-sample",
|
|
|
|
"timestamp": "1587592898",
|
|
|
|
"to_ids": true,
|
|
|
|
"type": "malware-sample",
|
|
|
|
"uuid": "5ea0bec2-431c-4b6d-8dbc-41ed950d210f",
|
|
|
|
"value": "CHxRrver|48e81fc9a95c810651d1b5a45fc135d5"
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"category": "Artifacts dropped",
|
|
|
|
"comment": "",
|
|
|
|
"deleted": false,
|
|
|
|
"disable_correlation": false,
|
|
|
|
"object_relation": "filename",
|
|
|
|
"timestamp": "1587592898",
|
|
|
|
"to_ids": false,
|
|
|
|
"type": "filename",
|
|
|
|
"uuid": "5ea0bec2-28e0-4d0e-895c-4bc9950d210f",
|
|
|
|
"value": "CHxRrver"
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"category": "Artifacts dropped",
|
|
|
|
"comment": "",
|
|
|
|
"deleted": false,
|
|
|
|
"disable_correlation": false,
|
|
|
|
"object_relation": "md5",
|
|
|
|
"timestamp": "1587592898",
|
|
|
|
"to_ids": true,
|
|
|
|
"type": "md5",
|
|
|
|
"uuid": "5ea0bec2-f8e4-4c57-82c9-4ffd950d210f",
|
|
|
|
"value": "48e81fc9a95c810651d1b5a45fc135d5"
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"category": "Artifacts dropped",
|
|
|
|
"comment": "",
|
|
|
|
"deleted": false,
|
|
|
|
"disable_correlation": false,
|
|
|
|
"object_relation": "sha1",
|
|
|
|
"timestamp": "1587592898",
|
|
|
|
"to_ids": true,
|
|
|
|
"type": "sha1",
|
|
|
|
"uuid": "5ea0bec2-349c-4c3d-a28c-4498950d210f",
|
|
|
|
"value": "982ff97a4325f1707815e6ccb6962decd2df75be"
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"category": "Artifacts dropped",
|
|
|
|
"comment": "",
|
|
|
|
"deleted": false,
|
|
|
|
"disable_correlation": false,
|
|
|
|
"object_relation": "sha256",
|
|
|
|
"timestamp": "1587592898",
|
|
|
|
"to_ids": true,
|
|
|
|
"type": "sha256",
|
|
|
|
"uuid": "5ea0bec2-b804-4653-a63a-4e27950d210f",
|
|
|
|
"value": "926f8cab4714fda8068d877c2daa79c2b8ea3a91cdc146bd3926f8dff8a20b59"
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"category": "Other",
|
|
|
|
"comment": "",
|
|
|
|
"deleted": false,
|
|
|
|
"disable_correlation": true,
|
|
|
|
"object_relation": "size-in-bytes",
|
|
|
|
"timestamp": "1587592898",
|
|
|
|
"to_ids": false,
|
|
|
|
"type": "size-in-bytes",
|
|
|
|
"uuid": "5ea0bec2-3ff0-446a-85cb-4d57950d210f",
|
|
|
|
"value": "827586"
|
|
|
|
}
|
|
|
|
]
|
|
|
|
}
|
|
|
|
]
|
|
|
|
}
|
|
|
|
}
|