misp-circl-feed/feeds/circl/misp/7360197a-48e6-4792-b7c6-5d616d5c79c9.json

8771 lines
4.9 MiB
JSON
Raw Permalink Normal View History

2023-04-21 13:25:09 +00:00
{
2023-12-14 14:30:15 +00:00
"Event": {
"analysis": "0",
"date": "2022-09-12",
"extends_uuid": "",
"info": "Hezb cryptomining malware",
"publish_timestamp": "1664444139",
"published": true,
"threat_level_id": "2",
"timestamp": "1664443644",
"uuid": "7360197a-48e6-4792-b7c6-5d616d5c79c9",
"Orgc": {
"name": "CIRCL",
"uuid": "55f6ea5e-2c60-40e5-964f-47a8950d210f"
},
"Tag": [
{
"colour": "#b00074",
2024-04-05 12:15:17 +00:00
"local": false,
2023-12-14 14:30:15 +00:00
"name": "maec-malware-behavior:maec-malware-behavior=\"mine-for-cryptocurrency\"",
"relationship_type": ""
},
{
"colour": "#0088cc",
2024-04-05 12:15:17 +00:00
"local": false,
2023-12-14 14:30:15 +00:00
"name": "misp-galaxy:mitre-attack-pattern=\"Exploit Public-Facing Application - T1190\"",
"relationship_type": ""
},
{
"colour": "#0088cc",
2024-04-05 12:15:17 +00:00
"local": false,
2023-12-14 14:30:15 +00:00
"name": "misp-galaxy:mitre-attack-pattern=\"Resource Hijacking - T1496\"",
"relationship_type": ""
},
{
"colour": "#ffffff",
2024-04-05 12:15:17 +00:00
"local": false,
2023-12-14 14:30:15 +00:00
"name": "tlp:white",
"relationship_type": ""
},
{
"colour": "#0088cc",
2024-04-05 12:15:17 +00:00
"local": false,
2023-12-14 14:30:15 +00:00
"name": "misp-galaxy:threat-actor=\"Hezb\"",
"relationship_type": ""
},
{
"colour": "#0029ff",
2024-04-05 12:15:17 +00:00
"local": false,
2023-12-14 14:30:15 +00:00
"name": "estimative-language:confidence-in-analytic-judgment=\"high\"",
"relationship_type": ""
},
{
"colour": "#001fc2",
2024-04-05 12:15:17 +00:00
"local": false,
2023-12-14 14:30:15 +00:00
"name": "estimative-language:likelihood-probability=\"almost-certain\"",
"relationship_type": ""
},
{
"colour": "#0eb100",
2024-04-05 12:15:17 +00:00
"local": false,
2023-12-14 14:30:15 +00:00
"name": "admiralty-scale:information-credibility=\"1\"",
"relationship_type": ""
}
],
"Attribute": [
{
"category": "Network activity",
"comment": "On port 4545",
"deleted": false,
"disable_correlation": false,
"timestamp": "1662986638",
"to_ids": true,
"type": "ip-dst|port",
"uuid": "6031c6d8-5936-4668-876f-69912ed3fbb4",
"value": "106.251.252.226|4545"
},
{
"category": "External analysis",
"comment": "",
"deleted": false,
"disable_correlation": false,
"timestamp": "1662986703",
"to_ids": false,
"type": "link",
"uuid": "df342cf6-a3bf-4a81-9082-a449f3d17edf",
"value": "https://www.lacework.com/blog/kinsing-dark-iot-botnet-among-threats-targeting-cve-2022-26134/"
},
{
"category": "External analysis",
"comment": "",
"deleted": false,
"disable_correlation": false,
"timestamp": "1662986724",
"to_ids": false,
"type": "link",
"uuid": "fc11fba4-bab5-4802-b5c1-6b39fca801dc",
"value": "https://www.pwndefend.com/2022/06/04/cve-2022-26134-honeypot-payload-analysis-example/"
},
{
"category": "External analysis",
"comment": "",
"deleted": false,
"disable_correlation": false,
"timestamp": "1662987136",
"to_ids": false,
"type": "link",
"uuid": "6d633617-d0aa-4e49-8eba-eaa325eebdbd",
"value": "https://twitter.com/uk_daniel_card/status/1533038796144578560"
},
{
"category": "Network activity",
"comment": "On port 82",
"deleted": false,
"disable_correlation": false,
"timestamp": "1662992106",
"to_ids": true,
"type": "ip-dst|port",
"uuid": "fcb7c25d-9b1f-4dff-b901-b4ecf396d1ba",
"value": "205.147.101.170|82"
},
{
"category": "Network activity",
"comment": "",
"deleted": false,
"disable_correlation": false,
"timestamp": "1662992106",
"to_ids": true,
"type": "ip-dst",
"uuid": "c9a150b3-dba6-43da-b574-30543b8b927e",
"value": "202.28.229.174"
},
{
"category": "Payload delivery",
"comment": "",
"deleted": false,
"disable_correlation": false,
"timestamp": "1662994140",
"to_ids": true,
"type": "link",
"uuid": "636aeeac-f1c6-4e60-8e79-412595af53b5",
"value": "http://205.147.101.170:82/kthmimu.txt"
},
{
"category": "External analysis",
"comment": "",
"deleted": false,
"disable_correlation": false,
"timestamp": "1662994398",
"to_ids": false,
"type": "link",
"uuid": "8690ab87-bbd1-4d0a-8ded-b3486499d594",
"value": "https://www.virustotal.com/gui/file/aaa4aaa14e351350fccbda72d442995a65bd1bb8281d97d1153401e31365a3e9/community"
}
],
"Object": [
{
"comment": "",
"deleted": false,
"description": "File object describing a file with meta-information",
"meta-category": "file",
"name": "file",
"template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215",
"template_version": "24",
"timestamp": "1662992903",
"uuid": "cdcb8b5a-c8b6-4b56-95d0-7ca6f9451a0d",
"Attribute": [
{
"category": "Artifacts dropped",
"comment": "",
"data": "UEsDBBQACQAIAIxzLFXP+ifdvQoAAB0cAAAgABwANDcxYjM2NDBiNWNiNjg4ZTY2MjgxM2I1YTgzN2Y3NTRVVAkAAwdCH2MHQh9jdXgLAAEEIQAAAAQhAAAAj03EfH0yfiODctSlSFv0FJzouoFptMVdgI9xq04uzSIv3GFaqGGFVzBHoHVXW4Z/v67bPj9taRFEtgkg+LbA0QnCuh3keGdWrZ0eKLWxzKm9To/X78wCSefYMrvGjYgWAofUvg168y4p6BsApgN61qgG5KqAQJSR+gwQzy/WblUToxUmHLup6yA+YBfXk1dTgu0zSWbY0IJU6pNPVZBbaYyb908M0A3qrGvykTdFD6bA0+XpFuj+T7T4Om9fZ1bIqMKP6fht13kJfoKTjLLG/A8C3YhbMRTqO8rtzf7IinG+nAyHt+M1eOmR3dvP4ktmbAoWITZZbAQdeAGEQU6Di49EYEztFvZluYA2igmVm9sS1bIGGXyKLO3XYqe9/rDcVIFq2tPx5gp4uWD5wIQ+P/0ctmLKlDuqio28qYBM94y6R63CeGXhJjyL34KCLduvNHPFBsdrHphxzBctSTjM2v1c566p9JOf/VqNE2/INp2RUcow3Yk+9Mny8wruMBCf9AMQ6UvOav4sYJyy2AIBFvyIHsQA0z12tZQUSFMAKrjsQzlLPlG9Cg8oMRTu7zU+w97qfRgDya1jtx+qOdqEm2US0A6DUCz0i8zh5qREbSdBtdw8H2EHI+jLZ2Dn65VA7VbKIVu3KkdkXnp0MT4D9fOQwNkjo46SHEhRndqTgVj8FWCzHoeeggsCCH7VO7ww4w3EELuHY4Y1q10SQjQ+2eFeXOcOzgH4zQtufFfIJk7p2Cb5B8kilAIlafc8k2HRZ5AVspKPOADrB528V1cMOzw2UnJpY0gSiP4K6fGSZ//qXGeLQNKUhwvjUhJbWFXeL+7tDcNBlOJqtH6JU8D6StPnpLmpW5RnC4mEa0Nc4IUdqej21jZ9zQ8sUB9OWBH58VvFmwnr19W0X9vbPiWpmnvVN3dL4d3xZ0cV9Amv/1NWMqzJb1leIQV6bu3VnF4ma3JZiqYz1TPhdUnL32Iogh9WTzzc8YspMA9uwfKs2uP6nZ+h39DpUC5moTXUzQPCKVp2DrGWUbdV6qMouPqZ4CZHoPCKej9xZNFsr1dTpu4W34SRnh/qANWK8Ailcw7hHgGRgV12QkXQyzt9rCCzidmVox6AAuiw2CfKfxudNLDvCHHqjR6PKFJRgKutcwzL9kneAJixQc0tDZpOdnKsCb9CdZy/WkYdpooNZG7fRZCgFqF/5tKjzIucw8hJ9NJQBGRFbyZQZQ+M7e8ISYcl7WVDZto4TBELZ3ANVdowwyzdM3a0Q6YMS3RqOC+cKf6Es2h/HmvgPHp0xQ7WJy8gK4jb8sewoLuRDdyvXDS0fIoIShHkyYus6F2aUW7aJ5w7vruJH8pANO4E8jGg6Mt+Xmg0rVyhJgk7tI02gK/qekJEhY3YWgNYAxdtzaeufdUx6UUP1qBYK+On1R8cj6otCOxD0lQLo7X/aeEUDtW9TUNmk53yDZuyRWGu4+VV+h5AqYfoCA1UqgzM0OzNfAu6TJhd6Wb0AiT+j68fPub1siexDK5gas2SAUpXLOOtDy6kd17fklmrSPBbSNqnxtPE2AeUBfAoFA/Qy2qJus7BhWrOR6MHXvKY3eak7ORVZ6JDz0b8z8QbgQuMP3eTElLD2Fm0zyA0rTV35a1iBOm7Nervo5Im6kYY9uLm/j3zLeZq4SvSCwraGzSpybntLBqWDln3xMPuI2l+ck9OWt7bJuZJ7HhlDLug30WjuXncf4+k6pAiAugvNjItuuqfMoH/B2XvWSYiZEZfK8Zf1JvXk8YsqO32WxhGyG0Hogcvea42OoADI4QfF5a+PhqZdMgWMH0maeYMr5H8H148cpt9Esxmdxx7vkciQb0RvpsKcsdujSS76GnjbKUSk5Dmz8RE+AM0AiLW4/z7ReLYMwIDW0QdR+fmOujN3JRqx1EKr3hoTDMzEECLqoPOzSJ5CcZLDF3yKNaORRS4inR+mXtEuimjgRHIwh84MBkBgvIHic+aa8hAmtZ9xOTOr5L+R2tuYmJQeMUWwE+bADz/7RxRs2IHkpuH7irIL7iiLOyBNjElmIVlP7T/y/f6QW+LrhsbsIXIIa3Kg66CaxnbZC3QnHPk0fyDNFhToBx8t/uDA2isUhW8qJPPCRDzL9PrwZ/PHyjQO8Wz4BUix2SRIE7dKHEFXAqOlNxcD0TEtOa8lwVgKpZHGbMr6hu7wpjwT+UQn4DJPFmmAtNOfZb1kD7DtwbFFPBIrUW8Ns1jwdzL/dUcWHreKBa8aR6lv3mOgIrqgAwrzrzvBGK9LwcVsQ3nYjeW1w+OEwPggsEiC3MVehBnQ4abUm40l3Qnq1C6MFi+GCzHyy4PFqYhlh7GDi62UeOXCmyZ4gf+3+YoyWLQHCXD/Hf7TZnsi24Q4UK8Dl10+WiUjnszwioZ0UGkowz/l1rKrlRtx502g4FMqhgxfHwPXXtFW1w1lN8RxkbgJBWRK+LfXUNiQsmHfccucM6daZ4s7GAtSrX5AhcXR4JhKuntlK3APUFrqcfDwBRRNk89Tc2rwT/4ildAx2AOSi6D2xX0hXktEgowpeMovjy/YQfMKuDufICHMRprYo3x0gRCfrT6WUulCb43Ir4+tPVnWfd+0EDb8SEetiuRysvdrvYOIj2rDxwml+PH2fVCJGhUx19YLmlviJoUj8mMfW5NhPVicLLLcWMgvUo/k/sjQneW/QNuiTV6IcFGFipl4ChqXkZcSOP8wddfrUx1EGfPQ0BNLAH/yX1/c0UK0PAPbpObWLFxcZmxNYkS2u9OQcXlkrO54pB7Tsh9ShNbHIIb27R9SEx7303jUNS8WrXt7BnxxhmiVnOWjXqCHzf9NmxFz6V+Sklgzgn6XKEbr3awk4mWAFFEg5HrlReirAUPBNC05UIhxwlUAfK7NfLFdkI1xiHH6GQPk9VOMNpNjcOFWUkCdJA1m6ui+bFYXq6jkemof63W/ZoQvvtkpPvc1Wfw8BO+8d/pwMN3OqMgHQhV3djPSfzsn8h+l9k8J+UCeomhRzwN+R6+THStFEAhHU/QlqpL0wtL3gtJ1k3U7qeBylTR2Rh5siNRaQTzumLS4W79zrthb5Vg1ALLxzq9oBtQtin4Pu9e1l4Acjkjd4W+mOdzCPPVRTUGPiRP6m6bjR0kU+YnlFQCVlpBx+WlLgAKV/I+d83SERpWe92IDAjsWkYbdntBP1vyft8ge0K5dDPj2yB1siN0bmTRvkf91v0AhL19hLEZ9WrJqgTiAU61/DmXE5pH+R3rpPOKz4YVk36ptd84b7osZOekPV2y4hqLFfy1YKOnKCDuv3NPW/EQH77RUiV3dDe/ZPR2HSIIGnJJDc/72esSLHIr5IN0QuAeZeIq0KCSAzzg2SXV5YwHfGg2S+NCtOvqiNK3o9W6TvTtFkCSyIM+0lPGuNYu3pP0kfxlfY3llaUE71R4T0k+3y0xOumJgaj0T3uEXCoubbfLkmiSl9OQO/t9tobLr5AndeB39X9G+/3iN5QtkxPxKAcQ1lxBMXWo+jigJOlgjiVvXjcvy32Viw+Qcgi7XZ0iWjdEF+OQIEzzZzuUtApwMdZPB/7kONCGvp5AchSxmCOkAiqOUnVaJ63PIcgP4aplidl5Obszx/TreZV9Ps1YYbKEUPSnE723gfQBhjnB8vBJIpGtkjTnUJGtOxl0vVBLBwjP+ifdvQoAAB0cAABQSwMECgAJAAAAjHMsVa1/2BYSAAAABgAAAC0AHAA0NzFiMzY0MGI1Y2I2ODhlNjYyODEzYjVhODM3Zjc1NC5maWxlbmFtZS50eHRVVAkAAwdCH2MHQh9jdXgLAAEEIQAAAAQhAAAATgn+nFN0MS1RkcL52hqu1uQ/UEsHCK1/2BYSAAAABgAAAFBLAQIeAxQACQAIAIxzLFXP+ifdvQoAAB0cAAAgABgAAAAAAAEAAACkgQAAAAA0NzFiMzY0MGI1Y2I2ODhlNj
"deleted": false,
"disable_correlation": false,
"object_relation": "malware-sample",
"timestamp": "1662992903",
"to_ids": true,
"type": "malware-sample",
"uuid": "6b020908-4fd7-468b-809b-291ab273e66f",
"value": "ldr.sh|471b3640b5cb688e662813b5a837f754"
},
{
"category": "Artifacts dropped",
"comment": "",
"deleted": false,
"disable_correlation": false,
"object_relation": "filename",
"timestamp": "1662992903",
"to_ids": false,
"type": "filename",
"uuid": "65d7951a-666c-4df8-87a8-17131ab8fb82",
"value": "ldr.sh"
},
{
"category": "Artifacts dropped",
"comment": "",
"deleted": false,
"disable_correlation": false,
"object_relation": "md5",
"timestamp": "1662992903",
"to_ids": true,
"type": "md5",
"uuid": "36bfd94a-f018-4574-9a89-a1485701ecd6",
"value": "471b3640b5cb688e662813b5a837f754"
},
{
"category": "Artifacts dropped",
"comment": "",
"deleted": false,
"disable_correlation": false,
"object_relation": "sha1",
"timestamp": "1662992903",
"to_ids": true,
"type": "sha1",
"uuid": "16644eae-1b70-4998-8b85-8b90d4c84348",
"value": "88ea5111e5c4e79bd4831c6f25f0efe789f24763"
},
{
"category": "Artifacts dropped",
"comment": "",
"deleted": false,
"disable_correlation": false,
"object_relation": "sha256",
"timestamp": "1662992903",
"to_ids": true,
"type": "sha256",
"uuid": "44292cf3-f033-4766-aaba-5df5852bf5b6",
"value": "18e40563564aa496178c91ed5c0e073e412f4134000cbf3cfe438b1388babac7"
},
{
"category": "Other",
"comment": "",
"deleted": false,
"disable_correlation": true,
"object_relation": "size-in-bytes",
"timestamp": "1662992903",
"to_ids": false,
"type": "size-in-bytes",
"uuid": "563177d0-8a8d-4db3-8328-bb0e6f4d794c",
"value": "7197"
}
]
},
{
"comment": "",
"deleted": false,
"description": "Object describing a section of an Executable and Linkable Format",
"meta-category": "file",
"name": "elf-section",
"template_uuid": "ca271f32-1234-4e87-b240-6b6e882de5de",
"template_version": "4",
"timestamp": "1662993710",
"uuid": "f20444c8-e756-44a4-ac79-0799566b1356",
"Attribute": [
{
"category": "Other",
"comment": "",
"deleted": false,
"disable_correlation": true,
"object_relation": "type",
"timestamp": "1662993710",
"to_ids": false,
"type": "text",
"uuid": "d55a0b83-99f5-44ec-9213-0fcb73ba4cf2",
"value": "NULL"
},
{
"category": "Other",
"comment": "",
"deleted": false,
"disable_correlation": true,
"object_relation": "size-in-bytes",
"timestamp": "1662993710",
"to_ids": false,
"type": "size-in-bytes",
"uuid": "fc909292-3d90-492e-9df8-8ba31505e25a",
"value": "0"
}
]
},
{
"comment": "",
"deleted": false,
"description": "Object describing a section of an Executable and Linkable Format",
"meta-category": "file",
"name": "elf-section",
"template_uuid": "ca271f32-1234-4e87-b240-6b6e882de5de",
"template_version": "4",
"timestamp": "1662993710",
"uuid": "839fe75f-0418-49ab-8118-172e81700111",
"Attribute": [
{
"category": "Other",
"comment": "",
"deleted": false,
"disable_correlation": true,
"object_relation": "name",
"timestamp": "1662993710",
"to_ids": false,
"type": "text",
"uuid": "5429ab8b-6be3-4953-ac37-cbd3ef1ad7be",
"value": ".note.ABI-tag"
},
{
"category": "Other",
"comment": "",
"deleted": false,
"disable_correlation": true,
"object_relation": "type",
"timestamp": "1662993710",
"to_ids": false,
"type": "text",
"uuid": "f6d4a956-8e3e-4816-8ed8-94f55542a638",
"value": "NOTE"
},
{
"category": "Other",
"comment": "",
"deleted": false,
"disable_correlation": true,
"object_relation": "flag",
"timestamp": "1662993710",
"to_ids": false,
"type": "text",
"uuid": "a166379d-470c-409e-b9dc-8ef42782df24",
"value": "ALLOC"
},
{
"category": "Other",
"comment": "",
"deleted": false,
"disable_correlation": true,
"object_relation": "size-in-bytes",
"timestamp": "1662993710",
"to_ids": false,
"type": "size-in-bytes",
"uuid": "5afbcae9-9889-4014-925c-f0d656cc4bfc",
"value": "32"
},
{
"category": "Other",
"comment": "",
"deleted": false,
"disable_correlation": true,
"object_relation": "entropy",
"timestamp": "1662993710",
"to_ids": false,
"type": "float",
"uuid": "6ded0d64-72c5-4ef8-b808-cc8d9d155162",
"value": "1.748689844084"
},
{
"category": "Payload delivery",
"comment": "",
"deleted": false,
"disable_correlation": false,
"object_relation": "md5",
"timestamp": "1662993710",
"to_ids": true,
"type": "md5",
"uuid": "a88abd41-ee91-4ab2-ae57-bbf5107a7caf",
"value": "9a61e47e6c90a03fdb2c981b2315d002"
},
{
"category": "Payload delivery",
"comment": "",
"deleted": false,
"disable_correlation": false,
"object_relation": "sha1",
"timestamp": "1662993710",
"to_ids": true,
"type": "sha1",
"uuid": "a36c18da-cc27-4938-a614-ffba1e5289b1",
"value": "447eeb9da047efc5f7eb3192776c9ea489e36e07"
},
{
"category": "Payload delivery",
"comment": "",
"deleted": false,
"disable_correlation": false,
"object_relation": "sha256",
"timestamp": "1662993710",
"to_ids": true,
"type": "sha256",
"uuid": "b97d2cff-640f-4f56-8263-301bce2747fe",
"value": "c70fbcfeb5350db4d207149d87960e2f23fb322c20552a9cac4eb6b3e95e5e73"
},
{
"category": "Payload delivery",
"comment": "",
"deleted": false,
"disable_correlation": false,
"object_relation": "sha512",
"timestamp": "1662993710",
"to_ids": true,
"type": "sha512",
"uuid": "5aa7633f-3f62-4bf9-9cff-00af8e78d7f0",
"value": "04af1d0b1e4eeb2f637aa9680804c596f2a1b841bdf21acbb4a6723e9ad73b74d9b18897bb993a973e83e8ee98d3d5e0899c6d50c406f9028104b3fec95754f7"
},
{
"category": "Payload delivery",
"comment": "",
"deleted": false,
"disable_correlation": false,
"object_relation": "ssdeep",
"timestamp": "1662993710",
"to_ids": true,
"type": "ssdeep",
"uuid": "27c27e9c-990d-46ef-b325-6a37a49deba0",
"value": "3:hlslqklllHlxn:wlqk5"
}
]
},
{
"comment": "",
"deleted": false,
"description": "Object describing a section of an Executable and Linkable Format",
"meta-category": "file",
"name": "elf-section",
"template_uuid": "ca271f32-1234-4e87-b240-6b6e882de5de",
"template_version": "4",
"timestamp": "1662993710",
"uuid": "cc93a09e-7ab2-4efc-a538-63a2f9eb8548",
"Attribute": [
{
"category": "Other",
"comment": "",
"deleted": false,
"disable_correlation": true,
"object_relation": "name",
"timestamp": "1662993710",
"to_ids": false,
"type": "text",
"uuid": "0f4053ce-1159-44a6-9e69-32a1374292f7",
"value": ".note.gnu.build-id"
},
{
"category": "Other",
"comment": "",
"deleted": false,
"disable_correlation": true,
"object_relation": "type",
"timestamp": "1662993710",
"to_ids": false,
"type": "text",
"uuid": "0f1279f3-1d17-428b-915d-2e1600ac6b0c",
"value": "NOTE"
},
{
"category": "Other",
"comment": "",
"deleted": false,
"disable_correlation": true,
"object_relation": "flag",
"timestamp": "1662993710",
"to_ids": false,
"type": "text",
"uuid": "0ac9e834-e67e-49c2-8514-004edd7ed465",
"value": "ALLOC"
},
{
"category": "Other",
"comment": "",
"deleted": false,
"disable_correlation": true,
"object_relation": "size-in-bytes",
"timestamp": "1662993710",
"to_ids": false,
"type": "size-in-bytes",
"uuid": "85f1991a-605c-4e93-a380-14f8b98b3763",
"value": "36"
},
{
"category": "Other",
"comment": "",
"deleted": false,
"disable_correlation": true,
"object_relation": "entropy",
"timestamp": "1662993710",
"to_ids": false,
"type": "float",
"uuid": "36b92ee9-3f57-4d56-b226-00856fc51310",
"value": "4.0805005306403"
},
{
"category": "Payload delivery",
"comment": "",
"deleted": false,
"disable_correlation": false,
"object_relation": "md5",
"timestamp": "1662993710",
"to_ids": true,
"type": "md5",
"uuid": "b3ac4842-f595-4c53-96a8-6ab4ab69734d",
"value": "7cbbb459a2d21e2b1ef8b13e481a7a9b"
},
{
"category": "Payload delivery",
"comment": "",
"deleted": false,
"disable_correlation": false,
"object_relation": "sha1",
"timestamp": "1662993710",
"to_ids": true,
"type": "sha1",
"uuid": "aa264ee6-6136-4860-b25a-2c46809daf50",
"value": "d9b9184a9a0134488d53de4e53f75760518ab4cc"
},
{
"category": "Payload delivery",
"comment": "",
"deleted": false,
"disable_correlation": false,
"object_relation": "sha256",
"timestamp": "1662993710",
"to_ids": true,
"type": "sha256",
"uuid": "805b9ff8-bfe2-4756-a2a8-b0a7b8023582",
"value": "7d80a99828d123d42f7d0735d05a670d449293ecaced2aead2507c1c7e0dd001"
},
{
"category": "Payload delivery",
"comment": "",
"deleted": false,
"disable_correlation": false,
"object_relation": "sha512",
"timestamp": "1662993710",
"to_ids": true,
"type": "sha512",
"uuid": "1f47d649-1665-4093-abfc-66aacaae04cc",
"value": "8870d4dc577c1bfdaf94338c85b02b667bad7d2deface20777024274efec5b9d3e31bf5ff2bb8a2e9004780971dc475c5a75babe8e86496492969f5774f7300c"
},
{
"category": "Payload delivery",
"comment": "",
"deleted": false,
"disable_correlation": false,
"object_relation": "ssdeep",
"timestamp": "1662993710",
"to_ids": true,
"type": "ssdeep",
"uuid": "89e5ad54-cfc4-484a-9c36-4693712b825f",
"value": "3:ll/ylIeukhK:iSeH8"
}
]
},
{
"comment": "",
"deleted": false,
"description": "Object describing a section of an Executable and Linkable Format",
"meta-category": "file",
"name": "elf-section",
"template_uuid": "ca271f32-1234-4e87-b240-6b6e882de5de",
"template_version": "4",
"timestamp": "1662993710",
"uuid": "c1084d7d-bb02-42df-82ba-a5bb6fc7b6d1",
"Attribute": [
{
"category": "Other",
"comment": "",
"deleted": false,
"disable_correlation": true,
"object_relation": "name",
"timestamp": "1662993710",
"to_ids": false,
"type": "text",
"uuid": "6fa28726-a84a-4b77-bf25-9a38ef146235",
"value": ".rela.plt"
},
{
"category": "Other",
"comment": "",
"deleted": false,
"disable_correlation": true,
"object_relation": "type",
"timestamp": "1662993710",
"to_ids": false,
"type": "text",
"uuid": "659b0640-eb7c-4384-b991-861d3017ccee",
"value": "RELA"
},
{
"category": "Other",
"comment": "",
"deleted": false,
"disable_correlation": true,
"object_relation": "flag",
"timestamp": "1662993710",
"to_ids": false,
"type": "text",
"uuid": "afa9a058-bb98-416c-957d-f9d1d7ae334f",
"value": "INFO_LINK"
},
{
"category": "Other",
"comment": "",
"deleted": false,
"disable_correlation": true,
"object_relation": "flag",
"timestamp": "1662993710",
"to_ids": false,
"type": "text",
"uuid": "a8f75dbe-7e99-4943-824d-fb53be70dfb7",
"value": "ALLOC"
},
{
"category": "Other",
"comment": "",
"deleted": false,
"disable_correlation": true,
"object_relation": "size-in-bytes",
"timestamp": "1662993710",
"to_ids": false,
"type": "size-in-bytes",
"uuid": "85c308d1-2c17-4668-ae12-fa5fc6855e3b",
"value": "504"
},
{
"category": "Other",
"comment": "",
"deleted": false,
"disable_correlation": true,
"object_relation": "entropy",
"timestamp": "1662993710",
"to_ids": false,
"type": "float",
"uuid": "80760c77-5d54-4e95-bbb8-a8df6f6b5408",
"value": "2.1358676285528"
},
{
"category": "Payload delivery",
"comment": "",
"deleted": false,
"disable_correlation": false,
"object_relation": "md5",
"timestamp": "1662993710",
"to_ids": true,
"type": "md5",
"uuid": "189f1b71-be46-4a06-bde8-e6c308a48b96",
"value": "c7c3b06b20d25bade8a5e93d7b7d1068"
},
{
"category": "Payload delivery",
"comment": "",
"deleted": false,
"disable_correlation": false,
"object_relation": "sha1",
"timestamp": "1662993710",
"to_ids": true,
"type": "sha1",
"uuid": "a2c2d1a3-4016-4b48-86c0-65117dcd4109",
"value": "6c7403435b331ce767fc2499a9c2ec9b997dc37b"
},
{
"category": "Payload delivery",
"comment": "",
"deleted": false,
"disable_correlation": false,
"object_relation": "sha256",
"timestamp": "1662993710",
"to_ids": true,
"type": "sha256",
"uuid": "01950e46-9d47-461d-b2bc-40fe62ab4498",
"value": "85bee9ba4ddbfd26fda8da0f8912eae916e61370341a2705e8728bdeca680b21"
},
{
"category": "Payload delivery",
"comment": "",
"deleted": false,
"disable_correlation": false,
"object_relation": "sha512",
"timestamp": "1662993710",
"to_ids": true,
"type": "sha512",
"uuid": "063abd07-2970-4616-8b68-8db9c93cfa43",
"value": "911d38e0582c3cd20ae2572d7d387844fd6fedb14e34c96e35a0de50d1648192076fd0998d1afb56b5067335c9a3e1bcbc6fdcf91aec0272f2850a3ca46ba32c"
},
{
"category": "Payload delivery",
"comment": "",
"deleted": false,
"disable_correlation": false,
"object_relation": "ssdeep",
"timestamp": "1662993711",
"to_ids": true,
"type": "ssdeep",
"uuid": "93e3a2a5-cdef-4475-90f0-2b6c6c8ec99b",
"value": "12:Ajv/eS3Ov/WK6PWx2lA2olEQmPwgQVZ3n:AjHeS3OHWK6ux2lAtlEQmPwgQVZ3"
}
]
},
{
"comment": "",
"deleted": false,
"description": "Object describing a section of an Executable and Linkable Format",
"meta-category": "file",
"name": "elf-section",
"template_uuid": "ca271f32-1234-4e87-b240-6b6e882de5de",
"template_version": "4",
"timestamp": "1662993711",
"uuid": "23fb93e2-84c5-45eb-ac44-5ac52e3baa7b",
"Attribute": [
{
"category": "Other",
"comment": "",
"deleted": false,
"disable_correlation": true,
"object_relation": "name",
"timestamp": "1662993711",
"to_ids": false,
"type": "text",
"uuid": "9706ed41-ef25-4c9a-a9c2-7ee11670f7d6",
"value": ".init"
},
{
"category": "Other",
"comment": "",
"deleted": false,
"disable_correlation": true,
"object_relation": "type",
"timestamp": "1662993711",
"to_ids": false,
"type": "text",
"uuid": "19158370-cde9-4c89-b52b-71835adddbc8",
"value": "PROGBITS"
},
{
"category": "Other",
"comment": "",
"deleted": false,
"disable_correlation": true,
"object_relation": "flag",
"timestamp": "1662993711",
"to_ids": false,
"type": "text",
"uuid": "5f5d3db7-6cc1-4c30-b73b-1e61069352f9",
"value": "ALLOC"
},
{
"category": "Other",
"comment": "",
"deleted": false,
"disable_correlation": true,
"object_relation": "flag",
"timestamp": "1662993711",
"to_ids": false,
"type": "text",
"uuid": "9166cf2c-72ec-4f1e-9ed0-0c3dcb7309f7",
"value": "EXECINSTR"
},
{
"category": "Other",
"comment": "",
"deleted": false,
"disable_correlation": true,
"object_relation": "size-in-bytes",
"timestamp": "1662993711",
"to_ids": false,
"type": "size-in-bytes",
"uuid": "daf8dc7b-c7b4-427a-9ce3-f96c2af7bd3d",
"value": "26"
},
{
"category": "Other",
"comment": "",
"deleted": false,
"disable_correlation": true,
"object_relation": "entropy",
"timestamp": "1662993711",
"to_ids": false,
"type": "float",
"uuid": "7e5d8aff-ef82-452c-a276-2db76b79f35c",
"value": "4.1619781796796"
},
{
"category": "Payload delivery",
"comment": "",
"deleted": false,
"disable_correlation": false,
"object_relation": "md5",
"timestamp": "1662993711",
"to_ids": true,
"type": "md5",
"uuid": "d05e3efa-bd39-418b-81d4-3c7fc20d3532",
"value": "ea1769ae7fd708ae2012b3e995d20220"
},
{
"category": "Payload delivery",
"comment": "",
"deleted": false,
"disable_correlation": false,
"object_relation": "sha1",
"timestamp": "1662993711",
"to_ids": true,
"type": "sha1",
"uuid": "f8729c13-f4ae-4a14-947f-e55f954cdfd1",
"value": "e4ee398ed59ab42b03b1d93fe8775d39673ef701"
},
{
"category": "Payload delivery",
"comment": "",
"deleted": false,
"disable_correlation": false,
"object_relation": "sha256",
"timestamp": "1662993711",
"to_ids": true,
"type": "sha256",
"uuid": "478f441d-2278-4d01-80a3-685bf6ead6f8",
"value": "c8a191208bf27808387195aff6ab1157f693be24ed488497872ceb497efcb34a"
},
{
"category": "Payload delivery",
"comment": "",
"deleted": false,
"disable_correlation": false,
"object_relation": "sha512",
"timestamp": "1662993711",
"to_ids": true,
"type": "sha512",
"uuid": "c0e927d3-7b75-441a-a573-754300dd3815",
"value": "1242760746f839282f45af454c41a4d9c061c249a72d405e4a04efec372425a7dfe31b6bf58589a3ffa4456ce246a16b7704b46ab581802146bc2b371a343830"
},
{
"category": "Payload delivery",
"comment": "",
"deleted": false,
"disable_correlation": false,
"object_relation": "ssdeep",
"timestamp": "1662993711",
"to_ids": true,
"type": "ssdeep",
"uuid": "c475d911-6b80-4008-a2ad-5bf51feda32a",
"value": "3:4c2ld4tmn:rCymn"
}
]
},
{
"comment": "",
"deleted": false,
"description": "Object describing a section of an Executable and Linkable Format",
"meta-category": "file",
"name": "elf-section",
"template_uuid": "ca271f32-1234-4e87-b240-6b6e882de5de",
"template_version": "4",
"timestamp": "1662993711",
"uuid": "aaa26480-e20b-4467-981f-e70fc613819b",
"Attribute": [
{
"category": "Other",
"comment": "",
"deleted": false,
"disable_correlation": true,
"object_relation": "name",
"timestamp": "1662993711",
"to_ids": false,
"type": "text",
"uuid": "a86eccee-6543-44b9-9ab8-aee390d1b75e",
"value": ".plt"
},
{
"category": "Other",
"comment": "",
"deleted": false,
"disable_correlation": true,
"object_relation": "type",
"timestamp": "1662993711",
"to_ids": false,
"type": "text",
"uuid": "c366bb7e-c71f-46cf-b8db-bdfa340844a9",
"value": "PROGBITS"
},
{
"category": "Other",
"comment": "",
"deleted": false,
"disable_correlation": true,
"object_relation": "flag",
"timestamp": "1662993711",
"to_ids": false,
"type": "text",
"uuid": "4a965433-d2cf-47c8-bb8f-79b1e4f6146c",
"value": "ALLOC"
},
{
"category": "Other",
"comment": "",
"deleted": false,
"disable_correlation": true,
"object_relation": "flag",
"timestamp": "1662993711",
"to_ids": false,
"type": "text",
"uuid": "a2ebb4de-1fa4-4670-a818-d2af5a895415",
"value": "EXECINSTR"
},
{
"category": "Other",
"comment": "",
"deleted": false,
"disable_correlation": true,
"object_relation": "size-in-bytes",
"timestamp": "1662993711",
"to_ids": false,
"type": "size-in-bytes",
"uuid": "807f2070-bfe3-4176-b57b-1c0c309b3d4b",
"value": "336"
},
{
"category": "Other",
"comment": "",
"deleted": false,
"disable_correlation": true,
"object_relation": "entropy",
"timestamp": "1662993711",
"to_ids": false,
"type": "float",
"uuid": "b0f91a81-2e94-4cb5-9940-125c2a5571ea",
"value": "2.5409281726478"
},
{
"category": "Payload delivery",
"comment": "",
"deleted": false,
"disable_correlation": false,
"object_relation": "md5",
"timestamp": "1662993711",
"to_ids": true,
"type": "md5",
"uuid": "d9a668f0-1bb0-4b26-ad18-1ce566c18a9b",
"value": "609697fd60162ca8c09868f2c630a908"
},
{
"category": "Payload delivery",
"comment": "",
"deleted": false,
"disable_correlation": false,
"object_relation": "sha1",
"timestamp": "1662993711",
"to_ids": true,
"type": "sha1",
"uuid": "f232786d-f878-4b3e-b4ad-a43da73c5c12",
"value": "4c263d9cc7c0135994274c2f6d1f017dad46a8db"
},
{
"category": "Payload delivery",
"comment": "",
"deleted": false,
"disable_correlation": false,
"object_relation": "sha256",
"timestamp": "1662993711",
"to_ids": true,
"type": "sha256",
"uuid": "71272384-4d1e-45ab-b70c-891307571963",
"value": "3dc709e7bffdcf9fc0c94f6c8672a1b2f33cb6c707d77c0c4f60aa255e3a704a"
},
{
"category": "Payload delivery",
"comment": "",
"deleted": false,
"disable_correlation": false,
"object_relation": "sha512",
"timestamp": "1662993711",
"to_ids": true,
"type": "sha512",
"uuid": "aafc9066-3b88-4946-9a40-aa5196d9a53f",
"value": "ae2107c196f360d127d3ad3e6ab7eca7cb97c64ab093029a09e3408b01fe9f8dcdedc2f89aa8d3f876f1b389e695a5d4cb55eb0322ffaa5d1367f2187459aba2"
},
{
"category": "Payload delivery",
"comment": "",
"deleted": false,
"disable_correlation": false,
"object_relation": "ssdeep",
"timestamp": "1662993711",
"to_ids": true,
"type": "ssdeep",
"uuid": "f83c68f1-9001-478b-9bb3-6a0449dd4e07",
"value": "6:HX0R0ZkTaZ0F6sN9V2ad6sPXcVsHF2aN6sV9d2aMVsX/0Vsl:W5DbTrDbTn"
}
]
},
{
"comment": "",
"deleted": false,
"description": "Object describing a section of an Executable and Linkable Format",
"meta-category": "file",
"name": "elf-section",
"template_uuid": "ca271f32-1234-4e87-b240-6b6e882de5de",
"template_version": "4",
"timestamp": "1662993711",
"uuid": "69d75dd5-1b99-43d9-a8d4-d393e30aaa0b",
"Attribute": [
{
"category": "Other",
"comment": "",
"deleted": false,
"disable_correlation": true,
"object_relation": "name",
"timestamp": "1662993711",
"to_ids": false,
"type": "text",
"uuid": "15624b01-70dc-4786-b653-54de8a12da15",
"value": ".text"
},
{
"category": "Other",
"comment": "",
"deleted": false,
"disable_correlation": true,
"object_relation": "type",
"timestamp": "1662993711",
"to_ids": false,
"type": "text",
"uuid": "b4f8a074-631c-42fb-84d1-141322b5d610",
"value": "PROGBITS"
},
{
"category": "Other",
"comment": "",
"deleted": false,
"disable_correlation": true,
"object_relation": "flag",
"timestamp": "1662993711",
"to_ids": false,
"type": "text",
"uuid": "c83638b8-27b0-4616-a9a6-10ff3014782d",
"value": "ALLOC"
},
{
"category": "Other",
"comment": "",
"deleted": false,
"disable_correlation": true,
"object_relation": "flag",
"timestamp": "1662993711",
"to_ids": false,
"type": "text",
"uuid": "c91a4352-d690-407a-a6c0-91b9e35f4e47",
"value": "EXECINSTR"
},
{
"category": "Other",
"comment": "",
"deleted": false,
"disable_correlation": true,
"object_relation": "size-in-bytes",
"timestamp": "1662993711",
"to_ids": false,
"type": "size-in-bytes",
"uuid": "af79d5ae-73dd-4f89-a1e7-87822dcfbecf",
"value": "4626660"
},
{
"category": "Other",
"comment": "",
"deleted": false,
"disable_correlation": true,
"object_relation": "entropy",
"timestamp": "1662993711",
"to_ids": false,
"type": "float",
"uuid": "eb311951-6b98-4b4d-80db-e5667f746997",
"value": "6.413984465203"
},
{
"category": "Payload delivery",
"comment": "",
"deleted": false,
"disable_correlation": false,
"object_relation": "md5",
"timestamp": "1662993711",
"to_ids": true,
"type": "md5",
"uuid": "730bb609-9666-40ac-965c-b177f27ab7ad",
"value": "369d8ed728fdbfe01c9a20a2db082dd1"
},
{
"category": "Payload delivery",
"comment": "",
"deleted": false,
"disable_correlation": false,
"object_relation": "sha1",
"timestamp": "1662993711",
"to_ids": true,
"type": "sha1",
"uuid": "61f42b35-983c-4574-ae58-a4d57c75450a",
"value": "9a47c42f30fd1a164be94b84b3b4bf17e3892710"
},
{
"category": "Payload delivery",
"comment": "",
"deleted": false,
"disable_correlation": false,
"object_relation": "sha256",
"timestamp": "1662993711",
"to_ids": true,
"type": "sha256",
"uuid": "954dd93a-7a73-485f-a12a-4eb6c1164727",
"value": "226376abcc5825ea14b2fab853f2ec293aad18fbc665b1a2446665fd9b621163"
},
{
"category": "Payload delivery",
"comment": "",
"deleted": false,
"disable_correlation": false,
"object_relation": "sha512",
"timestamp": "1662993711",
"to_ids": true,
"type": "sha512",
"uuid": "231b92d1-01b3-4b50-86c6-bc9a7076ddc7",
"value": "16e5294be805d280b218bbff6dcefe6ff244671d03fd9263017d20305cd88e78789eedd800b966803c6e2d548502f4e233fa3391a7248221ef02c3295bddd6c7"
},
{
"category": "Payload delivery",
"comment": "",
"deleted": false,
"disable_correlation": false,
"object_relation": "ssdeep",
"timestamp": "1662993711",
"to_ids": true,
"type": "ssdeep",
"uuid": "13cf128d-18f5-4d8e-b1c3-3b3dea2cfb80",
"value": "98304:lMqzx/c2OP+7c2kgfGWmWngXg6ut3t3t+6Xn6Xn6XUgXpMSM3MqgXZgX4/45Sanj:lNco7cW/VyIBhT3ZMh"
}
]
},
{
"comment": "",
"deleted": false,
"description": "Object describing a section of an Executable and Linkable Format",
"meta-category": "file",
"name": "elf-section",
"template_uuid": "ca271f32-1234-4e87-b240-6b6e882de5de",
"template_version": "4",
"timestamp": "1662993711",
"uuid": "1cf9ac2d-93cb-4e8f-941e-e69e89f8e248",
"Attribute": [
{
"category": "Other",
"comment": "",
"deleted": false,
"disable_correlation": true,
"object_relation": "name",
"timestamp": "1662993711",
"to_ids": false,
"type": "text",
"uuid": "62ee7da0-273e-4bf3-ae5a-4838695343d8",
"value": "__libc_freeres_fn"
},
{
"category": "Other",
"comment": "",
"deleted": false,
"disable_correlation": true,
"object_relation": "type",
"timestamp": "1662993711",
"to_ids": false,
"type": "text",
"uuid": "50cffdbc-e23e-4f21-b92d-5405674347a8",
"value": "PROGBITS"
},
{
"category": "Other",
"comment": "",
"deleted": false,
"disable_correlation": true,
"object_relation": "flag",
"timestamp": "1662993711",
"to_ids": false,
"type": "text",
"uuid": "41f2ff5e-5063-412c-8cbc-6f1d6c412c30",
"value": "ALLOC"
},
{
"category": "Other",
"comment": "",
"deleted": false,
"disable_correlation": true,
"object_relation": "flag",
"timestamp": "1662993711",
"to_ids": false,
"type": "text",
"uuid": "fab5619d-1424-43cf-af2f-9883ac2b033a",
"value": "EXECINSTR"
},
{
"category": "Other",
"comment": "",
"deleted": false,
"disable_correlation": true,
"object_relation": "size-in-bytes",
"timestamp": "1662993711",
"to_ids": false,
"type": "size-in-bytes",
"uuid": "9294992c-37a7-4906-8077-ac42b7f08f35",
"value": "10572"
},
{
"category": "Other",
"comment": "",
"deleted": false,
"disable_correlation": true,
"object_relation": "entropy",
"timestamp": "1662993711",
"to_ids": false,
"type": "float",
"uuid": "63d15489-b1ef-4f0f-a637-24afe5eb51bd",
"value": "6.1170663590378"
},
{
"category": "Payload delivery",
"comment": "",
"deleted": false,
"disable_correlation": false,
"object_relation": "md5",
"timestamp": "1662993711",
"to_ids": true,
"type": "md5",
"uuid": "6a8793ee-2974-40d3-8eec-79fd4ceccbc2",
"value": "19624d21557c0236fbdc6ad14bdc014e"
},
{
"category": "Payload delivery",
"comment": "",
"deleted": false,
"disable_correlation": false,
"object_relation": "sha1",
"timestamp": "1662993711",
"to_ids": true,
"type": "sha1",
"uuid": "bfc123d9-aba9-466e-aa23-3fadcc3d5255",
"value": "2150e7cae7268b7dc72e9c1640df779f21016dbd"
},
{
"category": "Payload delivery",
"comment": "",
"deleted": false,
"disable_correlation": false,
"object_relation": "sha256",
"timestamp": "1662993711",
"to_ids": true,
"type": "sha256",
"uuid": "59c3e83c-220f-4699-8ddc-4f4d20314dde",
"value": "91a729ee112e98c3331710d6b908f3ea410e42a3042fe1514d5407a26b362278"
},
{
"category": "Payload delivery",
"comment": "",
"deleted": false,
"disable_correlation": false,
"object_relation": "sha512",
"timestamp": "1662993711",
"to_ids": true,
"type": "sha512",
"uuid": "d93b5279-ab34-48a7-bb6c-a6f5d41d3b47",
"value": "0c7f0252f23b18d66bdf5edc28914ebe5c4d11186017d3a40d0e9472e71fc2e006b0111b9479359982f5fa4dc74576deeb5a64356f73c0470304d7c5d308a907"
},
{
"category": "Payload delivery",
"comment": "",
"deleted": false,
"disable_correlation": false,
"object_relation": "ssdeep",
"timestamp": "1662993711",
"to_ids": true,
"type": "ssdeep",
"uuid": "1ecc890e-bf9a-4dc3-a83f-ebf9e8d1386e",
"value": "192:l57nLS7miKlmqbWRllQnuH7KQDy814Ej2EOlqOfwfiJmCZWii5ujaV8:L7nLS7miKlmqO0G7BdjJ6J7"
}
]
},
{
"comment": "",
"deleted": false,
"description": "Object describing a section of an Executable and Linkable Format",
"meta-category": "file",
"name": "elf-section",
"template_uuid": "ca271f32-1234-4e87-b240-6b6e882de5de",
"template_version": "4",
"timestamp": "1662993711",
"uuid": "62b00107-a884-40f8-ae40-b61004666ca3",
"Attribute": [
{
"category": "Other",
"comment": "",
"deleted": false,
"disable_correlation": true,
"object_relation": "name",
"timestamp": "1662993711",
"to_ids": false,
"type": "text",
"uuid": "385828fd-7b44-499f-ad85-134694097eb7",
"value": "__libc_thread_freeres_fn"
},
{
"category": "Other",
"comment": "",
"deleted": false,
"disable_correlation": true,
"object_relation": "type",
"timestamp": "1662993711",
"to_ids": false,
"type": "text",
"uuid": "6b9b6844-1373-45c5-90c2-b1efd92625e1",
"value": "PROGBITS"
},
{
"category": "Other",
"comment": "",
"deleted": false,
"disable_correlation": true,
"object_relation": "flag",
"timestamp": "1662993711",
"to_ids": false,
"type": "text",
"uuid": "2c28406c-b30d-4e41-90c9-61bda20c450b",
"value": "ALLOC"
},
{
"category": "Other",
"comment": "",
"deleted": false,
"disable_correlation": true,
"object_relation": "flag",
"timestamp": "1662993711",
"to_ids": false,
"type": "text",
"uuid": "465831c5-af97-4049-887e-b91ed702421c",
"value": "EXECINSTR"
},
{
"category": "Other",
"comment": "",
"deleted": false,
"disable_correlation": true,
"object_relation": "size-in-bytes",
"timestamp": "1662993711",
"to_ids": false,
"type": "size-in-bytes",
"uuid": "308aa9bb-ad74-4474-b2cf-3afa34660d90",
"value": "481"
},
{
"category": "Other",
"comment": "",
"deleted": false,
"disable_correlation": true,
"object_relation": "entropy",
"timestamp": "1662993711",
"to_ids": false,
"type": "float",
"uuid": "90a4bdd4-46ca-4b15-bc61-2996320cd735",
"value": "5.7994373207879"
},
{
"category": "Payload delivery",
"comment": "",
"deleted": false,
"disable_correlation": false,
"object_relation": "md5",
"timestamp": "1662993711",
"to_ids": true,
"type": "md5",
"uuid": "2c9c57a7-9f49-4bfa-af53-b444d580d861",
"value": "2dff6b15ddaf66773b78b7e14038d211"
},
{
"category": "Payload delivery",
"comment": "",
"deleted": false,
"disable_correlation": false,
"object_relation": "sha1",
"timestamp": "1662993711",
"to_ids": true,
"type": "sha1",
"uuid": "b8d2a035-bdad-4aa5-a5e3-632a647cd969",
"value": "3475678f7121d7d85a6a9035b00c067b2bd5af5a"
},
{
"category": "Payload delivery",
"comment": "",
"deleted": false,
"disable_correlation": false,
"object_relation": "sha256",
"timestamp": "1662993711",
"to_ids": true,
"type": "sha256",
"uuid": "9aaa4825-6e1b-48ec-a967-da4ae8bf33af",
"value": "f22bd568e7edf04b54e0db6b1961254f059c7fd179538da217b0e5e91e5a08b0"
},
{
"category": "Payload delivery",
"comment": "",
"deleted": false,
"disable_correlation": false,
"object_relation": "sha512",
"timestamp": "1662993711",
"to_ids": true,
"type": "sha512",
"uuid": "7bc5d2fe-2f4e-47ca-82a9-76b8b92d4449",
"value": "a72cbc98b113cb259a4027528f468c8af260fd83925ed564390af445a0bd06f0b6dc58579bb6a77601bebdfed419f7bbe4ba696e88fe6c612767bb41fc9aaa19"
},
{
"category": "Payload delivery",
"comment": "",
"deleted": false,
"disable_correlation": false,
"object_relation": "ssdeep",
"timestamp": "1662993711",
"to_ids": true,
"type": "ssdeep",
"uuid": "fc41b20a-6e23-43ad-9ebb-e390363a4936",
"value": "12:VbA+4RK7EWFQv5P7Nay31pMy3m3DSLzftoM1B:V8+cKTi0W1eyWTmzftoM1B"
}
]
},
{
"comment": "",
"deleted": false,
"description": "Object describing a section of an Executable and Linkable Format",
"meta-category": "file",
"name": "elf-section",
"template_uuid": "ca271f32-1234-4e87-b240-6b6e882de5de",
"template_version": "4",
"timestamp": "1662993711",
"uuid": "17f77158-0735-4093-8b9c-d738db162699",
"Attribute": [
{
"category": "Other",
"comment": "",
"deleted": false,
"disable_correlation": true,
"object_relation": "name",
"timestamp": "1662993711",
"to_ids": false,
"type": "text",
"uuid": "ba5211e7-346f-483b-a5a4-3505937a87ab",
"value": ".fini"
},
{
"category": "Other",
"comment": "",
"deleted": false,
"disable_correlation": true,
"object_relation": "type",
"timestamp": "1662993711",
"to_ids": false,
"type": "text",
"uuid": "704c1912-de4c-42c3-8354-56a6759d9de4",
"value": "PROGBITS"
},
{
"category": "Other",
"comment": "",
"deleted": false,
"disable_correlation": true,
"object_relation": "flag",
"timestamp": "1662993711",
"to_ids": false,
"type": "text",
"uuid": "098ad264-0b02-47ac-be0f-c929587d2e91",
"value": "ALLOC"
},
{
"category": "Other",
"comment": "",
"deleted": false,
"disable_correlation": true,
"object_relation": "flag",
"timestamp": "1662993711",
"to_ids": false,
"type": "text",
"uuid": "4967dc77-cf73-4d9b-90b5-6a68d8a19d5e",
"value": "EXECINSTR"
},
{
"category": "Other",
"comment": "",
"deleted": false,
"disable_correlation": true,
"object_relation": "size-in-bytes",
"timestamp": "1662993711",
"to_ids": false,
"type": "size-in-bytes",
"uuid": "cda9c447-0d8c-426d-ae71-0d2c1d0bd1d2",
"value": "9"
},
{
"category": "Other",
"comment": "",
"deleted": false,
"disable_correlation": true,
"object_relation": "entropy",
"timestamp": "1662993711",
"to_ids": false,
"type": "float",
"uuid": "16e50009-c96b-4b70-bd73-85f68883d96f",
"value": "2.5032583347756"
},
{
"category": "Payload delivery",
"comment": "",
"deleted": false,
"disable_correlation": false,
"object_relation": "md5",
"timestamp": "1662993711",
"to_ids": true,
"type": "md5",
"uuid": "1476d125-1418-474f-948f-2d280fd23f18",
"value": "c0ebd410fb9cd5628270064c1ed937ed"
},
{
"category": "Payload delivery",
"comment": "",
"deleted": false,
"disable_correlation": false,
"object_relation": "sha1",
"timestamp": "1662993711",
"to_ids": true,
"type": "sha1",
"uuid": "0dabd3cb-1e41-41ad-84f4-c7f981e57c6e",
"value": "fa7de3c1bbc31c0cfd7a16048b53b1bce8d2c590"
},
{
"category": "Payload delivery",
"comment": "",
"deleted": false,
"disable_correlation": false,
"object_relation": "sha256",
"timestamp": "1662993711",
"to_ids": true,
"type": "sha256",
"uuid": "f6fb775f-0f91-41b5-9e69-7ac8ec9b53ff",
"value": "66e6f54550612182b4ad78f30b140dd08318b968db3878de2db65fef87dc04d7"
},
{
"category": "Payload delivery",
"comment": "",
"deleted": false,
"disable_correlation": false,
"object_relation": "sha512",
"timestamp": "1662993711",
"to_ids": true,
"type": "sha512",
"uuid": "06eb416b-3d43-44bb-a1d9-a0c3e3f059bc",
"value": "4852df44be27a842795bdc6d623c510b381f027399198ec6d481d90f29dbd6c5a3721460086e1080bb53b9fb5cf852e710f97f1dd4912ad61711150979c9e715"
},
{
"category": "Payload delivery",
"comment": "",
"deleted": false,
"disable_correlation": false,
"object_relation": "ssdeep",
"timestamp": "1662993711",
"to_ids": true,
"type": "ssdeep",
"uuid": "3094e59b-e540-476d-8d02-950710567e6a",
"value": "3:4Ui:ji"
}
]
},
{
"comment": "",
"deleted": false,
"description": "Object describing a section of an Executable and Linkable Format",
"meta-category": "file",
"name": "elf-section",
"template_uuid": "ca271f32-1234-4e87-b240-6b6e882de5de",
"template_version": "4",
"timestamp": "1662993711",
"uuid": "77716830-69b3-4078-907d-a86ff72eada2",
"Attribute": [
{
"category": "Other",
"comment": "",
"deleted": false,
"disable_correlation": true,
"object_relation": "name",
"timestamp": "1662993711",
"to_ids": false,
"type": "text",
"uuid": "e7bcabae-ff15-43d9-92fe-f60a4d39c131",
"value": ".rodata"
},
{
"category": "Other",
"comment": "",
"deleted": false,
"disable_correlation": true,
"object_relation": "type",
"timestamp": "1662993711",
"to_ids": false,
"type": "text",
"uuid": "4d94e1fe-dc4c-4077-ac81-e9242eca9c05",
"value": "PROGBITS"
},
{
"category": "Other",
"comment": "",
"deleted": false,
"disable_correlation": true,
"object_relation": "flag",
"timestamp": "1662993711",
"to_ids": false,
"type": "text",
"uuid": "855f0c4d-1e24-4514-9f12-8ad11b2d967e",
"value": "ALLOC"
},
{
"category": "Other",
"comment": "",
"deleted": false,
"disable_correlation": true,
"object_relation": "size-in-bytes",
"timestamp": "1662993711",
"to_ids": false,
"type": "size-in-bytes",
"uuid": "25e9abee-b290-4c2e-af5d-d0c8162860e5",
"value": "670352"
},
{
"category": "Other",
"comment": "",
"deleted": false,
"disable_correlation": true,
"object_relation": "entropy",
"timestamp": "1662993711",
"to_ids": false,
"type": "float",
"uuid": "8a317da4-6474-45da-98cc-270aef19074a",
"value": "6.4052123470059"
},
{
"category": "Payload delivery",
"comment": "",
"deleted": false,
"disable_correlation": false,
"object_relation": "md5",
"timestamp": "1662993711",
"to_ids": true,
"type": "md5",
"uuid": "5085cfcf-1ea6-41d7-9ad7-df61b8fe5254",
"value": "cd775d3116c23321a8cd3ceaa9e965c3"
},
{
"category": "Payload delivery",
"comment": "",
"deleted": false,
"disable_correlation": false,
"object_relation": "sha1",
"timestamp": "1662993711",
"to_ids": true,
"type": "sha1",
"uuid": "88de6759-7003-4182-a456-fd23b7e59fcf",
"value": "c7316c92f57b5baad7f4422b83c6e6e720d1d4d6"
},
{
"category": "Payload delivery",
"comment": "",
"deleted": false,
"disable_correlation": false,
"object_relation": "sha256",
"timestamp": "1662993711",
"to_ids": true,
"type": "sha256",
"uuid": "b60257f7-073d-49c6-906f-95628ea77455",
"value": "9977648286246098624bb8ae19ad020ac5cc30104843a738d3c4426698af2a92"
},
{
"category": "Payload delivery",
"comment": "",
"deleted": false,
"disable_correlation": false,
"object_relation": "sha512",
"timestamp": "1662993711",
"to_ids": true,
"type": "sha512",
"uuid": "9c503503-b361-4d7a-aa96-f6c8c985a0d7",
"value": "fd9b3838a58451d0a6031b5256a2190f702eefa7821ffd4b6329be49ef57f981aa82615a477136e2bd8d27031918e00b902310e6bd0646f25d4b9d7c247a9b5c"
},
{
"category": "Payload delivery",
"comment": "",
"deleted": false,
"disable_correlation": false,
"object_relation": "ssdeep",
"timestamp": "1662993711",
"to_ids": true,
"type": "ssdeep",
"uuid": "8f760cab-1728-4706-b53f-456594606981",
"value": "12288:QtzDQ2qqFJfYcZHvnA8vtKJfYcdUTxb4bGVUejirVFU3kJ46/bU5YrynhvPB:8fEPcZPnxjc+T8rV23OAf"
}
]
},
{
"comment": "",
"deleted": false,
"description": "Object describing a section of an Executable and Linkable Format",
"meta-category": "file",
"name": "elf-section",
"template_uuid": "ca271f32-1234-4e87-b240-6b6e882de5de",
"template_version": "4",
"timestamp": "1663146384",
"uuid": "387ad845-011a-4be6-8fe4-869f04b7bd4c",
"Attribute": [
{
"category": "Other",
"comment": "",
"deleted": false,
"disable_correlation": true,
"object_relation": "name",
"timestamp": "1662993711",
"to_ids": false,
"type": "text",
"uuid": "ef63ee57-43b1-40de-b703-a05ae28ec969",
"value": ".stapsdt.base"
},
{
"category": "Other",
"comment": "",
"deleted": false,
"disable_correlation": true,
"object_relation": "type",
"timestamp": "1662993711",
"to_ids": false,
"type": "text",
"uuid": "539cae70-eab8-4d73-b6aa-92ffd9254bd5",
"value": "PROGBITS"
},
{
"category": "Other",
"comment": "",
"deleted": false,
"disable_correlation": true,
"object_relation": "flag",
"timestamp": "1662993711",
"to_ids": false,
"type": "text",
"uuid": "5274798b-a794-4e80-85d8-3a386982def1",
"value": "ALLOC"
},
{
"category": "Other",
"comment": "",
"deleted": false,
"disable_correlation": true,
"object_relation": "size-in-bytes",
"timestamp": "1662993711",
"to_ids": false,
"type": "size-in-bytes",
"uuid": "5c916a71-c2af-4065-9711-24e9f33cd319",
"value": "1"
},
{
"category": "Payload delivery",
"comment": "",
"deleted": false,
"disable_correlation": false,
"object_relation": "md5",
"timestamp": "1663146371",
"to_ids": false,
"type": "md5",
"uuid": "6d07d893-cd33-452f-8777-66b79aec1eb2",
"value": "93b885adfe0da089cdf634904fd59f71"
},
{
"category": "Payload delivery",
"comment": "",
"deleted": false,
"disable_correlation": false,
"object_relation": "sha1",
"timestamp": "1663146375",
"to_ids": false,
"type": "sha1",
"uuid": "71af2a0a-42a8-49e7-96e3-def9153fc8f7",
"value": "5ba93c9db0cff93f52b521d7420e43f6eda2784f"
},
{
"category": "Payload delivery",
"comment": "",
"deleted": false,
"disable_correlation": false,
"object_relation": "sha256",
"timestamp": "1663146378",
"to_ids": false,
"type": "sha256",
"uuid": "35de68cd-e191-4595-a6dd-31350cb75166",
"value": "6e340b9cffb37a989ca544e6bb780a2c78901d3fb33738768511a30617afa01d"
},
{
"category": "Payload delivery",
"comment": "",
"deleted": false,
"disable_correlation": false,
"object_relation": "sha512",
"timestamp": "1663146380",
"to_ids": false,
"type": "sha512",
"uuid": "c884f215-f769-4278-898d-1d62d57886b1",
"value": "b8244d028981d693af7b456af8efa4cad63d282e19ff14942c246e50d9351d22704a802a71c3580b6370de4ceb293c324a8423342557d4e5c38438f0e36910ee"
},
{
"category": "Payload delivery",
"comment": "",
"deleted": false,
"disable_correlation": false,
"object_relation": "ssdeep",
"timestamp": "1663146384",
"to_ids": false,
"type": "ssdeep",
"uuid": "d0d58326-657e-4a7f-b60c-e7589c4629a2",
"value": "3::"
}
]
},
{
"comment": "",
"deleted": false,
"description": "Object describing a section of an Executable and Linkable Format",
"meta-category": "file",
"name": "elf-section",
"template_uuid": "ca271f32-1234-4e87-b240-6b6e882de5de",
"template_version": "4",
"timestamp": "1662993711",
"uuid": "82994316-c33d-4f20-b1cb-43ebcfccfacf",
"Attribute": [
{
"category": "Other",
"comment": "",
"deleted": false,
"disable_correlation": true,
"object_relation": "name",
"timestamp": "1662993712",
"to_ids": false,
"type": "text",
"uuid": "17ff4837-6778-4ceb-a636-e6c54426bcc3",
"value": "__libc_subfreeres"
},
{
"category": "Other",
"comment": "",
"deleted": false,
"disable_correlation": true,
"object_relation": "type",
"timestamp": "1662993712",
"to_ids": false,
"type": "text",
"uuid": "55fe27b0-5340-473c-b6a4-2d0f0efe5c8d",
"value": "PROGBITS"
},
{
"category": "Other",
"comment": "",
"deleted": false,
"disable_correlation": true,
"object_relation": "flag",
"timestamp": "1662993712",
"to_ids": false,
"type": "text",
"uuid": "65179f71-4b1d-4df1-9db1-240d30db12b7",
"value": "ALLOC"
},
{
"category": "Other",
"comment": "",
"deleted": false,
"disable_correlation": true,
"object_relation": "size-in-bytes",
"timestamp": "1662993712",
"to_ids": false,
"type": "size-in-bytes",
"uuid": "ed118fbb-e38a-4f35-ac8c-ef6530e5f6f4",
"value": "160"
},
{
"category": "Other",
"comment": "",
"deleted": false,
"disable_correlation": true,
"object_relation": "entropy",
"timestamp": "1662993712",
"to_ids": false,
"type": "float",
"uuid": "16779837-4194-455f-ac80-bcb769ba0005",
"value": "2.3520369438738"
},
{
"category": "Payload delivery",
"comment": "",
"deleted": false,
"disable_correlation": false,
"object_relation": "md5",
"timestamp": "1662993712",
"to_ids": true,
"type": "md5",
"uuid": "873dfa30-cfd6-4668-a550-ba0c5864bc4b",
"value": "44d1d58be39708e7061343e8d9362e32"
},
{
"category": "Payload delivery",
"comment": "",
"deleted": false,
"disable_correlation": false,
"object_relation": "sha1",
"timestamp": "1662993712",
"to_ids": true,
"type": "sha1",
"uuid": "aa8a1b63-5f9d-4321-bac4-4dc183af361b",
"value": "6626efb8bb81abf1562e8241803001b2b6c3d76c"
},
{
"category": "Payload delivery",
"comment": "",
"deleted": false,
"disable_correlation": false,
"object_relation": "sha256",
"timestamp": "1662993712",
"to_ids": true,
"type": "sha256",
"uuid": "e5ac5ea6-d57a-411a-b864-d2c15c369326",
"value": "3af0d0880996d41c12b464ff9d4d584117d5a92eb7e3bda93aa5ac6afe24c2e8"
},
{
"category": "Payload delivery",
"comment": "",
"deleted": false,
"disable_correlation": false,
"object_relation": "sha512",
"timestamp": "1662993712",
"to_ids": true,
"type": "sha512",
"uuid": "257d9321-9ce2-40d8-819c-0280791e5a6a",
"value": "f28d19e31389d1aac167aa2962bfa47f6099f96565c049ef6c842236ff122f4df92c08effeb9edf68ee08a3281dae92d22d27280ee30d4c72b8e10639ffbe5d6"
},
{
"category": "Payload delivery",
"comment": "",
"deleted": false,
"disable_correlation": false,
"object_relation": "ssdeep",
"timestamp": "1662993712",
"to_ids": true,
"type": "ssdeep",
"uuid": "144ba2bc-7cc3-43f5-b2b6-7dbfc1288579",
"value": "3:9lllbOlCtsx2lC3Q//g//wXc6/lXlNtllttllulZ//:uCqEcZt7"
}
]
},
{
"comment": "",
"deleted": false,
"description": "Object describing a section of an Executable and Linkable Format",
"meta-category": "file",
"name": "elf-section",
"template_uuid": "ca271f32-1234-4e87-b240-6b6e882de5de",
"template_version": "4",
"timestamp": "1662993712",
"uuid": "a3fd4ad8-adc2-409c-b333-db24c1d505b2",
"Attribute": [
{
"category": "Other",
"comment": "",
"deleted": false,
"disable_correlation": true,
"object_relation": "name",
"timestamp": "1662993712",
"to_ids": false,
"type": "text",
"uuid": "e93e9393-7d65-428a-921c-4088384dc2a9",
"value": "__libc_atexit"
},
{
"category": "Other",
"comment": "",
"deleted": false,
"disable_correlation": true,
"object_relation": "type",
"timestamp": "1662993712",
"to_ids": false,
"type": "text",
"uuid": "b32e9827-243b-4b32-86d0-802491bcaa0e",
"value": "PROGBITS"
},
{
"category": "Other",
"comment": "",
"deleted": false,
"disable_correlation": true,
"object_relation": "flag",
"timestamp": "1662993712",
"to_ids": false,
"type": "text",
"uuid": "be36adc0-4536-4d69-b4cc-bfeadf3a56cb",
"value": "ALLOC"
},
{
"category": "Other",
"comment": "",
"deleted": false,
"disable_correlation": true,
"object_relation": "size-in-bytes",
"timestamp": "1662993712",
"to_ids": false,
"type": "size-in-bytes",
"uuid": "582c1940-7975-43cd-b88f-d15edb2728c6",
"value": "8"
},
{
"category": "Other",
"comment": "",
"deleted": false,
"disable_correlation": true,
"object_relation": "entropy",
"timestamp": "1662993712",
"to_ids": false,
"type": "float",
"uuid": "2a39b2a6-2023-4e2b-85d9-d8ccf73fb00f",
"value": "1.5487949406954"
},
{
"category": "Payload delivery",
"comment": "",
"deleted": false,
"disable_correlation": false,
"object_relation": "md5",
"timestamp": "1662993712",
"to_ids": true,
"type": "md5",
"uuid": "8c20dea4-0ceb-40f7-8270-867ae3ae508d",
"value": "914507733b69f26db4f60eeae575ef21"
},
{
"category": "Payload delivery",
"comment": "",
"deleted": false,
"disable_correlation": false,
"object_relation": "sha1",
"timestamp": "1662993712",
"to_ids": true,
"type": "sha1",
"uuid": "331a33c1-aaad-43c0-b644-0aaf170748f9",
"value": "d42892e1aa2f1c0b8056604c41749f393759e763"
},
{
"category": "Payload delivery",
"comment": "",
"deleted": false,
"disable_correlation": false,
"object_relation": "sha256",
"timestamp": "1662993712",
"to_ids": true,
"type": "sha256",
"uuid": "25cc0fdb-cf83-44fa-bd41-02c9a6ea1d43",
"value": "635fd7f01ed13250939e95911cc987d4f2fbcbad47d864881a2e5cfe1a5c9fd9"
},
{
"category": "Payload delivery",
"comment": "",
"deleted": false,
"disable_correlation": false,
"object_relation": "sha512",
"timestamp": "1662993712",
"to_ids": true,
"type": "sha512",
"uuid": "1fbc52db-31b0-4037-a181-22cecc7e3b80",
"value": "90ee4764b435d853e705eadc249eed88209e7778adf86b3ac359cf75a689a84fedbb80ff15d008c55782ea8f106d18cb4081280fa4d93fc745357ae7dad84632"
},
{
"category": "Payload delivery",
"comment": "",
"deleted": false,
"disable_correlation": false,
"object_relation": "ssdeep",
"timestamp": "1662993712",
"to_ids": true,
"type": "ssdeep",
"uuid": "65320e9c-1d1e-45b7-a33f-9daeb1523464",
"value": "3:Mlll/n:M/t"
}
]
},
{
"comment": "",
"deleted": false,
"description": "Object describing a section of an Executable and Linkable Format",
"meta-category": "file",
"name": "elf-section",
"template_uuid": "ca271f32-1234-4e87-b240-6b6e882de5de",
"template_version": "4",
"timestamp": "1662993712",
"uuid": "a20f6096-5314-4218-83a0-38e46724cef6",
"Attribute": [
{
"category": "Other",
"comment": "",
"deleted": false,
"disable_correlation": true,
"object_relation": "name",
"timestamp": "1662993712",
"to_ids": false,
"type": "text",
"uuid": "fb26c50f-797f-4b90-b7bb-ef8f349ca991",
"value": "__libc_thread_subfreeres"
},
{
"category": "Other",
"comment": "",
"deleted": false,
"disable_correlation": true,
"object_relation": "type",
"timestamp": "1662993712",
"to_ids": false,
"type": "text",
"uuid": "171b834f-19e3-4dbb-b566-621e554ebd88",
"value": "PROGBITS"
},
{
"category": "Other",
"comment": "",
"deleted": false,
"disable_correlation": true,
"object_relation": "flag",
"timestamp": "1662993712",
"to_ids": false,
"type": "text",
"uuid": "a813f78f-4d03-4798-9833-69d13bb36e6a",
"value": "ALLOC"
},
{
"category": "Other",
"comment": "",
"deleted": false,
"disable_correlation": true,
"object_relation": "size-in-bytes",
"timestamp": "1662993712",
"to_ids": false,
"type": "size-in-bytes",
"uuid": "3ca40ede-728e-4be0-970f-fac02330a133",
"value": "16"
},
{
"category": "Other",
"comment": "",
"deleted": false,
"disable_correlation": true,
"object_relation": "entropy",
"timestamp": "1662993712",
"to_ids": false,
"type": "float",
"uuid": "1d93820a-2484-4fd5-bb03-361241214915",
"value": "1.7987949406954"
},
{
"category": "Payload delivery",
"comment": "",
"deleted": false,
"disable_correlation": false,
"object_relation": "md5",
"timestamp": "1662993712",
"to_ids": true,
"type": "md5",
"uuid": "eb9ce0ee-2d59-4a56-8c80-666dfafec1e5",
"value": "9f28d6e24ac3c236ce526343d6b89725"
},
{
"category": "Payload delivery",
"comment": "",
"deleted": false,
"disable_correlation": false,
"object_relation": "sha1",
"timestamp": "1662993712",
"to_ids": true,
"type": "sha1",
"uuid": "3f3e8c7d-68c5-4f08-a51c-b019e050f434",
"value": "5f4c011f6555895a99969d46a900774e38639697"
},
{
"category": "Payload delivery",
"comment": "",
"deleted": false,
"disable_correlation": false,
"object_relation": "sha256",
"timestamp": "1662993712",
"to_ids": true,
"type": "sha256",
"uuid": "1aa7c2fc-468e-4d6f-ac97-fb7da51be9e6",
"value": "6365413a2a0210708a929ac8be67d3d00dcaff6ff9cabb42369396db50c33335"
},
{
"category": "Payload delivery",
"comment": "",
"deleted": false,
"disable_correlation": false,
"object_relation": "sha512",
"timestamp": "1662993712",
"to_ids": true,
"type": "sha512",
"uuid": "4c217c85-dd1a-4049-a6df-4b904a459ba4",
"value": "8190cfc86663b0a827a7b221cf9646ed2556a7baa891c771a880d1233706fc5ccfdffe4cdd27dc68acfb161d9622b2551a7ae0acda7a9563740e84acb54f20cc"
},
{
"category": "Payload delivery",
"comment": "",
"deleted": false,
"disable_correlation": false,
"object_relation": "ssdeep",
"timestamp": "1662993712",
"to_ids": true,
"type": "ssdeep",
"uuid": "f46bf489-4fd0-4e35-a799-9dede70439bc",
"value": "3:6llZ//:O7"
}
]
},
{
"comment": "",
"deleted": false,
"description": "Object describing a section of an Executable and Linkable Format",
"meta-category": "file",
"name": "elf-section",
"template_uuid": "ca271f32-1234-4e87-b240-6b6e882de5de",
"template_version": "4",
"timestamp": "1662993712",
"uuid": "c2ab6b17-9938-4977-8d55-a2618dadb2e2",
"Attribute": [
{
"category": "Other",
"comment": "",
"deleted": false,
"disable_correlation": true,
"object_relation": "name",
"timestamp": "1662993712",
"to_ids": false,
"type": "text",
"uuid": "57fbe3c4-66e0-4c09-93d5-aeb37a3b530e",
"value": ".eh_frame"
},
{
"category": "Other",
"comment": "",
"deleted": false,
"disable_correlation": true,
"object_relation": "type",
"timestamp": "1662993712",
"to_ids": false,
"type": "text",
"uuid": "ab98758b-f1ec-4be3-a7ac-ad6335e5069a",
"value": "PROGBITS"
},
{
"category": "Other",
"comment": "",
"deleted": false,
"disable_correlation": true,
"object_relation": "flag",
"timestamp": "1662993712",
"to_ids": false,
"type": "text",
"uuid": "d2324b67-b3d3-4216-8817-7694a80ffccb",
"value": "ALLOC"
},
{
"category": "Other",
"comment": "",
"deleted": false,
"disable_correlation": true,
"object_relation": "size-in-bytes",
"timestamp": "1662993712",
"to_ids": false,
"type": "size-in-bytes",
"uuid": "de573d93-c750-4820-b8c9-e7536790d039",
"value": "435308"
},
{
"category": "Other",
"comment": "",
"deleted": false,
"disable_correlation": true,
"object_relation": "entropy",
"timestamp": "1662993712",
"to_ids": false,
"type": "float",
"uuid": "d388247f-7846-4830-95b8-fc69360ea16e",
"value": "5.1717032646315"
},
{
"category": "Payload delivery",
"comment": "",
"deleted": false,
"disable_correlation": false,
"object_relation": "md5",
"timestamp": "1662993712",
"to_ids": true,
"type": "md5",
"uuid": "11f8f3e5-b96a-42d9-80c6-93b8f3bc94bd",
"value": "23d2e4b12403d10913149d0c29423993"
},
{
"category": "Payload delivery",
"comment": "",
"deleted": false,
"disable_correlation": false,
"object_relation": "sha1",
"timestamp": "1662993712",
"to_ids": true,
"type": "sha1",
"uuid": "8a5ef062-a8db-4867-9cfc-283f26fce9ba",
"value": "d8cecbab2355c5bc92b8fe2502791b8e152b4534"
},
{
"category": "Payload delivery",
"comment": "",
"deleted": false,
"disable_correlation": false,
"object_relation": "sha256",
"timestamp": "1662993712",
"to_ids": true,
"type": "sha256",
"uuid": "f5973c34-216e-4a85-9e1d-e9503aea24a3",
"value": "281ca1bd3549af5e92585bdaa356184e62dac13073797321c4d004907ac0727e"
},
{
"category": "Payload delivery",
"comment": "",
"deleted": false,
"disable_correlation": false,
"object_relation": "sha512",
"timestamp": "1662993712",
"to_ids": true,
"type": "sha512",
"uuid": "9c391f30-d8ff-4efe-bebc-94137f4976fe",
"value": "556faa489660be762c1fcb8a3f69dd5cc429237a87f2954fdfe8b1bdb009376501cdbc51be1968766fe2471af4fc702cf26e75bd1b6a61cb48ec3f4b9f299194"
},
{
"category": "Payload delivery",
"comment": "",
"deleted": false,
"disable_correlation": false,
"object_relation": "ssdeep",
"timestamp": "1662993712",
"to_ids": true,
"type": "ssdeep",
"uuid": "b1771596-ed91-473a-9f20-093581d52659",
"value": "6144:Q2J99aqApTHqKNqTVQyQNXIvM4jILifr0qjVOtDSwE:raRRNXIvM9LiT0s"
}
]
},
{
"comment": "",
"deleted": false,
"description": "Object describing a section of an Executable and Linkable Format",
"meta-category": "file",
"name": "elf-section",
"template_uuid": "ca271f32-1234-4e87-b240-6b6e882de5de",
"template_version": "4",
"timestamp": "1662993712",
"uuid": "5bd40820-14d2-4783-b4f9-cf9fd0483b9b",
"Attribute": [
{
"category": "Other",
"comment": "",
"deleted": false,
"disable_correlation": true,
"object_relation": "name",
"timestamp": "1662993712",
"to_ids": false,
"type": "text",
"uuid": "bb6928b7-61de-4d38-89dd-7f9cb2c0af7f",
"value": ".gcc_except_table"
},
{
"category": "Other",
"comment": "",
"deleted": false,
"disable_correlation": true,
"object_relation": "type",
"timestamp": "1662993712",
"to_ids": false,
"type": "text",
"uuid": "49427562-1b94-462d-9829-31a2606451df",
"value": "PROGBITS"
},
{
"category": "Other",
"comment": "",
"deleted": false,
"disable_correlation": true,
"object_relation": "flag",
"timestamp": "1662993712",
"to_ids": false,
"type": "text",
"uuid": "70a5eb09-e6d3-403e-b8c6-65c92b4db350",
"value": "ALLOC"
},
{
"category": "Other",
"comment": "",
"deleted": false,
"disable_correlation": true,
"object_relation": "size-in-bytes",
"timestamp": "1662993712",
"to_ids": false,
"type": "size-in-bytes",
"uuid": "62644002-619d-4361-bdae-203a52abb227",
"value": "38134"
},
{
"category": "Other",
"comment": "",
"deleted": false,
"disable_correlation": true,
"object_relation": "entropy",
"timestamp": "1662993712",
"to_ids": false,
"type": "float",
"uuid": "09891c79-fad5-4235-b12c-f2c62c410405",
"value": "5.4414209378793"
},
{
"category": "Payload delivery",
"comment": "",
"deleted": false,
"disable_correlation": false,
"object_relation": "md5",
"timestamp": "1662993712",
"to_ids": true,
"type": "md5",
"uuid": "d2162498-3f85-46d5-b478-e15245eb2471",
"value": "9d5495e8824ee288fab3dce3f7597880"
},
{
"category": "Payload delivery",
"comment": "",
"deleted": false,
"disable_correlation": false,
"object_relation": "sha1",
"timestamp": "1662993712",
"to_ids": true,
"type": "sha1",
"uuid": "510c9f2f-997c-48da-8998-fef199c85c9d",
"value": "9b85be3665fa29887c7fd7765488e8fe530a51b2"
},
{
"category": "Payload delivery",
"comment": "",
"deleted": false,
"disable_correlation": false,
"object_relation": "sha256",
"timestamp": "1662993712",
"to_ids": true,
"type": "sha256",
"uuid": "c7b7346a-2c45-4d58-9884-895db738accb",
"value": "ddc5d78168a7d642475abffdfa22fb510d0bd5c05cdd502f222ffb21cece2a08"
},
{
"category": "Payload delivery",
"comment": "",
"deleted": false,
"disable_correlation": false,
"object_relation": "sha512",
"timestamp": "1662993712",
"to_ids": true,
"type": "sha512",
"uuid": "39ebb6b7-a829-44c2-a392-d72abb0cdd8e",
"value": "6b137e6d67546a081fd9fdb42d31245daec501a9101e8d9cfd89fc29fa6fd285ac3c07eda63853a33a235c9a2022feaaadfe9dd39d041a84515a846a883355dd"
},
{
"category": "Payload delivery",
"comment": "",
"deleted": false,
"disable_correlation": false,
"object_relation": "ssdeep",
"timestamp": "1662993712",
"to_ids": true,
"type": "ssdeep",
"uuid": "2c3151be-f05a-4560-9957-80ce56ae901d",
"value": "768:zGCIE8LtiYGe9f8LOwh/fiNlLx7R+gGyQMwVefDi3:zGu8LDGeiLOU/fiHFFu"
}
]
},
{
"comment": "",
"deleted": false,
"description": "Object describing a section of an Executable and Linkable Format",
"meta-category": "file",
"name": "elf-section",
"template_uuid": "ca271f32-1234-4e87-b240-6b6e882de5de",
"template_version": "4",
"timestamp": "1662993712",
"uuid": "dd6b54d8-8ec9-42d3-99d4-6db1e3f8e8f7",
"Attribute": [
{
"category": "Other",
"comment": "",
"deleted": false,
"disable_correlation": true,
"object_relation": "name",
"timestamp": "1662993712",
"to_ids": false,
"type": "text",
"uuid": "79f832b3-20a9-4cf0-816e-50669141a238",
"value": ".tdata"
},
{
"category": "Other",
"comment": "",
"deleted": false,
"disable_correlation": true,
"object_relation": "type",
"timestamp": "1662993712",
"to_ids": false,
"type": "text",
"uuid": "504fe296-7d6b-43b7-98a3-5ef974b14e6d",
"value": "PROGBITS"
},
{
"category": "Other",
"comment": "",
"deleted": false,
"disable_correlation": true,
"object_relation": "flag",
"timestamp": "1662993712",
"to_ids": false,
"type": "text",
"uuid": "1a4000cc-8d29-4f4a-ae39-60fba185a7c4",
"value": "TLS"
},
{
"category": "Other",
"comment": "",
"deleted": false,
"disable_correlation": true,
"object_relation": "flag",
"timestamp": "1662993712",
"to_ids": false,
"type": "text",
"uuid": "83e91bde-9c70-487b-9222-0a23ac0334ae",
"value": "WRITE"
},
{
"category": "Other",
"comment": "",
"deleted": false,
"disable_correlation": true,
"object_relation": "flag",
"timestamp": "1662993712",
"to_ids": false,
"type": "text",
"uuid": "5693bf9b-ad28-4978-ac74-e03088e58aa4",
"value": "ALLOC"
},
{
"category": "Other",
"comment": "",
"deleted": false,
"disable_correlation": true,
"object_relation": "size-in-bytes",
"timestamp": "1662993712",
"to_ids": false,
"type": "size-in-bytes",
"uuid": "f368563a-90f9-4b01-9116-53a3a4546a7d",
"value": "112"
},
{
"category": "Other",
"comment": "",
"deleted": false,
"disable_correlation": true,
"object_relation": "entropy",
"timestamp": "1662993712",
"to_ids": false,
"type": "float",
"uuid": "a997adb6-2c2a-4740-a27c-3e9621774e5c",
"value": "2.143538830137"
},
{
"category": "Payload delivery",
"comment": "",
"deleted": false,
"disable_correlation": false,
"object_relation": "md5",
"timestamp": "1662993712",
"to_ids": true,
"type": "md5",
"uuid": "72a45e16-8b51-4ac2-bef9-f90df65ffa5e",
"value": "077a80dd72ac37e9b9e54c85f9a16a6e"
},
{
"category": "Payload delivery",
"comment": "",
"deleted": false,
"disable_correlation": false,
"object_relation": "sha1",
"timestamp": "1662993712",
"to_ids": true,
"type": "sha1",
"uuid": "5b18b966-ed8d-4b41-9185-ecdade1b291d",
"value": "8f6b2e6a9b33244d583fb87e0043fc2e58cd76e4"
},
{
"category": "Payload delivery",
"comment": "",
"deleted": false,
"disable_correlation": false,
"object_relation": "sha256",
"timestamp": "1662993712",
"to_ids": true,
"type": "sha256",
"uuid": "528a68df-7e04-4053-97b4-c050cb0bae3c",
"value": "a7f9d7e81f5fd6d33862616bc188e69aec30408ebac35bcf44db2ffe5887983a"
},
{
"category": "Payload delivery",
"comment": "",
"deleted": false,
"disable_correlation": false,
"object_relation": "sha512",
"timestamp": "1662993712",
"to_ids": true,
"type": "sha512",
"uuid": "f3617351-6c98-4423-a49f-ddeb3ac3e647",
"value": "6f68312ddee5a2b0bfd1d2761a04aa481d87902f50489606072082b3d255f5a900360b61b9c6ad62757e1446540023271fa104279b6b9c3c48cf4501652ea00e"
},
{
"category": "Payload delivery",
"comment": "",
"deleted": false,
"disable_correlation": false,
"object_relation": "ssdeep",
"timestamp": "1662993712",
"to_ids": true,
"type": "ssdeep",
"uuid": "325520a3-3ebf-499d-9425-4ea73143f0fc",
"value": "3:k/lFiWt3Wtv6Wt/ztlLJl/nztNDS/ltS/ltOll/l:k/XiP2/i/elX"
}
]
},
{
"comment": "",
"deleted": false,
"description": "Object describing a section of an Executable and Linkable Format",
"meta-category": "file",
"name": "elf-section",
"template_uuid": "ca271f32-1234-4e87-b240-6b6e882de5de",
"template_version": "4",
"timestamp": "1662993712",
"uuid": "fea3f084-e86e-47f3-9f7b-a7aba74ccb3b",
"Attribute": [
{
"category": "Other",
"comment": "",
"deleted": false,
"disable_correlation": true,
"object_relation": "name",
"timestamp": "1662993712",
"to_ids": false,
"type": "text",
"uuid": "127730bc-4eee-4a4b-9b89-7f9078cf7c32",
"value": ".tbss"
},
{
"category": "Other",
"comment": "",
"deleted": false,
"disable_correlation": true,
"object_relation": "type",
"timestamp": "1662993712",
"to_ids": false,
"type": "text",
"uuid": "33db414d-b3db-41ed-9fd7-266cdbf2532e",
"value": "NOBITS"
},
{
"category": "Other",
"comment": "",
"deleted": false,
"disable_correlation": true,
"object_relation": "flag",
"timestamp": "1662993712",
"to_ids": false,
"type": "text",
"uuid": "731d13db-59c1-4539-9fe2-d9739ece4f20",
"value": "TLS"
},
{
"category": "Other",
"comment": "",
"deleted": false,
"disable_correlation": true,
"object_relation": "flag",
"timestamp": "1662993712",
"to_ids": false,
"type": "text",
"uuid": "16e33d97-9094-48b7-81b7-a038b3debb16",
"value": "WRITE"
},
{
"category": "Other",
"comment": "",
"deleted": false,
"disable_correlation": true,
"object_relation": "flag",
"timestamp": "1662993712",
"to_ids": false,
"type": "text",
"uuid": "3618e9e7-bb4e-41fd-a6f9-3a006d330700",
"value": "ALLOC"
},
{
"category": "Other",
"comment": "",
"deleted": false,
"disable_correlation": true,
"object_relation": "size-in-bytes",
"timestamp": "1662993712",
"to_ids": false,
"type": "size-in-bytes",
"uuid": "07ecf5be-a84b-4e2d-9e11-1cb2824c27b2",
"value": "88"
},
{
"category": "Other",
"comment": "",
"deleted": false,
"disable_correlation": true,
"object_relation": "entropy",
"timestamp": "1662993712",
"to_ids": false,
"type": "float",
"uuid": "c2230b92-7e8c-48b0-809a-b2455cc18b38",
"value": "2.2413172414472"
},
{
"category": "Payload delivery",
"comment": "",
"deleted": false,
"disable_correlation": false,
"object_relation": "md5",
"timestamp": "1662993712",
"to_ids": true,
"type": "md5",
"uuid": "340e64e5-7d7f-45a8-917c-d6942cacf986",
"value": "b7d98e2bff1d0cabff1c12ea6f42c530"
},
{
"category": "Payload delivery",
"comment": "",
"deleted": false,
"disable_correlation": false,
"object_relation": "sha1",
"timestamp": "1662993712",
"to_ids": true,
"type": "sha1",
"uuid": "2bca9b8c-1103-459a-b713-845995299a79",
"value": "90772a68ebd602896292832af2eacb1a9eae7fb2"
},
{
"category": "Payload delivery",
"comment": "",
"deleted": false,
"disable_correlation": false,
"object_relation": "sha256",
"timestamp": "1662993712",
"to_ids": true,
"type": "sha256",
"uuid": "3b43a63e-1268-4b6b-9758-3f2355b1dbd0",
"value": "6f673fab90741fcbfe19a6553bbe402d3479a71c550b4c762b0d0efd68ba5cb3"
},
{
"category": "Payload delivery",
"comment": "",
"deleted": false,
"disable_correlation": false,
"object_relation": "sha512",
"timestamp": "1662993712",
"to_ids": true,
"type": "sha512",
"uuid": "3fc2a0b2-f173-475e-b755-2913bc3c9f4c",
"value": "e14b4ecbda2dfeeb65a9595f09b2ab67a82aaec1d7f715ce910c2de16d27ef8008038a61afc9b25a05255727ededd28bd8bcdadd459e1ba23334b577e733e430"
},
{
"category": "Payload delivery",
"comment": "",
"deleted": false,
"disable_correlation": false,
"object_relation": "ssdeep",
"timestamp": "1662993712",
"to_ids": true,
"type": "ssdeep",
"uuid": "113f838b-1e7a-4cad-a077-19298e105b94",
"value": "3:xX1yPxllMlllNMPMllnMP3ll1fX1VlFf//n:um/c0/M1"
}
]
},
{
"comment": "",
"deleted": false,
"description": "Object describing a section of an Executable and Linkable Format",
"meta-category": "file",
"name": "elf-section",
"template_uuid": "ca271f32-1234-4e87-b240-6b6e882de5de",
"template_version": "4",
"timestamp": "1662993712",
"uuid": "0a72bfd3-3a03-425c-9da6-e5bf14a73b87",
"Attribute": [
{
"category": "Other",
"comment": "",
"deleted": false,
"disable_correlation": true,
"object_relation": "name",
"timestamp": "1662993712",
"to_ids": false,
"type": "text",
"uuid": "e71a3dba-d236-44f3-85ee-3efecd2870cf",
"value": ".preinit_array"
},
{
"category": "Other",
"comment": "",
"deleted": false,
"disable_correlation": true,
"object_relation": "type",
"timestamp": "1662993712",
"to_ids": false,
"type": "text",
"uuid": "9c3b6a48-75d5-43e1-b330-16c85f6c9c3f",
"value": "PREINIT_ARRAY"
},
{
"category": "Other",
"comment": "",
"deleted": false,
"disable_correlation": true,
"object_relation": "flag",
"timestamp": "1662993712",
"to_ids": false,
"type": "text",
"uuid": "55f933c9-de12-4f73-9df3-d930c9899fe7",
"value": "WRITE"
},
{
"category": "Other",
"comment": "",
"deleted": false,
"disable_correlation": true,
"object_relation": "flag",
"timestamp": "1662993712",
"to_ids": false,
"type": "text",
"uuid": "ad789c2c-9e49-4f4f-bba5-bdb5be9d36ea",
"value": "ALLOC"
},
{
"category": "Other",
"comment": "",
"deleted": false,
"disable_correlation": true,
"object_relation": "size-in-bytes",
"timestamp": "1662993712",
"to_ids": false,
"type": "size-in-bytes",
"uuid": "6589fffe-a438-45a6-945c-6a925d72b5d2",
"value": "8"
},
{
"category": "Other",
"comment": "",
"deleted": false,
"disable_correlation": true,
"object_relation": "entropy",
"timestamp": "1662993712",
"to_ids": false,
"type": "float",
"uuid": "a0d7bc70-b1ae-450b-9056-f346142653d0",
"value": "1.5487949406954"
},
{
"category": "Payload delivery",
"comment": "",
"deleted": false,
"disable_correlation": false,
"object_relation": "md5",
"timestamp": "1662993712",
"to_ids": true,
"type": "md5",
"uuid": "5e48f7cc-5462-4164-86f1-7d9bd6502874",
"value": "704c0956833842b61d2dd32e29e425ab"
},
{
"category": "Payload delivery",
"comment": "",
"deleted": false,
"disable_correlation": false,
"object_relation": "sha1",
"timestamp": "1662993712",
"to_ids": true,
"type": "sha1",
"uuid": "d9ad84b0-95a3-4301-85f1-33e3bd58fd68",
"value": "9bab30ca69f307cef2c2ce2cb4078a23c040a12f"
},
{
"category": "Payload delivery",
"comment": "",
"deleted": false,
"disable_correlation": false,
"object_relation": "sha256",
"timestamp": "1662993712",
"to_ids": true,
"type": "sha256",
"uuid": "95f0900e-af53-4e31-80b7-86bf4ba3d72a",
"value": "daffa496c8e073247a516be2b71e86bb88a524a8f2aac94830804dc66d123180"
},
{
"category": "Payload delivery",
"comment": "",
"deleted": false,
"disable_correlation": false,
"object_relation": "sha512",
"timestamp": "1662993712",
"to_ids": true,
"type": "sha512",
"uuid": "091b03ff-17a8-469a-8abe-9660cabcf592",
"value": "1bfb54d0c6dec984aca99d68068b90981faa8cb0548a586ed565fb59b2337afb1095a69489fae133188e7ac30b4e68b03f7892b9e2af4bfba1afdbc2ac38dba8"
},
{
"category": "Payload delivery",
"comment": "",
"deleted": false,
"disable_correlation": false,
"object_relation": "ssdeep",
"timestamp": "1662993712",
"to_ids": true,
"type": "ssdeep",
"uuid": "f750bf6b-3cc6-4ad7-b9a0-058614834cc2",
"value": "3:xXn:B"
}
]
},
{
"comment": "",
"deleted": false,
"description": "Object describing a section of an Executable and Linkable Format",
"meta-category": "file",
"name": "elf-section",
"template_uuid": "ca271f32-1234-4e87-b240-6b6e882de5de",
"template_version": "4",
"timestamp": "1662993712",
"uuid": "8d56336e-f1af-4d1f-be74-4699c6d39eac",
"Attribute": [
{
"category": "Other",
"comment": "",
"deleted": false,
"disable_correlation": true,
"object_relation": "name",
"timestamp": "1662993712",
"to_ids": false,
"type": "text",
"uuid": "44b422aa-94d1-48e2-b919-a67ba3867dfc",
"value": ".init_array"
},
{
"category": "Other",
"comment": "",
"deleted": false,
"disable_correlation": true,
"object_relation": "type",
"timestamp": "1662993712",
"to_ids": false,
"type": "text",
"uuid": "bdd2d926-f88e-49e1-98e0-74dbb1c5736d",
"value": "INIT_ARRAY"
},
{
"category": "Other",
"comment": "",
"deleted": false,
"disable_correlation": true,
"object_relation": "flag",
"timestamp": "1662993712",
"to_ids": false,
"type": "text",
"uuid": "ba957ceb-3af6-4943-84d1-aba76a628a08",
"value": "WRITE"
},
{
"category": "Other",
"comment": "",
"deleted": false,
"disable_correlation": true,
"object_relation": "flag",
"timestamp": "1662993712",
"to_ids": false,
"type": "text",
"uuid": "5a788840-c7e8-4d14-94fe-4b53068687cf",
"value": "ALLOC"
},
{
"category": "Other",
"comment": "",
"deleted": false,
"disable_correlation": true,
"object_relation": "size-in-bytes",
"timestamp": "1662993712",
"to_ids": false,
"type": "size-in-bytes",
"uuid": "f89406e6-7827-4549-aa68-72fdc62a0345",
"value": "392"
},
{
"category": "Other",
"comment": "",
"deleted": false,
"disable_correlation": true,
"object_relation": "entropy",
"timestamp": "1662993712",
"to_ids": false,
"type": "float",
"uuid": "af023a44-3a82-4f28-ae44-03d207a59976",
"value": "2.4922750210396"
},
{
"category": "Payload delivery",
"comment": "",
"deleted": false,
"disable_correlation": false,
"object_relation": "md5",
"timestamp": "1662993712",
"to_ids": true,
"type": "md5",
"uuid": "f1352658-b34b-44cf-8bb6-831fc9a12004",
"value": "026ad4569b5afa6dad1c43fcdd407433"
},
{
"category": "Payload delivery",
"comment": "",
"deleted": false,
"disable_correlation": false,
"object_relation": "sha1",
"timestamp": "1662993712",
"to_ids": true,
"type": "sha1",
"uuid": "e0a4e473-ec56-40c6-90c0-b63d060eee82",
"value": "04ba46557cefa41c869df9b7eb477723a28c3abf"
},
{
"category": "Payload delivery",
"comment": "",
"deleted": false,
"disable_correlation": false,
"object_relation": "sha256",
"timestamp": "1662993712",
"to_ids": true,
"type": "sha256",
"uuid": "e5f65eb8-3b64-4734-b2ab-72e9cf2092e8",
"value": "b1150f2a61d3835e05f54f31628465cad22c9f174f56a1f79f64e1331d1b52a7"
},
{
"category": "Payload delivery",
"comment": "",
"deleted": false,
"disable_correlation": false,
"object_relation": "sha512",
"timestamp": "1662993712",
"to_ids": true,
"type": "sha512",
"uuid": "12fe5b3f-fb7b-4168-b9af-ef60c12b1c62",
"value": "b45a60933ea2ad065db22408e7f070f19fff5b53622bc9488700152c0fdfb0a4cc44fb361a0120c0500b43691e7a3bd99501fe8bfed5f899e1213df6acce7789"
},
{
"category": "Payload delivery",
"comment": "",
"deleted": false,
"disable_correlation": false,
"object_relation": "ssdeep",
"timestamp": "1662993712",
"to_ids": true,
"type": "ssdeep",
"uuid": "5b8e7370-7777-4467-87b9-59e600d1f31c",
"value": "3:EPxllMlllNMPMllnMP3ll1fX1VlFf//lylX1WlWlDl1AXV5ll5l/9mtlPkttsVd7:Em/c0/M6RXctiyCVCS/ytIHP"
}
]
},
{
"comment": "",
"deleted": false,
"description": "Object describing a section of an Executable and Linkable Format",
"meta-category": "file",
"name": "elf-section",
"template_uuid": "ca271f32-1234-4e87-b240-6b6e882de5de",
"template_version": "4",
"timestamp": "1662993712",
"uuid": "98eaace2-d74a-43cf-a02a-a969867df3c1",
"Attribute": [
{
"category": "Other",
"comment": "",
"deleted": false,
"disable_correlation": true,
"object_relation": "name",
"timestamp": "1662993713",
"to_ids": false,
"type": "text",
"uuid": "fefb422e-1577-4ce7-8360-3b6c6ae56d87",
"value": ".fini_array"
},
{
"category": "Other",
"comment": "",
"deleted": false,
"disable_correlation": true,
"object_relation": "type",
"timestamp": "1662993713",
"to_ids": false,
"type": "text",
"uuid": "771e17ce-ada4-47b8-9cc5-7e6b115e7e13",
"value": "FINI_ARRAY"
},
{
"category": "Other",
"comment": "",
"deleted": false,
"disable_correlation": true,
"object_relation": "flag",
"timestamp": "1662993713",
"to_ids": false,
"type": "text",
"uuid": "f8afb6e5-cd0a-48ea-ab21-6982505ed319",
"value": "WRITE"
},
{
"category": "Other",
"comment": "",
"deleted": false,
"disable_correlation": true,
"object_relation": "flag",
"timestamp": "1662993713",
"to_ids": false,
"type": "text",
"uuid": "b9567976-2b39-43b3-b656-d0ae7c214318",
"value": "ALLOC"
},
{
"category": "Other",
"comment": "",
"deleted": false,
"disable_correlation": true,
"object_relation": "size-in-bytes",
"timestamp": "1662993713",
"to_ids": false,
"type": "size-in-bytes",
"uuid": "b8e595c7-59e5-48b1-88ec-8c4ed31266f7",
"value": "24"
},
{
"category": "Other",
"comment": "",
"deleted": false,
"disable_correlation": true,
"object_relation": "entropy",
"timestamp": "1662993713",
"to_ids": false,
"type": "float",
"uuid": "920a3a8b-70a3-40f5-a147-f418d040ea9d",
"value": "1.7264892117992"
},
{
"category": "Payload delivery",
"comment": "",
"deleted": false,
"disable_correlation": false,
"object_relation": "md5",
"timestamp": "1662993713",
"to_ids": true,
"type": "md5",
"uuid": "1b64f8f5-3723-4bc3-8a24-1d13491628d2",
"value": "61da51275742d0bcbe9d91d913b073c7"
},
{
"category": "Payload delivery",
"comment": "",
"deleted": false,
"disable_correlation": false,
"object_relation": "sha1",
"timestamp": "1662993713",
"to_ids": true,
"type": "sha1",
"uuid": "c9f588a5-9176-4eb9-b75e-dfd67b1052e8",
"value": "7fa699f97efc478c80b4ee3bf3985f45a47dd29e"
},
{
"category": "Payload delivery",
"comment": "",
"deleted": false,
"disable_correlation": false,
"object_relation": "sha256",
"timestamp": "1662993713",
"to_ids": true,
"type": "sha256",
"uuid": "52aeb109-7f42-43f7-b6d4-96dc575adacf",
"value": "b3c5fac1a040b33d87a301390a59205b0aa98c1fdcc85cf6ad185e7df1a2e886"
},
{
"category": "Payload delivery",
"comment": "",
"deleted": false,
"disable_correlation": false,
"object_relation": "sha512",
"timestamp": "1662993713",
"to_ids": true,
"type": "sha512",
"uuid": "90015775-7a22-4bda-aa92-e933a4ebce5a",
"value": "5ed2d744a9a3200ee37850b71feda657c7aaa77f347c570fee3cb24eb256c0d2575ecaf1ac5bda9a872f1b789f11ec8d9d51d814d5f8040e1c588ab1d548d1b7"
},
{
"category": "Payload delivery",
"comment": "",
"deleted": false,
"disable_correlation": false,
"object_relation": "ssdeep",
"timestamp": "1662993713",
"to_ids": true,
"type": "ssdeep",
"uuid": "0d4b8188-d288-4030-b22d-0ba424754508",
"value": "3:clvxl1xlX:U1"
}
]
},
{
"comment": "",
"deleted": false,
"description": "Object describing a section of an Executable and Linkable Format",
"meta-category": "file",
"name": "elf-section",
"template_uuid": "ca271f32-1234-4e87-b240-6b6e882de5de",
"template_version": "4",
"timestamp": "1663146359",
"uuid": "08648093-7012-4d42-81d2-0902d0524679",
"Attribute": [
{
"category": "Other",
"comment": "",
"deleted": false,
"disable_correlation": true,
"object_relation": "name",
"timestamp": "1662993713",
"to_ids": false,
"type": "text",
"uuid": "5eab2e7a-3bb7-419d-82e3-390bad24c8fc",
"value": ".jcr"
},
{
"category": "Other",
"comment": "",
"deleted": false,
"disable_correlation": true,
"object_relation": "type",
"timestamp": "1662993713",
"to_ids": false,
"type": "text",
"uuid": "096b104d-334a-47ec-bf51-e62c387f6a88",
"value": "PROGBITS"
},
{
"category": "Other",
"comment": "",
"deleted": false,
"disable_correlation": true,
"object_relation": "flag",
"timestamp": "1662993713",
"to_ids": false,
"type": "text",
"uuid": "b6922499-2a55-4ab5-83f6-6cefd00585dc",
"value": "WRITE"
},
{
"category": "Other",
"comment": "",
"deleted": false,
"disable_correlation": true,
"object_relation": "flag",
"timestamp": "1662993713",
"to_ids": false,
"type": "text",
"uuid": "36bfb651-b48f-47fd-abfd-c0d08eb0fd81",
"value": "ALLOC"
},
{
"category": "Other",
"comment": "",
"deleted": false,
"disable_correlation": true,
"object_relation": "size-in-bytes",
"timestamp": "1662993713",
"to_ids": false,
"type": "size-in-bytes",
"uuid": "08d3e66a-33b0-4b73-8d79-18d888b83554",
"value": "8"
},
{
"category": "Payload delivery",
"comment": "",
"deleted": false,
"disable_correlation": false,
"object_relation": "md5",
"timestamp": "1663146345",
"to_ids": false,
"type": "md5",
"uuid": "c5a32235-2076-4ad5-81c3-e8ac4d091532",
"value": "7dea362b3fac8e00956a4952a3d4f474"
},
{
"category": "Payload delivery",
"comment": "",
"deleted": false,
"disable_correlation": false,
"object_relation": "sha1",
"timestamp": "1663146348",
"to_ids": false,
"type": "sha1",
"uuid": "29f2ea9d-36da-4d3e-9230-c260c9e353da",
"value": "05fe405753166f125559e7c9ac558654f107c7e9"
},
{
"category": "Payload delivery",
"comment": "",
"deleted": false,
"disable_correlation": false,
"object_relation": "sha256",
"timestamp": "1663146351",
"to_ids": false,
"type": "sha256",
"uuid": "7c3e7e82-d7e5-4f3a-9406-fd99b6a66aec",
"value": "af5570f5a1810b7af78caf4bc70a660f0df51e42baf91d4de5b2328de0e83dfc"
},
{
"category": "Payload delivery",
"comment": "",
"deleted": false,
"disable_correlation": false,
"object_relation": "sha512",
"timestamp": "1663146355",
"to_ids": false,
"type": "sha512",
"uuid": "9961ca93-d615-4023-8fff-6c2b96f0c248",
"value": "1b7409ccf0d5a34d3a77eaabfa9fe27427655be9297127ee9522aa1bf4046d4f945983678169cb1a7348edcac47ef0d9e2c924130e5bcc5f0d94937852c42f1b"
},
{
"category": "Payload delivery",
"comment": "",
"deleted": false,
"disable_correlation": false,
"object_relation": "ssdeep",
"timestamp": "1663146359",
"to_ids": false,
"type": "ssdeep",
"uuid": "f6ff4711-408c-4571-8268-2e622749d86c",
"value": "3::"
}
]
},
{
"comment": "",
"deleted": false,
"description": "Object describing a section of an Executable and Linkable Format",
"meta-category": "file",
"name": "elf-section",
"template_uuid": "ca271f32-1234-4e87-b240-6b6e882de5de",
"template_version": "4",
"timestamp": "1662993713",
"uuid": "bec89af8-5394-47fa-9672-9d179eaaedc4",
"Attribute": [
{
"category": "Other",
"comment": "",
"deleted": false,
"disable_correlation": true,
"object_relation": "name",
"timestamp": "1662993713",
"to_ids": false,
"type": "text",
"uuid": "2e59a359-f5d2-447c-ab95-a738e5ac345f",
"value": ".data.rel.ro"
},
{
"category": "Other",
"comment": "",
"deleted": false,
"disable_correlation": true,
"object_relation": "type",
"timestamp": "1662993713",
"to_ids": false,
"type": "text",
"uuid": "2de69177-e96b-41b4-af75-e1b35c1e62c6",
"value": "PROGBITS"
},
{
"category": "Other",
"comment": "",
"deleted": false,
"disable_correlation": true,
"object_relation": "flag",
"timestamp": "1662993713",
"to_ids": false,
"type": "text",
"uuid": "37c626d9-69aa-4830-b91d-c6cc8ff3fe8b",
"value": "WRITE"
},
{
"category": "Other",
"comment": "",
"deleted": false,
"disable_correlation": true,
"object_relation": "flag",
"timestamp": "1662993713",
"to_ids": false,
"type": "text",
"uuid": "adc13380-efe9-4d92-83bf-dc3acfe12cff",
"value": "ALLOC"
},
{
"category": "Other",
"comment": "",
"deleted": false,
"disable_correlation": true,
"object_relation": "size-in-bytes",
"timestamp": "1662993713",
"to_ids": false,
"type": "size-in-bytes",
"uuid": "a745fa17-09d2-4e88-abe6-5a73a8cdf131",
"value": "28028"
},
{
"category": "Other",
"comment": "",
"deleted": false,
"disable_correlation": true,
"object_relation": "entropy",
"timestamp": "1662993713",
"to_ids": false,
"type": "float",
"uuid": "2c01772e-f10a-4373-be46-0ece10d86b31",
"value": "2.9447199515367"
},
{
"category": "Payload delivery",
"comment": "",
"deleted": false,
"disable_correlation": false,
"object_relation": "md5",
"timestamp": "1662993713",
"to_ids": true,
"type": "md5",
"uuid": "b64a583f-6b13-4805-86f5-626f5570d008",
"value": "728b665f40993e4cbf9e2d8d760fc997"
},
{
"category": "Payload delivery",
"comment": "",
"deleted": false,
"disable_correlation": false,
"object_relation": "sha1",
"timestamp": "1662993713",
"to_ids": true,
"type": "sha1",
"uuid": "4862145f-b073-47d9-a40c-3f7fbfcb8b3f",
"value": "90834fa08b3810067032dc0f1b329050fe9216d2"
},
{
"category": "Payload delivery",
"comment": "",
"deleted": false,
"disable_correlation": false,
"object_relation": "sha256",
"timestamp": "1662993713",
"to_ids": true,
"type": "sha256",
"uuid": "797c9515-06c7-4915-aef4-4aaec5098c8f",
"value": "302d93079e9d83bdf50ffae68b0e7d19e7b598c926eda0d162f73ec86282a4b6"
},
{
"category": "Payload delivery",
"comment": "",
"deleted": false,
"disable_correlation": false,
"object_relation": "sha512",
"timestamp": "1662993713",
"to_ids": true,
"type": "sha512",
"uuid": "18bcdf9c-2b9b-4b1c-a256-d93507718202",
"value": "48cdbb3fa4a5cf918c33baa8547b7302b3b1027f8776b5d6968dcd5e24ab98290bd4357646183c7984e305e17d710a8dbd67b0835d1e940f63a6b1a6d229e68f"
},
{
"category": "Payload delivery",
"comment": "",
"deleted": false,
"disable_correlation": false,
"object_relation": "ssdeep",
"timestamp": "1662993713",
"to_ids": true,
"type": "ssdeep",
"uuid": "a6af78c9-0248-4ef6-b34a-6b909b929323",
"value": "384:Tw+k8M/4S/XFGW9bwoGenNJps2aBitX4HfqpTnqJ4HAA:TZBM/H9GW7JGrBitX4/qpTqJ4V"
}
]
},
{
"comment": "",
"deleted": false,
"description": "Object describing a section of an Executable and Linkable Format",
"meta-category": "file",
"name": "elf-section",
"template_uuid": "ca271f32-1234-4e87-b240-6b6e882de5de",
"template_version": "4",
"timestamp": "1662993713",
"uuid": "e9e76732-f3d5-489e-8bd2-d07d354d049f",
"Attribute": [
{
"category": "Other",
"comment": "",
"deleted": false,
"disable_correlation": true,
"object_relation": "name",
"timestamp": "1662993713",
"to_ids": false,
"type": "text",
"uuid": "6133135b-eeef-4108-b0ef-6abce9f50407",
"value": ".got"
},
{
"category": "Other",
"comment": "",
"deleted": false,
"disable_correlation": true,
"object_relation": "type",
"timestamp": "1662993713",
"to_ids": false,
"type": "text",
"uuid": "57b83dd1-497f-457e-931d-d0dbb552937a",
"value": "PROGBITS"
},
{
"category": "Other",
"comment": "",
"deleted": false,
"disable_correlation": true,
"object_relation": "flag",
"timestamp": "1662993713",
"to_ids": false,
"type": "text",
"uuid": "8944b93b-fe8b-44a4-928b-3144295ff485",
"value": "WRITE"
},
{
"category": "Other",
"comment": "",
"deleted": false,
"disable_correlation": true,
"object_relation": "flag",
"timestamp": "1662993713",
"to_ids": false,
"type": "text",
"uuid": "6f73e113-47bf-4479-ab7b-a01b3dd19859",
"value": "ALLOC"
},
{
"category": "Other",
"comment": "",
"deleted": false,
"disable_correlation": true,
"object_relation": "size-in-bytes",
"timestamp": "1662993713",
"to_ids": false,
"type": "size-in-bytes",
"uuid": "9387090d-20cb-4c39-9904-d99772e5292e",
"value": "32"
},
{
"category": "Other",
"comment": "",
"deleted": false,
"disable_correlation": true,
"object_relation": "entropy",
"timestamp": "1662993713",
"to_ids": false,
"type": "float",
"uuid": "05afed41-5595-4acd-89ca-1d9cf09b0a5a",
"value": "1.4987781244591"
},
{
"category": "Payload delivery",
"comment": "",
"deleted": false,
"disable_correlation": false,
"object_relation": "md5",
"timestamp": "1662993713",
"to_ids": true,
"type": "md5",
"uuid": "03e84819-4a11-443d-a477-65c37fa2f6e3",
"value": "86114f58203dfda877c48226482e52d1"
},
{
"category": "Payload delivery",
"comment": "",
"deleted": false,
"disable_correlation": false,
"object_relation": "sha1",
"timestamp": "1662993713",
"to_ids": true,
"type": "sha1",
"uuid": "24fa1fd4-d7ef-4806-9596-2600eacc2b13",
"value": "8bb53712224451861c446c7b612e08068dc95331"
},
{
"category": "Payload delivery",
"comment": "",
"deleted": false,
"disable_correlation": false,
"object_relation": "sha256",
"timestamp": "1662993713",
"to_ids": true,
"type": "sha256",
"uuid": "5bc472f5-d3dc-4647-85c1-1ddfb207248e",
"value": "7e575d0fe6c94b6f8fb4ef950eadd1aca645cc2b9c61fe13d7d5d1dc84c92830"
},
{
"category": "Payload delivery",
"comment": "",
"deleted": false,
"disable_correlation": false,
"object_relation": "sha512",
"timestamp": "1662993713",
"to_ids": true,
"type": "sha512",
"uuid": "90db0a58-cfd1-4bc0-ae42-3416153c1db0",
"value": "e12e09918bb7ba749bb2a051d73fadc2cc4d95244ad5cee7fa584e182cc532ad9820bf003480e5134e0ecca015ca7ba8f7ba79cf3554b85975a17e71e02a3ecf"
},
{
"category": "Payload delivery",
"comment": "",
"deleted": false,
"disable_correlation": false,
"object_relation": "ssdeep",
"timestamp": "1662993713",
"to_ids": true,
"type": "ssdeep",
"uuid": "6dd7b7ff-7894-4e72-ba47-4400fc33561f",
"value": "3:qlq/Xl1n:qs/f"
}
]
},
{
"comment": "",
"deleted": false,
"description": "Object describing a section of an Executable and Linkable Format",
"meta-category": "file",
"name": "elf-section",
"template_uuid": "ca271f32-1234-4e87-b240-6b6e882de5de",
"template_version": "4",
"timestamp": "1662993713",
"uuid": "9e9dbee4-7953-4545-adf7-0004efc1961d",
"Attribute": [
{
"category": "Other",
"comment": "",
"deleted": false,
"disable_correlation": true,
"object_relation": "name",
"timestamp": "1662993713",
"to_ids": false,
"type": "text",
"uuid": "9f6fe914-20df-4b9f-b616-a110b3417273",
"value": ".got.plt"
},
{
"category": "Other",
"comment": "",
"deleted": false,
"disable_correlation": true,
"object_relation": "type",
"timestamp": "1662993713",
"to_ids": false,
"type": "text",
"uuid": "a9222889-57ae-4437-a071-40b7b047d99c",
"value": "PROGBITS"
},
{
"category": "Other",
"comment": "",
"deleted": false,
"disable_correlation": true,
"object_relation": "flag",
"timestamp": "1662993713",
"to_ids": false,
"type": "text",
"uuid": "3f100905-0adc-4d59-9f58-6a270b66ce45",
"value": "WRITE"
},
{
"category": "Other",
"comment": "",
"deleted": false,
"disable_correlation": true,
"object_relation": "flag",
"timestamp": "1662993713",
"to_ids": false,
"type": "text",
"uuid": "9a96dc7d-0257-479f-9f8d-3630bc8cf880",
"value": "ALLOC"
},
{
"category": "Other",
"comment": "",
"deleted": false,
"disable_correlation": true,
"object_relation": "size-in-bytes",
"timestamp": "1662993713",
"to_ids": false,
"type": "size-in-bytes",
"uuid": "072fb76b-3acf-4c04-943e-d7e218f43a03",
"value": "192"
},
{
"category": "Other",
"comment": "",
"deleted": false,
"disable_correlation": true,
"object_relation": "entropy",
"timestamp": "1662993713",
"to_ids": false,
"type": "float",
"uuid": "e41735d8-50eb-4850-84c5-f2d776741a02",
"value": "1.9668011370339"
},
{
"category": "Payload delivery",
"comment": "",
"deleted": false,
"disable_correlation": false,
"object_relation": "md5",
"timestamp": "1662993713",
"to_ids": true,
"type": "md5",
"uuid": "df365b6b-ec8f-44ba-b270-2d93cec3895e",
"value": "1ed0e4f186afcec666a90a6ac003b96d"
},
{
"category": "Payload delivery",
"comment": "",
"deleted": false,
"disable_correlation": false,
"object_relation": "sha1",
"timestamp": "1662993713",
"to_ids": true,
"type": "sha1",
"uuid": "aaab637c-76cd-4d34-ab24-050d4a6162d9",
"value": "a75951e3f666b49b51d9c541f0f3c193fa7f2c57"
},
{
"category": "Payload delivery",
"comment": "",
"deleted": false,
"disable_correlation": false,
"object_relation": "sha256",
"timestamp": "1662993713",
"to_ids": true,
"type": "sha256",
"uuid": "4d1a8c4e-0948-4345-b005-bf895ba93a1d",
"value": "efbda2d8d047cf2972615dd21b317b20e7cb4fa4a451bf51fc25f3d6e2e13b52"
},
{
"category": "Payload delivery",
"comment": "",
"deleted": false,
"disable_correlation": false,
"object_relation": "sha512",
"timestamp": "1662993713",
"to_ids": true,
"type": "sha512",
"uuid": "e31142db-f271-4a7a-8cae-026985bf11d5",
"value": "9a1a7bb6be8d115fd59759d116db0ace02ff003d38e70d8a5a2c87f45b94932bc47c086c355ea80a0af0f91937cf9bf023c0dfeddb10ece9fc86617d130ecfa6"
},
{
"category": "Payload delivery",
"comment": "",
"deleted": false,
"disable_correlation": false,
"object_relation": "ssdeep",
"timestamp": "1662993713",
"to_ids": true,
"type": "ssdeep",
"uuid": "d8656898-1777-493f-9226-047122a37180",
"value": "3:alll5rBJ/lZzZrRJ/lpzJrhJ/l5z5rlLJtJzprl7JtZzZrlrg/lpgxgZg/ll:u/6aSal"
}
]
},
{
"comment": "",
"deleted": false,
"description": "Object describing a section of an Executable and Linkable Format",
"meta-category": "file",
"name": "elf-section",
"template_uuid": "ca271f32-1234-4e87-b240-6b6e882de5de",
"template_version": "4",
"timestamp": "1662993713",
"uuid": "5cefde66-49fe-405b-b656-de6024c7e6fb",
"Attribute": [
{
"category": "Other",
"comment": "",
"deleted": false,
"disable_correlation": true,
"object_relation": "name",
"timestamp": "1662993713",
"to_ids": false,
"type": "text",
"uuid": "86938dbb-22bf-4661-9e3b-60497bc23fe0",
"value": ".data"
},
{
"category": "Other",
"comment": "",
"deleted": false,
"disable_correlation": true,
"object_relation": "type",
"timestamp": "1662993713",
"to_ids": false,
"type": "text",
"uuid": "15e09b05-e7a8-4b90-b7f0-219031b9f326",
"value": "PROGBITS"
},
{
"category": "Other",
"comment": "",
"deleted": false,
"disable_correlation": true,
"object_relation": "flag",
"timestamp": "1662993713",
"to_ids": false,
"type": "text",
"uuid": "e19bf5c5-8e5b-4c23-a105-007943ec2177",
"value": "WRITE"
},
{
"category": "Other",
"comment": "",
"deleted": false,
"disable_correlation": true,
"object_relation": "flag",
"timestamp": "1662993713",
"to_ids": false,
"type": "text",
"uuid": "692ebc25-cac7-45b2-af62-98186812afe4",
"value": "ALLOC"
},
{
"category": "Other",
"comment": "",
"deleted": false,
"disable_correlation": true,
"object_relation": "size-in-bytes",
"timestamp": "1662993713",
"to_ids": false,
"type": "size-in-bytes",
"uuid": "4821c500-6c41-4880-82b7-35c9794b3397",
"value": "13992"
},
{
"category": "Other",
"comment": "",
"deleted": false,
"disable_correlation": true,
"object_relation": "entropy",
"timestamp": "1662993713",
"to_ids": false,
"type": "float",
"uuid": "64e9b38d-8168-48d5-8817-d3dd977a3518",
"value": "3.1765749005319"
},
{
"category": "Payload delivery",
"comment": "",
"deleted": false,
"disable_correlation": false,
"object_relation": "md5",
"timestamp": "1662993713",
"to_ids": true,
"type": "md5",
"uuid": "dba308f3-0ddc-4a6a-bac3-6bbb71afdb77",
"value": "829c8459ab04e0c727f9bc49953fb345"
},
{
"category": "Payload delivery",
"comment": "",
"deleted": false,
"disable_correlation": false,
"object_relation": "sha1",
"timestamp": "1662993713",
"to_ids": true,
"type": "sha1",
"uuid": "934b91a3-c73b-418a-b9fb-5f48a12d5995",
"value": "d276ed5f3632f946539a50bb3220ea0554fc3f0f"
},
{
"category": "Payload delivery",
"comment": "",
"deleted": false,
"disable_correlation": false,
"object_relation": "sha256",
"timestamp": "1662993713",
"to_ids": true,
"type": "sha256",
"uuid": "5106301a-7655-4c30-93fe-c250254b7498",
"value": "e5ee50932b7904a89bfc0835b3cdedfc4c73b0960d9f9b26983f15c808e2aee3"
},
{
"category": "Payload delivery",
"comment": "",
"deleted": false,
"disable_correlation": false,
"object_relation": "sha512",
"timestamp": "1662993713",
"to_ids": true,
"type": "sha512",
"uuid": "7ee1d24e-24f4-443a-ac3d-9aafd26809e5",
"value": "5208fc6d2eec12b1f64a31bf3a16bd03d12cf687b6a498a051be0d016464d7a944c4079feadff03ad9f31fea709ebc0aa1c4095452837df60e4dd1cfb5ec98eb"
},
{
"category": "Payload delivery",
"comment": "",
"deleted": false,
"disable_correlation": false,
"object_relation": "ssdeep",
"timestamp": "1662993713",
"to_ids": true,
"type": "ssdeep",
"uuid": "ef4083e4-51c5-4f54-ad32-99a1ef13f88c",
"value": "192:6X/rA512jODsOqgj6MpsuCeWKaIoooooooooooox:6j+12jOD1TzCekIoooooooooooox"
}
]
},
{
"comment": "",
"deleted": false,
"description": "Object describing a section of an Executable and Linkable Format",
"meta-category": "file",
"name": "elf-section",
"template_uuid": "ca271f32-1234-4e87-b240-6b6e882de5de",
"template_version": "4",
"timestamp": "1662993713",
"uuid": "30791caf-9875-4da1-ac7e-f51a97da1ed0",
"Attribute": [
{
"category": "Other",
"comment": "",
"deleted": false,
"disable_correlation": true,
"object_relation": "name",
"timestamp": "1662993713",
"to_ids": false,
"type": "text",
"uuid": "0fd22fb0-7a20-45d7-9255-5e6c73699557",
"value": ".bss"
},
{
"category": "Other",
"comment": "",
"deleted": false,
"disable_correlation": true,
"object_relation": "type",
"timestamp": "1662993713",
"to_ids": false,
"type": "text",
"uuid": "270ee01d-1250-409d-bc4d-91fbdcac5ecc",
"value": "NOBITS"
},
{
"category": "Other",
"comment": "",
"deleted": false,
"disable_correlation": true,
"object_relation": "flag",
"timestamp": "1662993713",
"to_ids": false,
"type": "text",
"uuid": "dec99cc5-fec6-486e-81bc-097dc5096d31",
"value": "WRITE"
},
{
"category": "Other",
"comment": "",
"deleted": false,
"disable_correlation": true,
"object_relation": "flag",
"timestamp": "1662993713",
"to_ids": false,
"type": "text",
"uuid": "e18fc959-9830-411a-ba42-7334a7e9ea6d",
"value": "ALLOC"
},
{
"category": "Other",
"comment": "",
"deleted": false,
"disable_correlation": true,
"object_relation": "size-in-bytes",
"timestamp": "1662993713",
"to_ids": false,
"type": "size-in-bytes",
"uuid": "742ff729-9569-40a9-ad74-86c721d591e5",
"value": "595568"
},
{
"category": "Other",
"comment": "",
"deleted": false,
"disable_correlation": true,
"object_relation": "entropy",
"timestamp": "1662993713",
"to_ids": false,
"type": "float",
"uuid": "7329f69b-2a74-4588-8b5b-896fb0af0952",
"value": "0.11387621555556"
},
{
"category": "Payload delivery",
"comment": "",
"deleted": false,
"disable_correlation": false,
"object_relation": "md5",
"timestamp": "1662993713",
"to_ids": true,
"type": "md5",
"uuid": "ca40fa4b-4acc-47c2-82f2-b39b1dad8631",
"value": "c10ee105179455aeb7c34352a54ded29"
},
{
"category": "Payload delivery",
"comment": "",
"deleted": false,
"disable_correlation": false,
"object_relation": "sha1",
"timestamp": "1662993713",
"to_ids": true,
"type": "sha1",
"uuid": "a3b23964-600a-4e8f-8e13-bd851a0dd537",
"value": "3fec147eac09a81d4bbdd11471d735c9676b8642"
},
{
"category": "Payload delivery",
"comment": "",
"deleted": false,
"disable_correlation": false,
"object_relation": "sha256",
"timestamp": "1662993713",
"to_ids": true,
"type": "sha256",
"uuid": "452db4b6-8aa8-455b-9d96-f415c97e3fc5",
"value": "c2723c6cbc34ca2eaf5424018b5667568f9d699669983cd686fab3bc0f1bc2f1"
},
{
"category": "Payload delivery",
"comment": "",
"deleted": false,
"disable_correlation": false,
"object_relation": "sha512",
"timestamp": "1662993713",
"to_ids": true,
"type": "sha512",
"uuid": "0e6403ab-b0af-457b-87c2-0d2fad8857c7",
"value": "f038e889f1c059dfc371105234fabf80e8b9689c529e574e36349f57f3cf19d1b538b56802720b7d6ec3b2f42879ace1921507498764559aa71f313596dc9269"
},
{
"category": "Payload delivery",
"comment": "",
"deleted": false,
"disable_correlation": false,
"object_relation": "ssdeep",
"timestamp": "1662993713",
"to_ids": true,
"type": "ssdeep",
"uuid": "181e07c1-844a-4a4e-84c0-579becae66a9",
"value": "96:k+J8dyNJl8RuBth8FbNUjrkc1938SL/7MgSOsDEeh1Z5LIZZ:kw5Nr8R4r8FJAYc1aVE"
}
]
},
{
"comment": "",
"deleted": false,
"description": "Object describing a section of an Executable and Linkable Format",
"meta-category": "file",
"name": "elf-section",
"template_uuid": "ca271f32-1234-4e87-b240-6b6e882de5de",
"template_version": "4",
"timestamp": "1662993713",
"uuid": "c6546b6f-4721-4c71-9fe1-22353750a63c",
"Attribute": [
{
"category": "Other",
"comment": "",
"deleted": false,
"disable_correlation": true,
"object_relation": "name",
"timestamp": "1662993713",
"to_ids": false,
"type": "text",
"uuid": "9fe38622-0d15-415e-adab-2c6f4bc56af2",
"value": "__libc_freeres_ptrs"
},
{
"category": "Other",
"comment": "",
"deleted": false,
"disable_correlation": true,
"object_relation": "type",
"timestamp": "1662993713",
"to_ids": false,
"type": "text",
"uuid": "871c020c-6360-4f33-bed6-d6b3f389ed95",
"value": "NOBITS"
},
{
"category": "Other",
"comment": "",
"deleted": false,
"disable_correlation": true,
"object_relation": "flag",
"timestamp": "1662993713",
"to_ids": false,
"type": "text",
"uuid": "3adfbc15-1e70-491d-a05b-562e6ebebdc5",
"value": "WRITE"
},
{
"category": "Other",
"comment": "",
"deleted": false,
"disable_correlation": true,
"object_relation": "flag",
"timestamp": "1662993713",
"to_ids": false,
"type": "text",
"uuid": "ce88c8f2-39fc-44dd-9dc9-47dbdfa75daf",
"value": "ALLOC"
},
{
"category": "Other",
"comment": "",
"deleted": false,
"disable_correlation": true,
"object_relation": "size-in-bytes",
"timestamp": "1662993713",
"to_ids": false,
"type": "size-in-bytes",
"uuid": "b4acda50-4321-4b7d-9ecf-165c5a4376b6",
"value": "56"
},
{
"category": "Other",
"comment": "",
"deleted": false,
"disable_correlation": true,
"object_relation": "entropy",
"timestamp": "1662993713",
"to_ids": false,
"type": "float",
"uuid": "9ccf7b78-a174-48bb-a9f7-8325d081cafa",
"value": "4.1754963866066"
},
{
"category": "Payload delivery",
"comment": "",
"deleted": false,
"disable_correlation": false,
"object_relation": "md5",
"timestamp": "1662993713",
"to_ids": true,
"type": "md5",
"uuid": "129d5ee4-3d2a-44cc-9da0-b874f61dbc2f",
"value": "c9ccc8bbba4f478944f4e584f1896ac4"
},
{
"category": "Payload delivery",
"comment": "",
"deleted": false,
"disable_correlation": false,
"object_relation": "sha1",
"timestamp": "1662993713",
"to_ids": true,
"type": "sha1",
"uuid": "c79b5a9f-1352-4c91-846b-35bd54ddd4d1",
"value": "fb5f95f440fcbf34070b29e948cc47609bc991b3"
},
{
"category": "Payload delivery",
"comment": "",
"deleted": false,
"disable_correlation": false,
"object_relation": "sha256",
"timestamp": "1662993713",
"to_ids": true,
"type": "sha256",
"uuid": "0f775242-59ea-4dd9-9e22-46283ea4d10b",
"value": "e56a150f97d2817057ea47233324216ddcf92c6bd767240410635f55be029271"
},
{
"category": "Payload delivery",
"comment": "",
"deleted": false,
"disable_correlation": false,
"object_relation": "sha512",
"timestamp": "1662993713",
"to_ids": true,
"type": "sha512",
"uuid": "25fe9bb5-fa9c-4302-8ea3-adcb0d5e247d",
"value": "fef4d4b4ad7eabae152f2d49e19d610fc047e6090a987a5d8d3885318cb8350cb3d5f0203b7b763bea14e4c4e8241acd00a5d64305d03558b4e158f7c593467c"
},
{
"category": "Payload delivery",
"comment": "",
"deleted": false,
"disable_correlation": false,
"object_relation": "ssdeep",
"timestamp": "1662993713",
"to_ids": true,
"type": "ssdeep",
"uuid": "29e4cb64-2e12-41e0-b936-58d311a0f731",
"value": "3:cfRQeI3k7SEenFX+tm/n:d5k2VFutW"
}
]
},
{
"comment": "",
"deleted": false,
"description": "Object describing a section of an Executable and Linkable Format",
"meta-category": "file",
"name": "elf-section",
"template_uuid": "ca271f32-1234-4e87-b240-6b6e882de5de",
"template_version": "4",
"timestamp": "1662993713",
"uuid": "6c5b84ab-b2e3-472d-9317-547fb1574f75",
"Attribute": [
{
"category": "Other",
"comment": "",
"deleted": false,
"disable_correlation": true,
"object_relation": "name",
"timestamp": "1662993713",
"to_ids": false,
"type": "text",
"uuid": "9c8f7eba-ce25-4b86-b3ff-fb1e9633b21b",
"value": ".comment"
},
{
"category": "Other",
"comment": "",
"deleted": false,
"disable_correlation": true,
"object_relation": "type",
"timestamp": "1662993713",
"to_ids": false,
"type": "text",
"uuid": "b8f8e46c-c567-43ac-8d00-6075e751a392",
"value": "PROGBITS"
},
{
"category": "Other",
"comment": "",
"deleted": false,
"disable_correlation": true,
"object_relation": "flag",
"timestamp": "1662993713",
"to_ids": false,
"type": "text",
"uuid": "ef74d44b-3d79-4200-ace5-cec0c37426ed",
"value": "MERGE"
},
{
"category": "Other",
"comment": "",
"deleted": false,
"disable_correlation": true,
"object_relation": "flag",
"timestamp": "1662993713",
"to_ids": false,
"type": "text",
"uuid": "1128d108-3fa6-4267-a550-a34036bb28d7",
"value": "STRINGS"
},
{
"category": "Other",
"comment": "",
"deleted": false,
"disable_correlation": true,
"object_relation": "size-in-bytes",
"timestamp": "1662993713",
"to_ids": false,
"type": "size-in-bytes",
"uuid": "1f8b1ef1-aa9f-4b65-a891-0ae40f463e7a",
"value": "53"
},
{
"category": "Other",
"comment": "",
"deleted": false,
"disable_correlation": true,
"object_relation": "entropy",
"timestamp": "1662993713",
"to_ids": false,
"type": "float",
"uuid": "35bdbf39-893b-4596-b954-b9046a2b80f3",
"value": "4.1546359642754"
},
{
"category": "Payload delivery",
"comment": "",
"deleted": false,
"disable_correlation": false,
"object_relation": "md5",
"timestamp": "1662993713",
"to_ids": true,
"type": "md5",
"uuid": "f34ad19f-9984-4d16-a296-dd63861f3147",
"value": "639b1b0a43f34ed06028d6fd9214135a"
},
{
"category": "Payload delivery",
"comment": "",
"deleted": false,
"disable_correlation": false,
"object_relation": "sha1",
"timestamp": "1662993713",
"to_ids": true,
"type": "sha1",
"uuid": "0956d5e9-6740-49e0-9dfa-58b03766d7dd",
"value": "5c60c17de4314c8b11b536f596a9b5846d5976cd"
},
{
"category": "Payload delivery",
"comment": "",
"deleted": false,
"disable_correlation": false,
"object_relation": "sha256",
"timestamp": "1662993713",
"to_ids": true,
"type": "sha256",
"uuid": "8a7715a3-5572-46bc-a8e2-8275d6dee2a0",
"value": "7517fdd32e19a05cca1941acc3c9da844029fbababa7e8c169b191f42b3e1adb"
},
{
"category": "Payload delivery",
"comment": "",
"deleted": false,
"disable_correlation": false,
"object_relation": "sha512",
"timestamp": "1662993713",
"to_ids": true,
"type": "sha512",
"uuid": "ab49411c-a005-4ffc-96fa-7cc4abd581b6",
"value": "7ca5ba6777f04a6b69ea2d09c9e17d8bfd91f53422952d40103d663a1476b699042c85df5163a1f24d18f44a40fa10646eacb89bd85c8375d9a369fc0325dcd0"
},
{
"category": "Payload delivery",
"comment": "",
"deleted": false,
"disable_correlation": false,
"object_relation": "ssdeep",
"timestamp": "1662993713",
"to_ids": true,
"type": "ssdeep",
"uuid": "b49bf466-810e-4a04-a85c-35e2af42f898",
"value": "3:cfRQeI3k7SEenFX+tC:d5k2VFutC"
}
]
},
{
"comment": "",
"deleted": false,
"description": "Object describing a section of an Executable and Linkable Format",
"meta-category": "file",
"name": "elf-section",
"template_uuid": "ca271f32-1234-4e87-b240-6b6e882de5de",
"template_version": "4",
"timestamp": "1662993713",
"uuid": "ad44aa8d-152c-4d6d-9b30-4328764b620f",
"Attribute": [
{
"category": "Other",
"comment": "",
"deleted": false,
"disable_correlation": true,
"object_relation": "name",
"timestamp": "1662993714",
"to_ids": false,
"type": "text",
"uuid": "1142827a-29ff-44f7-9b14-ee1f005b83fb",
"value": ".note.stapsdt"
},
{
"category": "Other",
"comment": "",
"deleted": false,
"disable_correlation": true,
"object_relation": "type",
"timestamp": "1662993714",
"to_ids": false,
"type": "text",
"uuid": "f7cad017-3f96-4b71-b66a-5f8341ddc248",
"value": "NOTE"
},
{
"category": "Other",
"comment": "",
"deleted": false,
"disable_correlation": true,
"object_relation": "size-in-bytes",
"timestamp": "1662993714",
"to_ids": false,
"type": "size-in-bytes",
"uuid": "6d3e4c96-d365-4557-825a-817a6fe67281",
"value": "6620"
},
{
"category": "Other",
"comment": "",
"deleted": false,
"disable_correlation": true,
"object_relation": "entropy",
"timestamp": "1662993714",
"to_ids": false,
"type": "float",
"uuid": "af1c3f5f-119c-4406-85f5-69bbee8543d1",
"value": "4.2666004819114"
},
{
"category": "Payload delivery",
"comment": "",
"deleted": false,
"disable_correlation": false,
"object_relation": "md5",
"timestamp": "1662993714",
"to_ids": true,
"type": "md5",
"uuid": "118f795b-d95a-4c6d-9d60-ed9d606cbced",
"value": "26571dec7453a42e6019757720aad6ca"
},
{
"category": "Payload delivery",
"comment": "",
"deleted": false,
"disable_correlation": false,
"object_relation": "sha1",
"timestamp": "1662993714",
"to_ids": true,
"type": "sha1",
"uuid": "a345b655-f4ff-4699-aeda-4125f8275645",
"value": "e23b731b772080b05efef8d8f9b23dc375ca51d8"
},
{
"category": "Payload delivery",
"comment": "",
"deleted": false,
"disable_correlation": false,
"object_relation": "sha256",
"timestamp": "1662993714",
"to_ids": true,
"type": "sha256",
"uuid": "b4a61def-d8f2-4979-a039-612fa6bb748a",
"value": "9d3051df6878fdd7af9f28f51d564cb494a663970b8ef38c21a4ed6e02d00c8d"
},
{
"category": "Payload delivery",
"comment": "",
"deleted": false,
"disable_correlation": false,
"object_relation": "sha512",
"timestamp": "1662993714",
"to_ids": true,
"type": "sha512",
"uuid": "08622689-3a57-408a-ba5e-bdcde8f26974",
"value": "a6fa3bb1f8b38f53d5af84a0482249d54d7deac31162a6099d573ef4824bc422c3766a876d7a3f159e720b246318678032586347a4c48c9ee4de91a607497f47"
},
{
"category": "Payload delivery",
"comment": "",
"deleted": false,
"disable_correlation": false,
"object_relation": "ssdeep",
"timestamp": "1662993714",
"to_ids": true,
"type": "ssdeep",
"uuid": "183bb006-2c82-40c5-9362-4878c416f72f",
"value": "48:CWm1tdECYs+B3Jl44WY+2dAwguBi4BKj4oXnvdb/xdkCBUTu8vElc3kifVDEa93V:d8dyNJl8RuBth8FbNUjrkc1938SL/7Me"
}
]
},
{
"comment": "",
"deleted": false,
"description": "Object describing a section of an Executable and Linkable Format",
"meta-category": "file",
"name": "elf-section",
"template_uuid": "ca271f32-1234-4e87-b240-6b6e882de5de",
"template_version": "4",
"timestamp": "1662993714",
"uuid": "182c0855-8a58-47ab-bce0-b3ddfd1ade8c",
"Attribute": [
{
"category": "Other",
"comment": "",
"deleted": false,
"disable_correlation": true,
"object_relation": "name",
"timestamp": "1662993714",
"to_ids": false,
"type": "text",
"uuid": "5f0780d6-76b7-48cd-b89b-d760524486c2",
"value": ".shstrtab"
},
{
"category": "Other",
"comment": "",
"deleted": false,
"disable_correlation": true,
"object_relation": "type",
"timestamp": "1662993714",
"to_ids": false,
"type": "text",
"uuid": "feb99a0d-a52f-4158-8673-7855b474667a",
"value": "STRTAB"
},
{
"category": "Other",
"comment": "",
"deleted": false,
"disable_correlation": true,
"object_relation": "size-in-bytes",
"timestamp": "1662993714",
"to_ids": false,
"type": "size-in-bytes",
"uuid": "f35c41fa-9c53-4f0e-96ea-2d06010b9f44",
"value": "360"
},
{
"category": "Other",
"comment": "",
"deleted": false,
"disable_correlation": true,
"object_relation": "entropy",
"timestamp": "1662993714",
"to_ids": false,
"type": "float",
"uuid": "cc75db8e-3bc0-42ef-93d1-1103cca0fd9d",
"value": "4.2567105262291"
},
{
"category": "Payload delivery",
"comment": "",
"deleted": false,
"disable_correlation": false,
"object_relation": "md5",
"timestamp": "1662993714",
"to_ids": true,
"type": "md5",
"uuid": "3703b908-bc0c-4371-8f4b-d991f01b3e5e",
"value": "f0d3f8b2191465e4f25af68c538271dd"
},
{
"category": "Payload delivery",
"comment": "",
"deleted": false,
"disable_correlation": false,
"object_relation": "sha1",
"timestamp": "1662993714",
"to_ids": true,
"type": "sha1",
"uuid": "12bf8397-2290-40a4-8851-d4b7d3afa663",
"value": "de3d842eadcfc3a30641bb8fb664982bf3121141"
},
{
"category": "Payload delivery",
"comment": "",
"deleted": false,
"disable_correlation": false,
"object_relation": "sha256",
"timestamp": "1662993714",
"to_ids": true,
"type": "sha256",
"uuid": "5a098698-293f-4a91-a601-700d1c2b2787",
"value": "50a945820a97096dfc8b0ae4425e1eb9abf1fdbc0a0d3a90a8555b9c1f39129c"
},
{
"category": "Payload delivery",
"comment": "",
"deleted": false,
"disable_correlation": false,
"object_relation": "sha512",
"timestamp": "1662993714",
"to_ids": true,
"type": "sha512",
"uuid": "0cc2e313-aa98-402c-9436-d55d9685972e",
"value": "b6d14c2691ff307f40be01e59dd3084e091563d472be952abec28284814ffa9eda252d0181997c92acfe7429a234a29c4fcfa2e65a6a0bfb91fa7af0b1c8f894"
},
{
"category": "Payload delivery",
"comment": "",
"deleted": false,
"disable_correlation": false,
"object_relation": "ssdeep",
"timestamp": "1662993714",
"to_ids": true,
"type": "ssdeep",
"uuid": "80b4ea58-e927-4e09-8f92-685c876564af",
"value": "6:kurssa58xOLMO6izXJAxXMTFgvqPTSrR6XUifmjM+j2cN5JjalRAir7I0ij:frRxO4O6OexVvWTSwXdfm5LJWlRAir7O"
}
]
},
{
"comment": "",
"deleted": false,
"description": "Object describing a Executable and Linkable Format",
"meta-category": "file",
"name": "elf",
"template_uuid": "fa6534ae-ad74-4ce0-8f23-15a66c82c7fa",
"template_version": "5",
"timestamp": "1662993715",
"uuid": "635ce2ad-e872-4956-8118-0fdb473c8424",
"ObjectReference": [
{
"comment": "Section 0 of ELF",
"object_uuid": "635ce2ad-e872-4956-8118-0fdb473c8424",
"referenced_uuid": "f20444c8-e756-44a4-ac79-0799566b1356",
2023-04-21 13:25:09 +00:00
"relationship_type": "includes",
2023-12-14 14:30:15 +00:00
"timestamp": "1662993714",
"uuid": "73cf535f-ebb3-4236-9ca3-a9e193fbd467"
},
{
"comment": "Section 1 of ELF",
"object_uuid": "635ce2ad-e872-4956-8118-0fdb473c8424",
"referenced_uuid": "839fe75f-0418-49ab-8118-172e81700111",
2023-04-21 13:25:09 +00:00
"relationship_type": "includes",
2023-12-14 14:30:15 +00:00
"timestamp": "1662993714",
"uuid": "cceb87e4-334d-4f5e-8898-d71e9921248f"
},
{
"comment": "Section 2 of ELF",
"object_uuid": "635ce2ad-e872-4956-8118-0fdb473c8424",
"referenced_uuid": "cc93a09e-7ab2-4efc-a538-63a2f9eb8548",
2023-04-21 13:25:09 +00:00
"relationship_type": "includes",
2023-12-14 14:30:15 +00:00
"timestamp": "1662993714",
"uuid": "f29b1d35-097d-4597-9fd8-03cc85a166af"
},
{
"comment": "Section 3 of ELF",
"object_uuid": "635ce2ad-e872-4956-8118-0fdb473c8424",
"referenced_uuid": "c1084d7d-bb02-42df-82ba-a5bb6fc7b6d1",
2023-04-21 13:25:09 +00:00
"relationship_type": "includes",
2023-12-14 14:30:15 +00:00
"timestamp": "1662993714",
"uuid": "d558c635-145a-4792-b5cf-b04871b0d322"
},
{
"comment": "Section 4 of ELF",
"object_uuid": "635ce2ad-e872-4956-8118-0fdb473c8424",
"referenced_uuid": "23fb93e2-84c5-45eb-ac44-5ac52e3baa7b",
2023-04-21 13:25:09 +00:00
"relationship_type": "includes",
2023-12-14 14:30:15 +00:00
"timestamp": "1662993714",
"uuid": "18c6d5de-ea8a-400c-b95a-0b719084da7f"
},
{
"comment": "Section 5 of ELF",
"object_uuid": "635ce2ad-e872-4956-8118-0fdb473c8424",
"referenced_uuid": "aaa26480-e20b-4467-981f-e70fc613819b",
2023-04-21 13:25:09 +00:00
"relationship_type": "includes",
2023-12-14 14:30:15 +00:00
"timestamp": "1662993714",
"uuid": "66a43732-a5d5-49d8-97a6-c3e25656c8f3"
},
{
"comment": "Section 6 of ELF",
"object_uuid": "635ce2ad-e872-4956-8118-0fdb473c8424",
"referenced_uuid": "69d75dd5-1b99-43d9-a8d4-d393e30aaa0b",
2023-04-21 13:25:09 +00:00
"relationship_type": "includes",
2023-12-14 14:30:15 +00:00
"timestamp": "1662993714",
"uuid": "322b5a0c-2e27-4b9f-800d-016f37816e9e"
},
{
"comment": "Section 7 of ELF",
"object_uuid": "635ce2ad-e872-4956-8118-0fdb473c8424",
"referenced_uuid": "1cf9ac2d-93cb-4e8f-941e-e69e89f8e248",
2023-04-21 13:25:09 +00:00
"relationship_type": "includes",
2023-12-14 14:30:15 +00:00
"timestamp": "1662993714",
"uuid": "028c2f7f-bcf5-40b7-8887-651fd6cb64c3"
},
{
"comment": "Section 8 of ELF",
"object_uuid": "635ce2ad-e872-4956-8118-0fdb473c8424",
"referenced_uuid": "62b00107-a884-40f8-ae40-b61004666ca3",
2023-04-21 13:25:09 +00:00
"relationship_type": "includes",
2023-12-14 14:30:15 +00:00
"timestamp": "1662993714",
"uuid": "bc72a678-b6fa-4d09-8553-aa89f34b51ec"
},
{
"comment": "Section 9 of ELF",
"object_uuid": "635ce2ad-e872-4956-8118-0fdb473c8424",
"referenced_uuid": "17f77158-0735-4093-8b9c-d738db162699",
2023-04-21 13:25:09 +00:00
"relationship_type": "includes",
2023-12-14 14:30:15 +00:00
"timestamp": "1662993714",
"uuid": "0517be02-df66-4667-9308-406b6ac68950"
},
{
"comment": "Section 10 of ELF",
"object_uuid": "635ce2ad-e872-4956-8118-0fdb473c8424",
"referenced_uuid": "77716830-69b3-4078-907d-a86ff72eada2",
2023-04-21 13:25:09 +00:00
"relationship_type": "includes",
2023-12-14 14:30:15 +00:00
"timestamp": "1662993714",
"uuid": "40081d68-3a2f-4a46-8747-f59245bd5275"
},
{
"comment": "Section 11 of ELF",
"object_uuid": "635ce2ad-e872-4956-8118-0fdb473c8424",
"referenced_uuid": "387ad845-011a-4be6-8fe4-869f04b7bd4c",
2023-04-21 13:25:09 +00:00
"relationship_type": "includes",
2023-12-14 14:30:15 +00:00
"timestamp": "1662993714",
"uuid": "96a69159-fd67-4892-a982-79e6f119b928"
},
{
"comment": "Section 12 of ELF",
"object_uuid": "635ce2ad-e872-4956-8118-0fdb473c8424",
"referenced_uuid": "82994316-c33d-4f20-b1cb-43ebcfccfacf",
2023-04-21 13:25:09 +00:00
"relationship_type": "includes",
2023-12-14 14:30:15 +00:00
"timestamp": "1662993714",
"uuid": "5fae828b-7632-44a6-90ab-58be16672757"
},
{
"comment": "Section 13 of ELF",
"object_uuid": "635ce2ad-e872-4956-8118-0fdb473c8424",
"referenced_uuid": "a3fd4ad8-adc2-409c-b333-db24c1d505b2",
2023-04-21 13:25:09 +00:00
"relationship_type": "includes",
2023-12-14 14:30:15 +00:00
"timestamp": "1662993714",
"uuid": "1a67bb25-c452-44ce-bd32-f5daefa293ed"
},
{
"comment": "Section 14 of ELF",
"object_uuid": "635ce2ad-e872-4956-8118-0fdb473c8424",
"referenced_uuid": "a20f6096-5314-4218-83a0-38e46724cef6",
2023-04-21 13:25:09 +00:00
"relationship_type": "includes",
2023-12-14 14:30:15 +00:00
"timestamp": "1662993714",
"uuid": "3c69d12f-f1f5-46eb-84bc-a4635fe4e6b8"
},
{
"comment": "Section 15 of ELF",
"object_uuid": "635ce2ad-e872-4956-8118-0fdb473c8424",
"referenced_uuid": "c2ab6b17-9938-4977-8d55-a2618dadb2e2",
2023-04-21 13:25:09 +00:00
"relationship_type": "includes",
2023-12-14 14:30:15 +00:00
"timestamp": "1662993714",
"uuid": "9d8a2265-daf9-4c83-bd6a-49766e3b8006"
},
{
"comment": "Section 16 of ELF",
"object_uuid": "635ce2ad-e872-4956-8118-0fdb473c8424",
"referenced_uuid": "5bd40820-14d2-4783-b4f9-cf9fd0483b9b",
2023-04-21 13:25:09 +00:00
"relationship_type": "includes",
2023-12-14 14:30:15 +00:00
"timestamp": "1662993714",
"uuid": "6ce812af-c8d1-4c38-9878-1e825a21c08c"
},
{
"comment": "Section 17 of ELF",
"object_uuid": "635ce2ad-e872-4956-8118-0fdb473c8424",
"referenced_uuid": "dd6b54d8-8ec9-42d3-99d4-6db1e3f8e8f7",
2023-04-21 13:25:09 +00:00
"relationship_type": "includes",
2023-12-14 14:30:15 +00:00
"timestamp": "1662993714",
"uuid": "e424e22a-1d60-449a-b062-9af249fa789f"
},
{
"comment": "Section 18 of ELF",
"object_uuid": "635ce2ad-e872-4956-8118-0fdb473c8424",
"referenced_uuid": "fea3f084-e86e-47f3-9f7b-a7aba74ccb3b",
2023-04-21 13:25:09 +00:00
"relationship_type": "includes",
2023-12-14 14:30:15 +00:00
"timestamp": "1662993714",
"uuid": "fb4670ff-23b5-4c16-b719-da5dd414c94e"
},
{
"comment": "Section 19 of ELF",
"object_uuid": "635ce2ad-e872-4956-8118-0fdb473c8424",
"referenced_uuid": "0a72bfd3-3a03-425c-9da6-e5bf14a73b87",
2023-04-21 13:25:09 +00:00
"relationship_type": "includes",
2023-12-14 14:30:15 +00:00
"timestamp": "1662993714",
"uuid": "a2da6340-e6b5-4567-b887-5ddf9f94b612"
},
{
"comment": "Section 20 of ELF",
"object_uuid": "635ce2ad-e872-4956-8118-0fdb473c8424",
"referenced_uuid": "8d56336e-f1af-4d1f-be74-4699c6d39eac",
2023-04-21 13:25:09 +00:00
"relationship_type": "includes",
2023-12-14 14:30:15 +00:00
"timestamp": "1662993714",
"uuid": "39601ccc-bf38-4c4d-9541-36247822a513"
},
{
"comment": "Section 21 of ELF",
"object_uuid": "635ce2ad-e872-4956-8118-0fdb473c8424",
"referenced_uuid": "98eaace2-d74a-43cf-a02a-a969867df3c1",
2023-04-21 13:25:09 +00:00
"relationship_type": "includes",
2023-12-14 14:30:15 +00:00
"timestamp": "1662993714",
"uuid": "1634bd0d-c769-4dc9-a3a1-cabbc4f24d88"
},
{
"comment": "Section 22 of ELF",
"object_uuid": "635ce2ad-e872-4956-8118-0fdb473c8424",
"referenced_uuid": "08648093-7012-4d42-81d2-0902d0524679",
2023-04-21 13:25:09 +00:00
"relationship_type": "includes",
2023-12-14 14:30:15 +00:00
"timestamp": "1662993714",
"uuid": "1134e8e7-c0bf-4247-9337-ea2581218cfa"
},
{
"comment": "Section 23 of ELF",
"object_uuid": "635ce2ad-e872-4956-8118-0fdb473c8424",
"referenced_uuid": "bec89af8-5394-47fa-9672-9d179eaaedc4",
2023-04-21 13:25:09 +00:00
"relationship_type": "includes",
2023-12-14 14:30:15 +00:00
"timestamp": "1662993714",
"uuid": "de4c9e5e-f722-4ccc-be7a-4b9162a6a302"
},
{
"comment": "Section 24 of ELF",
"object_uuid": "635ce2ad-e872-4956-8118-0fdb473c8424",
"referenced_uuid": "e9e76732-f3d5-489e-8bd2-d07d354d049f",
2023-04-21 13:25:09 +00:00
"relationship_type": "includes",
2023-12-14 14:30:15 +00:00
"timestamp": "1662993714",
"uuid": "7880f597-ab3d-4bd4-9bf8-c41f0eff2d64"
},
{
"comment": "Section 25 of ELF",
"object_uuid": "635ce2ad-e872-4956-8118-0fdb473c8424",
"referenced_uuid": "9e9dbee4-7953-4545-adf7-0004efc1961d",
2023-04-21 13:25:09 +00:00
"relationship_type": "includes",
2023-12-14 14:30:15 +00:00
"timestamp": "1662993714",
"uuid": "397e3fff-fb3d-4e3c-802f-1406fb13b823"
},
{
"comment": "Section 26 of ELF",
"object_uuid": "635ce2ad-e872-4956-8118-0fdb473c8424",
"referenced_uuid": "5cefde66-49fe-405b-b656-de6024c7e6fb",
2023-04-21 13:25:09 +00:00
"relationship_type": "includes",
2023-12-14 14:30:15 +00:00
"timestamp": "1662993714",
"uuid": "6fea279a-37fc-4689-967b-1529e5ec670e"
},
{
"comment": "Section 27 of ELF",
"object_uuid": "635ce2ad-e872-4956-8118-0fdb473c8424",
"referenced_uuid": "30791caf-9875-4da1-ac7e-f51a97da1ed0",
2023-04-21 13:25:09 +00:00
"relationship_type": "includes",
2023-12-14 14:30:15 +00:00
"timestamp": "1662993714",
"uuid": "8748d14d-b477-4635-a833-8436fda041b2"
},
{
"comment": "Section 28 of ELF",
"object_uuid": "635ce2ad-e872-4956-8118-0fdb473c8424",
"referenced_uuid": "c6546b6f-4721-4c71-9fe1-22353750a63c",
2023-04-21 13:25:09 +00:00
"relationship_type": "includes",
2023-12-14 14:30:15 +00:00
"timestamp": "1662993714",
"uuid": "5346aa4f-9556-41c5-8257-92fc1e4d4ca3"
},
{
"comment": "Section 29 of ELF",
"object_uuid": "635ce2ad-e872-4956-8118-0fdb473c8424",
"referenced_uuid": "6c5b84ab-b2e3-472d-9317-547fb1574f75",
2023-04-21 13:25:09 +00:00
"relationship_type": "includes",
2023-12-14 14:30:15 +00:00
"timestamp": "1662993714",
"uuid": "7aec4b1b-0030-46e6-9622-5e2ef7351f74"
},
{
"comment": "Section 30 of ELF",
"object_uuid": "635ce2ad-e872-4956-8118-0fdb473c8424",
"referenced_uuid": "ad44aa8d-152c-4d6d-9b30-4328764b620f",
2023-04-21 13:25:09 +00:00
"relationship_type": "includes",
2023-12-14 14:30:15 +00:00
"timestamp": "1662993714",
"uuid": "c70c1558-f6c6-48d6-aa8c-858ec198548e"
},
{
"comment": "Section 31 of ELF",
"object_uuid": "635ce2ad-e872-4956-8118-0fdb473c8424",
"referenced_uuid": "182c0855-8a58-47ab-bce0-b3ddfd1ade8c",
2023-04-21 13:25:09 +00:00
"relationship_type": "includes",
2023-12-14 14:30:15 +00:00
"timestamp": "1662993715",
"uuid": "13db9d40-1233-46b0-a81f-2f274aa27508"
}
],
"Attribute": [
{
"category": "Other",
"comment": "",
"deleted": false,
"disable_correlation": true,
"object_relation": "type",
"timestamp": "1662993714",
"to_ids": false,
"type": "text",
"uuid": "df4fb89b-5bb4-4ab9-8886-9e50ce1e64ee",
"value": "EXECUTABLE"
},
{
"category": "Other",
"comment": "",
"deleted": false,
"disable_correlation": true,
"object_relation": "entrypoint-address",
"timestamp": "1662993714",
"to_ids": false,
"type": "text",
"uuid": "d65a961c-cddc-4889-bd5e-483c86f9a67c",
"value": "4211376"
},
{
"category": "Other",
"comment": "",
"deleted": false,
"disable_correlation": true,
"object_relation": "arch",
"timestamp": "1662993714",
"to_ids": false,
"type": "text",
"uuid": "7bc09858-5f51-4c8f-b400-9378c5041afd",
"value": "x86_64"
},
{
"category": "Other",
"comment": "",
"deleted": false,
"disable_correlation": true,
"object_relation": "os_abi",
"timestamp": "1662993714",
"to_ids": false,
"type": "text",
"uuid": "645b7855-65bb-4420-ad27-c61582ed8e04",
"value": "LINUX"
},
{
"category": "Other",
"comment": "",
"deleted": false,
"disable_correlation": true,
"object_relation": "number-sections",
"timestamp": "1662993714",
"to_ids": false,
"type": "counter",
"uuid": "2b30fa59-2763-47e6-831e-343de9414b54",
"value": "32"
}
]
},
{
"comment": "",
"deleted": false,
"description": "File object describing a file with meta-information",
"meta-category": "file",
"name": "file",
"template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215",
"template_version": "20",
"timestamp": "1662993715",
"uuid": "aef7ae69-d72e-4380-be6d-e90aab5dbd4c",
"ObjectReference": [
{
"comment": "ELF indicators",
"object_uuid": "aef7ae69-d72e-4380-be6d-e90aab5dbd4c",
"referenced_uuid": "635ce2ad-e872-4956-8118-0fdb473c8424",
2023-04-21 13:25:09 +00:00
"relationship_type": "includes",
2023-12-14 14:30:15 +00:00
"timestamp": "1662993715",
"uuid": "237151cc-d726-4e67-af5d-78ff1b618c53"
}
],
"Attribute": [
{
"category": "Payload delivery",
"comment": "",
"deleted": false,
"disable_correlation": true,
"object_relation": "filename",
"timestamp": "1662993714",
"to_ids": true,
"type": "filename",
"uuid": "f925e48a-e4e5-4436-b5a8-e092057caf6e",
"value": "hezb"
},
{
"category": "Other",
"comment": "",
"deleted": false,
"disable_correlation": true,
"object_relation": "size-in-bytes",
"timestamp": "1662993714",
"to_ids": false,
"type": "size-in-bytes",
"uuid": "2c706798-4197-4183-b881-93c8d48f0ad8",
"value": "5835496"
},
{
"category": "Other",
"comment": "",
"deleted": false,
"disable_correlation": true,
"object_relation": "entropy",
"timestamp": "1662993714",
"to_ids": false,
"type": "float",
"uuid": "2a1e4f29-6852-48d0-88a8-6bf044dfe9f2",
"value": "6.4901793645136"
},
{
"category": "Payload delivery",
"comment": "",
"deleted": false,
"disable_correlation": false,
"object_relation": "md5",
"timestamp": "1662993714",
"to_ids": true,
"type": "md5",
"uuid": "85a3cdbf-3034-440e-9df8-67b27982aa97",
"value": "27c44dd2edc626df03504ce129f5c021"
},
{
"category": "Payload delivery",
"comment": "",
"deleted": false,
"disable_correlation": false,
"object_relation": "sha1",
"timestamp": "1662993714",
"to_ids": true,
"type": "sha1",
"uuid": "91fa04bc-e1a4-4666-9481-3672500ab5e1",
"value": "72097d4e8145f4b341c7d8df9754c33cee90edd5"
},
{
"category": "Payload delivery",
"comment": "",
"deleted": false,
"disable_correlation": false,
"object_relation": "sha256",
"timestamp": "1662993714",
"to_ids": true,
"type": "sha256",
"uuid": "04c1ec29-5570-4472-83a0-12b618ccb2aa",
"value": "aaa4aaa14e351350fccbda72d442995a65bd1bb8281d97d1153401e31365a3e9"
},
{
"category": "Payload delivery",
"comment": "",
"deleted": false,
"disable_correlation": false,
"object_relation": "sha512",
"timestamp": "1662993714",
"to_ids": true,
"type": "sha512",
"uuid": "f6b4e7ea-5d57-4287-8dbb-bbd3963ad1fe",
"value": "38dbddc6d7e3e258781c0b88d580c4c3908edf155ada348d2f6b1ad161038bcb403ad3aa5918ab0f0c1615df603de1bdc8b264357029fe1703087fd9c1888b2e"
},
{
"category": "Payload delivery",
"comment": "",
"data": "UEsDBBQACQAIADt1LFXcW+X0m2ojAOgKWQAgABwAMjdjNDRkZDJlZGM2MjZkZjAzNTA0Y2UxMjlmNWMwMjFVVAkAAzJFH2MyRR9jdXgLAAEEIQAAAAQhAAAAiaCHK6KaXqmsrMSG+JvA6iE13mwcPHSKSwggOvShqp8bA00ChNoQfixfx8pjn81olj2ffe8vAF9OArR3yRaim5sC7JN+MIoDZKPPrS+uClhg4WKLQGfhoUadGEF+lYmc/Gw+qSqSvMySP3czWKk61nfeNIBVZpF5/8ngjczaJzy6TV7SGfUizA7+3FCku8hDM/ScDZJj6MuAJrslQBfrr4mtgLeAAQ7NPNgWrKJa3taB380Al6UkTBay3/V2xdmEE6pILT3dm9cksGgl514rxDAp+nmUUrT9vOPEMdfQqvNQZHVUXKTCppb/zwHdv0yk57ImFYPvST9Ff/zcKi0+pz3Zlk5DJiCyTeW/UWDjbo4bUb7lIz2saWz7wztGRmYHi9h9LlzoF06eh4zpFye3uvBN2sWcMRh3l0YVsZTWCp8S4Jn6usCcMzbeDFljXEWZj4Gf7i4bdLyDS+PvEz07LqBmXW+6b53sBEWz82QeXXLW6CffuZ9g8ySoHsvTl+M12OA/Q8Bwl4MsG8PfNIFtsUt1eHSL3cMOoFx//E6B6KvGZm4Rygqf1UsUDA9m0WHyVK50Lgc/9yXifbJ7u/8qgPIYqfKldzfMIypVU9Kax1YFKgABJWjrhqX/DpYXVJZViodFDzCTQILkdv6pLNocw51K+Slax3a6Ma4HtskouXIxxqt/uID01dFN362a3C/4NXQ1sapZYRN1CXosDWBk6eLRoqhgjxwWnkvL4T58I+6UBOxuZaDXnaUkIYuU/pXY7K+k2qKLj5yUypndsfXqxaGqZoJQ6qgTe8Nbdrz1XDMmRzFPy3A7sC8MFZg2/HBO3mYnU36lU97XvbicRtMydzKN7IwwldZZ4diJFrQ/FrOtze34itNsvibzu4suc6Yz0/Iti+4vXIgOklEe37vA2F02OKQuPpUQKI9vrOb9r2kqlkgXfWDh1j+on9NUnCOZwCpMchDt5+c4JE28jgOQ2FeIK3nqxEbuiKPvk2Y/LZNrq/XHseYsoU5nU+axF9MRwiS++scbB175fPuB1by/z5KhMuh7U0Q74i60sg1CtRgyeD1HPiHLPpYuLHweL3Sl6TzmDdX1N3zQBETnA6tvuTTCpyKZnQXhae5vrQqB+hFtZ6EGM0cDd1jiKevm4tQomE9eVS48RdXu3rbhtdfVnBAYP17vz7kRvzAUSH8DdN6/gnt5pNGjWIowuRPhcA8LUgIysoWh6iK5CP7P5R/OlXVjCZE0BBPhY3Eswhb1vKSlutF8mfbPQdAObsSmr+yTVHITUf3nUvXwyfy/Ck5gmcoMU2I+vfhSEOHNSw4iVvOi0MLKdZPvwtinjTt+YGD7vF5kFHaq3CodQAJV0oXe0Fs40viyy02XBtlq3pNpvYsVcxVa/ojkiHKffwYnj+mlXrGsMRmCBJ/+IkFVZm7TDKYyy3FP5zJk+0ow9Ki9aNg4sLkG//RvHpT89B8DJscYIeViP0QKRaON+AhNPGlhMjSXi1hbJaxg+E8/g0AHM7vRvLPhUTGfbmzWmKImPCDGO3n9hMcKhmk850owAl4lWK8/SluBZYvvxzcq13NYKwE4eLpNjs+ga/uCy4ruc9usU5HizpH6ZfKg/mcBDOlZmX+QcJ2/dwDHo5PICZEbyHWEYuET0jkqU1/FP0LJRUKK5OsWqtlbAANbcGa+as/HpfCJDrhVmMDWP5FY5wl3oaG3n7HfLniwyl1cLp6ZCJ0olmZHjT4/Hd3wufPILQ5RtmPEew4GewAqhtmjRW67dwDjyZE4Cfkl8W0pJnX2G/ix816tTHV2kqZKzmCuAFCEpK6GRw6bi4h36LOPQjJiXJCXdHWODjJUcQ99jzcRE+f4gkBvcJxJlHKICSdVapm4vsaaRMR3i1NcdXpRbvZi1EzdVwnSTPwAbNGybmbojNUcJBgdjjDPOups4iSd/PzBGV2SR69U4QkTESVMKqqqfc9XdeokYGVPOWkBX7fM+376iHYqucaeLJayEI72UeWEa/f4NrjgNt2tKhGBKjEIdSZZ29Wv961flTKu0VdMlfqNcca3eLNtWF6WwV3lQ5UftmYAFt+Um8rWBfTC8WgGKYS87+zzVQJ3HOnQqlnJhPmdPe2a7zoWDncw+fZvdcLvGIlAtEIfKYb2w1Eb27cTV2lODOdu2iS/q+6qsc7fLVSCOVQVkU/i3VfUx/8KneLhGcng9SPMQaOdB/woGmoFzlqy3Tiz4bTRZsb5aQIxSh/sflrQjD/kunRCUcCbfX1p6rkZk+94wqH2eVlNSN2LK8APdhm0dlY2NCVmM7Ap8WjSq/c/SZ6/3iz+Lw733ObFYaDnslvmlEbglG3cTuVT+YamcJlbxAWfxglb9vjwSU4BBICCS28ZbHc1l7Plz0w+Q5gxREmANTymMXal3QvD3KTGUCXtSF77xs2qZvBtn0sGrQ6QFuHf8U8Vg8VC0htwdDJ2plyQuUbG95fMT8S1hG6iUMe++MN5kGt+vwbg5jOE0HQXhyJUKcUq9Iau6WReBjgfR3T820zNahph/4ijefRKMyNWbVV28OrVil8kL6h5jkHbyXlfGOMW+e918IQh2HaoniayKdQazYDO/BUhePVoxgLoQAqfKmVwefT9wi/Gs4c6ewrfzgvE9ftU/9D4RR83Duc5lOTw+Lbdizvq8lzMa2c/15tW6+D8FPO6pWS2flt6yAl44vHEx0NazTEl4kbapGcOGphIqXi2wUbe7Hpr1SnSehWYT0VrLCBYafbTYPqshuyCEq93kJb7yqgROri+GM6n3qp3HuvAabbbm2ZmnUXvOEsc6tMBjrWHYr39vLURPkFNIiF1PsBPSoevKXqiEQJ0PxOVSWM7kDylIz4kF3pxpGBkWQsQGmwAS6lPr59o7AHp84+j69251NyPMYZNr/6cqQH18m/GvovDOM/1HVZhWMfsosptJg/DeMIlJzbOk5nawEVKbP5c6CDou/EdmhaK9b88ocF4Avxce+LvkH5QQpwm0gHBMdUWSdgX+DihdQzA2ae42Rb/bo1Sta9a37i4UwQ1R9f2SI9MBLHLfbEqOORTWVZ/z6W2YGx6ITYtvebREMk0O5RPqLjIby9oSW+YssEZsi5r/zwsrG6EIoequNGuqpFkDQ/NbW03CfqmFfqXVQOG3bqRAIdHvqC6BaG3IeK/bsXlOEjsVkmz0rm2Lelh0AYODN5Pv0JpG4lm1+UGG076O6/CCNZDQmGTKV+bX2RC/tYb+ZkZkNC6X9fuW6U1Y32gJ5xYMu5XA7a3rlHNQnIaCAIStPFjBsIdnkmqrQWIaFWu5MMqU8Rxsp7aNpIYqMAb9yibpNl1xB0jCa9dOKx5i/fikB1dp1QrvLhz7O6/UyMJXqFcn/h9tkKTlPTuHzDgtL9zug+wAOoMNzTMHuVgaUjTTlqkBYo1uldtySAH1GqHEYbXs1aKVFV53aIv8NzrF7vOlSO9NT3H6rfoIQwkIRCbwdBqtXkT0re6SJXz4dyyBmvOBJjMVEM0/1p/tFTzm0yJokM/pN2yyeI1s8aI36Awp8Ss65fS9/QCBGQh4HQ8aCj0RVC1Dnx7Mjrr7ppCHRpd53T9toM5+wTRWmJW8OpUrHk1yyKY+EjcSut7cbUVgl1Breux3vPJnBuvYQpsmyGPUcGIrqVsffCTaNGzyp5c2xzaJ7nAbb7bHU4gdoJSt7QWKnczCgksHzCtrX4u6tGIgj8JSEofX6AhCSiQSSHMedxwlyBaE+pZ8xoIzg43QS5jX5Qj1yzT90rdV55TmdZYmz6bzJlHEQGL6WGCl7o+cZjJ5ESvgm4knwpllaobYLHXa/7NmKrXWH7bZ8noUlvVyCMc2pOa7po9Uv1egBw1w3+7id4sX8im4YcqOzCLcPdLO3nH4ev/S6HOrChB+AAmrg1CKdLorq6f9H93sGHvQpM3GQCV4Jht1egpWDy2ClMV4Ek2qfEIEC
"deleted": false,
"disable_correlation": false,
"object_relation": "malware-sample",
"timestamp": "1662993714",
"to_ids": true,
"type": "malware-sample",
"uuid": "6b34f71b-05c0-43cc-9f9e-284787a36e49",
"value": "hezb|27c44dd2edc626df03504ce129f5c021"
},
{
"category": "Artifacts dropped",
"comment": "",
"deleted": false,
"disable_correlation": true,
"object_relation": "mimetype",
"timestamp": "1662993714",
"to_ids": false,
"type": "mime-type",
"uuid": "251fabb8-e306-4ddd-b8bb-04db2f9be45a",
"value": "ELF 64-bit LSB executable, x86-64, version 1 (GNU/Linux)"
},
{
"category": "Payload delivery",
"comment": "",
"deleted": false,
"disable_correlation": false,
"object_relation": "ssdeep",
"timestamp": "1662993714",
"to_ids": true,
"type": "ssdeep",
"uuid": "fa82c0ce-95bb-452c-b03b-ea0fcdbb81d7",
"value": "98304:4Mqzx/c2OP+7c2kgfGWmWngXg6ut3t3t+6Xn6Xn6XUgXpMSM3MqgXZgX4/45Sanb:4Nco7cW/VyIBhT3ZMRM"
}
]
},
{
"comment": "",
"deleted": false,
"description": "Object describing a section of an Executable and Linkable Format",
"meta-category": "file",
"name": "elf-section",
"template_uuid": "ca271f32-1234-4e87-b240-6b6e882de5de",
"template_version": "4",
"timestamp": "1662993779",
"uuid": "8847fb72-8125-4aaa-abd0-4166578e03ac",
"Attribute": [
{
"category": "Other",
"comment": "",
"deleted": false,
"disable_correlation": true,
"object_relation": "type",
"timestamp": "1662993780",
"to_ids": false,
"type": "text",
"uuid": "cf2c4413-4e97-4e40-93b2-df6fe65a0d2d",
"value": "NULL"
},
{
"category": "Other",
"comment": "",
"deleted": false,
"disable_correlation": true,
"object_relation": "size-in-bytes",
"timestamp": "1662993780",
"to_ids": false,
"type": "size-in-bytes",
"uuid": "3d1f6151-a2c2-4bb2-8db8-3a65159cffc8",
"value": "0"
}
]
},
{
"comment": "",
"deleted": false,
"description": "Object describing a section of an Executable and Linkable Format",
"meta-category": "file",
"name": "elf-section",
"template_uuid": "ca271f32-1234-4e87-b240-6b6e882de5de",
"template_version": "4",
"timestamp": "1662993780",
"uuid": "78163fa7-83f0-47b3-a928-07c7c9ba6129",
"Attribute": [
{
"category": "Other",
"comment": "",
"deleted": false,
"disable_correlation": true,
"object_relation": "name",
"timestamp": "1662993780",
"to_ids": false,
"type": "text",
"uuid": "f5a01a3d-a9ac-4433-8040-15e580a83dfb",
"value": ".text"
},
{
"category": "Other",
"comment": "",
"deleted": false,
"disable_correlation": true,
"object_relation": "type",
"timestamp": "1662993780",
"to_ids": false,
"type": "text",
"uuid": "dd79974d-cc42-4869-8688-16de4efc9c33",
"value": "PROGBITS"
},
{
"category": "Other",
"comment": "",
"deleted": false,
"disable_correlation": true,
"object_relation": "flag",
"timestamp": "1662993780",
"to_ids": false,
"type": "text",
"uuid": "26ed31ec-6fda-497d-9025-e7e89d330c37",
"value": "ALLOC"
},
{
"category": "Other",
"comment": "",
"deleted": false,
"disable_correlation": true,
"object_relation": "flag",
"timestamp": "1662993780",
"to_ids": false,
"type": "text",
"uuid": "0af27d73-625a-4696-b783-bfad7b14f033",
"value": "EXECINSTR"
},
{
"category": "Other",
"comment": "",
"deleted": false,
"disable_correlation": true,
"object_relation": "size-in-bytes",
"timestamp": "1662993780",
"to_ids": false,
"type": "size-in-bytes",
"uuid": "a1e84aa7-d8e1-46c4-b688-127e2947306e",
"value": "749268"
},
{
"category": "Other",
"comment": "",
"deleted": false,
"disable_correlation": true,
"object_relation": "entropy",
"timestamp": "1662993780",
"to_ids": false,
"type": "float",
"uuid": "103a2716-9f7a-4d61-8f27-45bbd426ada1",
"value": "5.9127796510382"
},
{
"category": "Payload delivery",
"comment": "",
"deleted": false,
"disable_correlation": false,
"object_relation": "md5",
"timestamp": "1662993780",
"to_ids": true,
"type": "md5",
"uuid": "b784b83c-c6de-41a9-b47e-a277ac15c9da",
"value": "16d80566cc0b732c67f8991d6e08a0f3"
},
{
"category": "Payload delivery",
"comment": "",
"deleted": false,
"disable_correlation": false,
"object_relation": "sha1",
"timestamp": "1662993780",
"to_ids": true,
"type": "sha1",
"uuid": "a88fe9fe-92e9-4a92-a2ae-ba500a93e165",
"value": "2a9918e56992dfbc1bc540f6a23c00cf758c0adc"
},
{
"category": "Payload delivery",
"comment": "",
"deleted": false,
"disable_correlation": false,
"object_relation": "sha256",
"timestamp": "1662993780",
"to_ids": true,
"type": "sha256",
"uuid": "be0d3646-b05d-474b-8e96-ccd46d10d60c",
"value": "7212e01c3c5ce3b1c4217553a8eca63f11911b461ba3998307384db7ea98a348"
},
{
"category": "Payload delivery",
"comment": "",
"deleted": false,
"disable_correlation": false,
"object_relation": "sha512",
"timestamp": "1662993780",
"to_ids": true,
"type": "sha512",
"uuid": "c42d06b3-e290-4c8b-bf42-f107f3987895",
"value": "d24e9be4b452daaab268df48a3081c885e44a5086a06286969127dd1195943e86edca8bb470f8f9e76cf5fac799201c96babb4865135452566026782f5f31d46"
},
{
"category": "Payload delivery",
"comment": "",
"deleted": false,
"disable_correlation": false,
"object_relation": "ssdeep",
"timestamp": "1662993780",
"to_ids": true,
"type": "ssdeep",
"uuid": "c169d15d-5cbb-4675-9fa7-2e7745c7bd6d",
"value": "12288:IK9Om41rhGBqGUYCC+R1DX0RTE8IZSw5Cb:I2HqrhGNtI14z"
}
]
},
{
"comment": "",
"deleted": false,
"description": "Object describing a section of an Executable and Linkable Format",
"meta-category": "file",
"name": "elf-section",
"template_uuid": "ca271f32-1234-4e87-b240-6b6e882de5de",
"template_version": "4",
"timestamp": "1662993780",
"uuid": "35c65cc6-6518-4cde-a4b6-cec38544378e",
"Attribute": [
{
"category": "Other",
"comment": "",
"deleted": false,
"disable_correlation": true,
"object_relation": "name",
"timestamp": "1662993780",
"to_ids": false,
"type": "text",
"uuid": "507d7785-e019-41fd-acdf-486d6e457efb",
"value": ".rodata"
},
{
"category": "Other",
"comment": "",
"deleted": false,
"disable_correlation": true,
"object_relation": "type",
"timestamp": "1662993780",
"to_ids": false,
"type": "text",
"uuid": "1ef30ad2-6b66-458b-a0da-ae5b2e14e6ea",
"value": "PROGBITS"
},
{
"category": "Other",
"comment": "",
"deleted": false,
"disable_correlation": true,
"object_relation": "flag",
"timestamp": "1662993780",
"to_ids": false,
"type": "text",
"uuid": "a257c8c1-45cf-4df4-8f7d-6b99889bc883",
"value": "ALLOC"
},
{
"category": "Other",
"comment": "",
"deleted": false,
"disable_correlation": true,
"object_relation": "size-in-bytes",
"timestamp": "1662993780",
"to_ids": false,
"type": "size-in-bytes",
"uuid": "fdea0e2e-98c9-4fb5-9427-d01c4d3df161",
"value": "317131"
},
{
"category": "Other",
"comment": "",
"deleted": false,
"disable_correlation": true,
"object_relation": "entropy",
"timestamp": "1662993780",
"to_ids": false,
"type": "float",
"uuid": "d59f0697-b06a-42bb-8c30-6ed168f616ea",
"value": "4.2852611646606"
},
{
"category": "Payload delivery",
"comment": "",
"deleted": false,
"disable_correlation": false,
"object_relation": "md5",
"timestamp": "1662993780",
"to_ids": true,
"type": "md5",
"uuid": "d1212a55-1fd8-4e23-b57f-ee0f4a810c24",
"value": "52843e03dfdbca04ac7509fc84567a22"
},
{
"category": "Payload delivery",
"comment": "",
"deleted": false,
"disable_correlation": false,
"object_relation": "sha1",
"timestamp": "1662993780",
"to_ids": true,
"type": "sha1",
"uuid": "465b2e85-c152-46cf-91ee-2bbec0c572d2",
"value": "cabeb378c0445f3307cc9bf0724306477a7b586c"
},
{
"category": "Payload delivery",
"comment": "",
"deleted": false,
"disable_correlation": false,
"object_relation": "sha256",
"timestamp": "1662993780",
"to_ids": true,
"type": "sha256",
"uuid": "a0fb3383-6e51-4679-91e4-31a49f423378",
"value": "732a43b53e8f18d3c1d861772fb18186bbd9fc59cf6760e0fc47dc60f95f6abe"
},
{
"category": "Payload delivery",
"comment": "",
"deleted": false,
"disable_correlation": false,
"object_relation": "sha512",
"timestamp": "1662993780",
"to_ids": true,
"type": "sha512",
"uuid": "71f5c407-1861-404a-ae3a-fbc914212a5f",
"value": "596ee81c3d8dfce4d42d25b7c12af72c31faff9ff24d5530a236a0b53f768904cb93d9b297a4e27521cb2049093149696e57f5745f2c2af29b0500914b39f925"
},
{
"category": "Payload delivery",
"comment": "",
"deleted": false,
"disable_correlation": false,
"object_relation": "ssdeep",
"timestamp": "1662993780",
"to_ids": true,
"type": "ssdeep",
"uuid": "73746d2e-2c04-4327-95b5-1f84de3a937a",
"value": "3072:jRv/sTcZ5ZL9OFQxJtduZoGwFl3IdFQ9KbEvCZorCR+ExL25Nh1nN353aTAbY7iS:jRhZ3L4OGZmK3gCZorSdo1N30T9O1WV"
}
]
},
{
"comment": "",
"deleted": false,
"description": "Object describing a section of an Executable and Linkable Format",
"meta-category": "file",
"name": "elf-section",
"template_uuid": "ca271f32-1234-4e87-b240-6b6e882de5de",
"template_version": "4",
"timestamp": "1662993780",
"uuid": "31a3875d-3d00-470d-9eab-e935795182ae",
"Attribute": [
{
"category": "Other",
"comment": "",
"deleted": false,
"disable_correlation": true,
"object_relation": "name",
"timestamp": "1662993780",
"to_ids": false,
"type": "text",
"uuid": "950d10a6-2144-4c71-b8ae-388850e9fb34",
"value": ".shstrtab"
},
{
"category": "Other",
"comment": "",
"deleted": false,
"disable_correlation": true,
"object_relation": "type",
"timestamp": "1662993780",
"to_ids": false,
"type": "text",
"uuid": "81bfcda8-f3fa-4ee0-acf2-28e19993fd49",
"value": "STRTAB"
},
{
"category": "Other",
"comment": "",
"deleted": false,
"disable_correlation": true,
"object_relation": "size-in-bytes",
"timestamp": "1662993780",
"to_ids": false,
"type": "size-in-bytes",
"uuid": "9210ea89-c8e2-4beb-89f0-8034e819082c",
"value": "444"
},
{
"category": "Other",
"comment": "",
"deleted": false,
"disable_correlation": true,
"object_relation": "entropy",
"timestamp": "1662993780",
"to_ids": false,
"type": "float",
"uuid": "e76325d3-732b-4eb0-a11e-7f9905ce1f8b",
"value": "4.3279187743652"
},
{
"category": "Payload delivery",
"comment": "",
"deleted": false,
"disable_correlation": false,
"object_relation": "md5",
"timestamp": "1662993780",
"to_ids": true,
"type": "md5",
"uuid": "8f44f81b-dcda-42ca-a747-64884916eb0c",
"value": "b54ea68118ef1810849f71bca38b3c52"
},
{
"category": "Payload delivery",
"comment": "",
"deleted": false,
"disable_correlation": false,
"object_relation": "sha1",
"timestamp": "1662993780",
"to_ids": true,
"type": "sha1",
"uuid": "78007bbc-a73e-492f-b6cb-d05c1eea97a0",
"value": "7387e9da32437119b7796208d36f9166529b4f7f"
},
{
"category": "Payload delivery",
"comment": "",
"deleted": false,
"disable_correlation": false,
"object_relation": "sha256",
"timestamp": "1662993780",
"to_ids": true,
"type": "sha256",
"uuid": "f981906b-ea3a-4577-ba5c-0780ad6d447c",
"value": "75e031892e7562458daa4a19e18463410b85164c7d72e4b8af239378ebf95e63"
},
{
"category": "Payload delivery",
"comment": "",
"deleted": false,
"disable_correlation": false,
"object_relation": "sha512",
"timestamp": "1662993780",
"to_ids": true,
"type": "sha512",
"uuid": "7495fc65-d243-479b-923f-0ccbcda02aad",
"value": "c8b028a425bb91d1660bd8830737cad54f33902b00f02396c9b17d59a13e096019eb7075307ba62ee652adf047ac18d3bd47b91a55faf68d12072a9b36c97d13"
},
{
"category": "Payload delivery",
"comment": "",
"deleted": false,
"disable_correlation": false,
"object_relation": "ssdeep",
"timestamp": "1662993780",
"to_ids": true,
"type": "ssdeep",
"uuid": "2c97c21b-d98a-44f2-b28b-694978a08d07",
"value": "12:kCDOiHQ3YdwNfHTCyZLnBHQwY5XFNBxhN90N9mpzbpzzUotUoVQ2zQl:kCq2Ess5bBwwY5XzBxh4Oa0UCz6"
}
]
},
{
"comment": "",
"deleted": false,
"description": "Object describing a section of an Executable and Linkable Format",
"meta-category": "file",
"name": "elf-section",
"template_uuid": "ca271f32-1234-4e87-b240-6b6e882de5de",
"template_version": "4",
"timestamp": "1662993780",
"uuid": "00e353d5-9326-4c8d-9a60-5c8238e4aca3",
"Attribute": [
{
"category": "Other",
"comment": "",
"deleted": false,
"disable_correlation": true,
"object_relation": "name",
"timestamp": "1662993780",
"to_ids": false,
"type": "text",
"uuid": "081263ec-324b-411a-b65c-61bd0ffbbc9e",
"value": ".typelink"
},
{
"category": "Other",
"comment": "",
"deleted": false,
"disable_correlation": true,
"object_relation": "type",
"timestamp": "1662993780",
"to_ids": false,
"type": "text",
"uuid": "382cc8ab-2af9-428f-9d10-a9a5df4d5980",
"value": "PROGBITS"
},
{
"category": "Other",
"comment": "",
"deleted": false,
"disable_correlation": true,
"object_relation": "flag",
"timestamp": "1662993780",
"to_ids": false,
"type": "text",
"uuid": "78444cb8-9295-447a-a316-bf87c40ca116",
"value": "ALLOC"
},
{
"category": "Other",
"comment": "",
"deleted": false,
"disable_correlation": true,
"object_relation": "size-in-bytes",
"timestamp": "1662993780",
"to_ids": false,
"type": "size-in-bytes",
"uuid": "3afb4dcb-a6e5-4e04-b99a-80e434fd6306",
"value": "2136"
},
{
"category": "Other",
"comment": "",
"deleted": false,
"disable_correlation": true,
"object_relation": "entropy",
"timestamp": "1662993780",
"to_ids": false,
"type": "float",
"uuid": "e76491b5-9f6f-4983-bf54-d908af00101c",
"value": "4.0805776726235"
},
{
"category": "Payload delivery",
"comment": "",
"deleted": false,
"disable_correlation": false,
"object_relation": "md5",
"timestamp": "1662993780",
"to_ids": true,
"type": "md5",
"uuid": "46448dc1-bcd3-40bd-9d4d-81fbf21a6f42",
"value": "758ae8703867071db7103a901d64600e"
},
{
"category": "Payload delivery",
"comment": "",
"deleted": false,
"disable_correlation": false,
"object_relation": "sha1",
"timestamp": "1662993780",
"to_ids": true,
"type": "sha1",
"uuid": "50170852-1010-4d18-8614-2ee5e248ca62",
"value": "ef8bee9610de55d4559d746294b14afcb7304461"
},
{
"category": "Payload delivery",
"comment": "",
"deleted": false,
"disable_correlation": false,
"object_relation": "sha256",
"timestamp": "1662993780",
"to_ids": true,
"type": "sha256",
"uuid": "cbe1a969-c148-4a82-8672-dca8215f0249",
"value": "19fecee520cda38081401730ebbffaca7b4b8ba7ca7d69d82c73fabdc1080953"
},
{
"category": "Payload delivery",
"comment": "",
"deleted": false,
"disable_correlation": false,
"object_relation": "sha512",
"timestamp": "1662993780",
"to_ids": true,
"type": "sha512",
"uuid": "de6887a6-1880-4f9e-92f0-b1c21be157ee",
"value": "159f85c9e846dfc92cd6e775af7f0b582f1874536a3316397f72aafc4c4e196d5d26d056ff5561474a26093dff90c48563dad9ed549202cde530126caa1d6d8c"
},
{
"category": "Payload delivery",
"comment": "",
"deleted": false,
"disable_correlation": false,
"object_relation": "ssdeep",
"timestamp": "1662993780",
"to_ids": true,
"type": "ssdeep",
"uuid": "04903b9d-987f-4ecb-a0fb-d04f8cd19fc6",
"value": "48:UqzD/AhperGGbFW1cq0Lvpd9t70lBNzgDCi8Oh:UiD4hpum0rpd9OVgQOh"
}
]
},
{
"comment": "",
"deleted": false,
"description": "Object describing a section of an Executable and Linkable Format",
"meta-category": "file",
"name": "elf-section",
"template_uuid": "ca271f32-1234-4e87-b240-6b6e882de5de",
"template_version": "4",
"timestamp": "1662993780",
"uuid": "d38ccd29-55c6-4b3b-bd60-2dbab2f8297f",
"Attribute": [
{
"category": "Other",
"comment": "",
"deleted": false,
"disable_correlation": true,
"object_relation": "name",
"timestamp": "1662993780",
"to_ids": false,
"type": "text",
"uuid": "e85c2965-1ef0-416e-8a6a-b5bbc170ccd3",
"value": ".itablink"
},
{
"category": "Other",
"comment": "",
"deleted": false,
"disable_correlation": true,
"object_relation": "type",
"timestamp": "1662993780",
"to_ids": false,
"type": "text",
"uuid": "ea9cce9b-6d45-450a-9b1a-9d85f6d3fa45",
"value": "PROGBITS"
},
{
"category": "Other",
"comment": "",
"deleted": false,
"disable_correlation": true,
"object_relation": "flag",
"timestamp": "1662993780",
"to_ids": false,
"type": "text",
"uuid": "67231822-3f5f-45a4-8037-9b3f1b658610",
"value": "ALLOC"
},
{
"category": "Other",
"comment": "",
"deleted": false,
"disable_correlation": true,
"object_relation": "size-in-bytes",
"timestamp": "1662993780",
"to_ids": false,
"type": "size-in-bytes",
"uuid": "0254860a-2843-4920-b653-ebc0fec35d67",
"value": "176"
},
{
"category": "Other",
"comment": "",
"deleted": false,
"disable_correlation": true,
"object_relation": "entropy",
"timestamp": "1662993780",
"to_ids": false,
"type": "float",
"uuid": "72bfb3b0-615b-4379-9fcf-99395090bb98",
"value": "2.1238601874245"
},
{
"category": "Payload delivery",
"comment": "",
"deleted": false,
"disable_correlation": false,
"object_relation": "md5",
"timestamp": "1662993780",
"to_ids": true,
"type": "md5",
"uuid": "0745651b-cf15-4767-9e8d-39f94384d937",
"value": "b7b35447d3f8daa6731c975d79b1a11a"
},
{
"category": "Payload delivery",
"comment": "",
"deleted": false,
"disable_correlation": false,
"object_relation": "sha1",
"timestamp": "1662993780",
"to_ids": true,
"type": "sha1",
"uuid": "d01942fd-4b52-420e-b8f0-0a609c79a8a0",
"value": "3007ad0dbb498e2df6fc0e4ef524e3d893a5eaa7"
},
{
"category": "Payload delivery",
"comment": "",
"deleted": false,
"disable_correlation": false,
"object_relation": "sha256",
"timestamp": "1662993780",
"to_ids": true,
"type": "sha256",
"uuid": "14aba74f-8800-4f45-98ba-51b4e97d9523",
"value": "bc32a29052636682d9d34caf93fdc0f3dc779cc056e269cde5f6f171b6083f98"
},
{
"category": "Payload delivery",
"comment": "",
"deleted": false,
"disable_correlation": false,
"object_relation": "sha512",
"timestamp": "1662993780",
"to_ids": true,
"type": "sha512",
"uuid": "3a8314ae-6fc1-4d16-8bd8-f6277d7473d1",
"value": "d27e2c0964fbbad2186f6bfa1de408e27e3f28229a0096cf244279a1e0832f4eeba7ae63edba9f150dcf5b6319bb58e49f62cebfd63d8c6113c1a9944fb4ce97"
},
{
"category": "Payload delivery",
"comment": "",
"deleted": false,
"disable_correlation": false,
"object_relation": "ssdeep",
"timestamp": "1662993780",
"to_ids": true,
"type": "ssdeep",
"uuid": "fa1ecbdc-1488-497f-9b76-f76e3bc43561",
"value": "3:N0tzltSltu2/lq/mtX/l0tglVtrl/ol/lltBlllrx:a+Xdq/iX/CDXB"
}
]
},
{
"comment": "",
"deleted": false,
"description": "Object describing a section of an Executable and Linkable Format",
"meta-category": "file",
"name": "elf-section",
"template_uuid": "ca271f32-1234-4e87-b240-6b6e882de5de",
"template_version": "4",
"timestamp": "1662993780",
"uuid": "e7545497-50cc-4820-bf57-e33b3801fa54",
"Attribute": [
{
"category": "Other",
"comment": "",
"deleted": false,
"disable_correlation": true,
"object_relation": "name",
"timestamp": "1662993780",
"to_ids": false,
"type": "text",
"uuid": "d7e67c72-f962-492a-87d4-a5d973519721",
"value": ".gosymtab"
},
{
"category": "Other",
"comment": "",
"deleted": false,
"disable_correlation": true,
"object_relation": "type",
"timestamp": "1662993780",
"to_ids": false,
"type": "text",
"uuid": "f6cfb574-b70b-475a-a53a-03cca64e0429",
"value": "PROGBITS"
},
{
"category": "Other",
"comment": "",
"deleted": false,
"disable_correlation": true,
"object_relation": "flag",
"timestamp": "1662993780",
"to_ids": false,
"type": "text",
"uuid": "80681a9a-99aa-4c6e-82db-a042a502a8f0",
"value": "ALLOC"
},
{
"category": "Other",
"comment": "",
"deleted": false,
"disable_correlation": true,
"object_relation": "size-in-bytes",
"timestamp": "1662993780",
"to_ids": false,
"type": "size-in-bytes",
"uuid": "79450f4c-c645-4e0e-9c4f-e2bc1cb7a046",
"value": "0"
}
]
},
{
"comment": "",
"deleted": false,
"description": "Object describing a section of an Executable and Linkable Format",
"meta-category": "file",
"name": "elf-section",
"template_uuid": "ca271f32-1234-4e87-b240-6b6e882de5de",
"template_version": "4",
"timestamp": "1662993780",
"uuid": "4895ca7f-421c-4989-a3f9-b5b742ec3d41",
"Attribute": [
{
"category": "Other",
"comment": "",
"deleted": false,
"disable_correlation": true,
"object_relation": "name",
"timestamp": "1662993780",
"to_ids": false,
"type": "text",
"uuid": "ffe3b180-69ad-4e24-9618-8bbf1c5ddec4",
"value": ".gopclntab"
},
{
"category": "Other",
"comment": "",
"deleted": false,
"disable_correlation": true,
"object_relation": "type",
"timestamp": "1662993780",
"to_ids": false,
"type": "text",
"uuid": "7bc9b695-91b0-4b15-a569-1ee595aa04c4",
"value": "PROGBITS"
},
{
"category": "Other",
"comment": "",
"deleted": false,
"disable_correlation": true,
"object_relation": "flag",
"timestamp": "1662993780",
"to_ids": false,
"type": "text",
"uuid": "93914eb3-66d3-4763-98f9-dc2d85667ac4",
"value": "ALLOC"
},
{
"category": "Other",
"comment": "",
"deleted": false,
"disable_correlation": true,
"object_relation": "size-in-bytes",
"timestamp": "1662993780",
"to_ids": false,
"type": "size-in-bytes",
"uuid": "9e19c1c3-ef12-4139-b27c-48ada38d33bc",
"value": "451598"
},
{
"category": "Other",
"comment": "",
"deleted": false,
"disable_correlation": true,
"object_relation": "entropy",
"timestamp": "1662993780",
"to_ids": false,
"type": "float",
"uuid": "9d624582-812d-4fb7-9c3a-7a6ba8f226ae",
"value": "5.586821190756"
},
{
"category": "Payload delivery",
"comment": "",
"deleted": false,
"disable_correlation": false,
"object_relation": "md5",
"timestamp": "1662993780",
"to_ids": true,
"type": "md5",
"uuid": "de677d18-e2b2-44bd-8107-bb393d23e4f3",
"value": "f6b03c675ff8fb7ddd0d148aa83939da"
},
{
"category": "Payload delivery",
"comment": "",
"deleted": false,
"disable_correlation": false,
"object_relation": "sha1",
"timestamp": "1662993780",
"to_ids": true,
"type": "sha1",
"uuid": "40cef877-c03e-439c-a2a7-7885a5021151",
"value": "4e9028ad8e77fe8464dfd886e9c47d0e0e6784f3"
},
{
"category": "Payload delivery",
"comment": "",
"deleted": false,
"disable_correlation": false,
"object_relation": "sha256",
"timestamp": "1662993780",
"to_ids": true,
"type": "sha256",
"uuid": "b69d77ee-b63a-4cf9-9765-0c75bcf3a2d8",
"value": "9aca37f7c9c24d35c68720106ec1593a1593044d608445a09e73fe8637581ac9"
},
{
"category": "Payload delivery",
"comment": "",
"deleted": false,
"disable_correlation": false,
"object_relation": "sha512",
"timestamp": "1662993780",
"to_ids": true,
"type": "sha512",
"uuid": "bbe34a37-b795-42ec-bc29-0342dcacd701",
"value": "451218bacdf9b269caa25973906c25db6ccffeda0578c3369d62733a023f27d6ca862ef2fb3634ea53d81033fb53ef729520be726f24390426c26298543a6a4e"
},
{
"category": "Payload delivery",
"comment": "",
"deleted": false,
"disable_correlation": false,
"object_relation": "ssdeep",
"timestamp": "1662993780",
"to_ids": true,
"type": "ssdeep",
"uuid": "4e841531-b686-47e7-a190-43724070d2bc",
"value": "6144:W8ZpsRCLMOVovlH42WphZ636ABbu5rTAJtbcdvM7fDFcfeq0tRzmrihoJvo:Bhm0ZOhB6r0JtbdbFcfeq0tRzmRg"
}
]
},
{
"comment": "",
"deleted": false,
"description": "Object describing a section of an Executable and Linkable Format",
"meta-category": "file",
"name": "elf-section",
"template_uuid": "ca271f32-1234-4e87-b240-6b6e882de5de",
"template_version": "4",
"timestamp": "1662993780",
"uuid": "ab8360ad-eba5-4e63-9bb4-e3c4a277065b",
"Attribute": [
{
"category": "Other",
"comment": "",
"deleted": false,
"disable_correlation": true,
"object_relation": "name",
"timestamp": "1662993780",
"to_ids": false,
"type": "text",
"uuid": "5b21ff93-e35f-4965-9cbc-37a1c3ed6d33",
"value": ".go.buildinfo"
},
{
"category": "Other",
"comment": "",
"deleted": false,
"disable_correlation": true,
"object_relation": "type",
"timestamp": "1662993780",
"to_ids": false,
"type": "text",
"uuid": "c49f6637-5391-4f95-87cf-c71008413bd2",
"value": "PROGBITS"
},
{
"category": "Other",
"comment": "",
"deleted": false,
"disable_correlation": true,
"object_relation": "flag",
"timestamp": "1662993780",
"to_ids": false,
"type": "text",
"uuid": "c5eba209-d9e9-4363-a75e-728b319852e9",
"value": "WRITE"
},
{
"category": "Other",
"comment": "",
"deleted": false,
"disable_correlation": true,
"object_relation": "flag",
"timestamp": "1662993780",
"to_ids": false,
"type": "text",
"uuid": "99f10706-5282-4ae3-91cf-60bf43f8dfc9",
"value": "ALLOC"
},
{
"category": "Other",
"comment": "",
"deleted": false,
"disable_correlation": true,
"object_relation": "size-in-bytes",
"timestamp": "1662993780",
"to_ids": false,
"type": "size-in-bytes",
"uuid": "d59852a7-d910-4373-81b2-4ac0b880838a",
"value": "32"
},
{
"category": "Other",
"comment": "",
"deleted": false,
"disable_correlation": true,
"object_relation": "entropy",
"timestamp": "1662993780",
"to_ids": false,
"type": "float",
"uuid": "c20211d2-b33e-4cfd-b5e9-8fa9a948513b",
"value": "3.5372301466508"
},
{
"category": "Payload delivery",
"comment": "",
"deleted": false,
"disable_correlation": false,
"object_relation": "md5",
"timestamp": "1662993780",
"to_ids": true,
"type": "md5",
"uuid": "36df18ef-d86b-4c9b-8610-d94998f92818",
"value": "8d14486e21ab3ac6bccdd56c76c0dad6"
},
{
"category": "Payload delivery",
"comment": "",
"deleted": false,
"disable_correlation": false,
"object_relation": "sha1",
"timestamp": "1662993780",
"to_ids": true,
"type": "sha1",
"uuid": "f2b6a539-4c95-4365-ba7b-ec9d0027fcb8",
"value": "132606cbef891b396b8713d910ad2e07c9703aed"
},
{
"category": "Payload delivery",
"comment": "",
"deleted": false,
"disable_correlation": false,
"object_relation": "sha256",
"timestamp": "1662993780",
"to_ids": true,
"type": "sha256",
"uuid": "1f6e47c1-1428-42de-af76-4034927ed154",
"value": "e07ecb7bb7aa2f2f88ca4b8386b910784a87f7b3373ec7c53d3ac2a2373f12a6"
},
{
"category": "Payload delivery",
"comment": "",
"deleted": false,
"disable_correlation": false,
"object_relation": "sha512",
"timestamp": "1662993780",
"to_ids": true,
"type": "sha512",
"uuid": "8565655f-fcf2-4464-9643-100f0ddd68c5",
"value": "8ea074902ff4664cfb23942b089d132f6ae7e6b085f21e9be45862f892217ff1a3af931847aa04c64f8bee92d37a5fe9bc94ec30b1749ef91feb47828c5b1972"
},
{
"category": "Payload delivery",
"comment": "",
"deleted": false,
"disable_correlation": false,
"object_relation": "ssdeep",
"timestamp": "1662993780",
"to_ids": true,
"type": "ssdeep",
"uuid": "d407612b-6408-43d8-93d8-94fa26dfc0b9",
"value": "3:OTQMPKjHt/g/lln:O9Pael"
}
]
},
{
"comment": "",
"deleted": false,
"description": "Object describing a section of an Executable and Linkable Format",
"meta-category": "file",
"name": "elf-section",
"template_uuid": "ca271f32-1234-4e87-b240-6b6e882de5de",
"template_version": "4",
"timestamp": "1662993780",
"uuid": "f3c99379-9e7f-410f-a8bb-2c16f31ca224",
"Attribute": [
{
"category": "Other",
"comment": "",
"deleted": false,
"disable_correlation": true,
"object_relation": "name",
"timestamp": "1662993780",
"to_ids": false,
"type": "text",
"uuid": "741da76c-08df-41c4-9c45-fb9f9c04e5ea",
"value": ".noptrdata"
},
{
"category": "Other",
"comment": "",
"deleted": false,
"disable_correlation": true,
"object_relation": "type",
"timestamp": "1662993780",
"to_ids": false,
"type": "text",
"uuid": "bbbc2028-c77b-4f00-9be7-5a1ecd157b2b",
"value": "PROGBITS"
},
{
"category": "Other",
"comment": "",
"deleted": false,
"disable_correlation": true,
"object_relation": "flag",
"timestamp": "1662993780",
"to_ids": false,
"type": "text",
"uuid": "ee446ad6-b480-4ff8-87b7-d18a44d5a81a",
"value": "WRITE"
},
{
"category": "Other",
"comment": "",
"deleted": false,
"disable_correlation": true,
"object_relation": "flag",
"timestamp": "1662993780",
"to_ids": false,
"type": "text",
"uuid": "8a6a76c5-a903-40c1-8e44-75d63fd5a0cb",
"value": "ALLOC"
},
{
"category": "Other",
"comment": "",
"deleted": false,
"disable_correlation": true,
"object_relation": "size-in-bytes",
"timestamp": "1662993780",
"to_ids": false,
"type": "size-in-bytes",
"uuid": "80ce796b-2958-4822-a957-38e5b5052b53",
"value": "65540"
},
{
"category": "Other",
"comment": "",
"deleted": false,
"disable_correlation": true,
"object_relation": "entropy",
"timestamp": "1662993780",
"to_ids": false,
"type": "float",
"uuid": "62126851-c8d1-46d3-bd7c-5834b6a23d8b",
"value": "4.7625341467804"
},
{
"category": "Payload delivery",
"comment": "",
"deleted": false,
"disable_correlation": false,
"object_relation": "md5",
"timestamp": "1662993780",
"to_ids": true,
"type": "md5",
"uuid": "30ceca4f-83a1-4839-9394-07931b48a24e",
"value": "f8f3a8535bbd53eb067b6c04018a60e4"
},
{
"category": "Payload delivery",
"comment": "",
"deleted": false,
"disable_correlation": false,
"object_relation": "sha1",
"timestamp": "1662993780",
"to_ids": true,
"type": "sha1",
"uuid": "bdee6051-016e-451c-b6c5-8b39714acb19",
"value": "4e0d594120fc872f819b2ea915e5a9ac67d64dde"
},
{
"category": "Payload delivery",
"comment": "",
"deleted": false,
"disable_correlation": false,
"object_relation": "sha256",
"timestamp": "1662993780",
"to_ids": true,
"type": "sha256",
"uuid": "72564c3c-5280-4e72-82e1-830d78c40f52",
"value": "f477aa90f203c4bee34353c5bdac95d54299d3f242bebad87fa8e753618cf4e1"
},
{
"category": "Payload delivery",
"comment": "",
"deleted": false,
"disable_correlation": false,
"object_relation": "sha512",
"timestamp": "1662993780",
"to_ids": true,
"type": "sha512",
"uuid": "b0042436-4126-4df9-8910-349f7d58713b",
"value": "194de170ed39ad9f0d229234b65b6295b95c6cd05cb7847f7ed9b40b3efcd5e86c158459e844fbe9bdb26e78aa33b310f334182c9c637c84cd8dbd06217d5482"
},
{
"category": "Payload delivery",
"comment": "",
"deleted": false,
"disable_correlation": false,
"object_relation": "ssdeep",
"timestamp": "1662993780",
"to_ids": true,
"type": "ssdeep",
"uuid": "4902d58e-f179-4e31-a73c-d932ca6e763b",
"value": "1536:oXEGnGbKqlt/CX9m13V5H1PLjrp5Eqn6CoRw7f/hZJH9Ijt/W:U4ZEX9m13V91P/rpiw7H7tGt/W"
}
]
},
{
"comment": "",
"deleted": false,
"description": "Object describing a section of an Executable and Linkable Format",
"meta-category": "file",
"name": "elf-section",
"template_uuid": "ca271f32-1234-4e87-b240-6b6e882de5de",
"template_version": "4",
"timestamp": "1662993780",
"uuid": "4d143e2d-2ae6-4075-929c-55b703a3dc8b",
"Attribute": [
{
"category": "Other",
"comment": "",
"deleted": false,
"disable_correlation": true,
"object_relation": "name",
"timestamp": "1662993780",
"to_ids": false,
"type": "text",
"uuid": "5c3eb1b9-89e1-4a08-9ab7-1d017f8a8a57",
"value": ".data"
},
{
"category": "Other",
"comment": "",
"deleted": false,
"disable_correlation": true,
"object_relation": "type",
"timestamp": "1662993780",
"to_ids": false,
"type": "text",
"uuid": "340a2d0b-9ae2-4452-b4be-688e03c0eeb5",
"value": "PROGBITS"
},
{
"category": "Other",
"comment": "",
"deleted": false,
"disable_correlation": true,
"object_relation": "flag",
"timestamp": "1662993780",
"to_ids": false,
"type": "text",
"uuid": "80593d44-1548-4e7e-a2f0-f9a292efcdbc",
"value": "WRITE"
},
{
"category": "Other",
"comment": "",
"deleted": false,
"disable_correlation": true,
"object_relation": "flag",
"timestamp": "1662993780",
"to_ids": false,
"type": "text",
"uuid": "673d5b9d-32e1-4b9c-b8bb-0299eb43bf14",
"value": "ALLOC"
},
{
"category": "Other",
"comment": "",
"deleted": false,
"disable_correlation": true,
"object_relation": "size-in-bytes",
"timestamp": "1662993780",
"to_ids": false,
"type": "size-in-bytes",
"uuid": "59723a26-c063-49fb-a8da-df40b1643b7b",
"value": "30896"
},
{
"category": "Other",
"comment": "",
"deleted": false,
"disable_correlation": true,
"object_relation": "entropy",
"timestamp": "1662993780",
"to_ids": false,
"type": "float",
"uuid": "64788849-afda-4f7e-bb95-8009cba11664",
"value": "1.5750713144548"
},
{
"category": "Payload delivery",
"comment": "",
"deleted": false,
"disable_correlation": false,
"object_relation": "md5",
"timestamp": "1662993780",
"to_ids": true,
"type": "md5",
"uuid": "0179cf04-6bfa-483d-8f6d-8c22301e6bfb",
"value": "fbd527d58844d859572fa7a41d4bd338"
},
{
"category": "Payload delivery",
"comment": "",
"deleted": false,
"disable_correlation": false,
"object_relation": "sha1",
"timestamp": "1662993780",
"to_ids": true,
"type": "sha1",
"uuid": "a23f225b-731a-4591-b6a4-59e11b0fde59",
"value": "440a4b5a3e88c62ef40227b5b610810ee7cc49aa"
},
{
"category": "Payload delivery",
"comment": "",
"deleted": false,
"disable_correlation": false,
"object_relation": "sha256",
"timestamp": "1662993780",
"to_ids": true,
"type": "sha256",
"uuid": "31e53faf-ab14-43f2-821e-f955b7a89f66",
"value": "9ca124dfc3069fa123fb6b1273cff761f0bc4cdfcece3ac69e1d24e04ef9e469"
},
{
"category": "Payload delivery",
"comment": "",
"deleted": false,
"disable_correlation": false,
"object_relation": "sha512",
"timestamp": "1662993780",
"to_ids": true,
"type": "sha512",
"uuid": "235d9318-62dc-4fd3-a497-e7aee9a78e9a",
"value": "26675735fee978602b61280e8e1dce2143af86cbd9c3b6f7b3874e5641f554ef2f082b4e8d050ffe6f7914f475a55babb58db63d2c0450ef7cf7ea8f41ae1635"
},
{
"category": "Payload delivery",
"comment": "",
"deleted": false,
"disable_correlation": false,
"object_relation": "ssdeep",
"timestamp": "1662993780",
"to_ids": true,
"type": "ssdeep",
"uuid": "867ba0e9-b58a-48f4-a343-35c386899b6e",
"value": "384:j4ZxrJYF9OLjwg+pqYcnefLWgZPQjDnLu7rff:j4ZxrWF9eSpqYcnefLWgpQjDnLufX"
}
]
},
{
"comment": "",
"deleted": false,
"description": "Object describing a section of an Executable and Linkable Format",
"meta-category": "file",
"name": "elf-section",
"template_uuid": "ca271f32-1234-4e87-b240-6b6e882de5de",
"template_version": "4",
"timestamp": "1662993780",
"uuid": "fe14160c-ea48-40c3-863e-1c4642119e30",
"Attribute": [
{
"category": "Other",
"comment": "",
"deleted": false,
"disable_correlation": true,
"object_relation": "name",
"timestamp": "1662993780",
"to_ids": false,
"type": "text",
"uuid": "e551ee62-f260-475a-aa51-a0136a43c510",
"value": ".bss"
},
{
"category": "Other",
"comment": "",
"deleted": false,
"disable_correlation": true,
"object_relation": "type",
"timestamp": "1662993780",
"to_ids": false,
"type": "text",
"uuid": "e2bc138a-0933-4146-9555-2f370f0ddba4",
"value": "NOBITS"
},
{
"category": "Other",
"comment": "",
"deleted": false,
"disable_correlation": true,
"object_relation": "flag",
"timestamp": "1662993780",
"to_ids": false,
"type": "text",
"uuid": "a4b271a2-0307-4e03-82c7-bb5e7406869a",
"value": "WRITE"
},
{
"category": "Other",
"comment": "",
"deleted": false,
"disable_correlation": true,
"object_relation": "flag",
"timestamp": "1662993780",
"to_ids": false,
"type": "text",
"uuid": "a5be8953-0242-4b91-a12e-5a8dd0d7bc4b",
"value": "ALLOC"
},
{
"category": "Other",
"comment": "",
"deleted": false,
"disable_correlation": true,
"object_relation": "size-in-bytes",
"timestamp": "1662993780",
"to_ids": false,
"type": "size-in-bytes",
"uuid": "066197f2-635f-4940-9e54-c2b3947fd4b7",
"value": "196976"
},
{
"category": "Other",
"comment": "",
"deleted": false,
"disable_correlation": true,
"object_relation": "entropy",
"timestamp": "1662993780",
"to_ids": false,
"type": "float",
"uuid": "478bd1e4-0a45-4032-83a4-e0985f529ce8",
"value": "7.9862676075939"
},
{
"category": "Payload delivery",
"comment": "",
"deleted": false,
"disable_correlation": false,
"object_relation": "md5",
"timestamp": "1662993780",
"to_ids": true,
"type": "md5",
"uuid": "3a3771c6-75fe-445a-aefe-afc40a511611",
"value": "1e72b60b188fd71da4f2c8e0f18bf670"
},
{
"category": "Payload delivery",
"comment": "",
"deleted": false,
"disable_correlation": false,
"object_relation": "sha1",
"timestamp": "1662993780",
"to_ids": true,
"type": "sha1",
"uuid": "9cdf4643-26b0-492a-a6e7-4e525ca3bc44",
"value": "396743fa398491f41a56d6683b61cb8867a1e90e"
},
{
"category": "Payload delivery",
"comment": "",
"deleted": false,
"disable_correlation": false,
"object_relation": "sha256",
"timestamp": "1662993780",
"to_ids": true,
"type": "sha256",
"uuid": "60892eb9-a2f2-45b2-bc84-a44c5f0046eb",
"value": "e56f0370029b1b59af855e25a7dcc83b878c1f8f00cfae9bbf3e5001c5baf84f"
},
{
"category": "Payload delivery",
"comment": "",
"deleted": false,
"disable_correlation": false,
"object_relation": "sha512",
"timestamp": "1662993780",
"to_ids": true,
"type": "sha512",
"uuid": "0718a3a8-7f5a-439e-b174-0a4d7a06ad4d",
"value": "ad16d4adec4a984dfffc478292b2abd3764a86de4ec0faeccd35b3761a4329555be64fdefbe8dce857b029579a6fcb467a2b17aa1c61163e6ccbc4d59cf547f0"
},
{
"category": "Payload delivery",
"comment": "",
"deleted": false,
"disable_correlation": false,
"object_relation": "ssdeep",
"timestamp": "1662993781",
"to_ids": true,
"type": "ssdeep",
"uuid": "836bee43-be6f-4fb5-a6e8-a71c824b3b2a",
"value": "3072:/ehLRAstrqN3WjKPnmf/kbWXNQ6304o55jgC8d6Wcr0hIHJ2Y4Mf/V/FcR:o18DM/kby04g5MrGIhIHIY4uV/FI"
}
]
},
{
"comment": "",
"deleted": false,
"description": "Object describing a section of an Executable and Linkable Format",
"meta-category": "file",
"name": "elf-section",
"template_uuid": "ca271f32-1234-4e87-b240-6b6e882de5de",
"template_version": "4",
"timestamp": "1662993781",
"uuid": "643684a3-9c11-49b4-b15c-1cd11e5eee7d",
"Attribute": [
{
"category": "Other",
"comment": "",
"deleted": false,
"disable_correlation": true,
"object_relation": "name",
"timestamp": "1662993781",
"to_ids": false,
"type": "text",
"uuid": "f3df4751-2b47-4177-9b03-20361944e025",
"value": ".noptrbss"
},
{
"category": "Other",
"comment": "",
"deleted": false,
"disable_correlation": true,
"object_relation": "type",
"timestamp": "1662993781",
"to_ids": false,
"type": "text",
"uuid": "a64d0981-9d28-4b45-beac-902a154417af",
"value": "NOBITS"
},
{
"category": "Other",
"comment": "",
"deleted": false,
"disable_correlation": true,
"object_relation": "flag",
"timestamp": "1662993781",
"to_ids": false,
"type": "text",
"uuid": "5d11a589-55af-4bee-94bd-d765199618cc",
"value": "WRITE"
},
{
"category": "Other",
"comment": "",
"deleted": false,
"disable_correlation": true,
"object_relation": "flag",
"timestamp": "1662993781",
"to_ids": false,
"type": "text",
"uuid": "9b01fd68-9d37-49ec-a136-8b7f04496691",
"value": "ALLOC"
},
{
"category": "Other",
"comment": "",
"deleted": false,
"disable_correlation": true,
"object_relation": "size-in-bytes",
"timestamp": "1662993781",
"to_ids": false,
"type": "size-in-bytes",
"uuid": "8a4efe61-0e6e-47d7-8796-7127c2c7ddda",
"value": "10408"
},
{
"category": "Other",
"comment": "",
"deleted": false,
"disable_correlation": true,
"object_relation": "entropy",
"timestamp": "1662993781",
"to_ids": false,
"type": "float",
"uuid": "9a98314d-c392-43fe-a3b5-209a5e71b432",
"value": "7.9675310815552"
},
{
"category": "Payload delivery",
"comment": "",
"deleted": false,
"disable_correlation": false,
"object_relation": "md5",
"timestamp": "1662993781",
"to_ids": true,
"type": "md5",
"uuid": "6e95ab58-da0a-4a8c-a74d-8f06c75754b3",
"value": "d2d82e03c5186a65ae3bb43c8ae8a619"
},
{
"category": "Payload delivery",
"comment": "",
"deleted": false,
"disable_correlation": false,
"object_relation": "sha1",
"timestamp": "1662993781",
"to_ids": true,
"type": "sha1",
"uuid": "b72826d1-5615-4a0d-a353-4c08071af438",
"value": "82c2847d560d10351ab086374874d6a36f87af35"
},
{
"category": "Payload delivery",
"comment": "",
"deleted": false,
"disable_correlation": false,
"object_relation": "sha256",
"timestamp": "1662993781",
"to_ids": true,
"type": "sha256",
"uuid": "dbf96e6c-d9fa-4a02-beda-e0600f354550",
"value": "175da7b745af7a21325ac03e60e365540927c22e31395799115fc2c4b94c8c00"
},
{
"category": "Payload delivery",
"comment": "",
"deleted": false,
"disable_correlation": false,
"object_relation": "sha512",
"timestamp": "1662993781",
"to_ids": true,
"type": "sha512",
"uuid": "2c87745d-2e25-468d-9c5c-e9ae1a6adab6",
"value": "bdcbe75628e035f8fae841d276d376b73425db71b7d0dfcad30bfc76fd7ecc88684acc8d8f987d74a792ed92eb1896e09501edd61c503ebb177b9f2837d28478"
},
{
"category": "Payload delivery",
"comment": "",
"deleted": false,
"disable_correlation": false,
"object_relation": "ssdeep",
"timestamp": "1662993781",
"to_ids": true,
"type": "ssdeep",
"uuid": "f5e05f36-1b10-4cb6-b083-62e32fab8c82",
"value": "192:BfXW/ZyG4omocJSLOEHJ2/rJU/66exuUrizcV8ie9+4nztrBOcX02MtjfJVd:BfW/ZKog0LOEHJMA6vxpb279+MztrUcG"
}
]
},
{
"comment": "",
"deleted": false,
"description": "Object describing a section of an Executable and Linkable Format",
"meta-category": "file",
"name": "elf-section",
"template_uuid": "ca271f32-1234-4e87-b240-6b6e882de5de",
"template_version": "4",
"timestamp": "1662993781",
"uuid": "8392d8e8-a37f-43d4-a253-1866673d3a98",
"Attribute": [
{
"category": "Other",
"comment": "",
"deleted": false,
"disable_correlation": true,
"object_relation": "name",
"timestamp": "1662993781",
"to_ids": false,
"type": "text",
"uuid": "b813de63-fd47-4af5-98bb-3f1fd5e7a646",
"value": ".zdebug_abbrev"
},
{
"category": "Other",
"comment": "",
"deleted": false,
"disable_correlation": true,
"object_relation": "type",
"timestamp": "1662993781",
"to_ids": false,
"type": "text",
"uuid": "ea50a06a-df83-4e57-9f71-58a15100b65e",
"value": "PROGBITS"
},
{
"category": "Other",
"comment": "",
"deleted": false,
"disable_correlation": true,
"object_relation": "size-in-bytes",
"timestamp": "1662993781",
"to_ids": false,
"type": "size-in-bytes",
"uuid": "ef48fe8e-6bcb-4247-9cd3-cfd856b7daf9",
"value": "281"
},
{
"category": "Other",
"comment": "",
"deleted": false,
"disable_correlation": true,
"object_relation": "entropy",
"timestamp": "1662993781",
"to_ids": false,
"type": "float",
"uuid": "b162e161-1c7d-49f4-9ed9-e9ceedc2f815",
"value": "7.1866788789677"
},
{
"category": "Payload delivery",
"comment": "",
"deleted": false,
"disable_correlation": false,
"object_relation": "md5",
"timestamp": "1662993781",
"to_ids": true,
"type": "md5",
"uuid": "97848376-44cb-46c5-a888-2d0997b268a0",
"value": "9bd3b96305b751c86ebbdfd452641496"
},
{
"category": "Payload delivery",
"comment": "",
"deleted": false,
"disable_correlation": false,
"object_relation": "sha1",
"timestamp": "1662993781",
"to_ids": true,
"type": "sha1",
"uuid": "088cdcc3-35a0-4db1-b21d-3a24b7a54095",
"value": "9d0cc3318632be6538a5e131a9752fe1b79adf88"
},
{
"category": "Payload delivery",
"comment": "",
"deleted": false,
"disable_correlation": false,
"object_relation": "sha256",
"timestamp": "1662993781",
"to_ids": true,
"type": "sha256",
"uuid": "ccbd2601-34d9-423a-92a6-aa4738293f02",
"value": "ef6e207963a71a4838872d87242b38e9e33ec0b9ea1167ca52a9df5ddec74a10"
},
{
"category": "Payload delivery",
"comment": "",
"deleted": false,
"disable_correlation": false,
"object_relation": "sha512",
"timestamp": "1662993781",
"to_ids": true,
"type": "sha512",
"uuid": "dab5f265-20f7-4d8c-a33e-fe4d94b40a0c",
"value": "81a48bf4d20ef62436b54c11f320b0e72de55f5fb9e7937ffcd801300439f9b970b8ce743b3ee3abb80935bf2465e3be7831b13e08b90aecb74912d19fa41be2"
},
{
"category": "Payload delivery",
"comment": "",
"deleted": false,
"disable_correlation": false,
"object_relation": "ssdeep",
"timestamp": "1662993781",
"to_ids": true,
"type": "ssdeep",
"uuid": "40c56562-1f97-4d5d-93e0-94c17404cc42",
"value": "6:6nSY0ju3f0Y8SEkW4zVxNjTN6YjQ+5XYaB/96MrzTt+N2Wl79:MKu3f0YDE5MfN6YbX3SMr/tuB"
}
]
},
{
"comment": "",
"deleted": false,
"description": "Object describing a section of an Executable and Linkable Format",
"meta-category": "file",
"name": "elf-section",
"template_uuid": "ca271f32-1234-4e87-b240-6b6e882de5de",
"template_version": "4",
"timestamp": "1662993781",
"uuid": "fc3db4a6-26cd-4f2a-a94b-12c4f3ac31e6",
"Attribute": [
{
"category": "Other",
"comment": "",
"deleted": false,
"disable_correlation": true,
"object_relation": "name",
"timestamp": "1662993781",
"to_ids": false,
"type": "text",
"uuid": "0c6458b6-3d81-495c-8fe8-28bd37011a41",
"value": ".zdebug_line"
},
{
"category": "Other",
"comment": "",
"deleted": false,
"disable_correlation": true,
"object_relation": "type",
"timestamp": "1662993781",
"to_ids": false,
"type": "text",
"uuid": "2c26d4f2-f0e1-4e52-bf46-0d52e86d596c",
"value": "PROGBITS"
},
{
"category": "Other",
"comment": "",
"deleted": false,
"disable_correlation": true,
"object_relation": "size-in-bytes",
"timestamp": "1662993781",
"to_ids": false,
"type": "size-in-bytes",
"uuid": "523705d4-4c49-4405-85f8-0f96b393e859",
"value": "138758"
},
{
"category": "Other",
"comment": "",
"deleted": false,
"disable_correlation": true,
"object_relation": "entropy",
"timestamp": "1662993781",
"to_ids": false,
"type": "float",
"uuid": "1baae12a-9b5b-477a-837a-9b4948865684",
"value": "7.993945143022"
},
{
"category": "Payload delivery",
"comment": "",
"deleted": false,
"disable_correlation": false,
"object_relation": "md5",
"timestamp": "1662993781",
"to_ids": true,
"type": "md5",
"uuid": "a915fa17-fd80-4677-8aee-7ffed0c1958c",
"value": "5b84c78f55959930d6311791dff2fbc5"
},
{
"category": "Payload delivery",
"comment": "",
"deleted": false,
"disable_correlation": false,
"object_relation": "sha1",
"timestamp": "1662993781",
"to_ids": true,
"type": "sha1",
"uuid": "787e9a93-a593-4312-994d-15bc8bb7ff50",
"value": "fc8de210c4fa50d5004cf73027c64957ad336fb2"
},
{
"category": "Payload delivery",
"comment": "",
"deleted": false,
"disable_correlation": false,
"object_relation": "sha256",
"timestamp": "1662993781",
"to_ids": true,
"type": "sha256",
"uuid": "a6299ea9-637a-42ec-b379-24cfb6929603",
"value": "128ab148dc617ab6763aec9648ab60543351fcf5a96ab52572e07983f2409bef"
},
{
"category": "Payload delivery",
"comment": "",
"deleted": false,
"disable_correlation": false,
"object_relation": "sha512",
"timestamp": "1662993781",
"to_ids": true,
"type": "sha512",
"uuid": "1abe9dec-ba31-466f-a357-084bf466707c",
"value": "fec3211ad10f035c6e49e21bc0226615afd4ee22e71921971aed135c9c7bfeb9afc080901ac76779c6e33920c176b2cb4fe101dd6413485ff6dc7b8e559e9338"
},
{
"category": "Payload delivery",
"comment": "",
"deleted": false,
"disable_correlation": false,
"object_relation": "ssdeep",
"timestamp": "1662993781",
"to_ids": true,
"type": "ssdeep",
"uuid": "39951132-a3a2-4615-95f8-157399e350ef",
"value": "3072:ZehLRAstrqN3WjKPnmf/kbWXNQ6304o55jgC8d6Wcr0g:e18DM/kby04g5MrGIg"
}
]
},
{
"comment": "",
"deleted": false,
"description": "Object describing a section of an Executable and Linkable Format",
"meta-category": "file",
"name": "elf-section",
"template_uuid": "ca271f32-1234-4e87-b240-6b6e882de5de",
"template_version": "4",
"timestamp": "1662993781",
"uuid": "d60e3399-e0df-4a6c-b190-20a8cc37235a",
"Attribute": [
{
"category": "Other",
"comment": "",
"deleted": false,
"disable_correlation": true,
"object_relation": "name",
"timestamp": "1662993781",
"to_ids": false,
"type": "text",
"uuid": "b4ade713-6889-4bf4-9450-689c76559dbc",
"value": ".zdebug_frame"
},
{
"category": "Other",
"comment": "",
"deleted": false,
"disable_correlation": true,
"object_relation": "type",
"timestamp": "1662993781",
"to_ids": false,
"type": "text",
"uuid": "20e51d84-d6f1-46fa-8c5f-9185ced14912",
"value": "PROGBITS"
},
{
"category": "Other",
"comment": "",
"deleted": false,
"disable_correlation": true,
"object_relation": "size-in-bytes",
"timestamp": "1662993781",
"to_ids": false,
"type": "size-in-bytes",
"uuid": "75370675-bf42-4a44-ac66-d537b053a382",
"value": "29382"
},
{
"category": "Other",
"comment": "",
"deleted": false,
"disable_correlation": true,
"object_relation": "entropy",
"timestamp": "1662993781",
"to_ids": false,
"type": "float",
"uuid": "595d1be7-d2fc-44ab-8f81-5cbb25fcaf7b",
"value": "7.9262900082231"
},
{
"category": "Payload delivery",
"comment": "",
"deleted": false,
"disable_correlation": false,
"object_relation": "md5",
"timestamp": "1662993781",
"to_ids": true,
"type": "md5",
"uuid": "eae061d8-cbc9-4f58-a06e-0dbd6f0c0c8a",
"value": "46baf89350e8824ff8808fe6ad1d66db"
},
{
"category": "Payload delivery",
"comment": "",
"deleted": false,
"disable_correlation": false,
"object_relation": "sha1",
"timestamp": "1662993781",
"to_ids": true,
"type": "sha1",
"uuid": "a9e56ac6-e9c0-462d-a9a3-0d5b6f9d45af",
"value": "b12d17d7b2d0cfc0ea9bcff6db2550024635baaf"
},
{
"category": "Payload delivery",
"comment": "",
"deleted": false,
"disable_correlation": false,
"object_relation": "sha256",
"timestamp": "1662993781",
"to_ids": true,
"type": "sha256",
"uuid": "92c83c66-5004-4350-9c98-05bcce5691b3",
"value": "64897c2fc34df76c5616d9cd2abada9caba522d7b148d79ae4a23ffdeede50b0"
},
{
"category": "Payload delivery",
"comment": "",
"deleted": false,
"disable_correlation": false,
"object_relation": "sha512",
"timestamp": "1662993781",
"to_ids": true,
"type": "sha512",
"uuid": "b874c212-734b-485e-b68f-04c71d46c6fc",
"value": "f68477cd2478b145d931af4ac15e0bea7dff2c1e4a4e6314a9f9e364ed206fbc7bea4720e477fa5bb2a61b30be8460370b51d8cc6de9354e762ddad812b525c8"
},
{
"category": "Payload delivery",
"comment": "",
"deleted": false,
"disable_correlation": false,
"object_relation": "ssdeep",
"timestamp": "1662993781",
"to_ids": true,
"type": "ssdeep",
"uuid": "5280f828-fb6b-43d7-bcd3-763f8c5b12db",
"value": "768:l8RSKc64X/k1eu/4DGj+s2eMvgsSgsqLbSGhGlCQ:l8wRPFuADZbeMnRietQ"
}
]
},
{
"comment": "",
"deleted": false,
"description": "Object describing a section of an Executable and Linkable Format",
"meta-category": "file",
"name": "elf-section",
"template_uuid": "ca271f32-1234-4e87-b240-6b6e882de5de",
"template_version": "4",
"timestamp": "1662993781",
"uuid": "4e17149a-e3e6-4747-999c-d3271f4e9647",
"Attribute": [
{
"category": "Other",
"comment": "",
"deleted": false,
"disable_correlation": true,
"object_relation": "name",
"timestamp": "1662993781",
"to_ids": false,
"type": "text",
"uuid": "e11c3712-20f1-4f6f-b4ff-bb56f3f8eef3",
"value": ".zdebug_pubnames"
},
{
"category": "Other",
"comment": "",
"deleted": false,
"disable_correlation": true,
"object_relation": "type",
"timestamp": "1662993781",
"to_ids": false,
"type": "text",
"uuid": "f6077bd0-09de-445a-9f03-ccd29fb91f9e",
"value": "PROGBITS"
},
{
"category": "Other",
"comment": "",
"deleted": false,
"disable_correlation": true,
"object_relation": "size-in-bytes",
"timestamp": "1662993781",
"to_ids": false,
"type": "size-in-bytes",
"uuid": "8b4a354a-c45b-4c99-a296-8729a38dcd13",
"value": "5740"
},
{
"category": "Other",
"comment": "",
"deleted": false,
"disable_correlation": true,
"object_relation": "entropy",
"timestamp": "1662993781",
"to_ids": false,
"type": "float",
"uuid": "5c8a875f-b27c-48d6-8153-a2adefb950a6",
"value": "7.9492071306249"
},
{
"category": "Payload delivery",
"comment": "",
"deleted": false,
"disable_correlation": false,
"object_relation": "md5",
"timestamp": "1662993781",
"to_ids": true,
"type": "md5",
"uuid": "1235155e-97c3-40a4-bbcc-e6d4c9f22d7e",
"value": "5786b800030bc4b3e353ebfe6c6a3188"
},
{
"category": "Payload delivery",
"comment": "",
"deleted": false,
"disable_correlation": false,
"object_relation": "sha1",
"timestamp": "1662993781",
"to_ids": true,
"type": "sha1",
"uuid": "279643e1-d949-4e3a-b801-5d5a8967d5b5",
"value": "3d269ce6e919fe167797cd441dba2fa295a0a034"
},
{
"category": "Payload delivery",
"comment": "",
"deleted": false,
"disable_correlation": false,
"object_relation": "sha256",
"timestamp": "1662993781",
"to_ids": true,
"type": "sha256",
"uuid": "6b17cf98-0ff2-4607-9454-eeb61e07df03",
"value": "c4aba8e4af19573fdc585b1fd738ff0fe6fd1d2010f73f803d1eb6e6026f89f2"
},
{
"category": "Payload delivery",
"comment": "",
"deleted": false,
"disable_correlation": false,
"object_relation": "sha512",
"timestamp": "1662993781",
"to_ids": true,
"type": "sha512",
"uuid": "22cbd0e4-e4c4-4154-b443-0076daf94f8f",
"value": "26acee83d8ced09cc12b066e689d41403a4c51814a2053ddb92dbbcbbecbbe8df061194fd5533541af42808e2318460d3cb918ba2d643cdbdadf1c022c4d2d98"
},
{
"category": "Payload delivery",
"comment": "",
"deleted": false,
"disable_correlation": false,
"object_relation": "ssdeep",
"timestamp": "1662993781",
"to_ids": true,
"type": "ssdeep",
"uuid": "b092df54-fdf2-48d3-bebd-8925cbff0584",
"value": "96:5HWybGdC4n5IoY7Dl8Vounx+B6BnDpQF00HYhVzOi07BIEL32NRKHSROd5JR:VvbGdC45s7phunMBxFaid7dCjKyIvJR"
}
]
},
{
"comment": "",
"deleted": false,
"description": "Object describing a section of an Executable and Linkable Format",
"meta-category": "file",
"name": "elf-section",
"template_uuid": "ca271f32-1234-4e87-b240-6b6e882de5de",
"template_version": "4",
"timestamp": "1662993781",
"uuid": "77ab2c67-d278-498e-8072-8478dcf8ce7d",
"Attribute": [
{
"category": "Other",
"comment": "",
"deleted": false,
"disable_correlation": true,
"object_relation": "name",
"timestamp": "1662993781",
"to_ids": false,
"type": "text",
"uuid": "3ff0ce33-1d19-4c04-97a7-d3246f4c47e7",
"value": ".zdebug_pubtypes"
},
{
"category": "Other",
"comment": "",
"deleted": false,
"disable_correlation": true,
"object_relation": "type",
"timestamp": "1662993781",
"to_ids": false,
"type": "text",
"uuid": "77a53d13-36a0-4998-a244-effba78740a6",
"value": "PROGBITS"
},
{
"category": "Other",
"comment": "",
"deleted": false,
"disable_correlation": true,
"object_relation": "size-in-bytes",
"timestamp": "1662993781",
"to_ids": false,
"type": "size-in-bytes",
"uuid": "8e856a26-ce5c-4bf1-9d30-98d06b7847a9",
"value": "15210"
},
{
"category": "Other",
"comment": "",
"deleted": false,
"disable_correlation": true,
"object_relation": "entropy",
"timestamp": "1662993781",
"to_ids": false,
"type": "float",
"uuid": "bd66c99b-49f2-46e0-b3b9-14582b339a7d",
"value": "7.9803422878338"
},
{
"category": "Payload delivery",
"comment": "",
"deleted": false,
"disable_correlation": false,
"object_relation": "md5",
"timestamp": "1662993781",
"to_ids": true,
"type": "md5",
"uuid": "16855e6a-a5bc-4765-afd5-76abc6f5bee9",
"value": "95bc5ec366a932b841b5bdb1f4be02cc"
},
{
"category": "Payload delivery",
"comment": "",
"deleted": false,
"disable_correlation": false,
"object_relation": "sha1",
"timestamp": "1662993781",
"to_ids": true,
"type": "sha1",
"uuid": "f9b92551-486b-4637-8cf3-b94145eb529f",
"value": "75474c2bc59fd3c49198d5c1912899abaf076fc9"
},
{
"category": "Payload delivery",
"comment": "",
"deleted": false,
"disable_correlation": false,
"object_relation": "sha256",
"timestamp": "1662993781",
"to_ids": true,
"type": "sha256",
"uuid": "79c31f1c-eab5-4f0a-a963-758cb7d953b6",
"value": "f046ec59c5bf52e31319ae312cdf9af96d687880c451517ce016a67c24fbc2d3"
},
{
"category": "Payload delivery",
"comment": "",
"deleted": false,
"disable_correlation": false,
"object_relation": "sha512",
"timestamp": "1662993781",
"to_ids": true,
"type": "sha512",
"uuid": "6babd50a-2895-4784-8249-a8dfb77bb2fd",
"value": "c7db07838e4c53d89b1dd374c7a5c4f95d795499502b9020f38f966821bb4a3901bdbbc7df60d2d86541f6e14e138de27e4dd5c92dba9bd30e6d0b277972720f"
},
{
"category": "Payload delivery",
"comment": "",
"deleted": false,
"disable_correlation": false,
"object_relation": "ssdeep",
"timestamp": "1662993781",
"to_ids": true,
"type": "ssdeep",
"uuid": "1564f30a-2afa-4441-bd06-d60e35342131",
"value": "384:sCN2IDg+xER999XWuRWa1S9EXakZKDKjTOKVy5iSmMovzNbwbtDAC5iCCUg:NNzg3Wa1mEqksQTO8SYNbwbtMC5PCN"
}
]
},
{
"comment": "",
"deleted": false,
"description": "Object describing a section of an Executable and Linkable Format",
"meta-category": "file",
"name": "elf-section",
"template_uuid": "ca271f32-1234-4e87-b240-6b6e882de5de",
"template_version": "4",
"timestamp": "1662993781",
"uuid": "4e112835-f8f5-4e54-980d-cea083e23eaf",
"Attribute": [
{
"category": "Other",
"comment": "",
"deleted": false,
"disable_correlation": true,
"object_relation": "name",
"timestamp": "1662993781",
"to_ids": false,
"type": "text",
"uuid": "9992fed5-e6d0-4e68-af40-56732f037a29",
"value": ".debug_gdb_scripts"
},
{
"category": "Other",
"comment": "",
"deleted": false,
"disable_correlation": true,
"object_relation": "type",
"timestamp": "1662993781",
"to_ids": false,
"type": "text",
"uuid": "09772108-1a7e-441d-ae8b-32fae4ba45d5",
"value": "PROGBITS"
},
{
"category": "Other",
"comment": "",
"deleted": false,
"disable_correlation": true,
"object_relation": "size-in-bytes",
"timestamp": "1662993781",
"to_ids": false,
"type": "size-in-bytes",
"uuid": "abe3fed3-7827-4168-94e5-ce44cbc56e14",
"value": "44"
},
{
"category": "Other",
"comment": "",
"deleted": false,
"disable_correlation": true,
"object_relation": "entropy",
"timestamp": "1662993781",
"to_ids": false,
"type": "float",
"uuid": "b4475b79-6186-4637-af5f-93abba0a80a8",
"value": "4.2201287774332"
},
{
"category": "Payload delivery",
"comment": "",
"deleted": false,
"disable_correlation": false,
"object_relation": "md5",
"timestamp": "1662993781",
"to_ids": true,
"type": "md5",
"uuid": "7619101a-67bc-4144-bf98-192e7eef8763",
"value": "6f6d95a4c12c7805b3124c16c228db85"
},
{
"category": "Payload delivery",
"comment": "",
"deleted": false,
"disable_correlation": false,
"object_relation": "sha1",
"timestamp": "1662993781",
"to_ids": true,
"type": "sha1",
"uuid": "9d6c4c1b-0ce5-469b-90fd-714544291c9a",
"value": "b7fc517100b7584589b7ca9dd93deb5a9a5442c7"
},
{
"category": "Payload delivery",
"comment": "",
"deleted": false,
"disable_correlation": false,
"object_relation": "sha256",
"timestamp": "1662993781",
"to_ids": true,
"type": "sha256",
"uuid": "8d20cada-1d28-4def-804a-1cd95a85d85c",
"value": "559edef1eb0a98ef9e332e227436d743dbe24a5c84cdb7b83782573315ee42ac"
},
{
"category": "Payload delivery",
"comment": "",
"deleted": false,
"disable_correlation": false,
"object_relation": "sha512",
"timestamp": "1662993781",
"to_ids": true,
"type": "sha512",
"uuid": "edcacaa7-6812-4df3-b80f-0352739104ab",
"value": "a7c9ae31e35386890102bde433c8a469eec31b30609ef5fbdf282f5d7801fdbd335cc26cdadbf918cbbc0593f710c4c7c6ab0a615a5a6c4951912f2deb9dced7"
},
{
"category": "Payload delivery",
"comment": "",
"deleted": false,
"disable_correlation": false,
"object_relation": "ssdeep",
"timestamp": "1662993781",
"to_ids": true,
"type": "ssdeep",
"uuid": "b2003939-b999-4d89-807f-54ff635b444d",
"value": "3:DQfExLJWF5KuROICHhcln:qEN0KuROICBUn"
}
]
},
{
"comment": "",
"deleted": false,
"description": "Object describing a section of an Executable and Linkable Format",
"meta-category": "file",
"name": "elf-section",
"template_uuid": "ca271f32-1234-4e87-b240-6b6e882de5de",
"template_version": "4",
"timestamp": "1662993781",
"uuid": "d0f21b10-3917-464b-b045-608dcd9e5963",
"Attribute": [
{
"category": "Other",
"comment": "",
"deleted": false,
"disable_correlation": true,
"object_relation": "name",
"timestamp": "1662993781",
"to_ids": false,
"type": "text",
"uuid": "7ab2f199-24d5-4480-a21f-9a63a982730c",
"value": ".zdebug_info"
},
{
"category": "Other",
"comment": "",
"deleted": false,
"disable_correlation": true,
"object_relation": "type",
"timestamp": "1662993781",
"to_ids": false,
"type": "text",
"uuid": "108ce7f1-c4ca-4e05-bfc8-49d88c77c3ed",
"value": "PROGBITS"
},
{
"category": "Other",
"comment": "",
"deleted": false,
"disable_correlation": true,
"object_relation": "size-in-bytes",
"timestamp": "1662993781",
"to_ids": false,
"type": "size-in-bytes",
"uuid": "4c782292-d2f2-4b33-b129-758bfa9a9534",
"value": "236608"
},
{
"category": "Other",
"comment": "",
"deleted": false,
"disable_correlation": true,
"object_relation": "entropy",
"timestamp": "1662993781",
"to_ids": false,
"type": "float",
"uuid": "de33197c-2a1e-45f6-ba67-666a7f374a63",
"value": "7.9963573338824"
},
{
"category": "Payload delivery",
"comment": "",
"deleted": false,
"disable_correlation": false,
"object_relation": "md5",
"timestamp": "1662993781",
"to_ids": true,
"type": "md5",
"uuid": "6821deb5-3c16-4dad-b41b-88ecbb05e2c0",
"value": "73096a3e48d9957075617179467b0dc7"
},
{
"category": "Payload delivery",
"comment": "",
"deleted": false,
"disable_correlation": false,
"object_relation": "sha1",
"timestamp": "1662993781",
"to_ids": true,
"type": "sha1",
"uuid": "aa8ae00c-19eb-47fd-82ae-7e2776890e1f",
"value": "13407a0748b77ce3cb609f06ce5c6690a2483746"
},
{
"category": "Payload delivery",
"comment": "",
"deleted": false,
"disable_correlation": false,
"object_relation": "sha256",
"timestamp": "1662993781",
"to_ids": true,
"type": "sha256",
"uuid": "a219db54-c4dd-480f-b74a-fa3edb60718e",
"value": "3b6b6a9fd933bd9483cebce095eb29784f4fccfe881654c3c7d05baa880077fa"
},
{
"category": "Payload delivery",
"comment": "",
"deleted": false,
"disable_correlation": false,
"object_relation": "sha512",
"timestamp": "1662993781",
"to_ids": true,
"type": "sha512",
"uuid": "249db639-78c3-47c8-84d7-c56286039f1b",
"value": "e4ff94c4a490fd531a9f337acbcc1341145b54cd54d07c752257a463c1df4ad0ff10c5f7dae8732b7bed984ffefaf84ef0822216d1cffa314cd6aae7c9899985"
},
{
"category": "Payload delivery",
"comment": "",
"deleted": false,
"disable_correlation": false,
"object_relation": "ssdeep",
"timestamp": "1662993781",
"to_ids": true,
"type": "ssdeep",
"uuid": "2ca15815-cbdb-4cf7-af74-ce3edc2281fc",
"value": "6144:E/FuZdCxRd1/tSumYcE4XpIhjHkiTvIrHhHLH15W2:EQZUtSu+EkpIhjHLTviHhHLV5W2"
}
]
},
{
"comment": "",
"deleted": false,
"description": "Object describing a section of an Executable and Linkable Format",
"meta-category": "file",
"name": "elf-section",
"template_uuid": "ca271f32-1234-4e87-b240-6b6e882de5de",
"template_version": "4",
"timestamp": "1662993781",
"uuid": "7efdfc81-f628-47d5-a390-ec16011fb036",
"Attribute": [
{
"category": "Other",
"comment": "",
"deleted": false,
"disable_correlation": true,
"object_relation": "name",
"timestamp": "1662993781",
"to_ids": false,
"type": "text",
"uuid": "1753b6a8-746c-4e4c-bb8b-d618c71625c6",
"value": ".zdebug_loc"
},
{
"category": "Other",
"comment": "",
"deleted": false,
"disable_correlation": true,
"object_relation": "type",
"timestamp": "1662993781",
"to_ids": false,
"type": "text",
"uuid": "21bab6e1-3a63-4542-8730-89bfc3b554a6",
"value": "PROGBITS"
},
{
"category": "Other",
"comment": "",
"deleted": false,
"disable_correlation": true,
"object_relation": "size-in-bytes",
"timestamp": "1662993781",
"to_ids": false,
"type": "size-in-bytes",
"uuid": "942655be-054f-4a3a-a85b-4205b503081f",
"value": "115403"
},
{
"category": "Other",
"comment": "",
"deleted": false,
"disable_correlation": true,
"object_relation": "entropy",
"timestamp": "1662993781",
"to_ids": false,
"type": "float",
"uuid": "be25c5f5-9855-4e12-97e8-d0b20acd6b21",
"value": "7.9927665723987"
},
{
"category": "Payload delivery",
"comment": "",
"deleted": false,
"disable_correlation": false,
"object_relation": "md5",
"timestamp": "1662993781",
"to_ids": true,
"type": "md5",
"uuid": "92746089-e3e6-437b-920d-b38cd8bea05c",
"value": "ee706e00996a088c0a6707275331e160"
},
{
"category": "Payload delivery",
"comment": "",
"deleted": false,
"disable_correlation": false,
"object_relation": "sha1",
"timestamp": "1662993781",
"to_ids": true,
"type": "sha1",
"uuid": "50422e0f-af60-41f5-9229-c443d1ff3915",
"value": "a9be3738a61ccc56081c145c652277cbc884afee"
},
{
"category": "Payload delivery",
"comment": "",
"deleted": false,
"disable_correlation": false,
"object_relation": "sha256",
"timestamp": "1662993781",
"to_ids": true,
"type": "sha256",
"uuid": "dc99111e-0fa4-40fb-b4bf-e8712142202a",
"value": "e3fcc90b3d4905a12815381f1295c1a8552f0414be0270b39d8f70c344c4ff51"
},
{
"category": "Payload delivery",
"comment": "",
"deleted": false,
"disable_correlation": false,
"object_relation": "sha512",
"timestamp": "1662993781",
"to_ids": true,
"type": "sha512",
"uuid": "68f66b1a-4699-456f-a902-1ed7f3ce1234",
"value": "474bc2355db75e8fc7e96977ff80ef784a922806f1f86d151da412b221645f53bde8acf92f3228824774ae65f47ea07f11e8bececbc75ab4186ada2f6e9228a6"
},
{
"category": "Payload delivery",
"comment": "",
"deleted": false,
"disable_correlation": false,
"object_relation": "ssdeep",
"timestamp": "1662993782",
"to_ids": true,
"type": "ssdeep",
"uuid": "e2644712-005a-42aa-a660-f36cf4538759",
"value": "1536:PTywSjhnQX8DzHz7N6RcghJ4SUiQxP/ZNMl8kRCLS6Pli2uu5uCBUKQ8GnvxvI83:WThQwzT7Nrgh/4P/gbCLSg0jN1nvKTu5"
}
]
},
{
"comment": "",
"deleted": false,
"description": "Object describing a section of an Executable and Linkable Format",
"meta-category": "file",
"name": "elf-section",
"template_uuid": "ca271f32-1234-4e87-b240-6b6e882de5de",
"template_version": "4",
"timestamp": "1662993782",
"uuid": "be6c85f9-0493-4474-a28d-0927723fe5b2",
"Attribute": [
{
"category": "Other",
"comment": "",
"deleted": false,
"disable_correlation": true,
"object_relation": "name",
"timestamp": "1662993782",
"to_ids": false,
"type": "text",
"uuid": "43731937-8c95-4039-ac4a-d5e5f0b843c1",
"value": ".zdebug_ranges"
},
{
"category": "Other",
"comment": "",
"deleted": false,
"disable_correlation": true,
"object_relation": "type",
"timestamp": "1662993782",
"to_ids": false,
"type": "text",
"uuid": "b69d1888-985d-48a0-841d-2fe95fd9793d",
"value": "PROGBITS"
},
{
"category": "Other",
"comment": "",
"deleted": false,
"disable_correlation": true,
"object_relation": "size-in-bytes",
"timestamp": "1662993782",
"to_ids": false,
"type": "size-in-bytes",
"uuid": "aea7187f-17d9-4321-b25e-f01b905127fd",
"value": "43644"
},
{
"category": "Other",
"comment": "",
"deleted": false,
"disable_correlation": true,
"object_relation": "entropy",
"timestamp": "1662993782",
"to_ids": false,
"type": "float",
"uuid": "a2de56e6-d36c-4c94-8e7b-caf43d6f9e89",
"value": "7.8017992190193"
},
{
"category": "Payload delivery",
"comment": "",
"deleted": false,
"disable_correlation": false,
"object_relation": "md5",
"timestamp": "1662993782",
"to_ids": true,
"type": "md5",
"uuid": "07d0333b-cfd5-4e4f-a9b8-7a08f550f7b7",
"value": "6ab030fa6479d180ebcd3dbe82d95ee4"
},
{
"category": "Payload delivery",
"comment": "",
"deleted": false,
"disable_correlation": false,
"object_relation": "sha1",
"timestamp": "1662993782",
"to_ids": true,
"type": "sha1",
"uuid": "916c4f68-de5b-4118-9c4d-5a21eab0ceec",
"value": "019c172422bff38bda7196e46b6c400eee07d1a0"
},
{
"category": "Payload delivery",
"comment": "",
"deleted": false,
"disable_correlation": false,
"object_relation": "sha256",
"timestamp": "1662993782",
"to_ids": true,
"type": "sha256",
"uuid": "b2e71bab-6a5b-4663-a5e6-96dd0694f0eb",
"value": "31b06eb1ffd2131515315185b6427ac7f864ff154681ff28b75d656c46500ec0"
},
{
"category": "Payload delivery",
"comment": "",
"deleted": false,
"disable_correlation": false,
"object_relation": "sha512",
"timestamp": "1662993782",
"to_ids": true,
"type": "sha512",
"uuid": "91a2a50b-fa19-46b2-87c1-61b2da42bb78",
"value": "5ec3f522b213e9562a4564d8d92123f895905ae2efd42d99d1b2910dd8dab5ec939e285dc213958861ba73cc18df5ab262cf9e955781786d137cd47463b88e42"
},
{
"category": "Payload delivery",
"comment": "",
"deleted": false,
"disable_correlation": false,
"object_relation": "ssdeep",
"timestamp": "1662993782",
"to_ids": true,
"type": "ssdeep",
"uuid": "7eed6f79-e725-4828-9c2f-febc7b588946",
"value": "768:ZpSFAxtrKfrIguobhJseVXX1KNUHO//n8kvrVSUif4Y3A77ryU9kAj:ZpcqwrBbhJXX1Szvp7iw4K72A5j"
}
]
},
{
"comment": "",
"deleted": false,
"description": "Object describing a section of an Executable and Linkable Format",
"meta-category": "file",
"name": "elf-section",
"template_uuid": "ca271f32-1234-4e87-b240-6b6e882de5de",
"template_version": "4",
"timestamp": "1662993782",
"uuid": "85d9e171-534b-4471-b7a8-283384907889",
"Attribute": [
{
"category": "Other",
"comment": "",
"deleted": false,
"disable_correlation": true,
"object_relation": "name",
"timestamp": "1662993782",
"to_ids": false,
"type": "text",
"uuid": "94632538-5247-47d7-a1aa-a75b5297365d",
"value": ".note.go.buildid"
},
{
"category": "Other",
"comment": "",
"deleted": false,
"disable_correlation": true,
"object_relation": "type",
"timestamp": "1662993782",
"to_ids": false,
"type": "text",
"uuid": "bf50fa38-2b2b-4b15-ba3e-d480c833f45a",
"value": "NOTE"
},
{
"category": "Other",
"comment": "",
"deleted": false,
"disable_correlation": true,
"object_relation": "flag",
"timestamp": "1662993782",
"to_ids": false,
"type": "text",
"uuid": "fc76c8c7-9385-4c00-94f3-27cca9a9c9a4",
"value": "ALLOC"
},
{
"category": "Other",
"comment": "",
"deleted": false,
"disable_correlation": true,
"object_relation": "size-in-bytes",
"timestamp": "1662993782",
"to_ids": false,
"type": "size-in-bytes",
"uuid": "fbaf26ba-e224-452a-9815-80a1bf20dcf0",
"value": "100"
},
{
"category": "Other",
"comment": "",
"deleted": false,
"disable_correlation": true,
"object_relation": "entropy",
"timestamp": "1662993782",
"to_ids": false,
"type": "float",
"uuid": "5b8ad94c-2df5-4b45-a554-c92f69541772",
"value": "5.1282073152483"
},
{
"category": "Payload delivery",
"comment": "",
"deleted": false,
"disable_correlation": false,
"object_relation": "md5",
"timestamp": "1662993782",
"to_ids": true,
"type": "md5",
"uuid": "90595d1f-6685-48b4-b203-fd0564fe2d55",
"value": "181c6b48fcd850eede3ad175651a76a7"
},
{
"category": "Payload delivery",
"comment": "",
"deleted": false,
"disable_correlation": false,
"object_relation": "sha1",
"timestamp": "1662993782",
"to_ids": true,
"type": "sha1",
"uuid": "cde26785-b7fb-4737-8bf2-5612728d23f4",
"value": "7992363620d9463c515b6a590ae07d64c7ae12ea"
},
{
"category": "Payload delivery",
"comment": "",
"deleted": false,
"disable_correlation": false,
"object_relation": "sha256",
"timestamp": "1662993782",
"to_ids": true,
"type": "sha256",
"uuid": "e03f513b-35d5-4471-90a6-89f7d1994735",
"value": "30673d2bf9bce9a60e9fd1a27550fb456289d4549e247f1b363145529c8afed5"
},
{
"category": "Payload delivery",
"comment": "",
"deleted": false,
"disable_correlation": false,
"object_relation": "sha512",
"timestamp": "1662993782",
"to_ids": true,
"type": "sha512",
"uuid": "3814f68c-f48d-499a-8e93-21fdba8b13d8",
"value": "b3677b96a853a79d252495994c8e4c7f542ce53c0cdadc3655756bc465063f67379aa434848672c2624a4659f0252faade37c86f7046ddc3080d5bf5e84ee0b6"
},
{
"category": "Payload delivery",
"comment": "",
"deleted": false,
"disable_correlation": false,
"object_relation": "ssdeep",
"timestamp": "1662993782",
"to_ids": true,
"type": "ssdeep",
"uuid": "0c31e362-692f-4d45-86a3-a804766dbaa6",
"value": "3:il/J4K/4RCBiqITm6x2BIg7pDpM0cf37NaJ:il/2aKYifm6xF+O0cfrO"
}
]
},
{
"comment": "",
"deleted": false,
"description": "Object describing a section of an Executable and Linkable Format",
"meta-category": "file",
"name": "elf-section",
"template_uuid": "ca271f32-1234-4e87-b240-6b6e882de5de",
"template_version": "4",
"timestamp": "1662993782",
"uuid": "bea8b655-ac97-4fe0-b601-6a935509fd1c",
"Attribute": [
{
"category": "Other",
"comment": "",
"deleted": false,
"disable_correlation": true,
"object_relation": "name",
"timestamp": "1662993782",
"to_ids": false,
"type": "text",
"uuid": "bb94e66d-9e14-4c1f-a9b6-dbf5460910d9",
"value": ".symtab"
},
{
"category": "Other",
"comment": "",
"deleted": false,
"disable_correlation": true,
"object_relation": "type",
"timestamp": "1662993782",
"to_ids": false,
"type": "text",
"uuid": "f124e33f-1133-451d-a06f-ceb7354bf56f",
"value": "SYMTAB"
},
{
"category": "Other",
"comment": "",
"deleted": false,
"disable_correlation": true,
"object_relation": "size-in-bytes",
"timestamp": "1662993782",
"to_ids": false,
"type": "size-in-bytes",
"uuid": "f6ae5efc-ecec-46bd-8054-1166c045033b",
"value": "78168"
},
{
"category": "Other",
"comment": "",
"deleted": false,
"disable_correlation": true,
"object_relation": "entropy",
"timestamp": "1662993782",
"to_ids": false,
"type": "float",
"uuid": "c45045bc-328b-4da7-ac26-cbf1e63c932d",
"value": "3.2231523468674"
},
{
"category": "Payload delivery",
"comment": "",
"deleted": false,
"disable_correlation": false,
"object_relation": "md5",
"timestamp": "1662993782",
"to_ids": true,
"type": "md5",
"uuid": "e95614db-fe38-4c86-8cb1-88d56908437b",
"value": "60c1ce7d31595d19f77a0e5e52da5713"
},
{
"category": "Payload delivery",
"comment": "",
"deleted": false,
"disable_correlation": false,
"object_relation": "sha1",
"timestamp": "1662993782",
"to_ids": true,
"type": "sha1",
"uuid": "a29a3c6b-db63-47c6-b454-60af077f50e1",
"value": "1cc3c3a6034693c3e22c5a28d75a7b9bc15fe7df"
},
{
"category": "Payload delivery",
"comment": "",
"deleted": false,
"disable_correlation": false,
"object_relation": "sha256",
"timestamp": "1662993782",
"to_ids": true,
"type": "sha256",
"uuid": "b7f36243-7d6d-4384-b46e-885172ae5a3d",
"value": "0e4dafd06bf1133de730b5a6a75beab38d5ff371eb0a12605d3871bd762131c1"
},
{
"category": "Payload delivery",
"comment": "",
"deleted": false,
"disable_correlation": false,
"object_relation": "sha512",
"timestamp": "1662993782",
"to_ids": true,
"type": "sha512",
"uuid": "e38dbdca-2721-493c-9685-9a22ed1e069f",
"value": "a9dbd9a5af5f4080ddc3e803336c33a71b95824d78134ee68b72a36b89ae8b41221ce0baa19bd1ce76d1b927713d83cdee315bbd15f9961bf32b51b8269e2a43"
},
{
"category": "Payload delivery",
"comment": "",
"deleted": false,
"disable_correlation": false,
"object_relation": "ssdeep",
"timestamp": "1662993782",
"to_ids": true,
"type": "ssdeep",
"uuid": "900fe3f9-3c35-4c77-a61e-15f76afc3233",
"value": "768:GtFYoBNz6+plB6VqAHq5iFA0Uqr59H3SI7t1kYCGK9MziMDtACXswm+esXCVCowC:KFNRxukAHg6z5h3n7t1g2zFG19AY3"
}
]
},
{
"comment": "",
"deleted": false,
"description": "Object describing a section of an Executable and Linkable Format",
"meta-category": "file",
"name": "elf-section",
"template_uuid": "ca271f32-1234-4e87-b240-6b6e882de5de",
"template_version": "4",
"timestamp": "1662993782",
"uuid": "a75fbab5-5c56-4112-8d3d-da255941a91e",
"Attribute": [
{
"category": "Other",
"comment": "",
"deleted": false,
"disable_correlation": true,
"object_relation": "name",
"timestamp": "1662993782",
"to_ids": false,
"type": "text",
"uuid": "6198cc49-386c-49eb-badc-2efe7b7c49b4",
"value": ".strtab"
},
{
"category": "Other",
"comment": "",
"deleted": false,
"disable_correlation": true,
"object_relation": "type",
"timestamp": "1662993782",
"to_ids": false,
"type": "text",
"uuid": "469b8a6c-d214-4c9a-b266-317b3c06a130",
"value": "STRTAB"
},
{
"category": "Other",
"comment": "",
"deleted": false,
"disable_correlation": true,
"object_relation": "size-in-bytes",
"timestamp": "1662993782",
"to_ids": false,
"type": "size-in-bytes",
"uuid": "452e80a2-8b71-4895-8975-4b66ffe1f613",
"value": "75102"
},
{
"category": "Other",
"comment": "",
"deleted": false,
"disable_correlation": true,
"object_relation": "entropy",
"timestamp": "1662993782",
"to_ids": false,
"type": "float",
"uuid": "4f149bb7-0df5-4835-8e53-a79e18729329",
"value": "5.0471679965993"
},
{
"category": "Payload delivery",
"comment": "",
"deleted": false,
"disable_correlation": false,
"object_relation": "md5",
"timestamp": "1662993782",
"to_ids": true,
"type": "md5",
"uuid": "2bfaefc8-3a1d-40ad-92b3-54fbba201339",
"value": "3ed92bacf172cd5acf434635db0a6e99"
},
{
"category": "Payload delivery",
"comment": "",
"deleted": false,
"disable_correlation": false,
"object_relation": "sha1",
"timestamp": "1662993782",
"to_ids": true,
"type": "sha1",
"uuid": "151f9586-b12b-438b-be16-3ec16d8e02b7",
"value": "db2d53fab6b4a561658372813d12821062a7d60a"
},
{
"category": "Payload delivery",
"comment": "",
"deleted": false,
"disable_correlation": false,
"object_relation": "sha256",
"timestamp": "1662993782",
"to_ids": true,
"type": "sha256",
"uuid": "4a57efbe-398e-4c12-afb9-3e058cbc9775",
"value": "d52767839a909176c8dcec123d7f4deef558f47353f219137f3afb4fdf311f5e"
},
{
"category": "Payload delivery",
"comment": "",
"deleted": false,
"disable_correlation": false,
"object_relation": "sha512",
"timestamp": "1662993782",
"to_ids": true,
"type": "sha512",
"uuid": "efc7f5b5-7273-4ca7-a73b-06520d31117d",
"value": "19ad868d864cdfdd4def86c8385e088bd403587ed593b283898e89505ee382a106786b691d8be77bc913aa9edaa2043e6a050ca228b0c5987cd7faa9114bff79"
},
{
"category": "Payload delivery",
"comment": "",
"deleted": false,
"disable_correlation": false,
"object_relation": "ssdeep",
"timestamp": "1662993782",
"to_ids": true,
"type": "ssdeep",
"uuid": "9dff21e0-1aed-4a81-ae9d-616edce79f6e",
"value": "1536:VVCvOq72aHzZ5K1Ma3/bJx+O8Va2m4Xhw/w16cWHlPlToN:VVCT7TZ5qD+O8ValON"
}
]
},
{
"comment": "",
"deleted": false,
"description": "Object describing a Executable and Linkable Format",
"meta-category": "file",
"name": "elf",
"template_uuid": "fa6534ae-ad74-4ce0-8f23-15a66c82c7fa",
"template_version": "5",
"timestamp": "1662993783",
"uuid": "30fc9ba1-5c67-4f0e-bc2e-190385bbf94c",
"ObjectReference": [
{
"comment": "Section 0 of ELF",
"object_uuid": "30fc9ba1-5c67-4f0e-bc2e-190385bbf94c",
"referenced_uuid": "8847fb72-8125-4aaa-abd0-4166578e03ac",
2023-04-21 13:25:09 +00:00
"relationship_type": "includes",
2023-12-14 14:30:15 +00:00
"timestamp": "1662993782",
"uuid": "0fde0e08-ac57-4119-a404-d9dc1a73d1e1"
},
{
"comment": "Section 1 of ELF",
"object_uuid": "30fc9ba1-5c67-4f0e-bc2e-190385bbf94c",
"referenced_uuid": "78163fa7-83f0-47b3-a928-07c7c9ba6129",
2023-04-21 13:25:09 +00:00
"relationship_type": "includes",
2023-12-14 14:30:15 +00:00
"timestamp": "1662993782",
"uuid": "8f8636da-a449-4305-bb80-2b48c3b43d5b"
},
{
"comment": "Section 2 of ELF",
"object_uuid": "30fc9ba1-5c67-4f0e-bc2e-190385bbf94c",
"referenced_uuid": "35c65cc6-6518-4cde-a4b6-cec38544378e",
2023-04-21 13:25:09 +00:00
"relationship_type": "includes",
2023-12-14 14:30:15 +00:00
"timestamp": "1662993782",
"uuid": "25b8b09f-5d2f-46a6-9723-8662e72d3fde"
},
{
"comment": "Section 3 of ELF",
"object_uuid": "30fc9ba1-5c67-4f0e-bc2e-190385bbf94c",
"referenced_uuid": "31a3875d-3d00-470d-9eab-e935795182ae",
2023-04-21 13:25:09 +00:00
"relationship_type": "includes",
2023-12-14 14:30:15 +00:00
"timestamp": "1662993782",
"uuid": "7b628926-0c13-409b-8261-38cfc4a400af"
},
{
"comment": "Section 4 of ELF",
"object_uuid": "30fc9ba1-5c67-4f0e-bc2e-190385bbf94c",
"referenced_uuid": "00e353d5-9326-4c8d-9a60-5c8238e4aca3",
2023-04-21 13:25:09 +00:00
"relationship_type": "includes",
2023-12-14 14:30:15 +00:00
"timestamp": "1662993782",
"uuid": "a3187c2a-d3df-4de4-80f6-2fab913cd033"
},
{
"comment": "Section 5 of ELF",
"object_uuid": "30fc9ba1-5c67-4f0e-bc2e-190385bbf94c",
"referenced_uuid": "d38ccd29-55c6-4b3b-bd60-2dbab2f8297f",
2023-04-21 13:25:09 +00:00
"relationship_type": "includes",
2023-12-14 14:30:15 +00:00
"timestamp": "1662993782",
"uuid": "aaab3f22-be43-40c8-83f5-ee0963da9fc0"
},
{
"comment": "Section 6 of ELF",
"object_uuid": "30fc9ba1-5c67-4f0e-bc2e-190385bbf94c",
"referenced_uuid": "e7545497-50cc-4820-bf57-e33b3801fa54",
2023-04-21 13:25:09 +00:00
"relationship_type": "includes",
2023-12-14 14:30:15 +00:00
"timestamp": "1662993782",
"uuid": "913744dc-7af6-4a77-bf5e-2c879f58805c"
},
{
"comment": "Section 7 of ELF",
"object_uuid": "30fc9ba1-5c67-4f0e-bc2e-190385bbf94c",
"referenced_uuid": "4895ca7f-421c-4989-a3f9-b5b742ec3d41",
2023-04-21 13:25:09 +00:00
"relationship_type": "includes",
2023-12-14 14:30:15 +00:00
"timestamp": "1662993782",
"uuid": "5ca0353f-b457-4a73-a854-a91b23e0b510"
},
{
"comment": "Section 8 of ELF",
"object_uuid": "30fc9ba1-5c67-4f0e-bc2e-190385bbf94c",
"referenced_uuid": "ab8360ad-eba5-4e63-9bb4-e3c4a277065b",
2023-04-21 13:25:09 +00:00
"relationship_type": "includes",
2023-12-14 14:30:15 +00:00
"timestamp": "1662993782",
"uuid": "85001bd5-31c1-4c0c-bbcd-d199fc5e7d3c"
},
{
"comment": "Section 9 of ELF",
"object_uuid": "30fc9ba1-5c67-4f0e-bc2e-190385bbf94c",
"referenced_uuid": "f3c99379-9e7f-410f-a8bb-2c16f31ca224",
2023-04-21 13:25:09 +00:00
"relationship_type": "includes",
2023-12-14 14:30:15 +00:00
"timestamp": "1662993782",
"uuid": "169f4715-74f7-4cc2-8fbe-e59364877b16"
},
{
"comment": "Section 10 of ELF",
"object_uuid": "30fc9ba1-5c67-4f0e-bc2e-190385bbf94c",
"referenced_uuid": "4d143e2d-2ae6-4075-929c-55b703a3dc8b",
2023-04-21 13:25:09 +00:00
"relationship_type": "includes",
2023-12-14 14:30:15 +00:00
"timestamp": "1662993782",
"uuid": "596d2710-400a-41d8-87d4-c08b51745324"
},
{
"comment": "Section 11 of ELF",
"object_uuid": "30fc9ba1-5c67-4f0e-bc2e-190385bbf94c",
"referenced_uuid": "fe14160c-ea48-40c3-863e-1c4642119e30",
2023-04-21 13:25:09 +00:00
"relationship_type": "includes",
2023-12-14 14:30:15 +00:00
"timestamp": "1662993782",
"uuid": "2a801a8e-54f9-4e61-a566-0723c152e826"
},
{
"comment": "Section 12 of ELF",
"object_uuid": "30fc9ba1-5c67-4f0e-bc2e-190385bbf94c",
"referenced_uuid": "643684a3-9c11-49b4-b15c-1cd11e5eee7d",
2023-04-21 13:25:09 +00:00
"relationship_type": "includes",
2023-12-14 14:30:15 +00:00
"timestamp": "1662993782",
"uuid": "7275c131-a8d2-4812-b32e-2f7e4d0f5917"
},
{
"comment": "Section 13 of ELF",
"object_uuid": "30fc9ba1-5c67-4f0e-bc2e-190385bbf94c",
"referenced_uuid": "8392d8e8-a37f-43d4-a253-1866673d3a98",
2023-04-21 13:25:09 +00:00
"relationship_type": "includes",
2023-12-14 14:30:15 +00:00
"timestamp": "1662993782",
"uuid": "be402e83-8556-4032-9f88-aabda29c885a"
},
{
"comment": "Section 14 of ELF",
"object_uuid": "30fc9ba1-5c67-4f0e-bc2e-190385bbf94c",
"referenced_uuid": "fc3db4a6-26cd-4f2a-a94b-12c4f3ac31e6",
2023-04-21 13:25:09 +00:00
"relationship_type": "includes",
2023-12-14 14:30:15 +00:00
"timestamp": "1662993782",
"uuid": "af0233fa-3447-40f5-be21-909d29c2990c"
},
{
"comment": "Section 15 of ELF",
"object_uuid": "30fc9ba1-5c67-4f0e-bc2e-190385bbf94c",
"referenced_uuid": "d60e3399-e0df-4a6c-b190-20a8cc37235a",
2023-04-21 13:25:09 +00:00
"relationship_type": "includes",
2023-12-14 14:30:15 +00:00
"timestamp": "1662993782",
"uuid": "e6aee499-2eec-4266-830e-bf7c6569c4e9"
},
{
"comment": "Section 16 of ELF",
"object_uuid": "30fc9ba1-5c67-4f0e-bc2e-190385bbf94c",
"referenced_uuid": "4e17149a-e3e6-4747-999c-d3271f4e9647",
2023-04-21 13:25:09 +00:00
"relationship_type": "includes",
2023-12-14 14:30:15 +00:00
"timestamp": "1662993782",
"uuid": "a00e5b09-1a23-419e-b2a2-c067e0f8f2d3"
},
{
"comment": "Section 17 of ELF",
"object_uuid": "30fc9ba1-5c67-4f0e-bc2e-190385bbf94c",
"referenced_uuid": "77ab2c67-d278-498e-8072-8478dcf8ce7d",
2023-04-21 13:25:09 +00:00
"relationship_type": "includes",
2023-12-14 14:30:15 +00:00
"timestamp": "1662993782",
"uuid": "9fb000c2-09d6-4fff-a3ec-a79e5a4c0829"
},
{
"comment": "Section 18 of ELF",
"object_uuid": "30fc9ba1-5c67-4f0e-bc2e-190385bbf94c",
"referenced_uuid": "4e112835-f8f5-4e54-980d-cea083e23eaf",
2023-04-21 13:25:09 +00:00
"relationship_type": "includes",
2023-12-14 14:30:15 +00:00
"timestamp": "1662993782",
"uuid": "5b0bded4-bbd0-4414-83d6-1bc3869b4d2c"
},
{
"comment": "Section 19 of ELF",
"object_uuid": "30fc9ba1-5c67-4f0e-bc2e-190385bbf94c",
"referenced_uuid": "d0f21b10-3917-464b-b045-608dcd9e5963",
2023-04-21 13:25:09 +00:00
"relationship_type": "includes",
2023-12-14 14:30:15 +00:00
"timestamp": "1662993782",
"uuid": "865f9176-e4f4-4102-bdcc-7b5d9aa2d335"
},
{
"comment": "Section 20 of ELF",
"object_uuid": "30fc9ba1-5c67-4f0e-bc2e-190385bbf94c",
"referenced_uuid": "7efdfc81-f628-47d5-a390-ec16011fb036",
2023-04-21 13:25:09 +00:00
"relationship_type": "includes",
2023-12-14 14:30:15 +00:00
"timestamp": "1662993783",
"uuid": "56e0cdd9-f3c9-4e9b-9c3b-6d56a65b3a68"
},
{
"comment": "Section 21 of ELF",
"object_uuid": "30fc9ba1-5c67-4f0e-bc2e-190385bbf94c",
"referenced_uuid": "be6c85f9-0493-4474-a28d-0927723fe5b2",
2023-04-21 13:25:09 +00:00
"relationship_type": "includes",
2023-12-14 14:30:15 +00:00
"timestamp": "1662993783",
"uuid": "aa3343f5-41d4-4566-8334-a5b868afbceb"
},
{
"comment": "Section 22 of ELF",
"object_uuid": "30fc9ba1-5c67-4f0e-bc2e-190385bbf94c",
"referenced_uuid": "85d9e171-534b-4471-b7a8-283384907889",
2023-04-21 13:25:09 +00:00
"relationship_type": "includes",
2023-12-14 14:30:15 +00:00
"timestamp": "1662993783",
"uuid": "e733de81-0ad0-45e1-be70-4dec02c0a229"
},
{
"comment": "Section 23 of ELF",
"object_uuid": "30fc9ba1-5c67-4f0e-bc2e-190385bbf94c",
"referenced_uuid": "bea8b655-ac97-4fe0-b601-6a935509fd1c",
2023-04-21 13:25:09 +00:00
"relationship_type": "includes",
2023-12-14 14:30:15 +00:00
"timestamp": "1662993783",
"uuid": "2e8cbbf7-33de-446b-927d-0fd8109d46c3"
},
{
"comment": "Section 24 of ELF",
"object_uuid": "30fc9ba1-5c67-4f0e-bc2e-190385bbf94c",
"referenced_uuid": "a75fbab5-5c56-4112-8d3d-da255941a91e",
2023-04-21 13:25:09 +00:00
"relationship_type": "includes",
2023-12-14 14:30:15 +00:00
"timestamp": "1662993783",
"uuid": "5e0b6e9b-9c40-4a94-9ad6-061a9b2945e5"
}
],
"Attribute": [
{
"category": "Other",
"comment": "",
"deleted": false,
"disable_correlation": true,
"object_relation": "type",
"timestamp": "1662993782",
"to_ids": false,
"type": "text",
"uuid": "00f1e4f2-f9a7-46d9-87ee-935862571082",
"value": "EXECUTABLE"
},
{
"category": "Other",
"comment": "",
"deleted": false,
"disable_correlation": true,
"object_relation": "entrypoint-address",
"timestamp": "1662993782",
"to_ids": false,
"type": "text",
"uuid": "05680e71-5773-4edf-9837-89f2666cd9b4",
"value": "4615936"
},
{
"category": "Other",
"comment": "",
"deleted": false,
"disable_correlation": true,
"object_relation": "arch",
"timestamp": "1662993782",
"to_ids": false,
"type": "text",
"uuid": "d97d83bb-2ccc-4098-b1ff-6a2754998055",
"value": "x86_64"
},
{
"category": "Other",
"comment": "",
"deleted": false,
"disable_correlation": true,
"object_relation": "os_abi",
"timestamp": "1662993782",
"to_ids": false,
"type": "text",
"uuid": "7f5a6dd1-2399-42c1-8559-0dd1c0a60851",
"value": "SYSTEMV"
},
{
"category": "Other",
"comment": "",
"deleted": false,
"disable_correlation": true,
"object_relation": "number-sections",
"timestamp": "1662993782",
"to_ids": false,
"type": "counter",
"uuid": "c8a7549f-52ba-4076-89a9-94d1b4abf87f",
"value": "25"
}
]
},
{
"comment": "",
"deleted": false,
"description": "File object describing a file with meta-information",
"meta-category": "file",
"name": "file",
"template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215",
"template_version": "20",
"timestamp": "1662993783",
"uuid": "c1e8e21e-f823-495d-a919-b3c00d071a7c",
"ObjectReference": [
{
"comment": "ELF indicators",
"object_uuid": "c1e8e21e-f823-495d-a919-b3c00d071a7c",
"referenced_uuid": "30fc9ba1-5c67-4f0e-bc2e-190385bbf94c",
2023-04-21 13:25:09 +00:00
"relationship_type": "includes",
2023-12-14 14:30:15 +00:00
"timestamp": "1662993783",
"uuid": "160ad67b-5c62-492c-8bd5-e4ea60d73998"
}
],
"Attribute": [
{
"category": "Payload delivery",
"comment": "",
"deleted": false,
"disable_correlation": true,
"object_relation": "filename",
"timestamp": "1662993782",
"to_ids": true,
"type": "filename",
"uuid": "c809a235-1026-40fb-ae50-1f9c58037ece",
"value": "kik"
},
{
"category": "Other",
"comment": "",
"deleted": false,
"disable_correlation": true,
"object_relation": "size-in-bytes",
"timestamp": "1662993782",
"to_ids": false,
"type": "size-in-bytes",
"uuid": "8886c7de-89c0-4336-837c-69da69124284",
"value": "2365110"
},
{
"category": "Other",
"comment": "",
"deleted": false,
"disable_correlation": true,
"object_relation": "entropy",
"timestamp": "1662993782",
"to_ids": false,
"type": "float",
"uuid": "370066c9-9bb3-4e19-97d2-620371bb2266",
"value": "6.5858018193731"
},
{
"category": "Payload delivery",
"comment": "",
"deleted": false,
"disable_correlation": false,
"object_relation": "md5",
"timestamp": "1662993782",
"to_ids": true,
"type": "md5",
"uuid": "89e1adb2-5ff7-4479-81ff-c7692f4930a5",
"value": "163df28890e025dd2f46609e9ed24e3d"
},
{
"category": "Payload delivery",
"comment": "",
"deleted": false,
"disable_correlation": false,
"object_relation": "sha1",
"timestamp": "1662993782",
"to_ids": true,
"type": "sha1",
"uuid": "9ed59d39-794a-473b-906b-0f197fc241f6",
"value": "9f3f19639cd70c67293b6de157b076b130107dc2"
},
{
"category": "Payload delivery",
"comment": "",
"deleted": false,
"disable_correlation": false,
"object_relation": "sha256",
"timestamp": "1662993782",
"to_ids": true,
"type": "sha256",
"uuid": "c3a0b970-b529-461e-aa19-7c8ff1427bb2",
"value": "eaa1baf4e2e0dec786be25a7283799a0db99ecd40fb807f5b7d8afaeba8d6522"
},
{
"category": "Payload delivery",
"comment": "",
"deleted": false,
"disable_correlation": false,
"object_relation": "sha512",
"timestamp": "1662993782",
"to_ids": true,
"type": "sha512",
"uuid": "b9826c99-9e7e-4b71-9a4f-3f4054863a2a",
"value": "5773923178d6d3361c3f32573633cfc2619de31f4bc54f77214907ec075af7b4c4eca8e611f87c994101684f7e65c9228af7458af9c28da34dedfe39109d6c5f"
},
{
"category": "Payload delivery",
"comment": "",
"data": "UEsDBBQACQAIAGF1LFWULesZYroTALYWJAAgABwAMTYzZGYyODg5MGUwMjVkZDJmNDY2MDllOWVkMjRlM2RVVAkAA3ZFH2N2RR9jdXgLAAEEIQAAAAQhAAAA0XGBFdJ4IHtST0tcfqRX8YK8QRTl7YHu5vEZzvExkRcSlcIzGAWVTsqAkQtgd5+7jWm84sOjIABRcNczBpE3abS3IYEhq0pbGhdpRXwSLH9A8SqA8B2cyJ/BXL4fHQ/2W0soLaXE2IfKtIRC5uuZxnJDvZ13vq/er41RU0mjSmnpgwu93F6oagCpnh3wHRv71PlANs4EPWQoTd8QXYIi7Ai4FYf+sBnu4IckYryu/musIjVqygPrCwd/WcfKlA4dhn+k3yhZZwxk4WPu+1BbcCmshP7WaJajFmu11NB8Tf0dTqSFRW8gqXXOGlI191gOeKFwL+U4bftj0h5OJZAab2vSFav724JVQpcMSPKTspL4bETwTPkKGJcPFgn9iz0v3F0RlCLoFrZ/xZOI22IWBIl5Y+AF66heSadsbCug3ClkGuYiL54NPTGNvW3ZMEa0TLQLz4lVXT0TL/PqUtQ4qd42LT0kbq8Xe6E8QHaSsik6Y1fGy+DTCu7OTkMN/0CmZ+25zPqWSOj1IyopUFst3uushMDnnkwcgH6U6BQSrUjCQlPz5siN0xVXxTcPtWcK28M6tJsJ8kRSa1K3VQkiyPJX6dn75VQn5+8H8PwZgW81403JqxVV02WQ9vdP9vdmVZd11QVHqmih4VaMSJIbGjKHY29S11in9tNr1SpX8vCI24LrKul2CmZCbP3aN35x9gq1GnPqr29znvH22H4/4xPD0vdjSrmaS9cfv9lS8CfuJASNCHMwZXVDOzdkgD9GOsFul5Uvq+bCnGWsU2FYIkcHvMoOd1kVCvgmtNSYsA/uef6iY0RUh3agCzFxumJV5lvQY5p+MnXsgPcpwZHLfoOusPc0fbXWMXLuQxBf2VUKKW7Yr8vOW0cgE41bnVrCipiI0HXdIJKZ8IWbx/D5UkBvZmEn83/Wzp7zADGMKwbSq1RRSCg2VSGdw9xH7ri0LHiyoy3PxCVMUC/ulK0rh4452cXiTCKmMD3AXbqvib+ppl4PpqOrwc9EbcfxVrOIypz4hb56NGD/kEbKVnpJ5kUdPn1fGpxiEmKnKQT0I3g4r4d4K8yhgD3Er1AeNUyc3ST6Rij/hUL8ELL+9mcCR+ocxu0Iz8gV/VLFlFDaOSxWIqv4igRgTQh04zqtPGXEDwThwPvUCZr8QxT4M43ru6041eHHpzA9LnYptl5gfPbCorqHvgVaOGwJzS49usTYGTMhFvTyifbNER5tdHJTaujh08x0mRCJWSF85yCuKNLGcriFiEuUQckUrTwb2oILhsJU3N/4GJBG1s4MH6P0KR8D3a8vZwhAexcJiaG01TTglO1h5x4gG47S8E1MJYAC8tc0cUcWWEXBRNaFXAhzdBRF88MS4RJIUkcVuf0exYkuKK0IGTXTp23ygTkYWNziQMF44ZXqs61fzGf/O+ixa7K/xEfaeI8h7DqBDFwanMf0e/YDr54z6E/9jw0tpvEdu8yzTE9bCPDGr1nJTNxw0mGv0IGzWzznQ22WKbbMguiCy73IwpF6bXtAUZJqNEizbtotF1S88XCfELmUDK8IupMyxDY/RSHpM2FjEO5AogXElNeDs7Ia9Cocx4r+CTwpROAYFK5VaN+MDUwCE7GGwHs+fNb8PpWNUM7lERvqktcBvTfKe5RY3AK78+pfilywkxMEjMZ6HOhYkRvy2p3Uo6+UTnFG9XNuTk5RyvJqz4j+wTvgAiQ0zZpDwysB/lx2lMew3PqDdydvmXYPJyvV1x0Mx7UcWvvzI3JfQcIFPinlsw2TRxdKca6lZpjz2y7pXzJ8NIaNj8BW5y75FMpJegQFgCagrthNUcyDltY95B6StUXIuoDXC22Q0JgxIgk1DQjLpkj1OKZ47Xv9I4y/sYFNobv6YgfDlTiLGfvuwIaqLqycmKNZWNo/NYIZJMaX2IEY3IGmzv7XiFmEEOVfKf1EgBjUV2hPoiTHNH0gFZ5kse19ltCs1QGS9enIEcCWBndkN6+wXx38VZAjXazxE1y3boqgMQcBBpSqFTfmYPlY4oBx/TFno/rpstOFlN5OcqMW8bG7freNPU8shRUaP5FJiYBCn6ks9vnKcOEJRE4IxetgE12uXB4py9rHxZr/+lK0HiTqUZNIDk9rhZ6ZXoQ/eidmus4NxW6Qg0O5ajbmDZ6xw1kKEBCbnSaKCOwNCl55iHJA2YbxLxHY7ZxzDb+vwqGdQ96RPfzQf2xylhaJMisqCqFLB2BL0KyS71fYxBO4QaO4HoabqLXLU+WH9Se+Wcf1EPYlS0YeJmhdNRjJ39W/83hMnSjASZVQSLVTrxMX0oCd8vt243DZKA9X+wKN6fy14C2HuwGITLdhoRmw8fu9wgYpXrp0nRd0S3gZ0G+FDcya/QGitSW7dlGKUP3o69NG2ZFNfgwehZqWMXbGP7qBhLlF73BJbDcXsjGK6fJiJWkUH7pqT1gWhU68P38MRQ6VgRx4nLUY3awzNy60uh94uv5ptzUZKYqalED144/3y7Sn6nJKis2HFlApOceg+MRQ6sFg6x+qtwdARoLRvR4qwBQxkLSjNYn71dxVcc8dI7g/fM6x/AriRN+N/fKOhFY8hy1pMg7zqU9k1w8jqE/n1kLAvIuBr97XodM0uo2ud50bmRvRmxRjWY3Cq9aHlgPmy0/651BW86bt4iBiUsjPOn/D9j62rm9llO/DcMtRIh5nlCc09OqMl3WmwBaGRvh52OKAXqQBjWmMqoi6JbheYR+JZWlFkFcchuwXPwi5edb9mA8MCIbxgFCsWRdv0A0BwHfNi2+tuPIkXWuFHT5xqXvCtuqyVWSHg2nOY13HfVolsB1SWU3BC8Vh8PsA13rT/sAXTGoVGy/ZFl/QZRE/PM/xRXDrkMNhD+TWWRpGQokYARz+pvi/blYIR2vSSI8EVE3lbXFssV5Rf1BbQU1UZTqJHFYFzoqhU55bHxxyNopJogu2MfphFmnx0Vf4qrYDwHF/n/8IuuLuV+asN70mzMonqFkrby8cIR5mwE9z5Kg//ZnM5CVUhMLO6Xg2g8UUR96qTnQ5op9CwkoHodAj/Gd/C/4w7+eN38mgLAspaNqhqcPKg0wogAnZWE4k0yw1t6YaVMdnf95qxJXmCr/0oPnF8rBsa1T6DrKQAlqgaXuvMMnF6FcYjIUUItulEjyqPm06fZin3+CHMOW9hTRQ+NW+Mvbqkol2sgBCK2o+ikWt4jIvPttj7dvTilRKH08OWzxXBtvqa4kS8VDVBKr1TuFtY1kvLb6yitmvP2wnQtiSflNn2TC+n+QntYU9DY9R0SY4f/smC+iPC7BLWLAf+gZcbJKaqlNxSGnksn+SS5BxucNkxXdfFs0VO9nbBiMzViEXD0/6WeAqWeuGz09wBLWZnE8yzRWAN2REhBVFF6qlzu6KVehc/XreJJh2FZUHUf2mM1dFFPP7k8rOYrpJ0Nuqx7rozu2CW4LbI4Y4UJUp9Mpm4iUCAI28cfT1r3ylKdM1m310zCABrWuYqUVPyTTOnqB2A6BcxXyrPG6att7kJFTbGqmgibAlotmM5GYekuyK/SfwkE8L7iJWRKU88RPZ+iXP5pbWhws6AeCmBCCLJYrcmSi1u5oIgmRdh+FHQlmZAnVQ7MK0wUdSANHWq8ZVLS9rcKYO/7pQHZ1oQPeczymfJ+v7wgLZi9/USmt09ltNBtKXzpwN8MHHiVy0bZMOY51etgNcMBTNRDSwRwt0idj75WVTiJSa1wzJ3unxepOzXOsswyBOWSGOXxNqMNXUurN124AK/f4f2bJ9cFTIA8BGl8RJoPWzWOdz/+LCv/Ta65Qieh8IpjXre+Gbue19D8kZbEfQW86DzJxwiJ20apI8b6qz8RmNrxjUVJkaDKOo3OSu7V2U3IF+NRNfEkcqkC8xOiDm1MMURTKTH98Fl1OqCM8K260efmMiPVNMygjmQwmqCdMQKxIlpQL1sG
"deleted": false,
"disable_correlation": false,
"object_relation": "malware-sample",
"timestamp": "1662993782",
"to_ids": true,
"type": "malware-sample",
"uuid": "a21ee7da-d0c3-4ceb-a68e-1d59620e4d05",
"value": "kik|163df28890e025dd2f46609e9ed24e3d"
},
{
"category": "Artifacts dropped",
"comment": "",
"deleted": false,
"disable_correlation": true,
"object_relation": "mimetype",
"timestamp": "1662993782",
"to_ids": false,
"type": "mime-type",
"uuid": "22089262-02f1-4746-b3b4-d4ad3d36ca5a",
"value": "ELF 64-bit LSB executable, x86-64, version 1 (SYSV)"
},
{
"category": "Payload delivery",
"comment": "",
"deleted": false,
"disable_correlation": false,
"object_relation": "ssdeep",
"timestamp": "1662993782",
"to_ids": true,
"type": "ssdeep",
"uuid": "cc1b2a38-daa7-465b-af2b-7285c57b9038",
"value": "24576:E2HqrhGNtI14h5uwRJjHdPup75ExO4/boMdAkpIhfTUMmeI5L:E2HqrhGw1gu0JT5up75mT/bEkahbU95L"
}
]
},
{
"comment": "mining component control",
"deleted": false,
"description": "An IP address (or domain or hostname) and a port seen as a tuple (or as a triple) in a specific time frame.",
"meta-category": "network",
"name": "ip-port",
"template_uuid": "9f8cea74-16fe-4968-a2b4-026676949ac6",
"template_version": "9",
"timestamp": "1663050217",
"uuid": "c3873df4-3829-492a-8003-e17851563f38",
"Attribute": [
{
"category": "Network activity",
"comment": "",
"deleted": false,
"disable_correlation": true,
"object_relation": "dst-port",
"timestamp": "1663050217",
"to_ids": false,
"type": "port",
"uuid": "73c4d72d-2f69-439d-9dc1-2a6057472072",
"value": "4545"
},
{
"category": "Network activity",
"comment": "",
"deleted": false,
"disable_correlation": false,
"object_relation": "ip",
"timestamp": "1663050217",
"to_ids": true,
"type": "ip-dst",
"uuid": "9ae4553a-bd7d-4425-ba61-48b7faeea0d9",
"value": "106.251.252.226"
}
]
},
{
"comment": "",
"deleted": false,
"description": "An IP address (or domain or hostname) and a port seen as a tuple (or as a triple) in a specific time frame.",
"meta-category": "network",
"name": "ip-port",
"template_uuid": "9f8cea74-16fe-4968-a2b4-026676949ac6",
"template_version": "9",
"timestamp": "1663050339",
"uuid": "f5169a57-e7c1-45ae-aa1f-e7447ea823c4",
"Attribute": [
{
"category": "Network activity",
"comment": "",
"deleted": false,
"disable_correlation": true,
"object_relation": "dst-port",
"timestamp": "1663050339",
"to_ids": false,
"type": "port",
"uuid": "1b654ccd-bb4c-4170-b051-d10fab7c572d",
"value": "82"
},
{
"category": "Network activity",
"comment": "",
"deleted": false,
"disable_correlation": false,
"object_relation": "ip",
"timestamp": "1663050339",
"to_ids": true,
"type": "ip-dst",
"uuid": "de3f7689-c422-4395-8af7-a8399a70bbc0",
"value": "205.147.101.170"
}
]
},
{
"comment": "",
"deleted": false,
"description": "Credential describes one or more credential(s) including password(s), api key(s) or decryption key(s).",
"meta-category": "misc",
"name": "credential",
"template_uuid": "a27e98c9-9b0e-414c-8076-d201e039ca09",
"template_version": "4",
"timestamp": "1664443644",
"uuid": "49fdac04-cbb9-4602-b340-4352e70d22c7",
"Attribute": [
{
"category": "Other",
"comment": "",
"deleted": false,
"disable_correlation": true,
"object_relation": "text",
"timestamp": "1664443644",
"to_ids": false,
"type": "text",
"uuid": "fa203c2b-eefe-49d1-8a6c-40f6598a3f87",
"value": "gulf.moneroocean.stream:80"
},
{
"category": "Other",
"comment": "",
"deleted": false,
"disable_correlation": false,
"object_relation": "username",
"timestamp": "1664443644",
"to_ids": false,
"type": "text",
"uuid": "f9854122-300a-47ea-b62c-e87d71a33636",
"value": "42JKzDhbU76Wbf7JSDhomw6utwLr3N8tjZXLzLwvTcPuP5ZGZiJAHwnD7dNf2ZSAh52i9cUefq2nmLK3azKBffkBMX5b1LY"
},
{
"category": "Other",
"comment": "",
"deleted": false,
"disable_correlation": false,
"object_relation": "password",
"timestamp": "1664443644",
"to_ids": false,
"type": "text",
"uuid": "b4e417eb-e196-4717-8857-a36b1b888a33",
"value": "prx"
},
{
"category": "Other",
"comment": "",
"deleted": false,
"disable_correlation": true,
"object_relation": "type",
"timestamp": "1664443644",
"to_ids": false,
"type": "text",
"uuid": "daca3d9c-0a34-4671-8957-cf2a340566cb",
"value": "password"
},
{
"category": "Other",
"comment": "",
"deleted": false,
"disable_correlation": true,
"object_relation": "origin",
"timestamp": "1664443644",
"to_ids": false,
"type": "text",
"uuid": "654b129b-6e2e-406c-b8f1-94ba40a0fbb0",
"value": "malware-analysis"
},
{
"category": "Other",
"comment": "",
"deleted": false,
"disable_correlation": true,
"object_relation": "format",
"timestamp": "1664443644",
"to_ids": false,
"type": "text",
"uuid": "6502edb7-f4ae-482d-90e7-04175c4b55a1",
"value": "clear-text"
},
{
"category": "Other",
"comment": "",
"deleted": false,
"disable_correlation": true,
"object_relation": "notification",
"timestamp": "1664443644",
"to_ids": false,
"type": "text",
"uuid": "44cdff2e-4d4a-41f4-9345-865fd648b1c2",
"value": "none"
}
]
}
2023-04-21 13:25:09 +00:00
]
2023-12-14 14:30:15 +00:00
}
2023-04-21 13:25:09 +00:00
}