1977 lines
No EOL
67 KiB
JSON
1977 lines
No EOL
67 KiB
JSON
{
|
|
"Event": {
|
|
"analysis": "0",
|
|
"date": "2019-10-23",
|
|
"extends_uuid": "",
|
|
"info": "OSINT - Dans l\u00e2\u20ac\u2122\u00c5\u201cil de notre CyberSOC : la campagne malspam Aggah diversifie ses outils",
|
|
"publish_timestamp": "1575969912",
|
|
"published": true,
|
|
"threat_level_id": "3",
|
|
"timestamp": "1575969880",
|
|
"uuid": "5dbae98e-7974-4480-86db-44be950d210f",
|
|
"Orgc": {
|
|
"name": "CIRCL",
|
|
"uuid": "55f6ea5e-2c60-40e5-964f-47a8950d210f"
|
|
},
|
|
"Tag": [
|
|
{
|
|
"colour": "#0088cc",
|
|
"name": "misp-galaxy:mitre-attack-pattern=\"Scheduled Task - T1053\""
|
|
},
|
|
{
|
|
"colour": "#0088cc",
|
|
"name": "misp-galaxy:mitre-attack-pattern=\"Command-Line Interface - T1059\""
|
|
},
|
|
{
|
|
"colour": "#0088cc",
|
|
"name": "misp-galaxy:mitre-attack-pattern=\"Scripting - T1064\""
|
|
},
|
|
{
|
|
"colour": "#0088cc",
|
|
"name": "misp-galaxy:mitre-attack-pattern=\"PowerShell - T1086\""
|
|
},
|
|
{
|
|
"colour": "#0088cc",
|
|
"name": "misp-galaxy:mitre-attack-pattern=\"Execution through API - T1106\""
|
|
},
|
|
{
|
|
"colour": "#0088cc",
|
|
"name": "misp-galaxy:mitre-attack-pattern=\"Mshta - T1170\""
|
|
},
|
|
{
|
|
"colour": "#0088cc",
|
|
"name": "misp-galaxy:mitre-attack-pattern=\"Registry Run Keys / Startup Folder - T1060\""
|
|
},
|
|
{
|
|
"colour": "#0088cc",
|
|
"name": "misp-galaxy:mitre-attack-pattern=\"Process Injection - T1055\""
|
|
},
|
|
{
|
|
"colour": "#0088cc",
|
|
"name": "misp-galaxy:mitre-attack-pattern=\"Deobfuscate/Decode Files or Information - T1140\""
|
|
},
|
|
{
|
|
"colour": "#0088cc",
|
|
"name": "misp-galaxy:mitre-attack-pattern=\"Credentials in Files - T1081\""
|
|
},
|
|
{
|
|
"colour": "#0088cc",
|
|
"name": "misp-galaxy:mitre-attack-pattern=\"Input Capture - T1056\""
|
|
},
|
|
{
|
|
"colour": "#0088cc",
|
|
"name": "misp-galaxy:mitre-attack-pattern=\"Screen Capture - T1113\""
|
|
},
|
|
{
|
|
"colour": "#0088cc",
|
|
"name": "misp-galaxy:mitre-attack-pattern=\"Uncommonly Used Port - T1065\""
|
|
},
|
|
{
|
|
"colour": "#004646",
|
|
"name": "type:OSINT"
|
|
},
|
|
{
|
|
"colour": "#0071c3",
|
|
"name": "osint:lifetime=\"perpetual\""
|
|
},
|
|
{
|
|
"colour": "#0087e8",
|
|
"name": "osint:certainty=\"50\""
|
|
},
|
|
{
|
|
"colour": "#ffffff",
|
|
"name": "tlp:white"
|
|
}
|
|
],
|
|
"Attribute": [
|
|
{
|
|
"category": "External analysis",
|
|
"comment": "",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"timestamp": "1572530885",
|
|
"to_ids": false,
|
|
"type": "link",
|
|
"uuid": "5dbaeac5-a3c0-48f3-b0c1-46c2950d210f",
|
|
"value": "https://cyberdefense.orange.com/fr/blog/dans-loeil-de-notre-cybersoc-la-campagne-malspam-aggah-diversifie-ses-outils/"
|
|
},
|
|
{
|
|
"category": "Network activity",
|
|
"comment": "C2",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"timestamp": "1572877299",
|
|
"to_ids": true,
|
|
"type": "url",
|
|
"uuid": "5dc033f3-d78c-4fb5-bae5-e94f950d210f",
|
|
"value": "88.150.221.123/1/inc/0f176165c9879d.php"
|
|
},
|
|
{
|
|
"category": "Network activity",
|
|
"comment": "C2",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"timestamp": "1572877299",
|
|
"to_ids": true,
|
|
"type": "url",
|
|
"uuid": "5dc033f3-0808-4286-b34c-e94f950d210f",
|
|
"value": "216.170.126.123/otu/index.php"
|
|
},
|
|
{
|
|
"category": "Network activity",
|
|
"comment": "C2",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"timestamp": "1572877299",
|
|
"to_ids": true,
|
|
"type": "url",
|
|
"uuid": "5dc033f3-a64c-4132-9e4a-e94f950d210f",
|
|
"value": "185.215.148.217/ghost/index.php"
|
|
},
|
|
{
|
|
"category": "Network activity",
|
|
"comment": "C2",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"timestamp": "1572877299",
|
|
"to_ids": true,
|
|
"type": "url",
|
|
"uuid": "5dc033f3-1b0c-4573-99df-e94f950d210f",
|
|
"value": "216.170.126.107/done/index.php"
|
|
},
|
|
{
|
|
"category": "Network activity",
|
|
"comment": "C2",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"timestamp": "1572877299",
|
|
"to_ids": true,
|
|
"type": "url",
|
|
"uuid": "5dc033f3-6624-4d01-ab9b-e94f950d210f",
|
|
"value": "216.170.126.107/xmen/index.php"
|
|
},
|
|
{
|
|
"category": "Network activity",
|
|
"comment": "C2",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"timestamp": "1572877299",
|
|
"to_ids": true,
|
|
"type": "url",
|
|
"uuid": "5dc033f3-e0e4-404a-bfdd-e94f950d210f",
|
|
"value": "216.170.126.146/ahsan/index.php"
|
|
},
|
|
{
|
|
"category": "Network activity",
|
|
"comment": "C2",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"timestamp": "1572877299",
|
|
"to_ids": true,
|
|
"type": "hostname",
|
|
"uuid": "5dc033f3-1850-4a19-97a5-e94f950d210f",
|
|
"value": "dennisss.duckdns.org"
|
|
},
|
|
{
|
|
"category": "Network activity",
|
|
"comment": "C2",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"timestamp": "1572877299",
|
|
"to_ids": true,
|
|
"type": "hostname",
|
|
"uuid": "5dc033f3-09b8-4fc8-8f7f-e94f950d210f",
|
|
"value": "mozila-system.duckdns.org"
|
|
},
|
|
{
|
|
"category": "Network activity",
|
|
"comment": "C2",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"timestamp": "1572877299",
|
|
"to_ids": true,
|
|
"type": "hostname",
|
|
"uuid": "5dc033f3-85a4-409e-8612-e94f950d210f",
|
|
"value": "hetro.ddns.net"
|
|
},
|
|
{
|
|
"category": "Network activity",
|
|
"comment": "C2",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"timestamp": "1572877299",
|
|
"to_ids": true,
|
|
"type": "hostname",
|
|
"uuid": "5dc033f3-30b8-471e-8f71-e94f950d210f",
|
|
"value": "kimkinzo.duckdns.org"
|
|
},
|
|
{
|
|
"category": "Payload delivery",
|
|
"comment": "C2",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"timestamp": "1572877299",
|
|
"to_ids": true,
|
|
"type": "filename",
|
|
"uuid": "5dc033f3-4abc-4c8a-8ac5-e94f950d210f",
|
|
"value": "?docora.duckdns.org"
|
|
},
|
|
{
|
|
"category": "Network activity",
|
|
"comment": "C2",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"timestamp": "1572877299",
|
|
"to_ids": true,
|
|
"type": "hostname",
|
|
"uuid": "5dc033f3-2ea4-49be-b641-e94f950d210f",
|
|
"value": "fishwdme.duckdns.org"
|
|
},
|
|
{
|
|
"category": "Network activity",
|
|
"comment": "C2",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"timestamp": "1572877299",
|
|
"to_ids": true,
|
|
"type": "hostname",
|
|
"uuid": "5dc033f3-209c-430c-a548-e94f950d210f",
|
|
"value": "john-osas11.duckdns.org"
|
|
},
|
|
{
|
|
"category": "Network activity",
|
|
"comment": "C2",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"timestamp": "1572877299",
|
|
"to_ids": true,
|
|
"type": "hostname",
|
|
"uuid": "5dc033f3-e3bc-45fa-bc71-e94f950d210f",
|
|
"value": "ccmorgan.duckdns.org"
|
|
},
|
|
{
|
|
"category": "Network activity",
|
|
"comment": "C2",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"timestamp": "1572877299",
|
|
"to_ids": true,
|
|
"type": "hostname",
|
|
"uuid": "5dc033f3-3e90-4cc0-a319-e94f950d210f",
|
|
"value": "sukw.duckdns.org"
|
|
},
|
|
{
|
|
"category": "Network activity",
|
|
"comment": "",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"timestamp": "1572880529",
|
|
"to_ids": true,
|
|
"type": "hostname",
|
|
"uuid": "5dc04091-77d0-4ff0-ab41-4d09950d210f",
|
|
"value": "newandupdates1234.blogspot.com"
|
|
},
|
|
{
|
|
"category": "Network activity",
|
|
"comment": "",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"timestamp": "1572881266",
|
|
"to_ids": true,
|
|
"type": "hostname",
|
|
"uuid": "5dc04372-f128-4cb3-bdc0-46b1950d210f",
|
|
"value": "asdiamecwecw8cew.blogspot.com"
|
|
}
|
|
],
|
|
"Object": [
|
|
{
|
|
"comment": "C2",
|
|
"deleted": false,
|
|
"description": "An IP address (or domain or hostname) and a port seen as a tuple (or as a triple) in a specific time frame.",
|
|
"meta-category": "network",
|
|
"name": "ip-port",
|
|
"template_uuid": "9f8cea74-16fe-4968-a2b4-026676949ac6",
|
|
"template_version": "8",
|
|
"timestamp": "1572874391",
|
|
"uuid": "5dc02897-2454-4c3d-a82a-4974950d210f",
|
|
"Attribute": [
|
|
{
|
|
"category": "Network activity",
|
|
"comment": "",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"object_relation": "ip",
|
|
"timestamp": "1572874391",
|
|
"to_ids": true,
|
|
"type": "ip-dst",
|
|
"uuid": "5dc02897-9600-4ff8-b0b2-44e3950d210f",
|
|
"value": "216.170.126.107"
|
|
},
|
|
{
|
|
"category": "Network activity",
|
|
"comment": "",
|
|
"deleted": false,
|
|
"disable_correlation": true,
|
|
"object_relation": "dst-port",
|
|
"timestamp": "1572874392",
|
|
"to_ids": false,
|
|
"type": "port",
|
|
"uuid": "5dc02898-b23c-4f1b-afc3-4407950d210f",
|
|
"value": "777"
|
|
}
|
|
]
|
|
},
|
|
{
|
|
"comment": "NanoCore",
|
|
"deleted": false,
|
|
"description": "File object describing a file with meta-information",
|
|
"meta-category": "file",
|
|
"name": "file",
|
|
"template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215",
|
|
"template_version": "17",
|
|
"timestamp": "1572874431",
|
|
"uuid": "5dc028bf-36e8-4d96-b847-5503950d210f",
|
|
"Attribute": [
|
|
{
|
|
"category": "Payload delivery",
|
|
"comment": "NanoCore",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"object_relation": "sha256",
|
|
"timestamp": "1572874432",
|
|
"to_ids": true,
|
|
"type": "sha256",
|
|
"uuid": "5dc028c0-0f2c-4309-8795-5503950d210f",
|
|
"value": "83be3594bac7cf5b93de4fbb944c11feb844cce7ad0e7442922e647ab4117ced"
|
|
}
|
|
]
|
|
},
|
|
{
|
|
"comment": "NanoCore",
|
|
"deleted": false,
|
|
"description": "File object describing a file with meta-information",
|
|
"meta-category": "file",
|
|
"name": "file",
|
|
"template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215",
|
|
"template_version": "17",
|
|
"timestamp": "1572874576",
|
|
"uuid": "5dc02950-294c-4f7b-83d6-4a0b950d210f",
|
|
"Attribute": [
|
|
{
|
|
"category": "Payload delivery",
|
|
"comment": "Nanocore",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"object_relation": "sha256",
|
|
"timestamp": "1572874577",
|
|
"to_ids": true,
|
|
"type": "sha256",
|
|
"uuid": "5dc02951-c5e8-435d-b7f6-478a950d210f",
|
|
"value": "35cf9dd2e966cbbf772bc8a8863eca048ce48728ad0fb9bad994b62247291171"
|
|
}
|
|
]
|
|
},
|
|
{
|
|
"comment": "NanoCore",
|
|
"deleted": false,
|
|
"description": "File object describing a file with meta-information",
|
|
"meta-category": "file",
|
|
"name": "file",
|
|
"template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215",
|
|
"template_version": "17",
|
|
"timestamp": "1572874604",
|
|
"uuid": "5dc0296c-f0a8-4327-9139-405d950d210f",
|
|
"Attribute": [
|
|
{
|
|
"category": "Payload delivery",
|
|
"comment": "NanoCore",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"object_relation": "sha256",
|
|
"timestamp": "1572874604",
|
|
"to_ids": true,
|
|
"type": "sha256",
|
|
"uuid": "5dc0296c-0d20-4476-942d-422c950d210f",
|
|
"value": "fb9146f0e3045ad11c152b06b5a4e3ae9a87f09dec76253fec671a79da256d33"
|
|
}
|
|
]
|
|
},
|
|
{
|
|
"comment": "NanoCore",
|
|
"deleted": false,
|
|
"description": "File object describing a file with meta-information",
|
|
"meta-category": "file",
|
|
"name": "file",
|
|
"template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215",
|
|
"template_version": "17",
|
|
"timestamp": "1572874620",
|
|
"uuid": "5dc0297c-ca38-46f0-b3ab-471c950d210f",
|
|
"Attribute": [
|
|
{
|
|
"category": "Payload delivery",
|
|
"comment": "NanoCore",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"object_relation": "sha256",
|
|
"timestamp": "1572874620",
|
|
"to_ids": true,
|
|
"type": "sha256",
|
|
"uuid": "5dc0297c-7ef4-4b6e-9506-4d32950d210f",
|
|
"value": "a2d86ca90f364341238ad4b6ce42eabad6462ca8b85d2e36d276a5a76a400e93"
|
|
}
|
|
]
|
|
},
|
|
{
|
|
"comment": "NanoCore",
|
|
"deleted": false,
|
|
"description": "File object describing a file with meta-information",
|
|
"meta-category": "file",
|
|
"name": "file",
|
|
"template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215",
|
|
"template_version": "17",
|
|
"timestamp": "1572875589",
|
|
"uuid": "5dc02d45-2b1c-4958-a52f-4199950d210f",
|
|
"Attribute": [
|
|
{
|
|
"category": "Payload delivery",
|
|
"comment": "NanoCore",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"object_relation": "sha256",
|
|
"timestamp": "1572875589",
|
|
"to_ids": true,
|
|
"type": "sha256",
|
|
"uuid": "5dc02d45-f1b4-4a13-94f4-4014950d210f",
|
|
"value": "0f0faa6ff820888c44e60adc0b9d0044ae626d3ae5adfca9251db655d360430a"
|
|
}
|
|
]
|
|
},
|
|
{
|
|
"comment": "ASyncRAT",
|
|
"deleted": false,
|
|
"description": "File object describing a file with meta-information",
|
|
"meta-category": "file",
|
|
"name": "file",
|
|
"template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215",
|
|
"template_version": "17",
|
|
"timestamp": "1572875611",
|
|
"uuid": "5dc02d5b-fafc-430b-9c55-497c950d210f",
|
|
"Attribute": [
|
|
{
|
|
"category": "Payload delivery",
|
|
"comment": "ASyncRAT",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"object_relation": "sha256",
|
|
"timestamp": "1572875611",
|
|
"to_ids": true,
|
|
"type": "sha256",
|
|
"uuid": "5dc02d5b-7550-43cd-be4e-4308950d210f",
|
|
"value": "516c73d324fa23f5aaf50bf9306c2d5aa3d55b0b8c9be60e273ac3c1895f15f3"
|
|
}
|
|
]
|
|
},
|
|
{
|
|
"comment": "NanoCore",
|
|
"deleted": false,
|
|
"description": "File object describing a file with meta-information",
|
|
"meta-category": "file",
|
|
"name": "file",
|
|
"template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215",
|
|
"template_version": "17",
|
|
"timestamp": "1572875922",
|
|
"uuid": "5dc02e92-1c20-4a65-bcdc-4680950d210f",
|
|
"Attribute": [
|
|
{
|
|
"category": "Payload delivery",
|
|
"comment": "NanoCore",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"object_relation": "sha256",
|
|
"timestamp": "1572875922",
|
|
"to_ids": true,
|
|
"type": "sha256",
|
|
"uuid": "5dc02e92-5374-4713-bc85-43fc950d210f",
|
|
"value": "732501083e18c0e7843986197a9cc78b4c70844ae2a5260d8e0863b4566840f2"
|
|
}
|
|
]
|
|
},
|
|
{
|
|
"comment": "NanoCore",
|
|
"deleted": false,
|
|
"description": "File object describing a file with meta-information",
|
|
"meta-category": "file",
|
|
"name": "file",
|
|
"template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215",
|
|
"template_version": "17",
|
|
"timestamp": "1572875958",
|
|
"uuid": "5dc02eb6-49b8-43d2-b886-5502950d210f",
|
|
"Attribute": [
|
|
{
|
|
"category": "Payload delivery",
|
|
"comment": "NanoCore",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"object_relation": "sha256",
|
|
"timestamp": "1572875958",
|
|
"to_ids": true,
|
|
"type": "sha256",
|
|
"uuid": "5dc02eb6-0f80-431b-82d2-5502950d210f",
|
|
"value": "a37c8ab7a8b6c8686e5d7a911c9f389131eb1da8abab9228f63442f4cc0586b9"
|
|
}
|
|
]
|
|
},
|
|
{
|
|
"comment": "Azorult",
|
|
"deleted": false,
|
|
"description": "File object describing a file with meta-information",
|
|
"meta-category": "file",
|
|
"name": "file",
|
|
"template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215",
|
|
"template_version": "17",
|
|
"timestamp": "1572875980",
|
|
"uuid": "5dc02ecc-fa44-493c-8ef5-5502950d210f",
|
|
"Attribute": [
|
|
{
|
|
"category": "Payload delivery",
|
|
"comment": "Azorult",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"object_relation": "sha256",
|
|
"timestamp": "1572875981",
|
|
"to_ids": true,
|
|
"type": "sha256",
|
|
"uuid": "5dc02ecd-dde8-493e-9035-5502950d210f",
|
|
"value": "6079cdba30c72c4097545444a61945adb4cf03ebbf531b8efb6c3f29633f01e3"
|
|
}
|
|
]
|
|
},
|
|
{
|
|
"comment": "Azorult",
|
|
"deleted": false,
|
|
"description": "File object describing a file with meta-information",
|
|
"meta-category": "file",
|
|
"name": "file",
|
|
"template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215",
|
|
"template_version": "17",
|
|
"timestamp": "1572876008",
|
|
"uuid": "5dc02ee8-3470-44aa-83b4-5502950d210f",
|
|
"Attribute": [
|
|
{
|
|
"category": "Payload delivery",
|
|
"comment": "Azorult",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"object_relation": "sha256",
|
|
"timestamp": "1572876008",
|
|
"to_ids": true,
|
|
"type": "sha256",
|
|
"uuid": "5dc02ee8-eec8-4e10-a533-5502950d210f",
|
|
"value": "970f0dc60fd3a57dc97194313d8455e8e888ed480cadd7548096537c96c6130d"
|
|
}
|
|
]
|
|
},
|
|
{
|
|
"comment": "Azorult",
|
|
"deleted": false,
|
|
"description": "File object describing a file with meta-information",
|
|
"meta-category": "file",
|
|
"name": "file",
|
|
"template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215",
|
|
"template_version": "17",
|
|
"timestamp": "1572876025",
|
|
"uuid": "5dc02ef9-f6d8-4cc2-9d29-5502950d210f",
|
|
"Attribute": [
|
|
{
|
|
"category": "Payload delivery",
|
|
"comment": "Azorult",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"object_relation": "sha256",
|
|
"timestamp": "1572876026",
|
|
"to_ids": true,
|
|
"type": "sha256",
|
|
"uuid": "5dc02efa-3084-4555-91d4-5502950d210f",
|
|
"value": "48b730f6fe4a94cfc4af81fdb4420d3a749f7602b4dfd6663e9e5af91cb3f886"
|
|
}
|
|
]
|
|
},
|
|
{
|
|
"comment": "Azorult",
|
|
"deleted": false,
|
|
"description": "File object describing a file with meta-information",
|
|
"meta-category": "file",
|
|
"name": "file",
|
|
"template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215",
|
|
"template_version": "17",
|
|
"timestamp": "1572876074",
|
|
"uuid": "5dc02f2a-f568-457e-81b5-df66950d210f",
|
|
"Attribute": [
|
|
{
|
|
"category": "Payload delivery",
|
|
"comment": "Azorult",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"object_relation": "sha256",
|
|
"timestamp": "1572876074",
|
|
"to_ids": true,
|
|
"type": "sha256",
|
|
"uuid": "5dc02f2a-67b4-4601-a39b-df66950d210f",
|
|
"value": "ba516bfa4d18a3890ae5599973d0583523379eeddce6ba08668f9278453bc9ad"
|
|
}
|
|
]
|
|
},
|
|
{
|
|
"comment": "Azorult",
|
|
"deleted": false,
|
|
"description": "File object describing a file with meta-information",
|
|
"meta-category": "file",
|
|
"name": "file",
|
|
"template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215",
|
|
"template_version": "17",
|
|
"timestamp": "1572876127",
|
|
"uuid": "5dc02f5f-c2ec-401c-9d8c-df66950d210f",
|
|
"Attribute": [
|
|
{
|
|
"category": "Payload delivery",
|
|
"comment": "Azorult",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"object_relation": "sha256",
|
|
"timestamp": "1572876127",
|
|
"to_ids": true,
|
|
"type": "sha256",
|
|
"uuid": "5dc02f5f-a944-49b1-b6f8-df66950d210f",
|
|
"value": "fd40f1fafffe22687d820fed80f152bf8e30ce8a4b7d40ff8ff8acaf42c8517b"
|
|
}
|
|
]
|
|
},
|
|
{
|
|
"comment": "Azorult",
|
|
"deleted": false,
|
|
"description": "File object describing a file with meta-information",
|
|
"meta-category": "file",
|
|
"name": "file",
|
|
"template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215",
|
|
"template_version": "17",
|
|
"timestamp": "1572876158",
|
|
"uuid": "5dc02f7e-d520-4255-8405-4cfb950d210f",
|
|
"Attribute": [
|
|
{
|
|
"category": "Payload delivery",
|
|
"comment": "Azorult",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"object_relation": "sha256",
|
|
"timestamp": "1572876159",
|
|
"to_ids": true,
|
|
"type": "sha256",
|
|
"uuid": "5dc02f7f-27f0-4b1a-8167-43b2950d210f",
|
|
"value": "6497ff8cb227ecd6a75db4379b8f9d849b542b59fd30dd49c6d9ef0977cacd14"
|
|
}
|
|
]
|
|
},
|
|
{
|
|
"comment": "Azorult",
|
|
"deleted": false,
|
|
"description": "File object describing a file with meta-information",
|
|
"meta-category": "file",
|
|
"name": "file",
|
|
"template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215",
|
|
"template_version": "17",
|
|
"timestamp": "1572876208",
|
|
"uuid": "5dc02fb0-31f8-4064-aa9b-4574950d210f",
|
|
"Attribute": [
|
|
{
|
|
"category": "Payload delivery",
|
|
"comment": "Azorult",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"object_relation": "sha256",
|
|
"timestamp": "1572876208",
|
|
"to_ids": true,
|
|
"type": "sha256",
|
|
"uuid": "5dc02fb0-4b78-4159-87f3-4a8f950d210f",
|
|
"value": "92322a7f6e9c9f8befe87af8bd1369e5ee95d82b8c673d863f9f03eba2b4534e"
|
|
}
|
|
]
|
|
},
|
|
{
|
|
"comment": "AgentTesla",
|
|
"deleted": false,
|
|
"description": "File object describing a file with meta-information",
|
|
"meta-category": "file",
|
|
"name": "file",
|
|
"template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215",
|
|
"template_version": "17",
|
|
"timestamp": "1572876231",
|
|
"uuid": "5dc02fc7-b278-4517-a872-4701950d210f",
|
|
"Attribute": [
|
|
{
|
|
"category": "Payload delivery",
|
|
"comment": "AgentTesla",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"object_relation": "sha256",
|
|
"timestamp": "1572876231",
|
|
"to_ids": true,
|
|
"type": "sha256",
|
|
"uuid": "5dc02fc7-6290-43ad-b125-4db5950d210f",
|
|
"value": "d0c803c5ea28bf5f31d48876fec6f813d312ec2df024974fdc6e641862ce68a1"
|
|
}
|
|
]
|
|
},
|
|
{
|
|
"comment": "AgentTesla",
|
|
"deleted": false,
|
|
"description": "File object describing a file with meta-information",
|
|
"meta-category": "file",
|
|
"name": "file",
|
|
"template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215",
|
|
"template_version": "17",
|
|
"timestamp": "1572876298",
|
|
"uuid": "5dc0300a-1c78-4639-8603-df80950d210f",
|
|
"Attribute": [
|
|
{
|
|
"category": "Payload delivery",
|
|
"comment": "AgentTesla",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"object_relation": "sha256",
|
|
"timestamp": "1572876298",
|
|
"to_ids": true,
|
|
"type": "sha256",
|
|
"uuid": "5dc0300a-1564-4c16-baf0-df80950d210f",
|
|
"value": "6c59ac2d51e7f06e82b33c697107a0ba27779382f07754fa9f0e283be84940e5"
|
|
}
|
|
]
|
|
},
|
|
{
|
|
"comment": "Remcos",
|
|
"deleted": false,
|
|
"description": "File object describing a file with meta-information",
|
|
"meta-category": "file",
|
|
"name": "file",
|
|
"template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215",
|
|
"template_version": "17",
|
|
"timestamp": "1572876503",
|
|
"uuid": "5dc030d7-9fe4-4004-849a-df80950d210f",
|
|
"Attribute": [
|
|
{
|
|
"category": "Payload delivery",
|
|
"comment": "Remcos",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"object_relation": "sha256",
|
|
"timestamp": "1572876503",
|
|
"to_ids": true,
|
|
"type": "sha256",
|
|
"uuid": "5dc030d7-95c4-4f6a-809e-df80950d210f",
|
|
"value": "2ed3b831531428a2f172284d9d5a0e91bb1b478a900d74abe7d581c782d7de03"
|
|
}
|
|
]
|
|
},
|
|
{
|
|
"comment": "FormBook",
|
|
"deleted": false,
|
|
"description": "File object describing a file with meta-information",
|
|
"meta-category": "file",
|
|
"name": "file",
|
|
"template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215",
|
|
"template_version": "17",
|
|
"timestamp": "1572876521",
|
|
"uuid": "5dc030e9-7e6c-4b8b-b31a-5502950d210f",
|
|
"Attribute": [
|
|
{
|
|
"category": "Payload delivery",
|
|
"comment": "FormBook",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"object_relation": "sha256",
|
|
"timestamp": "1572876521",
|
|
"to_ids": true,
|
|
"type": "sha256",
|
|
"uuid": "5dc030e9-b60c-4e55-821b-5502950d210f",
|
|
"value": "778715947a04a421044f4903f5b28eb80f67c545c21a515f25535984166bb273"
|
|
}
|
|
]
|
|
},
|
|
{
|
|
"comment": "RevengeRAT",
|
|
"deleted": false,
|
|
"description": "File object describing a file with meta-information",
|
|
"meta-category": "file",
|
|
"name": "file",
|
|
"template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215",
|
|
"template_version": "17",
|
|
"timestamp": "1572876545",
|
|
"uuid": "5dc03101-76a8-4b60-a427-4f2d950d210f",
|
|
"Attribute": [
|
|
{
|
|
"category": "Payload delivery",
|
|
"comment": "RevengeRAT",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"object_relation": "sha256",
|
|
"timestamp": "1572876545",
|
|
"to_ids": true,
|
|
"type": "sha256",
|
|
"uuid": "5dc03101-6c58-4ca0-ac02-421d950d210f",
|
|
"value": "9f0f88e296786e48c29d77da3418ef2d148ba19db10dcb59aa5dbff2c65cd505"
|
|
}
|
|
]
|
|
},
|
|
{
|
|
"comment": "RevengeRAT",
|
|
"deleted": false,
|
|
"description": "File object describing a file with meta-information",
|
|
"meta-category": "file",
|
|
"name": "file",
|
|
"template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215",
|
|
"template_version": "17",
|
|
"timestamp": "1572876560",
|
|
"uuid": "5dc03110-e910-404e-9d81-4e44950d210f",
|
|
"Attribute": [
|
|
{
|
|
"category": "Payload delivery",
|
|
"comment": "RevengeRAT",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"object_relation": "sha256",
|
|
"timestamp": "1572876560",
|
|
"to_ids": true,
|
|
"type": "sha256",
|
|
"uuid": "5dc03110-02a0-4c08-a61c-4b87950d210f",
|
|
"value": "7fbb03fcff280da369566274170df592afc639eb6a1bfd8470dca1cd7254ad46"
|
|
}
|
|
]
|
|
},
|
|
{
|
|
"comment": "Dll",
|
|
"deleted": false,
|
|
"description": "File object describing a file with meta-information",
|
|
"meta-category": "file",
|
|
"name": "file",
|
|
"template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215",
|
|
"template_version": "17",
|
|
"timestamp": "1572876581",
|
|
"uuid": "5dc03125-2e64-41aa-b7c0-4f13950d210f",
|
|
"Attribute": [
|
|
{
|
|
"category": "Payload delivery",
|
|
"comment": "Dll",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"object_relation": "sha256",
|
|
"timestamp": "1572876581",
|
|
"to_ids": true,
|
|
"type": "sha256",
|
|
"uuid": "5dc03125-e2d8-4935-aa66-43f9950d210f",
|
|
"value": "5c57e599f74e543bf1cae580ebb42beaa3a5ec01a18c59dfa533fa04fbf33456"
|
|
}
|
|
]
|
|
},
|
|
{
|
|
"comment": "Dll",
|
|
"deleted": false,
|
|
"description": "File object describing a file with meta-information",
|
|
"meta-category": "file",
|
|
"name": "file",
|
|
"template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215",
|
|
"template_version": "17",
|
|
"timestamp": "1572876607",
|
|
"uuid": "5dc0313f-4a7c-4305-a77b-44ee950d210f",
|
|
"Attribute": [
|
|
{
|
|
"category": "Payload delivery",
|
|
"comment": "Dll",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"object_relation": "sha256",
|
|
"timestamp": "1572876607",
|
|
"to_ids": true,
|
|
"type": "sha256",
|
|
"uuid": "5dc0313f-ce24-4a0f-9ced-4cc4950d210f",
|
|
"value": "e73adcf6f04ba13e215f240081024bdd0656e661f43bb9f4b96509d59c0b6ce5"
|
|
}
|
|
]
|
|
},
|
|
{
|
|
"comment": "Dll",
|
|
"deleted": false,
|
|
"description": "File object describing a file with meta-information",
|
|
"meta-category": "file",
|
|
"name": "file",
|
|
"template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215",
|
|
"template_version": "17",
|
|
"timestamp": "1572876623",
|
|
"uuid": "5dc0314f-a250-41f2-bc6c-4fe3950d210f",
|
|
"Attribute": [
|
|
{
|
|
"category": "Payload delivery",
|
|
"comment": "Dll",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"object_relation": "sha256",
|
|
"timestamp": "1572876623",
|
|
"to_ids": true,
|
|
"type": "sha256",
|
|
"uuid": "5dc0314f-0eac-4811-937f-440c950d210f",
|
|
"value": "84833991f1705a01a11149c9d037c8379a9c2d463dc30a2fec27bfa52d218fa6"
|
|
}
|
|
]
|
|
},
|
|
{
|
|
"comment": "Dll",
|
|
"deleted": false,
|
|
"description": "File object describing a file with meta-information",
|
|
"meta-category": "file",
|
|
"name": "file",
|
|
"template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215",
|
|
"template_version": "17",
|
|
"timestamp": "1572876637",
|
|
"uuid": "5dc0315d-b42c-4bd7-bf22-4095950d210f",
|
|
"Attribute": [
|
|
{
|
|
"category": "Payload delivery",
|
|
"comment": "Dll",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"object_relation": "sha256",
|
|
"timestamp": "1572876638",
|
|
"to_ids": true,
|
|
"type": "sha256",
|
|
"uuid": "5dc0315e-3100-4371-85a0-42f9950d210f",
|
|
"value": "db5300741c649d489afcadcf574086f086e0c1dec660733ff3360bb8996e649f"
|
|
}
|
|
]
|
|
},
|
|
{
|
|
"comment": "Dll",
|
|
"deleted": false,
|
|
"description": "File object describing a file with meta-information",
|
|
"meta-category": "file",
|
|
"name": "file",
|
|
"template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215",
|
|
"template_version": "17",
|
|
"timestamp": "1572876655",
|
|
"uuid": "5dc0316f-ae4c-49ff-ae8b-4407950d210f",
|
|
"Attribute": [
|
|
{
|
|
"category": "Payload delivery",
|
|
"comment": "Dll",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"object_relation": "sha256",
|
|
"timestamp": "1572876655",
|
|
"to_ids": true,
|
|
"type": "sha256",
|
|
"uuid": "5dc0316f-2b84-413a-b886-4c9c950d210f",
|
|
"value": "e1598720dbe7fe3595b0c323c5ad4de231744568acc1f9b00a855642ebea9676"
|
|
}
|
|
]
|
|
},
|
|
{
|
|
"comment": "C2",
|
|
"deleted": false,
|
|
"description": "An IP address (or domain or hostname) and a port seen as a tuple (or as a triple) in a specific time frame.",
|
|
"meta-category": "network",
|
|
"name": "ip-port",
|
|
"template_uuid": "9f8cea74-16fe-4968-a2b4-026676949ac6",
|
|
"template_version": "8",
|
|
"timestamp": "1572877147",
|
|
"uuid": "5dc0335b-88e8-47b2-b741-df82950d210f",
|
|
"Attribute": [
|
|
{
|
|
"category": "Network activity",
|
|
"comment": "",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"object_relation": "ip",
|
|
"timestamp": "1572877147",
|
|
"to_ids": true,
|
|
"type": "ip-dst",
|
|
"uuid": "5dc0335b-5720-41e0-8cb4-df82950d210f",
|
|
"value": "35.226.30.217"
|
|
}
|
|
]
|
|
},
|
|
{
|
|
"comment": "C2",
|
|
"deleted": false,
|
|
"description": "An IP address (or domain or hostname) and a port seen as a tuple (or as a triple) in a specific time frame.",
|
|
"meta-category": "network",
|
|
"name": "ip-port",
|
|
"template_uuid": "9f8cea74-16fe-4968-a2b4-026676949ac6",
|
|
"template_version": "8",
|
|
"timestamp": "1572877161",
|
|
"uuid": "5dc03369-ac10-4d04-af2b-df67950d210f",
|
|
"Attribute": [
|
|
{
|
|
"category": "Network activity",
|
|
"comment": "",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"object_relation": "ip",
|
|
"timestamp": "1572877161",
|
|
"to_ids": true,
|
|
"type": "ip-dst",
|
|
"uuid": "5dc03369-5254-49b8-897e-df67950d210f",
|
|
"value": "88.150.221.123"
|
|
}
|
|
]
|
|
},
|
|
{
|
|
"comment": "",
|
|
"deleted": false,
|
|
"description": "Email object describing an email with meta-information",
|
|
"meta-category": "network",
|
|
"name": "email",
|
|
"template_uuid": "a0c666e0-fc65-4be8-b48f-3423d788b552",
|
|
"template_version": "13",
|
|
"timestamp": "1572878525",
|
|
"uuid": "5dc038bd-a88c-46b1-bbef-4394950d210f",
|
|
"Attribute": [
|
|
{
|
|
"category": "Payload delivery",
|
|
"comment": "",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"object_relation": "subject",
|
|
"timestamp": "1572878525",
|
|
"to_ids": false,
|
|
"type": "email-subject",
|
|
"uuid": "5dc038bd-01f8-4380-8ee4-4b05950d210f",
|
|
"value": "Payment Remittance"
|
|
}
|
|
]
|
|
},
|
|
{
|
|
"comment": "",
|
|
"deleted": false,
|
|
"description": "Email object describing an email with meta-information",
|
|
"meta-category": "network",
|
|
"name": "email",
|
|
"template_uuid": "a0c666e0-fc65-4be8-b48f-3423d788b552",
|
|
"template_version": "13",
|
|
"timestamp": "1572878545",
|
|
"uuid": "5dc038d1-8a18-428c-9989-e94f950d210f",
|
|
"Attribute": [
|
|
{
|
|
"category": "Payload delivery",
|
|
"comment": "",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"object_relation": "subject",
|
|
"timestamp": "1572878545",
|
|
"to_ids": false,
|
|
"type": "email-subject",
|
|
"uuid": "5dc038d1-2b54-4586-a5e1-e94f950d210f",
|
|
"value": "Price Request"
|
|
}
|
|
]
|
|
},
|
|
{
|
|
"comment": "",
|
|
"deleted": false,
|
|
"description": "Registry key object describing a Windows registry key with value and last-modified timestamp",
|
|
"meta-category": "file",
|
|
"name": "registry-key",
|
|
"template_uuid": "8b3228ad-6d82-4fe6-b2ae-05426308f1d5",
|
|
"template_version": "4",
|
|
"timestamp": "1572878598",
|
|
"uuid": "5dc03906-ffc0-44c6-a50a-df81950d210f",
|
|
"Attribute": [
|
|
{
|
|
"category": "Persistence mechanism",
|
|
"comment": "",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"object_relation": "key",
|
|
"timestamp": "1572878599",
|
|
"to_ids": true,
|
|
"type": "regkey",
|
|
"uuid": "5dc03907-0b80-4bb7-86c7-df81950d210f",
|
|
"value": "HKCU\\Software\\Microsoft\\Windows\\CurrentVersion\\Run\\"
|
|
},
|
|
{
|
|
"category": "Persistence mechanism",
|
|
"comment": "",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"object_relation": "name",
|
|
"timestamp": "1572878599",
|
|
"to_ids": false,
|
|
"type": "text",
|
|
"uuid": "5dc03907-e8ac-4368-a2eb-df81950d210f",
|
|
"value": "WinUpdate"
|
|
}
|
|
]
|
|
},
|
|
{
|
|
"comment": "",
|
|
"deleted": false,
|
|
"description": "File object describing a file with meta-information",
|
|
"meta-category": "file",
|
|
"name": "file",
|
|
"template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215",
|
|
"template_version": "17",
|
|
"timestamp": "1575969876",
|
|
"uuid": "d670c680-69d6-426d-a298-c0ff391db8e7",
|
|
"ObjectReference": [
|
|
{
|
|
"comment": "",
|
|
"object_uuid": "d670c680-69d6-426d-a298-c0ff391db8e7",
|
|
"referenced_uuid": "5a211825-b90f-4f28-8d80-2ccca44fb240",
|
|
"relationship_type": "analysed-with",
|
|
"timestamp": "1575969880",
|
|
"uuid": "5def6458-5880-4d11-99a9-4134950d210f"
|
|
}
|
|
],
|
|
"Attribute": [
|
|
{
|
|
"category": "Payload delivery",
|
|
"comment": "Dll",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"object_relation": "md5",
|
|
"timestamp": "1572876638",
|
|
"to_ids": true,
|
|
"type": "md5",
|
|
"uuid": "47a2455e-1744-493b-9086-710c2b378513",
|
|
"value": "6d4204febbce6bb6802f63a5a823ad67"
|
|
},
|
|
{
|
|
"category": "Payload delivery",
|
|
"comment": "Dll",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"object_relation": "sha1",
|
|
"timestamp": "1572876638",
|
|
"to_ids": true,
|
|
"type": "sha1",
|
|
"uuid": "03fa1a03-2f79-4ab0-9667-77801275f2ac",
|
|
"value": "b6911feb8a13d2a946a2f74043a624c886af33b1"
|
|
},
|
|
{
|
|
"category": "Payload delivery",
|
|
"comment": "Dll",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"object_relation": "sha256",
|
|
"timestamp": "1572876638",
|
|
"to_ids": true,
|
|
"type": "sha256",
|
|
"uuid": "1391f339-b3ee-4bec-bfee-064e5b1c2fcf",
|
|
"value": "db5300741c649d489afcadcf574086f086e0c1dec660733ff3360bb8996e649f"
|
|
}
|
|
]
|
|
},
|
|
{
|
|
"comment": "",
|
|
"deleted": false,
|
|
"description": "VirusTotal report",
|
|
"meta-category": "misc",
|
|
"name": "virustotal-report",
|
|
"template_uuid": "d7dd0154-e04f-4c34-a2fb-79f3a3a52aa4",
|
|
"template_version": "2",
|
|
"timestamp": "1575969876",
|
|
"uuid": "5a211825-b90f-4f28-8d80-2ccca44fb240",
|
|
"Attribute": [
|
|
{
|
|
"category": "Other",
|
|
"comment": "Dll",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"object_relation": "last-submission",
|
|
"timestamp": "1572876638",
|
|
"to_ids": false,
|
|
"type": "datetime",
|
|
"uuid": "add0b46d-6efc-4253-a2a6-820b0c5a300e",
|
|
"value": "2019-10-28T02:31:00"
|
|
},
|
|
{
|
|
"category": "Payload delivery",
|
|
"comment": "Dll",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"object_relation": "permalink",
|
|
"timestamp": "1572876638",
|
|
"to_ids": false,
|
|
"type": "link",
|
|
"uuid": "cac6e1e1-3ab6-4360-9845-421bb3455db6",
|
|
"value": "https://www.virustotal.com/file/db5300741c649d489afcadcf574086f086e0c1dec660733ff3360bb8996e649f/analysis/1572229860/"
|
|
},
|
|
{
|
|
"category": "Payload delivery",
|
|
"comment": "Dll",
|
|
"deleted": false,
|
|
"disable_correlation": true,
|
|
"object_relation": "detection-ratio",
|
|
"timestamp": "1572876638",
|
|
"to_ids": false,
|
|
"type": "text",
|
|
"uuid": "65299516-f9e2-4960-8e56-faf6303d5a32",
|
|
"value": "14/68"
|
|
}
|
|
]
|
|
},
|
|
{
|
|
"comment": "",
|
|
"deleted": false,
|
|
"description": "File object describing a file with meta-information",
|
|
"meta-category": "file",
|
|
"name": "file",
|
|
"template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215",
|
|
"template_version": "17",
|
|
"timestamp": "1575969877",
|
|
"uuid": "4001f135-f142-448f-8f86-90d6ddf6342b",
|
|
"ObjectReference": [
|
|
{
|
|
"comment": "",
|
|
"object_uuid": "4001f135-f142-448f-8f86-90d6ddf6342b",
|
|
"referenced_uuid": "fad7d3d0-90ab-430b-840d-7d8a2b18ac51",
|
|
"relationship_type": "analysed-with",
|
|
"timestamp": "1575969881",
|
|
"uuid": "5def6459-7d00-44c2-9f61-433e950d210f"
|
|
}
|
|
],
|
|
"Attribute": [
|
|
{
|
|
"category": "Payload delivery",
|
|
"comment": "Azorult",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"object_relation": "md5",
|
|
"timestamp": "1572876208",
|
|
"to_ids": true,
|
|
"type": "md5",
|
|
"uuid": "8474114f-3262-4676-ac6f-d46c1b6473bd",
|
|
"value": "12fef1dbfcd31084bff43508a7669459"
|
|
},
|
|
{
|
|
"category": "Payload delivery",
|
|
"comment": "Azorult",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"object_relation": "sha1",
|
|
"timestamp": "1572876208",
|
|
"to_ids": true,
|
|
"type": "sha1",
|
|
"uuid": "3fde3630-dd8a-48a0-a1f1-1e39f708ed08",
|
|
"value": "78e5dfca951eab2ade99fdebb7de692cdd02c147"
|
|
},
|
|
{
|
|
"category": "Payload delivery",
|
|
"comment": "Azorult",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"object_relation": "sha256",
|
|
"timestamp": "1572876208",
|
|
"to_ids": true,
|
|
"type": "sha256",
|
|
"uuid": "45bc8fb9-3685-4b85-a7a2-4a83f07d0f95",
|
|
"value": "92322a7f6e9c9f8befe87af8bd1369e5ee95d82b8c673d863f9f03eba2b4534e"
|
|
}
|
|
]
|
|
},
|
|
{
|
|
"comment": "",
|
|
"deleted": false,
|
|
"description": "VirusTotal report",
|
|
"meta-category": "misc",
|
|
"name": "virustotal-report",
|
|
"template_uuid": "d7dd0154-e04f-4c34-a2fb-79f3a3a52aa4",
|
|
"template_version": "2",
|
|
"timestamp": "1575969877",
|
|
"uuid": "fad7d3d0-90ab-430b-840d-7d8a2b18ac51",
|
|
"Attribute": [
|
|
{
|
|
"category": "Other",
|
|
"comment": "Azorult",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"object_relation": "last-submission",
|
|
"timestamp": "1572876208",
|
|
"to_ids": false,
|
|
"type": "datetime",
|
|
"uuid": "68b7ac2e-4d1b-4ef7-b6b3-b0209dc787ba",
|
|
"value": "2019-10-09T21:55:56"
|
|
},
|
|
{
|
|
"category": "Payload delivery",
|
|
"comment": "Azorult",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"object_relation": "permalink",
|
|
"timestamp": "1572876208",
|
|
"to_ids": false,
|
|
"type": "link",
|
|
"uuid": "ad11e621-a6c3-4a38-a4f0-b9959975fd56",
|
|
"value": "https://www.virustotal.com/file/92322a7f6e9c9f8befe87af8bd1369e5ee95d82b8c673d863f9f03eba2b4534e/analysis/1570658156/"
|
|
},
|
|
{
|
|
"category": "Payload delivery",
|
|
"comment": "Azorult",
|
|
"deleted": false,
|
|
"disable_correlation": true,
|
|
"object_relation": "detection-ratio",
|
|
"timestamp": "1572876208",
|
|
"to_ids": false,
|
|
"type": "text",
|
|
"uuid": "6232f040-8fdd-43ce-8658-08cab4bb7c18",
|
|
"value": "59/69"
|
|
}
|
|
]
|
|
},
|
|
{
|
|
"comment": "",
|
|
"deleted": false,
|
|
"description": "File object describing a file with meta-information",
|
|
"meta-category": "file",
|
|
"name": "file",
|
|
"template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215",
|
|
"template_version": "17",
|
|
"timestamp": "1575969878",
|
|
"uuid": "4ebb5413-89fe-40e4-a59f-e5c6a1b7313e",
|
|
"ObjectReference": [
|
|
{
|
|
"comment": "",
|
|
"object_uuid": "4ebb5413-89fe-40e4-a59f-e5c6a1b7313e",
|
|
"referenced_uuid": "693be22d-e312-4294-9171-2d8065cddd54",
|
|
"relationship_type": "analysed-with",
|
|
"timestamp": "1575969881",
|
|
"uuid": "5def6459-12b4-48df-bfb5-4870950d210f"
|
|
}
|
|
],
|
|
"Attribute": [
|
|
{
|
|
"category": "Payload delivery",
|
|
"comment": "AgentTesla",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"object_relation": "md5",
|
|
"timestamp": "1572876231",
|
|
"to_ids": true,
|
|
"type": "md5",
|
|
"uuid": "3d16acb4-3533-4319-b423-a2cbc263cb97",
|
|
"value": "1660ca53c025465e9b0628246b1047f3"
|
|
},
|
|
{
|
|
"category": "Payload delivery",
|
|
"comment": "AgentTesla",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"object_relation": "sha1",
|
|
"timestamp": "1572876231",
|
|
"to_ids": true,
|
|
"type": "sha1",
|
|
"uuid": "f00919d5-c971-42b0-b57a-06f4a25f6117",
|
|
"value": "8b3b10b3fa61017a02e013dcabb67eb8eeaa7ed9"
|
|
},
|
|
{
|
|
"category": "Payload delivery",
|
|
"comment": "AgentTesla",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"object_relation": "sha256",
|
|
"timestamp": "1572876231",
|
|
"to_ids": true,
|
|
"type": "sha256",
|
|
"uuid": "ac301e68-00db-476d-b7a5-4ae9639fb6db",
|
|
"value": "d0c803c5ea28bf5f31d48876fec6f813d312ec2df024974fdc6e641862ce68a1"
|
|
}
|
|
]
|
|
},
|
|
{
|
|
"comment": "",
|
|
"deleted": false,
|
|
"description": "VirusTotal report",
|
|
"meta-category": "misc",
|
|
"name": "virustotal-report",
|
|
"template_uuid": "d7dd0154-e04f-4c34-a2fb-79f3a3a52aa4",
|
|
"template_version": "2",
|
|
"timestamp": "1575969878",
|
|
"uuid": "693be22d-e312-4294-9171-2d8065cddd54",
|
|
"Attribute": [
|
|
{
|
|
"category": "Other",
|
|
"comment": "AgentTesla",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"object_relation": "last-submission",
|
|
"timestamp": "1572876231",
|
|
"to_ids": false,
|
|
"type": "datetime",
|
|
"uuid": "f7ef0e54-13ec-41eb-a33e-d72d49258b76",
|
|
"value": "2019-10-23T12:51:58"
|
|
},
|
|
{
|
|
"category": "Payload delivery",
|
|
"comment": "AgentTesla",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"object_relation": "permalink",
|
|
"timestamp": "1572876231",
|
|
"to_ids": false,
|
|
"type": "link",
|
|
"uuid": "0feac6f1-cddd-4ef0-9758-0bd0a966fc74",
|
|
"value": "https://www.virustotal.com/file/d0c803c5ea28bf5f31d48876fec6f813d312ec2df024974fdc6e641862ce68a1/analysis/1571835118/"
|
|
},
|
|
{
|
|
"category": "Payload delivery",
|
|
"comment": "AgentTesla",
|
|
"deleted": false,
|
|
"disable_correlation": true,
|
|
"object_relation": "detection-ratio",
|
|
"timestamp": "1572876231",
|
|
"to_ids": false,
|
|
"type": "text",
|
|
"uuid": "cc87a812-0dae-441d-8345-630aa04d3708",
|
|
"value": "41/70"
|
|
}
|
|
]
|
|
},
|
|
{
|
|
"comment": "",
|
|
"deleted": false,
|
|
"description": "File object describing a file with meta-information",
|
|
"meta-category": "file",
|
|
"name": "file",
|
|
"template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215",
|
|
"template_version": "17",
|
|
"timestamp": "1575969878",
|
|
"uuid": "92ae76c5-8973-4515-938d-b878ca91368e",
|
|
"ObjectReference": [
|
|
{
|
|
"comment": "",
|
|
"object_uuid": "92ae76c5-8973-4515-938d-b878ca91368e",
|
|
"referenced_uuid": "dffbc7d4-cd65-4cb2-9090-32a89e4e174f",
|
|
"relationship_type": "analysed-with",
|
|
"timestamp": "1575969881",
|
|
"uuid": "5def6459-766c-4ff3-8baf-4116950d210f"
|
|
}
|
|
],
|
|
"Attribute": [
|
|
{
|
|
"category": "Payload delivery",
|
|
"comment": "NanoCore",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"object_relation": "md5",
|
|
"timestamp": "1572874432",
|
|
"to_ids": true,
|
|
"type": "md5",
|
|
"uuid": "e58e6f6f-acf9-4bd6-98fa-8ed4d946539d",
|
|
"value": "57084aec24c40f6834428b38ef72b967"
|
|
},
|
|
{
|
|
"category": "Payload delivery",
|
|
"comment": "NanoCore",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"object_relation": "sha1",
|
|
"timestamp": "1572874432",
|
|
"to_ids": true,
|
|
"type": "sha1",
|
|
"uuid": "52601c90-7954-4273-afb9-80e868b87c87",
|
|
"value": "24dd9c52e1c1ef03cda76c7a9e5887170ada12eb"
|
|
},
|
|
{
|
|
"category": "Payload delivery",
|
|
"comment": "NanoCore",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"object_relation": "sha256",
|
|
"timestamp": "1572874432",
|
|
"to_ids": true,
|
|
"type": "sha256",
|
|
"uuid": "0f62fc4b-1d96-41ae-9562-b6b185fc3f15",
|
|
"value": "83be3594bac7cf5b93de4fbb944c11feb844cce7ad0e7442922e647ab4117ced"
|
|
}
|
|
]
|
|
},
|
|
{
|
|
"comment": "",
|
|
"deleted": false,
|
|
"description": "VirusTotal report",
|
|
"meta-category": "misc",
|
|
"name": "virustotal-report",
|
|
"template_uuid": "d7dd0154-e04f-4c34-a2fb-79f3a3a52aa4",
|
|
"template_version": "2",
|
|
"timestamp": "1575969878",
|
|
"uuid": "dffbc7d4-cd65-4cb2-9090-32a89e4e174f",
|
|
"Attribute": [
|
|
{
|
|
"category": "Other",
|
|
"comment": "NanoCore",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"object_relation": "last-submission",
|
|
"timestamp": "1572874432",
|
|
"to_ids": false,
|
|
"type": "datetime",
|
|
"uuid": "456dfb89-0a24-4933-9ebd-30ae24723027",
|
|
"value": "2019-10-20T11:44:02"
|
|
},
|
|
{
|
|
"category": "Payload delivery",
|
|
"comment": "NanoCore",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"object_relation": "permalink",
|
|
"timestamp": "1572874432",
|
|
"to_ids": false,
|
|
"type": "link",
|
|
"uuid": "fc64fe4a-f7db-457e-b67e-f8dd8d93a595",
|
|
"value": "https://www.virustotal.com/file/83be3594bac7cf5b93de4fbb944c11feb844cce7ad0e7442922e647ab4117ced/analysis/1571571842/"
|
|
},
|
|
{
|
|
"category": "Payload delivery",
|
|
"comment": "NanoCore",
|
|
"deleted": false,
|
|
"disable_correlation": true,
|
|
"object_relation": "detection-ratio",
|
|
"timestamp": "1572874432",
|
|
"to_ids": false,
|
|
"type": "text",
|
|
"uuid": "6caa5df3-8e4f-4f70-97bf-0fdf57745619",
|
|
"value": "57/68"
|
|
}
|
|
]
|
|
},
|
|
{
|
|
"comment": "",
|
|
"deleted": false,
|
|
"description": "File object describing a file with meta-information",
|
|
"meta-category": "file",
|
|
"name": "file",
|
|
"template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215",
|
|
"template_version": "17",
|
|
"timestamp": "1575969879",
|
|
"uuid": "c4cded67-8b32-4ee4-b39f-d17a501a2cf3",
|
|
"ObjectReference": [
|
|
{
|
|
"comment": "",
|
|
"object_uuid": "c4cded67-8b32-4ee4-b39f-d17a501a2cf3",
|
|
"referenced_uuid": "d5ef38d1-b501-4ae1-9249-6707886ea81b",
|
|
"relationship_type": "analysed-with",
|
|
"timestamp": "1575969881",
|
|
"uuid": "5def6459-3698-4dd2-a7a5-48c2950d210f"
|
|
}
|
|
],
|
|
"Attribute": [
|
|
{
|
|
"category": "Payload delivery",
|
|
"comment": "NanoCore",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"object_relation": "md5",
|
|
"timestamp": "1572874604",
|
|
"to_ids": true,
|
|
"type": "md5",
|
|
"uuid": "cf6b5f40-1367-44f4-970f-7af75e14d46e",
|
|
"value": "61f6f2296d99b469078db1cb5d36bf65"
|
|
},
|
|
{
|
|
"category": "Payload delivery",
|
|
"comment": "NanoCore",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"object_relation": "sha1",
|
|
"timestamp": "1572874604",
|
|
"to_ids": true,
|
|
"type": "sha1",
|
|
"uuid": "76780b92-cb0c-4168-98ec-b79b3314b7c9",
|
|
"value": "f03aa226cc7aeb12a3190b3ccc8a2db68ffd1587"
|
|
},
|
|
{
|
|
"category": "Payload delivery",
|
|
"comment": "NanoCore",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"object_relation": "sha256",
|
|
"timestamp": "1572874604",
|
|
"to_ids": true,
|
|
"type": "sha256",
|
|
"uuid": "276578f6-f61c-46b1-9269-e5c9d9c4189b",
|
|
"value": "fb9146f0e3045ad11c152b06b5a4e3ae9a87f09dec76253fec671a79da256d33"
|
|
}
|
|
]
|
|
},
|
|
{
|
|
"comment": "",
|
|
"deleted": false,
|
|
"description": "VirusTotal report",
|
|
"meta-category": "misc",
|
|
"name": "virustotal-report",
|
|
"template_uuid": "d7dd0154-e04f-4c34-a2fb-79f3a3a52aa4",
|
|
"template_version": "2",
|
|
"timestamp": "1575969879",
|
|
"uuid": "d5ef38d1-b501-4ae1-9249-6707886ea81b",
|
|
"Attribute": [
|
|
{
|
|
"category": "Other",
|
|
"comment": "NanoCore",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"object_relation": "last-submission",
|
|
"timestamp": "1572874604",
|
|
"to_ids": false,
|
|
"type": "datetime",
|
|
"uuid": "231d8b6a-d8f5-4f91-8d14-3c13201efae9",
|
|
"value": "2019-10-13T12:32:04"
|
|
},
|
|
{
|
|
"category": "Payload delivery",
|
|
"comment": "NanoCore",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"object_relation": "permalink",
|
|
"timestamp": "1572874604",
|
|
"to_ids": false,
|
|
"type": "link",
|
|
"uuid": "e65af2d7-3fa7-4d88-b92d-074c869b7389",
|
|
"value": "https://www.virustotal.com/file/fb9146f0e3045ad11c152b06b5a4e3ae9a87f09dec76253fec671a79da256d33/analysis/1570969924/"
|
|
},
|
|
{
|
|
"category": "Payload delivery",
|
|
"comment": "NanoCore",
|
|
"deleted": false,
|
|
"disable_correlation": true,
|
|
"object_relation": "detection-ratio",
|
|
"timestamp": "1572874604",
|
|
"to_ids": false,
|
|
"type": "text",
|
|
"uuid": "d5dbf1e4-14fb-492e-a36e-5433f7500168",
|
|
"value": "60/70"
|
|
}
|
|
]
|
|
},
|
|
{
|
|
"comment": "",
|
|
"deleted": false,
|
|
"description": "File object describing a file with meta-information",
|
|
"meta-category": "file",
|
|
"name": "file",
|
|
"template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215",
|
|
"template_version": "17",
|
|
"timestamp": "1575969879",
|
|
"uuid": "c64bda57-fb58-499b-a870-74140ecb73c3",
|
|
"ObjectReference": [
|
|
{
|
|
"comment": "",
|
|
"object_uuid": "c64bda57-fb58-499b-a870-74140ecb73c3",
|
|
"referenced_uuid": "8598f6dc-4d1f-4d2d-b686-cd0c3d66cc5e",
|
|
"relationship_type": "analysed-with",
|
|
"timestamp": "1575969881",
|
|
"uuid": "5def6459-7a48-44b2-a078-466a950d210f"
|
|
}
|
|
],
|
|
"Attribute": [
|
|
{
|
|
"category": "Payload delivery",
|
|
"comment": "Dll",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"object_relation": "md5",
|
|
"timestamp": "1572876623",
|
|
"to_ids": true,
|
|
"type": "md5",
|
|
"uuid": "9b9c5b76-35ac-4747-bc55-676ff185a9c1",
|
|
"value": "a5de91f73a5e75aa7e33954fd0adda13"
|
|
},
|
|
{
|
|
"category": "Payload delivery",
|
|
"comment": "Dll",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"object_relation": "sha1",
|
|
"timestamp": "1572876623",
|
|
"to_ids": true,
|
|
"type": "sha1",
|
|
"uuid": "35887651-0df9-4924-88fb-7e63006c535e",
|
|
"value": "07b518b86eca57bc9534c9b955d1809f9f66f080"
|
|
},
|
|
{
|
|
"category": "Payload delivery",
|
|
"comment": "Dll",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"object_relation": "sha256",
|
|
"timestamp": "1572876623",
|
|
"to_ids": true,
|
|
"type": "sha256",
|
|
"uuid": "d4b1da4b-7301-492c-ab4d-8b51fc2667a6",
|
|
"value": "84833991f1705a01a11149c9d037c8379a9c2d463dc30a2fec27bfa52d218fa6"
|
|
}
|
|
]
|
|
},
|
|
{
|
|
"comment": "",
|
|
"deleted": false,
|
|
"description": "VirusTotal report",
|
|
"meta-category": "misc",
|
|
"name": "virustotal-report",
|
|
"template_uuid": "d7dd0154-e04f-4c34-a2fb-79f3a3a52aa4",
|
|
"template_version": "2",
|
|
"timestamp": "1575969879",
|
|
"uuid": "8598f6dc-4d1f-4d2d-b686-cd0c3d66cc5e",
|
|
"Attribute": [
|
|
{
|
|
"category": "Other",
|
|
"comment": "Dll",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"object_relation": "last-submission",
|
|
"timestamp": "1572876623",
|
|
"to_ids": false,
|
|
"type": "datetime",
|
|
"uuid": "aea636b1-9152-49df-8c25-55266a813659",
|
|
"value": "2019-09-28T03:26:27"
|
|
},
|
|
{
|
|
"category": "Payload delivery",
|
|
"comment": "Dll",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"object_relation": "permalink",
|
|
"timestamp": "1572876623",
|
|
"to_ids": false,
|
|
"type": "link",
|
|
"uuid": "423be0e6-f07a-44cc-a07c-5d12ebb9bd78",
|
|
"value": "https://www.virustotal.com/file/84833991f1705a01a11149c9d037c8379a9c2d463dc30a2fec27bfa52d218fa6/analysis/1569641187/"
|
|
},
|
|
{
|
|
"category": "Payload delivery",
|
|
"comment": "Dll",
|
|
"deleted": false,
|
|
"disable_correlation": true,
|
|
"object_relation": "detection-ratio",
|
|
"timestamp": "1572876623",
|
|
"to_ids": false,
|
|
"type": "text",
|
|
"uuid": "73e7f2b3-941d-4727-86bf-ab089e83ff03",
|
|
"value": "44/67"
|
|
}
|
|
]
|
|
},
|
|
{
|
|
"comment": "",
|
|
"deleted": false,
|
|
"description": "File object describing a file with meta-information",
|
|
"meta-category": "file",
|
|
"name": "file",
|
|
"template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215",
|
|
"template_version": "17",
|
|
"timestamp": "1575969880",
|
|
"uuid": "0ec33fed-1a2a-485e-939f-f40425ebc54c",
|
|
"ObjectReference": [
|
|
{
|
|
"comment": "",
|
|
"object_uuid": "0ec33fed-1a2a-485e-939f-f40425ebc54c",
|
|
"referenced_uuid": "c0bce316-ef56-42c6-811e-7dca12ecf919",
|
|
"relationship_type": "analysed-with",
|
|
"timestamp": "1575969881",
|
|
"uuid": "5def6459-1b14-4e5b-9f31-40e9950d210f"
|
|
}
|
|
],
|
|
"Attribute": [
|
|
{
|
|
"category": "Payload delivery",
|
|
"comment": "ASyncRAT",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"object_relation": "md5",
|
|
"timestamp": "1572875611",
|
|
"to_ids": true,
|
|
"type": "md5",
|
|
"uuid": "41c34af9-b7fe-494a-90c2-abc32b791200",
|
|
"value": "9257e5b74cf52683b168602036f19d3f"
|
|
},
|
|
{
|
|
"category": "Payload delivery",
|
|
"comment": "ASyncRAT",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"object_relation": "sha1",
|
|
"timestamp": "1572875611",
|
|
"to_ids": true,
|
|
"type": "sha1",
|
|
"uuid": "de2ec00b-75f7-4445-a662-41fde9dadda7",
|
|
"value": "cdd025adf4d4b616a703378a05915a36dedcbe9a"
|
|
},
|
|
{
|
|
"category": "Payload delivery",
|
|
"comment": "ASyncRAT",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"object_relation": "sha256",
|
|
"timestamp": "1572875611",
|
|
"to_ids": true,
|
|
"type": "sha256",
|
|
"uuid": "29475fb6-c458-4f8e-85ee-5c5443b69d36",
|
|
"value": "516c73d324fa23f5aaf50bf9306c2d5aa3d55b0b8c9be60e273ac3c1895f15f3"
|
|
}
|
|
]
|
|
},
|
|
{
|
|
"comment": "",
|
|
"deleted": false,
|
|
"description": "VirusTotal report",
|
|
"meta-category": "misc",
|
|
"name": "virustotal-report",
|
|
"template_uuid": "d7dd0154-e04f-4c34-a2fb-79f3a3a52aa4",
|
|
"template_version": "2",
|
|
"timestamp": "1575969880",
|
|
"uuid": "c0bce316-ef56-42c6-811e-7dca12ecf919",
|
|
"Attribute": [
|
|
{
|
|
"category": "Other",
|
|
"comment": "ASyncRAT",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"object_relation": "last-submission",
|
|
"timestamp": "1572875611",
|
|
"to_ids": false,
|
|
"type": "datetime",
|
|
"uuid": "007438bf-4ab7-41b1-8d4c-2569dbb74a59",
|
|
"value": "2019-10-29T15:05:37"
|
|
},
|
|
{
|
|
"category": "Payload delivery",
|
|
"comment": "ASyncRAT",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"object_relation": "permalink",
|
|
"timestamp": "1572875611",
|
|
"to_ids": false,
|
|
"type": "link",
|
|
"uuid": "4e5958e9-9ee1-4023-833e-d9d30a89393f",
|
|
"value": "https://www.virustotal.com/file/516c73d324fa23f5aaf50bf9306c2d5aa3d55b0b8c9be60e273ac3c1895f15f3/analysis/1572361537/"
|
|
},
|
|
{
|
|
"category": "Payload delivery",
|
|
"comment": "ASyncRAT",
|
|
"deleted": false,
|
|
"disable_correlation": true,
|
|
"object_relation": "detection-ratio",
|
|
"timestamp": "1572875611",
|
|
"to_ids": false,
|
|
"type": "text",
|
|
"uuid": "771cbfda-bc1e-49a0-82ff-341ab0bb1022",
|
|
"value": "36/71"
|
|
}
|
|
]
|
|
},
|
|
{
|
|
"comment": "",
|
|
"deleted": false,
|
|
"description": "File object describing a file with meta-information",
|
|
"meta-category": "file",
|
|
"name": "file",
|
|
"template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215",
|
|
"template_version": "17",
|
|
"timestamp": "1575969880",
|
|
"uuid": "f1e1d01c-6f5f-4204-9d86-34227fa834ed",
|
|
"ObjectReference": [
|
|
{
|
|
"comment": "",
|
|
"object_uuid": "f1e1d01c-6f5f-4204-9d86-34227fa834ed",
|
|
"referenced_uuid": "78cebe26-6eb1-4f08-b500-312923e761c9",
|
|
"relationship_type": "analysed-with",
|
|
"timestamp": "1575969881",
|
|
"uuid": "5def6459-f4ac-4a56-996c-4db7950d210f"
|
|
}
|
|
],
|
|
"Attribute": [
|
|
{
|
|
"category": "Payload delivery",
|
|
"comment": "AgentTesla",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"object_relation": "md5",
|
|
"timestamp": "1572876298",
|
|
"to_ids": true,
|
|
"type": "md5",
|
|
"uuid": "facd374d-3b71-4d35-b939-2a38c5422f3a",
|
|
"value": "0638dff86bcdbebe8dc9c9d0bece613b"
|
|
},
|
|
{
|
|
"category": "Payload delivery",
|
|
"comment": "AgentTesla",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"object_relation": "sha1",
|
|
"timestamp": "1572876298",
|
|
"to_ids": true,
|
|
"type": "sha1",
|
|
"uuid": "4ebc69f3-99b2-4915-b40f-0eeef5301c44",
|
|
"value": "e7ec733b91eece465192ebe2d62bb5fd14a135c3"
|
|
},
|
|
{
|
|
"category": "Payload delivery",
|
|
"comment": "AgentTesla",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"object_relation": "sha256",
|
|
"timestamp": "1572876298",
|
|
"to_ids": true,
|
|
"type": "sha256",
|
|
"uuid": "185ae823-4aa3-4844-a8cf-68e8358c78b8",
|
|
"value": "6c59ac2d51e7f06e82b33c697107a0ba27779382f07754fa9f0e283be84940e5"
|
|
}
|
|
]
|
|
},
|
|
{
|
|
"comment": "",
|
|
"deleted": false,
|
|
"description": "VirusTotal report",
|
|
"meta-category": "misc",
|
|
"name": "virustotal-report",
|
|
"template_uuid": "d7dd0154-e04f-4c34-a2fb-79f3a3a52aa4",
|
|
"template_version": "2",
|
|
"timestamp": "1575969880",
|
|
"uuid": "78cebe26-6eb1-4f08-b500-312923e761c9",
|
|
"Attribute": [
|
|
{
|
|
"category": "Other",
|
|
"comment": "AgentTesla",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"object_relation": "last-submission",
|
|
"timestamp": "1572876298",
|
|
"to_ids": false,
|
|
"type": "datetime",
|
|
"uuid": "77b6b35b-d50d-4041-b505-20115a28c312",
|
|
"value": "2019-10-25T06:30:50"
|
|
},
|
|
{
|
|
"category": "Payload delivery",
|
|
"comment": "AgentTesla",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"object_relation": "permalink",
|
|
"timestamp": "1572876298",
|
|
"to_ids": false,
|
|
"type": "link",
|
|
"uuid": "21a8e5ac-802a-4506-bcdd-6b69d3419a47",
|
|
"value": "https://www.virustotal.com/file/6c59ac2d51e7f06e82b33c697107a0ba27779382f07754fa9f0e283be84940e5/analysis/1571985050/"
|
|
},
|
|
{
|
|
"category": "Payload delivery",
|
|
"comment": "AgentTesla",
|
|
"deleted": false,
|
|
"disable_correlation": true,
|
|
"object_relation": "detection-ratio",
|
|
"timestamp": "1572876298",
|
|
"to_ids": false,
|
|
"type": "text",
|
|
"uuid": "cadc000e-d4db-47db-9bd1-ee1ec522e9d6",
|
|
"value": "44/68"
|
|
}
|
|
]
|
|
}
|
|
]
|
|
}
|
|
} |