adulau/misp-circl-feed
1
0
Fork 0
Code Issues Pull requests Projects 1 Releases Packages Wiki Activity Actions
misp-circl-feed/feeds/circl/misp/5d71e617-63fc-4314-bbc3-29a606536f63.json

1536 lines
1,005 KiB
JSON
Raw Normal View History

chg: [feeds] updated
2024-12-27 11:52:46 +01:00
{
"Event": {
"analysis": "0",
"date": "2024-08-27",
"extends_uuid": "",
"info": "Malicious comment on GitHub pointing to malware",
"publish_timestamp": "1725351437",
"published": true,
"threat_level_id": "3",
"timestamp": "1725351365",
"uuid": "5d71e617-63fc-4314-bbc3-29a606536f63",
"Orgc": {
"name": "CIRCL",
"uuid": "55f6ea5e-2c60-40e5-964f-47a8950d210f"
},
"Tag": [
{
"colour": "#004646",
"local": false,
"name": "type:OSINT",
"relationship_type": ""
},
{
"colour": "#0071c3",
"local": false,
"name": "osint:lifetime=\"perpetual\"",
"relationship_type": ""
},
{
"colour": "#ffffff",
"local": false,
"name": "tlp:white",
"relationship_type": ""
},
{
"colour": "#ffffff",
"local": false,
"name": "tlp:clear",
"relationship_type": ""
},
{
"colour": "#0088cc",
"local": false,
"name": "misp-galaxy:mitre-attack-pattern=\"Spear phishing messages with malicious attachments - T1367\"",
"relationship_type": ""
}
],
"Attribute": [
{
"category": "Payload delivery",
"comment": "Original RAR file",
"deleted": false,
"disable_correlation": false,
"timestamp": "1724749019",
"to_ids": true,
"type": "sha1",
"uuid": "317e63e6-b95d-4dd1-b4fd-de2f64f33fd8",
"value": "7edc546f741eff3e13590a62ce2856bb39d8f71d"
}
],
"Object": [
{
"comment": "Malicious account posting malicious links (compromise?)",
"deleted": false,
"description": "GitHub user",
"meta-category": "misc",
"name": "github-user",
"template_uuid": "4329b5e6-8e6a-4b55-8fd1-9033782017d4",
"template_version": "3",
"timestamp": "1724749149",
"uuid": "df23d3be-1179-4824-ac03-471f0bc6d92d",
"ObjectReference": [
{
"comment": "",
"object_uuid": "df23d3be-1179-4824-ac03-471f0bc6d92d",
"referenced_uuid": "b0aae79f-3a6a-4ba5-8b21-375bb3305efc",
"relationship_type": "mentions",
"timestamp": "1724749149",
"uuid": "d7e57f39-4dd5-4b87-b040-75561fa8289e"
}
],
"Attribute": [
{
"category": "Social network",
"comment": "",
"deleted": false,
"disable_correlation": false,
"object_relation": "username",
"timestamp": "1724748475",
"to_ids": false,
"type": "github-username",
"uuid": "8be7a04d-c10b-4ef6-854f-2072e67f6cd5",
"value": "MirsonMboa"
},
{
"category": "External analysis",
"comment": "",
"data": "/9j/2wCEAAgGBgcGBQgHBwcJCQgKDBQNDAsLDBkSEw8UHRofHh0aHBwgJC4nICIsIxwcKDcpLDAxNDQ0Hyc5PTgyPC4zNDIBCQkJDAsMGA0NGDIhHCEyMjIyMjIyMjIyMjIyMjIyMjIyMjIyMjIyMjIyMjIyMjIyMjIyMjIyMjIyMjIyMjIyMv/AABEIAcwBzAMBIgACEQEDEQH/xAGiAAABBQEBAQEBAQAAAAAAAAAAAQIDBAUGBwgJCgsQAAIBAwMCBAMFBQQEAAABfQECAwAEEQUSITFBBhNRYQcicRQygZGhCCNCscEVUtHwJDNicoIJChYXGBkaJSYnKCkqNDU2Nzg5OkNERUZHSElKU1RVVldYWVpjZGVmZ2hpanN0dXZ3eHl6g4SFhoeIiYqSk5SVlpeYmZqio6Slpqeoqaqys7S1tre4ubrCw8TFxsfIycrS09TV1tfY2drh4uPk5ebn6Onq8fLz9PX29/j5+gEAAwEBAQEBAQEBAQAAAAAAAAECAwQFBgcICQoLEQACAQIEBAMEBwUEBAABAncAAQIDEQQFITEGEkFRB2FxEyIygQgUQpGhscEJIzNS8BVictEKFiQ04SXxFxgZGiYnKCkqNTY3ODk6Q0RFRkdISUpTVFVWV1hZWmNkZWZnaGlqc3R1dnd4eXqCg4SFhoeIiYqSk5SVlpeYmZqio6Slpqeoqaqys7S1tre4ubrCw8TFxsfIycrS09TV1tfY2dri4+Tl5ufo6ery8/T19vf4+fr/2gAMAwEAAhEDEQA/AMzBqKQfun+lT45qNx8jfQ1wrc6jlLwf6HL9KwmAD8elbt9/x6S1huCJPwrshsc8txq1L61En1qYZI/CrZIq/cFOxSL90UvbNIpDG6Uxj0qQ9KjboKAHGmHnP0pxppH3/wDdpAxIx+7FOpqk7BxSmgBCaYT1+lOyR2pDznpQAg+6K91+Cv8AyKt5/wBfbf8AoK14UB8or3T4LDHha7P/AE9n/wBBWsMT8BpS+I9JPvUJ++frUzcLUD8Oa886CRetP6mol6VIORQA6qd5JgEA1cqjLGZG5ppAc9LZNeXOWyQKLrTlRMKO1dNDaKq5xzVO8RI1Jc1spMzkjz+eAxSH0poGK2LiJbi4zj5RVe8jjjUKvBrqi7mLRRxUsMfmOFxmoxyOK07ZFhj3H71U2TYsLB5EQdm28ZAFUZZC7Ek5pbm8MnyiqwyaSHfoWYMB8mrbXCKOOtZ654qUAY5osA55DI2TQKaKdQA4dacvWm04cUAO6GgGkPXNKKAAVk3xzdv+H8q1u9ZFxl7519WxTQmdh4fi22QYdSqjH0FO1JsMieu5j+dWNPUQwdMYJyPpVHUDIbiLJAQgfrXS/hsZJanA+I3D+IrjB+4gX8hS+F7cT63CGGQmZD+HT9apalMZtXvpeuZGAP44/pW/4MgP2yeUjhUCg+5Of6Vh9ouTtA6q4iaO1k+cYIwRUd4QIlHsKt3i5tiPcVn3bFvwrrUbHl812U+pA9TUtzpKS4mjzFKBwy9/rTE/1iCtOW5ht7cvI4VQOtMuLa2ObtrOe5upVkckBsP710FvapCoAXAHpWLp2oRLcyq7bRI+4MeldCrK4+Uj61Rc27jvlHQGlBXIySPrSY7d6XFSQJIAVODxWVd7lQ4OfatJiQpGPpVK+G23Zj6Uxow7JX8t3BxuYmpGDFsnFT2UYFqp9eaZIoDniiTNFuc3jjNNcDy2+lS01x8h+leQeochfD/RJawpPvD6Vv6gP9ElrBm++v8Au11w2MZbka+9SrUajJqUVbEAYbR1pTyOFNLk5o59akY0huy4+tIwJxnFOOTTT+tAwOM0h5Vh60HpRQAwIAME0mxT3px60hoEJtT3NSJbGVHaOMlUGSTViysHunBIxGOprauoY7ewlijXAVCKiU0nY0jTbV2csa91+C2D4VvD/wBPR/8AQVrws17p8Fxjwrc+903/AKCKzxP8MKfxHo7c8e1QP98+tWDnOKhk5O71rzzoBTxUi1CDUimmBL9aAqjtSGo5Zgi+9NCFeQjIHSsu5ge5bbz1qRr9AcZpkusxQp1UVpFEtkEtlDax/MOa5O/fdOxXpWxeak94Tt+561lXkiLHtH3zXRTTRlLUpxnHWpHlJTAJqEMAKevzYrZoyAU9OcU54tozTBxQMsA4FLuBGKhHNPWkMeDTs00dadSAcDTl5po608daBCmloPWjjFAAKy4AJNWjz0aYfzrUPCk+1Z+lgNqEZPbc36GqhuKR2dkxe2VyDypI/E1T1Bsagi/3f5VqwRiOzSP0AFYesOIhfXB6RwSN+Sk/0rpnG2plF3Z5iCZZJXPVmz+J5rv/AAnB5WmCQ/xsW/oP5V59atvtlYdGYfyr1HRIhHpNuo/uisI/EOu7QLlwCbdjWXdNha1bk4tnJ6AZrlpZZNQy5Yx23YDq3vXWjzkritdkT7YE8yQfkPrVhNNMiPdXkhkcAkKfur+FMs0TzlVFAVR0xWrfts06Zjx8h4pmifYy9MsVn00sUzuJPNAhuLAkwMWXPMbdD9PStDSI2jsIgScEZ/OrckQNDuVza6lO21GO4IjbKSjqp/p61fRg4ODzWRqNqvkPJ/EnIPcVdsJDJboW6lQelLcTXVFhgQBnpWbrLbLNyPStMnnNY+tNmAIMfMwFUEdxLYBbVBj+EVA0Ts7EDIzVtfliUbccVCmX3H/aPQVEtC4K7OXxTGHyt9Kkwaaw+U/SvMPUOS1Ef6HN9a5+YYKH2rotSUm0lxXPzj/Vn2rppmMtyFR/OpV4+tRR9ak5q2SScUlNRdyZJOadsHvUlIaW+lIW9xSlF9KTC+goAbvHrSbh60/gfwihTlsKoz9KAI92T0NWbWFXkDSo5Qf3R1rTsNN3r5lwMeiit6K7e3iCRxxKB/sCs5VOiNY03uzIjuwihYrWXA7BajvbtxbOJbaWNXBAZhxW4upXK9CB/wABqxqEn2rwlePOod1BKk9qyTVzVp2POiK91+DS48JzH/p6b+Qrwsivd/g2P+KRlOOty/8AIVWJ+AxpfEehZIcVE/cH1qVjg/Son6D3NeedA0U+PrTMU5KYiQnCmqUyPID2q6DkVHNMkSc4zVpCbMG6tmRSxJFZH9nySksxOO1bUkj3s+1R8oqS7h+z2/A+bFaxdiGjlr25FufJj6jrWeWLncTkmlnybhs9SabjFdUUYNi1MhwBioOp4qRFZiAozmqYiZpCwxSxwyPwqmr1ppkkh3EYFWri5t7JDHCA0vTJ7Vm5dirdWZbwmFfnIB9KaDTHd5ZCzdTTgKoVyVTTgKYtPFADh1p49aYKd2pAP7UCkB4paAEkbETn0U/yqlpH/H5z12EficD+tWbk4tpD/s03QEZ9QwOg2kn8c/0rSnuTPY7dcLGoGcD1rgvHN7Jb+G72SM4aZliJ9Ax5/Su8c7YPoD/KvNPiLKF8MKneS7X8gG/wroqboypnL6Sd2mwnr1r16xUR20KYwUQZ/KvIdBXdZWq/3mI/8exXskY/djI5Nc8fjYYh+4RX+TYTgdfLb+RrAaPy7K3UD+AZ/KukuE8yBwO6kfpXP3hCrGnoK6kcCelhNOXM7fSrerkrpU2R1AH61V00ZkerOtDNmiZyXdR+tU9zSO5csl2WsSgdFA/IVO2OOpNNhAWMdcDtUnAHbFMlmbqxC2MnqRipbFdtsg9hUGr82xXHVgP1q3bjbGoI4xSL+yOY461jat801umerVtkq3XNYl+wbU4V7AE0wjuTOQExntVSQbSNpHIzziprhgo69qjFk8o3HJxxwKxqOx0UYnN01uhp1IehrgO05i+fZbTnGeCK5qflI/pXS6iP9Hn/ABrmZf8AVpXRDYzkRR8ZqZcEgetQx8Z71Mv3hVskWMZH404jrTY/un6mnEVJSEIFNIFOPFLHG8r7UUk0BuMVC7BVXJNbVhpwiHmSqC3YHtVix05LdA0gy5/SrhUVjKd9DohTtqyPntQC1PwBnmjoayNRhLH8KuXLkeFbxT3Q1VPrU102fDl3/uGmtyXszhj1r3j4PceDX/6+n/pXg5r3j4QDHg1j63L1eJ+A56
"deleted": false,
"disable_correlation": false,
"object_relation": "profile-image",
"timestamp": "1724748475",
"to_ids": false,
"type": "attachment",
"uuid": "a97dd272-25b3-4109-b6f4-284d805efcfb",
"value": "114339026.jpeg"
}
]
},
{
"comment": "to fix your trouble try download this fix, i see it in another issue,\nhttps://app.mediafire.com/3ag3jpquii3of\npassword: changeme\nwhen you installing, you need to place a check in install to path and select \"gcc.\"",
"deleted": false,
"description": "url object describes an url along with its normalized field (like extracted using faup parsing library) and its metadata.",
"meta-category": "network",
"name": "url",
"template_uuid": "60efb77b-40b5-4c46-871b-ed1ed999fce5",
"template_version": "9",
"timestamp": "1724749100",
"uuid": "b0aae79f-3a6a-4ba5-8b21-375bb3305efc",
"ObjectReference": [
{
"comment": "",
"object_uuid": "b0aae79f-3a6a-4ba5-8b21-375bb3305efc",
"referenced_uuid": "3dc26a75-5d39-4222-afd4-a986fa130172",
"relationship_type": "downloaded",
"timestamp": "1724749100",
"uuid": "93f1d36a-be2c-45a1-bb43-b6f1de5295ca"
}
],
"Attribute": [
{
"category": "Network activity",
"comment": "",
"deleted": false,
"disable_correlation": false,
"object_relation": "url",
"timestamp": "1724748545",
"to_ids": true,
"type": "url",
"uuid": "45490ddb-6f94-4e01-9ec6-daf69d724568",
"value": "https://app.mediafire.com/3ag3jpquii3of"
},
{
"category": "Other",
"comment": "",
"deleted": false,
"disable_correlation": true,
"object_relation": "tld",
"timestamp": "1724748545",
"to_ids": false,
"type": "text",
"uuid": "5a11cb31-9473-4d4a-a17d-2a3434f73828",
"value": "com"
},
{
"category": "Other",
"comment": "",
"deleted": false,
"disable_correlation": true,
"object_relation": "subdomain",
"timestamp": "1724748545",
"to_ids": false,
"type": "text",
"uuid": "9cc499d5-702d-4046-8e83-85930c553d8b",
"value": "app"
},
{
"category": "Other",
"comment": "",
"deleted": false,
"disable_correlation": false,
"object_relation": "resource_path",
"timestamp": "1724748545",
"to_ids": false,
"type": "text",
"uuid": "1c5d8b10-c9c9-4c1e-a93f-9e8d4620a595",
"value": "/3ag3jpquii3of"
},
{
"category": "Network activity",
"comment": "",
"deleted": false,
"disable_correlation": false,
"object_relation": "host",
"timestamp": "1724748545",
"to_ids": true,
"type": "hostname",
"uuid": "0d3a23b8-45e3-4d9a-97aa-7bef8d8f758b",
"value": "app.mediafire.com"
},
{
"category": "Other",
"comment": "",
"deleted": false,
"disable_correlation": false,
"object_relation": "domain_without_tld",
"timestamp": "1724748545",
"to_ids": false,
"type": "text",
"uuid": "a27a9ad1-9528-441c-a33b-10ba52c6a06f",
"value": "mediafire"
},
{
"category": "Network activity",
"comment": "",
"deleted": false,
"disable_correlation": false,
"object_relation": "domain",
"timestamp": "1724748545",
"to_ids": true,
"type": "domain",
"uuid": "76b17e69-9b36-4dff-baeb-43a1bd78b1a8",
"value": "mediafire.com"
}
]
},
{
"comment": "7edc546f741eff3e13590a62ce2856bb39d8f71d: Enriched via the virustotal module",
"deleted": false,
"description": "VirusTotal report",
"meta-category": "misc",
"name": "virustotal-report",
"template_uuid": "d7dd0154-e04f-4c34-a2fb-79f3a3a52aa4",
"template_version": "5",
"timestamp": "1724749065",
"uuid": "8a154039-951c-4924-9980-7b8e7e8afe7a",
"Attribute": [
{
"category": "External analysis",
"comment": "",
"deleted": false,
"disable_correlation": true,
"object_relation": "permalink",
"timestamp": "1724749065",
"to_ids": false,
"type": "link",
"uuid": "f137ab85-4b2b-49f1-96e3-ca6d8e42b848",
"value": "https://www.virustotal.com/gui/file/973af24203f9944fb0c37899a0a9c951706e7f2181aac186774798c799f6832d"
},
{
"category": "External analysis",
"comment": "",
"deleted": false,
"disable_correlation": true,
"object_relation": "detection-ratio",
"timestamp": "1724749065",
"to_ids": false,
"type": "text",
"uuid": "59aac99c-49b6-4e4b-82ea-a23cb3852e4a",
"value": "0/63"
},
{
"category": "External analysis",
"comment": "",
"deleted": false,
"disable_correlation": true,
"object_relation": "comment",
"timestamp": "1724749065",
"to_ids": false,
"type": "text",
"uuid": "52c1a1ff-191f-49de-93af-106af2b31ce1",
"value": "zero detection as the RAR is encrypted with a password"
}
]
},
{
"comment": "7edc546f741eff3e13590a62ce2856bb39d8f71d: Enriched via the virustotal module",
"deleted": false,
"description": "File object describing a file with meta-information",
"meta-category": "file",
"name": "file",
"template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215",
"template_version": "24",
"timestamp": "1724749119",
"uuid": "3dc26a75-5d39-4222-afd4-a986fa130172",
"ObjectReference": [
{
"comment": "",
"object_uuid": "3dc26a75-5d39-4222-afd4-a986fa130172",
"referenced_uuid": "8a154039-951c-4924-9980-7b8e7e8afe7a",
"relationship_type": "references",
"timestamp": "1724749119",
"uuid": "e80a7c3f-bf47-4ace-89ed-04e2def1f272"
}
],
"Attribute": [
{
"category": "Payload delivery",
"comment": "",
"deleted": false,
"disable_correlation": false,
"object_relation": "md5",
"timestamp": "1724749032",
"to_ids": true,
"type": "md5",
"uuid": "07755ed0-e506-44ec-a3e4-48f473b35bf6",
"value": "6f998e5ccf82a79bf8bd9c24687f917f"
},
{
"category": "Payload delivery",
"comment": "",
"deleted": false,
"disable_correlation": false,
"object_relation": "sha1",
"timestamp": "1724749032",
"to_ids": true,
"type": "sha1",
"uuid": "61a3c8a2-d01a-4b70-a0b6-4b0146858f42",
"value": "7edc546f741eff3e13590a62ce2856bb39d8f71d"
},
{
"category": "Payload delivery",
"comment": "",
"deleted": false,
"disable_correlation": false,
"object_relation": "sha256",
"timestamp": "1724749032",
"to_ids": true,
"type": "sha256",
"uuid": "fe0d695e-0cef-4ad4-a7b0-74d340e578fe",
"value": "973af24203f9944fb0c37899a0a9c951706e7f2181aac186774798c799f6832d"
},
{
"category": "Payload delivery",
"comment": "",
"deleted": false,
"disable_correlation": false,
"object_relation": "tlsh",
"timestamp": "1724749032",
"to_ids": true,
"type": "tlsh",
"uuid": "2d8bbc61-8f21-4b27-aee3-3fd9ac24561e",
"value": "t1da3833f08ed45f37727851ba28913bc89a25b99f2c7dd7170e3d8892488e24d19f1a73"
},
{
"category": "Payload delivery",
"comment": "",
"deleted": false,
"disable_correlation": false,
"object_relation": "ssdeep",
"timestamp": "1724749032",
"to_ids": true,
"type": "ssdeep",
"uuid": "ee46fb4f-c7d6-4636-8822-6819698ef86f",
"value": "3145728:upS5FUYLngdnQHkUzLIj6iykdTPqw5sObgp:upeFBDgdkIO8NLGOQ"
}
]
},
{
"comment": "",
"deleted": false,
"description": "Object describing a section of a Portable Executable",
"meta-category": "file",
"name": "pe-section",
"template_uuid": "198a17d2-a135-4b25-9a32-5aa4e632014a",
"template_version": "3",
"timestamp": "1724749684",
"uuid": "95ee55e7-5e03-4357-ad25-abe4430fa994",
"Attribute": [
{
"category": "Other",
"comment": "",
"deleted": false,
"disable_correlation": true,
"object_relation": "name",
"timestamp": "1724749684",
"to_ids": false,
"type": "text",
"uuid": "591589da-583b-4f25-a41b-cc2dd5b7cce2",
"value": ".text"
},
{
"category": "Other",
"comment": "",
"deleted": false,
"disable_correlation": true,
"object_relation": "size-in-bytes",
"timestamp": "1724749684",
"to_ids": false,
"type": "size-in-bytes",
"uuid": "667676a6-b0a1-4b2b-bcc1-70a19192a3f6",
"value": "205312"
},
{
"category": "Other",
"comment": "",
"deleted": false,
"disable_correlation": true,
"object_relation": "entropy",
"timestamp": "1724749684",
"to_ids": false,
"type": "float",
"uuid": "d579e333-0211-441f-8b68-64bb16f3b8b9",
"value": "6.6109726378592"
},
{
"category": "Payload delivery",
"comment": "",
"deleted": false,
"disable_correlation": false,
"object_relation": "md5",
"timestamp": "1724749684",
"to_ids": true,
"type": "md5",
"uuid": "1f5bccd8-aefa-4d90-afad-3f18475c5cc3",
"value": "a41258a5357d2ffd722add9aaf1ee411"
},
{
"category": "Payload delivery",
"comment": "",
"deleted": false,
"disable_correlation": false,
"object_relation": "sha1",
"timestamp": "1724749684",
"to_ids": true,
"type": "sha1",
"uuid": "6bf28fdf-0e25-41dc-897e-fee2b128de89",
"value": "402f2c0211dcf44e71038f8b55c1b54ce90e2c47"
},
{
"category": "Payload delivery",
"comment": "",
"deleted": false,
"disable_correlation": false,
"object_relation": "sha256",
"timestamp": "1724749684",
"to_ids": true,
"type": "sha256",
"uuid": "11ebc97f-527d-41eb-adf9-139cc01638bc",
"value": "bd674dbf63d516a479d8225595fdd8ce45a0d5935bd9753fcefc5f39a9f325ac"
},
{
"category": "Payload delivery",
"comment": "",
"deleted": false,
"disable_correlation": false,
"object_relation": "sha512",
"timestamp": "1724749684",
"to_ids": true,
"type": "sha512",
"uuid": "b0da2812-764a-4e37-b7bc-23340f0273d4",
"value": "513904024aaac04d64f58d9162ca987f90ce1876c337047a0c80a328a6ed20e77d5a8e4d46423614fc05fe07e9ee5e45a721ee31a13f3b8f79bbeb098471723e"
},
{
"category": "Payload delivery",
"comment": "",
"deleted": false,
"disable_correlation": false,
"object_relation": "ssdeep",
"timestamp": "1724749684",
"to_ids": true,
"type": "ssdeep",
"uuid": "bd73306d-7db7-4c7e-8f16-063988db641a",
"value": "3072:luw4AsOzMKuNIlQ/mciPffLHa1d+Dylq5YQooYJoT1jUl:lN4AqKQmUmci3fO1d+/dPYaja"
}
]
},
{
"comment": "",
"deleted": false,
"description": "Object describing a section of a Portable Executable",
"meta-category": "file",
"name": "pe-section",
"template_uuid": "198a17d2-a135-4b25-9a32-5aa4e632014a",
"template_version": "3",
"timestamp": "1724749684",
"uuid": "250020a0-9d77-42ce-952d-d54dc39d059d",
"Attribute": [
{
"category": "Other",
"comment": "",
"deleted": false,
"disable_correlation": true,
"object_relation": "name",
"timestamp": "1724749684",
"to_ids": false,
"type": "text",
"uuid": "6ae9bab5-f788-4c13-ac52-45a23eda207c",
"value": ".rdata"
},
{
"category": "Other",
"comment": "",
"deleted": false,
"disable_correlation": true,
"object_relation": "size-in-bytes",
"timestamp": "1724749684",
"to_ids": false,
"type": "size-in-bytes",
"uuid": "970c6aab-94e4-45af-b189-0281b8970b56",
"value": "27648"
},
{
"category": "Other",
"comment": "",
"deleted": false,
"disable_correlation": true,
"object_relation": "entropy",
"timestamp": "1724749684",
"to_ids": false,
"type": "float",
"uuid": "3198f964-0ef6-42af-ba2c-09f609077c7e",
"value": "4.9748897647804"
},
{
"category": "Payload delivery",
"comment": "",
"deleted": false,
"disable_correlation": false,
"object_relation": "md5",
"timestamp": "1724749684",
"to_ids": true,
"type": "md5",
"uuid": "4ea88949-3772-4247-ab0a-cdf2956ad6dd",
"value": "fd65a2d1ee7096cd37865ddc2b9c7990"
},
{
"category": "Payload delivery",
"comment": "",
"deleted": false,
"disable_correlation": false,
"object_relation": "sha1",
"timestamp": "1724749684",
"to_ids": true,
"type": "sha1",
"uuid": "f922ff76-fbf1-401e-87a2-6dda28fe8ea0",
"value": "c9766716bd6ad2f4c55858e44f9c590430d33363"
},
{
"category": "Payload delivery",
"comment": "",
"deleted": false,
"disable_correlation": false,
"object_relation": "sha256",
"timestamp": "1724749684",
"to_ids": true,
"type": "sha256",
"uuid": "b6db251e-975a-438a-be88-186e6d9cfa8e",
"value": "40a8124d89bd4794840aa206d6b7cd669b8b2118b71d4f3438ae74dc2512f9bf"
},
{
"category": "Payload delivery",
"comment": "",
"deleted": false,
"disable_correlation": false,
"object_relation": "sha512",
"timestamp": "1724749684",
"to_ids": true,
"type": "sha512",
"uuid": "8315e2eb-22c3-4b07-9d4f-c9434789f7aa",
"value": "af9cda12f138f8ced041c77b3e6cb9b954485cb27fd5e1bb8f2e5fb29e570e712b204735d256ab867a350cce08cd93e324df67ea2ae6f51c1dc4e62dd6d52b6f"
},
{
"category": "Payload delivery",
"comment": "",
"deleted": false,
"disable_correlation": false,
"object_relation": "ssdeep",
"timestamp": "1724749684",
"to_ids": true,
"type": "ssdeep",
"uuid": "6fc504e8-a13e-4fbd-b12d-74eeb820ffb5",
"value": "768:iLJ+F9JMYWUQxR1r9sWHGzcd3D9vm+7PNgcFi+p2FG:OXYC1r9sWacdzvL5aG"
}
]
},
{
"comment": "",
"deleted": false,
"description": "Object describing a section of a Portable Executable",
"meta-category": "file",
"name": "pe-section",
"template_uuid": "198a17d2-a135-4b25-9a32-5aa4e632014a",
"template_version": "3",
"timestamp": "1724749684",
"uuid": "6047f4e3-ff29-4683-9ec8-09fa0b18ff8e",
"Attribute": [
{
"category": "Other",
"comment": "",
"deleted": false,
"disable_correlation": true,
"object_relation": "name",
"timestamp": "1724749684",
"to_ids": false,
"type": "text",
"uuid": "c5ee816d-4724-457e-a998-ba9307e1da1d",
"value": ".data"
},
{
"category": "Other",
"comment": "",
"deleted": false,
"disable_correlation": true,
"object_relation": "size-in-bytes",
"timestamp": "1724749684",
"to_ids": false,
"type": "size-in-bytes",
"uuid": "8159bb7c-60e5-4c71-a482-b040b79a5f93",
"value": "2560"
},
{
"category": "Other",
"comment": "",
"deleted": false,
"disable_correlation": true,
"object_relation": "entropy",
"timestamp": "1724749684",
"to_ids": false,
"type": "float",
"uuid": "a5cc04f1-a982-4d84-b66b-4b13c06663ff",
"value": "2.3709432940388"
},
{
"category": "Payload delivery",
"comment": "",
"deleted": false,
"disable_correlation": false,
"object_relation": "md5",
"timestamp": "1724749684",
"to_ids": true,
"type": "md5",
"uuid": "cbef5fbd-35c7-4a0f-876c-d7a53c9b29a6",
"value": "a67cc471d9382ac0d18bba84b002df76"
},
{
"category": "Payload delivery",
"comment": "",
"deleted": false,
"disable_correlation": false,
"object_relation": "sha1",
"timestamp": "1724749684",
"to_ids": true,
"type": "sha1",
"uuid": "66c72067-20b2-40fd-b05c-24890fca8933",
"value": "de3381c0c541ddd20412cb36d2812d67c87aef9a"
},
{
"category": "Payload delivery",
"comment": "",
"deleted": false,
"disable_correlation": false,
"object_relation": "sha256",
"timestamp": "1724749684",
"to_ids": true,
"type": "sha256",
"uuid": "71ff8ded-44cd-4b70-9370-45684f47c260",
"value": "84305cb7dae956248cbaf30cd944ed380fd1407c2c90143f5683b8f632a43295"
},
{
"category": "Payload delivery",
"comment": "",
"deleted": false,
"disable_correlation": false,
"object_relation": "sha512",
"timestamp": "1724749684",
"to_ids": true,
"type": "sha512",
"uuid": "8cde47b2-91eb-44a1-b90d-8b1121813c90",
"value": "ad0c95a3ee98e2c2a270945fa76fdaddab1fcc1bd1c52e206032bd3550f13fe8a2e10252ff039b8f98f1e2f18ed49a0ec0b8a9f0ed216d1d2a39c069c9a183bc"
},
{
"category": "Payload delivery",
"comment": "",
"deleted": false,
"disable_correlation": false,
"object_relation": "ssdeep",
"timestamp": "1724749684",
"to_ids": true,
"type": "ssdeep",
"uuid": "f7cf9219-444f-4cbb-944e-117877956b93",
"value": "24:ncd/v/v/v/v/pZE6uSkeKv6uSkeK8hBSqu1AKihu:clHHHHzETk4Tkvkpihu"
}
]
},
{
"comment": "",
"deleted": false,
"description": "Object describing a section of a Portable Executable",
"meta-category": "file",
"name": "pe-section",
"template_uuid": "198a17d2-a135-4b25-9a32-5aa4e632014a",
"template_version": "3",
"timestamp": "1724749684",
"uuid": "055ebc84-93ed-411c-8ea8-9164f9d63eba",
"Attribute": [
{
"category": "Other",
"comment": "",
"deleted": false,
"disable_correlation": true,
"object_relation": "name",
"timestamp": "1724749684",
"to_ids": false,
"type": "text",
"uuid": "dfa7a784-c338-4602-8cd8-b766d68e5898",
"value": ".reloc"
},
{
"category": "Other",
"comment": "",
"deleted": false,
"disable_correlation": true,
"object_relation": "size-in-bytes",
"timestamp": "1724749684",
"to_ids": false,
"type": "size-in-bytes",
"uuid": "b46bc7b1-f326-46ef-84f2-be5189ab06af",
"value": "7680"
},
{
"category": "Other",
"comment": "",
"deleted": false,
"disable_correlation": true,
"object_relation": "entropy",
"timestamp": "1724749684",
"to_ids": false,
"type": "float",
"uuid": "ffaf4207-a235-49ea-8ca3-7cf5627fb0dd",
"value": "6.6712439836418"
},
{
"category": "Payload delivery",
"comment": "",
"deleted": false,
"disable_correlation": false,
"object_relation": "md5",
"timestamp": "1724749684",
"to_ids": true,
"type": "md5",
"uuid": "a1a8bbb0-f001-4bfb-95f6-e5b507e265a0",
"value": "6bec76fa74cae31e4bfaaeb033b78a78"
},
{
"category": "Payload delivery",
"comment": "",
"deleted": false,
"disable_correlation": false,
"object_relation": "sha1",
"timestamp": "1724749684",
"to_ids": true,
"type": "sha1",
"uuid": "5fa6e6d2-8bb3-4100-8246-b3da4271a789",
"value": "afcc960b5bb522c9c5a4fdad794d3232b060f46b"
},
{
"category": "Payload delivery",
"comment": "",
"deleted": false,
"disable_correlation": false,
"object_relation": "sha256",
"timestamp": "1724749684",
"to_ids": true,
"type": "sha256",
"uuid": "01bc68dc-5c8f-415e-9636-bd06ad95b0df",
"value": "23ac2026e92ab90c47980bd8c15e5bca21aad13d175a008ac1c8e741df816ddf"
},
{
"category": "Payload delivery",
"comment": "",
"deleted": false,
"disable_correlation": false,
"object_relation": "sha512",
"timestamp": "1724749684",
"to_ids": true,
"type": "sha512",
"uuid": "1dfe7b87-78a8-446d-91a6-8f8b9d29eb38",
"value": "94159c5cba2f62d71aaf11eba9926efb390215591aad3fb0bf71fbbe74c071522ca57a0fe89a2bb292e2a163d5d5d312981e4e4fa382efce2dec05293b5a5373"
},
{
"category": "Payload delivery",
"comment": "",
"deleted": false,
"disable_correlation": false,
"object_relation": "ssdeep",
"timestamp": "1724749684",
"to_ids": true,
"type": "ssdeep",
"uuid": "dd728689-3646-4f6e-a853-b54b1a1de9cd",
"value": "192:Q7MOry+JIn4ad94s+KmWLfCVWMTHZnblPb:I5y5z94s+Km2C5DZlb"
}
]
},
{
"comment": "",
"deleted": false,
"description": "Object describing a Portable Executable",
"meta-category": "file",
"name": "pe",
"template_uuid": "cf7adecc-d4f0-4e88-9d90-f978ee151a07",
"template_version": "10",
"timestamp": "1724749734",
"uuid": "8d7ac196-23ad-48a3-a4e6-b651c410bb17",
"ObjectReference": [
{
"comment": "Section 0 of PE",
"object_uuid": "8d7ac196-23ad-48a3-a4e6-b651c410bb17",
"referenced_uuid": "95ee55e7-5e03-4357-ad25-abe4430fa994",
"relationship_type": "includes",
"timestamp": "1724749684",
"uuid": "a7d1befb-d4d2-4df8-8432-a6aec8fdcf20"
},
{
"comment": "Section 1 of PE",
"object_uuid": "8d7ac196-23ad-48a3-a4e6-b651c410bb17",
"referenced_uuid": "250020a0-9d77-42ce-952d-d54dc39d059d",
"relationship_type": "includes",
"timestamp": "1724749684",
"uuid": "6b486bfa-fcaf-4830-9e80-28cfbf7254b8"
},
{
"comment": "Section 2 of PE",
"object_uuid": "8d7ac196-23ad-48a3-a4e6-b651c410bb17",
"referenced_uuid": "6047f4e3-ff29-4683-9ec8-09fa0b18ff8e",
"relationship_type": "includes",
"timestamp": "1724749684",
"uuid": "b307b6c9-3c46-44db-879a-a7a725e72416"
},
{
"comment": "Section 3 of PE",
"object_uuid": "8d7ac196-23ad-48a3-a4e6-b651c410bb17",
"referenced_uuid": "055ebc84-93ed-411c-8ea8-9164f9d63eba",
"relationship_type": "includes",
"timestamp": "1724749684",
"uuid": "0f85f706-4b6c-474b-a94f-8898c38916b1"
},
{
"comment": "",
"object_uuid": "8d7ac196-23ad-48a3-a4e6-b651c410bb17",
"referenced_uuid": "3dc26a75-5d39-4222-afd4-a986fa130172",
"relationship_type": "contained-within",
"timestamp": "1724749734",
"uuid": "6dc05b6b-66dd-465a-8436-132aaec2b13e"
}
],
"Attribute": [
{
"category": "Other",
"comment": "",
"deleted": false,
"disable_correlation": true,
"object_relation": "type",
"timestamp": "1724749684",
"to_ids": false,
"type": "text",
"uuid": "0d53b076-cf34-42ec-9388-b95dc5064a15",
"value": "exe"
},
{
"category": "Other",
"comment": "",
"deleted": false,
"disable_correlation": true,
"object_relation": "entrypoint-address",
"timestamp": "1724749684",
"to_ids": false,
"type": "text",
"uuid": "e1eebe37-0825-4f25-99e0-2b6aafa71062",
"value": "4344345"
},
{
"category": "Other",
"comment": "",
"deleted": false,
"disable_correlation": false,
"object_relation": "compilation-timestamp",
"timestamp": "1724749684",
"to_ids": false,
"type": "datetime",
"uuid": "4c4cb254-3851-424f-80ae-99b3316e0355",
"value": "2024-08-27T04:27:13+00:00"
},
{
"category": "Payload delivery",
"comment": "",
"deleted": false,
"disable_correlation": false,
"object_relation": "imphash",
"timestamp": "1724749684",
"to_ids": true,
"type": "imphash",
"uuid": "35dde842-aa8a-4ca7-96e8-206f46bb24e5",
"value": "2ca53fefee819fb338d7a7a06e21cce5"
},
{
"category": "Payload delivery",
"comment": "",
"deleted": false,
"disable_correlation": false,
"object_relation": "authentihash",
"timestamp": "1724749684",
"to_ids": true,
"type": "authentihash",
"uuid": "fde2e37e-c0a8-4d3b-be7b-e611dcfcf954",
"value": "a733adc42a128b0c2f6b770066a3bf952907da545e55dcdeb94635fbd5753548"
},
{
"category": "Other",
"comment": "",
"deleted": false,
"disable_correlation": true,
"object_relation": "number-sections",
"timestamp": "1724749684",
"to_ids": false,
"type": "counter",
"uuid": "7f053b09-1e2f-48b3-a2d7-b4097ff9075b",
"value": "4"
}
]
},
{
"comment": "",
"deleted": false,
"description": "File object describing a file with meta-information",
"meta-category": "file",
"name": "file",
"template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215",
"template_version": "24",
"timestamp": "1724749684",
"uuid": "09db0c2d-4b96-47dd-a090-e2f11d65f2cb",
"ObjectReference": [
{
"comment": "PE indicators",
"object_uuid": "09db0c2d-4b96-47dd-a090-e2f11d65f2cb",
"referenced_uuid": "8d7ac196-23ad-48a3-a4e6-b651c410bb17",
"relationship_type": "includes",
"timestamp": "1724749684",
"uuid": "9391e483-d58c-4585-8b2a-43eb38803a90"
}
],
"Attribute": [
{
"category": "Payload delivery",
"comment": "",
"deleted": false,
"disable_correlation": true,
"object_relation": "filename",
"timestamp": "1724749684",
"to_ids": true,
"type": "filename",
"uuid": "9755eded-cb45-4ef9-8b90-22c82f3db1ee",
"value": "Win64.exe"
},
{
"category": "Other",
"comment": "",
"deleted": false,
"disable_correlation": true,
"object_relation": "size-in-bytes",
"timestamp": "1724749684",
"to_ids": false,
"type": "size-in-bytes",
"uuid": "9cdb8c50-0aa8-42a8-95a5-1eb108c7b0c6",
"value": "244224"
},
{
"category": "Other",
"comment": "",
"deleted": false,
"disable_correlation": true,
"object_relation": "entropy",
"timestamp": "1724749684",
"to_ids": false,
"type": "float",
"uuid": "4d634cb5-b5b1-4fcd-8142-67e621100f1e",
"value": "6.5708563734307"
},
{
"category": "Payload delivery",
"comment": "",
"deleted": false,
"disable_correlation": false,
"object_relation": "md5",
"timestamp": "1724749684",
"to_ids": true,
"type": "md5",
"uuid": "e23a475e-5720-465a-a6bd-ca582a79a74c",
"value": "01b8c89eb83646a038d9cb368e686bdb"
},
{
"category": "Payload delivery",
"comment": "",
"deleted": false,
"disable_correlation": false,
"object_relation": "sha1",
"timestamp": "1724749684",
"to_ids": true,
"type": "sha1",
"uuid": "9bf772d5-827c-44b2-b9bd-4aaa79b41cbf",
"value": "5f217b7ec06fb5b96bb9f5c9def89f368b98cc58"
},
{
"category": "Payload delivery",
"comment": "",
"deleted": false,
"disable_correlation": false,
"object_relation": "sha256",
"timestamp": "1724749684",
"to_ids": true,
"type": "sha256",
"uuid": "008226e6-dea1-47c2-8f25-bf1040aa734c",
"value": "40c823f1d6c00f1ea2482833d7c45773b6830cc812f5352aff102df63330aea7"
},
{
"category": "Payload delivery",
"comment": "",
"deleted": false,
"disable_correlation": false,
"object_relation": "sha512",
"timestamp": "1724749684",
"to_ids": true,
"type": "sha512",
"uuid": "41daf8f7-1470-41c6-a5c5-288e10ec7ea4",
"value": "6e5d7272088391c423feafe947310c049125aea22a1857b9f732d3d323cd11ab1c838fa1e056629f0882a91ec05cd33ac6f3cf0ec4bdb0c039f5a8416c7975d4"
},
{
"category": "Payload delivery",
"comment": "",
"data": "UEsDBBQACQAIAAJJG1nsDEFewKABAAC6AwAgABwAMDFiOGM4OWViODM2NDZhMDM4ZDljYjM2OGU2ODZiZGJVVAkAA3SXzWZ0l81mdXgLAAEEIQAAAAQhAAAA8U6G4AJChzs3K5G+luBJ2lax+GKt43s4zkSBJIONLvUGu4fEmpDM8KjDCAVpXIcj3LYvjJeH+Dyd3F64hVvu8pC829PyVnhfXrKZVO10oTlpmzhOL3VLTGeko35SHIwvqvAnfXPVFS0Ejj6sGyeROGshxa9VYUld+40OcAas0TBv9AVXS2yC7Jh0byRY52WMc2qUd7JfD2OimVPGN+HKuhS2aoAKv1dwgFw8ABzYz9L2sXzRDewUOuZ2pQh+UkgMdDQxADdLqN18w0JjavkIjN+O2hlPHVD23BVp5VpgiN6qDmCSvTzadQYnOLmBBxH35O/E85s1jJNirElEgSKqBBt9XfabILzOTdmCb6Jq0UcGnC0nu7TNA+1SCiDk3rOV4p3/jLPiq4e/EJP2MZRJY8v/FSxXICPO+hLuWQOdbDxAxbYOLdRpJP4wT8MP3s/jufPWNtjSdICvwsGq+Xmz0hqSC0GdctOQ6iTCIpGW+ZmY3cIZqeeuHe8BPW6w/AXrx+UvQ3kJibbTEJ17vkKWzCjXMYlVf3vV1YrPaCBC+fR2elPBDCV5t+3VMfmAbUBy196roNtfukdq/Qhjtb1N4Mq+29lHNrD0WDtPhY1dH1x8kAUnKJ5fJ2nGiL1CcEgq9UTewZsqM74oiWiVQ/v9ARBA/1YFATHRzzrbzd95tiRj7Wb0dB7IYAElL3CfnvQnKn0rFWkoo9bkYo3IwJaj9ZN5hYKwILpoB/6LM7wcQFY14jHUCEM+YyuCJs/MXDjov2FB3NfR753h1wpkmeyDKTWcY2aHRp33gzs9d1djikPrKC1mnrSWyzAJSs+qyGASpVqRSnkL19hdVp1S3yWvk1/syoFa8whAp62LEZmV+PhaPIFOxsLNTr6mdV7m0sHSfCgpDrU6I0PGWAMSoQWjYYBum+FExbSPT9ENcQWmV9/K9sS7LWh6AYYnl2gMOkp4zfXSGD4LiMDxcLf1zzonmBRiBOG13PIfq7cbxG3001zhH70QnJfz189I+WWecdAZ40uyDalNoDZHH0rPVxuwI/AsWWhCs7tEOolBAs106EON0/lrX8ANmU+Vp1J9kx73XKrbnFGXzmpHYdtoUBkgreneqR2X3MeNjrv5zu5OVbTN7vYMU9+/sFmpp4NWKigIHlJp9bw7D7H4hZAIbMwEt+vGJFvffb5n24nzl+nkAsaHk3LzArBxZtxHb0qmt9pj+6f5/FdHcbTVTbL8oMxj5HnerUWQsJIcf11rDgbGcVht4a92BI4aw44Tt98G6D7XnG87Yv4jGrwgdLJKPtHWmJ2J1/1A/RaqJPCTJm8jVrgNALLIk9L3J7d7pzTWy9MNLG0JrWSMSown0rmOsfXleDchUG42wZDORCW2UsQiI2QgXNa+3Gi5tYo0h6AhzleS28V99/TlaBfXJQcECYscyQh51O8Av2yoKIKaQ1L3C2U7UKPhfJdgUY/qx8gi7qa592eDymVptdVj7rF2aFnr2CD6R7uPWqVCvX0LSgXyqQtPzfi+gJaLab5tigdRFpUApjMZFk/umDmzp4NT+PrxWmwRd36GS52sVLCL8p3xABHiJ4wAv/Zqv+50hY1y9HpxE143DjdoVFm9xh7Io3INZ/41nyD6mnsx4XsRByNdtj55o0QYbGaQuHgW1yVVM01dKvwNZ97G2EyP5hplTCMMzfRQvMh3aakTK7POFbe3FNRoxXlr11WR96HZM+/khlD/ZXKAtW2LWhT3IWZcps9YdDH0X6EUibc2rls6cY7y89QC2WMFJUy7v5aqNsF3hDSokBXVqYJAU81hxdpi7CooU6LNXZvAAVxGnpLANrCwaU08Twlx6s/zLuIDVbslAdSUAXibziJzCF6QmsvKzuNnD+exSeu2u9+9KrQ9Tjui+TcSh98o9PpG+YS5KEs1PhC8uy0s8hWkh39Mb3ioyagsmTZkMvPzynVxaqGxGSNnMJscmIzYF/hjT3ri+HoTw54obOMSZM6j7K5b0MgqDXrmm0FOV1pMEqsOXJFHDTL2Rh3QwCqaplLUynhx9Ygp6Nt8GpgjcngPlPrkUUaZBr77mFN4Frnmp0XL4yO6VVOhWAGr+Ef4AxibYMF4ZPfv6VRMtu1ZaMMWrs4T+sKC4rMk6c5J8DS+xvlmaEfrvGOsKMJ1W54BvZ4QTnzlYlvPRMYtyn5h570APcJ1Um7CZrQ2sGGfesvoqFpScxceBRJpbbBoZwJnu3+bbe3za0emcOI+iH0M19eoz5UI1i4F9bsM0xFErSI40Q43sCUSeRZMG4YB4xN3jTg8kzO4pEYcpQcHgUDZWzwceKTLjogVqkgzLm88Y5Vlf8lVML9lrLmX29I8K+D0Xf4Dy+b7KKaW6WIEy9aIUhVHw22LkVC/vZGsqDV70ZkC0xJ3oze3i+gwNOfcnNs0tM+2bLEZWKyuT1bOHLRLo+q1eCbDGpL//oUOLym8A0WuH7JK+KConFKsvKAiHwJduoqfQyF6C/rP6qtDM4mhU5G9oqK+eHoAznXxGfzWQYT5wNc+hni3xIm9lby29jA2ZJz0mXhQhZ4/4e1ELzdwl8vG4jkPTS//PhwHEQjUIOLfmx/+9HgSjRJSkUJU4b6f5JQo/tH8QBQleRiFWYnwEh9LH9fd7TumfO7FHLHGNTwFCiaytdnMg4hLcPCb4BmThCYGP4C8jCFi5tAgAmvIvf+Bs4eJyGlqiMjzPrNTWf7LuXw/GeZQTxGprXj2taNbzaPh9AQyL3JUwAFvRKIyCYjQLWTqh/0z+7TTyKDr/uX7Ac+bByx7e7MqcpZzB3xWjSFTdNhYW9q4Bb4P17v3bPs4F7zKCOmrohDp4Ch5bUvcgOE/betQCB32M2NNVhXgKuhOX5sr29/e7feLysl0TaVDJfSahRLkfxIwr5lzv1z8uda71cZh/sm4yn7qIAM4eP2qGwpK0TzygpVuD8HVuCSYOF8HvW//Ga8b4PMX6hUdZE94KBVIK0ARBH1d33PWN/TnqZBJttODlj5nJdFHVt2dWru6J6H9uEn713f3tx4iyucMUxBAmX6ttM39npf4QdZWDK9u+fxVezFW/Qf5fRhsY7i8mRcl7gld+KiZdV78Qkermw0HWQJaOK02riLBJW6s42jDwYG0kAHlnAN8ImeXP853md2BgT5MWm5u7wBtetUF/1gCaIqGjKTktQ1ZYGKiQCeI73ApuIhES6KgIEDa95wPm25xUYUWKulg5ku7Cc2qj9u8yP3UO+cCMnFs7OsukJb0n1iruzwzABbHEVW3aXikWWP90ETtlJi8o6yvFRyj6eriu+JebjH1repWbDI7ttuO+5xwgg1ijgbzF6T3D581eiDfECOYOwZaR0+oqIiO7u61KinGkQnawLhIf8ENM+sBUdPSWoC5ZQk9m3GyqFZ3nJNi1tcJ09F+ZZruCLn0euF73CMFDOk6uYKJ2dMrO+LakjgSe+UuwOXCxCCmVulfJuSCYiXHlCfqlV/KfU4NLkFNEr9P9tb6f6t0fNh/9sHS+HCKUw53G6kQwQt5JS8V8XWFW1b9kXthQKFskZ0H5JMKdr8snRa+lWplPQKzt3gl8S+kZKLdizgYncQeOrH3jSyQeB5lr0RbNgja0AsMtWKnT9Dy924MQwttG0YyNN7R7QjTehZ5u/sWIdeCHTHpTL6j7MYA3NcWDwzIL+WPuuVyyHKXx0xH73WEjYMPwgubYiwgCuSR+GzrX69CjiM/HZD8qfkJZQ93Jj+DqbpavOp/4pE75KjPqIj0Q+0ArMkjUJMDBhazWUCocZBRF7KZUO2OmSVdqGK0axD1o8qKDsOqb9TNPfbet0oqLuSu4o3ULwzQpyAVdCVfp0lBomLRD5+QSE/r/aIvDsHPPTp18+hOa+M9gG7KRudNPc9TuMW3CDwq9o761XAWMzZnQ0EN/Tvc3rn0XolAF4TzGUs8zZGOo0sj+erR9vzOis
"deleted": false,
"disable_correlation": true,
"object_relation": "malware-sample",
"timestamp": "1724749684",
"to_ids": true,
"type": "malware-sample",
"uuid": "91d2a57b-5141-4a6d-96ae-5e0369a9e8e3",
"value": "Win64.exe|01b8c89eb83646a038d9cb368e686bdb"
},
{
"category": "Artifacts dropped",
"comment": "",
"deleted": false,
"disable_correlation": true,
"object_relation": "mimetype",
"timestamp": "1724749684",
"to_ids": false,
"type": "mime-type",
"uuid": "3d577f54-1e93-4c14-8d39-c5fc2c2dea2e",
"value": "application/x-dosexec"
},
{
"category": "Payload delivery",
"comment": "",
"deleted": false,
"disable_correlation": false,
"object_relation": "ssdeep",
"timestamp": "1724749684",
"to_ids": true,
"type": "ssdeep",
"uuid": "38506590-70ac-4fe2-88d5-742af2d4504c",
"value": "3072:3uw4AsOzMKuNIlQ/mciPffLHa1d+Dylq5YQooYJoT1jUWXYCJzVaXlZX:3N4AqKQmUmci3fO1d+/dPYajw7"
}
]
},
{
"comment": "Download\r\nhttps://www.mediafire.com/file/o50xaz6wgtazqnx/fix.zip/file\r\npassword: changeme\r\nIn the installer menu, select \"gcc.\"",
"deleted": false,
"description": "url object describes an url along with its normalized field (like extracted using faup parsing library) and its metadata.",
"meta-category": "network",
"name": "url",
"template_uuid": "60efb77b-40b5-4c46-871b-ed1ed999fce5",
"template_version": "9",
"timestamp": "1724752024",
"uuid": "eec6f067-731c-4d51-9df6-a24c6518facc",
"ObjectReference": [
{
"comment": "",
"object_uuid": "eec6f067-731c-4d51-9df6-a24c6518facc",
"referenced_uuid": "f0c02983-76c2-49d0-ab74-57b87b236e5e",
"relationship_type": "contains",
"timestamp": "1724752024",
"uuid": "27c07792-e687-4d69-88f0-808e89a71f65"
}
],
"Attribute": [
{
"category": "Network activity",
"comment": "",
"deleted": false,
"disable_correlation": false,
"object_relation": "url",
"timestamp": "1724751075",
"to_ids": true,
"type": "url",
"uuid": "05fd5043-5623-449c-9134-19980b73f2a4",
"value": "https://www.mediafire.com/file/o50xaz6wgtazqnx/fix.zip/file"
},
{
"category": "Network activity",
"comment": "",
"deleted": false,
"disable_correlation": false,
"object_relation": "domain",
"timestamp": "1724751075",
"to_ids": true,
"type": "domain",
"uuid": "66731aa9-862c-4f44-bec6-7fb3a06fe04f",
"value": "mediafire.com"
},
{
"category": "Other",
"comment": "",
"deleted": false,
"disable_correlation": false,
"object_relation": "domain_without_tld",
"timestamp": "1724751075",
"to_ids": false,
"type": "text",
"uuid": "966a347f-7a05-472b-bbe4-50c7a959d1be",
"value": "mediafire"
},
{
"category": "Other",
"comment": "",
"deleted": false,
"disable_correlation": false,
"object_relation": "resource_path",
"timestamp": "1724751075",
"to_ids": false,
"type": "text",
"uuid": "192dcc98-71f4-4247-9bbb-cef47f8ac80d",
"value": "file/o50xaz6wgtazqnx/fix.zip/file"
},
{
"category": "Other",
"comment": "",
"deleted": false,
"disable_correlation": true,
"object_relation": "scheme",
"timestamp": "1724751075",
"to_ids": false,
"type": "text",
"uuid": "de178982-845b-4a2a-9f0b-a9acdd66d127",
"value": "https"
},
{
"category": "Other",
"comment": "",
"deleted": false,
"disable_correlation": true,
"object_relation": "tld",
"timestamp": "1724751075",
"to_ids": false,
"type": "text",
"uuid": "d25e929a-3ead-4aff-904e-c62b5d87ee70",
"value": "com"
}
]
},
{
"comment": "",
"deleted": false,
"description": "GitHub user",
"meta-category": "misc",
"name": "github-user",
"template_uuid": "4329b5e6-8e6a-4b55-8fd1-9033782017d4",
"template_version": "3",
"timestamp": "1724751966",
"uuid": "f5fa41ed-e37e-4739-be1d-f5fd79cb2289",
"ObjectReference": [
{
"comment": "",
"object_uuid": "f5fa41ed-e37e-4739-be1d-f5fd79cb2289",
"referenced_uuid": "eec6f067-731c-4d51-9df6-a24c6518facc",
"relationship_type": "mentions",
"timestamp": "1724751966",
"uuid": "35fd3b20-03db-4cd1-b8c5-8a78835ddaed"
}
],
"Attribute": [
{
"category": "Social network",
"comment": "",
"deleted": false,
"disable_correlation": false,
"object_relation": "username",
"timestamp": "1724751844",
"to_ids": false,
"type": "github-username",
"uuid": "ff95b9eb-9bef-48eb-a3a4-70999ba85430",
"value": "Wanderx13"
}
]
},
{
"comment": "",
"deleted": false,
"description": "GitHub user",
"meta-category": "misc",
"name": "github-user",
"template_uuid": "4329b5e6-8e6a-4b55-8fd1-9033782017d4",
"template_version": "3",
"timestamp": "1724751993",
"uuid": "6f65c1b1-b47f-4053-8b74-80a181257743",
"ObjectReference": [
{
"comment": "",
"object_uuid": "6f65c1b1-b47f-4053-8b74-80a181257743",
"referenced_uuid": "eec6f067-731c-4d51-9df6-a24c6518facc",
"relationship_type": "Acquaintance",
"timestamp": "1724751993",
"uuid": "781888a3-0568-4e11-b730-353dce61b69f"
}
],
"Attribute": [
{
"category": "Social network",
"comment": "",
"deleted": false,
"disable_correlation": false,
"object_relation": "username",
"timestamp": "1724751858",
"to_ids": false,
"type": "github-username",
"uuid": "234b7ea4-6c46-45b8-a03a-685514377df7",
"value": "llowvxe"
}
]
},
{
"comment": "",
"deleted": false,
"description": "File object describing a file with meta-information",
"meta-category": "file",
"name": "file",
"template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215",
"template_version": "24",
"timestamp": "1724753078",
"uuid": "f0c02983-76c2-49d0-ab74-57b87b236e5e",
"ObjectReference": [
{
"comment": "",
"object_uuid": "f0c02983-76c2-49d0-ab74-57b87b236e5e",
"referenced_uuid": "93750a61-e8af-4ce7-8379-01c412c92e26",
"relationship_type": "contains",
"timestamp": "1724753058",
"uuid": "a7864bd2-6d6d-4a5d-ac61-e1be57b37368"
},
{
"comment": "",
"object_uuid": "f0c02983-76c2-49d0-ab74-57b87b236e5e",
"referenced_uuid": "7022c31a-7485-4207-9441-633d6eeffd69",
"relationship_type": "contains",
"timestamp": "1724753078",
"uuid": "52b21a62-42e2-4383-9732-d6559b204706"
}
],
"Attribute": [
{
"category": "Payload delivery",
"comment": "",
"data": "UEsDBBQACQAIAKJNG1mubwWcQYEEACiBBAAgABwANzBmZTQxZjRlMGJhMDkyZTg0MWZhZDFhYWZhNDY0MDBVVAkAAx+gzWYfoM1mdXgLAAEEIQAAAAQhAAAAIKjkQ8P/674pc27zUjIaM4sjyZRwrmamIRSgyF7yCLs8LTvwfSwmvOPC55mkQ0iCJiqMTCp3MPLLxfDyYLWozJats8H3EKHMvuo1/84bq/HTtf+19uyFiP5VLiOYgcBG4jWg+ioRQz7MF1Ymsua4dKgR4V6815UF2X3OVRLArf/MC7SfpIs3wTonBtzuKFQK8gLCSzCyNB7v5dwNY9nRISP7HIaaSdc4o4GqdBW0qcU5YHO5uX12WDI44J3oivod4mUU0FRqjLSPU49p1zIFGTOyKH0O5MuOfDqVQ/RCIoK1AjW6CDjijWjICXRJP+4iluGERLZ7mJsou7UeDX4jobAM2MxDoDb4+8ngVdNTXu0ZG4rh3mZD97VcD9cUwCuuAaUptazPHn9KoFe68Qw04EtxWzkZ/uZ6kEJuDtaqtng2jSokQcOKENY65aKNeJXrg43tKfyvo+HLVVwqedZc0W1cHu0M8g6qsVklWxLB1qhYjEwX/qHAkyI7mAQelnsFWLbZuzYeXBjE2HCR5F2wrufA1yUo3zuGTfkEj693l+sdkmeaLVAjUOfj9ES/C1KVHCjezXDXWZqYKTW9pdc2yE9+HdNQ3rDawdCVhlLF3279bsXtOJychzdj1wtC2PqjDXZJjeyip5QpGCqCRjyEOTA7lfF5J/mTRtnzpw50eK/kS0YO9f1dyI8A7Mb5kDTPHK4ji63tXBnepVHQ/L6+KQ95twwBW0ORQWIp5YxjXIOQbWraNm0xwetPZJs2krI9h597zp3mikigcpXjfH68ejdbAaxL/IZev0jKZg/NyZ3EtQU9tKUaiX/P0PwQqmZhomkaPzM3AmCC8Rt69aIdSZA84vkq1UmORTHo4EZWLjY+1ZORAx9cp14jh8XAPtaiuPc8pkN9HZsbXXsjq1Q66Nn7iMs44nuGVLocwPID6+HSdgXXbQJEBPjNHo89iIS/S/L0nFLJEh9VBlIDoS6ARQF/NKAYRyyHJH1/ZKsdTjdSVkjWxmxeYl/fKudojOEv+18g5INMPn/OkzmvV70EMhMQRKd9tqGV+E6ik1kdjls+RCeD2HWB1563G/VVJpnmos7QpfKH7Ox+OxrgpsZg0WMICZEAHy1Zu8QIfiWS/AUR/wZ+iphgA5XzHO84yPYgxAT8Tj5iIZj4fzROYhjVtOhwtpSCv2bKjp3hfbYCesSjDUJs23W8ylHdUBu4NLhZJgyLqkBpkZvrMUfjJ6mNKR1cb1JT1lqZm3DJwCy6me7yXGBiKSE+5juaSxZsuXEk8Wc0h+HvkMctOQjbu1yPjTRMplW4jNDXjCR0GKFKINLwFV88Ie9yPC7u/n6GuLI4LTcDWlct8ox3XtpNMdLW5r3zWtCbxa7AmWf2D2G0wAqFrDjCDa3fOp7CWuYKJAUbbh2i7OItBePc12U5cGgyhhvOrrVukx15Qqe/eXUUUDe4vVgNVY6gd/IvU29sAZDr8HYWdlzfzmrQV5rEb5sI3IlIvF6wVyi4Asfinf3s4jH6/jp4Z0zO/WktRSC9NAObrZu+ApK/qJWPBjjLSOY0iBWKr563lcwl7FoNE42EScx9rrQRJS0cEtlVugzp/I3aCaMnbUv2HXFu0P7Xnarmo6VCBiKiqBLNeafLlDRKdtBF0KAsG6BF9zwetXD1iUEmrfMBmEEHusF/lzT4YdaEVDpHImuwSIf5vf0UH3h93vMT8wE6x1Rb3SN15HgCqNMuuQa/xYxdzSmScBUK3QcEJnFRTd809KaKrUC5M/lE5dEEgh+Nh0AxOUD6tIZa9Xgwm8l4rWMWlko2xr/hGINXYXjyVkBvc6fplj/Nyu673OMQRlWqp2d7HTWCiNaZ5M+/G3hrCgQd/OVn3OMBFVTRbOnSxW6+/OjEJLnnf6eqp2Twx67op88tlo++6AypKiXWKsYVZZxaboXYLukBCnb1zONxwVoWWK85zKUsX76VAAwkcyZXXBpxkEQXwAskGZBz7mEiUcxDyoD6XfHp/rbaXRUr2pBucwG3tFpjlDHr/S8NG2PmmodjSCvPXdP4ThukJE1Gkb2p4odHElMSOsvn3Fdgt/Rqqaxo9DQkHcf9FJnPyKLSvisQUNKeBjMDDW2o2kTSuh8rKUUhy7kaA6tMcyYbL6Ibngu5ljwrG0PBGzObI3RCJ6sZ9yHIGi/CNbS76T7RGXYZ45k+TJguuU5toFlBrP9kVHcEL2zo8Qs8MRqZ7OAe6jNwsrKVqBmBE8yxx9WPqnLyzo6XoulfdUvXay27bBPlwZtuTGJEScP9NuZrxYe6EA6TxWrfO8Ij021xlYUeBdNl0gLysSopR27DdZEOq7dxnBX4nSKG/IUDaBqeJwTllSFhtU2rJqJ4r2uiG+FLml4vo/FdPPr9VvOTB9HSMtKauTUqspKd7S1jCrtTYQG2MvUAQ2gDlxVXiuGHxazK4sCDxlWrwHXON59Kn9oeBKkrAnTWpV944ptLdCVJqOxbUT8mZcSEG1GfMKXa12BSjo+II8yJm7ISR+hRuQjqM9d+7TTS934lJ45KUCdpCFTNw2dOrBhTogr+JhW4ZuvE/WzEvL70CyFOyhi7XakCs8OcX5SpTVvpF8YIyoEu9AB9ZO04Nd8ovIh2CeAdrwwGsIOBcEpYqngvvCfIYgUJu6BNKt90ACrV6//G6soYYBUPtD1ERtz/8q2aJGY/w9W1GvP3F5kjjpCIORbKWMl85PPNC07LMrKm7SSeiJCXpBvZBUFfWSmhnk67pbhFt5AwjtSAkMH6QMEBvm3MKfoqk/56q2QVBwlkq8zQ6I92IwZyjdr23lzKxKjqdFNU609ASmtZgMugKlonhhJrhx8sMX63ehpunZATnVPUbG41yKFGFy20Rn0KBpwYnIHJ7Xxl67/ro1l/K1aX59TVn6OIzUb4VoT4KyXDv0r2gt5FqQ2pUwOLZ6hadp2iOYo4AOAxeNgHWW9tN1YILvR949jopP9E9lwOKtwDbe+xvSdjZfjPL4h5amIDXP8kM1IpFhaan+x8a+njuvvP+kK9f8ziRr9V8BnykAgRZbJJua5LwscfffjGivpztz0wKnSRKCyTKP6TobMOy+7FZ1AW1APbyPvhFbfhklk8XzbtScsyLtK+ocE56WrfK640NX+SgbjqBK5oxuVGPJs8jfR+rPcsy/IIWiFkXkFVyUPBLsua+TF1Po6NG0bAs94RE1pnfe5sq9PHOjolbr4JvOSQhcfeTzuC4JBYlovSlln1RK1jMAz/Vyp03pSY4AErVwGD+IzQz6fbQEzndwMVsWlzBwH/btvRIObhyEyPzyEpkk/S40G3idHUCk28gsBivPCh5cMPAzuxs5rMAWYCB7hFQ1GEkUDe3sA6TFBfq4XsimmBKacoK4Ekrok/o0B7pzq2Eirh1WTEdBGrTZMXykDeAGhX9p67h/5jhFcocapgr5ngxmHAiZ92gatL2V1uZ/wG3zzA1fxZNLu9unIkxDdKpavTPTHWpLw903MkxywoP6kC/J+0S2Lqyn984QDuDby8WIVRlCn4IpOIoqtSrLCmsV+HZCUZDZP/2UmWptAMMhLvlKxrROh/eSOljZ/ERwarraa+bH7DIpZZ/nnc9GOrFTPmsiRGN/ANxJiJZywV8uMu7mkidx16qoQgrG8z4l/VoiaayBFJ4c+gYF83St1IYBzSV4oThVhjcnNbcrxvlcGC7zkZRSsQS234AL6rGx17GSXuvlmICvhglymvRyRBSj9lORC/Y6LEOAWp7wdI0dFVjO+Dz7MNcDtw/0on0k1EYu/FQt2BoRbUECLIwKg7ZpHazdeYHbz6V5qqYsYL4vJX9VASS9rs12aXb9okgADZuac6CYPwMlj8bCR0/SpdgO4a76iCbhLMDi7ToGgO2+ZQOuoo41kDjKx3qa8MP0pA1dLeXQrBGD1IMtJ64DXsY1v8F27UI9UNEbEeuoOv3njdU6f1cR
"deleted": false,
"disable_correlation": false,
"object_relation": "malware-sample",
"timestamp": "1724751903",
"to_ids": true,
"type": "malware-sample",
"uuid": "be228313-a8e2-4a0b-a28e-4bfc9f5f5995",
"value": "fix.zip|70fe41f4e0ba092e841fad1aafa46400"
},
{
"category": "Payload delivery",
"comment": "",
"deleted": false,
"disable_correlation": false,
"object_relation": "filename",
"timestamp": "1724751903",
"to_ids": false,
"type": "filename",
"uuid": "dff71bc6-5997-446d-8c19-1967509c01b6",
"value": "fix.zip"
},
{
"category": "Payload delivery",
"comment": "",
"deleted": false,
"disable_correlation": false,
"object_relation": "md5",
"timestamp": "1724751903",
"to_ids": true,
"type": "md5",
"uuid": "9143cb90-3eaf-43d7-afda-eeeb0eaa2ad4",
"value": "70fe41f4e0ba092e841fad1aafa46400"
},
{
"category": "Payload delivery",
"comment": "",
"deleted": false,
"disable_correlation": false,
"object_relation": "sha1",
"timestamp": "1724751903",
"to_ids": true,
"type": "sha1",
"uuid": "a27b7e86-6ade-4c76-9722-339330d7d32c",
"value": "e21b9b9b981d788bfa8852154cc51c48b823b071"
},
{
"category": "Payload delivery",
"comment": "",
"deleted": false,
"disable_correlation": false,
"object_relation": "sha256",
"timestamp": "1724751903",
"to_ids": true,
"type": "sha256",
"uuid": "85f33a5a-5eaf-49fd-a2cb-bfc11cc666d5",
"value": "b1f401a32d82597d042df138825c90dd0b673d71017e16cee0f458a78a85cac7"
},
{
"category": "Other",
"comment": "",
"deleted": false,
"disable_correlation": true,
"object_relation": "size-in-bytes",
"timestamp": "1724751903",
"to_ids": false,
"type": "size-in-bytes",
"uuid": "97929ff2-02e3-4e9c-829a-3aba7d060508",
"value": "295208"
}
]
},
{
"comment": "",
"deleted": false,
"description": "File object describing a file with meta-information",
"meta-category": "file",
"name": "file",
"template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215",
"template_version": "24",
"timestamp": "1724753019",
"uuid": "7022c31a-7485-4207-9441-633d6eeffd69",
"Attribute": [
{
"category": "Payload delivery",
"comment": "",
"data": "UEsDBBQACQAIAHRQG1nVk9XuHBcAAAA2AAAgABwAZWQ3OTAyNjA4MmE1YWNkZjNjMGQ4MDM0MTEwMDc5MzNVVAkAA3ukzWZ7pM1mdXgLAAEEIQAAAAQhAAAAB80VIp5Qh73so5/wMlsIf0p7KK68l9A0bjjP2Y/KtJdS7HrAY5b1wq4K7g3pe1jb6avUOmOsfRyqk3JcfjY3ihxEz6lTAiOf1GuURB/YRLuYGSbnMDfgCxLPBsR3c7iRaPQWWhs5bm/u3EDP9JjB6hZIcWE3E/VF13WcbdFwmOSzN5mIMUyZ/OnXiQ7K5ZpbQE9z/AY0EfGf/cuaZ5sZu49cHXAPAxyhuKvnYnnP5QZhptYAaq7OBBNTHcGvUpU/VVJ889KgKOOZUl62QsAgqWw7K605cV43f40rwGLJgksVc+c/SmeRk05nzgd7C15GiA+uu4Q+oWUn0tbG0T2qgXUim4OCx5rIveqHreFhK18BFGgZg6ItkoTyj3k+pwmmh3AXzwu+tWNyd/+W7Ln/nZpTjacDx20taus5p2/iTe1Um0XkZSwMb1EbtF13SXXH76lmhICVSjZUTOhV4Cu/NSzKoOWPo4h+rxblQv9lnfOqrGGce/UhyxGHZmDInaf1ZugzSN8Cnbqag7jDeRLGFASfzYTb7Wrb5STAxJSEHw3mEgLHRUVbJfRPevZPiKmBaQ8CRPxlky0W3cEN4hycSF8dNImXcq+s1H6b9ec4HkpOrAO7bLVm2oqhFismCUvuCqoSNlcvlSz6x9RxndpwTka8x2T5QSCo/L38RZELqD8A5zjREscj1VX5SrT6DbrAIm2F7DgvdeUTIFicAvcaWpjdPuUPxevcyaX9fCyntYM8VbY7/MtmM4SoW7iC44mJsSPfqwNO5IXFoMCHR9NmygOhBp0/TfYjgLa+cG/+mhqN/e4tQN0ZprogxNBnTJsOfqPC7dsjIlwwxxRlz3ipbywukL47vuDJQSijmlXmcRF63tWeAoIrKdd1H5aT95Ypggp7uOmpJwPIoUQaS5dvT7yYqU1TL9OgndTWHefezlEHQ6zb/wRbBd8ZgLr2RtREh9VBXCYTIPiHVhRWIIB//B0+R+v5yZOPT7KGdj68rvQujBg4jcY6xAg54b1wkM5QULjAFNOtAP4yXfCiI9KiKVxwbqA5pqpFGVn8K1YrzVAX56AjuclP6FdjNdkkKNnqz8ybtLBQO+5xADdlRt3FqPFjNAFlKiqy7/Bn7LVLbQFFP0CpPGsnYw9AJIuBBkYUyAD7bt1OXQOMn4eTVvUl+ff1Lxy8qAVMSN2ilWQSkExOcRH3122IYMgkYcslGJkOL9PCDQuKUpTRAvQDCc7kj87UKI6keOec6l3trXWVE92TmaVyhBiflXziZaAql4BwrQwtyLJC0TM2YkazyoBnKOdmzQhY1wo62xXDvQIcMUH+1DSlkYn9HeQdowCeXHniSoG0c9wKqd+y/k2PjiU3QjKzwgEB2HFpfedJf+vjrcXSyGO9Tab0AY/Pzd3mMzcgzRx4cG8Sf6piDfdnWwBDZseeBEupFWEj+CSMADyGVRFx/HdNtsCNLYJUwz8VBb5HM5iyIQwm2HWxPK3OFV1rLdZPcuIlIv3i+/tSDn58yodDvWPj/nrtPObWn2H+6yBALvWLE9zUPSB9xdOe8ZzcaUTnRKclTnqMuYu/+V164uIQbRCvEIu7tW6erhMTEakDfJ0B2U9oX8yCCaf5YQWHs2yfcE7fnUdejBEJgXPmq7e8ue1LH1OLcsIm9kAFnOATC5VWDPXK+ei7efR5TjWr7g5U2qW+rVpq+ewWzSO9z7LIBu9UJVVAOJUjpQzieHMm2fnVj6ZO5/e4IP7cCyRFvH700a84PeIivjnmVb5ushRrH63hx98K9gMZbXxLTZD0ve+cBeWuX8ibSCLRimriT3WfQc2CXSF/daTJ1psi3Z0tqFsubxr6SO9lP9SJteK2KqTqbwm/pmvSHAtOjCH2w0YYo8AK/9RavHDwx43hCQ/a+ut/RDsPRYjY0eMKYpxCjhckQMA4tizz4OQ1a4Viw7SumYzshzZ5k0XDK2Rd6ZAo0Ec9btF2Ji+KcXV27h6wUQv3wDFGFvZ2VqZvRGQ9oQj8cQRYN6ywU/ASZp4cp39WIoPxkYSOibYd/I+SkXtCwXeosJ5UDKC4XiYZslW6L0FcfEK3k4OdOS9b/+L0lkieFBxADap/nVXVcQe14LjBKcXabRq2psRM0owIjaE55fYPptcTQ6cxatI2ZiaGgnIF/IV+1ZhFSZDRmVxVsvdbJvfWhXJp3wKAIN3iyCEwMXO8zCykwz0shYMsEybiFb5+FqRXW6nnQ6vfB87omtmL2/crviGIdAiTPDkxBfmO+TQwe/rZ62699q3uBW30rL7pjzLVbKe7uIrrLZt4ehpRMLmJQ17PAloE17vSyVUVU61HlepbWJ/b8uK6suOWFa4qLfZE7S8vyX7GaNRy7BVhWYr5RQ6DeHiGhz+xQbuWpgOfrFGEGmjgcxOfp0T9QMo6xqYqXSVKADbLRt3RaT+OoTZCaIMTTxiObB0+l2251GZOk5dDl08+YBhpwNwQPgHi+xlC6GSCdNtJRJxqi7gzEI9tsHsE7ZX9ZkgIgYhKD63esc5rd87p6adDLA6mH3+buBtuCs0epH0yiNuDKCIPhbbFEqCPB6hqEYYXi57UoXekf5JqMUQse7VmqcuSJYAEQdaaQgD/wH/lI8T1nu/lwXc1b7onYrdSWhOHgQnMG8tpMEzHiWSjpvnsAJIyGew41T4At5jkGmrZkV/aLcDD7ia2asuHEPtASU0FcqOHcbpD0LRKp9nvdW7N9utv22bfRlD928SJbst1/9kO09qiKlUkBDdjJvvKIBYe7oNGU1N4Gqe9nraUM8ze4fG2iu/LS1hsc/yzdVFSwHwipOa6tixaYsaC+xD9mqjLp8EYsay4zqm1FZsdvFGm3BYWVY49jxXhijNDT8m6s4WctCk4QCRsAuyAGzuqoFli3LFlaQtOEO8677ZYvav2KZesi7KZKz1f9xGbdTRS18yJ2N6LSin6pRZj98LPaeUKHKe6vLRIxTE+1D8qUmHNteiM7s4cgiEeNZ/KOo5JetU7Uh6zThAAOrkES8xzKfdFFmGFi8foAL4d1oprdGpInfBUR2hs5k7jNitihC4smDTHIxKCg6Rphb/mqq0u93zGLawp1xSFBNxj/hKpdMWsVNFoLcCDQx/pm0ZRJ5AH57MmwvVeGWQjpo0tCihkYGCqBCY42wEWJ5ZUMQhoefTBh856I/q33dzvoegMFnN4P2By+a6IQNoaWp+Z+u9U97wNlKuuOZ3Q9s46qpN6jZ2lS+yfvGrBc0q/qxuDOhQusI3XdH5qyOLiAoLSwAdqtXy0qgWJQmcan3HuSqHvYdJFNF6Zy5k0aFZGy0DoT9WccFCKA4QEuEA2yTM+8lnr8psXoh/Ois9YM0afrHddnHk5HO9sUw4CL81A6gUXXwrJpm92GbCi3Mf65dCOES/EIL6I3NFyEy2iQ5M3Q4n/yhBpWKXLWEwah7Y42HrolRbFMH5o6jrYh0LA4R7fXoK9xWRzx179cSn3Djhu0MaIcYyDOm+PqyjNhShNKMg7w6pTqEoXeSt5Mv2dPXAsguTKsKgzvCCnC07CgqHwap/shiKh5WaAzhk11Dq/1h6DeOt8MCXi92yc6YTA47Bprzq1v0FJE3OIPLI4WI5BOiS8IzyjfgD3f3DbrKAdt8dUUGEF1V4IOp4JeKRY2O3ebXJ5EjXAMpBhvB19J/aYkE2o0Gu/dkpmWF7bdQM1b23hh10YoxDnTIJ3ZXxihq4AJf6YfrWVvY3DTmeDhFGX2YxJxNLKjN06usBunp/q3H8nKPIf7vC8VrUlCQaX6K7ystxxU1wji7PS7pUaj30tnkqWx9gy1mIfbThAdGwfCH0m0//3w2fgzre07iSwVPBFWi9OKccXhXyFLvY4U1msAKlmqwLey9vxaJp6vDJgKZiA4l3uTSQxZwh7/DzrXTIkAQyVLYJmEhKa7McWPn0ri3sKblDVSIf8mfs91lswLa
"deleted": false,
"disable_correlation": false,
"object_relation": "malware-sample",
"timestamp": "1724753019",
"to_ids": true,
"type": "malware-sample",
"uuid": "221a294a-ce64-4476-a5a4-0b765cc65790",
"value": "libssp-0.dll|ed79026082a5acdf3c0d803411007933"
},
{
"category": "Payload delivery",
"comment": "",
"deleted": false,
"disable_correlation": false,
"object_relation": "filename",
"timestamp": "1724753019",
"to_ids": false,
"type": "filename",
"uuid": "a364d1b2-99f4-482b-ab36-a41d8aae2195",
"value": "libssp-0.dll"
},
{
"category": "Payload delivery",
"comment": "",
"deleted": false,
"disable_correlation": false,
"object_relation": "md5",
"timestamp": "1724753019",
"to_ids": true,
"type": "md5",
"uuid": "c1a7dc16-6683-4625-9820-9fee8a9ed2a3",
"value": "ed79026082a5acdf3c0d803411007933"
},
{
"category": "Payload delivery",
"comment": "",
"deleted": false,
"disable_correlation": false,
"object_relation": "sha1",
"timestamp": "1724753019",
"to_ids": true,
"type": "sha1",
"uuid": "238e79b9-cd6c-425e-9a0e-54bd888e8fc9",
"value": "d7eb77293f139f688c502c4c187b7f2aa6791640"
},
{
"category": "Payload delivery",
"comment": "",
"deleted": false,
"disable_correlation": false,
"object_relation": "sha256",
"timestamp": "1724753019",
"to_ids": true,
"type": "sha256",
"uuid": "e0d8f6cd-1118-47df-936b-8c61ea0a707b",
"value": "3e6587a54953714ca433ba384139f03c30827c5f90a054fb10d5cd2f79f25f4b"
},
{
"category": "Other",
"comment": "",
"deleted": false,
"disable_correlation": true,
"object_relation": "size-in-bytes",
"timestamp": "1724753019",
"to_ids": false,
"type": "size-in-bytes",
"uuid": "a29af713-1150-472b-8495-df10f2aefae3",
"value": "13824"
}
]
},
{
"comment": "",
"deleted": false,
"description": "File object describing a file with meta-information",
"meta-category": "file",
"name": "file",
"template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215",
"template_version": "24",
"timestamp": "1724753029",
"uuid": "93750a61-e8af-4ce7-8379-01c412c92e26",
"Attribute": [
{
"category": "Payload delivery",
"comment": "",
"data": "UEsDBBQACQAIAHlQG1la52+ieWgEAAB2BAAgABwAYjU4ZmUwYTVhNTgyNjZlMmQxNjcwM2U3NzI1YTZmNzdVVAkAA4WkzWaFpM1mdXgLAAEEIQAAAAQhAAAA8vBcy7S3lrXxYYQ/uxY0F0DOdYsOxcMqEVH189EiCK2V5qoa303T7/rdB82G01KLnoninfqLbSiMZDmMp/nGegVwSCkbgFPCavrNj/QEqmPD/4DIL3HQc20xQluudH8OpXZ5ScLAUYmATCRP7zPiakqbo+uPikxK64jTg56adUV+EeYcAbfUn6gsQMIJ8hYM6VdH4jbNXZCxjo26cZJn3ZIdUQdveGxMPYTAv+zVygVCVzY7sOYf8n1ipK5ag+s2W0p1AFZOkp2Z2zvPCJV55aGzGzrMOuyEmQn/glnVyKQDDVR+sYOS7TEkwdLHhQLjLNIxQIohfB2uXVj5QcL6Uj/WFUs+x2tumQnKHXVbO36G28e3fQW3U1yfr3M0EUvY1oURiXmQNBwtaKK+SVjSSmIuEHKRwcqi12gnX6DQKxEWqqGUXAzA8alXp9jKPO2rSOsxLpqlzlNLikLvs6qDnQSyTDpYdVOtNYz6Oly/E31oceJWh946M6XJ+UOa2T43i++59SSOdGgrO0YuG78GH3LecCNv1O5aDwGecdFb+u2nDiIZJtTf1chDINnIcTl1JT8hUFVyb4UBXIz6OlA+KMxJWe0rbbga7Ex4yF8HdU7BOsyABiHPBE2nbW8IyKFz2zoWXK6AFJdJ/ud82X0MjA5UaRqNKlMJvulbXOUm3piaEqtIt0/Tksh86iI+pt6eL0DtL0n5ruzH5BFBN2AvVxi3qSviKAjqO8ENa5/WEg2jO5uHmjQ9tHwNaaoY1f7g0XyuFZf8eKrC6d7rDX4H0qu2tlgsyTb6QGYSRAQuO2MmalJID5y+ryEMdERIPdJlCZZaTQsSh2qWlm4QZIDSho4GjENGusqGY9wB9VBmt9yG8XP7RwNMd7CQpftDn86lRiS1lwZ+Xv8WGzAKloOUt0vggXZCUVIOVtb8PLIebQhNCQKtN/cLMLtCthVoCrzwOhXarzAmOCRu+2yAm8kYkXcMoe/11/yIZyRMoS3VBGARsT+085yc36TbCzoBtxhLx7RbWYXb23x4d1djqqIM5mMP+SQKk0OEkQ7CznFCpSMNMQQjDyKJ5D0G+J4ARv5+/uc8H7PMLcnJgxYigaEfAA1ejs9dx5f8RvFvQW+p9xquforLMSC6hrSnHRA93hCMa0zvUQCUf90jjr0aSNuZMuqJkQ3INAC/MMGjl96mK1PY3SJUtvCy6k2IbHjlR2KYLrSjcJHLqDYXX2lg1zSKEE2+dKHrsHuS+TCrSycvFEdjzWxD03cPNUuWIN8u10i7ivBEoJNIhWz4R+x9obqZ7DaE2CVIaWVQ/ZVuKJLJmyINuhw2wDDEk6rZ05uvX4wFUN9joZo0UEzFaQRvv8kp43+0FVq9ORC8WhD4nZobwa15XYEOa6oo7DanezmI6h5TQKfUcYxHdCFc6bEfcpy01NKtCr4FA1TnI9ybvbbgNzl0OqSNsupLw1jdePnOFVpsOgYAofQV7tFqrVXw5B+0H9JzT+GtObIs4x0nyV0iB86FTDDa6ugshu1P81KQVEWc3QNN1qtlp9jgkrXCDRlQLi3w42ta1GajIWNFdTaNh5CfG+ji1x5jnKC5fboUJymj5VYyWR0fm1tzPBBg3wfrvXWgxqo15ewdi4HO3IGKGpKPzjpHgkI45sn+JL6fLeC0CiQarh6NwcxUEzu3FloGRuTa+aOIChfmN0Zhu2hJtv+pvLH9+vkucRhvLEFlMP+/1QHdnZSHtBCp5ZM6A3CSyMDbCk6uPaCgNj97R7ZJRXfiEYnrvPzpqTEM0kVDmvxR2LqxUT6vFRjpqJ/pqvnvCkan178T0BDH1VWqJpd7HY1Svcs8f5gbuNemXaYVYRmGvGJ0K8Op3+r0y3OP6POQIrNcitMgAKNAP7NpMMdF6keUB1rP9ROYVgzAGnnXgEhyy5f5s9+BeCLX6T1T/HJFT0bem+f81u2baR34AjXArf5n9uE35fNZZinQVNvLkSKcEOt1ksYHV2Zdrf21HuXL5cpbPGANDf8aKWgEQkDw4am/k8w1FsrtgKVOGp0z8k5Q/B5xesDnygGK0/56J4VnEEqQrkN7qy2Kojh57pPi6zVl6mQqRd0grfntmelM9cdewxrsVoWMkM6m0+kygOOjSsgz909n8s6Ybvj9CI7B3kgsPB5BLKkEfUMsrsxfN63V/Uoyll0Ax1EPItC3/25YNC+3qHIZ7muOjlIwWHHURPDWYuPlhl8qEIu+EL1b4ge5IsI7/0a4/PiO59z1k6XJwK+zEJ1sJr3Xc/8D/R5fNKXqlSm7G7w1bBJRWVygKo2MweiM3ckVRhhJkjHNlFKWwfXJ4hJR5NeTaRMoIhTU5UmhzTh5tEiaInq4VB+9tL1Kl8aOOANVRjOk6Py2aKJjgbaG+Tr4vxGYAVuO0SmKkuu0fcRzDQ40wljMh0kSfpicdrtTPcH3hmUyo8t2qVKhj3BLJtenywEIGVn8RwdPmfhnhfmwYLcBIuOiw6so51jHnpJpb+2JmwfL/yzOapr3Mn2sxpy3tvyBheEpuxSiPUY5EnLosPRn5EQJHU3coA2fACQKjleSaxupMxIVkCTXk+NTfOMP3LVclRkbXRdXnyDJ8Do9JlPI+VDoAW4lruKRnon9485W+AK8eyzgd+t2f81wV9kG+ZWYE9RfdY2paMNCrsltGYjMtIPuK70oXfL/+qTDuje+qWQgXUaCt6geSxxVcWvi5E3CfREmS+hh6J2RBBPpj1SYp0qF9/tjkLqBzd5e6+dFmPDMVot6rF220PdIDE0MyEjhpc0B86PkYz+Jkt5PfFc0Wn2BRdCHEud+hCc7CptDuhDZZ0bS8ITHWnVa7YvnXya+GYZ8exKfNtgObtxPl0PG2KzsoaPMtIykWb53TpadKpD1d6UTvGV2cBmHHwIz6Lqb5HRgT3c6KsQrV51soCCQMQxxsEz/AjTBK8wNpQ/jCePfVCAEgHdXEo+KYg9laZMbmYsPrE+K5ucBt3CTR5uC7coh6TBPejSDAusGhfUKnuEnBsnXaKeL76XQrBBO//dKxThQ2WbS141fEf4wHPgp+V490j0aUYh8PA6TQmWgx0oNs7Fi80o3uiO2u4lFcreYn828lVuB9heuuYU/WC4CZNZezVS3CZXCjdAC1VtXOip4ZAzdF7qpUNntHXYytWjRsNehoQ0FoLWlfFH0Klqklx7eaEGlL/eZRjCWkn7GdvSuE35TtPs2VDecr1TrNgbp2d6dg0eoZFuWGpLERJlRczSocXr5H7XYR1A6aElfZ8bGwfWoYiq7h32YZA2vyzw5ZmZmQeTmFX25sKWmPx9KgNL+3EAO6dgPlT6i1aUtiz3yhiw4z5+xCmuI2pBKojBQbSCrAPQ+fL5E4b5GAgA0nAq+Wmf7dxYRvEnQ3lL/IfOCQAXTscy2XXT7CKxNDmOxMNO8K3EDFbLRwLv9h1iVZtIn3SpwZc/f73939aDZnQFPmMt1Z28E66MRcuFBxoW4+n2xoY7VpjcGu5snUWY9oBYBy543k2ual7aoQTBNW7jKJetbuZClQzE4mKOXAekl+yNN7Ql8PUFecud1xD7sIhK6tFzQ2nH26vvpqaCpuHVuXwnIXFpb22B/yBSpwTYmpUAQ6qIzqNKo2H4/g18ptAj81SGjaK5RkS4YPDlQy2eUW1cMN3bwC4YOMgTfExS8zwRALs9Hs3q3xcKl5MKhX2tPJKdv0rvQa5+YGmdfXWq7y3ou/Ob78Zxz6PestnmJ3vxkbyrphylPPPh5Jo0MgJtjjuDNfI32bzZhq5h05yYuQxzcCvk5ImcLQkTD82SMoyhMqJAgIMLRQogVdlm2LQrfEFsySpB1UgK27Z3gRHWD99yovglUVx3D6sYmBHgKENMfy2UCnhChM9RNSCx7bk0RIt8KYG0JpNtMvjsFbP0ZlgXe4u/ACFyjmjvlm9hgbnleX7HtkG32ameIxN
"deleted": false,
"disable_correlation": false,
"object_relation": "malware-sample",
"timestamp": "1724753029",
"to_ids": true,
"type": "malware-sample",
"uuid": "dd7f63c4-7ed1-4d9f-93be-277dc0935a89",
"value": "x86_64-w64-ranlib.exe|b58fe0a5a58266e2d16703e7725a6f77"
},
{
"category": "Payload delivery",
"comment": "",
"deleted": false,
"disable_correlation": false,
"object_relation": "filename",
"timestamp": "1724753029",
"to_ids": false,
"type": "filename",
"uuid": "c4bfdecb-f137-45a0-996e-c078f58b54ab",
"value": "x86_64-w64-ranlib.exe"
},
{
"category": "Payload delivery",
"comment": "",
"deleted": false,
"disable_correlation": false,
"object_relation": "md5",
"timestamp": "1724753029",
"to_ids": true,
"type": "md5",
"uuid": "70b97066-dbb4-4378-baff-da0645da934c",
"value": "b58fe0a5a58266e2d16703e7725a6f77"
},
{
"category": "Payload delivery",
"comment": "",
"deleted": false,
"disable_correlation": false,
"object_relation": "sha1",
"timestamp": "1724753029",
"to_ids": true,
"type": "sha1",
"uuid": "1aa0b73c-37f6-4500-87b2-aaf35bc854a9",
"value": "bbdfd57437aa760246c6cbfa7a97405344347633"
},
{
"category": "Payload delivery",
"comment": "",
"deleted": false,
"disable_correlation": false,
"object_relation": "sha256",
"timestamp": "1724753029",
"to_ids": true,
"type": "sha256",
"uuid": "e32cc425-349e-41b5-8eae-4705b274b503",
"value": "b127de888f09ce23937c12b7fccfa47a8f48312b0e43eb59b6243f665c6d366a"
},
{
"category": "Other",
"comment": "",
"deleted": false,
"disable_correlation": true,
"object_relation": "size-in-bytes",
"timestamp": "1724753029",
"to_ids": false,
"type": "size-in-bytes",
"uuid": "b25b6dd4-4c51-4647-81c0-1640ef212265",
"value": "292352"
}
]
},
{
"comment": "b58fe0a5a58266e2d16703e7725a6f77: Enriched via the virustotal module",
"deleted": false,
"description": "VirusTotal report",
"meta-category": "misc",
"name": "virustotal-report",
"template_uuid": "d7dd0154-e04f-4c34-a2fb-79f3a3a52aa4",
"template_version": "5",
"timestamp": "1724753268",
"uuid": "b4aa4ee7-b51f-4b38-943a-a0a1fe739e8e",
"Attribute": [
{
"category": "External analysis",
"comment": "",
"deleted": false,
"disable_correlation": true,
"object_relation": "permalink",
"timestamp": "1724753268",
"to_ids": false,
"type": "link",
"uuid": "e1899a28-a983-43e3-bbcf-80e08c630a51",
"value": "https://www.virustotal.com/gui/file/b127de888f09ce23937c12b7fccfa47a8f48312b0e43eb59b6243f665c6d366a"
},
{
"category": "Other",
"comment": "",
"deleted": false,
"disable_correlation": true,
"object_relation": "detection-ratio",
"timestamp": "1724753268",
"to_ids": false,
"type": "text",
"uuid": "294926f6-2f56-4f58-a719-50ba0e553b13",
"value": "49/74"
}
]
}
]
}
}
Reference in a new issue Copy permalink