{ "Event": { "analysis": "2", "date": "2019-06-06", "extends_uuid": "", "info": "OSINT - Gaining New Visibility into Financial Threats", "publish_timestamp": "1559823389", "published": true, "threat_level_id": "3", "timestamp": "1559823376", "uuid": "5cf900bc-28e0-4bed-93a9-5225950d210f", "Orgc": { "name": "CIRCL", "uuid": "55f6ea5e-2c60-40e5-964f-47a8950d210f" }, "Tag": [ { "colour": "#004646", "local": false, "name": "type:OSINT", "relationship_type": "" }, { "colour": "#0071c3", "local": false, "name": "osint:lifetime=\"perpetual\"", "relationship_type": "" }, { "colour": "#0087e8", "local": false, "name": "osint:certainty=\"50\"", "relationship_type": "" }, { "colour": "#ffffff", "local": false, "name": "tlp:white", "relationship_type": "" }, { "colour": "#12e400", "local": false, "name": "misp-galaxy:threat-actor=\"Anunak\"", "relationship_type": "" }, { "colour": "#6bd600", "local": false, "name": "circl:topic=\"finance\"", "relationship_type": "" } ], "Attribute": [ { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1559822567", "to_ids": true, "type": "url", "uuid": "5cf900e7-bcf4-4373-a0ea-7a17950d210f", "value": "swift-fraud.com/documents/94563784.doc" }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1559822568", "to_ids": true, "type": "url", "uuid": "5cf900e8-2f1c-4894-a23c-7a17950d210f", "value": "cloud.yourdocument.biz/robots.txt" }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1559822568", "to_ids": true, "type": "ip-dst", "uuid": "5cf900e8-6870-498d-84d9-7a17950d210f", "value": "94.140.116.69" }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1559822568", "to_ids": true, "type": "ip-dst", "uuid": "5cf900e8-e61c-44fb-ac10-7a17950d210f", "value": "185.206.145.227" }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1559822568", "to_ids": true, "type": "ip-dst", "uuid": "5cf900e8-1334-490c-a730-7a17950d210f", "value": "45.56.162.8" }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1559822568", "to_ids": true, "type": "ip-dst", "uuid": "5cf900e8-bbe4-4902-af9f-7a17950d210f", "value": "94.156.35.118" }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1559822568", "to_ids": true, "type": "ip-dst", "uuid": "5cf900e8-5b20-46d5-a4a2-7a17950d210f", "value": "185.243.115.28" }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1559822568", "to_ids": true, "type": "ip-dst", "uuid": "5cf900e8-ddbc-470a-947b-7a17950d210f", "value": "185.206.146.226" }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1559822568", "to_ids": true, "type": "ip-dst", "uuid": "5cf900e8-f670-48ab-bb14-7a17950d210f", "value": "94.140.116.176" }, { "category": "Payload delivery", "comment": "smrs.exe", "deleted": false, "disable_correlation": false, "timestamp": "1559822907", "to_ids": true, "type": "md5", "uuid": "5cf9023b-6d44-4c14-bcef-c66a950d210f", "value": "d68351f754a508a386c06946c8e79088" }, { "category": "Payload delivery", "comment": "smrs.exe", "deleted": false, "disable_correlation": false, "timestamp": "1559822907", "to_ids": true, "type": "md5", "uuid": "5cf9023b-81c0-4707-ba3c-c66a950d210f", "value": "341917d17440ee8a334b202eb0378108" }, { "category": "Payload delivery", "comment": "java.exe", "deleted": false, "disable_correlation": false, "timestamp": "1559822907", "to_ids": true, "type": "md5", "uuid": "5cf9023b-0f88-4640-8a7a-c66a950d210f", "value": "d90ecd6c825ce236838112898e1c4a2e" }, { "category": "Payload delivery", "comment": "94563784.doc", "deleted": false, "disable_correlation": false, "timestamp": "1559822907", "to_ids": true, "type": "md5", "uuid": "5cf9023b-9cfc-4ca1-b965-c66a950d210f", "value": "d117c73e353193118a6383c30e42a95f" }, { "category": "Payload delivery", "comment": "WRF{8F0C5F8E-18A3-48CE-A2F4-2F4DB1B14E94}.tmp", "deleted": false, "disable_correlation": false, "timestamp": "1559822907", "to_ids": true, "type": "md5", "uuid": "5cf9023b-3068-452b-bf0c-c66a950d210f", "value": "b8fc470b9665b33d2071034fdfd6629c" }, { "category": "Payload delivery", "comment": "KbhpQIcahFCuZwq.sct", "deleted": false, "disable_correlation": false, "timestamp": "1559822908", "to_ids": true, "type": "md5", "uuid": "5cf9023c-9060-4187-820f-c66a950d210f", "value": "bb784d55895db10b67b1b4f1f5b0be16" }, { "category": "Payload delivery", "comment": "MGsCOxPSNK.txt", "deleted": false, "disable_correlation": false, "timestamp": "1559822908", "to_ids": true, "type": "md5", "uuid": "5cf9023c-40f0-4df2-93c9-c66a950d210f", "value": "4bee6ff39103ffe31118260f9b1c4884" }, { "category": "Payload delivery", "comment": "cqHfjCkTtMwG.doc", "deleted": false, "disable_correlation": false, "timestamp": "1559822908", "to_ids": true, "type": "md5", "uuid": "5cf9023c-12c4-4c92-a77f-c66a950d210f", "value": "c2a9443aac258a60d8cace43e839cf9f" }, { "category": "Payload delivery", "comment": "tCrrDqBQoCcEkbnK.txt", "deleted": false, "disable_correlation": false, "timestamp": "1559822908", "to_ids": true, "type": "md5", "uuid": "5cf9023c-1f94-40f5-a8a6-c66a950d210f", "value": "581c2a76b382deedb48d1df077e5bdf1" }, { "category": "Payload delivery", "comment": "DLL dropper", "deleted": false, "disable_correlation": false, "timestamp": "1559822908", "to_ids": true, "type": "md5", "uuid": "5cf9023c-3880-4332-8439-c66a950d210f", "value": "f0645bd9367faf4e21a9c5e8c132bed7" }, { "category": "Payload delivery", "comment": "DLL dropper", "deleted": false, "disable_correlation": false, "timestamp": "1559822908", "to_ids": true, "type": "md5", "uuid": "5cf9023c-444c-4673-9cb4-c66a950d210f", "value": "34a58e62866e5c17db61ee5f95d52c58" }, { "category": "Payload delivery", "comment": "DLL dropper", "deleted": false, "disable_correlation": false, "timestamp": "1559822908", "to_ids": true, "type": "md5", "uuid": "5cf9023c-f954-4501-a996-c66a950d210f", "value": "38242fb29d7cb82a4ffd651189d9821e" }, { "category": "Payload delivery", "comment": "DLL dropper", "deleted": false, "disable_correlation": false, "timestamp": "1559822908", "to_ids": true, "type": "md5", "uuid": "5cf9023c-4834-4e22-bec8-c66a950d210f", "value": "f0e52df398b938bf82d9e71ce754ab34" }, { "category": "Payload delivery", "comment": "303F1428C3F", "deleted": false, "disable_correlation": false, "timestamp": "1559822908", "to_ids": true, "type": "md5", "uuid": "5cf9023c-7518-4541-bb00-c66a950d210f", "value": "eb561d46c6283c632df88bd20ade6df4" }, { "category": "Payload delivery", "comment": "9D01CA.txt", "deleted": false, "disable_correlation": false, "timestamp": "1559822908", "to_ids": true, "type": "md5", "uuid": "5cf9023c-4630-43f1-9026-c66a950d210f", "value": "bbaee5d936a3809f46fd409b8442f753" }, { "category": "Payload delivery", "comment": "rad353F7.tmp", "deleted": false, "disable_correlation": false, "timestamp": "1559822908", "to_ids": true, "type": "md5", "uuid": "5cf9023c-f7b4-4686-9de1-c66a950d210f", "value": "63c98b8c34ee9261c0068c7f0435a9f9" }, { "category": "Payload delivery", "comment": "nusb1mon.exe", "deleted": false, "disable_correlation": false, "timestamp": "1559822908", "to_ids": true, "type": "md5", "uuid": "5cf9023c-3fa0-4002-b6c1-c66a950d210f", "value": "ddb9553c6e4e4908b5c7fbbdc4795d6c" }, { "category": "Payload delivery", "comment": "netscan.exe", "deleted": false, "disable_correlation": false, "timestamp": "1559822908", "to_ids": true, "type": "md5", "uuid": "5cf9023c-19bc-4207-81e4-c66a950d210f", "value": "1e94f1fdf5ace5e57d8b7832ea2da22e" }, { "category": "Payload delivery", "comment": "netscan.exe", "deleted": false, "disable_correlation": false, "timestamp": "1559822908", "to_ids": true, "type": "md5", "uuid": "5cf9023c-12ec-48c3-8418-c66a950d210f", "value": "e7aa5608c81ba4fcd8d166501b90fc06" }, { "category": "Payload delivery", "comment": "psexec.exe", "deleted": false, "disable_correlation": false, "timestamp": "1559822908", "to_ids": true, "type": "md5", "uuid": "5cf9023c-a274-460e-921b-c66a950d210f", "value": "27304b246c7d5b4e149124d5f93c5b01" }, { "category": "Payload delivery", "comment": "psexec.exe", "deleted": false, "disable_correlation": false, "timestamp": "1559822908", "to_ids": true, "type": "md5", "uuid": "5cf9023c-5220-44d5-9984-c66a950d210f", "value": "75b55bb34dac9d02740b9ad6b6820360" }, { "category": "Payload delivery", "comment": "psexesvc.exe", "deleted": false, "disable_correlation": false, "timestamp": "1559822908", "to_ids": true, "type": "md5", "uuid": "5cf9023c-b7c0-4260-987d-c66a950d210f", "value": "a7f7a0f74c8b48f1699858b3b6c11eda" }, { "category": "Payload delivery", "comment": "psexesvc.exe", "deleted": false, "disable_correlation": false, "timestamp": "1559822908", "to_ids": true, "type": "md5", "uuid": "5cf9023c-f174-48fa-a207-c66a950d210f", "value": "87dfac39f577e5f52f0724455e8832a8" }, { "category": "External analysis", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1559823204", "to_ids": false, "type": "link", "uuid": "5cf90364-3014-4df3-b302-4a48950d210f", "value": "https://www.bitdefender.com/files/News/CaseStudies/study/262/Bitdefender-WhitePaper-An-APT-Blueprint-Gaining-New-Visibility-into-Financial-Threats-interactive.pdf" }, { "category": "External analysis", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1559823270", "to_ids": false, "type": "link", "uuid": "5cf903a6-fe08-49aa-8375-77d4950d210f", "value": "https://pastebin.com/FdNVb77d" } ], "Object": [ { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "17", "timestamp": "1559822999", "uuid": "ea848d2e-65da-4deb-af74-a9d0e3a0ebea", "ObjectReference": [ { "comment": "", "object_uuid": "ea848d2e-65da-4deb-af74-a9d0e3a0ebea", "referenced_uuid": "de47fb74-8512-47da-86f7-e8d0cc93cdc7", "relationship_type": "analysed-with", "timestamp": "1559823005", "uuid": "5cf9029d-5980-4160-903e-4151950d210f" } ], "Attribute": [ { "category": "Payload delivery", "comment": "psexesvc.exe", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1559822908", "to_ids": true, "type": "md5", "uuid": "f53abdb3-746f-425c-8cf7-2708633a3ec1", "value": "87dfac39f577e5f52f0724455e8832a8" }, { "category": "Payload delivery", "comment": "psexesvc.exe", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1559822908", "to_ids": true, "type": "sha1", "uuid": "accb477e-c573-47d8-99e5-71b4794121a5", "value": "0c5a8a0c11b9fcad622b884d48c5f0f379e054ff" }, { "category": "Payload delivery", "comment": "psexesvc.exe", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1559822908", "to_ids": true, "type": "sha256", "uuid": "04920cdc-c53f-4e62-95e7-1ac0acd284a7", "value": "6a6a9aa6ed43eb3f857392459c7b05a5a0df89e00a3214d333949a561bcff368" } ] }, { "comment": "", "deleted": false, "description": "VirusTotal report", "meta-category": "misc", "name": "virustotal-report", "template_uuid": "d7dd0154-e04f-4c34-a2fb-79f3a3a52aa4", "template_version": "2", "timestamp": "1559822999", "uuid": "de47fb74-8512-47da-86f7-e8d0cc93cdc7", "Attribute": [ { "category": "Other", "comment": "psexesvc.exe", "deleted": false, "disable_correlation": false, "object_relation": "last-submission", "timestamp": "1559822908", "to_ids": false, "type": "datetime", "uuid": "edb4fa20-2435-47a1-930f-681799b0e215", "value": "2019-06-06T00:05:45" }, { "category": "Payload delivery", "comment": "psexesvc.exe", "deleted": false, "disable_correlation": false, "object_relation": "permalink", "timestamp": "1559822908", "to_ids": false, "type": "link", "uuid": "a8857c21-1482-43b7-82a6-ddb1e08d56e1", "value": "https://www.virustotal.com/file/6a6a9aa6ed43eb3f857392459c7b05a5a0df89e00a3214d333949a561bcff368/analysis/1559779545/" }, { "category": "Payload delivery", "comment": "psexesvc.exe", "deleted": false, "disable_correlation": true, "object_relation": "detection-ratio", "timestamp": "1559822908", "to_ids": false, "type": "text", "uuid": "359d9cd1-3274-43bf-8cb7-342610cdba6f", "value": "1/73" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "17", "timestamp": "1559822999", "uuid": "57e3c16f-67f4-468d-9d9e-b2ee77fce921", "ObjectReference": [ { "comment": "", "object_uuid": "57e3c16f-67f4-468d-9d9e-b2ee77fce921", "referenced_uuid": "3a75d429-6e69-4e61-a8f9-cb53975d839f", "relationship_type": "analysed-with", "timestamp": "1559823005", "uuid": "5cf9029d-d5f8-468e-b74c-4cb0950d210f" } ], "Attribute": [ { "category": "Payload delivery", "comment": "rad353F7.tmp", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1559822908", "to_ids": true, "type": "md5", "uuid": "40a202f7-d47e-4a30-bdda-fbc9c8174112", "value": "63c98b8c34ee9261c0068c7f0435a9f9" }, { "category": "Payload delivery", "comment": "rad353F7.tmp", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1559822908", "to_ids": true, "type": "sha1", "uuid": "f9cfd007-00ab-4307-8285-802edbefae3d", "value": "c673cdac0a0edb70c7a649f9d7ef08ceaa16bd2d" }, { "category": "Payload delivery", "comment": "rad353F7.tmp", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1559822908", "to_ids": true, "type": "sha256", "uuid": "0a91d1ad-8f35-4f11-93ec-29fadaab5475", "value": "28dd81de1a5fa5ca2009abb0daa60e7ff3b9ffba4b8a397147d55b543bc20484" } ] }, { "comment": "", "deleted": false, "description": "VirusTotal report", "meta-category": "misc", "name": "virustotal-report", "template_uuid": "d7dd0154-e04f-4c34-a2fb-79f3a3a52aa4", "template_version": "2", "timestamp": "1559823000", "uuid": "3a75d429-6e69-4e61-a8f9-cb53975d839f", "Attribute": [ { "category": "Other", "comment": "rad353F7.tmp", "deleted": false, "disable_correlation": false, "object_relation": "last-submission", "timestamp": "1559822908", "to_ids": false, "type": "datetime", "uuid": "a8cb3636-92dd-47cc-83d3-25182cdbd9c7", "value": "2019-06-05T16:39:16" }, { "category": "Payload delivery", "comment": "rad353F7.tmp", "deleted": false, "disable_correlation": false, "object_relation": "permalink", "timestamp": "1559822908", "to_ids": false, "type": "link", "uuid": "010f4707-c282-4a50-b6fe-c198e6abe3b5", "value": "https://www.virustotal.com/file/28dd81de1a5fa5ca2009abb0daa60e7ff3b9ffba4b8a397147d55b543bc20484/analysis/1559752756/" }, { "category": "Payload delivery", "comment": "rad353F7.tmp", "deleted": false, "disable_correlation": true, "object_relation": "detection-ratio", "timestamp": "1559822908", "to_ids": false, "type": "text", "uuid": "b223286d-7c10-4ef3-84cc-45af8741323a", "value": "48/73" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "17", "timestamp": "1559823000", "uuid": "2f8c8c8a-924b-4a0e-a78c-eae52f1ba8a7", "ObjectReference": [ { "comment": "", "object_uuid": "2f8c8c8a-924b-4a0e-a78c-eae52f1ba8a7", "referenced_uuid": "a575205e-629c-4238-ae69-d22e6a64b163", "relationship_type": "analysed-with", "timestamp": "1559823005", "uuid": "5cf9029d-fbf8-460a-9d87-4fd3950d210f" } ], "Attribute": [ { "category": "Payload delivery", "comment": "DLL dropper", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1559822908", "to_ids": true, "type": "md5", "uuid": "bf3f5103-66af-4da9-9781-b59997e1059d", "value": "38242fb29d7cb82a4ffd651189d9821e" }, { "category": "Payload delivery", "comment": "DLL dropper", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1559822908", "to_ids": true, "type": "sha1", "uuid": "deddb3ce-c064-4d73-8651-1700c1106ffe", "value": "7ae97baa869d7ed416b773cc72973255a50fa579" }, { "category": "Payload delivery", "comment": "DLL dropper", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1559822908", "to_ids": true, "type": "sha256", "uuid": "0a3ebaee-3566-48b8-9cdf-e0ebbe1cc3dc", "value": "0fef1863af0d7da7ddcfd3727f8fa08d66cd2d9ab4d5300dd3c57e908144edb6" } ] }, { "comment": "", "deleted": false, "description": "VirusTotal report", "meta-category": "misc", "name": "virustotal-report", "template_uuid": "d7dd0154-e04f-4c34-a2fb-79f3a3a52aa4", "template_version": "2", "timestamp": "1559823000", "uuid": "a575205e-629c-4238-ae69-d22e6a64b163", "Attribute": [ { "category": "Other", "comment": "DLL dropper", "deleted": false, "disable_correlation": false, "object_relation": "last-submission", "timestamp": "1559822908", "to_ids": false, "type": "datetime", "uuid": "4732126c-2568-42c3-9064-1deb92dc6b18", "value": "2019-06-06T09:50:59" }, { "category": "Payload delivery", "comment": "DLL dropper", "deleted": false, "disable_correlation": false, "object_relation": "permalink", "timestamp": "1559822908", "to_ids": false, "type": "link", "uuid": "ef6ddc96-9d46-404d-b6ba-78e8bc713108", "value": "https://www.virustotal.com/file/0fef1863af0d7da7ddcfd3727f8fa08d66cd2d9ab4d5300dd3c57e908144edb6/analysis/1559814659/" }, { "category": "Payload delivery", "comment": "DLL dropper", "deleted": false, "disable_correlation": true, "object_relation": "detection-ratio", "timestamp": "1559822908", "to_ids": false, "type": "text", "uuid": "f0fb56ae-dd12-4b0e-8014-18c839783a45", "value": "40/68" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "17", "timestamp": "1559823000", "uuid": "33492163-b362-476c-9869-f601ff4b0211", "ObjectReference": [ { "comment": "", "object_uuid": "33492163-b362-476c-9869-f601ff4b0211", "referenced_uuid": "cd0334f3-67d3-4324-9b30-28951aabe6c6", "relationship_type": "analysed-with", "timestamp": "1559823005", "uuid": "5cf9029d-950c-4227-bbf1-4259950d210f" } ], "Attribute": [ { "category": "Payload delivery", "comment": "DLL dropper", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1559822908", "to_ids": true, "type": "md5", "uuid": "e055bf1a-4bb4-4afa-92a8-f30566d75b18", "value": "34a58e62866e5c17db61ee5f95d52c58" }, { "category": "Payload delivery", "comment": "DLL dropper", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1559822908", "to_ids": true, "type": "sha1", "uuid": "f37d5986-f6be-40da-aa3e-7e8e91fc18bc", "value": "8c0c273d458a85f38dd35d868cc734119773edbe" }, { "category": "Payload delivery", "comment": "DLL dropper", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1559822908", "to_ids": true, "type": "sha256", "uuid": "a9ccb1cb-0129-45b4-aef9-cddf650ea75a", "value": "74af98fb016bf3adb51f49dff0a88c27bf4437e625a0c7557215a618a7b469a1" } ] }, { "comment": "", "deleted": false, "description": "VirusTotal report", "meta-category": "misc", "name": "virustotal-report", "template_uuid": "d7dd0154-e04f-4c34-a2fb-79f3a3a52aa4", "template_version": "2", "timestamp": "1559823000", "uuid": "cd0334f3-67d3-4324-9b30-28951aabe6c6", "Attribute": [ { "category": "Other", "comment": "DLL dropper", "deleted": false, "disable_correlation": false, "object_relation": "last-submission", "timestamp": "1559822908", "to_ids": false, "type": "datetime", "uuid": "a5f8849e-c2eb-48e8-9c38-248d2e440c76", "value": "2019-06-06T09:59:20" }, { "category": "Payload delivery", "comment": "DLL dropper", "deleted": false, "disable_correlation": false, "object_relation": "permalink", "timestamp": "1559822908", "to_ids": false, "type": "link", "uuid": "b58a6671-028a-40fc-9131-40f3cab08675", "value": "https://www.virustotal.com/file/74af98fb016bf3adb51f49dff0a88c27bf4437e625a0c7557215a618a7b469a1/analysis/1559815160/" }, { "category": "Payload delivery", "comment": "DLL dropper", "deleted": false, "disable_correlation": true, "object_relation": "detection-ratio", "timestamp": "1559822908", "to_ids": false, "type": "text", "uuid": "1ff8f77d-f171-49dc-9428-b80758e28b65", "value": "43/71" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "17", "timestamp": "1559823000", "uuid": "11184fc9-fcec-4ee2-8097-94d0024f38fc", "ObjectReference": [ { "comment": "", "object_uuid": "11184fc9-fcec-4ee2-8097-94d0024f38fc", "referenced_uuid": "7ae2d99e-26b2-4879-a4e2-caec2c6ac680", "relationship_type": "analysed-with", "timestamp": "1559823006", "uuid": "5cf9029e-9490-4b4f-b2d8-4c03950d210f" } ], "Attribute": [ { "category": "Payload delivery", "comment": "KbhpQIcahFCuZwq.sct", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1559822908", "to_ids": true, "type": "md5", "uuid": "ac9e0ee6-9a0b-4295-a07a-1b84fb6b098e", "value": "bb784d55895db10b67b1b4f1f5b0be16" }, { "category": "Payload delivery", "comment": "KbhpQIcahFCuZwq.sct", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1559822908", "to_ids": true, "type": "sha1", "uuid": "fe3727ed-c881-4a7c-b67c-614b7f93df20", "value": "3d29fac679c5ce41cacd4510b455dbcbfc33a95e" }, { "category": "Payload delivery", "comment": "KbhpQIcahFCuZwq.sct", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1559822908", "to_ids": true, "type": "sha256", "uuid": "d0b53f57-5d79-4c71-816c-0a58b30fa264", "value": "340025fc4a857bad96a037c6acaaa4d61e03b0fd13f56b724cee46dfcf020bd4" } ] }, { "comment": "", "deleted": false, "description": "VirusTotal report", "meta-category": "misc", "name": "virustotal-report", "template_uuid": "d7dd0154-e04f-4c34-a2fb-79f3a3a52aa4", "template_version": "2", "timestamp": "1559823001", "uuid": "7ae2d99e-26b2-4879-a4e2-caec2c6ac680", "Attribute": [ { "category": "Other", "comment": "KbhpQIcahFCuZwq.sct", "deleted": false, "disable_correlation": false, "object_relation": "last-submission", "timestamp": "1559822908", "to_ids": false, "type": "datetime", "uuid": "7e6cf628-7384-4e39-9e01-973a74927d29", "value": "2019-06-05T18:34:57" }, { "category": "Payload delivery", "comment": "KbhpQIcahFCuZwq.sct", "deleted": false, "disable_correlation": false, "object_relation": "permalink", "timestamp": "1559822908", "to_ids": false, "type": "link", "uuid": "db2ad86f-6749-4397-a9a0-2c6635bbe918", "value": "https://www.virustotal.com/file/340025fc4a857bad96a037c6acaaa4d61e03b0fd13f56b724cee46dfcf020bd4/analysis/1559759697/" }, { "category": "Payload delivery", "comment": "KbhpQIcahFCuZwq.sct", "deleted": false, "disable_correlation": true, "object_relation": "detection-ratio", "timestamp": "1559822908", "to_ids": false, "type": "text", "uuid": "d1214470-81bb-4d00-9d3b-4cf4f6a3644d", "value": "21/56" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "17", "timestamp": "1559823001", "uuid": "b62a4ac4-4b20-4eb5-81d5-f9a3fee32519", "ObjectReference": [ { "comment": "", "object_uuid": "b62a4ac4-4b20-4eb5-81d5-f9a3fee32519", "referenced_uuid": "20f86c50-ab0b-42c5-a22a-4a0b861dd753", "relationship_type": "analysed-with", "timestamp": "1559823006", "uuid": "5cf9029e-08d0-45ba-bae0-4f46950d210f" } ], "Attribute": [ { "category": "Payload delivery", "comment": "DLL dropper", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1559822908", "to_ids": true, "type": "md5", "uuid": "6b985700-998a-4d91-aec3-88181f48f1ce", "value": "f0645bd9367faf4e21a9c5e8c132bed7" }, { "category": "Payload delivery", "comment": "DLL dropper", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1559822908", "to_ids": true, "type": "sha1", "uuid": "0ee11c1c-a4f6-491a-899a-340a0cf2f6b2", "value": "8245fca43d35c309fa64532b03ec20a31014572f" }, { "category": "Payload delivery", "comment": "DLL dropper", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1559822908", "to_ids": true, "type": "sha256", "uuid": "232b294e-4159-4102-b46b-cd8a6b5a3066", "value": "cc2e9c6d8bce799829351bd25a64c9b332958038365195e054411b136be61a4f" } ] }, { "comment": "", "deleted": false, "description": "VirusTotal report", "meta-category": "misc", "name": "virustotal-report", "template_uuid": "d7dd0154-e04f-4c34-a2fb-79f3a3a52aa4", "template_version": "2", "timestamp": "1559823001", "uuid": "20f86c50-ab0b-42c5-a22a-4a0b861dd753", "Attribute": [ { "category": "Other", "comment": "DLL dropper", "deleted": false, "disable_correlation": false, "object_relation": "last-submission", "timestamp": "1559822908", "to_ids": false, "type": "datetime", "uuid": "cc6e41d6-0011-4337-9cd1-21936ff90bbf", "value": "2019-06-05T18:34:38" }, { "category": "Payload delivery", "comment": "DLL dropper", "deleted": false, "disable_correlation": false, "object_relation": "permalink", "timestamp": "1559822908", "to_ids": false, "type": "link", "uuid": "f63df462-3a2d-4bf4-be13-d2960864cf7e", "value": "https://www.virustotal.com/file/cc2e9c6d8bce799829351bd25a64c9b332958038365195e054411b136be61a4f/analysis/1559759678/" }, { "category": "Payload delivery", "comment": "DLL dropper", "deleted": false, "disable_correlation": true, "object_relation": "detection-ratio", "timestamp": "1559822908", "to_ids": false, "type": "text", "uuid": "11d7631b-1d40-42cb-979c-949d49db670d", "value": "43/70" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "17", "timestamp": "1559823001", "uuid": "8c139391-532c-41a3-a222-634a8c601a87", "ObjectReference": [ { "comment": "", "object_uuid": "8c139391-532c-41a3-a222-634a8c601a87", "referenced_uuid": "b6acbebe-39e8-4a6a-8781-7a22d00272b0", "relationship_type": "analysed-with", "timestamp": "1559823006", "uuid": "5cf9029e-74c0-4e0b-bcf4-47a9950d210f" } ], "Attribute": [ { "category": "Payload delivery", "comment": "psexec.exe", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1559822908", "to_ids": true, "type": "md5", "uuid": "ac84b2e4-c92c-4871-b2e6-e5803d279a45", "value": "27304b246c7d5b4e149124d5f93c5b01" }, { "category": "Payload delivery", "comment": "psexec.exe", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1559822908", "to_ids": true, "type": "sha1", "uuid": "42b5f9bc-f2f3-4ae4-94f7-5973a989b33e", "value": "e50d9e3bd91908e13a26b3e23edeaf577fb3a095" }, { "category": "Payload delivery", "comment": "psexec.exe", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1559822908", "to_ids": true, "type": "sha256", "uuid": "fdbb1b0d-f581-42f1-b6b0-c99d16a7500d", "value": "3337e3875b05e0bfba69ab926532e3f179e8cfbf162ebb60ce58a0281437a7ef" } ] }, { "comment": "", "deleted": false, "description": "VirusTotal report", "meta-category": "misc", "name": "virustotal-report", "template_uuid": "d7dd0154-e04f-4c34-a2fb-79f3a3a52aa4", "template_version": "2", "timestamp": "1559823001", "uuid": "b6acbebe-39e8-4a6a-8781-7a22d00272b0", "Attribute": [ { "category": "Other", "comment": "psexec.exe", "deleted": false, "disable_correlation": false, "object_relation": "last-submission", "timestamp": "1559822908", "to_ids": false, "type": "datetime", "uuid": "a54e618c-709f-4c4c-96f8-475a27c9ba36", "value": "2019-06-05T23:56:48" }, { "category": "Payload delivery", "comment": "psexec.exe", "deleted": false, "disable_correlation": false, "object_relation": "permalink", "timestamp": "1559822908", "to_ids": false, "type": "link", "uuid": "181a1c58-4800-43e6-a903-009a1f96f197", "value": "https://www.virustotal.com/file/3337e3875b05e0bfba69ab926532e3f179e8cfbf162ebb60ce58a0281437a7ef/analysis/1559779008/" }, { "category": "Payload delivery", "comment": "psexec.exe", "deleted": false, "disable_correlation": true, "object_relation": "detection-ratio", "timestamp": "1559822908", "to_ids": false, "type": "text", "uuid": "9e26cdbd-8e6e-4a39-930d-987d58e8e85e", "value": "2/73" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "17", "timestamp": "1559823001", "uuid": "c7d41beb-3fba-4a5c-8f1b-1776eac57521", "ObjectReference": [ { "comment": "", "object_uuid": "c7d41beb-3fba-4a5c-8f1b-1776eac57521", "referenced_uuid": "76cd75eb-9363-4a7a-8a23-568bb8cf2bb7", "relationship_type": "analysed-with", "timestamp": "1559823006", "uuid": "5cf9029e-0ff0-4d7a-99f1-42e5950d210f" } ], "Attribute": [ { "category": "Payload delivery", "comment": "tCrrDqBQoCcEkbnK.txt", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1559822908", "to_ids": true, "type": "md5", "uuid": "c0777261-9d54-45f8-987e-4f06cd8eb782", "value": "581c2a76b382deedb48d1df077e5bdf1" }, { "category": "Payload delivery", "comment": "tCrrDqBQoCcEkbnK.txt", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1559822908", "to_ids": true, "type": "sha1", "uuid": "962db6c2-c3ce-450e-a499-413af66123a5", "value": "8b7b20d1a81af09a42e7dd1b3e02f2fa8038413c" }, { "category": "Payload delivery", "comment": "tCrrDqBQoCcEkbnK.txt", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1559822908", "to_ids": true, "type": "sha256", "uuid": "b9bc88ae-7606-4b57-a78a-545ea9131397", "value": "b6ab9705591e9066df9ce4ab79ff532eff4adff88d899522cddc814158f95663" } ] }, { "comment": "", "deleted": false, "description": "VirusTotal report", "meta-category": "misc", "name": "virustotal-report", "template_uuid": "d7dd0154-e04f-4c34-a2fb-79f3a3a52aa4", "template_version": "2", "timestamp": "1559823002", "uuid": "76cd75eb-9363-4a7a-8a23-568bb8cf2bb7", "Attribute": [ { "category": "Other", "comment": "tCrrDqBQoCcEkbnK.txt", "deleted": false, "disable_correlation": false, "object_relation": "last-submission", "timestamp": "1559822908", "to_ids": false, "type": "datetime", "uuid": "1bcfe86d-7072-4afe-a20f-9f9e11cb6d36", "value": "2019-06-05T16:39:41" }, { "category": "Payload delivery", "comment": "tCrrDqBQoCcEkbnK.txt", "deleted": false, "disable_correlation": false, "object_relation": "permalink", "timestamp": "1559822908", "to_ids": false, "type": "link", "uuid": "e1e7432c-c31a-405a-a881-ec4c7f7c92dd", "value": "https://www.virustotal.com/file/b6ab9705591e9066df9ce4ab79ff532eff4adff88d899522cddc814158f95663/analysis/1559752781/" }, { "category": "Payload delivery", "comment": "tCrrDqBQoCcEkbnK.txt", "deleted": false, "disable_correlation": true, "object_relation": "detection-ratio", "timestamp": "1559822908", "to_ids": false, "type": "text", "uuid": "c78bfbb2-cfc8-4c52-bfd1-b7a2c97b01ad", "value": "28/59" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "17", "timestamp": "1559823002", "uuid": "2635adb7-eec5-421d-8084-7b415519ee42", "ObjectReference": [ { "comment": "", "object_uuid": "2635adb7-eec5-421d-8084-7b415519ee42", "referenced_uuid": "d317b55c-3b25-4466-8fac-5ab9a70a2ef2", "relationship_type": "analysed-with", "timestamp": "1559823006", "uuid": "5cf9029e-cbcc-4bef-8336-494f950d210f" } ], "Attribute": [ { "category": "Payload delivery", "comment": "DLL dropper", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1559822908", "to_ids": true, "type": "md5", "uuid": "efecabc7-a7da-4b62-a15d-34c94cc22bf5", "value": "f0e52df398b938bf82d9e71ce754ab34" }, { "category": "Payload delivery", "comment": "DLL dropper", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1559822908", "to_ids": true, "type": "sha1", "uuid": "a35de310-be67-4351-80a4-efe6756d13f3", "value": "b58b6e2049fbaae7eb0c7aa14564604813c9e06b" }, { "category": "Payload delivery", "comment": "DLL dropper", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1559822908", "to_ids": true, "type": "sha256", "uuid": "da7bce24-8e9d-4d96-b4e0-dce84e4a4dbc", "value": "69f7822cac20a27c4fe955c0864a9fe9b3798f54f39ac3ebdba12b0ab4a9cdbd" } ] }, { "comment": "", "deleted": false, "description": "VirusTotal report", "meta-category": "misc", "name": "virustotal-report", "template_uuid": "d7dd0154-e04f-4c34-a2fb-79f3a3a52aa4", "template_version": "2", "timestamp": "1559823002", "uuid": "d317b55c-3b25-4466-8fac-5ab9a70a2ef2", "Attribute": [ { "category": "Other", "comment": "DLL dropper", "deleted": false, "disable_correlation": false, "object_relation": "last-submission", "timestamp": "1559822908", "to_ids": false, "type": "datetime", "uuid": "35f48480-2d3c-4845-9a0b-e4302f6dfd1c", "value": "2019-06-05T16:39:26" }, { "category": "Payload delivery", "comment": "DLL dropper", "deleted": false, "disable_correlation": false, "object_relation": "permalink", "timestamp": "1559822908", "to_ids": false, "type": "link", "uuid": "b8ddf93c-d397-4187-a061-f2317b8a4aa3", "value": "https://www.virustotal.com/file/69f7822cac20a27c4fe955c0864a9fe9b3798f54f39ac3ebdba12b0ab4a9cdbd/analysis/1559752766/" }, { "category": "Payload delivery", "comment": "DLL dropper", "deleted": false, "disable_correlation": true, "object_relation": "detection-ratio", "timestamp": "1559822908", "to_ids": false, "type": "text", "uuid": "787821f0-07d0-49da-a0be-c875035086ca", "value": "51/73" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "17", "timestamp": "1559823002", "uuid": "c730930e-72e0-45e5-a3cb-e040521971a3", "ObjectReference": [ { "comment": "", "object_uuid": "c730930e-72e0-45e5-a3cb-e040521971a3", "referenced_uuid": "7bc4f11b-34a5-4929-9f93-75081f6a60b4", "relationship_type": "analysed-with", "timestamp": "1559823006", "uuid": "5cf9029e-5114-42c6-b294-40cc950d210f" } ], "Attribute": [ { "category": "Payload delivery", "comment": "MGsCOxPSNK.txt", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1559822908", "to_ids": true, "type": "md5", "uuid": "6acb9c83-8a68-4533-8599-2b96caca71b4", "value": "4bee6ff39103ffe31118260f9b1c4884" }, { "category": "Payload delivery", "comment": "MGsCOxPSNK.txt", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1559822908", "to_ids": true, "type": "sha1", "uuid": "45fc1115-cffb-4f25-9c31-062cc3ed2251", "value": "ae9ee7088142c9c13427f9cac6b604d04dea4db4" }, { "category": "Payload delivery", "comment": "MGsCOxPSNK.txt", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1559822908", "to_ids": true, "type": "sha256", "uuid": "39296f72-b102-4e81-aff5-8d53cf7205b8", "value": "127e185dc7308e6a7bfa9c91601c9dfc8b0b2ce410e4e6157992e995169c1699" } ] }, { "comment": "", "deleted": false, "description": "VirusTotal report", "meta-category": "misc", "name": "virustotal-report", "template_uuid": "d7dd0154-e04f-4c34-a2fb-79f3a3a52aa4", "template_version": "2", "timestamp": "1559823002", "uuid": "7bc4f11b-34a5-4929-9f93-75081f6a60b4", "Attribute": [ { "category": "Other", "comment": "MGsCOxPSNK.txt", "deleted": false, "disable_correlation": false, "object_relation": "last-submission", "timestamp": "1559822908", "to_ids": false, "type": "datetime", "uuid": "24d4b68b-979f-40a2-8ae3-7fbab006b695", "value": "2019-06-05T16:39:11" }, { "category": "Payload delivery", "comment": "MGsCOxPSNK.txt", "deleted": false, "disable_correlation": false, "object_relation": "permalink", "timestamp": "1559822908", "to_ids": false, "type": "link", "uuid": "7eab0bbb-e934-4101-8725-255aeebcc24c", "value": "https://www.virustotal.com/file/127e185dc7308e6a7bfa9c91601c9dfc8b0b2ce410e4e6157992e995169c1699/analysis/1559752751/" }, { "category": "Payload delivery", "comment": "MGsCOxPSNK.txt", "deleted": false, "disable_correlation": true, "object_relation": "detection-ratio", "timestamp": "1559822908", "to_ids": false, "type": "text", "uuid": "7a5f5574-3b98-4b2e-9453-13d93cfad79f", "value": "25/60" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "17", "timestamp": "1559823003", "uuid": "654cf3c0-e403-415e-8dde-d210c2a32c68", "ObjectReference": [ { "comment": "", "object_uuid": "654cf3c0-e403-415e-8dde-d210c2a32c68", "referenced_uuid": "80f85328-d4bb-4113-a164-a4e080ef8d80", "relationship_type": "analysed-with", "timestamp": "1559823006", "uuid": "5cf9029e-14a4-4118-8351-4217950d210f" } ], "Attribute": [ { "category": "Payload delivery", "comment": "psexec.exe", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1559822908", "to_ids": true, "type": "md5", "uuid": "a90eb07a-fc0f-44fc-b55c-fcceeb9e341a", "value": "75b55bb34dac9d02740b9ad6b6820360" }, { "category": "Payload delivery", "comment": "psexec.exe", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1559822908", "to_ids": true, "type": "sha1", "uuid": "78f9e7cc-a9d7-43fa-85eb-ac155c3177ab", "value": "a17c21b909c56d93d978014e63fb06926eaea8e7" }, { "category": "Payload delivery", "comment": "psexec.exe", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1559822908", "to_ids": true, "type": "sha256", "uuid": "b82311c7-b1d1-4537-8801-14c7d4c719c3", "value": "141b2190f51397dbd0dfde0e3904b264c91b6f81febc823ff0c33da980b69944" } ] }, { "comment": "", "deleted": false, "description": "VirusTotal report", "meta-category": "misc", "name": "virustotal-report", "template_uuid": "d7dd0154-e04f-4c34-a2fb-79f3a3a52aa4", "template_version": "2", "timestamp": "1559823003", "uuid": "80f85328-d4bb-4113-a164-a4e080ef8d80", "Attribute": [ { "category": "Other", "comment": "psexec.exe", "deleted": false, "disable_correlation": false, "object_relation": "last-submission", "timestamp": "1559822908", "to_ids": false, "type": "datetime", "uuid": "a6d55295-0037-48dd-8cdc-9618997f3d83", "value": "2019-06-05T18:30:17" }, { "category": "Payload delivery", "comment": "psexec.exe", "deleted": false, "disable_correlation": false, "object_relation": "permalink", "timestamp": "1559822908", "to_ids": false, "type": "link", "uuid": "8f93c372-fb61-4b5f-b72d-0bb26c38e3a2", "value": "https://www.virustotal.com/file/141b2190f51397dbd0dfde0e3904b264c91b6f81febc823ff0c33da980b69944/analysis/1559759417/" }, { "category": "Payload delivery", "comment": "psexec.exe", "deleted": false, "disable_correlation": true, "object_relation": "detection-ratio", "timestamp": "1559822908", "to_ids": false, "type": "text", "uuid": "9637d4d7-f3dd-43e2-b1e8-cc524e61425b", "value": "1/74" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "17", "timestamp": "1559823003", "uuid": "978cc9ef-f291-4f48-b98d-7d6ac96c6e00", "ObjectReference": [ { "comment": "", "object_uuid": "978cc9ef-f291-4f48-b98d-7d6ac96c6e00", "referenced_uuid": "1e23c045-091f-4acd-a090-9b8d21b602ec", "relationship_type": "analysed-with", "timestamp": "1559823006", "uuid": "5cf9029e-eb2c-4c2f-94f5-4ac9950d210f" } ], "Attribute": [ { "category": "Payload delivery", "comment": "94563784.doc", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1559822907", "to_ids": true, "type": "md5", "uuid": "5c15976a-70fc-4931-909f-cacd23b26100", "value": "d117c73e353193118a6383c30e42a95f" }, { "category": "Payload delivery", "comment": "94563784.doc", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1559822907", "to_ids": true, "type": "sha1", "uuid": "986c20d9-e565-4e21-98e2-94bad1474958", "value": "fa191c27a162589ba54f0e7a30ffb23623f3872c" }, { "category": "Payload delivery", "comment": "94563784.doc", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1559822907", "to_ids": true, "type": "sha256", "uuid": "8107e78a-d2cc-462a-8e42-95685ed2ddcc", "value": "bebd4cd9aece49fbe6e7024e239638004358ff87d02f9bd4328993409da9e17c" } ] }, { "comment": "", "deleted": false, "description": "VirusTotal report", "meta-category": "misc", "name": "virustotal-report", "template_uuid": "d7dd0154-e04f-4c34-a2fb-79f3a3a52aa4", "template_version": "2", "timestamp": "1559823003", "uuid": "1e23c045-091f-4acd-a090-9b8d21b602ec", "Attribute": [ { "category": "Other", "comment": "94563784.doc", "deleted": false, "disable_correlation": false, "object_relation": "last-submission", "timestamp": "1559822907", "to_ids": false, "type": "datetime", "uuid": "740acfa3-9fa9-48c9-8754-14166e8d67ed", "value": "2019-06-05T10:41:17" }, { "category": "Payload delivery", "comment": "94563784.doc", "deleted": false, "disable_correlation": false, "object_relation": "permalink", "timestamp": "1559822907", "to_ids": false, "type": "link", "uuid": "77c482d6-0a9c-4f2b-9294-1c3f91493103", "value": "https://www.virustotal.com/file/bebd4cd9aece49fbe6e7024e239638004358ff87d02f9bd4328993409da9e17c/analysis/1559731277/" }, { "category": "Payload delivery", "comment": "94563784.doc", "deleted": false, "disable_correlation": true, "object_relation": "detection-ratio", "timestamp": "1559822907", "to_ids": false, "type": "text", "uuid": "7e4241d3-c145-40c1-b7ca-0b512993b4e4", "value": "39/59" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "17", "timestamp": "1559823003", "uuid": "8b5a1799-619f-4570-9aa6-ac54205c81f4", "ObjectReference": [ { "comment": "", "object_uuid": "8b5a1799-619f-4570-9aa6-ac54205c81f4", "referenced_uuid": "dce4a646-5ab4-4c54-88ea-a2c5a6683155", "relationship_type": "analysed-with", "timestamp": "1559823006", "uuid": "5cf9029e-5524-4915-a649-4d3d950d210f" } ], "Attribute": [ { "category": "Payload delivery", "comment": "303F1428C3F", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1559822908", "to_ids": true, "type": "md5", "uuid": "c9e41f8f-2687-4c55-805f-cccb7ab96173", "value": "eb561d46c6283c632df88bd20ade6df4" }, { "category": "Payload delivery", "comment": "303F1428C3F", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1559822908", "to_ids": true, "type": "sha1", "uuid": "84d340a3-08e3-4683-9078-2a905d5a905b", "value": "1313dadf5e3a1dc414798dc746e32509766dcd70" }, { "category": "Payload delivery", "comment": "303F1428C3F", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1559822908", "to_ids": true, "type": "sha256", "uuid": "3dcccf42-ece0-4aa1-8cb5-a2a479273f8c", "value": "2169cc5e019acf1825025603651055481fb0dc82927a371016efc974634b784c" } ] }, { "comment": "", "deleted": false, "description": "VirusTotal report", "meta-category": "misc", "name": "virustotal-report", "template_uuid": "d7dd0154-e04f-4c34-a2fb-79f3a3a52aa4", "template_version": "2", "timestamp": "1559823003", "uuid": "dce4a646-5ab4-4c54-88ea-a2c5a6683155", "Attribute": [ { "category": "Other", "comment": "303F1428C3F", "deleted": false, "disable_correlation": false, "object_relation": "last-submission", "timestamp": "1559822908", "to_ids": false, "type": "datetime", "uuid": "6d0b1b34-a70f-4b78-bca5-40357670d29a", "value": "2019-06-06T10:01:38" }, { "category": "Payload delivery", "comment": "303F1428C3F", "deleted": false, "disable_correlation": false, "object_relation": "permalink", "timestamp": "1559822908", "to_ids": false, "type": "link", "uuid": "54560188-5647-47cb-800a-54622b884041", "value": "https://www.virustotal.com/file/2169cc5e019acf1825025603651055481fb0dc82927a371016efc974634b784c/analysis/1559815298/" }, { "category": "Payload delivery", "comment": "303F1428C3F", "deleted": false, "disable_correlation": true, "object_relation": "detection-ratio", "timestamp": "1559822908", "to_ids": false, "type": "text", "uuid": "a04712ac-3b5c-4576-ab6d-bfae097f9fc3", "value": "22/59" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "17", "timestamp": "1559823004", "uuid": "d92702b0-6916-4c5b-a9d7-e035ed8a604a", "ObjectReference": [ { "comment": "", "object_uuid": "d92702b0-6916-4c5b-a9d7-e035ed8a604a", "referenced_uuid": "9660acc8-ba12-424d-8085-21d4eb1aae63", "relationship_type": "analysed-with", "timestamp": "1559823006", "uuid": "5cf9029e-8314-416c-bc6e-4c5a950d210f" } ], "Attribute": [ { "category": "Payload delivery", "comment": "psexesvc.exe", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1559822908", "to_ids": true, "type": "md5", "uuid": "9903aa0b-355d-47b8-b774-7b8da189791e", "value": "a7f7a0f74c8b48f1699858b3b6c11eda" }, { "category": "Payload delivery", "comment": "psexesvc.exe", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1559822908", "to_ids": true, "type": "sha1", "uuid": "c2e77482-a92a-4ed2-a2aa-33e78ebe0b41", "value": "b5c62d79eda4f7e4b60a9caa5736a3fdc2f1b27e" }, { "category": "Payload delivery", "comment": "psexesvc.exe", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1559822908", "to_ids": true, "type": "sha256", "uuid": "3f40f40a-5cee-4d21-a2af-bcc60617f2bf", "value": "3b08535b4add194f5661e1131c8e81af373ca322cf669674cf1272095e5cab95" } ] }, { "comment": "", "deleted": false, "description": "VirusTotal report", "meta-category": "misc", "name": "virustotal-report", "template_uuid": "d7dd0154-e04f-4c34-a2fb-79f3a3a52aa4", "template_version": "2", "timestamp": "1559823004", "uuid": "9660acc8-ba12-424d-8085-21d4eb1aae63", "Attribute": [ { "category": "Other", "comment": "psexesvc.exe", "deleted": false, "disable_correlation": false, "object_relation": "last-submission", "timestamp": "1559822908", "to_ids": false, "type": "datetime", "uuid": "4c862820-246b-42f4-be45-74f6e17253cd", "value": "2019-06-06T00:08:36" }, { "category": "Payload delivery", "comment": "psexesvc.exe", "deleted": false, "disable_correlation": false, "object_relation": "permalink", "timestamp": "1559822908", "to_ids": false, "type": "link", "uuid": "983fc4e8-8c61-4b03-b5de-c41a52edc523", "value": "https://www.virustotal.com/file/3b08535b4add194f5661e1131c8e81af373ca322cf669674cf1272095e5cab95/analysis/1559779716/" }, { "category": "Payload delivery", "comment": "psexesvc.exe", "deleted": false, "disable_correlation": true, "object_relation": "detection-ratio", "timestamp": "1559822908", "to_ids": false, "type": "text", "uuid": "975d0ecd-96f1-4945-a935-c9cbaf9487ec", "value": "1/73" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "17", "timestamp": "1559823004", "uuid": "a0bddce4-2ca6-457b-bce3-61b9599ce66c", "ObjectReference": [ { "comment": "", "object_uuid": "a0bddce4-2ca6-457b-bce3-61b9599ce66c", "referenced_uuid": "76b07ec6-98ae-4501-a62f-d2e22a7d9152", "relationship_type": "analysed-with", "timestamp": "1559823007", "uuid": "5cf9029f-a658-47ec-a8e3-4e0a950d210f" } ], "Attribute": [ { "category": "Payload delivery", "comment": "netscan.exe", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1559822908", "to_ids": true, "type": "md5", "uuid": "9f981d00-c2fb-4043-8b23-04716814bf0e", "value": "1e94f1fdf5ace5e57d8b7832ea2da22e" }, { "category": "Payload delivery", "comment": "netscan.exe", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1559822908", "to_ids": true, "type": "sha1", "uuid": "680e6a3a-da6a-4019-9e49-5189467e4407", "value": "f03ca4748433d0e1067ae05fcd2e1abec5e0c5e0" }, { "category": "Payload delivery", "comment": "netscan.exe", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1559822908", "to_ids": true, "type": "sha256", "uuid": "ca1d56f3-176e-4c28-899a-9675a4de7c4e", "value": "08ecf6450d83904a15674148b78b531b930b658a401cd193c0fa91f29cde5ca8" } ] }, { "comment": "", "deleted": false, "description": "VirusTotal report", "meta-category": "misc", "name": "virustotal-report", "template_uuid": "d7dd0154-e04f-4c34-a2fb-79f3a3a52aa4", "template_version": "2", "timestamp": "1559823004", "uuid": "76b07ec6-98ae-4501-a62f-d2e22a7d9152", "Attribute": [ { "category": "Other", "comment": "netscan.exe", "deleted": false, "disable_correlation": false, "object_relation": "last-submission", "timestamp": "1559822908", "to_ids": false, "type": "datetime", "uuid": "a9f7e2da-7733-4985-83a4-3e4b6119061e", "value": "2019-06-05T16:39:07" }, { "category": "Payload delivery", "comment": "netscan.exe", "deleted": false, "disable_correlation": false, "object_relation": "permalink", "timestamp": "1559822908", "to_ids": false, "type": "link", "uuid": "577a9a9d-aa41-48a8-956b-4ff92654ceb7", "value": "https://www.virustotal.com/file/08ecf6450d83904a15674148b78b531b930b658a401cd193c0fa91f29cde5ca8/analysis/1559752747/" }, { "category": "Payload delivery", "comment": "netscan.exe", "deleted": false, "disable_correlation": true, "object_relation": "detection-ratio", "timestamp": "1559822908", "to_ids": false, "type": "text", "uuid": "13c7acd4-b4da-4f21-b684-231919426afd", "value": "0/73" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "17", "timestamp": "1559823004", "uuid": "4954412e-840b-4d4f-8489-6cb21726714b", "ObjectReference": [ { "comment": "", "object_uuid": "4954412e-840b-4d4f-8489-6cb21726714b", "referenced_uuid": "161cae50-743b-45ad-a792-d2570dc1e75f", "relationship_type": "analysed-with", "timestamp": "1559823007", "uuid": "5cf9029f-68fc-46cf-86d5-4761950d210f" } ], "Attribute": [ { "category": "Payload delivery", "comment": "smrs.exe", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1559822907", "to_ids": true, "type": "md5", "uuid": "d730db19-b6d4-47fb-aeb5-a614e2903498", "value": "d68351f754a508a386c06946c8e79088" }, { "category": "Payload delivery", "comment": "smrs.exe", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1559822907", "to_ids": true, "type": "sha1", "uuid": "d8722bb1-356b-45ae-bbb2-5016cfc1fc39", "value": "dcb3231b004c2fbfc2a74c4c64b130210ca5103b" }, { "category": "Payload delivery", "comment": "smrs.exe", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1559822907", "to_ids": true, "type": "sha256", "uuid": "c7c36334-3d8c-4a8c-9836-7f7a1265b752", "value": "6b47df30b5773c35e77204d7a8e49777aea489876d48de455fd533ae27da668b" } ] }, { "comment": "", "deleted": false, "description": "VirusTotal report", "meta-category": "misc", "name": "virustotal-report", "template_uuid": "d7dd0154-e04f-4c34-a2fb-79f3a3a52aa4", "template_version": "2", "timestamp": "1559823004", "uuid": "161cae50-743b-45ad-a792-d2570dc1e75f", "Attribute": [ { "category": "Other", "comment": "smrs.exe", "deleted": false, "disable_correlation": false, "object_relation": "last-submission", "timestamp": "1559822907", "to_ids": false, "type": "datetime", "uuid": "761a3d84-fe38-4cd0-95e2-861dedb0b0b4", "value": "2019-06-05T16:39:27" }, { "category": "Payload delivery", "comment": "smrs.exe", "deleted": false, "disable_correlation": false, "object_relation": "permalink", "timestamp": "1559822907", "to_ids": false, "type": "link", "uuid": "14ee7223-8496-41eb-886f-c781abc2609e", "value": "https://www.virustotal.com/file/6b47df30b5773c35e77204d7a8e49777aea489876d48de455fd533ae27da668b/analysis/1559752767/" }, { "category": "Payload delivery", "comment": "smrs.exe", "deleted": false, "disable_correlation": true, "object_relation": "detection-ratio", "timestamp": "1559822907", "to_ids": false, "type": "text", "uuid": "5e9898a2-d06d-47b5-b3b6-7033867044a2", "value": "47/74" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "17", "timestamp": "1559823004", "uuid": "7e91b7fe-21de-467e-8896-aec026eb81b6", "ObjectReference": [ { "comment": "", "object_uuid": "7e91b7fe-21de-467e-8896-aec026eb81b6", "referenced_uuid": "4fe9f431-3164-4395-9430-6836d9203a7a", "relationship_type": "analysed-with", "timestamp": "1559823007", "uuid": "5cf9029f-a518-4b10-ba5a-4d8d950d210f" } ], "Attribute": [ { "category": "Payload delivery", "comment": "cqHfjCkTtMwG.doc", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1559822908", "to_ids": true, "type": "md5", "uuid": "7e57832a-e8d6-4a92-902b-d4393a10b5ee", "value": "c2a9443aac258a60d8cace43e839cf9f" }, { "category": "Payload delivery", "comment": "cqHfjCkTtMwG.doc", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1559822908", "to_ids": true, "type": "sha1", "uuid": "bdab64e7-c903-44e4-9764-d4f1cdf71e36", "value": "fa1340e1a9aea1fceb4b5c1b015029476c26b985" }, { "category": "Payload delivery", "comment": "cqHfjCkTtMwG.doc", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1559822908", "to_ids": true, "type": "sha256", "uuid": "3ba74b82-3dbe-48cd-b780-e481d4906231", "value": "1c56f98778fb741ef2a8f050070f2d8c33f05ce8e3f069ae131060c70c4e2e3d" } ] }, { "comment": "", "deleted": false, "description": "VirusTotal report", "meta-category": "misc", "name": "virustotal-report", "template_uuid": "d7dd0154-e04f-4c34-a2fb-79f3a3a52aa4", "template_version": "2", "timestamp": "1559823005", "uuid": "4fe9f431-3164-4395-9430-6836d9203a7a", "Attribute": [ { "category": "Other", "comment": "cqHfjCkTtMwG.doc", "deleted": false, "disable_correlation": false, "object_relation": "last-submission", "timestamp": "1559822908", "to_ids": false, "type": "datetime", "uuid": "033b37c1-c433-462b-b3e1-9a6c4c558718", "value": "2019-06-04T12:12:15" }, { "category": "Payload delivery", "comment": "cqHfjCkTtMwG.doc", "deleted": false, "disable_correlation": false, "object_relation": "permalink", "timestamp": "1559822908", "to_ids": false, "type": "link", "uuid": "df393102-f192-4bc5-b474-8b2882101f43", "value": "https://www.virustotal.com/file/1c56f98778fb741ef2a8f050070f2d8c33f05ce8e3f069ae131060c70c4e2e3d/analysis/1559650335/" }, { "category": "Payload delivery", "comment": "cqHfjCkTtMwG.doc", "deleted": false, "disable_correlation": true, "object_relation": "detection-ratio", "timestamp": "1559822908", "to_ids": false, "type": "text", "uuid": "198ebd11-937c-49ab-bc7b-ddf56fa2ff89", "value": "0/59" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "17", "timestamp": "1559823005", "uuid": "401965ce-213d-4b3c-8adc-827b3b088b7d", "ObjectReference": [ { "comment": "", "object_uuid": "401965ce-213d-4b3c-8adc-827b3b088b7d", "referenced_uuid": "5a645eb9-b060-42a4-9edc-f0dcc184e949", "relationship_type": "analysed-with", "timestamp": "1559823007", "uuid": "5cf9029f-b8e0-4a9a-a554-4ecf950d210f" } ], "Attribute": [ { "category": "Payload delivery", "comment": "netscan.exe", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1559822908", "to_ids": true, "type": "md5", "uuid": "63ed8977-da19-4316-9021-8d2707f7e5b5", "value": "e7aa5608c81ba4fcd8d166501b90fc06" }, { "category": "Payload delivery", "comment": "netscan.exe", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1559822908", "to_ids": true, "type": "sha1", "uuid": "e0ed5893-e9ac-438f-b9a5-b2ae59ecb5c0", "value": "5c714fda5b78726541301672a44eaf886728f88c" }, { "category": "Payload delivery", "comment": "netscan.exe", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1559822908", "to_ids": true, "type": "sha256", "uuid": "39f1c247-e180-4586-97fc-c0d46ef81988", "value": "5748bfb17e662fb6d197886a69df47f1071052c3381eb1c609a2bc5dba8c2992" } ] }, { "comment": "", "deleted": false, "description": "VirusTotal report", "meta-category": "misc", "name": "virustotal-report", "template_uuid": "d7dd0154-e04f-4c34-a2fb-79f3a3a52aa4", "template_version": "2", "timestamp": "1559823005", "uuid": "5a645eb9-b060-42a4-9edc-f0dcc184e949", "Attribute": [ { "category": "Other", "comment": "netscan.exe", "deleted": false, "disable_correlation": false, "object_relation": "last-submission", "timestamp": "1559822908", "to_ids": false, "type": "datetime", "uuid": "5339b7e7-46f7-4c42-9ef6-db60704d36f8", "value": "2019-06-05T16:39:24" }, { "category": "Payload delivery", "comment": "netscan.exe", "deleted": false, "disable_correlation": false, "object_relation": "permalink", "timestamp": "1559822908", "to_ids": false, "type": "link", "uuid": "49a26e6b-b3b6-4676-9bb2-be3ada41ef7c", "value": "https://www.virustotal.com/file/5748bfb17e662fb6d197886a69df47f1071052c3381eb1c609a2bc5dba8c2992/analysis/1559752764/" }, { "category": "Payload delivery", "comment": "netscan.exe", "deleted": false, "disable_correlation": true, "object_relation": "detection-ratio", "timestamp": "1559822908", "to_ids": false, "type": "text", "uuid": "101ab576-3119-445d-9166-c808284d63c2", "value": "1/74" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "17", "timestamp": "1559823005", "uuid": "06a3f94e-a2d3-4af6-8942-eec7ad961249", "ObjectReference": [ { "comment": "", "object_uuid": "06a3f94e-a2d3-4af6-8942-eec7ad961249", "referenced_uuid": "be23a287-3e5a-4a11-9869-f4b80896c730", "relationship_type": "analysed-with", "timestamp": "1559823007", "uuid": "5cf9029f-3b0c-4b97-9ed6-44b7950d210f" } ], "Attribute": [ { "category": "Payload delivery", "comment": "9D01CA.txt", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1559822908", "to_ids": true, "type": "md5", "uuid": "0bbdbb84-946f-4531-8bc0-b0fa249536eb", "value": "bbaee5d936a3809f46fd409b8442f753" }, { "category": "Payload delivery", "comment": "9D01CA.txt", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1559822908", "to_ids": true, "type": "sha1", "uuid": "d58f2aa6-2000-42d7-b345-112dd46c6688", "value": "a59d5a1e78b2db7405cd2182aca80d4d932bc792" }, { "category": "Payload delivery", "comment": "9D01CA.txt", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1559822908", "to_ids": true, "type": "sha256", "uuid": "e485a56b-17f2-4560-8534-8d1d3d3cd78f", "value": "41978d7c5a1bb909f1f0f4db0c927f98fb67b3dcf61907f0404418510e1eabff" } ] }, { "comment": "", "deleted": false, "description": "VirusTotal report", "meta-category": "misc", "name": "virustotal-report", "template_uuid": "d7dd0154-e04f-4c34-a2fb-79f3a3a52aa4", "template_version": "2", "timestamp": "1559823005", "uuid": "be23a287-3e5a-4a11-9869-f4b80896c730", "Attribute": [ { "category": "Other", "comment": "9D01CA.txt", "deleted": false, "disable_correlation": false, "object_relation": "last-submission", "timestamp": "1559822908", "to_ids": false, "type": "datetime", "uuid": "77ec3ffb-528d-44ad-a9d8-f2168c9fd9c6", "value": "2019-06-05T18:36:14" }, { "category": "Payload delivery", "comment": "9D01CA.txt", "deleted": false, "disable_correlation": false, "object_relation": "permalink", "timestamp": "1559822908", "to_ids": false, "type": "link", "uuid": "c57d774a-98bc-4946-86ed-67b2a1b85334", "value": "https://www.virustotal.com/file/41978d7c5a1bb909f1f0f4db0c927f98fb67b3dcf61907f0404418510e1eabff/analysis/1559759774/" }, { "category": "Payload delivery", "comment": "9D01CA.txt", "deleted": false, "disable_correlation": true, "object_relation": "detection-ratio", "timestamp": "1559822908", "to_ids": false, "type": "text", "uuid": "d244f0ab-f2f0-4b6b-88fe-35a4c8dd7b80", "value": "19/57" } ] } ] } }