1 line
1.5 MiB
JSON
1 line
1.5 MiB
JSON
|
{"Event": {"info": "OSINT - GZipDe: An Encrypted Downloader Serving Metasploit", "Tag": [{"colour": "#ffffff", "exportable": true, "name": "tlp:white"}, {"colour": "#366c00", "exportable": true, "name": "circl:incident-classification=\"malware\""}, {"colour": "#00223b", "exportable": true, "name": "osint:source-type=\"blog-post\""}, {"colour": "#72003d", "exportable": true, "name": "workflow:todo=\"add-missing-misp-galaxy-cluster-values\""}, {"colour": "#3b0020", "exportable": true, "name": "workflow:todo=\"expansion\""}], "publish_timestamp": "0", "timestamp": "1529934229", "Object": [{"comment": "", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "uuid": "5b2cce26-9a8c-4a25-b350-43e2950d210f", "sharing_group_id": "0", "timestamp": "1529663014", "description": "File object describing a file with meta-information", "template_version": "11", "Attribute": [{"comment": "", "category": "Payload delivery", "uuid": "5b2cce27-5ca8-4244-a47d-44ca950d210f", "timestamp": "1529663015", "to_ids": true, "value": "951d9f3320da660593930d3425a9271b", "disable_correlation": false, "object_relation": "md5", "type": "md5"}, {"comment": "", "category": "Payload delivery", "uuid": "5b2cce27-d890-4faf-80ce-4012950d210f", "timestamp": "1529663015", "to_ids": true, "value": "6bd48d65d8e32d37a509080be53643791a5dcbbe", "disable_correlation": false, "object_relation": "sha1", "type": "sha1"}, {"comment": "", "category": "Payload delivery", "uuid": "5b2cce27-af74-4bca-a6c8-40a6950d210f", "timestamp": "1529663015", "to_ids": true, "value": "faf003c38758cf70b12bc4899714833e4713096c8f66163e753b3f0e70f2ba28", "disable_correlation": false, "object_relation": "sha256", "type": "sha256"}, {"comment": "", "category": "Other", "uuid": "5b2cce28-1d40-45e2-9638-4393950d210f", "timestamp": "1529663016", "to_ids": false, "value": "Malicious", "disable_correlation": true, "object_relation": "state", "type": "text"}, {"comment": "", "category": "Other", "uuid": "5b2cce28-a2e4-4cc1-b8ab-467e950d210f", "timestamp": "1529663016", "to_ids": false, "value": "60416", "disable_correlation": true, "object_relation": "size-in-bytes", "type": "size-in-bytes"}], "distribution": "5", "meta-category": "file", "name": "file"}, {"comment": "", "template_uuid": "cf7adecc-d4f0-4e88-9d90-f978ee151a07", "uuid": "5b2ce98e-aa64-4a50-ad47-f54e950d210f", "sharing_group_id": "0", "timestamp": "1529671370", "description": "Object describing a Portable Executable", "template_version": "3", "ObjectReference": [{"comment": "", "object_uuid": "5b2ce98e-aa64-4a50-ad47-f54e950d210f", "uuid": "5b2ceec6-6d1c-4dd1-afb3-4af4950d210f", "timestamp": "1529671366", "referenced_uuid": "5b2cee98-5da0-4606-882d-44e1950d210f", "relationship_type": "related-to"}], "Attribute": [{"comment": "", "category": "Other", "uuid": "5b2ce98e-a1f4-4869-8050-f54e950d210f", "timestamp": "1529670030", "to_ids": false, "value": "PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows", "disable_correlation": true, "object_relation": "text", "type": "text"}, {"comment": "", "category": "Other", "uuid": "5b2ce98e-b1bc-4bd6-9d0a-f54e950d210f", "timestamp": "1529670030", "to_ids": false, "value": "exe", "disable_correlation": true, "object_relation": "type", "type": "text"}, {"comment": "", "category": "Payload delivery", "uuid": "5b2ce98e-d520-4ba9-adc5-f54e950d210f", "timestamp": "1529670030", "to_ids": true, "value": "f34d5f2d4577ed6d9ceec516c1f5a744", "disable_correlation": false, "object_relation": "imphash", "type": "imphash"}, {"comment": "", "category": "Payload delivery", "uuid": "5b2ce98f-d870-4f07-85b7-f54e950d210f", "timestamp": "1529670031", "to_ids": true, "value": "aad3abd1afba000356bbc35a20351b2ab466bc8c", "disable_correlation": false, "object_relation": "pehash", "type": "pehash"}], "distribution": "5", "meta-category": "file", "name": "pe"}, {"comment": "", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "uuid": "5b2cee98-5da0-4606-882d-44e1950d210f", "sharing_group_id": "0", "timestamp": "1529673746", "description": "File object describing a file with meta-information", "tem
|