2023-04-21 13:25:09 +00:00
{
2023-12-14 14:30:15 +00:00
"Event" : {
"analysis" : "0" ,
"date" : "2019-02-08" ,
"extends_uuid" : "" ,
"info" : "OSINT - DanaBot updated with new C&C communication" ,
"publish_timestamp" : "1549626595" ,
"published" : true ,
"threat_level_id" : "3" ,
"timestamp" : "1549626558" ,
"uuid" : "5c5d6a71-da60-46ba-bc18-42d4950d210f" ,
"Orgc" : {
"name" : "CIRCL" ,
"uuid" : "55f6ea5e-2c60-40e5-964f-47a8950d210f"
} ,
"Tag" : [
{
"colour" : "#0088cc" ,
2024-04-05 12:15:17 +00:00
"local" : false ,
2023-12-14 14:30:15 +00:00
"name" : "misp-galaxy:banker=\"DanaBot\"" ,
"relationship_type" : ""
} ,
{
"colour" : "#0088cc" ,
2024-04-05 12:15:17 +00:00
"local" : false ,
2023-12-14 14:30:15 +00:00
"name" : "misp-galaxy:malpedia=\"DanaBot\"" ,
"relationship_type" : ""
} ,
{
"colour" : "#004646" ,
2024-04-05 12:15:17 +00:00
"local" : false ,
2023-12-14 14:30:15 +00:00
"name" : "type:OSINT" ,
"relationship_type" : ""
} ,
{
"colour" : "#0071c3" ,
2024-04-05 12:15:17 +00:00
"local" : false ,
2023-12-14 14:30:15 +00:00
"name" : "osint:lifetime=\"perpetual\"" ,
"relationship_type" : ""
} ,
{
"colour" : "#0087e8" ,
2024-04-05 12:15:17 +00:00
"local" : false ,
2023-12-14 14:30:15 +00:00
"name" : "osint:certainty=\"50\"" ,
"relationship_type" : ""
} ,
{
"colour" : "#ffffff" ,
2024-04-05 12:15:17 +00:00
"local" : false ,
2023-12-14 14:30:15 +00:00
"name" : "tlp:white" ,
"relationship_type" : ""
}
] ,
"Attribute" : [
{
"category" : "Network activity" ,
"comment" : "C&C servers used by the new version of DanaBot" ,
"deleted" : false ,
"disable_correlation" : false ,
"timestamp" : "1549626117" ,
"to_ids" : true ,
"type" : "ip-dst" ,
"uuid" : "5c5d6b05-4c10-4a17-8463-4198950d210f" ,
"value" : "84.54.37.102"
} ,
{
"category" : "Network activity" ,
"comment" : "C&C servers used by the new version of DanaBot" ,
"deleted" : false ,
"disable_correlation" : false ,
"timestamp" : "1549626117" ,
"to_ids" : true ,
"type" : "ip-dst" ,
"uuid" : "5c5d6b05-1788-4af2-b0d1-4dd4950d210f" ,
"value" : "89.144.25.243"
} ,
{
"category" : "Network activity" ,
"comment" : "C&C servers used by the new version of DanaBot" ,
"deleted" : false ,
"disable_correlation" : false ,
"timestamp" : "1549626117" ,
"to_ids" : true ,
"type" : "ip-dst" ,
"uuid" : "5c5d6b05-5b50-4f2e-be1c-40d4950d210f" ,
"value" : "89.144.25.104"
} ,
{
"category" : "Network activity" ,
"comment" : "C&C servers used by the new version of DanaBot" ,
"deleted" : false ,
"disable_correlation" : false ,
"timestamp" : "1549626117" ,
"to_ids" : true ,
"type" : "ip-dst" ,
"uuid" : "5c5d6b05-418c-4d37-85a4-49cb950d210f" ,
"value" : "178.209.51.211"
} ,
{
"category" : "Network activity" ,
"comment" : "C&C servers used by the new version of DanaBot" ,
"deleted" : false ,
"disable_correlation" : false ,
"timestamp" : "1549626117" ,
"to_ids" : true ,
"type" : "ip-dst" ,
"uuid" : "5c5d6b05-66c4-4ec8-b52d-43b1950d210f" ,
"value" : "185.92.222.238"
} ,
{
"category" : "Network activity" ,
"comment" : "C&C servers used by the new version of DanaBot" ,
"deleted" : false ,
"disable_correlation" : false ,
"timestamp" : "1549626117" ,
"to_ids" : true ,
"type" : "ip-dst" ,
"uuid" : "5c5d6b05-0de8-48de-961e-4589950d210f" ,
"value" : "192.71.249.51"
} ,
{
"category" : "Network activity" ,
"comment" : "Webinject and redirect servers" ,
"deleted" : false ,
"disable_correlation" : false ,
"timestamp" : "1549626145" ,
"to_ids" : true ,
"type" : "ip-dst" ,
"uuid" : "5c5d6b21-de34-4dde-9244-4e7f950d210f" ,
"value" : "47.74.249.106"
} ,
{
"category" : "Network activity" ,
"comment" : "Webinject and redirect servers" ,
"deleted" : false ,
"disable_correlation" : false ,
"timestamp" : "1549626145" ,
"to_ids" : true ,
"type" : "ip-dst" ,
"uuid" : "5c5d6b21-4928-4656-b206-4d03950d210f" ,
"value" : "95.179.227.160"
} ,
{
"category" : "Network activity" ,
"comment" : "Webinject and redirect servers" ,
"deleted" : false ,
"disable_correlation" : false ,
"timestamp" : "1549626145" ,
"to_ids" : true ,
"type" : "ip-dst" ,
"uuid" : "5c5d6b21-2890-4a6c-8d62-4c45950d210f" ,
"value" : "185.158.249.144"
} ,
{
"category" : "Payload delivery" ,
"comment" : "Win32/TrojanDropper.Danabot.O" ,
"deleted" : false ,
"disable_correlation" : false ,
"timestamp" : "1549626231" ,
"to_ids" : true ,
"type" : "sha1" ,
"uuid" : "5c5d6b77-3c20-4699-8d35-4190950d210f" ,
"value" : "98c70361ea611ba33ee3a79816a88b2500ed7844"
} ,
{
"category" : "Payload delivery" ,
"comment" : "Win32/Spy.Danabot.L" ,
"deleted" : false ,
"disable_correlation" : false ,
"timestamp" : "1549626231" ,
"to_ids" : true ,
"type" : "sha1" ,
"uuid" : "5c5d6b77-a534-47c3-8984-4b58950d210f" ,
"value" : "0df17562844b7a0a0170c9830921c3442d59c73c"
} ,
{
"category" : "Payload delivery" ,
"comment" : "Win64/Spy.Danabot.G" ,
"deleted" : false ,
"disable_correlation" : false ,
"timestamp" : "1549626231" ,
"to_ids" : true ,
"type" : "sha1" ,
"uuid" : "5c5d6b77-15e8-4e3e-b76e-4c49950d210f" ,
"value" : "b816e90e9b71c85539ea3bb897e4f234a0422f85"
} ,
{
"category" : "Payload delivery" ,
"comment" : "Win32/Spy.Danabot.I" ,
"deleted" : false ,
"disable_correlation" : false ,
"timestamp" : "1549626231" ,
"to_ids" : true ,
"type" : "sha1" ,
"uuid" : "5c5d6b77-a27c-4527-a7b0-4a24950d210f" ,
"value" : "5f085b19657d2511a89f3172b7887ce29fc70792"
} ,
{
"category" : "Payload delivery" ,
"comment" : "Win64/Spy.Danabot.F" ,
"deleted" : false ,
"disable_correlation" : false ,
"timestamp" : "1549626231" ,
"to_ids" : true ,
"type" : "sha1" ,
"uuid" : "5c5d6b77-d664-44e7-9e7a-43a3950d210f" ,
"value" : "4075375a08273e65c223116ecd2cef903ba97b1e"
} ,
{
"category" : "Payload delivery" ,
"comment" : "Win32/Spy.Danabot.K" ,
"deleted" : false ,
"disable_correlation" : false ,
"timestamp" : "1549626231" ,
"to_ids" : true ,
"type" : "sha1" ,
"uuid" : "5c5d6b77-78d8-4a6c-a2aa-4672950d210f" ,
"value" : "28139782562b0e4cab7f7885eca75dfca5e1d570"
} ,
{
"category" : "Payload delivery" ,
"comment" : "Win64/Spy.Danabot.C" ,
"deleted" : false ,
"disable_correlation" : false ,
"timestamp" : "1549626231" ,
"to_ids" : true ,
"type" : "sha1" ,
"uuid" : "5c5d6b77-d060-4077-9ee8-4ae1950d210f" ,
"value" : "b1ff7285b49f36fe8d65e7b896fccdb1618eaa4b"
} ,
{
"category" : "Payload delivery" ,
"comment" : "Win32/Spy.Danabot.H" ,
"deleted" : false ,
"disable_correlation" : false ,
"timestamp" : "1549626309" ,
"to_ids" : true ,
"type" : "sha1" ,
"uuid" : "5c5d6bc5-5ce4-41ce-84d8-438a950d210f" ,
"value" : "890b5473b419057f89802e0b6da011b315f3ef94"
} ,
{
"category" : "Payload delivery" ,
"comment" : "Win32/Spy.Danabot.C" ,
"deleted" : false ,
"disable_correlation" : false ,
"timestamp" : "1549626309" ,
"to_ids" : true ,
"type" : "sha1" ,
"uuid" : "5c5d6bc5-44e4-455f-a85b-4619950d210f" ,
"value" : "e50a03d12ddac6ea626718286650b9bb858b2e69"
} ,
{
"category" : "Payload delivery" ,
"comment" : "Win64/Spy.Danabot.E" ,
"deleted" : false ,
"disable_correlation" : false ,
"timestamp" : "1549626309" ,
"to_ids" : true ,
"type" : "sha1" ,
"uuid" : "5c5d6bc5-7b48-4c19-92c8-4ff6950d210f" ,
"value" : "9b0ec454401023df6d3d4903735301ba669aadd1"
} ,
{
"category" : "Payload delivery" ,
"comment" : "Win32/Spy.Danabot.B" ,
"deleted" : false ,
"disable_correlation" : false ,
"timestamp" : "1549626309" ,
"to_ids" : true ,
"type" : "sha1" ,
"uuid" : "5c5d6bc6-1144-4b60-a261-4cec950d210f" ,
"value" : "dbfd8553c66275694fc4b32f9df16adea74145e6"
} ,
{
"category" : "Payload delivery" ,
"comment" : "Win32/Spy.Danabot.D" ,
"deleted" : false ,
"disable_correlation" : false ,
"timestamp" : "1549626310" ,
"to_ids" : true ,
"type" : "sha1" ,
"uuid" : "5c5d6bc6-9d20-4dda-b223-4dc3950d210f" ,
"value" : "e0880dcfcb1724790dfeb7dfe01a5d54b33d80b6"
} ,
{
"category" : "Payload delivery" ,
"comment" : "Win32/Spy.Danabot.G" ,
"deleted" : false ,
"disable_correlation" : false ,
"timestamp" : "1549626310" ,
"to_ids" : true ,
"type" : "sha1" ,
"uuid" : "5c5d6bc6-a804-4ef2-8ead-494d950d210f" ,
"value" : "73a5b0bee8c9fb4703a206608ed277a06aa1e384"
} ,
{
"category" : "External analysis" ,
"comment" : "" ,
"data" : " i V B O R w 0 K G g o A A A A N S U h E U g A A B d w A A A K b C A I A A A B g r d 9 p A A A A A X N S R 0 I A r s 4 c 6 Q A A A A R n Q U 1 B A A C x j w v 8 Y Q U A A A A J c E h Z c w A A D s M A A A 7 D A c d v q G Q A A P + l S U R B V H h e 7 P 0 J n B T V v T f + T + / b z L A M m w H C I u I C c U h + E T X G L W j 8 y a N k M W i 8 i Z A o u Z E 8 L v m J 2 T R i X G 9 M x C c u T 0 x y 1 Q S 8 e Q w S T a K + 8 D G K a w y K / i N j c E M Q u G A E h o F h Z n r f / p / q c 6 Y o u r p 7 u r t O r 3 z e q W C d m u r a u 6 r O t 89 i S 6 f T L U R E R E R E R E R E V F 12 + V 8 i I i I i I i I i I q o i B m W I i I i I i I i I i G q A Q R k i I i I i I i I i o h p g U I a I i I i I i I i I q A Y Y l C E i I i I i I i I i q g E G Z Y i I i I i I i I i I a o B B G S I i I i I i I i K i G m B Q h o i I i I i I i I i o B h i U I S I i I i I i I i K q A Q Z l i I i I i I i I i I h q g E E Z I i I i I i I i I q I a Y F C G i I i I i I i I i K g G G J Q h I i I i I i I i I q o B B m W I i I i I i I i I i G q A Q R k i I i I i I i I i o h p g U I a I i I i I i I i I q A Y Y l C E i I i I i I i I i q g E G Z Y i I i I i I i I i I a o B B G S I i I i I i I i K i G m B Q h o i I i I i I i I i o B h i U I S I i I i I i I i K q A V s 6 n Z a j Z E 3 X P 99 e v + E t m c g Y N 2 b 0 W X N O k w l q O s s f W i X H B u F 0 46 T L B B E R E R E R E V F B D M o o g y z 6 i o f + K B M Z n Z 845 o 5 b r p c J a j p z 5 l 0 g x w b h d O O k y w Q R E R E R E R F R Q a y + R E R E R E R E R E R U A 4 p L y j y 15 v m d u 7 t l I o 9 p U y a P H T N 62 t T J M t 0 s W F L m U M O S M k R E R E R E R G S F 4 q D M V d f e 0 P X P t 2 W i o H F j R n 9 + z q n n z Z v b G g j I S Q 2 O Q Z l D D Y M y R E R E R E R E Z E X N q i / t 3 N 294 q E / f m 3 R 5 S + / 8 p q c R E R E R E R E R E R 0 y K h Z S R m j 71 + 5 m L 0 U E R E R E R E R E d E h p S 4 a + v 3 Z n f e W E c o h I i I i I i I i I m p c F S 8 p 0 / m J Y z p n H m h l Y / O W b T n r K 7 H 5 F S I i I i I i I i I 6 p F Q 8 K L P g w q 8 s v H C + T G R s + m D r z + + 6 F //K9KBf/+I20SXTzt3dT615XkzUiYUMBIMvv/Lay6++jhEkp02Z/J1FCzN/P0DM07XhnZ27dweDIayoNRA4fOokzNw585iTTjhOzpeBmR95bLVMDJo1c0a+5lpzbptorhg7vn7DW3JSxrgxowtUyxKL6trw9uYPtondARyBw7XtPDrfBwscnCzmnrDy7RcO0V+ffWHTlq3Gc4c5sVM4YhiG7CoLBxwfl4lBObdKMG8bzk7WqYHMeXxbLFlsG7Zq3JgxOD6YOWcT0QXOAtaYuXhkTPCsz52adZDFpbV5y1b94hRXjlhj5ydmYFFiurD8oVVybBAWmDWPUeZ0v2NePo5wgQ8W2CNcNk+teQF7JC4hTB87dvRJxx931pxTcx4cIiIiIiIiqis1CMoA5sGcMjFInzPnX9c8thJZ2etvvd2Ymc8qX4N86YqH/mgOshhNmzr5e1csNkYZvrbosqwAATL8N15ztUwc7Jf3Lc9aPnLCv7/vHowU3/sStvOX960wx1aMkKnGATlv3lyZHpTv4MgxgyIDZL+8f3nWbGY5T6IR9uVnd94rE4P0KFsW7P4XLrxYJgZltSuEg4yDiTll2gTHBx8xx3HynQVsIY65cYHGnXr5lddwZrMuA7OszpWK732pmOXjg9+/8jvm0EzOPcL1WeBSx8FZdsvSIUNpREREREREVFu1aVMGuUpz5nPzlm1yLBdkqr/93R9kZWuNxQGQ315y7Y2FIzKw6YOtmE0vqgA5C2jIMZOn1rwgxwZ92RQ3KQyr/tqiywtHZCATuFlujnQoJA7FkBEZmDVzhhzLw3wMQS+TksV8DHEejREZ7DX2vUBEBvDXpbfePuRhFLBADFkL1C8eLASLGjIiAzkDLkPCqotZPk7Et6/8gfHKzGfXrm5cQgUudfFdKHwAiYiIiIiIqOZq1tDv2LHZQZnCechf3rdCjhkcPmWSHGtpyQq1FIAVXX/r7TKRJ6qSMy6DieaNPGvOqXKsCCIOUnxu+ak1z5vryCghDkKRWzJkMCIrqiL8/dXX5djB/vpsdlDGeAx/ed/yIkMt8LM77x0y2LH5g205FzhtilaQBGcECxFTCis7IlP87uB0FHN5YJeHnAczmINfREREREREVFfqovelYuTMhYp8NSDfa47IIBf9/SsX33HL9eZ4AbK1ekGDcWNGmyt6vJwroGCemK9lk3x+fld2eY0hrXjoj8UU4ijVy6+8VuRiiwxGnHT8p+XYIJwR8yowxXymPv85GZQxnhcdTtB3Fi3EeVxw4VfMR/uX9y2XY3nkO+CHT9Uieo8+/qRIDsnYXnWRcJCLj8gI2Nqc8ccydG0YugwUERERERER1VDNgjKbP8iurKRHWAqYNnUycub6MHawDlRWoxtw1pzTRDhGhGYws/zDIGN5DT0ooMtXUkaODTrL9MECckaOTjrhuN/fd8+ax1ZiwIg5fgTmvbPOHGDCsdW3RAw4gN9ZtLDIfcwZnzIfMfMUrFcPipn3FH/69Z23nTdvLs7jwgvnm9v6wQKLjHNhC/UrR7TNjIk5zumc0/7y0AP6QcC4iAcNWYfLzBwwwkpxNeoLx+6YDxquk2LiZWJ3sG3iNJmXs6sCsTwiIiIiIiJSqDZBmUceW23OSBcuiSCCF7/+xW3ImeuDyMznLJHxnUUL5FgGZpZjg/ApfRvMVZDwp6zGVsyZ/3FjRmOrZKII5kIZ+Diy5XrzOhjJ2XitOXBgnfn4jx0zWt8SofMTx5w3b27OOFFO5sNoblbGXHfpy+eeLcdy7emCrx5UOgabZC65U0xDxX956AEcav3K0TvtMh+Hw6dMMq4R4yIeZF5vYdgX82W57JalxuOJc40pMmFQ+Izjstd3RxwQnCbso/zzIHMEkIiIiIiIiOpKDYIyjzy2OmcJgsIBDmPwIou5mgayqeaCA+ZMtV5aJ+faswIKOesuybEiIPNvziQv+Gp2RhpydvKtPIM9bswYOTbo5Vdeu+raG55a87w5TlEkc4Gjrn++bVxazrpL+mE0hsl05oNsDt6Ze+M2wnlfeOF88/UgmC8qXJw/u/Ne64Ew82WJfdHLBOkwxRz2KlzzKBDwm3enmIJmREREREREVFcqHpRB9nL5Q6vEsPTW27+26LKcjYB8/8rFcqx05pz8rl3d+kr1ARPlnwcZM/PmJlGysuXmXHpJ/S6Zq2shX23OosO4MaPNWW7lVVE6Zx4txwy6/vn2z+689wsXXlxeVAK7Y45xGJdjXuZZc07TdzYYDIkRo6yTiMEcsCjcb1dhnZ/IUSnpqUx/TDgOuFbLDoeZQ0X5yoIZ26sWWPOIiIiIiIjoUFD5oMw/317x0B/FgDx5zsYykDMvqdRJFnMuHWvRV6oP5lUboznYgKxQiLFYh7n8SGeuXr0LWL/hLTk2SDQ0m5P5T4ULg5QBx7zA9ouoxNcWXVZqaObzOWowHShh9KipEV9jgzXmQwRZJxGDubKSOSpXPHOtHx0W+8hjq7/93R9cde0NZYRmzNuZrzCLeXrZkSAiIiIiIiJqIDVr6Fd33ry5VorJqNKaqwaTHu4x110qqYnf+nRDrlZmjXbu7l566+1F9hgt5KiJMxib2GRq+mfcmNHmOmVVhm0Y8vLDLnz7uz94qsR+lIiIiIiIiIgKq2VQZtrUyaLjGJmuNXMNJtEq7UAwmFVgpDUQMEcfGg6O/6/vvG3IsMhTa57PWeMsp3Gm/sX1o5ejid9S6n9VDk4lrsMhyz0paWiGiIiIiIiISFeDoAwy7efNm/vrX9yGQUlBCXNxDyx2gaHn7HxDVifHJ51wXFbOfFOm6VlzPZQyKluZN9Lcxo3O3LpKhZpxxf7eccv1OBGFazPl7C0rH2NvSoIocGSuZZZ1GM2HCJuUdcpyDtZLLeGC+f1999x4zdXmWmxGK/5QQt/k5uXs3L1bjh3MfGyzAltERERERETUlCoelBHFEMSAfO+ax1b++he3fWfRQoXZTnM7qdOmTBY9HxcezCGhHDWY/vm2ue6SOe4wJHNUZefu7pyRDkw0NykytpT2a0qFc/
"deleted" : false ,
"disable_correlation" : false ,
"timestamp" : "1549626445" ,
"to_ids" : false ,
"type" : "attachment" ,
"uuid" : "5c5d6c4d-fddc-4889-9442-4da9950d210f" ,
"value" : "Figure5a.png"
} ,
{
"category" : "External analysis" ,
"comment" : "" ,
"deleted" : false ,
"disable_correlation" : false ,
"timestamp" : "1549626519" ,
"to_ids" : false ,
"type" : "link" ,
"uuid" : "5c5d6c97-41a8-4b1b-a0ad-4482950d210f" ,
"value" : "https://www.welivesecurity.com/2019/02/07/danabot-updated-new-cc-communication/"
} ,
{
"category" : "External analysis" ,
"comment" : "" ,
"deleted" : false ,
"disable_correlation" : false ,
"timestamp" : "1549626544" ,
"to_ids" : false ,
"type" : "text" ,
"uuid" : "5c5d6cb0-c3f4-4a8f-a32d-4139950d210f" ,
"value" : "The fast-evolving, modular Trojan DanaBot has undergone further changes, with the latest version featuring an entirely new communication protocol. The protocol, introduced to DanaBot at the end of January 2019, adds several layers of encryption to DanaBot\u00e2\u20ac\u2122s C&C communication.\r\n\r\nBesides the changes in communication, DanaBot\u00e2\u20ac\u2122s architecture and campaign IDs have also been modified.\r\nThe evolution of DanaBot\r\n\r\nAfter being discovered in May 2018 as part of Australia-targeted spam campaigns, DanaBot has had an eventful time since, appearing in malspam campaigns in Poland, Italy, Germany, Austria and Ukraine, as well as in the United States. The European campaigns have seen the Trojan expanding its capabilities with new plugins and spam-sending features.\r\n\r\nIn ESET telemetry on January 25, 2019, we noticed unusual DanaBot-related executables. Upon further inspection, these binaries were, indeed, revealed to be DanaBot variants, but using a different communication protocol to communicate with the C&C server. Starting January 26, 2019, DanaBot operators stopped building binaries with the old protocol."
}
] ,
"Object" : [
{
"comment" : "" ,
"deleted" : false ,
"description" : "File object describing a file with meta-information" ,
"meta-category" : "file" ,
"name" : "file" ,
"template_uuid" : "688c46fb-5edb-40a3-8273-1af7923e2215" ,
"template_version" : "11" ,
"timestamp" : "1549626488" ,
"uuid" : "809364d9-f8ed-485e-92db-60638ead238f" ,
"ObjectReference" : [
{
"comment" : "" ,
"object_uuid" : "809364d9-f8ed-485e-92db-60638ead238f" ,
"referenced_uuid" : "1e3059fc-984b-493e-bc29-fc20bd3b0995" ,
2023-04-21 13:25:09 +00:00
"relationship_type" : "analysed-with" ,
2023-12-14 14:30:15 +00:00
"timestamp" : "1549626489" ,
"uuid" : "5c5d6c79-893c-4d78-a0e3-49ec02de0b81"
}
] ,
"Attribute" : [
{
"category" : "Payload delivery" ,
"comment" : "" ,
"deleted" : false ,
"disable_correlation" : false ,
"object_relation" : "md5" ,
"timestamp" : "1549626489" ,
"to_ids" : true ,
"type" : "md5" ,
"uuid" : "f614a1d9-3a1f-403d-9272-c92647d8a134" ,
"value" : "42ed833c083f6f3815b2e38c30751220"
} ,
{
"category" : "Payload delivery" ,
"comment" : "" ,
"deleted" : false ,
"disable_correlation" : false ,
"object_relation" : "sha1" ,
"timestamp" : "1549626489" ,
"to_ids" : true ,
"type" : "sha1" ,
"uuid" : "f6f8874b-e754-4ca8-8160-fcaefc9a9e13" ,
"value" : "5f085b19657d2511a89f3172b7887ce29fc70792"
} ,
{
"category" : "Payload delivery" ,
"comment" : "" ,
"deleted" : false ,
"disable_correlation" : false ,
"object_relation" : "sha256" ,
"timestamp" : "1549626489" ,
"to_ids" : true ,
"type" : "sha256" ,
"uuid" : "95af90a1-64e5-480a-81d1-12f88ba356a8" ,
"value" : "2b7483856431572f7db06cc34d1deee58fa79b5ca93920107df3822f794d572a"
}
]
} ,
{
"comment" : "" ,
"deleted" : false ,
"description" : "VirusTotal report" ,
"meta-category" : "misc" ,
"name" : "virustotal-report" ,
"template_uuid" : "d7dd0154-e04f-4c34-a2fb-79f3a3a52aa4" ,
"template_version" : "2" ,
"timestamp" : "1549626489" ,
"uuid" : "1e3059fc-984b-493e-bc29-fc20bd3b0995" ,
"Attribute" : [
{
"category" : "Other" ,
"comment" : "" ,
"deleted" : false ,
"disable_correlation" : false ,
"object_relation" : "last-submission" ,
"timestamp" : "1549626489" ,
"to_ids" : false ,
"type" : "datetime" ,
"uuid" : "00879520-be39-4ca6-b9f7-6f01319e2bfc" ,
"value" : "2019-02-08T11:09:24"
} ,
{
"category" : "External analysis" ,
"comment" : "" ,
"deleted" : false ,
"disable_correlation" : false ,
"object_relation" : "permalink" ,
"timestamp" : "1549626489" ,
"to_ids" : false ,
"type" : "link" ,
"uuid" : "d447f1ca-ea38-4c9e-ba11-4eb7d36d7e7e" ,
"value" : "https://www.virustotal.com/file/2b7483856431572f7db06cc34d1deee58fa79b5ca93920107df3822f794d572a/analysis/1549624164/"
} ,
{
"category" : "Other" ,
"comment" : "" ,
"deleted" : false ,
"disable_correlation" : true ,
"object_relation" : "detection-ratio" ,
"timestamp" : "1549626489" ,
"to_ids" : false ,
"type" : "text" ,
"uuid" : "d60b9ed1-315c-484f-9336-4952fae37989" ,
"value" : "33/69"
}
]
} ,
{
"comment" : "" ,
"deleted" : false ,
"description" : "File object describing a file with meta-information" ,
"meta-category" : "file" ,
"name" : "file" ,
"template_uuid" : "688c46fb-5edb-40a3-8273-1af7923e2215" ,
"template_version" : "11" ,
"timestamp" : "1549626489" ,
"uuid" : "a8e983ae-06de-41b1-a289-064ea6badeeb" ,
"ObjectReference" : [
{
"comment" : "" ,
"object_uuid" : "a8e983ae-06de-41b1-a289-064ea6badeeb" ,
"referenced_uuid" : "b74bed56-8cd2-45ce-8d22-8172c7243e6f" ,
2023-04-21 13:25:09 +00:00
"relationship_type" : "analysed-with" ,
2023-12-14 14:30:15 +00:00
"timestamp" : "1549626490" ,
"uuid" : "5c5d6c7a-c60c-4181-b656-44cc02de0b81"
}
] ,
"Attribute" : [
{
"category" : "Payload delivery" ,
"comment" : "" ,
"deleted" : false ,
"disable_correlation" : false ,
"object_relation" : "md5" ,
"timestamp" : "1549626489" ,
"to_ids" : true ,
"type" : "md5" ,
"uuid" : "2a703556-9aa7-423d-816c-8a7d6006c540" ,
"value" : "8c310a91aba32fd60df859896d5a2f2d"
} ,
{
"category" : "Payload delivery" ,
"comment" : "" ,
"deleted" : false ,
"disable_correlation" : false ,
"object_relation" : "sha1" ,
"timestamp" : "1549626489" ,
"to_ids" : true ,
"type" : "sha1" ,
"uuid" : "db5a9bd7-7cd3-4a40-baa9-3fc7c31d70f6" ,
"value" : "0df17562844b7a0a0170c9830921c3442d59c73c"
} ,
{
"category" : "Payload delivery" ,
"comment" : "" ,
"deleted" : false ,
"disable_correlation" : false ,
"object_relation" : "sha256" ,
"timestamp" : "1549626489" ,
"to_ids" : true ,
"type" : "sha256" ,
"uuid" : "14264f90-f437-469c-8281-081ac5b34a0d" ,
"value" : "31fafbc37dd3bc55e4dae9c3ffee48dfb132827a3adf836b33c205c6164fbecf"
}
]
} ,
{
"comment" : "" ,
"deleted" : false ,
"description" : "VirusTotal report" ,
"meta-category" : "misc" ,
"name" : "virustotal-report" ,
"template_uuid" : "d7dd0154-e04f-4c34-a2fb-79f3a3a52aa4" ,
"template_version" : "2" ,
"timestamp" : "1549626489" ,
"uuid" : "b74bed56-8cd2-45ce-8d22-8172c7243e6f" ,
"Attribute" : [
{
"category" : "Other" ,
"comment" : "" ,
"deleted" : false ,
"disable_correlation" : false ,
"object_relation" : "last-submission" ,
"timestamp" : "1549626489" ,
"to_ids" : false ,
"type" : "datetime" ,
"uuid" : "b629437e-6ddd-481e-8507-49843cd47a2b" ,
"value" : "2019-02-08T11:09:24"
} ,
{
"category" : "External analysis" ,
"comment" : "" ,
"deleted" : false ,
"disable_correlation" : false ,
"object_relation" : "permalink" ,
"timestamp" : "1549626489" ,
"to_ids" : false ,
"type" : "link" ,
"uuid" : "c94e94a1-ffed-4b8d-be27-d3560d66f9db" ,
"value" : "https://www.virustotal.com/file/31fafbc37dd3bc55e4dae9c3ffee48dfb132827a3adf836b33c205c6164fbecf/analysis/1549624164/"
} ,
{
"category" : "Other" ,
"comment" : "" ,
"deleted" : false ,
"disable_correlation" : true ,
"object_relation" : "detection-ratio" ,
"timestamp" : "1549626489" ,
"to_ids" : false ,
"type" : "text" ,
"uuid" : "e1fa2f15-90a3-43db-8950-7e7a94753eae" ,
"value" : "42/69"
}
]
} ,
{
"comment" : "" ,
"deleted" : false ,
"description" : "File object describing a file with meta-information" ,
"meta-category" : "file" ,
"name" : "file" ,
"template_uuid" : "688c46fb-5edb-40a3-8273-1af7923e2215" ,
"template_version" : "11" ,
"timestamp" : "1549626489" ,
"uuid" : "11ab22da-a5e0-4a38-8fc3-9f9aaf44346a" ,
"ObjectReference" : [
{
"comment" : "" ,
"object_uuid" : "11ab22da-a5e0-4a38-8fc3-9f9aaf44346a" ,
"referenced_uuid" : "9368ef9c-5fcc-49f5-b13a-258fdafe4b15" ,
2023-04-21 13:25:09 +00:00
"relationship_type" : "analysed-with" ,
2023-12-14 14:30:15 +00:00
"timestamp" : "1549626490" ,
"uuid" : "5c5d6c7a-4d94-4afe-a1ba-482e02de0b81"
}
] ,
"Attribute" : [
{
"category" : "Payload delivery" ,
"comment" : "" ,
"deleted" : false ,
"disable_correlation" : false ,
"object_relation" : "md5" ,
"timestamp" : "1549626489" ,
"to_ids" : true ,
"type" : "md5" ,
"uuid" : "5692a0e4-164e-41b8-b0f1-264ab875f58d" ,
"value" : "6b83c0cd765311d2144f7e7d5885e013"
} ,
{
"category" : "Payload delivery" ,
"comment" : "" ,
"deleted" : false ,
"disable_correlation" : false ,
"object_relation" : "sha1" ,
"timestamp" : "1549626489" ,
"to_ids" : true ,
"type" : "sha1" ,
"uuid" : "0b0b26ba-c301-47ce-8272-d9f14cd5dfce" ,
"value" : "98c70361ea611ba33ee3a79816a88b2500ed7844"
} ,
{
"category" : "Payload delivery" ,
"comment" : "" ,
"deleted" : false ,
"disable_correlation" : false ,
"object_relation" : "sha256" ,
"timestamp" : "1549626489" ,
"to_ids" : true ,
"type" : "sha256" ,
"uuid" : "a7db9263-33a0-4d59-a5ff-937c63674a4e" ,
"value" : "ef613c0b16f054289f1dc9791502306fced588a36183fa4b9625356dbe42af26"
}
]
} ,
{
"comment" : "" ,
"deleted" : false ,
"description" : "VirusTotal report" ,
"meta-category" : "misc" ,
"name" : "virustotal-report" ,
"template_uuid" : "d7dd0154-e04f-4c34-a2fb-79f3a3a52aa4" ,
"template_version" : "2" ,
"timestamp" : "1549626489" ,
"uuid" : "9368ef9c-5fcc-49f5-b13a-258fdafe4b15" ,
"Attribute" : [
{
"category" : "Other" ,
"comment" : "" ,
"deleted" : false ,
"disable_correlation" : false ,
"object_relation" : "last-submission" ,
"timestamp" : "1549626489" ,
"to_ids" : false ,
"type" : "datetime" ,
"uuid" : "c71ec83e-f0b9-4acc-8afe-1922f0069167" ,
"value" : "2019-02-08T11:09:27"
} ,
{
"category" : "External analysis" ,
"comment" : "" ,
"deleted" : false ,
"disable_correlation" : false ,
"object_relation" : "permalink" ,
"timestamp" : "1549626489" ,
"to_ids" : false ,
"type" : "link" ,
"uuid" : "9eb655e9-c49b-4626-baca-84a98b02d581" ,
"value" : "https://www.virustotal.com/file/ef613c0b16f054289f1dc9791502306fced588a36183fa4b9625356dbe42af26/analysis/1549624167/"
} ,
{
"category" : "Other" ,
"comment" : "" ,
"deleted" : false ,
"disable_correlation" : true ,
"object_relation" : "detection-ratio" ,
"timestamp" : "1549626489" ,
"to_ids" : false ,
"type" : "text" ,
"uuid" : "d8dc19bf-e978-45f6-89db-8edb60a7ea37" ,
"value" : "43/70"
}
]
} ,
{
"comment" : "" ,
"deleted" : false ,
"description" : "File object describing a file with meta-information" ,
"meta-category" : "file" ,
"name" : "file" ,
"template_uuid" : "688c46fb-5edb-40a3-8273-1af7923e2215" ,
"template_version" : "11" ,
"timestamp" : "1549626489" ,
"uuid" : "46b1753f-048d-42c6-ad26-3ecc56d33076" ,
"ObjectReference" : [
{
"comment" : "" ,
"object_uuid" : "46b1753f-048d-42c6-ad26-3ecc56d33076" ,
"referenced_uuid" : "07554fd7-f152-4243-805d-c359f5334102" ,
2023-04-21 13:25:09 +00:00
"relationship_type" : "analysed-with" ,
2023-12-14 14:30:15 +00:00
"timestamp" : "1549626490" ,
"uuid" : "5c5d6c7a-4150-419c-865b-487602de0b81"
}
] ,
"Attribute" : [
{
"category" : "Payload delivery" ,
"comment" : "" ,
"deleted" : false ,
"disable_correlation" : false ,
"object_relation" : "md5" ,
"timestamp" : "1549626489" ,
"to_ids" : true ,
"type" : "md5" ,
"uuid" : "4d2d442c-6d82-4da7-a0a7-a81866932629" ,
"value" : "3e63651c8ee9143db65c6c1f12936437"
} ,
{
"category" : "Payload delivery" ,
"comment" : "" ,
"deleted" : false ,
"disable_correlation" : false ,
"object_relation" : "sha1" ,
"timestamp" : "1549626489" ,
"to_ids" : true ,
"type" : "sha1" ,
"uuid" : "008da795-367d-45a5-9e9f-f28dba63d99f" ,
"value" : "4075375a08273e65c223116ecd2cef903ba97b1e"
} ,
{
"category" : "Payload delivery" ,
"comment" : "" ,
"deleted" : false ,
"disable_correlation" : false ,
"object_relation" : "sha256" ,
"timestamp" : "1549626489" ,
"to_ids" : true ,
"type" : "sha256" ,
"uuid" : "56adbf34-d38d-4846-8728-f693ada83a06" ,
"value" : "4054ca079a1c1af7a9531c160be7025930e45e739af847b264ca6a49b0ea0571"
}
]
} ,
{
"comment" : "" ,
"deleted" : false ,
"description" : "VirusTotal report" ,
"meta-category" : "misc" ,
"name" : "virustotal-report" ,
"template_uuid" : "d7dd0154-e04f-4c34-a2fb-79f3a3a52aa4" ,
"template_version" : "2" ,
"timestamp" : "1549626489" ,
"uuid" : "07554fd7-f152-4243-805d-c359f5334102" ,
"Attribute" : [
{
"category" : "Other" ,
"comment" : "" ,
"deleted" : false ,
"disable_correlation" : false ,
"object_relation" : "last-submission" ,
"timestamp" : "1549626489" ,
"to_ids" : false ,
"type" : "datetime" ,
"uuid" : "117cbced-d0e7-4fa6-8cf9-1296a2c59163" ,
"value" : "2019-02-08T11:09:24"
} ,
{
"category" : "External analysis" ,
"comment" : "" ,
"deleted" : false ,
"disable_correlation" : false ,
"object_relation" : "permalink" ,
"timestamp" : "1549626489" ,
"to_ids" : false ,
"type" : "link" ,
"uuid" : "4602b191-b961-4bb4-9acd-9a09b91bc4f8" ,
"value" : "https://www.virustotal.com/file/4054ca079a1c1af7a9531c160be7025930e45e739af847b264ca6a49b0ea0571/analysis/1549624164/"
} ,
{
"category" : "Other" ,
"comment" : "" ,
"deleted" : false ,
"disable_correlation" : true ,
"object_relation" : "detection-ratio" ,
"timestamp" : "1549626489" ,
"to_ids" : false ,
"type" : "text" ,
"uuid" : "3c574c96-6ad6-47c2-b95c-aa1fa77c96b2" ,
"value" : "29/69"
}
]
}
2023-04-21 13:25:09 +00:00
]
2023-12-14 14:30:15 +00:00
}
2023-04-21 13:25:09 +00:00
}