464 lines
709 KiB
JSON
464 lines
709 KiB
JSON
|
{
|
||
|
"Event": {
|
||
|
"analysis": "0",
|
||
|
"date": "2018-01-20",
|
||
|
"extends_uuid": "",
|
||
|
"info": "Malware collected via pastebin",
|
||
|
"publish_timestamp": "1621927028",
|
||
|
"published": true,
|
||
|
"threat_level_id": "4",
|
||
|
"timestamp": "1621849582",
|
||
|
"uuid": "5a63182c-6bc4-4774-99d4-04070a00020f",
|
||
|
"Orgc": {
|
||
|
"name": "CIRCL",
|
||
|
"uuid": "55f6ea5e-2c60-40e5-964f-47a8950d210f"
|
||
|
},
|
||
|
"Tag": [
|
||
|
{
|
||
|
"colour": "#ffffff",
|
||
|
"name": "tlp:white"
|
||
|
},
|
||
|
{
|
||
|
"colour": "#500064",
|
||
|
"name": "ms-caro-malware:malware-type=\"Trojan\""
|
||
|
},
|
||
|
{
|
||
|
"colour": "#003860",
|
||
|
"name": "osint:source-type=\"pastie-website\""
|
||
|
},
|
||
|
{
|
||
|
"colour": "#005fa4",
|
||
|
"name": "osint:source-type=\"manual-analysis\""
|
||
|
}
|
||
|
],
|
||
|
"Attribute": [
|
||
|
{
|
||
|
"category": "Network activity",
|
||
|
"comment": "Binary tried to resolve this",
|
||
|
"deleted": false,
|
||
|
"disable_correlation": false,
|
||
|
"timestamp": "1516446964",
|
||
|
"to_ids": true,
|
||
|
"type": "hostname",
|
||
|
"uuid": "5a6324f4-2980-446a-aaaa-40ae0a00020f",
|
||
|
"value": "spyrat.ddns.net"
|
||
|
},
|
||
|
{
|
||
|
"category": "Artifacts dropped",
|
||
|
"comment": "",
|
||
|
"deleted": false,
|
||
|
"disable_correlation": false,
|
||
|
"timestamp": "1516447311",
|
||
|
"to_ids": true,
|
||
|
"type": "mutex",
|
||
|
"uuid": "5a63264f-1494-4ea1-9b45-052c0a00020f",
|
||
|
"value": "_x_X_UPDATE_X_x_"
|
||
|
},
|
||
|
{
|
||
|
"category": "Artifacts dropped",
|
||
|
"comment": "",
|
||
|
"deleted": false,
|
||
|
"disable_correlation": false,
|
||
|
"timestamp": "1516447311",
|
||
|
"to_ids": true,
|
||
|
"type": "mutex",
|
||
|
"uuid": "5a63264f-4350-43e6-907f-052c0a00020f",
|
||
|
"value": "_x_X_PASSWORDLIST_X_x_"
|
||
|
},
|
||
|
{
|
||
|
"category": "Artifacts dropped",
|
||
|
"comment": "",
|
||
|
"deleted": false,
|
||
|
"disable_correlation": false,
|
||
|
"timestamp": "1516447311",
|
||
|
"to_ids": true,
|
||
|
"type": "mutex",
|
||
|
"uuid": "5a63264f-1a8c-4255-bd59-052c0a00020f",
|
||
|
"value": "_x_X_BLOCKMOUSE_X_x_"
|
||
|
},
|
||
|
{
|
||
|
"category": "Artifacts dropped",
|
||
|
"comment": "",
|
||
|
"deleted": false,
|
||
|
"disable_correlation": false,
|
||
|
"timestamp": "1516447311",
|
||
|
"to_ids": true,
|
||
|
"type": "mutex",
|
||
|
"uuid": "5a63264f-e228-4e26-9164-052c0a00020f",
|
||
|
"value": "***MUTEX***"
|
||
|
},
|
||
|
{
|
||
|
"category": "Artifacts dropped",
|
||
|
"comment": "",
|
||
|
"deleted": false,
|
||
|
"disable_correlation": false,
|
||
|
"timestamp": "1516447311",
|
||
|
"to_ids": true,
|
||
|
"type": "mutex",
|
||
|
"uuid": "5a63264f-a44c-4094-87ae-052c0a00020f",
|
||
|
"value": "***MUTEX***_SAIR"
|
||
|
},
|
||
|
{
|
||
|
"category": "Antivirus detection",
|
||
|
"comment": "",
|
||
|
"deleted": false,
|
||
|
"disable_correlation": false,
|
||
|
"timestamp": "1516551187",
|
||
|
"to_ids": true,
|
||
|
"type": "link",
|
||
|
"uuid": "5a64bc13-2c60-4926-8c63-b232950d210f",
|
||
|
"value": "https://bahrainwatch.org/blog/2013/01/15/hacked-website-java-vulnerability-used-to-target-uae-activist-with-spyware/"
|
||
|
},
|
||
|
{
|
||
|
"category": "Antivirus detection",
|
||
|
"comment": "",
|
||
|
"deleted": false,
|
||
|
"disable_correlation": false,
|
||
|
"timestamp": "1527834140",
|
||
|
"to_ids": false,
|
||
|
"type": "link",
|
||
|
"uuid": "5a64bc01-e6a0-4c63-bac7-3bb1950d210f",
|
||
|
"value": "https://www.mysonicwall.com/sonicalert/searchresults.aspx?ev=article&id=625"
|
||
|
}
|
||
|
],
|
||
|
"Object": [
|
||
|
{
|
||
|
"comment": "",
|
||
|
"deleted": false,
|
||
|
"description": "File object describing a file with meta-information",
|
||
|
"meta-category": "file",
|
||
|
"name": "file",
|
||
|
"template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215",
|
||
|
"template_version": "4",
|
||
|
"timestamp": "1516446996",
|
||
|
"uuid": "4bde24be-c45a-46a7-9bb4-2132e7d55349",
|
||
|
"ObjectReference": [
|
||
|
{
|
||
|
"comment": "",
|
||
|
"object_uuid": "4bde24be-c45a-46a7-9bb4-2132e7d55349",
|
||
|
"referenced_uuid": "5a631973-1f04-4b1c-8357-04070a00020f",
|
||
|
"relationship_type": "derived-from",
|
||
|
"timestamp": "1621849582",
|
||
|
"uuid": "5a6319a6-8bc4-48e0-a753-0f050a00020f"
|
||
|
}
|
||
|
],
|
||
|
"Attribute": [
|
||
|
{
|
||
|
"category": "Payload delivery",
|
||
|
"comment": "",
|
||
|
"deleted": false,
|
||
|
"disable_correlation": false,
|
||
|
"object_relation": "filename",
|
||
|
"timestamp": "1527268718",
|
||
|
"to_ids": true,
|
||
|
"type": "filename",
|
||
|
"uuid": "5a63186d-5274-4c7e-829c-052c0a00020f",
|
||
|
"value": "dump"
|
||
|
},
|
||
|
{
|
||
|
"category": "Other",
|
||
|
"comment": "",
|
||
|
"deleted": false,
|
||
|
"disable_correlation": true,
|
||
|
"object_relation": "size-in-bytes",
|
||
|
"timestamp": "1527268718",
|
||
|
"to_ids": false,
|
||
|
"type": "size-in-bytes",
|
||
|
"uuid": "5a63186d-fc7c-4d02-a5a3-052c0a00020f",
|
||
|
"value": "282624"
|
||
|
},
|
||
|
{
|
||
|
"category": "Other",
|
||
|
"comment": "",
|
||
|
"deleted": false,
|
||
|
"disable_correlation": true,
|
||
|
"object_relation": "entropy",
|
||
|
"timestamp": "1527268718",
|
||
|
"to_ids": false,
|
||
|
"type": "float",
|
||
|
"uuid": "5a63186d-4074-4e18-acb0-052c0a00020f",
|
||
|
"value": "7.74962351461"
|
||
|
},
|
||
|
{
|
||
|
"category": "Payload delivery",
|
||
|
"comment": "",
|
||
|
"deleted": false,
|
||
|
"disable_correlation": false,
|
||
|
"object_relation": "md5",
|
||
|
"timestamp": "1527268718",
|
||
|
"to_ids": true,
|
||
|
"type": "md5",
|
||
|
"uuid": "5a63186d-c524-4559-b01e-052c0a00020f",
|
||
|
"value": "f846b2cfa37a5b5e9ea1208b597796fa"
|
||
|
},
|
||
|
{
|
||
|
"category": "Payload delivery",
|
||
|
"comment": "",
|
||
|
"deleted": false,
|
||
|
"disable_correlation": false,
|
||
|
"object_relation": "sha1",
|
||
|
"timestamp": "1527268718",
|
||
|
"to_ids": true,
|
||
|
"type": "sha1",
|
||
|
"uuid": "5a63186d-1e68-47a8-824c-052c0a00020f",
|
||
|
"value": "ccfd4fd905bc9828fd528097acfbd29211d88f09"
|
||
|
},
|
||
|
{
|
||
|
"category": "Payload delivery",
|
||
|
"comment": "",
|
||
|
"deleted": false,
|
||
|
"disable_correlation": false,
|
||
|
"object_relation": "sha256",
|
||
|
"timestamp": "1527268718",
|
||
|
"to_ids": true,
|
||
|
"type": "sha256",
|
||
|
"uuid": "5a63186d-0b8c-4e18-bbec-052c0a00020f",
|
||
|
"value": "18e2c163a1f275cc65ec1759bd1b5a44569d88c93025faab1c1d915bb4cf48b5"
|
||
|
},
|
||
|
{
|
||
|
"category": "Payload delivery",
|
||
|
"comment": "",
|
||
|
"deleted": false,
|
||
|
"disable_correlation": false,
|
||
|
"object_relation": "sha512",
|
||
|
"timestamp": "1527268718",
|
||
|
"to_ids": true,
|
||
|
"type": "sha512",
|
||
|
"uuid": "5a63186d-2e30-4f87-86a1-052c0a00020f",
|
||
|
"value": "f1bb0b9b03eadcfb5c6e98fc1d20ec824a2a70354e83059120c73a412d0e84a219aaf12d96d1dbf71d0982c94068b01f37f22f835b66f7e833a74e609f9d4466"
|
||
|
},
|
||
|
{
|
||
|
"category": "Payload delivery",
|
||
|
"comment": "",
|
||
|
"data": "UEsDBBQACQAIANNSNEzO1LiWJygEAABQBAAgABwAZjg0NmIyY2ZhMzdhNWI1ZTllYTEyMDhiNTk3Nzk2ZmFVVAkAA20YY1ptGGNadXgLAAEEIQAAAAQhAAAA5Q52+cFEakD++C6SWETLHxclxvj/J4s3dwkpvo2rG7mC5paikvhQYUztQU7NfA0XWNo440ZohKXJw1VIwcBzEtvzZfHSrTLshImZUoRls1xuFpRWLOVTCi1U++j0djNIU7F2HXEk6oimO3vnAsBeP6BphEP+bE+0H6zlfIq3FhpBAsZANbKg+zgTNgIeAGJBSmp/GpIbTdc2m4awGgw8py/roa5vJr8G8pwe6JS826De1hwe6VhjuHk6KuzfBKe8iFZu6OIp3XkMQICPq8t5KEch+mvslZqL3HSHubfPyElQkzSPyOXBGUk4GC/UvqDwJ20EcCPgSUUCXicjcclOMcA3smhjiHBDAiG4E41qSLzac8ymSM40q5z/eS86HrArIrTMbwGiJ3bVMIx8941C5wu9y9jxgSEn864roB5tfAIW5g+DCNU70lK0+GqcHs3vcyQnj380zLvemX/8vy/VsuwmD7m70/CfYD85xCJUNaz6TZzqiWIKRPdTGkmNSZDb7h0bSiW5WxxsQrWW/wNy/xBTGgYbRUKyh2PjlYhKn7vq0XLseL5RPS33tSNLYaqmeAWNJfuWb6RngsSEB/hE/mJSioGxFh2WGu66ub4tJmuXqWRVVJi2E0cK65CrfHQkDuk51VFNXIS95v24s/xFEPOQNMsM96MZVOnYUK+DBzKSzMOmb+xzoCNrtWVbUQ1YmlrD6CIx41VOuSn9kYSwMX8/vG3mQhi7wCA49pIb1l0jYFu5STOr4k5MGNsjjRvJ+NiAk35URWJE9zcDuTQnnC4O/aw/gMV/EqD2u8x2RBQ2bsmqvftwvr/Dg4ikOme0Tam4Kwkis9xxFO1i1S8R7xZK/TtXOkO1PsNjw5UORhF91UvmYsQ7IRI9mzS2WposRznUaRIA54WOgt7sR3uJxinEZ7CBDl/Lw8lMMWVMm4F6foz5F77ERt4K+R6tiGERPLQgeYLWg9SkJ/+OL7kR9Z/ISWQe0oeCN3NVUQjIs+ZBVVHUAFbxaMeAXtNTobYz8Z7tJljqMvqn6NxX9U+yIyT9qEzPQpuLVVk/v69fCqPIa7bbZD5CQXL3TGbiyT68AO45oE6mNybXK+Le4yhzbnhdc4zy3lKNVaXLx4FUhL0WE09tBWUqnyYaSj4G71rVhY3RgtF1peoXBvWhrLsZAFb9AiEBnX3MMd91R6ZqGRPPs8kNg5ekvvSvjGpSL0irmL1DVBl2r4NjU7Rg++quPUT/1YCvOZx322XZOuIwn2CVpQS0breoAn5vU6k5PwqFWCLfNtrh9vLYFA1cj5XCQvxfFOMrRgMx1EYnj5Spkfkb1QkItE8M91gOqbLqLaFb4ErYuwU5zzE4w6QbSE2j7Wg44vOxAu1nP8i4BhEKaqde6ucZAZ2kAum9TmX9HsMrcT80Ku2dhB3KnAZclhVFf/+vB9TRnQSyjPw9F8ew71Yhtb761Tx7gl0pqL/NqjbJg+T5RMSvbAxAjg/aSjjvBcoDglOQiqstE7PBOOJc2EnCHkJbDeHAjAYvESOgpinKvgqt1ZosGfHmXwnd4Q91bOnW11m22wgRsW27KK+IVa1kMSNVKBIa5BUPLxjMKm0nxUkhSsTW3HDrjSems7IA5Kg5RleXC6b4fZsWBU0urwvh8wNTu/KDzfkWZEyj2baWoxCygGmmmOFPwBcHfkHQEBqYo7MPICkgmOrontcP7vzEgpoNl5MHIXFfjBhiVY9OXLPxlZqPra6dE8+SLjHU/VHu2bDh1TwMK0sQlJ5bxrPYnTbDpt9I3e+gEw2/kOJcKsrzawpWe24rEW0crY/Xde3IZCTMOE4vKokGuD6lj3qgqClFjM8033YUk5Zv0HybqWKUDsm7Vof3ZG9Xk7dIvMN+1j3hCOmy1VNjzAu2R70N/C+/zYVi8A8zTfsRseDpyYaE/SfgVI824ZHUcD+pRdwPQ4UsPCHB8GHpkN7K6qYz3Q556mLxDFbZFxye/1tpsp7ALe1EJAtmzsZGebLoqnv8vYk1700C1rSzMIgbXAMH+WiiKPs98x+THB8zaiNMJs+r5npjCuJUxwq2mtIVFjrwg9V+rK/GpjBxOsBMtayZzamXjN0KM/gvKp0yFd6+ScWTbq+wR6MZjmkV7XZePtk4lNls/Dgtui8bkKg9OOvdJ6jeX/sH3xOse0myOqMDpqUiTLE14kg54q39CRm9+8QGjvCNf+Pyv7OPs0TRv5cKECVYHwv0vBA//fQT8IH4QudrswYfiomrlx7Rv27VcS2bfjZfrDtJaY/StRFHzRPDDWN05sfSugQGcLpiIcY/buY5tv6v0Wpiwa1EzitgAmhz1gdYUCTRRPhsO1YvlrrrI2KbH/GCAmmC+BzRgnXobfg8XZkPmasszR4X0nauIBletFesTw4u0VsYbLs9jpR9dLwd2spskI1KAFDid+bvoTThfoR6XuLBR8HCjsDzDayLzRvMqgB1/XdavGGGeYc0Afsm18GLNro/uM31FqNCIqF9oGehExsEqSUvPNMxOxutdBqmqShv3eWVeyomI1Av7oGuyvZBtB6CdNP11oR+OKujRGeL2P7rjH0ArTSPfxOxtHJ/ppT89A9zEv4n3c8SAVZVioOylYvmSOY3QVjiXDcGrpddmJ2GALAWA+kT8rVc+N6ZxmtcxqUnTfaO2/uDdwWSfy3hqgK4pQCjGYdqTpcc0HWCXSbAs4wxAVZFVGxJW53mhrnIkOq4RGbGBQ7cAkeAw1MIfOwQkYlZvAFy5uZXL7ctNLBDeCunDnJBejDxg5wkRza8OTSrNFsgk9hh24/vESsqWV6aVf8fTUZhpARZv/zpWwjGq92Yc7Vq2oCyV5swV+yPyuqCEbRL9TDnQ5xTerIAcGAo6LI9DoejH/TfKTY+ezPjW+3VbyFJSlGDFIg+8yS3FU523sDpU9Kpwdso1H+vzAI7XaGZi196oREMRu4nthU4cZhydgiah/8nqsJAkXSq0Qd5TloztJuqRx1oMvXtjKQGp3vNJ4OBtDYr7SOgz4FHNXicQ3+jEqopFmyzgkH/6AjdV1KXIt/azgGlNJjJX86+o2TzULxLqELFa1j2hncs0F5br13apeuut8HamFbKjUFcnyCQcuH5XOsjLHDw9xE5jnHGNf0D13jwQDM/eINb7MHkMxcO7i0An5k5azux7WcZbuok7D2hBnz7OgITniFHcLOLA4QQu9j0H8S/ynX7PH3roFqVNdWPdX1FNUls/Fk3ZXpP/v5F7Gxs2kYeUvJA6/CeWPypsB24JG0LkG+WciMUT/z4sd0iD5d+Qc73kgY5ylLsMo1dNjTFu0FjziWtPe3o7ctnxcChPmU7f/f/ISM1dEi2PK/8gfSSKc3ne56cfUewEgoN/ibyYQFHnYxLW6s9iY/blGTRsOOiAXx4bj4RlUa3ypBuzjTI18g7CKCradDbh7kd1U268vC+eyRIWzCA+7V9QQ00M8YvkSEc1Lux4P9dGnscKxX0hyWFLsFkVfT+ss8/R29X2Q9evwGxk5dipJSOIYH51byF60/TLjyoh8n/fVk0L37Bx6fKpMP2A2cjdcKdAVYgVz2z8WXkrMDlT4Llsjn0G9U2YUywChGc/02ISsz+TEpUfXIbpO72l7cXjEX2x05zpoDTp68SXS/voeDQotRsCzXCEldDpUqODEQOuaEVDQQCk/5gMIdtIrHqJmyG8AyBTHlxBkMTl2+9lXtqwDMZVUdmYfLBbtWKNskNZzulfJcEyscdFnfhFFHaSJx/6bYWNVIiFdQ1uRv6NBPnWRo65+9eeXIU4854mXunHgSnFtWV2NYGwj+8hf0Ugu7W53HS4qmUIG/Xr81A5Fe33O6HmGksgto4joFlNhEek814A54+OqFYzj+fyutz3OHpCdFTJ1G8byHRbc5C/G9jW01ufossXrPg+6F6WodT599sXpn+btzcNVRzaYPgKTL5JZZ8rE
|
||
|
"deleted": false,
|
||
|
"disable_correlation": false,
|
||
|
"object_relation": "malware-sample",
|
||
|
"timestamp": "1527268718",
|
||
|
"to_ids": true,
|
||
|
"type": "malware-sample",
|
||
|
"uuid": "5a63186d-d724-48a1-9517-052c0a00020f",
|
||
|
"value": "dump|f846b2cfa37a5b5e9ea1208b597796fa"
|
||
|
},
|
||
|
{
|
||
|
"category": "Other",
|
||
|
"comment": "",
|
||
|
"deleted": false,
|
||
|
"disable_correlation": true,
|
||
|
"object_relation": "mimetype",
|
||
|
"timestamp": "1527268718",
|
||
|
"to_ids": false,
|
||
|
"type": "text",
|
||
|
"uuid": "5a63186d-650c-47bc-908d-052c0a00020f",
|
||
|
"value": "PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed"
|
||
|
},
|
||
|
{
|
||
|
"category": "Payload delivery",
|
||
|
"comment": "",
|
||
|
"deleted": false,
|
||
|
"disable_correlation": false,
|
||
|
"object_relation": "ssdeep",
|
||
|
"timestamp": "1527268718",
|
||
|
"to_ids": true,
|
||
|
"type": "ssdeep",
|
||
|
"uuid": "5a63186d-f330-4db4-83ba-052c0a00020f",
|
||
|
"value": "6144:zk4qm3IP3Ml6gDLTG3163kzHa5KK9RGLXnY2UrtfA6BxFPeiM93I3:I9zdgDLTtT5JLNbrt46B7e"
|
||
|
}
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"comment": "",
|
||
|
"deleted": false,
|
||
|
"description": "Paste or similar post from a website allowing to share privately or publicly posts.",
|
||
|
"meta-category": "misc",
|
||
|
"name": "paste",
|
||
|
"template_uuid": "cedc055c-78aa-49a4-bfd7-4cc30cecef12",
|
||
|
"template_version": "2",
|
||
|
"timestamp": "1527834129",
|
||
|
"uuid": "5a631973-1f04-4b1c-8357-04070a00020f",
|
||
|
"Attribute": [
|
||
|
{
|
||
|
"category": "Other",
|
||
|
"comment": "",
|
||
|
"deleted": false,
|
||
|
"disable_correlation": false,
|
||
|
"object_relation": "origin",
|
||
|
"timestamp": "1516444019",
|
||
|
"to_ids": false,
|
||
|
"type": "text",
|
||
|
"uuid": "5a631973-f38c-47ea-bfdd-04070a00020f",
|
||
|
"value": "pastebin.com_pro"
|
||
|
},
|
||
|
{
|
||
|
"category": "External analysis",
|
||
|
"comment": "",
|
||
|
"deleted": false,
|
||
|
"disable_correlation": false,
|
||
|
"object_relation": "url",
|
||
|
"timestamp": "1527834129",
|
||
|
"to_ids": false,
|
||
|
"type": "url",
|
||
|
"uuid": "5a631973-5000-4180-8ca8-04070a00020f",
|
||
|
"value": "https://pastebin.com/eMtm4Nxg"
|
||
|
},
|
||
|
{
|
||
|
"category": "Other",
|
||
|
"comment": "",
|
||
|
"deleted": false,
|
||
|
"disable_correlation": true,
|
||
|
"object_relation": "last-seen",
|
||
|
"timestamp": "1516444019",
|
||
|
"to_ids": false,
|
||
|
"type": "datetime",
|
||
|
"uuid": "5a631973-2cd4-4696-83a3-04070a00020f",
|
||
|
"value": "2017-12-01T00:00:00"
|
||
|
}
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"comment": "",
|
||
|
"deleted": false,
|
||
|
"description": "File object describing a file with meta-information",
|
||
|
"meta-category": "file",
|
||
|
"name": "file",
|
||
|
"template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215",
|
||
|
"template_version": "4",
|
||
|
"timestamp": "1516447011",
|
||
|
"uuid": "c05e8114-9477-413b-9961-d8f65ece230d",
|
||
|
"ObjectReference": [
|
||
|
{
|
||
|
"comment": "",
|
||
|
"object_uuid": "c05e8114-9477-413b-9961-d8f65ece230d",
|
||
|
"referenced_uuid": "4bde24be-c45a-46a7-9bb4-2132e7d55349",
|
||
|
"relationship_type": "derived-from",
|
||
|
"timestamp": "1621849582",
|
||
|
"uuid": "5a631ec5-3abc-488f-82de-04070a00020f"
|
||
|
}
|
||
|
],
|
||
|
"Attribute": [
|
||
|
{
|
||
|
"category": "Payload delivery",
|
||
|
"comment": "",
|
||
|
"deleted": false,
|
||
|
"disable_correlation": false,
|
||
|
"object_relation": "filename",
|
||
|
"timestamp": "1527268718",
|
||
|
"to_ids": true,
|
||
|
"type": "filename",
|
||
|
"uuid": "5a631e99-a5c8-47b8-a0d9-40ae0a00020f",
|
||
|
"value": "deupx"
|
||
|
},
|
||
|
{
|
||
|
"category": "Other",
|
||
|
"comment": "",
|
||
|
"deleted": false,
|
||
|
"disable_correlation": true,
|
||
|
"object_relation": "size-in-bytes",
|
||
|
"timestamp": "1527268718",
|
||
|
"to_ids": false,
|
||
|
"type": "size-in-bytes",
|
||
|
"uuid": "5a631e99-ae00-4dab-8b80-40ae0a00020f",
|
||
|
"value": "297472"
|
||
|
},
|
||
|
{
|
||
|
"category": "Other",
|
||
|
"comment": "",
|
||
|
"deleted": false,
|
||
|
"disable_correlation": true,
|
||
|
"object_relation": "entropy",
|
||
|
"timestamp": "1527268718",
|
||
|
"to_ids": false,
|
||
|
"type": "float",
|
||
|
"uuid": "5a631e99-fd0c-4808-a26e-40ae0a00020f",
|
||
|
"value": "7.81224124554"
|
||
|
},
|
||
|
{
|
||
|
"category": "Payload delivery",
|
||
|
"comment": "",
|
||
|
"deleted": false,
|
||
|
"disable_correlation": false,
|
||
|
"object_relation": "md5",
|
||
|
"timestamp": "1527268718",
|
||
|
"to_ids": true,
|
||
|
"type": "md5",
|
||
|
"uuid": "5a631e99-0f08-4f29-a2c7-40ae0a00020f",
|
||
|
"value": "39e762098466d4694d0bdc78aa2063c3"
|
||
|
},
|
||
|
{
|
||
|
"category": "Payload delivery",
|
||
|
"comment": "",
|
||
|
"deleted": false,
|
||
|
"disable_correlation": false,
|
||
|
"object_relation": "sha1",
|
||
|
"timestamp": "1527268718",
|
||
|
"to_ids": true,
|
||
|
"type": "sha1",
|
||
|
"uuid": "5a631e99-c7b8-47d6-beb0-40ae0a00020f",
|
||
|
"value": "33fec8df554c636bf2ef5c7cc2f9c7d2b7496b63"
|
||
|
},
|
||
|
{
|
||
|
"category": "Payload delivery",
|
||
|
"comment": "",
|
||
|
"deleted": false,
|
||
|
"disable_correlation": false,
|
||
|
"object_relation": "sha256",
|
||
|
"timestamp": "1527268718",
|
||
|
"to_ids": true,
|
||
|
"type": "sha256",
|
||
|
"uuid": "5a631e99-e970-4a32-a0a5-40ae0a00020f",
|
||
|
"value": "d9cb958f223912ff5462c3d3bea46ff58b1a468f9797094efee5b94ee6824b87"
|
||
|
},
|
||
|
{
|
||
|
"category": "Payload delivery",
|
||
|
"comment": "",
|
||
|
"deleted": false,
|
||
|
"disable_correlation": false,
|
||
|
"object_relation": "sha512",
|
||
|
"timestamp": "1527268718",
|
||
|
"to_ids": true,
|
||
|
"type": "sha512",
|
||
|
"uuid": "5a631e99-9a28-43f6-baed-40ae0a00020f",
|
||
|
"value": "8eaa971a51554d27616f7196d172239d780bcc2e39613b8e1c2b593fbc094dea03c9ca5c1360bec9d0da8aadcb1546e5eb600c5ec97e8c7c2f25ebc9962548a3"
|
||
|
},
|
||
|
{
|
||
|
"category": "Payload delivery",
|
||
|
"comment": "",
|
||
|
"data": "UEsDBBQACQAIAB1WNEySAe9/W/QDAACKBAAgABwAMzllNzYyMDk4NDY2ZDQ2OTRkMGJkYzc4YWEyMDYzYzNVVAkAA5keY1qZHmNadXgLAAEEIQAAAAQhAAAAif0qoHeiktKgRbDiJo/6qnuEd5fB3R4ur6idMaaiqZRuvjVguiF1BC26INdAYTPohrKz4HCllbhfCeCdTFukQRylTahVqVncwHssZ/nRTTcQFXQR0iljq6WgmhKga4TgsQ+xs3e+1B6tvB/V9+Y2qaitbkkUl7RIGWbGxOKHINsR3+Cx00HZggslLCPpeq6vJsm1QbnChceJpr63iDLkcbdI6MDoT8tHwuqxWgIuEeMU2yDSEmWQwbobQb9IKGxY58NuEPdBt7XW+qBa/3QWkZbAvzdn7/H7xuudGYeFK73xzpzIywLg/S4Z5OpNCzX3jIa2SeAGipVukBb/ySorPxqheNqc5lSdP50x1kNgPyxY8ct9aVyxqztjHOVLrmhq5RPfgkWFRPOfLmMy8dRXCZAd0j4D+qk1DESuBcZ/+7q09NKfRgV4ku+egahS2MnpBMutUyTH1mDGg93CPoce77bP6DDpi7L0oEhB/na0aSxP9GurgmRSt3pVnx6LvfVB8RAZ6e7wUOIpz1TiStkqs5F3XexLtBqe6O39cx8ETP4lInq/EcvXA5gIQKkp4xEpeq45a/wU00oH8MqtsvTEUj7RbyihO49M7Xxpjl4csQoeAVvgwlHLPo3Xd+lM0YjIgqWVFbWEVnh9SQdPcVlkBKYgkgdjAniMXmUZ/hu0Ip3856XSYEqon+GN57UObLbgOz+LwJzIKwmOacSirVaj6vQAT1PFu1axbNhJSElZMWswQdJ+984uaVSK+mkmLoVICl6hMlob8+NwTq0blpz1AL+7X7DcJaTEqhz+Mxx489VELuxuz/7Hxp0aIdGLDPWopSJVFXq713AaGqVZT30d4tMutLwZ9vgQ9YgPSi+x7WTJzEuzTyjPWSju0+nPJBMTC93JZROMGPczVWSTaa1I+7lrBMIJNRzUkMlPIs1H85gSlW13o+EVTtO3np3nWUOKHxc7t/CG1HMCUoIr3keg2q7Uc+8LPoYafdYs1PTMZUdDzT5kbqmj0W+LdQiqiemAFQJjpOqQ2f+q9wAahRj/2ugAPhXuaqutg2c0E5YC+yO5CbrRfvGPhVMEw0O7BUSKxnwe+Y+YbmSIKkI/splkx5OsdWFLTcSd1ew5v26BmTyRJH9B4LvFydIh3VS9p0o+dxxamTmt1vyyognFj7MfD0XvRp5GWowb0mnXiSVyIjQPR4tfC3V5HZCnCU7fphn+VPHxZsd2No9OmPpvscJQ4cCFgOfLwgToogr51b4Y9R5iavAdllPURsz0Dlb8Wrdjlh/G/AjJ8pQENVdoM3jMAvXaj1W3WHl6LXMQfRKQS4PCEpvFpl8tJicidtW6jnPLtT/Gy+ROW9m9esTflrKGLXZdf0YEi6i+VPiGhpn1TtSRUD0CbR+sBwEXJVi0hze1k6phRel+sIynApyiZdMROq1+QkCr6+l12FZ29Q/aBRhe3FN1MzI0DasvAtIODJa9eZC1zukDvdavPQ13ypjpM42l5/4gu+wY6ZtE/qNZrjdkxV1mdj0fTLKDM+Ud+IYoaUuauxCHsWoi8oIFL61bANfmDSj+zu5fpMqGloEvu5ej40wuFcTZNW2918FQ2QzvOgWIVqqanbsHM5khMF9LsClQSUVPQjk3D/onNpL0mlQQB0lxCThp/FxHUnFRnJxR2L7Gy+fayPe3vde0l+HfZCTzIF1xeJop7YJNToE6S3/g0Q6c1lk8UmpdFkrrKh2srZKT2sbDm+dEwo6f4BT/XUut6qm8f//Ev3zHdwPeJnMoVTjEgEqeCFhMCyxfAs0jckCLarHC6/P12M7dvZoaAKqOGBo7wuZcAoq38RB0X42G2FHXPy51VSqDmKQgX12iyUUoalsVNZVGo1Vzb5vIuC2DWMybtZpFoqJQn34j9qq4oCndKxCFatx1l6inVsGty32N9O17JJ9prOaHATOOh1i+hvTB46TMxe1TMRCyDTA2PFK/pqu3TxnUWqqXltjajajnCrRRQlPM4cLRXbALE1cbq1Zq/MRore3AGVQmTGfEBSskDQfbz1pdnWcVsk8KuCxb1lkcltWkHhhEd3Q9MH8J5SVy++lEonf49Ez4lRDACnT5TuFRW2sXSw9VijlGXTyILNopyoJdZQnxRvbpZ5nnT3l2IUsj7bQNnIr9+uTbisZxPSLgDZNodgAWZ5logEbKu2ifsTOVAoNs8EXwGxHmZQnpX2uc6KGaghKenqRlBoQJ5QxHsg66Npb2qK+kv6ZdqRz2H8kbYgdMbVgFe3WpAUlufRj7TchFJOmY5Kd3JV1CV8cKA3rKbUW/vM65IyxcDbyFJ39sj3wSeHNxEkMrZlrySDqrq0cetE1RzbjCyUBdbUgzMbOaMmkgBXjA1+gJiCz+XP2v9MYmT4eSisWSJyJOdhL6Gst89QueYFQP4RLWIwJBDBubYo4t+4mm8TXggbO/Ehrgn85gEqk0+2qO7AMOYQb2ysXDo5So7W2jScPyqhvWr5tn3XTQ9vKJQQ7Vewm4VIPCXPzmgT6c3+pvqkEwnZsLcJNUYztRKlU9I4a+edrSH5j4MKt2TtoWNchK8+ErTpBa0tZPdc5rMgDk4703UXNDgdVl4qCPGnBnsMDAQCkz3e4p0NmbGXj0WFUTJFvcpLlRZ9J7YsQ/JgVPBO5HMFgTxM94nz3sPTfqSLqf+UaOmX9Ls9ROZP3RIDlb/d6wCipojcJzKZbbQNdJ0e0sWrry2/NI4LSVLyEZC054YiLGIyniMxQcCk7EbTllleskz/8M8e8w0+GhLyDcs/YPP4AY9ovY03rFeJIxgMP1zYJPFweUjcIM/Xcih1S/Zv+XzElcqXeqt5eAPyZ0AZWhi2bRkf3pYrjNBFRNmS3a4C8ISd/01BpiUwTCtnYuppC7ffxctDviWlZQUwFSKN0zdq2h5+hLR8rsIVE5pDfx6sJFgCqoc/derqfICbB4UlWXWV7Q+CI9+7gdSc3CTclGqIjyQPzvfcPS/FK5Dy1TImOxsfguz6FJgwSUe/Sf/NrGte++6VyHmGIM2cP4RpJMWHTV3r72o3kqrOXrCX9RakyuUU0DzDukqCSyO9l+m7dumWwWXWdjwkmxCWkzqLs/6zjbo6zTZrTqseKClWl2Fesz29/LGjVCLXiw4vKicpoigmONIccoSs/fQ8g8+SolcHZE6TG8Tsy+/8axBUOkoJISKgL+AhfsXtEzX7RTK+7NcUOwusBfoJg6OaBTHcuxR+2F+ZgmVDbHSXwHS7Vf3yQ1Q/GlIC46zng7o9jDKsiLhtlYPe7kpu5v5AUd5Wf8+KCBtk64EYDFDwu+eWvMk0phV0PtnuzgH1f1fgVGBtx+nqL48+yc8BSznrm7rD1b+CCSXPkRGgIB0cFRNX2kqimQJj0j8Hg//W2omFvyp6esvDRkmRB1qnqHRo/fBEKipraRDOygThn7njWiInh/8W2KQD19InlrhNx7zCbaLaPaVYDQOKzbHSE9YJKerlCQLh5TN1L3/9Iwu+MkF5PNI2+1vYKGYyK80X4aIeT9ai8Zy05A+dl4Go0Y+wYiVGH/i5/OKaJvuWsV+GQhIKB6+5MaVmajzlzoyDh0rlx9VKrbhX73C6dYqDAHWVY3qE+uuQiFdJfw1nhuYIwa6ix2jt5rS+Zg/u1urXMuRTVR77gGaJAqhQH1X6lrbe3wYfEZqBrUzLm1Z7mopm1vIanKwb5b0OqVYroD/Arp0niKMuIJOZ4BZ/YMR7yHOZJsqVFnxKZ+ao/oar++9lFZys/0GSq6EncQ7XQFYalIluOAzByzm30kaXV47iFwz2Xo7fNfsTZkl+mhEg/ZJHo2CuZ0sEacCio9pd+28s1io0oqbRB7unlszbQXHLTFCkZupfTQr3IWDS6ldIYQ2SopugoNfnNfLopA+ZU50cbCh+rQUqgsOCYRZz7b0PmOlYQKYBCfmDpSqbRjcRlnzj2ng7KI7j
|
||
|
"deleted": false,
|
||
|
"disable_correlation": false,
|
||
|
"object_relation": "malware-sample",
|
||
|
"timestamp": "1527268718",
|
||
|
"to_ids": true,
|
||
|
"type": "malware-sample",
|
||
|
"uuid": "5a631e99-52f8-4bba-9661-40ae0a00020f",
|
||
|
"value": "deupx|39e762098466d4694d0bdc78aa2063c3"
|
||
|
},
|
||
|
{
|
||
|
"category": "Other",
|
||
|
"comment": "",
|
||
|
"deleted": false,
|
||
|
"disable_correlation": true,
|
||
|
"object_relation": "mimetype",
|
||
|
"timestamp": "1527268718",
|
||
|
"to_ids": false,
|
||
|
"type": "text",
|
||
|
"uuid": "5a631e99-0360-4679-8059-40ae0a00020f",
|
||
|
"value": "PE32 executable (GUI) Intel 80386, for MS Windows"
|
||
|
},
|
||
|
{
|
||
|
"category": "Payload delivery",
|
||
|
"comment": "",
|
||
|
"deleted": false,
|
||
|
"disable_correlation": false,
|
||
|
"object_relation": "ssdeep",
|
||
|
"timestamp": "1527268718",
|
||
|
"to_ids": true,
|
||
|
"type": "ssdeep",
|
||
|
"uuid": "5a631e99-9be8-46e3-9e73-40ae0a00020f",
|
||
|
"value": "6144:tmcD66R725JGmrpQsK3RD2u270jupCJsCxC:4cD661Z2zkPaCx"
|
||
|
}
|
||
|
]
|
||
|
}
|
||
|
]
|
||
|
}
|
||
|
}
|