{ "Event": { "Attribute": [ { "Galaxy": [], "ShadowAttribute": [], "Tag": [ { "colour": "#00af7a", "exportable": true, "hide_tag": false, "id": "705", "name": "DescriptionTechnique", "numerical_value": null, "user_id": "0" } ], "category": "Other", "comment": "", "deleted": false, "disable_correlation": false, "distribution": "5", "event_id": "16195", "id": "1250633", "object_id": "0", "object_relation": null, "sharing_group_id": "0", "timestamp": "1646218835", "to_ids": true, "type": "comment", "uuid": "8ff8162a-1965-4bfb-bc15-d49b47d66c4d", "value": "Marqueurs issus d'un blog post pr\u00e9sentant un maliciel destructeur, IsaacWiper, ainsi qu'un m\u00e9canisme de propagation utilis\u00e9 par HermeticWiper utilisant notamment du WMI et du SMB." } ], "Galaxy": [], "Object": [ { "Attribute": [ { "Galaxy": [], "ShadowAttribute": [], "Tag": [], "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "distribution": "5", "event_id": "16195", "id": "1250635", "object_id": "80985", "object_relation": "sha1", "sharing_group_id": "0", "timestamp": "1646218835", "to_ids": true, "type": "sha1", "uuid": "bf214b29-e720-4658-9ea1-10ffc6ecf7ba", "value": "3c54c9a49a8ddca02189fe15fea52fe24f41a86f" }, { "Galaxy": [], "ShadowAttribute": [], "Tag": [], "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "distribution": "5", "event_id": "16195", "id": "1250636", "object_id": "80985", "object_relation": "filename", "sharing_group_id": "0", "timestamp": "1646218835", "to_ids": true, "type": "filename", "uuid": "eff74508-bc1f-4d7b-9a67-d43c4afb66e4", "value": "c9EEAF78C9A12.dat" } ], "ObjectReference": [], "comment": "HermeticWizard", "deleted": false, "description": "File object describing a file with meta-information", "distribution": "5", "event_id": "16195", "id": "80985", "meta-category": "file", "name": "file", "sharing_group_id": "0", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "15", "timestamp": "1646218835", "uuid": "3d6dc0a1-13a0-4271-83e2-8a7f772feb8a" }, { "Attribute": [ { "Galaxy": [], "ShadowAttribute": [], "Tag": [], "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "distribution": "5", "event_id": "16195", "id": "1250637", "object_id": "80986", "object_relation": "sha1", "sharing_group_id": "0", "timestamp": "1646218836", "to_ids": true, "type": "sha1", "uuid": "d16c5377-af31-4925-af75-2a2864d7eadc", "value": "ad602039c6f0237d4a997d5640e92ce5e2b3bba3" }, { "Galaxy": [], "ShadowAttribute": [], "Tag": [], "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "distribution": "5", "event_id": "16195", "id": "1250638", "object_id": "80986", "object_relation": "filename", "sharing_group_id": "0", "timestamp": "1646218836", "to_ids": true, "type": "filename", "uuid": "2d9cd875-84b1-4aef-86ff-8a7800388390", "value": "cl64.dll" } ], "ObjectReference": [], "comment": "IsaacWiper", "deleted": false, "description": "File object describing a file with meta-information", "distribution": "5", "event_id": "16195", "id": "80986", "meta-category": "file", "name": "file", "sharing_group_id": "0", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "15", "timestamp": "1646218835", "uuid": "e1aa2325-e0e4-46b3-ab9e-970f7e5913c7" }, { "Attribute": [ { "Galaxy": [], "ShadowAttribute": [], "Tag": [], "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "distribution": "5", "event_id": "16195", "id": "1250639", "object_id": "80987", "object_relation": "sha1", "sharing_group_id": "0", "timestamp": "1646218836", "to_ids": true, "type": "sha1", "uuid": "da31c834-8652-4b2a-a605-eb46acc8d980", "value": "736a4cfad1ed83a6a0b75b0474d5e01a3a36f950" }, { "Galaxy": [], "ShadowAttribute": [], "Tag": [], "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "distribution": "5", "event_id": "16195", "id": "1250640", "object_id": "80987", "object_relation": "filename", "sharing_group_id": "0", "timestamp": "1646218836", "to_ids": true, "type": "filename", "uuid": "b7a75870-4d7c-4ce2-b4a0-8055cc9070ec", "value": "cld.dll" } ], "ObjectReference": [], "comment": "IsaacWiper", "deleted": false, "description": "File object describing a file with meta-information", "distribution": "5", "event_id": "16195", "id": "80987", "meta-category": "file", "name": "file", "sharing_group_id": "0", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "15", "timestamp": "1646218836", "uuid": "4a2b5c85-f132-4cb3-8416-657cfe948d39" }, { "Attribute": [ { "Galaxy": [], "ShadowAttribute": [], "Tag": [], "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "distribution": "5", "event_id": "16195", "id": "1250641", "object_id": "80988", "object_relation": "sha1", "sharing_group_id": "0", "timestamp": "1646218836", "to_ids": true, "type": "sha1", "uuid": "ab5ccfbc-94be-429b-81bc-7e72472a3abd", "value": "e9b96e9b86fad28d950ca428879168e0894d854f" }, { "Galaxy": [], "ShadowAttribute": [], "Tag": [], "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "distribution": "5", "event_id": "16195", "id": "1250642", "object_id": "80988", "object_relation": "filename", "sharing_group_id": "0", "timestamp": "1646218836", "to_ids": true, "type": "filename", "uuid": "eb61c1dc-6966-4538-adc5-5c7d999e62e2", "value": "clean.exe" } ], "ObjectReference": [], "comment": "IsaacWiper", "deleted": false, "description": "File object describing a file with meta-information", "distribution": "5", "event_id": "16195", "id": "80988", "meta-category": "file", "name": "file", "sharing_group_id": "0", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "15", "timestamp": "1646218836", "uuid": "b14c46e5-412f-4630-99b6-4c69e850267d" }, { "Attribute": [ { "Galaxy": [], "ShadowAttribute": [], "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "distribution": "5", "event_id": "16195", "id": "1250643", "object_id": "80989", "object_relation": "filename", "sharing_group_id": "0", "timestamp": "1646218937", "to_ids": true, "type": "filename", "uuid": "50743f35-c60e-4ff2-b6d7-9d8401f1c3e0", "value": "cc2.exe" }, { "Galaxy": [], "ShadowAttribute": [], "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "distribution": "5", "event_id": "16195", "id": "1250644", "object_id": "80989", "object_relation": "size-in-bytes", "sharing_group_id": "0", "timestamp": "1646218884", "to_ids": false, "type": "size-in-bytes", "uuid": "3b12b2b7-74c6-430f-9e26-88eee1bab178", "value": "3295232" }, { "Galaxy": [], "ShadowAttribute": [], "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "distribution": "5", "event_id": "16195", "id": "1250645", "object_id": "80989", "object_relation": "entropy", "sharing_group_id": "0", "timestamp": "1646218884", "to_ids": false, "type": "float", "uuid": "2305d8d6-d8fb-4b95-89b8-36e15271f952", "value": "5.9679556846481" }, { "Galaxy": [], "ShadowAttribute": [], "Tag": [], "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "distribution": "5", "event_id": "16195", "id": "1250646", "object_id": "80989", "object_relation": "md5", "sharing_group_id": "0", "timestamp": "1646218884", "to_ids": true, "type": "md5", "uuid": "42b6f944-fd1c-428c-bc34-ad11d8a11621", "value": "d5d2c4ac6c724cd63b69ca054713e278" }, { "Galaxy": [], "ShadowAttribute": [], "Tag": [], "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "distribution": "5", "event_id": "16195", "id": "1250647", "object_id": "80989", "object_relation": "sha1", "sharing_group_id": "0", "timestamp": "1646218884", "to_ids": true, "type": "sha1", "uuid": "b1eb340c-4a14-458b-b4e8-ec02a6fcee53", "value": "f32d791ec9e6385a91b45942c230f52aff1626df" }, { "Galaxy": [], "ShadowAttribute": [], "Tag": [], "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "distribution": "5", "event_id": "16195", "id": "1250648", "object_id": "80989", "object_relation": "sha256", "sharing_group_id": "0", "timestamp": "1646218884", "to_ids": true, "type": "sha256", "uuid": "4ca9b4f9-995b-433a-80c9-fe6e28b3bf99", "value": "4dc13bb83a16d4ff9865a51b3e4d24112327c526c1392e14d56f20d6f4eaf382" }, { "Galaxy": [], "ShadowAttribute": [], "Tag": [], "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "distribution": "5", "event_id": "16195", "id": "1250649", "object_id": "80989", "object_relation": "sha512", "sharing_group_id": "0", "timestamp": "1646218884", "to_ids": true, "type": "sha512", "uuid": "0fa5805b-e6a0-48a5-be4a-a3d6f8ac7397", "value": "9c2e86ff9da4e8b8e7caa62cd298f5725a459151dc655845fe614bf33639ed975850b3e9ae204d8a9d145a86214c35a486c06787a7ad8a88a85d121d3ee50c91" }, { "Galaxy": [], "ShadowAttribute": [], "Tag": [], "category": "Artifacts dropped", "comment": "", "deleted": false, "disable_correlation": true, "distribution": "5", "event_id": "16195", "id": "1250650", "object_id": "80989", "object_relation": "mimetype", "sharing_group_id": "0", "timestamp": "1646218884", "to_ids": false, "type": "mime-type", "uuid": "82390b03-78ef-47fb-9143-d098c2604f98", "value": "PE32+ executable (console) x86-64 (stripped to external PDB), for MS Windows" } ], "ObjectReference": [], "comment": "HermeticRansom", "deleted": false, "description": "File object describing a file with meta-information", "distribution": "5", "event_id": "16195", "id": "80989", "meta-category": "file", "name": "file", "sharing_group_id": "0", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "15", "timestamp": "1646218883", "uuid": "20e73d21-8aed-43e2-b5bb-1fb549206762" }, { "Attribute": [ { "Galaxy": [], "ShadowAttribute": [], "Tag": [], "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "distribution": "5", "event_id": "16195", "id": "1250651", "object_id": "80990", "object_relation": "filename", "sharing_group_id": "0", "timestamp": "1646218945", "to_ids": true, "type": "filename", "uuid": "08738c9f-c9c7-469e-8284-e52b97187ede", "value": "conhosts.exe" }, { "Galaxy": [], "ShadowAttribute": [], "Tag": [], "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "distribution": "5", "event_id": "16195", "id": "1250652", "object_id": "80990", "object_relation": "size-in-bytes", "sharing_group_id": "0", "timestamp": "1646218885", "to_ids": false, "type": "size-in-bytes", "uuid": "96909c29-eccb-4dfc-85f0-d20552fb7102", "value": "117000" }, { "Galaxy": [], "ShadowAttribute": [], "Tag": [], "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "distribution": "5", "event_id": "16195", "id": "1250653", "object_id": "80990", "object_relation": "entropy", "sharing_group_id": "0", "timestamp": "1646218885", "to_ids": false, "type": "float", "uuid": "2de25a3e-492f-479d-a25a-a5f03a6458a9", "value": "6.3853905802374" }, { "Galaxy": [], "ShadowAttribute": [], "Tag": [], "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "distribution": "5", "event_id": "16195", "id": "1250654", "object_id": "80990", "object_relation": "md5", "sharing_group_id": "0", "timestamp": "1646218885", "to_ids": true, "type": "md5", "uuid": "a15cc3f6-3950-43ab-ad74-ee43ff4e02e5", "value": "3f4a16b29f2f0532b7ce3e7656799125" }, { "Galaxy": [], "ShadowAttribute": [], "Tag": [], "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "distribution": "5", "event_id": "16195", "id": "1250655", "object_id": "80990", "object_relation": "sha1", "sharing_group_id": "0", "timestamp": "1646218885", "to_ids": true, "type": "sha1", "uuid": "fe83632b-d138-45d8-820b-27283d887fa9", "value": "61b25d11392172e587d8da3045812a66c3385451" }, { "Galaxy": [], "ShadowAttribute": [], "Tag": [], "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "distribution": "5", "event_id": "16195", "id": "1250656", "object_id": "80990", "object_relation": "sha256", "sharing_group_id": "0", "timestamp": "1646218885", "to_ids": true, "type": "sha256", "uuid": "567d67ab-aa98-47f1-8c6f-379b4540f3db", "value": "1bc44eef75779e3ca1eefb8ff5a64807dbc942b1e4a2672d77b9f6928d292591" }, { "Galaxy": [], "ShadowAttribute": [], "Tag": [], "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "distribution": "5", "event_id": "16195", "id": "1250657", "object_id": "80990", "object_relation": "sha512", "sharing_group_id": "0", "timestamp": "1646218885", "to_ids": true, "type": "sha512", "uuid": "5aeda0d8-83ca-4ad2-a6d6-d5997d6c2b5b", "value": "32acaceda42128ef9e0a9f36ee2678d2fc296fda2df38629eb223939c8a9352b3bb2b7021bb84e9f223a4a26df57b528a711447b1451213a013fe00f9b971d80" }, { "Galaxy": [], "ShadowAttribute": [], "Tag": [], "category": "Artifacts dropped", "comment": "", "deleted": false, "disable_correlation": true, "distribution": "5", "event_id": "16195", "id": "1250658", "object_id": "80990", "object_relation": "mimetype", "sharing_group_id": "0", "timestamp": "1646218885", "to_ids": false, "type": "mime-type", "uuid": "3d8f6a4f-69c7-4f0d-8105-ba6e46ee8d26", "value": "PE32 executable (GUI) Intel 80386, for MS Windows" } ], "ObjectReference": [], "comment": "HermeticWiper", "deleted": false, "description": "File object describing a file with meta-information", "distribution": "5", "event_id": "16195", "id": "80990", "meta-category": "file", "name": "file", "sharing_group_id": "0", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "15", "timestamp": "1646218885", "uuid": "e0bfa427-7b38-41bb-ae0a-80e4825e1f0e" }, { "Attribute": [ { "Galaxy": [], "ShadowAttribute": [], "Tag": [], "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "distribution": "5", "event_id": "16195", "id": "1250659", "object_id": "80991", "object_relation": "filename", "sharing_group_id": "0", "timestamp": "1646218954", "to_ids": true, "type": "filename", "uuid": "c75fb0c7-8c9a-4db1-a4da-c368152fc84a", "value": "com.exe" }, { "Galaxy": [], "ShadowAttribute": [], "Tag": [], "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "distribution": "5", "event_id": "16195", "id": "1250660", "object_id": "80991", "object_relation": "size-in-bytes", "sharing_group_id": "0", "timestamp": "1646218886", "to_ids": false, "type": "size-in-bytes", "uuid": "2f785669-b877-485d-b6bd-154b8794ee7f", "value": "117000" }, { "Galaxy": [], "ShadowAttribute": [], "Tag": [], "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "distribution": "5", "event_id": "16195", "id": "1250661", "object_id": "80991", "object_relation": "entropy", "sharing_group_id": "0", "timestamp": "1646218886", "to_ids": false, "type": "float", "uuid": "7d4d4d09-4d93-4e6a-9cb1-eb67d6f87426", "value": "6.3817850700557" }, { "Galaxy": [], "ShadowAttribute": [], "Tag": [], "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "distribution": "5", "event_id": "16195", "id": "1250662", "object_id": "80991", "object_relation": "md5", "sharing_group_id": "0", "timestamp": "1646218886", "to_ids": true, "type": "md5", "uuid": "c1cca7db-ac97-443d-a327-463e895589ca", "value": "84ba0197920fd3e2b7dfa719fee09d2f" }, { "Galaxy": [], "ShadowAttribute": [], "Tag": [], "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "distribution": "5", "event_id": "16195", "id": "1250663", "object_id": "80991", "object_relation": "sha1", "sharing_group_id": "0", "timestamp": "1646218886", "to_ids": true, "type": "sha1", "uuid": "2b33d285-5b76-4a80-96f0-8d7f7dfaef5f", "value": "912342f1c840a42f6b74132f8a7c4ffe7d40fb77" }, { "Galaxy": [], "ShadowAttribute": [], "Tag": [], "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "distribution": "5", "event_id": "16195", "id": "1250664", "object_id": "80991", "object_relation": "sha256", "sharing_group_id": "0", "timestamp": "1646218886", "to_ids": true, "type": "sha256", "uuid": "5d1c54ff-f680-481c-9dc7-d299743743e5", "value": "0385eeab00e946a302b24a91dea4187c1210597b8e17cd9e2230450f5ece21da" }, { "Galaxy": [], "ShadowAttribute": [], "Tag": [], "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "distribution": "5", "event_id": "16195", "id": "1250665", "object_id": "80991", "object_relation": "sha512", "sharing_group_id": "0", "timestamp": "1646218886", "to_ids": true, "type": "sha512", "uuid": "72d5872f-399b-44fd-a158-c2b2bf694ad8", "value": "bbd4f0263abc71311404c55cb3e4711b707a71e28dcc1f08abd533a4c7f151db9cc40697105d76f1c978000e8fa7aa219adb65b31fb196b08f1ae003e04b9d23" }, { "Galaxy": [], "ShadowAttribute": [], "Tag": [], "category": "Artifacts dropped", "comment": "", "deleted": false, "disable_correlation": true, "distribution": "5", "event_id": "16195", "id": "1250666", "object_id": "80991", "object_relation": "mimetype", "sharing_group_id": "0", "timestamp": "1646218886", "to_ids": false, "type": "mime-type", "uuid": "26ef0810-4b94-427b-961f-b7bfd599861c", "value": "PE32 executable (GUI) Intel 80386, for MS Windows" } ], "ObjectReference": [], "comment": "HermeticWiper", "deleted": false, "description": "File object describing a file with meta-information", "distribution": "5", "event_id": "16195", "id": "80991", "meta-category": "file", "name": "file", "sharing_group_id": "0", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "15", "timestamp": "1646218886", "uuid": "710d4708-ecbb-4073-a348-9a1824802410" }, { "Attribute": [ { "Galaxy": [], "ShadowAttribute": [], "Tag": [], "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "distribution": "5", "event_id": "16195", "id": "1250667", "object_id": "80992", "object_relation": "filename", "sharing_group_id": "0", "timestamp": "1646218962", "to_ids": true, "type": "filename", "uuid": "a433d4ab-0a79-46ae-a103-8db64b298bfb", "value": "XqoYMlBX.exe" }, { "Galaxy": [], "ShadowAttribute": [], "Tag": [], "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "distribution": "5", "event_id": "16195", "id": "1250668", "object_id": "80992", "object_relation": "size-in-bytes", "sharing_group_id": "0", "timestamp": "1646218888", "to_ids": false, "type": "size-in-bytes", "uuid": "e70005b0-4b1f-47da-a3ab-37b54463e26e", "value": "56320" }, { "Galaxy": [], "ShadowAttribute": [], "Tag": [], "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "distribution": "5", "event_id": "16195", "id": "1250669", "object_id": "80992", "object_relation": "entropy", "sharing_group_id": "0", "timestamp": "1646218888", "to_ids": false, "type": "float", "uuid": "0e3aff89-906b-4529-9fe3-c549b6e22098", "value": "6.2650543077112" }, { "Galaxy": [], "ShadowAttribute": [], "Tag": [], "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "distribution": "5", "event_id": "16195", "id": "1250670", "object_id": "80992", "object_relation": "md5", "sharing_group_id": "0", "timestamp": "1646218888", "to_ids": true, "type": "md5", "uuid": "1f2fba04-ba42-4353-b288-02ef713162c9", "value": "6983f7001de10f4d19fc2d794c3eb534" }, { "Galaxy": [], "ShadowAttribute": [], "Tag": [], "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "distribution": "5", "event_id": "16195", "id": "1250671", "object_id": "80992", "object_relation": "sha1", "sharing_group_id": "0", "timestamp": "1646218888", "to_ids": true, "type": "sha1", "uuid": "8119aebc-3e6b-4f5f-96b8-7c99ff58649b", "value": "23873bf2670cf64c2440058130548d4e4da412dd" }, { "Galaxy": [], "ShadowAttribute": [], "Tag": [], "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "distribution": "5", "event_id": "16195", "id": "1250672", "object_id": "80992", "object_relation": "sha256", "sharing_group_id": "0", "timestamp": "1646218888", "to_ids": true, "type": "sha256", "uuid": "f8f2570d-ee10-4ad9-887d-3464f8a23670", "value": "3c2fe308c0a563e06263bbacf793bbe9b2259d795fcc36b953793a7e499e7f71" }, { "Galaxy": [], "ShadowAttribute": [], "Tag": [], "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "distribution": "5", "event_id": "16195", "id": "1250673", "object_id": "80992", "object_relation": "sha512", "sharing_group_id": "0", "timestamp": "1646218888", "to_ids": true, "type": "sha512", "uuid": "6c3f15ff-b4ff-423d-8d78-abf4cf5c2069", "value": "0b04be07d5b3a6b9526a4ae8050861d260bd5334b5320a6d7e6d0f7016199c98d82e5e520fe489e13b0db5146579037c24a22ae6674e9e7b6749b9bf90ad02aa" }, { "Galaxy": [], "ShadowAttribute": [], "Tag": [], "category": "Artifacts dropped", "comment": "", "deleted": false, "disable_correlation": true, "distribution": "5", "event_id": "16195", "id": "1250674", "object_id": "80992", "object_relation": "mimetype", "sharing_group_id": "0", "timestamp": "1646218888", "to_ids": false, "type": "mime-type", "uuid": "e0a40612-bc54-4c73-a950-e1200bbf87a5", "value": "PE32 executable (console) Intel 80386, for MS Windows" } ], "ObjectReference": [], "comment": "Legitimate RemCom remote access tool", "deleted": false, "description": "File object describing a file with meta-information", "distribution": "5", "event_id": "16195", "id": "80992", "meta-category": "file", "name": "file", "sharing_group_id": "0", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "15", "timestamp": "1646218888", "uuid": "d26acfcb-6054-44d8-a31d-17e9551336b9" } ], "Org": { "id": "1", "name": "CERT-FR", "uuid": "56bdf779-46f8-4353-bdf9-2bb95bce2212" }, "Orgc": { "id": "1", "name": "CERT-FR", "uuid": "56bdf779-46f8-4353-bdf9-2bb95bce2212" }, "RelatedEvent": [], "ShadowAttribute": [], "Tag": [ { "colour": "#f89595", "exportable": true, "hide_tag": false, "id": "40", "name": "fr-classif:non-classifiees=\"NON-CLASSIFIEES\"", "numerical_value": null, "user_id": "0" }, { "colour": "#ffffff", "exportable": true, "hide_tag": false, "id": "482", "name": "cossi:TLP=\"white\"", "numerical_value": null, "user_id": "0" }, { "colour": "#008f64", "exportable": true, "hide_tag": false, "id": "456", "name": "cossi:RechercheSourceOuverte=\"Autorisee\"", "numerical_value": null, "user_id": "0" } ], "analysis": "0", "date": "2022-03-02", "disable_correlation": false, "distribution": "0", "extends_uuid": "", "id": "16195", "info": "[ESET] IsaacWiper and HermeticWizard: New wiper and worm targeting Ukraine", "locked": false, "org_id": "1", "orgc_id": "1", "proposal_email_lock": false, "publish_timestamp": "0", "published": false, "sharing_group_id": "0", "threat_level_id": "4", "timestamp": "1646218962", "uuid": "621f4e53-cd54-4194-8d8f-4a6e0abe1822" } }