{ "Event": { "analysis": "2", "date": "2022-02-28", "extends_uuid": "", "info": "Barco Clickshare themed Emotet", "publish_timestamp": "1646061838", "published": true, "threat_level_id": "1", "timestamp": "1646061824", "uuid": "db9d401f-8ecb-44f9-a414-d57bbd21d728", "Orgc": { "name": "CUDESO", "uuid": "56c42374-fdb8-4544-a218-41ffc0a8ab16" }, "Tag": [ { "colour": "#211c82", "local": "0", "name": "misp-galaxy:mitre-attack-pattern=\"Standard Cryptographic Protocol - T1032\"", "relationship_type": "" }, { "colour": "#0088cc", "local": "0", "name": "misp-galaxy:mitre-attack-pattern=\"Scripting - T1064\"", "relationship_type": "" }, { "colour": "#c12cd5", "local": "0", "name": "misp-galaxy:mitre-attack-pattern=\"NTFS File Attributes - T1096\"", "relationship_type": "" }, { "colour": "#0088cc", "local": "0", "name": "misp-galaxy:mitre-malware=\"Emotet - S0367\"", "relationship_type": "" }, { "colour": "#ffffff", "local": "0", "name": "tlp:white", "relationship_type": "" } ], "Attribute": [ { "category": "Other", "comment": "ZIP password", "deleted": false, "disable_correlation": false, "timestamp": "1646061692", "to_ids": false, "type": "comment", "uuid": "38b6c94c-fff1-4369-a12b-f10a9e62e6a6", "value": "IPBPEBMCC" } ], "Object": [ { "comment": "", "deleted": false, "description": "A domain/hostname and IP address seen as a tuple in a specific time frame.", "meta-category": "network", "name": "domain-ip", "template_uuid": "43b3b146-77eb-4931-b4cc-b66c60f28734", "template_version": "9", "timestamp": "1646061500", "uuid": "cc2cddda-ba04-40b7-8ec2-b615e16443bc", "Attribute": [ { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "domain", "timestamp": "1646061328", "to_ids": true, "type": "domain", "uuid": "08534b2a-9b8b-43f5-9b0a-553ca27e1477", "value": "carretilha.net" }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ip", "timestamp": "1646061497", "to_ids": false, "type": "ip-dst", "uuid": "948ebe20-63d4-42e8-91fa-7a0041a07e09", "value": "172.67.199.154" }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ip", "timestamp": "1646061500", "to_ids": false, "type": "ip-dst", "uuid": "a76d7bc6-6dfe-484d-8683-4d14330d98f0", "value": "104.21.36.209" } ] }, { "comment": "", "deleted": false, "description": "A domain/hostname and IP address seen as a tuple in a specific time frame.", "meta-category": "network", "name": "domain-ip", "template_uuid": "43b3b146-77eb-4931-b4cc-b66c60f28734", "template_version": "9", "timestamp": "1646061505", "uuid": "41b3d17d-8ffe-4bd2-ba44-e50f21cecbf7", "Attribute": [ { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "domain", "timestamp": "1646061487", "to_ids": true, "type": "domain", "uuid": "691e94b5-1d35-4e7e-bf7d-fbc5d5e43958", "value": "shrinandrajoverseas.com" }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ip", "timestamp": "1646061503", "to_ids": false, "type": "ip-dst", "uuid": "cf6d7ab3-9d0b-48ca-be9e-38d01e085b14", "value": "104.21.46.175" }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ip", "timestamp": "1646061505", "to_ids": false, "type": "ip-dst", "uuid": "e5c0ac7d-dc38-4120-bf80-3c298bbb8a73", "value": "172.67.168.206" } ] }, { "comment": "", "deleted": false, "description": "A domain/hostname and IP address seen as a tuple in a specific time frame.", "meta-category": "network", "name": "domain-ip", "template_uuid": "43b3b146-77eb-4931-b4cc-b66c60f28734", "template_version": "9", "timestamp": "1646061483", "uuid": "5e87f62d-677f-47fc-9b88-7395d84a5bd7", "Attribute": [ { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "domain", "timestamp": "1646061483", "to_ids": true, "type": "domain", "uuid": "fb456f58-3611-4f82-96d1-357976e80c37", "value": "zionimoveis.com.br" }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ip", "timestamp": "1646061328", "to_ids": true, "type": "ip-dst", "uuid": "398b7f3d-b958-4252-852e-927b24e26981", "value": "177.53.140.227" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "timestamp": "1646061479", "uuid": "9d4b6d86-ba0d-46af-bb67-4dc6fede1c66", "Attribute": [ { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1646061328", "to_ids": false, "type": "size-in-bytes", "uuid": "0058d08b-b348-4df8-8f70-809753450695", "value": "177714" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1646061468", "to_ids": true, "type": "md5", "uuid": "8f9138cb-79aa-4b45-9e07-d45c91a4fa76", "value": "a6adcffa89ac8515c3d6c9d8cf133eb3" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1646061471", "to_ids": true, "type": "sha1", "uuid": "e4d39201-7b64-4066-8b8b-6f5901c022bb", "value": "087df326a5d188c51ec6a26ca30e23e849421844" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1646061475", "to_ids": true, "type": "sha256", "uuid": "5dfd9bf4-28b8-4606-852f-c0ca6be36f85", "value": "9e9c3c733c6ab580ef3541f4a420e4996d24d683dd8aa8095a052297cb38df14" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1646061479", "to_ids": true, "type": "ssdeep", "uuid": "11269cc3-5b1c-496f-b41a-92c24a8453f9", "value": "3072:HUlKwtyfsBMtuqBqBqrhyqBqBqBqrhyqmBqenFZRmXANKXg7e79ElHIcp4Gg7SpB:H+KwtyfsBMtuqBqBqrhyqBqBqBqrhyqU" }, { "category": "Artifacts dropped", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "mimetype", "timestamp": "1646061328", "to_ids": false, "type": "mime-type", "uuid": "7cf91065-0bfd-4785-aae2-c390e8a4100d", "value": "application/vnd.openxmlformats-officedocument.spreadsheetml.sheet" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1646061328", "to_ids": true, "type": "filename", "uuid": "a86bfd2e-ad1c-4926-8e2e-c6911bfa68dc", "value": "payment with a new address.xlsm" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "fullpath", "timestamp": "1646061328", "to_ids": false, "type": "text", "uuid": "5cea02ea-861f-409c-8205-c9624d9a9071", "value": "%USERPROFILE%\\desktop\\payment\u00a0with\u00a0a\u00a0new\u00a0address.xlsm" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1646061328", "to_ids": true, "type": "filename", "uuid": "b10b1a59-1f72-48b1-aa63-baf6e3187b5b", "value": "payment with a new address.xlsm" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "fullpath", "timestamp": "1646061328", "to_ids": false, "type": "text", "uuid": "36f04062-9da6-4928-b3ef-d26c9c9b1e7a", "value": "%USERPROFILE%\\desktop\\payment\u00a0with\u00a0a\u00a0new\u00a0address.xlsm" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1646061328", "to_ids": true, "type": "filename", "uuid": "5b3d516a-3ad8-4f3c-9a69-46c0722cdf23", "value": "payment with a new address.xlsm" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "fullpath", "timestamp": "1646061328", "to_ids": false, "type": "text", "uuid": "9c5a1410-1d23-406c-83b9-1c58770822cc", "value": "%USERPROFILE%\\desktop\\payment\u00a0with\u00a0a\u00a0new\u00a0address.xlsm" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1646061328", "to_ids": true, "type": "filename", "uuid": "29b0cc03-b1a5-4dc8-b479-4dc445653d51", "value": "payment with a new address.xlsm" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "fullpath", "timestamp": "1646061328", "to_ids": false, "type": "text", "uuid": "9026b0e4-988b-4104-989c-a912d0ab0fde", "value": "%USERPROFILE%\\desktop\\payment\u00a0with\u00a0a\u00a0new\u00a0address.xlsm" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1646061328", "to_ids": true, "type": "filename", "uuid": "d8a7f55b-48c9-4792-96a8-5e4e22cd99b3", "value": "payment with a new address.xlsm" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "fullpath", "timestamp": "1646061328", "to_ids": false, "type": "text", "uuid": "c40e13d4-3ca3-42ef-9f5f-9349da517f19", "value": "%USERPROFILE%\\desktop\\payment\u00a0with\u00a0a\u00a0new\u00a0address.xlsm" } ] }, { "comment": "", "deleted": false, "description": "url object describes an url along with its normalized field (like extracted using faup parsing library) and its metadata.", "meta-category": "network", "name": "url", "template_uuid": "60efb77b-40b5-4c46-871b-ed1ed999fce5", "template_version": "9", "timestamp": "1646061461", "uuid": "f8361773-c960-4323-a87f-823772bef284", "Attribute": [ { "category": "Network activity", "comment": "Operations: get", "deleted": false, "disable_correlation": false, "object_relation": "url", "timestamp": "1646061461", "to_ids": false, "type": "url", "uuid": "309da9c4-38ab-4cc2-9ae9-46a908d27c8b", "value": "http://vps36153.publiccloud.com.br/wp-admin/RfAZZ776uMNhSpOT/" }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "domain", "timestamp": "1646061328", "to_ids": false, "type": "domain", "uuid": "9c3b3163-db41-4bd8-9329-43837b4a6e19", "value": "vps36153.publiccloud.com.br" }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ip", "timestamp": "1646061328", "to_ids": false, "type": "ip-dst", "uuid": "d2088a71-26bb-466d-9a45-7dc1ded75933", "value": "191.252.223.79" } ] }, { "comment": "", "deleted": false, "description": "url object describes an url along with its normalized field (like extracted using faup parsing library) and its metadata.", "meta-category": "network", "name": "url", "template_uuid": "60efb77b-40b5-4c46-871b-ed1ed999fce5", "template_version": "9", "timestamp": "1646061447", "uuid": "7a825b83-d0de-4e48-98ac-dc3b1a01ea8e", "Attribute": [ { "category": "Network activity", "comment": "Operations: get", "deleted": false, "disable_correlation": false, "object_relation": "url", "timestamp": "1646061447", "to_ids": false, "type": "url", "uuid": "79d7e046-7b9a-44e4-a4fb-d1acaaa9a2cc", "value": "https://carretilha.net/whats/RSL50BlRP0a6hj/" }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "domain", "timestamp": "1646061328", "to_ids": false, "type": "domain", "uuid": "6fed3aa4-144f-43d8-ab21-450785750b43", "value": "carretilha.net" }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ip", "timestamp": "1646061328", "to_ids": false, "type": "ip-dst", "uuid": "edcff0f5-6ba1-4273-8c1a-d40cbd32d35c", "value": "172.67.199.154" }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ip", "timestamp": "1646061328", "to_ids": false, "type": "ip-dst", "uuid": "70ba48ba-524e-47a4-be66-08ec663ab8d6", "value": "104.21.36.209" } ] }, { "comment": "", "deleted": false, "description": "url object describes an url along with its normalized field (like extracted using faup parsing library) and its metadata.", "meta-category": "network", "name": "url", "template_uuid": "60efb77b-40b5-4c46-871b-ed1ed999fce5", "template_version": "9", "timestamp": "1646061444", "uuid": "7169f422-0479-4f9a-86a2-61e8ad725549", "Attribute": [ { "category": "Network activity", "comment": "Operations: get", "deleted": false, "disable_correlation": false, "object_relation": "url", "timestamp": "1646061444", "to_ids": false, "type": "url", "uuid": "49b23e38-aded-4abf-8816-95e95dc94f49", "value": "https://shrinandrajoverseas.com/old/wQXty0wnVDY/" }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "domain", "timestamp": "1646061328", "to_ids": false, "type": "domain", "uuid": "e4cf27ee-c4bb-4d9f-8e20-fd3258f98b4c", "value": "shrinandrajoverseas.com" }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ip", "timestamp": "1646061328", "to_ids": false, "type": "ip-dst", "uuid": "67d20c28-bf4b-410c-9d5d-68437aea7ad0", "value": "104.21.46.175" }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ip", "timestamp": "1646061328", "to_ids": false, "type": "ip-dst", "uuid": "5bb182e4-cbd8-472f-95c5-ceaad014b7cb", "value": "172.67.168.206" } ] }, { "comment": "", "deleted": false, "description": "url object describes an url along with its normalized field (like extracted using faup parsing library) and its metadata.", "meta-category": "network", "name": "url", "template_uuid": "60efb77b-40b5-4c46-871b-ed1ed999fce5", "template_version": "9", "timestamp": "1646061440", "uuid": "2935fb10-087b-4033-b723-ee2f65fa6f01", "Attribute": [ { "category": "Network activity", "comment": "Operations: get", "deleted": false, "disable_correlation": false, "object_relation": "url", "timestamp": "1646061440", "to_ids": false, "type": "url", "uuid": "8dd75f29-f9ab-414c-9f07-7fa2d5a5febb", "value": "https://zionimoveis.com.br/wp-content/Bn00gaw/" }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "domain", "timestamp": "1646061328", "to_ids": false, "type": "domain", "uuid": "64df2f50-e744-4958-b5e0-3b385fc18b4e", "value": "zionimoveis.com.br" }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ip", "timestamp": "1646061328", "to_ids": false, "type": "ip-dst", "uuid": "506d4517-d8d8-4f02-9c5e-dccc54b320af", "value": "177.53.140.227" } ] }, { "comment": "", "deleted": false, "description": "url object describes an url along with its normalized field (like extracted using faup parsing library) and its metadata.", "meta-category": "network", "name": "url", "template_uuid": "60efb77b-40b5-4c46-871b-ed1ed999fce5", "template_version": "9", "timestamp": "1646061436", "uuid": "55c89a64-9a05-4508-b0d3-b6285f3d9b22", "Attribute": [ { "category": "Network activity", "comment": "Operations: get", "deleted": false, "disable_correlation": false, "object_relation": "url", "timestamp": "1646061436", "to_ids": false, "type": "url", "uuid": "e67124d8-8d90-42dc-80f5-6f6040da4227", "value": "https://kontacsgo.pl/m/uwZYNUjGeWW/" }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "domain", "timestamp": "1646061328", "to_ids": false, "type": "domain", "uuid": "b3092d4a-888f-487d-ba8c-f1662c9e9694", "value": "kontacsgo.pl" }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ip", "timestamp": "1646061328", "to_ids": false, "type": "ip-dst", "uuid": "c98b5d30-7fa0-46c6-a5c7-97d2982068ad", "value": "92.222.73.151" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "timestamp": "1646061429", "uuid": "a4dfb0f4-8c90-45a1-8abc-f3617c08370b", "Attribute": [ { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1646061328", "to_ids": false, "type": "size-in-bytes", "uuid": "ca345d2b-6253-416c-86cc-e527e528a15f", "value": "524288" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1646061422", "to_ids": true, "type": "md5", "uuid": "1dbcd154-33ab-4b1e-a8ac-0c9040401bbe", "value": "7db78c2dcff6bfe9cf360422d685c747" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1646061425", "to_ids": true, "type": "sha1", "uuid": "d3982844-55f2-4bf5-a474-7f702183ec85", "value": "0db98984c22026d5a2b82f759775338491147239" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1646061429", "to_ids": true, "type": "sha256", "uuid": "cae29fd1-f6df-43b8-acb1-10b8440dfc77", "value": "a4208c820dc8d87c2e4900a2fc5b1b41cf8e1b0786e7b7c6e64fbb75326665f8" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1646061418", "to_ids": true, "type": "ssdeep", "uuid": "042ffd48-2eb7-47e0-abf2-a40d1140e0f8", "value": "12288:lVQtkBkJDg2fwP3bYaTn5JbEDW78XUlNozF:nQvg2fwvbhrEDWLk" }, { "category": "Artifacts dropped", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "mimetype", "timestamp": "1646061328", "to_ids": false, "type": "mime-type", "uuid": "4b400c77-ade9-4102-8bb9-2259dcade1a5", "value": "application/vnd.microsoft.portable-executable" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1646061328", "to_ids": true, "type": "filename", "uuid": "db7c94ec-472d-49ae-9541-4c81378811e9", "value": "kxpvfk9vfdrr[1].dll" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "fullpath", "timestamp": "1646061328", "to_ids": false, "type": "text", "uuid": "5130f1f6-3d6b-436b-9b6d-72d582239435", "value": "%USERPROFILE%\\appdata\\local\\microsoft\\windows\\inetcache\\ie\\01iqfhlj\\kxpvfk9vfdrr[1].dll" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1646061328", "to_ids": true, "type": "filename", "uuid": "387dd8e8-afcc-4534-8b3e-643605a519cf", "value": "xxw1.ocx" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "fullpath", "timestamp": "1646061328", "to_ids": false, "type": "text", "uuid": "ac39bc45-cdbc-4442-b78b-ffbea22aee67", "value": "%USERPROFILE%\\xxw1.ocx" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1646061328", "to_ids": true, "type": "filename", "uuid": "ab020807-bce6-4a8e-afe9-17b931476255", "value": "gsbmnbfdntovf.cre" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "fullpath", "timestamp": "1646061328", "to_ids": false, "type": "text", "uuid": "03b970a5-f565-4b73-aece-f215c91b866d", "value": "%USERPROFILE%\\appdata\\local\\efcvdmhupkkqbtxa\\gsbmnbfdntovf.cre" } ] }, { "comment": "", "deleted": false, "description": "Object describing a system process.", "meta-category": "misc", "name": "process", "template_uuid": "02aeef94-ac23-455c-addb-731757ceafb5", "template_version": "8", "timestamp": "1646061408", "uuid": "ec08bbca-ba5f-4f88-967e-02393c9795bf", "Attribute": [ { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "pid", "timestamp": "1646061328", "to_ids": false, "type": "text", "uuid": "0663bc74-f7ea-4daa-9205-5f7e03f2fbef", "value": "4196" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "parent-pid", "timestamp": "1646061328", "to_ids": false, "type": "text", "uuid": "af211db0-7da1-408f-91b2-7fdba6bf2925", "value": "1" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "name", "timestamp": "1646061404", "to_ids": false, "type": "text", "uuid": "fb019916-f7c4-4f2a-9b99-4d3ff457bcff", "value": "%WINDIR%\\syswow64\\regsvr32.exe" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "command-line", "timestamp": "1646061408", "to_ids": false, "type": "text", "uuid": "5bda6880-29eb-4033-af94-170680adc820", "value": "%WINDIR%\\SysWow64\\regsvr32.exe\u00a0/s\u00a0..\\xxw1.ocx" } ] }, { "comment": "", "deleted": false, "description": "Object describing a system process.", "meta-category": "misc", "name": "process", "template_uuid": "02aeef94-ac23-455c-addb-731757ceafb5", "template_version": "8", "timestamp": "1646061389", "uuid": "ed85add1-810f-4061-ac91-e94cc2aab3e6", "Attribute": [ { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "pid", "timestamp": "1646061328", "to_ids": false, "type": "text", "uuid": "5b8a49bc-5191-4826-a8d7-bdd3d860db25", "value": "5088" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "parent-pid", "timestamp": "1646061328", "to_ids": false, "type": "text", "uuid": "c602c049-acca-4daf-88de-4b4d04bcf462", "value": "2" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "name", "timestamp": "1646061384", "to_ids": false, "type": "text", "uuid": "56ae0dd3-4ee3-436c-9295-bd3619d857f4", "value": "%WINDIR%\\syswow64\\regsvr32.exe" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "command-line", "timestamp": "1646061389", "to_ids": false, "type": "text", "uuid": "d2ea6316-989c-4431-b810-bb41d71f6ca6", "value": "%WINDIR%\\SysWOW64\\regsvr32.exe\u00a0/s\u00a0\"%LOCALAPPDATA%\\Efcvdmhupkkqbtxa\\gsbmnbfdntovf.cre\"" } ] }, { "comment": "", "deleted": false, "description": "Email object describing an email with meta-information", "meta-category": "network", "name": "email", "template_uuid": "a0c666e0-fc65-4be8-b48f-3423d788b552", "template_version": "15", "timestamp": "1646061642", "uuid": "1662e9c9-0971-4faa-8d45-e2ebd268abdc", "Attribute": [ { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "email-body", "timestamp": "1646061642", "to_ids": false, "type": "email-body", "uuid": "82fe831e-8f4a-4dd3-ad5a-45aa9572d4a3", "value": "\r\n
\r\n\r\n\r\n\r\nBarco Clickshare solution for wireless collaborating\r\n\r\n\r\n \r\n \r\n \r\n \r\n\r\n\r\n" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "from", "timestamp": "1646061642", "to_ids": true, "type": "email-src", "uuid": "9b508170-b9fa-4e66-8fe5-cebb5fd5741b", "value": "aline@mettaplanejados.com.br" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "from-display-name", "timestamp": "1646061642", "to_ids": false, "type": "email-src-display-name", "uuid": "20db1deb-a1c8-4132-a156-d5c92c6c9f64", "value": "Fawaz Fuji" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "subject", "timestamp": "1646061642", "to_ids": false, "type": "email-subject", "uuid": "906cbd44-ae34-425a-870b-8900dce4bd12", "value": "RE: Barco Clickshare solution for wireless collaborating" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "return-path", "timestamp": "1646061642", "to_ids": true, "type": "email-src", "uuid": "e2c8355c-0430-4842-9054-14a053f5ef1b", "value": "aline@mettaplanejados.com.br" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "message-id", "timestamp": "1646061642", "to_ids": false, "type": "email-message-id", "uuid": "d078a7f0-b31e-4f84-af00-30cebd6853b9", "value": "<20220228110907.51A3B74017C@proxy.email-ssl.com.br>" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "timestamp": "1646061765", "uuid": "37fe6eb6-94b2-4d9e-8bd4-c295e2806b5d", "Attribute": [ { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1646061765", "to_ids": true, "type": "sha1", "uuid": "1b1cbd4f-ccb0-446d-97f6-26629d7a2d6a", "value": "496fa613913f7557ea0282e1011ad0b9d897ee9b" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1646061765", "to_ids": true, "type": "md5", "uuid": "fbfebb6c-a194-441c-ba39-8e75224c61e7", "value": "255563130642dc72ca8ee7fa9069a465" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1646061765", "to_ids": true, "type": "sha256", "uuid": "f0abf739-5b8d-41af-a0ba-50facb133622", "value": "7e1a4fc02d1c5cd3c3cf996ffecb916a703364572f8db4aab1c577cc821f3073" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "filename", "timestamp": "1646061765", "to_ids": true, "type": "filename", "uuid": "30b01f18-7247-47bf-bb2e-ad712a7c4e11", "value": "Payment with a new address.zip" } ] } ] } }
\r\n--\r\n \r\n\r\n\r\n
\r\n