misp-circl-feed/feeds/circl/misp/5cd14624-0b24-4386-85f5-4e5e950d210f.json

{
  "Event": {
    "analysis": "2",
    "date": "2019-04-22",
    "extends_uuid": "",
    "info": "OSINT - CARBANAK Week - Fire Eye",
    "publish_timestamp": "1557314563",
    "published": true,
    "threat_level_id": "3",
    "timestamp": "1557308326",
    "uuid": "5cd14624-0b24-4386-85f5-4e5e950d210f",
    "Orgc": {
      "name": "CIRCL",
      "uuid": "55f6ea5e-2c60-40e5-964f-47a8950d210f"
    },
    "Tag": [
      {
        "colour": "#0088cc",
        "name": "misp-galaxy:malpedia=\"Carbanak\""
      },
      {
        "colour": "#0088cc",
        "name": "misp-galaxy:mitre-enterprise-attack-intrusion-set=\"Carbanak - G0008\""
      },
      {
        "colour": "#0088cc",
        "name": "misp-galaxy:mitre-enterprise-attack-malware=\"Carbanak - S0030\""
      },
      {
        "colour": "#0088cc",
        "name": "misp-galaxy:mitre-enterprise-attack-relationship=\"FIN7 uses Carbanak\""
      },
      {
        "colour": "#0088cc",
        "name": "misp-galaxy:mitre-intrusion-set=\"Carbanak - G0008\""
      },
      {
        "colour": "#0088cc",
        "name": "misp-galaxy:mitre-malware=\"Carbanak - S0030\""
      },
      {
        "colour": "#12e400",
        "name": "misp-galaxy:threat-actor=\"Anunak\""
      },
      {
        "colour": "#0088cc",
        "name": "misp-galaxy:mitre-enterprise-attack-intrusion-set=\"FIN7 - G0046\""
      },
      {
        "colour": "#0088cc",
        "name": "misp-galaxy:mitre-intrusion-set=\"FIN7\""
      },
      {
        "colour": "#0088cc",
        "name": "misp-galaxy:mitre-intrusion-set=\"FIN7 - G0046\""
      },
      {
        "colour": "#00b3b3",
        "name": "ecsirt:intrusions=\"backdoor\""
      },
      {
        "colour": "#00a9ce",
        "name": "veris:action:malware:variety=\"Backdoor\""
      },
      {
        "colour": "#2c0037",
        "name": "ms-caro-malware:malware-type=\"Backdoor\""
      },
      {
        "colour": "#001534",
        "name": "ms-caro-malware-full:malware-type=\"Backdoor\""
      },
      {
        "colour": "#3b7500",
        "name": "circl:incident-classification=\"malware\""
      },
      {
        "colour": "#00223b",
        "name": "osint:source-type=\"blog-post\""
      },
      {
        "colour": "#ffffff",
        "name": "tlp:white"
      }
    ],
    "Attribute": [
      {
        "category": "External analysis",
        "comment": "",
        "deleted": false,
        "disable_correlation": false,
        "timestamp": "1557218891",
        "to_ids": false,
        "type": "link",
        "uuid": "5cd1464b-5c38-40b2-bab2-44a3950d210f",
        "value": "https://www.fireeye.com/blog/threat-research/2019/04/carbanak-week-part-one-a-rare-occurrence.html"
      },
      {
        "category": "External analysis",
        "comment": "",
        "deleted": false,
        "disable_correlation": false,
        "timestamp": "1557218891",
        "to_ids": false,
        "type": "link",
        "uuid": "5cd1464b-f590-4342-96f5-4204950d210f",
        "value": "https://www.fireeye.com/blog/threat-research/2019/04/carbanak-week-part-two-continuing-source-code-analysis.html"
      },
      {
        "category": "External analysis",
        "comment": "",
        "deleted": false,
        "disable_correlation": false,
        "timestamp": "1557218891",
        "to_ids": false,
        "type": "link",
        "uuid": "5cd1464b-6008-4101-a704-4016950d210f",
        "value": "https://www.fireeye.com/blog/threat-research/2019/04/carbanak-week-part-three-behind-the-backdoor.html"
      },
      {
        "category": "External analysis",
        "comment": "",
        "deleted": false,
        "disable_correlation": false,
        "timestamp": "1557218891",
        "to_ids": false,
        "type": "link",
        "uuid": "5cd1464b-b6f8-4ea7-bf52-4cc2950d210f",
        "value": "https://www.fireeye.com/blog/threat-research/2019/04/carbanak-week-part-four-desktop-video-player.html"
      },
      {
        "category": "Network activity",
        "comment": "Status: Commented out - Threat Group Association: Earlier CARBANAK activity",
        "deleted": false,
        "disable_correlation": false,
        "timestamp": "1557236282",
        "to_ids": true,
        "type": "domain",
        "uuid": "5cd18a3a-c808-4674-8acc-41f8950d210f",
        "value": "comixed.org"
      },
      {
        "category": "Network activity",
        "comment": "Status: Commented out - Threat Group Association: Earlier CARBANAK activity",
        "deleted": false,
        "disable_correlation": false,
        "timestamp": "1557236282",
        "to_ids": true,
        "type": "ip-dst",
        "uuid": "5cd18a3a-3210-4ab0-9d58-4e65950d210f",
        "value": "194.146.180.40"
      },
      {
        "category": "Network activity",
        "comment": "Status: Active",
        "deleted": false,
        "disable_correlation": false,
        "timestamp": "1557236282",
        "to_ids": true,
        "type": "domain",
        "uuid": "5cd18a3a-9b74-4426-838f-44e7950d210f",
        "value": "aaaabbbbccccc.org"
      },
      {
        "category": "Network activity",
        "comment": "Status: Commented out - Threat Group Association: FIN7",
        "deleted": false,
        "disable_correlation": false,
        "timestamp": "1557236282",
        "to_ids": true,
        "type": "domain",
        "uuid": "5cd18a3a-8f68-448a-83bf-40c8950d210f",
        "value": "stats10-google.com"
      },
      {
        "category": "Network activity",
        "comment": "Status: Commented out",
        "deleted": false,
        "disable_correlation": false,
        "timestamp": "1557236282",
        "to_ids": true,
        "type": "ip-dst",
        "uuid": "5cd18a3a-6860-4dc8-a3f9-42c3950d210f",
        "value": "85.25.84.223"
      },
      {
        "category": "Network activity",
        "comment": "Status: Active",
        "deleted": false,
        "disable_correlation": false,
        "timestamp": "1557236282",
        "to_ids": true,
        "type": "domain",
        "uuid": "5cd18a3a-8a48-4dbf-886f-4ee9950d210f",
        "value": "qwqreererwere.com"
      },
      {
        "category": "Network activity",
        "comment": "Status: Commented out - Threat Group Association: Earlier CARBANAK activity",
        "deleted": false,
        "disable_correlation": false,
        "timestamp": "1557236282",
        "to_ids": true,
        "type": "domain",
        "uuid": "5cd18a3a-e23c-4ee0-b712-465d950d210f",
        "value": "akamai-technologies.org"
      },
      {
        "category": "Network activity",
        "comment": "Status: Compiled",
        "deleted": false,
        "disable_correlation": false,
        "timestamp": "1557236282",
        "to_ids": true,
        "type": "domain",
        "uuid": "5cd18a3a-78d4-45fd-b116-411e950d210f",
        "value": "hhklhlkhkjhjkjk.org"
      },
      {
        "category": "Network activity",
        "comment": "Status: Compiled - Threat Group Association: DNS infrastructure overlap with later FIN7 associated POWERSOURCE activity",
        "deleted": false,
        "disable_correlation": false,
        "timestamp": "1557236282",
        "to_ids": true,
        "type": "hostname",
        "uuid": "5cd18a3a-f414-49d6-b595-44b3950d210f",
        "value": "aaa.stage.4463714.news.meteonovosti.info"
      },
      {
        "category": "External analysis",
        "comment": "",
        "deleted": false,
        "disable_correlation": false,
        "timestamp": "1557296520",
        "to_ids": false,
        "type": "text",
        "uuid": "5cd27588-6cbc-4373-a9d7-4e5d950d210f",
        "value": "CARBANAK is one of the most full-featured backdoors around. It was used to perpetrate millions of dollars in financial crimes, largely by the group we track as FIN7. In 2017, Tom Bennett and Barry Vengerik published Behind the CARBANAK Backdoor, which was the product of a deep and broad analysis of CARBANAK samples and FIN7 activity across several years. On the heels of that publication, our colleague Nick Carr uncovered a pair of RAR archives containing CARBANAK source code, builders, and other tools (both available in VirusTotal: kb3r1p and apwmie)."
      },
      {
        "category": "Network activity",
        "comment": "Attribute #4905579 enriched by dns.",
        "deleted": false,
        "disable_correlation": false,
        "timestamp": "1557302578",
        "to_ids": false,
        "type": "ip-src",
        "uuid": "5cd28d32-4770-466b-b8c6-4655e387cbd9",
        "value": "107.181.155.151"
      },
      {
        "category": "Network activity",
        "comment": "Attribute #4905586 enriched by dns.",
        "deleted": false,
        "disable_correlation": false,
        "timestamp": "1557302581",
        "to_ids": false,
        "type": "ip-src",
        "uuid": "5cd28d35-7a48-4b05-b933-4fd2e387cbd9",
        "value": "23.253.126.58"
      }
    ],
    "Object": [
      {
        "comment": "",
        "deleted": false,
        "description": "An IP address (or domain or hostname) and a port seen as a tuple (or as a triple) in a specific time frame.",
        "meta-category": "network",
        "name": "ip-port",
        "template_uuid": "9f8cea74-16fe-4968-a2b4-026676949ac6",
        "template_version": "8",
        "timestamp": "1557219940",
        "uuid": "5cd14a64-a478-4a1d-bcaa-4af8950d210f",
        "Attribute": [
          {
            "category": "Network activity",
            "comment": "",
            "deleted": false,
            "disable_correlation": false,
            "object_relation": "hostname",
            "timestamp": "1557219940",
            "to_ids": true,
            "type": "hostname",
            "uuid": "5cd14a64-a93c-4312-9e8d-4210950d210f",
            "value": "vds2.system-host.net"
          },
          {
            "category": "Network activity",
            "comment": "",
            "deleted": false,
            "disable_correlation": false,
            "object_relation": "ip",
            "timestamp": "1557219941",
            "to_ids": true,
            "type": "ip-dst",
            "uuid": "5cd14a65-74d0-494d-aec6-4aac950d210f",
            "value": "104.193.252.151"
          },
          {
            "category": "Network activity",
            "comment": "",
            "deleted": false,
            "disable_correlation": true,
            "object_relation": "dst-port",
            "timestamp": "1557219941",
            "to_ids": false,
            "type": "port",
            "uuid": "5cd14a65-c57c-495d-9f2d-4795950d210f",
            "value": "443"
          },
          {
            "category": "Other",
            "comment": "",
            "deleted": false,
            "disable_correlation": true,
            "object_relation": "last-seen",
            "timestamp": "1557219941",
            "to_ids": false,
            "type": "datetime",
            "uuid": "5cd14a65-3f80-42e0-bc4e-4597950d210f",
            "value": "2019-04-26T14:49:12"
          }
        ]
      },
      {
        "comment": "",
        "deleted": false,
        "description": "An IP address (or domain or hostname) and a port seen as a tuple (or as a triple) in a specific time frame.",
        "meta-category": "network",
        "name": "ip-port",
        "template_uuid": "9f8cea74-16fe-4968-a2b4-026676949ac6",
        "template_version": "8",
        "timestamp": "1557221122",
        "uuid": "5cd14f02-6a40-4948-8120-41b7950d210f",
        "Attribute": [
          {
            "category": "Network activity",
            "comment": "",
            "deleted": false,
            "disable_correlation": false,
            "object_relation": "hostname",
            "timestamp": "1557221122",
            "to_ids": true,
            "type": "hostname",
            "uuid": "5cd14f02-d9c0-4b4d-8cea-435e950d210f",
            "value": "customer.clientshostname.com"
          },
          {
            "category": "Network activity",
            "comment": "",
            "deleted": false,
            "disable_correlation": false,
            "object_relation": "ip",
            "timestamp": "1557221122",
            "to_ids": true,
            "type": "ip-dst",
            "uuid": "5cd14f02-a570-4395-93ee-484f950d210f",
            "value": "185.180.196.35"
          },
          {
            "category": "Network activity",
            "comment": "",
            "deleted": false,
            "disable_correlation": true,
            "object_relation": "dst-port",
            "timestamp": "1557221122",
            "to_ids": false,
            "type": "port",
            "uuid": "5cd14f02-5394-49c2-bae9-45aa950d210f",
            "value": "443"
          },
          {
            "category": "Other",
            "comment": "",
            "deleted": false,
            "disable_correlation": true,
            "object_relation": "last-seen",
            "timestamp": "1557221122",
            "to_ids": false,
            "type": "datetime",
            "uuid": "5cd14f02-5a2c-4701-83dd-4eae950d210f",
            "value": "2019-04-24T07:44:30"
          }
        ]
      },
      {
        "comment": "",
        "deleted": false,
        "description": "An IP address (or domain or hostname) and a port seen as a tuple (or as a triple) in a specific time frame.",
        "meta-category": "network",
        "name": "ip-port",
        "template_uuid": "9f8cea74-16fe-4968-a2b4-026676949ac6",
        "template_version": "8",
        "timestamp": "1557221244",
        "uuid": "5cd14f7c-ed6c-4396-a8b8-48e9950d210f",
        "Attribute": [
          {
            "category": "Network activity",
            "comment": "",
            "deleted": false,
            "disable_correlation": false,
            "object_relation": "ip",
            "timestamp": "1557221244",
            "to_ids": true,
            "type": "ip-dst",
            "uuid": "5cd14f7c-cf3c-4933-a073-4c35950d210f",
            "value": "213.227.155.8"
          },
          {
            "category": "Network activity",
            "comment": "",
            "deleted": false,
            "disable_correlation": true,
            "object_relation": "dst-port",
            "timestamp": "1557221244",
            "to_ids": false,
            "type": "port",
            "uuid": "5cd14f7c-1c24-484a-9823-43e0950d210f",
            "value": "443"
          },
          {
            "category": "Other",
            "comment": "",
            "deleted": false,
            "disable_correlation": true,
            "object_relation": "last-seen",
            "timestamp": "1557221244",
            "to_ids": false,
            "type": "datetime",
            "uuid": "5cd14f7c-174c-49d0-a336-4580950d210f",
            "value": "2019-04-24T04:33:52"
          }
        ]
      },
      {
        "comment": "",
        "deleted": false,
        "description": "An IP address (or domain or hostname) and a port seen as a tuple (or as a triple) in a specific time frame.",
        "meta-category": "network",
        "name": "ip-port",
        "template_uuid": "9f8cea74-16fe-4968-a2b4-026676949ac6",
        "template_version": "8",
        "timestamp": "1557221320",
        "uuid": "5cd14fc8-cc7c-46e2-8498-456e950d210f",
        "Attribute": [
          {
            "category": "Network activity",
            "comment": "",
            "deleted": false,
            "disable_correlation": false,
            "object_relation": "ip",
            "timestamp": "1557221320",
            "to_ids": true,
            "type": "ip-dst",
            "uuid": "5cd14fc8-cb38-4fbb-8e71-490c950d210f",
            "value": "94.156.133.69"
          },
          {
            "category": "Network activity",
            "comment": "",
            "deleted": false,
            "disable_correlation": true,
            "object_relation": "dst-port",
            "timestamp": "1557221320",
            "to_ids": false,
            "type": "port",
            "uuid": "5cd14fc8-3884-4328-a6e7-4232950d210f",
            "value": "443"
          },
          {
            "category": "Other",
            "comment": "",
            "deleted": false,
            "disable_correlation": true,
            "object_relation": "last-seen",
            "timestamp": "1557221320",
            "to_ids": false,
            "type": "datetime",
            "uuid": "5cd14fc8-6524-41a0-9457-4b68950d210f",
            "value": "2018-11-15T10:27:07"
          }
        ]
      },
      {
        "comment": "",
        "deleted": false,
        "description": "An IP address (or domain or hostname) and a port seen as a tuple (or as a triple) in a specific time frame.",
        "meta-category": "network",
        "name": "ip-port",
        "template_uuid": "9f8cea74-16fe-4968-a2b4-026676949ac6",
        "template_version": "8",
        "timestamp": "1557222039",
        "uuid": "5cd15297-7048-4712-9572-4258950d210f",
        "Attribute": [
          {
            "category": "Network activity",
            "comment": "",
            "deleted": false,
            "disable_correlation": false,
            "object_relation": "ip",
            "timestamp": "1557222039",
            "to_ids": true,
            "type": "ip-dst",
            "uuid": "5cd15297-21a0-4998-b558-456c950d210f",
            "value": "185.174.172.241"
          },
          {
            "category": "Network activity",
            "comment": "",
            "deleted": false,
            "disable_correlation": true,
            "object_relation": "dst-port",
            "timestamp": "1557222039",
            "to_ids": false,
            "type": "port",
            "uuid": "5cd15297-db20-4d41-b7c7-40d5950d210f",
            "value": "443"
          },
          {
            "category": "Other",
            "comment": "",
            "deleted": false,
            "disable_correlation": true,
            "object_relation": "last-seen",
            "timestamp": "1557222039",
            "to_ids": false,
            "type": "datetime",
            "uuid": "5cd15297-ef24-478c-8a1e-4e17950d210f",
            "value": "2019-04-27T13:24:36"
          }
        ]
      },
      {
        "comment": "",
        "deleted": false,
        "description": "An IP address (or domain or hostname) and a port seen as a tuple (or as a triple) in a specific time frame.",
        "meta-category": "network",
        "name": "ip-port",
        "template_uuid": "9f8cea74-16fe-4968-a2b4-026676949ac6",
        "template_version": "8",
        "timestamp": "1557222113",
        "uuid": "5cd152e1-b8a0-4bcf-9ea3-4ca4950d210f",
        "Attribute": [
          {
            "category": "Network activity",
            "comment": "",
            "deleted": false,
            "disable_correlation": false,
            "object_relation": "ip",
            "timestamp": "1557222113",
            "to_ids": true,
            "type": "ip-dst",
            "uuid": "5cd152e1-821c-4bf4-8a92-43ca950d210f",
            "value": "109.230.199.227"
          },
          {
            "category": "Network activity",
            "comment": "",
            "deleted": false,
            "disable_correlation": true,
            "object_relation": "dst-port",
            "timestamp": "1557222113",
            "to_ids": false,
            "type": "port",
            "uuid": "5cd152e1-251c-468d-bdd9-401d950d210f",
            "value": "443"
          },
          {
            "category": "Other",
            "comment": "",
            "deleted": false,
            "disable_correlation": true,
            "object_relation": "last-seen",
            "timestamp": "1557222113",
            "to_ids": false,
            "type": "datetime",
            "uuid": "5cd152e1-4388-47c6-8780-4026950d210f",
            "value": "2019-04-27T13:24:36"
          }
        ]
      },
      {
        "comment": "Status: Commented out",
        "deleted": false,
        "description": "An IP address (or domain or hostname) and a port seen as a tuple (or as a triple) in a specific time frame.",
        "meta-category": "network",
        "name": "ip-port",
        "template_uuid": "9f8cea74-16fe-4968-a2b4-026676949ac6",
        "template_version": "8",
        "timestamp": "1557224775",
        "uuid": "5cd15d47-ed54-49b9-aeaa-4471950d210f",
        "Attribute": [
          {
            "category": "Network activity",
            "comment": "",
            "deleted": false,
            "disable_correlation": false,
            "object_relation": "ip",
            "timestamp": "1557224775",
            "to_ids": true,
            "type": "ip-dst",
            "uuid": "5cd15d47-c4b8-49fb-81d4-492a950d210f",
            "value": "37.1.212.100"
          },
          {
            "category": "Network activity",
            "comment": "",
            "deleted": false,
            "disable_correlation": true,
            "object_relation": "dst-port",
            "timestamp": "1557224775",
            "to_ids": false,
            "type": "port",
            "uuid": "5cd15d47-e980-4374-984d-4e05950d210f",
            "value": "700"
          }
        ]
      },
      {
        "comment": "Status: Commented out - Threat Group Association: Earlier CARBANAK activity",
        "deleted": false,
        "description": "An IP address (or domain or hostname) and a port seen as a tuple (or as a triple) in a specific time frame.",
        "meta-category": "network",
        "name": "ip-port",
        "template_uuid": "9f8cea74-16fe-4968-a2b4-026676949ac6",
        "template_version": "8",
        "timestamp": "1557224810",
        "uuid": "5cd15d6a-b964-4779-8f3a-43b5950d210f",
        "Attribute": [
          {
            "category": "Network activity",
            "comment": "",
            "deleted": false,
            "disable_correlation": false,
            "object_relation": "ip",
            "timestamp": "1557224810",
            "to_ids": true,
            "type": "ip-dst",
            "uuid": "5cd15d6a-b770-4f9d-b29b-4d29950d210f",
            "value": "188.138.98.105"
          },
          {
            "category": "Network activity",
            "comment": "",
            "deleted": false,
            "disable_correlation": true,
            "object_relation": "dst-port",
            "timestamp": "1557224811",
            "to_ids": false,
            "type": "port",
            "uuid": "5cd15d6b-bfbc-4488-a71b-47b5950d210f",
            "value": "710"
          }
        ]
      },
      {
        "comment": "Status: Commented out",
        "deleted": false,
        "description": "An IP address (or domain or hostname) and a port seen as a tuple (or as a triple) in a specific time frame.",
        "meta-category": "network",
        "name": "ip-port",
        "template_uuid": "9f8cea74-16fe-4968-a2b4-026676949ac6",
        "template_version": "8",
        "timestamp": "1557234557",
        "uuid": "5cd1837d-0694-4391-8cb9-364f950d210f",
        "Attribute": [
          {
            "category": "Network activity",
            "comment": "",
            "deleted": false,
            "disable_correlation": false,
            "object_relation": "ip",
            "timestamp": "1557234558",
            "to_ids": true,
            "type": "ip-dst",
            "uuid": "5cd1837e-199c-4f9b-8460-364f950d210f",
            "value": "80.84.49.50"
          },
          {
            "category": "Network activity",
            "comment": "",
            "deleted": false,
            "disable_correlation": true,
            "object_relation": "dst-port",
            "timestamp": "1557234558",
            "to_ids": false,
            "type": "port",
            "uuid": "5cd1837e-3e1c-4109-8e6c-364f950d210f",
            "value": "443"
          }
        ]
      },
      {
        "comment": "Status: Commented out",
        "deleted": false,
        "description": "An IP address (or domain or hostname) and a port seen as a tuple (or as a triple) in a specific time frame.",
        "meta-category": "network",
        "name": "ip-port",
        "template_uuid": "9f8cea74-16fe-4968-a2b4-026676949ac6",
        "template_version": "8",
        "timestamp": "1557235492",
        "uuid": "5cd18724-ce4c-410f-95db-b3d7950d210f",
        "Attribute": [
          {
            "category": "Network activity",
            "comment": "",
            "deleted": false,
            "disable_correlation": false,
            "object_relation": "ip",
            "timestamp": "1557235492",
            "to_ids": true,
            "type": "ip-dst",
            "uuid": "5cd18724-0dd8-473b-bb5a-b3d7950d210f",
            "value": "52.11.125.44"
          },
          {
            "category": "Network activity",
            "comment": "",
            "deleted": false,
            "disable_correlation": true,
            "object_relation": "dst-port",
            "timestamp": "1557235492",
            "to_ids": false,
            "type": "port",
            "uuid": "5cd18724-1acc-4132-ac62-b3d7950d210f",
            "value": "443"
          }
        ]
      },
      {
        "comment": "Status: Active",
        "deleted": false,
        "description": "An IP address (or domain or hostname) and a port seen as a tuple (or as a triple) in a specific time frame.",
        "meta-category": "network",
        "name": "ip-port",
        "template_uuid": "9f8cea74-16fe-4968-a2b4-026676949ac6",
        "template_version": "8",
        "timestamp": "1557235569",
        "uuid": "5cd18771-bac0-47c3-9a8c-a966950d210f",
        "Attribute": [
          {
            "category": "Network activity",
            "comment": "",
            "deleted": false,
            "disable_correlation": false,
            "object_relation": "ip",
            "timestamp": "1557308323",
            "to_ids": false,
            "type": "ip-dst",
            "uuid": "5cd18771-9f18-4005-a613-a966950d210f",
            "value": "192.168.0.100"
          },
          {
            "category": "Network activity",
            "comment": "",
            "deleted": false,
            "disable_correlation": true,
            "object_relation": "dst-port",
            "timestamp": "1557235569",
            "to_ids": false,
            "type": "port",
            "uuid": "5cd18771-ecd8-412a-a9de-a966950d210f",
            "value": "700"
          }
        ]
      },
      {
        "comment": "Status: Compiled",
        "deleted": false,
        "description": "An IP address (or domain or hostname) and a port seen as a tuple (or as a triple) in a specific time frame.",
        "meta-category": "network",
        "name": "ip-port",
        "template_uuid": "9f8cea74-16fe-4968-a2b4-026676949ac6",
        "template_version": "8",
        "timestamp": "1557235637",
        "uuid": "5cd187b5-1eb8-474a-ae22-a97c950d210f",
        "Attribute": [
          {
            "category": "Network activity",
            "comment": "",
            "deleted": false,
            "disable_correlation": false,
            "object_relation": "ip",
            "timestamp": "1557308326",
            "to_ids": false,
            "type": "ip-dst",
            "uuid": "5cd187b5-d93c-4c9a-9658-a97c950d210f",
            "value": "192.168.0.100"
          },
          {
            "category": "Network activity",
            "comment": "",
            "deleted": false,
            "disable_correlation": true,
            "object_relation": "dst-port",
            "timestamp": "1557235637",
            "to_ids": false,
            "type": "port",
            "uuid": "5cd187b5-0bc4-4376-8f80-a97c950d210f",
            "value": "700"
          }
        ]
      },
      {
        "comment": "Status: Active - Threat Group Association: Earlier CARBANAK activity",
        "deleted": false,
        "description": "An IP address (or domain or hostname) and a port seen as a tuple (or as a triple) in a specific time frame.",
        "meta-category": "network",
        "name": "ip-port",
        "template_uuid": "9f8cea74-16fe-4968-a2b4-026676949ac6",
        "template_version": "8",
        "timestamp": "1557236169",
        "uuid": "5cd189c9-dd18-4b41-9ad4-b3d7950d210f",
        "Attribute": [
          {
            "category": "Network activity",
            "comment": "",
            "deleted": false,
            "disable_correlation": false,
            "object_relation": "ip",
            "timestamp": "1557236169",
            "to_ids": true,
            "type": "ip-dst",
            "uuid": "5cd189c9-6e80-4c2c-8949-b3d7950d210f",
            "value": "193.203.48.23"
          },
          {
            "category": "Network activity",
            "comment": "",
            "deleted": false,
            "disable_correlation": true,
            "object_relation": "dst-port",
            "timestamp": "1557236169",
            "to_ids": false,
            "type": "port",
            "uuid": "5cd189c9-8d90-43dc-8664-b3d7950d210f",
            "value": "800"
          }
        ]
      }
    ]
  }
}