misp-circl-feed/feeds/circl/misp/5b6aad49-a01c-4070-aba8-4b32950d210f.json

1643 lines
3.8 MiB
JSON
Raw Normal View History

2023-04-21 13:25:09 +00:00
{
"Event": {
"analysis": "2",
"date": "2018-08-08",
"extends_uuid": "",
"info": "OSINT - CYBER THREATSCAPE REPORT 2018 - MIDYEAR CYBERSECURITY RISK REVIEW",
"publish_timestamp": "1533822772",
"published": true,
"threat_level_id": "3",
"timestamp": "1533822770",
"uuid": "5b6aad49-a01c-4070-aba8-4b32950d210f",
"Orgc": {
"name": "CIRCL",
"uuid": "55f6ea5e-2c60-40e5-964f-47a8950d210f"
},
"Tag": [
{
"colour": "#0088cc",
"name": "misp-galaxy:threat-actor=\"Cobalt\""
},
{
"colour": "#0088cc",
"name": "misp-galaxy:mitre-intrusion-set=\"FIN7\""
},
{
"colour": "#12e400",
"name": "misp-galaxy:threat-actor=\"Anunak\""
},
{
"colour": "#ffffff",
"name": "tlp:white"
},
{
"colour": "#002642",
"name": "osint:source-type=\"microblog-post\""
},
{
"colour": "#2c4f00",
"name": "malware_classification:malware-category=\"Ransomware\""
},
{
"colour": "#3b7500",
"name": "circl:incident-classification=\"malware\""
},
{
"colour": "#6edb00",
"name": "circl:topic=\"finance\""
},
{
"colour": "#0088cc",
"name": "misp-galaxy:ransomware=\"WannaSmile\""
},
{
"colour": "#0088cc",
"name": "misp-galaxy:ransomware=\"Black Ruby\""
},
{
"colour": "#0088cc",
"name": "misp-galaxy:ransomware=\"RASTAKHIZ\""
},
{
"colour": "#0088cc",
"name": "misp-galaxy:ransomware=\"TYRANT\""
}
],
"Attribute": [
{
"category": "External analysis",
"comment": "",
"deleted": false,
"disable_correlation": false,
"timestamp": "1533718798",
"to_ids": false,
"type": "link",
"uuid": "5b6ab10e-bda4-486f-a00c-4ec0950d210f",
"value": "https://www.accenture.com/t20180803T064557Z__w__/us-en/_acnmedia/PDF-83/Accenture-Cyber-Threatscape-Report-2018.pdf"
},
{
"category": "External analysis",
"comment": "",
"deleted": false,
"disable_correlation": false,
"timestamp": "1533718798",
"to_ids": false,
"type": "link",
"uuid": "5b6ab10e-330c-492d-9732-45c0950d210f",
"value": "https://otx.alienvault.com/pulse/5b69d37292f5ac2b98346cf3/"
},
{
"category": "Network activity",
"comment": "",
"deleted": false,
"disable_correlation": false,
"timestamp": "1533719350",
"to_ids": true,
"type": "url",
"uuid": "5b6ab336-38a0-4764-8abc-40d3950d210f",
"value": "http://toshiba.org.kz/robots.txt"
},
{
"category": "Network activity",
"comment": "",
"deleted": false,
"disable_correlation": false,
"timestamp": "1533719351",
"to_ids": true,
"type": "url",
"uuid": "5b6ab337-1068-49a3-afdb-4a69950d210f",
"value": "https://swift-fraud.com/"
},
{
"category": "Payload delivery",
"comment": "",
"deleted": false,
"disable_correlation": false,
"timestamp": "1533719352",
"to_ids": true,
"type": "email-src",
"uuid": "5b6ab338-78e0-4d4a-a787-41b1950d210f",
"value": "info@apple-istores.com"
},
{
"category": "Network activity",
"comment": "",
"deleted": false,
"disable_correlation": false,
"timestamp": "1533719354",
"to_ids": true,
"type": "hostname",
"uuid": "5b6ab33a-6ae8-47db-bfd4-4381950d210f",
"value": "safe.my-documents.biz"
},
{
"category": "Network activity",
"comment": "",
"deleted": false,
"disable_correlation": false,
"timestamp": "1533719355",
"to_ids": true,
"type": "domain",
"uuid": "5b6ab33b-c090-4fec-a7d7-41e3950d210f",
"value": "swift-fraud.com"
},
{
"category": "Payload delivery",
"comment": "",
"deleted": false,
"disable_correlation": false,
"timestamp": "1533719356",
"to_ids": true,
"type": "domain",
"uuid": "5b6ab33c-a594-4ad0-a38a-4de4950d210f",
"value": "toshiba.org.kz"
},
{
"category": "Network activity",
"comment": "",
"deleted": false,
"disable_correlation": false,
"timestamp": "1533726247",
"to_ids": true,
"type": "url",
"uuid": "5b6ace27-a8d8-486a-8661-3b5a950d210f",
"value": "https://swift-fraud.com/documents/53763987.doc"
},
{
"category": "Network activity",
"comment": "",
"deleted": false,
"disable_correlation": false,
"timestamp": "1533798306",
"to_ids": true,
"type": "url",
"uuid": "5b6be7a2-91c8-4105-8c34-401c950d210f",
"value": "https://api.toshiba.org.kz/robots.txt"
},
{
"category": "Network activity",
"comment": "",
"deleted": false,
"disable_correlation": false,
"timestamp": "1533798307",
"to_ids": true,
"type": "hostname",
"uuid": "5b6be7a3-9aec-42d9-a80f-4915950d210f",
"value": "api.toshiba.org.kz"
},
{
"category": "External analysis",
"comment": "RASTAKHIZ Screenshot",
"data": "iVBORw0KGgoAAAANSUhEUgAABZQAAAM4CAYAAABbXWeeAAAABHNCSVQICAgIfAhkiAAAABl0RVh0U29mdHdhcmUAZ25vbWUtc2NyZWVuc2hvdO8Dvz4AACAASURBVHic7L3ZcxxHmu35+9wjcsO+cANJcZFUi7pv11R1t83L2My/PTN2x/rtPlX37Su1qlQlUZS4EwCxI5eIcP/mwSMiIxOJlSCYBOPQkomM1bfw5fiJ46Kquru7i/ceVS2/q58C3nu89zjncM6NHA8c+TbGHLlGARE5su1Tx3g8pyGOk9IeLh624653Gde+CM4SnkmYhry57rhI3tT5UqNGjRo1apyOuv9zfpyUZp9zunwuqPul04m6LqtR43y4bs/MSVzhWeM6HrdPhX+shvOs4TsPv1ccW90nIhhjyt8FnysiWGsREUSk3GaMwVqLtXbkPAh8b1RcZJxQHieWi+MKMrk4p0ooVwNeBKD6+6SEOG+hmVZcpFB8CjhP/lyXvKxRo0aNGjVq1KhxffCpDDJr1KhRo0aNzwGniTLPQqCedE6Vl5xGXGb4qtc5jpcsSOKCHK5yt6qKMab8uzjeOTdCKldJ55JQVtUjRHH1IyIloVwlm4vfkxKmGsDqMeNK5knnfUhcVoZddlg/pGr4fXGRsNWE8ueNaS0zV9WgfO7lf1rzv8bVoH7OPjymuc8wrbhO9VKd/x8WtTji+uE6Pf/XCXVd9nnjuuX/VdQz1y3NxnERQvkkXGW8r4K8ft/8LxTHVUK5IJlVlSiKyr+r4mFjDFEUlZ/i/BGFckEOV7+zLCvtLcbJZGCEhC4iWFU0T7LO+FQKc40aNWrUqFGjRo0aNWrUqFGjRo0aNT4MTuMIp1llDNPvVFAlhscVygXJ3Gg0UFWsteW+gnAu+OECxTERMEIgj3/SNCXLsvIzbnEx7qlcndE/jlCehGlM9BqTUXvQ1ahRo0aNGjVqfFxclarpuuAkf8EaNWrUqFGjxtWjKkgd/y7a7er3WVwOrnN/56xxPY/lRaE+LoTCURSVthZVK4yCUC64Xu/9UUK5II2Lv9M0JU1TkiQhTdMRlXL13OK8Ko7zWB5HEdDriPPE6yo7te8brtqDrkaNGtOAD13v1GRDDZjetrxGjavAdSr/Z32V9lPAedu/aY7rVYwhPqVx1mXf433uU6PGeTGN5f+8qJ+XgKvIy/PYRBTHntWW6ir5qQ/Bj71POTyNUC5sL4q/CwFxv9/HWkscxyP2FuM+ywXPWxLKxaeqRi6I5MFgwGAwIEmSI8RycaGqerkIcNUK4zQmfZrJyKssqNPiy3wapoVQntZGqMb0YlrLzLSG66pwkfhfl7jXqHERTCs5clWY1jpzWsNV43hM04D0Q6Nua2vUmC7UbUaN64T3Lc+nqW0vSih/bhMEk7jXatoWiuQ4jmk0GkRRNEIwG2NotVo0Gg0ajUa5IF+VjB6xvDhOkTwYDOj3+/T7/ZG/u90ug8GALMvKAFfJ5SqhfJzdxaf02tlVdTQ/RPyve2NTN8I1zotpLTPTGq6rwuce/xo1zouaUJ7OOmPa1YbTmJcfG58LoVyXmRo1pg/1c1njuuCyyOTjeMJJituaUJ6MSYRyYXFRkMtxHNNut+l0OiWpbIwpj63aGlcJ5SiKRoj9qLhhYVtRqJH7/T69Xo9ut0u32+Xg4IDDw0MODg7Y29vj8PCQNE3LQFW9kqt+HJN8UI6rAKe5YvwUC+FZ/FQ+xv0vE9M8cJvW8nxVcZnWNLtO4YLrU5anuY69TuW/xvkxrXk5vW356etmTLjL1BKq05rO0xz/aa3LPve4XARXFf9p7QNMa/tf5//0PpvnRZ2Xdfk/L6Z5LH9+6MjfqqMc4tDHF6Aahw+fN8L54q/l/+cMmwpHonfqfc5wXCX/CmK4IIxFhEajQafTYXZ2lpmZGTqdDq1Wq1QmJ0mCtZYoisrrFGRzwR+XhHKhUC6UyVUieW9vj52dHbZ3djg8PCQZDEizFO+19NWwUURZRhXECIIc8U8+jkwe9/Q4Pyo3P+1IEY57NvQs5086TzXfXt178tWKaI6HRcbuoJX/J1+osm/8WtV0rVw35Mnw4LH5i8kXm4Ai7Ecf8KP3/5A4b2U3rZ3Dq0Ax+XMVuIp8uSimM2x6bN10HC4arg8R//efAb7oeecnuz78Pa7yPp8PrrL+quJi9T9cRX5eRXqcPy56pJ9x+j0EEXvu+FQHHB8KV5PG01OXv+89Lnqfq8HVtbNXgWkum+fF50goj176KvoyF8HV9H/L6Jz5dtP7XJ4fR+ulyyh301x3weW13x+y7pjeNLyatuzCE9ecp4ZSRHKBq3OkScLB/gG9Xo+5uVnarSaNuEFB1IqAImW1oVIhnUOgw75q2GUCwyaMhXKUuxNAREEVKaqovD+sKF7DNQxgEDS3+fUVvtN7H65jTM7FSRG8ygUl/xd+ajUAx6Vi9TgEURnuKJMgF/vmm7e3tkj6fRrNJo1mExvHpFnGzu4u+/v7tNtt5mZnWVxaZG5uDtUZQDEiwdpC87QoPJeNweXxLD2UqzYXh4eHHB4e0uv1ePfuHa9fv+bN+lucc8x0Oqzdvcva2hq3b99mdnaWVrOJySXQRVQUUDdqg1FdTfA4nL+wFysPFoleIUrHKqqisPn8sPEsUhTPcGHBIm9EQcb8Wsbz+AihrIofp2orJ00kX1QQRtNHiwCUvwrFd/7bDAt7cani21SuFf7O74kbIaKrBTIU9OIeJ1cFo68lFJ8aJ+E8pNv4s3DaOZNeA5n090UH7DXOg/ORKQHT+wyd1Okbfz1pSCRNjv9J5eki9f/508yffsh73+f8+X/WgcDZB6qnh/fsz3ahDPiQOD2NT6q/Jr0NdXm4SJk5L6b1+b9IXXYRCMbYI680lnuPef3xpP2n4bTz67Zv2nF1ZXM6n80a0wlFNbQZp9VL7zsRP71k1zkxZFfGWfbjTxmyO/lp5xszfThcTv//wxDKV9GXgbPWme/bhk+6zueDKR1nFo8xldBJdefkMBf5n/T77G5v8fe//MCr5y/4w3/7R+6urbEwP4/PskDaSiB0FchQ1BokMlgxWAVSB05Rn1cnIqgRTM4hezyIR8UHBbLkVyu+dRgJK2BUEedxCCqCtYbUORLvUKPECG0MPk3xKBrHkCt40yRFEKI4xpoYweAdOAfOByGFkUDOIqAS+EMVLX8jgXBHFQlUOiqCz4nk8LGgJicvw2J5Tj3Oe9QAxvDd//wPNjbWWVxdZfnmDVqzs/z67AUvnr/g1YsXqHtHp9Miy9ZwWYZzGVnaRr1ixEA7EPrWKt5YnHFllpYK5TRN6fV6HBwc0O/32d/f5+3bt6yvr7O7u8v83DxLS4vcvHmL+/fvcefOGqurq8zMdGg0mqWCpZSk66iHcpVQrg78xiuQ8w+Cq6rno2Ty+DUL8nnSfIQynJkYLe5hZsJMeCWzSizLyBnVqxX3Pi0+eYEYOUknPojlOaI5oVwJc/mHKU+VshKRI4TyKMyxA7pJGJLsdYf7KnGah9BJtjKfZ8N71bjoQPfkCbePgePK1Xj9fZRQvgpcpM7Rc52l73Gf64GrzMv3b0Mua4BSuSJXlwbT9/xfJWknYqaufboKBXSNi6ImlGtMH0KdcTZCeRRXUcamtW82Km0a3XLSPabxubyIoABKadolEauTrzOt+V/j/JhWQrlCSBVlsLxlRbQ5UTgAg16PzTdv2N14R293j9s3bnD/zhrLi4tkaYJ3joKXQ5UMxeeEqRETSOPMIx7wYZwaOFYB9Tk3FwjlkkMrPpOYQBPYNOuC8tjnSufMezJ1qIUIoY3gsyxYCGvwGI6iKNhMeEURrIkwEoFaskzJnBJFDRDBS353CYS3SiCVC6I7cKt+mINKEKIWH29ADaIGsOX1vIBYg4ljNp49wyUDVldX+OLxY27cucPyyio3b9zg9s2b7Gy9Y39/j/W36/T7fZJ0laXFRay1NOJGEAUruVo5nzSwIZ1KhXJhdbG/v0+v12Nvb4/Xr1+zu7uLiPDwwQMeP37MvXv3uHHjBktLS8zOzpYGzt4PC8kkD+WCUK4WpCohcZ4K9G
"deleted": false,
"disable_correlation": false,
"timestamp": "1533799944",
"to_ids": false,
"type": "attachment",
"uuid": "5b6bee08-cfac-4cda-becc-41ff950d210f",
"value": "RASTAKHIZ.png"
},
{
"category": "Network activity",
"comment": "",
"deleted": false,
"disable_correlation": false,
"timestamp": "1533801553",
"to_ids": true,
"type": "domain",
"uuid": "5b6bf451-38c0-4d13-8875-4ea5950d210f",
"value": "exchange.ir"
},
{
"category": "Network activity",
"comment": "",
"deleted": false,
"disable_correlation": false,
"timestamp": "1533801553",
"to_ids": true,
"type": "domain",
"uuid": "5b6bf451-eca4-41be-8a8f-4c08950d210f",
"value": "webmoney.ir"
},
{
"category": "External analysis",
"comment": "Tyrant",
"data": "iVBORw0KGgoAAAANSUhEUgAABZwAAAOqCAYAAAAYJJAiAAAABHNCSVQICAgIfAhkiAAAABl0RVh0U29mdHdhcmUAZ25vbWUtc2NyZWVuc2hvdO8Dvz4AACAASURBVHic7L3plyM5kuD3M7g7yWCcGXnW1VV9T+92z460Kz09vf3/v+lJM6sZ7Rw1XXdlVeWdGRfpDtMHAO7wiyS8Itj5+o3liwyG0wHDYbALBoPYqtLKKtes+eevfuKfv/yJ67JCKzCakRUFWZaDZGil2MoCgiAAIAICimJthbUWEcD/WLUoICZDBFQBVQxCbgxWFVQR/HcoWAUFVaUocowxlFVFZS1WFZMZFKFSMFhf3mIEjBiMMVgMlQpWM6wYVDIMkGmFaoURSy4VuXF1lOUaEYOYDKtS/6xNTimCWnXdBUQVI4IRE7pZtxfAiKDq+o4IYgQRoVLffmOwQKUWASxKSQXWYhQWJidHMJUbJzGCGMPaVpS2wqKoceNeCaj/ERSxFlNZjAWDYLIcMQYVAXXtHAMd+E4QwlTvDt0C2vo41ARJxjEBNvT9VkFSEU3t/B7wTBgznTTQd08A0zBoWkEFTcaUPl5SM9mfCw3uofU/Baat5UTkOrHve1ubqdBuV5gL2diExLZNneC9DEFa25yqsAeeMWEpT6KwSYtmXwItBabKmAmjNkEviYvoLushmV/sC9LHeaf+drHcvShj2lzuC/6KdLlJsA/63xMtT8EzWTdLwDGCol3NLnVua+v7SmPw/sqycVt2eN6m0OUAmt1K/UzYwS6fUu17y8ungJBiI02Zyylq+TS/zBR4X3nGnuTSJFfGPsbs/dRLgowN8llEUJT/+ttH/PGzc3LvAUZEMIBBMQJiDIXkqICtSqpqja0stnLVGmPIssy1R0AyUFuh1nonsYAIZaVUqqAWAIMTpEaELBPEqvvKO3FdZYqqolg8QnJjEJTSqqsbQVR9Bx23NIhrO4rxqoIYh6sCjPq+ec+3ViVVZSltyermGhGDyXJMNkNxbde5QUwBxrVPELC2Hl71g5oZwVpLVdnaCS8IGBPRrXM8mywHlKpUEMGIYijd+FhFtUK9o9kYgzFu0lCLikWMQZx3HauKFcWGsTUGtaDhmfj/RBC7WeUaUq5uw7HVYqgjfDJVSZvUjj0ojwFTOkyx7Ka0LbHMFP+B2u0v3QaiVAwT5jK5L2HdpxaaIEBuY83Ea/O2lmB6uybQ8iQtfcqa2ddOmHSebKeH5HHey67eFEjc1AF0D85mmDLGkzElvp9Oy9McjvuQMe/rutyPXjINpjrPEg2I95b+9wXvpy43yUkxQS7vBw8k938SLZuk96f1P10vuz1Zv+2d9zMQZLotsw/o6GVb9eV0XX4vMhYYC2oI1d3WDLy/MnMapNhIk2zMPa3LvdhlDlMalr3ppWnldFL396fLpgzBFDk+dV5EpFU2Ck8mjz3RYoQsM8xEyCVnkc95+foNL1695sWLl9hKMZJj8pzDo2Pu3bvHwWJBnmXOIW0tVBWSCZnJfGRvRqbWBSOpX1wKRhSwiNrgtq2dwYJBDIgULkoYRYwhzwtmQh3pLOqcySIZos4BrYBadY4iMRhxgVDWWrAWxZLlhtXVDW9fPePi7Sturi89jgxjcsT/IDn5ySnzo2OODo/8BFtM5gfQO8oFdWXUO3jxTnHJUILz3D0HpbIlCGQGstxFfhutMCLkImQWTGWhsqiWrEuLtRZrDHmekc9mqB8HfIS3qmJM5pzuRpHKIpU6j3tNDJudYcOLcYqTrk2o3Xr/UgLp/RaE+3FS7gPSFXt4fxVOQ9o4T3UEpzP324hIjtt6W+sjVVDtT+F+X9dMv11hTMbG8v3mZYkwoSsuwuP9HINp9L8P/p8O6XT2fq/LliK8k17yPkbewTSDc1q5u4f3sU1TYV/0PwHLpLWctuG+L1k+jZbT35dJJxzS8AyN2TYZsh/5//N57E5Y3lM5Dn0de7vM2JfzfIpdDjGfuSu7/K9r/vVObKQYpgVC7QPP+2ov7Uf1ny5j3r8I5yl9qTNSJJUZ8X/4Zzm+HSLOSZr56GFUqdZrnj/7ia+//ZYffviJcl2BTztx7949PvrwYx4/esTJyQl5ZjDkVJmQG8ElvQjR09ROVyU4PvGpKdwD8RFLAhjjUlWgikvV4Zy0lbXOySqCyTOyIndRvaiPdnZ1qQGj4lQlI64l4lJxuCjliqvLdzz9/jt+ePoNb16/AixVpVgV8mLOfLHkYHnM+Ucfcz/POTk6xBiwlfXtE/BjJgJohRFFMqn7LEaoKuudweJSbfjUGihkPmobQkoQn6ZDmzQhIq7NlRjUWspVyc3qGpPn5LOinmBpbRwYjAqivq3i+i9sYzoj52qSCHVc4Dao318BcyswmX8kjvMUrruXyMApDPf9pAmZFH1HYpm/bOTJ7a7L9PGafIgilZanzGXyupwCcQhF/EFrudiDZAVCe6h2gvfVSRVSRN05nvq/HWHDnG1Eklomlf9PaRfT5v+9XJeBWPplxvnfnpzNU9dY8jino9gL7IXHToE96VgT6H96ppe71TGDDZYE763uO1Uv+/m07Oy08QjrSc6QSd2fUmhP+l8SjNm222CTLTvkWJmCYwJMoGWnMg3Iv9aHn9kB3RPP2Af4vrRaduv68DS9fLrj+/3js4HXpRVKe33a+k9nTDKB/2mNK61EGkxjsumHaKVBF9FB+JQ3bVCMKLkRVC3las3F1Zofvv+Or778kmfPnrNel1h10cKv791HK8tiPmO5XLA8OMDMctRabLl2i9Wn60DV5Wr2HTD1Im6ctwbBWvduZgyqLl+0AKoVN9c3vL14x9X1NQcHBxweHVLMjp2jWRVs5dJPiIAxqAqVOgeveg93ZgyZEcqbNVdXFzx79hPffvsNz378gfXqmovLa25Wa46OTjm994DzB48ojo+49+Dcpb0QUCwuRFwRUYq8AGC9XrsIZWPw6Z4xolgsgiWTnCwzIMLN2qUJyYygWCpbgZag4qJDK4tYxSjkeY4Rlzrj3dUll+/e8erdGw4OD7n34AFSFBgfUaoaxL3x4+zTgJhABFtSagytlUk7aaPfDH43LVJz2qJLY9Q/w+BMQDOp/zJBFmhqoQlRt8kluJ1Q3Z1gmP62lUmey04kwa5okmCSLjBeYCy6rxsVsROWKX6t5NOuafPSIErBscf4xqhdzVzcpmLrjzlNmZs7twXSlaGpfZkCaf1Pb1TDM9LQ3HW7JsGk/TlJ9qC5TEdTjvwN4x/USyZFq0yDvcny99Sun6wE3TFMyMJw93IJko36KSoJTJTlqf7mffC/SXtaE9b/tHPYI3bRtgjrbW3r8LV9zMsUHVv0znWMSdMyqmO7h6Pf7SPvfypZhgCGke9vL7p5Ivt7T+VSrYnfWQOn6uVpiRvffx/DlMWZ8v4Ux3l6kSmY7KS5SeSzUzf1pwxbHfzrqDTmvbmLkHWRxG6nUVnfXPPi2Ut+/OYpr1++5ORwyaeffMLiYEmWF9ysSlQhyzKsrbi6vOBg7i4XNHmGyQzWX3BXaYisBRcd7ReKgrWK8TmWxYp3yHp+rSAzl75jtV5xdXHBV19+wZdffsknv/gFH338EYvlAbMiI5OsztVsxCCZu/hPLFQIFpd+Q317ELh/fs6f/vaP/PY3n/L82Y98/q//xjfffsvF5RV/97/+Nz7+5DNOzs4pDg+ZHy0xUpFJRl4EDVTBKkKFiDDLgjMdDKa+NDArMiBDAZOJJxQXWG6MYV2WhOjoIsuYZblL+2wVY5VZUaCqXN2sePHsJ778+mu++e47Hn/0IcvlkuXxCfk8R/IcrXybHHK0cvOc+YZt0uvHQuFv956pYSYhtWNnAtNJhP2kO0jdFZuwYT1JsUvFEWD3/kv9/1173KfANMGe9LbbIUtFkm7Z3vaYjXRT9jU3yVupcNfrcn/+pt03wral2til7F8DvM99ST9SyjSD430cgsnrMrEzZpqXKl0v2c8g7ydX8vtIMODG/455+SSYqmPtoS+J4yUadMwUXLdzT8SOqJJentAVkjfOAZdSbXeYGjwzeAp5Q1275X3Vzvztwy6ZIs
"deleted": false,
"disable_correlation": false,
"timestamp": "1533806649",
"to_ids": false,
"type": "attachment",
"uuid": "5b6c0839-50e0-4a66-b03b-3d3b950d210f",
"value": "tyrant.png"
},
{
"category": "External analysis",
"comment": "Wannasmile",
"data": "iVBORw0KGgoAAAANSUhEUgAABaAAAAK6CAYAAADPSvu7AAAABHNCSVQICAgIfAhkiAAAABl0RVh0U29mdHdhcmUAZ25vbWUtc2NyZWVuc2hvdO8Dvz4AACAASURBVHic7L3ZlhzJlWW5zxVRG3yAY0bMSTIrWZm1+qVfuj+D+dv9Ab06u3IqMhkMBgKBySczU5V7+0FEzcwdCGZ2d5GBqiU7lgfgbpOqqNpahq3Hz1VEBJ1Op9PpdDqdTqfT6XQ6nU6n0+n8d8Z+7g3odDqdTqfT6XQ6nU6n0+l0Op3O/5x0Ad3pdDqdTqfT6XQ6nU6n0+l0Op0/C/ljP1yv12w2GwAkAXDc1CGJ3tzR6XQ6nU6n8+fBdPxd+yxWb0HS/usuTkQQ7Z602/f386jPFB9+vosI4uhhH3/++X5x5/s7W3rvcVFfjDh6qv1r7l8s6nfzcwWYq/6Io/se7cvxPpoZSSIdf1aNeVsMmaG2hgQoAo+gEEz68PNsRBAeRPgH+2eW6/NJbXnblkTg7vttEyATJtXvAvDAEKmt0byWBQijHvR5/8ayX4+6/e3z99FrHR8LSfXxUW8P5rPmcEzS0bFxd0o4BQcd1lWHlTqsxdG5Ye0e8/YAxNG5dP/fCwhiPr7Mh7k+X3zk9Yj5vPjgsHz0OHWOEf+hhdtzdFw6nU6n0+l0/n9w/Pl/uVzym9/8ht/85jf8/d//Pcvlkoj4uIA+5mMf7voHvk6n0+l0Op0/IzpSSQExi7r2ww8F8UESzndSUIVmtJ9Id6QkTZTWz3WBdNCWH1NZosrGuBdE+KnPhbMMr8+l/TPP2ktH4rPey4m2rUlW5WU4HvGnNVkTnbr/M5r8jJgXoy3HvL9gsg/2RUfr+OErB2pHY96vWfmb1LZf8yZB6I70P97Ged+NwH9y16rEno93zGsx/137EwJhTfQHhO9f72MXLGY5f9ir4yPPfs+E8LbPdVvVjs3hfKxu/bBSce9ZFfNKzbfNFxw+XIu7C/TxNen/DvkpulDudDqdTqfz8/BTn8/mgIakf19AdzqdTqfT6XT+suwTrx/5LPexZDIcpYTvPc/9Zz5++EEHz6nZaHLxrsxSjcm27jbh9+RsRHyQfI59qlk1ObsXxUcSmiafY1bV9/ZxH50+JLX56P7PSerj9ZilZlWo0pHoVRxp5CNZfteL7gXz0Y5CVFmv2XrHQSwffPD9bbx3IHX4i2bpHQdBe18czxL6joxXfSxz0lu2f/x8H9O8F/eXa5bTqa7pB+llqGn7KsjnbTIJk7XbdWd775ysOlw02a+yZgkdePiHa7Jft3/ngkOn0+l0Op1O55Pm/m9b/qSAPk5ZfOw2M9v/6l+n0+l0Op1O578fP+GX/yT7T2R2lH7+6JMf3bfJzDv1GE0S+t2HVL9rQiSEYQEeTqHc2/ZjYVyfP8lISpjpKPVchefddHPab0ttkjjcNqdn7ySmdUgVS4AZs8WNo53yex0P+xRuBPgsyvc78MHn4EMNRbT1C1qo95AgP/pwfZDnd/K+bT9qVUZNH8/Z6SqS693v1m7MJ4PPx6vVb/jx65lhMkxp/7oRtn/2+XX8WDADmEjJKKXc2de9NG4VIsdpeLW10p3z6Hh12Z8wVYoLo12caGt6/A+SORXz/4ZeBdjpdDqdTqfz6SOJlNL+s99HBfT9DrfjB/+p2zudTqfT6fzPycdmQnT+fOw7eTUnhH/6vnOFxvFj50TqncNVbeleBM4PiYM13KeTj/5XpXRL2NYss7VqCyE3aD3C+0jzwRZDtN7jqq33KWhaClZz+rZtwpxArsK0/vBusvte3UYIQkclERxJ9kM9xV7Expxortsmv5vynkXpLDmrtPXDytQY8H4/P0wcz2vVwtLuB4MfVVzPzwiH+o4Pj7H2jzs6FHi0EpCIO9vKUS1GSBDeXPx8kO/littj6y4d6k6keR1mqX2/E7oQ+D79He15j6tB6h+2T24f62sdSej9n0enThxv5V5kc5fjlPq/8++VTqfT6XQ6nc7Pw32H/JMC+qceCPx/Sit0Op1Op9PpdP4DNHmr+e/AB35yvuvxQD+OHrevhjiqyfAmQI9rLOL4ie+avrsVCtZE5fyMYq5oCAHhLRXcdGIzsJLqQMD2iEMSthxSzsefO+MgaGehGa3G43hQ3gfr5TXpfOe2vcA9bPOx4FTcTYqbNYlrdriDO9DSyhJmUV2vzet/lCBv+2amw2Ps2D/Pqe9DH3L4h+s+79KdaPp8/33YutWz6NBIfSzhY1/fMl9E4Oj7WkcSTcjPx3dOv2tfs3GQ1MQhRV0LTQ5rvL+WsV//Q4r8uGd6/5D7SehDJv3usTvutz6udzmuLNkvygcv0+l0Op1Op9P5GZk/488NGj/ZAf2x6ejHt/VUQafT6XQ6nc6fgTlgqypMNdvnfSL0/gDCSrSEs98TvneH7HHwnXsBeAiSzgP05u/2ElhGyJhN+HHq9VjqHqdg5/1wh4lAeJPRas44KHOqmFlOz883q+95uF8chLaqDp8fZ/NfPI5e97BmQi0VHM1V1vubgtRaO/bC886aHKo39uvQ5LPP99o/7rD/HhxE/NFz7WszOAx/PPRkc5C9R8xdy/Ozz2I+9rfNSfEgzZL7eNv366uDbVcQZvuNVXuh/bDD+Rzbv+osq6t8DkWTwu1522khpwrto+eZc83HxHyBQoYiMMU+5R37bug5Sf3xAYpzGOZwMeVDCd3/vdLpdDqdTqfzl+dOfR015PEnBXSn0+l0Op3OTBc5nx53QgKzCA1nrpiYKxRolQ1+LGhTTemGz3UNsU/UHuRiu3urd0BG1A4IYk7Qzn7xWGpbE4d7PS3K7BznzUSEzSq2SUY7CNh52KGalHSvaeRZPlvrSJ6FuY4FK8cVDbQUNdyv6kiCwQ5DBsMO8rkwy2paKrolo+VVwM67C3W75ygwVNEcc36c1nMde2lc+6t1OF7OcbS5Pm9LYR9E872LB/Naz1+mO3c86O/5gM+r6tzxwk3gzhcr9oMVuVvfEvdfTwatI9q9Pa18n+jWvnpD++1pz7r/f11Xavp6/lnEfDp+kAs/Dsd0udzpdDqdTqfzPw5/cgjhn/pQ1z/wdTqdTqfT6fz52H/WiuNU6/7We6nmauvU/GINvdaqiJSsSdxgmjWfhKXazByW2q/FVcn7U4nT/WA+eUupqrVsHFcp0Oop5vsDChw71EnsZSkQqd3fsPY1i3DN9jfAixCFebBgVeeHxK7tv1rtRdR09SF9cah5mKVoANnEoJrICNUKjxoKDuTlkKQ2oZRIOeE+4T4dHSmBWU1h7+XpUR5cc9q73ftoX+u2GVGcKKWK6qhKPpnd+Tx+X7ruk+D750sYqSWt/SgN3k4M0bbCqqi/V2lxzNzDfedn8zlhCTfV12s1HXJqvYvXiw+xb+qbLyjoTlp+fvb9eWV2JyUeOFH8J2s17qdq7oj7j/xmQKfT6XQ6nU7nL8fx59TjAMF/uAO60+l0Op1Op/PnZU7zWhwqDMq+7iJagjZasrkJt6hON0F1fq0iIgHJW2WBDNLc82vkIkoKplzIYx0mGCbU+nUN4RKF+vdQMJmj4uAFb0laU31MtHoIC8OidkOXCIoHEYUUYqEE4XgRYwoSsNiL24lSvM3SE4lUSzsEUbsdSH5I6gaON/FcsLqdUTjUXsxd2NaC0dFGCbZ1bn8GMNr8OiI5pL30hYJXee5BTLUuIonaOR3Co8r0kAMTpaWsE4lkQbLC1BLg4XWtzAvz5QCfDx5gbticMC8OClLUygtJJNXUuCPKXM/i3sLTc01KfX1PgBfkBYsEtIsHOcAglZpQdxUcQSSS10GTdXuCMMcVWKnR67AM5shKTW63PhJFFfAKMbnXnuj5Vy5p556BWr1GEOCGvMrrZIFsvsgiHGOa8/NBGxQZuKjb1pLyRj0uvq+KqV93agT7P2k6nU6n0+l0fhbuVzn3Co5Op9PpdDqdT4YmI2cBLVHmegbNlQxN7s3VECESwdBqH1xiVGCINCdQZXUQndXkswoQI26lylJSvc0dRZAQU4hQ3RaPoETBcBROiamFa40U2su/JJFkqEnz0b
"deleted": false,
"disable_correlation": false,
"timestamp": "1533806665",
"to_ids": false,
"type": "attachment",
"uuid": "5b6c0849-8d98-4751-9ec4-1a6a950d210f",
"value": "wannasmile.png"
},
{
"category": "External analysis",
"comment": "Black Ruby",
"data": "iVBORw0KGgoAAAANSUhEUgAABHwAAAN6CAYAAAD8dl68AAAABHNCSVQICAgIfAhkiAAAABl0RVh0U29mdHdhcmUAZ25vbWUtc2NyZWVuc2hvdO8Dvz4AACAASURBVHic7L35k2THkef38Yh4R95Zdx/oBrpBEOA1HNLWtNoZSWaSzOYv1pppzWZM0sysNLIxLskBD4DgBaBx9Vldd+Z7Ea4fIl5m1tmVie4mhHlfsgpdme/F6XH4N9w9RFWVFi1atGjRokWLFi1atGjRokWLFt8amL90AVq0aNGiRYsWLVq0aNGiRYsWLVq8XLSET4sWLVq0aNGiRYsWLVq0aNGixbcMLeHTokWLFi1atGjRokWLFi1atGjxLUNL+LRo0aJFixYtWrRo0aJFixYtWnzL0BI+LVq0aNGiRYsWLVq0aNGiRYsW3zK0hE+LFi1atGjRokWLFi1atGjRosW3DC3h06JFixYtWrRo0aJFixYtWrRo8S1DS/i0aNGiRYsWLVq0aNGiRYsWLVp8y9ASPi1atGjRokWLFi1atGjRokWLFt8ytIRPixYtWrRo0aJFixYtWrRo0aLFtwwt4dOiRYsWLVq0aNGiRYsWLVq0aPEtQ0v4tGjRokWLFi1atGjRokWLFi1afMvgzn6gKIdHh/zsF7/gq8dPqdUyGN8gK0ecVIILBqdCpTXBBDRT6lyYOsshGZ88PeTjx/s8DzAxEDIoDk4opzWlMXSAroH1XsnGoMvGsEeOJ8eTBc8Xn3zMH373O/7tVx+Qd7p8/0c/RICD5/t8/NEfGY3GjNbX+OzRV6xtbfDjn/6Ena1tup0uR/tH/P4Pv+PB55/w5r07nEyO+OOf/0Ce5+R5gbMZGgxVFTg8OMK6nOF4neFgxMnxhN/++jcMBwPu3LnDu+++S7fb4eT4kF/84uccHx/ykx//FWWny+HRMb/97W/p9/v85Cc/Ic9zvPc8ffqUL774gidPnrC+vs7u7i6/+93v2N7ZZGNjjX6/z+eff87u7i5/93d/R7fb5cGDB3z44Yfs7u6ysbHBkydP2Nvb4/vvvcetm7cYjUa8//777O/v8/bbb3P//n1u3rzJdDrFew/AP/zDP/DbX/8aP61AhX5vwH/87/+Wt9/+Dpub2/zmN7/mN7/5Fe//6pd8//vf5af/4a/JMuH9X/2G/+0//xc217YYDdbpZF1++IMf8KMf/ZDN7TU+//IB//Kv/8JJVbG+ucl//E9/w+H+Pp/88U/8+v330dpz+8ZNtm7sUAXP+7/9NUW3w/b2Drdu3kSrmsdfPSTrlgQjHB4e0ut0WV9b4+7duxRFwXQ65Z/+6Z948OAB29vbbG5usr21xd3bb+Brz1dffcWHH37IkydP6PV6vPfee7zzzjsAfPTRR/zzP/8zW1tb7Ny4wa27d/nD73/Phx98yKA3YGN9g52dHf7tl+8TFP7n/+V/ZWNziyzPAXjw4GPef/+/8dc/+AHDXocPPvg1H33yMQ8ePkRsxq2bb/DDd7/PGzs7HOw953//L/+Zx892qRWybod33v0u/+lv/5bf/+YD/vjhR3zyxz+xc+smb92/R3c4oOx2KIoCNPDkyWN++ctf8uMf/5i/+Zu/oShLPv30U372s5/R7XbZ2dnhxz/+MQCPHz3i//1//oUwrRj2B/z5T3/CWMt33v0uHmUaPEHAWoMzlno6hRpyHBtbW2TdkgdffUmn12V7e5u93V12nzzl8aPH/OSnP+Xd771H5Ws+/eRTPvzgAx4+fEieZdx/6x5337jN9sYGzjo++O1v+dnP/pXheEzZKQE4Ojnh8PCQvb09+v0e6+trfPb5A/r9Hj/96U/Ze77P/v4BeV5wfHzMwcExd964i3OWh4++4ue/+Ff+/PEfGA66DIdD+v0RvjZkWclgMODdd99mbW3IR7/5iK3NLd555x1+8d9+zocffsgnn3zCm3fvcvfOHbplh04n/mRZxmePHvPPv/gV/8P/9D/ygx/9iK8ePeTB55/z6PEjfvRXf83t27fplCWqGic+5wiqBFUEkNOTICAIkv49/170zLNXQCS+b86m/wIoil/ieVL6MZ/r59S0xTIIAsgStVFdqs0gNrkunc/y7RxQwhLPQ+z/q05JZJkyX4JV+n+1+qd2XgKG2AZLFCu28ZICsPyYWT6fF/XlXxrLyNJKY5nl+39ZCMvNmaviddQForyYVzzHrjRmXhNWHTOLsvyiNvk21n8ZrDSXAfYlNdgqMvsivIx18Sq8ijL/pbCq/DdtPG8LZbaBvSif9JyYuNVa7CMR4dGjR+zv7zPo9THGEEKgDh4NAVTJnMHXE7784jOsKKNhn9s3thn0O6Ah7kklgNQcn0zZ35/w+NkRKhnj9W1q9dShBsCIYDSu+icnxzx7/oTRaI1up8v+/j5FXtDvDZicnABKUeRYI6Ceo6Mjjk8O8PWEH737LpOjA/7r//2P7B/uUfspmXHc/847fPcHP+DffvcRB8cTdjZv0O0OyVyHugpMQkVFzbA/xgWl3ntKQY0e7vPVBx9RHD5ijT2mTz5Hjg4oVbBe0GA4Ecdxd8Bhb8TndY3d3OL+D/+Kd77/PW7duQ1B+ePP/o1f/f0/Un/+OfnxLsNiQsZzct2nUI94g4YcU46pyyGH3SFfuTHTzTu8/Z/+hnK0iVdHJcI0s0y7OccHRxw/fcrx53/iP3z3Tf7ub/87xBjEXC445wgfaOSsEZYQBcIKxgsBqFEUA1bBxe2pEaFXZHSdIQs1cnSCEHCFxU2myKSmDoFahOAsFQGfO6z0IUTBy2yGFYuoodcfsrG9zXfe+S5WDLtPn3G8d0hRFHS7XdbW1nFZzqOHj+n3BogaHj96zO6zXaYnUzp5F1Spp57nzx7T7XR5773vowF2d/d5fPiYwSDj1s5NBv0Bde0xqmQuYzwakWcZVoTM2rjAB0VVscZSFgWZc/iq5tmTpwyHQ7z3PPrqIYf7+2TWsjYaMxoMKbKc0WhAnjuOj4/RWsErfuo50WOePnqC1oFO3qFXdpl0TpAg3L3zJjdu3MBay/r6BnXtefr0GWtru4zH63hfU9ce72um04osL7i1c5M8L8izgslkwvO9PTa2tik6HTq9HjbLyMsOnW6P6fQYYx2j8Zg7d9/ijVt32RhvcvPGDt1+j6BKVXu8BlRARfAKRVmyubXJ97//fQjKeDhEjGHv8IDBYMjWjR3efOstxsMBz58+48vPv6A0FmcdE5mQ2Yw8KyBA8EqoA844Rv0hb915k83NLYbDAWicdNbX19ne3qaqKnZ3d3ny5Ambm5t0Oh2899R1jYhQFAWjwYAiz1FVXOawmUUFgkTFPhDAgNg4eYk1ZHlOUM+0rsAI/X6fm9aytrlN7gq++OILSmvRUDHo9xmN1xmO1+mM+pT9Ho8fPaKeThn2+3zn7bfp9/sULsMoOGPod7sAnBwdk7scg4EQZb3fG7C5vsn+wQH7ewfUlSeEwPHRCXvP9+hkBYP+kG6nh8syttY38QKH0xP2DvYJXkGVwpUUZU4377K3t8/+w4d4A+ubm6ytrTM5muBcTll2MWKoq5qAMhgMuXfvPuPRGBHYWN+g1+uTZQWqgdr7KFtZxvr6BuPxmN//4Q988fkX7O/tUeQ5mcuoJhW+DPR7A0INdRUQEZzJyLMaawRVJXhPr9PjjVu3+e5377O5tUW30+fPf/6Cw4MTyqJDr9un3xvgsozDoyO++PJLAsrm1ha9fp9Bv09eFNjMUXRK+sMB1lrKvX1yhJO9Ax5//gWffvwxYgzv3H2L7dGIrrUwrchdhrWGUPs0w80pksU9yXwObP4TPxFV5JJFVJDTi3RaUJfdighgFjYw59I9lfxC6iJL5SaiVz59EXlkAAnXz2Oh6ZaCwKz9lsprCVguWQCvyuOqulzcTUQKh2sX8Gz/XxeXle0yEvAUqaKzUl78/kISalgYGno6/eafC9/bU/tOuZjHO5v/CgqCVb2wjS8dP3J5nf/SiG26zFhePg8DS4+xF5bjgrZ+He3srtZtXh5k9ut6j69QdwNnxsyrwjXH4tmvL3hHFn5f/OXCenaJaDd5vr76n8
"deleted": false,
"disable_correlation": false,
"timestamp": "1533818024",
"to_ids": false,
"type": "attachment",
"uuid": "5b6c34a8-61f0-491d-87f5-7840950d210f",
"value": "blackruby.png"
}
],
"Object": [
{
"comment": "",
"deleted": false,
"description": "Microblog post like a Twitter tweet or a post on a Facebook wall.",
"meta-category": "misc",
"name": "microblog",
"template_uuid": "8ec8c911-ddbe-4f5b-895b-fbff70c42a60",
"template_version": "4",
"timestamp": "1533719094",
"uuid": "5b6ab236-9b58-4bfa-af84-4320950d210f",
"Attribute": [
{
"category": "Other",
"comment": "",
"deleted": false,
"disable_correlation": false,
"object_relation": "post",
"timestamp": "1533719094",
"to_ids": false,
"type": "text",
"uuid": "5b6ab236-fe24-4203-beb0-4bb8950d210f",
"value": "Cobalt Group and FIN7 Recent Malware Campaigns https://www.accenture.com/t20180803T064557Z__w__/us-en/_acnmedia/PDF-83/Accenture-Cyber-Threatscape-Report-2018.pdf \u00e2\u20ac\u00a6 All IOC here: https://otx.alienvault.com/pulse/5b69d37292f5ac2b98346cf3 \u00e2\u20ac\u00a6 #Fin7 #Carbanak #CyberSecurity #Malware #cobalt"
},
{
"category": "Other",
"comment": "",
"deleted": false,
"disable_correlation": true,
"object_relation": "type",
"timestamp": "1533719095",
"to_ids": false,
"type": "text",
"uuid": "5b6ab237-ab54-4d39-9253-4fb9950d210f",
"value": "Twitter"
},
{
"category": "Network activity",
"comment": "",
"deleted": false,
"disable_correlation": false,
"object_relation": "url",
"timestamp": "1533719095",
"to_ids": true,
"type": "url",
"uuid": "5b6ab237-d198-4622-8944-49d7950d210f",
"value": "https://twitter.com/Bank_Security/status/1027076295803453441"
},
{
"category": "Network activity",
"comment": "",
"deleted": false,
"disable_correlation": false,
"object_relation": "link",
"timestamp": "1533719096",
"to_ids": true,
"type": "url",
"uuid": "5b6ab238-fad0-4688-bdf0-4a6e950d210f",
"value": "https://www.accenture.com/t20180803T064557Z__w__/us-en/_acnmedia/PDF-83/Accenture-Cyber-Threatscape-Report-2018.pdf"
},
{
"category": "Network activity",
"comment": "",
"deleted": false,
"disable_correlation": false,
"object_relation": "link",
"timestamp": "1533719097",
"to_ids": true,
"type": "url",
"uuid": "5b6ab239-f07c-45d4-abd7-4650950d210f",
"value": "https://otx.alienvault.com/pulse/5b69d37292f5ac2b98346cf3"
},
{
"category": "Other",
"comment": "",
"deleted": false,
"disable_correlation": false,
"object_relation": "creation-date",
"timestamp": "1533719099",
"to_ids": false,
"type": "datetime",
"uuid": "5b6ab23b-8bc0-4ec6-99b7-468f950d210f",
"value": "2018-08-07T23:17:00"
},
{
"category": "Other",
"comment": "",
"deleted": false,
"disable_correlation": false,
"object_relation": "username",
"timestamp": "1533719100",
"to_ids": false,
"type": "text",
"uuid": "5b6ab23c-3940-4bbd-adfc-407d950d210f",
"value": "@Bank_Security"
}
]
},
{
"comment": "",
"deleted": false,
"description": "File object describing a file with meta-information",
"meta-category": "file",
"name": "file",
"template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215",
"template_version": "11",
"timestamp": "1533719466",
"uuid": "5b6ab3aa-1558-4434-8acb-406b950d210f",
"Attribute": [
{
"category": "Payload delivery",
"comment": "",
"deleted": false,
"disable_correlation": false,
"object_relation": "md5",
"timestamp": "1533719467",
"to_ids": true,
"type": "md5",
"uuid": "5b6ab3ab-5de0-4486-b81a-43b0950d210f",
"value": "03c6601a7fef76fce7fb63c116ef5fb9"
},
{
"category": "Other",
"comment": "",
"deleted": false,
"disable_correlation": true,
"object_relation": "state",
"timestamp": "1533719468",
"to_ids": false,
"type": "text",
"uuid": "5b6ab3ac-2268-4704-a94c-4a53950d210f",
"value": "Malicious"
}
]
},
{
"comment": "",
"deleted": false,
"description": "File object describing a file with meta-information",
"meta-category": "file",
"name": "file",
"template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215",
"template_version": "11",
"timestamp": "1533726319",
"uuid": "5b6ab3b8-08e0-490d-be87-4168950d210f",
"ObjectReference": [
{
"comment": "",
"object_uuid": "5b6ab3b8-08e0-490d-be87-4168950d210f",
"referenced_uuid": "5b6ace27-a8d8-486a-8661-3b5a950d210f",
"relationship_type": "dropped-by",
"timestamp": "1533726316",
"uuid": "5b6ace6c-ec5c-40e7-81cc-3b5a950d210f"
}
],
"Attribute": [
{
"category": "Payload delivery",
"comment": "",
"deleted": false,
"disable_correlation": false,
"object_relation": "md5",
"timestamp": "1533726212",
"to_ids": true,
"type": "md5",
"uuid": "5b6ab3b9-6410-4132-a5a7-4c29950d210f",
"value": "298774c49ee2a1e823f8049a34c09609"
},
{
"category": "Other",
"comment": "",
"deleted": false,
"disable_correlation": true,
"object_relation": "state",
"timestamp": "1533726212",
"to_ids": false,
"type": "text",
"uuid": "5b6ab3ba-01a8-45db-8153-4f3c950d210f",
"value": "Malicious"
},
{
"category": "Payload delivery",
"comment": "",
"deleted": false,
"disable_correlation": true,
"object_relation": "filename",
"timestamp": "1533726214",
"to_ids": true,
"type": "filename",
"uuid": "5b6ace06-87f0-408b-85dd-1792950d210f",
"value": "Details Acess.doc"
},
{
"category": "Other",
"comment": "",
"deleted": false,
"disable_correlation": true,
"object_relation": "size-in-bytes",
"timestamp": "1533726214",
"to_ids": false,
"type": "size-in-bytes",
"uuid": "5b6ace06-1684-4cbe-a2be-1792950d210f",
"value": "47560"
}
]
},
{
"comment": " Bash script to delete Registry keys related to \r\nMicrosoft\u00e2\u20ac\u2122s Word Resilience, set Zones to null, and execute the script \r\nnamed tCrrDqBQoCcEkbnK.txt using the Microsoft Connection \r\nManager Profile Installer (cmstp.exe); the bash script also deletes \r\nKbhpQIcahFCuZwq.sct and wipes content from MGsCOxPSNK.txt",
"deleted": false,
"description": "File object describing a file with meta-information",
"meta-category": "file",
"name": "file",
"template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215",
"template_version": "11",
"timestamp": "1533727833",
"uuid": "5b6ab3c7-1344-45eb-aca4-4743950d210f",
"Attribute": [
{
"category": "Payload delivery",
"comment": "",
"deleted": false,
"disable_correlation": false,
"object_relation": "md5",
"timestamp": "1533727833",
"to_ids": true,
"type": "md5",
"uuid": "5b6ab3c7-e1e4-466d-b44d-43df950d210f",
"value": "9c289f5db447ac00069b76ff5f8009d1"
},
{
"category": "Other",
"comment": "",
"deleted": false,
"disable_correlation": true,
"object_relation": "state",
"timestamp": "1533727833",
"to_ids": false,
"type": "text",
"uuid": "5b6ab3c8-c7e4-4b5d-80a7-403a950d210f",
"value": "Malicious"
},
{
"category": "Payload delivery",
"comment": "",
"deleted": false,
"disable_correlation": true,
"object_relation": "filename",
"timestamp": "1533727833",
"to_ids": true,
"type": "filename",
"uuid": "5b6ad459-97bc-4b18-8986-3b53950d210f",
"value": "RaRaoVewkM.txt"
}
]
},
{
"comment": "",
"deleted": false,
"description": "File object describing a file with meta-information",
"meta-category": "file",
"name": "file",
"template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215",
"template_version": "11",
"timestamp": "1533719507",
"uuid": "5b6ab3d3-bb34-4fd0-b76e-4ae5950d210f",
"Attribute": [
{
"category": "Payload delivery",
"comment": "",
"deleted": false,
"disable_correlation": false,
"object_relation": "md5",
"timestamp": "1533719507",
"to_ids": true,
"type": "md5",
"uuid": "5b6ab3d3-3ee4-4c8c-9394-4852950d210f",
"value": "1a2e7a9bc8b6e6f359b80173c1f3f42d"
},
{
"category": "Other",
"comment": "",
"deleted": false,
"disable_correlation": true,
"object_relation": "state",
"timestamp": "1533719508",
"to_ids": false,
"type": "text",
"uuid": "5b6ab3d4-d700-4c02-8330-45f4950d210f",
"value": "Malicious"
}
]
},
{
"comment": "Clean decoy file shown to the victim user",
"deleted": false,
"description": "File object describing a file with meta-information",
"meta-category": "file",
"name": "file",
"template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215",
"template_version": "11",
"timestamp": "1533727883",
"uuid": "5b6ab3e1-09cc-4bdc-9a16-494a950d210f",
"Attribute": [
{
"category": "Payload delivery",
"comment": "",
"deleted": false,
"disable_correlation": false,
"object_relation": "md5",
"timestamp": "1533727883",
"to_ids": true,
"type": "md5",
"uuid": "5b6ab3e1-24a4-48f8-bb6f-41b0950d210f",
"value": "aab98b81b9f899183fd090c5f0fe402b"
},
{
"category": "Other",
"comment": "",
"deleted": false,
"disable_correlation": true,
"object_relation": "state",
"timestamp": "1533727883",
"to_ids": false,
"type": "text",
"uuid": "5b6ab3e2-f1d4-4ce3-8b31-4493950d210f",
"value": "Malicious"
},
{
"category": "Payload delivery",
"comment": "",
"deleted": false,
"disable_correlation": true,
"object_relation": "filename",
"timestamp": "1533727883",
"to_ids": true,
"type": "filename",
"uuid": "5b6ad48b-d630-42a0-a201-4f8f950d210f",
"value": "MyFHPeibBN.doc"
}
]
},
{
"comment": "",
"deleted": false,
"description": "File object describing a file with meta-information",
"meta-category": "file",
"name": "file",
"template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215",
"template_version": "11",
"timestamp": "1533719534",
"uuid": "5b6ab3ee-613c-40e8-88d1-4a64950d210f",
"Attribute": [
{
"category": "Payload delivery",
"comment": "",
"deleted": false,
"disable_correlation": false,
"object_relation": "md5",
"timestamp": "1533719534",
"to_ids": true,
"type": "md5",
"uuid": "5b6ab3ee-23d8-4489-a137-4167950d210f",
"value": "b36782a9a2b34e8385702ec00cb85065"
},
{
"category": "Other",
"comment": "",
"deleted": false,
"disable_correlation": true,
"object_relation": "state",
"timestamp": "1533719535",
"to_ids": false,
"type": "text",
"uuid": "5b6ab3ef-6b18-4506-a481-48d6950d210f",
"value": "Malicious"
}
]
},
{
"comment": " Scriptlet that contains JavaScript to execute \r\nMGsCOxPSNK.txt",
"deleted": false,
"description": "File object describing a file with meta-information",
"meta-category": "file",
"name": "file",
"template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215",
"template_version": "11",
"timestamp": "1533727033",
"uuid": "5b6ab3fd-5094-455e-b3b4-4cea950d210f",
"Attribute": [
{
"category": "Payload delivery",
"comment": "",
"deleted": false,
"disable_correlation": false,
"object_relation": "md5",
"timestamp": "1533727033",
"to_ids": true,
"type": "md5",
"uuid": "5b6ab3fd-87d8-469f-8535-49a2950d210f",
"value": "05aa48a9c536ad644a2e91eddf2c0511"
},
{
"category": "Other",
"comment": "",
"deleted": false,
"disable_correlation": true,
"object_relation": "state",
"timestamp": "1533727033",
"to_ids": false,
"type": "text",
"uuid": "5b6ab3fe-c440-4e88-804a-4056950d210f",
"value": "Malicious"
},
{
"category": "Payload delivery",
"comment": "",
"deleted": false,
"disable_correlation": true,
"object_relation": "filename",
"timestamp": "1533727034",
"to_ids": true,
"type": "filename",
"uuid": "5b6ad13a-193c-47de-82a5-4c9d950d210f",
"value": "icWwJarxcTwcABh.sct"
}
]
},
{
"comment": " Configuration file executed by Microsoft\u00e2\u20ac\u2122s Connection \r\nManager Profile Installer (cmstp.exe) that will contact the given \r\nremote location, safe.my-documents[.]biz, to download an additional \r\nfile named robot.txt, which is a dropper script that would then drop a \r\nmalicious DLL onto the victim system.",
"deleted": false,
"description": "File object describing a file with meta-information",
"meta-category": "file",
"name": "file",
"template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215",
"template_version": "11",
"timestamp": "1533728524",
"uuid": "5b6ab40c-9a94-4194-8720-4dd4950d210f",
"Attribute": [
{
"category": "Payload delivery",
"comment": "",
"deleted": false,
"disable_correlation": false,
"object_relation": "md5",
"timestamp": "1533728524",
"to_ids": true,
"type": "md5",
"uuid": "5b6ab40c-6fac-4bdb-8b45-44a4950d210f",
"value": "e5614d2eec5d2b75c5eb26e059932f25"
},
{
"category": "Other",
"comment": "",
"deleted": false,
"disable_correlation": true,
"object_relation": "state",
"timestamp": "1533728524",
"to_ids": false,
"type": "text",
"uuid": "5b6ab40d-a7c0-4e80-9ae0-494b950d210f",
"value": "Malicious"
},
{
"category": "Payload delivery",
"comment": "",
"deleted": false,
"disable_correlation": true,
"object_relation": "filename",
"timestamp": "1533728524",
"to_ids": true,
"type": "filename",
"uuid": "5b6ad70c-c994-4185-a5de-45a9950d210f",
"value": "daQMTVvsBig.txt"
}
]
},
{
"comment": "",
"deleted": false,
"description": "File object describing a file with meta-information",
"meta-category": "file",
"name": "file",
"template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215",
"template_version": "11",
"timestamp": "1533732779",
"uuid": "5b6ab417-4004-4d04-9548-41c2950d210f",
"Attribute": [
{
"category": "Payload delivery",
"comment": "",
"deleted": false,
"disable_correlation": false,
"object_relation": "md5",
"timestamp": "1533732779",
"to_ids": true,
"type": "md5",
"uuid": "5b6ab417-ae00-44c5-8db2-4f24950d210f",
"value": "e7702f9585616283b6b412b06b274dbf"
},
{
"category": "Other",
"comment": "",
"deleted": false,
"disable_correlation": true,
"object_relation": "state",
"timestamp": "1533732779",
"to_ids": false,
"type": "text",
"uuid": "5b6ab418-d3ac-4c97-8825-49e6950d210f",
"value": "Malicious"
},
{
"category": "Payload delivery",
"comment": "",
"deleted": false,
"disable_correlation": true,
"object_relation": "filename",
"timestamp": "1533732779",
"to_ids": true,
"type": "filename",
"uuid": "5b6ad99d-54f0-45e6-80d6-45be950d210f",
"value": "10206.txt"
},
{
"category": "Payload delivery",
"comment": "",
"deleted": false,
"disable_correlation": true,
"object_relation": "filename",
"timestamp": "1533732779",
"to_ids": true,
"type": "filename",
"uuid": "5b6ad99d-3594-4f5f-83c5-4c2a950d210f",
"value": "tt.dll"
},
{
"category": "Other",
"comment": "",
"deleted": false,
"disable_correlation": true,
"object_relation": "size-in-bytes",
"timestamp": "1533732779",
"to_ids": false,
"type": "size-in-bytes",
"uuid": "5b6ad99d-f2d8-4105-8b1f-4fa1950d210f",
"value": "92160"
}
]
},
{
"comment": "",
"deleted": false,
"description": "File object describing a file with meta-information",
"meta-category": "file",
"name": "file",
"template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215",
"template_version": "11",
"timestamp": "1533798027",
"uuid": "ae2ca65e-a566-40e9-988c-afd94662b78a",
"ObjectReference": [
{
"comment": "",
"object_uuid": "ae2ca65e-a566-40e9-988c-afd94662b78a",
"referenced_uuid": "0aaae123-be6c-48b9-a529-8423c78edcc5",
"relationship_type": "analysed-with",
"timestamp": "1533798045",
"uuid": "5b6be69d-8f40-4f51-b642-450102de0b81"
}
],
"Attribute": [
{
"category": "Payload delivery",
"comment": "",
"deleted": false,
"disable_correlation": false,
"object_relation": "md5",
"timestamp": "1533798025",
"to_ids": true,
"type": "md5",
"uuid": "eb12f422-2e33-417c-9373-3d16c8d57de3",
"value": "e7702f9585616283b6b412b06b274dbf"
},
{
"category": "Payload delivery",
"comment": "",
"deleted": false,
"disable_correlation": false,
"object_relation": "sha1",
"timestamp": "1533798025",
"to_ids": true,
"type": "sha1",
"uuid": "1f8c0240-2cc3-4177-9622-2388c8e36ede",
"value": "d69ad2135f06d13e17f12c7e18c738aa4d3e59c3"
},
{
"category": "Payload delivery",
"comment": "",
"deleted": false,
"disable_correlation": false,
"object_relation": "sha256",
"timestamp": "1533798026",
"to_ids": true,
"type": "sha256",
"uuid": "8ab30eda-dbcc-4cd8-bee5-60cbf6b325a7",
"value": "e23288695e01dfc34da6642e72f242dc4033d01bff9e5a78f36061f55093eeea"
}
]
},
{
"comment": "",
"deleted": false,
"description": "VirusTotal report",
"meta-category": "misc",
"name": "virustotal-report",
"template_uuid": "d7dd0154-e04f-4c34-a2fb-79f3a3a52aa4",
"template_version": "2",
"timestamp": "1533798026",
"uuid": "0aaae123-be6c-48b9-a529-8423c78edcc5",
"Attribute": [
{
"category": "Other",
"comment": "",
"deleted": false,
"disable_correlation": false,
"object_relation": "last-submission",
"timestamp": "1533798026",
"to_ids": false,
"type": "datetime",
"uuid": "76b19d50-ae82-4b15-890d-33b8798026df",
"value": "2018-06-22T12:19:27"
},
{
"category": "External analysis",
"comment": "",
"deleted": false,
"disable_correlation": false,
"object_relation": "permalink",
"timestamp": "1533798027",
"to_ids": false,
"type": "link",
"uuid": "bd44e693-7d9e-4b6e-9f53-2a95e038780a",
"value": "https://www.virustotal.com/file/e23288695e01dfc34da6642e72f242dc4033d01bff9e5a78f36061f55093eeea/analysis/1529669967/"
},
{
"category": "Other",
"comment": "",
"deleted": false,
"disable_correlation": true,
"object_relation": "detection-ratio",
"timestamp": "1533798027",
"to_ids": false,
"type": "text",
"uuid": "3da4c98b-e7ac-482c-befa-1e386c12473f",
"value": "37/68"
}
]
},
{
"comment": "",
"deleted": false,
"description": "File object describing a file with meta-information",
"meta-category": "file",
"name": "file",
"template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215",
"template_version": "11",
"timestamp": "1533798030",
"uuid": "3d2bdce2-0a74-4132-9e62-ff7f6bb49d67",
"ObjectReference": [
{
"comment": "",
"object_uuid": "3d2bdce2-0a74-4132-9e62-ff7f6bb49d67",
"referenced_uuid": "bee356cc-192c-41d8-a4cc-78db7e2abb46",
"relationship_type": "analysed-with",
"timestamp": "1533798045",
"uuid": "5b6be69d-a334-4091-8995-447d02de0b81"
}
],
"Attribute": [
{
"category": "Payload delivery",
"comment": "",
"deleted": false,
"disable_correlation": false,
"object_relation": "md5",
"timestamp": "1533798028",
"to_ids": true,
"type": "md5",
"uuid": "08acc816-6f00-453d-bc36-523c87fc798c",
"value": "298774c49ee2a1e823f8049a34c09609"
},
{
"category": "Payload delivery",
"comment": "",
"deleted": false,
"disable_correlation": false,
"object_relation": "sha1",
"timestamp": "1533798028",
"to_ids": true,
"type": "sha1",
"uuid": "dfd3f8c2-032c-45af-8678-22c1577c73ca",
"value": "e4c6120b824db8ba43abc1356dcf6963786206cf"
},
{
"category": "Payload delivery",
"comment": "",
"deleted": false,
"disable_correlation": false,
"object_relation": "sha256",
"timestamp": "1533798028",
"to_ids": true,
"type": "sha256",
"uuid": "59b11f1d-65c5-44f1-b918-7c859d74dd48",
"value": "4e78b0218d8bd445fe7f53a3d7134b21ed02396e876663e7d3a9e16975a3dcc2"
}
]
},
{
"comment": "",
"deleted": false,
"description": "VirusTotal report",
"meta-category": "misc",
"name": "virustotal-report",
"template_uuid": "d7dd0154-e04f-4c34-a2fb-79f3a3a52aa4",
"template_version": "2",
"timestamp": "1533798029",
"uuid": "bee356cc-192c-41d8-a4cc-78db7e2abb46",
"Attribute": [
{
"category": "Other",
"comment": "",
"deleted": false,
"disable_correlation": false,
"object_relation": "last-submission",
"timestamp": "1533798029",
"to_ids": false,
"type": "datetime",
"uuid": "825e3f3e-c0fe-469f-8096-89309cdb52ee",
"value": "2018-06-28T00:11:29"
},
{
"category": "External analysis",
"comment": "",
"deleted": false,
"disable_correlation": false,
"object_relation": "permalink",
"timestamp": "1533798029",
"to_ids": false,
"type": "link",
"uuid": "523deae8-2ada-449d-b4e5-7372edf3adcf",
"value": "https://www.virustotal.com/file/4e78b0218d8bd445fe7f53a3d7134b21ed02396e876663e7d3a9e16975a3dcc2/analysis/1530144689/"
},
{
"category": "Other",
"comment": "",
"deleted": false,
"disable_correlation": true,
"object_relation": "detection-ratio",
"timestamp": "1533798030",
"to_ids": false,
"type": "text",
"uuid": "86483ff6-cfd1-4d8f-8baf-1130cf8aa16e",
"value": "17/60"
}
]
},
{
"comment": "",
"deleted": false,
"description": "File object describing a file with meta-information",
"meta-category": "file",
"name": "file",
"template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215",
"template_version": "11",
"timestamp": "1533798033",
"uuid": "b73de252-a2b1-4e50-b191-29e4730ad2cc",
"ObjectReference": [
{
"comment": "",
"object_uuid": "b73de252-a2b1-4e50-b191-29e4730ad2cc",
"referenced_uuid": "0d7c23b3-5109-4ec7-a30a-bfde82cdf32e",
"relationship_type": "analysed-with",
"timestamp": "1533798045",
"uuid": "5b6be69e-35e0-41fa-8a2a-494002de0b81"
}
],
"Attribute": [
{
"category": "Payload delivery",
"comment": "",
"deleted": false,
"disable_correlation": false,
"object_relation": "md5",
"timestamp": "1533798030",
"to_ids": true,
"type": "md5",
"uuid": "9930e15a-991c-4d41-b855-9f98b1ee9cb6",
"value": "aab98b81b9f899183fd090c5f0fe402b"
},
{
"category": "Payload delivery",
"comment": "",
"deleted": false,
"disable_correlation": false,
"object_relation": "sha1",
"timestamp": "1533798030",
"to_ids": true,
"type": "sha1",
"uuid": "5d25791d-0157-4888-96dd-66bf50795a2d",
"value": "1db3baab58157e6a2b521525843facbc4d9183c4"
},
{
"category": "Payload delivery",
"comment": "",
"deleted": false,
"disable_correlation": false,
"object_relation": "sha256",
"timestamp": "1533798031",
"to_ids": true,
"type": "sha256",
"uuid": "156a773d-f590-4a21-95c2-504dacc02639",
"value": "ce6821adbd912da5a18313a98009cf37febe68064cc0b7a8a97f14afe35bd54d"
}
]
},
{
"comment": "",
"deleted": false,
"description": "VirusTotal report",
"meta-category": "misc",
"name": "virustotal-report",
"template_uuid": "d7dd0154-e04f-4c34-a2fb-79f3a3a52aa4",
"template_version": "2",
"timestamp": "1533798032",
"uuid": "0d7c23b3-5109-4ec7-a30a-bfde82cdf32e",
"Attribute": [
{
"category": "Other",
"comment": "",
"deleted": false,
"disable_correlation": false,
"object_relation": "last-submission",
"timestamp": "1533798032",
"to_ids": false,
"type": "datetime",
"uuid": "cff583ab-81cf-4931-9e02-efee6e425688",
"value": "2018-06-08T09:42:51"
},
{
"category": "External analysis",
"comment": "",
"deleted": false,
"disable_correlation": false,
"object_relation": "permalink",
"timestamp": "1533798032",
"to_ids": false,
"type": "link",
"uuid": "afdf98cf-250a-4bf1-88f6-f32f02c67212",
"value": "https://www.virustotal.com/file/ce6821adbd912da5a18313a98009cf37febe68064cc0b7a8a97f14afe35bd54d/analysis/1528450971/"
},
{
"category": "Other",
"comment": "",
"deleted": false,
"disable_correlation": true,
"object_relation": "detection-ratio",
"timestamp": "1533798033",
"to_ids": false,
"type": "text",
"uuid": "d5961cd5-68c6-41ca-afbc-a28d59ebf020",
"value": "0/58"
}
]
},
{
"comment": "",
"deleted": false,
"description": "File object describing a file with meta-information",
"meta-category": "file",
"name": "file",
"template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215",
"template_version": "11",
"timestamp": "1533798036",
"uuid": "75bde069-c661-4ecc-bb80-59a5e42b7df0",
"ObjectReference": [
{
"comment": "",
"object_uuid": "75bde069-c661-4ecc-bb80-59a5e42b7df0",
"referenced_uuid": "28c3b8a6-fa30-4897-ba47-71b6e5cee2ad",
"relationship_type": "analysed-with",
"timestamp": "1533798046",
"uuid": "5b6be69e-d6a4-422f-a4bf-4c4f02de0b81"
}
],
"Attribute": [
{
"category": "Payload delivery",
"comment": "",
"deleted": false,
"disable_correlation": false,
"object_relation": "md5",
"timestamp": "1533798033",
"to_ids": true,
"type": "md5",
"uuid": "5d2283d0-c6b2-4998-a685-d94133c7aece",
"value": "05aa48a9c536ad644a2e91eddf2c0511"
},
{
"category": "Payload delivery",
"comment": "",
"deleted": false,
"disable_correlation": false,
"object_relation": "sha1",
"timestamp": "1533798034",
"to_ids": true,
"type": "sha1",
"uuid": "7762bc4c-ada2-426d-8c68-558de9bf7eef",
"value": "13b95e33a71c6c97ece9c31d4c4d965a8d6eef3e"
},
{
"category": "Payload delivery",
"comment": "",
"deleted": false,
"disable_correlation": false,
"object_relation": "sha256",
"timestamp": "1533798034",
"to_ids": true,
"type": "sha256",
"uuid": "8db47135-30d5-47a8-bfdf-78486fb5f046",
"value": "43ccb893ceb626f1ac76e2021b80bd33ba88fa7afec0b1422ce5a298245c1f14"
}
]
},
{
"comment": "",
"deleted": false,
"description": "VirusTotal report",
"meta-category": "misc",
"name": "virustotal-report",
"template_uuid": "d7dd0154-e04f-4c34-a2fb-79f3a3a52aa4",
"template_version": "2",
"timestamp": "1533798035",
"uuid": "28c3b8a6-fa30-4897-ba47-71b6e5cee2ad",
"Attribute": [
{
"category": "Other",
"comment": "",
"deleted": false,
"disable_correlation": false,
"object_relation": "last-submission",
"timestamp": "1533798035",
"to_ids": false,
"type": "datetime",
"uuid": "cc657ac0-6074-4d5f-bcb6-c36863415c58",
"value": "2018-05-29T11:07:55"
},
{
"category": "External analysis",
"comment": "",
"deleted": false,
"disable_correlation": false,
"object_relation": "permalink",
"timestamp": "1533798036",
"to_ids": false,
"type": "link",
"uuid": "364afdfd-98e7-423c-964d-4f13c2da48d6",
"value": "https://www.virustotal.com/file/43ccb893ceb626f1ac76e2021b80bd33ba88fa7afec0b1422ce5a298245c1f14/analysis/1527592075/"
},
{
"category": "Other",
"comment": "",
"deleted": false,
"disable_correlation": true,
"object_relation": "detection-ratio",
"timestamp": "1533798036",
"to_ids": false,
"type": "text",
"uuid": "fd92c14f-d65a-4e22-bdb2-2245531803e0",
"value": "1/59"
}
]
},
{
"comment": "",
"deleted": false,
"description": "File object describing a file with meta-information",
"meta-category": "file",
"name": "file",
"template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215",
"template_version": "11",
"timestamp": "1533798040",
"uuid": "a2c4ac86-5ae3-46e9-8595-e2578538cde3",
"ObjectReference": [
{
"comment": "",
"object_uuid": "a2c4ac86-5ae3-46e9-8595-e2578538cde3",
"referenced_uuid": "758f58b1-4646-4969-a6bf-c413006a6b0b",
"relationship_type": "analysed-with",
"timestamp": "1533798046",
"uuid": "5b6be69e-c6d4-44c6-8e3f-42d602de0b81"
}
],
"Attribute": [
{
"category": "Payload delivery",
"comment": "",
"deleted": false,
"disable_correlation": false,
"object_relation": "md5",
"timestamp": "1533798037",
"to_ids": true,
"type": "md5",
"uuid": "3ba91454-2994-45f0-9e2a-aeb61f50e34d",
"value": "e5614d2eec5d2b75c5eb26e059932f25"
},
{
"category": "Payload delivery",
"comment": "",
"deleted": false,
"disable_correlation": false,
"object_relation": "sha1",
"timestamp": "1533798037",
"to_ids": true,
"type": "sha1",
"uuid": "35b34a69-728b-4658-b1ba-d5eba1d3437a",
"value": "4c1dde9ca1ef4d2178c83608ced07a48fba11aad"
},
{
"category": "Payload delivery",
"comment": "",
"deleted": false,
"disable_correlation": false,
"object_relation": "sha256",
"timestamp": "1533798038",
"to_ids": true,
"type": "sha256",
"uuid": "031efa99-0fb3-4e2c-99e1-5fc580f338c7",
"value": "eb612537d1c04226ceec5ee2a10800b3d6275b4c641e6b9a2e3671f1c6f2db46"
}
]
},
{
"comment": "",
"deleted": false,
"description": "VirusTotal report",
"meta-category": "misc",
"name": "virustotal-report",
"template_uuid": "d7dd0154-e04f-4c34-a2fb-79f3a3a52aa4",
"template_version": "2",
"timestamp": "1533798038",
"uuid": "758f58b1-4646-4969-a6bf-c413006a6b0b",
"Attribute": [
{
"category": "Other",
"comment": "",
"deleted": false,
"disable_correlation": false,
"object_relation": "last-submission",
"timestamp": "1533798039",
"to_ids": false,
"type": "datetime",
"uuid": "ca6646a6-3c1d-4003-b04f-d1c5a63baabb",
"value": "2018-05-29T11:09:02"
},
{
"category": "External analysis",
"comment": "",
"deleted": false,
"disable_correlation": false,
"object_relation": "permalink",
"timestamp": "1533798039",
"to_ids": false,
"type": "link",
"uuid": "5e2eadca-ed49-4233-8bf4-b891a8175a54",
"value": "https://www.virustotal.com/file/eb612537d1c04226ceec5ee2a10800b3d6275b4c641e6b9a2e3671f1c6f2db46/analysis/1527592142/"
},
{
"category": "Other",
"comment": "",
"deleted": false,
"disable_correlation": true,
"object_relation": "detection-ratio",
"timestamp": "1533798040",
"to_ids": false,
"type": "text",
"uuid": "3caddc2b-8ecd-4d17-8141-26f9ba1599da",
"value": "1/59"
}
]
},
{
"comment": "",
"deleted": false,
"description": "File object describing a file with meta-information",
"meta-category": "file",
"name": "file",
"template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215",
"template_version": "11",
"timestamp": "1533798043",
"uuid": "00487172-a3a6-417e-80b6-0c9ae860ec04",
"ObjectReference": [
{
"comment": "",
"object_uuid": "00487172-a3a6-417e-80b6-0c9ae860ec04",
"referenced_uuid": "1bf1591f-a504-43e1-93e7-8af6576660c2",
"relationship_type": "analysed-with",
"timestamp": "1533798046",
"uuid": "5b6be69e-1de0-4f3d-8b91-4ed002de0b81"
}
],
"Attribute": [
{
"category": "Payload delivery",
"comment": "",
"deleted": false,
"disable_correlation": false,
"object_relation": "md5",
"timestamp": "1533798042",
"to_ids": true,
"type": "md5",
"uuid": "bbbc5866-48c4-46f1-8d75-8649d9f10c45",
"value": "9c289f5db447ac00069b76ff5f8009d1"
},
{
"category": "Payload delivery",
"comment": "",
"deleted": false,
"disable_correlation": false,
"object_relation": "sha1",
"timestamp": "1533798042",
"to_ids": true,
"type": "sha1",
"uuid": "4adbfb52-b659-4893-8a57-02a542560864",
"value": "bf13df7c3b3bc09260616fa3f5a8597ece4f8f8a"
},
{
"category": "Payload delivery",
"comment": "",
"deleted": false,
"disable_correlation": false,
"object_relation": "sha256",
"timestamp": "1533798043",
"to_ids": true,
"type": "sha256",
"uuid": "e833049f-538b-4d25-8691-62a715566c20",
"value": "d57ac96d0d8f2495d3d3dbfc14f258af1e768b577cae8e42038fd34b5877a04f"
}
]
},
{
"comment": "",
"deleted": false,
"description": "VirusTotal report",
"meta-category": "misc",
"name": "virustotal-report",
"template_uuid": "d7dd0154-e04f-4c34-a2fb-79f3a3a52aa4",
"template_version": "2",
"timestamp": "1533798043",
"uuid": "1bf1591f-a504-43e1-93e7-8af6576660c2",
"Attribute": [
{
"category": "Other",
"comment": "",
"deleted": false,
"disable_correlation": false,
"object_relation": "last-submission",
"timestamp": "1533798044",
"to_ids": false,
"type": "datetime",
"uuid": "29b0df80-aa8a-459d-acb5-ccd35ba65ec0",
"value": "2018-05-29T11:07:05"
},
{
"category": "External analysis",
"comment": "",
"deleted": false,
"disable_correlation": false,
"object_relation": "permalink",
"timestamp": "1533798044",
"to_ids": false,
"type": "link",
"uuid": "721fce41-86db-422e-a081-188ac8beccee",
"value": "https://www.virustotal.com/file/d57ac96d0d8f2495d3d3dbfc14f258af1e768b577cae8e42038fd34b5877a04f/analysis/1527592025/"
},
{
"category": "Other",
"comment": "",
"deleted": false,
"disable_correlation": true,
"object_relation": "detection-ratio",
"timestamp": "1533798045",
"to_ids": false,
"type": "text",
"uuid": "6727994d-f7ac-4dc0-a235-7d00f34d7d4e",
"value": "8/59"
}
]
},
{
"comment": "",
"deleted": false,
"description": "File object describing a file with meta-information",
"meta-category": "file",
"name": "file",
"template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215",
"template_version": "11",
"timestamp": "1533798110",
"uuid": "5b6be6de-7464-4d89-b7fc-400b950d210f",
"Attribute": [
{
"category": "Payload delivery",
"comment": "",
"deleted": false,
"disable_correlation": true,
"object_relation": "filename",
"timestamp": "1533798110",
"to_ids": true,
"type": "filename",
"uuid": "5b6be6de-1548-43a7-ab16-4073950d210f",
"value": "MGsCOxPSNK.txt"
},
{
"category": "Other",
"comment": "",
"deleted": false,
"disable_correlation": true,
"object_relation": "state",
"timestamp": "1533798110",
"to_ids": false,
"type": "text",
"uuid": "5b6be6de-13ac-4c96-88db-4c8c950d210f",
"value": "Malicious"
}
]
},
{
"comment": "",
"deleted": false,
"description": "File object describing a file with meta-information",
"meta-category": "file",
"name": "file",
"template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215",
"template_version": "11",
"timestamp": "1533798140",
"uuid": "5b6be6fc-67ac-4106-b483-451d950d210f",
"Attribute": [
{
"category": "Payload delivery",
"comment": "",
"deleted": false,
"disable_correlation": true,
"object_relation": "filename",
"timestamp": "1533798140",
"to_ids": true,
"type": "filename",
"uuid": "5b6be6fc-c5e0-484b-8b46-40e0950d210f",
"value": "tCrrDqBQoCcEkbnK.txt"
},
{
"category": "Other",
"comment": "",
"deleted": false,
"disable_correlation": true,
"object_relation": "state",
"timestamp": "1533798140",
"to_ids": false,
"type": "text",
"uuid": "5b6be6fc-510c-4ccf-96ad-4707950d210f",
"value": "Malicious"
}
]
},
{
"comment": "",
"deleted": false,
"description": "File object describing a file with meta-information",
"meta-category": "file",
"name": "file",
"template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215",
"template_version": "11",
"timestamp": "1533798207",
"uuid": "5b6be73f-c354-4007-a8c1-46d9950d210f",
"Attribute": [
{
"category": "Payload delivery",
"comment": "",
"deleted": false,
"disable_correlation": true,
"object_relation": "filename",
"timestamp": "1533798208",
"to_ids": true,
"type": "filename",
"uuid": "5b6be740-3700-470c-8b56-4e83950d210f",
"value": "cmstp.exe"
},
{
"category": "Other",
"comment": "",
"deleted": false,
"disable_correlation": true,
"object_relation": "state",
"timestamp": "1533798208",
"to_ids": false,
"type": "text",
"uuid": "5b6be740-c6b8-49fd-a53a-4dca950d210f",
"value": "Malicious"
}
]
},
{
"comment": "",
"deleted": false,
"description": "File object describing a file with meta-information",
"meta-category": "file",
"name": "file",
"template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215",
"template_version": "11",
"timestamp": "1533798239",
"uuid": "5b6be75f-a370-422e-8da5-42a6950d210f",
"Attribute": [
{
"category": "Payload delivery",
"comment": "",
"deleted": false,
"disable_correlation": true,
"object_relation": "filename",
"timestamp": "1533798239",
"to_ids": true,
"type": "filename",
"uuid": "5b6be75f-9de4-4ef1-ab57-45ac950d210f",
"value": "robot.txt"
},
{
"category": "Other",
"comment": "",
"deleted": false,
"disable_correlation": true,
"object_relation": "state",
"timestamp": "1533798239",
"to_ids": false,
"type": "text",
"uuid": "5b6be75f-ba3c-466d-9f3f-4480950d210f",
"value": "Malicious"
}
]
},
{
"comment": "",
"deleted": false,
"description": "File object describing a file with meta-information",
"meta-category": "file",
"name": "file",
"template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215",
"template_version": "11",
"timestamp": "1533798263",
"uuid": "5b6be777-e130-4d61-a2e9-4890950d210f",
"Attribute": [
{
"category": "Payload delivery",
"comment": "",
"deleted": false,
"disable_correlation": true,
"object_relation": "filename",
"timestamp": "1533798263",
"to_ids": true,
"type": "filename",
"uuid": "5b6be777-ae88-4fa5-b4c3-4584950d210f",
"value": "KbhpQIcahFCuZwq.sct"
},
{
"category": "Other",
"comment": "",
"deleted": false,
"disable_correlation": true,
"object_relation": "state",
"timestamp": "1533798264",
"to_ids": false,
"type": "text",
"uuid": "5b6be778-cde4-44bd-b044-4e07950d210f",
"value": "Malicious"
}
]
}
]
}
}