misp-circl-feed/feeds/circl/misp/5af14f0e-3778-4a34-8cab-8659950d210f.json

1464 lines
343 KiB
JSON
Raw Normal View History

2023-04-21 13:25:09 +00:00
{
"Event": {
"analysis": "2",
"date": "2017-10-22",
"extends_uuid": "",
"info": "OSINT - \u00e2\u20ac\u0153Cyber Conflict\u00e2\u20ac\u009d Decoy Document Used In Real Cyber Conflict",
"publish_timestamp": "1525782559",
"published": true,
"threat_level_id": "3",
"timestamp": "1525782537",
"uuid": "5af14f0e-3778-4a34-8cab-8659950d210f",
"Orgc": {
"name": "CIRCL",
"uuid": "55f6ea5e-2c60-40e5-964f-47a8950d210f"
},
"Tag": [
{
"colour": "#0088cc",
"name": "misp-galaxy:mitre-enterprise-attack-intrusion-set=\"APT28\""
},
{
"colour": "#0088cc",
"name": "misp-galaxy:microsoft-activity-group=\"STRONTIUM\""
},
{
"colour": "#12e000",
"name": "misp-galaxy:threat-actor=\"Sofacy\""
},
{
"colour": "#0088cc",
"name": "misp-galaxy:tool=\"GAMEFISH\""
},
{
"colour": "#0088cc",
"name": "misp-galaxy:mitre-enterprise-attack-malware=\"JHUHUGIT\""
},
{
"colour": "#0088cc",
"name": "misp-galaxy:mitre-enterprise-attack-malware=\"JHUHUGIT - S0044\""
},
{
"colour": "#0088cc",
"name": "misp-galaxy:mitre-mobile-attack-intrusion-set=\"APT28 - G0007\""
},
{
"colour": "#ffffff",
"name": "tlp:white"
},
{
"colour": "#00223b",
"name": "osint:source-type=\"blog-post\""
},
{
"colour": "#9d0055",
"name": "workflow:todo=\"add-tagging\""
}
],
"Attribute": [
{
"category": "External analysis",
"comment": "",
"deleted": false,
"disable_correlation": false,
"timestamp": "1525782516",
"to_ids": false,
"type": "link",
"uuid": "5af14f39-0310-4038-8195-89ee950d210f",
"value": "https://blog.talosintelligence.com/2017/10/cyber-conflict-decoy-document.html",
"Tag": [
{
"colour": "#00223b",
"name": "osint:source-type=\"blog-post\""
}
]
},
{
"category": "External analysis",
"comment": "",
"deleted": false,
"disable_correlation": false,
"timestamp": "1525782519",
"to_ids": false,
"type": "text",
"uuid": "5af16d3e-86f0-4bf2-b3a5-4e4b950d210f",
"value": "Cisco Talos discovered a new malicious campaign from the well known actor Group 74 (aka Tsar Team, Sofacy, APT28, Fancy Bear\u00e2\u20ac\u00a6). Ironically the decoy document is a deceptive flyer relating to the Cyber Conflict U.S. conference. CyCon US is a collaborative effort between the Army Cyber Institute at the United States Military Academy and the NATO Cooperative Cyber Military Academy and the NATO Cooperative Cyber Defence Centre of Excellence. Due to the nature of this document, we assume that this campaign targets people with an interest in cyber security. Unlike previous campaigns from this actor, the flyer does not contain an Office exploit or a 0-day, it simply contains a malicious Visual Basic for Applications (VBA) macro.",
"Tag": [
{
"colour": "#00223b",
"name": "osint:source-type=\"blog-post\""
}
]
},
{
"category": "External analysis",
"comment": "decoy document page 1",
"data": "iVBORw0KGgoAAAANSUhEUgAABAIAAAK+CAIAAAC3mivWAAAAA3NCSVQICAjb4U/gAAAAX3pUWHRSYXcgcHJvZmlsZSB0eXBlIEFQUDEAAAiZ40pPzUstykxWKCjKT8vMSeVSAANjEy4TSxNLo0QDAwMLAwgwNDAwNgSSRkC2OVQo0QAFmJibpQGhuVmymSmIzwUAT7oVaBst2IwAACAASURBVHic7J15YBPF/sC/s0nvK0ApLVdTLrkpIHIINKAo6u9BQVDg6aOoIKhIUVBRkCKIKCp4PEEOLR6AglKoj0OlTaFKAaUph9yQlhbaQmHTM+fO749NtmmOzWaTtmmZz+PV3dk5vrM7u/l+Z74zg8rLywEAADSV1UAgEAgEAoFAIBDuAqSeJGYYLCQaRSFPSiEQCAQCgUAgEAjepY4Z8MWP59KUhdVak8tkGFsZADxKfl0zASHx9kBwoCRR0f6FJ7pbBzIMc/168R1aIzrb+qaFLKJt22iKohpbEAKBQCAQCAQCoZZaM+Cz7ed+/C2/95gHdEYK83bz115FdaLVMQ0cKvy4TigSPEqAKBQgZbYdOGhiYO4UsyXAMEzR9WKa1jwyRiEwn4Zn329KDNCOWAIEAoFAIBAIBF8CcXMDBv57dxfFKF2N0aQ3Ygy2PfkWLOMAVlex1YAAG+zstG7R5v+4HiJACIHEXxoQJL2kzMz4cgwbajKZ/jl7wZdtAJZ9vyl79ugmkUgaWxACgUAgEAgEAsFM7WiA3sDo9EZ9jdZkMNbp2LfC1gbAAAhxkW3S2Gr3XEzkIJYLYwAhiUkKkkC9geHCGIbhSeFTMAxDzAACgUAgEAgEQn3zT37V3xcr8kv1BaUlANAxKiQ2Kmhg15Y9YyNsYtaZG8AY9IxRzxgMzvLFGNexAVgcqvcA2DoKqnuCsVVsQZYAQgxjqONX07TMgMYWgUAgEAgEAoHQnCml9Qf+un34dHmbluEQ6N+mUwcA0Gnh2BU4/PeFEf0iHx4cE9UikItfxwwwmYwmo95kdGwG1BkKwAgQBkAYs/7+CAN24EbEXgOzEcAaCwhYG6COZQAuBwQobDLVkRY7GbLwQZqQqAQCgUAgEAiEJkcprd/1x63CMuqeTuEAMgCQRwMAqItpkAHIOhwroG9pC6cmtI+2WAJ1RwNcmwEYABBG2KL2I9YAYEcErByEajEPBLCKP7akRgDYZowA+C0BCjMmfxuBBN0VX6AJiUogEAgEAoFAaGoc+Ot2YRklk8kAIL47JA6RWa7IlCo6LYeWyWRXSuk9R2/MGhvHXrAZDTCYjAajUe8wd4sZYOnct+jwnBFQZ65wbTJzTIRYQ8FCrXUAYB5JQLxmAJhMdewTR6MPPkoTEpVAIBAIBAKB0LT4J7/q8OnyezqFAwAEmm0AlRpU5+gkhUwRL1OrQVVMywJlB/OuDbmnZd+4CACo422PGSOD9QxT5x9mDLb/TAbMGBiTAZsMDGNkDNpTGx86vXHM6U1jTm8cYzLoTHrd6Y1jTHqdyaA7vWkMY9BhxsiYjJhNYjJgkwEbDZgxYKMBTAZsMtqXYiMGg/WYMYq+O/+a9DTPqU8xZfLj7D9v5eaVfHjy967AUJ8y+87d8O4d8wUcVoenjtwl+wOfQlwL95G62IvBhviIeAQCgUDgYeeuPXNfeWPnrj1CIv99saJNS7MvULwcAEClhtT9apWaVp6jAUAuB9ACAPgHheWcv82mcnsXYcR6uCDzngEIg8lkAoDYid8ioJBUEhAQDIA6T/3JT+qPMQMAJqNR6i8B1h8IMEKAkdl/yNoriMCyfcdPUyY/vn3HT40tiFA4UZuW2PWEkLvRXG+UTb34dU37O+Cz90REC/fZurD4uHgEAoFA2LlrT9bhP7d+tW7aM3MAYNKEcfzx80v1EGh2nledo5XnaFbpB4B4uXlkAABoAFkgXCmoYS/VjgYghDBmGBNmTIz1P5PJZGJMJsbE2IAZBjCDTawZQPn5SwODpP4BiEIY4cvbHscIsyvksNFNRuPprx858/WjRpMRMwzDYIwZBjOMicFWubJlmdgC6/zDGDOe7EPsjH9Nepr95zDE5pLDkPqD67qz0ahsQuxPrQMbuOPZYdepwy5VgYLZJLSvqcNCHd4Q4YV6F3v5bUKcSctz1dkddpjKYUhDwv+AbEJc1lFEK/I6/G3SmYT8TdTrsH0K1qWwBoCPiEcgEAgEh3A2AABs/Wpd1uE/XY4JFJSWgHneL02DueNfLpOtnS2XySBNSavVNG2OK7t6o4o9qjtFmMEMZhjMIM7Hn/1v7RJBtQv+ADsbAGN2/uvVH55kU3Sfno5NJgBgTCaurx9j5tw342If34oA1D9N6/Gf3SCRAMZczhgwAMa4tmSrhUkxADCYYRjsYO6BYBzq7v+a9HT6zm/tj9kDLoTnoL6x/uW2OXAWgSdyA8Avg7XCIVBCl32xDivuMJ9G6Ya3qamNGAIfn/CrQiLUE9ZVYw+4x+1uh7rLO+BWbl5H+I1txDdRCD4uHoFAINyFWNsALMLHBKxtAABITpQBwNo0iw1gDqe52LVmAEIIA2CMLLq2ZTl/y2UMmF3Nx7xrGOvQQyGQSACgfeI3lERCSaQBAUFcDpjtvEcUO2KQ/9M0NjMTZiRIanEsYstgAANmZwmzmxgja0uAFQyQB3aAtdbuSXd+A88rcOg7Ya/2uUxVfzhU9dxK6FZMrvq+qbjY3w1wVVP+xyfu4dqk8oXb5VaPsnDfmwaol8tnyt8meWI2QEt2WUrjikcgEAgEG6xtgGnPzOHGBKY9M4fHDOgYFaLTAh1YawMAAK0FtRrq2gBAayEuJoQ9thoNYJf0RKh2OR/WBQchy0UErFc/WELN+wgjAAgIDpJK/IFClEQKBgMAIAohjNkDNr8OE7+jEACiAkNCEUUhdrVRDAhhAApjQMBaAZbVRXHt6AMg5GIpoYaiYQYB+LH5bW7cH2mb0h06HghJ6AzhGfoCDkUVONwh4qrwVA2jz3EjAKJbhbgS67VeIp6puJiNgo+LRyAQCHct056ZkzBiGGcJ8BMbFXTsCsii6wSmpKrBuvMfAIAGLXSKC2JP6o4GIAAEmO3p57T+2lEBjBDCrNqPEaaAYlf5lFAAIPUP8AsIAgDAwDAmAEBSCmEEAJREwqryAcHBUqkUEEX5SRCSmGcJY3ZcgbFMPraMBmAECGPLcqSAACMAqvHNAIJoGsuHu+ELJX2o9UdjWYPkmRIIBAKhAWBVf/aA7f7nTnlSDeza8vDfF0DWoTZIC2uT5QCQtEptCaJBC/qaiiE9Y9jzOmYAQhJAEoQk5m55c6DZJrCMAiCz/5D5AjBGKQBQEqlEKmWnDUgYIwBQlJ85Z4kUIdRl2s+Xtk5kQ3rP/h1REku/PwMMooDBGFGsxs9utoUxxhghMG9UjCQISbw+GpC+81vOyUdIN7+78UXATTHkWWcGrPrwHHpgczjrna0/bGYl2shgLSqP2NYyO8uQ/w7wF9qQjvICH5CIq86i2adqyDbgsBT7hygiW/sH2iht2+EddmYk8MdsyCEal8+lscQjEAgEgjWTJoyzdv6xOXVGz9iIEf0ijxXQ7PZhrAsQXWcggAYt0Fp4YEBk384RbBAqLy9nj/o/9UtEj27a8gqj3mBW/5G1GcDuAQYIIcpiJWAEFCCDXquvqfYPDvHzDwQABGDQ63Q1VQFBIRjAUFPlFxQikUqNep2+upphGImfJCAoTCr1Y1iXIEAYmNodii2A2RAA9v9Sf7/AsLDy8xcy141mBa6pqb50Of+RMQqPbnb9s+83ZZfOsUFBwY0tiE/gLa2CaCd3M+TpEwgEAoFgQ+kd7fdZhVdKjbJAGXC+QNy0YC3QWhgQJ536QPvoluZFhaxHAwABBUhqdvyx2ACIQgiB5X8YUQgBohCF2XkCiPKXUH7SQMpfQlESc1aUxM8vgJJSgJG/NICSSiiKkvpJ/fz8McMAkkj9/ICiKLa/HxADjPnQrPpjzADGGCGzGYAZDEiKEOXJFGFCY2EzB9EruREt8G7Du62IQCAQCIRmRlSLwKkJ7fccvXEw75p/UJgsEABkADStBdYX6I
"deleted": false,
"disable_correlation": false,
"timestamp": "1525782519",
"to_ids": false,
"type": "attachment",
"uuid": "5af17136-817c-464f-9279-4311950d210f",
"value": "screen1.png"
},
{
"category": "External analysis",
"comment": "decoy document page 2",
"data": "iVBORw0KGgoAAAANSUhEUgAABAMAAAK/CAIAAACTBJNNAAAAA3NCSVQICAjb4U/gAAAAX3pUWHRSYXcgcHJvZmlsZSB0eXBlIEFQUDEAAAiZ40pPzUstykxWKCjKT8vMSeVSAANjEy4TSxNLo0QDAwMLAwgwNDAwNgSSRkC2OVQo0QAFmJibpQGhuVmymSmIzwUAT7oVaBst2IwAACAASURBVHic7J15YBPF/sC/s0nvK0ApLVdTLrkpIHIItOBDUX8PCoICTx9FBUFFioKKghRBxOuBxxPk0OIBKCiF+jhU2hSqFFCacsgNaWmhFAqbnjl3fn9sst3m2OwmaZuW+Txe3Z2d4zu7M5Pvd05UXl4OANrKaiAQCAQCgUAgEAh3B+1j2sjdDswwWIw3ikJuJ0EgEAgEAoFAIBDqiVpL4PMfzqariqp1ZpdhMObZAAJ6fl1LASH3TYLgQFlSYvvnH+/Od2QY5tq1kju01u1o65sWioi2baMpimpsQQgEAoFAIBAIBFsslsCn287+8GtB7zEP6E0UFuzsr32K6nirYx041PlxHVckeqwAUShAzmzdf8DMwNwpFmOAYZjiayU0rX14TKLIeBqevb+qMEA7YgwQCAQCgUAgEHwPxK4TGPivXV0SR+lrTGaDCWOw7c+3Yh0N4D3FvGEB1tnZbd10Lf9xPVCAEAKZvzwgSH5RlZX5xRjW1Ww2/33mvC+bASx7f1X17NFNJpM1tiAEAoFAIBAIBEIttesEDEZGbzAZanRmo6lO9z4PWzMAAyDEebYJY6vgcz6RA18u7AGEZGY5yAINRoZzYxhGIIRPwTAMsQQIBAKBQCAQCPXN3wVVf12oKCg1FJbeAICOUSGxUUEDu7bsGRvh0H/tOgHGaGBMBsZodBY1xriOGcDiUMMHwHwvqO4NxjzfoowBhBjGWGeCTdOyBBpbBAKBQCAQCARCc6aUNuz/8/ahU+VtWoZDoH+bTh0AQK+Do5fh0F/nR/SLfGhwTFSLQJtQtZaA2Wwymwxmk2NLoM6AAEaAMADCmJ37jzBgB/OJ2GdgsQNYewEBawbUMQ7A5bAAhc3mOtscYScDFz5IExKVQCAQCAQCgdDkKKUNO3+/VVRG3dMpHEABAMpoAABNCQ0KAEWHo4X0LV3R1IT20XWNAd6YgGtLAAMAwghbNX/E2gDsuABvplAtluEAVvfH1tAIANuMFICwMUBhxuxvI5Drt+IjNCFRCQQCgUAgEAhNjf1/3i4qoxQKBQDEd4ekIQrrE4VKTafn0gqF4nIpvfvI9Vlj4/gB+WMCRrPJaDIZHCZgtQSsXfxWNZ6zA+osHa4NZvGJEGsrWKk1EAAs4wlI0BIAs7mOieJoDMJHaUKiEggEAoFAIBCaFn8XVB06VX5Pp3AAgECLGaDWgPosnZyoSIxXaDSgLqEVgYoD+VeH3NOyb1ztmoHayfeYMTHYwDB1/mHGaPvPbMSMkTEbsdnIMCbGqDu54cFTG8ac2jjm1IYxZqPebNCf2jDGbNCbjfpTG8cwRj1mTIzZhNkgZiM2G7HJiBkjNhnBbMRmk30qNmIw2IAZk9sv6J+TnhK49SmmTH6M/eet2LwSj0D83hUY6lNm33kb3n1jvoDD7AjkkXtkf+FTuFfCfSQv9mKwLj4iHoFAIBAE2LFz99yXX9+xc7cYz39dqGjT0jIpKF4JAKDWQNo+jVpDq87SAKBUAugAAPyDwnLP3eaHlXbGMGKnuiDLWQIIg9lsBoDYid8goJBcFhAQDIA6T/3RT+6PMQMAZpNJ7i8DdmIQYIQAI8tEIv70IALLtu0/Tpn82LbtPza2IGLhRG1aYtcTYt5Gc31RNvkSVjft34DPvhM3SrjP5oXFx8UjEAgEwo6du7MP/bHly7XTnp4DAJMmjBP2X1BqgEDLLHr1WVp1lmb1fgCIV1rGBwCABlAEwuXCGn5Yy5gAQghjhjFjxszw/5nNZjNjNjNmxgbMMIAZbGYtAcrPXx4YJPcPQBTCCF/a+hhGmN0zh/VuNplOffXw6a8eMZlNmGEYBmPMMJhhzAzmxcqmZWYTrPMPY8x4ckqxM/456Sn2n0MXm0cOXeoPrgPPRqmycbG/5Ts2cPezww5Uhx2rIgWzCWifU4eJOnwh4hP1Lvby27g4k1bgqbM37DCUQ5eGRPgD2bi4zKMbpcjrCJdJZxIKF1Gvw3Yr8FNhbQAfEY9AIBAIDuHMAADY8uXa7EN/uBwZKCy9AZZlwDQNlu5/pUKxZrZSoYB0Fa3R0LTFr+LK9Sp+WN6KYQYzmGEwg7j5/ux/azcNqt0CCNiVARizy2GvfP8EG6L79AxsNgMAYzZzPf4YM2e/Hhf72BYEoPlxWo9/7wKZDDDmYsaAATDGtSnzdivFAMBghmGwg3UIonGovv9z0lMZO76xv2YvOBeBi/qG/+Ntc+HMg4DnBkBYBr7OIVJClz2yDjPuMJ5G6Yy3yamNGCI/n/inYjzUE/yssRfc55bare7yDUiKzeuIf7GNWBPF4OPiEQgEwl0I3wxgET8ywDcDACAlSQEAa9KtZoDFnbYJY7EEEEIYAGNkVbet2/xbH2PA7P4+lgPF2Jk9FAKZDADaJ31NyWSUTB4QEMTFgNkufESx4wYFP05jIzNjRobk1hlGbBoMYMDsomH2iGPENwZYwQB5YArwFXdPOvUbeI2Bw0kU9pqfy1D1h0NtT1JAST657Pum7mL/NsBVToU/n3sf1yaUL7wuSf3K4ifhNEC+XH5T4TIp4LMBSrLLVBpXPAKBQCDYwDcDpj09hxsZmPb0HAFLoGNUiF4HdGCtGQAAtA40GqhrBgCtg7iYEH5Y65gAu88nQrUb/LBzcRCyPkTAzvAHq6vllGEEAAHBQXKZP1CIksnBaAQARCGEMXvBxtdh4rcUAkBUYEgooijEbkGKASEMQGEMCFhDwLrlKK4dgwCEXGwu1FA0zFCAMDY/z437O22TusMZCGICOkN8hL6AQ1FFDnq48VR8qIZR6bhxALdLhXsp1mu+3Pim7vlsFHxcPAKBQLhrmfb0nIQRwzhjQJjYqKCjl0ERXccxNU0DtkMANOigU1wQ34k3JoAAEGC2v59T/GvHBjBCCLOaP0aYAord+lNGAYDcP8AvIAgAAAPDmAEAySmEEQBQMhmrzQcEB8vlckAU5SdDSGZZNIzZ0QXGuhbZOiaAESCMrXuUAgKMAKjGtwQIbtNY87kbPlHSk1p/NJZBSL4pgUAgEBoAVvtnL9hBAO5WINTAri0P/XUeFB1qnXSwJkUJAMmrNFYnGnRgqKkY0jOGH7bWEkBIBkiGkMzSOW9xtJgF1rEAZJlIZHkAjEkOAJRMLpPL2SUEMsYEABTlZ4lZJkcIdZn208UtE1mX3rN/Q5TM2vvPAIMoYDBGFKv0s+dwYYwxRggsxxgjGUIyr48JZOz4hpvtI6azX6p/N+BWHArsPAO8njyHs7E5nPXR1h82ixRtZOCLKiA2X2ZnEQq/AeFEG3LSvMgP5MZTZ97sQzVkGXCYiv1HdCNa+w/aKGXb4Rt2ZicI+2zIgRqX36WxxCMQCAQCn0kTxvFnAdncOqNnbMSIfpFHC2n2ZDF2LhBdZziABh3QOnhgQGTfzhH8B6i8vBwA+j/5c0SPbrryCpPBaLEAEN8SYI8HA4QQZTUUMAIKkNGgM9RU+weH+PkHAgACMBr0+pqqgKAQDGCsqfILCpHJ5SaD3lBdzTCMzE8WEBQml/sx7NwgQBiY2vOLrYDFFgD2/3J/v8CwsPJz57PWjmblrqmpvnip4OExie6/7AZh76+qLp1jg4KCG1sQn8BbigVRUO5myNcnEAgEAsGG0ju677KLLpeaFIEK4CYFcauEdUDrYECcfOoD7aNbBnKh2se04cYEAAEFSG6ZAWQ1AxCFEALr/zCiEAJEIQqzawYQ5S+j/OSBlL+MomSWqCiZn18AJacAI395ACWXURQl95P7+fljhgEkk/v5AUVRbK8/IAYYy6VF+8eYAYwxQhZLADMYkBwhypMVw4TGwmZJoldiI4rg3YZ3SxGBQCAQCM2MqBaBUxPa7z5y/UD+Vf+gMEUgACgAaF
"deleted": false,
"disable_correlation": false,
"timestamp": "1525782518",
"to_ids": false,
"type": "attachment",
"uuid": "5af17145-c94c-4497-951b-411b950d210f",
"value": "screen2.png"
},
{
"category": "External analysis",
"comment": "VBA hidden in decoy document page",
"data": "iVBORw0KGgoAAAANSUhEUgAAA3wAAATxCAIAAADr/wb9AAAAA3NCSVQICAjb4U/gAAAAX3pUWHRSYXcgcHJvZmlsZSB0eXBlIEFQUDEAAAiZ40pPzUstykxWKCjKT8vMSeVSAANjEy4TSxNLo0QDAwMLAwgwNDAwNgSSRkC2OVQo0QAFmJibpQGhuVmymSmIzwUAT7oVaBst2IwAACAASURBVHic7N27dqrO28Dx4bf+l4IpXF4BXAGmsbK1gxKbdJZ2aaDUzpYqTaB+C7wCV4oM98JbcBqOHiIxO/l+mr0VmROIT54ZRUvTVAAAAABj+u/RDQAAAMDvR9AJAACA0d0edEaOpmmaE92xMb9I4puak9Qem37S/3oAAIBfrQo6E98xtYzp+M7ZcNLapaF9S5V+Uc21MettgVsS1Tr2PYFf9LoW3otePaG7m9n6lQgdAAD8UUXQGTmrj0WcpmmapnIjgv14VbpxmqapZxie5522/ngVCSFE5EzmwXQjy45NviHhmPjbvb1x9dqT1ou935LsBAAAf1MedCafp+PpM8lCIt3abfIcZuKbmqblcVqS5yjr6ckqQ3pFHjHxA7F0XXcpgnKfoboS39S0yfp4XE+KJGkteIx8xyxaYTpRWaQzP3kydi296FgcztavUZ5tdaKoJwlaPV/bki0pMB2lyx3Jy+Q9ONoLq/m0vrCPwTtRJwAA+IvyoFN3Y7n8WK2KUOpzIXdW/rxniPJFaXNKfT9ficUhy5AeFmJ1WR4xel3PNq4QQp10HqpLd+M0lZ5heFnOMk3TuMwkRo759vQS53na+LB4W2WxYPJ+MpbNhOPC3r9FbpyGtthv3xaHvMD4pWq877wVfUrTNH55es3jTmuXSs84nj6mhzRNUymXp3k77JQfR2M6afd6MjWOwfsFwwMAAPDbVGs6dXeXx23ysPiYTy5bbmmHZR5R6NaFCxejt5P3kmUCrRfv9Pa1pY7R22n5YlWhpW7tlqeLJrLtzc7Six11dzML3hMhEj/Y7+dlRlXTJvP9Xg0WjeUui2R1/WnWUezn6Qu9AQAA+I3yoLP2FR1dt1484/R5U4GdOb6axN/uq2nyyfo42lJH/Xl2DBplR2/7jqnv3PFDCiGEUBKqZV718mo7I1EAAIC/rMx0HtcrPynXQr4HYvmc/V9/mhVLEZPId7b1rxjt56ZfLKFMfGd7Wj7Xp7NbktdgFtYCunBWLHUcrksIIfKoMIl8U8t/k8hazILXqAotk8gJZtnXePRdOFtPyhYmkWPOyySrEPutE1V99rfZJt3dzIJVtTBUJJGjmVd84WkyNYrotUZ+HI1iVAEAAP6WLO7zDMPz7GJBpTBsNSysVloadujZQghhePmTdijL/Qy7lSBsqEoSeQ3Vss0su9hdVxme2tVWTyqVhVXjDcMO1WZIdZuyKbSHGh/WRqPYVLbW8GTzUaObdj2wTtNU2h0ZVAAAgD9BS//qvdcjR3tbpLu+mfYvF76dylj9ElPkaNvpVdP0AAAAvwa3wRyF9eKJ9WvtjkTbk3cg4gQAAH/UH810+qa2Pmb/Nbx6RhIAAAB390eDTgAAAHwnptcBAAAwOoJOAAAAjI6gEwAAAKMj6AQAAMDoCDoBAAAwOoJOAAAAjO7bg87I0dquubP5HSW+afrJ+dcBAADga7496LR2qfQMw6vuxKnckB0AAAC/0iOn11uJxiIL6kTNB9lWs0qNOvUMZaJsNB3H1JxIiMQ3NU3Lq8gelMUlvqlpk/XxuJ5U6dZEaUl/XQAAALjWg4LO41rTtEl2J0rdjePspuTWToa2IYrEpyEMO5Q7SwghhO+8LQ5ldjR+eXotY8HEN1fKxsNimj2vu3GVRdXdOE1DW6gPpWcYnizLLG+GOVAXAAAAbvCgoNPwuufVdWsXy42Ya5o2Py1lvLOyQDDxg/1+XiYlNW0y3++D92yn90AsXyy9KsON0zxUvcVgXQAAALjBI6fXdTeusoulRL7thWEYQnxINb2o5CTL1ORYLfvOugAAAP6AH/GTSeXaziRyzMlWhDKOY7kR24npRIkQQujuZhas8gf5K8vvvD8vRbDylU2+UxSoP82OwXtSPL3dt+r+kMVOpqY5ybm6AAAAcIv0m1XLKlWGJ5VNdpg2H6VpmoaeXc7HG3YtGSnVTYYdSmVLuUTUDj27rKxojaEUqJQ4UBcAAACupaVpeq/4FQAAAOj0I6bXAQAA8LsRdAIAAGB0BJ0AAAAYHUEnAAAARkfQCQAAgNERdAIAAGB0BJ0AAAAYHUEnAAAARne/oDNyNE3TnOhuBX5T2QAAABjdf0IUMV3DtXcbt3Y9t7jskPiOWVTj+M7ZcPKasgEAAPDj/CeEENYulZ5heNXdMas7lo8gclYfizivaCOC/XhVAQAA4CdoTq8nvmn6SfU4S4KaTpmaNGtZyVrKMvq8qMrk83Q8fSZZJbq129hl1Zqm5bVnD5pT6onSDLWVAAAA+NGUoPO41jRtsj4KIYTuxrErRJEEPZ4+poc0TVMpl6d5EQgmvrkSi0OeHD0s3i7LWepuLJcfq1URPX4u5M7Kny8TrLobp80p9f28qu6wECuTuBMAAODfoASdhtc7r24sd64uhBC6/jQrnkzeg9nGtfT8oZKzPEt3d3E2vy4Pi4/55LKvCNlhXFanW+5mtn7lq0UAAAD/gub0uu7Gsat3vvReahP4um69eMbpson5JmM6uVurAAAAMJ7en0xqrO3soD8vT1s/Kl6URM72wq8EHdcrPyn3ew/E8jkv8ml2DN6zRZ2R3yxvPzfL6hLf2Z6Wz+OGxwAAALiP4ieTJuvjca3+YlK2trPaZPqJEJGjzfdiP88e6W58EG/52kxt9bZY2tm2c5Ua3vJjNSn2+9hUuVXrxRPriaZp2mT7UZaX+KY23ws7rKpbfUwPY6dkAQAAcCdamqaPbgMAAAB+OW6DCQAAgNERdAIAAGB0BJ0AAAAYHUEnAAAARkfQCQAAgNERdAIAAGB0BJ0AAAAYHUEnAAAARkfQCQAAgNERdAIAAGB0BJ0AAAAYHUEnAAAARkfQCQAAgNERdAIAAGB0BJ0AAAAYHUEnAAAARkfQCQAAgNERdAIAAGB0BJ0AAAAYHUEnAAAARkfQCQAAgNERdAIAAGB0BJ0AAAAYHUEnAAAARkfQCQAAgNHdI+iMHE1zojsU9NsxUAAA4K8i04k7iRxN+7FBdRI5ppZptzByhhqe+KbmJNULv7+L1zY+8U3TT76vfT+LcryKx394NADgJ8mDzuzTtGI6V1ymrV2a7qw7Nei+HxHNfvV9ct/JmcbfdaB6W/CFI/kl1i4N7fMvax+S0UOCyNEmW7GRMk3T1hFIfHN+Moz+nV/XwnvRhRAXd/Gubmi87m5m69frTnL1vLnD++MLR/mLVwD1eAkhbhsNAMAY8qAz+zS1wzR3WHysfmjO6irNfqXp90cN30p348aRnAaTH5XosXap9AzDqw7IMpiMea5FzvzkyXhn6Xp7Y+Kv1sI7bGY9Oyf+dm9v3I49v8eNjbde7P32qqPuxmmapp5heJ532vq3tzhvwHcf5Vzn8bp+NAAAY+iZXtetxWz/FglR5c6cqJzlM50ou4JXebXW/F6VNamSHvmLEt8xi+2m40eJutdkfTyuJ13pkWqO8bb8nZpAyRqYP656mNeT11DUZzY6pzTEdBwz22+48X0DlVVYjYdZDu3ZZlxId+OwSvQMjWF3vwZamHXMqQ5l9Fnr1mXHKxFCGNOJUl7XudHVQGV8B+qK3vqjxsRfrWdh3B9TJu/B0V60ktOJclCUyn5Q4/WFfQzer3yPJH4glq7rLkUwfGpc/1dM7Sjnb4a8lOL64ERfvwL0HK+bRgMAcHdqBrDKj8lGfjC0hRCG4YUy7dBMJmZF2Eb5pPQMw6t2lbL8v/Qa+zZeWvJsW61chrbd9bLOxhVqBTcqqnffM4SRly+lZ4haT5SGyFDd2Nv4zkqKp9TyUhnWh62nGed63D2kA2M40K/+FkpPPSVkaBuirHnoeEmvNiFcL7733AhtYXjFVhna1VCfqcvw0tA28qrqh7zqY/fYZnU2nhGi6r
"deleted": false,
"disable_correlation": false,
"timestamp": "1525782518",
"to_ids": false,
"type": "attachment",
"uuid": "5af1715d-0250-4124-81df-bc75950d210f",
"value": "screen3.png"
},
{
"category": "Persistence mechanism",
"comment": "execute the netwf.bat file",
"deleted": false,
"disable_correlation": false,
"timestamp": "1525782518",
"to_ids": false,
"type": "regkey",
"uuid": "5af173ac-a6d4-4f96-b4ac-5a17950d210f",
"value": "HKCU\\Environment\\UserInitMprLogonScript"
},
{
"category": "Artifacts dropped",
"comment": "",
"deleted": false,
"disable_correlation": false,
"timestamp": "1525782517",
"to_ids": false,
"type": "mutex",
"uuid": "5af1754a-aa0c-46de-a87a-45e5950d210f",
"value": "FG00nxojVs4gLBnwKc7HhmdK0h"
},
{
"category": "Network activity",
"comment": "C2",
"deleted": false,
"disable_correlation": false,
"timestamp": "1525782517",
"to_ids": true,
"type": "domain",
"uuid": "5af1764b-e398-4941-83b0-423d950d210f",
"value": "myinvestgroup.com"
}
],
"Object": [
{
"comment": "payload",
"deleted": false,
"description": "File object describing a file with meta-information",
"meta-category": "file",
"name": "file",
"template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215",
"template_version": "11",
"timestamp": "1525772938",
"uuid": "5af17259-2c04-4ffc-9fb7-4848950d210f",
"Attribute": [
{
"category": "Payload delivery",
"comment": "",
"deleted": false,
"disable_correlation": true,
"object_relation": "filename",
"timestamp": "1525772938",
"to_ids": true,
"type": "filename",
"uuid": "5af17259-12f0-434c-8bef-4b44950d210f",
"value": "netwf.bat"
},
{
"category": "Other",
"comment": "",
"deleted": false,
"disable_correlation": true,
"object_relation": "state",
"timestamp": "1525772938",
"to_ids": false,
"type": "text",
"uuid": "5af1725a-acc4-4365-97cd-49b8950d210f",
"value": "Malicious"
}
]
},
{
"comment": "",
"deleted": false,
"description": "File object describing a file with meta-information",
"meta-category": "file",
"name": "file",
"template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215",
"template_version": "11",
"timestamp": "1525772966",
"uuid": "5af17269-f3bc-4264-bd4c-4391950d210f",
"ObjectReference": [
{
"comment": "",
"object_uuid": "5af17269-f3bc-4264-bd4c-4391950d210f",
"referenced_uuid": "5af17259-2c04-4ffc-9fb7-4848950d210f",
"relationship_type": "executed-by",
"timestamp": "1525772963",
"uuid": "5af172a3-d21c-4cef-aa5f-4241950d210f"
}
],
"Attribute": [
{
"category": "Payload delivery",
"comment": "",
"deleted": false,
"disable_correlation": true,
"object_relation": "filename",
"timestamp": "1525772906",
"to_ids": true,
"type": "filename",
"uuid": "5af1726a-7278-45f0-862f-4427950d210f",
"value": "netwf.dll"
},
{
"category": "Other",
"comment": "",
"deleted": false,
"disable_correlation": true,
"object_relation": "state",
"timestamp": "1525772906",
"to_ids": false,
"type": "text",
"uuid": "5af1726a-3548-4ef7-8ad9-467e950d210f",
"value": "Malicious"
}
]
},
{
"comment": "",
"deleted": false,
"description": "File object describing a file with meta-information",
"meta-category": "file",
"name": "file",
"template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215",
"template_version": "11",
"timestamp": "1525773483",
"uuid": "5af174a8-3934-4a04-994d-89b8950d210f",
"ObjectReference": [
{
"comment": "",
"object_uuid": "5af174a8-3934-4a04-994d-89b8950d210f",
"referenced_uuid": "afb022c9-8751-4226-8cb9-110026ddc73c",
"relationship_type": "analysed-with",
"timestamp": "1525782525",
"uuid": "5af197fd-cbec-4443-a8a8-455d02de0b81"
}
],
"Attribute": [
{
"category": "Payload delivery",
"comment": "",
"deleted": false,
"disable_correlation": false,
"object_relation": "sha1",
"timestamp": "1525773480",
"to_ids": true,
"type": "sha1",
"uuid": "5af174a8-30f4-4b8f-a014-89b8950d210f",
"value": "e338d49c270baf64363879e5eecb8fa6bdde8ad9"
},
{
"category": "Other",
"comment": "",
"deleted": false,
"disable_correlation": true,
"object_relation": "state",
"timestamp": "1525773480",
"to_ids": false,
"type": "text",
"uuid": "5af174a8-6dd4-4977-812c-89b8950d210f",
"value": "Malicious"
}
]
},
{
"comment": "Office Documents:",
"deleted": false,
"description": "File object describing a file with meta-information",
"meta-category": "file",
"name": "file",
"template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215",
"template_version": "11",
"timestamp": "1525779800",
"uuid": "5af18d58-4168-49b7-9f76-d121950d210f",
"Attribute": [
{
"category": "Payload delivery",
"comment": "",
"deleted": false,
"disable_correlation": false,
"object_relation": "sha256",
"timestamp": "1525779800",
"to_ids": true,
"type": "sha256",
"uuid": "5af18d58-ecf4-4fdf-9bb8-d121950d210f",
"value": "c4be15f9ccfecf7a463f3b1d4a17e7b4f95de939e057662c3f97b52f7fa3c52f"
},
{
"category": "Other",
"comment": "",
"deleted": false,
"disable_correlation": true,
"object_relation": "state",
"timestamp": "1525779800",
"to_ids": false,
"type": "text",
"uuid": "5af18d58-69a4-4a90-a953-d121950d210f",
"value": "Malicious"
}
]
},
{
"comment": " Office Documents",
"deleted": false,
"description": "File object describing a file with meta-information",
"meta-category": "file",
"name": "file",
"template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215",
"template_version": "11",
"timestamp": "1525779822",
"uuid": "5af18d6e-218c-465e-a8b5-48ca950d210f",
"Attribute": [
{
"category": "Payload delivery",
"comment": "",
"deleted": false,
"disable_correlation": false,
"object_relation": "sha256",
"timestamp": "1525779822",
"to_ids": true,
"type": "sha256",
"uuid": "5af18d6e-f474-4693-b2fc-4f5d950d210f",
"value": "e5511b22245e26a003923ba476d7c36029939b2d1936e17a9b35b396467179ae"
},
{
"category": "Other",
"comment": "",
"deleted": false,
"disable_correlation": true,
"object_relation": "state",
"timestamp": "1525779823",
"to_ids": false,
"type": "text",
"uuid": "5af18d6f-c9b8-43ad-bbd7-4019950d210f",
"value": "Malicious"
}
]
},
{
"comment": " Office Documents",
"deleted": false,
"description": "File object describing a file with meta-information",
"meta-category": "file",
"name": "file",
"template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215",
"template_version": "11",
"timestamp": "1525779842",
"uuid": "5af18d82-ca68-45eb-bde2-4956950d210f",
"Attribute": [
{
"category": "Payload delivery",
"comment": "",
"deleted": false,
"disable_correlation": false,
"object_relation": "sha256",
"timestamp": "1525779843",
"to_ids": true,
"type": "sha256",
"uuid": "5af18d83-a3e0-455e-b346-4c5e950d210f",
"value": "efb235776851502672dba5ef45d96cc65cb9ebba1b49949393a6a85b9c822f52"
},
{
"category": "Other",
"comment": "",
"deleted": false,
"disable_correlation": true,
"object_relation": "state",
"timestamp": "1525779843",
"to_ids": false,
"type": "text",
"uuid": "5af18d83-5bd8-4bb4-8a34-416d950d210f",
"value": "Malicious"
}
]
},
{
"comment": "Seduploader Dropper",
"deleted": false,
"description": "File object describing a file with meta-information",
"meta-category": "file",
"name": "file",
"template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215",
"template_version": "11",
"timestamp": "1525780173",
"uuid": "5af18ecd-932c-4679-ad81-42b2950d210f",
"Attribute": [
{
"category": "Payload delivery",
"comment": "",
"deleted": false,
"disable_correlation": false,
"object_relation": "sha256",
"timestamp": "1525780173",
"to_ids": true,
"type": "sha256",
"uuid": "5af18ecd-8828-4a72-b3c0-4a5f950d210f",
"value": "522fd9b35323af55113455d823571f71332e53dde988c2eb41395cf6b0c15805"
},
{
"category": "Other",
"comment": "",
"deleted": false,
"disable_correlation": true,
"object_relation": "state",
"timestamp": "1525780174",
"to_ids": false,
"type": "text",
"uuid": "5af18ece-1cf4-4f02-9cc2-4b0a950d210f",
"value": "Malicious"
}
]
},
{
"comment": "Sedupload Payload",
"deleted": false,
"description": "File object describing a file with meta-information",
"meta-category": "file",
"name": "file",
"template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215",
"template_version": "11",
"timestamp": "1525780202",
"uuid": "5af18eea-b254-48be-9965-420a950d210f",
"Attribute": [
{
"category": "Payload delivery",
"comment": "",
"deleted": false,
"disable_correlation": false,
"object_relation": "sha256",
"timestamp": "1525780202",
"to_ids": true,
"type": "sha256",
"uuid": "5af18eea-eae4-4080-b43a-4a55950d210f",
"value": "ef027405492bc0719437eb58c3d2774cc87845f30c40040bbebbcc09a4e3dd18"
},
{
"category": "Other",
"comment": "",
"deleted": false,
"disable_correlation": true,
"object_relation": "state",
"timestamp": "1525780204",
"to_ids": false,
"type": "text",
"uuid": "5af18eec-a1fc-4b65-9e7f-47cf950d210f",
"value": "Malicious"
}
]
},
{
"comment": "",
"deleted": false,
"description": "File object describing a file with meta-information",
"meta-category": "file",
"name": "file",
"template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215",
"template_version": "7",
"timestamp": "1525781988",
"uuid": "d01a1f56-520d-43dd-a8dc-128ea3686b56",
"ObjectReference": [
{
"comment": "",
"object_uuid": "d01a1f56-520d-43dd-a8dc-128ea3686b56",
"referenced_uuid": "f06f0463-2e37-478d-b082-8d44e89bd6d1",
"relationship_type": "analysed-with",
"timestamp": "1525781999",
"uuid": "5af195ef-4b50-4f9b-8940-4e1602de0b81"
}
],
"Attribute": [
{
"category": "Payload delivery",
"comment": "",
"deleted": false,
"disable_correlation": false,
"object_relation": "md5",
"timestamp": "1525781986",
"to_ids": true,
"type": "md5",
"uuid": "5af195e2-b1fc-4c32-80dc-447302de0b81",
"value": "2163a33330ae5786d3e984db09b2d9d2"
},
{
"category": "Payload delivery",
"comment": "",
"deleted": false,
"disable_correlation": false,
"object_relation": "sha1",
"timestamp": "1525781986",
"to_ids": true,
"type": "sha1",
"uuid": "5af195e2-5158-48f8-b1a0-4cc702de0b81",
"value": "e338d49c270baf64363879e5eecb8fa6bdde8ad9"
},
{
"category": "Payload delivery",
"comment": "",
"deleted": false,
"disable_correlation": false,
"object_relation": "sha256",
"timestamp": "1525781987",
"to_ids": true,
"type": "sha256",
"uuid": "5af195e3-6e48-4dc2-9cf1-462002de0b81",
"value": "c3b2c7bbd2aa1e3100b9382ed78dfa0041af764e0e02013acdf282410b302ead"
}
]
},
{
"comment": "",
"deleted": false,
"description": "VirusTotal report",
"meta-category": "misc",
"name": "virustotal-report",
"template_uuid": "d7dd0154-e04f-4c34-a2fb-79f3a3a52aa4",
"template_version": "1",
"timestamp": "1525781987",
"uuid": "f06f0463-2e37-478d-b082-8d44e89bd6d1",
"Attribute": [
{
"category": "Other",
"comment": "",
"deleted": false,
"disable_correlation": false,
"object_relation": "last-submission",
"timestamp": "1525781987",
"to_ids": false,
"type": "datetime",
"uuid": "5af195e3-f254-4d01-9051-44bc02de0b81",
"value": "2018-03-01T10:29:11"
},
{
"category": "Other",
"comment": "",
"deleted": false,
"disable_correlation": true,
"object_relation": "detection-ratio",
"timestamp": "1525781987",
"to_ids": false,
"type": "text",
"uuid": "5af195e3-6334-4c64-8542-40f102de0b81",
"value": "46/67"
},
{
"category": "External analysis",
"comment": "",
"deleted": false,
"disable_correlation": false,
"object_relation": "permalink",
"timestamp": "1525781988",
"to_ids": false,
"type": "link",
"uuid": "5af195e4-b494-46fa-8f97-445302de0b81",
"value": "https://www.virustotal.com/file/c3b2c7bbd2aa1e3100b9382ed78dfa0041af764e0e02013acdf282410b302ead/analysis/1519900151/"
}
]
},
{
"comment": "",
"deleted": false,
"description": "File object describing a file with meta-information",
"meta-category": "file",
"name": "file",
"template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215",
"template_version": "7",
"timestamp": "1525781991",
"uuid": "85500cfa-8d6b-49f8-9900-99dc0172e3ee",
"ObjectReference": [
{
"comment": "",
"object_uuid": "85500cfa-8d6b-49f8-9900-99dc0172e3ee",
"referenced_uuid": "1d43848d-7842-4357-8161-4f692dbe6364",
"relationship_type": "analysed-with",
"timestamp": "1525782000",
"uuid": "5af195f0-c694-493d-aae4-4b5c02de0b81"
},
{
"comment": "",
"object_uuid": "85500cfa-8d6b-49f8-9900-99dc0172e3ee",
"referenced_uuid": "5a6ce1ca-0ce4-4112-acf0-f759f554e4d3",
"relationship_type": "analysed-with",
"timestamp": "1525782526",
"uuid": "5af197fe-2cb8-43c3-a462-4d2602de0b81"
}
],
"Attribute": [
{
"category": "Payload delivery",
"comment": "",
"deleted": false,
"disable_correlation": false,
"object_relation": "md5",
"timestamp": "1525781988",
"to_ids": true,
"type": "md5",
"uuid": "5af195e4-22c4-487d-9668-422102de0b81",
"value": "94b288154e3d0225f86bb3c012fa8d63"
},
{
"category": "Payload delivery",
"comment": "",
"deleted": false,
"disable_correlation": false,
"object_relation": "sha1",
"timestamp": "1525781988",
"to_ids": true,
"type": "sha1",
"uuid": "5af195e4-74ac-4f06-bbb0-4d3602de0b81",
"value": "4873bafe44cff06845faa0ce7c270c4ce3c9f7b9"
},
{
"category": "Payload delivery",
"comment": "",
"deleted": false,
"disable_correlation": false,
"object_relation": "sha256",
"timestamp": "1525781989",
"to_ids": true,
"type": "sha256",
"uuid": "5af195e5-40a0-4dc7-9228-464202de0b81",
"value": "e5511b22245e26a003923ba476d7c36029939b2d1936e17a9b35b396467179ae"
}
]
},
{
"comment": "",
"deleted": false,
"description": "VirusTotal report",
"meta-category": "misc",
"name": "virustotal-report",
"template_uuid": "d7dd0154-e04f-4c34-a2fb-79f3a3a52aa4",
"template_version": "1",
"timestamp": "1525781989",
"uuid": "1d43848d-7842-4357-8161-4f692dbe6364",
"Attribute": [
{
"category": "Other",
"comment": "",
"deleted": false,
"disable_correlation": false,
"object_relation": "last-submission",
"timestamp": "1525781990",
"to_ids": false,
"type": "datetime",
"uuid": "5af195e6-6af8-4405-9fee-424802de0b81",
"value": "2018-05-08T00:14:43"
},
{
"category": "Other",
"comment": "",
"deleted": false,
"disable_correlation": true,
"object_relation": "detection-ratio",
"timestamp": "1525781990",
"to_ids": false,
"type": "text",
"uuid": "5af195e6-1aa8-44b3-afdd-410002de0b81",
"value": "38/59"
},
{
"category": "External analysis",
"comment": "",
"deleted": false,
"disable_correlation": false,
"object_relation": "permalink",
"timestamp": "1525781990",
"to_ids": false,
"type": "link",
"uuid": "5af195e6-99cc-45e1-b188-434d02de0b81",
"value": "https://www.virustotal.com/file/e5511b22245e26a003923ba476d7c36029939b2d1936e17a9b35b396467179ae/analysis/1525738483/"
}
]
},
{
"comment": "",
"deleted": false,
"description": "File object describing a file with meta-information",
"meta-category": "file",
"name": "file",
"template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215",
"template_version": "7",
"timestamp": "1525781994",
"uuid": "e3c98d38-6cce-4fe3-832d-33d3aadb0e88",
"ObjectReference": [
{
"comment": "",
"object_uuid": "e3c98d38-6cce-4fe3-832d-33d3aadb0e88",
"referenced_uuid": "5f6c2742-b8c2-4538-80fa-402df8bc6f3d",
"relationship_type": "analysed-with",
"timestamp": "1525782000",
"uuid": "5af195f0-2c8c-4c2b-90db-4b8402de0b81"
},
{
"comment": "",
"object_uuid": "e3c98d38-6cce-4fe3-832d-33d3aadb0e88",
"referenced_uuid": "9e68a641-1e38-4f66-9db2-7d29d978a9dd",
"relationship_type": "analysed-with",
"timestamp": "1525782526",
"uuid": "5af197fe-de14-4d5e-9ad6-47a902de0b81"
}
],
"Attribute": [
{
"category": "Payload delivery",
"comment": "",
"deleted": false,
"disable_correlation": false,
"object_relation": "md5",
"timestamp": "1525781991",
"to_ids": true,
"type": "md5",
"uuid": "5af195e7-ee1c-4c34-a2fa-452102de0b81",
"value": "f52ea8f238e57e49bfae304bd656ad98"
},
{
"category": "Payload delivery",
"comment": "",
"deleted": false,
"disable_correlation": false,
"object_relation": "sha1",
"timestamp": "1525781991",
"to_ids": true,
"type": "sha1",
"uuid": "5af195e7-4eec-4993-b19f-4f2702de0b81",
"value": "169c8f3e3d22e192c108bc95164d362ce5437465"
},
{
"category": "Payload delivery",
"comment": "",
"deleted": false,
"disable_correlation": false,
"object_relation": "sha256",
"timestamp": "1525781991",
"to_ids": true,
"type": "sha256",
"uuid": "5af195e7-7e64-4632-ba95-4d5702de0b81",
"value": "efb235776851502672dba5ef45d96cc65cb9ebba1b49949393a6a85b9c822f52"
}
]
},
{
"comment": "",
"deleted": false,
"description": "VirusTotal report",
"meta-category": "misc",
"name": "virustotal-report",
"template_uuid": "d7dd0154-e04f-4c34-a2fb-79f3a3a52aa4",
"template_version": "1",
"timestamp": "1525781992",
"uuid": "5f6c2742-b8c2-4538-80fa-402df8bc6f3d",
"Attribute": [
{
"category": "Other",
"comment": "",
"deleted": false,
"disable_correlation": false,
"object_relation": "last-submission",
"timestamp": "1525781992",
"to_ids": false,
"type": "datetime",
"uuid": "5af195e8-c8c0-4b43-8b1b-427702de0b81",
"value": "2018-05-08T00:23:54"
},
{
"category": "Other",
"comment": "",
"deleted": false,
"disable_correlation": true,
"object_relation": "detection-ratio",
"timestamp": "1525781992",
"to_ids": false,
"type": "text",
"uuid": "5af195e8-2698-4bc6-9a24-4faa02de0b81",
"value": "37/59"
},
{
"category": "External analysis",
"comment": "",
"deleted": false,
"disable_correlation": false,
"object_relation": "permalink",
"timestamp": "1525781992",
"to_ids": false,
"type": "link",
"uuid": "5af195e8-c930-43ab-b99a-4f9402de0b81",
"value": "https://www.virustotal.com/file/efb235776851502672dba5ef45d96cc65cb9ebba1b49949393a6a85b9c822f52/analysis/1525739034/"
}
]
},
{
"comment": "",
"deleted": false,
"description": "File object describing a file with meta-information",
"meta-category": "file",
"name": "file",
"template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215",
"template_version": "7",
"timestamp": "1525781996",
"uuid": "70c53962-cc6d-42fd-90bb-7b89ea1841e0",
"ObjectReference": [
{
"comment": "",
"object_uuid": "70c53962-cc6d-42fd-90bb-7b89ea1841e0",
"referenced_uuid": "8f43be07-b484-4985-a388-2150078f89b2",
"relationship_type": "analysed-with",
"timestamp": "1525782000",
"uuid": "5af195f0-2398-4a57-b4ec-438302de0b81"
},
{
"comment": "",
"object_uuid": "70c53962-cc6d-42fd-90bb-7b89ea1841e0",
"referenced_uuid": "86e9947c-958f-4a76-9314-9eafcbcb9de5",
"relationship_type": "analysed-with",
"timestamp": "1525782526",
"uuid": "5af197fe-bb50-4a6a-aa90-4a0802de0b81"
}
],
"Attribute": [
{
"category": "Payload delivery",
"comment": "",
"deleted": false,
"disable_correlation": false,
"object_relation": "md5",
"timestamp": "1525781993",
"to_ids": true,
"type": "md5",
"uuid": "5af195e9-404c-460e-b582-420d02de0b81",
"value": "60bc999ff14ee2f359130d6c1375b033"
},
{
"category": "Payload delivery",
"comment": "",
"deleted": false,
"disable_correlation": false,
"object_relation": "sha1",
"timestamp": "1525781993",
"to_ids": true,
"type": "sha1",
"uuid": "5af195e9-9030-46cd-a779-4ad802de0b81",
"value": "142f524121fe16e1c67031f12015be4adec42bb7"
},
{
"category": "Payload delivery",
"comment": "",
"deleted": false,
"disable_correlation": false,
"object_relation": "sha256",
"timestamp": "1525781994",
"to_ids": true,
"type": "sha256",
"uuid": "5af195ea-b5b8-46e3-9326-464d02de0b81",
"value": "522fd9b35323af55113455d823571f71332e53dde988c2eb41395cf6b0c15805"
}
]
},
{
"comment": "",
"deleted": false,
"description": "VirusTotal report",
"meta-category": "misc",
"name": "virustotal-report",
"template_uuid": "d7dd0154-e04f-4c34-a2fb-79f3a3a52aa4",
"template_version": "1",
"timestamp": "1525781994",
"uuid": "8f43be07-b484-4985-a388-2150078f89b2",
"Attribute": [
{
"category": "Other",
"comment": "",
"deleted": false,
"disable_correlation": false,
"object_relation": "last-submission",
"timestamp": "1525781994",
"to_ids": false,
"type": "datetime",
"uuid": "5af195ea-4d40-4c07-bd52-481402de0b81",
"value": "2018-05-01T22:15:25"
},
{
"category": "Other",
"comment": "",
"deleted": false,
"disable_correlation": true,
"object_relation": "detection-ratio",
"timestamp": "1525781995",
"to_ids": false,
"type": "text",
"uuid": "5af195eb-72e0-4311-b125-495a02de0b81",
"value": "49/67"
},
{
"category": "External analysis",
"comment": "",
"deleted": false,
"disable_correlation": false,
"object_relation": "permalink",
"timestamp": "1525781995",
"to_ids": false,
"type": "link",
"uuid": "5af195eb-304c-4a12-a080-4b9802de0b81",
"value": "https://www.virustotal.com/file/522fd9b35323af55113455d823571f71332e53dde988c2eb41395cf6b0c15805/analysis/1525212925/"
}
]
},
{
"comment": "",
"deleted": false,
"description": "File object describing a file with meta-information",
"meta-category": "file",
"name": "file",
"template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215",
"template_version": "7",
"timestamp": "1525781998",
"uuid": "2d06f66e-76ae-473b-9561-bd22199dbd80",
"ObjectReference": [
{
"comment": "",
"object_uuid": "2d06f66e-76ae-473b-9561-bd22199dbd80",
"referenced_uuid": "09e5ec0c-0ae8-4654-ad36-b23fdd405bb2",
"relationship_type": "analysed-with",
"timestamp": "1525782000",
"uuid": "5af195f0-a524-49e3-9662-49dd02de0b81"
},
{
"comment": "",
"object_uuid": "2d06f66e-76ae-473b-9561-bd22199dbd80",
"referenced_uuid": "483c8559-c3c8-4a7a-a2d1-d7a7a13cfc20",
"relationship_type": "analysed-with",
"timestamp": "1525782526",
"uuid": "5af197fe-9d3c-4b50-bacc-43b002de0b81"
}
],
"Attribute": [
{
"category": "Payload delivery",
"comment": "",
"deleted": false,
"disable_correlation": false,
"object_relation": "md5",
"timestamp": "1525781995",
"to_ids": true,
"type": "md5",
"uuid": "5af195eb-a4dc-4a62-be08-477002de0b81",
"value": "fc7d4cde5d2266082966d80f5f1566b9"
},
{
"category": "Payload delivery",
"comment": "",
"deleted": false,
"disable_correlation": false,
"object_relation": "sha1",
"timestamp": "1525781995",
"to_ids": true,
"type": "sha1",
"uuid": "5af195eb-97f4-49a6-b149-42a202de0b81",
"value": "8a68f26d01372114f660e32ac4c9117e5d0577f1"
},
{
"category": "Payload delivery",
"comment": "",
"deleted": false,
"disable_correlation": false,
"object_relation": "sha256",
"timestamp": "1525781996",
"to_ids": true,
"type": "sha256",
"uuid": "5af195ec-6128-450c-9894-401502de0b81",
"value": "ef027405492bc0719437eb58c3d2774cc87845f30c40040bbebbcc09a4e3dd18"
}
]
},
{
"comment": "",
"deleted": false,
"description": "VirusTotal report",
"meta-category": "misc",
"name": "virustotal-report",
"template_uuid": "d7dd0154-e04f-4c34-a2fb-79f3a3a52aa4",
"template_version": "1",
"timestamp": "1525781996",
"uuid": "09e5ec0c-0ae8-4654-ad36-b23fdd405bb2",
"Attribute": [
{
"category": "Other",
"comment": "",
"deleted": false,
"disable_correlation": false,
"object_relation": "last-submission",
"timestamp": "1525781996",
"to_ids": false,
"type": "datetime",
"uuid": "5af195ec-c700-4cd3-8577-469302de0b81",
"value": "2018-05-08T00:25:24"
},
{
"category": "Other",
"comment": "",
"deleted": false,
"disable_correlation": true,
"object_relation": "detection-ratio",
"timestamp": "1525781997",
"to_ids": false,
"type": "text",
"uuid": "5af195ed-cc5c-44e2-be4b-4e0902de0b81",
"value": "49/67"
},
{
"category": "External analysis",
"comment": "",
"deleted": false,
"disable_correlation": false,
"object_relation": "permalink",
"timestamp": "1525781997",
"to_ids": false,
"type": "link",
"uuid": "5af195ed-5830-47ac-8e98-49a402de0b81",
"value": "https://www.virustotal.com/file/ef027405492bc0719437eb58c3d2774cc87845f30c40040bbebbcc09a4e3dd18/analysis/1525739124/"
}
]
},
{
"comment": "",
"deleted": false,
"description": "File object describing a file with meta-information",
"meta-category": "file",
"name": "file",
"template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215",
"template_version": "7",
"timestamp": "1525782000",
"uuid": "33f0f2a8-76b4-4f1a-96e9-8c207dd86bf9",
"ObjectReference": [
{
"comment": "",
"object_uuid": "33f0f2a8-76b4-4f1a-96e9-8c207dd86bf9",
"referenced_uuid": "0ba9aa23-ed52-4caf-b6ae-9415d8006bee",
"relationship_type": "analysed-with",
"timestamp": "1525782000",
"uuid": "5af195f0-fcd4-461c-a355-414302de0b81"
},
{
"comment": "",
"object_uuid": "33f0f2a8-76b4-4f1a-96e9-8c207dd86bf9",
"referenced_uuid": "0f9c57e5-2917-4305-b828-df759cfe478b",
"relationship_type": "analysed-with",
"timestamp": "1525782526",
"uuid": "5af197fe-5770-4a75-8336-443c02de0b81"
}
],
"Attribute": [
{
"category": "Payload delivery",
"comment": "",
"deleted": false,
"disable_correlation": false,
"object_relation": "md5",
"timestamp": "1525781997",
"to_ids": true,
"type": "md5",
"uuid": "5af195ed-e4f8-448b-891c-48d102de0b81",
"value": "085be1b8b8f3e90be00f6a3bcea2879f"
},
{
"category": "Payload delivery",
"comment": "",
"deleted": false,
"disable_correlation": false,
"object_relation": "sha1",
"timestamp": "1525781998",
"to_ids": true,
"type": "sha1",
"uuid": "5af195ee-bca8-4444-be5f-440b02de0b81",
"value": "cc7607015cd7a1a4452acd3d87adabdd7e005bd7"
},
{
"category": "Payload delivery",
"comment": "",
"deleted": false,
"disable_correlation": false,
"object_relation": "sha256",
"timestamp": "1525781998",
"to_ids": true,
"type": "sha256",
"uuid": "5af195ee-8aa4-4610-828b-4ca702de0b81",
"value": "c4be15f9ccfecf7a463f3b1d4a17e7b4f95de939e057662c3f97b52f7fa3c52f"
}
]
},
{
"comment": "",
"deleted": false,
"description": "VirusTotal report",
"meta-category": "misc",
"name": "virustotal-report",
"template_uuid": "d7dd0154-e04f-4c34-a2fb-79f3a3a52aa4",
"template_version": "1",
"timestamp": "1525781999",
"uuid": "0ba9aa23-ed52-4caf-b6ae-9415d8006bee",
"Attribute": [
{
"category": "Other",
"comment": "",
"deleted": false,
"disable_correlation": false,
"object_relation": "last-submission",
"timestamp": "1525781999",
"to_ids": false,
"type": "datetime",
"uuid": "5af195ef-0ee0-46ed-a80d-467302de0b81",
"value": "2018-05-08T00:01:00"
},
{
"category": "Other",
"comment": "",
"deleted": false,
"disable_correlation": true,
"object_relation": "detection-ratio",
"timestamp": "1525781999",
"to_ids": false,
"type": "text",
"uuid": "5af195ef-a244-422c-ad06-418202de0b81",
"value": "31/60"
},
{
"category": "External analysis",
"comment": "",
"deleted": false,
"disable_correlation": false,
"object_relation": "permalink",
"timestamp": "1525781999",
"to_ids": false,
"type": "link",
"uuid": "5af195ef-1c20-4075-8090-4bff02de0b81",
"value": "https://www.virustotal.com/file/c4be15f9ccfecf7a463f3b1d4a17e7b4f95de939e057662c3f97b52f7fa3c52f/analysis/1525737660/"
}
]
},
{
"comment": "",
"deleted": false,
"description": "VirusTotal report",
"meta-category": "misc",
"name": "virustotal-report",
"template_uuid": "d7dd0154-e04f-4c34-a2fb-79f3a3a52aa4",
"template_version": "1",
"timestamp": "1525782520",
"uuid": "afb022c9-8751-4226-8cb9-110026ddc73c",
"Attribute": [
{
"category": "Other",
"comment": "",
"deleted": false,
"disable_correlation": false,
"object_relation": "last-submission",
"timestamp": "1525782520",
"to_ids": false,
"type": "datetime",
"uuid": "5af197f8-9f34-43c2-86c1-4dee02de0b81",
"value": "2018-03-01T10:29:11"
},
{
"category": "Other",
"comment": "",
"deleted": false,
"disable_correlation": true,
"object_relation": "detection-ratio",
"timestamp": "1525782520",
"to_ids": false,
"type": "text",
"uuid": "5af197f8-e498-43b8-aabf-4f1802de0b81",
"value": "46/67"
},
{
"category": "External analysis",
"comment": "",
"deleted": false,
"disable_correlation": false,
"object_relation": "permalink",
"timestamp": "1525782520",
"to_ids": false,
"type": "link",
"uuid": "5af197f8-0a44-4d11-a7bd-48fc02de0b81",
"value": "https://www.virustotal.com/file/c3b2c7bbd2aa1e3100b9382ed78dfa0041af764e0e02013acdf282410b302ead/analysis/1519900151/"
}
]
},
{
"comment": "",
"deleted": false,
"description": "VirusTotal report",
"meta-category": "misc",
"name": "virustotal-report",
"template_uuid": "d7dd0154-e04f-4c34-a2fb-79f3a3a52aa4",
"template_version": "1",
"timestamp": "1525782521",
"uuid": "5a6ce1ca-0ce4-4112-acf0-f759f554e4d3",
"Attribute": [
{
"category": "Other",
"comment": "",
"deleted": false,
"disable_correlation": false,
"object_relation": "last-submission",
"timestamp": "1525782521",
"to_ids": false,
"type": "datetime",
"uuid": "5af197f9-11d4-451d-b851-4d9102de0b81",
"value": "2018-05-08T00:14:43"
},
{
"category": "Other",
"comment": "",
"deleted": false,
"disable_correlation": true,
"object_relation": "detection-ratio",
"timestamp": "1525782521",
"to_ids": false,
"type": "text",
"uuid": "5af197f9-3798-4061-b5ec-4a2002de0b81",
"value": "38/59"
},
{
"category": "External analysis",
"comment": "",
"deleted": false,
"disable_correlation": false,
"object_relation": "permalink",
"timestamp": "1525782521",
"to_ids": false,
"type": "link",
"uuid": "5af197f9-de3c-42eb-9871-4cdb02de0b81",
"value": "https://www.virustotal.com/file/e5511b22245e26a003923ba476d7c36029939b2d1936e17a9b35b396467179ae/analysis/1525738483/"
}
]
},
{
"comment": "",
"deleted": false,
"description": "VirusTotal report",
"meta-category": "misc",
"name": "virustotal-report",
"template_uuid": "d7dd0154-e04f-4c34-a2fb-79f3a3a52aa4",
"template_version": "1",
"timestamp": "1525782522",
"uuid": "9e68a641-1e38-4f66-9db2-7d29d978a9dd",
"Attribute": [
{
"category": "Other",
"comment": "",
"deleted": false,
"disable_correlation": false,
"object_relation": "last-submission",
"timestamp": "1525782522",
"to_ids": false,
"type": "datetime",
"uuid": "5af197fa-ed74-4a1f-a551-48a002de0b81",
"value": "2018-05-08T00:23:54"
},
{
"category": "Other",
"comment": "",
"deleted": false,
"disable_correlation": true,
"object_relation": "detection-ratio",
"timestamp": "1525782522",
"to_ids": false,
"type": "text",
"uuid": "5af197fa-a36c-41ac-b100-4fc602de0b81",
"value": "37/59"
},
{
"category": "External analysis",
"comment": "",
"deleted": false,
"disable_correlation": false,
"object_relation": "permalink",
"timestamp": "1525782522",
"to_ids": false,
"type": "link",
"uuid": "5af197fa-9648-4feb-8949-42b702de0b81",
"value": "https://www.virustotal.com/file/efb235776851502672dba5ef45d96cc65cb9ebba1b49949393a6a85b9c822f52/analysis/1525739034/"
}
]
},
{
"comment": "",
"deleted": false,
"description": "VirusTotal report",
"meta-category": "misc",
"name": "virustotal-report",
"template_uuid": "d7dd0154-e04f-4c34-a2fb-79f3a3a52aa4",
"template_version": "1",
"timestamp": "1525782522",
"uuid": "86e9947c-958f-4a76-9314-9eafcbcb9de5",
"Attribute": [
{
"category": "Other",
"comment": "",
"deleted": false,
"disable_correlation": false,
"object_relation": "last-submission",
"timestamp": "1525782523",
"to_ids": false,
"type": "datetime",
"uuid": "5af197fb-98ec-4c87-9a05-447402de0b81",
"value": "2018-05-01T22:15:25"
},
{
"category": "Other",
"comment": "",
"deleted": false,
"disable_correlation": true,
"object_relation": "detection-ratio",
"timestamp": "1525782523",
"to_ids": false,
"type": "text",
"uuid": "5af197fb-d9ec-4d0f-bf82-4a7502de0b81",
"value": "49/67"
},
{
"category": "External analysis",
"comment": "",
"deleted": false,
"disable_correlation": false,
"object_relation": "permalink",
"timestamp": "1525782523",
"to_ids": false,
"type": "link",
"uuid": "5af197fb-23d0-4566-aed8-408602de0b81",
"value": "https://www.virustotal.com/file/522fd9b35323af55113455d823571f71332e53dde988c2eb41395cf6b0c15805/analysis/1525212925/"
}
]
},
{
"comment": "",
"deleted": false,
"description": "VirusTotal report",
"meta-category": "misc",
"name": "virustotal-report",
"template_uuid": "d7dd0154-e04f-4c34-a2fb-79f3a3a52aa4",
"template_version": "1",
"timestamp": "1525782523",
"uuid": "483c8559-c3c8-4a7a-a2d1-d7a7a13cfc20",
"Attribute": [
{
"category": "Other",
"comment": "",
"deleted": false,
"disable_correlation": false,
"object_relation": "last-submission",
"timestamp": "1525782523",
"to_ids": false,
"type": "datetime",
"uuid": "5af197fb-5300-493b-96aa-437002de0b81",
"value": "2018-05-08T00:25:24"
},
{
"category": "Other",
"comment": "",
"deleted": false,
"disable_correlation": true,
"object_relation": "detection-ratio",
"timestamp": "1525782524",
"to_ids": false,
"type": "text",
"uuid": "5af197fc-cffc-44fb-a9ae-421502de0b81",
"value": "49/67"
},
{
"category": "External analysis",
"comment": "",
"deleted": false,
"disable_correlation": false,
"object_relation": "permalink",
"timestamp": "1525782524",
"to_ids": false,
"type": "link",
"uuid": "5af197fc-4c84-427b-8c03-4cd302de0b81",
"value": "https://www.virustotal.com/file/ef027405492bc0719437eb58c3d2774cc87845f30c40040bbebbcc09a4e3dd18/analysis/1525739124/"
}
]
},
{
"comment": "",
"deleted": false,
"description": "VirusTotal report",
"meta-category": "misc",
"name": "virustotal-report",
"template_uuid": "d7dd0154-e04f-4c34-a2fb-79f3a3a52aa4",
"template_version": "1",
"timestamp": "1525782524",
"uuid": "0f9c57e5-2917-4305-b828-df759cfe478b",
"Attribute": [
{
"category": "Other",
"comment": "",
"deleted": false,
"disable_correlation": false,
"object_relation": "last-submission",
"timestamp": "1525782524",
"to_ids": false,
"type": "datetime",
"uuid": "5af197fc-ece0-48dd-a063-447602de0b81",
"value": "2018-05-08T00:01:00"
},
{
"category": "Other",
"comment": "",
"deleted": false,
"disable_correlation": true,
"object_relation": "detection-ratio",
"timestamp": "1525782525",
"to_ids": false,
"type": "text",
"uuid": "5af197fd-f858-44f4-a74a-497102de0b81",
"value": "31/60"
},
{
"category": "External analysis",
"comment": "",
"deleted": false,
"disable_correlation": false,
"object_relation": "permalink",
"timestamp": "1525782525",
"to_ids": false,
"type": "link",
"uuid": "5af197fd-53e4-4acc-b695-453002de0b81",
"value": "https://www.virustotal.com/file/c4be15f9ccfecf7a463f3b1d4a17e7b4f95de939e057662c3f97b52f7fa3c52f/analysis/1525737660/"
}
]
}
]
}
}