adulau/misp-circl-feed
1
0
Fork 0
Code Issues 1 Pull requests Projects 1 Releases Packages Wiki Activity Actions
misp-circl-feed/feeds/circl/misp/5aaa8a97-0cac-48bd-877a-41b5950d210f.json

9394 lines
631 KiB
JSON
Raw Permalink Normal View History

chg: [feed] added
2023-04-21 13:25:09 +00:00
{
chg: [gen] updated
2023-12-14 14:30:15 +00:00
"Event": {
"analysis": "2",
"date": "2018-03-15",
"extends_uuid": "",
"info": "OSINT - Alert (TA18-074A) Russian Government Cyber Activity Targeting Energy and Other Critical Infrastructure Sectors",
"publish_timestamp": "1521576487",
"published": true,
"threat_level_id": "3",
"timestamp": "1521576479",
"uuid": "5aaa8a97-0cac-48bd-877a-41b5950d210f",
"Orgc": {
"name": "CIRCL",
"uuid": "55f6ea5e-2c60-40e5-964f-47a8950d210f"
},
"Tag": [
{
"colour": "#ffffff",
chg: [feed] updated
2024-04-05 12:15:17 +00:00
"local": false,
chg: [gen] updated
2023-12-14 14:30:15 +00:00
"name": "tlp:white",
"relationship_type": ""
},
{
"colour": "#002b4a",
chg: [feed] updated
2024-04-05 12:15:17 +00:00
"local": false,
chg: [gen] updated
2023-12-14 14:30:15 +00:00
"name": "osint:source-type=\"technical-report\"",
"relationship_type": ""
}
],
"Attribute": [
{
"category": "External analysis",
"comment": "",
"deleted": false,
"disable_correlation": false,
"timestamp": "1521571791",
"to_ids": false,
"type": "link",
"uuid": "5aaa8b2c-9870-4e66-8b85-42df950d210f",
"value": "https://www.us-cert.gov/ncas/alerts/TA18-074A",
"Tag": [
{
"colour": "#002b4a",
chg: [feed] updated
2024-04-05 12:15:17 +00:00
"local": false,
chg: [gen] updated
2023-12-14 14:30:15 +00:00
"name": "osint:source-type=\"technical-report\"",
"relationship_type": ""
}
]
},
{
"category": "Network activity",
"comment": "",
"deleted": false,
"disable_correlation": false,
"timestamp": "1521571791",
"to_ids": true,
"type": "ip-dst",
"uuid": "5aab8032-4d74-4135-881e-4dd3950d210f",
"value": "187.130.251.249"
},
{
"category": "Network activity",
"comment": "",
"deleted": false,
"disable_correlation": false,
"timestamp": "1521571792",
"to_ids": true,
"type": "ip-dst",
"uuid": "5aab8032-65bc-4a14-bd0d-4706950d210f",
"value": "184.154.150.66"
},
{
"category": "Network activity",
"comment": "",
"deleted": false,
"disable_correlation": false,
"timestamp": "1521571792",
"to_ids": true,
"type": "ip-dst",
"uuid": "5aab8032-2648-489a-b335-4a84950d210f",
"value": "2.229.10.193"
},
{
"category": "Network activity",
"comment": "",
"deleted": false,
"disable_correlation": false,
"timestamp": "1521571793",
"to_ids": true,
"type": "ip-dst",
"uuid": "5aab8033-dce8-4863-a177-44a5950d210f",
"value": "41.78.157.34"
},
{
"category": "Network activity",
"comment": "",
"deleted": false,
"disable_correlation": false,
"timestamp": "1521571793",
"to_ids": true,
"type": "ip-dst",
"uuid": "5aab8033-99c0-44a2-ad2e-4965950d210f",
"value": "176.53.11.130"
},
{
"category": "Network activity",
"comment": "",
"deleted": false,
"disable_correlation": false,
"timestamp": "1521571794",
"to_ids": true,
"type": "ip-dst",
"uuid": "5aab8034-c1e0-406f-914b-4829950d210f",
"value": "82.222.188.18"
},
{
"category": "Network activity",
"comment": "",
"deleted": false,
"disable_correlation": false,
"timestamp": "1521571794",
"to_ids": true,
"type": "ip-dst",
"uuid": "5aab8034-2124-459a-9f15-41e3950d210f",
"value": "130.25.10.158"
},
{
"category": "Network activity",
"comment": "",
"deleted": false,
"disable_correlation": false,
"timestamp": "1521571795",
"to_ids": true,
"type": "ip-dst",
"uuid": "5aab8034-583c-4daf-afdf-4ce4950d210f",
"value": "41.205.61.221"
},
{
"category": "Network activity",
"comment": "",
"deleted": false,
"disable_correlation": false,
"timestamp": "1521571795",
"to_ids": true,
"type": "ip-dst",
"uuid": "5aab8035-5834-4055-9ecd-4604950d210f",
"value": "5.150.143.107"
},
{
"category": "Network activity",
"comment": "",
"deleted": false,
"disable_correlation": false,
"timestamp": "1521571796",
"to_ids": true,
"type": "ip-dst",
"uuid": "5aab8035-0e5c-4488-bdfd-4eed950d210f",
"value": "193.213.49.115"
},
{
"category": "Network activity",
"comment": "",
"deleted": false,
"disable_correlation": false,
"timestamp": "1521571796",
"to_ids": true,
"type": "ip-dst",
"uuid": "5aab8036-1270-45b5-8a8a-4b09950d210f",
"value": "195.87.199.197"
},
{
"category": "Network activity",
"comment": "",
"deleted": false,
"disable_correlation": false,
"timestamp": "1521571797",
"to_ids": true,
"type": "ip-dst",
"uuid": "5aab8036-0898-4514-87cb-4dec950d210f",
"value": "167.114.44.147"
},
{
"category": "Network activity",
"comment": "",
"deleted": false,
"disable_correlation": false,
"timestamp": "1521571797",
"to_ids": true,
"type": "ip-dst",
"uuid": "5aab8036-1c10-4eb6-a9c5-4ed2950d210f",
"value": "5.153.58.45"
},
{
"category": "External analysis",
"comment": "Svcsrv.bat_screenshot.png",
"data": "iVBORw0KGgoAAAANSUhEUgAAAlgAAAC/CAYAAAAiuKLPAAAABHNCSVQICAgIfAhkiAAAIABJREFUeJzMvXWclNXbwP29e3JnZme76C5FSkUJARUxsAuxO7BFAbswsBMTFQvjUX52YP3sTjp22d6dzjveP2Z3mR12kXie932vz2c5c99z4jrXufqcMwiTZ19rffXV15imSkoHTXWRTOlIioJhGSBYIJiACYhgyYDUVuqIQhKBNDsNlrTzbQFLsHapvWiZ3X2T8yzkDCyCYLaNn91HTjsrp12n79vaC13gYOWO3w0eW+GZ21cOfXLGEs3uxvm/B0sAQxByptSGT8f820sh5317J+ZWFNgBDEDQ2Zpm2ePmNtny3hREEIS2umZGVizaPrf3aea0y56fiYiJkMWDQu56dbTaGkdDAEMQu0W1M7TjkT0XkCyRnRUhCwGQsRAx29ewK14GaJuj1DZWZkwx87eVjGzn+G2yY3U35r+AYJkIGF3Sdgvk8lv2+gvogrx1nR2CHHnsBhehCz1lCSJYYoYPdxZyadddX+3jt5eCiWhl+DWbf6yt9FMWrlu9FBFNiZ2lnyWYIKS7XP+teVrc6n1G/7C1St1uMBEtCwGzo1+xjT+yu7Ta3hjtKkwAU6CtrY7QblthG3q/DbL0ioWMgQa021BrS52OeebwV7f6q+v6Wyaxo0ri32VSREfAQEBnZ+YPIhZyJ/3Rrj9z5ajdSuTyZ5d8uZ0gWiaKaWCTYry7fAmVxRpGLIBdVbCSGR9J3oKY2Yn42zlEG9K7IuC7ZuDNnVSuAKK1DQJv0zGiA28rWzgyX3RZb0u/Yk5Vky5dBKEbqd9qjbaXIbeuL1rdK8T/N2DXXGNod2rM7RDmbUNXNOyGrl3yi9n5847wpCV2ZrVuHP7u3Uhh+wjZDZ/v2vqLHUOLFlucrO0GMzP3XUAhE97snA4RhUwP5jbplyv3W5DdJb33/1ew2Ho9uqGPKYBkdg4JutOnXes4EAQLMHYC0XYHq+u+xa3mIHaM2fGqDbNdAyHDB239mm0fxByadRh4oW1EK2O7RMQ2RNrx216eEv8P+G9XabGjIAJG2zx2fP7Qpr+y27Tpz1yeaNdzW/GnJe6E3spAptm2eVfedvTWVa9mm/PRPhF52/X/FXa1/c4zhSmQWZBsg7iVIOZmUroAwdwOxyenX6stctheY/yvGa0OU7cFp0545I5jtkW+/18aieyouDtHt5s2iJkvhRQIO6egM9mTtgj6X4OLLqSwO0PUTfTY1fgZ4c51urenbRfjdgk5mauuFP8uODhie8bu38bvAizBxBKMXQiSREDZjrXrBjMBsEDcKorvArY5xv+eYWo3DLl6OdcwdJXR2iWwxK1VCVnP3TgsxlYGcTvXQsgQ35BSXQy4vdC+bluPaeauVye92/7O6ghydw6yjHN7Bqs9S7WVgW/jt5xsvQkgSDvAw9IW3W5lzz07NSfm1NkCXTsT2fYvp69uIde+dNFXFnTnZxiCRGZHbCfmD207aVkgdC0/3Tn4u2L/2nNl2wJZsDKpLqst1dmOWNfbBu3bhDlYCvIWIdzRMnvrp91R2ZGSXdlibBMwgRzHSszBU8h6zh6/nVtzjdS22ufW307r1iHI2eOTM042U0lbtqw64Z07X3H7cegWrIziEnawRAT0XRtatHLmtYOloZChVftUuuKzbtp30NzK+tz+t53QzkP/q3xNlqLMTf+LZLY22rYIyN2i3ZExMvmjDimw2ma+A/2Z4g5m/DqBCGabHO6M/mgz0GaXAVIOdJLXbCb4fzvqz0C7w7Wz0XfXnW5PpQz/dAo8u8q2b5P+bXXaA6NdWf9OTgZbHKhO8syWuXUyqjsoq93h0O5kWlm9tY0vWgJmh75r45tOelClg57bq7c6cO/CudohyNZvnTr/X4Zt0bjdQdqF+bfjn0Xnbh2qTvX4F72/7dIU/l3+ZKHNsersM5l0S2yrbWPAys6AmFlCsyNljlOzw2WuI7ODZTbe2QucbXS28nJzM1pWF/1uqz2d8f5XxjI7P29Fhxya5s4vd9zs+kBHBmenoV1JiTteCl057N1BW6WOCLR97doctZ3iv7boqav1+Dc6t+PQaX8k9/vsL7sy4tm4Z5Wdqmxjbaysv1wjlbP+Yse/mTGFDj7tOgOwfZDjUO6gsc9sD+YGJzvcwZY57Kj+ADqc2e3FYStF2310/n8BXW+H7sL4W/FkN311ktFsnukiENgu+reNJYi5ne8AtK19pz32HH3aVYY2O5i22vXRzgzf7lzlGustVcwO+5il7zrm3Q5d0TBXpnLWyWrL5FjdOPnbu66dMlG7wsed2+bKhNCFPWo/Q4iws/PPHjvXrnQHuQEC28mvXZTWv++cyJlDthknK9PSzMpebXm3Bb22DBfCTp67yIZsA2vuZJlloHe07PQ5q7+tcuLd4Nlpi4uc9u3QRr9sRsmuL/wb/jn1t5p/bv2c9+2LKXTxfacIYCdKsp47BGIHyraDk12a9048mF1rixdjApgyiO2CuqMZjG3R79/o3I6bteWiRHsGq21emYOsdD4A3sEjXfSVq4T+TbayDcRWGbDOVIN2Vmg/jZA5/2F29LMTZdvH7Gy3KLDlTFMX+LcHkB3YWdCxRbBL67cT+gP+fZytaN6Zf8U2PSBYIpawo+XW3e8c7GSAk9U2d6s3W8Q7RtkqAOhmAttF/3aQ2elAOXvA7MCrk13oQuY64fl/BLlyLeSU2fzXjluuHekyaGpv0/6cZosbt+OBktiV3tmCOeJOnVHKda7aZcZCyM6UWSYd2ef2Z9iB+Zvd2xey6ma/26reLvgf2wFy+7Zg5qi18C83ijLeciZuFBEw6IigdwIyC7ez52c6euF/LQLveEdWn+1lG56dTyQjknsLLdfTzsVtC7HMf7Wg27OIOcTfisFy+8jFVei8hjtSdmyPbR+z5ULmFlJ3bf+lT0vMKBVLa6u6MwbGZMstwm6YeFvRkJUzB8ts8x4yzx35oq1uPrbNcKsbqFv3v5Wv3x2OFmTf9BLbOhA61oksxypTZtLcu7D+7bKz1U207IetZdPqiABFMNsziDvjYJlktph3UYd0KE6ri7IbENodq8yaC208tEPlNrrf3ttN7Q5eBna0pIOOnVnM3HI8iS3r1SlY6Nhi+Tc57W6SbTJoKey8/tZBSNOR5YctfbWP27EF3x0OO6e7OtpbkL1FuAWLbJnbgo65VbCdiw9bIpDs77rUsSZiBx/S+WB/dhBDdiJkSz8iWc5PFyAKtOfYu4SuWnY+YtROgy0OlZjl8JiIiFb2JaWdmL9lgJB9USw3M5Urx+26ub3NznvZIvpWlxlyQRYtE4G2v5yfTMhsVbZPzMoYkzaD0h61i7vApO1mLRPV7ngE2D7NnVewJplzAGbO8SARwTLanoWsoEnsVC8zg9xr3v/mYG2RAhMRK/uQXreR87bo24WXv5WX3JUD2abErazIZweNrGhlGRhLwNrBMhsykZK5jdJsywiJbarZxLTkrOv+O1O20UpoPweW7YBlzXUbUUd7JndL5a3vNLZfw+64sde2zmJ7BNZN9x1uWvv3HRmr3FpZ1hCjQzaFNmWekdcMfkJHmwxGGSd1J9e/TW+IVkZCOg6Nt2PWaaumaxBNsQvluJ2lYCJhsGvn+LL73BFnP0MEAToMh8kOlt0mgAQEy8zSi1nYZjk5W3SvhYDRRurtL7d0LHYY2nbnO6Pn2ta13ZkVcpwsgPYguxNFt9Crq62hDN0sLCQsS2JnMi/tuAqC3jGnLW8BS+jQbxmZMbJ+zsLIVuI7Dx2O+RZbKFhiR8CV+RmGLeRpz2hbHQFZm71trye00b1NrrbYnXY+aLM/neTYYIveal/TrCCyzYZn1q0t09VuX6zMOnR7INzqvKOV6/RvS2Iy/JIJ8LY4XW382taf1FZPaJ/nTsxfbMvgmVn6teN8okUnh07o0ItWm4OVwWJnuSDzEyXb9n1EQ0+jJxMU5vuoKC9DTyURTAs9nUaWZYjF8Pl80NhE7z49cdhtyIKInk5iV0TyXXby7AqylaaypAAjEUG20ngcKppo4tIkjE
"deleted": false,
"disable_correlation": false,
"timestamp": "1521571798",
"to_ids": false,
"type": "attachment",
"uuid": "5aabb437-d698-4ee1-911a-38bc950d210f",
"value": "Svcsrv.bat_screenshot.png"
},
{
"category": "External analysis",
"comment": "",
"deleted": false,
"disable_correlation": false,
"timestamp": "1521571798",
"to_ids": false,
"type": "link",
"uuid": "5aaf6851-39f8-4366-8927-4a0a950d210f",
"value": "https://www.us-cert.gov/sites/default/files/publications/TA18-074A_WHITE.csv",
"Tag": [
{
"colour": "#002b4a",
chg: [feed] updated
2024-04-05 12:15:17 +00:00
"local": false,
chg: [gen] updated
2023-12-14 14:30:15 +00:00
"name": "osint:source-type=\"technical-report\"",
"relationship_type": ""
}
]
},
{
"category": "External analysis",
"comment": "",
"deleted": false,
"disable_correlation": false,
"timestamp": "1521571799",
"to_ids": false,
"type": "link",
"uuid": "5aaf6851-376c-45b2-a61b-4317950d210f",
"value": "https://www.us-cert.gov/sites/default/files/publications/TA18-074A_WHITE_STIX.xml",
"Tag": [
{
"colour": "#002b4a",
chg: [feed] updated
2024-04-05 12:15:17 +00:00
"local": false,
chg: [gen] updated
2023-12-14 14:30:15 +00:00
"name": "osint:source-type=\"technical-report\"",
"relationship_type": ""
}
]
},
{
"category": "External analysis",
"comment": "",
"deleted": false,
"disable_correlation": false,
"timestamp": "1521571799",
"to_ids": false,
"type": "link",
"uuid": "5aaf6851-027c-4060-a698-46d7950d210f",
"value": "https://www.us-cert.gov/sites/default/files/publications/MIFR-10127623_TLP_WHITE.pdf",
"Tag": [
{
"colour": "#002b4a",
chg: [feed] updated
2024-04-05 12:15:17 +00:00
"local": false,
chg: [gen] updated
2023-12-14 14:30:15 +00:00
"name": "osint:source-type=\"technical-report\"",
"relationship_type": ""
}
]
},
{
"category": "External analysis",
"comment": "",
"deleted": false,
"disable_correlation": false,
"timestamp": "1521571800",
"to_ids": false,
"type": "link",
"uuid": "5aaf6851-342c-4497-9963-47dc950d210f",
"value": "https://www.us-cert.gov/sites/default/files/publications/MIFR-10127623_TLP_WHITE_stix.xml",
"Tag": [
{
"colour": "#002b4a",
chg: [feed] updated
2024-04-05 12:15:17 +00:00
"local": false,
chg: [gen] updated
2023-12-14 14:30:15 +00:00
"name": "osint:source-type=\"technical-report\"",
"relationship_type": ""
}
]
},
{
"category": "External analysis",
"comment": "",
"deleted": false,
"disable_correlation": false,
"timestamp": "1521571800",
"to_ids": false,
"type": "link",
"uuid": "5aaf6851-1a5c-4917-b05f-4794950d210f",
"value": "https://www.us-cert.gov/sites/default/files/publications/MIFR-10128327_TLP_WHITE.pdf",
"Tag": [
{
"colour": "#002b4a",
chg: [feed] updated
2024-04-05 12:15:17 +00:00
"local": false,
chg: [gen] updated
2023-12-14 14:30:15 +00:00
"name": "osint:source-type=\"technical-report\"",
"relationship_type": ""
}
]
},
{
"category": "External analysis",
"comment": "",
"deleted": false,
"disable_correlation": false,
"timestamp": "1521571801",
"to_ids": false,
"type": "link",
"uuid": "5aaf6851-c720-4ff2-968d-4a0d950d210f",
"value": "https://www.us-cert.gov/sites/default/files/publications/MIFR-10128327_TLP_WHITE_stix.xml",
"Tag": [
{
"colour": "#002b4a",
chg: [feed] updated
2024-04-05 12:15:17 +00:00
"local": false,
chg: [gen] updated
2023-12-14 14:30:15 +00:00
"name": "osint:source-type=\"technical-report\"",
"relationship_type": ""
}
]
},
{
"category": "External analysis",
"comment": "",
"deleted": false,
"disable_correlation": false,
"timestamp": "1521571801",
"to_ids": false,
"type": "link",
"uuid": "5aaf6851-71f0-4809-a12d-40ea950d210f",
"value": "https://www.us-cert.gov/sites/default/files/publications/MIFR-10128336_TLP_WHITE.pdf",
"Tag": [
{
"colour": "#002b4a",
chg: [feed] updated
2024-04-05 12:15:17 +00:00
"local": false,
chg: [gen] updated
2023-12-14 14:30:15 +00:00
"name": "osint:source-type=\"technical-report\"",
"relationship_type": ""
}
]
},
{
"category": "External analysis",
"comment": "",
"deleted": false,
"disable_correlation": false,
"timestamp": "1521571803",
"to_ids": false,
"type": "link",
"uuid": "5aaf6851-1874-46fe-b7dc-45e3950d210f",
"value": "https://www.us-cert.gov/sites/default/files/publications/MIFR-10128336_TLP_WHITE_stix.xml",
"Tag": [
{
"colour": "#002b4a",
chg: [feed] updated
2024-04-05 12:15:17 +00:00
"local": false,
chg: [gen] updated
2023-12-14 14:30:15 +00:00
"name": "osint:source-type=\"technical-report\"",
"relationship_type": ""
}
]
},
{
"category": "External analysis",
"comment": "",
"deleted": false,
"disable_correlation": false,
"timestamp": "1521571803",
"to_ids": false,
"type": "link",
"uuid": "5aaf6851-19b4-4d1d-ac9a-4b86950d210f",
"value": "https://www.us-cert.gov/sites/default/files/publications/MIFR-10128830_TLP_WHITE.pdf",
"Tag": [
{
"colour": "#002b4a",
chg: [feed] updated
2024-04-05 12:15:17 +00:00
"local": false,
chg: [gen] updated
2023-12-14 14:30:15 +00:00
"name": "osint:source-type=\"technical-report\"",
"relationship_type": ""
}
]
},
{
"category": "External analysis",
"comment": "",
"deleted": false,
"disable_correlation": false,
"timestamp": "1521571804",
"to_ids": false,
"type": "link",
"uuid": "5aaf6851-87d4-41cf-8a05-4918950d210f",
"value": "https://www.us-cert.gov/sites/default/files/publications/MIFR-10128830_TLP_WHITE_stix.xml",
"Tag": [
{
"colour": "#002b4a",
chg: [feed] updated
2024-04-05 12:15:17 +00:00
"local": false,
chg: [gen] updated
2023-12-14 14:30:15 +00:00
"name": "osint:source-type=\"technical-report\"",
"relationship_type": ""
}
]
},
{
"category": "External analysis",
"comment": "",
"deleted": false,
"disable_correlation": false,
"timestamp": "1521571804",
"to_ids": false,
"type": "link",
"uuid": "5aaf6851-839c-43aa-ae8b-455e950d210f",
"value": "https://www.us-cert.gov/sites/default/files/publications/MIFR-10128883_TLP_WHITE.pdf",
"Tag": [
{
"colour": "#002b4a",
chg: [feed] updated
2024-04-05 12:15:17 +00:00
"local": false,
chg: [gen] updated
2023-12-14 14:30:15 +00:00
"name": "osint:source-type=\"technical-report\"",
"relationship_type": ""
}
]
},
{
"category": "External analysis",
"comment": "",
"deleted": false,
"disable_correlation": false,
"timestamp": "1521571805",
"to_ids": false,
"type": "link",
"uuid": "5aaf6851-18a8-4952-80ce-4007950d210f",
"value": "https://www.us-cert.gov/sites/default/files/publications/MIFR-10128883_TLP_WHITE_stix.xml",
"Tag": [
{
"colour": "#002b4a",
chg: [feed] updated
2024-04-05 12:15:17 +00:00
"local": false,
chg: [gen] updated
2023-12-14 14:30:15 +00:00
"name": "osint:source-type=\"technical-report\"",
"relationship_type": ""
}
]
},
{
"category": "External analysis",
"comment": "",
"deleted": false,
"disable_correlation": false,
"timestamp": "1521571805",
"to_ids": false,
"type": "link",
"uuid": "5aaf6851-5cb4-4aaf-b026-4e97950d210f",
"value": "https://www.us-cert.gov/sites/default/files/publications/MIFR-10135300_TLP_WHITE.pdf",
"Tag": [
{
"colour": "#002b4a",
chg: [feed] updated
2024-04-05 12:15:17 +00:00
"local": false,
chg: [gen] updated
2023-12-14 14:30:15 +00:00
"name": "osint:source-type=\"technical-report\"",
"relationship_type": ""
}
]
},
{
"category": "External analysis",
"comment": "",
"deleted": false,
"disable_correlation": false,
"timestamp": "1521571806",
"to_ids": false,
"type": "link",
"uuid": "5aaf6851-d9c8-469a-b348-42ab950d210f",
"value": "https://www.us-cert.gov/sites/default/files/publications/MIFR-10135300_TLP_WHITE_stix.xml",
"Tag": [
{
"colour": "#002b4a",
chg: [feed] updated
2024-04-05 12:15:17 +00:00
"local": false,
chg: [gen] updated
2023-12-14 14:30:15 +00:00
"name": "osint:source-type=\"technical-report\"",
"relationship_type": ""
}
]
},
{
"category": "Network activity",
"comment": "",
"deleted": false,
"disable_correlation": false,
"timestamp": "1521571806",
"to_ids": true,
"type": "ip-dst",
"uuid": "5aaf7073-dc2c-4e31-82a8-4a41950d210f",
"value": "62.8.193.206"
},
{
"category": "Network activity",
"comment": "",
"deleted": false,
"disable_correlation": false,
"timestamp": "1521571807",
"to_ids": true,
"type": "ip-dst",
"uuid": "5aaf982c-1118-489e-b7ff-4f4d950d210f",
"value": "91.183.104.150"
},
{
"category": "Network activity",
"comment": "",
"deleted": false,
"disable_correlation": false,
"timestamp": "1521571807",
"to_ids": true,
"type": "domain",
"uuid": "5aaf9cab-e298-487c-9dda-4755950d210f",
"value": "bit.ly"
},
{
"category": "Network activity",
"comment": "",
"deleted": false,
"disable_correlation": false,
"timestamp": "1521571808",
"to_ids": true,
"type": "domain",
"uuid": "5aaf9cab-f820-4bf0-bbb6-4b9c950d210f",
"value": "tinyurl.com"
},
{
"category": "Network activity",
"comment": "",
"deleted": false,
"disable_correlation": false,
"timestamp": "1521571808",
"to_ids": true,
"type": "domain",
"uuid": "5aaf9cac-325c-458d-bb6b-47de950d210f",
"value": "imageliners.com"
},
{
"category": "Network activity",
"comment": "",
"deleted": false,
"disable_correlation": false,
"timestamp": "1521571809",
"to_ids": true,
"type": "ip-dst",
"uuid": "5aaf9cd4-e97c-4b38-8307-467b950d210f",
"value": "67.199.248.10"
},
{
"category": "Network activity",
"comment": "",
"deleted": false,
"disable_correlation": false,
"timestamp": "1521571809",
"to_ids": true,
"type": "ip-dst",
"uuid": "5aaf9cd5-4b70-40d6-bf68-4d34950d210f",
"value": "104.20.219.42"
},
{
"category": "Network activity",
"comment": "",
"deleted": false,
"disable_correlation": false,
"timestamp": "1521571810",
"to_ids": true,
"type": "ip-dst",
"uuid": "5aaf9cd5-e9c8-420a-9778-4268950d210f",
"value": "192.81.76.117"
},
{
"category": "Payload delivery",
"comment": "Screenshot of document.PDF",
"data": "iVBORw0KGgoAAAANSUhEUgAAAlgAAAHYCAYAAACRPpaZAAAABHNCSVQICAgIfAhkiAAAIABJREFUeJzsvWmsJOd57/ervbp6Pd1nP2c2coaLZrjYpkia1mLL0dWNryUZ+qDIjh0lMSTDuXYQ2EiCGImhDxJkIPlgGAhwE8sXN4Fi+SoG5FzDjiXRkWRJtCiKErfhLBzOdva196693nyoft/pGZHTktvHh5LPIxzV8PSprqq3lvdf/+f//B/t0vZF0ZiZpRl1SbKMmlsmDXycIKPuFOnsdKjNzOEPBvSiBLdUpugV2VzfZW6mThD2ECLG8zzSNGVvb49isUihUCBNU/r9PsVikX6/T7lcpt/vU5uaIgwCwjAEQNM0hBBEUYSmaei6jmVZCCGI45h6vU6/3yeKIiqVitpOo9Gg1WoxPT1Nt9tFCAFAoVDAcV3W19aoVCoA6LoOQJZlZFmmtmuaJkII2u02C0tL7O3sYNs2lmUxGAwwTRPP89jf31fH6HkenU6HarXKYDAgiiJqtRq9Xk+tNzU1RRAExHE+Nt1uV31XFEV0u10Mw8CyLBzHAVDj4Xkeuq4TRRGmadJutwGo1+t0u11KpRKdTodao04URaQiI01ThBDouo6u6wghSNMUTdM4zBi3fXkuDur75TXxZiGvizeLcftnGMZdP0/TdKLtTxrj9t80zbt+Pm7/x8Wk53/S63fS6yNJkom2Py7G7d+k18dBj/+49ceN70E/n8bt37jxnXT/J11/3P4d9P056fNzXEx6/RhZfgx3HocgQwiBaepomkaWJWqOlBgj3/98/vd9n0ajQRAE9Pt9XNcljmM0TcN1XVzXZWNjgyRJWFxcpN1uo+s6GiZhGGIYBoZh0Ol0OHX6NFdfe41yuYz27KvfFDdu3MB1HfRMIIKYaqFI3A/I4oRKpcZ+q4PuFphdWmZ1dRORaZSLZUSaYNn5Qezs7OB5HpVKhXa7jRCCUqlEkiRkWaYm+yAIKJVKCCHIsow4jimXy2RZpgBJpVIhyzLCMETTNOI4JssyBUTygdExDAPTNBkMBqRpSqFQQNM09vf3c5A1/Ht5EZqmiWEYan/kYAshsCwL0zRptVq4rosQgiRJME2TOI4xDINCoUC73cZ1XQWACoUCg8EAx3EQQihgUygUFGDsdrvMzMzgOA5ra2sUCgUajQb9fp8kSdRD3LIssiwjiiJ0XcdxHLIsw3VdALrdLmmaMj8/T7vdptlpUygUEMNrS1448uKRY3yQcdAT4KTrj7tBxz2gDnoCmHT/x4VlWXf9fNIH9LgYd3zj9i+O4wPd/rgYB0An3f644ztogHXQAGDSCfqw779J1z/o8T3oF9S3+vrG8PDvHKdM5M+1JImGcyLfNy/mBE6KYRiK3HAcB9u2SZKEOI7V/d9sNllcXFQ4pdFocO3aDepTDUzTVL+XBAvAwsIC2us3XhKf/z//L2pYaB2f3tYO9546xSDL2AsH2DN1bu7usLG7z4l7T9Pd72EZNnMzc2zvbOH3mywuzrOxsYFt2ywvL7OxsUGapszNzeH7Pt1ul3K5rACTaZpYloWu6/R6PYrFInEcY1kWnU6HSqWi/jbLMmzbVkCq1WpRqVSYnp5mbW2NRqNBGIYUi0WazSae5+H7fo4uh4BDPsQcx1EgJkkSdfHHcUyj0aDZbJKmqXroW5ZFsVhkZ2eHYrGIYRikaYpt2xQKBTY2NrAsSzFN5XKZbrerTrhhGFQqFZrNJoVCgTiOCcMwB0VD1CzBpq7r6kRJ5GzbNu12G8uysCwL3/fxPO8WOM3yfZEASzJX8uIZBVsHFZM+IA57ArFt+66fHzTDddhvqId9fg56Ap10Aj/oCeSwGaxxMen1MSnAmvT4D/v8/6gDzIMen3HPx3Hfb2T6kMG6fZwlgyVEegfmyJ+paZqSZRmW5eD7IYuLiwwGA/r9Ppqm4fs+5XKZdrtNvV7H8zyuX7+OpmlMTU0Rx3FOxGQ5+FpYWFBZKtu26Xa7OWnjxAI3SInWdin5GceFxRmtAtNlmmZKp2jyzn/x83zxq3/H7n6ThflZEj+mvbdHQddxqzWSJGFmZoZer0cQBCoNJpFcfiAWSZJgWZYCTwCu65IkiQJJo+ixUqnQ7/cpFArqZDQaDQVUJDAb/X4JdCR7pGkalmWp7SVJoiYtSf/puk6SJNi2TblcptPpYNv2balA0zTZ399X6U5N05iZmaHb7WLbNpqm4Xke/X4fwzAQQuC6rmLXJOBrNBrYtq1AVLvdplqtYhgG/X4fgGKxiK7rihkrFosKeBUKBZrNJqVSiYpXoNPpkGaZ+n7JyEnANikDMi7G3gAT3kDjYtIH/KRvgJOmWMbt36Tnb9IH/KTbnzTFNO76mXT7B80QjItxDNlB3x+TTqCTjs9BP58mZZAOmqEaF4f9AnDQAHBigKXdAljyb4UQCPJ58Ny5R4jjcJguNNF1biMg9vc7/OVf/iXLy8ucOXOGMAypz8wQ+T5pmuI4Dmma8vTTT3Px4kU+/OEPMz09zc2bNzlz5gzbWzucOnUKXdepT0/T73b5/Oc/TxAEvPvd78ZMdtqcLDV49epLNFd3mTEKPPPK6+yIgBtRjyf+k1/k5973Xu4/cZLt9U2sQkoaRSTNNk8++SRO3eMr3/gqCwsLCCHodruK7RkMBiptKIGNYRgqbQi39EaO4+D7PpqmqXRckiSK5fJ9H9d1efjhh7l8+TJ7e3ucOHGCZrOJ7/u0222KxSKQp9KyLOPcuXMAijHa399XLJVhGOi6ThAEZFlGq9Vifn6e6elp9vf3iaJIpet+4id+gn6/r9ikTqcDwFNPPcXa2hr7+/sMBgOCIFAIVqYKpfZscXGRbrdLr9djb2+PQqGgcr2SqRvNDcvxaTQanD59mtXVVfb29hTws22bZrOpWLUsy1QKVLJnEuAdZBx0CmFcHPQD9KAB1LiY9A1+XArusAHeOAbxrZ7CHBeHDeAOWwM1Lg4aQBy2xnPSOOwX5IO+fibVqGq3abAEkJ/vHGRl9Pt9ut0uvt9XJIQQAsPIM0Sbm7tcvHiRX/7lX+Zv/uZv+O3f/m1FoBQKBXzf5wtf+ALPPvusmmOvXr2Kpmn80R/9Ee9+188qrPP8v//3vPe97+WrX/0qH/jAB3JQJ4RgqlEn0nV2Bh0MFzxD0At9NrbWKDkF1m+ukKQRrfY+4SDg2NwSpWqJpeNLBMR0u12OHTumUmRxHLO4uEi1WmV3d5e5uTlWVlZwHAfXdSkWi2pQut0uhUKBUqnEzZs3qdfruK6Lbdusrq6yuLio2KBms0mlUuHUqVPs7++ztbUFwNLSkkoDyjShaZrMzMzQbrcplUoqVbm7u6uE5UmSUK/X0XWdLMt4+OGHFSt29epVGo0Gg8GAxcVFrly5ovbTsixarRaO4zA/P0+/38f3ffb39xXbpWkaW1tbVKtV3ve+99Fut7l+/ToPPfQQ3/nOd+h2u9x7771kWcbu7i5RFKl1O50OWZZRLpcplUrq2EeLB3zfVynIbr9HGIYKxMqxCMPwwG/QSVNckz4AJ33DmnSCH8dATArQDvoBdtAMxbjzc9Ai8knHf1KAd9gpvkkZ3ElTeIedIh4XB/2CcdApuLf6+I2LiV9wRwBW/l0aQqRKD+04DoPBAE0zgFuaa8gF7pVKRaX7BoMB586d4xd+4RdIkoRms8mzzz7L9PQ0xWKR69evMxgMmJ/PJVFf//rX+eu/+n/5wz/8Q97//vfzm7/5m3Q6HVV053keZtvIWE37uD91mrl75njk9H28//2/BNUqa6+8xNJTj0PRpfHAvbxy8zqdXp+z736c9Ss3GRgJhqHz6KOPMjs7C8Di4iKtVot77rlHsUWPPfYYURRx/PhxPM+jWCwyGAyI4xjf91WK0bZt3va2t7G/v0+lUsGyLB577DFu3rzJ7OwsV69eVaBja2uLvb095ufneeKJJ1hZWcF1XW7cuMF9992nqu36/T6WZdHv94cDnafpZPpPAq7p6WkA2u02jUaDF198kfn5eVqtlmLVzpw5QxzHzMzMsL6+jmVZlEol5ubmOHnyJNvb25w8eVJVEw
"deleted": false,
"disable_correlation": false,
"timestamp": "1521571810",
"to_ids": false,
"type": "attachment",
"uuid": "5aaf9ddc-77ec-45d3-a654-4526950d210f",
"value": "document.png"
},
{
"category": "Network activity",
"comment": "",
"deleted": false,
"disable_correlation": false,
"timestamp": "1521571811",
"to_ids": true,
"type": "url",
"uuid": "5aafa25c-ed90-4c3b-b416-440d950d210f",
"value": "bit.ly/2m0x8IH"
},
{
"category": "Network activity",
"comment": "",
"deleted": false,
"disable_correlation": false,
"timestamp": "1521571811",
"to_ids": true,
"type": "url",
"uuid": "5aafa25c-30fc-40eb-948c-4f24950d210f",
"value": "tinyurl.com/h3sdqck"
},
{
"category": "Network activity",
"comment": "",
"deleted": false,
"disable_correlation": false,
"timestamp": "1521571812",
"to_ids": true,
"type": "url",
"uuid": "5aafa25d-ae18-45ba-ad07-49cc950d210f",
"value": "www.imageliners.com/nitel"
},
{
"category": "Network activity",
"comment": "",
"deleted": false,
"disable_correlation": false,
"timestamp": "1521571812",
"to_ids": true,
"type": "url",
"uuid": "5aafa25d-5abc-4c94-91df-45dd950d210f",
"value": "file://184.154.150.66/ame_icon.png"
},
{
"category": "Network activity",
"comment": "",
"deleted": false,
"disable_correlation": false,
"timestamp": "1521571813",
"to_ids": true,
"type": "url",
"uuid": "5aafa25e-ad70-436d-8a73-4bc1950d210f",
"value": "https://167.114.44.147/A56WY"
},
{
"category": "Network activity",
"comment": "",
"deleted": false,
"disable_correlation": false,
"timestamp": "1521571813",
"to_ids": true,
"type": "url",
"uuid": "5aafa25e-fd58-4bc0-b276-471b950d210f",
"value": "http://187.130.251.249/img/bson021.dat?0"
},
{
"category": "Network activity",
"comment": "",
"deleted": false,
"disable_correlation": false,
"timestamp": "1521571814",
"to_ids": true,
"type": "url",
"uuid": "5aafa25f-e520-4a9c-a67c-43e3950d210f",
"value": "http://www.oilandgaseng.com/fileadmin/templates/Redesign_2013_V2/js/loginbox_og.js"
},
{
"category": "Network activity",
"comment": "",
"deleted": false,
"disable_correlation": false,
"timestamp": "1521571814",
"to_ids": true,
"type": "url",
"uuid": "5aafa25f-c14c-47e8-b2d0-443f950d210f",
"value": "http://www.plantengineering.com/typo3conf/ext/t3s_jslidernews/res/js/jquery.easing.js"
},
{
"category": "Network activity",
"comment": "",
"deleted": false,
"disable_correlation": false,
"timestamp": "1521571815",
"to_ids": true,
"type": "url",
"uuid": "5aafa25f-5158-45ad-968a-4ba1950d210f",
"value": "http://www.controleng.com/typo3conf/ext/t3s_jslidernews/res/js/jquery.easing.js"
},
{
"category": "Network activity",
"comment": "",
"deleted": false,
"disable_correlation": false,
"timestamp": "1521571816",
"to_ids": true,
"type": "url",
"uuid": "5aafa260-a274-4dfd-8438-47bb950d210f",
"value": "http://www.csemag.com/typo3conf/ext/t3s_jslidernews/res/js/jquery.easing.js"
},
{
"category": "Network activity",
"comment": "",
"deleted": false,
"disable_correlation": false,
"timestamp": "1521571816",
"to_ids": true,
"type": "ip-dst",
"uuid": "5aafb4a2-c004-4745-81c5-4a39950d210f",
"value": "96.126.116.217"
},
{
"category": "Network activity",
"comment": "",
"deleted": false,
"disable_correlation": false,
"timestamp": "1521571817",
"to_ids": true,
"type": "ip-dst",
"uuid": "5aafb4a3-d350-4081-b38e-44ee950d210f",
"value": "203.113.4.230"
},
{
"category": "Network activity",
"comment": "",
"deleted": false,
"disable_correlation": false,
"timestamp": "1521571817",
"to_ids": true,
"type": "ip-dst",
"uuid": "5aafb4a3-adf0-464b-824a-4414950d210f",
"value": "149.210.156.198"
},
{
"category": "Network activity",
"comment": "",
"deleted": false,
"disable_correlation": false,
"timestamp": "1521571818",
"to_ids": true,
"type": "ip-dst",
"uuid": "5aafb4a4-9098-4ae9-ac4e-4faf950d210f",
"value": "151.80.163.14"
},
{
"category": "Payload delivery",
"comment": "",
"deleted": false,
"disable_correlation": false,
"timestamp": "1521493822",
"to_ids": true,
"type": "filename",
"uuid": "5aafcf32-a0d0-472c-ad6d-47d6950d210f",
"value": "corp_rules(2016).docx"
},
{
"category": "Payload delivery",
"comment": "",
"deleted": false,
"disable_correlation": false,
"timestamp": "1521493823",
"to_ids": true,
"type": "filename",
"uuid": "5aafcf32-0a20-4249-a2ed-42ac950d210f",
"value": "invite.docx"
},
{
"category": "Payload delivery",
"comment": "",
"deleted": false,
"disable_correlation": false,
"timestamp": "1521571818",
"to_ids": true,
"type": "filename",
"uuid": "5aafcf33-d740-4658-9a3a-4593950d210f",
"value": "d.txt"
},
{
"category": "Payload delivery",
"comment": "",
"deleted": false,
"disable_correlation": false,
"timestamp": "1521571819",
"to_ids": true,
"type": "filename",
"uuid": "5aafcf33-5330-452f-89ce-4fa3950d210f",
"value": "httpconf.aspx"
},
{
"category": "Payload delivery",
"comment": "",
"deleted": false,
"disable_correlation": false,
"timestamp": "1521571819",
"to_ids": true,
"type": "filename",
"uuid": "5aafcf33-13b0-4998-9fd7-4bcd950d210f",
"value": "Chromex64.exe"
},
{
"category": "Payload delivery",
"comment": "",
"deleted": false,
"disable_correlation": false,
"timestamp": "1521571819",
"to_ids": true,
"type": "filename",
"uuid": "5aafcf34-5978-47ac-99e3-48ca950d210f",
"value": "header.php"
},
{
"category": "Payload delivery",
"comment": "",
"deleted": false,
"disable_correlation": false,
"timestamp": "1521571820",
"to_ids": true,
"type": "filename",
"uuid": "5aafcf49-00b4-494e-991b-4089950d210f",
"value": "zervit32"
},
{
"category": "Artifacts dropped",
"comment": "",
"deleted": false,
"disable_correlation": false,
"timestamp": "1521571820",
"to_ids": false,
"type": "yara",
"uuid": "5ab0b986-831c-4e6a-b8eb-4034950d210f",
"value": "rule APT_malware_1\r\n\r\n{\r\n\r\nmeta:\r\n\r\n description = \"inveigh pen testing tools & related artifacts\"\r\n\r\n author = \"DHS | NCCIC Code Analysis Team\" \r\n\r\n date = \"2017/07/17\"\r\n\r\n hash0 = \"61C909D2F625223DB2FB858BBDF42A76\"\r\n\r\n hash1 = \"A07AA521E7CAFB360294E56969EDA5D6\"\r\n\r\n hash2 = \"BA756DD64C1147515BA2298B6A760260\"\r\n\r\n hash3 = \"8943E71A8C73B5E343AA9D2E19002373\"\r\n\r\n hash4 = \"04738CA02F59A5CD394998A99FCD9613\"\r\n\r\n hash5 = \"038A97B4E2F37F34B255F0643E49FC9D\"\r\n\r\n hash6 = \"65A1A73253F04354886F375B59550B46\"\r\n\r\n hash7 = \"AA905A3508D9309A93AD5C0EC26EBC9B\"\r\n\r\n hash8 = \"5DBEF7BDDAF50624E840CCBCE2816594\"\r\n\r\n hash9 = \"722154A36F32BA10E98020A8AD758A7A\"\r\n\r\n hash10 = \"4595DBE00A538DF127E0079294C87DA0\"\r\n\r\nstrings:\r\n\r\n $s0 = \"file://\"\r\n\r\n $s1 = \"/ame_icon.png\"\r\n\r\n $s2 = \"184.154.150.66\"\r\n\r\n $s3 = { 87D081F60C67F5086A003315D49A4000F7D6E8EB12000081F7F01BDD21F7DE }\r\n\r\n $s4 = { 33C42BCB333DC0AD400043C1C61A33C3F7DE33F042C705B5AC400026AF2102 }\r\n\r\n $s5 = \"(g.charCodeAt(c)^l[(l[b]+l[e])%256])\"\r\n\r\n $s6 = \"for(b=0;256>b;b++)k[b]=b;for(b=0;256>b;b++)\"\r\n\r\n $s7 = \"VXNESWJfSjY3grKEkEkRuZeSvkE=\"\r\n\r\n $s8 = \"NlZzSZk=\"\r\n\r\n $s9 = \"WlJTb1q5kaxqZaRnser3sw==\"\r\n\r\n $s10 = \"for(b=0;256>b;b++)k[b]=b;for(b=0;256>b;b++)\"\r\n\r\n $s11 = \"fromCharCode(d.charCodeAt(e)^k[(k[b]+k[h])%256])\"\r\n\r\n $s12 = \"ps.exe -accepteula \\\\%ws% -u %user% -p %pass% -s cmd /c netstat\"\r\n\r\n $s13 = { 22546F6B656E733D312064656C696D733D5C5C222025254920494E20286C6973742E74787429 }\r\n\r\n $s14 = { 68656C6C2E657865202D6E6F65786974202D657865637574696F6E706F6C69637920627970617373202D636F6D6D616E6420222E202E5C496E76656967682E70 }\r\n\r\n $s15 = { 476F206275696C642049443A202266626433373937623163313465306531 }\r\n\r\n//inveigh pentesting tools\r\n\r\n $s16 = { 24696E76656967682E7374617475735F71756575652E4164642822507265737320616E79206B657920746F2073746F70207265616C2074696D65 }\r\n\r\n//specific malicious word document PK archive\r\n\r\n $s17 = { 2F73657474696E67732E786D6CB456616FDB3613FEFE02EF7F10F4798E64C54D06A14ED125F19A225E87C9FD0194485B }\r\n\r\n $s18 = { 6C732F73657474696E67732E786D6C2E72656C7355540500010076A41275780B0001040000000004000000008D90B94E03311086EBF014D6F4D87B48214471D2 }\r\n\r\n $s19 = { 8D90B94E03311086EBF014D6F4D87B48214471D210A41450A0E50146EBD943F8923D41C9DBE3A54A240ACA394A240ACA39 }\r\n\r\n $s20 = { 8C90CD4EEB301085D7BD4F61CDFEDA092150A1BADD005217B040E10146F124B1F09FEC01B56F8FC3AA9558B0B4 }\r\n\r\n $s21 = { 8C90CD4EEB301085D7BD4F61CDFEDA092150A1BADD005217B040E10146F124B1F09FEC01B56F8FC3AA9558B0B4 }\r\n\r\n $s22 = \"5.153.58.45\"\r\n\r\n $s23 = \"62.8.193.206\"\r\n\r\n $s24 = \"/1/ree_stat/p\"\r\n\r\n $s25 = \"/icon.png\"\r\n\r\n $s26 = \"/pshare1/icon\"\r\n\r\n $s27 = \"/notepad.png\"\r\n\r\n $s28 = \"/pic.png\"\r\n\r\n $s29 = \"http://bit.ly/2m0x8IH\"\r\n\r\n \r\n\r\ncondition:\r\n\r\n ($s0 and $s1 or $s2) or ($s3 or $s4) or ($s5 and $s6 or $s7 and $s8 and $s9) or ($s10 and $s11) or ($s12 and $s13) or ($s14) or ($s15) or ($s16) or ($s17) or ($s18) or ($s19) or ($s20) or ($s21) or ($s0 and $s22 or $s24) or ($s0 and $s22 or $s25) or ($s0 and $s23 or $s26) or ($s0 and $s22 or $s27) or ($s0 and $s23 or $s28) or ($s29)\r\n\r\n}"
},
{
"category": "Artifacts dropped",
"comment": "",
"deleted": false,
"disable_correlation": false,
"timestamp": "1521571821",
"to_ids": false,
"type": "yara",
"uuid": "5ab0b9a7-7e68-4a8b-8381-4d90950d210f",
"value": "rule APT_malware_2\r\n\r\n{\r\n\r\nmeta:\r\n\r\n description = \"rule detects malware\"\r\n\r\n author = \"other\"\r\n\r\n \r\n\r\nstrings:\r\n\r\n $api_hash = { 8A 08 84 C9 74 0D 80 C9 60 01 CB C1 E3 01 03 45 10 EB ED }\r\n\r\n $http_push = \"X-mode: push\" nocase\r\n\r\n $http_pop = \"X-mode: pop\" nocase\r\n\r\n \r\n\r\ncondition:\r\n\r\n any of them\r\n\r\n}"
},
{
"category": "Artifacts dropped",
"comment": "",
"deleted": false,
"disable_correlation": false,
"timestamp": "1521571821",
"to_ids": false,
"type": "yara",
"uuid": "5ab0b9bd-c70c-4f9b-892c-4455950d210f",
"value": "rule Query_XML_Code_MAL_DOC_PT_2\r\n\r\n{\r\n\r\nmeta:\r\n\r\n name= \"Query_XML_Code_MAL_DOC_PT_2\"\r\n\r\n author = \"other\"\r\n\r\n \r\n\r\nstrings:\r\n\r\n \r\n\r\n $zip_magic = { 50 4b 03 04 }\r\n\r\n $dir1 = \"word/_rels/settings.xml.rels\"\r\n\r\n $bytes = {8c 90 cd 4e eb 30 10 85 d7}\r\n\r\n \r\n\r\ncondition:\r\n\r\n $zip_magic at 0 and $dir1 and $bytes\r\n\r\n}"
},
{
"category": "Artifacts dropped",
"comment": "",
"deleted": false,
"disable_correlation": false,
"timestamp": "1521571822",
"to_ids": false,
"type": "yara",
"uuid": "5ab0b9d5-57e8-46be-a71b-4f02950d210f",
"value": "rule Query_Javascript_Decode_Function\r\n\r\n{\r\n\r\nmeta:\r\n\r\n name= \"Query_Javascript_Decode_Function\"\r\n\r\n author = \"other\"\r\n\r\n \r\n\r\nstrings:\r\n\r\n $decode1 = {72 65 70 6C 61 63 65 28 2F 5B 5E 41 2D 5A 61 2D 7A 30 2D 39 5C 2B 5C 2F 5C 3D 5D 2F 67 2C 22 22 29 3B}\r\n\r\n $decode2 = {22 41 42 43 44 45 46 47 48 49 4A 4B 4C 4D 4E 4F 50 51 52 53 54 55 56 57 58 59 5A 61 62 63 64 65 66 67 68 69 6A 6B 6C 6D 6E 6F 70 71 72 73 74 75 76 77 78 79 7A 30 31 32 33 34 35 36 37 38 39 2B 2F 3D 22 2E 69 6E 64 65 78 4F 66 28 ?? 2E 63 68 61 72 41 74 28 ?? 2B 2B 29 29}\r\n\r\n $decode3 = {3D ?? 3C 3C 32 7C ?? 3E 3E 34 2C ?? 3D 28 ?? 26 31 35 29 3C 3C 34 7C ?? 3E 3E 32 2C ?? 3D 28 ?? 26 33 29 3C 3C 36 7C ?? 2C ?? 2B 3D [1-2] 53 74 72 69 6E 67 2E 66 72 6F 6D 43 68 61 72 43 6F 64 65 28 ?? 29 2C 36 34 21 3D ?? 26 26 28 ?? 2B 3D 53 74 72 69 6E 67 2E 66 72 6F 6D 43 68 61 72 43 6F 64 65 28 ?? 29}\r\n\r\n $decode4 = {73 75 62 73 74 72 69 6E 67 28 34 2C ?? 2E 6C 65 6E 67 74 68 29}\r\n\r\n $func_call=\"a(\\\"\"\r\n\r\n \r\n\r\ncondition:\r\n\r\n filesize < 20KB and #func_call > 20 and all of ($decode*)\r\n\r\n \r\n\r\n}"
},
{
"category": "Artifacts dropped",
"comment": "",
"deleted": false,
"disable_correlation": false,
"timestamp": "1521571822",
"to_ids": false,
"type": "yara",
"uuid": "5ab0b9e6-07f8-4b37-82dd-4ff1950d210f",
"value": "rule Query_XML_Code_MAL_DOC\r\n\r\n{\r\n\r\nmeta:\r\n\r\n name= \"Query_XML_Code_MAL_DOC\"\r\n\r\n author = \"other\"\r\n\r\n \r\n\r\nstrings:\r\n\r\n $zip_magic = { 50 4b 03 04 }\r\n\r\n $dir = \"word/_rels/\" ascii\r\n\r\n $dir2 = \"word/theme/theme1.xml\" ascii\r\n\r\n $style = \"word/styles.xml\" ascii\r\n\r\n \r\n\r\ncondition:\r\n\r\n $zip_magic at 0 and $dir at 0x0145 and $dir2 at 0x02b7 and $style at 0x08fd\r\n\r\n}"
},
{
"category": "Artifacts dropped",
"comment": "",
"deleted": false,
"disable_correlation": false,
"timestamp": "1521571823",
"to_ids": false,
"type": "yara",
"uuid": "5ab0bb05-aeb8-4762-a58b-42a7950d210f",
"value": "rule z_webshell\r\n\r\n{\r\n\r\nmeta:\r\n\r\n description = \"Detection for the z_webshell\"\r\n\r\n author = \"DHS NCCIC Hunt and Incident Response Team\"\r\n\r\n date = \"2018/01/25\"\r\n\r\n md5 = \"2C9095C965A55EFC46E16B86F9B7D6C6\"\r\n\r\n \r\n\r\nstrings:\r\n\r\n $aspx_identifier1 = \"<%@ \" nocase ascii wide\r\n\r\n $aspx_identifier2 = \"<asp:\" nocase ascii wide\r\n\r\n $script_import = /(import|assembly) Name(space)?\\=\\\"(System|Microsoft)/ nocase ascii wide\r\n\r\n $case_string = /case \\\"z_(dir|file|FM|sql)_/ nocase ascii wide\r\n\r\n $webshell_name = \"public string z_progname =\" nocase ascii wide\r\n\r\n $webshell_password = \"public string Password =\" nocase ascii wide\r\n\r\n \r\n\r\ncondition:\r\n\r\n 1 of ($aspx_identifier*)\r\n\r\n and #script_import > 10\r\n\r\n and #case_string > 7\r\n\r\n and 2 of ($webshell_*)\r\n\r\n and filesize < 100KB\r\n\r\n}"
},
{
"category": "Persistence mechanism",
"comment": "",
"deleted": false,
"disable_correlation": false,
"timestamp": "1521571823",
"to_ids": false,
"type": "regkey",
"uuid": "5ab0bd04-6bd0-4e34-9a8b-40b0950d210f",
"value": "HKLM\\SYSTEM\\CurrentControlSet\\Services\\SharedAccess\\Parameters\\FirewallPolicy\\StandardProfile\\GloballyOpenPorts\\List"
},
{
"category": "Persistence mechanism",
"comment": "",
"deleted": false,
"disable_correlation": false,
"timestamp": "1521571824",
"to_ids": false,
"type": "regkey",
"uuid": "5ab0bd04-aa44-47e9-807e-4899950d210f",
"value": "HKLM\\SYSTEM\\CurrentControlSet\\Services\\SharedAccess\\Parameters\\FirewallPolicy\\DomainProfile\\GloballyOpenPorts\\List"
},
{
"category": "Persistence mechanism",
"comment": "",
"deleted": false,
"disable_correlation": false,
"timestamp": "1521571824",
"to_ids": false,
"type": "regkey",
"uuid": "5ab0bd05-daf0-4b0f-b50a-4ce2950d210f",
"value": "HKLM\\SYSTEM\\CurrentControlSet\\Control\\Terminal Server\\Licensing Core"
},
{
"category": "Persistence mechanism",
"comment": "",
"deleted": false,
"disable_correlation": false,
"timestamp": "1521571825",
"to_ids": false,
"type": "regkey",
"uuid": "5ab0bd05-d250-4e32-8805-4fbd950d210f",
"value": "HKLM\\SOFTWARE\\Microsoft\\Windows NT\\CurrentVersion\\Winlogon"
},
{
"category": "Persistence mechanism",
"comment": "",
"deleted": false,
"disable_correlation": false,
"timestamp": "1521571825",
"to_ids": false,
"type": "regkey",
"uuid": "5ab0bd06-0ac0-4069-9545-4f16950d210f",
"value": "HKLM\\SOFTWARE\\Policies\\Microsoft\\Windows NT\\Terminal"
},
{
"category": "Persistence mechanism",
"comment": "",
"deleted": false,
"disable_correlation": false,
"timestamp": "1521571826",
"to_ids": false,
"type": "regkey",
"uuid": "5ab0bd06-a30c-46f0-9311-4ec2950d210f",
"value": "HKLM\\SYSTEM\\CurrentControlSet\\Control\\Terminal Services"
},
{
"category": "Persistence mechanism",
"comment": "",
"deleted": false,
"disable_correlation": false,
"timestamp": "1521571826",
"to_ids": false,
"type": "regkey",
"uuid": "5ab0bd06-b0c8-4bfb-8db2-4b0d950d210f",
"value": "HKLM\\SYSTEM\\CurrentControlSet\\Control\\Terminal Server"
},
{
"category": "Persistence mechanism",
"comment": "",
"deleted": false,
"disable_correlation": false,
"timestamp": "1521571827",
"to_ids": false,
"type": "regkey",
"uuid": "5ab0bd07-7ffc-4f86-b728-462e950d210f",
"value": "HKLM\\SOFTWARE\\Policies\\Microsoft\\Windows NT\\Terminal Services"
},
{
"category": "Persistence mechanism",
"comment": "",
"deleted": false,
"disable_correlation": false,
"timestamp": "1521571827",
"to_ids": false,
"type": "regkey",
"uuid": "5ab0be76-d008-415c-b8b4-45b7950d210f",
"value": "HKLM\\SOFTWARE\\Microsoft\\Windows NT\\CurrentVersion\\Winlogon\\SpecialAccounts\\UserList"
},
{
"category": "Payload delivery",
"comment": "",
"deleted": false,
"disable_correlation": false,
"timestamp": "1521571828",
"to_ids": true,
"type": "filename",
"uuid": "5ab0c9fd-d968-4d33-95f2-48c6950d210f",
"value": "admins.txt"
},
{
"category": "Payload delivery",
"comment": "",
"deleted": false,
"disable_correlation": false,
"timestamp": "1521571828",
"to_ids": true,
"type": "filename",
"uuid": "5ab0c9fe-b52c-447c-89db-4450950d210f",
"value": "completed_dclist.txt"
},
{
"category": "Payload delivery",
"comment": "",
"deleted": false,
"disable_correlation": false,
"timestamp": "1521571829",
"to_ids": true,
"type": "filename",
"uuid": "5ab0c9fe-0458-4fa9-a611-4deb950d210f",
"value": "completed_trusts.txt"
},
{
"category": "Payload delivery",
"comment": "",
"deleted": false,
"disable_correlation": false,
"timestamp": "1521571829",
"to_ids": true,
"type": "filename",
"uuid": "5ab0c9fe-51c0-4a4a-8d15-420b950d210f",
"value": "completed_zone.txt"
},
{
"category": "Payload delivery",
"comment": "",
"deleted": false,
"disable_correlation": false,
"timestamp": "1521571829",
"to_ids": true,
"type": "filename",
"uuid": "5ab0c9ff-2d9c-484f-ab37-486a950d210f",
"value": "comps.txt"
},
{
"category": "Payload delivery",
"comment": "",
"deleted": false,
"disable_correlation": false,
"timestamp": "1521571830",
"to_ids": true,
"type": "filename",
"uuid": "5ab0c9ff-5138-4e91-80db-40e2950d210f",
"value": "conditional_forwarders.txt"
},
{
"category": "Payload delivery",
"comment": "",
"deleted": false,
"disable_correlation": false,
"timestamp": "1521571830",
"to_ids": true,
"type": "filename",
"uuid": "5ab0c9ff-0e68-4bb8-93fe-42fb950d210f",
"value": "domain_zone.txt"
},
{
"category": "Payload delivery",
"comment": "",
"deleted": false,
"disable_correlation": false,
"timestamp": "1521571831",
"to_ids": true,
"type": "filename",
"uuid": "5ab0ca00-4fe4-4625-8105-45a4950d210f",
"value": "enum_zones.txt"
},
{
"category": "Payload delivery",
"comment": "",
"deleted": false,
"disable_correlation": false,
"timestamp": "1521571831",
"to_ids": true,
"type": "filename",
"uuid": "5ab0ca00-9b98-4190-b87c-4e7b950d210f",
"value": "users.txt"
},
{
"category": "Payload delivery",
"comment": "",
"deleted": false,
"disable_correlation": false,
"timestamp": "1521571832",
"to_ids": true,
"type": "filename",
"uuid": "5ab0ca6e-ecb0-4544-8ce9-4e11950d210f",
"value": "SYSTEM.zip"
},
{
"category": "Payload delivery",
"comment": "",
"deleted": false,
"disable_correlation": false,
"timestamp": "1521571832",
"to_ids": true,
"type": "filename",
"uuid": "5ab0ca6e-b890-4400-a29c-4f52950d210f",
"value": "comps.zip"
}
],
"Object": [
{
"comment": "PE32 executable (GUI) Intel 80386 (stripped to external PDB), for MS Windows",
"deleted": false,
"description": "File object describing a file with meta-information",
"meta-category": "file",
"name": "file",
"template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215",
"template_version": "9",
"timestamp": "1521193963",
"uuid": "5aab7c2b-3394-4760-97a3-4343950d210f",
"ObjectReference": [
{
"comment": "",
"object_uuid": "5aab7c2b-3394-4760-97a3-4343950d210f",
"referenced_uuid": "5aab8036-0898-4514-87cb-4dec950d210f",
chg: [feed] added
2023-04-21 13:25:09 +00:00
"relationship_type": "related-to",
chg: [gen] updated
2023-12-14 14:30:15 +00:00
"timestamp": "1521193960",
"uuid": "5aab93e8-b378-437e-99d0-4a20950d210f"
}
],
"Attribute": [
{
"category": "Payload delivery",
"comment": "",
"deleted": false,
"disable_correlation": true,
"object_relation": "filename",
"timestamp": "1521193190",
"to_ids": true,
"type": "filename",
"uuid": "5aab7c2b-ede0-4465-af34-4b4c950d210f",
"value": "s.exe"
},
{
"category": "Payload delivery",
"comment": "",
"deleted": false,
"disable_correlation": false,
"object_relation": "md5",
"timestamp": "1521193190",
"to_ids": true,
"type": "md5",
"uuid": "5aab7c2b-8290-449f-a10c-4089950d210f",
"value": "04738ca02f59a5cd394998a99fcd9613"
},
{
"category": "Other",
"comment": "",
"deleted": false,
"disable_correlation": true,
"object_relation": "state",
"timestamp": "1521193190",
"to_ids": false,
"type": "text",
"uuid": "5aab7c2b-f21c-4b13-9d09-4e6c950d210f",
"value": "Malicious"
},
{
"category": "Other",
"comment": "",
"deleted": false,
"disable_correlation": true,
"object_relation": "entropy",
"timestamp": "1521193190",
"to_ids": false,
"type": "float",
"uuid": "5aab90e6-dbe0-4d41-8cd4-4203950d210f",
"value": "5.41428754686"
},
{
"category": "Payload delivery",
"comment": "",
"deleted": false,
"disable_correlation": false,
"object_relation": "sha1",
"timestamp": "1521193190",
"to_ids": true,
"type": "sha1",
"uuid": "5aab90e6-53fc-4e46-abfb-44a3950d210f",
"value": "65fcc51f70b2213bce4d39de56646795fd62d169"
},
{
"category": "Payload delivery",
"comment": "",
"deleted": false,
"disable_correlation": false,
"object_relation": "ssdeep",
"timestamp": "1521193191",
"to_ids": true,
"type": "ssdeep",
"uuid": "5aab90e7-d14c-4320-9582-416a950d210f",
"value": "768:iRCfDUNMlhl80TrHo7YAoEDjAnXTcK8ZU9qZU9PmTb0yQUNJ:i+D3RLo7Y1ozptwQNJ"
},
{
"category": "Other",
"comment": "",
"deleted": false,
"disable_correlation": true,
"object_relation": "size-in-bytes",
"timestamp": "1521193192",
"to_ids": false,
"type": "size-in-bytes",
"uuid": "5aab90e8-2cd8-481e-a761-40d0950d210f",
"value": "87552"
}
]
},
{
"comment": "Zip archive data, at least v2.0 to extract",
"deleted": false,
"description": "File object describing a file with meta-information",
"meta-category": "file",
"name": "file",
"template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215",
"template_version": "9",
"timestamp": "1521207176",
"uuid": "5aab7c75-a4b8-4062-ba32-47ea950d210f",
"Attribute": [
{
"category": "Payload delivery",
"comment": "",
"deleted": false,
"disable_correlation": true,
"object_relation": "filename",
"timestamp": "1521207176",
"to_ids": true,
"type": "filename",
"uuid": "5aab7c75-970c-4286-86e2-4837950d210f",
"value": "n.zip.dv9vpwt.partial"
},
{
"category": "Payload delivery",
"comment": "",
"deleted": false,
"disable_correlation": false,
"object_relation": "md5",
"timestamp": "1521207176",
"to_ids": true,
"type": "md5",
"uuid": "5aab7c75-ddec-44bf-9246-4a4e950d210f",
"value": "3b6c3df08e99b40148548e96cd1ac872"
},
{
"category": "Other",
"comment": "",
"deleted": false,
"disable_correlation": true,
"object_relation": "state",
"timestamp": "1521207176",
"to_ids": false,
"type": "text",
"uuid": "5aab7c75-9340-4ac6-8ded-4c76950d210f",
"value": "Malicious"
},
{
"category": "Other",
"comment": "",
"deleted": false,
"disable_correlation": true,
"object_relation": "entropy",
"timestamp": "1521207176",
"to_ids": false,
"type": "float",
"uuid": "5aabc788-c060-495e-b3b8-bff9950d210f",
"value": "7.99807624013"
},
{
"category": "Payload delivery",
"comment": "",
"deleted": false,
"disable_correlation": false,
"object_relation": "sha1",
"timestamp": "1521207176",
"to_ids": true,
"type": "sha1",
"uuid": "5aabc788-e12c-46a9-969f-bff9950d210f",
"value": "a602b03555a505cfcfc4b5f4f716b2ba88ed4cd8"
},
{
"category": "Payload delivery",
"comment": "",
"deleted": false,
"disable_correlation": false,
"object_relation": "ssdeep",
"timestamp": "1521207177",
"to_ids": true,
"type": "ssdeep",
"uuid": "5aabc789-f420-488a-89f2-bff9950d210f",
"value": "3072:YnNhgA2YcTOFFvik/VZMaqM3M/cmlTSdvN/xR3M5KuYktpJhErxNWNfamTQGfBsf:k2DTOji8IM8\r\n/vCxLM5lXhEmTpfCJVoBQ"
},
{
"category": "Other",
"comment": "",
"deleted": false,
"disable_correlation": true,
"object_relation": "size-in-bytes",
"timestamp": "1521207177",
"to_ids": false,
"type": "size-in-bytes",
"uuid": "5aabc789-394c-452e-8796-bff9950d210f",
"value": "192897"
}
]
},
{
"comment": "ASCII text",
"deleted": false,
"description": "File object describing a file with meta-information",
"meta-category": "file",
"name": "file",
"template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215",
"template_version": "9",
"timestamp": "1521197054",
"uuid": "5aab7cc4-3de4-4beb-937b-460e950d210f",
"ObjectReference": [
{
"comment": "",
"object_uuid": "5aab7cc4-3de4-4beb-937b-460e950d210f",
"referenced_uuid": "5aab7f0e-d540-40a3-b119-4cf3950d210f",
chg: [feed] added
2023-04-21 13:25:09 +00:00
"relationship_type": "related-to",
chg: [gen] updated
2023-12-14 14:30:15 +00:00
"timestamp": "1521197051",
"uuid": "5aab9ffb-192c-431d-ac29-38bb950d210f"
}
],
"Attribute": [
{
"category": "Payload delivery",
"comment": "",
"deleted": false,
"disable_correlation": true,
"object_relation": "filename",
"timestamp": "1521196936",
"to_ids": true,
"type": "filename",
"uuid": "5aab7cc4-8164-484c-9b6a-4abe950d210f",
"value": "Inveigh-Relay.ps1"
},
{
"category": "Payload delivery",
"comment": "",
"deleted": false,
"disable_correlation": false,
"object_relation": "md5",
"timestamp": "1521196936",
"to_ids": true,
"type": "md5",
"uuid": "5aab7cc4-3764-4324-b491-4d6b950d210f",
"value": "5dbef7bddaf50624e840ccbce2816594"
},
{
"category": "Other",
"comment": "",
"deleted": false,
"disable_correlation": true,
"object_relation": "state",
"timestamp": "1521196936",
"to_ids": false,
"type": "text",
"uuid": "5aab7cc4-1740-49e3-95f0-497d950d210f",
"value": "Malicious"
},
{
"category": "Other",
"comment": "",
"deleted": false,
"disable_correlation": true,
"object_relation": "entropy",
"timestamp": "1521196936",
"to_ids": false,
"type": "float",
"uuid": "5aab9f88-2f60-4451-8728-4de6950d210f",
"value": "4.77558019521"
},
{
"category": "Payload delivery",
"comment": "",
"deleted": false,
"disable_correlation": false,
"object_relation": "sha1",
"timestamp": "1521196936",
"to_ids": true,
"type": "sha1",
"uuid": "5aab9f88-5cb0-4aec-aa54-4f40950d210f",
"value": "f9b72a2802d2a7ff33fd2d4bbcf41188724fcaa8"
},
{
"category": "Payload delivery",
"comment": "",
"deleted": false,
"disable_correlation": false,
"object_relation": "ssdeep",
"timestamp": "1521196937",
"to_ids": true,
"type": "ssdeep",
"uuid": "5aab9f89-633c-42d3-a828-49b5950d210f",
"value": "6144:dqtii3p3p3Y3V363F3/3HOXCZiZVZkZ0ZCZyZMZqZ+ZqZXVyRMjP:X"
},
{
"category": "Other",
"comment": "",
"deleted": false,
"disable_correlation": true,
"object_relation": "size-in-bytes",
"timestamp": "1521196937",
"to_ids": false,
"type": "size-in-bytes",
"uuid": "5aab9f89-27fc-47e5-9583-4e3c950d210f",
"value": "227407"
}
]
},
{
"comment": "ASCII text, with CRLF line terminators",
"deleted": false,
"description": "File object describing a file with meta-information",
"meta-category": "file",
"name": "file",
"template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215",
"template_version": "9",
"timestamp": "1521202375",
"uuid": "5aab7d70-a138-4131-9843-466d950d210f",
"ObjectReference": [
{
"comment": "",
"object_uuid": "5aab7d70-a138-4131-9843-466d950d210f",
"referenced_uuid": "5aab7f0e-d540-40a3-b119-4cf3950d210f",
chg: [feed] added
2023-04-21 13:25:09 +00:00
"relationship_type": "related-to",
chg: [gen] updated
2023-12-14 14:30:15 +00:00
"timestamp": "1521197832",
"uuid": "5aaba308-2218-45ec-906d-389f950d210f"
},
{
"comment": "",
"object_uuid": "5aab7d70-a138-4131-9843-466d950d210f",
"referenced_uuid": "5aab8035-5834-4055-9ecd-4604950d210f",
chg: [feed] added
2023-04-21 13:25:09 +00:00
"relationship_type": "connected-to",
chg: [gen] updated
2023-12-14 14:30:15 +00:00
"timestamp": "1521200581",
"uuid": "5aabadb5-20dc-44e6-ac8f-368e950d210f"
},
{
"comment": "",
"object_uuid": "5aab7d70-a138-4131-9843-466d950d210f",
"referenced_uuid": "5aab8036-1c10-4eb6-a9c5-4ed2950d210f",
chg: [feed] added
2023-04-21 13:25:09 +00:00
"relationship_type": "connected-to",
chg: [gen] updated
2023-12-14 14:30:15 +00:00
"timestamp": "1521200589",
"uuid": "5aabadcd-9180-4f6a-b716-0c06950d210f"
},
{
"comment": "",
"object_uuid": "5aab7d70-a138-4131-9843-466d950d210f",
"referenced_uuid": "5aabb437-d698-4ee1-911a-38bc950d210f",
chg: [feed] added
2023-04-21 13:25:09 +00:00
"relationship_type": "Characterized_By",
chg: [gen] updated
2023-12-14 14:30:15 +00:00
"timestamp": "1521202372",
"uuid": "5aabb4c4-4c28-4096-a6a7-0bd8950d210f"
}
],
"Attribute": [
{
"category": "Payload delivery",
"comment": "",
"deleted": false,
"disable_correlation": true,
"object_relation": "filename",
"timestamp": "1521197743",
"to_ids": true,
"type": "filename",
"uuid": "5aab7d71-bce4-4e1a-afd9-4640950d210f",
"value": "svcsrv.bat"
},
{
"category": "Payload delivery",
"comment": "",
"deleted": false,
"disable_correlation": false,
"object_relation": "md5",
"timestamp": "1521197743",
"to_ids": true,
"type": "md5",
"uuid": "5aab7d71-bb18-42ee-ba2f-48fe950d210f",
"value": "61c909d2f625223db2fb858bbdf42a76"
},
{
"category": "Other",
"comment": "",
"deleted": false,
"disable_correlation": true,
"object_relation": "state",
"timestamp": "1521197743",
"to_ids": false,
"type": "text",
"uuid": "5aab7d71-8070-4890-bca3-465f950d210f",
"value": "Malicious"
},
{
"category": "Other",
"comment": "",
"deleted": false,
"disable_correlation": true,
"object_relation": "entropy",
"timestamp": "1521197744",
"to_ids": false,
"type": "float",
"uuid": "5aaba2b0-23e8-464b-a2a5-38bc950d210f",
"value": "5.09864672537"
},
{
"category": "Payload delivery",
"comment": "",
"deleted": false,
"disable_correlation": false,
"object_relation": "sha1",
"timestamp": "1521197744",
"to_ids": true,
"type": "sha1",
"uuid": "5aaba2b0-6b44-4cf6-b1d2-38bc950d210f",
"value": "b45d63d4d952e9a0715583f97a2d9edeb45ae74e"
},
{
"category": "Payload delivery",
"comment": "",
"deleted": false,
"disable_correlation": false,
"object_relation": "ssdeep",
"timestamp": "1521197744",
"to_ids": true,
"type": "ssdeep",
"uuid": "5aaba2b0-9560-4dd9-9aba-38bc950d210f",
"value": "3:HjVygSSJJLNyLm/sRIm+ZCRrFquLLTzOSX36I41uF:HjssnyLmURcZCdtTzOw3b41uF"
},
{
"category": "Other",
"comment": "",
"deleted": false,
"disable_correlation": true,
"object_relation": "size-in-bytes",
"timestamp": "1521197745",
"to_ids": false,
"type": "size-in-bytes",
"uuid": "5aaba2b1-b5f4-4f7b-af97-38bc950d210f",
"value": "146"
}
]
},
{
"comment": "ASCII text, with CRLF line terminators",
"deleted": false,
"description": "File object describing a file with meta-information",
"meta-category": "file",
"name": "file",
"template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215",
"template_version": "9",
"timestamp": "1521213438",
"uuid": "5aab7e3e-425c-4c16-850e-4251950d210f",
"ObjectReference": [
{
"comment": "",
"object_uuid": "5aab7e3e-425c-4c16-850e-4251950d210f",
"referenced_uuid": "5aab7c75-a4b8-4062-ba32-47ea950d210f",
chg: [feed] added
2023-04-21 13:25:09 +00:00
"relationship_type": "included-in",
chg: [gen] updated
2023-12-14 14:30:15 +00:00
"timestamp": "1521213405",
"uuid": "5aabdfdd-b2a4-4fae-bfdb-40a7950d210f"
},
{
"comment": "",
"object_uuid": "5aab7e3e-425c-4c16-850e-4251950d210f",
"referenced_uuid": "5aab7e5b-5de0-4266-90c3-4131950d210f",
chg: [feed] added
2023-04-21 13:25:09 +00:00
"relationship_type": "resolved-to",
chg: [gen] updated
2023-12-14 14:30:15 +00:00
"timestamp": "1521213435",
"uuid": "5aabdffb-7eb0-4aed-9331-4fe5950d210f"
}
],
"Attribute": [
{
"category": "Payload delivery",
"comment": "",
"deleted": false,
"disable_correlation": true,
"object_relation": "filename",
"timestamp": "1521213156",
"to_ids": true,
"type": "filename",
"uuid": "5aab7e3e-b0a0-472d-884b-489c950d210f",
"value": "list.txt"
},
{
"category": "Payload delivery",
"comment": "",
"deleted": false,
"disable_correlation": false,
"object_relation": "md5",
"timestamp": "1521213156",
"to_ids": true,
"type": "md5",
"uuid": "5aab7e3f-2230-4567-b7a7-45aa950d210f",
"value": "61e2679cd208e0a421adc4940662c583"
},
{
"category": "Other",
"comment": "",
"deleted": false,
"disable_correlation": true,
"object_relation": "state",
"timestamp": "1521213156",
"to_ids": false,
"type": "text",
"uuid": "5aab7e3f-c864-459a-989f-44f3950d210f",
"value": "Malicious"
},
{
"category": "Other",
"comment": "",
"deleted": false,
"disable_correlation": true,
"object_relation": "entropy",
"timestamp": "1521213156",
"to_ids": false,
"type": "float",
"uuid": "5aabdee4-5e1c-492e-979c-4294950d210f",
"value": "3.09733567586"
},
{
"category": "Payload delivery",
"comment": "",
"deleted": false,
"disable_correlation": false,
"object_relation": "sha1",
"timestamp": "1521213156",
"to_ids": true,
"type": "sha1",
"uuid": "5aabdee4-2fdc-421e-9a70-474d950d210f",
"value": "3d36e477643375030431301abaccb8287b2eecce"
},
{
"category": "Other",
"comment": "",
"deleted": false,
"disable_correlation": true,
"object_relation": "size-in-bytes",
"timestamp": "1521213157",
"to_ids": false,
"type": "size-in-bytes",
"uuid": "5aabdee5-3d7c-4603-8ff8-4eae950d210f",
"value": "4848"
}
]
},
{
"comment": "DOS batch file, ASCII text, with CRLF line terminators",
"deleted": false,
"description": "File object describing a file with meta-information",
"meta-category": "file",
"name": "file",
"template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215",
"template_version": "9",
"timestamp": "1521444431",
"uuid": "5aab7e5b-5de0-4266-90c3-4131950d210f",
"ObjectReference": [
{
"comment": "",
"object_uuid": "5aab7e5b-5de0-4266-90c3-4131950d210f",
"referenced_uuid": "5aab7c75-a4b8-4062-ba32-47ea950d210f",
chg: [feed] added
2023-04-21 13:25:09 +00:00
"relationship_type": "included-in",
chg: [gen] updated
2023-12-14 14:30:15 +00:00
"timestamp": "1521444306",
"uuid": "5aaf65d2-bd6c-4ce5-a504-4688950d210f"
},
{
"comment": "",
"object_uuid": "5aab7e5b-5de0-4266-90c3-4131950d210f",
"referenced_uuid": "5aab7f21-1d04-4b67-97ad-4e8b950d210f",
chg: [feed] added
2023-04-21 13:25:09 +00:00
"relationship_type": "related-to",
chg: [gen] updated
2023-12-14 14:30:15 +00:00
"timestamp": "1521444385",
"uuid": "5aaf6621-26c0-4296-828a-42c9950d210f"
},
{
"comment": "",
"object_uuid": "5aab7e5b-5de0-4266-90c3-4131950d210f",
"referenced_uuid": "5aab7e3e-425c-4c16-850e-4251950d210f",
chg: [feed] added
2023-04-21 13:25:09 +00:00
"relationship_type": "resolved-to",
chg: [gen] updated
2023-12-14 14:30:15 +00:00
"timestamp": "1521444427",
"uuid": "5aaf664b-566c-4509-9e03-4990950d210f"
}
],
"Attribute": [
{
"category": "Payload delivery",
"comment": "",
"deleted": false,
"disable_correlation": true,
"object_relation": "filename",
"timestamp": "1521444258",
"to_ids": true,
"type": "filename",
"uuid": "5aab7e5b-f404-4038-94e1-4e2f950d210f",
"value": "SD.bat"
},
{
"category": "Payload delivery",
"comment": "",
"deleted": false,
"disable_correlation": false,
"object_relation": "md5",
"timestamp": "1521444258",
"to_ids": true,
"type": "md5",
"uuid": "5aab7e5b-515c-4d9a-bcfb-4f15950d210f",
"value": "7dbfa8cbb39192ffe2a930fc5258d4c1"
},
{
"category": "Other",
"comment": "",
"deleted": false,
"disable_correlation": true,
"object_relation": "state",
"timestamp": "1521444258",
"to_ids": false,
"type": "text",
"uuid": "5aab7e5c-b834-4410-937f-4b63950d210f",
"value": "Malicious"
},
{
"category": "Other",
"comment": "",
"deleted": false,
"disable_correlation": true,
"object_relation": "entropy",
"timestamp": "1521444259",
"to_ids": false,
"type": "float",
"uuid": "5aaf65a3-53f4-47f0-a0bf-4d01950d210f",
"value": "4.94900696663"
},
{
"category": "Payload delivery",
"comment": "",
"deleted": false,
"disable_correlation": false,
"object_relation": "sha1",
"timestamp": "1521444259",
"to_ids": true,
"type": "sha1",
"uuid": "5aaf65a3-6c28-401e-9917-438f950d210f",
"value": "64f0ac82ccc4a6def48d5f9079b7c146126c6464"
},
{
"category": "Payload delivery",
"comment": "",
"deleted": false,
"disable_correlation": false,
"object_relation": "ssdeep",
"timestamp": "1521444259",
"to_ids": true,
"type": "ssdeep",
"uuid": "5aaf65a3-00c0-4829-9010-42c7950d210f",
"value": "6:/kuFHh257l3YgPS62c7q5mJpna7CvpfVKSV1n/H6RDzKRfgP8X:/JC1l3H7CmLa7ufVbOzKpX"
},
{
"category": "Other",
"comment": "",
"deleted": false,
"disable_correlation": true,
"object_relation": "size-in-bytes",
"timestamp": "1521444260",
"to_ids": false,
"type": "size-in-bytes",
"uuid": "5aaf65a4-40d8-4dc6-8d2d-474f950d210f",
"value": "343"
}
]
},
{
"comment": "PE32 executable (GUI) Intel 80386 (stripped to external PDB), for MS Windows, UPX compressed",
"deleted": false,
"description": "File object describing a file with meta-information",
"meta-category": "file",
"name": "file",
"template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215",
"template_version": "9",
"timestamp": "1521198773",
"uuid": "5aab7ece-54c4-4627-b9f3-4eee950d210f",
"ObjectReference": [
{
"comment": "",
"object_uuid": "5aab7ece-54c4-4627-b9f3-4eee950d210f",
"referenced_uuid": "5aab8032-2648-489a-b335-4a84950d210f",
chg: [feed] added
2023-04-21 13:25:09 +00:00
"relationship_type": "related-to",
chg: [gen] updated
2023-12-14 14:30:15 +00:00
"timestamp": "1521198554",
"uuid": "5aab9008-8908-4d99-a978-403f950d210f"
},
{
"comment": "",
"object_uuid": "5aab7ece-54c4-4627-b9f3-4eee950d210f",
"referenced_uuid": "5aab8033-dce8-4863-a177-44a5950d210f",
chg: [feed] added
2023-04-21 13:25:09 +00:00
"relationship_type": "related-to",
chg: [gen] updated
2023-12-14 14:30:15 +00:00
"timestamp": "1521198563",
"uuid": "5aab902c-9ef8-4438-a09b-4687950d210f"
},
{
"comment": "",
"object_uuid": "5aab7ece-54c4-4627-b9f3-4eee950d210f",
"referenced_uuid": "5aab8033-99c0-44a2-ad2e-4965950d210f",
chg: [feed] added
2023-04-21 13:25:09 +00:00
"relationship_type": "related-to",
chg: [gen] updated
2023-12-14 14:30:15 +00:00
"timestamp": "1521198568",
"uuid": "5aab904d-c384-4c65-b128-0c81950d210f"
},
{
"comment": "",
"object_uuid": "5aab7ece-54c4-4627-b9f3-4eee950d210f",
"referenced_uuid": "5aab8034-c1e0-406f-914b-4829950d210f",
chg: [feed] added
2023-04-21 13:25:09 +00:00
"relationship_type": "related-to",
chg: [gen] updated
2023-12-14 14:30:15 +00:00
"timestamp": "1521198573",
"uuid": "5aab9059-038c-4720-9ae2-440e950d210f"
},
{
"comment": "",
"object_uuid": "5aab7ece-54c4-4627-b9f3-4eee950d210f",
"referenced_uuid": "5aab8034-2124-459a-9f15-41e3950d210f",
chg: [feed] added
2023-04-21 13:25:09 +00:00
"relationship_type": "related-to",
chg: [gen] updated
2023-12-14 14:30:15 +00:00
"timestamp": "1521198579",
"uuid": "5aab9061-3844-4ed0-b7cc-4e79950d210f"
},
{
"comment": "",
"object_uuid": "5aab7ece-54c4-4627-b9f3-4eee950d210f",
"referenced_uuid": "5aab8034-583c-4daf-afdf-4ce4950d210f",
chg: [feed] added
2023-04-21 13:25:09 +00:00
"relationship_type": "related-to",
chg: [gen] updated
2023-12-14 14:30:15 +00:00
"timestamp": "1521198753",
"uuid": "5aab906c-6a18-4ce9-be6a-41a5950d210f"
},
{
"comment": "",
"object_uuid": "5aab7ece-54c4-4627-b9f3-4eee950d210f",
"referenced_uuid": "5aab8035-5834-4055-9ecd-4604950d210f",
chg: [feed] added
2023-04-21 13:25:09 +00:00
"relationship_type": "related-to",
chg: [gen] updated
2023-12-14 14:30:15 +00:00
"timestamp": "1521198760",
"uuid": "5aab908d-4d4c-4a26-9e26-4c73950d210f"
},
{
"comment": "",
"object_uuid": "5aab7ece-54c4-4627-b9f3-4eee950d210f",
"referenced_uuid": "5aab8035-0e5c-4488-bdfd-4eed950d210f",
chg: [feed] added
2023-04-21 13:25:09 +00:00
"relationship_type": "related-to",
chg: [gen] updated
2023-12-14 14:30:15 +00:00
"timestamp": "1521198765",
"uuid": "5aab9097-6d30-416c-bc1a-4fcd950d210f"
},
{
"comment": "",
"object_uuid": "5aab7ece-54c4-4627-b9f3-4eee950d210f",
"referenced_uuid": "5aab8036-1270-45b5-8a8a-4b09950d210f",
chg: [feed] added
2023-04-21 13:25:09 +00:00
"relationship_type": "related-to",
chg: [gen] updated
2023-12-14 14:30:15 +00:00
"timestamp": "1521198770",
"uuid": "5aab909f-490c-4782-a3a8-0b61950d210f"
},
{
"comment": "",
"object_uuid": "5aab7ece-54c4-4627-b9f3-4eee950d210f",
"referenced_uuid": "5aab8032-2648-489a-b335-4a84950d210f",
chg: [feed] added
2023-04-21 13:25:09 +00:00
"relationship_type": "connected-to",
chg: [gen] updated
2023-12-14 14:30:15 +00:00
"timestamp": "1521198508",
"uuid": "5aaba5ac-8978-4396-b9db-6e66950d210f"
},
{
"comment": "",
"object_uuid": "5aab7ece-54c4-4627-b9f3-4eee950d210f",
"referenced_uuid": "5aab8033-dce8-4863-a177-44a5950d210f",
chg: [feed] added
2023-04-21 13:25:09 +00:00
"relationship_type": "connected-to",
chg: [gen] updated
2023-12-14 14:30:15 +00:00
"timestamp": "1521198515",
"uuid": "5aaba5b3-fe64-406d-a89a-6e5e950d210f"
},
{
"comment": "",
"object_uuid": "5aab7ece-54c4-4627-b9f3-4eee950d210f",
"referenced_uuid": "5aab8033-99c0-44a2-ad2e-4965950d210f",
chg: [feed] added
2023-04-21 13:25:09 +00:00
"relationship_type": "connected-to",
chg: [gen] updated
2023-12-14 14:30:15 +00:00
"timestamp": "1521198528",
"uuid": "5aaba5c0-a858-45f1-a308-0c81950d210f"
},
{
"comment": "",
"object_uuid": "5aab7ece-54c4-4627-b9f3-4eee950d210f",
"referenced_uuid": "5aab8034-c1e0-406f-914b-4829950d210f",
chg: [feed] added
2023-04-21 13:25:09 +00:00
"relationship_type": "connected-to",
chg: [gen] updated
2023-12-14 14:30:15 +00:00
"timestamp": "1521198537",
"uuid": "5aaba5c9-739c-40ba-abe9-6e64950d210f"
},
{
"comment": "",
"object_uuid": "5aab7ece-54c4-4627-b9f3-4eee950d210f",
"referenced_uuid": "5aab8034-2124-459a-9f15-41e3950d210f",
chg: [feed] added
2023-04-21 13:25:09 +00:00
"relationship_type": "connected-to",
chg: [gen] updated
2023-12-14 14:30:15 +00:00
"timestamp": "1521198548",
"uuid": "5aaba5d4-a6b4-4d29-8d66-46e1950d210f"
},
{
"comment": "",
"object_uuid": "5aab7ece-54c4-4627-b9f3-4eee950d210f",
"referenced_uuid": "5aab8034-583c-4daf-afdf-4ce4950d210f",
chg: [feed] added
2023-04-21 13:25:09 +00:00
"relationship_type": "connected-to",
chg: [gen] updated
2023-12-14 14:30:15 +00:00
"timestamp": "1521198719",
"uuid": "5aaba67f-3e30-4342-8f43-4d52950d210f"
},
{
"comment": "",
"object_uuid": "5aab7ece-54c4-4627-b9f3-4eee950d210f",
"referenced_uuid": "5aab8035-0e5c-4488-bdfd-4eed950d210f",
chg: [feed] added
2023-04-21 13:25:09 +00:00
"relationship_type": "connected-to",
chg: [gen] updated
2023-12-14 14:30:15 +00:00
"timestamp": "1521198728",
"uuid": "5aaba688-2ee8-484f-b765-35f7950d210f"
},
{
"comment": "",
"object_uuid": "5aab7ece-54c4-4627-b9f3-4eee950d210f",
"referenced_uuid": "5aab8035-5834-4055-9ecd-4604950d210f",
chg: [feed] added
2023-04-21 13:25:09 +00:00
"relationship_type": "connected-to",
chg: [gen] updated
2023-12-14 14:30:15 +00:00
"timestamp": "1521198738",
"uuid": "5aaba692-a3a8-47c4-9b27-368e950d210f"
},
{
"comment": "",
"object_uuid": "5aab7ece-54c4-4627-b9f3-4eee950d210f",
"referenced_uuid": "5aab8036-1270-45b5-8a8a-4b09950d210f",
chg: [feed] added
2023-04-21 13:25:09 +00:00
"relationship_type": "connected-to",
chg: [gen] updated
2023-12-14 14:30:15 +00:00
"timestamp": "1521198746",
"uuid": "5aaba69a-0aac-4ca3-965f-36f1950d210f"
},
{
"comment": "",
"object_uuid": "5aab7ece-54c4-4627-b9f3-4eee950d210f",
"referenced_uuid": "a5cf7d41-3fd8-4f9e-8efa-17f99229ab80",
chg: [feed] added
2023-04-21 13:25:09 +00:00
"relationship_type": "analysed-with",
chg: [gen] updated
2023-12-14 14:30:15 +00:00
"timestamp": "1521493838",
"uuid": "5ab0274e-96ec-4a17-86d6-277b02de0b81"
},
{
"comment": "",
"object_uuid": "5aab7ece-54c4-4627-b9f3-4eee950d210f",
"referenced_uuid": "da511a48-fb7c-48e9-af7b-87959d26df32",
chg: [feed] added
2023-04-21 13:25:09 +00:00
"relationship_type": "analysed-with",
chg: [gen] updated
2023-12-14 14:30:15 +00:00
"timestamp": "1521571867",
"uuid": "5ab1581b-4b98-4d85-8646-e1c102de0b81"
}
],
"Attribute": [
{
"category": "Payload delivery",
"comment": "",
"deleted": false,
"disable_correlation": true,
"object_relation": "filename",
"timestamp": "1521191367",
"to_ids": true,
"type": "filename",
"uuid": "5aab7ece-8f08-4f64-bd24-4fec950d210f",
"value": "ntdll.exe"
},
{
"category": "Payload delivery",
"comment": "",
"deleted": false,
"disable_correlation": false,
"object_relation": "md5",
"timestamp": "1521191367",
"to_ids": true,
"type": "md5",
"uuid": "5aab7ece-cd78-4753-82ba-4a36950d210f",
"value": "8943e71a8c73b5e343aa9d2e19002373"
},
{
"category": "Other",
"comment": "",
"deleted": false,
"disable_correlation": true,
"object_relation": "state",
"timestamp": "1521191367",
"to_ids": false,
"type": "text",
"uuid": "5aab7ecf-20bc-45e3-979f-4d25950d210f",
"value": "Malicious"
},
{
"category": "Other",
"comment": "",
"deleted": false,
"disable_correlation": true,
"object_relation": "entropy",
"timestamp": "1521191368",
"to_ids": false,
"type": "float",
"uuid": "5aab89c8-8dcc-48e0-a970-0bde950d210f",
"value": "7.9207919423"
},
{
"category": "Payload delivery",
"comment": "",
"deleted": false,
"disable_correlation": false,
"object_relation": "sha1",
"timestamp": "1521191368",
"to_ids": true,
"type": "sha1",
"uuid": "5aab89c8-f608-44ed-ae33-0bde950d210f",
"value": "092de09e2f346b81a84113734964ad10284f142d"
},
{
"category": "Payload delivery",
"comment": "",
"deleted": false,
"disable_correlation": false,
"object_relation": "ssdeep",
"timestamp": "1521191369",
"to_ids": true,
"type": "ssdeep",
"uuid": "5aab89c9-01b0-4681-8d32-0bde950d210f",
"value": "24576:8ehp+MLzB2M6ewgsKR2/sNl+BNsjJX34grzNkHAgjZgC4bGB9qsY:Hh7LwoR9Nl+irygoYbGB9qs"
},
{
"category": "Other",
"comment": "",
"deleted": false,
"disable_correlation": true,
"object_relation": "size-in-bytes",
"timestamp": "1521191369",
"to_ids": false,
"type": "size-in-bytes",
"uuid": "5aab89c9-dc74-4040-acf2-0bde950d210f",
"value": "1138176"
}
]
},
{
"comment": "ASCII text, with very long lines, with CRLF line terminators",
"deleted": false,
"description": "File object describing a file with meta-information",
"meta-category": "file",
"name": "file",
"template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215",
"template_version": "9",
"timestamp": "1521198068",
"uuid": "5aab7efd-30a0-467e-b13e-448f950d210f",
"ObjectReference": [
{
"comment": "",
"object_uuid": "5aab7efd-30a0-467e-b13e-448f950d210f",
"referenced_uuid": "5aab8032-4d74-4135-881e-4dd3950d210f",
chg: [feed] added
2023-04-21 13:25:09 +00:00
"relationship_type": "related-to",
chg: [gen] updated
2023-12-14 14:30:15 +00:00
"timestamp": "1521198060",
"uuid": "5aab80dd-c058-4050-8ecd-4278950d210f"
},
{
"comment": "",
"object_uuid": "5aab7efd-30a0-467e-b13e-448f950d210f",
"referenced_uuid": "5aab8032-65bc-4a14-bd0d-4706950d210f",
chg: [feed] added
2023-04-21 13:25:09 +00:00
"relationship_type": "related-to",
chg: [gen] updated
2023-12-14 14:30:15 +00:00
"timestamp": "1521198065",
"uuid": "5aab80ed-c81c-491b-bc89-48e3950d210f"
},
{
"comment": "",
"object_uuid": "5aab7efd-30a0-467e-b13e-448f950d210f",
"referenced_uuid": "5aab8032-4d74-4135-881e-4dd3950d210f",
chg: [feed] added
2023-04-21 13:25:09 +00:00
"relationship_type": "connected-to",
chg: [gen] updated
2023-12-14 14:30:15 +00:00
"timestamp": "1521198046",
"uuid": "5aaba3de-2e48-481c-8883-452f950d210f"
},
{
"comment": "",
"object_uuid": "5aab7efd-30a0-467e-b13e-448f950d210f",
"referenced_uuid": "5aab8032-65bc-4a14-bd0d-4706950d210f",
chg: [feed] added
2023-04-21 13:25:09 +00:00
"relationship_type": "connected-to",
chg: [gen] updated
2023-12-14 14:30:15 +00:00
"timestamp": "1521198054",
"uuid": "5aaba3e6-4d68-40ee-8b22-4c3b950d210f"
}
],
"Attribute": [
{
"category": "Payload delivery",
"comment": "",
"deleted": false,
"disable_correlation": true,
"object_relation": "filename",
"timestamp": "1521189051",
"to_ids": true,
"type": "filename",
"uuid": "5aab7efd-3464-4dd3-9523-4965950d210f",
"value": "d.js"
},
{
"category": "Payload delivery",
"comment": "",
"deleted": false,
"disable_correlation": false,
"object_relation": "md5",
"timestamp": "1521189051",
"to_ids": true,
"type": "md5",
"uuid": "5aab7efd-f26c-4544-af94-494b950d210f",
"value": "a07aa521e7cafb360294e56969eda5d6"
},
{
"category": "Other",
"comment": "",
"deleted": false,
"disable_correlation": true,
"object_relation": "state",
"timestamp": "1521189051",
"to_ids": false,
"type": "text",
"uuid": "5aab7efe-16b4-417b-8c3c-4f74950d210f",
"value": "Malicious"
},
{
"category": "Other",
"comment": "",
"deleted": false,
"disable_correlation": true,
"object_relation": "entropy",
"timestamp": "1521189051",
"to_ids": false,
"type": "float",
"uuid": "5aab80bb-4624-4d77-9050-4ff3950d210f",
"value": "6.07484379527"
},
{
"category": "Payload delivery",
"comment": "",
"deleted": false,
"disable_correlation": false,
"object_relation": "sha1",
"timestamp": "1521189051",
"to_ids": true,
"type": "sha1",
"uuid": "5aab80bb-d410-42a3-bdf2-4790950d210f",
"value": "efdef52f017eaac4843aab506a39ac2dbf96aee5"
},
{
"category": "Payload delivery",
"comment": "",
"deleted": false,
"disable_correlation": false,
"object_relation": "ssdeep",
"timestamp": "1521189052",
"to_ids": true,
"type": "ssdeep",
"uuid": "5aab80bc-0264-4511-86e8-4ceb950d210f",
"value": "96:UokaYaEWa2aG26RmGnNWLS0OTf3Yzm2f/4m\r\n/tO3hkPXW6Wv59a0SNm98Xv:UZf6ZNWLS0OL3Yzm2n4KckPG6S90uiv"
},
{
"category": "Other",
"comment": "",
"deleted": false,
"disable_correlation": true,
"object_relation": "size-in-bytes",
"timestamp": "1521189053",
"to_ids": false,
"type": "size-in-bytes",
"uuid": "5aab80bd-44a4-44e8-ba34-46ff950d210f",
"value": "5575"
}
]
},
{
"comment": "ASCII text",
"deleted": false,
"description": "File object describing a file with meta-information",
"meta-category": "file",
"name": "file",
"template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215",
"template_version": "9",
"timestamp": "1521196666",
"uuid": "5aab7f0e-d540-40a3-b119-4cf3950d210f",
"ObjectReference": [
{
"comment": "",
"object_uuid": "5aab7f0e-d540-40a3-b119-4cf3950d210f",
"referenced_uuid": "5aab7cc4-3de4-4beb-937b-460e950d210f",
chg: [feed] added
2023-04-21 13:25:09 +00:00
"relationship_type": "derived-from",
chg: [gen] updated
2023-12-14 14:30:15 +00:00
"timestamp": "1521196658",
"uuid": "5aab9e3e-8f64-4ed7-a1d0-0b60950d210f"
},
{
"comment": "",
"object_uuid": "5aab7f0e-d540-40a3-b119-4cf3950d210f",
"referenced_uuid": "5aab7cc4-3de4-4beb-937b-460e950d210f",
chg: [feed] added
2023-04-21 13:25:09 +00:00
"relationship_type": "related-to",
chg: [gen] updated
2023-12-14 14:30:15 +00:00
"timestamp": "1521196627",
"uuid": "5aab9e53-9dec-427c-9df8-0bd8950d210f"
},
{
"comment": "",
"object_uuid": "5aab7f0e-d540-40a3-b119-4cf3950d210f",
"referenced_uuid": "5aab7d70-a138-4131-9843-466d950d210f",
chg: [feed] added
2023-04-21 13:25:09 +00:00
"relationship_type": "related-to",
chg: [gen] updated
2023-12-14 14:30:15 +00:00
"timestamp": "1521196645",
"uuid": "5aab9e65-0778-4354-b4f3-368e950d210f"
},
{
"comment": "",
"object_uuid": "5aab7f0e-d540-40a3-b119-4cf3950d210f",
"referenced_uuid": "5aab7cc4-3de4-4beb-937b-460e950d210f",
chg: [feed] added
2023-04-21 13:25:09 +00:00
"relationship_type": "derived-from",
chg: [gen] updated
2023-12-14 14:30:15 +00:00
"timestamp": "1521196663",
"uuid": "5aab9e6c-2f08-4d60-bf36-368e950d210f"
},
{
"comment": "",
"object_uuid": "5aab7f0e-d540-40a3-b119-4cf3950d210f",
"referenced_uuid": "68aa5eb6-0404-4285-b4b9-3f6bd1ac804c",
chg: [feed] added
2023-04-21 13:25:09 +00:00
"relationship_type": "analysed-with",
chg: [gen] updated
2023-12-14 14:30:15 +00:00
"timestamp": "1521493838",
"uuid": "5ab0274e-3d2c-496b-8a83-277b02de0b81"
},
{
"comment": "",
"object_uuid": "5aab7f0e-d540-40a3-b119-4cf3950d210f",
"referenced_uuid": "a377dd67-a104-4cf0-a517-c6a7aa915ec7",
chg: [feed] added
2023-04-21 13:25:09 +00:00
"relationship_type": "analysed-with",
chg: [gen] updated
2023-12-14 14:30:15 +00:00
"timestamp": "1521571867",
"uuid": "5ab1581c-f1a0-48b1-8cf3-e1c102de0b81"
}
],
"Attribute": [
{
"category": "Payload delivery",
"comment": "",
"deleted": false,
"disable_correlation": true,
"object_relation": "filename",
"timestamp": "1521194838",
"to_ids": true,
"type": "filename",
"uuid": "5aab7f0e-a7fc-47b4-840c-452a950d210f",
"value": "Inveigh.ps1"
},
{
"category": "Payload delivery",
"comment": "",
"deleted": false,
"disable_correlation": false,
"object_relation": "md5",
"timestamp": "1521194838",
"to_ids": true,
"type": "md5",
"uuid": "5aab7f0e-c7bc-407d-b4fc-4db6950d210f",
"value": "aa905a3508d9309a93ad5c0ec26ebc9b"
},
{
"category": "Other",
"comment": "",
"deleted": false,
"disable_correlation": true,
"object_relation": "state",
"timestamp": "1521194838",
"to_ids": false,
"type": "text",
"uuid": "5aab7f0e-3c28-45c2-965e-4d97950d210f",
"value": "Malicious"
},
{
"category": "Other",
"comment": "",
"deleted": false,
"disable_correlation": true,
"object_relation": "entropy",
"timestamp": "1521194838",
"to_ids": false,
"type": "float",
"uuid": "5aab9756-61f0-430f-8026-0c0d950d210f",
"value": "4.67120886515"
},
{
"category": "Payload delivery",
"comment": "",
"deleted": false,
"disable_correlation": false,
"object_relation": "sha1",
"timestamp": "1521194838",
"to_ids": true,
"type": "sha1",
"uuid": "5aab9756-948c-4796-af9e-0c0d950d210f",
"value": "c8791bcebaea85e9129e706b22e3bda43f762e4a"
},
{
"category": "Payload delivery",
"comment": "",
"deleted": false,
"disable_correlation": false,
"object_relation": "ssdeep",
"timestamp": "1521194839",
"to_ids": false,
"type": "ssdeep",
"uuid": "5aab9757-d368-4fa3-bd4c-0c0d950d210f",
"value": "1536:+2ShI15AJLhZpaaOoMeX+sK+9rThT8JqRl+dQ:RShI15AJLhZpaaOy+89rThT8JqRYdQ"
},
{
"category": "Other",
"comment": "",
"deleted": false,
"disable_correlation": true,
"object_relation": "size-in-bytes",
"timestamp": "1521194839",
"to_ids": false,
"type": "size-in-bytes",
"uuid": "5aab9757-c100-4bdd-b8e6-0c0d950d210f",
"value": "202957"
}
]
},
{
"comment": "PE32 executable (console) Intel 80386, for MS Windows",
"deleted": false,
"description": "File object describing a file with meta-information",
"meta-category": "file",
"name": "file",
"template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215",
"template_version": "9",
"timestamp": "1521214253",
"uuid": "5aab7f21-1d04-4b67-97ad-4e8b950d210f",
"ObjectReference": [
{
"comment": "",
"object_uuid": "5aab7f21-1d04-4b67-97ad-4e8b950d210f",
"referenced_uuid": "5aab7c75-a4b8-4062-ba32-47ea950d210f",
chg: [feed] added
2023-04-21 13:25:09 +00:00
"relationship_type": "included-in",
chg: [gen] updated
2023-12-14 14:30:15 +00:00
"timestamp": "1521214198",
"uuid": "5aabe2f6-ff7c-4555-bb53-40a7950d210f"
},
{
"comment": "",
"object_uuid": "5aab7f21-1d04-4b67-97ad-4e8b950d210f",
"referenced_uuid": "5aab7e5b-5de0-4266-90c3-4131950d210f",
chg: [feed] added
2023-04-21 13:25:09 +00:00
"relationship_type": "related-to",
chg: [gen] updated
2023-12-14 14:30:15 +00:00
"timestamp": "1521214250",
"uuid": "5aabe32a-a57c-49f3-a4cf-edc1950d210f"
},
{
"comment": "",
"object_uuid": "5aab7f21-1d04-4b67-97ad-4e8b950d210f",
"referenced_uuid": "db67a0ca-ab6e-4d10-ba16-96b2c18ef120",
chg: [feed] added
2023-04-21 13:25:09 +00:00
"relationship_type": "analysed-with",
chg: [gen] updated
2023-12-14 14:30:15 +00:00
"timestamp": "1521493838",
"uuid": "5ab0274e-6fd4-406a-88ff-277b02de0b81"
},
{
"comment": "",
"object_uuid": "5aab7f21-1d04-4b67-97ad-4e8b950d210f",
"referenced_uuid": "43871de9-0fbb-4042-979d-c05a03f7591b",
chg: [feed] added
2023-04-21 13:25:09 +00:00
"relationship_type": "analysed-with",
chg: [gen] updated
2023-12-14 14:30:15 +00:00
"timestamp": "1521571868",
"uuid": "5ab1581c-4218-4772-8319-e1c102de0b81"
}
],
"Attribute": [
{
"category": "Payload delivery",
"comment": "",
"deleted": false,
"disable_correlation": true,
"object_relation": "filename",
"timestamp": "1521213882",
"to_ids": true,
"type": "filename",
"uuid": "5aab7f21-97e8-49d0-9e6f-41f2950d210f",
"value": "Ps.exe"
},
{
"category": "Payload delivery",
"comment": "",
"deleted": false,
"disable_correlation": false,
"object_relation": "md5",
"timestamp": "1521213882",
"to_ids": true,
"type": "md5",
"uuid": "5aab7f21-1224-4428-837f-4444950d210f",
"value": "aeee996fd3484f28e5cd85fe26b6bdcd"
},
{
"category": "Other",
"comment": "",
"deleted": false,
"disable_correlation": true,
"object_relation": "state",
"timestamp": "1521213882",
"to_ids": false,
"type": "text",
"uuid": "5aab7f21-20ac-4274-b866-4885950d210f",
"value": "Malicious"
},
{
"category": "Other",
"comment": "",
"deleted": false,
"disable_correlation": true,
"object_relation": "entropy",
"timestamp": "1521213882",
"to_ids": false,
"type": "float",
"uuid": "5aabe1ba-efd8-4e54-829d-4fda950d210f",
"value": "6.56613336134"
},
{
"category": "Payload delivery",
"comment": "",
"deleted": false,
"disable_correlation": false,
"object_relation": "sha1",
"timestamp": "1521213882",
"to_ids": true,
"type": "sha1",
"uuid": "5aabe1ba-5060-4b03-825b-4f06950d210f",
"value": "cd23b7c9e0edef184930bc8e0ca2264f0608bcb3"
},
{
"category": "Payload delivery",
"comment": "",
"deleted": false,
"disable_correlation": false,
"object_relation": "ssdeep",
"timestamp": "1521213883",
"to_ids": true,
"type": "ssdeep",
"uuid": "5aabe1bb-2d6c-4937-aa5d-44a1950d210f",
"value": "6144:xytTHoerLyksdxFPSWaNJaS1I1f4ogQs/LT7Z2Swc0IZCYA+l82:x6TH9F8bPSHDogQsTJJJK+l82"
},
{
"category": "Other",
"comment": "",
"deleted": false,
"disable_correlation": true,
"object_relation": "size-in-bytes",
"timestamp": "1521213883",
"to_ids": false,
"type": "size-in-bytes",
"uuid": "5aabe1bb-554c-498a-be0c-4539950d210f",
"value": "381816"
}
]
},
{
"comment": "ASCII text, with very long lines, with CRLF, LF line terminators",
"deleted": false,
"description": "File object describing a file with meta-information",
"meta-category": "file",
"name": "file",
"template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215",
"template_version": "9",
"timestamp": "1521198270",
"uuid": "5aab7f33-5c08-4572-9b7e-4961950d210f",
"ObjectReference": [
{
"comment": "",
"object_uuid": "5aab7f33-5c08-4572-9b7e-4961950d210f",
"referenced_uuid": "5aab8032-4d74-4135-881e-4dd3950d210f",
chg: [feed] added
2023-04-21 13:25:09 +00:00
"relationship_type": "derived-from",
chg: [gen] updated
2023-12-14 14:30:15 +00:00
"timestamp": "1521191142",
"uuid": "5aab8562-e16c-491b-a268-404c950d210f"
},
{
"comment": "",
"object_uuid": "5aab7f33-5c08-4572-9b7e-4961950d210f",
"referenced_uuid": "5aab8032-4d74-4135-881e-4dd3950d210f",
chg: [feed] added
2023-04-21 13:25:09 +00:00
"relationship_type": "related-to",
chg: [gen] updated
2023-12-14 14:30:15 +00:00
"timestamp": "1521198267",
"uuid": "5aab857a-e60c-4b42-bfbf-4f52950d210f"
},
{
"comment": "",
"object_uuid": "5aab7f33-5c08-4572-9b7e-4961950d210f",
"referenced_uuid": "5aab8032-4d74-4135-881e-4dd3950d210f",
chg: [feed] added
2023-04-21 13:25:09 +00:00
"relationship_type": "connected-to",
chg: [gen] updated
2023-12-14 14:30:15 +00:00
"timestamp": "1521198261",
"uuid": "5aaba4b5-8ab4-4a51-aefc-3895950d210f"
}
],
"Attribute": [
{
"category": "Payload delivery",
"comment": "",
"deleted": false,
"disable_correlation": true,
"object_relation": "filename",
"timestamp": "1521190118",
"to_ids": true,
"type": "filename",
"uuid": "5aab7f33-cc10-401d-a878-4fba950d210f",
"value": "goo-AA021-1468346915-00-50-56-A5-34-B3.js"
},
{
"category": "Payload delivery",
"comment": "",
"deleted": false,
"disable_correlation": false,
"object_relation": "md5",
"timestamp": "1521190118",
"to_ids": true,
"type": "md5",
"uuid": "5aab7f33-51b0-4966-baed-4252950d210f",
"value": "ba756dd64c1147515ba2298b6a760260"
},
{
"category": "Other",
"comment": "",
"deleted": false,
"disable_correlation": true,
"object_relation": "state",
"timestamp": "1521190118",
"to_ids": false,
"type": "text",
"uuid": "5aab7f33-1d38-43a3-885d-4a97950d210f",
"value": "Malicious"
},
{
"category": "Other",
"comment": "",
"deleted": false,
"disable_correlation": true,
"object_relation": "entropy",
"timestamp": "1521190119",
"to_ids": false,
"type": "float",
"uuid": "5aab84e7-2d8c-498b-b444-4fcc950d210f",
"value": "6.02539611186"
},
{
"category": "Payload delivery",
"comment": "",
"deleted": false,
"disable_correlation": false,
"object_relation": "sha1",
"timestamp": "1521190119",
"to_ids": true,
"type": "sha1",
"uuid": "5aab84e7-e664-4618-864f-4591950d210f",
"value": "e1631cd86facb5724469c19c60729a8d12a00a7f"
},
{
"category": "Payload delivery",
"comment": "",
"deleted": false,
"disable_correlation": false,
"object_relation": "ssdeep",
"timestamp": "1521190120",
"to_ids": true,
"type": "ssdeep",
"uuid": "5aab84e8-2de0-47b0-a33a-4179950d210f",
"value": "96:2ta2avaYaDEcqH7HUTYNNpqQEl/zARZ729oTa:7X7UTyNghlLA7729p"
},
{
"category": "Other",
"comment": "",
"deleted": false,
"disable_correlation": true,
"object_relation": "size-in-bytes",
"timestamp": "1521190121",
"to_ids": false,
"type": "size-in-bytes",
"uuid": "5aab84e9-3530-4826-b264-44e2950d210f",
"value": "3904"
}
]
},
{
"comment": "",
"deleted": false,
"description": "Object describing a section of a Portable Executable",
"meta-category": "file",
"name": "pe-section",
"template_uuid": "198a17d2-a135-4b25-9a32-5aa4e632014a",
"template_version": "2",
"timestamp": "1521192268",
"uuid": "5aab8a40-e18c-4560-ac9b-4e12950d210f",
"Attribute": [
{
"category": "Payload delivery",
"comment": "",
"deleted": false,
"disable_correlation": false,
"object_relation": "md5",
"timestamp": "1521192268",
"to_ids": true,
"type": "md5",
"uuid": "5aab8a41-7158-4788-b3d0-4aa5950d210f",
"value": "f6446f2d2487929d672f5c564d88ea5e"
},
{
"category": "Other",
"comment": "",
"deleted": false,
"disable_correlation": false,
"object_relation": "size-in-bytes",
"timestamp": "1521192268",
"to_ids": false,
"type": "size-in-bytes",
"uuid": "5aab8a41-bfb0-4cc8-9179-46ad950d210f",
"value": "512"
},
{
"category": "Other",
"comment": "",
"deleted": false,
"disable_correlation": false,
"object_relation": "name",
"timestamp": "1521192268",
"to_ids": false,
"type": "text",
"uuid": "5aab8a41-267c-4cb5-88b9-4c5c950d210f",
"value": "UPX2"
},
{
"category": "Other",
"comment": "",
"deleted": false,
"disable_correlation": false,
"object_relation": "entropy",
"timestamp": "1521192268",
"to_ids": false,
"type": "float",
"uuid": "5aab8a42-dba0-4cca-82ab-485b950d210f",
"value": "2.65327458211"
}
]
},
{
"comment": "",
"deleted": false,
"description": "Object describing a section of a Portable Executable",
"meta-category": "file",
"name": "pe-section",
"template_uuid": "198a17d2-a135-4b25-9a32-5aa4e632014a",
"template_version": "2",
"timestamp": "1521192404",
"uuid": "5aab8b85-d4b4-4c9a-a26f-4bfd950d210f",
"Attribute": [
{
"category": "Payload delivery",
"comment": "",
"deleted": false,
"disable_correlation": false,
"object_relation": "md5",
"timestamp": "1521192404",
"to_ids": true,
"type": "md5",
"uuid": "5aab8b86-1c34-4fa9-9e84-40fc950d210f",
"value": "d41d8cd98f00b204e9800998ecf8427e"
},
{
"category": "Other",
"comment": "",
"deleted": false,
"disable_correlation": false,
"object_relation": "name",
"timestamp": "1521192404",
"to_ids": false,
"type": "text",
"uuid": "5aab8b86-f140-4268-9dcc-4c97950d210f",
"value": "UPX0"
},
{
"category": "Other",
"comment": "",
"deleted": false,
"disable_correlation": false,
"object_relation": "entropy",
"timestamp": "1521192404",
"to_ids": false,
"type": "float",
"uuid": "5aab8b87-95d8-4277-a6e5-4fbc950d210f",
"value": "0.0"
}
]
},
{
"comment": "",
"deleted": false,
"description": "Object describing a section of a Portable Executable",
"meta-category": "file",
"name": "pe-section",
"template_uuid": "198a17d2-a135-4b25-9a32-5aa4e632014a",
"template_version": "2",
"timestamp": "1521191926",
"uuid": "5aab8bf6-1b00-4a4e-98fc-0bd1950d210f",
"Attribute": [
{
"category": "Payload delivery",
"comment": "",
"deleted": false,
"disable_correlation": false,
"object_relation": "md5",
"timestamp": "1521191927",
"to_ids": true,
"type": "md5",
"uuid": "5aab8bf7-3658-4259-924d-0bd1950d210f",
"value": "2c0d0688b7ee403a2340a2c71cfc9164"
},
{
"category": "Other",
"comment": "",
"deleted": false,
"disable_correlation": false,
"object_relation": "size-in-bytes",
"timestamp": "1521191927",
"to_ids": false,
"type": "size-in-bytes",
"uuid": "5aab8bf7-1fb4-4759-99d8-0bd1950d210f",
"value": "1137152"
},
{
"category": "Other",
"comment": "",
"deleted": false,
"disable_correlation": false,
"object_relation": "name",
"timestamp": "1521191928",
"to_ids": false,
"type": "text",
"uuid": "5aab8bf8-e6f8-4451-b923-0bd1950d210f",
"value": "UPX1"
},
{
"category": "Other",
"comment": "",
"deleted": false,
"disable_correlation": false,
"object_relation": "entropy",
"timestamp": "1521191928",
"to_ids": false,
"type": "float",
"uuid": "5aab8bf8-6a68-45e4-9678-0bd1950d210f",
"value": "7.9214700728"
}
]
},
{
"comment": "",
"deleted": false,
"description": "Object describing a section of a Portable Executable",
"meta-category": "file",
"name": "pe-section",
"template_uuid": "198a17d2-a135-4b25-9a32-5aa4e632014a",
"template_version": "2",
"timestamp": "1521192100",
"uuid": "5aab8c8a-e97c-4431-af73-4776950d210f",
"Attribute": [
{
"category": "Payload delivery",
"comment": "",
"deleted": false,
"disable_correlation": false,
"object_relation": "md5",
"timestamp": "1521192100",
"to_ids": true,
"type": "md5",
"uuid": "5aab8c8b-e274-449c-87e6-4a99950d210f",
"value": "71cff14862d2727fc0999611b6248dc4"
},
{
"category": "Other",
"comment": "",
"deleted": false,
"disable_correlation": false,
"object_relation": "size-in-bytes",
"timestamp": "1521192100",
"to_ids": false,
"type": "size-in-bytes",
"uuid": "5aab8c8b-9744-438c-a786-41aa950d210f",
"value": "512"
},
{
"category": "Other",
"comment": "",
"deleted": false,
"disable_correlation": false,
"object_relation": "name",
"timestamp": "1521192100",
"to_ids": false,
"type": "text",
"uuid": "5aab8c8c-5f78-4036-afb4-4529950d210f",
"value": ".rsrc"
},
{
"category": "Other",
"comment": "",
"deleted": false,
"disable_correlation": false,
"object_relation": "entropy",
"timestamp": "1521192100",
"to_ids": false,
"type": "float",
"uuid": "5aab8c8c-492c-4104-a412-4cca950d210f",
"value": "2.76447625028"
}
]
},
{
"comment": "",
"deleted": false,
"description": "Object describing a section of a Portable Executable",
"meta-category": "file",
"name": "pe-section",
"template_uuid": "198a17d2-a135-4b25-9a32-5aa4e632014a",
"template_version": "2",
"timestamp": "1521193386",
"uuid": "5aab91aa-635c-4a4f-872f-4190950d210f",
"Attribute": [
{
"category": "Payload delivery",
"comment": "",
"deleted": false,
"disable_correlation": false,
"object_relation": "md5",
"timestamp": "1521193386",
"to_ids": true,
"type": "md5",
"uuid": "5aab91aa-307c-4172-b6d4-4380950d210f",
"value": "e83f44e61ca2dde6f1a992958980551d"
},
{
"category": "Other",
"comment": "",
"deleted": false,
"disable_correlation": false,
"object_relation": "size-in-bytes",
"timestamp": "1521193386",
"to_ids": false,
"type": "size-in-bytes",
"uuid": "5aab91aa-62bc-4c55-b62f-437e950d210f",
"value": "1024"
},
{
"category": "Other",
"comment": "",
"deleted": false,
"disable_correlation": false,
"object_relation": "name",
"timestamp": "1521193387",
"to_ids": false,
"type": "text",
"uuid": "5aab91ab-b4c4-4510-886a-4004950d210f",
"value": "(header)"
},
{
"category": "Other",
"comment": "",
"deleted": false,
"disable_correlation": false,
"object_relation": "entropy",
"timestamp": "1521193387",
"to_ids": false,
"type": "float",
"uuid": "5aab91ab-4ebc-4130-b605-4bd5950d210f",
"value": "1.76593925519"
}
]
},
{
"comment": "",
"deleted": false,
"description": "Object describing a section of a Portable Executable",
"meta-category": "file",
"name": "pe-section",
"template_uuid": "198a17d2-a135-4b25-9a32-5aa4e632014a",
"template_version": "2",
"timestamp": "1521193438",
"uuid": "5aab91de-98e8-400c-a319-4045950d210f",
"Attribute": [
{
"category": "Payload delivery",
"comment": "",
"deleted": false,
"disable_correlation": false,
"object_relation": "md5",
"timestamp": "1521193439",
"to_ids": true,
"type": "md5",
"uuid": "5aab91df-0194-43d7-81d8-4024950d210f",
"value": "fdf2016a74a2710c7b3616d394d41872"
},
{
"category": "Other",
"comment": "",
"deleted": false,
"disable_correlation": false,
"object_relation": "size-in-bytes",
"timestamp": "1521193439",
"to_ids": false,
"type": "size-in-bytes",
"uuid": "5aab91df-70bc-46d4-96ff-4027950d210f",
"value": "17920"
},
{
"category": "Other",
"comment": "",
"deleted": false,
"disable_correlation": false,
"object_relation": "name",
"timestamp": "1521193440",
"to_ids": false,
"type": "text",
"uuid": "5aab91e0-81bc-4695-91d0-4e20950d210f",
"value": ".text"
},
{
"category": "Other",
"comment": "",
"deleted": false,
"disable_correlation": false,
"object_relation": "entropy",
"timestamp": "1521193440",
"to_ids": false,
"type": "float",
"uuid": "5aab91e0-4f9c-4cd7-a93b-465e950d210f",
"value": "6.73155298765"
}
]
},
{
"comment": "",
"deleted": false,
"description": "Object describing a section of a Portable Executable",
"meta-category": "file",
"name": "pe-section",
"template_uuid": "198a17d2-a135-4b25-9a32-5aa4e632014a",
"template_version": "2",
"timestamp": "1521193576",
"uuid": "5aab9268-8cb4-4684-9bcd-44e4950d210f",
"Attribute": [
{
"category": "Payload delivery",
"comment": "",
"deleted": false,
"disable_correlation": false,
"object_relation": "md5",
"timestamp": "1521193576",
"to_ids": true,
"type": "md5",
"uuid": "5aab9268-c75c-4ae7-af0b-43ec950d210f",
"value": "1088dc879bfeec6d83d0499c798bb7d3"
},
{
"category": "Other",
"comment": "",
"deleted": false,
"disable_correlation": false,
"object_relation": "size-in-bytes",
"timestamp": "1521193576",
"to_ids": false,
"type": "size-in-bytes",
"uuid": "5aab9268-ad30-423c-a8bb-4535950d210f",
"value": "8704"
},
{
"category": "Other",
"comment": "",
"deleted": false,
"disable_correlation": false,
"object_relation": "name",
"timestamp": "1521193577",
"to_ids": false,
"type": "text",
"uuid": "5aab9269-ba60-4efc-9d1d-41e3950d210f",
"value": ".rdata"
},
{
"category": "Other",
"comment": "",
"deleted": false,
"disable_correlation": false,
"object_relation": "entropy",
"timestamp": "1521193577",
"to_ids": false,
"type": "float",
"uuid": "5aab9269-ade4-430a-8976-4520950d210f",
"value": "4.66165724289"
}
]
},
{
"comment": "",
"deleted": false,
"description": "Object describing a section of a Portable Executable",
"meta-category": "file",
"name": "pe-section",
"template_uuid": "198a17d2-a135-4b25-9a32-5aa4e632014a",
"template_version": "2",
"timestamp": "1521193670",
"uuid": "5aab92c6-8684-42c3-8984-411c950d210f",
"Attribute": [
{
"category": "Payload delivery",
"comment": "",
"deleted": false,
"disable_correlation": false,
"object_relation": "md5",
"timestamp": "1521193671",
"to_ids": true,
"type": "md5",
"uuid": "5aab92c7-02e0-4c53-9d97-4f24950d210f",
"value": "4f595559a69e81208f8d5910b4ca9776"
},
{
"category": "Other",
"comment": "",
"deleted": false,
"disable_correlation": false,
"object_relation": "size-in-bytes",
"timestamp": "1521193671",
"to_ids": false,
"type": "size-in-bytes",
"uuid": "5aab92c7-3244-4439-b15f-4940950d210f",
"value": "3072"
},
{
"category": "Other",
"comment": "",
"deleted": false,
"disable_correlation": false,
"object_relation": "name",
"timestamp": "1521193671",
"to_ids": false,
"type": "text",
"uuid": "5aab92c7-ebc4-4062-b471-4698950d210f",
"value": ".data"
},
{
"category": "Other",
"comment": "",
"deleted": false,
"disable_correlation": false,
"object_relation": "entropy",
"timestamp": "1521193672",
"to_ids": false,
"type": "float",
"uuid": "5aab92c8-5c90-455d-b61c-4b3b950d210f",
"value": "2.46079202491"
}
]
},
{
"comment": "",
"deleted": false,
"description": "Object describing a section of a Portable Executable",
"meta-category": "file",
"name": "pe-section",
"template_uuid": "198a17d2-a135-4b25-9a32-5aa4e632014a",
"template_version": "2",
"timestamp": "1521193715",
"uuid": "5aab92f3-a7f8-4912-a0ce-4c01950d210f",
"Attribute": [
{
"category": "Payload delivery",
"comment": "",
"deleted": false,
"disable_correlation": false,
"object_relation": "md5",
"timestamp": "1521193716",
"to_ids": true,
"type": "md5",
"uuid": "5aab92f4-b7dc-46b0-a383-42ef950d210f",
"value": "6986a9d74f2935b3df5dd1165ebcfbf2"
},
{
"category": "Other",
"comment": "",
"deleted": false,
"disable_correlation": false,
"object_relation": "size-in-bytes",
"timestamp": "1521193716",
"to_ids": false,
"type": "size-in-bytes",
"uuid": "5aab92f4-320c-4dac-8b0c-4db7950d210f",
"value": "49664"
},
{
"category": "Other",
"comment": "",
"deleted": false,
"disable_correlation": false,
"object_relation": "name",
"timestamp": "1521193716",
"to_ids": false,
"type": "text",
"uuid": "5aab92f4-e0d4-4335-b537-4da6950d210f",
"value": ".rsrc"
},
{
"category": "Other",
"comment": "",
"deleted": false,
"disable_correlation": false,
"object_relation": "entropy",
"timestamp": "1521193717",
"to_ids": false,
"type": "float",
"uuid": "5aab92f5-0c28-4b74-ad27-4457950d210f",
"value": "4.29254828795"
}
]
},
{
"comment": "",
"deleted": false,
"description": "Object describing a section of a Portable Executable",
"meta-category": "file",
"name": "pe-section",
"template_uuid": "198a17d2-a135-4b25-9a32-5aa4e632014a",
"template_version": "2",
"timestamp": "1521193849",
"uuid": "5aab9379-a5d0-4403-8e3c-4ec0950d210f",
"Attribute": [
{
"category": "Payload delivery",
"comment": "",
"deleted": false,
"disable_correlation": false,
"object_relation": "md5",
"timestamp": "1521193850",
"to_ids": true,
"type": "md5",
"uuid": "5aab937a-0464-45fd-9e00-4922950d210f",
"value": "64f6f513a48c98c5a6b16a2f266978dd"
},
{
"category": "Other",
"comment": "",
"deleted": false,
"disable_correlation": false,
"object_relation": "size-in-bytes",
"timestamp": "1521193850",
"to_ids": false,
"type": "size-in-bytes",
"uuid": "5aab937a-0964-4807-8d79-472b950d210f",
"value": "7168"
},
{
"category": "Other",
"comment": "",
"deleted": false,
"disable_correlation": false,
"object_relation": "name",
"timestamp": "1521193850",
"to_ids": false,
"type": "text",
"uuid": "5aab937a-4134-4d91-a752-461d950d210f",
"value": ".reloc"
},
{
"category": "Other",
"comment": "",
"deleted": false,
"disable_correlation": false,
"object_relation": "entropy",
"timestamp": "1521193851",
"to_ids": false,
"type": "float",
"uuid": "5aab937b-8fdc-4bde-a0ca-4e9e950d210f",
"value": "6.85633135524"
}
]
},
{
"comment": "",
"deleted": false,
"description": "Object describing a section of a Portable Executable",
"meta-category": "file",
"name": "pe-section",
"template_uuid": "198a17d2-a135-4b25-9a32-5aa4e632014a",
"template_version": "2",
"timestamp": "1521213925",
"uuid": "5aabe1e5-11e8-44c8-a00f-6dc8950d210f",
"Attribute": [
{
"category": "Payload delivery",
"comment": "",
"deleted": false,
"disable_correlation": false,
"object_relation": "md5",
"timestamp": "1521213926",
"to_ids": true,
"type": "md5",
"uuid": "5aabe1e6-cad8-45c4-a318-6dc8950d210f",
"value": "548c2646e6894ca25a6566b05f9dff43"
},
{
"category": "Other",
"comment": "",
"deleted": false,
"disable_correlation": false,
"object_relation": "size-in-bytes",
"timestamp": "1521213926",
"to_ids": false,
"type": "size-in-bytes",
"uuid": "5aabe1e6-eccc-4c19-8ea6-6dc8950d210f",
"value": "1024"
},
{
"category": "Other",
"comment": "",
"deleted": false,
"disable_correlation": false,
"object_relation": "name",
"timestamp": "1521213926",
"to_ids": false,
"type": "text",
"uuid": "5aabe1e6-ec70-4305-8708-6dc8950d210f",
"value": "(header)"
},
{
"category": "Other",
"comment": "",
"deleted": false,
"disable_correlation": false,
"object_relation": "entropy",
"timestamp": "1521213927",
"to_ids": false,
"type": "float",
"uuid": "5aabe1e7-6e70-4ebc-be39-6dc8950d210f",
"value": "2.44211621906"
}
]
},
{
"comment": "",
"deleted": false,
"description": "Object describing a section of a Portable Executable",
"meta-category": "file",
"name": "pe-section",
"template_uuid": "198a17d2-a135-4b25-9a32-5aa4e632014a",
"template_version": "2",
"timestamp": "1521213997",
"uuid": "5aabe215-add8-476f-86ee-c0c7950d210f",
"Attribute": [
{
"category": "Payload delivery",
"comment": "",
"deleted": false,
"disable_correlation": false,
"object_relation": "md5",
"timestamp": "1521213997",
"to_ids": true,
"type": "md5",
"uuid": "5aabe216-6cc4-4ed3-8cfd-c0c7950d210f",
"value": "b6822df1b8a74e6089d1e3dd94bd54e5"
},
{
"category": "Other",
"comment": "",
"deleted": false,
"disable_correlation": false,
"object_relation": "size-in-bytes",
"timestamp": "1521213997",
"to_ids": false,
"type": "size-in-bytes",
"uuid": "5aabe216-15c4-4acc-9063-c0c7950d210f",
"value": "149504"
},
{
"category": "Other",
"comment": "",
"deleted": false,
"disable_correlation": false,
"object_relation": "name",
"timestamp": "1521213997",
"to_ids": false,
"type": "text",
"uuid": "5aabe216-4550-496f-8a89-c0c7950d210f",
"value": ".text"
},
{
"category": "Other",
"comment": "",
"deleted": false,
"disable_correlation": false,
"object_relation": "entropy",
"timestamp": "1521213997",
"to_ids": false,
"type": "float",
"uuid": "5aabe217-4f90-44e0-b7bf-c0c7950d210f",
"value": "6.56822413656"
}
]
},
{
"comment": "",
"deleted": false,
"description": "Object describing a section of a Portable Executable",
"meta-category": "file",
"name": "pe-section",
"template_uuid": "198a17d2-a135-4b25-9a32-5aa4e632014a",
"template_version": "2",
"timestamp": "1521214074",
"uuid": "5aabe27a-e1ac-45f6-bf89-edc1950d210f",
"Attribute": [
{
"category": "Payload delivery",
"comment": "",
"deleted": false,
"disable_correlation": false,
"object_relation": "md5",
"timestamp": "1521214074",
"to_ids": true,
"type": "md5",
"uuid": "5aabe27a-5264-4698-964e-edc1950d210f",
"value": "10c63e2e8fe35a2cbe6ae6814f7756a6"
},
{
"category": "Other",
"comment": "",
"deleted": false,
"disable_correlation": false,
"object_relation": "size-in-bytes",
"timestamp": "1521214074",
"to_ids": false,
"type": "size-in-bytes",
"uuid": "5aabe27a-1e30-466b-9e0a-edc1950d210f",
"value": "34304"
},
{
"category": "Other",
"comment": "",
"deleted": false,
"disable_correlation": false,
"object_relation": "name",
"timestamp": "1521214075",
"to_ids": false,
"type": "text",
"uuid": "5aabe27b-28d4-4f93-9a04-edc1950d210f",
"value": ".rdata"
},
{
"category": "Other",
"comment": "",
"deleted": false,
"disable_correlation": false,
"object_relation": "entropy",
"timestamp": "1521214075",
"to_ids": false,
"type": "float",
"uuid": "5aabe27b-c834-495b-a8bf-edc1950d210f",
"value": "5.31647891314"
}
]
},
{
"comment": "",
"deleted": false,
"description": "Object describing a section of a Portable Executable",
"meta-category": "file",
"name": "pe-section",
"template_uuid": "198a17d2-a135-4b25-9a32-5aa4e632014a",
"template_version": "2",
"timestamp": "1521214109",
"uuid": "5aabe29d-7114-4661-8dc7-eda9950d210f",
"Attribute": [
{
"category": "Payload delivery",
"comment": "",
"deleted": false,
"disable_correlation": false,
"object_relation": "md5",
"timestamp": "1521214109",
"to_ids": true,
"type": "md5",
"uuid": "5aabe29d-c0f8-4d72-a43e-eda9950d210f",
"value": "f9850349e6edfb121b1aa80be256e852"
},
{
"category": "Other",
"comment": "",
"deleted": false,
"disable_correlation": false,
"object_relation": "size-in-bytes",
"timestamp": "1521214109",
"to_ids": false,
"type": "size-in-bytes",
"uuid": "5aabe29d-5458-486c-8b61-eda9950d210f",
"value": "8192"
},
{
"category": "Other",
"comment": "",
"deleted": false,
"disable_correlation": false,
"object_relation": "name",
"timestamp": "1521214110",
"to_ids": false,
"type": "text",
"uuid": "5aabe29e-9088-4474-9aea-eda9950d210f",
"value": ".data"
},
{
"category": "Other",
"comment": "",
"deleted": false,
"disable_correlation": false,
"object_relation": "entropy",
"timestamp": "1521214110",
"to_ids": false,
"type": "float",
"uuid": "5aabe29e-8138-4bb0-bdd8-eda9950d210f",
"value": "1.50045151734"
}
]
},
{
"comment": "",
"deleted": false,
"description": "Object describing a section of a Portable Executable",
"meta-category": "file",
"name": "pe-section",
"template_uuid": "198a17d2-a135-4b25-9a32-5aa4e632014a",
"template_version": "2",
"timestamp": "1521214142",
"uuid": "5aabe2be-9a78-4ad8-ae9c-38bc950d210f",
"Attribute": [
{
"category": "Payload delivery",
"comment": "",
"deleted": false,
"disable_correlation": false,
"object_relation": "md5",
"timestamp": "1521214143",
"to_ids": true,
"type": "md5",
"uuid": "5aabe2bf-2cd4-4fba-a437-38bc950d210f",
"value": "0dd8e6e638e604ae0e8f26627a45aef2"
},
{
"category": "Other",
"comment": "",
"deleted": false,
"disable_correlation": false,
"object_relation": "size-in-bytes",
"timestamp": "1521214143",
"to_ids": false,
"type": "size-in-bytes",
"uuid": "5aabe2bf-08a0-4653-b2e5-38bc950d210f",
"value": "182784"
},
{
"category": "Other",
"comment": "",
"deleted": false,
"disable_correlation": false,
"object_relation": "name",
"timestamp": "1521214144",
"to_ids": false,
"type": "text",
"uuid": "5aabe2c0-8470-484d-9d58-38bc950d210f",
"value": ".rsrc"
},
{
"category": "Other",
"comment": "",
"deleted": false,
"disable_correlation": false,
"object_relation": "entropy",
"timestamp": "1521214144",
"to_ids": false,
"type": "float",
"uuid": "5aabe2c0-1db0-4007-89ee-38bc950d210f",
"value": "6.5918396837"
}
]
},
{
"comment": "",
"deleted": false,
"description": "File object describing a file with meta-information",
"meta-category": "file",
"name": "file",
"template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215",
"template_version": "7",
"timestamp": "1521230322",
"uuid": "b9b261fe-ac0d-4eaa-bc84-91ee824ca271",
"ObjectReference": [
{
"comment": "",
"object_uuid": "b9b261fe-ac0d-4eaa-bc84-91ee824ca271",
"referenced_uuid": "52fdb810-ffc9-4914-a550-f04c633a6914",
chg: [feed] added
2023-04-21 13:25:09 +00:00
"relationship_type": "analysed-with",
chg: [gen] updated
2023-12-14 14:30:15 +00:00
"timestamp": "1521230326",
"uuid": "5aac21f6-0fac-4901-b7e2-4e7e02de0b81"
}
],
"Attribute": [
{
"category": "Payload delivery",
"comment": "",
"deleted": false,
"disable_correlation": false,
"object_relation": "sha1",
"timestamp": "1521230319",
"to_ids": true,
"type": "sha1",
"uuid": "5aac21ef-8ec4-43ea-8c8f-42d102de0b81",
"value": "092de09e2f346b81a84113734964ad10284f142d"
},
{
"category": "Payload delivery",
"comment": "",
"deleted": false,
"disable_correlation": false,
"object_relation": "sha256",
"timestamp": "1521230320",
"to_ids": true,
"type": "sha256",
"uuid": "5aac21f0-5bac-418f-81ab-484a02de0b81",
"value": "a278256fbf2f061cfded7fdd58feded6765fade730374c508adad89282f67d77"
},
{
"category": "Payload delivery",
"comment": "",
"deleted": false,
"disable_correlation": false,
"object_relation": "md5",
"timestamp": "1521230320",
"to_ids": true,
"type": "md5",
"uuid": "5aac21f0-6980-4dd3-9518-4c7102de0b81",
"value": "8943e71a8c73b5e343aa9d2e19002373"
}
]
},
{
"comment": "",
"deleted": false,
"description": "VirusTotal report",
"meta-category": "misc",
"name": "virustotal-report",
"template_uuid": "d7dd0154-e04f-4c34-a2fb-79f3a3a52aa4",
"template_version": "1",
"timestamp": "1521230320",
"uuid": "52fdb810-ffc9-4914-a550-f04c633a6914",
"Attribute": [
{
"category": "External analysis",
"comment": "",
"deleted": false,
"disable_correlation": false,
"object_relation": "permalink",
"timestamp": "1521230321",
"to_ids": false,
"type": "link",
"uuid": "5aac21f1-e550-4384-930f-4f8e02de0b81",
"value": "https://www.virustotal.com/file/a278256fbf2f061cfded7fdd58feded6765fade730374c508adad89282f67d77/analysis/1521140874/"
},
{
"category": "Other",
"comment": "",
"deleted": false,
"disable_correlation": true,
"object_relation": "detection-ratio",
"timestamp": "1521230321",
"to_ids": false,
"type": "text",
"uuid": "5aac21f1-1e44-421e-a40a-4fb002de0b81",
"value": "45/66"
},
{
"category": "Other",
"comment": "",
"deleted": false,
"disable_correlation": false,
"object_relation": "last-submission",
"timestamp": "1521230321",
"to_ids": false,
"type": "datetime",
"uuid": "5aac21f1-64b4-4de3-8a2f-4d5402de0b81",
"value": "2018-03-15T19:07:54"
}
]
},
{
"comment": "",
"deleted": false,
"description": "File object describing a file with meta-information",
"meta-category": "file",
"name": "file",
"template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215",
"template_version": "7",
"timestamp": "1521230324",
"uuid": "d603127a-dca4-4067-9982-fbf3c37e55b2",
"ObjectReference": [
{
"comment": "",
"object_uuid": "d603127a-dca4-4067-9982-fbf3c37e55b2",
"referenced_uuid": "7970257f-14eb-43dc-bd7f-5cab16a9baf3",
chg: [feed] added
2023-04-21 13:25:09 +00:00
"relationship_type": "analysed-with",
chg: [gen] updated
2023-12-14 14:30:15 +00:00
"timestamp": "1521230326",
"uuid": "5aac21f6-5554-4c23-8120-41b002de0b81"
}
],
"Attribute": [
{
"category": "Payload delivery",
"comment": "",
"deleted": false,
"disable_correlation": false,
"object_relation": "sha1",
"timestamp": "1521230321",
"to_ids": true,
"type": "sha1",
"uuid": "5aac21f1-74a0-41d1-b762-479f02de0b81",
"value": "cd23b7c9e0edef184930bc8e0ca2264f0608bcb3"
},
{
"category": "Payload delivery",
"comment": "",
"deleted": false,
"disable_correlation": false,
"object_relation": "sha256",
"timestamp": "1521230322",
"to_ids": true,
"type": "sha256",
"uuid": "5aac21f2-739c-46ab-a6dd-4f9b02de0b81",
"value": "f8dbabdfa03068130c277ce49c60e35c029ff29d9e3c74c362521f3fb02670d5"
},
{
"category": "Payload delivery",
"comment": "",
"deleted": false,
"disable_correlation": false,
"object_relation": "md5",
"timestamp": "1521230322",
"to_ids": true,
"type": "md5",
"uuid": "5aac21f2-4570-46e4-902b-430b02de0b81",
"value": "aeee996fd3484f28e5cd85fe26b6bdcd"
}
]
},
{
"comment": "",
"deleted": false,
"description": "VirusTotal report",
"meta-category": "misc",
"name": "virustotal-report",
"template_uuid": "d7dd0154-e04f-4c34-a2fb-79f3a3a52aa4",
"template_version": "1",
"timestamp": "1521230323",
"uuid": "7970257f-14eb-43dc-bd7f-5cab16a9baf3",
"Attribute": [
{
"category": "External analysis",
"comment": "",
"deleted": false,
"disable_correlation": false,
"object_relation": "permalink",
"timestamp": "1521230323",
"to_ids": false,
"type": "link",
"uuid": "5aac21f3-b7c8-408a-90c8-4b3c02de0b81",
"value": "https://www.virustotal.com/file/f8dbabdfa03068130c277ce49c60e35c029ff29d9e3c74c362521f3fb02670d5/analysis/1521206204/"
},
{
"category": "Other",
"comment": "",
"deleted": false,
"disable_correlation": true,
"object_relation": "detection-ratio",
"timestamp": "1521230323",
"to_ids": false,
"type": "text",
"uuid": "5aac21f3-d6f4-491e-bfbc-42a602de0b81",
"value": "1/64"
},
{
"category": "Other",
"comment": "",
"deleted": false,
"disable_correlation": false,
"object_relation": "last-submission",
"timestamp": "1521230323",
"to_ids": false,
"type": "datetime",
"uuid": "5aac21f3-74e8-4481-bdbf-453902de0b81",
"value": "2018-03-16T13:16:44"
}
]
},
{
"comment": "",
"deleted": false,
"description": "File object describing a file with meta-information",
"meta-category": "file",
"name": "file",
"template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215",
"template_version": "7",
"timestamp": "1521230327",
"uuid": "bf47e63b-3eb3-4434-ae79-81368e8f4084",
"ObjectReference": [
{
"comment": "",
"object_uuid": "bf47e63b-3eb3-4434-ae79-81368e8f4084",
"referenced_uuid": "9ff8d207-0de1-4965-836f-b1226b92c8f6",
chg: [feed] added
2023-04-21 13:25:09 +00:00
"relationship_type": "analysed-with",
chg: [gen] updated
2023-12-14 14:30:15 +00:00
"timestamp": "1521230326",
"uuid": "5aac21f6-7fbc-4a21-a7d2-419d02de0b81"
}
],
"Attribute": [
{
"category": "Payload delivery",
"comment": "",
"deleted": false,
"disable_correlation": false,
"object_relation": "sha1",
"timestamp": "1521230324",
"to_ids": true,
"type": "sha1",
"uuid": "5aac21f4-116c-4c1d-9eda-441502de0b81",
"value": "c8791bcebaea85e9129e706b22e3bda43f762e4a"
},
{
"category": "Payload delivery",
"comment": "",
"deleted": false,
"disable_correlation": false,
"object_relation": "sha256",
"timestamp": "1521230324",
"to_ids": true,
"type": "sha256",
"uuid": "5aac21f4-6c0c-4cdc-b0a7-481302de0b81",
"value": "6401abe9b6e90411dc48ffc863c40c9d9b073590a8014fe1b0e6c2ecab2f7e18"
},
{
"category": "Payload delivery",
"comment": "",
"deleted": false,
"disable_correlation": false,
"object_relation": "md5",
"timestamp": "1521230325",
"to_ids": true,
"type": "md5",
"uuid": "5aac21f5-dc94-4f8f-bc31-4f7602de0b81",
"value": "aa905a3508d9309a93ad5c0ec26ebc9b"
}
]
},
{
"comment": "",
"deleted": false,
"description": "VirusTotal report",
"meta-category": "misc",
"name": "virustotal-report",
"template_uuid": "d7dd0154-e04f-4c34-a2fb-79f3a3a52aa4",
"template_version": "1",
"timestamp": "1521230325",
"uuid": "9ff8d207-0de1-4965-836f-b1226b92c8f6",
"Attribute": [
{
"category": "External analysis",
"comment": "",
"deleted": false,
"disable_correlation": false,
"object_relation": "permalink",
"timestamp": "1521230325",
"to_ids": false,
"type": "link",
"uuid": "5aac21f5-d980-4458-a5f0-4bd202de0b81",
"value": "https://www.virustotal.com/file/6401abe9b6e90411dc48ffc863c40c9d9b073590a8014fe1b0e6c2ecab2f7e18/analysis/1521140754/"
},
{
"category": "Other",
"comment": "",
"deleted": false,
"disable_correlation": true,
"object_relation": "detection-ratio",
"timestamp": "1521230326",
"to_ids": false,
"type": "text",
"uuid": "5aac21f6-9e28-4ad0-b19d-44bd02de0b81",
"value": "25/59"
},
{
"category": "Other",
"comment": "",
"deleted": false,
"disable_correlation": false,
"object_relation": "last-submission",
"timestamp": "1521230326",
"to_ids": false,
"type": "datetime",
"uuid": "5aac21f6-4b18-4672-ae5f-4ece02de0b81",
"value": "2018-03-15T19:05:54"
}
]
},
{
"comment": "",
"deleted": false,
"description": "File object describing a file with meta-information",
"meta-category": "file",
"name": "file",
"template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215",
"template_version": "10",
"timestamp": "1521530483",
"uuid": "5aaf6f7d-5698-489d-9b33-4c5c950d210f",
"ObjectReference": [
{
"comment": "",
"object_uuid": "5aaf6f7d-5698-489d-9b33-4c5c950d210f",
"referenced_uuid": "5aab8036-1c10-4eb6-a9c5-4ed2950d210f",
chg: [feed] added
2023-04-21 13:25:09 +00:00
"relationship_type": "connected-to",
chg: [gen] updated
2023-12-14 14:30:15 +00:00
"timestamp": "1521456094",
"uuid": "5aaf93de-8fe8-4918-947c-4805950d210f"
}
],
"Attribute": [
{
"category": "Payload delivery",
"comment": "",
"deleted": false,
"disable_correlation": true,
"object_relation": "filename",
"timestamp": "1521530480",
"to_ids": true,
"type": "filename",
"uuid": "5aaf6f7d-fa3c-4abe-9c9e-4d2e950d210f",
"value": "CV Controls Engineer.docx"
},
{
"category": "Payload delivery",
"comment": "",
"deleted": false,
"disable_correlation": false,
"object_relation": "md5",
"timestamp": "1521530480",
"to_ids": true,
"type": "md5",
"uuid": "5aaf6f7d-fca8-4b39-b5cb-4f06950d210f",
"value": "722154a36f32ba10e98020a8ad758a7a"
},
{
"category": "Other",
"comment": "",
"deleted": false,
"disable_correlation": true,
"object_relation": "state",
"timestamp": "1521530480",
"to_ids": false,
"type": "text",
"uuid": "5aaf6f7d-c4b4-4df2-80a2-4d0d950d210f",
"value": "Malicious"
},
{
"category": "Other",
"comment": "",
"deleted": false,
"disable_correlation": true,
"object_relation": "entropy",
"timestamp": "1521530480",
"to_ids": false,
"type": "float",
"uuid": "5aaf93c4-821c-42da-8211-4edb950d210f",
"value": "7.85923994786"
},
{
"category": "Payload delivery",
"comment": "",
"deleted": false,
"disable_correlation": false,
"object_relation": "sha1",
"timestamp": "1521530480",
"to_ids": true,
"type": "sha1",
"uuid": "5aaf93c4-df58-40eb-9a96-4e10950d210f",
"value": "2872dcdf108563d16b6cf2ed383626861fc541d2"
},
{
"category": "Payload delivery",
"comment": "",
"deleted": false,
"disable_correlation": false,
"object_relation": "ssdeep",
"timestamp": "1521530480",
"to_ids": true,
"type": "ssdeep",
"uuid": "5aaf93c5-9d2c-4b0a-8ae9-4861950d210f",
"value": "384:Dk5kSg2bPvHjd1coguI38aI2TUGThYGBUvolkGDJ4LMwa7nXp:DkGMjjOn8yTUQzuw7VB37n5"
},
{
"category": "Other",
"comment": "",
"deleted": false,
"disable_correlation": true,
"object_relation": "size-in-bytes",
"timestamp": "1521530480",
"to_ids": false,
"type": "size-in-bytes",
"uuid": "5aaf93c6-f584-4e6b-bf27-4326950d210f",
"value": "19261"
},
{
"category": "Payload delivery",
"comment": "",
"deleted": false,
"disable_correlation": false,
"object_relation": "sha256",
"timestamp": "1521530481",
"to_ids": true,
"type": "sha256",
"uuid": "5ab0b671-dbac-4114-9fef-4ea0950d210f",
"value": "ac6c1df3895af63b864bb33bf30cb31059e247443ddb8f23517849362ec94f08"
}
]
},
{
"comment": "Zip archive data, at least v2.0 to extract",
"deleted": false,
"description": "File object describing a file with meta-information",
"meta-category": "file",
"name": "file",
"template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215",
"template_version": "10",
"timestamp": "1521451901",
"uuid": "5aaf6fb7-2d4c-48f6-a5a6-4936950d210f",
"ObjectReference": [
{
"comment": "",
"object_uuid": "5aaf6fb7-2d4c-48f6-a5a6-4936950d210f",
"referenced_uuid": "5aaf7073-dc2c-4e31-82a8-4a41950d210f",
chg: [feed] added
2023-04-21 13:25:09 +00:00
"relationship_type": "connected-to",
chg: [gen] updated
2023-12-14 14:30:15 +00:00
"timestamp": "1521451898",
"uuid": "5aaf837a-8c0c-49d8-a101-4922950d210f"
}
],
"Attribute": [
{
"category": "Payload delivery",
"comment": "",
"deleted": false,
"disable_correlation": true,
"object_relation": "filename",
"timestamp": "1521451642",
"to_ids": true,
"type": "filename",
"uuid": "5aaf6fb7-ed8c-45dc-b23a-4aee950d210f",
"value": "Controls Engineer.docx"
},
{
"category": "Payload delivery",
"comment": "",
"deleted": false,
"disable_correlation": false,
"object_relation": "md5",
"timestamp": "1521451642",
"to_ids": true,
"type": "md5",
"uuid": "5aaf6fb7-1684-4d27-8c58-45b2950d210f",
"value": "038a97b4e2f37f34b255f0643e49fc9d"
},
{
"category": "Other",
"comment": "",
"deleted": false,
"disable_correlation": true,
"object_relation": "state",
"timestamp": "1521451642",
"to_ids": false,
"type": "text",
"uuid": "5aaf6fb8-4f9c-4df6-92ba-4a69950d210f",
"value": "Malicious"
},
{
"category": "Other",
"comment": "",
"deleted": false,
"disable_correlation": true,
"object_relation": "entropy",
"timestamp": "1521451642",
"to_ids": false,
"type": "float",
"uuid": "5aaf827a-c650-4689-abb7-411a950d210f",
"value": "7.78916156016"
},
{
"category": "Payload delivery",
"comment": "",
"deleted": false,
"disable_correlation": false,
"object_relation": "sha1",
"timestamp": "1521451642",
"to_ids": true,
"type": "sha1",
"uuid": "5aaf827a-6620-4252-970d-4222950d210f",
"value": "f8301523fe802402441f207c0f7c61b8aa3cfa63"
},
{
"category": "Payload delivery",
"comment": "",
"deleted": false,
"disable_correlation": false,
"object_relation": "ssdeep",
"timestamp": "1521451643",
"to_ids": true,
"type": "ssdeep",
"uuid": "5aaf827b-9580-4bb7-adf0-4756950d210f",
"value": "384:F2sPE46JbzcB1mjvxqIJwpsxQVzI+GHoJDUhvWew8rKrNf28v:o8EVETmjUsqZuWd8uBfn"
},
{
"category": "Other",
"comment": "",
"deleted": false,
"disable_correlation": true,
"object_relation": "size-in-bytes",
"timestamp": "1521451643",
"to_ids": false,
"type": "size-in-bytes",
"uuid": "5aaf827b-e700-408c-af61-442f950d210f",
"value": "19605"
}
]
},
{
"comment": "Zip archive data, at least v2.0 to extract",
"deleted": false,
"description": "File object describing a file with meta-information",
"meta-category": "file",
"name": "file",
"template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215",
"template_version": "10",
"timestamp": "1521454381",
"uuid": "5aaf6fc9-3500-45cd-8315-42e1950d210f",
"ObjectReference": [
{
"comment": "",
"object_uuid": "5aaf6fc9-3500-45cd-8315-42e1950d210f",
"referenced_uuid": "5aaf7073-dc2c-4e31-82a8-4a41950d210f",
chg: [feed] added
2023-04-21 13:25:09 +00:00
"relationship_type": "connected-to",
chg: [gen] updated
2023-12-14 14:30:15 +00:00
"timestamp": "1521454377",
"uuid": "5aaf8d29-0f70-48e1-96aa-4591950d210f"
}
],
"Attribute": [
{
"category": "Payload delivery",
"comment": "",
"deleted": false,
"disable_correlation": true,
"object_relation": "filename",
"timestamp": "1521454167",
"to_ids": true,
"type": "filename",
"uuid": "5aaf6fc9-57c0-4a5b-8264-4e0f950d210f",
"value": "Controls Engineer.docx"
},
{
"category": "Payload delivery",
"comment": "",
"deleted": false,
"disable_correlation": false,
"object_relation": "md5",
"timestamp": "1521454167",
"to_ids": true,
"type": "md5",
"uuid": "5aaf6fc9-8b38-465a-9147-49e2950d210f",
"value": "31008de622ca9526f5f4a1dd3f16f4ea"
},
{
"category": "Other",
"comment": "",
"deleted": false,
"disable_correlation": true,
"object_relation": "state",
"timestamp": "1521454167",
"to_ids": false,
"type": "text",
"uuid": "5aaf6fca-f1b8-4ba8-a219-48fe950d210f",
"value": "Malicious"
},
{
"category": "Other",
"comment": "",
"deleted": false,
"disable_correlation": true,
"object_relation": "entropy",
"timestamp": "1521454168",
"to_ids": false,
"type": "float",
"uuid": "5aaf8c58-d160-43ce-9e4e-421c950d210f",
"value": "7.81640605196"
},
{
"category": "Payload delivery",
"comment": "",
"deleted": false,
"disable_correlation": false,
"object_relation": "sha1",
"timestamp": "1521454168",
"to_ids": true,
"type": "sha1",
"uuid": "5aaf8c58-d418-4af1-9a3e-4f28950d210f",
"value": "c8c8b2739fcf48c7071e41576791c1b5a9a0cb3a"
},
{
"category": "Payload delivery",
"comment": "",
"deleted": false,
"disable_correlation": false,
"object_relation": "ssdeep",
"timestamp": "1521454169",
"to_ids": true,
"type": "ssdeep",
"uuid": "5aaf8c59-6c30-470d-affc-47ee950d210f",
"value": "384:F2sPE46JbzcB1mjvxqIJwpsxQVzI+GHoJSkhvnewMrKrNf+J:o8EVETmjUsqZDndMuBf6"
},
{
"category": "Other",
"comment": "",
"deleted": false,
"disable_correlation": true,
"object_relation": "size-in-bytes",
"timestamp": "1521454169",
"to_ids": false,
"type": "size-in-bytes",
"uuid": "5aaf8c59-6480-4605-a578-477d950d210f",
"value": "19298"
}
]
},
{
"comment": "Zip archive data, at least v2.0 to extract",
"deleted": false,
"description": "File object describing a file with meta-information",
"meta-category": "file",
"name": "file",
"template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215",
"template_version": "10",
"timestamp": "1521455959",
"uuid": "5aaf6fdc-d6d0-4c8d-aec4-485d950d210f",
"ObjectReference": [
{
"comment": "",
"object_uuid": "5aaf6fdc-d6d0-4c8d-aec4-485d950d210f",
"referenced_uuid": "5aaf7073-dc2c-4e31-82a8-4a41950d210f",
chg: [feed] added
2023-04-21 13:25:09 +00:00
"relationship_type": "connected-to",
chg: [gen] updated
2023-12-14 14:30:15 +00:00
"timestamp": "1521455956",
"uuid": "5aaf9354-b2f0-4e63-8a27-4ba5950d210f"
}
],
"Attribute": [
{
"category": "Payload delivery",
"comment": "",
"deleted": false,
"disable_correlation": true,
"object_relation": "filename",
"timestamp": "1521455934",
"to_ids": true,
"type": "filename",
"uuid": "5aaf6fdc-0e40-491a-9244-4eea950d210f",
"value": "Controls Engineer.docx"
},
{
"category": "Payload delivery",
"comment": "",
"deleted": false,
"disable_correlation": false,
"object_relation": "md5",
"timestamp": "1521455934",
"to_ids": true,
"type": "md5",
"uuid": "5aaf6fdc-c0fc-4076-922b-4655950d210f",
"value": "5acc56c93c5ba1318dd2fa9c3509d60b"
},
{
"category": "Other",
"comment": "",
"deleted": false,
"disable_correlation": true,
"object_relation": "state",
"timestamp": "1521455934",
"to_ids": false,
"type": "text",
"uuid": "5aaf6fdd-10e8-41d9-b098-49e5950d210f",
"value": "Malicious"
},
{
"category": "Other",
"comment": "",
"deleted": false,
"disable_correlation": true,
"object_relation": "entropy",
"timestamp": "1521455934",
"to_ids": false,
"type": "float",
"uuid": "5aaf933e-ee64-43f4-96f3-49f0950d210f",
"value": "7.8128329367"
},
{
"category": "Payload delivery",
"comment": "",
"deleted": false,
"disable_correlation": false,
"object_relation": "sha1",
"timestamp": "1521455934",
"to_ids": true,
"type": "sha1",
"uuid": "5aaf933e-e724-4024-8a48-46da950d210f",
"value": "f3b8a182a3f4f51333f55e1afa4ad3d624301689"
},
{
"category": "Payload delivery",
"comment": "",
"deleted": false,
"disable_correlation": false,
"object_relation": "ssdeep",
"timestamp": "1521455935",
"to_ids": true,
"type": "ssdeep",
"uuid": "5aaf933f-542c-4895-9c17-4883950d210f",
"value": "384:F2sPE46JbzcB1mjvxqIJwpsxQVoI+WHoJSkhvnewMrKrNfOJ:o8EVETmjUsqizndMuBfS"
},
{
"category": "Other",
"comment": "",
"deleted": false,
"disable_correlation": true,
"object_relation": "size-in-bytes",
"timestamp": "1521455935",
"to_ids": false,
"type": "size-in-bytes",
"uuid": "5aaf933f-1cb0-414e-b7b6-4f54950d210f",
"value": "19326"
}
]
},
{
"comment": "Zip archive data, at least v2.0 to extract",
"deleted": false,
"description": "File object describing a file with meta-information",
"meta-category": "file",
"name": "file",
"template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215",
"template_version": "10",
"timestamp": "1521452695",
"uuid": "5aaf6ff0-8384-42d9-a402-4107950d210f",
"ObjectReference": [
{
"comment": "",
"object_uuid": "5aaf6ff0-8384-42d9-a402-4107950d210f",
"referenced_uuid": "5aaf7073-dc2c-4e31-82a8-4a41950d210f",
chg: [feed] added
2023-04-21 13:25:09 +00:00
"relationship_type": "connected-to",
chg: [gen] updated
2023-12-14 14:30:15 +00:00
"timestamp": "1521452691",
"uuid": "5aaf8693-d0c8-408d-b1d6-4212950d210f"
}
],
"Attribute": [
{
"category": "Payload delivery",
"comment": "",
"deleted": false,
"disable_correlation": true,
"object_relation": "filename",
"timestamp": "1521452672",
"to_ids": true,
"type": "filename",
"uuid": "5aaf6ff0-5afc-49db-b92b-41b4950d210f",
"value": "Controls Engineer.docx"
},
{
"category": "Payload delivery",
"comment": "",
"deleted": false,
"disable_correlation": false,
"object_relation": "md5",
"timestamp": "1521452672",
"to_ids": true,
"type": "md5",
"uuid": "5aaf6ff0-b7e8-4a60-832c-446b950d210f",
"value": "65a1a73253f04354886f375b59550b46"
},
{
"category": "Other",
"comment": "",
"deleted": false,
"disable_correlation": true,
"object_relation": "state",
"timestamp": "1521452672",
"to_ids": false,
"type": "text",
"uuid": "5aaf6ff0-3bc8-4098-9a22-4606950d210f",
"value": "Malicious"
},
{
"category": "Other",
"comment": "",
"deleted": false,
"disable_correlation": true,
"object_relation": "entropy",
"timestamp": "1521452672",
"to_ids": false,
"type": "float",
"uuid": "5aaf8680-317c-4135-9a0c-4036950d210f",
"value": "7.81659183222"
},
{
"category": "Payload delivery",
"comment": "",
"deleted": false,
"disable_correlation": false,
"object_relation": "sha1",
"timestamp": "1521452672",
"to_ids": true,
"type": "sha1",
"uuid": "5aaf8680-f210-4330-b4b0-4c87950d210f",
"value": "5f1d8a38ec40c2e86d54bfb7d9ce6571e8f944c6"
},
{
"category": "Payload delivery",
"comment": "",
"deleted": false,
"disable_correlation": false,
"object_relation": "ssdeep",
"timestamp": "1521452673",
"to_ids": true,
"type": "ssdeep",
"uuid": "5aaf8681-dfd4-4606-b56c-402b950d210f",
"value": "384:F1sPE46JbzcB1mjvxqIJwpsxQVjI+GHoJSkhvnew74rKrNfXqJ:78EVETmjUsqJDndMuBfXe"
},
{
"category": "Other",
"comment": "",
"deleted": false,
"disable_correlation": true,
"object_relation": "size-in-bytes",
"timestamp": "1521452673",
"to_ids": false,
"type": "size-in-bytes",
"uuid": "5aaf8681-b1bc-47ad-8611-4b11950d210f",
"value": "19298"
}
]
},
{
"comment": "Zip archive data, at least v2.0 to extract",
"deleted": false,
"description": "File object describing a file with meta-information",
"meta-category": "file",
"name": "file",
"template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215",
"template_version": "10",
"timestamp": "1521455743",
"uuid": "5aaf7025-6398-4599-869d-4abb950d210f",
"ObjectReference": [
{
"comment": "",
"object_uuid": "5aaf7025-6398-4599-869d-4abb950d210f",
"referenced_uuid": "5aaf7073-dc2c-4e31-82a8-4a41950d210f",
chg: [feed] added
2023-04-21 13:25:09 +00:00
"relationship_type": "connected-to",
chg: [gen] updated
2023-12-14 14:30:15 +00:00
"timestamp": "1521455739",
"uuid": "5aaf927b-0cfc-413c-a79e-4b7c950d210f"
}
],
"Attribute": [
{
"category": "Payload delivery",
"comment": "",
"deleted": false,
"disable_correlation": true,
"object_relation": "filename",
"timestamp": "1521455720",
"to_ids": true,
"type": "filename",
"uuid": "5aaf7026-691c-47d0-bdec-4d70950d210f",
"value": "Controls Engineer.docx"
},
{
"category": "Payload delivery",
"comment": "",
"deleted": false,
"disable_correlation": false,
"object_relation": "md5",
"timestamp": "1521455720",
"to_ids": true,
"type": "md5",
"uuid": "5aaf7026-0fc4-4bcd-bc1d-4ef9950d210f",
"value": "8341e48a6b91750d99a8295c97fd55d5"
},
{
"category": "Other",
"comment": "",
"deleted": false,
"disable_correlation": true,
"object_relation": "state",
"timestamp": "1521455720",
"to_ids": false,
"type": "text",
"uuid": "5aaf7026-1fd0-4918-a143-4fb1950d210f",
"value": "Malicious"
},
{
"category": "Other",
"comment": "",
"deleted": false,
"disable_correlation": true,
"object_relation": "entropy",
"timestamp": "1521455721",
"to_ids": false,
"type": "float",
"uuid": "5aaf9269-ce9c-40f9-aefd-46b1950d210f",
"value": "7.81651500038"
},
{
"category": "Payload delivery",
"comment": "",
"deleted": false,
"disable_correlation": false,
"object_relation": "sha1",
"timestamp": "1521455721",
"to_ids": true,
"type": "sha1",
"uuid": "5aaf9269-a894-4142-bfdc-4629950d210f",
"value": "3ce30622afb6fac1971a8534998a1d57b1062d86"
},
{
"category": "Payload delivery",
"comment": "",
"deleted": false,
"disable_correlation": false,
"object_relation": "ssdeep",
"timestamp": "1521455722",
"to_ids": true,
"type": "ssdeep",
"uuid": "5aaf926a-5c98-4e96-910d-46f6950d210f",
"value": "384:F1sPE46JbzcB1mjvxqIJwpsxQVjI+GHoJSkhvWew8rKrNfP3J:78EVETmjUsqJDWd8uBfPZ"
},
{
"category": "Other",
"comment": "",
"deleted": false,
"disable_correlation": true,
"object_relation": "size-in-bytes",
"timestamp": "1521455722",
"to_ids": false,
"type": "size-in-bytes",
"uuid": "5aaf926a-bb94-4b00-b0d7-4810950d210f",
"value": "19298"
}
]
},
{
"comment": "Zip archive data, at least v2.0 to extract",
"deleted": false,
"description": "File object describing a file with meta-information",
"meta-category": "file",
"name": "file",
"template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215",
"template_version": "10",
"timestamp": "1521455877",
"uuid": "5aaf7035-27fc-4569-ba36-4e69950d210f",
"ObjectReference": [
{
"comment": "",
"object_uuid": "5aaf7035-27fc-4569-ba36-4e69950d210f",
"referenced_uuid": "5aaf7073-dc2c-4e31-82a8-4a41950d210f",
chg: [feed] added
2023-04-21 13:25:09 +00:00
"relationship_type": "connected-to",
chg: [gen] updated
2023-12-14 14:30:15 +00:00
"timestamp": "1521455873",
"uuid": "5aaf9301-c390-490e-b0ae-4917950d210f"
}
],
"Attribute": [
{
"category": "Payload delivery",
"comment": "",
"deleted": false,
"disable_correlation": true,
"object_relation": "filename",
"timestamp": "1521455853",
"to_ids": true,
"type": "filename",
"uuid": "5aaf7035-62e8-47a6-b06b-40a7950d210f",
"value": "Controls Engineer.docx"
},
{
"category": "Payload delivery",
"comment": "",
"deleted": false,
"disable_correlation": false,
"object_relation": "md5",
"timestamp": "1521455853",
"to_ids": true,
"type": "md5",
"uuid": "5aaf7035-58a8-4332-a93c-4163950d210f",
"value": "99aa0d0eceefce4c0856532181b449b1"
},
{
"category": "Other",
"comment": "",
"deleted": false,
"disable_correlation": true,
"object_relation": "state",
"timestamp": "1521455853",
"to_ids": false,
"type": "text",
"uuid": "5aaf7036-f9c8-475a-b18d-454b950d210f",
"value": "Malicious"
},
{
"category": "Other",
"comment": "",
"deleted": false,
"disable_correlation": true,
"object_relation": "entropy",
"timestamp": "1521455853",
"to_ids": false,
"type": "float",
"uuid": "5aaf92ed-e020-4156-97ef-4879950d210f",
"value": "7.81297842972"
},
{
"category": "Payload delivery",
"comment": "",
"deleted": false,
"disable_correlation": false,
"object_relation": "sha1",
"timestamp": "1521455853",
"to_ids": true,
"type": "sha1",
"uuid": "5aaf92ed-45ac-462b-a717-44e5950d210f",
"value": "1737a2c1b0d091f09f3f231ebc3da5661983c240"
},
{
"category": "Payload delivery",
"comment": "",
"deleted": false,
"disable_correlation": false,
"object_relation": "ssdeep",
"timestamp": "1521455854",
"to_ids": true,
"type": "ssdeep",
"uuid": "5aaf92ee-6c20-422e-bc33-4809950d210f",
"value": "384:F1sPE46JbzcB1mjvxqIJwpsxQVjI+GHoJDUhvWew8rKrNfHJ:78EVETmjUsqJuWd8uBfp"
},
{
"category": "Other",
"comment": "",
"deleted": false,
"disable_correlation": true,
"object_relation": "size-in-bytes",
"timestamp": "1521455855",
"to_ids": false,
"type": "size-in-bytes",
"uuid": "5aaf92ef-571c-4ec0-b3a8-4bcd950d210f",
"value": "19326"
}
]
},
{
"comment": "Zip archive data, at least v2.0 to extract",
"deleted": false,
"description": "File object describing a file with meta-information",
"meta-category": "file",
"name": "file",
"template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215",
"template_version": "10",
"timestamp": "1521450337",
"uuid": "5aaf7051-9700-436b-8bec-4598950d210f",
"ObjectReference": [
{
"comment": "",
"object_uuid": "5aaf7051-9700-436b-8bec-4598950d210f",
"referenced_uuid": "5aaf7073-dc2c-4e31-82a8-4a41950d210f",
chg: [feed] added
2023-04-21 13:25:09 +00:00
"relationship_type": "connected-to",
chg: [gen] updated
2023-12-14 14:30:15 +00:00
"timestamp": "1521450334",
"uuid": "5aaf7d5e-c3ac-4eea-b603-4cc6950d210f"
}
],
"Attribute": [
{
"category": "Payload delivery",
"comment": "",
"deleted": false,
"disable_correlation": true,
"object_relation": "filename",
"timestamp": "1521449769",
"to_ids": true,
"type": "filename",
"uuid": "5aaf7051-bf00-4f94-b884-4518950d210f",
"value": "Controls Engineer.docx"
},
{
"category": "Payload delivery",
"comment": "",
"deleted": false,
"disable_correlation": false,
"object_relation": "md5",
"timestamp": "1521449769",
"to_ids": true,
"type": "md5",
"uuid": "5aaf7051-254c-4cc9-846d-41ad950d210f",
"value": "a6d36749eebbbc51b552e5803ed1fd58"
},
{
"category": "Other",
"comment": "",
"deleted": false,
"disable_correlation": true,
"object_relation": "state",
"timestamp": "1521449769",
"to_ids": false,
"type": "text",
"uuid": "5aaf7052-7614-4038-901e-4ec9950d210f",
"value": "Malicious"
},
{
"category": "Other",
"comment": "",
"deleted": false,
"disable_correlation": true,
"object_relation": "entropy",
"timestamp": "1521449770",
"to_ids": false,
"type": "float",
"uuid": "5aaf7b2a-7b1c-4a3d-b2a0-4013950d210f",
"value": "7.82005155684"
},
{
"category": "Payload delivery",
"comment": "",
"deleted": false,
"disable_correlation": false,
"object_relation": "sha1",
"timestamp": "1521449770",
"to_ids": true,
"type": "sha1",
"uuid": "5aaf7b2a-08a8-4cca-adcb-4b96950d210f",
"value": "3ceb153fcd9407c92b3c71eb0acf74e681691b98"
},
{
"category": "Payload delivery",
"comment": "",
"deleted": false,
"disable_correlation": false,
"object_relation": "ssdeep",
"timestamp": "1521449771",
"to_ids": true,
"type": "ssdeep",
"uuid": "5aaf7b2b-e1a8-4c45-bc13-4bc2950d210f",
"value": "384:F1sPE46JbzcB1mjvxqIJwpsxQVjI+GHoJSkhvnewMrKrNfXFg:78EVETmjUsqJDndMuBfXq"
},
{
"category": "Other",
"comment": "",
"deleted": false,
"disable_correlation": true,
"object_relation": "size-in-bytes",
"timestamp": "1521449771",
"to_ids": false,
"type": "size-in-bytes",
"uuid": "5aaf7b2b-360c-41da-9fe6-4527950d210f",
"value": "19270"
}
]
},
{
"comment": "HTML document, ASCII text, with very long lines, with CRLF line terminators",
"deleted": false,
"description": "File object describing a file with meta-information",
"meta-category": "file",
"name": "file",
"template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215",
"template_version": "10",
"timestamp": "1521458083",
"uuid": "5aaf9a4a-3250-4b88-bbe1-4834950d210f",
"ObjectReference": [
{
"comment": "",
"object_uuid": "5aaf9a4a-3250-4b88-bbe1-4834950d210f",
"referenced_uuid": "5aab8032-65bc-4a14-bd0d-4706950d210f",
chg: [feed] added
2023-04-21 13:25:09 +00:00
"relationship_type": "connected-to",
chg: [gen] updated
2023-12-14 14:30:15 +00:00
"timestamp": "1521458079",
"uuid": "5aaf9b9f-bccc-4f98-9276-4839950d210f"
}
],
"Attribute": [
{
"category": "Payload delivery",
"comment": "",
"deleted": false,
"disable_correlation": true,
"object_relation": "filename",
"timestamp": "1521458022",
"to_ids": true,
"type": "filename",
"uuid": "5aaf9a4a-3380-4cb3-bd93-40e7950d210f",
"value": "184.154_redirect"
},
{
"category": "Payload delivery",
"comment": "",
"deleted": false,
"disable_correlation": false,
"object_relation": "md5",
"timestamp": "1521458022",
"to_ids": true,
"type": "md5",
"uuid": "5aaf9a4a-1130-4cd9-a3b0-4a12950d210f",
"value": "4383c60926261d467662f95b11efc044"
},
{
"category": "Other",
"comment": "",
"deleted": false,
"disable_correlation": true,
"object_relation": "state",
"timestamp": "1521458022",
"to_ids": false,
"type": "text",
"uuid": "5aaf9a4b-4234-4b2c-bb20-4f90950d210f",
"value": "Malicious"
},
{
"category": "Other",
"comment": "",
"deleted": false,
"disable_correlation": true,
"object_relation": "entropy",
"timestamp": "1521458022",
"to_ids": false,
"type": "float",
"uuid": "5aaf9b66-d3c8-4e28-a600-450e950d210f",
"value": "5.31931878607"
},
{
"category": "Payload delivery",
"comment": "",
"deleted": false,
"disable_correlation": false,
"object_relation": "sha1",
"timestamp": "1521458022",
"to_ids": true,
"type": "sha1",
"uuid": "5aaf9b66-216c-40a5-a190-42eb950d210f",
"value": "05305b7de1766713a6d4a32d740a1d0f724280ea"
},
{
"category": "Payload delivery",
"comment": "",
"deleted": false,
"disable_correlation": false,
"object_relation": "ssdeep",
"timestamp": "1521458023",
"to_ids": true,
"type": "ssdeep",
"uuid": "5aaf9b67-7dc4-480c-9124-4c3d950d210f",
"value": "192:ela+K8nnsnQPh7aSJJJkSeIUHV4kLDDhWwpy8b7Xg:6a+K8nrPh7akrwHV5Hh1pXg"
},
{
"category": "Other",
"comment": "",
"deleted": false,
"disable_correlation": true,
"object_relation": "size-in-bytes",
"timestamp": "1521458023",
"to_ids": false,
"type": "size-in-bytes",
"uuid": "5aaf9b67-61f0-4588-9c49-493f950d210f",
"value": "9300"
}
]
},
{
"comment": "PDF document, version 1.5",
"deleted": false,
"description": "File object describing a file with meta-information",
"meta-category": "file",
"name": "file",
"template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215",
"template_version": "10",
"timestamp": "1521458537",
"uuid": "5aaf9c9e-bd24-4ade-b019-45ab950d210f",
"ObjectReference": [
{
"comment": "",
"object_uuid": "5aaf9c9e-bd24-4ade-b019-45ab950d210f",
"referenced_uuid": "5aaf9cab-e298-487c-9dda-4755950d210f",
chg: [feed] added
2023-04-21 13:25:09 +00:00
"relationship_type": "connected-to",
chg: [gen] updated
2023-12-14 14:30:15 +00:00
"timestamp": "1521458534",
"uuid": "5aaf9d66-2ce0-4b7f-a92e-4a33950d210f"
},
{
"comment": "",
"object_uuid": "5aaf9c9e-bd24-4ade-b019-45ab950d210f",
"referenced_uuid": "fa75388a-9fbe-4682-82db-1a02068aac41",
chg: [feed] added
2023-04-21 13:25:09 +00:00
"relationship_type": "analysed-with",
chg: [gen] updated
2023-12-14 14:30:15 +00:00
"timestamp": "1521571868",
"uuid": "5ab1581c-bd4c-4483-bda4-e1c102de0b81"
}
],
"Attribute": [
{
"category": "Payload delivery",
"comment": "",
"deleted": false,
"disable_correlation": true,
"object_relation": "filename",
"timestamp": "1521458491",
"to_ids": true,
"type": "filename",
"uuid": "5aaf9c9e-93e0-48d0-ac15-45c1950d210f",
"value": "document.pdf"
},
{
"category": "Payload delivery",
"comment": "",
"deleted": false,
"disable_correlation": false,
"object_relation": "md5",
"timestamp": "1521458491",
"to_ids": true,
"type": "md5",
"uuid": "5aaf9c9e-29e0-44e8-98dc-40e1950d210f",
"value": "e29d1f5d79cd906f75c88177c7f6168e"
},
{
"category": "Other",
"comment": "",
"deleted": false,
"disable_correlation": true,
"object_relation": "state",
"timestamp": "1521458491",
"to_ids": false,
"type": "text",
"uuid": "5aaf9c9e-99e4-4b69-ad4d-4f52950d210f",
"value": "Malicious"
},
{
"category": "Other",
"comment": "",
"deleted": false,
"disable_correlation": true,
"object_relation": "entropy",
"timestamp": "1521458492",
"to_ids": false,
"type": "float",
"uuid": "5aaf9d3c-1ea8-4bee-80b1-43e6950d210f",
"value": "7.97898152566"
},
{
"category": "Payload delivery",
"comment": "",
"deleted": false,
"disable_correlation": false,
"object_relation": "sha1",
"timestamp": "1521458492",
"to_ids": true,
"type": "sha1",
"uuid": "5aaf9d3c-77e4-4143-bac9-4485950d210f",
"value": "be0a15d1aa85c9d39c4757efda861da014156d31"
},
{
"category": "Payload delivery",
"comment": "",
"deleted": false,
"disable_correlation": false,
"object_relation": "ssdeep",
"timestamp": "1521458492",
"to_ids": true,
"type": "ssdeep",
"uuid": "5aaf9d3c-d1b8-4a3f-ba00-4624950d210f",
"value": "6144:P3xUxs8qpZ5gB8zo35Gm0bLsSWpa9IP8F9/xZbbSxk:P+xs8Xio3ZOWpaSmpxZYk"
},
{
"category": "Other",
"comment": "",
"deleted": false,
"disable_correlation": true,
"object_relation": "size-in-bytes",
"timestamp": "1521458493",
"to_ids": false,
"type": "size-in-bytes",
"uuid": "5aaf9d3d-7dbc-417d-a981-4815950d210f",
"value": "237179"
}
]
},
{
"comment": "",
"deleted": false,
"description": "File object describing a file with meta-information",
"meta-category": "file",
"name": "file",
"template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215",
"template_version": "10",
"timestamp": "1521466434",
"uuid": "5aafbc42-27c4-4a0f-bf40-4f01950d210f",
"Attribute": [
{
"category": "Payload delivery",
"comment": "",
"deleted": false,
"disable_correlation": true,
"object_relation": "filename",
"timestamp": "1521466435",
"to_ids": true,
"type": "filename",
"uuid": "5aafbc43-7d68-4106-8ac2-4923950d210f",
"value": "Document.lnk"
},
{
"category": "Payload delivery",
"comment": "",
"deleted": false,
"disable_correlation": false,
"object_relation": "md5",
"timestamp": "1521466435",
"to_ids": true,
"type": "md5",
"uuid": "5aafbc43-f1dc-4303-a555-4251950d210f",
"value": "2c641a9348f1e0ccf9f38ee17f41b2da"
},
{
"category": "Other",
"comment": "",
"deleted": false,
"disable_correlation": true,
"object_relation": "state",
"timestamp": "1521466435",
"to_ids": false,
"type": "text",
"uuid": "5aafbc43-178c-44ec-99c6-4cf1950d210f",
"value": "Malicious"
}
]
},
{
"comment": "",
"deleted": false,
"description": "File object describing a file with meta-information",
"meta-category": "file",
"name": "file",
"template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215",
"template_version": "10",
"timestamp": "1521469161",
"uuid": "5aafc6e9-77f8-4860-bb6b-430e950d210f",
"Attribute": [
{
"category": "Payload delivery",
"comment": "",
"deleted": false,
"disable_correlation": true,
"object_relation": "filename",
"timestamp": "1521469161",
"to_ids": true,
"type": "filename",
"uuid": "5aafc6e9-95d8-46a5-a4d1-4f7d950d210f",
"value": "notepad.exe.lnk"
},
{
"category": "Payload delivery",
"comment": "",
"deleted": false,
"disable_correlation": false,
"object_relation": "md5",
"timestamp": "1521469161",
"to_ids": true,
"type": "md5",
"uuid": "5aafc6e9-1bb8-4a5c-8557-4830950d210f",
"value": "c3dc68e8d734968432c5dd5f6db444c7"
},
{
"category": "Other",
"comment": "",
"deleted": false,
"disable_correlation": true,
"object_relation": "state",
"timestamp": "1521469162",
"to_ids": false,
"type": "text",
"uuid": "5aafc6ea-c0cc-4a75-80d0-49b7950d210f",
"value": "Malicious"
}
]
},
{
"comment": "",
"deleted": false,
"description": "File object describing a file with meta-information",
"meta-category": "file",
"name": "file",
"template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215",
"template_version": "10",
"timestamp": "1521469351",
"uuid": "5aafc7a7-dc20-4498-a53b-4202950d210f",
"Attribute": [
{
"category": "Payload delivery",
"comment": "",
"deleted": false,
"disable_correlation": true,
"object_relation": "filename",
"timestamp": "1521469352",
"to_ids": true,
"type": "filename",
"uuid": "5aafc7a8-8b6c-4ac3-bf9c-430c950d210f",
"value": "SETROUTE.lnk"
},
{
"category": "Payload delivery",
"comment": "",
"deleted": false,
"disable_correlation": false,
"object_relation": "md5",
"timestamp": "1521469352",
"to_ids": true,
"type": "md5",
"uuid": "5aafc7a8-0c50-430e-9065-4d33950d210f",
"value": "12620d0cbcdfbdb04d01a18bbd497b8a"
},
{
"category": "Other",
"comment": "",
"deleted": false,
"disable_correlation": true,
"object_relation": "state",
"timestamp": "1521469352",
"to_ids": false,
"type": "text",
"uuid": "5aafc7a8-295c-4eed-9048-4fa2950d210f",
"value": "Malicious"
}
]
},
{
"comment": "",
"deleted": false,
"description": "File object describing a file with meta-information",
"meta-category": "file",
"name": "file",
"template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215",
"template_version": "10",
"timestamp": "1521471453",
"uuid": "5aafcfda-50d0-446b-8591-4212950d210f",
"ObjectReference": [
{
"comment": "",
"object_uuid": "5aafcfda-50d0-446b-8591-4212950d210f",
"referenced_uuid": "a8098016-54d1-4580-9c9c-0f774f7e5e71",
chg: [feed] added
2023-04-21 13:25:09 +00:00
"relationship_type": "analysed-with",
chg: [gen] updated
2023-12-14 14:30:15 +00:00
"timestamp": "1521493838",
"uuid": "5ab0274e-5f44-47fa-969d-277b02de0b81"
},
{
"comment": "",
"object_uuid": "5aafcfda-50d0-446b-8591-4212950d210f",
"referenced_uuid": "31025798-921f-4e1f-94ad-160e77001592",
chg: [feed] added
2023-04-21 13:25:09 +00:00
"relationship_type": "analysed-with",
chg: [gen] updated
2023-12-14 14:30:15 +00:00
"timestamp": "1521571868",
"uuid": "5ab1581c-a408-4407-ada6-e1c102de0b81"
}
],
"Attribute": [
{
"category": "Payload delivery",
"comment": "",
"deleted": false,
"disable_correlation": true,
"object_relation": "filename",
"timestamp": "1521471450",
"to_ids": true,
"type": "filename",
"uuid": "5aafcfda-3ee8-4fec-9655-42c3950d210f",
"value": "scr.exe"
},
{
"category": "Payload delivery",
"comment": "",
"deleted": false,
"disable_correlation": false,
"object_relation": "sha1",
"timestamp": "1521471450",
"to_ids": true,
"type": "sha1",
"uuid": "5aafcfda-b78c-4d4a-8c86-4c44950d210f",
"value": "793986fb79bc66807e28f233b52efa7c315862c8"
},
{
"category": "Payload delivery",
"comment": "",
"deleted": false,
"disable_correlation": false,
"object_relation": "sha256",
"timestamp": "1521471450",
"to_ids": true,
"type": "sha256",
"uuid": "5aafcfda-0a80-463a-9915-48a4950d210f",
"value": "2f159b71183a69928ba8f26b76772ec504aefeac71021b012bd006162e133731"
},
{
"category": "Payload delivery",
"comment": "",
"deleted": false,
"disable_correlation": false,
"object_relation": "md5",
"timestamp": "1521471451",
"to_ids": true,
"type": "md5",
"uuid": "5aafcfdb-c2b0-4ebb-8a46-4d4f950d210f",
"value": "db07e1740152e09610ea826655d27e8d"
},
{
"category": "Other",
"comment": "",
"deleted": false,
"disable_correlation": true,
"object_relation": "state",
"timestamp": "1521471451",
"to_ids": false,
"type": "text",
"uuid": "5aafcfdb-64f0-4012-a592-4a0f950d210f",
"value": "Malicious"
},
{
"category": "Payload delivery",
"comment": "",
"deleted": false,
"disable_correlation": false,
"object_relation": "ssdeep",
"timestamp": "1521471451",
"to_ids": true,
"type": "ssdeep",
"uuid": "5aafcfdb-aa68-4ba4-8493-4de0950d210f",
"value": "96:hDrKygLnAhjMbU7wUNsJzzrNXKyysV5d0b:hDmyg3w77Ns5nNaEK"
}
]
},
{
"comment": "",
"deleted": false,
"description": "File object describing a file with meta-information",
"meta-category": "file",
"name": "file",
"template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215",
"template_version": "10",
"timestamp": "1521471513",
"uuid": "5aafd016-ae84-45c4-b14f-43a6950d210f",
"ObjectReference": [
{
"comment": "",
"object_uuid": "5aafd016-ae84-45c4-b14f-43a6950d210f",
"referenced_uuid": "a466a89c-d8ef-4782-8897-f0b39085bf55",
chg: [feed] added
2023-04-21 13:25:09 +00:00
"relationship_type": "analysed-with",
chg: [gen] updated
2023-12-14 14:30:15 +00:00
"timestamp": "1521493838",
"uuid": "5ab0274e-242c-4bc6-becb-277b02de0b81"
},
{
"comment": "",
"object_uuid": "5aafd016-ae84-45c4-b14f-43a6950d210f",
"referenced_uuid": "dbf7cd6d-1439-4c5c-990a-cd5af23dea49",
chg: [feed] added
2023-04-21 13:25:09 +00:00
"relationship_type": "analysed-with",
chg: [gen] updated
2023-12-14 14:30:15 +00:00
"timestamp": "1521571868",
"uuid": "5ab1581c-ec68-46fb-89b3-e1c102de0b81"
}
],
"Attribute": [
{
"category": "Payload delivery",
"comment": "",
"deleted": false,
"disable_correlation": true,
"object_relation": "filename",
"timestamp": "1521471510",
"to_ids": true,
"type": "filename",
"uuid": "5aafd016-68ec-4b1b-a8ee-4bd1950d210f",
"value": "t.exe"
},
{
"category": "Payload delivery",
"comment": "",
"deleted": false,
"disable_correlation": false,
"object_relation": "sha1",
"timestamp": "1521471510",
"to_ids": true,
"type": "sha1",
"uuid": "5aafd016-c6b8-4622-a327-4526950d210f",
"value": "96489f3e5d8bfeb3a75250017191277e2d5d0bae"
},
{
"category": "Payload delivery",
"comment": "",
"deleted": false,
"disable_correlation": false,
"object_relation": "sha256",
"timestamp": "1521471510",
"to_ids": true,
"type": "sha256",
"uuid": "5aafd016-67e0-4933-84c4-4342950d210f",
"value": "070d7082a5abe1112615877214ec82241fd17e5bd465e24d794a470f699af88e"
},
{
"category": "Payload delivery",
"comment": "",
"deleted": false,
"disable_correlation": false,
"object_relation": "md5",
"timestamp": "1521471511",
"to_ids": true,
"type": "md5",
"uuid": "5aafd017-fd7c-4cf2-b9d1-4433950d210f",
"value": "acdb6d5c1d8c3f5e3c29c3605bffcf18"
},
{
"category": "Other",
"comment": "",
"deleted": false,
"disable_correlation": true,
"object_relation": "state",
"timestamp": "1521471511",
"to_ids": false,
"type": "text",
"uuid": "5aafd017-d7e8-4332-9b02-4a18950d210f",
"value": "Malicious"
},
{
"category": "Payload delivery",
"comment": "",
"deleted": false,
"disable_correlation": false,
"object_relation": "ssdeep",
"timestamp": "1521471511",
"to_ids": true,
"type": "ssdeep",
"uuid": "5aafd017-9ee8-45b0-aa32-4580950d210f",
"value": "768:nnUWy2YE7z0E9WwS/O0CHMBKXEjeS5TgfX/XZVNGzx:UWy2r7bt0IMBKXEj9TgfX/JV"
}
]
},
{
"comment": "",
"deleted": false,
"description": "File object describing a file with meta-information",
"meta-category": "file",
"name": "file",
"template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215",
"template_version": "10",
"timestamp": "1521471587",
"uuid": "5aafd060-eb10-4e15-84cf-40ca950d210f",
"ObjectReference": [
{
"comment": "",
"object_uuid": "5aafd060-eb10-4e15-84cf-40ca950d210f",
"referenced_uuid": "c90cf7a2-c522-4055-a791-65fe451876bc",
chg: [feed] added
2023-04-21 13:25:09 +00:00
"relationship_type": "analysed-with",
chg: [gen] updated
2023-12-14 14:30:15 +00:00
"timestamp": "1521493838",
"uuid": "5ab0274e-b3c0-49e9-b5a5-277b02de0b81"
},
{
"comment": "",
"object_uuid": "5aafd060-eb10-4e15-84cf-40ca950d210f",
"referenced_uuid": "eed7ce27-e8b2-4d01-bf3b-8540ba85e2c6",
chg: [feed] added
2023-04-21 13:25:09 +00:00
"relationship_type": "analysed-with",
chg: [gen] updated
2023-12-14 14:30:15 +00:00
"timestamp": "1521571868",
"uuid": "5ab1581c-bac8-4a33-8b8f-e1c102de0b81"
}
],
"Attribute": [
{
"category": "Payload delivery",
"comment": "",
"deleted": false,
"disable_correlation": true,
"object_relation": "filename",
"timestamp": "1521471584",
"to_ids": true,
"type": "filename",
"uuid": "5aafd060-999c-4c5c-80ef-4a40950d210f",
"value": "ms.ps1"
},
{
"category": "Payload delivery",
"comment": "",
"deleted": false,
"disable_correlation": false,
"object_relation": "sha1",
"timestamp": "1521471585",
"to_ids": true,
"type": "sha1",
"uuid": "5aafd061-d838-4d58-8367-41b6950d210f",
"value": "0d2b07df600285d1d8c49938bc2f79ad3eef5c77"
},
{
"category": "Payload delivery",
"comment": "",
"deleted": false,
"disable_correlation": false,
"object_relation": "sha256",
"timestamp": "1521471585",
"to_ids": true,
"type": "sha256",
"uuid": "5aafd061-0adc-4890-bbb9-44bf950d210f",
"value": "9b97290300abb68fb48480718e6318ee2cdd4f099aa6438010fb2f44803e0b58"
},
{
"category": "Payload delivery",
"comment": "",
"deleted": false,
"disable_correlation": false,
"object_relation": "md5",
"timestamp": "1521471585",
"to_ids": true,
"type": "md5",
"uuid": "5aafd061-0df0-4734-9959-4d49950d210f",
"value": "c1a030ea830a12a32e84a012dfb1679b"
},
{
"category": "Other",
"comment": "",
"deleted": false,
"disable_correlation": true,
"object_relation": "state",
"timestamp": "1521471586",
"to_ids": false,
"type": "text",
"uuid": "5aafd062-3c60-48ed-ae43-4d19950d210f",
"value": "Malicious"
},
{
"category": "Payload delivery",
"comment": "",
"deleted": false,
"disable_correlation": false,
"object_relation": "ssdeep",
"timestamp": "1521471586",
"to_ids": true,
"type": "ssdeep",
"uuid": "5aafd062-8360-4e46-aaa1-4cfc950d210f",
"value": "384:JjfbWoIQv8NiOTXTZu2qXymF7VrEr3QtSEXE+Jo:BfbLIQsByEF"
}
]
},
{
"comment": "",
"deleted": false,
"description": "File object describing a file with meta-information",
"meta-category": "file",
"name": "file",
"template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215",
"template_version": "10",
"timestamp": "1521471817",
"uuid": "5aafd146-b384-4965-9fd3-46a9950d210f",
"ObjectReference": [
{
"comment": "",
"object_uuid": "5aafd146-b384-4965-9fd3-46a9950d210f",
"referenced_uuid": "4e6ace53-c11b-490e-85cd-9b18d139fd3b",
chg: [feed] added
2023-04-21 13:25:09 +00:00
"relationship_type": "analysed-with",
chg: [gen] updated
2023-12-14 14:30:15 +00:00
"timestamp": "1521493839",
"uuid": "5ab0274f-f964-437b-9e99-277b02de0b81"
},
{
"comment": "",
"object_uuid": "5aafd146-b384-4965-9fd3-46a9950d210f",
"referenced_uuid": "cced1e71-a4a2-4b3f-9dba-4e0d6f790640",
chg: [feed] added
2023-04-21 13:25:09 +00:00
"relationship_type": "analysed-with",
chg: [gen] updated
2023-12-14 14:30:15 +00:00
"timestamp": "1521571868",
"uuid": "5ab1581c-3fd8-42a8-a837-e1c102de0b81"
}
],
"Attribute": [
{
"category": "Payload delivery",
"comment": "",
"deleted": false,
"disable_correlation": true,
"object_relation": "filename",
"timestamp": "1521471814",
"to_ids": true,
"type": "filename",
"uuid": "5aafd146-8e90-4582-a00f-47bd950d210f",
"value": "Invoke-Kerberoast.ps1"
},
{
"category": "Payload delivery",
"comment": "",
"deleted": false,
"disable_correlation": false,
"object_relation": "sha1",
"timestamp": "1521471815",
"to_ids": true,
"type": "sha1",
"uuid": "5aafd147-5110-451f-a170-4d74950d210f",
"value": "509f959f92210d8dd40710ba34548ae960864754"
},
{
"category": "Payload delivery",
"comment": "",
"deleted": false,
"disable_correlation": false,
"object_relation": "sha256",
"timestamp": "1521471815",
"to_ids": true,
"type": "sha256",
"uuid": "5aafd147-c9d0-4001-8378-4ea6950d210f",
"value": "72a28efb6e32e653b656ca32ccd44b3111145a695f6f6161965deebbdc437076"
},
{
"category": "Payload delivery",
"comment": "",
"deleted": false,
"disable_correlation": false,
"object_relation": "md5",
"timestamp": "1521471815",
"to_ids": true,
"type": "md5",
"uuid": "5aafd147-efe8-4c51-a1d9-4d89950d210f",
"value": "40d3d8795559a556a8897ec6e003fc91"
},
{
"category": "Other",
"comment": "",
"deleted": false,
"disable_correlation": true,
"object_relation": "state",
"timestamp": "1521471816",
"to_ids": false,
"type": "text",
"uuid": "5aafd148-fd70-4b47-9c63-463c950d210f",
"value": "Malicious"
},
{
"category": "Payload delivery",
"comment": "",
"deleted": false,
"disable_correlation": false,
"object_relation": "ssdeep",
"timestamp": "1521471816",
"to_ids": true,
"type": "ssdeep",
"uuid": "5aafd148-18b4-4e09-9d37-4109950d210f",
"value": "384:M60E5y1gJDnmiekDuxsW9EMmbWAvFit2w8KXvtmRFU9fDMti+MDHikDtYL30oJ:M60E5qgtWCbDvFOt/sFU9WjL3XJ"
}
]
},
{
"comment": "",
"deleted": false,
"description": "File object describing a file with meta-information",
"meta-category": "file",
"name": "file",
"template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215",
"template_version": "10",
"timestamp": "1521472180",
"uuid": "5aafd2b1-0b34-4136-9ee8-4e7b950d210f",
"ObjectReference": [
{
"comment": "",
"object_uuid": "5aafd2b1-0b34-4136-9ee8-4e7b950d210f",
"referenced_uuid": "174f8d3f-dc51-4988-bcf3-ca5b2afea2b9",
chg: [feed] added
2023-04-21 13:25:09 +00:00
"relationship_type": "analysed-with",
chg: [gen] updated
2023-12-14 14:30:15 +00:00
"timestamp": "1521493839",
"uuid": "5ab0274f-8514-4c4a-9d3d-277b02de0b81"
},
{
"comment": "",
"object_uuid": "5aafd2b1-0b34-4136-9ee8-4e7b950d210f",
"referenced_uuid": "c4f3b65c-59cf-439d-845e-e1e147898568",
chg: [feed] added
2023-04-21 13:25:09 +00:00
"relationship_type": "analysed-with",
chg: [gen] updated
2023-12-14 14:30:15 +00:00
"timestamp": "1521571868",
"uuid": "5ab1581c-19ac-484f-a698-e1c102de0b81"
}
],
"Attribute": [
{
"category": "Payload delivery",
"comment": "",
"deleted": false,
"disable_correlation": true,
"object_relation": "filename",
"timestamp": "1521472177",
"to_ids": true,
"type": "filename",
"uuid": "5aafd2b1-8ba8-471a-ab62-46db950d210f",
"value": "Get-GPPPassword.ps1"
},
{
"category": "Payload delivery",
"comment": "",
"deleted": false,
"disable_correlation": false,
"object_relation": "sha1",
"timestamp": "1521472178",
"to_ids": true,
"type": "sha1",
"uuid": "5aafd2b2-6edc-41bc-90ec-459a950d210f",
"value": "5388520f80c6ca3038445ebb3d6a51f3d90bf717"
},
{
"category": "Payload delivery",
"comment": "",
"deleted": false,
"disable_correlation": false,
"object_relation": "sha256",
"timestamp": "1521472178",
"to_ids": true,
"type": "sha256",
"uuid": "5aafd2b2-0374-484b-8bca-49ea950d210f",
"value": "f2943f5e45befa52fb12748ca7171d30096e1d4fc3c365561497c618341299d5"
},
{
"category": "Payload delivery",
"comment": "",
"deleted": false,
"disable_correlation": false,
"object_relation": "md5",
"timestamp": "1521472179",
"to_ids": true,
"type": "md5",
"uuid": "5aafd2b3-b318-41f3-9f4c-4f61950d210f",
"value": "451ce41809508b7f88a24caba884926c"
},
{
"category": "Other",
"comment": "",
"deleted": false,
"disable_correlation": true,
"object_relation": "state",
"timestamp": "1521472179",
"to_ids": false,
"type": "text",
"uuid": "5aafd2b3-1d90-4ab6-9761-4744950d210f",
"value": "Malicious"
},
{
"category": "Payload delivery",
"comment": "",
"deleted": false,
"disable_correlation": false,
"object_relation": "ssdeep",
"timestamp": "1521472179",
"to_ids": true,
"type": "ssdeep",
"uuid": "5aafd2b3-b0b0-4d59-84f0-4727950d210f",
"value": "192:W6+ixcZOnxue/Zp1vS1uUAQRNQQjiTNZFx2NRWCZNBLTSNGaM6NMeM8SkY69mZM3:3jxcZOnxu4p1qBAgAWvag621oign"
}
]
},
{
"comment": "",
"deleted": false,
"description": "File object describing a file with meta-information",
"meta-category": "file",
"name": "file",
"template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215",
"template_version": "10",
"timestamp": "1521472719",
"uuid": "5aafd4cf-7630-4d4b-ba7e-474b950d210f",
"Attribute": [
{
"category": "Payload delivery",
"comment": "",
"deleted": false,
"disable_correlation": true,
"object_relation": "filename",
"timestamp": "1521472719",
"to_ids": true,
"type": "filename",
"uuid": "5aafd4cf-3f34-4070-ba68-4158950d210f",
"value": "ASREPRoast.ps1"
},
{
"category": "Payload delivery",
"comment": "",
"deleted": false,
"disable_correlation": false,
"object_relation": "md5",
"timestamp": "1521472720",
"to_ids": true,
"type": "md5",
"uuid": "5aafd4d0-a4b4-480d-9c6e-4f8f950d210f",
"value": "8a39bfe18d912dbcc940d05d692efeb9"
},
{
"category": "Other",
"comment": "",
"deleted": false,
"disable_correlation": true,
"object_relation": "state",
"timestamp": "1521472720",
"to_ids": false,
"type": "text",
"uuid": "5aafd4d0-5828-4d22-bafc-4d96950d210f",
"value": "Malicious"
}
]
},
{
"comment": "",
"deleted": false,
"description": "File object describing a file with meta-information",
"meta-category": "file",
"name": "file",
"template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215",
"template_version": "10",
"timestamp": "1521472740",
"uuid": "5aafd4e4-32ec-4efd-8e1c-4f87950d210f",
"Attribute": [
{
"category": "Payload delivery",
"comment": "",
"deleted": false,
"disable_correlation": true,
"object_relation": "filename",
"timestamp": "1521472740",
"to_ids": true,
"type": "filename",
"uuid": "5aafd4e4-626c-47f0-99f9-46ef950d210f",
"value": "calc.exe"
},
{
"category": "Payload delivery",
"comment": "",
"deleted": false,
"disable_correlation": false,
"object_relation": "md5",
"timestamp": "1521472740",
"to_ids": true,
"type": "md5",
"uuid": "5aafd4e4-da88-4ff0-aaeb-4358950d210f",
"value": "3cc0d3a05cd0cef8294506f37a0b8a00"
},
{
"category": "Other",
"comment": "",
"deleted": false,
"disable_correlation": true,
"object_relation": "state",
"timestamp": "1521472741",
"to_ids": false,
"type": "text",
"uuid": "5aafd4e5-f158-4d11-9f00-49e9950d210f",
"value": "Malicious"
}
]
},
{
"comment": "",
"deleted": false,
"description": "File object describing a file with meta-information",
"meta-category": "file",
"name": "file",
"template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215",
"template_version": "10",
"timestamp": "1521472761",
"uuid": "5aafd4f9-e618-456b-b1b2-495d950d210f",
"Attribute": [
{
"category": "Payload delivery",
"comment": "",
"deleted": false,
"disable_correlation": true,
"object_relation": "filename",
"timestamp": "1521472762",
"to_ids": true,
"type": "filename",
"uuid": "5aafd4fa-c4d4-4cfd-8298-4e97950d210f",
"value": "dit.bat"
},
{
"category": "Payload delivery",
"comment": "",
"deleted": false,
"disable_correlation": false,
"object_relation": "md5",
"timestamp": "1521472762",
"to_ids": true,
"type": "md5",
"uuid": "5aafd4fa-e25c-4607-918f-4fac950d210f",
"value": "b6ca04cc59805e2680d77a71d9d7bd2f"
},
{
"category": "Other",
"comment": "",
"deleted": false,
"disable_correlation": true,
"object_relation": "state",
"timestamp": "1521472762",
"to_ids": false,
"type": "text",
"uuid": "5aafd4fa-c5b8-43fe-9e11-442e950d210f",
"value": "Malicious"
}
]
},
{
"comment": "",
"deleted": false,
"description": "File object describing a file with meta-information",
"meta-category": "file",
"name": "file",
"template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215",
"template_version": "10",
"timestamp": "1521473548",
"uuid": "5aafd80c-ddd8-4fb3-ab18-4df7950d210f",
"Attribute": [
{
"category": "Payload delivery",
"comment": "",
"deleted": false,
"disable_correlation": true,
"object_relation": "filename",
"timestamp": "1521473548",
"to_ids": true,
"type": "filename",
"uuid": "5aafd80c-9558-45da-9150-4d49950d210f",
"value": "global.aspx"
},
{
"category": "Payload delivery",
"comment": "",
"deleted": false,
"disable_correlation": false,
"object_relation": "md5",
"timestamp": "1521473548",
"to_ids": true,
"type": "md5",
"uuid": "5aafd80c-695c-4c72-b56c-47a0950d210f",
"value": "2c9095c965a55efc46e16b86f9b7d6c6"
},
{
"category": "Other",
"comment": "",
"deleted": false,
"disable_correlation": true,
"object_relation": "state",
"timestamp": "1521473549",
"to_ids": false,
"type": "text",
"uuid": "5aafd80d-45fc-45cb-bac9-4651950d210f",
"value": "Malicious"
}
]
},
{
"comment": "",
"deleted": false,
"description": "File object describing a file with meta-information",
"meta-category": "file",
"name": "file",
"template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215",
"template_version": "10",
"timestamp": "1521473568",
"uuid": "5aafd820-7680-4d33-b9b3-49a2950d210f",
"Attribute": [
{
"category": "Payload delivery",
"comment": "",
"deleted": false,
"disable_correlation": true,
"object_relation": "filename",
"timestamp": "1521473568",
"to_ids": true,
"type": "filename",
"uuid": "5aafd820-52a0-4fff-9f12-4c57950d210f",
"value": "inst.exe"
},
{
"category": "Payload delivery",
"comment": "",
"deleted": false,
"disable_correlation": false,
"object_relation": "md5",
"timestamp": "1521473568",
"to_ids": true,
"type": "md5",
"uuid": "5aafd820-2e38-4b5f-9af2-439d950d210f",
"value": "765fcd7588b1d94008975c4627c8feb6"
},
{
"category": "Other",
"comment": "",
"deleted": false,
"disable_correlation": true,
"object_relation": "state",
"timestamp": "1521473569",
"to_ids": false,
"type": "text",
"uuid": "5aafd821-8c18-47a1-9c98-4720950d210f",
"value": "Malicious"
}
]
},
{
"comment": "",
"deleted": false,
"description": "File object describing a file with meta-information",
"meta-category": "file",
"name": "file",
"template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215",
"template_version": "10",
"timestamp": "1521473586",
"uuid": "5aafd832-89d8-4f6d-9075-4b79950d210f",
"Attribute": [
{
"category": "Payload delivery",
"comment": "",
"deleted": false,
"disable_correlation": true,
"object_relation": "filename",
"timestamp": "1521473586",
"to_ids": true,
"type": "filename",
"uuid": "5aafd832-9308-4118-bf24-49fc950d210f",
"value": "install.bat"
},
{
"category": "Payload delivery",
"comment": "",
"deleted": false,
"disable_correlation": false,
"object_relation": "md5",
"timestamp": "1521473586",
"to_ids": true,
"type": "md5",
"uuid": "5aafd832-46a8-42bd-8782-4e31950d210f",
"value": "1caa374b5a53e34e161c59d18ce6fdff"
},
{
"category": "Other",
"comment": "",
"deleted": false,
"disable_correlation": true,
"object_relation": "state",
"timestamp": "1521473587",
"to_ids": false,
"type": "text",
"uuid": "5aafd833-d97c-42f1-9ed9-4879950d210f",
"value": "Malicious"
}
]
},
{
"comment": "",
"deleted": false,
"description": "File object describing a file with meta-information",
"meta-category": "file",
"name": "file",
"template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215",
"template_version": "10",
"timestamp": "1521473619",
"uuid": "5aafd853-4398-4544-bb59-47d7950d210f",
"Attribute": [
{
"category": "Payload delivery",
"comment": "",
"deleted": false,
"disable_correlation": true,
"object_relation": "filename",
"timestamp": "1521473619",
"to_ids": true,
"type": "filename",
"uuid": "5aafd853-4370-4db6-b7c4-4bd5950d210f",
"value": "mk64.zip"
},
{
"category": "Payload delivery",
"comment": "",
"deleted": false,
"disable_correlation": false,
"object_relation": "md5",
"timestamp": "1521473619",
"to_ids": true,
"type": "md5",
"uuid": "5aafd853-a854-4cea-9018-462b950d210f",
"value": "c34cb67845a88f1a9c22ceaad46f584b"
},
{
"category": "Other",
"comment": "",
"deleted": false,
"disable_correlation": true,
"object_relation": "state",
"timestamp": "1521473620",
"to_ids": false,
"type": "text",
"uuid": "5aafd854-4844-4eda-a39a-4a6e950d210f",
"value": "Malicious"
}
]
},
{
"comment": "",
"deleted": false,
"description": "File object describing a file with meta-information",
"meta-category": "file",
"name": "file",
"template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215",
"template_version": "10",
"timestamp": "1521473682",
"uuid": "5aafd892-9f98-41a5-b34d-4ba3950d210f",
"Attribute": [
{
"category": "Payload delivery",
"comment": "",
"deleted": false,
"disable_correlation": true,
"object_relation": "filename",
"timestamp": "1521473682",
"to_ids": true,
"type": "filename",
"uuid": "5aafd892-c1f8-4aac-9eb7-41d8950d210f",
"value": "PowerView.ps1"
},
{
"category": "Payload delivery",
"comment": "",
"deleted": false,
"disable_correlation": false,
"object_relation": "md5",
"timestamp": "1521473682",
"to_ids": true,
"type": "md5",
"uuid": "5aafd892-f830-4a9a-a382-475e950d210f",
"value": "661cc9179a724c41e6712ce3f5aeadfd"
},
{
"category": "Other",
"comment": "",
"deleted": false,
"disable_correlation": true,
"object_relation": "state",
"timestamp": "1521473683",
"to_ids": false,
"type": "text",
"uuid": "5aafd893-52ac-4317-819d-413f950d210f",
"value": "Malicious"
}
]
},
{
"comment": "",
"deleted": false,
"description": "File object describing a file with meta-information",
"meta-category": "file",
"name": "file",
"template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215",
"template_version": "10",
"timestamp": "1521473709",
"uuid": "5aafd8ad-f9b0-4f8c-b332-4ce3950d210f",
"Attribute": [
{
"category": "Payload delivery",
"comment": "",
"deleted": false,
"disable_correlation": true,
"object_relation": "filename",
"timestamp": "1521473709",
"to_ids": true,
"type": "filename",
"uuid": "5aafd8ad-569c-48f6-bb44-4e2f950d210f",
"value": "pps.bat"
},
{
"category": "Payload delivery",
"comment": "",
"deleted": false,
"disable_correlation": false,
"object_relation": "md5",
"timestamp": "1521473709",
"to_ids": true,
"type": "md5",
"uuid": "5aafd8ad-75bc-4344-a4b3-45c8950d210f",
"value": "901fd9aeeaca9631902bccd6bdd89f74"
},
{
"category": "Other",
"comment": "",
"deleted": false,
"disable_correlation": true,
"object_relation": "state",
"timestamp": "1521473709",
"to_ids": false,
"type": "text",
"uuid": "5aafd8ad-1974-4a63-ab53-4006950d210f",
"value": "Malicious"
}
]
},
{
"comment": "",
"deleted": false,
"description": "File object describing a file with meta-information",
"meta-category": "file",
"name": "file",
"template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215",
"template_version": "10",
"timestamp": "1521473726",
"uuid": "5aafd8be-76e4-4c72-b99b-400f950d210f",
"Attribute": [
{
"category": "Payload delivery",
"comment": "",
"deleted": false,
"disable_correlation": true,
"object_relation": "filename",
"timestamp": "1521473726",
"to_ids": true,
"type": "filename",
"uuid": "5aafd8be-2014-4616-9b36-4f3a950d210f",
"value": "pps.exe"
},
{
"category": "Payload delivery",
"comment": "",
"deleted": false,
"disable_correlation": false,
"object_relation": "md5",
"timestamp": "1521473726",
"to_ids": true,
"type": "md5",
"uuid": "5aafd8be-3bb0-429d-8026-4ddf950d210f",
"value": "1ce20b4e7a561f0ac5c6c515975b70a5"
},
{
"category": "Other",
"comment": "",
"deleted": false,
"disable_correlation": true,
"object_relation": "state",
"timestamp": "1521473727",
"to_ids": false,
"type": "text",
"uuid": "5aafd8bf-7300-4985-977d-42bd950d210f",
"value": "Malicious"
}
]
},
{
"comment": "",
"deleted": false,
"description": "VirusTotal report",
"meta-category": "misc",
"name": "virustotal-report",
"template_uuid": "d7dd0154-e04f-4c34-a2fb-79f3a3a52aa4",
"template_version": "1",
"timestamp": "1521493825",
"uuid": "68aa5eb6-0404-4285-b4b9-3f6bd1ac804c",
"Attribute": [
{
"category": "External analysis",
"comment": "",
"deleted": false,
"disable_correlation": false,
"object_relation": "permalink",
"timestamp": "1521493825",
"to_ids": false,
"type": "link",
"uuid": "5ab02741-69e4-4908-8205-277b02de0b81",
"value": "https://www.virustotal.com/file/6401abe9b6e90411dc48ffc863c40c9d9b073590a8014fe1b0e6c2ecab2f7e18/analysis/1521302135/"
},
{
"category": "Other",
"comment": "",
"deleted": false,
"disable_correlation": true,
"object_relation": "detection-ratio",
"timestamp": "1521493826",
"to_ids": false,
"type": "text",
"uuid": "5ab02742-e268-4ba5-bbb4-277b02de0b81",
"value": "24/57"
},
{
"category": "Other",
"comment": "",
"deleted": false,
"disable_correlation": false,
"object_relation": "last-submission",
"timestamp": "1521493826",
"to_ids": false,
"type": "datetime",
"uuid": "5ab02742-bc90-471c-8c97-277b02de0b81",
"value": "2018-03-17T15:55:35"
}
]
},
{
"comment": "",
"deleted": false,
"description": "File object describing a file with meta-information",
"meta-category": "file",
"name": "file",
"template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215",
"template_version": "7",
"timestamp": "1521493829",
"uuid": "ee89f074-993e-4d98-ab7e-bf03843107c1",
"ObjectReference": [
{
"comment": "",
"object_uuid": "ee89f074-993e-4d98-ab7e-bf03843107c1",
"referenced_uuid": "60e4dfd5-2356-436c-b272-ed04a971d8a9",
chg: [feed] added
2023-04-21 13:25:09 +00:00
"relationship_type": "analysed-with",
chg: [gen] updated
2023-12-14 14:30:15 +00:00
"timestamp": "1521493839",
"uuid": "5ab0274f-e958-4d17-8c43-277b02de0b81"
},
{
"comment": "",
"object_uuid": "ee89f074-993e-4d98-ab7e-bf03843107c1",
"referenced_uuid": "e5412ec5-9117-48af-ad6a-302b656170d5",
chg: [feed] added
2023-04-21 13:25:09 +00:00
"relationship_type": "analysed-with",
chg: [gen] updated
2023-12-14 14:30:15 +00:00
"timestamp": "1521571868",
"uuid": "5ab1581c-9df4-444c-8832-e1c102de0b81"
}
],
"Attribute": [
{
"category": "Payload delivery",
"comment": "",
"deleted": false,
"disable_correlation": false,
"object_relation": "sha1",
"timestamp": "1521493826",
"to_ids": true,
"type": "sha1",
"uuid": "5ab02742-670c-47a7-bb4b-277b02de0b81",
"value": "2872dcdf108563d16b6cf2ed383626861fc541d2"
},
{
"category": "Payload delivery",
"comment": "",
"deleted": false,
"disable_correlation": false,
"object_relation": "sha256",
"timestamp": "1521493827",
"to_ids": true,
"type": "sha256",
"uuid": "5ab02743-2d14-4ca2-a4a3-277b02de0b81",
"value": "ac6c1df3895af63b864bb33bf30cb31059e247443ddb8f23517849362ec94f08"
},
{
"category": "Payload delivery",
"comment": "",
"deleted": false,
"disable_correlation": false,
"object_relation": "md5",
"timestamp": "1521493827",
"to_ids": true,
"type": "md5",
"uuid": "5ab02743-003c-4592-90a8-277b02de0b81",
"value": "722154a36f32ba10e98020a8ad758a7a"
}
]
},
{
"comment": "",
"deleted": false,
"description": "VirusTotal report",
"meta-category": "misc",
"name": "virustotal-report",
"template_uuid": "d7dd0154-e04f-4c34-a2fb-79f3a3a52aa4",
"template_version": "1",
"timestamp": "1521493828",
"uuid": "60e4dfd5-2356-436c-b272-ed04a971d8a9",
"Attribute": [
{
"category": "External analysis",
"comment": "",
"deleted": false,
"disable_correlation": false,
"object_relation": "permalink",
"timestamp": "1521493828",
"to_ids": false,
"type": "link",
"uuid": "5ab02744-10c8-4e40-97d8-277b02de0b81",
"value": "https://www.virustotal.com/file/ac6c1df3895af63b864bb33bf30cb31059e247443ddb8f23517849362ec94f08/analysis/1521303125/"
},
{
"category": "Other",
"comment": "",
"deleted": false,
"disable_correlation": true,
"object_relation": "detection-ratio",
"timestamp": "1521493828",
"to_ids": false,
"type": "text",
"uuid": "5ab02744-92d4-45ff-8412-277b02de0b81",
"value": "31/60"
},
{
"category": "Other",
"comment": "",
"deleted": false,
"disable_correlation": false,
"object_relation": "last-submission",
"timestamp": "1521493828",
"to_ids": false,
"type": "datetime",
"uuid": "5ab02744-1c84-44a7-b6f4-277b02de0b81",
"value": "2018-03-17T16:12:05"
}
]
},
{
"comment": "",
"deleted": false,
"description": "File object describing a file with meta-information",
"meta-category": "file",
"name": "file",
"template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215",
"template_version": "7",
"timestamp": "1521493832",
"uuid": "f813c138-e77b-46f1-96dd-e7379a6aeb0a",
"ObjectReference": [
{
"comment": "",
"object_uuid": "f813c138-e77b-46f1-96dd-e7379a6aeb0a",
"referenced_uuid": "d80c3aaa-a450-4349-9cc8-59ff3e6e8334",
chg: [feed] added
2023-04-21 13:25:09 +00:00
"relationship_type": "analysed-with",
chg: [gen] updated
2023-12-14 14:30:15 +00:00
"timestamp": "1521493839",
"uuid": "5ab0274f-cad8-4934-a268-277b02de0b81"
}
],
"Attribute": [
{
"category": "Payload delivery",
"comment": "",
"deleted": false,
"disable_correlation": false,
"object_relation": "sha1",
"timestamp": "1521493829",
"to_ids": true,
"type": "sha1",
"uuid": "5ab02745-045c-4de1-aacc-277b02de0b81",
"value": "be0a15d1aa85c9d39c4757efda861da014156d31"
},
{
"category": "Payload delivery",
"comment": "",
"deleted": false,
"disable_correlation": false,
"object_relation": "sha256",
"timestamp": "1521493830",
"to_ids": true,
"type": "sha256",
"uuid": "5ab02746-10fc-4fc0-a4fc-277b02de0b81",
"value": "fcc093a79fae9b92e69c99bb28f9ae12939e4e1327a371eeac9207e346eccdb4"
},
{
"category": "Payload delivery",
"comment": "",
"deleted": false,
"disable_correlation": false,
"object_relation": "md5",
"timestamp": "1521493830",
"to_ids": true,
"type": "md5",
"uuid": "5ab02746-b604-4edd-8058-277b02de0b81",
"value": "e29d1f5d79cd906f75c88177c7f6168e"
}
]
},
{
"comment": "",
"deleted": false,
"description": "VirusTotal report",
"meta-category": "misc",
"name": "virustotal-report",
"template_uuid": "d7dd0154-e04f-4c34-a2fb-79f3a3a52aa4",
"template_version": "1",
"timestamp": "1521493830",
"uuid": "d80c3aaa-a450-4349-9cc8-59ff3e6e8334",
"Attribute": [
{
"category": "External analysis",
"comment": "",
"deleted": false,
"disable_correlation": false,
"object_relation": "permalink",
"timestamp": "1521493830",
"to_ids": false,
"type": "link",
"uuid": "5ab02746-b8d8-4428-ba6d-277b02de0b81",
"value": "https://www.virustotal.com/file/fcc093a79fae9b92e69c99bb28f9ae12939e4e1327a371eeac9207e346eccdb4/analysis/1521141310/"
},
{
"category": "Other",
"comment": "",
"deleted": false,
"disable_correlation": true,
"object_relation": "detection-ratio",
"timestamp": "1521493831",
"to_ids": false,
"type": "text",
"uuid": "5ab02747-1be4-4393-a973-277b02de0b81",
"value": "24/59"
},
{
"category": "Other",
"comment": "",
"deleted": false,
"disable_correlation": false,
"object_relation": "last-submission",
"timestamp": "1521493831",
"to_ids": false,
"type": "datetime",
"uuid": "5ab02747-4858-4a3e-b5b4-277b02de0b81",
"value": "2018-03-15T19:15:10"
}
]
},
{
"comment": "",
"deleted": false,
"description": "VirusTotal report",
"meta-category": "misc",
"name": "virustotal-report",
"template_uuid": "d7dd0154-e04f-4c34-a2fb-79f3a3a52aa4",
"template_version": "1",
"timestamp": "1521493831",
"uuid": "a5cf7d41-3fd8-4f9e-8efa-17f99229ab80",
"Attribute": [
{
"category": "External analysis",
"comment": "",
"deleted": false,
"disable_correlation": false,
"object_relation": "permalink",
"timestamp": "1521493831",
"to_ids": false,
"type": "link",
"uuid": "5ab02747-92d0-4cd8-a189-277b02de0b81",
"value": "https://www.virustotal.com/file/a278256fbf2f061cfded7fdd58feded6765fade730374c508adad89282f67d77/analysis/1521140874/"
},
{
"category": "Other",
"comment": "",
"deleted": false,
"disable_correlation": true,
"object_relation": "detection-ratio",
"timestamp": "1521493832",
"to_ids": false,
"type": "text",
"uuid": "5ab02748-7564-405a-a246-277b02de0b81",
"value": "45/66"
},
{
"category": "Other",
"comment": "",
"deleted": false,
"disable_correlation": false,
"object_relation": "last-submission",
"timestamp": "1521493832",
"to_ids": false,
"type": "datetime",
"uuid": "5ab02748-0e40-4dea-be83-277b02de0b81",
"value": "2018-03-15T19:07:54"
}
]
},
{
"comment": "",
"deleted": false,
"description": "VirusTotal report",
"meta-category": "misc",
"name": "virustotal-report",
"template_uuid": "d7dd0154-e04f-4c34-a2fb-79f3a3a52aa4",
"template_version": "1",
"timestamp": "1521493832",
"uuid": "db67a0ca-ab6e-4d10-ba16-96b2c18ef120",
"Attribute": [
{
"category": "External analysis",
"comment": "",
"deleted": false,
"disable_correlation": false,
"object_relation": "permalink",
"timestamp": "1521493832",
"to_ids": false,
"type": "link",
"uuid": "5ab02748-90a0-42ed-a7d1-277b02de0b81",
"value": "https://www.virustotal.com/file/f8dbabdfa03068130c277ce49c60e35c029ff29d9e3c74c362521f3fb02670d5/analysis/1521206204/"
},
{
"category": "Other",
"comment": "",
"deleted": false,
"disable_correlation": true,
"object_relation": "detection-ratio",
"timestamp": "1521493833",
"to_ids": false,
"type": "text",
"uuid": "5ab02749-3adc-421b-a393-277b02de0b81",
"value": "1/64"
},
{
"category": "Other",
"comment": "",
"deleted": false,
"disable_correlation": false,
"object_relation": "last-submission",
"timestamp": "1521493833",
"to_ids": false,
"type": "datetime",
"uuid": "5ab02749-5c94-495c-a025-277b02de0b81",
"value": "2018-03-16T13:16:44"
}
]
},
{
"comment": "",
"deleted": false,
"description": "VirusTotal report",
"meta-category": "misc",
"name": "virustotal-report",
"template_uuid": "d7dd0154-e04f-4c34-a2fb-79f3a3a52aa4",
"template_version": "1",
"timestamp": "1521493833",
"uuid": "c90cf7a2-c522-4055-a791-65fe451876bc",
"Attribute": [
{
"category": "External analysis",
"comment": "",
"deleted": false,
"disable_correlation": false,
"object_relation": "permalink",
"timestamp": "1521493833",
"to_ids": false,
"type": "link",
"uuid": "5ab02749-e49c-49e5-afdc-277b02de0b81",
"value": "https://www.virustotal.com/file/9b97290300abb68fb48480718e6318ee2cdd4f099aa6438010fb2f44803e0b58/analysis/1521302794/"
},
{
"category": "Other",
"comment": "",
"deleted": false,
"disable_correlation": true,
"object_relation": "detection-ratio",
"timestamp": "1521493834",
"to_ids": false,
"type": "text",
"uuid": "5ab0274a-ecbc-4920-90c1-277b02de0b81",
"value": "25/58"
},
{
"category": "Other",
"comment": "",
"deleted": false,
"disable_correlation": false,
"object_relation": "last-submission",
"timestamp": "1521493834",
"to_ids": false,
"type": "datetime",
"uuid": "5ab0274a-c950-4276-894e-277b02de0b81",
"value": "2018-03-17T16:06:34"
}
]
},
{
"comment": "",
"deleted": false,
"description": "VirusTotal report",
"meta-category": "misc",
"name": "virustotal-report",
"template_uuid": "d7dd0154-e04f-4c34-a2fb-79f3a3a52aa4",
"template_version": "1",
"timestamp": "1521493834",
"uuid": "a8098016-54d1-4580-9c9c-0f774f7e5e71",
"Attribute": [
{
"category": "External analysis",
"comment": "",
"deleted": false,
"disable_correlation": false,
"object_relation": "permalink",
"timestamp": "1521493834",
"to_ids": false,
"type": "link",
"uuid": "5ab0274a-a7b4-492d-bd1b-277b02de0b81",
"value": "https://www.virustotal.com/file/2f159b71183a69928ba8f26b76772ec504aefeac71021b012bd006162e133731/analysis/1521302917/"
},
{
"category": "Other",
"comment": "",
"deleted": false,
"disable_correlation": true,
"object_relation": "detection-ratio",
"timestamp": "1521493835",
"to_ids": false,
"type": "text",
"uuid": "5ab0274b-52d0-4f50-b03d-277b02de0b81",
"value": "38/66"
},
{
"category": "Other",
"comment": "",
"deleted": false,
"disable_correlation": false,
"object_relation": "last-submission",
"timestamp": "1521493835",
"to_ids": false,
"type": "datetime",
"uuid": "5ab0274b-5b00-4848-b147-277b02de0b81",
"value": "2018-03-17T16:08:37"
}
]
},
{
"comment": "",
"deleted": false,
"description": "VirusTotal report",
"meta-category": "misc",
"name": "virustotal-report",
"template_uuid": "d7dd0154-e04f-4c34-a2fb-79f3a3a52aa4",
"template_version": "1",
"timestamp": "1521493835",
"uuid": "4e6ace53-c11b-490e-85cd-9b18d139fd3b",
"Attribute": [
{
"category": "External analysis",
"comment": "",
"deleted": false,
"disable_correlation": false,
"object_relation": "permalink",
"timestamp": "1521493835",
"to_ids": false,
"type": "link",
"uuid": "5ab0274b-26ec-49d7-919d-277b02de0b81",
"value": "https://www.virustotal.com/file/72a28efb6e32e653b656ca32ccd44b3111145a695f6f6161965deebbdc437076/analysis/1521306629/"
},
{
"category": "Other",
"comment": "",
"deleted": false,
"disable_correlation": true,
"object_relation": "detection-ratio",
"timestamp": "1521493835",
"to_ids": false,
"type": "text",
"uuid": "5ab0274b-ebe0-412c-a2e3-277b02de0b81",
"value": "10/59"
},
{
"category": "Other",
"comment": "",
"deleted": false,
"disable_correlation": false,
"object_relation": "last-submission",
"timestamp": "1521493835",
"to_ids": false,
"type": "datetime",
"uuid": "5ab0274b-9034-4632-88b8-277b02de0b81",
"value": "2018-03-17T17:10:29"
}
]
},
{
"comment": "",
"deleted": false,
"description": "VirusTotal report",
"meta-category": "misc",
"name": "virustotal-report",
"template_uuid": "d7dd0154-e04f-4c34-a2fb-79f3a3a52aa4",
"template_version": "1",
"timestamp": "1521493836",
"uuid": "174f8d3f-dc51-4988-bcf3-ca5b2afea2b9",
"Attribute": [
{
"category": "External analysis",
"comment": "",
"deleted": false,
"disable_correlation": false,
"object_relation": "permalink",
"timestamp": "1521493836",
"to_ids": false,
"type": "link",
"uuid": "5ab0274c-e5d4-47f9-9a0b-277b02de0b81",
"value": "https://www.virustotal.com/file/f2943f5e45befa52fb12748ca7171d30096e1d4fc3c365561497c618341299d5/analysis/1521302528/"
},
{
"category": "Other",
"comment": "",
"deleted": false,
"disable_correlation": true,
"object_relation": "detection-ratio",
"timestamp": "1521493836",
"to_ids": false,
"type": "text",
"uuid": "5ab0274c-8b48-4cbd-b63c-277b02de0b81",
"value": "25/58"
},
{
"category": "Other",
"comment": "",
"deleted": false,
"disable_correlation": false,
"object_relation": "last-submission",
"timestamp": "1521493836",
"to_ids": false,
"type": "datetime",
"uuid": "5ab0274c-19dc-4561-906b-277b02de0b81",
"value": "2018-03-17T16:02:08"
}
]
},
{
"comment": "",
"deleted": false,
"description": "VirusTotal report",
"meta-category": "misc",
"name": "virustotal-report",
"template_uuid": "d7dd0154-e04f-4c34-a2fb-79f3a3a52aa4",
"template_version": "1",
"timestamp": "1521493837",
"uuid": "a466a89c-d8ef-4782-8897-f0b39085bf55",
"Attribute": [
{
"category": "External analysis",
"comment": "",
"deleted": false,
"disable_correlation": false,
"object_relation": "permalink",
"timestamp": "1521493837",
"to_ids": false,
"type": "link",
"uuid": "5ab0274d-84a8-4e56-b52c-277b02de0b81",
"value": "https://www.virustotal.com/file/070d7082a5abe1112615877214ec82241fd17e5bd465e24d794a470f699af88e/analysis/1521467286/"
},
{
"category": "Other",
"comment": "",
"deleted": false,
"disable_correlation": true,
"object_relation": "detection-ratio",
"timestamp": "1521493837",
"to_ids": false,
"type": "text",
"uuid": "5ab0274d-cff0-4d30-8053-277b02de0b81",
"value": "2/66"
},
{
"category": "Other",
"comment": "",
"deleted": false,
"disable_correlation": false,
"object_relation": "last-submission",
"timestamp": "1521493837",
"to_ids": false,
"type": "datetime",
"uuid": "5ab0274d-87f4-40fa-b60e-277b02de0b81",
"value": "2018-03-19T13:48:06"
}
]
},
{
"comment": "",
"deleted": false,
"description": "File object describing a file with meta-information",
"meta-category": "file",
"name": "file",
"template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215",
"template_version": "10",
"timestamp": "1521530630",
"uuid": "5ab0b706-4d88-4569-94fb-4661950d210f",
"Attribute": [
{
"category": "Payload delivery",
"comment": "",
"deleted": false,
"disable_correlation": true,
"object_relation": "filename",
"timestamp": "1521530630",
"to_ids": true,
"type": "filename",
"uuid": "5ab0b706-aa98-44c2-9c87-4591950d210f",
"value": "enu.cmd"
},
{
"category": "Payload delivery",
"comment": "",
"deleted": false,
"disable_correlation": false,
"object_relation": "md5",
"timestamp": "1521530631",
"to_ids": true,
"type": "md5",
"uuid": "5ab0b707-4538-4f03-b81c-4892950d210f",
"value": "bcf823eeee02967b49b764e22319c79f"
},
{
"category": "Other",
"comment": "",
"deleted": false,
"disable_correlation": true,
"object_relation": "state",
"timestamp": "1521530631",
"to_ids": false,
"type": "text",
"uuid": "5ab0b707-8448-4ba4-9a40-48a8950d210f",
"value": "Malicious"
}
]
},
{
"comment": "",
"deleted": false,
"description": "File object describing a file with meta-information",
"meta-category": "file",
"name": "file",
"template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215",
"template_version": "10",
"timestamp": "1521530687",
"uuid": "5ab0b73f-8870-4960-8a24-46ec950d210f",
"Attribute": [
{
"category": "Payload delivery",
"comment": "",
"deleted": false,
"disable_correlation": true,
"object_relation": "filename",
"timestamp": "1521530688",
"to_ids": true,
"type": "filename",
"uuid": "5ab0b740-a18c-4e83-9372-4610950d210f",
"value": "upd.bat"
},
{
"category": "Payload delivery",
"comment": "",
"deleted": false,
"disable_correlation": false,
"object_relation": "md5",
"timestamp": "1521530688",
"to_ids": true,
"type": "md5",
"uuid": "5ab0b740-b474-45c9-bcb2-4407950d210f",
"value": "619528e52a31d1d348acb2077e2fc240"
},
{
"category": "Other",
"comment": "",
"deleted": false,
"disable_correlation": true,
"object_relation": "state",
"timestamp": "1521530688",
"to_ids": false,
"type": "text",
"uuid": "5ab0b740-076c-4a19-818a-4086950d210f",
"value": "Malicious"
}
]
},
{
"comment": "",
"deleted": false,
"description": "File object describing a file with meta-information",
"meta-category": "file",
"name": "file",
"template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215",
"template_version": "10",
"timestamp": "1521530704",
"uuid": "5ab0b750-2024-42d7-b8dc-4058950d210f",
"Attribute": [
{
"category": "Payload delivery",
"comment": "",
"deleted": false,
"disable_correlation": true,
"object_relation": "filename",
"timestamp": "1521530704",
"to_ids": true,
"type": "filename",
"uuid": "5ab0b750-d3f4-449a-8dfa-4e4d950d210f",
"value": "CV Control Engeneer.docx"
},
{
"category": "Payload delivery",
"comment": "",
"deleted": false,
"disable_correlation": false,
"object_relation": "md5",
"timestamp": "1521530704",
"to_ids": true,
"type": "md5",
"uuid": "5ab0b750-50c4-4c16-a415-4aba950d210f",
"value": "243511a51088d57e6df08d5ef52d5499"
},
{
"category": "Other",
"comment": "",
"deleted": false,
"disable_correlation": true,
"object_relation": "state",
"timestamp": "1521530705",
"to_ids": false,
"type": "text",
"uuid": "5ab0b751-f124-49cc-a49d-4308950d210f",
"value": "Malicious"
}
]
},
{
"comment": "",
"deleted": false,
"description": "File object describing a file with meta-information",
"meta-category": "file",
"name": "file",
"template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215",
"template_version": "10",
"timestamp": "1521530722",
"uuid": "5ab0b762-6fec-47d5-85a8-44c2950d210f",
"Attribute": [
{
"category": "Payload delivery",
"comment": "",
"deleted": false,
"disable_correlation": true,
"object_relation": "filename",
"timestamp": "1521530722",
"to_ids": true,
"type": "filename",
"uuid": "5ab0b762-e2dc-49eb-80aa-4c1c950d210f",
"value": "CV Jon Patrick.docx"
},
{
"category": "Payload delivery",
"comment": "",
"deleted": false,
"disable_correlation": false,
"object_relation": "md5",
"timestamp": "1521530722",
"to_ids": true,
"type": "md5",
"uuid": "5ab0b762-81c8-4a8a-8669-44e9950d210f",
"value": "277256f905d7cb07cdcd096cecc27e76"
},
{
"category": "Other",
"comment": "",
"deleted": false,
"disable_correlation": true,
"object_relation": "state",
"timestamp": "1521530723",
"to_ids": false,
"type": "text",
"uuid": "5ab0b763-dfc4-42c5-bf28-4536950d210f",
"value": "Malicious"
}
]
},
{
"comment": "",
"deleted": false,
"description": "File object describing a file with meta-information",
"meta-category": "file",
"name": "file",
"template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215",
"template_version": "10",
"timestamp": "1521530750",
"uuid": "5ab0b77e-2250-48df-a9a7-48e3950d210f",
"Attribute": [
{
"category": "Payload delivery",
"comment": "",
"deleted": false,
"disable_correlation": true,
"object_relation": "filename",
"timestamp": "1521530750",
"to_ids": true,
"type": "filename",
"uuid": "5ab0b77e-a958-46a2-81a0-4e1d950d210f",
"value": "Controls Engineer.docx"
},
{
"category": "Payload delivery",
"comment": "",
"deleted": false,
"disable_correlation": false,
"object_relation": "md5",
"timestamp": "1521530750",
"to_ids": true,
"type": "md5",
"uuid": "5ab0b77e-01c8-491f-b28c-4eb9950d210f",
"value": "4909db36f71106379832c8ca57ba5be8"
},
{
"category": "Other",
"comment": "",
"deleted": false,
"disable_correlation": true,
"object_relation": "state",
"timestamp": "1521530750",
"to_ids": false,
"type": "text",
"uuid": "5ab0b77e-00f8-4a71-9ab5-4368950d210f",
"value": "Malicious"
}
]
},
{
"comment": "",
"deleted": false,
"description": "File object describing a file with meta-information",
"meta-category": "file",
"name": "file",
"template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215",
"template_version": "10",
"timestamp": "1521530766",
"uuid": "5ab0b78e-6180-4143-bcfa-422a950d210f",
"Attribute": [
{
"category": "Payload delivery",
"comment": "",
"deleted": false,
"disable_correlation": true,
"object_relation": "filename",
"timestamp": "1521530767",
"to_ids": true,
"type": "filename",
"uuid": "5ab0b78f-c308-40a6-8352-4a80950d210f",
"value": "Controls Engineer.docx"
},
{
"category": "Payload delivery",
"comment": "",
"deleted": false,
"disable_correlation": false,
"object_relation": "md5",
"timestamp": "1521530767",
"to_ids": true,
"type": "md5",
"uuid": "5ab0b78f-8fb4-4879-9be4-44b7950d210f",
"value": "4e4e9aac289f1c55e50227e2de66463b"
},
{
"category": "Other",
"comment": "",
"deleted": false,
"disable_correlation": true,
"object_relation": "state",
"timestamp": "1521530767",
"to_ids": false,
"type": "text",
"uuid": "5ab0b78f-64b4-4728-a73a-473c950d210f",
"value": "Malicious"
}
]
},
{
"comment": "",
"deleted": false,
"description": "File object describing a file with meta-information",
"meta-category": "file",
"name": "file",
"template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215",
"template_version": "10",
"timestamp": "1521530798",
"uuid": "5ab0b7ae-8d44-48c7-908f-409c950d210f",
"Attribute": [
{
"category": "Payload delivery",
"comment": "",
"deleted": false,
"disable_correlation": true,
"object_relation": "filename",
"timestamp": "1521530799",
"to_ids": true,
"type": "filename",
"uuid": "5ab0b7af-9b40-4be2-b409-41ac950d210f",
"value": "High R-Value Energy.docx"
},
{
"category": "Payload delivery",
"comment": "",
"deleted": false,
"disable_correlation": false,
"object_relation": "md5",
"timestamp": "1521530799",
"to_ids": true,
"type": "md5",
"uuid": "5ab0b7af-4aac-47a6-84ef-49b8950d210f",
"value": "5c6a887a91b18289a70bdd29cc86ebdb"
},
{
"category": "Other",
"comment": "",
"deleted": false,
"disable_correlation": true,
"object_relation": "state",
"timestamp": "1521530799",
"to_ids": false,
"type": "text",
"uuid": "5ab0b7af-3cac-46bd-bb6e-4cd6950d210f",
"value": "Malicious"
}
]
},
{
"comment": "",
"deleted": false,
"description": "File object describing a file with meta-information",
"meta-category": "file",
"name": "file",
"template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215",
"template_version": "10",
"timestamp": "1521530822",
"uuid": "5ab0b7c6-0ecc-4b84-aacf-44a2950d210f",
"Attribute": [
{
"category": "Payload delivery",
"comment": "",
"deleted": false,
"disable_correlation": true,
"object_relation": "filename",
"timestamp": "1521530822",
"to_ids": true,
"type": "filename",
"uuid": "5ab0b7c6-af7c-4b54-863b-4d42950d210f",
"value": "CV_Jon_Patrick.docx"
},
{
"category": "Payload delivery",
"comment": "",
"deleted": false,
"disable_correlation": false,
"object_relation": "md5",
"timestamp": "1521530822",
"to_ids": true,
"type": "md5",
"uuid": "5ab0b7c6-b050-4938-aed6-4e86950d210f",
"value": "6c3c58f168e883af1294bbcea33b03e6"
},
{
"category": "Other",
"comment": "",
"deleted": false,
"disable_correlation": true,
"object_relation": "state",
"timestamp": "1521530822",
"to_ids": false,
"type": "text",
"uuid": "5ab0b7c6-2870-4ac3-a89c-47ca950d210f",
"value": "Malicious"
}
]
},
{
"comment": "",
"deleted": false,
"description": "File object describing a file with meta-information",
"meta-category": "file",
"name": "file",
"template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215",
"template_version": "10",
"timestamp": "1521530839",
"uuid": "5ab0b7d7-7530-4c12-9360-4d17950d210f",
"Attribute": [
{
"category": "Payload delivery",
"comment": "",
"deleted": false,
"disable_correlation": true,
"object_relation": "filename",
"timestamp": "1521530839",
"to_ids": true,
"type": "filename",
"uuid": "5ab0b7d7-6a2c-439e-a0ca-477f950d210f",
"value": "CV Jon Patrick.docx"
},
{
"category": "Payload delivery",
"comment": "",
"deleted": false,
"disable_correlation": false,
"object_relation": "md5",
"timestamp": "1521530840",
"to_ids": true,
"type": "md5",
"uuid": "5ab0b7d8-8950-41d8-bf8a-41aa950d210f",
"value": "78e90308ff107ce38089dff16a929431"
},
{
"category": "Other",
"comment": "",
"deleted": false,
"disable_correlation": true,
"object_relation": "state",
"timestamp": "1521530840",
"to_ids": false,
"type": "text",
"uuid": "5ab0b7d8-8d00-4d20-8834-457a950d210f",
"value": "Malicious"
}
]
},
{
"comment": "",
"deleted": false,
"description": "File object describing a file with meta-information",
"meta-category": "file",
"name": "file",
"template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215",
"template_version": "10",
"timestamp": "1521530857",
"uuid": "5ab0b7e9-12cc-49c0-8673-4e90950d210f",
"Attribute": [
{
"category": "Payload delivery",
"comment": "",
"deleted": false,
"disable_correlation": true,
"object_relation": "filename",
"timestamp": "1521530857",
"to_ids": true,
"type": "filename",
"uuid": "5ab0b7e9-2b6c-47f6-a10d-4285950d210f",
"value": "CV_Jon_Patrick.docx"
},
{
"category": "Payload delivery",
"comment": "",
"deleted": false,
"disable_correlation": false,
"object_relation": "md5",
"timestamp": "1521530857",
"to_ids": true,
"type": "md5",
"uuid": "5ab0b7e9-7610-43b6-a972-49d5950d210f",
"value": "90514dee65caf923e829f1e0094d2585"
},
{
"category": "Other",
"comment": "",
"deleted": false,
"disable_correlation": true,
"object_relation": "state",
"timestamp": "1521530858",
"to_ids": false,
"type": "text",
"uuid": "5ab0b7ea-b8c8-4308-a7d8-4b5e950d210f",
"value": "Malicious"
}
]
},
{
"comment": "",
"deleted": false,
"description": "File object describing a file with meta-information",
"meta-category": "file",
"name": "file",
"template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215",
"template_version": "10",
"timestamp": "1521530875",
"uuid": "5ab0b7fb-c138-4d71-914f-4317950d210f",
"Attribute": [
{
"category": "Payload delivery",
"comment": "",
"deleted": false,
"disable_correlation": true,
"object_relation": "filename",
"timestamp": "1521530875",
"to_ids": true,
"type": "filename",
"uuid": "5ab0b7fb-bd58-4b3b-8d57-4568950d210f",
"value": "Build Hydroelectric Turbine.docx"
},
{
"category": "Payload delivery",
"comment": "",
"deleted": false,
"disable_correlation": false,
"object_relation": "md5",
"timestamp": "1521530875",
"to_ids": true,
"type": "md5",
"uuid": "5ab0b7fb-9a30-4742-8088-4252950d210f",
"value": "c1529353e33fd3c0d2802bb558414f11"
},
{
"category": "Other",
"comment": "",
"deleted": false,
"disable_correlation": true,
"object_relation": "state",
"timestamp": "1521530875",
"to_ids": false,
"type": "text",
"uuid": "5ab0b7fb-ee04-408f-95dc-4ab5950d210f",
"value": "Malicious"
}
]
},
{
"comment": "",
"deleted": false,
"description": "File object describing a file with meta-information",
"meta-category": "file",
"name": "file",
"template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215",
"template_version": "10",
"timestamp": "1521530892",
"uuid": "5ab0b80c-f79c-4c30-a9d9-4e52950d210f",
"Attribute": [
{
"category": "Payload delivery",
"comment": "",
"deleted": false,
"disable_correlation": true,
"object_relation": "filename",
"timestamp": "1521530892",
"to_ids": true,
"type": "filename",
"uuid": "5ab0b80c-7f74-46dd-a932-409f950d210f",
"value": "Resume_Key_And_Personal.docx"
},
{
"category": "Payload delivery",
"comment": "",
"deleted": false,
"disable_correlation": false,
"object_relation": "md5",
"timestamp": "1521530892",
"to_ids": true,
"type": "md5",
"uuid": "5ab0b80c-3a0c-42b8-b6f7-4526950d210f",
"value": "cda0b7fbdbdcef1777657182a504283d"
},
{
"category": "Other",
"comment": "",
"deleted": false,
"disable_correlation": true,
"object_relation": "state",
"timestamp": "1521530892",
"to_ids": false,
"type": "text",
"uuid": "5ab0b80c-587c-44fc-8dc4-4ba7950d210f",
"value": "Malicious"
}
]
},
{
"comment": "",
"deleted": false,
"description": "File object describing a file with meta-information",
"meta-category": "file",
"name": "file",
"template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215",
"template_version": "10",
"timestamp": "1521530905",
"uuid": "5ab0b819-f650-498e-8a51-46d8950d210f",
"Attribute": [
{
"category": "Payload delivery",
"comment": "",
"deleted": false,
"disable_correlation": true,
"object_relation": "filename",
"timestamp": "1521530905",
"to_ids": true,
"type": "filename",
"uuid": "5ab0b819-9f6c-461e-bef3-48fb950d210f",
"value": "CV_Jon_Patrick.docx"
},
{
"category": "Payload delivery",
"comment": "",
"deleted": false,
"disable_correlation": false,
"object_relation": "md5",
"timestamp": "1521530905",
"to_ids": true,
"type": "md5",
"uuid": "5ab0b819-e1ac-49a1-a622-4e2e950d210f",
"value": "dde2a6ac540643e2428976b778c43d39"
},
{
"category": "Other",
"comment": "",
"deleted": false,
"disable_correlation": true,
"object_relation": "state",
"timestamp": "1521530905",
"to_ids": false,
"type": "text",
"uuid": "5ab0b819-1280-42cc-bcfc-4024950d210f",
"value": "Malicious"
}
]
},
{
"comment": "",
"deleted": false,
"description": "File object describing a file with meta-information",
"meta-category": "file",
"name": "file",
"template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215",
"template_version": "10",
"timestamp": "1521531040",
"uuid": "5ab0b8a0-36e0-4917-a97c-4fc2950d210f",
"Attribute": [
{
"category": "Payload delivery",
"comment": "",
"deleted": false,
"disable_correlation": true,
"object_relation": "filename",
"timestamp": "1521531040",
"to_ids": true,
"type": "filename",
"uuid": "5ab0b8a0-bd74-4003-bff3-4d46950d210f",
"value": "CV_Jon_Patrick.docx"
},
{
"category": "Payload delivery",
"comment": "",
"deleted": false,
"disable_correlation": false,
"object_relation": "md5",
"timestamp": "1521531040",
"to_ids": true,
"type": "md5",
"uuid": "5ab0b8a0-99e4-4649-b21d-42e7950d210f",
"value": "e9a906082df6383aa8d5de60f6ef830e"
},
{
"category": "Other",
"comment": "",
"deleted": false,
"disable_correlation": true,
"object_relation": "state",
"timestamp": "1521531041",
"to_ids": false,
"type": "text",
"uuid": "5ab0b8a1-8524-4f14-aa45-4fb8950d210f",
"value": "Malicious"
}
]
},
{
"comment": "",
"deleted": false,
"description": "File object describing a file with meta-information",
"meta-category": "file",
"name": "file",
"template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215",
"template_version": "10",
"timestamp": "1521531057",
"uuid": "5ab0b8b1-9700-4b9d-9c32-453d950d210f",
"Attribute": [
{
"category": "Payload delivery",
"comment": "",
"deleted": false,
"disable_correlation": true,
"object_relation": "filename",
"timestamp": "1521531058",
"to_ids": true,
"type": "filename",
"uuid": "5ab0b8b2-d18c-43f4-9881-463e950d210f",
"value": "Report03-23-2017.docx"
},
{
"category": "Payload delivery",
"comment": "",
"deleted": false,
"disable_correlation": false,
"object_relation": "md5",
"timestamp": "1521531058",
"to_ids": true,
"type": "md5",
"uuid": "5ab0b8b2-9310-4f30-8715-4245950d210f",
"value": "3c432a21cfd05f976af8c47a007928f7"
},
{
"category": "Other",
"comment": "",
"deleted": false,
"disable_correlation": true,
"object_relation": "state",
"timestamp": "1521531058",
"to_ids": false,
"type": "text",
"uuid": "5ab0b8b2-a3ac-4b14-b6d6-4f16950d210f",
"value": "Malicious"
}
]
},
{
"comment": "",
"deleted": false,
"description": "File object describing a file with meta-information",
"meta-category": "file",
"name": "file",
"template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215",
"template_version": "10",
"timestamp": "1521531076",
"uuid": "5ab0b8c4-8ed0-450a-946a-4ed6950d210f",
"Attribute": [
{
"category": "Payload delivery",
"comment": "",
"deleted": false,
"disable_correlation": true,
"object_relation": "filename",
"timestamp": "1521531077",
"to_ids": true,
"type": "filename",
"uuid": "5ab0b8c5-32bc-4417-853b-48a3950d210f",
"value": "corp_rules(2016).docx"
},
{
"category": "Payload delivery",
"comment": "",
"deleted": false,
"disable_correlation": false,
"object_relation": "md5",
"timestamp": "1521531077",
"to_ids": true,
"type": "md5",
"uuid": "5ab0b8c5-5de4-4388-aa04-4105950d210f",
"value": "34a11f3d68fd6cdef04b6df17bbe8f4d"
},
{
"category": "Other",
"comment": "",
"deleted": false,
"disable_correlation": true,
"object_relation": "state",
"timestamp": "1521531077",
"to_ids": false,
"type": "text",
"uuid": "5ab0b8c5-2068-41f0-87af-45dc950d210f",
"value": "Malicious"
}
]
},
{
"comment": "",
"deleted": false,
"description": "File object describing a file with meta-information",
"meta-category": "file",
"name": "file",
"template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215",
"template_version": "10",
"timestamp": "1521531095",
"uuid": "5ab0b8d7-c5e4-4619-98b1-4440950d210f",
"Attribute": [
{
"category": "Payload delivery",
"comment": "",
"deleted": false,
"disable_correlation": true,
"object_relation": "filename",
"timestamp": "1521531095",
"to_ids": true,
"type": "filename",
"uuid": "5ab0b8d7-1d50-4195-9b88-4e81950d210f",
"value": "corp_rules(2016).docx"
},
{
"category": "Payload delivery",
"comment": "",
"deleted": false,
"disable_correlation": false,
"object_relation": "md5",
"timestamp": "1521531095",
"to_ids": true,
"type": "md5",
"uuid": "5ab0b8d7-b678-466b-a2a6-4059950d210f",
"value": "141e78d16456a072c9697454fc6d5f58"
},
{
"category": "Other",
"comment": "",
"deleted": false,
"disable_correlation": true,
"object_relation": "state",
"timestamp": "1521531095",
"to_ids": false,
"type": "text",
"uuid": "5ab0b8d7-2cb0-4c74-814a-44c4950d210f",
"value": "Malicious"
}
]
},
{
"comment": "",
"deleted": false,
"description": "File object describing a file with meta-information",
"meta-category": "file",
"name": "file",
"template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215",
"template_version": "10",
"timestamp": "1521531110",
"uuid": "5ab0b8e6-7054-49c9-8240-4c8d950d210f",
"Attribute": [
{
"category": "Payload delivery",
"comment": "",
"deleted": false,
"disable_correlation": true,
"object_relation": "filename",
"timestamp": "1521531111",
"to_ids": true,
"type": "filename",
"uuid": "5ab0b8e7-b728-4a3c-b46b-4521950d210f",
"value": "invite.docx"
},
{
"category": "Payload delivery",
"comment": "",
"deleted": false,
"disable_correlation": false,
"object_relation": "md5",
"timestamp": "1521531111",
"to_ids": true,
"type": "md5",
"uuid": "5ab0b8e7-0a78-43a0-bbad-4034950d210f",
"value": "bfa54ccc770dcce8fd4929b7c1176470"
},
{
"category": "Other",
"comment": "",
"deleted": false,
"disable_correlation": true,
"object_relation": "state",
"timestamp": "1521531111",
"to_ids": false,
"type": "text",
"uuid": "5ab0b8e7-5770-4731-b48c-4326950d210f",
"value": "Malicious"
}
]
},
{
"comment": "",
"deleted": false,
"description": "File object describing a file with meta-information",
"meta-category": "file",
"name": "file",
"template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215",
"template_version": "10",
"timestamp": "1521531128",
"uuid": "5ab0b8f8-4c70-4a36-8577-46a9950d210f",
"Attribute": [
{
"category": "Payload delivery",
"comment": "",
"deleted": false,
"disable_correlation": true,
"object_relation": "filename",
"timestamp": "1521531128",
"to_ids": true,
"type": "filename",
"uuid": "5ab0b8f8-c6d8-4ecc-bea7-49aa950d210f",
"value": "Controls Engineer.docx"
},
{
"category": "Payload delivery",
"comment": "",
"deleted": false,
"disable_correlation": false,
"object_relation": "md5",
"timestamp": "1521531128",
"to_ids": true,
"type": "md5",
"uuid": "5ab0b8f8-ec38-44c5-80bf-4644950d210f",
"value": "848775bab0801e5bb15b33fa4fca573c"
},
{
"category": "Other",
"comment": "",
"deleted": false,
"disable_correlation": true,
"object_relation": "state",
"timestamp": "1521531128",
"to_ids": false,
"type": "text",
"uuid": "5ab0b8f8-9cac-4907-85a0-4101950d210f",
"value": "Malicious"
}
]
},
{
"comment": "",
"deleted": false,
"description": "File object describing a file with meta-information",
"meta-category": "file",
"name": "file",
"template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215",
"template_version": "10",
"timestamp": "1521531144",
"uuid": "5ab0b908-ba78-4823-8e63-460d950d210f",
"Attribute": [
{
"category": "Payload delivery",
"comment": "",
"deleted": false,
"disable_correlation": true,
"object_relation": "filename",
"timestamp": "1521531144",
"to_ids": true,
"type": "filename",
"uuid": "5ab0b908-f954-44d6-ac42-43dd950d210f",
"value": "~1171694.dll"
},
{
"category": "Payload delivery",
"comment": "",
"deleted": false,
"disable_correlation": false,
"object_relation": "md5",
"timestamp": "1521531144",
"to_ids": true,
"type": "md5",
"uuid": "5ab0b908-c518-4b28-a72a-4234950d210f",
"value": "8ff4dc8a2ebfd5eea11a38877bd4f2df"
},
{
"category": "Other",
"comment": "",
"deleted": false,
"disable_correlation": true,
"object_relation": "state",
"timestamp": "1521531144",
"to_ids": false,
"type": "text",
"uuid": "5ab0b908-8750-4858-9c30-476d950d210f",
"value": "Malicious"
}
]
},
{
"comment": "",
"deleted": false,
"description": "File object describing a file with meta-information",
"meta-category": "file",
"name": "file",
"template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215",
"template_version": "10",
"timestamp": "1521531159",
"uuid": "5ab0b917-4c34-4939-99f3-44a3950d210f",
"Attribute": [
{
"category": "Payload delivery",
"comment": "",
"deleted": false,
"disable_correlation": true,
"object_relation": "filename",
"timestamp": "1521531159",
"to_ids": true,
"type": "filename",
"uuid": "5ab0b917-2640-4840-939b-4639950d210f",
"value": "mozilla.exe"
},
{
"category": "Payload delivery",
"comment": "",
"deleted": false,
"disable_correlation": false,
"object_relation": "md5",
"timestamp": "1521531159",
"to_ids": true,
"type": "md5",
"uuid": "5ab0b917-ecb4-4ba5-ad29-4ce8950d210f",
"value": "5c5c2c06deca8212eb71d2cc7f0d23e9"
},
{
"category": "Other",
"comment": "",
"deleted": false,
"disable_correlation": true,
"object_relation": "state",
"timestamp": "1521531159",
"to_ids": false,
"type": "text",
"uuid": "5ab0b917-1804-4d54-9ed6-40c0950d210f",
"value": "Malicious"
}
]
},
{
"comment": "",
"deleted": false,
"description": "File object describing a file with meta-information",
"meta-category": "file",
"name": "file",
"template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215",
"template_version": "10",
"timestamp": "1521531175",
"uuid": "5ab0b927-621c-4f5d-a42c-4751950d210f",
"Attribute": [
{
"category": "Payload delivery",
"comment": "",
"deleted": false,
"disable_correlation": true,
"object_relation": "filename",
"timestamp": "1521531175",
"to_ids": true,
"type": "filename",
"uuid": "5ab0b927-2434-40ec-bd74-4883950d210f",
"value": "s.txt.lnk"
},
{
"category": "Payload delivery",
"comment": "",
"deleted": false,
"disable_correlation": false,
"object_relation": "md5",
"timestamp": "1521531176",
"to_ids": true,
"type": "md5",
"uuid": "5ab0b928-f920-4490-b1c6-4235950d210f",
"value": "7eae5684e4b4bf44e36f2810c86fcd33"
},
{
"category": "Other",
"comment": "",
"deleted": false,
"disable_correlation": true,
"object_relation": "state",
"timestamp": "1521531176",
"to_ids": false,
"type": "text",
"uuid": "5ab0b928-dc2c-4ecd-932a-4a84950d210f",
"value": "Malicious"
}
]
},
{
"comment": "",
"deleted": false,
"description": "File object describing a file with meta-information",
"meta-category": "file",
"name": "file",
"template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215",
"template_version": "10",
"timestamp": "1521531192",
"uuid": "5ab0b938-b34c-4237-845e-4521950d210f",
"Attribute": [
{
"category": "Payload delivery",
"comment": "",
"deleted": false,
"disable_correlation": true,
"object_relation": "filename",
"timestamp": "1521531192",
"to_ids": true,
"type": "filename",
"uuid": "5ab0b938-967c-4b9b-95bf-49a0950d210f",
"value": "symantec_help.jsp"
},
{
"category": "Payload delivery",
"comment": "",
"deleted": false,
"disable_correlation": false,
"object_relation": "md5",
"timestamp": "1521531192",
"to_ids": true,
"type": "md5",
"uuid": "5ab0b938-3e1c-41ea-bdf4-45e2950d210f",
"value": "12499311682e914b703a8669ce05fa4d"
},
{
"category": "Other",
"comment": "",
"deleted": false,
"disable_correlation": true,
"object_relation": "state",
"timestamp": "1521531192",
"to_ids": false,
"type": "text",
"uuid": "5ab0b938-4eb0-4f0d-8f95-41bf950d210f",
"value": "Malicious"
}
]
},
{
"comment": "",
"deleted": false,
"description": "Registry key object describing a Windows registry key with value and last-modified timestamp",
"meta-category": "file",
"name": "registry-key",
"template_uuid": "8b3228ad-6d82-4fe6-b2ae-05426308f1d5",
"template_version": "4",
"timestamp": "1521534667",
"uuid": "5ab0c6cb-e050-4cff-be31-4b78950d210f",
"Attribute": [
{
"category": "Persistence mechanism",
"comment": "",
"deleted": false,
"disable_correlation": false,
"object_relation": "key",
"timestamp": "1521534667",
"to_ids": true,
"type": "regkey",
"uuid": "5ab0c6cb-f2f8-4bc9-b71e-44ed950d210f",
"value": "HKEY_USERS\\<USER SID>\\Software\\Microsoft\\Windows\\CurrentVersion\\Run"
},
{
"category": "Persistence mechanism",
"comment": "",
"deleted": false,
"disable_correlation": false,
"object_relation": "data",
"timestamp": "1521534668",
"to_ids": false,
"type": "text",
"uuid": "5ab0c6cc-9824-4003-9bfa-4a17950d210f",
"value": "ntdll"
},
{
"category": "Other",
"comment": "",
"deleted": false,
"disable_correlation": true,
"object_relation": "root-keys",
"timestamp": "1521534668",
"to_ids": false,
"type": "text",
"uuid": "5ab0c6cc-7c58-4807-a18a-493e950d210f",
"value": "HKCC"
},
{
"category": "Persistence mechanism",
"comment": "",
"deleted": false,
"disable_correlation": true,
"object_relation": "data-type",
"timestamp": "1521534668",
"to_ids": false,
"type": "text",
"uuid": "5ab0c6cc-75ac-4dbb-bb43-4684950d210f",
"value": "REG_NONE"
}
]
},
{
"comment": "",
"deleted": false,
"description": "File object describing a file with meta-information",
"meta-category": "file",
"name": "file",
"template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215",
"template_version": "7",
"timestamp": "1521571836",
"uuid": "817e8e7e-d4e7-4d2b-8f02-03c20544d73a",
"ObjectReference": [
{
"comment": "",
"object_uuid": "817e8e7e-d4e7-4d2b-8f02-03c20544d73a",
"referenced_uuid": "f11d0914-a6a8-43e8-b34b-e9b56d9ccda5",
chg: [feed] added
2023-04-21 13:25:09 +00:00
"relationship_type": "analysed-with",
chg: [gen] updated
2023-12-14 14:30:15 +00:00
"timestamp": "1521571868",
"uuid": "5ab1581c-bb78-4336-935f-e1c102de0b81"
}
],
"Attribute": [
{
"category": "Payload delivery",
"comment": "",
"deleted": false,
"disable_correlation": false,
"object_relation": "sha1",
"timestamp": "1521571833",
"to_ids": true,
"type": "sha1",
"uuid": "5ab157f9-77a0-48c6-8a3f-e1c102de0b81",
"value": "3ef471f3d82ef072974d74c49d928d0f3057f24e"
},
{
"category": "Payload delivery",
"comment": "",
"deleted": false,
"disable_correlation": false,
"object_relation": "sha256",
"timestamp": "1521571833",
"to_ids": true,
"type": "sha256",
"uuid": "5ab157f9-797c-4ce9-a7db-e1c102de0b81",
"value": "7234800d9fe43ba9edea1d7435a1b030712e7bce035334c4a8ed76ed573dbfa1"
},
{
"category": "Payload delivery",
"comment": "",
"deleted": false,
"disable_correlation": false,
"object_relation": "md5",
"timestamp": "1521571834",
"to_ids": true,
"type": "md5",
"uuid": "5ab157fa-6328-4b72-860c-e1c102de0b81",
"value": "848775bab0801e5bb15b33fa4fca573c"
}
]
},
{
"comment": "",
"deleted": false,
"description": "VirusTotal report",
"meta-category": "misc",
"name": "virustotal-report",
"template_uuid": "d7dd0154-e04f-4c34-a2fb-79f3a3a52aa4",
"template_version": "1",
"timestamp": "1521571834",
"uuid": "f11d0914-a6a8-43e8-b34b-e9b56d9ccda5",
"Attribute": [
{
"category": "External analysis",
"comment": "",
"deleted": false,
"disable_correlation": false,
"object_relation": "permalink",
"timestamp": "1521571834",
"to_ids": false,
"type": "link",
"uuid": "5ab157fa-b58c-495e-9c61-e1c102de0b81",
"value": "https://www.virustotal.com/file/7234800d9fe43ba9edea1d7435a1b030712e7bce035334c4a8ed76ed573dbfa1/analysis/1521304280/"
},
{
"category": "Other",
"comment": "",
"deleted": false,
"disable_correlation": true,
"object_relation": "detection-ratio",
"timestamp": "1521571835",
"to_ids": false,
"type": "text",
"uuid": "5ab157fb-d09c-4dd5-947e-e1c102de0b81",
"value": "29/60"
},
{
"category": "Other",
"comment": "",
"deleted": false,
"disable_correlation": false,
"object_relation": "last-submission",
"timestamp": "1521571835",
"to_ids": false,
"type": "datetime",
"uuid": "5ab157fb-048c-41cc-bd92-e1c102de0b81",
"value": "2018-03-17T16:31:20"
}
]
},
{
"comment": "",
"deleted": false,
"description": "File object describing a file with meta-information",
"meta-category": "file",
"name": "file",
"template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215",
"template_version": "7",
"timestamp": "1521571838",
"uuid": "ed4e8187-7d82-43a5-ae76-c7457f3a3858",
"ObjectReference": [
{
"comment": "",
"object_uuid": "ed4e8187-7d82-43a5-ae76-c7457f3a3858",
"referenced_uuid": "2a950e9f-1c9e-4125-bf95-c935bf9096b6",
chg: [feed] added
2023-04-21 13:25:09 +00:00
"relationship_type": "analysed-with",
chg: [gen] updated
2023-12-14 14:30:15 +00:00
"timestamp": "1521571868",
"uuid": "5ab1581c-fc98-4bf4-b792-e1c102de0b81"
}
],
"Attribute": [
{
"category": "Payload delivery",
"comment": "",
"deleted": false,
"disable_correlation": false,
"object_relation": "sha1",
"timestamp": "1521571835",
"to_ids": true,
"type": "sha1",
"uuid": "5ab157fb-5fe8-4334-8126-e1c102de0b81",
"value": "0aabe0176fbe0979e2ee8e9cd920ee3ddb3ebe26"
},
{
"category": "Payload delivery",
"comment": "",
"deleted": false,
"disable_correlation": false,
"object_relation": "sha256",
"timestamp": "1521571835",
"to_ids": true,
"type": "sha256",
"uuid": "5ab157fb-0288-42d4-8d50-e1c102de0b81",
"value": "dce323466041c4a008dbb721aa9677a55484303482ce5975a0ffa16946c186dd"
},
{
"category": "Payload delivery",
"comment": "",
"deleted": false,
"disable_correlation": false,
"object_relation": "md5",
"timestamp": "1521571836",
"to_ids": true,
"type": "md5",
"uuid": "5ab157fc-5564-4f12-aa42-e1c102de0b81",
"value": "bfa54ccc770dcce8fd4929b7c1176470"
}
]
},
{
"comment": "",
"deleted": false,
"description": "VirusTotal report",
"meta-category": "misc",
"name": "virustotal-report",
"template_uuid": "d7dd0154-e04f-4c34-a2fb-79f3a3a52aa4",
"template_version": "1",
"timestamp": "1521571836",
"uuid": "2a950e9f-1c9e-4125-bf95-c935bf9096b6",
"Attribute": [
{
"category": "External analysis",
"comment": "",
"deleted": false,
"disable_correlation": false,
"object_relation": "permalink",
"timestamp": "1521571837",
"to_ids": false,
"type": "link",
"uuid": "5ab157fd-d6a8-4136-8b9b-e1c102de0b81",
"value": "https://www.virustotal.com/file/dce323466041c4a008dbb721aa9677a55484303482ce5975a0ffa16946c186dd/analysis/1521304103/"
},
{
"category": "Other",
"comment": "",
"deleted": false,
"disable_correlation": true,
"object_relation": "detection-ratio",
"timestamp": "1521571837",
"to_ids": false,
"type": "text",
"uuid": "5ab157fd-ecf0-4c17-aaeb-e1c102de0b81",
"value": "25/59"
},
{
"category": "Other",
"comment": "",
"deleted": false,
"disable_correlation": false,
"object_relation": "last-submission",
"timestamp": "1521571837",
"to_ids": false,
"type": "datetime",
"uuid": "5ab157fd-3cf8-4873-b1af-e1c102de0b81",
"value": "2018-03-17T16:28:23"
}
]
},
{
"comment": "",
"deleted": false,
"description": "File object describing a file with meta-information",
"meta-category": "file",
"name": "file",
"template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215",
"template_version": "7",
"timestamp": "1521571841",
"uuid": "91368a58-21e1-420a-9d26-97e0385d5748",
"ObjectReference": [
{
"comment": "",
"object_uuid": "91368a58-21e1-420a-9d26-97e0385d5748",
"referenced_uuid": "62b12042-f234-4857-9d1b-721399c22094",
chg: [feed] added
2023-04-21 13:25:09 +00:00
"relationship_type": "analysed-with",
chg: [gen] updated
2023-12-14 14:30:15 +00:00
"timestamp": "1521571868",
"uuid": "5ab1581c-f2ac-416e-809d-e1c102de0b81"
}
],
"Attribute": [
{
"category": "Payload delivery",
"comment": "",
"deleted": false,
"disable_correlation": false,
"object_relation": "sha1",
"timestamp": "1521571838",
"to_ids": true,
"type": "sha1",
"uuid": "5ab157fe-3208-4553-87bc-e1c102de0b81",
"value": "ba1801a71c2c3d44cbc176a9a45b02166f9b1ad4"
},
{
"category": "Payload delivery",
"comment": "",
"deleted": false,
"disable_correlation": false,
"object_relation": "sha256",
"timestamp": "1521571838",
"to_ids": true,
"type": "sha256",
"uuid": "5ab157fe-d834-450c-9cbb-e1c102de0b81",
"value": "b9fc0483262d8cf1273f04fd03eb67d875fbc700371caf57f4834e706dccdf44"
},
{
"category": "Payload delivery",
"comment": "",
"deleted": false,
"disable_correlation": false,
"object_relation": "md5",
"timestamp": "1521571839",
"to_ids": true,
"type": "md5",
"uuid": "5ab157ff-0040-44f6-aeb6-e1c102de0b81",
"value": "243511a51088d57e6df08d5ef52d5499"
}
]
},
{
"comment": "",
"deleted": false,
"description": "VirusTotal report",
"meta-category": "misc",
"name": "virustotal-report",
"template_uuid": "d7dd0154-e04f-4c34-a2fb-79f3a3a52aa4",
"template_version": "1",
"timestamp": "1521571839",
"uuid": "62b12042-f234-4857-9d1b-721399c22094",
"Attribute": [
{
"category": "External analysis",
"comment": "",
"deleted": false,
"disable_correlation": false,
"object_relation": "permalink",
"timestamp": "1521571839",
"to_ids": false,
"type": "link",
"uuid": "5ab157ff-86ac-4f2a-9ff0-e1c102de0b81",
"value": "https://www.virustotal.com/file/b9fc0483262d8cf1273f04fd03eb67d875fbc700371caf57f4834e706dccdf44/analysis/1521303248/"
},
{
"category": "Other",
"comment": "",
"deleted": false,
"disable_correlation": true,
"object_relation": "detection-ratio",
"timestamp": "1521571840",
"to_ids": false,
"type": "text",
"uuid": "5ab15800-cb24-4711-852c-e1c102de0b81",
"value": "29/59"
},
{
"category": "Other",
"comment": "",
"deleted": false,
"disable_correlation": false,
"object_relation": "last-submission",
"timestamp": "1521571840",
"to_ids": false,
"type": "datetime",
"uuid": "5ab15800-2bec-455e-aaba-e1c102de0b81",
"value": "2018-03-17T16:14:08"
}
]
},
{
"comment": "",
"deleted": false,
"description": "File object describing a file with meta-information",
"meta-category": "file",
"name": "file",
"template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215",
"template_version": "7",
"timestamp": "1521571843",
"uuid": "dc3dc085-889d-438e-b1a2-d37315215674",
"ObjectReference": [
{
"comment": "",
"object_uuid": "dc3dc085-889d-438e-b1a2-d37315215674",
"referenced_uuid": "7716d649-a1a1-46f5-b491-ed742857eb80",
chg: [feed] added
2023-04-21 13:25:09 +00:00
"relationship_type": "analysed-with",
chg: [gen] updated
2023-12-14 14:30:15 +00:00
"timestamp": "1521571868",
"uuid": "5ab1581c-d25c-48b5-aa4e-e1c102de0b81"
}
],
"Attribute": [
{
"category": "Payload delivery",
"comment": "",
"deleted": false,
"disable_correlation": false,
"object_relation": "sha1",
"timestamp": "1521571840",
"to_ids": true,
"type": "sha1",
"uuid": "5ab15800-0130-4b78-85cd-e1c102de0b81",
"value": "733ae7d8c9f3551c23a0c228a918de96a245d673"
},
{
"category": "Payload delivery",
"comment": "",
"deleted": false,
"disable_correlation": false,
"object_relation": "sha256",
"timestamp": "1521571841",
"to_ids": true,
"type": "sha256",
"uuid": "5ab15801-d7a0-4d7d-a155-e1c102de0b81",
"value": "351de762b4a3f600a30b291a467af3d3988b6343c6671b1678676444a0981ee8"
},
{
"category": "Payload delivery",
"comment": "",
"deleted": false,
"disable_correlation": false,
"object_relation": "md5",
"timestamp": "1521571841",
"to_ids": true,
"type": "md5",
"uuid": "5ab15801-428c-47e0-9e10-e1c102de0b81",
"value": "34a11f3d68fd6cdef04b6df17bbe8f4d"
}
]
},
{
"comment": "",
"deleted": false,
"description": "VirusTotal report",
"meta-category": "misc",
"name": "virustotal-report",
"template_uuid": "d7dd0154-e04f-4c34-a2fb-79f3a3a52aa4",
"template_version": "1",
"timestamp": "1521571841",
"uuid": "7716d649-a1a1-46f5-b491-ed742857eb80",
"Attribute": [
{
"category": "External analysis",
"comment": "",
"deleted": false,
"disable_correlation": false,
"object_relation": "permalink",
"timestamp": "1521571842",
"to_ids": false,
"type": "link",
"uuid": "5ab15802-fbd4-4b21-b8dd-e1c102de0b81",
"value": "https://www.virustotal.com/file/351de762b4a3f600a30b291a467af3d3988b6343c6671b1678676444a0981ee8/analysis/1521303888/"
},
{
"category": "Other",
"comment": "",
"deleted": false,
"disable_correlation": true,
"object_relation": "detection-ratio",
"timestamp": "1521571842",
"to_ids": false,
"type": "text",
"uuid": "5ab15802-ad84-4dc3-a88d-e1c102de0b81",
"value": "26/59"
},
{
"category": "Other",
"comment": "",
"deleted": false,
"disable_correlation": false,
"object_relation": "last-submission",
"timestamp": "1521571842",
"to_ids": false,
"type": "datetime",
"uuid": "5ab15802-c924-49db-a1c3-e1c102de0b81",
"value": "2018-03-17T16:24:48"
}
]
},
{
"comment": "",
"deleted": false,
"description": "File object describing a file with meta-information",
"meta-category": "file",
"name": "file",
"template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215",
"template_version": "7",
"timestamp": "1521571846",
"uuid": "15fc0f64-5c84-4c0c-972e-d7cfbc940bb5",
"ObjectReference": [
{
"comment": "",
"object_uuid": "15fc0f64-5c84-4c0c-972e-d7cfbc940bb5",
"referenced_uuid": "2a28b918-0b88-4f5f-9084-202f5324905b",
chg: [feed] added
2023-04-21 13:25:09 +00:00
"relationship_type": "analysed-with",
chg: [gen] updated
2023-12-14 14:30:15 +00:00
"timestamp": "1521571868",
"uuid": "5ab1581c-2160-4398-83e7-e1c102de0b81"
}
],
"Attribute": [
{
"category": "Payload delivery",
"comment": "",
"deleted": false,
"disable_correlation": false,
"object_relation": "sha1",
"timestamp": "1521571843",
"to_ids": true,
"type": "sha1",
"uuid": "5ab15803-7614-4cc9-8323-e1c102de0b81",
"value": "67175f1de3a911958e4c075336160462df3ea7b1"
},
{
"category": "Payload delivery",
"comment": "",
"deleted": false,
"disable_correlation": false,
"object_relation": "sha256",
"timestamp": "1521571843",
"to_ids": true,
"type": "sha256",
"uuid": "5ab15803-8cf8-46dd-97ac-e1c102de0b81",
"value": "93cd6696e150caf6106e6066b58107372dcf43377bf4420c848007c10ff80bc9"
},
{
"category": "Payload delivery",
"comment": "",
"deleted": false,
"disable_correlation": false,
"object_relation": "md5",
"timestamp": "1521571844",
"to_ids": true,
"type": "md5",
"uuid": "5ab15804-6e6c-40a2-bc5b-e1c102de0b81",
"value": "3c432a21cfd05f976af8c47a007928f7"
}
]
},
{
"comment": "",
"deleted": false,
"description": "VirusTotal report",
"meta-category": "misc",
"name": "virustotal-report",
"template_uuid": "d7dd0154-e04f-4c34-a2fb-79f3a3a52aa4",
"template_version": "1",
"timestamp": "1521571844",
"uuid": "2a28b918-0b88-4f5f-9084-202f5324905b",
"Attribute": [
{
"category": "External analysis",
"comment": "",
"deleted": false,
"disable_correlation": false,
"object_relation": "permalink",
"timestamp": "1521571844",
"to_ids": false,
"type": "link",
"uuid": "5ab15804-4114-46d4-809c-e1c102de0b81",
"value": "https://www.virustotal.com/file/93cd6696e150caf6106e6066b58107372dcf43377bf4420c848007c10ff80bc9/analysis/1521303830/"
},
{
"category": "Other",
"comment": "",
"deleted": false,
"disable_correlation": true,
"object_relation": "detection-ratio",
"timestamp": "1521571845",
"to_ids": false,
"type": "text",
"uuid": "5ab15805-9000-420c-82ef-e1c102de0b81",
"value": "32/60"
},
{
"category": "Other",
"comment": "",
"deleted": false,
"disable_correlation": false,
"object_relation": "last-submission",
"timestamp": "1521571845",
"to_ids": false,
"type": "datetime",
"uuid": "5ab15805-b044-479e-a049-e1c102de0b81",
"value": "2018-03-17T16:23:50"
}
]
},
{
"comment": "",
"deleted": false,
"description": "File object describing a file with meta-information",
"meta-category": "file",
"name": "file",
"template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215",
"template_version": "7",
"timestamp": "1521571848",
"uuid": "36581bf5-7984-4225-9f75-b9ae6c3a895d",
"ObjectReference": [
{
"comment": "",
"object_uuid": "36581bf5-7984-4225-9f75-b9ae6c3a895d",
"referenced_uuid": "78564b68-ca38-4f83-8610-0780016cc9c6",
chg: [feed] added
2023-04-21 13:25:09 +00:00
"relationship_type": "analysed-with",
chg: [gen] updated
2023-12-14 14:30:15 +00:00
"timestamp": "1521571868",
"uuid": "5ab1581c-d4ec-4a79-9b3e-e1c102de0b81"
}
],
"Attribute": [
{
"category": "Payload delivery",
"comment": "",
"deleted": false,
"disable_correlation": false,
"object_relation": "sha1",
"timestamp": "1521571845",
"to_ids": true,
"type": "sha1",
"uuid": "5ab15805-44c0-40d1-bbf7-e1c102de0b81",
"value": "eff5e2a3ac471a1b5ecdf51a72e003a82c350506"
},
{
"category": "Payload delivery",
"comment": "",
"deleted": false,
"disable_correlation": false,
"object_relation": "sha256",
"timestamp": "1521571846",
"to_ids": true,
"type": "sha256",
"uuid": "5ab15806-7e0c-4026-914f-e1c102de0b81",
"value": "c272a2d96aefdef746f983e7f8720792e8a6dee97a766a651dc55f70f605b23d"
},
{
"category": "Payload delivery",
"comment": "",
"deleted": false,
"disable_correlation": false,
"object_relation": "md5",
"timestamp": "1521571846",
"to_ids": true,
"type": "md5",
"uuid": "5ab15806-f934-49d4-bd44-e1c102de0b81",
"value": "141e78d16456a072c9697454fc6d5f58"
}
]
},
{
"comment": "",
"deleted": false,
"description": "VirusTotal report",
"meta-category": "misc",
"name": "virustotal-report",
"template_uuid": "d7dd0154-e04f-4c34-a2fb-79f3a3a52aa4",
"template_version": "1",
"timestamp": "1521571846",
"uuid": "78564b68-ca38-4f83-8610-0780016cc9c6",
"Attribute": [
{
"category": "External analysis",
"comment": "",
"deleted": false,
"disable_correlation": false,
"object_relation": "permalink",
"timestamp": "1521571847",
"to_ids": false,
"type": "link",
"uuid": "5ab15807-5868-4677-bdc1-e1c102de0b81",
"value": "https://www.virustotal.com/file/c272a2d96aefdef746f983e7f8720792e8a6dee97a766a651dc55f70f605b23d/analysis/1521141278/"
},
{
"category": "Other",
"comment": "",
"deleted": false,
"disable_correlation": true,
"object_relation": "detection-ratio",
"timestamp": "1521571847",
"to_ids": false,
"type": "text",
"uuid": "5ab15807-2528-494e-9b72-e1c102de0b81",
"value": "25/59"
},
{
"category": "Other",
"comment": "",
"deleted": false,
"disable_correlation": false,
"object_relation": "last-submission",
"timestamp": "1521571847",
"to_ids": false,
"type": "datetime",
"uuid": "5ab15807-5614-4902-8251-e1c102de0b81",
"value": "2018-03-15T19:14:38"
}
]
},
{
"comment": "",
"deleted": false,
"description": "File object describing a file with meta-information",
"meta-category": "file",
"name": "file",
"template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215",
"template_version": "7",
"timestamp": "1521571850",
"uuid": "26df7c7f-c892-4128-a50f-3dfacc30e475",
"ObjectReference": [
{
"comment": "",
"object_uuid": "26df7c7f-c892-4128-a50f-3dfacc30e475",
"referenced_uuid": "c526bab4-b450-4b9b-a857-d625ca2b9df4",
chg: [feed] added
2023-04-21 13:25:09 +00:00
"relationship_type": "analysed-with",
chg: [gen] updated
2023-12-14 14:30:15 +00:00
"timestamp": "1521571868",
"uuid": "5ab1581c-dc94-43dd-ab2d-e1c102de0b81"
}
],
"Attribute": [
{
"category": "Payload delivery",
"comment": "",
"deleted": false,
"disable_correlation": false,
"object_relation": "sha1",
"timestamp": "1521571848",
"to_ids": true,
"type": "sha1",
"uuid": "5ab15808-756c-4c02-b449-e1c102de0b81",
"value": "095193f9eff58e84bd69d40440c691ea61a5c1bf"
},
{
"category": "Payload delivery",
"comment": "",
"deleted": false,
"disable_correlation": false,
"object_relation": "sha256",
"timestamp": "1521571848",
"to_ids": true,
"type": "sha256",
"uuid": "5ab15808-b524-49a0-b109-e1c102de0b81",
"value": "764e71b9fef3d8c7252cf861c9233bf9c9119a5267834a875bbdc541606d81ed"
},
{
"category": "Payload delivery",
"comment": "",
"deleted": false,
"disable_correlation": false,
"object_relation": "md5",
"timestamp": "1521571848",
"to_ids": true,
"type": "md5",
"uuid": "5ab15808-7428-470b-9a03-e1c102de0b81",
"value": "cda0b7fbdbdcef1777657182a504283d"
}
]
},
{
"comment": "",
"deleted": false,
"description": "VirusTotal report",
"meta-category": "misc",
"name": "virustotal-report",
"template_uuid": "d7dd0154-e04f-4c34-a2fb-79f3a3a52aa4",
"template_version": "1",
"timestamp": "1521571849",
"uuid": "c526bab4-b450-4b9b-a857-d625ca2b9df4",
"Attribute": [
{
"category": "External analysis",
"comment": "",
"deleted": false,
"disable_correlation": false,
"object_relation": "permalink",
"timestamp": "1521571849",
"to_ids": false,
"type": "link",
"uuid": "5ab15809-6f50-4b9a-b4db-e1c102de0b81",
"value": "https://www.virustotal.com/file/764e71b9fef3d8c7252cf861c9233bf9c9119a5267834a875bbdc541606d81ed/analysis/1521303629/"
},
{
"category": "Other",
"comment": "",
"deleted": false,
"disable_correlation": true,
"object_relation": "detection-ratio",
"timestamp": "1521571849",
"to_ids": false,
"type": "text",
"uuid": "5ab15809-e874-4540-ade6-e1c102de0b81",
"value": "25/60"
},
{
"category": "Other",
"comment": "",
"deleted": false,
"disable_correlation": false,
"object_relation": "last-submission",
"timestamp": "1521571849",
"to_ids": false,
"type": "datetime",
"uuid": "5ab15809-d998-449b-b7c6-e1c102de0b81",
"value": "2018-03-17T16:20:29"
}
]
},
{
"comment": "",
"deleted": false,
"description": "File object describing a file with meta-information",
"meta-category": "file",
"name": "file",
"template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215",
"template_version": "7",
"timestamp": "1521571853",
"uuid": "e96ec051-cdad-45ba-b7ed-278e1fbf1c0d",
"ObjectReference": [
{
"comment": "",
"object_uuid": "e96ec051-cdad-45ba-b7ed-278e1fbf1c0d",
"referenced_uuid": "9ae0d6cc-6be6-4cf7-ae00-bf9836bc7347",
chg: [feed] added
2023-04-21 13:25:09 +00:00
"relationship_type": "analysed-with",
chg: [gen] updated
2023-12-14 14:30:15 +00:00
"timestamp": "1521571868",
"uuid": "5ab1581c-2bbc-423c-824f-e1c102de0b81"
}
],
"Attribute": [
{
"category": "Payload delivery",
"comment": "",
"deleted": false,
"disable_correlation": false,
"object_relation": "sha1",
"timestamp": "1521571850",
"to_ids": true,
"type": "sha1",
"uuid": "5ab1580a-9d6c-46c0-8cd6-e1c102de0b81",
"value": "3f5506b06856f63b9aa610e07ec9791249199952"
},
{
"category": "Payload delivery",
"comment": "",
"deleted": false,
"disable_correlation": false,
"object_relation": "sha256",
"timestamp": "1521571850",
"to_ids": true,
"type": "sha256",
"uuid": "5ab1580a-7b94-4af8-b8a1-e1c102de0b81",
"value": "a54c992d88cadf6f426d44304fa142672f1f57b98de25b79361478b3d5cab594"
},
{
"category": "Payload delivery",
"comment": "",
"deleted": false,
"disable_correlation": false,
"object_relation": "md5",
"timestamp": "1521571851",
"to_ids": true,
"type": "md5",
"uuid": "5ab1580b-3988-473a-bedb-e1c102de0b81",
"value": "277256f905d7cb07cdcd096cecc27e76"
}
]
},
{
"comment": "",
"deleted": false,
"description": "VirusTotal report",
"meta-category": "misc",
"name": "virustotal-report",
"template_uuid": "d7dd0154-e04f-4c34-a2fb-79f3a3a52aa4",
"template_version": "1",
"timestamp": "1521571851",
"uuid": "9ae0d6cc-6be6-4cf7-ae00-bf9836bc7347",
"Attribute": [
{
"category": "External analysis",
"comment": "",
"deleted": false,
"disable_correlation": false,
"object_relation": "permalink",
"timestamp": "1521571851",
"to_ids": false,
"type": "link",
"uuid": "5ab1580b-ba08-4e26-b172-e1c102de0b81",
"value": "https://www.virustotal.com/file/a54c992d88cadf6f426d44304fa142672f1f57b98de25b79361478b3d5cab594/analysis/1521303336/"
},
{
"category": "Other",
"comment": "",
"deleted": false,
"disable_correlation": true,
"object_relation": "detection-ratio",
"timestamp": "1521571852",
"to_ids": false,
"type": "text",
"uuid": "5ab1580c-c5a4-44a1-b254-e1c102de0b81",
"value": "29/60"
},
{
"category": "Other",
"comment": "",
"deleted": false,
"disable_correlation": false,
"object_relation": "last-submission",
"timestamp": "1521571852",
"to_ids": false,
"type": "datetime",
"uuid": "5ab1580c-000c-4f38-bdf4-e1c102de0b81",
"value": "2018-03-17T16:15:36"
}
]
},
{
"comment": "",
"deleted": false,
"description": "File object describing a file with meta-information",
"meta-category": "file",
"name": "file",
"template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215",
"template_version": "7",
"timestamp": "1521571855",
"uuid": "eb510916-5440-457d-8b5a-2e67dbd8f5c8",
"ObjectReference": [
{
"comment": "",
"object_uuid": "eb510916-5440-457d-8b5a-2e67dbd8f5c8",
"referenced_uuid": "b3c5a480-22df-4ca6-a89d-67ab89e1ef8e",
chg: [feed] added
2023-04-21 13:25:09 +00:00
"relationship_type": "analysed-with",
chg: [gen] updated
2023-12-14 14:30:15 +00:00
"timestamp": "1521571868",
"uuid": "5ab1581d-44b8-476b-94a1-e1c102de0b81"
}
],
"Attribute": [
{
"category": "Payload delivery",
"comment": "",
"deleted": false,
"disable_correlation": false,
"object_relation": "sha1",
"timestamp": "1521571852",
"to_ids": true,
"type": "sha1",
"uuid": "5ab1580c-b7e8-40ba-a6ef-e1c102de0b81",
"value": "5df2cb4b3a29adad4ba0a8f0b7eab5b6ae633977"
},
{
"category": "Payload delivery",
"comment": "",
"deleted": false,
"disable_correlation": false,
"object_relation": "sha256",
"timestamp": "1521571853",
"to_ids": true,
"type": "sha256",
"uuid": "5ab1580d-e6b4-4d1f-8dc3-e1c102de0b81",
"value": "b02508baf8567e62f3c0fd14833c82fb24e8ba4f0dc84aeb7690d9ea83385baa"
},
{
"category": "Payload delivery",
"comment": "",
"deleted": false,
"disable_correlation": false,
"object_relation": "md5",
"timestamp": "1521571853",
"to_ids": true,
"type": "md5",
"uuid": "5ab1580d-e0e8-458b-9e82-e1c102de0b81",
"value": "4909db36f71106379832c8ca57ba5be8"
}
]
},
{
"comment": "",
"deleted": false,
"description": "VirusTotal report",
"meta-category": "misc",
"name": "virustotal-report",
"template_uuid": "d7dd0154-e04f-4c34-a2fb-79f3a3a52aa4",
"template_version": "1",
"timestamp": "1521571854",
"uuid": "b3c5a480-22df-4ca6-a89d-67ab89e1ef8e",
"Attribute": [
{
"category": "External analysis",
"comment": "",
"deleted": false,
"disable_correlation": false,
"object_relation": "permalink",
"timestamp": "1521571854",
"to_ids": false,
"type": "link",
"uuid": "5ab1580e-9c10-4ff2-80ea-e1c102de0b81",
"value": "https://www.virustotal.com/file/b02508baf8567e62f3c0fd14833c82fb24e8ba4f0dc84aeb7690d9ea83385baa/analysis/1521463198/"
},
{
"category": "Other",
"comment": "",
"deleted": false,
"disable_correlation": true,
"object_relation": "detection-ratio",
"timestamp": "1521571854",
"to_ids": false,
"type": "text",
"uuid": "5ab1580e-5e98-4301-8a31-e1c102de0b81",
"value": "30/60"
},
{
"category": "Other",
"comment": "",
"deleted": false,
"disable_correlation": false,
"object_relation": "last-submission",
"timestamp": "1521571854",
"to_ids": false,
"type": "datetime",
"uuid": "5ab1580e-b67c-4537-88ef-e1c102de0b81",
"value": "2018-03-19T12:39:58"
}
]
},
{
"comment": "",
"deleted": false,
"description": "File object describing a file with meta-information",
"meta-category": "file",
"name": "file",
"template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215",
"template_version": "7",
"timestamp": "1521571858",
"uuid": "769ce047-ff32-42fa-aca3-aa3f3cd47615",
"ObjectReference": [
{
"comment": "",
"object_uuid": "769ce047-ff32-42fa-aca3-aa3f3cd47615",
"referenced_uuid": "38489708-7681-4bf1-b940-d0497914665d",
chg: [feed] added
2023-04-21 13:25:09 +00:00
"relationship_type": "analysed-with",
chg: [gen] updated
2023-12-14 14:30:15 +00:00
"timestamp": "1521571869",
"uuid": "5ab1581d-4fe8-4be7-8b0b-e1c102de0b81"
}
],
"Attribute": [
{
"category": "Payload delivery",
"comment": "",
"deleted": false,
"disable_correlation": false,
"object_relation": "sha1",
"timestamp": "1521571855",
"to_ids": true,
"type": "sha1",
"uuid": "5ab1580f-6f40-49fc-b0f7-e1c102de0b81",
"value": "421eecdfe4f6987bb9ff7a6d65827563e53eafbb"
},
{
"category": "Payload delivery",
"comment": "",
"deleted": false,
"disable_correlation": false,
"object_relation": "sha256",
"timestamp": "1521571855",
"to_ids": true,
"type": "sha256",
"uuid": "5ab1580f-01e0-41bd-963e-e1c102de0b81",
"value": "3d6eadf0f0b3fb7f996e6eb3d540945c2d736822df1a37dcd0e25371fa2d75a0"
},
{
"category": "Payload delivery",
"comment": "",
"deleted": false,
"disable_correlation": false,
"object_relation": "md5",
"timestamp": "1521571856",
"to_ids": true,
"type": "md5",
"uuid": "5ab15810-7e0c-4aa0-b46b-e1c102de0b81",
"value": "4e4e9aac289f1c55e50227e2de66463b"
}
]
},
{
"comment": "",
"deleted": false,
"description": "VirusTotal report",
"meta-category": "misc",
"name": "virustotal-report",
"template_uuid": "d7dd0154-e04f-4c34-a2fb-79f3a3a52aa4",
"template_version": "1",
"timestamp": "1521571856",
"uuid": "38489708-7681-4bf1-b940-d0497914665d",
"Attribute": [
{
"category": "External analysis",
"comment": "",
"deleted": false,
"disable_correlation": false,
"object_relation": "permalink",
"timestamp": "1521571856",
"to_ids": false,
"type": "link",
"uuid": "5ab15810-83c0-46b3-b737-e1c102de0b81",
"value": "https://www.virustotal.com/file/3d6eadf0f0b3fb7f996e6eb3d540945c2d736822df1a37dcd0e25371fa2d75a0/analysis/1521303407/"
},
{
"category": "Other",
"comment": "",
"deleted": false,
"disable_correlation": true,
"object_relation": "detection-ratio",
"timestamp": "1521571857",
"to_ids": false,
"type": "text",
"uuid": "5ab15811-afb0-4768-9a57-e1c102de0b81",
"value": "31/60"
},
{
"category": "Other",
"comment": "",
"deleted": false,
"disable_correlation": false,
"object_relation": "last-submission",
"timestamp": "1521571857",
"to_ids": false,
"type": "datetime",
"uuid": "5ab15811-7f24-4c1b-9bf3-e1c102de0b81",
"value": "2018-03-17T16:16:47"
}
]
},
{
"comment": "",
"deleted": false,
"description": "VirusTotal report",
"meta-category": "misc",
"name": "virustotal-report",
"template_uuid": "d7dd0154-e04f-4c34-a2fb-79f3a3a52aa4",
"template_version": "1",
"timestamp": "1521571857",
"uuid": "a377dd67-a104-4cf0-a517-c6a7aa915ec7",
"Attribute": [
{
"category": "External analysis",
"comment": "",
"deleted": false,
"disable_correlation": false,
"object_relation": "permalink",
"timestamp": "1521571857",
"to_ids": false,
"type": "link",
"uuid": "5ab15811-7938-4f40-9783-e1c102de0b81",
"value": "https://www.virustotal.com/file/6401abe9b6e90411dc48ffc863c40c9d9b073590a8014fe1b0e6c2ecab2f7e18/analysis/1521302135/"
},
{
"category": "Other",
"comment": "",
"deleted": false,
"disable_correlation": true,
"object_relation": "detection-ratio",
"timestamp": "1521571858",
"to_ids": false,
"type": "text",
"uuid": "5ab15812-e350-4e89-9cd0-e1c102de0b81",
"value": "24/57"
},
{
"category": "Other",
"comment": "",
"deleted": false,
"disable_correlation": false,
"object_relation": "last-submission",
"timestamp": "1521571858",
"to_ids": false,
"type": "datetime",
"uuid": "5ab15812-b218-44de-8b50-e1c102de0b81",
"value": "2018-03-17T15:55:35"
}
]
},
{
"comment": "",
"deleted": false,
"description": "VirusTotal report",
"meta-category": "misc",
"name": "virustotal-report",
"template_uuid": "d7dd0154-e04f-4c34-a2fb-79f3a3a52aa4",
"template_version": "1",
"timestamp": "1521571858",
"uuid": "fa75388a-9fbe-4682-82db-1a02068aac41",
"Attribute": [
{
"category": "External analysis",
"comment": "",
"deleted": false,
"disable_correlation": false,
"object_relation": "permalink",
"timestamp": "1521571858",
"to_ids": false,
"type": "link",
"uuid": "5ab15812-8aec-41f2-b209-e1c102de0b81",
"value": "https://www.virustotal.com/file/fcc093a79fae9b92e69c99bb28f9ae12939e4e1327a371eeac9207e346eccdb4/analysis/1521141310/"
},
{
"category": "Other",
"comment": "",
"deleted": false,
"disable_correlation": true,
"object_relation": "detection-ratio",
"timestamp": "1521571859",
"to_ids": false,
"type": "text",
"uuid": "5ab15813-d040-4909-bd59-e1c102de0b81",
"value": "24/59"
},
{
"category": "Other",
"comment": "",
"deleted": false,
"disable_correlation": false,
"object_relation": "last-submission",
"timestamp": "1521571859",
"to_ids": false,
"type": "datetime",
"uuid": "5ab15813-67c4-4f65-8873-e1c102de0b81",
"value": "2018-03-15T19:15:10"
}
]
},
{
"comment": "",
"deleted": false,
"description": "VirusTotal report",
"meta-category": "misc",
"name": "virustotal-report",
"template_uuid": "d7dd0154-e04f-4c34-a2fb-79f3a3a52aa4",
"template_version": "1",
"timestamp": "1521571859",
"uuid": "da511a48-fb7c-48e9-af7b-87959d26df32",
"Attribute": [
{
"category": "External analysis",
"comment": "",
"deleted": false,
"disable_correlation": false,
"object_relation": "permalink",
"timestamp": "1521571859",
"to_ids": false,
"type": "link",
"uuid": "5ab15813-6848-41de-a43b-e1c102de0b81",
"value": "https://www.virustotal.com/file/a278256fbf2f061cfded7fdd58feded6765fade730374c508adad89282f67d77/analysis/1521140874/"
},
{
"category": "Other",
"comment": "",
"deleted": false,
"disable_correlation": true,
"object_relation": "detection-ratio",
"timestamp": "1521571860",
"to_ids": false,
"type": "text",
"uuid": "5ab15814-7220-430b-b7b6-e1c102de0b81",
"value": "45/66"
},
{
"category": "Other",
"comment": "",
"deleted": false,
"disable_correlation": false,
"object_relation": "last-submission",
"timestamp": "1521571860",
"to_ids": false,
"type": "datetime",
"uuid": "5ab15814-c07c-4e39-a67b-e1c102de0b81",
"value": "2018-03-15T19:07:54"
}
]
},
{
"comment": "",
"deleted": false,
"description": "VirusTotal report",
"meta-category": "misc",
"name": "virustotal-report",
"template_uuid": "d7dd0154-e04f-4c34-a2fb-79f3a3a52aa4",
"template_version": "1",
"timestamp": "1521571860",
"uuid": "43871de9-0fbb-4042-979d-c05a03f7591b",
"Attribute": [
{
"category": "External analysis",
"comment": "",
"deleted": false,
"disable_correlation": false,
"object_relation": "permalink",
"timestamp": "1521571860",
"to_ids": false,
"type": "link",
"uuid": "5ab15814-adcc-4e6c-a1b5-e1c102de0b81",
"value": "https://www.virustotal.com/file/f8dbabdfa03068130c277ce49c60e35c029ff29d9e3c74c362521f3fb02670d5/analysis/1521206204/"
},
{
"category": "Other",
"comment": "",
"deleted": false,
"disable_correlation": true,
"object_relation": "detection-ratio",
"timestamp": "1521571861",
"to_ids": false,
"type": "text",
"uuid": "5ab15815-69c4-4dd1-a33f-e1c102de0b81",
"value": "1/64"
},
{
"category": "Other",
"comment": "",
"deleted": false,
"disable_correlation": false,
"object_relation": "last-submission",
"timestamp": "1521571861",
"to_ids": false,
"type": "datetime",
"uuid": "5ab15815-8dd8-4add-a1a9-e1c102de0b81",
"value": "2018-03-16T13:16:44"
}
]
},
{
"comment": "",
"deleted": false,
"description": "VirusTotal report",
"meta-category": "misc",
"name": "virustotal-report",
"template_uuid": "d7dd0154-e04f-4c34-a2fb-79f3a3a52aa4",
"template_version": "1",
"timestamp": "1521571861",
"uuid": "e5412ec5-9117-48af-ad6a-302b656170d5",
"Attribute": [
{
"category": "External analysis",
"comment": "",
"deleted": false,
"disable_correlation": false,
"object_relation": "permalink",
"timestamp": "1521571861",
"to_ids": false,
"type": "link",
"uuid": "5ab15815-aed4-4e44-94db-e1c102de0b81",
"value": "https://www.virustotal.com/file/ac6c1df3895af63b864bb33bf30cb31059e247443ddb8f23517849362ec94f08/analysis/1521303125/"
},
{
"category": "Other",
"comment": "",
"deleted": false,
"disable_correlation": true,
"object_relation": "detection-ratio",
"timestamp": "1521571862",
"to_ids": false,
"type": "text",
"uuid": "5ab15816-1808-4cc8-8861-e1c102de0b81",
"value": "31/60"
},
{
"category": "Other",
"comment": "",
"deleted": false,
"disable_correlation": false,
"object_relation": "last-submission",
"timestamp": "1521571862",
"to_ids": false,
"type": "datetime",
"uuid": "5ab15816-4c1c-4936-a6b8-e1c102de0b81",
"value": "2018-03-17T16:12:05"
}
]
},
{
"comment": "",
"deleted": false,
"description": "VirusTotal report",
"meta-category": "misc",
"name": "virustotal-report",
"template_uuid": "d7dd0154-e04f-4c34-a2fb-79f3a3a52aa4",
"template_version": "1",
"timestamp": "1521571862",
"uuid": "eed7ce27-e8b2-4d01-bf3b-8540ba85e2c6",
"Attribute": [
{
"category": "External analysis",
"comment": "",
"deleted": false,
"disable_correlation": false,
"object_relation": "permalink",
"timestamp": "1521571862",
"to_ids": false,
"type": "link",
"uuid": "5ab15816-ee60-4021-9c67-e1c102de0b81",
"value": "https://www.virustotal.com/file/9b97290300abb68fb48480718e6318ee2cdd4f099aa6438010fb2f44803e0b58/analysis/1521302794/"
},
{
"category": "Other",
"comment": "",
"deleted": false,
"disable_correlation": true,
"object_relation": "detection-ratio",
"timestamp": "1521571863",
"to_ids": false,
"type": "text",
"uuid": "5ab15817-99ec-47a3-9db0-e1c102de0b81",
"value": "25/58"
},
{
"category": "Other",
"comment": "",
"deleted": false,
"disable_correlation": false,
"object_relation": "last-submission",
"timestamp": "1521571863",
"to_ids": false,
"type": "datetime",
"uuid": "5ab15817-f508-4fee-99ed-e1c102de0b81",
"value": "2018-03-17T16:06:34"
}
]
},
{
"comment": "",
"deleted": false,
"description": "VirusTotal report",
"meta-category": "misc",
"name": "virustotal-report",
"template_uuid": "d7dd0154-e04f-4c34-a2fb-79f3a3a52aa4",
"template_version": "1",
"timestamp": "1521571863",
"uuid": "cced1e71-a4a2-4b3f-9dba-4e0d6f790640",
"Attribute": [
{
"category": "External analysis",
"comment": "",
"deleted": false,
"disable_correlation": false,
"object_relation": "permalink",
"timestamp": "1521571863",
"to_ids": false,
"type": "link",
"uuid": "5ab15817-7ff8-42db-bfcc-e1c102de0b81",
"value": "https://www.virustotal.com/file/72a28efb6e32e653b656ca32ccd44b3111145a695f6f6161965deebbdc437076/analysis/1521306629/"
},
{
"category": "Other",
"comment": "",
"deleted": false,
"disable_correlation": true,
"object_relation": "detection-ratio",
"timestamp": "1521571864",
"to_ids": false,
"type": "text",
"uuid": "5ab15818-4e44-4db8-8a1e-e1c102de0b81",
"value": "10/59"
},
{
"category": "Other",
"comment": "",
"deleted": false,
"disable_correlation": false,
"object_relation": "last-submission",
"timestamp": "1521571864",
"to_ids": false,
"type": "datetime",
"uuid": "5ab15818-ee28-44f7-b3ff-e1c102de0b81",
"value": "2018-03-17T17:10:29"
}
]
},
{
"comment": "",
"deleted": false,
"description": "VirusTotal report",
"meta-category": "misc",
"name": "virustotal-report",
"template_uuid": "d7dd0154-e04f-4c34-a2fb-79f3a3a52aa4",
"template_version": "1",
"timestamp": "1521571864",
"uuid": "31025798-921f-4e1f-94ad-160e77001592",
"Attribute": [
{
"category": "External analysis",
"comment": "",
"deleted": false,
"disable_correlation": false,
"object_relation": "permalink",
"timestamp": "1521571864",
"to_ids": false,
"type": "link",
"uuid": "5ab15818-1ef4-4121-8982-e1c102de0b81",
"value": "https://www.virustotal.com/file/2f159b71183a69928ba8f26b76772ec504aefeac71021b012bd006162e133731/analysis/1521302917/"
},
{
"category": "Other",
"comment": "",
"deleted": false,
"disable_correlation": true,
"object_relation": "detection-ratio",
"timestamp": "1521571865",
"to_ids": false,
"type": "text",
"uuid": "5ab15819-ca4c-4469-9ff3-e1c102de0b81",
"value": "38/66"
},
{
"category": "Other",
"comment": "",
"deleted": false,
"disable_correlation": false,
"object_relation": "last-submission",
"timestamp": "1521571865",
"to_ids": false,
"type": "datetime",
"uuid": "5ab15819-95f0-48c1-84aa-e1c102de0b81",
"value": "2018-03-17T16:08:37"
}
]
},
{
"comment": "",
"deleted": false,
"description": "VirusTotal report",
"meta-category": "misc",
"name": "virustotal-report",
"template_uuid": "d7dd0154-e04f-4c34-a2fb-79f3a3a52aa4",
"template_version": "1",
"timestamp": "1521571865",
"uuid": "c4f3b65c-59cf-439d-845e-e1e147898568",
"Attribute": [
{
"category": "External analysis",
"comment": "",
"deleted": false,
"disable_correlation": false,
"object_relation": "permalink",
"timestamp": "1521571865",
"to_ids": false,
"type": "link",
"uuid": "5ab15819-6e20-44a8-8af1-e1c102de0b81",
"value": "https://www.virustotal.com/file/f2943f5e45befa52fb12748ca7171d30096e1d4fc3c365561497c618341299d5/analysis/1521302528/"
},
{
"category": "Other",
"comment": "",
"deleted": false,
"disable_correlation": true,
"object_relation": "detection-ratio",
"timestamp": "1521571866",
"to_ids": false,
"type": "text",
"uuid": "5ab1581a-1658-41c4-821a-e1c102de0b81",
"value": "25/58"
},
{
"category": "Other",
"comment": "",
"deleted": false,
"disable_correlation": false,
"object_relation": "last-submission",
"timestamp": "1521571866",
"to_ids": false,
"type": "datetime",
"uuid": "5ab1581a-d004-42f2-9ee4-e1c102de0b81",
"value": "2018-03-17T16:02:08"
}
]
},
{
"comment": "",
"deleted": false,
"description": "VirusTotal report",
"meta-category": "misc",
"name": "virustotal-report",
"template_uuid": "d7dd0154-e04f-4c34-a2fb-79f3a3a52aa4",
"template_version": "1",
"timestamp": "1521571866",
"uuid": "dbf7cd6d-1439-4c5c-990a-cd5af23dea49",
"Attribute": [
{
"category": "External analysis",
"comment": "",
"deleted": false,
"disable_correlation": false,
"object_relation": "permalink",
"timestamp": "1521571866",
"to_ids": false,
"type": "link",
"uuid": "5ab1581a-795c-4adc-8219-e1c102de0b81",
"value": "https://www.virustotal.com/file/070d7082a5abe1112615877214ec82241fd17e5bd465e24d794a470f699af88e/analysis/1521567919/"
},
{
"category": "Other",
"comment": "",
"deleted": false,
"disable_correlation": true,
"object_relation": "detection-ratio",
"timestamp": "1521571867",
"to_ids": false,
"type": "text",
"uuid": "5ab1581b-c348-4e1b-80ed-e1c102de0b81",
"value": "3/64"
},
{
"category": "Other",
"comment": "",
"deleted": false,
"disable_correlation": false,
"object_relation": "last-submission",
"timestamp": "1521571867",
"to_ids": false,
"type": "datetime",
"uuid": "5ab1581b-430c-422e-9523-e1c102de0b81",
"value": "2018-03-20T17:45:19"
}
]
}
chg: [feed] added
2023-04-21 13:25:09 +00:00
]
chg: [gen] updated
2023-12-14 14:30:15 +00:00
}
chg: [feed] added
2023-04-21 13:25:09 +00:00
}
Reference in a new issue Copy permalink