2440 lines
No EOL
84 KiB
JSON
2440 lines
No EOL
84 KiB
JSON
{
|
|
"Event": {
|
|
"analysis": "0",
|
|
"date": "2022-04-19",
|
|
"extends_uuid": "",
|
|
"info": "TraderTraitor: North Korean State-Sponsored APT Targets Blockchain Companies",
|
|
"publish_timestamp": "1650976930",
|
|
"published": true,
|
|
"threat_level_id": "1",
|
|
"timestamp": "1650976901",
|
|
"uuid": "c65578dd-3d7d-4a1a-bc30-7d12af38a59a",
|
|
"Orgc": {
|
|
"name": "CIRCL",
|
|
"uuid": "55f6ea5e-2c60-40e5-964f-47a8950d210f"
|
|
},
|
|
"Tag": [
|
|
{
|
|
"colour": "#ffffff",
|
|
"local": false,
|
|
"name": "tlp:white",
|
|
"relationship_type": ""
|
|
},
|
|
{
|
|
"colour": "#0088cc",
|
|
"local": false,
|
|
"name": "misp-galaxy:mitre-enterprise-attack-intrusion-set=\"Lazarus Group - G0032\"",
|
|
"relationship_type": ""
|
|
},
|
|
{
|
|
"colour": "#0088cc",
|
|
"local": false,
|
|
"name": "misp-galaxy:mitre-intrusion-set=\"Lazarus Group - G0032\"",
|
|
"relationship_type": ""
|
|
},
|
|
{
|
|
"colour": "#13eb00",
|
|
"local": false,
|
|
"name": "misp-galaxy:threat-actor=\"Lazarus Group\"",
|
|
"relationship_type": ""
|
|
},
|
|
{
|
|
"colour": "#004646",
|
|
"local": false,
|
|
"name": "type:OSINT",
|
|
"relationship_type": ""
|
|
},
|
|
{
|
|
"colour": "#0071c3",
|
|
"local": false,
|
|
"name": "osint:lifetime=\"perpetual\"",
|
|
"relationship_type": ""
|
|
},
|
|
{
|
|
"colour": "#0087e8",
|
|
"local": false,
|
|
"name": "osint:certainty=\"50\"",
|
|
"relationship_type": ""
|
|
}
|
|
],
|
|
"Attribute": [
|
|
{
|
|
"category": "Network activity",
|
|
"comment": "C2 Endpoints",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"timestamp": "1650868950",
|
|
"to_ids": true,
|
|
"type": "url",
|
|
"uuid": "bef467b3-a40a-484e-8fac-584f89269376",
|
|
"value": "https://greenvideo.nl/wp\u2010content/themes/top.php"
|
|
},
|
|
{
|
|
"category": "Network activity",
|
|
"comment": "C2 Endpoints",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"timestamp": "1650868925",
|
|
"to_ids": true,
|
|
"type": "url",
|
|
"uuid": "d8c0898f-7080-4e0c-9123-a1367e5768e9",
|
|
"value": "https://dafnefonseca.com/wp\u2010content/themes/top.php"
|
|
},
|
|
{
|
|
"category": "Network activity",
|
|
"comment": "C2 Endpoints",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"timestamp": "1650868938",
|
|
"to_ids": true,
|
|
"type": "url",
|
|
"uuid": "48f87cce-d1ae-4528-b79e-dd4d4af035f8",
|
|
"value": "https://haciendadeclarevot.com/wp\u2010content/top.php"
|
|
},
|
|
{
|
|
"category": "Network activity",
|
|
"comment": "C2 Endpoints",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"timestamp": "1650868884",
|
|
"to_ids": true,
|
|
"type": "url",
|
|
"uuid": "dfba1891-cafd-4e65-814e-4db59c605a60",
|
|
"value": "https://sche\u2010eg.org/plugins/top.php"
|
|
},
|
|
{
|
|
"category": "Network activity",
|
|
"comment": "C2 Endpoints",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"timestamp": "1650868899",
|
|
"to_ids": true,
|
|
"type": "url",
|
|
"uuid": "a4e63ba8-1cbd-4b30-86f9-22b6851302f0",
|
|
"value": "https://www.vinoymas.ch/wp\u2010content/plugins/top.php"
|
|
},
|
|
{
|
|
"category": "Network activity",
|
|
"comment": "C2 Endpoints",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"timestamp": "1650868913",
|
|
"to_ids": true,
|
|
"type": "url",
|
|
"uuid": "a04f7f74-353a-4f19-a2ee-090fbef4f822",
|
|
"value": "https://infodigitalnew.com/wp\u2010content/plugins/top.php"
|
|
},
|
|
{
|
|
"category": "Network activity",
|
|
"comment": "DAFOM purports to be a \u201ccryptocurrency portfolio application.\u201d A Mach-O binary packaged within the Electron application was signed by an Apple digital signature issued for the Apple Developer Team W58CYKFH67. The certificate associated with Apple Developer Team W58CYKFH67 has been revoked. A metadata file packaged in the DAFOM application provided the URL hxxps://github[.]com/dafomdev for bug reports. As of April 2022, this page was unavailable.",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"timestamp": "1650869229",
|
|
"to_ids": true,
|
|
"type": "url",
|
|
"uuid": "9e42ca78-1f94-40b6-b1e3-6ee048876256",
|
|
"value": "https://github.com/dafomdev"
|
|
},
|
|
{
|
|
"category": "Network activity",
|
|
"comment": "",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"timestamp": "1650872510",
|
|
"to_ids": true,
|
|
"type": "url",
|
|
"uuid": "da9de2c1-f2c4-4ede-bd4e-da81f03e6fb0",
|
|
"value": "https://www.esilet.com/update/"
|
|
},
|
|
{
|
|
"category": "Network activity",
|
|
"comment": "",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"timestamp": "1650872649",
|
|
"to_ids": true,
|
|
"type": "url",
|
|
"uuid": "1ddaa545-11cd-49e0-8317-bee3120287c6",
|
|
"value": "https://www.alticgo.com/update/"
|
|
},
|
|
{
|
|
"category": "Network activity",
|
|
"comment": "",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"timestamp": "1650874610",
|
|
"to_ids": true,
|
|
"type": "url",
|
|
"uuid": "6cab3b7e-1447-4726-949f-898c87e7c18b",
|
|
"value": "https://aideck.net/board.php"
|
|
}
|
|
],
|
|
"Object": [
|
|
{
|
|
"comment": "",
|
|
"deleted": false,
|
|
"description": "Metadata used to generate an executive level report",
|
|
"meta-category": "misc",
|
|
"name": "report",
|
|
"template_uuid": "70a68471-df22-4e3f-aa1a-5a3be19f82df",
|
|
"template_version": "5",
|
|
"timestamp": "1650548444",
|
|
"uuid": "9d986458-d101-4d91-ab66-b816e8792399",
|
|
"Attribute": [
|
|
{
|
|
"category": "External analysis",
|
|
"comment": "",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"object_relation": "link",
|
|
"timestamp": "1650548444",
|
|
"to_ids": false,
|
|
"type": "link",
|
|
"uuid": "666d4cda-30fa-4ee7-a590-9929d28cc2e8",
|
|
"value": "https://www.cisa.gov/uscert/ncas/alerts/aa22-108a"
|
|
},
|
|
{
|
|
"category": "Other",
|
|
"comment": "",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"object_relation": "summary",
|
|
"timestamp": "1650548444",
|
|
"to_ids": false,
|
|
"type": "text",
|
|
"uuid": "7cbe8d65-d0da-43e3-9aec-427f2c3559b4",
|
|
"value": "The Federal Bureau of Investigation (FBI), the Cybersecurity and Infrastructure Security Agency (CISA), and the U.S. Treasury Department (Treasury) are issuing this joint Cybersecurity Advisory (CSA) to highlight the cyber threat associated with cryptocurrency thefts and tactics used by a North Korean state-sponsored advanced persistent threat (APT) group since at least 2020. This group is commonly tracked by the cybersecurity industry as Lazarus Group, APT38, BlueNoroff, and Stardust Chollima."
|
|
},
|
|
{
|
|
"category": "Other",
|
|
"comment": "",
|
|
"deleted": false,
|
|
"disable_correlation": true,
|
|
"object_relation": "type",
|
|
"timestamp": "1650548444",
|
|
"to_ids": false,
|
|
"type": "text",
|
|
"uuid": "798eac89-cc08-4216-85e0-fe0d82abfc11",
|
|
"value": "Alert"
|
|
}
|
|
]
|
|
},
|
|
{
|
|
"comment": "",
|
|
"deleted": false,
|
|
"description": "Metadata used to generate an executive level report",
|
|
"meta-category": "misc",
|
|
"name": "report",
|
|
"template_uuid": "70a68471-df22-4e3f-aa1a-5a3be19f82df",
|
|
"template_version": "5",
|
|
"timestamp": "1650548489",
|
|
"uuid": "6cc1e464-ec29-4afe-b1f9-e8138c727897",
|
|
"Attribute": [
|
|
{
|
|
"category": "External analysis",
|
|
"comment": "",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"object_relation": "link",
|
|
"timestamp": "1650548489",
|
|
"to_ids": false,
|
|
"type": "link",
|
|
"uuid": "eeacdb73-959f-4ec3-85c3-c8ef7bf14114",
|
|
"value": "https://www.cisa.gov/uscert/sites/default/files/publications/AA22-108A-TraderTraitor-North_Korea_APT_Targets_Blockchain_Companies.pdf"
|
|
},
|
|
{
|
|
"category": "Other",
|
|
"comment": "",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"object_relation": "summary",
|
|
"timestamp": "1650548489",
|
|
"to_ids": false,
|
|
"type": "text",
|
|
"uuid": "413f0a14-1401-420d-9bba-2eb729a63ccc",
|
|
"value": "The Federal Bureau of Investigation (FBI), the\r\nCybersecurity and Infrastructure Security Agency (CISA),\r\nand the U.S. Treasury Department (Treasury) are issuing\r\nthis joint Cybersecurity Advisory (CSA) to highlight the\r\ncyber threat associated with cryptocurrency thefts and\r\ntactics used by a North Korean state-sponsored advanced\r\npersistent threat (APT) group since at least 2020. This\r\ngroup is commonly tracked by the cybersecurity industry as\r\nLazarus Group, APT38, BlueNoroff, and Stardust Chollima."
|
|
},
|
|
{
|
|
"category": "Other",
|
|
"comment": "",
|
|
"deleted": false,
|
|
"disable_correlation": true,
|
|
"object_relation": "type",
|
|
"timestamp": "1650548489",
|
|
"to_ids": false,
|
|
"type": "text",
|
|
"uuid": "b946fe5e-af1b-4329-b49b-96691c17b66c",
|
|
"value": "Report"
|
|
}
|
|
]
|
|
},
|
|
{
|
|
"comment": "",
|
|
"deleted": false,
|
|
"description": "Whois records information for a domain name or an IP address.",
|
|
"meta-category": "network",
|
|
"name": "whois",
|
|
"template_uuid": "429faea1-34ff-47af-8a00-7c62d3be5a6a",
|
|
"template_version": "10",
|
|
"timestamp": "1650627612",
|
|
"uuid": "41e9d90b-e711-4aa0-9e1c-510b4f855676",
|
|
"Attribute": [
|
|
{
|
|
"category": "Attribution",
|
|
"comment": "",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"object_relation": "registrar",
|
|
"timestamp": "1650627612",
|
|
"to_ids": false,
|
|
"type": "whois-registrar",
|
|
"uuid": "7248dd49-076d-424d-95fb-eea15f059c66",
|
|
"value": "NameCheap, Inc."
|
|
},
|
|
{
|
|
"category": "Other",
|
|
"comment": "",
|
|
"deleted": false,
|
|
"disable_correlation": true,
|
|
"object_relation": "creation-date",
|
|
"timestamp": "1650627612",
|
|
"to_ids": false,
|
|
"type": "datetime",
|
|
"uuid": "e773ff50-8d6f-4d9f-839f-c75f9091a1ab",
|
|
"value": "2022-02-07T00:00:00+00:00"
|
|
},
|
|
{
|
|
"category": "Other",
|
|
"comment": "",
|
|
"deleted": false,
|
|
"disable_correlation": true,
|
|
"object_relation": "expiration-date",
|
|
"timestamp": "1650627612",
|
|
"to_ids": false,
|
|
"type": "datetime",
|
|
"uuid": "c98cd471-756b-4907-af53-5681012f5c8d",
|
|
"value": "2023-02-07T00:00:00+00:00"
|
|
},
|
|
{
|
|
"category": "Network activity",
|
|
"comment": "",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"object_relation": "domain",
|
|
"timestamp": "1650627612",
|
|
"to_ids": true,
|
|
"type": "domain",
|
|
"uuid": "555fff5c-5470-4d90-a74f-88dad35a7c77",
|
|
"value": "dafom.dev"
|
|
},
|
|
{
|
|
"category": "Network activity",
|
|
"comment": "",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"object_relation": "ip-address",
|
|
"timestamp": "1650627612",
|
|
"to_ids": true,
|
|
"type": "ip-src",
|
|
"uuid": "bc0a8097-76a1-47dd-8a6d-543a4b0d9b6c",
|
|
"value": "45.14.227.58"
|
|
}
|
|
]
|
|
},
|
|
{
|
|
"comment": "",
|
|
"deleted": false,
|
|
"description": "File object describing a file with meta-information",
|
|
"meta-category": "file",
|
|
"name": "file",
|
|
"template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215",
|
|
"template_version": "24",
|
|
"timestamp": "1650870701",
|
|
"uuid": "8cd4bdf7-8e71-4050-9e6e-59060698995d",
|
|
"ObjectReference": [
|
|
{
|
|
"comment": "",
|
|
"object_uuid": "8cd4bdf7-8e71-4050-9e6e-59060698995d",
|
|
"referenced_uuid": "466312bb-59e2-4c4a-bfa0-329721097360",
|
|
"relationship_type": "mentions",
|
|
"timestamp": "1650870701",
|
|
"uuid": "45538c66-afc6-43a7-95b9-305fdef9bd71"
|
|
}
|
|
],
|
|
"Attribute": [
|
|
{
|
|
"category": "Other",
|
|
"comment": "",
|
|
"deleted": false,
|
|
"disable_correlation": true,
|
|
"object_relation": "text",
|
|
"timestamp": "1650628202",
|
|
"to_ids": false,
|
|
"type": "text",
|
|
"uuid": "0f03f4cf-6065-48f6-bfc8-859345ae5743",
|
|
"value": "dropper macos"
|
|
},
|
|
{
|
|
"category": "Payload delivery",
|
|
"comment": "",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"object_relation": "sha1",
|
|
"timestamp": "1650628202",
|
|
"to_ids": true,
|
|
"type": "sha1",
|
|
"uuid": "c26dcad6-4c12-4532-9fe7-4b56565ed124",
|
|
"value": "b2d9ca7b6d1bbbe4864ea11dfca343b7e15597d8"
|
|
},
|
|
{
|
|
"category": "Payload delivery",
|
|
"comment": "",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"object_relation": "md5",
|
|
"timestamp": "1650628202",
|
|
"to_ids": true,
|
|
"type": "md5",
|
|
"uuid": "f4e81adb-9650-4fef-9a03-243d5282047c",
|
|
"value": "c2ea5011a91cd59d0396eb4fa8da7d21"
|
|
},
|
|
{
|
|
"category": "Payload delivery",
|
|
"comment": "",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"object_relation": "sha256",
|
|
"timestamp": "1650628202",
|
|
"to_ids": true,
|
|
"type": "sha256",
|
|
"uuid": "17dde831-d2d0-43d4-9518-47eb601080f7",
|
|
"value": "60b3cfe2ec3100caf4afde734cfd5147f78acf58ab17d4480196831db4aa5f18"
|
|
},
|
|
{
|
|
"category": "Payload delivery",
|
|
"comment": "",
|
|
"deleted": false,
|
|
"disable_correlation": true,
|
|
"object_relation": "filename",
|
|
"timestamp": "1650628202",
|
|
"to_ids": true,
|
|
"type": "filename",
|
|
"uuid": "c1c52928-3bab-4adb-a6af-52dbde458551",
|
|
"value": "DAFOM-1.0.0.dmg"
|
|
},
|
|
{
|
|
"category": "Payload delivery",
|
|
"comment": "",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"object_relation": "ssdeep",
|
|
"timestamp": "1650628202",
|
|
"to_ids": true,
|
|
"type": "ssdeep",
|
|
"uuid": "49266e66-d3c1-443f-bc3d-9a25151620fd",
|
|
"value": "1572864:LGLBnolF9kPEiKOabR2QEs1B1/LuUQrbecE6Xwijkca/pzpfaLtIP:LGVnoT9kPZK9tVEwBxWbecR5Faxzpf0M"
|
|
},
|
|
{
|
|
"category": "Other",
|
|
"comment": "",
|
|
"deleted": false,
|
|
"disable_correlation": true,
|
|
"object_relation": "size-in-bytes",
|
|
"timestamp": "1650628202",
|
|
"to_ids": false,
|
|
"type": "size-in-bytes",
|
|
"uuid": "5387bfc5-0768-47e2-a610-a92cc5d5757b",
|
|
"value": "92182575"
|
|
}
|
|
]
|
|
},
|
|
{
|
|
"comment": "",
|
|
"deleted": false,
|
|
"description": "Whois records information for a domain name or an IP address.",
|
|
"meta-category": "network",
|
|
"name": "whois",
|
|
"template_uuid": "429faea1-34ff-47af-8a00-7c62d3be5a6a",
|
|
"template_version": "10",
|
|
"timestamp": "1650631031",
|
|
"uuid": "1b49f54e-f1de-4a1e-adfc-13f0818a5dff",
|
|
"Attribute": [
|
|
{
|
|
"category": "Attribution",
|
|
"comment": "",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"object_relation": "registrar",
|
|
"timestamp": "1650631031",
|
|
"to_ids": false,
|
|
"type": "whois-registrar",
|
|
"uuid": "259206a8-507c-45e4-a3cb-4ee45a100912",
|
|
"value": "NameCheap, Inc."
|
|
},
|
|
{
|
|
"category": "Other",
|
|
"comment": "",
|
|
"deleted": false,
|
|
"disable_correlation": true,
|
|
"object_relation": "creation-date",
|
|
"timestamp": "1650631031",
|
|
"to_ids": false,
|
|
"type": "datetime",
|
|
"uuid": "ccb0c2b0-91eb-4621-b9cf-c973ef955a34",
|
|
"value": "2022-01-27T00:00:00+00:00"
|
|
},
|
|
{
|
|
"category": "Other",
|
|
"comment": "",
|
|
"deleted": false,
|
|
"disable_correlation": true,
|
|
"object_relation": "expiration-date",
|
|
"timestamp": "1650631031",
|
|
"to_ids": false,
|
|
"type": "datetime",
|
|
"uuid": "5179f51b-3d07-4639-bc82-2a6e4e915fbd",
|
|
"value": "2023-01-27T00:00:00+00:00"
|
|
},
|
|
{
|
|
"category": "Network activity",
|
|
"comment": "",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"object_relation": "domain",
|
|
"timestamp": "1650631031",
|
|
"to_ids": true,
|
|
"type": "domain",
|
|
"uuid": "9893fdad-3a79-4c57-94ac-1d4016da4d00",
|
|
"value": "tokenais.com"
|
|
},
|
|
{
|
|
"category": "Network activity",
|
|
"comment": "",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"object_relation": "ip-address",
|
|
"timestamp": "1650631031",
|
|
"to_ids": true,
|
|
"type": "ip-src",
|
|
"uuid": "af0bb875-fa99-4c9e-8a23-25771914f1c0",
|
|
"value": "199.188.103.115"
|
|
}
|
|
]
|
|
},
|
|
{
|
|
"comment": "",
|
|
"deleted": false,
|
|
"description": "File object describing a file with meta-information",
|
|
"meta-category": "file",
|
|
"name": "file",
|
|
"template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215",
|
|
"template_version": "24",
|
|
"timestamp": "1650633767",
|
|
"uuid": "9c16e38d-9ed1-44ea-a0fd-ea38a3bcbc4e",
|
|
"Attribute": [
|
|
{
|
|
"category": "Other",
|
|
"comment": "",
|
|
"deleted": false,
|
|
"disable_correlation": true,
|
|
"object_relation": "text",
|
|
"timestamp": "1650633767",
|
|
"to_ids": false,
|
|
"type": "text",
|
|
"uuid": "57f604c1-f079-4915-b55d-57f674002116",
|
|
"value": "dropper macos"
|
|
},
|
|
{
|
|
"category": "Payload delivery",
|
|
"comment": "",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"object_relation": "sha1",
|
|
"timestamp": "1650633767",
|
|
"to_ids": true,
|
|
"type": "sha1",
|
|
"uuid": "7a2eb6db-b0df-4636-a179-790a925d6d6f",
|
|
"value": "8e67006585e49f51db96604487138e688df732d3"
|
|
},
|
|
{
|
|
"category": "Payload delivery",
|
|
"comment": "",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"object_relation": "md5",
|
|
"timestamp": "1650633767",
|
|
"to_ids": true,
|
|
"type": "md5",
|
|
"uuid": "d32579e5-d9af-4c55-951e-b28de78b65a8",
|
|
"value": "930f6f729e5c4d5fb52189338e549e5e"
|
|
},
|
|
{
|
|
"category": "Payload delivery",
|
|
"comment": "",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"object_relation": "sha256",
|
|
"timestamp": "1650633767",
|
|
"to_ids": true,
|
|
"type": "sha256",
|
|
"uuid": "969b4559-d167-41fa-9983-bd1cab7f930b",
|
|
"value": "5b40b73934c1583144f41d8463e227529fa7157e26e6012babd062e3fd7e0b03"
|
|
},
|
|
{
|
|
"category": "Payload delivery",
|
|
"comment": "",
|
|
"deleted": false,
|
|
"disable_correlation": true,
|
|
"object_relation": "filename",
|
|
"timestamp": "1650633767",
|
|
"to_ids": true,
|
|
"type": "filename",
|
|
"uuid": "9c386db8-5080-49a9-9325-fb47536b8c1b",
|
|
"value": "TokenAIS.app.zip"
|
|
},
|
|
{
|
|
"category": "Payload delivery",
|
|
"comment": "",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"object_relation": "ssdeep",
|
|
"timestamp": "1650633767",
|
|
"to_ids": true,
|
|
"type": "ssdeep",
|
|
"uuid": "f6668eb6-f196-4cb4-9780-7a38eb6e6c2b",
|
|
"value": "3145728:aMFJlKVvw4+zLruAsHrmo5Vvw4+zLruAsHrmob0dC/E:aUlKtw4+/r2HNtw4+/r2HnMCM"
|
|
},
|
|
{
|
|
"category": "Other",
|
|
"comment": "",
|
|
"deleted": false,
|
|
"disable_correlation": true,
|
|
"object_relation": "size-in-bytes",
|
|
"timestamp": "1650633767",
|
|
"to_ids": false,
|
|
"type": "size-in-bytes",
|
|
"uuid": "77c053af-629e-4b34-8953-e562b7c0d57c",
|
|
"value": "123728267"
|
|
}
|
|
]
|
|
},
|
|
{
|
|
"comment": "",
|
|
"deleted": false,
|
|
"description": "Whois records information for a domain name or an IP address.",
|
|
"meta-category": "network",
|
|
"name": "whois",
|
|
"template_uuid": "429faea1-34ff-47af-8a00-7c62d3be5a6a",
|
|
"template_version": "10",
|
|
"timestamp": "1650634148",
|
|
"uuid": "a1066dc5-5c75-4035-acf4-643cd96ea21e",
|
|
"Attribute": [
|
|
{
|
|
"category": "Attribution",
|
|
"comment": "",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"object_relation": "registrar",
|
|
"timestamp": "1650634148",
|
|
"to_ids": false,
|
|
"type": "whois-registrar",
|
|
"uuid": "e5215eae-2308-4a08-959b-30d36c098ab7",
|
|
"value": "NameCheap, Inc."
|
|
},
|
|
{
|
|
"category": "Other",
|
|
"comment": "",
|
|
"deleted": false,
|
|
"disable_correlation": true,
|
|
"object_relation": "creation-date",
|
|
"timestamp": "1650634148",
|
|
"to_ids": false,
|
|
"type": "datetime",
|
|
"uuid": "6f035f4a-c7de-4b95-a3b6-dedc0b6a01c4",
|
|
"value": "2021-08-02T00:00:00+00:00"
|
|
},
|
|
{
|
|
"category": "Other",
|
|
"comment": "",
|
|
"deleted": false,
|
|
"disable_correlation": true,
|
|
"object_relation": "expiration-date",
|
|
"timestamp": "1650634148",
|
|
"to_ids": false,
|
|
"type": "datetime",
|
|
"uuid": "2ff40a31-e72f-47eb-b774-8964a2c86c1b",
|
|
"value": "2022-08-02T00:00:00+00:00"
|
|
},
|
|
{
|
|
"category": "Network activity",
|
|
"comment": "",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"object_relation": "domain",
|
|
"timestamp": "1650634148",
|
|
"to_ids": true,
|
|
"type": "domain",
|
|
"uuid": "de3d03c2-f24d-4153-83e1-9956ef53c646",
|
|
"value": "cryptais.com"
|
|
},
|
|
{
|
|
"category": "Network activity",
|
|
"comment": "",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"object_relation": "ip-address",
|
|
"timestamp": "1650634148",
|
|
"to_ids": true,
|
|
"type": "ip-src",
|
|
"uuid": "50089c9e-9c02-4bc5-a7f3-debe99cd8a3f",
|
|
"value": "82.102.31.14"
|
|
}
|
|
]
|
|
},
|
|
{
|
|
"comment": "",
|
|
"deleted": false,
|
|
"description": "Whois records information for a domain name or an IP address.",
|
|
"meta-category": "network",
|
|
"name": "whois",
|
|
"template_uuid": "429faea1-34ff-47af-8a00-7c62d3be5a6a",
|
|
"template_version": "10",
|
|
"timestamp": "1650634205",
|
|
"uuid": "adfafb8a-eb2c-4bd5-b1d4-bb9cf711342e",
|
|
"Attribute": [
|
|
{
|
|
"category": "Attribution",
|
|
"comment": "",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"object_relation": "registrar",
|
|
"timestamp": "1650634205",
|
|
"to_ids": false,
|
|
"type": "whois-registrar",
|
|
"uuid": "bcbe2fd4-8340-4a00-863f-8cd965346992",
|
|
"value": "NetEarth One Inc."
|
|
},
|
|
{
|
|
"category": "Other",
|
|
"comment": "",
|
|
"deleted": false,
|
|
"disable_correlation": true,
|
|
"object_relation": "creation-date",
|
|
"timestamp": "1650634205",
|
|
"to_ids": false,
|
|
"type": "datetime",
|
|
"uuid": "207b593c-1ec8-407f-915a-6b1cdd459ece",
|
|
"value": "2020-08-08T00:00:00+00:00"
|
|
},
|
|
{
|
|
"category": "Other",
|
|
"comment": "",
|
|
"deleted": false,
|
|
"disable_correlation": true,
|
|
"object_relation": "expiration-date",
|
|
"timestamp": "1650634205",
|
|
"to_ids": false,
|
|
"type": "datetime",
|
|
"uuid": "99d0e027-0e5a-402c-abdd-3cddffc4b0d6",
|
|
"value": "2021-08-08T00:00:00+00:00"
|
|
},
|
|
{
|
|
"category": "Network activity",
|
|
"comment": "",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"object_relation": "domain",
|
|
"timestamp": "1650634205",
|
|
"to_ids": true,
|
|
"type": "domain",
|
|
"uuid": "b830fe6a-3295-4593-af06-d5c99dd5e664",
|
|
"value": "alticgo.com"
|
|
},
|
|
{
|
|
"category": "Network activity",
|
|
"comment": "",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"object_relation": "ip-address",
|
|
"timestamp": "1650634205",
|
|
"to_ids": true,
|
|
"type": "ip-src",
|
|
"uuid": "69d2c8e1-f371-49f2-a2a7-2010bcd4a0d3",
|
|
"value": "108.170.55.202"
|
|
}
|
|
]
|
|
},
|
|
{
|
|
"comment": "",
|
|
"deleted": false,
|
|
"description": "Whois records information for a domain name or an IP address.",
|
|
"meta-category": "network",
|
|
"name": "whois",
|
|
"template_uuid": "429faea1-34ff-47af-8a00-7c62d3be5a6a",
|
|
"template_version": "10",
|
|
"timestamp": "1650634260",
|
|
"uuid": "0a070868-4064-49db-bc1a-688d3c1f6efb",
|
|
"Attribute": [
|
|
{
|
|
"category": "Attribution",
|
|
"comment": "",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"object_relation": "registrar",
|
|
"timestamp": "1650634260",
|
|
"to_ids": false,
|
|
"type": "whois-registrar",
|
|
"uuid": "46022fac-7d31-42e8-8e77-4478f7ab9f2c",
|
|
"value": "NameSilo, LLC"
|
|
},
|
|
{
|
|
"category": "Other",
|
|
"comment": "",
|
|
"deleted": false,
|
|
"disable_correlation": true,
|
|
"object_relation": "creation-date",
|
|
"timestamp": "1650634260",
|
|
"to_ids": false,
|
|
"type": "datetime",
|
|
"uuid": "3a3f99a5-f54f-4b5a-8a09-6702c96b76d3",
|
|
"value": "2020-06-12T00:00:00+00:00"
|
|
},
|
|
{
|
|
"category": "Other",
|
|
"comment": "",
|
|
"deleted": false,
|
|
"disable_correlation": true,
|
|
"object_relation": "expiration-date",
|
|
"timestamp": "1650634260",
|
|
"to_ids": false,
|
|
"type": "datetime",
|
|
"uuid": "2c48ff87-2a39-468c-bd51-8a106b905f86",
|
|
"value": "2021-06-12T00:00:00+00:00"
|
|
},
|
|
{
|
|
"category": "Network activity",
|
|
"comment": "",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"object_relation": "domain",
|
|
"timestamp": "1650634260",
|
|
"to_ids": true,
|
|
"type": "domain",
|
|
"uuid": "8604e6f1-c42f-4974-888e-21e13aedf3ef",
|
|
"value": "esilet.com"
|
|
},
|
|
{
|
|
"category": "Network activity",
|
|
"comment": "",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"object_relation": "ip-address",
|
|
"timestamp": "1650634260",
|
|
"to_ids": true,
|
|
"type": "ip-src",
|
|
"uuid": "5ef84766-ba12-402f-b724-2c85011a040c",
|
|
"value": "104.168.98.156"
|
|
}
|
|
]
|
|
},
|
|
{
|
|
"comment": "Likely legitimate but compromised",
|
|
"deleted": false,
|
|
"description": "Whois records information for a domain name or an IP address.",
|
|
"meta-category": "network",
|
|
"name": "whois",
|
|
"template_uuid": "429faea1-34ff-47af-8a00-7c62d3be5a6a",
|
|
"template_version": "10",
|
|
"timestamp": "1650873770",
|
|
"uuid": "dbfe3bba-4188-4b9c-b915-71c8d4b445cd",
|
|
"Attribute": [
|
|
{
|
|
"category": "Attribution",
|
|
"comment": "",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"object_relation": "registrar",
|
|
"timestamp": "1650873770",
|
|
"to_ids": false,
|
|
"type": "whois-registrar",
|
|
"uuid": "18fd11c3-0928-488f-8bb2-a3d3e4e8d983",
|
|
"value": "Flexwebhosting"
|
|
},
|
|
{
|
|
"category": "Other",
|
|
"comment": "",
|
|
"deleted": false,
|
|
"disable_correlation": true,
|
|
"object_relation": "creation-date",
|
|
"timestamp": "1650873770",
|
|
"to_ids": false,
|
|
"type": "datetime",
|
|
"uuid": "f2565e00-6e26-4dce-b7d0-cb0879f5bfa3",
|
|
"value": "2018-02-26T00:00:00+00:00"
|
|
},
|
|
{
|
|
"category": "Network activity",
|
|
"comment": "",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"object_relation": "domain",
|
|
"timestamp": "1650873770",
|
|
"to_ids": true,
|
|
"type": "domain",
|
|
"uuid": "bbf0013a-b716-45a4-933b-228bb9074d47",
|
|
"value": "greenvideo.nl"
|
|
},
|
|
{
|
|
"category": "Network activity",
|
|
"comment": "",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"object_relation": "ip-address",
|
|
"timestamp": "1650873770",
|
|
"to_ids": true,
|
|
"type": "ip-src",
|
|
"uuid": "6e461f1e-ea91-4df2-9fa1-a3dfb6fc45ea",
|
|
"value": "62.84.240.140"
|
|
}
|
|
]
|
|
},
|
|
{
|
|
"comment": "Likely legitimate but compromised",
|
|
"deleted": false,
|
|
"description": "Whois records information for a domain name or an IP address.",
|
|
"meta-category": "network",
|
|
"name": "whois",
|
|
"template_uuid": "429faea1-34ff-47af-8a00-7c62d3be5a6a",
|
|
"template_version": "10",
|
|
"timestamp": "1650873794",
|
|
"uuid": "a32c592d-4ce5-4a96-b07b-2d7b5c6295fc",
|
|
"Attribute": [
|
|
{
|
|
"category": "Attribution",
|
|
"comment": "",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"object_relation": "registrar",
|
|
"timestamp": "1650873794",
|
|
"to_ids": false,
|
|
"type": "whois-registrar",
|
|
"uuid": "290f6b0e-a9a2-42bb-9a09-3296feed6140",
|
|
"value": "PublicDomainRegistry"
|
|
},
|
|
{
|
|
"category": "Other",
|
|
"comment": "",
|
|
"deleted": false,
|
|
"disable_correlation": true,
|
|
"object_relation": "creation-date",
|
|
"timestamp": "1650873794",
|
|
"to_ids": false,
|
|
"type": "datetime",
|
|
"uuid": "3f8437eb-c383-4944-ac82-b253d0fa0b8d",
|
|
"value": "2019-08-27T00:00:00+00:00"
|
|
},
|
|
{
|
|
"category": "Other",
|
|
"comment": "",
|
|
"deleted": false,
|
|
"disable_correlation": true,
|
|
"object_relation": "expiration-date",
|
|
"timestamp": "1650873794",
|
|
"to_ids": false,
|
|
"type": "datetime",
|
|
"uuid": "1904d841-8b3d-41c8-b094-f2f9fd7ded9c",
|
|
"value": "2022-08-27T00:00:00+00:00"
|
|
},
|
|
{
|
|
"category": "Network activity",
|
|
"comment": "",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"object_relation": "domain",
|
|
"timestamp": "1650873794",
|
|
"to_ids": true,
|
|
"type": "domain",
|
|
"uuid": "92f61960-d374-475b-b471-b65311fd673d",
|
|
"value": "dafnefonseca.com"
|
|
},
|
|
{
|
|
"category": "Network activity",
|
|
"comment": "",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"object_relation": "ip-address",
|
|
"timestamp": "1650873794",
|
|
"to_ids": true,
|
|
"type": "ip-src",
|
|
"uuid": "2313640f-744c-4c29-9f28-9e6f69ce5a8b",
|
|
"value": "151.101.64.119"
|
|
}
|
|
]
|
|
},
|
|
{
|
|
"comment": "Likely legitimate but compromised",
|
|
"deleted": false,
|
|
"description": "Whois records information for a domain name or an IP address.",
|
|
"meta-category": "network",
|
|
"name": "whois",
|
|
"template_uuid": "429faea1-34ff-47af-8a00-7c62d3be5a6a",
|
|
"template_version": "10",
|
|
"timestamp": "1650873853",
|
|
"uuid": "bc9564b4-dd65-421d-9c54-5b64f933d3d8",
|
|
"Attribute": [
|
|
{
|
|
"category": "Attribution",
|
|
"comment": "",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"object_relation": "registrar",
|
|
"timestamp": "1650873853",
|
|
"to_ids": false,
|
|
"type": "whois-registrar",
|
|
"uuid": "65cf6ef0-c2ab-4e1f-8402-d779c00e6b66",
|
|
"value": "cdmon,10DENCEHISPAHARD, S.L."
|
|
},
|
|
{
|
|
"category": "Other",
|
|
"comment": "",
|
|
"deleted": false,
|
|
"disable_correlation": true,
|
|
"object_relation": "creation-date",
|
|
"timestamp": "1650873853",
|
|
"to_ids": false,
|
|
"type": "datetime",
|
|
"uuid": "d647e11d-ef59-4fe4-bd1e-2b33353d18ee",
|
|
"value": "2005-03-02T00:00:00+00:00"
|
|
},
|
|
{
|
|
"category": "Network activity",
|
|
"comment": "",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"object_relation": "domain",
|
|
"timestamp": "1650873853",
|
|
"to_ids": true,
|
|
"type": "domain",
|
|
"uuid": "192cc0e0-2063-4a37-8a74-12dea79a0961",
|
|
"value": "haciendadeclarevot.com"
|
|
},
|
|
{
|
|
"category": "Network activity",
|
|
"comment": "",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"object_relation": "ip-address",
|
|
"timestamp": "1650873853",
|
|
"to_ids": true,
|
|
"type": "ip-src",
|
|
"uuid": "5ecd9215-512b-4582-a351-b2126b63d691",
|
|
"value": "185.66.41.17"
|
|
},
|
|
{
|
|
"category": "Other",
|
|
"comment": "",
|
|
"deleted": false,
|
|
"disable_correlation": true,
|
|
"object_relation": "expiration-date",
|
|
"timestamp": "1650873853",
|
|
"to_ids": false,
|
|
"type": "datetime",
|
|
"uuid": "8678266c-110d-42ee-958b-b0eef353b02d",
|
|
"value": "2023-03-02T00:00:00+00:00"
|
|
}
|
|
]
|
|
},
|
|
{
|
|
"comment": "Likely legitimate but compromised",
|
|
"deleted": false,
|
|
"description": "Whois records information for a domain name or an IP address.",
|
|
"meta-category": "network",
|
|
"name": "whois",
|
|
"template_uuid": "429faea1-34ff-47af-8a00-7c62d3be5a6a",
|
|
"template_version": "10",
|
|
"timestamp": "1650873886",
|
|
"uuid": "f0fa541a-29fe-4f0a-843a-fa2fe6f8bb84",
|
|
"Attribute": [
|
|
{
|
|
"category": "Attribution",
|
|
"comment": "",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"object_relation": "registrar",
|
|
"timestamp": "1650873886",
|
|
"to_ids": false,
|
|
"type": "whois-registrar",
|
|
"uuid": "31ddd7b8-aeca-4074-8b94-c53afc66d931",
|
|
"value": "GoDaddy.com, LLC"
|
|
},
|
|
{
|
|
"category": "Other",
|
|
"comment": "",
|
|
"deleted": false,
|
|
"disable_correlation": true,
|
|
"object_relation": "creation-date",
|
|
"timestamp": "1650873886",
|
|
"to_ids": false,
|
|
"type": "datetime",
|
|
"uuid": "5995bcb1-e3a1-4e73-a2cf-64e2aa557915",
|
|
"value": "2019-06-01T00:00:00+00:00"
|
|
},
|
|
{
|
|
"category": "Network activity",
|
|
"comment": "",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"object_relation": "domain",
|
|
"timestamp": "1650873886",
|
|
"to_ids": true,
|
|
"type": "domain",
|
|
"uuid": "e5043128-6668-45c1-ab45-e8e9d0c29926",
|
|
"value": "sche-eg.org"
|
|
},
|
|
{
|
|
"category": "Network activity",
|
|
"comment": "",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"object_relation": "ip-address",
|
|
"timestamp": "1650873886",
|
|
"to_ids": true,
|
|
"type": "ip-src",
|
|
"uuid": "cf41f55a-b200-4ed7-9436-5e65049f0e43",
|
|
"value": "160.153.235.20"
|
|
},
|
|
{
|
|
"category": "Other",
|
|
"comment": "",
|
|
"deleted": false,
|
|
"disable_correlation": true,
|
|
"object_relation": "expiration-date",
|
|
"timestamp": "1650873886",
|
|
"to_ids": false,
|
|
"type": "datetime",
|
|
"uuid": "718de351-1a41-4c07-a629-ae4e85e4e2bb",
|
|
"value": "2022-06-01T00:00:00+00:00"
|
|
}
|
|
]
|
|
},
|
|
{
|
|
"comment": "Likely legitimate but compromised",
|
|
"deleted": false,
|
|
"description": "Whois records information for a domain name or an IP address.",
|
|
"meta-category": "network",
|
|
"name": "whois",
|
|
"template_uuid": "429faea1-34ff-47af-8a00-7c62d3be5a6a",
|
|
"template_version": "10",
|
|
"timestamp": "1650874185",
|
|
"uuid": "cad8a940-22fd-493e-a0b9-0e4f6417fb06",
|
|
"Attribute": [
|
|
{
|
|
"category": "Attribution",
|
|
"comment": "",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"object_relation": "registrar",
|
|
"timestamp": "1650874185",
|
|
"to_ids": false,
|
|
"type": "whois-registrar",
|
|
"uuid": "aee1e34b-4e55-44ab-a916-8dd6e837f193",
|
|
"value": "cdmon, 10DENCEHISPAHARD, S.L."
|
|
},
|
|
{
|
|
"category": "Other",
|
|
"comment": "",
|
|
"deleted": false,
|
|
"disable_correlation": true,
|
|
"object_relation": "creation-date",
|
|
"timestamp": "1650874185",
|
|
"to_ids": false,
|
|
"type": "datetime",
|
|
"uuid": "fcf188a4-1b66-4733-833a-b22a64ecc51e",
|
|
"value": "2010-01-24T00:00:00+00:00"
|
|
},
|
|
{
|
|
"category": "Network activity",
|
|
"comment": "",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"object_relation": "domain",
|
|
"timestamp": "1650874185",
|
|
"to_ids": true,
|
|
"type": "domain",
|
|
"uuid": "3de7de18-dd95-440e-a6e2-c3a5a53edf33",
|
|
"value": "www.vinoymas.ch"
|
|
},
|
|
{
|
|
"category": "Network activity",
|
|
"comment": "",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"object_relation": "ip-address",
|
|
"timestamp": "1650874185",
|
|
"to_ids": true,
|
|
"type": "ip-src",
|
|
"uuid": "54da1952-ec7b-4dae-b567-7abaa87c11b2",
|
|
"value": "46.16.62.238"
|
|
}
|
|
]
|
|
},
|
|
{
|
|
"comment": "Likely legitimate but compromised",
|
|
"deleted": false,
|
|
"description": "Whois records information for a domain name or an IP address.",
|
|
"meta-category": "network",
|
|
"name": "whois",
|
|
"template_uuid": "429faea1-34ff-47af-8a00-7c62d3be5a6a",
|
|
"template_version": "10",
|
|
"timestamp": "1650874233",
|
|
"uuid": "e1cfd50f-b31a-4f23-b06b-8e933d5a89aa",
|
|
"Attribute": [
|
|
{
|
|
"category": "Attribution",
|
|
"comment": "",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"object_relation": "registrar",
|
|
"timestamp": "1650874233",
|
|
"to_ids": false,
|
|
"type": "whois-registrar",
|
|
"uuid": "70f511c7-eb7f-41a8-b210-6b4e6ee876d5",
|
|
"value": "PublicDomainRegistry"
|
|
},
|
|
{
|
|
"category": "Other",
|
|
"comment": "",
|
|
"deleted": false,
|
|
"disable_correlation": true,
|
|
"object_relation": "creation-date",
|
|
"timestamp": "1650874233",
|
|
"to_ids": false,
|
|
"type": "datetime",
|
|
"uuid": "c7f9d129-df11-43db-a27b-e4624cff32a2",
|
|
"value": "2020-06-20T00:00:00+00:00"
|
|
},
|
|
{
|
|
"category": "Network activity",
|
|
"comment": "",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"object_relation": "domain",
|
|
"timestamp": "1650874233",
|
|
"to_ids": true,
|
|
"type": "domain",
|
|
"uuid": "a15f7564-6bdb-4562-b027-a4b902122a00",
|
|
"value": "infodigitalnew.com"
|
|
},
|
|
{
|
|
"category": "Network activity",
|
|
"comment": "",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"object_relation": "ip-address",
|
|
"timestamp": "1650874233",
|
|
"to_ids": true,
|
|
"type": "ip-src",
|
|
"uuid": "7f79e9be-839b-42ee-a2aa-eed20d2d175b",
|
|
"value": "107.154.160.132"
|
|
},
|
|
{
|
|
"category": "Other",
|
|
"comment": "",
|
|
"deleted": false,
|
|
"disable_correlation": true,
|
|
"object_relation": "expiration-date",
|
|
"timestamp": "1650874233",
|
|
"to_ids": false,
|
|
"type": "datetime",
|
|
"uuid": "3bb4fbea-677c-47ee-99c8-dca056a8499a",
|
|
"value": "2022-06-20T00:00:00+00:00"
|
|
}
|
|
]
|
|
},
|
|
{
|
|
"comment": "",
|
|
"deleted": false,
|
|
"description": "Whois records information for a domain name or an IP address.",
|
|
"meta-category": "network",
|
|
"name": "whois",
|
|
"template_uuid": "429faea1-34ff-47af-8a00-7c62d3be5a6a",
|
|
"template_version": "10",
|
|
"timestamp": "1650634752",
|
|
"uuid": "6d206f7e-bc5f-43da-b4d2-59157bda25d4",
|
|
"Attribute": [
|
|
{
|
|
"category": "Attribution",
|
|
"comment": "",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"object_relation": "registrar",
|
|
"timestamp": "1650634752",
|
|
"to_ids": false,
|
|
"type": "whois-registrar",
|
|
"uuid": "61d7c950-c0ba-4d4c-8c0d-e3e35cd2169a",
|
|
"value": "NameCheap, Inc."
|
|
},
|
|
{
|
|
"category": "Other",
|
|
"comment": "",
|
|
"deleted": false,
|
|
"disable_correlation": true,
|
|
"object_relation": "creation-date",
|
|
"timestamp": "1650634752",
|
|
"to_ids": false,
|
|
"type": "datetime",
|
|
"uuid": "1c1075a4-0756-48e0-b32d-06fb7fbb8126",
|
|
"value": "2020-03-09T00:00:00+00:00"
|
|
},
|
|
{
|
|
"category": "Other",
|
|
"comment": "",
|
|
"deleted": false,
|
|
"disable_correlation": true,
|
|
"object_relation": "expiration-date",
|
|
"timestamp": "1650634752",
|
|
"to_ids": false,
|
|
"type": "datetime",
|
|
"uuid": "25479b66-75a5-4130-9362-ceab806a322a",
|
|
"value": "2021-03-09T00:00:00+00:00"
|
|
},
|
|
{
|
|
"category": "Network activity",
|
|
"comment": "",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"object_relation": "domain",
|
|
"timestamp": "1650634752",
|
|
"to_ids": true,
|
|
"type": "domain",
|
|
"uuid": "47183aa2-6db5-4a9a-af4f-7604fc9df93e",
|
|
"value": "creaideck.com"
|
|
},
|
|
{
|
|
"category": "Network activity",
|
|
"comment": "",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"object_relation": "ip-address",
|
|
"timestamp": "1650634752",
|
|
"to_ids": true,
|
|
"type": "ip-src",
|
|
"uuid": "a0c1efc6-07d4-4369-b7ff-cdddc7b04883",
|
|
"value": "38.132.124.161"
|
|
}
|
|
]
|
|
},
|
|
{
|
|
"comment": "",
|
|
"deleted": false,
|
|
"description": "Whois records information for a domain name or an IP address.",
|
|
"meta-category": "network",
|
|
"name": "whois",
|
|
"template_uuid": "429faea1-34ff-47af-8a00-7c62d3be5a6a",
|
|
"template_version": "10",
|
|
"timestamp": "1650634870",
|
|
"uuid": "8c6bab7d-636a-4058-bfee-578349146569",
|
|
"Attribute": [
|
|
{
|
|
"category": "Attribution",
|
|
"comment": "",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"object_relation": "registrar",
|
|
"timestamp": "1650634870",
|
|
"to_ids": false,
|
|
"type": "whois-registrar",
|
|
"uuid": "7c5e32f2-f753-41cf-8bbc-536bf771f151",
|
|
"value": "NameCheap, Inc."
|
|
},
|
|
{
|
|
"category": "Other",
|
|
"comment": "",
|
|
"deleted": false,
|
|
"disable_correlation": true,
|
|
"object_relation": "creation-date",
|
|
"timestamp": "1650634870",
|
|
"to_ids": false,
|
|
"type": "datetime",
|
|
"uuid": "d7b7001b-270d-47a5-b09f-0084838077fa",
|
|
"value": "2020-06-22T00:00:00+00:00"
|
|
},
|
|
{
|
|
"category": "Other",
|
|
"comment": "",
|
|
"deleted": false,
|
|
"disable_correlation": true,
|
|
"object_relation": "expiration-date",
|
|
"timestamp": "1650634870",
|
|
"to_ids": false,
|
|
"type": "datetime",
|
|
"uuid": "a34c0bd0-5c0f-45cb-ac6b-2e7b94570e98",
|
|
"value": "2021-06-22T00:00:00+00:00"
|
|
},
|
|
{
|
|
"category": "Network activity",
|
|
"comment": "",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"object_relation": "domain",
|
|
"timestamp": "1650634870",
|
|
"to_ids": true,
|
|
"type": "domain",
|
|
"uuid": "f1dda6f9-c665-4431-bc3f-0b1b66808f7a",
|
|
"value": "aideck.net"
|
|
},
|
|
{
|
|
"category": "Network activity",
|
|
"comment": "",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"object_relation": "ip-address",
|
|
"timestamp": "1650634870",
|
|
"to_ids": true,
|
|
"type": "ip-src",
|
|
"uuid": "c050be45-dfaf-4f98-8c07-7c345d1199a8",
|
|
"value": "89.45.4.151"
|
|
}
|
|
]
|
|
},
|
|
{
|
|
"comment": "",
|
|
"deleted": false,
|
|
"description": "File object describing a file with meta-information",
|
|
"meta-category": "file",
|
|
"name": "file",
|
|
"template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215",
|
|
"template_version": "24",
|
|
"timestamp": "1650634935",
|
|
"uuid": "5b5c5304-c4af-4b1b-9aa3-348ae3b2bdbb",
|
|
"Attribute": [
|
|
{
|
|
"category": "Other",
|
|
"comment": "",
|
|
"deleted": false,
|
|
"disable_correlation": true,
|
|
"object_relation": "text",
|
|
"timestamp": "1650634935",
|
|
"to_ids": false,
|
|
"type": "text",
|
|
"uuid": "c823e9fa-fa41-4240-865d-202d6966a0cf",
|
|
"value": "dropper macos"
|
|
},
|
|
{
|
|
"category": "Payload delivery",
|
|
"comment": "",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"object_relation": "sha1",
|
|
"timestamp": "1650634935",
|
|
"to_ids": true,
|
|
"type": "sha1",
|
|
"uuid": "4a325d30-049f-4df6-8a0c-519223904ec3",
|
|
"value": "f1606d4d374d7e2ba756bdd4df9b780748f6dc98"
|
|
},
|
|
{
|
|
"category": "Payload delivery",
|
|
"comment": "",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"object_relation": "md5",
|
|
"timestamp": "1650634935",
|
|
"to_ids": true,
|
|
"type": "md5",
|
|
"uuid": "c7d9a355-ba37-4caf-ac6a-e20dce60daab",
|
|
"value": "4e5ebbecd22c939f0edf1d16d68e8490"
|
|
},
|
|
{
|
|
"category": "Payload delivery",
|
|
"comment": "",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"object_relation": "sha256",
|
|
"timestamp": "1650634935",
|
|
"to_ids": true,
|
|
"type": "sha256",
|
|
"uuid": "d040db46-87ef-4cc3-9848-2bbddd455f00",
|
|
"value": "f0e8c29e3349d030a97f4a8673387c2e21858cccd1fb9ebbf9009b27743b2e5b"
|
|
},
|
|
{
|
|
"category": "Payload delivery",
|
|
"comment": "",
|
|
"deleted": false,
|
|
"disable_correlation": true,
|
|
"object_relation": "filename",
|
|
"timestamp": "1650634935",
|
|
"to_ids": true,
|
|
"type": "filename",
|
|
"uuid": "62f9c14e-327a-4ddd-b431-2c13b4b0856f",
|
|
"value": "CryptAIS[.]dmg"
|
|
},
|
|
{
|
|
"category": "Payload delivery",
|
|
"comment": "",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"object_relation": "ssdeep",
|
|
"timestamp": "1650634935",
|
|
"to_ids": true,
|
|
"type": "ssdeep",
|
|
"uuid": "91281d1e-ad9f-4c79-b2fa-fc67c24f03dc",
|
|
"value": "1572864:jx9QOwiLDCUrJXsKMoGTwiCcKFI8jmrvGqjL2hX6QklBmrZgkZjMz+dPSpR0Xcpk:F9QOTPCUrdsKEw3coIg2Or6XBmrZgkZw"
|
|
},
|
|
{
|
|
"category": "Other",
|
|
"comment": "",
|
|
"deleted": false,
|
|
"disable_correlation": true,
|
|
"object_relation": "size-in-bytes",
|
|
"timestamp": "1650634935",
|
|
"to_ids": false,
|
|
"type": "size-in-bytes",
|
|
"uuid": "87e6cb07-2465-40cb-ab50-5f617f8617a2",
|
|
"value": "84259810"
|
|
}
|
|
]
|
|
},
|
|
{
|
|
"comment": "",
|
|
"deleted": false,
|
|
"description": "File object describing a file with meta-information",
|
|
"meta-category": "file",
|
|
"name": "file",
|
|
"template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215",
|
|
"template_version": "24",
|
|
"timestamp": "1650635003",
|
|
"uuid": "77e77def-eabe-4b15-9847-89fde8e88d13",
|
|
"Attribute": [
|
|
{
|
|
"category": "Other",
|
|
"comment": "",
|
|
"deleted": false,
|
|
"disable_correlation": true,
|
|
"object_relation": "text",
|
|
"timestamp": "1650635003",
|
|
"to_ids": false,
|
|
"type": "text",
|
|
"uuid": "c68ee7f7-a137-48b2-a89d-ec4591e34efe",
|
|
"value": "trojan macho"
|
|
},
|
|
{
|
|
"category": "Payload delivery",
|
|
"comment": "",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"object_relation": "sha1",
|
|
"timestamp": "1650635003",
|
|
"to_ids": true,
|
|
"type": "sha1",
|
|
"uuid": "ec9ceb41-5750-46bb-8fe3-900e8ea0536b",
|
|
"value": "48a6d5141e25b6c63ad8da20b954b56afe589031"
|
|
},
|
|
{
|
|
"category": "Payload delivery",
|
|
"comment": "",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"object_relation": "md5",
|
|
"timestamp": "1650635003",
|
|
"to_ids": true,
|
|
"type": "md5",
|
|
"uuid": "c55e1862-2c4e-4888-850e-676751983145",
|
|
"value": "8397ea747d2ab50da4f876a36d673272"
|
|
},
|
|
{
|
|
"category": "Payload delivery",
|
|
"comment": "",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"object_relation": "sha256",
|
|
"timestamp": "1650635003",
|
|
"to_ids": true,
|
|
"type": "sha256",
|
|
"uuid": "a70192a0-2c6c-47db-b6ac-38e61e8124cc",
|
|
"value": "89b5e248c222ebf2cb3b525d3650259e01cf7d8fff5e4aa15ccd7512b1e63957"
|
|
},
|
|
{
|
|
"category": "Payload delivery",
|
|
"comment": "",
|
|
"deleted": false,
|
|
"disable_correlation": true,
|
|
"object_relation": "filename",
|
|
"timestamp": "1650635003",
|
|
"to_ids": true,
|
|
"type": "filename",
|
|
"uuid": "1f927915-1884-42df-a45c-99538f7af5bc",
|
|
"value": "darwin64.bin"
|
|
},
|
|
{
|
|
"category": "Payload delivery",
|
|
"comment": "",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"object_relation": "ssdeep",
|
|
"timestamp": "1650635003",
|
|
"to_ids": true,
|
|
"type": "ssdeep",
|
|
"uuid": "49d6b981-985c-4c93-a834-f34e07f62074",
|
|
"value": "49152:KIH1kEh7zIXlDYwVhb26hRKtRwwfs62sRAdNhEJNDvOL3OXl5zpF+FqBNihzTvff:KIH1kEhI1LOJtm2spB"
|
|
},
|
|
{
|
|
"category": "Other",
|
|
"comment": "",
|
|
"deleted": false,
|
|
"disable_correlation": true,
|
|
"object_relation": "size-in-bytes",
|
|
"timestamp": "1650635003",
|
|
"to_ids": false,
|
|
"type": "size-in-bytes",
|
|
"uuid": "a26b0bb2-558a-4151-9eca-1f4bfd40a2ad",
|
|
"value": "6757832"
|
|
}
|
|
]
|
|
},
|
|
{
|
|
"comment": "",
|
|
"deleted": false,
|
|
"description": "File object describing a file with meta-information",
|
|
"meta-category": "file",
|
|
"name": "file",
|
|
"template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215",
|
|
"template_version": "24",
|
|
"timestamp": "1650875019",
|
|
"uuid": "5a974b38-5306-4776-a12d-77d21ca8b308",
|
|
"ObjectReference": [
|
|
{
|
|
"comment": "",
|
|
"object_uuid": "5a974b38-5306-4776-a12d-77d21ca8b308",
|
|
"referenced_uuid": "6cab3b7e-1447-4726-949f-898c87e7c18b",
|
|
"relationship_type": "communicates-with",
|
|
"timestamp": "1650875019",
|
|
"uuid": "b2e47a3f-3b31-4b7a-ab28-e9c5c05ac7ab"
|
|
}
|
|
],
|
|
"Attribute": [
|
|
{
|
|
"category": "Other",
|
|
"comment": "",
|
|
"deleted": false,
|
|
"disable_correlation": true,
|
|
"object_relation": "text",
|
|
"timestamp": "1650635159",
|
|
"to_ids": false,
|
|
"type": "text",
|
|
"uuid": "91fdb322-e0b1-4e04-bbe4-6e0e37f4d448",
|
|
"value": "trojan peexe"
|
|
},
|
|
{
|
|
"category": "Payload delivery",
|
|
"comment": "",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"object_relation": "sha1",
|
|
"timestamp": "1650635159",
|
|
"to_ids": true,
|
|
"type": "sha1",
|
|
"uuid": "41550d32-ef03-40b1-96a4-576d02cf045f",
|
|
"value": "d5ff73c043f3bb75dd749636307500b60a436550"
|
|
},
|
|
{
|
|
"category": "Payload delivery",
|
|
"comment": "",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"object_relation": "md5",
|
|
"timestamp": "1650635159",
|
|
"to_ids": true,
|
|
"type": "md5",
|
|
"uuid": "76fc8314-9fd9-480a-9c01-d72ad6091240",
|
|
"value": "5d43baf1c9e9e3a939e5defd8f8fbd8d"
|
|
},
|
|
{
|
|
"category": "Payload delivery",
|
|
"comment": "",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"object_relation": "sha256",
|
|
"timestamp": "1650635159",
|
|
"to_ids": true,
|
|
"type": "sha256",
|
|
"uuid": "28633101-771e-42d4-a227-0dd59ba8e42d",
|
|
"value": "867c8b49d29ae1f6e4a7cd31b6fe7e278753a1ba03d4be338ed11fd1efc7dd36"
|
|
},
|
|
{
|
|
"category": "Payload delivery",
|
|
"comment": "",
|
|
"deleted": false,
|
|
"disable_correlation": true,
|
|
"object_relation": "filename",
|
|
"timestamp": "1650635159",
|
|
"to_ids": true,
|
|
"type": "filename",
|
|
"uuid": "4052b3ea-d0a2-4475-a4e9-e82976bc5548",
|
|
"value": "win32.bin"
|
|
},
|
|
{
|
|
"category": "Other",
|
|
"comment": "",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"object_relation": "compilation-timestamp",
|
|
"timestamp": "1650635159",
|
|
"to_ids": false,
|
|
"type": "datetime",
|
|
"uuid": "109f4d5a-f065-42cb-ab0a-c8d6ccf6c3d0",
|
|
"value": "2020-06-23T06:06:35+00:00"
|
|
},
|
|
{
|
|
"category": "Payload delivery",
|
|
"comment": "",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"object_relation": "ssdeep",
|
|
"timestamp": "1650635159",
|
|
"to_ids": true,
|
|
"type": "ssdeep",
|
|
"uuid": "9c52a98f-3d44-4e02-9263-bfd6557de9ad",
|
|
"value": "24576:y3SY+/2M3BMr7cdgSLBjbr4nzzy95VV7cEXV:ESZ2ESrHSV3D95oA"
|
|
},
|
|
{
|
|
"category": "Other",
|
|
"comment": "",
|
|
"deleted": false,
|
|
"disable_correlation": true,
|
|
"object_relation": "size-in-bytes",
|
|
"timestamp": "1650635159",
|
|
"to_ids": false,
|
|
"type": "size-in-bytes",
|
|
"uuid": "9120ff42-4807-4cdb-8a8d-6fc5a0b6df44",
|
|
"value": "2198684"
|
|
}
|
|
]
|
|
},
|
|
{
|
|
"comment": "",
|
|
"deleted": false,
|
|
"description": "File object describing a file with meta-information",
|
|
"meta-category": "file",
|
|
"name": "file",
|
|
"template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215",
|
|
"template_version": "24",
|
|
"timestamp": "1650873574",
|
|
"uuid": "935f9ebe-0659-4366-9f48-7bb9ec391f39",
|
|
"ObjectReference": [
|
|
{
|
|
"comment": "",
|
|
"object_uuid": "935f9ebe-0659-4366-9f48-7bb9ec391f39",
|
|
"referenced_uuid": "1ddaa545-11cd-49e0-8317-bee3120287c6",
|
|
"relationship_type": "communicates-with",
|
|
"timestamp": "1650873574",
|
|
"uuid": "ec25fc5c-5692-41f8-bd93-e24ade60785d"
|
|
}
|
|
],
|
|
"Attribute": [
|
|
{
|
|
"category": "Other",
|
|
"comment": "",
|
|
"deleted": false,
|
|
"disable_correlation": true,
|
|
"object_relation": "text",
|
|
"timestamp": "1650635259",
|
|
"to_ids": false,
|
|
"type": "text",
|
|
"uuid": "873609bd-99fc-4b45-b236-e48c891ef22a",
|
|
"value": "dropper peexe nsis"
|
|
},
|
|
{
|
|
"category": "Payload delivery",
|
|
"comment": "",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"object_relation": "sha1",
|
|
"timestamp": "1650635259",
|
|
"to_ids": true,
|
|
"type": "sha1",
|
|
"uuid": "1c2b5d83-77c1-44ae-9ec7-c12874cbe2ef",
|
|
"value": "f3263451f8988a9b02268f0fb6893f7c41b906d9"
|
|
},
|
|
{
|
|
"category": "Payload delivery",
|
|
"comment": "",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"object_relation": "md5",
|
|
"timestamp": "1650635259",
|
|
"to_ids": true,
|
|
"type": "md5",
|
|
"uuid": "f54863f9-eb92-4d23-b26b-b8b70a45bd14",
|
|
"value": "1c7d0ae1c4d2c0b70f75eab856327956"
|
|
},
|
|
{
|
|
"category": "Payload delivery",
|
|
"comment": "",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"object_relation": "sha256",
|
|
"timestamp": "1650635259",
|
|
"to_ids": true,
|
|
"type": "sha256",
|
|
"uuid": "b51d85fb-7966-429a-a282-fa4a460c20d8",
|
|
"value": "765a79d22330098884e0f7ce692d61c40dfcf288826342f33d976d8314cfd819"
|
|
},
|
|
{
|
|
"category": "Payload delivery",
|
|
"comment": "",
|
|
"deleted": false,
|
|
"disable_correlation": true,
|
|
"object_relation": "filename",
|
|
"timestamp": "1650635259",
|
|
"to_ids": true,
|
|
"type": "filename",
|
|
"uuid": "dcd734d0-374c-4fc6-8cae-a45c496a90bd",
|
|
"value": "AlticGO.exe"
|
|
},
|
|
{
|
|
"category": "Other",
|
|
"comment": "",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"object_relation": "compilation-timestamp",
|
|
"timestamp": "1650635259",
|
|
"to_ids": false,
|
|
"type": "datetime",
|
|
"uuid": "4ad1d171-25e6-418c-abf2-cc831c5dffe5",
|
|
"value": "2018-12-15T22:26:14+00:00"
|
|
},
|
|
{
|
|
"category": "Payload delivery",
|
|
"comment": "",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"object_relation": "ssdeep",
|
|
"timestamp": "1650635259",
|
|
"to_ids": true,
|
|
"type": "ssdeep",
|
|
"uuid": "77b3c410-8f7f-4574-a945-bf5799fcbd4b",
|
|
"value": "786432:optZmVDkD1mZ1FggTqqLGAU6JXnjmDQ4YBXpleV0RnJYJKoSuDySLGh7yVPUXi7:opzKDginspAU6JXnJ46X+eC6cySihWVX"
|
|
},
|
|
{
|
|
"category": "Other",
|
|
"comment": "",
|
|
"deleted": false,
|
|
"disable_correlation": true,
|
|
"object_relation": "size-in-bytes",
|
|
"timestamp": "1650635259",
|
|
"to_ids": false,
|
|
"type": "size-in-bytes",
|
|
"uuid": "75f0ffe0-a2ce-4305-8483-d6ca88fd0b58",
|
|
"value": "45656474"
|
|
}
|
|
]
|
|
},
|
|
{
|
|
"comment": "",
|
|
"deleted": false,
|
|
"description": "File object describing a file with meta-information",
|
|
"meta-category": "file",
|
|
"name": "file",
|
|
"template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215",
|
|
"template_version": "24",
|
|
"timestamp": "1650872625",
|
|
"uuid": "7c6189ad-0027-4195-a229-bb2634e3d22a",
|
|
"ObjectReference": [
|
|
{
|
|
"comment": "",
|
|
"object_uuid": "7c6189ad-0027-4195-a229-bb2634e3d22a",
|
|
"referenced_uuid": "da9de2c1-f2c4-4ede-bd4e-da81f03e6fb0",
|
|
"relationship_type": "communicates-with",
|
|
"timestamp": "1650872625",
|
|
"uuid": "81fc79e4-445d-4321-83fb-2af4cac4db45"
|
|
}
|
|
],
|
|
"Attribute": [
|
|
{
|
|
"category": "Other",
|
|
"comment": "",
|
|
"deleted": false,
|
|
"disable_correlation": true,
|
|
"object_relation": "text",
|
|
"timestamp": "1650635345",
|
|
"to_ids": false,
|
|
"type": "text",
|
|
"uuid": "507f18f9-9857-4f81-8df6-cee7f38b23ed",
|
|
"value": "dropper peexe nsis"
|
|
},
|
|
{
|
|
"category": "Payload delivery",
|
|
"comment": "",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"object_relation": "sha1",
|
|
"timestamp": "1650635345",
|
|
"to_ids": true,
|
|
"type": "sha1",
|
|
"uuid": "733d993c-1bbd-4135-9cb6-28e0544c3795",
|
|
"value": "ff17bd5abe9f4939918f27afbe0072c18df6db37"
|
|
},
|
|
{
|
|
"category": "Payload delivery",
|
|
"comment": "",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"object_relation": "md5",
|
|
"timestamp": "1650635345",
|
|
"to_ids": true,
|
|
"type": "md5",
|
|
"uuid": "d02f72e9-d1f2-460e-aae3-81e96c211db2",
|
|
"value": "855b2f4c910602f895ee3c94118e979a"
|
|
},
|
|
{
|
|
"category": "Payload delivery",
|
|
"comment": "",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"object_relation": "sha256",
|
|
"timestamp": "1650635345",
|
|
"to_ids": true,
|
|
"type": "sha256",
|
|
"uuid": "89175329-8f34-4d20-a500-d7f4b3ef49b0",
|
|
"value": "e3d98cc4539068ce335f1240deb1d72a0b57b9ca5803254616ea4999b66703ad"
|
|
},
|
|
{
|
|
"category": "Payload delivery",
|
|
"comment": "",
|
|
"deleted": false,
|
|
"disable_correlation": true,
|
|
"object_relation": "filename",
|
|
"timestamp": "1650635345",
|
|
"to_ids": true,
|
|
"type": "filename",
|
|
"uuid": "cbbb4c68-c363-4467-bdd5-9624c38e0e91",
|
|
"value": "AlticGO_R.exe"
|
|
},
|
|
{
|
|
"category": "Other",
|
|
"comment": "",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"object_relation": "compilation-timestamp",
|
|
"timestamp": "1650635345",
|
|
"to_ids": false,
|
|
"type": "datetime",
|
|
"uuid": "ee22d1e1-39b1-4763-a0ab-27de7589c074",
|
|
"value": "2020-02-12T16:15:17+00:00"
|
|
},
|
|
{
|
|
"category": "Payload delivery",
|
|
"comment": "",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"object_relation": "ssdeep",
|
|
"timestamp": "1650635345",
|
|
"to_ids": true,
|
|
"type": "ssdeep",
|
|
"uuid": "8a4cefb3-d0d5-4bfc-ac92-df7ae6608398",
|
|
"value": "786432:LptZmVDkD1mQIiXUBkRbWGtqqLGAU6JXnjmDQ4YBXpleV0RnJYJKoSuDySLGh7yH:LpzKDgzRpWGwpAU6JXnJ46X+eC6cySiI"
|
|
},
|
|
{
|
|
"category": "Other",
|
|
"comment": "",
|
|
"deleted": false,
|
|
"disable_correlation": true,
|
|
"object_relation": "size-in-bytes",
|
|
"timestamp": "1650635345",
|
|
"to_ids": false,
|
|
"type": "size-in-bytes",
|
|
"uuid": "639ea7a6-8e72-431f-92d2-e76c1d053721",
|
|
"value": "46745505"
|
|
}
|
|
]
|
|
},
|
|
{
|
|
"comment": "",
|
|
"deleted": false,
|
|
"description": "File object describing a file with meta-information",
|
|
"meta-category": "file",
|
|
"name": "file",
|
|
"template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215",
|
|
"template_version": "24",
|
|
"timestamp": "1650873560",
|
|
"uuid": "9bb8cbfe-8716-4a9c-8d74-0e36970f8117",
|
|
"ObjectReference": [
|
|
{
|
|
"comment": "",
|
|
"object_uuid": "9bb8cbfe-8716-4a9c-8d74-0e36970f8117",
|
|
"referenced_uuid": "1ddaa545-11cd-49e0-8317-bee3120287c6",
|
|
"relationship_type": "communicates-with",
|
|
"timestamp": "1650873560",
|
|
"uuid": "adbcae83-0578-4632-a5de-53b4c9e44f3e"
|
|
}
|
|
],
|
|
"Attribute": [
|
|
{
|
|
"category": "Other",
|
|
"comment": "",
|
|
"deleted": false,
|
|
"disable_correlation": true,
|
|
"object_relation": "text",
|
|
"timestamp": "1650635422",
|
|
"to_ids": false,
|
|
"type": "text",
|
|
"uuid": "b5546e56-7f3d-479c-8435-c78a40a93253",
|
|
"value": "dropper peexe nsis"
|
|
},
|
|
{
|
|
"category": "Payload delivery",
|
|
"comment": "",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"object_relation": "sha1",
|
|
"timestamp": "1650635422",
|
|
"to_ids": true,
|
|
"type": "sha1",
|
|
"uuid": "151fca96-2ac1-452a-a361-fbb08522d376",
|
|
"value": "3f2c1e60b5fac4cf1013e3e1fc688be490d71a84"
|
|
},
|
|
{
|
|
"category": "Payload delivery",
|
|
"comment": "",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"object_relation": "md5",
|
|
"timestamp": "1650635422",
|
|
"to_ids": true,
|
|
"type": "md5",
|
|
"uuid": "5aa87b66-032c-4b47-8494-de53cf999392",
|
|
"value": "9a6307362e3331459d350a201ad66cd9"
|
|
},
|
|
{
|
|
"category": "Payload delivery",
|
|
"comment": "",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"object_relation": "sha256",
|
|
"timestamp": "1650635422",
|
|
"to_ids": true,
|
|
"type": "sha256",
|
|
"uuid": "6f2cc970-8988-435c-9254-f2c354fd3637",
|
|
"value": "8acd7c2708eb1119ba64699fd702ebd96c0d59a66cba5059f4e089f4b0914925"
|
|
},
|
|
{
|
|
"category": "Payload delivery",
|
|
"comment": "",
|
|
"deleted": false,
|
|
"disable_correlation": true,
|
|
"object_relation": "filename",
|
|
"timestamp": "1650635422",
|
|
"to_ids": true,
|
|
"type": "filename",
|
|
"uuid": "15596eef-8590-472c-b492-2624fd612f28",
|
|
"value": "AlticGO.exe"
|
|
},
|
|
{
|
|
"category": "Other",
|
|
"comment": "",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"object_relation": "compilation-timestamp",
|
|
"timestamp": "1650635422",
|
|
"to_ids": false,
|
|
"type": "datetime",
|
|
"uuid": "9e6d9c4a-2d46-4594-b31f-92af84c1909d",
|
|
"value": "2020-02-12T16:15:17+00:00"
|
|
},
|
|
{
|
|
"category": "Payload delivery",
|
|
"comment": "",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"object_relation": "ssdeep",
|
|
"timestamp": "1650635422",
|
|
"to_ids": true,
|
|
"type": "ssdeep",
|
|
"uuid": "fbe0588b-a5dd-4656-8b61-58657e356d77",
|
|
"value": "786432:AptZmVDkD1mjPNDeuxOTKQqqLGAU6JXnjmDQ4YBXpleV0RnJYJKoSuDySLGh7yV7:ApzKDgqPxeuLpAU6JXnJ46X+eC6cySiG"
|
|
},
|
|
{
|
|
"category": "Other",
|
|
"comment": "",
|
|
"deleted": false,
|
|
"disable_correlation": true,
|
|
"object_relation": "size-in-bytes",
|
|
"timestamp": "1650635422",
|
|
"to_ids": false,
|
|
"type": "size-in-bytes",
|
|
"uuid": "d08cb43b-72fc-46c2-b7e5-11425453e5a5",
|
|
"value": "46745644"
|
|
}
|
|
]
|
|
},
|
|
{
|
|
"comment": "",
|
|
"deleted": false,
|
|
"description": "File object describing a file with meta-information",
|
|
"meta-category": "file",
|
|
"name": "file",
|
|
"template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215",
|
|
"template_version": "24",
|
|
"timestamp": "1650635710",
|
|
"uuid": "90e4e6f4-36ac-40cc-8eb7-34286e6c5ba1",
|
|
"Attribute": [
|
|
{
|
|
"category": "Other",
|
|
"comment": "",
|
|
"deleted": false,
|
|
"disable_correlation": true,
|
|
"object_relation": "text",
|
|
"timestamp": "1650635710",
|
|
"to_ids": false,
|
|
"type": "text",
|
|
"uuid": "1a85b112-9b25-426b-8879-b7b59f2f0fa4",
|
|
"value": "dropper macos"
|
|
},
|
|
{
|
|
"category": "Payload delivery",
|
|
"comment": "",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"object_relation": "sha1",
|
|
"timestamp": "1650635710",
|
|
"to_ids": true,
|
|
"type": "sha1",
|
|
"uuid": "a774579e-de17-4ccf-a836-04650429c639",
|
|
"value": "ae9f4e39c576555faadee136c6c3b2d358ad90b9"
|
|
},
|
|
{
|
|
"category": "Payload delivery",
|
|
"comment": "",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"object_relation": "md5",
|
|
"timestamp": "1650635710",
|
|
"to_ids": true,
|
|
"type": "md5",
|
|
"uuid": "4dcb4453-eebd-4c5e-b631-fe7152c953b9",
|
|
"value": "53d9af8829a9c7f6f177178885901c01"
|
|
},
|
|
{
|
|
"category": "Payload delivery",
|
|
"comment": "",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"object_relation": "sha256",
|
|
"timestamp": "1650635710",
|
|
"to_ids": true,
|
|
"type": "sha256",
|
|
"uuid": "06ba1de7-9ac3-4250-8296-ee50f453de8f",
|
|
"value": "9ba02f8a985ec1a99ab7b78fa678f26c0273d91ae7cbe45b814e6775ec477598"
|
|
},
|
|
{
|
|
"category": "Payload delivery",
|
|
"comment": "",
|
|
"deleted": false,
|
|
"disable_correlation": true,
|
|
"object_relation": "filename",
|
|
"timestamp": "1650635710",
|
|
"to_ids": true,
|
|
"type": "filename",
|
|
"uuid": "137da941-cf28-4a02-947a-822d7cb7b6b3",
|
|
"value": "Esilet.dmg"
|
|
},
|
|
{
|
|
"category": "Payload delivery",
|
|
"comment": "",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"object_relation": "ssdeep",
|
|
"timestamp": "1650635710",
|
|
"to_ids": true,
|
|
"type": "ssdeep",
|
|
"uuid": "facb94a9-35b7-4a65-b9e7-f3d33280e7eb",
|
|
"value": "1572864:lffyoUnp5xmHVUTd+GgNPjFvp4YEbRU7h8cvjmUAm4Du73X0unpXkU:lfqHBmHo+BPj9CYEshLqcuAX0I0"
|
|
},
|
|
{
|
|
"category": "Other",
|
|
"comment": "",
|
|
"deleted": false,
|
|
"disable_correlation": true,
|
|
"object_relation": "size-in-bytes",
|
|
"timestamp": "1650635710",
|
|
"to_ids": false,
|
|
"type": "size-in-bytes",
|
|
"uuid": "7f2b75fb-5fea-40b0-87a9-9d3dc565470c",
|
|
"value": "81688694"
|
|
}
|
|
]
|
|
},
|
|
{
|
|
"comment": "",
|
|
"deleted": false,
|
|
"description": "File object describing a file with meta-information",
|
|
"meta-category": "file",
|
|
"name": "file",
|
|
"template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215",
|
|
"template_version": "24",
|
|
"timestamp": "1650636077",
|
|
"uuid": "1862b701-6f4f-498e-9578-8c2e1d253ad2",
|
|
"ObjectReference": [
|
|
{
|
|
"comment": "",
|
|
"object_uuid": "1862b701-6f4f-498e-9578-8c2e1d253ad2",
|
|
"referenced_uuid": "bef467b3-a40a-484e-8fac-584f89269376",
|
|
"relationship_type": "linked-to",
|
|
"timestamp": "1650636026",
|
|
"uuid": "463d8b79-332d-4b47-bc6d-b00c2ab77238"
|
|
},
|
|
{
|
|
"comment": "",
|
|
"object_uuid": "1862b701-6f4f-498e-9578-8c2e1d253ad2",
|
|
"referenced_uuid": "d8c0898f-7080-4e0c-9123-a1367e5768e9",
|
|
"relationship_type": "linked-to",
|
|
"timestamp": "1650636054",
|
|
"uuid": "27706e5d-6b75-4747-aa49-7cbb09033ea8"
|
|
},
|
|
{
|
|
"comment": "",
|
|
"object_uuid": "1862b701-6f4f-498e-9578-8c2e1d253ad2",
|
|
"referenced_uuid": "48f87cce-d1ae-4528-b79e-dd4d4af035f8",
|
|
"relationship_type": "linked-to",
|
|
"timestamp": "1650636077",
|
|
"uuid": "b0804202-fa09-455f-8e37-ef529f091f2f"
|
|
}
|
|
],
|
|
"Attribute": [
|
|
{
|
|
"category": "Other",
|
|
"comment": "",
|
|
"deleted": false,
|
|
"disable_correlation": true,
|
|
"object_relation": "text",
|
|
"timestamp": "1650635846",
|
|
"to_ids": false,
|
|
"type": "text",
|
|
"uuid": "0a51aa08-0c25-490e-91d4-319aba3180e2",
|
|
"value": "trojan macho"
|
|
},
|
|
{
|
|
"category": "Payload delivery",
|
|
"comment": "",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"object_relation": "sha1",
|
|
"timestamp": "1650635846",
|
|
"to_ids": true,
|
|
"type": "sha1",
|
|
"uuid": "1cdf3ef4-002b-4682-b7d2-8e36d06437f1",
|
|
"value": "41f855b54bf3db621b340b7c59722fb493ba39a5"
|
|
},
|
|
{
|
|
"category": "Payload delivery",
|
|
"comment": "",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"object_relation": "md5",
|
|
"timestamp": "1650635846",
|
|
"to_ids": true,
|
|
"type": "md5",
|
|
"uuid": "3f7b92cc-6a05-43dd-8565-9da814738b53",
|
|
"value": "1ca31319721740ecb79f4b9ee74cd9b0"
|
|
},
|
|
{
|
|
"category": "Payload delivery",
|
|
"comment": "",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"object_relation": "sha256",
|
|
"timestamp": "1650635846",
|
|
"to_ids": true,
|
|
"type": "sha256",
|
|
"uuid": "5cbb1563-1008-4939-b5c8-f7d64904e3bf",
|
|
"value": "9d9dda39af17a37d92b429b68f4a8fc0a76e93ff1bd03f06258c51b73eb40efa"
|
|
},
|
|
{
|
|
"category": "Payload delivery",
|
|
"comment": "",
|
|
"deleted": false,
|
|
"disable_correlation": true,
|
|
"object_relation": "filename",
|
|
"timestamp": "1650635846",
|
|
"to_ids": true,
|
|
"type": "filename",
|
|
"uuid": "8589ca4b-9d0e-4dca-8438-abfd9452ef86",
|
|
"value": "Esilet-tmpzpsb3"
|
|
},
|
|
{
|
|
"category": "Payload delivery",
|
|
"comment": "",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"object_relation": "ssdeep",
|
|
"timestamp": "1650635846",
|
|
"to_ids": true,
|
|
"type": "ssdeep",
|
|
"uuid": "c78b5bf7-d208-4baf-96c7-0348310419ca",
|
|
"value": "6144:wAulcT94T94T97zDj1I/BkjhkbjZ8bZ87ZMSj71obV/7NobNo7NZTb7hMT5ETZ8I:wDskT1UBg2lirFbpR9mJGpmN"
|
|
},
|
|
{
|
|
"category": "Other",
|
|
"comment": "",
|
|
"deleted": false,
|
|
"disable_correlation": true,
|
|
"object_relation": "size-in-bytes",
|
|
"timestamp": "1650635846",
|
|
"to_ids": false,
|
|
"type": "size-in-bytes",
|
|
"uuid": "fd9be628-e935-4660-8b9e-6843b9e83902",
|
|
"value": "522620"
|
|
}
|
|
]
|
|
},
|
|
{
|
|
"comment": "",
|
|
"deleted": false,
|
|
"description": "File object describing a file with meta-information",
|
|
"meta-category": "file",
|
|
"name": "file",
|
|
"template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215",
|
|
"template_version": "24",
|
|
"timestamp": "1650636451",
|
|
"uuid": "d5da3fba-461f-443e-a526-391509a94868",
|
|
"ObjectReference": [
|
|
{
|
|
"comment": "",
|
|
"object_uuid": "d5da3fba-461f-443e-a526-391509a94868",
|
|
"referenced_uuid": "dfba1891-cafd-4e65-814e-4db59c605a60",
|
|
"relationship_type": "linked-to",
|
|
"timestamp": "1650636362",
|
|
"uuid": "1aa0aced-f16c-4cc7-be9d-e1a2e1881f9c"
|
|
},
|
|
{
|
|
"comment": "",
|
|
"object_uuid": "d5da3fba-461f-443e-a526-391509a94868",
|
|
"referenced_uuid": "a4e63ba8-1cbd-4b30-86f9-22b6851302f0",
|
|
"relationship_type": "linked-to",
|
|
"timestamp": "1650636425",
|
|
"uuid": "de1047e3-b6cc-4a0e-b2f9-eec22292ff97"
|
|
},
|
|
{
|
|
"comment": "",
|
|
"object_uuid": "d5da3fba-461f-443e-a526-391509a94868",
|
|
"referenced_uuid": "a04f7f74-353a-4f19-a2ee-090fbef4f822",
|
|
"relationship_type": "linked-to",
|
|
"timestamp": "1650636451",
|
|
"uuid": "0a9ae5c7-e447-4c31-b490-05abb598e4f1"
|
|
}
|
|
],
|
|
"Attribute": [
|
|
{
|
|
"category": "Other",
|
|
"comment": "",
|
|
"deleted": false,
|
|
"disable_correlation": true,
|
|
"object_relation": "text",
|
|
"timestamp": "1650636176",
|
|
"to_ids": false,
|
|
"type": "text",
|
|
"uuid": "9512de0e-621a-4612-a393-51fe3c61f4b4",
|
|
"value": "trojan macho"
|
|
},
|
|
{
|
|
"category": "Payload delivery",
|
|
"comment": "",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"object_relation": "sha1",
|
|
"timestamp": "1650636176",
|
|
"to_ids": true,
|
|
"type": "sha1",
|
|
"uuid": "8ab51ff5-1212-43c8-a410-e9351c119dd1",
|
|
"value": "d2a77c31c3e169bec655068e96cf4e7fc52e77b8"
|
|
},
|
|
{
|
|
"category": "Payload delivery",
|
|
"comment": "",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"object_relation": "md5",
|
|
"timestamp": "1650636176",
|
|
"to_ids": true,
|
|
"type": "md5",
|
|
"uuid": "f05e2d2a-725c-429f-af7d-24a8c20ed765",
|
|
"value": "9578c2be6437dcc8517e78a5de1fa975"
|
|
},
|
|
{
|
|
"category": "Payload delivery",
|
|
"comment": "",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"object_relation": "sha256",
|
|
"timestamp": "1650636176",
|
|
"to_ids": true,
|
|
"type": "sha256",
|
|
"uuid": "faaa1d4c-a3f4-475e-a7fa-a9cbee83ef82",
|
|
"value": "dced1acbbe11db2b9e7ae44a617f3c12d6613a8188f6a1ece0451e4cd4205156"
|
|
},
|
|
{
|
|
"category": "Payload delivery",
|
|
"comment": "",
|
|
"deleted": false,
|
|
"disable_correlation": true,
|
|
"object_relation": "filename",
|
|
"timestamp": "1650636176",
|
|
"to_ids": true,
|
|
"type": "filename",
|
|
"uuid": "31839dbb-d2a1-4ff9-b8c7-b5cfa2f18e98",
|
|
"value": "Esilet-tmpg7lpp"
|
|
},
|
|
{
|
|
"category": "Payload delivery",
|
|
"comment": "",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"object_relation": "ssdeep",
|
|
"timestamp": "1650636176",
|
|
"to_ids": true,
|
|
"type": "ssdeep",
|
|
"uuid": "17791806-68f3-4cf1-bf0c-81c0593df66a",
|
|
"value": "384:sdaWs0fDTmKnY4FPk6hTyQUitnI/kmCgr7lUryESll4yg9RpEwrUifJ8ttJOdy:sdayCkY4Fei9mhy/L9RBrny6y"
|
|
},
|
|
{
|
|
"category": "Other",
|
|
"comment": "",
|
|
"deleted": false,
|
|
"disable_correlation": true,
|
|
"object_relation": "size-in-bytes",
|
|
"timestamp": "1650636176",
|
|
"to_ids": false,
|
|
"type": "size-in-bytes",
|
|
"uuid": "fd6ab1b7-f886-4124-b743-6d52c3e16e26",
|
|
"value": "39156"
|
|
}
|
|
]
|
|
},
|
|
{
|
|
"comment": "DAFOM purports to be a \u201ccryptocurrency portfolio application.\u201d A Mach-O binary packaged within the Electron application was signed by an Apple digital signature issued for the Apple Developer Team W58CYKFH67. The certificate associated with Apple Developer Team W58CYKFH67 has been revoked. A metadata file packaged in the DAFOM application provided the URL hxxps://github[.]com/dafomdev for bug reports. As of April 2022, this page was unavailable.",
|
|
"deleted": false,
|
|
"description": "GitHub user",
|
|
"meta-category": "misc",
|
|
"name": "github-user",
|
|
"template_uuid": "4329b5e6-8e6a-4b55-8fd1-9033782017d4",
|
|
"template_version": "3",
|
|
"timestamp": "1650870505",
|
|
"uuid": "466312bb-59e2-4c4a-bfa0-329721097360",
|
|
"Attribute": [
|
|
{
|
|
"category": "Social network",
|
|
"comment": "",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"object_relation": "username",
|
|
"timestamp": "1650870505",
|
|
"to_ids": false,
|
|
"type": "github-username",
|
|
"uuid": "f821bbd2-e5ed-468d-b93e-61734deb09ca",
|
|
"value": "dafomdev"
|
|
}
|
|
]
|
|
}
|
|
]
|
|
}
|
|
} |