{ "Event": { "analysis": "0", "date": "2020-06-22", "extends_uuid": "", "info": "The Golden Tax Department and the Emergence of GoldenSpy Malware", "publish_timestamp": "1702644777", "published": true, "threat_level_id": "4", "timestamp": "1702644765", "uuid": "b6ae21ad-670a-4c81-a61f-78d76ae3bdfa", "Orgc": { "name": "CIRCL", "uuid": "55f6ea5e-2c60-40e5-964f-47a8950d210f" }, "Tag": [ { "colour": "#004646", "local": false, "name": "type:OSINT", "relationship_type": "" }, { "colour": "#0071c3", "local": false, "name": "osint:lifetime=\"perpetual\"", "relationship_type": "" }, { "colour": "#ffffff", "local": false, "name": "tlp:white", "relationship_type": "" }, { "colour": "#ffffff", "local": false, "name": "tlp:clear", "relationship_type": "" }, { "colour": "#0088cc", "local": false, "name": "misp-galaxy:country=\"china\"", "relationship_type": "targets" }, { "colour": "#053a00", "local": false, "name": "misp-galaxy:mitre-attack-pattern=\"Compromise Software Supply Chain - T1195.002\"", "relationship_type": "" } ], "Attribute": [ { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1701956070", "to_ids": true, "type": "url", "uuid": "525ac4e2-92ac-446a-8130-0dfbe5ac0ede", "value": "http://upgrade.i-xinnuo.com" }, { "category": "Network activity", "comment": "Ports used for svm.exe network traffic.", "deleted": false, "disable_correlation": false, "timestamp": "1702368310", "to_ids": false, "type": "port", "uuid": "7cf786d3-1687-4276-a71e-03a00f8c527f", "value": "9005" }, { "category": "Network activity", "comment": "Ports used for svm.exe network traffic.", "deleted": false, "disable_correlation": false, "timestamp": "1702368312", "to_ids": false, "type": "port", "uuid": "9870518f-225b-4215-b9c6-6ef8a6a250cb", "value": "9006" }, { "category": "Network activity", "comment": "Used by updater service to request a link to download svm.exe.", "deleted": false, "disable_correlation": false, "timestamp": "1702368318", "to_ids": false, "type": "port", "uuid": "8768e6c6-c703-48a6-9001-77aba7921f96", "value": "9002" }, { "category": "Network activity", "comment": "While we didn\u2019t observe this directly in our analysis, there are indicators on public scan sites that svm is downloaded over this port in some circumstances.", "deleted": false, "disable_correlation": false, "timestamp": "1702368333", "to_ids": false, "type": "port", "uuid": "e85e5781-0cb7-48fe-b710-26e2c3c6bca4", "value": "8090" }, { "category": "Network activity", "comment": "WebSocket established by Golden Tax software on installation.", "deleted": false, "disable_correlation": false, "timestamp": "1702368345", "to_ids": false, "type": "port", "uuid": "865b179b-37d2-4c6d-b43a-8bcaba2ffb6c", "value": "33666" } ], "Object": [ { "comment": "", "deleted": false, "description": "A domain/hostname and IP address seen as a tuple in a specific time frame.", "meta-category": "network", "name": "domain-ip", "template_uuid": "43b3b146-77eb-4931-b4cc-b66c60f28734", "template_version": "11", "timestamp": "1701175457", "uuid": "c2cb668d-ecf5-4b02-8945-809e70013f93", "Attribute": [ { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "hostname", "timestamp": "1701175457", "to_ids": true, "type": "hostname", "uuid": "b6240cce-b919-46a5-915a-df81cb2394d1", "value": "www.ningzhidata.com" } ] }, { "comment": "", "deleted": false, "description": "A domain/hostname and IP address seen as a tuple in a specific time frame.", "meta-category": "network", "name": "domain-ip", "template_uuid": "43b3b146-77eb-4931-b4cc-b66c60f28734", "template_version": "11", "timestamp": "1701175467", "uuid": "b8a987ee-113e-43b0-bd1d-d9138c6f50b3", "Attribute": [ { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ip", "timestamp": "1701175467", "to_ids": true, "type": "ip-dst", "uuid": "1e296717-1997-4567-ae8a-413f8b34d274", "value": "223.112.21.2" } ] }, { "comment": "", "deleted": false, "description": "A domain/hostname and IP address seen as a tuple in a specific time frame.", "meta-category": "network", "name": "domain-ip", "template_uuid": "43b3b146-77eb-4931-b4cc-b66c60f28734", "template_version": "11", "timestamp": "1701175501", "uuid": "69e13243-e7e0-4726-a10a-01fd046ded89", "Attribute": [ { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ip", "timestamp": "1701175501", "to_ids": true, "type": "ip-dst", "uuid": "3b25e3e0-b251-45a9-a796-269a757aca40", "value": "42.56.76.93" } ] }, { "comment": "", "deleted": false, "description": "A domain/hostname and IP address seen as a tuple in a specific time frame.", "meta-category": "network", "name": "domain-ip", "template_uuid": "43b3b146-77eb-4931-b4cc-b66c60f28734", "template_version": "11", "timestamp": "1701175522", "uuid": "d6ff3893-5b58-412d-a38f-a42ff6b55ce2", "Attribute": [ { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "domain", "timestamp": "1701175522", "to_ids": true, "type": "domain", "uuid": "23087444-d6ea-4081-ba69-5630d6a0bbc1", "value": "ningzhidata.com" } ] }, { "comment": "", "deleted": false, "description": "A domain/hostname and IP address seen as a tuple in a specific time frame.", "meta-category": "network", "name": "domain-ip", "template_uuid": "43b3b146-77eb-4931-b4cc-b66c60f28734", "template_version": "11", "timestamp": "1701175536", "uuid": "83c0441c-7262-46b2-b3e0-242171581ba0", "Attribute": [ { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ip", "timestamp": "1701175536", "to_ids": true, "type": "ip-dst", "uuid": "5492931e-2970-4160-ac85-3dbeab7daa55", "value": "49.232.156.177" } ] }, { "comment": "", "deleted": false, "description": "A domain/hostname and IP address seen as a tuple in a specific time frame.", "meta-category": "network", "name": "domain-ip", "template_uuid": "43b3b146-77eb-4931-b4cc-b66c60f28734", "template_version": "11", "timestamp": "1701176005", "uuid": "99bd5142-86d7-44d9-a1b9-c214a5eb64f9", "Attribute": [ { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ip", "timestamp": "1701176005", "to_ids": true, "type": "ip-dst", "uuid": "00e2a2b2-e849-4045-8190-3d5fe7c427a0", "value": "59.83.204.14" } ] }, { "comment": "", "deleted": false, "description": "A domain/hostname and IP address seen as a tuple in a specific time frame.", "meta-category": "network", "name": "domain-ip", "template_uuid": "43b3b146-77eb-4931-b4cc-b66c60f28734", "template_version": "11", "timestamp": "1701176013", "uuid": "a1913402-5d6f-4fd1-b158-17c06372b82e", "Attribute": [ { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ip", "timestamp": "1701176013", "to_ids": true, "type": "ip-dst", "uuid": "c482e426-9089-408b-84b7-56b55bd07684", "value": "124.152.41.85" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "timestamp": "1701336121", "uuid": "a061ac22-6146-43e0-b80a-1242186ce324", "Attribute": [ { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1701336121", "to_ids": true, "type": "sha256", "uuid": "acf3480a-ee44-48ae-a815-b61cf3aecec9", "value": "534da7cf722968de28eceff23e2924e180bf2c59f3852fb58a4653f8a54fa69a" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "compilation-timestamp", "timestamp": "1701336121", "to_ids": false, "type": "datetime", "uuid": "70019c8e-4106-4ec9-9670-884db0db8ffe", "value": "2020-03-27T02:53:00+00:00" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "timestamp": "1701337033", "uuid": "30195ad0-624f-4596-9d38-f297186985f4", "Attribute": [ { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1701337033", "to_ids": true, "type": "sha256", "uuid": "7454969f-900d-44fc-80dc-696af758b9f6", "value": "6366f009e4c0303d7f5ba0bb6a529039618ff8715972713c3b6645d1aef3d4c1" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "compilation-timestamp", "timestamp": "1701337033", "to_ids": false, "type": "datetime", "uuid": "bf4c2269-e79f-4cbd-9676-8e1e340b64c2", "value": "2020-03-27T03:10:00+00:00" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "timestamp": "1701337054", "uuid": "e1b6ab63-47f0-4397-9ec5-d4db06cc1b0f", "Attribute": [ { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1701337054", "to_ids": true, "type": "sha256", "uuid": "9ab7086d-77d7-4374-952b-b698e0da912e", "value": "68472c7468b931dbbea1900bdeb4dcf10bdbfe1384e0984f4272f1a036659202" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "compilation-timestamp", "timestamp": "1701337054", "to_ids": false, "type": "datetime", "uuid": "59843260-1898-49a5-a4dd-fcfdd43e1f58", "value": "2020-03-27T02:53:00+00:00" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "timestamp": "1701337100", "uuid": "2e14ffc4-b52c-462c-b75c-5769dd873b3c", "Attribute": [ { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1701337100", "to_ids": true, "type": "sha256", "uuid": "3c4ccb03-a5a7-490e-93b6-6feed84892f5", "value": "323d0cf9ac1c750761f66482154dbd3144dae7336c955a4576cb4cce6438a6ba" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1701337100", "to_ids": true, "type": "filename", "uuid": "4b35c168-c6b3-461c-83f0-b49a4312ce33", "value": "dgb.exe" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1701337100", "to_ids": true, "type": "filename", "uuid": "1e902319-894d-472e-a235-4a68c2cbd72f", "value": "dga.exe" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "compilation-timestamp", "timestamp": "1701337100", "to_ids": false, "type": "datetime", "uuid": "3b535d9f-2285-4fda-8083-06917dec05b5", "value": "2020-03-27T03:05:00+00:00" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "timestamp": "1701337149", "uuid": "91755780-edb5-4184-a85a-8038b21037a9", "Attribute": [ { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1701337149", "to_ids": true, "type": "sha256", "uuid": "46df89be-1cac-4864-9624-2a118227e8e5", "value": "67316d574d0e05549bf314b4764842e2b598f2ffae1ac82123b3dd592f605751" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1701337149", "to_ids": true, "type": "filename", "uuid": "8eed7318-c174-4068-8bdb-b7e506be30b5", "value": "svm.exe" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1701337149", "to_ids": true, "type": "filename", "uuid": "7e2e3562-2f75-4ba5-ac84-3e74f74ee0f0", "value": "svmm.exe" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "compilation-timestamp", "timestamp": "1701337149", "to_ids": false, "type": "datetime", "uuid": "a2b98308-2097-4c20-ac69-353178a3d4f7", "value": "2020-03-27T03:06:00+00:00" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "timestamp": "1701337184", "uuid": "d42c7cfa-02c3-417a-8fda-d78beedcb5be", "Attribute": [ { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1701337184", "to_ids": true, "type": "sha256", "uuid": "18a208c9-3665-4b22-9b49-454372a2b145", "value": "a8169c566bf4566c6c4ba98ce7f9ecf143ae6c21dc0d7b15779c936e1ff60269" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1701337184", "to_ids": true, "type": "filename", "uuid": "b6d585a5-737b-4c34-b82a-fd86aed6ccf3", "value": "svm.exe" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1701337184", "to_ids": true, "type": "filename", "uuid": "eaef9aa2-799a-4d86-b827-cce9539d39d7", "value": "svmm.exe" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "compilation-timestamp", "timestamp": "1701337184", "to_ids": false, "type": "datetime", "uuid": "d7d9625d-85e8-483b-94a9-070083c9252f", "value": "2020-04-07T08:44:00+00:00" } ] }, { "comment": "Remote Access Trojan", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "timestamp": "1701781786", "uuid": "0ce35428-7b9f-4966-b5c9-915a963a2025", "ObjectReference": [ { "comment": "", "object_uuid": "0ce35428-7b9f-4966-b5c9-915a963a2025", "referenced_uuid": "c2cb668d-ecf5-4b02-8945-809e70013f93", "relationship_type": "communicates-with", "timestamp": "1701781759", "uuid": "4dd56758-dc01-469f-b3d2-c2c8dd87ab09" }, { "comment": "", "object_uuid": "0ce35428-7b9f-4966-b5c9-915a963a2025", "referenced_uuid": "d6ff3893-5b58-412d-a38f-a42ff6b55ce2", "relationship_type": "communicates-with", "timestamp": "1701781771", "uuid": "2d1eeda0-3e67-4ed9-861f-7f9e3ab4f6e4" }, { "comment": "", "object_uuid": "0ce35428-7b9f-4966-b5c9-915a963a2025", "referenced_uuid": "83c0441c-7262-46b2-b3e0-242171581ba0", "relationship_type": "communicates-with", "timestamp": "1701781786", "uuid": "a5987acb-3d5c-4295-988d-02b95ccf616b" } ], "Attribute": [ { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1701351844", "to_ids": true, "type": "sha256", "uuid": "cb85d9e2-b7c5-4857-a630-dfa511e61b8a", "value": "20932b2151de5f0dc5c1159fbc1d2d004f069bb04d32d66dc7fa5b7b9eac1aa7" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "compilation-timestamp", "timestamp": "1701351844", "to_ids": false, "type": "datetime", "uuid": "dd395ba4-83f2-4993-9b63-ec1566a2dae8", "value": "2016-12-19T15:41:22+00:00" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1701351844", "to_ids": true, "type": "filename", "uuid": "143ebe6d-921f-4d7e-94c0-6160521db92e", "value": "svminstall.exe" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "timestamp": "1701351844", "uuid": "9a2b3b20-3490-4963-8e55-8a78269c262c", "Attribute": [ { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1701351844", "to_ids": true, "type": "sha256", "uuid": "bb64e435-bc11-404f-8ae4-e16ae31fa027", "value": "2878ad6d386bc3fd9f0625195a3a60fc5056ff7ff24e57cf466e54af07d0217e" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "compilation-timestamp", "timestamp": "1701351844", "to_ids": false, "type": "datetime", "uuid": "287d3fcd-0d39-4ff2-9089-eda4f8f5fc31", "value": "2020-03-27T03:05:00+00:00" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1701351844", "to_ids": true, "type": "filename", "uuid": "fd9e1953-0fb4-481e-a49a-37d5a2ab6642", "value": "0750e344e12de0b653de4e7d600d00c2.virus" } ] }, { "comment": "Zip archive containing malicious code", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "timestamp": "1701779855", "uuid": "64ca88c1-8b48-43e5-b094-77cc69d934e7", "ObjectReference": [ { "comment": "", "object_uuid": "64ca88c1-8b48-43e5-b094-77cc69d934e7", "referenced_uuid": "d6ff3893-5b58-412d-a38f-a42ff6b55ce2", "relationship_type": "communicates-with", "timestamp": "1701779838", "uuid": "e4735913-6296-467a-ac58-c57fc0147e95" }, { "comment": "", "object_uuid": "64ca88c1-8b48-43e5-b094-77cc69d934e7", "referenced_uuid": "b8a987ee-113e-43b0-bd1d-d9138c6f50b3", "relationship_type": "communicates-with", "timestamp": "1701779855", "uuid": "ca2b3730-8f85-492a-a245-3cbfd1736f01" } ], "Attribute": [ { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1701351844", "to_ids": true, "type": "sha256", "uuid": "0d697e6a-3ef0-47b7-b89f-7508ff2ae028", "value": "2f65238e7b3a8ddd719fb19a506cd1d964fc7b5cab6f3f4e95235c235cac2190" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "compilation-timestamp", "timestamp": "1701351845", "to_ids": false, "type": "datetime", "uuid": "7609179e-4227-4071-a4dd-53dd972ef8d6", "value": "2020-05-07T22:21:26+00:00" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1701351845", "to_ids": true, "type": "filename", "uuid": "743af76d-37b7-486d-a370-f370a0b04daa", "value": "svminstall.exe.zip" } ] }, { "comment": "Remote Access Trojan", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "timestamp": "1701779405", "uuid": "f340ee1b-2a40-4f2b-afbe-45e79140cec1", "ObjectReference": [ { "comment": "", "object_uuid": "f340ee1b-2a40-4f2b-afbe-45e79140cec1", "referenced_uuid": "c2cb668d-ecf5-4b02-8945-809e70013f93", "relationship_type": "communicates-with", "timestamp": "1701779359", "uuid": "61a6fba4-27fa-4588-874d-ecaffae7a7e6" }, { "comment": "", "object_uuid": "f340ee1b-2a40-4f2b-afbe-45e79140cec1", "referenced_uuid": "83c0441c-7262-46b2-b3e0-242171581ba0", "relationship_type": "communicates-with", "timestamp": "1701779376", "uuid": "97f1afd1-056a-4ce9-ac2f-4e057a0d0f26" } ], "Attribute": [ { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1701351845", "to_ids": true, "type": "sha256", "uuid": "c3146102-8afd-429f-b80d-a3cbc626394f", "value": "39b914c8064becf3df1df39b0517bda05371e90b8b5fe15aad275faac634876f" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "compilation-timestamp", "timestamp": "1701351845", "to_ids": false, "type": "datetime", "uuid": "d4167751-a030-478e-b0f4-de8687848582", "value": "2020-03-27T03:12:24+00:00" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1701351845", "to_ids": true, "type": "filename", "uuid": "a3ad7f24-a517-4b51-9a31-3760a5b372bd", "value": "usv.exe" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "timestamp": "1701351845", "uuid": "2c00384b-57eb-4d4a-8261-7b29f2fd8f11", "Attribute": [ { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1701351845", "to_ids": true, "type": "sha256", "uuid": "8def6418-52d8-40b7-abd5-84e6b20ee92f", "value": "3b63900e56a7eccee43d42a77fcb6d7834943f5236adae063abe32111f35152d" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "compilation-timestamp", "timestamp": "1701351845", "to_ids": false, "type": "datetime", "uuid": "888ba1c9-937b-44be-87de-ccc4cc54bfbf", "value": "2020-03-27T03:10:00+00:00" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1701351845", "to_ids": true, "type": "filename", "uuid": "33ed128b-7e43-44b6-8657-e0aebbce1b3e", "value": "71f7e61c2686b4bc1d67745e859b3ca1.virus" } ] }, { "comment": "Remote Access Trojan", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "timestamp": "1701772341", "uuid": "87ce2eff-30a0-4fee-9641-186684286abd", "ObjectReference": [ { "comment": "", "object_uuid": "87ce2eff-30a0-4fee-9641-186684286abd", "referenced_uuid": "c2cb668d-ecf5-4b02-8945-809e70013f93", "relationship_type": "communicates-with", "timestamp": "1701695925", "uuid": "6310d7ab-4399-4fcc-86e9-ab77d8c75474" }, { "comment": "", "object_uuid": "87ce2eff-30a0-4fee-9641-186684286abd", "referenced_uuid": "d6ff3893-5b58-412d-a38f-a42ff6b55ce2", "relationship_type": "communicates-with", "timestamp": "1701695948", "uuid": "70a8f6e3-1cd8-4491-90ef-2bc58eb5cd89" }, { "comment": "", "object_uuid": "87ce2eff-30a0-4fee-9641-186684286abd", "referenced_uuid": "83c0441c-7262-46b2-b3e0-242171581ba0", "relationship_type": "communicates-with", "timestamp": "1701695970", "uuid": "c21e71d9-1f85-418b-883a-136e5fb102f7" } ], "Attribute": [ { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1701351845", "to_ids": true, "type": "sha256", "uuid": "83b416bf-87ab-4179-a230-0acfa0ebe0d6", "value": "41103f32f247ba744a8fbe17deac4bd26aeba323f3161e44adc35f8dd81ce4d3" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "compilation-timestamp", "timestamp": "1701351845", "to_ids": false, "type": "datetime", "uuid": "98fd85ac-620e-41d7-bfcd-8d12e52df60b", "value": "2016-12-19T15:41:22+00:00" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1701351845", "to_ids": true, "type": "filename", "uuid": "81626b6a-d60b-43c7-b3e8-61264d0e5da0", "value": "SVMV1.0-20200310.exe" } ] }, { "comment": "Remote Access Trojan", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "timestamp": "1701772300", "uuid": "3b6f337e-e0ae-4da5-880c-089bd8222795", "ObjectReference": [ { "comment": "", "object_uuid": "3b6f337e-e0ae-4da5-880c-089bd8222795", "referenced_uuid": "c2cb668d-ecf5-4b02-8945-809e70013f93", "relationship_type": "communicates-with", "timestamp": "1701683309", "uuid": "0a2b98ba-d19d-4792-b23d-d3faa656b87c" }, { "comment": "", "object_uuid": "3b6f337e-e0ae-4da5-880c-089bd8222795", "referenced_uuid": "d6ff3893-5b58-412d-a38f-a42ff6b55ce2", "relationship_type": "communicates-with", "timestamp": "1701683325", "uuid": "b42d905f-1fe7-4ffc-b5db-8c1945dfed28" }, { "comment": "", "object_uuid": "3b6f337e-e0ae-4da5-880c-089bd8222795", "referenced_uuid": "83c0441c-7262-46b2-b3e0-242171581ba0", "relationship_type": "communicates-with", "timestamp": "1701683337", "uuid": "880b20d1-02c0-4307-842b-c64aedc13398" } ], "Attribute": [ { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1701351845", "to_ids": true, "type": "sha256", "uuid": "3e8a0a8e-c132-4901-97eb-f63ec25ad76c", "value": "4f86175e5500be87cc95ea9fcaf565970e15a86b2aa3223f8ef8d25e72cec376" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "compilation-timestamp", "timestamp": "1701351845", "to_ids": false, "type": "datetime", "uuid": "b3f7cfb0-2b81-491c-86a3-ce9e673148a9", "value": "2016-12-19T15:41:22+00:00" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1701351845", "to_ids": true, "type": "filename", "uuid": "4ff4b1cc-1db9-43ff-9510-be9fc0dc0c1d", "value": "IDG-MINZONGV1.0-20200310.exe" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "timestamp": "1701351845", "uuid": "67afd357-6025-414b-951f-8d5fd7c2393c", "Attribute": [ { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1701351845", "to_ids": true, "type": "sha256", "uuid": "d8eb3b98-1763-449b-b205-2cb7c8575de7", "value": "5246fc50cce0b3492939a169082eebfde63c9ebc312267eef6d1bb47b44c44aa" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "compilation-timestamp", "timestamp": "1701351845", "to_ids": false, "type": "datetime", "uuid": "30af6f0a-e0b4-4cfd-af1b-8ca33199b5b3", "value": "2020-03-27T03:05:00+00:00" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1701351845", "to_ids": true, "type": "filename", "uuid": "18317cb3-4585-4b3c-a093-d21c24f7249a", "value": "392b5b60444fa9e27c1de9d977ec9248.virus" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "timestamp": "1701351845", "uuid": "a0cb4750-bc13-48ad-b4c7-0e088f5fe571", "Attribute": [ { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1701351845", "to_ids": true, "type": "sha256", "uuid": "8e6edeed-2430-49a5-8870-6bc63942c798", "value": "55429a6085d50782be52bb2150cfabecfdaa4eb843350399c3cf88a9ab9fa4c1" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "compilation-timestamp", "timestamp": "1701351845", "to_ids": false, "type": "datetime", "uuid": "393c3632-ed35-446c-89e8-4292cc975105", "value": "2020-03-27T03:11:00+00:00" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1701351845", "to_ids": true, "type": "filename", "uuid": "a9192972-5559-4218-8e1e-4c57f85f10a8", "value": "idgclient.exe" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "timestamp": "1701351845", "uuid": "56181b68-145d-4240-bdc9-ab7b8bcba590", "Attribute": [ { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1701351845", "to_ids": true, "type": "sha256", "uuid": "dcd402e1-8f70-474c-a9b3-fd9969853070", "value": "561f89c566af35a90ae19285177cedaae3a0cbd7c8d415c57766e7988503c686" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "compilation-timestamp", "timestamp": "1701351845", "to_ids": false, "type": "datetime", "uuid": "62d7a050-f27b-4ee4-a583-dfd6d069dceb", "value": "2020-03-27T02:53:00+00:00" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1701351845", "to_ids": true, "type": "filename", "uuid": "d6939dcb-ec1b-4139-aaaf-e1049320385e", "value": "dga.exe" } ] }, { "comment": "Remote Access Trojan", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "timestamp": "1701779489", "uuid": "66621b84-e9d8-4f2f-849a-51e535149fe6", "ObjectReference": [ { "comment": "", "object_uuid": "66621b84-e9d8-4f2f-849a-51e535149fe6", "referenced_uuid": "c2cb668d-ecf5-4b02-8945-809e70013f93", "relationship_type": "communicates-with", "timestamp": "1701779462", "uuid": "2f86a1cd-c806-4c1f-8cbf-8796b11da2dd" }, { "comment": "", "object_uuid": "66621b84-e9d8-4f2f-849a-51e535149fe6", "referenced_uuid": "d6ff3893-5b58-412d-a38f-a42ff6b55ce2", "relationship_type": "communicates-with", "timestamp": "1701779476", "uuid": "18226565-e646-4184-9d62-d2548c7e1d91" }, { "comment": "", "object_uuid": "66621b84-e9d8-4f2f-849a-51e535149fe6", "referenced_uuid": "83c0441c-7262-46b2-b3e0-242171581ba0", "relationship_type": "communicates-with", "timestamp": "1701779489", "uuid": "6c5d9039-fcb1-4313-88ff-a36dde8cea88" } ], "Attribute": [ { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1701351845", "to_ids": true, "type": "sha256", "uuid": "c6cfad5e-ccd2-4306-9464-19fbed8f488a", "value": "77ee7b0a10f3c0ab08c1b1f88ceb0dd979e9c2fee17ac5fd14c9ce27002f6078" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "compilation-timestamp", "timestamp": "1701351845", "to_ids": false, "type": "datetime", "uuid": "e1aab480-d409-490f-ba3d-22547614b562", "value": "2016-12-19T15:41:22+00:00" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1701351845", "to_ids": true, "type": "filename", "uuid": "bfb87406-2809-4814-b84c-b16228bdf0ed", "value": "IDG-FEILONGV1.0-20200310.exe" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "timestamp": "1701351845", "uuid": "55b1382d-9f32-4276-89fe-2e7266944439", "Attribute": [ { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1701351845", "to_ids": true, "type": "sha256", "uuid": "7c479d93-69ff-4591-8d79-e5a7af2a3bf2", "value": "7bf45c75dca3362331d5a9a116bf9c7a52e1352905a5dee66f0cf123acc461b2" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "compilation-timestamp", "timestamp": "1701351845", "to_ids": false, "type": "datetime", "uuid": "41568571-6cfb-43c3-beff-8f627426d355", "value": "2020-03-27T03:17:00+00:00" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1701351845", "to_ids": true, "type": "filename", "uuid": "7046d5fe-4eb7-487f-9320-638882549ef3", "value": "svm.exe" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "timestamp": "1701351845", "uuid": "3320cfa3-936e-41ef-9c53-d63c110b20c5", "Attribute": [ { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1701351845", "to_ids": true, "type": "sha256", "uuid": "860d0fb8-6698-480d-8280-5f6df804b1f3", "value": "817887f4e977443cb446579f080ae848a2235b79f8c174e7201cebf62e9ccd94" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "compilation-timestamp", "timestamp": "1701351845", "to_ids": false, "type": "datetime", "uuid": "a8b75ef9-36a6-4cf8-8657-c49bd62656a7", "value": "2020-03-27T03:01:00+00:00" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1701351845", "to_ids": true, "type": "filename", "uuid": "7f00adba-ad40-4598-ad2d-4c651c605f18", "value": "idgclient.exe" } ] }, { "comment": "Remote Access Trojan", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "timestamp": "1701780491", "uuid": "4fdc1c30-e026-4ff3-afd3-55527f7c790a", "ObjectReference": [ { "comment": "", "object_uuid": "4fdc1c30-e026-4ff3-afd3-55527f7c790a", "referenced_uuid": "c2cb668d-ecf5-4b02-8945-809e70013f93", "relationship_type": "communicates-with", "timestamp": "1701780471", "uuid": "a23c15b6-0518-47d4-af1e-01d235a4b757" }, { "comment": "", "object_uuid": "4fdc1c30-e026-4ff3-afd3-55527f7c790a", "referenced_uuid": "83c0441c-7262-46b2-b3e0-242171581ba0", "relationship_type": "communicates-with", "timestamp": "1701780491", "uuid": "ef54cdd4-6923-4e0b-80dc-a6c0be06d88b" } ], "Attribute": [ { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1701351845", "to_ids": true, "type": "sha256", "uuid": "90f1ad4d-0a03-4b42-9dbb-7b84ca6f669e", "value": "853ef8130b50e9fce5f7575afc04374de0232fa5fe6b7b4d97fda7bf17ec58c9" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "compilation-timestamp", "timestamp": "1701351845", "to_ids": false, "type": "datetime", "uuid": "3b418bbf-f284-42b1-a422-94737a0eb81b", "value": "2020-03-27T03:06:00+00:00" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1701351845", "to_ids": true, "type": "filename", "uuid": "5f91d557-393c-41ba-ae44-5d446dfb972b", "value": "usv.exe" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "timestamp": "1701351846", "uuid": "bf153833-d88e-4154-8d50-4ac02ad8296a", "Attribute": [ { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1701351846", "to_ids": true, "type": "sha256", "uuid": "cd86d4fb-6890-48fe-9989-79be016b1272", "value": "862115c6d8d6e6addeb408c45ac0a7f8a25126d5ccca6d9356143a7a683c009d" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "compilation-timestamp", "timestamp": "1701351846", "to_ids": false, "type": "datetime", "uuid": "b5adaa40-23e9-4550-bcbe-2c095f1d1e00", "value": "2020-03-23T13:05:00+00:00" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1701351846", "to_ids": true, "type": "filename", "uuid": "47ed09a0-1382-44c1-8b9c-178a9711b19e", "value": "7bc6b5c6da04a231f5fa011944ce5a31.virus" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "timestamp": "1701351846", "uuid": "55c42baa-eda4-4bcd-b58f-0d4ae5e46465", "Attribute": [ { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1701351846", "to_ids": true, "type": "sha256", "uuid": "3666d326-2435-4d36-9f7a-0ee42a96512f", "value": "8b0e1be70409238e7577429df3eaa84a6b12f36d9dbb6e47607f7fc354ddb961" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "compilation-timestamp", "timestamp": "1701351846", "to_ids": false, "type": "datetime", "uuid": "2be8faff-0e5a-4f7b-b145-1bdd4753f7be", "value": "2020-03-27T02:51:00+00:00" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1701351846", "to_ids": true, "type": "filename", "uuid": "d5fb374d-d7d3-41a5-8d9d-1acb652ea580", "value": "svm.exe" } ] }, { "comment": "Remote Access Trojan", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "timestamp": "1701780722", "uuid": "f5a1bd3a-32ae-45fb-89c6-7b0e5f961cb2", "ObjectReference": [ { "comment": "", "object_uuid": "f5a1bd3a-32ae-45fb-89c6-7b0e5f961cb2", "referenced_uuid": "c2cb668d-ecf5-4b02-8945-809e70013f93", "relationship_type": "communicates-with", "timestamp": "1701780707", "uuid": "228b2f57-ef73-46c1-8317-8fc2beb5214c" }, { "comment": "", "object_uuid": "f5a1bd3a-32ae-45fb-89c6-7b0e5f961cb2", "referenced_uuid": "83c0441c-7262-46b2-b3e0-242171581ba0", "relationship_type": "communicates-with", "timestamp": "1701780722", "uuid": "30de924c-b419-4efe-800f-0844ab23015c" } ], "Attribute": [ { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1701351846", "to_ids": true, "type": "sha256", "uuid": "48cf7367-37e5-4cf0-be62-dcee674b1b54", "value": "98b5320e7464fc69b12eb626b6336604efcbf6502adc38c77f6db41666da9dd1" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "compilation-timestamp", "timestamp": "1701351846", "to_ids": false, "type": "datetime", "uuid": "6e7f6921-2c84-4751-94b3-260db39172d9", "value": "2020-03-27T02:24:01+00:00" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1701351846", "to_ids": true, "type": "filename", "uuid": "9b88db93-ee0d-438b-8273-f32dfbccd20d", "value": "usv.exe" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "timestamp": "1701351846", "uuid": "fc241f3d-1a7a-4f8f-a5b9-2e14e74252aa", "Attribute": [ { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1701351846", "to_ids": true, "type": "sha256", "uuid": "d04e73af-c526-4fea-8c42-fdf2a3e42952", "value": "a44e6b87dc1165c4c6839554dd412e98fade0a7e7c6341b9d44c0ee0dd034160" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "compilation-timestamp", "timestamp": "1701351846", "to_ids": false, "type": "datetime", "uuid": "207d9032-72c2-4b85-8623-af4980a053b7", "value": "2020-03-27T03:10:00+00:00" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1701351846", "to_ids": true, "type": "filename", "uuid": "6d44197b-f5e7-44d9-8c72-28c8d943b49a", "value": "cce1df224e63ff1aab5f74e2fb1559e3.virus" } ] }, { "comment": "Remote Access Trojan", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "timestamp": "1701781998", "uuid": "91004b93-92fb-46cb-a690-ee49d550fd87", "ObjectReference": [ { "comment": "", "object_uuid": "91004b93-92fb-46cb-a690-ee49d550fd87", "referenced_uuid": "c2cb668d-ecf5-4b02-8945-809e70013f93", "relationship_type": "communicates-with", "timestamp": "1701781969", "uuid": "3c58757c-6b43-41e4-9880-269dd47bf86d" }, { "comment": "", "object_uuid": "91004b93-92fb-46cb-a690-ee49d550fd87", "referenced_uuid": "d6ff3893-5b58-412d-a38f-a42ff6b55ce2", "relationship_type": "communicates-with", "timestamp": "1701781983", "uuid": "df6a6314-b7e3-42b3-936e-224c01052e34" }, { "comment": "", "object_uuid": "91004b93-92fb-46cb-a690-ee49d550fd87", "referenced_uuid": "83c0441c-7262-46b2-b3e0-242171581ba0", "relationship_type": "communicates-with", "timestamp": "1701781998", "uuid": "b8b44eec-43a8-476f-99a0-16bae3a50cb1" } ], "Attribute": [ { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1701351846", "to_ids": true, "type": "sha256", "uuid": "79ae4416-5859-4465-aa26-e89ae4a2d797", "value": "a6e9d6c145668c4fc6e6dbd3d1fe4bc394211d9c09d31c12730ceddf3e5056be" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "compilation-timestamp", "timestamp": "1701351846", "to_ids": false, "type": "datetime", "uuid": "e619c215-e39e-4e1d-b8f4-8c267591c242", "value": "2016-12-19T15:41:22+00:00" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1701351846", "to_ids": true, "type": "filename", "uuid": "ba47135e-c151-4726-be5e-79fc2cd2584d", "value": "svminstall.exe" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "timestamp": "1701351846", "uuid": "5c497b29-bca4-4702-ae5e-a8df8e26165b", "Attribute": [ { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1701351846", "to_ids": true, "type": "sha256", "uuid": "21dec5ab-febf-4e93-8757-5f3ffc3f6791", "value": "af120f411c2c1f3ec52516006a25c734a5a0e4952c3eb942ad99858420c9135e" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "compilation-timestamp", "timestamp": "1701351846", "to_ids": false, "type": "datetime", "uuid": "e795ae6c-cf3f-4bf3-a0de-9242e930b4fe", "value": "2020-04-07T08:44:00+00:00" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1701351846", "to_ids": true, "type": "filename", "uuid": "15a4fe97-b0e1-4160-9d6e-63424830fe2f", "value": "svm.exe" } ] }, { "comment": "Zip archive containing malicious code", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "timestamp": "1701772360", "uuid": "288d3f46-333a-400f-b20d-8e742292776a", "ObjectReference": [ { "comment": "", "object_uuid": "288d3f46-333a-400f-b20d-8e742292776a", "referenced_uuid": "d6ff3893-5b58-412d-a38f-a42ff6b55ce2", "relationship_type": "communicates-with", "timestamp": "1701772232", "uuid": "9902a564-d740-455b-b589-f3658191d6f2" }, { "comment": "", "object_uuid": "288d3f46-333a-400f-b20d-8e742292776a", "referenced_uuid": "b8a987ee-113e-43b0-bd1d-d9138c6f50b3", "relationship_type": "communicates-with", "timestamp": "1701772245", "uuid": "919d95af-e47d-4e12-9caa-a3adf2961cfe" } ], "Attribute": [ { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1701351846", "to_ids": true, "type": "sha256", "uuid": "2126ab1f-1a93-467d-bdf6-69144383041d", "value": "afcc4ccc4ac0f1eaded6fc2ea704f4e9650942fc317728150676de3af19fb72d" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "compilation-timestamp", "timestamp": "1701351846", "to_ids": false, "type": "datetime", "uuid": "fee05b81-b606-4900-8e94-3cd09260631d", "value": "2020-05-14T01:29:22+00:00" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1701351846", "to_ids": true, "type": "filename", "uuid": "79dff4e4-38db-4727-a1e5-a8a8cde5d214", "value": "svminstall.exe.zip" } ] }, { "comment": "Remote Access Trojan", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "timestamp": "1701780912", "uuid": "47becfed-220a-4ae7-ac67-b4c3c4e67f66", "ObjectReference": [ { "comment": "", "object_uuid": "47becfed-220a-4ae7-ac67-b4c3c4e67f66", "referenced_uuid": "c2cb668d-ecf5-4b02-8945-809e70013f93", "relationship_type": "communicates-with", "timestamp": "1701780877", "uuid": "45ef2306-107b-46cf-8c37-2073928a5d69" }, { "comment": "", "object_uuid": "47becfed-220a-4ae7-ac67-b4c3c4e67f66", "referenced_uuid": "83c0441c-7262-46b2-b3e0-242171581ba0", "relationship_type": "communicates-with", "timestamp": "1701780912", "uuid": "d9bba08b-296b-47cb-b955-d84fd5006c02" } ], "Attribute": [ { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1701351846", "to_ids": true, "type": "sha256", "uuid": "c4185519-125d-4ff8-9def-0fd3f528c2fa", "value": "afe2bcd5cb2de6349329c42631bfbbdba46d672f6dc515a5bee63cb4265e49f8" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "compilation-timestamp", "timestamp": "1701351846", "to_ids": false, "type": "datetime", "uuid": "0bcba0d9-c83f-41c2-8521-1a0c35d6280a", "value": "2020-03-27T03:17:53+00:00" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1701351846", "to_ids": true, "type": "filename", "uuid": "240b38ba-3d2d-40d6-b536-c33e5e921d2e", "value": "usv.exe" } ] }, { "comment": "Remote Access Trojan", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "timestamp": "1701782204", "uuid": "4c20a6ae-008e-4d33-aa13-6286d7c1fc47", "ObjectReference": [ { "comment": "", "object_uuid": "4c20a6ae-008e-4d33-aa13-6286d7c1fc47", "referenced_uuid": "c2cb668d-ecf5-4b02-8945-809e70013f93", "relationship_type": "communicates-with", "timestamp": "1701782174", "uuid": "40d0cd48-2977-4c03-97e6-3f62f3658171" }, { "comment": "", "object_uuid": "4c20a6ae-008e-4d33-aa13-6286d7c1fc47", "referenced_uuid": "d6ff3893-5b58-412d-a38f-a42ff6b55ce2", "relationship_type": "communicates-with", "timestamp": "1701782190", "uuid": "f13885a4-9f33-4f94-b4fb-a15de3dbc3b5" }, { "comment": "", "object_uuid": "4c20a6ae-008e-4d33-aa13-6286d7c1fc47", "referenced_uuid": "83c0441c-7262-46b2-b3e0-242171581ba0", "relationship_type": "communicates-with", "timestamp": "1701782204", "uuid": "235825d4-f562-41cf-9fb7-6d0de8ed06e7" } ], "Attribute": [ { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1701351846", "to_ids": true, "type": "sha256", "uuid": "af8521cd-6946-40d5-a0c7-a17ebef098de", "value": "b67913449618756dcc815a242a270257cce4d5ae71911bb6716bdecc2f1c0c7f" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "compilation-timestamp", "timestamp": "1701351846", "to_ids": false, "type": "datetime", "uuid": "e32ce9d0-1d14-46bd-8cc2-b97737418a41", "value": "2016-12-19T15:41:22+00:00" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1701351846", "to_ids": true, "type": "filename", "uuid": "e08f4e0d-64f0-4d35-b23b-fd12ad73fefe", "value": "svminstall.exe" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "timestamp": "1701351846", "uuid": "ef75e372-c372-416a-bc51-c54fd64cc47c", "Attribute": [ { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1701351846", "to_ids": true, "type": "sha256", "uuid": "a8795d72-a104-430a-add7-e75bd1c92226", "value": "b6982fe4ab882cfdcba091c6617b9d279a9bcfd3e28a76d5fb2c0cdfc0c23064" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "compilation-timestamp", "timestamp": "1701351846", "to_ids": false, "type": "datetime", "uuid": "f6a5ffd1-205e-4525-b5d6-4fcabd85955e", "value": "2020-03-27T03:17:00+00:00" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1701351846", "to_ids": true, "type": "filename", "uuid": "32ebb985-629d-4668-9f9a-8d774db8db70", "value": "126599da0c79ce196c960d0ba28aacda.virus" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "timestamp": "1701351846", "uuid": "a2571d1b-5251-49d6-a06a-6b2cd55c33fe", "Attribute": [ { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1701351846", "to_ids": true, "type": "sha256", "uuid": "f6e96782-7783-45ee-8ad6-19ef40ccf830", "value": "c12e099fb5e825be513c75cff8b4f064b9d4ea8435bab254d69e126b74959372" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "compilation-timestamp", "timestamp": "1701351846", "to_ids": false, "type": "datetime", "uuid": "43abe258-945c-4717-8393-7a4bdd495e6f", "value": "2020-03-27T03:10:00+00:00" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1701351846", "to_ids": true, "type": "filename", "uuid": "8df26508-de86-4dae-859d-8b424c6f42fa", "value": "dga.exe" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "timestamp": "1701351846", "uuid": "0c820525-3995-48df-b0f7-29543d3bb91e", "Attribute": [ { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1701351846", "to_ids": true, "type": "sha256", "uuid": "15e55845-1d5b-4807-b538-784bd99a5e4c", "value": "c4fc73dbfc0d61a0a60239971225321b882af5923babf26c324726b80db612a2" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "compilation-timestamp", "timestamp": "1701351846", "to_ids": false, "type": "datetime", "uuid": "1ec05e5b-94d8-4ee1-908a-8fed831bcc16", "value": "2020-03-27T03:06:00+00:00" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1701351846", "to_ids": true, "type": "filename", "uuid": "f9b83223-a152-4bbe-95c1-f42381832e50", "value": "idgclient.exe" } ] }, { "comment": "Remote Access Trojan", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "timestamp": "1701772332", "uuid": "864dad3f-719f-4dba-8c9f-92f673fa87b7", "ObjectReference": [ { "comment": "", "object_uuid": "864dad3f-719f-4dba-8c9f-92f673fa87b7", "referenced_uuid": "c2cb668d-ecf5-4b02-8945-809e70013f93", "relationship_type": "communicates-with", "timestamp": "1701695828", "uuid": "63f8f124-b3da-4876-96d7-720a29935aa5" }, { "comment": "", "object_uuid": "864dad3f-719f-4dba-8c9f-92f673fa87b7", "referenced_uuid": "d6ff3893-5b58-412d-a38f-a42ff6b55ce2", "relationship_type": "communicates-with", "timestamp": "1701695839", "uuid": "93731785-e54f-4791-921e-b43abb3dd054" }, { "comment": "", "object_uuid": "864dad3f-719f-4dba-8c9f-92f673fa87b7", "referenced_uuid": "83c0441c-7262-46b2-b3e0-242171581ba0", "relationship_type": "communicates-with", "timestamp": "1701695853", "uuid": "9dd6469e-4ab0-450d-98f5-8e8f10a35545" } ], "Attribute": [ { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1701351847", "to_ids": true, "type": "sha256", "uuid": "7fb3290e-f6bb-41c6-8a3d-93cbd7ce4cb0", "value": "c5c5e59bb18bad1427714d0007b676e658d8e08faf5a0632ed88912f5816d525" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "compilation-timestamp", "timestamp": "1701351847", "to_ids": false, "type": "datetime", "uuid": "cb6ab398-dd78-46c9-98aa-18ccbddc7c76", "value": "2016-12-19T15:41:22+00:00" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1701351847", "to_ids": true, "type": "filename", "uuid": "1f07ac17-7e50-442f-a9e8-387030371db3", "value": "IDG-NJCKV1.0-20200320.exe" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "timestamp": "1701351847", "uuid": "d6f1a0e7-5a66-48a0-a6ed-597558d2b5f3", "Attribute": [ { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1701351847", "to_ids": true, "type": "sha256", "uuid": "c8944763-7e06-4155-927d-bf12b7a38833", "value": "c9d1ec32df1b134aa809bc8b3ad475b690347294693f6c5b65ab1df94fa4d1fd" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "compilation-timestamp", "timestamp": "1701351847", "to_ids": false, "type": "datetime", "uuid": "c03e959c-6513-42b0-8aef-232ef12248e7", "value": "2020-03-23T13:05:00+00:00" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1701351847", "to_ids": true, "type": "filename", "uuid": "6cbe44ac-5c08-4f79-b066-40cca92cc3dd", "value": "433F8727.vsc_svm.exe_archive_level0_1_NSIS.unc" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "timestamp": "1701351847", "uuid": "47df59a7-8382-486b-8de2-2745eaad8bcb", "Attribute": [ { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1701351847", "to_ids": true, "type": "sha256", "uuid": "dafac7cd-ce07-470f-8659-c89f9a013924", "value": "ce3d64f8ad4dcbbf5324e05c81a716c5d2493e149edafbc5cb73c01836bea5f2" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "compilation-timestamp", "timestamp": "1701351847", "to_ids": false, "type": "datetime", "uuid": "6e79e72b-961f-49dd-8b09-0ca96e2ce53e", "value": "2020-03-27T03:10:00+00:00" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1701351847", "to_ids": true, "type": "filename", "uuid": "ec9cf7be-8c97-405a-a119-657a96995007", "value": "8497a9301e74d3611c2df3e3c0ea24f4.virus" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "timestamp": "1701351847", "uuid": "eb8e2be7-0f90-4150-a98b-b00ea054991a", "Attribute": [ { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1701351847", "to_ids": true, "type": "sha256", "uuid": "88c9b21d-67c7-41c9-818b-fc91e1943a34", "value": "d41081969a212dec0ca623d848fb51907d8cdb1cb7bd86e1354e3041052858fb" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "compilation-timestamp", "timestamp": "1701351847", "to_ids": false, "type": "datetime", "uuid": "35bac5ad-97e6-4dca-b7c3-65858b2fc65c", "value": "2020-03-27T03:11:00+00:00" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1701351847", "to_ids": true, "type": "filename", "uuid": "a2569f52-359e-4010-952d-23f5260c1e25", "value": "svm.exe" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "timestamp": "1701351847", "uuid": "d1f42381-a3f9-43ac-bd4a-0af2049dc70d", "Attribute": [ { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1701351847", "to_ids": true, "type": "sha256", "uuid": "9af6830d-1d5a-41ff-80c6-c851ea3d6468", "value": "e0e7b4f6878483bdc8c3e01d4daa11c71e61385e85a6eaa2be8fec04d250b74e" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "compilation-timestamp", "timestamp": "1701351847", "to_ids": false, "type": "datetime", "uuid": "cfedac1b-8f3d-489d-b5a3-48c971c3437a", "value": "2020-03-27T03:16:00+00:00" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1701351847", "to_ids": true, "type": "filename", "uuid": "3ad0d286-bfcc-465d-a99a-7d1618566d93", "value": "dga.exe" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "timestamp": "1701351847", "uuid": "57a4955c-6c61-494c-9c18-b6b144cfcfae", "Attribute": [ { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1701351847", "to_ids": true, "type": "sha256", "uuid": "e85a01d3-573a-417b-a6d5-9bd56799df84", "value": "e8118cb2941c0421a2f6942919f8541b5fab348e2334102eab8654d2c4bff8ed" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "compilation-timestamp", "timestamp": "1701351847", "to_ids": false, "type": "datetime", "uuid": "a46e740b-3140-4926-954a-76c3b5632cf4", "value": "2020-03-27T03:16:00+00:00" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1701351847", "to_ids": true, "type": "filename", "uuid": "58c664f6-285b-4181-9f75-15b6b856a5ad", "value": "idgclient.exe" } ] }, { "comment": "Remote Access Trojan", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "timestamp": "1701783705", "uuid": "56678941-6891-43a3-9b44-372c1dc4acc5", "ObjectReference": [ { "comment": "", "object_uuid": "56678941-6891-43a3-9b44-372c1dc4acc5", "referenced_uuid": "c2cb668d-ecf5-4b02-8945-809e70013f93", "relationship_type": "communicates-with", "timestamp": "1701783680", "uuid": "2ffc8423-1f34-4fcb-99dd-b1768c74b4ab" }, { "comment": "", "object_uuid": "56678941-6891-43a3-9b44-372c1dc4acc5", "referenced_uuid": "d6ff3893-5b58-412d-a38f-a42ff6b55ce2", "relationship_type": "communicates-with", "timestamp": "1701783693", "uuid": "4d441395-cf98-46e5-ac26-adf923ba9210" }, { "comment": "", "object_uuid": "56678941-6891-43a3-9b44-372c1dc4acc5", "referenced_uuid": "83c0441c-7262-46b2-b3e0-242171581ba0", "relationship_type": "communicates-with", "timestamp": "1701783705", "uuid": "13d2feb1-04eb-4e7a-8ed9-c329ba4a8674" } ], "Attribute": [ { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1701351847", "to_ids": true, "type": "sha256", "uuid": "447dff07-b09c-4099-9b1e-b739fa8445be", "value": "f21623311a947d8a9f2dd05c098f45c3ef12be3cbf79fb49659e5bfc1588cdfe" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "compilation-timestamp", "timestamp": "1701351847", "to_ids": false, "type": "datetime", "uuid": "d72fa4dd-9771-4459-b1e8-66436d38b5cc", "value": "2016-12-19T15:41:22+00:00" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1701351847", "to_ids": true, "type": "filename", "uuid": "21b204a0-5eda-4512-8f79-0b717f2e3ae3", "value": "IDG-NINGZHIV1.0-20200310.exe" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "timestamp": "1701351847", "uuid": "354eb109-0414-4137-bc65-273dead6fd36", "Attribute": [ { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1701351847", "to_ids": true, "type": "sha256", "uuid": "fa210fdf-9aea-4b5c-93b2-193272cb4c58", "value": "f89e898ea40e10901c0c9f9100f269a227323ace1f7248293bfd57982dea1a67" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "compilation-timestamp", "timestamp": "1701351847", "to_ids": false, "type": "datetime", "uuid": "af1be9a9-f292-4f01-8e99-4055c870f739", "value": "2020-03-23T13:05:00+00:00" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1701351847", "to_ids": true, "type": "filename", "uuid": "507d9347-d56c-4852-8b12-dec20f764433", "value": "svm.exe" } ] }, { "comment": "Remote Access Trojan", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "timestamp": "1701781389", "uuid": "a0c09246-2a75-4b64-998b-2ce88008946b", "ObjectReference": [ { "comment": "", "object_uuid": "a0c09246-2a75-4b64-998b-2ce88008946b", "referenced_uuid": "c2cb668d-ecf5-4b02-8945-809e70013f93", "relationship_type": "communicates-with", "timestamp": "1701781362", "uuid": "ed4f9816-37cf-4f68-98d4-5c2e81a2dd5c" }, { "comment": "", "object_uuid": "a0c09246-2a75-4b64-998b-2ce88008946b", "referenced_uuid": "d6ff3893-5b58-412d-a38f-a42ff6b55ce2", "relationship_type": "communicates-with", "timestamp": "1701781374", "uuid": "1efe061f-0de3-4032-84c7-1f1a27ef2404" }, { "comment": "", "object_uuid": "a0c09246-2a75-4b64-998b-2ce88008946b", "referenced_uuid": "83c0441c-7262-46b2-b3e0-242171581ba0", "relationship_type": "communicates-with", "timestamp": "1701781389", "uuid": "a966737b-8c85-4840-906d-618ee2c809a7" } ], "Attribute": [ { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1701351847", "to_ids": true, "type": "sha256", "uuid": "96f60b0a-5999-46c4-a4e2-f3c448222ce4", "value": "ffbeaa5947fc467fce27c765a4e8dc08e45c8ca13e583f5271b19e944e0cb8e3" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "compilation-timestamp", "timestamp": "1701351847", "to_ids": false, "type": "datetime", "uuid": "212e1c59-1280-4fd8-bef7-e1fe99db26f7", "value": "2016-12-19T15:41:22+00:00" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1701351847", "to_ids": true, "type": "filename", "uuid": "7159358e-28d9-47b8-9683-6caa1301f137", "value": "svm.exe" } ] }, { "comment": "", "deleted": false, "description": "A domain/hostname and IP address seen as a tuple in a specific time frame.", "meta-category": "network", "name": "domain-ip", "template_uuid": "43b3b146-77eb-4931-b4cc-b66c60f28734", "template_version": "11", "timestamp": "1701354292", "uuid": "81f03e90-ce30-4ba2-b79c-a142e06c1323", "Attribute": [ { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "hostname", "timestamp": "1701354292", "to_ids": true, "type": "hostname", "uuid": "0e22a412-4595-418e-a81a-b4af5eb153c1", "value": "download.ningzhidata.com" } ] }, { "comment": "Remote Access Trojan", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "timestamp": "1701772278", "uuid": "68928c6b-59d5-4d04-a1f7-9d70b4b9f0fa", "ObjectReference": [ { "comment": "", "object_uuid": "68928c6b-59d5-4d04-a1f7-9d70b4b9f0fa", "referenced_uuid": "c2cb668d-ecf5-4b02-8945-809e70013f93", "relationship_type": "communicates-with", "timestamp": "1701356041", "uuid": "672eabdb-ca5e-43bf-8e35-598481406046" }, { "comment": "", "object_uuid": "68928c6b-59d5-4d04-a1f7-9d70b4b9f0fa", "referenced_uuid": "d6ff3893-5b58-412d-a38f-a42ff6b55ce2", "relationship_type": "communicates-with", "timestamp": "1701356061", "uuid": "f909e796-591c-435e-8ca0-a6337e8db11d" }, { "comment": "", "object_uuid": "68928c6b-59d5-4d04-a1f7-9d70b4b9f0fa", "referenced_uuid": "83c0441c-7262-46b2-b3e0-242171581ba0", "relationship_type": "communicates-with", "timestamp": "1701356240", "uuid": "d68db6f1-a0be-4786-9a4b-cc08ff0a4fe7" }, { "comment": "", "object_uuid": "68928c6b-59d5-4d04-a1f7-9d70b4b9f0fa", "referenced_uuid": "69e13243-e7e0-4726-a10a-01fd046ded89", "relationship_type": "communicates-with", "timestamp": "1701356253", "uuid": "925e0320-0928-48da-9dda-b0df20982ed8" }, { "comment": "", "object_uuid": "68928c6b-59d5-4d04-a1f7-9d70b4b9f0fa", "referenced_uuid": "a1913402-5d6f-4fd1-b158-17c06372b82e", "relationship_type": "communicates-with", "timestamp": "1701356268", "uuid": "4417b617-d4a9-44ed-ac3f-808b12b7e9e9" }, { "comment": "", "object_uuid": "68928c6b-59d5-4d04-a1f7-9d70b4b9f0fa", "referenced_uuid": "99bd5142-86d7-44d9-a1b9-c214a5eb64f9", "relationship_type": "communicates-with", "timestamp": "1701356298", "uuid": "db8718e4-2baf-4530-821c-ef4d7885a7bf" } ], "Attribute": [ { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1701772278", "to_ids": true, "type": "sha256", "uuid": "4c121fa5-58b0-4a91-9d31-4a05effe4184", "value": "3b8761d2e19bc5185f55cc2f575bbe54a45a52fc1c8650a60f1bd13e01e24655" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1701772278", "to_ids": true, "type": "filename", "uuid": "07db895f-cfd8-4f42-bc0d-f0b74bc19121", "value": "svm.exe" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "compilation-timestamp", "timestamp": "1701772278", "to_ids": false, "type": "datetime", "uuid": "0f8a0847-3449-435f-a97d-ae5735dc311b", "value": "2016-12-19T15:41:22+00:00" } ] }, { "comment": "Installs the tax invoice gatherer, running as a service", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "timestamp": "1702459840", "uuid": "56518dcb-1ead-4b1e-95ba-c07253f392a2", "ObjectReference": [ { "comment": "", "object_uuid": "56518dcb-1ead-4b1e-95ba-c07253f392a2", "referenced_uuid": "8a96e601-a86d-498e-9ea0-6d9052443f2d", "relationship_type": "drops", "timestamp": "1702374555", "uuid": "a4bf2f28-5557-4d72-87e2-d305d485e412" }, { "comment": "", "object_uuid": "56518dcb-1ead-4b1e-95ba-c07253f392a2", "referenced_uuid": "51b9a083-6bb7-453e-a3d1-70137283f004", "relationship_type": "drops", "timestamp": "1702374571", "uuid": "aa3d85f6-da36-4964-aa79-0f0ec3e37b4c" }, { "comment": "", "object_uuid": "56518dcb-1ead-4b1e-95ba-c07253f392a2", "referenced_uuid": "1ec351fd-aba4-44ce-abfc-ae24e2007297", "relationship_type": "drops", "timestamp": "1702374587", "uuid": "89ffeeac-3888-4b51-ad2b-5731f1a17100" }, { "comment": "", "object_uuid": "56518dcb-1ead-4b1e-95ba-c07253f392a2", "referenced_uuid": "29908be1-f56d-4e97-9892-8830c9d29241", "relationship_type": "drops", "timestamp": "1702374599", "uuid": "c65de691-e347-4179-b3e8-e83f136810fb" }, { "comment": "", "object_uuid": "56518dcb-1ead-4b1e-95ba-c07253f392a2", "referenced_uuid": "f36ce21a-4c59-4731-9929-1af4ff97f21f", "relationship_type": "drops", "timestamp": "1702374610", "uuid": "f773112f-e16f-4a86-9f32-3e1dd187d467" }, { "comment": "", "object_uuid": "56518dcb-1ead-4b1e-95ba-c07253f392a2", "referenced_uuid": "8e56f0cf-4efb-4ce4-9de0-61467c133f58", "relationship_type": "drops", "timestamp": "1702374623", "uuid": "f7871b84-c0f7-4d4c-9db3-f7882b8e31d5" }, { "comment": "", "object_uuid": "56518dcb-1ead-4b1e-95ba-c07253f392a2", "referenced_uuid": "858c9869-c1a4-46a1-9075-cd11ead979ef", "relationship_type": "drops", "timestamp": "1702374635", "uuid": "056b4266-e4e7-4510-9f48-69e55f093388" }, { "comment": "", "object_uuid": "56518dcb-1ead-4b1e-95ba-c07253f392a2", "referenced_uuid": "3a99c93d-3e6f-492a-ae6c-b05c00c23275", "relationship_type": "drops", "timestamp": "1702374647", "uuid": "1e66343d-4a9a-4b03-8ac7-814ea96a0a66" }, { "comment": "", "object_uuid": "56518dcb-1ead-4b1e-95ba-c07253f392a2", "referenced_uuid": "e14f5aa2-9045-444e-80f1-fa2ef5d0953c", "relationship_type": "drops", "timestamp": "1702374660", "uuid": "22eb1481-2cfc-4e0e-af9f-6aab89ea2ae1" } ], "Attribute": [ { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1701955313", "to_ids": true, "type": "md5", "uuid": "525caba0-00cd-4543-b271-bda7e6d03205", "value": "39393db9ff05b587ef42ae6340f03a85" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "filename", "timestamp": "1701955313", "to_ids": true, "type": "filename", "uuid": "5c8fc242-e776-4e7c-a439-2b742bf50642", "value": "XYRZSetup.exe" } ] }, { "comment": "Installs the plugin manager \u2013 plugin.exe and mplugin.exe and also downloads the backdoor installer svminstall.exe", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "timestamp": "1702459998", "uuid": "734c8381-f0a4-4eaf-80c6-ef93743c0445", "ObjectReference": [ { "comment": "", "object_uuid": "734c8381-f0a4-4eaf-80c6-ef93743c0445", "referenced_uuid": "0ce35428-7b9f-4966-b5c9-915a963a2025", "relationship_type": "downloads", "timestamp": "1702459954", "uuid": "8c007932-f749-441c-b490-f09f012c2ddf" }, { "comment": "", "object_uuid": "734c8381-f0a4-4eaf-80c6-ef93743c0445", "referenced_uuid": "64ca88c1-8b48-43e5-b094-77cc69d934e7", "relationship_type": "downloads", "timestamp": "1702459969", "uuid": "a006134e-28a8-4062-8551-54b71efc3e8c" }, { "comment": "", "object_uuid": "734c8381-f0a4-4eaf-80c6-ef93743c0445", "referenced_uuid": "91004b93-92fb-46cb-a690-ee49d550fd87", "relationship_type": "downloads", "timestamp": "1702459978", "uuid": "f063bae9-1615-486d-b71d-fe3aadc4b704" }, { "comment": "", "object_uuid": "734c8381-f0a4-4eaf-80c6-ef93743c0445", "referenced_uuid": "288d3f46-333a-400f-b20d-8e742292776a", "relationship_type": "downloads", "timestamp": "1702459989", "uuid": "899dfb0b-6df7-47d8-ad3d-8160f9cde86f" }, { "comment": "", "object_uuid": "734c8381-f0a4-4eaf-80c6-ef93743c0445", "referenced_uuid": "4c20a6ae-008e-4d33-aa13-6286d7c1fc47", "relationship_type": "downloads", "timestamp": "1702459998", "uuid": "86ffa4e3-3af0-41b5-b860-819aabb5b6a4" } ], "Attribute": [ { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1701955326", "to_ids": true, "type": "md5", "uuid": "5cc5d97a-19f0-4482-82b2-f5a1d78f5526", "value": "84ff122838c0da5ab5ddcaa8f45f7011" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "filename", "timestamp": "1701955326", "to_ids": true, "type": "filename", "uuid": "d5ac3faa-7fd1-4f20-819f-45c04b017aa6", "value": "PluginSetup.exe" } ] }, { "comment": "PKCS11 Library", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "timestamp": "1702032268", "uuid": "8a96e601-a86d-498e-9ea0-6d9052443f2d", "Attribute": [ { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "filename", "timestamp": "1701960161", "to_ids": true, "type": "filename", "uuid": "fccbab0d-86e4-4230-ab58-6e5804c36612", "value": "libp11.dll" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1701960161", "to_ids": true, "type": "md5", "uuid": "8271dd17-c7e2-45a0-b226-df9831c6ee1f", "value": "7b8d8a81b32209a80fb974cf89697116" } ] }, { "comment": "Configuration file", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "timestamp": "1702032278", "uuid": "51b9a083-6bb7-453e-a3d1-70137283f004", "Attribute": [ { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "filename", "timestamp": "1701960260", "to_ids": true, "type": "filename", "uuid": "67cf16a1-3e7b-4a9e-8652-64a771a36205", "value": "serverjsp.ini" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1701960260", "to_ids": true, "type": "md5", "uuid": "43232dda-8dee-4fba-b3b6-c68132282e09", "value": "2d9427f26131249333c60139d0995f88" } ] }, { "comment": "SQLite Library", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "timestamp": "1702032581", "uuid": "29908be1-f56d-4e97-9892-8830c9d29241", "Attribute": [ { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "filename", "timestamp": "1701960933", "to_ids": true, "type": "filename", "uuid": "1b001ef9-621d-41bb-ad5a-5c31bb7cb0c9", "value": "sqlite3.dll" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1701960933", "to_ids": true, "type": "md5", "uuid": "f8193bcc-4fd7-422a-b978-63cdd3ac22f8", "value": "7593a2422d0ea17fac214af4a1efa194" } ] }, { "comment": "SSL Library", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "timestamp": "1702032607", "uuid": "1ec351fd-aba4-44ce-abfc-ae24e2007297", "Attribute": [ { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "filename", "timestamp": "1701961484", "to_ids": true, "type": "filename", "uuid": "a5c3601a-f59d-4f7a-8944-1752f6894dc3", "value": "SSLeay32.dll" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1701961484", "to_ids": true, "type": "md5", "uuid": "a2e9c262-4a34-43d2-a7c2-3a8f026e2393", "value": "3cb5a5dc5701c2961742bdb05a43c6d0" } ] }, { "comment": "Program uninstaller", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "timestamp": "1702032617", "uuid": "f36ce21a-4c59-4731-9929-1af4ff97f21f", "Attribute": [ { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "filename", "timestamp": "1701961510", "to_ids": true, "type": "filename", "uuid": "e16b4a52-0e6e-40ec-9e38-7b254d1ec319", "value": "uninst.exe" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1701961510", "to_ids": true, "type": "md5", "uuid": "333e2487-9b4b-43e5-914e-0bc403eada39", "value": "8d5692af55e44e471a27a0fc401ac6ba" } ] }, { "comment": "Tax Invoice Gatherer and Uploaded", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "timestamp": "1702032659", "uuid": "8e56f0cf-4efb-4ce4-9de0-61467c133f58", "Attribute": [ { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "filename", "timestamp": "1701961629", "to_ids": true, "type": "filename", "uuid": "1fffbe3f-9b7e-4cfa-9822-2221fb27166c", "value": "xyrzsvc.exe" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1701961629", "to_ids": true, "type": "md5", "uuid": "9ad7beb6-a1bf-448b-b5fb-f3b458b921ec", "value": "52a64ae155ef5ec37966e787ab1678a2" } ] }, { "comment": "SQLite schema", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "timestamp": "1702032673", "uuid": "858c9869-c1a4-46a1-9075-cd11ead979ef", "Attribute": [ { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "filename", "timestamp": "1701961648", "to_ids": true, "type": "filename", "uuid": "793df5ee-9c4a-43be-a7d6-2f83cb0b5956", "value": "Aisino.dll" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1701961648", "to_ids": true, "type": "md5", "uuid": "ac10d7ae-f5e7-4441-bbc5-655ea76e6a9c", "value": "cf9933a40f9a348b412da0953a7de6f3" } ] }, { "comment": "Public Key Cryptography Standard", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "timestamp": "1702032715", "uuid": "3a99c93d-3e6f-492a-ae6c-b05c00c23275", "Attribute": [ { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "filename", "timestamp": "1701961663", "to_ids": true, "type": "filename", "uuid": "b10b7315-1af6-4b00-8346-2b5cc50de426", "value": "CTptkcs.dll" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1701961663", "to_ids": true, "type": "md5", "uuid": "609c5de6-c8da-41d8-a0d3-32aa32c38b91", "value": "696721fb92e109010b03304fda0c960f" } ] }, { "comment": "Tax Card Code Library", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "timestamp": "1702032737", "uuid": "e14f5aa2-9045-444e-80f1-fa2ef5d0953c", "Attribute": [ { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "filename", "timestamp": "1701961683", "to_ids": true, "type": "filename", "uuid": "4eed8359-4fda-496f-95e3-ccd69ad29d3f", "value": "JsDevInfoDll.dll" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1701961683", "to_ids": true, "type": "md5", "uuid": "11ce20f2-e365-4a13-aef6-1c8f0d9f33f3", "value": "7c348eac40b9dbf6bd52db2985abee42" } ] }, { "comment": "is a setup file that installs the electronic signing application. The program and component files are installed under the folder %ProgramFiles%\\Signtool", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "timestamp": "1702378389", "uuid": "499f7525-508b-463d-8124-ba263c1727a5", "ObjectReference": [ { "comment": "", "object_uuid": "499f7525-508b-463d-8124-ba263c1727a5", "referenced_uuid": "8bd144dd-eea0-448e-87c0-67a556c36700", "relationship_type": "drops", "timestamp": "1702377692", "uuid": "0653800a-24e5-4704-83c0-c755d1804d2e" }, { "comment": "", "object_uuid": "499f7525-508b-463d-8124-ba263c1727a5", "referenced_uuid": "3a99c93d-3e6f-492a-ae6c-b05c00c23275", "relationship_type": "drops", "timestamp": "1702377708", "uuid": "8699ae4b-fa4d-4e3a-98a6-089070c1d3f8" }, { "comment": "", "object_uuid": "499f7525-508b-463d-8124-ba263c1727a5", "referenced_uuid": "e14f5aa2-9045-444e-80f1-fa2ef5d0953c", "relationship_type": "drops", "timestamp": "1702377724", "uuid": "3f2326b0-2395-4243-9f05-929bed5a5c2f" }, { "comment": "", "object_uuid": "499f7525-508b-463d-8124-ba263c1727a5", "referenced_uuid": "3f3839ec-a575-4603-a292-fab98e7c6038", "relationship_type": "drops", "timestamp": "1702377786", "uuid": "edfcd314-fcc5-4281-a64f-f1ac2b7c95ed" }, { "comment": "", "object_uuid": "499f7525-508b-463d-8124-ba263c1727a5", "referenced_uuid": "3f3839ec-a575-4603-a292-fab98e7c6038", "relationship_type": "drops", "timestamp": "1702377798", "uuid": "b99b86fb-a8b7-4546-aa30-c5ecc89b80e5" }, { "comment": "", "object_uuid": "499f7525-508b-463d-8124-ba263c1727a5", "referenced_uuid": "657df46a-50d1-4010-b30a-a7f64574e0d9", "relationship_type": "drops", "timestamp": "1702377832", "uuid": "abc51a47-d8d4-4ded-92bc-4de71264d098" }, { "comment": "", "object_uuid": "499f7525-508b-463d-8124-ba263c1727a5", "referenced_uuid": "8a96e601-a86d-498e-9ea0-6d9052443f2d", "relationship_type": "drops", "timestamp": "1702377936", "uuid": "1fe70cf3-b8dd-4521-9c3a-02fc5e1cdb38" }, { "comment": "", "object_uuid": "499f7525-508b-463d-8124-ba263c1727a5", "referenced_uuid": "fe41ce79-dc2a-4fc1-93e5-8e7ff38e727f", "relationship_type": "drops", "timestamp": "1702378362", "uuid": "245facce-6a82-410d-9df7-b702a1651f43" }, { "comment": "", "object_uuid": "499f7525-508b-463d-8124-ba263c1727a5", "referenced_uuid": "98843b28-2cbc-4195-aced-0460e2b8d8b6", "relationship_type": "drops", "timestamp": "1702378374", "uuid": "83562088-355a-4a4f-8d2b-b6f9abc56ede" }, { "comment": "", "object_uuid": "499f7525-508b-463d-8124-ba263c1727a5", "referenced_uuid": "1ec351fd-aba4-44ce-abfc-ae24e2007297", "relationship_type": "drops", "timestamp": "1702378389", "uuid": "9fa3b055-4260-4b2e-acff-7fb936084f4f" } ], "Attribute": [ { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "filename", "timestamp": "1702028988", "to_ids": true, "type": "filename", "uuid": "fb8c05b8-381a-4f2e-9a0f-afabb53d5080", "value": "SignToolSetup.exe" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1702028988", "to_ids": true, "type": "md5", "uuid": "0d90d859-8bb2-4924-8a4e-602ca581c520", "value": "04f100f771ed8dd238fdf41a0f85977a" } ] }, { "comment": "HELP file", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "timestamp": "1702041261", "uuid": "8bd144dd-eea0-448e-87c0-67a556c36700", "Attribute": [ { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "filename", "timestamp": "1702041261", "to_ids": true, "type": "filename", "uuid": "9daf4692-392a-4a73-ba44-422159e9d34c", "value": "help.pdf" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1702041261", "to_ids": true, "type": "md5", "uuid": "6fda01ba-b000-4b6f-b895-de96b3e55b90", "value": "b94c7fc5528f5e233a9900991c7757ca" } ] }, { "comment": "CURL Library", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "timestamp": "1702041694", "uuid": "3f3839ec-a575-4603-a292-fab98e7c6038", "Attribute": [ { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "filename", "timestamp": "1702041694", "to_ids": true, "type": "filename", "uuid": "719a07f3-5b89-4b49-a88a-eb6681a7d63d", "value": "libcurl.dll" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1702041694", "to_ids": true, "type": "md5", "uuid": "d0eed729-1889-4a8b-bc3f-cc6787ef5253", "value": "b672963bb8fc75b7c122082b5e567058" } ] }, { "comment": "OpenSSL Library", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "timestamp": "1702041864", "uuid": "657df46a-50d1-4010-b30a-a7f64574e0d9", "Attribute": [ { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "filename", "timestamp": "1702041864", "to_ids": true, "type": "filename", "uuid": "5c04bc76-daf6-46ef-affb-239810a5549c", "value": "libeay32.dll" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1702041864", "to_ids": true, "type": "md5", "uuid": "213768c4-d4b9-455d-a397-53b6ab1f0da6", "value": "0852402f8f75c9a75a74114af75f34c5" } ] }, { "comment": "QR Generator Library", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "timestamp": "1702043949", "uuid": "fe41ce79-dc2a-4fc1-93e5-8e7ff38e727f", "Attribute": [ { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "filename", "timestamp": "1702043949", "to_ids": true, "type": "filename", "uuid": "8a67c9a5-4991-43e8-b15c-64c32c973f70", "value": "QRGenerator.dll" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1702043949", "to_ids": true, "type": "md5", "uuid": "6012a0ed-df7b-4878-bf3c-8d7839899b6c", "value": "f8246f3e4391c50c53c2417b9fea3a33" } ] }, { "comment": "Electronic contract signing tool and document file uploader", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "timestamp": "1702044766", "uuid": "98843b28-2cbc-4195-aced-0460e2b8d8b6", "Attribute": [ { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1702044766", "to_ids": true, "type": "md5", "uuid": "31356075-3123-487c-b5c5-b13b0ffd06bb", "value": "05b0e15a989182e97e6068344840406f" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "filename", "timestamp": "1702044766", "to_ids": true, "type": "filename", "uuid": "ac1c0642-6e2c-4b9a-95ee-e75111b6d41d", "value": "SignTool.exe" } ] }, { "comment": "this executable file monitors and makes sure that plugin.exe process is running. When plugin.exe is terminated, it will respawn it. It also checks tax software update from the host: http://upgrade.i-xinnuo[.]com", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "timestamp": "1702046483", "uuid": "76062895-7556-47cf-9bb4-f02dd5d7ac09", "Attribute": [ { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "filename", "timestamp": "1702046483", "to_ids": true, "type": "filename", "uuid": "e6e44ff8-08fc-4d8c-bc38-f22c53993b43", "value": "MPlugin.exe" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1702046483", "to_ids": true, "type": "md5", "uuid": "a956392c-4fc5-47e9-9913-b27a0dc15367", "value": "946945ee4555fc7f7aced80904fe802f" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "timestamp": "1702376752", "uuid": "4daa6a76-e7d6-4094-a9fa-fd3a36e6a9d0", "ObjectReference": [ { "comment": "", "object_uuid": "4daa6a76-e7d6-4094-a9fa-fd3a36e6a9d0", "referenced_uuid": "cb1e3793-c635-4787-95ef-170010d073d5", "relationship_type": "contains", "timestamp": "1702371888", "uuid": "13771532-68fe-40dc-b057-da56606c5a19" }, { "comment": "", "object_uuid": "4daa6a76-e7d6-4094-a9fa-fd3a36e6a9d0", "referenced_uuid": "499f7525-508b-463d-8124-ba263c1727a5", "relationship_type": "contains", "timestamp": "1702376752", "uuid": "df2ea6d8-a85c-4b32-8d6f-8bf1cf2d419b" } ], "Attribute": [ { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1702371802", "to_ids": true, "type": "md5", "uuid": "979ab01e-afda-45f3-8837-96baf32be05d", "value": "85223e82337f409697b951207a2d91e6" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "timestamp": "1702372059", "uuid": "cb1e3793-c635-4787-95ef-170010d073d5", "ObjectReference": [ { "comment": "", "object_uuid": "cb1e3793-c635-4787-95ef-170010d073d5", "referenced_uuid": "56518dcb-1ead-4b1e-95ba-c07253f392a2", "relationship_type": "contains", "timestamp": "1702372037", "uuid": "9a843252-41fc-4265-8e5e-6a917f66a404" }, { "comment": "", "object_uuid": "cb1e3793-c635-4787-95ef-170010d073d5", "referenced_uuid": "734c8381-f0a4-4eaf-80c6-ef93743c0445", "relationship_type": "contains", "timestamp": "1702372059", "uuid": "a73adc97-50a8-4f5f-a647-29bfbd3fe438" } ], "Attribute": [ { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1702371871", "to_ids": true, "type": "md5", "uuid": "13797f8b-9882-407f-a61a-195d47cbd4c8", "value": "8ecc9a53cc99bde757df9e718fd3af17" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "filename", "timestamp": "1702371872", "to_ids": true, "type": "filename", "uuid": "257cff4b-eaa9-446c-8443-947a0731d925", "value": "PluginManagerSetup.exe" } ] }, { "comment": "This is the main plugin manager program. A thread is created to get instructions from the execute commands from the remote host http://upgrade.i-xinnuo[.]com mainly for managing tax", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "timestamp": "1702477655", "uuid": "f0f1cf7c-3ca1-4fb3-9dd3-f25340b7f3b8", "Attribute": [ { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "filename", "timestamp": "1702477655", "to_ids": true, "type": "filename", "uuid": "40bec949-5d0c-4b76-9748-d9053daa1e97", "value": "plugin.exe" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1702477655", "to_ids": true, "type": "md5", "uuid": "bf581ac1-b744-4f1c-a6f1-2db4b75fdbdf", "value": "134d9ffc9c65366e690c2a4852ec6835" } ] } ] } }