2023-04-21 13:25:09 +00:00
{
"Event" : {
"analysis" : "2" ,
"date" : "2020-09-22" ,
"extends_uuid" : "" ,
"info" : "Linux/CDRThief\u2009\u2014\u2009Indicators of Compromise - Who is calling? CDRThief targets Linux VoIP softswitches" ,
"publish_timestamp" : "1600777404" ,
"published" : true ,
"threat_level_id" : "2" ,
"timestamp" : "1600777302" ,
"uuid" : "355c00b3-a85f-4a6c-850f-95bc7357abd1" ,
"Orgc" : {
"name" : "CIRCL" ,
"uuid" : "55f6ea5e-2c60-40e5-964f-47a8950d210f"
} ,
"Tag" : [
{
"colour" : "#004646" ,
2023-05-19 09:05:37 +00:00
"local" : "0" ,
"name" : "type:OSINT" ,
"relationship_type" : ""
2023-04-21 13:25:09 +00:00
} ,
{
"colour" : "#0071c3" ,
2023-05-19 09:05:37 +00:00
"local" : "0" ,
"name" : "osint:lifetime=\"perpetual\"" ,
"relationship_type" : ""
2023-04-21 13:25:09 +00:00
} ,
{
"colour" : "#0087e8" ,
2023-05-19 09:05:37 +00:00
"local" : "0" ,
"name" : "osint:certainty=\"50\"" ,
"relationship_type" : ""
2023-04-21 13:25:09 +00:00
} ,
{
"colour" : "#ffffff" ,
2023-05-19 09:05:37 +00:00
"local" : "0" ,
"name" : "tlp:white" ,
"relationship_type" : ""
2023-04-21 13:25:09 +00:00
}
] ,
"Attribute" : [
{
"category" : "Payload delivery" ,
"comment" : "" ,
"deleted" : false ,
"disable_correlation" : false ,
"timestamp" : "1600776924" ,
"to_ids" : true ,
"type" : "sha1" ,
"uuid" : "50cd9c70-16e3-4d80-a63f-6a8cccc82068" ,
"value" : "cc373d633a16817f7d21372c56955923c9dda825"
} ,
{
"category" : "Payload delivery" ,
"comment" : "(UPX packed)" ,
"deleted" : false ,
"disable_correlation" : false ,
"timestamp" : "1600776924" ,
"to_ids" : true ,
"type" : "sha1" ,
"uuid" : "3e5b904b-5895-4b38-a3fe-3f1c45556e2d" ,
"value" : "8e2624da4d209abd3364d90f7bc08230f84510db"
} ,
{
"category" : "Payload delivery" ,
"comment" : "" ,
"deleted" : false ,
"disable_correlation" : false ,
"timestamp" : "1600776924" ,
"to_ids" : true ,
"type" : "sha1" ,
"uuid" : "0e0e63a2-2df9-48bf-a051-033dc07e1c28" ,
"value" : "fc7ccabb239ad6fd22472e5b7bb6a5773b7a3dac"
} ,
{
"category" : "Payload delivery" ,
"comment" : "(Corrupted)" ,
"deleted" : false ,
"disable_correlation" : false ,
"timestamp" : "1600776924" ,
"to_ids" : true ,
"type" : "sha1" ,
"uuid" : "4bc87d38-3261-47a3-8aed-2f4e6d6a90b9" ,
"value" : "8532e858eb24ae38632091d2d790a1299b7bbc87"
} ,
{
"category" : "External analysis" ,
"comment" : "" ,
"deleted" : false ,
"disable_correlation" : false ,
"timestamp" : "1600776944" ,
"to_ids" : false ,
"type" : "link" ,
"uuid" : "d0bc874d-f910-42af-8487-49d59744ac09" ,
"value" : "https://github.com/eset/malware-ioc/tree/master/cdrthief"
} ,
{
"category" : "Network activity" ,
"comment" : "C&C servers" ,
"deleted" : false ,
"disable_correlation" : false ,
"timestamp" : "1600776964" ,
"to_ids" : true ,
"type" : "ip-dst" ,
"uuid" : "e709726a-d154-43ef-86c7-18eb24a81774" ,
"value" : "119.29.173.65"
} ,
{
"category" : "Network activity" ,
"comment" : "C&C servers" ,
"deleted" : false ,
"disable_correlation" : false ,
"timestamp" : "1600776964" ,
"to_ids" : true ,
"type" : "ip-dst" ,
"uuid" : "7bba10cd-0db9-4236-8351-3e592852b524" ,
"value" : "129.211.157.244"
} ,
{
"category" : "Network activity" ,
"comment" : "C&C servers" ,
"deleted" : false ,
"disable_correlation" : false ,
"timestamp" : "1600776964" ,
"to_ids" : true ,
"type" : "ip-dst" ,
"uuid" : "23f961d6-6059-47a4-854e-9122fe8ad07e" ,
"value" : "129.226.134.180"
} ,
{
"category" : "Network activity" ,
"comment" : "C&C servers" ,
"deleted" : false ,
"disable_correlation" : false ,
"timestamp" : "1600776964" ,
"to_ids" : true ,
"type" : "ip-dst" ,
"uuid" : "509ee329-28fd-433e-866e-8756879ee048" ,
"value" : "150.109.79.136"
} ,
{
"category" : "Network activity" ,
"comment" : "C&C servers" ,
"deleted" : false ,
"disable_correlation" : false ,
"timestamp" : "1600776964" ,
"to_ids" : true ,
"type" : "ip-dst" ,
"uuid" : "19c40342-9c51-4d22-863a-aa043f160819" ,
"value" : "34.94.199.142"
} ,
{
"category" : "Network activity" ,
"comment" : "C&C servers" ,
"deleted" : false ,
"disable_correlation" : false ,
"timestamp" : "1600776964" ,
"to_ids" : true ,
"type" : "ip-dst" ,
"uuid" : "3f66f469-98f7-40d5-b7a8-f8107c5f494a" ,
"value" : "35.236.173.187"
} ,
{
"category" : "Artifacts dropped" ,
"comment" : "" ,
"deleted" : false ,
"disable_correlation" : false ,
"timestamp" : "1600777017" ,
"to_ids" : true ,
"type" : "mutex" ,
"uuid" : "bc967985-2f6a-4ddd-bdf2-65742ffc89c6" ,
"value" : "/dev/shm/.bin"
} ,
{
"category" : "Artifacts dropped" ,
"comment" : "" ,
"deleted" : false ,
"disable_correlation" : false ,
"timestamp" : "1600777017" ,
"to_ids" : true ,
"type" : "mutex" ,
"uuid" : "a753b1c5-18cd-4f49-903a-dbec8618f0c6" ,
"value" : "/dev/shm/.linux"
} ,
{
"category" : "Artifacts dropped" ,
"comment" : "" ,
"deleted" : false ,
"disable_correlation" : false ,
"timestamp" : "1600777050" ,
"to_ids" : true ,
"type" : "filename" ,
"uuid" : "d4470b8f-b772-415b-a89a-b22c25431d9f" ,
"value" : "/dev/shm/callservice"
} ,
{
"category" : "Artifacts dropped" ,
"comment" : "" ,
"deleted" : false ,
"disable_correlation" : false ,
"timestamp" : "1600777050" ,
"to_ids" : true ,
"type" : "filename" ,
"uuid" : "aeb2152e-d589-4dce-8691-2eb1b25b0430" ,
"value" : "/dev/shm/sys.png"
} ,
{
"category" : "External analysis" ,
"comment" : "" ,
"deleted" : false ,
"disable_correlation" : false ,
"timestamp" : "1600777285" ,
"to_ids" : false ,
"type" : "link" ,
"uuid" : "b520b0c5-ba26-4f60-8ad4-77a9dd37987e" ,
"value" : "https://www.welivesecurity.com/2020/09/10/who-callin-cdrthief-linux-voip-softswitches/"
}
] ,
"Object" : [
{
"comment" : "" ,
"deleted" : false ,
"description" : "Cryptographic materials such as public or/and private keys." ,
"meta-category" : "misc" ,
"name" : "crypto-material" ,
"template_uuid" : "50677f82-ec9c-4484-bb29-2519cfe56823" ,
"template_version" : "3" ,
"timestamp" : "1600777150" ,
"uuid" : "88331ce0-09ff-4c8a-93c5-3e27fc8e287c" ,
"Attribute" : [
{
"category" : "Other" ,
"comment" : "" ,
"deleted" : false ,
"disable_correlation" : true ,
"object_relation" : "text" ,
"timestamp" : "1600777150" ,
"to_ids" : false ,
"type" : "text" ,
"uuid" : "d54175fd-fa8c-4446-8b2c-548791780397" ,
"value" : "-----BEGIN PUBLIC KEY-----\r\nMIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCQ3k3GgS3FX4pI7s9x0krBYqbMcSaw4BPY91Ln\r\ntt5/X8s9l0BC6PUTbQcUzs6PPXhKKTx8ph5CYQqdWynxOLJah0FMMRYxS8d0HX+Qx9eWUeKRHm2E\r\nAtZQjdHxqTJ9EBpHYWV4RrWmeoOsWAOisvedlb23O0E55e8rrGGrZLhPbwIDAQAB\r\n-----END PUBLIC KEY-----"
} ,
{
"category" : "Other" ,
"comment" : "" ,
"deleted" : false ,
"disable_correlation" : true ,
"object_relation" : "type" ,
"timestamp" : "1600777150" ,
"to_ids" : false ,
"type" : "text" ,
"uuid" : "a31298ce-323c-49c0-84d7-2662b873a082" ,
"value" : "RSA"
} ,
{
"category" : "Other" ,
"comment" : "" ,
"deleted" : false ,
"disable_correlation" : true ,
"object_relation" : "origin" ,
"timestamp" : "1600777150" ,
"to_ids" : false ,
"type" : "text" ,
"uuid" : "82b73e68-5afe-4e5c-9c52-38242f13c139" ,
"value" : "malware-extraction"
}
]
} ,
{
"comment" : "" ,
"deleted" : false ,
"description" : "File object describing a file with meta-information" ,
"meta-category" : "file" ,
"name" : "file" ,
"template_uuid" : "688c46fb-5edb-40a3-8273-1af7923e2215" ,
"template_version" : "22" ,
"timestamp" : "1600777229" ,
"uuid" : "f782bda7-4bcb-4ad0-8c2f-2c5f18863652" ,
"ObjectReference" : [
{
"comment" : "" ,
"object_uuid" : "f782bda7-4bcb-4ad0-8c2f-2c5f18863652" ,
"referenced_uuid" : "b53bd1ed-b1e6-46ac-b34d-3bbe67107eae" ,
"relationship_type" : "analysed-with" ,
"timestamp" : "0" ,
"uuid" : "19706308-ed9f-45ca-9305-06f9909d3aae"
}
] ,
"Attribute" : [
{
"category" : "Payload delivery" ,
"comment" : "" ,
"deleted" : false ,
"disable_correlation" : false ,
"object_relation" : "md5" ,
"timestamp" : "1600776924" ,
"to_ids" : true ,
"type" : "md5" ,
"uuid" : "0ee7a052-49d6-4205-866a-782b0ddb02cf" ,
"value" : "7124c56ab6d8133e2ed2042fb8c2248e"
} ,
{
"category" : "Payload delivery" ,
"comment" : "" ,
"deleted" : false ,
"disable_correlation" : false ,
"object_relation" : "sha1" ,
"timestamp" : "1600776924" ,
"to_ids" : true ,
"type" : "sha1" ,
"uuid" : "1bda1df0-b538-4edc-82fc-b74ac1d7ea10" ,
"value" : "cc373d633a16817f7d21372c56955923c9dda825"
} ,
{
"category" : "Payload delivery" ,
"comment" : "" ,
"deleted" : false ,
"disable_correlation" : false ,
"object_relation" : "sha256" ,
"timestamp" : "1600776924" ,
"to_ids" : true ,
"type" : "sha256" ,
"uuid" : "fe33304f-2e77-4b26-be57-c592b9adc0b5" ,
"value" : "665acb48f9ad6317806231e52e5d3d05e91a93b20f40771a55e634192e8b094b"
}
]
} ,
{
"comment" : "" ,
"deleted" : false ,
"description" : "VirusTotal report" ,
"meta-category" : "misc" ,
"name" : "virustotal-report" ,
"template_uuid" : "d7dd0154-e04f-4c34-a2fb-79f3a3a52aa4" ,
"template_version" : "3" ,
"timestamp" : "1600777229" ,
"uuid" : "b53bd1ed-b1e6-46ac-b34d-3bbe67107eae" ,
"Attribute" : [
{
"category" : "Other" ,
"comment" : "" ,
"deleted" : false ,
"disable_correlation" : false ,
"object_relation" : "last-submission" ,
"timestamp" : "1600776924" ,
"to_ids" : false ,
"type" : "datetime" ,
"uuid" : "9a8f52cd-f16e-49e5-a1ed-d019bbbd082d" ,
"value" : "2020-09-22T10:56:34+00:00"
} ,
{
"category" : "Payload delivery" ,
"comment" : "" ,
"deleted" : false ,
"disable_correlation" : false ,
"object_relation" : "permalink" ,
"timestamp" : "1600776924" ,
"to_ids" : false ,
"type" : "link" ,
"uuid" : "1fa1ca4e-2145-4caf-8ab8-4ad2c1052100" ,
"value" : "https://www.virustotal.com/gui/file/665acb48f9ad6317806231e52e5d3d05e91a93b20f40771a55e634192e8b094b/detection/f-665acb48f9ad6317806231e52e5d3d05e91a93b20f40771a55e634192e8b094b-1600772194"
} ,
{
"category" : "Payload delivery" ,
"comment" : "" ,
"deleted" : false ,
"disable_correlation" : true ,
"object_relation" : "detection-ratio" ,
"timestamp" : "1600776924" ,
"to_ids" : false ,
"type" : "text" ,
"uuid" : "80c0cf1c-41e3-4ffa-9e48-374af830eaa4" ,
"value" : "32/62"
}
]
} ,
{
"comment" : "" ,
"deleted" : false ,
"description" : "File object describing a file with meta-information" ,
"meta-category" : "file" ,
"name" : "file" ,
"template_uuid" : "688c46fb-5edb-40a3-8273-1af7923e2215" ,
"template_version" : "22" ,
"timestamp" : "1600777229" ,
"uuid" : "0bc9fcae-fc75-4910-a8c0-61949bd76bb9" ,
"ObjectReference" : [
{
"comment" : "" ,
"object_uuid" : "0bc9fcae-fc75-4910-a8c0-61949bd76bb9" ,
"referenced_uuid" : "32b7a65f-d4d2-4920-a244-29c98222f6ff" ,
"relationship_type" : "analysed-with" ,
"timestamp" : "0" ,
"uuid" : "b7911131-0ca9-4280-abc7-50b3b96e3df7"
}
] ,
"Attribute" : [
{
"category" : "Payload delivery" ,
"comment" : "(UPX packed)" ,
"deleted" : false ,
"disable_correlation" : false ,
"object_relation" : "md5" ,
"timestamp" : "1600776924" ,
"to_ids" : true ,
"type" : "md5" ,
"uuid" : "5018b10d-8d9b-441d-9244-d661dbd7f8e2" ,
"value" : "926c77d3d9fdad7217a9b49bdf033336"
} ,
{
"category" : "Payload delivery" ,
"comment" : "(UPX packed)" ,
"deleted" : false ,
"disable_correlation" : false ,
"object_relation" : "sha1" ,
"timestamp" : "1600776924" ,
"to_ids" : true ,
"type" : "sha1" ,
"uuid" : "24c30340-027f-4955-987e-ce791629e33a" ,
"value" : "8e2624da4d209abd3364d90f7bc08230f84510db"
} ,
{
"category" : "Payload delivery" ,
"comment" : "(UPX packed)" ,
"deleted" : false ,
"disable_correlation" : false ,
"object_relation" : "sha256" ,
"timestamp" : "1600776924" ,
"to_ids" : true ,
"type" : "sha256" ,
"uuid" : "671df934-b704-4ed9-9277-57f0f0bcfb58" ,
"value" : "ffe88d3012c15a680a506f0382264ea763ff2d426bf4ad3caf03111d47d9a80c"
}
]
} ,
{
"comment" : "" ,
"deleted" : false ,
"description" : "VirusTotal report" ,
"meta-category" : "misc" ,
"name" : "virustotal-report" ,
"template_uuid" : "d7dd0154-e04f-4c34-a2fb-79f3a3a52aa4" ,
"template_version" : "3" ,
"timestamp" : "1600777229" ,
"uuid" : "32b7a65f-d4d2-4920-a244-29c98222f6ff" ,
"Attribute" : [
{
"category" : "Other" ,
"comment" : "(UPX packed)" ,
"deleted" : false ,
"disable_correlation" : false ,
"object_relation" : "last-submission" ,
"timestamp" : "1600776924" ,
"to_ids" : false ,
"type" : "datetime" ,
"uuid" : "7d174551-08ad-4371-819b-4f5ff30ea7e7" ,
"value" : "2020-09-22T10:56:43+00:00"
} ,
{
"category" : "Payload delivery" ,
"comment" : "(UPX packed)" ,
"deleted" : false ,
"disable_correlation" : false ,
"object_relation" : "permalink" ,
"timestamp" : "1600776924" ,
"to_ids" : false ,
"type" : "link" ,
"uuid" : "da28f735-72f5-4fe2-9789-adae6df6294f" ,
"value" : "https://www.virustotal.com/gui/file/ffe88d3012c15a680a506f0382264ea763ff2d426bf4ad3caf03111d47d9a80c/detection/f-ffe88d3012c15a680a506f0382264ea763ff2d426bf4ad3caf03111d47d9a80c-1600772203"
} ,
{
"category" : "Payload delivery" ,
"comment" : "(UPX packed)" ,
"deleted" : false ,
"disable_correlation" : true ,
"object_relation" : "detection-ratio" ,
"timestamp" : "1600776924" ,
"to_ids" : false ,
"type" : "text" ,
"uuid" : "83b1dbb1-0edf-4939-80d1-7a0635d14587" ,
"value" : "27/60"
}
]
} ,
{
"comment" : "" ,
"deleted" : false ,
"description" : "File object describing a file with meta-information" ,
"meta-category" : "file" ,
"name" : "file" ,
"template_uuid" : "688c46fb-5edb-40a3-8273-1af7923e2215" ,
"template_version" : "22" ,
"timestamp" : "1600777229" ,
"uuid" : "10b7197c-b557-4d29-a593-8f81e682c400" ,
"ObjectReference" : [
{
"comment" : "" ,
"object_uuid" : "10b7197c-b557-4d29-a593-8f81e682c400" ,
"referenced_uuid" : "1752315a-8a3b-4114-badf-c204312c304b" ,
"relationship_type" : "analysed-with" ,
"timestamp" : "0" ,
"uuid" : "c0bfecb2-8bac-44d2-9ebd-1d9d981ec49e"
}
] ,
"Attribute" : [
{
"category" : "Payload delivery" ,
"comment" : "(Corrupted)" ,
"deleted" : false ,
"disable_correlation" : false ,
"object_relation" : "md5" ,
"timestamp" : "1600776924" ,
"to_ids" : true ,
"type" : "md5" ,
"uuid" : "399de6c9-9da7-4b10-9131-20887e69d894" ,
"value" : "444a5116c6e2b37b33066be16f3e7e6d"
} ,
{
"category" : "Payload delivery" ,
"comment" : "(Corrupted)" ,
"deleted" : false ,
"disable_correlation" : false ,
"object_relation" : "sha1" ,
"timestamp" : "1600776924" ,
"to_ids" : true ,
"type" : "sha1" ,
"uuid" : "d353ce60-e8ba-49ee-b2bb-c9df13782143" ,
"value" : "8532e858eb24ae38632091d2d790a1299b7bbc87"
} ,
{
"category" : "Payload delivery" ,
"comment" : "(Corrupted)" ,
"deleted" : false ,
"disable_correlation" : false ,
"object_relation" : "sha256" ,
"timestamp" : "1600776924" ,
"to_ids" : true ,
"type" : "sha256" ,
"uuid" : "eba6725a-5248-45ab-b633-78b2a86d022c" ,
"value" : "af75687cb030418c3196d6535d10479bc45e4248d60d3427230381e0d09e5ca4"
}
]
} ,
{
"comment" : "" ,
"deleted" : false ,
"description" : "VirusTotal report" ,
"meta-category" : "misc" ,
"name" : "virustotal-report" ,
"template_uuid" : "d7dd0154-e04f-4c34-a2fb-79f3a3a52aa4" ,
"template_version" : "3" ,
"timestamp" : "1600777229" ,
"uuid" : "1752315a-8a3b-4114-badf-c204312c304b" ,
"Attribute" : [
{
"category" : "Other" ,
"comment" : "(Corrupted)" ,
"deleted" : false ,
"disable_correlation" : false ,
"object_relation" : "last-submission" ,
"timestamp" : "1600776924" ,
"to_ids" : false ,
"type" : "datetime" ,
"uuid" : "f1afdfdd-941e-4136-a79c-19c30e0c3301" ,
"value" : "2020-09-22T10:56:33+00:00"
} ,
{
"category" : "Payload delivery" ,
"comment" : "(Corrupted)" ,
"deleted" : false ,
"disable_correlation" : false ,
"object_relation" : "permalink" ,
"timestamp" : "1600776924" ,
"to_ids" : false ,
"type" : "link" ,
"uuid" : "46b3ca6a-2d76-4117-9317-92c3c5dd32d8" ,
"value" : "https://www.virustotal.com/gui/file/af75687cb030418c3196d6535d10479bc45e4248d60d3427230381e0d09e5ca4/detection/f-af75687cb030418c3196d6535d10479bc45e4248d60d3427230381e0d09e5ca4-1600772193"
} ,
{
"category" : "Payload delivery" ,
"comment" : "(Corrupted)" ,
"deleted" : false ,
"disable_correlation" : true ,
"object_relation" : "detection-ratio" ,
"timestamp" : "1600776924" ,
"to_ids" : false ,
"type" : "text" ,
"uuid" : "df800269-bf3b-432d-b8b3-aea329ae0be8" ,
"value" : "25/62"
}
]
} ,
{
"comment" : "" ,
"deleted" : false ,
"description" : "File object describing a file with meta-information" ,
"meta-category" : "file" ,
"name" : "file" ,
"template_uuid" : "688c46fb-5edb-40a3-8273-1af7923e2215" ,
"template_version" : "22" ,
"timestamp" : "1600777229" ,
"uuid" : "4e2be21d-c114-470c-8845-572d708cdbec" ,
"ObjectReference" : [
{
"comment" : "" ,
"object_uuid" : "4e2be21d-c114-470c-8845-572d708cdbec" ,
"referenced_uuid" : "25558597-1dd5-4fb9-99b6-53db526d0e6e" ,
"relationship_type" : "analysed-with" ,
"timestamp" : "0" ,
"uuid" : "4f36e930-b9b4-407e-ad93-bd14590f3b69"
}
] ,
"Attribute" : [
{
"category" : "Payload delivery" ,
"comment" : "" ,
"deleted" : false ,
"disable_correlation" : false ,
"object_relation" : "md5" ,
"timestamp" : "1600776924" ,
"to_ids" : true ,
"type" : "md5" ,
"uuid" : "6aa15e75-5b94-4541-a279-cdc971c44017" ,
"value" : "3339b8c4a522548b67fca732c54fa232"
} ,
{
"category" : "Payload delivery" ,
"comment" : "" ,
"deleted" : false ,
"disable_correlation" : false ,
"object_relation" : "sha1" ,
"timestamp" : "1600776924" ,
"to_ids" : true ,
"type" : "sha1" ,
"uuid" : "cc8bf8c5-00a7-42bf-85bd-1d51c108fc8f" ,
"value" : "fc7ccabb239ad6fd22472e5b7bb6a5773b7a3dac"
} ,
{
"category" : "Payload delivery" ,
"comment" : "" ,
"deleted" : false ,
"disable_correlation" : false ,
"object_relation" : "sha256" ,
"timestamp" : "1600776924" ,
"to_ids" : true ,
"type" : "sha256" ,
"uuid" : "c05acdee-d720-477a-b0f6-74acc29a3825" ,
"value" : "6b15cf51e4dff3e25b805173eef88940dbeb52b2662bd265450e6e54d5bb84d6"
}
]
} ,
{
"comment" : "" ,
"deleted" : false ,
"description" : "VirusTotal report" ,
"meta-category" : "misc" ,
"name" : "virustotal-report" ,
"template_uuid" : "d7dd0154-e04f-4c34-a2fb-79f3a3a52aa4" ,
"template_version" : "3" ,
"timestamp" : "1600777229" ,
"uuid" : "25558597-1dd5-4fb9-99b6-53db526d0e6e" ,
"Attribute" : [
{
"category" : "Other" ,
"comment" : "" ,
"deleted" : false ,
"disable_correlation" : false ,
"object_relation" : "last-submission" ,
"timestamp" : "1600776924" ,
"to_ids" : false ,
"type" : "datetime" ,
"uuid" : "baf23e87-428f-4974-8764-e4bbcd5ea9b4" ,
"value" : "2020-09-22T10:56:24+00:00"
} ,
{
"category" : "Payload delivery" ,
"comment" : "" ,
"deleted" : false ,
"disable_correlation" : false ,
"object_relation" : "permalink" ,
"timestamp" : "1600776924" ,
"to_ids" : false ,
"type" : "link" ,
"uuid" : "b397af60-d203-4dfe-bfad-d67bc45763ff" ,
"value" : "https://www.virustotal.com/gui/file/6b15cf51e4dff3e25b805173eef88940dbeb52b2662bd265450e6e54d5bb84d6/detection/f-6b15cf51e4dff3e25b805173eef88940dbeb52b2662bd265450e6e54d5bb84d6-1600772184"
} ,
{
"category" : "Payload delivery" ,
"comment" : "" ,
"deleted" : false ,
"disable_correlation" : true ,
"object_relation" : "detection-ratio" ,
"timestamp" : "1600776924" ,
"to_ids" : false ,
"type" : "text" ,
"uuid" : "f9400666-419d-444a-b2dd-bf8ea02c78e6" ,
"value" : "30/61"
}
]
}
]
}
}