{ "Event": { "analysis": "0", "date": "2023-07-24", "extends_uuid": "", "info": "[CERT-FR] FIN12 : un groupe cybercriminel aux multiples ran\u00e7ongiciels", "protected": false, "publish_timestamp": "0", "published": false, "threat_level_id": "4", "timestamp": "1698683735", "uuid": "64be448c-53f0-4e74-a53d-4c3d0abe1822", "Orgc": { "name": "CERT-FR", "uuid": "56bdf779-46f8-4353-bdf9-2bb95bce2212" }, "Tag": [ { "colour": "#f89595", "local": false, "name": "fr-classif:non-classifiees=\"NON-CLASSIFIEES\"", "relationship_type": "" }, { "colour": "#ffffff", "local": false, "name": "tlp:clear", "relationship_type": "" }, { "colour": "#ffffff", "local": false, "name": "PAP:CLEAR", "relationship_type": "" }, { "colour": "#00714f", "local": false, "name": "cert-fr:fiabilite=\"Bonne\"", "relationship_type": "" } ], "Attribute": [ { "category": "Other", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1690190988", "to_ids": true, "type": "comment", "uuid": "a900d076-bfce-41c6-a991-bc5c5fb84554", "value": "Marqueurs syst\u00e8me et r\u00e9seau issus des investigations sur une compromission par le mode op\u00e9ratoire FIN12", "Tag": [ { "colour": "#00af7a", "local": false, "name": "DescriptionTechnique", "relationship_type": "" } ] }, { "category": "Network activity", "comment": "Serveur C2 Cobalt Strike. Relevance:[2022-11-24;]", "deleted": false, "disable_correlation": false, "timestamp": "1690190988", "to_ids": true, "type": "domain", "uuid": "679319be-9e93-42cb-815b-1d43393b9956", "value": "getinteriorartstudio.com" }, { "category": "Network activity", "comment": "Serveur C2 Cobalt Strike. Relevance:[2022-11-24;]", "deleted": false, "disable_correlation": false, "timestamp": "1690190988", "to_ids": true, "type": "domain", "uuid": "3177472a-ce67-4646-96f7-a895ee4ba382", "value": "performernews.com" }, { "category": "Network activity", "comment": "Serveur C2 Cobalt Strike. Relevance:[2022-11-24;]", "deleted": false, "disable_correlation": false, "timestamp": "1690190989", "to_ids": true, "type": "domain", "uuid": "f24fd852-df73-4745-8fa0-21c344f78b5a", "value": "texasflooddesign.com" }, { "category": "Network activity", "comment": "Serveur C2 Cobalt Strike. Relevance:[2022-11-24;]", "deleted": false, "disable_correlation": false, "timestamp": "1690190989", "to_ids": true, "type": "domain", "uuid": "1b584f48-75b8-4110-ab35-27634170c5c3", "value": "tumbleproperty.com" }, { "category": "Network activity", "comment": "Serveur C2 Cobalt Strike. Relevance:[2023-01-09;]", "deleted": false, "disable_correlation": false, "timestamp": "1690190989", "to_ids": true, "type": "domain", "uuid": "8a9ecc7d-6994-4967-ac17-9c25d4194aea", "value": "purpleinfluenceonline.com" }, { "category": "Network activity", "comment": "Serveur C2 Cobalt Strike. Relevance:[2023-01-09;]", "deleted": false, "disable_correlation": false, "timestamp": "1690190989", "to_ids": true, "type": "domain", "uuid": "56c8d52a-e1d8-4a4d-8077-cbc0603df580", "value": "realversedesign.com" }, { "category": "Network activity", "comment": "Serveur C2 Cobalt Strike. Relevance:[2023-01-09;]", "deleted": false, "disable_correlation": false, "timestamp": "1690190989", "to_ids": true, "type": "domain", "uuid": "84312c6f-a8c7-4fa8-9892-5ae0d7eb6d46", "value": "tributepower.com" }, { "category": "Network activity", "comment": "Serveur C2 Cobalt Strike. Relevance:[2023-01-09;]", "deleted": false, "disable_correlation": false, "timestamp": "1690190989", "to_ids": true, "type": "domain", "uuid": "00c3b635-bbb0-4f97-82a0-0cf00f0df688", "value": "youthconscience.com" }, { "category": "Network activity", "comment": "Serveur C2 Cobalt Strike. Relevance:[2023-03-13;]", "deleted": false, "disable_correlation": false, "timestamp": "1690190989", "to_ids": true, "type": "domain", "uuid": "4422e2d2-b2b9-4f70-844b-f54903a7ac94", "value": "herbswallow.com" }, { "category": "Network activity", "comment": "Serveur C2 Cobalt Strike. Relevance:[2023-03-16;]", "deleted": false, "disable_correlation": false, "timestamp": "1690190989", "to_ids": true, "type": "domain", "uuid": "f3416a8f-4d32-4011-9906-2d3f5b207354", "value": "jacketsupport.com" }, { "category": "Network activity", "comment": "Serveur C2 Cobalt Strike. Relevance:[2023-03-16;]", "deleted": false, "disable_correlation": false, "timestamp": "1690190989", "to_ids": true, "type": "domain", "uuid": "3e1be46f-76ed-4d8d-b4bb-7b00cadfa658", "value": "psychologymax.com" }, { "category": "Network activity", "comment": "Serveur C2 Cobalt Strike. Relevance:[2023-03-29;]", "deleted": false, "disable_correlation": false, "timestamp": "1690190989", "to_ids": true, "type": "domain", "uuid": "c6791a8c-ba9c-429f-89ba-3eb2dcc81f6b", "value": "mirrordirectory.com" }, { "category": "Network activity", "comment": "Serveur C2 SystemBC. Relevance:[2023-02-06;2023-04-30]", "deleted": false, "disable_correlation": false, "timestamp": "1690190989", "to_ids": true, "type": "ip-dst", "uuid": "fbc2282e-3285-41f5-a22d-ed02a19ab675", "value": "149.28.197.120" }, { "category": "Network activity", "comment": "Serveur C2 SystemBC. Relevance:[2023-02-06;2023-04-30]", "deleted": false, "disable_correlation": false, "timestamp": "1690190989", "to_ids": true, "type": "ip-dst", "uuid": "425a95e8-1311-4178-b73f-13cf075d00b1", "value": "149.28.213.157" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1690272052", "to_ids": true, "type": "comment", "uuid": "746f28e7-c6f3-4ff6-8320-55de2cca0303", "value": "2022-11-01", "Tag": [ { "colour": "#000000", "local": false, "name": "cert-fr:relevantTimespan=\"from\"", "relationship_type": "" } ] } ], "Object": [ { "comment": "CVE-2021-34527", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "15", "timestamp": "1690190989", "uuid": "e2432b37-54eb-47ce-8fe1-eb7fc2a36d4b", "Attribute": [ { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1690190989", "to_ids": true, "type": "filename", "uuid": "fbeb79fb-e80d-489b-a2ae-87775c37b889", "value": "MakeMeGood.bat", "Tag": [ { "colour": "#00714f", "local": false, "name": "cossi:fiabilite=\"Bonne\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1690190989", "to_ids": true, "type": "md5", "uuid": "521a7f81-c78e-460a-bef6-bbf443c4b7ef", "value": "ed13ef43dfc1b21e9ac00bfc17911082" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1690190989", "to_ids": true, "type": "sha1", "uuid": "ce0bc67a-5d88-4fe4-8a30-3f25c070fb83", "value": "df12386df2c0fcf65522282914424d63da962d79" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1690190989", "to_ids": true, "type": "sha256", "uuid": "1e6bd6e3-353d-48f8-ad3d-a5afd506c1f2", "value": "b6d7b88ed63e0566cba5933152dfd6d0b59dfe3f0354f81e63e869bf9a90cc9f" } ] }, { "comment": "CVE-2021-34527", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "15", "timestamp": "1690190989", "uuid": "15d3847d-1323-48cb-a2f2-8b1e37d39411", "Attribute": [ { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1690190989", "to_ids": true, "type": "filename", "uuid": "d6293150-d2c0-4a2d-b295-ac44f23a8075", "value": "CreShar.exe", "Tag": [ { "colour": "#00714f", "local": false, "name": "cossi:fiabilite=\"Bonne\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1690190989", "to_ids": true, "type": "md5", "uuid": "9d83bec8-a72e-461b-a3b8-5497a221d181", "value": "4cf7407ac82441b28166b8a96233e223" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1690190989", "to_ids": true, "type": "sha1", "uuid": "d21c8088-5826-4aa2-ba03-d625d07b5e4e", "value": "a00ebf699ea0759e7bf4af65dddd741133c38484" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1690190989", "to_ids": true, "type": "sha256", "uuid": "21a1e3c3-1996-4a6a-bbf4-cc744fff6a65", "value": "b551ed1aa0fcf5eb7479ab29b7cb7882b4e93be3e003ee15edf0803598b4914d" } ] }, { "comment": "CVE-2021-34527", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "15", "timestamp": "1690190989", "uuid": "bd28a87f-ac6d-4750-83f8-5fed64e1856a", "Attribute": [ { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1690190989", "to_ids": true, "type": "filename", "uuid": "1851890c-7b3c-467e-9764-2b47531456a5", "value": "spider_32.dll", "Tag": [ { "colour": "#00714f", "local": false, "name": "cossi:fiabilite=\"Bonne\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1690190989", "to_ids": true, "type": "md5", "uuid": "485908ae-e86c-4413-a408-e5a5520b604c", "value": "f635d1c916a7c56678f08d1d998e7ce4" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1690190989", "to_ids": true, "type": "sha1", "uuid": "aea71116-834f-4141-bf84-366096290f1a", "value": "35ff55bcf493e1b936dc6e978a981ee2a75543a1" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1690190989", "to_ids": true, "type": "sha256", "uuid": "f5655c2d-a6ce-4a4d-81f5-e94843538daf", "value": "4f4864a1d5f19a3c5552d80483526f3413497835549dce8c61fef116b666fa09" } ] }, { "comment": "CVE-2021-34527", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "15", "timestamp": "1690190989", "uuid": "3d5678e6-6074-4d21-aef6-8d62df755e86", "Attribute": [ { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1690190989", "to_ids": true, "type": "filename", "uuid": "671b1429-39b5-438b-806d-5933e2f55406", "value": "spider.dll", "Tag": [ { "colour": "#00714f", "local": false, "name": "cossi:fiabilite=\"Bonne\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1690190989", "to_ids": true, "type": "md5", "uuid": "04036e5d-9f2a-4fab-8197-616cea8c2ece", "value": "30a6cd2673ef5b2cb18f142780a5b4a3" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1690190989", "to_ids": true, "type": "sha1", "uuid": "63a46a79-bb66-4473-98e1-f9d8043bbbaf", "value": "1e0ec6994400413c7899cd5c59bdbd6397dea7b5" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1690190989", "to_ids": true, "type": "sha256", "uuid": "ccf0bedc-aff5-4fc8-9d70-129715ad1f1f", "value": "90cdcf54bbaeb9c5c4afc9b74b48b13e293746ee8858c033fc9d365fd4074018" } ] }, { "comment": "CVE-2021-34527", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "15", "timestamp": "1690190989", "uuid": "13a7b94c-1287-4b8a-a172-9dd9173e8c84", "Attribute": [ { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1690190989", "to_ids": true, "type": "filename", "uuid": "5ed8a595-1bee-461a-8fcc-e2cbb0bb8eae", "value": "spn_nf3.exe", "Tag": [ { "colour": "#00714f", "local": false, "name": "cossi:fiabilite=\"Bonne\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1690190989", "to_ids": true, "type": "md5", "uuid": "beea27c2-b7b6-4168-9cfd-82e5096693bc", "value": "c0272384cd2aaa0bdf6f59e7398d0469" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1690190989", "to_ids": true, "type": "sha1", "uuid": "537fb1f1-0f61-4e3c-b61d-7fae219ad889", "value": "58cb839dbc0232874b6fed9a354d4cc6d355cbac" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1690190989", "to_ids": true, "type": "sha256", "uuid": "0c7fc765-f2bc-4a9b-b381-df6ac682811b", "value": "c32882ccc3d705f1f9507029226f3082f9741a82ae1edb3266d1a5405661b8f0" } ] }, { "comment": "CVE-2021-34527", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "15", "timestamp": "1690190989", "uuid": "74e80a24-7213-4f19-a7c6-b51115f97131", "Attribute": [ { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1690190989", "to_ids": true, "type": "filename", "uuid": "e07ea2ca-3cb4-46ff-bb58-08b8aa4a3ff5", "value": "spn.exe", "Tag": [ { "colour": "#00714f", "local": false, "name": "cossi:fiabilite=\"Bonne\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1690190989", "to_ids": true, "type": "md5", "uuid": "10002e83-4939-4ed1-889a-c7125f426558", "value": "02544881b55d9d20b0e4cf622b422826" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1690190989", "to_ids": true, "type": "sha1", "uuid": "487fc2a8-e761-400f-93c8-beaea66cc2a8", "value": "68a07540fbf58fe743636b7fc8f0370c84134eb3" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1690190990", "to_ids": true, "type": "sha256", "uuid": "6c22c10b-d468-4de8-adf2-44c55d8e56cd", "value": "8cddd658870e63bb39c46c77108ab864f23d6b00b38f527201efe9cef0bcbc11" } ] }, { "comment": "CVE-2021-34527", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "15", "timestamp": "1690190990", "uuid": "e6016e99-36c2-41a2-b91d-5b952e925213", "Attribute": [ { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1690190990", "to_ids": true, "type": "filename", "uuid": "4610f3ba-7ca8-4f21-8013-f4efe2d938cc", "value": "Step2-RunAsUser.bat", "Tag": [ { "colour": "#00714f", "local": false, "name": "cossi:fiabilite=\"Bonne\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1690190990", "to_ids": true, "type": "md5", "uuid": "882d4195-ea03-4e33-a483-0781e9018498", "value": "ca269104f6c34b0a91864e96164538eb" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1690190990", "to_ids": true, "type": "sha1", "uuid": "462e70cd-4027-4a1c-80dc-696c5da1e488", "value": "d69420a636dacfbafaf01f7153692c197e9b6400" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1690190990", "to_ids": true, "type": "sha256", "uuid": "c7c1cd60-93f6-4fe8-891b-7e33711bf534", "value": "1a3d1a9b8f8509eace507cd5522e5374bd93d928d4484336694774f25fe8e77d" } ] }, { "comment": "CVE-2021-34527", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "15", "timestamp": "1690190990", "uuid": "431943d2-8653-4e7a-b1d5-1ee3608bc002", "Attribute": [ { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1690190990", "to_ids": true, "type": "filename", "uuid": "dfeba0a1-845e-4a75-86a2-554a3ba583bb", "value": "Step1-RunAsAdmin.bat", "Tag": [ { "colour": "#00714f", "local": false, "name": "cossi:fiabilite=\"Bonne\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1690190990", "to_ids": true, "type": "md5", "uuid": "07234877-15ec-4538-8578-89d5de47affb", "value": "ff16c8880303da1be3b5a5578f33268d" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1690190990", "to_ids": true, "type": "sha1", "uuid": "ae8c5ed4-4325-480d-b6e0-42588bf6694e", "value": "fae6068d4433b33751bf7de866d7f2900aa15139" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1690190990", "to_ids": true, "type": "sha256", "uuid": "6a24dac2-2f6f-4759-a319-55a3d177b62c", "value": "8fb0a409636a8e323c64d4252f1b29a9964bef3dae00f3a9c4829ec3ce531a9b" } ] }, { "comment": "CVE-2021-34527", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "15", "timestamp": "1690190990", "uuid": "ceefcbba-f494-4aee-9a96-fb1050861f42", "Attribute": [ { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1690190990", "to_ids": true, "type": "filename", "uuid": "0fa84298-6383-4f7b-bcab-c39a44ebccaa", "value": "LPE-Exploit-RunAsUser.bat", "Tag": [ { "colour": "#00714f", "local": false, "name": "cossi:fiabilite=\"Bonne\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1690190990", "to_ids": true, "type": "md5", "uuid": "cff4b3d6-0b69-4f3b-9487-d66ac1cfe057", "value": "c8b8b2918fdcb6e4a2ceeab6678e4857" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1690190990", "to_ids": true, "type": "sha1", "uuid": "5d29a080-2098-4cd9-9b73-c8d7cee4590c", "value": "e2a68116d52182f207c087f349e04e049982d431" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1690190990", "to_ids": true, "type": "sha256", "uuid": "c170558b-6840-4595-bfcf-c212a30c91b7", "value": "64132c2a98043d0cdb229590ee11604a6671eafa23260ead35eae4b8a4b32f1e" } ] }, { "comment": "PingCastle", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "15", "timestamp": "1690190990", "uuid": "09d31bb5-7cb4-45fb-9a4b-7d8f0c342049", "Attribute": [ { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1690190990", "to_ids": true, "type": "filename", "uuid": "0be83301-6db2-45f4-b9d1-cfbc1d495301", "value": "PingCastleAutoUpdater.exe", "Tag": [ { "colour": "#00714f", "local": false, "name": "cossi:fiabilite=\"Bonne\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1690190990", "to_ids": true, "type": "md5", "uuid": "38ee0ae5-25f6-4138-89ba-fa78be7e89dd", "value": "7b65edcac46d537e0348fb9eea6c0415" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1690190990", "to_ids": true, "type": "sha1", "uuid": "107b51b9-1d4e-4f6e-b63b-3f889c7e5359", "value": "536734aa6ec0f0b1ba8e43088edc6857eca42667" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1690190990", "to_ids": true, "type": "sha256", "uuid": "abec40aa-8e9c-4d75-a418-2fa6af5dc03d", "value": "783c6793a37792ac787dfb45005ca178506e56c9d9f33e8db0924b57a97c2530" } ] }, { "comment": "PingCastle", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "15", "timestamp": "1690190990", "uuid": "723a8352-27ec-48ae-b3c0-f7107b0f2f07", "Attribute": [ { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1690190990", "to_ids": true, "type": "filename", "uuid": "5e455cb4-c698-4c8b-91c9-8accad694088", "value": "PingCastle.exe", "Tag": [ { "colour": "#00714f", "local": false, "name": "cossi:fiabilite=\"Bonne\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1690190990", "to_ids": true, "type": "md5", "uuid": "9f4154d2-5af4-44ee-9069-33820a57a849", "value": "f296dba5d21ad18e6990b1992aea8f83" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1690190990", "to_ids": true, "type": "sha1", "uuid": "9757e217-6118-460a-898b-cf8b3c140b08", "value": "292629c6ab33bddf123d26328025e2d157d9e8fc" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1690190990", "to_ids": true, "type": "sha256", "uuid": "da25a6e7-7a6a-4bc2-915e-b9ee957e3265", "value": "606bd75ed9d2d6107ea7ee67063d1761a99f2fb5e932c8344d11395d24587dd6" } ] }, { "comment": "Softperfect Network Scanner", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "15", "timestamp": "1690190990", "uuid": "f5230c13-9a7f-4102-b69e-9ba4e5f4b363", "Attribute": [ { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1690190990", "to_ids": true, "type": "filename", "uuid": "86708b1d-9719-47b6-8310-12cc4144aa32", "value": "netscan.exe", "Tag": [ { "colour": "#00714f", "local": false, "name": "cossi:fiabilite=\"Bonne\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1690190990", "to_ids": true, "type": "md5", "uuid": "a0168d7e-8357-4e58-a8fa-5f1fef775b05", "value": "48675efb6a2eeaa9d320a4686afbf817" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1690190990", "to_ids": true, "type": "sha1", "uuid": "209a872a-6873-4123-89aa-b6c2db61a72d", "value": "eeaf29a71330db50cdd4630f8d9f1c2b6a34578c" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1690190990", "to_ids": true, "type": "sha256", "uuid": "03f25d0b-b417-4429-9cbc-71609880ff83", "value": "23800edb48ac2ebee86c6065e18b8de78050fb5a950072153ba35b010878605a" } ] }, { "comment": "SharpRoast", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "15", "timestamp": "1690190990", "uuid": "16011cc9-24d3-4c7b-9240-4ccec87c2c52", "Attribute": [ { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1690190990", "to_ids": true, "type": "filename", "uuid": "06880d5c-aab1-4663-a50e-dde8b772845e", "value": "sharproast.exe", "Tag": [ { "colour": "#00714f", "local": false, "name": "cossi:fiabilite=\"Bonne\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1690190990", "to_ids": true, "type": "md5", "uuid": "e1eea67e-5856-41a7-a8ac-6a2eec1cd730", "value": "0b10ebc463cfcf34e70541ccc6c72a2f" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1690190990", "to_ids": true, "type": "sha1", "uuid": "60aa2726-58cf-4d2b-ad0e-fe7b415c45c7", "value": "d65969088eb8f6098c33c5427a650e8576cdbfa6" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1690190990", "to_ids": true, "type": "sha256", "uuid": "7ff093b2-5f4b-4eee-860b-cfab3e2631fd", "value": "fc3e809348daa976f06c73a8937c6f06d74097ab85bc9511d5c782f99cdaf89d" } ] }, { "comment": "AccountRestore", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "15", "timestamp": "1690190990", "uuid": "e8366715-e637-4d69-b20d-c85477b79e90", "Attribute": [ { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1690190990", "to_ids": true, "type": "filename", "uuid": "9c12d0bf-6ffa-49c0-b3a7-67dc3eeae8ee", "value": "svchost.exe", "Tag": [ { "colour": "#00714f", "local": false, "name": "cossi:fiabilite=\"Bonne\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1690190990", "to_ids": true, "type": "md5", "uuid": "9cb8f9f2-232e-46ff-b93d-ca83d90a71f0", "value": "5a01695be573f95dfc0cf73ab6b5234d" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1690190990", "to_ids": true, "type": "sha1", "uuid": "a73edbac-b3cc-47be-a9cb-b4b8d46178e0", "value": "28400c267815762e49c200e8b481a592c67f9cf7" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1690190990", "to_ids": true, "type": "sha256", "uuid": "9aa7d9e5-b090-4fa3-a36b-0efff111e8fb", "value": "e97bdf7fafb1cb2a2bf0a4e14f51e18a34f3ff2f6f7b99731e93070d50801bef" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "15", "timestamp": "1690190990", "uuid": "7b8ba24c-8494-4e40-8c44-8cc526cb85f4", "Attribute": [ { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1690190990", "to_ids": true, "type": "filename", "uuid": "c3fbaf88-d786-4819-99c8-30350c8794b6", "value": "lpe.exe", "Tag": [ { "colour": "#00714f", "local": false, "name": "cossi:fiabilite=\"Bonne\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1690190990", "to_ids": true, "type": "md5", "uuid": "a9a305e3-9550-4f8e-8995-0fb305f50e0a", "value": "7ca83862e0aee14def2b9b0fe3ddc0af" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1690190990", "to_ids": true, "type": "sha1", "uuid": "f8d77c0a-6b8d-42f3-a47d-45ea983b5746", "value": "70ad1a42ce05404c00513989c949c83a94feca92" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1690190991", "to_ids": true, "type": "sha256", "uuid": "b03bb104-8a1a-44a4-9eec-20fe7bc6d03f", "value": "6d1526b3558193a906a2280aba2aaf8619e4a23c14eccbda12076ea2b4d45fe4" } ] }, { "comment": "CVE-2023-21746", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "15", "timestamp": "1690190991", "uuid": "f7d5e301-9025-4ce1-9dac-4079fe1a2cda", "Attribute": [ { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1690190991", "to_ids": true, "type": "filename", "uuid": "758ded49-b5b5-4ede-b1b7-5eaa97de4c43", "value": "LocalPotato.exe", "Tag": [ { "colour": "#00714f", "local": false, "name": "cossi:fiabilite=\"Bonne\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1690190991", "to_ids": true, "type": "md5", "uuid": "708c6932-df55-4bd6-b157-3b8d6f7c60b7", "value": "b6bd8ff194d22d83a123a3ad48edad62" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1690190991", "to_ids": true, "type": "sha1", "uuid": "54d46ae9-1e35-4425-9819-5cc34e7bfbf7", "value": "8291929d6f3ede6ec025c21d1559a7fe9d30a9ce" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1690190991", "to_ids": true, "type": "sha256", "uuid": "a8a4e8cb-12f0-44c7-8f6f-8a3547243347", "value": "3cc739bb1882fc9dbb056f39ebe4965771aeca0ceb44e85da39d1ba7dade693f" } ] }, { "comment": "CVE-2022-24521", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "15", "timestamp": "1690190991", "uuid": "1c5178e3-a6d5-459b-8de8-b3fd85a1dd16", "Attribute": [ { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1690190991", "to_ids": true, "type": "filename", "uuid": "c4b93eed-1943-4975-a98e-0a77ce4443f1", "value": "cleanlpe1day.exe", "Tag": [ { "colour": "#00714f", "local": false, "name": "cossi:fiabilite=\"Bonne\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1690190991", "to_ids": true, "type": "md5", "uuid": "7cfe3be1-2b75-4a17-9b59-192a71a02493", "value": "dd195ea82163e8c81623f69158dfe1f7" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1690190991", "to_ids": true, "type": "sha1", "uuid": "050c10c2-b94c-4f69-a1a2-fc214d5b555a", "value": "364a4d9ea6f88eec098b13728fce2c1ead94c48d" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1690190991", "to_ids": true, "type": "sha256", "uuid": "8a2f2073-5aa2-47b3-8de5-6e037a8a576d", "value": "43c3b5dbc18ebbc55c127d197255446d5f3e074fdac37f3e901b718acbe7c833" } ] }, { "comment": "Cobalt Strike", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "15", "timestamp": "1690190991", "uuid": "d1138338-ed52-498f-b369-929b3ba2c349", "Attribute": [ { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1690190991", "to_ids": true, "type": "filename", "uuid": "c5b241f0-1ef5-4e3f-97ca-ae7dcc4c4612", "value": "b64.exe", "Tag": [ { "colour": "#00714f", "local": false, "name": "cossi:fiabilite=\"Bonne\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1690190991", "to_ids": true, "type": "md5", "uuid": "f6c9e288-b231-4d09-8d8b-dafdf55462f7", "value": "67ec5412df73f462cbdedab3fff3d61e" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1690190991", "to_ids": true, "type": "sha1", "uuid": "5f9c3982-0835-4e70-a69c-b77c3d1b930f", "value": "9e2737994aa8bf0d6900e5369d51978adc4c02f9" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1690190991", "to_ids": true, "type": "sha256", "uuid": "e7b43f48-d49e-4ab0-8b12-148a11705f09", "value": "5d732d9e5912fa7fafc7136a923d574d4e70c15db3f0c8dfbabc195d3660d4d9" } ] }, { "comment": "SystemBC", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "15", "timestamp": "1690190991", "uuid": "f11692e1-d32d-4b3f-8cd1-2b99c04b72f6", "Attribute": [ { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1690190991", "to_ids": true, "type": "filename", "uuid": "5e0d85fe-38b8-4a60-ba74-6085bc4f70ba", "value": "host.dll", "Tag": [ { "colour": "#00714f", "local": false, "name": "cossi:fiabilite=\"Bonne\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1690190991", "to_ids": true, "type": "md5", "uuid": "7cd8d6f8-153f-44cb-94f5-7d6f41871d56", "value": "96b18876c85fcdd4c215965a434fb8d3" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1690190991", "to_ids": true, "type": "sha1", "uuid": "4fa13b26-ce45-4465-ada6-96bb8c8c8936", "value": "8a0743f17110dc945007f08f3e63da166a3937dc" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1690190991", "to_ids": true, "type": "sha256", "uuid": "2ac13d19-4701-4236-8991-da2ad629c9d2", "value": "b53f5c33afb3b901e45b50077980345dcbeaebaa05d3cf2e3926d06592c263c6" } ] } ] } }