{ "Event": { "analysis": "0", "date": "2019-10-23", "extends_uuid": "", "info": "OSINT - Dans l\u00e2\u20ac\u2122\u00c5\u201cil de notre CyberSOC : la campagne malspam Aggah diversifie ses outils", "publish_timestamp": "1575969912", "published": true, "threat_level_id": "3", "timestamp": "1575969880", "uuid": "5dbae98e-7974-4480-86db-44be950d210f", "Orgc": { "name": "CIRCL", "uuid": "55f6ea5e-2c60-40e5-964f-47a8950d210f" }, "Tag": [ { "colour": "#0088cc", "local": false, "name": "misp-galaxy:mitre-attack-pattern=\"Scheduled Task - T1053\"", "relationship_type": "" }, { "colour": "#0088cc", "local": false, "name": "misp-galaxy:mitre-attack-pattern=\"Command-Line Interface - T1059\"", "relationship_type": "" }, { "colour": "#0088cc", "local": false, "name": "misp-galaxy:mitre-attack-pattern=\"Scripting - T1064\"", "relationship_type": "" }, { "colour": "#0088cc", "local": false, "name": "misp-galaxy:mitre-attack-pattern=\"PowerShell - T1086\"", "relationship_type": "" }, { "colour": "#0088cc", "local": false, "name": "misp-galaxy:mitre-attack-pattern=\"Execution through API - T1106\"", "relationship_type": "" }, { "colour": "#0088cc", "local": false, "name": "misp-galaxy:mitre-attack-pattern=\"Mshta - T1170\"", "relationship_type": "" }, { "colour": "#0088cc", "local": false, "name": "misp-galaxy:mitre-attack-pattern=\"Registry Run Keys / Startup Folder - T1060\"", "relationship_type": "" }, { "colour": "#0088cc", "local": false, "name": "misp-galaxy:mitre-attack-pattern=\"Process Injection - T1055\"", "relationship_type": "" }, { "colour": "#0088cc", "local": false, "name": "misp-galaxy:mitre-attack-pattern=\"Deobfuscate/Decode Files or Information - T1140\"", "relationship_type": "" }, { "colour": "#0088cc", "local": false, "name": "misp-galaxy:mitre-attack-pattern=\"Credentials in Files - T1081\"", "relationship_type": "" }, { "colour": "#0088cc", "local": false, "name": "misp-galaxy:mitre-attack-pattern=\"Input Capture - T1056\"", "relationship_type": "" }, { "colour": "#0088cc", "local": false, "name": "misp-galaxy:mitre-attack-pattern=\"Screen Capture - T1113\"", "relationship_type": "" }, { "colour": "#0088cc", "local": false, "name": "misp-galaxy:mitre-attack-pattern=\"Uncommonly Used Port - T1065\"", "relationship_type": "" }, { "colour": "#004646", "local": false, "name": "type:OSINT", "relationship_type": "" }, { "colour": "#0071c3", "local": false, "name": "osint:lifetime=\"perpetual\"", "relationship_type": "" }, { "colour": "#0087e8", "local": false, "name": "osint:certainty=\"50\"", "relationship_type": "" }, { "colour": "#ffffff", "local": false, "name": "tlp:white", "relationship_type": "" } ], "Attribute": [ { "category": "External analysis", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1572530885", "to_ids": false, "type": "link", "uuid": "5dbaeac5-a3c0-48f3-b0c1-46c2950d210f", "value": "https://cyberdefense.orange.com/fr/blog/dans-loeil-de-notre-cybersoc-la-campagne-malspam-aggah-diversifie-ses-outils/" }, { "category": "Network activity", "comment": "C2", "deleted": false, "disable_correlation": false, "timestamp": "1572877299", "to_ids": true, "type": "url", "uuid": "5dc033f3-d78c-4fb5-bae5-e94f950d210f", "value": "88.150.221.123/1/inc/0f176165c9879d.php" }, { "category": "Network activity", "comment": "C2", "deleted": false, "disable_correlation": false, "timestamp": "1572877299", "to_ids": true, "type": "url", "uuid": "5dc033f3-0808-4286-b34c-e94f950d210f", "value": "216.170.126.123/otu/index.php" }, { "category": "Network activity", "comment": "C2", "deleted": false, "disable_correlation": false, "timestamp": "1572877299", "to_ids": true, "type": "url", "uuid": "5dc033f3-a64c-4132-9e4a-e94f950d210f", "value": "185.215.148.217/ghost/index.php" }, { "category": "Network activity", "comment": "C2", "deleted": false, "disable_correlation": false, "timestamp": "1572877299", "to_ids": true, "type": "url", "uuid": "5dc033f3-1b0c-4573-99df-e94f950d210f", "value": "216.170.126.107/done/index.php" }, { "category": "Network activity", "comment": "C2", "deleted": false, "disable_correlation": false, "timestamp": "1572877299", "to_ids": true, "type": "url", "uuid": "5dc033f3-6624-4d01-ab9b-e94f950d210f", "value": "216.170.126.107/xmen/index.php" }, { "category": "Network activity", "comment": "C2", "deleted": false, "disable_correlation": false, "timestamp": "1572877299", "to_ids": true, "type": "url", "uuid": "5dc033f3-e0e4-404a-bfdd-e94f950d210f", "value": "216.170.126.146/ahsan/index.php" }, { "category": "Network activity", "comment": "C2", "deleted": false, "disable_correlation": false, "timestamp": "1572877299", "to_ids": true, "type": "hostname", "uuid": "5dc033f3-1850-4a19-97a5-e94f950d210f", "value": "dennisss.duckdns.org" }, { "category": "Network activity", "comment": "C2", "deleted": false, "disable_correlation": false, "timestamp": "1572877299", "to_ids": true, "type": "hostname", "uuid": "5dc033f3-09b8-4fc8-8f7f-e94f950d210f", "value": "mozila-system.duckdns.org" }, { "category": "Network activity", "comment": "C2", "deleted": false, "disable_correlation": false, "timestamp": "1572877299", "to_ids": true, "type": "hostname", "uuid": "5dc033f3-85a4-409e-8612-e94f950d210f", "value": "hetro.ddns.net" }, { "category": "Network activity", "comment": "C2", "deleted": false, "disable_correlation": false, "timestamp": "1572877299", "to_ids": true, "type": "hostname", "uuid": "5dc033f3-30b8-471e-8f71-e94f950d210f", "value": "kimkinzo.duckdns.org" }, { "category": "Payload delivery", "comment": "C2", "deleted": false, "disable_correlation": false, "timestamp": "1572877299", "to_ids": true, "type": "filename", "uuid": "5dc033f3-4abc-4c8a-8ac5-e94f950d210f", "value": "?docora.duckdns.org" }, { "category": "Network activity", "comment": "C2", "deleted": false, "disable_correlation": false, "timestamp": "1572877299", "to_ids": true, "type": "hostname", "uuid": "5dc033f3-2ea4-49be-b641-e94f950d210f", "value": "fishwdme.duckdns.org" }, { "category": "Network activity", "comment": "C2", "deleted": false, "disable_correlation": false, "timestamp": "1572877299", "to_ids": true, "type": "hostname", "uuid": "5dc033f3-209c-430c-a548-e94f950d210f", "value": "john-osas11.duckdns.org" }, { "category": "Network activity", "comment": "C2", "deleted": false, "disable_correlation": false, "timestamp": "1572877299", "to_ids": true, "type": "hostname", "uuid": "5dc033f3-e3bc-45fa-bc71-e94f950d210f", "value": "ccmorgan.duckdns.org" }, { "category": "Network activity", "comment": "C2", "deleted": false, "disable_correlation": false, "timestamp": "1572877299", "to_ids": true, "type": "hostname", "uuid": "5dc033f3-3e90-4cc0-a319-e94f950d210f", "value": "sukw.duckdns.org" }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1572880529", "to_ids": true, "type": "hostname", "uuid": "5dc04091-77d0-4ff0-ab41-4d09950d210f", "value": "newandupdates1234.blogspot.com" }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1572881266", "to_ids": true, "type": "hostname", "uuid": "5dc04372-f128-4cb3-bdc0-46b1950d210f", "value": "asdiamecwecw8cew.blogspot.com" } ], "Object": [ { "comment": "C2", "deleted": false, "description": "An IP address (or domain or hostname) and a port seen as a tuple (or as a triple) in a specific time frame.", "meta-category": "network", "name": "ip-port", "template_uuid": "9f8cea74-16fe-4968-a2b4-026676949ac6", "template_version": "8", "timestamp": "1572874391", "uuid": "5dc02897-2454-4c3d-a82a-4974950d210f", "Attribute": [ { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ip", "timestamp": "1572874391", "to_ids": true, "type": "ip-dst", "uuid": "5dc02897-9600-4ff8-b0b2-44e3950d210f", "value": "216.170.126.107" }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "dst-port", "timestamp": "1572874392", "to_ids": false, "type": "port", "uuid": "5dc02898-b23c-4f1b-afc3-4407950d210f", "value": "777" } ] }, { "comment": "NanoCore", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "17", "timestamp": "1572874431", "uuid": "5dc028bf-36e8-4d96-b847-5503950d210f", "Attribute": [ { "category": "Payload delivery", "comment": "NanoCore", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1572874432", "to_ids": true, "type": "sha256", "uuid": "5dc028c0-0f2c-4309-8795-5503950d210f", "value": "83be3594bac7cf5b93de4fbb944c11feb844cce7ad0e7442922e647ab4117ced" } ] }, { "comment": "NanoCore", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "17", "timestamp": "1572874576", "uuid": "5dc02950-294c-4f7b-83d6-4a0b950d210f", "Attribute": [ { "category": "Payload delivery", "comment": "Nanocore", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1572874577", "to_ids": true, "type": "sha256", "uuid": "5dc02951-c5e8-435d-b7f6-478a950d210f", "value": "35cf9dd2e966cbbf772bc8a8863eca048ce48728ad0fb9bad994b62247291171" } ] }, { "comment": "NanoCore", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "17", "timestamp": "1572874604", "uuid": "5dc0296c-f0a8-4327-9139-405d950d210f", "Attribute": [ { "category": "Payload delivery", "comment": "NanoCore", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1572874604", "to_ids": true, "type": "sha256", "uuid": "5dc0296c-0d20-4476-942d-422c950d210f", "value": "fb9146f0e3045ad11c152b06b5a4e3ae9a87f09dec76253fec671a79da256d33" } ] }, { "comment": "NanoCore", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "17", "timestamp": "1572874620", "uuid": "5dc0297c-ca38-46f0-b3ab-471c950d210f", "Attribute": [ { "category": "Payload delivery", "comment": "NanoCore", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1572874620", "to_ids": true, "type": "sha256", "uuid": "5dc0297c-7ef4-4b6e-9506-4d32950d210f", "value": "a2d86ca90f364341238ad4b6ce42eabad6462ca8b85d2e36d276a5a76a400e93" } ] }, { "comment": "NanoCore", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "17", "timestamp": "1572875589", "uuid": "5dc02d45-2b1c-4958-a52f-4199950d210f", "Attribute": [ { "category": "Payload delivery", "comment": "NanoCore", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1572875589", "to_ids": true, "type": "sha256", "uuid": "5dc02d45-f1b4-4a13-94f4-4014950d210f", "value": "0f0faa6ff820888c44e60adc0b9d0044ae626d3ae5adfca9251db655d360430a" } ] }, { "comment": "ASyncRAT", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "17", "timestamp": "1572875611", "uuid": "5dc02d5b-fafc-430b-9c55-497c950d210f", "Attribute": [ { "category": "Payload delivery", "comment": "ASyncRAT", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1572875611", "to_ids": true, "type": "sha256", "uuid": "5dc02d5b-7550-43cd-be4e-4308950d210f", "value": "516c73d324fa23f5aaf50bf9306c2d5aa3d55b0b8c9be60e273ac3c1895f15f3" } ] }, { "comment": "NanoCore", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "17", "timestamp": "1572875922", "uuid": "5dc02e92-1c20-4a65-bcdc-4680950d210f", "Attribute": [ { "category": "Payload delivery", "comment": "NanoCore", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1572875922", "to_ids": true, "type": "sha256", "uuid": "5dc02e92-5374-4713-bc85-43fc950d210f", "value": "732501083e18c0e7843986197a9cc78b4c70844ae2a5260d8e0863b4566840f2" } ] }, { "comment": "NanoCore", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "17", "timestamp": "1572875958", "uuid": "5dc02eb6-49b8-43d2-b886-5502950d210f", "Attribute": [ { "category": "Payload delivery", "comment": "NanoCore", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1572875958", "to_ids": true, "type": "sha256", "uuid": "5dc02eb6-0f80-431b-82d2-5502950d210f", "value": "a37c8ab7a8b6c8686e5d7a911c9f389131eb1da8abab9228f63442f4cc0586b9" } ] }, { "comment": "Azorult", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "17", "timestamp": "1572875980", "uuid": "5dc02ecc-fa44-493c-8ef5-5502950d210f", "Attribute": [ { "category": "Payload delivery", "comment": "Azorult", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1572875981", "to_ids": true, "type": "sha256", "uuid": "5dc02ecd-dde8-493e-9035-5502950d210f", "value": "6079cdba30c72c4097545444a61945adb4cf03ebbf531b8efb6c3f29633f01e3" } ] }, { "comment": "Azorult", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "17", "timestamp": "1572876008", "uuid": "5dc02ee8-3470-44aa-83b4-5502950d210f", "Attribute": [ { "category": "Payload delivery", "comment": "Azorult", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1572876008", "to_ids": true, "type": "sha256", "uuid": "5dc02ee8-eec8-4e10-a533-5502950d210f", "value": "970f0dc60fd3a57dc97194313d8455e8e888ed480cadd7548096537c96c6130d" } ] }, { "comment": "Azorult", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "17", "timestamp": "1572876025", "uuid": "5dc02ef9-f6d8-4cc2-9d29-5502950d210f", "Attribute": [ { "category": "Payload delivery", "comment": "Azorult", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1572876026", "to_ids": true, "type": "sha256", "uuid": "5dc02efa-3084-4555-91d4-5502950d210f", "value": "48b730f6fe4a94cfc4af81fdb4420d3a749f7602b4dfd6663e9e5af91cb3f886" } ] }, { "comment": "Azorult", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "17", "timestamp": "1572876074", "uuid": "5dc02f2a-f568-457e-81b5-df66950d210f", "Attribute": [ { "category": "Payload delivery", "comment": "Azorult", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1572876074", "to_ids": true, "type": "sha256", "uuid": "5dc02f2a-67b4-4601-a39b-df66950d210f", "value": "ba516bfa4d18a3890ae5599973d0583523379eeddce6ba08668f9278453bc9ad" } ] }, { "comment": "Azorult", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "17", "timestamp": "1572876127", "uuid": "5dc02f5f-c2ec-401c-9d8c-df66950d210f", "Attribute": [ { "category": "Payload delivery", "comment": "Azorult", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1572876127", "to_ids": true, "type": "sha256", "uuid": "5dc02f5f-a944-49b1-b6f8-df66950d210f", "value": "fd40f1fafffe22687d820fed80f152bf8e30ce8a4b7d40ff8ff8acaf42c8517b" } ] }, { "comment": "Azorult", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "17", "timestamp": "1572876158", "uuid": "5dc02f7e-d520-4255-8405-4cfb950d210f", "Attribute": [ { "category": "Payload delivery", "comment": "Azorult", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1572876159", "to_ids": true, "type": "sha256", "uuid": "5dc02f7f-27f0-4b1a-8167-43b2950d210f", "value": "6497ff8cb227ecd6a75db4379b8f9d849b542b59fd30dd49c6d9ef0977cacd14" } ] }, { "comment": "Azorult", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "17", "timestamp": "1572876208", "uuid": "5dc02fb0-31f8-4064-aa9b-4574950d210f", "Attribute": [ { "category": "Payload delivery", "comment": "Azorult", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1572876208", "to_ids": true, "type": "sha256", "uuid": "5dc02fb0-4b78-4159-87f3-4a8f950d210f", "value": "92322a7f6e9c9f8befe87af8bd1369e5ee95d82b8c673d863f9f03eba2b4534e" } ] }, { "comment": "AgentTesla", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "17", "timestamp": "1572876231", "uuid": "5dc02fc7-b278-4517-a872-4701950d210f", "Attribute": [ { "category": "Payload delivery", "comment": "AgentTesla", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1572876231", "to_ids": true, "type": "sha256", "uuid": "5dc02fc7-6290-43ad-b125-4db5950d210f", "value": "d0c803c5ea28bf5f31d48876fec6f813d312ec2df024974fdc6e641862ce68a1" } ] }, { "comment": "AgentTesla", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "17", "timestamp": "1572876298", "uuid": "5dc0300a-1c78-4639-8603-df80950d210f", "Attribute": [ { "category": "Payload delivery", "comment": "AgentTesla", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1572876298", "to_ids": true, "type": "sha256", "uuid": "5dc0300a-1564-4c16-baf0-df80950d210f", "value": "6c59ac2d51e7f06e82b33c697107a0ba27779382f07754fa9f0e283be84940e5" } ] }, { "comment": "Remcos", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "17", "timestamp": "1572876503", "uuid": "5dc030d7-9fe4-4004-849a-df80950d210f", "Attribute": [ { "category": "Payload delivery", "comment": "Remcos", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1572876503", "to_ids": true, "type": "sha256", "uuid": "5dc030d7-95c4-4f6a-809e-df80950d210f", "value": "2ed3b831531428a2f172284d9d5a0e91bb1b478a900d74abe7d581c782d7de03" } ] }, { "comment": "FormBook", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "17", "timestamp": "1572876521", "uuid": "5dc030e9-7e6c-4b8b-b31a-5502950d210f", "Attribute": [ { "category": "Payload delivery", "comment": "FormBook", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1572876521", "to_ids": true, "type": "sha256", "uuid": "5dc030e9-b60c-4e55-821b-5502950d210f", "value": "778715947a04a421044f4903f5b28eb80f67c545c21a515f25535984166bb273" } ] }, { "comment": "RevengeRAT", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "17", "timestamp": "1572876545", "uuid": "5dc03101-76a8-4b60-a427-4f2d950d210f", "Attribute": [ { "category": "Payload delivery", "comment": "RevengeRAT", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1572876545", "to_ids": true, "type": "sha256", "uuid": "5dc03101-6c58-4ca0-ac02-421d950d210f", "value": "9f0f88e296786e48c29d77da3418ef2d148ba19db10dcb59aa5dbff2c65cd505" } ] }, { "comment": "RevengeRAT", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "17", "timestamp": "1572876560", "uuid": "5dc03110-e910-404e-9d81-4e44950d210f", "Attribute": [ { "category": "Payload delivery", "comment": "RevengeRAT", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1572876560", "to_ids": true, "type": "sha256", "uuid": "5dc03110-02a0-4c08-a61c-4b87950d210f", "value": "7fbb03fcff280da369566274170df592afc639eb6a1bfd8470dca1cd7254ad46" } ] }, { "comment": "Dll", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "17", "timestamp": "1572876581", "uuid": "5dc03125-2e64-41aa-b7c0-4f13950d210f", "Attribute": [ { "category": "Payload delivery", "comment": "Dll", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1572876581", "to_ids": true, "type": "sha256", "uuid": "5dc03125-e2d8-4935-aa66-43f9950d210f", "value": "5c57e599f74e543bf1cae580ebb42beaa3a5ec01a18c59dfa533fa04fbf33456" } ] }, { "comment": "Dll", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "17", "timestamp": "1572876607", "uuid": "5dc0313f-4a7c-4305-a77b-44ee950d210f", "Attribute": [ { "category": "Payload delivery", "comment": "Dll", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1572876607", "to_ids": true, "type": "sha256", "uuid": "5dc0313f-ce24-4a0f-9ced-4cc4950d210f", "value": "e73adcf6f04ba13e215f240081024bdd0656e661f43bb9f4b96509d59c0b6ce5" } ] }, { "comment": "Dll", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "17", "timestamp": "1572876623", "uuid": "5dc0314f-a250-41f2-bc6c-4fe3950d210f", "Attribute": [ { "category": "Payload delivery", "comment": "Dll", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1572876623", "to_ids": true, "type": "sha256", "uuid": "5dc0314f-0eac-4811-937f-440c950d210f", "value": "84833991f1705a01a11149c9d037c8379a9c2d463dc30a2fec27bfa52d218fa6" } ] }, { "comment": "Dll", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "17", "timestamp": "1572876637", "uuid": "5dc0315d-b42c-4bd7-bf22-4095950d210f", "Attribute": [ { "category": "Payload delivery", "comment": "Dll", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1572876638", "to_ids": true, "type": "sha256", "uuid": "5dc0315e-3100-4371-85a0-42f9950d210f", "value": "db5300741c649d489afcadcf574086f086e0c1dec660733ff3360bb8996e649f" } ] }, { "comment": "Dll", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "17", "timestamp": "1572876655", "uuid": "5dc0316f-ae4c-49ff-ae8b-4407950d210f", "Attribute": [ { "category": "Payload delivery", "comment": "Dll", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1572876655", "to_ids": true, "type": "sha256", "uuid": "5dc0316f-2b84-413a-b886-4c9c950d210f", "value": "e1598720dbe7fe3595b0c323c5ad4de231744568acc1f9b00a855642ebea9676" } ] }, { "comment": "C2", "deleted": false, "description": "An IP address (or domain or hostname) and a port seen as a tuple (or as a triple) in a specific time frame.", "meta-category": "network", "name": "ip-port", "template_uuid": "9f8cea74-16fe-4968-a2b4-026676949ac6", "template_version": "8", "timestamp": "1572877147", "uuid": "5dc0335b-88e8-47b2-b741-df82950d210f", "Attribute": [ { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ip", "timestamp": "1572877147", "to_ids": true, "type": "ip-dst", "uuid": "5dc0335b-5720-41e0-8cb4-df82950d210f", "value": "35.226.30.217" } ] }, { "comment": "C2", "deleted": false, "description": "An IP address (or domain or hostname) and a port seen as a tuple (or as a triple) in a specific time frame.", "meta-category": "network", "name": "ip-port", "template_uuid": "9f8cea74-16fe-4968-a2b4-026676949ac6", "template_version": "8", "timestamp": "1572877161", "uuid": "5dc03369-ac10-4d04-af2b-df67950d210f", "Attribute": [ { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ip", "timestamp": "1572877161", "to_ids": true, "type": "ip-dst", "uuid": "5dc03369-5254-49b8-897e-df67950d210f", "value": "88.150.221.123" } ] }, { "comment": "", "deleted": false, "description": "Email object describing an email with meta-information", "meta-category": "network", "name": "email", "template_uuid": "a0c666e0-fc65-4be8-b48f-3423d788b552", "template_version": "13", "timestamp": "1572878525", "uuid": "5dc038bd-a88c-46b1-bbef-4394950d210f", "Attribute": [ { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "subject", "timestamp": "1572878525", "to_ids": false, "type": "email-subject", "uuid": "5dc038bd-01f8-4380-8ee4-4b05950d210f", "value": "Payment Remittance" } ] }, { "comment": "", "deleted": false, "description": "Email object describing an email with meta-information", "meta-category": "network", "name": "email", "template_uuid": "a0c666e0-fc65-4be8-b48f-3423d788b552", "template_version": "13", "timestamp": "1572878545", "uuid": "5dc038d1-8a18-428c-9989-e94f950d210f", "Attribute": [ { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "subject", "timestamp": "1572878545", "to_ids": false, "type": "email-subject", "uuid": "5dc038d1-2b54-4586-a5e1-e94f950d210f", "value": "Price Request" } ] }, { "comment": "", "deleted": false, "description": "Registry key object describing a Windows registry key with value and last-modified timestamp", "meta-category": "file", "name": "registry-key", "template_uuid": "8b3228ad-6d82-4fe6-b2ae-05426308f1d5", "template_version": "4", "timestamp": "1572878598", "uuid": "5dc03906-ffc0-44c6-a50a-df81950d210f", "Attribute": [ { "category": "Persistence mechanism", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "key", "timestamp": "1572878599", "to_ids": true, "type": "regkey", "uuid": "5dc03907-0b80-4bb7-86c7-df81950d210f", "value": "HKCU\\Software\\Microsoft\\Windows\\CurrentVersion\\Run\\" }, { "category": "Persistence mechanism", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "name", "timestamp": "1572878599", "to_ids": false, "type": "text", "uuid": "5dc03907-e8ac-4368-a2eb-df81950d210f", "value": "WinUpdate" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "17", "timestamp": "1575969876", "uuid": "d670c680-69d6-426d-a298-c0ff391db8e7", "ObjectReference": [ { "comment": "", "object_uuid": "d670c680-69d6-426d-a298-c0ff391db8e7", "referenced_uuid": "5a211825-b90f-4f28-8d80-2ccca44fb240", "relationship_type": "analysed-with", "timestamp": "1575969880", "uuid": "5def6458-5880-4d11-99a9-4134950d210f" } ], "Attribute": [ { "category": "Payload delivery", "comment": "Dll", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1572876638", "to_ids": true, "type": "md5", "uuid": "47a2455e-1744-493b-9086-710c2b378513", "value": "6d4204febbce6bb6802f63a5a823ad67" }, { "category": "Payload delivery", "comment": "Dll", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1572876638", "to_ids": true, "type": "sha1", "uuid": "03fa1a03-2f79-4ab0-9667-77801275f2ac", "value": "b6911feb8a13d2a946a2f74043a624c886af33b1" }, { "category": "Payload delivery", "comment": "Dll", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1572876638", "to_ids": true, "type": "sha256", "uuid": "1391f339-b3ee-4bec-bfee-064e5b1c2fcf", "value": "db5300741c649d489afcadcf574086f086e0c1dec660733ff3360bb8996e649f" } ] }, { "comment": "", "deleted": false, "description": "VirusTotal report", "meta-category": "misc", "name": "virustotal-report", "template_uuid": "d7dd0154-e04f-4c34-a2fb-79f3a3a52aa4", "template_version": "2", "timestamp": "1575969876", "uuid": "5a211825-b90f-4f28-8d80-2ccca44fb240", "Attribute": [ { "category": "Other", "comment": "Dll", "deleted": false, "disable_correlation": false, "object_relation": "last-submission", "timestamp": "1572876638", "to_ids": false, "type": "datetime", "uuid": "add0b46d-6efc-4253-a2a6-820b0c5a300e", "value": "2019-10-28T02:31:00" }, { "category": "Payload delivery", "comment": "Dll", "deleted": false, "disable_correlation": false, "object_relation": "permalink", "timestamp": "1572876638", "to_ids": false, "type": "link", "uuid": "cac6e1e1-3ab6-4360-9845-421bb3455db6", "value": "https://www.virustotal.com/file/db5300741c649d489afcadcf574086f086e0c1dec660733ff3360bb8996e649f/analysis/1572229860/" }, { "category": "Payload delivery", "comment": "Dll", "deleted": false, "disable_correlation": true, "object_relation": "detection-ratio", "timestamp": "1572876638", "to_ids": false, "type": "text", "uuid": "65299516-f9e2-4960-8e56-faf6303d5a32", "value": "14/68" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "17", "timestamp": "1575969877", "uuid": "4001f135-f142-448f-8f86-90d6ddf6342b", "ObjectReference": [ { "comment": "", "object_uuid": "4001f135-f142-448f-8f86-90d6ddf6342b", "referenced_uuid": "fad7d3d0-90ab-430b-840d-7d8a2b18ac51", "relationship_type": "analysed-with", "timestamp": "1575969881", "uuid": "5def6459-7d00-44c2-9f61-433e950d210f" } ], "Attribute": [ { "category": "Payload delivery", "comment": "Azorult", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1572876208", "to_ids": true, "type": "md5", "uuid": "8474114f-3262-4676-ac6f-d46c1b6473bd", "value": "12fef1dbfcd31084bff43508a7669459" }, { "category": "Payload delivery", "comment": "Azorult", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1572876208", "to_ids": true, "type": "sha1", "uuid": "3fde3630-dd8a-48a0-a1f1-1e39f708ed08", "value": "78e5dfca951eab2ade99fdebb7de692cdd02c147" }, { "category": "Payload delivery", "comment": "Azorult", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1572876208", "to_ids": true, "type": "sha256", "uuid": "45bc8fb9-3685-4b85-a7a2-4a83f07d0f95", "value": "92322a7f6e9c9f8befe87af8bd1369e5ee95d82b8c673d863f9f03eba2b4534e" } ] }, { "comment": "", "deleted": false, "description": "VirusTotal report", "meta-category": "misc", "name": "virustotal-report", "template_uuid": "d7dd0154-e04f-4c34-a2fb-79f3a3a52aa4", "template_version": "2", "timestamp": "1575969877", "uuid": "fad7d3d0-90ab-430b-840d-7d8a2b18ac51", "Attribute": [ { "category": "Other", "comment": "Azorult", "deleted": false, "disable_correlation": false, "object_relation": "last-submission", "timestamp": "1572876208", "to_ids": false, "type": "datetime", "uuid": "68b7ac2e-4d1b-4ef7-b6b3-b0209dc787ba", "value": "2019-10-09T21:55:56" }, { "category": "Payload delivery", "comment": "Azorult", "deleted": false, "disable_correlation": false, "object_relation": "permalink", "timestamp": "1572876208", "to_ids": false, "type": "link", "uuid": "ad11e621-a6c3-4a38-a4f0-b9959975fd56", "value": "https://www.virustotal.com/file/92322a7f6e9c9f8befe87af8bd1369e5ee95d82b8c673d863f9f03eba2b4534e/analysis/1570658156/" }, { "category": "Payload delivery", "comment": "Azorult", "deleted": false, "disable_correlation": true, "object_relation": "detection-ratio", "timestamp": "1572876208", "to_ids": false, "type": "text", "uuid": "6232f040-8fdd-43ce-8658-08cab4bb7c18", "value": "59/69" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "17", "timestamp": "1575969878", "uuid": "4ebb5413-89fe-40e4-a59f-e5c6a1b7313e", "ObjectReference": [ { "comment": "", "object_uuid": "4ebb5413-89fe-40e4-a59f-e5c6a1b7313e", "referenced_uuid": "693be22d-e312-4294-9171-2d8065cddd54", "relationship_type": "analysed-with", "timestamp": "1575969881", "uuid": "5def6459-12b4-48df-bfb5-4870950d210f" } ], "Attribute": [ { "category": "Payload delivery", "comment": "AgentTesla", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1572876231", "to_ids": true, "type": "md5", "uuid": "3d16acb4-3533-4319-b423-a2cbc263cb97", "value": "1660ca53c025465e9b0628246b1047f3" }, { "category": "Payload delivery", "comment": "AgentTesla", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1572876231", "to_ids": true, "type": "sha1", "uuid": "f00919d5-c971-42b0-b57a-06f4a25f6117", "value": "8b3b10b3fa61017a02e013dcabb67eb8eeaa7ed9" }, { "category": "Payload delivery", "comment": "AgentTesla", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1572876231", "to_ids": true, "type": "sha256", "uuid": "ac301e68-00db-476d-b7a5-4ae9639fb6db", "value": "d0c803c5ea28bf5f31d48876fec6f813d312ec2df024974fdc6e641862ce68a1" } ] }, { "comment": "", "deleted": false, "description": "VirusTotal report", "meta-category": "misc", "name": "virustotal-report", "template_uuid": "d7dd0154-e04f-4c34-a2fb-79f3a3a52aa4", "template_version": "2", "timestamp": "1575969878", "uuid": "693be22d-e312-4294-9171-2d8065cddd54", "Attribute": [ { "category": "Other", "comment": "AgentTesla", "deleted": false, "disable_correlation": false, "object_relation": "last-submission", "timestamp": "1572876231", "to_ids": false, "type": "datetime", "uuid": "f7ef0e54-13ec-41eb-a33e-d72d49258b76", "value": "2019-10-23T12:51:58" }, { "category": "Payload delivery", "comment": "AgentTesla", "deleted": false, "disable_correlation": false, "object_relation": "permalink", "timestamp": "1572876231", "to_ids": false, "type": "link", "uuid": "0feac6f1-cddd-4ef0-9758-0bd0a966fc74", "value": "https://www.virustotal.com/file/d0c803c5ea28bf5f31d48876fec6f813d312ec2df024974fdc6e641862ce68a1/analysis/1571835118/" }, { "category": "Payload delivery", "comment": "AgentTesla", "deleted": false, "disable_correlation": true, "object_relation": "detection-ratio", "timestamp": "1572876231", "to_ids": false, "type": "text", "uuid": "cc87a812-0dae-441d-8345-630aa04d3708", "value": "41/70" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "17", "timestamp": "1575969878", "uuid": "92ae76c5-8973-4515-938d-b878ca91368e", "ObjectReference": [ { "comment": "", "object_uuid": "92ae76c5-8973-4515-938d-b878ca91368e", "referenced_uuid": "dffbc7d4-cd65-4cb2-9090-32a89e4e174f", "relationship_type": "analysed-with", "timestamp": "1575969881", "uuid": "5def6459-766c-4ff3-8baf-4116950d210f" } ], "Attribute": [ { "category": "Payload delivery", "comment": "NanoCore", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1572874432", "to_ids": true, "type": "md5", "uuid": "e58e6f6f-acf9-4bd6-98fa-8ed4d946539d", "value": "57084aec24c40f6834428b38ef72b967" }, { "category": "Payload delivery", "comment": "NanoCore", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1572874432", "to_ids": true, "type": "sha1", "uuid": "52601c90-7954-4273-afb9-80e868b87c87", "value": "24dd9c52e1c1ef03cda76c7a9e5887170ada12eb" }, { "category": "Payload delivery", "comment": "NanoCore", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1572874432", "to_ids": true, "type": "sha256", "uuid": "0f62fc4b-1d96-41ae-9562-b6b185fc3f15", "value": "83be3594bac7cf5b93de4fbb944c11feb844cce7ad0e7442922e647ab4117ced" } ] }, { "comment": "", "deleted": false, "description": "VirusTotal report", "meta-category": "misc", "name": "virustotal-report", "template_uuid": "d7dd0154-e04f-4c34-a2fb-79f3a3a52aa4", "template_version": "2", "timestamp": "1575969878", "uuid": "dffbc7d4-cd65-4cb2-9090-32a89e4e174f", "Attribute": [ { "category": "Other", "comment": "NanoCore", "deleted": false, "disable_correlation": false, "object_relation": "last-submission", "timestamp": "1572874432", "to_ids": false, "type": "datetime", "uuid": "456dfb89-0a24-4933-9ebd-30ae24723027", "value": "2019-10-20T11:44:02" }, { "category": "Payload delivery", "comment": "NanoCore", "deleted": false, "disable_correlation": false, "object_relation": "permalink", "timestamp": "1572874432", "to_ids": false, "type": "link", "uuid": "fc64fe4a-f7db-457e-b67e-f8dd8d93a595", "value": "https://www.virustotal.com/file/83be3594bac7cf5b93de4fbb944c11feb844cce7ad0e7442922e647ab4117ced/analysis/1571571842/" }, { "category": "Payload delivery", "comment": "NanoCore", "deleted": false, "disable_correlation": true, "object_relation": "detection-ratio", "timestamp": "1572874432", "to_ids": false, "type": "text", "uuid": "6caa5df3-8e4f-4f70-97bf-0fdf57745619", "value": "57/68" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "17", "timestamp": "1575969879", "uuid": "c4cded67-8b32-4ee4-b39f-d17a501a2cf3", "ObjectReference": [ { "comment": "", "object_uuid": "c4cded67-8b32-4ee4-b39f-d17a501a2cf3", "referenced_uuid": "d5ef38d1-b501-4ae1-9249-6707886ea81b", "relationship_type": "analysed-with", "timestamp": "1575969881", "uuid": "5def6459-3698-4dd2-a7a5-48c2950d210f" } ], "Attribute": [ { "category": "Payload delivery", "comment": "NanoCore", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1572874604", "to_ids": true, "type": "md5", "uuid": "cf6b5f40-1367-44f4-970f-7af75e14d46e", "value": "61f6f2296d99b469078db1cb5d36bf65" }, { "category": "Payload delivery", "comment": "NanoCore", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1572874604", "to_ids": true, "type": "sha1", "uuid": "76780b92-cb0c-4168-98ec-b79b3314b7c9", "value": "f03aa226cc7aeb12a3190b3ccc8a2db68ffd1587" }, { "category": "Payload delivery", "comment": "NanoCore", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1572874604", "to_ids": true, "type": "sha256", "uuid": "276578f6-f61c-46b1-9269-e5c9d9c4189b", "value": "fb9146f0e3045ad11c152b06b5a4e3ae9a87f09dec76253fec671a79da256d33" } ] }, { "comment": "", "deleted": false, "description": "VirusTotal report", "meta-category": "misc", "name": "virustotal-report", "template_uuid": "d7dd0154-e04f-4c34-a2fb-79f3a3a52aa4", "template_version": "2", "timestamp": "1575969879", "uuid": "d5ef38d1-b501-4ae1-9249-6707886ea81b", "Attribute": [ { "category": "Other", "comment": "NanoCore", "deleted": false, "disable_correlation": false, "object_relation": "last-submission", "timestamp": "1572874604", "to_ids": false, "type": "datetime", "uuid": "231d8b6a-d8f5-4f91-8d14-3c13201efae9", "value": "2019-10-13T12:32:04" }, { "category": "Payload delivery", "comment": "NanoCore", "deleted": false, "disable_correlation": false, "object_relation": "permalink", "timestamp": "1572874604", "to_ids": false, "type": "link", "uuid": "e65af2d7-3fa7-4d88-b92d-074c869b7389", "value": "https://www.virustotal.com/file/fb9146f0e3045ad11c152b06b5a4e3ae9a87f09dec76253fec671a79da256d33/analysis/1570969924/" }, { "category": "Payload delivery", "comment": "NanoCore", "deleted": false, "disable_correlation": true, "object_relation": "detection-ratio", "timestamp": "1572874604", "to_ids": false, "type": "text", "uuid": "d5dbf1e4-14fb-492e-a36e-5433f7500168", "value": "60/70" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "17", "timestamp": "1575969879", "uuid": "c64bda57-fb58-499b-a870-74140ecb73c3", "ObjectReference": [ { "comment": "", "object_uuid": "c64bda57-fb58-499b-a870-74140ecb73c3", "referenced_uuid": "8598f6dc-4d1f-4d2d-b686-cd0c3d66cc5e", "relationship_type": "analysed-with", "timestamp": "1575969881", "uuid": "5def6459-7a48-44b2-a078-466a950d210f" } ], "Attribute": [ { "category": "Payload delivery", "comment": "Dll", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1572876623", "to_ids": true, "type": "md5", "uuid": "9b9c5b76-35ac-4747-bc55-676ff185a9c1", "value": "a5de91f73a5e75aa7e33954fd0adda13" }, { "category": "Payload delivery", "comment": "Dll", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1572876623", "to_ids": true, "type": "sha1", "uuid": "35887651-0df9-4924-88fb-7e63006c535e", "value": "07b518b86eca57bc9534c9b955d1809f9f66f080" }, { "category": "Payload delivery", "comment": "Dll", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1572876623", "to_ids": true, "type": "sha256", "uuid": "d4b1da4b-7301-492c-ab4d-8b51fc2667a6", "value": "84833991f1705a01a11149c9d037c8379a9c2d463dc30a2fec27bfa52d218fa6" } ] }, { "comment": "", "deleted": false, "description": "VirusTotal report", "meta-category": "misc", "name": "virustotal-report", "template_uuid": "d7dd0154-e04f-4c34-a2fb-79f3a3a52aa4", "template_version": "2", "timestamp": "1575969879", "uuid": "8598f6dc-4d1f-4d2d-b686-cd0c3d66cc5e", "Attribute": [ { "category": "Other", "comment": "Dll", "deleted": false, "disable_correlation": false, "object_relation": "last-submission", "timestamp": "1572876623", "to_ids": false, "type": "datetime", "uuid": "aea636b1-9152-49df-8c25-55266a813659", "value": "2019-09-28T03:26:27" }, { "category": "Payload delivery", "comment": "Dll", "deleted": false, "disable_correlation": false, "object_relation": "permalink", "timestamp": "1572876623", "to_ids": false, "type": "link", "uuid": "423be0e6-f07a-44cc-a07c-5d12ebb9bd78", "value": "https://www.virustotal.com/file/84833991f1705a01a11149c9d037c8379a9c2d463dc30a2fec27bfa52d218fa6/analysis/1569641187/" }, { "category": "Payload delivery", "comment": "Dll", "deleted": false, "disable_correlation": true, "object_relation": "detection-ratio", "timestamp": "1572876623", "to_ids": false, "type": "text", "uuid": "73e7f2b3-941d-4727-86bf-ab089e83ff03", "value": "44/67" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "17", "timestamp": "1575969880", "uuid": "0ec33fed-1a2a-485e-939f-f40425ebc54c", "ObjectReference": [ { "comment": "", "object_uuid": "0ec33fed-1a2a-485e-939f-f40425ebc54c", "referenced_uuid": "c0bce316-ef56-42c6-811e-7dca12ecf919", "relationship_type": "analysed-with", "timestamp": "1575969881", "uuid": "5def6459-1b14-4e5b-9f31-40e9950d210f" } ], "Attribute": [ { "category": "Payload delivery", "comment": "ASyncRAT", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1572875611", "to_ids": true, "type": "md5", "uuid": "41c34af9-b7fe-494a-90c2-abc32b791200", "value": "9257e5b74cf52683b168602036f19d3f" }, { "category": "Payload delivery", "comment": "ASyncRAT", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1572875611", "to_ids": true, "type": "sha1", "uuid": "de2ec00b-75f7-4445-a662-41fde9dadda7", "value": "cdd025adf4d4b616a703378a05915a36dedcbe9a" }, { "category": "Payload delivery", "comment": "ASyncRAT", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1572875611", "to_ids": true, "type": "sha256", "uuid": "29475fb6-c458-4f8e-85ee-5c5443b69d36", "value": "516c73d324fa23f5aaf50bf9306c2d5aa3d55b0b8c9be60e273ac3c1895f15f3" } ] }, { "comment": "", "deleted": false, "description": "VirusTotal report", "meta-category": "misc", "name": "virustotal-report", "template_uuid": "d7dd0154-e04f-4c34-a2fb-79f3a3a52aa4", "template_version": "2", "timestamp": "1575969880", "uuid": "c0bce316-ef56-42c6-811e-7dca12ecf919", "Attribute": [ { "category": "Other", "comment": "ASyncRAT", "deleted": false, "disable_correlation": false, "object_relation": "last-submission", "timestamp": "1572875611", "to_ids": false, "type": "datetime", "uuid": "007438bf-4ab7-41b1-8d4c-2569dbb74a59", "value": "2019-10-29T15:05:37" }, { "category": "Payload delivery", "comment": "ASyncRAT", "deleted": false, "disable_correlation": false, "object_relation": "permalink", "timestamp": "1572875611", "to_ids": false, "type": "link", "uuid": "4e5958e9-9ee1-4023-833e-d9d30a89393f", "value": "https://www.virustotal.com/file/516c73d324fa23f5aaf50bf9306c2d5aa3d55b0b8c9be60e273ac3c1895f15f3/analysis/1572361537/" }, { "category": "Payload delivery", "comment": "ASyncRAT", "deleted": false, "disable_correlation": true, "object_relation": "detection-ratio", "timestamp": "1572875611", "to_ids": false, "type": "text", "uuid": "771cbfda-bc1e-49a0-82ff-341ab0bb1022", "value": "36/71" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "17", "timestamp": "1575969880", "uuid": "f1e1d01c-6f5f-4204-9d86-34227fa834ed", "ObjectReference": [ { "comment": "", "object_uuid": "f1e1d01c-6f5f-4204-9d86-34227fa834ed", "referenced_uuid": "78cebe26-6eb1-4f08-b500-312923e761c9", "relationship_type": "analysed-with", "timestamp": "1575969881", "uuid": "5def6459-f4ac-4a56-996c-4db7950d210f" } ], "Attribute": [ { "category": "Payload delivery", "comment": "AgentTesla", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1572876298", "to_ids": true, "type": "md5", "uuid": "facd374d-3b71-4d35-b939-2a38c5422f3a", "value": "0638dff86bcdbebe8dc9c9d0bece613b" }, { "category": "Payload delivery", "comment": "AgentTesla", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1572876298", "to_ids": true, "type": "sha1", "uuid": "4ebc69f3-99b2-4915-b40f-0eeef5301c44", "value": "e7ec733b91eece465192ebe2d62bb5fd14a135c3" }, { "category": "Payload delivery", "comment": "AgentTesla", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1572876298", "to_ids": true, "type": "sha256", "uuid": "185ae823-4aa3-4844-a8cf-68e8358c78b8", "value": "6c59ac2d51e7f06e82b33c697107a0ba27779382f07754fa9f0e283be84940e5" } ] }, { "comment": "", "deleted": false, "description": "VirusTotal report", "meta-category": "misc", "name": "virustotal-report", "template_uuid": "d7dd0154-e04f-4c34-a2fb-79f3a3a52aa4", "template_version": "2", "timestamp": "1575969880", "uuid": "78cebe26-6eb1-4f08-b500-312923e761c9", "Attribute": [ { "category": "Other", "comment": "AgentTesla", "deleted": false, "disable_correlation": false, "object_relation": "last-submission", "timestamp": "1572876298", "to_ids": false, "type": "datetime", "uuid": "77b6b35b-d50d-4041-b505-20115a28c312", "value": "2019-10-25T06:30:50" }, { "category": "Payload delivery", "comment": "AgentTesla", "deleted": false, "disable_correlation": false, "object_relation": "permalink", "timestamp": "1572876298", "to_ids": false, "type": "link", "uuid": "21a8e5ac-802a-4506-bcdd-6b69d3419a47", "value": "https://www.virustotal.com/file/6c59ac2d51e7f06e82b33c697107a0ba27779382f07754fa9f0e283be84940e5/analysis/1571985050/" }, { "category": "Payload delivery", "comment": "AgentTesla", "deleted": false, "disable_correlation": true, "object_relation": "detection-ratio", "timestamp": "1572876298", "to_ids": false, "type": "text", "uuid": "cadc000e-d4db-47db-9bd1-ee1ec522e9d6", "value": "44/68" } ] } ] } }