{ "Event": { "analysis": "0", "date": "2018-12-17", "extends_uuid": "", "info": "OSINT - Password Protected ZIP with Maldoc", "publish_timestamp": "1545078072", "published": true, "threat_level_id": "3", "timestamp": "1545078053", "uuid": "5c1803a3-43cc-4be7-83bf-42f202de0b81", "Orgc": { "name": "CIRCL", "uuid": "55f6ea5e-2c60-40e5-964f-47a8950d210f" }, "Tag": [ { "colour": "#ffffff", "local": false, "name": "tlp:white", "relationship_type": "" }, { "colour": "#00223b", "local": false, "name": "osint:source-type=\"blog-post\"", "relationship_type": "" } ], "Attribute": [ { "category": "Payload delivery", "comment": "Hexnet.zip", "deleted": false, "disable_correlation": false, "timestamp": "1545077693", "to_ids": true, "type": "sha256", "uuid": "5c1803bd-1860-469e-9889-4a0702de0b81", "value": "ff2d4388aa2ce83d57b08fdbf6a9cd89cec88120f64f7c25d4070b7c1f8a5f82" }, { "category": "Payload delivery", "comment": "information.doc", "deleted": false, "disable_correlation": false, "timestamp": "1545077715", "to_ids": true, "type": "sha256", "uuid": "5c1803d3-5b94-4a90-875b-424202de0b81", "value": "56f82a2ef3e1775059c4cde4998fa5bea6b114c0e993246f5eaee16a48bd546f" }, { "category": "Network activity", "comment": "URL Download", "deleted": false, "disable_correlation": false, "timestamp": "1545077731", "to_ids": true, "type": "url", "uuid": "5c1803e3-8844-4020-b766-42ba02de0b81", "value": "http://duenexacch.com/tyclam/fressr.php?l=kanc13.tkn" }, { "category": "Payload delivery", "comment": "Exe downloaded", "deleted": false, "disable_correlation": false, "timestamp": "1545077753", "to_ids": true, "type": "sha256", "uuid": "5c1803f9-9350-4d2e-bc74-480902de0b81", "value": "58aa79ff20f04ded3f9fe7bc251f52ff49d20a118fcf5236203ffa6bd0adbcf0" }, { "category": "Network activity", "comment": "Compromised hosts - delivering active payload", "deleted": false, "disable_correlation": false, "timestamp": "1545077982", "to_ids": true, "type": "domain", "uuid": "5c1804de-8730-4f3f-80de-4c40950d210f", "value": "duenexacch.com" } ], "Object": [ { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "11", "timestamp": "1545077863", "uuid": "161bfb70-2599-4628-b0c4-246e07f6dac0", "Attribute": [ { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1545077863", "to_ids": true, "type": "md5", "uuid": "98aa846f-38c8-4b4f-b996-41cd160bced1", "value": "bebc7c2db047676069461fea3d949342" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1545077864", "to_ids": true, "type": "sha1", "uuid": "9f41b480-0cdd-437e-b432-46ff034394b4", "value": "cdad1bc046bfc48708e6c6057404e8e4946a0116" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1545077864", "to_ids": true, "type": "sha256", "uuid": "7b55ed79-8660-4fe6-9c8e-23a2e30cbe20", "value": "ff2d4388aa2ce83d57b08fdbf6a9cd89cec88120f64f7c25d4070b7c1f8a5f82" } ] }, { "comment": "", "deleted": false, "description": "VirusTotal report", "meta-category": "misc", "name": "virustotal-report", "template_uuid": "d7dd0154-e04f-4c34-a2fb-79f3a3a52aa4", "template_version": "2", "timestamp": "1545077865", "uuid": "7a783349-9afa-457c-b336-5463ee420eb4", "Attribute": [ { "category": "Other", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "last-submission", "timestamp": "1545077865", "to_ids": false, "type": "datetime", "uuid": "196ecce0-1667-4013-81af-e6aa6d52a071", "value": "2018-12-16T14:09:59" }, { "category": "External analysis", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "permalink", "timestamp": "1545077866", "to_ids": false, "type": "link", "uuid": "4a087ad4-c4b1-4e0f-a739-ee92b5f5ad7f", "value": "https://www.virustotal.com/file/ff2d4388aa2ce83d57b08fdbf6a9cd89cec88120f64f7c25d4070b7c1f8a5f82/analysis/1544969399/" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "detection-ratio", "timestamp": "1545077866", "to_ids": false, "type": "text", "uuid": "30ddf8bc-d94a-42e4-8ac5-688aa1094401", "value": "0/59" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "11", "timestamp": "1545077866", "uuid": "8d2a9cad-bcd5-4083-8e39-6d0cdf7ca350", "Attribute": [ { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1545077866", "to_ids": true, "type": "md5", "uuid": "376616c3-4a7e-454e-ae96-2ce1335faede", "value": "d7c488bb060946d88abcfe76a60e5900" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1545077867", "to_ids": true, "type": "sha1", "uuid": "becfdb5b-419c-4cb1-aefd-d981e9196a2a", "value": "a406c70269a0383c961571ecaf6868f8fe396e4c" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1545077867", "to_ids": true, "type": "sha256", "uuid": "17624b67-34cb-44cd-bc9a-d454110a448f", "value": "58aa79ff20f04ded3f9fe7bc251f52ff49d20a118fcf5236203ffa6bd0adbcf0" } ] }, { "comment": "", "deleted": false, "description": "VirusTotal report", "meta-category": "misc", "name": "virustotal-report", "template_uuid": "d7dd0154-e04f-4c34-a2fb-79f3a3a52aa4", "template_version": "2", "timestamp": "1545077868", "uuid": "d40df9c4-c23b-4d33-b946-a83d03b1ed8c", "Attribute": [ { "category": "Other", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "last-submission", "timestamp": "1545077868", "to_ids": false, "type": "datetime", "uuid": "e97b2079-b298-44e8-ba34-41fc38fa2b1d", "value": "2018-12-13T22:49:45" }, { "category": "External analysis", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "permalink", "timestamp": "1545077868", "to_ids": false, "type": "link", "uuid": "2dcdfa7c-3e60-416b-ad43-8103061c7356", "value": "https://www.virustotal.com/file/58aa79ff20f04ded3f9fe7bc251f52ff49d20a118fcf5236203ffa6bd0adbcf0/analysis/1544741385/" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "detection-ratio", "timestamp": "1545077869", "to_ids": false, "type": "text", "uuid": "4a28b206-0367-440a-b534-3f83bdec369e", "value": "3/68" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "11", "timestamp": "1545077869", "uuid": "ab69f10d-ebab-44ce-a3aa-b4c367969a84", "Attribute": [ { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1545077869", "to_ids": true, "type": "md5", "uuid": "0083ddf6-ec6e-49c0-9ec2-afb1f9d93390", "value": "32085e482ede71ee5b9e3cb2b264b71d" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1545077869", "to_ids": true, "type": "sha1", "uuid": "c4d391a5-1167-462c-aa94-54248adab2d8", "value": "dfbfc78fd370bd5e984862c5369c2be0639b9e2b" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1545077870", "to_ids": true, "type": "sha256", "uuid": "49086846-f75f-4d73-b993-4f6364d8da0f", "value": "56f82a2ef3e1775059c4cde4998fa5bea6b114c0e993246f5eaee16a48bd546f" } ] }, { "comment": "", "deleted": false, "description": "VirusTotal report", "meta-category": "misc", "name": "virustotal-report", "template_uuid": "d7dd0154-e04f-4c34-a2fb-79f3a3a52aa4", "template_version": "2", "timestamp": "1545077870", "uuid": "050ae440-0b4d-40b4-be6c-049a08c3cccf", "Attribute": [ { "category": "Other", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "last-submission", "timestamp": "1545077870", "to_ids": false, "type": "datetime", "uuid": "ddad9a62-5dda-450a-ba6a-e097d8e1973f", "value": "2018-12-16T14:15:13" }, { "category": "External analysis", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "permalink", "timestamp": "1545077871", "to_ids": false, "type": "link", "uuid": "fd4e3c7b-d81c-498b-b19c-b28fa44dd27f", "value": "https://www.virustotal.com/file/56f82a2ef3e1775059c4cde4998fa5bea6b114c0e993246f5eaee16a48bd546f/analysis/1544969713/" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "detection-ratio", "timestamp": "1545077871", "to_ids": false, "type": "text", "uuid": "75e365bb-ab56-44ed-a8ae-c0774bead7a7", "value": "36/57" } ] } ] } }