adulau/misp-circl-feed
1
0
Fork 0
Code Issues 1 Pull requests Projects 1 Releases Packages Wiki Activity Actions
misp-circl-feed/feeds/circl/misp/5defbf60-c77c-4611-b627-03e368f8e8cf.json

1294 lines
No EOL
45 KiB
JSON
Raw Permalink Blame History

{
"Event": {
"analysis": "0",
"date": "2019-12-10",
"extends_uuid": "",
"info": "2019-12-10: TrickBot Project \u00e2\u20ac\u0153Anchor:\u00e2\u20ac\u009d Window Into Sophisticated Operation",
"publish_timestamp": "1622029338",
"published": true,
"threat_level_id": "2",
"timestamp": "1621850506",
"uuid": "5defbf60-c77c-4611-b627-03e368f8e8cf",
"Orgc": {
"name": "VK_INTEL_EVIL",
"uuid": "5d2fbc3a-e520-4bf9-89b7-1b0a68f8e8cf"
},
"Tag": [
{
"colour": "#cdce6a",
"local": false,
"name": "Banker: TrickBot",
"relationship_type": ""
},
{
"colour": "#000000",
"local": false,
"name": "Anchor",
"relationship_type": ""
},
{
"colour": "#0dd733",
"local": false,
"name": "Memory Scraper",
"relationship_type": ""
},
{
"colour": "#0088cc",
"local": false,
"name": "misp-galaxy:malpedia=\"TrickBot\"",
"relationship_type": ""
},
{
"colour": "#004646",
"local": false,
"name": "type:OSINT",
"relationship_type": ""
},
{
"colour": "#0071c3",
"local": false,
"name": "osint:lifetime=\"perpetual\"",
"relationship_type": ""
},
{
"colour": "#0087e8",
"local": false,
"name": "osint:certainty=\"50\"",
"relationship_type": ""
},
{
"colour": "#ffffff",
"local": false,
"name": "tlp:white",
"relationship_type": ""
}
],
"Attribute": [
{
"category": "Payload installation",
"comment": "Trick Anchor Yara",
"deleted": false,
"disable_correlation": false,
"timestamp": "1575993294",
"to_ids": false,
"type": "yara",
"uuid": "5defbfce-cb0c-4c33-8b93-74cf68f8e8cf",
"value": "rule crime_win32_anchor_trick_1\r\n{\r\nmeta:\r\n description = \"Detects Anchor malware\"\r\n author = \"Jason Reaves\"\r\n\r\nstrings: \r\n$s1 = \"D:\\\\Win32.ogw0rm\" nocase\r\n$s2 = \"MyProjects\\\\memoryScraper\" nocase\r\n$s3 = \"\\\\MyProjects\\\\secondWork\\\\Anchor\" nocase\r\n$s4 = \"\\\\MyProjects\\\\secondWork\\\\psExecutor\" nocase\r\n$s5 = \"\\\\MyProjects\\\\mailCollection\" nocase\r\n$s6 = \"\\\\MyProjects\\\\spreader\" nocase\r\ncondition:\r\nany of them\r\n}"
},
{
"category": "Payload delivery",
"comment": "Memscraper payload",
"deleted": false,
"disable_correlation": false,
"timestamp": "1575993421",
"to_ids": true,
"type": "sha256",
"uuid": "5defc04d-a59c-47ac-a1a5-03fd19d2faa1",
"value": "e54a267e788cc076c870eba0ff16920f9cb49207a034a8b6bfd92abc5a5f7434"
},
{
"category": "Payload delivery",
"comment": "Memscraper payload",
"deleted": false,
"disable_correlation": false,
"timestamp": "1575993421",
"to_ids": true,
"type": "sha256",
"uuid": "5defc04d-4b78-433d-9f82-03fd19d2faa1",
"value": "d584e868f867c6251e115b7909559da784f25b778192c6a24e49685f80257e4d"
},
{
"category": "Payload delivery",
"comment": "Memscraper DNS variant",
"deleted": false,
"disable_correlation": false,
"timestamp": "1575993421",
"to_ids": true,
"type": "sha256",
"uuid": "5defc04d-08c0-4909-85e3-03fd19d2faa1",
"value": "354936f4265a5e870374a3fe9378cf9a3e7dd45ee4626b971d6b7b0837f4f181"
},
{
"category": "Payload delivery",
"comment": "Memscraper DNS variant",
"deleted": false,
"disable_correlation": false,
"timestamp": "1575993421",
"to_ids": true,
"type": "sha256",
"uuid": "5defc04d-e5c0-4a82-b368-03fd19d2faa1",
"value": "54257aa2394ef87dd510da00e0583b670f3eb43e2eef86be4db69c3432e99abd"
},
{
"category": "Payload delivery",
"comment": "Anchor Deinstaller",
"deleted": false,
"disable_correlation": false,
"timestamp": "1575993421",
"to_ids": true,
"type": "sha256",
"uuid": "5defc04d-f520-4bdf-9db1-03fd19d2faa1",
"value": "b288c3b3f5886b1cd7b6600df2b8046f2c0fd17360fb188ecfbcc8f6b7e552a5"
},
{
"category": "Payload delivery",
"comment": "Anchor Installer",
"deleted": false,
"disable_correlation": false,
"timestamp": "1575993421",
"to_ids": true,
"type": "sha256",
"uuid": "5defc04d-d238-48e8-889e-03fd19d2faa1",
"value": "52a1ca4e65a99f997db0314add8c3b84c6f257844eda73ae6e5debce6abc2bd4"
},
{
"category": "Payload delivery",
"comment": "Anchor Bot",
"deleted": false,
"disable_correlation": false,
"timestamp": "1575993421",
"to_ids": true,
"type": "sha256",
"uuid": "5defc04d-9ca4-4559-b23a-03fd19d2faa1",
"value": "6500190bf8253c015700eb071416cbe33a1c8f3b84aeb28b7118a6abe96005e3"
},
{
"category": "Payload delivery",
"comment": "Anchor DNS variant",
"deleted": false,
"disable_correlation": false,
"timestamp": "1575993421",
"to_ids": true,
"type": "sha256",
"uuid": "5defc04d-2934-4c99-a39f-03fd19d2faa1",
"value": "6b1759936993f02df80b330d11c1b12accd53a80b6207cd1defc555e6e4bf57c"
},
{
"category": "Payload delivery",
"comment": "Anchor DNS variant",
"deleted": false,
"disable_correlation": false,
"timestamp": "1575993546",
"to_ids": true,
"type": "sha256",
"uuid": "5defc0ca-4190-4543-9d3a-040819d2faa1",
"value": "e49e6f0b194ff7c83ec02b3c2efc9e746a4b2ba74607a4aad8fbdcdc66baa8dc"
},
{
"category": "Payload installation",
"comment": "Anchor DNS variant",
"deleted": false,
"disable_correlation": false,
"timestamp": "1575994405",
"to_ids": true,
"type": "sha256",
"uuid": "5defc425-9808-4e88-a170-74d168f8e8cf",
"value": "b02494ffc1dab60510e6caee3c54695e24408e5bfa6621adcd19301cfc18e329"
},
{
"category": "Payload installation",
"comment": "Anchor DNS variant",
"deleted": false,
"disable_correlation": false,
"timestamp": "1575994405",
"to_ids": true,
"type": "sha256",
"uuid": "5defc425-8690-4042-9e2d-74d168f8e8cf",
"value": "c6d466600371ced9d962594474a4b8b0ccff19adc59dbd2027c10d930afbe282"
},
{
"category": "External analysis",
"comment": "",
"deleted": false,
"disable_correlation": false,
"timestamp": "1575996337",
"to_ids": false,
"type": "link",
"uuid": "5defcbb1-1128-4567-a936-ab51950d210f",
"value": "https://github.com/SentineLabs/TrickBot-Anchor/blob/master/2019-12-10-trickbot-anchor-blog.vk.misp.json"
}
],
"Object": [
{
"comment": "",
"deleted": false,
"description": "File object describing a file with meta-information",
"meta-category": "file",
"name": "file",
"template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215",
"template_version": "17",
"timestamp": "1575996301",
"uuid": "d0cb4e83-d39b-4be9-bf27-865cf449ee58",
"ObjectReference": [
{
"comment": "",
"object_uuid": "d0cb4e83-d39b-4be9-bf27-865cf449ee58",
"referenced_uuid": "8d59f261-04a2-4b38-9fe0-a1ed372ae412",
"relationship_type": "analysed-with",
"timestamp": "1621850506",
"uuid": "5defcb91-3b30-4ef9-a592-ab51950d210f"
}
],
"Attribute": [
{
"category": "Payload installation",
"comment": "Anchor DNS variant",
"deleted": false,
"disable_correlation": false,
"object_relation": "md5",
"timestamp": "1575994405",
"to_ids": true,
"type": "md5",
"uuid": "29f3b78b-3c77-42b3-b563-6fd0ac1e256f",
"value": "ae48b4d1d0da879512b495ec1f80cf67"
},
{
"category": "Payload installation",
"comment": "Anchor DNS variant",
"deleted": false,
"disable_correlation": false,
"object_relation": "sha1",
"timestamp": "1575994405",
"to_ids": true,
"type": "sha1",
"uuid": "a811f4ee-e88a-44fe-8a80-d36401f1ed22",
"value": "b388243bf5899c99091ac2df13339f141659bbd4"
},
{
"category": "Payload installation",
"comment": "Anchor DNS variant",
"deleted": false,
"disable_correlation": false,
"object_relation": "sha256",
"timestamp": "1575994405",
"to_ids": true,
"type": "sha256",
"uuid": "aecad7b4-251e-4b68-aa8c-898c0194e583",
"value": "b02494ffc1dab60510e6caee3c54695e24408e5bfa6621adcd19301cfc18e329"
}
]
},
{
"comment": "",
"deleted": false,
"description": "VirusTotal report",
"meta-category": "misc",
"name": "virustotal-report",
"template_uuid": "d7dd0154-e04f-4c34-a2fb-79f3a3a52aa4",
"template_version": "2",
"timestamp": "1575996301",
"uuid": "8d59f261-04a2-4b38-9fe0-a1ed372ae412",
"Attribute": [
{
"category": "Other",
"comment": "Anchor DNS variant",
"deleted": false,
"disable_correlation": false,
"object_relation": "last-submission",
"timestamp": "1575994405",
"to_ids": false,
"type": "datetime",
"uuid": "31d66a22-e70d-43e4-af6f-ac9ca2856207",
"value": "2019-10-15T18:47:28"
},
{
"category": "External analysis",
"comment": "Anchor DNS variant",
"deleted": false,
"disable_correlation": false,
"object_relation": "permalink",
"timestamp": "1575994405",
"to_ids": false,
"type": "link",
"uuid": "81544988-2b02-4a5d-a8be-4519393f64d7",
"value": "https://www.virustotal.com/file/b02494ffc1dab60510e6caee3c54695e24408e5bfa6621adcd19301cfc18e329/analysis/1571165248/"
},
{
"category": "Payload installation",
"comment": "Anchor DNS variant",
"deleted": false,
"disable_correlation": true,
"object_relation": "detection-ratio",
"timestamp": "1575994405",
"to_ids": false,
"type": "text",
"uuid": "7b2c1ba8-7583-488b-88e2-b5336e3ea744",
"value": "53/70"
}
]
},
{
"comment": "",
"deleted": false,
"description": "File object describing a file with meta-information",
"meta-category": "file",
"name": "file",
"template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215",
"template_version": "17",
"timestamp": "1575996302",
"uuid": "59697923-f806-485e-92e4-5c80f254cda0",
"ObjectReference": [
{
"comment": "",
"object_uuid": "59697923-f806-485e-92e4-5c80f254cda0",
"referenced_uuid": "a52de72c-ff08-4e4b-9557-989baeb96fa2",
"relationship_type": "analysed-with",
"timestamp": "1621850506",
"uuid": "5defcb91-5664-4580-900a-ab51950d210f"
}
],
"Attribute": [
{
"category": "Payload delivery",
"comment": "Memscraper payload",
"deleted": false,
"disable_correlation": false,
"object_relation": "md5",
"timestamp": "1575993421",
"to_ids": true,
"type": "md5",
"uuid": "fbe8dfe9-e615-41f8-8043-a1e5c6493962",
"value": "8ae6cd70b4acf2b17b3b678eb741344e"
},
{
"category": "Payload delivery",
"comment": "Memscraper payload",
"deleted": false,
"disable_correlation": false,
"object_relation": "sha1",
"timestamp": "1575993421",
"to_ids": true,
"type": "sha1",
"uuid": "a90c236d-5414-4c8d-8e02-7c242cf61e2c",
"value": "299d63fef8274c51325a6f7b3e2bb7578c978d19"
},
{
"category": "Payload delivery",
"comment": "Memscraper payload",
"deleted": false,
"disable_correlation": false,
"object_relation": "sha256",
"timestamp": "1575993421",
"to_ids": true,
"type": "sha256",
"uuid": "b4b1fbda-be3b-4147-9d70-7da18415b977",
"value": "d584e868f867c6251e115b7909559da784f25b778192c6a24e49685f80257e4d"
}
]
},
{
"comment": "",
"deleted": false,
"description": "VirusTotal report",
"meta-category": "misc",
"name": "virustotal-report",
"template_uuid": "d7dd0154-e04f-4c34-a2fb-79f3a3a52aa4",
"template_version": "2",
"timestamp": "1575996302",
"uuid": "a52de72c-ff08-4e4b-9557-989baeb96fa2",
"Attribute": [
{
"category": "Other",
"comment": "Memscraper payload",
"deleted": false,
"disable_correlation": false,
"object_relation": "last-submission",
"timestamp": "1575993421",
"to_ids": false,
"type": "datetime",
"uuid": "c31388c5-410e-456c-93d8-bd92a56c94a0",
"value": "2018-09-13T09:37:29"
},
{
"category": "Payload delivery",
"comment": "Memscraper payload",
"deleted": false,
"disable_correlation": false,
"object_relation": "permalink",
"timestamp": "1575993421",
"to_ids": false,
"type": "link",
"uuid": "830a634d-51b7-42e1-af5b-6d05b45f13c2",
"value": "https://www.virustotal.com/file/d584e868f867c6251e115b7909559da784f25b778192c6a24e49685f80257e4d/analysis/1536831449/"
},
{
"category": "Payload delivery",
"comment": "Memscraper payload",
"deleted": false,
"disable_correlation": true,
"object_relation": "detection-ratio",
"timestamp": "1575993421",
"to_ids": false,
"type": "text",
"uuid": "9ea82fdf-c020-439f-bfc4-78f4222b43d1",
"value": "1/68"
}
]
},
{
"comment": "",
"deleted": false,
"description": "File object describing a file with meta-information",
"meta-category": "file",
"name": "file",
"template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215",
"template_version": "17",
"timestamp": "1575996302",
"uuid": "3c20a8d5-ca69-433e-aef1-2a352ccf3221",
"ObjectReference": [
{
"comment": "",
"object_uuid": "3c20a8d5-ca69-433e-aef1-2a352ccf3221",
"referenced_uuid": "d7e9e070-4a02-42c2-b6bc-a91da8b91667",
"relationship_type": "analysed-with",
"timestamp": "1621850506",
"uuid": "5defcb91-d9e4-43e8-9bb5-ab51950d210f"
}
],
"Attribute": [
{
"category": "Payload delivery",
"comment": "Memscraper payload",
"deleted": false,
"disable_correlation": false,
"object_relation": "md5",
"timestamp": "1575993421",
"to_ids": true,
"type": "md5",
"uuid": "481bf5e9-7275-49e9-b085-892f7b1f5f96",
"value": "9998b8cf8f204cadb9a855f42af0ddc5"
},
{
"category": "Payload delivery",
"comment": "Memscraper payload",
"deleted": false,
"disable_correlation": false,
"object_relation": "sha1",
"timestamp": "1575993421",
"to_ids": true,
"type": "sha1",
"uuid": "bafc3daa-38af-4f62-a5d2-a98ef781c380",
"value": "314967cc074e31b448d42ca15ab43fff27d716c7"
},
{
"category": "Payload delivery",
"comment": "Memscraper payload",
"deleted": false,
"disable_correlation": false,
"object_relation": "sha256",
"timestamp": "1575993421",
"to_ids": true,
"type": "sha256",
"uuid": "cd1a76ef-08a5-4382-97ee-d326dfb37a9c",
"value": "e54a267e788cc076c870eba0ff16920f9cb49207a034a8b6bfd92abc5a5f7434"
}
]
},
{
"comment": "",
"deleted": false,
"description": "VirusTotal report",
"meta-category": "misc",
"name": "virustotal-report",
"template_uuid": "d7dd0154-e04f-4c34-a2fb-79f3a3a52aa4",
"template_version": "2",
"timestamp": "1575996303",
"uuid": "d7e9e070-4a02-42c2-b6bc-a91da8b91667",
"Attribute": [
{
"category": "Other",
"comment": "Memscraper payload",
"deleted": false,
"disable_correlation": false,
"object_relation": "last-submission",
"timestamp": "1575993421",
"to_ids": false,
"type": "datetime",
"uuid": "290a435a-597a-493f-8687-33fd7883999d",
"value": "2018-08-15T14:40:18"
},
{
"category": "Payload delivery",
"comment": "Memscraper payload",
"deleted": false,
"disable_correlation": false,
"object_relation": "permalink",
"timestamp": "1575993421",
"to_ids": false,
"type": "link",
"uuid": "5b3ac3e7-faa0-4a8a-ae01-ecfc3717229a",
"value": "https://www.virustotal.com/file/e54a267e788cc076c870eba0ff16920f9cb49207a034a8b6bfd92abc5a5f7434/analysis/1534344018/"
},
{
"category": "Payload delivery",
"comment": "Memscraper payload",
"deleted": false,
"disable_correlation": true,
"object_relation": "detection-ratio",
"timestamp": "1575993421",
"to_ids": false,
"type": "text",
"uuid": "5aba37ab-b2fb-4754-918f-c1039daa36b4",
"value": "4/68"
}
]
},
{
"comment": "",
"deleted": false,
"description": "File object describing a file with meta-information",
"meta-category": "file",
"name": "file",
"template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215",
"template_version": "17",
"timestamp": "1575996303",
"uuid": "d2357103-d172-43df-9bef-4c018472adca",
"ObjectReference": [
{
"comment": "",
"object_uuid": "d2357103-d172-43df-9bef-4c018472adca",
"referenced_uuid": "9fe3729a-9873-4b8c-8e4d-34564bf95f06",
"relationship_type": "analysed-with",
"timestamp": "1621850506",
"uuid": "5defcb91-3af8-4839-a9fa-ab51950d210f"
}
],
"Attribute": [
{
"category": "Payload delivery",
"comment": "Memscraper DNS variant",
"deleted": false,
"disable_correlation": false,
"object_relation": "md5",
"timestamp": "1575993421",
"to_ids": true,
"type": "md5",
"uuid": "9b606f5c-e571-4266-ba7a-aee2a20ba3a5",
"value": "737346c9511b32f1b6f878667785dc32"
},
{
"category": "Payload delivery",
"comment": "Memscraper DNS variant",
"deleted": false,
"disable_correlation": false,
"object_relation": "sha1",
"timestamp": "1575993421",
"to_ids": true,
"type": "sha1",
"uuid": "161774ff-7973-4c96-96ca-c93b9f1bb55f",
"value": "945852060bea021b20855f4cd913951f5b1b14c9"
},
{
"category": "Payload delivery",
"comment": "Memscraper DNS variant",
"deleted": false,
"disable_correlation": false,
"object_relation": "sha256",
"timestamp": "1575993421",
"to_ids": true,
"type": "sha256",
"uuid": "cc71b25e-05db-49d7-9ca9-822b01e9a642",
"value": "354936f4265a5e870374a3fe9378cf9a3e7dd45ee4626b971d6b7b0837f4f181"
}
]
},
{
"comment": "",
"deleted": false,
"description": "VirusTotal report",
"meta-category": "misc",
"name": "virustotal-report",
"template_uuid": "d7dd0154-e04f-4c34-a2fb-79f3a3a52aa4",
"template_version": "2",
"timestamp": "1575996303",
"uuid": "9fe3729a-9873-4b8c-8e4d-34564bf95f06",
"Attribute": [
{
"category": "Other",
"comment": "Memscraper DNS variant",
"deleted": false,
"disable_correlation": false,
"object_relation": "last-submission",
"timestamp": "1575993421",
"to_ids": false,
"type": "datetime",
"uuid": "c414d184-c756-40a7-8525-e99b49a6b3e8",
"value": "2019-03-11T09:23:25"
},
{
"category": "Payload delivery",
"comment": "Memscraper DNS variant",
"deleted": false,
"disable_correlation": false,
"object_relation": "permalink",
"timestamp": "1575993421",
"to_ids": false,
"type": "link",
"uuid": "dc5736ac-4bba-484e-8a61-e0c14ebd6245",
"value": "https://www.virustotal.com/file/354936f4265a5e870374a3fe9378cf9a3e7dd45ee4626b971d6b7b0837f4f181/analysis/1552296205/"
},
{
"category": "Payload delivery",
"comment": "Memscraper DNS variant",
"deleted": false,
"disable_correlation": true,
"object_relation": "detection-ratio",
"timestamp": "1575993421",
"to_ids": false,
"type": "text",
"uuid": "add6615e-45c7-448d-a62c-ee332c0d374b",
"value": "3/68"
}
]
},
{
"comment": "",
"deleted": false,
"description": "File object describing a file with meta-information",
"meta-category": "file",
"name": "file",
"template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215",
"template_version": "17",
"timestamp": "1575996303",
"uuid": "f44bb30f-2c90-4d8f-b088-65c56436b223",
"ObjectReference": [
{
"comment": "",
"object_uuid": "f44bb30f-2c90-4d8f-b088-65c56436b223",
"referenced_uuid": "3abbd5dc-13da-4144-9380-e725ca133b00",
"relationship_type": "analysed-with",
"timestamp": "1621850506",
"uuid": "5defcb91-f65c-47c6-8179-ab51950d210f"
}
],
"Attribute": [
{
"category": "Payload delivery",
"comment": "Anchor Bot",
"deleted": false,
"disable_correlation": false,
"object_relation": "md5",
"timestamp": "1575993421",
"to_ids": true,
"type": "md5",
"uuid": "38f18262-17ec-4eed-8e04-7829cf8eb25f",
"value": "488ec17aff5f12732fc3a5c7503e26ba"
},
{
"category": "Payload delivery",
"comment": "Anchor Bot",
"deleted": false,
"disable_correlation": false,
"object_relation": "sha1",
"timestamp": "1575993421",
"to_ids": true,
"type": "sha1",
"uuid": "a325c88d-cddc-4c3e-bbab-2c3523f11462",
"value": "a96fe2efc6a0b661cf30420d13584b4ffbd654fe"
},
{
"category": "Payload delivery",
"comment": "Anchor Bot",
"deleted": false,
"disable_correlation": false,
"object_relation": "sha256",
"timestamp": "1575993421",
"to_ids": true,
"type": "sha256",
"uuid": "73420b7b-5acc-4598-a332-f8e7e2453a3b",
"value": "6500190bf8253c015700eb071416cbe33a1c8f3b84aeb28b7118a6abe96005e3"
}
]
},
{
"comment": "",
"deleted": false,
"description": "VirusTotal report",
"meta-category": "misc",
"name": "virustotal-report",
"template_uuid": "d7dd0154-e04f-4c34-a2fb-79f3a3a52aa4",
"template_version": "2",
"timestamp": "1575996303",
"uuid": "3abbd5dc-13da-4144-9380-e725ca133b00",
"Attribute": [
{
"category": "Other",
"comment": "Anchor Bot",
"deleted": false,
"disable_correlation": false,
"object_relation": "last-submission",
"timestamp": "1575993421",
"to_ids": false,
"type": "datetime",
"uuid": "8dbd1370-04fb-4bea-8359-b34a391270cf",
"value": "2019-10-24T02:09:12"
},
{
"category": "Payload delivery",
"comment": "Anchor Bot",
"deleted": false,
"disable_correlation": false,
"object_relation": "permalink",
"timestamp": "1575993421",
"to_ids": false,
"type": "link",
"uuid": "81502d9d-a6d9-41ce-a263-9f517d5b0e6f",
"value": "https://www.virustotal.com/file/6500190bf8253c015700eb071416cbe33a1c8f3b84aeb28b7118a6abe96005e3/analysis/1571882952/"
},
{
"category": "Payload delivery",
"comment": "Anchor Bot",
"deleted": false,
"disable_correlation": true,
"object_relation": "detection-ratio",
"timestamp": "1575993421",
"to_ids": false,
"type": "text",
"uuid": "43fcfa2f-ead0-48ce-91d6-e17128f78d0b",
"value": "25/71"
}
]
},
{
"comment": "",
"deleted": false,
"description": "File object describing a file with meta-information",
"meta-category": "file",
"name": "file",
"template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215",
"template_version": "17",
"timestamp": "1575996303",
"uuid": "325ddfbb-45e8-4357-a973-bb90f7cfb770",
"ObjectReference": [
{
"comment": "",
"object_uuid": "325ddfbb-45e8-4357-a973-bb90f7cfb770",
"referenced_uuid": "ba638838-9beb-4f15-99b9-2c65b2e5ae49",
"relationship_type": "analysed-with",
"timestamp": "1621850506",
"uuid": "5defcb91-41f4-44ff-8b44-ab51950d210f"
}
],
"Attribute": [
{
"category": "Payload delivery",
"comment": "Anchor DNS variant",
"deleted": false,
"disable_correlation": false,
"object_relation": "md5",
"timestamp": "1575993546",
"to_ids": true,
"type": "md5",
"uuid": "74eae1f8-6cb4-47b3-a9c5-24d18e57a87f",
"value": "ad4e7904c241bb64955bd066806b25a8"
},
{
"category": "Payload delivery",
"comment": "Anchor DNS variant",
"deleted": false,
"disable_correlation": false,
"object_relation": "sha1",
"timestamp": "1575993546",
"to_ids": true,
"type": "sha1",
"uuid": "26ae29f5-1719-4b8b-a6e0-66bde91cfc84",
"value": "33c9a73ec1150f0b55903537e79e11413954e58f"
},
{
"category": "Payload delivery",
"comment": "Anchor DNS variant",
"deleted": false,
"disable_correlation": false,
"object_relation": "sha256",
"timestamp": "1575993546",
"to_ids": true,
"type": "sha256",
"uuid": "b2b1d30d-7a78-4e9b-9052-3337c43e1ca0",
"value": "e49e6f0b194ff7c83ec02b3c2efc9e746a4b2ba74607a4aad8fbdcdc66baa8dc"
}
]
},
{
"comment": "",
"deleted": false,
"description": "VirusTotal report",
"meta-category": "misc",
"name": "virustotal-report",
"template_uuid": "d7dd0154-e04f-4c34-a2fb-79f3a3a52aa4",
"template_version": "2",
"timestamp": "1575996303",
"uuid": "ba638838-9beb-4f15-99b9-2c65b2e5ae49",
"Attribute": [
{
"category": "Other",
"comment": "Anchor DNS variant",
"deleted": false,
"disable_correlation": false,
"object_relation": "last-submission",
"timestamp": "1575993546",
"to_ids": false,
"type": "datetime",
"uuid": "db9fe6d4-d514-4964-a57b-b0501ff0a308",
"value": "2019-10-15T19:32:52"
},
{
"category": "Payload delivery",
"comment": "Anchor DNS variant",
"deleted": false,
"disable_correlation": false,
"object_relation": "permalink",
"timestamp": "1575993546",
"to_ids": false,
"type": "link",
"uuid": "e407382e-ed51-4a60-9be0-319f391d78ae",
"value": "https://www.virustotal.com/file/e49e6f0b194ff7c83ec02b3c2efc9e746a4b2ba74607a4aad8fbdcdc66baa8dc/analysis/1571167972/"
},
{
"category": "Payload delivery",
"comment": "Anchor DNS variant",
"deleted": false,
"disable_correlation": true,
"object_relation": "detection-ratio",
"timestamp": "1575993546",
"to_ids": false,
"type": "text",
"uuid": "9adbfe67-fec1-494c-b00c-14dde0e50dd7",
"value": "26/69"
}
]
},
{
"comment": "",
"deleted": false,
"description": "File object describing a file with meta-information",
"meta-category": "file",
"name": "file",
"template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215",
"template_version": "17",
"timestamp": "1575996304",
"uuid": "7ac12301-9e22-4429-9236-127671f59fe3",
"ObjectReference": [
{
"comment": "",
"object_uuid": "7ac12301-9e22-4429-9236-127671f59fe3",
"referenced_uuid": "8d2aeb0f-bff6-443e-a008-49d67bae2c25",
"relationship_type": "analysed-with",
"timestamp": "1621850506",
"uuid": "5defcb91-53a0-41be-a2dc-ab51950d210f"
}
],
"Attribute": [
{
"category": "Payload installation",
"comment": "Anchor DNS variant",
"deleted": false,
"disable_correlation": false,
"object_relation": "md5",
"timestamp": "1575994405",
"to_ids": true,
"type": "md5",
"uuid": "94c37e84-ff20-4726-86c4-5b0e066a2885",
"value": "7dd84d1e59e01f4409e5239bae78ae23"
},
{
"category": "Payload installation",
"comment": "Anchor DNS variant",
"deleted": false,
"disable_correlation": false,
"object_relation": "sha1",
"timestamp": "1575994405",
"to_ids": true,
"type": "sha1",
"uuid": "c322af11-bb5c-44af-99de-3511bed55641",
"value": "8b185b88519206b883554613a8660cd73dc8fff5"
},
{
"category": "Payload installation",
"comment": "Anchor DNS variant",
"deleted": false,
"disable_correlation": false,
"object_relation": "sha256",
"timestamp": "1575994405",
"to_ids": true,
"type": "sha256",
"uuid": "ec6a1e74-6a3f-4aea-b2a4-a33cc86e6018",
"value": "c6d466600371ced9d962594474a4b8b0ccff19adc59dbd2027c10d930afbe282"
}
]
},
{
"comment": "",
"deleted": false,
"description": "VirusTotal report",
"meta-category": "misc",
"name": "virustotal-report",
"template_uuid": "d7dd0154-e04f-4c34-a2fb-79f3a3a52aa4",
"template_version": "2",
"timestamp": "1575996304",
"uuid": "8d2aeb0f-bff6-443e-a008-49d67bae2c25",
"Attribute": [
{
"category": "Other",
"comment": "Anchor DNS variant",
"deleted": false,
"disable_correlation": false,
"object_relation": "last-submission",
"timestamp": "1575994405",
"to_ids": false,
"type": "datetime",
"uuid": "cc973c30-1507-49b1-b692-4296a905d10b",
"value": "2019-12-04T19:54:22"
},
{
"category": "External analysis",
"comment": "Anchor DNS variant",
"deleted": false,
"disable_correlation": false,
"object_relation": "permalink",
"timestamp": "1575994405",
"to_ids": false,
"type": "link",
"uuid": "29b23c8e-9a19-4020-942f-731201eafaee",
"value": "https://www.virustotal.com/file/c6d466600371ced9d962594474a4b8b0ccff19adc59dbd2027c10d930afbe282/analysis/1575489262/"
},
{
"category": "Payload installation",
"comment": "Anchor DNS variant",
"deleted": false,
"disable_correlation": true,
"object_relation": "detection-ratio",
"timestamp": "1575994405",
"to_ids": false,
"type": "text",
"uuid": "f2d5079e-02d4-440a-8f87-0712e3788c81",
"value": "37/71"
}
]
},
{
"comment": "",
"deleted": false,
"description": "File object describing a file with meta-information",
"meta-category": "file",
"name": "file",
"template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215",
"template_version": "17",
"timestamp": "1575996304",
"uuid": "45d92c99-a5a1-45f2-85d9-01a8c2a0b12a",
"ObjectReference": [
{
"comment": "",
"object_uuid": "45d92c99-a5a1-45f2-85d9-01a8c2a0b12a",
"referenced_uuid": "46194cae-7b60-4c07-8074-213e6dac9195",
"relationship_type": "analysed-with",
"timestamp": "1621850506",
"uuid": "5defcb92-a094-4c1d-b941-ab51950d210f"
}
],
"Attribute": [
{
"category": "Payload delivery",
"comment": "Anchor Deinstaller",
"deleted": false,
"disable_correlation": false,
"object_relation": "md5",
"timestamp": "1575993421",
"to_ids": true,
"type": "md5",
"uuid": "1ca9b36c-1253-4c98-b37c-3452343a48df",
"value": "b9b5f5039c19f15ca610baa095642f8a"
},
{
"category": "Payload delivery",
"comment": "Anchor Deinstaller",
"deleted": false,
"disable_correlation": false,
"object_relation": "sha1",
"timestamp": "1575993421",
"to_ids": true,
"type": "sha1",
"uuid": "019ed3ad-10ad-4094-81df-446b212c3856",
"value": "6464f52a47c362195a219bd5cf529338bf29a5c9"
},
{
"category": "Payload delivery",
"comment": "Anchor Deinstaller",
"deleted": false,
"disable_correlation": false,
"object_relation": "sha256",
"timestamp": "1575993421",
"to_ids": true,
"type": "sha256",
"uuid": "6bd2ca87-df2d-4b9a-8ce5-c0df99fce505",
"value": "b288c3b3f5886b1cd7b6600df2b8046f2c0fd17360fb188ecfbcc8f6b7e552a5"
}
]
},
{
"comment": "",
"deleted": false,
"description": "VirusTotal report",
"meta-category": "misc",
"name": "virustotal-report",
"template_uuid": "d7dd0154-e04f-4c34-a2fb-79f3a3a52aa4",
"template_version": "2",
"timestamp": "1575996304",
"uuid": "46194cae-7b60-4c07-8074-213e6dac9195",
"Attribute": [
{
"category": "Other",
"comment": "Anchor Deinstaller",
"deleted": false,
"disable_correlation": false,
"object_relation": "last-submission",
"timestamp": "1575993421",
"to_ids": false,
"type": "datetime",
"uuid": "83380f01-b9ea-4fa8-8a19-dd471362abbc",
"value": "2019-08-16T13:42:12"
},
{
"category": "Payload delivery",
"comment": "Anchor Deinstaller",
"deleted": false,
"disable_correlation": false,
"object_relation": "permalink",
"timestamp": "1575993421",
"to_ids": false,
"type": "link",
"uuid": "74f02707-1c5f-4f1f-88a2-0dc51cf65d12",
"value": "https://www.virustotal.com/file/b288c3b3f5886b1cd7b6600df2b8046f2c0fd17360fb188ecfbcc8f6b7e552a5/analysis/1565962932/"
},
{
"category": "Payload delivery",
"comment": "Anchor Deinstaller",
"deleted": false,
"disable_correlation": true,
"object_relation": "detection-ratio",
"timestamp": "1575993421",
"to_ids": false,
"type": "text",
"uuid": "69130a7e-3ad9-4d85-9bd2-b37d51016fd4",
"value": "46/67"
}
]
},
{
"comment": "",
"deleted": false,
"description": "File object describing a file with meta-information",
"meta-category": "file",
"name": "file",
"template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215",
"template_version": "17",
"timestamp": "1575996304",
"uuid": "7d3ddce8-bd13-42f3-b6d6-2698e9abc59d",
"ObjectReference": [
{
"comment": "",
"object_uuid": "7d3ddce8-bd13-42f3-b6d6-2698e9abc59d",
"referenced_uuid": "4e9f91a3-50c9-4881-ae9a-dcc491ad9ac0",
"relationship_type": "analysed-with",
"timestamp": "1621850506",
"uuid": "5defcb93-803c-4083-a0ad-ab51950d210f"
}
],
"Attribute": [
{
"category": "Payload delivery",
"comment": "Anchor DNS variant",
"deleted": false,
"disable_correlation": false,
"object_relation": "md5",
"timestamp": "1575993421",
"to_ids": true,
"type": "md5",
"uuid": "9ad160e6-1a34-4a22-8229-69ff8a8494ec",
"value": "b21646d0e17312079f3e509d5e5a7830"
},
{
"category": "Payload delivery",
"comment": "Anchor DNS variant",
"deleted": false,
"disable_correlation": false,
"object_relation": "sha1",
"timestamp": "1575993421",
"to_ids": true,
"type": "sha1",
"uuid": "6621a06e-ff32-4757-ae3f-d093e7286041",
"value": "8beef55eee4608afe013741033f060c8f47804b5"
},
{
"category": "Payload delivery",
"comment": "Anchor DNS variant",
"deleted": false,
"disable_correlation": false,
"object_relation": "sha256",
"timestamp": "1575993421",
"to_ids": true,
"type": "sha256",
"uuid": "e97b98c3-c118-41f6-a3b1-499e501b5fb2",
"value": "6b1759936993f02df80b330d11c1b12accd53a80b6207cd1defc555e6e4bf57c"
}
]
},
{
"comment": "",
"deleted": false,
"description": "VirusTotal report",
"meta-category": "misc",
"name": "virustotal-report",
"template_uuid": "d7dd0154-e04f-4c34-a2fb-79f3a3a52aa4",
"template_version": "2",
"timestamp": "1575996304",
"uuid": "4e9f91a3-50c9-4881-ae9a-dcc491ad9ac0",
"Attribute": [
{
"category": "Other",
"comment": "Anchor DNS variant",
"deleted": false,
"disable_correlation": false,
"object_relation": "last-submission",
"timestamp": "1575993421",
"to_ids": false,
"type": "datetime",
"uuid": "d6009263-d189-4690-bf00-6a13b5c8bfb9",
"value": "2019-11-27T02:02:59"
},
{
"category": "Payload delivery",
"comment": "Anchor DNS variant",
"deleted": false,
"disable_correlation": false,
"object_relation": "permalink",
"timestamp": "1575993421",
"to_ids": false,
"type": "link",
"uuid": "7fe80e07-3bfa-4a4e-8632-51edb7f824af",
"value": "https://www.virustotal.com/file/6b1759936993f02df80b330d11c1b12accd53a80b6207cd1defc555e6e4bf57c/analysis/1574820179/"
},
{
"category": "Payload delivery",
"comment": "Anchor DNS variant",
"deleted": false,
"disable_correlation": true,
"object_relation": "detection-ratio",
"timestamp": "1575993421",
"to_ids": false,
"type": "text",
"uuid": "4b8324b6-c59c-4dd0-9ff8-b119d25bc766",
"value": "28/68"
}
]
},
{
"comment": "",
"deleted": false,
"description": "File object describing a file with meta-information",
"meta-category": "file",
"name": "file",
"template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215",
"template_version": "17",
"timestamp": "1575996305",
"uuid": "c00e9e68-c6f6-4f46-b65d-cf2409b16c92",
"ObjectReference": [
{
"comment": "",
"object_uuid": "c00e9e68-c6f6-4f46-b65d-cf2409b16c92",
"referenced_uuid": "c261cdfa-356e-4cbb-8b09-fd82a644e2a2",
"relationship_type": "analysed-with",
"timestamp": "1621850506",
"uuid": "5defcb93-5a6c-417b-a18d-ab51950d210f"
}
],
"Attribute": [
{
"category": "Payload delivery",
"comment": "Memscraper DNS variant",
"deleted": false,
"disable_correlation": false,
"object_relation": "md5",
"timestamp": "1575993421",
"to_ids": true,
"type": "md5",
"uuid": "d5fd7a4d-fb06-421a-b28c-05f0fb8be2fa",
"value": "3045fb2685124532f28829e07d2d07fb"
},
{
"category": "Payload delivery",
"comment": "Memscraper DNS variant",
"deleted": false,
"disable_correlation": false,
"object_relation": "sha1",
"timestamp": "1575993421",
"to_ids": true,
"type": "sha1",
"uuid": "3b822cf3-3948-4d6d-9daa-7039f0fed8c7",
"value": "b437667e8f3e6b2676cb4c4d7f05435fbc2ba168"
},
{
"category": "Payload delivery",
"comment": "Memscraper DNS variant",
"deleted": false,
"disable_correlation": false,
"object_relation": "sha256",
"timestamp": "1575993421",
"to_ids": true,
"type": "sha256",
"uuid": "07604f7a-c488-4df7-9c9d-03d5d1dd1c1a",
"value": "54257aa2394ef87dd510da00e0583b670f3eb43e2eef86be4db69c3432e99abd"
}
]
},
{
"comment": "",
"deleted": false,
"description": "VirusTotal report",
"meta-category": "misc",
"name": "virustotal-report",
"template_uuid": "d7dd0154-e04f-4c34-a2fb-79f3a3a52aa4",
"template_version": "2",
"timestamp": "1575996305",
"uuid": "c261cdfa-356e-4cbb-8b09-fd82a644e2a2",
"Attribute": [
{
"category": "Other",
"comment": "Memscraper DNS variant",
"deleted": false,
"disable_correlation": false,
"object_relation": "last-submission",
"timestamp": "1575993421",
"to_ids": false,
"type": "datetime",
"uuid": "ec9b20a9-4286-4421-91dd-9046797d55af",
"value": "2019-04-09T16:34:27"
},
{
"category": "Payload delivery",
"comment": "Memscraper DNS variant",
"deleted": false,
"disable_correlation": false,
"object_relation": "permalink",
"timestamp": "1575993421",
"to_ids": false,
"type": "link",
"uuid": "c4360cc4-1826-4682-849f-29b193e44d51",
"value": "https://www.virustotal.com/file/54257aa2394ef87dd510da00e0583b670f3eb43e2eef86be4db69c3432e99abd/analysis/1554827667/"
},
{
"category": "Payload delivery",
"comment": "Memscraper DNS variant",
"deleted": false,
"disable_correlation": true,
"object_relation": "detection-ratio",
"timestamp": "1575993421",
"to_ids": false,
"type": "text",
"uuid": "30f6b412-8f65-4aba-b678-9e7228eaeb2d",
"value": "4/66"
}
]
}
]
}
}
Reference in a new issue View git blame Copy permalink