2023-04-21 13:25:09 +00:00
{
"Event" : {
"analysis" : "0" ,
"date" : "2017-12-18" ,
"extends_uuid" : "" ,
"info" : "OSINT - Operation Dragonfly Analysis Suggests Links to Earlier Attacks" ,
"publish_timestamp" : "1514467913" ,
"published" : true ,
"threat_level_id" : "3" ,
"timestamp" : "1513738844" ,
"uuid" : "5a38299e-326c-45d6-9279-481102de0b81" ,
"Orgc" : {
"name" : "CIRCL" ,
"uuid" : "55f6ea5e-2c60-40e5-964f-47a8950d210f"
} ,
"Tag" : [
{
"colour" : "#0088cc" ,
2023-05-19 09:05:37 +00:00
"local" : "0" ,
"name" : "misp-galaxy:mitre-intrusion-set=\"Dragonfly\"" ,
"relationship_type" : ""
2023-04-21 13:25:09 +00:00
} ,
{
"colour" : "#ffffff" ,
2023-05-19 09:05:37 +00:00
"local" : "0" ,
"name" : "tlp:white" ,
"relationship_type" : ""
2023-04-21 13:25:09 +00:00
}
] ,
"Attribute" : [
{
"category" : "External analysis" ,
"comment" : "" ,
"deleted" : false ,
"disable_correlation" : false ,
"timestamp" : "1513630552" ,
"to_ids" : false ,
"type" : "text" ,
"uuid" : "5a3829b8-3de0-473e-91ce-8dbe02de0b81" ,
"value" : "On September 6, Symantec published details of the Dragonfly campaign, which targeted dozens of energy companies throughout 2017. This attack was effectively Dragonfly 2.0, an update to a campaign that began in 2014.\r\n\r\nMoving beyond our 2014 analysis of Dragonfly, our current focus looks at the attack\u00e2\u20ac\u2122s indicators to determine whether we can glean any further information regarding the source and possible motivations of those behind the campaign. The campaign targets energy companies around the world by leveraging spear-phishing emails that, once successful, allow the attackers to download Trojan software. The Trojans provide access to the victims\u00e2\u20ac\u2122 systems and networks." ,
"Tag" : [
{
"colour" : "#00223b" ,
2023-05-19 09:05:37 +00:00
"local" : "0" ,
"name" : "osint:source-type=\"blog-post\"" ,
"relationship_type" : ""
2023-04-21 13:25:09 +00:00
}
]
} ,
{
"category" : "External analysis" ,
"comment" : "" ,
"deleted" : false ,
"disable_correlation" : false ,
"timestamp" : "1513630552" ,
"to_ids" : false ,
"type" : "link" ,
"uuid" : "5a3829c5-4d84-4e8a-b73e-40ac02de0b81" ,
"value" : "https://securingtomorrow.mcafee.com/mcafee-labs/operation-dragonfly-analysis-suggests-links-to-earlier-attacks/" ,
"Tag" : [
{
"colour" : "#00223b" ,
2023-05-19 09:05:37 +00:00
"local" : "0" ,
"name" : "osint:source-type=\"blog-post\"" ,
"relationship_type" : ""
2023-04-21 13:25:09 +00:00
}
]
} ,
{
"category" : "External analysis" ,
"comment" : "" ,
"data" : " i V B O R w 0 K G g o A A A A N S U h E U g A A B N I A A A L k C A Y A A A D K / B h Z A A A M J G l D Q 1 B J Q 0 M g U H J v Z m l s Z Q A A S I m V V w d U k 8 k W n r + k k o Q S Q E B K 6E2 U X q W G F q l S B R s h C S S U E A N B x Y 4 u K r A W V C x g Q 1 d F F F 0 L I I s N e 1 k U e 18 Q U V H W x Y I N l D d J A F 33 l f P u O f e f 79 y 5985355 + Z M w O A a j R X I s l C 1 Q D I F u d J Y 0 I C W B O S k l m k d q A C y I A B N I E K l 5 c r 8 Y + O D g d Q h t q / y / t b A J G 31 + 3 k u f 7 Z / 19 F n S / I 5 Q G A R E O c y s / l Z U N 8 C A D c l S e R 5 g F A 6 I Z 20 + l 5 E o i J k C X Q l E K C E J v J c b o S u 8 t x q h K H K 3 z i Y t g Q p w B A p n G 50 n Q A G H J e r H x e O s z D K I X Y X s w X i S F u g t i H J + T y I e 6 H e F R 2 d g 7 E q l Y Q W 6 V + l y f 9 b z l T h 3 N y u e n D W F m L Q s i B o l x J F n f m / z k d / 1 u y s 2 R D Y 5 h C p Q m l o T H y m u X z l p k T J s c 0 i M + L U y O j I N a A + I a I r / C X 46 d C W W j 8 o P 9 H X i 4 b z h n Q B g C l 8 b m B Y R D r Q 2 w i y 4 z 3 H 8 Q + X K k i F v q j y Q X C u E R l f l Q s z Y k Z z I 8 W i L M i w w f z l A o F n C F c J c g N i h 3 y S R M F c y C G / x B t E O V x 4 g Z z n s 8 X J U R C z I D 4 Q W 5 m b N h g 7 I s C I T t y e C x Z j J w z / O c Y y M 4 d q g U z S 5 M G x y j 9 M V e h i B M 5 a A / P E 8 a F K m O x K T y u g o M O x B m C 3 A n h Q 3 z 4 g s A g J R + s U C C O H + S J l U n y A m I G / b d L s q I H / b E m Q V a I 3 G 4 C c U t u f u x Q b E 8 e X G z K W n C Q w R 0 X r R w X 15 T k R c c p u e E s E A 7 Y I B C w g A x q K s g B G U D U 0 l 3 f D Y Z 6 g g E X S E E 6 E A C 7 Q c t Q R K K i R w y / s a A A / A m R A O Q O x w U o e g U g H 9 q / D F u V X z u Q p u j N V 0 R k g q c Q Z + N 6 u A / u h Y f D r x 9 U R 9 w d 9 x i K Y 6 k O j U o M I g Y S Q 4 n B R O u p o k L p D 3 l Z g A c r y I I q B W G w F c C q 5 B z E Q 9 y / 5 S E 8 J b Q S H h N u E t o I d 0 E C e A L 9 R P + o 8 F s 20 b A t A r T B r M G D 1 a V + X x 1 u A V m 74 A G 4 N + Q P u e P a u B 6 w w 51 h J f 64 L 6 z N B V q / z d q / 4 y 4 b Y k 2 x p 6 C U E R Q / i t W P f g w b h s t w j L y 273 k q e a U O V 8 I e 7 v l x N P Z 3 t f F h G / a j J 7 Y E O 4 i d w 0 5 i F 7 A m r B 6 w s O N Y A 3 Y Z O y r H w 2 v j i W J t D I 0 W o + C T C f O I h n z s a + y 77 P t / G J s 7 O L 5 U 8 f 9 B n m B G n n z j s H M k M 6 W i d G E e y x + e 1 g I W R 8 w b P Y r l a O / g B o D 87 F c e L T 1 X F G c 6 o q v + z T Y / B 4 C x 5 g M D A 0e+2 S I p A B y G e 4 f a 9 s 1 m N Q V u 5 y U A n F / F k 0 n z l T Z c / i E A K l C F O 0 U X G M K z y w p W 5 A h c g R f w A 0 F g H I g C c S A J T I H z L A T Z k P V 0 M B s s A E W g B K w A a 8 A G s B l s A 7 v A X n A A 1 I M m c B K c B Z f A V X A T 3 I d r p R O 8 B D 3 g P e h D E I S E 0 B E m o o s Y I e a I L e K I u C M + S B A S j s Q g S U g K k o 6 I E R k y G 1 m I l C B l y A Z k K 1 K N / I o c Q U 4 i F 5 B W 5 C 7 S j n Q h b 5 D P K I b S U E 3 U A L V A x 6 D u q D 8 a h s a h k 9 F 0 d B p a g C 5 C l 6 H r 0 C p 0 D 1 q H n k Q v o T f R N v Q l 2 o s B T A X T x o w x O 8 w d Y 2 N R W D K W h k m x u V g x V o 5 V Y b V Y I / z T 17E2 r B v 7 h B N x J s 7 C 7 e B 6 D c X j c R 4 + D Z + L l + I b 8 F 14 H X 4 a v 4634 z 34 V w K d o E + w J X g S O I Q J h H T C d E I R o Z y w g 3 C Y c A b u q U 7 C e y K R q E 20 J L r B v Z p E z C D O I p Y S N x L 3 E U 8 Q W 4 k d x F 4 S i a R L s i V 5 k 6 J I X F I e q Y i 0 n r S H d J x 0 j d R J + k h W I R u R H c n B 5 G S y m F x I L i f v J h 8 j X y M / I / d R 1 C j m F E 9 K F I V P m U l Z T t l O a a R c o X R S + q j q V E u q N z W O m k F d Q F 1 H r a W e o T 6 g v l V R U T F R 8 V A Z r y J S m a + y T m W / y n m V d p V P N A 2 a D Y 1 N m 0 S T 0 Z b R d t J O 0 O 7 S 3 t L p d A u 6 H z 2 Z n k d f R q + m n 6 I / o n 9 k M B m j G R w G n z G P U c G o Y 1 x j v F K l q J q r + q t O U S 1 Q L V c 9 q H p F t V u N o m a h x l b j q s 1 V q 1 A 7 o n Z b r V e d q e 6 g H q W e r V 6 q v l v 9 g v p z D Z K G h U a Q B l 9 j k c Y 2 j V M a H U y M a c p k M 3 n M h c z t z D P M T k 2 i p q U m R z N D s 0 R z r 2 a L Z o + W h p a z V o L W D K 0 K r a N a b d q Y t o U 2 R z t L e 7 n 2 A e 1 b 2 p 9 H G I z w H y E Y s X R E 7 Y h r I z 7 o j N T x 0 x H o F O v s 0 7 m p 81 m X p R u k m 6 m 7 U r d e 96 E e r m e j N 15 v u t 4 m v T N 63 S M 1 R 3 q N 5 I 0 s H n l g 5 D 19 V N 9 G P 0 Z / l v 42 / c v 6 v Q a G B i E G E o P 1 B q c M u g 21 D f 0 M M w x X G x 4 z 7 D J i G v k Y i Y x W G x 0 3 e s H S Y v m z s l j r W K d Z P c b 6 x q H G M u O t x i 3 G f S a W J v E m h S b 7 T B 6 a U k 3 d T d N M V 5 s 2 m / a Y G Z l F m M 0 2 q z G 7 Z 0 4 x d z c X m q 81 P 2 f + w c L S I t F i s U W 9 x X N L H U u O Z Y F l j e U D K 7 q V r 9 U 0 q y q r G 9 Z E a 3 f r T O u N 1 l d t U B s X G 6 F N h c 0 V W 9 T W 1 V Z k u 9 G 2 d R R h l M c o 8 a i q U b f t a H b + d v l 2 N X b t o 7 V H h 48 u H F 0 / + t U Y s z H J Y 1 a O O T f m q 72 L f Z b 9 d v v 7 D h o O 4 x w K H R o d 3 j j a O P I c K x x v O N G d g p 3 m O T U 4 v X a 2 d R Y 4 b 3 K + 48 J 0 i X B Z 7 N L s 8 s X V z V X q W u v a 5 W b m l u J W 6 X b b X d M 92 r 3 U / b w H w S P A Y 55 H k 8 c n T 1 f P P M 8 D n n 952 X l l e u 32 e j 7 W c q x g 7 P a x H d 4 m 3 l z v r d 5 t P i y f F J 8 t P m 2 + x r 5 c 3 y r f x 36 m f n y / H X 7 P / K 39 M / z 3 + L 8 K s A + Q B h w O + M D 2 Z M 9 h n w j E A k M C i w N b g j S C 4 o M 2 B D 0 K N g l O D 64 J 7 g l x C Z k V c i K U E B o W u j L 0 N s e A w + N U c 3 r G u Y 2 b M + 50 G C 0 s N m x D 2 O N w m 3 B p e G M E G j E u Y l X E g 0 j z S H F k f R S I 4 k S t i n o Y b R k 9 L f q 38 c T x 0 e M r x j + N c Y i Z H X M u l h k 7 N X Z 37 P u 4 g L j l c f f j r e J l 8 c 0 J q g m T E q o T P i Q G J p Y l t k 0 Y M 2 H O h E t J e k m i p I Z k U n J C 8 o 7 k 3 o l B E 9 d M 7 J z k M q l o 0 q 3 J l p N n T L 4 w R W 9 K 1 p S j U 1 W n c q c e T C G k J K b s T u n n R n G r u L 2 p n N T K 1 B 4 e m 7 e W 95 L v x 1 / N 7 x J 4 C 8 o E z 9 K 808 r S n q d 7 p 69 K 7 x L 6 C s u F 3 S K 2 a I P o d U Z o x u a M D 5 l R m T s z B 7 I S s / Z l k 7 N T s o + I N c S Z 4 t M 5 h j k z c l o l t p I i S d s 0 z 2 l r p v V I w 6 Q 7 c p H c y b k N e Z r w k n 1 Z Z i X 7 S d a e 75 N f k f 9 x e s L 0 g z P U Z 4 h n X J 5 p M 3 P p z G c F w Q W / z M J n 8 W Y 1 z z a e v W B 2 + x z / O V v n I n N T 5 z b P M 523 a F 7 n / J D 5 u x Z Q F 2 Q u + L 3 Q v r C s 8 N 3 C x I W N i w w W z V / U 8 V P I T z V F j C J p 0e3 F X o s 3 L 8 G X i J a 0 L H V a u n 7 p 12 J + 8 c U S + 5 L y k v 5 S X u n F n x 1 + X v f z w L K 0 Z S 3 L X Z d v W k F c I V 5 x a 6 X v y l 1 l 6 m U F Z R 2 r I l b V r W a t L l 79 b s 3 U N R f K n c s 3 r 6 W u l a 1 t W x e + r m G 92 f o V 6 / s 3 C D f c r A i o 2 F e p X 7 m 0 8 s N G / s Z r m / w 21 W 422 F y y + f M W 0 Z Y 7 W 0 O 21 l V Z V J V v I 27 L 3 / Z 0e8 L 2 c 7 + 4 / 1 K 9 Q 29 H y Y 4 v O 8 U 723 b F 7 D p d 7 V Z d v V t / 9 / I a t E Z W 0 7 V n 0 p 6 r e w P 3 N t T a 1 W 7 d p 72 v Z D / Y L 9 v / 4 t e U X 28 d C D v Q f N D 9 Y O 0 h 80 O V h 5 m H i + u Q u p l 1 P f X C + r a G p I b W I + O O N D d 6 N R 7 + b f R v O 5 u M m y q O a h 1 d f o x 6 b N G x g e M F x 3 t P S E 50 n 0 w / 2 d E 8 t f n + q Q m n b p w e f 7 r l T N i Z 82 e D z 54653 / u + H n v 800 X P C 8 c u e h + s f 6 S 66 W 6 y y 6 X D //u8vvhFteWuituVxquelxtbB3beuya77WT1wOvn73BuXHpZuTN1lvxt+7cnnS77Q7/zvO7WXdf38u/13d//gPCg+KHag/LH+k/qvrD+o99ba5tR9sD2y8/jn18v4PX8fJJ7pP+zkVP6U/Lnxk9q37u+LypK7jr6ouJLzpfSl72dRf9qf5n5SurV4f+8vvrcs+Ens7X0tcDb0rf6r7d+c75XXNvdO+j99nv+z4Uf9T9uOuT+6dznxM/P+ub3k/qX/fF+kvj17CvDwayBwYkXClXcRXAoKJpaQC82QkAPQkA5lV4f5iofJspBFG+JxUI/CesfL
"deleted" : false ,
"disable_correlation" : false ,
"timestamp" : "1513630552" ,
"to_ids" : false ,
"type" : "attachment" ,
"uuid" : "5a382adf-4198-4b5d-ab93-4a3702de0b81" ,
"value" : "20171213-DragonFly-1.png" ,
"Tag" : [
{
"colour" : "#00223b" ,
2023-05-19 09:05:37 +00:00
"local" : "0" ,
"name" : "osint:source-type=\"blog-post\"" ,
"relationship_type" : ""
2023-04-21 13:25:09 +00:00
}
]
}
] ,
"Object" : [
{
"comment" : "" ,
"deleted" : false ,
"description" : "File object describing a file with meta-information" ,
"meta-category" : "file" ,
"name" : "file" ,
"template_uuid" : "688c46fb-5edb-40a3-8273-1af7923e2215" ,
"template_version" : "8" ,
"timestamp" : "1513630199" ,
"uuid" : "5a3829f7-d57c-42c0-996b-486602de0b81" ,
"Attribute" : [
{
"category" : "Other" ,
"comment" : "" ,
"deleted" : false ,
"disable_correlation" : true ,
"object_relation" : "text" ,
"timestamp" : "1513630199" ,
"to_ids" : false ,
"type" : "text" ,
"uuid" : "5a3829f7-4a88-431f-b2e6-425602de0b81" ,
"value" : "One of the starting points was a Trojan in the 2017 campaign"
} ,
{
"category" : "Payload delivery" ,
"comment" : "" ,
"deleted" : false ,
"disable_correlation" : false ,
"object_relation" : "sha256" ,
"timestamp" : "1513630200" ,
"to_ids" : true ,
"type" : "sha256" ,
"uuid" : "5a3829f8-7374-4ca1-b7eb-483d02de0b81" ,
"value" : "fc54d8afd2ce5cb6cc53c46783bf91d0dd19de604308d536827320826bc36ed9"
} ,
{
"category" : "Payload delivery" ,
"comment" : "" ,
"deleted" : false ,
"disable_correlation" : false ,
"object_relation" : "md5" ,
"timestamp" : "1513630200" ,
"to_ids" : true ,
"type" : "md5" ,
"uuid" : "5a3829f8-2858-47c7-bd64-482a02de0b81" ,
"value" : "da9d8c78efe0c6c8be70e6b857400fb1"
} ,
{
"category" : "Other" ,
"comment" : "" ,
"deleted" : false ,
"disable_correlation" : true ,
"object_relation" : "state" ,
"timestamp" : "1513630200" ,
"to_ids" : false ,
"type" : "text" ,
"uuid" : "5a3829f8-9360-48ed-8880-4a4502de0b81" ,
"value" : "Malicious"
}
]
} ,
{
"comment" : "" ,
"deleted" : false ,
"description" : "File object describing a file with meta-information" ,
"meta-category" : "file" ,
"name" : "file" ,
"template_uuid" : "688c46fb-5edb-40a3-8273-1af7923e2215" ,
"template_version" : "8" ,
"timestamp" : "1513630313" ,
"uuid" : "5a382a56-2654-45a7-ab35-8e6702de0b81" ,
"ObjectReference" : [
{
"comment" : "" ,
"object_uuid" : "5a382a56-2654-45a7-ab35-8e6702de0b81" ,
"referenced_uuid" : "5a3829f7-d57c-42c0-996b-486602de0b81" ,
"relationship_type" : "related-to" ,
"timestamp" : "1514467913" ,
"uuid" : "5a382a66-daa4-4b7c-906d-48ce02de0b81"
}
] ,
"Attribute" : [
{
"category" : "Other" ,
"comment" : "" ,
"deleted" : false ,
"disable_correlation" : true ,
"object_relation" : "text" ,
"timestamp" : "1513630294" ,
"to_ids" : false ,
"type" : "text" ,
"uuid" : "5a382a56-45ec-4bc9-a837-8e6702de0b81" ,
"value" : "Comparing this code, we discovered another sample from the group that was used in a July 2013 attack:"
} ,
{
"category" : "Payload delivery" ,
"comment" : "" ,
"deleted" : false ,
"disable_correlation" : false ,
"object_relation" : "filename" ,
"timestamp" : "1513630294" ,
"to_ids" : true ,
"type" : "filename" ,
"uuid" : "5a382a56-e010-49ce-a074-8e6702de0b81" ,
"value" : "fl.exe"
} ,
{
"category" : "Payload delivery" ,
"comment" : "" ,
"deleted" : false ,
"disable_correlation" : false ,
"object_relation" : "sha256" ,
"timestamp" : "1513630294" ,
"to_ids" : true ,
"type" : "sha256" ,
"uuid" : "5a382a56-1960-4028-a5ff-8e6702de0b81" ,
"value" : "07bd08b07de611b2940e886f453872aa8d9b01f9d3c61d872d6cfe8cde3b50d4"
} ,
{
"category" : "Payload delivery" ,
"comment" : "" ,
"deleted" : false ,
"disable_correlation" : false ,
"object_relation" : "md5" ,
"timestamp" : "1513630294" ,
"to_ids" : true ,
"type" : "md5" ,
"uuid" : "5a382a56-af70-4ad9-b2f3-8e6702de0b81" ,
"value" : "4bfdda1a5f21d56afdc2060b9ce5a170"
} ,
{
"category" : "Other" ,
"comment" : "" ,
"deleted" : false ,
"disable_correlation" : true ,
"object_relation" : "state" ,
"timestamp" : "1513630294" ,
"to_ids" : false ,
"type" : "text" ,
"uuid" : "5a382a56-2834-4a1f-a85e-8e6702de0b81" ,
"value" : "Malicious"
}
]
} ,
{
"comment" : "" ,
"deleted" : false ,
"description" : "File object describing a file with meta-information" ,
"meta-category" : "file" ,
"name" : "file" ,
"template_uuid" : "688c46fb-5edb-40a3-8273-1af7923e2215" ,
"template_version" : "7" ,
"timestamp" : "1513630555" ,
"uuid" : "e04bdc0b-5070-445d-8c65-d069baa29a8b" ,
"ObjectReference" : [
{
"comment" : "" ,
"object_uuid" : "e04bdc0b-5070-445d-8c65-d069baa29a8b" ,
"referenced_uuid" : "b49ac891-a300-4741-9602-e1b67d398af8" ,
"relationship_type" : "analysed-with" ,
"timestamp" : "1514467913" ,
"uuid" : "5a382b59-d924-44a3-9ec5-8df402de0b81"
}
] ,
"Attribute" : [
{
"category" : "Payload delivery" ,
"comment" : "" ,
"deleted" : false ,
"disable_correlation" : false ,
"object_relation" : "sha1" ,
"timestamp" : "1513630553" ,
"to_ids" : true ,
"type" : "sha1" ,
"uuid" : "5a382b59-b5ec-4e40-8f14-8df402de0b81" ,
"value" : "cd9519127efcc9a65068befe17ae038c94085358"
} ,
{
"category" : "Payload delivery" ,
"comment" : "" ,
"deleted" : false ,
"disable_correlation" : false ,
"object_relation" : "md5" ,
"timestamp" : "1513630553" ,
"to_ids" : true ,
"type" : "md5" ,
"uuid" : "5a382b59-c4e0-4db2-94db-8df402de0b81" ,
"value" : "da9d8c78efe0c6c8be70e6b857400fb1"
} ,
{
"category" : "Payload delivery" ,
"comment" : "" ,
"deleted" : false ,
"disable_correlation" : false ,
"object_relation" : "sha256" ,
"timestamp" : "1513630553" ,
"to_ids" : true ,
"type" : "sha256" ,
"uuid" : "5a382b59-8fdc-43a9-bd0e-8df402de0b81" ,
"value" : "fc54d8afd2ce5cb6cc53c46783bf91d0dd19de604308d536827320826bc36ed9"
}
]
} ,
{
"comment" : "" ,
"deleted" : false ,
"description" : "VirusTotal report" ,
"meta-category" : "misc" ,
"name" : "virustotal-report" ,
"template_uuid" : "d7dd0154-e04f-4c34-a2fb-79f3a3a52aa4" ,
"template_version" : "1" ,
"timestamp" : "1513630553" ,
"uuid" : "b49ac891-a300-4741-9602-e1b67d398af8" ,
"Attribute" : [
{
"category" : "External analysis" ,
"comment" : "" ,
"deleted" : false ,
"disable_correlation" : false ,
"object_relation" : "permalink" ,
"timestamp" : "1513630553" ,
"to_ids" : false ,
"type" : "link" ,
"uuid" : "5a382b59-1fa0-4df0-98c2-8df402de0b81" ,
"value" : "https://www.virustotal.com/file/fc54d8afd2ce5cb6cc53c46783bf91d0dd19de604308d536827320826bc36ed9/analysis/1512363514/"
} ,
{
"category" : "Other" ,
"comment" : "" ,
"deleted" : false ,
"disable_correlation" : true ,
"object_relation" : "detection-ratio" ,
"timestamp" : "1513630553" ,
"to_ids" : false ,
"type" : "text" ,
"uuid" : "5a382b59-a224-432f-87f0-8df402de0b81" ,
"value" : "51/68"
} ,
{
"category" : "Other" ,
"comment" : "" ,
"deleted" : false ,
"disable_correlation" : false ,
"object_relation" : "last-submission" ,
"timestamp" : "1513630553" ,
"to_ids" : false ,
"type" : "datetime" ,
"uuid" : "5a382b59-6bbc-45bc-aa29-8df402de0b81" ,
"value" : "2017-12-04T04:58:34"
}
]
} ,
{
"comment" : "" ,
"deleted" : false ,
"description" : "File object describing a file with meta-information" ,
"meta-category" : "file" ,
"name" : "file" ,
"template_uuid" : "688c46fb-5edb-40a3-8273-1af7923e2215" ,
"template_version" : "7" ,
"timestamp" : "1513630556" ,
"uuid" : "a12dbcc3-13b7-4c1c-9eeb-1efef4b067f9" ,
"ObjectReference" : [
{
"comment" : "" ,
"object_uuid" : "a12dbcc3-13b7-4c1c-9eeb-1efef4b067f9" ,
"referenced_uuid" : "5538a69d-615d-4ee1-bb37-0b1483ad4db5" ,
"relationship_type" : "analysed-with" ,
"timestamp" : "1514467913" ,
"uuid" : "5a382b59-2e44-4235-87b4-8df402de0b81"
}
] ,
"Attribute" : [
{
"category" : "Payload delivery" ,
"comment" : "" ,
"deleted" : false ,
"disable_correlation" : false ,
"object_relation" : "sha1" ,
"timestamp" : "1513630553" ,
"to_ids" : true ,
"type" : "sha1" ,
"uuid" : "5a382b59-caac-40e3-92cb-8df402de0b81" ,
"value" : "a582c87f411150e58e18c929194be797685434f7"
} ,
{
"category" : "Payload delivery" ,
"comment" : "" ,
"deleted" : false ,
"disable_correlation" : false ,
"object_relation" : "md5" ,
"timestamp" : "1513630553" ,
"to_ids" : true ,
"type" : "md5" ,
"uuid" : "5a382b59-5314-4008-a700-8df402de0b81" ,
"value" : "4bfdda1a5f21d56afdc2060b9ce5a170"
} ,
{
"category" : "Payload delivery" ,
"comment" : "" ,
"deleted" : false ,
"disable_correlation" : false ,
"object_relation" : "sha256" ,
"timestamp" : "1513630553" ,
"to_ids" : true ,
"type" : "sha256" ,
"uuid" : "5a382b59-7ce0-4701-97c7-8df402de0b81" ,
"value" : "07bd08b07de611b2940e886f453872aa8d9b01f9d3c61d872d6cfe8cde3b50d4"
}
]
} ,
{
"comment" : "" ,
"deleted" : false ,
"description" : "VirusTotal report" ,
"meta-category" : "misc" ,
"name" : "virustotal-report" ,
"template_uuid" : "d7dd0154-e04f-4c34-a2fb-79f3a3a52aa4" ,
"template_version" : "1" ,
"timestamp" : "1513630553" ,
"uuid" : "5538a69d-615d-4ee1-bb37-0b1483ad4db5" ,
"Attribute" : [
{
"category" : "External analysis" ,
"comment" : "" ,
"deleted" : false ,
"disable_correlation" : false ,
"object_relation" : "permalink" ,
"timestamp" : "1513630553" ,
"to_ids" : false ,
"type" : "link" ,
"uuid" : "5a382b59-75bc-4dd3-8107-8df402de0b81" ,
"value" : "https://www.virustotal.com/file/07bd08b07de611b2940e886f453872aa8d9b01f9d3c61d872d6cfe8cde3b50d4/analysis/1513461661/"
} ,
{
"category" : "Other" ,
"comment" : "" ,
"deleted" : false ,
"disable_correlation" : true ,
"object_relation" : "detection-ratio" ,
"timestamp" : "1513630553" ,
"to_ids" : false ,
"type" : "text" ,
"uuid" : "5a382b59-4b04-4b50-bc35-8df402de0b81" ,
"value" : "42/68"
} ,
{
"category" : "Other" ,
"comment" : "" ,
"deleted" : false ,
"disable_correlation" : false ,
"object_relation" : "last-submission" ,
"timestamp" : "1513630553" ,
"to_ids" : false ,
"type" : "datetime" ,
"uuid" : "5a382b59-50dc-4977-8b72-8df402de0b81" ,
"value" : "2017-12-16T22:01:01"
}
]
}
]
}
}