{ "Event": { "analysis": "2", "date": "2019-08-05", "extends_uuid": "", "info": "OSINT - From Carnaval to Cinco de Mayo \u00e2\u20ac\u201c The journey of Amavaldo", "publish_timestamp": "1565505814", "published": true, "threat_level_id": "3", "timestamp": "1565505795", "uuid": "5d47cdea-435c-45aa-8db0-4693950d210f", "Orgc": { "name": "CIRCL", "uuid": "55f6ea5e-2c60-40e5-964f-47a8950d210f" }, "Tag": [ { "colour": "#00b3b3", "local": false, "name": "ecsirt:intrusions=\"backdoor\"", "relationship_type": "" }, { "colour": "#00a9ce", "local": false, "name": "veris:action:malware:variety=\"Backdoor\"", "relationship_type": "" }, { "colour": "#2c0037", "local": false, "name": "ms-caro-malware:malware-type=\"Backdoor\"", "relationship_type": "" }, { "colour": "#001534", "local": false, "name": "ms-caro-malware-full:malware-type=\"Backdoor\"", "relationship_type": "" }, { "colour": "#0088cc", "local": false, "name": "misp-galaxy:mitre-attack-pattern=\"Masquerading - T1036\"", "relationship_type": "" }, { "colour": "#0088cc", "local": false, "name": "misp-galaxy:mitre-attack-pattern=\"Spearphishing via Service - T1194\"", "relationship_type": "" }, { "colour": "#0088cc", "local": false, "name": "misp-galaxy:mitre-attack-pattern=\"Screen Capture - T1113\"", "relationship_type": "" }, { "colour": "#0088cc", "local": false, "name": "misp-galaxy:mitre-attack-pattern=\"Input Capture - T1056\"", "relationship_type": "" }, { "colour": "#0088cc", "local": false, "name": "misp-galaxy:mitre-attack-pattern=\"Video Capture - T1125\"", "relationship_type": "" }, { "colour": "#0088cc", "local": false, "name": "misp-galaxy:mitre-attack-pattern=\"Forced Authentication - T1187\"", "relationship_type": "" }, { "colour": "#0088cc", "local": false, "name": "misp-galaxy:mitre-attack-pattern=\"Application Deployment Software - T1017\"", "relationship_type": "" }, { "colour": "#00abd0", "local": false, "name": "veris:action:malware:variety=\"Spyware/Keylogger\"", "relationship_type": "" }, { "colour": "#0088cc", "local": false, "name": "misp-galaxy:rat=\"Amavaldo Banking Trojan\"", "relationship_type": "" }, { "colour": "#0088cc", "local": false, "name": "misp-galaxy:tool=\"Amavaldo\"", "relationship_type": "" }, { "colour": "#ffffff", "local": false, "name": "tlp:white", "relationship_type": "" }, { "colour": "#004646", "local": false, "name": "type:OSINT", "relationship_type": "" }, { "colour": "#0071c3", "local": false, "name": "osint:lifetime=\"perpetual\"", "relationship_type": "" }, { "colour": "#0087e8", "local": false, "name": "osint:certainty=\"50\"", "relationship_type": "" } ], "Attribute": [ { "category": "External analysis", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1564986874", "to_ids": false, "type": "link", "uuid": "5d47cdfa-0d14-464f-8041-4abe950d210f", "value": "https://www.welivesecurity.com/2019/08/01/banking-trojans-amavaldo/" } ], "Object": [ { "comment": "Abused legitimate application", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "17", "timestamp": "1565090840", "uuid": "5d482f74-badc-495e-920c-4329950d210f", "Attribute": [ { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1565090840", "to_ids": true, "type": "filename", "uuid": "5d482f74-756c-4de9-98ac-431c950d210f", "value": "ctfmon.exe" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1565090840", "to_ids": true, "type": "sha1", "uuid": "5d496418-e830-4325-9690-bb6e950d210f", "value": "6c04499f7406e270b590374ef813c4012530273e" } ] }, { "comment": "encrypted banking trojan - ESET detection name: Win32/Spy.Amavaldo.N trojan", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "17", "timestamp": "1565091752", "uuid": "5d483181-9e28-42d9-b8a9-460d950d210f", "ObjectReference": [ { "comment": "", "object_uuid": "5d483181-9e28-42d9-b8a9-460d950d210f", "referenced_uuid": "5d48319b-07ec-4769-9c2f-4fda950d210f", "relationship_type": "executed-by", "timestamp": "1565074484", "uuid": "5d492434-cffc-4d0f-a4e5-46cc950d210f" } ], "Attribute": [ { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1565091752", "to_ids": true, "type": "filename", "uuid": "5d483181-1c60-48df-af8a-4c11950d210f", "value": "MsCtfMonitor" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1565091754", "to_ids": true, "type": "sha1", "uuid": "5d4967aa-1c74-4c71-ab60-1f42950d210f", "value": "b761d9216c00f5e2871de16ae157de13c6283b5d" } ] }, { "comment": "Injector for Amavaldo - ESET detection name: Win32/Spy.Amavaldo.U trojan", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "17", "timestamp": "1565090891", "uuid": "5d48319b-07ec-4769-9c2f-4fda950d210f", "ObjectReference": [ { "comment": "", "object_uuid": "5d48319b-07ec-4769-9c2f-4fda950d210f", "referenced_uuid": "5d483181-9e28-42d9-b8a9-460d950d210f", "relationship_type": "executes", "timestamp": "1565074467", "uuid": "5d492423-237c-4590-bc3b-47d2950d210f" } ], "Attribute": [ { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1565090891", "to_ids": true, "type": "filename", "uuid": "5d48319d-058c-4031-95f4-47f4950d210f", "value": "MsCtfMonitor.dll" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1565090891", "to_ids": true, "type": "sha1", "uuid": "5d49644b-d6d4-4833-8f0b-73e6950d210f", "value": "1d56bab28793e3ab96e390f09f02425e52e28ffc" } ] }, { "comment": "", "deleted": false, "description": "Object to describe mutual exclusion locks (mutex) as seen in memory or computer program", "meta-category": "misc", "name": "mutex", "template_uuid": "9f5c1a68-2021-4faa-b409-61c899c86466", "template_version": "1", "timestamp": "1565075302", "uuid": "5d492766-d074-47b5-9e28-4a78950d210f", "Attribute": [ { "category": "Other", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "name", "timestamp": "1565075302", "to_ids": false, "type": "text", "uuid": "5d492766-a034-4476-870d-4ed7950d210f", "value": "D7F8FEDF-D9A0-4335-A619-D3BB3EEAEDDB" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "description", "timestamp": "1565075302", "to_ids": false, "type": "text", "uuid": "5d492766-870c-4391-8369-4656950d210f", "value": "Additionally, the latest versions of Amavaldo can be identified by a mutex that seems to have the constant name" } ] }, { "comment": "a tool for checking internet connectivity", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "17", "timestamp": "1565098556", "uuid": "5d493cd2-4ca4-44a7-a9f0-4b5b950d210f", "Attribute": [ { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1565098556", "to_ids": true, "type": "filename", "uuid": "5d493cd2-16ec-42f0-a841-434e950d210f", "value": "AICustAct.dll" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1565098557", "to_ids": true, "type": "sha1", "uuid": "5d49823d-78a4-4def-aaa1-49df950d210f", "value": "b80294261c8a1635e16e14f55a3d76889ff2c857" } ] }, { "comment": "a tool for detecting virtual environment\t", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "17", "timestamp": "1565098533", "uuid": "5d493cf7-aeac-4fd3-99f3-6ecc950d210f", "Attribute": [ { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1565098533", "to_ids": true, "type": "filename", "uuid": "5d493cf7-191c-40a4-8a21-6ecc950d210f", "value": "VmDetect.exe" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1565098533", "to_ids": true, "type": "sha1", "uuid": "5d498225-e624-4368-8ffc-a9bf950d210f", "value": "b191810094dd2ee6b13c0d33458fafcd459681ae" } ] }, { "comment": "Abuse legitimate application", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "17", "timestamp": "1565097200", "uuid": "5d493d5f-8ba4-4543-bcd8-6752950d210f", "Attribute": [ { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1565097200", "to_ids": true, "type": "filename", "uuid": "5d493d5f-aa28-4283-ae05-6752950d210f", "value": "nvsmartmaxapp.exe" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1565097200", "to_ids": true, "type": "sha1", "uuid": "5d497cf0-679c-4776-bf3c-492f950d210f", "value": "12c93bb262696314123562f8a4b158074c9f6b95" } ] }, { "comment": "Injector for Amavaldo - ESET detection name: Win32/Spy.Amavaldo.P trojan", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "17", "timestamp": "1565097237", "uuid": "5d493d77-e7e4-4082-82c3-41d0950d210f", "Attribute": [ { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1565097237", "to_ids": true, "type": "filename", "uuid": "5d493d77-2350-43fc-af14-461f950d210f", "value": "NvSmartMax.dll" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1565097237", "to_ids": true, "type": "sha1", "uuid": "5d497d15-8cb8-4dc1-8e75-422e950d210f", "value": "6d80a959e7f52150fda2241a4073a29085c9386b" } ] }, { "comment": "Amavaldo - ESET detection name: Win32/Spy.Amavaldo.N trojan", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "17", "timestamp": "1565098408", "uuid": "5d493ef5-9554-4e6d-884f-490f950d210f", "Attribute": [ { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1565098408", "to_ids": true, "type": "filename", "uuid": "5d493ef5-67b0-47de-a419-4235950d210f", "value": "NvSmartMax" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1565098409", "to_ids": true, "type": "sha1", "uuid": "5d4981a9-74d8-40cf-8ebd-422c950d210f", "value": "b855d8b1bad07d578013bdb472122e405d49acc1" } ] }, { "comment": "Abused legitimate application", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "17", "timestamp": "1565098509", "uuid": "5d493f8a-85c0-4389-9644-aca6950d210f", "ObjectReference": [ { "comment": "", "object_uuid": "5d493f8a-85c0-4389-9644-aca6950d210f", "referenced_uuid": "5d494a5d-de44-423a-b8d1-daa7950d210f", "relationship_type": "uses", "timestamp": "1565084467", "uuid": "5d494b33-7b58-4afb-a49c-aca4950d210f" } ], "Attribute": [ { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1565098509", "to_ids": true, "type": "filename", "uuid": "5d493f8a-01ec-4b01-bd62-aca6950d210f", "value": "Gup.exe" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1565098509", "to_ids": true, "type": "sha1", "uuid": "5d49820d-c910-48b6-b817-4e35950d210f", "value": "fc37ac7523cf3b4020ec46d6a47bc26957e3c054" } ] }, { "comment": "Injector for email tool - ESET detection name: Win32/Spy.Amavaldo.P trojan", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "17", "timestamp": "1565092661", "uuid": "5d494a11-3c6c-4c89-9d11-daa8950d210f", "Attribute": [ { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1565092661", "to_ids": true, "type": "filename", "uuid": "5d494a11-6ad4-4425-988f-daa8950d210f", "value": "libcurl.dll" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1565092661", "to_ids": true, "type": "sha1", "uuid": "5d496b35-e724-472a-aaa1-1fec950d210f", "value": "4dba5fe842b01b641a7228a4c8f805e4627c0012" } ] }, { "comment": "Email tool - ESET detection name: Win32/Spy.Banker.AEGH trojan", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "17", "timestamp": "1565098679", "uuid": "5d494a3f-1b3c-4bcc-8b34-4db5950d210f", "Attribute": [ { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1565098679", "to_ids": true, "type": "filename", "uuid": "5d494a3f-0508-4b52-95d0-4f88950d210f", "value": "Libcurl" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1565098679", "to_ids": true, "type": "sha1", "uuid": "5d4982b7-6990-4ae2-a684-4ffa950d210f", "value": "9a968341c65ab47bf5c7290f3b36fcf70e9c574b" } ] }, { "comment": "Configuration file for gup.exe", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "17", "timestamp": "1565084447", "uuid": "5d494a5d-de44-423a-b8d1-daa7950d210f", "ObjectReference": [ { "comment": "", "object_uuid": "5d494a5d-de44-423a-b8d1-daa7950d210f", "referenced_uuid": "5d493f8a-85c0-4389-9644-aca6950d210f", "relationship_type": "used-by", "timestamp": "1565084447", "uuid": "5d494b1f-dc50-4aa5-a82d-aca4950d210f" } ], "Attribute": [ { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1565084253", "to_ids": true, "type": "filename", "uuid": "5d494a5d-c624-4099-9331-daa7950d210f", "value": "gup.xml" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "17", "timestamp": "1565087037", "uuid": "5d49553d-701c-4eb3-954a-eaeb950d210f", "Attribute": [ { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1565087038", "to_ids": true, "type": "filename", "uuid": "5d49553e-39c8-4912-95a9-eaeb950d210f", "value": "CurriculumVitae[\u00e2\u20ac\u00a6].msi" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "17", "timestamp": "1565090052", "uuid": "5d496104-67d8-48c9-a044-7a57950d210f", "Attribute": [ { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1565090052", "to_ids": true, "type": "filename", "uuid": "5d496104-a280-40c9-a7c5-7a57950d210f", "value": "FotosPost[\u00e2\u20ac\u00a6].msi" } ] }, { "comment": "Downloader (MSI installer) - ESET detection name: Trojan.VBS/TrojanDownloader.Agent.QSL", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "17", "timestamp": "1565098719", "uuid": "5d4982df-1a94-4914-9cf1-464e950d210f", "Attribute": [ { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1565098719", "to_ids": true, "type": "sha1", "uuid": "5d4982df-0db4-4542-9703-4422950d210f", "value": "e0c8e11f8b271c1e40f5c184afa427ffe99444f8" } ] }, { "comment": "Downloader (MSI installer) - ESET detection name: Win32/TrojanDownloader.Delf.CSG trojan", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "17", "timestamp": "1565098738", "uuid": "5d4982f2-0190-427f-b4c5-4f08950d210f", "Attribute": [ { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1565098738", "to_ids": true, "type": "sha1", "uuid": "5d4982f2-d224-4857-94ae-461a950d210f", "value": "ad1fce0c62b532d097dacfce149c452154d51eb0" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "17", "timestamp": "1565505174", "uuid": "e462def8-1643-4d2f-a15a-825ff3fb335e", "ObjectReference": [ { "comment": "", "object_uuid": "e462def8-1643-4d2f-a15a-825ff3fb335e", "referenced_uuid": "6b54feea-5cb0-4c57-b10c-7a1d4a274581", "relationship_type": "analysed-with", "timestamp": "1565505178", "uuid": "5d4fb69b-2cec-4813-97b8-3d4f02de0b81" } ], "Attribute": [ { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1565098509", "to_ids": true, "type": "md5", "uuid": "8688f006-7d8f-438c-9c88-16384d3a50f5", "value": "45c01734ed56c52797156620a5f8b414" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1565098509", "to_ids": true, "type": "sha1", "uuid": "83fc631f-09a8-46e8-9c55-7fb0d7477348", "value": "fc37ac7523cf3b4020ec46d6a47bc26957e3c054" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1565098509", "to_ids": true, "type": "sha256", "uuid": "09b65315-b799-4b42-8543-c90363576ce3", "value": "20ae23a6793e58761a28949dec7e910ce6479ab9c2b7bcbd7a1bb4df1171c503" } ] }, { "comment": "", "deleted": false, "description": "VirusTotal report", "meta-category": "misc", "name": "virustotal-report", "template_uuid": "d7dd0154-e04f-4c34-a2fb-79f3a3a52aa4", "template_version": "2", "timestamp": "1565505174", "uuid": "6b54feea-5cb0-4c57-b10c-7a1d4a274581", "Attribute": [ { "category": "Other", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "last-submission", "timestamp": "1565098509", "to_ids": false, "type": "datetime", "uuid": "7e4b14b4-0aae-4ef9-a053-82ed74c31fb7", "value": "2019-08-08T11:14:28" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "permalink", "timestamp": "1565098509", "to_ids": false, "type": "link", "uuid": "adeb231a-0e31-41ab-98e6-b1f51bf56107", "value": "https://www.virustotal.com/file/20ae23a6793e58761a28949dec7e910ce6479ab9c2b7bcbd7a1bb4df1171c503/analysis/1565262868/" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "detection-ratio", "timestamp": "1565098509", "to_ids": false, "type": "text", "uuid": "c8287316-9bfc-4ab0-8fe1-1784b0a875df", "value": "1/66" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "17", "timestamp": "1565505175", "uuid": "211c8a88-4c1a-447b-a768-0ab6e30246b8", "ObjectReference": [ { "comment": "", "object_uuid": "211c8a88-4c1a-447b-a768-0ab6e30246b8", "referenced_uuid": "e1227ba7-e304-4792-8a0d-039b87b94ec0", "relationship_type": "analysed-with", "timestamp": "1565505179", "uuid": "5d4fb69b-1f78-4af5-8e51-3d4f02de0b81" } ], "Attribute": [ { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1565097200", "to_ids": true, "type": "md5", "uuid": "1817a1d3-f2a6-4147-a964-16b2a7e43d3f", "value": "df3e0e32d1e1fb50cc292aebc5e5b322" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1565097200", "to_ids": true, "type": "sha1", "uuid": "35649e75-d206-4fbc-a6da-799bcd174fb9", "value": "12c93bb262696314123562f8a4b158074c9f6b95" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1565097200", "to_ids": true, "type": "sha256", "uuid": "59dd6a06-fe97-4b10-b504-62b17423c31c", "value": "6a1f91b94bc6c7167967983a78aa1c8780decad66c278e3d7da5e8d4dbec4412" } ] }, { "comment": "", "deleted": false, "description": "VirusTotal report", "meta-category": "misc", "name": "virustotal-report", "template_uuid": "d7dd0154-e04f-4c34-a2fb-79f3a3a52aa4", "template_version": "2", "timestamp": "1565505175", "uuid": "e1227ba7-e304-4792-8a0d-039b87b94ec0", "Attribute": [ { "category": "Other", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "last-submission", "timestamp": "1565097200", "to_ids": false, "type": "datetime", "uuid": "7e17b294-cd02-4cbf-8360-6b980e944a60", "value": "2019-08-07T07:57:31" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "permalink", "timestamp": "1565097200", "to_ids": false, "type": "link", "uuid": "3004172e-acdc-4959-b3db-66f1c5d0abe0", "value": "https://www.virustotal.com/file/6a1f91b94bc6c7167967983a78aa1c8780decad66c278e3d7da5e8d4dbec4412/analysis/1565164651/" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "detection-ratio", "timestamp": "1565097200", "to_ids": false, "type": "text", "uuid": "d02a7092-c6ff-445e-b8df-fa9ce122458f", "value": "0/66" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "17", "timestamp": "1565505175", "uuid": "18ccf1e5-236a-4ad0-8556-2d5ff4532a11", "ObjectReference": [ { "comment": "", "object_uuid": "18ccf1e5-236a-4ad0-8556-2d5ff4532a11", "referenced_uuid": "ef63bd95-99e9-4843-9ad6-725ee617c410", "relationship_type": "analysed-with", "timestamp": "1565505179", "uuid": "5d4fb69b-9358-4f19-bc3f-3d4f02de0b81" } ], "Attribute": [ { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1565092661", "to_ids": true, "type": "md5", "uuid": "c58752a7-e5a5-40ed-8d42-b72366b54dbe", "value": "e880c09454a68b4714c6f184f7968070" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1565092661", "to_ids": true, "type": "sha1", "uuid": "ea8f1d07-9a64-48c5-8441-2122cc7c3f03", "value": "4dba5fe842b01b641a7228a4c8f805e4627c0012" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1565092661", "to_ids": true, "type": "sha256", "uuid": "523c56e8-86ba-4f6c-bf78-cbed73831432", "value": "c9cf8e159809cfa97971a0b84801c6aead32e03a423a2fd0ca1c402032b16a82" } ] }, { "comment": "", "deleted": false, "description": "VirusTotal report", "meta-category": "misc", "name": "virustotal-report", "template_uuid": "d7dd0154-e04f-4c34-a2fb-79f3a3a52aa4", "template_version": "2", "timestamp": "1565505175", "uuid": "ef63bd95-99e9-4843-9ad6-725ee617c410", "Attribute": [ { "category": "Other", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "last-submission", "timestamp": "1565092661", "to_ids": false, "type": "datetime", "uuid": "73ae0c5f-3822-44a5-8e6a-e0c5cc7ae015", "value": "2019-08-09T10:12:09" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "permalink", "timestamp": "1565092661", "to_ids": false, "type": "link", "uuid": "147b157c-4060-4849-8597-6b3cf41e56be", "value": "https://www.virustotal.com/file/c9cf8e159809cfa97971a0b84801c6aead32e03a423a2fd0ca1c402032b16a82/analysis/1565345529/" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "detection-ratio", "timestamp": "1565092661", "to_ids": false, "type": "text", "uuid": "cab2413e-ee43-4916-8f7f-77eab426ae20", "value": "41/62" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "17", "timestamp": "1565505175", "uuid": "66ffca83-f5bf-46b5-aa17-25a0da26b4a8", "ObjectReference": [ { "comment": "", "object_uuid": "66ffca83-f5bf-46b5-aa17-25a0da26b4a8", "referenced_uuid": "fa950a27-172c-4243-92fe-c54894fe8f03", "relationship_type": "analysed-with", "timestamp": "1565505179", "uuid": "5d4fb69b-13f8-4813-85fc-3d4f02de0b81" } ], "Attribute": [ { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1565098738", "to_ids": true, "type": "md5", "uuid": "afa1fade-ec71-4646-8932-8bb835b346c3", "value": "6f2bf181f8b9ca1d28465ed6bab6f3e2" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1565098738", "to_ids": true, "type": "sha1", "uuid": "46ac9fe5-7d10-4ba7-a4e5-bde4bfb056f0", "value": "ad1fce0c62b532d097dacfce149c452154d51eb0" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1565098738", "to_ids": true, "type": "sha256", "uuid": "982224f0-365c-4b41-911e-4a12e95f542b", "value": "8171cbd7bc06d905a7d77d2d0dd147b0b9305d76f76a176fbda4b78768656a47" } ] }, { "comment": "", "deleted": false, "description": "VirusTotal report", "meta-category": "misc", "name": "virustotal-report", "template_uuid": "d7dd0154-e04f-4c34-a2fb-79f3a3a52aa4", "template_version": "2", "timestamp": "1565505175", "uuid": "fa950a27-172c-4243-92fe-c54894fe8f03", "Attribute": [ { "category": "Other", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "last-submission", "timestamp": "1565098738", "to_ids": false, "type": "datetime", "uuid": "514b8275-5a02-4fa7-bbf3-44d83f3d4c03", "value": "2019-08-09T10:13:10" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "permalink", "timestamp": "1565098738", "to_ids": false, "type": "link", "uuid": "18817da9-db4e-468c-81ab-f0fc22af73df", "value": "https://www.virustotal.com/file/8171cbd7bc06d905a7d77d2d0dd147b0b9305d76f76a176fbda4b78768656a47/analysis/1565345590/" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "detection-ratio", "timestamp": "1565098738", "to_ids": false, "type": "text", "uuid": "fe7700b1-4509-452c-83e0-697b67eea1de", "value": "28/53" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "17", "timestamp": "1565505176", "uuid": "168eca3c-6b0c-495b-bc97-76fc044663da", "ObjectReference": [ { "comment": "", "object_uuid": "168eca3c-6b0c-495b-bc97-76fc044663da", "referenced_uuid": "299f2cd3-4943-45c0-89fd-688831a58235", "relationship_type": "analysed-with", "timestamp": "1565505179", "uuid": "5d4fb69b-edec-4d3f-9b9b-3d4f02de0b81" } ], "Attribute": [ { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1565098557", "to_ids": true, "type": "md5", "uuid": "4dd57698-4de4-4f5d-a8f2-214e87a05782", "value": "9f1e5d66c2889018daef4aef604eebc4" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1565098557", "to_ids": true, "type": "sha1", "uuid": "58f2fc0a-2556-4ba9-a0be-2db8980f5224", "value": "b80294261c8a1635e16e14f55a3d76889ff2c857" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1565098557", "to_ids": true, "type": "sha256", "uuid": "65d1802c-b6a5-46c6-ad2b-bfce99794f5d", "value": "02a81aea451cdfa2cd6668e3b814c4e50c6025e36b70ab972a8cc68aba5b3222" } ] }, { "comment": "", "deleted": false, "description": "VirusTotal report", "meta-category": "misc", "name": "virustotal-report", "template_uuid": "d7dd0154-e04f-4c34-a2fb-79f3a3a52aa4", "template_version": "2", "timestamp": "1565505176", "uuid": "299f2cd3-4943-45c0-89fd-688831a58235", "Attribute": [ { "category": "Other", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "last-submission", "timestamp": "1565098557", "to_ids": false, "type": "datetime", "uuid": "0abdb5b6-5361-4012-ba4b-bca90ddac639", "value": "2019-08-06T18:49:02" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "permalink", "timestamp": "1565098557", "to_ids": false, "type": "link", "uuid": "e629edd0-952f-4a57-87c7-3ebfe9e54987", "value": "https://www.virustotal.com/file/02a81aea451cdfa2cd6668e3b814c4e50c6025e36b70ab972a8cc68aba5b3222/analysis/1565117342/" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "detection-ratio", "timestamp": "1565098557", "to_ids": false, "type": "text", "uuid": "98555b2e-b57c-4506-9068-8f11a7d07ca1", "value": "1/66" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "17", "timestamp": "1565505176", "uuid": "0f1baa55-4a99-4cc2-84d1-7032ab3b20a6", "ObjectReference": [ { "comment": "", "object_uuid": "0f1baa55-4a99-4cc2-84d1-7032ab3b20a6", "referenced_uuid": "fef464cf-27a2-4bfb-bf12-4adb789baa4e", "relationship_type": "analysed-with", "timestamp": "1565505179", "uuid": "5d4fb69b-1ad0-404b-8a17-3d4f02de0b81" } ], "Attribute": [ { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1565098533", "to_ids": true, "type": "md5", "uuid": "05c05f6c-c8e6-4c2e-96db-dfa9f3a65990", "value": "55ffee241709ae96cf64cb0b9a96f0d7" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1565098533", "to_ids": true, "type": "sha1", "uuid": "888b14ee-a2e5-4504-9b28-075a24cfc8d2", "value": "b191810094dd2ee6b13c0d33458fafcd459681ae" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1565098533", "to_ids": true, "type": "sha256", "uuid": "4f898918-50b9-491b-bf07-3d0bb4c69e51", "value": "64bc6cf6b6e9850cea2a36cabc88982b0b936dd7f0bc169a2f6dd2a5d1e86abf" } ] }, { "comment": "", "deleted": false, "description": "VirusTotal report", "meta-category": "misc", "name": "virustotal-report", "template_uuid": "d7dd0154-e04f-4c34-a2fb-79f3a3a52aa4", "template_version": "2", "timestamp": "1565505176", "uuid": "fef464cf-27a2-4bfb-bf12-4adb789baa4e", "Attribute": [ { "category": "Other", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "last-submission", "timestamp": "1565098533", "to_ids": false, "type": "datetime", "uuid": "932dfeb4-c96d-4337-b8ac-b19215b28b68", "value": "2019-08-09T01:41:32" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "permalink", "timestamp": "1565098533", "to_ids": false, "type": "link", "uuid": "2ef12f33-7867-4996-a410-c4022c862b9d", "value": "https://www.virustotal.com/file/64bc6cf6b6e9850cea2a36cabc88982b0b936dd7f0bc169a2f6dd2a5d1e86abf/analysis/1565314892/" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "detection-ratio", "timestamp": "1565098533", "to_ids": false, "type": "text", "uuid": "40e4ead5-bde4-4c4e-80ff-95d7236b9f0a", "value": "0/68" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "17", "timestamp": "1565505176", "uuid": "a7c89ed2-b308-4953-98a4-8b7b7f74f90e", "ObjectReference": [ { "comment": "", "object_uuid": "a7c89ed2-b308-4953-98a4-8b7b7f74f90e", "referenced_uuid": "76da6429-cbfd-4a4b-83ad-a6511f97a14e", "relationship_type": "analysed-with", "timestamp": "1565505179", "uuid": "5d4fb69b-185c-4630-8d67-3d4f02de0b81" } ], "Attribute": [ { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1565098719", "to_ids": true, "type": "md5", "uuid": "e03c3805-8c35-4074-b686-38cff67c0f04", "value": "1091a566e2f44bada1f814998034bd04" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1565098719", "to_ids": true, "type": "sha1", "uuid": "91d5cae9-79c6-429e-b1a7-a758edad8c8a", "value": "e0c8e11f8b271c1e40f5c184afa427ffe99444f8" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1565098719", "to_ids": true, "type": "sha256", "uuid": "786f1ff3-dcec-4f0a-b6c9-c2145f93b751", "value": "1c17cf7af862cdb0af2f5540391ac3d0b427bd6369cf1a5fbb8d82fb80964d1c" } ] }, { "comment": "", "deleted": false, "description": "VirusTotal report", "meta-category": "misc", "name": "virustotal-report", "template_uuid": "d7dd0154-e04f-4c34-a2fb-79f3a3a52aa4", "template_version": "2", "timestamp": "1565505177", "uuid": "76da6429-cbfd-4a4b-83ad-a6511f97a14e", "Attribute": [ { "category": "Other", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "last-submission", "timestamp": "1565098719", "to_ids": false, "type": "datetime", "uuid": "753365f1-529c-40e2-80d8-2996a57fb0f6", "value": "2019-08-09T10:12:08" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "permalink", "timestamp": "1565098719", "to_ids": false, "type": "link", "uuid": "b2c2427d-024a-4003-97f2-4c661da00e90", "value": "https://www.virustotal.com/file/1c17cf7af862cdb0af2f5540391ac3d0b427bd6369cf1a5fbb8d82fb80964d1c/analysis/1565345528/" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "detection-ratio", "timestamp": "1565098719", "to_ids": false, "type": "text", "uuid": "f6edb2bf-fafc-4ee9-9aae-82b2531b3718", "value": "25/52" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "17", "timestamp": "1565505177", "uuid": "8ea7872e-f1cb-4652-945b-4f8f9558f662", "ObjectReference": [ { "comment": "", "object_uuid": "8ea7872e-f1cb-4652-945b-4f8f9558f662", "referenced_uuid": "569e0439-c30e-444a-8ef9-76c1388c03a6", "relationship_type": "analysed-with", "timestamp": "1565505179", "uuid": "5d4fb69b-97a4-49a6-9b81-3d4f02de0b81" } ], "Attribute": [ { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1565090840", "to_ids": true, "type": "md5", "uuid": "e7d2e89e-8e13-403e-8317-372674360c44", "value": "4a3cdcef8ed41b221f3dbef5792fb52d" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1565090840", "to_ids": true, "type": "sha1", "uuid": "e9f57636-dba4-452e-86ad-571a906d468e", "value": "6c04499f7406e270b590374ef813c4012530273e" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1565090840", "to_ids": true, "type": "sha256", "uuid": "992517b4-6057-438f-a1e4-4eeab3b417e6", "value": "6bb5f3a7147660db416b838893c7d0734872ada9f7db68b1d019043a1cb89397" } ] }, { "comment": "", "deleted": false, "description": "VirusTotal report", "meta-category": "misc", "name": "virustotal-report", "template_uuid": "d7dd0154-e04f-4c34-a2fb-79f3a3a52aa4", "template_version": "2", "timestamp": "1565505177", "uuid": "569e0439-c30e-444a-8ef9-76c1388c03a6", "Attribute": [ { "category": "Other", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "last-submission", "timestamp": "1565090840", "to_ids": false, "type": "datetime", "uuid": "0ccdca69-9f20-42e3-ab13-e2e6b98cc13e", "value": "2019-08-09T12:53:04" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "permalink", "timestamp": "1565090840", "to_ids": false, "type": "link", "uuid": "8db662d3-7baf-4543-b958-bdebb1bdb185", "value": "https://www.virustotal.com/file/6bb5f3a7147660db416b838893c7d0734872ada9f7db68b1d019043a1cb89397/analysis/1565355184/" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "detection-ratio", "timestamp": "1565090840", "to_ids": false, "type": "text", "uuid": "8c2c7ee6-599a-4468-bb8f-e90793092ed1", "value": "0/66" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "17", "timestamp": "1565505177", "uuid": "71291c97-7e50-4601-8836-d13f6a601564", "ObjectReference": [ { "comment": "", "object_uuid": "71291c97-7e50-4601-8836-d13f6a601564", "referenced_uuid": "29b46ebc-f105-45dd-9b0e-c50ac28523bb", "relationship_type": "analysed-with", "timestamp": "1565505179", "uuid": "5d4fb69b-3124-4b2e-bd96-3d4f02de0b81" } ], "Attribute": [ { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1565097237", "to_ids": true, "type": "md5", "uuid": "ce9d3adb-fe5f-4844-aa45-4b9413e6ee44", "value": "88eca26e7f720a3faa94864359681590" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1565097237", "to_ids": true, "type": "sha1", "uuid": "bbc7ae69-b74b-4615-bc9d-b0b9979d84a0", "value": "6d80a959e7f52150fda2241a4073a29085c9386b" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1565097237", "to_ids": true, "type": "sha256", "uuid": "0c0a283e-42a5-4457-9681-47190327e1be", "value": "b7e72ad59f05b67e7f44f071e7c3e46a490261c653cac66063ceed52c176fae0" } ] }, { "comment": "", "deleted": false, "description": "VirusTotal report", "meta-category": "misc", "name": "virustotal-report", "template_uuid": "d7dd0154-e04f-4c34-a2fb-79f3a3a52aa4", "template_version": "2", "timestamp": "1565505178", "uuid": "29b46ebc-f105-45dd-9b0e-c50ac28523bb", "Attribute": [ { "category": "Other", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "last-submission", "timestamp": "1565097237", "to_ids": false, "type": "datetime", "uuid": "9d0e29a6-ce2e-4af8-baa0-f1a20ea19ae3", "value": "2019-08-09T10:12:08" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "permalink", "timestamp": "1565097237", "to_ids": false, "type": "link", "uuid": "9bb01340-6430-43f8-be1d-2c9c37985fcc", "value": "https://www.virustotal.com/file/b7e72ad59f05b67e7f44f071e7c3e46a490261c653cac66063ceed52c176fae0/analysis/1565345528/" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "detection-ratio", "timestamp": "1565097237", "to_ids": false, "type": "text", "uuid": "dae0b425-f835-4ad2-87f8-709822134d4b", "value": "38/62" } ] } ] } }