misp-circl-feed/feeds/circl/misp/5cae46c1-c198-49cb-9036-4a34950d210f.json

8670 lines
716 KiB
JSON
Raw Normal View History

2023-04-21 13:25:09 +00:00
{
"Event": {
"analysis": "2",
"date": "2019-04-03",
"extends_uuid": "",
"info": "Malware Analysis Report (AR19-100A) MAR-10135536-8 \u00e2\u20ac\u201c North Korean Trojan: HOPLIGHT MAR-10135536.r8.v1",
"publish_timestamp": "1631185292",
"published": true,
"threat_level_id": "3",
"timestamp": "1631185208",
"uuid": "5cae46c1-c198-49cb-9036-4a34950d210f",
"Orgc": {
"name": "CIRCL",
"uuid": "55f6ea5e-2c60-40e5-964f-47a8950d210f"
},
"Tag": [
{
"colour": "#ffffff",
"name": "tlp:white"
},
{
"colour": "#004646",
"name": "type:OSINT"
},
{
"colour": "#0071c3",
"name": "osint:lifetime=\"perpetual\""
},
{
"colour": "#0087e8",
"name": "osint:certainty=\"50\""
},
{
"colour": "#0088cc",
"name": "misp-galaxy:mitre-enterprise-attack-intrusion-set=\"Lazarus Group\""
},
{
"colour": "#0088cc",
"name": "misp-galaxy:mitre-intrusion-set=\"Lazarus Group\""
},
{
"colour": "#0088cc",
"name": "misp-galaxy:threat-actor=\"COVELLITE\""
},
{
"colour": "#13eb00",
"name": "misp-galaxy:threat-actor=\"Lazarus Group\""
}
],
"Attribute": [
{
"category": "Network activity",
"comment": "",
"deleted": false,
"disable_correlation": false,
"timestamp": "1554925249",
"to_ids": false,
"type": "port",
"uuid": "5e467348-32d1-47d4-9a18-f52265ff5294",
"value": "7443"
},
{
"category": "Network activity",
"comment": "",
"deleted": false,
"disable_correlation": false,
"timestamp": "1554925249",
"to_ids": false,
"type": "port",
"uuid": "7cc187fb-ca19-4786-bc4c-902f8197c54a",
"value": "443"
},
{
"category": "Network activity",
"comment": "",
"deleted": false,
"disable_correlation": false,
"timestamp": "1554925249",
"to_ids": false,
"type": "port",
"uuid": "c8a6e23e-304b-4bc4-a895-0856488ba1e5",
"value": "23164"
},
{
"category": "Network activity",
"comment": "",
"deleted": false,
"disable_correlation": false,
"timestamp": "1554925249",
"to_ids": false,
"type": "port",
"uuid": "aef17f31-c143-4862-8e5e-afb944ec51d6",
"value": "59681"
},
{
"category": "Network activity",
"comment": "",
"deleted": false,
"disable_correlation": false,
"timestamp": "1554925249",
"to_ids": false,
"type": "port",
"uuid": "4205f3b8-0878-4286-9fc0-b98718e3a838",
"value": "23397"
},
{
"category": "Network activity",
"comment": "",
"deleted": false,
"disable_correlation": false,
"timestamp": "1554925249",
"to_ids": false,
"type": "port",
"uuid": "8c604b84-78ae-40cc-af41-6a39ccf913dc",
"value": "59067"
},
{
"category": "Network activity",
"comment": "",
"deleted": false,
"disable_correlation": false,
"timestamp": "1554925249",
"to_ids": false,
"type": "port",
"uuid": "66c7ad51-1cfe-413e-8697-a15d695c883c",
"value": "17770"
},
{
"category": "Network activity",
"comment": "",
"deleted": false,
"disable_correlation": false,
"timestamp": "1554925249",
"to_ids": false,
"type": "port",
"uuid": "ccf4f3c2-365f-4c77-a640-d7f86a8e8244",
"value": "2248"
},
{
"category": "Network activity",
"comment": "",
"deleted": false,
"disable_correlation": false,
"timestamp": "1554925249",
"to_ids": false,
"type": "port",
"uuid": "13b173ea-f663-487b-962c-68c963883a85",
"value": "64694"
},
{
"category": "Network activity",
"comment": "",
"deleted": false,
"disable_correlation": false,
"timestamp": "1554925249",
"to_ids": false,
"type": "port",
"uuid": "18c83f34-ed5a-4e61-a1dd-ef01bfd7e82e",
"value": "37120"
},
{
"category": "Network activity",
"comment": "",
"deleted": false,
"disable_correlation": false,
"timestamp": "1554925249",
"to_ids": false,
"type": "port",
"uuid": "4fc843e5-e45e-4727-b4f4-5b377860c252",
"value": "52884"
},
{
"category": "Network activity",
"comment": "",
"deleted": false,
"disable_correlation": false,
"timestamp": "1554925249",
"to_ids": false,
"type": "port",
"uuid": "47f96d91-741d-4458-a13b-9d2f57bdf6ed",
"value": "65292"
},
{
"category": "Network activity",
"comment": "",
"deleted": false,
"disable_correlation": false,
"timestamp": "1554925249",
"to_ids": false,
"type": "ip-dst",
"uuid": "5e64eddb-9dc7-4976-9c08-4884f931c92e",
"value": "112.175.92.57"
},
{
"category": "Network activity",
"comment": "",
"deleted": false,
"disable_correlation": false,
"timestamp": "1554925249",
"to_ids": false,
"type": "ip-dst",
"uuid": "0031ec2d-46ed-4835-93ef-e6b868a26e40",
"value": "84.49.242.125"
},
{
"category": "Network activity",
"comment": "",
"deleted": false,
"disable_correlation": false,
"timestamp": "1554925249",
"to_ids": false,
"type": "ip-dst",
"uuid": "9b5d58a8-fedd-424b-9e95-1fa9dee6113b",
"value": "81.94.192.147"
},
{
"category": "Network activity",
"comment": "",
"deleted": false,
"disable_correlation": false,
"timestamp": "1554925249",
"to_ids": false,
"type": "ip-dst",
"uuid": "a7455d44-d858-472a-96ee-edea677be659",
"value": "128.200.115.228"
},
{
"category": "Network activity",
"comment": "",
"deleted": false,
"disable_correlation": false,
"timestamp": "1554925249",
"to_ids": false,
"type": "ip-dst",
"uuid": "aa8e532e-3b80-47e4-bb04-22d666a10bd7",
"value": "47.206.4.145"
},
{
"category": "Network activity",
"comment": "",
"deleted": false,
"disable_correlation": false,
"timestamp": "1554925249",
"to_ids": false,
"type": "ip-dst",
"uuid": "3d25e903-29f5-4b88-bf80-bd6bd8a9616b",
"value": "70.224.36.194"
},
{
"category": "Network activity",
"comment": "",
"deleted": false,
"disable_correlation": false,
"timestamp": "1554925249",
"to_ids": false,
"type": "ip-dst",
"uuid": "bc976e66-b5d6-464d-9adc-0d53da3ec01a",
"value": "197.211.212.59"
},
{
"category": "Network activity",
"comment": "",
"deleted": false,
"disable_correlation": false,
"timestamp": "1554925249",
"to_ids": false,
"type": "ip-dst",
"uuid": "93e7d27b-c857-4785-9eb2-3f1a21ab3ac3",
"value": "113.114.117.122"
},
{
"category": "Network activity",
"comment": "",
"deleted": false,
"disable_correlation": false,
"timestamp": "1554925249",
"to_ids": false,
"type": "ip-dst",
"uuid": "dfa5812c-f91e-42b8-811d-718121a46fd9",
"value": "21.252.107.198"
},
{
"category": "Network activity",
"comment": "",
"deleted": false,
"disable_correlation": false,
"timestamp": "1554925249",
"to_ids": false,
"type": "ip-dst",
"uuid": "930261a1-dfbe-4f99-957b-27f14a50a397",
"value": "81.94.192.10"
},
{
"category": "Network activity",
"comment": "",
"deleted": false,
"disable_correlation": false,
"timestamp": "1554925249",
"to_ids": false,
"type": "ip-dst",
"uuid": "4fb3c39a-2c59-46d9-be12-028f54e577c9",
"value": "186.169.2.237"
},
{
"category": "Network activity",
"comment": "",
"deleted": false,
"disable_correlation": false,
"timestamp": "1554925249",
"to_ids": false,
"type": "ip-dst",
"uuid": "e773193c-a490-442a-a41f-63e402cf3865",
"value": "181.39.135.126"
},
{
"category": "Network activity",
"comment": "",
"deleted": false,
"disable_correlation": false,
"timestamp": "1554925249",
"to_ids": false,
"type": "ip-dst",
"uuid": "d959b41a-72bb-478a-b453-5dfac6fe0dc1",
"value": "97.90.44.200"
},
{
"category": "Network activity",
"comment": "",
"deleted": false,
"disable_correlation": false,
"timestamp": "1554925249",
"to_ids": false,
"type": "ip-dst",
"uuid": "378c38f0-377c-4626-949c-5eaa0a6367ae",
"value": "26.165.218.44"
},
{
"category": "Network activity",
"comment": "",
"deleted": false,
"disable_correlation": false,
"timestamp": "1554925249",
"to_ids": false,
"type": "ip-dst",
"uuid": "206ae99c-1cda-41e0-a81f-8e0e8c433156",
"value": "137.139.135.151"
}
],
"Object": [
{
"comment": "",
"deleted": false,
"description": "File object describing a file with meta-information",
"meta-category": "file",
"name": "file",
"template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215",
"template_version": "16",
"timestamp": "1554925249",
"uuid": "eea5fb73-96a6-4aae-9d36-74cdbefbe4e7",
"Attribute": [
{
"category": "Payload delivery",
"comment": "",
"deleted": false,
"disable_correlation": false,
"object_relation": "md5",
"timestamp": "1554925249",
"to_ids": true,
"type": "md5",
"uuid": "54f964ed-68a9-4a9d-8679-e048ffdc6648",
"value": "23e27e5482e3f55bf828dab885569033"
},
{
"category": "Payload delivery",
"comment": "",
"deleted": false,
"disable_correlation": false,
"object_relation": "sha1",
"timestamp": "1554925249",
"to_ids": true,
"type": "sha1",
"uuid": "2143d9e1-5c0b-4e66-b765-d8564c18bc81",
"value": "139b25e1ae32a8768238935a8c878bfbe2f89ef4"
},
{
"category": "Payload delivery",
"comment": "",
"deleted": false,
"disable_correlation": false,
"object_relation": "sha256",
"timestamp": "1554925249",
"to_ids": true,
"type": "sha256",
"uuid": "8f8c9a7e-247a-4c92-8a28-b275e2b300a3",
"value": "05feed9762bc46b47a7dc5c469add9f163c16df4ddaafe81983a628da5714461"
}
]
},
{
"comment": "",
"deleted": false,
"description": "File object describing a file with meta-information",
"meta-category": "file",
"name": "file",
"template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215",
"template_version": "16",
"timestamp": "1554925249",
"uuid": "adad988c-643d-4c25-a6fb-50d3e07c62e6",
"Attribute": [
{
"category": "Payload delivery",
"comment": "",
"deleted": false,
"disable_correlation": false,
"object_relation": "md5",
"timestamp": "1554925249",
"to_ids": true,
"type": "md5",
"uuid": "8ea76fd7-8e51-4228-a1d2-e333c6f381aa",
"value": "5c3898ac7670da30cf0b22075f3e8ed6"
},
{
"category": "Payload delivery",
"comment": "",
"deleted": false,
"disable_correlation": false,
"object_relation": "sha1",
"timestamp": "1554925249",
"to_ids": true,
"type": "sha1",
"uuid": "25662089-edd6-46ed-a1a6-387a2315c5eb",
"value": "91110c569a48b3ba92d771c5666a05781fdd6a57"
},
{
"category": "Payload delivery",
"comment": "",
"deleted": false,
"disable_correlation": false,
"object_relation": "sha256",
"timestamp": "1554925249",
"to_ids": true,
"type": "sha256",
"uuid": "914f5dd0-b6f1-49e5-869d-9a9ba06fc747",
"value": "2151c1977b4555a1761c12f151969f8e853e26c396fa1a7b74ccbaf3a48f4525"
}
]
},
{
"comment": "",
"deleted": false,
"description": "File object describing a file with meta-information",
"meta-category": "file",
"name": "file",
"template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215",
"template_version": "16",
"timestamp": "1554925249",
"uuid": "7e8543c5-336f-4337-a217-c88bf569d8c6",
"Attribute": [
{
"category": "Payload delivery",
"comment": "",
"deleted": false,
"disable_correlation": false,
"object_relation": "md5",
"timestamp": "1554925249",
"to_ids": true,
"type": "md5",
"uuid": "4b5fd507-ed07-4fa7-8b10-3e8b7ae25d73",
"value": "c5dc53a540abe95e02008a04a0d56d6c"
},
{
"category": "Payload delivery",
"comment": "",
"deleted": false,
"disable_correlation": false,
"object_relation": "sha1",
"timestamp": "1554925249",
"to_ids": true,
"type": "sha1",
"uuid": "912e411c-7e92-4664-a205-456901c2b120",
"value": "4cfe9e353b1a91a2add627873846a3ad912ea96b"
},
{
"category": "Payload delivery",
"comment": "",
"deleted": false,
"disable_correlation": false,
"object_relation": "sha256",
"timestamp": "1554925249",
"to_ids": true,
"type": "sha256",
"uuid": "fabb5dbb-9040-4ad7-a032-8a3231862b22",
"value": "4c372df691fc699552f81c3d3937729f1dde2a2393f36c92ccc2bd2a033a0818"
}
]
},
{
"comment": "",
"deleted": false,
"description": "File object describing a file with meta-information",
"meta-category": "file",
"name": "file",
"template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215",
"template_version": "16",
"timestamp": "1554925249",
"uuid": "70971c87-fa69-4300-882e-5ce6e256496f",
"Attribute": [
{
"category": "Payload delivery",
"comment": "",
"deleted": false,
"disable_correlation": false,
"object_relation": "md5",
"timestamp": "1554925250",
"to_ids": true,
"type": "md5",
"uuid": "e7583576-4611-480a-8b20-249c21817017",
"value": "be588cd29b9dc6f8cfc4d0aa5e5c79aa"
},
{
"category": "Payload delivery",
"comment": "",
"deleted": false,
"disable_correlation": false,
"object_relation": "sha1",
"timestamp": "1554925250",
"to_ids": true,
"type": "sha1",
"uuid": "d4ab3639-3755-4eff-840a-882634604a99",
"value": "06be4fe1f26bc3e4bef057ec83ae81bd3199c7fc"
},
{
"category": "Payload delivery",
"comment": "",
"deleted": false,
"disable_correlation": false,
"object_relation": "sha256",
"timestamp": "1554925250",
"to_ids": true,
"type": "sha256",
"uuid": "93ae6ff3-a60f-4c32-aab0-93e96f9f5235",
"value": "ddea408e178f0412ae78ff5d5adf2439251f68cad4fd853ee466a3c74649642d"
}
]
},
{
"comment": "",
"deleted": false,
"description": "File object describing a file with meta-information",
"meta-category": "file",
"name": "file",
"template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215",
"template_version": "16",
"timestamp": "1554925250",
"uuid": "6e32e619-e0ca-4e75-b7dc-01f5d1917d9a",
"Attribute": [
{
"category": "Payload delivery",
"comment": "",
"deleted": false,
"disable_correlation": false,
"object_relation": "md5",
"timestamp": "1554925250",
"to_ids": true,
"type": "md5",
"uuid": "9c61325c-6778-40e5-b7e9-df44e9831ae5",
"value": "868036e102df4ce414b0e6700825b319"
},
{
"category": "Payload delivery",
"comment": "",
"deleted": false,
"disable_correlation": false,
"object_relation": "sha1",
"timestamp": "1554925250",
"to_ids": true,
"type": "sha1",
"uuid": "ee06f6cb-9254-4617-bd36-5f9cf9c06e5f",
"value": "7f1e68d78e455aa14de9020abd2293c3b8ec6cf8"
},
{
"category": "Payload delivery",
"comment": "",
"deleted": false,
"disable_correlation": false,
"object_relation": "sha256",
"timestamp": "1554925250",
"to_ids": true,
"type": "sha256",
"uuid": "78a54597-2984-4776-bee4-c10b60d370b8",
"value": "12480585e08855109c5972e85d99cda7701fe992bc1754f1a0736f1eebcb004d"
}
]
},
{
"comment": "",
"deleted": false,
"description": "File object describing a file with meta-information",
"meta-category": "file",
"name": "file",
"template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215",
"template_version": "16",
"timestamp": "1554925250",
"uuid": "2dd85ad6-0987-4542-822b-df9e89eb9e65",
"Attribute": [
{
"category": "Payload delivery",
"comment": "",
"deleted": false,
"disable_correlation": false,
"object_relation": "md5",
"timestamp": "1554925250",
"to_ids": true,
"type": "md5",
"uuid": "848c7463-703d-465b-b65c-5167b6d0b09b",
"value": "dc268b166fe4c1d1c8595dccf857c476"
},
{
"category": "Payload delivery",
"comment": "",
"deleted": false,
"disable_correlation": false,
"object_relation": "sha1",
"timestamp": "1554925250",
"to_ids": true,
"type": "sha1",
"uuid": "17bbae6e-534c-4646-b451-9732d8c5a0ed",
"value": "8264556c8a6e460760dc6bb72ecc6f0f966a16b8"
},
{
"category": "Payload delivery",
"comment": "",
"deleted": false,
"disable_correlation": false,
"object_relation": "sha256",
"timestamp": "1554925250",
"to_ids": true,
"type": "sha256",
"uuid": "c7a71e13-ae6b-4a8c-87eb-fb0f8fa79508",
"value": "49757cf85657757704656c079785c072bbc233cab942418d99d1f63d43f28359"
}
]
},
{
"comment": "",
"deleted": false,
"description": "File object describing a file with meta-information",
"meta-category": "file",
"name": "file",
"template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215",
"template_version": "16",
"timestamp": "1554925250",
"uuid": "2612714e-52b6-481c-8fb6-75d5b889548b",
"Attribute": [
{
"category": "Payload delivery",
"comment": "",
"deleted": false,
"disable_correlation": false,
"object_relation": "md5",
"timestamp": "1554925250",
"to_ids": true,
"type": "md5",
"uuid": "112919f7-96aa-4d04-9004-d878d11cb78d",
"value": "42682d4a78fe5c2eda988185a344637d"
},
{
"category": "Payload delivery",
"comment": "",
"deleted": false,
"disable_correlation": false,
"object_relation": "sha1",
"timestamp": "1554925250",
"to_ids": true,
"type": "sha1",
"uuid": "1af91125-b624-472d-b663-37d5c9e215df",
"value": "4975de2be0a1f7202037f5a504d738fe512191b7"
},
{
"category": "Payload delivery",
"comment": "",
"deleted": false,
"disable_correlation": false,
"object_relation": "sha256",
"timestamp": "1554925250",
"to_ids": true,
"type": "sha256",
"uuid": "68788a94-02e0-456e-bbd9-13b97784349f",
"value": "4a74a9fd40b63218f7504f806fce71dffefc1b1d6ca4bbaadd720b6a89d47761"
}
]
},
{
"comment": "",
"deleted": false,
"description": "File object describing a file with meta-information",
"meta-category": "file",
"name": "file",
"template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215",
"template_version": "16",
"timestamp": "1554925250",
"uuid": "6ab25fb7-8818-49cc-9ace-c227806fe342",
"Attribute": [
{
"category": "Payload delivery",
"comment": "",
"deleted": false,
"disable_correlation": false,
"object_relation": "md5",
"timestamp": "1554925250",
"to_ids": true,
"type": "md5",
"uuid": "ed9d5817-84c0-4d18-a35a-dc8f7d26f775",
"value": "3021b9ef74c7bddf59656a035f94fd08"
},
{
"category": "Payload delivery",
"comment": "",
"deleted": false,
"disable_correlation": false,
"object_relation": "sha1",
"timestamp": "1554925250",
"to_ids": true,
"type": "sha1",
"uuid": "d165b976-9ff9-445c-b6a1-eda0cbf7579d",
"value": "05ad5f346d0282e43360965373eb2a8d39735137"
},
{
"category": "Payload delivery",
"comment": "",
"deleted": false,
"disable_correlation": false,
"object_relation": "sha256",
"timestamp": "1554925250",
"to_ids": true,
"type": "sha256",
"uuid": "7a73058f-426c-4794-9b57-ff6c0e59ea26",
"value": "83228075a604e955d59edc760e4c4ed16eedabfc8f6ac291cf21b4fcbcd1f70a"
}
]
},
{
"comment": "",
"deleted": false,
"description": "File object describing a file with meta-information",
"meta-category": "file",
"name": "file",
"template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215",
"template_version": "16",
"timestamp": "1554925250",
"uuid": "27db0397-2a1b-429b-8bae-d0427d55c164",
"Attribute": [
{
"category": "Payload delivery",
"comment": "",
"deleted": false,
"disable_correlation": false,
"object_relation": "md5",
"timestamp": "1554925250",
"to_ids": true,
"type": "md5",
"uuid": "ed3709f0-2f35-4356-84b0-be32671ae6f1",
"value": "61e3571b8d9b2e9ccfadc3dde10fb6e1"
},
{
"category": "Payload delivery",
"comment": "",
"deleted": false,
"disable_correlation": false,
"object_relation": "sha1",
"timestamp": "1554925250",
"to_ids": true,
"type": "sha1",
"uuid": "1e400601-2e47-4228-80cf-42fe312228e0",
"value": "55daa1fca210ebf66b1a1d2db1aa3373b06da680"
},
{
"category": "Payload delivery",
"comment": "",
"deleted": false,
"disable_correlation": false,
"object_relation": "sha256",
"timestamp": "1554925250",
"to_ids": true,
"type": "sha256",
"uuid": "9a62aefa-26f5-4b87-8cc6-339b84597615",
"value": "70034b33f59c6698403293cdc28676c7daa8c49031089efa6eefce41e22dccb3"
}
]
},
{
"comment": "",
"deleted": false,
"description": "File object describing a file with meta-information",
"meta-category": "file",
"name": "file",
"template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215",
"template_version": "16",
"timestamp": "1554925250",
"uuid": "f431fcf2-94fe-495a-8fe2-f39c15e442f2",
"Attribute": [
{
"category": "Payload delivery",
"comment": "",
"deleted": false,
"disable_correlation": false,
"object_relation": "md5",
"timestamp": "1554925250",
"to_ids": true,
"type": "md5",
"uuid": "9cf78cc6-478d-42a3-8e64-6f59f195e6a8",
"value": "0893e206274cb98189d51a284c2a8c83"
},
{
"category": "Payload delivery",
"comment": "",
"deleted": false,
"disable_correlation": false,
"object_relation": "sha1",
"timestamp": "1554925250",
"to_ids": true,
"type": "sha1",
"uuid": "49adb98f-d2de-400e-abce-933d31d961bc",
"value": "d1f4cf4250e7ba186c1d0c6d8876f5a644f457a4"
},
{
"category": "Payload delivery",
"comment": "",
"deleted": false,
"disable_correlation": false,
"object_relation": "sha256",
"timestamp": "1554925250",
"to_ids": true,
"type": "sha256",
"uuid": "343e8786-8ca0-4bb1-8fcf-fc70d5a0a567",
"value": "cd5ff67ff773cc60c98c35f9e9d514b597cbd148789547ba152ba67bfc0fec8f"
}
]
},
{
"comment": "",
"deleted": false,
"description": "File object describing a file with meta-information",
"meta-category": "file",
"name": "file",
"template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215",
"template_version": "16",
"timestamp": "1554925250",
"uuid": "9379eade-cf5a-477a-a8b4-6eb2199c340b",
"Attribute": [
{
"category": "Payload delivery",
"comment": "",
"deleted": false,
"disable_correlation": false,
"object_relation": "md5",
"timestamp": "1631185195",
"to_ids": false,
"type": "md5",
"uuid": "21dcee4a-fed1-4cd4-b337-f495fca9faa9",
"value": "c4103f122d27677c9db144cae1394a66"
},
{
"category": "Payload delivery",
"comment": "",
"deleted": false,
"disable_correlation": false,
"object_relation": "sha1",
"timestamp": "1631185198",
"to_ids": false,
"type": "sha1",
"uuid": "81c63c38-43de-4922-b35d-4aecb27ff9bb",
"value": "1489f923c4dca729178b3e3233458550d8dddf29"
},
{
"category": "Payload delivery",
"comment": "",
"deleted": false,
"disable_correlation": false,
"object_relation": "sha256",
"timestamp": "1631185208",
"to_ids": false,
"type": "sha256",
"uuid": "49104f78-ef07-4ae8-a9c8-a48f7b04c5bc",
"value": "96a296d224f285c67bee93c30f8a309157f0daa35dc5b87e410b78630a09cfc7"
}
]
},
{
"comment": "",
"deleted": false,
"description": "Object describing a section of a Portable Executable",
"meta-category": "file",
"name": "pe-section",
"template_uuid": "198a17d2-a135-4b25-9a32-5aa4e632014a",
"template_version": "2",
"timestamp": "1554925250",
"uuid": "6a82a81c-cc1c-4568-95e8-65da2aa8a8ec",
"Attribute": [
{
"category": "Other",
"comment": "",
"deleted": false,
"disable_correlation": true,
"object_relation": "entropy",
"timestamp": "1554925250",
"to_ids": false,
"type": "float",
"uuid": "026bccf0-af5e-4d04-ba13-941a2b97c9fd",
"value": "2.542817"
},
{
"category": "Payload delivery",
"comment": "",
"deleted": false,
"disable_correlation": false,
"object_relation": "md5",
"timestamp": "1554925250",
"to_ids": true,
"type": "md5",
"uuid": "61eab12c-88a3-4fec-bff1-1f0cea073fb0",
"value": "c06924120c87e2cb79505e4ab0c2e192"
},
{
"category": "Other",
"comment": "",
"deleted": false,
"disable_correlation": true,
"object_relation": "size-in-bytes",
"timestamp": "1554925250",
"to_ids": false,
"type": "size-in-bytes",
"uuid": "98e8e9d7-8239-498d-9068-2f72767e6848",
"value": "1024"
}
]
},
{
"comment": "",
"deleted": false,
"description": "Object describing a section of a Portable Executable",
"meta-category": "file",
"name": "pe-section",
"template_uuid": "198a17d2-a135-4b25-9a32-5aa4e632014a",
"template_version": "2",
"timestamp": "1554925250",
"uuid": "132d7802-77e5-432c-8cf6-7648b90e7acd",
"Attribute": [
{
"category": "Payload delivery",
"comment": "",
"deleted": false,
"disable_correlation": false,
"object_relation": "md5",
"timestamp": "1554925250",
"to_ids": true,
"type": "md5",
"uuid": "b8f8095e-4611-4431-b56c-73bd427ffc79",
"value": "3368eda2d5820605a055596c7c438f0f"
},
{
"category": "Other",
"comment": "",
"deleted": false,
"disable_correlation": true,
"object_relation": "entropy",
"timestamp": "1554925250",
"to_ids": false,
"type": "float",
"uuid": "22f6639e-4e1c-4c21-9e66-4c6f2dd58e8e",
"value": "6.441545"
},
{
"category": "Other",
"comment": "",
"deleted": false,
"disable_correlation": true,
"object_relation": "name",
"timestamp": "1554925250",
"to_ids": false,
"type": "text",
"uuid": "10ae0529-05da-4c1a-9647-e674df77194a",
"value": ".text"
},
{
"category": "Other",
"comment": "",
"deleted": false,
"disable_correlation": true,
"object_relation": "size-in-bytes",
"timestamp": "1554925250",
"to_ids": false,
"type": "size-in-bytes",
"uuid": "c89bb820-7efd-49de-987e-0466ab07af24",
"value": "197120"
}
]
},
{
"comment": "",
"deleted": false,
"description": "Object describing a section of a Portable Executable",
"meta-category": "file",
"name": "pe-section",
"template_uuid": "198a17d2-a135-4b25-9a32-5aa4e632014a",
"template_version": "2",
"timestamp": "1554925250",
"uuid": "51c3c827-4e60-4f91-b6b4-b1e99fab0df8",
"Attribute": [
{
"category": "Payload delivery",
"comment": "",
"deleted": false,
"disable_correlation": false,
"object_relation": "md5",
"timestamp": "1554925251",
"to_ids": true,
"type": "md5",
"uuid": "4da7482c-3d35-4d8f-88f6-e73a14c294dd",
"value": "ec1f06839fa9bc10ad8e183b6bf7c1b5"
},
{
"category": "Other",
"comment": "",
"deleted": false,
"disable_correlation": true,
"object_relation": "entropy",
"timestamp": "1554925251",
"to_ids": false,
"type": "float",
"uuid": "10b07ecf-448e-4c7a-8349-19241d4f640d",
"value": "5.956914"
},
{
"category": "Other",
"comment": "",
"deleted": false,
"disable_correlation": true,
"object_relation": "name",
"timestamp": "1554925251",
"to_ids": false,
"type": "text",
"uuid": "9040e2be-7b8c-4c63-a13d-7e273b3f6a93",
"value": ".rdata"
},
{
"category": "Other",
"comment": "",
"deleted": false,
"disable_correlation": true,
"object_relation": "size-in-bytes",
"timestamp": "1554925251",
"to_ids": false,
"type": "size-in-bytes",
"uuid": "d4d042f6-ffa1-4314-81d7-4d5dc65e75d7",
"value": "27136"
}
]
},
{
"comment": "",
"deleted": false,
"description": "Object describing a section of a Portable Executable",
"meta-category": "file",
"name": "pe-section",
"template_uuid": "198a17d2-a135-4b25-9a32-5aa4e632014a",
"template_version": "2",
"timestamp": "1554925251",
"uuid": "a4f1d6f8-842e-42f9-8d2c-b69a2d04a1ea",
"Attribute": [
{
"category": "Payload delivery",
"comment": "",
"deleted": false,
"disable_correlation": false,
"object_relation": "md5",
"timestamp": "1554925251",
"to_ids": true,
"type": "md5",
"uuid": "d520e839-76ab-4991-bcfc-4f67bb4fd738",
"value": "1e62b7d9f7cc48162e0651f7de314c8a"
},
{
"category": "Other",
"comment": "",
"deleted": false,
"disable_correlation": true,
"object_relation": "entropy",
"timestamp": "1554925251",
"to_ids": false,
"type": "float",
"uuid": "5eec8273-6d98-4ef8-ad6a-d00a95b2092b",
"value": "4.147893"
},
{
"category": "Other",
"comment": "",
"deleted": false,
"disable_correlation": true,
"object_relation": "name",
"timestamp": "1554925251",
"to_ids": false,
"type": "text",
"uuid": "63afbe8b-03ca-46bc-82c7-7b6669057e5c",
"value": ".data"
},
{
"category": "Other",
"comment": "",
"deleted": false,
"disable_correlation": true,
"object_relation": "size-in-bytes",
"timestamp": "1554925251",
"to_ids": false,
"type": "size-in-bytes",
"uuid": "c7ab30e9-837a-4262-8acd-a7d3b3dfd3c4",
"value": "8192"
}
]
},
{
"comment": "",
"deleted": false,
"description": "Object describing a section of a Portable Executable",
"meta-category": "file",
"name": "pe-section",
"template_uuid": "198a17d2-a135-4b25-9a32-5aa4e632014a",
"template_version": "2",
"timestamp": "1554925251",
"uuid": "a61f2333-075a-4f7e-9145-b7e624c99d43",
"Attribute": [
{
"category": "Payload delivery",
"comment": "",
"deleted": false,
"disable_correlation": false,
"object_relation": "md5",
"timestamp": "1554925251",
"to_ids": true,
"type": "md5",
"uuid": "5aa67187-ff2d-4c6d-bf7e-56ba932ae292",
"value": "980effd28a6c674865537f313318733a"
},
{
"category": "Other",
"comment": "",
"deleted": false,
"disable_correlation": true,
"object_relation": "entropy",
"timestamp": "1554925251",
"to_ids": false,
"type": "float",
"uuid": "e4739013-d1f6-4da4-8d81-af28aaafe34d",
"value": "5.090362"
},
{
"category": "Other",
"comment": "",
"deleted": false,
"disable_correlation": true,
"object_relation": "name",
"timestamp": "1554925251",
"to_ids": false,
"type": "text",
"uuid": "d0be3f42-d87b-4da7-9113-6d7829fd1676",
"value": ".rsrc"
},
{
"category": "Other",
"comment": "",
"deleted": false,
"disable_correlation": true,
"object_relation": "size-in-bytes",
"timestamp": "1554925251",
"to_ids": false,
"type": "size-in-bytes",
"uuid": "959005d0-0b35-495e-8681-16f0eadcb7b2",
"value": "512"
}
]
},
{
"comment": "",
"deleted": false,
"description": "Object describing a section of a Portable Executable",
"meta-category": "file",
"name": "pe-section",
"template_uuid": "198a17d2-a135-4b25-9a32-5aa4e632014a",
"template_version": "2",
"timestamp": "1554925251",
"uuid": "904eab59-fca8-4005-ae01-fa802500e52c",
"Attribute": [
{
"category": "Payload delivery",
"comment": "",
"deleted": false,
"disable_correlation": false,
"object_relation": "md5",
"timestamp": "1554925251",
"to_ids": true,
"type": "md5",
"uuid": "edfedbf3-79b4-4209-8df0-98687d42d22b",
"value": "696fd5cac6e744f336e8ab68a4708fcf"
},
{
"category": "Other",
"comment": "",
"deleted": false,
"disable_correlation": true,
"object_relation": "entropy",
"timestamp": "1554925251",
"to_ids": false,
"type": "float",
"uuid": "4ef97107-db6e-40f9-a63c-1a574c8f1b28",
"value": "5.247502"
},
{
"category": "Other",
"comment": "",
"deleted": false,
"disable_correlation": true,
"object_relation": "name",
"timestamp": "1554925251",
"to_ids": false,
"type": "text",
"uuid": "fbf5d6fd-a566-4bda-bddf-f6ef93f7ca1f",
"value": ".reloc"
},
{
"category": "Other",
"comment": "",
"deleted": false,
"disable_correlation": true,
"object_relation": "size-in-bytes",
"timestamp": "1554925251",
"to_ids": false,
"type": "size-in-bytes",
"uuid": "0cc130d4-bada-4e9f-8cfc-46a5c5451d89",
"value": "8704"
}
]
},
{
"comment": "",
"deleted": false,
"description": "Object describing a Portable Executable",
"meta-category": "file",
"name": "pe",
"template_uuid": "cf7adecc-d4f0-4e88-9d90-f978ee151a07",
"template_version": "3",
"timestamp": "1554925251",
"uuid": "a10931bb-7045-47ad-bc16-e2684051e353",
"ObjectReference": [
{
"comment": "",
"object_uuid": "a10931bb-7045-47ad-bc16-e2684051e353",
"referenced_uuid": "6a82a81c-cc1c-4568-95e8-65da2aa8a8ec",
"relationship_type": "header-of",
"timestamp": "1554925262",
"uuid": "5cae46ce-90a4-4483-bee9-412f950d210f"
},
{
"comment": "",
"object_uuid": "a10931bb-7045-47ad-bc16-e2684051e353",
"referenced_uuid": "132d7802-77e5-432c-8cf6-7648b90e7acd",
"relationship_type": "included-in",
"timestamp": "1554925262",
"uuid": "5cae46ce-fd3c-47b9-8ced-4ce8950d210f"
},
{
"comment": "",
"object_uuid": "a10931bb-7045-47ad-bc16-e2684051e353",
"referenced_uuid": "51c3c827-4e60-4f91-b6b4-b1e99fab0df8",
"relationship_type": "included-in",
"timestamp": "1554925263",
"uuid": "5cae46cf-85ec-431a-ba56-4a32950d210f"
},
{
"comment": "",
"object_uuid": "a10931bb-7045-47ad-bc16-e2684051e353",
"referenced_uuid": "a4f1d6f8-842e-42f9-8d2c-b69a2d04a1ea",
"relationship_type": "included-in",
"timestamp": "1554925263",
"uuid": "5cae46cf-ab08-455c-b3ca-4fb4950d210f"
},
{
"comment": "",
"object_uuid": "a10931bb-7045-47ad-bc16-e2684051e353",
"referenced_uuid": "a61f2333-075a-4f7e-9145-b7e624c99d43",
"relationship_type": "included-in",
"timestamp": "1554925263",
"uuid": "5cae46cf-75e4-41ae-9187-40b4950d210f"
},
{
"comment": "",
"object_uuid": "a10931bb-7045-47ad-bc16-e2684051e353",
"referenced_uuid": "904eab59-fca8-4005-ae01-fa802500e52c",
"relationship_type": "included-in",
"timestamp": "1554925263",
"uuid": "5cae46cf-a010-46bd-937a-445b950d210f"
}
],
"Attribute": [
{
"category": "Payload delivery",
"comment": "",
"deleted": false,
"disable_correlation": true,
"object_relation": "internal-filename",
"timestamp": "1554925251",
"to_ids": true,
"type": "filename",
"uuid": "93a9958e-fb09-4e95-a860-f7be260daaa3",
"value": "23E27E5482E3F55BF828DAB885569033"
},
{
"category": "Payload delivery",
"comment": "",
"deleted": false,
"disable_correlation": true,
"object_relation": "original-filename",
"timestamp": "1554925251",
"to_ids": true,
"type": "filename",
"uuid": "a6632d8f-1907-4100-bbb1-19f6e553ce8c",
"value": "23E27E5482E3F55BF828DAB885569033"
},
{
"category": "Other",
"comment": "",
"deleted": false,
"disable_correlation": true,
"object_relation": "number-sections",
"timestamp": "1554925251",
"to_ids": false,
"type": "counter",
"uuid": "66e4e39a-7aa9-45d2-8bbf-391640e00b5e",
"value": "6"
}
]
},
{
"comment": "",
"deleted": false,
"description": "File object describing a file with meta-information",
"meta-category": "file",
"name": "file",
"template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215",
"template_version": "16",
"timestamp": "1555061895",
"uuid": "22effacf-e4e2-4e50-b638-8246fd0e093e",
"ObjectReference": [
{
"comment": "",
"object_uuid": "22effacf-e4e2-4e50-b638-8246fd0e093e",
"referenced_uuid": "a10931bb-7045-47ad-bc16-e2684051e353",
"relationship_type": "included-in",
"timestamp": "1554925263",
"uuid": "5cae46cf-9e18-4bc2-9aff-46cc950d210f"
},
{
"comment": "",
"object_uuid": "22effacf-e4e2-4e50-b638-8246fd0e093e",
"referenced_uuid": "b2d62cb5-8052-47f2-997e-dd4238004f97",
"relationship_type": "analysed-with",
"timestamp": "1555061900",
"uuid": "5cb05c8c-2e64-4b34-923a-205c950d210f"
}
],
"Attribute": [
{
"category": "Payload delivery",
"comment": "",
"deleted": false,
"disable_correlation": false,
"object_relation": "md5",
"timestamp": "1554925251",
"to_ids": false,
"type": "md5",
"uuid": "048bf7ed-3af0-4f2e-b8e8-51846ce55dc3",
"value": "23e27e5482e3f55bf828dab885569033"
},
{
"category": "Payload delivery",
"comment": "",
"deleted": false,
"disable_correlation": false,
"object_relation": "sha1",
"timestamp": "1554925251",
"to_ids": false,
"type": "sha1",
"uuid": "3ef11c00-bc34-4a97-8b79-a5477ba37c96",
"value": "139b25e1ae32a8768238935a8c878bfbe2f89ef4"
},
{
"category": "Payload delivery",
"comment": "",
"deleted": false,
"disable_correlation": false,
"object_relation": "sha256",
"timestamp": "1554925251",
"to_ids": false,
"type": "sha256",
"uuid": "5a1868ca-d07b-46e2-9f5d-8d2701d7f966",
"value": "05feed9762bc46b47a7dc5c469add9f163c16df4ddaafe81983a628da5714461"
},
{
"category": "Payload delivery",
"comment": "",
"deleted": false,
"disable_correlation": false,
"object_relation": "sha512",
"timestamp": "1554925251",
"to_ids": false,
"type": "sha512",
"uuid": "0fffbfb1-7eb7-4caa-94be-c68f85d2d892",
"value": "2c481ef42dfc9a7a30575293d09a6f81943e307836ec5b8a346354ab5832c15046dd4015a65201311e33f944763fc55dd44fbe390245be5be7a216026ecfb28b"
},
{
"category": "Payload delivery",
"comment": "",
"deleted": false,
"disable_correlation": false,
"object_relation": "ssdeep",
"timestamp": "1554925251",
"to_ids": false,
"type": "ssdeep",
"uuid": "1dda2a18-029d-4eaf-9533-c3a8fb159b90",
"value": "6144:YnDlYMzUvLFOL9wqk6+pqC8iooIBgajvQlm/Z0cp1:alYiXiooIKajvQeZ3"
},
{
"category": "Payload delivery",
"comment": "",
"deleted": false,
"disable_correlation": true,
"object_relation": "filename",
"timestamp": "1554925251",
"to_ids": false,
"type": "filename",
"uuid": "769cabe7-ecd6-40a0-a243-f6a719a33411",
"value": "23E27E5482E3F55BF828DAB885569033"
},
{
"category": "Other",
"comment": "",
"deleted": false,
"disable_correlation": true,
"object_relation": "size-in-bytes",
"timestamp": "1554925251",
"to_ids": false,
"type": "size-in-bytes",
"uuid": "139c0157-aeeb-4349-87ef-c4f2f9b4dc92",
"value": "242688"
},
{
"category": "Other",
"comment": "",
"deleted": false,
"disable_correlation": true,
"object_relation": "entropy",
"timestamp": "1554925251",
"to_ids": false,
"type": "float",
"uuid": "ddc4e984-d55e-42a0-9ac3-e97ddfb27f43",
"value": "6.537337"
},
{
"category": "Artifacts dropped",
"comment": "",
"deleted": false,
"disable_correlation": true,
"object_relation": "mimetype",
"timestamp": "1554925251",
"to_ids": false,
"type": "mime-type",
"uuid": "7d5d9274-342d-475e-b284-87881cc5ee09",
"value": "PE32 executable (GUI) Intel 80386, for MS Windows"
}
]
},
{
"comment": "",
"deleted": false,
"description": "Object describing a section of a Portable Executable",
"meta-category": "file",
"name": "pe-section",
"template_uuid": "198a17d2-a135-4b25-9a32-5aa4e632014a",
"template_version": "2",
"timestamp": "1554925251",
"uuid": "e02bda87-4522-4849-b60b-cd07a598b48f",
"Attribute": [
{
"category": "Other",
"comment": "",
"deleted": false,
"disable_correlation": true,
"object_relation": "entropy",
"timestamp": "1554925251",
"to_ids": false,
"type": "float",
"uuid": "f37c7c4b-d577-45fd-9b5a-8e329adc6efb",
"value": "0.69566"
},
{
"category": "Payload delivery",
"comment": "",
"deleted": false,
"disable_correlation": false,
"object_relation": "md5",
"timestamp": "1554925251",
"to_ids": true,
"type": "md5",
"uuid": "ac76124e-2c79-469d-9bfd-e7757a82ab72",
"value": "adb596d3ceae66510778e3bf5d4d9582"
},
{
"category": "Other",
"comment": "",
"deleted": false,
"disable_correlation": true,
"object_relation": "size-in-bytes",
"timestamp": "1554925251",
"to_ids": false,
"type": "size-in-bytes",
"uuid": "2b01230e-a2b5-4db5-be8f-11385fab0af6",
"value": "4096"
}
]
},
{
"comment": "",
"deleted": false,
"description": "Object describing a section of a Portable Executable",
"meta-category": "file",
"name": "pe-section",
"template_uuid": "198a17d2-a135-4b25-9a32-5aa4e632014a",
"template_version": "2",
"timestamp": "1554925251",
"uuid": "21bbfcf1-6d03-46ab-926e-8c513e3c9c6f",
"Attribute": [
{
"category": "Payload delivery",
"comment": "",
"deleted": false,
"disable_correlation": false,
"object_relation": "md5",
"timestamp": "1554925251",
"to_ids": true,
"type": "md5",
"uuid": "35ecbbc7-b2c8-4899-973d-5e7aa032cff1",
"value": "6453931a0b6192e0bbd6476e736ca63f"
},
{
"category": "Other",
"comment": "",
"deleted": false,
"disable_correlation": true,
"object_relation": "entropy",
"timestamp": "1554925251",
"to_ids": false,
"type": "float",
"uuid": "8f2641a0-9602-41b2-8fff-1fabf68ba6e5",
"value": "6.343388"
},
{
"category": "Other",
"comment": "",
"deleted": false,
"disable_correlation": true,
"object_relation": "name",
"timestamp": "1554925251",
"to_ids": false,
"type": "text",
"uuid": "7bacab93-e050-4b5e-9f1f-faa1ef0edc7f",
"value": ".text"
},
{
"category": "Other",
"comment": "",
"deleted": false,
"disable_correlation": true,
"object_relation": "size-in-bytes",
"timestamp": "1554925251",
"to_ids": false,
"type": "size-in-bytes",
"uuid": "cf5634c9-4d41-4bae-976f-90f3af3f5239",
"value": "184320"
}
]
},
{
"comment": "",
"deleted": false,
"description": "Object describing a section of a Portable Executable",
"meta-category": "file",
"name": "pe-section",
"template_uuid": "198a17d2-a135-4b25-9a32-5aa4e632014a",
"template_version": "2",
"timestamp": "1554925251",
"uuid": "23520dbd-c625-44d0-816a-fff60adf8c08",
"Attribute": [
{
"category": "Payload delivery",
"comment": "",
"deleted": false,
"disable_correlation": false,
"object_relation": "md5",
"timestamp": "1554925251",
"to_ids": true,
"type": "md5",
"uuid": "f28e5c61-c02f-4c96-849f-8bc5bbd65493",
"value": "0ba1433cc62ba7903ada2f1e57603e83"
},
{
"category": "Other",
"comment": "",
"deleted": false,
"disable_correlation": true,
"object_relation": "entropy",
"timestamp": "1554925251",
"to_ids": false,
"type": "float",
"uuid": "d17e2071-59be-42fc-85a8-20b4ef814576",
"value": "6.246206"
},
{
"category": "Other",
"comment": "",
"deleted": false,
"disable_correlation": true,
"object_relation": "name",
"timestamp": "1554925251",
"to_ids": false,
"type": "text",
"uuid": "3a25c314-d3b4-482a-ab56-5553ef8dbb97",
"value": ".rdata"
},
{
"category": "Other",
"comment": "",
"deleted": false,
"disable_correlation": true,
"object_relation": "size-in-bytes",
"timestamp": "1554925251",
"to_ids": false,
"type": "size-in-bytes",
"uuid": "53662898-0a16-4d57-b8b7-0553c2fb83aa",
"value": "16384"
}
]
},
{
"comment": "",
"deleted": false,
"description": "Object describing a section of a Portable Executable",
"meta-category": "file",
"name": "pe-section",
"template_uuid": "198a17d2-a135-4b25-9a32-5aa4e632014a",
"template_version": "2",
"timestamp": "1554925251",
"uuid": "8c51db87-a216-44c0-bd75-69239348d2a1",
"Attribute": [
{
"category": "Payload delivery",
"comment": "",
"deleted": false,
"disable_correlation": false,
"object_relation": "md5",
"timestamp": "1554925252",
"to_ids": true,
"type": "md5",
"uuid": "95db93c0-facd-405f-8631-382bb0f6bb90",
"value": "76a08265777f68f08e5e6ed2102cb31d"
},
{
"category": "Other",
"comment": "",
"deleted": false,
"disable_correlation": true,
"object_relation": "entropy",
"timestamp": "1554925252",
"to_ids": false,
"type": "float",
"uuid": "c1d0f8d4-dc5a-42fa-b143-f45763e3812f",
"value": "4.050945"
},
{
"category": "Other",
"comment": "",
"deleted": false,
"disable_correlation": true,
"object_relation": "name",
"timestamp": "1554925252",
"to_ids": false,
"type": "text",
"uuid": "c0404d60-1075-4886-8265-5065d61c3412",
"value": ".data"
},
{
"category": "Other",
"comment": "",
"deleted": false,
"disable_correlation": true,
"object_relation": "size-in-bytes",
"timestamp": "1554925252",
"to_ids": false,
"type": "size-in-bytes",
"uuid": "8041a49e-2e44-46bd-9cde-5aa2e51df8b6",
"value": "12288"
}
]
},
{
"comment": "",
"deleted": false,
"description": "Object describing a section of a Portable Executable",
"meta-category": "file",
"name": "pe-section",
"template_uuid": "198a17d2-a135-4b25-9a32-5aa4e632014a",
"template_version": "2",
"timestamp": "1554925252",
"uuid": "b4eb4fd7-5fee-43e6-8ecd-63c87632d4c0",
"Attribute": [
{
"category": "Payload delivery",
"comment": "",
"deleted": false,
"disable_correlation": false,
"object_relation": "md5",
"timestamp": "1554925252",
"to_ids": true,
"type": "md5",
"uuid": "cb311e88-2f90-47d9-89c0-f054fa6e8f5b",
"value": "cb8939d6bc1cd076acd850c3850bdf78"
},
{
"category": "Other",
"comment": "",
"deleted": false,
"disable_correlation": true,
"object_relation": "entropy",
"timestamp": "1554925252",
"to_ids": false,
"type": "float",
"uuid": "51d75451-596f-46ec-b8da-a3448f8d96ec",
"value": "3.289605"
},
{
"category": "Other",
"comment": "",
"deleted": false,
"disable_correlation": true,
"object_relation": "name",
"timestamp": "1554925252",
"to_ids": false,
"type": "text",
"uuid": "7f9cea95-46bb-4e9f-a65f-28c1ce230732",
"value": ".rsrc"
},
{
"category": "Other",
"comment": "",
"deleted": false,
"disable_correlation": true,
"object_relation": "size-in-bytes",
"timestamp": "1554925252",
"to_ids": false,
"type": "size-in-bytes",
"uuid": "f8eb93ea-77d3-4237-8084-2bfb1d5a3ee5",
"value": "4096"
}
]
},
{
"comment": "",
"deleted": false,
"description": "Object describing a Portable Executable",
"meta-category": "file",
"name": "pe",
"template_uuid": "cf7adecc-d4f0-4e88-9d90-f978ee151a07",
"template_version": "3",
"timestamp": "1554925252",
"uuid": "335302ab-5969-43ef-aae3-ded36c7331b5",
"ObjectReference": [
{
"comment": "",
"object_uuid": "335302ab-5969-43ef-aae3-ded36c7331b5",
"referenced_uuid": "e02bda87-4522-4849-b60b-cd07a598b48f",
"relationship_type": "header-of",
"timestamp": "1554925263",
"uuid": "5cae46cf-8c18-474b-9f10-4275950d210f"
},
{
"comment": "",
"object_uuid": "335302ab-5969-43ef-aae3-ded36c7331b5",
"referenced_uuid": "21bbfcf1-6d03-46ab-926e-8c513e3c9c6f",
"relationship_type": "included-in",
"timestamp": "1554925263",
"uuid": "5cae46cf-de1c-4474-92ac-492e950d210f"
},
{
"comment": "",
"object_uuid": "335302ab-5969-43ef-aae3-ded36c7331b5",
"referenced_uuid": "23520dbd-c625-44d0-816a-fff60adf8c08",
"relationship_type": "included-in",
"timestamp": "1554925263",
"uuid": "5cae46cf-e540-4cf7-ba01-4ffc950d210f"
},
{
"comment": "",
"object_uuid": "335302ab-5969-43ef-aae3-ded36c7331b5",
"referenced_uuid": "8c51db87-a216-44c0-bd75-69239348d2a1",
"relationship_type": "included-in",
"timestamp": "1554925263",
"uuid": "5cae46cf-2de4-4bfe-a609-49e0950d210f"
},
{
"comment": "",
"object_uuid": "335302ab-5969-43ef-aae3-ded36c7331b5",
"referenced_uuid": "b4eb4fd7-5fee-43e6-8ecd-63c87632d4c0",
"relationship_type": "included-in",
"timestamp": "1554925263",
"uuid": "5cae46cf-4c58-4829-a633-46f1950d210f"
}
],
"Attribute": [
{
"category": "Payload delivery",
"comment": "",
"deleted": false,
"disable_correlation": true,
"object_relation": "internal-filename",
"timestamp": "1554925252",
"to_ids": true,
"type": "filename",
"uuid": "3899c808-cca2-47fb-934d-9b2bdc7aec6d",
"value": "5C3898AC7670DA30CF0B22075F3E8ED6"
},
{
"category": "Payload delivery",
"comment": "",
"deleted": false,
"disable_correlation": true,
"object_relation": "original-filename",
"timestamp": "1554925252",
"to_ids": true,
"type": "filename",
"uuid": "0e6c9879-7f1a-45f8-bdc0-1120d8d1488d",
"value": "5C3898AC7670DA30CF0B22075F3E8ED6"
},
{
"category": "Other",
"comment": "",
"deleted": false,
"disable_correlation": true,
"object_relation": "number-sections",
"timestamp": "1554925252",
"to_ids": false,
"type": "counter",
"uuid": "8d5b0498-20b4-4199-9456-bd6dc304b198",
"value": "5"
}
]
},
{
"comment": "",
"deleted": false,
"description": "File object describing a file with meta-information",
"meta-category": "file",
"name": "file",
"template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215",
"template_version": "16",
"timestamp": "1555061895",
"uuid": "dca04ffe-c8b2-4b22-ba30-6a1eecf47ec9",
"ObjectReference": [
{
"comment": "",
"object_uuid": "dca04ffe-c8b2-4b22-ba30-6a1eecf47ec9",
"referenced_uuid": "335302ab-5969-43ef-aae3-ded36c7331b5",
"relationship_type": "included-in",
"timestamp": "1554925263",
"uuid": "5cae46cf-a4bc-4749-99c0-4363950d210f"
},
{
"comment": "",
"object_uuid": "dca04ffe-c8b2-4b22-ba30-6a1eecf47ec9",
"referenced_uuid": "9b5d58a8-fedd-424b-9e95-1fa9dee6113b",
"relationship_type": "connected-to",
"timestamp": "1554925263",
"uuid": "5cae46cf-7954-45ff-9082-4ff7950d210f"
},
{
"comment": "",
"object_uuid": "dca04ffe-c8b2-4b22-ba30-6a1eecf47ec9",
"referenced_uuid": "5e64eddb-9dc7-4976-9c08-4884f931c92e",
"relationship_type": "connected-to",
"timestamp": "1554925263",
"uuid": "5cae46cf-1f00-4ffd-afb2-4fcb950d210f"
},
{
"comment": "",
"object_uuid": "dca04ffe-c8b2-4b22-ba30-6a1eecf47ec9",
"referenced_uuid": "e773193c-a490-442a-a41f-63e402cf3865",
"relationship_type": "related-to",
"timestamp": "1554925263",
"uuid": "5cae46cf-cd88-4098-aaa6-448e950d210f"
},
{
"comment": "",
"object_uuid": "dca04ffe-c8b2-4b22-ba30-6a1eecf47ec9",
"referenced_uuid": "bc976e66-b5d6-464d-9adc-0d53da3ec01a",
"relationship_type": "related-to",
"timestamp": "1554925264",
"uuid": "5cae46d0-63bc-462e-a09b-48f4950d210f"
},
{
"comment": "",
"object_uuid": "dca04ffe-c8b2-4b22-ba30-6a1eecf47ec9",
"referenced_uuid": "f7d0f16d-6367-4770-ae6e-db03c68a82ca",
"relationship_type": "related-to",
"timestamp": "1554925264",
"uuid": "5cae46d0-33c0-4255-95e1-41b3950d210f"
},
{
"comment": "",
"object_uuid": "dca04ffe-c8b2-4b22-ba30-6a1eecf47ec9",
"referenced_uuid": "03272933-d90e-4e38-87fa-5490bd1c37d8",
"relationship_type": "dropped",
"timestamp": "1554925264",
"uuid": "5cae46d0-a3cc-46b6-aa3b-465a950d210f"
},
{
"comment": "",
"object_uuid": "dca04ffe-c8b2-4b22-ba30-6a1eecf47ec9",
"referenced_uuid": "603e0902-44f7-4457-9d0e-6246e8fce379",
"relationship_type": "analysed-with",
"timestamp": "1555061900",
"uuid": "5cb05c8c-a1e0-4098-b39a-205c950d210f"
}
],
"Attribute": [
{
"category": "Payload delivery",
"comment": "",
"deleted": false,
"disable_correlation": false,
"object_relation": "md5",
"timestamp": "1554925252",
"to_ids": false,
"type": "md5",
"uuid": "cdf0476e-4050-4014-9548-57270e238bff",
"value": "5c3898ac7670da30cf0b22075f3e8ed6"
},
{
"category": "Payload delivery",
"comment": "",
"deleted": false,
"disable_correlation": false,
"object_relation": "sha1",
"timestamp": "1554925252",
"to_ids": false,
"type": "sha1",
"uuid": "25c0ebd5-1011-4094-9ee3-c43e706c366f",
"value": "91110c569a48b3ba92d771c5666a05781fdd6a57"
},
{
"category": "Payload delivery",
"comment": "",
"deleted": false,
"disable_correlation": false,
"object_relation": "sha256",
"timestamp": "1554925252",
"to_ids": false,
"type": "sha256",
"uuid": "1139dd4b-b129-4d50-8d07-e3400cf3475f",
"value": "2151c1977b4555a1761c12f151969f8e853e26c396fa1a7b74ccbaf3a48f4525"
},
{
"category": "Payload delivery",
"comment": "",
"deleted": false,
"disable_correlation": false,
"object_relation": "sha512",
"timestamp": "1554925252",
"to_ids": false,
"type": "sha512",
"uuid": "00bb1f65-505f-4869-b4f1-2a1a84e4658b",
"value": "700ec4d923cf0090f4428ac3d4d205b551c3e48368cf90d37f9831d8a57e73c73eb507d1731662321c723362c9318c3f019716991073dc9a4cc829ce01540337"
},
{
"category": "Payload delivery",
"comment": "",
"deleted": false,
"disable_correlation": false,
"object_relation": "ssdeep",
"timestamp": "1554925252",
"to_ids": false,
"type": "ssdeep",
"uuid": "fa512e18-a707-40d1-be36-8e61afa46775",
"value": "3072:nKBzqEHcJw0sqz7vLFOLBAqui1mqLK1VaU9BzNRyHmdMaF0QqWN0Qjpthmu:nKg0cJ19z7vLFOLSqp0q7syHeFhnhm"
},
{
"category": "Payload delivery",
"comment": "",
"deleted": false,
"disable_correlation": true,
"object_relation": "filename",
"timestamp": "1554925252",
"to_ids": false,
"type": "filename",
"uuid": "c13e70a2-b0e8-4cb5-9e3f-ca7c096835a3",
"value": "5C3898AC7670DA30CF0B22075F3E8ED6"
},
{
"category": "Other",
"comment": "",
"deleted": false,
"disable_correlation": true,
"object_relation": "size-in-bytes",
"timestamp": "1554925252",
"to_ids": false,
"type": "size-in-bytes",
"uuid": "4c8d5e1b-8575-483a-8dc7-53133d199a8e",
"value": "221184"
},
{
"category": "Other",
"comment": "",
"deleted": false,
"disable_correlation": true,
"object_relation": "entropy",
"timestamp": "1554925252",
"to_ids": false,
"type": "float",
"uuid": "c4640063-6f1c-4084-8b06-866bf7f58ad3",
"value": "6.346504"
},
{
"category": "Artifacts dropped",
"comment": "",
"deleted": false,
"disable_correlation": true,
"object_relation": "mimetype",
"timestamp": "1554925252",
"to_ids": false,
"type": "mime-type",
"uuid": "b437a966-9b67-4390-832e-a4cb2c36bbe9",
"value": "PE32 executable (GUI) Intel 80386, for MS Windows"
}
]
},
{
"comment": "",
"deleted": false,
"description": "Whois records information for a domain name or an IP address.",
"meta-category": "network",
"name": "whois",
"template_uuid": "429faea1-34ff-47af-8a00-7c62d3be5a6a",
"template_version": "10",
"timestamp": "1554925252",
"uuid": "3dacf4c2-9dfc-46e4-8617-4786537e8ae8",
"Attribute": [
{
"category": "Other",
"comment": "",
"deleted": false,
"disable_correlation": true,
"object_relation": "text",
"timestamp": "1554925252",
"to_ids": false,
"type": "text",
"uuid": "82790198-9c25-4f4b-9a46-3b13150e6b81",
"value": "inetnum: 197.211.208.0 - 197.211.215.255\nnetname: ZOL-16e-MOBILE-CUSTOMERS\ndescr: ZOL Customers on ZTE Mobile WiMAX Platform\ncountry: ZW\nadmin-c: BS10-AFRINIC\nadmin-c: GJ1-AFRINIC\nadmin-c: JHM1-AFRINIC\ntech-c: BS10-AFRINIC\ntech-c: GJ1-AFRINIC\ntech-c: JHM1-AFRINIC\nstatus: ASSIGNED PA\nmnt-by: LIQUID-TOL-MNT\nsource: AFRINIC # Filtered\nparent: 197.211.192.0 - 197.211.255.255\n\nperson: B Siwela\naddress: 3rd Floor Greenbridge South\naddress: Eastgate Center\naddress: R. Mugabe Road\naddress: Harare\naddress: Zimbabwe\nphone: +263774673452\nfax-no: +2634702375\nnic-hdl: BS10-AFRINIC\nmnt-by: GENERATED-DVCNVXWBH3VN3XZXTRPHOT0OJ77GUNN3-MNT\nsource: AFRINIC # Filtered\n\nperson: G Jaya\naddress: 3rd Floor Greenbridge South\naddress: Eastgate Center\naddress: R. Mugabe Road\naddress: Harare\naddress: Zimbabwe\nphone: +263773373135\nfax-no: +2634702375\nnic-hdl: GJ1-AFRINIC\nmnt-by: GENERATED-QPEEUIPPW1WPRZ5HLHRXAVHDOKWLC9UC-MNT\nsource: AFRINIC # Filtered\n\nperson: John H Mwangi\naddress: Liquid Telecom Kenya\naddress: P.O.Box 62499 - 00200\naddress: Nairobi Kenya\naddress: Nairobi, Kenya\naddress: Kenya\nphone: + 254 20 556 755"
}
]
},
{
"comment": "",
"deleted": false,
"description": "Whois records information for a domain name or an IP address.",
"meta-category": "network",
"name": "whois",
"template_uuid": "429faea1-34ff-47af-8a00-7c62d3be5a6a",
"template_version": "10",
"timestamp": "1554925252",
"uuid": "fca17017-c7b9-4985-ae07-bf616a36f172",
"Attribute": [
{
"category": "Other",
"comment": "",
"deleted": false,
"disable_correlation": true,
"object_relation": "text",
"timestamp": "1554925252",
"to_ids": false,
"type": "text",
"uuid": "35e253e4-588e-4e66-b8bd-fe491f62b43c",
"value": "inetnum: 181.39.135.120/29\nstatus: reallocated\nowner: Clientes Guayaquil\nownerid: EC-CLGU1-LACNIC\nresponsible: Tomislav Topic\naddress: Kennedy Norte Mz. 109 Solar 21, 5, Piso 2\naddress: 5934 - Guayaquil - GY\ncountry: EC\nphone: +593 4 2680555 [101]\nowner-c: SEL\ntech-c: SEL\nabuse-c: SEL\ncreated: 20160720\nchanged: 20160720\ninetnum-up: 181.39/16\n\nnic-hdl: SEL\nperson: Carlos Montero\ne-mail: networking@TELCONET.EC\naddress: Kennedy Norte MZ, 109, Solar 21\naddress: 59342 - Guayaquil - \ncountry: EC\nphone: +593 42680555 [4601]\ncreated: 20021004\nchanged: 20170323"
}
]
},
{
"comment": "",
"deleted": false,
"description": "Whois records information for a domain name or an IP address.",
"meta-category": "network",
"name": "whois",
"template_uuid": "429faea1-34ff-47af-8a00-7c62d3be5a6a",
"template_version": "10",
"timestamp": "1554925252",
"uuid": "16d9cbf2-43e4-4e6f-adf5-ec883d2e5091",
"Attribute": [
{
"category": "Other",
"comment": "",
"deleted": false,
"disable_correlation": true,
"object_relation": "text",
"timestamp": "1554925252",
"to_ids": false,
"type": "text",
"uuid": "45b63232-b1a0-4e64-ab06-b46e02bcb55a",
"value": "inetnum: 112.160.0.0 - 112.191.255.255\nnetname: KORNET\ndescr: Korea Telecom\nadmin-c: IM667-AP\ntech-c: IM667-AP\ncountry: KR\nstatus: ALLOCATED PORTABLE\nmnt-by: MNT-KRNIC-AP\nmnt-irt: IRT-KRNIC-KR\nlast-modified: 2017-02-03T02:21:58Z\nsource: APNIC\n\nirt: IRT-KRNIC-KR\naddress: Seocho-ro 398, Seocho-gu, Seoul, Korea\ne-mail: hostmaster@nic.or.kr\nabuse-mailbox: hostmaster@nic.or.kr\nadmin-c: IM574-AP\ntech-c: IM574-AP\nauth: # Filtered\nmnt-by: MNT-KRNIC-AP\nlast-modified: 2017-10-19T07:36:36Z\nsource: APNIC\n\nperson: IP Manager\naddress: Gyeonggi-do Bundang-gu, Seongnam-si Buljeong-ro 90\ncountry: KR\nphone: +82-2-500-6630\ne-mail: kornet_ip@kt.com\nnic-hdl: IM667-AP\nmnt-by: MNT-KRNIC-AP\nlast-modified: 2017-03-28T06:37:04Z\nsource: APNIC"
}
]
},
{
"comment": "",
"deleted": false,
"description": "Whois records information for a domain name or an IP address.",
"meta-category": "network",
"name": "whois",
"template_uuid": "429faea1-34ff-47af-8a00-7c62d3be5a6a",
"template_version": "10",
"timestamp": "1554925252",
"uuid": "2c63c35f-d552-4324-a60b-ecf98f7cfd99",
"Attribute": [
{
"category": "Other",
"comment": "",
"deleted": false,
"disable_correlation": true,
"object_relation": "text",
"timestamp": "1554925252",
"to_ids": false,
"type": "text",
"uuid": "e7ab133f-dd4d-47ae-9a68-6127ff4539ae",
"value": "inetnum: 81.94.192.0 - 81.94.192.255\nnetname: IOMARTHOSTING\ndescr: iomart Hosting Limited\ncountry: GB\nadmin-c: RA1415-RIPE\ntech-c: RA1415-RIPE\nstatus: ASSIGNED PA\nremarks: ABUSE REPORTS: abuse@redstation.com\nmnt-by: REDSTATION-MNT\nmnt-domains: REDSTATION-MNT\nmnt-routes: REDSTATION-MNT\ncreated: 2016-02-14T11:44:25Z\nlast-modified: 2016-02-14T11:44:25Z\nsource: RIPE\n\nrole: Redstation Admin Role\naddress: Redstation Limited\naddress: 2 Frater Gate Business Park\naddress: Aerodrome Road\naddress: Gosport\naddress: Hampshire\naddress: PO13 0GW\naddress: UNITED KINGDOM\nabuse-mailbox: abuse@redstation.com\ne-mail: abuse@redstation.com\nnic-hdl: RA1415-RIPE\nmnt-by: REDSTATION-MNT\ncreated: 2005-04-22T17:34:33Z\nlast-modified: 2017-05-02T09:47:13Z\nsource: RIPE\n\n% Information related to '81.94.192.0/24AS20860'\n\nroute: 81.94.192.0/24\ndescr: Wayne Dalton - Redstation Ltd\norigin: AS20860\nmnt-by: GB10488-RIPE-MNT\ncreated: 2015-11-03T12:58:00Z\nlast-modified: 2015-11-03T12:58:00Z\nsource: RIPE"
}
]
},
{
"comment": "",
"deleted": false,
"description": "File object describing a file with meta-information",
"meta-category": "file",
"name": "file",
"template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215",
"template_version": "16",
"timestamp": "1555061895",
"uuid": "f7d0f16d-6367-4770-ae6e-db03c68a82ca",
"ObjectReference": [
{
"comment": "",
"object_uuid": "f7d0f16d-6367-4770-ae6e-db03c68a82ca",
"referenced_uuid": "ec166754-a5ff-4729-ac26-ac79ce02133c",
"relationship_type": "dropped-by",
"timestamp": "1554925264",
"uuid": "5cae46d0-03ac-48f2-a1ff-4fd3950d210f"
},
{
"comment": "",
"object_uuid": "f7d0f16d-6367-4770-ae6e-db03c68a82ca",
"referenced_uuid": "ebf0b816-7fdf-425a-8298-134f91e7cdf2",
"relationship_type": "related-to",
"timestamp": "1554925264",
"uuid": "5cae46d0-f950-4df2-b5b2-4a19950d210f"
},
{
"comment": "",
"object_uuid": "f7d0f16d-6367-4770-ae6e-db03c68a82ca",
"referenced_uuid": "dca04ffe-c8b2-4b22-ba30-6a1eecf47ec9",
"relationship_type": "related-to",
"timestamp": "1554925264",
"uuid": "5cae46d0-c17c-461f-8683-4744950d210f"
},
{
"comment": "",
"object_uuid": "f7d0f16d-6367-4770-ae6e-db03c68a82ca",
"referenced_uuid": "ec166754-a5ff-4729-ac26-ac79ce02133c",
"relationship_type": "related-to",
"timestamp": "1554925264",
"uuid": "5cae46d0-acb8-4978-bdde-49ec950d210f"
},
{
"comment": "",
"object_uuid": "f7d0f16d-6367-4770-ae6e-db03c68a82ca",
"referenced_uuid": "6c10ee1b-a1c9-414d-92cc-8574decc8af4",
"relationship_type": "related-to",
"timestamp": "1554925264",
"uuid": "5cae46d0-6a58-4c63-afbf-4c06950d210f"
},
{
"comment": "",
"object_uuid": "f7d0f16d-6367-4770-ae6e-db03c68a82ca",
"referenced_uuid": "c8b6f1f2-e727-4120-8d78-62dabe459c41",
"relationship_type": "analysed-with",
"timestamp": "1555061900",
"uuid": "5cb05c8c-a72c-43b5-9c14-205c950d210f"
}
],
"Attribute": [
{
"category": "Payload delivery",
"comment": "",
"deleted": false,
"disable_correlation": false,
"object_relation": "md5",
"timestamp": "1554925253",
"to_ids": false,
"type": "md5",
"uuid": "ee2e0010-ee06-40a8-884d-f0a403d0b805",
"value": "ae829f55db0198a0a36b227addcdeeff"
},
{
"category": "Payload delivery",
"comment": "",
"deleted": false,
"disable_correlation": false,
"object_relation": "sha1",
"timestamp": "1554925253",
"to_ids": false,
"type": "sha1",
"uuid": "b3af9b7a-11ca-4ed0-acc9-9b1da53ea14c",
"value": "04833210fa57ea70a209520f4f2a99d049e537f2"
},
{
"category": "Payload delivery",
"comment": "",
"deleted": false,
"disable_correlation": false,
"object_relation": "sha256",
"timestamp": "1554925253",
"to_ids": false,
"type": "sha256",
"uuid": "27c242f1-2841-4a08-93c1-28463ccf0f1e",
"value": "70902623c9cd0cccc8513850072b70732d02c266c7b7e96d2d5b2ed4f5edc289"
},
{
"category": "Payload delivery",
"comment": "",
"deleted": false,
"disable_correlation": false,
"object_relation": "sha512",
"timestamp": "1554925253",
"to_ids": false,
"type": "sha512",
"uuid": "2ef774ea-239a-48dc-b79c-02dd2ba3956d",
"value": "1b4509102ac734ce310b6f8631b1bedd772a38582b4feda9fee09f1edd096006cf5ba528435c844effa97f95984b07bd2c111aa480bb22f4bcfbc751f069868d"
},
{
"category": "Payload delivery",
"comment": "",
"deleted": false,
"disable_correlation": false,
"object_relation": "ssdeep",
"timestamp": "1554925253",
"to_ids": false,
"type": "ssdeep",
"uuid": "61d832eb-7422-443a-a812-bbc7a736681b",
"value": "3:ElclFUl8GlFcmzkXIil23X1ll:ElcUXmQkXQ3"
},
{
"category": "Payload delivery",
"comment": "",
"deleted": false,
"disable_correlation": true,
"object_relation": "filename",
"timestamp": "1554925253",
"to_ids": false,
"type": "filename",
"uuid": "ce874dbb-edd6-4ac8-a8c0-8b8580177674",
"value": "udbcgiut.dat"
},
{
"category": "Other",
"comment": "",
"deleted": false,
"disable_correlation": true,
"object_relation": "size-in-bytes",
"timestamp": "1554925253",
"to_ids": false,
"type": "size-in-bytes",
"uuid": "75bde2bb-8388-46b0-9937-696d17f3cddf",
"value": "1171"
},
{
"category": "Other",
"comment": "",
"deleted": false,
"disable_correlation": true,
"object_relation": "entropy",
"timestamp": "1554925253",
"to_ids": false,
"type": "float",
"uuid": "92b48b66-3ea9-4cab-900e-108023c1813d",
"value": "0.395693"
},
{
"category": "Artifacts dropped",
"comment": "",
"deleted": false,
"disable_correlation": true,
"object_relation": "mimetype",
"timestamp": "1554925253",
"to_ids": false,
"type": "mime-type",
"uuid": "35b6a34c-6ee2-49e7-a16b-330f6c0022fd",
"value": "data"
}
]
},
{
"comment": "",
"deleted": false,
"description": "Object describing a section of a Portable Executable",
"meta-category": "file",
"name": "pe-section",
"template_uuid": "198a17d2-a135-4b25-9a32-5aa4e632014a",
"template_version": "2",
"timestamp": "1554925253",
"uuid": "d7d9f6b7-4b64-49a9-843a-a675d8130f4b",
"Attribute": [
{
"category": "Other",
"comment": "",
"deleted": false,
"disable_correlation": true,
"object_relation": "entropy",
"timestamp": "1554925253",
"to_ids": false,
"type": "float",
"uuid": "1f81d0b9-4e31-4c6a-bd10-80c9785ee32e",
"value": "2.625229"
},
{
"category": "Payload delivery",
"comment": "",
"deleted": false,
"disable_correlation": false,
"object_relation": "md5",
"timestamp": "1554925253",
"to_ids": true,
"type": "md5",
"uuid": "37634b09-9c3d-45d6-8005-444aa186e704",
"value": "64cb3246aafa83129f7fd6b25d572a9f"
},
{
"category": "Other",
"comment": "",
"deleted": false,
"disable_correlation": true,
"object_relation": "size-in-bytes",
"timestamp": "1554925253",
"to_ids": false,
"type": "size-in-bytes",
"uuid": "0a15b2f9-e41c-4482-ae9d-af5bdd042ab1",
"value": "1024"
}
]
},
{
"comment": "",
"deleted": false,
"description": "Object describing a section of a Portable Executable",
"meta-category": "file",
"name": "pe-section",
"template_uuid": "198a17d2-a135-4b25-9a32-5aa4e632014a",
"template_version": "2",
"timestamp": "1554925253",
"uuid": "b6b3a355-04df-468c-b334-3553062b12c7",
"Attribute": [
{
"category": "Payload delivery",
"comment": "",
"deleted": false,
"disable_correlation": false,
"object_relation": "md5",
"timestamp": "1554925253",
"to_ids": true,
"type": "md5",
"uuid": "258993a2-b254-4071-b133-cb5dde33da2e",
"value": "e8c15e136370c12020eb23545085b9f6"
},
{
"category": "Other",
"comment": "",
"deleted": false,
"disable_correlation": true,
"object_relation": "entropy",
"timestamp": "1554925253",
"to_ids": false,
"type": "float",
"uuid": "b6d6ca82-504b-4c7d-b143-600efa72354d",
"value": "6.431942"
},
{
"category": "Other",
"comment": "",
"deleted": false,
"disable_correlation": true,
"object_relation": "name",
"timestamp": "1554925253",
"to_ids": false,
"type": "text",
"uuid": "c81e9ee1-deb7-4ba8-bf6c-166939c37b5d",
"value": ".text"
},
{
"category": "Other",
"comment": "",
"deleted": false,
"disable_correlation": true,
"object_relation": "size-in-bytes",
"timestamp": "1554925253",
"to_ids": false,
"type": "size-in-bytes",
"uuid": "6a19d2df-7ce7-4818-b01a-f40617f79ba9",
"value": "196096"
}
]
},
{
"comment": "",
"deleted": false,
"description": "Object describing a section of a Portable Executable",
"meta-category": "file",
"name": "pe-section",
"template_uuid": "198a17d2-a135-4b25-9a32-5aa4e632014a",
"template_version": "2",
"timestamp": "1554925253",
"uuid": "99a21cae-aca7-4dc5-a057-c31d995c3de7",
"Attribute": [
{
"category": "Payload delivery",
"comment": "",
"deleted": false,
"disable_correlation": false,
"object_relation": "md5",
"timestamp": "1554925253",
"to_ids": true,
"type": "md5",
"uuid": "597380cc-7507-4998-b3a8-45dd517520dd",
"value": "cf0eb4ad22ac1ca687b87a0094999ac8"
},
{
"category": "Other",
"comment": "",
"deleted": false,
"disable_correlation": true,
"object_relation": "entropy",
"timestamp": "1554925253",
"to_ids": false,
"type": "float",
"uuid": "3d0b10a1-d06f-49ba-a9dc-7290e8750906",
"value": "5.990247"
},
{
"category": "Other",
"comment": "",
"deleted": false,
"disable_correlation": true,
"object_relation": "name",
"timestamp": "1554925253",
"to_ids": false,
"type": "text",
"uuid": "7d0c309a-d05b-4889-87b8-45f628def06c",
"value": ".rdata"
},
{
"category": "Other",
"comment": "",
"deleted": false,
"disable_correlation": true,
"object_relation": "size-in-bytes",
"timestamp": "1554925253",
"to_ids": false,
"type": "size-in-bytes",
"uuid": "7655cba8-e280-43fb-b777-6b972ec4e8df",
"value": "26624"
}
]
},
{
"comment": "",
"deleted": false,
"description": "Object describing a section of a Portable Executable",
"meta-category": "file",
"name": "pe-section",
"template_uuid": "198a17d2-a135-4b25-9a32-5aa4e632014a",
"template_version": "2",
"timestamp": "1554925253",
"uuid": "81b7d5fc-2afa-4313-b589-1773e410cd85",
"Attribute": [
{
"category": "Payload delivery",
"comment": "",
"deleted": false,
"disable_correlation": false,
"object_relation": "md5",
"timestamp": "1554925253",
"to_ids": true,
"type": "md5",
"uuid": "86206141-3aa8-4886-8e2a-3222156bb54e",
"value": "b246681e20b3c8ff43e1fcf6c0335287"
},
{
"category": "Other",
"comment": "",
"deleted": false,
"disable_correlation": true,
"object_relation": "entropy",
"timestamp": "1554925253",
"to_ids": false,
"type": "float",
"uuid": "cf0de307-928e-41b2-899f-df59d845d57a",
"value": "4.116777"
},
{
"category": "Other",
"comment": "",
"deleted": false,
"disable_correlation": true,
"object_relation": "name",
"timestamp": "1554925253",
"to_ids": false,
"type": "text",
"uuid": "2a18117d-c785-41a1-9892-4ddc3bc79b92",
"value": ".data"
},
{
"category": "Other",
"comment": "",
"deleted": false,
"disable_correlation": true,
"object_relation": "size-in-bytes",
"timestamp": "1554925253",
"to_ids": false,
"type": "size-in-bytes",
"uuid": "5273e830-5273-4de5-bea8-0ba4505390e5",
"value": "8192"
}
]
},
{
"comment": "",
"deleted": false,
"description": "Object describing a section of a Portable Executable",
"meta-category": "file",
"name": "pe-section",
"template_uuid": "198a17d2-a135-4b25-9a32-5aa4e632014a",
"template_version": "2",
"timestamp": "1554925253",
"uuid": "b0039524-0831-4150-9367-0c01132e1f6d",
"Attribute": [
{
"category": "Payload delivery",
"comment": "",
"deleted": false,
"disable_correlation": false,
"object_relation": "md5",
"timestamp": "1554925253",
"to_ids": true,
"type": "md5",
"uuid": "0c0c80fe-1642-485b-983a-19f311bcc4f9",
"value": "6545248a1e3449e95314cbc874837096"
},
{
"category": "Other",
"comment": "",
"deleted": false,
"disable_correlation": true,
"object_relation": "entropy",
"timestamp": "1554925253",
"to_ids": false,
"type": "float",
"uuid": "6410bfcc-e96b-4d8d-8111-d6652828a391",
"value": "5.112624"
},
{
"category": "Other",
"comment": "",
"deleted": false,
"disable_correlation": true,
"object_relation": "name",
"timestamp": "1554925254",
"to_ids": false,
"type": "text",
"uuid": "1afb96a6-68c2-43bf-ba04-abab50a34d9c",
"value": ".rsrc"
},
{
"category": "Other",
"comment": "",
"deleted": false,
"disable_correlation": true,
"object_relation": "size-in-bytes",
"timestamp": "1554925254",
"to_ids": false,
"type": "size-in-bytes",
"uuid": "98c12a6a-6401-44ce-98c3-e3e07ac92d6c",
"value": "512"
}
]
},
{
"comment": "",
"deleted": false,
"description": "Object describing a section of a Portable Executable",
"meta-category": "file",
"name": "pe-section",
"template_uuid": "198a17d2-a135-4b25-9a32-5aa4e632014a",
"template_version": "2",
"timestamp": "1554925254",
"uuid": "dbc2c668-6778-40ee-a1d2-0a8eed89d382",
"Attribute": [
{
"category": "Payload delivery",
"comment": "",
"deleted": false,
"disable_correlation": false,
"object_relation": "md5",
"timestamp": "1554925254",
"to_ids": true,
"type": "md5",
"uuid": "3893e4f3-e5a9-45c5-b83c-247b16b3d1de",
"value": "31a7ab6f707799d327b8425f6693c220"
},
{
"category": "Other",
"comment": "",
"deleted": false,
"disable_correlation": true,
"object_relation": "entropy",
"timestamp": "1554925254",
"to_ids": false,
"type": "float",
"uuid": "3f641459-6fb8-4335-a615-d74c599119fc",
"value": "5.176231"
},
{
"category": "Other",
"comment": "",
"deleted": false,
"disable_correlation": true,
"object_relation": "name",
"timestamp": "1554925254",
"to_ids": false,
"type": "text",
"uuid": "2ed36d70-6684-4085-812c-1a0d0f194ca8",
"value": ".reloc"
},
{
"category": "Other",
"comment": "",
"deleted": false,
"disable_correlation": true,
"object_relation": "size-in-bytes",
"timestamp": "1554925254",
"to_ids": false,
"type": "size-in-bytes",
"uuid": "501634fd-b6bd-48fc-b476-269bb07d6134",
"value": "8704"
}
]
},
{
"comment": "",
"deleted": false,
"description": "Object describing a Portable Executable",
"meta-category": "file",
"name": "pe",
"template_uuid": "cf7adecc-d4f0-4e88-9d90-f978ee151a07",
"template_version": "3",
"timestamp": "1554925254",
"uuid": "d047f984-e129-4e7d-95f7-b3883eb4d380",
"ObjectReference": [
{
"comment": "",
"object_uuid": "d047f984-e129-4e7d-95f7-b3883eb4d380",
"referenced_uuid": "d7d9f6b7-4b64-49a9-843a-a675d8130f4b",
"relationship_type": "header-of",
"timestamp": "1554925264",
"uuid": "5cae46d0-c940-4eb8-9042-4120950d210f"
},
{
"comment": "",
"object_uuid": "d047f984-e129-4e7d-95f7-b3883eb4d380",
"referenced_uuid": "b6b3a355-04df-468c-b334-3553062b12c7",
"relationship_type": "included-in",
"timestamp": "1554925264",
"uuid": "5cae46d0-817c-4b6c-84ba-4d87950d210f"
},
{
"comment": "",
"object_uuid": "d047f984-e129-4e7d-95f7-b3883eb4d380",
"referenced_uuid": "99a21cae-aca7-4dc5-a057-c31d995c3de7",
"relationship_type": "included-in",
"timestamp": "1554925264",
"uuid": "5cae46d0-b8c4-482c-a64e-45ab950d210f"
},
{
"comment": "",
"object_uuid": "d047f984-e129-4e7d-95f7-b3883eb4d380",
"referenced_uuid": "81b7d5fc-2afa-4313-b589-1773e410cd85",
"relationship_type": "included-in",
"timestamp": "1554925264",
"uuid": "5cae46d0-0944-41e2-a0e9-44a1950d210f"
},
{
"comment": "",
"object_uuid": "d047f984-e129-4e7d-95f7-b3883eb4d380",
"referenced_uuid": "b0039524-0831-4150-9367-0c01132e1f6d",
"relationship_type": "included-in",
"timestamp": "1554925264",
"uuid": "5cae46d0-deac-4451-92f5-461e950d210f"
},
{
"comment": "",
"object_uuid": "d047f984-e129-4e7d-95f7-b3883eb4d380",
"referenced_uuid": "dbc2c668-6778-40ee-a1d2-0a8eed89d382",
"relationship_type": "included-in",
"timestamp": "1554925264",
"uuid": "5cae46d0-16dc-4790-afb4-4028950d210f"
}
],
"Attribute": [
{
"category": "Payload delivery",
"comment": "",
"deleted": false,
"disable_correlation": true,
"object_relation": "internal-filename",
"timestamp": "1554925254",
"to_ids": true,
"type": "filename",
"uuid": "50641979-14b0-498e-a7a4-8d2376977453",
"value": "C5DC53A540ABE95E02008A04A0D56D6C"
},
{
"category": "Payload delivery",
"comment": "",
"deleted": false,
"disable_correlation": true,
"object_relation": "original-filename",
"timestamp": "1554925254",
"to_ids": true,
"type": "filename",
"uuid": "2a11aba2-1f33-4e62-9e1a-08c66918a676",
"value": "C5DC53A540ABE95E02008A04A0D56D6C"
},
{
"category": "Other",
"comment": "",
"deleted": false,
"disable_correlation": true,
"object_relation": "number-sections",
"timestamp": "1554925254",
"to_ids": false,
"type": "counter",
"uuid": "fe87e1ef-a961-462c-bd1a-d2b6db9d872c",
"value": "6"
}
]
},
{
"comment": "",
"deleted": false,
"description": "File object describing a file with meta-information",
"meta-category": "file",
"name": "file",
"template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215",
"template_version": "16",
"timestamp": "1555061895",
"uuid": "e245ed73-c585-4e0b-9190-38647d7f215d",
"ObjectReference": [
{
"comment": "",
"object_uuid": "e245ed73-c585-4e0b-9190-38647d7f215d",
"referenced_uuid": "d047f984-e129-4e7d-95f7-b3883eb4d380",
"relationship_type": "included-in",
"timestamp": "1554925264",
"uuid": "5cae46d0-8e6c-40f1-b56f-4ec9950d210f"
},
{
"comment": "",
"object_uuid": "e245ed73-c585-4e0b-9190-38647d7f215d",
"referenced_uuid": "42d5dff2-e1f0-428f-a415-b83a757b7768",
"relationship_type": "analysed-with",
"timestamp": "1555061900",
"uuid": "5cb05c8c-9720-4de6-a0c2-205c950d210f"
}
],
"Attribute": [
{
"category": "Payload delivery",
"comment": "",
"deleted": false,
"disable_correlation": false,
"object_relation": "md5",
"timestamp": "1554925254",
"to_ids": false,
"type": "md5",
"uuid": "1cd4ccb8-0842-409c-be7b-37a0f8ca52a3",
"value": "c5dc53a540abe95e02008a04a0d56d6c"
},
{
"category": "Payload delivery",
"comment": "",
"deleted": false,
"disable_correlation": false,
"object_relation": "sha1",
"timestamp": "1554925254",
"to_ids": false,
"type": "sha1",
"uuid": "bab92836-90a7-4a83-a45e-c4bed9ca5927",
"value": "4cfe9e353b1a91a2add627873846a3ad912ea96b"
},
{
"category": "Payload delivery",
"comment": "",
"deleted": false,
"disable_correlation": false,
"object_relation": "sha256",
"timestamp": "1554925254",
"to_ids": false,
"type": "sha256",
"uuid": "c7d291b8-3438-4050-8672-8dc55674a09a",
"value": "4c372df691fc699552f81c3d3937729f1dde2a2393f36c92ccc2bd2a033a0818"
},
{
"category": "Payload delivery",
"comment": "",
"deleted": false,
"disable_correlation": false,
"object_relation": "sha512",
"timestamp": "1554925254",
"to_ids": false,
"type": "sha512",
"uuid": "9b701495-4200-49a4-8cfd-f3b9e5fca5b5",
"value": "fc33c99facfbc98d164e63167353bdcff7c1704810e4bb64f7e56812412d84099b224086c04aea66e321cd546d8cf6f14196f5b58d5e931c68064d659c33b6a2"
},
{
"category": "Payload delivery",
"comment": "",
"deleted": false,
"disable_correlation": false,
"object_relation": "ssdeep",
"timestamp": "1554925254",
"to_ids": false,
"type": "ssdeep",
"uuid": "286fe58a-dce9-44c1-8ea0-ba9a26557948",
"value": "6144:LA5cWD93YuzTvLFOLoqbWbnuX7ZEAV6efA/Pawzq:Xc93YbLZEAV6mX"
},
{
"category": "Payload delivery",
"comment": "",
"deleted": false,
"disable_correlation": true,
"object_relation": "filename",
"timestamp": "1554925254",
"to_ids": false,
"type": "filename",
"uuid": "9c8564f5-380a-4305-b83d-e1f28c6104f9",
"value": "C5DC53A540ABE95E02008A04A0D56D6C"
},
{
"category": "Other",
"comment": "",
"deleted": false,
"disable_correlation": true,
"object_relation": "size-in-bytes",
"timestamp": "1554925254",
"to_ids": false,
"type": "size-in-bytes",
"uuid": "a9f20cf4-066d-4dfe-b9a8-f49c71564635",
"value": "241152"
},
{
"category": "Other",
"comment": "",
"deleted": false,
"disable_correlation": true,
"object_relation": "entropy",
"timestamp": "1554925254",
"to_ids": false,
"type": "float",
"uuid": "d370b25a-a1cd-4fe8-af9a-687d136b6706",
"value": "6.534884"
},
{
"category": "Artifacts dropped",
"comment": "",
"deleted": false,
"disable_correlation": true,
"object_relation": "mimetype",
"timestamp": "1554925254",
"to_ids": false,
"type": "mime-type",
"uuid": "0e531f16-9dfe-4cb5-93c5-5fa3a7c8cdef",
"value": "PE32 executable (GUI) Intel 80386, for MS Windows"
}
]
},
{
"comment": "",
"deleted": false,
"description": "Object describing a section of a Portable Executable",
"meta-category": "file",
"name": "pe-section",
"template_uuid": "198a17d2-a135-4b25-9a32-5aa4e632014a",
"template_version": "2",
"timestamp": "1554925254",
"uuid": "08b33dc6-0d4c-4441-85b9-19177bfce17f",
"Attribute": [
{
"category": "Other",
"comment": "",
"deleted": false,
"disable_correlation": true,
"object_relation": "entropy",
"timestamp": "1554925254",
"to_ids": false,
"type": "float",
"uuid": "f00fe537-cd14-47b8-b6df-b8d7ccb8e6d4",
"value": "2.658486"
},
{
"category": "Payload delivery",
"comment": "",
"deleted": false,
"disable_correlation": false,
"object_relation": "md5",
"timestamp": "1554925254",
"to_ids": true,
"type": "md5",
"uuid": "24e2ea0e-520b-4a6b-b877-9d2f01ed84b2",
"value": "59b5d567b9b7b9da0ca0936675fd95fe"
},
{
"category": "Other",
"comment": "",
"deleted": false,
"disable_correlation": true,
"object_relation": "size-in-bytes",
"timestamp": "1554925254",
"to_ids": false,
"type": "size-in-bytes",
"uuid": "7e807666-5bbb-4405-ac7a-4bef7a82fb39",
"value": "1024"
}
]
},
{
"comment": "",
"deleted": false,
"description": "Object describing a section of a Portable Executable",
"meta-category": "file",
"name": "pe-section",
"template_uuid": "198a17d2-a135-4b25-9a32-5aa4e632014a",
"template_version": "2",
"timestamp": "1554925254",
"uuid": "cf24fa43-ec76-41ac-a2c9-c76a86ccd334",
"Attribute": [
{
"category": "Payload delivery",
"comment": "",
"deleted": false,
"disable_correlation": false,
"object_relation": "md5",
"timestamp": "1554925254",
"to_ids": true,
"type": "md5",
"uuid": "c02b02bf-849a-4907-b494-430749daae3a",
"value": "c0b6929e0f01a7b61bde3d7400a801e0"
},
{
"category": "Other",
"comment": "",
"deleted": false,
"disable_correlation": true,
"object_relation": "entropy",
"timestamp": "1554925254",
"to_ids": false,
"type": "float",
"uuid": "4d8fa4ef-96e9-45d2-8bde-428a80c7ccb5",
"value": "6.470188"
},
{
"category": "Other",
"comment": "",
"deleted": false,
"disable_correlation": true,
"object_relation": "name",
"timestamp": "1554925254",
"to_ids": false,
"type": "text",
"uuid": "efcc600f-6886-45e6-84d3-aad00c22a98d",
"value": ".text"
},
{
"category": "Other",
"comment": "",
"deleted": false,
"disable_correlation": true,
"object_relation": "size-in-bytes",
"timestamp": "1554925254",
"to_ids": false,
"type": "size-in-bytes",
"uuid": "bb55c1f6-41dc-4ed7-9a69-3da4204317dc",
"value": "218624"
}
]
},
{
"comment": "",
"deleted": false,
"description": "Object describing a section of a Portable Executable",
"meta-category": "file",
"name": "pe-section",
"template_uuid": "198a17d2-a135-4b25-9a32-5aa4e632014a",
"template_version": "2",
"timestamp": "1554925254",
"uuid": "06b00c8c-78e4-4833-a79a-c70ac79d8b25",
"Attribute": [
{
"category": "Payload delivery",
"comment": "",
"deleted": false,
"disable_correlation": false,
"object_relation": "md5",
"timestamp": "1554925254",
"to_ids": true,
"type": "md5",
"uuid": "2a4ab050-8faf-4fb7-85b5-1dbb1d2a9713",
"value": "ce1e5ab830fcfaa2d7bea92f56e9026e"
},
{
"category": "Other",
"comment": "",
"deleted": false,
"disable_correlation": true,
"object_relation": "entropy",
"timestamp": "1554925254",
"to_ids": false,
"type": "float",
"uuid": "10d55f20-9e31-4f11-abdd-af997378272b",
"value": "5.962575"
},
{
"category": "Other",
"comment": "",
"deleted": false,
"disable_correlation": true,
"object_relation": "name",
"timestamp": "1554925254",
"to_ids": false,
"type": "text",
"uuid": "eb6d6bc4-a200-42cd-b20c-4e10d1101aa4",
"value": ".rdata"
},
{
"category": "Other",
"comment": "",
"deleted": false,
"disable_correlation": true,
"object_relation": "size-in-bytes",
"timestamp": "1554925254",
"to_ids": false,
"type": "size-in-bytes",
"uuid": "5993ae0b-3a39-4f4a-96c0-3635d726430d",
"value": "27136"
}
]
},
{
"comment": "",
"deleted": false,
"description": "Object describing a section of a Portable Executable",
"meta-category": "file",
"name": "pe-section",
"template_uuid": "198a17d2-a135-4b25-9a32-5aa4e632014a",
"template_version": "2",
"timestamp": "1554925254",
"uuid": "7b055b6f-f844-470b-958f-918ada8231bc",
"Attribute": [
{
"category": "Payload delivery",
"comment": "",
"deleted": false,
"disable_correlation": false,
"object_relation": "md5",
"timestamp": "1554925254",
"to_ids": true,
"type": "md5",
"uuid": "bb646ce2-6204-44d1-93e7-d1e3db024e50",
"value": "006bad003b65738ed203a576205cc546"
},
{
"category": "Other",
"comment": "",
"deleted": false,
"disable_correlation": true,
"object_relation": "entropy",
"timestamp": "1554925254",
"to_ids": false,
"type": "float",
"uuid": "788ceb35-b02b-4c4e-840b-28c8c33e341b",
"value": "4.157373"
},
{
"category": "Other",
"comment": "",
"deleted": false,
"disable_correlation": true,
"object_relation": "name",
"timestamp": "1554925254",
"to_ids": false,
"type": "text",
"uuid": "8cda33eb-b153-4886-9057-9bcaee63ec25",
"value": ".data"
},
{
"category": "Other",
"comment": "",
"deleted": false,
"disable_correlation": true,
"object_relation": "size-in-bytes",
"timestamp": "1554925254",
"to_ids": false,
"type": "size-in-bytes",
"uuid": "d77b76f2-16b7-4585-8a8f-cc476e3934a2",
"value": "8192"
}
]
},
{
"comment": "",
"deleted": false,
"description": "Object describing a section of a Portable Executable",
"meta-category": "file",
"name": "pe-section",
"template_uuid": "198a17d2-a135-4b25-9a32-5aa4e632014a",
"template_version": "2",
"timestamp": "1554925254",
"uuid": "3014952d-8c6c-47f4-9e95-a2e07d248668",
"Attribute": [
{
"category": "Payload delivery",
"comment": "",
"deleted": false,
"disable_correlation": false,
"object_relation": "md5",
"timestamp": "1554925254",
"to_ids": true,
"type": "md5",
"uuid": "4103dce2-1897-412a-abcd-38a36bfcbb02",
"value": "992987e022da39fcdbeede8ddd48f226"
},
{
"category": "Other",
"comment": "",
"deleted": false,
"disable_correlation": true,
"object_relation": "entropy",
"timestamp": "1554925254",
"to_ids": false,
"type": "float",
"uuid": "ea603899-a8a5-4bd6-8a79-1ddf566188d9",
"value": "5.51187"
},
{
"category": "Other",
"comment": "",
"deleted": false,
"disable_correlation": true,
"object_relation": "name",
"timestamp": "1554925254",
"to_ids": false,
"type": "text",
"uuid": "7bf18fef-03c0-4d57-817d-d766ac8edb97",
"value": ".rsrc"
},
{
"category": "Other",
"comment": "",
"deleted": false,
"disable_correlation": true,
"object_relation": "size-in-bytes",
"timestamp": "1554925254",
"to_ids": false,
"type": "size-in-bytes",
"uuid": "daf93f17-ff50-49e0-a4d8-16a5ca8304ca",
"value": "3072"
}
]
},
{
"comment": "",
"deleted": false,
"description": "Object describing a section of a Portable Executable",
"meta-category": "file",
"name": "pe-section",
"template_uuid": "198a17d2-a135-4b25-9a32-5aa4e632014a",
"template_version": "2",
"timestamp": "1554925254",
"uuid": "03f59ed6-d83e-4769-a8ac-611f258d0429",
"Attribute": [
{
"category": "Payload delivery",
"comment": "",
"deleted": false,
"disable_correlation": false,
"object_relation": "md5",
"timestamp": "1554925254",
"to_ids": true,
"type": "md5",
"uuid": "16ba4695-e9a1-41f9-b742-8f8be584c06f",
"value": "4be460324f0f4dc1f6a0983752094cce"
},
{
"category": "Other",
"comment": "",
"deleted": false,
"disable_correlation": true,
"object_relation": "entropy",
"timestamp": "1554925254",
"to_ids": false,
"type": "float",
"uuid": "027fec2c-9566-42ed-b068-ee943edbf127",
"value": "5.303151"
},
{
"category": "Other",
"comment": "",
"deleted": false,
"disable_correlation": true,
"object_relation": "name",
"timestamp": "1554925254",
"to_ids": false,
"type": "text",
"uuid": "7e444bcf-fd06-47da-919a-cfd945b62f32",
"value": ".reloc"
},
{
"category": "Other",
"comment": "",
"deleted": false,
"disable_correlation": true,
"object_relation": "size-in-bytes",
"timestamp": "1554925254",
"to_ids": false,
"type": "size-in-bytes",
"uuid": "d4cb0580-7068-42db-84e8-f41fc287146d",
"value": "9728"
}
]
},
{
"comment": "",
"deleted": false,
"description": "Object describing a Portable Executable",
"meta-category": "file",
"name": "pe",
"template_uuid": "cf7adecc-d4f0-4e88-9d90-f978ee151a07",
"template_version": "3",
"timestamp": "1554925254",
"uuid": "738d6709-4996-4265-b9db-a44258b97eca",
"ObjectReference": [
{
"comment": "",
"object_uuid": "738d6709-4996-4265-b9db-a44258b97eca",
"referenced_uuid": "08b33dc6-0d4c-4441-85b9-19177bfce17f",
"relationship_type": "header-of",
"timestamp": "1554925264",
"uuid": "5cae46d0-81e8-40c9-bd07-478f950d210f"
},
{
"comment": "",
"object_uuid": "738d6709-4996-4265-b9db-a44258b97eca",
"referenced_uuid": "cf24fa43-ec76-41ac-a2c9-c76a86ccd334",
"relationship_type": "included-in",
"timestamp": "1554925264",
"uuid": "5cae46d0-fce4-4ecf-9f60-4b70950d210f"
},
{
"comment": "",
"object_uuid": "738d6709-4996-4265-b9db-a44258b97eca",
"referenced_uuid": "06b00c8c-78e4-4833-a79a-c70ac79d8b25",
"relationship_type": "included-in",
"timestamp": "1554925264",
"uuid": "5cae46d0-bcf0-486a-aaec-4fdf950d210f"
},
{
"comment": "",
"object_uuid": "738d6709-4996-4265-b9db-a44258b97eca",
"referenced_uuid": "7b055b6f-f844-470b-958f-918ada8231bc",
"relationship_type": "included-in",
"timestamp": "1554925264",
"uuid": "5cae46d0-7d4c-41be-9588-4117950d210f"
},
{
"comment": "",
"object_uuid": "738d6709-4996-4265-b9db-a44258b97eca",
"referenced_uuid": "3014952d-8c6c-47f4-9e95-a2e07d248668",
"relationship_type": "included-in",
"timestamp": "1554925264",
"uuid": "5cae46d0-c5f0-45e2-9e95-4c7c950d210f"
},
{
"comment": "",
"object_uuid": "738d6709-4996-4265-b9db-a44258b97eca",
"referenced_uuid": "03f59ed6-d83e-4769-a8ac-611f258d0429",
"relationship_type": "included-in",
"timestamp": "1554925264",
"uuid": "5cae46d0-4dd0-432b-afd0-4449950d210f"
}
],
"Attribute": [
{
"category": "Payload delivery",
"comment": "",
"deleted": false,
"disable_correlation": true,
"object_relation": "internal-filename",
"timestamp": "1554925255",
"to_ids": true,
"type": "filename",
"uuid": "c00dc24c-f40b-4a5f-91ed-43068930fbaa",
"value": "BE588CD29B9DC6F8CFC4D0AA5E5C79AA"
},
{
"category": "Payload delivery",
"comment": "",
"deleted": false,
"disable_correlation": true,
"object_relation": "original-filename",
"timestamp": "1554925255",
"to_ids": true,
"type": "filename",
"uuid": "8697256a-089e-40f9-afd7-255a7fcfc600",
"value": "BE588CD29B9DC6F8CFC4D0AA5E5C79AA"
},
{
"category": "Other",
"comment": "",
"deleted": false,
"disable_correlation": true,
"object_relation": "number-sections",
"timestamp": "1554925255",
"to_ids": false,
"type": "counter",
"uuid": "2dcb512a-29e8-4f3e-a4d4-febfae2b987b",
"value": "6"
}
]
},
{
"comment": "",
"deleted": false,
"description": "File object describing a file with meta-information",
"meta-category": "file",
"name": "file",
"template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215",
"template_version": "16",
"timestamp": "1555061895",
"uuid": "ebf0b816-7fdf-425a-8298-134f91e7cdf2",
"ObjectReference": [
{
"comment": "",
"object_uuid": "ebf0b816-7fdf-425a-8298-134f91e7cdf2",
"referenced_uuid": "738d6709-4996-4265-b9db-a44258b97eca",
"relationship_type": "included-in",
"timestamp": "1554925264",
"uuid": "5cae46d1-20ac-4329-a90c-4659950d210f"
},
{
"comment": "",
"object_uuid": "ebf0b816-7fdf-425a-8298-134f91e7cdf2",
"referenced_uuid": "9b5d58a8-fedd-424b-9e95-1fa9dee6113b",
"relationship_type": "connected-to",
"timestamp": "1554925265",
"uuid": "5cae46d1-0248-4639-96e1-4777950d210f"
},
{
"comment": "",
"object_uuid": "ebf0b816-7fdf-425a-8298-134f91e7cdf2",
"referenced_uuid": "5e64eddb-9dc7-4976-9c08-4884f931c92e",
"relationship_type": "connected-to",
"timestamp": "1554925265",
"uuid": "5cae46d1-fa88-420c-9706-4981950d210f"
},
{
"comment": "",
"object_uuid": "ebf0b816-7fdf-425a-8298-134f91e7cdf2",
"referenced_uuid": "e773193c-a490-442a-a41f-63e402cf3865",
"relationship_type": "connected-to",
"timestamp": "1554925265",
"uuid": "5cae46d1-931c-4746-9b9f-4efc950d210f"
},
{
"comment": "",
"object_uuid": "ebf0b816-7fdf-425a-8298-134f91e7cdf2",
"referenced_uuid": "bc976e66-b5d6-464d-9adc-0d53da3ec01a",
"relationship_type": "connected-to",
"timestamp": "1554925265",
"uuid": "5cae46d1-78dc-4650-afb2-4fa3950d210f"
},
{
"comment": "",
"object_uuid": "ebf0b816-7fdf-425a-8298-134f91e7cdf2",
"referenced_uuid": "f7d0f16d-6367-4770-ae6e-db03c68a82ca",
"relationship_type": "related-to",
"timestamp": "1554925265",
"uuid": "5cae46d1-b1c4-418b-9eb5-419e950d210f"
},
{
"comment": "",
"object_uuid": "ebf0b816-7fdf-425a-8298-134f91e7cdf2",
"referenced_uuid": "930261a1-dfbe-4f99-957b-27f14a50a397",
"relationship_type": "connected-to",
"timestamp": "1554925265",
"uuid": "5cae46d1-474c-453c-b0b5-41c1950d210f"
},
{
"comment": "",
"object_uuid": "ebf0b816-7fdf-425a-8298-134f91e7cdf2",
"referenced_uuid": "a314859d-026b-4b02-bcf5-09d7e3c08026",
"relationship_type": "analysed-with",
"timestamp": "1555061900",
"uuid": "5cb05c8c-99e8-4985-9d6d-205c950d210f"
}
],
"Attribute": [
{
"category": "Payload delivery",
"comment": "",
"deleted": false,
"disable_correlation": false,
"object_relation": "md5",
"timestamp": "1554925255",
"to_ids": false,
"type": "md5",
"uuid": "af11a36f-3226-4cbd-a054-250591ed11ca",
"value": "be588cd29b9dc6f8cfc4d0aa5e5c79aa"
},
{
"category": "Payload delivery",
"comment": "",
"deleted": false,
"disable_correlation": false,
"object_relation": "sha1",
"timestamp": "1554925255",
"to_ids": false,
"type": "sha1",
"uuid": "46aa10fb-4355-4eac-92e1-1e3b2daa4d3f",
"value": "06be4fe1f26bc3e4bef057ec83ae81bd3199c7fc"
},
{
"category": "Payload delivery",
"comment": "",
"deleted": false,
"disable_correlation": false,
"object_relation": "sha256",
"timestamp": "1554925255",
"to_ids": false,
"type": "sha256",
"uuid": "c515b394-8cad-47cb-88d4-99f50acf5615",
"value": "ddea408e178f0412ae78ff5d5adf2439251f68cad4fd853ee466a3c74649642d"
},
{
"category": "Payload delivery",
"comment": "",
"deleted": false,
"disable_correlation": false,
"object_relation": "sha512",
"timestamp": "1554925255",
"to_ids": false,
"type": "sha512",
"uuid": "03276553-0e00-4efb-9ad7-c29fe084b9a6",
"value": "c074ec876350b3ee3f82208041152c0ecf25cc8600c8277eec389c253c12372e78da59182a6df8331b05e0eefb07c142172951115a582606f68b824e1d48f30d"
},
{
"category": "Payload delivery",
"comment": "",
"deleted": false,
"disable_correlation": false,
"object_relation": "ssdeep",
"timestamp": "1554925255",
"to_ids": false,
"type": "ssdeep",
"uuid": "915eae7c-ecec-4541-8ecd-c13c53957035",
"value": "6144:UEFpmt3md/iA3uiyzOvLFOLYqnHGZlDwf/OYy85eqmJKRPg:/PQ3mJxeigqi/OYy+/g"
},
{
"category": "Payload delivery",
"comment": "",
"deleted": false,
"disable_correlation": true,
"object_relation": "filename",
"timestamp": "1554925255",
"to_ids": false,
"type": "filename",
"uuid": "b17ba2a4-b07f-4bec-8c93-89ad360f3115",
"value": "BE588CD29B9DC6F8CFC4D0AA5E5C79AA"
},
{
"category": "Other",
"comment": "",
"deleted": false,
"disable_correlation": true,
"object_relation": "size-in-bytes",
"timestamp": "1554925255",
"to_ids": false,
"type": "size-in-bytes",
"uuid": "51ea069c-edb0-4183-982c-343a5c5add69",
"value": "267776"
},
{
"category": "Other",
"comment": "",
"deleted": false,
"disable_correlation": true,
"object_relation": "entropy",
"timestamp": "1554925255",
"to_ids": false,
"type": "float",
"uuid": "6ac891f5-288b-428a-ab9f-028c7d45635c",
"value": "6.554499"
},
{
"category": "Artifacts dropped",
"comment": "",
"deleted": false,
"disable_correlation": true,
"object_relation": "mimetype",
"timestamp": "1554925255",
"to_ids": false,
"type": "mime-type",
"uuid": "9c195c3a-8905-4b81-bf29-bd7b5d54555b",
"value": "PE32 executable (GUI) Intel 80386, for MS Windows"
}
]
},
{
"comment": "",
"deleted": false,
"description": "Whois records information for a domain name or an IP address.",
"meta-category": "network",
"name": "whois",
"template_uuid": "429faea1-34ff-47af-8a00-7c62d3be5a6a",
"template_version": "10",
"timestamp": "1554925255",
"uuid": "26db93d0-b8c2-48c0-9068-e8ddce10b2ac",
"Attribute": [
{
"category": "Other",
"comment": "",
"deleted": false,
"disable_correlation": true,
"object_relation": "text",
"timestamp": "1554925255",
"to_ids": false,
"type": "text",
"uuid": "4e134e95-f503-4166-8d49-a60a39733d96",
"value": "Domain name:\n redstation.net.uk\n\n Registrant:\n Redstation Limited\n\n Registrant type:\n UK Limited Company, (Company number: 3590745)\n\n Registrant's address:\n 2 Frater Gate Business Park\n Aerodrome Road\n Gosport\n Hampshire\n PO13 0GW\n United Kingdom\n\n Data validation:\n Nominet was able to match the registrant's name and address against a 3rd party data source on 21-Feb-2017\n\n Registrar:\n Easyspace Ltd [Tag = EASYSPACE]\n URL: https://www.easyspace.com/domain-names/extensions/uk\n\n Relevant dates:\n Registered on: 11-Apr-2005\n Expiry date: 11-Apr-2019\n Last updated: 12-Apr-2017\n\n Registration status:\n Registered until expiry date.\n\n Name servers:\n ns1.redstation.com\n ns2.redstation.com"
}
]
},
{
"comment": "",
"deleted": false,
"description": "Object describing a section of a Portable Executable",
"meta-category": "file",
"name": "pe-section",
"template_uuid": "198a17d2-a135-4b25-9a32-5aa4e632014a",
"template_version": "2",
"timestamp": "1554925255",
"uuid": "681912d6-af0d-4b11-af8f-576123bb2ef7",
"Attribute": [
{
"category": "Other",
"comment": "",
"deleted": false,
"disable_correlation": true,
"object_relation": "entropy",
"timestamp": "1554925255",
"to_ids": false,
"type": "float",
"uuid": "50c7c57c-4dfa-4686-9335-81a231fa8d6c",
"value": "2.4864"
},
{
"category": "Payload delivery",
"comment": "",
"deleted": false,
"disable_correlation": false,
"object_relation": "md5",
"timestamp": "1554925255",
"to_ids": true,
"type": "md5",
"uuid": "547b1937-09b0-4973-9534-a614404ff7ad",
"value": "e772c7a04c7e3d53c58fdb8a88bb0c02"
},
{
"category": "Other",
"comment": "",
"deleted": false,
"disable_correlation": true,
"object_relation": "size-in-bytes",
"timestamp": "1554925255",
"to_ids": false,
"type": "size-in-bytes",
"uuid": "514ca7d3-9ed2-430e-8756-e9cb867f4c0c",
"value": "1024"
}
]
},
{
"comment": "",
"deleted": false,
"description": "Object describing a section of a Portable Executable",
"meta-category": "file",
"name": "pe-section",
"template_uuid": "198a17d2-a135-4b25-9a32-5aa4e632014a",
"template_version": "2",
"timestamp": "1554925255",
"uuid": "a2dfae6d-1e63-4f17-aa63-b82b363d2000",
"Attribute": [
{
"category": "Payload delivery",
"comment": "",
"deleted": false,
"disable_correlation": false,
"object_relation": "md5",
"timestamp": "1554925255",
"to_ids": true,
"type": "md5",
"uuid": "71d5ae1c-3f38-4e9b-bfca-9136c7680eac",
"value": "a6a2750e5b57470403299e0327553042"
},
{
"category": "Other",
"comment": "",
"deleted": false,
"disable_correlation": true,
"object_relation": "entropy",
"timestamp": "1554925255",
"to_ids": false,
"type": "float",
"uuid": "0a32cf4f-d40f-4d99-b929-1d7fa681f215",
"value": "6.29743"
},
{
"category": "Other",
"comment": "",
"deleted": false,
"disable_correlation": true,
"object_relation": "name",
"timestamp": "1554925255",
"to_ids": false,
"type": "text",
"uuid": "b1e8091d-8c41-4f1c-a945-9df2404d1e12",
"value": ".text"
},
{
"category": "Other",
"comment": "",
"deleted": false,
"disable_correlation": true,
"object_relation": "size-in-bytes",
"timestamp": "1554925255",
"to_ids": false,
"type": "size-in-bytes",
"uuid": "29c9c5d2-9c05-4ea5-8241-df4da93e68d8",
"value": "34816"
}
]
},
{
"comment": "",
"deleted": false,
"description": "Object describing a section of a Portable Executable",
"meta-category": "file",
"name": "pe-section",
"template_uuid": "198a17d2-a135-4b25-9a32-5aa4e632014a",
"template_version": "2",
"timestamp": "1554925255",
"uuid": "cb37303a-fd4b-4a66-a6e8-ff5dffc84ac7",
"Attribute": [
{
"category": "Payload delivery",
"comment": "",
"deleted": false,
"disable_correlation": false,
"object_relation": "md5",
"timestamp": "1554925255",
"to_ids": true,
"type": "md5",
"uuid": "1fe9839e-bc54-4e3c-9527-4178f7349491",
"value": "cc5d69374e9b0266a4b1119e5274d392"
},
{
"category": "Other",
"comment": "",
"deleted": false,
"disable_correlation": true,
"object_relation": "entropy",
"timestamp": "1554925255",
"to_ids": false,
"type": "float",
"uuid": "44db3c73-4453-4765-ae4a-24ac4ade8e7c",
"value": "4.71565"
},
{
"category": "Other",
"comment": "",
"deleted": false,
"disable_correlation": true,
"object_relation": "name",
"timestamp": "1554925255",
"to_ids": false,
"type": "text",
"uuid": "0b3ef129-e647-4a3d-ba0a-fd1112842f5b",
"value": ".rdata"
},
{
"category": "Other",
"comment": "",
"deleted": false,
"disable_correlation": true,
"object_relation": "size-in-bytes",
"timestamp": "1554925255",
"to_ids": false,
"type": "size-in-bytes",
"uuid": "93d6e715-42d5-430f-9218-6c89a6d6b407",
"value": "12288"
}
]
},
{
"comment": "",
"deleted": false,
"description": "Object describing a section of a Portable Executable",
"meta-category": "file",
"name": "pe-section",
"template_uuid": "198a17d2-a135-4b25-9a32-5aa4e632014a",
"template_version": "2",
"timestamp": "1554925255",
"uuid": "737ccfd6-1e0e-494d-bcdc-5cbf6ae072f7",
"Attribute": [
{
"category": "Payload delivery",
"comment": "",
"deleted": false,
"disable_correlation": false,
"object_relation": "md5",
"timestamp": "1554925255",
"to_ids": true,
"type": "md5",
"uuid": "9577dd42-7be8-4cfe-991e-1fc03c133857",
"value": "ac4ee21fcb2501656efc217d139ec804"
},
{
"category": "Other",
"comment": "",
"deleted": false,
"disable_correlation": true,
"object_relation": "entropy",
"timestamp": "1554925255",
"to_ids": false,
"type": "float",
"uuid": "f95c7a9c-cb91-490a-8433-e1081597f624",
"value": "1.87695"
},
{
"category": "Other",
"comment": "",
"deleted": false,
"disable_correlation": true,
"object_relation": "name",
"timestamp": "1554925255",
"to_ids": false,
"type": "text",
"uuid": "35fdd5fa-da9b-47d4-9173-8bf7d37146d4",
"value": ".data"
},
{
"category": "Other",
"comment": "",
"deleted": false,
"disable_correlation": true,
"object_relation": "size-in-bytes",
"timestamp": "1554925255",
"to_ids": false,
"type": "size-in-bytes",
"uuid": "b14dfab0-e748-473d-8139-6709571fdd82",
"value": "5120"
}
]
},
{
"comment": "",
"deleted": false,
"description": "Object describing a section of a Portable Executable",
"meta-category": "file",
"name": "pe-section",
"template_uuid": "198a17d2-a135-4b25-9a32-5aa4e632014a",
"template_version": "2",
"timestamp": "1554925255",
"uuid": "d032374b-36e3-4c4b-895b-c3a776cb60c4",
"Attribute": [
{
"category": "Payload delivery",
"comment": "",
"deleted": false,
"disable_correlation": false,
"object_relation": "md5",
"timestamp": "1554925255",
"to_ids": true,
"type": "md5",
"uuid": "41865ad4-aa5e-4136-ba7c-75121c62071c",
"value": "359af12d4a14ced423d39736dfec613a"
},
{
"category": "Other",
"comment": "",
"deleted": false,
"disable_correlation": true,
"object_relation": "entropy",
"timestamp": "1554925255",
"to_ids": false,
"type": "float",
"uuid": "adb4a29e-b7ed-4423-a7fd-997974098aad",
"value": "3.878158"
},
{
"category": "Other",
"comment": "",
"deleted": false,
"disable_correlation": true,
"object_relation": "name",
"timestamp": "1554925255",
"to_ids": false,
"type": "text",
"uuid": "4758b794-15c2-4581-826c-123da5633274",
"value": ".pdata"
},
{
"category": "Other",
"comment": "",
"deleted": false,
"disable_correlation": true,
"object_relation": "size-in-bytes",
"timestamp": "1554925255",
"to_ids": false,
"type": "size-in-bytes",
"uuid": "90ac40d2-8e52-4fd9-8365-b59b6dd23e6a",
"value": "2560"
}
]
},
{
"comment": "",
"deleted": false,
"description": "Object describing a section of a Portable Executable",
"meta-category": "file",
"name": "pe-section",
"template_uuid": "198a17d2-a135-4b25-9a32-5aa4e632014a",
"template_version": "2",
"timestamp": "1554925255",
"uuid": "9c760cfe-2e23-4e32-b35b-d7097fd4c799",
"Attribute": [
{
"category": "Payload delivery",
"comment": "",
"deleted": false,
"disable_correlation": false,
"object_relation": "md5",
"timestamp": "1554925256",
"to_ids": true,
"type": "md5",
"uuid": "82e679ce-0fc0-4e34-aef5-6d3d57faecd5",
"value": "097e0e4be076b795a7316f1746bace8a"
},
{
"category": "Other",
"comment": "",
"deleted": false,
"disable_correlation": true,
"object_relation": "entropy",
"timestamp": "1554925256",
"to_ids": false,
"type": "float",
"uuid": "e0bee652-9e86-4116-bbc1-ba2397c1b2cc",
"value": "5.514584"
},
{
"category": "Other",
"comment": "",
"deleted": false,
"disable_correlation": true,
"object_relation": "name",
"timestamp": "1554925256",
"to_ids": false,
"type": "text",
"uuid": "fcfd25bb-b089-4178-818f-4d310fb1d282",
"value": ".rsrc"
},
{
"category": "Other",
"comment": "",
"deleted": false,
"disable_correlation": true,
"object_relation": "size-in-bytes",
"timestamp": "1554925256",
"to_ids": false,
"type": "size-in-bytes",
"uuid": "5370431c-1840-481c-b92a-d10424739227",
"value": "3072"
}
]
},
{
"comment": "",
"deleted": false,
"description": "Object describing a section of a Portable Executable",
"meta-category": "file",
"name": "pe-section",
"template_uuid": "198a17d2-a135-4b25-9a32-5aa4e632014a",
"template_version": "2",
"timestamp": "1554925256",
"uuid": "34135ff1-138a-4297-afe6-6e17271fbeec",
"Attribute": [
{
"category": "Payload delivery",
"comment": "",
"deleted": false,
"disable_correlation": false,
"object_relation": "md5",
"timestamp": "1554925256",
"to_ids": true,
"type": "md5",
"uuid": "3b692804-a934-4dd7-9b14-3942beb53f23",
"value": "5849f380266933d6f3c5c4740334b041"
},
{
"category": "Other",
"comment": "",
"deleted": false,
"disable_correlation": true,
"object_relation": "entropy",
"timestamp": "1554925256",
"to_ids": false,
"type": "float",
"uuid": "8360ac22-47cf-4aa7-b1cb-900c73d04360",
"value": "2.517963"
},
{
"category": "Other",
"comment": "",
"deleted": false,
"disable_correlation": true,
"object_relation": "name",
"timestamp": "1554925256",
"to_ids": false,
"type": "text",
"uuid": "10335091-e394-4085-a76a-fe8f960b2f5d",
"value": ".reloc"
},
{
"category": "Other",
"comment": "",
"deleted": false,
"disable_correlation": true,
"object_relation": "size-in-bytes",
"timestamp": "1554925256",
"to_ids": false,
"type": "size-in-bytes",
"uuid": "2188d52b-4fa7-4da7-8c82-68f51b9506ec",
"value": "1024"
}
]
},
{
"comment": "",
"deleted": false,
"description": "Object describing a Portable Executable",
"meta-category": "file",
"name": "pe",
"template_uuid": "cf7adecc-d4f0-4e88-9d90-f978ee151a07",
"template_version": "3",
"timestamp": "1554925256",
"uuid": "d158344a-e9a9-4e03-9832-fb1264c3d1aa",
"ObjectReference": [
{
"comment": "",
"object_uuid": "d158344a-e9a9-4e03-9832-fb1264c3d1aa",
"referenced_uuid": "681912d6-af0d-4b11-af8f-576123bb2ef7",
"relationship_type": "header-of",
"timestamp": "1554925265",
"uuid": "5cae46d1-783c-4120-bcbe-428e950d210f"
},
{
"comment": "",
"object_uuid": "d158344a-e9a9-4e03-9832-fb1264c3d1aa",
"referenced_uuid": "a2dfae6d-1e63-4f17-aa63-b82b363d2000",
"relationship_type": "included-in",
"timestamp": "1554925265",
"uuid": "5cae46d1-a43c-4a70-9f2f-4581950d210f"
},
{
"comment": "",
"object_uuid": "d158344a-e9a9-4e03-9832-fb1264c3d1aa",
"referenced_uuid": "cb37303a-fd4b-4a66-a6e8-ff5dffc84ac7",
"relationship_type": "included-in",
"timestamp": "1554925265",
"uuid": "5cae46d1-7190-4f44-828d-4e12950d210f"
},
{
"comment": "",
"object_uuid": "d158344a-e9a9-4e03-9832-fb1264c3d1aa",
"referenced_uuid": "737ccfd6-1e0e-494d-bcdc-5cbf6ae072f7",
"relationship_type": "included-in",
"timestamp": "1554925265",
"uuid": "5cae46d1-e4a8-4e26-9a0f-43c1950d210f"
},
{
"comment": "",
"object_uuid": "d158344a-e9a9-4e03-9832-fb1264c3d1aa",
"referenced_uuid": "d032374b-36e3-4c4b-895b-c3a776cb60c4",
"relationship_type": "included-in",
"timestamp": "1554925265",
"uuid": "5cae46d1-4334-461e-8f25-43a2950d210f"
},
{
"comment": "",
"object_uuid": "d158344a-e9a9-4e03-9832-fb1264c3d1aa",
"referenced_uuid": "9c760cfe-2e23-4e32-b35b-d7097fd4c799",
"relationship_type": "included-in",
"timestamp": "1554925265",
"uuid": "5cae46d1-2824-4a3f-8445-4820950d210f"
},
{
"comment": "",
"object_uuid": "d158344a-e9a9-4e03-9832-fb1264c3d1aa",
"referenced_uuid": "34135ff1-138a-4297-afe6-6e17271fbeec",
"relationship_type": "included-in",
"timestamp": "1554925265",
"uuid": "5cae46d1-c804-4f34-bc22-4609950d210f"
}
],
"Attribute": [
{
"category": "Payload delivery",
"comment": "",
"deleted": false,
"disable_correlation": true,
"object_relation": "internal-filename",
"timestamp": "1554925256",
"to_ids": true,
"type": "filename",
"uuid": "2b23be7c-810f-4af7-9852-4673a0810b7b",
"value": "868036E102DF4CE414B0E6700825B319"
},
{
"category": "Payload delivery",
"comment": "",
"deleted": false,
"disable_correlation": true,
"object_relation": "original-filename",
"timestamp": "1554925256",
"to_ids": true,
"type": "filename",
"uuid": "714205f8-fcff-43f8-93e1-eb15bfd76be0",
"value": "868036E102DF4CE414B0E6700825B319"
},
{
"category": "Other",
"comment": "",
"deleted": false,
"disable_correlation": true,
"object_relation": "number-sections",
"timestamp": "1554925256",
"to_ids": false,
"type": "counter",
"uuid": "0da0af95-1e93-4fc6-ab0a-b784ae1e7a42",
"value": "7"
}
]
},
{
"comment": "",
"deleted": false,
"description": "File object describing a file with meta-information",
"meta-category": "file",
"name": "file",
"template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215",
"template_version": "16",
"timestamp": "1555061896",
"uuid": "6c10ee1b-a1c9-414d-92cc-8574decc8af4",
"ObjectReference": [
{
"comment": "",
"object_uuid": "6c10ee1b-a1c9-414d-92cc-8574decc8af4",
"referenced_uuid": "d158344a-e9a9-4e03-9832-fb1264c3d1aa",
"relationship_type": "included-in",
"timestamp": "1554925265",
"uuid": "5cae46d1-a750-4fb5-bdeb-4411950d210f"
},
{
"comment": "",
"object_uuid": "6c10ee1b-a1c9-414d-92cc-8574decc8af4",
"referenced_uuid": "f7d0f16d-6367-4770-ae6e-db03c68a82ca",
"relationship_type": "related-to",
"timestamp": "1554925265",
"uuid": "5cae46d1-b578-4d9d-b839-4688950d210f"
},
{
"comment": "",
"object_uuid": "6c10ee1b-a1c9-414d-92cc-8574decc8af4",
"referenced_uuid": "02f5bf02-c1ac-4142-be6b-978554a19a90",
"relationship_type": "dropped",
"timestamp": "1554925265",
"uuid": "5cae46d1-bfec-4489-9546-4fb9950d210f"
},
{
"comment": "",
"object_uuid": "6c10ee1b-a1c9-414d-92cc-8574decc8af4",
"referenced_uuid": "e25a593a-6702-4694-90f3-f0858a21b5e1",
"relationship_type": "analysed-with",
"timestamp": "1555061901",
"uuid": "5cb05c8d-38f0-4387-94a6-205c950d210f"
}
],
"Attribute": [
{
"category": "Payload delivery",
"comment": "",
"deleted": false,
"disable_correlation": false,
"object_relation": "md5",
"timestamp": "1554925256",
"to_ids": false,
"type": "md5",
"uuid": "76ea531a-49fc-4a82-970e-b210fb019243",
"value": "868036e102df4ce414b0e6700825b319"
},
{
"category": "Payload delivery",
"comment": "",
"deleted": false,
"disable_correlation": false,
"object_relation": "sha1",
"timestamp": "1554925256",
"to_ids": false,
"type": "sha1",
"uuid": "8e9e1f78-5021-4dac-a330-b6e9169c7bc4",
"value": "7f1e68d78e455aa14de9020abd2293c3b8ec6cf8"
},
{
"category": "Payload delivery",
"comment": "",
"deleted": false,
"disable_correlation": false,
"object_relation": "sha256",
"timestamp": "1554925256",
"to_ids": false,
"type": "sha256",
"uuid": "516a297e-c5a1-4dd2-aabd-346cdbe4e2d4",
"value": "12480585e08855109c5972e85d99cda7701fe992bc1754f1a0736f1eebcb004d"
},
{
"category": "Payload delivery",
"comment": "",
"deleted": false,
"disable_correlation": false,
"object_relation": "sha512",
"timestamp": "1554925256",
"to_ids": false,
"type": "sha512",
"uuid": "d782d11c-af27-4f3a-84b8-20747f86b2a2",
"value": "724d83493dbe86cfcee7f655272d2c733baa5470d7da986e956c789aa1b8f518ad94b575e655b4fe5f6f7d426b9aa7d8304fc879b82a385142b8924e0d454363"
},
{
"category": "Payload delivery",
"comment": "",
"deleted": false,
"disable_correlation": false,
"object_relation": "ssdeep",
"timestamp": "1554925256",
"to_ids": false,
"type": "ssdeep",
"uuid": "7a10ab38-0c5a-4f19-9e7f-3b1199a03c9d",
"value": "12288:eb/3G8vg+Rg1cvAHtE0MLa07rt5POui6z:+/3G8vg+pvi9Sa07rt4ui6z"
},
{
"category": "Payload delivery",
"comment": "",
"deleted": false,
"disable_correlation": true,
"object_relation": "filename",
"timestamp": "1554925256",
"to_ids": false,
"type": "filename",
"uuid": "b1c21676-64c5-4ae3-8948-8e2531d38241",
"value": "868036E102DF4CE414B0E6700825B319"
},
{
"category": "Other",
"comment": "",
"deleted": false,
"disable_correlation": true,
"object_relation": "size-in-bytes",
"timestamp": "1554925256",
"to_ids": false,
"type": "size-in-bytes",
"uuid": "aada89ac-b815-4767-b84e-4fe8fbd321ac",
"value": "453791"
},
{
"category": "Other",
"comment": "",
"deleted": false,
"disable_correlation": true,
"object_relation": "entropy",
"timestamp": "1554925256",
"to_ids": false,
"type": "float",
"uuid": "684d920a-0ea8-4a68-89f0-940fcfc6da76",
"value": "7.713852"
},
{
"category": "Artifacts dropped",
"comment": "",
"deleted": false,
"disable_correlation": true,
"object_relation": "mimetype",
"timestamp": "1554925256",
"to_ids": false,
"type": "mime-type",
"uuid": "bc59f58b-f4c7-4776-8f87-118ce55979f3",
"value": "PE32+ executable (GUI) x86-64, for MS Windows"
}
]
},
{
"comment": "",
"deleted": false,
"description": "Object describing a section of a Portable Executable",
"meta-category": "file",
"name": "pe-section",
"template_uuid": "198a17d2-a135-4b25-9a32-5aa4e632014a",
"template_version": "2",
"timestamp": "1554925256",
"uuid": "1435e56d-5f38-40c6-a7c7-d85df67a37ea",
"Attribute": [
{
"category": "Other",
"comment": "",
"deleted": false,
"disable_correlation": true,
"object_relation": "entropy",
"timestamp": "1554925256",
"to_ids": false,
"type": "float",
"uuid": "92189470-ebf6-48eb-b9e1-017745671592",
"value": "2.524087"
},
{
"category": "Payload delivery",
"comment": "",
"deleted": false,
"disable_correlation": false,
"object_relation": "md5",
"timestamp": "1554925256",
"to_ids": true,
"type": "md5",
"uuid": "668ce866-63af-4400-8034-46a423aacdc0",
"value": "3bb2a7d6aab283c82ab853f536157ce2"
},
{
"category": "Other",
"comment": "",
"deleted": false,
"disable_correlation": true,
"object_relation": "size-in-bytes",
"timestamp": "1554925256",
"to_ids": false,
"type": "size-in-bytes",
"uuid": "eaab7e4e-bf2e-4444-843e-e30d6a32dff0",
"value": "1024"
}
]
},
{
"comment": "",
"deleted": false,
"description": "Object describing a section of a Portable Executable",
"meta-category": "file",
"name": "pe-section",
"template_uuid": "198a17d2-a135-4b25-9a32-5aa4e632014a",
"template_version": "2",
"timestamp": "1554925256",
"uuid": "b29bf9b8-09d1-41ec-8cf6-1556913a36b7",
"Attribute": [
{
"category": "Payload delivery",
"comment": "",
"deleted": false,
"disable_correlation": false,
"object_relation": "md5",
"timestamp": "1554925256",
"to_ids": true,
"type": "md5",
"uuid": "cfa05f87-32cb-4909-bbc4-d75395fb29f6",
"value": "b0bf8ec7b067fd3592c0053702e34504"
},
{
"category": "Other",
"comment": "",
"deleted": false,
"disable_correlation": true,
"object_relation": "entropy",
"timestamp": "1554925256",
"to_ids": false,
"type": "float",
"uuid": "2fa44e3b-b752-4a79-b504-ed631a606d80",
"value": "6.180871"
},
{
"category": "Other",
"comment": "",
"deleted": false,
"disable_correlation": true,
"object_relation": "name",
"timestamp": "1554925256",
"to_ids": false,
"type": "text",
"uuid": "48a309fb-c98c-4cdc-b0dd-c0232816918d",
"value": ".text"
},
{
"category": "Other",
"comment": "",
"deleted": false,
"disable_correlation": true,
"object_relation": "size-in-bytes",
"timestamp": "1554925256",
"to_ids": false,
"type": "size-in-bytes",
"uuid": "39d0c30a-cdc5-4d17-81f4-3db9a0103744",
"value": "23552"
}
]
},
{
"comment": "",
"deleted": false,
"description": "Object describing a section of a Portable Executable",
"meta-category": "file",
"name": "pe-section",
"template_uuid": "198a17d2-a135-4b25-9a32-5aa4e632014a",
"template_version": "2",
"timestamp": "1554925256",
"uuid": "409a8ca2-3740-4465-be76-e1ebed4570e6",
"Attribute": [
{
"category": "Payload delivery",
"comment": "",
"deleted": false,
"disable_correlation": false,
"object_relation": "md5",
"timestamp": "1554925256",
"to_ids": true,
"type": "md5",
"uuid": "c7b0a953-b4d4-414b-a877-fbe638908f7e",
"value": "6cc98c5fef3ea1b782262e355b5c5862"
},
{
"category": "Other",
"comment": "",
"deleted": false,
"disable_correlation": true,
"object_relation": "entropy",
"timestamp": "1554925256",
"to_ids": false,
"type": "float",
"uuid": "0348e323-2dbb-4624-aa70-578dbb3f8406",
"value": "4.635336"
},
{
"category": "Other",
"comment": "",
"deleted": false,
"disable_correlation": true,
"object_relation": "name",
"timestamp": "1554925256",
"to_ids": false,
"type": "text",
"uuid": "d26ecbd6-9a8f-4e1c-a5de-2854df69de70",
"value": ".rdata"
},
{
"category": "Other",
"comment": "",
"deleted": false,
"disable_correlation": true,
"object_relation": "size-in-bytes",
"timestamp": "1554925256",
"to_ids": false,
"type": "size-in-bytes",
"uuid": "efe9abd5-8b25-46ce-a86e-9896ee4d00f4",
"value": "10752"
}
]
},
{
"comment": "",
"deleted": false,
"description": "Object describing a section of a Portable Executable",
"meta-category": "file",
"name": "pe-section",
"template_uuid": "198a17d2-a135-4b25-9a32-5aa4e632014a",
"template_version": "2",
"timestamp": "1554925256",
"uuid": "855ac261-1c2a-412b-8320-1aa8d22f8c33",
"Attribute": [
{
"category": "Payload delivery",
"comment": "",
"deleted": false,
"disable_correlation": false,
"object_relation": "md5",
"timestamp": "1554925256",
"to_ids": true,
"type": "md5",
"uuid": "6e59c926-ab16-40b1-adb0-afe8910a3f8a",
"value": "484d4698d46b3b5ad033c1a80ba83acf"
},
{
"category": "Other",
"comment": "",
"deleted": false,
"disable_correlation": true,
"object_relation": "entropy",
"timestamp": "1554925256",
"to_ids": false,
"type": "float",
"uuid": "30d54d2a-b152-44b1-839e-d14bd9c417d1",
"value": "2.145716"
},
{
"category": "Other",
"comment": "",
"deleted": false,
"disable_correlation": true,
"object_relation": "name",
"timestamp": "1554925256",
"to_ids": false,
"type": "text",
"uuid": "cca4242d-3ffb-43a8-aa9f-a2249f5d83e0",
"value": ".data"
},
{
"category": "Other",
"comment": "",
"deleted": false,
"disable_correlation": true,
"object_relation": "size-in-bytes",
"timestamp": "1554925256",
"to_ids": false,
"type": "size-in-bytes",
"uuid": "5048f385-c6b7-41a5-9b37-237f095ea990",
"value": "4096"
}
]
},
{
"comment": "",
"deleted": false,
"description": "Object describing a section of a Portable Executable",
"meta-category": "file",
"name": "pe-section",
"template_uuid": "198a17d2-a135-4b25-9a32-5aa4e632014a",
"template_version": "2",
"timestamp": "1554925256",
"uuid": "5760f7f9-6817-48fb-be8f-112dbd443f0a",
"Attribute": [
{
"category": "Payload delivery",
"comment": "",
"deleted": false,
"disable_correlation": false,
"object_relation": "md5",
"timestamp": "1554925256",
"to_ids": true,
"type": "md5",
"uuid": "03b83675-3bf2-46c5-b2e8-763f307a218f",
"value": "a07c8f17c18c6789a3e757aec183aea6"
},
{
"category": "Other",
"comment": "",
"deleted": false,
"disable_correlation": true,
"object_relation": "entropy",
"timestamp": "1554925256",
"to_ids": false,
"type": "float",
"uuid": "f56959d1-7bc3-4f78-a720-d1d8db5b5658",
"value": "3.729952"
},
{
"category": "Other",
"comment": "",
"deleted": false,
"disable_correlation": true,
"object_relation": "name",
"timestamp": "1554925256",
"to_ids": false,
"type": "text",
"uuid": "617de1d1-ee07-442b-adf7-48cddada1c7c",
"value": ".pdata"
},
{
"category": "Other",
"comment": "",
"deleted": false,
"disable_correlation": true,
"object_relation": "size-in-bytes",
"timestamp": "1554925256",
"to_ids": false,
"type": "size-in-bytes",
"uuid": "2baf96ce-c355-49ba-8f27-27a371939dcd",
"value": "2048"
}
]
},
{
"comment": "",
"deleted": false,
"description": "Object describing a section of a Portable Executable",
"meta-category": "file",
"name": "pe-section",
"template_uuid": "198a17d2-a135-4b25-9a32-5aa4e632014a",
"template_version": "2",
"timestamp": "1554925256",
"uuid": "081fda7a-462f-411a-b541-1c85411baee2",
"Attribute": [
{
"category": "Payload delivery",
"comment": "",
"deleted": false,
"disable_correlation": false,
"object_relation": "md5",
"timestamp": "1554925256",
"to_ids": true,
"type": "md5",
"uuid": "963374ec-28f8-41a7-8ef1-c95b11ca1871",
"value": "fae0d0885944745d98849422bd799457"
},
{
"category": "Other",
"comment": "",
"deleted": false,
"disable_correlation": true,
"object_relation": "entropy",
"timestamp": "1554925256",
"to_ids": false,
"type": "float",
"uuid": "45171fb5-f9e2-401e-ae58-28133036e763",
"value": "7.997488"
},
{
"category": "Other",
"comment": "",
"deleted": false,
"disable_correlation": true,
"object_relation": "name",
"timestamp": "1554925256",
"to_ids": false,
"type": "text",
"uuid": "d4df59cd-c664-4518-a52e-791db071d717",
"value": ".rsrc"
},
{
"category": "Other",
"comment": "",
"deleted": false,
"disable_correlation": true,
"object_relation": "size-in-bytes",
"timestamp": "1554925256",
"to_ids": false,
"type": "size-in-bytes",
"uuid": "edaf8327-0cc0-409d-9da9-f64e17a9fb8b",
"value": "348672"
}
]
},
{
"comment": "",
"deleted": false,
"description": "Object describing a section of a Portable Executable",
"meta-category": "file",
"name": "pe-section",
"template_uuid": "198a17d2-a135-4b25-9a32-5aa4e632014a",
"template_version": "2",
"timestamp": "1554925256",
"uuid": "2c3e7740-a7bc-46d7-bed6-5da54b4327f0",
"Attribute": [
{
"category": "Payload delivery",
"comment": "",
"deleted": false,
"disable_correlation": false,
"object_relation": "md5",
"timestamp": "1554925257",
"to_ids": true,
"type": "md5",
"uuid": "79a36606-0756-4edd-931d-e722b7abb09f",
"value": "0c1c23e1fb129b1b1966f70fc75cf20e"
},
{
"category": "Other",
"comment": "",
"deleted": false,
"disable_correlation": true,
"object_relation": "entropy",
"timestamp": "1554925257",
"to_ids": false,
"type": "float",
"uuid": "bd534413-3c43-4ded-b48b-8d4e8b1364bc",
"value": "1.737829"
},
{
"category": "Other",
"comment": "",
"deleted": false,
"disable_correlation": true,
"object_relation": "name",
"timestamp": "1554925257",
"to_ids": false,
"type": "text",
"uuid": "fef32f0d-fc22-497c-aad3-e38597529c54",
"value": ".reloc"
},
{
"category": "Other",
"comment": "",
"deleted": false,
"disable_correlation": true,
"object_relation": "size-in-bytes",
"timestamp": "1554925257",
"to_ids": false,
"type": "size-in-bytes",
"uuid": "08d78bd6-8f79-4146-9011-77bb8367ad70",
"value": "1536"
}
]
},
{
"comment": "",
"deleted": false,
"description": "Object describing a Portable Executable",
"meta-category": "file",
"name": "pe",
"template_uuid": "cf7adecc-d4f0-4e88-9d90-f978ee151a07",
"template_version": "3",
"timestamp": "1554925257",
"uuid": "8ac82864-35d9-4232-ad60-e3e6fab47b66",
"ObjectReference": [
{
"comment": "",
"object_uuid": "8ac82864-35d9-4232-ad60-e3e6fab47b66",
"referenced_uuid": "1435e56d-5f38-40c6-a7c7-d85df67a37ea",
"relationship_type": "header-of",
"timestamp": "1554925265",
"uuid": "5cae46d1-2868-494e-9f38-4320950d210f"
},
{
"comment": "",
"object_uuid": "8ac82864-35d9-4232-ad60-e3e6fab47b66",
"referenced_uuid": "b29bf9b8-09d1-41ec-8cf6-1556913a36b7",
"relationship_type": "included-in",
"timestamp": "1554925266",
"uuid": "5cae46d2-4fe8-4be0-ac57-431c950d210f"
},
{
"comment": "",
"object_uuid": "8ac82864-35d9-4232-ad60-e3e6fab47b66",
"referenced_uuid": "409a8ca2-3740-4465-be76-e1ebed4570e6",
"relationship_type": "included-in",
"timestamp": "1554925266",
"uuid": "5cae46d2-79b0-41ae-b4ff-419c950d210f"
},
{
"comment": "",
"object_uuid": "8ac82864-35d9-4232-ad60-e3e6fab47b66",
"referenced_uuid": "855ac261-1c2a-412b-8320-1aa8d22f8c33",
"relationship_type": "included-in",
"timestamp": "1554925266",
"uuid": "5cae46d2-14f4-4fd8-9a8b-4be9950d210f"
},
{
"comment": "",
"object_uuid": "8ac82864-35d9-4232-ad60-e3e6fab47b66",
"referenced_uuid": "5760f7f9-6817-48fb-be8f-112dbd443f0a",
"relationship_type": "included-in",
"timestamp": "1554925266",
"uuid": "5cae46d2-5c7c-4944-88ad-4bf9950d210f"
},
{
"comment": "",
"object_uuid": "8ac82864-35d9-4232-ad60-e3e6fab47b66",
"referenced_uuid": "081fda7a-462f-411a-b541-1c85411baee2",
"relationship_type": "included-in",
"timestamp": "1554925266",
"uuid": "5cae46d2-fe30-4231-943a-4034950d210f"
},
{
"comment": "",
"object_uuid": "8ac82864-35d9-4232-ad60-e3e6fab47b66",
"referenced_uuid": "2c3e7740-a7bc-46d7-bed6-5da54b4327f0",
"relationship_type": "included-in",
"timestamp": "1554925266",
"uuid": "5cae46d2-2db0-4578-98b2-457c950d210f"
}
],
"Attribute": [
{
"category": "Payload delivery",
"comment": "",
"deleted": false,
"disable_correlation": true,
"object_relation": "internal-filename",
"timestamp": "1554925257",
"to_ids": true,
"type": "filename",
"uuid": "fc6bee65-86ef-4b9a-bcab-2b0f747905e9",
"value": "rdpproto.dll"
},
{
"category": "Payload delivery",
"comment": "",
"deleted": false,
"disable_correlation": true,
"object_relation": "original-filename",
"timestamp": "1554925257",
"to_ids": true,
"type": "filename",
"uuid": "f51687f0-f966-4811-9bf9-5ca2f6f882e4",
"value": "rdpproto.dll"
},
{
"category": "Other",
"comment": "",
"deleted": false,
"disable_correlation": true,
"object_relation": "number-sections",
"timestamp": "1554925257",
"to_ids": false,
"type": "counter",
"uuid": "02955ebf-1632-4981-a7ab-39ed4f14fc73",
"value": "7"
}
]
},
{
"comment": "",
"deleted": false,
"description": "File object describing a file with meta-information",
"meta-category": "file",
"name": "file",
"template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215",
"template_version": "16",
"timestamp": "1555061896",
"uuid": "02f5bf02-c1ac-4142-be6b-978554a19a90",
"ObjectReference": [
{
"comment": "",
"object_uuid": "02f5bf02-c1ac-4142-be6b-978554a19a90",
"referenced_uuid": "8ac82864-35d9-4232-ad60-e3e6fab47b66",
"relationship_type": "included-in",
"timestamp": "1554925266",
"uuid": "5cae46d2-6bc8-4126-b153-4d2d950d210f"
},
{
"comment": "",
"object_uuid": "02f5bf02-c1ac-4142-be6b-978554a19a90",
"referenced_uuid": "6c10ee1b-a1c9-414d-92cc-8574decc8af4",
"relationship_type": "dropped-by",
"timestamp": "1554925266",
"uuid": "5cae46d2-ea54-4c5b-8961-4f1d950d210f"
},
{
"comment": "",
"object_uuid": "02f5bf02-c1ac-4142-be6b-978554a19a90",
"referenced_uuid": "dfa5812c-f91e-42b8-811d-718121a46fd9",
"relationship_type": "connected-to",
"timestamp": "1554925266",
"uuid": "5cae46d2-d8d8-4c30-b9d4-457f950d210f"
},
{
"comment": "",
"object_uuid": "02f5bf02-c1ac-4142-be6b-978554a19a90",
"referenced_uuid": "3d25e903-29f5-4b88-bf80-bd6bd8a9616b",
"relationship_type": "connected-to",
"timestamp": "1554925266",
"uuid": "5cae46d2-3224-49e4-8aee-4fc1950d210f"
},
{
"comment": "",
"object_uuid": "02f5bf02-c1ac-4142-be6b-978554a19a90",
"referenced_uuid": "93e7d27b-c857-4785-9eb2-3f1a21ab3ac3",
"relationship_type": "connected-to",
"timestamp": "1554925266",
"uuid": "5cae46d2-d654-4cbe-9d40-4ded950d210f"
},
{
"comment": "",
"object_uuid": "02f5bf02-c1ac-4142-be6b-978554a19a90",
"referenced_uuid": "aa8e532e-3b80-47e4-bb04-22d666a10bd7",
"relationship_type": "connected-to",
"timestamp": "1554925266",
"uuid": "5cae46d2-0438-48d4-943d-4e31950d210f"
},
{
"comment": "",
"object_uuid": "02f5bf02-c1ac-4142-be6b-978554a19a90",
"referenced_uuid": "0031ec2d-46ed-4835-93ef-e6b868a26e40",
"relationship_type": "connected-to",
"timestamp": "1554925266",
"uuid": "5cae46d2-0db4-4962-a602-4526950d210f"
},
{
"comment": "",
"object_uuid": "02f5bf02-c1ac-4142-be6b-978554a19a90",
"referenced_uuid": "378c38f0-377c-4626-949c-5eaa0a6367ae",
"relationship_type": "connected-to",
"timestamp": "1554925266",
"uuid": "5cae46d2-7ed8-4f90-a00e-4a66950d210f"
},
{
"comment": "",
"object_uuid": "02f5bf02-c1ac-4142-be6b-978554a19a90",
"referenced_uuid": "206ae99c-1cda-41e0-a81f-8e0e8c433156",
"relationship_type": "connected-to",
"timestamp": "1554925266",
"uuid": "5cae46d2-14b4-4eb6-999a-4e2b950d210f"
},
{
"comment": "",
"object_uuid": "02f5bf02-c1ac-4142-be6b-978554a19a90",
"referenced_uuid": "d959b41a-72bb-478a-b453-5dfac6fe0dc1",
"relationship_type": "connected-to",
"timestamp": "1554925266",
"uuid": "5cae46d2-912c-4f3f-9f7a-416b950d210f"
},
{
"comment": "",
"object_uuid": "02f5bf02-c1ac-4142-be6b-978554a19a90",
"referenced_uuid": "a7455d44-d858-472a-96ee-edea677be659",
"relationship_type": "connected-to",
"timestamp": "1554925266",
"uuid": "5cae46d2-b150-433d-8001-4488950d210f"
},
{
"comment": "",
"object_uuid": "02f5bf02-c1ac-4142-be6b-978554a19a90",
"referenced_uuid": "4fb3c39a-2c59-46d9-be12-028f54e577c9",
"relationship_type": "connected-to",
"timestamp": "1554925267",
"uuid": "5cae46d3-0af4-4868-9bcc-4fd0950d210f"
},
{
"comment": "",
"object_uuid": "02f5bf02-c1ac-4142-be6b-978554a19a90",
"referenced_uuid": "1c222ada-8f9b-4a30-9cb1-fc81cd47dee8",
"relationship_type": "analysed-with",
"timestamp": "1555061901",
"uuid": "5cb05c8d-2ff8-40d9-b810-205c950d210f"
}
],
"Attribute": [
{
"category": "Payload delivery",
"comment": "",
"deleted": false,
"disable_correlation": false,
"object_relation": "md5",
"timestamp": "1554925257",
"to_ids": false,
"type": "md5",
"uuid": "c5319927-f668-4bfa-be15-60044aee1f96",
"value": "dc268b166fe4c1d1c8595dccf857c476"
},
{
"category": "Payload delivery",
"comment": "",
"deleted": false,
"disable_correlation": false,
"object_relation": "sha1",
"timestamp": "1554925257",
"to_ids": false,
"type": "sha1",
"uuid": "63346b0e-b2db-4d16-886c-4daa2b74269f",
"value": "8264556c8a6e460760dc6bb72ecc6f0f966a16b8"
},
{
"category": "Payload delivery",
"comment": "",
"deleted": false,
"disable_correlation": false,
"object_relation": "sha256",
"timestamp": "1554925257",
"to_ids": false,
"type": "sha256",
"uuid": "519f1b51-9071-467b-976a-1ca1eace6d38",
"value": "49757cf85657757704656c079785c072bbc233cab942418d99d1f63d43f28359"
},
{
"category": "Payload delivery",
"comment": "",
"deleted": false,
"disable_correlation": false,
"object_relation": "sha512",
"timestamp": "1554925257",
"to_ids": false,
"type": "sha512",
"uuid": "90f512fb-80e2-41ef-9aa1-6c40217773d9",
"value": "b47c4caa0b5c17c982fcd040c7171d36ec962fe32e9b8bec567ee14b187507fe90e026aa05eec17d36c49a924eeaed55e66c95a111cfa9dcae0e305ab9515cac"
},
{
"category": "Payload delivery",
"comment": "",
"deleted": false,
"disable_correlation": false,
"object_relation": "ssdeep",
"timestamp": "1554925257",
"to_ids": false,
"type": "ssdeep",
"uuid": "c82e30a6-27e1-4df8-81b9-c16f50967298",
"value": "6144:jfsTC8amAXJeZP6BPjIDeLkigDxcvAHjVXjhtBGshMLa1Mj7rtlkiP60dwtudIye:jvg+Rg1cvAHtE0MLa07rt5POui6"
},
{
"category": "Payload delivery",
"comment": "",
"deleted": false,
"disable_correlation": true,
"object_relation": "filename",
"timestamp": "1554925257",
"to_ids": false,
"type": "filename",
"uuid": "565eeaa1-a469-41ff-bec9-258eabcefa3c",
"value": "rdpproto.dll"
},
{
"category": "Other",
"comment": "",
"deleted": false,
"disable_correlation": true,
"object_relation": "size-in-bytes",
"timestamp": "1554925257",
"to_ids": false,
"type": "size-in-bytes",
"uuid": "f4d7e926-6061-4557-9af1-b498c87fdb5f",
"value": "391680"
},
{
"category": "Other",
"comment": "",
"deleted": false,
"disable_correlation": true,
"object_relation": "entropy",
"timestamp": "1554925257",
"to_ids": false,
"type": "float",
"uuid": "03002130-d985-472d-a528-9719d016feec",
"value": "7.893665"
},
{
"category": "Artifacts dropped",
"comment": "",
"deleted": false,
"disable_correlation": true,
"object_relation": "mimetype",
"timestamp": "1554925257",
"to_ids": false,
"type": "mime-type",
"uuid": "ed42d50c-d0b6-4c3c-bdc7-fa1ecdb2f0ee",
"value": "PE32+ executable (DLL) (console) x86-64, for MS Windows"
}
]
},
{
"comment": "",
"deleted": false,
"description": "Whois records information for a domain name or an IP address.",
"meta-category": "network",
"name": "whois",
"template_uuid": "429faea1-34ff-47af-8a00-7c62d3be5a6a",
"template_version": "10",
"timestamp": "1554925257",
"uuid": "5e26a8e6-9554-46b4-9b95-e31d69198ea6",
"Attribute": [
{
"category": "Other",
"comment": "",
"deleted": false,
"disable_correlation": true,
"object_relation": "text",
"timestamp": "1554925257",
"to_ids": false,
"type": "text",
"uuid": "06c3dfcd-ff56-433f-b0c4-f0d3f9267690",
"value": "NetRange: 21.0.0.0 - 21.255.255.255\nCIDR: 21.0.0.0/8\nNetName: DNIC-SNET-021\nNetHandle: NET-21-0-0-0-1\nParent: ()\nNetType: Direct Allocation\nOriginAS: \nOrganization: DoD Network Information Center (DNIC)\nRegDate: 1991-06-30\nUpdated: 2009-06-19\nRef: https://whois.arin.net/rest/net/NET-21-0-0-0-1\n\n\nOrgName: DoD Network Information Center\nOrgId: DNIC\nAddress: 3990 E. Broad Street\nCity: Columbus\nStateProv: OH\nPostalCode: 43218\nCountry: US\nRegDate: \nUpdated: 2011-08-17\nRef: https://whois.arin.net/rest/org/DNIC"
}
]
},
{
"comment": "",
"deleted": false,
"description": "Whois records information for a domain name or an IP address.",
"meta-category": "network",
"name": "whois",
"template_uuid": "429faea1-34ff-47af-8a00-7c62d3be5a6a",
"template_version": "10",
"timestamp": "1554925257",
"uuid": "f08a32dc-ddbc-4164-8f6d-a564d7a7e31c",
"Attribute": [
{
"category": "Other",
"comment": "",
"deleted": false,
"disable_correlation": true,
"object_relation": "text",
"timestamp": "1554925257",
"to_ids": false,
"type": "text",
"uuid": "d29145ee-e6d4-42f3-a004-5fd763446416",
"value": "Domain Name: AMERITECH.NET\n Registry Domain ID: 81816_DOMAIN_NET-VRSN\n Registrar WHOIS Server: whois.corporatedomains.com\n Registrar URL: http://www.cscglobal.com/global/web/csc/digital-brand-services.html\n Updated Date: 2017-06-09T05:27:34Z\n Creation Date: 1996-06-14T04:00:00Z\n Registry Expiry Date: 2018-06-13T04:00:00Z\n Registrar: CSC Corporate Domains, Inc.\n Registrar IANA ID: 299\n Registrar Abuse Contact Email: domainabuse@cscglobal.com\n Registrar Abuse Contact Phone: 8887802723\n Domain Status: clientTransferProhibited https://icann.org/epp#clientTransferProhibited\n Name Server: NS1.ATTDNS.COM\n Name Server: NS2.ATTDNS.COM\n Name Server: NS3.ATTDNS.COM\n Name Server: NS4.ATTDNS.COM\n DNSSEC: unsigned\n\nDomain Name: ameritech.net\nRegistry Domain ID: 81816_DOMAIN_NET-VRSN\nRegistrar WHOIS Server: whois.corporatedomains.com\nRegistrar URL: www.cscprotectsbrands.com\nUpdated Date: 2017-06-09T05:27:34Z\nCreation Date: 1996-06-14T04:00:00Z\nRegistrar Registration Expiration Date: 2018-06-13T04:00:00Z\nRegistrar: CSC CORPORATE DOMAINS, INC.\nRegistrar IANA ID: 299\nRegistrar Abuse Contact Email: domainabuse@cscglobal.com\nRegistrar Abuse Contact Phone: +1.8887802723\nDomain Status: clientTransferProhibited http://www.icann.org/epp#clientTransferProhibited\nRegistry Registrant ID: \nRegistrant Name: Domain Administrator\nRegistrant Organization: AT&T SERVICES, INC.\nRegistrant Street: 801 Chestnut Street\nRegistrant City: Saint Louis\nRegistrant State/Province: MO\nRegistrant Postal Code: 63101\nRegistrant Country: US\nRegistrant Phone: +1.3142358168\nRegistrant Phone Ext: \nRegistrant Fax: +1.3142358168\nRegistrant Fax Ext: \nRegistrant Email: att-domains@att.com\nRegistry Admin ID: \nAdmin Name: Domain Administrator\nAdmin Organization: AT&T SERVICES, INC.\nAdmin Street: 801 Chestnut Street\nAdmin City: Saint Louis\nAdmin State/Province: MO\nAdmin Postal Code: 63101\nAdmin Country: US\nAdmin Phone: +1.3142358168\nAdmin Phone Ext: \nAdmin Fax: +1.3142358168\nAdmin Fax Ext: \nAdmin Email: att-domains@att.com\nRegistry Tech ID: \nTech Name: Domain Administrator\nTech Organization: AT&T SERVICES, INC.\nTech Street: 801 Chestnut Street\nTech City: Saint Louis\nTech State/Province: MO\nTech Postal Code: 63101\nTech Country: US\nTech Phone: +1.3142358168\nTech Phone Ext: \nTech Fax: +1.3142358168\nTech Fax Ext: \nTech Email: att-domains@att.com\nName Server: ns3.attdns.com\nName Server: ns1.attdns.com\nName Server: ns2.attdns.com\nName Server: ns4.attdns.com\nDNSSEC: unsigned"
}
]
},
{
"comment": "",
"deleted": false,
"description": "Whois records information for a domain name or an IP address.",
"meta-category": "network",
"name": "whois",
"template_uuid": "429faea1-34ff-47af-8a00-7c62d3be5a6a",
"template_version": "10",
"timestamp": "1554925257",
"uuid": "6e01219a-94b3-47e9-86c4-7f770ccb0fbb",
"Attribute": [
{
"category": "Other",
"comment": "",
"deleted": false,
"disable_correlation": true,
"object_relation": "text",
"timestamp": "1554925257",
"to_ids": false,
"type": "text",
"uuid": "3c6983a5-708a-4dd9-ac00-19a783aeaf1b",
"value": "inetnum: 113.112.0.0 - 113.119.255.255\nnetname: CHINANET-GD\ndescr: CHINANET Guangdong province network\ndescr: Data Communication Division\ndescr: China Telecom\ncountry: CN\nadmin-c: CH93-AP\ntech-c: IC83-AP\nremarks: service provider\nstatus: ALLOCATED PORTABLE\nmnt-by: APNIC-HM\nmnt-lower: MAINT-CHINANET-GD\nmnt-routes: MAINT-CHINANET-GD\nlast-modified: 2016-05-04T00:15:17Z\nsource: APNIC\nmnt-irt: IRT-CHINANET-CN\n\nirt: IRT-CHINANET-CN\naddress: No.31 ,jingrong street,beijing\naddress: 100032\ne-mail: anti-spam@ns.chinanet.cn.net\nabuse-mailbox: anti-spam@ns.chinanet.cn.net\nadmin-c: CH93-AP\ntech-c: CH93-AP\nauth: # Filtered\nmnt-by: MAINT-CHINANET\nlast-modified: 2010-11-15T00:31:55Z\nsource: APNIC\n\nperson: Chinanet Hostmaster\nnic-hdl: CH93-AP\ne-mail: anti-spam@ns.chinanet.cn.net\naddress: No.31 ,jingrong street,beijing\naddress: 100032\nphone: +86-10-58501724\nfax-no: +86-10-58501724\ncountry: CN\nmnt-by: MAINT-CHINANET\nlast-modified: 2014-02-27T03:37:38Z\nsource: APNIC\n\nperson: IPMASTER CHINANET-GD\nnic-hdl: IC83-AP\ne-mail: gdnoc_HLWI@189.cn\naddress: NO.18,RO. ZHONGSHANER,YUEXIU DISTRIC,GUANGZHOU\nphone: +86-20-87189274\nfax-no: +86-20-87189274\ncountry: CN\nmnt-by: MAINT-CHINANET-GD\nremarks: IPMASTER is not for spam complaint,please send spam complaint to abuse_gdnoc@189.cn\nabuse-mailbox: antispam_gdnoc@189.cn\nlast-modified: 2014-09-22T04:41:26Z\nsource: APNIC"
}
]
},
{
"comment": "",
"deleted": false,
"description": "Whois records information for a domain name or an IP address.",
"meta-category": "network",
"name": "whois",
"template_uuid": "429faea1-34ff-47af-8a00-7c62d3be5a6a",
"template_version": "10",
"timestamp": "1554925257",
"uuid": "d3914c3e-70f1-4dc8-9748-009b973cacc2",
"Attribute": [
{
"category": "Other",
"comment": "",
"deleted": false,
"disable_correlation": true,
"object_relation": "text",
"timestamp": "1554925257",
"to_ids": false,
"type": "text",
"uuid": "f4d8f03d-4796-49d5-858b-9e3ae235dc64",
"value": "Domain Name: FRONTIERNET.NET\n Registry Domain ID: 4305589_DOMAIN_NET-VRSN\n Registrar WHOIS Server: whois.register.com\n Registrar URL: http://www.register.com\n Updated Date: 2017-09-14T07:53:05Z\n Creation Date: 1995-10-14T04:00:00Z\n Registry Expiry Date: 2018-10-13T04:00:00Z\n Registrar: Register.com, Inc.\n Registrar IANA ID: 9\n Registrar Abuse Contact Email: abuse@web.com\n Registrar Abuse Contact Phone: +1.8003337680\n Domain Status: clientTransferProhibited https://icann.org/epp#clientTransferProhibited\n Name Server: AUTH.DLLS.PA.FRONTIERNET.NET\n Name Server: AUTH.FRONTIERNET.NET\n Name Server: AUTH.LKVL.MN.FRONTIERNET.NET\n Name Server: AUTH.ROCH.NY.FRONTIERNET.NET\n DNSSEC: unsigned\n\nDomain Name: FRONTIERNET.NET\nRegistry Domain ID: 4305589_DOMAIN_NET-VRSN\nRegistrar WHOIS Server: whois.register.com\nRegistrar URL: www.register.com\nUpdated Date: 2017-09-14T00:53:05.00Z\nCreation Date: 1995-10-14T04:00:00.00Z\nRegistrar Registration Expiration Date: 2018-10-13T04:00:00.00Z\nRegistrar: REGISTER.COM, INC.\nRegistrar IANA ID: 9\nDomain Status: clientTransferProhibited https://www.icann.org/epp#clientTransferProhibited\nRegistry Registrant ID: \nRegistrant Name: FRONTIERNET HOSTMASTER\nRegistrant Organization: \nRegistrant Street: 95 N. FITZHUGH ST.\nRegistrant City: ROCHESTER\nRegistrant State/Province: NY\nRegistrant Postal Code: 14614-1212\nRegistrant Country: US\nRegistrant Phone: +1.8664747662\nRegistrant Phone Ext: \nRegistrant Fax: \nRegistrant Fax Ext:\nRegistrant Email: HOSTMASTER@FRONTIERNET.NET\nRegistry Admin ID: \nAdmin Name: FRONTIERNET HOSTMASTER\nAdmin Organization: \nAdmin Street: 95 N. FITZHUGH ST.\nAdmin City: ROCHESTER\nAdmin State/Province: NY\nAdmin Postal Code: 14614-1212\nAdmin Country: US\nAdmin Phone: +1.8664747662\nAdmin Phone Ext: \nAdmin Fax: \nAdmin Fax Ext:\nAdmin Email: HOSTMASTER@FRONTIERNET.NET\nRegistry Tech ID: \nTech Name: FRONTIERNET HOSTMASTER\nTech Organization: \nTech Street: 95 N. FITZHUGH ST.\nTech City: ROCHESTER\nTech State/Province: NY\nTech Postal Code: 14614-1212\nTech Country: US\nTech Phone: +1.8664747662\nTech Phone Ext: \nTech Fax: \nTech Fax Ext: \nTech Email: HOSTMASTER@FRONTIERNET.NET\nName Server: AUTH.DLLS.PA.FRONTIERNET.NET\nName Server: AUTH.FRONTIERNET.NET\nName Server: AUTH.LKVL.MN.FRONTIERNET.NET\nName Server: AUTH.ROCH.NY.FRONTIERNET.NET\nDNSSEC: unSigned"
}
]
},
{
"comment": "",
"deleted": false,
"description": "Whois records information for a domain name or an IP address.",
"meta-category": "network",
"name": "whois",
"template_uuid": "429faea1-34ff-47af-8a00-7c62d3be5a6a",
"template_version": "10",
"timestamp": "1554925257",
"uuid": "b5d6f570-a5ec-4760-8d47-ae9c8d2533b6",
"Attribute": [
{
"category": "Other",
"comment": "",
"deleted": false,
"disable_correlation": true,
"object_relation": "text",
"timestamp": "1554925257",
"to_ids": false,
"type": "text",
"uuid": "43efc76a-063e-402f-95b1-adda61922cc1",
"value": "Domain Name: NEXTGENTEL.COM\n Registry Domain ID: 13395561_DOMAIN_COM-VRSN\n Registrar WHOIS Server: whois.domaininfo.com\n Registrar URL: http://www.ports.domains\n Updated Date: 2017-11-10T23:44:50Z\n Creation Date: 1999-11-17T15:47:51Z\n Registry Expiry Date: 2018-11-17T15:47:51Z\n Registrar: Ports Group AB\n Registrar IANA ID: 73\n Registrar Abuse Contact Email: abuse@portsgroup.se\n Registrar Abuse Contact Phone: +46.707260017\n Domain Status: clientTransferProhibited https://icann.org/epp#clientTransferProhibited\n Name Server: ANYADNS1.NEXTGENTEL.NET\n Name Server: ANYADNS2.NEXTGENTEL.NET\n DNSSEC: unsigned\n\nDomain Name: nextgentel.com\nRegistry Domain ID: 13395561_DOMAIN_COM-VRSN\nRegistrar WHOIS Server: whois.domaininfo.com\nRegistrar URL: ports.domains\nUpdated Date: 2017-11-10T23:44:50Z\nCreation Date: 1999-11-17T15:47:51Z\nRegistrar Registration Expiration Date: 2018-11-17T15:47:51Z\nRegistrar: PortsGroup AB\nRegistrar IANA ID: 73\nRegistrar Abuse Contact Email: abuse@portsgroup.se\nRegistrar Abuse Contact Phone: +46.317202000\nDomain Status: clientTransferProhibited https://icann.org/epp#clientTransferProhibited\nRegistry Registrant ID: \nRegistrant Name: Hostmaster\nRegistrant Organization: NextGenTel AS\nRegistrant Street: Sandslimarka 31\nRegistrant City: SANDSLI\nRegistrant State/Province: \nRegistrant Postal Code: 5254\nRegistrant Country: NO\nRegistrant Phone: +47.55527900\nRegistrant Fax: +47.55527910\nRegistrant Email: hostmaster@nextgentel.com\nRegistry Admin ID: \nAdmin Name: Hostmaster\nAdmin Organization: NextGenTel AS\nAdmin Street: Sandslimarka 31\nAdmin City: Sandsli\nAdmin State/Province: \nAdmin Postal Code: 5254\nAdmin Country: NO\nAdmin Phone: +47.55527900\nAdmin Fax: +47.55527910\nAdmin Email: hostmaster@nextgentel.com\nRegistry Tech ID: \nTech Name: Hostmaster v/ Eivind Olsen\nTech Organization: NextGenTel AS\nTech Street: Postboks 3 Sandsli\nTech City: Bergen\nTech State/Province: \nTech Postal Code: 5861\nTech Country: NO\nTech Phone: +47.41649322\nTech Fax: +47.55527910\nTech Email: hostmaster@nextgentel.com\nName Server: ANYADNS1.NEXTGENTEL.NET\nName Server: ANYADNS2.NEXTGENTEL.NET\nDNSSEC: unsigned"
}
]
},
{
"comment": "",
"deleted": false,
"description": "Whois records information for a domain name or an IP address.",
"meta-category": "network",
"name": "whois",
"template_uuid": "429faea1-34ff-47af-8a00-7c62d3be5a6a",
"template_version": "10",
"timestamp": "1554925257",
"uuid": "2ba66826-3848-41e9-a0b0-18433680ff80",
"Attribute": [
{
"category": "Other",
"comment": "",
"deleted": false,
"disable_correlation": true,
"object_relation": "text",
"timestamp": "1554925257",
"to_ids": false,
"type": "text",
"uuid": "7f7c6c2b-9522-48cb-8251-4ebdc47299a4",
"value": "NetRange: 26.0.0.0 - 26.255.255.255\nCIDR: 26.0.0.0/8\nNetName: DISANET26\nNetHandle: NET-26-0-0-0-1\nParent: ()\nNetType: Direct Allocation\nOriginAS: \nOrganization: DoD Network Information Center (DNIC)\nRegDate: 1995-04-30\nUpdated: 2009-06-19\nRef: https://whois.arin.net/rest/net/NET-26-0-0-0-1\n\n\nOrgName: DoD Network Information Center\nOrgId: DNIC\nAddress: 3990 E. Broad Street\nCity: Columbus\nStateProv: OH\nPostalCode: 43218\nCountry: US\nRegDate: \nUpdated: 2011-08-17\nRef: https://whois.arin.net/rest/org/DNIC\n\n\nOrgTechHandle: MIL-HSTMST-ARIN\nOrgTechName: Network DoD\nOrgTechPhone: +1-844-347-2457 \nOrgTechEmail: disa.columbus.ns.mbx.hostmaster-dod-nic@mail.mil\nOrgTechRef: https://whois.arin.net/rest/poc/MIL-HSTMST-ARIN\n\nOrgAbuseHandle: REGIS10-ARIN\nOrgAbuseName: Registration\nOrgAbusePhone: +1-844-347-2457 \nOrgAbuseEmail: disa.columbus.ns.mbx.arin-registrations@mail.mil\nOrgAbuseRef: https://whois.arin.net/rest/poc/REGIS10-ARIN\n\nOrgTechHandle: REGIS10-ARIN\nOrgTechName: Registration\nOrgTechPhone: +1-844-347-2457 \nOrgTechEmail: disa.columbus.ns.mbx.arin-registrations@mail.mil\nOrgTechRef: https://whois.arin.net/rest/poc/REGIS10-ARIN"
}
]
},
{
"comment": "",
"deleted": false,
"description": "Whois records information for a domain name or an IP address.",
"meta-category": "network",
"name": "whois",
"template_uuid": "429faea1-34ff-47af-8a00-7c62d3be5a6a",
"template_version": "10",
"timestamp": "1554925257",
"uuid": "955a399e-186e-4973-b937-eac9a78c3caa",
"Attribute": [
{
"category": "Other",
"comment": "",
"deleted": false,
"disable_correlation": true,
"object_relation": "text",
"timestamp": "1554925257",
"to_ids": false,
"type": "text",
"uuid": "7f35fda5-8e4e-4ce1-b8ee-8b13d75f5361",
"value": "NetRange: 137.139.0.0 - 137.139.255.255\nCIDR: 137.139.0.0/16\nNetName: SUC-OLDWEST\nNetHandle: NET-137-139-0-0-1\nParent: NET137 (NET-137-0-0-0-0)\nNetType: Direct Assignment\nOriginAS: \nOrganization: SUNY College at Old Westbury (SCAOW)\nRegDate: 1989-11-29\nUpdated: 2014-02-18\nRef: https://whois.arin.net/rest/net/NET-137-139-0-0-1\n\n\nOrgName: SUNY College at Old Westbury\nOrgId: SCAOW\nAddress: 223 Store Hill Road\nCity: Old Westbury\nStateProv: NY\nPostalCode: 11568\nCountry: US\nRegDate: 1989-11-29\nUpdated: 2011-09-24\nRef: https://whois.arin.net/rest/org/SCAOW\n\n\nOrgTechHandle: SUNYO-ARIN\nOrgTechName: SUNYOWNOC\nOrgTechPhone: +1-516-876-3379 \nOrgTechEmail: sunyownoc@oldwestbury.edu\nOrgTechRef: https://whois.arin.net/rest/poc/SUNYO-ARIN\n\nOrgAbuseHandle: SUNYO-ARIN\nOrgAbuseName: SUNYOWNOC\nOrgAbusePhone: +1-516-876-3379 \nOrgAbuseEmail: sunyownoc@oldwestbury.edu\nOrgAbuseRef: https://whois.arin.net/rest/poc/SUNYO-ARIN\n\nRAbuseHandle: SUNYO-ARIN\nRAbuseName: SUNYOWNOC\nRAbusePhone: +1-516-876-3379 \nRAbuseEmail: sunyownoc@oldwestbury.edu\nRAbuseRef: https://whois.arin.net/rest/poc/SUNYO-ARIN\n\nRTechHandle: SUNYO-ARIN\nRTechName: SUNYOWNOC\nRTechPhone: +1-516-876-3379 \nRTechEmail: sunyownoc@oldwestbury.edu\nRTechRef: https://whois.arin.net/rest/poc/SUNYO-ARIN\n\nRNOCHandle: SUNYO-ARIN\nRNOCName: SUNYOWNOC\nRNOCPhone: +1-516-876-3379 \nRNOCEmail: sunyownoc@oldwestbury.edu\nRNOCRef: https://whois.arin.net/rest/poc/SUNYO-ARIN"
}
]
},
{
"comment": "",
"deleted": false,
"description": "Whois records information for a domain name or an IP address.",
"meta-category": "network",
"name": "whois",
"template_uuid": "429faea1-34ff-47af-8a00-7c62d3be5a6a",
"template_version": "10",
"timestamp": "1554925257",
"uuid": "a5e80ae2-c3ea-4d96-ae64-9e67bb8823b8",
"Attribute": [
{
"category": "Other",
"comment": "",
"deleted": false,
"disable_correlation": true,
"object_relation": "text",
"timestamp": "1554925257",
"to_ids": false,
"type": "text",
"uuid": "8d02a0d2-c5f2-4f89-83fc-fd5998ef9bc4",
"value": "Domain Name: CHARTER.COM\n Registry Domain ID: 340223_DOMAIN_COM-VRSN\n Registrar WHOIS Server: whois.markmonitor.com\n Registrar URL: http://www.markmonitor.com\n Updated Date: 2017-07-03T04:22:18Z\n Creation Date: 1994-07-30T04:00:00Z\n Registry Expiry Date: 2019-07-29T04:00:00Z\n Registrar: MarkMonitor Inc.\n Registrar IANA ID: 292\n Registrar Abuse Contact Email: abusecomplaints@markmonitor.com\n Registrar Abuse Contact Phone: +1.2083895740\n Domain Status: clientDeleteProhibited https://icann.org/epp#clientDeleteProhibited\n Domain Status: clientTransferProhibited https://icann.org/epp#clientTransferProhibited\n Domain Status: clientUpdateProhibited https://icann.org/epp#clientUpdateProhibited\n Name Server: NS1.CHARTER.COM\n Name Server: NS2.CHARTER.COM\n Name Server: NS3.CHARTER.COM\n Name Server: NS4.CHARTER.COM\n DNSSEC: unsigned\n\nDomain Name: charter.com\nRegistry Domain ID: 340223_DOMAIN_COM-VRSN\nRegistrar WHOIS Server: whois.markmonitor.com\nRegistrar URL: http://www.markmonitor.com\nUpdated Date: 2017-12-18T04:00:14-0800\nCreation Date: 1994-07-29T21:00:00-0700\nRegistrar Registration Expiration Date: 2019-07-28T21:00:00-0700\nRegistrar: MarkMonitor, Inc.\nRegistrar IANA ID: 292\nRegistrar Abuse Contact Email: abusecomplaints@markmonitor.com\nRegistrar Abuse Contact Phone: +1.2083895740\nDomain Status: clientUpdateProhibited (https://www.icann.org/epp#clientUpdateProhibited)\nDomain Status: clientTransferProhibited (https://www.icann.org/epp#clientTransferProhibited)\nDomain Status: clientDeleteProhibited (https://www.icann.org/epp#clientDeleteProhibited)\nRegistry Registrant ID: \nRegistrant Name: Domain Admin\nRegistrant Organization: Charter Communications Operating, LLC\nRegistrant Street: 12405 Powerscourt Drive, \nRegistrant City: Saint Louis\nRegistrant State/Province: MO\nRegistrant Postal Code: 63131\nRegistrant Country: US\nRegistrant Phone: +1.3149650555\nRegistrant Phone Ext: \nRegistrant Fax: +1.9064010617\nRegistrant Fax Ext: \nRegistrant Email: hostmaster@charter.com\nRegistry Admin ID: \nAdmin Name: Domain Admin\nAdmin Organization: Charter Communications Operating, LLC\nAdmin Street: 12405 Powerscourt Drive, \nAdmin City: Saint Louis\nAdmin State/Province: MO\nAdmin Postal Code: 63131\nAdmin Country: US\nAdmin Phone: +1.3149650555\nAdmin Phone Ext: \nAdmin Fax: +1.9064010617\nAdmin Fax Ext: \nAdmin Email: hostmaster@charter.com\nRegistry Tech ID: \nTech Name: Charter Communications Internet Security and Abuse\nTech Organization: Charter Communications Operating, LLC\nTech Street: 12405 Powerscourt Drive, \nTech City: Saint Louis\nTech State/Province: MO\nTech Postal Code: 63131\nTech Country: US\nTech Phone: +1.3142883111\nTech Phone Ext: \nTech Fax: +1.3149090609\nTech Fax Ext: \nTech Email: abuse@charter.net\nName Server: ns4.charter.com\nName Server: ns3.charter.com\nName Server: ns1.charter.com\nName Server: ns2.charter.com\nDNSSEC: unsigned"
}
]
},
{
"comment": "",
"deleted": false,
"description": "Whois records information for a domain name or an IP address.",
"meta-category": "network",
"name": "whois",
"template_uuid": "429faea1-34ff-47af-8a00-7c62d3be5a6a",
"template_version": "10",
"timestamp": "1554925257",
"uuid": "476563e7-aac9-4a76-b8d8-c33020d34baf",
"Attribute": [
{
"category": "Other",
"comment": "",
"deleted": false,
"disable_correlation": true,
"object_relation": "text",
"timestamp": "1554925258",
"to_ids": false,
"type": "text",
"uuid": "29d96991-79d7-4b7d-a669-091ccc08a7cd",
"value": "Domain Name: UCI.EDU\n\nRegistrant:\n University of California, Irvine\n 6366 Ayala Science Library\n Irvine, CA 92697-1175\n UNITED STATES\n\nAdministrative Contact:\n Con Wieland\n University of California, Irvine\n Office of Information Technology\n 6366 Ayala Science Library\n Irvine, CA 92697-1175\n UNITED STATES\n (949) 824-2222\n oit-nsp@uci.edu\n\nTechnical Contact:\n Con Wieland\n University of California, Irvine\n Office of Information Technology\n 6366 Ayala Science Library\n Irvine, CA 92697-1175\n UNITED STATES\n (949) 824-2222\n oit-nsp@uci.edu\n\nName Servers: \n NS4.SERVICE.UCI.EDU 128.200.59.190\n NS5.SERVICE.UCI.EDU 52.26.131.47\n\nDomain record activated: 30-Sep-1985\nDomain record last updated: 07-Jul-2016\nDomain expires: 31-Jul-2018"
}
]
},
{
"comment": "",
"deleted": false,
"description": "Whois records information for a domain name or an IP address.",
"meta-category": "network",
"name": "whois",
"template_uuid": "429faea1-34ff-47af-8a00-7c62d3be5a6a",
"template_version": "10",
"timestamp": "1554925258",
"uuid": "5053da1b-c011-42ca-b739-3cf3d1a9e05e",
"Attribute": [
{
"category": "Other",
"comment": "",
"deleted": false,
"disable_correlation": true,
"object_relation": "text",
"timestamp": "1554925258",
"to_ids": false,
"type": "text",
"uuid": "eb87ff45-c8bd-4a00-943a-933c59fd836b",
"value": "inetnum: 186.168/15\nstatus: allocated\naut-num: N/A\nowner: COLOMBIA TELECOMUNICACIONES S.A. ESP\nownerid: CO-CTSE-LACNIC\nresponsible: Administradores Internet\naddress: Transversal 60, 114, A 55\naddress: N - BOGOTA - Cu\ncountry: CO\nphone: +57 1 5339833 []\nowner-c: CTE7\ntech-c: CTE7\nabuse-c: CTE7\ninetrev: 186.169/16\nnserver: DNS5.TELECOM.COM.CO \nnsstat: 20171220 AA\nnslastaa: 20171220\nnserver: DNS.TELECOM.COM.CO \nnsstat: 20171220 AA\nnslastaa: 20171220\ncreated: 20110404\nchanged: 20141111\n\nnic-hdl: CTE7\nperson: Grupo de Administradores Internet\ne-mail: admin.internet@TELECOM.COM.CO\naddress: Transversal, 60, 114 A, 55\naddress: 571111 - BOGOTA DC - CU\ncountry: CO\nphone: +57 1 7050000 [71360]\ncreated: 20140220\nchanged: 20140220"
}
]
},
{
"comment": "",
"deleted": false,
"description": "Object describing a section of a Portable Executable",
"meta-category": "file",
"name": "pe-section",
"template_uuid": "198a17d2-a135-4b25-9a32-5aa4e632014a",
"template_version": "2",
"timestamp": "1554925258",
"uuid": "8e875ae8-911f-4dcd-b7bb-8a9072d3644e",
"Attribute": [
{
"category": "Other",
"comment": "",
"deleted": false,
"disable_correlation": true,
"object_relation": "entropy",
"timestamp": "1554925258",
"to_ids": false,
"type": "float",
"uuid": "2ecc3fc2-c6cf-4b52-9363-9c39b33928ff",
"value": "2.628651"
},
{
"category": "Payload delivery",
"comment": "",
"deleted": false,
"disable_correlation": false,
"object_relation": "md5",
"timestamp": "1554925258",
"to_ids": true,
"type": "md5",
"uuid": "563ab654-eb9d-4c19-94ea-b0b7f774ebcb",
"value": "40d66d1a2f846d7c3bf291c604c9fca3"
},
{
"category": "Other",
"comment": "",
"deleted": false,
"disable_correlation": true,
"object_relation": "size-in-bytes",
"timestamp": "1554925258",
"to_ids": false,
"type": "size-in-bytes",
"uuid": "8ac6a441-1e36-4d9a-894e-3cf3f5332c97",
"value": "1024"
}
]
},
{
"comment": "",
"deleted": false,
"description": "Object describing a section of a Portable Executable",
"meta-category": "file",
"name": "pe-section",
"template_uuid": "198a17d2-a135-4b25-9a32-5aa4e632014a",
"template_version": "2",
"timestamp": "1554925258",
"uuid": "f4844fcb-3d68-4d09-8bbb-7619a0942846",
"Attribute": [
{
"category": "Payload delivery",
"comment": "",
"deleted": false,
"disable_correlation": false,
"object_relation": "md5",
"timestamp": "1554925258",
"to_ids": true,
"type": "md5",
"uuid": "a4ab07b8-96f9-4084-97f2-9b7345af7ef5",
"value": "d061ffec6721133c433386c96520bc55"
},
{
"category": "Other",
"comment": "",
"deleted": false,
"disable_correlation": true,
"object_relation": "entropy",
"timestamp": "1554925258",
"to_ids": false,
"type": "float",
"uuid": "93b3e0f4-a3d4-4020-8575-a13ab52c5119",
"value": "5.999734"
},
{
"category": "Other",
"comment": "",
"deleted": false,
"disable_correlation": true,
"object_relation": "name",
"timestamp": "1554925258",
"to_ids": false,
"type": "text",
"uuid": "0a7b1c24-9d95-4f16-aacd-418ef62ed999",
"value": ".text"
},
{
"category": "Other",
"comment": "",
"deleted": false,
"disable_correlation": true,
"object_relation": "size-in-bytes",
"timestamp": "1554925258",
"to_ids": false,
"type": "size-in-bytes",
"uuid": "fcadb683-a76d-4312-a5e1-6dc74687ddea",
"value": "284160"
}
]
},
{
"comment": "",
"deleted": false,
"description": "Object describing a section of a Portable Executable",
"meta-category": "file",
"name": "pe-section",
"template_uuid": "198a17d2-a135-4b25-9a32-5aa4e632014a",
"template_version": "2",
"timestamp": "1554925258",
"uuid": "8da40bf6-a137-4af6-b7d2-4a6fec51aecd",
"Attribute": [
{
"category": "Payload delivery",
"comment": "",
"deleted": false,
"disable_correlation": false,
"object_relation": "md5",
"timestamp": "1554925259",
"to_ids": true,
"type": "md5",
"uuid": "e1d6425e-ea48-4ae1-a60a-1f2cfe667de7",
"value": "cbbc6550dcbdcaf012bdbf758a377779"
},
{
"category": "Other",
"comment": "",
"deleted": false,
"disable_correlation": true,
"object_relation": "entropy",
"timestamp": "1554925259",
"to_ids": false,
"type": "float",
"uuid": "844ade24-22b9-4573-a4f7-762db4dafa74",
"value": "5.789426"
},
{
"category": "Other",
"comment": "",
"deleted": false,
"disable_correlation": true,
"object_relation": "name",
"timestamp": "1554925259",
"to_ids": false,
"type": "text",
"uuid": "895270ad-3f06-4b36-a994-d1c35f4ac2f2",
"value": ".rdata"
},
{
"category": "Other",
"comment": "",
"deleted": false,
"disable_correlation": true,
"object_relation": "size-in-bytes",
"timestamp": "1554925259",
"to_ids": false,
"type": "size-in-bytes",
"uuid": "0af1ce03-ad1c-4fbd-ab39-178c0fe622fa",
"value": "38912"
}
]
},
{
"comment": "",
"deleted": false,
"description": "Object describing a section of a Portable Executable",
"meta-category": "file",
"name": "pe-section",
"template_uuid": "198a17d2-a135-4b25-9a32-5aa4e632014a",
"template_version": "2",
"timestamp": "1554925259",
"uuid": "6f0934e5-279f-4bd3-93e1-b881f5c59504",
"Attribute": [
{
"category": "Payload delivery",
"comment": "",
"deleted": false,
"disable_correlation": false,
"object_relation": "md5",
"timestamp": "1554925259",
"to_ids": true,
"type": "md5",
"uuid": "07c0c5d4-576b-4e71-8de4-1b8ac6de8207",
"value": "c83bcaab05056d5b84fc609f41eed210"
},
{
"category": "Other",
"comment": "",
"deleted": false,
"disable_correlation": true,
"object_relation": "entropy",
"timestamp": "1554925259",
"to_ids": false,
"type": "float",
"uuid": "69a184b6-4076-4fff-a3ff-5d1b902c2f23",
"value": "3.105496"
},
{
"category": "Other",
"comment": "",
"deleted": false,
"disable_correlation": true,
"object_relation": "name",
"timestamp": "1554925259",
"to_ids": false,
"type": "text",
"uuid": "3fe5fa7d-004c-4a10-be99-64cd94fbbb52",
"value": ".data"
},
{
"category": "Other",
"comment": "",
"deleted": false,
"disable_correlation": true,
"object_relation": "size-in-bytes",
"timestamp": "1554925259",
"to_ids": false,
"type": "size-in-bytes",
"uuid": "0b76128c-6581-41a8-9735-400bfcf05401",
"value": "7680"
}
]
},
{
"comment": "",
"deleted": false,
"description": "Object describing a section of a Portable Executable",
"meta-category": "file",
"name": "pe-section",
"template_uuid": "198a17d2-a135-4b25-9a32-5aa4e632014a",
"template_version": "2",
"timestamp": "1554925259",
"uuid": "11f10ac7-5b61-4363-bd6a-59ac0b8fcc9e",
"Attribute": [
{
"category": "Payload delivery",
"comment": "",
"deleted": false,
"disable_correlation": false,
"object_relation": "md5",
"timestamp": "1554925259",
"to_ids": true,
"type": "md5",
"uuid": "07a02acc-d3c4-4306-a3fa-8e36d31996f4",
"value": "b9fc36206883aa1902566b5d01c27473"
},
{
"category": "Other",
"comment": "",
"deleted": false,
"disable_correlation": true,
"object_relation": "entropy",
"timestamp": "1554925259",
"to_ids": false,
"type": "float",
"uuid": "a09e668c-24aa-440f-ae05-685d59ecfb43",
"value": "5.319307"
},
{
"category": "Other",
"comment": "",
"deleted": false,
"disable_correlation": true,
"object_relation": "name",
"timestamp": "1554925259",
"to_ids": false,
"type": "text",
"uuid": "10921a52-79ef-4432-87e6-f33b55588ff8",
"value": ".pdata"
},
{
"category": "Other",
"comment": "",
"deleted": false,
"disable_correlation": true,
"object_relation": "size-in-bytes",
"timestamp": "1554925259",
"to_ids": false,
"type": "size-in-bytes",
"uuid": "3fd44ca1-7d53-446b-b261-df018a620fb0",
"value": "8704"
}
]
},
{
"comment": "",
"deleted": false,
"description": "Object describing a section of a Portable Executable",
"meta-category": "file",
"name": "pe-section",
"template_uuid": "198a17d2-a135-4b25-9a32-5aa4e632014a",
"template_version": "2",
"timestamp": "1554925259",
"uuid": "1b766990-d382-462f-a49c-1f5c53715ed4",
"Attribute": [
{
"category": "Payload delivery",
"comment": "",
"deleted": false,
"disable_correlation": false,
"object_relation": "md5",
"timestamp": "1554925259",
"to_ids": true,
"type": "md5",
"uuid": "93a4f8d0-362b-4044-98cc-688f8601efd4",
"value": "1c1d46056b4cb4627a5f92112b7e09f7"
},
{
"category": "Other",
"comment": "",
"deleted": false,
"disable_correlation": true,
"object_relation": "entropy",
"timestamp": "1554925259",
"to_ids": false,
"type": "float",
"uuid": "ad08798d-2954-4bb0-95bc-72d35355bcbe",
"value": "5.608168"
},
{
"category": "Other",
"comment": "",
"deleted": false,
"disable_correlation": true,
"object_relation": "name",
"timestamp": "1554925259",
"to_ids": false,
"type": "text",
"uuid": "bd3d6eeb-cc89-4470-adcf-10adcf41ce62",
"value": ".rsrc"
},
{
"category": "Other",
"comment": "",
"deleted": false,
"disable_correlation": true,
"object_relation": "size-in-bytes",
"timestamp": "1554925259",
"to_ids": false,
"type": "size-in-bytes",
"uuid": "a4033d18-8a40-488e-86fd-b1bb3374ef7c",
"value": "4096"
}
]
},
{
"comment": "",
"deleted": false,
"description": "Object describing a section of a Portable Executable",
"meta-category": "file",
"name": "pe-section",
"template_uuid": "198a17d2-a135-4b25-9a32-5aa4e632014a",
"template_version": "2",
"timestamp": "1554925259",
"uuid": "eb73eb8b-04c4-4e27-b803-b60d56347fec",
"Attribute": [
{
"category": "Payload delivery",
"comment": "",
"deleted": false,
"disable_correlation": false,
"object_relation": "md5",
"timestamp": "1554925259",
"to_ids": true,
"type": "md5",
"uuid": "aca886e2-51f8-4835-9211-f22190c5b67c",
"value": "3baedaa3d6b6d6dc9fb0ec4f5c3b007c"
},
{
"category": "Other",
"comment": "",
"deleted": false,
"disable_correlation": true,
"object_relation": "entropy",
"timestamp": "1554925259",
"to_ids": false,
"type": "float",
"uuid": "958a5c3d-aa8d-4777-b150-2baffe03db3b",
"value": "2.331154"
},
{
"category": "Other",
"comment": "",
"deleted": false,
"disable_correlation": true,
"object_relation": "name",
"timestamp": "1554925259",
"to_ids": false,
"type": "text",
"uuid": "59065f07-43bc-439b-93f0-979fb6753c5b",
"value": ".reloc"
},
{
"category": "Other",
"comment": "",
"deleted": false,
"disable_correlation": true,
"object_relation": "size-in-bytes",
"timestamp": "1554925259",
"to_ids": false,
"type": "size-in-bytes",
"uuid": "6edf96a2-b96d-4757-9f8c-ece9fd724147",
"value": "2048"
}
]
},
{
"comment": "",
"deleted": false,
"description": "Object describing a Portable Executable",
"meta-category": "file",
"name": "pe",
"template_uuid": "cf7adecc-d4f0-4e88-9d90-f978ee151a07",
"template_version": "3",
"timestamp": "1554925259",
"uuid": "c2881aa4-04fd-45b9-922b-93273fd2f4a7",
"ObjectReference": [
{
"comment": "",
"object_uuid": "c2881aa4-04fd-45b9-922b-93273fd2f4a7",
"referenced_uuid": "8e875ae8-911f-4dcd-b7bb-8a9072d3644e",
"relationship_type": "header-of",
"timestamp": "1554925267",
"uuid": "5cae46d3-4da0-443b-a7a8-4bae950d210f"
},
{
"comment": "",
"object_uuid": "c2881aa4-04fd-45b9-922b-93273fd2f4a7",
"referenced_uuid": "f4844fcb-3d68-4d09-8bbb-7619a0942846",
"relationship_type": "included-in",
"timestamp": "1554925267",
"uuid": "5cae46d3-99c8-4650-9e73-4f4f950d210f"
},
{
"comment": "",
"object_uuid": "c2881aa4-04fd-45b9-922b-93273fd2f4a7",
"referenced_uuid": "8da40bf6-a137-4af6-b7d2-4a6fec51aecd",
"relationship_type": "included-in",
"timestamp": "1554925267",
"uuid": "5cae46d3-ed5c-46db-b28a-4eb4950d210f"
},
{
"comment": "",
"object_uuid": "c2881aa4-04fd-45b9-922b-93273fd2f4a7",
"referenced_uuid": "6f0934e5-279f-4bd3-93e1-b881f5c59504",
"relationship_type": "included-in",
"timestamp": "1554925267",
"uuid": "5cae46d3-2980-4567-baf4-45ab950d210f"
},
{
"comment": "",
"object_uuid": "c2881aa4-04fd-45b9-922b-93273fd2f4a7",
"referenced_uuid": "11f10ac7-5b61-4363-bd6a-59ac0b8fcc9e",
"relationship_type": "included-in",
"timestamp": "1554925267",
"uuid": "5cae46d3-eb5c-4db9-b9e5-41b0950d210f"
},
{
"comment": "",
"object_uuid": "c2881aa4-04fd-45b9-922b-93273fd2f4a7",
"referenced_uuid": "1b766990-d382-462f-a49c-1f5c53715ed4",
"relationship_type": "included-in",
"timestamp": "1554925267",
"uuid": "5cae46d3-6a2c-4d2f-a6a6-4740950d210f"
},
{
"comment": "",
"object_uuid": "c2881aa4-04fd-45b9-922b-93273fd2f4a7",
"referenced_uuid": "eb73eb8b-04c4-4e27-b803-b60d56347fec",
"relationship_type": "included-in",
"timestamp": "1554925267",
"uuid": "5cae46d3-0e18-4d94-95d6-403a950d210f"
}
],
"Attribute": [
{
"category": "Payload delivery",
"comment": "",
"deleted": false,
"disable_correlation": true,
"object_relation": "internal-filename",
"timestamp": "1554925259",
"to_ids": true,
"type": "filename",
"uuid": "8cbd08d1-3bf4-41ec-b2d5-e63f763ed4ba",
"value": "42682D4A78FE5C2EDA988185A344637D"
},
{
"category": "Payload delivery",
"comment": "",
"deleted": false,
"disable_correlation": true,
"object_relation": "original-filename",
"timestamp": "1554925259",
"to_ids": true,
"type": "filename",
"uuid": "ce0be99a-072c-406b-8514-c4a77a601ba2",
"value": "42682D4A78FE5C2EDA988185A344637D"
},
{
"category": "Other",
"comment": "",
"deleted": false,
"disable_correlation": true,
"object_relation": "number-sections",
"timestamp": "1554925259",
"to_ids": false,
"type": "counter",
"uuid": "6417335b-0590-4a9b-b12b-ab5b4f61950a",
"value": "7"
}
]
},
{
"comment": "",
"deleted": false,
"description": "File object describing a file with meta-information",
"meta-category": "file",
"name": "file",
"template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215",
"template_version": "16",
"timestamp": "1555061896",
"uuid": "d090d7bd-5ff5-4f00-be49-c6d7436144d2",
"ObjectReference": [
{
"comment": "",
"object_uuid": "d090d7bd-5ff5-4f00-be49-c6d7436144d2",
"referenced_uuid": "c2881aa4-04fd-45b9-922b-93273fd2f4a7",
"relationship_type": "included-in",
"timestamp": "1554925267",
"uuid": "5cae46d3-7190-41dd-a8fa-4ab7950d210f"
},
{
"comment": "",
"object_uuid": "d090d7bd-5ff5-4f00-be49-c6d7436144d2",
"referenced_uuid": "dfa5812c-f91e-42b8-811d-718121a46fd9",
"relationship_type": "connected-to",
"timestamp": "1554925267",
"uuid": "5cae46d3-32e4-4de3-b0f2-4d37950d210f"
},
{
"comment": "",
"object_uuid": "d090d7bd-5ff5-4f00-be49-c6d7436144d2",
"referenced_uuid": "3d25e903-29f5-4b88-bf80-bd6bd8a9616b",
"relationship_type": "connected-to",
"timestamp": "1554925267",
"uuid": "5cae46d3-efac-43ed-9f39-4634950d210f"
},
{
"comment": "",
"object_uuid": "d090d7bd-5ff5-4f00-be49-c6d7436144d2",
"referenced_uuid": "93e7d27b-c857-4785-9eb2-3f1a21ab3ac3",
"relationship_type": "connected-to",
"timestamp": "1554925268",
"uuid": "5cae46d4-8174-4631-9998-4f52950d210f"
},
{
"comment": "",
"object_uuid": "d090d7bd-5ff5-4f00-be49-c6d7436144d2",
"referenced_uuid": "aa8e532e-3b80-47e4-bb04-22d666a10bd7",
"relationship_type": "connected-to",
"timestamp": "1554925268",
"uuid": "5cae46d4-6570-4aa0-a093-4981950d210f"
},
{
"comment": "",
"object_uuid": "d090d7bd-5ff5-4f00-be49-c6d7436144d2",
"referenced_uuid": "0031ec2d-46ed-4835-93ef-e6b868a26e40",
"relationship_type": "connected-to",
"timestamp": "1554925268",
"uuid": "5cae46d4-f978-4e03-991e-45ab950d210f"
},
{
"comment": "",
"object_uuid": "d090d7bd-5ff5-4f00-be49-c6d7436144d2",
"referenced_uuid": "378c38f0-377c-4626-949c-5eaa0a6367ae",
"relationship_type": "connected-to",
"timestamp": "1554925268",
"uuid": "5cae46d4-42a0-4c91-b427-4caf950d210f"
},
{
"comment": "",
"object_uuid": "d090d7bd-5ff5-4f00-be49-c6d7436144d2",
"referenced_uuid": "206ae99c-1cda-41e0-a81f-8e0e8c433156",
"relationship_type": "connected-to",
"timestamp": "1554925268",
"uuid": "5cae46d4-1208-4e01-b1be-43df950d210f"
},
{
"comment": "",
"object_uuid": "d090d7bd-5ff5-4f00-be49-c6d7436144d2",
"referenced_uuid": "d959b41a-72bb-478a-b453-5dfac6fe0dc1",
"relationship_type": "connected-to",
"timestamp": "1554925268",
"uuid": "5cae46d4-f114-491f-9ff8-4a55950d210f"
},
{
"comment": "",
"object_uuid": "d090d7bd-5ff5-4f00-be49-c6d7436144d2",
"referenced_uuid": "a7455d44-d858-472a-96ee-edea677be659",
"relationship_type": "connected-to",
"timestamp": "1554925268",
"uuid": "5cae46d4-d77c-461c-8c13-4132950d210f"
},
{
"comment": "",
"object_uuid": "d090d7bd-5ff5-4f00-be49-c6d7436144d2",
"referenced_uuid": "4fb3c39a-2c59-46d9-be12-028f54e577c9",
"relationship_type": "connected-to",
"timestamp": "1554925268",
"uuid": "5cae46d4-adf4-420e-b7c0-44ae950d210f"
},
{
"comment": "",
"object_uuid": "d090d7bd-5ff5-4f00-be49-c6d7436144d2",
"referenced_uuid": "c6acfd6b-0a6a-40cc-8f76-c2fdf02f41d9",
"relationship_type": "analysed-with",
"timestamp": "1555061901",
"uuid": "5cb05c8d-8164-4192-bce3-205c950d210f"
}
],
"Attribute": [
{
"category": "Payload delivery",
"comment": "",
"deleted": false,
"disable_correlation": false,
"object_relation": "md5",
"timestamp": "1554925259",
"to_ids": false,
"type": "md5",
"uuid": "8a712e0a-5e8d-4b3b-a662-2cd14260bd93",
"value": "42682d4a78fe5c2eda988185a344637d"
},
{
"category": "Payload delivery",
"comment": "",
"deleted": false,
"disable_correlation": false,
"object_relation": "sha1",
"timestamp": "1554925259",
"to_ids": false,
"type": "sha1",
"uuid": "7cf6b73b-3029-461a-aee4-29013ff75bbf",
"value": "4975de2be0a1f7202037f5a504d738fe512191b7"
},
{
"category": "Payload delivery",
"comment": "",
"deleted": false,
"disable_correlation": false,
"object_relation": "sha256",
"timestamp": "1554925259",
"to_ids": false,
"type": "sha256",
"uuid": "18049549-17de-42b5-ad8c-ba8048db392c",
"value": "4a74a9fd40b63218f7504f806fce71dffefc1b1d6ca4bbaadd720b6a89d47761"
},
{
"category": "Payload delivery",
"comment": "",
"deleted": false,
"disable_correlation": false,
"object_relation": "sha512",
"timestamp": "1554925259",
"to_ids": false,
"type": "sha512",
"uuid": "31f50370-4a96-4793-ba38-5bf3467d3325",
"value": "213e4a0afbfac0bd884ab262ac87aee7d9a175cff56ba11aa4c75a4feb6a96c5e4e2c26adbe765f637c783df7552a56e4781a3b17be5fda2cf7894e58eb873ec"
},
{
"category": "Payload delivery",
"comment": "",
"deleted": false,
"disable_correlation": false,
"object_relation": "ssdeep",
"timestamp": "1554925259",
"to_ids": false,
"type": "ssdeep",
"uuid": "0104d30b-2632-4ad0-aa8b-0625383bde49",
"value": "6144:nCgsFAkxS1rrtZQXTip12P04nTnvze6lxjWV346vze6lpjWV34Evze6lSjWV34a7:nCgsukxS1vtZ+5nvze6lxjWV346vze6N"
},
{
"category": "Payload delivery",
"comment": "",
"deleted": false,
"disable_correlation": true,
"object_relation": "filename",
"timestamp": "1554925259",
"to_ids": false,
"type": "filename",
"uuid": "227fa328-700a-4e3c-9119-588c192486e2",
"value": "42682D4A78FE5C2EDA988185A344637D"
},
{
"category": "Other",
"comment": "",
"deleted": false,
"disable_correlation": true,
"object_relation": "size-in-bytes",
"timestamp": "1554925259",
"to_ids": false,
"type": "size-in-bytes",
"uuid": "69dd5e48-5a24-47a0-83c0-7a01d5b24543",
"value": "346624"
},
{
"category": "Other",
"comment": "",
"deleted": false,
"disable_correlation": true,
"object_relation": "entropy",
"timestamp": "1554925259",
"to_ids": false,
"type": "float",
"uuid": "9107e919-b160-46e9-b3fb-525521fc263e",
"value": "6.10281"
},
{
"category": "Artifacts dropped",
"comment": "",
"deleted": false,
"disable_correlation": true,
"object_relation": "mimetype",
"timestamp": "1554925259",
"to_ids": false,
"type": "mime-type",
"uuid": "1a8e0e9d-57ea-4c70-84ed-295507df09aa",
"value": "PE32+ executable (DLL) (console) x86-64, for MS Windows"
}
]
},
{
"comment": "",
"deleted": false,
"description": "Object describing a section of a Portable Executable",
"meta-category": "file",
"name": "pe-section",
"template_uuid": "198a17d2-a135-4b25-9a32-5aa4e632014a",
"template_version": "2",
"timestamp": "1554925259",
"uuid": "0145ba7f-231a-4fd8-aba1-438b70fae9fa",
"Attribute": [
{
"category": "Other",
"comment": "",
"deleted": false,
"disable_correlation": true,
"object_relation": "entropy",
"timestamp": "1554925259",
"to_ids": false,
"type": "float",
"uuid": "db437369-40d5-4e00-b6ed-1b9982d76ca8",
"value": "2.790421"
},
{
"category": "Payload delivery",
"comment": "",
"deleted": false,
"disable_correlation": false,
"object_relation": "md5",
"timestamp": "1554925259",
"to_ids": true,
"type": "md5",
"uuid": "65391001-38d1-49da-a085-fe8d94fac44c",
"value": "83ec15e3cf335f784144db4208b328c9"
},
{
"category": "Other",
"comment": "",
"deleted": false,
"disable_correlation": true,
"object_relation": "size-in-bytes",
"timestamp": "1554925259",
"to_ids": false,
"type": "size-in-bytes",
"uuid": "94fb4869-9255-4e12-b8ae-73b14e8c0bdf",
"value": "1024"
}
]
},
{
"comment": "",
"deleted": false,
"description": "Object describing a section of a Portable Executable",
"meta-category": "file",
"name": "pe-section",
"template_uuid": "198a17d2-a135-4b25-9a32-5aa4e632014a",
"template_version": "2",
"timestamp": "1554925259",
"uuid": "f20d5f20-e19c-49e3-a2e0-d47a0e0b499e",
"Attribute": [
{
"category": "Payload delivery",
"comment": "",
"deleted": false,
"disable_correlation": false,
"object_relation": "md5",
"timestamp": "1554925259",
"to_ids": true,
"type": "md5",
"uuid": "85966b57-2605-4b90-8185-1f067b403afb",
"value": "036c57e89ea3a6afa819c242c5816b70"
},
{
"category": "Other",
"comment": "",
"deleted": false,
"disable_correlation": true,
"object_relation": "entropy",
"timestamp": "1554925259",
"to_ids": false,
"type": "float",
"uuid": "5048c911-a599-4242-8e80-643ed510c239",
"value": "5.688491"
},
{
"category": "Other",
"comment": "",
"deleted": false,
"disable_correlation": true,
"object_relation": "name",
"timestamp": "1554925259",
"to_ids": false,
"type": "text",
"uuid": "e1e462b9-3697-4156-b7ff-92def9365b19",
"value": ".text"
},
{
"category": "Other",
"comment": "",
"deleted": false,
"disable_correlation": true,
"object_relation": "size-in-bytes",
"timestamp": "1554925259",
"to_ids": false,
"type": "size-in-bytes",
"uuid": "0146e69e-8919-4bd2-9673-5a00b9eed22e",
"value": "206848"
}
]
},
{
"comment": "",
"deleted": false,
"description": "Object describing a section of a Portable Executable",
"meta-category": "file",
"name": "pe-section",
"template_uuid": "198a17d2-a135-4b25-9a32-5aa4e632014a",
"template_version": "2",
"timestamp": "1554925259",
"uuid": "542776ab-dc9a-49f5-8504-4201f4eb85f7",
"Attribute": [
{
"category": "Payload delivery",
"comment": "",
"deleted": false,
"disable_correlation": false,
"object_relation": "md5",
"timestamp": "1554925260",
"to_ids": true,
"type": "md5",
"uuid": "5e1aa619-0ba2-46bc-9477-fa14a9b12a8e",
"value": "4812d2f39e9a8ae569370d423ba31344"
},
{
"category": "Other",
"comment": "",
"deleted": false,
"disable_correlation": true,
"object_relation": "entropy",
"timestamp": "1554925260",
"to_ids": false,
"type": "float",
"uuid": "0068ee23-e6cb-455c-ac4e-fc2a134bdbc4",
"value": "6.000116"
},
{
"category": "Other",
"comment": "",
"deleted": false,
"disable_correlation": true,
"object_relation": "name",
"timestamp": "1554925260",
"to_ids": false,
"type": "text",
"uuid": "1eb93258-18d5-49bc-87d8-49083789e777",
"value": ".rdata"
},
{
"category": "Other",
"comment": "",
"deleted": false,
"disable_correlation": true,
"object_relation": "size-in-bytes",
"timestamp": "1554925260",
"to_ids": false,
"type": "size-in-bytes",
"uuid": "8f7dfe97-825a-48b1-82db-7f24295e739b",
"value": "26112"
}
]
},
{
"comment": "",
"deleted": false,
"description": "Object describing a section of a Portable Executable",
"meta-category": "file",
"name": "pe-section",
"template_uuid": "198a17d2-a135-4b25-9a32-5aa4e632014a",
"template_version": "2",
"timestamp": "1554925260",
"uuid": "001f3b62-1dc5-46b7-a5d1-0d172470284f",
"Attribute": [
{
"category": "Payload delivery",
"comment": "",
"deleted": false,
"disable_correlation": false,
"object_relation": "md5",
"timestamp": "1554925260",
"to_ids": true,
"type": "md5",
"uuid": "1a677867-4ba8-4281-a03b-6e4d45e2285e",
"value": "cb41e8f63b7c22c401a0634cb4fe1909"
},
{
"category": "Other",
"comment": "",
"deleted": false,
"disable_correlation": true,
"object_relation": "entropy",
"timestamp": "1554925260",
"to_ids": false,
"type": "float",
"uuid": "30879ef1-7c9a-460e-8ad8-b6c0644c831b",
"value": "4.748331"
},
{
"category": "Other",
"comment": "",
"deleted": false,
"disable_correlation": true,
"object_relation": "name",
"timestamp": "1554925260",
"to_ids": false,
"type": "text",
"uuid": "2d888451-fc78-444a-a4cc-24e8b0a28d44",
"value": ".data"
},
{
"category": "Other",
"comment": "",
"deleted": false,
"disable_correlation": true,
"object_relation": "size-in-bytes",
"timestamp": "1554925260",
"to_ids": false,
"type": "size-in-bytes",
"uuid": "86c1f0d6-d21b-4d7f-b657-fd1754ebcf48",
"value": "2048"
}
]
},
{
"comment": "",
"deleted": false,
"description": "Object describing a section of a Portable Executable",
"meta-category": "file",
"name": "pe-section",
"template_uuid": "198a17d2-a135-4b25-9a32-5aa4e632014a",
"template_version": "2",
"timestamp": "1554925260",
"uuid": "b144f1bb-4a25-4b2f-9e73-640f10889fec",
"Attribute": [
{
"category": "Payload delivery",
"comment": "",
"deleted": false,
"disable_correlation": false,
"object_relation": "md5",
"timestamp": "1554925260",
"to_ids": true,
"type": "md5",
"uuid": "554acd1f-4c9c-4c1d-99af-58b7493522d9",
"value": "3cc7651747904bfe94ed18f44354a706"
},
{
"category": "Other",
"comment": "",
"deleted": false,
"disable_correlation": true,
"object_relation": "entropy",
"timestamp": "1554925260",
"to_ids": false,
"type": "float",
"uuid": "485f0bf4-7faf-4d96-b4ee-d871ef6c3f62",
"value": "4.962073"
},
{
"category": "Other",
"comment": "",
"deleted": false,
"disable_correlation": true,
"object_relation": "name",
"timestamp": "1554925260",
"to_ids": false,
"type": "text",
"uuid": "120e916d-363b-4ffe-851d-ee9818ded5e1",
"value": ".pdata"
},
{
"category": "Other",
"comment": "",
"deleted": false,
"disable_correlation": true,
"object_relation": "size-in-bytes",
"timestamp": "1554925260",
"to_ids": false,
"type": "size-in-bytes",
"uuid": "33b99c6d-6c65-4304-b196-797a6db2e55f",
"value": "5120"
}
]
},
{
"comment": "",
"deleted": false,
"description": "Object describing a section of a Portable Executable",
"meta-category": "file",
"name": "pe-section",
"template_uuid": "198a17d2-a135-4b25-9a32-5aa4e632014a",
"template_version": "2",
"timestamp": "1554925260",
"uuid": "06738787-de97-4d46-b799-b0492c57d3e5",
"Attribute": [
{
"category": "Payload delivery",
"comment": "",
"deleted": false,
"disable_correlation": false,
"object_relation": "md5",
"timestamp": "1554925260",
"to_ids": true,
"type": "md5",
"uuid": "1c3aec0a-33b8-47a0-a9a5-5dc05b30c9fb",
"value": "9e92c54604ea67e76210c3c914e9608c"
},
{
"category": "Other",
"comment": "",
"deleted": false,
"disable_correlation": true,
"object_relation": "entropy",
"timestamp": "1554925260",
"to_ids": false,
"type": "float",
"uuid": "a2cf0031-d02f-4fa8-b812-7998b837a54f",
"value": "5.606351"
},
{
"category": "Other",
"comment": "",
"deleted": false,
"disable_correlation": true,
"object_relation": "name",
"timestamp": "1554925260",
"to_ids": false,
"type": "text",
"uuid": "a9255c91-81cc-4d09-8a49-5f6e45a73929",
"value": ".rsrc"
},
{
"category": "Other",
"comment": "",
"deleted": false,
"disable_correlation": true,
"object_relation": "size-in-bytes",
"timestamp": "1554925260",
"to_ids": false,
"type": "size-in-bytes",
"uuid": "a3f1fa7f-70b9-45f4-8426-c15950f11c34",
"value": "4096"
}
]
},
{
"comment": "",
"deleted": false,
"description": "Object describing a section of a Portable Executable",
"meta-category": "file",
"name": "pe-section",
"template_uuid": "198a17d2-a135-4b25-9a32-5aa4e632014a",
"template_version": "2",
"timestamp": "1554925260",
"uuid": "6cd4ce4a-6876-4fc6-a865-3a078c3f63e8",
"Attribute": [
{
"category": "Payload delivery",
"comment": "",
"deleted": false,
"disable_correlation": false,
"object_relation": "md5",
"timestamp": "1554925260",
"to_ids": true,
"type": "md5",
"uuid": "88fadd04-362b-4da3-945c-46123d71b107",
"value": "71dcfb1ec7257ee58dcc20cafb0be691"
},
{
"category": "Other",
"comment": "",
"deleted": false,
"disable_correlation": true,
"object_relation": "entropy",
"timestamp": "1554925260",
"to_ids": false,
"type": "float",
"uuid": "32113860-4289-480d-86df-f54d932dc94d",
"value": "0.673424"
},
{
"category": "Other",
"comment": "",
"deleted": false,
"disable_correlation": true,
"object_relation": "name",
"timestamp": "1554925260",
"to_ids": false,
"type": "text",
"uuid": "20ce954c-9c3a-4f34-8beb-17efb4536d2e",
"value": ".reloc"
},
{
"category": "Other",
"comment": "",
"deleted": false,
"disable_correlation": true,
"object_relation": "size-in-bytes",
"timestamp": "1554925260",
"to_ids": false,
"type": "size-in-bytes",
"uuid": "dd0b1837-0a06-4993-9788-d3ed36dd6202",
"value": "512"
}
]
},
{
"comment": "",
"deleted": false,
"description": "Object describing a Portable Executable",
"meta-category": "file",
"name": "pe",
"template_uuid": "cf7adecc-d4f0-4e88-9d90-f978ee151a07",
"template_version": "3",
"timestamp": "1554925260",
"uuid": "ab715c6a-5b26-4280-a328-6d748e83e680",
"ObjectReference": [
{
"comment": "",
"object_uuid": "ab715c6a-5b26-4280-a328-6d748e83e680",
"referenced_uuid": "0145ba7f-231a-4fd8-aba1-438b70fae9fa",
"relationship_type": "header-of",
"timestamp": "1554925268",
"uuid": "5cae46d4-5f2c-453a-af14-4348950d210f"
},
{
"comment": "",
"object_uuid": "ab715c6a-5b26-4280-a328-6d748e83e680",
"referenced_uuid": "f20d5f20-e19c-49e3-a2e0-d47a0e0b499e",
"relationship_type": "included-in",
"timestamp": "1554925268",
"uuid": "5cae46d4-f8f0-4964-b6d9-4d83950d210f"
},
{
"comment": "",
"object_uuid": "ab715c6a-5b26-4280-a328-6d748e83e680",
"referenced_uuid": "542776ab-dc9a-49f5-8504-4201f4eb85f7",
"relationship_type": "included-in",
"timestamp": "1554925268",
"uuid": "5cae46d4-2ed4-4496-bc95-4dc9950d210f"
},
{
"comment": "",
"object_uuid": "ab715c6a-5b26-4280-a328-6d748e83e680",
"referenced_uuid": "001f3b62-1dc5-46b7-a5d1-0d172470284f",
"relationship_type": "included-in",
"timestamp": "1554925269",
"uuid": "5cae46d5-d9a8-4600-9222-4504950d210f"
},
{
"comment": "",
"object_uuid": "ab715c6a-5b26-4280-a328-6d748e83e680",
"referenced_uuid": "b144f1bb-4a25-4b2f-9e73-640f10889fec",
"relationship_type": "included-in",
"timestamp": "1554925269",
"uuid": "5cae46d5-418c-4f54-bd2e-462e950d210f"
},
{
"comment": "",
"object_uuid": "ab715c6a-5b26-4280-a328-6d748e83e680",
"referenced_uuid": "06738787-de97-4d46-b799-b0492c57d3e5",
"relationship_type": "included-in",
"timestamp": "1554925269",
"uuid": "5cae46d5-6708-4ae7-9b54-4c88950d210f"
},
{
"comment": "",
"object_uuid": "ab715c6a-5b26-4280-a328-6d748e83e680",
"referenced_uuid": "6cd4ce4a-6876-4fc6-a865-3a078c3f63e8",
"relationship_type": "included-in",
"timestamp": "1554925269",
"uuid": "5cae46d5-2414-4874-b6fb-448e950d210f"
}
],
"Attribute": [
{
"category": "Payload delivery",
"comment": "",
"deleted": false,
"disable_correlation": true,
"object_relation": "internal-filename",
"timestamp": "1554925260",
"to_ids": true,
"type": "filename",
"uuid": "e87bd78d-e4fb-440e-94ff-f9a344a46f0d",
"value": "3021B9EF74c&BDDF59656A035F94FD08"
},
{
"category": "Payload delivery",
"comment": "",
"deleted": false,
"disable_correlation": true,
"object_relation": "original-filename",
"timestamp": "1554925260",
"to_ids": true,
"type": "filename",
"uuid": "8a4242ec-a929-4953-a347-1546cedc5256",
"value": "3021B9EF74c&BDDF59656A035F94FD08"
},
{
"category": "Other",
"comment": "",
"deleted": false,
"disable_correlation": true,
"object_relation": "number-sections",
"timestamp": "1554925260",
"to_ids": false,
"type": "counter",
"uuid": "3281e960-6ec5-4829-80e2-ad0ef59b5e65",
"value": "7"
}
]
},
{
"comment": "",
"deleted": false,
"description": "File object describing a file with meta-information",
"meta-category": "file",
"name": "file",
"template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215",
"template_version": "16",
"timestamp": "1555061896",
"uuid": "454b39cf-332b-4236-8015-6d343c883f40",
"ObjectReference": [
{
"comment": "",
"object_uuid": "454b39cf-332b-4236-8015-6d343c883f40",
"referenced_uuid": "ab715c6a-5b26-4280-a328-6d748e83e680",
"relationship_type": "included-in",
"timestamp": "1554925269",
"uuid": "5cae46d5-7e4c-4dcf-a0f1-4989950d210f"
},
{
"comment": "",
"object_uuid": "454b39cf-332b-4236-8015-6d343c883f40",
"referenced_uuid": "5e64eddb-9dc7-4976-9c08-4884f931c92e",
"relationship_type": "connected-to",
"timestamp": "1554925269",
"uuid": "5cae46d5-b8fc-42de-b698-4bc2950d210f"
},
{
"comment": "",
"object_uuid": "454b39cf-332b-4236-8015-6d343c883f40",
"referenced_uuid": "ae92ce2a-cac9-4284-8ce9-641e2a6d948b",
"relationship_type": "analysed-with",
"timestamp": "1555061901",
"uuid": "5cb05c8d-feb4-453b-b905-205c950d210f"
}
],
"Attribute": [
{
"category": "Payload delivery",
"comment": "",
"deleted": false,
"disable_correlation": false,
"object_relation": "md5",
"timestamp": "1554925260",
"to_ids": false,
"type": "md5",
"uuid": "a0031063-4e6c-4694-8aaa-2535d55b161b",
"value": "3021b9ef74c7bddf59656a035f94fd08"
},
{
"category": "Payload delivery",
"comment": "",
"deleted": false,
"disable_correlation": false,
"object_relation": "sha1",
"timestamp": "1554925260",
"to_ids": false,
"type": "sha1",
"uuid": "feb25b80-c568-4dcd-9dab-3353b6508ec4",
"value": "05ad5f346d0282e43360965373eb2a8d39735137"
},
{
"category": "Payload delivery",
"comment": "",
"deleted": false,
"disable_correlation": false,
"object_relation": "sha256",
"timestamp": "1554925260",
"to_ids": false,
"type": "sha256",
"uuid": "762c79b2-f9d0-46ed-8bcd-835fecd88309",
"value": "83228075a604e955d59edc760e4c4ed16eedabfc8f6ac291cf21b4fcbcd1f70a"
},
{
"category": "Payload delivery",
"comment": "",
"deleted": false,
"disable_correlation": false,
"object_relation": "sha512",
"timestamp": "1554925260",
"to_ids": false,
"type": "sha512",
"uuid": "1ecafef2-181f-4d44-a2cb-9b4860d0564d",
"value": "f8fcc5ed34b7bf144fc708d01d9685f0cb2e678c173d014987d6ecbf4a7c3ed539452819237173a2ab14609a913cf46c3bd618cffe7b5990c63cfe805a7144ff"
},
{
"category": "Payload delivery",
"comment": "",
"deleted": false,
"disable_correlation": false,
"object_relation": "ssdeep",
"timestamp": "1554925260",
"to_ids": false,
"type": "ssdeep",
"uuid": "f8ccd477-b357-4e2a-ae99-39a7ee0fc366",
"value": "6144:4+ZmN/ix9bd+Rvze6lxjWV346vze6lpjWV34Evze6lSjWV34avze6lkjWV34z5FT:4+ZmN/ix9b8Rvze6lxjWV346vze6lpjn"
},
{
"category": "Payload delivery",
"comment": "",
"deleted": false,
"disable_correlation": true,
"object_relation": "filename",
"timestamp": "1554925260",
"to_ids": false,
"type": "filename",
"uuid": "185bf6cf-ff68-4e17-9651-512cccd20e33",
"value": "3021B9EF74c&BDDF59656A035F94FD08"
},
{
"category": "Other",
"comment": "",
"deleted": false,
"disable_correlation": true,
"object_relation": "size-in-bytes",
"timestamp": "1554925260",
"to_ids": false,
"type": "size-in-bytes",
"uuid": "264aa925-07af-4433-9f99-d9eb6d1f99d7",
"value": "245760"
},
{
"category": "Other",
"comment": "",
"deleted": false,
"disable_correlation": true,
"object_relation": "entropy",
"timestamp": "1554925260",
"to_ids": false,
"type": "float",
"uuid": "406e1ae7-43d2-4f94-aa90-aea3a23b2c0e",
"value": "5.93339"
},
{
"category": "Artifacts dropped",
"comment": "",
"deleted": false,
"disable_correlation": true,
"object_relation": "mimetype",
"timestamp": "1554925260",
"to_ids": false,
"type": "mime-type",
"uuid": "5c54ec95-7584-40d4-bc94-46d872e9ae7c",
"value": "PE32+ executable (DLL) (console) x86-64, for MS Windows"
}
]
},
{
"comment": "",
"deleted": false,
"description": "Object describing a section of a Portable Executable",
"meta-category": "file",
"name": "pe-section",
"template_uuid": "198a17d2-a135-4b25-9a32-5aa4e632014a",
"template_version": "2",
"timestamp": "1554925260",
"uuid": "ac51556a-91c0-4267-9e61-de0a0dbabf05",
"Attribute": [
{
"category": "Other",
"comment": "",
"deleted": false,
"disable_correlation": true,
"object_relation": "entropy",
"timestamp": "1554925260",
"to_ids": false,
"type": "float",
"uuid": "879e9228-23e9-4d97-8009-e046b91b7aeb",
"value": "0.586304"
},
{
"category": "Payload delivery",
"comment": "",
"deleted": false,
"disable_correlation": false,
"object_relation": "md5",
"timestamp": "1554925260",
"to_ids": true,
"type": "md5",
"uuid": "59e51ead-2783-4216-b44e-90e11857d672",
"value": "84f39a6860555231d60a55c72d07bc5e"
},
{
"category": "Other",
"comment": "",
"deleted": false,
"disable_correlation": true,
"object_relation": "size-in-bytes",
"timestamp": "1554925260",
"to_ids": false,
"type": "size-in-bytes",
"uuid": "ea1ff8d3-922c-4b4a-a44e-7714d6076a12",
"value": "4096"
}
]
},
{
"comment": "",
"deleted": false,
"description": "Object describing a section of a Portable Executable",
"meta-category": "file",
"name": "pe-section",
"template_uuid": "198a17d2-a135-4b25-9a32-5aa4e632014a",
"template_version": "2",
"timestamp": "1554925260",
"uuid": "ea7cc58d-1fe6-4a0b-8070-4fe5b38cb690",
"Attribute": [
{
"category": "Payload delivery",
"comment": "",
"deleted": false,
"disable_correlation": false,
"object_relation": "md5",
"timestamp": "1554925260",
"to_ids": true,
"type": "md5",
"uuid": "6cc732da-7efb-4ebb-9633-3822c5e4a0ff",
"value": "649c24790b60bda1cf2a85516bfc7fa0"
},
{
"category": "Other",
"comment": "",
"deleted": false,
"disable_correlation": true,
"object_relation": "entropy",
"timestamp": "1554925260",
"to_ids": false,
"type": "float",
"uuid": "f00c1d4a-87b9-4472-b6b8-29f642a56a18",
"value": "5.98329"
},
{
"category": "Other",
"comment": "",
"deleted": false,
"disable_correlation": true,
"object_relation": "name",
"timestamp": "1554925260",
"to_ids": false,
"type": "text",
"uuid": "70fe749e-dffd-4d2e-b5a2-9814b70979eb",
"value": ".text"
},
{
"category": "Other",
"comment": "",
"deleted": false,
"disable_correlation": true,
"object_relation": "size-in-bytes",
"timestamp": "1554925260",
"to_ids": false,
"type": "size-in-bytes",
"uuid": "545f156d-000a-4918-a06f-e47c76fe7371",
"value": "24576"
}
]
},
{
"comment": "",
"deleted": false,
"description": "Object describing a section of a Portable Executable",
"meta-category": "file",
"name": "pe-section",
"template_uuid": "198a17d2-a135-4b25-9a32-5aa4e632014a",
"template_version": "2",
"timestamp": "1554925260",
"uuid": "c57a6cf7-e544-4364-adba-a72ea3e6573f",
"Attribute": [
{
"category": "Payload delivery",
"comment": "",
"deleted": false,
"disable_correlation": false,
"object_relation": "md5",
"timestamp": "1554925260",
"to_ids": true,
"type": "md5",
"uuid": "3608a534-9bc9-4ba9-a43f-c61d21088d0d",
"value": "fbd6ca444ef8c0667aed75820cc99dce"
},
{
"category": "Other",
"comment": "",
"deleted": false,
"disable_correlation": true,
"object_relation": "entropy",
"timestamp": "1554925261",
"to_ids": false,
"type": "float",
"uuid": "90bf5690-047d-40fe-ad8b-5c5f1bc77dc1",
"value": "3.520964"
},
{
"category": "Other",
"comment": "",
"deleted": false,
"disable_correlation": true,
"object_relation": "name",
"timestamp": "1554925261",
"to_ids": false,
"type": "text",
"uuid": "38646942-7e2b-49b9-88d7-5e04432cf143",
"value": ".rdata"
},
{
"category": "Other",
"comment": "",
"deleted": false,
"disable_correlation": true,
"object_relation": "size-in-bytes",
"timestamp": "1554925261",
"to_ids": false,
"type": "size-in-bytes",
"uuid": "b9d05716-e01d-40e6-bb96-4f0dfae88e2b",
"value": "4096"
}
]
},
{
"comment": "",
"deleted": false,
"description": "Object describing a section of a Portable Executable",
"meta-category": "file",
"name": "pe-section",
"template_uuid": "198a17d2-a135-4b25-9a32-5aa4e632014a",
"template_version": "2",
"timestamp": "1554925261",
"uuid": "1746f20a-4522-4af5-b779-165a2b829958",
"Attribute": [
{
"category": "Payload delivery",
"comment": "",
"deleted": false,
"disable_correlation": false,
"object_relation": "md5",
"timestamp": "1554925261",
"to_ids": true,
"type": "md5",
"uuid": "24142516-e506-44b7-a682-b34babb0c972",
"value": "0ecb4bcb0a1ef1bf8ea4157fabdd7357"
},
{
"category": "Other",
"comment": "",
"deleted": false,
"disable_correlation": true,
"object_relation": "entropy",
"timestamp": "1554925261",
"to_ids": false,
"type": "float",
"uuid": "b443d7d9-2096-43c3-b1b4-c812fbf7193e",
"value": "3.988157"
},
{
"category": "Other",
"comment": "",
"deleted": false,
"disable_correlation": true,
"object_relation": "name",
"timestamp": "1554925261",
"to_ids": false,
"type": "text",
"uuid": "4baa5798-34b6-4f6a-aa94-3e3b596a2f3b",
"value": ".data"
},
{
"category": "Other",
"comment": "",
"deleted": false,
"disable_correlation": true,
"object_relation": "size-in-bytes",
"timestamp": "1554925261",
"to_ids": false,
"type": "size-in-bytes",
"uuid": "6ff4b78b-140f-4592-9ee3-aa1c2f1f5d03",
"value": "4096"
}
]
},
{
"comment": "",
"deleted": false,
"description": "Object describing a Portable Executable",
"meta-category": "file",
"name": "pe",
"template_uuid": "cf7adecc-d4f0-4e88-9d90-f978ee151a07",
"template_version": "3",
"timestamp": "1554925261",
"uuid": "4bef19cc-01f6-4b03-9f08-6b51796cb5ca",
"ObjectReference": [
{
"comment": "",
"object_uuid": "4bef19cc-01f6-4b03-9f08-6b51796cb5ca",
"referenced_uuid": "ac51556a-91c0-4267-9e61-de0a0dbabf05",
"relationship_type": "header-of",
"timestamp": "1554925269",
"uuid": "5cae46d5-d358-4156-8114-4a1c950d210f"
},
{
"comment": "",
"object_uuid": "4bef19cc-01f6-4b03-9f08-6b51796cb5ca",
"referenced_uuid": "ea7cc58d-1fe6-4a0b-8070-4fe5b38cb690",
"relationship_type": "included-in",
"timestamp": "1554925269",
"uuid": "5cae46d5-5804-4448-9b60-4542950d210f"
},
{
"comment": "",
"object_uuid": "4bef19cc-01f6-4b03-9f08-6b51796cb5ca",
"referenced_uuid": "c57a6cf7-e544-4364-adba-a72ea3e6573f",
"relationship_type": "included-in",
"timestamp": "1554925269",
"uuid": "5cae46d5-4114-4c40-b118-46cb950d210f"
},
{
"comment": "",
"object_uuid": "4bef19cc-01f6-4b03-9f08-6b51796cb5ca",
"referenced_uuid": "1746f20a-4522-4af5-b779-165a2b829958",
"relationship_type": "included-in",
"timestamp": "1554925269",
"uuid": "5cae46d5-d4fc-4c21-a1c3-4767950d210f"
}
],
"Attribute": [
{
"category": "Payload delivery",
"comment": "",
"deleted": false,
"disable_correlation": true,
"object_relation": "internal-filename",
"timestamp": "1554925261",
"to_ids": true,
"type": "filename",
"uuid": "c4bd93cf-8ff8-46e6-acdb-80e5919b8252",
"value": "61E3571B8D9B2E9CCFADC3DDE10FB6E1"
},
{
"category": "Payload delivery",
"comment": "",
"deleted": false,
"disable_correlation": true,
"object_relation": "original-filename",
"timestamp": "1554925261",
"to_ids": true,
"type": "filename",
"uuid": "3a39acd6-2689-4a52-bd43-0e2b36799005",
"value": "61E3571B8D9B2E9CCFADC3DDE10FB6E1"
},
{
"category": "Other",
"comment": "",
"deleted": false,
"disable_correlation": true,
"object_relation": "number-sections",
"timestamp": "1554925261",
"to_ids": false,
"type": "counter",
"uuid": "8d5136ed-5e61-4de3-87ad-eb6c9a94c868",
"value": "4"
}
]
},
{
"comment": "",
"deleted": false,
"description": "File object describing a file with meta-information",
"meta-category": "file",
"name": "file",
"template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215",
"template_version": "16",
"timestamp": "1555061896",
"uuid": "ec166754-a5ff-4729-ac26-ac79ce02133c",
"ObjectReference": [
{
"comment": "",
"object_uuid": "ec166754-a5ff-4729-ac26-ac79ce02133c",
"referenced_uuid": "4bef19cc-01f6-4b03-9f08-6b51796cb5ca",
"relationship_type": "included-in",
"timestamp": "1554925269",
"uuid": "5cae46d5-b2b8-4435-bea9-483d950d210f"
},
{
"comment": "",
"object_uuid": "ec166754-a5ff-4729-ac26-ac79ce02133c",
"referenced_uuid": "dc846c76-af3d-4aab-ba62-ccc9a5582e5d",
"relationship_type": "dropped",
"timestamp": "1554925269",
"uuid": "5cae46d5-5c80-431c-b3c6-477c950d210f"
},
{
"comment": "",
"object_uuid": "ec166754-a5ff-4729-ac26-ac79ce02133c",
"referenced_uuid": "f7d0f16d-6367-4770-ae6e-db03c68a82ca",
"relationship_type": "dropped",
"timestamp": "1554925269",
"uuid": "5cae46d5-dd44-4516-815e-49d8950d210f"
},
{
"comment": "",
"object_uuid": "ec166754-a5ff-4729-ac26-ac79ce02133c",
"referenced_uuid": "03272933-d90e-4e38-87fa-5490bd1c37d8",
"relationship_type": "dropped",
"timestamp": "1554925269",
"uuid": "5cae46d5-ac74-404f-a894-418c950d210f"
},
{
"comment": "",
"object_uuid": "ec166754-a5ff-4729-ac26-ac79ce02133c",
"referenced_uuid": "9b5d58a8-fedd-424b-9e95-1fa9dee6113b",
"relationship_type": "connected-to",
"timestamp": "1554925269",
"uuid": "5cae46d5-2b80-4152-b393-4ad1950d210f"
},
{
"comment": "",
"object_uuid": "ec166754-a5ff-4729-ac26-ac79ce02133c",
"referenced_uuid": "5e64eddb-9dc7-4976-9c08-4884f931c92e",
"relationship_type": "connected-to",
"timestamp": "1554925269",
"uuid": "5cae46d5-ac38-4446-8159-4730950d210f"
},
{
"comment": "",
"object_uuid": "ec166754-a5ff-4729-ac26-ac79ce02133c",
"referenced_uuid": "e773193c-a490-442a-a41f-63e402cf3865",
"relationship_type": "connected-to",
"timestamp": "1554925269",
"uuid": "5cae46d5-75a4-45c9-b15c-43f4950d210f"
},
{
"comment": "",
"object_uuid": "ec166754-a5ff-4729-ac26-ac79ce02133c",
"referenced_uuid": "bc976e66-b5d6-464d-9adc-0d53da3ec01a",
"relationship_type": "connected-to",
"timestamp": "1554925269",
"uuid": "5cae46d5-9bf4-4a85-bcda-4ad9950d210f"
},
{
"comment": "",
"object_uuid": "ec166754-a5ff-4729-ac26-ac79ce02133c",
"referenced_uuid": "f7d0f16d-6367-4770-ae6e-db03c68a82ca",
"relationship_type": "related-to",
"timestamp": "1554925270",
"uuid": "5cae46d6-d40c-4da4-b2a2-4ee1950d210f"
},
{
"comment": "",
"object_uuid": "ec166754-a5ff-4729-ac26-ac79ce02133c",
"referenced_uuid": "292b76e3-83c8-4bb0-89c8-8105cf22899d",
"relationship_type": "analysed-with",
"timestamp": "1555061902",
"uuid": "5cb05c8e-ccf4-415b-87c5-205c950d210f"
}
],
"Attribute": [
{
"category": "Payload delivery",
"comment": "",
"deleted": false,
"disable_correlation": false,
"object_relation": "md5",
"timestamp": "1554925261",
"to_ids": false,
"type": "md5",
"uuid": "a6259ba2-6f4f-4c79-915e-5b034b88af2d",
"value": "61e3571b8d9b2e9ccfadc3dde10fb6e1"
},
{
"category": "Payload delivery",
"comment": "",
"deleted": false,
"disable_correlation": false,
"object_relation": "sha1",
"timestamp": "1554925261",
"to_ids": false,
"type": "sha1",
"uuid": "79e50306-2d57-4c83-9b55-98589ef42a46",
"value": "55daa1fca210ebf66b1a1d2db1aa3373b06da680"
},
{
"category": "Payload delivery",
"comment": "",
"deleted": false,
"disable_correlation": false,
"object_relation": "sha256",
"timestamp": "1554925261",
"to_ids": false,
"type": "sha256",
"uuid": "f04e903b-30d4-4d1a-aa0c-8caa4ac9296f",
"value": "70034b33f59c6698403293cdc28676c7daa8c49031089efa6eefce41e22dccb3"
},
{
"category": "Payload delivery",
"comment": "",
"deleted": false,
"disable_correlation": false,
"object_relation": "sha512",
"timestamp": "1554925261",
"to_ids": false,
"type": "sha512",
"uuid": "be4b9c27-4aaf-4e6a-8c24-23d9d371b00f",
"value": "235f7b920f54c4d316386cbf6cc14db1929029e8053270e730be15acc8e9f333231d2d984681bea26013a1d1cf4670528ba0989337be13ad4ada3eeba33bdfe8"
},
{
"category": "Payload delivery",
"comment": "",
"deleted": false,
"disable_correlation": false,
"object_relation": "ssdeep",
"timestamp": "1554925261",
"to_ids": false,
"type": "ssdeep",
"uuid": "b2a8a54e-3a57-4de6-9f66-0b7540097b2a",
"value": "6144:d71TKN7LBHvS+bujAfrsxwkm1Ka5l7gTtJUGx:dxKHPuj8WR0K6VgTtZx"
},
{
"category": "Payload delivery",
"comment": "",
"deleted": false,
"disable_correlation": true,
"object_relation": "filename",
"timestamp": "1554925261",
"to_ids": false,
"type": "filename",
"uuid": "6af9f081-ade0-43ca-a76d-87973d72fe2f",
"value": "61E3571B8D9B2E9CCFADC3DDE10FB6E1"
},
{
"category": "Other",
"comment": "",
"deleted": false,
"disable_correlation": true,
"object_relation": "size-in-bytes",
"timestamp": "1554925261",
"to_ids": false,
"type": "size-in-bytes",
"uuid": "16913367-f109-4106-95fc-a6aebf7026c2",
"value": "258052"
},
{
"category": "Other",
"comment": "",
"deleted": false,
"disable_correlation": true,
"object_relation": "entropy",
"timestamp": "1554925261",
"to_ids": false,
"type": "float",
"uuid": "4dd0185e-e2c4-4956-bab1-15cc4c8285d2",
"value": "7.82959"
},
{
"category": "Artifacts dropped",
"comment": "",
"deleted": false,
"disable_correlation": true,
"object_relation": "mimetype",
"timestamp": "1554925261",
"to_ids": false,
"type": "mime-type",
"uuid": "b3437b26-6849-417f-b637-07f3733a84bd",
"value": "PE32 executable (GUI) Intel 80386, for MS Windows"
}
]
},
{
"comment": "",
"deleted": false,
"description": "Object describing a section of a Portable Executable",
"meta-category": "file",
"name": "pe-section",
"template_uuid": "198a17d2-a135-4b25-9a32-5aa4e632014a",
"template_version": "2",
"timestamp": "1554925261",
"uuid": "9500fb1e-bb08-45d5-a3eb-3b82f649c624",
"Attribute": [
{
"category": "Other",
"comment": "",
"deleted": false,
"disable_correlation": true,
"object_relation": "entropy",
"timestamp": "1554925261",
"to_ids": false,
"type": "float",
"uuid": "c6cfb719-d72b-4ad4-9a65-3a0ff972a444",
"value": "0.709908"
},
{
"category": "Payload delivery",
"comment": "",
"deleted": false,
"disable_correlation": false,
"object_relation": "md5",
"timestamp": "1554925261",
"to_ids": true,
"type": "md5",
"uuid": "9ad2ded7-a7a2-494b-8aed-219afe98ca52",
"value": "d37b95aa17fa132415b37ec777f439ff"
},
{
"category": "Other",
"comment": "",
"deleted": false,
"disable_correlation": true,
"object_relation": "size-in-bytes",
"timestamp": "1554925261",
"to_ids": false,
"type": "size-in-bytes",
"uuid": "ae4061f1-85ca-455e-a60b-71f835ade07c",
"value": "4096"
}
]
},
{
"comment": "",
"deleted": false,
"description": "Object describing a section of a Portable Executable",
"meta-category": "file",
"name": "pe-section",
"template_uuid": "198a17d2-a135-4b25-9a32-5aa4e632014a",
"template_version": "2",
"timestamp": "1554925261",
"uuid": "0f41e5c5-7f40-44a1-885b-7f9597eb99f9",
"Attribute": [
{
"category": "Payload delivery",
"comment": "",
"deleted": false,
"disable_correlation": false,
"object_relation": "md5",
"timestamp": "1554925261",
"to_ids": true,
"type": "md5",
"uuid": "37b2712d-92e1-4c80-a022-276c885a225f",
"value": "badbc93c35554aec904ab0c34f05fbe0"
},
{
"category": "Other",
"comment": "",
"deleted": false,
"disable_correlation": true,
"object_relation": "entropy",
"timestamp": "1554925261",
"to_ids": false,
"type": "float",
"uuid": "7079daf0-c047-40ea-a6be-b187d0309922",
"value": "6.295472"
},
{
"category": "Other",
"comment": "",
"deleted": false,
"disable_correlation": true,
"object_relation": "name",
"timestamp": "1554925261",
"to_ids": false,
"type": "text",
"uuid": "b93f8d55-2f20-4533-bd95-8adca4c452e6",
"value": ".text"
},
{
"category": "Other",
"comment": "",
"deleted": false,
"disable_correlation": true,
"object_relation": "size-in-bytes",
"timestamp": "1554925261",
"to_ids": false,
"type": "size-in-bytes",
"uuid": "be0569ad-b5e9-481f-85bd-d4ff38268bf2",
"value": "180224"
}
]
},
{
"comment": "",
"deleted": false,
"description": "Object describing a section of a Portable Executable",
"meta-category": "file",
"name": "pe-section",
"template_uuid": "198a17d2-a135-4b25-9a32-5aa4e632014a",
"template_version": "2",
"timestamp": "1554925261",
"uuid": "2c0897ef-be21-4b08-a096-899c8545c0a6",
"Attribute": [
{
"category": "Payload delivery",
"comment": "",
"deleted": false,
"disable_correlation": false,
"object_relation": "md5",
"timestamp": "1554925261",
"to_ids": true,
"type": "md5",
"uuid": "1aabb47b-2cfb-4fa6-9795-44bf2e0822b1",
"value": "64f7a9cafdad34003aba4547bba0e25b"
},
{
"category": "Other",
"comment": "",
"deleted": false,
"disable_correlation": true,
"object_relation": "entropy",
"timestamp": "1554925261",
"to_ids": false,
"type": "float",
"uuid": "b639555c-1b57-4035-9579-1a73c3b3a53c",
"value": "6.372911"
},
{
"category": "Other",
"comment": "",
"deleted": false,
"disable_correlation": true,
"object_relation": "name",
"timestamp": "1554925261",
"to_ids": false,
"type": "text",
"uuid": "a88e067c-fccc-4459-a3e3-09575de7d068",
"value": ".rdata"
},
{
"category": "Other",
"comment": "",
"deleted": false,
"disable_correlation": true,
"object_relation": "size-in-bytes",
"timestamp": "1554925261",
"to_ids": false,
"type": "size-in-bytes",
"uuid": "add355d4-1e45-486e-ac73-b46318451e43",
"value": "16384"
}
]
},
{
"comment": "",
"deleted": false,
"description": "Object describing a section of a Portable Executable",
"meta-category": "file",
"name": "pe-section",
"template_uuid": "198a17d2-a135-4b25-9a32-5aa4e632014a",
"template_version": "2",
"timestamp": "1554925261",
"uuid": "6fa43c7f-c294-43cf-8b40-d00655aaa96e",
"Attribute": [
{
"category": "Payload delivery",
"comment": "",
"deleted": false,
"disable_correlation": false,
"object_relation": "md5",
"timestamp": "1554925261",
"to_ids": true,
"type": "md5",
"uuid": "06af0417-7d0a-4485-9377-1a3c1fd33790",
"value": "c792eb0c57577f4f3649775cbf32b253"
},
{
"category": "Other",
"comment": "",
"deleted": false,
"disable_correlation": true,
"object_relation": "entropy",
"timestamp": "1554925261",
"to_ids": false,
"type": "float",
"uuid": "cdbb482d-f5c6-4212-96fe-3c2d12ef61de",
"value": "3.996008"
},
{
"category": "Other",
"comment": "",
"deleted": false,
"disable_correlation": true,
"object_relation": "name",
"timestamp": "1554925261",
"to_ids": false,
"type": "text",
"uuid": "c7e1a6b2-a4c5-4f90-a690-6732494c6f7e",
"value": ".data"
},
{
"category": "Other",
"comment": "",
"deleted": false,
"disable_correlation": true,
"object_relation": "size-in-bytes",
"timestamp": "1554925261",
"to_ids": false,
"type": "size-in-bytes",
"uuid": "326b7108-c787-4182-9b80-2c64576d2fb5",
"value": "12288"
}
]
},
{
"comment": "",
"deleted": false,
"description": "Object describing a section of a Portable Executable",
"meta-category": "file",
"name": "pe-section",
"template_uuid": "198a17d2-a135-4b25-9a32-5aa4e632014a",
"template_version": "2",
"timestamp": "1554925261",
"uuid": "ce21b7c4-404c-4a76-96c8-e50ba9773a30",
"Attribute": [
{
"category": "Payload delivery",
"comment": "",
"deleted": false,
"disable_correlation": false,
"object_relation": "md5",
"timestamp": "1554925261",
"to_ids": true,
"type": "md5",
"uuid": "f661d161-f743-4ce2-91c6-9bad164daf22",
"value": "8791f715ae89ffe2c7d832c1be821edc"
},
{
"category": "Other",
"comment": "",
"deleted": false,
"disable_correlation": true,
"object_relation": "entropy",
"timestamp": "1554925262",
"to_ids": false,
"type": "float",
"uuid": "74fc1c8e-65fb-49f5-ad8f-190e6cdeda2d",
"value": "5.154376"
},
{
"category": "Other",
"comment": "",
"deleted": false,
"disable_correlation": true,
"object_relation": "name",
"timestamp": "1554925262",
"to_ids": false,
"type": "text",
"uuid": "09bb0227-98c7-4da1-9c08-047314d51f89",
"value": ".reloc"
},
{
"category": "Other",
"comment": "",
"deleted": false,
"disable_correlation": true,
"object_relation": "size-in-bytes",
"timestamp": "1554925262",
"to_ids": false,
"type": "size-in-bytes",
"uuid": "a3f93751-1090-4b2f-ad63-9bc7b55932e5",
"value": "8192"
}
]
},
{
"comment": "",
"deleted": false,
"description": "Object describing a Portable Executable",
"meta-category": "file",
"name": "pe",
"template_uuid": "cf7adecc-d4f0-4e88-9d90-f978ee151a07",
"template_version": "3",
"timestamp": "1554925262",
"uuid": "cb4560bb-f70e-44a7-9496-1d7d017e9880",
"ObjectReference": [
{
"comment": "",
"object_uuid": "cb4560bb-f70e-44a7-9496-1d7d017e9880",
"referenced_uuid": "9500fb1e-bb08-45d5-a3eb-3b82f649c624",
"relationship_type": "header-of",
"timestamp": "1554925270",
"uuid": "5cae46d6-d2fc-41bd-a069-4b10950d210f"
},
{
"comment": "",
"object_uuid": "cb4560bb-f70e-44a7-9496-1d7d017e9880",
"referenced_uuid": "0f41e5c5-7f40-44a1-885b-7f9597eb99f9",
"relationship_type": "included-in",
"timestamp": "1554925270",
"uuid": "5cae46d6-c54c-425d-931f-4a97950d210f"
},
{
"comment": "",
"object_uuid": "cb4560bb-f70e-44a7-9496-1d7d017e9880",
"referenced_uuid": "2c0897ef-be21-4b08-a096-899c8545c0a6",
"relationship_type": "included-in",
"timestamp": "1554925270",
"uuid": "5cae46d6-990c-4ee6-8cd5-435e950d210f"
},
{
"comment": "",
"object_uuid": "cb4560bb-f70e-44a7-9496-1d7d017e9880",
"referenced_uuid": "6fa43c7f-c294-43cf-8b40-d00655aaa96e",
"relationship_type": "included-in",
"timestamp": "1554925270",
"uuid": "5cae46d6-0f7c-4355-829b-4fc9950d210f"
},
{
"comment": "",
"object_uuid": "cb4560bb-f70e-44a7-9496-1d7d017e9880",
"referenced_uuid": "ce21b7c4-404c-4a76-96c8-e50ba9773a30",
"relationship_type": "included-in",
"timestamp": "1554925270",
"uuid": "5cae46d6-a12c-4d80-bb61-46c1950d210f"
}
],
"Attribute": [
{
"category": "Payload delivery",
"comment": "",
"deleted": false,
"disable_correlation": true,
"object_relation": "internal-filename",
"timestamp": "1554925262",
"to_ids": true,
"type": "filename",
"uuid": "f92cbd7f-2f37-4d68-9375-86c8ce643e4e",
"value": "UDPTrcSvc.dll"
},
{
"category": "Payload delivery",
"comment": "",
"deleted": false,
"disable_correlation": true,
"object_relation": "original-filename",
"timestamp": "1554925262",
"to_ids": true,
"type": "filename",
"uuid": "69bb1c76-be51-45a8-8f6a-4bec88c87e7f",
"value": "UDPTrcSvc.dll"
},
{
"category": "Other",
"comment": "",
"deleted": false,
"disable_correlation": true,
"object_relation": "number-sections",
"timestamp": "1554925262",
"to_ids": false,
"type": "counter",
"uuid": "eccba149-a16e-43a9-9477-13ece419d182",
"value": "5"
}
]
},
{
"comment": "",
"deleted": false,
"description": "File object describing a file with meta-information",
"meta-category": "file",
"name": "file",
"template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215",
"template_version": "16",
"timestamp": "1555061896",
"uuid": "dc846c76-af3d-4aab-ba62-ccc9a5582e5d",
"ObjectReference": [
{
"comment": "",
"object_uuid": "dc846c76-af3d-4aab-ba62-ccc9a5582e5d",
"referenced_uuid": "cb4560bb-f70e-44a7-9496-1d7d017e9880",
"relationship_type": "included-in",
"timestamp": "1554925270",
"uuid": "5cae46d6-3578-429c-852b-4a59950d210f"
},
{
"comment": "",
"object_uuid": "dc846c76-af3d-4aab-ba62-ccc9a5582e5d",
"referenced_uuid": "ec166754-a5ff-4729-ac26-ac79ce02133c",
"relationship_type": "dropped-by",
"timestamp": "1554925270",
"uuid": "5cae46d6-0248-480c-b7fc-437d950d210f"
},
{
"comment": "",
"object_uuid": "dc846c76-af3d-4aab-ba62-ccc9a5582e5d",
"referenced_uuid": "2fc2e78c-c6e8-424c-9ad7-e166e7737e9c",
"relationship_type": "analysed-with",
"timestamp": "1555061902",
"uuid": "5cb05c8e-0778-4c9e-9fd5-205c950d210f"
}
],
"Attribute": [
{
"category": "Payload delivery",
"comment": "",
"deleted": false,
"disable_correlation": false,
"object_relation": "md5",
"timestamp": "1554925262",
"to_ids": false,
"type": "md5",
"uuid": "e0f41def-01f8-470d-9d6b-a1fa4b9cfb24",
"value": "0893e206274cb98189d51a284c2a8c83"
},
{
"category": "Payload delivery",
"comment": "",
"deleted": false,
"disable_correlation": false,
"object_relation": "sha1",
"timestamp": "1554925262",
"to_ids": false,
"type": "sha1",
"uuid": "ab0893e1-d9e9-4808-9477-25a64d48f735",
"value": "d1f4cf4250e7ba186c1d0c6d8876f5a644f457a4"
},
{
"category": "Payload delivery",
"comment": "",
"deleted": false,
"disable_correlation": false,
"object_relation": "sha256",
"timestamp": "1554925262",
"to_ids": false,
"type": "sha256",
"uuid": "c87736a8-4dee-4115-be13-ae36fdc81d08",
"value": "cd5ff67ff773cc60c98c35f9e9d514b597cbd148789547ba152ba67bfc0fec8f"
},
{
"category": "Payload delivery",
"comment": "",
"deleted": false,
"disable_correlation": false,
"object_relation": "sha512",
"timestamp": "1554925262",
"to_ids": false,
"type": "sha512",
"uuid": "b40f1001-09ff-458e-953b-f6e6aab2f009",
"value": "8042356ff8dc69fa84f2de10a4c34685c3ffa798d5520382d4fbcdcb43ae17e403a208be9891cca6cf2bc297f767229a57f746ca834f6b79056a0ff1202941cf"
},
{
"category": "Payload delivery",
"comment": "",
"deleted": false,
"disable_correlation": false,
"object_relation": "ssdeep",
"timestamp": "1554925262",
"to_ids": false,
"type": "ssdeep",
"uuid": "f52b3dc3-9d20-4c83-b5d8-1b6b7a12e956",
"value": "3072:WsyjTzEvLFOL8AqCiueLt1VFu9+zcSywy0mcj90nSJ5NatCmtWwNQLK:W/zEvLFOLdq9uebdSwHN9n5wtkwNwK"
},
{
"category": "Payload delivery",
"comment": "",
"deleted": false,
"disable_correlation": true,
"object_relation": "filename",
"timestamp": "1554925262",
"to_ids": false,
"type": "filename",
"uuid": "7118c208-e5a9-4673-8755-ab9d7d61b829",
"value": "UDPTrcSvc.dll"
},
{
"category": "Other",
"comment": "",
"deleted": false,
"disable_correlation": true,
"object_relation": "size-in-bytes",
"timestamp": "1554925262",
"to_ids": false,
"type": "size-in-bytes",
"uuid": "bb2475d2-45d2-4d06-a078-3ab9eded8773",
"value": "221184"
},
{
"category": "Other",
"comment": "",
"deleted": false,
"disable_correlation": true,
"object_relation": "entropy",
"timestamp": "1554925262",
"to_ids": false,
"type": "float",
"uuid": "8ff8f5ec-5b62-4c88-93a5-ddcbf208809c",
"value": "6.359677"
},
{
"category": "Artifacts dropped",
"comment": "",
"deleted": false,
"disable_correlation": true,
"object_relation": "mimetype",
"timestamp": "1554925262",
"to_ids": false,
"type": "mime-type",
"uuid": "e7f39241-0c3a-4744-b949-8a2c4eef4526",
"value": "PE32 executable (DLL) (GUI) Intel 80386, for MS Windows"
}
]
},
{
"comment": "",
"deleted": false,
"description": "File object describing a file with meta-information",
"meta-category": "file",
"name": "file",
"template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215",
"template_version": "16",
"timestamp": "1555061896",
"uuid": "03272933-d90e-4e38-87fa-5490bd1c37d8",
"ObjectReference": [
{
"comment": "",
"object_uuid": "03272933-d90e-4e38-87fa-5490bd1c37d8",
"referenced_uuid": "ec166754-a5ff-4729-ac26-ac79ce02133c",
"relationship_type": "dropped-by",
"timestamp": "1554925270",
"uuid": "5cae46d6-d7b0-4773-a635-4489950d210f"
},
{
"comment": "",
"object_uuid": "03272933-d90e-4e38-87fa-5490bd1c37d8",
"referenced_uuid": "dca04ffe-c8b2-4b22-ba30-6a1eecf47ec9",
"relationship_type": "dropped-by",
"timestamp": "1554925270",
"uuid": "5cae46d6-8540-4168-895d-45f2950d210f"
},
{
"comment": "",
"object_uuid": "03272933-d90e-4e38-87fa-5490bd1c37d8",
"referenced_uuid": "1cba5ef3-2f91-4b11-855e-9480c7fb943d",
"relationship_type": "analysed-with",
"timestamp": "1555061902",
"uuid": "5cb05c8e-b4f0-4e22-9cca-205c950d210f"
}
],
"Attribute": [
{
"category": "Payload delivery",
"comment": "",
"deleted": false,
"disable_correlation": false,
"object_relation": "md5",
"timestamp": "1554925262",
"to_ids": false,
"type": "md5",
"uuid": "e8f5105b-58ec-481a-a38a-8c27f9bbbf6f",
"value": "c4103f122d27677c9db144cae1394a66"
},
{
"category": "Payload delivery",
"comment": "",
"deleted": false,
"disable_correlation": false,
"object_relation": "sha1",
"timestamp": "1554925262",
"to_ids": false,
"type": "sha1",
"uuid": "70deb3a8-2b5f-4b30-9cc3-365b527a1328",
"value": "1489f923c4dca729178b3e3233458550d8dddf29"
},
{
"category": "Payload delivery",
"comment": "",
"deleted": false,
"disable_correlation": false,
"object_relation": "sha256",
"timestamp": "1554925262",
"to_ids": false,
"type": "sha256",
"uuid": "63c4da1c-f99c-4d7d-b3d8-ab8343837e74",
"value": "96a296d224f285c67bee93c30f8a309157f0daa35dc5b87e410b78630a09cfc7"
},
{
"category": "Payload delivery",
"comment": "",
"deleted": false,
"disable_correlation": false,
"object_relation": "sha512",
"timestamp": "1554925262",
"to_ids": false,
"type": "sha512",
"uuid": "19cfa74d-ccbd-4aef-a883-db7810e06742",
"value": "5ea71dc6d0b4f57bf39aadd07c208c35f06cd2bac5fde210397f70de11d439c62ec1cdf3183758865fd387fcea0bada2f6c37a4a17851dd1d78fefe6f204ee54"
},
{
"category": "Payload delivery",
"comment": "",
"deleted": false,
"disable_correlation": false,
"object_relation": "ssdeep",
"timestamp": "1554925262",
"to_ids": false,
"type": "ssdeep",
"uuid": "668d2d9e-8d8b-4b5e-9fb1-5026df4110cd",
"value": "3::"
},
{
"category": "Payload delivery",
"comment": "",
"deleted": false,
"disable_correlation": true,
"object_relation": "filename",
"timestamp": "1554925262",
"to_ids": false,
"type": "filename",
"uuid": "4f2b396b-4552-4d59-b672-3c37d15fabb3",
"value": "MSDFMAPI.INI"
},
{
"category": "Other",
"comment": "",
"deleted": false,
"disable_correlation": true,
"object_relation": "size-in-bytes",
"timestamp": "1554925262",
"to_ids": false,
"type": "size-in-bytes",
"uuid": "8d7e6cb2-2bf9-468e-95c6-ba29650f2011",
"value": "2"
},
{
"category": "Other",
"comment": "",
"deleted": false,
"disable_correlation": true,
"object_relation": "entropy",
"timestamp": "1554925262",
"to_ids": false,
"type": "float",
"uuid": "8e6a5d22-458f-4c7a-8778-2ea70ff717be",
"value": "0.0"
},
{
"category": "Artifacts dropped",
"comment": "",
"deleted": false,
"disable_correlation": true,
"object_relation": "mimetype",
"timestamp": "1554925262",
"to_ids": false,
"type": "mime-type",
"uuid": "dc5ebfde-e15d-4355-aff5-6ecc28ac5208",
"value": "data"
}
]
},
{
"comment": "",
"deleted": false,
"description": "File object describing a file with meta-information",
"meta-category": "file",
"name": "file",
"template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215",
"template_version": "16",
"timestamp": "1555061896",
"uuid": "ec5b0828-fc8e-4d29-9a2a-59806d987175",
"ObjectReference": [
{
"comment": "",
"object_uuid": "ec5b0828-fc8e-4d29-9a2a-59806d987175",
"referenced_uuid": "d0962325-2049-4b8a-9cc0-8597888ef490",
"relationship_type": "analysed-with",
"timestamp": "1555061902",
"uuid": "5cb05c8e-a460-4bb5-ad7f-205c950d210f"
}
],
"Attribute": [
{
"category": "Payload delivery",
"comment": "",
"deleted": false,
"disable_correlation": false,
"object_relation": "md5",
"timestamp": "1554925262",
"to_ids": false,
"type": "md5",
"uuid": "234f5001-653c-4987-822f-3c3a43c0ba21",
"value": "f8d26f2b8dd2ac4889597e1f2fd1f248"
},
{
"category": "Payload delivery",
"comment": "",
"deleted": false,
"disable_correlation": false,
"object_relation": "sha1",
"timestamp": "1554925262",
"to_ids": false,
"type": "sha1",
"uuid": "1dffb69a-4482-4c6c-9dfd-dd365bd1ed29",
"value": "dd132f76a4aff9862923d6a10e54dca26f26b1b4"
},
{
"category": "Payload delivery",
"comment": "",
"deleted": false,
"disable_correlation": false,
"object_relation": "sha256",
"timestamp": "1554925262",
"to_ids": false,
"type": "sha256",
"uuid": "583b3559-f762-4b10-a7ee-f10236e189ee",
"value": "d77fdabe17cdba62a8e728cbe6c740e2c2e541072501f77988674e07a05dfb39"
},
{
"category": "Payload delivery",
"comment": "",
"deleted": false,
"disable_correlation": false,
"object_relation": "sha512",
"timestamp": "1554925262",
"to_ids": false,
"type": "sha512",
"uuid": "5dab5204-97b6-48ef-b37e-b5131f29a1f8",
"value": "34f8d10ebcab6f10c5140e94cf858761e9fa2e075db971b8e49c7334e1d55237f844ed6cf8ce735e984203f58d6b5032813b55e29a59af4bfff3853b1d07bc44"
},
{
"category": "Payload delivery",
"comment": "",
"deleted": false,
"disable_correlation": false,
"object_relation": "ssdeep",
"timestamp": "1554925262",
"to_ids": false,
"type": "ssdeep",
"uuid": "1b24258e-ecd9-4006-8aaf-41fce6c6ffad",
"value": "12288:MG31DF/ubokxmgF8JsVusikiWxdj3tIQLYe:NlI0UV0ou1kiWvm4Ye"
},
{
"category": "Payload delivery",
"comment": "",
"deleted": false,
"disable_correlation": true,
"object_relation": "filename",
"timestamp": "1554925262",
"to_ids": false,
"type": "filename",
"uuid": "86d268ed-bafa-4da7-bc68-9046d5d445f3",
"value": "F8D26F2B8DD2AC4889597E1F2FD1F248"
},
{
"category": "Other",
"comment": "",
"deleted": false,
"disable_correlation": true,
"object_relation": "size-in-bytes",
"timestamp": "1554925262",
"to_ids": false,
"type": "size-in-bytes",
"uuid": "0146e514-a049-422c-8460-0edf9de36316",
"value": "456241"
},
{
"category": "Other",
"comment": "",
"deleted": false,
"disable_correlation": true,
"object_relation": "entropy",
"timestamp": "1554925262",
"to_ids": false,
"type": "float",
"uuid": "1376b72b-ec8b-4a07-bd46-5d8e7da5c425",
"value": "7.99935"
},
{
"category": "Artifacts dropped",
"comment": "",
"deleted": false,
"disable_correlation": true,
"object_relation": "mimetype",
"timestamp": "1554925262",
"to_ids": false,
"type": "mime-type",
"uuid": "b53ef00f-ce2d-4432-941e-656e5191570a",
"value": "data"
}
]
},
{
"comment": "",
"deleted": false,
"description": "Object describing the original file used to import data in MISP.",
"meta-category": "file",
"name": "original-imported-file",
"template_uuid": "4cd560e9-2cfe-40a1-9964-7b2e797ecac5",
"template_version": "2",
"timestamp": "1554925270",
"uuid": "5cae46d6-3cf8-4a8c-9ffc-46e0950d210f",
"Attribute": [
{
"category": "External analysis",
"comment": "",
"data": "PHN0aXg6U1RJWF9QYWNrYWdlIHhtbG5zOmN5Ym94Q29tbW9uPSJodHRwOi8vY3lib3gubWl0cmUub3JnL2NvbW1vbi0yIiB4bWxuczpjeWJveD0iaHR0cDovL2N5Ym94Lm1pdHJlLm9yZy9jeWJveC0yIiB4bWxuczpjeWJveFZvY2Ficz0iaHR0cDovL2N5Ym94Lm1pdHJlLm9yZy9kZWZhdWx0X3ZvY2FidWxhcmllcy0yIiB4bWxuczpBZGRyZXNzT2JqPSJodHRwOi8vY3lib3gubWl0cmUub3JnL29iamVjdHMjQWRkcmVzc09iamVjdC0yIiB4bWxuczpGaWxlT2JqPSJodHRwOi8vY3lib3gubWl0cmUub3JnL29iamVjdHMjRmlsZU9iamVjdC0yIiB4bWxuczpQb3J0T2JqPSJodHRwOi8vY3lib3gubWl0cmUub3JnL29iamVjdHMjUG9ydE9iamVjdC0yIiB4bWxuczpXaG9pc09iaj0iaHR0cDovL2N5Ym94Lm1pdHJlLm9yZy9vYmplY3RzI1dob2lzT2JqZWN0LTIiIHhtbG5zOldpbkV4ZWN1dGFibGVGaWxlT2JqPSJodHRwOi8vY3lib3gubWl0cmUub3JnL29iamVjdHMjV2luRXhlY3V0YWJsZUZpbGVPYmplY3QtMiIgeG1sbnM6V2luRmlsZU9iaj0iaHR0cDovL2N5Ym94Lm1pdHJlLm9yZy9vYmplY3RzI1dpbkZpbGVPYmplY3QtMiIgeG1sbnM6bWFya2luZz0iaHR0cDovL2RhdGEtbWFya2luZy5taXRyZS5vcmcvTWFya2luZy0xIiB4bWxuczp0bHBNYXJraW5nPSJodHRwOi8vZGF0YS1tYXJraW5nLm1pdHJlLm9yZy9leHRlbnNpb25zL01hcmtpbmdTdHJ1Y3R1cmUjVExQLTEiIHhtbG5zOlRPVU1hcmtpbmc9Imh0dHA6Ly9kYXRhLW1hcmtpbmcubWl0cmUub3JnL2V4dGVuc2lvbnMvTWFya2luZ1N0cnVjdHVyZSNUZXJtc19PZl9Vc2UtMSIgeG1sbnM6bWFlY0J1bmRsZT0iaHR0cDovL21hZWMubWl0cmUub3JnL1hNTFNjaGVtYS9tYWVjLWJ1bmRsZS00IiB4bWxuczptYWVjUGFja2FnZT0iaHR0cDovL21hZWMubWl0cmUub3JnL1hNTFNjaGVtYS9tYWVjLXBhY2thZ2UtMiIgeG1sbnM6bWFlY1ZvY2Ficz0iaHR0cDovL21hZWMubWl0cmUub3JnL2RlZmF1bHRfdm9jYWJ1bGFyaWVzLTEiIHhtbG5zOmluY2lkZW50PSJodHRwOi8vc3RpeC5taXRyZS5vcmcvSW5jaWRlbnQtMSIgeG1sbnM6aW5kaWNhdG9yPSJodHRwOi8vc3RpeC5taXRyZS5vcmcvSW5kaWNhdG9yLTIiIHhtbG5zOnR0cD0iaHR0cDovL3N0aXgubWl0cmUub3JnL1RUUC0xIiB4bWxuczpzdGl4Q29tbW9uPSJodHRwOi8vc3RpeC5taXRyZS5vcmcvY29tbW9uLTEiIHhtbG5zOnN0aXhWb2NhYnM9Imh0dHA6Ly9zdGl4Lm1pdHJlLm9yZy9kZWZhdWx0X3ZvY2FidWxhcmllcy0xIiB4bWxuczpzdGl4LW1hZWM9Imh0dHA6Ly9zdGl4Lm1pdHJlLm9yZy9leHRlbnNpb25zL01hbHdhcmUjTUFFQzQuMS0xIiB4bWxuczp5YXJhVE09Imh0dHA6Ly9zdGl4Lm1pdHJlLm9yZy9leHRlbnNpb25zL1Rlc3RNZWNoYW5pc20jWUFSQS0xIiB4bWxuczpzdGl4PSJodHRwOi8vc3RpeC5taXRyZS5vcmcvc3RpeC0xIiB4bWxuczpOQ0NJQz0iaHR0cDovL3d3dy51cy1jZXJ0Lmdvdi8iIHhtbG5zOnhzaT0iaHR0cDovL3d3dy53My5vcmcvMjAwMS9YTUxTY2hlbWEtaW5zdGFuY2UiIHhzaTpzY2hlbWFMb2NhdGlvbj0iICBodHRwOi8vY3lib3gubWl0cmUub3JnL2NvbW1vbi0yIGh0dHA6Ly9jeWJveC5taXRyZS5vcmcvWE1MU2NoZW1hL2NvbW1vbi8yLjEvY3lib3hfY29tbW9uLnhzZCAgaHR0cDovL2N5Ym94Lm1pdHJlLm9yZy9jeWJveC0yIGh0dHA6Ly9jeWJveC5taXRyZS5vcmcvWE1MU2NoZW1hL2NvcmUvMi4xL2N5Ym94X2NvcmUueHNkICBodHRwOi8vY3lib3gubWl0cmUub3JnL2RlZmF1bHRfdm9jYWJ1bGFyaWVzLTIgaHR0cDovL2N5Ym94Lm1pdHJlLm9yZy9YTUxTY2hlbWEvZGVmYXVsdF92b2NhYnVsYXJpZXMvMi4xL2N5Ym94X2RlZmF1bHRfdm9jYWJ1bGFyaWVzLnhzZCAgaHR0cDovL2N5Ym94Lm1pdHJlLm9yZy9vYmplY3RzI0FkZHJlc3NPYmplY3QtMiBodHRwOi8vY3lib3gubWl0cmUub3JnL1hNTFNjaGVtYS9vYmplY3RzL0FkZHJlc3MvMi4xL0FkZHJlc3NfT2JqZWN0LnhzZCAgaHR0cDovL2N5Ym94Lm1pdHJlLm9yZy9vYmplY3RzI0ZpbGVPYmplY3QtMiBodHRwOi8vY3lib3gubWl0cmUub3JnL1hNTFNjaGVtYS9vYmplY3RzL0ZpbGUvMi4xL0ZpbGVfT2JqZWN0LnhzZCAgaHR0cDovL2N5Ym94Lm1pdHJlLm9yZy9vYmplY3RzI1BvcnRPYmplY3QtMiBodHRwOi8vY3lib3gubWl0cmUub3JnL1hNTFNjaGVtYS9vYmplY3RzL1BvcnQvMi4xL1BvcnRfT2JqZWN0LnhzZCAgaHR0cDovL2N5Ym94Lm1pdHJlLm9yZy9vYmplY3RzI1dob2lzT2JqZWN0LTIgaHR0cDovL2N5Ym94Lm1pdHJlLm9yZy9YTUxTY2hlbWEvb2JqZWN0cy9XaG9pcy8yLjEvV2hvaXNfT2JqZWN0LnhzZCAgaHR0cDovL2N5Ym94Lm1pdHJlLm9yZy9vYmplY3RzI1dpbkV4ZWN1dGFibGVGaWxlT2JqZWN0LTIgaHR0cDovL2N5Ym94Lm1pdHJlLm9yZy9YTUxTY2hlbWEvb2JqZWN0cy9XaW5fRXhlY3V0YWJsZV9GaWxlLzIuMS9XaW5fRXhlY3V0YWJsZV9GaWxlX09iamVjdC54c2QgIGh0dHA6Ly9jeWJveC5taXRyZS5vcmcvb2JqZWN0cyNXaW5GaWxlT2JqZWN0LTIgaHR0cDovL2N5Ym94Lm1pdHJlLm9yZy9YTUxTY2hlbWEvb2JqZWN0cy9XaW5fRmlsZS8yLjEvV2luX0ZpbGVfT2JqZWN0LnhzZCAgaHR0cDovL2RhdGEtbWFya2luZy5taXRyZS5vcmcvTWFya2luZy0xIGh0dHA6Ly9zdGl4Lm1pdHJlLm9yZy9YTUxTY2hlbWEvZGF0YV9tYXJraW5nLzEuMS4xL2RhdGFfbWFya2luZy54c2QgIGh0dHA6Ly9kYXRhLW1hcmtpbmcubWl0cmUub3JnL2V4dGVuc2lvbnMvTWFya2luZ1N0cnVjdHVyZSNUTFAtMSBodHRwOi8vc3RpeC5taXRyZS5vcmcvWE1MU2NoZW1hL2V4dGVuc2lvbnMvbWFya2luZy90bHAvMS4xLjEvdGxwX21hcmtpbmcueHNkICBodHRwOi8vZGF0YS1tYXJraW5nLm1pdHJlLm9yZy9leHRlbnNpb25zL01hcmtpbmdTdHJ1Y3R1cmUjVGVybXNfT2ZfVXNlLTEgaHR0cDovL3N0aXgubWl0cmUub3JnL1hNTFNjaGVtYS9leHRlbnNpb25zL21hcmtpbmcvdGVybXNfb2ZfdXNlLzEuMC4xL3Rlcm1zX29mX3VzZV9tYXJraW5nLnhzZCAgaHR0cDovL21hZWMubWl0cmUub3JnL1hNTF
"deleted": false,
"disable_correlation": true,
"object_relation": "imported-sample",
"timestamp": "1554925270",
"to_ids": false,
"type": "attachment",
"uuid": "5cae46d6-58f0-4c3c-9c58-4ff5950d210f",
"value": "MAR-10135536-8.stix.xml"
},
{
"category": "Other",
"comment": "",
"deleted": false,
"disable_correlation": true,
"object_relation": "format",
"timestamp": "1554925270",
"to_ids": false,
"type": "text",
"uuid": "5cae46d6-51a8-4570-bb84-4554950d210f",
"value": "STIX 1.1"
}
]
},
{
"comment": "",
"deleted": false,
"description": "VirusTotal report",
"meta-category": "misc",
"name": "virustotal-report",
"template_uuid": "d7dd0154-e04f-4c34-a2fb-79f3a3a52aa4",
"template_version": "2",
"timestamp": "1555061897",
"uuid": "b2d62cb5-8052-47f2-997e-dd4238004f97",
"Attribute": [
{
"category": "Other",
"comment": "",
"deleted": false,
"disable_correlation": false,
"object_relation": "last-submission",
"timestamp": "1554925251",
"to_ids": false,
"type": "datetime",
"uuid": "93b8dd2e-154d-429c-baa1-1d816c2861b6",
"value": "2019-04-12T06:44:27"
},
{
"category": "Payload delivery",
"comment": "",
"deleted": false,
"disable_correlation": false,
"object_relation": "permalink",
"timestamp": "1554925251",
"to_ids": false,
"type": "link",
"uuid": "4798f052-f860-455d-ad72-5c5675dbc0bc",
"value": "https://www.virustotal.com/file/05feed9762bc46b47a7dc5c469add9f163c16df4ddaafe81983a628da5714461/analysis/1555051467/"
},
{
"category": "Payload delivery",
"comment": "",
"deleted": false,
"disable_correlation": true,
"object_relation": "detection-ratio",
"timestamp": "1554925251",
"to_ids": false,
"type": "text",
"uuid": "e0f10253-c995-4301-9c64-01c080c5b856",
"value": "26/69"
}
]
},
{
"comment": "",
"deleted": false,
"description": "VirusTotal report",
"meta-category": "misc",
"name": "virustotal-report",
"template_uuid": "d7dd0154-e04f-4c34-a2fb-79f3a3a52aa4",
"template_version": "2",
"timestamp": "1555061897",
"uuid": "42d5dff2-e1f0-428f-a415-b83a757b7768",
"Attribute": [
{
"category": "Other",
"comment": "",
"deleted": false,
"disable_correlation": false,
"object_relation": "last-submission",
"timestamp": "1554925254",
"to_ids": false,
"type": "datetime",
"uuid": "a2315c49-5b25-45c9-935a-609ba79bb4ba",
"value": "2019-04-12T06:23:19"
},
{
"category": "Payload delivery",
"comment": "",
"deleted": false,
"disable_correlation": false,
"object_relation": "permalink",
"timestamp": "1554925254",
"to_ids": false,
"type": "link",
"uuid": "62d7f6e0-a7f6-4cf7-a869-21c0c2fa1075",
"value": "https://www.virustotal.com/file/4c372df691fc699552f81c3d3937729f1dde2a2393f36c92ccc2bd2a033a0818/analysis/1555050199/"
},
{
"category": "Payload delivery",
"comment": "",
"deleted": false,
"disable_correlation": true,
"object_relation": "detection-ratio",
"timestamp": "1554925254",
"to_ids": false,
"type": "text",
"uuid": "0040fd7e-fb3e-45e9-abe3-06275410051c",
"value": "20/65"
}
]
},
{
"comment": "",
"deleted": false,
"description": "VirusTotal report",
"meta-category": "misc",
"name": "virustotal-report",
"template_uuid": "d7dd0154-e04f-4c34-a2fb-79f3a3a52aa4",
"template_version": "2",
"timestamp": "1555061898",
"uuid": "a314859d-026b-4b02-bcf5-09d7e3c08026",
"Attribute": [
{
"category": "Other",
"comment": "",
"deleted": false,
"disable_correlation": false,
"object_relation": "last-submission",
"timestamp": "1554925255",
"to_ids": false,
"type": "datetime",
"uuid": "880f50d2-bceb-4345-8793-672b75760927",
"value": "2019-04-12T06:53:02"
},
{
"category": "Payload delivery",
"comment": "",
"deleted": false,
"disable_correlation": false,
"object_relation": "permalink",
"timestamp": "1554925255",
"to_ids": false,
"type": "link",
"uuid": "8bc328ed-c422-47c2-92c7-d9b341cc7ede",
"value": "https://www.virustotal.com/file/ddea408e178f0412ae78ff5d5adf2439251f68cad4fd853ee466a3c74649642d/analysis/1555051982/"
},
{
"category": "Payload delivery",
"comment": "",
"deleted": false,
"disable_correlation": true,
"object_relation": "detection-ratio",
"timestamp": "1554925255",
"to_ids": false,
"type": "text",
"uuid": "46a21555-699d-4092-9486-b14e92c112d7",
"value": "24/71"
}
]
},
{
"comment": "",
"deleted": false,
"description": "VirusTotal report",
"meta-category": "misc",
"name": "virustotal-report",
"template_uuid": "d7dd0154-e04f-4c34-a2fb-79f3a3a52aa4",
"template_version": "2",
"timestamp": "1555061898",
"uuid": "2fc2e78c-c6e8-424c-9ad7-e166e7737e9c",
"Attribute": [
{
"category": "Other",
"comment": "",
"deleted": false,
"disable_correlation": false,
"object_relation": "last-submission",
"timestamp": "1554925262",
"to_ids": false,
"type": "datetime",
"uuid": "d1f5c894-44c4-49c2-a97d-49a37c85698d",
"value": "2019-04-12T00:08:18"
},
{
"category": "Payload delivery",
"comment": "",
"deleted": false,
"disable_correlation": false,
"object_relation": "permalink",
"timestamp": "1554925262",
"to_ids": false,
"type": "link",
"uuid": "58dd4071-eaa2-4fb5-befb-d115f8e03c27",
"value": "https://www.virustotal.com/file/cd5ff67ff773cc60c98c35f9e9d514b597cbd148789547ba152ba67bfc0fec8f/analysis/1555027698/"
},
{
"category": "Payload delivery",
"comment": "",
"deleted": false,
"disable_correlation": true,
"object_relation": "detection-ratio",
"timestamp": "1554925262",
"to_ids": false,
"type": "text",
"uuid": "be07e165-b34e-4e5e-982a-1955428d583c",
"value": "45/71"
}
]
},
{
"comment": "",
"deleted": false,
"description": "VirusTotal report",
"meta-category": "misc",
"name": "virustotal-report",
"template_uuid": "d7dd0154-e04f-4c34-a2fb-79f3a3a52aa4",
"template_version": "2",
"timestamp": "1555061898",
"uuid": "603e0902-44f7-4457-9d0e-6246e8fce379",
"Attribute": [
{
"category": "Other",
"comment": "",
"deleted": false,
"disable_correlation": false,
"object_relation": "last-submission",
"timestamp": "1554925252",
"to_ids": false,
"type": "datetime",
"uuid": "e68c58c8-9662-4509-91a2-f64bd137ce3c",
"value": "2019-04-12T06:23:14"
},
{
"category": "Payload delivery",
"comment": "",
"deleted": false,
"disable_correlation": false,
"object_relation": "permalink",
"timestamp": "1554925252",
"to_ids": false,
"type": "link",
"uuid": "d67172a0-b4e2-4d36-846b-36f234b07ec4",
"value": "https://www.virustotal.com/file/2151c1977b4555a1761c12f151969f8e853e26c396fa1a7b74ccbaf3a48f4525/analysis/1555050194/"
},
{
"category": "Payload delivery",
"comment": "",
"deleted": false,
"disable_correlation": true,
"object_relation": "detection-ratio",
"timestamp": "1554925252",
"to_ids": false,
"type": "text",
"uuid": "0eb206aa-c688-497f-8faf-ed7b99a0e18b",
"value": "25/68"
}
]
},
{
"comment": "",
"deleted": false,
"description": "VirusTotal report",
"meta-category": "misc",
"name": "virustotal-report",
"template_uuid": "d7dd0154-e04f-4c34-a2fb-79f3a3a52aa4",
"template_version": "2",
"timestamp": "1555061898",
"uuid": "1c222ada-8f9b-4a30-9cb1-fc81cd47dee8",
"Attribute": [
{
"category": "Other",
"comment": "",
"deleted": false,
"disable_correlation": false,
"object_relation": "last-submission",
"timestamp": "1554925257",
"to_ids": false,
"type": "datetime",
"uuid": "169375e9-1b58-4214-866d-e2c4a3c5c84e",
"value": "2019-04-12T07:05:39"
},
{
"category": "Payload delivery",
"comment": "",
"deleted": false,
"disable_correlation": false,
"object_relation": "permalink",
"timestamp": "1554925257",
"to_ids": false,
"type": "link",
"uuid": "2f3db7b8-d698-4e25-8daa-32276f0a3898",
"value": "https://www.virustotal.com/file/49757cf85657757704656c079785c072bbc233cab942418d99d1f63d43f28359/analysis/1555052739/"
},
{
"category": "Payload delivery",
"comment": "",
"deleted": false,
"disable_correlation": true,
"object_relation": "detection-ratio",
"timestamp": "1554925257",
"to_ids": false,
"type": "text",
"uuid": "5d7317e9-1b1e-4918-82ab-5d104080f463",
"value": "36/70"
}
]
},
{
"comment": "",
"deleted": false,
"description": "VirusTotal report",
"meta-category": "misc",
"name": "virustotal-report",
"template_uuid": "d7dd0154-e04f-4c34-a2fb-79f3a3a52aa4",
"template_version": "2",
"timestamp": "1555061899",
"uuid": "1cba5ef3-2f91-4b11-855e-9480c7fb943d",
"Attribute": [
{
"category": "Other",
"comment": "",
"deleted": false,
"disable_correlation": false,
"object_relation": "last-submission",
"timestamp": "1554925262",
"to_ids": false,
"type": "datetime",
"uuid": "e6bfbca4-2d0d-43fd-b802-54656eed2ed7",
"value": "2019-04-12T07:13:35"
},
{
"category": "Payload delivery",
"comment": "",
"deleted": false,
"disable_correlation": false,
"object_relation": "permalink",
"timestamp": "1554925262",
"to_ids": false,
"type": "link",
"uuid": "5c7e5387-5ac8-429e-9723-0b09fb85a125",
"value": "https://www.virustotal.com/file/96a296d224f285c67bee93c30f8a309157f0daa35dc5b87e410b78630a09cfc7/analysis/1555053215/"
},
{
"category": "Payload delivery",
"comment": "",
"deleted": false,
"disable_correlation": true,
"object_relation": "detection-ratio",
"timestamp": "1554925262",
"to_ids": false,
"type": "text",
"uuid": "9ab6b257-3660-495e-9b89-4a5e2dd5cd9b",
"value": "0/55"
}
]
},
{
"comment": "",
"deleted": false,
"description": "VirusTotal report",
"meta-category": "misc",
"name": "virustotal-report",
"template_uuid": "d7dd0154-e04f-4c34-a2fb-79f3a3a52aa4",
"template_version": "2",
"timestamp": "1555061899",
"uuid": "c8b6f1f2-e727-4120-8d78-62dabe459c41",
"Attribute": [
{
"category": "Other",
"comment": "",
"deleted": false,
"disable_correlation": false,
"object_relation": "last-submission",
"timestamp": "1554925253",
"to_ids": false,
"type": "datetime",
"uuid": "ca6344f5-5e95-4271-a592-96ccf0314ee7",
"value": "2019-04-12T06:58:29"
},
{
"category": "Payload delivery",
"comment": "",
"deleted": false,
"disable_correlation": false,
"object_relation": "permalink",
"timestamp": "1554925253",
"to_ids": false,
"type": "link",
"uuid": "11acd5c2-b8ea-4c81-a710-332791eafeb2",
"value": "https://www.virustotal.com/file/70902623c9cd0cccc8513850072b70732d02c266c7b7e96d2d5b2ed4f5edc289/analysis/1555052309/"
},
{
"category": "Payload delivery",
"comment": "",
"deleted": false,
"disable_correlation": true,
"object_relation": "detection-ratio",
"timestamp": "1554925253",
"to_ids": false,
"type": "text",
"uuid": "8f3057df-8a46-4914-b1c2-daf7cc935600",
"value": "1/58"
}
]
},
{
"comment": "",
"deleted": false,
"description": "VirusTotal report",
"meta-category": "misc",
"name": "virustotal-report",
"template_uuid": "d7dd0154-e04f-4c34-a2fb-79f3a3a52aa4",
"template_version": "2",
"timestamp": "1555061899",
"uuid": "e25a593a-6702-4694-90f3-f0858a21b5e1",
"Attribute": [
{
"category": "Other",
"comment": "",
"deleted": false,
"disable_correlation": false,
"object_relation": "last-submission",
"timestamp": "1554925256",
"to_ids": false,
"type": "datetime",
"uuid": "60a0984e-0134-4ff8-a960-91448d364c54",
"value": "2019-04-12T06:23:12"
},
{
"category": "Payload delivery",
"comment": "",
"deleted": false,
"disable_correlation": false,
"object_relation": "permalink",
"timestamp": "1554925256",
"to_ids": false,
"type": "link",
"uuid": "4be1742a-c1cb-42d4-acdc-3d3b458b082b",
"value": "https://www.virustotal.com/file/12480585e08855109c5972e85d99cda7701fe992bc1754f1a0736f1eebcb004d/analysis/1555050192/"
},
{
"category": "Payload delivery",
"comment": "",
"deleted": false,
"disable_correlation": true,
"object_relation": "detection-ratio",
"timestamp": "1554925256",
"to_ids": false,
"type": "text",
"uuid": "d0ffa81e-eb31-409d-8fbb-ed9b5b60b2de",
"value": "25/68"
}
]
},
{
"comment": "",
"deleted": false,
"description": "VirusTotal report",
"meta-category": "misc",
"name": "virustotal-report",
"template_uuid": "d7dd0154-e04f-4c34-a2fb-79f3a3a52aa4",
"template_version": "2",
"timestamp": "1555061899",
"uuid": "d0962325-2049-4b8a-9cc0-8597888ef490",
"Attribute": [
{
"category": "Other",
"comment": "",
"deleted": false,
"disable_correlation": false,
"object_relation": "last-submission",
"timestamp": "1554925262",
"to_ids": false,
"type": "datetime",
"uuid": "ec85be6d-aa4e-44a6-88ba-d88198d2618a",
"value": "2019-04-12T07:16:31"
},
{
"category": "Payload delivery",
"comment": "",
"deleted": false,
"disable_correlation": false,
"object_relation": "permalink",
"timestamp": "1554925262",
"to_ids": false,
"type": "link",
"uuid": "69cedfb6-f6a1-4369-9e41-1a7fd072f9fc",
"value": "https://www.virustotal.com/file/d77fdabe17cdba62a8e728cbe6c740e2c2e541072501f77988674e07a05dfb39/analysis/1555053391/"
},
{
"category": "Payload delivery",
"comment": "",
"deleted": false,
"disable_correlation": true,
"object_relation": "detection-ratio",
"timestamp": "1554925262",
"to_ids": false,
"type": "text",
"uuid": "9c254329-ec28-4e83-b7de-de5a3689e449",
"value": "1/58"
}
]
},
{
"comment": "",
"deleted": false,
"description": "VirusTotal report",
"meta-category": "misc",
"name": "virustotal-report",
"template_uuid": "d7dd0154-e04f-4c34-a2fb-79f3a3a52aa4",
"template_version": "2",
"timestamp": "1555061899",
"uuid": "c6acfd6b-0a6a-40cc-8f76-c2fdf02f41d9",
"Attribute": [
{
"category": "Other",
"comment": "",
"deleted": false,
"disable_correlation": false,
"object_relation": "last-submission",
"timestamp": "1554925259",
"to_ids": false,
"type": "datetime",
"uuid": "210beb7e-7b30-4996-bb9c-983da46c984c",
"value": "2019-04-12T07:19:07"
},
{
"category": "Payload delivery",
"comment": "",
"deleted": false,
"disable_correlation": false,
"object_relation": "permalink",
"timestamp": "1554925259",
"to_ids": false,
"type": "link",
"uuid": "8b0d2ddb-72ae-4c60-956d-c33e57acb25a",
"value": "https://www.virustotal.com/file/4a74a9fd40b63218f7504f806fce71dffefc1b1d6ca4bbaadd720b6a89d47761/analysis/1555053547/"
},
{
"category": "Payload delivery",
"comment": "",
"deleted": false,
"disable_correlation": true,
"object_relation": "detection-ratio",
"timestamp": "1554925259",
"to_ids": false,
"type": "text",
"uuid": "848f612d-4a00-4188-adf7-42a0f95a1111",
"value": "22/71"
}
]
},
{
"comment": "",
"deleted": false,
"description": "VirusTotal report",
"meta-category": "misc",
"name": "virustotal-report",
"template_uuid": "d7dd0154-e04f-4c34-a2fb-79f3a3a52aa4",
"template_version": "2",
"timestamp": "1555061899",
"uuid": "292b76e3-83c8-4bb0-89c8-8105cf22899d",
"Attribute": [
{
"category": "Other",
"comment": "",
"deleted": false,
"disable_correlation": false,
"object_relation": "last-submission",
"timestamp": "1554925261",
"to_ids": false,
"type": "datetime",
"uuid": "66962cf2-1f81-405b-a0cc-9c327b5d5e50",
"value": "2019-04-12T06:23:21"
},
{
"category": "Payload delivery",
"comment": "",
"deleted": false,
"disable_correlation": false,
"object_relation": "permalink",
"timestamp": "1554925261",
"to_ids": false,
"type": "link",
"uuid": "c91547fb-0ccd-47ea-b791-305f804ae8df",
"value": "https://www.virustotal.com/file/70034b33f59c6698403293cdc28676c7daa8c49031089efa6eefce41e22dccb3/analysis/1555050201/"
},
{
"category": "Payload delivery",
"comment": "",
"deleted": false,
"disable_correlation": true,
"object_relation": "detection-ratio",
"timestamp": "1554925261",
"to_ids": false,
"type": "text",
"uuid": "0c36ffa3-a0fd-44bd-96bf-13e85d0438b1",
"value": "39/72"
}
]
},
{
"comment": "",
"deleted": false,
"description": "VirusTotal report",
"meta-category": "misc",
"name": "virustotal-report",
"template_uuid": "d7dd0154-e04f-4c34-a2fb-79f3a3a52aa4",
"template_version": "2",
"timestamp": "1555061899",
"uuid": "ae92ce2a-cac9-4284-8ce9-641e2a6d948b",
"Attribute": [
{
"category": "Other",
"comment": "",
"deleted": false,
"disable_correlation": false,
"object_relation": "last-submission",
"timestamp": "1554925260",
"to_ids": false,
"type": "datetime",
"uuid": "7f5f4ca8-184b-4f77-bae9-35bb13903da1",
"value": "2019-04-12T06:59:12"
},
{
"category": "Payload delivery",
"comment": "",
"deleted": false,
"disable_correlation": false,
"object_relation": "permalink",
"timestamp": "1554925260",
"to_ids": false,
"type": "link",
"uuid": "affa8f4f-0bba-4b33-b4fd-8515e13f42dd",
"value": "https://www.virustotal.com/file/83228075a604e955d59edc760e4c4ed16eedabfc8f6ac291cf21b4fcbcd1f70a/analysis/1555052352/"
},
{
"category": "Payload delivery",
"comment": "",
"deleted": false,
"disable_correlation": true,
"object_relation": "detection-ratio",
"timestamp": "1554925260",
"to_ids": false,
"type": "text",
"uuid": "e58118be-80c3-4569-b3a5-441bcd6d7b63",
"value": "8/70"
}
]
}
]
}
}