{ "Event": { "analysis": "0", "date": "2021-10-05", "extends_uuid": "", "info": "UEFI threats moving to the ESP: Introducing ESPecter bootkit", "publish_timestamp": "1637336957", "published": true, "threat_level_id": "1", "timestamp": "1637336858", "uuid": "5df8df26-fe0e-4858-94a7-6cf71d9519c9", "Orgc": { "name": "CIRCL", "uuid": "55f6ea5e-2c60-40e5-964f-47a8950d210f" }, "Tag": [ { "colour": "#004646", "local": false, "name": "type:OSINT", "relationship_type": "" }, { "colour": "#0071c3", "local": false, "name": "osint:lifetime=\"perpetual\"", "relationship_type": "" }, { "colour": "#0087e8", "local": false, "name": "osint:certainty=\"50\"", "relationship_type": "" }, { "colour": "#ffffff", "local": false, "name": "tlp:white", "relationship_type": "" }, { "colour": "#0088cc", "local": false, "name": "misp-galaxy:mitre-attack-pattern=\"Native API - T1106\"", "relationship_type": "" }, { "colour": "#0088cc", "local": false, "name": "misp-galaxy:mitre-attack-pattern=\"Pre-OS Boot - T1542\"", "relationship_type": "" }, { "colour": "#0088cc", "local": false, "name": "misp-galaxy:mitre-attack-pattern=\"Boot or Logon Autostart Execution - T1547\"", "relationship_type": "" }, { "colour": "#0088cc", "local": false, "name": "misp-galaxy:mitre-attack-pattern=\"Dynamic-link Library Injection - T1055.001\"", "relationship_type": "" }, { "colour": "#0088cc", "local": false, "name": "misp-galaxy:mitre-attack-pattern=\"Hidden Files and Directories - T1564.001\"", "relationship_type": "" }, { "colour": "#0088cc", "local": false, "name": "misp-galaxy:mitre-attack-pattern=\"Hidden File System - T1564.005\"", "relationship_type": "" }, { "colour": "#0088cc", "local": false, "name": "misp-galaxy:mitre-attack-pattern=\"Deobfuscate/Decode Files or Information - T1140\"", "relationship_type": "" }, { "colour": "#0088cc", "local": false, "name": "misp-galaxy:mitre-attack-pattern=\"Impair Defenses - T1562\"", "relationship_type": "" }, { "colour": "#0088cc", "local": false, "name": "misp-galaxy:mitre-attack-pattern=\"Rename System Utilities - T1036.003\"", "relationship_type": "" }, { "colour": "#0088cc", "local": false, "name": "misp-galaxy:mitre-attack-pattern=\"Modify Registry - T1112\"", "relationship_type": "" }, { "colour": "#0088cc", "local": false, "name": "misp-galaxy:mitre-attack-pattern=\"Patch System Image - T1601.001\"", "relationship_type": "" }, { "colour": "#0088cc", "local": false, "name": "misp-galaxy:mitre-attack-pattern=\"Obfuscated Files or Information - T1406\"", "relationship_type": "" }, { "colour": "#0088cc", "local": false, "name": "misp-galaxy:mitre-attack-pattern=\"Software Packing - T1027.002\"", "relationship_type": "" }, { "colour": "#0088cc", "local": false, "name": "misp-galaxy:mitre-attack-pattern=\"Bootkit - T1542.003\"", "relationship_type": "" }, { "colour": "#0088cc", "local": false, "name": "misp-galaxy:mitre-attack-pattern=\"Code Signing Policy Modification - T1553.006\"", "relationship_type": "" }, { "colour": "#054300", "local": false, "name": "misp-galaxy:mitre-attack-pattern=\"Time Based Evasion - T1497.003\"", "relationship_type": "" }, { "colour": "#075900", "local": false, "name": "misp-galaxy:mitre-attack-pattern=\"Keylogging - T1056.001\"", "relationship_type": "" }, { "colour": "#0088cc", "local": false, "name": "misp-galaxy:mitre-attack-pattern=\"Application Window Discovery - T1010\"", "relationship_type": "" }, { "colour": "#0088cc", "local": false, "name": "misp-galaxy:mitre-attack-pattern=\"File and Directory Discovery - T1083\"", "relationship_type": "" }, { "colour": "#0088cc", "local": false, "name": "misp-galaxy:mitre-attack-pattern=\"File and Directory Discovery - T1420\"", "relationship_type": "" }, { "colour": "#0088cc", "local": false, "name": "misp-galaxy:mitre-attack-pattern=\"Peripheral Device Discovery - T1120\"", "relationship_type": "" }, { "colour": "#0088cc", "local": false, "name": "misp-galaxy:mitre-attack-pattern=\"Process Discovery - T1424\"", "relationship_type": "" }, { "colour": "#0088cc", "local": false, "name": "misp-galaxy:mitre-attack-pattern=\"Query Registry - T1012\"", "relationship_type": "" }, { "colour": "#0088cc", "local": false, "name": "misp-galaxy:mitre-attack-pattern=\"System Information Discovery - T1426\"", "relationship_type": "" }, { "colour": "#0088cc", "local": false, "name": "misp-galaxy:mitre-attack-pattern=\"System Time Discovery - T1124\"", "relationship_type": "" }, { "colour": "#0088cc", "local": false, "name": "misp-galaxy:mitre-attack-pattern=\"Automated Collection - T1119\"", "relationship_type": "" }, { "colour": "#0088cc", "local": false, "name": "misp-galaxy:mitre-attack-pattern=\"Data from Removable Media - T1025\"", "relationship_type": "" }, { "colour": "#0088cc", "local": false, "name": "misp-galaxy:mitre-attack-pattern=\"Local Data Staging - T1074.001\"", "relationship_type": "" }, { "colour": "#0088cc", "local": false, "name": "misp-galaxy:mitre-attack-pattern=\"Input Capture - T1417\"", "relationship_type": "" }, { "colour": "#0088cc", "local": false, "name": "misp-galaxy:mitre-attack-pattern=\"Input Capture - T1056\"", "relationship_type": "" }, { "colour": "#0088cc", "local": false, "name": "misp-galaxy:mitre-attack-pattern=\"Screen Capture - T1513\"", "relationship_type": "" }, { "colour": "#0088cc", "local": false, "name": "misp-galaxy:mitre-attack-pattern=\"Screen Capture - T1113\"", "relationship_type": "" }, { "colour": "#0088cc", "local": false, "name": "misp-galaxy:mitre-attack-pattern=\"Web Protocols - T1071.001\"", "relationship_type": "" }, { "colour": "#0088cc", "local": false, "name": "misp-galaxy:mitre-attack-pattern=\"Symmetric Cryptography - T1573.001\"", "relationship_type": "" }, { "colour": "#064500", "local": false, "name": "misp-galaxy:mitre-attack-pattern=\"Ingress Tool Transfer - T1105\"", "relationship_type": "" }, { "colour": "#0088cc", "local": false, "name": "misp-galaxy:mitre-attack-pattern=\"Non-Application Layer Protocol - T1095\"", "relationship_type": "" }, { "colour": "#0088cc", "local": false, "name": "misp-galaxy:mitre-attack-pattern=\"Multi-Stage Channels - T1104\"", "relationship_type": "" }, { "colour": "#0088cc", "local": false, "name": "misp-galaxy:mitre-attack-pattern=\"Automated Exfiltration - T1020\"", "relationship_type": "" }, { "colour": "#0088cc", "local": false, "name": "misp-galaxy:mitre-attack-pattern=\"Exfiltration Over C2 Channel - T1041\"", "relationship_type": "" }, { "colour": "#0088cc", "local": false, "name": "misp-galaxy:mitre-attack-pattern=\"Exfiltration Over Command and Control Channel - T1041\"", "relationship_type": "" }, { "colour": "#0088cc", "local": false, "name": "misp-galaxy:mitre-attack-pattern=\"Scheduled Transfer - T1029\"", "relationship_type": "" }, { "colour": "#0088cc", "local": false, "name": "misp-galaxy:tool=\"ESPecter bootkit\"", "relationship_type": "" } ], "Attribute": [ { "category": "Artifacts dropped", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1636639702", "to_ids": false, "type": "text", "uuid": "2a49a854-10b5-4365-91e9-3f4a585eaf42", "value": "EFI/Rootkit.ESPecter" }, { "category": "Artifacts dropped", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1636639702", "to_ids": false, "type": "text", "uuid": "e4f416a2-85e2-43fd-a0d0-f282188e291e", "value": "Win32/Rootkit.ESPecter" }, { "category": "Artifacts dropped", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1636639702", "to_ids": false, "type": "text", "uuid": "0e1708e4-f25e-4ebe-acc7-e77dc5a906dd", "value": "Win64/Rootkit.ESPecter" }, { "category": "Network activity", "comment": "C&C from configurations", "deleted": false, "disable_correlation": false, "timestamp": "1636642000", "to_ids": true, "type": "ip-dst", "uuid": "a74af413-79fa-4909-9c0e-5da293a89d14", "value": "196.1.2.111" }, { "category": "Network activity", "comment": "C&C from configurations", "deleted": false, "disable_correlation": false, "timestamp": "1636642000", "to_ids": true, "type": "ip-dst", "uuid": "ddf93926-3645-4e64-8e21-e3cadcb42dbe", "value": "103.212.69.175" }, { "category": "Network activity", "comment": "C&C from configurations", "deleted": false, "disable_correlation": false, "timestamp": "1636642000", "to_ids": true, "type": "ip-dst", "uuid": "4822dadc-6680-4b7b-948b-5eb0eecf329c", "value": "183.90.187.65" }, { "category": "Network activity", "comment": "C&C from configurations", "deleted": false, "disable_correlation": false, "timestamp": "1636642000", "to_ids": true, "type": "ip-dst", "uuid": "cd507edf-d207-4fc8-ab5a-981f43ba2a51", "value": "61.178.79.69" }, { "category": "Network activity", "comment": "C&C from configurations", "deleted": false, "disable_correlation": false, "timestamp": "1636642000", "to_ids": true, "type": "hostname", "uuid": "8ce804d8-0129-47b2-aadb-e794772944d9", "value": "swj02.gicp.net" }, { "category": "Network activity", "comment": "C&C from configurations", "deleted": false, "disable_correlation": false, "timestamp": "1636642000", "to_ids": true, "type": "hostname", "uuid": "6f4ef921-6bf4-4692-bbad-e48ce05eb228", "value": "server.microsoftassistant.com" }, { "category": "Network activity", "comment": "C&C from configurations", "deleted": false, "disable_correlation": false, "timestamp": "1636642000", "to_ids": true, "type": "hostname", "uuid": "c2f4e331-a13d-49b0-a01a-bc053da56769", "value": "yspark.justdied.com" }, { "category": "Network activity", "comment": "C&C from configurations", "deleted": false, "disable_correlation": false, "timestamp": "1636642000", "to_ids": true, "type": "domain", "uuid": "043a8bb1-1a42-4737-b72c-26c5701aa7f8", "value": "crystalnba.com" }, { "category": "Other", "comment": "Configuration file path", "deleted": false, "disable_correlation": false, "timestamp": "1636707097", "to_ids": false, "type": "text", "uuid": "c3972c5b-f600-426b-8a03-2b82bad6fedb", "value": "%windir%\\Temp\\syslog" }, { "category": "Other", "comment": "Base directory for the collected data (%BaseDir%)", "deleted": false, "disable_correlation": false, "timestamp": "1636710373", "to_ids": false, "type": "text", "uuid": "053dfa99-3d2f-4498-ab6a-544bdd2f06f1", "value": "%sysdir%\\Media\\NPCSJDLFSD" }, { "category": "Other", "comment": "Base directory for the collected data (%BaseDir%)", "deleted": false, "disable_correlation": false, "timestamp": "1636710373", "to_ids": false, "type": "text", "uuid": "604f4489-cfe4-48b6-a71e-4115cc6e1686", "value": "%windir%\\Temp\\NPCSJDLFSD" }, { "category": "Other", "comment": "Screenshots directory", "deleted": false, "disable_correlation": false, "timestamp": "1636712281", "to_ids": false, "type": "text", "uuid": "a41f57f0-b112-4bac-be5d-d079b1ef3654", "value": "%BaseDir%\\SSQWCVBER" }, { "category": "Other", "comment": "Stolen documents directory", "deleted": false, "disable_correlation": false, "timestamp": "1636712316", "to_ids": false, "type": "text", "uuid": "a727a6a4-d692-46a6-a471-ca8438b99206", "value": "%BaseDir%\\UTXZCZXQ" }, { "category": "Other", "comment": "Intercepted keyboard logs directory", "deleted": false, "disable_correlation": false, "timestamp": "1636712345", "to_ids": false, "type": "text", "uuid": "6bb145ae-a23b-4186-98e6-4af2afe63a85", "value": "%BaseDir%\\KLACVSWER" }, { "category": "Other", "comment": "Encrypted user-mode payloads files", "deleted": false, "disable_correlation": false, "timestamp": "1636712375", "to_ids": false, "type": "text", "uuid": "36eab666-2303-41b4-86db-d2d4630b1c4b", "value": "%windir%\\Temp\\dd_vcredist" }, { "category": "Other", "comment": "Encrypted user-mode payloads files", "deleted": false, "disable_correlation": false, "timestamp": "1636712375", "to_ids": false, "type": "text", "uuid": "5daed22d-ca0c-49d0-af03-d71fc869467b", "value": "%windir%\\Temp\\memlog" }, { "category": "Other", "comment": "Encrypted user-mode payloads files", "deleted": false, "disable_correlation": false, "timestamp": "1636712375", "to_ids": false, "type": "text", "uuid": "e7adc49c-33af-4fc7-9111-d8a7a5479dce", "value": "%windir%\\Temp\\vmmmlog" }, { "category": "Other", "comment": "Encrypted user-mode payloads files", "deleted": false, "disable_correlation": false, "timestamp": "1636712375", "to_ids": false, "type": "text", "uuid": "53a6c33c-ba99-4e25-9741-bac2877adfe0", "value": "%windir%\\Temp\\vmmmmlog" }, { "category": "Other", "comment": "Decrypted user-mode payloads files", "deleted": false, "disable_correlation": false, "timestamp": "1636712399", "to_ids": false, "type": "text", "uuid": "387b69b7-6336-4b2f-aaf2-61ca43c12dbf", "value": "%windir%\\Temp\\vmmmlog.exe" }, { "category": "Other", "comment": "Decrypted user-mode payloads files", "deleted": false, "disable_correlation": false, "timestamp": "1636712399", "to_ids": false, "type": "text", "uuid": "f134b566-0efa-4e8d-a0c2-983ab1a10951", "value": "%windir%\\Temp\\vmmmmlog.exe" }, { "category": "Other", "comment": "Decrypted user-mode payloads files", "deleted": false, "disable_correlation": false, "timestamp": "1636712399", "to_ids": false, "type": "text", "uuid": "f9fc7f74-52ed-4b13-aa18-cb696b3f71b2", "value": "\\SystemRoot\\System32\\Client.dll" }, { "category": "Other", "comment": "Decrypted user-mode payloads files", "deleted": false, "disable_correlation": false, "timestamp": "1636712399", "to_ids": false, "type": "text", "uuid": "f07e6d67-1608-4ecf-841a-beebc4d55450", "value": "\\SystemRoot\\System32\\WinSys.dll" }, { "category": "Other", "comment": "Backed up clean null.sys or beep.sys driver path", "deleted": false, "disable_correlation": false, "timestamp": "1636712424", "to_ids": false, "type": "text", "uuid": "81db953f-ae79-4e07-95cf-86c9aa5f315b", "value": "%windir%\\\\Help\\\\intel.chm" } ], "Object": [ { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "timestamp": "1636712659", "uuid": "3de8d0d9-4538-4295-86c4-4a8c2115d031", "Attribute": [ { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1636712659", "to_ids": true, "type": "sha1", "uuid": "201fdac1-bcda-4361-80f1-8343eb926eba", "value": "6b2ad6114029d60f7c40f306271669b3a69ea270" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1636712659", "to_ids": true, "type": "filename", "uuid": "81fc1025-f6c3-44e3-a106-fb82503e2642", "value": "WinSys.dll" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "timestamp": "1636712641", "uuid": "a1e4283a-d00f-4c04-b605-19b4df73fa29", "Attribute": [ { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1636712641", "to_ids": true, "type": "sha1", "uuid": "c384ad11-71de-41a0-bf4e-f25b5decc139", "value": "0a97efa15a62e90d71f643b693b3dd3cf2657b9f" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1636712641", "to_ids": true, "type": "filename", "uuid": "85c4cf24-9c78-486f-a50b-c9a7541054a5", "value": "WinSys.dll" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "timestamp": "1636712546", "uuid": "d3624e94-1ce5-439d-800d-b14cde62ca8c", "Attribute": [ { "category": "Payload delivery", "comment": "Legacy BIOS version installers", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1636712546", "to_ids": true, "type": "sha1", "uuid": "ec7e1ece-ddbc-4eb8-9f6d-bfb4b0f75eb3", "value": "7f501aeb51ce3232a979ccf0e11278346f746d1f" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "timestamp": "1636712624", "uuid": "7ed3898f-469c-4503-9ced-31ef0edc4598", "Attribute": [ { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1636712624", "to_ids": true, "type": "sha1", "uuid": "71a57b02-a4fb-47c4-8e57-f9451065aaf4", "value": "81e6d19865647dc160861e2154d6903fc78c7dfb" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1636712624", "to_ids": true, "type": "filename", "uuid": "9fec9793-7957-43a7-9caa-d70d5fd8a73c", "value": "WinSys.dll" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "timestamp": "1636712568", "uuid": "bdfbf198-91a4-4e34-87fa-20ffbcb938cb", "Attribute": [ { "category": "Payload delivery", "comment": "Kernel drivers", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1636712568", "to_ids": true, "type": "sha1", "uuid": "f58e6402-e77e-48bb-b650-786c93e15513", "value": "cae4b2c049542fd28667ca6e9afa440b3f0138f9" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "timestamp": "1636712677", "uuid": "44ecfdbb-15ad-4da5-ae60-ae9e86a8fcbd", "Attribute": [ { "category": "Payload delivery", "comment": "Kernel drivers", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1636712677", "to_ids": true, "type": "sha1", "uuid": "db633b84-89b5-44aa-ae9d-b18fe09efbb5", "value": "09f0f17aeccdef5cb1112bc9bef0fe4f828d6d3b" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "timestamp": "1636712693", "uuid": "7c8585c7-f16d-4160-b518-f64330929a65", "Attribute": [ { "category": "Payload delivery", "comment": "Kernel drivers", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1636712693", "to_ids": true, "type": "sha1", "uuid": "457984b3-27e1-4dc4-9821-178d1d8ee84e", "value": "99dc33bedf4cb9bdbdf04cc60e1da55cfbeadc09" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "timestamp": "1636712714", "uuid": "6e6295bb-4caa-4c86-9c3b-7982df4b1579", "Attribute": [ { "category": "Payload delivery", "comment": "Kernel drivers", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1636712714", "to_ids": true, "type": "sha1", "uuid": "e970d552-46ee-4638-9707-1ab6fe61d621", "value": "c06eeb1600cf4e8aac91730e00dd7c169738afde" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "timestamp": "1636712725", "uuid": "8434d591-d6d9-4043-a68b-b7f7aa7632cb", "Attribute": [ { "category": "Payload delivery", "comment": "Legacy BIOS version installers", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1636712725", "to_ids": true, "type": "sha1", "uuid": "956aba87-8feb-4624-9428-db302b4ad8d4", "value": "dcd42b04705b784ad62bb36e17305b6e6414f033" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "timestamp": "1636712739", "uuid": "3a91a09d-baab-4f83-b313-f17e83e6225b", "Attribute": [ { "category": "Payload delivery", "comment": "Kernel drivers", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1636712739", "to_ids": true, "type": "sha1", "uuid": "60450c05-c377-429d-a1ac-86295ac74734", "value": "374d1a399ef44472ee088563d621df28221cbcce" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "timestamp": "1636712757", "uuid": "8f23b33c-1f63-4a59-88d5-f1913185f8c2", "Attribute": [ { "category": "Payload delivery", "comment": "Compromised UEFI Windows Boot Manager", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1636712757", "to_ids": true, "type": "sha1", "uuid": "820675a1-31fd-442b-a9f3-cd2dadd12ec1", "value": "8ab33e432c8bee54ae759dfb5346d21387f26902" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "timestamp": "1636712774", "uuid": "5076da52-2497-4dcd-b7eb-6b13bd387df5", "Attribute": [ { "category": "Payload delivery", "comment": "Legacy BIOS version installers", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1636712774", "to_ids": true, "type": "sha1", "uuid": "ea4d5b00-06ff-4014-9202-11bf04beb033", "value": "656c263fa004bb3e6f3ee6ef6767d101869c7f7c" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "timestamp": "1636712795", "uuid": "313ae7bc-b8cb-4fc6-b646-8379f9fb0917", "Attribute": [ { "category": "Payload delivery", "comment": "Legacy BIOS version installers", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1636712795", "to_ids": true, "type": "sha1", "uuid": "1ccc56d1-2711-40f1-848f-37af88296f77", "value": "1d75bfb18ffc0b820cb36acf8707343fa6679863" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "timestamp": "1636718982", "uuid": "0ac2f3e6-37a7-4ad6-ab4b-b6d20c19e775", "Attribute": [ { "category": "Payload delivery", "comment": "Kernel drivers", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1636718982", "to_ids": true, "type": "sha1", "uuid": "9aa4c900-1ea6-4847-be0c-b3bb3811e19e", "value": "865f5b87b5f6fb75f3ec68ca05a21cc36446812f" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "timestamp": "1636719000", "uuid": "8cb316d8-7c13-4d62-ae36-65336aaa80fb", "Attribute": [ { "category": "Payload delivery", "comment": "Legacy BIOS version installers", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1636719000", "to_ids": true, "type": "sha1", "uuid": "3c747127-2721-41bf-bfa7-ae6080f423e1", "value": "9f6df0a011748160b0c18fb2b44ebe9fa9d517e9" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "timestamp": "1636719028", "uuid": "d24fb77d-e776-4d2b-9480-4c430733a2d9", "Attribute": [ { "category": "Payload delivery", "comment": "Legacy BIOS version installers", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1636719028", "to_ids": true, "type": "sha1", "uuid": "5ad18bbe-bc0c-4aee-aa08-108f8c6a2943", "value": "2c22ae243fdc08b84b38d9580900a9a9e3823acf" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "timestamp": "1636719042", "uuid": "3bae573d-d93e-468a-8406-47b55de6e76f", "Attribute": [ { "category": "Payload delivery", "comment": "Legacy BIOS version installers", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1636719042", "to_ids": true, "type": "sha1", "uuid": "7096ce05-0023-4396-9a3c-836bba036a6a", "value": "abc03a234233c63330c744fda784385273af395b" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "timestamp": "1636719164", "uuid": "436005da-d100-4543-9329-6939546bcd98", "Attribute": [ { "category": "Payload delivery", "comment": "Kernel drivers", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1636719164", "to_ids": true, "type": "sha1", "uuid": "c5b860ff-2172-4d1d-8d4d-c18b1fdff2ef", "value": "7ad4442d3c02fa145bef9bf18c9464c3e4449224" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "timestamp": "1636719178", "uuid": "59c35d4e-4420-4266-992f-1aa58906e157", "Attribute": [ { "category": "Payload delivery", "comment": "Legacy BIOS version installers", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1636719178", "to_ids": true, "type": "sha1", "uuid": "640961ee-8ced-47c7-81fd-5030271f64b2", "value": "a8b4fe8a421c86eae060bb8bf525ef1e1fc133b2" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "timestamp": "1636719203", "uuid": "2f941274-cb1e-4499-8407-1af90a163231", "Attribute": [ { "category": "Payload delivery", "comment": "Legacy BIOS version installers", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1636719203", "to_ids": true, "type": "sha1", "uuid": "efd031a7-907c-4082-a074-2d7d5cf1a754", "value": "08077d940f2b385fbd287d84edb58493136c8391" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "timestamp": "1636719337", "uuid": "0e48addd-4a98-4045-9725-3d43918787c9", "Attribute": [ { "category": "Payload delivery", "comment": "Compromised UEFI Windows Boot Manager", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1636719337", "to_ids": true, "type": "sha1", "uuid": "2e39aa21-5745-4fec-9806-f2b2240a658b", "value": "27ad0a8a88eab01e2b48ba19d2aaabf360ece5b8" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "timestamp": "1636719408", "uuid": "28c3fa40-019d-4de0-b203-eb3b4921cf08", "Attribute": [ { "category": "Payload delivery", "comment": "Legacy BIOS version installers", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1636719408", "to_ids": true, "type": "sha1", "uuid": "bd087164-c556-4836-8bfd-e93d1f454adf", "value": "3ac6f9458a4a1a16390379621fdd230c656fc444" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "timestamp": "1636719452", "uuid": "bf9c1674-2f1d-4a0c-8fa6-7efa805f8dd6", "Attribute": [ { "category": "Payload delivery", "comment": "Legacy BIOS version installers", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1636719452", "to_ids": true, "type": "sha1", "uuid": "c3922256-6777-45c2-a3cb-d0cf8177cf76", "value": "37e49dbceb1354d508319548a7efbd149bfa0e8d" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "timestamp": "1636719470", "uuid": "e2c5cac5-a603-44ad-a47a-e4e11795d57b", "Attribute": [ { "category": "Payload delivery", "comment": "Kernel drivers", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1636719470", "to_ids": true, "type": "sha1", "uuid": "26093294-6ca8-4863-b673-e469bc27c83e", "value": "ca19347287fce93f2c675efdf88c8b0db4910929" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "timestamp": "1636719813", "uuid": "a88b2df4-d1c2-4ad3-8f92-bca70dca1cc5", "Attribute": [ { "category": "Payload delivery", "comment": "Kernel drivers", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1636719813", "to_ids": true, "type": "sha1", "uuid": "705b419e-3f71-42a7-a54e-6bf8cc939c62", "value": "c8c2c127ec6af87d96b058ff023b534f1237215c" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "timestamp": "1636720590", "uuid": "83cd3826-3f69-48e2-b91d-c319ecd366be", "Attribute": [ { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1636720590", "to_ids": true, "type": "sha1", "uuid": "ab8fad2c-7210-45ed-8285-5be08f14221e", "value": "c7fe86e5981b39927275873c3a386cb1d8c93a6b" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1636720590", "to_ids": true, "type": "filename", "uuid": "abe194c7-5fae-467d-ba69-ed9a5e16610e", "value": "WinSys.dll" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "timestamp": "1636720773", "uuid": "5d3cc885-69a8-44b6-942d-76a205b5b9bf", "Attribute": [ { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1636720773", "to_ids": true, "type": "sha1", "uuid": "96eb5311-75ae-458b-bf8a-0f41664ee161", "value": "180b0e6a4a3334aaa4249b3d631695a31eb45d7a" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1636720773", "to_ids": true, "type": "filename", "uuid": "e6bd4bcf-87ca-40cb-8f3c-b81f71188577", "value": "WinSys.dll" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "timestamp": "1636720803", "uuid": "c3680318-bdc8-4e35-9722-7401eac56247", "Attribute": [ { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1636720803", "to_ids": true, "type": "sha1", "uuid": "a0e0d316-bb46-42cf-8595-9dd6f45c61bd", "value": "030b97860ed5a3089c5e8efb8edd7cc359134124" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1636720803", "to_ids": true, "type": "filename", "uuid": "bda672dc-10f7-4adb-98a9-eeb464ff0dfd", "value": "WinSys.dll" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "timestamp": "1636722478", "uuid": "92800ef6-15f8-48b7-90ea-e8a819affda4", "Attribute": [ { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1636722478", "to_ids": true, "type": "sha1", "uuid": "c3901a78-5cfb-47c7-b7e7-40e3acae68ca", "value": "26f7757602000bcc3c18a887dbc7416ae43bf61a" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1636722478", "to_ids": true, "type": "filename", "uuid": "11c77d67-057f-4976-86fe-f404daf14c08", "value": "WinSys.dll" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "timestamp": "1636722428", "uuid": "4897f3a4-3ae7-45e3-82a3-b14314cbfc29", "Attribute": [ { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1636722428", "to_ids": true, "type": "sha1", "uuid": "4e95abab-70c2-4dd7-bc13-20582e8f927e", "value": "abb410a4f863b101c218990664981914d14f1e58" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1636722428", "to_ids": true, "type": "filename", "uuid": "bb9e1c9a-9a59-4632-a4de-1bb4753f5501", "value": "WinSys.dll" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "timestamp": "1636720564", "uuid": "2fe0f668-8003-49d9-98e8-d5123f12a56d", "Attribute": [ { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1636720564", "to_ids": true, "type": "sha1", "uuid": "6de73982-5bdf-46e4-bfac-2b0cead8d79f", "value": "0a8a388911a7a368fc1cf111fb26ba92a19fed3e" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1636720564", "to_ids": true, "type": "filename", "uuid": "6d7845fe-55b9-487b-9ff6-c8aaa3eddc9a", "value": "WinSys.dll" } ] }, { "comment": "", "deleted": false, "description": "Metadata used to generate an executive level report", "meta-category": "misc", "name": "report", "template_uuid": "70a68471-df22-4e3f-aa1a-5a3be19f82df", "template_version": "4", "timestamp": "1636723218", "uuid": "00757583-07b5-44cf-aaf0-7e71aebf60ff", "Attribute": [ { "category": "External analysis", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "link", "timestamp": "1636723218", "to_ids": false, "type": "link", "uuid": "0421b6c2-5056-4448-9950-199a346cada2", "value": "https://www.welivesecurity.com/2021/10/05/uefi-threats-moving-esp-introducing-especter-bootkit/" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "summary", "timestamp": "1636723218", "to_ids": false, "type": "text", "uuid": "6eb32b17-8975-4ca9-994f-21f4e10f2203", "value": "ESET researchers have analyzed a previously undocumented, real-world UEFI bootkit that persists on the EFI System Partition (ESP). The bootkit, which we\u2019ve named ESPecter, can bypass Windows Driver Signature Enforcement to load its own unsigned driver, which facilitates its espionage activities. Alongside Kaspersky\u2019s recent discovery of the unrelated FinSpy bootkit, it is now safe to say that real-world UEFI threats are no longer limited to SPI flash implants, as used by Lojax." }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "type", "timestamp": "1636723218", "to_ids": false, "type": "text", "uuid": "66228cc7-a06e-41fe-bc32-f278038eb512", "value": "Online Article" } ] }, { "comment": "", "deleted": false, "description": "Metadata used to generate an executive level report", "meta-category": "misc", "name": "report", "template_uuid": "70a68471-df22-4e3f-aa1a-5a3be19f82df", "template_version": "4", "timestamp": "1637309504", "uuid": "704e5969-5b1d-4325-b7fc-4a6d923bbda5", "Attribute": [ { "category": "External analysis", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "link", "timestamp": "1637309504", "to_ids": false, "type": "link", "uuid": "d1c1cf4e-6d05-4e71-8e8f-fa03cf3a7ae8", "value": "https://github.com/eset/malware-ioc/tree/master/especter" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "type", "timestamp": "1637309504", "to_ids": false, "type": "text", "uuid": "b86f621a-6a55-4335-85b1-3d118630e883", "value": "Report" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "timestamp": "1637335864", "uuid": "a9021b55-afc0-437c-b972-3079eab113d1", "ObjectReference": [ { "comment": "", "object_uuid": "a9021b55-afc0-437c-b972-3079eab113d1", "referenced_uuid": "7ef11d83-1085-4d24-910e-5f66372ed7ef", "relationship_type": "analysed-with", "timestamp": "1637335864", "uuid": "1f971027-eb1a-45f1-aedf-48f51954d1eb" } ], "Attribute": [ { "category": "Payload delivery", "comment": "Legacy BIOS version installers", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1636712795", "to_ids": true, "type": "md5", "uuid": "b591f7f1-78ed-41ee-87b2-b11303cb9225", "value": "6d1a47574ef7598017c13d64769cccfb" }, { "category": "Payload delivery", "comment": "Legacy BIOS version installers", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1636712795", "to_ids": true, "type": "sha1", "uuid": "1b29804c-4b2b-41b0-8951-30bc5ed6b689", "value": "1d75bfb18ffc0b820cb36acf8707343fa6679863" }, { "category": "Payload delivery", "comment": "Legacy BIOS version installers", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1636712795", "to_ids": true, "type": "sha256", "uuid": "f338c7ef-afd3-439e-a4e5-bcaff1669b23", "value": "d61417d72a054d45ee33e395079e9d674f891a42ed0ec5357b5a8d91c69858a6" } ] }, { "comment": "", "deleted": false, "description": "VirusTotal report", "meta-category": "misc", "name": "virustotal-report", "template_uuid": "d7dd0154-e04f-4c34-a2fb-79f3a3a52aa4", "template_version": "4", "timestamp": "1637335864", "uuid": "7ef11d83-1085-4d24-910e-5f66372ed7ef", "Attribute": [ { "category": "Other", "comment": "Legacy BIOS version installers", "deleted": false, "disable_correlation": true, "object_relation": "last-submission", "timestamp": "1636712795", "to_ids": false, "type": "datetime", "uuid": "05c8364f-3b9f-43a2-bbfa-bc5ec545ceda", "value": "2021-10-23T06:24:22+00:00" }, { "category": "Payload delivery", "comment": "Legacy BIOS version installers", "deleted": false, "disable_correlation": true, "object_relation": "permalink", "timestamp": "1636712795", "to_ids": false, "type": "link", "uuid": "517a0bfc-2991-4230-8f32-53ae840b286d", "value": "https://www.virustotal.com/gui/file/d61417d72a054d45ee33e395079e9d674f891a42ed0ec5357b5a8d91c69858a6/detection/f-d61417d72a054d45ee33e395079e9d674f891a42ed0ec5357b5a8d91c69858a6-1634970262" }, { "category": "Payload delivery", "comment": "Legacy BIOS version installers", "deleted": false, "disable_correlation": true, "object_relation": "detection-ratio", "timestamp": "1636712795", "to_ids": false, "type": "text", "uuid": "381a6904-7917-4045-abb1-d935df6f7bde", "value": "51/68" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "timestamp": "1637335864", "uuid": "31bcc06e-f214-4193-bd07-83a32e27ad7d", "ObjectReference": [ { "comment": "", "object_uuid": "31bcc06e-f214-4193-bd07-83a32e27ad7d", "referenced_uuid": "aad7d8b5-905e-4cf6-9e67-6182ce4de562", "relationship_type": "analysed-with", "timestamp": "1637335864", "uuid": "b79f665f-478e-4856-bb2b-eac024f9c385" } ], "Attribute": [ { "category": "Payload delivery", "comment": "Legacy BIOS version installers", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1636719028", "to_ids": true, "type": "md5", "uuid": "73520d9b-46cb-49a9-ab97-9d99b122643b", "value": "3846c93e3f937b2ba156d28943be1bc9" }, { "category": "Payload delivery", "comment": "Legacy BIOS version installers", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1636719028", "to_ids": true, "type": "sha1", "uuid": "bb3a5601-3e5f-46c2-924a-5783e7a099b5", "value": "2c22ae243fdc08b84b38d9580900a9a9e3823acf" }, { "category": "Payload delivery", "comment": "Legacy BIOS version installers", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1636719028", "to_ids": true, "type": "sha256", "uuid": "b1ecd34b-88c4-4fd7-9527-d628d90f16e8", "value": "021ec918c30a65a9f93919cedf57e8c935df3e773e03b74704d14fabcab89c5b" } ] }, { "comment": "", "deleted": false, "description": "VirusTotal report", "meta-category": "misc", "name": "virustotal-report", "template_uuid": "d7dd0154-e04f-4c34-a2fb-79f3a3a52aa4", "template_version": "4", "timestamp": "1637335864", "uuid": "aad7d8b5-905e-4cf6-9e67-6182ce4de562", "Attribute": [ { "category": "Other", "comment": "Legacy BIOS version installers", "deleted": false, "disable_correlation": true, "object_relation": "last-submission", "timestamp": "1636719028", "to_ids": false, "type": "datetime", "uuid": "30970fd5-8c1f-400d-a782-c6fd7f440cf8", "value": "2021-10-27T13:27:29+00:00" }, { "category": "Payload delivery", "comment": "Legacy BIOS version installers", "deleted": false, "disable_correlation": true, "object_relation": "permalink", "timestamp": "1636719028", "to_ids": false, "type": "link", "uuid": "dea2c8bd-664a-4cfb-91dc-925ed568a53e", "value": "https://www.virustotal.com/gui/file/021ec918c30a65a9f93919cedf57e8c935df3e773e03b74704d14fabcab89c5b/detection/f-021ec918c30a65a9f93919cedf57e8c935df3e773e03b74704d14fabcab89c5b-1635341249" }, { "category": "Payload delivery", "comment": "Legacy BIOS version installers", "deleted": false, "disable_correlation": true, "object_relation": "detection-ratio", "timestamp": "1636719028", "to_ids": false, "type": "text", "uuid": "fc178cf5-6ef6-4bf9-9647-bf9ad621c001", "value": "57/68" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "timestamp": "1637335864", "uuid": "e69670e4-f98d-4be6-953c-933b681d802b", "ObjectReference": [ { "comment": "", "object_uuid": "e69670e4-f98d-4be6-953c-933b681d802b", "referenced_uuid": "3e418ab5-d67d-46cd-b630-f40b287784b7", "relationship_type": "analysed-with", "timestamp": "1637335864", "uuid": "b94082c1-3884-48b4-89cb-59e322037a9a" } ], "Attribute": [ { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1636720590", "to_ids": true, "type": "md5", "uuid": "f56572f3-5194-4a81-83ee-d746b3bbd71d", "value": "73ba4d13914f30dd8b36bc2fd561c0df" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1636720590", "to_ids": true, "type": "sha1", "uuid": "38e04073-1f2e-4d55-a44f-6115bde1bdbf", "value": "c7fe86e5981b39927275873c3a386cb1d8c93a6b" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1636720590", "to_ids": true, "type": "sha256", "uuid": "89a7d94f-a6f4-463d-8f3d-46be09162678", "value": "e2bb96b57fa337e3ee2f7d26b1710a80e89449c41c77ff58073cd386dbf83b63" } ] }, { "comment": "", "deleted": false, "description": "VirusTotal report", "meta-category": "misc", "name": "virustotal-report", "template_uuid": "d7dd0154-e04f-4c34-a2fb-79f3a3a52aa4", "template_version": "4", "timestamp": "1637335864", "uuid": "3e418ab5-d67d-46cd-b630-f40b287784b7", "Attribute": [ { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "last-submission", "timestamp": "1636720590", "to_ids": false, "type": "datetime", "uuid": "42d04113-0f63-403b-a40e-bae622212d24", "value": "2021-10-23T05:15:58+00:00" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "permalink", "timestamp": "1636720590", "to_ids": false, "type": "link", "uuid": "96171dfc-6935-4a36-ac21-57f3bab010e4", "value": "https://www.virustotal.com/gui/file/e2bb96b57fa337e3ee2f7d26b1710a80e89449c41c77ff58073cd386dbf83b63/detection/f-e2bb96b57fa337e3ee2f7d26b1710a80e89449c41c77ff58073cd386dbf83b63-1634966158" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "detection-ratio", "timestamp": "1636720590", "to_ids": false, "type": "text", "uuid": "3adb1480-8bc7-40cc-a306-c0a1f6ffd0ea", "value": "50/65" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "timestamp": "1637335864", "uuid": "0ce970ae-28ab-457c-a377-d083e527e699", "ObjectReference": [ { "comment": "", "object_uuid": "0ce970ae-28ab-457c-a377-d083e527e699", "referenced_uuid": "9c96483f-0733-4016-80cf-7e5a090da564", "relationship_type": "analysed-with", "timestamp": "1637335865", "uuid": "3a4e8a32-c582-4a56-b4d8-9215c7c19ea0" } ], "Attribute": [ { "category": "Payload delivery", "comment": "Legacy BIOS version installers", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1636712546", "to_ids": true, "type": "md5", "uuid": "bdf72c3c-efe5-445e-a651-08688e3d7679", "value": "2025cc89204d851a57c02a9fd441b619" }, { "category": "Payload delivery", "comment": "Legacy BIOS version installers", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1636712546", "to_ids": true, "type": "sha1", "uuid": "6b3b1f25-767d-48c5-a29e-c283c10c54cb", "value": "7f501aeb51ce3232a979ccf0e11278346f746d1f" }, { "category": "Payload delivery", "comment": "Legacy BIOS version installers", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1636712546", "to_ids": true, "type": "sha256", "uuid": "fa7bf2f4-c0d7-4964-8e7a-2ce7b774535c", "value": "5ef62c780d7c9f82dea098972f66d5b3367841913444933cdb779adaecd06d1a" } ] }, { "comment": "", "deleted": false, "description": "VirusTotal report", "meta-category": "misc", "name": "virustotal-report", "template_uuid": "d7dd0154-e04f-4c34-a2fb-79f3a3a52aa4", "template_version": "4", "timestamp": "1637335864", "uuid": "9c96483f-0733-4016-80cf-7e5a090da564", "Attribute": [ { "category": "Other", "comment": "Legacy BIOS version installers", "deleted": false, "disable_correlation": true, "object_relation": "last-submission", "timestamp": "1636712546", "to_ids": false, "type": "datetime", "uuid": "32a4ae15-59c8-4768-b6fc-8beb9fbf0ce0", "value": "2021-10-27T13:33:01+00:00" }, { "category": "Payload delivery", "comment": "Legacy BIOS version installers", "deleted": false, "disable_correlation": true, "object_relation": "permalink", "timestamp": "1636712546", "to_ids": false, "type": "link", "uuid": "f4b1d9c6-bb59-4700-8263-7855d059bdeb", "value": "https://www.virustotal.com/gui/file/5ef62c780d7c9f82dea098972f66d5b3367841913444933cdb779adaecd06d1a/detection/f-5ef62c780d7c9f82dea098972f66d5b3367841913444933cdb779adaecd06d1a-1635341581" }, { "category": "Payload delivery", "comment": "Legacy BIOS version installers", "deleted": false, "disable_correlation": true, "object_relation": "detection-ratio", "timestamp": "1636712546", "to_ids": false, "type": "text", "uuid": "1d400c2b-d36d-4506-b05c-897f203ca794", "value": "56/67" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "timestamp": "1637335864", "uuid": "b9b484e5-731d-432a-b5eb-6013142e1fb7", "ObjectReference": [ { "comment": "", "object_uuid": "b9b484e5-731d-432a-b5eb-6013142e1fb7", "referenced_uuid": "6587653a-065f-49f1-958a-83869a219db6", "relationship_type": "analysed-with", "timestamp": "1637335865", "uuid": "cc92de90-731c-4ad9-84fa-1aa570076ac5" } ], "Attribute": [ { "category": "Payload delivery", "comment": "Legacy BIOS version installers", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1636719000", "to_ids": true, "type": "md5", "uuid": "4f06f034-1e7c-4921-992e-e665de4e0251", "value": "64e1aa6f5dca669ba51678157058d54b" }, { "category": "Payload delivery", "comment": "Legacy BIOS version installers", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1636719000", "to_ids": true, "type": "sha1", "uuid": "ea122871-43c7-4959-adfb-47139d7db49b", "value": "9f6df0a011748160b0c18fb2b44ebe9fa9d517e9" }, { "category": "Payload delivery", "comment": "Legacy BIOS version installers", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1636719000", "to_ids": true, "type": "sha256", "uuid": "bdeccc71-9d31-4f91-b2a1-66e6eada978c", "value": "6b0cd074a6c556f4d1fe0088c15160eb13f847974c4307f9eeeea4dc33d49286" } ] }, { "comment": "", "deleted": false, "description": "VirusTotal report", "meta-category": "misc", "name": "virustotal-report", "template_uuid": "d7dd0154-e04f-4c34-a2fb-79f3a3a52aa4", "template_version": "4", "timestamp": "1637335864", "uuid": "6587653a-065f-49f1-958a-83869a219db6", "Attribute": [ { "category": "Other", "comment": "Legacy BIOS version installers", "deleted": false, "disable_correlation": true, "object_relation": "last-submission", "timestamp": "1636719000", "to_ids": false, "type": "datetime", "uuid": "f97edadd-688f-4cfb-8fb2-b69a83e217f1", "value": "2021-10-23T05:36:39+00:00" }, { "category": "Payload delivery", "comment": "Legacy BIOS version installers", "deleted": false, "disable_correlation": true, "object_relation": "permalink", "timestamp": "1636719000", "to_ids": false, "type": "link", "uuid": "3e1531f7-83ed-4473-b620-1096d22a40a6", "value": "https://www.virustotal.com/gui/file/6b0cd074a6c556f4d1fe0088c15160eb13f847974c4307f9eeeea4dc33d49286/detection/f-6b0cd074a6c556f4d1fe0088c15160eb13f847974c4307f9eeeea4dc33d49286-1634967399" }, { "category": "Payload delivery", "comment": "Legacy BIOS version installers", "deleted": false, "disable_correlation": true, "object_relation": "detection-ratio", "timestamp": "1636719000", "to_ids": false, "type": "text", "uuid": "b5145342-6351-4be6-ac1b-b467ff01969d", "value": "52/68" } ] } ] } }