mirror of https://github.com/MISP/PyMISP
1006 lines
376 KiB
JSON
1006 lines
376 KiB
JSON
|
{
|
||
|
"Event": {
|
||
|
"threat_level_id": "3",
|
||
|
"timestamp": "1550652109",
|
||
|
"info": "OSINT - Crypter-as-a-Service Helps jRAT Fly Under The Radar",
|
||
|
"published": true,
|
||
|
"date": "2018-03-31",
|
||
|
"analysis": "2",
|
||
|
"uuid": "5abf6421-c1b8-477b-a9d2-9c0902de0b81",
|
||
|
"publish_timestamp": "1550652109",
|
||
|
"Orgc": {
|
||
|
"name": "CIRCL",
|
||
|
"uuid": "55f6ea5e-2c60-40e5-964f-47a8950d210f"
|
||
|
},
|
||
|
"Tag": [
|
||
|
{
|
||
|
"name": "tlp:white",
|
||
|
"exportable": true,
|
||
|
"colour": "#ffffff"
|
||
|
},
|
||
|
{
|
||
|
"name": "misp-galaxy:rat=\"jRAT\"",
|
||
|
"exportable": true,
|
||
|
"colour": "#0088cc"
|
||
|
},
|
||
|
{
|
||
|
"name": "osint:source-type=\"blog-post\"",
|
||
|
"exportable": true,
|
||
|
"colour": "#00223b"
|
||
|
},
|
||
|
{
|
||
|
"name": "misp-galaxy:tool=\"qrat\"",
|
||
|
"exportable": true,
|
||
|
"colour": "#0088cc"
|
||
|
},
|
||
|
{
|
||
|
"name": "misp-galaxy:rat=\"Quaverse\"",
|
||
|
"exportable": true,
|
||
|
"colour": "#0088cc"
|
||
|
}
|
||
|
],
|
||
|
"Attribute": [
|
||
|
{
|
||
|
"timestamp": "1522492485",
|
||
|
"value": "64d72c5c86d3638034cd83178abcb82f",
|
||
|
"type": "md5",
|
||
|
"to_ids": true,
|
||
|
"object_relation": null,
|
||
|
"comment": "Analyzed samples",
|
||
|
"uuid": "5abf6445-9c80-40f4-a5ac-be5302de0b81",
|
||
|
"category": "Payload delivery"
|
||
|
},
|
||
|
{
|
||
|
"timestamp": "1522492484",
|
||
|
"value": "1eb3f344a0274bfa38c67f6b10650dcf",
|
||
|
"type": "md5",
|
||
|
"to_ids": true,
|
||
|
"object_relation": null,
|
||
|
"comment": "Analyzed samples",
|
||
|
"uuid": "5abf6444-4ca4-45dd-8726-be5302de0b81",
|
||
|
"category": "Payload delivery"
|
||
|
},
|
||
|
{
|
||
|
"timestamp": "1522492734",
|
||
|
"value": "https://www.trustwave.com/Resources/SpiderLabs-Blog/Crypter-as-a-Service-Helps-jRAT-Fly-Under-The-Radar/",
|
||
|
"type": "link",
|
||
|
"to_ids": false,
|
||
|
"object_relation": null,
|
||
|
"comment": "",
|
||
|
"uuid": "5abf642d-5fa8-4bac-bf78-73e102de0b81",
|
||
|
"category": "External analysis",
|
||
|
"Tag": [
|
||
|
{
|
||
|
"name": "osint:source-type=\"blog-post\"",
|
||
|
"exportable": true,
|
||
|
"colour": "#00223b"
|
||
|
}
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"timestamp": "1522492485",
|
||
|
"value": "c52247ecffb2f7a42ef6fa0336671545",
|
||
|
"type": "md5",
|
||
|
"to_ids": true,
|
||
|
"object_relation": null,
|
||
|
"comment": "Analyzed samples",
|
||
|
"uuid": "5abf6445-2224-46ea-84ca-be5302de0b81",
|
||
|
"category": "Payload delivery"
|
||
|
},
|
||
|
{
|
||
|
"timestamp": "1522492486",
|
||
|
"value": "ae77ffba57049418e5a720bf77d178a5",
|
||
|
"type": "md5",
|
||
|
"to_ids": true,
|
||
|
"object_relation": null,
|
||
|
"comment": "Analyzed samples",
|
||
|
"uuid": "5abf6446-89d4-4118-883c-be5302de0b81",
|
||
|
"category": "Payload delivery"
|
||
|
},
|
||
|
{
|
||
|
"timestamp": "1522492486",
|
||
|
"value": "2f021a10804ac5db5ceb43b42f785a23",
|
||
|
"type": "md5",
|
||
|
"to_ids": true,
|
||
|
"object_relation": null,
|
||
|
"comment": "Analyzed samples",
|
||
|
"uuid": "5abf6446-c920-40b2-9756-be5302de0b81",
|
||
|
"category": "Payload delivery"
|
||
|
},
|
||
|
{
|
||
|
"timestamp": "1522492487",
|
||
|
"value": "daa0833d16cd9b6937803d1637284ad1",
|
||
|
"type": "md5",
|
||
|
"to_ids": true,
|
||
|
"object_relation": null,
|
||
|
"comment": "Analyzed samples",
|
||
|
"uuid": "5abf6447-4110-4acd-926f-be5302de0b81",
|
||
|
"category": "Payload delivery"
|
||
|
},
|
||
|
{
|
||
|
"timestamp": "1522492487",
|
||
|
"value": "6392741705126cb97a837cbb046cfe73",
|
||
|
"type": "md5",
|
||
|
"to_ids": true,
|
||
|
"object_relation": null,
|
||
|
"comment": "Analyzed samples",
|
||
|
"uuid": "5abf6447-68f0-439b-82ed-be5302de0b81",
|
||
|
"category": "Payload delivery"
|
||
|
},
|
||
|
{
|
||
|
"timestamp": "1522492488",
|
||
|
"value": "8ae2c573bc0e0492efeabe78495c591e",
|
||
|
"type": "md5",
|
||
|
"to_ids": true,
|
||
|
"object_relation": null,
|
||
|
"comment": "Analyzed samples",
|
||
|
"uuid": "5abf6448-ef50-4db5-af30-be5302de0b81",
|
||
|
"category": "Payload delivery"
|
||
|
},
|
||
|
{
|
||
|
"timestamp": "1522492946",
|
||
|
"value": "6a01676411d5a7970b01b7c95a2ed1970b-800wi.png",
|
||
|
"type": "attachment",
|
||
|
"to_ids": false,
|
||
|
"object_relation": null,
|
||
|
"comment": "",
|
||
|
"data": "iVBORw0KGgoAAAANSUhEUgAAAfAAAAQACAYAAAAeBgtYAAAgAElEQVR4XuxdB3gU1dr+UkkIEKoQOqJeARUEBRVsiIqKAooUFZArKCrYCyqIAtcKolcQEUVUUEQRUEAUsAFi91p+C0rvLfSQnv95z8k3e/bszO4Sk5DNfvs8eZKdnTlz5p3Jvuf9akxBQUEByUsQEAQEAUFAEBAEIgqBGCHwiLpfMllBQBAQBAQBQUAhIAQuD4IgIAgIAoKAIBCBCAiBR+BNkykLAoKAICAICAJC4PIMCAKCgCAgCAgCEYiAEHgE3jSZsiAgCAgCgoAgIAQuz4AgIAgIAoKAIBCBCAiBR+BNkykLAoKAICAICAJC4PIMCAKCgCAgCAgCEYiAEHgE3jSZsiAgCAgCgoAgIAQuz4AgIAgIAoKAIBCBCAiBR+BNkykLAoKAICAICAJC4PIMCAKCgCAgCAgCEYiAEHgE3jSZsiAgCAgCgoAgIAQuz4AgIAgIAoKAIBCBCAiBR+BNkykLAoKAICAICAJC4PIMCAKCgCAgCAgCEYiAEHgE3jSZsiAgCAgCgoAgIAQuz4AgIAgIAoKAIBCBCAiBR+BNkykLAoKAICAICAJC4PIMCAKCgCAgCAgCEYiAEHgE3jSZsiAgCAgCgoAgIAQuz4AgIAgIAoKAIBCBCAiBR+BNkykLAoKAICAICAJC4PIMCAKCgCAgCAgCEYiAEHgE3jSZsiAgCAgCgoAgIAQuz4AgIAgIAoKAIBCBCAiBR+BNkykLAoKAICAICAJC4PIMCAKCgCAgCAgCEYiAEHgE3jSZsiAgCAgCgoAgIAQuz4AgIAgIAoKAIBCBCAiBR+BNkykLAoKAICAICAJC4PIMCAKCgCAgCAgCEYiAEHgE3jSZsiAgCAgCgoAgIAQuz4AgIAgIAoKAIBCBCAiBR+BNkykLAoKAICAICAJC4PIMCAKCgCAgCAgCEYiAEHgE3jSZsiAgCAgCgoAgIAQuz4AgIAgIAoKAIBCBCAiBR+BNkykLAoKAICAICAJC4PIMCAKCgCAgCAgCEYiAEHgE3jSZsiAgCAgCgoAgIAQuz4AgIAgIAoKAIBCBCAiBR+BNkykLAoKAICAICAJC4PIMCAKCgCAgCAgCEYiAEHgE3jSZsiAgCAgCgoAgIAQuz4AgIAgIAoKAIBCBCAiBR+BNkykLAoKAICAICAJC4PIMCAKCgCAgCAgCEYiAEHgE3jSZsiAgCAgCgoAgIAQuz4AgIAgIAoKAIBCBCAiBR+BNkykLAoKAICAICAJC4PIMCAKCgCAgCAgCEYiAEHgE3jSZsiAgCAgCgoAgIAQuz4AgIAgIAoKAIBCBCAiBR+BNkykLAoKAICAICAJC4PIMCAKCgCAgCAgCEYiAEHgE3jSZsiAgCAgCgoAgIAQuz4AgIAgIAoKAIBCBCAiBR+BNkykLAoKAICAICAJC4P/gGSgoKPgHR5fMoRkZGbR//341eOXKlSklJaVkTlQMo8bExBTDKDKEICAICALRiYAQuHHfbULOz88nbIuLi1N75ebmEkjHfB8bG0v4wX55eXnqM+zD7+Pj49WxPBb2xefYF7/NY82xsD+fx+1YjM9j81g//PADjRgxgn799Vd1vjPPPJMefvhhOvnkk9UccD5s57F5HviMz2XOC9vxnudsH+s2L3Ms4BUKH8bLxtrt31EIPzq/pOSqBQFBwB2BqCdwLxWN7dnZ2ZSYmKiILycnR5FZhQoV1PusrCyKjY2h+PgERdbYF4QKQgIZZWdnUWJiBUVgIDIcn5SU5IyFYxISEtR7HIv9cDy2Z2Zmqs/wHufMycE89Fh5ebmUm5vnzAtj43yfffYZDRo0kLZu3arGyM8vUGNXr16dpkyZQl26dHHOzdeEY/ma8HhgHnjhc4yBa8QceF54j88wD32N2Q4euD5sw+c8FvbDdWh8MFaCgw/2Zyz1PHLVNdqLGyFy+eoSBAQBQUAI3EEgHNM3K08cBAIlijHIyJ9wQUYgbk3eeYpgmZyZYE1iA0kxseFYJm8QYG5ujiI6TdZ56sdrLHy2e/duevrpp+mll15SxM9KVqt7KP18Sk1NpZtvvpmGDBlCtWvXdoicCIsIf8Jlsva/pny1AME8eEGC68SxvLgxxwJeMTF6QeK7pniKjY0rvKZc51gQNxYbfI2MByvzUP+4ospDISSfCwKCQHlFIKoUeDjEbe8D1cmqFL+zsjL9lCQrbRAJyBoEXKGCVtpQqBiPFS/em+SNsUFcICtbaduq3VbHIMZNmzbRNddcQ99++60zBs6nzfxYAGgXAJvp27RpQ2+99RY1bNjQWRjYip+tByBnnhfmYloi+Jo0HrBEaKWNY1ml49iCArz3qXS9IMlV+GiVzthW8FP8GMt8hSLpUJ+X139euS5BQBCIbgSihsCDkbfbZ2wWZ3WsCRbqGEo7XpE1yIjVMt6DsPBeq/YcQowWiJDNzaaJnRUtiI5N2abSZhM7m6OZ+Jk0Z8+eTaNHj6a1a9c6ah2fYT/tgwd5k/oML8wB25s2bUrDhw+nrl27UsWKFdUiA3PQ5nptnsffPqXtM4tjzngxwUJpQ1Wz2wDXwcea1gNzLFNp88JIq/RcZx58P3ju/C8ajKiFxKP7i0yuXhCIRgSigsDDJW9zPw5Y8/l7tU+bfbQgM1NZMxnZxM/+XxA5m8UD/b8+n7aptFmlYsHAQWaIMEdg2quvvur4zs1gMiZr/NYEqP3heDHRwhc/YMAAeuyxx/z80Kb1AHNkpY3fpqmf/eNsPeAFCvvHtdsA16Txsokfpn4QPbsR8B7H+kzuMLFrcz0vSux/TjfCFhKPxq8wuWZBIHoRiFoCN8naJni8523aLO4jFCY2jgAH6cE/jveHDx9WJmQQmqmGzffYbipM81y8WPAdC+XsS1Vbt24tPfroo7RkyVJFzDqqXM8V/m7Mg89lK28em03seN+hQwd65JFHqHnzZsrcznMz58ELAZ4nj2u+Z3XP8zDnDFwqVkx2gv04Mt0ka7ZMsGrnhYBN3iZBe5G1kHj0fpnJlQsC0YZAuSdwL/M432j+3O23adrWatjnw2bVycFrMGnPmjWL1q1b55ixTbJmYuHzaDO3j5w54EybwGEKR6R3niJl3nfr1i20a9fuwrQuTk3TyhpjMXnD/83EzsFsvvdIe/OlsdWsWZPS0uoUzkWntXEqGROo15z1vNRVOgsWJnM+tlKlSmqhMHjwYBURb5rYgS9HouOcHMXOWLE74EiIXAg82r7C5HoFgehFIOoI3E15u5E3yET7vHUeNytvX/Q4fMfxSnE//vjjNHHihMKgNW26ZlM7K1j8dlPHtsLVhKvTtEIra30ukCgTJ8jZn7w1IZsWATf/OD4PJH7/Y/XYgb51PlYvIrRlgAPnsL9W++3plVemUlpamhNdb6azYQz2j2O+wN2NwE1yt4md/42FxKP3C02uXBCIJgTKNYG7mcaDKW/TnM1ky/5eM00sO1sTO4jp66+/pmuu6UO7du1ygsaCkTdI0ke4WmnzeZn4tDlbR4+bxG8qbah0TfTahO4j/rzCeWjlzqbxQJXuU+2BKt1eROgFCSwCdmCcJm+d+87zYIsBL0DY1D9w4EB68skn/ZS26VvX/nLk0+vIfCZwL9L2MqkLgUfTV5hcqyAQvQhEJYG7KW6TvPlvjjwHUfoKtGQ7Udh4bJCWdccddzjpVDbhMrG5K1xvRWuTd6BP23dsoGoH4aKKmvZr+x/rvmiw88eDK21T8fMiQke5B/rafYuI0047jeBqqFq1qiJ7Jm+2anAUu6m+wyVxm7SFxKP3S02uXBCIFgSihsCD+bqZsM3fpo8bpASy4WA2rRR1AZY335xB9957nxNpbZrJ/ZW1t2k7NFn7TOpuJKkVbiBZszqGydwXie5T7W7m+2BjIWWMyBwrmPIOdCO0bNmS3nnnHapWrZrjnjCD2WBSZ0sB5sGR92Y0um1Wt9W5mNGj5atLrlMQEASigsDDJW9Wz9gfZM0vKHEmb3zGqV4gn9dff13lVXP0uen/bdSoETVp0sRRw2ZeM5ubbZM+E6hJTOxH9kV5g6x1Ix
|
||
|
"uuid": "5abf659e-4cb8-4867-934a-bffd02de0b81",
|
||
|
"category": "External analysis",
|
||
|
"Tag": [
|
||
|
{
|
||
|
"name": "osint:source-type=\"blog-post\"",
|
||
|
"exportable": true,
|
||
|
"colour": "#00223b"
|
||
|
}
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"timestamp": "1522492946",
|
||
|
"value": "6a0133f264aa62970b01bb09fd6017970d-800wi.gif",
|
||
|
"type": "attachment",
|
||
|
"to_ids": false,
|
||
|
"object_relation": null,
|
||
|
"comment": "Sample malicious emails",
|
||
|
"data": "R0lGODlhqQL9Aff/AImIh/vbjffYs6qqqg9w17i3uPz8tezBdv//4C+M3aCfn9//////69/f35VteLj+/ovZ+Pu1XY4vAPPz86jMyMXz9Km3ycLCwl22/t2OL8W7urnb83FucNjY2NPS02siSwBduaSJkAABiExNTfz8yrZeALyZqW93naSHZrdXgP+3n7Khpl+3t+zr6+Pj4nTB/pbcuc3NzQAvjpa028nV5FoAcOz//5KTo82wncjIyNbw01sALQtbXf/kmX3D3sioTVOg3qSou8+ogPDDlNPRyS+JlJ7j/wAAAN+23tnViMF0IdHOzazw8Nf8/OLa1Xyr2cTd4b6DZqrb8NjV1NeHj///wBg5gCMjdYelu/zP38TAvtrY1YYvgiFLmr29v0uNySksUfXw55/e3kue4wBVmpPG9tPZ3FxaKpF6P4fX/22RuyIjJFwAACl6wJ5LJFRl2Rk2Xy4AXf7tzY20jfzhtDZQzK6wswABLq+cgc7u/3+y5TUuh4/f///IkqTK9gQn4d/i5QAAXbSzssfGw87Jya6urX0nJ8zQ0vDww9TV10Ci5tuWV9nW2C8AgdvZ2Ln7vvj42VInJ4qx9rHo/9fm9J/r/0U8Z6vN7MvKyOHh4djZ2+r079vc3b7cxtv7tLHK8I5ZYYfS8MPFx6WgrS4AAKinqOzo5mXG/qSprOjp6uuzg0+t7GY5ZvDw2u/u7i4ALqteL9rw8Obm5cfM0R5esN3c2biW2pOJ2tva21dlhNjYvHediNDP0NXZ1d3Ak+fn6F623jlchNv83gAvs4DZ/bKy+Piyss/Mybb+4Oj/5P7m5EYyqZ1TAJzE5f/vwX0qAGJgYeHp9cj/3uP/zI/e34jW1qqMQYYsWf/y1f/qnYB92//4x0/A9vLLrHWczwUnX6urzsSi3C4uANUODl4uAPDwrN/fn/Dwylqs8PDw0s7w8KS72uGfT8vLzMjHyaqnm4HJpcJ9KaHBlv/43wAuLuDfw7LAztm6prnfksPYuNacddvq+fj4+PDw8P///////yH/C05FVFNDQVBFMi4wAwEAAAAh/wtYTVAgRGF0YVhNUDw/eHBhY2tldCBiZWdpbj0i77u/IiBpZD0iVzVNME1wQ2VoaUh6cmVTek5UY3prYzlkIj8+IDx4OnhtcG1ldGEgeG1sbnM6eD0iYWRvYmU6bnM6bWV0YS8iIHg6eG1wdGs9IkFkb2JlIFhNUCBDb3JlIDUuNi1jMTM4IDc5LjE1OTgyNCwgMjAxNi8wOS8xNC0wMTowOTowMSAgICAgICAgIj4gPHJkZjpSREYgeG1sbnM6cmRmPSJodHRwOi8vd3d3LnczLm9yZy8xOTk5LzAyLzIyLXJkZi1zeW50YXgtbnMjIj4gPHJkZjpEZXNjcmlwdGlvbiByZGY6YWJvdXQ9IiIgeG1sbnM6eG1wPSJodHRwOi8vbnMuYWRvYmUuY29tL3hhcC8xLjAvIiB4bWxuczp4bXBNTT0iaHR0cDovL25zLmFkb2JlLmNvbS94YXAvMS4wL21tLyIgeG1sbnM6c3RSZWY9Imh0dHA6Ly9ucy5hZG9iZS5jb20veGFwLzEuMC9zVHlwZS9SZXNvdXJjZVJlZiMiIHhtcDpDcmVhdG9yVG9vbD0iQWRvYmUgUGhvdG9zaG9wIENDIDIwMTcgKFdpbmRvd3MpIiB4bXBNTTpJbnN0YW5jZUlEPSJ4bXAuaWlkOkQwREEyMTU1MkQ3MDExRTg4Nzc2RTNBOTVFMTkzMkUwIiB4bXBNTTpEb2N1bWVudElEPSJ4bXAuZGlkOkQwREEyMTU2MkQ3MDExRTg4Nzc2RTNBOTVFMTkzMkUwIj4gPHhtcE1NOkRlcml2ZWRGcm9tIHN0UmVmOmluc3RhbmNlSUQ9InhtcC5paWQ6RDBEQTIxNTMyRDcwMTFFODg3NzZFM0E5NUUxOTMyRTAiIHN0UmVmOmRvY3VtZW50SUQ9InhtcC5kaWQ6RDBEQTIxNTQyRDcwMTFFODg3NzZFM0E5NUUxOTMyRTAiLz4gPC9yZGY6RGVzY3JpcHRpb24+IDwvcmRmOlJERj4gPC94OnhtcG1ldGE+IDw/eHBhY2tldCBlbmQ9InIiPz4B//79/Pv6+fj39vX08/Lx8O/u7ezr6uno5+bl5OPi4eDf3t3c29rZ2NfW1dTT0tHQz87NzMvKycjHxsXEw8LBwL++vby7urm4t7a1tLOysbCvrq2sq6qpqKempaSjoqGgn56dnJuamZiXlpWUk5KRkI+OjYyLiomIh4aFhIOCgYB/fn18e3p5eHd2dXRzcnFwb25tbGtqaWhnZmVkY2JhYF9eXVxbWllYV1ZVVFNSUVBPTk1MS0pJSEdGRURDQkFAPz49PDs6OTg3NjU0MzIxMC8uLSwrKikoJyYlJCMiISAfHh0cGxoZGBcWFRQTEhEQDw4NDAsKCQgHBgUEAwIBAAAh+QQFlgD/ACwAAAAAqQL9AQAI/wAHCBxIsKDBgwgTKlzIsKHDhxAjSpxIsaLFixgzatzIsaPHjyBDihxJEqK/kyhTqlzJsqXLlzBjypxJs6bNmzhz6tzJs6fPn0CDCh1KtKjRo0iTyhSotKnTp1CjSp1KtarVq1izasXJdKvXr2DDih1LtqzZs1q7ol3Ltq3bt3Djyp17Ui3du3jz6t3Lt+9au34DCx5MuLBhw4BZ0vhyCQqUw5AjS55MubLPxCoptfnypY1nb5Qsix5NurTpu5hRzmjj4wmQL6896zlNu7bt27iVpvZ3qc2TOV9oBSsCxEfnJ7mTK1/OvOkNBc+jQ1eQVEGLlamo20zNr02wLxLaWP/59o1WmyJ62kRbicDEOpXdbuSJKWdUnvb3Tcxv6Uv6jUv47RSgSwOeVN9+7OnX3IIMNkiTditBaFR2qaTUggIVbjdAS5cUYcV3cHCgxghw+LaZNwkOgGB79tGEX4EtDQjjTTOqVCOBCjqo44463tCSj0lld50/QnK1IUtfBGPFACMA0MBJuXRh3hNtJFjAJSjRYUGOMr3IZYw53ujilwkiGJOYPKap5mkSptSmURemEmdOqbXRxQkc4OEPAyfZY4UanFVpownqmLDAnjjooKAceDy3gT/xQbeOl/nN54ukZZ7UXi8KKIBlgF4e8xyW/sjRKQWLQjfKAu0VMIowJnD/6qk/Xrq6gKkKoGrmmrz2KhqQKwEbZKdDGtlSG99oQYQCThAhCADQWNFZZ2X68qgc4CSjX3vXtkiroZQWOKOMJgRhAx2jNAHqtu75g666JjwaX6Xu+tHep+XacKCX+Morn68AB1zVdP5Bh9SbJyFc1IU3FHtTamp8w8s8RAAAAB4aYGKFd0UImhJ+2NpwzwYgr3rSyCc/Gq6CdES3K7nzzcPufJR+m0fINjMa3aQKDmhtzTijKfDQRNMlbEpHT2hdkcay5MU3dkwQRhithGHKORrI0MWdZTKAQy/g2FDyof5Y6+57NlNa3wJevxxmzzOnDffNYedssqZzI0py3EGT/1n034C/pbDCQs3pj+EaurTHNyEIYgrVptSzwjdWdGFPpgLM6mW3bBuKd6X40RH2gYPut24eXj/aMr2bQyrfvSiti+XaNXPr+q6B5647WUmf1LtQTJ8UPE27HfLNCNBA44ACGhCRixVXBMNPpgxocGiAuP7bH3TZzoyf1zcEUYjbpufdsgJbss4ydLqW2ukNPNNsQgHQqRy3u+z7vfv+/GNF8P+EAwqGVtKC371kN/7wAjQKUQg8cCB547EEIPpHwQpaUDIIJBIneOGFQgAADN/IhSkuSMISmjAvGUTJBLxwAkuMYnonjKEMZ1iWFNLwhjjMoVdsqMMe+vCHSeEhEP+HSMQiNs2ISEyiEol3pCU68YlPFCIUp0jFE0qxiljM4v6uqMUuelFgAumHGMdIxjKa8YxoTKMa18jGNrrxjXCMoxznSMc62vGOeMyjHvfIxz768Y+ADKQgB0nINoaxkIhMpCIXychGOvKRkIykJCdJyUrK8ZCWzKQmN8nJTnryk6AMpSgpiclRmvKUqEylKlfJyla6sh+lfKUsZ0nLWt
|
||
|
"uuid": "5abf65e2-70f8-455b-a6a7-73e602de0b81",
|
||
|
"category": "External analysis",
|
||
|
"Tag": [
|
||
|
{
|
||
|
"name": "osint:source-type=\"blog-post\"",
|
||
|
"exportable": true,
|
||
|
"colour": "#00223b"
|
||
|
}
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"timestamp": "1522492979",
|
||
|
"value": "https://vvrhhhnaijyj6s2m.onion.top",
|
||
|
"type": "url",
|
||
|
"to_ids": true,
|
||
|
"object_relation": null,
|
||
|
"comment": "One thing we noticed right away is that all the samples we collected attempted to download a jar file from https://vvrhhhnaijyj6s2m[.]onion[dot]top. We followed the onion link and found it is a service hosted by QUAverse.",
|
||
|
"uuid": "5abf6633-5e18-4ccb-88ed-bdd602de0b81",
|
||
|
"category": "Network activity"
|
||
|
},
|
||
|
{
|
||
|
"timestamp": "1522493112",
|
||
|
"value": "{\r\n\t\"NETWORK\": [\r\n\t\t{\r\n\t\t\t\"PORT\": 1999,\r\n\t\t\t\"DNS\": \"174.127.99.225\"\r\n\t\t},\r\n\t\t{\r\n\t\t\t\"PORT\": 4987,\r\n\t\t\t\"DNS\": \"174.127.99.225\"\r\n\t\t}\r\n\t],\r\n\t\"INSTALL\": true,\r\n\t\"MODULE_PATH\": \"taM/Xkc/WE.xFP\",\r\n\t\"PLUGIN_FOLDER\": \"cHvEFmnnAYl\",\r\n\t\"JRE_FOLDER\": \"syeyIK\",\r\n\t\"JAR_FOLDER\": \"WEAvkYONVeS\",\r\n\t\"JAR_EXTENSION\": \"OSTZIm\",\r\n\t\"ENCRYPT_KEY\": \"gGgQBEKfxHgELZmseiHwZkjdB\",\r\n\t\"DELAY_INSTALL\": 2,\r\n\t\"NICKNAME\": \"User\",\r\n\t\"VMWARE\": false,\r\n\t\"PLUGIN_EXTENSION\": \"oCYYC\",\r\n\t\"WEBSITE_PROJECT\": \"https://jrat.io\",\r\n\t\"JAR_NAME\": \"dzjQhyXWvSo\",\r\n\t\"SECURITY\": [\r\n\t\t{\r\n\t\t\t\"REG\": [\r\n\t\t\t\t{\r\n\t\t\t\t\t\"VALUE\": \"\\\"SaveZoneInformation\\\"=dword:00000001\\r\\n\",\r\n\t\t\t\t\t\"KEY\": \"[HKEY_CURRENT_USER\\\\Software\\\\Microsoft\\\\Windows\\\\CurrentVersion\\\\Policies\\\\Attachments]\"\r\n\t\t\t\t},\r\n\t\t\t\t{\r\n\t\t\t\t\t\"VALUE\": \"\\\"LowRiskFileTypes\\\"=\\\".avi;.bat;.com;.cmd;.exe;.htm;.html;.lnk;.mpg;.mpeg;.mov;.mp3;.msi;.m3u;.rar;.reg;.txt;.vbs;.wav;.zip;.jar;\\\"\\r\\n\",\r\n\t\t\t\t\t\"KEY\": \"[HKEY_CURRENT_USER\\\\Software\\\\Microsoft\\\\Windows\\\\CurrentVersion\\\\Policies\\\\Associations]\"\r\n\t\t\t\t},\r\n\t\t\t\t{\r\n\t\t\t\t\t\"VALUE\": \"\\\"SaveZoneInformation\\\"=-\\r\\n\",\r\n\t\t\t\t\t\"KEY\": \"[HKEY_LOCAL_MACHINE\\\\SOFTWARE\\\\Microsoft\\\\Windows\\\\CurrentVersion\\\\Policies\\\\Attachments]\"\r\n\t\t\t\t},\r\n\t\t\t\t{\r\n\t\t\t\t\t\"VALUE\": \"\\\"LowRiskFileTypes\\\"=-\\r\\n\",\r\n\t\t\t\t\t\"KEY\": \"[HKEY_LOCAL_MACHINE\\\\SOFTWARE\\\\Microsoft\\\\Windows\\\\CurrentVersion\\\\Policies\\\\Associations]\"\r\n\t\t\t\t}\r\n\t\t\t],\r\n\t\t\t\"NAME\": \"Open-File Security Warning\"\r\n\t\t},\r\n\t\t{\r\n\t\t\t\"REG\": [\r\n\t\t\t\t{\r\n\t\t\t\t\t\"VALUE\": \"\\\"SEE_MASK_NOZONECHECKS\\\"=\\\"1\\\"\\r\\n\",\r\n\t\t\t\t\t\"KEY\": \"[HKEY_CURRENT_USER\\\\Environment]\"\r\n\t\t\t\t},\r\n\t\t\t\t{\r\n\t\t\t\t\t\"VALUE\": \"\\\"SEE_MASK_NOZONECHECKS\\\"=\\\"1\\\"\\r\\n\",\r\n\t\t\t\t\t\"KEY\": \"[HKEY_LOCAL_MACHINE\\\\SYSTEM\\\\CurrentControlSet\\\\Control\\\\Session Manager\\\\Environment]\"\r\n\t\t\t\t}\r\n\t\t\t],\r\n\t\t\t\"NAME\": \"Disable Zone Checking\"\r\n\t\t},\r\n\t\t{\r\n\t\t\t\"REG\": [\r\n\t\t\t\t{\r\n\t\t\t\t\t\"VALUE\": \"\\\"ConsentPromptBehaviorAdmin\\\"=dword:00000000\\r\\n\\\"ConsentPromptBehaviorUser\\\"=dword:00000000\\r\\n\\\"EnableLUA\\\"=dword:00000000\\r\\n\\\"PromptOnSecureDesktop\\\"=dword:00000000\\r\\n\",\r\n\t\t\t\t\t\"KEY\": \"[HKEY_LOCAL_MACHINE\\\\SOFTWARE\\\\Microsoft\\\\Windows\\\\CurrentVersion\\\\Policies\\\\System]\"\r\n\t\t\t\t}\r\n\t\t\t],\r\n\t\t\t\"PROCESS\": [\r\n\t\t\t\t\"UserAccountControlSettings.exe\"\r\n\t\t\t],\r\n\t\t\t\"NAME\": \"User Account Control\"\r\n\t\t},\r\n\t\t{\r\n\t\t\t\"REG\": [\r\n\t\t\t\t{\r\n\t\t\t\t\t\"VALUE\": \"\\\"DisableTaskMgr\\\"=dword:00000002\\r\\n\",\r\n\t\t\t\t\t\"KEY\": \"[HKEY_CURRENT_USER\\\\Software\\\\Microsoft\\\\Windows\\\\CurrentVersion\\\\Policies\\\\System]\"\r\n\t\t\t\t}\r\n\t\t\t],\r\n\t\t\t\"PROCESS\": [\r\n\t\t\t\t\"Taskmgr.exe\"\r\n\t\t\t],\r\n\t\t\t\"NAME\": \"Task Manager\"\r\n\t\t},\r\n\t\t{\r\n\t\t\t\"REG\": [\r\n\t\t\t\t{\r\n\t\t\t\t\t\"VALUE\": \"\\\"DisableConfig\\\"=dword:00000001\\r\\n\\\"DisableSR\\\"=dword:00000001\\r\\n\",\r\n\t\t\t\t\t\"KEY\": \"[HKEY_LOCAL_MACHINE\\\\SOFTWARE\\\\Policies\\\\Microsoft\\\\Windows NT\\\\SystemRestore]\"\r\n\t\t\t\t}\r\n\t\t\t],\r\n\t\t\t\"NAME\": \"Restore System\"\r\n\t\t},\r\n\t\t{\r\n\t\t\t\"PROCESS\": [\r\n\t\t\t\t\"ProcessHacker.exe\"\r\n\t\t\t],\r\n\t\t\t\"NAME\": \"Process Hacker\"\r\n\t\t},\r\n\t\t{\r\n\t\t\t\"PROCESS\": [\r\n\t\t\t\t\"procexp.exe\"\r\n\t\t\t],\r\n\t\t\t\"NAME\": \"MsConfig\"\r\n\t\t},\r\n\t\t{\r\n\t\t\t\"PROCESS\": [\r\n\t\t\t\t\"MSASCui.exe\",\r\n\t\t\t\t\"MsMpEng.exe\",\r\n\t\t\t\t\"MpUXSrv.exe\",\r\n\t\t\t\t\"MpCmdRun.exe\",\r\n\t\t\t\t\"NisSrv.exe\",\r\n\t\t\t\t\"ConfigSecurityPolicy.exe\"\r\n\t\t\t],\r\n\t\t\t\"NAME\": \"Windows Defender\"\r\n\t\t},\r\n\t\t{\r\n\t\t\t\"PROCESS\": [\r
|
||
|
"type": "text",
|
||
|
"to_ids": false,
|
||
|
"object_relation": null,
|
||
|
"comment": "Config of jRAT",
|
||
|
"uuid": "5abf66b8-94b4-4306-bc6b-9b3a02de0b81",
|
||
|
"category": "Support Tool"
|
||
|
},
|
||
|
{
|
||
|
"timestamp": "1522493153",
|
||
|
"value": "174.127.99.225|1999",
|
||
|
"type": "ip-dst|port",
|
||
|
"to_ids": true,
|
||
|
"object_relation": null,
|
||
|
"comment": "On port 1999",
|
||
|
"uuid": "5abf66e1-b310-4869-bcf2-bca202de0b81",
|
||
|
"category": "Network activity"
|
||
|
},
|
||
|
{
|
||
|
"timestamp": "1522493154",
|
||
|
"value": "174.127.99.225|4987",
|
||
|
"type": "ip-dst|port",
|
||
|
"to_ids": true,
|
||
|
"object_relation": null,
|
||
|
"comment": "On port 4987",
|
||
|
"uuid": "5abf66e2-5c9c-4390-ba87-bca202de0b81",
|
||
|
"category": "Network activity"
|
||
|
},
|
||
|
{
|
||
|
"timestamp": "1522493181",
|
||
|
"value": "https://pastebin.com/raw/PvKLJAWP",
|
||
|
"type": "link",
|
||
|
"to_ids": false,
|
||
|
"object_relation": null,
|
||
|
"comment": "",
|
||
|
"uuid": "5abf66fd-8984-4e4c-9b22-bdd602de0b81",
|
||
|
"category": "External analysis"
|
||
|
}
|
||
|
],
|
||
|
"Object": [
|
||
|
{
|
||
|
"sharing_group_id": "0",
|
||
|
"timestamp": "1522492579",
|
||
|
"description": "File object describing a file with meta-information",
|
||
|
"distribution": "5",
|
||
|
"template_version": "7",
|
||
|
"template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215",
|
||
|
"comment": "",
|
||
|
"name": "file",
|
||
|
"uuid": "9f8377a2-614a-4c95-b23c-9843916ce750",
|
||
|
"meta-category": "file",
|
||
|
"Attribute": [
|
||
|
{
|
||
|
"timestamp": "1522492576",
|
||
|
"value": "edcbc508c19118f11daac029020f2a55f5cdc115",
|
||
|
"type": "sha1",
|
||
|
"to_ids": true,
|
||
|
"object_relation": "sha1",
|
||
|
"comment": "Analyzed samples",
|
||
|
"uuid": "5abf64a0-e220-4c7c-93fe-4fee02de0b81",
|
||
|
"category": "Payload delivery"
|
||
|
},
|
||
|
{
|
||
|
"timestamp": "1522492577",
|
||
|
"value": "a42909490789d8ceb0c62f3a8cfd8d9d6e94d4e4199c4d31dffb6a2b36a67771",
|
||
|
"type": "sha256",
|
||
|
"to_ids": true,
|
||
|
"object_relation": "sha256",
|
||
|
"comment": "Analyzed samples",
|
||
|
"uuid": "5abf64a1-291c-49cc-8cc1-4fee02de0b81",
|
||
|
"category": "Payload delivery"
|
||
|
},
|
||
|
{
|
||
|
"timestamp": "1522492577",
|
||
|
"value": "2f021a10804ac5db5ceb43b42f785a23",
|
||
|
"type": "md5",
|
||
|
"to_ids": true,
|
||
|
"object_relation": "md5",
|
||
|
"comment": "Analyzed samples",
|
||
|
"uuid": "5abf64a1-b698-4031-bd66-4fee02de0b81",
|
||
|
"category": "Payload delivery"
|
||
|
}
|
||
|
],
|
||
|
"ObjectReference": [
|
||
|
{
|
||
|
"relationship_type": "analysed-with",
|
||
|
"timestamp": "1550652109",
|
||
|
"referenced_uuid": "4887e799-a946-45b9-b17d-829e83965fb8",
|
||
|
"comment": "",
|
||
|
"uuid": "5abf64b3-5948-455a-9540-4fee02de0b81"
|
||
|
}
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"sharing_group_id": "0",
|
||
|
"timestamp": "1522492578",
|
||
|
"description": "VirusTotal report",
|
||
|
"distribution": "5",
|
||
|
"template_version": "1",
|
||
|
"template_uuid": "d7dd0154-e04f-4c34-a2fb-79f3a3a52aa4",
|
||
|
"comment": "",
|
||
|
"name": "virustotal-report",
|
||
|
"uuid": "4887e799-a946-45b9-b17d-829e83965fb8",
|
||
|
"meta-category": "misc",
|
||
|
"Attribute": [
|
||
|
{
|
||
|
"timestamp": "1522492578",
|
||
|
"value": "https://www.virustotal.com/file/a42909490789d8ceb0c62f3a8cfd8d9d6e94d4e4199c4d31dffb6a2b36a67771/analysis/1522272575/",
|
||
|
"type": "link",
|
||
|
"to_ids": false,
|
||
|
"object_relation": "permalink",
|
||
|
"comment": "Analyzed samples",
|
||
|
"uuid": "5abf64a2-60b8-4859-8de4-4fee02de0b81",
|
||
|
"category": "External analysis"
|
||
|
},
|
||
|
{
|
||
|
"timestamp": "1522492578",
|
||
|
"value": "24/60",
|
||
|
"type": "text",
|
||
|
"to_ids": false,
|
||
|
"object_relation": "detection-ratio",
|
||
|
"comment": "Analyzed samples",
|
||
|
"uuid": "5abf64a2-1e6c-4181-bf62-4fee02de0b81",
|
||
|
"category": "Other"
|
||
|
},
|
||
|
{
|
||
|
"timestamp": "1522492578",
|
||
|
"value": "2018-03-28 21:29:35",
|
||
|
"type": "datetime",
|
||
|
"to_ids": false,
|
||
|
"object_relation": "last-submission",
|
||
|
"comment": "Analyzed samples",
|
||
|
"uuid": "5abf64a2-300c-4d8e-93e1-4fee02de0b81",
|
||
|
"category": "Other"
|
||
|
}
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"sharing_group_id": "0",
|
||
|
"timestamp": "1522492582",
|
||
|
"description": "File object describing a file with meta-information",
|
||
|
"distribution": "5",
|
||
|
"template_version": "7",
|
||
|
"template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215",
|
||
|
"comment": "",
|
||
|
"name": "file",
|
||
|
"uuid": "506f740b-a199-4f1e-b7ba-67e253b26d05",
|
||
|
"meta-category": "file",
|
||
|
"Attribute": [
|
||
|
{
|
||
|
"timestamp": "1522492579",
|
||
|
"value": "ff179cd437f2e4b93758adbe77e19e34610074ec",
|
||
|
"type": "sha1",
|
||
|
"to_ids": true,
|
||
|
"object_relation": "sha1",
|
||
|
"comment": "Analyzed samples",
|
||
|
"uuid": "5abf64a3-1188-4129-80df-4fee02de0b81",
|
||
|
"category": "Payload delivery"
|
||
|
},
|
||
|
{
|
||
|
"timestamp": "1522492579",
|
||
|
"value": "eb42177017e06ac8afc21f8d3b713417bf25da0f3de678a52625cf9f6bf5a050",
|
||
|
"type": "sha256",
|
||
|
"to_ids": true,
|
||
|
"object_relation": "sha256",
|
||
|
"comment": "Analyzed samples",
|
||
|
"uuid": "5abf64a3-5358-4932-b03e-4fee02de0b81",
|
||
|
"category": "Payload delivery"
|
||
|
},
|
||
|
{
|
||
|
"timestamp": "1522492580",
|
||
|
"value": "ae77ffba57049418e5a720bf77d178a5",
|
||
|
"type": "md5",
|
||
|
"to_ids": true,
|
||
|
"object_relation": "md5",
|
||
|
"comment": "Analyzed samples",
|
||
|
"uuid": "5abf64a4-371c-4b84-8a38-4fee02de0b81",
|
||
|
"category": "Payload delivery"
|
||
|
}
|
||
|
],
|
||
|
"ObjectReference": [
|
||
|
{
|
||
|
"relationship_type": "analysed-with",
|
||
|
"timestamp": "1550652109",
|
||
|
"referenced_uuid": "19044ae8-56c6-4576-b6d2-67ea8f010aa1",
|
||
|
"comment": "",
|
||
|
"uuid": "5abf64b3-f5c4-44e9-bb40-4fee02de0b81"
|
||
|
}
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"sharing_group_id": "0",
|
||
|
"timestamp": "1522492580",
|
||
|
"description": "VirusTotal report",
|
||
|
"distribution": "5",
|
||
|
"template_version": "1",
|
||
|
"template_uuid": "d7dd0154-e04f-4c34-a2fb-79f3a3a52aa4",
|
||
|
"comment": "",
|
||
|
"name": "virustotal-report",
|
||
|
"uuid": "19044ae8-56c6-4576-b6d2-67ea8f010aa1",
|
||
|
"meta-category": "misc",
|
||
|
"Attribute": [
|
||
|
{
|
||
|
"timestamp": "1522492580",
|
||
|
"value": "https://www.virustotal.com/file/eb42177017e06ac8afc21f8d3b713417bf25da0f3de678a52625cf9f6bf5a050/analysis/1522335324/",
|
||
|
"type": "link",
|
||
|
"to_ids": false,
|
||
|
"object_relation": "permalink",
|
||
|
"comment": "Analyzed samples",
|
||
|
"uuid": "5abf64a4-4468-4e18-9d35-4fee02de0b81",
|
||
|
"category": "External analysis"
|
||
|
},
|
||
|
{
|
||
|
"timestamp": "1522492581",
|
||
|
"value": "29/59",
|
||
|
"type": "text",
|
||
|
"to_ids": false,
|
||
|
"object_relation": "detection-ratio",
|
||
|
"comment": "Analyzed samples",
|
||
|
"uuid": "5abf64a5-7660-4946-bbb2-4fee02de0b81",
|
||
|
"category": "Other"
|
||
|
},
|
||
|
{
|
||
|
"timestamp": "1522492581",
|
||
|
"value": "2018-03-29 14:55:24",
|
||
|
"type": "datetime",
|
||
|
"to_ids": false,
|
||
|
"object_relation": "last-submission",
|
||
|
"comment": "Analyzed samples",
|
||
|
"uuid": "5abf64a5-0124-4e58-a6dd-4fee02de0b81",
|
||
|
"category": "Other"
|
||
|
}
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"sharing_group_id": "0",
|
||
|
"timestamp": "1522492584",
|
||
|
"description": "File object describing a file with meta-information",
|
||
|
"distribution": "5",
|
||
|
"template_version": "7",
|
||
|
"template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215",
|
||
|
"comment": "",
|
||
|
"name": "file",
|
||
|
"uuid": "ebbafa48-355a-4f73-9227-d05329f24cb7",
|
||
|
"meta-category": "file",
|
||
|
"Attribute": [
|
||
|
{
|
||
|
"timestamp": "1522492581",
|
||
|
"value": "54b13ce9069beee3cd0a2ffe3bb404d5d92144ed",
|
||
|
"type": "sha1",
|
||
|
"to_ids": true,
|
||
|
"object_relation": "sha1",
|
||
|
"comment": "Analyzed samples",
|
||
|
"uuid": "5abf64a5-9cc8-4586-b366-4fee02de0b81",
|
||
|
"category": "Payload delivery"
|
||
|
},
|
||
|
{
|
||
|
"timestamp": "1522492582",
|
||
|
"value": "aefe7a967c92cb76af1defac59d88a2d57d0c6526c94f782ac0e19935be1e30c",
|
||
|
"type": "sha256",
|
||
|
"to_ids": true,
|
||
|
"object_relation": "sha256",
|
||
|
"comment": "Analyzed samples",
|
||
|
"uuid": "5abf64a6-86a4-4a7c-ad74-4fee02de0b81",
|
||
|
"category": "Payload delivery"
|
||
|
},
|
||
|
{
|
||
|
"timestamp": "1522492582",
|
||
|
"value": "6392741705126cb97a837cbb046cfe73",
|
||
|
"type": "md5",
|
||
|
"to_ids": true,
|
||
|
"object_relation": "md5",
|
||
|
"comment": "Analyzed samples",
|
||
|
"uuid": "5abf64a6-70f0-444f-b74c-4fee02de0b81",
|
||
|
"category": "Payload delivery"
|
||
|
}
|
||
|
],
|
||
|
"ObjectReference": [
|
||
|
{
|
||
|
"relationship_type": "analysed-with",
|
||
|
"timestamp": "1550652109",
|
||
|
"referenced_uuid": "fc2df7b7-772d-4ad1-97fb-be696f3a14d2",
|
||
|
"comment": "",
|
||
|
"uuid": "5abf64b4-5f38-42a3-b89e-4fee02de0b81"
|
||
|
}
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"sharing_group_id": "0",
|
||
|
"timestamp": "1522492582",
|
||
|
"description": "VirusTotal report",
|
||
|
"distribution": "5",
|
||
|
"template_version": "1",
|
||
|
"template_uuid": "d7dd0154-e04f-4c34-a2fb-79f3a3a52aa4",
|
||
|
"comment": "",
|
||
|
"name": "virustotal-report",
|
||
|
"uuid": "fc2df7b7-772d-4ad1-97fb-be696f3a14d2",
|
||
|
"meta-category": "misc",
|
||
|
"Attribute": [
|
||
|
{
|
||
|
"timestamp": "1522492583",
|
||
|
"value": "https://www.virustotal.com/file/aefe7a967c92cb76af1defac59d88a2d57d0c6526c94f782ac0e19935be1e30c/analysis/1522121609/",
|
||
|
"type": "link",
|
||
|
"to_ids": false,
|
||
|
"object_relation": "permalink",
|
||
|
"comment": "Analyzed samples",
|
||
|
"uuid": "5abf64a7-1990-458d-a62d-4fee02de0b81",
|
||
|
"category": "External analysis"
|
||
|
},
|
||
|
{
|
||
|
"timestamp": "1522492583",
|
||
|
"value": "30/59",
|
||
|
"type": "text",
|
||
|
"to_ids": false,
|
||
|
"object_relation": "detection-ratio",
|
||
|
"comment": "Analyzed samples",
|
||
|
"uuid": "5abf64a7-7ba0-45e3-9966-4fee02de0b81",
|
||
|
"category": "Other"
|
||
|
},
|
||
|
{
|
||
|
"timestamp": "1522492583",
|
||
|
"value": "2018-03-27 03:33:29",
|
||
|
"type": "datetime",
|
||
|
"to_ids": false,
|
||
|
"object_relation": "last-submission",
|
||
|
"comment": "Analyzed samples",
|
||
|
"uuid": "5abf64a7-98c0-4d7e-9346-4fee02de0b81",
|
||
|
"category": "Other"
|
||
|
}
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"sharing_group_id": "0",
|
||
|
"timestamp": "1522492586",
|
||
|
"description": "File object describing a file with meta-information",
|
||
|
"distribution": "5",
|
||
|
"template_version": "7",
|
||
|
"template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215",
|
||
|
"comment": "",
|
||
|
"name": "file",
|
||
|
"uuid": "bf58b01a-22fa-49d9-82b7-e3bfad752bd0",
|
||
|
"meta-category": "file",
|
||
|
"Attribute": [
|
||
|
{
|
||
|
"timestamp": "1522492584",
|
||
|
"value": "cf1f9dba740778df3bea9a7903b030aa9b916d90",
|
||
|
"type": "sha1",
|
||
|
"to_ids": true,
|
||
|
"object_relation": "sha1",
|
||
|
"comment": "Analyzed samples",
|
||
|
"uuid": "5abf64a8-6470-492b-b8ea-4fee02de0b81",
|
||
|
"category": "Payload delivery"
|
||
|
},
|
||
|
{
|
||
|
"timestamp": "1522492584",
|
||
|
"value": "7aff36d38eaad0bd01d04c71dbafa4e637008be17e06397c9191826671be4964",
|
||
|
"type": "sha256",
|
||
|
"to_ids": true,
|
||
|
"object_relation": "sha256",
|
||
|
"comment": "Analyzed samples",
|
||
|
"uuid": "5abf64a8-0f50-4083-8294-4fee02de0b81",
|
||
|
"category": "Payload delivery"
|
||
|
},
|
||
|
{
|
||
|
"timestamp": "1522492584",
|
||
|
"value": "64d72c5c86d3638034cd83178abcb82f",
|
||
|
"type": "md5",
|
||
|
"to_ids": true,
|
||
|
"object_relation": "md5",
|
||
|
"comment": "Analyzed samples",
|
||
|
"uuid": "5abf64a8-8660-4174-986d-4fee02de0b81",
|
||
|
"category": "Payload delivery"
|
||
|
}
|
||
|
],
|
||
|
"ObjectReference": [
|
||
|
{
|
||
|
"relationship_type": "analysed-with",
|
||
|
"timestamp": "1550652109",
|
||
|
"referenced_uuid": "c9dec079-cde4-4d06-ac74-b79ef362ad00",
|
||
|
"comment": "",
|
||
|
"uuid": "5abf64b4-2580-4bf0-b65b-4fee02de0b81"
|
||
|
}
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"sharing_group_id": "0",
|
||
|
"timestamp": "1522492585",
|
||
|
"description": "VirusTotal report",
|
||
|
"distribution": "5",
|
||
|
"template_version": "1",
|
||
|
"template_uuid": "d7dd0154-e04f-4c34-a2fb-79f3a3a52aa4",
|
||
|
"comment": "",
|
||
|
"name": "virustotal-report",
|
||
|
"uuid": "c9dec079-cde4-4d06-ac74-b79ef362ad00",
|
||
|
"meta-category": "misc",
|
||
|
"Attribute": [
|
||
|
{
|
||
|
"timestamp": "1522492585",
|
||
|
"value": "https://www.virustotal.com/file/7aff36d38eaad0bd01d04c71dbafa4e637008be17e06397c9191826671be4964/analysis/1522274126/",
|
||
|
"type": "link",
|
||
|
"to_ids": false,
|
||
|
"object_relation": "permalink",
|
||
|
"comment": "Analyzed samples",
|
||
|
"uuid": "5abf64a9-d1d4-49a9-8a98-4fee02de0b81",
|
||
|
"category": "External analysis"
|
||
|
},
|
||
|
{
|
||
|
"timestamp": "1522492586",
|
||
|
"value": "26/49",
|
||
|
"type": "text",
|
||
|
"to_ids": false,
|
||
|
"object_relation": "detection-ratio",
|
||
|
"comment": "Analyzed samples",
|
||
|
"uuid": "5abf64aa-f510-47f9-9a22-4fee02de0b81",
|
||
|
"category": "Other"
|
||
|
},
|
||
|
{
|
||
|
"timestamp": "1522492586",
|
||
|
"value": "2018-03-28 21:55:26",
|
||
|
"type": "datetime",
|
||
|
"to_ids": false,
|
||
|
"object_relation": "last-submission",
|
||
|
"comment": "Analyzed samples",
|
||
|
"uuid": "5abf64aa-e2d8-4be0-a606-4fee02de0b81",
|
||
|
"category": "Other"
|
||
|
}
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"sharing_group_id": "0",
|
||
|
"timestamp": "1522492589",
|
||
|
"description": "File object describing a file with meta-information",
|
||
|
"distribution": "5",
|
||
|
"template_version": "7",
|
||
|
"template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215",
|
||
|
"comment": "",
|
||
|
"name": "file",
|
||
|
"uuid": "4496c403-6bc9-4d06-9f90-c56776eaaa02",
|
||
|
"meta-category": "file",
|
||
|
"Attribute": [
|
||
|
{
|
||
|
"timestamp": "1522492586",
|
||
|
"value": "a495a93bec5e5cd234dc13c680e15a5e331d19b1",
|
||
|
"type": "sha1",
|
||
|
"to_ids": true,
|
||
|
"object_relation": "sha1",
|
||
|
"comment": "Analyzed samples",
|
||
|
"uuid": "5abf64aa-0dc4-48f3-97ee-4fee02de0b81",
|
||
|
"category": "Payload delivery"
|
||
|
},
|
||
|
{
|
||
|
"timestamp": "1522492587",
|
||
|
"value": "8e4e858584704d7df6b0c3221a2b1d169f072e40aec0cc74340dbe4b6b15e60f",
|
||
|
"type": "sha256",
|
||
|
"to_ids": true,
|
||
|
"object_relation": "sha256",
|
||
|
"comment": "Analyzed samples",
|
||
|
"uuid": "5abf64ab-8654-4b9e-909a-4fee02de0b81",
|
||
|
"category": "Payload delivery"
|
||
|
},
|
||
|
{
|
||
|
"timestamp": "1522492587",
|
||
|
"value": "1eb3f344a0274bfa38c67f6b10650dcf",
|
||
|
"type": "md5",
|
||
|
"to_ids": true,
|
||
|
"object_relation": "md5",
|
||
|
"comment": "Analyzed samples",
|
||
|
"uuid": "5abf64ab-45e0-442a-8417-4fee02de0b81",
|
||
|
"category": "Payload delivery"
|
||
|
}
|
||
|
],
|
||
|
"ObjectReference": [
|
||
|
{
|
||
|
"relationship_type": "analysed-with",
|
||
|
"timestamp": "1550652109",
|
||
|
"referenced_uuid": "faaf775c-f3bc-4c06-986d-0eda27ef4706",
|
||
|
"comment": "",
|
||
|
"uuid": "5abf64b4-e394-4ff7-ab8b-4fee02de0b81"
|
||
|
}
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"sharing_group_id": "0",
|
||
|
"timestamp": "1522492587",
|
||
|
"description": "VirusTotal report",
|
||
|
"distribution": "5",
|
||
|
"template_version": "1",
|
||
|
"template_uuid": "d7dd0154-e04f-4c34-a2fb-79f3a3a52aa4",
|
||
|
"comment": "",
|
||
|
"name": "virustotal-report",
|
||
|
"uuid": "faaf775c-f3bc-4c06-986d-0eda27ef4706",
|
||
|
"meta-category": "misc",
|
||
|
"Attribute": [
|
||
|
{
|
||
|
"timestamp": "1522492587",
|
||
|
"value": "https://www.virustotal.com/file/8e4e858584704d7df6b0c3221a2b1d169f072e40aec0cc74340dbe4b6b15e60f/analysis/1522335418/",
|
||
|
"type": "link",
|
||
|
"to_ids": false,
|
||
|
"object_relation": "permalink",
|
||
|
"comment": "Analyzed samples",
|
||
|
"uuid": "5abf64ab-d81c-4d74-b375-4fee02de0b81",
|
||
|
"category": "External analysis"
|
||
|
},
|
||
|
{
|
||
|
"timestamp": "1522492588",
|
||
|
"value": "31/59",
|
||
|
"type": "text",
|
||
|
"to_ids": false,
|
||
|
"object_relation": "detection-ratio",
|
||
|
"comment": "Analyzed samples",
|
||
|
"uuid": "5abf64ac-ea60-4fcb-95bf-4fee02de0b81",
|
||
|
"category": "Other"
|
||
|
},
|
||
|
{
|
||
|
"timestamp": "1522492588",
|
||
|
"value": "2018-03-29 14:56:58",
|
||
|
"type": "datetime",
|
||
|
"to_ids": false,
|
||
|
"object_relation": "last-submission",
|
||
|
"comment": "Analyzed samples",
|
||
|
"uuid": "5abf64ac-6abc-4be2-a17a-4fee02de0b81",
|
||
|
"category": "Other"
|
||
|
}
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"sharing_group_id": "0",
|
||
|
"timestamp": "1522492591",
|
||
|
"description": "File object describing a file with meta-information",
|
||
|
"distribution": "5",
|
||
|
"template_version": "7",
|
||
|
"template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215",
|
||
|
"comment": "",
|
||
|
"name": "file",
|
||
|
"uuid": "e063f17d-444d-4129-ae42-2a5fe0de69cc",
|
||
|
"meta-category": "file",
|
||
|
"Attribute": [
|
||
|
{
|
||
|
"timestamp": "1522492589",
|
||
|
"value": "82822da7d5cf63fd472895c389d0a7e8a9e698c7",
|
||
|
"type": "sha1",
|
||
|
"to_ids": true,
|
||
|
"object_relation": "sha1",
|
||
|
"comment": "Analyzed samples",
|
||
|
"uuid": "5abf64ad-26f8-427c-9d5b-4fee02de0b81",
|
||
|
"category": "Payload delivery"
|
||
|
},
|
||
|
{
|
||
|
"timestamp": "1522492589",
|
||
|
"value": "8ab8abba46e9b64ce27b03a25dabd69706bf90e2ebede22b211a2da37676ce55",
|
||
|
"type": "sha256",
|
||
|
"to_ids": true,
|
||
|
"object_relation": "sha256",
|
||
|
"comment": "Analyzed samples",
|
||
|
"uuid": "5abf64ad-985c-4e4f-9c2b-4fee02de0b81",
|
||
|
"category": "Payload delivery"
|
||
|
},
|
||
|
{
|
||
|
"timestamp": "1522492589",
|
||
|
"value": "c52247ecffb2f7a42ef6fa0336671545",
|
||
|
"type": "md5",
|
||
|
"to_ids": true,
|
||
|
"object_relation": "md5",
|
||
|
"comment": "Analyzed samples",
|
||
|
"uuid": "5abf64ad-9d0c-479e-a23e-4fee02de0b81",
|
||
|
"category": "Payload delivery"
|
||
|
}
|
||
|
],
|
||
|
"ObjectReference": [
|
||
|
{
|
||
|
"relationship_type": "analysed-with",
|
||
|
"timestamp": "1550652109",
|
||
|
"referenced_uuid": "c825cfef-d1db-481f-a382-9735dd1720cb",
|
||
|
"comment": "",
|
||
|
"uuid": "5abf64b4-f49c-453a-a00b-4fee02de0b81"
|
||
|
}
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"sharing_group_id": "0",
|
||
|
"timestamp": "1522492590",
|
||
|
"description": "VirusTotal report",
|
||
|
"distribution": "5",
|
||
|
"template_version": "1",
|
||
|
"template_uuid": "d7dd0154-e04f-4c34-a2fb-79f3a3a52aa4",
|
||
|
"comment": "",
|
||
|
"name": "virustotal-report",
|
||
|
"uuid": "c825cfef-d1db-481f-a382-9735dd1720cb",
|
||
|
"meta-category": "misc",
|
||
|
"Attribute": [
|
||
|
{
|
||
|
"timestamp": "1522492590",
|
||
|
"value": "https://www.virustotal.com/file/8ab8abba46e9b64ce27b03a25dabd69706bf90e2ebede22b211a2da37676ce55/analysis/1522276988/",
|
||
|
"type": "link",
|
||
|
"to_ids": false,
|
||
|
"object_relation": "permalink",
|
||
|
"comment": "Analyzed samples",
|
||
|
"uuid": "5abf64ae-d24c-44f7-a725-4fee02de0b81",
|
||
|
"category": "External analysis"
|
||
|
},
|
||
|
{
|
||
|
"timestamp": "1522492590",
|
||
|
"value": "31/60",
|
||
|
"type": "text",
|
||
|
"to_ids": false,
|
||
|
"object_relation": "detection-ratio",
|
||
|
"comment": "Analyzed samples",
|
||
|
"uuid": "5abf64ae-332c-4626-86e2-4fee02de0b81",
|
||
|
"category": "Other"
|
||
|
},
|
||
|
{
|
||
|
"timestamp": "1522492590",
|
||
|
"value": "2018-03-28 22:43:08",
|
||
|
"type": "datetime",
|
||
|
"to_ids": false,
|
||
|
"object_relation": "last-submission",
|
||
|
"comment": "Analyzed samples",
|
||
|
"uuid": "5abf64ae-8c44-4904-b8c6-4fee02de0b81",
|
||
|
"category": "Other"
|
||
|
}
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"sharing_group_id": "0",
|
||
|
"timestamp": "1522492594",
|
||
|
"description": "File object describing a file with meta-information",
|
||
|
"distribution": "5",
|
||
|
"template_version": "7",
|
||
|
"template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215",
|
||
|
"comment": "",
|
||
|
"name": "file",
|
||
|
"uuid": "45b7f55b-64f2-4363-807a-aa68041fb61b",
|
||
|
"meta-category": "file",
|
||
|
"Attribute": [
|
||
|
{
|
||
|
"timestamp": "1522492591",
|
||
|
"value": "ae7a6b6235a4d827cef54152bca237a30cff9f1e",
|
||
|
"type": "sha1",
|
||
|
"to_ids": true,
|
||
|
"object_relation": "sha1",
|
||
|
"comment": "Analyzed samples",
|
||
|
"uuid": "5abf64af-ec7c-4c45-8388-4fee02de0b81",
|
||
|
"category": "Payload delivery"
|
||
|
},
|
||
|
{
|
||
|
"timestamp": "1522492591",
|
||
|
"value": "445a73d4dc4c76b73d35233b2bfba3ee178eb2605def1542c2267375db1ee24c",
|
||
|
"type": "sha256",
|
||
|
"to_ids": true,
|
||
|
"object_relation": "sha256",
|
||
|
"comment": "Analyzed samples",
|
||
|
"uuid": "5abf64af-30b8-4647-ad91-4fee02de0b81",
|
||
|
"category": "Payload delivery"
|
||
|
},
|
||
|
{
|
||
|
"timestamp": "1522492592",
|
||
|
"value": "daa0833d16cd9b6937803d1637284ad1",
|
||
|
"type": "md5",
|
||
|
"to_ids": true,
|
||
|
"object_relation": "md5",
|
||
|
"comment": "Analyzed samples",
|
||
|
"uuid": "5abf64b0-9584-4150-8795-4fee02de0b81",
|
||
|
"category": "Payload delivery"
|
||
|
}
|
||
|
],
|
||
|
"ObjectReference": [
|
||
|
{
|
||
|
"relationship_type": "analysed-with",
|
||
|
"timestamp": "1550652109",
|
||
|
"referenced_uuid": "92284358-1b21-472b-9385-89fb4fa7e8ef",
|
||
|
"comment": "",
|
||
|
"uuid": "5abf64b4-e984-46f0-86d8-4fee02de0b81"
|
||
|
}
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"sharing_group_id": "0",
|
||
|
"timestamp": "1522492592",
|
||
|
"description": "VirusTotal report",
|
||
|
"distribution": "5",
|
||
|
"template_version": "1",
|
||
|
"template_uuid": "d7dd0154-e04f-4c34-a2fb-79f3a3a52aa4",
|
||
|
"comment": "",
|
||
|
"name": "virustotal-report",
|
||
|
"uuid": "92284358-1b21-472b-9385-89fb4fa7e8ef",
|
||
|
"meta-category": "misc",
|
||
|
"Attribute": [
|
||
|
{
|
||
|
"timestamp": "1522492592",
|
||
|
"value": "https://www.virustotal.com/file/445a73d4dc4c76b73d35233b2bfba3ee178eb2605def1542c2267375db1ee24c/analysis/1522142541/",
|
||
|
"type": "link",
|
||
|
"to_ids": false,
|
||
|
"object_relation": "permalink",
|
||
|
"comment": "Analyzed samples",
|
||
|
"uuid": "5abf64b0-3598-45c7-a58c-4fee02de0b81",
|
||
|
"category": "External analysis"
|
||
|
},
|
||
|
{
|
||
|
"timestamp": "1522492593",
|
||
|
"value": "33/59",
|
||
|
"type": "text",
|
||
|
"to_ids": false,
|
||
|
"object_relation": "detection-ratio",
|
||
|
"comment": "Analyzed samples",
|
||
|
"uuid": "5abf64b1-43c4-4ce3-9e6c-4fee02de0b81",
|
||
|
"category": "Other"
|
||
|
},
|
||
|
{
|
||
|
"timestamp": "1522492593",
|
||
|
"value": "2018-03-27 09:22:21",
|
||
|
"type": "datetime",
|
||
|
"to_ids": false,
|
||
|
"object_relation": "last-submission",
|
||
|
"comment": "Analyzed samples",
|
||
|
"uuid": "5abf64b1-50c0-46e8-b52d-4fee02de0b81",
|
||
|
"category": "Other"
|
||
|
}
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"sharing_group_id": "0",
|
||
|
"timestamp": "1522492596",
|
||
|
"description": "File object describing a file with meta-information",
|
||
|
"distribution": "5",
|
||
|
"template_version": "7",
|
||
|
"template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215",
|
||
|
"comment": "",
|
||
|
"name": "file",
|
||
|
"uuid": "7eebf218-879f-46fc-a3cc-d636fd99abe7",
|
||
|
"meta-category": "file",
|
||
|
"Attribute": [
|
||
|
{
|
||
|
"timestamp": "1522492593",
|
||
|
"value": "3fd3e9a0b0e9cfceccbc0fef6eb19da2e066bc6e",
|
||
|
"type": "sha1",
|
||
|
"to_ids": true,
|
||
|
"object_relation": "sha1",
|
||
|
"comment": "Analyzed samples",
|
||
|
"uuid": "5abf64b1-c510-4852-ad72-4fee02de0b81",
|
||
|
"category": "Payload delivery"
|
||
|
},
|
||
|
{
|
||
|
"timestamp": "1522492593",
|
||
|
"value": "a0c261c86f3e46f1b6ccd5bc8f706ffe77ff70528ca7961fd8fbd6529a1be993",
|
||
|
"type": "sha256",
|
||
|
"to_ids": true,
|
||
|
"object_relation": "sha256",
|
||
|
"comment": "Analyzed samples",
|
||
|
"uuid": "5abf64b2-c4b4-4736-8ce6-4fee02de0b81",
|
||
|
"category": "Payload delivery"
|
||
|
},
|
||
|
{
|
||
|
"timestamp": "1522492594",
|
||
|
"value": "8ae2c573bc0e0492efeabe78495c591e",
|
||
|
"type": "md5",
|
||
|
"to_ids": true,
|
||
|
"object_relation": "md5",
|
||
|
"comment": "Analyzed samples",
|
||
|
"uuid": "5abf64b2-ffbc-4bf3-a80c-4fee02de0b81",
|
||
|
"category": "Payload delivery"
|
||
|
}
|
||
|
],
|
||
|
"ObjectReference": [
|
||
|
{
|
||
|
"relationship_type": "analysed-with",
|
||
|
"timestamp": "1550652109",
|
||
|
"referenced_uuid": "e91e2a7b-10e6-4190-9b38-817b7eced5b9",
|
||
|
"comment": "",
|
||
|
"uuid": "5abf64b4-e80c-4b8c-b66e-4fee02de0b81"
|
||
|
}
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"sharing_group_id": "0",
|
||
|
"timestamp": "1522492594",
|
||
|
"description": "VirusTotal report",
|
||
|
"distribution": "5",
|
||
|
"template_version": "1",
|
||
|
"template_uuid": "d7dd0154-e04f-4c34-a2fb-79f3a3a52aa4",
|
||
|
"comment": "",
|
||
|
"name": "virustotal-report",
|
||
|
"uuid": "e91e2a7b-10e6-4190-9b38-817b7eced5b9",
|
||
|
"meta-category": "misc",
|
||
|
"Attribute": [
|
||
|
{
|
||
|
"timestamp": "1522492594",
|
||
|
"value": "https://www.virustotal.com/file/a0c261c86f3e46f1b6ccd5bc8f706ffe77ff70528ca7961fd8fbd6529a1be993/analysis/1522275361/",
|
||
|
"type": "link",
|
||
|
"to_ids": false,
|
||
|
"object_relation": "permalink",
|
||
|
"comment": "Analyzed samples",
|
||
|
"uuid": "5abf64b2-c0d8-4443-8392-4fee02de0b81",
|
||
|
"category": "External analysis"
|
||
|
},
|
||
|
{
|
||
|
"timestamp": "1522492595",
|
||
|
"value": "29/59",
|
||
|
"type": "text",
|
||
|
"to_ids": false,
|
||
|
"object_relation": "detection-ratio",
|
||
|
"comment": "Analyzed samples",
|
||
|
"uuid": "5abf64b3-3f1c-4128-bddf-4fee02de0b81",
|
||
|
"category": "Other"
|
||
|
},
|
||
|
{
|
||
|
"timestamp": "1522492595",
|
||
|
"value": "2018-03-28 22:16:01",
|
||
|
"type": "datetime",
|
||
|
"to_ids": false,
|
||
|
"object_relation": "last-submission",
|
||
|
"comment": "Analyzed samples",
|
||
|
"uuid": "5abf64b3-f7e0-4ada-bc17-4fee02de0b81",
|
||
|
"category": "Other"
|
||
|
}
|
||
|
]
|
||
|
}
|
||
|
]
|
||
|
}
|
||
|
}
|