adulau/misp-circl-feed
1
0
Fork 0
Code Issues 1 Pull requests Projects 1 Releases Packages Wiki Activity Actions
misp-circl-feed/feeds/circl/misp/5dc3249f-6ebc-44fd-b78d-448d02de0b81.json

823 lines
No EOL
30 KiB
JSON
Raw Blame History

{
"Event": {
"analysis": "0",
"date": "2019-07-12",
"extends_uuid": "",
"info": "OSINT - BitPaymer Source Code Fork: Meet DoppelPaymer Ransomware and Dridex 2.0",
"publish_timestamp": "1573070572",
"published": true,
"threat_level_id": "3",
"timestamp": "1573070402",
"uuid": "5dc3249f-6ebc-44fd-b78d-448d02de0b81",
"Orgc": {
"name": "CIRCL",
"uuid": "55f6ea5e-2c60-40e5-964f-47a8950d210f"
},
"Tag": [
{
"colour": "#0088cc",
"local": false,
"name": "misp-galaxy:malpedia=\"Dridex\"",
"relationship_type": ""
},
{
"colour": "#0088cc",
"local": false,
"name": "misp-galaxy:malpedia=\"FriedEx\"",
"relationship_type": ""
},
{
"colour": "#0088cc",
"local": false,
"name": "misp-galaxy:ransomware=\"Bitpaymer\"",
"relationship_type": ""
},
{
"colour": "#0088cc",
"local": false,
"name": "misp-galaxy:threat-actor=\"INDRIK SPIDER\"",
"relationship_type": ""
},
{
"colour": "#004646",
"local": false,
"name": "type:OSINT",
"relationship_type": ""
},
{
"colour": "#0071c3",
"local": false,
"name": "osint:lifetime=\"perpetual\"",
"relationship_type": ""
},
{
"colour": "#ffffff",
"local": false,
"name": "tlp:white",
"relationship_type": ""
}
],
"Attribute": [
{
"category": "Payload delivery",
"comment": "Encrypted PE Files Embedded in DoppelPaymer",
"deleted": false,
"disable_correlation": false,
"timestamp": "1573070042",
"to_ids": true,
"type": "sha256",
"uuid": "5dc324da-8930-4832-84ae-428102de0b81",
"value": "51d8618ec86159327e883615ad8989c7638172cf801f65ab0367e5b2e6af596a"
},
{
"category": "Payload delivery",
"comment": "Encrypted PE Files Embedded in DoppelPaymer",
"deleted": false,
"disable_correlation": false,
"timestamp": "1573070042",
"to_ids": true,
"type": "sha256",
"uuid": "5dc324da-3aa8-4672-a5c8-461502de0b81",
"value": "d4a0fe56316a2c45b9ba9ac1005363309a3edc7acf9e4df64d326a0ff273e80f"
},
{
"category": "Payload delivery",
"comment": "Encrypted PE Files Embedded in DoppelPaymer",
"deleted": false,
"disable_correlation": false,
"timestamp": "1573070042",
"to_ids": true,
"type": "sha256",
"uuid": "5dc324da-4734-4603-be54-44eb02de0b81",
"value": "0f97f6d53fff47914174bc3a05fb016e2c02ed0b43c827e5e5aadba2d244aecc"
},
{
"category": "Payload delivery",
"comment": "Encrypted PE Files Embedded in DoppelPaymer",
"deleted": false,
"disable_correlation": false,
"timestamp": "1573070042",
"to_ids": true,
"type": "sha256",
"uuid": "5dc324da-7284-4a03-880f-4c9d02de0b81",
"value": "bfb7e62ba4ad5975e68a1beefb045cb72e056911fd7a8b070a15029dfcbbefe1"
},
{
"category": "Payload delivery",
"comment": "Encrypted PE Files Embedded in DoppelPaymer",
"deleted": false,
"disable_correlation": false,
"timestamp": "1573070042",
"to_ids": true,
"type": "sha256",
"uuid": "5dc324da-eef0-4d5e-bc21-4c5402de0b81",
"value": "bd2c2cf0631d881ed382817afcce2b093f4e412ffb170a719e2762f250abfea4"
},
{
"category": "Payload delivery",
"comment": "Encrypted PE Files Embedded in DoppelPaymer",
"deleted": false,
"disable_correlation": false,
"timestamp": "1573070042",
"to_ids": true,
"type": "sha256",
"uuid": "5dc324da-7f9c-4659-abea-402a02de0b81",
"value": "70211a3f90376bbc61f49c22a63075d1d4ddd53f0aefa976216c46e6ba39a9f4"
},
{
"category": "External analysis",
"comment": "",
"deleted": false,
"disable_correlation": false,
"timestamp": "1573070193",
"to_ids": false,
"type": "text",
"uuid": "5dc32571-aa74-4179-8f74-42bc02de0b81",
"value": "CrowdStrike\u00c2\u00ae Intelligence has identified a new ransomware variant identifying itself as BitPaymer. This new variant was behind a series of ransomware campaigns beginning in June 2019, including attacks against the City of Edcouch, Texas and the Chilean Ministry of Agriculture. \r\n\r\nWe have dubbed this new ransomware DoppelPaymer because it shares most of its code with the BitPaymer ransomware operated by INDRIK SPIDER. However, there are a number of differences between DoppelPaymer and BitPaymer, which may signify that one or more members of INDRIK SPIDER have split from the group and forked the source code of both Dridex and BitPaymer to start their own Big Game Hunting ransomware operation."
},
{
"category": "Payload delivery",
"comment": "DoppelPaymer",
"deleted": false,
"disable_correlation": false,
"timestamp": "1573070265",
"to_ids": true,
"type": "sha256",
"uuid": "5dc325b9-7018-496a-b223-4b7602de0b81",
"value": "801b04a1504f167c25f568f8d7cbac13bdde6440a609d0dcd64ebe225c197f9b"
},
{
"category": "Payload delivery",
"comment": "Dridex 2.0",
"deleted": false,
"disable_correlation": false,
"timestamp": "1573070265",
"to_ids": true,
"type": "sha256",
"uuid": "5dc325b9-a748-403f-abcc-428c02de0b81",
"value": "813d8020f32fefe01b66bea0ce63834adef2e725801b4b761f5ea90ac4facd3a"
},
{
"category": "External analysis",
"comment": "",
"deleted": false,
"disable_correlation": false,
"timestamp": "1573070309",
"to_ids": false,
"type": "link",
"uuid": "5dc325e5-6214-4a8f-bf43-441102de0b81",
"value": "https://www.crowdstrike.com/blog/doppelpaymer-ransomware-and-dridex-2/"
}
],
"Object": [
{
"comment": "",
"deleted": false,
"description": "File object describing a file with meta-information",
"meta-category": "file",
"name": "file",
"template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215",
"template_version": "17",
"timestamp": "1573070355",
"uuid": "bca0440a-4555-4587-b5a2-a541bd2a4dc9",
"ObjectReference": [
{
"comment": "",
"object_uuid": "bca0440a-4555-4587-b5a2-a541bd2a4dc9",
"referenced_uuid": "b9af0b6b-5e5d-43a1-84c7-21e1357665f1",
"relationship_type": "analysed-with",
"timestamp": "1573070358",
"uuid": "5dc32616-bf38-40f6-9216-48ae02de0b81"
}
],
"Attribute": [
{
"category": "Payload delivery",
"comment": "Encrypted PE Files Embedded in DoppelPaymer",
"deleted": false,
"disable_correlation": false,
"object_relation": "md5",
"timestamp": "1573070042",
"to_ids": true,
"type": "md5",
"uuid": "fad27e7e-3ae1-4ca0-8e3d-3e689a8636af",
"value": "1b5c3c458e31bede55145d0644e88d75"
},
{
"category": "Payload delivery",
"comment": "Encrypted PE Files Embedded in DoppelPaymer",
"deleted": false,
"disable_correlation": false,
"object_relation": "sha1",
"timestamp": "1573070042",
"to_ids": true,
"type": "sha1",
"uuid": "e0f7186a-8b1c-46ce-a13a-578562b54802",
"value": "a21c84c6bf2e21d69fa06daaf19b4cc34b589347"
},
{
"category": "Payload delivery",
"comment": "Encrypted PE Files Embedded in DoppelPaymer",
"deleted": false,
"disable_correlation": false,
"object_relation": "sha256",
"timestamp": "1573070042",
"to_ids": true,
"type": "sha256",
"uuid": "76a94837-7503-46f6-88d1-14f62bb0c23d",
"value": "70211a3f90376bbc61f49c22a63075d1d4ddd53f0aefa976216c46e6ba39a9f4"
}
]
},
{
"comment": "",
"deleted": false,
"description": "VirusTotal report",
"meta-category": "misc",
"name": "virustotal-report",
"template_uuid": "d7dd0154-e04f-4c34-a2fb-79f3a3a52aa4",
"template_version": "2",
"timestamp": "1573070355",
"uuid": "b9af0b6b-5e5d-43a1-84c7-21e1357665f1",
"Attribute": [
{
"category": "Other",
"comment": "Encrypted PE Files Embedded in DoppelPaymer",
"deleted": false,
"disable_correlation": false,
"object_relation": "last-submission",
"timestamp": "1573070042",
"to_ids": false,
"type": "datetime",
"uuid": "590eabf8-daae-48fa-93f7-a6881b74188d",
"value": "2019-11-05T13:32:39"
},
{
"category": "Payload delivery",
"comment": "Encrypted PE Files Embedded in DoppelPaymer",
"deleted": false,
"disable_correlation": false,
"object_relation": "permalink",
"timestamp": "1573070042",
"to_ids": false,
"type": "link",
"uuid": "7de0a36e-6553-4bca-b8f3-2496fa7c6ae6",
"value": "https://www.virustotal.com/file/70211a3f90376bbc61f49c22a63075d1d4ddd53f0aefa976216c46e6ba39a9f4/analysis/1572960759/"
},
{
"category": "Payload delivery",
"comment": "Encrypted PE Files Embedded in DoppelPaymer",
"deleted": false,
"disable_correlation": true,
"object_relation": "detection-ratio",
"timestamp": "1573070042",
"to_ids": false,
"type": "text",
"uuid": "28dc293f-7fb7-49e5-9c3e-8bee49d6f3b2",
"value": "15/71"
}
]
},
{
"comment": "",
"deleted": false,
"description": "File object describing a file with meta-information",
"meta-category": "file",
"name": "file",
"template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215",
"template_version": "17",
"timestamp": "1573070355",
"uuid": "9ae6b1c8-d364-4e47-acf7-f6730fb4465c",
"ObjectReference": [
{
"comment": "",
"object_uuid": "9ae6b1c8-d364-4e47-acf7-f6730fb4465c",
"referenced_uuid": "b440661e-36e3-4b91-86ff-fa8760b84317",
"relationship_type": "analysed-with",
"timestamp": "1573070359",
"uuid": "5dc32617-22f8-4c0f-8553-4ead02de0b81"
}
],
"Attribute": [
{
"category": "Payload delivery",
"comment": "Encrypted PE Files Embedded in DoppelPaymer",
"deleted": false,
"disable_correlation": false,
"object_relation": "md5",
"timestamp": "1573070042",
"to_ids": true,
"type": "md5",
"uuid": "365142b1-836f-4269-a5df-2fc62bf30c9f",
"value": "68f9b52895f4d34e74112f3129b3b00d"
},
{
"category": "Payload delivery",
"comment": "Encrypted PE Files Embedded in DoppelPaymer",
"deleted": false,
"disable_correlation": false,
"object_relation": "sha1",
"timestamp": "1573070042",
"to_ids": true,
"type": "sha1",
"uuid": "5f9247bf-65cd-4e0f-a807-af3ab269ffad",
"value": "c5e2018bf7c0f314fed4fd7fe7e69fa2e648359e"
},
{
"category": "Payload delivery",
"comment": "Encrypted PE Files Embedded in DoppelPaymer",
"deleted": false,
"disable_correlation": false,
"object_relation": "sha256",
"timestamp": "1573070042",
"to_ids": true,
"type": "sha256",
"uuid": "8dd71731-29ab-4200-bfb5-fcb3fc79b079",
"value": "d4a0fe56316a2c45b9ba9ac1005363309a3edc7acf9e4df64d326a0ff273e80f"
}
]
},
{
"comment": "",
"deleted": false,
"description": "VirusTotal report",
"meta-category": "misc",
"name": "virustotal-report",
"template_uuid": "d7dd0154-e04f-4c34-a2fb-79f3a3a52aa4",
"template_version": "2",
"timestamp": "1573070356",
"uuid": "b440661e-36e3-4b91-86ff-fa8760b84317",
"Attribute": [
{
"category": "Other",
"comment": "Encrypted PE Files Embedded in DoppelPaymer",
"deleted": false,
"disable_correlation": false,
"object_relation": "last-submission",
"timestamp": "1573070042",
"to_ids": false,
"type": "datetime",
"uuid": "2d422e88-d201-4694-bbd7-866a38115bf8",
"value": "2019-11-05T15:07:41"
},
{
"category": "Payload delivery",
"comment": "Encrypted PE Files Embedded in DoppelPaymer",
"deleted": false,
"disable_correlation": false,
"object_relation": "permalink",
"timestamp": "1573070042",
"to_ids": false,
"type": "link",
"uuid": "3e29cdd3-6698-46ac-a2e0-37658066a1a7",
"value": "https://www.virustotal.com/file/d4a0fe56316a2c45b9ba9ac1005363309a3edc7acf9e4df64d326a0ff273e80f/analysis/1572966461/"
},
{
"category": "Payload delivery",
"comment": "Encrypted PE Files Embedded in DoppelPaymer",
"deleted": false,
"disable_correlation": true,
"object_relation": "detection-ratio",
"timestamp": "1573070042",
"to_ids": false,
"type": "text",
"uuid": "4d55f6ac-dcd5-4ac6-8eca-d33081e4708a",
"value": "17/71"
}
]
},
{
"comment": "",
"deleted": false,
"description": "File object describing a file with meta-information",
"meta-category": "file",
"name": "file",
"template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215",
"template_version": "17",
"timestamp": "1573070356",
"uuid": "756d7b88-3347-4a0c-9fef-01dbddfd34bb",
"ObjectReference": [
{
"comment": "",
"object_uuid": "756d7b88-3347-4a0c-9fef-01dbddfd34bb",
"referenced_uuid": "6d1c9b11-06c8-4813-9485-89269e343f91",
"relationship_type": "analysed-with",
"timestamp": "1573070359",
"uuid": "5dc32617-be28-413a-9044-46a002de0b81"
}
],
"Attribute": [
{
"category": "Payload delivery",
"comment": "Encrypted PE Files Embedded in DoppelPaymer",
"deleted": false,
"disable_correlation": false,
"object_relation": "md5",
"timestamp": "1573070042",
"to_ids": true,
"type": "md5",
"uuid": "303f295e-6383-41e6-8d9d-0bd8799ba3ca",
"value": "6365fe1d37545c71cbe2719ac7831bdd"
},
{
"category": "Payload delivery",
"comment": "Encrypted PE Files Embedded in DoppelPaymer",
"deleted": false,
"disable_correlation": false,
"object_relation": "sha1",
"timestamp": "1573070042",
"to_ids": true,
"type": "sha1",
"uuid": "09614ec9-75b2-40d1-9c6c-9745ffd3b6f4",
"value": "9356d660cebd2604ec4e72967f44678741331d5a"
},
{
"category": "Payload delivery",
"comment": "Encrypted PE Files Embedded in DoppelPaymer",
"deleted": false,
"disable_correlation": false,
"object_relation": "sha256",
"timestamp": "1573070042",
"to_ids": true,
"type": "sha256",
"uuid": "3b9683ca-5564-4cfd-aff2-921dcdcc4cf8",
"value": "0f97f6d53fff47914174bc3a05fb016e2c02ed0b43c827e5e5aadba2d244aecc"
}
]
},
{
"comment": "",
"deleted": false,
"description": "VirusTotal report",
"meta-category": "misc",
"name": "virustotal-report",
"template_uuid": "d7dd0154-e04f-4c34-a2fb-79f3a3a52aa4",
"template_version": "2",
"timestamp": "1573070357",
"uuid": "6d1c9b11-06c8-4813-9485-89269e343f91",
"Attribute": [
{
"category": "Other",
"comment": "Encrypted PE Files Embedded in DoppelPaymer",
"deleted": false,
"disable_correlation": false,
"object_relation": "last-submission",
"timestamp": "1573070042",
"to_ids": false,
"type": "datetime",
"uuid": "2087010a-da8e-4132-b113-308e02d41f06",
"value": "2019-11-04T12:24:35"
},
{
"category": "Payload delivery",
"comment": "Encrypted PE Files Embedded in DoppelPaymer",
"deleted": false,
"disable_correlation": false,
"object_relation": "permalink",
"timestamp": "1573070042",
"to_ids": false,
"type": "link",
"uuid": "d1cd1211-5d23-4442-94c1-6973a0b3e6cf",
"value": "https://www.virustotal.com/file/0f97f6d53fff47914174bc3a05fb016e2c02ed0b43c827e5e5aadba2d244aecc/analysis/1572870275/"
},
{
"category": "Payload delivery",
"comment": "Encrypted PE Files Embedded in DoppelPaymer",
"deleted": false,
"disable_correlation": true,
"object_relation": "detection-ratio",
"timestamp": "1573070042",
"to_ids": false,
"type": "text",
"uuid": "72338110-8f9a-4c07-ab93-d926bbe4fe0e",
"value": "14/70"
}
]
},
{
"comment": "",
"deleted": false,
"description": "File object describing a file with meta-information",
"meta-category": "file",
"name": "file",
"template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215",
"template_version": "17",
"timestamp": "1573070357",
"uuid": "c04e4714-a1ca-4318-98d3-a46cf6d6ad97",
"ObjectReference": [
{
"comment": "",
"object_uuid": "c04e4714-a1ca-4318-98d3-a46cf6d6ad97",
"referenced_uuid": "e943e2d5-8dec-4e03-8469-ee47c09f2568",
"relationship_type": "analysed-with",
"timestamp": "1573070359",
"uuid": "5dc32617-ef5c-42e3-a091-463c02de0b81"
}
],
"Attribute": [
{
"category": "Payload delivery",
"comment": "Dridex 2.0",
"deleted": false,
"disable_correlation": false,
"object_relation": "md5",
"timestamp": "1573070265",
"to_ids": true,
"type": "md5",
"uuid": "6ee27097-638a-433d-a31a-cbe585af6293",
"value": "47bc14f741779c3a7450adeeb66bb7e8"
},
{
"category": "Payload delivery",
"comment": "Dridex 2.0",
"deleted": false,
"disable_correlation": false,
"object_relation": "sha1",
"timestamp": "1573070265",
"to_ids": true,
"type": "sha1",
"uuid": "9e720e45-0a85-4472-b678-ad9fd91100df",
"value": "980842b405d6df5385503044e102ad4a5d8b8573"
},
{
"category": "Payload delivery",
"comment": "Dridex 2.0",
"deleted": false,
"disable_correlation": false,
"object_relation": "sha256",
"timestamp": "1573070265",
"to_ids": true,
"type": "sha256",
"uuid": "bfade442-b5e0-4159-9eba-3b01982f84d0",
"value": "813d8020f32fefe01b66bea0ce63834adef2e725801b4b761f5ea90ac4facd3a"
}
]
},
{
"comment": "",
"deleted": false,
"description": "VirusTotal report",
"meta-category": "misc",
"name": "virustotal-report",
"template_uuid": "d7dd0154-e04f-4c34-a2fb-79f3a3a52aa4",
"template_version": "2",
"timestamp": "1573070357",
"uuid": "e943e2d5-8dec-4e03-8469-ee47c09f2568",
"Attribute": [
{
"category": "Other",
"comment": "Dridex 2.0",
"deleted": false,
"disable_correlation": false,
"object_relation": "last-submission",
"timestamp": "1573070265",
"to_ids": false,
"type": "datetime",
"uuid": "4bd2567e-f3c3-4af6-8878-5cebbb3ee30f",
"value": "2019-11-04T12:37:45"
},
{
"category": "Payload delivery",
"comment": "Dridex 2.0",
"deleted": false,
"disable_correlation": false,
"object_relation": "permalink",
"timestamp": "1573070265",
"to_ids": false,
"type": "link",
"uuid": "f70fc547-6175-4e7d-aa3c-09fdcae120b9",
"value": "https://www.virustotal.com/file/813d8020f32fefe01b66bea0ce63834adef2e725801b4b761f5ea90ac4facd3a/analysis/1572871065/"
},
{
"category": "Payload delivery",
"comment": "Dridex 2.0",
"deleted": false,
"disable_correlation": true,
"object_relation": "detection-ratio",
"timestamp": "1573070265",
"to_ids": false,
"type": "text",
"uuid": "094fb53d-08d6-44e0-9a00-ca0890f5175d",
"value": "54/69"
}
]
},
{
"comment": "",
"deleted": false,
"description": "File object describing a file with meta-information",
"meta-category": "file",
"name": "file",
"template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215",
"template_version": "17",
"timestamp": "1573070358",
"uuid": "2a17501a-3480-46f0-b0bd-5888c2ee8c92",
"ObjectReference": [
{
"comment": "",
"object_uuid": "2a17501a-3480-46f0-b0bd-5888c2ee8c92",
"referenced_uuid": "7fb41421-37ea-4910-ac68-319d59bdcbad",
"relationship_type": "analysed-with",
"timestamp": "1573070359",
"uuid": "5dc32617-8a84-4f80-8eb9-457002de0b81"
}
],
"Attribute": [
{
"category": "Payload delivery",
"comment": "DoppelPaymer",
"deleted": false,
"disable_correlation": false,
"object_relation": "md5",
"timestamp": "1573070265",
"to_ids": true,
"type": "md5",
"uuid": "50aa3a84-bcfe-4338-9608-2fbd439a2078",
"value": "9141d1d189afc2e300121e71a211c925"
},
{
"category": "Payload delivery",
"comment": "DoppelPaymer",
"deleted": false,
"disable_correlation": false,
"object_relation": "sha1",
"timestamp": "1573070265",
"to_ids": true,
"type": "sha1",
"uuid": "9b6cde2d-94f5-4485-aa99-53a72480641b",
"value": "ee5ac27425616878a932516000c04dedbde5b715"
},
{
"category": "Payload delivery",
"comment": "DoppelPaymer",
"deleted": false,
"disable_correlation": false,
"object_relation": "sha256",
"timestamp": "1573070265",
"to_ids": true,
"type": "sha256",
"uuid": "6020c9af-1903-4d12-8358-4eb21ad4054f",
"value": "801b04a1504f167c25f568f8d7cbac13bdde6440a609d0dcd64ebe225c197f9b"
}
]
},
{
"comment": "",
"deleted": false,
"description": "VirusTotal report",
"meta-category": "misc",
"name": "virustotal-report",
"template_uuid": "d7dd0154-e04f-4c34-a2fb-79f3a3a52aa4",
"template_version": "2",
"timestamp": "1573070358",
"uuid": "7fb41421-37ea-4910-ac68-319d59bdcbad",
"Attribute": [
{
"category": "Other",
"comment": "DoppelPaymer",
"deleted": false,
"disable_correlation": false,
"object_relation": "last-submission",
"timestamp": "1573070265",
"to_ids": false,
"type": "datetime",
"uuid": "0bb87c96-21b6-4b12-997c-d8e329e3678d",
"value": "2019-11-04T23:59:41"
},
{
"category": "Payload delivery",
"comment": "DoppelPaymer",
"deleted": false,
"disable_correlation": false,
"object_relation": "permalink",
"timestamp": "1573070265",
"to_ids": false,
"type": "link",
"uuid": "556bfa2e-6a6d-405a-a050-051f2ba65972",
"value": "https://www.virustotal.com/file/801b04a1504f167c25f568f8d7cbac13bdde6440a609d0dcd64ebe225c197f9b/analysis/1572911981/"
},
{
"category": "Payload delivery",
"comment": "DoppelPaymer",
"deleted": false,
"disable_correlation": true,
"object_relation": "detection-ratio",
"timestamp": "1573070265",
"to_ids": false,
"type": "text",
"uuid": "26ceb39d-61ca-4f10-a6d9-d565989705e2",
"value": "54/68"
}
]
},
{
"comment": "",
"deleted": false,
"description": "File object describing a file with meta-information",
"meta-category": "file",
"name": "file",
"template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215",
"template_version": "17",
"timestamp": "1573070358",
"uuid": "25d7c94e-5aad-4634-878d-15010c84f0aa",
"ObjectReference": [
{
"comment": "",
"object_uuid": "25d7c94e-5aad-4634-878d-15010c84f0aa",
"referenced_uuid": "f10bc385-bc29-4069-8374-abc49782561a",
"relationship_type": "analysed-with",
"timestamp": "1573070360",
"uuid": "5dc32618-f018-4cf9-8471-469d02de0b81"
}
],
"Attribute": [
{
"category": "Payload delivery",
"comment": "Encrypted PE Files Embedded in DoppelPaymer",
"deleted": false,
"disable_correlation": false,
"object_relation": "md5",
"timestamp": "1573070042",
"to_ids": true,
"type": "md5",
"uuid": "14458858-f68c-4f48-90d1-7cc41a7c92b2",
"value": "b365af317ae730a67c936f21432b9c71"
},
{
"category": "Payload delivery",
"comment": "Encrypted PE Files Embedded in DoppelPaymer",
"deleted": false,
"disable_correlation": false,
"object_relation": "sha1",
"timestamp": "1573070042",
"to_ids": true,
"type": "sha1",
"uuid": "8daa610e-e919-4b61-94d0-c0d2fdbc339e",
"value": "a0bdfac3ce1880b32ff9b696458327ce352e3b1d"
},
{
"category": "Payload delivery",
"comment": "Encrypted PE Files Embedded in DoppelPaymer",
"deleted": false,
"disable_correlation": false,
"object_relation": "sha256",
"timestamp": "1573070042",
"to_ids": true,
"type": "sha256",
"uuid": "0ba3c63e-1783-407b-9233-68b4a2e5eccd",
"value": "bd2c2cf0631d881ed382817afcce2b093f4e412ffb170a719e2762f250abfea4"
}
]
},
{
"comment": "",
"deleted": false,
"description": "VirusTotal report",
"meta-category": "misc",
"name": "virustotal-report",
"template_uuid": "d7dd0154-e04f-4c34-a2fb-79f3a3a52aa4",
"template_version": "2",
"timestamp": "1573070358",
"uuid": "f10bc385-bc29-4069-8374-abc49782561a",
"Attribute": [
{
"category": "Other",
"comment": "Encrypted PE Files Embedded in DoppelPaymer",
"deleted": false,
"disable_correlation": false,
"object_relation": "last-submission",
"timestamp": "1573070042",
"to_ids": false,
"type": "datetime",
"uuid": "35be71bd-7536-4d04-8ef0-608d868fe3ce",
"value": "2019-11-05T08:08:47"
},
{
"category": "Payload delivery",
"comment": "Encrypted PE Files Embedded in DoppelPaymer",
"deleted": false,
"disable_correlation": false,
"object_relation": "permalink",
"timestamp": "1573070042",
"to_ids": false,
"type": "link",
"uuid": "5d316b72-97a1-4935-bf13-366b77f8c6fd",
"value": "https://www.virustotal.com/file/bd2c2cf0631d881ed382817afcce2b093f4e412ffb170a719e2762f250abfea4/analysis/1572941327/"
},
{
"category": "Payload delivery",
"comment": "Encrypted PE Files Embedded in DoppelPaymer",
"deleted": false,
"disable_correlation": true,
"object_relation": "detection-ratio",
"timestamp": "1573070042",
"to_ids": false,
"type": "text",
"uuid": "1d009b4d-d054-4cbe-bef2-6d8b6d5e9112",
"value": "17/71"
}
]
}
]
}
}
Reference in a new issue View git blame Copy permalink