2023-04-21 13:25:09 +00:00
{
"Event" : {
"analysis" : "2" ,
"date" : "2021-02-11" ,
"extends_uuid" : "" ,
"info" : "OSINT - AN ANALYSIS OF THE EGREGOR RANSOMWARE" ,
"publish_timestamp" : "1613403810" ,
"published" : true ,
"threat_level_id" : "2" ,
"timestamp" : "1613399927" ,
"uuid" : "3dd18ce2-fa55-4f0d-b88e-7d4144cb0dcb" ,
"Orgc" : {
"name" : "CIRCL" ,
"uuid" : "55f6ea5e-2c60-40e5-964f-47a8950d210f"
} ,
"Tag" : [
{
"colour" : "#0088cc" ,
2023-05-19 09:05:37 +00:00
"local" : "0" ,
"name" : "misp-galaxy:ransomware=\"Egregor\"" ,
"relationship_type" : ""
2023-04-21 13:25:09 +00:00
} ,
{
"colour" : "#004646" ,
2023-05-19 09:05:37 +00:00
"local" : "0" ,
"name" : "type:OSINT" ,
"relationship_type" : ""
2023-04-21 13:25:09 +00:00
} ,
{
"colour" : "#0071c3" ,
2023-05-19 09:05:37 +00:00
"local" : "0" ,
"name" : "osint:lifetime=\"perpetual\"" ,
"relationship_type" : ""
2023-04-21 13:25:09 +00:00
} ,
{
"colour" : "#0087e8" ,
2023-05-19 09:05:37 +00:00
"local" : "0" ,
"name" : "osint:certainty=\"50\"" ,
"relationship_type" : ""
2023-04-21 13:25:09 +00:00
} ,
{
"colour" : "#ffffff" ,
2023-05-19 09:05:37 +00:00
"local" : "0" ,
"name" : "tlp:white" ,
"relationship_type" : ""
2023-04-21 13:25:09 +00:00
} ,
{
"colour" : "#0088cc" ,
2023-05-19 09:05:37 +00:00
"local" : "0" ,
"name" : "misp-galaxy:mitre-malware=\"REvil - S0496\"" ,
"relationship_type" : ""
2023-04-21 13:25:09 +00:00
} ,
{
"colour" : "#0088cc" ,
2023-05-19 09:05:37 +00:00
"local" : "0" ,
"name" : "misp-galaxy:ransomware=\"Sodinokibi\"" ,
"relationship_type" : ""
2023-04-21 13:25:09 +00:00
} ,
{
"colour" : "#0088cc" ,
2023-05-19 09:05:37 +00:00
"local" : "0" ,
"name" : "misp-galaxy:malpedia=\"Gandcrab\"" ,
"relationship_type" : ""
2023-04-21 13:25:09 +00:00
} ,
{
"colour" : "#0088cc" ,
2023-05-19 09:05:37 +00:00
"local" : "0" ,
"name" : "misp-galaxy:ransomware=\"GandCrab\"" ,
"relationship_type" : ""
2023-04-21 13:25:09 +00:00
}
] ,
"Attribute" : [
{
"category" : "Network activity" ,
"comment" : "" ,
"deleted" : false ,
"disable_correlation" : false ,
"timestamp" : "1613063326" ,
"to_ids" : true ,
"type" : "url" ,
"uuid" : "17dc0ffa-4a2b-4d42-ba06-6aa03a3d1c90" ,
"value" : "https://aes.one/files/d/p43/r1jv9967jd1i3kik9knctlok5/35f35ecea4d8a142/"
} ,
{
"category" : "Network activity" ,
"comment" : "" ,
"deleted" : false ,
"disable_correlation" : false ,
"timestamp" : "1613063326" ,
"to_ids" : true ,
"type" : "url" ,
"uuid" : "876d3f0f-67be-460a-9698-5d4c71608542" ,
"value" : "https://aes.one/files/d/pc3/2iopi0o8coob22n8s60pn6b7ps/b6bbf78b901c1fdf/"
} ,
{
"category" : "Network activity" ,
"comment" : "" ,
"deleted" : false ,
"disable_correlation" : false ,
"timestamp" : "1613063326" ,
"to_ids" : true ,
"type" : "url" ,
"uuid" : "ce5fee99-343b-4587-b457-e2cfb4e93609" ,
"value" : "https://file.io/WmCH77xcKmbJ"
} ,
{
"category" : "Network activity" ,
"comment" : "The local IP was assigned to a Tor exit\r\nnode; which belongs to a Calyx Institute." ,
"deleted" : false ,
"disable_correlation" : false ,
"timestamp" : "1613399404" ,
"to_ids" : true ,
"type" : "ip-dst" ,
"uuid" : "a0833512-12b4-4ecc-8e8d-a3098e898712" ,
"value" : "162.247.74.74" ,
"Tag" : [
{
"colour" : "#00cc5e" ,
2023-05-19 09:05:37 +00:00
"local" : "0" ,
"name" : "tor:tor-relay-type=\"exit-relay\"" ,
"relationship_type" : ""
2023-04-21 13:25:09 +00:00
}
]
}
] ,
"Object" : [
{
"comment" : "" ,
"deleted" : false ,
"description" : "Metadata used to generate an executive level report" ,
"meta-category" : "misc" ,
"name" : "report" ,
"template_uuid" : "70a68471-df22-4e3f-aa1a-5a3be19f82df" ,
"template_version" : "2" ,
"timestamp" : "1613062958" ,
"uuid" : "b071f5ab-13d6-4ad5-a672-4cebaa5e153a" ,
"Attribute" : [
{
"category" : "External analysis" ,
"comment" : "" ,
"deleted" : false ,
"disable_correlation" : false ,
"object_relation" : "link" ,
"timestamp" : "1613062958" ,
"to_ids" : false ,
"type" : "link" ,
"uuid" : "b1e7d38b-85f9-4406-bdc8-3214b8e8d833" ,
"value" : "https://www.morphisec.com/hubfs/eBooks_and_Whitepapers/EGREGOR%20REPORT%20WEB%20FINAL.pdf"
} ,
{
"category" : "Other" ,
"comment" : "" ,
"deleted" : false ,
"disable_correlation" : false ,
"object_relation" : "summary" ,
"timestamp" : "1613062958" ,
"to_ids" : false ,
"type" : "text" ,
"uuid" : "ffe5e67e-b713-4417-8016-aaf050c56dc8" ,
"value" : "Egregor is considered to be one of the most prolific ransomware threat groups. Yet it gained this reputation in a very short time due to its uncompromising double extortion methodology.In this report, we will provide a detailed and anonymized coverage of Egregor\u2019s tactics, techniques, and procedures (TTPs) following an incident response activity that was conducted at the end of November 2020. The goal of this report is to shed light on some very different techniques for initial access, persistence, and exfiltration than what is typically reported on with respect to the Egregor group. In this report, you will not find any indication of Qbot or Cobalt Strike beacons.Though we are not going to provide an exact attribution, you will find evidence in the report that may indicate a connection to the Revil group. We will provide evidence such as upload accounts, download links, and services that can result in additional community wide research which hopefully can lead to further conclusions.We invite the research community to share additional insights that may correlate with the published IOCs."
} ,
{
"category" : "External analysis" ,
"comment" : "" ,
"data" : " J V B E R i 0 x L j c N J e L j z 9 M N C j I y M i A w I G 9 i a g 0 8 P C 9 M a W 5 l Y X J p e m V k I D E v T C A 0 O T k x N j M 4 L 0 8 g M j I 1 L 0 U g M z k 5 M z c 3 N i 9 O I D E 2 L 1 Q g N D k 4 N z A 4 M i 9 I I F s g N T Q 2 M z Y g N D c z N F 0 + P g 1 l b m R v Y m o N I C A g I C A g I A 14 c m V m D Q o y M j I g M j c x N w 0 K M D A w M D A w M D A x N i A w M D A w M C B u D Q o w M D A w M D U 5 M z c w I D A w M D A w I G 4 N C j A w M D A w N T k 1 M T U g M D A w M D A g b g 0 K M D A w M D A 1 O T U 1 M S A w M D A w M C B u D Q o w M D A w M T E w N D c 2 I D A w M D A w I G 4 N C j A w M D A x M T A 1 M j I g M D A w M D A g b g 0 K M D A w M D E x M D Y z N i A w M D A w M C B u D Q o w M D A w M T E w N j c z I D A w M D A w I G 4 N C j A w M D A x M T A 3 M T k g M D A w M D A g b g 0 K M D A w M D E x M D c 2 N S A w M D A w M C B u D Q o w M D A w M T E w O D E x I D A w M D A w I G 4 N C j A w M D A x M T A 4 N T g g M D A w M D A g b g 0 K M D A w M D E x M D k w N C A w M D A w M C B u D Q o w M D A w M T E w O T U x I D A w M D A w I G 4 N C j A w M D A x M T A 5 O T k g M D A w M D A g b g 0 K M D A w M D E x M T A 0 N i A w M D A w M C B u D Q o w M D A w M T E x M D k 0 I D A w M D A w I G 4 N C j A w M D A x M T E x N D A g M D A w M D A g b g 0 K M D A w M D E x M T E 4 N i A w M D A w M C B u D Q o w M D A w M T E x M j M z I D A w M D A w I G 4 N C j A w M D A x M T E y O D A g M D A w M D A g b g 0 K M D A w M D E x M T M y N i A w M D A w M C B u D Q o w M D A w M T E x M z c y I D A w M D A w I G 4 N C j A w M D A x M T E 0 M T g g M D A w M D A g b g 0 K M D A w M D E x M T Q 2 N i A w M D A w M C B u D Q o w M D A w M T E x N T E y I D A w M D A w I G 4 N C j A w M D A x M T E 1 N T g g M D A w M D A g b g 0 K M D A w M D E x M T Y w N C A w M D A w M C B u D Q o w M D A w M T E x N j U w I D A w M D A w I G 4 N C j A w M D A x M T E 2 O T c g M D A w M D A g b g 0 K M D A w M D E x M T c 0 N C A w M D A w M C B u D Q o w M D A w M T E x N z k w I D A w M D A w I G 4 N C j A w M D A x M T E 4 M z c g M D A w M D A g b g 0 K M D A w M D E x M T g 4 N C A w M D A w M C B u D Q o w M D A w M T E x O T M x I D A w M D A w I G 4 N C j A w M D A x M T E 5 N z g g M D A w M D A g b g 0 K M D A w M D E x M j A y N S A w M D A w M C B u D Q o w M D A w M T E y M D c y I D A w M D A w I G 4 N C j A w M D A x M T I x M T k g M D A w M D A g b g 0 K M D A w M D E x M j E 2 N i A w M D A w M C B u D Q o w M D A w M T E y M j E y I D A w M D A w I G 4 N C j A w M D A x M T I y N T k g M D A w M D A g b g 0 K M D A w M D E x M j M w N S A w M D A w M C B u D Q o w M D A w M T E y M z U y I D A w M D A w I G 4 N C j A w M D A x M T I z O T k g M D A w M D A g b g 0 K M D A w M D E x M j Q 0 N i A w M D A w M C B u D Q o w M D A w M T E y N D k z I D A w M D A w I G 4 N C j A w M D A x M T I 1 N D A g M D A w M D A g b g 0 K M D A w M D E x M j U 4 N y A w M D A w M C B u D Q o w M D A w M T E y N j M 0 I D A w M D A w I G 4 N C j A w M D A x M T I 2 O D E g M D A w M D A g b g 0 K M D A w M D E x M j c y O C A w M D A w M C B u D Q o w M D A w M T E y N z c 1 I D A w M D A w I G 4 N C j A w M D A x M T I 4 M j E g M D A w M D A g b g 0 K M D A w M D E x M j g 2 O C A w M D A w M C B u D Q o w M D A w M T E y O T E 1 I D A w M D A w I G 4 N C j A w M D A x M T I 5 N j I g M D A w M D A g b g 0 K M D A w M D E x M z A w O S A w M D A w M C B u D Q o w M D A w M T E z M D U 2 I D A w M D A w I G 4 N C j A w M D A x M T M x M D M g M D A w M D A g b g 0 K M D A w M D E x M z E 1 M C A w M D A w M C B u D Q o w M D A w M T E z M T k 3 I D A w M D A w I G 4 N C j A w M D A x M T M y N D M g M D A w M D A g b g 0 K M D A w M D E x M z I 4 O S A w M D A w M C B u D Q o w M D A w M T E z M z M 2 I D A w M D A w I G 4 N C j A w M D A x M T M z O D I g M D A w M D A g b g 0 K M D A w M D E x M z Q y O S A w M D A w M C B u D Q o w M D A w M T E z N D c 2 I D A w M D A w I G 4 N C j A w M D A x M T M 1 M j I g M D A w M D A g b g 0 K M D A w M D E x M z U 3 M C A w M D A w M C B u D Q o w M D A w M T E z N j E 4 I D A w M D A w I G 4 N C j A w M D A x M T M 2 N j Q g M D A w M D A g b g 0 K M D A w M D E x M z c x M S A w M D A w M C B u D Q o w M D A w M T E z N z U 4 I D A w M D A w I G 4 N C j A w M D A x M T M 4 M D Q g M D A w M D A g b g 0 K M D A w M D E x M z g 1 M C A w M D A w M C B u D Q o w M D A w M T E z O D k 4 I D A w M D A w I G 4 N C j A w M D A x M T M 5 N D U g M D A w M D A g b g 0 K M D A w M D E x M z k 5 M S A w M D A w M C B u D Q o w M D A w M T E 0 M D M 4 I D A w M D A w I G 4 N C j A w M D A x M T Q w O D U g M D A w M D A g b g 0 K M D A w M D E x N D E z M S A w M D A w M C B u D Q o w M D A w M T E 0 M T c 4 I D A w M D A w I G 4 N C j A w M D A x M T Q y M j Q g M D A w M D A g b g 0 K M D A w M D E x N D I 3 M S A w M D A w M C B u D Q o w M D A w M T E 0 M z E 3 I D A w M D A w I G 4 N C j A w M D A x M T Q z N j Q g M D A w M D A g b g 0 K M D A w M D E x N D Q x M C A w M D A w M C B u D Q o w M D A w M T E 0 N D U 2 I D A w M D A w I G 4 N C j A w M D A x M T Q 1 M D I g M D A w M D A g b g 0 K M D A w M D E x N D U 0 O C A w M D A w M C B u D Q o w M D A w M T E 0 N T k 0 I D A w M D A w I G 4 N C j A w M D A x M T Q 2 N D A g M D A w M D A g b g 0 K M D A w M D E x N D Y 4 N i A w M D A w M C B u D Q o w M D A w M T E 0 N z M y I D A w M D A w I G 4 N C j A w M D A x M T Q 3 N z k g M D A w M D A g b g 0 K M D A w M D E x N D g y N S A w M D A w M C B u D Q o w M D A w M T E 0 O D c x I D A w M D A w I G 4 N C j A w M D A x M T Q 5 M T c g M D A w M D A g b g 0 K M D A w M D E x N D k 2 N C A w M D A w M C B u D Q o w M D A w M T E 1 M D E w I D A w M D A w I G 4 N C j A w M D A x M T U w N T Y g M D A w M D A g b g 0 K M D A w M D E x N T E w M y A w M D A w M C B u D Q o w M D A w M T E 1 M T U w I D A w M D A w I G 4 N C j A w M D A x M T U x O T Y g M D A w M D A g b g 0 K M D A w M D E x N T I 0 M i A w M D A w M C B u D Q o w M D A w M T E 1 M j g 5 I D A w M D A w I G 4 N C j A w M D A x M T U z M z U g M D A w M D A g b g 0 K M D A w M D E x N T M 4 M i A w M D A w M C B u D Q o w M D A w M T E 1 N D I 4 I D A w M D A w I G 4 N C j A w M D A x M T U 0 N z U g M D A w M D A g b g 0 K M D A w M D E x N T U y M i A w M D A w M C B u D Q o w M D A w M T E 1 N T Y 5 I D A w M D A w I G 4 N C j A w M D A x M T U 2 M T Y g M D A w M D A g b g 0 K M D A w M D E x N T Y 2 M y A w M D A w M C B u D Q o w M D A w M T E 1 N z E w I D A w M D A w I G 4 N C j A w M D A x M T U 3 N T c g M D A w M D A g b g 0 K M D A w M D E x N T g w N C A w M D A w M C B u D Q o w M D A w M T E 1 O D U x I D A w M D A w I G 4 N C j A w M D A x M T U 4 O T g g M D A w M D A g b g 0 K M D A w M D E x N T k 0 N S A w M D A w M C B u D Q o w M D A w M T E 1 O T k y I D A w M D A w I G 4 N C j A w M D A x M T Y w M z k g M D A w M D A g b g 0 K M D A w M D E x N j A 4 N i A w M D A w M C B u D Q o w M D A w M T E 2 M T M z I D A w M D A w I G 4 N C j A w M D A x M T Y x O D A g M D A w M D A g b g 0 K M D A w M D E x N j I y N y A w M D A w M C B u D Q o w M D A w M T E 2 M j c 0 I D A w M D A w I G 4 N C j A w M D A x M T Y z M j E g M D A w M D A g b g 0 K M D A w M D E x N j M 2 O C A w M D A w M C B u D Q o w M D A w M T E 2 N D E 1 I D A w M D A w I G 4 N C j A w M D A x M T Y 0 N j I g M D A w M D A g b g 0 K M D A w M D E x N j U w O S A w M D A w M C B u D Q o w M D A w M T E 2 N T U 2 I D A w M D A w I G 4 N C j A w M D A x M T Y 2 M D I g M D A w M D A g b g 0 K M D A w M D E x N j Y 0 O S A w M D A w M C B u D Q o w M D A w M T E 2 N j k 2 I D A w M D A w I G 4 N C j A w M D A x M T Y 3 N D Q g M D A w M D A g b g 0 K M D A w M D E x N j c 5 M S A w M D A w M C B u D Q o w M D A w M T E 2 O D M 5 I D A w M D A w I G 4 N C j A w M D A x M T Y 4 O D Y g M D A w M D A g b g 0 K M D A w M D E x N j k z N C A w M D A w M C B u D Q o w M D A w M T E 2 O T g x I D A w M D A w I G 4 N C j A w M D A x M T c w M j g g M D A w M D A g b g 0 K M D A w M D E x N z A 3 N C A w M D A w M C B u D Q o w M D A w M T E 3 M T I x I D A w M D A w I G 4 N C j A w M D
"deleted" : false ,
"disable_correlation" : false ,
"object_relation" : "report-file(s)" ,
"timestamp" : "1613062958" ,
"to_ids" : false ,
"type" : "attachment" ,
"uuid" : "0a00eea3-720a-4bcd-a25f-da0e78f069a0" ,
"value" : "EGREGOR REPORT WEB FINAL.pdf"
}
]
} ,
{
"comment" : "-plocklist11" ,
"deleted" : false ,
"description" : "File object describing a file with meta-information" ,
"meta-category" : "file" ,
"name" : "file" ,
"template_uuid" : "688c46fb-5edb-40a3-8273-1af7923e2215" ,
"template_version" : "24" ,
"timestamp" : "1613063085" ,
"uuid" : "2cf059bf-c9bb-45ec-8081-24580591c28e" ,
"Attribute" : [
{
"category" : "Payload delivery" ,
"comment" : "" ,
"deleted" : false ,
"disable_correlation" : false ,
"object_relation" : "md5" ,
"timestamp" : "1613063085" ,
"to_ids" : true ,
"type" : "md5" ,
"uuid" : "06b7975a-6fd0-4920-8e9d-75a3b8c1a743" ,
"value" : "d0ab713f502d01ddf73694276f0199db"
} ,
{
"category" : "Payload delivery" ,
"comment" : "" ,
"deleted" : false ,
"disable_correlation" : true ,
"object_relation" : "filename" ,
"timestamp" : "1613063085" ,
"to_ids" : true ,
"type" : "filename" ,
"uuid" : "ee137f54-3dca-4384-be2a-075ee575a041" ,
"value" : "Salsa.dll"
} ,
{
"category" : "Other" ,
"comment" : "" ,
"deleted" : false ,
"disable_correlation" : true ,
"object_relation" : "state" ,
"timestamp" : "1613063085" ,
"to_ids" : false ,
"type" : "text" ,
"uuid" : "e04b61e4-98a5-4567-aa0d-fb959d35fcef" ,
"value" : "Malicious"
}
]
} ,
{
"comment" : "" ,
"deleted" : false ,
"description" : "File object describing a file with meta-information" ,
"meta-category" : "file" ,
"name" : "file" ,
"template_uuid" : "688c46fb-5edb-40a3-8273-1af7923e2215" ,
"template_version" : "24" ,
"timestamp" : "1613063139" ,
"uuid" : "a3ea3a58-f109-43b1-b078-9e11b542313c" ,
"Attribute" : [
{
"category" : "Payload delivery" ,
"comment" : "" ,
"deleted" : false ,
"disable_correlation" : false ,
"object_relation" : "md5" ,
"timestamp" : "1613063139" ,
"to_ids" : true ,
"type" : "md5" ,
"uuid" : "06b80f1d-ef11-4a06-876b-8f09544747ac" ,
"value" : "d20cd3f8f0ecc34fa400edf72687b215"
} ,
{
"category" : "Payload delivery" ,
"comment" : "" ,
"deleted" : false ,
"disable_correlation" : true ,
"object_relation" : "filename" ,
"timestamp" : "1613063139" ,
"to_ids" : true ,
"type" : "filename" ,
"uuid" : "77d3c781-f7f5-49b0-89bb-9738beba14fe" ,
"value" : "Salsa.dll"
} ,
{
"category" : "Other" ,
"comment" : "" ,
"deleted" : false ,
"disable_correlation" : true ,
"object_relation" : "state" ,
"timestamp" : "1613063139" ,
"to_ids" : false ,
"type" : "text" ,
"uuid" : "10554a11-03f0-4bb1-ad2a-2aa5b804882c" ,
"value" : "Malicious"
}
]
} ,
{
"comment" : "PowerTool v2 x64" ,
"deleted" : false ,
"description" : "File object describing a file with meta-information" ,
"meta-category" : "file" ,
"name" : "file" ,
"template_uuid" : "688c46fb-5edb-40a3-8273-1af7923e2215" ,
"template_version" : "24" ,
"timestamp" : "1613168590" ,
"uuid" : "63d7f5b9-41c5-4f44-ace0-26e11e0cc229" ,
"ObjectReference" : [
{
"comment" : "" ,
"object_uuid" : "63d7f5b9-41c5-4f44-ace0-26e11e0cc229" ,
"referenced_uuid" : "b22441f3-3561-404b-8d8a-fa996e2ea559" ,
"relationship_type" : "analysed-with" ,
"timestamp" : "0" ,
"uuid" : "82a76fdc-66c0-4ec6-8dbb-ff3d2cb7f75c"
}
] ,
"Attribute" : [
{
"category" : "Payload delivery" ,
"comment" : "" ,
"deleted" : false ,
"disable_correlation" : false ,
"object_relation" : "md5" ,
"timestamp" : "1613063248" ,
"to_ids" : true ,
"type" : "md5" ,
"uuid" : "6fa1c60e-564f-4280-a690-28217fe7499f" ,
"value" : "3fadbe9038c51c12014818f172e43a7d"
} ,
{
"category" : "Payload delivery" ,
"comment" : "" ,
"deleted" : false ,
"disable_correlation" : true ,
"object_relation" : "filename" ,
"timestamp" : "1613063248" ,
"to_ids" : true ,
"type" : "filename" ,
"uuid" : "4a438a13-3cb6-4e87-8035-412b804b4c16" ,
"value" : "777.exe"
}
]
} ,
{
"comment" : "" ,
"deleted" : false ,
"description" : "Email object describing an email with meta-information" ,
"meta-category" : "network" ,
"name" : "email" ,
"template_uuid" : "a0c666e0-fc65-4be8-b48f-3423d788b552" ,
"template_version" : "15" ,
"timestamp" : "1613063304" ,
"uuid" : "f2936b0e-ae7a-42eb-bace-3a0bad808bc3" ,
"Attribute" : [
{
"category" : "Payload delivery" ,
"comment" : "" ,
"deleted" : false ,
"disable_correlation" : false ,
"object_relation" : "from" ,
"timestamp" : "1613063304" ,
"to_ids" : true ,
"type" : "email-src" ,
"uuid" : "d508bbc3-1efd-453f-a772-7b4b4bca724d" ,
"value" : "tacok79159@tjuln.com"
}
]
} ,
{
"comment" : "" ,
"deleted" : false ,
"description" : "File object describing a file with meta-information" ,
"meta-category" : "file" ,
"name" : "file" ,
"template_uuid" : "688c46fb-5edb-40a3-8273-1af7923e2215" ,
"template_version" : "22" ,
"timestamp" : "1613063575" ,
"uuid" : "5ad71033-a9bc-4b2f-9cc1-e88e9ef18061" ,
"ObjectReference" : [
{
"comment" : "" ,
"object_uuid" : "5ad71033-a9bc-4b2f-9cc1-e88e9ef18061" ,
"referenced_uuid" : "0e312499-9395-4abe-9028-45e95f2f4fbf" ,
"relationship_type" : "analysed-with" ,
"timestamp" : "0" ,
"uuid" : "9f73ab05-47a6-4b78-afdc-f33de338207e"
}
] ,
"Attribute" : [
{
"category" : "Payload delivery" ,
"comment" : "" ,
"deleted" : false ,
"disable_correlation" : false ,
"object_relation" : "md5" ,
"timestamp" : "1613063248" ,
"to_ids" : true ,
"type" : "md5" ,
"uuid" : "921e6fbc-528b-4d56-a253-251dbeafbe5f" ,
"value" : "3fadbe9038c51c12014818f172e43a7d"
} ,
{
"category" : "Payload delivery" ,
"comment" : "" ,
"deleted" : false ,
"disable_correlation" : false ,
"object_relation" : "sha1" ,
"timestamp" : "1613063248" ,
"to_ids" : true ,
"type" : "sha1" ,
"uuid" : "77b3780a-d004-4c81-bd07-4365228b8779" ,
"value" : "a8d17bd6fcee5b9ce9287f2c6742377b0c24d9d7"
} ,
{
"category" : "Payload delivery" ,
"comment" : "" ,
"deleted" : false ,
"disable_correlation" : false ,
"object_relation" : "sha256" ,
"timestamp" : "1613063248" ,
"to_ids" : true ,
"type" : "sha256" ,
"uuid" : "e71819ef-6c31-46f8-bb19-2d0ea7d47b8e" ,
"value" : "8faf377f0386ff3cbb39e9131ef03161f7a5c26ef38fb601106898d85ebbfd2c"
}
]
} ,
{
"comment" : "" ,
"deleted" : false ,
"description" : "VirusTotal report" ,
"meta-category" : "misc" ,
"name" : "virustotal-report" ,
"template_uuid" : "d7dd0154-e04f-4c34-a2fb-79f3a3a52aa4" ,
"template_version" : "3" ,
"timestamp" : "1613063575" ,
"uuid" : "0e312499-9395-4abe-9028-45e95f2f4fbf" ,
"Attribute" : [
{
"category" : "Other" ,
"comment" : "" ,
"deleted" : false ,
"disable_correlation" : false ,
"object_relation" : "last-submission" ,
"timestamp" : "1613063248" ,
"to_ids" : false ,
"type" : "datetime" ,
"uuid" : "15228703-593c-40d2-a43a-415ee6399a30" ,
"value" : "2021-02-06T03:45:11+00:00"
} ,
{
"category" : "Payload delivery" ,
"comment" : "" ,
"deleted" : false ,
"disable_correlation" : false ,
"object_relation" : "permalink" ,
"timestamp" : "1613063248" ,
"to_ids" : false ,
"type" : "link" ,
"uuid" : "bf9a0f9e-2ef9-4281-85af-dd21d2c602a6" ,
"value" : "https://www.virustotal.com/gui/file/8faf377f0386ff3cbb39e9131ef03161f7a5c26ef38fb601106898d85ebbfd2c/detection/f-8faf377f0386ff3cbb39e9131ef03161f7a5c26ef38fb601106898d85ebbfd2c-1612583111"
} ,
{
"category" : "Payload delivery" ,
"comment" : "" ,
"deleted" : false ,
"disable_correlation" : true ,
"object_relation" : "detection-ratio" ,
"timestamp" : "1613063248" ,
"to_ids" : false ,
"type" : "text" ,
"uuid" : "fdb16f2c-a00a-4ca9-b5fc-2e4386023691" ,
"value" : "20/69"
}
]
} ,
{
"comment" : "" ,
"deleted" : false ,
"description" : "File object describing a file with meta-information" ,
"meta-category" : "file" ,
"name" : "file" ,
"template_uuid" : "688c46fb-5edb-40a3-8273-1af7923e2215" ,
"template_version" : "24" ,
"timestamp" : "1613137572" ,
"uuid" : "7a5449ce-4045-483d-b35d-dfc66a616bd6" ,
"Attribute" : [
{
"category" : "Payload delivery" ,
"comment" : "" ,
"deleted" : false ,
"disable_correlation" : true ,
"object_relation" : "filename" ,
"timestamp" : "1613137572" ,
"to_ids" : true ,
"type" : "filename" ,
"uuid" : "75dae182-96ef-4f56-9e91-5d88d58ea05e" ,
"value" : "32x.exe"
}
]
} ,
{
"comment" : "Tool used" ,
"deleted" : false ,
"description" : "File object describing a file with meta-information" ,
"meta-category" : "file" ,
"name" : "file" ,
"template_uuid" : "688c46fb-5edb-40a3-8273-1af7923e2215" ,
"template_version" : "24" ,
"timestamp" : "1613143164" ,
"uuid" : "a8074bad-06e1-49f3-86d8-4b19e56a4ae0" ,
"Attribute" : [
{
"category" : "Payload delivery" ,
"comment" : "" ,
"deleted" : false ,
"disable_correlation" : false ,
"object_relation" : "md5" ,
"timestamp" : "1613143161" ,
"to_ids" : false ,
"type" : "md5" ,
"uuid" : "fe08a8bc-1aff-455a-8386-53aa2aba8bce" ,
"value" : "365aa18cadc5b80a9b5ca5950690c7f8"
} ,
{
"category" : "Payload delivery" ,
"comment" : "" ,
"deleted" : false ,
"disable_correlation" : true ,
"object_relation" : "filename" ,
"timestamp" : "1613143164" ,
"to_ids" : false ,
"type" : "filename" ,
"uuid" : "4e803d9d-60d5-4f8a-a3b5-c7dc90be66c9" ,
"value" : "AnyDesk.exe"
}
]
} ,
{
"comment" : "Tool used" ,
"deleted" : false ,
"description" : "File object describing a file with meta-information" ,
"meta-category" : "file" ,
"name" : "file" ,
"template_uuid" : "688c46fb-5edb-40a3-8273-1af7923e2215" ,
"template_version" : "24" ,
"timestamp" : "1613143132" ,
"uuid" : "18f4b83c-0e6d-4cda-bc99-a33bfafdee4a" ,
"Attribute" : [
{
"category" : "Payload delivery" ,
"comment" : "" ,
"deleted" : false ,
"disable_correlation" : false ,
"object_relation" : "md5" ,
"timestamp" : "1613143130" ,
"to_ids" : false ,
"type" : "md5" ,
"uuid" : "a2671388-17cd-4278-936c-c95efbdc97f2" ,
"value" : "00283740140dbe5c227bd15733d7a3b6"
} ,
{
"category" : "Payload delivery" ,
"comment" : "" ,
"deleted" : false ,
"disable_correlation" : true ,
"object_relation" : "filename" ,
"timestamp" : "1613143132" ,
"to_ids" : false ,
"type" : "filename" ,
"uuid" : "d2892400-5b1a-4b1c-8a30-0c3d3c167a28" ,
"value" : "Supremo.exe"
}
]
} ,
{
"comment" : "Tool used" ,
"deleted" : false ,
"description" : "File object describing a file with meta-information" ,
"meta-category" : "file" ,
"name" : "file" ,
"template_uuid" : "688c46fb-5edb-40a3-8273-1af7923e2215" ,
"template_version" : "24" ,
"timestamp" : "1613143138" ,
"uuid" : "c4538780-11c9-4a5c-8d0d-7434ff9181dc" ,
"Attribute" : [
{
"category" : "Payload delivery" ,
"comment" : "" ,
"deleted" : false ,
"disable_correlation" : false ,
"object_relation" : "md5" ,
"timestamp" : "1613143138" ,
"to_ids" : false ,
"type" : "md5" ,
"uuid" : "27cc0c4c-e005-4dee-90d6-904a495515ab" ,
"value" : "b04f9b4feac14cff959718b69b7bbeaf"
} ,
{
"category" : "Payload delivery" ,
"comment" : "" ,
"deleted" : false ,
"disable_correlation" : true ,
"object_relation" : "filename" ,
"timestamp" : "1613143136" ,
"to_ids" : false ,
"type" : "filename" ,
"uuid" : "77293b65-c7e1-4bc6-a361-a7b5973413af" ,
"value" : "MEGAsyncSetup64.exe"
}
]
} ,
{
"comment" : "Tool used\r\nhttps://www.softperfect.com/download/files/netscan_portable.zip" ,
"deleted" : false ,
"description" : "File object describing a file with meta-information" ,
"meta-category" : "file" ,
"name" : "file" ,
"template_uuid" : "688c46fb-5edb-40a3-8273-1af7923e2215" ,
"template_version" : "24" ,
"timestamp" : "1613143141" ,
"uuid" : "fed58fdc-7c0c-4002-bbef-86fb4726a3da" ,
"Attribute" : [
{
"category" : "Payload delivery" ,
"comment" : "" ,
"deleted" : false ,
"disable_correlation" : true ,
"object_relation" : "filename" ,
"timestamp" : "1613143141" ,
"to_ids" : false ,
"type" : "filename" ,
"uuid" : "423c7620-93f5-402b-81a4-dd0bb33733f6" ,
"value" : "Netscan.exe"
}
]
} ,
{
"comment" : "Tool used" ,
"deleted" : false ,
"description" : "File object describing a file with meta-information" ,
"meta-category" : "file" ,
"name" : "file" ,
"template_uuid" : "688c46fb-5edb-40a3-8273-1af7923e2215" ,
"template_version" : "24" ,
"timestamp" : "1613143102" ,
"uuid" : "f8579a05-7f96-4268-82cf-645c0045ca55" ,
"Attribute" : [
{
"category" : "Payload delivery" ,
"comment" : "" ,
"deleted" : false ,
"disable_correlation" : false ,
"object_relation" : "md5" ,
"timestamp" : "1613143102" ,
"to_ids" : false ,
"type" : "md5" ,
"uuid" : "a8657e7d-b763-473d-bcf8-db2e670d98fa" ,
"value" : "7af4a442683662b020fd391e26666958"
} ,
{
"category" : "Payload delivery" ,
"comment" : "" ,
"deleted" : false ,
"disable_correlation" : true ,
"object_relation" : "filename" ,
"timestamp" : "1613143102" ,
"to_ids" : false ,
"type" : "filename" ,
"uuid" : "fd2f804a-bec6-4afc-a40c-5abc96007880" ,
"value" : "Chromesetup.exe"
}
]
} ,
{
"comment" : "Tool used\r\nhttps://www.7-zip.org/download.html" ,
"deleted" : false ,
"description" : "File object describing a file with meta-information" ,
"meta-category" : "file" ,
"name" : "file" ,
"template_uuid" : "688c46fb-5edb-40a3-8273-1af7923e2215" ,
"template_version" : "24" ,
"timestamp" : "1613143205" ,
"uuid" : "0fd6102f-fcb0-4b78-aca8-f9271ea0f1f8" ,
"Attribute" : [
{
"category" : "Payload delivery" ,
"comment" : "" ,
"deleted" : false ,
"disable_correlation" : false ,
"object_relation" : "md5" ,
"timestamp" : "1613143205" ,
"to_ids" : false ,
"type" : "md5" ,
"uuid" : "47610694-9fc2-4aa0-8e83-51aab19fb528" ,
"value" : "fabe184f6721e640474e1497c69ffc98"
} ,
{
"category" : "Payload delivery" ,
"comment" : "" ,
"deleted" : false ,
"disable_correlation" : true ,
"object_relation" : "filename" ,
"timestamp" : "1613143205" ,
"to_ids" : false ,
"type" : "filename" ,
"uuid" : "4e34827d-a39b-40ff-8384-3ac7c2f5e226" ,
"value" : "7z1900.exe"
}
]
} ,
{
"comment" : "Tool used\r\nSysinternals" ,
"deleted" : false ,
"description" : "File object describing a file with meta-information" ,
"meta-category" : "file" ,
"name" : "file" ,
"template_uuid" : "688c46fb-5edb-40a3-8273-1af7923e2215" ,
"template_version" : "24" ,
"timestamp" : "1613143350" ,
"uuid" : "0b2884d2-bc50-4685-a67b-8d991954a6cb" ,
"Attribute" : [
{
"category" : "Payload delivery" ,
"comment" : "" ,
"deleted" : false ,
"disable_correlation" : false ,
"object_relation" : "md5" ,
"timestamp" : "1613143350" ,
"to_ids" : false ,
"type" : "md5" ,
"uuid" : "d5d58ad1-3d51-4a00-9aee-2f7161c30962" ,
"value" : "27304b246c7d5b4e149124d5f93c5b01"
} ,
{
"category" : "Payload delivery" ,
"comment" : "" ,
"deleted" : false ,
"disable_correlation" : true ,
"object_relation" : "filename" ,
"timestamp" : "1613143350" ,
"to_ids" : false ,
"type" : "filename" ,
"uuid" : "431dea9d-c22b-4b68-a1f4-585d47383f94" ,
"value" : "PsExec.exe"
}
]
} ,
{
"comment" : "Tool used\r\nSysinternals" ,
"deleted" : false ,
"description" : "File object describing a file with meta-information" ,
"meta-category" : "file" ,
"name" : "file" ,
"template_uuid" : "688c46fb-5edb-40a3-8273-1af7923e2215" ,
"template_version" : "24" ,
"timestamp" : "1613143396" ,
"uuid" : "83a484b6-76fb-4f76-9678-aa8ce5b58a33" ,
"Attribute" : [
{
"category" : "Payload delivery" ,
"comment" : "" ,
"deleted" : false ,
"disable_correlation" : false ,
"object_relation" : "md5" ,
"timestamp" : "1613143396" ,
"to_ids" : false ,
"type" : "md5" ,
"uuid" : "cdc3541b-bf02-44f4-82b8-748033aae5e7" ,
"value" : "f41a1afc4cfb95f35cd92da98d90c27b"
} ,
{
"category" : "Payload delivery" ,
"comment" : "" ,
"deleted" : false ,
"disable_correlation" : true ,
"object_relation" : "filename" ,
"timestamp" : "1613143396" ,
"to_ids" : false ,
"type" : "filename" ,
"uuid" : "c2ce4ad5-6849-4efc-b172-e392509a70a0" ,
"value" : "sdelete.exe"
}
]
} ,
{
"comment" : "" ,
"deleted" : false ,
"description" : "File object describing a file with meta-information" ,
"meta-category" : "file" ,
"name" : "file" ,
"template_uuid" : "688c46fb-5edb-40a3-8273-1af7923e2215" ,
"template_version" : "22" ,
"timestamp" : "1613168590" ,
"uuid" : "49deb639-c2c2-4827-9432-eb26dfa7eda3" ,
"ObjectReference" : [
{
"comment" : "" ,
"object_uuid" : "49deb639-c2c2-4827-9432-eb26dfa7eda3" ,
"referenced_uuid" : "747a5248-50e1-4f7f-9613-8ad4e705c566" ,
"relationship_type" : "analysed-with" ,
"timestamp" : "0" ,
"uuid" : "06eaa060-b56d-4041-856a-2df9c1284905"
}
] ,
"Attribute" : [
{
"category" : "Payload delivery" ,
"comment" : "" ,
"deleted" : false ,
"disable_correlation" : false ,
"object_relation" : "md5" ,
"timestamp" : "1613143161" ,
"to_ids" : true ,
"type" : "md5" ,
"uuid" : "fb65d370-7363-49c9-8e3b-b5781564ba6a" ,
"value" : "365aa18cadc5b80a9b5ca5950690c7f8"
} ,
{
"category" : "Payload delivery" ,
"comment" : "" ,
"deleted" : false ,
"disable_correlation" : false ,
"object_relation" : "sha1" ,
"timestamp" : "1613143161" ,
"to_ids" : true ,
"type" : "sha1" ,
"uuid" : "ea8a5e44-e485-4911-9891-d51004feae2c" ,
"value" : "16c33a2907264382715fba2061e4ff803a41c629"
} ,
{
"category" : "Payload delivery" ,
"comment" : "" ,
"deleted" : false ,
"disable_correlation" : false ,
"object_relation" : "sha256" ,
"timestamp" : "1613143161" ,
"to_ids" : true ,
"type" : "sha256" ,
"uuid" : "1e911a5c-1e1a-4a51-a864-8553da922914" ,
"value" : "4de898c139fb5251479ca6f9ec044cac4d83a2f5d1113b7a4b8f13468a130c97"
}
]
} ,
{
"comment" : "" ,
"deleted" : false ,
"description" : "VirusTotal report" ,
"meta-category" : "misc" ,
"name" : "virustotal-report" ,
"template_uuid" : "d7dd0154-e04f-4c34-a2fb-79f3a3a52aa4" ,
"template_version" : "3" ,
"timestamp" : "1613168590" ,
"uuid" : "747a5248-50e1-4f7f-9613-8ad4e705c566" ,
"Attribute" : [
{
"category" : "Other" ,
"comment" : "" ,
"deleted" : false ,
"disable_correlation" : false ,
"object_relation" : "last-submission" ,
"timestamp" : "1613143161" ,
"to_ids" : false ,
"type" : "datetime" ,
"uuid" : "7f7700cc-f79c-421f-b95f-df885bf93ae9" ,
"value" : "2021-02-11T19:56:31+00:00"
} ,
{
"category" : "Payload delivery" ,
"comment" : "" ,
"deleted" : false ,
"disable_correlation" : false ,
"object_relation" : "permalink" ,
"timestamp" : "1613143161" ,
"to_ids" : false ,
"type" : "link" ,
"uuid" : "579fb04e-ec48-42dc-9abe-5c3dc8d5fd8b" ,
"value" : "https://www.virustotal.com/gui/file/4de898c139fb5251479ca6f9ec044cac4d83a2f5d1113b7a4b8f13468a130c97/detection/f-4de898c139fb5251479ca6f9ec044cac4d83a2f5d1113b7a4b8f13468a130c97-1613073391"
} ,
{
"category" : "Payload delivery" ,
"comment" : "" ,
"deleted" : false ,
"disable_correlation" : true ,
"object_relation" : "detection-ratio" ,
"timestamp" : "1613143161" ,
"to_ids" : false ,
"type" : "text" ,
"uuid" : "72d4f9db-c7de-457a-964e-06dc8bfe0ba1" ,
"value" : "0/69"
}
]
} ,
{
"comment" : "" ,
"deleted" : false ,
"description" : "File object describing a file with meta-information" ,
"meta-category" : "file" ,
"name" : "file" ,
"template_uuid" : "688c46fb-5edb-40a3-8273-1af7923e2215" ,
"template_version" : "22" ,
"timestamp" : "1613168590" ,
"uuid" : "b2a0e9be-8266-4563-84af-71c7a50340b5" ,
"ObjectReference" : [
{
"comment" : "" ,
"object_uuid" : "b2a0e9be-8266-4563-84af-71c7a50340b5" ,
"referenced_uuid" : "76476e47-b0f8-4fd5-bf5a-e1c5c3306583" ,
"relationship_type" : "analysed-with" ,
"timestamp" : "0" ,
"uuid" : "4db75048-d413-4dd7-a3f6-261623b44287"
}
] ,
"Attribute" : [
{
"category" : "Payload delivery" ,
"comment" : "" ,
"deleted" : false ,
"disable_correlation" : false ,
"object_relation" : "md5" ,
"timestamp" : "1613143205" ,
"to_ids" : true ,
"type" : "md5" ,
"uuid" : "a450fb28-a43f-4b21-b179-fdd864c60a7a" ,
"value" : "fabe184f6721e640474e1497c69ffc98"
} ,
{
"category" : "Payload delivery" ,
"comment" : "" ,
"deleted" : false ,
"disable_correlation" : false ,
"object_relation" : "sha1" ,
"timestamp" : "1613143205" ,
"to_ids" : true ,
"type" : "sha1" ,
"uuid" : "25003c2f-d41f-48bf-9163-19f5d5e48c1c" ,
"value" : "2f23a6389470db5d0dd2095d64939657d8d3ea9d"
} ,
{
"category" : "Payload delivery" ,
"comment" : "" ,
"deleted" : false ,
"disable_correlation" : false ,
"object_relation" : "sha256" ,
"timestamp" : "1613143205" ,
"to_ids" : true ,
"type" : "sha256" ,
"uuid" : "eade295d-4402-46af-8989-f2e9fb9878c8" ,
"value" : "759aa04d5b03ebeee13ba01df554e8c962ca339c74f56627c8bed6984bb7ef80"
}
]
} ,
{
"comment" : "" ,
"deleted" : false ,
"description" : "VirusTotal report" ,
"meta-category" : "misc" ,
"name" : "virustotal-report" ,
"template_uuid" : "d7dd0154-e04f-4c34-a2fb-79f3a3a52aa4" ,
"template_version" : "3" ,
"timestamp" : "1613168590" ,
"uuid" : "76476e47-b0f8-4fd5-bf5a-e1c5c3306583" ,
"Attribute" : [
{
"category" : "Other" ,
"comment" : "" ,
"deleted" : false ,
"disable_correlation" : false ,
"object_relation" : "last-submission" ,
"timestamp" : "1613143205" ,
"to_ids" : false ,
"type" : "datetime" ,
"uuid" : "d9a0235b-f1a4-4eaa-8de4-92665efc8cbd" ,
"value" : "2021-02-12T17:18:27+00:00"
} ,
{
"category" : "Payload delivery" ,
"comment" : "" ,
"deleted" : false ,
"disable_correlation" : false ,
"object_relation" : "permalink" ,
"timestamp" : "1613143205" ,
"to_ids" : false ,
"type" : "link" ,
"uuid" : "99d8d730-ba8b-404f-9b55-f04df5e0e0d0" ,
"value" : "https://www.virustotal.com/gui/file/759aa04d5b03ebeee13ba01df554e8c962ca339c74f56627c8bed6984bb7ef80/detection/f-759aa04d5b03ebeee13ba01df554e8c962ca339c74f56627c8bed6984bb7ef80-1613150307"
} ,
{
"category" : "Payload delivery" ,
"comment" : "" ,
"deleted" : false ,
"disable_correlation" : true ,
"object_relation" : "detection-ratio" ,
"timestamp" : "1613143205" ,
"to_ids" : false ,
"type" : "text" ,
"uuid" : "9ed39fba-af99-46d3-b40c-acd7bd61d5c4" ,
"value" : "0/68"
}
]
} ,
{
"comment" : "" ,
"deleted" : false ,
"description" : "File object describing a file with meta-information" ,
"meta-category" : "file" ,
"name" : "file" ,
"template_uuid" : "688c46fb-5edb-40a3-8273-1af7923e2215" ,
"template_version" : "22" ,
"timestamp" : "1613168590" ,
"uuid" : "eafad8c7-10ef-40e1-8855-31ac9348109f" ,
"ObjectReference" : [
{
"comment" : "" ,
"object_uuid" : "eafad8c7-10ef-40e1-8855-31ac9348109f" ,
"referenced_uuid" : "97c200ee-bddf-4ed8-8d67-56e294ff5bc6" ,
"relationship_type" : "analysed-with" ,
"timestamp" : "0" ,
"uuid" : "e4346912-71e3-4ac7-9b11-2962ad1f075b"
}
] ,
"Attribute" : [
{
"category" : "Payload delivery" ,
"comment" : "" ,
"deleted" : false ,
"disable_correlation" : false ,
"object_relation" : "md5" ,
"timestamp" : "1613143350" ,
"to_ids" : true ,
"type" : "md5" ,
"uuid" : "2f54757b-0e6a-44f3-996a-24d9504df971" ,
"value" : "27304b246c7d5b4e149124d5f93c5b01"
} ,
{
"category" : "Payload delivery" ,
"comment" : "" ,
"deleted" : false ,
"disable_correlation" : false ,
"object_relation" : "sha1" ,
"timestamp" : "1613143350" ,
"to_ids" : true ,
"type" : "sha1" ,
"uuid" : "e8c26212-6ebe-4991-8ce6-8aeada40ffad" ,
"value" : "e50d9e3bd91908e13a26b3e23edeaf577fb3a095"
} ,
{
"category" : "Payload delivery" ,
"comment" : "" ,
"deleted" : false ,
"disable_correlation" : false ,
"object_relation" : "sha256" ,
"timestamp" : "1613143350" ,
"to_ids" : true ,
"type" : "sha256" ,
"uuid" : "505eb4bb-7f43-40b4-92a0-cd26ff8f7e65" ,
"value" : "3337e3875b05e0bfba69ab926532e3f179e8cfbf162ebb60ce58a0281437a7ef"
}
]
} ,
{
"comment" : "" ,
"deleted" : false ,
"description" : "VirusTotal report" ,
"meta-category" : "misc" ,
"name" : "virustotal-report" ,
"template_uuid" : "d7dd0154-e04f-4c34-a2fb-79f3a3a52aa4" ,
"template_version" : "3" ,
"timestamp" : "1613168590" ,
"uuid" : "97c200ee-bddf-4ed8-8d67-56e294ff5bc6" ,
"Attribute" : [
{
"category" : "Other" ,
"comment" : "" ,
"deleted" : false ,
"disable_correlation" : false ,
"object_relation" : "last-submission" ,
"timestamp" : "1613143350" ,
"to_ids" : false ,
"type" : "datetime" ,
"uuid" : "d498021c-ff37-444d-bc1a-c2e0b410b1a5" ,
"value" : "2021-02-12T10:07:36+00:00"
} ,
{
"category" : "Payload delivery" ,
"comment" : "" ,
"deleted" : false ,
"disable_correlation" : false ,
"object_relation" : "permalink" ,
"timestamp" : "1613143350" ,
"to_ids" : false ,
"type" : "link" ,
"uuid" : "49c34366-962b-42f1-ae48-21fc00969ef3" ,
"value" : "https://www.virustotal.com/gui/file/3337e3875b05e0bfba69ab926532e3f179e8cfbf162ebb60ce58a0281437a7ef/detection/f-3337e3875b05e0bfba69ab926532e3f179e8cfbf162ebb60ce58a0281437a7ef-1613124456"
} ,
{
"category" : "Payload delivery" ,
"comment" : "" ,
"deleted" : false ,
"disable_correlation" : true ,
"object_relation" : "detection-ratio" ,
"timestamp" : "1613143350" ,
"to_ids" : false ,
"type" : "text" ,
"uuid" : "2fdb8139-b3a6-49eb-a7f6-273883ca2f54" ,
"value" : "1/70"
}
]
} ,
{
"comment" : "" ,
"deleted" : false ,
"description" : "File object describing a file with meta-information" ,
"meta-category" : "file" ,
"name" : "file" ,
"template_uuid" : "688c46fb-5edb-40a3-8273-1af7923e2215" ,
"template_version" : "22" ,
"timestamp" : "1613168590" ,
"uuid" : "1abfca9e-ff3b-46b7-a292-f1da37e5ce53" ,
"ObjectReference" : [
{
"comment" : "" ,
"object_uuid" : "1abfca9e-ff3b-46b7-a292-f1da37e5ce53" ,
"referenced_uuid" : "0827ed8f-d0ce-4620-a5f6-7ba8cb064fd2" ,
"relationship_type" : "analysed-with" ,
"timestamp" : "0" ,
"uuid" : "2a331b58-0f0e-4d9b-8882-2130204ccf0e"
}
] ,
"Attribute" : [
{
"category" : "Payload delivery" ,
"comment" : "" ,
"deleted" : false ,
"disable_correlation" : false ,
"object_relation" : "md5" ,
"timestamp" : "1613143130" ,
"to_ids" : true ,
"type" : "md5" ,
"uuid" : "4d266fc6-893e-43c5-8c1a-9a95ffd1a087" ,
"value" : "00283740140dbe5c227bd15733d7a3b6"
} ,
{
"category" : "Payload delivery" ,
"comment" : "" ,
"deleted" : false ,
"disable_correlation" : false ,
"object_relation" : "sha1" ,
"timestamp" : "1613143130" ,
"to_ids" : true ,
"type" : "sha1" ,
"uuid" : "332a7b4b-1d72-460c-bd63-2d362df3e8e4" ,
"value" : "a5e9003ff1514ef74fe8e39cb753cbc4f5b0b687"
} ,
{
"category" : "Payload delivery" ,
"comment" : "" ,
"deleted" : false ,
"disable_correlation" : false ,
"object_relation" : "sha256" ,
"timestamp" : "1613143130" ,
"to_ids" : true ,
"type" : "sha256" ,
"uuid" : "9f0e2663-7fe7-436a-b043-d7351e04c7d8" ,
"value" : "5944ff3d734b8d46394a4ca2a89db49bc727f6e2f6fc24142f489e5c5211d20b"
}
]
} ,
{
"comment" : "" ,
"deleted" : false ,
"description" : "VirusTotal report" ,
"meta-category" : "misc" ,
"name" : "virustotal-report" ,
"template_uuid" : "d7dd0154-e04f-4c34-a2fb-79f3a3a52aa4" ,
"template_version" : "3" ,
"timestamp" : "1613168590" ,
"uuid" : "0827ed8f-d0ce-4620-a5f6-7ba8cb064fd2" ,
"Attribute" : [
{
"category" : "Other" ,
"comment" : "" ,
"deleted" : false ,
"disable_correlation" : false ,
"object_relation" : "last-submission" ,
"timestamp" : "1613143130" ,
"to_ids" : false ,
"type" : "datetime" ,
"uuid" : "9013e2f0-e1c7-4d9f-82cd-8db5a75b52f8" ,
"value" : "2021-02-11T19:53:32+00:00"
} ,
{
"category" : "Payload delivery" ,
"comment" : "" ,
"deleted" : false ,
"disable_correlation" : false ,
"object_relation" : "permalink" ,
"timestamp" : "1613143130" ,
"to_ids" : false ,
"type" : "link" ,
"uuid" : "4aff0f4d-0fcc-4c62-8bb7-ec3c69b3f351" ,
"value" : "https://www.virustotal.com/gui/file/5944ff3d734b8d46394a4ca2a89db49bc727f6e2f6fc24142f489e5c5211d20b/detection/f-5944ff3d734b8d46394a4ca2a89db49bc727f6e2f6fc24142f489e5c5211d20b-1613073212"
} ,
{
"category" : "Payload delivery" ,
"comment" : "" ,
"deleted" : false ,
"disable_correlation" : true ,
"object_relation" : "detection-ratio" ,
"timestamp" : "1613143130" ,
"to_ids" : false ,
"type" : "text" ,
"uuid" : "8ea2bb4e-dfb3-4b36-aff3-a0cdb618a37e" ,
"value" : "0/69"
}
]
} ,
{
"comment" : "" ,
"deleted" : false ,
"description" : "VirusTotal report" ,
"meta-category" : "misc" ,
"name" : "virustotal-report" ,
"template_uuid" : "d7dd0154-e04f-4c34-a2fb-79f3a3a52aa4" ,
"template_version" : "3" ,
"timestamp" : "1613168590" ,
"uuid" : "b22441f3-3561-404b-8d8a-fa996e2ea559" ,
"Attribute" : [
{
"category" : "Other" ,
"comment" : "" ,
"deleted" : false ,
"disable_correlation" : false ,
"object_relation" : "last-submission" ,
"timestamp" : "1613063248" ,
"to_ids" : false ,
"type" : "datetime" ,
"uuid" : "8ae7b03b-6064-478f-b664-c85d0db1f71c" ,
"value" : "2021-02-12T19:08:32+00:00"
} ,
{
"category" : "Payload delivery" ,
"comment" : "" ,
"deleted" : false ,
"disable_correlation" : false ,
"object_relation" : "permalink" ,
"timestamp" : "1613063248" ,
"to_ids" : false ,
"type" : "link" ,
"uuid" : "defe6a8a-dddb-4a55-82fb-b3573b7f87e3" ,
"value" : "https://www.virustotal.com/gui/file/8faf377f0386ff3cbb39e9131ef03161f7a5c26ef38fb601106898d85ebbfd2c/detection/f-8faf377f0386ff3cbb39e9131ef03161f7a5c26ef38fb601106898d85ebbfd2c-1613156912"
} ,
{
"category" : "Payload delivery" ,
"comment" : "" ,
"deleted" : false ,
"disable_correlation" : true ,
"object_relation" : "detection-ratio" ,
"timestamp" : "1613063248" ,
"to_ids" : false ,
"type" : "text" ,
"uuid" : "fa51ad25-03c2-47b7-99c0-ffa616286b79" ,
"value" : "35/67"
}
]
} ,
{
"comment" : "" ,
"deleted" : false ,
"description" : "File object describing a file with meta-information" ,
"meta-category" : "file" ,
"name" : "file" ,
"template_uuid" : "688c46fb-5edb-40a3-8273-1af7923e2215" ,
"template_version" : "22" ,
"timestamp" : "1613168590" ,
"uuid" : "51189739-090d-4aef-91a4-19919d5351da" ,
"ObjectReference" : [
{
"comment" : "" ,
"object_uuid" : "51189739-090d-4aef-91a4-19919d5351da" ,
"referenced_uuid" : "3d9f587c-1c2c-4487-906b-049a8432d905" ,
"relationship_type" : "analysed-with" ,
"timestamp" : "0" ,
"uuid" : "8cbbb321-f13a-4546-9622-026be938dda9"
}
] ,
"Attribute" : [
{
"category" : "Payload delivery" ,
"comment" : "" ,
"deleted" : false ,
"disable_correlation" : false ,
"object_relation" : "md5" ,
"timestamp" : "1613143102" ,
"to_ids" : true ,
"type" : "md5" ,
"uuid" : "7dec5fe7-f1f8-42bd-bdc8-7936ebf3b17c" ,
"value" : "7af4a442683662b020fd391e26666958"
} ,
{
"category" : "Payload delivery" ,
"comment" : "" ,
"deleted" : false ,
"disable_correlation" : false ,
"object_relation" : "sha1" ,
"timestamp" : "1613143102" ,
"to_ids" : true ,
"type" : "sha1" ,
"uuid" : "1d495dc9-fc86-49c7-9845-5aef0b5198ef" ,
"value" : "226155d4b86497acd3d34f33e93f3d94ef176d0b"
} ,
{
"category" : "Payload delivery" ,
"comment" : "" ,
"deleted" : false ,
"disable_correlation" : false ,
"object_relation" : "sha256" ,
"timestamp" : "1613143102" ,
"to_ids" : true ,
"type" : "sha256" ,
"uuid" : "ac643b4a-29f9-405c-bcb1-8f4a7757ca7b" ,
"value" : "3592a1d10e880c1a3b8d62d76dc57bd054176c12f77a1b2a3d46721a89a414e9"
}
]
} ,
{
"comment" : "" ,
"deleted" : false ,
"description" : "VirusTotal report" ,
"meta-category" : "misc" ,
"name" : "virustotal-report" ,
"template_uuid" : "d7dd0154-e04f-4c34-a2fb-79f3a3a52aa4" ,
"template_version" : "3" ,
"timestamp" : "1613168590" ,
"uuid" : "3d9f587c-1c2c-4487-906b-049a8432d905" ,
"Attribute" : [
{
"category" : "Other" ,
"comment" : "" ,
"deleted" : false ,
"disable_correlation" : false ,
"object_relation" : "last-submission" ,
"timestamp" : "1613143102" ,
"to_ids" : false ,
"type" : "datetime" ,
"uuid" : "c5fd927f-97ed-467c-9703-d77fba079144" ,
"value" : "2021-02-12T18:23:43+00:00"
} ,
{
"category" : "Payload delivery" ,
"comment" : "" ,
"deleted" : false ,
"disable_correlation" : false ,
"object_relation" : "permalink" ,
"timestamp" : "1613143102" ,
"to_ids" : false ,
"type" : "link" ,
"uuid" : "8794fdd5-a550-40f0-8d3f-4809a6daca98" ,
"value" : "https://www.virustotal.com/gui/file/3592a1d10e880c1a3b8d62d76dc57bd054176c12f77a1b2a3d46721a89a414e9/detection/f-3592a1d10e880c1a3b8d62d76dc57bd054176c12f77a1b2a3d46721a89a414e9-1613154223"
} ,
{
"category" : "Payload delivery" ,
"comment" : "" ,
"deleted" : false ,
"disable_correlation" : true ,
"object_relation" : "detection-ratio" ,
"timestamp" : "1613143102" ,
"to_ids" : false ,
"type" : "text" ,
"uuid" : "9e624467-4acf-4449-8428-9b90ca3b644f" ,
"value" : "0/70"
}
]
} ,
{
"comment" : "" ,
"deleted" : false ,
"description" : "File object describing a file with meta-information" ,
"meta-category" : "file" ,
"name" : "file" ,
"template_uuid" : "688c46fb-5edb-40a3-8273-1af7923e2215" ,
"template_version" : "22" ,
"timestamp" : "1613168590" ,
"uuid" : "373e4c46-6e28-4c3e-af34-5887827e0ac2" ,
"ObjectReference" : [
{
"comment" : "" ,
"object_uuid" : "373e4c46-6e28-4c3e-af34-5887827e0ac2" ,
"referenced_uuid" : "40b097c3-8697-4a70-8912-d74e9607e00e" ,
"relationship_type" : "analysed-with" ,
"timestamp" : "0" ,
"uuid" : "e2690cac-bafd-47d4-a01e-b84ac1985371"
}
] ,
"Attribute" : [
{
"category" : "Payload delivery" ,
"comment" : "" ,
"deleted" : false ,
"disable_correlation" : false ,
"object_relation" : "md5" ,
"timestamp" : "1613143396" ,
"to_ids" : true ,
"type" : "md5" ,
"uuid" : "900defd9-f81d-490f-ba5b-ae800f8c856b" ,
"value" : "f41a1afc4cfb95f35cd92da98d90c27b"
} ,
{
"category" : "Payload delivery" ,
"comment" : "" ,
"deleted" : false ,
"disable_correlation" : false ,
"object_relation" : "sha1" ,
"timestamp" : "1613143396" ,
"to_ids" : true ,
"type" : "sha1" ,
"uuid" : "7803ec9e-12b8-406c-9158-2202e817cb4e" ,
"value" : "b9c162e7817d7d99720fd97d9f7cab342dd2812a"
} ,
{
"category" : "Payload delivery" ,
"comment" : "" ,
"deleted" : false ,
"disable_correlation" : false ,
"object_relation" : "sha256" ,
"timestamp" : "1613143396" ,
"to_ids" : true ,
"type" : "sha256" ,
"uuid" : "3914f744-eefc-44c9-b78c-a8453b847da7" ,
"value" : "746de8e02f1e64a707ce060a7d851b5d014698ca8692bd7aa945b40e06b01a07"
}
]
} ,
{
"comment" : "" ,
"deleted" : false ,
"description" : "VirusTotal report" ,
"meta-category" : "misc" ,
"name" : "virustotal-report" ,
"template_uuid" : "d7dd0154-e04f-4c34-a2fb-79f3a3a52aa4" ,
"template_version" : "3" ,
"timestamp" : "1613168590" ,
"uuid" : "40b097c3-8697-4a70-8912-d74e9607e00e" ,
"Attribute" : [
{
"category" : "Other" ,
"comment" : "" ,
"deleted" : false ,
"disable_correlation" : false ,
"object_relation" : "last-submission" ,
"timestamp" : "1613143396" ,
"to_ids" : false ,
"type" : "datetime" ,
"uuid" : "1f86d846-dda6-4abe-be90-f4cdaa3921f1" ,
"value" : "2021-02-02T20:53:27+00:00"
} ,
{
"category" : "Payload delivery" ,
"comment" : "" ,
"deleted" : false ,
"disable_correlation" : false ,
"object_relation" : "permalink" ,
"timestamp" : "1613143396" ,
"to_ids" : false ,
"type" : "link" ,
"uuid" : "5925b5fa-ed9f-432b-a1b9-e69781a2be77" ,
"value" : "https://www.virustotal.com/gui/file/746de8e02f1e64a707ce060a7d851b5d014698ca8692bd7aa945b40e06b01a07/detection/f-746de8e02f1e64a707ce060a7d851b5d014698ca8692bd7aa945b40e06b01a07-1612299207"
} ,
{
"category" : "Payload delivery" ,
"comment" : "" ,
"deleted" : false ,
"disable_correlation" : true ,
"object_relation" : "detection-ratio" ,
"timestamp" : "1613143396" ,
"to_ids" : false ,
"type" : "text" ,
"uuid" : "765969b4-4e9a-4411-bb51-261591288953" ,
"value" : "0/70"
}
]
} ,
{
"comment" : "" ,
"deleted" : false ,
"description" : "File object describing a file with meta-information" ,
"meta-category" : "file" ,
"name" : "file" ,
"template_uuid" : "688c46fb-5edb-40a3-8273-1af7923e2215" ,
"template_version" : "22" ,
"timestamp" : "1613168590" ,
"uuid" : "0e7323a8-652c-4d44-a51a-6d69e1191047" ,
"ObjectReference" : [
{
"comment" : "" ,
"object_uuid" : "0e7323a8-652c-4d44-a51a-6d69e1191047" ,
"referenced_uuid" : "bfc79a66-c531-41e0-9ca9-eb49d718210a" ,
"relationship_type" : "analysed-with" ,
"timestamp" : "0" ,
"uuid" : "ff0d8af8-42e9-4824-b8e5-38e35554be0c"
}
] ,
"Attribute" : [
{
"category" : "Payload delivery" ,
"comment" : "" ,
"deleted" : false ,
"disable_correlation" : false ,
"object_relation" : "md5" ,
"timestamp" : "1613143138" ,
"to_ids" : true ,
"type" : "md5" ,
"uuid" : "85af892b-ed06-48bf-b0de-befcaffbe7f3" ,
"value" : "b04f9b4feac14cff959718b69b7bbeaf"
} ,
{
"category" : "Payload delivery" ,
"comment" : "" ,
"deleted" : false ,
"disable_correlation" : false ,
"object_relation" : "sha1" ,
"timestamp" : "1613143138" ,
"to_ids" : true ,
"type" : "sha1" ,
"uuid" : "23634003-d686-4743-acf7-532366801267" ,
"value" : "f92394246a01e29d001d995c8a752374743efde4"
} ,
{
"category" : "Payload delivery" ,
"comment" : "" ,
"deleted" : false ,
"disable_correlation" : false ,
"object_relation" : "sha256" ,
"timestamp" : "1613143138" ,
"to_ids" : true ,
"type" : "sha256" ,
"uuid" : "15a21fb7-07e4-49e3-913b-a56cfe73dfb0" ,
"value" : "25739ec9823c7483811b2c51f8de4836dbaf5e94ee839555fe13c8076dd0b114"
}
]
} ,
{
"comment" : "" ,
"deleted" : false ,
"description" : "VirusTotal report" ,
"meta-category" : "misc" ,
"name" : "virustotal-report" ,
"template_uuid" : "d7dd0154-e04f-4c34-a2fb-79f3a3a52aa4" ,
"template_version" : "3" ,
"timestamp" : "1613168590" ,
"uuid" : "bfc79a66-c531-41e0-9ca9-eb49d718210a" ,
"Attribute" : [
{
"category" : "Other" ,
"comment" : "" ,
"deleted" : false ,
"disable_correlation" : false ,
"object_relation" : "last-submission" ,
"timestamp" : "1613143138" ,
"to_ids" : false ,
"type" : "datetime" ,
"uuid" : "b4ce371c-f8e3-4741-93a9-fb860cf6e4eb" ,
"value" : "2021-02-11T20:01:17+00:00"
} ,
{
"category" : "Payload delivery" ,
"comment" : "" ,
"deleted" : false ,
"disable_correlation" : false ,
"object_relation" : "permalink" ,
"timestamp" : "1613143138" ,
"to_ids" : false ,
"type" : "link" ,
"uuid" : "4588e157-ed53-425f-a50f-9516cde62654" ,
"value" : "https://www.virustotal.com/gui/file/25739ec9823c7483811b2c51f8de4836dbaf5e94ee839555fe13c8076dd0b114/detection/f-25739ec9823c7483811b2c51f8de4836dbaf5e94ee839555fe13c8076dd0b114-1613073677"
} ,
{
"category" : "Payload delivery" ,
"comment" : "" ,
"deleted" : false ,
"disable_correlation" : true ,
"object_relation" : "detection-ratio" ,
"timestamp" : "1613143138" ,
"to_ids" : false ,
"type" : "text" ,
"uuid" : "24240522-f8eb-47ba-9576-35670e7990ca" ,
"value" : "0/68"
}
]
}
]
}
}
