misp-circl-feed/feeds/circl/misp/5e2a97e7-4bd4-41c4-8aaf-4262950d210f.json

959 lines
33 KiB
JSON
Raw Normal View History

2023-04-21 13:25:09 +00:00
{
"Event": {
"analysis": "0",
"date": "2020-01-23",
"extends_uuid": "",
"info": "OSINT - Iranian PupyRAT Bites Middle Eastern Organizations",
"publish_timestamp": "1582700269",
"published": true,
"threat_level_id": "1",
"timestamp": "1582700226",
"uuid": "5e2a97e7-4bd4-41c4-8aaf-4262950d210f",
"Orgc": {
"name": "CIRCL",
"uuid": "55f6ea5e-2c60-40e5-964f-47a8950d210f"
},
"Tag": [
{
"colour": "#0088cc",
"name": "misp-galaxy:mitre-enterprise-attack-tool=\"Pupy - S0192\""
},
{
"colour": "#0088cc",
"name": "misp-galaxy:mitre-tool=\"Pupy - S0192\""
},
{
"colour": "#0088cc",
"name": "misp-galaxy:tool=\"PupyRAT\""
},
{
"colour": "#0088cc",
"name": "misp-galaxy:mitre-enterprise-attack-intrusion-set=\"Magic Hound\""
},
{
"colour": "#0088cc",
"name": "misp-galaxy:mitre-enterprise-attack-intrusion-set=\"Magic Hound - G0059\""
},
{
"colour": "#0088cc",
"name": "misp-galaxy:mitre-intrusion-set=\"Magic Hound - G0059\""
},
{
"colour": "#12dc00",
"name": "misp-galaxy:threat-actor=\"Cleaver\""
},
{
"colour": "#0088cc",
"name": "misp-galaxy:threat-actor=\"OilRig\""
},
{
"colour": "#0088cc",
"name": "misp-galaxy:threat-actor=\"APT35\""
},
{
"colour": "#440055",
"name": "ms-caro-malware:malware-type=\"RemoteAccess\""
},
{
"colour": "#4bec00",
"name": "enisa:nefarious-activity-abuse=\"remote-access-tool\""
},
{
"colour": "#008ba9",
"name": "veris:asset:variety=\"S - Remote access\""
},
{
"colour": "#00bde6",
"name": "veris:action:misuse:vector=\"Remote access\""
},
{
"colour": "#001739",
"name": "ms-caro-malware-full:malware-type=\"RemoteAccess\""
},
{
"colour": "#5f0044",
"name": "CERT-XLM:malicious-code=\"spyware-rat\""
},
{
"colour": "#004646",
"name": "type:OSINT"
},
{
"colour": "#0071c3",
"name": "osint:lifetime=\"perpetual\""
},
{
"colour": "#0087e8",
"name": "osint:certainty=\"50\""
},
{
"colour": "#ffffff",
"name": "tlp:white"
}
],
"Attribute": [
{
"category": "Network activity",
"comment": "Hosting PowerShell stages of PupyRAT download",
"deleted": false,
"disable_correlation": false,
"timestamp": "1580307698",
"to_ids": true,
"type": "ip-dst",
"uuid": "5e3194f2-e0f0-432a-bc5d-aea2950d210f",
"value": "139.59.46.154"
},
{
"category": "Network activity",
"comment": "PupyRAT command and control server",
"deleted": false,
"disable_correlation": false,
"timestamp": "1580307700",
"to_ids": true,
"type": "ip-dst",
"uuid": "5e3194f4-98d0-4693-9695-aea2950d210f",
"value": "89.107.62.39"
}
],
"Object": [
{
"comment": "",
"deleted": false,
"description": "Microblog post like a Twitter tweet or a post on a Facebook wall.",
"first_seen": "2026-05-13T21:15:00+00:00",
"meta-category": "misc",
"name": "microblog",
"template_uuid": "8ec8c911-ddbe-4f5b-895b-fbff70c42a60",
"template_version": "10",
"timestamp": "1579852427",
"uuid": "5e2a9a69-4f24-4f73-983b-478b950d210f",
"Attribute": [
{
"category": "Other",
"comment": "",
"deleted": false,
"disable_correlation": false,
"first_seen": "2026-05-13T21:15:00+00:00",
"object_relation": "post",
"timestamp": "1579851871",
"to_ids": false,
"type": "text",
"uuid": "5e2a9a69-57e8-40b5-a0bb-4768950d210f",
"value": "Thanks for reaching out @QW5kcmV3\r\n! Here is the report that mentions COBALT GYPSY use of the OST PupyRAT (https://secureworks.com/blog/iranian-pupyrat-bites-middle-eastern-organizations). Iran-nexus group overlaps are a fun challenge to deconstruct\u00e2\u20ac\u00a6Always appreciate the constructive feedback!\u00e2\u20ac\u00a6"
},
{
"category": "Other",
"comment": "",
"deleted": false,
"disable_correlation": true,
"first_seen": "2026-05-13T21:15:00+00:00",
"object_relation": "type",
"timestamp": "1579851871",
"to_ids": false,
"type": "text",
"uuid": "5e2aa05f-4cd0-4f9b-9d01-49de950d210f",
"value": "Twitter"
},
{
"category": "External analysis",
"comment": "",
"deleted": false,
"disable_correlation": false,
"first_seen": "2026-05-13T21:15:00+00:00",
"object_relation": "link",
"timestamp": "1579851872",
"to_ids": false,
"type": "link",
"uuid": "5e2aa060-7c98-4c40-9641-4b5f950d210f",
"value": "https://mobile.twitter.com/maggintel/status/1220440024631644160"
},
{
"category": "External analysis",
"comment": "",
"deleted": false,
"disable_correlation": false,
"first_seen": "2026-05-13T21:15:00+00:00",
"object_relation": "embedded-safe-link",
"timestamp": "1579852427",
"to_ids": false,
"type": "link",
"uuid": "5e2aa060-5a2c-4588-ba48-4f90950d210f",
"value": "https://www.secureworks.com/blog/iranian-pupyrat-bites-middle-eastern-organizations",
"Tag": [
{
"colour": "#002b4a",
"name": "osint:source-type=\"technical-report\""
}
]
},
{
"category": "External analysis",
"comment": "",
"deleted": false,
"disable_correlation": false,
"first_seen": "2026-05-13T21:15:00+00:00",
"object_relation": "embedded-safe-link",
"timestamp": "1579851872",
"to_ids": false,
"type": "link",
"uuid": "5e2aa060-8c70-4462-8ead-45bf950d210f",
"value": "https://t.co/NP4e8FXfKI?amp=1"
},
{
"category": "Other",
"comment": "",
"deleted": false,
"disable_correlation": false,
"first_seen": "2026-05-13T21:15:00+00:00",
"object_relation": "username-quoted",
"timestamp": "1579851872",
"to_ids": false,
"type": "text",
"uuid": "5e2aa060-9c48-4326-96bd-4301950d210f",
"value": "@QW5kcmV3"
},
{
"category": "Other",
"comment": "",
"deleted": false,
"disable_correlation": false,
"first_seen": "2026-05-13T21:15:00+00:00",
"object_relation": "verified-username",
"timestamp": "1579851872",
"to_ids": false,
"type": "text",
"uuid": "5e2aa060-1864-4154-9d99-43e1950d210f",
"value": "Unverified"
},
{
"category": "Other",
"comment": "",
"deleted": false,
"disable_correlation": true,
"first_seen": "2026-05-13T21:15:00+00:00",
"object_relation": "state",
"timestamp": "1579851872",
"to_ids": false,
"type": "text",
"uuid": "5e2aa060-e708-4e1f-8e34-4e22950d210f",
"value": "Informative"
},
{
"category": "Other",
"comment": "",
"deleted": false,
"disable_correlation": false,
"first_seen": "2026-05-13T21:15:00+00:00",
"object_relation": "username",
"timestamp": "1579851872",
"to_ids": false,
"type": "text",
"uuid": "5e2aa060-e184-4c09-afb0-4b1d950d210f",
"value": "maggintel"
}
]
},
{
"comment": "Associated organization : National Technology Group, a Saudi Arabian telecommunications company",
"deleted": false,
"description": "A domain and IP address seen as a tuple in a specific time frame.",
"meta-category": "network",
"name": "domain-ip",
"template_uuid": "43b3b146-77eb-4931-b4cc-b66c60f28734",
"template_version": "6",
"timestamp": "1582700226",
"uuid": "5e3187c7-9b64-4c78-b33f-1c2f950d210f",
"Attribute": [
{
"category": "Network activity",
"comment": "",
"deleted": false,
"disable_correlation": false,
"object_relation": "ip",
"timestamp": "1580304327",
"to_ids": true,
"type": "ip-dst",
"uuid": "5e3187c7-da78-4519-9745-1c2f950d210f",
"value": "45.32.186.33"
},
{
"category": "Network activity",
"comment": "Spoofed domain",
"deleted": false,
"disable_correlation": false,
"object_relation": "domain",
"timestamp": "1580304327",
"to_ids": true,
"type": "domain",
"uuid": "5e3187c7-3ca8-4aaf-94b0-1c2f950d210f",
"value": "ntg-sa.com"
},
{
"category": "Network activity",
"comment": "Legitimate domain",
"deleted": false,
"disable_correlation": false,
"object_relation": "domain",
"timestamp": "1582700226",
"to_ids": false,
"type": "domain",
"uuid": "5e3187c7-8cf0-4571-b695-1c2f950d210f",
"value": "ntg.com.sa"
}
]
},
{
"comment": "Associated organization : ITWorx, an Egyptian information technology services firm",
"deleted": false,
"description": "A domain and IP address seen as a tuple in a specific time frame.",
"meta-category": "network",
"name": "domain-ip",
"template_uuid": "43b3b146-77eb-4931-b4cc-b66c60f28734",
"template_version": "6",
"timestamp": "1582700218",
"uuid": "5e318cb9-f1ac-4eac-a1b6-aea2950d210f",
"Attribute": [
{
"category": "Network activity",
"comment": "",
"deleted": false,
"disable_correlation": false,
"object_relation": "ip",
"timestamp": "1580305594",
"to_ids": true,
"type": "ip-dst",
"uuid": "5e318cba-d264-40c8-abf6-aea2950d210f",
"value": "45.32.186.33"
},
{
"category": "Network activity",
"comment": "Spoofed domain",
"deleted": false,
"disable_correlation": false,
"object_relation": "domain",
"timestamp": "1580305599",
"to_ids": true,
"type": "domain",
"uuid": "5e318cbf-203c-4241-b4fa-aea2950d210f",
"value": "itworx.com-ho.me"
},
{
"category": "Network activity",
"comment": "Legitimate domain",
"deleted": false,
"disable_correlation": false,
"object_relation": "domain",
"timestamp": "1582700218",
"to_ids": false,
"type": "domain",
"uuid": "5e318cc6-25a8-49a8-a30c-aea2950d210f",
"value": "itworx.com"
}
]
},
{
"comment": "Associated organization : Saudi Ministry of Commerce",
"deleted": false,
"description": "A domain and IP address seen as a tuple in a specific time frame.",
"meta-category": "network",
"name": "domain-ip",
"template_uuid": "43b3b146-77eb-4931-b4cc-b66c60f28734",
"template_version": "6",
"timestamp": "1582700212",
"uuid": "5e318e40-4368-4040-bf75-4888950d210f",
"Attribute": [
{
"category": "Network activity",
"comment": "",
"deleted": false,
"disable_correlation": false,
"object_relation": "ip",
"timestamp": "1580305984",
"to_ids": true,
"type": "ip-dst",
"uuid": "5e318e40-a670-4cea-b42d-4720950d210f",
"value": "45.32.186.33"
},
{
"category": "Network activity",
"comment": "Spoofed domain",
"deleted": false,
"disable_correlation": false,
"object_relation": "domain",
"timestamp": "1580305989",
"to_ids": true,
"type": "domain",
"uuid": "5e318e45-9494-4eeb-8166-4333950d210f",
"value": "mci.com-ho.me"
},
{
"category": "Network activity",
"comment": "Legitimate domain",
"deleted": false,
"disable_correlation": false,
"object_relation": "domain",
"timestamp": "1582700212",
"to_ids": false,
"type": "domain",
"uuid": "5e318e4c-4980-489d-ab08-4dd0950d210f",
"value": "mci.gov.sa"
}
]
},
{
"comment": "Associated organization : Saudi Ministry of Health",
"deleted": false,
"description": "A domain and IP address seen as a tuple in a specific time frame.",
"meta-category": "network",
"name": "domain-ip",
"template_uuid": "43b3b146-77eb-4931-b4cc-b66c60f28734",
"template_version": "6",
"timestamp": "1582700205",
"uuid": "5e318ece-eb38-430b-9235-2768950d210f",
"Attribute": [
{
"category": "Network activity",
"comment": "",
"deleted": false,
"disable_correlation": false,
"object_relation": "ip",
"timestamp": "1580306126",
"to_ids": true,
"type": "ip-dst",
"uuid": "5e318ece-2d9c-4277-9448-2768950d210f",
"value": "45.32.186.33"
},
{
"category": "Network activity",
"comment": "Spoofed domain",
"deleted": false,
"disable_correlation": false,
"object_relation": "domain",
"timestamp": "1580306129",
"to_ids": true,
"type": "domain",
"uuid": "5e318ed1-4c04-4b94-b13a-2768950d210f",
"value": "moh.com-ho.me"
},
{
"category": "Network activity",
"comment": "Legitimate domain",
"deleted": false,
"disable_correlation": false,
"object_relation": "domain",
"timestamp": "1582700205",
"to_ids": false,
"type": "domain",
"uuid": "5e318ed1-bbb8-47a1-879d-2768950d210f",
"value": "moh.gov.sa"
}
]
},
{
"comment": "Associated organization : Saudi Ministry of Labor",
"deleted": false,
"description": "A domain and IP address seen as a tuple in a specific time frame.",
"meta-category": "network",
"name": "domain-ip",
"template_uuid": "43b3b146-77eb-4931-b4cc-b66c60f28734",
"template_version": "6",
"timestamp": "1582700199",
"uuid": "5e3190e6-cdc4-4ef3-8ee6-d77d950d210f",
"Attribute": [
{
"category": "Network activity",
"comment": "",
"deleted": false,
"disable_correlation": false,
"object_relation": "ip",
"timestamp": "1580306662",
"to_ids": true,
"type": "ip-dst",
"uuid": "5e3190e6-dd1c-4a11-b857-d77d950d210f",
"value": "45.32.186.33"
},
{
"category": "Network activity",
"comment": "Spoofed domain",
"deleted": false,
"disable_correlation": false,
"object_relation": "domain",
"timestamp": "1580306666",
"to_ids": true,
"type": "domain",
"uuid": "5e3190ea-fc30-49b2-889e-d77d950d210f",
"value": "mol.com-ho.me"
},
{
"category": "Network activity",
"comment": "Legitimate domain",
"deleted": false,
"disable_correlation": false,
"object_relation": "domain",
"timestamp": "1582700199",
"to_ids": false,
"type": "domain",
"uuid": "5e3190ea-5944-41c7-8f49-d77d950d210f",
"value": "mol.gov.sa"
}
]
},
{
"comment": "Ministry of Health lure (Health_insurance_registration.doc) delivering PupyRAT",
"deleted": false,
"description": "File object describing a file with meta-information",
"meta-category": "file",
"name": "file",
"template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215",
"template_version": "19",
"timestamp": "1582281744",
"uuid": "5e3193d9-9110-4de4-85c0-4844950d210f",
"ObjectReference": [
{
"comment": "",
"object_uuid": "5e3193d9-9110-4de4-85c0-4844950d210f",
"referenced_uuid": "83aabfa5-efd1-401e-a84d-75ab6ab670f0",
"relationship_type": "analysed-with",
"timestamp": "1582281781",
"uuid": "5e4fb435-87a8-44ee-be84-47ad950d210f"
}
],
"Attribute": [
{
"category": "Payload delivery",
"comment": "",
"deleted": false,
"disable_correlation": false,
"object_relation": "md5",
"timestamp": "1580307940",
"to_ids": true,
"type": "md5",
"uuid": "5e3193d9-3274-4039-a156-4844950d210f",
"value": "1b5e33e5a244d2d67d7a09c4ccf16e56"
},
{
"category": "Payload delivery",
"comment": "",
"deleted": false,
"disable_correlation": false,
"object_relation": "sha256",
"timestamp": "1580307946",
"to_ids": true,
"type": "sha256",
"uuid": "5e3195ea-0514-4401-bdd1-f1bd950d210f",
"value": "66d24a529308d8ab7b27ddd43a6c2db84107b831257efb664044ec4437f9487b"
},
{
"category": "Payload delivery",
"comment": "",
"deleted": false,
"disable_correlation": false,
"object_relation": "sha1",
"timestamp": "1580307953",
"to_ids": true,
"type": "sha1",
"uuid": "5e3195f1-0a2c-4fdc-ae3b-f1bd950d210f",
"value": "934c51ff1ea00af2cb3b8465f0a3effcf759d866"
}
]
},
{
"comment": "PupyRAT (pupyx86.dll) ",
"deleted": false,
"description": "File object describing a file with meta-information",
"meta-category": "file",
"name": "file",
"template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215",
"template_version": "19",
"timestamp": "1582281745",
"uuid": "5e319643-2f90-4bf1-89f5-7f0b950d210f",
"ObjectReference": [
{
"comment": "",
"object_uuid": "5e319643-2f90-4bf1-89f5-7f0b950d210f",
"referenced_uuid": "e5e73bc0-efa0-484e-8086-0f3137f470e3",
"relationship_type": "analysed-with",
"timestamp": "1582281781",
"uuid": "5e4fb435-7134-495c-86d1-48c9950d210f"
}
],
"Attribute": [
{
"category": "Payload delivery",
"comment": "",
"deleted": false,
"disable_correlation": false,
"object_relation": "md5",
"timestamp": "1580308035",
"to_ids": true,
"type": "md5",
"uuid": "5e319643-9e1c-4e62-9e51-7f0b950d210f",
"value": "97cb7dc1395918c2f3018c109ab4ea5b"
},
{
"category": "Payload delivery",
"comment": "",
"deleted": false,
"disable_correlation": true,
"object_relation": "filename",
"timestamp": "1580308040",
"to_ids": true,
"type": "filename",
"uuid": "5e319648-0760-46c7-8fe5-7f0b950d210f",
"value": "pupyx86.dll"
},
{
"category": "Payload delivery",
"comment": "",
"deleted": false,
"disable_correlation": false,
"object_relation": "sha256",
"timestamp": "1580308046",
"to_ids": true,
"type": "sha256",
"uuid": "5e31964e-11c4-45ad-9f8e-7f0b950d210f",
"value": "8d89f53b0a6558d6bb9cdbc9f218ef699f3c87dd06bc03dd042290dedc18cb71"
},
{
"category": "Payload delivery",
"comment": "",
"deleted": false,
"disable_correlation": false,
"object_relation": "sha1",
"timestamp": "1580308052",
"to_ids": true,
"type": "sha1",
"uuid": "5e319654-88e0-452c-a212-7f0b950d210f",
"value": "3215021976b933ff76ce3436e828286e124e2527"
}
]
},
{
"comment": "Password-themed lure (Password_Policy.xlsm) delivering PupyRAT",
"deleted": false,
"description": "File object describing a file with meta-information",
"meta-category": "file",
"name": "file",
"template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215",
"template_version": "19",
"timestamp": "1582281745",
"uuid": "5e31969e-8ca8-462e-b114-7f1d950d210f",
"ObjectReference": [
{
"comment": "",
"object_uuid": "5e31969e-8ca8-462e-b114-7f1d950d210f",
"referenced_uuid": "87cbd279-31f6-474e-92b7-6f1ca9c322c8",
"relationship_type": "analysed-with",
"timestamp": "1582281781",
"uuid": "5e4fb435-9e64-4abc-bfa3-47cb950d210f"
}
],
"Attribute": [
{
"category": "Payload delivery",
"comment": "",
"deleted": false,
"disable_correlation": false,
"object_relation": "md5",
"timestamp": "1580308127",
"to_ids": true,
"type": "md5",
"uuid": "5e31969f-ad9c-4559-aacc-7f1d950d210f",
"value": "03ea9457bf71d51d8109e737158be888"
},
{
"category": "Payload delivery",
"comment": "",
"deleted": false,
"disable_correlation": true,
"object_relation": "filename",
"timestamp": "1580308129",
"to_ids": true,
"type": "filename",
"uuid": "5e3196a1-b288-42bc-9736-7f1d950d210f",
"value": "Password_Policy.xlsm"
},
{
"category": "Payload delivery",
"comment": "",
"deleted": false,
"disable_correlation": false,
"object_relation": "sha256",
"timestamp": "1580308135",
"to_ids": true,
"type": "sha256",
"uuid": "5e3196a7-e080-40c1-b384-7f1d950d210f",
"value": "6c195ea18c05bbf091f09873ed9cd533ec7c8de7a831b85690e48290b579634b"
},
{
"category": "Payload delivery",
"comment": "",
"deleted": false,
"disable_correlation": false,
"object_relation": "sha1",
"timestamp": "1580308141",
"to_ids": true,
"type": "sha1",
"uuid": "5e3196ad-cd84-477f-9fa2-7f1d950d210f",
"value": "d20168c523058c7a82f6d79ef63ea546c794e57b"
}
]
},
{
"comment": "Job-themed Word document lure (qhtma) delivering PupyRAT",
"deleted": false,
"description": "File object describing a file with meta-information",
"meta-category": "file",
"name": "file",
"template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215",
"template_version": "19",
"timestamp": "1582281745",
"uuid": "5e3196dc-2b94-4648-97b0-d77c950d210f",
"ObjectReference": [
{
"comment": "",
"object_uuid": "5e3196dc-2b94-4648-97b0-d77c950d210f",
"referenced_uuid": "959f1fb7-4ad0-4407-82e1-0aa582296285",
"relationship_type": "analysed-with",
"timestamp": "1582281781",
"uuid": "5e4fb435-994c-4636-a70b-44d0950d210f"
}
],
"Attribute": [
{
"category": "Payload delivery",
"comment": "",
"deleted": false,
"disable_correlation": false,
"object_relation": "md5",
"timestamp": "1580308188",
"to_ids": true,
"type": "md5",
"uuid": "5e3196dc-6c14-4b40-a522-d77c950d210f",
"value": "43fad2d62bc23ffdc6d301571135222c"
},
{
"category": "Payload delivery",
"comment": "",
"deleted": false,
"disable_correlation": false,
"object_relation": "sha256",
"timestamp": "1580308191",
"to_ids": true,
"type": "sha256",
"uuid": "5e3196df-53e4-46e6-8a69-d77c950d210f",
"value": "e5b643cb6ec30d0d0b458e3f2800609f260a5f15c4ac66faf4ebf384f7976df6"
},
{
"category": "Payload delivery",
"comment": "",
"deleted": false,
"disable_correlation": false,
"object_relation": "sha1",
"timestamp": "1580308197",
"to_ids": true,
"type": "sha1",
"uuid": "5e3196e5-a51c-40f7-af2a-d77c950d210f",
"value": "735f5d7ef0c5129f0574bec3cf3d6b06b052744a"
}
]
},
{
"comment": "",
"deleted": false,
"description": "VirusTotal report",
"meta-category": "misc",
"name": "virustotal-report",
"template_uuid": "d7dd0154-e04f-4c34-a2fb-79f3a3a52aa4",
"template_version": "2",
"timestamp": "1582281745",
"uuid": "e5e73bc0-efa0-484e-8086-0f3137f470e3",
"Attribute": [
{
"category": "Other",
"comment": "",
"deleted": false,
"disable_correlation": false,
"object_relation": "last-submission",
"timestamp": "1580308046",
"to_ids": false,
"type": "datetime",
"uuid": "4efc3fca-4e47-41d4-9c53-6855fa268695",
"value": "2019-10-06T12:32:49+00:00"
},
{
"category": "Payload delivery",
"comment": "",
"deleted": false,
"disable_correlation": false,
"object_relation": "permalink",
"timestamp": "1580308046",
"to_ids": false,
"type": "link",
"uuid": "1c2fbc9e-ec53-4563-a2fa-cbc5382a3f1e",
"value": "https://www.virustotal.com/file/8d89f53b0a6558d6bb9cdbc9f218ef699f3c87dd06bc03dd042290dedc18cb71/analysis/1570365169/"
},
{
"category": "Payload delivery",
"comment": "",
"deleted": false,
"disable_correlation": true,
"object_relation": "detection-ratio",
"timestamp": "1580308046",
"to_ids": false,
"type": "text",
"uuid": "2c9d6d4a-d21b-483d-8e06-5a477d379ecd",
"value": "48/68"
}
]
},
{
"comment": "",
"deleted": false,
"description": "VirusTotal report",
"meta-category": "misc",
"name": "virustotal-report",
"template_uuid": "d7dd0154-e04f-4c34-a2fb-79f3a3a52aa4",
"template_version": "2",
"timestamp": "1582281768",
"uuid": "83aabfa5-efd1-401e-a84d-75ab6ab670f0",
"Attribute": [
{
"category": "Other",
"comment": "",
"deleted": false,
"disable_correlation": false,
"object_relation": "last-submission",
"timestamp": "1580307946",
"to_ids": false,
"type": "datetime",
"uuid": "bb7e0f82-e140-4983-81f3-1f50292b574a",
"value": "2020-01-27T06:52:25+00:00"
},
{
"category": "Payload delivery",
"comment": "",
"deleted": false,
"disable_correlation": false,
"object_relation": "permalink",
"timestamp": "1580307946",
"to_ids": false,
"type": "link",
"uuid": "8c5c9af9-34a4-4495-b646-c40794eec2e9",
"value": "https://www.virustotal.com/file/66d24a529308d8ab7b27ddd43a6c2db84107b831257efb664044ec4437f9487b/analysis/1580107945/"
},
{
"category": "Payload delivery",
"comment": "",
"deleted": false,
"disable_correlation": true,
"object_relation": "detection-ratio",
"timestamp": "1580307946",
"to_ids": false,
"type": "text",
"uuid": "920edadd-fc71-4b17-8faa-66e75327811d",
"value": "42/61"
}
]
},
{
"comment": "",
"deleted": false,
"description": "VirusTotal report",
"meta-category": "misc",
"name": "virustotal-report",
"template_uuid": "d7dd0154-e04f-4c34-a2fb-79f3a3a52aa4",
"template_version": "2",
"timestamp": "1582281781",
"uuid": "87cbd279-31f6-474e-92b7-6f1ca9c322c8",
"Attribute": [
{
"category": "Other",
"comment": "",
"deleted": false,
"disable_correlation": false,
"object_relation": "last-submission",
"timestamp": "1580308135",
"to_ids": false,
"type": "datetime",
"uuid": "20e4a0ed-3bd1-4690-a439-eada2cb6a90a",
"value": "2020-01-16T14:24:18+00:00"
},
{
"category": "Payload delivery",
"comment": "",
"deleted": false,
"disable_correlation": false,
"object_relation": "permalink",
"timestamp": "1580308135",
"to_ids": false,
"type": "link",
"uuid": "8eb1988e-1d7e-4c00-8988-fbccd32e52ef",
"value": "https://www.virustotal.com/file/6c195ea18c05bbf091f09873ed9cd533ec7c8de7a831b85690e48290b579634b/analysis/1579184658/"
},
{
"category": "Payload delivery",
"comment": "",
"deleted": false,
"disable_correlation": true,
"object_relation": "detection-ratio",
"timestamp": "1580308135",
"to_ids": false,
"type": "text",
"uuid": "3f0c1ac0-fb20-4ecd-922a-cf23a82fd177",
"value": "40/60"
}
]
},
{
"comment": "",
"deleted": false,
"description": "VirusTotal report",
"meta-category": "misc",
"name": "virustotal-report",
"template_uuid": "d7dd0154-e04f-4c34-a2fb-79f3a3a52aa4",
"template_version": "2",
"timestamp": "1582281781",
"uuid": "959f1fb7-4ad0-4407-82e1-0aa582296285",
"Attribute": [
{
"category": "Other",
"comment": "",
"deleted": false,
"disable_correlation": false,
"object_relation": "last-submission",
"timestamp": "1580308191",
"to_ids": false,
"type": "datetime",
"uuid": "53ff6fff-365d-4afa-94dd-bac37560dba3",
"value": "2020-01-15T20:35:20+00:00"
},
{
"category": "Payload delivery",
"comment": "",
"deleted": false,
"disable_correlation": false,
"object_relation": "permalink",
"timestamp": "1580308191",
"to_ids": false,
"type": "link",
"uuid": "8148d76e-ac8e-4380-b1bb-0d233f81375c",
"value": "https://www.virustotal.com/file/e5b643cb6ec30d0d0b458e3f2800609f260a5f15c4ac66faf4ebf384f7976df6/analysis/1579120520/"
},
{
"category": "Payload delivery",
"comment": "",
"deleted": false,
"disable_correlation": true,
"object_relation": "detection-ratio",
"timestamp": "1580308191",
"to_ids": false,
"type": "text",
"uuid": "4eb9669c-778b-42fc-a507-99bbd567195d",
"value": "42/59"
}
]
}
]
}
}