{ "Event": { "analysis": "0", "date": "2019-12-10", "extends_uuid": "", "info": "2019-12-10: TrickBot Project \u00e2\u20ac\u0153Anchor:\u00e2\u20ac\u009d Window Into Sophisticated Operation", "publish_timestamp": "1622029338", "published": true, "threat_level_id": "2", "timestamp": "1621850506", "uuid": "5defbf60-c77c-4611-b627-03e368f8e8cf", "Orgc": { "name": "VK_INTEL_EVIL", "uuid": "5d2fbc3a-e520-4bf9-89b7-1b0a68f8e8cf" }, "Tag": [ { "colour": "#cdce6a", "local": "0", "name": "Banker: TrickBot", "relationship_type": "" }, { "colour": "#000000", "local": "0", "name": "Anchor", "relationship_type": "" }, { "colour": "#0dd733", "local": "0", "name": "Memory Scraper", "relationship_type": "" }, { "colour": "#0088cc", "local": "0", "name": "misp-galaxy:malpedia=\"TrickBot\"", "relationship_type": "" }, { "colour": "#004646", "local": "0", "name": "type:OSINT", "relationship_type": "" }, { "colour": "#0071c3", "local": "0", "name": "osint:lifetime=\"perpetual\"", "relationship_type": "" }, { "colour": "#0087e8", "local": "0", "name": "osint:certainty=\"50\"", "relationship_type": "" }, { "colour": "#ffffff", "local": "0", "name": "tlp:white", "relationship_type": "" } ], "Attribute": [ { "category": "Payload installation", "comment": "Trick Anchor Yara", "deleted": false, "disable_correlation": false, "timestamp": "1575993294", "to_ids": false, "type": "yara", "uuid": "5defbfce-cb0c-4c33-8b93-74cf68f8e8cf", "value": "rule crime_win32_anchor_trick_1\r\n{\r\nmeta:\r\n description = \"Detects Anchor malware\"\r\n author = \"Jason Reaves\"\r\n\r\nstrings: \r\n$s1 = \"D:\\\\Win32.ogw0rm\" nocase\r\n$s2 = \"MyProjects\\\\memoryScraper\" nocase\r\n$s3 = \"\\\\MyProjects\\\\secondWork\\\\Anchor\" nocase\r\n$s4 = \"\\\\MyProjects\\\\secondWork\\\\psExecutor\" nocase\r\n$s5 = \"\\\\MyProjects\\\\mailCollection\" nocase\r\n$s6 = \"\\\\MyProjects\\\\spreader\" nocase\r\ncondition:\r\nany of them\r\n}" }, { "category": "Payload delivery", "comment": "Memscraper payload", "deleted": false, "disable_correlation": false, "timestamp": "1575993421", "to_ids": true, "type": "sha256", "uuid": "5defc04d-a59c-47ac-a1a5-03fd19d2faa1", "value": "e54a267e788cc076c870eba0ff16920f9cb49207a034a8b6bfd92abc5a5f7434" }, { "category": "Payload delivery", "comment": "Memscraper payload", "deleted": false, "disable_correlation": false, "timestamp": "1575993421", "to_ids": true, "type": "sha256", "uuid": "5defc04d-4b78-433d-9f82-03fd19d2faa1", "value": "d584e868f867c6251e115b7909559da784f25b778192c6a24e49685f80257e4d" }, { "category": "Payload delivery", "comment": "Memscraper DNS variant", "deleted": false, "disable_correlation": false, "timestamp": "1575993421", "to_ids": true, "type": "sha256", "uuid": "5defc04d-08c0-4909-85e3-03fd19d2faa1", "value": "354936f4265a5e870374a3fe9378cf9a3e7dd45ee4626b971d6b7b0837f4f181" }, { "category": "Payload delivery", "comment": "Memscraper DNS variant", "deleted": false, "disable_correlation": false, "timestamp": "1575993421", "to_ids": true, "type": "sha256", "uuid": "5defc04d-e5c0-4a82-b368-03fd19d2faa1", "value": "54257aa2394ef87dd510da00e0583b670f3eb43e2eef86be4db69c3432e99abd" }, { "category": "Payload delivery", "comment": "Anchor Deinstaller", "deleted": false, "disable_correlation": false, "timestamp": "1575993421", "to_ids": true, "type": "sha256", "uuid": "5defc04d-f520-4bdf-9db1-03fd19d2faa1", "value": "b288c3b3f5886b1cd7b6600df2b8046f2c0fd17360fb188ecfbcc8f6b7e552a5" }, { "category": "Payload delivery", "comment": "Anchor Installer", "deleted": false, "disable_correlation": false, "timestamp": "1575993421", "to_ids": true, "type": "sha256", "uuid": "5defc04d-d238-48e8-889e-03fd19d2faa1", "value": "52a1ca4e65a99f997db0314add8c3b84c6f257844eda73ae6e5debce6abc2bd4" }, { "category": "Payload delivery", "comment": "Anchor Bot", "deleted": false, "disable_correlation": false, "timestamp": "1575993421", "to_ids": true, "type": "sha256", "uuid": "5defc04d-9ca4-4559-b23a-03fd19d2faa1", "value": "6500190bf8253c015700eb071416cbe33a1c8f3b84aeb28b7118a6abe96005e3" }, { "category": "Payload delivery", "comment": "Anchor DNS variant", "deleted": false, "disable_correlation": false, "timestamp": "1575993421", "to_ids": true, "type": "sha256", "uuid": "5defc04d-2934-4c99-a39f-03fd19d2faa1", "value": "6b1759936993f02df80b330d11c1b12accd53a80b6207cd1defc555e6e4bf57c" }, { "category": "Payload delivery", "comment": "Anchor DNS variant", "deleted": false, "disable_correlation": false, "timestamp": "1575993546", "to_ids": true, "type": "sha256", "uuid": "5defc0ca-4190-4543-9d3a-040819d2faa1", "value": "e49e6f0b194ff7c83ec02b3c2efc9e746a4b2ba74607a4aad8fbdcdc66baa8dc" }, { "category": "Payload installation", "comment": "Anchor DNS variant", "deleted": false, "disable_correlation": false, "timestamp": "1575994405", "to_ids": true, "type": "sha256", "uuid": "5defc425-9808-4e88-a170-74d168f8e8cf", "value": "b02494ffc1dab60510e6caee3c54695e24408e5bfa6621adcd19301cfc18e329" }, { "category": "Payload installation", "comment": "Anchor DNS variant", "deleted": false, "disable_correlation": false, "timestamp": "1575994405", "to_ids": true, "type": "sha256", "uuid": "5defc425-8690-4042-9e2d-74d168f8e8cf", "value": "c6d466600371ced9d962594474a4b8b0ccff19adc59dbd2027c10d930afbe282" }, { "category": "External analysis", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1575996337", "to_ids": false, "type": "link", "uuid": "5defcbb1-1128-4567-a936-ab51950d210f", "value": "https://github.com/SentineLabs/TrickBot-Anchor/blob/master/2019-12-10-trickbot-anchor-blog.vk.misp.json" } ], "Object": [ { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "17", "timestamp": "1575996301", "uuid": "d0cb4e83-d39b-4be9-bf27-865cf449ee58", "ObjectReference": [ { "comment": "", "object_uuid": "d0cb4e83-d39b-4be9-bf27-865cf449ee58", "referenced_uuid": "8d59f261-04a2-4b38-9fe0-a1ed372ae412", "relationship_type": "analysed-with", "timestamp": "1621850506", "uuid": "5defcb91-3b30-4ef9-a592-ab51950d210f" } ], "Attribute": [ { "category": "Payload installation", "comment": "Anchor DNS variant", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1575994405", "to_ids": true, "type": "md5", "uuid": "29f3b78b-3c77-42b3-b563-6fd0ac1e256f", "value": "ae48b4d1d0da879512b495ec1f80cf67" }, { "category": "Payload installation", "comment": "Anchor DNS variant", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1575994405", "to_ids": true, "type": "sha1", "uuid": "a811f4ee-e88a-44fe-8a80-d36401f1ed22", "value": "b388243bf5899c99091ac2df13339f141659bbd4" }, { "category": "Payload installation", "comment": "Anchor DNS variant", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1575994405", "to_ids": true, "type": "sha256", "uuid": "aecad7b4-251e-4b68-aa8c-898c0194e583", "value": "b02494ffc1dab60510e6caee3c54695e24408e5bfa6621adcd19301cfc18e329" } ] }, { "comment": "", "deleted": false, "description": "VirusTotal report", "meta-category": "misc", "name": "virustotal-report", "template_uuid": "d7dd0154-e04f-4c34-a2fb-79f3a3a52aa4", "template_version": "2", "timestamp": "1575996301", "uuid": "8d59f261-04a2-4b38-9fe0-a1ed372ae412", "Attribute": [ { "category": "Other", "comment": "Anchor DNS variant", "deleted": false, "disable_correlation": false, "object_relation": "last-submission", "timestamp": "1575994405", "to_ids": false, "type": "datetime", "uuid": "31d66a22-e70d-43e4-af6f-ac9ca2856207", "value": "2019-10-15T18:47:28" }, { "category": "External analysis", "comment": "Anchor DNS variant", "deleted": false, "disable_correlation": false, "object_relation": "permalink", "timestamp": "1575994405", "to_ids": false, "type": "link", "uuid": "81544988-2b02-4a5d-a8be-4519393f64d7", "value": "https://www.virustotal.com/file/b02494ffc1dab60510e6caee3c54695e24408e5bfa6621adcd19301cfc18e329/analysis/1571165248/" }, { "category": "Payload installation", "comment": "Anchor DNS variant", "deleted": false, "disable_correlation": true, "object_relation": "detection-ratio", "timestamp": "1575994405", "to_ids": false, "type": "text", "uuid": "7b2c1ba8-7583-488b-88e2-b5336e3ea744", "value": "53/70" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "17", "timestamp": "1575996302", "uuid": "59697923-f806-485e-92e4-5c80f254cda0", "ObjectReference": [ { "comment": "", "object_uuid": "59697923-f806-485e-92e4-5c80f254cda0", "referenced_uuid": "a52de72c-ff08-4e4b-9557-989baeb96fa2", "relationship_type": "analysed-with", "timestamp": "1621850506", "uuid": "5defcb91-5664-4580-900a-ab51950d210f" } ], "Attribute": [ { "category": "Payload delivery", "comment": "Memscraper payload", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1575993421", "to_ids": true, "type": "md5", "uuid": "fbe8dfe9-e615-41f8-8043-a1e5c6493962", "value": "8ae6cd70b4acf2b17b3b678eb741344e" }, { "category": "Payload delivery", "comment": "Memscraper payload", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1575993421", "to_ids": true, "type": "sha1", "uuid": "a90c236d-5414-4c8d-8e02-7c242cf61e2c", "value": "299d63fef8274c51325a6f7b3e2bb7578c978d19" }, { "category": "Payload delivery", "comment": "Memscraper payload", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1575993421", "to_ids": true, "type": "sha256", "uuid": "b4b1fbda-be3b-4147-9d70-7da18415b977", "value": "d584e868f867c6251e115b7909559da784f25b778192c6a24e49685f80257e4d" } ] }, { "comment": "", "deleted": false, "description": "VirusTotal report", "meta-category": "misc", "name": "virustotal-report", "template_uuid": "d7dd0154-e04f-4c34-a2fb-79f3a3a52aa4", "template_version": "2", "timestamp": "1575996302", "uuid": "a52de72c-ff08-4e4b-9557-989baeb96fa2", "Attribute": [ { "category": "Other", "comment": "Memscraper payload", "deleted": false, "disable_correlation": false, "object_relation": "last-submission", "timestamp": "1575993421", "to_ids": false, "type": "datetime", "uuid": "c31388c5-410e-456c-93d8-bd92a56c94a0", "value": "2018-09-13T09:37:29" }, { "category": "Payload delivery", "comment": "Memscraper payload", "deleted": false, "disable_correlation": false, "object_relation": "permalink", "timestamp": "1575993421", "to_ids": false, "type": "link", "uuid": "830a634d-51b7-42e1-af5b-6d05b45f13c2", "value": "https://www.virustotal.com/file/d584e868f867c6251e115b7909559da784f25b778192c6a24e49685f80257e4d/analysis/1536831449/" }, { "category": "Payload delivery", "comment": "Memscraper payload", "deleted": false, "disable_correlation": true, "object_relation": "detection-ratio", "timestamp": "1575993421", "to_ids": false, "type": "text", "uuid": "9ea82fdf-c020-439f-bfc4-78f4222b43d1", "value": "1/68" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "17", "timestamp": "1575996302", "uuid": "3c20a8d5-ca69-433e-aef1-2a352ccf3221", "ObjectReference": [ { "comment": "", "object_uuid": "3c20a8d5-ca69-433e-aef1-2a352ccf3221", "referenced_uuid": "d7e9e070-4a02-42c2-b6bc-a91da8b91667", "relationship_type": "analysed-with", "timestamp": "1621850506", "uuid": "5defcb91-d9e4-43e8-9bb5-ab51950d210f" } ], "Attribute": [ { "category": "Payload delivery", "comment": "Memscraper payload", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1575993421", "to_ids": true, "type": "md5", "uuid": "481bf5e9-7275-49e9-b085-892f7b1f5f96", "value": "9998b8cf8f204cadb9a855f42af0ddc5" }, { "category": "Payload delivery", "comment": "Memscraper payload", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1575993421", "to_ids": true, "type": "sha1", "uuid": "bafc3daa-38af-4f62-a5d2-a98ef781c380", "value": "314967cc074e31b448d42ca15ab43fff27d716c7" }, { "category": "Payload delivery", "comment": "Memscraper payload", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1575993421", "to_ids": true, "type": "sha256", "uuid": "cd1a76ef-08a5-4382-97ee-d326dfb37a9c", "value": "e54a267e788cc076c870eba0ff16920f9cb49207a034a8b6bfd92abc5a5f7434" } ] }, { "comment": "", "deleted": false, "description": "VirusTotal report", "meta-category": "misc", "name": "virustotal-report", "template_uuid": "d7dd0154-e04f-4c34-a2fb-79f3a3a52aa4", "template_version": "2", "timestamp": "1575996303", "uuid": "d7e9e070-4a02-42c2-b6bc-a91da8b91667", "Attribute": [ { "category": "Other", "comment": "Memscraper payload", "deleted": false, "disable_correlation": false, "object_relation": "last-submission", "timestamp": "1575993421", "to_ids": false, "type": "datetime", "uuid": "290a435a-597a-493f-8687-33fd7883999d", "value": "2018-08-15T14:40:18" }, { "category": "Payload delivery", "comment": "Memscraper payload", "deleted": false, "disable_correlation": false, "object_relation": "permalink", "timestamp": "1575993421", "to_ids": false, "type": "link", "uuid": "5b3ac3e7-faa0-4a8a-ae01-ecfc3717229a", "value": "https://www.virustotal.com/file/e54a267e788cc076c870eba0ff16920f9cb49207a034a8b6bfd92abc5a5f7434/analysis/1534344018/" }, { "category": "Payload delivery", "comment": "Memscraper payload", "deleted": false, "disable_correlation": true, "object_relation": "detection-ratio", "timestamp": "1575993421", "to_ids": false, "type": "text", "uuid": "5aba37ab-b2fb-4754-918f-c1039daa36b4", "value": "4/68" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "17", "timestamp": "1575996303", "uuid": "d2357103-d172-43df-9bef-4c018472adca", "ObjectReference": [ { "comment": "", "object_uuid": "d2357103-d172-43df-9bef-4c018472adca", "referenced_uuid": "9fe3729a-9873-4b8c-8e4d-34564bf95f06", "relationship_type": "analysed-with", "timestamp": "1621850506", "uuid": "5defcb91-3af8-4839-a9fa-ab51950d210f" } ], "Attribute": [ { "category": "Payload delivery", "comment": "Memscraper DNS variant", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1575993421", "to_ids": true, "type": "md5", "uuid": "9b606f5c-e571-4266-ba7a-aee2a20ba3a5", "value": "737346c9511b32f1b6f878667785dc32" }, { "category": "Payload delivery", "comment": "Memscraper DNS variant", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1575993421", "to_ids": true, "type": "sha1", "uuid": "161774ff-7973-4c96-96ca-c93b9f1bb55f", "value": "945852060bea021b20855f4cd913951f5b1b14c9" }, { "category": "Payload delivery", "comment": "Memscraper DNS variant", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1575993421", "to_ids": true, "type": "sha256", "uuid": "cc71b25e-05db-49d7-9ca9-822b01e9a642", "value": "354936f4265a5e870374a3fe9378cf9a3e7dd45ee4626b971d6b7b0837f4f181" } ] }, { "comment": "", "deleted": false, "description": "VirusTotal report", "meta-category": "misc", "name": "virustotal-report", "template_uuid": "d7dd0154-e04f-4c34-a2fb-79f3a3a52aa4", "template_version": "2", "timestamp": "1575996303", "uuid": "9fe3729a-9873-4b8c-8e4d-34564bf95f06", "Attribute": [ { "category": "Other", "comment": "Memscraper DNS variant", "deleted": false, "disable_correlation": false, "object_relation": "last-submission", "timestamp": "1575993421", "to_ids": false, "type": "datetime", "uuid": "c414d184-c756-40a7-8525-e99b49a6b3e8", "value": "2019-03-11T09:23:25" }, { "category": "Payload delivery", "comment": "Memscraper DNS variant", "deleted": false, "disable_correlation": false, "object_relation": "permalink", "timestamp": "1575993421", "to_ids": false, "type": "link", "uuid": "dc5736ac-4bba-484e-8a61-e0c14ebd6245", "value": "https://www.virustotal.com/file/354936f4265a5e870374a3fe9378cf9a3e7dd45ee4626b971d6b7b0837f4f181/analysis/1552296205/" }, { "category": "Payload delivery", "comment": "Memscraper DNS variant", "deleted": false, "disable_correlation": true, "object_relation": "detection-ratio", "timestamp": "1575993421", "to_ids": false, "type": "text", "uuid": "add6615e-45c7-448d-a62c-ee332c0d374b", "value": "3/68" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "17", "timestamp": "1575996303", "uuid": "f44bb30f-2c90-4d8f-b088-65c56436b223", "ObjectReference": [ { "comment": "", "object_uuid": "f44bb30f-2c90-4d8f-b088-65c56436b223", "referenced_uuid": "3abbd5dc-13da-4144-9380-e725ca133b00", "relationship_type": "analysed-with", "timestamp": "1621850506", "uuid": "5defcb91-f65c-47c6-8179-ab51950d210f" } ], "Attribute": [ { "category": "Payload delivery", "comment": "Anchor Bot", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1575993421", "to_ids": true, "type": "md5", "uuid": "38f18262-17ec-4eed-8e04-7829cf8eb25f", "value": "488ec17aff5f12732fc3a5c7503e26ba" }, { "category": "Payload delivery", "comment": "Anchor Bot", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1575993421", "to_ids": true, "type": "sha1", "uuid": "a325c88d-cddc-4c3e-bbab-2c3523f11462", "value": "a96fe2efc6a0b661cf30420d13584b4ffbd654fe" }, { "category": "Payload delivery", "comment": "Anchor Bot", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1575993421", "to_ids": true, "type": "sha256", "uuid": "73420b7b-5acc-4598-a332-f8e7e2453a3b", "value": "6500190bf8253c015700eb071416cbe33a1c8f3b84aeb28b7118a6abe96005e3" } ] }, { "comment": "", "deleted": false, "description": "VirusTotal report", "meta-category": "misc", "name": "virustotal-report", "template_uuid": "d7dd0154-e04f-4c34-a2fb-79f3a3a52aa4", "template_version": "2", "timestamp": "1575996303", "uuid": "3abbd5dc-13da-4144-9380-e725ca133b00", "Attribute": [ { "category": "Other", "comment": "Anchor Bot", "deleted": false, "disable_correlation": false, "object_relation": "last-submission", "timestamp": "1575993421", "to_ids": false, "type": "datetime", "uuid": "8dbd1370-04fb-4bea-8359-b34a391270cf", "value": "2019-10-24T02:09:12" }, { "category": "Payload delivery", "comment": "Anchor Bot", "deleted": false, "disable_correlation": false, "object_relation": "permalink", "timestamp": "1575993421", "to_ids": false, "type": "link", "uuid": "81502d9d-a6d9-41ce-a263-9f517d5b0e6f", "value": "https://www.virustotal.com/file/6500190bf8253c015700eb071416cbe33a1c8f3b84aeb28b7118a6abe96005e3/analysis/1571882952/" }, { "category": "Payload delivery", "comment": "Anchor Bot", "deleted": false, "disable_correlation": true, "object_relation": "detection-ratio", "timestamp": "1575993421", "to_ids": false, "type": "text", "uuid": "43fcfa2f-ead0-48ce-91d6-e17128f78d0b", "value": "25/71" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "17", "timestamp": "1575996303", "uuid": "325ddfbb-45e8-4357-a973-bb90f7cfb770", "ObjectReference": [ { "comment": "", "object_uuid": "325ddfbb-45e8-4357-a973-bb90f7cfb770", "referenced_uuid": "ba638838-9beb-4f15-99b9-2c65b2e5ae49", "relationship_type": "analysed-with", "timestamp": "1621850506", "uuid": "5defcb91-41f4-44ff-8b44-ab51950d210f" } ], "Attribute": [ { "category": "Payload delivery", "comment": "Anchor DNS variant", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1575993546", "to_ids": true, "type": "md5", "uuid": "74eae1f8-6cb4-47b3-a9c5-24d18e57a87f", "value": "ad4e7904c241bb64955bd066806b25a8" }, { "category": "Payload delivery", "comment": "Anchor DNS variant", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1575993546", "to_ids": true, "type": "sha1", "uuid": "26ae29f5-1719-4b8b-a6e0-66bde91cfc84", "value": "33c9a73ec1150f0b55903537e79e11413954e58f" }, { "category": "Payload delivery", "comment": "Anchor DNS variant", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1575993546", "to_ids": true, "type": "sha256", "uuid": "b2b1d30d-7a78-4e9b-9052-3337c43e1ca0", "value": "e49e6f0b194ff7c83ec02b3c2efc9e746a4b2ba74607a4aad8fbdcdc66baa8dc" } ] }, { "comment": "", "deleted": false, "description": "VirusTotal report", "meta-category": "misc", "name": "virustotal-report", "template_uuid": "d7dd0154-e04f-4c34-a2fb-79f3a3a52aa4", "template_version": "2", "timestamp": "1575996303", "uuid": "ba638838-9beb-4f15-99b9-2c65b2e5ae49", "Attribute": [ { "category": "Other", "comment": "Anchor DNS variant", "deleted": false, "disable_correlation": false, "object_relation": "last-submission", "timestamp": "1575993546", "to_ids": false, "type": "datetime", "uuid": "db9fe6d4-d514-4964-a57b-b0501ff0a308", "value": "2019-10-15T19:32:52" }, { "category": "Payload delivery", "comment": "Anchor DNS variant", "deleted": false, "disable_correlation": false, "object_relation": "permalink", "timestamp": "1575993546", "to_ids": false, "type": "link", "uuid": "e407382e-ed51-4a60-9be0-319f391d78ae", "value": "https://www.virustotal.com/file/e49e6f0b194ff7c83ec02b3c2efc9e746a4b2ba74607a4aad8fbdcdc66baa8dc/analysis/1571167972/" }, { "category": "Payload delivery", "comment": "Anchor DNS variant", "deleted": false, "disable_correlation": true, "object_relation": "detection-ratio", "timestamp": "1575993546", "to_ids": false, "type": "text", "uuid": "9adbfe67-fec1-494c-b00c-14dde0e50dd7", "value": "26/69" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "17", "timestamp": "1575996304", "uuid": "7ac12301-9e22-4429-9236-127671f59fe3", "ObjectReference": [ { "comment": "", "object_uuid": "7ac12301-9e22-4429-9236-127671f59fe3", "referenced_uuid": "8d2aeb0f-bff6-443e-a008-49d67bae2c25", "relationship_type": "analysed-with", "timestamp": "1621850506", "uuid": "5defcb91-53a0-41be-a2dc-ab51950d210f" } ], "Attribute": [ { "category": "Payload installation", "comment": "Anchor DNS variant", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1575994405", "to_ids": true, "type": "md5", "uuid": "94c37e84-ff20-4726-86c4-5b0e066a2885", "value": "7dd84d1e59e01f4409e5239bae78ae23" }, { "category": "Payload installation", "comment": "Anchor DNS variant", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1575994405", "to_ids": true, "type": "sha1", "uuid": "c322af11-bb5c-44af-99de-3511bed55641", "value": "8b185b88519206b883554613a8660cd73dc8fff5" }, { "category": "Payload installation", "comment": "Anchor DNS variant", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1575994405", "to_ids": true, "type": "sha256", "uuid": "ec6a1e74-6a3f-4aea-b2a4-a33cc86e6018", "value": "c6d466600371ced9d962594474a4b8b0ccff19adc59dbd2027c10d930afbe282" } ] }, { "comment": "", "deleted": false, "description": "VirusTotal report", "meta-category": "misc", "name": "virustotal-report", "template_uuid": "d7dd0154-e04f-4c34-a2fb-79f3a3a52aa4", "template_version": "2", "timestamp": "1575996304", "uuid": "8d2aeb0f-bff6-443e-a008-49d67bae2c25", "Attribute": [ { "category": "Other", "comment": "Anchor DNS variant", "deleted": false, "disable_correlation": false, "object_relation": "last-submission", "timestamp": "1575994405", "to_ids": false, "type": "datetime", "uuid": "cc973c30-1507-49b1-b692-4296a905d10b", "value": "2019-12-04T19:54:22" }, { "category": "External analysis", "comment": "Anchor DNS variant", "deleted": false, "disable_correlation": false, "object_relation": "permalink", "timestamp": "1575994405", "to_ids": false, "type": "link", "uuid": "29b23c8e-9a19-4020-942f-731201eafaee", "value": "https://www.virustotal.com/file/c6d466600371ced9d962594474a4b8b0ccff19adc59dbd2027c10d930afbe282/analysis/1575489262/" }, { "category": "Payload installation", "comment": "Anchor DNS variant", "deleted": false, "disable_correlation": true, "object_relation": "detection-ratio", "timestamp": "1575994405", "to_ids": false, "type": "text", "uuid": "f2d5079e-02d4-440a-8f87-0712e3788c81", "value": "37/71" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "17", "timestamp": "1575996304", "uuid": "45d92c99-a5a1-45f2-85d9-01a8c2a0b12a", "ObjectReference": [ { "comment": "", "object_uuid": "45d92c99-a5a1-45f2-85d9-01a8c2a0b12a", "referenced_uuid": "46194cae-7b60-4c07-8074-213e6dac9195", "relationship_type": "analysed-with", "timestamp": "1621850506", "uuid": "5defcb92-a094-4c1d-b941-ab51950d210f" } ], "Attribute": [ { "category": "Payload delivery", "comment": "Anchor Deinstaller", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1575993421", "to_ids": true, "type": "md5", "uuid": "1ca9b36c-1253-4c98-b37c-3452343a48df", "value": "b9b5f5039c19f15ca610baa095642f8a" }, { "category": "Payload delivery", "comment": "Anchor Deinstaller", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1575993421", "to_ids": true, "type": "sha1", "uuid": "019ed3ad-10ad-4094-81df-446b212c3856", "value": "6464f52a47c362195a219bd5cf529338bf29a5c9" }, { "category": "Payload delivery", "comment": "Anchor Deinstaller", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1575993421", "to_ids": true, "type": "sha256", "uuid": "6bd2ca87-df2d-4b9a-8ce5-c0df99fce505", "value": "b288c3b3f5886b1cd7b6600df2b8046f2c0fd17360fb188ecfbcc8f6b7e552a5" } ] }, { "comment": "", "deleted": false, "description": "VirusTotal report", "meta-category": "misc", "name": "virustotal-report", "template_uuid": "d7dd0154-e04f-4c34-a2fb-79f3a3a52aa4", "template_version": "2", "timestamp": "1575996304", "uuid": "46194cae-7b60-4c07-8074-213e6dac9195", "Attribute": [ { "category": "Other", "comment": "Anchor Deinstaller", "deleted": false, "disable_correlation": false, "object_relation": "last-submission", "timestamp": "1575993421", "to_ids": false, "type": "datetime", "uuid": "83380f01-b9ea-4fa8-8a19-dd471362abbc", "value": "2019-08-16T13:42:12" }, { "category": "Payload delivery", "comment": "Anchor Deinstaller", "deleted": false, "disable_correlation": false, "object_relation": "permalink", "timestamp": "1575993421", "to_ids": false, "type": "link", "uuid": "74f02707-1c5f-4f1f-88a2-0dc51cf65d12", "value": "https://www.virustotal.com/file/b288c3b3f5886b1cd7b6600df2b8046f2c0fd17360fb188ecfbcc8f6b7e552a5/analysis/1565962932/" }, { "category": "Payload delivery", "comment": "Anchor Deinstaller", "deleted": false, "disable_correlation": true, "object_relation": "detection-ratio", "timestamp": "1575993421", "to_ids": false, "type": "text", "uuid": "69130a7e-3ad9-4d85-9bd2-b37d51016fd4", "value": "46/67" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "17", "timestamp": "1575996304", "uuid": "7d3ddce8-bd13-42f3-b6d6-2698e9abc59d", "ObjectReference": [ { "comment": "", "object_uuid": "7d3ddce8-bd13-42f3-b6d6-2698e9abc59d", "referenced_uuid": "4e9f91a3-50c9-4881-ae9a-dcc491ad9ac0", "relationship_type": "analysed-with", "timestamp": "1621850506", "uuid": "5defcb93-803c-4083-a0ad-ab51950d210f" } ], "Attribute": [ { "category": "Payload delivery", "comment": "Anchor DNS variant", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1575993421", "to_ids": true, "type": "md5", "uuid": "9ad160e6-1a34-4a22-8229-69ff8a8494ec", "value": "b21646d0e17312079f3e509d5e5a7830" }, { "category": "Payload delivery", "comment": "Anchor DNS variant", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1575993421", "to_ids": true, "type": "sha1", "uuid": "6621a06e-ff32-4757-ae3f-d093e7286041", "value": "8beef55eee4608afe013741033f060c8f47804b5" }, { "category": "Payload delivery", "comment": "Anchor DNS variant", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1575993421", "to_ids": true, "type": "sha256", "uuid": "e97b98c3-c118-41f6-a3b1-499e501b5fb2", "value": "6b1759936993f02df80b330d11c1b12accd53a80b6207cd1defc555e6e4bf57c" } ] }, { "comment": "", "deleted": false, "description": "VirusTotal report", "meta-category": "misc", "name": "virustotal-report", "template_uuid": "d7dd0154-e04f-4c34-a2fb-79f3a3a52aa4", "template_version": "2", "timestamp": "1575996304", "uuid": "4e9f91a3-50c9-4881-ae9a-dcc491ad9ac0", "Attribute": [ { "category": "Other", "comment": "Anchor DNS variant", "deleted": false, "disable_correlation": false, "object_relation": "last-submission", "timestamp": "1575993421", "to_ids": false, "type": "datetime", "uuid": "d6009263-d189-4690-bf00-6a13b5c8bfb9", "value": "2019-11-27T02:02:59" }, { "category": "Payload delivery", "comment": "Anchor DNS variant", "deleted": false, "disable_correlation": false, "object_relation": "permalink", "timestamp": "1575993421", "to_ids": false, "type": "link", "uuid": "7fe80e07-3bfa-4a4e-8632-51edb7f824af", "value": "https://www.virustotal.com/file/6b1759936993f02df80b330d11c1b12accd53a80b6207cd1defc555e6e4bf57c/analysis/1574820179/" }, { "category": "Payload delivery", "comment": "Anchor DNS variant", "deleted": false, "disable_correlation": true, "object_relation": "detection-ratio", "timestamp": "1575993421", "to_ids": false, "type": "text", "uuid": "4b8324b6-c59c-4dd0-9ff8-b119d25bc766", "value": "28/68" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "17", "timestamp": "1575996305", "uuid": "c00e9e68-c6f6-4f46-b65d-cf2409b16c92", "ObjectReference": [ { "comment": "", "object_uuid": "c00e9e68-c6f6-4f46-b65d-cf2409b16c92", "referenced_uuid": "c261cdfa-356e-4cbb-8b09-fd82a644e2a2", "relationship_type": "analysed-with", "timestamp": "1621850506", "uuid": "5defcb93-5a6c-417b-a18d-ab51950d210f" } ], "Attribute": [ { "category": "Payload delivery", "comment": "Memscraper DNS variant", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1575993421", "to_ids": true, "type": "md5", "uuid": "d5fd7a4d-fb06-421a-b28c-05f0fb8be2fa", "value": "3045fb2685124532f28829e07d2d07fb" }, { "category": "Payload delivery", "comment": "Memscraper DNS variant", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1575993421", "to_ids": true, "type": "sha1", "uuid": "3b822cf3-3948-4d6d-9daa-7039f0fed8c7", "value": "b437667e8f3e6b2676cb4c4d7f05435fbc2ba168" }, { "category": "Payload delivery", "comment": "Memscraper DNS variant", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1575993421", "to_ids": true, "type": "sha256", "uuid": "07604f7a-c488-4df7-9c9d-03d5d1dd1c1a", "value": "54257aa2394ef87dd510da00e0583b670f3eb43e2eef86be4db69c3432e99abd" } ] }, { "comment": "", "deleted": false, "description": "VirusTotal report", "meta-category": "misc", "name": "virustotal-report", "template_uuid": "d7dd0154-e04f-4c34-a2fb-79f3a3a52aa4", "template_version": "2", "timestamp": "1575996305", "uuid": "c261cdfa-356e-4cbb-8b09-fd82a644e2a2", "Attribute": [ { "category": "Other", "comment": "Memscraper DNS variant", "deleted": false, "disable_correlation": false, "object_relation": "last-submission", "timestamp": "1575993421", "to_ids": false, "type": "datetime", "uuid": "ec9b20a9-4286-4421-91dd-9046797d55af", "value": "2019-04-09T16:34:27" }, { "category": "Payload delivery", "comment": "Memscraper DNS variant", "deleted": false, "disable_correlation": false, "object_relation": "permalink", "timestamp": "1575993421", "to_ids": false, "type": "link", "uuid": "c4360cc4-1826-4682-849f-29b193e44d51", "value": "https://www.virustotal.com/file/54257aa2394ef87dd510da00e0583b670f3eb43e2eef86be4db69c3432e99abd/analysis/1554827667/" }, { "category": "Payload delivery", "comment": "Memscraper DNS variant", "deleted": false, "disable_correlation": true, "object_relation": "detection-ratio", "timestamp": "1575993421", "to_ids": false, "type": "text", "uuid": "30f6b412-8f65-4aba-b678-9e7228eaeb2d", "value": "4/66" } ] } ] } }