2023-04-21 13:25:09 +00:00
{
2023-12-14 14:30:15 +00:00
"Event" : {
"analysis" : "0" ,
"date" : "2022-06-01" ,
"extends_uuid" : "" ,
"info" : "OSINT - First Exploitation of Follina Seen in the Wild" ,
"publish_timestamp" : "1654068983" ,
"published" : true ,
"threat_level_id" : "1" ,
"timestamp" : "1654068974" ,
"uuid" : "63a9a6fa-f518-4591-9dbe-d0bb0f0ea588" ,
"Orgc" : {
"name" : "CIRCL" ,
"uuid" : "55f6ea5e-2c60-40e5-964f-47a8950d210f"
} ,
"Tag" : [
{
"colour" : "#004646" ,
2024-04-05 12:15:17 +00:00
"local" : false ,
2023-12-14 14:30:15 +00:00
"name" : "type:OSINT" ,
"relationship_type" : ""
} ,
{
"colour" : "#0071c3" ,
2024-04-05 12:15:17 +00:00
"local" : false ,
2023-12-14 14:30:15 +00:00
"name" : "osint:lifetime=\"perpetual\"" ,
"relationship_type" : ""
} ,
{
"colour" : "#ffffff" ,
2024-04-05 12:15:17 +00:00
"local" : false ,
2023-12-14 14:30:15 +00:00
"name" : "tlp:white" ,
"relationship_type" : ""
}
] ,
"Object" : [
{
"comment" : "" ,
"deleted" : false ,
"description" : "Metadata used to generate an executive level report" ,
"meta-category" : "misc" ,
"name" : "report" ,
"template_uuid" : "70a68471-df22-4e3f-aa1a-5a3be19f82df" ,
"template_version" : "5" ,
"timestamp" : "1654067911" ,
"uuid" : "720e9bd3-147a-4de6-8f78-3cebf19df900" ,
"ObjectReference" : [
{
"comment" : "" ,
"object_uuid" : "720e9bd3-147a-4de6-8f78-3cebf19df900" ,
"referenced_uuid" : "f02c6f09-7ff7-4ac1-a87c-d5c3ee629c67" ,
2023-04-21 13:25:09 +00:00
"relationship_type" : "references" ,
2023-12-14 14:30:15 +00:00
"timestamp" : "1654067911" ,
"uuid" : "bcdd0800-f01d-4e94-96ff-b6eec2b158e3"
}
] ,
"Attribute" : [
{
"category" : "External analysis" ,
"comment" : "" ,
"deleted" : false ,
"disable_correlation" : false ,
"object_relation" : "link" ,
"timestamp" : "1654067862" ,
"to_ids" : false ,
"type" : "link" ,
"uuid" : "150bbd51-422e-4cae-b403-ccee6a59e9ce" ,
"value" : "https://isc.sans.edu/forums/diary/First+Exploitation+of+Follina+Seen+in+the+Wild/28698/"
} ,
{
"category" : "Other" ,
"comment" : "" ,
"deleted" : false ,
"disable_correlation" : false ,
"object_relation" : "summary" ,
"timestamp" : "1654067862" ,
"to_ids" : false ,
"type" : "text" ,
"uuid" : "99038964-fa61-49fd-b511-38cb23687a8b" ,
"value" : "For a few days, \"Follina\" is generating a lot of noise on the Internet, check our yesterday diary[1] about this new vulnerability if you need more details. It was time to hunt for some samples. For this purpose, I created a simple YARA rule on VT:"
}
]
} ,
{
"comment" : "https://isc.sans.edu/forums/diary/First+Exploitation+of+Follina+Seen+in+the+Wild/28698/" ,
"deleted" : false ,
"description" : "An object describing a YARA rule (or a YARA rule name) along with its version." ,
"meta-category" : "misc" ,
"name" : "yara" ,
"template_uuid" : "b5acf82e-ecca-4868-82fe-9dbdf4d808c3" ,
"template_version" : "5" ,
"timestamp" : "1654067893" ,
"uuid" : "f02c6f09-7ff7-4ac1-a87c-d5c3ee629c67" ,
"Attribute" : [
{
"category" : "Other" ,
"comment" : "" ,
"deleted" : false ,
"disable_correlation" : true ,
"object_relation" : "context" ,
"timestamp" : "1654067893" ,
"to_ids" : false ,
"type" : "text" ,
"uuid" : "c5f4d50d-b44d-473f-80dc-f8f331250050" ,
"value" : "all"
} ,
{
"category" : "Payload installation" ,
"comment" : "" ,
"deleted" : false ,
"disable_correlation" : false ,
"object_relation" : "yara" ,
"timestamp" : "1654067893" ,
"to_ids" : true ,
"type" : "yara" ,
"uuid" : "edd3bc7d-badf-47ad-bad1-94fc84344464" ,
"value" : "import \"vt\"\r\nrule hunt_0day_msdt\r\n{\r\n strings:\r\n $s1 = \"!\\\" TargetMode=\\\"External\\\"/>\" nocase wide ascii\r\n condition:\r\n new_file and all of ($s*) and vt.metadata.file_type == vt.FileType.DOCX\r\n}"
} ,
{
"category" : "Other" ,
"comment" : "" ,
"deleted" : false ,
"disable_correlation" : false ,
"object_relation" : "yara-rule-name" ,
"timestamp" : "1654067893" ,
"to_ids" : false ,
"type" : "text" ,
"uuid" : "8009c24b-aee1-44a1-b637-02e6b24da59e" ,
"value" : "hunt_0day_msdt"
}
]
} ,
{
"comment" : "" ,
"deleted" : false ,
"description" : "Object describing a section of a Portable Executable" ,
"meta-category" : "file" ,
"name" : "pe-section" ,
"template_uuid" : "198a17d2-a135-4b25-9a32-5aa4e632014a" ,
"template_version" : "3" ,
"timestamp" : "1654068048" ,
"uuid" : "a6a4523b-bbc4-4ef1-9a20-79ccdfe72438" ,
"Attribute" : [
{
"category" : "Other" ,
"comment" : "" ,
"deleted" : false ,
"disable_correlation" : true ,
"object_relation" : "name" ,
"timestamp" : "1654068048" ,
"to_ids" : false ,
"type" : "text" ,
"uuid" : "3354703e-1b68-4e69-b23b-b0f5fd24ab1e" ,
"value" : ".text"
} ,
{
"category" : "Other" ,
"comment" : "" ,
"deleted" : false ,
"disable_correlation" : true ,
"object_relation" : "size-in-bytes" ,
"timestamp" : "1654068048" ,
"to_ids" : false ,
"type" : "size-in-bytes" ,
"uuid" : "47061638-cfb5-48d1-af10-b3cab39ccf40" ,
"value" : "242688"
} ,
{
"category" : "Other" ,
"comment" : "" ,
"deleted" : false ,
"disable_correlation" : true ,
"object_relation" : "entropy" ,
"timestamp" : "1654068048" ,
"to_ids" : false ,
"type" : "float" ,
"uuid" : "e6861033-625c-4206-b251-86af6e752cfe" ,
"value" : "7.986983162408"
} ,
{
"category" : "Payload delivery" ,
"comment" : "" ,
"deleted" : false ,
"disable_correlation" : false ,
"object_relation" : "md5" ,
"timestamp" : "1654068048" ,
"to_ids" : true ,
"type" : "md5" ,
"uuid" : "eb8773ff-d849-4c4e-81a9-afc42d4ae5aa" ,
"value" : "748d499d87e7ad7fa3ed3b009047819e"
} ,
{
"category" : "Payload delivery" ,
"comment" : "" ,
"deleted" : false ,
"disable_correlation" : false ,
"object_relation" : "sha1" ,
"timestamp" : "1654068048" ,
"to_ids" : true ,
"type" : "sha1" ,
"uuid" : "47263e16-ba87-4f86-af47-f6abe08d2faf" ,
"value" : "6d9480e53cd193a4fb367bb4c8c5488f6ae23e49"
} ,
{
"category" : "Payload delivery" ,
"comment" : "" ,
"deleted" : false ,
"disable_correlation" : false ,
"object_relation" : "sha256" ,
"timestamp" : "1654068048" ,
"to_ids" : true ,
"type" : "sha256" ,
"uuid" : "11aea04e-ba3e-4cc6-8e5c-597f22a4b4cd" ,
"value" : "c0983e2f5fb8af3705f3d15ca5088851268b45f19d8b3af233074577fecd05f2"
} ,
{
"category" : "Payload delivery" ,
"comment" : "" ,
"deleted" : false ,
"disable_correlation" : false ,
"object_relation" : "sha512" ,
"timestamp" : "1654068048" ,
"to_ids" : true ,
"type" : "sha512" ,
"uuid" : "4bdac1ac-ba7c-4a51-861a-be39feeb5b4f" ,
"value" : "ab376927339bccceafb2319943488eafdbeabe5d7fadce124cd533fb800fc35e968541ee748ff3d5c00dbfadd13cf6bf4bf324179cb66487751183d8bb89dc60"
} ,
{
"category" : "Payload delivery" ,
"comment" : "" ,
"deleted" : false ,
"disable_correlation" : false ,
"object_relation" : "ssdeep" ,
"timestamp" : "1654068048" ,
"to_ids" : true ,
"type" : "ssdeep" ,
"uuid" : "b75a1e0c-c396-4174-803c-06641e730e28" ,
"value" : "6144:oS1Y14+vsB/IaggtLnFNvM75DmPYvdP1BGIi20:oS1V1IRgtLnLqcwv1v0"
}
]
} ,
{
"comment" : "" ,
"deleted" : false ,
"description" : "Object describing a section of a Portable Executable" ,
"meta-category" : "file" ,
"name" : "pe-section" ,
"template_uuid" : "198a17d2-a135-4b25-9a32-5aa4e632014a" ,
"template_version" : "3" ,
"timestamp" : "1654068048" ,
"uuid" : "b06c9bdf-72de-482c-b286-a5324007a390" ,
"Attribute" : [
{
"category" : "Other" ,
"comment" : "" ,
"deleted" : false ,
"disable_correlation" : true ,
"object_relation" : "name" ,
"timestamp" : "1654068048" ,
"to_ids" : false ,
"type" : "text" ,
"uuid" : "97587851-4f4f-4ac8-b11b-7acae7bb3380" ,
"value" : ".rsrc"
} ,
{
"category" : "Other" ,
"comment" : "" ,
"deleted" : false ,
"disable_correlation" : true ,
"object_relation" : "size-in-bytes" ,
"timestamp" : "1654068048" ,
"to_ids" : false ,
"type" : "size-in-bytes" ,
"uuid" : "b1bfb102-44ab-4700-9749-618ea1ca7642" ,
"value" : "1536"
} ,
{
"category" : "Other" ,
"comment" : "" ,
"deleted" : false ,
"disable_correlation" : true ,
"object_relation" : "entropy" ,
"timestamp" : "1654068048" ,
"to_ids" : false ,
"type" : "float" ,
"uuid" : "5e539db7-3265-4524-aae9-fb77de740b91" ,
"value" : "4.2376045113149"
} ,
{
"category" : "Payload delivery" ,
"comment" : "" ,
"deleted" : false ,
"disable_correlation" : false ,
"object_relation" : "md5" ,
"timestamp" : "1654068048" ,
"to_ids" : true ,
"type" : "md5" ,
"uuid" : "227afaec-8a65-4097-9595-afcc6e4969f7" ,
"value" : "addbcfbd8863440f69633bc4d4174cc9"
} ,
{
"category" : "Payload delivery" ,
"comment" : "" ,
"deleted" : false ,
"disable_correlation" : false ,
"object_relation" : "sha1" ,
"timestamp" : "1654068048" ,
"to_ids" : true ,
"type" : "sha1" ,
"uuid" : "fa2eaa25-49a8-4297-97ef-54d44aaf1c78" ,
"value" : "e228889c7d51e9c460ec7105076384374c8d111e"
} ,
{
"category" : "Payload delivery" ,
"comment" : "" ,
"deleted" : false ,
"disable_correlation" : false ,
"object_relation" : "sha256" ,
"timestamp" : "1654068048" ,
"to_ids" : true ,
"type" : "sha256" ,
"uuid" : "6d50239a-eba0-4e8c-9490-29ed7f5a3ea5" ,
"value" : "1d5012ef474c7c47eaa5a32c2742914774858a0ca1e1a2cace8267c599f9d3ab"
} ,
{
"category" : "Payload delivery" ,
"comment" : "" ,
"deleted" : false ,
"disable_correlation" : false ,
"object_relation" : "sha512" ,
"timestamp" : "1654068048" ,
"to_ids" : true ,
"type" : "sha512" ,
"uuid" : "214583fa-da7d-496d-a9de-e33874192a78" ,
"value" : "fa4d75afd981d76a68327bcce8e91b6aac7f8bab4af1724c8dfc3754d5ab56ff7b2b3fdcc69a23cb7af0b58a2c36b00f1ee3a9a815d484689345f45b47da6791"
} ,
{
"category" : "Payload delivery" ,
"comment" : "" ,
"deleted" : false ,
"disable_correlation" : false ,
"object_relation" : "ssdeep" ,
"timestamp" : "1654068048" ,
"to_ids" : true ,
"type" : "ssdeep" ,
"uuid" : "0778abde-4334-4b02-8f3a-93aae4b883f3" ,
"value" : "24:1RXs10ytDM4ZhNLAXCzh3f3EPN8q79pdtj+lEbNFjMyi06:1ZsFto4lLzh3vEF7FpfbNtmD"
}
]
} ,
{
"comment" : "" ,
"deleted" : false ,
"description" : "Object describing a section of a Portable Executable" ,
"meta-category" : "file" ,
"name" : "pe-section" ,
"template_uuid" : "198a17d2-a135-4b25-9a32-5aa4e632014a" ,
"template_version" : "3" ,
"timestamp" : "1654068048" ,
"uuid" : "861a5640-fd98-4d32-a63d-ad22fa5d1bbf" ,
"Attribute" : [
{
"category" : "Other" ,
"comment" : "" ,
"deleted" : false ,
"disable_correlation" : true ,
"object_relation" : "name" ,
"timestamp" : "1654068048" ,
"to_ids" : false ,
"type" : "text" ,
"uuid" : "90ca6422-327c-4fbe-b56f-9d097c09c9b7" ,
"value" : ".reloc"
} ,
{
"category" : "Other" ,
"comment" : "" ,
"deleted" : false ,
"disable_correlation" : true ,
"object_relation" : "size-in-bytes" ,
"timestamp" : "1654068048" ,
"to_ids" : false ,
"type" : "size-in-bytes" ,
"uuid" : "386f289b-ce6e-4fbd-9d18-cb41f3c4ee4d" ,
"value" : "512"
} ,
{
"category" : "Other" ,
"comment" : "" ,
"deleted" : false ,
"disable_correlation" : true ,
"object_relation" : "entropy" ,
"timestamp" : "1654068048" ,
"to_ids" : false ,
"type" : "float" ,
"uuid" : "222edd98-6550-4f94-9a15-eede00fcdabd" ,
"value" : "1.5849625007212"
} ,
{
"category" : "Payload delivery" ,
"comment" : "" ,
"deleted" : false ,
"disable_correlation" : false ,
"object_relation" : "md5" ,
"timestamp" : "1654068048" ,
"to_ids" : true ,
"type" : "md5" ,
"uuid" : "2b018411-ebd5-441e-bf7f-161962ce4f6b" ,
"value" : "941e632f8bdd05b1ce847314e9665e5e"
} ,
{
"category" : "Payload delivery" ,
"comment" : "" ,
"deleted" : false ,
"disable_correlation" : false ,
"object_relation" : "sha1" ,
"timestamp" : "1654068048" ,
"to_ids" : true ,
"type" : "sha1" ,
"uuid" : "9c4ef189-d4f9-4686-8cf0-437e66389f34" ,
"value" : "b04baf4c43bf9e82a7973578d0a6fe2923274fb4"
} ,
{
"category" : "Payload delivery" ,
"comment" : "" ,
"deleted" : false ,
"disable_correlation" : false ,
"object_relation" : "sha256" ,
"timestamp" : "1654068048" ,
"to_ids" : true ,
"type" : "sha256" ,
"uuid" : "9986d7d9-7f4d-4f87-ac41-83ac6212460e" ,
"value" : "2dc1777a724b8e416807779ab80c3fd747ecf0b53f1335e2d74a8c30337b69f0"
} ,
{
"category" : "Payload delivery" ,
"comment" : "" ,
"deleted" : false ,
"disable_correlation" : false ,
"object_relation" : "sha512" ,
"timestamp" : "1654068048" ,
"to_ids" : true ,
"type" : "sha512" ,
"uuid" : "039f5eb0-c022-45cf-8e7a-b7a569353152" ,
"value" : "b934d6b5ab72156d37c4e1a461de4f21fb7bd21f1cc06ae0396e4272b99b10fc179caeb864a5346829ffee322bddcf8b57071b8f1401f1a1a8bea5d651268370"
} ,
{
"category" : "Payload delivery" ,
"comment" : "" ,
"deleted" : false ,
"disable_correlation" : false ,
"object_relation" : "ssdeep" ,
"timestamp" : "1654068048" ,
"to_ids" : true ,
"type" : "ssdeep" ,
"uuid" : "9e6b26bc-38ce-4215-9f55-c759d14d713c" ,
"value" : "3:7llGl:Sl"
}
]
} ,
{
"comment" : "" ,
"deleted" : false ,
"description" : "Object describing a Portable Executable" ,
"meta-category" : "file" ,
"name" : "pe" ,
"template_uuid" : "cf7adecc-d4f0-4e88-9d90-f978ee151a07" ,
"template_version" : "5" ,
"timestamp" : "1654068048" ,
"uuid" : "54301995-d1c3-4473-a555-4c3b6b96a95c" ,
"ObjectReference" : [
{
"comment" : "Section 0 of PE" ,
"object_uuid" : "54301995-d1c3-4473-a555-4c3b6b96a95c" ,
"referenced_uuid" : "a6a4523b-bbc4-4ef1-9a20-79ccdfe72438" ,
"relationship_type" : "includes" ,
"timestamp" : "1654068048" ,
"uuid" : "1e5836ac-85b0-442c-b52c-35677e6216db"
} ,
{
"comment" : "Section 1 of PE" ,
"object_uuid" : "54301995-d1c3-4473-a555-4c3b6b96a95c" ,
"referenced_uuid" : "b06c9bdf-72de-482c-b286-a5324007a390" ,
"relationship_type" : "includes" ,
"timestamp" : "1654068048" ,
"uuid" : "d99c553f-798d-446d-8937-f036847c0372"
} ,
{
"comment" : "Section 2 of PE" ,
"object_uuid" : "54301995-d1c3-4473-a555-4c3b6b96a95c" ,
"referenced_uuid" : "861a5640-fd98-4d32-a63d-ad22fa5d1bbf" ,
"relationship_type" : "includes" ,
"timestamp" : "1654068048" ,
"uuid" : "cd92a63f-34cb-42b9-a48a-17e93bce03ed"
}
] ,
"Attribute" : [
{
"category" : "Other" ,
"comment" : "" ,
"deleted" : false ,
"disable_correlation" : true ,
"object_relation" : "type" ,
"timestamp" : "1654068048" ,
"to_ids" : false ,
"type" : "text" ,
"uuid" : "9882d69a-7703-40b6-a281-657278272f91" ,
"value" : "exe"
} ,
{
"category" : "Other" ,
"comment" : "" ,
"deleted" : false ,
"disable_correlation" : true ,
"object_relation" : "entrypoint-address" ,
"timestamp" : "1654068048" ,
"to_ids" : false ,
"type" : "text" ,
"uuid" : "53f50f7b-c61d-4e50-9607-4cd63a4b79eb" ,
"value" : "4212166"
} ,
{
"category" : "Other" ,
"comment" : "" ,
"deleted" : false ,
"disable_correlation" : false ,
"object_relation" : "compilation-timestamp" ,
"timestamp" : "1654068048" ,
"to_ids" : false ,
"type" : "datetime" ,
"uuid" : "b0826390-a8e7-479c-8aad-24308f0c6491" ,
"value" : "2062-12-15T16:16:38+00:00"
} ,
{
"category" : "Payload delivery" ,
"comment" : "" ,
"deleted" : false ,
"disable_correlation" : true ,
"object_relation" : "original-filename" ,
"timestamp" : "1654068048" ,
"to_ids" : true ,
"type" : "filename" ,
"uuid" : "bcdef888-c539-41bc-948d-1f2ca797b651" ,
"value" : "ssapyb.exe"
} ,
{
"category" : "Payload delivery" ,
"comment" : "" ,
"deleted" : false ,
"disable_correlation" : true ,
"object_relation" : "internal-filename" ,
"timestamp" : "1654068048" ,
"to_ids" : true ,
"type" : "filename" ,
"uuid" : "83c6d09d-8359-43b4-b530-05a0b2fcf292" ,
"value" : "ssapyb.exe"
} ,
{
"category" : "Other" ,
"comment" : "" ,
"deleted" : false ,
"disable_correlation" : true ,
"object_relation" : "file-description" ,
"timestamp" : "1654068048" ,
"to_ids" : false ,
"type" : "text" ,
"uuid" : "3e45da00-bc45-468b-9e2d-61f2b7f9f8fa" ,
"value" : "ssapyb"
} ,
{
"category" : "Other" ,
"comment" : "" ,
"deleted" : false ,
"disable_correlation" : true ,
"object_relation" : "file-version" ,
"timestamp" : "1654068048" ,
"to_ids" : false ,
"type" : "text" ,
"uuid" : "753764f7-6ce4-43ad-baec-5dec45d92a2a" ,
"value" : "1.0.0.0"
} ,
{
"category" : "Other" ,
"comment" : "" ,
"deleted" : false ,
"disable_correlation" : true ,
"object_relation" : "lang-id" ,
"timestamp" : "1654068048" ,
"to_ids" : false ,
"type" : "text" ,
"uuid" : "a620a30c-94d4-4f66-a1fc-e0059f3f5e9f" ,
"value" : "000004b0"
} ,
{
"category" : "Other" ,
"comment" : "" ,
"deleted" : false ,
"disable_correlation" : true ,
"object_relation" : "product-name" ,
"timestamp" : "1654068048" ,
"to_ids" : false ,
"type" : "text" ,
"uuid" : "1f8a2173-c5f0-4eba-8cd2-e56001e24787" ,
"value" : "ssapyb"
} ,
{
"category" : "Other" ,
"comment" : "" ,
"deleted" : false ,
"disable_correlation" : true ,
"object_relation" : "product-version" ,
"timestamp" : "1654068048" ,
"to_ids" : false ,
"type" : "text" ,
"uuid" : "b035ae13-47f5-4a51-bbd3-48d26ae5ceda" ,
"value" : "1.0.0.0"
} ,
{
"category" : "Other" ,
"comment" : "" ,
"deleted" : false ,
"disable_correlation" : true ,
"object_relation" : "legal-copyright" ,
"timestamp" : "1654068048" ,
"to_ids" : false ,
"type" : "text" ,
"uuid" : "f8c945ea-15ad-46b1-93c6-637ebde0c1d0" ,
"value" : "Copyright \u00a9 2022"
} ,
{
"category" : "Other" ,
"comment" : "" ,
"deleted" : false ,
"disable_correlation" : true ,
"object_relation" : "number-sections" ,
"timestamp" : "1654068048" ,
"to_ids" : false ,
"type" : "counter" ,
"uuid" : "8a950f1f-53d2-4254-a742-7a303ac72515" ,
"value" : "3"
}
]
} ,
{
"comment" : "" ,
"deleted" : false ,
"description" : "File object describing a file with meta-information" ,
"meta-category" : "file" ,
"name" : "file" ,
"template_uuid" : "688c46fb-5edb-40a3-8273-1af7923e2215" ,
"template_version" : "20" ,
"timestamp" : "1654068048" ,
"uuid" : "cea43a63-c963-41d3-8dac-32db1eda6861" ,
"ObjectReference" : [
{
"comment" : "PE indicators" ,
"object_uuid" : "cea43a63-c963-41d3-8dac-32db1eda6861" ,
"referenced_uuid" : "54301995-d1c3-4473-a555-4c3b6b96a95c" ,
"relationship_type" : "includes" ,
"timestamp" : "1654068048" ,
"uuid" : "c593a409-dba4-43f7-94f8-29ad8f454dbd"
}
] ,
"Attribute" : [
{
"category" : "Payload delivery" ,
"comment" : "" ,
"deleted" : false ,
"disable_correlation" : true ,
"object_relation" : "filename" ,
"timestamp" : "1654068048" ,
"to_ids" : true ,
"type" : "filename" ,
"uuid" : "bd83262d-3f71-48ee-8748-3cd25b585e00" ,
"value" : "3206fe87e2874db37239d64779c1f504cfca528cef8f5c2214f8434b392aa25a"
} ,
{
"category" : "Other" ,
"comment" : "" ,
"deleted" : false ,
"disable_correlation" : true ,
"object_relation" : "size-in-bytes" ,
"timestamp" : "1654068048" ,
"to_ids" : false ,
"type" : "size-in-bytes" ,
"uuid" : "531794d5-dbcd-48c4-a58f-76eae51f104c" ,
"value" : "245248"
} ,
{
"category" : "Other" ,
"comment" : "" ,
"deleted" : false ,
"disable_correlation" : true ,
"object_relation" : "entropy" ,
"timestamp" : "1654068048" ,
"to_ids" : false ,
"type" : "float" ,
"uuid" : "9ad4791f-9de8-4e9d-bfbb-c4a4144b092c" ,
"value" : "7.9694694775347"
} ,
{
"category" : "Payload delivery" ,
"comment" : "" ,
"deleted" : false ,
"disable_correlation" : false ,
"object_relation" : "md5" ,
"timestamp" : "1654068048" ,
"to_ids" : true ,
"type" : "md5" ,
"uuid" : "34234db6-d1a8-4203-bc27-eea5aa3be926" ,
"value" : "ca322dd565f02d6d8c374e220cf8078e"
} ,
{
"category" : "Payload delivery" ,
"comment" : "" ,
"deleted" : false ,
"disable_correlation" : false ,
"object_relation" : "sha1" ,
"timestamp" : "1654068048" ,
"to_ids" : true ,
"type" : "sha1" ,
"uuid" : "4b2d98c8-26b6-4623-b888-889c49a36112" ,
"value" : "e07a5ab133d0e22fbb0a434653bf50a851031001"
} ,
{
"category" : "Payload delivery" ,
"comment" : "" ,
"deleted" : false ,
"disable_correlation" : false ,
"object_relation" : "sha256" ,
"timestamp" : "1654068048" ,
"to_ids" : true ,
"type" : "sha256" ,
"uuid" : "a282ff1d-7e6b-466d-b903-327d7e993c85" ,
"value" : "3206fe87e2874db37239d64779c1f504cfca528cef8f5c2214f8434b392aa25a"
} ,
{
"category" : "Payload delivery" ,
"comment" : "" ,
"deleted" : false ,
"disable_correlation" : false ,
"object_relation" : "sha512" ,
"timestamp" : "1654068048" ,
"to_ids" : true ,
"type" : "sha512" ,
"uuid" : "702fae85-9339-46da-b1d8-feedde6b3369" ,
"value" : "758766ecedc738e0b5a4c2778691e8ea28911a93fd0dc79095119af00f94bc9fe6f14eeb9a39f1cc979b3054f408a562a9d262b93c52135aa22abb173ea18a4e"
} ,
{
"category" : "Payload delivery" ,
"comment" : "" ,
"data" : " U E s D B B Q A C Q A I A J g 6 w V S 5 Q j U U + a g D A A C + A w A g A B w A Y 2 E z M j J k Z D U 2 N W Y w M m Q 2 Z D h j M z c 0 Z T I y M G N m O D A 3 O G V V V A k A A 1 A T l 2 J Q E 5 d i d X g L A A E E I Q A A A A Q h A A A A t a B 5 o v a U e f V N D t O 2 A V S A w k Y 7 K w j X t r h U J v o O I x 6 Y h H 7 L u 8 D / x Y P t p d T o 1 T h s T i m Z o m 1 H P y V H T y z o B 69 Y q K 1 W H F T D + 4 O k F X G g S M Z m K V o i G q x m u I 7 y + n f Z s d N J Y d k L n 2 C N 77 T C 3 i u z V C j p 88 K g Z R U b m Z y m F I e R z J l V w i D 1E6 P w F H z T I X m a U E l P L Y Q p A d j C Y v N t N j D + X H n K F s h 0 Q N W s t p t r S D A y q 4 a z d X K r z V Y X U i 6 N W W Y Z q u S T K i s m N r c B L J R X J l 6 S C 1 S + e u 20 h z r c 7 o B D R j f v O M f 4 b h E i Z x q L + 9 G d w K j b N L T n M P e 0 B 1 x p P 3 d K S p w M O k 7 G C M z V E 0 C e C w D f f e R 9 x 2 K k t j R m g v m 1 g B e D X l I y P O b l b f C v z c J L 6 g X C w C z 0 I d A j m 6 k g X t e X c J v s h u i T w O H l q R O r I n o I k Q R n d n u v / X 7 H V E Y n k 6 h g s G K Q E 41 u e 1 o g k l d U p t T G 7 z E B a L N x p q C K O f F 4 r y z f b 4 J Z X T B X K G Y v z L U h A q C r S I e W a t l t 99 i O l Z 2 I 5 / j A 7 w Q 3 z s p g b P L S u H V X A 8 P Z j t 9 M F R T 0 5 V 44 M 3 V Y V d V 4 T 2 A r 4 o p q c I x t F O R E Y 6 D F 4 R W 7 o m g x M C O L U m N Z p U a 5 s l v t H y e f h z e n g a i p k U y o N + e P U p 9 S 7 J Z P f + s 7 N B 7 n G A g k M F e m 2 o Y y U 3 S R D u K b c z G G G J M Y K h y m j G 1 F + h I L 28 L + 8 b m 9 q d t / n x H 4 C V N h x b X J X D r 5 D 7 p H + j k A c 4 t A G P 2 F l 9 c 59 T T i l n u K l w + v C h m U R 1 q J G 1 C h S X G y 6 A e O O B k U J e z e + y S 6 t 9 C g W 1 u X 8 z z h t s L 2 u e c j B G d R 6 u f t O c 5 Q w N e R h s x N 1 g W T U + w e H + V F j Y y h d g w k 7 M 9 M 5 R z T o 1 X c L 7 C I R 7 + K p s k J B D V k V + 9 O j 4 A i v B t r c + T z F H P G G 9 W I W 4 U I u j E h G l A V t o w + u x T Q 55 k q U Y S V Q C P f 1 q G W 7 h + 3 j Y V 5 P M z W s I + 4 Q T m B Z 60 q H w p 7 I 5 A n + Y F r t E V I J v x 3 M s 6 U 2 F S I o + k t g S b W p j l y O J u N u 3 h P 2 w A 1 j 5 e N K l s 3 D p A W 95 x W w 1 W N K U U 1 Q D K 1 e D Y a m Z H U 4 c c r t r A 0 V t k 1 n L 1 f / K x u P 7 I t / l c e q B p 19 q f W 7 q E 3 c Q g X B J l X X 0 b B e v y Q m M 2 c T V I W p T N 2 n I k 2 M 6 p / K 0 I h J D E z T X m 6 s h M a h l Q R Q A g + U 8 K K 5 Y G I s Z s 76 W h 4 g N w l 8 g K a P Y R 8 c 5 G B Y L D l 18 Q 1 q i e 2 X v c n X l Y R 150 p a X 8 b Z q X k v s H x V 7 O 6 r X r I j q A j H u M C 2 d t S R c s d s j T v o Q / a J v G 6 D 3 Z X b D I a T z L p T w z 9 i v N I 5 N l X R W 7 M b S U d B S c e w L + r 1 r 9 s x D z g M d G v 8 b A b / 7 j 9 d G v d E F y v n 2 M c 5 B d 5 h h C c D d K G 0 0 i w L J y W q Q i S R 0 K 3 U I g I z Q 5 I 1 J L 1 p 28 w h A F X Y k 7 S 4 X W W Y 0 d 63 u u A Y b f j h e c N u o 0 w e A O 5 C 6 M Y J E w z 6 t 3 e k Q D 3 T z H V E C 9 A j D S y x 6 / R x o k Y m r H y H 87 o f D o C k E L J d T X 4 m k u T v m o n n d J 2 l 7 w Q / k x U t n d o r b s x 519 J Q P z Z 7 + / i c + + V q t a W a Q F h n j R 99 p o l T Z D b O D A S a M 0 d m P t P F L v 1 E c L w o + I Q K 6 E Q v h A 81 P x X I l N N n x X 4 n 9 z 0 o p f G 9 t o Y s O p V r 46 a 5 j 9 / 8 B b J K 3 j p j J H a T i 9 z C c D P 7 E k b 6 D J e x d j c u V y U Z P i y h l 1 D U J d L H y 99 j j o y T P t 4 f / m f 1 q l U g X w u T g D e u B M A E + e r T S l M K h S y C L K q p 1 R b c y u d 0 w A e 3 H W 8 I T x h 9 v Y 2 D 1 P 5 J T S j g s z d c q k T L t w b c u a 1 t e 1 R L M f u B c r W N b L v j Q q b K x 5 X p g 0 E Z 4 K r E t l B W i n p u z 13 h M j u j r G M b L E i I f d s 0 5 I T t s 5 N o g z b T e x / 4 H 3 Y D G X K l z 8 g Z a i k 4 I V n e A g f 3 a Z e M W w 1 R F h q 7 w v P x B t k h / F N Y / p w C M 6 R A 2 K R i 6 q G I d G 6 l R 2 E A e v R w l y V e w 7 W q + C 9 R 62 L y F A i X N 7 a W l g 1 Z 19 s p J 5 K + y v 8 F 7 h C L j Q 5 i l U 2 p S D a p 0 R 0 6 u b W Z P x / q G P E B T b w y z Z 6 K Y 4 u S 73 k C S G p T m 8 L g W t f W C T W j 5 Z s M k / 11 Y 51 O n Z d E N C t X 9 y e t 4 w V 6 I u U C K l j + v N z p L N 7 / 8 w I T o G A 4 X i L I I K O 99 L 1 T h E c q z 3 Y 8 s A e i 7 + Z h r s e Q m j g B S A f k Z e Y M d y A 3 I N Q v s Z 2 z 1 U m r L H o v p M S N w t T h a O K g y / 7 T T I Q 92 k W i U h B D I C Z w i W a L N L 8 H 3 h U G k T o H b 2 n Z 4 K N 2 Z 7 F L D j N e A 2 J P K o v Q z t 5 m J f l K s 6 W F t P x y S 2 I f n 9 X V 2 z y O W x h Y Y R Y Z m T z 92 N K h W P W u 9 N Q 29 F o Q + h a p D k A D 4 / t 90 x i / X 18 L F 5 o 6 J m p u M u H f u N U A L s + V m O c 7 C / T 4 x / 7 F o T 6 b J u 4 N F 94 g V b h U L a j H S s I s x Q T d O W z Y E 45 N e l H 9 A R K d e x X H x e X O w w Q C j D d 8 k J b J R w N w d g X + E g 7 f T a A J g + m T f j F K 1 t r 5 s o 6 M 36 g w x t g t K s n N r P m 9 x l F q V R J w X I y T 0 c Q + u Z q 7 T d v s L 0 F M a B / e r 5 e B x V h 1 k C i w p Q l K o W s A / p 0 A a J E Y O K 8 k Q t i P t h A q E H v m N t u 3 A j q x z X L R K d 6 p P l 4 b Y / E R A x z Y C t j w e V f h / W a G h H I 5 D T s y K j / 9 j B Y H l j Q H E C v I t L A o a C V Y k x J D k 9 j p e 4 b J F D f d C L e Z i w 69 K G a p X S d W R x J / e h X i K h S d S Q v i M b W Z Y c D 4 E U G 4 q m + W H s o 9 B V R Y + K Z Z m K k h 71 K 20 t m e y P w 9 a i 0 v C g f 0 3 r z x g c f e E c Z e 7 V 5 V e x 9 u s 2 V K Y R I m x t i 4 V M e K 9 + f h S i R K / V m C m b Q c h 5 H q z + Y k P 9 C 61 H m L s i Q N P 0 n 4 W H y U C m G Z A + n j g h F d H k j 8 d 8 C T / P Z J 7 U O I A v u p l 1 b 4 f B l q J n x u Q 24 C J j 1 Q X X k e D + Z z + e D Z J 8 R y E h f L M 0 Z V d N 1 N 5 M 1 k q 3 D 4 g b m W p M j F U 79 L H J x f M b P X c j T / 7 k g 0 G 8 i i p g z / G 4 L E / p r L e P + H g J A b H j f 3 + 8 y B Q j / a F 8 f d e T O 7 B 3 h 5 D A f 35 u i e U c 0 j 5 d n 14 f H t o 1 F 6 n Y t b 1 z / j e L H Q N p 4 Z N + d Y 1 i H u N C S Q U + i Y 6 r x Z Y w 4 m S M C b X W M S s H Z X w k A F J w 5 J r h S N B q Q g s 2 V s W 2 k Z Q y T h k O 2 b e n Q R 3 T m a T z C + U f a P g E R n E N k V a g n p x / A M 4 m 4 G e H i l v 5 s N g V 3 S m z i g S 33 I n k A X r U 2 o g i u L 37 k X z E t / w E H Z + + s P S Z C Y h m S A t Y u C p l R 9 J 9 c g W L P g r T X m 4 i r Q c D D y 39 E o 3 F A / m R 9 I j l o U 93 y 2 i A M x z 7 f 0 d A v z z a t h l g g T H G V g s 5 S d M Z R w D F E T l h C 4 l F j H A U U q Z G T A 7 g o V B W l I 9 g b u N Y Z q r a C j Q x u c B 0 u 8 E I 1 z n d 4 a a B / U N 8 Y s M m k E f g o u P W o Q 6 J I s n o 5 k G 0 1 Y p n w 7 R H G 0 Z P T z s + u M A W N L 48 I 6 u G c z 3 / s j F d k o r w x 2 y u a q c o c R u h Z E 3 z Y y r L o U I i c 4 m 9 P h m G W s T p f a 2 Y + W D f o J V L 5 s O v G n n W D p 58 x I D D F z l L o d 8 a s h F 1 l q 1 P Q j 8 K I x 9 i 9 F u W 9 Y X t 7 e v 66 x W R A p X h 1 q B s 2 m s s s c 6 + 1 k G 53 U Z e A w 2 O U D 1 Y 8 N j 4 q d j h S b c c W O q k r B y d C h + p i h h X y q F f a X H s 8 E Y a G g v r 8 U J N H w D U m F o F 6 W f r i 96 V b H 5 b J g J q j X w 3 c B q Z C 3 a Y o P o 8 K 9 A M Y e T e z m C C w t C A 0 j G E 0 4 J 1 G q Q D M I 7 w O D j 6 D N 0 6 K p X W H V f Z t 9 C p w D x r l j x H C K X X c K 5 Q Z Z z h r Y a + s Q 1 u W 7 v B 6 B P z U T H L I C T f A 6 k 847 z G G x B a b W d R o K + o 5 M e F X D a O 6 S O + o e x 428 / A W v O 3 T k Y v V J G H S E f j R u W D q A y v 0 D j a 4 a Q O l A t u r s p X Z r 4 Q Z u K J s G 6 q M + y t c C 7 E V U b C b L 9 Z F D 0 g Y 2 X y U h / V X 4 J f e W A r L r d i a 4 e L K 1 k 7 c s 7 m F D 5 P P q L 7 s 76 q E u 8 n R 6 d 6 N m X V C E x Y t U Q A 3 r o j l x P B l e z 1 B 4 l t 4 p S B G Q N G F x o 0 J I n g k 9 F Z 7 x 48 + p C H c B c j U E l W f L t b d o m c K Y Q a Q H c r w R Z 81 y + W 82 r w M A S r k x H V x L 5 s 7 n P M Q J 0 O f h / m a t l 1 A 2 H U 8 e Z C N q 2 x u q 78 b 9 H n M T r g 66 o u m g r c S 8 K Y z D j l 5 R + Y k z k b r m I Y o L g W c s d R d Q n D w V 7 F R A R 2 g j x D z F S
"deleted" : false ,
"disable_correlation" : false ,
"object_relation" : "malware-sample" ,
"timestamp" : "1654068048" ,
"to_ids" : true ,
"type" : "malware-sample" ,
"uuid" : "df745403-5cbe-4e52-9eb7-390bd36a8ed0" ,
"value" : "3206fe87e2874db37239d64779c1f504cfca528cef8f5c2214f8434b392aa25a|ca322dd565f02d6d8c374e220cf8078e"
} ,
{
"category" : "Artifacts dropped" ,
"comment" : "" ,
"deleted" : false ,
"disable_correlation" : true ,
"object_relation" : "mimetype" ,
"timestamp" : "1654068048" ,
"to_ids" : false ,
"type" : "mime-type" ,
"uuid" : "165dc5ac-99f5-4a92-a6a4-9801f485653d" ,
"value" : "PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows"
} ,
{
"category" : "Payload delivery" ,
"comment" : "" ,
"deleted" : false ,
"disable_correlation" : false ,
"object_relation" : "ssdeep" ,
"timestamp" : "1654068048" ,
"to_ids" : true ,
"type" : "ssdeep" ,
"uuid" : "1359beac-c752-4ac6-a328-8530fea0dce6" ,
"value" : "6144:XS1Y14+vsB/IaggtLnFNvM75DmPYvdP1BGIi2:XS1V1IRgtLnLqcwv1v"
}
]
} ,
{
"comment" : "e07a5ab133d0e22fbb0a434653bf50a851031001: Enriched via the virustotal module" ,
"deleted" : false ,
"description" : "VirusTotal report" ,
"meta-category" : "misc" ,
"name" : "virustotal-report" ,
"template_uuid" : "d7dd0154-e04f-4c34-a2fb-79f3a3a52aa4" ,
"template_version" : "4" ,
"timestamp" : "1654068077" ,
"uuid" : "637c4f30-117e-41ba-a877-a5c4e8c07198" ,
"Attribute" : [
{
"category" : "External analysis" ,
"comment" : "e07a5ab133d0e22fbb0a434653bf50a851031001: Enriched via the virustotal module" ,
"deleted" : false ,
"disable_correlation" : true ,
"object_relation" : "permalink" ,
"timestamp" : "1654068077" ,
"to_ids" : false ,
"type" : "link" ,
"uuid" : "6b759205-b220-44bc-9f7c-1c9c1aa1a7a9" ,
"value" : "https://www.virustotal.com/gui/file/3206fe87e2874db37239d64779c1f504cfca528cef8f5c2214f8434b392aa25a"
} ,
{
"category" : "Other" ,
"comment" : "e07a5ab133d0e22fbb0a434653bf50a851031001: Enriched via the virustotal module" ,
"deleted" : false ,
"disable_correlation" : true ,
"object_relation" : "detection-ratio" ,
"timestamp" : "1654068077" ,
"to_ids" : false ,
"type" : "text" ,
"uuid" : "62a92f71-6d70-4b7e-a18a-6dc2aafef36d" ,
"value" : "37/69"
}
]
} ,
{
"comment" : "e07a5ab133d0e22fbb0a434653bf50a851031001: Enriched via the virustotal module" ,
"deleted" : false ,
"description" : "VirusTotal report" ,
"meta-category" : "misc" ,
"name" : "virustotal-report" ,
"template_uuid" : "d7dd0154-e04f-4c34-a2fb-79f3a3a52aa4" ,
"template_version" : "4" ,
"timestamp" : "1654068077" ,
"uuid" : "39168d95-f1fc-4c13-ac90-4ac6e39b3fc8" ,
"Attribute" : [
{
"category" : "External analysis" ,
"comment" : "e07a5ab133d0e22fbb0a434653bf50a851031001: Enriched via the virustotal module" ,
"deleted" : false ,
"disable_correlation" : true ,
"object_relation" : "permalink" ,
"timestamp" : "1654068077" ,
"to_ids" : false ,
"type" : "link" ,
"uuid" : "53e13c68-a552-4c6d-ac14-1b43c7ca2e1b" ,
"value" : "https://www.virustotal.com/gui/url/01230a4cfe6238655e83d3185a7837282020336d2a35f58c664f094cfdf8fd55"
} ,
{
"category" : "Other" ,
"comment" : "e07a5ab133d0e22fbb0a434653bf50a851031001: Enriched via the virustotal module" ,
"deleted" : false ,
"disable_correlation" : true ,
"object_relation" : "detection-ratio" ,
"timestamp" : "1654068077" ,
"to_ids" : false ,
"type" : "text" ,
"uuid" : "894db7ab-ff00-43ce-a09c-2af414ebd6a2" ,
"value" : "10/94"
}
]
} ,
{
"comment" : "e07a5ab133d0e22fbb0a434653bf50a851031001: Enriched via the virustotal module" ,
"deleted" : false ,
"description" : "url object describes an url along with its normalized field (like extracted using faup parsing library) and its metadata." ,
"meta-category" : "network" ,
"name" : "url" ,
"template_uuid" : "60efb77b-40b5-4c46-871b-ed1ed999fce5" ,
"template_version" : "9" ,
"timestamp" : "1654068077" ,
"uuid" : "3e847331-3f8d-4bb4-9196-5454be6c274b" ,
"Attribute" : [
{
"category" : "Network activity" ,
"comment" : "e07a5ab133d0e22fbb0a434653bf50a851031001: Enriched via the virustotal module" ,
"deleted" : false ,
"disable_correlation" : false ,
"object_relation" : "url" ,
"timestamp" : "1654068077" ,
"to_ids" : true ,
"type" : "url" ,
"uuid" : "d7342537-0d4e-4150-8afe-49ed00777262" ,
"value" : "http://coolrat.xyz/Client.exe"
}
]
} ,
{
"comment" : "e07a5ab133d0e22fbb0a434653bf50a851031001: Enriched via the virustotal module" ,
"deleted" : false ,
"description" : "VirusTotal report" ,
"meta-category" : "misc" ,
"name" : "virustotal-report" ,
"template_uuid" : "d7dd0154-e04f-4c34-a2fb-79f3a3a52aa4" ,
"template_version" : "4" ,
"timestamp" : "1654068077" ,
"uuid" : "03018ef9-6f30-4e0b-b7ec-315e4f471929" ,
"Attribute" : [
{
"category" : "External analysis" ,
"comment" : "e07a5ab133d0e22fbb0a434653bf50a851031001: Enriched via the virustotal module" ,
"deleted" : false ,
"disable_correlation" : true ,
"object_relation" : "permalink" ,
"timestamp" : "1654068077" ,
"to_ids" : false ,
"type" : "link" ,
"uuid" : "8678c2a5-54a0-4fa3-a6ce-05aa133f7247" ,
"value" : "https://www.virustotal.com/gui/ip_address/20.62.24.77"
} ,
{
"category" : "Other" ,
"comment" : "e07a5ab133d0e22fbb0a434653bf50a851031001: Enriched via the virustotal module" ,
"deleted" : false ,
"disable_correlation" : true ,
"object_relation" : "detection-ratio" ,
"timestamp" : "1654068077" ,
"to_ids" : false ,
"type" : "text" ,
"uuid" : "48a0da86-7e46-403b-893a-959bdd2a580d" ,
"value" : "0/91"
}
]
} ,
{
"comment" : "e07a5ab133d0e22fbb0a434653bf50a851031001: Enriched via the virustotal module" ,
"deleted" : false ,
"description" : "A domain/hostname and IP address seen as a tuple in a specific time frame." ,
"meta-category" : "network" ,
"name" : "domain-ip" ,
"template_uuid" : "43b3b146-77eb-4931-b4cc-b66c60f28734" ,
"template_version" : "10" ,
"timestamp" : "1654068125" ,
"uuid" : "70b7a5e1-3b48-4f49-ad9f-1a60606e5020" ,
"Attribute" : [
{
"category" : "Network activity" ,
"comment" : "e07a5ab133d0e22fbb0a434653bf50a851031001: Enriched via the virustotal module" ,
"deleted" : false ,
"disable_correlation" : false ,
"object_relation" : "ip" ,
"timestamp" : "1654068125" ,
"to_ids" : false ,
"type" : "ip-dst" ,
"uuid" : "4646e8b5-325c-49f9-b7f3-787341b30184" ,
"value" : "20.62.24.77"
}
]
} ,
{
"comment" : "" ,
"deleted" : false ,
"description" : "A domain/hostname and IP address seen as a tuple in a specific time frame." ,
"meta-category" : "network" ,
"name" : "domain-ip" ,
"template_uuid" : "43b3b146-77eb-4931-b4cc-b66c60f28734" ,
"template_version" : "10" ,
"timestamp" : "1654068677" ,
"uuid" : "3f1d303a-8c58-42cd-899e-2c722f79d97d" ,
"Attribute" : [
{
"category" : "Network activity" ,
"comment" : "" ,
"deleted" : false ,
"disable_correlation" : false ,
"object_relation" : "domain" ,
"timestamp" : "1654068677" ,
"to_ids" : true ,
"type" : "domain" ,
"uuid" : "c3f38d44-9205-4195-baef-24fd3b8d083b" ,
"value" : "coolrat.xyz"
}
]
} ,
{
"comment" : "" ,
"deleted" : false ,
"description" : "File object describing a file with meta-information" ,
"meta-category" : "file" ,
"name" : "file" ,
"template_uuid" : "688c46fb-5edb-40a3-8273-1af7923e2215" ,
"template_version" : "20" ,
"timestamp" : "1654068756" ,
"uuid" : "7d7e3ed7-667f-4adf-8f35-e5ede8dd8924" ,
"Attribute" : [
{
"category" : "Payload delivery" ,
"comment" : "" ,
"deleted" : false ,
"disable_correlation" : true ,
"object_relation" : "filename" ,
"timestamp" : "1654068756" ,
"to_ids" : true ,
"type" : "filename" ,
"uuid" : "d4355f5d-cdd1-416f-ad00-260cd4435a61" ,
"value" : "fc6a9b001b8b07437b221d70343259d51a6ec580c625be1648e3f6acf09146fc"
} ,
{
"category" : "Other" ,
"comment" : "" ,
"deleted" : false ,
"disable_correlation" : true ,
"object_relation" : "size-in-bytes" ,
"timestamp" : "1654068756" ,
"to_ids" : false ,
"type" : "size-in-bytes" ,
"uuid" : "31db6ad5-da85-4ce6-bf85-bcccb2783f29" ,
"value" : "15218"
} ,
{
"category" : "Other" ,
"comment" : "" ,
"deleted" : false ,
"disable_correlation" : true ,
"object_relation" : "entropy" ,
"timestamp" : "1654068756" ,
"to_ids" : false ,
"type" : "float" ,
"uuid" : "80ccc142-8095-4047-8509-e70ea97340c0" ,
"value" : "7.2521670427369"
} ,
{
"category" : "Payload delivery" ,
"comment" : "" ,
"deleted" : false ,
"disable_correlation" : false ,
"object_relation" : "md5" ,
"timestamp" : "1654068756" ,
"to_ids" : true ,
"type" : "md5" ,
"uuid" : "8a176332-a12c-4b9b-bd51-cb556bb85dbd" ,
"value" : "14aff46aaffbad783974ba819dba6e41"
} ,
{
"category" : "Payload delivery" ,
"comment" : "" ,
"deleted" : false ,
"disable_correlation" : false ,
"object_relation" : "sha1" ,
"timestamp" : "1654068756" ,
"to_ids" : true ,
"type" : "sha1" ,
"uuid" : "1d9e765f-9664-4523-9a2e-9aa0c7991bdc" ,
"value" : "56951a72b332163d916046dd9c38e402f0ccd470"
} ,
{
"category" : "Payload delivery" ,
"comment" : "" ,
"deleted" : false ,
"disable_correlation" : false ,
"object_relation" : "sha256" ,
"timestamp" : "1654068756" ,
"to_ids" : true ,
"type" : "sha256" ,
"uuid" : "f233e438-384a-4e9e-b836-3ff4fb711f1f" ,
"value" : "fc6a9b001b8b07437b221d70343259d51a6ec580c625be1648e3f6acf09146fc"
} ,
{
"category" : "Payload delivery" ,
"comment" : "" ,
"deleted" : false ,
"disable_correlation" : false ,
"object_relation" : "sha512" ,
"timestamp" : "1654068756" ,
"to_ids" : true ,
"type" : "sha512" ,
"uuid" : "d300ff8c-6d31-400f-b326-032fd0ceda92" ,
"value" : "09edc30dbd5b21890ede1cfc7884a89a926635fcd11a4bda1a4823c3b26dc007d64506cbf8519f7cfdf49fdbaf801d88c95a77c01bf90b486992bb7051281cf0"
} ,
{
"category" : "Payload delivery" ,
"comment" : "" ,
"data" : " U E s D B B Q A C Q A I A B I 8 w V T 8 K 67 G M C s A A H I 7 A A A g A B w A M T R h Z m Y 0 N m F h Z m Z i Y W Q 3 O D M 5 N z R i Y T g x O W R i Y T Z l N D F V V A k A A x Q W l 2 I U F p d i d X g L A A E E I Q A A A A Q h A A A A v r 78 b / a 7 v z 0 7 j v d 6 N a Q f u Y k l l 0 a F 9 P q g J 3 N F g G z o o s 3 T k S F 8 I t g u s E D o f B + V w f R B k z K x P S n t L O Y w I h 7 Y F m R 34 O N h w n 2 s e y 6 x d 8 R b D B 25 y c m I y V 1 C V N k W H w / 2 O G F d o 0 q N L K c H N c 6 G U j 8 j t y I T l t 2 a E g Y F o g F W 1 p d p T W M Q J 8 n b y I J 2 / s U x / L 5 j 2 G 3 C f r e M C M f d n N q n 7 f P Q v Z W H F Z A f U 1 Q r c z Y K g G I m V B o 3 Z A 7 h l R N R p 40 E Q C H Q v F y o z y 6 / L Y K t d h L e 2 R f U C A A E u g 0 A v j j 5 Q c + J o C 4 o L d 7 a N 5 y L s a x w F h w o a s R c 32 v f 1 Y G Y 5 x y I Z c Y L G L p d 41 n m 4 T m y O 8 E g m R h O v y g s m w q 9 S r J E 2 E n Y s w 6 g L L 9 O W R v 745 K X m u k D C z L W 0 M H 7 V l f h I g f l O S u I Z o A 8 S E e c q d h G P + 5 G G Z m H H 5 b p b l 6 / Y 4 I j m C U e l y F S c 6 z b l R r 81 G N X o W x z 3 u m U d N N m x / R I M C 0 6 k V u 7 P 6 G 3 B c a k j z v U D H 5 F p d C v b Q 4 V 6 V Z c a S N R c P 1 N k z l w 4 M m h l H p N 7 H r + d j E V X T E A T F 9 w 9 l L C e e Z f p V t f m L l i l N h j l t K V v q S W b o r J Q 8 + 9 / M G P e L 0 U S O k 2 P D i g d V r h g j 7 c R 6 A 8 b c 3 X D f O r v f s G A p z + f + q U V I z 5 d a s 0 R a z 9 j m e 2 r o c 9 V 0 h B X z d p 1 C b 5 g s V E U / h 0 J + N 3 N 9 b j + C z 8 u p q h u V q m B + M f F O r q G 8 l Q 1 l g d C i e N O n Y 6 / L 9 M 9 y C V M C X 1 M x U O M p 2 E U 5 B c j y x T w g b L s g J q B H h 7 q t f i e R m D o N h h 2 u y D c i R f S G s I p J 92 b 5 h f 5 p F K c X x L 1 l p b d g 7 W 7 R b 0 8 W O C g k t W P b L o x T 2 C A u N N 92 B G R 2 e I w Z D j P U 9 D 4 Y 7 p t L r 5 W i T J N I B m H 44 N V U r 3 R K 33 A O S I N j S X V 3 P i / V I u y h a 34 R L 9 + p R r j H 0 s c 52 h O 8 s U W F d Q m W P x L E / J e m 7 u 2 T C 5 y B 5 d m 9 O A D 2 y 2 A L 9 H W / k s 76 y Y e s / f 4 P k a c W y 8 P O R O k e 21 U m u 4 j y 0 x 0 7 b V g q K C A 8 i r i I c N s e Z e 3 d N 5 Q 3 E F t + q Z v z 280 Y K W q O S 9 L W T V g c O g d c o y h O / x x d V H o W h L T s 4 i l e j c m 7 Y O t t c 0 6 V M t K x C Z y Q 1 a V c V B G 2 C L l a e 6 W W N x N q r v 8 l j Z Q d s Q D H N V E f L N F q j h g C b m + c f X O K G k m c 1 g L + q g 7e2 R R i g R P N O l h L 2 Z X D T m G g M N 0 T b M 7 H 8 c g v r c x c d 9 r Q v 9 A v E V A C 6 K l C x / L / m Q W H A a L D 8 c A K t 1 O c + m c a t p U s e V P + k l 7 U 9 V K L a N g / v d i o s L t 3 M w f z c F D S v b Z X t 4 j f 8 Q A B p 3 s T 8 v 2 D O S 2 m E V P d 1 N I B K T K l G d K 0e9 O f + i f D 8 P 2 R s S A / o s s O C + J D O a s m z 1 r 2 r I Z 5 W V 8 c I 0 l E / I 5 l Q c 6 h W 1 g n W K b w e W 9 m K W g 1 L w k j g P L b x A D B o 9 U w n B 2 U V 2 Y 2 Q L g j z C m u N h B P / J a B v U g g A Z 0 8 Q f 9 W o l q Q i R 7 P S 63 s W V E 26 o t p o 7 Y O x 2 x M i n B G t O u Z / 31 q a o 77 z B 250 P 2 E a s I t u Z S i s A 5 G f 3 R J Y 1 E t 33 W v k B H y H P C h t U J S y 30 K m p J s 7 A D w j v H N I G n d a M 2 / r b n X 47 t 62 m D z s O Y x 1 b U v n 5 E y 3 z / I g b c w t E / C R M 1 u p Y 9 Y E o v W 5 a j x o o P e Z g Q H X 6 Q m f 7 K 1 l W k N D P x d T r V t M E G Q s W F R k S y I Z R 7 Q z I P h / p W 8299 o O 9 P / 16 E T Q Y k e G j k s z 9 s V B 1e7 L I r h v k p A l F 0 n 7 l b 1 i Y f 2 W n / a J W m 51 v x U V t m f t Z r Y l a e K Y t 2 t M 826 R q v 1 b s 8 N m T K 54 M I Z a X Z L 1 N 0 2 f p w h q 3 G N X G m l k n w d 141 + N I / N A b o x 1 C k f b D V 2 a x s 9 S 8 B B + x x V 2 K Z 5 E I M t 0 O y R v v M 40 K J g e A / k i y + y 8 E C M u t c R a T v J 8 b 8 Y B o X D y N / G z + f I T r q c j z U U c F B j 0 j j a 0 d Y S y q P 371 z 6 w k c 8 p r a D 0 c N H K m h 4 V Q 6 n / C + X c P h p 1 C x c G z m G Z E U F d Q W e 6 M d o V Q G X d Z h q H l m f 6 i Y + 1 D 1 k K x V o L V L E A L K 7 y 0 e B x b / 0 m p L 1 s 0 Q T J + 0 V Z R z z L p y K + E W G W 63 F Z c E v q t p j Y L W 3 N u h 0 x e K S a p D 18 + f g j x A F y e 3 j B I w N K G + E P F m D P M U 5 f Q 3 b v A M H e o D f L b K G K 5 B 2 T H b L t S l K n q c s H k p i b u o U d / J 5 + M R j a N u s N v S G 2 N O B o n n L M 8 X 0 H / b T S R 3 C A O w O o x A o 86 Y I H F Q p T 0 P H W 7 F b z M 8 C o i Y H s o H q y X 3 E v 9 q G s i G i u M b S o o Y j u U p g c v v K D s 754 b X C b A 9 s g 3 P M 63 t g D 2 n m z G y U P Y q C t T 89 u 9 N J 6 f Q B g P l H + 7 j x S h 0 m m j + U m 4 C t i R s E Z 72 t s 1 K S p m A A g f e 2 U n 7 q s + j U q r 1 p f d y / z H Y D q F J N Q j Y i S 8 K + l E N 5 h j D e u p l 7 l E K P e + + N c 3 t k D Q 531 x F b X 6 K F H A L 63 C R / y 1 M N q w G 0 C I 0 1e2 q w N Y E b S C O R d o P Q p f k p i i a Q x z G T E C Q B w t S O W 8 S l V l / 4 w H 0 9 a c 27 k 5 m U 0 q D b 5 Y B r n / q E C l m U T 7 Z C 9 Y L p s Z S F U R c S 8 s J s + p M R o Z P I j R w O j S u 3 y p u t Q p 7 + B a J m U i / r C p b Z I t H y f o P 2 D c h h 0 s K e s T 5 v E l I 2 + O F S t l / 6 O a o d t N b r x 7 C 6 q W b H I I w c / x q W v a K Z I V k z W f L q e P 9 f V 4 x 2 h I W u A T p k E 9 l s 7 K 0 m 5 A A D X I S K b R D L G H z 1 j B F q Y 7 Y 1 N I 7 e n a c b k X H I / m Q Z l u Z Q w O a m x 3 D V 7 g 5 i / V x E y B i L k i u s 869 Z A w T K v r 6 U k 0 S N v i N P t I q d 2 S A Z G R x J Z c V / 4 e g y o Z E w E z L h Z m k j H R 8 I 1 D s y 7 L h s 1 y d e I / Q 8 o t f f s d e E v Z i H k d X o W m q q r o 4 M I q S 7 C p 4 w a M M Y s 0 s A w 5 M N b l f R a c A k A H j U 9 A K C u n R p 64 r H T x n F x n D T B M Q w E W t K 0 p y e T b 8 d 73 M w / a H e 6 V Q V 9 N A A M w E J V 0 n u E 5 c a W h A B i l b 7 X H J 7 p w g J y O y T h f G k J J + e H r V J Z H O C j C g b e f x 2 K I x g d 8 B w 2 K v g 4 I D q 52 r U G J K c L + k m N 26 X T + q b X T 3 C 7 R Z o m o 5 C Q e I r C L p x t 9 Z E 7 W y G s I N l x F I O G 2 Q / Q / 3 d H 8 a 2 z c C g Y h I a R z 8 z 7 y e o 5 M E 9 n Q R x F 7 U W 4 T r X v b V G U c z J 41 K G l 3 n A p m v 97 u + / M G x s R i G v A O 1 d 69 k S t n o H K F N v H D 3 c W h u 2 I r D P h 93 g 2 i 5 P g B C e H t U D Q X 4 s l U R P 0 i 7 n u A J J b X D 9 i U R s m l A a n J E y 4 L B u 5 z 3 S h G 0 M f l C Q Q 7 / g J U / 1 m i h g l 2 N x 2 Z 3 p o G z r g h U B F y S u 3 k s 4 b X c Y / 4 e g 2 k s F v s q i q + E T / S x n G V W 9 Z L h L 2 Q 1 K Z m X H Q / u V F f q P 5 e I 44 i c 8 y j d w 5 v E W W k K x 8 k v o T h W i Z z g p O O O Q V 7 l 6 r T f b Q E X q 9 L K q B X b g X h d z 3 g y E b E D D E U w b 4 l v s Y f d k h F 4 q r w x e 6 K x h M M N p / 9 I 1 D b h s U p t k 2 p 3 j 5 Q 0 n J / L g W I s S D Z M l m d Y v S E 7 v m 11 j T R v G Z N H W 1 Z i d z L W t F N w V u P g j t m d Z 8 X c a 40 G W E Z Q O t 0 q G N F d J e e T J d f U n g a z r o / P 2 n E u 9 H b l A a z U 4 b b 2 / o f z v + N J N I V e Y z m P D H 3 w B 1 G s K D Y b v p 0 H g 33 q U O o X d d M m 9 I Z 4 l K T h 7 K 8 o S b l O w x V 0 o C 0 H 2 a Z i p M e n X c Y P Q f w 1 Z V m S j j M e 1 p s g b p Y s t a E l q p n y z 5 L 4 B G 1 r z 90 q 5 c B J t R p n x j + i W R 1 U N 4 l Z Y Z w l S 5 o m n d B K a b s A s r 4 J q R u e m i C f U 7 X c a u T p u g t y C z U x B 43 I b g 8 F a D b m A i g 0 O F 8 u M 4 b s 7 k 5 B 0 W n 6 X o O u f 2 N E 9 a a o p S Y y K L N F e i q D g w 6 H d Z m 0 7 n B V Y 9 l A k d r T 4 h a y w L C l R w r H p K a 6 A N i o a h t E D n 567 q S y Z l 0 T + h / L K n 9 n a L 2 u 5 b E l p B e A z L 0 I H t 0 D f X K X u t D x E Q O t F r h d E R 3 W z w 1 y X 75 c n U O N r m T W v r U + G e Y T e h v A 6 F D v 4 w / w X h v U 2 W u b j A n h 9 q k Z w D E F k v 2 f x F W V 8 L 7 x P b Y L i 2 A E g 3 K 1 a T x S 1 z 1 z h 0 e X W Z g E 6 + 6 U E S D 1 u B + N a F A D B s h E r n e G F Y x l 7 C g R j q Y h H L Y G M s t C H P j S n Q R T o D K n r Y q 86 V M d + t K b P B / T w 3 J q R T a P u i N X 7 o v a e Z y j V n X v Z T a u T D C g 6 F M o 5 P 4 C k T / S 0
"deleted" : false ,
"disable_correlation" : false ,
"object_relation" : "malware-sample" ,
"timestamp" : "1654068756" ,
"to_ids" : true ,
"type" : "malware-sample" ,
"uuid" : "e1d6a081-454d-4897-b453-b7213fc3785e" ,
"value" : "fc6a9b001b8b07437b221d70343259d51a6ec580c625be1648e3f6acf09146fc|14aff46aaffbad783974ba819dba6e41"
} ,
{
"category" : "Artifacts dropped" ,
"comment" : "" ,
"deleted" : false ,
"disable_correlation" : true ,
"object_relation" : "mimetype" ,
"timestamp" : "1654068756" ,
"to_ids" : false ,
"type" : "mime-type" ,
"uuid" : "6b38eb78-c4ca-4a3d-95fe-78d9afbabfe6" ,
"value" : "Microsoft Word 2007+"
} ,
{
"category" : "Payload delivery" ,
"comment" : "" ,
"deleted" : false ,
"disable_correlation" : false ,
"object_relation" : "ssdeep" ,
"timestamp" : "1654068756" ,
"to_ids" : true ,
"type" : "ssdeep" ,
"uuid" : "9f01d962-4451-42bc-87f9-50bab1d2d79b" ,
"value" : "192:om8jmiDKgJrYd6aZzAY+ptQoMMMMMMMMMMMMMMMMMMMMMMMo0BM0lkbt3YBMgupR:H89D/VS3+Pf4PKb8wy+C1S3hcXSbX"
}
]
}
2023-04-21 13:25:09 +00:00
]
2023-12-14 14:30:15 +00:00
}
2023-04-21 13:25:09 +00:00
}