misp-circl-feed/feeds/circl/misp/5c38eb9d-a470-4466-8aa5-461802de0b81.json

1263 lines
45 KiB
JSON
Raw Normal View History

2023-04-21 13:25:09 +00:00
{
"Event": {
"analysis": "2",
"date": "2019-01-11",
"extends_uuid": "",
"info": "ServHelper and FlawedGrace - New malware introduced by TA505",
"publish_timestamp": "1547235309",
"published": true,
"threat_level_id": "2",
"timestamp": "1547235254",
"uuid": "5c38eb9d-a470-4466-8aa5-461802de0b81",
"Orgc": {
"name": "CIRCL",
"uuid": "55f6ea5e-2c60-40e5-964f-47a8950d210f"
},
"Tag": [
{
"colour": "#ffffff",
"name": "tlp:white"
}
],
"Attribute": [
{
"category": "External analysis",
"comment": "",
"deleted": false,
"disable_correlation": false,
"timestamp": "1547234229",
"to_ids": false,
"type": "link",
"uuid": "5c38ebb5-2b1c-43f9-b582-4ce402de0b81",
"value": "https://www.proofpoint.com/us/threat-insight/post/servhelper-and-flawedgrace-new-malware-introduced-ta505"
},
{
"category": "External analysis",
"comment": "",
"deleted": false,
"disable_correlation": false,
"timestamp": "1547234265",
"to_ids": false,
"type": "text",
"uuid": "5c38ebd9-1e0c-47f9-b3de-4e5f02de0b81",
"value": "For much of 2018, we observed threat actors increasingly distributing downloaders, backdoors, information stealers, remote access Trojans (RATs), and more as they abandoned ransomware as their primary payload. In November 2018, TA505, a prolific actor that has been at the forefront of this trend, began distributing a new backdoor we named \u00e2\u20ac\u0153ServHelper\u00e2\u20ac\u009d. ServHelper has two variants: one focused on remote desktop functions and a second that primarily functions as a downloader. Additionally we have observed the downloader variant download a malware we call \u00e2\u20ac\u0153FlawedGrace.\u00e2\u20ac\u009d FlawedGrace is a full-featured RAT that we first observed in November 2017. TA505 appears to be actively targeting banks, retail businesses, and restaurants as they distribute these malware families. This targeting falls in line with other activity we reported earlier in 2018.[1] [2]"
},
{
"category": "Payload delivery",
"comment": "November 9 \u00e2\u20ac\u0153Tunnel\u00e2\u20ac\u009d campaign attachment",
"deleted": false,
"disable_correlation": false,
"timestamp": "1547234344",
"to_ids": true,
"type": "sha256",
"uuid": "5c38ec28-4288-404a-8d79-409502de0b81",
"value": "52c72a9de2f6e892f07827add85ad913b0541cd5c8449aadc2722f8eb75e548c"
},
{
"category": "Network activity",
"comment": "November 9 \u00e2\u20ac\u0153Tunnel\u00e2\u20ac\u009d campaign payload",
"deleted": false,
"disable_correlation": false,
"timestamp": "1547234345",
"to_ids": true,
"type": "url",
"uuid": "5c38ec29-ca90-4d61-b587-483402de0b81",
"value": "http://officemysuppbox.com/staterepository"
},
{
"category": "Payload delivery",
"comment": "November 9 \u00e2\u20ac\u0153Tunnel\u00e2\u20ac\u009d campaign ServHelper",
"deleted": false,
"disable_correlation": false,
"timestamp": "1547234345",
"to_ids": true,
"type": "sha256",
"uuid": "5c38ec29-cbcc-426b-a112-479a02de0b81",
"value": "1b0859ddbdebcb9d2bb46de00d73aa21bc617614b8123054426556783b211bc8"
},
{
"category": "Network activity",
"comment": "November 9 \u00e2\u20ac\u0153Tunnel\u00e2\u20ac\u009d campaign ServHelper C&C",
"deleted": false,
"disable_correlation": false,
"timestamp": "1547234433",
"to_ids": true,
"type": "url",
"uuid": "5c38ec81-8114-453f-a76f-462c02de0b81",
"value": "https://checksolutions.pw/ghuae/huadh.php"
},
{
"category": "Network activity",
"comment": "November 9 \u00e2\u20ac\u0153Tunnel\u00e2\u20ac\u009d campaign ServHelper C&C",
"deleted": false,
"disable_correlation": false,
"timestamp": "1547234434",
"to_ids": true,
"type": "url",
"uuid": "5c38ec82-7328-43ae-a83c-4e0d02de0b81",
"value": "https://rgoianrdfa.pw/ghuae/huadh.php"
},
{
"category": "Network activity",
"comment": "November 9 \u00e2\u20ac\u0153Tunnel\u00e2\u20ac\u009d campaign ServHelper C&C",
"deleted": false,
"disable_correlation": false,
"timestamp": "1547234436",
"to_ids": true,
"type": "url",
"uuid": "5c38ec84-6238-4587-a4c2-47e802de0b81",
"value": "https://arhidsfderm.pw/ghuae/huadh.php"
},
{
"category": "Payload delivery",
"comment": "November 15 \u00e2\u20ac\u0153Downloader\u00e2\u20ac\u009d campaign attachment",
"deleted": false,
"disable_correlation": false,
"timestamp": "1547234502",
"to_ids": true,
"type": "sha256",
"uuid": "5c38ecc6-ad9c-4c16-8b57-406702de0b81",
"value": "eb66ebb95a3dcecae64c61f611a9332fbf460d1b8039d3ab7e4f220104a4bec4"
},
{
"category": "Network activity",
"comment": "November 15 \u00e2\u20ac\u0153Downloader\u00e2\u20ac\u009d campaign payload",
"deleted": false,
"disable_correlation": false,
"timestamp": "1547234503",
"to_ids": true,
"type": "url",
"uuid": "5c38ecc7-3d94-48ef-86dd-4af602de0b81",
"value": "http://offficebox.com/host32"
},
{
"category": "Payload delivery",
"comment": "November 15 \u00e2\u20ac\u0153Downloader\u00e2\u20ac\u009d campaign ServHelper",
"deleted": false,
"disable_correlation": false,
"timestamp": "1547234504",
"to_ids": true,
"type": "sha256",
"uuid": "5c38ecc8-9afc-4b51-a387-462b02de0b81",
"value": "3cd7e0a8321259e8446b2a9da775aae674715c74ff4923cfc8ec5102f380d41a"
},
{
"category": "Payload delivery",
"comment": "December 13 \u00e2\u20ac\u0153FlawedGrace\u00e2\u20ac\u009d campaign attachment",
"deleted": false,
"disable_correlation": false,
"timestamp": "1547234632",
"to_ids": true,
"type": "sha256",
"uuid": "5c38ed48-9170-4e7a-9c80-457902de0b81",
"value": "f4b9219f329803dd45afd5646351de456e608dd946830c961ec66c6c25e52cac"
},
{
"category": "Network activity",
"comment": "December 13 \u00e2\u20ac\u0153FlawedGrace\u00e2\u20ac\u009d campaign payload",
"deleted": false,
"disable_correlation": false,
"timestamp": "1547234633",
"to_ids": true,
"type": "url",
"uuid": "5c38ed49-f930-49d8-a74d-479002de0b81",
"value": "http://office365onlinehome.com/host32"
},
{
"category": "Payload delivery",
"comment": "December 13 \u00e2\u20ac\u0153FlawedGrace\u00e2\u20ac\u009d campaign ServHelper",
"deleted": false,
"disable_correlation": false,
"timestamp": "1547234635",
"to_ids": true,
"type": "sha256",
"uuid": "5c38ed4b-94a4-4a0a-99ed-493702de0b81",
"value": "d56429d6d0222022fe8f4cb35a28cd4fb83f87b666a186eb54d9785f01bb4b58"
},
{
"category": "Network activity",
"comment": "December 13 \u00e2\u20ac\u0153FlawedGrace\u00e2\u20ac\u009d campaign ServHelper C&C",
"deleted": false,
"disable_correlation": false,
"timestamp": "1547234636",
"to_ids": true,
"type": "url",
"uuid": "5c38ed4c-1850-4b83-acff-41a902de0b81",
"value": "https://afgdhjkrm.pw/aggdst/Hasrt.php"
},
{
"category": "Payload delivery",
"comment": "December 13 \u00e2\u20ac\u0153FlawedGrace\u00e2\u20ac\u009d campaign FlawedGrace",
"deleted": false,
"disable_correlation": false,
"timestamp": "1547234637",
"to_ids": true,
"type": "sha256",
"uuid": "5c38ed4d-4cfc-4dcb-9589-426502de0b81",
"value": "efcee275d23b6e71589452b1cb3095ff92b10ab68cd07957b2ad6be587647b74"
},
{
"category": "Network activity",
"comment": "On port 443 - December 13 \u00e2\u20ac\u0153FlawedGrace\u00e2\u20ac\u009d campaign FlawedGrace C&C",
"deleted": false,
"disable_correlation": false,
"timestamp": "1547234638",
"to_ids": true,
"type": "ip-dst|port",
"uuid": "5c38ed4e-a218-45c1-8b89-417302de0b81",
"value": "46.161.27.241|443"
},
{
"category": "Payload delivery",
"comment": "\u00e2\u20ac\u0153sethijack\u00e2\u20ac\u009d command ServHelper",
"deleted": false,
"disable_correlation": false,
"timestamp": "1547234683",
"to_ids": true,
"type": "sha256",
"uuid": "5c38ed7b-e224-4af8-9dc7-42ee02de0b81",
"value": "9fccd107bd0aee3a2f39ad76a49758309c95545d8154b808eec24d2b51dc4579"
},
{
"category": "Network activity",
"comment": "\u00e2\u20ac\u0153sethijack\u00e2\u20ac\u009d command ServHelper",
"deleted": false,
"disable_correlation": false,
"timestamp": "1547234684",
"to_ids": true,
"type": "url",
"uuid": "5c38ed7c-9934-48fb-bd11-468502de0b81",
"value": "http://dedsolutions.bit/sav/s.php"
},
{
"category": "Network activity",
"comment": "\u00e2\u20ac\u0153sethijack\u00e2\u20ac\u009d command ServHelper",
"deleted": false,
"disable_correlation": false,
"timestamp": "1547234684",
"to_ids": true,
"type": "url",
"uuid": "5c38ed7c-c294-4a13-8ca0-4a6c02de0b81",
"value": "http://dedoshop.pw/sav/s.php"
},
{
"category": "Network activity",
"comment": "\u00e2\u20ac\u0153sethijack\u00e2\u20ac\u009d command ServHelper",
"deleted": false,
"disable_correlation": false,
"timestamp": "1547234685",
"to_ids": true,
"type": "url",
"uuid": "5c38ed7d-78a4-4209-9d86-487802de0b81",
"value": "http://asgaage.pw/sav/s.php"
},
{
"category": "Network activity",
"comment": "\u00e2\u20ac\u0153sethijack\u00e2\u20ac\u009d command ServHelper",
"deleted": false,
"disable_correlation": false,
"timestamp": "1547234685",
"to_ids": true,
"type": "url",
"uuid": "5c38ed7d-5044-42a1-ad79-448802de0b81",
"value": "http://sghee.pw/sav/s.php"
},
{
"category": "Payload delivery",
"comment": "\u00e2\u20ac\u0153loaddll\u00e2\u20ac\u009d command ServHelper",
"deleted": false,
"disable_correlation": false,
"timestamp": "1547234729",
"to_ids": true,
"type": "sha256",
"uuid": "5c38eda9-e79c-4d21-81f8-f12202de0b81",
"value": "a9492312f1258567c3633ed077990fe053776cd576aa60ac7589c6bd7829d549"
},
{
"category": "Network activity",
"comment": "\u00e2\u20ac\u0153loaddll\u00e2\u20ac\u009d command ServHelper",
"deleted": false,
"disable_correlation": false,
"timestamp": "1547234730",
"to_ids": true,
"type": "url",
"uuid": "5c38edaa-4f38-4119-9419-f12202de0b81",
"value": "https://vesecase.com/support/form.php"
}
],
"Object": [
{
"comment": "",
"deleted": false,
"description": "File object describing a file with meta-information",
"meta-category": "file",
"name": "file",
"template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215",
"template_version": "11",
"timestamp": "1547235223",
"uuid": "93f50fcd-264a-4734-b4c0-bfec7f37860f",
"ObjectReference": [
{
"comment": "",
"object_uuid": "93f50fcd-264a-4734-b4c0-bfec7f37860f",
"referenced_uuid": "42ba88bf-bca8-4ff2-b33d-d23ce9877340",
"relationship_type": "analysed-with",
"timestamp": "1547235257",
"uuid": "5c38efb9-6818-4ef5-877b-461c02de0b81"
}
],
"Attribute": [
{
"category": "Payload delivery",
"comment": "",
"deleted": false,
"disable_correlation": false,
"object_relation": "md5",
"timestamp": "1547235223",
"to_ids": true,
"type": "md5",
"uuid": "d37db0d8-0b47-4dcf-974f-9139ab53714a",
"value": "4b9054475ff9aa15be35b42264715354"
},
{
"category": "Payload delivery",
"comment": "",
"deleted": false,
"disable_correlation": false,
"object_relation": "sha1",
"timestamp": "1547235223",
"to_ids": true,
"type": "sha1",
"uuid": "a7f9f74d-cabb-4dab-a78e-ac7d84332fab",
"value": "a088dfaee1779878353a1dc347a91a892e5dfd74"
},
{
"category": "Payload delivery",
"comment": "",
"deleted": false,
"disable_correlation": false,
"object_relation": "sha256",
"timestamp": "1547235224",
"to_ids": true,
"type": "sha256",
"uuid": "9fa0c5b3-d24b-4a0d-8535-65945b8de58c",
"value": "efcee275d23b6e71589452b1cb3095ff92b10ab68cd07957b2ad6be587647b74"
}
]
},
{
"comment": "",
"deleted": false,
"description": "VirusTotal report",
"meta-category": "misc",
"name": "virustotal-report",
"template_uuid": "d7dd0154-e04f-4c34-a2fb-79f3a3a52aa4",
"template_version": "2",
"timestamp": "1547235224",
"uuid": "42ba88bf-bca8-4ff2-b33d-d23ce9877340",
"Attribute": [
{
"category": "Other",
"comment": "",
"deleted": false,
"disable_correlation": false,
"object_relation": "last-submission",
"timestamp": "1547235225",
"to_ids": false,
"type": "datetime",
"uuid": "8a72aaeb-4f03-47e2-a3e4-adb505a7051b",
"value": "2019-01-11T18:46:42"
},
{
"category": "External analysis",
"comment": "",
"deleted": false,
"disable_correlation": false,
"object_relation": "permalink",
"timestamp": "1547235225",
"to_ids": false,
"type": "link",
"uuid": "7156ecf8-44d3-4ea7-b9ea-f06a090614d6",
"value": "https://www.virustotal.com/file/efcee275d23b6e71589452b1cb3095ff92b10ab68cd07957b2ad6be587647b74/analysis/1547232402/"
},
{
"category": "Other",
"comment": "",
"deleted": false,
"disable_correlation": true,
"object_relation": "detection-ratio",
"timestamp": "1547235225",
"to_ids": false,
"type": "text",
"uuid": "08a7810c-0763-4997-b152-80ddfc699815",
"value": "27/63"
}
]
},
{
"comment": "",
"deleted": false,
"description": "File object describing a file with meta-information",
"meta-category": "file",
"name": "file",
"template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215",
"template_version": "11",
"timestamp": "1547235225",
"uuid": "c14e45cb-8dfc-4140-b541-135402f6af96",
"ObjectReference": [
{
"comment": "",
"object_uuid": "c14e45cb-8dfc-4140-b541-135402f6af96",
"referenced_uuid": "7d6c516a-90e2-4597-9b08-c10fa4cd2a81",
"relationship_type": "analysed-with",
"timestamp": "1547235257",
"uuid": "5c38efb9-9c70-4f52-a04e-42ea02de0b81"
}
],
"Attribute": [
{
"category": "Payload delivery",
"comment": "",
"deleted": false,
"disable_correlation": false,
"object_relation": "md5",
"timestamp": "1547235226",
"to_ids": true,
"type": "md5",
"uuid": "06d4e9eb-a98f-4a85-b936-ec5eb0e0e835",
"value": "daf7d35eeed3058c821bde464913f9ca"
},
{
"category": "Payload delivery",
"comment": "",
"deleted": false,
"disable_correlation": false,
"object_relation": "sha1",
"timestamp": "1547235226",
"to_ids": true,
"type": "sha1",
"uuid": "6fe88569-9df9-49c5-a6c0-8d6a428b9b9b",
"value": "e2c8cb0d6a89b995a9ec77b2838863c08e33d6a5"
},
{
"category": "Payload delivery",
"comment": "",
"deleted": false,
"disable_correlation": false,
"object_relation": "sha256",
"timestamp": "1547235226",
"to_ids": true,
"type": "sha256",
"uuid": "b5f72d32-8b4a-4aff-b7a4-a82d4bea94a3",
"value": "9fccd107bd0aee3a2f39ad76a49758309c95545d8154b808eec24d2b51dc4579"
}
]
},
{
"comment": "",
"deleted": false,
"description": "VirusTotal report",
"meta-category": "misc",
"name": "virustotal-report",
"template_uuid": "d7dd0154-e04f-4c34-a2fb-79f3a3a52aa4",
"template_version": "2",
"timestamp": "1547235227",
"uuid": "7d6c516a-90e2-4597-9b08-c10fa4cd2a81",
"Attribute": [
{
"category": "Other",
"comment": "",
"deleted": false,
"disable_correlation": false,
"object_relation": "last-submission",
"timestamp": "1547235227",
"to_ids": false,
"type": "datetime",
"uuid": "589de291-5218-445f-8af9-6b3e8e0d4cf1",
"value": "2019-01-11T09:15:15"
},
{
"category": "External analysis",
"comment": "",
"deleted": false,
"disable_correlation": false,
"object_relation": "permalink",
"timestamp": "1547235228",
"to_ids": false,
"type": "link",
"uuid": "e9665877-4b83-4dcb-b524-c1ec6348aaa3",
"value": "https://www.virustotal.com/file/9fccd107bd0aee3a2f39ad76a49758309c95545d8154b808eec24d2b51dc4579/analysis/1547198115/"
},
{
"category": "Other",
"comment": "",
"deleted": false,
"disable_correlation": true,
"object_relation": "detection-ratio",
"timestamp": "1547235228",
"to_ids": false,
"type": "text",
"uuid": "0a6d3f73-b8f8-4f65-90ca-e98976f2b898",
"value": "43/68"
}
]
},
{
"comment": "",
"deleted": false,
"description": "File object describing a file with meta-information",
"meta-category": "file",
"name": "file",
"template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215",
"template_version": "11",
"timestamp": "1547235228",
"uuid": "35fdb030-5cd9-4621-b76c-2dfab467bc3b",
"ObjectReference": [
{
"comment": "",
"object_uuid": "35fdb030-5cd9-4621-b76c-2dfab467bc3b",
"referenced_uuid": "c8cbc23d-0f33-4643-977f-fe2fd3da8a19",
"relationship_type": "analysed-with",
"timestamp": "1547235257",
"uuid": "5c38efb9-0900-4615-8cba-4f7a02de0b81"
}
],
"Attribute": [
{
"category": "Payload delivery",
"comment": "",
"deleted": false,
"disable_correlation": false,
"object_relation": "md5",
"timestamp": "1547235228",
"to_ids": true,
"type": "md5",
"uuid": "5783ce23-2253-4595-bafa-4b4e6d209b7e",
"value": "5cd4aecb962528166ad1a0b72f675c44"
},
{
"category": "Payload delivery",
"comment": "",
"deleted": false,
"disable_correlation": false,
"object_relation": "sha1",
"timestamp": "1547235229",
"to_ids": true,
"type": "sha1",
"uuid": "67f6728e-466f-4dc7-9da1-6cde3a9058c5",
"value": "1242dc4d1ece26ef15dc3bdb8ed13e8b04d6a178"
},
{
"category": "Payload delivery",
"comment": "",
"deleted": false,
"disable_correlation": false,
"object_relation": "sha256",
"timestamp": "1547235229",
"to_ids": true,
"type": "sha256",
"uuid": "f8d4664e-189d-4b53-afc6-e7c5482defc4",
"value": "1b0859ddbdebcb9d2bb46de00d73aa21bc617614b8123054426556783b211bc8"
}
]
},
{
"comment": "",
"deleted": false,
"description": "VirusTotal report",
"meta-category": "misc",
"name": "virustotal-report",
"template_uuid": "d7dd0154-e04f-4c34-a2fb-79f3a3a52aa4",
"template_version": "2",
"timestamp": "1547235230",
"uuid": "c8cbc23d-0f33-4643-977f-fe2fd3da8a19",
"Attribute": [
{
"category": "Other",
"comment": "",
"deleted": false,
"disable_correlation": false,
"object_relation": "last-submission",
"timestamp": "1547235230",
"to_ids": false,
"type": "datetime",
"uuid": "c41b5480-eac8-4ba5-b286-a39a2b93b45a",
"value": "2019-01-11T09:32:27"
},
{
"category": "External analysis",
"comment": "",
"deleted": false,
"disable_correlation": false,
"object_relation": "permalink",
"timestamp": "1547235230",
"to_ids": false,
"type": "link",
"uuid": "5e9a3b2e-2b50-4563-9093-17602afa0130",
"value": "https://www.virustotal.com/file/1b0859ddbdebcb9d2bb46de00d73aa21bc617614b8123054426556783b211bc8/analysis/1547199147/"
},
{
"category": "Other",
"comment": "",
"deleted": false,
"disable_correlation": true,
"object_relation": "detection-ratio",
"timestamp": "1547235231",
"to_ids": false,
"type": "text",
"uuid": "69071e5c-1be3-4edf-b07b-f87e150428b7",
"value": "43/69"
}
]
},
{
"comment": "",
"deleted": false,
"description": "File object describing a file with meta-information",
"meta-category": "file",
"name": "file",
"template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215",
"template_version": "11",
"timestamp": "1547235231",
"uuid": "0d6c7429-1495-4d3f-bfe1-d3834a273606",
"ObjectReference": [
{
"comment": "",
"object_uuid": "0d6c7429-1495-4d3f-bfe1-d3834a273606",
"referenced_uuid": "9dd16ec7-f062-459f-968c-c5bb43d3a327",
"relationship_type": "analysed-with",
"timestamp": "1547235257",
"uuid": "5c38efb9-f7cc-4ea3-aa55-4e0002de0b81"
}
],
"Attribute": [
{
"category": "Payload delivery",
"comment": "",
"deleted": false,
"disable_correlation": false,
"object_relation": "md5",
"timestamp": "1547235231",
"to_ids": true,
"type": "md5",
"uuid": "cbfd2fb5-184f-4052-9cec-f7e1dc9d1ef4",
"value": "db0b9554ef0c4b3004c2cdb43a9fb020"
},
{
"category": "Payload delivery",
"comment": "",
"deleted": false,
"disable_correlation": false,
"object_relation": "sha1",
"timestamp": "1547235231",
"to_ids": true,
"type": "sha1",
"uuid": "36a32ac2-0ab1-4d9c-ad07-111851271352",
"value": "2f760f967f042827cda567fa07713371d746aa11"
},
{
"category": "Payload delivery",
"comment": "",
"deleted": false,
"disable_correlation": false,
"object_relation": "sha256",
"timestamp": "1547235232",
"to_ids": true,
"type": "sha256",
"uuid": "8aaa4d01-99d0-403b-8a3f-f6a26d52c502",
"value": "52c72a9de2f6e892f07827add85ad913b0541cd5c8449aadc2722f8eb75e548c"
}
]
},
{
"comment": "",
"deleted": false,
"description": "VirusTotal report",
"meta-category": "misc",
"name": "virustotal-report",
"template_uuid": "d7dd0154-e04f-4c34-a2fb-79f3a3a52aa4",
"template_version": "2",
"timestamp": "1547235232",
"uuid": "9dd16ec7-f062-459f-968c-c5bb43d3a327",
"Attribute": [
{
"category": "Other",
"comment": "",
"deleted": false,
"disable_correlation": false,
"object_relation": "last-submission",
"timestamp": "1547235232",
"to_ids": false,
"type": "datetime",
"uuid": "d4da3848-cf16-4df4-9301-83f9b703e5a0",
"value": "2019-01-11T09:02:13"
},
{
"category": "External analysis",
"comment": "",
"deleted": false,
"disable_correlation": false,
"object_relation": "permalink",
"timestamp": "1547235233",
"to_ids": false,
"type": "link",
"uuid": "75d2b444-f984-4e6b-b32b-5f6588f4eb5c",
"value": "https://www.virustotal.com/file/52c72a9de2f6e892f07827add85ad913b0541cd5c8449aadc2722f8eb75e548c/analysis/1547197333/"
},
{
"category": "Other",
"comment": "",
"deleted": false,
"disable_correlation": true,
"object_relation": "detection-ratio",
"timestamp": "1547235233",
"to_ids": false,
"type": "text",
"uuid": "1d1f3b46-6c15-4450-9871-039ddc29078f",
"value": "37/58"
}
]
},
{
"comment": "",
"deleted": false,
"description": "File object describing a file with meta-information",
"meta-category": "file",
"name": "file",
"template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215",
"template_version": "11",
"timestamp": "1547235233",
"uuid": "dc0e2eae-79dc-496c-8e6f-51c6a3f7b419",
"ObjectReference": [
{
"comment": "",
"object_uuid": "dc0e2eae-79dc-496c-8e6f-51c6a3f7b419",
"referenced_uuid": "8d3be9f6-584f-4b1d-bfbf-c9dff2c08ad7",
"relationship_type": "analysed-with",
"timestamp": "1547235257",
"uuid": "5c38efb9-f914-4e0f-a194-41b602de0b81"
}
],
"Attribute": [
{
"category": "Payload delivery",
"comment": "",
"deleted": false,
"disable_correlation": false,
"object_relation": "md5",
"timestamp": "1547235233",
"to_ids": true,
"type": "md5",
"uuid": "da4090ad-66ca-4b0a-bf25-167cfef511a5",
"value": "a6563a927d925b1231deaa090403bc9a"
},
{
"category": "Payload delivery",
"comment": "",
"deleted": false,
"disable_correlation": false,
"object_relation": "sha1",
"timestamp": "1547235234",
"to_ids": true,
"type": "sha1",
"uuid": "f094be33-d8e9-40ff-9907-4405b8e1d4fb",
"value": "e501be071953aa308faad656cfa2d73a3902d8a4"
},
{
"category": "Payload delivery",
"comment": "",
"deleted": false,
"disable_correlation": false,
"object_relation": "sha256",
"timestamp": "1547235234",
"to_ids": true,
"type": "sha256",
"uuid": "b7555159-7a4f-48d7-a8df-15808f42980b",
"value": "a9492312f1258567c3633ed077990fe053776cd576aa60ac7589c6bd7829d549"
}
]
},
{
"comment": "",
"deleted": false,
"description": "VirusTotal report",
"meta-category": "misc",
"name": "virustotal-report",
"template_uuid": "d7dd0154-e04f-4c34-a2fb-79f3a3a52aa4",
"template_version": "2",
"timestamp": "1547235235",
"uuid": "8d3be9f6-584f-4b1d-bfbf-c9dff2c08ad7",
"Attribute": [
{
"category": "Other",
"comment": "",
"deleted": false,
"disable_correlation": false,
"object_relation": "last-submission",
"timestamp": "1547235235",
"to_ids": false,
"type": "datetime",
"uuid": "d0f5ecbe-6c20-4b4d-8170-ba4e93d94ebb",
"value": "2019-01-11T09:12:29"
},
{
"category": "External analysis",
"comment": "",
"deleted": false,
"disable_correlation": false,
"object_relation": "permalink",
"timestamp": "1547235235",
"to_ids": false,
"type": "link",
"uuid": "cb9a7cb0-5e67-4e8d-a706-4ea332ac156e",
"value": "https://www.virustotal.com/file/a9492312f1258567c3633ed077990fe053776cd576aa60ac7589c6bd7829d549/analysis/1547197949/"
},
{
"category": "Other",
"comment": "",
"deleted": false,
"disable_correlation": true,
"object_relation": "detection-ratio",
"timestamp": "1547235236",
"to_ids": false,
"type": "text",
"uuid": "8c082351-3562-4c7e-b5bf-057e81fad3da",
"value": "30/70"
}
]
},
{
"comment": "",
"deleted": false,
"description": "File object describing a file with meta-information",
"meta-category": "file",
"name": "file",
"template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215",
"template_version": "11",
"timestamp": "1547235236",
"uuid": "9e493185-b642-4a33-9cc1-0b141391605d",
"ObjectReference": [
{
"comment": "",
"object_uuid": "9e493185-b642-4a33-9cc1-0b141391605d",
"referenced_uuid": "6624c405-ed32-4075-9501-29967d631716",
"relationship_type": "analysed-with",
"timestamp": "1547235257",
"uuid": "5c38efb9-9c04-4fef-b4e6-47e702de0b81"
}
],
"Attribute": [
{
"category": "Payload delivery",
"comment": "",
"deleted": false,
"disable_correlation": false,
"object_relation": "md5",
"timestamp": "1547235236",
"to_ids": true,
"type": "md5",
"uuid": "0047f237-4e10-4df8-a694-39b6990e5674",
"value": "bf4ea62bb7117b1d5f31873c84a95f5a"
},
{
"category": "Payload delivery",
"comment": "",
"deleted": false,
"disable_correlation": false,
"object_relation": "sha1",
"timestamp": "1547235236",
"to_ids": true,
"type": "sha1",
"uuid": "0e2f24dc-bc59-4b7e-8369-d398ca89e570",
"value": "3fc7d7f1d47b2ac971d778f580cf64a112127aa9"
},
{
"category": "Payload delivery",
"comment": "",
"deleted": false,
"disable_correlation": false,
"object_relation": "sha256",
"timestamp": "1547235237",
"to_ids": true,
"type": "sha256",
"uuid": "2d9e790e-ffd3-4195-a175-b3440e718d2c",
"value": "f4b9219f329803dd45afd5646351de456e608dd946830c961ec66c6c25e52cac"
}
]
},
{
"comment": "",
"deleted": false,
"description": "VirusTotal report",
"meta-category": "misc",
"name": "virustotal-report",
"template_uuid": "d7dd0154-e04f-4c34-a2fb-79f3a3a52aa4",
"template_version": "2",
"timestamp": "1547235237",
"uuid": "6624c405-ed32-4075-9501-29967d631716",
"Attribute": [
{
"category": "Other",
"comment": "",
"deleted": false,
"disable_correlation": false,
"object_relation": "last-submission",
"timestamp": "1547235237",
"to_ids": false,
"type": "datetime",
"uuid": "f70d9f53-8238-4721-9518-5eddacb58d1b",
"value": "2019-01-11T10:52:12"
},
{
"category": "External analysis",
"comment": "",
"deleted": false,
"disable_correlation": false,
"object_relation": "permalink",
"timestamp": "1547235238",
"to_ids": false,
"type": "link",
"uuid": "d34102bb-440b-4393-b738-9ae187d0fefe",
"value": "https://www.virustotal.com/file/f4b9219f329803dd45afd5646351de456e608dd946830c961ec66c6c25e52cac/analysis/1547203932/"
},
{
"category": "Other",
"comment": "",
"deleted": false,
"disable_correlation": true,
"object_relation": "detection-ratio",
"timestamp": "1547235238",
"to_ids": false,
"type": "text",
"uuid": "b35598ba-ea92-4b89-97ae-fe5379e4a3f7",
"value": "9/58"
}
]
},
{
"comment": "",
"deleted": false,
"description": "File object describing a file with meta-information",
"meta-category": "file",
"name": "file",
"template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215",
"template_version": "11",
"timestamp": "1547235238",
"uuid": "40d64a11-4524-4a53-b736-9326233a65d9",
"ObjectReference": [
{
"comment": "",
"object_uuid": "40d64a11-4524-4a53-b736-9326233a65d9",
"referenced_uuid": "6a7c6829-6213-4f4a-9141-eb2394cd32a7",
"relationship_type": "analysed-with",
"timestamp": "1547235257",
"uuid": "5c38efb9-df38-4b99-b8e1-4b0402de0b81"
}
],
"Attribute": [
{
"category": "Payload delivery",
"comment": "",
"deleted": false,
"disable_correlation": false,
"object_relation": "md5",
"timestamp": "1547235238",
"to_ids": true,
"type": "md5",
"uuid": "28103ef5-bc72-4611-a1bc-b7f4ee871232",
"value": "0f459932b21d0c6dfcc199951058c0a5"
},
{
"category": "Payload delivery",
"comment": "",
"deleted": false,
"disable_correlation": false,
"object_relation": "sha1",
"timestamp": "1547235239",
"to_ids": true,
"type": "sha1",
"uuid": "c02f4009-4a3d-4df8-9888-7839fa1b1e62",
"value": "9ff00fe5f0921a6a591b7db3a1838834348e123d"
},
{
"category": "Payload delivery",
"comment": "",
"deleted": false,
"disable_correlation": false,
"object_relation": "sha256",
"timestamp": "1547235239",
"to_ids": true,
"type": "sha256",
"uuid": "5af6bd13-94a4-4baf-a393-5de82bea149f",
"value": "3cd7e0a8321259e8446b2a9da775aae674715c74ff4923cfc8ec5102f380d41a"
}
]
},
{
"comment": "",
"deleted": false,
"description": "VirusTotal report",
"meta-category": "misc",
"name": "virustotal-report",
"template_uuid": "d7dd0154-e04f-4c34-a2fb-79f3a3a52aa4",
"template_version": "2",
"timestamp": "1547235241",
"uuid": "6a7c6829-6213-4f4a-9141-eb2394cd32a7",
"Attribute": [
{
"category": "Other",
"comment": "",
"deleted": false,
"disable_correlation": false,
"object_relation": "last-submission",
"timestamp": "1547235241",
"to_ids": false,
"type": "datetime",
"uuid": "a508cd3f-eb30-450e-82ea-6eac3d988f84",
"value": "2019-01-11T09:13:28"
},
{
"category": "External analysis",
"comment": "",
"deleted": false,
"disable_correlation": false,
"object_relation": "permalink",
"timestamp": "1547235242",
"to_ids": false,
"type": "link",
"uuid": "7138648d-6ba2-4f2d-aeca-1fe74de7801e",
"value": "https://www.virustotal.com/file/3cd7e0a8321259e8446b2a9da775aae674715c74ff4923cfc8ec5102f380d41a/analysis/1547198008/"
},
{
"category": "Other",
"comment": "",
"deleted": false,
"disable_correlation": true,
"object_relation": "detection-ratio",
"timestamp": "1547235243",
"to_ids": false,
"type": "text",
"uuid": "5466e6ec-78e0-4762-bb46-3112333840a2",
"value": "40/70"
}
]
},
{
"comment": "",
"deleted": false,
"description": "File object describing a file with meta-information",
"meta-category": "file",
"name": "file",
"template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215",
"template_version": "11",
"timestamp": "1547235243",
"uuid": "4170ad0b-e0f8-4246-8505-63d85a0e84bd",
"ObjectReference": [
{
"comment": "",
"object_uuid": "4170ad0b-e0f8-4246-8505-63d85a0e84bd",
"referenced_uuid": "8d4ff865-dbce-44b3-86ac-0e461519ea20",
"relationship_type": "analysed-with",
"timestamp": "1547235257",
"uuid": "5c38efb9-1220-45d5-a097-469502de0b81"
}
],
"Attribute": [
{
"category": "Payload delivery",
"comment": "",
"deleted": false,
"disable_correlation": false,
"object_relation": "md5",
"timestamp": "1547235243",
"to_ids": true,
"type": "md5",
"uuid": "859b804b-5434-418f-9873-587ecf464add",
"value": "b811a63eaa3f6a76d4176a64655c086f"
},
{
"category": "Payload delivery",
"comment": "",
"deleted": false,
"disable_correlation": false,
"object_relation": "sha1",
"timestamp": "1547235245",
"to_ids": true,
"type": "sha1",
"uuid": "9f794af6-9c18-4ee3-a960-c4b7ccd8a8e0",
"value": "45f3b9f49d4c680de6fdede99427289a11317aa0"
},
{
"category": "Payload delivery",
"comment": "",
"deleted": false,
"disable_correlation": false,
"object_relation": "sha256",
"timestamp": "1547235246",
"to_ids": true,
"type": "sha256",
"uuid": "47de8a0b-b871-402e-83d8-7aa9667ef3fb",
"value": "eb66ebb95a3dcecae64c61f611a9332fbf460d1b8039d3ab7e4f220104a4bec4"
}
]
},
{
"comment": "",
"deleted": false,
"description": "VirusTotal report",
"meta-category": "misc",
"name": "virustotal-report",
"template_uuid": "d7dd0154-e04f-4c34-a2fb-79f3a3a52aa4",
"template_version": "2",
"timestamp": "1547235247",
"uuid": "8d4ff865-dbce-44b3-86ac-0e461519ea20",
"Attribute": [
{
"category": "Other",
"comment": "",
"deleted": false,
"disable_correlation": false,
"object_relation": "last-submission",
"timestamp": "1547235247",
"to_ids": false,
"type": "datetime",
"uuid": "c6f3b4ea-17b4-4132-99eb-5bcbd85146db",
"value": "2019-01-11T09:09:08"
},
{
"category": "External analysis",
"comment": "",
"deleted": false,
"disable_correlation": false,
"object_relation": "permalink",
"timestamp": "1547235249",
"to_ids": false,
"type": "link",
"uuid": "5c4776a4-dbe9-4950-8a7e-81a4f9519100",
"value": "https://www.virustotal.com/file/eb66ebb95a3dcecae64c61f611a9332fbf460d1b8039d3ab7e4f220104a4bec4/analysis/1547197748/"
},
{
"category": "Other",
"comment": "",
"deleted": false,
"disable_correlation": true,
"object_relation": "detection-ratio",
"timestamp": "1547235250",
"to_ids": false,
"type": "text",
"uuid": "832ae984-cfdb-4ba3-a7d7-ce24471b9b48",
"value": "35/58"
}
]
},
{
"comment": "",
"deleted": false,
"description": "File object describing a file with meta-information",
"meta-category": "file",
"name": "file",
"template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215",
"template_version": "11",
"timestamp": "1547235250",
"uuid": "6ef8a2ea-6ae3-4fa0-afe7-bdb2e9607a56",
"ObjectReference": [
{
"comment": "",
"object_uuid": "6ef8a2ea-6ae3-4fa0-afe7-bdb2e9607a56",
"referenced_uuid": "027e06a2-ba9d-4604-9a8d-5230c140eae8",
"relationship_type": "analysed-with",
"timestamp": "1547235257",
"uuid": "5c38efb9-11f8-41b2-b7f7-474a02de0b81"
}
],
"Attribute": [
{
"category": "Payload delivery",
"comment": "",
"deleted": false,
"disable_correlation": false,
"object_relation": "md5",
"timestamp": "1547235250",
"to_ids": true,
"type": "md5",
"uuid": "c1611d5c-08e6-4db5-943a-59d63bfd0111",
"value": "c4a201a6f5e07136923f824bda4cd54f"
},
{
"category": "Payload delivery",
"comment": "",
"deleted": false,
"disable_correlation": false,
"object_relation": "sha1",
"timestamp": "1547235251",
"to_ids": true,
"type": "sha1",
"uuid": "e1173c46-d6e8-4489-b971-70e7b634d79b",
"value": "a0bcdb0ce8999bfb75723236e15e4f557a784743"
},
{
"category": "Payload delivery",
"comment": "",
"deleted": false,
"disable_correlation": false,
"object_relation": "sha256",
"timestamp": "1547235253",
"to_ids": true,
"type": "sha256",
"uuid": "56acae1c-f536-4fe7-aa3e-8c4ed91abed9",
"value": "d56429d6d0222022fe8f4cb35a28cd4fb83f87b666a186eb54d9785f01bb4b58"
}
]
},
{
"comment": "",
"deleted": false,
"description": "VirusTotal report",
"meta-category": "misc",
"name": "virustotal-report",
"template_uuid": "d7dd0154-e04f-4c34-a2fb-79f3a3a52aa4",
"template_version": "2",
"timestamp": "1547235254",
"uuid": "027e06a2-ba9d-4604-9a8d-5230c140eae8",
"Attribute": [
{
"category": "Other",
"comment": "",
"deleted": false,
"disable_correlation": false,
"object_relation": "last-submission",
"timestamp": "1547235254",
"to_ids": false,
"type": "datetime",
"uuid": "73a12bc5-bfd2-4c6d-b138-4b6258f0dd17",
"value": "2019-01-11T10:52:31"
},
{
"category": "External analysis",
"comment": "",
"deleted": false,
"disable_correlation": false,
"object_relation": "permalink",
"timestamp": "1547235255",
"to_ids": false,
"type": "link",
"uuid": "c043dc85-8fc5-4e39-abd0-c8237f97d111",
"value": "https://www.virustotal.com/file/d56429d6d0222022fe8f4cb35a28cd4fb83f87b666a186eb54d9785f01bb4b58/analysis/1547203951/"
},
{
"category": "Other",
"comment": "",
"deleted": false,
"disable_correlation": true,
"object_relation": "detection-ratio",
"timestamp": "1547235257",
"to_ids": false,
"type": "text",
"uuid": "9213d232-6ae9-4629-8593-4d493d7007ac",
"value": "33/69"
}
]
}
]
}
}