misp-circl-feed/feeds/circl/misp/5dfce305-c520-4a71-9094-47c702de0b81.json

1231 lines
41 KiB
JSON
Raw Normal View History

2023-04-21 13:25:09 +00:00
{
"Event": {
"analysis": "2",
"date": "2019-12-20",
"extends_uuid": "",
"info": "OSINT - TA505 evolves ServHelper, uses Predator The Thief and Team Viewer Hijacking",
"publish_timestamp": "1576855586",
"published": true,
"threat_level_id": "1",
"timestamp": "1576855575",
"uuid": "5dfce305-c520-4a71-9094-47c702de0b81",
"Orgc": {
"name": "CIRCL",
"uuid": "55f6ea5e-2c60-40e5-964f-47a8950d210f"
},
"Tag": [
{
"colour": "#0088cc",
"name": "misp-galaxy:threat-actor=\"TA505\""
},
{
"colour": "#004646",
"name": "type:OSINT"
},
{
"colour": "#0071c3",
"name": "osint:lifetime=\"perpetual\""
},
{
"colour": "#ffffff",
"name": "tlp:white"
}
],
"Attribute": [
{
"category": "External analysis",
"comment": "",
"deleted": false,
"disable_correlation": false,
"timestamp": "1576854301",
"to_ids": false,
"type": "link",
"uuid": "5dfce31d-72a0-4da4-9eb9-9a0402de0b81",
"value": "https://www.blueliv.com/cyber-security-and-cyber-threat-intelligence-blog-blueliv/research/servhelper-evolution-and-new-ta505-campaigns/"
},
{
"category": "Network activity",
"comment": "WinDef Download URL",
"deleted": false,
"disable_correlation": false,
"timestamp": "1576854380",
"to_ids": true,
"type": "url",
"uuid": "5dfce36c-7cbc-46d0-896f-8bb502de0b81",
"value": "http://96.9.211.157/sdf4r3r3/WinDef.msi"
},
{
"category": "Network activity",
"comment": "Predator C2",
"deleted": false,
"disable_correlation": false,
"timestamp": "1576854380",
"to_ids": true,
"type": "url",
"uuid": "5dfce36c-ba98-465b-84b9-8bb502de0b81",
"value": "https://soul-fly.xyz/api/gate.get"
},
{
"category": "Network activity",
"comment": "LDR_5622 URL1",
"deleted": false,
"disable_correlation": false,
"timestamp": "1576854380",
"to_ids": true,
"type": "url",
"uuid": "5dfce36c-478c-4cd0-8a28-8bb502de0b81",
"value": "https://artrolife.club/fhj37f34fdd/file1.exe"
},
{
"category": "Network activity",
"comment": "LDR_5622 URL2",
"deleted": false,
"disable_correlation": false,
"timestamp": "1576854380",
"to_ids": true,
"type": "url",
"uuid": "5dfce36c-2118-4510-90a4-8bb502de0b81",
"value": "http://supremeconnect.xyz/fdfg83574gd/file2.exe"
},
{
"category": "Network activity",
"comment": "Team Viewer Panel",
"deleted": false,
"disable_correlation": false,
"timestamp": "1576854380",
"to_ids": true,
"type": "url",
"uuid": "5dfce36c-6728-4ac9-aa75-8bb502de0b81",
"value": "http://0926tv.xyz/mystt34834ujf37data/"
},
{
"category": "Network activity",
"comment": "ServHelper NetSupport",
"deleted": false,
"disable_correlation": false,
"timestamp": "1576854380",
"to_ids": true,
"type": "url",
"uuid": "5dfce36c-80f0-4c21-99d5-8bb502de0b81",
"value": "http://gabardine.xyz/log.txt"
},
{
"category": "Network activity",
"comment": "ServHelper NetSupport",
"deleted": false,
"disable_correlation": false,
"timestamp": "1576854380",
"to_ids": true,
"type": "url",
"uuid": "5dfce36c-d5f4-42b3-be96-8bb502de0b81",
"value": "http://kuarela.xyz/1.txt"
},
{
"category": "Network activity",
"comment": "ServHelper NetSupport",
"deleted": false,
"disable_correlation": false,
"timestamp": "1576854380",
"to_ids": true,
"type": "url",
"uuid": "5dfce36c-01b4-46b5-ad90-8bb502de0b81",
"value": "http://foxlnklnk.xyz/pf1.txt"
},
{
"category": "Network activity",
"comment": "ServHelper NetSupport",
"deleted": false,
"disable_correlation": false,
"timestamp": "1576854381",
"to_ids": true,
"type": "url",
"uuid": "5dfce36d-f82c-4402-91d8-8bb502de0b81",
"value": "http://cafafafa.xyz/pf1.txt"
},
{
"category": "Network activity",
"comment": "ServHelper NetSupport",
"deleted": false,
"disable_correlation": false,
"timestamp": "1576854381",
"to_ids": true,
"type": "url",
"uuid": "5dfce36d-a700-44a4-a66e-8bb502de0b81",
"value": "http://letitbe.icu/2.txt"
},
{
"category": "Payload delivery",
"comment": "",
"deleted": false,
"disable_correlation": false,
"timestamp": "1576854985",
"to_ids": true,
"type": "md5",
"uuid": "5dfce5c9-85d4-411c-9374-8ba102de0b81",
"value": "9aa1b6bb7d53b008b6529b4a2f6bfada"
},
{
"category": "Payload delivery",
"comment": "",
"deleted": false,
"disable_correlation": false,
"timestamp": "1576854985",
"to_ids": true,
"type": "md5",
"uuid": "5dfce5c9-38f8-47e2-a063-8ba102de0b81",
"value": "a2e77ee41f4d4d3e8814d07d26ec5be3"
},
{
"category": "Payload delivery",
"comment": "",
"deleted": false,
"disable_correlation": false,
"timestamp": "1576854985",
"to_ids": true,
"type": "md5",
"uuid": "5dfce5c9-3ce4-4157-8ab1-8ba102de0b81",
"value": "77f46b13d858f83c3ce5bdc6ffbc8a95"
},
{
"category": "Payload delivery",
"comment": "",
"deleted": false,
"disable_correlation": false,
"timestamp": "1576854985",
"to_ids": true,
"type": "md5",
"uuid": "5dfce5c9-da10-4a2b-b7f2-8ba102de0b81",
"value": "de70f256b9fd194f6844d7aa81b17b4e"
},
{
"category": "Payload delivery",
"comment": "",
"deleted": false,
"disable_correlation": false,
"timestamp": "1576854985",
"to_ids": true,
"type": "md5",
"uuid": "5dfce5c9-b084-4b29-8b05-8ba102de0b81",
"value": "6954cee9db2533337e4425aceacc547b"
},
{
"category": "Payload delivery",
"comment": "",
"deleted": false,
"disable_correlation": false,
"timestamp": "1576854985",
"to_ids": true,
"type": "md5",
"uuid": "5dfce5c9-9d58-4ccf-90fd-8ba102de0b81",
"value": "a606d454b408b99aa9fc7ad774951621"
},
{
"category": "Payload delivery",
"comment": "",
"deleted": false,
"disable_correlation": false,
"timestamp": "1576854985",
"to_ids": true,
"type": "md5",
"uuid": "5dfce5c9-6d9c-472f-a1cf-8ba102de0b81",
"value": "92cc85c53e169b330fd8686d35259261"
},
{
"category": "Payload delivery",
"comment": "",
"deleted": false,
"disable_correlation": false,
"timestamp": "1576854985",
"to_ids": true,
"type": "md5",
"uuid": "5dfce5c9-e0b4-451b-bb30-8ba102de0b81",
"value": "a511410d5889fca07a0dd0a8c84d6c8a"
},
{
"category": "Payload delivery",
"comment": "",
"deleted": false,
"disable_correlation": false,
"timestamp": "1576854985",
"to_ids": true,
"type": "md5",
"uuid": "5dfce5c9-ce2c-4e36-a19e-8ba102de0b81",
"value": "c3c226ec03f393103b9df764df50f0bc"
}
],
"Object": [
{
"comment": "",
"deleted": false,
"description": "File object describing a file with meta-information",
"meta-category": "file",
"name": "file",
"template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215",
"template_version": "17",
"timestamp": "1576855002",
"uuid": "7c234dae-875e-49ec-adb2-43a8033db0e0",
"ObjectReference": [
{
"comment": "",
"object_uuid": "7c234dae-875e-49ec-adb2-43a8033db0e0",
"referenced_uuid": "0e3714b5-a8d2-46f9-b5a1-8fe5a19c6d34",
"relationship_type": "analysed-with",
"timestamp": "1576855007",
"uuid": "5dfce5df-8874-4a24-b470-498e02de0b81"
}
],
"Attribute": [
{
"category": "Payload delivery",
"comment": "",
"deleted": false,
"disable_correlation": false,
"object_relation": "md5",
"timestamp": "1576854985",
"to_ids": true,
"type": "md5",
"uuid": "f63f94a6-8b24-461d-bf43-081693430411",
"value": "de70f256b9fd194f6844d7aa81b17b4e"
},
{
"category": "Payload delivery",
"comment": "",
"deleted": false,
"disable_correlation": false,
"object_relation": "sha1",
"timestamp": "1576854985",
"to_ids": true,
"type": "sha1",
"uuid": "af817e6e-6d1d-469f-8a6d-f7089b177f8c",
"value": "8c14b7bc7d0f132b4a00062ebc84eca98074eb06"
},
{
"category": "Payload delivery",
"comment": "",
"deleted": false,
"disable_correlation": false,
"object_relation": "sha256",
"timestamp": "1576854985",
"to_ids": true,
"type": "sha256",
"uuid": "606ff880-d609-456c-9f8e-ec5ca0b95923",
"value": "ea42d2ae3f97bfd117f4d4f268ddcae4b1361becf1463d9003d6d2ad8e67d1a2"
}
]
},
{
"comment": "",
"deleted": false,
"description": "VirusTotal report",
"meta-category": "misc",
"name": "virustotal-report",
"template_uuid": "d7dd0154-e04f-4c34-a2fb-79f3a3a52aa4",
"template_version": "2",
"timestamp": "1576855002",
"uuid": "0e3714b5-a8d2-46f9-b5a1-8fe5a19c6d34",
"Attribute": [
{
"category": "Other",
"comment": "",
"deleted": false,
"disable_correlation": false,
"object_relation": "last-submission",
"timestamp": "1576854985",
"to_ids": false,
"type": "datetime",
"uuid": "a5271e19-09e7-404f-9171-76cd45767dfc",
"value": "2019-10-01T14:13:53"
},
{
"category": "Payload delivery",
"comment": "",
"deleted": false,
"disable_correlation": false,
"object_relation": "permalink",
"timestamp": "1576854985",
"to_ids": false,
"type": "link",
"uuid": "61098a77-079f-4c1c-8c07-2e426ff525e8",
"value": "https://www.virustotal.com/file/ea42d2ae3f97bfd117f4d4f268ddcae4b1361becf1463d9003d6d2ad8e67d1a2/analysis/1569939233/"
},
{
"category": "Payload delivery",
"comment": "",
"deleted": false,
"disable_correlation": true,
"object_relation": "detection-ratio",
"timestamp": "1576854985",
"to_ids": false,
"type": "text",
"uuid": "5d708598-582e-4e90-b781-495f5bef2a27",
"value": "42/71"
}
]
},
{
"comment": "",
"deleted": false,
"description": "File object describing a file with meta-information",
"meta-category": "file",
"name": "file",
"template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215",
"template_version": "17",
"timestamp": "1576855002",
"uuid": "69638f44-509c-45ab-80fc-97514283b206",
"ObjectReference": [
{
"comment": "",
"object_uuid": "69638f44-509c-45ab-80fc-97514283b206",
"referenced_uuid": "9f3593c3-2cb3-4192-a97e-5722f1e1ae4d",
"relationship_type": "analysed-with",
"timestamp": "1576855007",
"uuid": "5dfce5df-8900-4e9e-ba63-49b802de0b81"
}
],
"Attribute": [
{
"category": "Payload delivery",
"comment": "",
"deleted": false,
"disable_correlation": false,
"object_relation": "md5",
"timestamp": "1576854985",
"to_ids": true,
"type": "md5",
"uuid": "9673fb2f-ef66-4c28-afba-1eb493bed6b7",
"value": "a511410d5889fca07a0dd0a8c84d6c8a"
},
{
"category": "Payload delivery",
"comment": "",
"deleted": false,
"disable_correlation": false,
"object_relation": "sha1",
"timestamp": "1576854985",
"to_ids": true,
"type": "sha1",
"uuid": "e90ed67c-a4d5-4569-a49d-be7572d5f164",
"value": "c470685e7f2b4c1c1ff5a544824becef1f81c0de"
},
{
"category": "Payload delivery",
"comment": "",
"deleted": false,
"disable_correlation": false,
"object_relation": "sha256",
"timestamp": "1576854985",
"to_ids": true,
"type": "sha256",
"uuid": "4df48e0a-3cb8-45d3-bb74-0219110c7869",
"value": "1d0310aa5acb6974afe3c0c4be806500276f86ea0717f2c449ca59eb2756aa5a"
}
]
},
{
"comment": "",
"deleted": false,
"description": "VirusTotal report",
"meta-category": "misc",
"name": "virustotal-report",
"template_uuid": "d7dd0154-e04f-4c34-a2fb-79f3a3a52aa4",
"template_version": "2",
"timestamp": "1576855003",
"uuid": "9f3593c3-2cb3-4192-a97e-5722f1e1ae4d",
"Attribute": [
{
"category": "Other",
"comment": "",
"deleted": false,
"disable_correlation": false,
"object_relation": "last-submission",
"timestamp": "1576854985",
"to_ids": false,
"type": "datetime",
"uuid": "948e4fae-219b-42ce-8ba9-44a92f8a3ae7",
"value": "2019-12-03T04:36:27"
},
{
"category": "Payload delivery",
"comment": "",
"deleted": false,
"disable_correlation": false,
"object_relation": "permalink",
"timestamp": "1576854985",
"to_ids": false,
"type": "link",
"uuid": "ac8f3242-6e1d-468d-8fc0-a841bdcec64d",
"value": "https://www.virustotal.com/file/1d0310aa5acb6974afe3c0c4be806500276f86ea0717f2c449ca59eb2756aa5a/analysis/1575347787/"
},
{
"category": "Payload delivery",
"comment": "",
"deleted": false,
"disable_correlation": true,
"object_relation": "detection-ratio",
"timestamp": "1576854985",
"to_ids": false,
"type": "text",
"uuid": "1b012b4e-a10b-4681-9094-735f8272c584",
"value": "37/68"
}
]
},
{
"comment": "",
"deleted": false,
"description": "File object describing a file with meta-information",
"meta-category": "file",
"name": "file",
"template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215",
"template_version": "17",
"timestamp": "1576855003",
"uuid": "bf7c8c32-31da-4197-998f-95a2eda8b415",
"ObjectReference": [
{
"comment": "",
"object_uuid": "bf7c8c32-31da-4197-998f-95a2eda8b415",
"referenced_uuid": "c4a78b93-68c9-4dfc-940d-72bcb366da12",
"relationship_type": "analysed-with",
"timestamp": "1576855007",
"uuid": "5dfce5df-c070-47e6-abda-4d8802de0b81"
}
],
"Attribute": [
{
"category": "Payload delivery",
"comment": "",
"deleted": false,
"disable_correlation": false,
"object_relation": "md5",
"timestamp": "1576854985",
"to_ids": true,
"type": "md5",
"uuid": "04389c5f-53bf-4f98-bef1-3a9962179f91",
"value": "9aa1b6bb7d53b008b6529b4a2f6bfada"
},
{
"category": "Payload delivery",
"comment": "",
"deleted": false,
"disable_correlation": false,
"object_relation": "sha1",
"timestamp": "1576854985",
"to_ids": true,
"type": "sha1",
"uuid": "0637bcc2-5f25-4980-88e9-87fa3a6f8bc4",
"value": "e764a66692df3ecbfae0660a1d1e567be20e034d"
},
{
"category": "Payload delivery",
"comment": "",
"deleted": false,
"disable_correlation": false,
"object_relation": "sha256",
"timestamp": "1576854985",
"to_ids": true,
"type": "sha256",
"uuid": "b34bb93a-36a8-4067-9446-89d79530ee69",
"value": "d83063586bbdd28a3936fc508e69c0d880673fb985429ede6d0369c91250cbc2"
}
]
},
{
"comment": "",
"deleted": false,
"description": "VirusTotal report",
"meta-category": "misc",
"name": "virustotal-report",
"template_uuid": "d7dd0154-e04f-4c34-a2fb-79f3a3a52aa4",
"template_version": "2",
"timestamp": "1576855003",
"uuid": "c4a78b93-68c9-4dfc-940d-72bcb366da12",
"Attribute": [
{
"category": "Other",
"comment": "",
"deleted": false,
"disable_correlation": false,
"object_relation": "last-submission",
"timestamp": "1576854985",
"to_ids": false,
"type": "datetime",
"uuid": "dfe11c11-1352-4103-89f1-ecac42bf7a8b",
"value": "2019-11-15T10:55:08"
},
{
"category": "Payload delivery",
"comment": "",
"deleted": false,
"disable_correlation": false,
"object_relation": "permalink",
"timestamp": "1576854985",
"to_ids": false,
"type": "link",
"uuid": "536eee81-3ea3-4fb6-a0db-389783a109f2",
"value": "https://www.virustotal.com/file/d83063586bbdd28a3936fc508e69c0d880673fb985429ede6d0369c91250cbc2/analysis/1573815308/"
},
{
"category": "Payload delivery",
"comment": "",
"deleted": false,
"disable_correlation": true,
"object_relation": "detection-ratio",
"timestamp": "1576854985",
"to_ids": false,
"type": "text",
"uuid": "c3ef49b9-4ed9-43b6-a1cd-cc2163ffd434",
"value": "26/71"
}
]
},
{
"comment": "",
"deleted": false,
"description": "File object describing a file with meta-information",
"meta-category": "file",
"name": "file",
"template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215",
"template_version": "17",
"timestamp": "1576855003",
"uuid": "94aaa7da-30e3-49e8-93a2-379fea74854b",
"ObjectReference": [
{
"comment": "",
"object_uuid": "94aaa7da-30e3-49e8-93a2-379fea74854b",
"referenced_uuid": "92edb5af-e2af-4ff2-866d-9a9c87a75b8f",
"relationship_type": "analysed-with",
"timestamp": "1576855007",
"uuid": "5dfce5df-78e0-4edd-9893-45e602de0b81"
}
],
"Attribute": [
{
"category": "Payload delivery",
"comment": "",
"deleted": false,
"disable_correlation": false,
"object_relation": "md5",
"timestamp": "1576854985",
"to_ids": true,
"type": "md5",
"uuid": "a3883037-0432-44c2-aea2-9345ff7e163c",
"value": "c3c226ec03f393103b9df764df50f0bc"
},
{
"category": "Payload delivery",
"comment": "",
"deleted": false,
"disable_correlation": false,
"object_relation": "sha1",
"timestamp": "1576854985",
"to_ids": true,
"type": "sha1",
"uuid": "2f71a7d5-b559-412b-950a-5dfb167008db",
"value": "177f891063569d82f85fc931a5254f0c5acbee9f"
},
{
"category": "Payload delivery",
"comment": "",
"deleted": false,
"disable_correlation": false,
"object_relation": "sha256",
"timestamp": "1576854985",
"to_ids": true,
"type": "sha256",
"uuid": "725dd7f1-7378-4ba9-8d27-cf9ab2314852",
"value": "c6830cfbfc47d8623d4c8ba7121527a0104226037e1acd6d8a4f80e7da9ad2e0"
}
]
},
{
"comment": "",
"deleted": false,
"description": "VirusTotal report",
"meta-category": "misc",
"name": "virustotal-report",
"template_uuid": "d7dd0154-e04f-4c34-a2fb-79f3a3a52aa4",
"template_version": "2",
"timestamp": "1576855003",
"uuid": "92edb5af-e2af-4ff2-866d-9a9c87a75b8f",
"Attribute": [
{
"category": "Other",
"comment": "",
"deleted": false,
"disable_correlation": false,
"object_relation": "last-submission",
"timestamp": "1576854985",
"to_ids": false,
"type": "datetime",
"uuid": "e6c3486c-c499-4a99-b7b7-b2f48f92ee34",
"value": "2019-09-26T19:39:42"
},
{
"category": "Payload delivery",
"comment": "",
"deleted": false,
"disable_correlation": false,
"object_relation": "permalink",
"timestamp": "1576854985",
"to_ids": false,
"type": "link",
"uuid": "461ef55a-d9a5-4fb0-8e0b-1a04e2903a0f",
"value": "https://www.virustotal.com/file/c6830cfbfc47d8623d4c8ba7121527a0104226037e1acd6d8a4f80e7da9ad2e0/analysis/1569526782/"
},
{
"category": "Payload delivery",
"comment": "",
"deleted": false,
"disable_correlation": true,
"object_relation": "detection-ratio",
"timestamp": "1576854985",
"to_ids": false,
"type": "text",
"uuid": "671ac72d-aad7-426c-aa5d-0dabfe885696",
"value": "10/70"
}
]
},
{
"comment": "",
"deleted": false,
"description": "File object describing a file with meta-information",
"meta-category": "file",
"name": "file",
"template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215",
"template_version": "17",
"timestamp": "1576855004",
"uuid": "71982da2-49c2-49f4-95eb-e45f05d9f424",
"ObjectReference": [
{
"comment": "",
"object_uuid": "71982da2-49c2-49f4-95eb-e45f05d9f424",
"referenced_uuid": "b5df2442-478c-4296-b836-bab32bb0fc67",
"relationship_type": "analysed-with",
"timestamp": "1576855007",
"uuid": "5dfce5df-d88c-4058-970f-44a802de0b81"
}
],
"Attribute": [
{
"category": "Payload delivery",
"comment": "",
"deleted": false,
"disable_correlation": false,
"object_relation": "md5",
"timestamp": "1576854985",
"to_ids": true,
"type": "md5",
"uuid": "111b9e6c-6c4c-41c7-8338-ea6a0a380bbe",
"value": "6954cee9db2533337e4425aceacc547b"
},
{
"category": "Payload delivery",
"comment": "",
"deleted": false,
"disable_correlation": false,
"object_relation": "sha1",
"timestamp": "1576854985",
"to_ids": true,
"type": "sha1",
"uuid": "c80dfb3d-da97-4e59-92ee-442143e008b6",
"value": "da3973333643735f740f832ebb914faedc3385fa"
},
{
"category": "Payload delivery",
"comment": "",
"deleted": false,
"disable_correlation": false,
"object_relation": "sha256",
"timestamp": "1576854985",
"to_ids": true,
"type": "sha256",
"uuid": "8c718287-d13b-4e05-b348-247ca84a5722",
"value": "70fdeda60efc1265d71ecb6893760aea7404096a1b2c3daf9760c544d9dd8a72"
}
]
},
{
"comment": "",
"deleted": false,
"description": "VirusTotal report",
"meta-category": "misc",
"name": "virustotal-report",
"template_uuid": "d7dd0154-e04f-4c34-a2fb-79f3a3a52aa4",
"template_version": "2",
"timestamp": "1576855004",
"uuid": "b5df2442-478c-4296-b836-bab32bb0fc67",
"Attribute": [
{
"category": "Other",
"comment": "",
"deleted": false,
"disable_correlation": false,
"object_relation": "last-submission",
"timestamp": "1576854985",
"to_ids": false,
"type": "datetime",
"uuid": "7d9d833a-6c37-41f1-9a3b-687e60b43784",
"value": "2019-10-03T06:11:45"
},
{
"category": "Payload delivery",
"comment": "",
"deleted": false,
"disable_correlation": false,
"object_relation": "permalink",
"timestamp": "1576854985",
"to_ids": false,
"type": "link",
"uuid": "b13d1871-894a-46c6-a401-61de32ac5d85",
"value": "https://www.virustotal.com/file/70fdeda60efc1265d71ecb6893760aea7404096a1b2c3daf9760c544d9dd8a72/analysis/1570083105/"
},
{
"category": "Payload delivery",
"comment": "",
"deleted": false,
"disable_correlation": true,
"object_relation": "detection-ratio",
"timestamp": "1576854985",
"to_ids": false,
"type": "text",
"uuid": "da84ee46-40da-4f54-8200-940c0eb3cde2",
"value": "37/70"
}
]
},
{
"comment": "",
"deleted": false,
"description": "File object describing a file with meta-information",
"meta-category": "file",
"name": "file",
"template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215",
"template_version": "17",
"timestamp": "1576855004",
"uuid": "3b6714ab-d534-449f-8eae-856904fe477b",
"ObjectReference": [
{
"comment": "",
"object_uuid": "3b6714ab-d534-449f-8eae-856904fe477b",
"referenced_uuid": "22c0164b-71a4-4a76-b04e-ed9894751cae",
"relationship_type": "analysed-with",
"timestamp": "1576855007",
"uuid": "5dfce5df-1b84-443d-bbf6-45e102de0b81"
}
],
"Attribute": [
{
"category": "Payload delivery",
"comment": "",
"deleted": false,
"disable_correlation": false,
"object_relation": "md5",
"timestamp": "1576854985",
"to_ids": true,
"type": "md5",
"uuid": "37a4b726-088f-4275-9815-61392d6c874e",
"value": "a2e77ee41f4d4d3e8814d07d26ec5be3"
},
{
"category": "Payload delivery",
"comment": "",
"deleted": false,
"disable_correlation": false,
"object_relation": "sha1",
"timestamp": "1576854985",
"to_ids": true,
"type": "sha1",
"uuid": "e471fc42-7759-4f29-9240-6b7721b616fd",
"value": "e07292223d53785c61e4d4e33126e71d69527cbd"
},
{
"category": "Payload delivery",
"comment": "",
"deleted": false,
"disable_correlation": false,
"object_relation": "sha256",
"timestamp": "1576854985",
"to_ids": true,
"type": "sha256",
"uuid": "e1864cd2-1575-4d8b-9969-66eaa56ba012",
"value": "1b94a8fa7d412d6722931d55792b38fc5f4edae99b3e7be98c260ae603f6e6eb"
}
]
},
{
"comment": "",
"deleted": false,
"description": "VirusTotal report",
"meta-category": "misc",
"name": "virustotal-report",
"template_uuid": "d7dd0154-e04f-4c34-a2fb-79f3a3a52aa4",
"template_version": "2",
"timestamp": "1576855004",
"uuid": "22c0164b-71a4-4a76-b04e-ed9894751cae",
"Attribute": [
{
"category": "Other",
"comment": "",
"deleted": false,
"disable_correlation": false,
"object_relation": "last-submission",
"timestamp": "1576854985",
"to_ids": false,
"type": "datetime",
"uuid": "2dccaf5f-a350-4c18-94b1-aaf6f4bd97ff",
"value": "2019-12-03T04:36:19"
},
{
"category": "Payload delivery",
"comment": "",
"deleted": false,
"disable_correlation": false,
"object_relation": "permalink",
"timestamp": "1576854985",
"to_ids": false,
"type": "link",
"uuid": "22ba39fc-e09e-4737-9e98-a71026bbbc33",
"value": "https://www.virustotal.com/file/1b94a8fa7d412d6722931d55792b38fc5f4edae99b3e7be98c260ae603f6e6eb/analysis/1575347779/"
},
{
"category": "Payload delivery",
"comment": "",
"deleted": false,
"disable_correlation": true,
"object_relation": "detection-ratio",
"timestamp": "1576854985",
"to_ids": false,
"type": "text",
"uuid": "7cd33bde-eca9-40b1-a030-151bf7acbab8",
"value": "38/63"
}
]
},
{
"comment": "",
"deleted": false,
"description": "File object describing a file with meta-information",
"meta-category": "file",
"name": "file",
"template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215",
"template_version": "17",
"timestamp": "1576855004",
"uuid": "09a93a47-f8a4-4c0f-b36b-1f176b4434a8",
"ObjectReference": [
{
"comment": "",
"object_uuid": "09a93a47-f8a4-4c0f-b36b-1f176b4434a8",
"referenced_uuid": "c9c85791-3555-477e-9b9f-4ac28c080f8b",
"relationship_type": "analysed-with",
"timestamp": "1576855007",
"uuid": "5dfce5df-2fd8-4780-b3af-4f0702de0b81"
}
],
"Attribute": [
{
"category": "Payload delivery",
"comment": "",
"deleted": false,
"disable_correlation": false,
"object_relation": "md5",
"timestamp": "1576854985",
"to_ids": true,
"type": "md5",
"uuid": "af9cdc6b-167b-46c8-93c4-c08fdae726da",
"value": "77f46b13d858f83c3ce5bdc6ffbc8a95"
},
{
"category": "Payload delivery",
"comment": "",
"deleted": false,
"disable_correlation": false,
"object_relation": "sha1",
"timestamp": "1576854985",
"to_ids": true,
"type": "sha1",
"uuid": "229ef9f8-e64f-4648-8a0e-803beccad895",
"value": "d08b44e8aed3aa013827d5aeef901fed360c57fb"
},
{
"category": "Payload delivery",
"comment": "",
"deleted": false,
"disable_correlation": false,
"object_relation": "sha256",
"timestamp": "1576854985",
"to_ids": true,
"type": "sha256",
"uuid": "54a9505c-57cb-488d-921f-3354592c813c",
"value": "97d68390ccece4c1834e5917ea8f5e50f16ae8166fc29f7ddb8056e48a878fbf"
}
]
},
{
"comment": "",
"deleted": false,
"description": "VirusTotal report",
"meta-category": "misc",
"name": "virustotal-report",
"template_uuid": "d7dd0154-e04f-4c34-a2fb-79f3a3a52aa4",
"template_version": "2",
"timestamp": "1576855004",
"uuid": "c9c85791-3555-477e-9b9f-4ac28c080f8b",
"Attribute": [
{
"category": "Other",
"comment": "",
"deleted": false,
"disable_correlation": false,
"object_relation": "last-submission",
"timestamp": "1576854985",
"to_ids": false,
"type": "datetime",
"uuid": "998f01f8-1c0f-4c68-9923-148dd4525864",
"value": "2019-09-27T17:09:02"
},
{
"category": "Payload delivery",
"comment": "",
"deleted": false,
"disable_correlation": false,
"object_relation": "permalink",
"timestamp": "1576854985",
"to_ids": false,
"type": "link",
"uuid": "537c2145-8681-4e28-8c31-9ba67d642300",
"value": "https://www.virustotal.com/file/97d68390ccece4c1834e5917ea8f5e50f16ae8166fc29f7ddb8056e48a878fbf/analysis/1569604142/"
},
{
"category": "Payload delivery",
"comment": "",
"deleted": false,
"disable_correlation": true,
"object_relation": "detection-ratio",
"timestamp": "1576854985",
"to_ids": false,
"type": "text",
"uuid": "e8cb3e8f-e0c7-473f-a527-6e3e712a9a67",
"value": "25/59"
}
]
},
{
"comment": "",
"deleted": false,
"description": "File object describing a file with meta-information",
"meta-category": "file",
"name": "file",
"template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215",
"template_version": "17",
"timestamp": "1576855005",
"uuid": "ea68f105-92dd-4589-ac6b-19c493f351cc",
"ObjectReference": [
{
"comment": "",
"object_uuid": "ea68f105-92dd-4589-ac6b-19c493f351cc",
"referenced_uuid": "66903195-a97f-4dcd-9282-66d1a8c48d53",
"relationship_type": "analysed-with",
"timestamp": "1576855007",
"uuid": "5dfce5df-37d4-4615-a14a-46fa02de0b81"
}
],
"Attribute": [
{
"category": "Payload delivery",
"comment": "",
"deleted": false,
"disable_correlation": false,
"object_relation": "md5",
"timestamp": "1576854985",
"to_ids": true,
"type": "md5",
"uuid": "1fb21c50-fda7-4937-a29b-05c56b6d19ce",
"value": "92cc85c53e169b330fd8686d35259261"
},
{
"category": "Payload delivery",
"comment": "",
"deleted": false,
"disable_correlation": false,
"object_relation": "sha1",
"timestamp": "1576854985",
"to_ids": true,
"type": "sha1",
"uuid": "8881e81f-7e84-4367-8d5f-2da9211bf3d0",
"value": "4d30c482886f3369731914f6db4100e84fa8cf27"
},
{
"category": "Payload delivery",
"comment": "",
"deleted": false,
"disable_correlation": false,
"object_relation": "sha256",
"timestamp": "1576854985",
"to_ids": true,
"type": "sha256",
"uuid": "3cd0bd5e-4dbc-4001-b9b7-62e95d2b4c10",
"value": "ec03d56bc3064f38cde8866d08f52aa70b7cd12d8e61c36c0576c45964bef248"
}
]
},
{
"comment": "",
"deleted": false,
"description": "VirusTotal report",
"meta-category": "misc",
"name": "virustotal-report",
"template_uuid": "d7dd0154-e04f-4c34-a2fb-79f3a3a52aa4",
"template_version": "2",
"timestamp": "1576855005",
"uuid": "66903195-a97f-4dcd-9282-66d1a8c48d53",
"Attribute": [
{
"category": "Other",
"comment": "",
"deleted": false,
"disable_correlation": false,
"object_relation": "last-submission",
"timestamp": "1576854985",
"to_ids": false,
"type": "datetime",
"uuid": "d5d1c38a-ccc9-491d-812e-a5b0f06223ee",
"value": "2019-12-14T05:52:55"
},
{
"category": "Payload delivery",
"comment": "",
"deleted": false,
"disable_correlation": false,
"object_relation": "permalink",
"timestamp": "1576854985",
"to_ids": false,
"type": "link",
"uuid": "e3f4fa91-809b-4420-8245-bf5f47417265",
"value": "https://www.virustotal.com/file/ec03d56bc3064f38cde8866d08f52aa70b7cd12d8e61c36c0576c45964bef248/analysis/1576302775/"
},
{
"category": "Payload delivery",
"comment": "",
"deleted": false,
"disable_correlation": true,
"object_relation": "detection-ratio",
"timestamp": "1576854985",
"to_ids": false,
"type": "text",
"uuid": "4a882389-39f1-47d2-b8fe-01c261f76fbf",
"value": "53/71"
}
]
},
{
"comment": "",
"deleted": false,
"description": "File object describing a file with meta-information",
"meta-category": "file",
"name": "file",
"template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215",
"template_version": "17",
"timestamp": "1576855005",
"uuid": "f0b007bd-4038-4c0f-bb89-03e6f0e131f7",
"ObjectReference": [
{
"comment": "",
"object_uuid": "f0b007bd-4038-4c0f-bb89-03e6f0e131f7",
"referenced_uuid": "2ac81cf5-9a0c-4527-955d-02e0bd5eadd1",
"relationship_type": "analysed-with",
"timestamp": "1576855007",
"uuid": "5dfce5df-e23c-420b-b208-4df802de0b81"
}
],
"Attribute": [
{
"category": "Payload delivery",
"comment": "",
"deleted": false,
"disable_correlation": false,
"object_relation": "md5",
"timestamp": "1576854985",
"to_ids": true,
"type": "md5",
"uuid": "0d5e18e0-1101-439e-81f8-bc9da64525d8",
"value": "a606d454b408b99aa9fc7ad774951621"
},
{
"category": "Payload delivery",
"comment": "",
"deleted": false,
"disable_correlation": false,
"object_relation": "sha1",
"timestamp": "1576854985",
"to_ids": true,
"type": "sha1",
"uuid": "aaea76c7-3165-478e-a6e8-83aed656882c",
"value": "5963233ae8e9382178169a2efe236598dfc7466c"
},
{
"category": "Payload delivery",
"comment": "",
"deleted": false,
"disable_correlation": false,
"object_relation": "sha256",
"timestamp": "1576854985",
"to_ids": true,
"type": "sha256",
"uuid": "ae9cac6b-a479-478f-be0b-01874780e2e4",
"value": "c45a4fea0271bfe8d86468e549bee28575f9d5446d49d4e022e7678aedb72715"
}
]
},
{
"comment": "",
"deleted": false,
"description": "VirusTotal report",
"meta-category": "misc",
"name": "virustotal-report",
"template_uuid": "d7dd0154-e04f-4c34-a2fb-79f3a3a52aa4",
"template_version": "2",
"timestamp": "1576855005",
"uuid": "2ac81cf5-9a0c-4527-955d-02e0bd5eadd1",
"Attribute": [
{
"category": "Other",
"comment": "",
"deleted": false,
"disable_correlation": false,
"object_relation": "last-submission",
"timestamp": "1576854985",
"to_ids": false,
"type": "datetime",
"uuid": "9d29948f-941b-4229-8319-2e1d7912082f",
"value": "2019-10-07T10:31:06"
},
{
"category": "Payload delivery",
"comment": "",
"deleted": false,
"disable_correlation": false,
"object_relation": "permalink",
"timestamp": "1576854985",
"to_ids": false,
"type": "link",
"uuid": "57bade74-adee-47a2-acb1-283f69e39be2",
"value": "https://www.virustotal.com/file/c45a4fea0271bfe8d86468e549bee28575f9d5446d49d4e022e7678aedb72715/analysis/1570444266/"
},
{
"category": "Payload delivery",
"comment": "",
"deleted": false,
"disable_correlation": true,
"object_relation": "detection-ratio",
"timestamp": "1576854985",
"to_ids": false,
"type": "text",
"uuid": "1cfe29e5-5c2b-48e3-b459-750ed560cd08",
"value": "4/56"
}
]
}
]
}
}