2023-04-21 13:25:09 +00:00
|
|
|
{
|
2023-12-14 14:30:15 +00:00
|
|
|
"Event": {
|
|
|
|
"analysis": "0",
|
|
|
|
"date": "2020-02-20",
|
|
|
|
"extends_uuid": "",
|
|
|
|
"info": "Ostap Maldoc Samples",
|
|
|
|
"publish_timestamp": "1593651300",
|
|
|
|
"published": true,
|
|
|
|
"threat_level_id": "3",
|
|
|
|
"timestamp": "1621850668",
|
|
|
|
"uuid": "5e4f0d23-1c64-49fb-8099-4f000a0a020f",
|
|
|
|
"Orgc": {
|
|
|
|
"name": "laskowski-tech.com",
|
|
|
|
"uuid": "5e157d76-c92c-4acd-a54e-4a01950d210f"
|
|
|
|
},
|
|
|
|
"Tag": [
|
|
|
|
{
|
|
|
|
"colour": "#bf0dcc",
|
2024-04-05 12:15:17 +00:00
|
|
|
"local": false,
|
2023-12-14 14:30:15 +00:00
|
|
|
"name": "maldoc",
|
|
|
|
"relationship_type": ""
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"colour": "#a5de2c",
|
2024-04-05 12:15:17 +00:00
|
|
|
"local": false,
|
2023-12-14 14:30:15 +00:00
|
|
|
"name": "ostap",
|
|
|
|
"relationship_type": ""
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"colour": "#ffffff",
|
2024-04-05 12:15:17 +00:00
|
|
|
"local": false,
|
2023-12-14 14:30:15 +00:00
|
|
|
"name": "tlp:white",
|
|
|
|
"relationship_type": ""
|
|
|
|
}
|
|
|
|
],
|
|
|
|
"Attribute": [
|
|
|
|
{
|
|
|
|
"category": "Network activity",
|
|
|
|
"comment": "",
|
|
|
|
"deleted": false,
|
|
|
|
"disable_correlation": false,
|
|
|
|
"timestamp": "1582239196",
|
|
|
|
"to_ids": true,
|
|
|
|
"type": "ip-dst",
|
|
|
|
"uuid": "5e4f0dc5-6ddc-4e69-9052-477f0a0a020f",
|
|
|
|
"value": "185.130.104.182",
|
|
|
|
"Tag": [
|
|
|
|
{
|
|
|
|
"colour": "#e200a3",
|
2024-04-05 12:15:17 +00:00
|
|
|
"local": false,
|
2023-12-14 14:30:15 +00:00
|
|
|
"name": "kill-chain:Command and Control",
|
|
|
|
"relationship_type": ""
|
|
|
|
}
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"category": "Artifacts dropped",
|
|
|
|
"comment": "",
|
|
|
|
"deleted": false,
|
|
|
|
"disable_correlation": false,
|
|
|
|
"timestamp": "1582239313",
|
|
|
|
"to_ids": false,
|
|
|
|
"type": "text",
|
|
|
|
"uuid": "5e4f0e51-3978-4464-91d4-43bb0a0a020f",
|
|
|
|
"value": "%APPDATA%\\Microsoft\\fromyesterday.isawyou.jse"
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"category": "Network activity",
|
|
|
|
"comment": "",
|
|
|
|
"deleted": false,
|
|
|
|
"disable_correlation": false,
|
|
|
|
"timestamp": "1582242861",
|
|
|
|
"to_ids": true,
|
|
|
|
"type": "hostname",
|
|
|
|
"uuid": "5e4f1c2d-72dc-4cd5-83c1-4c4a0a0a020f",
|
|
|
|
"value": "customer.clientshostname.com"
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"category": "Network activity",
|
|
|
|
"comment": "",
|
|
|
|
"deleted": false,
|
|
|
|
"disable_correlation": false,
|
|
|
|
"timestamp": "1582589304",
|
|
|
|
"to_ids": true,
|
|
|
|
"type": "ip-dst",
|
|
|
|
"uuid": "5e5464ff-03dc-4d5f-8ed5-fca50a0a020f",
|
|
|
|
"value": "185.159.82.47",
|
|
|
|
"Tag": [
|
|
|
|
{
|
|
|
|
"colour": "#e200a3",
|
2024-04-05 12:15:17 +00:00
|
|
|
"local": false,
|
2023-12-14 14:30:15 +00:00
|
|
|
"name": "kill-chain:Command and Control",
|
|
|
|
"relationship_type": ""
|
|
|
|
}
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"category": "External analysis",
|
|
|
|
"comment": "",
|
|
|
|
"deleted": false,
|
|
|
|
"disable_correlation": false,
|
|
|
|
"timestamp": "1582593626",
|
|
|
|
"to_ids": false,
|
|
|
|
"type": "link",
|
|
|
|
"uuid": "5e54765a-c320-47e5-b810-fca60a0a020f",
|
|
|
|
"value": "https://laskowski-tech.com/2020/02/25/ostap-maldocs-with-a-sprinkle-of-jscript/"
|
|
|
|
}
|
|
|
|
],
|
|
|
|
"Object": [
|
|
|
|
{
|
|
|
|
"comment": "",
|
|
|
|
"deleted": false,
|
|
|
|
"description": "File object describing a file with meta-information",
|
|
|
|
"meta-category": "file",
|
|
|
|
"name": "file",
|
|
|
|
"template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215",
|
|
|
|
"template_version": "17",
|
|
|
|
"timestamp": "1582247246",
|
|
|
|
"uuid": "5e4f2d4e-0f98-4113-b717-426e0a0a020f",
|
|
|
|
"Attribute": [
|
|
|
|
{
|
|
|
|
"category": "Payload delivery",
|
|
|
|
"comment": "",
|
|
|
|
"data": "UEsDBBQACQAIAO0IVVDE8FVKCpkFAACKCgAgABwANjRmYTMzYWNkNjNlOWY5M2ViNjNhYzg3MTlmNDVmYjVVVAkAA04tT15OLU9edXgLAAEEIQAAAAQhAAAASXKirFQFgzSZW7h9YVknBOdlI8FpJmzX+A0Qm3qDug8zpmYeT2+eAPhYlMfhE9RRViGCYLupNKXHweqhu4OSRtp6MP/4ZSWh+LNVhP+FPd/wcmhReh8LfO7TNDHmvd7aYCNspPjZUaI0mWmWBY9XeRhDegcHxQofAF4kCoYX7JJs4H5h2DB9RtklBQId4PH9rveEj4OQxx9p3wuQJnw51jpjLM2ub9Hvw3MyrhbVUS3gITjMybsCThqGyznsBpIR/NzhbdTgvN3PZ6KAP7/jB/3/UvXOd4ryZhD89MSkCRCJdxbUCZN6vEKyNbhuUGYxdkn8Lad/j6l72ThgmdHKP3wJq1kT7BRrzYx3pkLZIbv3H2VwMqqQchOKI6PWi/TXksGaXuccUlaEuLoAw7MD4Zo91mSXriqPg/pP4EVvF6XyiS7IQlfbEEqy6LwcDwtOzvzuz8wF60n+qhZv3HnTddpvaHloUV2A+CdSdozGUms5Aym/FRhq0FhypW8kOoi4kM1mhbWRKLOK3aagPD3WTTm10wiOBsW5T6/CcvT2mv5ycqMG8qtxnJep7cNpRR0CP9vWDrp0FLI36Bq9sCmS6qG196H2qUY2hm6BLnTg0LfDcFQyDnyBHJsFe57M4XAZ9GMnHkwk/KoMTz64rqy8/c0aeOKHZ7Y8LVbLbesSR/vYiOt2XEnOMwp9fb9pS6LgsmS7c/QJ38Ky9cA4X/EUcNTF4aDZkDhk7CN3sWAINJjZMEhs0q9x681uGEGYNIi0h61OEboDknKhTVJcSvQA2z44CDPdHHGJwVyPTXijky8JUhbXEG5JiZ70kE6E7GAIImRl2MK/Q9UoTwToCNJxF4UlRCGHzXuhE0bi7UYKvirI0n6FTRbywnZFMVCf2g7tKsawgQFCllEKMa7xoneqr6h9IqwUaAVc5SJpKkXzB0ADnUMhLRio52elymGzAdivxxPZ75idagspbhnB4Sv4qTY7d4hOStoq70XLi6t7sWsImuIwtwkF0MsKHNwprkkwofzJ9Jup8DHIvDh9r4w2Y8ziL/3ctYu+CMG612MWz4aE0jnhxVmAi3obpYqD9ST5HDoq7h5/eJSimK2JjSBwXvX/kztZPz1udwa8rtw2SHbLBBPShPtwez2rADFyRn0a1VVWQT0lxMBpe0yd5309LmShPfjzPerpAFgJKBaaCjnono171RjFPOZiDJPzCzjyIarJ5HKhO8Qeq4y8P3pIzh3w3NexZQn4E2L/6q+KuRskDXpIoJAQcfTh2C5lpdzlw28rlg2FNPvPaclzr7c7x8JrJTjy9kx/U7bJbNgmdkb0QJHzolnoiKzhRf2D2SjjbMdXfJj3UymiFOSeUqVubT4Ss2S2FnE1ry2k6kcM6OgkPoakk3R82sFWwVFy+K+DtfiQCP9LFpO15lo3WIJqreH2xphgxdPkvSq+YOfl/+oFFgsK9oUecJbT+9h2iUyGfI5nqKs+aE7YkDFpUjZEKcBKpK+M9VSIoyJ2W612lW3MGiMk4QJbyQkDDv7IdkyqmR/iHi7aJoUxwUbkBpiApBMWNaXOEumsOmoai6V0ZF2eYE5t+WsrXeYeMk9u3PmmlyrRJ/BmPYy2pyY2HiHfjNY0hAc1KDlaSNcGR7oOeZK0ouuEzXah+Gej5yyKBoLjfwFkGHUOzeQYYOZ2gNOb5sP96LdhC7QCCjb/BAP36Ao6OZgjjZL3t3nmKiAzcjsfa23Z/p1V/+rH2HUBTdayrS+XtGSJ8e7KYtmQYGDs58s6krSDuNaSOC/ldS/65h21gZBtYms4LWJW/JeA0t/TMCpNJibVGq532GAxC0liBGcz6zG6PSgLR0il9ZS7r++da2vIA7ZHVBoDjUfjEPPHfvNptmyHBLDjD+8b5aybfBLZUP7KKUvcvsuL67qrDdiG9YRkSm/5bOMcH+CliXVLZbvit+0b4WXNip0hL4O4+fJ3CLfRSIVpeDQHuro4aodrUgJaD95kV4YY+ZHEz3uU5XtDoUgVTZZEaZ+iFNciIU8UXWhFqrJqLDUbZqnsbk9g4AdXpn5qNxpb4MjuUi5//agiaOjbwTAy52vg98ccyvsMKL4zCfUf5yrWIqtoW/e38ud3CKi/X13rLR+Kr2FAvd0mM9dO/gKo0kAOa5FzaEkJvftRFI/1fFCMwKoGrNOg03qnuk8BwNXyayU5BKoTEZny0fPglZ84H8lozp5mrkdZoTlBzHXN4rxL3A9UID20ozENVHC5e+ct1B3usTFi7oI2sv8N6g7Y/KlxXRjy4G/HUMIeaZ+op1oAaLZp5hamaoFGdyOpOaQ1ejz7oqVk9HwClfDjUtz6RZt3EoHhKGceDvcfI6VUOypFteUkh+NbURHU773nNgsq6Rko6ZWXQLWu30qJIl/OZo17yZDSqsBJ4Z2B8n4UHjRsld+L9CngZ3nr5o+Jwr6uSI0DpX8jhJgjOlOhrl5CBuEH+TmS04UMRQv1fiaBIXERl46GYj64qq351kkpmnbZpq4rSb24KkCUGwEL2wStXM6zKqJLh6KGLfHFaDIEv9hJjJmdN4D/JPyMnX6jLxVyTVSoZomDa7hpm6ZwlF/MrFZCAM39HxU0kM3Rpl5Ftv2gINIX8E/ULpck6LHsBb8dd8q3QbgVDlag+jO7m6GKF+dtCpcmK++T89o/ujLnbyU7jkqb1Odm9/m2XREERB5XNyAOV8RhmmZjOYkolK2Mr2rWn0xG9kKRPYBFSgr84wJDbnrycGzoj4GQ2wGZTskcSvZc3RMl0rjOKnrSQru4W0PFqvGgSDdWUZVrKKMnMewZmN4bFSFkQ8wi3CdYs6Lz5bvylPpy8JFy+2z7lBLVEYgdJVt2gF2ABH7CLXM5SlVIO1kQCNGay1DnUCc+slzi7Oljn+JoHtRep4numeVB3KjMH5aj4FXrSEGLApZkyBhUOGNSC/H3jR8SADE1fx+3GKucvdjh9fdzTzK/POelNWSMo37QwbCL5mpSOftO4OSWxQFmgDY/xZRJC/fxNFPT1F1m8SpbIjrJh5tfA6ieCYCo90F5BHef1MaMBbSckgqv1gcgKwxhCwEkbSnZNzDsNRzw66lbKObE8Vth7jPP7SBYY5WS9j9KE9oohhCktjtEvWkbGOLa3bcYomUbpz2FiLbP2F51EuOJmo+3C2AIZSqQbtUVAkBgD9LXn0uUdVjMkNVhX8wqBiJJ3R82A8CPiD9jG8WdCf9M7/Q8bOYLdtaJ+YkWfum9FdBTIPXHsTJi1G7Sd7iLd2frlBdgsxGtHxcMQ/rS+UPO8oDnxRhhmt+jAvYEFPWO+yqRhrnLkBWKzM7D+MvZM22nXBUqO7xu51cGW7TJn3pJfI+gZ4lyRcqJ9MTmmhvoKgBRPAaZyv+5PMIU5osTZXI+IvEv9PhjUYdawbOLWzYpvfHeF1ohBgIK26hl5yKjJDGxWFEo/fZyBJYAp0GaaNe/B5SRkd+mojdxOdcaGNlupRABFH/mQRckAJzSxk7Ml45DBHEpGxdCyY/falHx0SMR6/bVQxrLH5+huBHYs4Yd3TlD3zvRwze2XXB9Pv4kGgXtr8EbU+As5w64ny5ImGvMh6BI6SKm76vV3h6FUU0dE65L/l5x9SBix7Fbln4zS1g8WYVBayZHbg+nPEvcsqM0UcGJ1CqPSSaHYwapX6bzw/NqIoB1TRfRxrNwbUC41h7K6YxOWAM+e9CM3NJiKhoI+TM0layaYpD3hbTK12LvnlQKNySnpqKiTxmV5E6zlTC9M85F0OyPRyC5Ycp19wB8zS4LQ+qWeCswxRF9+N61aReCoZzOoqqSSEl+seMXy/lgC1pYeAfJiT45YW2eKhDUvfZDzohhLhJJV6dLR0AJ6nNvXkfffByoBnSDuMvSuaQRyRlxB/CLuMA33VBv7fnm/LPAc3c9p2CdP4cm0UuEyHNVr2PZG1ACmS656/EiqxtS+3
|
|
|
|
"deleted": false,
|
|
|
|
"disable_correlation": false,
|
|
|
|
"object_relation": "malware-sample",
|
|
|
|
"timestamp": "1582247247",
|
|
|
|
"to_ids": true,
|
|
|
|
"type": "malware-sample",
|
|
|
|
"uuid": "5e4f2d4f-abb4-4b3d-9f15-43030a0a020f",
|
|
|
|
"value": "contt-54_19946.doc|64fa33acd63e9f93eb63ac8719f45fb5"
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"category": "Payload delivery",
|
|
|
|
"comment": "",
|
|
|
|
"deleted": false,
|
|
|
|
"disable_correlation": false,
|
|
|
|
"object_relation": "filename",
|
|
|
|
"timestamp": "1582247247",
|
|
|
|
"to_ids": false,
|
|
|
|
"type": "filename",
|
|
|
|
"uuid": "5e4f2d4f-79c8-4fa0-b425-48430a0a020f",
|
|
|
|
"value": "contt-54_19946.doc"
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"category": "Payload delivery",
|
|
|
|
"comment": "",
|
|
|
|
"deleted": false,
|
|
|
|
"disable_correlation": false,
|
|
|
|
"object_relation": "md5",
|
|
|
|
"timestamp": "1582247247",
|
|
|
|
"to_ids": true,
|
|
|
|
"type": "md5",
|
|
|
|
"uuid": "5e4f2d4f-2ca8-4f80-b45d-4e240a0a020f",
|
|
|
|
"value": "64fa33acd63e9f93eb63ac8719f45fb5"
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"category": "Payload delivery",
|
|
|
|
"comment": "",
|
|
|
|
"deleted": false,
|
|
|
|
"disable_correlation": false,
|
|
|
|
"object_relation": "sha1",
|
|
|
|
"timestamp": "1582247247",
|
|
|
|
"to_ids": true,
|
|
|
|
"type": "sha1",
|
|
|
|
"uuid": "5e4f2d4f-d030-4c92-933b-4cae0a0a020f",
|
|
|
|
"value": "3782d79ae1b825f7b323b53a3b97f4244539b81a"
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"category": "Payload delivery",
|
|
|
|
"comment": "",
|
|
|
|
"deleted": false,
|
|
|
|
"disable_correlation": false,
|
|
|
|
"object_relation": "sha256",
|
|
|
|
"timestamp": "1582247247",
|
|
|
|
"to_ids": true,
|
|
|
|
"type": "sha256",
|
|
|
|
"uuid": "5e4f2d4f-dda8-46a0-8f0b-47e90a0a020f",
|
|
|
|
"value": "63b58ab3326e09ff9d4e2cd300c788a7f77cfc5ce6902641a94ab44dd351cd3d"
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"category": "Other",
|
|
|
|
"comment": "",
|
|
|
|
"deleted": false,
|
|
|
|
"disable_correlation": true,
|
|
|
|
"object_relation": "size-in-bytes",
|
|
|
|
"timestamp": "1582247248",
|
|
|
|
"to_ids": false,
|
|
|
|
"type": "size-in-bytes",
|
|
|
|
"uuid": "5e4f2d50-8238-48d0-b015-40090a0a020f",
|
|
|
|
"value": "690688"
|
|
|
|
}
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"comment": "",
|
|
|
|
"deleted": false,
|
|
|
|
"description": "File object describing a file with meta-information",
|
|
|
|
"meta-category": "file",
|
|
|
|
"name": "file",
|
|
|
|
"template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215",
|
|
|
|
"template_version": "17",
|
|
|
|
"timestamp": "1582247276",
|
|
|
|
"uuid": "5e4f2d6c-8084-42d5-a119-48c40a0a020f",
|
|
|
|
"Attribute": [
|
|
|
|
{
|
|
|
|
"category": "Artifacts dropped",
|
|
|
|
"comment": "",
|
|
|
|
"data": "UEsDBBQACQAIAPwIVVDny1J/Xb0AAPJVBQAgABwAM2UwMmNhZWNmZjM0Y2Q5NGZkZmZmNzAwMWI2NTdlZmNVVAkAA2wtT15sLU9edXgLAAEEIQAAAAQhAAAA0Poc5CzjusgqB6sgPve+BALzIGYGAFfyI3yuiIuBg3S/wRPYjbavoR+A5bgGY+8ioHQhyFu2j31IAdHXKjjE7oe/3DO1Zr5BaNKYSGmRkyW1Avp6oyY+rtXqZ6pmowVCqCML7wfqBMGcFqH6dNkwprxvIPfBmDBoXaRjjym8yqrCPmu9p2NYWGI5EOd3E/GBWGeqSCnrQDL8qQzNxhQ2LOtVaS6YAlcXpsgz5vlqOEGEGtEsYDA6LjeNFkKLsvlXbhi1bMk8oOM1biXNeSk1HM9cLJ3G8tR0SgM+arwxjZElKsBjHC/IxgzRJ8WZ14G04dtfCIBwUiUq3QxSMK8FmI4qOSITS/Mr1veI3LExPA6ckYeOATT6t13Np97Bjb0vyk1dQi7Igf5kX17ywi0DrCH6AU9BK3YMAk7WkWkL+K8jek2DN0tyOaXvM68uF8ajbob6CmOBnZVHVE4eAtj355Z5KDwW1mn0lrnrr/WdGWA8O4EQ11iYXPk52xnlpnpvXCQI+ADJCOHT/hkZqHZIdLyWMqWCIUWDdYgC1hjWeMdf2FvQPmJxhOIy4WwJWp3778WDmJcxui3XUs/UNYITPawusGluH5zlS7Hbis59kVT32w2jTnLjVKE+jTcm4eUyvQbykjNt/PZSWr54Lzby8waOq0amB6xguxE8H52V5qZEy4ZmiUSJBo2QhPR6XPMhvlspPzAy2ohcVgjPKjJFZ8w9cqlaSKz5MzfJ7w/vWuxDFkRQCsby7OE8r29IlocS/AN9Doq//TaZv4Dh1HL7N3dFnvYEy3M+bQJSM82htgOfAvMDuD6L3hk/bDQZPQ+dS1k/1RGJ8GecAnXgUyt/TrQ71dYlAQJtOhkI8Cpm3KWhH+NxDi46n5fzsH/3CB3jF6U+TGr3rxbxTTh8rWNibItHPsm7zWPHIrIdST/t4+tKmmPw9+Tb61PxL7engG6WYUqp49mfOxYoLeRToJ4Oq4j1zmTjxJomZEqqUmsWmjD9nF1r3bfl/pjLicx4Kl+cR+BcqJFWg9YbBlUnrtp4K4GMGHSA1xyboYGiLkOHmStJaICzcZj0lstGFVoiBUdogMF6WYnYOrVi+U923rMjTDFDMuGnNX21ijFszORAjEu97hAaHJeB65IO7tMd5dCJ0EJ8x4HECfbhI1obRgfM2gCRgjH0MNEzJQ9Mj5doKnPyW/gbszf9k1dXOV6ydGBlSy5QC/KIORRXOhc4w6X8pm9JnD9STSpwAAMRt8+oTDt/myfmXR13GhOR0rOGl51DX0ECQ2ZC5axePcpj20aTauiOGGBIkrbCBg9usSttMaPEu/haRhWVTtK7kH9BQrPikm6P1ZasGdg3eid56W6kMMpETWjMrcNnTOCdle4i/MOQnx3U+6bDRJBXpDxDkXwtSkLKGm+MLlv04Kf7w6sVouth3nFhYhtQ1IavFiS5e64tCXu0Qq3SFmHIOzvAFaoZ7tzHwz49zeNaF/8wvnhbSRi3IywT9Bl57m53XohxpK8Z3O5Lt1d9hF0lDSKqog9g2aAYHebKOkzuHd74J8EdI5i6FZlhaRRXStsGYjAiSNv9qjqwPQ6o5wVRsOV7QLEWWKeYAnV5VKhtoaeaDJff/iUVRCEOXKnDmUuKkWvwFHqd76ymxOQJakswLCAxjJ/OCcD8ftaCBPFPyBz/TScPCQIMcyi6rMsbTpSYVT7RvVx+xpzvsSnssXnq6qdhAhZ/v69nQvGAr7qevrn+Nq8Hdzzpn5lxfrhptg9exybN1qg3x+940k1+JFHtL8yGWYHoCE4HeJkj5xBki4gNtw2KB3Rp0FDkVi1ORmhDjtFlGCTbWMAHz4BiEFv0ZhCTYRB0xOeIpHn9Oe6xom+UgjKMHz9O9h/QliYjuFfR/J8YiBgWWoafvnL/JxssOKA40B28ASeBBls8igwXbiUG0bSo4pY3JbDKrMPFGsfxZIm0qnWVuF6Qo+iHhgVbgWXp+9CISzOZTl32GY79k1hAz1Vrcpy/ENgLbRhHfcHpBQ8Ilch7LLVLKGxmcO3lL9J/Ija1dwhqXhS0SOaEVP2jGUO+qc+byY4j9gr7CEWVstG3GpT2jFNQTt68k7gCouOXm64bnzgcQUkaUP/yomXLqRDZ7zJyiLmFFSNql4nROSbywHzsketb2hwhlbNbKWH+MImaOURSWWnjEwgYtr3UilPv9QXcc0ZKp2mXEz/2BSWAB0FF7vm9CdgeFoifrIxpMoot89ir1aj82WzW018KrZD+PpxLyOpNWbqwniYjKdbClZAmrrqbWOnwm14Q3aHTyiKm5nKSZc8UI4N6GlTDKJgrY7RJ6lMfbkHIs0OCGhXCSGhT/ugkKCWVqQYfcnT9zDprbCes2YbjOq75s8l0r1HZ0gR6RMn76zp/s2yV6xJGhyqwaDNxBV0tnY2KX0dBJKO1FeGuacSSkfvr+Z1YL62z2Yi1JjNzVXnp1op/MX0NI+5R9YZ9QRueOVkOhceHUNGiLhIle66I8H/3JHPAYtAVfluYClHxOFCzPgvKpwph04dXjCocIcvUX86a9bfNpSMEtJUB17UzCTm93AuHmVAjzS/Gq2rbanxOuYDASb3oe9PA6da+3J9nfWeTRWny0rtLgtdSIeiBAgHsfKLnXeiyJjF73xwTmCQsyuEvU89iwahoBrX68ElaKnF2e2sdDUxPXZZ3uBw7vNdkxDvRLqH0Xs6lvNkLFWxPy2KvIvlUMEP/zpCyl84A58uYwY6ZhPIUURLu+5eO88+k3QIndm60BSC+PN14OYQWqkV/4kuGO5PqPLD1lwjsKwEabP1+FoQyTiYVMMrlvfyR8dClZAd26bE1CQMwYZhykF2/cBIC0Bu2ibrn2j/a/yeySFp1kLN8LAAt2MqTy0RbSr4ZMH8wDFdeRKTK4vkq2DBwiICV1UDlm0HWOLO0v2/XDmIHlClt9kfd5Z1MW4pviX7lGFEkWFmvhn/HbXL8FdT0AGD6fGZobeKOrlfntv/93wIPfJEMEaOwzCJzqxryCiKtkCo4qptXGxPfgBa7n/LU1rGs/JIux9QYwAAbI1RoiSHKPfoerd3Z1AzteW87vXbMONKhQoXgNLYUoKVNjcnOvdYW7pHTswXTD+Xrycnt+KoSlEwt2yxT/Z8ipvv5ldHhW4/8z7MiVYTOG8vBExNevx/RclhK8IewYUdtnJv4G3BVjFCopqK5zMAhKcCgb2s9ah0FwVB7ap2qfZAaBLOoQ0ReqpZ0SlgC5oMaHxxIRSNscD0bf5OyURB+/K8tTWzk/SUi0/l9AuljMXGYGk7QZBniXkiIALN00XUiXRqOPHlhMFqMMI+CHXv7NwJBcQWDdqslRW4k1RgS5EwFWqJfkiL9jjCB2GvbeoSSSjSLIHA0+uBwVmD6CEvK0xKjo+C5ndBsYdzt+oOzfsSTawQAbmnJmQUzQIA/MW0pV8ywZMxbDdLQKavRqqabZq7JwWvRCzDV9r50Urp1lhwxvKBIhhBjgJQKn+0fMug8VQ7J2zuhRJMvkVZzhiq1qamnfdaYrxeiPiEoJVIepXFA09Xr5Cfv12GHEd2AMQ4TipS5jBClKKhsh632xI6IHPpsZiInMWoYLeoUW3JgoMCMhoeT8FMaumVR3WM2hNj+ZRksAexXV+/xD27iOKIJo5eJ3d76BPCOz1dZ1VcWR06TENUVpEMGhVnNlWrwCLyjlCOCuhXAybTCfUeTEHT1kTiRb5HIkUq+Z/W6TWWLmLrDA0RoV+qVgDb42ROm+uGq+QCfJGTGn1RnZeEdZnlBbkmC/dlPjbhqsiNqbrwtbRZnfE/sjxN9NnVsU1eATPPqb6B2edNDIupTOBX+Y9emg7L+2LHyVlqqdkyKZDxgpzRmdqzw6Cv6y5LouKdSpF7y01nGlPs58jm/n76/4TabvYcn1ZDkFBPwHNmtRJ8gTyiks9wQ6J1VtzOXXXTgCB
|
|
|
|
"deleted": false,
|
|
|
|
"disable_correlation": false,
|
|
|
|
"object_relation": "malware-sample",
|
|
|
|
"timestamp": "1582247276",
|
|
|
|
"to_ids": true,
|
|
|
|
"type": "malware-sample",
|
|
|
|
"uuid": "5e4f2d6c-1ffc-421e-805f-45910a0a020f",
|
|
|
|
"value": "fromyesterday.isawyou.jse|3e02caecff34cd94fdfff7001b657efc"
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"category": "Artifacts dropped",
|
|
|
|
"comment": "",
|
|
|
|
"deleted": false,
|
|
|
|
"disable_correlation": false,
|
|
|
|
"object_relation": "filename",
|
|
|
|
"timestamp": "1582247276",
|
|
|
|
"to_ids": false,
|
|
|
|
"type": "filename",
|
|
|
|
"uuid": "5e4f2d6c-f100-4781-90cb-42cc0a0a020f",
|
|
|
|
"value": "fromyesterday.isawyou.jse"
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"category": "Artifacts dropped",
|
|
|
|
"comment": "",
|
|
|
|
"deleted": false,
|
|
|
|
"disable_correlation": false,
|
|
|
|
"object_relation": "md5",
|
|
|
|
"timestamp": "1582247276",
|
|
|
|
"to_ids": true,
|
|
|
|
"type": "md5",
|
|
|
|
"uuid": "5e4f2d6c-52d4-4b75-8e16-468a0a0a020f",
|
|
|
|
"value": "3e02caecff34cd94fdfff7001b657efc"
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"category": "Artifacts dropped",
|
|
|
|
"comment": "",
|
|
|
|
"deleted": false,
|
|
|
|
"disable_correlation": false,
|
|
|
|
"object_relation": "sha1",
|
|
|
|
"timestamp": "1582247276",
|
|
|
|
"to_ids": true,
|
|
|
|
"type": "sha1",
|
|
|
|
"uuid": "5e4f2d6c-3c08-42bc-bdec-431e0a0a020f",
|
|
|
|
"value": "1cc3acba2e482bf0e2dd73ae1121328c4376a0c2"
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"category": "Artifacts dropped",
|
|
|
|
"comment": "",
|
|
|
|
"deleted": false,
|
|
|
|
"disable_correlation": false,
|
|
|
|
"object_relation": "sha256",
|
|
|
|
"timestamp": "1582247276",
|
|
|
|
"to_ids": true,
|
|
|
|
"type": "sha256",
|
|
|
|
"uuid": "5e4f2d6c-dbd8-4b60-95d8-47fc0a0a020f",
|
|
|
|
"value": "d1a19f51e945f757d21d83bf780041f3a381e168a5ba10d17dc871a510bb0166"
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"category": "Other",
|
|
|
|
"comment": "",
|
|
|
|
"deleted": false,
|
|
|
|
"disable_correlation": true,
|
|
|
|
"object_relation": "size-in-bytes",
|
|
|
|
"timestamp": "1582247276",
|
|
|
|
"to_ids": false,
|
|
|
|
"type": "size-in-bytes",
|
|
|
|
"uuid": "5e4f2d6c-a3e8-432c-bb38-45500a0a020f",
|
|
|
|
"value": "349682"
|
|
|
|
}
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"comment": "",
|
|
|
|
"deleted": false,
|
|
|
|
"description": "File object describing a file with meta-information",
|
|
|
|
"meta-category": "file",
|
|
|
|
"name": "file",
|
|
|
|
"template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215",
|
|
|
|
"template_version": "17",
|
|
|
|
"timestamp": "1582589269",
|
|
|
|
"uuid": "5e545e5e-0290-4155-bc77-fca70a0a020f",
|
|
|
|
"Attribute": [
|
|
|
|
{
|
|
|
|
"category": "Payload delivery",
|
|
|
|
"comment": "",
|
|
|
|
"data": "UEsDBBQACQAIAMO8WFDaulq/bb0AAPhJBQAgABwAZGRiNGExZDEwYmVlMDU1NzcxM2MyOGRkM2MxM2NjZjlVVAkAA15eVF5eXlRedXgLAAEEIQAAAAQhAAAA8XoZljea99+IjjIJjCieVNOM+GGcaxKl+FfXCa52S5Sej1zTITXvt/zlr5GHxcLKTtqQqX2dN8F5FpeNxqLR0cKx4XJJC+usW+VHV+gNV4B0/c01Ca/QuF90sN6mye7M9Wdi/88fljqwlwQI2aKuGRZ2ggIjebzSQbxS90j/hUALeZUhj2tH3APRhSdt8QbJFW6d1/9r0hL/gin2kKa7YFml5iWQuKQ4V+oATplSM0QDOu62uyWoYiZ5PVpT7+GejfERhnYDslKKHZ1NkfF6aivSXmr6PIsO1ANbFhupJlh2CmMcuAC6pVUDkIgPPmqPHrC6sqp5O4PG23l2pMJMzgzwU+cgB8eAFhMwpuIu4zizO77O4D19im8kky4jlQEMP9QbmtSJIZoCDuSLuGigF7Qodk08WrycN/HbQhhdYa1JGhYmIIACvR4FBD9tCtMCvQ2rax/2YdnLhTkGRK7iePG4tjQ00pZewQC7PxrGIwW92+JJLLs7s5h797o6f86hdOCrZ8obz7jhGoVSFPOSamySZ12oBx/eTxvS8xdvZCYrRBToavOFqdUBE+KptLMN8xvPuk8CbA/9Z/zF2lmxbo035C4O4rvOaG2AKRhj4lRikkuCY4EctX7BA1lLTKpBD5loSFZMk+SIhuZUNA9maVlP3lwDrqjrR/UNRxcd5mLoegDtC/tIsK1nQkpcGxrdHFdblO2uv7dLGtcd0Wbdhsetr7sf5ZtfkHuTeDM41VkBrwkCMHkkOEb0bUzu+OQy8tA7v/Lm83Dxx2255ii3u+xJ3sEof//FmvTEKCWu6pzwFh7j0zz465gsAn/fuXc1tYwf5fBbjeQO3+HLA1xjVyVTjG9hI0abHAZRApYkNl/J/msZ4xy0FCGc+LStcT/UdZDumQa2iWHOWJtWPob0/yoPoG/zNvrLUGPduDrYlR2h7EvwlDcnpB4yScyNTsO3MJqFlu2rMs5dpmEKY0yCXofYmUE3/D9tg8Q3A8klJ3wBgJRuPaFnxXLdtn9dMbZJXw1eoCHIBCNXaklzT/VSmyjIMuArc5wwOPk+4Xc9eB9s2J9s41iISmapg6vi1U7Y2EqLgCic8JaEmniOPr94K2maUBDPXRzISq5Li3xXvDd3A7PCG3AWgE7cc/8fmv1ImJ4ihfuKf/8dGC7b/OeBQnfyc4dpYrME4fZUTu+r/ALHk0GdB3ucOB5Xh2uXbHodbX3lTmB1p2G4mCTQOBz6uR1DyQ+4E8UjKtowIBS0y+4WTv8XepdGh2+zQ127xEJ37fVw9Yc0SwgJBpnUuO2BDq2zN0IbRozSK1uKig2IBZiw3T9BRHnYH1AA4yaPetmBa/Lfo7OCs7pLUOV4DhSVgaOIOGGshacCm5Heoius49KrwqOTbDwhZ7RraqPcOLP/NvheeIZh/iWl9J4eVTud8FjSRfNEFawYl8pEcsCrmsM44DhSl7BQIFCo1194UF/SwTnQLl8ZM3rAV7cyxky+eVoIc1YsV6b/OQBFSsJizNAJ+Be5AUvvOzQUzy4i1VUy9uENiU48WfqV0e39jTeXU6IKJ70Zor1j2J1stAJZaMl+C6f9sg8zNgvRZoKj6QWprwl5BjD0pBlgLiV9pityy3QNtYa0aU2WSG4QqqWIluImBKf9JtlWF1gW6ju1mXIxn7Ae2g33gmUTI+LUivkeqJCItmPJlb4+qkn6ruIwZwN/82te9wun7qp9dlZtXxQprvTnwQC0vb2ovJl+Gcfuxhm4tRQONxLnicxcY4CEbHuE+Xuk2E8J7h/0t8gZqt2Fy076N09zOCj/TpZPajsOjC+OMJdJmZb6WgwwNPtyHAdWhTPca+YpkctZLL+cy7KHiYLIzSKnQHOs/FIo5nsQ+Y/9A6VGANHaTjEMZm3aRGeDrQGxXlJHuE8yix3vJ6h2pOsPxPn7i1/sDZiR5vE3TmddIQjMHO/qBhZH1QzaWzGDktglXUuufprgN+UZ9wm/ArP2kuFXXPxm9KWvWXdRHBvSTf0jJJaotGlP7EAtPEZmAYXmnLcm1PTvoZ+DhKwXtmdh9wp+Fu3sslhCDAs6HJ+R+CAbiy061ScJgAI6alZMl5HlM6NDAVJ9k+4RhkillZPortNGLQPDsWPGb6GC3+g4lZmVUBK4i/3A6EEsczoMVP27oIjiv6QAUeMNXN/aW19xLj1cnQ9/UcNHKSgiW0MsFtu2QRFBDxTD+ITTWSCLGbJ09q3LmTGUOSz9DXJ0c8l/RKbkIQBR6al0BOlYQzPq1sEXYYjKb/HIv4ysHjuQbxiH22GldeZMoDR8Oq5BdfQ+qqtarZxKC53z0gdCHH+TCcLEygZYKoIfcg5X7MWpxPb+IJ/9VJrQ8KJJOkfnW8iJy0hzE2tP4ZEjY+57SijghiWRSt1b+1M4DIwnBfLrs7gFlFOaOy9LSm9amtBOZiHuZPRIlHolYMbuBNxcjE38dFwiZakTud4wnrzkgsIaXCOqJKFhLYVePYmzjut3yklPmKIER+FyfIR7E0AW9l4hluzhw2/0CsVnY7AmsyWmVQfZsDh8gjWnkRNta7QrKxIw0L1YoS189kOpnCSATaI70ERYy4Ecpw+7uHhgWhxo9r+bk1I0KNcX7Njj87ARRClqsEBZVvTj79UZxV7Y8LIxu3CyW43Clc8SOsnEu/1vHvAqh2L2Gjv1FJGbKFR59alEzynwn5OT32nPVgWHIEHfVwHr1WcUNr505tBs1xlHo+SnL/KkzYlxHupQwxKTsGgjkHNhCfSpLoR//GY18DWavkNaWESgqyaQ8edLHKXSuRa7JMy1fEDx593VCWPP8dZ3b4anQu0Eo3eZrXiXMrIPFzofUat/5ksp/OieE/+thIO3S7diqcMBpLm2EwMJUCH5O5rd86Kq0hdwTnBx/sHZ+EuXgex4ytiyeyX48jqkLU3xgFHNQw6IDqNukK03NRuROvos+Ro+9dNkYmB206+UpybgDwRrwHzie1yTKjsoFbxzBe0qRfVCmYEVXyalabvPnSTq89UQGZ1KkC5uO2+ilx+DI+x2+zLKFTehmLFjhm8qeCOXa2s9uAOfqYGksNUKEOJGe+vFkSfBfJNcUL+hDEL+VY0Da3LNknMJdmy/UOmplRc0n2ZtD+6z3xGLfzTev9UKAwLRUu3vJrVW8OZhFk1SO9pQoFiwPvwYOwaVxelNj69vFRpfIEA0F39UPHGS73dKdkAfaoHpq3wXwghfLbecPtfyPpja+ZdsQVUrXGFRFXaMzGbTCOTlRrth5cqKXmw559peKBxHrqxusmtySCXH2BIlX2rykreM7QGq/UBxojVdElcHCZjk0sSfuSAVDOnHme8SEBTUDIzby4+STHr3NQaXW6lGvT+dD+Jd3l2vGfmCf3fT+MDNKYEQBkBQLua+gWOslihGRzv4+L8WRLnFn7xKgsVqH0zFFZAY5+vjvDZnVtcFtr9kgieUJ+urXcSBKdiRqP9rTuHish8oVk9F0T0A66j5FGG+HhiXIOW2pZS13E2Zum6LvicBpE9s1QuxTLdbhtl3+oZJXmgegMiGwdziBlYhx+d5ZXpLck71qVPvep0D7gX4HXLseVxI1uISizzLDWVzXUBsNo0h8DBhkNzXRVTpfyb+aULGzn1/jbLZ1iteh8tW8/srcfqaWNmd3R1oEZRbzM59bFFJK+xn4OTi2uncvbEfL0AtuFB+1CSPfpUi+buCghWrzhFi6RiESQBaOmpYzMKvQT9HCs04k5Rr+W8lIM+UG+QKQyylhOMfz0Yi8/a1vTnTxRllm7ecP5oi+l+EpCqtvX6oBZtSpXvTzMC8sxB0XEz01S3MK9o81Koo5uGpNS0nU32CkiMbk0kveDjpb0cR+YCD/pQwT1J2r0IPsT9ozmSTSZ9S5KnYxqB+Ng3Ya+WuxoGUpL5STp8xSMJiu6y22AOGF1mFSDuI5AOMdOFsHNu7H5nq3H
|
|
|
|
"deleted": false,
|
|
|
|
"disable_correlation": false,
|
|
|
|
"object_relation": "malware-sample",
|
|
|
|
"timestamp": "1582589269",
|
|
|
|
"to_ids": true,
|
|
|
|
"type": "malware-sample",
|
|
|
|
"uuid": "5e545e5e-3008-4ed3-973e-fca70a0a020f",
|
|
|
|
"value": "inv_dec-YL_43366886.doc13131.bat|ddb4a1d10bee0557713c28dd3c13ccf9"
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"category": "Payload delivery",
|
|
|
|
"comment": "",
|
|
|
|
"deleted": false,
|
|
|
|
"disable_correlation": false,
|
|
|
|
"object_relation": "filename",
|
|
|
|
"timestamp": "1582589269",
|
|
|
|
"to_ids": false,
|
|
|
|
"type": "filename",
|
|
|
|
"uuid": "5e545e5f-976c-44ad-a763-fca70a0a020f",
|
|
|
|
"value": "inv_dec-YL_43366886.doc13131.bat"
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"category": "Payload delivery",
|
|
|
|
"comment": "",
|
|
|
|
"deleted": false,
|
|
|
|
"disable_correlation": false,
|
|
|
|
"object_relation": "md5",
|
|
|
|
"timestamp": "1582589269",
|
|
|
|
"to_ids": true,
|
|
|
|
"type": "md5",
|
|
|
|
"uuid": "5e545e5f-414c-415e-b1f0-fca70a0a020f",
|
|
|
|
"value": "ddb4a1d10bee0557713c28dd3c13ccf9"
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"category": "Payload delivery",
|
|
|
|
"comment": "",
|
|
|
|
"deleted": false,
|
|
|
|
"disable_correlation": false,
|
|
|
|
"object_relation": "sha1",
|
|
|
|
"timestamp": "1582589269",
|
|
|
|
"to_ids": true,
|
|
|
|
"type": "sha1",
|
|
|
|
"uuid": "5e545e5f-4394-44ad-80f1-fca70a0a020f",
|
|
|
|
"value": "0dd3a3eddd2118c216c3c7c9eb25e94a151a8f9a"
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"category": "Payload delivery",
|
|
|
|
"comment": "",
|
|
|
|
"deleted": false,
|
|
|
|
"disable_correlation": false,
|
|
|
|
"object_relation": "sha256",
|
|
|
|
"timestamp": "1582589269",
|
|
|
|
"to_ids": true,
|
|
|
|
"type": "sha256",
|
|
|
|
"uuid": "5e545e5f-f268-437d-964a-fca70a0a020f",
|
|
|
|
"value": "4b1ed598f4612b637fbdf7c5f5318582a82f5c53a26638a1b0dbc228d519d721"
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"category": "Other",
|
|
|
|
"comment": "",
|
|
|
|
"deleted": false,
|
|
|
|
"disable_correlation": true,
|
|
|
|
"object_relation": "size-in-bytes",
|
|
|
|
"timestamp": "1582589269",
|
|
|
|
"to_ids": false,
|
|
|
|
"type": "size-in-bytes",
|
|
|
|
"uuid": "5e545e5f-a190-4f89-94b7-fca70a0a020f",
|
|
|
|
"value": "346616"
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"category": "Other",
|
|
|
|
"comment": "",
|
|
|
|
"deleted": false,
|
|
|
|
"disable_correlation": false,
|
|
|
|
"object_relation": "fullpath",
|
|
|
|
"timestamp": "1582589269",
|
|
|
|
"to_ids": false,
|
|
|
|
"type": "text",
|
|
|
|
"uuid": "5e546555-be30-4ff6-942a-473f0a0a020f",
|
|
|
|
"value": "%APPDATA%\\inv_dec-YL_43366886.doc13131.bat"
|
|
|
|
}
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"comment": "",
|
|
|
|
"deleted": false,
|
|
|
|
"description": "File object describing a file with meta-information",
|
|
|
|
"meta-category": "file",
|
|
|
|
"name": "file",
|
|
|
|
"template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215",
|
|
|
|
"template_version": "17",
|
|
|
|
"timestamp": "1582587500",
|
|
|
|
"uuid": "5e545e6c-2b30-443e-b95e-4a6b0a0a020f",
|
|
|
|
"Attribute": [
|
|
|
|
{
|
|
|
|
"category": "Payload delivery",
|
|
|
|
"comment": "",
|
|
|
|
"data": "UEsDBBQACQAIAMq8WFD8R5EoNr0FAADGCgAgABwAODQ0Nzk2ODYzYjFiYzE1MDNiNDNiNTA3MmIyMmU3OWNVVAkAA2xeVF5sXlRedXgLAAEEIQAAAAQhAAAAZ+q1J01RI0vJf+Q3sqyGB8AwNXV5YH1N0YRVOieb8UNVhyZjOtk+XhE7RsM357moc4xJ1L9jRdZYHWlcVBs86d5EhVf8S0UgDsEp9xkZUsmDO1XepdI+82cROWP/30kpNuKa+qdONJSTw/A03UlZUT+oegoFrvufuKRP4ZCSZP4BDOD9Fd36FSgo4FM1Q9ycwJQ0mPOakVmaFlKZ1tw/fBaxHGfG6eHy4S2OCZUiJWtLlSzjtSqWMoD1vjgzUR668+z6cQz6DaPQ70oNhLz6759O4r4VtNFw/xB9TrKYti71XZy9+uOoLCYzswHIVTsbYpbE1XeVonQNapTJ3AZd3BOYVYwZP5PC/tgGXB+LJ73zrIggBxh5DaNscy60u4AcwXc6ZQepm/CRnLWSyng8eWAzFttZcALts18/q8NwE+2u9oxGhTpHelzphdUNuO0VyhAGhM6CPqFuzR130L9t48bCicp5gavjMj6hsf07UQjDjfc34EJVxQoy46S8q/5wXLVFVQGSrgcuSbTEnohye1Hj+NRkVENghYvtNtsx5OdQZuEi0lIMPy98wr/uFF8kAGsL3PHlsRNHE4B0oELxmH2JybyvaiUxQCwB4qs8QSW/rmfDUPWnNtv1+KkzSLE4bm6W9EksWs5sM4wKSjPFLXHCVHcTinB/+myxoBHldJ5CejoH5ZhNIgqD+ueV9CzRM1nDHeRZ6A3Ksp71Wogsgz2dlKtr789DeZFKtaO/+QYYErDWjV0GhzUelMOd7ZqY6DDI6SSI+RjjpDzMkVW1P5uXtDHXiHUdj/blhZE6JKwJ9fGpJL3YI7SdAof5YP1tpx73d13NCABUKWUqlC9EJvrVWLqASkUdzlISquyjswNcPOjCuMiqf4WYbt/L7LgnWm0+/55jwlReba+p02nQbUwiUIFLZFwx31wAp8Qi9mogxh/9/f6bSgP0BbFLbrbjnIuSESuIum/BRSmgvHFJvkK5P/wv9jRufYGfMUYYEGGSx0qBxTRuni3uCuJVDJoklR5HERYWWutENNUTDwXquBLzJfYSdM4CvioZ53HOvzI8KDRa01X0uzANWhislc0UR9EwCpKORdM9EVlc6qujlrgpshOscw35Sqyr3ayAu8fh/2GzXNcpGcVKwn/jTD4bMsdiZEqkwKpWAkufJ+2tSTye7dpse4oPvnT5WBAWLGEHS9Ouvn4oZP3QUrytx2DOYFndH2yj/dMreD0hwtkuQ7PtIDpftkZRfE0q/QvmdZX2SRqegaH1KnG9GI6RCAHN5yiajA1z3TDCdZ+AbtNGwq3WcnUXgcZLMYRFUu1xNN/8tHVdcDQGkkHpZUwBlUZ52AkKt8Zu9D9ZR1V6UR0nB1HeboQAe9uswEoQoxJHw5ur8eOfkKHieeahfKdlRwPAWm40r8X0KUrZA5KKulCzKaI3tOhf+GahjVPPtC9bsHr2eYyK9iLn0vQ0h+Fo7AwMZz2QKmQln3164gkvh1v8FgwTYdfyFUsodXBrJneoY+2jYrPcr3da1bXIx58SYldgLJYGrzPjRX+QZTpbHWMJ1/YbwUgxT6qsjoAVXvNbfnjK6haMJ7/tijaj3y9ZpSRNjg2z+/RlEnNlBVuoqQC8wpLiY13N5/26BgTUcyIz7+00TRngPapQPX0wsTtxRIilS+giBDYXVRj3ijr/Zk5EM0lK9GYbBjYMzLAu08anaXBxWNNEGxbQTyiTbvhyNkt3cJpxWWgQHwCZ+Fwc5Gw42hZKOm9ysq9GkbBk7vGR+eiHKivsztuoz8fq7WSdWzK6Lk+uSHlYmiag3HEe7uB4z9fO/E+i0as3SPqA2jY28wmTPmQHWqglRN6Bne94EG/eMzeWZ/O9vWyn0uKYdaHtdVQ7kDgdj7Gd2wDK1mv/23nDXaQaCNzrTkCn/+8EqDh/i4OfwRKkv98nhqpQy9Dfvg4xM8CJQLjxLn+Vzvw5SW9iDlbjOjL5FsuCaJ9aCh+Xd3k3rQ9LBWnHE21zoB+qrAtd6XbQOy1UWX7mWkT8zqufdlDb13tMyyy08BglO7re1q40HkQE2vZ+NZWBcGgJxmZDhntqvFgVyq6UlHSE+FvebhroD9li5zyPH0vH8T7Op2o8TH3sdk5pIdpGcQVAgTNP9+r2brL2RRlFrtnJExnEDbQ8S0HtNz8RGUkKgRLsN72z1Z01urRMsmFvQ11b14KAPZNwtgOop2DfhrFD+U+kJK+gFrGFFrmZR9rjdQunurgGq32NhcQWbuj1PM9cELq27PWoo138XF+LzifRZQ7wAcX+s57XEotyrTKeSZZ86g/1TKcmA65TKYq+hsoRUPjbuifST6NfqRqbxa8beemNmaNpefS5ZmNlituJ9j/RVDP2bFbwVUkNoPOdVDSd8Qsbv1ovaj61uEJ913+FKX/Dn3sfVgCGvFmDXX5PdafVCahyJVLaQ0Dn2gWtMV43ReWKI7M1hvVHb9IZ92RrBit5v4hwbMu+v/RUEw9HwxfqFRoLK7YwLq//WjSdXUEKZrrxRvPBxK71OvqKAnF89TG1mHgOMWDKccFhndXBkp8tC0n1op8FtqHiI/fedzVwXNuHIN//ABuoNY3eOSqma8e7nRHGfQBwop7xh1jrKMBs0FsUfFjM8+eNA0J8pIfrIF4Oujrl9WZnyqbySS+H0j9wo4AY0Q6p+QkMo/y0vmMiXwLelOaV3xgSoLweA3op7yhP0dU6ejcUz83xnjpVlFpwediEOdtyBoLP3FAHcKNIo5qcybS941jS0WX7Uvr6BNjqWFmWrUl1qOwZGI7mCHaONvsKnGFuH9Uvfrc69U28vONEmOEdhH8AF+1eCqSY7T1vp2W59+/CjHY8eao/ZHr/vkr226UPdAMhRE3Meqt5ChQoSdHcH1osUMCBydl79f5cs406h8ZxQI+6H4JOMsZ/cKfft7ncKUMTRyN7Ug7pwfaIwieVW1aeBDZBbBXa3XvzF3RDssI4/0Xb0PyY27LddULgaULLba232phe9zULJM37cHZI3P+J4sqvS5/yJzXsrhMhqk7WQBwVQcX4UVJYDb7RFNJ/EUatZLbmeLQj64Zzxwcx/KpZBokQgHJU52PaP5z88tj8ufF3SblA97SnFb7UVvCHhGabRUj3CHDVycI5nPIPnQNLVR0NeNzBDzPLDc3fJNqQlw0vIo2sHR9xHcvMgxeu6ItOZbJWlbkSvlHIBPEzYdb+S7stOE86OBEffWnsqGYmleYik8CsnEJqI+kmlESrJJTNOJR67LZEJjW/T1ytsSjoivv2IV+zI2bANTorSpqrfs8JZE7p9Oh4/GBw2DMXzWPXCPtgOFgUdP7C23jjs7o0bPJvjBV/vrBsJB1loXMgygitOSskpI2jvitHZcKqhbse7UascMEaTcvIRyHkZDZAxtD82nU9lPfrDKi2G/xASGlnYYfF/CROi8CEnfG4zRq0ihZa/Qb1t4E5+jUiAnZTnJvWmVVjJVsriEj4o4u2HfGBm+o+u2HTMfVyYmikzy5gJHo3B4N8IP4TRSTLQaDe8po0CyWJAflHwQtZiJuFLMMHP9eXtj0SX5r9JFBzQ/uBpc/CJJJ9EpXhuT/yTqzhURS/J/ACfNqnhR33xMT27ewMNdUDeerJrQAmigAbhLYAcpafnRnxa/m9qaczHDOTKTP/ffQD4z7W7wGA8YeqMnn+RtOidcfOcSMytBcIrbTlr6VtuaDJZ9hPCIdpZTsxpW55ch5/1gGczg+YqeRg7kfOdyymr56ZdLdD1s+RyuEw0jbuj2rzzeccVUlTmIVvwPYw9vlDfJ3ytaABAe8N/yoA0YWXdS+MHlu8h5hCvUWkJnCtYtFW1c80e80EhrmYVAkZ1tqYmjYokor2TmwCmPBntERmqXbZ1d8AMzk6xf+1q6Pmn5p0Rogi3wJnYIBGX3bT2Y7L7j79YB2MhuyykIgwCiJdSzMqRZNNLX
|
|
|
|
"deleted": false,
|
|
|
|
"disable_correlation": false,
|
|
|
|
"object_relation": "malware-sample",
|
|
|
|
"timestamp": "1582587500",
|
|
|
|
"to_ids": true,
|
|
|
|
"type": "malware-sample",
|
|
|
|
"uuid": "5e545e6c-9b4c-45f1-9e45-4a3f0a0a020f",
|
|
|
|
"value": "inv_dec-YL_43366886.doc|844796863b1bc1503b43b5072b22e79c"
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"category": "Payload delivery",
|
|
|
|
"comment": "",
|
|
|
|
"deleted": false,
|
|
|
|
"disable_correlation": false,
|
|
|
|
"object_relation": "filename",
|
|
|
|
"timestamp": "1582587501",
|
|
|
|
"to_ids": false,
|
|
|
|
"type": "filename",
|
|
|
|
"uuid": "5e545e6d-7628-4c29-b0d8-4ce50a0a020f",
|
|
|
|
"value": "inv_dec-YL_43366886.doc"
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"category": "Payload delivery",
|
|
|
|
"comment": "",
|
|
|
|
"deleted": false,
|
|
|
|
"disable_correlation": false,
|
|
|
|
"object_relation": "md5",
|
|
|
|
"timestamp": "1582587501",
|
|
|
|
"to_ids": true,
|
|
|
|
"type": "md5",
|
|
|
|
"uuid": "5e545e6d-46b0-4cab-b53e-47fd0a0a020f",
|
|
|
|
"value": "844796863b1bc1503b43b5072b22e79c"
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"category": "Payload delivery",
|
|
|
|
"comment": "",
|
|
|
|
"deleted": false,
|
|
|
|
"disable_correlation": false,
|
|
|
|
"object_relation": "sha1",
|
|
|
|
"timestamp": "1582587501",
|
|
|
|
"to_ids": true,
|
|
|
|
"type": "sha1",
|
|
|
|
"uuid": "5e545e6d-cbec-4337-aa44-4c020a0a020f",
|
|
|
|
"value": "c23a7e5af8cdd4f0f3f84a24a438e4819c8902e6"
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"category": "Payload delivery",
|
|
|
|
"comment": "",
|
|
|
|
"deleted": false,
|
|
|
|
"disable_correlation": false,
|
|
|
|
"object_relation": "sha256",
|
|
|
|
"timestamp": "1582587501",
|
|
|
|
"to_ids": true,
|
|
|
|
"type": "sha256",
|
|
|
|
"uuid": "5e545e6d-5efc-42f5-b790-4eb80a0a020f",
|
|
|
|
"value": "c336f01ac4619ec6d85d5e1b0ef9ef77925d7fbd334bafb6568c5370c09fe3df"
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"category": "Other",
|
|
|
|
"comment": "",
|
|
|
|
"deleted": false,
|
|
|
|
"disable_correlation": true,
|
|
|
|
"object_relation": "size-in-bytes",
|
|
|
|
"timestamp": "1582587501",
|
|
|
|
"to_ids": false,
|
|
|
|
"type": "size-in-bytes",
|
|
|
|
"uuid": "5e545e6d-d0ac-4768-9edd-46180a0a020f",
|
|
|
|
"value": "706048"
|
|
|
|
}
|
|
|
|
]
|
|
|
|
}
|
2023-04-21 13:25:09 +00:00
|
|
|
]
|
2023-12-14 14:30:15 +00:00
|
|
|
}
|
2023-04-21 13:25:09 +00:00
|
|
|
}
|