1723 lines
No EOL
58 KiB
JSON
1723 lines
No EOL
58 KiB
JSON
{
|
|
"Event": {
|
|
"analysis": "2",
|
|
"date": "2019-08-05",
|
|
"extends_uuid": "",
|
|
"info": "OSINT - From Carnaval to Cinco de Mayo \u00e2\u20ac\u201c The journey of Amavaldo",
|
|
"publish_timestamp": "1565505814",
|
|
"published": true,
|
|
"threat_level_id": "3",
|
|
"timestamp": "1565505795",
|
|
"uuid": "5d47cdea-435c-45aa-8db0-4693950d210f",
|
|
"Orgc": {
|
|
"name": "CIRCL",
|
|
"uuid": "55f6ea5e-2c60-40e5-964f-47a8950d210f"
|
|
},
|
|
"Tag": [
|
|
{
|
|
"colour": "#00b3b3",
|
|
"local": "0",
|
|
"name": "ecsirt:intrusions=\"backdoor\"",
|
|
"relationship_type": ""
|
|
},
|
|
{
|
|
"colour": "#00a9ce",
|
|
"local": "0",
|
|
"name": "veris:action:malware:variety=\"Backdoor\"",
|
|
"relationship_type": ""
|
|
},
|
|
{
|
|
"colour": "#2c0037",
|
|
"local": "0",
|
|
"name": "ms-caro-malware:malware-type=\"Backdoor\"",
|
|
"relationship_type": ""
|
|
},
|
|
{
|
|
"colour": "#001534",
|
|
"local": "0",
|
|
"name": "ms-caro-malware-full:malware-type=\"Backdoor\"",
|
|
"relationship_type": ""
|
|
},
|
|
{
|
|
"colour": "#0088cc",
|
|
"local": "0",
|
|
"name": "misp-galaxy:mitre-attack-pattern=\"Masquerading - T1036\"",
|
|
"relationship_type": ""
|
|
},
|
|
{
|
|
"colour": "#0088cc",
|
|
"local": "0",
|
|
"name": "misp-galaxy:mitre-attack-pattern=\"Spearphishing via Service - T1194\"",
|
|
"relationship_type": ""
|
|
},
|
|
{
|
|
"colour": "#0088cc",
|
|
"local": "0",
|
|
"name": "misp-galaxy:mitre-attack-pattern=\"Screen Capture - T1113\"",
|
|
"relationship_type": ""
|
|
},
|
|
{
|
|
"colour": "#0088cc",
|
|
"local": "0",
|
|
"name": "misp-galaxy:mitre-attack-pattern=\"Input Capture - T1056\"",
|
|
"relationship_type": ""
|
|
},
|
|
{
|
|
"colour": "#0088cc",
|
|
"local": "0",
|
|
"name": "misp-galaxy:mitre-attack-pattern=\"Video Capture - T1125\"",
|
|
"relationship_type": ""
|
|
},
|
|
{
|
|
"colour": "#0088cc",
|
|
"local": "0",
|
|
"name": "misp-galaxy:mitre-attack-pattern=\"Forced Authentication - T1187\"",
|
|
"relationship_type": ""
|
|
},
|
|
{
|
|
"colour": "#0088cc",
|
|
"local": "0",
|
|
"name": "misp-galaxy:mitre-attack-pattern=\"Application Deployment Software - T1017\"",
|
|
"relationship_type": ""
|
|
},
|
|
{
|
|
"colour": "#00abd0",
|
|
"local": "0",
|
|
"name": "veris:action:malware:variety=\"Spyware/Keylogger\"",
|
|
"relationship_type": ""
|
|
},
|
|
{
|
|
"colour": "#0088cc",
|
|
"local": "0",
|
|
"name": "misp-galaxy:rat=\"Amavaldo Banking Trojan\"",
|
|
"relationship_type": ""
|
|
},
|
|
{
|
|
"colour": "#0088cc",
|
|
"local": "0",
|
|
"name": "misp-galaxy:tool=\"Amavaldo\"",
|
|
"relationship_type": ""
|
|
},
|
|
{
|
|
"colour": "#ffffff",
|
|
"local": "0",
|
|
"name": "tlp:white",
|
|
"relationship_type": ""
|
|
},
|
|
{
|
|
"colour": "#004646",
|
|
"local": "0",
|
|
"name": "type:OSINT",
|
|
"relationship_type": ""
|
|
},
|
|
{
|
|
"colour": "#0071c3",
|
|
"local": "0",
|
|
"name": "osint:lifetime=\"perpetual\"",
|
|
"relationship_type": ""
|
|
},
|
|
{
|
|
"colour": "#0087e8",
|
|
"local": "0",
|
|
"name": "osint:certainty=\"50\"",
|
|
"relationship_type": ""
|
|
}
|
|
],
|
|
"Attribute": [
|
|
{
|
|
"category": "External analysis",
|
|
"comment": "",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"timestamp": "1564986874",
|
|
"to_ids": false,
|
|
"type": "link",
|
|
"uuid": "5d47cdfa-0d14-464f-8041-4abe950d210f",
|
|
"value": "https://www.welivesecurity.com/2019/08/01/banking-trojans-amavaldo/"
|
|
}
|
|
],
|
|
"Object": [
|
|
{
|
|
"comment": "Abused legitimate application",
|
|
"deleted": false,
|
|
"description": "File object describing a file with meta-information",
|
|
"meta-category": "file",
|
|
"name": "file",
|
|
"template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215",
|
|
"template_version": "17",
|
|
"timestamp": "1565090840",
|
|
"uuid": "5d482f74-badc-495e-920c-4329950d210f",
|
|
"Attribute": [
|
|
{
|
|
"category": "Payload delivery",
|
|
"comment": "",
|
|
"deleted": false,
|
|
"disable_correlation": true,
|
|
"object_relation": "filename",
|
|
"timestamp": "1565090840",
|
|
"to_ids": true,
|
|
"type": "filename",
|
|
"uuid": "5d482f74-756c-4de9-98ac-431c950d210f",
|
|
"value": "ctfmon.exe"
|
|
},
|
|
{
|
|
"category": "Payload delivery",
|
|
"comment": "",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"object_relation": "sha1",
|
|
"timestamp": "1565090840",
|
|
"to_ids": true,
|
|
"type": "sha1",
|
|
"uuid": "5d496418-e830-4325-9690-bb6e950d210f",
|
|
"value": "6c04499f7406e270b590374ef813c4012530273e"
|
|
}
|
|
]
|
|
},
|
|
{
|
|
"comment": "encrypted banking trojan - ESET detection name: Win32/Spy.Amavaldo.N trojan",
|
|
"deleted": false,
|
|
"description": "File object describing a file with meta-information",
|
|
"meta-category": "file",
|
|
"name": "file",
|
|
"template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215",
|
|
"template_version": "17",
|
|
"timestamp": "1565091752",
|
|
"uuid": "5d483181-9e28-42d9-b8a9-460d950d210f",
|
|
"ObjectReference": [
|
|
{
|
|
"comment": "",
|
|
"object_uuid": "5d483181-9e28-42d9-b8a9-460d950d210f",
|
|
"referenced_uuid": "5d48319b-07ec-4769-9c2f-4fda950d210f",
|
|
"relationship_type": "executed-by",
|
|
"timestamp": "1565074484",
|
|
"uuid": "5d492434-cffc-4d0f-a4e5-46cc950d210f"
|
|
}
|
|
],
|
|
"Attribute": [
|
|
{
|
|
"category": "Payload delivery",
|
|
"comment": "",
|
|
"deleted": false,
|
|
"disable_correlation": true,
|
|
"object_relation": "filename",
|
|
"timestamp": "1565091752",
|
|
"to_ids": true,
|
|
"type": "filename",
|
|
"uuid": "5d483181-1c60-48df-af8a-4c11950d210f",
|
|
"value": "MsCtfMonitor"
|
|
},
|
|
{
|
|
"category": "Payload delivery",
|
|
"comment": "",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"object_relation": "sha1",
|
|
"timestamp": "1565091754",
|
|
"to_ids": true,
|
|
"type": "sha1",
|
|
"uuid": "5d4967aa-1c74-4c71-ab60-1f42950d210f",
|
|
"value": "b761d9216c00f5e2871de16ae157de13c6283b5d"
|
|
}
|
|
]
|
|
},
|
|
{
|
|
"comment": "Injector for Amavaldo - ESET detection name: Win32/Spy.Amavaldo.U trojan",
|
|
"deleted": false,
|
|
"description": "File object describing a file with meta-information",
|
|
"meta-category": "file",
|
|
"name": "file",
|
|
"template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215",
|
|
"template_version": "17",
|
|
"timestamp": "1565090891",
|
|
"uuid": "5d48319b-07ec-4769-9c2f-4fda950d210f",
|
|
"ObjectReference": [
|
|
{
|
|
"comment": "",
|
|
"object_uuid": "5d48319b-07ec-4769-9c2f-4fda950d210f",
|
|
"referenced_uuid": "5d483181-9e28-42d9-b8a9-460d950d210f",
|
|
"relationship_type": "executes",
|
|
"timestamp": "1565074467",
|
|
"uuid": "5d492423-237c-4590-bc3b-47d2950d210f"
|
|
}
|
|
],
|
|
"Attribute": [
|
|
{
|
|
"category": "Payload delivery",
|
|
"comment": "",
|
|
"deleted": false,
|
|
"disable_correlation": true,
|
|
"object_relation": "filename",
|
|
"timestamp": "1565090891",
|
|
"to_ids": true,
|
|
"type": "filename",
|
|
"uuid": "5d48319d-058c-4031-95f4-47f4950d210f",
|
|
"value": "MsCtfMonitor.dll"
|
|
},
|
|
{
|
|
"category": "Payload delivery",
|
|
"comment": "",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"object_relation": "sha1",
|
|
"timestamp": "1565090891",
|
|
"to_ids": true,
|
|
"type": "sha1",
|
|
"uuid": "5d49644b-d6d4-4833-8f0b-73e6950d210f",
|
|
"value": "1d56bab28793e3ab96e390f09f02425e52e28ffc"
|
|
}
|
|
]
|
|
},
|
|
{
|
|
"comment": "",
|
|
"deleted": false,
|
|
"description": "Object to describe mutual exclusion locks (mutex) as seen in memory or computer program",
|
|
"meta-category": "misc",
|
|
"name": "mutex",
|
|
"template_uuid": "9f5c1a68-2021-4faa-b409-61c899c86466",
|
|
"template_version": "1",
|
|
"timestamp": "1565075302",
|
|
"uuid": "5d492766-d074-47b5-9e28-4a78950d210f",
|
|
"Attribute": [
|
|
{
|
|
"category": "Other",
|
|
"comment": "",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"object_relation": "name",
|
|
"timestamp": "1565075302",
|
|
"to_ids": false,
|
|
"type": "text",
|
|
"uuid": "5d492766-a034-4476-870d-4ed7950d210f",
|
|
"value": "D7F8FEDF-D9A0-4335-A619-D3BB3EEAEDDB"
|
|
},
|
|
{
|
|
"category": "Other",
|
|
"comment": "",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"object_relation": "description",
|
|
"timestamp": "1565075302",
|
|
"to_ids": false,
|
|
"type": "text",
|
|
"uuid": "5d492766-870c-4391-8369-4656950d210f",
|
|
"value": "Additionally, the latest versions of Amavaldo can be identified by a mutex that seems to have the constant name"
|
|
}
|
|
]
|
|
},
|
|
{
|
|
"comment": "a tool for checking internet connectivity",
|
|
"deleted": false,
|
|
"description": "File object describing a file with meta-information",
|
|
"meta-category": "file",
|
|
"name": "file",
|
|
"template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215",
|
|
"template_version": "17",
|
|
"timestamp": "1565098556",
|
|
"uuid": "5d493cd2-4ca4-44a7-a9f0-4b5b950d210f",
|
|
"Attribute": [
|
|
{
|
|
"category": "Payload delivery",
|
|
"comment": "",
|
|
"deleted": false,
|
|
"disable_correlation": true,
|
|
"object_relation": "filename",
|
|
"timestamp": "1565098556",
|
|
"to_ids": true,
|
|
"type": "filename",
|
|
"uuid": "5d493cd2-16ec-42f0-a841-434e950d210f",
|
|
"value": "AICustAct.dll"
|
|
},
|
|
{
|
|
"category": "Payload delivery",
|
|
"comment": "",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"object_relation": "sha1",
|
|
"timestamp": "1565098557",
|
|
"to_ids": true,
|
|
"type": "sha1",
|
|
"uuid": "5d49823d-78a4-4def-aaa1-49df950d210f",
|
|
"value": "b80294261c8a1635e16e14f55a3d76889ff2c857"
|
|
}
|
|
]
|
|
},
|
|
{
|
|
"comment": "a tool for detecting virtual environment\t",
|
|
"deleted": false,
|
|
"description": "File object describing a file with meta-information",
|
|
"meta-category": "file",
|
|
"name": "file",
|
|
"template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215",
|
|
"template_version": "17",
|
|
"timestamp": "1565098533",
|
|
"uuid": "5d493cf7-aeac-4fd3-99f3-6ecc950d210f",
|
|
"Attribute": [
|
|
{
|
|
"category": "Payload delivery",
|
|
"comment": "",
|
|
"deleted": false,
|
|
"disable_correlation": true,
|
|
"object_relation": "filename",
|
|
"timestamp": "1565098533",
|
|
"to_ids": true,
|
|
"type": "filename",
|
|
"uuid": "5d493cf7-191c-40a4-8a21-6ecc950d210f",
|
|
"value": "VmDetect.exe"
|
|
},
|
|
{
|
|
"category": "Payload delivery",
|
|
"comment": "",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"object_relation": "sha1",
|
|
"timestamp": "1565098533",
|
|
"to_ids": true,
|
|
"type": "sha1",
|
|
"uuid": "5d498225-e624-4368-8ffc-a9bf950d210f",
|
|
"value": "b191810094dd2ee6b13c0d33458fafcd459681ae"
|
|
}
|
|
]
|
|
},
|
|
{
|
|
"comment": "Abuse legitimate application",
|
|
"deleted": false,
|
|
"description": "File object describing a file with meta-information",
|
|
"meta-category": "file",
|
|
"name": "file",
|
|
"template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215",
|
|
"template_version": "17",
|
|
"timestamp": "1565097200",
|
|
"uuid": "5d493d5f-8ba4-4543-bcd8-6752950d210f",
|
|
"Attribute": [
|
|
{
|
|
"category": "Payload delivery",
|
|
"comment": "",
|
|
"deleted": false,
|
|
"disable_correlation": true,
|
|
"object_relation": "filename",
|
|
"timestamp": "1565097200",
|
|
"to_ids": true,
|
|
"type": "filename",
|
|
"uuid": "5d493d5f-aa28-4283-ae05-6752950d210f",
|
|
"value": "nvsmartmaxapp.exe"
|
|
},
|
|
{
|
|
"category": "Payload delivery",
|
|
"comment": "",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"object_relation": "sha1",
|
|
"timestamp": "1565097200",
|
|
"to_ids": true,
|
|
"type": "sha1",
|
|
"uuid": "5d497cf0-679c-4776-bf3c-492f950d210f",
|
|
"value": "12c93bb262696314123562f8a4b158074c9f6b95"
|
|
}
|
|
]
|
|
},
|
|
{
|
|
"comment": "Injector for Amavaldo - ESET detection name: Win32/Spy.Amavaldo.P trojan",
|
|
"deleted": false,
|
|
"description": "File object describing a file with meta-information",
|
|
"meta-category": "file",
|
|
"name": "file",
|
|
"template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215",
|
|
"template_version": "17",
|
|
"timestamp": "1565097237",
|
|
"uuid": "5d493d77-e7e4-4082-82c3-41d0950d210f",
|
|
"Attribute": [
|
|
{
|
|
"category": "Payload delivery",
|
|
"comment": "",
|
|
"deleted": false,
|
|
"disable_correlation": true,
|
|
"object_relation": "filename",
|
|
"timestamp": "1565097237",
|
|
"to_ids": true,
|
|
"type": "filename",
|
|
"uuid": "5d493d77-2350-43fc-af14-461f950d210f",
|
|
"value": "NvSmartMax.dll"
|
|
},
|
|
{
|
|
"category": "Payload delivery",
|
|
"comment": "",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"object_relation": "sha1",
|
|
"timestamp": "1565097237",
|
|
"to_ids": true,
|
|
"type": "sha1",
|
|
"uuid": "5d497d15-8cb8-4dc1-8e75-422e950d210f",
|
|
"value": "6d80a959e7f52150fda2241a4073a29085c9386b"
|
|
}
|
|
]
|
|
},
|
|
{
|
|
"comment": "Amavaldo - ESET detection name: Win32/Spy.Amavaldo.N trojan",
|
|
"deleted": false,
|
|
"description": "File object describing a file with meta-information",
|
|
"meta-category": "file",
|
|
"name": "file",
|
|
"template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215",
|
|
"template_version": "17",
|
|
"timestamp": "1565098408",
|
|
"uuid": "5d493ef5-9554-4e6d-884f-490f950d210f",
|
|
"Attribute": [
|
|
{
|
|
"category": "Payload delivery",
|
|
"comment": "",
|
|
"deleted": false,
|
|
"disable_correlation": true,
|
|
"object_relation": "filename",
|
|
"timestamp": "1565098408",
|
|
"to_ids": true,
|
|
"type": "filename",
|
|
"uuid": "5d493ef5-67b0-47de-a419-4235950d210f",
|
|
"value": "NvSmartMax"
|
|
},
|
|
{
|
|
"category": "Payload delivery",
|
|
"comment": "",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"object_relation": "sha1",
|
|
"timestamp": "1565098409",
|
|
"to_ids": true,
|
|
"type": "sha1",
|
|
"uuid": "5d4981a9-74d8-40cf-8ebd-422c950d210f",
|
|
"value": "b855d8b1bad07d578013bdb472122e405d49acc1"
|
|
}
|
|
]
|
|
},
|
|
{
|
|
"comment": "Abused legitimate application",
|
|
"deleted": false,
|
|
"description": "File object describing a file with meta-information",
|
|
"meta-category": "file",
|
|
"name": "file",
|
|
"template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215",
|
|
"template_version": "17",
|
|
"timestamp": "1565098509",
|
|
"uuid": "5d493f8a-85c0-4389-9644-aca6950d210f",
|
|
"ObjectReference": [
|
|
{
|
|
"comment": "",
|
|
"object_uuid": "5d493f8a-85c0-4389-9644-aca6950d210f",
|
|
"referenced_uuid": "5d494a5d-de44-423a-b8d1-daa7950d210f",
|
|
"relationship_type": "uses",
|
|
"timestamp": "1565084467",
|
|
"uuid": "5d494b33-7b58-4afb-a49c-aca4950d210f"
|
|
}
|
|
],
|
|
"Attribute": [
|
|
{
|
|
"category": "Payload delivery",
|
|
"comment": "",
|
|
"deleted": false,
|
|
"disable_correlation": true,
|
|
"object_relation": "filename",
|
|
"timestamp": "1565098509",
|
|
"to_ids": true,
|
|
"type": "filename",
|
|
"uuid": "5d493f8a-01ec-4b01-bd62-aca6950d210f",
|
|
"value": "Gup.exe"
|
|
},
|
|
{
|
|
"category": "Payload delivery",
|
|
"comment": "",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"object_relation": "sha1",
|
|
"timestamp": "1565098509",
|
|
"to_ids": true,
|
|
"type": "sha1",
|
|
"uuid": "5d49820d-c910-48b6-b817-4e35950d210f",
|
|
"value": "fc37ac7523cf3b4020ec46d6a47bc26957e3c054"
|
|
}
|
|
]
|
|
},
|
|
{
|
|
"comment": "Injector for email tool - ESET detection name: Win32/Spy.Amavaldo.P trojan",
|
|
"deleted": false,
|
|
"description": "File object describing a file with meta-information",
|
|
"meta-category": "file",
|
|
"name": "file",
|
|
"template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215",
|
|
"template_version": "17",
|
|
"timestamp": "1565092661",
|
|
"uuid": "5d494a11-3c6c-4c89-9d11-daa8950d210f",
|
|
"Attribute": [
|
|
{
|
|
"category": "Payload delivery",
|
|
"comment": "",
|
|
"deleted": false,
|
|
"disable_correlation": true,
|
|
"object_relation": "filename",
|
|
"timestamp": "1565092661",
|
|
"to_ids": true,
|
|
"type": "filename",
|
|
"uuid": "5d494a11-6ad4-4425-988f-daa8950d210f",
|
|
"value": "libcurl.dll"
|
|
},
|
|
{
|
|
"category": "Payload delivery",
|
|
"comment": "",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"object_relation": "sha1",
|
|
"timestamp": "1565092661",
|
|
"to_ids": true,
|
|
"type": "sha1",
|
|
"uuid": "5d496b35-e724-472a-aaa1-1fec950d210f",
|
|
"value": "4dba5fe842b01b641a7228a4c8f805e4627c0012"
|
|
}
|
|
]
|
|
},
|
|
{
|
|
"comment": "Email tool - ESET detection name: Win32/Spy.Banker.AEGH trojan",
|
|
"deleted": false,
|
|
"description": "File object describing a file with meta-information",
|
|
"meta-category": "file",
|
|
"name": "file",
|
|
"template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215",
|
|
"template_version": "17",
|
|
"timestamp": "1565098679",
|
|
"uuid": "5d494a3f-1b3c-4bcc-8b34-4db5950d210f",
|
|
"Attribute": [
|
|
{
|
|
"category": "Payload delivery",
|
|
"comment": "",
|
|
"deleted": false,
|
|
"disable_correlation": true,
|
|
"object_relation": "filename",
|
|
"timestamp": "1565098679",
|
|
"to_ids": true,
|
|
"type": "filename",
|
|
"uuid": "5d494a3f-0508-4b52-95d0-4f88950d210f",
|
|
"value": "Libcurl"
|
|
},
|
|
{
|
|
"category": "Payload delivery",
|
|
"comment": "",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"object_relation": "sha1",
|
|
"timestamp": "1565098679",
|
|
"to_ids": true,
|
|
"type": "sha1",
|
|
"uuid": "5d4982b7-6990-4ae2-a684-4ffa950d210f",
|
|
"value": "9a968341c65ab47bf5c7290f3b36fcf70e9c574b"
|
|
}
|
|
]
|
|
},
|
|
{
|
|
"comment": "Configuration file for gup.exe",
|
|
"deleted": false,
|
|
"description": "File object describing a file with meta-information",
|
|
"meta-category": "file",
|
|
"name": "file",
|
|
"template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215",
|
|
"template_version": "17",
|
|
"timestamp": "1565084447",
|
|
"uuid": "5d494a5d-de44-423a-b8d1-daa7950d210f",
|
|
"ObjectReference": [
|
|
{
|
|
"comment": "",
|
|
"object_uuid": "5d494a5d-de44-423a-b8d1-daa7950d210f",
|
|
"referenced_uuid": "5d493f8a-85c0-4389-9644-aca6950d210f",
|
|
"relationship_type": "used-by",
|
|
"timestamp": "1565084447",
|
|
"uuid": "5d494b1f-dc50-4aa5-a82d-aca4950d210f"
|
|
}
|
|
],
|
|
"Attribute": [
|
|
{
|
|
"category": "Payload delivery",
|
|
"comment": "",
|
|
"deleted": false,
|
|
"disable_correlation": true,
|
|
"object_relation": "filename",
|
|
"timestamp": "1565084253",
|
|
"to_ids": true,
|
|
"type": "filename",
|
|
"uuid": "5d494a5d-c624-4099-9331-daa7950d210f",
|
|
"value": "gup.xml"
|
|
}
|
|
]
|
|
},
|
|
{
|
|
"comment": "",
|
|
"deleted": false,
|
|
"description": "File object describing a file with meta-information",
|
|
"meta-category": "file",
|
|
"name": "file",
|
|
"template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215",
|
|
"template_version": "17",
|
|
"timestamp": "1565087037",
|
|
"uuid": "5d49553d-701c-4eb3-954a-eaeb950d210f",
|
|
"Attribute": [
|
|
{
|
|
"category": "Payload delivery",
|
|
"comment": "",
|
|
"deleted": false,
|
|
"disable_correlation": true,
|
|
"object_relation": "filename",
|
|
"timestamp": "1565087038",
|
|
"to_ids": true,
|
|
"type": "filename",
|
|
"uuid": "5d49553e-39c8-4912-95a9-eaeb950d210f",
|
|
"value": "CurriculumVitae[\u00e2\u20ac\u00a6].msi"
|
|
}
|
|
]
|
|
},
|
|
{
|
|
"comment": "",
|
|
"deleted": false,
|
|
"description": "File object describing a file with meta-information",
|
|
"meta-category": "file",
|
|
"name": "file",
|
|
"template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215",
|
|
"template_version": "17",
|
|
"timestamp": "1565090052",
|
|
"uuid": "5d496104-67d8-48c9-a044-7a57950d210f",
|
|
"Attribute": [
|
|
{
|
|
"category": "Payload delivery",
|
|
"comment": "",
|
|
"deleted": false,
|
|
"disable_correlation": true,
|
|
"object_relation": "filename",
|
|
"timestamp": "1565090052",
|
|
"to_ids": true,
|
|
"type": "filename",
|
|
"uuid": "5d496104-a280-40c9-a7c5-7a57950d210f",
|
|
"value": "FotosPost[\u00e2\u20ac\u00a6].msi"
|
|
}
|
|
]
|
|
},
|
|
{
|
|
"comment": "Downloader (MSI installer) - ESET detection name: Trojan.VBS/TrojanDownloader.Agent.QSL",
|
|
"deleted": false,
|
|
"description": "File object describing a file with meta-information",
|
|
"meta-category": "file",
|
|
"name": "file",
|
|
"template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215",
|
|
"template_version": "17",
|
|
"timestamp": "1565098719",
|
|
"uuid": "5d4982df-1a94-4914-9cf1-464e950d210f",
|
|
"Attribute": [
|
|
{
|
|
"category": "Payload delivery",
|
|
"comment": "",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"object_relation": "sha1",
|
|
"timestamp": "1565098719",
|
|
"to_ids": true,
|
|
"type": "sha1",
|
|
"uuid": "5d4982df-0db4-4542-9703-4422950d210f",
|
|
"value": "e0c8e11f8b271c1e40f5c184afa427ffe99444f8"
|
|
}
|
|
]
|
|
},
|
|
{
|
|
"comment": "Downloader (MSI installer) - ESET detection name: Win32/TrojanDownloader.Delf.CSG trojan",
|
|
"deleted": false,
|
|
"description": "File object describing a file with meta-information",
|
|
"meta-category": "file",
|
|
"name": "file",
|
|
"template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215",
|
|
"template_version": "17",
|
|
"timestamp": "1565098738",
|
|
"uuid": "5d4982f2-0190-427f-b4c5-4f08950d210f",
|
|
"Attribute": [
|
|
{
|
|
"category": "Payload delivery",
|
|
"comment": "",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"object_relation": "sha1",
|
|
"timestamp": "1565098738",
|
|
"to_ids": true,
|
|
"type": "sha1",
|
|
"uuid": "5d4982f2-d224-4857-94ae-461a950d210f",
|
|
"value": "ad1fce0c62b532d097dacfce149c452154d51eb0"
|
|
}
|
|
]
|
|
},
|
|
{
|
|
"comment": "",
|
|
"deleted": false,
|
|
"description": "File object describing a file with meta-information",
|
|
"meta-category": "file",
|
|
"name": "file",
|
|
"template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215",
|
|
"template_version": "17",
|
|
"timestamp": "1565505174",
|
|
"uuid": "e462def8-1643-4d2f-a15a-825ff3fb335e",
|
|
"ObjectReference": [
|
|
{
|
|
"comment": "",
|
|
"object_uuid": "e462def8-1643-4d2f-a15a-825ff3fb335e",
|
|
"referenced_uuid": "6b54feea-5cb0-4c57-b10c-7a1d4a274581",
|
|
"relationship_type": "analysed-with",
|
|
"timestamp": "1565505178",
|
|
"uuid": "5d4fb69b-2cec-4813-97b8-3d4f02de0b81"
|
|
}
|
|
],
|
|
"Attribute": [
|
|
{
|
|
"category": "Payload delivery",
|
|
"comment": "",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"object_relation": "md5",
|
|
"timestamp": "1565098509",
|
|
"to_ids": true,
|
|
"type": "md5",
|
|
"uuid": "8688f006-7d8f-438c-9c88-16384d3a50f5",
|
|
"value": "45c01734ed56c52797156620a5f8b414"
|
|
},
|
|
{
|
|
"category": "Payload delivery",
|
|
"comment": "",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"object_relation": "sha1",
|
|
"timestamp": "1565098509",
|
|
"to_ids": true,
|
|
"type": "sha1",
|
|
"uuid": "83fc631f-09a8-46e8-9c55-7fb0d7477348",
|
|
"value": "fc37ac7523cf3b4020ec46d6a47bc26957e3c054"
|
|
},
|
|
{
|
|
"category": "Payload delivery",
|
|
"comment": "",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"object_relation": "sha256",
|
|
"timestamp": "1565098509",
|
|
"to_ids": true,
|
|
"type": "sha256",
|
|
"uuid": "09b65315-b799-4b42-8543-c90363576ce3",
|
|
"value": "20ae23a6793e58761a28949dec7e910ce6479ab9c2b7bcbd7a1bb4df1171c503"
|
|
}
|
|
]
|
|
},
|
|
{
|
|
"comment": "",
|
|
"deleted": false,
|
|
"description": "VirusTotal report",
|
|
"meta-category": "misc",
|
|
"name": "virustotal-report",
|
|
"template_uuid": "d7dd0154-e04f-4c34-a2fb-79f3a3a52aa4",
|
|
"template_version": "2",
|
|
"timestamp": "1565505174",
|
|
"uuid": "6b54feea-5cb0-4c57-b10c-7a1d4a274581",
|
|
"Attribute": [
|
|
{
|
|
"category": "Other",
|
|
"comment": "",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"object_relation": "last-submission",
|
|
"timestamp": "1565098509",
|
|
"to_ids": false,
|
|
"type": "datetime",
|
|
"uuid": "7e4b14b4-0aae-4ef9-a053-82ed74c31fb7",
|
|
"value": "2019-08-08T11:14:28"
|
|
},
|
|
{
|
|
"category": "Payload delivery",
|
|
"comment": "",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"object_relation": "permalink",
|
|
"timestamp": "1565098509",
|
|
"to_ids": false,
|
|
"type": "link",
|
|
"uuid": "adeb231a-0e31-41ab-98e6-b1f51bf56107",
|
|
"value": "https://www.virustotal.com/file/20ae23a6793e58761a28949dec7e910ce6479ab9c2b7bcbd7a1bb4df1171c503/analysis/1565262868/"
|
|
},
|
|
{
|
|
"category": "Payload delivery",
|
|
"comment": "",
|
|
"deleted": false,
|
|
"disable_correlation": true,
|
|
"object_relation": "detection-ratio",
|
|
"timestamp": "1565098509",
|
|
"to_ids": false,
|
|
"type": "text",
|
|
"uuid": "c8287316-9bfc-4ab0-8fe1-1784b0a875df",
|
|
"value": "1/66"
|
|
}
|
|
]
|
|
},
|
|
{
|
|
"comment": "",
|
|
"deleted": false,
|
|
"description": "File object describing a file with meta-information",
|
|
"meta-category": "file",
|
|
"name": "file",
|
|
"template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215",
|
|
"template_version": "17",
|
|
"timestamp": "1565505175",
|
|
"uuid": "211c8a88-4c1a-447b-a768-0ab6e30246b8",
|
|
"ObjectReference": [
|
|
{
|
|
"comment": "",
|
|
"object_uuid": "211c8a88-4c1a-447b-a768-0ab6e30246b8",
|
|
"referenced_uuid": "e1227ba7-e304-4792-8a0d-039b87b94ec0",
|
|
"relationship_type": "analysed-with",
|
|
"timestamp": "1565505179",
|
|
"uuid": "5d4fb69b-1f78-4af5-8e51-3d4f02de0b81"
|
|
}
|
|
],
|
|
"Attribute": [
|
|
{
|
|
"category": "Payload delivery",
|
|
"comment": "",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"object_relation": "md5",
|
|
"timestamp": "1565097200",
|
|
"to_ids": true,
|
|
"type": "md5",
|
|
"uuid": "1817a1d3-f2a6-4147-a964-16b2a7e43d3f",
|
|
"value": "df3e0e32d1e1fb50cc292aebc5e5b322"
|
|
},
|
|
{
|
|
"category": "Payload delivery",
|
|
"comment": "",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"object_relation": "sha1",
|
|
"timestamp": "1565097200",
|
|
"to_ids": true,
|
|
"type": "sha1",
|
|
"uuid": "35649e75-d206-4fbc-a6da-799bcd174fb9",
|
|
"value": "12c93bb262696314123562f8a4b158074c9f6b95"
|
|
},
|
|
{
|
|
"category": "Payload delivery",
|
|
"comment": "",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"object_relation": "sha256",
|
|
"timestamp": "1565097200",
|
|
"to_ids": true,
|
|
"type": "sha256",
|
|
"uuid": "59dd6a06-fe97-4b10-b504-62b17423c31c",
|
|
"value": "6a1f91b94bc6c7167967983a78aa1c8780decad66c278e3d7da5e8d4dbec4412"
|
|
}
|
|
]
|
|
},
|
|
{
|
|
"comment": "",
|
|
"deleted": false,
|
|
"description": "VirusTotal report",
|
|
"meta-category": "misc",
|
|
"name": "virustotal-report",
|
|
"template_uuid": "d7dd0154-e04f-4c34-a2fb-79f3a3a52aa4",
|
|
"template_version": "2",
|
|
"timestamp": "1565505175",
|
|
"uuid": "e1227ba7-e304-4792-8a0d-039b87b94ec0",
|
|
"Attribute": [
|
|
{
|
|
"category": "Other",
|
|
"comment": "",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"object_relation": "last-submission",
|
|
"timestamp": "1565097200",
|
|
"to_ids": false,
|
|
"type": "datetime",
|
|
"uuid": "7e17b294-cd02-4cbf-8360-6b980e944a60",
|
|
"value": "2019-08-07T07:57:31"
|
|
},
|
|
{
|
|
"category": "Payload delivery",
|
|
"comment": "",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"object_relation": "permalink",
|
|
"timestamp": "1565097200",
|
|
"to_ids": false,
|
|
"type": "link",
|
|
"uuid": "3004172e-acdc-4959-b3db-66f1c5d0abe0",
|
|
"value": "https://www.virustotal.com/file/6a1f91b94bc6c7167967983a78aa1c8780decad66c278e3d7da5e8d4dbec4412/analysis/1565164651/"
|
|
},
|
|
{
|
|
"category": "Payload delivery",
|
|
"comment": "",
|
|
"deleted": false,
|
|
"disable_correlation": true,
|
|
"object_relation": "detection-ratio",
|
|
"timestamp": "1565097200",
|
|
"to_ids": false,
|
|
"type": "text",
|
|
"uuid": "d02a7092-c6ff-445e-b8df-fa9ce122458f",
|
|
"value": "0/66"
|
|
}
|
|
]
|
|
},
|
|
{
|
|
"comment": "",
|
|
"deleted": false,
|
|
"description": "File object describing a file with meta-information",
|
|
"meta-category": "file",
|
|
"name": "file",
|
|
"template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215",
|
|
"template_version": "17",
|
|
"timestamp": "1565505175",
|
|
"uuid": "18ccf1e5-236a-4ad0-8556-2d5ff4532a11",
|
|
"ObjectReference": [
|
|
{
|
|
"comment": "",
|
|
"object_uuid": "18ccf1e5-236a-4ad0-8556-2d5ff4532a11",
|
|
"referenced_uuid": "ef63bd95-99e9-4843-9ad6-725ee617c410",
|
|
"relationship_type": "analysed-with",
|
|
"timestamp": "1565505179",
|
|
"uuid": "5d4fb69b-9358-4f19-bc3f-3d4f02de0b81"
|
|
}
|
|
],
|
|
"Attribute": [
|
|
{
|
|
"category": "Payload delivery",
|
|
"comment": "",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"object_relation": "md5",
|
|
"timestamp": "1565092661",
|
|
"to_ids": true,
|
|
"type": "md5",
|
|
"uuid": "c58752a7-e5a5-40ed-8d42-b72366b54dbe",
|
|
"value": "e880c09454a68b4714c6f184f7968070"
|
|
},
|
|
{
|
|
"category": "Payload delivery",
|
|
"comment": "",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"object_relation": "sha1",
|
|
"timestamp": "1565092661",
|
|
"to_ids": true,
|
|
"type": "sha1",
|
|
"uuid": "ea8f1d07-9a64-48c5-8441-2122cc7c3f03",
|
|
"value": "4dba5fe842b01b641a7228a4c8f805e4627c0012"
|
|
},
|
|
{
|
|
"category": "Payload delivery",
|
|
"comment": "",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"object_relation": "sha256",
|
|
"timestamp": "1565092661",
|
|
"to_ids": true,
|
|
"type": "sha256",
|
|
"uuid": "523c56e8-86ba-4f6c-bf78-cbed73831432",
|
|
"value": "c9cf8e159809cfa97971a0b84801c6aead32e03a423a2fd0ca1c402032b16a82"
|
|
}
|
|
]
|
|
},
|
|
{
|
|
"comment": "",
|
|
"deleted": false,
|
|
"description": "VirusTotal report",
|
|
"meta-category": "misc",
|
|
"name": "virustotal-report",
|
|
"template_uuid": "d7dd0154-e04f-4c34-a2fb-79f3a3a52aa4",
|
|
"template_version": "2",
|
|
"timestamp": "1565505175",
|
|
"uuid": "ef63bd95-99e9-4843-9ad6-725ee617c410",
|
|
"Attribute": [
|
|
{
|
|
"category": "Other",
|
|
"comment": "",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"object_relation": "last-submission",
|
|
"timestamp": "1565092661",
|
|
"to_ids": false,
|
|
"type": "datetime",
|
|
"uuid": "73ae0c5f-3822-44a5-8e6a-e0c5cc7ae015",
|
|
"value": "2019-08-09T10:12:09"
|
|
},
|
|
{
|
|
"category": "Payload delivery",
|
|
"comment": "",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"object_relation": "permalink",
|
|
"timestamp": "1565092661",
|
|
"to_ids": false,
|
|
"type": "link",
|
|
"uuid": "147b157c-4060-4849-8597-6b3cf41e56be",
|
|
"value": "https://www.virustotal.com/file/c9cf8e159809cfa97971a0b84801c6aead32e03a423a2fd0ca1c402032b16a82/analysis/1565345529/"
|
|
},
|
|
{
|
|
"category": "Payload delivery",
|
|
"comment": "",
|
|
"deleted": false,
|
|
"disable_correlation": true,
|
|
"object_relation": "detection-ratio",
|
|
"timestamp": "1565092661",
|
|
"to_ids": false,
|
|
"type": "text",
|
|
"uuid": "cab2413e-ee43-4916-8f7f-77eab426ae20",
|
|
"value": "41/62"
|
|
}
|
|
]
|
|
},
|
|
{
|
|
"comment": "",
|
|
"deleted": false,
|
|
"description": "File object describing a file with meta-information",
|
|
"meta-category": "file",
|
|
"name": "file",
|
|
"template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215",
|
|
"template_version": "17",
|
|
"timestamp": "1565505175",
|
|
"uuid": "66ffca83-f5bf-46b5-aa17-25a0da26b4a8",
|
|
"ObjectReference": [
|
|
{
|
|
"comment": "",
|
|
"object_uuid": "66ffca83-f5bf-46b5-aa17-25a0da26b4a8",
|
|
"referenced_uuid": "fa950a27-172c-4243-92fe-c54894fe8f03",
|
|
"relationship_type": "analysed-with",
|
|
"timestamp": "1565505179",
|
|
"uuid": "5d4fb69b-13f8-4813-85fc-3d4f02de0b81"
|
|
}
|
|
],
|
|
"Attribute": [
|
|
{
|
|
"category": "Payload delivery",
|
|
"comment": "",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"object_relation": "md5",
|
|
"timestamp": "1565098738",
|
|
"to_ids": true,
|
|
"type": "md5",
|
|
"uuid": "afa1fade-ec71-4646-8932-8bb835b346c3",
|
|
"value": "6f2bf181f8b9ca1d28465ed6bab6f3e2"
|
|
},
|
|
{
|
|
"category": "Payload delivery",
|
|
"comment": "",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"object_relation": "sha1",
|
|
"timestamp": "1565098738",
|
|
"to_ids": true,
|
|
"type": "sha1",
|
|
"uuid": "46ac9fe5-7d10-4ba7-a4e5-bde4bfb056f0",
|
|
"value": "ad1fce0c62b532d097dacfce149c452154d51eb0"
|
|
},
|
|
{
|
|
"category": "Payload delivery",
|
|
"comment": "",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"object_relation": "sha256",
|
|
"timestamp": "1565098738",
|
|
"to_ids": true,
|
|
"type": "sha256",
|
|
"uuid": "982224f0-365c-4b41-911e-4a12e95f542b",
|
|
"value": "8171cbd7bc06d905a7d77d2d0dd147b0b9305d76f76a176fbda4b78768656a47"
|
|
}
|
|
]
|
|
},
|
|
{
|
|
"comment": "",
|
|
"deleted": false,
|
|
"description": "VirusTotal report",
|
|
"meta-category": "misc",
|
|
"name": "virustotal-report",
|
|
"template_uuid": "d7dd0154-e04f-4c34-a2fb-79f3a3a52aa4",
|
|
"template_version": "2",
|
|
"timestamp": "1565505175",
|
|
"uuid": "fa950a27-172c-4243-92fe-c54894fe8f03",
|
|
"Attribute": [
|
|
{
|
|
"category": "Other",
|
|
"comment": "",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"object_relation": "last-submission",
|
|
"timestamp": "1565098738",
|
|
"to_ids": false,
|
|
"type": "datetime",
|
|
"uuid": "514b8275-5a02-4fa7-bbf3-44d83f3d4c03",
|
|
"value": "2019-08-09T10:13:10"
|
|
},
|
|
{
|
|
"category": "Payload delivery",
|
|
"comment": "",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"object_relation": "permalink",
|
|
"timestamp": "1565098738",
|
|
"to_ids": false,
|
|
"type": "link",
|
|
"uuid": "18817da9-db4e-468c-81ab-f0fc22af73df",
|
|
"value": "https://www.virustotal.com/file/8171cbd7bc06d905a7d77d2d0dd147b0b9305d76f76a176fbda4b78768656a47/analysis/1565345590/"
|
|
},
|
|
{
|
|
"category": "Payload delivery",
|
|
"comment": "",
|
|
"deleted": false,
|
|
"disable_correlation": true,
|
|
"object_relation": "detection-ratio",
|
|
"timestamp": "1565098738",
|
|
"to_ids": false,
|
|
"type": "text",
|
|
"uuid": "fe7700b1-4509-452c-83e0-697b67eea1de",
|
|
"value": "28/53"
|
|
}
|
|
]
|
|
},
|
|
{
|
|
"comment": "",
|
|
"deleted": false,
|
|
"description": "File object describing a file with meta-information",
|
|
"meta-category": "file",
|
|
"name": "file",
|
|
"template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215",
|
|
"template_version": "17",
|
|
"timestamp": "1565505176",
|
|
"uuid": "168eca3c-6b0c-495b-bc97-76fc044663da",
|
|
"ObjectReference": [
|
|
{
|
|
"comment": "",
|
|
"object_uuid": "168eca3c-6b0c-495b-bc97-76fc044663da",
|
|
"referenced_uuid": "299f2cd3-4943-45c0-89fd-688831a58235",
|
|
"relationship_type": "analysed-with",
|
|
"timestamp": "1565505179",
|
|
"uuid": "5d4fb69b-edec-4d3f-9b9b-3d4f02de0b81"
|
|
}
|
|
],
|
|
"Attribute": [
|
|
{
|
|
"category": "Payload delivery",
|
|
"comment": "",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"object_relation": "md5",
|
|
"timestamp": "1565098557",
|
|
"to_ids": true,
|
|
"type": "md5",
|
|
"uuid": "4dd57698-4de4-4f5d-a8f2-214e87a05782",
|
|
"value": "9f1e5d66c2889018daef4aef604eebc4"
|
|
},
|
|
{
|
|
"category": "Payload delivery",
|
|
"comment": "",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"object_relation": "sha1",
|
|
"timestamp": "1565098557",
|
|
"to_ids": true,
|
|
"type": "sha1",
|
|
"uuid": "58f2fc0a-2556-4ba9-a0be-2db8980f5224",
|
|
"value": "b80294261c8a1635e16e14f55a3d76889ff2c857"
|
|
},
|
|
{
|
|
"category": "Payload delivery",
|
|
"comment": "",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"object_relation": "sha256",
|
|
"timestamp": "1565098557",
|
|
"to_ids": true,
|
|
"type": "sha256",
|
|
"uuid": "65d1802c-b6a5-46c6-ad2b-bfce99794f5d",
|
|
"value": "02a81aea451cdfa2cd6668e3b814c4e50c6025e36b70ab972a8cc68aba5b3222"
|
|
}
|
|
]
|
|
},
|
|
{
|
|
"comment": "",
|
|
"deleted": false,
|
|
"description": "VirusTotal report",
|
|
"meta-category": "misc",
|
|
"name": "virustotal-report",
|
|
"template_uuid": "d7dd0154-e04f-4c34-a2fb-79f3a3a52aa4",
|
|
"template_version": "2",
|
|
"timestamp": "1565505176",
|
|
"uuid": "299f2cd3-4943-45c0-89fd-688831a58235",
|
|
"Attribute": [
|
|
{
|
|
"category": "Other",
|
|
"comment": "",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"object_relation": "last-submission",
|
|
"timestamp": "1565098557",
|
|
"to_ids": false,
|
|
"type": "datetime",
|
|
"uuid": "0abdb5b6-5361-4012-ba4b-bca90ddac639",
|
|
"value": "2019-08-06T18:49:02"
|
|
},
|
|
{
|
|
"category": "Payload delivery",
|
|
"comment": "",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"object_relation": "permalink",
|
|
"timestamp": "1565098557",
|
|
"to_ids": false,
|
|
"type": "link",
|
|
"uuid": "e629edd0-952f-4a57-87c7-3ebfe9e54987",
|
|
"value": "https://www.virustotal.com/file/02a81aea451cdfa2cd6668e3b814c4e50c6025e36b70ab972a8cc68aba5b3222/analysis/1565117342/"
|
|
},
|
|
{
|
|
"category": "Payload delivery",
|
|
"comment": "",
|
|
"deleted": false,
|
|
"disable_correlation": true,
|
|
"object_relation": "detection-ratio",
|
|
"timestamp": "1565098557",
|
|
"to_ids": false,
|
|
"type": "text",
|
|
"uuid": "98555b2e-b57c-4506-9068-8f11a7d07ca1",
|
|
"value": "1/66"
|
|
}
|
|
]
|
|
},
|
|
{
|
|
"comment": "",
|
|
"deleted": false,
|
|
"description": "File object describing a file with meta-information",
|
|
"meta-category": "file",
|
|
"name": "file",
|
|
"template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215",
|
|
"template_version": "17",
|
|
"timestamp": "1565505176",
|
|
"uuid": "0f1baa55-4a99-4cc2-84d1-7032ab3b20a6",
|
|
"ObjectReference": [
|
|
{
|
|
"comment": "",
|
|
"object_uuid": "0f1baa55-4a99-4cc2-84d1-7032ab3b20a6",
|
|
"referenced_uuid": "fef464cf-27a2-4bfb-bf12-4adb789baa4e",
|
|
"relationship_type": "analysed-with",
|
|
"timestamp": "1565505179",
|
|
"uuid": "5d4fb69b-1ad0-404b-8a17-3d4f02de0b81"
|
|
}
|
|
],
|
|
"Attribute": [
|
|
{
|
|
"category": "Payload delivery",
|
|
"comment": "",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"object_relation": "md5",
|
|
"timestamp": "1565098533",
|
|
"to_ids": true,
|
|
"type": "md5",
|
|
"uuid": "05c05f6c-c8e6-4c2e-96db-dfa9f3a65990",
|
|
"value": "55ffee241709ae96cf64cb0b9a96f0d7"
|
|
},
|
|
{
|
|
"category": "Payload delivery",
|
|
"comment": "",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"object_relation": "sha1",
|
|
"timestamp": "1565098533",
|
|
"to_ids": true,
|
|
"type": "sha1",
|
|
"uuid": "888b14ee-a2e5-4504-9b28-075a24cfc8d2",
|
|
"value": "b191810094dd2ee6b13c0d33458fafcd459681ae"
|
|
},
|
|
{
|
|
"category": "Payload delivery",
|
|
"comment": "",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"object_relation": "sha256",
|
|
"timestamp": "1565098533",
|
|
"to_ids": true,
|
|
"type": "sha256",
|
|
"uuid": "4f898918-50b9-491b-bf07-3d0bb4c69e51",
|
|
"value": "64bc6cf6b6e9850cea2a36cabc88982b0b936dd7f0bc169a2f6dd2a5d1e86abf"
|
|
}
|
|
]
|
|
},
|
|
{
|
|
"comment": "",
|
|
"deleted": false,
|
|
"description": "VirusTotal report",
|
|
"meta-category": "misc",
|
|
"name": "virustotal-report",
|
|
"template_uuid": "d7dd0154-e04f-4c34-a2fb-79f3a3a52aa4",
|
|
"template_version": "2",
|
|
"timestamp": "1565505176",
|
|
"uuid": "fef464cf-27a2-4bfb-bf12-4adb789baa4e",
|
|
"Attribute": [
|
|
{
|
|
"category": "Other",
|
|
"comment": "",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"object_relation": "last-submission",
|
|
"timestamp": "1565098533",
|
|
"to_ids": false,
|
|
"type": "datetime",
|
|
"uuid": "932dfeb4-c96d-4337-b8ac-b19215b28b68",
|
|
"value": "2019-08-09T01:41:32"
|
|
},
|
|
{
|
|
"category": "Payload delivery",
|
|
"comment": "",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"object_relation": "permalink",
|
|
"timestamp": "1565098533",
|
|
"to_ids": false,
|
|
"type": "link",
|
|
"uuid": "2ef12f33-7867-4996-a410-c4022c862b9d",
|
|
"value": "https://www.virustotal.com/file/64bc6cf6b6e9850cea2a36cabc88982b0b936dd7f0bc169a2f6dd2a5d1e86abf/analysis/1565314892/"
|
|
},
|
|
{
|
|
"category": "Payload delivery",
|
|
"comment": "",
|
|
"deleted": false,
|
|
"disable_correlation": true,
|
|
"object_relation": "detection-ratio",
|
|
"timestamp": "1565098533",
|
|
"to_ids": false,
|
|
"type": "text",
|
|
"uuid": "40e4ead5-bde4-4c4e-80ff-95d7236b9f0a",
|
|
"value": "0/68"
|
|
}
|
|
]
|
|
},
|
|
{
|
|
"comment": "",
|
|
"deleted": false,
|
|
"description": "File object describing a file with meta-information",
|
|
"meta-category": "file",
|
|
"name": "file",
|
|
"template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215",
|
|
"template_version": "17",
|
|
"timestamp": "1565505176",
|
|
"uuid": "a7c89ed2-b308-4953-98a4-8b7b7f74f90e",
|
|
"ObjectReference": [
|
|
{
|
|
"comment": "",
|
|
"object_uuid": "a7c89ed2-b308-4953-98a4-8b7b7f74f90e",
|
|
"referenced_uuid": "76da6429-cbfd-4a4b-83ad-a6511f97a14e",
|
|
"relationship_type": "analysed-with",
|
|
"timestamp": "1565505179",
|
|
"uuid": "5d4fb69b-185c-4630-8d67-3d4f02de0b81"
|
|
}
|
|
],
|
|
"Attribute": [
|
|
{
|
|
"category": "Payload delivery",
|
|
"comment": "",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"object_relation": "md5",
|
|
"timestamp": "1565098719",
|
|
"to_ids": true,
|
|
"type": "md5",
|
|
"uuid": "e03c3805-8c35-4074-b686-38cff67c0f04",
|
|
"value": "1091a566e2f44bada1f814998034bd04"
|
|
},
|
|
{
|
|
"category": "Payload delivery",
|
|
"comment": "",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"object_relation": "sha1",
|
|
"timestamp": "1565098719",
|
|
"to_ids": true,
|
|
"type": "sha1",
|
|
"uuid": "91d5cae9-79c6-429e-b1a7-a758edad8c8a",
|
|
"value": "e0c8e11f8b271c1e40f5c184afa427ffe99444f8"
|
|
},
|
|
{
|
|
"category": "Payload delivery",
|
|
"comment": "",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"object_relation": "sha256",
|
|
"timestamp": "1565098719",
|
|
"to_ids": true,
|
|
"type": "sha256",
|
|
"uuid": "786f1ff3-dcec-4f0a-b6c9-c2145f93b751",
|
|
"value": "1c17cf7af862cdb0af2f5540391ac3d0b427bd6369cf1a5fbb8d82fb80964d1c"
|
|
}
|
|
]
|
|
},
|
|
{
|
|
"comment": "",
|
|
"deleted": false,
|
|
"description": "VirusTotal report",
|
|
"meta-category": "misc",
|
|
"name": "virustotal-report",
|
|
"template_uuid": "d7dd0154-e04f-4c34-a2fb-79f3a3a52aa4",
|
|
"template_version": "2",
|
|
"timestamp": "1565505177",
|
|
"uuid": "76da6429-cbfd-4a4b-83ad-a6511f97a14e",
|
|
"Attribute": [
|
|
{
|
|
"category": "Other",
|
|
"comment": "",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"object_relation": "last-submission",
|
|
"timestamp": "1565098719",
|
|
"to_ids": false,
|
|
"type": "datetime",
|
|
"uuid": "753365f1-529c-40e2-80d8-2996a57fb0f6",
|
|
"value": "2019-08-09T10:12:08"
|
|
},
|
|
{
|
|
"category": "Payload delivery",
|
|
"comment": "",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"object_relation": "permalink",
|
|
"timestamp": "1565098719",
|
|
"to_ids": false,
|
|
"type": "link",
|
|
"uuid": "b2c2427d-024a-4003-97f2-4c661da00e90",
|
|
"value": "https://www.virustotal.com/file/1c17cf7af862cdb0af2f5540391ac3d0b427bd6369cf1a5fbb8d82fb80964d1c/analysis/1565345528/"
|
|
},
|
|
{
|
|
"category": "Payload delivery",
|
|
"comment": "",
|
|
"deleted": false,
|
|
"disable_correlation": true,
|
|
"object_relation": "detection-ratio",
|
|
"timestamp": "1565098719",
|
|
"to_ids": false,
|
|
"type": "text",
|
|
"uuid": "f6edb2bf-fafc-4ee9-9aae-82b2531b3718",
|
|
"value": "25/52"
|
|
}
|
|
]
|
|
},
|
|
{
|
|
"comment": "",
|
|
"deleted": false,
|
|
"description": "File object describing a file with meta-information",
|
|
"meta-category": "file",
|
|
"name": "file",
|
|
"template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215",
|
|
"template_version": "17",
|
|
"timestamp": "1565505177",
|
|
"uuid": "8ea7872e-f1cb-4652-945b-4f8f9558f662",
|
|
"ObjectReference": [
|
|
{
|
|
"comment": "",
|
|
"object_uuid": "8ea7872e-f1cb-4652-945b-4f8f9558f662",
|
|
"referenced_uuid": "569e0439-c30e-444a-8ef9-76c1388c03a6",
|
|
"relationship_type": "analysed-with",
|
|
"timestamp": "1565505179",
|
|
"uuid": "5d4fb69b-97a4-49a6-9b81-3d4f02de0b81"
|
|
}
|
|
],
|
|
"Attribute": [
|
|
{
|
|
"category": "Payload delivery",
|
|
"comment": "",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"object_relation": "md5",
|
|
"timestamp": "1565090840",
|
|
"to_ids": true,
|
|
"type": "md5",
|
|
"uuid": "e7d2e89e-8e13-403e-8317-372674360c44",
|
|
"value": "4a3cdcef8ed41b221f3dbef5792fb52d"
|
|
},
|
|
{
|
|
"category": "Payload delivery",
|
|
"comment": "",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"object_relation": "sha1",
|
|
"timestamp": "1565090840",
|
|
"to_ids": true,
|
|
"type": "sha1",
|
|
"uuid": "e9f57636-dba4-452e-86ad-571a906d468e",
|
|
"value": "6c04499f7406e270b590374ef813c4012530273e"
|
|
},
|
|
{
|
|
"category": "Payload delivery",
|
|
"comment": "",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"object_relation": "sha256",
|
|
"timestamp": "1565090840",
|
|
"to_ids": true,
|
|
"type": "sha256",
|
|
"uuid": "992517b4-6057-438f-a1e4-4eeab3b417e6",
|
|
"value": "6bb5f3a7147660db416b838893c7d0734872ada9f7db68b1d019043a1cb89397"
|
|
}
|
|
]
|
|
},
|
|
{
|
|
"comment": "",
|
|
"deleted": false,
|
|
"description": "VirusTotal report",
|
|
"meta-category": "misc",
|
|
"name": "virustotal-report",
|
|
"template_uuid": "d7dd0154-e04f-4c34-a2fb-79f3a3a52aa4",
|
|
"template_version": "2",
|
|
"timestamp": "1565505177",
|
|
"uuid": "569e0439-c30e-444a-8ef9-76c1388c03a6",
|
|
"Attribute": [
|
|
{
|
|
"category": "Other",
|
|
"comment": "",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"object_relation": "last-submission",
|
|
"timestamp": "1565090840",
|
|
"to_ids": false,
|
|
"type": "datetime",
|
|
"uuid": "0ccdca69-9f20-42e3-ab13-e2e6b98cc13e",
|
|
"value": "2019-08-09T12:53:04"
|
|
},
|
|
{
|
|
"category": "Payload delivery",
|
|
"comment": "",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"object_relation": "permalink",
|
|
"timestamp": "1565090840",
|
|
"to_ids": false,
|
|
"type": "link",
|
|
"uuid": "8db662d3-7baf-4543-b958-bdebb1bdb185",
|
|
"value": "https://www.virustotal.com/file/6bb5f3a7147660db416b838893c7d0734872ada9f7db68b1d019043a1cb89397/analysis/1565355184/"
|
|
},
|
|
{
|
|
"category": "Payload delivery",
|
|
"comment": "",
|
|
"deleted": false,
|
|
"disable_correlation": true,
|
|
"object_relation": "detection-ratio",
|
|
"timestamp": "1565090840",
|
|
"to_ids": false,
|
|
"type": "text",
|
|
"uuid": "8c2c7ee6-599a-4468-bb8f-e90793092ed1",
|
|
"value": "0/66"
|
|
}
|
|
]
|
|
},
|
|
{
|
|
"comment": "",
|
|
"deleted": false,
|
|
"description": "File object describing a file with meta-information",
|
|
"meta-category": "file",
|
|
"name": "file",
|
|
"template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215",
|
|
"template_version": "17",
|
|
"timestamp": "1565505177",
|
|
"uuid": "71291c97-7e50-4601-8836-d13f6a601564",
|
|
"ObjectReference": [
|
|
{
|
|
"comment": "",
|
|
"object_uuid": "71291c97-7e50-4601-8836-d13f6a601564",
|
|
"referenced_uuid": "29b46ebc-f105-45dd-9b0e-c50ac28523bb",
|
|
"relationship_type": "analysed-with",
|
|
"timestamp": "1565505179",
|
|
"uuid": "5d4fb69b-3124-4b2e-bd96-3d4f02de0b81"
|
|
}
|
|
],
|
|
"Attribute": [
|
|
{
|
|
"category": "Payload delivery",
|
|
"comment": "",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"object_relation": "md5",
|
|
"timestamp": "1565097237",
|
|
"to_ids": true,
|
|
"type": "md5",
|
|
"uuid": "ce9d3adb-fe5f-4844-aa45-4b9413e6ee44",
|
|
"value": "88eca26e7f720a3faa94864359681590"
|
|
},
|
|
{
|
|
"category": "Payload delivery",
|
|
"comment": "",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"object_relation": "sha1",
|
|
"timestamp": "1565097237",
|
|
"to_ids": true,
|
|
"type": "sha1",
|
|
"uuid": "bbc7ae69-b74b-4615-bc9d-b0b9979d84a0",
|
|
"value": "6d80a959e7f52150fda2241a4073a29085c9386b"
|
|
},
|
|
{
|
|
"category": "Payload delivery",
|
|
"comment": "",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"object_relation": "sha256",
|
|
"timestamp": "1565097237",
|
|
"to_ids": true,
|
|
"type": "sha256",
|
|
"uuid": "0c0a283e-42a5-4457-9681-47190327e1be",
|
|
"value": "b7e72ad59f05b67e7f44f071e7c3e46a490261c653cac66063ceed52c176fae0"
|
|
}
|
|
]
|
|
},
|
|
{
|
|
"comment": "",
|
|
"deleted": false,
|
|
"description": "VirusTotal report",
|
|
"meta-category": "misc",
|
|
"name": "virustotal-report",
|
|
"template_uuid": "d7dd0154-e04f-4c34-a2fb-79f3a3a52aa4",
|
|
"template_version": "2",
|
|
"timestamp": "1565505178",
|
|
"uuid": "29b46ebc-f105-45dd-9b0e-c50ac28523bb",
|
|
"Attribute": [
|
|
{
|
|
"category": "Other",
|
|
"comment": "",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"object_relation": "last-submission",
|
|
"timestamp": "1565097237",
|
|
"to_ids": false,
|
|
"type": "datetime",
|
|
"uuid": "9d0e29a6-ce2e-4af8-baa0-f1a20ea19ae3",
|
|
"value": "2019-08-09T10:12:08"
|
|
},
|
|
{
|
|
"category": "Payload delivery",
|
|
"comment": "",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"object_relation": "permalink",
|
|
"timestamp": "1565097237",
|
|
"to_ids": false,
|
|
"type": "link",
|
|
"uuid": "9bb01340-6430-43f8-be1d-2c9c37985fcc",
|
|
"value": "https://www.virustotal.com/file/b7e72ad59f05b67e7f44f071e7c3e46a490261c653cac66063ceed52c176fae0/analysis/1565345528/"
|
|
},
|
|
{
|
|
"category": "Payload delivery",
|
|
"comment": "",
|
|
"deleted": false,
|
|
"disable_correlation": true,
|
|
"object_relation": "detection-ratio",
|
|
"timestamp": "1565097237",
|
|
"to_ids": false,
|
|
"type": "text",
|
|
"uuid": "dae0b425-f835-4ad2-87f8-709822134d4b",
|
|
"value": "38/62"
|
|
}
|
|
]
|
|
}
|
|
]
|
|
}
|
|
} |