2023-04-21 13:25:09 +00:00
{
2023-12-14 14:30:15 +00:00
"Event" : {
"analysis" : "2" ,
"date" : "2018-06-26" ,
"extends_uuid" : "" ,
"info" : "OSINT - RedAlpha: New Campaigns Discovered Targeting the Tibetan Community" ,
"publish_timestamp" : "1534250396" ,
"published" : true ,
"threat_level_id" : "3" ,
"timestamp" : "1534250303" ,
"uuid" : "5b337e5f-4810-4cbe-bb0e-4b79950d210f" ,
"Orgc" : {
"name" : "CIRCL" ,
"uuid" : "55f6ea5e-2c60-40e5-964f-47a8950d210f"
} ,
"Tag" : [
{
"colour" : "#0088cc" ,
2024-04-05 12:15:17 +00:00
"local" : false ,
2023-12-14 14:30:15 +00:00
"name" : "misp-galaxy:rat=\"NJRat\"" ,
"relationship_type" : ""
} ,
{
"colour" : "#054000" ,
2024-04-05 12:15:17 +00:00
"local" : false ,
2023-12-14 14:30:15 +00:00
"name" : "misp-galaxy:tool=\"njRAT\"" ,
"relationship_type" : ""
} ,
{
"colour" : "#0088cc" ,
2024-04-05 12:15:17 +00:00
"local" : false ,
2023-12-14 14:30:15 +00:00
"name" : "misp-galaxy:threat-actor=\"RedAlpha\"" ,
"relationship_type" : ""
} ,
{
"colour" : "#ffffff" ,
2024-04-05 12:15:17 +00:00
"local" : false ,
2023-12-14 14:30:15 +00:00
"name" : "tlp:white" ,
"relationship_type" : ""
} ,
{
"colour" : "#0088cc" ,
2024-04-05 12:15:17 +00:00
"local" : false ,
2023-12-14 14:30:15 +00:00
"name" : "misp-galaxy:sector=\"NGO\"" ,
"relationship_type" : ""
}
] ,
"Attribute" : [
{
"category" : "External analysis" ,
"comment" : "" ,
"deleted" : false ,
"disable_correlation" : false ,
"timestamp" : "1530101388" ,
"to_ids" : false ,
"type" : "link" ,
"uuid" : "5b337e8c-cee4-4d6d-b810-4276950d210f" ,
"value" : "https://www.recordedfuture.com/redalpha-cyber-campaigns/"
} ,
{
"category" : "External analysis" ,
"comment" : "" ,
"deleted" : false ,
"disable_correlation" : false ,
"timestamp" : "1530101467" ,
"to_ids" : false ,
"type" : "link" ,
"uuid" : "5b337edb-8318-4ec6-a18f-48db950d210f" ,
"value" : "https://go.recordedfuture.com/hubfs/reports/cta-2018-0626.pdf"
} ,
{
"category" : "External analysis" ,
"comment" : "" ,
"deleted" : false ,
"disable_correlation" : false ,
"timestamp" : "1530101672" ,
"to_ids" : false ,
"type" : "text" ,
"uuid" : "5b337fa8-09a0-4771-b1cc-2f80950d210f" ,
"value" : "Scope Note: Recorded Future analyzed new malware targeting the Tibetan community. This report includes a detailed analysis of the malware itself and associated infrastructure. Sources include Recorded Future\u00e2\u20ac\u2122s platform, VirusTotal, ReversingLabs, and third-party metadata, as well as common OSINT and network metadata enrichments, such as DomainTools Iris and PassiveTotal, and researcher collaboration.1 The impetus of this research is twofold: to provide indicators to leverage for protection for likely victims and to raise awareness of a possible shift in adversary TTPs."
} ,
{
"category" : "Network activity" ,
"comment" : "C2" ,
"deleted" : false ,
"disable_correlation" : false ,
"timestamp" : "1533041438" ,
"to_ids" : true ,
"type" : "hostname" ,
"uuid" : "5b605b1e-d01c-4031-8026-4d1e950d210f" ,
"value" : "doc.internetdocss.com"
} ,
{
"category" : "Network activity" ,
"comment" : "" ,
"deleted" : false ,
"disable_correlation" : false ,
"timestamp" : "1533043351" ,
"to_ids" : true ,
"type" : "url" ,
"uuid" : "5b606297-aa30-4385-853f-41f9950d210f" ,
"value" : "http://doc.internetdocss.com/nethelpx86.dll"
} ,
{
"category" : "Payload delivery" ,
"comment" : "" ,
"deleted" : false ,
"disable_correlation" : false ,
"timestamp" : "1533043351" ,
"to_ids" : true ,
"type" : "filename" ,
"uuid" : "5b606297-8378-4d8c-8df2-4705950d210f" ,
"value" : "%WINDIR%\\nethelp.dll"
} ,
{
"category" : "Network activity" ,
"comment" : "" ,
"deleted" : false ,
"disable_correlation" : false ,
"timestamp" : "1533043419" ,
"to_ids" : true ,
"type" : "url" ,
"uuid" : "5b6062db-b7c4-4424-a0cc-40fa950d210f" ,
"value" : "http://doc.internetdocss.com/audiox86.exe"
} ,
{
"category" : "Network activity" ,
"comment" : "C2" ,
"deleted" : false ,
"disable_correlation" : false ,
"timestamp" : "1533118828" ,
"to_ids" : true ,
"type" : "hostname" ,
"uuid" : "5b61896c-d2a0-4f40-94a5-4215950d210f" ,
"value" : "www.hktechy.com"
} ,
{
"category" : "Network activity" ,
"comment" : "C2" ,
"deleted" : false ,
"disable_correlation" : false ,
"timestamp" : "1533118828" ,
"to_ids" : true ,
"type" : "hostname" ,
"uuid" : "5b61896c-cc28-4b71-be77-4c17950d210f" ,
"value" : "index.ackques.com"
} ,
{
"category" : "Network activity" ,
"comment" : "" ,
"deleted" : false ,
"disable_correlation" : false ,
"timestamp" : "1533121995" ,
"to_ids" : true ,
"type" : "url" ,
"uuid" : "5b6195cb-7940-40be-ba96-46b1950d210f" ,
"value" : "index.acques.com/index.html"
} ,
{
"category" : "Network activity" ,
"comment" : "" ,
"deleted" : false ,
"disable_correlation" : false ,
"timestamp" : "1533126103" ,
"to_ids" : true ,
"type" : "hostname" ,
"uuid" : "5b61a5d7-5810-45cb-a80d-4a7d950d210f" ,
"value" : "striker.internetdocss.com"
} ,
{
"category" : "Network activity" ,
"comment" : "" ,
"deleted" : false ,
"disable_correlation" : false ,
"timestamp" : "1533131835" ,
"to_ids" : true ,
"type" : "url" ,
"uuid" : "5b61bc3b-c298-44cf-85f7-4624950d210f" ,
"value" : "http://doc.internetdocss.com/index?"
} ,
{
"category" : "Network activity" ,
"comment" : "C2" ,
"deleted" : false ,
"disable_correlation" : false ,
"timestamp" : "1533563982" ,
"to_ids" : true ,
"type" : "url" ,
"uuid" : "5b68544e-a118-4b18-a3a1-8674950d210f" ,
"value" : "http://220.218.70.160/sec.hta"
} ,
{
"category" : "Network activity" ,
"comment" : "" ,
"deleted" : false ,
"disable_correlation" : false ,
"timestamp" : "1533632901" ,
"to_ids" : true ,
"type" : "ip-dst" ,
"uuid" : "5b696185-abd8-4c4a-a7c0-4d3c950d210f" ,
"value" : "122.10.84.146"
} ,
{
"category" : "Network activity" ,
"comment" : "" ,
"deleted" : false ,
"disable_correlation" : false ,
"timestamp" : "1533632902" ,
"to_ids" : true ,
"type" : "ip-dst" ,
"uuid" : "5b696186-2ba0-4bdb-8835-4fa4950d210f" ,
"value" : "103.245.22.117"
} ,
{
"category" : "Network activity" ,
"comment" : "" ,
"deleted" : false ,
"disable_correlation" : false ,
"timestamp" : "1533632903" ,
"to_ids" : true ,
"type" : "ip-dst" ,
"uuid" : "5b696187-3674-4d2b-af94-40c7950d210f" ,
"value" : "103.245.22.124"
} ,
{
"category" : "Network activity" ,
"comment" : "" ,
"deleted" : false ,
"disable_correlation" : false ,
"timestamp" : "1533634582" ,
"to_ids" : true ,
"type" : "ip-dst" ,
"uuid" : "5b696816-b788-4c94-ad87-4f9d950d210f" ,
"value" : "103.30.7.76"
} ,
{
"category" : "Network activity" ,
"comment" : "" ,
"deleted" : false ,
"disable_correlation" : false ,
"timestamp" : "1533634582" ,
"to_ids" : true ,
"type" : "ip-dst" ,
"uuid" : "5b696816-05d4-4748-8410-46d8950d210f" ,
"value" : "103.30.7.77"
} ,
{
"category" : "Network activity" ,
"comment" : "" ,
"deleted" : false ,
"disable_correlation" : false ,
"timestamp" : "1533634583" ,
"to_ids" : true ,
"type" : "ip-dst" ,
"uuid" : "5b696817-66d0-439e-b619-4269950d210f" ,
"value" : "103.20.192.59"
} ,
{
"category" : "Network activity" ,
"comment" : "" ,
"deleted" : false ,
"disable_correlation" : false ,
"timestamp" : "1533634583" ,
"to_ids" : true ,
"type" : "ip-dst" ,
"uuid" : "5b696817-0fa0-4020-bf22-4a1a950d210f" ,
"value" : "103.20.195.140"
} ,
{
"category" : "Network activity" ,
"comment" : "" ,
"deleted" : false ,
"disable_correlation" : false ,
"timestamp" : "1533634584" ,
"to_ids" : true ,
"type" : "ip-dst" ,
"uuid" : "5b696818-c060-4f3c-9a48-4054950d210f" ,
"value" : "103.20.192.4"
} ,
{
"category" : "Network activity" ,
"comment" : "" ,
"deleted" : false ,
"disable_correlation" : false ,
"timestamp" : "1533634584" ,
"to_ids" : true ,
"type" : "ip-dst" ,
"uuid" : "5b696818-0924-4d39-847b-4a71950d210f" ,
"value" : "103.20.192.248"
} ,
{
"category" : "Network activity" ,
"comment" : "" ,
"deleted" : false ,
"disable_correlation" : false ,
"timestamp" : "1533640072" ,
"to_ids" : true ,
"type" : "ip-dst" ,
"uuid" : "5b697d88-0db0-4536-a89e-436d950d210f" ,
"value" : "142.4.62.249"
} ,
{
"category" : "Network activity" ,
"comment" : "" ,
"deleted" : false ,
"disable_correlation" : false ,
"timestamp" : "1533640073" ,
"to_ids" : true ,
"type" : "ip-dst" ,
"uuid" : "5b697d89-1520-42cb-a2cc-4ad1950d210f" ,
"value" : "27.126.179.156"
} ,
{
"category" : "Network activity" ,
"comment" : "" ,
"deleted" : false ,
"disable_correlation" : false ,
"timestamp" : "1533640074" ,
"to_ids" : true ,
"type" : "ip-dst" ,
"uuid" : "5b697d8a-3054-4ae5-9c06-4b72950d210f" ,
"value" : "27.126.179.160"
} ,
{
"category" : "Payload delivery" ,
"comment" : "2017 Campaign" ,
"deleted" : false ,
"disable_correlation" : false ,
"timestamp" : "1533640543" ,
"to_ids" : false ,
"type" : "yara" ,
"uuid" : "5b697f5f-3324-436c-93e1-4532950d210f" ,
"value" : "import \"pe\"\r\nrule apt_ZZ_RedAlpha_2017Campaign_Dropper\r\n{\r\n meta:\r\n desc = \"RedAlpha 2017 Campaign, Dropper\"\r\n author = \"JAG-S, Insikt Group, RecordedFuture\"\r\n TLP = \"White\"\r\n md5_x86 = \"cb71f3b4f08eba58857532ac90bac77d\"\r\n md5_x64 = \"1412102eda0c2e5a5a85cb193dbb1524\"\r\n strings:\r\n $drops1 = \"http://doc.internetdocss.com/nethelp x86.dll\" ascii wide\r\n $drops2 = \"http://doc.internetdocss.com/audio x86.exe\" ascii wide\r\n $drops3 = \"http://doc.internetdocss.com/nethelp x64.dll\" ascii wide\r\n $drops4 = \"http://doc.internetdocss.com/audio x64.exe\" ascii wide\r\n $source1 = \"http://doc.internetdocss.com/word x86.exe\" ascii wide\r\n $source2 = \"http://doc.internetdocss.com/word x64.exe\" ascii wide\r\n $path1 = \"\\\\Programs\\\\Startup\\\\audio.exe\" ascii wide\r\n $path2 = \"c:\\\\Windows\\\\nethelp.dll\" ascii wide\r\n $persistence1 = \"SOFTWARE\\\\Microsoft\\\\Windows NT\\\\CurrentVersion\\\\svchost\" ascii\r\nwide\r\n $persistence2 = \"%SystemRoot%\\\\system32\\\\svchost.exe -k \" ascii wide\r\n $persistence3 = \"SYSTEM\\\\CurrentControlSet\\\\Services\\\\\" ascii wide\r\n $persistence4 = \"Parameters\" ascii wide\r\n $persistence5 = \"ServiceDll\" ascii wide\r\n $persistence6 = \"NetHelp\" ascii wide\r\n $persistence7 = \"Windows Internet Help\" ascii wide\r\n condition:\r\n uint16(0)==0x5A4D\r\n and\r\n filesize < 500KB\r\n and\r\n (\r\n (pe.imphash() == \"3697a1f9150de181026ce089c10657c3\" or pe.imphash() ==\r\n\"e6e566fc8a1dee3019821e84c5ad58cc\")\r\n or\r\n (\r\n any of ($drops*)\r\n or\r\n any of ($source*)\r\n or\r\n any of ($path*)\r\n or\r\n 6 of ($persistence*)\r\n )\r\n )\r\n}\r\n\r\nrule apt_ZZ_RedAlpha_2017Campaign_nethelp\r\n{\r\nmeta:\r\ndesc = \"RedAlpha 2017 Campaign, NetHelp Drop\"\r\nauthor = \"JAG-S, Insikt Group, RecordedFuture\"\r\nTLP = \"White\"\r\nmd5_x86 = \"42256b4753724f7feb411bc9912155fd\"\r\nmd5_x86 = \"6d1d6987d0677f40e473befab121ab1b\"\r\nmd5_x64 = \"8f0fe2620f8dadf93eee285834e35655\"\r\nmd5_x64 = \"cd32ce54ed94dfbde7fb85930a16597d\"\r\nmd5_x64_striker = \"6dd1be1e491d5bf9cd14686c185c3009\"\r\nstrings:\r\n$postreq1 = \"POST /index.html HTTP/1.1\" ascii wide\r\n$postreq2 = \"Host: index.ackques.com\" ascii wide\r\n$postreq3 = \"User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; rv:53.0) Gecko/20100101\r\nChrome /53.0\" ascii wide\r\n$postreq4 = \"Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*\" ascii\r\nwide\r\n$postreq5 = \"Accept-Language: en-US;q=0.5,en;q=0.3\" ascii wide\r\n$postreq6 = \"Accept-Encoding: gzip, deflate\" ascii wide\r\n$postreq7 = \"Content-Type: application/x-www-form-urlencoded\" ascii wide\r\n$postreq8 = \"Content-Length: %d\" ascii wide\r\n$postreq9 = \"Connection: keep-alive\" ascii wide\r\n$postreq10 = \"Upgrade-Insecure-Requests: 1\" ascii wide\r\n$cnc1 = \"index.ackques.com\" ascii wide\r\n$cnc2 = \"www.hktechy.com\" ascii wide\r\n $cnc3 = \"striker.internetdocss.com\" ascii wide\r\n$service1 = \"Windows Internet Help\" ascii wide\r\n$service2 = \"Client.dll\" ascii wide\r\n$service3 = \"ServiceMain\" ascii wide\r\ncondition:\r\nuint16(0)==0x5A4D\r\nand\r\nfilesize < 500KB\r\nand\r\n(\r\n(pe.imphash() == \"bc902a5e56cbbaa82f4af26cf9f4567e\"\r\nor pe.imphash() == \"af5487e77c16d987ca02d59bdcf38489\"\r\nor pe.imphash() == \"6e109cbbd181ad567b90463d48302c72\"\r\nor pe.imphash() == \"df09df6d5ae774f280c43e3cc0e4a142\"\r\n)\r\nor\r\n(\r\nall of ($postreq*)\r\nor\r\nany of ($cnc*)\r\nor\r\nall of ($service*)\r\n)\r\n)\r\n}"
} ,
{
"category" : "Payload delivery" ,
"comment" : "2018 Campaign" ,
"deleted" : false ,
"disable_correlation" : false ,
"timestamp" : "1533640730" ,
"to_ids" : false ,
"type" : "yara" ,
"uuid" : "5b69801a-f90c-4c6e-952e-41fb950d210f" ,
"value" : "import \"pe\"\r\nrule apt_ZZ_RedAlpha_Dropper\r\n{\r\n meta:\r\n author = \"JAG-S, Insikt Group, Recorded Future\"\r\n tlp = \"White\"\r\n md5 = \"e6c0ac26b473d1e0fa9f74fdf1d01af8\"\r\n md5 = \"e28db08b2326a34958f00d68dfb034b0\"\r\n md5 = \"c94a39d58450b81087b4f1f5fd304add\"\r\n md5 = \"3a2b1a98c0a31ed32759f48df34b4bc8\"\r\n desc = \"RedAlpha Dropper\"\r\n version = \"1.0\"\r\n strings:\r\n $cnc = \"http://doc.internetdocss.com/index?\"\r\n condition:\r\n uint16(0) == 0x5A4D\r\n and filesize < 500KB\r\n and\r\n (pe.imphash() == \"17030637d18335c7267d09ec0ebc637c\" or pe.imphash() ==\r\n\"617fd4619e215a00dae98de5980a4210\")\r\n and\r\n all of them\r\n}\r\nrule apt_ZZ_RedAlpha_njRat\r\n{\r\n meta:\r\n author = \"JAG-S, Insikt Group, Recorded Future\"\r\n TLP = \"White\"\r\n md5 = \"c74608c70a59371cbf016316bebfab06\"\r\n date = \"04-14-2018\"\r\n desc = \"Second-stage njRAT, RedAlpha config\"\r\n version = \"1.1\"\r\n strings:\r\n $installName = \"serverdo.exe\" wide\r\n $port = \"9527\" wide\r\n $version = \"0.7d\" wide\r\n $c2 = \"doc.internetdocss.com\" wide\r\n condition:\r\n uint16(0) == 0x5A4D and filesize < 50KB\r\n and\r\n pe.imphash() == \"f34d5f2d4577ed6d9ceec516c1f5a744\"\r\n and\r\n all of them\r\n}"
}
] ,
"Object" : [
{
"comment" : "" ,
"deleted" : false ,
"description" : "Microblog post like a Twitter tweet or a post on a Facebook wall." ,
"meta-category" : "misc" ,
"name" : "microblog" ,
"template_uuid" : "8ec8c911-ddbe-4f5b-895b-fbff70c42a60" ,
"template_version" : "4" ,
"timestamp" : "1530102009" ,
"uuid" : "5b33808f-c060-4227-891c-2f80950d210f" ,
"Attribute" : [
{
"category" : "Other" ,
"comment" : "" ,
"deleted" : false ,
"disable_correlation" : false ,
"object_relation" : "post" ,
"timestamp" : "1530101903" ,
"to_ids" : false ,
"type" : "text" ,
"uuid" : "5b33808f-96b0-4315-aceb-2f80950d210f" ,
"value" : "Based on links to #malware used by Chinese APTs, our research team makes assessments about who exactly is behind the newly discovered RedAlpha campaigns: (link: http://bit.ly/2KaCeS0) bit.ly/2KaCeS0 #Analysis"
} ,
{
"category" : "Other" ,
"comment" : "" ,
"deleted" : false ,
"disable_correlation" : true ,
"object_relation" : "type" ,
"timestamp" : "1530101904" ,
"to_ids" : false ,
"type" : "text" ,
"uuid" : "5b338090-97ac-4266-af6a-2f80950d210f" ,
"value" : "Twitter"
} ,
{
"category" : "Network activity" ,
"comment" : "" ,
"deleted" : false ,
"disable_correlation" : false ,
"object_relation" : "url" ,
"timestamp" : "1530101904" ,
"to_ids" : true ,
2023-04-21 13:25:09 +00:00
"type" : "url" ,
2023-12-14 14:30:15 +00:00
"uuid" : "5b338090-7bc0-4dc3-8e93-2f80950d210f" ,
"value" : "https://mobile.twitter.com/RecordedFuture/status/1011675584198529024"
} ,
{
"category" : "External analysis" ,
"comment" : "" ,
"deleted" : false ,
"disable_correlation" : false ,
"object_relation" : "link" ,
"timestamp" : "1530102008" ,
"to_ids" : true ,
"type" : "link" ,
"uuid" : "5b338092-51b8-45b2-b1f6-2f80950d210f" ,
"value" : "https://t.co/D1MIxdpuBK?amp=1"
} ,
{
"category" : "Payload delivery" ,
"comment" : "" ,
"deleted" : false ,
"disable_correlation" : false ,
"object_relation" : "link" ,
"timestamp" : "1530101906" ,
"to_ids" : true ,
2023-06-14 17:31:25 +00:00
"type" : "url" ,
2023-12-14 14:30:15 +00:00
"uuid" : "5b338092-8fdc-46a8-91f2-2f80950d210f" ,
"value" : "https://www.recordedfuture.com/redalpha-cyber-campaigns/"
} ,
{
"category" : "Other" ,
"comment" : "" ,
"deleted" : false ,
"disable_correlation" : false ,
"object_relation" : "creation-date" ,
"timestamp" : "1530101907" ,
"to_ids" : false ,
"type" : "datetime" ,
"uuid" : "5b338093-a724-4628-9d75-2f80950d210f" ,
"value" : "2018-06-26T20:20:00"
} ,
{
"category" : "Other" ,
"comment" : "" ,
"deleted" : false ,
"disable_correlation" : false ,
"object_relation" : "username" ,
"timestamp" : "1530101907" ,
"to_ids" : false ,
"type" : "text" ,
"uuid" : "5b338093-7b6c-4274-9555-2f80950d210f" ,
"value" : "@RecordedFuture"
}
]
} ,
{
"comment" : "PE32 executable (GUI) Intel 80386, for MS Windows\r\n2017 Audio dropper. Also observed being\r\ndeployed from Japanese IP\r\n220.218.70.160" ,
"deleted" : false ,
"description" : "File object describing a file with meta-information" ,
"meta-category" : "file" ,
"name" : "file" ,
"template_uuid" : "688c46fb-5edb-40a3-8273-1af7923e2215" ,
"template_version" : "11" ,
"timestamp" : "1534250191" ,
"uuid" : "5b605571-86c8-4306-806d-495f950d210f" ,
"ObjectReference" : [
{
"comment" : "" ,
"object_uuid" : "5b605571-86c8-4306-806d-495f950d210f" ,
"referenced_uuid" : "af9cbff4-9e65-4a79-a1ec-e88133cdfb98" ,
2023-04-21 13:25:09 +00:00
"relationship_type" : "analysed-with" ,
2023-12-14 14:30:15 +00:00
"timestamp" : "1533049058" ,
"uuid" : "5b6078e2-0014-4cb1-83d2-493902de0b81"
} ,
{
"comment" : "" ,
"object_uuid" : "5b605571-86c8-4306-806d-495f950d210f" ,
"referenced_uuid" : "ab089f9c-349f-46f0-a2b2-ecfb3da24370" ,
2023-04-21 13:25:09 +00:00
"relationship_type" : "analysed-with" ,
2023-12-14 14:30:15 +00:00
"timestamp" : "1533204209" ,
"uuid" : "5b62d6f1-66c4-467c-95aa-487c02de0b81"
} ,
{
"comment" : "" ,
"object_uuid" : "5b605571-86c8-4306-806d-495f950d210f" ,
"referenced_uuid" : "5b605736-14d8-416e-beb0-4c30950d210f" ,
2023-04-21 13:25:09 +00:00
"relationship_type" : "derived-from" ,
2023-12-14 14:30:15 +00:00
"timestamp" : "1533645737" ,
"uuid" : "5b6993a9-c62c-4484-8001-4b8d950d210f"
} ,
{
"comment" : "" ,
"object_uuid" : "5b605571-86c8-4306-806d-495f950d210f" ,
"referenced_uuid" : "6c1f2aee-af3d-4af0-a272-8aef0d5da562" ,
2023-04-21 13:25:09 +00:00
"relationship_type" : "analysed-with" ,
2023-12-14 14:30:15 +00:00
"timestamp" : "1534250212" ,
"uuid" : "5b72cce4-e9b8-48de-813d-408502de0b81"
}
] ,
"Attribute" : [
{
"category" : "Payload delivery" ,
"comment" : "" ,
"deleted" : false ,
"disable_correlation" : false ,
"object_relation" : "md5" ,
"timestamp" : "1533645473" ,
"to_ids" : true ,
"type" : "md5" ,
"uuid" : "5b605572-fbc4-4af1-891d-4f58950d210f" ,
"value" : "cb71f3b4f08eba58857532ac90bac77d"
} ,
{
"category" : "Payload delivery" ,
"comment" : "" ,
"deleted" : false ,
"disable_correlation" : false ,
"object_relation" : "sha1" ,
"timestamp" : "1533645473" ,
"to_ids" : true ,
"type" : "sha1" ,
"uuid" : "5b605572-d850-488f-985d-470e950d210f" ,
"value" : "3142029872c39f393e765d59d68cf4f912170629"
} ,
{
"category" : "Payload delivery" ,
"comment" : "" ,
"deleted" : false ,
"disable_correlation" : false ,
"object_relation" : "sha256" ,
"timestamp" : "1533645473" ,
"to_ids" : true ,
"type" : "sha256" ,
"uuid" : "5b605572-e970-4baa-8fc9-4d8c950d210f" ,
"value" : "e94284e487e59b53efab9d4584fca766883b916118c9a8ff59514087555e9a8e"
} ,
{
"category" : "Payload delivery" ,
"comment" : "" ,
"deleted" : false ,
"disable_correlation" : true ,
"object_relation" : "filename" ,
"timestamp" : "1533645473" ,
"to_ids" : true ,
"type" : "filename" ,
"uuid" : "5b605573-c15c-4c0c-bd97-4284950d210f" ,
"value" : "wordx86.exe\u00e2\u20ac\u009d"
} ,
{
"category" : "Payload delivery" ,
"comment" : "" ,
"deleted" : false ,
"disable_correlation" : true ,
"object_relation" : "filename" ,
"timestamp" : "1533645473" ,
"to_ids" : true ,
"type" : "filename" ,
"uuid" : "5b605573-3af8-4092-94ee-4b03950d210f" ,
"value" : "audiox86.exe\u00e2\u20ac\u009d"
} ,
{
"category" : "Other" ,
"comment" : "" ,
"deleted" : false ,
"disable_correlation" : true ,
"object_relation" : "state" ,
"timestamp" : "1533645473" ,
"to_ids" : false ,
"type" : "text" ,
"uuid" : "5b605573-31fc-4351-9b7b-4195950d210f" ,
"value" : "Malicious"
} ,
{
"category" : "Other" ,
"comment" : "" ,
"deleted" : false ,
"disable_correlation" : true ,
"object_relation" : "size-in-bytes" ,
"timestamp" : "1533645473" ,
"to_ids" : false ,
"type" : "size-in-bytes" ,
"uuid" : "5b605573-d884-4dc2-b007-49e3950d210f" ,
"value" : "93000"
}
]
} ,
{
"comment" : "" ,
"deleted" : false ,
"description" : "Object describing a Portable Executable" ,
"meta-category" : "file" ,
"name" : "pe" ,
"template_uuid" : "cf7adecc-d4f0-4e88-9d90-f978ee151a07" ,
"template_version" : "3" ,
"timestamp" : "1533040438" ,
"uuid" : "5b605736-14d8-416e-beb0-4c30950d210f" ,
"Attribute" : [
{
"category" : "Other" ,
"comment" : "" ,
"deleted" : false ,
"disable_correlation" : true ,
"object_relation" : "type" ,
"timestamp" : "1533040438" ,
"to_ids" : false ,
"type" : "text" ,
"uuid" : "5b605736-ce18-443d-9209-4e0d950d210f" ,
"value" : "exe"
} ,
{
"category" : "Payload delivery" ,
"comment" : "" ,
"deleted" : false ,
"disable_correlation" : true ,
"object_relation" : "original-filename" ,
"timestamp" : "1533040438" ,
"to_ids" : true ,
"type" : "filename" ,
"uuid" : "5b605736-7e14-456f-b433-4492950d210f" ,
"value" : "wordx86.exe"
} ,
{
"category" : "Other" ,
"comment" : "" ,
"deleted" : false ,
"disable_correlation" : false ,
"object_relation" : "compilation-timestamp" ,
"timestamp" : "1533040438" ,
"to_ids" : false ,
"type" : "datetime" ,
"uuid" : "5b605736-30c0-4b61-8103-43da950d210f" ,
"value" : "2017-06-11T06:40:50"
} ,
{
"category" : "Payload delivery" ,
"comment" : "" ,
"deleted" : false ,
"disable_correlation" : false ,
"object_relation" : "imphash" ,
"timestamp" : "1533040439" ,
"to_ids" : true ,
"type" : "imphash" ,
"uuid" : "5b605737-1098-4659-ba09-4f52950d210f" ,
"value" : "3697a1f9150de181026ce089c10657c3"
}
]
} ,
{
"comment" : "" ,
"deleted" : false ,
"description" : "Object describing a Portable Executable" ,
"meta-category" : "file" ,
"name" : "pe" ,
"template_uuid" : "cf7adecc-d4f0-4e88-9d90-f978ee151a07" ,
"template_version" : "3" ,
"timestamp" : "1533041410" ,
"uuid" : "5b605b02-8624-40ab-99a1-4f5c950d210f" ,
"Attribute" : [
{
"category" : "Other" ,
"comment" : "" ,
"deleted" : false ,
"disable_correlation" : true ,
"object_relation" : "type" ,
"timestamp" : "1533041411" ,
"to_ids" : false ,
"type" : "text" ,
"uuid" : "5b605b03-1884-4d72-a42b-4ea6950d210f" ,
"value" : "exe"
} ,
{
"category" : "Payload delivery" ,
"comment" : "" ,
"deleted" : false ,
"disable_correlation" : true ,
"object_relation" : "original-filename" ,
"timestamp" : "1533041411" ,
"to_ids" : true ,
"type" : "filename" ,
"uuid" : "5b605b03-3adc-45d6-9bf7-4290950d210f" ,
"value" : "audiox86.exe"
} ,
{
"category" : "Other" ,
"comment" : "" ,
"deleted" : false ,
"disable_correlation" : false ,
"object_relation" : "compilation-timestamp" ,
"timestamp" : "1533041411" ,
"to_ids" : false ,
"type" : "datetime" ,
"uuid" : "5b605b03-a6e4-4fcf-bde3-449f950d210f" ,
"value" : "2017-06-11T06:40:50"
}
]
} ,
{
"comment" : "PE32+ executable (GUI) x86-64, for MS Windows" ,
"deleted" : false ,
"description" : "File object describing a file with meta-information" ,
"meta-category" : "file" ,
"name" : "file" ,
"template_uuid" : "688c46fb-5edb-40a3-8273-1af7923e2215" ,
"template_version" : "11" ,
"timestamp" : "1533204188" ,
"uuid" : "5b6063f0-5f28-4309-9719-4bf1950d210f" ,
"ObjectReference" : [
{
"comment" : "" ,
"object_uuid" : "5b6063f0-5f28-4309-9719-4bf1950d210f" ,
"referenced_uuid" : "c0793ff5-50a6-4817-8df9-8c28ab90f3d1" ,
2023-04-21 13:25:09 +00:00
"relationship_type" : "analysed-with" ,
2023-12-14 14:30:15 +00:00
"timestamp" : "1533204209" ,
"uuid" : "5b62d6f1-b158-4fd0-87ab-4c6602de0b81"
}
] ,
"Attribute" : [
{
"category" : "Payload delivery" ,
"comment" : "" ,
"deleted" : false ,
"disable_correlation" : false ,
"object_relation" : "md5" ,
"timestamp" : "1533043697" ,
"to_ids" : true ,
"type" : "md5" ,
"uuid" : "5b6063f1-ab8c-4a6a-bcd0-47ef950d210f" ,
"value" : "1412102eda0c2e5a5a85cb193dbb1524"
} ,
{
"category" : "Payload delivery" ,
"comment" : "" ,
"deleted" : false ,
"disable_correlation" : true ,
"object_relation" : "filename" ,
"timestamp" : "1533043697" ,
"to_ids" : true ,
"type" : "filename" ,
"uuid" : "5b6063f1-1e7c-42e9-9c54-4481950d210f" ,
"value" : "wordx64.exe"
} ,
{
"category" : "Payload delivery" ,
"comment" : "" ,
"deleted" : false ,
"disable_correlation" : true ,
"object_relation" : "filename" ,
"timestamp" : "1533043697" ,
"to_ids" : true ,
"type" : "filename" ,
"uuid" : "5b6063f1-ee2c-4ecd-8323-4f41950d210f" ,
"value" : "audiox64.dll"
} ,
{
"category" : "Other" ,
"comment" : "" ,
"deleted" : false ,
"disable_correlation" : true ,
"object_relation" : "state" ,
"timestamp" : "1533043697" ,
"to_ids" : false ,
"type" : "text" ,
"uuid" : "5b6063f1-8430-4484-aa75-4f24950d210f" ,
"value" : "Malicious"
}
]
} ,
{
"comment" : "" ,
"deleted" : false ,
"description" : "File object describing a file with meta-information" ,
"meta-category" : "file" ,
"name" : "file" ,
"template_uuid" : "688c46fb-5edb-40a3-8273-1af7923e2215" ,
"template_version" : "11" ,
"timestamp" : "1533049058" ,
"uuid" : "951dbf05-efee-46a0-b2aa-89e5c6d0c898" ,
"ObjectReference" : [
{
"comment" : "" ,
"object_uuid" : "951dbf05-efee-46a0-b2aa-89e5c6d0c898" ,
"referenced_uuid" : "4d6cc362-fb2b-4576-919d-8d66294873be" ,
2023-04-21 13:25:09 +00:00
"relationship_type" : "analysed-with" ,
2023-12-14 14:30:15 +00:00
"timestamp" : "1533049059" ,
"uuid" : "5b6078e3-6ddc-429f-8e73-4c9f02de0b81"
}
] ,
"Attribute" : [
{
"category" : "Payload delivery" ,
"comment" : "" ,
"deleted" : false ,
"disable_correlation" : false ,
"object_relation" : "md5" ,
"timestamp" : "1533049055" ,
"to_ids" : true ,
"type" : "md5" ,
"uuid" : "863fb0fe-83c5-44ff-b7fb-a4b81791ce32" ,
"value" : "1412102eda0c2e5a5a85cb193dbb1524"
} ,
{
"category" : "Payload delivery" ,
"comment" : "" ,
"deleted" : false ,
"disable_correlation" : false ,
"object_relation" : "sha1" ,
"timestamp" : "1533049055" ,
"to_ids" : true ,
"type" : "sha1" ,
"uuid" : "b0899bd5-2cf9-460c-8248-0cfb64b9ea8f" ,
"value" : "f243d9d60dbae71ef36c0200372835f5093e954c"
} ,
{
"category" : "Payload delivery" ,
"comment" : "" ,
"deleted" : false ,
"disable_correlation" : false ,
"object_relation" : "sha256" ,
"timestamp" : "1533049056" ,
"to_ids" : true ,
"type" : "sha256" ,
"uuid" : "1b204906-63d8-4660-b0ca-a59b33bb14fd" ,
"value" : "da25eb5db338f6ac42e0e48065c41fded56e14c6271d6cb5f6ae5fc23d5c38a8"
}
]
} ,
{
"comment" : "" ,
"deleted" : false ,
"description" : "VirusTotal report" ,
"meta-category" : "misc" ,
"name" : "virustotal-report" ,
"template_uuid" : "d7dd0154-e04f-4c34-a2fb-79f3a3a52aa4" ,
"template_version" : "2" ,
"timestamp" : "1533049056" ,
"uuid" : "4d6cc362-fb2b-4576-919d-8d66294873be" ,
"Attribute" : [
{
"category" : "Other" ,
"comment" : "" ,
"deleted" : false ,
"disable_correlation" : false ,
"object_relation" : "last-submission" ,
"timestamp" : "1533049056" ,
"to_ids" : false ,
"type" : "datetime" ,
"uuid" : "cdc06ac9-6db1-4e66-afc7-5f284c4b0d71" ,
"value" : "2018-07-05T10:54:21"
} ,
{
"category" : "External analysis" ,
"comment" : "" ,
"deleted" : false ,
"disable_correlation" : false ,
"object_relation" : "permalink" ,
"timestamp" : "1533049057" ,
"to_ids" : false ,
"type" : "link" ,
"uuid" : "f625803b-9836-40a9-8fc4-badb7641d32a" ,
"value" : "https://www.virustotal.com/file/da25eb5db338f6ac42e0e48065c41fded56e14c6271d6cb5f6ae5fc23d5c38a8/analysis/1530788061/"
} ,
{
"category" : "Other" ,
"comment" : "" ,
"deleted" : false ,
"disable_correlation" : true ,
"object_relation" : "detection-ratio" ,
"timestamp" : "1533049057" ,
"to_ids" : false ,
"type" : "text" ,
"uuid" : "39deaf89-4d50-41f0-94a8-231614288d89" ,
"value" : "51/67"
}
]
} ,
{
"comment" : "" ,
"deleted" : false ,
"description" : "VirusTotal report" ,
"meta-category" : "misc" ,
"name" : "virustotal-report" ,
"template_uuid" : "d7dd0154-e04f-4c34-a2fb-79f3a3a52aa4" ,
"template_version" : "2" ,
"timestamp" : "1533049057" ,
"uuid" : "af9cbff4-9e65-4a79-a1ec-e88133cdfb98" ,
"Attribute" : [
{
"category" : "Other" ,
"comment" : "" ,
"deleted" : false ,
"disable_correlation" : false ,
"object_relation" : "last-submission" ,
"timestamp" : "1533049058" ,
"to_ids" : false ,
"type" : "datetime" ,
"uuid" : "c07ff68e-441d-4c99-95ef-3442a02573da" ,
"value" : "2018-07-05T10:55:00"
} ,
{
"category" : "External analysis" ,
"comment" : "" ,
"deleted" : false ,
"disable_correlation" : false ,
"object_relation" : "permalink" ,
"timestamp" : "1533049058" ,
"to_ids" : false ,
"type" : "link" ,
"uuid" : "fb7703c7-c989-4040-9e80-20cbefe11bad" ,
"value" : "https://www.virustotal.com/file/e94284e487e59b53efab9d4584fca766883b916118c9a8ff59514087555e9a8e/analysis/1530788100/"
} ,
{
"category" : "Other" ,
"comment" : "" ,
"deleted" : false ,
"disable_correlation" : true ,
"object_relation" : "detection-ratio" ,
"timestamp" : "1533049058" ,
"to_ids" : false ,
"type" : "text" ,
"uuid" : "cbecb56f-21ab-4fa0-8932-db8eeee8f165" ,
"value" : "48/67"
}
]
} ,
{
"comment" : "NetHelp Infostealer" ,
"deleted" : false ,
"description" : "File object describing a file with meta-information" ,
"meta-category" : "file" ,
"name" : "file" ,
"template_uuid" : "688c46fb-5edb-40a3-8273-1af7923e2215" ,
"template_version" : "11" ,
"timestamp" : "1534250191" ,
"uuid" : "5b61631b-a13c-4dc0-b949-4342950d210f" ,
"ObjectReference" : [
{
"comment" : "" ,
"object_uuid" : "5b61631b-a13c-4dc0-b949-4342950d210f" ,
"referenced_uuid" : "2e9f7a81-d071-4fa8-bb22-eae520f03d51" ,
2023-04-21 13:25:09 +00:00
"relationship_type" : "analysed-with" ,
2023-12-14 14:30:15 +00:00
"timestamp" : "1533204209" ,
"uuid" : "5b62d6f1-ea7c-4cb5-8578-468102de0b81"
} ,
{
"comment" : "" ,
"object_uuid" : "5b61631b-a13c-4dc0-b949-4342950d210f" ,
"referenced_uuid" : "3ed9a824-86f6-44c8-addb-00ba19e4b915" ,
2023-04-21 13:25:09 +00:00
"relationship_type" : "analysed-with" ,
2023-12-14 14:30:15 +00:00
"timestamp" : "1534250212" ,
"uuid" : "5b72cce4-0c18-4e63-ba8b-4d6402de0b81"
}
] ,
"Attribute" : [
{
"category" : "Payload delivery" ,
"comment" : "" ,
"deleted" : false ,
"disable_correlation" : false ,
"object_relation" : "md5" ,
"timestamp" : "1533109019" ,
"to_ids" : true ,
"type" : "md5" ,
"uuid" : "5b61631b-1264-44d0-82a7-41c0950d210f" ,
"value" : "42256b4753724f7feb411bc9912155fd"
} ,
{
"category" : "Payload delivery" ,
"comment" : "" ,
"deleted" : false ,
"disable_correlation" : false ,
"object_relation" : "sha1" ,
"timestamp" : "1533109020" ,
"to_ids" : true ,
"type" : "sha1" ,
"uuid" : "5b61631c-cf48-4726-8c53-4915950d210f" ,
"value" : "7e7d38b1687c5949528d35d8e405d995ac15d1b2"
} ,
{
"category" : "Payload delivery" ,
"comment" : "" ,
"deleted" : false ,
"disable_correlation" : false ,
"object_relation" : "sha256" ,
"timestamp" : "1533109020" ,
"to_ids" : true ,
"type" : "sha256" ,
"uuid" : "5b61631c-4344-4e42-b8a3-4746950d210f" ,
"value" : "293d5d84b2d4c4398e9e420c16c04dddf62132cd59cf7519109c6718c288adf3"
} ,
{
"category" : "Payload delivery" ,
"comment" : "" ,
"deleted" : false ,
"disable_correlation" : true ,
"object_relation" : "filename" ,
"timestamp" : "1533109020" ,
"to_ids" : true ,
"type" : "filename" ,
"uuid" : "5b61631c-c9a8-4e48-a219-40f9950d210f" ,
"value" : "nethelpx86.dll"
} ,
{
"category" : "Payload delivery" ,
"comment" : "" ,
"deleted" : false ,
"disable_correlation" : true ,
"object_relation" : "filename" ,
"timestamp" : "1533109021" ,
"to_ids" : true ,
"type" : "filename" ,
"uuid" : "5b61631d-2bc8-4881-afbf-45bf950d210f" ,
"value" : "nethelp.dll"
} ,
{
"category" : "Payload delivery" ,
"comment" : "" ,
"deleted" : false ,
"disable_correlation" : true ,
"object_relation" : "filename" ,
"timestamp" : "1533109021" ,
"to_ids" : true ,
"type" : "filename" ,
"uuid" : "5b61631d-0254-48cb-a845-4b67950d210f" ,
"value" : "audiox86.exe"
} ,
{
"category" : "Other" ,
"comment" : "" ,
"deleted" : false ,
"disable_correlation" : true ,
"object_relation" : "state" ,
"timestamp" : "1533109021" ,
"to_ids" : false ,
"type" : "text" ,
"uuid" : "5b61631d-9e18-493a-8c92-4443950d210f" ,
"value" : "Malicious"
} ,
{
"category" : "Other" ,
"comment" : "" ,
"deleted" : false ,
"disable_correlation" : true ,
"object_relation" : "size-in-bytes" ,
"timestamp" : "1533109021" ,
"to_ids" : false ,
"type" : "size-in-bytes" ,
"uuid" : "5b61631d-1344-49d7-9955-413d950d210f" ,
"value" : "198000"
}
]
} ,
{
"comment" : "PE32 executable (DLL) (console) Intel 80386, for MS Windows" ,
"deleted" : false ,
"description" : "Object describing a Portable Executable" ,
"meta-category" : "file" ,
"name" : "pe" ,
"template_uuid" : "cf7adecc-d4f0-4e88-9d90-f978ee151a07" ,
"template_version" : "3" ,
"timestamp" : "1533116691" ,
"uuid" : "5b6165b7-2d18-4189-bffe-4096950d210f" ,
"Attribute" : [
{
"category" : "Other" ,
"comment" : "" ,
"deleted" : false ,
"disable_correlation" : true ,
"object_relation" : "type" ,
"timestamp" : "1533116691" ,
"to_ids" : false ,
"type" : "text" ,
"uuid" : "5b6165b7-33c4-4e29-b628-4ba7950d210f" ,
"value" : "dll"
} ,
{
"category" : "Payload delivery" ,
"comment" : "" ,
"deleted" : false ,
"disable_correlation" : true ,
"object_relation" : "original-filename" ,
"timestamp" : "1533116691" ,
"to_ids" : true ,
"type" : "filename" ,
"uuid" : "5b6165b7-8058-4284-9a8b-4dea950d210f" ,
"value" : "nethelpx86.dll"
} ,
{
"category" : "Payload delivery" ,
"comment" : "" ,
"deleted" : false ,
"disable_correlation" : false ,
"object_relation" : "imphash" ,
"timestamp" : "1533116691" ,
"to_ids" : true ,
"type" : "imphash" ,
"uuid" : "5b6165b7-3780-4a96-bc8b-4f06950d210f" ,
"value" : "bc902a5e56cbbaa82f4af26cf9f4567e"
} ,
{
"category" : "Payload delivery" ,
"comment" : "" ,
"deleted" : false ,
"disable_correlation" : true ,
"object_relation" : "internal-filename" ,
"timestamp" : "1533116691" ,
"to_ids" : true ,
"type" : "filename" ,
"uuid" : "5b61665f-6c4c-4e0d-9a33-4005950d210f" ,
"value" : "Client.dll"
} ,
{
"category" : "Other" ,
"comment" : "" ,
"deleted" : false ,
"disable_correlation" : false ,
"object_relation" : "compilation-timestamp" ,
"timestamp" : "1533116692" ,
"to_ids" : false ,
"type" : "datetime" ,
"uuid" : "5b618114-5810-43c8-aa5f-45de950d210f" ,
"value" : "2017-06-11T03:18:30"
}
]
} ,
{
"comment" : "" ,
"deleted" : false ,
"description" : "Object describing a Portable Executable" ,
"meta-category" : "file" ,
"name" : "pe" ,
"template_uuid" : "cf7adecc-d4f0-4e88-9d90-f978ee151a07" ,
"template_version" : "3" ,
"timestamp" : "1533117140" ,
"uuid" : "5b6182d4-67b8-4785-ba0e-4d23950d210f" ,
"Attribute" : [
{
"category" : "Other" ,
"comment" : "" ,
"deleted" : false ,
"disable_correlation" : true ,
"object_relation" : "type" ,
"timestamp" : "1533117140" ,
"to_ids" : false ,
"type" : "text" ,
"uuid" : "5b6182d4-4a58-43ff-9ddf-451d950d210f" ,
"value" : "dll"
} ,
{
"category" : "Payload delivery" ,
"comment" : "" ,
"deleted" : false ,
"disable_correlation" : true ,
"object_relation" : "original-filename" ,
"timestamp" : "1533117140" ,
"to_ids" : true ,
"type" : "filename" ,
"uuid" : "5b6182d4-7f90-4446-ae50-4f49950d210f" ,
"value" : "nethelp.dll"
} ,
{
"category" : "Other" ,
"comment" : "" ,
"deleted" : false ,
"disable_correlation" : false ,
"object_relation" : "compilation-timestamp" ,
"timestamp" : "1533117140" ,
"to_ids" : false ,
"type" : "datetime" ,
"uuid" : "5b6182d4-0804-463b-ac5b-4eb4950d210f" ,
"value" : "2017-06-11T03:18:30"
} ,
{
"category" : "Payload delivery" ,
"comment" : "" ,
"deleted" : false ,
"disable_correlation" : true ,
"object_relation" : "internal-filename" ,
"timestamp" : "1533117141" ,
"to_ids" : true ,
"type" : "filename" ,
"uuid" : "5b6182d5-2268-4f31-aee4-413e950d210f" ,
"value" : "Client.dll"
} ,
{
"category" : "Payload delivery" ,
"comment" : "" ,
"deleted" : false ,
"disable_correlation" : false ,
"object_relation" : "imphash" ,
"timestamp" : "1533117141" ,
"to_ids" : true ,
"type" : "imphash" ,
"uuid" : "5b6182d5-4cd0-4dce-a3b0-47e0950d210f" ,
"value" : "bc902a5e56cbbaa82f4af26cf9f4567e"
}
]
} ,
{
"comment" : "" ,
"deleted" : false ,
"description" : "Object describing a Portable Executable" ,
"meta-category" : "file" ,
"name" : "pe" ,
"template_uuid" : "cf7adecc-d4f0-4e88-9d90-f978ee151a07" ,
"template_version" : "3" ,
"timestamp" : "1533118742" ,
"uuid" : "5b618916-06bc-4a4b-971e-49dc950d210f" ,
"Attribute" : [
{
"category" : "Other" ,
"comment" : "" ,
"deleted" : false ,
"disable_correlation" : true ,
"object_relation" : "type" ,
"timestamp" : "1533118743" ,
"to_ids" : false ,
"type" : "text" ,
"uuid" : "5b618917-5e2c-446a-b223-43b1950d210f" ,
"value" : "exe"
} ,
{
"category" : "Payload delivery" ,
"comment" : "" ,
"deleted" : false ,
"disable_correlation" : true ,
"object_relation" : "original-filename" ,
"timestamp" : "1533118743" ,
"to_ids" : true ,
"type" : "filename" ,
"uuid" : "5b618917-38d4-4689-8596-4da4950d210f" ,
"value" : "audiox86.exe"
} ,
{
"category" : "Other" ,
"comment" : "" ,
"deleted" : false ,
"disable_correlation" : false ,
"object_relation" : "compilation-timestamp" ,
"timestamp" : "1533118743" ,
"to_ids" : false ,
"type" : "datetime" ,
"uuid" : "5b618917-b9d8-4b3b-ba68-4be3950d210f" ,
"value" : "2017-06-11T03:18:30"
} ,
{
"category" : "Payload delivery" ,
"comment" : "" ,
"deleted" : false ,
"disable_correlation" : true ,
"object_relation" : "internal-filename" ,
"timestamp" : "1533118743" ,
"to_ids" : true ,
"type" : "filename" ,
"uuid" : "5b618917-b2dc-4b13-b319-4867950d210f" ,
"value" : "Client.dll"
} ,
{
"category" : "Payload delivery" ,
"comment" : "" ,
"deleted" : false ,
"disable_correlation" : false ,
"object_relation" : "imphash" ,
"timestamp" : "1533118743" ,
"to_ids" : true ,
"type" : "imphash" ,
"uuid" : "5b618917-b3c4-4cac-bf8d-4403950d210f" ,
"value" : "bc902a5e56cbbaa82f4af26cf9f4567e"
}
]
} ,
{
"comment" : "" ,
"deleted" : false ,
"description" : "An IP address (or domain or hostname) and a port seen as a tuple (or as a triple) in a specific time frame." ,
"meta-category" : "network" ,
"name" : "ip-port" ,
"template_uuid" : "9f8cea74-16fe-4968-a2b4-026676949ac6" ,
"template_version" : "7" ,
"timestamp" : "1533120021" ,
"uuid" : "5b618e15-2084-466a-8f5c-44df950d210f" ,
"Attribute" : [
{
"category" : "Network activity" ,
"comment" : "" ,
"deleted" : false ,
"disable_correlation" : false ,
"object_relation" : "domain" ,
"timestamp" : "1533120021" ,
"to_ids" : true ,
"type" : "domain" ,
"uuid" : "5b618e15-949c-4933-98e7-43c4950d210f" ,
"value" : "www.hktechy.com"
} ,
{
"category" : "Network activity" ,
"comment" : "" ,
"deleted" : false ,
"disable_correlation" : true ,
"object_relation" : "dst-port" ,
"timestamp" : "1533120022" ,
"to_ids" : false ,
"type" : "port" ,
"uuid" : "5b618e16-5098-453a-ab75-4c9f950d210f" ,
"value" : "80"
}
]
} ,
{
"comment" : "PE32 executable (GUI) Intel 80386, for MS Windows" ,
"deleted" : false ,
"description" : "File object describing a file with meta-information" ,
"meta-category" : "file" ,
"name" : "file" ,
"template_uuid" : "688c46fb-5edb-40a3-8273-1af7923e2215" ,
"template_version" : "11" ,
"timestamp" : "1533123302" ,
"uuid" : "5b619ae6-dff0-4f29-bc32-471a950d210f" ,
"Attribute" : [
{
"category" : "Payload delivery" ,
"comment" : "" ,
"deleted" : false ,
"disable_correlation" : false ,
"object_relation" : "md5" ,
"timestamp" : "1533123303" ,
"to_ids" : true ,
"type" : "md5" ,
"uuid" : "5b619ae7-c104-4be9-a206-46e4950d210f" ,
"value" : "6d1d6987d0677f40e473befab121ab1b"
} ,
{
"category" : "Payload delivery" ,
"comment" : "" ,
"deleted" : false ,
"disable_correlation" : true ,
"object_relation" : "filename" ,
"timestamp" : "1533123303" ,
"to_ids" : true ,
"type" : "filename" ,
"uuid" : "5b619ae7-a50c-4a08-ad8d-400c950d210f" ,
"value" : "audiox86"
} ,
{
"category" : "Other" ,
"comment" : "" ,
"deleted" : false ,
"disable_correlation" : true ,
"object_relation" : "state" ,
"timestamp" : "1533123303" ,
"to_ids" : false ,
"type" : "text" ,
"uuid" : "5b619ae7-7c6c-4c6c-b36a-483a950d210f" ,
"value" : "Malicious"
}
]
} ,
{
"comment" : "PE32+ executable (DLL) (GUI) x86-64, for MS Windows" ,
"deleted" : false ,
"description" : "File object describing a file with meta-information" ,
"meta-category" : "file" ,
"name" : "file" ,
"template_uuid" : "688c46fb-5edb-40a3-8273-1af7923e2215" ,
"template_version" : "11" ,
"timestamp" : "1534250191" ,
"uuid" : "5b619c3f-9644-4d94-a4ac-4d40950d210f" ,
"ObjectReference" : [
{
"comment" : "" ,
"object_uuid" : "5b619c3f-9644-4d94-a4ac-4d40950d210f" ,
"referenced_uuid" : "280dd6e1-9ba8-47a3-9b6d-0249ed9e5c63" ,
2023-04-21 13:25:09 +00:00
"relationship_type" : "analysed-with" ,
2023-12-14 14:30:15 +00:00
"timestamp" : "1534250212" ,
"uuid" : "5b72cce4-66a8-47be-8af8-4bc702de0b81"
}
] ,
"Attribute" : [
{
"category" : "Payload delivery" ,
"comment" : "" ,
"deleted" : false ,
"disable_correlation" : false ,
"object_relation" : "md5" ,
"timestamp" : "1533123647" ,
"to_ids" : true ,
"type" : "md5" ,
"uuid" : "5b619c3f-226c-4016-8e2c-4a5e950d210f" ,
"value" : "8f0fe2620f8dadf93eee285834e35655"
} ,
{
"category" : "Payload delivery" ,
"comment" : "" ,
"deleted" : false ,
"disable_correlation" : true ,
"object_relation" : "filename" ,
"timestamp" : "1533123648" ,
"to_ids" : true ,
"type" : "filename" ,
"uuid" : "5b619c40-9f88-4daa-9dd3-4be8950d210f" ,
"value" : "nethelp%20x64.dll"
} ,
{
"category" : "Other" ,
"comment" : "" ,
"deleted" : false ,
"disable_correlation" : true ,
"object_relation" : "state" ,
"timestamp" : "1533123648" ,
"to_ids" : false ,
"type" : "text" ,
"uuid" : "5b619c40-8334-4dc8-bbba-4231950d210f" ,
"value" : "Malicious"
}
]
} ,
{
"comment" : "PE32+ executable (GUI) x86-64, for MS Windows" ,
"deleted" : false ,
"description" : "File object describing a file with meta-information" ,
"meta-category" : "file" ,
"name" : "file" ,
"template_uuid" : "688c46fb-5edb-40a3-8273-1af7923e2215" ,
"template_version" : "11" ,
"timestamp" : "1534250191" ,
"uuid" : "5b619eb3-4dac-4efa-b562-43ab950d210f" ,
"ObjectReference" : [
{
"comment" : "" ,
"object_uuid" : "5b619eb3-4dac-4efa-b562-43ab950d210f" ,
"referenced_uuid" : "8f903648-f534-497c-8096-7eba34dfcdd4" ,
2023-04-21 13:25:09 +00:00
"relationship_type" : "analysed-with" ,
2023-12-14 14:30:15 +00:00
"timestamp" : "1534250213" ,
"uuid" : "5b72cce5-e658-4ded-87da-47de02de0b81"
}
] ,
"Attribute" : [
{
"category" : "Payload delivery" ,
"comment" : "" ,
"deleted" : false ,
"disable_correlation" : false ,
"object_relation" : "md5" ,
"timestamp" : "1533124275" ,
"to_ids" : true ,
"type" : "md5" ,
"uuid" : "5b619eb3-9c80-489e-bb4b-43df950d210f" ,
"value" : "cd32ce54ed94dfbde7fb85930a16597d"
} ,
{
"category" : "Payload delivery" ,
"comment" : "" ,
"deleted" : false ,
"disable_correlation" : true ,
"object_relation" : "filename" ,
"timestamp" : "1533124276" ,
"to_ids" : true ,
"type" : "filename" ,
"uuid" : "5b619eb4-228c-4c31-beaa-435b950d210f" ,
"value" : "audio%20x64.exe"
} ,
{
"category" : "Other" ,
"comment" : "" ,
"deleted" : false ,
"disable_correlation" : true ,
"object_relation" : "state" ,
"timestamp" : "1533124276" ,
"to_ids" : false ,
"type" : "text" ,
"uuid" : "5b619eb4-1e20-47fd-bc66-414f950d210f" ,
"value" : "Malicious"
}
]
} ,
{
"comment" : "PE32+ executable (DLL) (console) x86-64, for MS Windows" ,
"deleted" : false ,
"description" : "File object describing a file with meta-information" ,
"meta-category" : "file" ,
"name" : "file" ,
"template_uuid" : "688c46fb-5edb-40a3-8273-1af7923e2215" ,
"template_version" : "11" ,
"timestamp" : "1534250191" ,
"uuid" : "5b61a1be-f9ec-428a-aede-468e950d210f" ,
"ObjectReference" : [
{
"comment" : "" ,
"object_uuid" : "5b61a1be-f9ec-428a-aede-468e950d210f" ,
"referenced_uuid" : "90f35bd9-30a9-467b-9f6e-7ed7648b7119" ,
2023-04-21 13:25:09 +00:00
"relationship_type" : "analysed-with" ,
2023-12-14 14:30:15 +00:00
"timestamp" : "1533204210" ,
"uuid" : "5b62d6f2-6f3c-4f1e-a554-4c0702de0b81"
} ,
{
"comment" : "" ,
"object_uuid" : "5b61a1be-f9ec-428a-aede-468e950d210f" ,
"referenced_uuid" : "b5a9119a-4fae-4d63-8679-c0fcbe967f1c" ,
2023-04-21 13:25:09 +00:00
"relationship_type" : "analysed-with" ,
2023-12-14 14:30:15 +00:00
"timestamp" : "1534250213" ,
"uuid" : "5b72cce5-9338-4927-b222-402102de0b81"
}
] ,
"Attribute" : [
{
"category" : "Payload delivery" ,
"comment" : "" ,
"deleted" : false ,
"disable_correlation" : false ,
"object_relation" : "md5" ,
"timestamp" : "1533125123" ,
"to_ids" : true ,
"type" : "md5" ,
"uuid" : "5b61a1be-7f80-4030-aba7-4429950d210f" ,
"value" : "6dd1be1e491d5bf9cd14686c185c3009"
} ,
{
"category" : "Payload delivery" ,
"comment" : "" ,
"deleted" : false ,
"disable_correlation" : false ,
"object_relation" : "sha1" ,
"timestamp" : "1533125123" ,
"to_ids" : true ,
"type" : "sha1" ,
"uuid" : "5b61a1bf-84ec-4d3d-9b55-4d1b950d210f" ,
"value" : "1e9a0a147198b8dfb4a33fc5bb1406635bfbe514"
} ,
{
"category" : "Payload delivery" ,
"comment" : "" ,
"deleted" : false ,
"disable_correlation" : false ,
"object_relation" : "sha256" ,
"timestamp" : "1533125123" ,
"to_ids" : true ,
"type" : "sha256" ,
"uuid" : "5b61a1bf-3a3c-4ca5-aeb1-4b4b950d210f" ,
"value" : "d0d02f811f7c07301e91536f2e1d908c1e67e68d89afbd2bc5bfa2cc747e67ec"
} ,
{
"category" : "Other" ,
"comment" : "" ,
"deleted" : false ,
"disable_correlation" : true ,
"object_relation" : "state" ,
"timestamp" : "1533125123" ,
"to_ids" : false ,
"type" : "text" ,
"uuid" : "5b61a1c0-604c-4a6f-86c0-409b950d210f" ,
"value" : "Malicious"
} ,
{
"category" : "Other" ,
"comment" : "" ,
"deleted" : false ,
"disable_correlation" : true ,
"object_relation" : "size-in-bytes" ,
"timestamp" : "1533125123" ,
"to_ids" : false ,
"type" : "size-in-bytes" ,
"uuid" : "5b61a1c0-2918-4b36-bf45-42bd950d210f" ,
"value" : "254000"
} ,
{
"category" : "Payload delivery" ,
"comment" : "" ,
"deleted" : false ,
"disable_correlation" : true ,
"object_relation" : "filename" ,
"timestamp" : "1533125125" ,
"to_ids" : true ,
"type" : "filename" ,
"uuid" : "5b61a205-2da0-4066-b25e-4ebe950d210f" ,
"value" : "nethelp.dll"
}
]
} ,
{
"comment" : "PE32+ executable (DLL) (console) x86-64, for MS Windows" ,
"deleted" : false ,
"description" : "Object describing a Portable Executable" ,
"meta-category" : "file" ,
"name" : "pe" ,
"template_uuid" : "cf7adecc-d4f0-4e88-9d90-f978ee151a07" ,
"template_version" : "3" ,
"timestamp" : "1533125922" ,
"uuid" : "5b61a522-1fe8-431f-8471-4467950d210f" ,
"Attribute" : [
{
"category" : "Other" ,
"comment" : "" ,
"deleted" : false ,
"disable_correlation" : true ,
"object_relation" : "type" ,
"timestamp" : "1533125923" ,
"to_ids" : false ,
"type" : "text" ,
"uuid" : "5b61a523-bee0-4d8b-947b-4c46950d210f" ,
"value" : "exe"
} ,
{
"category" : "Payload delivery" ,
"comment" : "" ,
"deleted" : false ,
"disable_correlation" : true ,
"object_relation" : "original-filename" ,
"timestamp" : "1533125923" ,
"to_ids" : true ,
"type" : "filename" ,
"uuid" : "5b61a523-29b0-4e75-9c35-4167950d210f" ,
"value" : "nethelp.dll"
} ,
{
"category" : "Other" ,
"comment" : "" ,
"deleted" : false ,
"disable_correlation" : false ,
"object_relation" : "compilation-timestamp" ,
"timestamp" : "1533125923" ,
"to_ids" : false ,
"type" : "datetime" ,
"uuid" : "5b61a523-2030-4428-b82a-470e950d210f" ,
"value" : "2017-07-06T02:14:08"
} ,
{
"category" : "Payload delivery" ,
"comment" : "" ,
"deleted" : false ,
"disable_correlation" : true ,
"object_relation" : "internal-filename" ,
"timestamp" : "1533125923" ,
"to_ids" : true ,
"type" : "filename" ,
"uuid" : "5b61a523-bfb8-410d-a3fa-4fec950d210f" ,
"value" : "Client.dll"
} ,
{
"category" : "Payload delivery" ,
"comment" : "" ,
"deleted" : false ,
"disable_correlation" : false ,
"object_relation" : "imphash" ,
"timestamp" : "1533125923" ,
"to_ids" : true ,
"type" : "imphash" ,
"uuid" : "5b61a523-7278-4a45-a316-415e950d210f" ,
"value" : "9098d75f516f191276ef1836aecc30d4"
}
]
} ,
{
"comment" : "" ,
"deleted" : false ,
"description" : "File object describing a file with meta-information" ,
"meta-category" : "file" ,
"name" : "file" ,
"template_uuid" : "688c46fb-5edb-40a3-8273-1af7923e2215" ,
"template_version" : "11" ,
"timestamp" : "1534250191" ,
"uuid" : "5b61b7e1-e898-4c28-af5b-4a86950d210f" ,
"ObjectReference" : [
{
"comment" : "" ,
"object_uuid" : "5b61b7e1-e898-4c28-af5b-4a86950d210f" ,
"referenced_uuid" : "db693d26-2826-4534-9718-84cf465571bc" ,
2023-04-21 13:25:09 +00:00
"relationship_type" : "analysed-with" ,
2023-12-14 14:30:15 +00:00
"timestamp" : "1533204210" ,
"uuid" : "5b62d6f2-06e4-40dd-a7cf-4e2302de0b81"
} ,
{
"comment" : "" ,
"object_uuid" : "5b61b7e1-e898-4c28-af5b-4a86950d210f" ,
"referenced_uuid" : "bf7d4471-6524-4cdd-821d-63b550a8d3c7" ,
2023-04-21 13:25:09 +00:00
"relationship_type" : "analysed-with" ,
2023-12-14 14:30:15 +00:00
"timestamp" : "1534250213" ,
"uuid" : "5b72cce5-1000-4522-ba77-42dc02de0b81"
}
] ,
"Attribute" : [
{
"category" : "Payload delivery" ,
"comment" : "" ,
"deleted" : false ,
"disable_correlation" : false ,
"object_relation" : "md5" ,
"timestamp" : "1533130722" ,
"to_ids" : true ,
"type" : "md5" ,
"uuid" : "5b61b7e2-9550-4d7a-9fbf-4c40950d210f" ,
"value" : "5228914b534a437eb7985702e78772be"
} ,
{
"category" : "Payload delivery" ,
"comment" : "" ,
"deleted" : false ,
"disable_correlation" : false ,
"object_relation" : "sha1" ,
"timestamp" : "1533130722" ,
"to_ids" : true ,
"type" : "sha1" ,
"uuid" : "5b61b7e2-0ed0-4e25-84f5-4a0b950d210f" ,
"value" : "83d7ceb2e55ae3d6bbf0936376e82fe5bc97a963"
} ,
{
"category" : "Payload delivery" ,
"comment" : "" ,
"deleted" : false ,
"disable_correlation" : false ,
"object_relation" : "sha256" ,
"timestamp" : "1533130723" ,
"to_ids" : true ,
"type" : "sha256" ,
"uuid" : "5b61b7e3-ef90-44b4-8955-470b950d210f" ,
"value" : "02bf5fdb11eee6ede01cc061206fe98f60a6b5c90ffead31e8f0a87ccfa414ef"
} ,
{
"category" : "Other" ,
"comment" : "" ,
"deleted" : false ,
"disable_correlation" : true ,
"object_relation" : "state" ,
"timestamp" : "1533130723" ,
"to_ids" : false ,
"type" : "text" ,
"uuid" : "5b61b7e3-22bc-4342-97f7-4088950d210f" ,
"value" : "Malicious"
} ,
{
"category" : "Other" ,
"comment" : "" ,
"deleted" : false ,
"disable_correlation" : true ,
"object_relation" : "size-in-bytes" ,
"timestamp" : "1533130723" ,
"to_ids" : false ,
"type" : "size-in-bytes" ,
"uuid" : "5b61b7e3-37d0-4cc6-b937-41b7950d210f" ,
"value" : "798000"
}
]
} ,
{
"comment" : "" ,
"deleted" : false ,
"description" : "File object describing a file with meta-information" ,
"meta-category" : "file" ,
"name" : "file" ,
"template_uuid" : "688c46fb-5edb-40a3-8273-1af7923e2215" ,
"template_version" : "11" ,
"timestamp" : "1534250192" ,
"uuid" : "5b61b964-b078-4a41-9a1e-48e3950d210f" ,
"ObjectReference" : [
{
"comment" : "" ,
"object_uuid" : "5b61b964-b078-4a41-9a1e-48e3950d210f" ,
"referenced_uuid" : "7e3abe32-cfe8-485f-a22b-7e2989d16ffa" ,
2023-04-21 13:25:09 +00:00
"relationship_type" : "analysed-with" ,
2023-12-14 14:30:15 +00:00
"timestamp" : "1534250213" ,
"uuid" : "5b72cce5-e340-4fca-9713-435902de0b81"
}
] ,
"Attribute" : [
{
"category" : "Payload delivery" ,
"comment" : "" ,
"deleted" : false ,
"disable_correlation" : false ,
"object_relation" : "md5" ,
"timestamp" : "1533131108" ,
"to_ids" : true ,
"type" : "md5" ,
"uuid" : "5b61b964-41d4-4e50-9a28-4416950d210f" ,
"value" : "e6c0ac26b473d1e0fa9f74fdf1d01af8"
} ,
{
"category" : "Other" ,
"comment" : "" ,
"deleted" : false ,
"disable_correlation" : true ,
"object_relation" : "state" ,
"timestamp" : "1533131109" ,
"to_ids" : false ,
"type" : "text" ,
"uuid" : "5b61b965-abe4-4a38-9d0a-4bfd950d210f" ,
"value" : "Malicious"
}
]
} ,
{
"comment" : "" ,
"deleted" : false ,
"description" : "File object describing a file with meta-information" ,
"meta-category" : "file" ,
"name" : "file" ,
"template_uuid" : "688c46fb-5edb-40a3-8273-1af7923e2215" ,
"template_version" : "11" ,
"timestamp" : "1534250192" ,
"uuid" : "5b61b972-4cb4-4556-8dc2-4bf3950d210f" ,
"ObjectReference" : [
{
"comment" : "" ,
"object_uuid" : "5b61b972-4cb4-4556-8dc2-4bf3950d210f" ,
"referenced_uuid" : "bc18676c-a419-4493-882b-dbffc94fae97" ,
2023-04-21 13:25:09 +00:00
"relationship_type" : "analysed-with" ,
2023-12-14 14:30:15 +00:00
"timestamp" : "1533204210" ,
"uuid" : "5b62d6f2-dca4-4fee-8c9f-41be02de0b81"
} ,
{
"comment" : "" ,
"object_uuid" : "5b61b972-4cb4-4556-8dc2-4bf3950d210f" ,
"referenced_uuid" : "4c58e35e-3b4a-4afb-9a3d-19b650bc2f6e" ,
2023-04-21 13:25:09 +00:00
"relationship_type" : "analysed-with" ,
2023-12-14 14:30:15 +00:00
"timestamp" : "1534250213" ,
"uuid" : "5b72cce5-9888-4736-8617-4f0e02de0b81"
}
] ,
"Attribute" : [
{
"category" : "Payload delivery" ,
"comment" : "" ,
"deleted" : false ,
"disable_correlation" : true ,
"object_relation" : "filename" ,
"timestamp" : "1533131728" ,
"to_ids" : true ,
"type" : "filename" ,
"uuid" : "5b61b972-077c-4aec-8f74-4199950d210f" ,
"value" : "winlogon.exe"
} ,
{
"category" : "Other" ,
"comment" : "" ,
"deleted" : false ,
"disable_correlation" : true ,
"object_relation" : "state" ,
"timestamp" : "1533131728" ,
"to_ids" : false ,
"type" : "text" ,
"uuid" : "5b61b972-dc64-4a2e-84cf-4d78950d210f" ,
"value" : "Malicious"
} ,
{
"category" : "Payload delivery" ,
"comment" : "" ,
"deleted" : false ,
"disable_correlation" : false ,
"object_relation" : "md5" ,
"timestamp" : "1533131728" ,
"to_ids" : true ,
"type" : "md5" ,
"uuid" : "5b61bbd0-038c-445b-afe4-4c6e950d210f" ,
"value" : "e28db08b2326a34958f00d68dfb034b0"
} ,
{
"category" : "Payload delivery" ,
"comment" : "" ,
"deleted" : false ,
"disable_correlation" : false ,
"object_relation" : "sha1" ,
"timestamp" : "1533131729" ,
"to_ids" : true ,
"type" : "sha1" ,
"uuid" : "5b61bbd1-d20c-46af-9a64-4091950d210f" ,
"value" : "28bc84813b9dec660fe95d590ef33e574fe16254"
} ,
{
"category" : "Payload delivery" ,
"comment" : "" ,
"deleted" : false ,
"disable_correlation" : false ,
"object_relation" : "sha256" ,
"timestamp" : "1533131729" ,
"to_ids" : true ,
"type" : "sha256" ,
"uuid" : "5b61bbd1-aee8-447b-84e6-40f0950d210f" ,
"value" : "50a28a8ebc68b6c608a073278fbb4255912bf41fd0970192d439097af4670f81"
} ,
{
"category" : "Other" ,
"comment" : "" ,
"deleted" : false ,
"disable_correlation" : true ,
"object_relation" : "size-in-bytes" ,
"timestamp" : "1533131730" ,
"to_ids" : false ,
"type" : "size-in-bytes" ,
"uuid" : "5b61bbd2-4ca4-4ef7-a644-474e950d210f" ,
"value" : "274000"
}
]
} ,
{
"comment" : "PE32 executable (GUI) Intel 80386, for MS Windows" ,
"deleted" : false ,
"description" : "Object describing a Portable Executable" ,
"meta-category" : "file" ,
"name" : "pe" ,
"template_uuid" : "cf7adecc-d4f0-4e88-9d90-f978ee151a07" ,
"template_version" : "3" ,
"timestamp" : "1533131814" ,
"uuid" : "5b61bc26-8bb0-4860-8e09-4e88950d210f" ,
"Attribute" : [
{
"category" : "Other" ,
"comment" : "" ,
"deleted" : false ,
"disable_correlation" : true ,
"object_relation" : "type" ,
"timestamp" : "1533131814" ,
"to_ids" : false ,
"type" : "text" ,
"uuid" : "5b61bc26-100c-40c4-aa30-4c7a950d210f" ,
"value" : "exe"
} ,
{
"category" : "Payload delivery" ,
"comment" : "" ,
"deleted" : false ,
"disable_correlation" : true ,
"object_relation" : "original-filename" ,
"timestamp" : "1533131814" ,
"to_ids" : true ,
"type" : "filename" ,
"uuid" : "5b61bc26-ec30-4437-9966-426f950d210f" ,
"value" : "winlogon.exe"
} ,
{
"category" : "Other" ,
"comment" : "" ,
"deleted" : false ,
"disable_correlation" : false ,
"object_relation" : "compilation-timestamp" ,
"timestamp" : "1533131814" ,
"to_ids" : false ,
"type" : "datetime" ,
"uuid" : "5b61bc26-c360-46aa-acc8-460f950d210f" ,
"value" : "2018-01-07T23:13:23"
} ,
{
"category" : "Payload delivery" ,
"comment" : "" ,
"deleted" : false ,
"disable_correlation" : false ,
"object_relation" : "imphash" ,
"timestamp" : "1533131814" ,
"to_ids" : true ,
"type" : "imphash" ,
"uuid" : "5b61bc26-b3a8-40c7-a3e3-47af950d210f" ,
"value" : "17030637d18335c7267d09ec0ebc637c"
}
]
} ,
{
"comment" : "PE32 executable (GUI) Intel 80386, for MS Windows" ,
"deleted" : false ,
"description" : "File object describing a file with meta-information" ,
"meta-category" : "file" ,
"name" : "file" ,
"template_uuid" : "688c46fb-5edb-40a3-8273-1af7923e2215" ,
"template_version" : "11" ,
"timestamp" : "1534250192" ,
"uuid" : "5b62c621-9d58-40e1-9105-4272950d210f" ,
"ObjectReference" : [
{
"comment" : "" ,
"object_uuid" : "5b62c621-9d58-40e1-9105-4272950d210f" ,
"referenced_uuid" : "5c696617-e214-4531-a91a-45aee2b893ed" ,
2023-04-21 13:25:09 +00:00
"relationship_type" : "analysed-with" ,
2023-12-14 14:30:15 +00:00
"timestamp" : "1534250213" ,
"uuid" : "5b72cce5-6f94-4533-bc08-46c502de0b81"
}
] ,
"Attribute" : [
{
"category" : "Payload delivery" ,
"comment" : "" ,
"deleted" : false ,
"disable_correlation" : false ,
"object_relation" : "md5" ,
"timestamp" : "1533199905" ,
"to_ids" : true ,
"type" : "md5" ,
"uuid" : "5b62c621-5480-4c32-aafa-4a40950d210f" ,
"value" : "c94a39d58450b81087b4f1f5fd304add"
} ,
{
"category" : "Other" ,
"comment" : "" ,
"deleted" : false ,
"disable_correlation" : true ,
"object_relation" : "state" ,
"timestamp" : "1533199905" ,
"to_ids" : false ,
"type" : "text" ,
"uuid" : "5b62c621-ba9c-4fdc-8953-48d4950d210f" ,
"value" : "Malicious"
}
]
} ,
{
"comment" : "PE32 executable (console) Intel 80386, for MS Windows" ,
"deleted" : false ,
"description" : "File object describing a file with meta-information" ,
"meta-category" : "file" ,
"name" : "file" ,
"template_uuid" : "688c46fb-5edb-40a3-8273-1af7923e2215" ,
"template_version" : "11" ,
"timestamp" : "1534250192" ,
"uuid" : "5b62c650-8358-49b9-9064-4ce8950d210f" ,
"ObjectReference" : [
{
"comment" : "" ,
"object_uuid" : "5b62c650-8358-49b9-9064-4ce8950d210f" ,
"referenced_uuid" : "e0407f5c-72da-4b58-8ae9-627189b8808d" ,
2023-04-21 13:25:09 +00:00
"relationship_type" : "analysed-with" ,
2023-12-14 14:30:15 +00:00
"timestamp" : "1534250213" ,
"uuid" : "5b72cce5-9c30-48fe-b6e0-4cac02de0b81"
}
] ,
"Attribute" : [
{
"category" : "Payload delivery" ,
"comment" : "" ,
"deleted" : false ,
"disable_correlation" : false ,
"object_relation" : "md5" ,
"timestamp" : "1533199953" ,
"to_ids" : true ,
"type" : "md5" ,
"uuid" : "5b62c651-ee90-417b-a7ac-4806950d210f" ,
"value" : "3a2b1a98c0a31ed32759f48df34b4bc8"
} ,
{
"category" : "Other" ,
"comment" : "" ,
"deleted" : false ,
"disable_correlation" : true ,
"object_relation" : "state" ,
"timestamp" : "1533199953" ,
"to_ids" : false ,
"type" : "text" ,
"uuid" : "5b62c651-b25c-44f8-a2ed-43ff950d210f" ,
"value" : "Malicious"
}
]
} ,
{
"comment" : "" ,
"deleted" : false ,
"description" : "File object describing a file with meta-information" ,
"meta-category" : "file" ,
"name" : "file" ,
"template_uuid" : "688c46fb-5edb-40a3-8273-1af7923e2215" ,
"template_version" : "11" ,
"timestamp" : "1533204188" ,
"uuid" : "5b62cb24-ebc0-4131-aa65-425b950d210f" ,
"ObjectReference" : [
{
"comment" : "" ,
"object_uuid" : "5b62cb24-ebc0-4131-aa65-425b950d210f" ,
"referenced_uuid" : "4c400be1-7bc4-4c3e-ad25-0c0056e9a6da" ,
2023-04-21 13:25:09 +00:00
"relationship_type" : "analysed-with" ,
2023-12-14 14:30:15 +00:00
"timestamp" : "1533204210" ,
"uuid" : "5b62d6f2-f2c4-45c5-b501-473602de0b81"
}
] ,
"Attribute" : [
{
"category" : "Payload delivery" ,
"comment" : "" ,
"deleted" : false ,
"disable_correlation" : false ,
"object_relation" : "md5" ,
"timestamp" : "1533201188" ,
"to_ids" : true ,
"type" : "md5" ,
"uuid" : "5b62cb24-fff8-4592-9893-40ee950d210f" ,
"value" : "c74608c70a59371cbf016316bebfab06"
} ,
{
"category" : "Payload delivery" ,
"comment" : "" ,
"deleted" : false ,
"disable_correlation" : false ,
"object_relation" : "sha1" ,
"timestamp" : "1533201188" ,
"to_ids" : true ,
"type" : "sha1" ,
"uuid" : "5b62cb24-7d64-46e8-adc6-4341950d210f" ,
"value" : "e781aa54be06e010f1096fcc39a95df144659bd3"
} ,
{
"category" : "Payload delivery" ,
"comment" : "" ,
"deleted" : false ,
"disable_correlation" : false ,
"object_relation" : "sha256" ,
"timestamp" : "1533201189" ,
"to_ids" : true ,
"type" : "sha256" ,
"uuid" : "5b62cb25-1d90-4052-a76f-4706950d210f" ,
"value" : "1967bd2047fd9dabe3d95bdaee7c8e7f8d5bd0e378968a634e157ec4d72db17c"
} ,
{
"category" : "Payload delivery" ,
"comment" : "" ,
"deleted" : false ,
"disable_correlation" : true ,
"object_relation" : "filename" ,
"timestamp" : "1533201189" ,
"to_ids" : true ,
"type" : "filename" ,
"uuid" : "5b62cb25-aeb0-4f7a-a631-4aec950d210f" ,
"value" : "serverdo.exe"
} ,
{
"category" : "Other" ,
"comment" : "" ,
"deleted" : false ,
"disable_correlation" : true ,
"object_relation" : "state" ,
"timestamp" : "1533201189" ,
"to_ids" : false ,
"type" : "text" ,
"uuid" : "5b62cb25-8aa0-4244-a48b-4a39950d210f" ,
"value" : "Malicious"
} ,
{
"category" : "Other" ,
"comment" : "" ,
"deleted" : false ,
"disable_correlation" : true ,
"object_relation" : "size-in-bytes" ,
"timestamp" : "1533201189" ,
"to_ids" : false ,
"type" : "size-in-bytes" ,
"uuid" : "5b62cb25-fb64-4395-927f-45fa950d210f" ,
"value" : "24000"
}
]
} ,
{
"comment" : "" ,
"deleted" : false ,
"description" : "Object describing a Portable Executable" ,
"meta-category" : "file" ,
"name" : "pe" ,
"template_uuid" : "cf7adecc-d4f0-4e88-9d90-f978ee151a07" ,
"template_version" : "3" ,
"timestamp" : "1533201221" ,
"uuid" : "5b62cb45-8260-4632-b14e-4a07950d210f" ,
"Attribute" : [
{
"category" : "Other" ,
"comment" : "" ,
"deleted" : false ,
"disable_correlation" : true ,
"object_relation" : "type" ,
"timestamp" : "1533201222" ,
"to_ids" : false ,
"type" : "text" ,
"uuid" : "5b62cb46-c864-48bd-8db2-4ccb950d210f" ,
"value" : "exe"
} ,
{
"category" : "Payload delivery" ,
"comment" : "" ,
"deleted" : false ,
"disable_correlation" : true ,
"object_relation" : "original-filename" ,
"timestamp" : "1533201222" ,
"to_ids" : true ,
"type" : "filename" ,
"uuid" : "5b62cb46-c1e0-4cc5-b880-47f1950d210f" ,
"value" : "serverdo.exe"
} ,
{
"category" : "Other" ,
"comment" : "" ,
"deleted" : false ,
"disable_correlation" : false ,
"object_relation" : "compilation-timestamp" ,
"timestamp" : "1533201222" ,
"to_ids" : false ,
"type" : "datetime" ,
"uuid" : "5b62cb46-5980-4418-af04-451f950d210f" ,
"value" : "2018-03-06T01:16:01"
} ,
{
"category" : "Payload delivery" ,
"comment" : "" ,
"deleted" : false ,
"disable_correlation" : false ,
"object_relation" : "imphash" ,
"timestamp" : "1533201222" ,
"to_ids" : true ,
"type" : "imphash" ,
"uuid" : "5b62cb46-28f4-4975-b707-4819950d210f" ,
"value" : "f34d5f2d4577ed6d9ceec516c1f5a744"
}
]
} ,
{
"comment" : "" ,
"deleted" : false ,
"description" : "File object describing a file with meta-information" ,
"meta-category" : "file" ,
"name" : "file" ,
"template_uuid" : "688c46fb-5edb-40a3-8273-1af7923e2215" ,
"template_version" : "11" ,
"timestamp" : "1533204188" ,
"uuid" : "b271dc1a-8e79-4c41-8fc0-9bbd1009a7e0" ,
"ObjectReference" : [
{
"comment" : "" ,
"object_uuid" : "b271dc1a-8e79-4c41-8fc0-9bbd1009a7e0" ,
"referenced_uuid" : "a51ea5b5-2181-4905-bda3-b2b1698c7c27" ,
2023-04-21 13:25:09 +00:00
"relationship_type" : "analysed-with" ,
2023-12-14 14:30:15 +00:00
"timestamp" : "1533204210" ,
"uuid" : "5b62d6f2-c670-4811-a679-439102de0b81"
}
] ,
"Attribute" : [
{
"category" : "Payload delivery" ,
"comment" : "" ,
"deleted" : false ,
"disable_correlation" : false ,
"object_relation" : "md5" ,
"timestamp" : "1533204185" ,
"to_ids" : true ,
"type" : "md5" ,
"uuid" : "35213e3c-d5a6-4793-b727-07b00eb0ef7b" ,
"value" : "cd32ce54ed94dfbde7fb85930a16597d"
} ,
{
"category" : "Payload delivery" ,
"comment" : "" ,
"deleted" : false ,
"disable_correlation" : false ,
"object_relation" : "sha1" ,
"timestamp" : "1533204186" ,
"to_ids" : true ,
"type" : "sha1" ,
"uuid" : "875ba602-45e6-4090-846c-459b586c387d" ,
"value" : "da9c4aad7e38b904106a059b9b6318746fa6175d"
} ,
{
"category" : "Payload delivery" ,
"comment" : "" ,
"deleted" : false ,
"disable_correlation" : false ,
"object_relation" : "sha256" ,
"timestamp" : "1533204186" ,
"to_ids" : true ,
"type" : "sha256" ,
"uuid" : "fd7f5120-d9a6-4382-9fd2-34ba9fe7fd74" ,
"value" : "b1fe92e04de787bf222847ed889695f26277789b05fa389406a6c380be5d8376"
}
]
} ,
{
"comment" : "" ,
"deleted" : false ,
"description" : "VirusTotal report" ,
"meta-category" : "misc" ,
"name" : "virustotal-report" ,
"template_uuid" : "d7dd0154-e04f-4c34-a2fb-79f3a3a52aa4" ,
"template_version" : "2" ,
"timestamp" : "1533204187" ,
"uuid" : "a51ea5b5-2181-4905-bda3-b2b1698c7c27" ,
"Attribute" : [
{
"category" : "Other" ,
"comment" : "" ,
"deleted" : false ,
"disable_correlation" : false ,
"object_relation" : "last-submission" ,
"timestamp" : "1533204187" ,
"to_ids" : false ,
"type" : "datetime" ,
"uuid" : "4b9cdbc3-8039-4f5f-a5d8-0c044c4db001" ,
"value" : "2018-07-05T10:54:06"
} ,
{
"category" : "External analysis" ,
"comment" : "" ,
"deleted" : false ,
"disable_correlation" : false ,
"object_relation" : "permalink" ,
"timestamp" : "1533204187" ,
"to_ids" : false ,
"type" : "link" ,
"uuid" : "01bc974e-812b-4c2a-aff4-6edd4e5fe0db" ,
"value" : "https://www.virustotal.com/file/b1fe92e04de787bf222847ed889695f26277789b05fa389406a6c380be5d8376/analysis/1530788046/"
} ,
{
"category" : "Other" ,
"comment" : "" ,
"deleted" : false ,
"disable_correlation" : true ,
"object_relation" : "detection-ratio" ,
"timestamp" : "1533204188" ,
"to_ids" : false ,
"type" : "text" ,
"uuid" : "c6aed43c-f6d9-4dec-948e-0a007f83ae47" ,
"value" : "43/68"
}
]
} ,
{
"comment" : "" ,
"deleted" : false ,
"description" : "File object describing a file with meta-information" ,
"meta-category" : "file" ,
"name" : "file" ,
"template_uuid" : "688c46fb-5edb-40a3-8273-1af7923e2215" ,
"template_version" : "11" ,
"timestamp" : "1533204191" ,
"uuid" : "d2ec20b7-d689-47e6-9228-01a281f3ad02" ,
"ObjectReference" : [
{
"comment" : "" ,
"object_uuid" : "d2ec20b7-d689-47e6-9228-01a281f3ad02" ,
"referenced_uuid" : "100f1a8d-1bc3-4000-92fe-bce0b793b222" ,
2023-04-21 13:25:09 +00:00
"relationship_type" : "analysed-with" ,
2023-12-14 14:30:15 +00:00
"timestamp" : "1533204210" ,
"uuid" : "5b62d6f2-5924-4b65-bc0c-41e602de0b81"
}
] ,
"Attribute" : [
{
"category" : "Payload delivery" ,
"comment" : "" ,
"deleted" : false ,
"disable_correlation" : false ,
"object_relation" : "md5" ,
"timestamp" : "1533204188" ,
"to_ids" : true ,
"type" : "md5" ,
"uuid" : "c53edc75-0569-4261-8b4b-4cd91271a502" ,
"value" : "8f0fe2620f8dadf93eee285834e35655"
} ,
{
"category" : "Payload delivery" ,
"comment" : "" ,
"deleted" : false ,
"disable_correlation" : false ,
"object_relation" : "sha1" ,
"timestamp" : "1533204188" ,
"to_ids" : true ,
"type" : "sha1" ,
"uuid" : "21d4f1cf-a65c-4e7f-97e3-97d97d96885c" ,
"value" : "84b80f942683d1b29180861664ec31d56321b975"
} ,
{
"category" : "Payload delivery" ,
"comment" : "" ,
"deleted" : false ,
"disable_correlation" : false ,
"object_relation" : "sha256" ,
"timestamp" : "1533204189" ,
"to_ids" : true ,
"type" : "sha256" ,
"uuid" : "8f974d54-0da9-4e33-b1cc-6b52c637ff9e" ,
"value" : "25445c91f232b6c3ca3ec30fa1ef2f168ddff276ce3f15f9d8eb4f8b1d19a0ca"
}
]
} ,
{
"comment" : "" ,
"deleted" : false ,
"description" : "VirusTotal report" ,
"meta-category" : "misc" ,
"name" : "virustotal-report" ,
"template_uuid" : "d7dd0154-e04f-4c34-a2fb-79f3a3a52aa4" ,
"template_version" : "2" ,
"timestamp" : "1533204190" ,
"uuid" : "100f1a8d-1bc3-4000-92fe-bce0b793b222" ,
"Attribute" : [
{
"category" : "Other" ,
"comment" : "" ,
"deleted" : false ,
"disable_correlation" : false ,
"object_relation" : "last-submission" ,
"timestamp" : "1533204190" ,
"to_ids" : false ,
"type" : "datetime" ,
"uuid" : "03525361-029b-45e1-901d-d638b67da8d0" ,
"value" : "2018-07-05T10:54:46"
} ,
{
"category" : "External analysis" ,
"comment" : "" ,
"deleted" : false ,
"disable_correlation" : false ,
"object_relation" : "permalink" ,
"timestamp" : "1533204190" ,
"to_ids" : false ,
"type" : "link" ,
"uuid" : "c20c3051-7431-47f5-8e07-9f8cb38f4503" ,
"value" : "https://www.virustotal.com/file/25445c91f232b6c3ca3ec30fa1ef2f168ddff276ce3f15f9d8eb4f8b1d19a0ca/analysis/1530788086/"
} ,
{
"category" : "Other" ,
"comment" : "" ,
"deleted" : false ,
"disable_correlation" : true ,
"object_relation" : "detection-ratio" ,
"timestamp" : "1533204191" ,
"to_ids" : false ,
"type" : "text" ,
"uuid" : "c48f0741-4780-4a4a-9228-e16aa95cdcb2" ,
"value" : "41/66"
}
]
} ,
{
"comment" : "" ,
"deleted" : false ,
"description" : "File object describing a file with meta-information" ,
"meta-category" : "file" ,
"name" : "file" ,
"template_uuid" : "688c46fb-5edb-40a3-8273-1af7923e2215" ,
"template_version" : "11" ,
"timestamp" : "1533204194" ,
"uuid" : "5510fbf8-41c8-4a11-bcf0-42aa4303742e" ,
"ObjectReference" : [
{
"comment" : "" ,
"object_uuid" : "5510fbf8-41c8-4a11-bcf0-42aa4303742e" ,
"referenced_uuid" : "578b25b7-97b8-4d39-8537-323e64ffc399" ,
2023-04-21 13:25:09 +00:00
"relationship_type" : "analysed-with" ,
2023-12-14 14:30:15 +00:00
"timestamp" : "1533204210" ,
"uuid" : "5b62d6f2-2ea8-4f03-9a6a-442e02de0b81"
}
] ,
"Attribute" : [
{
"category" : "Payload delivery" ,
"comment" : "" ,
"deleted" : false ,
"disable_correlation" : false ,
"object_relation" : "md5" ,
"timestamp" : "1533204191" ,
"to_ids" : true ,
"type" : "md5" ,
"uuid" : "8d570cf4-393f-4bd5-8b2a-f0f248c74e92" ,
"value" : "6d1d6987d0677f40e473befab121ab1b"
} ,
{
"category" : "Payload delivery" ,
"comment" : "" ,
"deleted" : false ,
"disable_correlation" : false ,
"object_relation" : "sha1" ,
"timestamp" : "1533204191" ,
"to_ids" : true ,
"type" : "sha1" ,
"uuid" : "53862950-0525-4e30-ae46-f11545c96d0f" ,
"value" : "ba977849cde0836a10da99cbb952f672b360a311"
} ,
{
"category" : "Payload delivery" ,
"comment" : "" ,
"deleted" : false ,
"disable_correlation" : false ,
"object_relation" : "sha256" ,
"timestamp" : "1533204192" ,
"to_ids" : true ,
"type" : "sha256" ,
"uuid" : "1bfa5ec2-1ca3-4b6f-a2a5-3c067a6fe718" ,
"value" : "e8b8e4d8694600116b0d7d6062d8f5b77f25e69e993f13be56399cadf175e512"
}
]
} ,
{
"comment" : "" ,
"deleted" : false ,
"description" : "VirusTotal report" ,
"meta-category" : "misc" ,
"name" : "virustotal-report" ,
"template_uuid" : "d7dd0154-e04f-4c34-a2fb-79f3a3a52aa4" ,
"template_version" : "2" ,
"timestamp" : "1533204192" ,
"uuid" : "578b25b7-97b8-4d39-8537-323e64ffc399" ,
"Attribute" : [
{
"category" : "Other" ,
"comment" : "" ,
"deleted" : false ,
"disable_correlation" : false ,
"object_relation" : "last-submission" ,
"timestamp" : "1533204192" ,
"to_ids" : false ,
"type" : "datetime" ,
"uuid" : "39d6d6c8-ce32-4e70-9f88-a969ff043882" ,
"value" : "2018-07-05T10:53:56"
} ,
{
"category" : "External analysis" ,
"comment" : "" ,
"deleted" : false ,
"disable_correlation" : false ,
"object_relation" : "permalink" ,
"timestamp" : "1533204193" ,
"to_ids" : false ,
"type" : "link" ,
"uuid" : "1b5c3a81-7820-4538-98eb-3e4805a6d9bb" ,
"value" : "https://www.virustotal.com/file/e8b8e4d8694600116b0d7d6062d8f5b77f25e69e993f13be56399cadf175e512/analysis/1530788036/"
} ,
{
"category" : "Other" ,
"comment" : "" ,
"deleted" : false ,
"disable_correlation" : true ,
"object_relation" : "detection-ratio" ,
"timestamp" : "1533204193" ,
"to_ids" : false ,
"type" : "text" ,
"uuid" : "684a278f-7203-49ac-981d-e5fe53e016d2" ,
"value" : "47/67"
}
]
} ,
{
"comment" : "" ,
"deleted" : false ,
"description" : "File object describing a file with meta-information" ,
"meta-category" : "file" ,
"name" : "file" ,
"template_uuid" : "688c46fb-5edb-40a3-8273-1af7923e2215" ,
"template_version" : "11" ,
"timestamp" : "1533204196" ,
"uuid" : "db3a215c-d9b8-4d91-952a-af20cfe86d4a" ,
"ObjectReference" : [
{
"comment" : "" ,
"object_uuid" : "db3a215c-d9b8-4d91-952a-af20cfe86d4a" ,
"referenced_uuid" : "bbd7ab64-ac5f-4bf7-ad0c-7345423bcfa6" ,
2023-04-21 13:25:09 +00:00
"relationship_type" : "analysed-with" ,
2023-12-14 14:30:15 +00:00
"timestamp" : "1533204210" ,
"uuid" : "5b62d6f2-305c-4f4c-9cfa-403502de0b81"
}
] ,
"Attribute" : [
{
"category" : "Payload delivery" ,
"comment" : "" ,
"deleted" : false ,
"disable_correlation" : false ,
"object_relation" : "md5" ,
"timestamp" : "1533204193" ,
"to_ids" : true ,
"type" : "md5" ,
"uuid" : "f78632b9-91eb-4e6e-8315-b631c723bbe7" ,
"value" : "3a2b1a98c0a31ed32759f48df34b4bc8"
} ,
{
"category" : "Payload delivery" ,
"comment" : "" ,
"deleted" : false ,
"disable_correlation" : false ,
"object_relation" : "sha1" ,
"timestamp" : "1533204194" ,
"to_ids" : true ,
"type" : "sha1" ,
"uuid" : "072de239-5631-4093-a8d8-97da1e456c7d" ,
"value" : "e86204a1c55448eb61c1d03895cf1aecf6c4ce07"
} ,
{
"category" : "Payload delivery" ,
"comment" : "" ,
"deleted" : false ,
"disable_correlation" : false ,
"object_relation" : "sha256" ,
"timestamp" : "1533204194" ,
"to_ids" : true ,
"type" : "sha256" ,
"uuid" : "03cfff83-937b-48d6-9552-66ca2c4e8da0" ,
"value" : "30e628bfbf80a8cb432b679fdeaccbe3c0ab7eaee8d0899fba7a16853abf35b9"
}
]
} ,
{
"comment" : "" ,
"deleted" : false ,
"description" : "VirusTotal report" ,
"meta-category" : "misc" ,
"name" : "virustotal-report" ,
"template_uuid" : "d7dd0154-e04f-4c34-a2fb-79f3a3a52aa4" ,
"template_version" : "2" ,
"timestamp" : "1533204195" ,
"uuid" : "bbd7ab64-ac5f-4bf7-ad0c-7345423bcfa6" ,
"Attribute" : [
{
"category" : "Other" ,
"comment" : "" ,
"deleted" : false ,
"disable_correlation" : false ,
"object_relation" : "last-submission" ,
"timestamp" : "1533204195" ,
"to_ids" : false ,
"type" : "datetime" ,
"uuid" : "1521fa81-70ac-4209-8ac0-020efaaf2b5c" ,
"value" : "2018-08-01T23:46:03"
} ,
{
"category" : "External analysis" ,
"comment" : "" ,
"deleted" : false ,
"disable_correlation" : false ,
"object_relation" : "permalink" ,
"timestamp" : "1533204195" ,
"to_ids" : false ,
"type" : "link" ,
"uuid" : "be25cd41-41af-469a-ab3a-72b7edd67d5e" ,
"value" : "https://www.virustotal.com/file/30e628bfbf80a8cb432b679fdeaccbe3c0ab7eaee8d0899fba7a16853abf35b9/analysis/1533167163/"
} ,
{
"category" : "Other" ,
"comment" : "" ,
"deleted" : false ,
"disable_correlation" : true ,
"object_relation" : "detection-ratio" ,
"timestamp" : "1533204196" ,
"to_ids" : false ,
"type" : "text" ,
"uuid" : "ee0ba7fa-de9b-4ed1-9dc1-4a7b1ade08f0" ,
"value" : "50/67"
}
]
} ,
{
"comment" : "" ,
"deleted" : false ,
"description" : "File object describing a file with meta-information" ,
"meta-category" : "file" ,
"name" : "file" ,
"template_uuid" : "688c46fb-5edb-40a3-8273-1af7923e2215" ,
"template_version" : "11" ,
"timestamp" : "1533204199" ,
"uuid" : "3ec440df-26e1-4883-94d8-cf5a44d48bbd" ,
"ObjectReference" : [
{
"comment" : "" ,
"object_uuid" : "3ec440df-26e1-4883-94d8-cf5a44d48bbd" ,
"referenced_uuid" : "c4f40e78-f5a3-449f-b8e0-bcb250e3da27" ,
2023-04-21 13:25:09 +00:00
"relationship_type" : "analysed-with" ,
2023-12-14 14:30:15 +00:00
"timestamp" : "1533204211" ,
"uuid" : "5b62d6f3-39c4-4150-8891-406602de0b81"
}
] ,
"Attribute" : [
{
"category" : "Payload delivery" ,
"comment" : "" ,
"deleted" : false ,
"disable_correlation" : false ,
"object_relation" : "md5" ,
"timestamp" : "1533204196" ,
"to_ids" : true ,
"type" : "md5" ,
"uuid" : "b35a31c5-1440-41eb-acdc-e5f7036a48f3" ,
"value" : "c94a39d58450b81087b4f1f5fd304add"
} ,
{
"category" : "Payload delivery" ,
"comment" : "" ,
"deleted" : false ,
"disable_correlation" : false ,
"object_relation" : "sha1" ,
"timestamp" : "1533204196" ,
"to_ids" : true ,
"type" : "sha1" ,
"uuid" : "2779ea11-3119-43d2-8e82-1ab6187c3522" ,
"value" : "e15ed8a83c9e1745497fbf33aa9af3b19b2ecbda"
} ,
{
"category" : "Payload delivery" ,
"comment" : "" ,
"deleted" : false ,
"disable_correlation" : false ,
"object_relation" : "sha256" ,
"timestamp" : "1533204197" ,
"to_ids" : true ,
"type" : "sha256" ,
"uuid" : "a5e615f2-5cc9-4517-b482-9658e8bc57c2" ,
"value" : "d4c94b5fed3293f9474de519b6ef232070b38a07e924d0dee13eac728fdac26d"
}
]
} ,
{
"comment" : "" ,
"deleted" : false ,
"description" : "VirusTotal report" ,
"meta-category" : "misc" ,
"name" : "virustotal-report" ,
"template_uuid" : "d7dd0154-e04f-4c34-a2fb-79f3a3a52aa4" ,
"template_version" : "2" ,
"timestamp" : "1533204197" ,
"uuid" : "c4f40e78-f5a3-449f-b8e0-bcb250e3da27" ,
"Attribute" : [
{
"category" : "Other" ,
"comment" : "" ,
"deleted" : false ,
"disable_correlation" : false ,
"object_relation" : "last-submission" ,
"timestamp" : "1533204197" ,
"to_ids" : false ,
"type" : "datetime" ,
"uuid" : "f949f8be-c2c5-4941-a83c-e59cfb47047a" ,
"value" : "2018-08-02T00:06:12"
} ,
{
"category" : "External analysis" ,
"comment" : "" ,
"deleted" : false ,
"disable_correlation" : false ,
"object_relation" : "permalink" ,
"timestamp" : "1533204198" ,
"to_ids" : false ,
"type" : "link" ,
"uuid" : "41e31e37-9f2e-4fe9-9753-79101bd04941" ,
"value" : "https://www.virustotal.com/file/d4c94b5fed3293f9474de519b6ef232070b38a07e924d0dee13eac728fdac26d/analysis/1533168372/"
} ,
{
"category" : "Other" ,
"comment" : "" ,
"deleted" : false ,
"disable_correlation" : true ,
"object_relation" : "detection-ratio" ,
"timestamp" : "1533204198" ,
"to_ids" : false ,
"type" : "text" ,
"uuid" : "9d3bc97d-e36a-4746-ac96-c0a60d5e503f" ,
"value" : "46/66"
}
]
} ,
{
"comment" : "" ,
"deleted" : false ,
"description" : "VirusTotal report" ,
"meta-category" : "misc" ,
"name" : "virustotal-report" ,
"template_uuid" : "d7dd0154-e04f-4c34-a2fb-79f3a3a52aa4" ,
"template_version" : "2" ,
"timestamp" : "1533204198" ,
"uuid" : "c0793ff5-50a6-4817-8df9-8c28ab90f3d1" ,
"Attribute" : [
{
"category" : "Other" ,
"comment" : "" ,
"deleted" : false ,
"disable_correlation" : false ,
"object_relation" : "last-submission" ,
"timestamp" : "1533204198" ,
"to_ids" : false ,
"type" : "datetime" ,
"uuid" : "7daa5c0a-a5aa-4e39-a7c2-9cb774d3f09a" ,
"value" : "2018-07-05T10:54:21"
} ,
{
"category" : "External analysis" ,
"comment" : "" ,
"deleted" : false ,
"disable_correlation" : false ,
"object_relation" : "permalink" ,
"timestamp" : "1533204199" ,
"to_ids" : false ,
"type" : "link" ,
"uuid" : "eb42bd66-492e-4c88-893a-09743596dbb6" ,
"value" : "https://www.virustotal.com/file/da25eb5db338f6ac42e0e48065c41fded56e14c6271d6cb5f6ae5fc23d5c38a8/analysis/1530788061/"
} ,
{
"category" : "Other" ,
"comment" : "" ,
"deleted" : false ,
"disable_correlation" : true ,
"object_relation" : "detection-ratio" ,
"timestamp" : "1533204199" ,
"to_ids" : false ,
"type" : "text" ,
"uuid" : "bf156d11-ec98-4904-9dbf-60d340f38d3c" ,
"value" : "51/67"
}
]
} ,
{
"comment" : "" ,
"deleted" : false ,
"description" : "File object describing a file with meta-information" ,
"meta-category" : "file" ,
"name" : "file" ,
"template_uuid" : "688c46fb-5edb-40a3-8273-1af7923e2215" ,
"template_version" : "11" ,
"timestamp" : "1533204202" ,
"uuid" : "03b1be01-e7f1-41d2-bbeb-8c965ddd63d5" ,
"ObjectReference" : [
{
"comment" : "" ,
"object_uuid" : "03b1be01-e7f1-41d2-bbeb-8c965ddd63d5" ,
"referenced_uuid" : "62a6d635-11fb-43df-b01e-c38b5a08489f" ,
2023-04-21 13:25:09 +00:00
"relationship_type" : "analysed-with" ,
2023-12-14 14:30:15 +00:00
"timestamp" : "1533204211" ,
"uuid" : "5b62d6f3-09c4-4d17-8f97-493b02de0b81"
}
] ,
"Attribute" : [
{
"category" : "Payload delivery" ,
"comment" : "" ,
"deleted" : false ,
"disable_correlation" : false ,
"object_relation" : "md5" ,
"timestamp" : "1533204200" ,
"to_ids" : true ,
"type" : "md5" ,
"uuid" : "cc15d9c5-d2a7-4dbb-b4f3-2f10ed04dc3b" ,
"value" : "e6c0ac26b473d1e0fa9f74fdf1d01af8"
} ,
{
"category" : "Payload delivery" ,
"comment" : "" ,
"deleted" : false ,
"disable_correlation" : false ,
"object_relation" : "sha1" ,
"timestamp" : "1533204200" ,
"to_ids" : true ,
"type" : "sha1" ,
"uuid" : "f35b9573-2e67-44fe-905f-bbd7f8a2971d" ,
"value" : "acf58d62cdee49cacd253bc759b043d883aad30a"
} ,
{
"category" : "Payload delivery" ,
"comment" : "" ,
"deleted" : false ,
"disable_correlation" : false ,
"object_relation" : "sha256" ,
"timestamp" : "1533204200" ,
"to_ids" : true ,
"type" : "sha256" ,
"uuid" : "46822baf-e078-4299-901c-2eed2dfa88a0" ,
"value" : "d5c38ea22a4caad56490c6fae7605117dcbea771caef55a4d8072640be1727c5"
}
]
} ,
{
"comment" : "" ,
"deleted" : false ,
"description" : "VirusTotal report" ,
"meta-category" : "misc" ,
"name" : "virustotal-report" ,
"template_uuid" : "d7dd0154-e04f-4c34-a2fb-79f3a3a52aa4" ,
"template_version" : "2" ,
"timestamp" : "1533204201" ,
"uuid" : "62a6d635-11fb-43df-b01e-c38b5a08489f" ,
"Attribute" : [
{
"category" : "Other" ,
"comment" : "" ,
"deleted" : false ,
"disable_correlation" : false ,
"object_relation" : "last-submission" ,
"timestamp" : "1533204201" ,
"to_ids" : false ,
"type" : "datetime" ,
"uuid" : "a38f4d5e-021b-42cc-90bc-bb3e8532c5cf" ,
"value" : "2018-07-31T23:56:41"
} ,
{
"category" : "External analysis" ,
"comment" : "" ,
"deleted" : false ,
"disable_correlation" : false ,
"object_relation" : "permalink" ,
"timestamp" : "1533204202" ,
"to_ids" : false ,
"type" : "link" ,
"uuid" : "867b2ea8-5a62-4fa1-a78c-749209dd6e40" ,
"value" : "https://www.virustotal.com/file/d5c38ea22a4caad56490c6fae7605117dcbea771caef55a4d8072640be1727c5/analysis/1533081401/"
} ,
{
"category" : "Other" ,
"comment" : "" ,
"deleted" : false ,
"disable_correlation" : true ,
"object_relation" : "detection-ratio" ,
"timestamp" : "1533204202" ,
"to_ids" : false ,
"type" : "text" ,
"uuid" : "730bccdd-09f3-49be-9abc-151632bee2ee" ,
"value" : "46/66"
}
]
} ,
{
"comment" : "" ,
"deleted" : false ,
"description" : "VirusTotal report" ,
"meta-category" : "misc" ,
"name" : "virustotal-report" ,
"template_uuid" : "d7dd0154-e04f-4c34-a2fb-79f3a3a52aa4" ,
"template_version" : "2" ,
"timestamp" : "1533204202" ,
"uuid" : "ab089f9c-349f-46f0-a2b2-ecfb3da24370" ,
"Attribute" : [
{
"category" : "Other" ,
"comment" : "" ,
"deleted" : false ,
"disable_correlation" : false ,
"object_relation" : "last-submission" ,
"timestamp" : "1533204202" ,
"to_ids" : false ,
"type" : "datetime" ,
"uuid" : "b040a225-fc25-4c02-b728-f603912b7697" ,
"value" : "2018-07-05T10:55:00"
} ,
{
"category" : "External analysis" ,
"comment" : "" ,
"deleted" : false ,
"disable_correlation" : false ,
"object_relation" : "permalink" ,
"timestamp" : "1533204203" ,
"to_ids" : false ,
"type" : "link" ,
"uuid" : "88fb41f1-a0d8-4613-a27c-127fdd79f71b" ,
"value" : "https://www.virustotal.com/file/e94284e487e59b53efab9d4584fca766883b916118c9a8ff59514087555e9a8e/analysis/1530788100/"
} ,
{
"category" : "Other" ,
"comment" : "" ,
"deleted" : false ,
"disable_correlation" : true ,
"object_relation" : "detection-ratio" ,
"timestamp" : "1533204203" ,
"to_ids" : false ,
"type" : "text" ,
"uuid" : "5c49008c-9f4f-46be-936b-b3e89bcedefa" ,
"value" : "48/67"
}
]
} ,
{
"comment" : "" ,
"deleted" : false ,
"description" : "VirusTotal report" ,
"meta-category" : "misc" ,
"name" : "virustotal-report" ,
"template_uuid" : "d7dd0154-e04f-4c34-a2fb-79f3a3a52aa4" ,
"template_version" : "2" ,
"timestamp" : "1533204203" ,
"uuid" : "db693d26-2826-4534-9718-84cf465571bc" ,
"Attribute" : [
{
"category" : "Other" ,
"comment" : "" ,
"deleted" : false ,
"disable_correlation" : false ,
"object_relation" : "last-submission" ,
"timestamp" : "1533204203" ,
"to_ids" : false ,
"type" : "datetime" ,
"uuid" : "a6f08c8a-389b-443f-8392-d683577b8359" ,
"value" : "2018-08-01T23:49:09"
} ,
{
"category" : "External analysis" ,
"comment" : "" ,
"deleted" : false ,
"disable_correlation" : false ,
"object_relation" : "permalink" ,
"timestamp" : "1533204204" ,
"to_ids" : false ,
"type" : "link" ,
"uuid" : "23854605-57d3-4c4c-b52e-e0f76fcc54b0" ,
"value" : "https://www.virustotal.com/file/02bf5fdb11eee6ede01cc061206fe98f60a6b5c90ffead31e8f0a87ccfa414ef/analysis/1533167349/"
} ,
{
"category" : "Other" ,
"comment" : "" ,
"deleted" : false ,
"disable_correlation" : true ,
"object_relation" : "detection-ratio" ,
"timestamp" : "1533204205" ,
"to_ids" : false ,
"type" : "text" ,
"uuid" : "46b9e96e-856d-4886-b317-f31a71f1e201" ,
"value" : "36/59"
}
]
} ,
{
"comment" : "" ,
"deleted" : false ,
"description" : "VirusTotal report" ,
"meta-category" : "misc" ,
"name" : "virustotal-report" ,
"template_uuid" : "d7dd0154-e04f-4c34-a2fb-79f3a3a52aa4" ,
"template_version" : "2" ,
"timestamp" : "1533204205" ,
"uuid" : "bc18676c-a419-4493-882b-dbffc94fae97" ,
"Attribute" : [
{
"category" : "Other" ,
"comment" : "" ,
"deleted" : false ,
"disable_correlation" : false ,
"object_relation" : "last-submission" ,
"timestamp" : "1533204205" ,
"to_ids" : false ,
"type" : "datetime" ,
"uuid" : "4b3fd073-64b5-4d98-88b3-9b10f1b6a899" ,
"value" : "2018-07-31T23:56:33"
} ,
{
"category" : "External analysis" ,
"comment" : "" ,
"deleted" : false ,
"disable_correlation" : false ,
"object_relation" : "permalink" ,
"timestamp" : "1533204205" ,
"to_ids" : false ,
"type" : "link" ,
"uuid" : "8f213639-c885-4015-9237-dcb58587a00d" ,
"value" : "https://www.virustotal.com/file/50a28a8ebc68b6c608a073278fbb4255912bf41fd0970192d439097af4670f81/analysis/1533081393/"
} ,
{
"category" : "Other" ,
"comment" : "" ,
"deleted" : false ,
"disable_correlation" : true ,
"object_relation" : "detection-ratio" ,
"timestamp" : "1533204206" ,
"to_ids" : false ,
"type" : "text" ,
"uuid" : "5a1325fe-8172-4afc-8a53-9a6fcb44c68e" ,
"value" : "48/68"
}
]
} ,
{
"comment" : "" ,
"deleted" : false ,
"description" : "VirusTotal report" ,
"meta-category" : "misc" ,
"name" : "virustotal-report" ,
"template_uuid" : "d7dd0154-e04f-4c34-a2fb-79f3a3a52aa4" ,
"template_version" : "2" ,
"timestamp" : "1533204206" ,
"uuid" : "4c400be1-7bc4-4c3e-ad25-0c0056e9a6da" ,
"Attribute" : [
{
"category" : "Other" ,
"comment" : "" ,
"deleted" : false ,
"disable_correlation" : false ,
"object_relation" : "last-submission" ,
"timestamp" : "1533204206" ,
"to_ids" : false ,
"type" : "datetime" ,
"uuid" : "815bce8f-9090-45ec-9b75-d1d992b21665" ,
"value" : "2018-08-02T00:05:39"
} ,
{
"category" : "External analysis" ,
"comment" : "" ,
"deleted" : false ,
"disable_correlation" : false ,
"object_relation" : "permalink" ,
"timestamp" : "1533204207" ,
"to_ids" : false ,
"type" : "link" ,
"uuid" : "f729015f-82c7-4ce3-82ca-29c870f12df8" ,
"value" : "https://www.virustotal.com/file/1967bd2047fd9dabe3d95bdaee7c8e7f8d5bd0e378968a634e157ec4d72db17c/analysis/1533168339/"
} ,
{
"category" : "Other" ,
"comment" : "" ,
"deleted" : false ,
"disable_correlation" : true ,
"object_relation" : "detection-ratio" ,
"timestamp" : "1533204207" ,
"to_ids" : false ,
"type" : "text" ,
"uuid" : "c058fdbf-c051-4377-9a58-e99faff08177" ,
"value" : "61/68"
}
]
} ,
{
"comment" : "" ,
"deleted" : false ,
"description" : "VirusTotal report" ,
"meta-category" : "misc" ,
"name" : "virustotal-report" ,
"template_uuid" : "d7dd0154-e04f-4c34-a2fb-79f3a3a52aa4" ,
"template_version" : "2" ,
"timestamp" : "1533204207" ,
"uuid" : "90f35bd9-30a9-467b-9f6e-7ed7648b7119" ,
"Attribute" : [
{
"category" : "Other" ,
"comment" : "" ,
"deleted" : false ,
"disable_correlation" : false ,
"object_relation" : "last-submission" ,
"timestamp" : "1533204207" ,
"to_ids" : false ,
"type" : "datetime" ,
"uuid" : "d5f94bd5-fc5a-4aee-a7d6-f51eeda67291" ,
"value" : "2018-07-05T10:53:51"
} ,
{
"category" : "External analysis" ,
"comment" : "" ,
"deleted" : false ,
"disable_correlation" : false ,
"object_relation" : "permalink" ,
"timestamp" : "1533204208" ,
"to_ids" : false ,
"type" : "link" ,
"uuid" : "1ffceaf7-f028-4f96-bf93-a2e29e09a4a0" ,
"value" : "https://www.virustotal.com/file/d0d02f811f7c07301e91536f2e1d908c1e67e68d89afbd2bc5bfa2cc747e67ec/analysis/1530788031/"
} ,
{
"category" : "Other" ,
"comment" : "" ,
"deleted" : false ,
"disable_correlation" : true ,
"object_relation" : "detection-ratio" ,
"timestamp" : "1533204208" ,
"to_ids" : false ,
"type" : "text" ,
"uuid" : "7eb90641-2c5d-4785-b834-92e79e6fa703" ,
"value" : "28/66"
}
]
} ,
{
"comment" : "" ,
"deleted" : false ,
"description" : "VirusTotal report" ,
"meta-category" : "misc" ,
"name" : "virustotal-report" ,
"template_uuid" : "d7dd0154-e04f-4c34-a2fb-79f3a3a52aa4" ,
"template_version" : "2" ,
"timestamp" : "1533204208" ,
"uuid" : "2e9f7a81-d071-4fa8-bb22-eae520f03d51" ,
"Attribute" : [
{
"category" : "Other" ,
"comment" : "" ,
"deleted" : false ,
"disable_correlation" : false ,
"object_relation" : "last-submission" ,
"timestamp" : "1533204208" ,
"to_ids" : false ,
"type" : "datetime" ,
"uuid" : "fefb306a-a08f-44c8-b831-2f868d3d74da" ,
"value" : "2018-07-05T10:54:11"
} ,
{
"category" : "External analysis" ,
"comment" : "" ,
"deleted" : false ,
"disable_correlation" : false ,
"object_relation" : "permalink" ,
"timestamp" : "1533204209" ,
"to_ids" : false ,
"type" : "link" ,
"uuid" : "07a85360-c323-45e7-aeac-b520d8ac5626" ,
"value" : "https://www.virustotal.com/file/293d5d84b2d4c4398e9e420c16c04dddf62132cd59cf7519109c6718c288adf3/analysis/1530788051/"
} ,
{
"category" : "Other" ,
"comment" : "" ,
"deleted" : false ,
"disable_correlation" : true ,
"object_relation" : "detection-ratio" ,
"timestamp" : "1533204209" ,
"to_ids" : false ,
"type" : "text" ,
"uuid" : "21dc7abb-a099-458c-9512-a670a6a4f220" ,
"value" : "43/67"
}
]
} ,
{
"comment" : "Japanese IP (Ucom-Corp)" ,
"deleted" : false ,
"description" : "A domain and IP address seen as a tuple in a specific time frame." ,
"meta-category" : "network" ,
"name" : "domain-ip" ,
"template_uuid" : "43b3b146-77eb-4931-b4cc-b66c60f28734" ,
"template_version" : "5" ,
"timestamp" : "1533542534" ,
"uuid" : "5b67f371-c338-4728-8972-40ad950d210f" ,
"Attribute" : [
{
"category" : "Network activity" ,
"comment" : "" ,
"deleted" : false ,
"disable_correlation" : false ,
"object_relation" : "ip" ,
"timestamp" : "1533542534" ,
"to_ids" : true ,
"type" : "ip-dst" ,
"uuid" : "5b67f371-0668-49a3-936d-4d4e950d210f" ,
"value" : "220.218.70.160"
} ,
{
"category" : "Network activity" ,
"comment" : "" ,
"deleted" : false ,
"disable_correlation" : false ,
"object_relation" : "domain" ,
"timestamp" : "1533542534" ,
"to_ids" : true ,
"type" : "domain" ,
"uuid" : "5b67f372-e180-4c42-ab01-4b0b950d210f" ,
"value" : "doc.internetdocss.com"
} ,
{
"category" : "Other" ,
"comment" : "" ,
"deleted" : false ,
"disable_correlation" : false ,
"object_relation" : "first-seen" ,
"timestamp" : "1533542534" ,
"to_ids" : false ,
"type" : "datetime" ,
"uuid" : "5b67f372-00f0-4dcc-bf3a-42fb950d210f" ,
"value" : "2017-06-28T00:00:00"
} ,
{
"category" : "Other" ,
"comment" : "" ,
"deleted" : false ,
"disable_correlation" : false ,
"object_relation" : "last-seen" ,
"timestamp" : "1533542534" ,
"to_ids" : false ,
"type" : "datetime" ,
"uuid" : "5b67f373-7f68-4967-805a-49a1950d210f" ,
"value" : "2017-09-14T00:00:00"
}
]
} ,
{
"comment" : "Japanese IP" ,
"deleted" : false ,
"description" : "A domain and IP address seen as a tuple in a specific time frame." ,
"meta-category" : "network" ,
"name" : "domain-ip" ,
"template_uuid" : "43b3b146-77eb-4931-b4cc-b66c60f28734" ,
"template_version" : "5" ,
"timestamp" : "1533540052" ,
"uuid" : "5b67f468-6ce0-48a4-9f9e-4e4f950d210f" ,
"Attribute" : [
{
"category" : "Network activity" ,
"comment" : "" ,
"deleted" : false ,
"disable_correlation" : false ,
"object_relation" : "ip" ,
"timestamp" : "1533540052" ,
"to_ids" : true ,
"type" : "ip-dst" ,
"uuid" : "5b67f468-cdb4-484c-84b8-4cd1950d210f" ,
"value" : "220.218.70.160"
} ,
{
"category" : "Network activity" ,
"comment" : "" ,
"deleted" : false ,
"disable_correlation" : false ,
"object_relation" : "domain" ,
"timestamp" : "1533540052" ,
"to_ids" : true ,
"type" : "domain" ,
"uuid" : "5b67f468-4638-4898-85a5-4358950d210f" ,
"value" : "220x218x70x160.ap220.ftth.ucom.ne.jp"
} ,
{
"category" : "Other" ,
"comment" : "" ,
"deleted" : false ,
"disable_correlation" : false ,
"object_relation" : "first-seen" ,
"timestamp" : "1533540052" ,
"to_ids" : false ,
"type" : "datetime" ,
"uuid" : "5b67f469-75b8-41a7-9e74-475d950d210f" ,
"value" : "2016-10-27T00:00:00"
} ,
{
"category" : "Other" ,
"comment" : "" ,
"deleted" : false ,
"disable_correlation" : false ,
"object_relation" : "last-seen" ,
"timestamp" : "1533540052" ,
"to_ids" : false ,
"type" : "datetime" ,
"uuid" : "5b67f46a-af44-4b33-a411-4b09950d210f" ,
"value" : "2018-04-18T00:00:00"
}
]
} ,
{
"comment" : "Japanese IP" ,
"deleted" : false ,
"description" : "A domain and IP address seen as a tuple in a specific time frame." ,
"meta-category" : "network" ,
"name" : "domain-ip" ,
"template_uuid" : "43b3b146-77eb-4931-b4cc-b66c60f28734" ,
"template_version" : "5" ,
"timestamp" : "1533540073" ,
"uuid" : "5b67f49b-b550-450a-aabc-4439950d210f" ,
"Attribute" : [
{
"category" : "Network activity" ,
"comment" : "" ,
"deleted" : false ,
"disable_correlation" : false ,
"object_relation" : "ip" ,
"timestamp" : "1533540073" ,
"to_ids" : true ,
"type" : "ip-dst" ,
"uuid" : "5b67f49b-cc84-4b9b-baf8-4a25950d210f" ,
"value" : "220.218.70.160"
} ,
{
"category" : "Network activity" ,
"comment" : "" ,
"deleted" : false ,
"disable_correlation" : false ,
"object_relation" : "domain" ,
"timestamp" : "1533540073" ,
"to_ids" : true ,
"type" : "domain" ,
"uuid" : "5b67f49c-d794-4a10-882d-4f8a950d210f" ,
"value" : "u2xu2.com"
} ,
{
"category" : "Other" ,
"comment" : "" ,
"deleted" : false ,
"disable_correlation" : false ,
"object_relation" : "first-seen" ,
"timestamp" : "1533540073" ,
"to_ids" : false ,
"type" : "datetime" ,
"uuid" : "5b67f49c-d4a4-471a-abb2-409a950d210f" ,
"value" : "2017-08-20T00:00:00"
} ,
{
"category" : "Other" ,
"comment" : "" ,
"deleted" : false ,
"disable_correlation" : false ,
"object_relation" : "last-seen" ,
"timestamp" : "1533540073" ,
"to_ids" : false ,
"type" : "datetime" ,
"uuid" : "5b67f49d-ef88-4789-9f54-49b3950d210f" ,
"value" : "2018-04-08T00:00:00"
}
]
} ,
{
"comment" : "Chinese IP belonging to Chinese VPS provider VPSQuan LLC." ,
"deleted" : false ,
"description" : "A domain and IP address seen as a tuple in a specific time frame." ,
"meta-category" : "network" ,
"name" : "domain-ip" ,
"template_uuid" : "43b3b146-77eb-4931-b4cc-b66c60f28734" ,
"template_version" : "5" ,
"timestamp" : "1533540227" ,
"uuid" : "5b67f783-02e0-44e8-8d8f-493f950d210f" ,
"Attribute" : [
{
"category" : "Network activity" ,
"comment" : "" ,
"deleted" : false ,
"disable_correlation" : false ,
"object_relation" : "ip" ,
"timestamp" : "1533540227" ,
"to_ids" : true ,
"type" : "ip-dst" ,
"uuid" : "5b67f783-0ed8-455c-ab2d-491e950d210f" ,
"value" : "198.44.172.97"
} ,
{
"category" : "Network activity" ,
"comment" : "" ,
"deleted" : false ,
"disable_correlation" : false ,
"object_relation" : "domain" ,
"timestamp" : "1533540228" ,
"to_ids" : true ,
"type" : "domain" ,
"uuid" : "5b67f784-f380-4b47-ba9e-412c950d210f" ,
"value" : "hktechy.com"
} ,
{
"category" : "Other" ,
"comment" : "" ,
"deleted" : false ,
"disable_correlation" : false ,
"object_relation" : "first-seen" ,
"timestamp" : "1533540228" ,
"to_ids" : false ,
"type" : "datetime" ,
"uuid" : "5b67f784-0b34-4a3e-b52d-49ee950d210f" ,
"value" : "2017-06-19T00:00:00"
}
]
} ,
{
"comment" : "2017 campaign dropper variant. Also\r\nobserved being deployed from Japanese IP\r\n220.218.70[.]160" ,
"deleted" : false ,
"description" : "File object describing a file with meta-information" ,
"meta-category" : "file" ,
"name" : "file" ,
"template_uuid" : "688c46fb-5edb-40a3-8273-1af7923e2215" ,
"template_version" : "11" ,
"timestamp" : "1534250192" ,
"uuid" : "5b67fc1a-9a38-404f-adcb-4b3a950d210f" ,
"ObjectReference" : [
{
"comment" : "" ,
"object_uuid" : "5b67fc1a-9a38-404f-adcb-4b3a950d210f" ,
"referenced_uuid" : "589e9254-4f90-490a-bc8c-fdea36be01b3" ,
2023-04-21 13:25:09 +00:00
"relationship_type" : "analysed-with" ,
2023-12-14 14:30:15 +00:00
"timestamp" : "1534250213" ,
"uuid" : "5b72cce5-0e0c-4262-b216-40de02de0b81"
}
] ,
"Attribute" : [
{
"category" : "Payload delivery" ,
"comment" : "" ,
"deleted" : false ,
"disable_correlation" : false ,
"object_relation" : "md5" ,
"timestamp" : "1533541402" ,
"to_ids" : true ,
"type" : "md5" ,
"uuid" : "5b67fc1a-278c-4103-b14f-4700950d210f" ,
"value" : "1412102eda0c2e5a5a85cb193dbb1524"
} ,
{
"category" : "Other" ,
"comment" : "" ,
"deleted" : false ,
"disable_correlation" : true ,
"object_relation" : "state" ,
"timestamp" : "1533541402" ,
"to_ids" : false ,
"type" : "text" ,
"uuid" : "5b67fc1a-c530-445a-a3df-4295950d210f" ,
"value" : "Malicious"
}
]
} ,
{
"comment" : "Observed being deployed from Japanese IP\r\n220.218.70[.]160. Sample not available at\r\ntime of research in malware multiscanner\r\nrepositories. Possible variant of 2017\r\ninfostealer or dropper." ,
"deleted" : false ,
"description" : "File object describing a file with meta-information" ,
"meta-category" : "file" ,
"name" : "file" ,
"template_uuid" : "688c46fb-5edb-40a3-8273-1af7923e2215" ,
"template_version" : "11" ,
"timestamp" : "1533541455" ,
"uuid" : "5b67fc4f-381c-4dbd-b49e-4e8b950d210f" ,
"Attribute" : [
{
"category" : "Payload delivery" ,
"comment" : "" ,
"deleted" : false ,
"disable_correlation" : false ,
"object_relation" : "md5" ,
"timestamp" : "1533541455" ,
"to_ids" : true ,
"type" : "md5" ,
"uuid" : "5b67fc4f-2814-443e-8af2-43bb950d210f" ,
"value" : "1b67183acc18d7641917f4fe07c1b053"
} ,
{
"category" : "Other" ,
"comment" : "" ,
"deleted" : false ,
"disable_correlation" : true ,
"object_relation" : "state" ,
"timestamp" : "1533541455" ,
"to_ids" : false ,
"type" : "text" ,
"uuid" : "5b67fc4f-168c-49a3-aaea-4060950d210f" ,
"value" : "Malicious"
}
]
} ,
{
"comment" : "2017 NetHelp infostealer variant" ,
"deleted" : false ,
"description" : "File object describing a file with meta-information" ,
"meta-category" : "file" ,
"name" : "file" ,
"template_uuid" : "688c46fb-5edb-40a3-8273-1af7923e2215" ,
"template_version" : "11" ,
"timestamp" : "1534250192" ,
"uuid" : "5b67fc62-4c2c-4fd6-b2a3-410e950d210f" ,
"ObjectReference" : [
{
"comment" : "" ,
"object_uuid" : "5b67fc62-4c2c-4fd6-b2a3-410e950d210f" ,
"referenced_uuid" : "8b4dbb0e-58a1-4630-be3d-83e95966a6cf" ,
2023-04-21 13:25:09 +00:00
"relationship_type" : "analysed-with" ,
2023-12-14 14:30:15 +00:00
"timestamp" : "1534250213" ,
"uuid" : "5b72cce5-f960-45c8-906b-446b02de0b81"
}
] ,
"Attribute" : [
{
"category" : "Payload delivery" ,
"comment" : "" ,
"deleted" : false ,
"disable_correlation" : false ,
"object_relation" : "md5" ,
"timestamp" : "1533541475" ,
"to_ids" : true ,
"type" : "md5" ,
"uuid" : "5b67fc63-58ac-42b0-9eb2-4b0d950d210f" ,
"value" : "6d1d6987d0677f40e473befab121ab1b"
} ,
{
"category" : "Other" ,
"comment" : "" ,
"deleted" : false ,
"disable_correlation" : true ,
"object_relation" : "state" ,
"timestamp" : "1533541475" ,
"to_ids" : false ,
"type" : "text" ,
"uuid" : "5b67fc63-64f8-415f-9568-4e99950d210f" ,
"value" : "Malicious"
}
]
} ,
{
"comment" : "SG IP (Choopa LLC)" ,
"deleted" : false ,
"description" : "A domain and IP address seen as a tuple in a specific time frame." ,
"meta-category" : "network" ,
"name" : "domain-ip" ,
"template_uuid" : "43b3b146-77eb-4931-b4cc-b66c60f28734" ,
"template_version" : "5" ,
"timestamp" : "1533542505" ,
"uuid" : "5b680069-22b0-45f4-aba4-427d950d210f" ,
"Attribute" : [
{
"category" : "Network activity" ,
"comment" : "" ,
"deleted" : false ,
"disable_correlation" : false ,
"object_relation" : "ip" ,
"timestamp" : "1533542505" ,
"to_ids" : true ,
"type" : "ip-dst" ,
"uuid" : "5b680069-5144-4b58-a388-422e950d210f" ,
"value" : "45.77.250.80"
} ,
{
"category" : "Network activity" ,
"comment" : "" ,
"deleted" : false ,
"disable_correlation" : false ,
"object_relation" : "domain" ,
"timestamp" : "1533542506" ,
"to_ids" : true ,
"type" : "domain" ,
"uuid" : "5b68006a-89b8-4e65-9898-4c0a950d210f" ,
"value" : "doc.internetdocss.com"
} ,
{
"category" : "Other" ,
"comment" : "" ,
"deleted" : false ,
"disable_correlation" : false ,
"object_relation" : "first-seen" ,
"timestamp" : "1533542506" ,
"to_ids" : false ,
"type" : "datetime" ,
"uuid" : "5b68006a-189c-4bd1-afe1-4005950d210f" ,
"value" : "2018-03-30T00:00:00"
} ,
{
"category" : "Other" ,
"comment" : "" ,
"deleted" : false ,
"disable_correlation" : false ,
"object_relation" : "last-seen" ,
"timestamp" : "1533542507" ,
"to_ids" : false ,
"type" : "datetime" ,
"uuid" : "5b68006b-7bf0-4e8f-a1b3-492a950d210f" ,
"value" : "2018-05-25T00:00:00"
}
]
} ,
{
"comment" : "HK IP (Cloudie Limited)" ,
"deleted" : false ,
"description" : "A domain and IP address seen as a tuple in a specific time frame." ,
"meta-category" : "network" ,
"name" : "domain-ip" ,
"template_uuid" : "43b3b146-77eb-4931-b4cc-b66c60f28734" ,
"template_version" : "5" ,
"timestamp" : "1533542765" ,
"uuid" : "5b68016d-a668-4301-8f51-4c52950d210f" ,
"Attribute" : [
{
"category" : "Network activity" ,
"comment" : "" ,
"deleted" : false ,
"disable_correlation" : false ,
"object_relation" : "ip" ,
"timestamp" : "1533542765" ,
"to_ids" : true ,
"type" : "ip-dst" ,
"uuid" : "5b68016d-abb4-4f57-8bf0-41aa950d210f" ,
"value" : "122.10.84.146"
} ,
{
"category" : "Network activity" ,
"comment" : "" ,
"deleted" : false ,
"disable_correlation" : false ,
"object_relation" : "domain" ,
"timestamp" : "1533542765" ,
"to_ids" : true ,
"type" : "domain" ,
"uuid" : "5b68016d-36e8-4aaf-9c96-4264950d210f" ,
"value" : "doc.internetdocss.com"
} ,
{
"category" : "Other" ,
"comment" : "" ,
"deleted" : false ,
"disable_correlation" : false ,
"object_relation" : "first-seen" ,
"timestamp" : "1533542766" ,
"to_ids" : false ,
"type" : "datetime" ,
"uuid" : "5b68016e-24a4-4c8e-a961-40e8950d210f" ,
"value" : "2018-02-08T00:00:00"
} ,
{
"category" : "Other" ,
"comment" : "" ,
"deleted" : false ,
"disable_correlation" : false ,
"object_relation" : "last-seen" ,
"timestamp" : "1533542766" ,
"to_ids" : false ,
"type" : "datetime" ,
"uuid" : "5b68016e-a4d4-4fc7-a5b2-40fb950d210f" ,
"value" : "2018-03-27T00:00:00"
}
]
} ,
{
"comment" : "SG IP " ,
"deleted" : false ,
"description" : "A domain and IP address seen as a tuple in a specific time frame." ,
"meta-category" : "network" ,
"name" : "domain-ip" ,
"template_uuid" : "43b3b146-77eb-4931-b4cc-b66c60f28734" ,
"template_version" : "5" ,
"timestamp" : "1533545596" ,
"uuid" : "5b680c7c-77a0-4e19-814b-4245950d210f" ,
"Attribute" : [
{
"category" : "Network activity" ,
"comment" : "" ,
"deleted" : false ,
"disable_correlation" : false ,
"object_relation" : "ip" ,
"timestamp" : "1533545596" ,
"to_ids" : true ,
"type" : "ip-dst" ,
"uuid" : "5b680c7c-bdd0-48f5-a872-47a6950d210f" ,
"value" : "45.77.250.80"
} ,
{
"category" : "Network activity" ,
"comment" : "" ,
"deleted" : false ,
"disable_correlation" : false ,
"object_relation" : "domain" ,
"timestamp" : "1533545596" ,
"to_ids" : true ,
"type" : "domain" ,
"uuid" : "5b680c7d-9cc0-4cd9-a434-4964950d210f" ,
"value" : "item.internetdocss.com"
} ,
{
"category" : "Other" ,
"comment" : "" ,
"deleted" : false ,
"disable_correlation" : false ,
"object_relation" : "first-seen" ,
"timestamp" : "1533545597" ,
"to_ids" : false ,
"type" : "datetime" ,
"uuid" : "5b680c7d-7690-4b01-a082-442c950d210f" ,
"value" : "2018-04-23T00:00:00"
} ,
{
"category" : "Other" ,
"comment" : "" ,
"deleted" : false ,
"disable_correlation" : false ,
"object_relation" : "last-seen" ,
"timestamp" : "1533545597" ,
"to_ids" : false ,
"type" : "datetime" ,
"uuid" : "5b680c7d-36f8-4867-9035-41bd950d210f" ,
"value" : "2018-05-01T00:00:00"
}
]
} ,
{
"comment" : "SG IP " ,
"deleted" : false ,
"description" : "A domain and IP address seen as a tuple in a specific time frame." ,
"meta-category" : "network" ,
"name" : "domain-ip" ,
"template_uuid" : "43b3b146-77eb-4931-b4cc-b66c60f28734" ,
"template_version" : "5" ,
"timestamp" : "1533547315" ,
"uuid" : "5b681333-943c-4633-9a90-45cd950d210f" ,
"Attribute" : [
{
"category" : "Network activity" ,
"comment" : "" ,
"deleted" : false ,
"disable_correlation" : false ,
"object_relation" : "ip" ,
"timestamp" : "1533547315" ,
"to_ids" : true ,
"type" : "ip-dst" ,
"uuid" : "5b681333-8408-4ff8-b7ca-4c97950d210f" ,
"value" : "45.77.250.80"
} ,
{
"category" : "Network activity" ,
"comment" : "" ,
"deleted" : false ,
"disable_correlation" : false ,
"object_relation" : "domain" ,
"timestamp" : "1533547316" ,
"to_ids" : true ,
"type" : "domain" ,
"uuid" : "5b681334-c1e4-4150-bdef-40fe950d210f" ,
"value" : "cfr.internetdocss.com"
} ,
{
"category" : "Other" ,
"comment" : "" ,
"deleted" : false ,
"disable_correlation" : false ,
"object_relation" : "first-seen" ,
"timestamp" : "1533547316" ,
"to_ids" : false ,
"type" : "datetime" ,
"uuid" : "5b681334-5d1c-42ae-b5fb-4146950d210f" ,
"value" : "2018-04-17T00:00:00"
} ,
{
"category" : "Other" ,
"comment" : "" ,
"deleted" : false ,
"disable_correlation" : false ,
"object_relation" : "last-seen" ,
"timestamp" : "1533547317" ,
"to_ids" : false ,
"type" : "datetime" ,
"uuid" : "5b681335-1da0-4302-aea8-42f6950d210f" ,
"value" : "2018-05-17T00:00:00"
}
]
} ,
{
"comment" : "SG IP " ,
"deleted" : false ,
"description" : "A domain and IP address seen as a tuple in a specific time frame." ,
"meta-category" : "network" ,
"name" : "domain-ip" ,
"template_uuid" : "43b3b146-77eb-4931-b4cc-b66c60f28734" ,
"template_version" : "5" ,
"timestamp" : "1533547602" ,
"uuid" : "5b681452-d5fc-45b4-af6f-4457950d210f" ,
"Attribute" : [
{
"category" : "Network activity" ,
"comment" : "" ,
"deleted" : false ,
"disable_correlation" : false ,
"object_relation" : "ip" ,
"timestamp" : "1533547602" ,
"to_ids" : true ,
"type" : "ip-dst" ,
"uuid" : "5b681452-1ce4-4f87-8860-4c27950d210f" ,
"value" : "45.77.250.80"
} ,
{
"category" : "Network activity" ,
"comment" : "" ,
"deleted" : false ,
"disable_correlation" : false ,
"object_relation" : "domain" ,
"timestamp" : "1533547602" ,
"to_ids" : true ,
"type" : "domain" ,
"uuid" : "5b681452-40ac-424c-ae55-453a950d210f" ,
"value" : "tootopia.internetdocss.com"
} ,
{
"category" : "Other" ,
"comment" : "" ,
"deleted" : false ,
"disable_correlation" : false ,
"object_relation" : "first-seen" ,
"timestamp" : "1533547603" ,
"to_ids" : false ,
"type" : "datetime" ,
"uuid" : "5b681453-c6d0-4822-bf06-4c2f950d210f" ,
"value" : "2018-04-23T00:00:00"
} ,
{
"category" : "Other" ,
"comment" : "" ,
"deleted" : false ,
"disable_correlation" : false ,
"object_relation" : "last-seen" ,
"timestamp" : "1533547603" ,
"to_ids" : false ,
"type" : "datetime" ,
"uuid" : "5b681453-8814-44e2-b362-49c2950d210f" ,
"value" : "2018-05-17T00:00:00"
}
]
} ,
{
"comment" : "SG IP " ,
"deleted" : false ,
"description" : "A domain and IP address seen as a tuple in a specific time frame." ,
"meta-category" : "network" ,
"name" : "domain-ip" ,
"template_uuid" : "43b3b146-77eb-4931-b4cc-b66c60f28734" ,
"template_version" : "5" ,
"timestamp" : "1533549066" ,
"uuid" : "5b681a0a-4ab0-4f37-a19f-4726950d210f" ,
"Attribute" : [
{
"category" : "Network activity" ,
"comment" : "" ,
"deleted" : false ,
"disable_correlation" : false ,
"object_relation" : "ip" ,
"timestamp" : "1533549066" ,
"to_ids" : true ,
"type" : "ip-dst" ,
"uuid" : "5b681a0a-84d0-4868-bd42-477c950d210f" ,
"value" : "45.77.250.80"
} ,
{
"category" : "Network activity" ,
"comment" : "" ,
"deleted" : false ,
"disable_correlation" : false ,
"object_relation" : "domain" ,
"timestamp" : "1533549067" ,
"to_ids" : true ,
"type" : "domain" ,
"uuid" : "5b681a0b-051c-4a8d-bd42-40f1950d210f" ,
"value" : "oc.internetdocss.com"
} ,
{
"category" : "Other" ,
"comment" : "" ,
"deleted" : false ,
"disable_correlation" : false ,
"object_relation" : "first-seen" ,
"timestamp" : "1533549068" ,
"to_ids" : false ,
"type" : "datetime" ,
"uuid" : "5b681a0c-0444-4a35-a5c3-4651950d210f" ,
"value" : "2018-03-06T00:00:00"
} ,
{
"category" : "Other" ,
"comment" : "" ,
"deleted" : false ,
"disable_correlation" : false ,
"object_relation" : "last-seen" ,
"timestamp" : "1533549069" ,
"to_ids" : false ,
"type" : "datetime" ,
"uuid" : "5b681a0d-92a8-4d11-86b6-43d5950d210f" ,
"value" : "2018-05-17T00:00:00"
}
]
} ,
{
"comment" : "SG IP " ,
"deleted" : false ,
"description" : "A domain and IP address seen as a tuple in a specific time frame." ,
"meta-category" : "network" ,
"name" : "domain-ip" ,
"template_uuid" : "43b3b146-77eb-4931-b4cc-b66c60f28734" ,
"template_version" : "5" ,
"timestamp" : "1533549098" ,
"uuid" : "5b681a2a-0324-4910-a7eb-415d950d210f" ,
"Attribute" : [
{
"category" : "Network activity" ,
"comment" : "" ,
"deleted" : false ,
"disable_correlation" : false ,
"object_relation" : "ip" ,
"timestamp" : "1533549099" ,
"to_ids" : true ,
"type" : "ip-dst" ,
"uuid" : "5b681a2b-fa40-40c2-9888-4676950d210f" ,
"value" : "45.77.250.80"
} ,
{
"category" : "Network activity" ,
"comment" : "" ,
"deleted" : false ,
"disable_correlation" : false ,
"object_relation" : "domain" ,
"timestamp" : "1533549100" ,
"to_ids" : true ,
"type" : "domain" ,
"uuid" : "5b681a2c-a6e8-49bc-8373-43d7950d210f" ,
"value" : "thewire.internetdocss.com"
} ,
{
"category" : "Other" ,
"comment" : "" ,
"deleted" : false ,
"disable_correlation" : false ,
"object_relation" : "first-seen" ,
"timestamp" : "1533549101" ,
"to_ids" : false ,
"type" : "datetime" ,
"uuid" : "5b681a2d-60e4-440f-9d75-40e7950d210f" ,
"value" : "2018-02-05T00:00:00"
} ,
{
"category" : "Other" ,
"comment" : "" ,
"deleted" : false ,
"disable_correlation" : false ,
"object_relation" : "last-seen" ,
"timestamp" : "1533549102" ,
"to_ids" : false ,
"type" : "datetime" ,
"uuid" : "5b681a2e-4324-4324-9bd8-48e3950d210f" ,
"value" : "2018-05-17T00:00:00"
}
]
} ,
{
"comment" : "SG IP" ,
"deleted" : false ,
"description" : "A domain and IP address seen as a tuple in a specific time frame." ,
"meta-category" : "network" ,
"name" : "domain-ip" ,
"template_uuid" : "43b3b146-77eb-4931-b4cc-b66c60f28734" ,
"template_version" : "5" ,
"timestamp" : "1533549132" ,
"uuid" : "5b681a4c-0d40-4247-8c55-45c7950d210f" ,
"Attribute" : [
{
"category" : "Network activity" ,
"comment" : "" ,
"deleted" : false ,
"disable_correlation" : false ,
"object_relation" : "ip" ,
"timestamp" : "1533549132" ,
"to_ids" : true ,
"type" : "ip-dst" ,
"uuid" : "5b681a4c-081c-4228-b329-4495950d210f" ,
"value" : "45.77.250.80"
} ,
{
"category" : "Network activity" ,
"comment" : "" ,
"deleted" : false ,
"disable_correlation" : false ,
"object_relation" : "domain" ,
"timestamp" : "1533549133" ,
"to_ids" : true ,
"type" : "domain" ,
"uuid" : "5b681a4d-56d0-4768-8601-40a0950d210f" ,
"value" : "tibet.internetdocss.com"
} ,
{
"category" : "Other" ,
"comment" : "" ,
"deleted" : false ,
"disable_correlation" : false ,
"object_relation" : "first-seen" ,
"timestamp" : "1533549134" ,
"to_ids" : false ,
"type" : "datetime" ,
"uuid" : "5b681a4e-c620-4581-8526-41be950d210f" ,
"value" : "2018-03-19T00:00:00"
} ,
{
"category" : "Other" ,
"comment" : "" ,
"deleted" : false ,
"disable_correlation" : false ,
"object_relation" : "last-seen" ,
"timestamp" : "1533549135" ,
"to_ids" : false ,
"type" : "datetime" ,
"uuid" : "5b681a4f-1848-4213-8043-4899950d210f" ,
"value" : "2018-05-17T00:00:00"
}
]
} ,
{
"comment" : "SG IP " ,
"deleted" : false ,
"description" : "A domain and IP address seen as a tuple in a specific time frame." ,
"meta-category" : "network" ,
"name" : "domain-ip" ,
"template_uuid" : "43b3b146-77eb-4931-b4cc-b66c60f28734" ,
"template_version" : "5" ,
"timestamp" : "1533549870" ,
"uuid" : "5b681d2e-bd1c-4726-882d-406e950d210f" ,
"Attribute" : [
{
"category" : "Network activity" ,
"comment" : "" ,
"deleted" : false ,
"disable_correlation" : false ,
"object_relation" : "ip" ,
"timestamp" : "1533549870" ,
"to_ids" : true ,
"type" : "ip-dst" ,
"uuid" : "5b681d2e-b0d0-4025-ba0f-48af950d210f" ,
"value" : "45.77.250.80"
} ,
{
"category" : "Network activity" ,
"comment" : "" ,
"deleted" : false ,
"disable_correlation" : false ,
"object_relation" : "domain" ,
"timestamp" : "1533549871" ,
"to_ids" : true ,
"type" : "domain" ,
"uuid" : "5b681d2f-da6c-43d3-8dbf-4921950d210f" ,
"value" : "savetibet.internetdocss.com"
} ,
{
"category" : "Other" ,
"comment" : "" ,
"deleted" : false ,
"disable_correlation" : false ,
"object_relation" : "first-seen" ,
"timestamp" : "1533549872" ,
"to_ids" : false ,
"type" : "datetime" ,
"uuid" : "5b681d30-6de4-4196-a03c-4b30950d210f" ,
"value" : "2018-03-19T00:00:00"
} ,
{
"category" : "Other" ,
"comment" : "" ,
"deleted" : false ,
"disable_correlation" : false ,
"object_relation" : "last-seen" ,
"timestamp" : "1533549873" ,
"to_ids" : false ,
"type" : "datetime" ,
"uuid" : "5b681d31-e028-484f-af4b-49f1950d210f" ,
"value" : "2018-05-17T00:00:00"
}
]
} ,
{
"comment" : "SG IP " ,
"deleted" : false ,
"description" : "A domain and IP address seen as a tuple in a specific time frame." ,
"meta-category" : "network" ,
"name" : "domain-ip" ,
"template_uuid" : "43b3b146-77eb-4931-b4cc-b66c60f28734" ,
"template_version" : "5" ,
"timestamp" : "1533550129" ,
"uuid" : "5b681e31-67a8-4296-8fb7-433c950d210f" ,
"Attribute" : [
{
"category" : "Network activity" ,
"comment" : "" ,
"deleted" : false ,
"disable_correlation" : false ,
"object_relation" : "ip" ,
"timestamp" : "1533550130" ,
"to_ids" : true ,
"type" : "ip-dst" ,
"uuid" : "5b681e32-2084-45d3-b780-478b950d210f" ,
"value" : "45.77.250.80"
} ,
{
"category" : "Network activity" ,
"comment" : "" ,
"deleted" : false ,
"disable_correlation" : false ,
"object_relation" : "domain" ,
"timestamp" : "1533550131" ,
"to_ids" : true ,
"type" : "domain" ,
"uuid" : "5b681e33-6584-4310-878b-49cb950d210f" ,
"value" : "blog.tibetcul.internetdocss.com"
} ,
{
"category" : "Other" ,
"comment" : "" ,
"deleted" : false ,
"disable_correlation" : false ,
"object_relation" : "first-seen" ,
"timestamp" : "1533550132" ,
"to_ids" : false ,
"type" : "datetime" ,
"uuid" : "5b681e34-c434-49c2-a435-4ecc950d210f" ,
"value" : "2018-03-19T00:00:00"
} ,
{
"category" : "Other" ,
"comment" : "" ,
"deleted" : false ,
"disable_correlation" : false ,
"object_relation" : "last-seen" ,
"timestamp" : "1533550133" ,
"to_ids" : false ,
"type" : "datetime" ,
"uuid" : "5b681e35-c2e4-489f-816f-40be950d210f" ,
"value" : "2018-05-17T00:00:00"
}
]
} ,
{
"comment" : "SG IP " ,
"deleted" : false ,
"description" : "A domain and IP address seen as a tuple in a specific time frame." ,
"meta-category" : "network" ,
"name" : "domain-ip" ,
"template_uuid" : "43b3b146-77eb-4931-b4cc-b66c60f28734" ,
"template_version" : "5" ,
"timestamp" : "1533550367" ,
"uuid" : "5b681f1f-e07c-416a-8a29-4057950d210f" ,
"Attribute" : [
{
"category" : "Network activity" ,
"comment" : "" ,
"deleted" : false ,
"disable_correlation" : false ,
"object_relation" : "ip" ,
"timestamp" : "1533550367" ,
"to_ids" : true ,
"type" : "ip-dst" ,
"uuid" : "5b681f1f-ba04-41ac-a8b1-4807950d210f" ,
"value" : "45.77.250.80"
} ,
{
"category" : "Network activity" ,
"comment" : "" ,
"deleted" : false ,
"disable_correlation" : false ,
"object_relation" : "domain" ,
"timestamp" : "1533550369" ,
"to_ids" : true ,
"type" : "domain" ,
"uuid" : "5b681f21-f590-41fa-b1be-41d2950d210f" ,
"value" : "rediff.internetdocss.com"
} ,
{
"category" : "Other" ,
"comment" : "" ,
"deleted" : false ,
"disable_correlation" : false ,
"object_relation" : "first-seen" ,
"timestamp" : "1533550370" ,
"to_ids" : false ,
"type" : "datetime" ,
"uuid" : "5b681f22-f554-4833-9fa4-4195950d210f" ,
"value" : "2018-03-19T00:00:00"
} ,
{
"category" : "Other" ,
"comment" : "" ,
"deleted" : false ,
"disable_correlation" : false ,
"object_relation" : "last-seen" ,
"timestamp" : "1533550371" ,
"to_ids" : false ,
"type" : "datetime" ,
"uuid" : "5b681f23-8ef8-41f4-9fcf-4ab5950d210f" ,
"value" : "2018-05-17T00:00:00"
}
]
} ,
{
"comment" : "SG IP " ,
"deleted" : false ,
"description" : "A domain and IP address seen as a tuple in a specific time frame." ,
"meta-category" : "network" ,
"name" : "domain-ip" ,
"template_uuid" : "43b3b146-77eb-4931-b4cc-b66c60f28734" ,
"template_version" : "5" ,
"timestamp" : "1533550694" ,
"uuid" : "5b682066-abf8-46ca-9b9b-484d950d210f" ,
"Attribute" : [
{
"category" : "Network activity" ,
"comment" : "" ,
"deleted" : false ,
"disable_correlation" : false ,
"object_relation" : "ip" ,
"timestamp" : "1533550694" ,
"to_ids" : true ,
"type" : "ip-dst" ,
"uuid" : "5b682066-abe4-4a35-a22c-4168950d210f" ,
"value" : "45.77.250.80"
} ,
{
"category" : "Network activity" ,
"comment" : "" ,
"deleted" : false ,
"disable_correlation" : false ,
"object_relation" : "domain" ,
"timestamp" : "1533550695" ,
"to_ids" : true ,
"type" : "domain" ,
"uuid" : "5b682067-ac14-4888-abeb-4874950d210f" ,
"value" : "ndtv.internetdocss.com"
} ,
{
"category" : "Other" ,
"comment" : "" ,
"deleted" : false ,
"disable_correlation" : false ,
"object_relation" : "first-seen" ,
"timestamp" : "1533550697" ,
"to_ids" : false ,
"type" : "datetime" ,
"uuid" : "5b682069-edb8-4b3b-9c01-4513950d210f" ,
"value" : "2018-03-19T00:00:00"
} ,
{
"category" : "Other" ,
"comment" : "" ,
"deleted" : false ,
"disable_correlation" : false ,
"object_relation" : "last-seen" ,
"timestamp" : "1533550698" ,
"to_ids" : false ,
"type" : "datetime" ,
"uuid" : "5b68206a-04ec-4bfa-a30a-4088950d210f" ,
"value" : "2018-05-17T00:00:00"
}
]
} ,
{
"comment" : "SG IP " ,
"deleted" : false ,
"description" : "A domain and IP address seen as a tuple in a specific time frame." ,
"meta-category" : "network" ,
"name" : "domain-ip" ,
"template_uuid" : "43b3b146-77eb-4931-b4cc-b66c60f28734" ,
"template_version" : "5" ,
"timestamp" : "1533550795" ,
"uuid" : "5b6820cb-7730-4294-af2c-4a2f950d210f" ,
"Attribute" : [
{
"category" : "Network activity" ,
"comment" : "" ,
"deleted" : false ,
"disable_correlation" : false ,
"object_relation" : "ip" ,
"timestamp" : "1533550795" ,
"to_ids" : true ,
"type" : "ip-dst" ,
"uuid" : "5b6820cb-1acc-4b4f-8e77-4136950d210f" ,
"value" : "45.77.250.80"
} ,
{
"category" : "Network activity" ,
"comment" : "" ,
"deleted" : false ,
"disable_correlation" : false ,
"object_relation" : "domain" ,
"timestamp" : "1533550796" ,
"to_ids" : true ,
"type" : "domain" ,
"uuid" : "5b6820cc-0684-4cd9-8531-4e63950d210f" ,
"value" : "business.internetdocss.com"
} ,
{
"category" : "Other" ,
"comment" : "" ,
"deleted" : false ,
"disable_correlation" : false ,
"object_relation" : "first-seen" ,
"timestamp" : "1533550797" ,
"to_ids" : false ,
"type" : "datetime" ,
"uuid" : "5b6820cd-2384-498b-a8ed-42d7950d210f" ,
"value" : "2018-03-19T00:00:00"
} ,
{
"category" : "Other" ,
"comment" : "" ,
"deleted" : false ,
"disable_correlation" : false ,
"object_relation" : "last-seen" ,
"timestamp" : "1533550798" ,
"to_ids" : false ,
"type" : "datetime" ,
"uuid" : "5b6820ce-2d54-472c-9ea6-4a7d950d210f" ,
"value" : "2018-05-17T00:00:00"
}
]
} ,
{
"comment" : "SG IP " ,
"deleted" : false ,
"description" : "A domain and IP address seen as a tuple in a specific time frame." ,
"meta-category" : "network" ,
"name" : "domain-ip" ,
"template_uuid" : "43b3b146-77eb-4931-b4cc-b66c60f28734" ,
"template_version" : "5" ,
"timestamp" : "1533551079" ,
"uuid" : "5b6821e7-aad4-4228-910a-4d8a950d210f" ,
"Attribute" : [
{
"category" : "Network activity" ,
"comment" : "" ,
"deleted" : false ,
"disable_correlation" : false ,
"object_relation" : "ip" ,
"timestamp" : "1533551079" ,
"to_ids" : true ,
"type" : "ip-dst" ,
"uuid" : "5b6821e7-1b00-4ee6-80cf-4875950d210f" ,
"value" : "45.77.250.80"
} ,
{
"category" : "Network activity" ,
"comment" : "" ,
"deleted" : false ,
"disable_correlation" : false ,
"object_relation" : "domain" ,
"timestamp" : "1533551079" ,
"to_ids" : true ,
"type" : "domain" ,
"uuid" : "5b6821e7-4c38-498a-9c67-4e5d950d210f" ,
"value" : "apple.internetdocss.com"
} ,
{
"category" : "Other" ,
"comment" : "" ,
"deleted" : false ,
"disable_correlation" : false ,
"object_relation" : "first-seen" ,
"timestamp" : "1533551080" ,
"to_ids" : false ,
"type" : "datetime" ,
"uuid" : "5b6821e8-6b6c-4593-957e-4b06950d210f" ,
"value" : "2018-03-19T00:00:00"
} ,
{
"category" : "Other" ,
"comment" : "" ,
"deleted" : false ,
"disable_correlation" : false ,
"object_relation" : "last-seen" ,
"timestamp" : "1533551080" ,
"to_ids" : false ,
"type" : "datetime" ,
"uuid" : "5b6821e8-aa40-49cc-a141-4efa950d210f" ,
"value" : "2018-05-17T00:00:00"
}
]
} ,
{
"comment" : "SG IP " ,
"deleted" : false ,
"description" : "A domain and IP address seen as a tuple in a specific time frame." ,
"meta-category" : "network" ,
"name" : "domain-ip" ,
"template_uuid" : "43b3b146-77eb-4931-b4cc-b66c60f28734" ,
"template_version" : "5" ,
"timestamp" : "1533551271" ,
"uuid" : "5b6822a7-f514-4918-a494-4246950d210f" ,
"Attribute" : [
{
"category" : "Network activity" ,
"comment" : "" ,
"deleted" : false ,
"disable_correlation" : false ,
"object_relation" : "ip" ,
"timestamp" : "1533551272" ,
"to_ids" : true ,
"type" : "ip-dst" ,
"uuid" : "5b6822a8-fdcc-404e-845a-4841950d210f" ,
"value" : "45.77.250.80"
} ,
{
"category" : "Network activity" ,
"comment" : "" ,
"deleted" : false ,
"disable_correlation" : false ,
"object_relation" : "domain" ,
"timestamp" : "1533551272" ,
"to_ids" : true ,
"type" : "domain" ,
"uuid" : "5b6822a8-f58c-4e6b-8fb9-4a1f950d210f" ,
"value" : "chinaaid.internetdocss.com"
} ,
{
"category" : "Other" ,
"comment" : "" ,
"deleted" : false ,
"disable_correlation" : false ,
"object_relation" : "first-seen" ,
"timestamp" : "1533551272" ,
"to_ids" : false ,
"type" : "datetime" ,
"uuid" : "5b6822a8-e3b0-4c55-87d7-4dd9950d210f" ,
"value" : "2018-04-25T00:00:00"
} ,
{
"category" : "Other" ,
"comment" : "" ,
"deleted" : false ,
"disable_correlation" : false ,
"object_relation" : "last-seen" ,
"timestamp" : "1533551273" ,
"to_ids" : false ,
"type" : "datetime" ,
"uuid" : "5b6822a9-0980-44e5-b5c1-41e0950d210f" ,
"value" : "2018-05-17T00:00:00"
}
]
} ,
{
"comment" : "SG IP " ,
"deleted" : false ,
"description" : "A domain and IP address seen as a tuple in a specific time frame." ,
"meta-category" : "network" ,
"name" : "domain-ip" ,
"template_uuid" : "43b3b146-77eb-4931-b4cc-b66c60f28734" ,
"template_version" : "5" ,
"timestamp" : "1533552325" ,
"uuid" : "5b6826c5-14a8-476f-9cf6-4867950d210f" ,
"Attribute" : [
{
"category" : "Network activity" ,
"comment" : "" ,
"deleted" : false ,
"disable_correlation" : false ,
"object_relation" : "ip" ,
"timestamp" : "1533552326" ,
"to_ids" : true ,
"type" : "ip-dst" ,
"uuid" : "5b6826c6-57a4-4a70-93d4-40dd950d210f" ,
"value" : "45.77.250.80"
} ,
{
"category" : "Network activity" ,
"comment" : "" ,
"deleted" : false ,
"disable_correlation" : false ,
"object_relation" : "domain" ,
"timestamp" : "1533552326" ,
"to_ids" : true ,
"type" : "domain" ,
"uuid" : "5b6826c6-e984-486a-a2b8-4430950d210f" ,
"value" : "epochtimes.internetdocss.com"
} ,
{
"category" : "Other" ,
"comment" : "" ,
"deleted" : false ,
"disable_correlation" : false ,
"object_relation" : "first-seen" ,
"timestamp" : "1533552327" ,
"to_ids" : false ,
"type" : "datetime" ,
"uuid" : "5b6826c7-c780-4046-996b-459a950d210f" ,
"value" : "2018-04-21T00:00:00"
} ,
{
"category" : "Other" ,
"comment" : "" ,
"deleted" : false ,
"disable_correlation" : false ,
"object_relation" : "last-seen" ,
"timestamp" : "1533552327" ,
"to_ids" : false ,
"type" : "datetime" ,
"uuid" : "5b6826c7-8acc-40eb-95f5-4874950d210f" ,
"value" : "2018-05-16T00:00:00"
}
]
} ,
{
"comment" : "SG IP " ,
"deleted" : false ,
"description" : "A domain and IP address seen as a tuple in a specific time frame." ,
"meta-category" : "network" ,
"name" : "domain-ip" ,
"template_uuid" : "43b3b146-77eb-4931-b4cc-b66c60f28734" ,
"template_version" : "5" ,
"timestamp" : "1533552356" ,
"uuid" : "5b6826e4-a924-400b-b8e4-44d5950d210f" ,
"Attribute" : [
{
"category" : "Network activity" ,
"comment" : "" ,
"deleted" : false ,
"disable_correlation" : false ,
"object_relation" : "ip" ,
"timestamp" : "1533552356" ,
"to_ids" : true ,
"type" : "ip-dst" ,
"uuid" : "5b6826e4-e664-4e97-9bc9-4c01950d210f" ,
"value" : "45.77.250.80"
} ,
{
"category" : "Network activity" ,
"comment" : "" ,
"deleted" : false ,
"disable_correlation" : false ,
"object_relation" : "domain" ,
"timestamp" : "1533552356" ,
"to_ids" : true ,
"type" : "domain" ,
"uuid" : "5b6826e4-a64c-4160-930a-4a6b950d210f" ,
"value" : "artvoice.internetdocss.com"
} ,
{
"category" : "Other" ,
"comment" : "" ,
"deleted" : false ,
"disable_correlation" : false ,
"object_relation" : "first-seen" ,
"timestamp" : "1533552357" ,
"to_ids" : false ,
"type" : "datetime" ,
"uuid" : "5b6826e5-3518-403f-8ee5-4f8b950d210f" ,
"value" : "2018-04-17T00:00:00"
} ,
{
"category" : "Other" ,
"comment" : "" ,
"deleted" : false ,
"disable_correlation" : false ,
"object_relation" : "last-seen" ,
"timestamp" : "1533552357" ,
"to_ids" : false ,
"type" : "datetime" ,
"uuid" : "5b6826e5-1a68-4db1-b5ed-4363950d210f" ,
"value" : "2018-05-16T00:00:00"
}
]
} ,
{
"comment" : "SG IP " ,
"deleted" : false ,
"description" : "A domain and IP address seen as a tuple in a specific time frame." ,
"meta-category" : "network" ,
"name" : "domain-ip" ,
"template_uuid" : "43b3b146-77eb-4931-b4cc-b66c60f28734" ,
"template_version" : "5" ,
"timestamp" : "1533552965" ,
"uuid" : "5b682945-f85c-4fce-a9a0-45ef950d210f" ,
"Attribute" : [
{
"category" : "Network activity" ,
"comment" : "" ,
"deleted" : false ,
"disable_correlation" : false ,
"object_relation" : "ip" ,
"timestamp" : "1533552965" ,
"to_ids" : true ,
"type" : "ip-dst" ,
"uuid" : "5b682945-64a8-4722-a3fb-4e15950d210f" ,
"value" : "45.77.250.80"
} ,
{
"category" : "Network activity" ,
"comment" : "" ,
"deleted" : false ,
"disable_correlation" : false ,
"object_relation" : "domain" ,
"timestamp" : "1533552965" ,
"to_ids" : true ,
"type" : "domain" ,
"uuid" : "5b682945-7af8-401f-b7f1-490d950d210f" ,
"value" : "docs.internetdocss.com"
} ,
{
"category" : "Other" ,
"comment" : "" ,
"deleted" : false ,
"disable_correlation" : false ,
"object_relation" : "first-seen" ,
"timestamp" : "1533552966" ,
"to_ids" : false ,
"type" : "datetime" ,
"uuid" : "5b682946-aa7c-4232-9fba-45a3950d210f" ,
"value" : "2018-02-05T00:00:00"
} ,
{
"category" : "Other" ,
"comment" : "" ,
"deleted" : false ,
"disable_correlation" : false ,
"object_relation" : "last-seen" ,
"timestamp" : "1533552966" ,
"to_ids" : false ,
"type" : "datetime" ,
"uuid" : "5b682946-b508-408a-aa93-4568950d210f" ,
"value" : "2018-05-16T00:00:00"
}
]
} ,
{
"comment" : "SG IP " ,
"deleted" : false ,
"description" : "A domain and IP address seen as a tuple in a specific time frame." ,
"meta-category" : "network" ,
"name" : "domain-ip" ,
"template_uuid" : "43b3b146-77eb-4931-b4cc-b66c60f28734" ,
"template_version" : "5" ,
"timestamp" : "1533553335" ,
"uuid" : "5b682ab7-6624-450d-8b75-46cc950d210f" ,
"Attribute" : [
{
"category" : "Network activity" ,
"comment" : "" ,
"deleted" : false ,
"disable_correlation" : false ,
"object_relation" : "ip" ,
"timestamp" : "1533553335" ,
"to_ids" : true ,
"type" : "ip-dst" ,
"uuid" : "5b682ab7-60cc-4916-bbba-44e0950d210f" ,
"value" : "45.77.250.80"
} ,
{
"category" : "Network activity" ,
"comment" : "" ,
"deleted" : false ,
"disable_correlation" : false ,
"object_relation" : "domain" ,
"timestamp" : "1533553335" ,
"to_ids" : true ,
"type" : "domain" ,
"uuid" : "5b682ab7-cff8-4859-b1aa-4273950d210f" ,
"value" : "www.apple.internetdocss.com"
} ,
{
"category" : "Other" ,
"comment" : "" ,
"deleted" : false ,
"disable_correlation" : false ,
"object_relation" : "first-seen" ,
"timestamp" : "1533553336" ,
"to_ids" : false ,
"type" : "datetime" ,
"uuid" : "5b682ab8-d478-437e-8181-45b8950d210f" ,
"value" : "2018-04-25T00:00:00"
} ,
{
"category" : "Other" ,
"comment" : "" ,
"deleted" : false ,
"disable_correlation" : false ,
"object_relation" : "last-seen" ,
"timestamp" : "1533553336" ,
"to_ids" : false ,
"type" : "datetime" ,
"uuid" : "5b682ab8-8038-4ca0-93cd-485a950d210f" ,
"value" : "2018-04-25T00:00:00"
}
]
} ,
{
"comment" : "SG IP " ,
"deleted" : false ,
"description" : "A domain and IP address seen as a tuple in a specific time frame." ,
"meta-category" : "network" ,
"name" : "domain-ip" ,
"template_uuid" : "43b3b146-77eb-4931-b4cc-b66c60f28734" ,
"template_version" : "5" ,
"timestamp" : "1533553512" ,
"uuid" : "5b682b68-c684-4e35-9dd8-4f73950d210f" ,
"Attribute" : [
{
"category" : "Network activity" ,
"comment" : "" ,
"deleted" : false ,
"disable_correlation" : false ,
"object_relation" : "ip" ,
"timestamp" : "1533553512" ,
"to_ids" : true ,
"type" : "ip-dst" ,
"uuid" : "5b682b68-fe74-442f-b95a-47c7950d210f" ,
"value" : "45.77.250.80"
} ,
{
"category" : "Network activity" ,
"comment" : "" ,
"deleted" : false ,
"disable_correlation" : false ,
"object_relation" : "domain" ,
"timestamp" : "1533553512" ,
"to_ids" : true ,
"type" : "domain" ,
"uuid" : "5b682b68-6688-4678-86bc-407d950d210f" ,
"value" : "www.doc.internetdocss.com"
} ,
{
"category" : "Other" ,
"comment" : "" ,
"deleted" : false ,
"disable_correlation" : false ,
"object_relation" : "first-seen" ,
"timestamp" : "1533553513" ,
"to_ids" : false ,
"type" : "datetime" ,
"uuid" : "5b682b69-a364-4c54-89dd-4c30950d210f" ,
"value" : "2018-04-23T00:00:00"
} ,
{
"category" : "Other" ,
"comment" : "" ,
"deleted" : false ,
"disable_correlation" : false ,
"object_relation" : "last-seen" ,
"timestamp" : "1533553513" ,
"to_ids" : false ,
"type" : "datetime" ,
"uuid" : "5b682b69-0894-4305-8c2b-40d6950d210f" ,
"value" : "2018-04-23T00:00:00"
}
]
} ,
{
"comment" : "SG IP " ,
"deleted" : false ,
"description" : "A domain and IP address seen as a tuple in a specific time frame." ,
"meta-category" : "network" ,
"name" : "domain-ip" ,
"template_uuid" : "43b3b146-77eb-4931-b4cc-b66c60f28734" ,
"template_version" : "5" ,
"timestamp" : "1533554951" ,
"uuid" : "5b683107-e504-49db-9aed-4ce8950d210f" ,
"Attribute" : [
{
"category" : "Network activity" ,
"comment" : "" ,
"deleted" : false ,
"disable_correlation" : false ,
"object_relation" : "ip" ,
"timestamp" : "1533554951" ,
"to_ids" : true ,
"type" : "ip-dst" ,
"uuid" : "5b683107-54f0-488c-8589-4eec950d210f" ,
"value" : "45.77.250.80"
} ,
{
"category" : "Network activity" ,
"comment" : "" ,
"deleted" : false ,
"disable_correlation" : false ,
"object_relation" : "domain" ,
"timestamp" : "1533554952" ,
"to_ids" : true ,
"type" : "domain" ,
"uuid" : "5b683108-b8a4-4dfc-8fbe-4025950d210f" ,
"value" : "doc.internetdocss.com"
} ,
{
"category" : "Other" ,
"comment" : "" ,
"deleted" : false ,
"disable_correlation" : false ,
"object_relation" : "first-seen" ,
"timestamp" : "1533554952" ,
"to_ids" : false ,
"type" : "datetime" ,
"uuid" : "5b683108-b6b8-4df3-b610-467e950d210f" ,
"value" : "2018-04-16T00:00:00"
} ,
{
"category" : "Other" ,
"comment" : "" ,
"deleted" : false ,
"disable_correlation" : false ,
"object_relation" : "last-seen" ,
"timestamp" : "1533554953" ,
"to_ids" : false ,
"type" : "datetime" ,
"uuid" : "5b683109-dfdc-4486-b4b8-482d950d210f" ,
"value" : "2018-04-18T00:00:00"
}
]
} ,
{
"comment" : "SG IP " ,
"deleted" : false ,
"description" : "A domain and IP address seen as a tuple in a specific time frame." ,
"meta-category" : "network" ,
"name" : "domain-ip" ,
"template_uuid" : "43b3b146-77eb-4931-b4cc-b66c60f28734" ,
"template_version" : "5" ,
"timestamp" : "1533554975" ,
"uuid" : "5b68311f-a2b0-440f-b8c9-446e950d210f" ,
"Attribute" : [
{
"category" : "Network activity" ,
"comment" : "" ,
"deleted" : false ,
"disable_correlation" : false ,
"object_relation" : "ip" ,
"timestamp" : "1533554976" ,
"to_ids" : true ,
"type" : "ip-dst" ,
"uuid" : "5b683120-0938-4fc3-bdad-4587950d210f" ,
"value" : "45.77.250.80"
} ,
{
"category" : "Network activity" ,
"comment" : "" ,
"deleted" : false ,
"disable_correlation" : false ,
"object_relation" : "domain" ,
"timestamp" : "1533554976" ,
"to_ids" : true ,
"type" : "domain" ,
"uuid" : "5b683120-4830-4ae3-a090-42f5950d210f" ,
"value" : "vot.internetdocss.com"
} ,
{
"category" : "Other" ,
"comment" : "" ,
"deleted" : false ,
"disable_correlation" : false ,
"object_relation" : "first-seen" ,
"timestamp" : "1533554976" ,
"to_ids" : false ,
"type" : "datetime" ,
"uuid" : "5b683120-dfe8-4e94-aa1e-4f91950d210f" ,
"value" : "2018-01-14T00:00:00"
} ,
{
"category" : "Other" ,
"comment" : "" ,
"deleted" : false ,
"disable_correlation" : false ,
"object_relation" : "last-seen" ,
"timestamp" : "1533554977" ,
"to_ids" : false ,
"type" : "datetime" ,
"uuid" : "5b683121-8328-4d24-b318-4347950d210f" ,
"value" : "2018-04-18T00:00:00"
}
]
} ,
{
"comment" : "SG IP " ,
"deleted" : false ,
"description" : "A domain and IP address seen as a tuple in a specific time frame." ,
"meta-category" : "network" ,
"name" : "domain-ip" ,
"template_uuid" : "43b3b146-77eb-4931-b4cc-b66c60f28734" ,
"template_version" : "5" ,
"timestamp" : "1533555013" ,
"uuid" : "5b683145-03a4-424b-bae8-4737950d210f" ,
"Attribute" : [
{
"category" : "Network activity" ,
"comment" : "" ,
"deleted" : false ,
"disable_correlation" : false ,
"object_relation" : "ip" ,
"timestamp" : "1533555013" ,
"to_ids" : true ,
"type" : "ip-dst" ,
"uuid" : "5b683145-f5a4-4139-9c48-4be3950d210f" ,
"value" : "45.77.250.80"
} ,
{
"category" : "Network activity" ,
"comment" : "" ,
"deleted" : false ,
"disable_correlation" : false ,
"object_relation" : "domain" ,
"timestamp" : "1533555013" ,
"to_ids" : true ,
"type" : "domain" ,
"uuid" : "5b683145-c8d4-4172-b7bd-4001950d210f" ,
"value" : "video.internetdocss.com"
} ,
{
"category" : "Other" ,
"comment" : "" ,
"deleted" : false ,
"disable_correlation" : false ,
"object_relation" : "first-seen" ,
"timestamp" : "1533555014" ,
"to_ids" : false ,
"type" : "datetime" ,
"uuid" : "5b683146-7200-4191-8f28-4ee9950d210f" ,
"value" : "2018-01-10T00:00:00"
} ,
{
"category" : "Other" ,
"comment" : "" ,
"deleted" : false ,
"disable_correlation" : false ,
"object_relation" : "last-seen" ,
"timestamp" : "1533555014" ,
"to_ids" : false ,
"type" : "datetime" ,
"uuid" : "5b683146-6298-480a-b1f8-42ea950d210f" ,
"value" : "2018-04-18T00:00:00"
}
]
} ,
{
"comment" : "SG IP " ,
"deleted" : false ,
"description" : "A domain and IP address seen as a tuple in a specific time frame." ,
"meta-category" : "network" ,
"name" : "domain-ip" ,
"template_uuid" : "43b3b146-77eb-4931-b4cc-b66c60f28734" ,
"template_version" : "5" ,
"timestamp" : "1533555036" ,
"uuid" : "5b68315c-a318-4645-86cb-448f950d210f" ,
"Attribute" : [
{
"category" : "Network activity" ,
"comment" : "" ,
"deleted" : false ,
"disable_correlation" : false ,
"object_relation" : "ip" ,
"timestamp" : "1533555036" ,
"to_ids" : true ,
"type" : "ip-dst" ,
"uuid" : "5b68315c-2864-4472-ac4b-464b950d210f" ,
"value" : "45.77.250.80"
} ,
{
"category" : "Network activity" ,
"comment" : "" ,
"deleted" : false ,
"disable_correlation" : false ,
"object_relation" : "domain" ,
"timestamp" : "1533555037" ,
"to_ids" : true ,
"type" : "domain" ,
"uuid" : "5b68315d-f408-496e-bec9-491b950d210f" ,
"value" : "my.anti-spammail.services"
} ,
{
"category" : "Other" ,
"comment" : "" ,
"deleted" : false ,
"disable_correlation" : false ,
"object_relation" : "first-seen" ,
"timestamp" : "1533555037" ,
"to_ids" : false ,
"type" : "datetime" ,
"uuid" : "5b68315d-1378-455c-96e5-49ee950d210f" ,
"value" : "2017-12-28T00:00:00"
} ,
{
"category" : "Other" ,
"comment" : "" ,
"deleted" : false ,
"disable_correlation" : false ,
"object_relation" : "last-seen" ,
"timestamp" : "1533555037" ,
"to_ids" : false ,
"type" : "datetime" ,
"uuid" : "5b68315d-b6e0-4c10-aa1b-4cf9950d210f" ,
"value" : "2018-04-07T00:00:00"
}
]
} ,
{
"comment" : "China IP (Shenzhen Katherine Heng Technology Information Co., Ltd.)" ,
"deleted" : false ,
"description" : "A domain and IP address seen as a tuple in a specific time frame." ,
"meta-category" : "network" ,
"name" : "domain-ip" ,
"template_uuid" : "43b3b146-77eb-4931-b4cc-b66c60f28734" ,
"template_version" : "5" ,
"timestamp" : "1533557563" ,
"uuid" : "5b683b3b-9bd8-4fa9-8352-4e8b950d210f" ,
"Attribute" : [
{
"category" : "Network activity" ,
"comment" : "" ,
"deleted" : false ,
"disable_correlation" : false ,
"object_relation" : "ip" ,
"timestamp" : "1533557564" ,
"to_ids" : true ,
"type" : "ip-dst" ,
"uuid" : "5b683b3c-ba78-445e-954e-4d99950d210f" ,
"value" : "144.48.220.167"
} ,
{
"category" : "Network activity" ,
"comment" : "" ,
"deleted" : false ,
"disable_correlation" : false ,
"object_relation" : "domain" ,
"timestamp" : "1533557564" ,
"to_ids" : true ,
"type" : "domain" ,
"uuid" : "5b683b3c-a820-4f73-9aad-4d34950d210f" ,
"value" : "u2xu2.com"
} ,
{
"category" : "Other" ,
"comment" : "" ,
"deleted" : false ,
"disable_correlation" : false ,
"object_relation" : "first-seen" ,
"timestamp" : "1533557564" ,
"to_ids" : false ,
"type" : "datetime" ,
"uuid" : "5b683b3c-1b8c-46e6-bff8-4c4a950d210f" ,
"value" : "2107-08-20T00:00:00"
} ,
{
"category" : "Other" ,
"comment" : "" ,
"deleted" : false ,
"disable_correlation" : false ,
"object_relation" : "last-seen" ,
"timestamp" : "1533557565" ,
"to_ids" : false ,
"type" : "datetime" ,
"uuid" : "5b683b3d-fdbc-4098-8146-4624950d210f" ,
"value" : "2017-09-07T00:00:00"
}
]
} ,
{
"comment" : "Hong Kong IP (Forewin Telecom Group Isp)" ,
"deleted" : false ,
"description" : "A domain and IP address seen as a tuple in a specific time frame." ,
"meta-category" : "network" ,
"name" : "domain-ip" ,
"template_uuid" : "43b3b146-77eb-4931-b4cc-b66c60f28734" ,
"template_version" : "5" ,
"timestamp" : "1533557772" ,
"uuid" : "5b683c0c-ef74-4489-a7b6-5955950d210f" ,
"Attribute" : [
{
"category" : "Network activity" ,
"comment" : "" ,
"deleted" : false ,
"disable_correlation" : false ,
"object_relation" : "ip" ,
"timestamp" : "1533557772" ,
"to_ids" : true ,
"type" : "ip-dst" ,
"uuid" : "5b683c0c-f38c-4946-a487-5955950d210f" ,
"value" : "27.126.179.158"
} ,
{
"category" : "Network activity" ,
"comment" : "" ,
"deleted" : false ,
"disable_correlation" : false ,
"object_relation" : "domain" ,
"timestamp" : "1533557772" ,
"to_ids" : true ,
"type" : "domain" ,
"uuid" : "5b683c0c-bfb0-4578-9bbe-5955950d210f" ,
"value" : "u2xu2.com"
} ,
{
"category" : "Other" ,
"comment" : "" ,
"deleted" : false ,
"disable_correlation" : false ,
"object_relation" : "first-seen" ,
"timestamp" : "1533557773" ,
"to_ids" : false ,
"type" : "datetime" ,
"uuid" : "5b683c0d-532c-4203-8509-5955950d210f" ,
"value" : "2017-09-07T00:00:00"
} ,
{
"category" : "Other" ,
"comment" : "" ,
"deleted" : false ,
"disable_correlation" : false ,
"object_relation" : "last-seen" ,
"timestamp" : "1533557773" ,
"to_ids" : false ,
"type" : "datetime" ,
"uuid" : "5b683c0d-418c-48e2-80fc-5955950d210f" ,
"value" : "2017-09-07T00:00:00"
}
]
} ,
{
"comment" : "Japan IP (UCom Corp)" ,
"deleted" : false ,
"description" : "A domain and IP address seen as a tuple in a specific time frame." ,
"meta-category" : "network" ,
"name" : "domain-ip" ,
"template_uuid" : "43b3b146-77eb-4931-b4cc-b66c60f28734" ,
"template_version" : "5" ,
"timestamp" : "1533557973" ,
"uuid" : "5b683cd5-0a60-4246-8575-4fd1950d210f" ,
"Attribute" : [
{
"category" : "Network activity" ,
"comment" : "" ,
"deleted" : false ,
"disable_correlation" : false ,
"object_relation" : "ip" ,
"timestamp" : "1533557974" ,
"to_ids" : true ,
"type" : "ip-dst" ,
"uuid" : "5b683cd6-3c94-4195-ba28-4e6d950d210f" ,
"value" : "220.218.70.160"
} ,
{
"category" : "Network activity" ,
"comment" : "" ,
"deleted" : false ,
"disable_correlation" : false ,
"object_relation" : "domain" ,
"timestamp" : "1533557974" ,
"to_ids" : true ,
"type" : "domain" ,
"uuid" : "5b683cd6-f1a4-46e9-b1f7-4511950d210f" ,
"value" : "u2xu2.com"
} ,
{
"category" : "Other" ,
"comment" : "" ,
"deleted" : false ,
"disable_correlation" : false ,
"object_relation" : "first-seen" ,
"timestamp" : "1533557975" ,
"to_ids" : false ,
"type" : "datetime" ,
"uuid" : "5b683cd7-2eb0-439a-82fd-4456950d210f" ,
"value" : "2017-08-20T00:00:00"
} ,
{
"category" : "Other" ,
"comment" : "" ,
"deleted" : false ,
"disable_correlation" : false ,
"object_relation" : "last-seen" ,
"timestamp" : "1533557975" ,
"to_ids" : false ,
"type" : "datetime" ,
"uuid" : "5b683cd7-5308-4223-893a-4acf950d210f" ,
"value" : "2018-04-08T00:00:00"
}
]
} ,
{
"comment" : "South Korean IP (Korea Telecom)" ,
"deleted" : false ,
"description" : "A domain and IP address seen as a tuple in a specific time frame." ,
"meta-category" : "network" ,
"name" : "domain-ip" ,
"template_uuid" : "43b3b146-77eb-4931-b4cc-b66c60f28734" ,
"template_version" : "5" ,
"timestamp" : "1533560363" ,
"uuid" : "5b68462b-45c4-4b41-9f65-41b2950d210f" ,
"Attribute" : [
{
"category" : "Network activity" ,
"comment" : "" ,
"deleted" : false ,
"disable_correlation" : false ,
"object_relation" : "ip" ,
"timestamp" : "1533560364" ,
"to_ids" : true ,
"type" : "ip-dst" ,
"uuid" : "5b68462c-24dc-4986-b31e-4115950d210f" ,
"value" : "211.44.63.39"
} ,
{
"category" : "Network activity" ,
"comment" : "" ,
"deleted" : false ,
"disable_correlation" : false ,
"object_relation" : "domain" ,
"timestamp" : "1533560364" ,
"to_ids" : true ,
"type" : "domain" ,
"uuid" : "5b68462c-1f04-437d-ac1f-46e1950d210f" ,
"value" : "u2xu2.com"
} ,
{
"category" : "Other" ,
"comment" : "" ,
"deleted" : false ,
"disable_correlation" : false ,
"object_relation" : "first-seen" ,
"timestamp" : "1533560365" ,
"to_ids" : false ,
"type" : "datetime" ,
"uuid" : "5b68462d-f5bc-4d93-8c60-429d950d210f" ,
"value" : "2017-08-20T00:00:00"
} ,
{
"category" : "Other" ,
"comment" : "" ,
"deleted" : false ,
"disable_correlation" : false ,
"object_relation" : "last-seen" ,
"timestamp" : "1533560365" ,
"to_ids" : false ,
"type" : "datetime" ,
"uuid" : "5b68462d-d608-40f4-b762-4a05950d210f" ,
"value" : "2018-05-27T00:00:00"
}
]
} ,
{
"comment" : "" ,
"deleted" : false ,
"description" : "File object describing a file with meta-information" ,
"meta-category" : "file" ,
"name" : "file" ,
"template_uuid" : "688c46fb-5edb-40a3-8273-1af7923e2215" ,
"template_version" : "11" ,
"timestamp" : "1533563573" ,
"uuid" : "5b6852b5-70f4-475c-8caa-8673950d210f" ,
"Attribute" : [
{
"category" : "Payload delivery" ,
"comment" : "" ,
"deleted" : false ,
"disable_correlation" : false ,
"object_relation" : "md5" ,
"timestamp" : "1533563573" ,
"to_ids" : true ,
"type" : "md5" ,
"uuid" : "5b6852b5-4a14-44e5-8ae3-8673950d210f" ,
"value" : "1929db297c9d7d88a6427b8603a7145b"
} ,
{
"category" : "Payload delivery" ,
"comment" : "" ,
"deleted" : false ,
"disable_correlation" : true ,
"object_relation" : "filename" ,
"timestamp" : "1533563573" ,
"to_ids" : true ,
"type" : "filename" ,
"uuid" : "5b6852b5-0970-47fc-a00c-8673950d210f" ,
"value" : "Microsoft_Word_97_-_2003___1.doc"
} ,
{
"category" : "Other" ,
"comment" : "" ,
"deleted" : false ,
"disable_correlation" : true ,
"object_relation" : "state" ,
"timestamp" : "1533563573" ,
"to_ids" : false ,
"type" : "text" ,
"uuid" : "5b6852b5-c078-42a8-8397-8673950d210f" ,
"value" : "Malicious"
}
]
} ,
{
"comment" : "HK IP (Forewin Telecom Group Limited)." ,
"deleted" : false ,
"description" : "A domain and IP address seen as a tuple in a specific time frame." ,
"meta-category" : "network" ,
"name" : "domain-ip" ,
"template_uuid" : "43b3b146-77eb-4931-b4cc-b66c60f28734" ,
"template_version" : "5" ,
"timestamp" : "1533564207" ,
"uuid" : "5b68552f-fc28-4fb4-b80b-c103950d210f" ,
"Attribute" : [
{
"category" : "Network activity" ,
"comment" : "" ,
"deleted" : false ,
"disable_correlation" : false ,
"object_relation" : "ip" ,
"timestamp" : "1533564207" ,
"to_ids" : true ,
"type" : "ip-dst" ,
"uuid" : "5b68552f-43bc-4281-86d9-c103950d210f" ,
"value" : "27.126.179.157"
} ,
{
"category" : "Network activity" ,
"comment" : "" ,
"deleted" : false ,
"disable_correlation" : false ,
"object_relation" : "domain" ,
"timestamp" : "1533564208" ,
"to_ids" : true ,
"type" : "domain" ,
"uuid" : "5b685530-8150-443a-a25e-c103950d210f" ,
"value" : "striker.internetdocss.com"
}
]
} ,
{
"comment" : "SSL cert was observed on all Forewin Telecom registered IPs in the range 27.126.179[.]156 \u00e2\u20ac\u201d 27.126.179[.]160." ,
"deleted" : false ,
"description" : "File object describing a file with meta-information" ,
"meta-category" : "file" ,
"name" : "file" ,
"template_uuid" : "688c46fb-5edb-40a3-8273-1af7923e2215" ,
"template_version" : "11" ,
"timestamp" : "1533564350" ,
"uuid" : "5b6855be-76a8-40dc-bfe2-494e950d210f" ,
"Attribute" : [
{
"category" : "Payload delivery" ,
"comment" : "" ,
"deleted" : false ,
"disable_correlation" : false ,
"object_relation" : "sha1" ,
"timestamp" : "1533564350" ,
"to_ids" : true ,
"type" : "sha1" ,
"uuid" : "5b6855be-39c4-4dcb-a34c-4a39950d210f" ,
"value" : "c8e61a4282589c93774be2cddc109599316087b7"
} ,
{
"category" : "Other" ,
"comment" : "" ,
"deleted" : false ,
"disable_correlation" : true ,
"object_relation" : "state" ,
"timestamp" : "1533564350" ,
"to_ids" : false ,
"type" : "text" ,
"uuid" : "5b6855be-4c1c-45a4-a9e7-4add950d210f" ,
"value" : "Malicious"
}
]
} ,
{
"comment" : "SSL cert was active on the 27.126.179[.]159 Forewin IP when it had tk.u2xu2[.]com pointing to it" ,
"deleted" : false ,
"description" : "File object describing a file with meta-information" ,
"meta-category" : "file" ,
"name" : "file" ,
"template_uuid" : "688c46fb-5edb-40a3-8273-1af7923e2215" ,
"template_version" : "11" ,
"timestamp" : "1533564490" ,
"uuid" : "5b68564a-409c-43d2-a63b-c086950d210f" ,
"Attribute" : [
{
"category" : "Payload delivery" ,
"comment" : "" ,
"deleted" : false ,
"disable_correlation" : false ,
"object_relation" : "sha1" ,
"timestamp" : "1533564491" ,
"to_ids" : true ,
"type" : "sha1" ,
"uuid" : "5b68564b-4094-44fb-87cb-c086950d210f" ,
"value" : "dd3f4da890fa00b0b6032d1141f54490c093c297"
} ,
{
"category" : "Other" ,
"comment" : "" ,
"deleted" : false ,
"disable_correlation" : true ,
"object_relation" : "state" ,
"timestamp" : "1533564491" ,
"to_ids" : false ,
"type" : "text" ,
"uuid" : "5b68564b-2578-47ac-a55c-c086950d210f" ,
"value" : "Malicious"
}
]
} ,
{
"comment" : "" ,
"deleted" : false ,
"description" : "A domain and IP address seen as a tuple in a specific time frame." ,
"meta-category" : "network" ,
"name" : "domain-ip" ,
"template_uuid" : "43b3b146-77eb-4931-b4cc-b66c60f28734" ,
"template_version" : "5" ,
"timestamp" : "1533627533" ,
"uuid" : "5b694c8d-d2d0-4373-83a1-4223950d210f" ,
"Attribute" : [
{
"category" : "Network activity" ,
"comment" : "" ,
"deleted" : false ,
"disable_correlation" : false ,
"object_relation" : "ip" ,
"timestamp" : "1533627533" ,
"to_ids" : true ,
"type" : "ip-dst" ,
"uuid" : "5b694c8d-bc20-4708-9794-46cb950d210f" ,
"value" : "7.126.179.159"
} ,
{
"category" : "Network activity" ,
"comment" : "" ,
"deleted" : false ,
"disable_correlation" : false ,
"object_relation" : "domain" ,
"timestamp" : "1533627533" ,
"to_ids" : true ,
"type" : "domain" ,
"uuid" : "5b694c8d-a0bc-499e-a4f3-4d03950d210f" ,
"value" : "http.ackques.com"
}
]
} ,
{
"comment" : "" ,
"deleted" : false ,
"description" : "A domain and IP address seen as a tuple in a specific time frame." ,
"meta-category" : "network" ,
"name" : "domain-ip" ,
"template_uuid" : "43b3b146-77eb-4931-b4cc-b66c60f28734" ,
"template_version" : "5" ,
"timestamp" : "1533628712" ,
"uuid" : "5b6950dc-d308-4352-ab07-474b950d210f" ,
"Attribute" : [
{
"category" : "Network activity" ,
"comment" : "" ,
"deleted" : false ,
"disable_correlation" : false ,
"object_relation" : "ip" ,
"timestamp" : "1533628712" ,
"to_ids" : true ,
"type" : "ip-dst" ,
"uuid" : "5b6950dc-ff50-47b1-b339-4686950d210f" ,
"value" : "122.10.84.146"
} ,
{
"category" : "Network activity" ,
"comment" : "" ,
"deleted" : false ,
"disable_correlation" : false ,
"object_relation" : "domain" ,
"timestamp" : "1533628712" ,
"to_ids" : true ,
"type" : "domain" ,
"uuid" : "5b6950dd-52e0-434b-9241-4d5a950d210f" ,
"value" : "sp.u2xu2.com"
} ,
{
"category" : "Other" ,
"comment" : "" ,
"deleted" : false ,
"disable_correlation" : false ,
"object_relation" : "first-seen" ,
"timestamp" : "1533628713" ,
"to_ids" : false ,
"type" : "datetime" ,
"uuid" : "5b695129-360c-4f7b-b25f-48fe950d210f" ,
"value" : "2018-03-23T00:00:00"
}
]
} ,
{
"comment" : "alternate\r\nMD5 should be 3a2b1a98c0a31ed32759f48df34b4bc8\u00e2\u20ac\u2039\r\nfirst-stage validator that includes a second stage payload that drops njRAT." ,
"deleted" : false ,
"description" : "File object describing a file with meta-information" ,
"meta-category" : "file" ,
"name" : "file" ,
"template_uuid" : "688c46fb-5edb-40a3-8273-1af7923e2215" ,
"template_version" : "11" ,
"timestamp" : "1533628890" ,
"uuid" : "5b6951da-54fc-4427-a661-4464950d210f" ,
"Attribute" : [
{
"category" : "Payload delivery" ,
"comment" : "" ,
"deleted" : false ,
"disable_correlation" : true ,
"object_relation" : "filename" ,
"timestamp" : "1533628890" ,
"to_ids" : true ,
"type" : "filename" ,
"uuid" : "5b6951da-4fe4-45bd-85a0-4f90950d210f" ,
"value" : "qww.exe"
} ,
{
"category" : "Other" ,
"comment" : "" ,
"deleted" : false ,
"disable_correlation" : true ,
"object_relation" : "state" ,
"timestamp" : "1533628890" ,
"to_ids" : false ,
"type" : "text" ,
"uuid" : "5b6951da-17ec-4a23-96e4-4199950d210f" ,
"value" : "Malicious"
}
]
} ,
{
"comment" : "version of njRAT (also\r\nknown as Bladibindi) hosted on the same 122.10.84.146 Hong Kong IP \r\nLikely related to the \u00e2\u20ac\u0153qww.exe\u00e2\u20ac\u009d validator." ,
"deleted" : false ,
"description" : "File object describing a file with meta-information" ,
"meta-category" : "file" ,
"name" : "file" ,
"template_uuid" : "688c46fb-5edb-40a3-8273-1af7923e2215" ,
"template_version" : "11" ,
"timestamp" : "1534250192" ,
"uuid" : "5b6957dc-9424-494b-964a-49ed950d210f" ,
"ObjectReference" : [
{
"comment" : "" ,
"object_uuid" : "5b6957dc-9424-494b-964a-49ed950d210f" ,
"referenced_uuid" : "71e73500-e019-4027-8696-5f48e8e0fd38" ,
2023-04-21 13:25:09 +00:00
"relationship_type" : "analysed-with" ,
2023-12-14 14:30:15 +00:00
"timestamp" : "1534250213" ,
"uuid" : "5b72cce5-8768-4c42-ada5-44fa02de0b81"
}
] ,
"Attribute" : [
{
"category" : "Payload delivery" ,
"comment" : "" ,
"deleted" : false ,
"disable_correlation" : false ,
"object_relation" : "md5" ,
"timestamp" : "1533630429" ,
"to_ids" : true ,
"type" : "md5" ,
"uuid" : "5b6957dd-8bbc-42f5-ba70-4531950d210f" ,
"value" : "c74608c70a59371cbf016316bebfab06"
} ,
{
"category" : "Payload delivery" ,
"comment" : "" ,
"deleted" : false ,
"disable_correlation" : true ,
"object_relation" : "filename" ,
"timestamp" : "1533630429" ,
"to_ids" : true ,
"type" : "filename" ,
"uuid" : "5b6957dd-b13c-4a7d-985d-48b6950d210f" ,
"value" : "serverdo7468.exe"
} ,
{
"category" : "Other" ,
"comment" : "" ,
"deleted" : false ,
"disable_correlation" : true ,
"object_relation" : "state" ,
"timestamp" : "1533630429" ,
"to_ids" : false ,
"type" : "text" ,
"uuid" : "5b6957dd-c3dc-4baa-9d35-45f0950d210f" ,
"value" : "Malicious"
}
]
} ,
{
"comment" : "" ,
"deleted" : false ,
"description" : "Whois records information for a domain name or an IP address." ,
"meta-category" : "network" ,
"name" : "whois" ,
"template_uuid" : "429faea1-34ff-47af-8a00-7c62d3be5a6a" ,
"template_version" : "10" ,
"timestamp" : "1533631617" ,
"uuid" : "5b695c81-e640-449a-a7c7-4a0e950d210f" ,
"Attribute" : [
{
"category" : "Attribution" ,
"comment" : "" ,
"deleted" : false ,
"disable_correlation" : false ,
"object_relation" : "registrant-email" ,
"timestamp" : "1533631617" ,
"to_ids" : false ,
"type" : "whois-registrant-email" ,
"uuid" : "5b695c81-92b0-492b-902f-4abb950d210f" ,
"value" : "steven-jain@outlook.com"
} ,
{
"category" : "Network activity" ,
"comment" : "" ,
"deleted" : false ,
"disable_correlation" : false ,
"object_relation" : "domain" ,
"timestamp" : "1533631618" ,
"to_ids" : true ,
"type" : "domain" ,
"uuid" : "5b695c82-a494-49a2-8702-4395950d210f" ,
"value" : "ktechy.com"
}
]
} ,
{
"comment" : "" ,
"deleted" : false ,
"description" : "Whois records information for a domain name or an IP address." ,
"meta-category" : "network" ,
"name" : "whois" ,
"template_uuid" : "429faea1-34ff-47af-8a00-7c62d3be5a6a" ,
"template_version" : "10" ,
"timestamp" : "1533631855" ,
"uuid" : "5b695d6f-e188-4826-9b69-4ecb950d210f" ,
"Attribute" : [
{
"category" : "Attribution" ,
"comment" : "" ,
"deleted" : false ,
"disable_correlation" : false ,
"object_relation" : "registrant-email" ,
"timestamp" : "1533631855" ,
"to_ids" : false ,
"type" : "whois-registrant-email" ,
"uuid" : "5b695d6f-bd1c-4571-a75c-4c1b950d210f" ,
"value" : "steven-jain@outlook.com"
} ,
{
"category" : "Network activity" ,
"comment" : "" ,
"deleted" : false ,
"disable_correlation" : false ,
"object_relation" : "domain" ,
"timestamp" : "1533631856" ,
"to_ids" : true ,
"type" : "domain" ,
"uuid" : "5b695d70-7270-4afc-859c-4e30950d210f" ,
"value" : "angtechy.com"
} ,
{
"category" : "Network activity" ,
"comment" : "" ,
"deleted" : false ,
"disable_correlation" : false ,
"object_relation" : "ip-address" ,
"timestamp" : "1533631857" ,
"to_ids" : true ,
"type" : "ip-src" ,
"uuid" : "5b695d71-305c-4846-a468-4554950d210f" ,
"value" : "15.126.39.107"
} ,
{
"category" : "Other" ,
"comment" : "" ,
"deleted" : false ,
"disable_correlation" : true ,
"object_relation" : "creation-date" ,
"timestamp" : "1533631857" ,
"to_ids" : false ,
"type" : "datetime" ,
"uuid" : "5b695d71-d858-4785-a9e1-452a950d210f" ,
"value" : "2017-06-20T00:00:00"
}
]
} ,
{
"comment" : "Spoofed Organization: China National Hotel Education Network (cqledi.org)" ,
"deleted" : false ,
"description" : "A domain and IP address seen as a tuple in a specific time frame." ,
"meta-category" : "network" ,
"name" : "domain-ip" ,
"template_uuid" : "43b3b146-77eb-4931-b4cc-b66c60f28734" ,
"template_version" : "5" ,
"timestamp" : "1533632430" ,
"uuid" : "5b695fae-b2a4-4cf6-8334-4e93950d210f" ,
"Attribute" : [
{
"category" : "Network activity" ,
"comment" : "" ,
"deleted" : false ,
"disable_correlation" : false ,
"object_relation" : "ip" ,
"timestamp" : "1533632430" ,
"to_ids" : true ,
"type" : "ip-dst" ,
"uuid" : "5b695fae-03bc-4a17-b2f8-4090950d210f" ,
"value" : "115.126.39.107"
} ,
{
"category" : "Network activity" ,
"comment" : "" ,
"deleted" : false ,
"disable_correlation" : false ,
"object_relation" : "domain" ,
"timestamp" : "1533632431" ,
"to_ids" : true ,
"type" : "domain" ,
"uuid" : "5b695faf-2260-4cb4-81fc-4ad0950d210f" ,
"value" : "cqledu.com"
}
]
} ,
{
"comment" : "Spoofed Organization: AOL webmail (mail.aol.com)" ,
"deleted" : false ,
"description" : "A domain and IP address seen as a tuple in a specific time frame." ,
"meta-category" : "network" ,
"name" : "domain-ip" ,
"template_uuid" : "43b3b146-77eb-4931-b4cc-b66c60f28734" ,
"template_version" : "5" ,
"timestamp" : "1533632483" ,
"uuid" : "5b695fe3-aadc-45f7-ac2b-4416950d210f" ,
"Attribute" : [
{
"category" : "Network activity" ,
"comment" : "" ,
"deleted" : false ,
"disable_correlation" : false ,
"object_relation" : "ip" ,
"timestamp" : "1533632483" ,
"to_ids" : true ,
"type" : "ip-dst" ,
"uuid" : "5b695fe3-936c-4cbb-9d22-41d7950d210f" ,
"value" : "115.126.39.107"
} ,
{
"category" : "Network activity" ,
"comment" : "" ,
"deleted" : false ,
"disable_correlation" : false ,
"object_relation" : "domain" ,
"timestamp" : "1533632484" ,
"to_ids" : true ,
"type" : "domain" ,
"uuid" : "5b695fe4-f1d8-4706-bf7a-439b950d210f" ,
"value" : "mail-aol.space"
}
]
} ,
{
"comment" : "Spoofed Organization: Google Drive (drive.google.com)" ,
"deleted" : false ,
"description" : "A domain and IP address seen as a tuple in a specific time frame." ,
"meta-category" : "network" ,
"name" : "domain-ip" ,
"template_uuid" : "43b3b146-77eb-4931-b4cc-b66c60f28734" ,
"template_version" : "5" ,
"timestamp" : "1533632603" ,
"uuid" : "5b696006-2e38-4f9f-a314-480f950d210f" ,
"Attribute" : [
{
"category" : "Network activity" ,
"comment" : "" ,
"deleted" : false ,
"disable_correlation" : false ,
"object_relation" : "ip" ,
"timestamp" : "1533632603" ,
"to_ids" : true ,
"type" : "ip-dst" ,
"uuid" : "5b696007-e8a4-44e7-b333-457e950d210f" ,
"value" : "115.126.39.107"
} ,
{
"category" : "Network activity" ,
"comment" : "" ,
"deleted" : false ,
"disable_correlation" : false ,
"object_relation" : "domain" ,
"timestamp" : "1533632603" ,
"to_ids" : true ,
"type" : "domain" ,
"uuid" : "5b696007-752c-47e1-b53c-40a2950d210f" ,
"value" : "drlve-gooog1e.com"
}
]
} ,
{
"comment" : "Spoofed Organization: Microsoft Live (login.live.com)" ,
"deleted" : false ,
"description" : "A domain and IP address seen as a tuple in a specific time frame." ,
"meta-category" : "network" ,
"name" : "domain-ip" ,
"template_uuid" : "43b3b146-77eb-4931-b4cc-b66c60f28734" ,
"template_version" : "5" ,
"timestamp" : "1533632559" ,
"uuid" : "5b69602f-90e8-466d-aa74-4a12950d210f" ,
"Attribute" : [
{
"category" : "Network activity" ,
"comment" : "" ,
"deleted" : false ,
"disable_correlation" : false ,
"object_relation" : "ip" ,
"timestamp" : "1533632559" ,
"to_ids" : true ,
"type" : "ip-dst" ,
"uuid" : "5b69602f-d100-4112-95c5-4f5f950d210f" ,
"value" : "115.126.39.107"
} ,
{
"category" : "Network activity" ,
"comment" : "" ,
"deleted" : false ,
"disable_correlation" : false ,
"object_relation" : "domain" ,
"timestamp" : "1533632560" ,
"to_ids" : true ,
"type" : "domain" ,
"uuid" : "5b696030-4080-45ef-b31a-444b950d210f" ,
"value" : "login-live.space"
}
]
} ,
{
"comment" : "Spoofed Organization: Department of Special Investigations, Ministry of Justice of Thailand (mail.dsi.go.th)" ,
"deleted" : false ,
"description" : "A domain and IP address seen as a tuple in a specific time frame." ,
"meta-category" : "network" ,
"name" : "domain-ip" ,
"template_uuid" : "43b3b146-77eb-4931-b4cc-b66c60f28734" ,
"template_version" : "5" ,
"timestamp" : "1533632626" ,
"uuid" : "5b696072-e840-4ab7-8f2b-4eec950d210f" ,
"Attribute" : [
{
"category" : "Network activity" ,
"comment" : "" ,
"deleted" : false ,
"disable_correlation" : false ,
"object_relation" : "ip" ,
"timestamp" : "1533632626" ,
"to_ids" : true ,
"type" : "ip-dst" ,
"uuid" : "5b696072-bebc-4c9e-af90-4ebb950d210f" ,
"value" : "115.126.39.107"
} ,
{
"category" : "Network activity" ,
"comment" : "" ,
"deleted" : false ,
"disable_correlation" : false ,
"object_relation" : "domain" ,
"timestamp" : "1533632627" ,
"to_ids" : true ,
"type" : "domain" ,
"uuid" : "5b696073-a3e0-4243-b082-430c950d210f" ,
"value" : "mail-dsi-go.space"
}
]
} ,
{
"comment" : "Spoofed Organization: Epoch Times, founded by Chinese-American Falun Gong practitioners (mail.epochtimes.com)" ,
"deleted" : false ,
"description" : "A domain and IP address seen as a tuple in a specific time frame." ,
"meta-category" : "network" ,
"name" : "domain-ip" ,
"template_uuid" : "43b3b146-77eb-4931-b4cc-b66c60f28734" ,
"template_version" : "5" ,
"timestamp" : "1533632677" ,
"uuid" : "5b6960a5-8d20-405e-a193-4e1d950d210f" ,
"Attribute" : [
{
"category" : "Network activity" ,
"comment" : "" ,
"deleted" : false ,
"disable_correlation" : false ,
"object_relation" : "ip" ,
"timestamp" : "1533632677" ,
"to_ids" : true ,
"type" : "ip-dst" ,
"uuid" : "5b6960a5-386c-4a97-908c-4d0e950d210f" ,
"value" : "115.126.39.107"
} ,
{
"category" : "Network activity" ,
"comment" : "" ,
"deleted" : false ,
"disable_correlation" : false ,
"object_relation" : "domain" ,
"timestamp" : "1533632678" ,
"to_ids" : true ,
"type" : "domain" ,
"uuid" : "5b6960a6-b9c4-4418-bec7-46da950d210f" ,
"value" : "mail-epochtimes.space"
}
]
} ,
{
"comment" : "Spoofed Organization: Sri Lankan Ministry of Defence (mail.defence.lk)" ,
"deleted" : false ,
"description" : "A domain and IP address seen as a tuple in a specific time frame." ,
"meta-category" : "network" ,
"name" : "domain-ip" ,
"template_uuid" : "43b3b146-77eb-4931-b4cc-b66c60f28734" ,
"template_version" : "5" ,
"timestamp" : "1533632703" ,
"uuid" : "5b6960bf-e118-455d-a813-0b55950d210f" ,
"Attribute" : [
{
"category" : "Network activity" ,
"comment" : "" ,
"deleted" : false ,
"disable_correlation" : false ,
"object_relation" : "ip" ,
"timestamp" : "1533632703" ,
"to_ids" : true ,
"type" : "ip-dst" ,
"uuid" : "5b6960bf-1be0-479d-9020-0b55950d210f" ,
"value" : "115.126.39.107"
} ,
{
"category" : "Network activity" ,
"comment" : "" ,
"deleted" : false ,
"disable_correlation" : false ,
"object_relation" : "domain" ,
"timestamp" : "1533632704" ,
"to_ids" : true ,
"type" : "domain" ,
"uuid" : "5b6960c0-f780-41c5-ad14-0b55950d210f" ,
"value" : "mail-defense.tk"
}
]
} ,
{
"comment" : "Spoofed Organization: Official website of His Holiness the Dalai Lama (webmail.dalailama.com)" ,
"deleted" : false ,
"description" : "A domain and IP address seen as a tuple in a specific time frame." ,
"meta-category" : "network" ,
"name" : "domain-ip" ,
"template_uuid" : "43b3b146-77eb-4931-b4cc-b66c60f28734" ,
"template_version" : "5" ,
"timestamp" : "1533632732" ,
"uuid" : "5b6960dc-86ec-4f89-b8dd-4088950d210f" ,
"Attribute" : [
{
"category" : "Network activity" ,
"comment" : "" ,
"deleted" : false ,
"disable_correlation" : false ,
"object_relation" : "ip" ,
"timestamp" : "1533632732" ,
"to_ids" : true ,
"type" : "ip-dst" ,
"uuid" : "5b6960dc-452c-4c8f-98b7-4daa950d210f" ,
"value" : "115.126.39.107"
} ,
{
"category" : "Network activity" ,
"comment" : "" ,
"deleted" : false ,
"disable_correlation" : false ,
"object_relation" : "domain" ,
"timestamp" : "1533632733" ,
"to_ids" : true ,
"type" : "domain" ,
"uuid" : "5b6960dd-b910-471c-817e-42da950d210f" ,
"value" : "webmail-dalailama.com"
}
]
} ,
{
"comment" : "Spoofed Organization: Youxinpai (Beijing) Information Technology Co., Ltd. (Chinese used car auction site)" ,
"deleted" : false ,
"description" : "A domain and IP address seen as a tuple in a specific time frame." ,
"meta-category" : "network" ,
"name" : "domain-ip" ,
"template_uuid" : "43b3b146-77eb-4931-b4cc-b66c60f28734" ,
"template_version" : "5" ,
"timestamp" : "1533632759" ,
"uuid" : "5b6960f7-3ba8-42cc-a2f7-402d950d210f" ,
"Attribute" : [
{
"category" : "Network activity" ,
"comment" : "" ,
"deleted" : false ,
"disable_correlation" : false ,
"object_relation" : "ip" ,
"timestamp" : "1533632759" ,
"to_ids" : true ,
"type" : "ip-dst" ,
"uuid" : "5b6960f7-a7a4-4a1c-a6d0-4459950d210f" ,
"value" : "115.126.39.107"
} ,
{
"category" : "Network activity" ,
"comment" : "" ,
"deleted" : false ,
"disable_correlation" : false ,
"object_relation" : "domain" ,
"timestamp" : "1533632760" ,
"to_ids" : true ,
"type" : "domain" ,
"uuid" : "5b6960f8-45e0-40ae-9a50-4b69950d210f" ,
"value" : "mail.youxinpai.com"
}
]
} ,
{
"comment" : "Spoofed Organization: Possibly a reference to \u00e2\u20ac\u2039GALVmed\u00e2\u20ac\u2122s\u00e2\u20ac\u2039 \u00e2\u20ac\u0153protecting livestock, saving human life\u00e2\u20ac\u009d mission statement. GALVmed stands for the Global Alliance for Livestock Veterinary Medicines." ,
"deleted" : false ,
"description" : "A domain and IP address seen as a tuple in a specific time frame." ,
"meta-category" : "network" ,
"name" : "domain-ip" ,
"template_uuid" : "43b3b146-77eb-4931-b4cc-b66c60f28734" ,
"template_version" : "5" ,
"timestamp" : "1533632804" ,
"uuid" : "5b696124-92cc-4823-9c30-40ab950d210f" ,
"Attribute" : [
{
"category" : "Network activity" ,
"comment" : "" ,
"deleted" : false ,
"disable_correlation" : false ,
"object_relation" : "ip" ,
"timestamp" : "1533632805" ,
"to_ids" : true ,
"type" : "ip-dst" ,
"uuid" : "5b696125-0d9c-47d4-afac-46af950d210f" ,
"value" : "115.126.39.107"
} ,
{
"category" : "Network activity" ,
"comment" : "" ,
"deleted" : false ,
"disable_correlation" : false ,
"object_relation" : "domain" ,
"timestamp" : "1533632805" ,
"to_ids" : true ,
"type" : "domain" ,
"uuid" : "5b696125-d280-4ff4-9a59-4bef950d210f" ,
"value" : "plshl.com"
}
]
} ,
{
"comment" : "Spoofed Organization: Webmail login for Myanmar Posts and Telecommunications (webmail.mpt.net.mm)" ,
"deleted" : false ,
"description" : "A domain and IP address seen as a tuple in a specific time frame." ,
"meta-category" : "network" ,
"name" : "domain-ip" ,
"template_uuid" : "43b3b146-77eb-4931-b4cc-b66c60f28734" ,
"template_version" : "5" ,
"timestamp" : "1533632827" ,
"uuid" : "5b69613b-db30-4ec1-852f-44bc950d210f" ,
"Attribute" : [
{
"category" : "Network activity" ,
"comment" : "" ,
"deleted" : false ,
"disable_correlation" : false ,
"object_relation" : "ip" ,
"timestamp" : "1533632827" ,
"to_ids" : true ,
"type" : "ip-dst" ,
"uuid" : "5b69613b-4968-4d42-8646-427f950d210f" ,
"value" : "115.126.39.107"
} ,
{
"category" : "Network activity" ,
"comment" : "" ,
"deleted" : false ,
"disable_correlation" : false ,
"object_relation" : "domain" ,
"timestamp" : "1533632827" ,
"to_ids" : true ,
"type" : "domain" ,
"uuid" : "5b69613b-509c-430f-8249-4a38950d210f" ,
"value" : "webmail-mpt.space"
}
]
} ,
{
"comment" : "Spoofed Organization: Likely impersonating a website for exiled Chinese billionaire, Guo Wengui, who has made allegations of corruption against high-ranking individuals in the Communist Party of China." ,
"deleted" : false ,
"description" : "A domain and IP address seen as a tuple in a specific time frame." ,
"meta-category" : "network" ,
"name" : "domain-ip" ,
"template_uuid" : "43b3b146-77eb-4931-b4cc-b66c60f28734" ,
"template_version" : "5" ,
"timestamp" : "1533632848" ,
"uuid" : "5b696150-9900-466c-8b82-45a8950d210f" ,
"Attribute" : [
{
"category" : "Network activity" ,
"comment" : "" ,
"deleted" : false ,
"disable_correlation" : false ,
"object_relation" : "ip" ,
"timestamp" : "1533632849" ,
"to_ids" : true ,
"type" : "ip-dst" ,
"uuid" : "5b696151-453c-4104-ac5a-4553950d210f" ,
"value" : "115.126.39.107"
} ,
{
"category" : "Network activity" ,
"comment" : "" ,
"deleted" : false ,
"disable_correlation" : false ,
"object_relation" : "domain" ,
"timestamp" : "1533632849" ,
"to_ids" : true ,
"type" : "domain" ,
"uuid" : "5b696151-6be0-4d2e-b676-4e8d950d210f" ,
"value" : "wengiguowengui.space"
}
]
} ,
{
"comment" : "" ,
"deleted" : false ,
"description" : "A domain and IP address seen as a tuple in a specific time frame." ,
"meta-category" : "network" ,
"name" : "domain-ip" ,
"template_uuid" : "43b3b146-77eb-4931-b4cc-b66c60f28734" ,
"template_version" : "5" ,
"timestamp" : "1533633829" ,
"uuid" : "5b69642b-02cc-49b3-b97c-44f5950d210f" ,
"Attribute" : [
{
"category" : "Network activity" ,
"comment" : "" ,
"deleted" : false ,
"disable_correlation" : false ,
"object_relation" : "ip" ,
"timestamp" : "1533633829" ,
"to_ids" : true ,
"type" : "ip-dst" ,
"uuid" : "5b69642c-7024-46be-bbb9-4fb1950d210f" ,
"value" : "27.126.179.159"
} ,
{
"category" : "Network activity" ,
"comment" : "" ,
"deleted" : false ,
"disable_correlation" : false ,
"object_relation" : "domain" ,
"timestamp" : "1533633829" ,
"to_ids" : true ,
"type" : "domain" ,
"uuid" : "5b69642d-4678-4b2b-99d1-4b9b950d210f" ,
"value" : "tk.u2xu2.com"
} ,
{
"category" : "Network activity" ,
"comment" : "" ,
"deleted" : false ,
"disable_correlation" : false ,
"object_relation" : "ip" ,
"timestamp" : "1533633830" ,
"to_ids" : true ,
"type" : "ip-dst" ,
"uuid" : "5b696526-330c-47b5-b795-f924950d210f" ,
"value" : "103.20.193.156"
}
]
} ,
{
"comment" : "" ,
"deleted" : false ,
"description" : "File object describing a file with meta-information" ,
"meta-category" : "file" ,
"name" : "file" ,
"template_uuid" : "688c46fb-5edb-40a3-8273-1af7923e2215" ,
"template_version" : "11" ,
"timestamp" : "1533633993" ,
"uuid" : "5b6965c9-39b4-47c1-9084-46f2950d210f" ,
"Attribute" : [
{
"category" : "Payload delivery" ,
"comment" : "" ,
"deleted" : false ,
"disable_correlation" : false ,
"object_relation" : "md5" ,
"timestamp" : "1533633993" ,
"to_ids" : true ,
"type" : "md5" ,
"uuid" : "5b6965c9-750c-4450-8fc3-4e30950d210f" ,
"value" : "83ffd697edd0089204779f5bfb031023"
} ,
{
"category" : "Other" ,
"comment" : "" ,
"deleted" : false ,
"disable_correlation" : true ,
"object_relation" : "state" ,
"timestamp" : "1533633994" ,
"to_ids" : false ,
"type" : "text" ,
"uuid" : "5b6965ca-45bc-4b68-8be2-4545950d210f" ,
"value" : "Malicious"
}
]
} ,
{
"comment" : "" ,
"deleted" : false ,
"description" : "Whois records information for a domain name or an IP address." ,
"meta-category" : "network" ,
"name" : "whois" ,
"template_uuid" : "429faea1-34ff-47af-8a00-7c62d3be5a6a" ,
"template_version" : "10" ,
"timestamp" : "1533634315" ,
"uuid" : "5b69670b-b290-44f4-a9fc-42e4950d210f" ,
"Attribute" : [
{
"category" : "Attribution" ,
"comment" : "" ,
"deleted" : false ,
"disable_correlation" : false ,
"object_relation" : "registrant-email" ,
"timestamp" : "1533634315" ,
"to_ids" : false ,
"type" : "whois-registrant-email" ,
"uuid" : "5b69670b-06c0-434e-a8f5-423b950d210f" ,
"value" : "13316874955@163.com"
} ,
{
"category" : "Network activity" ,
"comment" : "" ,
"deleted" : false ,
"disable_correlation" : false ,
"object_relation" : "ip-address" ,
"timestamp" : "1533634315" ,
"to_ids" : true ,
"type" : "ip-src" ,
"uuid" : "5b69670b-6d2c-43e0-940a-47ef950d210f" ,
"value" : "103.20.193.156"
}
]
} ,
{
"comment" : "" ,
"deleted" : false ,
"description" : "Whois records information for a domain name or an IP address." ,
"meta-category" : "network" ,
"name" : "whois" ,
"template_uuid" : "429faea1-34ff-47af-8a00-7c62d3be5a6a" ,
"template_version" : "10" ,
"timestamp" : "1533634732" ,
"uuid" : "5b6968ac-71ec-4a55-887d-47b7950d210f" ,
"Attribute" : [
{
"category" : "Network activity" ,
"comment" : "" ,
"deleted" : false ,
"disable_correlation" : false ,
"object_relation" : "domain" ,
"timestamp" : "1533634732" ,
"to_ids" : true ,
"type" : "domain" ,
"uuid" : "5b6968ac-d304-45e9-9141-4b83950d210f" ,
"value" : "cqyrxy.com"
} ,
{
"category" : "Network activity" ,
"comment" : "" ,
"deleted" : false ,
"disable_correlation" : false ,
"object_relation" : "ip-address" ,
"timestamp" : "1533634732" ,
"to_ids" : true ,
"type" : "ip-src" ,
"uuid" : "5b6968ac-1118-427b-b30b-4a82950d210f" ,
"value" : "115.126.39.107"
} ,
{
"category" : "Attribution" ,
"comment" : "" ,
"deleted" : false ,
"disable_correlation" : false ,
"object_relation" : "registrant-name" ,
"timestamp" : "1533634733" ,
"to_ids" : false ,
"type" : "whois-registrant-name" ,
"uuid" : "5b6968ad-c7d4-4c30-a301-4b78950d210f" ,
"value" : "ren minjie"
}
]
} ,
{
"comment" : "" ,
"deleted" : false ,
"description" : "Whois records information for a domain name or an IP address." ,
"meta-category" : "network" ,
"name" : "whois" ,
"template_uuid" : "429faea1-34ff-47af-8a00-7c62d3be5a6a" ,
"template_version" : "10" ,
"timestamp" : "1533634903" ,
"uuid" : "5b696957-9e2c-49d6-8bdb-4ffa950d210f" ,
"Attribute" : [
{
"category" : "Attribution" ,
"comment" : "" ,
"deleted" : false ,
"disable_correlation" : false ,
"object_relation" : "registrant-email" ,
"timestamp" : "1533634903" ,
"to_ids" : false ,
"type" : "whois-registrant-email" ,
"uuid" : "5b696957-8c18-4cd2-9113-4a5c950d210f" ,
"value" : "6060841@qq.com"
} ,
{
"category" : "Network activity" ,
"comment" : "" ,
"deleted" : false ,
"disable_correlation" : false ,
"object_relation" : "domain" ,
"timestamp" : "1533634903" ,
"to_ids" : true ,
"type" : "domain" ,
"uuid" : "5b696957-8560-4a7d-a84c-4392950d210f" ,
"value" : "drive-mail-google.com"
}
]
} ,
{
"comment" : "" ,
"deleted" : false ,
"description" : "Whois records information for a domain name or an IP address." ,
"meta-category" : "network" ,
"name" : "whois" ,
"template_uuid" : "429faea1-34ff-47af-8a00-7c62d3be5a6a" ,
"template_version" : "10" ,
"timestamp" : "1533634954" ,
"uuid" : "5b69698a-8dd8-4aab-95b3-444e950d210f" ,
"Attribute" : [
{
"category" : "Attribution" ,
"comment" : "" ,
"deleted" : false ,
"disable_correlation" : false ,
"object_relation" : "registrant-email" ,
"timestamp" : "1533634954" ,
"to_ids" : false ,
"type" : "whois-registrant-email" ,
"uuid" : "5b69698a-8e20-4a08-bb7c-4a5b950d210f" ,
"value" : "6060841@qq.com"
} ,
{
"category" : "Network activity" ,
"comment" : "" ,
"deleted" : false ,
"disable_correlation" : false ,
"object_relation" : "domain" ,
"timestamp" : "1533634955" ,
"to_ids" : true ,
"type" : "domain" ,
"uuid" : "5b69698b-20c4-49c4-ba14-4437950d210f" ,
"value" : "drive-accounts-gooogle.com"
}
]
} ,
{
"comment" : "" ,
"deleted" : false ,
"description" : "File object describing a file with meta-information" ,
"meta-category" : "file" ,
"name" : "file" ,
"template_uuid" : "688c46fb-5edb-40a3-8273-1af7923e2215" ,
"template_version" : "11" ,
"timestamp" : "1533636629" ,
"uuid" : "5b697015-cc1c-4720-8f44-442a950d210f" ,
"Attribute" : [
{
"category" : "Payload delivery" ,
"comment" : "" ,
"deleted" : false ,
"disable_correlation" : false ,
"object_relation" : "md5" ,
"timestamp" : "1533636629" ,
"to_ids" : true ,
"type" : "md5" ,
"uuid" : "5b697015-76cc-484d-868b-464c950d210f" ,
"value" : "c6e336550bd1c087ee2a211781fd9280"
} ,
{
"category" : "Other" ,
"comment" : "" ,
"deleted" : false ,
"disable_correlation" : true ,
"object_relation" : "state" ,
"timestamp" : "1533636629" ,
"to_ids" : false ,
"type" : "text" ,
"uuid" : "5b697015-4ec8-470e-b3be-4b51950d210f" ,
"value" : "Malicious"
}
]
} ,
{
"comment" : "" ,
"deleted" : false ,
"description" : "File object describing a file with meta-information" ,
"meta-category" : "file" ,
"name" : "file" ,
"template_uuid" : "688c46fb-5edb-40a3-8273-1af7923e2215" ,
"template_version" : "11" ,
"timestamp" : "1533636646" ,
"uuid" : "5b697026-b170-41b0-937d-48cb950d210f" ,
"Attribute" : [
{
"category" : "Payload delivery" ,
"comment" : "" ,
"deleted" : false ,
"disable_correlation" : false ,
"object_relation" : "md5" ,
"timestamp" : "1533636647" ,
"to_ids" : true ,
"type" : "md5" ,
"uuid" : "5b697027-7628-4a70-aa93-44e2950d210f" ,
"value" : "d4ea9027edca1d01c62d9f43a2975d30"
} ,
{
"category" : "Other" ,
"comment" : "" ,
"deleted" : false ,
"disable_correlation" : true ,
"object_relation" : "state" ,
"timestamp" : "1533636647" ,
"to_ids" : false ,
"type" : "text" ,
"uuid" : "5b697027-b3a0-4f47-8b8f-4f1f950d210f" ,
"value" : "Malicious"
}
]
} ,
{
"comment" : "" ,
"deleted" : false ,
"description" : "VirusTotal report" ,
"meta-category" : "misc" ,
"name" : "virustotal-report" ,
"template_uuid" : "d7dd0154-e04f-4c34-a2fb-79f3a3a52aa4" ,
"template_version" : "2" ,
"timestamp" : "1534250189" ,
"uuid" : "8f903648-f534-497c-8096-7eba34dfcdd4" ,
"Attribute" : [
{
"category" : "Other" ,
"comment" : "" ,
"deleted" : false ,
"disable_correlation" : false ,
"object_relation" : "last-submission" ,
"timestamp" : "1534250189" ,
"to_ids" : false ,
"type" : "datetime" ,
"uuid" : "75b563cb-40ff-4062-bcd1-d850e8b003b2" ,
"value" : "2018-07-05T10:54:06"
} ,
{
"category" : "External analysis" ,
"comment" : "" ,
"deleted" : false ,
"disable_correlation" : false ,
"object_relation" : "permalink" ,
"timestamp" : "1534250190" ,
"to_ids" : false ,
"type" : "link" ,
"uuid" : "471715ec-3776-45f7-8724-492559aa6773" ,
"value" : "https://www.virustotal.com/file/b1fe92e04de787bf222847ed889695f26277789b05fa389406a6c380be5d8376/analysis/1530788046/"
} ,
{
"category" : "Other" ,
"comment" : "" ,
"deleted" : false ,
"disable_correlation" : true ,
"object_relation" : "detection-ratio" ,
"timestamp" : "1534250190" ,
"to_ids" : false ,
"type" : "text" ,
"uuid" : "afa8f64a-5c41-4303-a067-340cee586424" ,
"value" : "43/68"
}
]
} ,
{
"comment" : "" ,
"deleted" : false ,
"description" : "VirusTotal report" ,
"meta-category" : "misc" ,
"name" : "virustotal-report" ,
"template_uuid" : "d7dd0154-e04f-4c34-a2fb-79f3a3a52aa4" ,
"template_version" : "2" ,
"timestamp" : "1534250190" ,
"uuid" : "280dd6e1-9ba8-47a3-9b6d-0249ed9e5c63" ,
"Attribute" : [
{
"category" : "Other" ,
"comment" : "" ,
"deleted" : false ,
"disable_correlation" : false ,
"object_relation" : "last-submission" ,
"timestamp" : "1534250190" ,
"to_ids" : false ,
"type" : "datetime" ,
"uuid" : "ac377751-3114-40cb-81b4-acfaa910e898" ,
"value" : "2018-07-05T10:54:46"
} ,
{
"category" : "External analysis" ,
"comment" : "" ,
"deleted" : false ,
"disable_correlation" : false ,
"object_relation" : "permalink" ,
"timestamp" : "1534250191" ,
"to_ids" : false ,
"type" : "link" ,
"uuid" : "c2e4a91e-cd71-4894-8da1-b955fcabc837" ,
"value" : "https://www.virustotal.com/file/25445c91f232b6c3ca3ec30fa1ef2f168ddff276ce3f15f9d8eb4f8b1d19a0ca/analysis/1530788086/"
} ,
{
"category" : "Other" ,
"comment" : "" ,
"deleted" : false ,
"disable_correlation" : true ,
"object_relation" : "detection-ratio" ,
"timestamp" : "1534250191" ,
"to_ids" : false ,
"type" : "text" ,
"uuid" : "06841d51-e4b1-477b-8385-bf774915accc" ,
"value" : "41/66"
}
]
} ,
{
"comment" : "" ,
"deleted" : false ,
"description" : "VirusTotal report" ,
"meta-category" : "misc" ,
"name" : "virustotal-report" ,
"template_uuid" : "d7dd0154-e04f-4c34-a2fb-79f3a3a52aa4" ,
"template_version" : "2" ,
"timestamp" : "1534250191" ,
"uuid" : "e0407f5c-72da-4b58-8ae9-627189b8808d" ,
"Attribute" : [
{
"category" : "Other" ,
"comment" : "" ,
"deleted" : false ,
"disable_correlation" : false ,
"object_relation" : "last-submission" ,
"timestamp" : "1534250191" ,
"to_ids" : false ,
"type" : "datetime" ,
"uuid" : "a32635f7-ed70-4cb9-8b8e-99865d2631aa" ,
"value" : "2018-08-08T00:29:46"
} ,
{
"category" : "External analysis" ,
"comment" : "" ,
"deleted" : false ,
"disable_correlation" : false ,
"object_relation" : "permalink" ,
"timestamp" : "1534250192" ,
"to_ids" : false ,
"type" : "link" ,
"uuid" : "22d24b16-6991-437a-9d86-e487cc42a4e6" ,
"value" : "https://www.virustotal.com/file/30e628bfbf80a8cb432b679fdeaccbe3c0ab7eaee8d0899fba7a16853abf35b9/analysis/1533688186/"
} ,
{
"category" : "Other" ,
"comment" : "" ,
"deleted" : false ,
"disable_correlation" : true ,
"object_relation" : "detection-ratio" ,
"timestamp" : "1534250192" ,
"to_ids" : false ,
"type" : "text" ,
"uuid" : "c6aac747-6dd5-4712-a7b8-2ed5a0526323" ,
"value" : "49/68"
}
]
} ,
{
"comment" : "" ,
"deleted" : false ,
"description" : "VirusTotal report" ,
"meta-category" : "misc" ,
"name" : "virustotal-report" ,
"template_uuid" : "d7dd0154-e04f-4c34-a2fb-79f3a3a52aa4" ,
"template_version" : "2" ,
"timestamp" : "1534250192" ,
"uuid" : "5c696617-e214-4531-a91a-45aee2b893ed" ,
"Attribute" : [
{
"category" : "Other" ,
"comment" : "" ,
"deleted" : false ,
"disable_correlation" : false ,
"object_relation" : "last-submission" ,
"timestamp" : "1534250192" ,
"to_ids" : false ,
"type" : "datetime" ,
"uuid" : "4cf28e26-60e2-4d7b-a15f-39b145132431" ,
"value" : "2018-08-08T00:48:00"
} ,
{
"category" : "External analysis" ,
"comment" : "" ,
"deleted" : false ,
"disable_correlation" : false ,
"object_relation" : "permalink" ,
"timestamp" : "1534250193" ,
"to_ids" : false ,
"type" : "link" ,
"uuid" : "e15793af-bb6d-4a2d-a804-4c95fa23d290" ,
"value" : "https://www.virustotal.com/file/d4c94b5fed3293f9474de519b6ef232070b38a07e924d0dee13eac728fdac26d/analysis/1533689280/"
} ,
{
"category" : "Other" ,
"comment" : "" ,
"deleted" : false ,
"disable_correlation" : true ,
"object_relation" : "detection-ratio" ,
"timestamp" : "1534250193" ,
"to_ids" : false ,
"type" : "text" ,
"uuid" : "90b0702d-0975-4f6a-b449-a80d8493d9d9" ,
"value" : "51/68"
}
]
} ,
{
"comment" : "" ,
"deleted" : false ,
"description" : "File object describing a file with meta-information" ,
"meta-category" : "file" ,
"name" : "file" ,
"template_uuid" : "688c46fb-5edb-40a3-8273-1af7923e2215" ,
"template_version" : "11" ,
"timestamp" : "1534250196" ,
"uuid" : "b0e324d4-65be-418a-a8f8-735564d00606" ,
"ObjectReference" : [
{
"comment" : "" ,
"object_uuid" : "b0e324d4-65be-418a-a8f8-735564d00606" ,
"referenced_uuid" : "a9c8e203-1200-4950-8f13-6732275ea6ad" ,
2023-04-21 13:25:09 +00:00
"relationship_type" : "analysed-with" ,
2023-12-14 14:30:15 +00:00
"timestamp" : "1534250213" ,
"uuid" : "5b72cce5-5138-4742-810f-4c1802de0b81"
}
] ,
"Attribute" : [
{
"category" : "Payload delivery" ,
"comment" : "" ,
"deleted" : false ,
"disable_correlation" : false ,
"object_relation" : "md5" ,
"timestamp" : "1534250194" ,
"to_ids" : true ,
"type" : "md5" ,
"uuid" : "41ebe380-6455-4b98-a210-a546c40b04d1" ,
"value" : "c6e336550bd1c087ee2a211781fd9280"
} ,
{
"category" : "Payload delivery" ,
"comment" : "" ,
"deleted" : false ,
"disable_correlation" : false ,
"object_relation" : "sha1" ,
"timestamp" : "1534250194" ,
"to_ids" : true ,
"type" : "sha1" ,
"uuid" : "591553f5-a608-4682-86d3-b1417ef0c659" ,
"value" : "ebedaa84b473d939ba91e2dff7b47e8c0d5716b2"
} ,
{
"category" : "Payload delivery" ,
"comment" : "" ,
"deleted" : false ,
"disable_correlation" : false ,
"object_relation" : "sha256" ,
"timestamp" : "1534250194" ,
"to_ids" : true ,
"type" : "sha256" ,
"uuid" : "c2cae92d-c676-4c70-8d8f-d154446b3ce8" ,
"value" : "7354fd9fdb07f2509f8dab3bb23df53e21dd02ab2a4745d27eddb4caeaf5be14"
}
]
} ,
{
"comment" : "" ,
"deleted" : false ,
"description" : "VirusTotal report" ,
"meta-category" : "misc" ,
"name" : "virustotal-report" ,
"template_uuid" : "d7dd0154-e04f-4c34-a2fb-79f3a3a52aa4" ,
"template_version" : "2" ,
"timestamp" : "1534250195" ,
"uuid" : "a9c8e203-1200-4950-8f13-6732275ea6ad" ,
"Attribute" : [
{
"category" : "Other" ,
"comment" : "" ,
"deleted" : false ,
"disable_correlation" : false ,
"object_relation" : "last-submission" ,
"timestamp" : "1534250195" ,
"to_ids" : false ,
"type" : "datetime" ,
"uuid" : "778d6594-3b6f-4855-b1de-cf1221a1b205" ,
"value" : "2018-07-05T10:54:51"
} ,
{
"category" : "External analysis" ,
"comment" : "" ,
"deleted" : false ,
"disable_correlation" : false ,
"object_relation" : "permalink" ,
"timestamp" : "1534250195" ,
"to_ids" : false ,
"type" : "link" ,
"uuid" : "4530a287-d37f-41e5-8a0e-2f5666455b9a" ,
"value" : "https://www.virustotal.com/file/7354fd9fdb07f2509f8dab3bb23df53e21dd02ab2a4745d27eddb4caeaf5be14/analysis/1530788091/"
} ,
{
"category" : "Other" ,
"comment" : "" ,
"deleted" : false ,
"disable_correlation" : true ,
"object_relation" : "detection-ratio" ,
"timestamp" : "1534250196" ,
"to_ids" : false ,
"type" : "text" ,
"uuid" : "7b7b3c82-0a1a-4738-a570-ba1bb99065b2" ,
"value" : "38/67"
}
]
} ,
{
"comment" : "" ,
"deleted" : false ,
"description" : "File object describing a file with meta-information" ,
"meta-category" : "file" ,
"name" : "file" ,
"template_uuid" : "688c46fb-5edb-40a3-8273-1af7923e2215" ,
"template_version" : "11" ,
"timestamp" : "1534250199" ,
"uuid" : "6321945e-cf4b-4c2b-947f-c7d5cf1d6bb8" ,
"ObjectReference" : [
{
"comment" : "" ,
"object_uuid" : "6321945e-cf4b-4c2b-947f-c7d5cf1d6bb8" ,
"referenced_uuid" : "21992a3f-2d25-4b0d-847d-154ab2829796" ,
2023-04-21 13:25:09 +00:00
"relationship_type" : "analysed-with" ,
2023-12-14 14:30:15 +00:00
"timestamp" : "1534250213" ,
"uuid" : "5b72cce5-3354-437b-9d48-48ba02de0b81"
}
] ,
"Attribute" : [
{
"category" : "Payload delivery" ,
"comment" : "" ,
"deleted" : false ,
"disable_correlation" : false ,
"object_relation" : "md5" ,
"timestamp" : "1534250196" ,
"to_ids" : true ,
"type" : "md5" ,
"uuid" : "cd2278e2-6d36-4913-b3e4-73fbfe2bb0ff" ,
"value" : "1929db297c9d7d88a6427b8603a7145b"
} ,
{
"category" : "Payload delivery" ,
"comment" : "" ,
"deleted" : false ,
"disable_correlation" : false ,
"object_relation" : "sha1" ,
"timestamp" : "1534250196" ,
"to_ids" : true ,
"type" : "sha1" ,
"uuid" : "b8096a43-81d2-42fe-9d2a-c0dda13617d8" ,
"value" : "f3ebba32e13b355e301d310cc63fbd799787f6c2"
} ,
{
"category" : "Payload delivery" ,
"comment" : "" ,
"deleted" : false ,
"disable_correlation" : false ,
"object_relation" : "sha256" ,
"timestamp" : "1534250197" ,
"to_ids" : true ,
"type" : "sha256" ,
"uuid" : "33b0759c-f78a-4c06-9706-52c01d073457" ,
"value" : "aa91afdab184f05495cb3cdd9ff71110b000fbb3480f2108d2522a999ff4e9dd"
}
]
} ,
{
"comment" : "" ,
"deleted" : false ,
"description" : "VirusTotal report" ,
"meta-category" : "misc" ,
"name" : "virustotal-report" ,
"template_uuid" : "d7dd0154-e04f-4c34-a2fb-79f3a3a52aa4" ,
"template_version" : "2" ,
"timestamp" : "1534250197" ,
"uuid" : "21992a3f-2d25-4b0d-847d-154ab2829796" ,
"Attribute" : [
{
"category" : "Other" ,
"comment" : "" ,
"deleted" : false ,
"disable_correlation" : false ,
"object_relation" : "last-submission" ,
"timestamp" : "1534250197" ,
"to_ids" : false ,
"type" : "datetime" ,
"uuid" : "82312aee-19bb-46da-8cf8-9d180b42ae54" ,
"value" : "2018-08-08T00:25:06"
} ,
{
"category" : "External analysis" ,
"comment" : "" ,
"deleted" : false ,
"disable_correlation" : false ,
"object_relation" : "permalink" ,
"timestamp" : "1534250198" ,
"to_ids" : false ,
"type" : "link" ,
"uuid" : "89a63c2c-369a-4ebf-8a4d-aef203be5d31" ,
"value" : "https://www.virustotal.com/file/aa91afdab184f05495cb3cdd9ff71110b000fbb3480f2108d2522a999ff4e9dd/analysis/1533687906/"
} ,
{
"category" : "Other" ,
"comment" : "" ,
"deleted" : false ,
"disable_correlation" : true ,
"object_relation" : "detection-ratio" ,
"timestamp" : "1534250198" ,
"to_ids" : false ,
"type" : "text" ,
"uuid" : "bef9095d-e1a6-4490-afed-46a607ef4ada" ,
"value" : "24/60"
}
]
} ,
{
"comment" : "" ,
"deleted" : false ,
"description" : "VirusTotal report" ,
"meta-category" : "misc" ,
"name" : "virustotal-report" ,
"template_uuid" : "d7dd0154-e04f-4c34-a2fb-79f3a3a52aa4" ,
"template_version" : "2" ,
"timestamp" : "1534250198" ,
"uuid" : "8b4dbb0e-58a1-4630-be3d-83e95966a6cf" ,
"Attribute" : [
{
"category" : "Other" ,
"comment" : "" ,
"deleted" : false ,
"disable_correlation" : false ,
"object_relation" : "last-submission" ,
"timestamp" : "1534250199" ,
"to_ids" : false ,
"type" : "datetime" ,
"uuid" : "777aad28-4b29-4948-95a3-1299b7d2071e" ,
"value" : "2018-07-05T10:53:56"
} ,
{
"category" : "External analysis" ,
"comment" : "" ,
"deleted" : false ,
"disable_correlation" : false ,
"object_relation" : "permalink" ,
"timestamp" : "1534250199" ,
"to_ids" : false ,
"type" : "link" ,
"uuid" : "6f7d201e-e079-4834-a62a-4239770943f4" ,
"value" : "https://www.virustotal.com/file/e8b8e4d8694600116b0d7d6062d8f5b77f25e69e993f13be56399cadf175e512/analysis/1530788036/"
} ,
{
"category" : "Other" ,
"comment" : "" ,
"deleted" : false ,
"disable_correlation" : true ,
"object_relation" : "detection-ratio" ,
"timestamp" : "1534250200" ,
"to_ids" : false ,
"type" : "text" ,
"uuid" : "72c46566-7c5f-412c-83ed-f69f6c0a5ce7" ,
"value" : "47/67"
}
]
} ,
{
"comment" : "" ,
"deleted" : false ,
"description" : "File object describing a file with meta-information" ,
"meta-category" : "file" ,
"name" : "file" ,
"template_uuid" : "688c46fb-5edb-40a3-8273-1af7923e2215" ,
"template_version" : "11" ,
"timestamp" : "1534250203" ,
"uuid" : "d9a8f64e-5cb6-4a6a-8db2-f3f6beee6f8f" ,
"ObjectReference" : [
{
"comment" : "" ,
"object_uuid" : "d9a8f64e-5cb6-4a6a-8db2-f3f6beee6f8f" ,
"referenced_uuid" : "7771644b-6de2-4a18-bc5f-c30dad0bd508" ,
2023-04-21 13:25:09 +00:00
"relationship_type" : "analysed-with" ,
2023-12-14 14:30:15 +00:00
"timestamp" : "1534250213" ,
"uuid" : "5b72cce5-8e98-49cb-9925-436f02de0b81"
}
] ,
"Attribute" : [
{
"category" : "Payload delivery" ,
"comment" : "" ,
"deleted" : false ,
"disable_correlation" : false ,
"object_relation" : "md5" ,
"timestamp" : "1534250200" ,
"to_ids" : true ,
"type" : "md5" ,
"uuid" : "9f90de6a-6f19-4d6a-90c1-b9e0d9277f7f" ,
"value" : "d4ea9027edca1d01c62d9f43a2975d30"
} ,
{
"category" : "Payload delivery" ,
"comment" : "" ,
"deleted" : false ,
"disable_correlation" : false ,
"object_relation" : "sha1" ,
"timestamp" : "1534250200" ,
"to_ids" : true ,
"type" : "sha1" ,
"uuid" : "44ecda96-11b1-45c9-b84d-a51fa232952a" ,
"value" : "0163c73acebe691907f4100321dbbefc95a0da49"
} ,
{
"category" : "Payload delivery" ,
"comment" : "" ,
"deleted" : false ,
"disable_correlation" : false ,
"object_relation" : "sha256" ,
"timestamp" : "1534250201" ,
"to_ids" : true ,
"type" : "sha256" ,
"uuid" : "9cfcbaef-d000-49a0-b66b-d2221cce2e02" ,
"value" : "8ddb7c0fdf7206441dfd999c49d1113b55e8b0d91de4205e39225d20ae8e567d"
}
]
} ,
{
"comment" : "" ,
"deleted" : false ,
"description" : "VirusTotal report" ,
"meta-category" : "misc" ,
"name" : "virustotal-report" ,
"template_uuid" : "d7dd0154-e04f-4c34-a2fb-79f3a3a52aa4" ,
"template_version" : "2" ,
"timestamp" : "1534250201" ,
"uuid" : "7771644b-6de2-4a18-bc5f-c30dad0bd508" ,
"Attribute" : [
{
"category" : "Other" ,
"comment" : "" ,
"deleted" : false ,
"disable_correlation" : false ,
"object_relation" : "last-submission" ,
"timestamp" : "1534250201" ,
"to_ids" : false ,
"type" : "datetime" ,
"uuid" : "98d5ca3c-7c60-4fde-a810-07b50e3432bd" ,
"value" : "2018-07-25T21:34:14"
} ,
{
"category" : "External analysis" ,
"comment" : "" ,
"deleted" : false ,
"disable_correlation" : false ,
"object_relation" : "permalink" ,
"timestamp" : "1534250202" ,
"to_ids" : false ,
"type" : "link" ,
"uuid" : "5183e393-9731-466d-9aa0-837301040fd9" ,
"value" : "https://www.virustotal.com/file/8ddb7c0fdf7206441dfd999c49d1113b55e8b0d91de4205e39225d20ae8e567d/analysis/1532554454/"
} ,
{
"category" : "Other" ,
"comment" : "" ,
"deleted" : false ,
"disable_correlation" : true ,
"object_relation" : "detection-ratio" ,
"timestamp" : "1534250202" ,
"to_ids" : false ,
"type" : "text" ,
"uuid" : "dc6a8dd9-5875-4eea-9ff1-a01509cc81ef" ,
"value" : "0/61"
}
]
} ,
{
"comment" : "" ,
"deleted" : false ,
"description" : "File object describing a file with meta-information" ,
"meta-category" : "file" ,
"name" : "file" ,
"template_uuid" : "688c46fb-5edb-40a3-8273-1af7923e2215" ,
"template_version" : "11" ,
"timestamp" : "1534250205" ,
"uuid" : "304084df-e41e-4456-88e4-353baeb7d839" ,
"ObjectReference" : [
{
"comment" : "" ,
"object_uuid" : "304084df-e41e-4456-88e4-353baeb7d839" ,
"referenced_uuid" : "40e4d320-c62e-4322-ae15-b20e3369832d" ,
2023-04-21 13:25:09 +00:00
"relationship_type" : "analysed-with" ,
2023-12-14 14:30:15 +00:00
"timestamp" : "1534250214" ,
"uuid" : "5b72cce6-b710-469e-a3a1-424a02de0b81"
}
] ,
"Attribute" : [
{
"category" : "Payload delivery" ,
"comment" : "" ,
"deleted" : false ,
"disable_correlation" : false ,
"object_relation" : "md5" ,
"timestamp" : "1534250202" ,
"to_ids" : true ,
"type" : "md5" ,
"uuid" : "c7f7d737-4513-4cf0-a05a-eb1697d7e753" ,
"value" : "83ffd697edd0089204779f5bfb031023"
} ,
{
"category" : "Payload delivery" ,
"comment" : "" ,
"deleted" : false ,
"disable_correlation" : false ,
"object_relation" : "sha1" ,
"timestamp" : "1534250202" ,
"to_ids" : true ,
"type" : "sha1" ,
"uuid" : "23a4113c-b45c-4c5d-9394-e656b3e730d9" ,
"value" : "c2862a30d486297a005915421f75703ae9b35223"
} ,
{
"category" : "Payload delivery" ,
"comment" : "" ,
"deleted" : false ,
"disable_correlation" : false ,
"object_relation" : "sha256" ,
"timestamp" : "1534250203" ,
"to_ids" : true ,
"type" : "sha256" ,
"uuid" : "5ae38128-5e0b-4cb5-b8a5-ef05ad2b91e2" ,
"value" : "9cdaad7554b1b39fdaf0e5f0ad41e7006d36e0f9791dc9c1cf3d50b73f6ca907"
}
]
} ,
{
"comment" : "" ,
"deleted" : false ,
"description" : "VirusTotal report" ,
"meta-category" : "misc" ,
"name" : "virustotal-report" ,
"template_uuid" : "d7dd0154-e04f-4c34-a2fb-79f3a3a52aa4" ,
"template_version" : "2" ,
"timestamp" : "1534250203" ,
"uuid" : "40e4d320-c62e-4322-ae15-b20e3369832d" ,
"Attribute" : [
{
"category" : "Other" ,
"comment" : "" ,
"deleted" : false ,
"disable_correlation" : false ,
"object_relation" : "last-submission" ,
"timestamp" : "1534250203" ,
"to_ids" : false ,
"type" : "datetime" ,
"uuid" : "33d0f34d-43c8-4cb4-9b8a-689c381d498d" ,
"value" : "2018-07-23T12:02:40"
} ,
{
"category" : "External analysis" ,
"comment" : "" ,
"deleted" : false ,
"disable_correlation" : false ,
"object_relation" : "permalink" ,
"timestamp" : "1534250204" ,
"to_ids" : false ,
"type" : "link" ,
"uuid" : "dcf618e1-7785-4bec-92e0-c53e9a9554b3" ,
"value" : "https://www.virustotal.com/file/9cdaad7554b1b39fdaf0e5f0ad41e7006d36e0f9791dc9c1cf3d50b73f6ca907/analysis/1532347360/"
} ,
{
"category" : "Other" ,
"comment" : "" ,
"deleted" : false ,
"disable_correlation" : true ,
"object_relation" : "detection-ratio" ,
"timestamp" : "1534250204" ,
"to_ids" : false ,
"type" : "text" ,
"uuid" : "aebf6ce8-ce50-465c-a45f-128529204545" ,
"value" : "41/68"
}
]
} ,
{
"comment" : "" ,
"deleted" : false ,
"description" : "VirusTotal report" ,
"meta-category" : "misc" ,
"name" : "virustotal-report" ,
"template_uuid" : "d7dd0154-e04f-4c34-a2fb-79f3a3a52aa4" ,
"template_version" : "2" ,
"timestamp" : "1534250204" ,
"uuid" : "589e9254-4f90-490a-bc8c-fdea36be01b3" ,
"Attribute" : [
{
"category" : "Other" ,
"comment" : "" ,
"deleted" : false ,
"disable_correlation" : false ,
"object_relation" : "last-submission" ,
"timestamp" : "1534250205" ,
"to_ids" : false ,
"type" : "datetime" ,
"uuid" : "bf1f3939-4ec3-4333-a357-2fea7066bcbb" ,
"value" : "2018-07-05T10:54:21"
} ,
{
"category" : "External analysis" ,
"comment" : "" ,
"deleted" : false ,
"disable_correlation" : false ,
"object_relation" : "permalink" ,
"timestamp" : "1534250205" ,
"to_ids" : false ,
"type" : "link" ,
"uuid" : "026a9339-6f67-4387-9edf-194aea014a88" ,
"value" : "https://www.virustotal.com/file/da25eb5db338f6ac42e0e48065c41fded56e14c6271d6cb5f6ae5fc23d5c38a8/analysis/1530788061/"
} ,
{
"category" : "Other" ,
"comment" : "" ,
"deleted" : false ,
"disable_correlation" : true ,
"object_relation" : "detection-ratio" ,
"timestamp" : "1534250205" ,
"to_ids" : false ,
"type" : "text" ,
"uuid" : "9aa50299-3e3e-4f06-bba1-c9a42b6b1289" ,
"value" : "51/67"
}
]
} ,
{
"comment" : "" ,
"deleted" : false ,
"description" : "VirusTotal report" ,
"meta-category" : "misc" ,
"name" : "virustotal-report" ,
"template_uuid" : "d7dd0154-e04f-4c34-a2fb-79f3a3a52aa4" ,
"template_version" : "2" ,
"timestamp" : "1534250205" ,
"uuid" : "71e73500-e019-4027-8696-5f48e8e0fd38" ,
"Attribute" : [
{
"category" : "Other" ,
"comment" : "" ,
"deleted" : false ,
"disable_correlation" : false ,
"object_relation" : "last-submission" ,
"timestamp" : "1534250206" ,
"to_ids" : false ,
"type" : "datetime" ,
"uuid" : "daa79b42-ca0d-4e2b-ab63-11a84ee71104" ,
"value" : "2018-08-08T00:46:50"
} ,
{
"category" : "External analysis" ,
"comment" : "" ,
"deleted" : false ,
"disable_correlation" : false ,
"object_relation" : "permalink" ,
"timestamp" : "1534250206" ,
"to_ids" : false ,
"type" : "link" ,
"uuid" : "cb2216af-140c-4ca2-8286-8c27cd5055c8" ,
"value" : "https://www.virustotal.com/file/1967bd2047fd9dabe3d95bdaee7c8e7f8d5bd0e378968a634e157ec4d72db17c/analysis/1533689210/"
} ,
{
"category" : "Other" ,
"comment" : "" ,
"deleted" : false ,
"disable_correlation" : true ,
"object_relation" : "detection-ratio" ,
"timestamp" : "1534250206" ,
"to_ids" : false ,
"type" : "text" ,
"uuid" : "3f2ba997-79c0-4973-90f8-280d414805f1" ,
"value" : "56/67"
}
]
} ,
{
"comment" : "" ,
"deleted" : false ,
"description" : "VirusTotal report" ,
"meta-category" : "misc" ,
"name" : "virustotal-report" ,
"template_uuid" : "d7dd0154-e04f-4c34-a2fb-79f3a3a52aa4" ,
"template_version" : "2" ,
"timestamp" : "1534250206" ,
"uuid" : "7e3abe32-cfe8-485f-a22b-7e2989d16ffa" ,
"Attribute" : [
{
"category" : "Other" ,
"comment" : "" ,
"deleted" : false ,
"disable_correlation" : false ,
"object_relation" : "last-submission" ,
"timestamp" : "1534250206" ,
"to_ids" : false ,
"type" : "datetime" ,
"uuid" : "a4c73e44-0dac-4016-a40c-6c422ce1041b" ,
"value" : "2018-08-08T00:52:12"
} ,
{
"category" : "External analysis" ,
"comment" : "" ,
"deleted" : false ,
"disable_correlation" : false ,
"object_relation" : "permalink" ,
"timestamp" : "1534250207" ,
"to_ids" : false ,
"type" : "link" ,
"uuid" : "05f75ddc-2a93-4453-a9af-d3d9e6b8139a" ,
"value" : "https://www.virustotal.com/file/d5c38ea22a4caad56490c6fae7605117dcbea771caef55a4d8072640be1727c5/analysis/1533689532/"
} ,
{
"category" : "Other" ,
"comment" : "" ,
"deleted" : false ,
"disable_correlation" : true ,
"object_relation" : "detection-ratio" ,
"timestamp" : "1534250207" ,
"to_ids" : false ,
"type" : "text" ,
"uuid" : "551d7e5c-1f9b-4c34-85f6-8bd7bc16df9c" ,
"value" : "46/67"
}
]
} ,
{
"comment" : "" ,
"deleted" : false ,
"description" : "VirusTotal report" ,
"meta-category" : "misc" ,
"name" : "virustotal-report" ,
"template_uuid" : "d7dd0154-e04f-4c34-a2fb-79f3a3a52aa4" ,
"template_version" : "2" ,
"timestamp" : "1534250207" ,
"uuid" : "6c1f2aee-af3d-4af0-a272-8aef0d5da562" ,
"Attribute" : [
{
"category" : "Other" ,
"comment" : "" ,
"deleted" : false ,
"disable_correlation" : false ,
"object_relation" : "last-submission" ,
"timestamp" : "1534250207" ,
"to_ids" : false ,
"type" : "datetime" ,
"uuid" : "deffbcff-7552-4ba9-a3de-2c2d42dd124e" ,
"value" : "2018-08-03T00:10:07"
} ,
{
"category" : "External analysis" ,
"comment" : "" ,
"deleted" : false ,
"disable_correlation" : false ,
"object_relation" : "permalink" ,
"timestamp" : "1534250208" ,
"to_ids" : false ,
"type" : "link" ,
"uuid" : "903ad04e-95ce-4294-a54d-619a30d55c09" ,
"value" : "https://www.virustotal.com/file/e94284e487e59b53efab9d4584fca766883b916118c9a8ff59514087555e9a8e/analysis/1533255007/"
} ,
{
"category" : "Other" ,
"comment" : "" ,
"deleted" : false ,
"disable_correlation" : true ,
"object_relation" : "detection-ratio" ,
"timestamp" : "1534250208" ,
"to_ids" : false ,
"type" : "text" ,
"uuid" : "451dbe9e-271c-4fd7-9f0e-fd0f5312e2c7" ,
"value" : "47/67"
}
]
} ,
{
"comment" : "" ,
"deleted" : false ,
"description" : "VirusTotal report" ,
"meta-category" : "misc" ,
"name" : "virustotal-report" ,
"template_uuid" : "d7dd0154-e04f-4c34-a2fb-79f3a3a52aa4" ,
"template_version" : "2" ,
"timestamp" : "1534250208" ,
"uuid" : "4c58e35e-3b4a-4afb-9a3d-19b650bc2f6e" ,
"Attribute" : [
{
"category" : "Other" ,
"comment" : "" ,
"deleted" : false ,
"disable_correlation" : false ,
"object_relation" : "last-submission" ,
"timestamp" : "1534250208" ,
"to_ids" : false ,
"type" : "datetime" ,
"uuid" : "54d361e2-c296-49da-a4be-a50848f24982" ,
"value" : "2018-08-08T00:51:25"
} ,
{
"category" : "External analysis" ,
"comment" : "" ,
"deleted" : false ,
"disable_correlation" : false ,
"object_relation" : "permalink" ,
"timestamp" : "1534250209" ,
"to_ids" : false ,
"type" : "link" ,
"uuid" : "c2563df5-adf7-421b-87c9-cfdd9a5cd842" ,
"value" : "https://www.virustotal.com/file/50a28a8ebc68b6c608a073278fbb4255912bf41fd0970192d439097af4670f81/analysis/1533689485/"
} ,
{
"category" : "Other" ,
"comment" : "" ,
"deleted" : false ,
"disable_correlation" : true ,
"object_relation" : "detection-ratio" ,
"timestamp" : "1534250209" ,
"to_ids" : false ,
"type" : "text" ,
"uuid" : "c45c27d0-e143-4d53-b466-6baf239f345d" ,
"value" : "51/67"
}
]
} ,
{
"comment" : "" ,
"deleted" : false ,
"description" : "VirusTotal report" ,
"meta-category" : "misc" ,
"name" : "virustotal-report" ,
"template_uuid" : "d7dd0154-e04f-4c34-a2fb-79f3a3a52aa4" ,
"template_version" : "2" ,
"timestamp" : "1534250209" ,
"uuid" : "bf7d4471-6524-4cdd-821d-63b550a8d3c7" ,
"Attribute" : [
{
"category" : "Other" ,
"comment" : "" ,
"deleted" : false ,
"disable_correlation" : false ,
"object_relation" : "last-submission" ,
"timestamp" : "1534250209" ,
"to_ids" : false ,
"type" : "datetime" ,
"uuid" : "60642d41-e70f-4883-a8de-19c025106808" ,
"value" : "2018-08-08T00:32:51"
} ,
{
"category" : "External analysis" ,
"comment" : "" ,
"deleted" : false ,
"disable_correlation" : false ,
"object_relation" : "permalink" ,
"timestamp" : "1534250210" ,
"to_ids" : false ,
"type" : "link" ,
"uuid" : "f19c2bd6-eb00-43ee-9aa5-9b9986ecce34" ,
"value" : "https://www.virustotal.com/file/02bf5fdb11eee6ede01cc061206fe98f60a6b5c90ffead31e8f0a87ccfa414ef/analysis/1533688371/"
} ,
{
"category" : "Other" ,
"comment" : "" ,
"deleted" : false ,
"disable_correlation" : true ,
"object_relation" : "detection-ratio" ,
"timestamp" : "1534250210" ,
"to_ids" : false ,
"type" : "text" ,
"uuid" : "60267fd9-e404-424b-8019-da9bc7560f51" ,
"value" : "40/60"
}
]
} ,
{
"comment" : "" ,
"deleted" : false ,
"description" : "VirusTotal report" ,
"meta-category" : "misc" ,
"name" : "virustotal-report" ,
"template_uuid" : "d7dd0154-e04f-4c34-a2fb-79f3a3a52aa4" ,
"template_version" : "2" ,
"timestamp" : "1534250210" ,
"uuid" : "b5a9119a-4fae-4d63-8679-c0fcbe967f1c" ,
"Attribute" : [
{
"category" : "Other" ,
"comment" : "" ,
"deleted" : false ,
"disable_correlation" : false ,
"object_relation" : "last-submission" ,
"timestamp" : "1534250210" ,
"to_ids" : false ,
"type" : "datetime" ,
"uuid" : "aa3de294-1dc1-41bd-b1f4-370ca5bf2fd6" ,
"value" : "2018-07-05T10:53:51"
} ,
{
"category" : "External analysis" ,
"comment" : "" ,
"deleted" : false ,
"disable_correlation" : false ,
"object_relation" : "permalink" ,
"timestamp" : "1534250211" ,
"to_ids" : false ,
"type" : "link" ,
"uuid" : "7f22d474-a70c-470a-9ac9-c8631ca9848f" ,
"value" : "https://www.virustotal.com/file/d0d02f811f7c07301e91536f2e1d908c1e67e68d89afbd2bc5bfa2cc747e67ec/analysis/1530788031/"
} ,
{
"category" : "Other" ,
"comment" : "" ,
"deleted" : false ,
"disable_correlation" : true ,
"object_relation" : "detection-ratio" ,
"timestamp" : "1534250211" ,
"to_ids" : false ,
"type" : "text" ,
"uuid" : "39546021-dba9-455b-bc52-7c06b92d3707" ,
"value" : "28/66"
}
]
} ,
{
"comment" : "" ,
"deleted" : false ,
"description" : "VirusTotal report" ,
"meta-category" : "misc" ,
"name" : "virustotal-report" ,
"template_uuid" : "d7dd0154-e04f-4c34-a2fb-79f3a3a52aa4" ,
"template_version" : "2" ,
"timestamp" : "1534250211" ,
"uuid" : "3ed9a824-86f6-44c8-addb-00ba19e4b915" ,
"Attribute" : [
{
"category" : "Other" ,
"comment" : "" ,
"deleted" : false ,
"disable_correlation" : false ,
"object_relation" : "last-submission" ,
"timestamp" : "1534250211" ,
"to_ids" : false ,
"type" : "datetime" ,
"uuid" : "03c95ebb-bf6d-424e-8f1d-bdd3efeaab83" ,
"value" : "2018-07-05T10:54:11"
} ,
{
"category" : "External analysis" ,
"comment" : "" ,
"deleted" : false ,
"disable_correlation" : false ,
"object_relation" : "permalink" ,
"timestamp" : "1534250212" ,
"to_ids" : false ,
"type" : "link" ,
"uuid" : "6630d978-a6e1-4ea1-be98-527448caba04" ,
"value" : "https://www.virustotal.com/file/293d5d84b2d4c4398e9e420c16c04dddf62132cd59cf7519109c6718c288adf3/analysis/1530788051/"
} ,
{
"category" : "Other" ,
"comment" : "" ,
"deleted" : false ,
"disable_correlation" : true ,
"object_relation" : "detection-ratio" ,
"timestamp" : "1534250212" ,
"to_ids" : false ,
"type" : "text" ,
"uuid" : "8484bea3-c438-41ff-a461-458d1b85d880" ,
"value" : "43/67"
}
]
}
2023-04-21 13:25:09 +00:00
]
2023-12-14 14:30:15 +00:00
}
2023-04-21 13:25:09 +00:00
}