2023-04-21 13:25:09 +00:00
{
"Event" : {
"analysis" : "2" ,
"date" : "2018-04-24" ,
"extends_uuid" : "" ,
"info" : "OSINT - Sednit update: Analysis of Zebrocy" ,
"publish_timestamp" : "1524596290" ,
"published" : true ,
"threat_level_id" : "2" ,
"timestamp" : "1524596273" ,
"uuid" : "5adf7b6e-eb68-43dc-8a49-47b1950d210f" ,
"Orgc" : {
"name" : "CIRCL" ,
"uuid" : "55f6ea5e-2c60-40e5-964f-47a8950d210f"
} ,
"Tag" : [
{
"colour" : "#0088cc" ,
2023-05-19 09:05:37 +00:00
"local" : "0" ,
"name" : "misp-galaxy:mitre-enterprise-attack-intrusion-set=\"APT28\"" ,
"relationship_type" : ""
2023-04-21 13:25:09 +00:00
} ,
{
"colour" : "#12e000" ,
2023-05-19 09:05:37 +00:00
"local" : "0" ,
"name" : "misp-galaxy:threat-actor=\"Sofacy\"" ,
"relationship_type" : ""
2023-04-21 13:25:09 +00:00
} ,
{
"colour" : "#0088cc" ,
2023-05-19 09:05:37 +00:00
"local" : "0" ,
"name" : "misp-galaxy:microsoft-activity-group=\"STRONTIUM\"" ,
"relationship_type" : ""
2023-04-21 13:25:09 +00:00
} ,
{
"colour" : "#ffffff" ,
2023-05-19 09:05:37 +00:00
"local" : "0" ,
"name" : "tlp:white" ,
"relationship_type" : ""
2023-04-21 13:25:09 +00:00
}
] ,
"Attribute" : [
{
"category" : "External analysis" ,
"comment" : "" ,
"deleted" : false ,
"disable_correlation" : false ,
"timestamp" : "1524596064" ,
"to_ids" : false ,
"type" : "link" ,
"uuid" : "5adf7b90-43b8-4afe-9c56-4401950d210f" ,
"value" : "https://www.welivesecurity.com/2018/04/24/sednit-update-analysis-zebrocy/"
} ,
{
"category" : "External analysis" ,
"comment" : "" ,
"deleted" : false ,
"disable_correlation" : false ,
"timestamp" : "1524596064" ,
"to_ids" : false ,
"type" : "text" ,
"uuid" : "5adf7ba3-3b5c-4ab6-acb9-4154950d210f" ,
"value" : "The Sednit group \u00e2\u20ac\u201c also known as APT28, Fancy Bear, Sofacy or STRONTIUM \u00e2\u20ac\u201c is a group of attackers operating since 2004, if not earlier, and whose main objective is to steal confidential information from specific targets.\r\n\r\nToward the end of 2015, we started seeing a new component deployed by the group; a downloader for the main Sednit backdoor, Xagent. Kaspersky mentioned this component for the first time in 2017 in their APT trend report and recently wrote an article where they quickly described it under the name Zebrocy.\r\n\r\nThis new component is a family of malware, comprising downloaders and backdoors written in Delphi and AutoIt. These components play the same role in the Sednit ecosystem as Seduploader; that of first-stage malware."
} ,
{
"category" : "Payload delivery" ,
"comment" : "" ,
"data" : " i V B O R w 0 K G g o A A A A N S U h E U g A A C i Q A A A n I C A I A A A B 408 l h A A A A B G d B T U E A A L G P C / x h B Q A A A C B j S F J N A A B 6 J g A A g I Q A A P o A A A C A 6 A A A d T A A A O p g A A A 6 m A A A F 3 C c u l E 8 A A A A B m J L R 0 Q A / w D / A P + g v a e T A A A A C X B I W X M A A C 4 j A A A u I w F 4 p T 92 A A A A B 3 R J T U U H 4 g Q L D R s 22438 u A A A g A B J R E F U e N r s / X 1 Y l P e d 9 / + f i Y A w o w I 6 g F o c x 0 F l R E H E m K D S O i a F X o V 8 j 0 z 2 F 93 W 9 Y j a + m 1 a m 19 i G p P m 6 O 7 l X b / b w 6 T 2 i s k 3 y S b d t G r W k q 1 m t + O v w e 5 C q 2 O K S i V B R U V Q I c O A N 8 C g I M 4 M c p P 8 / p g s I d z M z D n M z G d u n o + j x 3 X A c M 55 v j + n k 71 g X v N + f + 5 r b G q U A A A A A A A A A A A A A A C Q 437 R B Q A A A A A A A A A A A A A A Q g 9 h M w A A A A A A A A A A A A B A N s J m A A A A A A A A A A A A A I B s h M 0 A A A A A A A A A A A A A A N k I m w E A A A A A A A A A A A A A s h E 2 A w A A A A A A A A A A A A B k I 2 w G A A A A A A A A A A A A A M h G 2 A w A A A A A A A A A A A A A k I 2 w G Q A A A A A A A A A A A A A g G 2 E z A A A A A A A A A A A A A E A 2 w m Y A A A A A A A A A A A A A g G y E z Q A A A A A A A A A A A A A A 2 Q i b A Q A A A A A A A A A A A A C y E T Y D A A A A A A A A A A A A A G Q j b A Y A A A A A A A A A A A A A y E b Y D A A A A A A A A A A A A A C Q j b A Z A A A A A A A A A A A A A C A b Y T M A A A A A A A A A A A A A Q D b C Z g A A A A A A A A A A A A C A b I T N A A A A A A A A A A A A A A D Z C J s B A A A A A A A A A A A A A L I R N g M A A A A A A A A A A A A A Z C N s B g A A A A A A A A A A A A D I R t g M A A A A A A A A A A A A A J C N s B k A A A A A A A A A A A A A I B t h M w A A A A A A A A A A A A B A N s J m A A A A A A A A A A A A A I B s h M 0 A A A A A A A A A A A A A A N k I m w E A A A A A A A A A A A A A s h E 2 A w A A A A A A A A A A A A B k I 2 w G A A A A A A A A A A A A A M h G 2 A w A A A A A A A A A A A A A k I 2 w G Q A A A A A A A A A A A A A g G 2 E z A A A A A A A A A A A A A E A 2 w m Y A A A A A A A A A A A A A g G y E z Q A A A A A A A A A A A A A A 2 Q i b A Q A A A A A A A A A A A A C y E T Y D A A A A A A A A A A A A A G Q j b A Y A A A A A A A A A A A A A y E b Y D A A A A A A A A A A A A A C Q j b A Z A A A A A A A A A A A A A C A b Y T M A A A A A A A A A A A A A Q D b C Z g A A A A A A A A A A A A C A b I T N A A A A A A A A A A A A A A D Z C J s B A A A A A A A A A A A A A L I R N g M A A A A A A A A A A A A A Z C N s B g A A A A A A A A A A A A D I R t g M A A A A A A A A A A A A A J C N s B k A A A A A A A A A A A A A I B t h M w A A A A A A A A A A A A B A N s J m A A A A A A A A A A A A A I B s h M 0 A A A A A A A A A A A A A A N k I m w E A A A A A A A A A A A A A s h E 2 A w A A A A A A A A A A A A B k I 2 w G A A A A A A A A A A A A A M h G 2 A w A A A A A A A A A A A A A k I 2 w G Q A A A A A A A A A A A A A g G 2 E z A A A A A A A A A A A A A E A 2 w m Y A A A A A A A A A A A A A g G y E z Q A A A A A A A A A A A A A A 2 Q i b A Q A A A A A A A A A A A A C y E T Y D A A A A A A A A A A A A A G Q j b A Y A A A A A A A A A A A A A y E b Y D A A A A A A A A A A A A A C Q j b A Z A A A A A A A A A A A A A C A b Y T M A A A A A A A A A A A A A Q D b C Z g A A A A A A A A A A A A C A b I T N A A A A A A A A A A A A A A D Z C J s B A A A A A A A A A A A A A L I R N g M A A A A A A A A A A A A A Z C N s B g A A A A A A A A A A A A D I R t g M A A A A A A A A A A A A A J C N s B k A A A A A A A A A A A A A I B t h M w A A A A A A A A A A A A B A N s J m A A A A A A A A A A A A A I B s h M 0 A A A A A A A A A A A A A A N m i R B f g d / G T 4 u M n x Y u u A g A A A A A A A A A A A E A E a W 1 r 7 b 7 X L b o K / 6 K z G Q A A A A A A A A A A A A A g G 2 E z A A A A A A A A A A A A A E A 2 w m Y A A A A A A A A A A A A A g G y E z Q A A A A A A A A A A A A A A 2 Q i b A Q A A A A A A A A A A A A C y E T Y D A A A A A A A A A A A A A G Q j b A Y A A A A A A A A A A A A A y E b Y D A A A A A A A A A A A A A C Q j b A Z A A A A A A A A A A A A A C A b Y T M A A A A A A A A A A A A A Q D b C Z g A A A A A A A A A A A A C A b I T N A A A A A A A A A A A A A A D Z C J s B A A A A A A A A A A A A A L I R N g M A A A A A A A A A A A A A Z C N s B g A A A A A A A A A A A A D I R t g M A A A A A A A A A A A A A J C N s B k A A A A A A A A A A A A A I B t h M w A A A A A A A A A A A A B A N s J m A A A A A A A A A A A A A I B s h M 0 A A A A A A A A A A A A A A N k I m w E A A A A A A A A A A A A A s h E 2 A w A A A A A A A A A A A A B k I 2 w G A A A A A A A A A A A A A M h G 2 A w A A A A A A A A A A A A A k I 2 w G Q A A A A A A A A A A A A A g G 2 E z A A A A A A A A A A A A A E A 2 w m Y A A A A A A A A A A A A A g G y E z Q A A A A A A A A A A A A A A 2 Q i b A Q A A A A A A A A A A A A C y E T Y D A A A A A A A A A A A A A G Q j b A Y A A A A A A A A A A A A A y E b Y D A A A A A A A A A A A A A C Q j b A Z A A A A A A A A A A A A A C A b Y T M A A A A A A A A A A A A A Q D b C Z g A A A A A A A A A A A A C A b I T N A A A A A A A A A A A A A A D Z C J s B A A A A A A A A A A A A A L I R N g M A A A A A A A A A A A A A Z C N s B g A A A A A A A A A A A A D I R t g M A A A A A A A A A A A A A J C N s B k A A A A A A A A A A A A A I B t h M w A A A A A A A A A A A A B A N s J m A A A A A A A A A A A A A I B s h M 0 A A A A A A A A A A A A A A N k I m w E A A A A A A A A A A A A A s h E 2 A w A A A A A A A A A A A A B k I 2 w G A A A A A A A A A A A A A M h G 2 A w A A A A A A A A A A A A A k I 2 w G Q A A A A A A A A A A A A A g G 2 E z A A A A A A A A A A A A A E A 2 w m Y A A A A A A A A A A A A A g G y E z Q A A A A A A A A A A A A A A 2 Q i b A Q A A A A A A A A A A A A C y E T Y D A A A A A A A A A A A A A G Q j b A Y A A A A A A A A A A A A A y E b Y D A A A A A A A A A A A A A C Q j b A Z A A A A A A A A A A A A A C A b Y T M A A A A A A A A A A A A A Q L Y o 0 Q V A D O O R 0 g O H j J 4 c a S g s W L v K 4 K u z + U p W h i 5 r v i 7 w F 936 w j M e H u z b O z x G N p u 9 v t H S Y L a 0 t F l b W q 2 S J F X X 1 A 45 R q t R T 1 A o l E p F m k a d k q T S a t Q p S S p P T v 7 E h k 2 + u m k H D h m N R 0 r d H q Z U K l 7 Z 9 p K H 5 Q E A A A A A A A A A A M B P C J s j V J m p 3 M M j T 1 V W + T s K D U v B c I d b 2 q y n K q t O V l Y 1 m C 1 u D x 445 l R l l f O L l C R V 1 n x d V o Z u 6 Z K c A N y x U 5 V V H i b N 27 Y 8 Q 9 I M A A A A A A A A A A A g H G F z J K q u q W 1 p s 3 p 4 c E u b t c F s 0 W r U o q s O J c L v c H V N r b G k d H j 7 s i w t b d Y y U 3 m Z q T w l S Z W v z z M U F v j v j j W Y L W / v L / b k y B + u W 8 O r E Q A A A A A A A A A A I B g Q N k e i g d Z V D 52 s r C L e k 0 X g H W 4 w W w 4 c M o 4 x Z h 6 i p c 3 q e X b u B Z v N / v b + Y p v N 7 v b I p 9 a t C U y b N Q A A A A A A A A A A A N y 6 X 3 Q B C D S b z X 5 S Z h Q q N z q N c A L v s P F I 6 Y s 7 d v k 2 a X b y a 8 T 79 v 5 i T w Z 95 + v z 8 v V 5 / i s D A A A A A A A A A A A A s h A 2 R 5 y T l V W e t J A O 5 p z z L L r w k C H q D r + z v / j A I a M / V p S S p M r K 0 P n j z J I k G Y + U e p K 1 Z 2 X o n l q 3 x k 81 A A A A A A A A A A A A w A u E z R H H R b C n V C p G + 5 H c V t 1 I J u Q O v 7 O / u M x U 7 q c V + a + t u b q m 1 p O A X K t R P 79 p o 59 q A A A A A A A A A A A A g H c I m y N L S 5 t 1 t B n L S q X C R f c q k 7 Q 9 J O Q O H z h k 9 F / S L E m S n 4 Z X t 7 R Z f / X W u 24 P U y o V z 2 / a 6 C K n B w A A A A A A A A A A g B B R o g t A Q L m I J J c t y U l J U o 0 W e T r n P G s 16 h F / u n R J z m g / G u L A I a P r e d F b X 3 j G k / N M U C i U S k X g L + r 2 G D / d Y R e q a 2 q N R 0 r l P k u p V K T N / M q 17 t r t I 94 l r U a d k q S S e 35 P / O q t d z 2 Z N 75 t y z N + K g A A A A A A A A A A A A B j Q d g c W V y 0 z 2 p n q t N c J p 0 n K 6 t G i 0 J T k l Q e x o F u 81 p Z e w M L u a h r f r r D L r y z r 9 j D I 5 V K x b I l O V k Z u q w M 3 W i N w j a b v b 7 R 0 m C 21 J s t 1 T W 1 N p s 9 f 4 V f 2 p r f 2 V / s y T b V T 61 b 48 U 9 A Q A A A A A A A A A A Q A A Q N k e Q U 5
"deleted" : false ,
"disable_correlation" : false ,
"timestamp" : "1524596065" ,
"to_ids" : false ,
"type" : "attachment" ,
"uuid" : "5adf7be8-c1bc-4162-aa18-4914950d210f" ,
"value" : "eset-infographic-blog_zebrocy.png"
} ,
{
"category" : "Network activity" ,
"comment" : "" ,
"deleted" : false ,
"disable_correlation" : false ,
"timestamp" : "1524596066" ,
"to_ids" : true ,
"type" : "url" ,
"uuid" : "5adf7c2a-2900-4127-8037-a5b9950d210f" ,
"value" : "http://142.0.68.2/test-update-16-8852418/temp727612430/checkUpdate89732468.php"
} ,
{
"category" : "Network activity" ,
"comment" : "" ,
"deleted" : false ,
"disable_correlation" : false ,
"timestamp" : "1524596067" ,
"to_ids" : true ,
"type" : "url" ,
"uuid" : "5adf7c2a-b200-49ab-b8bc-a5b9950d210f" ,
"value" : "http://142.0.68.2/test-update-17-8752417/temp827612480/checkUpdate79832467.php"
} ,
{
"category" : "Network activity" ,
"comment" : "" ,
"deleted" : false ,
"disable_correlation" : false ,
"timestamp" : "1524596067" ,
"to_ids" : true ,
"type" : "url" ,
"uuid" : "5adf7c2b-e094-4394-a530-a5b9950d210f" ,
"value" : "http://185.25.50.93/syshelp/kd8812u/protocol.php"
} ,
{
"category" : "Network activity" ,
"comment" : "" ,
"deleted" : false ,
"disable_correlation" : false ,
"timestamp" : "1524596068" ,
"to_ids" : true ,
"type" : "url" ,
"uuid" : "5adf7c2b-8e60-4c01-811a-a5b9950d210f" ,
"value" : "http://185.25.50.93/tech99-04/litelib1/setwsdv4.php"
} ,
{
"category" : "Network activity" ,
"comment" : "" ,
"deleted" : false ,
"disable_correlation" : false ,
"timestamp" : "1524596068" ,
"to_ids" : true ,
"type" : "url" ,
"uuid" : "5adf7c2c-5464-4b95-8fa5-a5b9950d210f" ,
"value" : "http://185.25.50.93/techicalBS391-two/supptech18i/suppid.php"
} ,
{
"category" : "Network activity" ,
"comment" : "" ,
"deleted" : false ,
"disable_correlation" : false ,
"timestamp" : "1524596069" ,
"to_ids" : true ,
"type" : "url" ,
"uuid" : "5adf7c2c-6670-4309-8f81-a5b9950d210f" ,
"value" : "http://185.25.51.114/get-help-software/get-app-c/error-code-lookup.php"
} ,
{
"category" : "Network activity" ,
"comment" : "" ,
"deleted" : false ,
"disable_correlation" : false ,
"timestamp" : "1524596069" ,
"to_ids" : true ,
"type" : "url" ,
"uuid" : "5adf7c2d-ff10-4bbb-bd0f-a5b9950d210f" ,
"value" : "http://185.25.51.164/srv_upd_dest_two/destBB/en.php"
} ,
{
"category" : "Network activity" ,
"comment" : "" ,
"deleted" : false ,
"disable_correlation" : false ,
"timestamp" : "1524596070" ,
"to_ids" : true ,
"type" : "url" ,
"uuid" : "5adf7c2d-28bc-4764-881c-a5b9950d210f" ,
"value" : "http://185.25.51.198/get-data/searchId/get.php"
} ,
{
"category" : "Network activity" ,
"comment" : "" ,
"deleted" : false ,
"disable_correlation" : false ,
"timestamp" : "1524596070" ,
"to_ids" : true ,
"type" : "url" ,
"uuid" : "5adf7c2e-7a4c-4c28-9a5f-a5b9950d210f" ,
"value" : "http://185.25.51.198/stream-upd-service-two/definition/event.php"
} ,
{
"category" : "Network activity" ,
"comment" : "" ,
"deleted" : false ,
"disable_correlation" : false ,
"timestamp" : "1524596071" ,
"to_ids" : true ,
"type" : "url" ,
"uuid" : "5adf7c2e-8868-4991-8cb1-a5b9950d210f" ,
"value" : "http://185.77.129.152/wWpYdSMRulkdp/arpz/MsKZrpUfe.php"
} ,
{
"category" : "Network activity" ,
"comment" : "" ,
"deleted" : false ,
"disable_correlation" : false ,
"timestamp" : "1524596071" ,
"to_ids" : true ,
"type" : "url" ,
"uuid" : "5adf7c2f-080c-4610-9fb9-a5b9950d210f" ,
"value" : "http://188.241.68.121/update/dB-Release/NewBaseCheck.php"
} ,
{
"category" : "Network activity" ,
"comment" : "" ,
"deleted" : false ,
"disable_correlation" : false ,
"timestamp" : "1524596071" ,
"to_ids" : true ,
"type" : "url" ,
"uuid" : "5adf7c2f-4ff8-4cf2-af5a-a5b9950d210f" ,
"value" : "http://194.187.249.126/database-update-centre/check-system-version/id=18862.php"
} ,
{
"category" : "Network activity" ,
"comment" : "" ,
"deleted" : false ,
"disable_correlation" : false ,
"timestamp" : "1524596072" ,
"to_ids" : true ,
"type" : "url" ,
"uuid" : "5adf7c30-d638-4eba-a3f6-a5b9950d210f" ,
"value" : "http://194.187.249.126/security-services-DMHA-group/info-update-version/id77820082.php"
} ,
{
"category" : "Network activity" ,
"comment" : "" ,
"deleted" : false ,
"disable_correlation" : false ,
"timestamp" : "1524596072" ,
"to_ids" : true ,
"type" : "url" ,
"uuid" : "5adf7c30-c6b8-40d9-bd42-a5b9950d210f" ,
"value" : "http://213.103.67.193/ghflYvz/vmwWIdx/realui.php"
} ,
{
"category" : "Network activity" ,
"comment" : "" ,
"deleted" : false ,
"disable_correlation" : false ,
"timestamp" : "1524596073" ,
"to_ids" : true ,
"type" : "url" ,
"uuid" : "5adf7c31-1758-4b41-8b8c-a5b9950d210f" ,
"value" : "http://213.252.244.219/client-update-info/version-id/version333.php"
} ,
{
"category" : "Network activity" ,
"comment" : "" ,
"deleted" : false ,
"disable_correlation" : false ,
"timestamp" : "1524596073" ,
"to_ids" : true ,
"type" : "url" ,
"uuid" : "5adf7c31-03d0-43c3-bf9a-a5b9950d210f" ,
"value" : "http://213.252.244.219/cumulative-security-update/Summary/details.php"
} ,
{
"category" : "Network activity" ,
"comment" : "" ,
"deleted" : false ,
"disable_correlation" : false ,
"timestamp" : "1524596074" ,
"to_ids" : true ,
"type" : "url" ,
"uuid" : "5adf7c31-75c8-4da6-a4c9-a5b9950d210f" ,
"value" : "http://213.252.245.132/search-release/Search-Version/crmclients.php"
} ,
{
"category" : "Network activity" ,
"comment" : "" ,
"deleted" : false ,
"disable_correlation" : false ,
"timestamp" : "1524596074" ,
"to_ids" : true ,
"type" : "url" ,
"uuid" : "5adf7c32-9590-454a-8e89-a5b9950d210f" ,
"value" : "http://213.252.245.132/setting-the-os-release/Support-OS-release/ApiMap.php"
} ,
{
"category" : "Network activity" ,
"comment" : "" ,
"deleted" : false ,
"disable_correlation" : false ,
"timestamp" : "1524596074" ,
"to_ids" : true ,
"type" : "url" ,
"uuid" : "5adf7c32-eabc-4915-81c1-a5b9950d210f" ,
"value" : "http://220.158.216.127/search-sys-update-release/base-sync/db7749sc.php"
} ,
{
"category" : "Network activity" ,
"comment" : "" ,
"deleted" : false ,
"disable_correlation" : false ,
"timestamp" : "1524596075" ,
"to_ids" : true ,
"type" : "url" ,
"uuid" : "5adf7c33-1bd4-48df-97df-a5b9950d210f" ,
"value" : "http://222.15.23.121/gft_piyes/ndhfkuryhs09/fdfd_iunb_hhert_ps.php"
} ,
{
"category" : "Network activity" ,
"comment" : "" ,
"deleted" : false ,
"disable_correlation" : false ,
"timestamp" : "1524596075" ,
"to_ids" : true ,
"type" : "url" ,
"uuid" : "5adf7c33-63f8-4d44-ba2e-a5b9950d210f" ,
"value" : "http://46.102.152.127/messageID/get-data/SecurityID.php"
} ,
{
"category" : "Network activity" ,
"comment" : "" ,
"deleted" : false ,
"disable_correlation" : false ,
"timestamp" : "1524596076" ,
"to_ids" : true ,
"type" : "url" ,
"uuid" : "5adf7c34-1d50-4261-a514-a5b9950d210f" ,
"value" : "http://46.183.223.227/services-check-update/security-certificate-11-554/CheckNow864.php"
} ,
{
"category" : "Network activity" ,
"comment" : "" ,
"deleted" : false ,
"disable_correlation" : false ,
"timestamp" : "1524596076" ,
"to_ids" : true ,
"type" : "url" ,
"uuid" : "5adf7c34-b82c-4561-bbec-a5b9950d210f" ,
"value" : "http://80.255.6.5/daily-update-certifaicates52735462534234/update-15.dat"
} ,
{
"category" : "Network activity" ,
"comment" : "" ,
"deleted" : false ,
"disable_correlation" : false ,
"timestamp" : "1524596076" ,
"to_ids" : true ,
"type" : "url" ,
"uuid" : "5adf7c35-24f4-4af7-8e28-a5b9950d210f" ,
"value" : "http://80.255.6.5/LoG-statistic8397420934809/date-update9048353094c/StaticIpUpdateLog23741033.php"
} ,
{
"category" : "Network activity" ,
"comment" : "" ,
"deleted" : false ,
"disable_correlation" : false ,
"timestamp" : "1524596077" ,
"to_ids" : true ,
"type" : "url" ,
"uuid" : "5adf7c35-e6a8-4cbe-bdcd-a5b9950d210f" ,
"value" : "http://86.105.18.106/apps.update/DetailsID/clientPID-118253.php"
} ,
{
"category" : "Network activity" ,
"comment" : "" ,
"deleted" : false ,
"disable_correlation" : false ,
"timestamp" : "1524596077" ,
"to_ids" : true ,
"type" : "url" ,
"uuid" : "5adf7c36-9c58-4a7a-a4cc-a5b9950d210f" ,
"value" : "http://86.105.18.106/data-extract/timermodule/update-client.php"
} ,
{
"category" : "Network activity" ,
"comment" : "" ,
"deleted" : false ,
"disable_correlation" : false ,
"timestamp" : "1524596078" ,
"to_ids" : true ,
"type" : "url" ,
"uuid" : "5adf7c37-7114-4b3e-b278-a5b9950d210f" ,
"value" : "http://86.105.18.106/debug-info/pluginId/CLISD1934.php"
} ,
{
"category" : "Network activity" ,
"comment" : "" ,
"deleted" : false ,
"disable_correlation" : false ,
"timestamp" : "1524596078" ,
"to_ids" : true ,
"type" : "url" ,
"uuid" : "5adf7c37-bb80-45ea-a052-a5b9950d210f" ,
"value" : "http://86.105.18.106/ram-data/managerId/REM1234.php"
} ,
{
"category" : "Network activity" ,
"comment" : "" ,
"deleted" : false ,
"disable_correlation" : false ,
"timestamp" : "1524596079" ,
"to_ids" : true ,
"type" : "url" ,
"uuid" : "5adf7c38-da38-48db-89fc-a5b9950d210f" ,
"value" : "http://86.105.18.106/versionID/Plugin0899/debug-release01119/debug-19.app"
} ,
{
"category" : "Network activity" ,
"comment" : "" ,
"deleted" : false ,
"disable_correlation" : false ,
"timestamp" : "1524596079" ,
"to_ids" : true ,
"type" : "url" ,
"uuid" : "5adf7c38-16bc-4a0c-827b-a5b9950d210f" ,
"value" : "http://86.105.18.111/UpdateCertificate33-33725cnm^BB/CheckerNow-saMbA-99-36^11/CheckerSerface^8830-11.php"
} ,
{
"category" : "Network activity" ,
"comment" : "" ,
"deleted" : false ,
"disable_correlation" : false ,
"timestamp" : "1524596079" ,
"to_ids" : true ,
"type" : "url" ,
"uuid" : "5adf7c39-ba1c-4927-972e-a5b9950d210f" ,
"value" : "http://86.106.131.177/srvSettings/conf4421i/support.php"
} ,
{
"category" : "Network activity" ,
"comment" : "" ,
"deleted" : false ,
"disable_correlation" : false ,
"timestamp" : "1524596080" ,
"to_ids" : true ,
"type" : "url" ,
"uuid" : "5adf7c39-8024-479e-9e91-a5b9950d210f" ,
"value" : "http://86.106.131.177/SupportA91i/syshelpA774i/viewsupp.php"
} ,
{
"category" : "Network activity" ,
"comment" : "" ,
"deleted" : false ,
"disable_correlation" : false ,
"timestamp" : "1524596080" ,
"to_ids" : true ,
"type" : "url" ,
"uuid" : "5adf7c3a-3fe8-44c7-ba92-a5b9950d210f" ,
"value" : "http://89.249.65.166/clientid-and-uniqued-r2/the-differenceU/Events76.php"
} ,
{
"category" : "Network activity" ,
"comment" : "" ,
"deleted" : false ,
"disable_correlation" : false ,
"timestamp" : "1524596081" ,
"to_ids" : true ,
"type" : "url" ,
"uuid" : "5adf7c3a-63fc-4971-abe8-a5b9950d210f" ,
"value" : "http://89.249.65.166/int-release/check-user/userid.php"
} ,
{
"category" : "Network activity" ,
"comment" : "" ,
"deleted" : false ,
"disable_correlation" : false ,
"timestamp" : "1524596081" ,
"to_ids" : true ,
"type" : "url" ,
"uuid" : "5adf7c3b-ed20-4ca5-af3d-a5b9950d210f" ,
"value" : "http://89.249.65.234/guard-service/Servers-ip4/upd-release/mdb4"
} ,
{
"category" : "Network activity" ,
"comment" : "" ,
"deleted" : false ,
"disable_correlation" : false ,
"timestamp" : "1524596082" ,
"to_ids" : true ,
"type" : "url" ,
"uuid" : "5adf7c3b-fe30-4b1d-8155-a5b9950d210f" ,
"value" : "http://89.40.181.126/verification-online/service.911-19/check-verification-88291.php"
} ,
{
"category" : "Network activity" ,
"comment" : "" ,
"deleted" : false ,
"disable_correlation" : false ,
"timestamp" : "1524596082" ,
"to_ids" : true ,
"type" : "url" ,
"uuid" : "5adf7c3c-440c-4f0e-987c-a5b9950d210f" ,
"value" : "http://89.45.67.153/grenadLibS44-two/fIndToClose12t3/sol41.php"
} ,
{
"category" : "Network activity" ,
"comment" : "" ,
"deleted" : false ,
"disable_correlation" : false ,
"timestamp" : "1524596082" ,
"to_ids" : true ,
"type" : "url" ,
"uuid" : "5adf7c3c-5570-4291-81fd-a5b9950d210f" ,
"value" : "http://89.45.67.153/supportfsys/t863321i/func112SerErr.php"
} ,
{
"category" : "Network activity" ,
"comment" : "" ,
"deleted" : false ,
"disable_correlation" : false ,
"timestamp" : "1524596083" ,
"to_ids" : true ,
"type" : "url" ,
"uuid" : "5adf7c3d-2290-4469-9e62-a5b9950d210f" ,
"value" : "http://93.113.131.117/KB7735-9927/security-serv/opt.php"
} ,
{
"category" : "Network activity" ,
"comment" : "" ,
"deleted" : false ,
"disable_correlation" : false ,
"timestamp" : "1524596083" ,
"to_ids" : true ,
"type" : "url" ,
"uuid" : "5adf7c3d-30bc-450b-b41e-a5b9950d210f" ,
"value" : "http://93.113.131.155/Verifica-El-Lanzamiento/Ayuda-Del-Sistema/obtenerId.php"
} ,
{
"category" : "Network activity" ,
"comment" : "" ,
"deleted" : false ,
"disable_correlation" : false ,
"timestamp" : "1524596084" ,
"to_ids" : true ,
"type" : "url" ,
"uuid" : "5adf7c3d-48c0-4306-b58a-a5b9950d210f" ,
"value" : "http://93.115.38.132/wWpYdSMRulkdp/arpz/MsKZrpUfe.php"
} ,
{
"category" : "Network activity" ,
"comment" : "" ,
"deleted" : false ,
"disable_correlation" : false ,
"timestamp" : "1524596084" ,
"to_ids" : true ,
"type" : "url" ,
"uuid" : "5adf7c3e-5a70-41a0-ac45-a5b9950d210f" ,
"value" : "http://rammatica.com/QqrAzMjp/CmKjzk/EspTkzmH.php"
} ,
{
"category" : "Network activity" ,
"comment" : "" ,
"deleted" : false ,
"disable_correlation" : false ,
"timestamp" : "1524596085" ,
"to_ids" : true ,
"type" : "url" ,
"uuid" : "5adf7c3e-1388-4b89-b340-a5b9950d210f" ,
"value" : "http://rammatica.com/QqrAzMjp/CmKjzk/OspRkzmG.php"
} ,
{
"category" : "Payload delivery" ,
"comment" : "Malicious documents" ,
"deleted" : false ,
"disable_correlation" : false ,
"timestamp" : "1524595871" ,
"to_ids" : true ,
"type" : "sha1" ,
"uuid" : "5adf7c76-431c-4ce4-a812-db5a950d210f" ,
"value" : "4f07d18475601d0492cbf678ee0f0860c729910e"
} ,
{
"category" : "Payload delivery" ,
"comment" : "Malicious documents" ,
"deleted" : false ,
"disable_correlation" : false ,
"timestamp" : "1524595871" ,
"to_ids" : true ,
"type" : "sha1" ,
"uuid" : "5adf7c76-c5bc-45c9-b03c-db5a950d210f" ,
"value" : "f10b2c052afc07e2dec9dbe816031059fdc900ba"
} ,
{
"category" : "Payload delivery" ,
"comment" : "Delphi downloader" ,
"deleted" : false ,
"disable_correlation" : false ,
"timestamp" : "1524595931" ,
"to_ids" : true ,
"type" : "sha1" ,
"uuid" : "5adf7cdb-f558-436b-b8f5-de5f950d210f" ,
"value" : "00b39f2deaf1f1fc29e5acb63f4d1100e04fd701"
} ,
{
"category" : "Payload delivery" ,
"comment" : "Delphi downloader" ,
"deleted" : false ,
"disable_correlation" : false ,
"timestamp" : "1524595931" ,
"to_ids" : true ,
"type" : "sha1" ,
"uuid" : "5adf7cdb-0300-4f68-9eb9-de5f950d210f" ,
"value" : "07e44b44c5f1043d16f6011a2cf0d2e7c5a52787"
} ,
{
"category" : "Payload delivery" ,
"comment" : "Delphi downloader" ,
"deleted" : false ,
"disable_correlation" : false ,
"timestamp" : "1524595932" ,
"to_ids" : true ,
"type" : "sha1" ,
"uuid" : "5adf7cdc-65c4-4c6c-85a0-de5f950d210f" ,
"value" : "0f946f619ae8e2181a5bd76c8af03347742765c6"
} ,
{
"category" : "Payload delivery" ,
"comment" : "Delphi downloader" ,
"deleted" : false ,
"disable_correlation" : false ,
"timestamp" : "1524595932" ,
"to_ids" : true ,
"type" : "sha1" ,
"uuid" : "5adf7cdc-a19c-49c4-ace9-de5f950d210f" ,
"value" : "2900ed173a9f5dc99f905942a6be595cc6f03387"
} ,
{
"category" : "Payload delivery" ,
"comment" : "Delphi downloader" ,
"deleted" : false ,
"disable_correlation" : false ,
"timestamp" : "1524595933" ,
"to_ids" : true ,
"type" : "sha1" ,
"uuid" : "5adf7cdd-71c8-4e6f-a855-de5f950d210f" ,
"value" : "2b5a7f4e054d0130883c8821b629121e0228bf54"
} ,
{
"category" : "Payload delivery" ,
"comment" : "Delphi downloader" ,
"deleted" : false ,
"disable_correlation" : false ,
"timestamp" : "1524595933" ,
"to_ids" : true ,
"type" : "sha1" ,
"uuid" : "5adf7cdd-b198-46df-98f8-de5f950d210f" ,
"value" : "36b5e59a01e7f244d4a3bbb539e57aa468115dc8"
} ,
{
"category" : "Payload delivery" ,
"comment" : "Delphi downloader" ,
"deleted" : false ,
"disable_correlation" : false ,
"timestamp" : "1524595933" ,
"to_ids" : true ,
"type" : "sha1" ,
"uuid" : "5adf7cde-1550-4b9e-be86-de5f950d210f" ,
"value" : "37bd951c483da057337ef8f38d6e48051cbb39d0"
} ,
{
"category" : "Payload delivery" ,
"comment" : "Delphi downloader" ,
"deleted" : false ,
"disable_correlation" : false ,
"timestamp" : "1524595934" ,
"to_ids" : true ,
"type" : "sha1" ,
"uuid" : "5adf7cde-dfe8-4ccf-86f6-de5f950d210f" ,
"value" : "41686703ce9e9aec64b6ad1c516746751219bc62"
} ,
{
"category" : "Payload delivery" ,
"comment" : "Delphi downloader" ,
"deleted" : false ,
"disable_correlation" : false ,
"timestamp" : "1524595934" ,
"to_ids" : true ,
"type" : "sha1" ,
"uuid" : "5adf7cde-4008-4f78-b142-de5f950d210f" ,
"value" : "4e6470f4a245efaa138c8c6eedb046e916706383"
} ,
{
"category" : "Payload delivery" ,
"comment" : "Delphi downloader" ,
"deleted" : false ,
"disable_correlation" : false ,
"timestamp" : "1524595935" ,
"to_ids" : true ,
"type" : "sha1" ,
"uuid" : "5adf7cdf-8620-4e20-aa9b-de5f950d210f" ,
"value" : "54b14fc84f152b43c63babc46f2597b053e94627"
} ,
{
"category" : "Payload delivery" ,
"comment" : "Delphi downloader" ,
"deleted" : false ,
"disable_correlation" : false ,
"timestamp" : "1524595935" ,
"to_ids" : true ,
"type" : "sha1" ,
"uuid" : "5adf7cdf-c59c-450e-84f2-de5f950d210f" ,
"value" : "afd5a60b7fff4deea15f7011339ad2cc2987a937"
} ,
{
"category" : "Payload delivery" ,
"comment" : "Delphi downloader" ,
"deleted" : false ,
"disable_correlation" : false ,
"timestamp" : "1524595936" ,
"to_ids" : true ,
"type" : "sha1" ,
"uuid" : "5adf7ce0-e768-4726-8080-de5f950d210f" ,
"value" : "d4ab51bc5c26183771e3358d76e348943f9dd2fc"
} ,
{
"category" : "Payload delivery" ,
"comment" : "Delphi downloader" ,
"deleted" : false ,
"disable_correlation" : false ,
"timestamp" : "1524595936" ,
"to_ids" : true ,
"type" : "sha1" ,
"uuid" : "5adf7ce0-b5a8-4c42-bc41-de5f950d210f" ,
"value" : "d6fdc72792ee736b8d606d40d72cb89d6e8a3e18"
} ,
{
"category" : "Payload delivery" ,
"comment" : "AutoIt downloader" ,
"deleted" : false ,
"disable_correlation" : false ,
"timestamp" : "1524595952" ,
"to_ids" : true ,
"type" : "sha1" ,
"uuid" : "5adf7cf0-76c4-40ed-bba6-de5f950d210f" ,
"value" : "0cd61d367dd0b13000774ab77abf3d4cfb713c8e"
} ,
{
"category" : "Payload delivery" ,
"comment" : "AutoIt downloader" ,
"deleted" : false ,
"disable_correlation" : false ,
"timestamp" : "1524595952" ,
"to_ids" : true ,
"type" : "sha1" ,
"uuid" : "5adf7cf0-f198-451c-a83b-de5f950d210f" ,
"value" : "185ab7a371b58ff367c155ec0dabe28842d340bd"
} ,
{
"category" : "Payload delivery" ,
"comment" : "AutoIt downloader" ,
"deleted" : false ,
"disable_correlation" : false ,
"timestamp" : "1524595953" ,
"to_ids" : true ,
"type" : "sha1" ,
"uuid" : "5adf7cf1-b4dc-4bdf-a930-de5f950d210f" ,
"value" : "267abd7105ac26d5cb6ecb96292f83708f64b994"
} ,
{
"category" : "Payload delivery" ,
"comment" : "AutoIt downloader" ,
"deleted" : false ,
"disable_correlation" : false ,
"timestamp" : "1524595953" ,
"to_ids" : true ,
"type" : "sha1" ,
"uuid" : "5adf7cf1-c738-4d3c-86ac-de5f950d210f" ,
"value" : "4a6dcbccab5344388b331d543cc2260ca531c7ca"
} ,
{
"category" : "Payload delivery" ,
"comment" : "AutoIt downloader" ,
"deleted" : false ,
"disable_correlation" : false ,
"timestamp" : "1524595954" ,
"to_ids" : true ,
"type" : "sha1" ,
"uuid" : "5adf7cf2-e81c-40cf-a823-de5f950d210f" ,
"value" : "62dcf2f33ecc6014fa9a10f4e9ac9fd9bb0a6d23"
} ,
{
"category" : "Payload delivery" ,
"comment" : "AutoIt downloader" ,
"deleted" : false ,
"disable_correlation" : false ,
"timestamp" : "1524595954" ,
"to_ids" : true ,
"type" : "sha1" ,
"uuid" : "5adf7cf2-58f8-4e72-8928-de5f950d210f" ,
"value" : "b8b847d3d0139db68dba730b3424b29dcb40b3c7"
} ,
{
"category" : "Payload delivery" ,
"comment" : "AutoIt downloader" ,
"deleted" : false ,
"disable_correlation" : false ,
"timestamp" : "1524595955" ,
"to_ids" : true ,
"type" : "sha1" ,
"uuid" : "5adf7cf3-b488-4c78-bf80-de5f950d210f" ,
"value" : "c0271dbb02636402742c390ffbeee6418f696668"
} ,
{
"category" : "Payload delivery" ,
"comment" : "AutoIt downloader" ,
"deleted" : false ,
"disable_correlation" : false ,
"timestamp" : "1524595955" ,
"to_ids" : true ,
"type" : "sha1" ,
"uuid" : "5adf7cf3-217c-489e-98f1-de5f950d210f" ,
"value" : "d379b94a3eb4fd9c9a973f64d436d7fc2e9d6762"
} ,
{
"category" : "Payload delivery" ,
"comment" : "AutoIt downloader" ,
"deleted" : false ,
"disable_correlation" : false ,
"timestamp" : "1524595955" ,
"to_ids" : true ,
"type" : "sha1" ,
"uuid" : "5adf7cf3-c5a4-4616-8c5a-de5f950d210f" ,
"value" : "dabeadf0a9af3a8a0802f8445670806cd7671b1d"
} ,
{
"category" : "Payload delivery" ,
"comment" : "Delphi backdoor" ,
"deleted" : false ,
"disable_correlation" : false ,
"timestamp" : "1524595990" ,
"to_ids" : true ,
"type" : "sha1" ,
"uuid" : "5adf7d16-d6a8-4446-9cdb-4672950d210f" ,
"value" : "0983d940ba42135106bf7a1e87ed5a1975fc7ead"
} ,
{
"category" : "Payload delivery" ,
"comment" : "Delphi backdoor" ,
"deleted" : false ,
"disable_correlation" : false ,
"timestamp" : "1524595991" ,
"to_ids" : true ,
"type" : "sha1" ,
"uuid" : "5adf7d17-c208-4c91-a403-4672950d210f" ,
"value" : "226083c7190f1a939d5b7b352400450690d59f65"
} ,
{
"category" : "Payload delivery" ,
"comment" : "Delphi backdoor" ,
"deleted" : false ,
"disable_correlation" : false ,
"timestamp" : "1524595991" ,
"to_ids" : true ,
"type" : "sha1" ,
"uuid" : "5adf7d17-5918-4e52-927d-4672950d210f" ,
"value" : "245868d6805c66181808973e93f23293d6d2f7d1"
} ,
{
"category" : "Payload delivery" ,
"comment" : "Delphi backdoor" ,
"deleted" : false ,
"disable_correlation" : false ,
"timestamp" : "1524595992" ,
"to_ids" : true ,
"type" : "sha1" ,
"uuid" : "5adf7d18-b040-4595-bd7a-4672950d210f" ,
"value" : "2c01ae417e5de213845b1ed46d4e82d45edd598d"
} ,
{
"category" : "Payload delivery" ,
"comment" : "Delphi backdoor" ,
"deleted" : false ,
"disable_correlation" : false ,
"timestamp" : "1524595992" ,
"to_ids" : true ,
"type" : "sha1" ,
"uuid" : "5adf7d18-0668-4930-8f75-4672950d210f" ,
"value" : "4ccbe222bd97dc229b36efaf52520939da9d51c8"
} ,
{
"category" : "Payload delivery" ,
"comment" : "Delphi backdoor" ,
"deleted" : false ,
"disable_correlation" : false ,
"timestamp" : "1524595992" ,
"to_ids" : true ,
"type" : "sha1" ,
"uuid" : "5adf7d19-09d8-4cda-b21a-4672950d210f" ,
"value" : "51ae516792570bcd069a657c27859cd3fdc07d00"
} ,
{
"category" : "Payload delivery" ,
"comment" : "Delphi backdoor" ,
"deleted" : false ,
"disable_correlation" : false ,
"timestamp" : "1524595993" ,
"to_ids" : true ,
"type" : "sha1" ,
"uuid" : "5adf7d19-43b0-44de-ba90-4672950d210f" ,
"value" : "55179f0c6bce5a37311a44efe3f9845096c09668"
} ,
{
"category" : "Payload delivery" ,
"comment" : "Delphi backdoor" ,
"deleted" : false ,
"disable_correlation" : false ,
"timestamp" : "1524595993" ,
"to_ids" : true ,
"type" : "sha1" ,
"uuid" : "5adf7d19-6d08-41b4-837f-4672950d210f" ,
"value" : "6fd7ce97061169b835ea77976651b5bf20aca4ef"
} ,
{
"category" : "Payload delivery" ,
"comment" : "Delphi backdoor" ,
"deleted" : false ,
"disable_correlation" : false ,
"timestamp" : "1524595994" ,
"to_ids" : true ,
"type" : "sha1" ,
"uuid" : "5adf7d1a-4f4c-4429-b6f1-4672950d210f" ,
"value" : "7349843e4dac1226ad6ce3e3cda8c389dd599548"
} ,
{
"category" : "Payload delivery" ,
"comment" : "Delphi backdoor" ,
"deleted" : false ,
"disable_correlation" : false ,
"timestamp" : "1524595994" ,
"to_ids" : true ,
"type" : "sha1" ,
"uuid" : "5adf7d1a-20e0-4f9b-996a-4672950d210f" ,
"value" : "7b5c223a4968cc2190c1b5444cad47187d27ec50"
} ,
{
"category" : "Payload delivery" ,
"comment" : "Delphi backdoor" ,
"deleted" : false ,
"disable_correlation" : false ,
"timestamp" : "1524595995" ,
"to_ids" : true ,
"type" : "sha1" ,
"uuid" : "5adf7d1b-d0fc-4d16-9e7b-4672950d210f" ,
"value" : "83882e13b369986b513f4aae245c112b82ec2097"
} ,
{
"category" : "Payload delivery" ,
"comment" : "Delphi backdoor" ,
"deleted" : false ,
"disable_correlation" : false ,
"timestamp" : "1524595995" ,
"to_ids" : true ,
"type" : "sha1" ,
"uuid" : "5adf7d1b-f758-45e7-922c-4672950d210f" ,
"value" : "8aedf7a462024acf72d708c89230e4f02d94bc78"
} ,
{
"category" : "Payload delivery" ,
"comment" : "Delphi backdoor" ,
"deleted" : false ,
"disable_correlation" : false ,
"timestamp" : "1524595996" ,
"to_ids" : true ,
"type" : "sha1" ,
"uuid" : "5adf7d1c-34f4-4995-bde2-4672950d210f" ,
"value" : "8bd56b580974ae195e9f92b3aa525547d33434c1"
} ,
{
"category" : "Payload delivery" ,
"comment" : "Delphi backdoor" ,
"deleted" : false ,
"disable_correlation" : false ,
"timestamp" : "1524595996" ,
"to_ids" : true ,
"type" : "sha1" ,
"uuid" : "5adf7d1c-f9b0-4322-b7b0-4672950d210f" ,
"value" : "9beacd8e145fa01e16409d44d8b9470af6c7afd8"
} ,
{
"category" : "Payload delivery" ,
"comment" : "Delphi backdoor" ,
"deleted" : false ,
"disable_correlation" : false ,
"timestamp" : "1524595997" ,
"to_ids" : true ,
"type" : "sha1" ,
"uuid" : "5adf7d1d-7a88-4775-8095-4672950d210f" ,
"value" : "a172fe6e91170f858c8ce5d734c094996bdf83d0"
} ,
{
"category" : "Payload delivery" ,
"comment" : "Delphi backdoor" ,
"deleted" : false ,
"disable_correlation" : false ,
"timestamp" : "1524595997" ,
"to_ids" : true ,
"type" : "sha1" ,
"uuid" : "5adf7d1d-3e9c-4574-a32b-4672950d210f" ,
"value" : "ae93b6ec2d56512a1c7e8c053d2a6ce6fdfb7e4c"
} ,
{
"category" : "Payload delivery" ,
"comment" : "Delphi backdoor" ,
"deleted" : false ,
"disable_correlation" : false ,
"timestamp" : "1524595998" ,
"to_ids" : true ,
"type" : "sha1" ,
"uuid" : "5adf7d1e-2b60-43dd-8e0f-4672950d210f" ,
"value" : "c08d89c7f7be69d5d705d4ac7e24e8f48e22faaf"
} ,
{
"category" : "Payload delivery" ,
"comment" : "Delphi backdoor" ,
"deleted" : false ,
"disable_correlation" : false ,
"timestamp" : "1524595998" ,
"to_ids" : true ,
"type" : "sha1" ,
"uuid" : "5adf7d1e-9574-4146-ad13-4672950d210f" ,
"value" : "c2f3ca699aef3d226a800c2262efdca1470e00dc"
} ,
{
"category" : "Payload delivery" ,
"comment" : "Delphi backdoor" ,
"deleted" : false ,
"disable_correlation" : false ,
"timestamp" : "1524595999" ,
"to_ids" : true ,
"type" : "sha1" ,
"uuid" : "5adf7d1f-15bc-4ba7-bbba-4672950d210f" ,
"value" : "cdf9c24b86bc9a872035dcf3f53f380c904ed98b"
} ,
{
"category" : "Payload delivery" ,
"comment" : "Delphi backdoor" ,
"deleted" : false ,
"disable_correlation" : false ,
"timestamp" : "1524595999" ,
"to_ids" : true ,
"type" : "sha1" ,
"uuid" : "5adf7d1f-e108-4b6f-ab95-4672950d210f" ,
"value" : "f63e29621c8becac47ae6eac7bf9577bd0a37b73"
} ,
{
"category" : "Payload delivery" ,
"comment" : "Delphi backdoor" ,
"deleted" : false ,
"disable_correlation" : false ,
"timestamp" : "1524596000" ,
"to_ids" : true ,
"type" : "sha1" ,
"uuid" : "5adf7d20-da68-4200-9f55-4672950d210f" ,
"value" : "fea8752d90d2b4f0fc49ac0d58d62090782d8c5b"
}
] ,
"Object" : [
{
"comment" : "" ,
"deleted" : false ,
"description" : "File object describing a file with meta-information" ,
"meta-category" : "file" ,
"name" : "file" ,
"template_uuid" : "688c46fb-5edb-40a3-8273-1af7923e2215" ,
"template_version" : "7" ,
"timestamp" : "1524596088" ,
"uuid" : "302f24a6-cc84-4575-ad9b-06463c14e099" ,
"ObjectReference" : [
{
"comment" : "" ,
"object_uuid" : "302f24a6-cc84-4575-ad9b-06463c14e099" ,
"referenced_uuid" : "99962fb8-2977-48bc-b99a-d41fc2bb9c36" ,
"relationship_type" : "analysed-with" ,
"timestamp" : "1524596187" ,
"uuid" : "5adf7ddb-de00-44e7-ab04-402202de0b81"
}
] ,
"Attribute" : [
{
"category" : "Payload delivery" ,
"comment" : "Delphi downloader" ,
"deleted" : false ,
"disable_correlation" : false ,
"object_relation" : "md5" ,
"timestamp" : "1524596085" ,
"to_ids" : true ,
"type" : "md5" ,
"uuid" : "5adf7d75-8ca0-4d5a-9436-499702de0b81" ,
"value" : "c834ef2d3e0fe5239b2c97d6d14a4c9b"
} ,
{
"category" : "Payload delivery" ,
"comment" : "Delphi downloader" ,
"deleted" : false ,
"disable_correlation" : false ,
"object_relation" : "sha1" ,
"timestamp" : "1524596086" ,
"to_ids" : true ,
"type" : "sha1" ,
"uuid" : "5adf7d76-9078-4cb5-965d-4dba02de0b81" ,
"value" : "54b14fc84f152b43c63babc46f2597b053e94627"
} ,
{
"category" : "Payload delivery" ,
"comment" : "Delphi downloader" ,
"deleted" : false ,
"disable_correlation" : false ,
"object_relation" : "sha256" ,
"timestamp" : "1524596086" ,
"to_ids" : true ,
"type" : "sha256" ,
"uuid" : "5adf7d76-f8c0-44d7-9b80-4dad02de0b81" ,
"value" : "5fab4d08348b4ef080ba91bdb0d769d31797f5092bff3b24b3c23d091fccc8a7"
}
]
} ,
{
"comment" : "" ,
"deleted" : false ,
"description" : "VirusTotal report" ,
"meta-category" : "misc" ,
"name" : "virustotal-report" ,
"template_uuid" : "d7dd0154-e04f-4c34-a2fb-79f3a3a52aa4" ,
"template_version" : "1" ,
"timestamp" : "1524596086" ,
"uuid" : "99962fb8-2977-48bc-b99a-d41fc2bb9c36" ,
"Attribute" : [
{
"category" : "Other" ,
"comment" : "Delphi downloader" ,
"deleted" : false ,
"disable_correlation" : false ,
"object_relation" : "last-submission" ,
"timestamp" : "1524596087" ,
"to_ids" : false ,
"type" : "datetime" ,
"uuid" : "5adf7d77-df50-4115-a402-46db02de0b81" ,
"value" : "2017-11-17T14:53:28"
} ,
{
"category" : "External analysis" ,
"comment" : "Delphi downloader" ,
"deleted" : false ,
"disable_correlation" : false ,
"object_relation" : "permalink" ,
"timestamp" : "1524596087" ,
"to_ids" : false ,
"type" : "link" ,
"uuid" : "5adf7d77-5220-4235-a5f8-4efe02de0b81" ,
"value" : "https://www.virustotal.com/file/5fab4d08348b4ef080ba91bdb0d769d31797f5092bff3b24b3c23d091fccc8a7/analysis/1510930408/"
} ,
{
"category" : "Other" ,
"comment" : "Delphi downloader" ,
"deleted" : false ,
"disable_correlation" : true ,
"object_relation" : "detection-ratio" ,
"timestamp" : "1524596087" ,
"to_ids" : false ,
"type" : "text" ,
"uuid" : "5adf7d77-c83c-41c5-82b0-4feb02de0b81" ,
"value" : "36/67"
}
]
} ,
{
"comment" : "" ,
"deleted" : false ,
"description" : "File object describing a file with meta-information" ,
"meta-category" : "file" ,
"name" : "file" ,
"template_uuid" : "688c46fb-5edb-40a3-8273-1af7923e2215" ,
"template_version" : "7" ,
"timestamp" : "1524596090" ,
"uuid" : "d1395618-6286-4483-ac39-2529eee30b0e" ,
"ObjectReference" : [
{
"comment" : "" ,
"object_uuid" : "d1395618-6286-4483-ac39-2529eee30b0e" ,
"referenced_uuid" : "0e7e0bef-02b2-4c73-b677-e842a6d359b5" ,
"relationship_type" : "analysed-with" ,
"timestamp" : "1524596187" ,
"uuid" : "5adf7ddb-0cbc-4bd9-ab8a-4fcc02de0b81"
}
] ,
"Attribute" : [
{
"category" : "Payload delivery" ,
"comment" : "Delphi backdoor" ,
"deleted" : false ,
"disable_correlation" : false ,
"object_relation" : "md5" ,
"timestamp" : "1524596087" ,
"to_ids" : true ,
"type" : "md5" ,
"uuid" : "5adf7d77-82f0-4712-818c-489702de0b81" ,
"value" : "8a9a42a9901b80753c12d97ca7bb35af"
} ,
{
"category" : "Payload delivery" ,
"comment" : "Delphi backdoor" ,
"deleted" : false ,
"disable_correlation" : false ,
"object_relation" : "sha1" ,
"timestamp" : "1524596088" ,
"to_ids" : true ,
"type" : "sha1" ,
"uuid" : "5adf7d78-f5ec-48ca-8326-49c802de0b81" ,
"value" : "83882e13b369986b513f4aae245c112b82ec2097"
} ,
{
"category" : "Payload delivery" ,
"comment" : "Delphi backdoor" ,
"deleted" : false ,
"disable_correlation" : false ,
"object_relation" : "sha256" ,
"timestamp" : "1524596088" ,
"to_ids" : true ,
"type" : "sha256" ,
"uuid" : "5adf7d78-ad9c-4cc5-9e8a-422302de0b81" ,
"value" : "030e1f6b82a8c4a63b9754585b73a8f98c129234707ebdbd401020c068838262"
}
]
} ,
{
"comment" : "" ,
"deleted" : false ,
"description" : "VirusTotal report" ,
"meta-category" : "misc" ,
"name" : "virustotal-report" ,
"template_uuid" : "d7dd0154-e04f-4c34-a2fb-79f3a3a52aa4" ,
"template_version" : "1" ,
"timestamp" : "1524596089" ,
"uuid" : "0e7e0bef-02b2-4c73-b677-e842a6d359b5" ,
"Attribute" : [
{
"category" : "Other" ,
"comment" : "Delphi backdoor" ,
"deleted" : false ,
"disable_correlation" : false ,
"object_relation" : "last-submission" ,
"timestamp" : "1524596089" ,
"to_ids" : false ,
"type" : "datetime" ,
"uuid" : "5adf7d79-7564-4a47-9662-446a02de0b81" ,
"value" : "2018-03-26T10:20:55"
} ,
{
"category" : "External analysis" ,
"comment" : "Delphi backdoor" ,
"deleted" : false ,
"disable_correlation" : false ,
"object_relation" : "permalink" ,
"timestamp" : "1524596089" ,
"to_ids" : false ,
"type" : "link" ,
"uuid" : "5adf7d79-d948-47cc-a73c-4a8402de0b81" ,
"value" : "https://www.virustotal.com/file/030e1f6b82a8c4a63b9754585b73a8f98c129234707ebdbd401020c068838262/analysis/1522059655/"
} ,
{
"category" : "Other" ,
"comment" : "Delphi backdoor" ,
"deleted" : false ,
"disable_correlation" : true ,
"object_relation" : "detection-ratio" ,
"timestamp" : "1524596090" ,
"to_ids" : false ,
"type" : "text" ,
"uuid" : "5adf7d7a-11f0-4e64-a015-479302de0b81" ,
"value" : "42/66"
}
]
} ,
{
"comment" : "" ,
"deleted" : false ,
"description" : "File object describing a file with meta-information" ,
"meta-category" : "file" ,
"name" : "file" ,
"template_uuid" : "688c46fb-5edb-40a3-8273-1af7923e2215" ,
"template_version" : "7" ,
"timestamp" : "1524596093" ,
"uuid" : "261155fb-4cd5-45e1-8b13-e1a39032793a" ,
"ObjectReference" : [
{
"comment" : "" ,
"object_uuid" : "261155fb-4cd5-45e1-8b13-e1a39032793a" ,
"referenced_uuid" : "094e60cb-a46e-449d-831b-56e943719480" ,
"relationship_type" : "analysed-with" ,
"timestamp" : "1524596187" ,
"uuid" : "5adf7ddb-ee78-4686-bacb-4f5a02de0b81"
}
] ,
"Attribute" : [
{
"category" : "Payload delivery" ,
"comment" : "Delphi backdoor" ,
"deleted" : false ,
"disable_correlation" : false ,
"object_relation" : "md5" ,
"timestamp" : "1524596090" ,
"to_ids" : true ,
"type" : "md5" ,
"uuid" : "5adf7d7a-08bc-434f-a3c8-425002de0b81" ,
"value" : "4c49a17ee2f2dcd8041914110f362cd8"
} ,
{
"category" : "Payload delivery" ,
"comment" : "Delphi backdoor" ,
"deleted" : false ,
"disable_correlation" : false ,
"object_relation" : "sha1" ,
"timestamp" : "1524596090" ,
"to_ids" : true ,
"type" : "sha1" ,
"uuid" : "5adf7d7a-5d48-4b73-8ccf-4f5802de0b81" ,
"value" : "a172fe6e91170f858c8ce5d734c094996bdf83d0"
} ,
{
"category" : "Payload delivery" ,
"comment" : "Delphi backdoor" ,
"deleted" : false ,
"disable_correlation" : false ,
"object_relation" : "sha256" ,
"timestamp" : "1524596090" ,
"to_ids" : true ,
"type" : "sha256" ,
"uuid" : "5adf7d7a-dc00-4a61-84a1-4a8702de0b81" ,
"value" : "0f3c57f3944563c8a653b1a828f494c599655f2af16b57cb131bfd00ec993f45"
}
]
} ,
{
"comment" : "" ,
"deleted" : false ,
"description" : "VirusTotal report" ,
"meta-category" : "misc" ,
"name" : "virustotal-report" ,
"template_uuid" : "d7dd0154-e04f-4c34-a2fb-79f3a3a52aa4" ,
"template_version" : "1" ,
"timestamp" : "1524596091" ,
"uuid" : "094e60cb-a46e-449d-831b-56e943719480" ,
"Attribute" : [
{
"category" : "Other" ,
"comment" : "Delphi backdoor" ,
"deleted" : false ,
"disable_correlation" : false ,
"object_relation" : "last-submission" ,
"timestamp" : "1524596091" ,
"to_ids" : false ,
"type" : "datetime" ,
"uuid" : "5adf7d7b-0080-4025-bbaa-422602de0b81" ,
"value" : "2018-03-15T18:22:50"
} ,
{
"category" : "External analysis" ,
"comment" : "Delphi backdoor" ,
"deleted" : false ,
"disable_correlation" : false ,
"object_relation" : "permalink" ,
"timestamp" : "1524596091" ,
"to_ids" : false ,
"type" : "link" ,
"uuid" : "5adf7d7b-a1f8-417c-b1c6-4fa702de0b81" ,
"value" : "https://www.virustotal.com/file/0f3c57f3944563c8a653b1a828f494c599655f2af16b57cb131bfd00ec993f45/analysis/1521138170/"
} ,
{
"category" : "Other" ,
"comment" : "Delphi backdoor" ,
"deleted" : false ,
"disable_correlation" : true ,
"object_relation" : "detection-ratio" ,
"timestamp" : "1524596092" ,
"to_ids" : false ,
"type" : "text" ,
"uuid" : "5adf7d7c-a66c-412c-ba4f-429202de0b81" ,
"value" : "43/65"
}
]
} ,
{
"comment" : "" ,
"deleted" : false ,
"description" : "File object describing a file with meta-information" ,
"meta-category" : "file" ,
"name" : "file" ,
"template_uuid" : "688c46fb-5edb-40a3-8273-1af7923e2215" ,
"template_version" : "7" ,
"timestamp" : "1524596095" ,
"uuid" : "595f3890-1294-41a5-baa3-491baf80f894" ,
"ObjectReference" : [
{
"comment" : "" ,
"object_uuid" : "595f3890-1294-41a5-baa3-491baf80f894" ,
"referenced_uuid" : "bf9509a8-55d0-4487-a3f2-c978b390626e" ,
"relationship_type" : "analysed-with" ,
"timestamp" : "1524596187" ,
"uuid" : "5adf7ddb-e940-4ad4-a1f6-416f02de0b81"
}
] ,
"Attribute" : [
{
"category" : "Payload delivery" ,
"comment" : "Delphi backdoor" ,
"deleted" : false ,
"disable_correlation" : false ,
"object_relation" : "md5" ,
"timestamp" : "1524596092" ,
"to_ids" : true ,
"type" : "md5" ,
"uuid" : "5adf7d7c-ad0c-47e9-a903-46a002de0b81" ,
"value" : "fed3f5c6b68a299cf98a2adac4d16bb2"
} ,
{
"category" : "Payload delivery" ,
"comment" : "Delphi backdoor" ,
"deleted" : false ,
"disable_correlation" : false ,
"object_relation" : "sha1" ,
"timestamp" : "1524596092" ,
"to_ids" : true ,
"type" : "sha1" ,
"uuid" : "5adf7d7c-2390-4a8a-9fb6-4df302de0b81" ,
"value" : "8aedf7a462024acf72d708c89230e4f02d94bc78"
} ,
{
"category" : "Payload delivery" ,
"comment" : "Delphi backdoor" ,
"deleted" : false ,
"disable_correlation" : false ,
"object_relation" : "sha256" ,
"timestamp" : "1524596093" ,
"to_ids" : true ,
"type" : "sha256" ,
"uuid" : "5adf7d7d-1a80-4cb8-80a2-40b202de0b81" ,
"value" : "cd220cdffe907283ee8c722d50367da8dd190a289135225e2fef8bf322e6d6b2"
}
]
} ,
{
"comment" : "" ,
"deleted" : false ,
"description" : "VirusTotal report" ,
"meta-category" : "misc" ,
"name" : "virustotal-report" ,
"template_uuid" : "d7dd0154-e04f-4c34-a2fb-79f3a3a52aa4" ,
"template_version" : "1" ,
"timestamp" : "1524596093" ,
"uuid" : "bf9509a8-55d0-4487-a3f2-c978b390626e" ,
"Attribute" : [
{
"category" : "Other" ,
"comment" : "Delphi backdoor" ,
"deleted" : false ,
"disable_correlation" : false ,
"object_relation" : "last-submission" ,
"timestamp" : "1524596093" ,
"to_ids" : false ,
"type" : "datetime" ,
"uuid" : "5adf7d7d-4c38-4f3f-8cdf-41ff02de0b81" ,
"value" : "2017-11-26T03:52:03"
} ,
{
"category" : "External analysis" ,
"comment" : "Delphi backdoor" ,
"deleted" : false ,
"disable_correlation" : false ,
"object_relation" : "permalink" ,
"timestamp" : "1524596094" ,
"to_ids" : false ,
"type" : "link" ,
"uuid" : "5adf7d7e-beec-4904-8c09-4c6f02de0b81" ,
"value" : "https://www.virustotal.com/file/cd220cdffe907283ee8c722d50367da8dd190a289135225e2fef8bf322e6d6b2/analysis/1511668323/"
} ,
{
"category" : "Other" ,
"comment" : "Delphi backdoor" ,
"deleted" : false ,
"disable_correlation" : true ,
"object_relation" : "detection-ratio" ,
"timestamp" : "1524596094" ,
"to_ids" : false ,
"type" : "text" ,
"uuid" : "5adf7d7e-8afc-4520-ab00-414802de0b81" ,
"value" : "43/68"
}
]
} ,
{
"comment" : "" ,
"deleted" : false ,
"description" : "File object describing a file with meta-information" ,
"meta-category" : "file" ,
"name" : "file" ,
"template_uuid" : "688c46fb-5edb-40a3-8273-1af7923e2215" ,
"template_version" : "7" ,
"timestamp" : "1524596097" ,
"uuid" : "1314f1f0-19d4-46c9-8e46-28554785026d" ,
"ObjectReference" : [
{
"comment" : "" ,
"object_uuid" : "1314f1f0-19d4-46c9-8e46-28554785026d" ,
"referenced_uuid" : "719ef8f0-408a-4c1d-8e0f-d8c5ece319df" ,
"relationship_type" : "analysed-with" ,
"timestamp" : "1524596187" ,
"uuid" : "5adf7ddb-714c-4a5f-b120-468d02de0b81"
}
] ,
"Attribute" : [
{
"category" : "Payload delivery" ,
"comment" : "Delphi backdoor" ,
"deleted" : false ,
"disable_correlation" : false ,
"object_relation" : "md5" ,
"timestamp" : "1524596094" ,
"to_ids" : true ,
"type" : "md5" ,
"uuid" : "5adf7d7e-adec-43d9-94fa-4c8002de0b81" ,
"value" : "66b4fb539806ce27be184b6735584339"
} ,
{
"category" : "Payload delivery" ,
"comment" : "Delphi backdoor" ,
"deleted" : false ,
"disable_correlation" : false ,
"object_relation" : "sha1" ,
"timestamp" : "1524596095" ,
"to_ids" : true ,
"type" : "sha1" ,
"uuid" : "5adf7d7f-1844-4d42-bb98-41f902de0b81" ,
"value" : "51ae516792570bcd069a657c27859cd3fdc07d00"
} ,
{
"category" : "Payload delivery" ,
"comment" : "Delphi backdoor" ,
"deleted" : false ,
"disable_correlation" : false ,
"object_relation" : "sha256" ,
"timestamp" : "1524596095" ,
"to_ids" : true ,
"type" : "sha256" ,
"uuid" : "5adf7d7f-77a4-43b1-a390-453e02de0b81" ,
"value" : "11fab8361a942e46375bd5ac259146fda20608594e265bcc1d3c011ab4c17226"
}
]
} ,
{
"comment" : "" ,
"deleted" : false ,
"description" : "VirusTotal report" ,
"meta-category" : "misc" ,
"name" : "virustotal-report" ,
"template_uuid" : "d7dd0154-e04f-4c34-a2fb-79f3a3a52aa4" ,
"template_version" : "1" ,
"timestamp" : "1524596095" ,
"uuid" : "719ef8f0-408a-4c1d-8e0f-d8c5ece319df" ,
"Attribute" : [
{
"category" : "Other" ,
"comment" : "Delphi backdoor" ,
"deleted" : false ,
"disable_correlation" : false ,
"object_relation" : "last-submission" ,
"timestamp" : "1524596095" ,
"to_ids" : false ,
"type" : "datetime" ,
"uuid" : "5adf7d7f-fe14-4c77-a263-4d8302de0b81" ,
"value" : "2018-03-01T10:26:11"
} ,
{
"category" : "External analysis" ,
"comment" : "Delphi backdoor" ,
"deleted" : false ,
"disable_correlation" : false ,
"object_relation" : "permalink" ,
"timestamp" : "1524596096" ,
"to_ids" : false ,
"type" : "link" ,
"uuid" : "5adf7d80-9214-45de-84d9-40c902de0b81" ,
"value" : "https://www.virustotal.com/file/11fab8361a942e46375bd5ac259146fda20608594e265bcc1d3c011ab4c17226/analysis/1519899971/"
} ,
{
"category" : "Other" ,
"comment" : "Delphi backdoor" ,
"deleted" : false ,
"disable_correlation" : true ,
"object_relation" : "detection-ratio" ,
"timestamp" : "1524596096" ,
"to_ids" : false ,
"type" : "text" ,
"uuid" : "5adf7d80-3814-464a-a3a9-442b02de0b81" ,
"value" : "46/68"
}
]
} ,
{
"comment" : "" ,
"deleted" : false ,
"description" : "File object describing a file with meta-information" ,
"meta-category" : "file" ,
"name" : "file" ,
"template_uuid" : "688c46fb-5edb-40a3-8273-1af7923e2215" ,
"template_version" : "7" ,
"timestamp" : "1524596099" ,
"uuid" : "642529b8-ed04-4c7e-9b2e-7b7292123e82" ,
"ObjectReference" : [
{
"comment" : "" ,
"object_uuid" : "642529b8-ed04-4c7e-9b2e-7b7292123e82" ,
"referenced_uuid" : "67ab9f86-569c-4934-8bcb-0ff68395281f" ,
"relationship_type" : "analysed-with" ,
"timestamp" : "1524596187" ,
"uuid" : "5adf7ddb-f784-44d5-b4f3-4a2702de0b81"
}
] ,
"Attribute" : [
{
"category" : "Payload delivery" ,
"comment" : "Delphi backdoor" ,
"deleted" : false ,
"disable_correlation" : false ,
"object_relation" : "md5" ,
"timestamp" : "1524596096" ,
"to_ids" : true ,
"type" : "md5" ,
"uuid" : "5adf7d80-aea0-4707-b3a3-40cd02de0b81" ,
"value" : "a2dc261893d9ccb4be571b0ef6b52a40"
} ,
{
"category" : "Payload delivery" ,
"comment" : "Delphi backdoor" ,
"deleted" : false ,
"disable_correlation" : false ,
"object_relation" : "sha1" ,
"timestamp" : "1524596097" ,
"to_ids" : true ,
"type" : "sha1" ,
"uuid" : "5adf7d81-bb80-4fb3-a1d2-4de902de0b81" ,
"value" : "c2f3ca699aef3d226a800c2262efdca1470e00dc"
} ,
{
"category" : "Payload delivery" ,
"comment" : "Delphi backdoor" ,
"deleted" : false ,
"disable_correlation" : false ,
"object_relation" : "sha256" ,
"timestamp" : "1524596097" ,
"to_ids" : true ,
"type" : "sha256" ,
"uuid" : "5adf7d81-f918-453b-9262-479a02de0b81" ,
"value" : "6e3f2b4e69a2e88ef13df8697c12187c482044367e4f1930e70d78a5db0628af"
}
]
} ,
{
"comment" : "" ,
"deleted" : false ,
"description" : "VirusTotal report" ,
"meta-category" : "misc" ,
"name" : "virustotal-report" ,
"template_uuid" : "d7dd0154-e04f-4c34-a2fb-79f3a3a52aa4" ,
"template_version" : "1" ,
"timestamp" : "1524596098" ,
"uuid" : "67ab9f86-569c-4934-8bcb-0ff68395281f" ,
"Attribute" : [
{
"category" : "Other" ,
"comment" : "Delphi backdoor" ,
"deleted" : false ,
"disable_correlation" : false ,
"object_relation" : "last-submission" ,
"timestamp" : "1524596098" ,
"to_ids" : false ,
"type" : "datetime" ,
"uuid" : "5adf7d82-2428-4115-a2ec-467c02de0b81" ,
"value" : "2017-11-13T18:21:17"
} ,
{
"category" : "External analysis" ,
"comment" : "Delphi backdoor" ,
"deleted" : false ,
"disable_correlation" : false ,
"object_relation" : "permalink" ,
"timestamp" : "1524596098" ,
"to_ids" : false ,
"type" : "link" ,
"uuid" : "5adf7d82-ee34-45b0-9614-449702de0b81" ,
"value" : "https://www.virustotal.com/file/6e3f2b4e69a2e88ef13df8697c12187c482044367e4f1930e70d78a5db0628af/analysis/1510597277/"
} ,
{
"category" : "Other" ,
"comment" : "Delphi backdoor" ,
"deleted" : false ,
"disable_correlation" : true ,
"object_relation" : "detection-ratio" ,
"timestamp" : "1524596099" ,
"to_ids" : false ,
"type" : "text" ,
"uuid" : "5adf7d83-bab4-4454-b873-4b7c02de0b81" ,
"value" : "42/66"
}
]
} ,
{
"comment" : "" ,
"deleted" : false ,
"description" : "File object describing a file with meta-information" ,
"meta-category" : "file" ,
"name" : "file" ,
"template_uuid" : "688c46fb-5edb-40a3-8273-1af7923e2215" ,
"template_version" : "7" ,
"timestamp" : "1524596102" ,
"uuid" : "fd8fdb13-1446-49fa-ab12-1650348daacb" ,
"ObjectReference" : [
{
"comment" : "" ,
"object_uuid" : "fd8fdb13-1446-49fa-ab12-1650348daacb" ,
"referenced_uuid" : "3057b350-62f9-4e56-8581-3760f7d8621a" ,
"relationship_type" : "analysed-with" ,
"timestamp" : "1524596187" ,
"uuid" : "5adf7ddb-009c-4560-93a8-48c802de0b81"
}
] ,
"Attribute" : [
{
"category" : "Payload delivery" ,
"comment" : "Delphi downloader" ,
"deleted" : false ,
"disable_correlation" : false ,
"object_relation" : "md5" ,
"timestamp" : "1524596099" ,
"to_ids" : true ,
"type" : "md5" ,
"uuid" : "5adf7d83-1a28-454c-9be3-40d002de0b81" ,
"value" : "18afd364d287dfb20921e2c76d4e2c41"
} ,
{
"category" : "Payload delivery" ,
"comment" : "Delphi downloader" ,
"deleted" : false ,
"disable_correlation" : false ,
"object_relation" : "sha1" ,
"timestamp" : "1524596099" ,
"to_ids" : true ,
"type" : "sha1" ,
"uuid" : "5adf7d83-0b78-40c6-8a28-42c602de0b81" ,
"value" : "00b39f2deaf1f1fc29e5acb63f4d1100e04fd701"
} ,
{
"category" : "Payload delivery" ,
"comment" : "Delphi downloader" ,
"deleted" : false ,
"disable_correlation" : false ,
"object_relation" : "sha256" ,
"timestamp" : "1524596100" ,
"to_ids" : true ,
"type" : "sha256" ,
"uuid" : "5adf7d84-d680-4014-80f6-433602de0b81" ,
"value" : "53aef1e8b281a00dea41387a24664655986b58d61d39cfbde7e58d8c2ca3efda"
}
]
} ,
{
"comment" : "" ,
"deleted" : false ,
"description" : "VirusTotal report" ,
"meta-category" : "misc" ,
"name" : "virustotal-report" ,
"template_uuid" : "d7dd0154-e04f-4c34-a2fb-79f3a3a52aa4" ,
"template_version" : "1" ,
"timestamp" : "1524596100" ,
"uuid" : "3057b350-62f9-4e56-8581-3760f7d8621a" ,
"Attribute" : [
{
"category" : "Other" ,
"comment" : "Delphi downloader" ,
"deleted" : false ,
"disable_correlation" : false ,
"object_relation" : "last-submission" ,
"timestamp" : "1524596100" ,
"to_ids" : false ,
"type" : "datetime" ,
"uuid" : "5adf7d84-48b0-4860-9039-409502de0b81" ,
"value" : "2018-04-24T14:29:53"
} ,
{
"category" : "External analysis" ,
"comment" : "Delphi downloader" ,
"deleted" : false ,
"disable_correlation" : false ,
"object_relation" : "permalink" ,
"timestamp" : "1524596101" ,
"to_ids" : false ,
"type" : "link" ,
"uuid" : "5adf7d85-b1cc-4d58-a746-42d102de0b81" ,
"value" : "https://www.virustotal.com/file/53aef1e8b281a00dea41387a24664655986b58d61d39cfbde7e58d8c2ca3efda/analysis/1524580193/"
} ,
{
"category" : "Other" ,
"comment" : "Delphi downloader" ,
"deleted" : false ,
"disable_correlation" : true ,
"object_relation" : "detection-ratio" ,
"timestamp" : "1524596101" ,
"to_ids" : false ,
"type" : "text" ,
"uuid" : "5adf7d85-2014-49e4-a26b-4abd02de0b81" ,
"value" : "44/65"
}
]
} ,
{
"comment" : "" ,
"deleted" : false ,
"description" : "File object describing a file with meta-information" ,
"meta-category" : "file" ,
"name" : "file" ,
"template_uuid" : "688c46fb-5edb-40a3-8273-1af7923e2215" ,
"template_version" : "7" ,
"timestamp" : "1524596104" ,
"uuid" : "f935a768-6cbe-4f6a-8627-ecc6b1bdb9f5" ,
"ObjectReference" : [
{
"comment" : "" ,
"object_uuid" : "f935a768-6cbe-4f6a-8627-ecc6b1bdb9f5" ,
"referenced_uuid" : "94b1712b-9ecd-4b9f-905c-0758bf880db7" ,
"relationship_type" : "analysed-with" ,
"timestamp" : "1524596187" ,
"uuid" : "5adf7ddb-9ae8-4783-8bb0-44cf02de0b81"
}
] ,
"Attribute" : [
{
"category" : "Payload delivery" ,
"comment" : "Delphi backdoor" ,
"deleted" : false ,
"disable_correlation" : false ,
"object_relation" : "md5" ,
"timestamp" : "1524596101" ,
"to_ids" : true ,
"type" : "md5" ,
"uuid" : "5adf7d85-29e0-4941-b86c-4e8102de0b81" ,
"value" : "8907c97ef307a8ba6cf577498a20c583"
} ,
{
"category" : "Payload delivery" ,
"comment" : "Delphi backdoor" ,
"deleted" : false ,
"disable_correlation" : false ,
"object_relation" : "sha1" ,
"timestamp" : "1524596101" ,
"to_ids" : true ,
"type" : "sha1" ,
"uuid" : "5adf7d85-87c8-4876-a2ee-420302de0b81" ,
"value" : "55179f0c6bce5a37311a44efe3f9845096c09668"
} ,
{
"category" : "Payload delivery" ,
"comment" : "Delphi backdoor" ,
"deleted" : false ,
"disable_correlation" : false ,
"object_relation" : "sha256" ,
"timestamp" : "1524596103" ,
"to_ids" : true ,
"type" : "sha256" ,
"uuid" : "5adf7d87-1da4-4b19-b2fa-477902de0b81" ,
"value" : "27f8bab18136a805d4e1efa88bb4546929862c1ef7c6ad307a6662e18af939cd"
}
]
} ,
{
"comment" : "" ,
"deleted" : false ,
"description" : "VirusTotal report" ,
"meta-category" : "misc" ,
"name" : "virustotal-report" ,
"template_uuid" : "d7dd0154-e04f-4c34-a2fb-79f3a3a52aa4" ,
"template_version" : "1" ,
"timestamp" : "1524596103" ,
"uuid" : "94b1712b-9ecd-4b9f-905c-0758bf880db7" ,
"Attribute" : [
{
"category" : "Other" ,
"comment" : "Delphi backdoor" ,
"deleted" : false ,
"disable_correlation" : false ,
"object_relation" : "last-submission" ,
"timestamp" : "1524596103" ,
"to_ids" : false ,
"type" : "datetime" ,
"uuid" : "5adf7d87-9880-4384-8c98-4bf802de0b81" ,
"value" : "2018-02-26T04:13:42"
} ,
{
"category" : "External analysis" ,
"comment" : "Delphi backdoor" ,
"deleted" : false ,
"disable_correlation" : false ,
"object_relation" : "permalink" ,
"timestamp" : "1524596104" ,
"to_ids" : false ,
"type" : "link" ,
"uuid" : "5adf7d88-ac60-46c8-8329-488e02de0b81" ,
"value" : "https://www.virustotal.com/file/27f8bab18136a805d4e1efa88bb4546929862c1ef7c6ad307a6662e18af939cd/analysis/1519618422/"
} ,
{
"category" : "Other" ,
"comment" : "Delphi backdoor" ,
"deleted" : false ,
"disable_correlation" : true ,
"object_relation" : "detection-ratio" ,
"timestamp" : "1524596104" ,
"to_ids" : false ,
"type" : "text" ,
"uuid" : "5adf7d88-a5b4-4df8-a5f4-4af602de0b81" ,
"value" : "43/68"
}
]
} ,
{
"comment" : "" ,
"deleted" : false ,
"description" : "File object describing a file with meta-information" ,
"meta-category" : "file" ,
"name" : "file" ,
"template_uuid" : "688c46fb-5edb-40a3-8273-1af7923e2215" ,
"template_version" : "7" ,
"timestamp" : "1524596107" ,
"uuid" : "1da0fd9b-3d57-4ad9-ba4a-f85e3d40f107" ,
"ObjectReference" : [
{
"comment" : "" ,
"object_uuid" : "1da0fd9b-3d57-4ad9-ba4a-f85e3d40f107" ,
"referenced_uuid" : "b6e4244e-208a-45e0-be0d-f8959ee03f62" ,
"relationship_type" : "analysed-with" ,
"timestamp" : "1524596187" ,
"uuid" : "5adf7ddb-f34c-44b0-a669-484602de0b81"
}
] ,
"Attribute" : [
{
"category" : "Payload delivery" ,
"comment" : "Delphi downloader" ,
"deleted" : false ,
"disable_correlation" : false ,
"object_relation" : "md5" ,
"timestamp" : "1524596105" ,
"to_ids" : true ,
"type" : "md5" ,
"uuid" : "5adf7d89-b4fc-4042-8cba-490902de0b81" ,
"value" : "6c6cdb4aa5e7c19eeda01196d0717038"
} ,
{
"category" : "Payload delivery" ,
"comment" : "Delphi downloader" ,
"deleted" : false ,
"disable_correlation" : false ,
"object_relation" : "sha1" ,
"timestamp" : "1524596105" ,
"to_ids" : true ,
"type" : "sha1" ,
"uuid" : "5adf7d89-c264-448b-bea2-467102de0b81" ,
"value" : "2b5a7f4e054d0130883c8821b629121e0228bf54"
} ,
{
"category" : "Payload delivery" ,
"comment" : "Delphi downloader" ,
"deleted" : false ,
"disable_correlation" : false ,
"object_relation" : "sha256" ,
"timestamp" : "1524596105" ,
"to_ids" : true ,
"type" : "sha256" ,
"uuid" : "5adf7d89-9e30-42a4-8bae-4d1502de0b81" ,
"value" : "10a9a217d3b53a3e43ec03b81a026f7a70350a062b900d672353690090e1ade6"
}
]
} ,
{
"comment" : "" ,
"deleted" : false ,
"description" : "VirusTotal report" ,
"meta-category" : "misc" ,
"name" : "virustotal-report" ,
"template_uuid" : "d7dd0154-e04f-4c34-a2fb-79f3a3a52aa4" ,
"template_version" : "1" ,
"timestamp" : "1524596106" ,
"uuid" : "b6e4244e-208a-45e0-be0d-f8959ee03f62" ,
"Attribute" : [
{
"category" : "Other" ,
"comment" : "Delphi downloader" ,
"deleted" : false ,
"disable_correlation" : false ,
"object_relation" : "last-submission" ,
"timestamp" : "1524596106" ,
"to_ids" : false ,
"type" : "datetime" ,
"uuid" : "5adf7d8a-6384-4872-8e7f-4b1502de0b81" ,
"value" : "2018-04-04T10:55:20"
} ,
{
"category" : "External analysis" ,
"comment" : "Delphi downloader" ,
"deleted" : false ,
"disable_correlation" : false ,
"object_relation" : "permalink" ,
"timestamp" : "1524596106" ,
"to_ids" : false ,
"type" : "link" ,
"uuid" : "5adf7d8a-b658-4475-883f-49ce02de0b81" ,
"value" : "https://www.virustotal.com/file/10a9a217d3b53a3e43ec03b81a026f7a70350a062b900d672353690090e1ade6/analysis/1522839320/"
} ,
{
"category" : "Other" ,
"comment" : "Delphi downloader" ,
"deleted" : false ,
"disable_correlation" : true ,
"object_relation" : "detection-ratio" ,
"timestamp" : "1524596107" ,
"to_ids" : false ,
"type" : "text" ,
"uuid" : "5adf7d8b-fe7c-484b-8372-416402de0b81" ,
"value" : "46/65"
}
]
} ,
{
"comment" : "" ,
"deleted" : false ,
"description" : "File object describing a file with meta-information" ,
"meta-category" : "file" ,
"name" : "file" ,
"template_uuid" : "688c46fb-5edb-40a3-8273-1af7923e2215" ,
"template_version" : "7" ,
"timestamp" : "1524596110" ,
"uuid" : "3a95499b-0068-4fc2-8ec4-cd4f44dbf30d" ,
"ObjectReference" : [
{
"comment" : "" ,
"object_uuid" : "3a95499b-0068-4fc2-8ec4-cd4f44dbf30d" ,
"referenced_uuid" : "a01e587d-c651-4fda-80e2-1cbb6beae16d" ,
"relationship_type" : "analysed-with" ,
"timestamp" : "1524596187" ,
"uuid" : "5adf7ddb-ce68-4b39-bbce-4e2b02de0b81"
}
] ,
"Attribute" : [
{
"category" : "Payload delivery" ,
"comment" : "Delphi backdoor" ,
"deleted" : false ,
"disable_correlation" : false ,
"object_relation" : "md5" ,
"timestamp" : "1524596107" ,
"to_ids" : true ,
"type" : "md5" ,
"uuid" : "5adf7d8b-8834-4a07-88e9-448202de0b81" ,
"value" : "c983f5f9f92734e10d60b30790a1c402"
} ,
{
"category" : "Payload delivery" ,
"comment" : "Delphi backdoor" ,
"deleted" : false ,
"disable_correlation" : false ,
"object_relation" : "sha1" ,
"timestamp" : "1524596107" ,
"to_ids" : true ,
"type" : "sha1" ,
"uuid" : "5adf7d8b-75e4-4492-ab61-48d402de0b81" ,
"value" : "245868d6805c66181808973e93f23293d6d2f7d1"
} ,
{
"category" : "Payload delivery" ,
"comment" : "Delphi backdoor" ,
"deleted" : false ,
"disable_correlation" : false ,
"object_relation" : "sha256" ,
"timestamp" : "1524596108" ,
"to_ids" : true ,
"type" : "sha256" ,
"uuid" : "5adf7d8c-4eb8-4d05-bb01-4c9b02de0b81" ,
"value" : "72aa4905598c9fb5a1e3222ba8daa3efb52bbff09d89603ab0911e43e15201f3"
}
]
} ,
{
"comment" : "" ,
"deleted" : false ,
"description" : "VirusTotal report" ,
"meta-category" : "misc" ,
"name" : "virustotal-report" ,
"template_uuid" : "d7dd0154-e04f-4c34-a2fb-79f3a3a52aa4" ,
"template_version" : "1" ,
"timestamp" : "1524596108" ,
"uuid" : "a01e587d-c651-4fda-80e2-1cbb6beae16d" ,
"Attribute" : [
{
"category" : "Other" ,
"comment" : "Delphi backdoor" ,
"deleted" : false ,
"disable_correlation" : false ,
"object_relation" : "last-submission" ,
"timestamp" : "1524596108" ,
"to_ids" : false ,
"type" : "datetime" ,
"uuid" : "5adf7d8c-f4bc-496d-af19-4b4b02de0b81" ,
"value" : "2018-01-17T14:53:52"
} ,
{
"category" : "External analysis" ,
"comment" : "Delphi backdoor" ,
"deleted" : false ,
"disable_correlation" : false ,
"object_relation" : "permalink" ,
"timestamp" : "1524596108" ,
"to_ids" : false ,
"type" : "link" ,
"uuid" : "5adf7d8c-b308-4435-8e2c-488302de0b81" ,
"value" : "https://www.virustotal.com/file/72aa4905598c9fb5a1e3222ba8daa3efb52bbff09d89603ab0911e43e15201f3/analysis/1516200832/"
} ,
{
"category" : "Other" ,
"comment" : "Delphi backdoor" ,
"deleted" : false ,
"disable_correlation" : true ,
"object_relation" : "detection-ratio" ,
"timestamp" : "1524596109" ,
"to_ids" : false ,
"type" : "text" ,
"uuid" : "5adf7d8d-bc70-4677-aa47-475002de0b81" ,
"value" : "34/63"
}
]
} ,
{
"comment" : "" ,
"deleted" : false ,
"description" : "File object describing a file with meta-information" ,
"meta-category" : "file" ,
"name" : "file" ,
"template_uuid" : "688c46fb-5edb-40a3-8273-1af7923e2215" ,
"template_version" : "7" ,
"timestamp" : "1524596112" ,
"uuid" : "ce5d079f-20fd-4f03-b440-a12063c7b7f6" ,
"ObjectReference" : [
{
"comment" : "" ,
"object_uuid" : "ce5d079f-20fd-4f03-b440-a12063c7b7f6" ,
"referenced_uuid" : "c5fa284c-19fd-44bc-8fcc-a24f831574b8" ,
"relationship_type" : "analysed-with" ,
"timestamp" : "1524596187" ,
"uuid" : "5adf7ddb-c990-44a2-857d-472c02de0b81"
}
] ,
"Attribute" : [
{
"category" : "Payload delivery" ,
"comment" : "Delphi downloader" ,
"deleted" : false ,
"disable_correlation" : false ,
"object_relation" : "md5" ,
"timestamp" : "1524596109" ,
"to_ids" : true ,
"type" : "md5" ,
"uuid" : "5adf7d8d-1328-4aa5-88c4-4fcf02de0b81" ,
"value" : "8fa89f99f96aa694910087cfdc087e18"
} ,
{
"category" : "Payload delivery" ,
"comment" : "Delphi downloader" ,
"deleted" : false ,
"disable_correlation" : false ,
"object_relation" : "sha1" ,
"timestamp" : "1524596109" ,
"to_ids" : true ,
"type" : "sha1" ,
"uuid" : "5adf7d8d-3180-4ff6-a2bb-462e02de0b81" ,
"value" : "0f946f619ae8e2181a5bd76c8af03347742765c6"
} ,
{
"category" : "Payload delivery" ,
"comment" : "Delphi downloader" ,
"deleted" : false ,
"disable_correlation" : false ,
"object_relation" : "sha256" ,
"timestamp" : "1524596110" ,
"to_ids" : true ,
"type" : "sha256" ,
"uuid" : "5adf7d8e-51ec-4ef7-9ca6-441102de0b81" ,
"value" : "e8e78cc9fec87983a6bd1ab6c76347c6ffd91729d3dd629646391ee9e55f94d7"
}
]
} ,
{
"comment" : "" ,
"deleted" : false ,
"description" : "VirusTotal report" ,
"meta-category" : "misc" ,
"name" : "virustotal-report" ,
"template_uuid" : "d7dd0154-e04f-4c34-a2fb-79f3a3a52aa4" ,
"template_version" : "1" ,
"timestamp" : "1524596110" ,
"uuid" : "c5fa284c-19fd-44bc-8fcc-a24f831574b8" ,
"Attribute" : [
{
"category" : "Other" ,
"comment" : "Delphi downloader" ,
"deleted" : false ,
"disable_correlation" : false ,
"object_relation" : "last-submission" ,
"timestamp" : "1524596110" ,
"to_ids" : false ,
"type" : "datetime" ,
"uuid" : "5adf7d8e-671c-4c0e-a734-4f3302de0b81" ,
"value" : "2018-01-12T17:14:04"
} ,
{
"category" : "External analysis" ,
"comment" : "Delphi downloader" ,
"deleted" : false ,
"disable_correlation" : false ,
"object_relation" : "permalink" ,
"timestamp" : "1524596111" ,
"to_ids" : false ,
"type" : "link" ,
"uuid" : "5adf7d8f-9fdc-418c-a55e-4eb402de0b81" ,
"value" : "https://www.virustotal.com/file/e8e78cc9fec87983a6bd1ab6c76347c6ffd91729d3dd629646391ee9e55f94d7/analysis/1515777244/"
} ,
{
"category" : "Other" ,
"comment" : "Delphi downloader" ,
"deleted" : false ,
"disable_correlation" : true ,
"object_relation" : "detection-ratio" ,
"timestamp" : "1524596111" ,
"to_ids" : false ,
"type" : "text" ,
"uuid" : "5adf7d8f-7030-4607-a8c9-4f3e02de0b81" ,
"value" : "40/67"
}
]
} ,
{
"comment" : "" ,
"deleted" : false ,
"description" : "File object describing a file with meta-information" ,
"meta-category" : "file" ,
"name" : "file" ,
"template_uuid" : "688c46fb-5edb-40a3-8273-1af7923e2215" ,
"template_version" : "7" ,
"timestamp" : "1524596114" ,
"uuid" : "2192b730-c7c2-471e-9889-c09e11c73355" ,
"ObjectReference" : [
{
"comment" : "" ,
"object_uuid" : "2192b730-c7c2-471e-9889-c09e11c73355" ,
"referenced_uuid" : "ef9ea072-bf47-451a-844c-4d40afdfc463" ,
"relationship_type" : "analysed-with" ,
"timestamp" : "1524596187" ,
"uuid" : "5adf7ddb-b410-46e7-b51d-417402de0b81"
}
] ,
"Attribute" : [
{
"category" : "Payload delivery" ,
"comment" : "Delphi downloader" ,
"deleted" : false ,
"disable_correlation" : false ,
"object_relation" : "md5" ,
"timestamp" : "1524596111" ,
"to_ids" : true ,
"type" : "md5" ,
"uuid" : "5adf7d8f-c9b0-4550-82bd-4b6502de0b81" ,
"value" : "b5c9581b169990f94fa54dba19f6ece3"
} ,
{
"category" : "Payload delivery" ,
"comment" : "Delphi downloader" ,
"deleted" : false ,
"disable_correlation" : false ,
"object_relation" : "sha1" ,
"timestamp" : "1524596111" ,
"to_ids" : true ,
"type" : "sha1" ,
"uuid" : "5adf7d8f-231c-4f27-ad70-45c302de0b81" ,
"value" : "41686703ce9e9aec64b6ad1c516746751219bc62"
} ,
{
"category" : "Payload delivery" ,
"comment" : "Delphi downloader" ,
"deleted" : false ,
"disable_correlation" : false ,
"object_relation" : "sha256" ,
"timestamp" : "1524596112" ,
"to_ids" : true ,
"type" : "sha256" ,
"uuid" : "5adf7d90-9ee0-433c-bfef-45c902de0b81" ,
"value" : "bb9a40db67fab5fcc89f5f90fb7c00f515a997cd46b5be378660017bbbd0b45a"
}
]
} ,
{
"comment" : "" ,
"deleted" : false ,
"description" : "VirusTotal report" ,
"meta-category" : "misc" ,
"name" : "virustotal-report" ,
"template_uuid" : "d7dd0154-e04f-4c34-a2fb-79f3a3a52aa4" ,
"template_version" : "1" ,
"timestamp" : "1524596112" ,
"uuid" : "ef9ea072-bf47-451a-844c-4d40afdfc463" ,
"Attribute" : [
{
"category" : "Other" ,
"comment" : "Delphi downloader" ,
"deleted" : false ,
"disable_correlation" : false ,
"object_relation" : "last-submission" ,
"timestamp" : "1524596112" ,
"to_ids" : false ,
"type" : "datetime" ,
"uuid" : "5adf7d90-6238-4920-9c62-468902de0b81" ,
"value" : "2017-10-27T16:48:06"
} ,
{
"category" : "External analysis" ,
"comment" : "Delphi downloader" ,
"deleted" : false ,
"disable_correlation" : false ,
"object_relation" : "permalink" ,
"timestamp" : "1524596113" ,
"to_ids" : false ,
"type" : "link" ,
"uuid" : "5adf7d91-e76c-45ff-a142-4f8f02de0b81" ,
"value" : "https://www.virustotal.com/file/bb9a40db67fab5fcc89f5f90fb7c00f515a997cd46b5be378660017bbbd0b45a/analysis/1509122886/"
} ,
{
"category" : "Other" ,
"comment" : "Delphi downloader" ,
"deleted" : false ,
"disable_correlation" : true ,
"object_relation" : "detection-ratio" ,
"timestamp" : "1524596113" ,
"to_ids" : false ,
"type" : "text" ,
"uuid" : "5adf7d91-ef68-415c-b508-41ee02de0b81" ,
"value" : "19/68"
}
]
} ,
{
"comment" : "" ,
"deleted" : false ,
"description" : "File object describing a file with meta-information" ,
"meta-category" : "file" ,
"name" : "file" ,
"template_uuid" : "688c46fb-5edb-40a3-8273-1af7923e2215" ,
"template_version" : "7" ,
"timestamp" : "1524596116" ,
"uuid" : "5949a4b4-1ebb-4b11-955f-d69e30594c2c" ,
"ObjectReference" : [
{
"comment" : "" ,
"object_uuid" : "5949a4b4-1ebb-4b11-955f-d69e30594c2c" ,
"referenced_uuid" : "051677f1-b2f5-4b4a-845b-77b1278a9c08" ,
"relationship_type" : "analysed-with" ,
"timestamp" : "1524596188" ,
"uuid" : "5adf7ddc-eff4-47f9-ab5d-488202de0b81"
}
] ,
"Attribute" : [
{
"category" : "Payload delivery" ,
"comment" : "Delphi backdoor" ,
"deleted" : false ,
"disable_correlation" : false ,
"object_relation" : "md5" ,
"timestamp" : "1524596113" ,
"to_ids" : true ,
"type" : "md5" ,
"uuid" : "5adf7d91-44a0-4cb5-93ea-431f02de0b81" ,
"value" : "21834a5bb7ec4bf017a3ef74cf6781b9"
} ,
{
"category" : "Payload delivery" ,
"comment" : "Delphi backdoor" ,
"deleted" : false ,
"disable_correlation" : false ,
"object_relation" : "sha1" ,
"timestamp" : "1524596114" ,
"to_ids" : true ,
"type" : "sha1" ,
"uuid" : "5adf7d92-dbfc-4695-bfe3-45a102de0b81" ,
"value" : "fea8752d90d2b4f0fc49ac0d58d62090782d8c5b"
} ,
{
"category" : "Payload delivery" ,
"comment" : "Delphi backdoor" ,
"deleted" : false ,
"disable_correlation" : false ,
"object_relation" : "sha256" ,
"timestamp" : "1524596114" ,
"to_ids" : true ,
"type" : "sha256" ,
"uuid" : "5adf7d92-af9c-4204-9b7b-492502de0b81" ,
"value" : "38949635b0d6de1388df80c2d3d45e9c877ff1b796d50929f213c5736b3872dd"
}
]
} ,
{
"comment" : "" ,
"deleted" : false ,
"description" : "VirusTotal report" ,
"meta-category" : "misc" ,
"name" : "virustotal-report" ,
"template_uuid" : "d7dd0154-e04f-4c34-a2fb-79f3a3a52aa4" ,
"template_version" : "1" ,
"timestamp" : "1524596114" ,
"uuid" : "051677f1-b2f5-4b4a-845b-77b1278a9c08" ,
"Attribute" : [
{
"category" : "Other" ,
"comment" : "Delphi backdoor" ,
"deleted" : false ,
"disable_correlation" : false ,
"object_relation" : "last-submission" ,
"timestamp" : "1524596115" ,
"to_ids" : false ,
"type" : "datetime" ,
"uuid" : "5adf7d93-157c-4c7a-beee-4f0602de0b81" ,
"value" : "2018-04-22T17:38:06"
} ,
{
"category" : "External analysis" ,
"comment" : "Delphi backdoor" ,
"deleted" : false ,
"disable_correlation" : false ,
"object_relation" : "permalink" ,
"timestamp" : "1524596115" ,
"to_ids" : false ,
"type" : "link" ,
"uuid" : "5adf7d93-73e4-4fac-9ac1-478c02de0b81" ,
"value" : "https://www.virustotal.com/file/38949635b0d6de1388df80c2d3d45e9c877ff1b796d50929f213c5736b3872dd/analysis/1524418686/"
} ,
{
"category" : "Other" ,
"comment" : "Delphi backdoor" ,
"deleted" : false ,
"disable_correlation" : true ,
"object_relation" : "detection-ratio" ,
"timestamp" : "1524596115" ,
"to_ids" : false ,
"type" : "text" ,
"uuid" : "5adf7d93-d3a0-4567-8799-4c3e02de0b81" ,
"value" : "44/67"
}
]
} ,
{
"comment" : "" ,
"deleted" : false ,
"description" : "File object describing a file with meta-information" ,
"meta-category" : "file" ,
"name" : "file" ,
"template_uuid" : "688c46fb-5edb-40a3-8273-1af7923e2215" ,
"template_version" : "7" ,
"timestamp" : "1524596118" ,
"uuid" : "9eec20d3-7f37-4f18-a861-9d95bd6aea86" ,
"ObjectReference" : [
{
"comment" : "" ,
"object_uuid" : "9eec20d3-7f37-4f18-a861-9d95bd6aea86" ,
"referenced_uuid" : "38824d89-1178-4d1c-b022-d8ae2adeae9f" ,
"relationship_type" : "analysed-with" ,
"timestamp" : "1524596188" ,
"uuid" : "5adf7ddc-b8fc-4f17-b159-447802de0b81"
}
] ,
"Attribute" : [
{
"category" : "Payload delivery" ,
"comment" : "Delphi downloader" ,
"deleted" : false ,
"disable_correlation" : false ,
"object_relation" : "md5" ,
"timestamp" : "1524596115" ,
"to_ids" : true ,
"type" : "md5" ,
"uuid" : "5adf7d93-9aec-4153-a9e8-49e602de0b81" ,
"value" : "0e21c281a16787f6d96bdc22e7002cc1"
} ,
{
"category" : "Payload delivery" ,
"comment" : "Delphi downloader" ,
"deleted" : false ,
"disable_correlation" : false ,
"object_relation" : "sha1" ,
"timestamp" : "1524596116" ,
"to_ids" : true ,
"type" : "sha1" ,
"uuid" : "5adf7d94-366c-48fd-b4c3-472002de0b81" ,
"value" : "2900ed173a9f5dc99f905942a6be595cc6f03387"
} ,
{
"category" : "Payload delivery" ,
"comment" : "Delphi downloader" ,
"deleted" : false ,
"disable_correlation" : false ,
"object_relation" : "sha256" ,
"timestamp" : "1524596116" ,
"to_ids" : true ,
"type" : "sha256" ,
"uuid" : "5adf7d94-cd58-44bb-bcc7-498b02de0b81" ,
"value" : "9e38d9831e52968e919a298830c169f89940ee1303ec4ea62fe8cc11c0e8072a"
}
]
} ,
{
"comment" : "" ,
"deleted" : false ,
"description" : "VirusTotal report" ,
"meta-category" : "misc" ,
"name" : "virustotal-report" ,
"template_uuid" : "d7dd0154-e04f-4c34-a2fb-79f3a3a52aa4" ,
"template_version" : "1" ,
"timestamp" : "1524596117" ,
"uuid" : "38824d89-1178-4d1c-b022-d8ae2adeae9f" ,
"Attribute" : [
{
"category" : "Other" ,
"comment" : "Delphi downloader" ,
"deleted" : false ,
"disable_correlation" : false ,
"object_relation" : "last-submission" ,
"timestamp" : "1524596117" ,
"to_ids" : false ,
"type" : "datetime" ,
"uuid" : "5adf7d95-c194-4541-a803-48ea02de0b81" ,
"value" : "2018-01-17T17:32:49"
} ,
{
"category" : "External analysis" ,
"comment" : "Delphi downloader" ,
"deleted" : false ,
"disable_correlation" : false ,
"object_relation" : "permalink" ,
"timestamp" : "1524596117" ,
"to_ids" : false ,
"type" : "link" ,
"uuid" : "5adf7d95-bdec-4eed-98b5-4cff02de0b81" ,
"value" : "https://www.virustotal.com/file/9e38d9831e52968e919a298830c169f89940ee1303ec4ea62fe8cc11c0e8072a/analysis/1516210369/"
} ,
{
"category" : "Other" ,
"comment" : "Delphi downloader" ,
"deleted" : false ,
"disable_correlation" : true ,
"object_relation" : "detection-ratio" ,
"timestamp" : "1524596117" ,
"to_ids" : false ,
"type" : "text" ,
"uuid" : "5adf7d95-7160-4caf-928d-429902de0b81" ,
"value" : "38/67"
}
]
} ,
{
"comment" : "" ,
"deleted" : false ,
"description" : "File object describing a file with meta-information" ,
"meta-category" : "file" ,
"name" : "file" ,
"template_uuid" : "688c46fb-5edb-40a3-8273-1af7923e2215" ,
"template_version" : "7" ,
"timestamp" : "1524596120" ,
"uuid" : "988ccae3-9e28-4432-8517-30e01057df0d" ,
"ObjectReference" : [
{
"comment" : "" ,
"object_uuid" : "988ccae3-9e28-4432-8517-30e01057df0d" ,
"referenced_uuid" : "fa3cc16f-8fd6-4cc1-bc5f-89f0a24beb1d" ,
"relationship_type" : "analysed-with" ,
"timestamp" : "1524596188" ,
"uuid" : "5adf7ddc-80b8-4f78-bec6-418102de0b81"
}
] ,
"Attribute" : [
{
"category" : "Payload delivery" ,
"comment" : "Malicious documents" ,
"deleted" : false ,
"disable_correlation" : false ,
"object_relation" : "md5" ,
"timestamp" : "1524596117" ,
"to_ids" : true ,
"type" : "md5" ,
"uuid" : "5adf7d96-944c-430d-bff7-48dc02de0b81" ,
"value" : "98d1c9770d92ba42607ac5e98fc7486f"
} ,
{
"category" : "Payload delivery" ,
"comment" : "Malicious documents" ,
"deleted" : false ,
"disable_correlation" : false ,
"object_relation" : "sha1" ,
"timestamp" : "1524596118" ,
"to_ids" : true ,
"type" : "sha1" ,
"uuid" : "5adf7d96-3a50-414a-aedd-40c302de0b81" ,
"value" : "4f07d18475601d0492cbf678ee0f0860c729910e"
} ,
{
"category" : "Payload delivery" ,
"comment" : "Malicious documents" ,
"deleted" : false ,
"disable_correlation" : false ,
"object_relation" : "sha256" ,
"timestamp" : "1524596118" ,
"to_ids" : true ,
"type" : "sha256" ,
"uuid" : "5adf7d96-9ba0-4cec-96cd-4d2902de0b81" ,
"value" : "e9ea627e7a6d5e79ca9568504796091c136435159000ec7966f0eaebd935c306"
}
]
} ,
{
"comment" : "" ,
"deleted" : false ,
"description" : "VirusTotal report" ,
"meta-category" : "misc" ,
"name" : "virustotal-report" ,
"template_uuid" : "d7dd0154-e04f-4c34-a2fb-79f3a3a52aa4" ,
"template_version" : "1" ,
"timestamp" : "1524596119" ,
"uuid" : "fa3cc16f-8fd6-4cc1-bc5f-89f0a24beb1d" ,
"Attribute" : [
{
"category" : "Other" ,
"comment" : "Malicious documents" ,
"deleted" : false ,
"disable_correlation" : false ,
"object_relation" : "last-submission" ,
"timestamp" : "1524596119" ,
"to_ids" : false ,
"type" : "datetime" ,
"uuid" : "5adf7d97-0860-4618-a34f-4d5e02de0b81" ,
"value" : "2018-01-06T17:20:20"
} ,
{
"category" : "External analysis" ,
"comment" : "Malicious documents" ,
"deleted" : false ,
"disable_correlation" : false ,
"object_relation" : "permalink" ,
"timestamp" : "1524596119" ,
"to_ids" : false ,
"type" : "link" ,
"uuid" : "5adf7d97-c154-4d8a-a3c2-4a6c02de0b81" ,
"value" : "https://www.virustotal.com/file/e9ea627e7a6d5e79ca9568504796091c136435159000ec7966f0eaebd935c306/analysis/1515259220/"
} ,
{
"category" : "Other" ,
"comment" : "Malicious documents" ,
"deleted" : false ,
"disable_correlation" : true ,
"object_relation" : "detection-ratio" ,
"timestamp" : "1524596120" ,
"to_ids" : false ,
"type" : "text" ,
"uuid" : "5adf7d98-45fc-455c-a42d-442802de0b81" ,
"value" : "28/61"
}
]
} ,
{
"comment" : "" ,
"deleted" : false ,
"description" : "File object describing a file with meta-information" ,
"meta-category" : "file" ,
"name" : "file" ,
"template_uuid" : "688c46fb-5edb-40a3-8273-1af7923e2215" ,
"template_version" : "7" ,
"timestamp" : "1524596123" ,
"uuid" : "486cb263-bf1a-43f8-baf2-9f41bb6a1571" ,
"ObjectReference" : [
{
"comment" : "" ,
"object_uuid" : "486cb263-bf1a-43f8-baf2-9f41bb6a1571" ,
"referenced_uuid" : "576def47-945e-4ae9-8c0e-152c5f4fac12" ,
"relationship_type" : "analysed-with" ,
"timestamp" : "1524596188" ,
"uuid" : "5adf7ddc-98ec-4194-b00d-4a8702de0b81"
}
] ,
"Attribute" : [
{
"category" : "Payload delivery" ,
"comment" : "Delphi downloader" ,
"deleted" : false ,
"disable_correlation" : false ,
"object_relation" : "md5" ,
"timestamp" : "1524596120" ,
"to_ids" : true ,
"type" : "md5" ,
"uuid" : "5adf7d98-41c8-4ad2-b5dc-498a02de0b81" ,
"value" : "d806ff313f7b77dd9334852599e5f7fe"
} ,
{
"category" : "Payload delivery" ,
"comment" : "Delphi downloader" ,
"deleted" : false ,
"disable_correlation" : false ,
"object_relation" : "sha1" ,
"timestamp" : "1524596120" ,
"to_ids" : true ,
"type" : "sha1" ,
"uuid" : "5adf7d98-7ab4-4c4f-b6ec-405502de0b81" ,
"value" : "afd5a60b7fff4deea15f7011339ad2cc2987a937"
} ,
{
"category" : "Payload delivery" ,
"comment" : "Delphi downloader" ,
"deleted" : false ,
"disable_correlation" : false ,
"object_relation" : "sha256" ,
"timestamp" : "1524596121" ,
"to_ids" : true ,
"type" : "sha256" ,
"uuid" : "5adf7d99-8800-4e21-ae9d-45e702de0b81" ,
"value" : "4305214c4d9cf9e3c44962b5903db0032a9f4e4b4a2ee3d497887abed3b4ffe1"
}
]
} ,
{
"comment" : "" ,
"deleted" : false ,
"description" : "VirusTotal report" ,
"meta-category" : "misc" ,
"name" : "virustotal-report" ,
"template_uuid" : "d7dd0154-e04f-4c34-a2fb-79f3a3a52aa4" ,
"template_version" : "1" ,
"timestamp" : "1524596121" ,
"uuid" : "576def47-945e-4ae9-8c0e-152c5f4fac12" ,
"Attribute" : [
{
"category" : "Other" ,
"comment" : "Delphi downloader" ,
"deleted" : false ,
"disable_correlation" : false ,
"object_relation" : "last-submission" ,
"timestamp" : "1524596121" ,
"to_ids" : false ,
"type" : "datetime" ,
"uuid" : "5adf7d99-f6f4-427d-b3e1-410302de0b81" ,
"value" : "2018-02-03T14:11:32"
} ,
{
"category" : "External analysis" ,
"comment" : "Delphi downloader" ,
"deleted" : false ,
"disable_correlation" : false ,
"object_relation" : "permalink" ,
"timestamp" : "1524596121" ,
"to_ids" : false ,
"type" : "link" ,
"uuid" : "5adf7d99-55e4-49aa-867f-415402de0b81" ,
"value" : "https://www.virustotal.com/file/4305214c4d9cf9e3c44962b5903db0032a9f4e4b4a2ee3d497887abed3b4ffe1/analysis/1517667092/"
} ,
{
"category" : "Other" ,
"comment" : "Delphi downloader" ,
"deleted" : false ,
"disable_correlation" : true ,
"object_relation" : "detection-ratio" ,
"timestamp" : "1524596122" ,
"to_ids" : false ,
"type" : "text" ,
"uuid" : "5adf7d9a-0fe4-411b-8a60-4e0402de0b81" ,
"value" : "38/67"
}
]
} ,
{
"comment" : "" ,
"deleted" : false ,
"description" : "File object describing a file with meta-information" ,
"meta-category" : "file" ,
"name" : "file" ,
"template_uuid" : "688c46fb-5edb-40a3-8273-1af7923e2215" ,
"template_version" : "7" ,
"timestamp" : "1524596125" ,
"uuid" : "baf449dc-4245-449d-bdbb-7a5c29cb15d1" ,
"ObjectReference" : [
{
"comment" : "" ,
"object_uuid" : "baf449dc-4245-449d-bdbb-7a5c29cb15d1" ,
"referenced_uuid" : "1bb74aeb-3552-4d7a-8eb5-99ca2508fb52" ,
"relationship_type" : "analysed-with" ,
"timestamp" : "1524596188" ,
"uuid" : "5adf7ddc-674c-4fc4-86b9-402002de0b81"
}
] ,
"Attribute" : [
{
"category" : "Payload delivery" ,
"comment" : "Delphi backdoor" ,
"deleted" : false ,
"disable_correlation" : false ,
"object_relation" : "md5" ,
"timestamp" : "1524596122" ,
"to_ids" : true ,
"type" : "md5" ,
"uuid" : "5adf7d9a-9e8c-453e-bfc2-4b6802de0b81" ,
"value" : "63add4783760ab93833fd3d9f1893899"
} ,
{
"category" : "Payload delivery" ,
"comment" : "Delphi backdoor" ,
"deleted" : false ,
"disable_correlation" : false ,
"object_relation" : "sha1" ,
"timestamp" : "1524596122" ,
"to_ids" : true ,
"type" : "sha1" ,
"uuid" : "5adf7d9a-7d20-4968-84c4-4dde02de0b81" ,
"value" : "7349843e4dac1226ad6ce3e3cda8c389dd599548"
} ,
{
"category" : "Payload delivery" ,
"comment" : "Delphi backdoor" ,
"deleted" : false ,
"disable_correlation" : false ,
"object_relation" : "sha256" ,
"timestamp" : "1524596123" ,
"to_ids" : true ,
"type" : "sha256" ,
"uuid" : "5adf7d9b-545c-4020-a1b6-4d3402de0b81" ,
"value" : "e355a327479dcc4e71a38f70450af02411125c5f101ba262e8df99f9f0fef7b6"
}
]
} ,
{
"comment" : "" ,
"deleted" : false ,
"description" : "VirusTotal report" ,
"meta-category" : "misc" ,
"name" : "virustotal-report" ,
"template_uuid" : "d7dd0154-e04f-4c34-a2fb-79f3a3a52aa4" ,
"template_version" : "1" ,
"timestamp" : "1524596123" ,
"uuid" : "1bb74aeb-3552-4d7a-8eb5-99ca2508fb52" ,
"Attribute" : [
{
"category" : "Other" ,
"comment" : "Delphi backdoor" ,
"deleted" : false ,
"disable_correlation" : false ,
"object_relation" : "last-submission" ,
"timestamp" : "1524596123" ,
"to_ids" : false ,
"type" : "datetime" ,
"uuid" : "5adf7d9b-0540-43a3-8edf-472f02de0b81" ,
"value" : "2016-06-13T23:37:29"
} ,
{
"category" : "External analysis" ,
"comment" : "Delphi backdoor" ,
"deleted" : false ,
"disable_correlation" : false ,
"object_relation" : "permalink" ,
"timestamp" : "1524596124" ,
"to_ids" : false ,
"type" : "link" ,
"uuid" : "5adf7d9c-72dc-4626-82a7-488902de0b81" ,
"value" : "https://www.virustotal.com/file/e355a327479dcc4e71a38f70450af02411125c5f101ba262e8df99f9f0fef7b6/analysis/1465861049/"
} ,
{
"category" : "Other" ,
"comment" : "Delphi backdoor" ,
"deleted" : false ,
"disable_correlation" : true ,
"object_relation" : "detection-ratio" ,
"timestamp" : "1524596124" ,
"to_ids" : false ,
"type" : "text" ,
"uuid" : "5adf7d9c-ffa4-4101-8a82-4f6a02de0b81" ,
"value" : "24/54"
}
]
} ,
{
"comment" : "" ,
"deleted" : false ,
"description" : "File object describing a file with meta-information" ,
"meta-category" : "file" ,
"name" : "file" ,
"template_uuid" : "688c46fb-5edb-40a3-8273-1af7923e2215" ,
"template_version" : "7" ,
"timestamp" : "1524596127" ,
"uuid" : "b330fd72-4ec0-4752-95de-e0a789b7e9e8" ,
"ObjectReference" : [
{
"comment" : "" ,
"object_uuid" : "b330fd72-4ec0-4752-95de-e0a789b7e9e8" ,
"referenced_uuid" : "4c792f79-2353-457e-81c9-eff70489079a" ,
"relationship_type" : "analysed-with" ,
"timestamp" : "1524596188" ,
"uuid" : "5adf7ddc-ab1c-415b-a60c-407c02de0b81"
}
] ,
"Attribute" : [
{
"category" : "Payload delivery" ,
"comment" : "AutoIt downloader" ,
"deleted" : false ,
"disable_correlation" : false ,
"object_relation" : "md5" ,
"timestamp" : "1524596124" ,
"to_ids" : true ,
"type" : "md5" ,
"uuid" : "5adf7d9c-79c8-4402-a512-426702de0b81" ,
"value" : "891df2e692685f809039a8e444fe9daa"
} ,
{
"category" : "Payload delivery" ,
"comment" : "AutoIt downloader" ,
"deleted" : false ,
"disable_correlation" : false ,
"object_relation" : "sha1" ,
"timestamp" : "1524596125" ,
"to_ids" : true ,
"type" : "sha1" ,
"uuid" : "5adf7d9d-76c8-4dde-aab6-428602de0b81" ,
"value" : "b8b847d3d0139db68dba730b3424b29dcb40b3c7"
} ,
{
"category" : "Payload delivery" ,
"comment" : "AutoIt downloader" ,
"deleted" : false ,
"disable_correlation" : false ,
"object_relation" : "sha256" ,
"timestamp" : "1524596125" ,
"to_ids" : true ,
"type" : "sha256" ,
"uuid" : "5adf7d9d-b4ec-4c2e-90ed-4ac002de0b81" ,
"value" : "af80b82b14b7c18ce184937620078f3703a9b3a71299bd4de7a5b0cce06b98a1"
}
]
} ,
{
"comment" : "" ,
"deleted" : false ,
"description" : "VirusTotal report" ,
"meta-category" : "misc" ,
"name" : "virustotal-report" ,
"template_uuid" : "d7dd0154-e04f-4c34-a2fb-79f3a3a52aa4" ,
"template_version" : "1" ,
"timestamp" : "1524596126" ,
"uuid" : "4c792f79-2353-457e-81c9-eff70489079a" ,
"Attribute" : [
{
"category" : "Other" ,
"comment" : "AutoIt downloader" ,
"deleted" : false ,
"disable_correlation" : false ,
"object_relation" : "last-submission" ,
"timestamp" : "1524596126" ,
"to_ids" : false ,
"type" : "datetime" ,
"uuid" : "5adf7d9e-94ec-4b6e-aa08-40c402de0b81" ,
"value" : "2017-09-20T15:17:03"
} ,
{
"category" : "External analysis" ,
"comment" : "AutoIt downloader" ,
"deleted" : false ,
"disable_correlation" : false ,
"object_relation" : "permalink" ,
"timestamp" : "1524596126" ,
"to_ids" : false ,
"type" : "link" ,
"uuid" : "5adf7d9e-d224-4f6e-aa6c-498702de0b81" ,
"value" : "https://www.virustotal.com/file/af80b82b14b7c18ce184937620078f3703a9b3a71299bd4de7a5b0cce06b98a1/analysis/1505920623/"
} ,
{
"category" : "Other" ,
"comment" : "AutoIt downloader" ,
"deleted" : false ,
"disable_correlation" : true ,
"object_relation" : "detection-ratio" ,
"timestamp" : "1524596127" ,
"to_ids" : false ,
"type" : "text" ,
"uuid" : "5adf7d9f-5754-44db-b18c-471202de0b81" ,
"value" : "40/65"
}
]
} ,
{
"comment" : "" ,
"deleted" : false ,
"description" : "File object describing a file with meta-information" ,
"meta-category" : "file" ,
"name" : "file" ,
"template_uuid" : "688c46fb-5edb-40a3-8273-1af7923e2215" ,
"template_version" : "7" ,
"timestamp" : "1524596130" ,
"uuid" : "3db0b28c-67cf-4546-a40d-da94eec7ee5e" ,
"ObjectReference" : [
{
"comment" : "" ,
"object_uuid" : "3db0b28c-67cf-4546-a40d-da94eec7ee5e" ,
"referenced_uuid" : "09b083f6-2364-4d2b-a1e3-1162587cc7e6" ,
"relationship_type" : "analysed-with" ,
"timestamp" : "1524596188" ,
"uuid" : "5adf7ddc-aee0-408c-bfa1-4e5902de0b81"
}
] ,
"Attribute" : [
{
"category" : "Payload delivery" ,
"comment" : "Delphi backdoor" ,
"deleted" : false ,
"disable_correlation" : false ,
"object_relation" : "md5" ,
"timestamp" : "1524596127" ,
"to_ids" : true ,
"type" : "md5" ,
"uuid" : "5adf7d9f-8464-4d2c-b418-407e02de0b81" ,
"value" : "3738934b5aa862fc8d4c3188f36ad280"
} ,
{
"category" : "Payload delivery" ,
"comment" : "Delphi backdoor" ,
"deleted" : false ,
"disable_correlation" : false ,
"object_relation" : "sha1" ,
"timestamp" : "1524596127" ,
"to_ids" : true ,
"type" : "sha1" ,
"uuid" : "5adf7d9f-293c-41d5-9164-465902de0b81" ,
"value" : "ae93b6ec2d56512a1c7e8c053d2a6ce6fdfb7e4c"
} ,
{
"category" : "Payload delivery" ,
"comment" : "Delphi backdoor" ,
"deleted" : false ,
"disable_correlation" : false ,
"object_relation" : "sha256" ,
"timestamp" : "1524596127" ,
"to_ids" : true ,
"type" : "sha256" ,
"uuid" : "5adf7d9f-df2c-4fd9-aa28-4c8402de0b81" ,
"value" : "32a45243118ef2ff15b0055c046f77d53c43ca958383d235e00ae3f29aeb4944"
}
]
} ,
{
"comment" : "" ,
"deleted" : false ,
"description" : "VirusTotal report" ,
"meta-category" : "misc" ,
"name" : "virustotal-report" ,
"template_uuid" : "d7dd0154-e04f-4c34-a2fb-79f3a3a52aa4" ,
"template_version" : "1" ,
"timestamp" : "1524596128" ,
"uuid" : "09b083f6-2364-4d2b-a1e3-1162587cc7e6" ,
"Attribute" : [
{
"category" : "Other" ,
"comment" : "Delphi backdoor" ,
"deleted" : false ,
"disable_correlation" : false ,
"object_relation" : "last-submission" ,
"timestamp" : "1524596128" ,
"to_ids" : false ,
"type" : "datetime" ,
"uuid" : "5adf7da0-d714-414f-bd06-496a02de0b81" ,
"value" : "2018-03-14T08:49:42"
} ,
{
"category" : "External analysis" ,
"comment" : "Delphi backdoor" ,
"deleted" : false ,
"disable_correlation" : false ,
"object_relation" : "permalink" ,
"timestamp" : "1524596128" ,
"to_ids" : false ,
"type" : "link" ,
"uuid" : "5adf7da0-2cd0-4fdb-83bb-4a6b02de0b81" ,
"value" : "https://www.virustotal.com/file/32a45243118ef2ff15b0055c046f77d53c43ca958383d235e00ae3f29aeb4944/analysis/1521017382/"
} ,
{
"category" : "Other" ,
"comment" : "Delphi backdoor" ,
"deleted" : false ,
"disable_correlation" : true ,
"object_relation" : "detection-ratio" ,
"timestamp" : "1524596129" ,
"to_ids" : false ,
"type" : "text" ,
"uuid" : "5adf7da1-235c-40b2-8ce1-453302de0b81" ,
"value" : "43/67"
}
]
} ,
{
"comment" : "" ,
"deleted" : false ,
"description" : "File object describing a file with meta-information" ,
"meta-category" : "file" ,
"name" : "file" ,
"template_uuid" : "688c46fb-5edb-40a3-8273-1af7923e2215" ,
"template_version" : "7" ,
"timestamp" : "1524596132" ,
"uuid" : "4745d413-4f7b-4f16-96be-f4dd074f1941" ,
"ObjectReference" : [
{
"comment" : "" ,
"object_uuid" : "4745d413-4f7b-4f16-96be-f4dd074f1941" ,
"referenced_uuid" : "ec56b918-e921-4d4b-a0cc-bfadf8120482" ,
"relationship_type" : "analysed-with" ,
"timestamp" : "1524596188" ,
"uuid" : "5adf7ddc-4760-473b-9e4d-497402de0b81"
}
] ,
"Attribute" : [
{
"category" : "Payload delivery" ,
"comment" : "AutoIt downloader" ,
"deleted" : false ,
"disable_correlation" : false ,
"object_relation" : "md5" ,
"timestamp" : "1524596129" ,
"to_ids" : true ,
"type" : "md5" ,
"uuid" : "5adf7da1-c188-4e20-8bab-454502de0b81" ,
"value" : "277eb7762dcad112604ae2a0b55719a8"
} ,
{
"category" : "Payload delivery" ,
"comment" : "AutoIt downloader" ,
"deleted" : false ,
"disable_correlation" : false ,
"object_relation" : "sha1" ,
"timestamp" : "1524596129" ,
"to_ids" : true ,
"type" : "sha1" ,
"uuid" : "5adf7da1-b9f4-4897-bdd5-4d5902de0b81" ,
"value" : "0cd61d367dd0b13000774ab77abf3d4cfb713c8e"
} ,
{
"category" : "Payload delivery" ,
"comment" : "AutoIt downloader" ,
"deleted" : false ,
"disable_correlation" : false ,
"object_relation" : "sha256" ,
"timestamp" : "1524596130" ,
"to_ids" : true ,
"type" : "sha256" ,
"uuid" : "5adf7da2-6aa0-43ee-ac0a-489302de0b81" ,
"value" : "e9cd6bf375c2ff5b1f6baa2cf04b11c65f1472ed27302275f68445a17001a38b"
}
]
} ,
{
"comment" : "" ,
"deleted" : false ,
"description" : "VirusTotal report" ,
"meta-category" : "misc" ,
"name" : "virustotal-report" ,
"template_uuid" : "d7dd0154-e04f-4c34-a2fb-79f3a3a52aa4" ,
"template_version" : "1" ,
"timestamp" : "1524596130" ,
"uuid" : "ec56b918-e921-4d4b-a0cc-bfadf8120482" ,
"Attribute" : [
{
"category" : "Other" ,
"comment" : "AutoIt downloader" ,
"deleted" : false ,
"disable_correlation" : false ,
"object_relation" : "last-submission" ,
"timestamp" : "1524596130" ,
"to_ids" : false ,
"type" : "datetime" ,
"uuid" : "5adf7da2-1280-4c6b-b578-4e9102de0b81" ,
"value" : "2017-04-23T17:19:42"
} ,
{
"category" : "External analysis" ,
"comment" : "AutoIt downloader" ,
"deleted" : false ,
"disable_correlation" : false ,
"object_relation" : "permalink" ,
"timestamp" : "1524596131" ,
"to_ids" : false ,
"type" : "link" ,
"uuid" : "5adf7da3-9610-48c0-9e6a-469402de0b81" ,
"value" : "https://www.virustotal.com/file/e9cd6bf375c2ff5b1f6baa2cf04b11c65f1472ed27302275f68445a17001a38b/analysis/1492967982/"
} ,
{
"category" : "Other" ,
"comment" : "AutoIt downloader" ,
"deleted" : false ,
"disable_correlation" : true ,
"object_relation" : "detection-ratio" ,
"timestamp" : "1524596131" ,
"to_ids" : false ,
"type" : "text" ,
"uuid" : "5adf7da3-f9ac-4a4e-b25e-4ee502de0b81" ,
"value" : "25/61"
}
]
} ,
{
"comment" : "" ,
"deleted" : false ,
"description" : "File object describing a file with meta-information" ,
"meta-category" : "file" ,
"name" : "file" ,
"template_uuid" : "688c46fb-5edb-40a3-8273-1af7923e2215" ,
"template_version" : "7" ,
"timestamp" : "1524596134" ,
"uuid" : "3c3df287-c480-4e94-a872-1f03ac0f92bc" ,
"ObjectReference" : [
{
"comment" : "" ,
"object_uuid" : "3c3df287-c480-4e94-a872-1f03ac0f92bc" ,
"referenced_uuid" : "08c1796d-7949-4531-83ff-45db4afae1d1" ,
"relationship_type" : "analysed-with" ,
"timestamp" : "1524596188" ,
"uuid" : "5adf7ddc-1124-441e-91bd-467602de0b81"
}
] ,
"Attribute" : [
{
"category" : "Payload delivery" ,
"comment" : "Delphi backdoor" ,
"deleted" : false ,
"disable_correlation" : false ,
"object_relation" : "md5" ,
"timestamp" : "1524596131" ,
"to_ids" : true ,
"type" : "md5" ,
"uuid" : "5adf7da3-67e0-42ec-9a73-45db02de0b81" ,
"value" : "5b02ee0e44dcd54ee7e4aafafcd5abb0"
} ,
{
"category" : "Payload delivery" ,
"comment" : "Delphi backdoor" ,
"deleted" : false ,
"disable_correlation" : false ,
"object_relation" : "sha1" ,
"timestamp" : "1524596131" ,
"to_ids" : true ,
"type" : "sha1" ,
"uuid" : "5adf7da3-6bb0-4ebc-85b5-44ca02de0b81" ,
"value" : "c08d89c7f7be69d5d705d4ac7e24e8f48e22faaf"
} ,
{
"category" : "Payload delivery" ,
"comment" : "Delphi backdoor" ,
"deleted" : false ,
"disable_correlation" : false ,
"object_relation" : "sha256" ,
"timestamp" : "1524596132" ,
"to_ids" : true ,
"type" : "sha256" ,
"uuid" : "5adf7da4-e578-4b66-b5ee-452f02de0b81" ,
"value" : "cb5e9eea00406d53f6620ca94fd2014f5fe54f74013115ff984ba97a4e6bbcf6"
}
]
} ,
{
"comment" : "" ,
"deleted" : false ,
"description" : "VirusTotal report" ,
"meta-category" : "misc" ,
"name" : "virustotal-report" ,
"template_uuid" : "d7dd0154-e04f-4c34-a2fb-79f3a3a52aa4" ,
"template_version" : "1" ,
"timestamp" : "1524596132" ,
"uuid" : "08c1796d-7949-4531-83ff-45db4afae1d1" ,
"Attribute" : [
{
"category" : "Other" ,
"comment" : "Delphi backdoor" ,
"deleted" : false ,
"disable_correlation" : false ,
"object_relation" : "last-submission" ,
"timestamp" : "1524596132" ,
"to_ids" : false ,
"type" : "datetime" ,
"uuid" : "5adf7da4-3c80-46b9-8a9e-401a02de0b81" ,
"value" : "2018-01-01T15:46:08"
} ,
{
"category" : "External analysis" ,
"comment" : "Delphi backdoor" ,
"deleted" : false ,
"disable_correlation" : false ,
"object_relation" : "permalink" ,
"timestamp" : "1524596133" ,
"to_ids" : false ,
"type" : "link" ,
"uuid" : "5adf7da5-1f60-4e00-bbea-41ba02de0b81" ,
"value" : "https://www.virustotal.com/file/cb5e9eea00406d53f6620ca94fd2014f5fe54f74013115ff984ba97a4e6bbcf6/analysis/1514821568/"
} ,
{
"category" : "Other" ,
"comment" : "Delphi backdoor" ,
"deleted" : false ,
"disable_correlation" : true ,
"object_relation" : "detection-ratio" ,
"timestamp" : "1524596133" ,
"to_ids" : false ,
"type" : "text" ,
"uuid" : "5adf7da5-f094-4ea5-9289-400702de0b81" ,
"value" : "33/67"
}
]
} ,
{
"comment" : "" ,
"deleted" : false ,
"description" : "File object describing a file with meta-information" ,
"meta-category" : "file" ,
"name" : "file" ,
"template_uuid" : "688c46fb-5edb-40a3-8273-1af7923e2215" ,
"template_version" : "7" ,
"timestamp" : "1524596136" ,
"uuid" : "a9a54fb9-5c34-49d1-b282-fb57ef4ed40a" ,
"ObjectReference" : [
{
"comment" : "" ,
"object_uuid" : "a9a54fb9-5c34-49d1-b282-fb57ef4ed40a" ,
"referenced_uuid" : "12ef353f-60f2-4459-be94-50e52fd85569" ,
"relationship_type" : "analysed-with" ,
"timestamp" : "1524596188" ,
"uuid" : "5adf7ddc-a188-4d05-bb48-497802de0b81"
}
] ,
"Attribute" : [
{
"category" : "Payload delivery" ,
"comment" : "AutoIt downloader" ,
"deleted" : false ,
"disable_correlation" : false ,
"object_relation" : "md5" ,
"timestamp" : "1524596133" ,
"to_ids" : true ,
"type" : "md5" ,
"uuid" : "5adf7da5-46d4-4b12-8e41-4a0a02de0b81" ,
"value" : "ff0e4f31a6b18b676b9518d4a748fed1"
} ,
{
"category" : "Payload delivery" ,
"comment" : "AutoIt downloader" ,
"deleted" : false ,
"disable_correlation" : false ,
"object_relation" : "sha1" ,
"timestamp" : "1524596134" ,
"to_ids" : true ,
"type" : "sha1" ,
"uuid" : "5adf7da6-cbb8-4a19-a105-4abf02de0b81" ,
"value" : "4a6dcbccab5344388b331d543cc2260ca531c7ca"
} ,
{
"category" : "Payload delivery" ,
"comment" : "AutoIt downloader" ,
"deleted" : false ,
"disable_correlation" : false ,
"object_relation" : "sha256" ,
"timestamp" : "1524596134" ,
"to_ids" : true ,
"type" : "sha256" ,
"uuid" : "5adf7da6-03a0-4708-aa32-48e702de0b81" ,
"value" : "dcc79262d318874ead4ea331dffe0eeac32b191733dfbd2f1aab97c970419c1a"
}
]
} ,
{
"comment" : "" ,
"deleted" : false ,
"description" : "VirusTotal report" ,
"meta-category" : "misc" ,
"name" : "virustotal-report" ,
"template_uuid" : "d7dd0154-e04f-4c34-a2fb-79f3a3a52aa4" ,
"template_version" : "1" ,
"timestamp" : "1524596134" ,
"uuid" : "12ef353f-60f2-4459-be94-50e52fd85569" ,
"Attribute" : [
{
"category" : "Other" ,
"comment" : "AutoIt downloader" ,
"deleted" : false ,
"disable_correlation" : false ,
"object_relation" : "last-submission" ,
"timestamp" : "1524596135" ,
"to_ids" : false ,
"type" : "datetime" ,
"uuid" : "5adf7da7-7218-496d-9a49-480c02de0b81" ,
"value" : "2018-03-28T23:33:06"
} ,
{
"category" : "External analysis" ,
"comment" : "AutoIt downloader" ,
"deleted" : false ,
"disable_correlation" : false ,
"object_relation" : "permalink" ,
"timestamp" : "1524596135" ,
"to_ids" : false ,
"type" : "link" ,
"uuid" : "5adf7da7-2d74-4a8d-8694-481e02de0b81" ,
"value" : "https://www.virustotal.com/file/dcc79262d318874ead4ea331dffe0eeac32b191733dfbd2f1aab97c970419c1a/analysis/1522279986/"
} ,
{
"category" : "Other" ,
"comment" : "AutoIt downloader" ,
"deleted" : false ,
"disable_correlation" : true ,
"object_relation" : "detection-ratio" ,
"timestamp" : "1524596135" ,
"to_ids" : false ,
"type" : "text" ,
"uuid" : "5adf7da7-2a08-4db3-a3a2-4dbb02de0b81" ,
"value" : "43/64"
}
]
} ,
{
"comment" : "" ,
"deleted" : false ,
"description" : "File object describing a file with meta-information" ,
"meta-category" : "file" ,
"name" : "file" ,
"template_uuid" : "688c46fb-5edb-40a3-8273-1af7923e2215" ,
"template_version" : "7" ,
"timestamp" : "1524596138" ,
"uuid" : "747f6ce0-02a7-4ad1-9d6b-521ba518604c" ,
"ObjectReference" : [
{
"comment" : "" ,
"object_uuid" : "747f6ce0-02a7-4ad1-9d6b-521ba518604c" ,
"referenced_uuid" : "51f38f80-a11b-4aa3-8080-164c185cdb2d" ,
"relationship_type" : "analysed-with" ,
"timestamp" : "1524596188" ,
"uuid" : "5adf7ddc-bd80-445b-91ea-442902de0b81"
}
] ,
"Attribute" : [
{
"category" : "Payload delivery" ,
"comment" : "Delphi downloader" ,
"deleted" : false ,
"disable_correlation" : false ,
"object_relation" : "md5" ,
"timestamp" : "1524596135" ,
"to_ids" : true ,
"type" : "md5" ,
"uuid" : "5adf7da7-138c-452f-bee3-441202de0b81" ,
"value" : "1535acbcae591b0d03ef7518cb56883e"
} ,
{
"category" : "Payload delivery" ,
"comment" : "Delphi downloader" ,
"deleted" : false ,
"disable_correlation" : false ,
"object_relation" : "sha1" ,
"timestamp" : "1524596136" ,
"to_ids" : true ,
"type" : "sha1" ,
"uuid" : "5adf7da8-da68-496d-9b21-483002de0b81" ,
"value" : "36b5e59a01e7f244d4a3bbb539e57aa468115dc8"
} ,
{
"category" : "Payload delivery" ,
"comment" : "Delphi downloader" ,
"deleted" : false ,
"disable_correlation" : false ,
"object_relation" : "sha256" ,
"timestamp" : "1524596136" ,
"to_ids" : true ,
"type" : "sha256" ,
"uuid" : "5adf7da8-b710-4985-bd3b-424002de0b81" ,
"value" : "6fcf4592f9261d5734fb3b8534f6839ab65f68fd9ff14a9005225135e743226c"
}
]
} ,
{
"comment" : "" ,
"deleted" : false ,
"description" : "VirusTotal report" ,
"meta-category" : "misc" ,
"name" : "virustotal-report" ,
"template_uuid" : "d7dd0154-e04f-4c34-a2fb-79f3a3a52aa4" ,
"template_version" : "1" ,
"timestamp" : "1524596137" ,
"uuid" : "51f38f80-a11b-4aa3-8080-164c185cdb2d" ,
"Attribute" : [
{
"category" : "Other" ,
"comment" : "Delphi downloader" ,
"deleted" : false ,
"disable_correlation" : false ,
"object_relation" : "last-submission" ,
"timestamp" : "1524596137" ,
"to_ids" : false ,
"type" : "datetime" ,
"uuid" : "5adf7da9-5590-4179-be86-4d7002de0b81" ,
"value" : "2018-04-11T06:42:54"
} ,
{
"category" : "External analysis" ,
"comment" : "Delphi downloader" ,
"deleted" : false ,
"disable_correlation" : false ,
"object_relation" : "permalink" ,
"timestamp" : "1524596137" ,
"to_ids" : false ,
"type" : "link" ,
"uuid" : "5adf7da9-0bac-491a-88d2-4b0302de0b81" ,
"value" : "https://www.virustotal.com/file/6fcf4592f9261d5734fb3b8534f6839ab65f68fd9ff14a9005225135e743226c/analysis/1523428974/"
} ,
{
"category" : "Other" ,
"comment" : "Delphi downloader" ,
"deleted" : false ,
"disable_correlation" : true ,
"object_relation" : "detection-ratio" ,
"timestamp" : "1524596138" ,
"to_ids" : false ,
"type" : "text" ,
"uuid" : "5adf7daa-08c4-4505-b7e4-4e9d02de0b81" ,
"value" : "42/67"
}
]
} ,
{
"comment" : "" ,
"deleted" : false ,
"description" : "File object describing a file with meta-information" ,
"meta-category" : "file" ,
"name" : "file" ,
"template_uuid" : "688c46fb-5edb-40a3-8273-1af7923e2215" ,
"template_version" : "7" ,
"timestamp" : "1524596141" ,
"uuid" : "35669949-414e-46e8-b922-a268178ce5cd" ,
"ObjectReference" : [
{
"comment" : "" ,
"object_uuid" : "35669949-414e-46e8-b922-a268178ce5cd" ,
"referenced_uuid" : "d56ef909-0c8a-4a43-91f6-43c824ef6b16" ,
"relationship_type" : "analysed-with" ,
"timestamp" : "1524596188" ,
"uuid" : "5adf7ddc-0818-4203-ac15-422d02de0b81"
}
] ,
"Attribute" : [
{
"category" : "Payload delivery" ,
"comment" : "Delphi backdoor" ,
"deleted" : false ,
"disable_correlation" : false ,
"object_relation" : "md5" ,
"timestamp" : "1524596138" ,
"to_ids" : true ,
"type" : "md5" ,
"uuid" : "5adf7daa-19d0-4072-b8a7-449802de0b81" ,
"value" : "c64e34730407875418ab5278a17b5ec4"
} ,
{
"category" : "Payload delivery" ,
"comment" : "Delphi backdoor" ,
"deleted" : false ,
"disable_correlation" : false ,
"object_relation" : "sha1" ,
"timestamp" : "1524596138" ,
"to_ids" : true ,
"type" : "sha1" ,
"uuid" : "5adf7daa-c768-4733-b6e3-45a402de0b81" ,
"value" : "9beacd8e145fa01e16409d44d8b9470af6c7afd8"
} ,
{
"category" : "Payload delivery" ,
"comment" : "Delphi backdoor" ,
"deleted" : false ,
"disable_correlation" : false ,
"object_relation" : "sha256" ,
"timestamp" : "1524596138" ,
"to_ids" : true ,
"type" : "sha256" ,
"uuid" : "5adf7daa-34b8-4cca-90be-405502de0b81" ,
"value" : "e1a5637cf7c8a41a53fa5e6de9d623bf1f12fecacd295a80ab79134e1da158be"
}
]
} ,
{
"comment" : "" ,
"deleted" : false ,
"description" : "VirusTotal report" ,
"meta-category" : "misc" ,
"name" : "virustotal-report" ,
"template_uuid" : "d7dd0154-e04f-4c34-a2fb-79f3a3a52aa4" ,
"template_version" : "1" ,
"timestamp" : "1524596139" ,
"uuid" : "d56ef909-0c8a-4a43-91f6-43c824ef6b16" ,
"Attribute" : [
{
"category" : "Other" ,
"comment" : "Delphi backdoor" ,
"deleted" : false ,
"disable_correlation" : false ,
"object_relation" : "last-submission" ,
"timestamp" : "1524596139" ,
"to_ids" : false ,
"type" : "datetime" ,
"uuid" : "5adf7dab-98d4-4c29-80d3-425f02de0b81" ,
"value" : "2017-06-21T17:56:39"
} ,
{
"category" : "External analysis" ,
"comment" : "Delphi backdoor" ,
"deleted" : false ,
"disable_correlation" : false ,
"object_relation" : "permalink" ,
"timestamp" : "1524596139" ,
"to_ids" : false ,
"type" : "link" ,
"uuid" : "5adf7dab-f51c-4d9f-98c7-47a302de0b81" ,
"value" : "https://www.virustotal.com/file/e1a5637cf7c8a41a53fa5e6de9d623bf1f12fecacd295a80ab79134e1da158be/analysis/1498067799/"
} ,
{
"category" : "Other" ,
"comment" : "Delphi backdoor" ,
"deleted" : false ,
"disable_correlation" : true ,
"object_relation" : "detection-ratio" ,
"timestamp" : "1524596140" ,
"to_ids" : false ,
"type" : "text" ,
"uuid" : "5adf7dac-9e6c-4544-b260-4d6e02de0b81" ,
"value" : "36/60"
}
]
} ,
{
"comment" : "" ,
"deleted" : false ,
"description" : "File object describing a file with meta-information" ,
"meta-category" : "file" ,
"name" : "file" ,
"template_uuid" : "688c46fb-5edb-40a3-8273-1af7923e2215" ,
"template_version" : "7" ,
"timestamp" : "1524596143" ,
"uuid" : "ad3d881f-c113-48d5-855b-2dd4d024f91f" ,
"ObjectReference" : [
{
"comment" : "" ,
"object_uuid" : "ad3d881f-c113-48d5-855b-2dd4d024f91f" ,
"referenced_uuid" : "105287fa-3fa6-4fc7-9e89-2b40dd00f83c" ,
"relationship_type" : "analysed-with" ,
"timestamp" : "1524596188" ,
"uuid" : "5adf7ddc-00a8-440b-858c-40e502de0b81"
}
] ,
"Attribute" : [
{
"category" : "Payload delivery" ,
"comment" : "Delphi backdoor" ,
"deleted" : false ,
"disable_correlation" : false ,
"object_relation" : "md5" ,
"timestamp" : "1524596140" ,
"to_ids" : true ,
"type" : "md5" ,
"uuid" : "5adf7dac-eaa4-4bcf-a247-475c02de0b81" ,
"value" : "96a4208c6ae2bc1a4150ce9941c45ba6"
} ,
{
"category" : "Payload delivery" ,
"comment" : "Delphi backdoor" ,
"deleted" : false ,
"disable_correlation" : false ,
"object_relation" : "sha1" ,
"timestamp" : "1524596140" ,
"to_ids" : true ,
"type" : "sha1" ,
"uuid" : "5adf7dac-3624-42e7-bb3e-418a02de0b81" ,
"value" : "0983d940ba42135106bf7a1e87ed5a1975fc7ead"
} ,
{
"category" : "Payload delivery" ,
"comment" : "Delphi backdoor" ,
"deleted" : false ,
"disable_correlation" : false ,
"object_relation" : "sha256" ,
"timestamp" : "1524596141" ,
"to_ids" : true ,
"type" : "sha256" ,
"uuid" : "5adf7dad-ea40-47c8-b57a-4ca602de0b81" ,
"value" : "99c84b8e063bdfdd07f39f2fac1fee4a68204e97283c60c7524cdacbf392729d"
}
]
} ,
{
"comment" : "" ,
"deleted" : false ,
"description" : "VirusTotal report" ,
"meta-category" : "misc" ,
"name" : "virustotal-report" ,
"template_uuid" : "d7dd0154-e04f-4c34-a2fb-79f3a3a52aa4" ,
"template_version" : "1" ,
"timestamp" : "1524596141" ,
"uuid" : "105287fa-3fa6-4fc7-9e89-2b40dd00f83c" ,
"Attribute" : [
{
"category" : "Other" ,
"comment" : "Delphi backdoor" ,
"deleted" : false ,
"disable_correlation" : false ,
"object_relation" : "last-submission" ,
"timestamp" : "1524596141" ,
"to_ids" : false ,
"type" : "datetime" ,
"uuid" : "5adf7dad-622c-48ed-bc70-443002de0b81" ,
"value" : "2018-04-04T03:00:08"
} ,
{
"category" : "External analysis" ,
"comment" : "Delphi backdoor" ,
"deleted" : false ,
"disable_correlation" : false ,
"object_relation" : "permalink" ,
"timestamp" : "1524596142" ,
"to_ids" : false ,
"type" : "link" ,
"uuid" : "5adf7dae-2970-4ea6-b3af-45fc02de0b81" ,
"value" : "https://www.virustotal.com/file/99c84b8e063bdfdd07f39f2fac1fee4a68204e97283c60c7524cdacbf392729d/analysis/1522810808/"
} ,
{
"category" : "Other" ,
"comment" : "Delphi backdoor" ,
"deleted" : false ,
"disable_correlation" : true ,
"object_relation" : "detection-ratio" ,
"timestamp" : "1524596142" ,
"to_ids" : false ,
"type" : "text" ,
"uuid" : "5adf7dae-abcc-407e-a4d1-46f802de0b81" ,
"value" : "41/67"
}
]
} ,
{
"comment" : "" ,
"deleted" : false ,
"description" : "File object describing a file with meta-information" ,
"meta-category" : "file" ,
"name" : "file" ,
"template_uuid" : "688c46fb-5edb-40a3-8273-1af7923e2215" ,
"template_version" : "7" ,
"timestamp" : "1524596145" ,
"uuid" : "49564bbc-8586-4f0e-85d2-9e2740c15bd2" ,
"ObjectReference" : [
{
"comment" : "" ,
"object_uuid" : "49564bbc-8586-4f0e-85d2-9e2740c15bd2" ,
"referenced_uuid" : "d23722af-7e5c-4eae-8351-cba27a8ed023" ,
"relationship_type" : "analysed-with" ,
"timestamp" : "1524596188" ,
"uuid" : "5adf7ddc-cee4-4839-9bd4-410a02de0b81"
}
] ,
"Attribute" : [
{
"category" : "Payload delivery" ,
"comment" : "Delphi backdoor" ,
"deleted" : false ,
"disable_correlation" : false ,
"object_relation" : "md5" ,
"timestamp" : "1524596142" ,
"to_ids" : true ,
"type" : "md5" ,
"uuid" : "5adf7dae-158c-474d-8de2-4e2a02de0b81" ,
"value" : "2d0cc82b5e5cf025b617d0988db3c4e7"
} ,
{
"category" : "Payload delivery" ,
"comment" : "Delphi backdoor" ,
"deleted" : false ,
"disable_correlation" : false ,
"object_relation" : "sha1" ,
"timestamp" : "1524596143" ,
"to_ids" : true ,
"type" : "sha1" ,
"uuid" : "5adf7daf-29d8-4219-876c-4b9e02de0b81" ,
"value" : "2c01ae417e5de213845b1ed46d4e82d45edd598d"
} ,
{
"category" : "Payload delivery" ,
"comment" : "Delphi backdoor" ,
"deleted" : false ,
"disable_correlation" : false ,
"object_relation" : "sha256" ,
"timestamp" : "1524596143" ,
"to_ids" : true ,
"type" : "sha256" ,
"uuid" : "5adf7daf-b52c-4fea-b75e-476602de0b81" ,
"value" : "142287861c2322646c185b5092a1e7176a63a4d4909f03ae88446c7ff1fde105"
}
]
} ,
{
"comment" : "" ,
"deleted" : false ,
"description" : "VirusTotal report" ,
"meta-category" : "misc" ,
"name" : "virustotal-report" ,
"template_uuid" : "d7dd0154-e04f-4c34-a2fb-79f3a3a52aa4" ,
"template_version" : "1" ,
"timestamp" : "1524596143" ,
"uuid" : "d23722af-7e5c-4eae-8351-cba27a8ed023" ,
"Attribute" : [
{
"category" : "Other" ,
"comment" : "Delphi backdoor" ,
"deleted" : false ,
"disable_correlation" : false ,
"object_relation" : "last-submission" ,
"timestamp" : "1524596144" ,
"to_ids" : false ,
"type" : "datetime" ,
"uuid" : "5adf7db0-30d4-4589-92ca-4a3c02de0b81" ,
"value" : "2018-01-14T22:14:22"
} ,
{
"category" : "External analysis" ,
"comment" : "Delphi backdoor" ,
"deleted" : false ,
"disable_correlation" : false ,
"object_relation" : "permalink" ,
"timestamp" : "1524596144" ,
"to_ids" : false ,
"type" : "link" ,
"uuid" : "5adf7db0-a23c-4581-82e6-493a02de0b81" ,
"value" : "https://www.virustotal.com/file/142287861c2322646c185b5092a1e7176a63a4d4909f03ae88446c7ff1fde105/analysis/1515968062/"
} ,
{
"category" : "Other" ,
"comment" : "Delphi backdoor" ,
"deleted" : false ,
"disable_correlation" : true ,
"object_relation" : "detection-ratio" ,
"timestamp" : "1524596144" ,
"to_ids" : false ,
"type" : "text" ,
"uuid" : "5adf7db0-91ec-4e76-9f7f-403902de0b81" ,
"value" : "35/67"
}
]
} ,
{
"comment" : "" ,
"deleted" : false ,
"description" : "File object describing a file with meta-information" ,
"meta-category" : "file" ,
"name" : "file" ,
"template_uuid" : "688c46fb-5edb-40a3-8273-1af7923e2215" ,
"template_version" : "7" ,
"timestamp" : "1524596147" ,
"uuid" : "2f1db766-fb4f-473b-b63f-dd28deffd49d" ,
"ObjectReference" : [
{
"comment" : "" ,
"object_uuid" : "2f1db766-fb4f-473b-b63f-dd28deffd49d" ,
"referenced_uuid" : "5773f131-49f8-412c-b626-dc692512567b" ,
"relationship_type" : "analysed-with" ,
"timestamp" : "1524596188" ,
"uuid" : "5adf7ddc-566c-4742-a9ed-416a02de0b81"
}
] ,
"Attribute" : [
{
"category" : "Payload delivery" ,
"comment" : "Delphi backdoor" ,
"deleted" : false ,
"disable_correlation" : false ,
"object_relation" : "md5" ,
"timestamp" : "1524596144" ,
"to_ids" : true ,
"type" : "md5" ,
"uuid" : "5adf7db0-46d8-407c-8b95-4e5e02de0b81" ,
"value" : "96881c6d57497341cd7d8632dfbd8a8b"
} ,
{
"category" : "Payload delivery" ,
"comment" : "Delphi backdoor" ,
"deleted" : false ,
"disable_correlation" : false ,
"object_relation" : "sha1" ,
"timestamp" : "1524596145" ,
"to_ids" : true ,
"type" : "sha1" ,
"uuid" : "5adf7db1-daa0-4631-b4b4-424902de0b81" ,
"value" : "4ccbe222bd97dc229b36efaf52520939da9d51c8"
} ,
{
"category" : "Payload delivery" ,
"comment" : "Delphi backdoor" ,
"deleted" : false ,
"disable_correlation" : false ,
"object_relation" : "sha256" ,
"timestamp" : "1524596145" ,
"to_ids" : true ,
"type" : "sha256" ,
"uuid" : "5adf7db1-1e80-416f-99bb-478302de0b81" ,
"value" : "979c14f993a1cd91f1b890f93a59ab5b14e059e056b9cf069222f529e50a4d5f"
}
]
} ,
{
"comment" : "" ,
"deleted" : false ,
"description" : "VirusTotal report" ,
"meta-category" : "misc" ,
"name" : "virustotal-report" ,
"template_uuid" : "d7dd0154-e04f-4c34-a2fb-79f3a3a52aa4" ,
"template_version" : "1" ,
"timestamp" : "1524596146" ,
"uuid" : "5773f131-49f8-412c-b626-dc692512567b" ,
"Attribute" : [
{
"category" : "Other" ,
"comment" : "Delphi backdoor" ,
"deleted" : false ,
"disable_correlation" : false ,
"object_relation" : "last-submission" ,
"timestamp" : "1524596146" ,
"to_ids" : false ,
"type" : "datetime" ,
"uuid" : "5adf7db2-0f40-451a-aa0c-4d9402de0b81" ,
"value" : "2018-03-21T08:32:53"
} ,
{
"category" : "External analysis" ,
"comment" : "Delphi backdoor" ,
"deleted" : false ,
"disable_correlation" : false ,
"object_relation" : "permalink" ,
"timestamp" : "1524596146" ,
"to_ids" : false ,
"type" : "link" ,
"uuid" : "5adf7db2-09f8-4e6a-8848-4a8a02de0b81" ,
"value" : "https://www.virustotal.com/file/979c14f993a1cd91f1b890f93a59ab5b14e059e056b9cf069222f529e50a4d5f/analysis/1521621173/"
} ,
{
"category" : "Other" ,
"comment" : "Delphi backdoor" ,
"deleted" : false ,
"disable_correlation" : true ,
"object_relation" : "detection-ratio" ,
"timestamp" : "1524596147" ,
"to_ids" : false ,
"type" : "text" ,
"uuid" : "5adf7db3-0720-445a-8d5c-4eea02de0b81" ,
"value" : "34/65"
}
]
} ,
{
"comment" : "" ,
"deleted" : false ,
"description" : "File object describing a file with meta-information" ,
"meta-category" : "file" ,
"name" : "file" ,
"template_uuid" : "688c46fb-5edb-40a3-8273-1af7923e2215" ,
"template_version" : "7" ,
"timestamp" : "1524596150" ,
"uuid" : "1be56ace-cd17-443a-bccd-e06270dcd50e" ,
"ObjectReference" : [
{
"comment" : "" ,
"object_uuid" : "1be56ace-cd17-443a-bccd-e06270dcd50e" ,
"referenced_uuid" : "004f0fc6-2583-4a1b-a1e5-47c227aef9d8" ,
"relationship_type" : "analysed-with" ,
"timestamp" : "1524596188" ,
"uuid" : "5adf7ddc-8490-43c7-94d8-418702de0b81"
}
] ,
"Attribute" : [
{
"category" : "Payload delivery" ,
"comment" : "Delphi downloader" ,
"deleted" : false ,
"disable_correlation" : false ,
"object_relation" : "md5" ,
"timestamp" : "1524596147" ,
"to_ids" : true ,
"type" : "md5" ,
"uuid" : "5adf7db3-b108-4def-916b-4f4b02de0b81" ,
"value" : "cf4b9a62e794e6bdbc193fc360bee132"
} ,
{
"category" : "Payload delivery" ,
"comment" : "Delphi downloader" ,
"deleted" : false ,
"disable_correlation" : false ,
"object_relation" : "sha1" ,
"timestamp" : "1524596147" ,
"to_ids" : true ,
"type" : "sha1" ,
"uuid" : "5adf7db3-0680-4e5c-91a5-4d8402de0b81" ,
"value" : "d4ab51bc5c26183771e3358d76e348943f9dd2fc"
} ,
{
"category" : "Payload delivery" ,
"comment" : "Delphi downloader" ,
"deleted" : false ,
"disable_correlation" : false ,
"object_relation" : "sha256" ,
"timestamp" : "1524596147" ,
"to_ids" : true ,
"type" : "sha256" ,
"uuid" : "5adf7db3-f464-4cfe-b402-452002de0b81" ,
"value" : "b89f62041e18ec400082084017d084174abfdc33150c8a6e6b92642c778eb02a"
}
]
} ,
{
"comment" : "" ,
"deleted" : false ,
"description" : "VirusTotal report" ,
"meta-category" : "misc" ,
"name" : "virustotal-report" ,
"template_uuid" : "d7dd0154-e04f-4c34-a2fb-79f3a3a52aa4" ,
"template_version" : "1" ,
"timestamp" : "1524596148" ,
"uuid" : "004f0fc6-2583-4a1b-a1e5-47c227aef9d8" ,
"Attribute" : [
{
"category" : "Other" ,
"comment" : "Delphi downloader" ,
"deleted" : false ,
"disable_correlation" : false ,
"object_relation" : "last-submission" ,
"timestamp" : "1524596148" ,
"to_ids" : false ,
"type" : "datetime" ,
"uuid" : "5adf7db4-4114-4e27-b9ad-4c1802de0b81" ,
"value" : "2017-11-29T01:35:29"
} ,
{
"category" : "External analysis" ,
"comment" : "Delphi downloader" ,
"deleted" : false ,
"disable_correlation" : false ,
"object_relation" : "permalink" ,
"timestamp" : "1524596148" ,
"to_ids" : false ,
"type" : "link" ,
"uuid" : "5adf7db4-d9c4-4ad7-a995-47aa02de0b81" ,
"value" : "https://www.virustotal.com/file/b89f62041e18ec400082084017d084174abfdc33150c8a6e6b92642c778eb02a/analysis/1511919329/"
} ,
{
"category" : "Other" ,
"comment" : "Delphi downloader" ,
"deleted" : false ,
"disable_correlation" : true ,
"object_relation" : "detection-ratio" ,
"timestamp" : "1524596149" ,
"to_ids" : false ,
"type" : "text" ,
"uuid" : "5adf7db5-d1e8-4c6a-a054-4b8302de0b81" ,
"value" : "40/67"
}
]
} ,
{
"comment" : "" ,
"deleted" : false ,
"description" : "File object describing a file with meta-information" ,
"meta-category" : "file" ,
"name" : "file" ,
"template_uuid" : "688c46fb-5edb-40a3-8273-1af7923e2215" ,
"template_version" : "7" ,
"timestamp" : "1524596152" ,
"uuid" : "35e71b75-b89e-46df-a427-23edf31cfafb" ,
"ObjectReference" : [
{
"comment" : "" ,
"object_uuid" : "35e71b75-b89e-46df-a427-23edf31cfafb" ,
"referenced_uuid" : "30bac908-1031-49fe-866a-593cab5b2703" ,
"relationship_type" : "analysed-with" ,
"timestamp" : "1524596188" ,
"uuid" : "5adf7ddc-b0a4-4eca-9cfa-425b02de0b81"
}
] ,
"Attribute" : [
{
"category" : "Payload delivery" ,
"comment" : "AutoIt downloader" ,
"deleted" : false ,
"disable_correlation" : false ,
"object_relation" : "md5" ,
"timestamp" : "1524596149" ,
"to_ids" : true ,
"type" : "md5" ,
"uuid" : "5adf7db5-4c34-4100-ab42-486902de0b81" ,
"value" : "241631a32a4c26bd83ea17b90ad266c1"
} ,
{
"category" : "Payload delivery" ,
"comment" : "AutoIt downloader" ,
"deleted" : false ,
"disable_correlation" : false ,
"object_relation" : "sha1" ,
"timestamp" : "1524596149" ,
"to_ids" : true ,
"type" : "sha1" ,
"uuid" : "5adf7db5-0554-4752-9669-4fed02de0b81" ,
"value" : "c0271dbb02636402742c390ffbeee6418f696668"
} ,
{
"category" : "Payload delivery" ,
"comment" : "AutoIt downloader" ,
"deleted" : false ,
"disable_correlation" : false ,
"object_relation" : "sha256" ,
"timestamp" : "1524596150" ,
"to_ids" : true ,
"type" : "sha256" ,
"uuid" : "5adf7db6-f690-49bc-8c6b-4b8e02de0b81" ,
"value" : "8c128664ccbdc245969f541f406109295fee661622d507079c5bc31775ce5dcb"
}
]
} ,
{
"comment" : "" ,
"deleted" : false ,
"description" : "VirusTotal report" ,
"meta-category" : "misc" ,
"name" : "virustotal-report" ,
"template_uuid" : "d7dd0154-e04f-4c34-a2fb-79f3a3a52aa4" ,
"template_version" : "1" ,
"timestamp" : "1524596150" ,
"uuid" : "30bac908-1031-49fe-866a-593cab5b2703" ,
"Attribute" : [
{
"category" : "Other" ,
"comment" : "AutoIt downloader" ,
"deleted" : false ,
"disable_correlation" : false ,
"object_relation" : "last-submission" ,
"timestamp" : "1524596150" ,
"to_ids" : false ,
"type" : "datetime" ,
"uuid" : "5adf7db6-d800-4fa1-ab31-4a5502de0b81" ,
"value" : "2017-10-03T02:39:45"
} ,
{
"category" : "External analysis" ,
"comment" : "AutoIt downloader" ,
"deleted" : false ,
"disable_correlation" : false ,
"object_relation" : "permalink" ,
"timestamp" : "1524596151" ,
"to_ids" : false ,
"type" : "link" ,
"uuid" : "5adf7db7-598c-479a-a01c-4e2102de0b81" ,
"value" : "https://www.virustotal.com/file/8c128664ccbdc245969f541f406109295fee661622d507079c5bc31775ce5dcb/analysis/1506998385/"
} ,
{
"category" : "Other" ,
"comment" : "AutoIt downloader" ,
"deleted" : false ,
"disable_correlation" : true ,
"object_relation" : "detection-ratio" ,
"timestamp" : "1524596151" ,
"to_ids" : false ,
"type" : "text" ,
"uuid" : "5adf7db7-f18c-4de5-bb0a-43a902de0b81" ,
"value" : "40/66"
}
]
} ,
{
"comment" : "" ,
"deleted" : false ,
"description" : "File object describing a file with meta-information" ,
"meta-category" : "file" ,
"name" : "file" ,
"template_uuid" : "688c46fb-5edb-40a3-8273-1af7923e2215" ,
"template_version" : "7" ,
"timestamp" : "1524596154" ,
"uuid" : "c1d52771-ed8b-4bda-bc57-36890af08d8f" ,
"ObjectReference" : [
{
"comment" : "" ,
"object_uuid" : "c1d52771-ed8b-4bda-bc57-36890af08d8f" ,
"referenced_uuid" : "292131ff-8255-4d75-96e4-476aaa98bce9" ,
"relationship_type" : "analysed-with" ,
"timestamp" : "1524596189" ,
"uuid" : "5adf7ddd-18b4-4f7d-ba7d-4e2f02de0b81"
}
] ,
"Attribute" : [
{
"category" : "Payload delivery" ,
"comment" : "Delphi backdoor" ,
"deleted" : false ,
"disable_correlation" : false ,
"object_relation" : "md5" ,
"timestamp" : "1524596151" ,
"to_ids" : true ,
"type" : "md5" ,
"uuid" : "5adf7db7-db98-4c7a-b447-4d0a02de0b81" ,
"value" : "d3b7a382b7343fd394db94fbc8ac3305"
} ,
{
"category" : "Payload delivery" ,
"comment" : "Delphi backdoor" ,
"deleted" : false ,
"disable_correlation" : false ,
"object_relation" : "sha1" ,
"timestamp" : "1524596151" ,
"to_ids" : true ,
"type" : "sha1" ,
"uuid" : "5adf7db7-6270-4d90-ba14-4d1402de0b81" ,
"value" : "7b5c223a4968cc2190c1b5444cad47187d27ec50"
} ,
{
"category" : "Payload delivery" ,
"comment" : "Delphi backdoor" ,
"deleted" : false ,
"disable_correlation" : false ,
"object_relation" : "sha256" ,
"timestamp" : "1524596152" ,
"to_ids" : true ,
"type" : "sha256" ,
"uuid" : "5adf7db8-03f0-49d1-940e-47f702de0b81" ,
"value" : "be95e21f1a04b9d41101afb9cb43ea239a8d8cd11772be1681ee2c16fffdf5a2"
}
]
} ,
{
"comment" : "" ,
"deleted" : false ,
"description" : "VirusTotal report" ,
"meta-category" : "misc" ,
"name" : "virustotal-report" ,
"template_uuid" : "d7dd0154-e04f-4c34-a2fb-79f3a3a52aa4" ,
"template_version" : "1" ,
"timestamp" : "1524596152" ,
"uuid" : "292131ff-8255-4d75-96e4-476aaa98bce9" ,
"Attribute" : [
{
"category" : "Other" ,
"comment" : "Delphi backdoor" ,
"deleted" : false ,
"disable_correlation" : false ,
"object_relation" : "last-submission" ,
"timestamp" : "1524596152" ,
"to_ids" : false ,
"type" : "datetime" ,
"uuid" : "5adf7db8-9d10-4b65-b4a6-4aa902de0b81" ,
"value" : "2018-01-17T15:51:53"
} ,
{
"category" : "External analysis" ,
"comment" : "Delphi backdoor" ,
"deleted" : false ,
"disable_correlation" : false ,
"object_relation" : "permalink" ,
"timestamp" : "1524596153" ,
"to_ids" : false ,
"type" : "link" ,
"uuid" : "5adf7db9-c694-47a0-8c77-453702de0b81" ,
"value" : "https://www.virustotal.com/file/be95e21f1a04b9d41101afb9cb43ea239a8d8cd11772be1681ee2c16fffdf5a2/analysis/1516204313/"
} ,
{
"category" : "Other" ,
"comment" : "Delphi backdoor" ,
"deleted" : false ,
"disable_correlation" : true ,
"object_relation" : "detection-ratio" ,
"timestamp" : "1524596153" ,
"to_ids" : false ,
"type" : "text" ,
"uuid" : "5adf7db9-1e8c-4213-880c-41d202de0b81" ,
"value" : "37/66"
}
]
} ,
{
"comment" : "" ,
"deleted" : false ,
"description" : "File object describing a file with meta-information" ,
"meta-category" : "file" ,
"name" : "file" ,
"template_uuid" : "688c46fb-5edb-40a3-8273-1af7923e2215" ,
"template_version" : "7" ,
"timestamp" : "1524596156" ,
"uuid" : "e1a2202c-2087-41e1-aa42-6dd51e4e6feb" ,
"ObjectReference" : [
{
"comment" : "" ,
"object_uuid" : "e1a2202c-2087-41e1-aa42-6dd51e4e6feb" ,
"referenced_uuid" : "bd746cc8-36e9-4963-9876-cf44eba56c06" ,
"relationship_type" : "analysed-with" ,
"timestamp" : "1524596189" ,
"uuid" : "5adf7ddd-7b20-4c73-80b1-469d02de0b81"
}
] ,
"Attribute" : [
{
"category" : "Payload delivery" ,
"comment" : "Delphi downloader" ,
"deleted" : false ,
"disable_correlation" : false ,
"object_relation" : "md5" ,
"timestamp" : "1524596153" ,
"to_ids" : true ,
"type" : "md5" ,
"uuid" : "5adf7db9-7004-4b3b-a43a-424102de0b81" ,
"value" : "2d0860c3d867b2f557bfc568d1e90b4b"
} ,
{
"category" : "Payload delivery" ,
"comment" : "Delphi downloader" ,
"deleted" : false ,
"disable_correlation" : false ,
"object_relation" : "sha1" ,
"timestamp" : "1524596154" ,
"to_ids" : true ,
"type" : "sha1" ,
"uuid" : "5adf7dba-6afc-4ba5-ae19-4d5102de0b81" ,
"value" : "d6fdc72792ee736b8d606d40d72cb89d6e8a3e18"
} ,
{
"category" : "Payload delivery" ,
"comment" : "Delphi downloader" ,
"deleted" : false ,
"disable_correlation" : false ,
"object_relation" : "sha256" ,
"timestamp" : "1524596154" ,
"to_ids" : true ,
"type" : "sha256" ,
"uuid" : "5adf7dba-d26c-4fee-88e6-432a02de0b81" ,
"value" : "9e20d9d1b59370ac0d1d0f0f8c8a0927569e0b4219765d58aacdc4817d130bdc"
}
]
} ,
{
"comment" : "" ,
"deleted" : false ,
"description" : "VirusTotal report" ,
"meta-category" : "misc" ,
"name" : "virustotal-report" ,
"template_uuid" : "d7dd0154-e04f-4c34-a2fb-79f3a3a52aa4" ,
"template_version" : "1" ,
"timestamp" : "1524596154" ,
"uuid" : "bd746cc8-36e9-4963-9876-cf44eba56c06" ,
"Attribute" : [
{
"category" : "Other" ,
"comment" : "Delphi downloader" ,
"deleted" : false ,
"disable_correlation" : false ,
"object_relation" : "last-submission" ,
"timestamp" : "1524596154" ,
"to_ids" : false ,
"type" : "datetime" ,
"uuid" : "5adf7dba-a9c4-4dcd-947c-471602de0b81" ,
"value" : "2017-11-24T16:56:20"
} ,
{
"category" : "External analysis" ,
"comment" : "Delphi downloader" ,
"deleted" : false ,
"disable_correlation" : false ,
"object_relation" : "permalink" ,
"timestamp" : "1524596155" ,
"to_ids" : false ,
"type" : "link" ,
"uuid" : "5adf7dbb-af8c-4dbc-b645-447f02de0b81" ,
"value" : "https://www.virustotal.com/file/9e20d9d1b59370ac0d1d0f0f8c8a0927569e0b4219765d58aacdc4817d130bdc/analysis/1511542580/"
} ,
{
"category" : "Other" ,
"comment" : "Delphi downloader" ,
"deleted" : false ,
"disable_correlation" : true ,
"object_relation" : "detection-ratio" ,
"timestamp" : "1524596155" ,
"to_ids" : false ,
"type" : "text" ,
"uuid" : "5adf7dbb-7a28-4f6f-8583-425702de0b81" ,
"value" : "42/67"
}
]
} ,
{
"comment" : "" ,
"deleted" : false ,
"description" : "File object describing a file with meta-information" ,
"meta-category" : "file" ,
"name" : "file" ,
"template_uuid" : "688c46fb-5edb-40a3-8273-1af7923e2215" ,
"template_version" : "7" ,
"timestamp" : "1524596158" ,
"uuid" : "5eddcf55-b499-47aa-8ae2-92c101e6b647" ,
"ObjectReference" : [
{
"comment" : "" ,
"object_uuid" : "5eddcf55-b499-47aa-8ae2-92c101e6b647" ,
"referenced_uuid" : "cce6a9d7-acd7-4a70-970a-698271170875" ,
"relationship_type" : "analysed-with" ,
"timestamp" : "1524596189" ,
"uuid" : "5adf7ddd-eebc-4ad8-add8-4af202de0b81"
}
] ,
"Attribute" : [
{
"category" : "Payload delivery" ,
"comment" : "AutoIt downloader" ,
"deleted" : false ,
"disable_correlation" : false ,
"object_relation" : "md5" ,
"timestamp" : "1524596155" ,
"to_ids" : true ,
"type" : "md5" ,
"uuid" : "5adf7dbb-04ac-4f73-9956-4f5d02de0b81" ,
"value" : "8378dd7ed7c15ca5dc3957a09d8db1c1"
} ,
{
"category" : "Payload delivery" ,
"comment" : "AutoIt downloader" ,
"deleted" : false ,
"disable_correlation" : false ,
"object_relation" : "sha1" ,
"timestamp" : "1524596156" ,
"to_ids" : true ,
"type" : "sha1" ,
"uuid" : "5adf7dbc-5a28-4082-a4ed-4c7f02de0b81" ,
"value" : "185ab7a371b58ff367c155ec0dabe28842d340bd"
} ,
{
"category" : "Payload delivery" ,
"comment" : "AutoIt downloader" ,
"deleted" : false ,
"disable_correlation" : false ,
"object_relation" : "sha256" ,
"timestamp" : "1524596156" ,
"to_ids" : true ,
"type" : "sha256" ,
"uuid" : "5adf7dbc-6ad0-4c94-96d1-4ed902de0b81" ,
"value" : "378aaaeaf2dcbaf5e2247b0f94ce8e584cec7645817a4df2e8357d0c7c41fe72"
}
]
} ,
{
"comment" : "" ,
"deleted" : false ,
"description" : "VirusTotal report" ,
"meta-category" : "misc" ,
"name" : "virustotal-report" ,
"template_uuid" : "d7dd0154-e04f-4c34-a2fb-79f3a3a52aa4" ,
"template_version" : "1" ,
"timestamp" : "1524596157" ,
"uuid" : "cce6a9d7-acd7-4a70-970a-698271170875" ,
"Attribute" : [
{
"category" : "Other" ,
"comment" : "AutoIt downloader" ,
"deleted" : false ,
"disable_correlation" : false ,
"object_relation" : "last-submission" ,
"timestamp" : "1524596157" ,
"to_ids" : false ,
"type" : "datetime" ,
"uuid" : "5adf7dbd-0da4-4385-8cce-45a402de0b81" ,
"value" : "2017-01-08T20:21:23"
} ,
{
"category" : "External analysis" ,
"comment" : "AutoIt downloader" ,
"deleted" : false ,
"disable_correlation" : false ,
"object_relation" : "permalink" ,
"timestamp" : "1524596157" ,
"to_ids" : false ,
"type" : "link" ,
"uuid" : "5adf7dbd-47fc-46e4-b004-4b9402de0b81" ,
"value" : "https://www.virustotal.com/file/378aaaeaf2dcbaf5e2247b0f94ce8e584cec7645817a4df2e8357d0c7c41fe72/analysis/1483906883/"
} ,
{
"category" : "Other" ,
"comment" : "AutoIt downloader" ,
"deleted" : false ,
"disable_correlation" : true ,
"object_relation" : "detection-ratio" ,
"timestamp" : "1524596157" ,
"to_ids" : false ,
"type" : "text" ,
"uuid" : "5adf7dbd-e0fc-4f7f-b42e-467502de0b81" ,
"value" : "35/55"
}
]
} ,
{
"comment" : "" ,
"deleted" : false ,
"description" : "File object describing a file with meta-information" ,
"meta-category" : "file" ,
"name" : "file" ,
"template_uuid" : "688c46fb-5edb-40a3-8273-1af7923e2215" ,
"template_version" : "7" ,
"timestamp" : "1524596160" ,
"uuid" : "01cbd989-d616-43eb-829c-e76e83b81cef" ,
"ObjectReference" : [
{
"comment" : "" ,
"object_uuid" : "01cbd989-d616-43eb-829c-e76e83b81cef" ,
"referenced_uuid" : "239bb986-17a9-4090-b77d-09d13ddb3b57" ,
"relationship_type" : "analysed-with" ,
"timestamp" : "1524596189" ,
"uuid" : "5adf7ddd-3c74-492b-9e07-496202de0b81"
}
] ,
"Attribute" : [
{
"category" : "Payload delivery" ,
"comment" : "Delphi downloader" ,
"deleted" : false ,
"disable_correlation" : false ,
"object_relation" : "md5" ,
"timestamp" : "1524596158" ,
"to_ids" : true ,
"type" : "md5" ,
"uuid" : "5adf7dbe-de18-4f23-9785-42ae02de0b81" ,
"value" : "3c1db655039d49b38d3d987c3f8b73b1"
} ,
{
"category" : "Payload delivery" ,
"comment" : "Delphi downloader" ,
"deleted" : false ,
"disable_correlation" : false ,
"object_relation" : "sha1" ,
"timestamp" : "1524596158" ,
"to_ids" : true ,
"type" : "sha1" ,
"uuid" : "5adf7dbe-eb84-45d7-af41-47e902de0b81" ,
"value" : "37bd951c483da057337ef8f38d6e48051cbb39d0"
} ,
{
"category" : "Payload delivery" ,
"comment" : "Delphi downloader" ,
"deleted" : false ,
"disable_correlation" : false ,
"object_relation" : "sha256" ,
"timestamp" : "1524596158" ,
"to_ids" : true ,
"type" : "sha256" ,
"uuid" : "5adf7dbe-5aa8-46e2-88ad-4fed02de0b81" ,
"value" : "24b295dd5f5a10d318844170911b127f1d3a7a95bacabc11c26241f7d29b0c3f"
}
]
} ,
{
"comment" : "" ,
"deleted" : false ,
"description" : "VirusTotal report" ,
"meta-category" : "misc" ,
"name" : "virustotal-report" ,
"template_uuid" : "d7dd0154-e04f-4c34-a2fb-79f3a3a52aa4" ,
"template_version" : "1" ,
"timestamp" : "1524596159" ,
"uuid" : "239bb986-17a9-4090-b77d-09d13ddb3b57" ,
"Attribute" : [
{
"category" : "Other" ,
"comment" : "Delphi downloader" ,
"deleted" : false ,
"disable_correlation" : false ,
"object_relation" : "last-submission" ,
"timestamp" : "1524596159" ,
"to_ids" : false ,
"type" : "datetime" ,
"uuid" : "5adf7dbf-dde0-4bed-8caf-4bb702de0b81" ,
"value" : "2018-01-12T22:36:22"
} ,
{
"category" : "External analysis" ,
"comment" : "Delphi downloader" ,
"deleted" : false ,
"disable_correlation" : false ,
"object_relation" : "permalink" ,
"timestamp" : "1524596159" ,
"to_ids" : false ,
"type" : "link" ,
"uuid" : "5adf7dbf-b788-48f9-b877-40b402de0b81" ,
"value" : "https://www.virustotal.com/file/24b295dd5f5a10d318844170911b127f1d3a7a95bacabc11c26241f7d29b0c3f/analysis/1515796582/"
} ,
{
"category" : "Other" ,
"comment" : "Delphi downloader" ,
"deleted" : false ,
"disable_correlation" : true ,
"object_relation" : "detection-ratio" ,
"timestamp" : "1524596160" ,
"to_ids" : false ,
"type" : "text" ,
"uuid" : "5adf7dc0-c494-4242-8f25-472e02de0b81" ,
"value" : "21/68"
}
]
} ,
{
"comment" : "" ,
"deleted" : false ,
"description" : "File object describing a file with meta-information" ,
"meta-category" : "file" ,
"name" : "file" ,
"template_uuid" : "688c46fb-5edb-40a3-8273-1af7923e2215" ,
"template_version" : "7" ,
"timestamp" : "1524596163" ,
"uuid" : "0c218df1-6a92-42f8-81b4-0b0bc5c3e829" ,
"ObjectReference" : [
{
"comment" : "" ,
"object_uuid" : "0c218df1-6a92-42f8-81b4-0b0bc5c3e829" ,
"referenced_uuid" : "50667d9f-ba5a-4250-a1a5-8cab5f9e5dfe" ,
"relationship_type" : "analysed-with" ,
"timestamp" : "1524596189" ,
"uuid" : "5adf7ddd-3c70-4cac-a8e2-45a502de0b81"
}
] ,
"Attribute" : [
{
"category" : "Payload delivery" ,
"comment" : "AutoIt downloader" ,
"deleted" : false ,
"disable_correlation" : false ,
"object_relation" : "md5" ,
"timestamp" : "1524596160" ,
"to_ids" : true ,
"type" : "md5" ,
"uuid" : "5adf7dc0-6210-47ea-bff3-4f0102de0b81" ,
"value" : "6bb7c33879c07d9e97b9f8b62466c1cf"
} ,
{
"category" : "Payload delivery" ,
"comment" : "AutoIt downloader" ,
"deleted" : false ,
"disable_correlation" : false ,
"object_relation" : "sha1" ,
"timestamp" : "1524596160" ,
"to_ids" : true ,
"type" : "sha1" ,
"uuid" : "5adf7dc0-e4e8-4fdc-8f1d-45f202de0b81" ,
"value" : "d379b94a3eb4fd9c9a973f64d436d7fc2e9d6762"
} ,
{
"category" : "Payload delivery" ,
"comment" : "AutoIt downloader" ,
"deleted" : false ,
"disable_correlation" : false ,
"object_relation" : "sha256" ,
"timestamp" : "1524596160" ,
"to_ids" : true ,
"type" : "sha256" ,
"uuid" : "5adf7dc0-20bc-4b02-a61e-4f4e02de0b81" ,
"value" : "8ac4e164b463c313af059760ce1f830c19b0d5a280ec80554e8f77939143e24e"
}
]
} ,
{
"comment" : "" ,
"deleted" : false ,
"description" : "VirusTotal report" ,
"meta-category" : "misc" ,
"name" : "virustotal-report" ,
"template_uuid" : "d7dd0154-e04f-4c34-a2fb-79f3a3a52aa4" ,
"template_version" : "1" ,
"timestamp" : "1524596161" ,
"uuid" : "50667d9f-ba5a-4250-a1a5-8cab5f9e5dfe" ,
"Attribute" : [
{
"category" : "Other" ,
"comment" : "AutoIt downloader" ,
"deleted" : false ,
"disable_correlation" : false ,
"object_relation" : "last-submission" ,
"timestamp" : "1524596161" ,
"to_ids" : false ,
"type" : "datetime" ,
"uuid" : "5adf7dc1-06fc-4d2b-b767-447602de0b81" ,
"value" : "2018-04-10T20:07:56"
} ,
{
"category" : "External analysis" ,
"comment" : "AutoIt downloader" ,
"deleted" : false ,
"disable_correlation" : false ,
"object_relation" : "permalink" ,
"timestamp" : "1524596162" ,
"to_ids" : false ,
"type" : "link" ,
"uuid" : "5adf7dc2-b128-4188-8f16-4de702de0b81" ,
"value" : "https://www.virustotal.com/file/8ac4e164b463c313af059760ce1f830c19b0d5a280ec80554e8f77939143e24e/analysis/1523390876/"
} ,
{
"category" : "Other" ,
"comment" : "AutoIt downloader" ,
"deleted" : false ,
"disable_correlation" : true ,
"object_relation" : "detection-ratio" ,
"timestamp" : "1524596162" ,
"to_ids" : false ,
"type" : "text" ,
"uuid" : "5adf7dc2-9ebc-4ad8-b531-470b02de0b81" ,
"value" : "45/65"
}
]
} ,
{
"comment" : "" ,
"deleted" : false ,
"description" : "File object describing a file with meta-information" ,
"meta-category" : "file" ,
"name" : "file" ,
"template_uuid" : "688c46fb-5edb-40a3-8273-1af7923e2215" ,
"template_version" : "7" ,
"timestamp" : "1524596165" ,
"uuid" : "f7efa9cb-93b6-46ab-b371-d01fecacb841" ,
"ObjectReference" : [
{
"comment" : "" ,
"object_uuid" : "f7efa9cb-93b6-46ab-b371-d01fecacb841" ,
"referenced_uuid" : "d523f8aa-8e07-4676-a002-3b8d2cb0309e" ,
"relationship_type" : "analysed-with" ,
"timestamp" : "1524596189" ,
"uuid" : "5adf7ddd-ee4c-4ee5-8fd1-45f902de0b81"
}
] ,
"Attribute" : [
{
"category" : "Payload delivery" ,
"comment" : "AutoIt downloader" ,
"deleted" : false ,
"disable_correlation" : false ,
"object_relation" : "md5" ,
"timestamp" : "1524596162" ,
"to_ids" : true ,
"type" : "md5" ,
"uuid" : "5adf7dc2-81e0-44ad-af24-49ed02de0b81" ,
"value" : "4e95e9293a663e73eb63e24442a855e1"
} ,
{
"category" : "Payload delivery" ,
"comment" : "AutoIt downloader" ,
"deleted" : false ,
"disable_correlation" : false ,
"object_relation" : "sha1" ,
"timestamp" : "1524596162" ,
"to_ids" : true ,
"type" : "sha1" ,
"uuid" : "5adf7dc2-4ac8-4103-9cab-41d102de0b81" ,
"value" : "267abd7105ac26d5cb6ecb96292f83708f64b994"
} ,
{
"category" : "Payload delivery" ,
"comment" : "AutoIt downloader" ,
"deleted" : false ,
"disable_correlation" : false ,
"object_relation" : "sha256" ,
"timestamp" : "1524596163" ,
"to_ids" : true ,
"type" : "sha256" ,
"uuid" : "5adf7dc3-ac1c-4d59-9525-48af02de0b81" ,
"value" : "331b06ce8b9d06f01102e8fccbf0205576feaff65803102b17a7e95233ca2d7b"
}
]
} ,
{
"comment" : "" ,
"deleted" : false ,
"description" : "VirusTotal report" ,
"meta-category" : "misc" ,
"name" : "virustotal-report" ,
"template_uuid" : "d7dd0154-e04f-4c34-a2fb-79f3a3a52aa4" ,
"template_version" : "1" ,
"timestamp" : "1524596163" ,
"uuid" : "d523f8aa-8e07-4676-a002-3b8d2cb0309e" ,
"Attribute" : [
{
"category" : "Other" ,
"comment" : "AutoIt downloader" ,
"deleted" : false ,
"disable_correlation" : false ,
"object_relation" : "last-submission" ,
"timestamp" : "1524596163" ,
"to_ids" : false ,
"type" : "datetime" ,
"uuid" : "5adf7dc3-c698-43fa-bbcf-482802de0b81" ,
"value" : "2018-01-18T23:53:16"
} ,
{
"category" : "External analysis" ,
"comment" : "AutoIt downloader" ,
"deleted" : false ,
"disable_correlation" : false ,
"object_relation" : "permalink" ,
"timestamp" : "1524596164" ,
"to_ids" : false ,
"type" : "link" ,
"uuid" : "5adf7dc4-981c-4e55-9ff0-4e7802de0b81" ,
"value" : "https://www.virustotal.com/file/331b06ce8b9d06f01102e8fccbf0205576feaff65803102b17a7e95233ca2d7b/analysis/1516319596/"
} ,
{
"category" : "Other" ,
"comment" : "AutoIt downloader" ,
"deleted" : false ,
"disable_correlation" : true ,
"object_relation" : "detection-ratio" ,
"timestamp" : "1524596164" ,
"to_ids" : false ,
"type" : "text" ,
"uuid" : "5adf7dc4-a4c8-4ee9-83db-432202de0b81" ,
"value" : "38/66"
}
]
} ,
{
"comment" : "" ,
"deleted" : false ,
"description" : "File object describing a file with meta-information" ,
"meta-category" : "file" ,
"name" : "file" ,
"template_uuid" : "688c46fb-5edb-40a3-8273-1af7923e2215" ,
"template_version" : "7" ,
"timestamp" : "1524596167" ,
"uuid" : "457493d7-a191-4bdf-933b-74978f71aa8c" ,
"ObjectReference" : [
{
"comment" : "" ,
"object_uuid" : "457493d7-a191-4bdf-933b-74978f71aa8c" ,
"referenced_uuid" : "fc424bda-f8f3-4647-8c44-eceacf716dd3" ,
"relationship_type" : "analysed-with" ,
"timestamp" : "1524596189" ,
"uuid" : "5adf7ddd-8b10-4a11-92aa-4f1902de0b81"
}
] ,
"Attribute" : [
{
"category" : "Payload delivery" ,
"comment" : "Malicious documents" ,
"deleted" : false ,
"disable_correlation" : false ,
"object_relation" : "md5" ,
"timestamp" : "1524596164" ,
"to_ids" : true ,
"type" : "md5" ,
"uuid" : "5adf7dc4-e220-4e55-a4e7-423f02de0b81" ,
"value" : "e4ef63f74d55930157bc425bf3bd856f"
} ,
{
"category" : "Payload delivery" ,
"comment" : "Malicious documents" ,
"deleted" : false ,
"disable_correlation" : false ,
"object_relation" : "sha1" ,
"timestamp" : "1524596165" ,
"to_ids" : true ,
"type" : "sha1" ,
"uuid" : "5adf7dc5-5b18-4bfb-b20a-493d02de0b81" ,
"value" : "f10b2c052afc07e2dec9dbe816031059fdc900ba"
} ,
{
"category" : "Payload delivery" ,
"comment" : "Malicious documents" ,
"deleted" : false ,
"disable_correlation" : false ,
"object_relation" : "sha256" ,
"timestamp" : "1524596165" ,
"to_ids" : true ,
"type" : "sha256" ,
"uuid" : "5adf7dc5-5e30-48fb-a8b9-4ddf02de0b81" ,
"value" : "6f72632394b89daff89f08488081f782d63c1f01e0033cec693fd5c895965b80"
}
]
} ,
{
"comment" : "" ,
"deleted" : false ,
"description" : "VirusTotal report" ,
"meta-category" : "misc" ,
"name" : "virustotal-report" ,
"template_uuid" : "d7dd0154-e04f-4c34-a2fb-79f3a3a52aa4" ,
"template_version" : "1" ,
"timestamp" : "1524596165" ,
"uuid" : "fc424bda-f8f3-4647-8c44-eceacf716dd3" ,
"Attribute" : [
{
"category" : "Other" ,
"comment" : "Malicious documents" ,
"deleted" : false ,
"disable_correlation" : false ,
"object_relation" : "last-submission" ,
"timestamp" : "1524596166" ,
"to_ids" : false ,
"type" : "datetime" ,
"uuid" : "5adf7dc6-1608-4732-9c70-472802de0b81" ,
"value" : "2018-01-25T18:59:40"
} ,
{
"category" : "External analysis" ,
"comment" : "Malicious documents" ,
"deleted" : false ,
"disable_correlation" : false ,
"object_relation" : "permalink" ,
"timestamp" : "1524596166" ,
"to_ids" : false ,
"type" : "link" ,
"uuid" : "5adf7dc6-61a0-4cd0-9660-4e7702de0b81" ,
"value" : "https://www.virustotal.com/file/6f72632394b89daff89f08488081f782d63c1f01e0033cec693fd5c895965b80/analysis/1516906780/"
} ,
{
"category" : "Other" ,
"comment" : "Malicious documents" ,
"deleted" : false ,
"disable_correlation" : true ,
"object_relation" : "detection-ratio" ,
"timestamp" : "1524596166" ,
"to_ids" : false ,
"type" : "text" ,
"uuid" : "5adf7dc6-3480-402c-b5ea-422802de0b81" ,
"value" : "33/58"
}
]
} ,
{
"comment" : "" ,
"deleted" : false ,
"description" : "File object describing a file with meta-information" ,
"meta-category" : "file" ,
"name" : "file" ,
"template_uuid" : "688c46fb-5edb-40a3-8273-1af7923e2215" ,
"template_version" : "7" ,
"timestamp" : "1524596169" ,
"uuid" : "799485d1-81c0-4356-8c37-a1fd87d2b696" ,
"ObjectReference" : [
{
"comment" : "" ,
"object_uuid" : "799485d1-81c0-4356-8c37-a1fd87d2b696" ,
"referenced_uuid" : "5455dfc9-9fea-4181-9055-286a5d6bee2e" ,
"relationship_type" : "analysed-with" ,
"timestamp" : "1524596189" ,
"uuid" : "5adf7ddd-8934-435b-a4d3-4a0c02de0b81"
}
] ,
"Attribute" : [
{
"category" : "Payload delivery" ,
"comment" : "Delphi backdoor" ,
"deleted" : false ,
"disable_correlation" : false ,
"object_relation" : "md5" ,
"timestamp" : "1524596166" ,
"to_ids" : true ,
"type" : "md5" ,
"uuid" : "5adf7dc6-c8d8-4c0b-981b-415602de0b81" ,
"value" : "d41dc335d2106d53b9f478a173e9c778"
} ,
{
"category" : "Payload delivery" ,
"comment" : "Delphi backdoor" ,
"deleted" : false ,
"disable_correlation" : false ,
"object_relation" : "sha1" ,
"timestamp" : "1524596167" ,
"to_ids" : true ,
"type" : "sha1" ,
"uuid" : "5adf7dc7-e044-4119-b6ea-462d02de0b81" ,
"value" : "226083c7190f1a939d5b7b352400450690d59f65"
} ,
{
"category" : "Payload delivery" ,
"comment" : "Delphi backdoor" ,
"deleted" : false ,
"disable_correlation" : false ,
"object_relation" : "sha256" ,
"timestamp" : "1524596167" ,
"to_ids" : true ,
"type" : "sha256" ,
"uuid" : "5adf7dc7-9454-4d86-8736-4df902de0b81" ,
"value" : "0b6e96edab66aaeb9b3912cd511b6aeea852e33453796226db36dce7bdf0f38d"
}
]
} ,
{
"comment" : "" ,
"deleted" : false ,
"description" : "VirusTotal report" ,
"meta-category" : "misc" ,
"name" : "virustotal-report" ,
"template_uuid" : "d7dd0154-e04f-4c34-a2fb-79f3a3a52aa4" ,
"template_version" : "1" ,
"timestamp" : "1524596168" ,
"uuid" : "5455dfc9-9fea-4181-9055-286a5d6bee2e" ,
"Attribute" : [
{
"category" : "Other" ,
"comment" : "Delphi backdoor" ,
"deleted" : false ,
"disable_correlation" : false ,
"object_relation" : "last-submission" ,
"timestamp" : "1524596168" ,
"to_ids" : false ,
"type" : "datetime" ,
"uuid" : "5adf7dc8-9a8c-4cb5-8a22-463b02de0b81" ,
"value" : "2018-01-03T04:24:53"
} ,
{
"category" : "External analysis" ,
"comment" : "Delphi backdoor" ,
"deleted" : false ,
"disable_correlation" : false ,
"object_relation" : "permalink" ,
"timestamp" : "1524596168" ,
"to_ids" : false ,
"type" : "link" ,
"uuid" : "5adf7dc8-df94-47b2-845e-466802de0b81" ,
"value" : "https://www.virustotal.com/file/0b6e96edab66aaeb9b3912cd511b6aeea852e33453796226db36dce7bdf0f38d/analysis/1514953493/"
} ,
{
"category" : "Other" ,
"comment" : "Delphi backdoor" ,
"deleted" : false ,
"disable_correlation" : true ,
"object_relation" : "detection-ratio" ,
"timestamp" : "1524596168" ,
"to_ids" : false ,
"type" : "text" ,
"uuid" : "5adf7dc8-67cc-487f-8280-4a3a02de0b81" ,
"value" : "35/68"
}
]
} ,
{
"comment" : "" ,
"deleted" : false ,
"description" : "File object describing a file with meta-information" ,
"meta-category" : "file" ,
"name" : "file" ,
"template_uuid" : "688c46fb-5edb-40a3-8273-1af7923e2215" ,
"template_version" : "7" ,
"timestamp" : "1524596171" ,
"uuid" : "52cc2b2b-e22b-4859-8353-f3962ed30eb0" ,
"ObjectReference" : [
{
"comment" : "" ,
"object_uuid" : "52cc2b2b-e22b-4859-8353-f3962ed30eb0" ,
"referenced_uuid" : "d1df3a1f-0657-4f95-b413-d567e7a8e35a" ,
"relationship_type" : "analysed-with" ,
"timestamp" : "1524596189" ,
"uuid" : "5adf7ddd-1290-4728-9445-42c802de0b81"
}
] ,
"Attribute" : [
{
"category" : "Payload delivery" ,
"comment" : "AutoIt downloader" ,
"deleted" : false ,
"disable_correlation" : false ,
"object_relation" : "md5" ,
"timestamp" : "1524596169" ,
"to_ids" : true ,
"type" : "md5" ,
"uuid" : "5adf7dc9-6c7c-4ba1-bb32-43bd02de0b81" ,
"value" : "c590c371200f8896da664168d13011ef"
} ,
{
"category" : "Payload delivery" ,
"comment" : "AutoIt downloader" ,
"deleted" : false ,
"disable_correlation" : false ,
"object_relation" : "sha1" ,
"timestamp" : "1524596169" ,
"to_ids" : true ,
"type" : "sha1" ,
"uuid" : "5adf7dc9-31bc-4e87-99cf-428c02de0b81" ,
"value" : "62dcf2f33ecc6014fa9a10f4e9ac9fd9bb0a6d23"
} ,
{
"category" : "Payload delivery" ,
"comment" : "AutoIt downloader" ,
"deleted" : false ,
"disable_correlation" : false ,
"object_relation" : "sha256" ,
"timestamp" : "1524596169" ,
"to_ids" : true ,
"type" : "sha256" ,
"uuid" : "5adf7dc9-d3a8-429c-95d7-476102de0b81" ,
"value" : "7d2dd600a6255780aef39717b9dd500ba3eea25dca8cf332247abf18479f608b"
}
]
} ,
{
"comment" : "" ,
"deleted" : false ,
"description" : "VirusTotal report" ,
"meta-category" : "misc" ,
"name" : "virustotal-report" ,
"template_uuid" : "d7dd0154-e04f-4c34-a2fb-79f3a3a52aa4" ,
"template_version" : "1" ,
"timestamp" : "1524596170" ,
"uuid" : "d1df3a1f-0657-4f95-b413-d567e7a8e35a" ,
"Attribute" : [
{
"category" : "Other" ,
"comment" : "AutoIt downloader" ,
"deleted" : false ,
"disable_correlation" : false ,
"object_relation" : "last-submission" ,
"timestamp" : "1524596170" ,
"to_ids" : false ,
"type" : "datetime" ,
"uuid" : "5adf7dca-84c0-4a06-aa8a-41fd02de0b81" ,
"value" : "2018-03-20T11:23:09"
} ,
{
"category" : "External analysis" ,
"comment" : "AutoIt downloader" ,
"deleted" : false ,
"disable_correlation" : false ,
"object_relation" : "permalink" ,
"timestamp" : "1524596170" ,
"to_ids" : false ,
"type" : "link" ,
"uuid" : "5adf7dca-a6c4-4dcc-a69a-4b2302de0b81" ,
"value" : "https://www.virustotal.com/file/7d2dd600a6255780aef39717b9dd500ba3eea25dca8cf332247abf18479f608b/analysis/1521544989/"
} ,
{
"category" : "Other" ,
"comment" : "AutoIt downloader" ,
"deleted" : false ,
"disable_correlation" : true ,
"object_relation" : "detection-ratio" ,
"timestamp" : "1524596171" ,
"to_ids" : false ,
"type" : "text" ,
"uuid" : "5adf7dcb-7748-4312-bcc2-454902de0b81" ,
"value" : "38/63"
}
]
} ,
{
"comment" : "" ,
"deleted" : false ,
"description" : "File object describing a file with meta-information" ,
"meta-category" : "file" ,
"name" : "file" ,
"template_uuid" : "688c46fb-5edb-40a3-8273-1af7923e2215" ,
"template_version" : "7" ,
"timestamp" : "1524596174" ,
"uuid" : "b30ce5a7-9388-43de-a962-a21c92dd3adb" ,
"ObjectReference" : [
{
"comment" : "" ,
"object_uuid" : "b30ce5a7-9388-43de-a962-a21c92dd3adb" ,
"referenced_uuid" : "0013c360-38e7-4b54-b525-3a9fd2a09dcf" ,
"relationship_type" : "analysed-with" ,
"timestamp" : "1524596189" ,
"uuid" : "5adf7ddd-4620-4f1d-9855-464702de0b81"
}
] ,
"Attribute" : [
{
"category" : "Payload delivery" ,
"comment" : "Delphi downloader" ,
"deleted" : false ,
"disable_correlation" : false ,
"object_relation" : "md5" ,
"timestamp" : "1524596171" ,
"to_ids" : true ,
"type" : "md5" ,
"uuid" : "5adf7dcb-6ea4-4729-8809-487b02de0b81" ,
"value" : "0a2a1c64a70231498f36b56b8253bf85"
} ,
{
"category" : "Payload delivery" ,
"comment" : "Delphi downloader" ,
"deleted" : false ,
"disable_correlation" : false ,
"object_relation" : "sha1" ,
"timestamp" : "1524596171" ,
"to_ids" : true ,
"type" : "sha1" ,
"uuid" : "5adf7dcb-e83c-46c4-be63-483f02de0b81" ,
"value" : "4e6470f4a245efaa138c8c6eedb046e916706383"
} ,
{
"category" : "Payload delivery" ,
"comment" : "Delphi downloader" ,
"deleted" : false ,
"disable_correlation" : false ,
"object_relation" : "sha256" ,
"timestamp" : "1524596171" ,
"to_ids" : true ,
"type" : "sha256" ,
"uuid" : "5adf7dcb-d40c-45c0-8ed8-421002de0b81" ,
"value" : "c07d30c0b69e11bae9f700187f2ca2473918142905fa258f1c6b52986087e3c7"
}
]
} ,
{
"comment" : "" ,
"deleted" : false ,
"description" : "VirusTotal report" ,
"meta-category" : "misc" ,
"name" : "virustotal-report" ,
"template_uuid" : "d7dd0154-e04f-4c34-a2fb-79f3a3a52aa4" ,
"template_version" : "1" ,
"timestamp" : "1524596172" ,
"uuid" : "0013c360-38e7-4b54-b525-3a9fd2a09dcf" ,
"Attribute" : [
{
"category" : "Other" ,
"comment" : "Delphi downloader" ,
"deleted" : false ,
"disable_correlation" : false ,
"object_relation" : "last-submission" ,
"timestamp" : "1524596172" ,
"to_ids" : false ,
"type" : "datetime" ,
"uuid" : "5adf7dcc-a078-4990-8fd2-4a7a02de0b81" ,
"value" : "2018-02-28T15:38:27"
} ,
{
"category" : "External analysis" ,
"comment" : "Delphi downloader" ,
"deleted" : false ,
"disable_correlation" : false ,
"object_relation" : "permalink" ,
"timestamp" : "1524596172" ,
"to_ids" : false ,
"type" : "link" ,
"uuid" : "5adf7dcc-eb74-46a7-bab8-4d7802de0b81" ,
"value" : "https://www.virustotal.com/file/c07d30c0b69e11bae9f700187f2ca2473918142905fa258f1c6b52986087e3c7/analysis/1519832307/"
} ,
{
"category" : "Other" ,
"comment" : "Delphi downloader" ,
"deleted" : false ,
"disable_correlation" : true ,
"object_relation" : "detection-ratio" ,
"timestamp" : "1524596173" ,
"to_ids" : false ,
"type" : "text" ,
"uuid" : "5adf7dcd-f2a4-4072-85d3-40c202de0b81" ,
"value" : "41/68"
}
]
} ,
{
"comment" : "" ,
"deleted" : false ,
"description" : "File object describing a file with meta-information" ,
"meta-category" : "file" ,
"name" : "file" ,
"template_uuid" : "688c46fb-5edb-40a3-8273-1af7923e2215" ,
"template_version" : "7" ,
"timestamp" : "1524596176" ,
"uuid" : "b3276d07-ad5e-4273-80d2-fdbbebb461d7" ,
"ObjectReference" : [
{
"comment" : "" ,
"object_uuid" : "b3276d07-ad5e-4273-80d2-fdbbebb461d7" ,
"referenced_uuid" : "00524f3a-0430-47bf-8631-8116a10692c4" ,
"relationship_type" : "analysed-with" ,
"timestamp" : "1524596189" ,
"uuid" : "5adf7ddd-02ec-4eab-9426-452102de0b81"
}
] ,
"Attribute" : [
{
"category" : "Payload delivery" ,
"comment" : "Delphi backdoor" ,
"deleted" : false ,
"disable_correlation" : false ,
"object_relation" : "md5" ,
"timestamp" : "1524596173" ,
"to_ids" : true ,
"type" : "md5" ,
"uuid" : "5adf7dcd-5324-474d-a008-415402de0b81" ,
"value" : "ba348414fff2f3eafc65fdccdce9336f"
} ,
{
"category" : "Payload delivery" ,
"comment" : "Delphi backdoor" ,
"deleted" : false ,
"disable_correlation" : false ,
"object_relation" : "sha1" ,
"timestamp" : "1524596173" ,
"to_ids" : true ,
"type" : "sha1" ,
"uuid" : "5adf7dcd-7034-46f9-a3b0-49d202de0b81" ,
"value" : "6fd7ce97061169b835ea77976651b5bf20aca4ef"
} ,
{
"category" : "Payload delivery" ,
"comment" : "Delphi backdoor" ,
"deleted" : false ,
"disable_correlation" : false ,
"object_relation" : "sha256" ,
"timestamp" : "1524596174" ,
"to_ids" : true ,
"type" : "sha256" ,
"uuid" : "5adf7dce-2e58-4322-8219-4f1e02de0b81" ,
"value" : "ecb835d03060db1ea3496ceca2d79d7c4c6c671c9907e0b0e73bf8d3371fa931"
}
]
} ,
{
"comment" : "" ,
"deleted" : false ,
"description" : "VirusTotal report" ,
"meta-category" : "misc" ,
"name" : "virustotal-report" ,
"template_uuid" : "d7dd0154-e04f-4c34-a2fb-79f3a3a52aa4" ,
"template_version" : "1" ,
"timestamp" : "1524596174" ,
"uuid" : "00524f3a-0430-47bf-8631-8116a10692c4" ,
"Attribute" : [
{
"category" : "Other" ,
"comment" : "Delphi backdoor" ,
"deleted" : false ,
"disable_correlation" : false ,
"object_relation" : "last-submission" ,
"timestamp" : "1524596174" ,
"to_ids" : false ,
"type" : "datetime" ,
"uuid" : "5adf7dce-528c-44b5-a67d-474902de0b81" ,
"value" : "2016-06-22T09:46:08"
} ,
{
"category" : "External analysis" ,
"comment" : "Delphi backdoor" ,
"deleted" : false ,
"disable_correlation" : false ,
"object_relation" : "permalink" ,
"timestamp" : "1524596175" ,
"to_ids" : false ,
"type" : "link" ,
"uuid" : "5adf7dcf-0810-4aab-bea9-42de02de0b81" ,
"value" : "https://www.virustotal.com/file/ecb835d03060db1ea3496ceca2d79d7c4c6c671c9907e0b0e73bf8d3371fa931/analysis/1466588768/"
} ,
{
"category" : "Other" ,
"comment" : "Delphi backdoor" ,
"deleted" : false ,
"disable_correlation" : true ,
"object_relation" : "detection-ratio" ,
"timestamp" : "1524596175" ,
"to_ids" : false ,
"type" : "text" ,
"uuid" : "5adf7dcf-870c-470e-84d1-430102de0b81" ,
"value" : "31/55"
}
]
} ,
{
"comment" : "" ,
"deleted" : false ,
"description" : "File object describing a file with meta-information" ,
"meta-category" : "file" ,
"name" : "file" ,
"template_uuid" : "688c46fb-5edb-40a3-8273-1af7923e2215" ,
"template_version" : "7" ,
"timestamp" : "1524596178" ,
"uuid" : "fd291a15-f1ec-4e9a-b6b0-bfa559cb3d3a" ,
"ObjectReference" : [
{
"comment" : "" ,
"object_uuid" : "fd291a15-f1ec-4e9a-b6b0-bfa559cb3d3a" ,
"referenced_uuid" : "8b8fe04c-91cd-4d37-82e6-668576da81cd" ,
"relationship_type" : "analysed-with" ,
"timestamp" : "1524596189" ,
"uuid" : "5adf7ddd-6bfc-4ba8-91be-422102de0b81"
}
] ,
"Attribute" : [
{
"category" : "Payload delivery" ,
"comment" : "Delphi downloader" ,
"deleted" : false ,
"disable_correlation" : false ,
"object_relation" : "md5" ,
"timestamp" : "1524596175" ,
"to_ids" : true ,
"type" : "md5" ,
"uuid" : "5adf7dcf-ef98-4c02-9ca9-45d402de0b81" ,
"value" : "d89bef3fcf226b02d24e6026f4433944"
} ,
{
"category" : "Payload delivery" ,
"comment" : "Delphi downloader" ,
"deleted" : false ,
"disable_correlation" : false ,
"object_relation" : "sha1" ,
"timestamp" : "1524596176" ,
"to_ids" : true ,
"type" : "sha1" ,
"uuid" : "5adf7dd0-6eb4-4d8b-8aa6-4f5202de0b81" ,
"value" : "07e44b44c5f1043d16f6011a2cf0d2e7c5a52787"
} ,
{
"category" : "Payload delivery" ,
"comment" : "Delphi downloader" ,
"deleted" : false ,
"disable_correlation" : false ,
"object_relation" : "sha256" ,
"timestamp" : "1524596176" ,
"to_ids" : true ,
"type" : "sha256" ,
"uuid" : "5adf7dd0-59f4-4248-a1a3-485b02de0b81" ,
"value" : "657c83297cfcc5809e89098adf69c206df95aee77bfc1292898bbbe1c44c9dc4"
}
]
} ,
{
"comment" : "" ,
"deleted" : false ,
"description" : "VirusTotal report" ,
"meta-category" : "misc" ,
"name" : "virustotal-report" ,
"template_uuid" : "d7dd0154-e04f-4c34-a2fb-79f3a3a52aa4" ,
"template_version" : "1" ,
"timestamp" : "1524596176" ,
"uuid" : "8b8fe04c-91cd-4d37-82e6-668576da81cd" ,
"Attribute" : [
{
"category" : "Other" ,
"comment" : "Delphi downloader" ,
"deleted" : false ,
"disable_correlation" : false ,
"object_relation" : "last-submission" ,
"timestamp" : "1524596176" ,
"to_ids" : false ,
"type" : "datetime" ,
"uuid" : "5adf7dd0-f53c-4858-a537-4ced02de0b81" ,
"value" : "2017-10-31T22:48:55"
} ,
{
"category" : "External analysis" ,
"comment" : "Delphi downloader" ,
"deleted" : false ,
"disable_correlation" : false ,
"object_relation" : "permalink" ,
"timestamp" : "1524596177" ,
"to_ids" : false ,
"type" : "link" ,
"uuid" : "5adf7dd1-a568-4e0b-8e71-43aa02de0b81" ,
"value" : "https://www.virustotal.com/file/657c83297cfcc5809e89098adf69c206df95aee77bfc1292898bbbe1c44c9dc4/analysis/1509490135/"
} ,
{
"category" : "Other" ,
"comment" : "Delphi downloader" ,
"deleted" : false ,
"disable_correlation" : true ,
"object_relation" : "detection-ratio" ,
"timestamp" : "1524596177" ,
"to_ids" : false ,
"type" : "text" ,
"uuid" : "5adf7dd1-ab84-4380-8e3a-467502de0b81" ,
"value" : "35/68"
}
]
} ,
{
"comment" : "" ,
"deleted" : false ,
"description" : "File object describing a file with meta-information" ,
"meta-category" : "file" ,
"name" : "file" ,
"template_uuid" : "688c46fb-5edb-40a3-8273-1af7923e2215" ,
"template_version" : "7" ,
"timestamp" : "1524596180" ,
"uuid" : "6f303c37-603a-4865-b8d8-051126590d55" ,
"ObjectReference" : [
{
"comment" : "" ,
"object_uuid" : "6f303c37-603a-4865-b8d8-051126590d55" ,
"referenced_uuid" : "694554ff-b6b8-4a69-90b9-e3c221c1178c" ,
"relationship_type" : "analysed-with" ,
"timestamp" : "1524596189" ,
"uuid" : "5adf7ddd-8a0c-4ffc-a750-41df02de0b81"
}
] ,
"Attribute" : [
{
"category" : "Payload delivery" ,
"comment" : "Delphi backdoor" ,
"deleted" : false ,
"disable_correlation" : false ,
"object_relation" : "md5" ,
"timestamp" : "1524596177" ,
"to_ids" : true ,
"type" : "md5" ,
"uuid" : "5adf7dd1-68d8-4579-9610-484002de0b81" ,
"value" : "ccaa16fbd2eb85dc496ee72ae125c711"
} ,
{
"category" : "Payload delivery" ,
"comment" : "Delphi backdoor" ,
"deleted" : false ,
"disable_correlation" : false ,
"object_relation" : "sha1" ,
"timestamp" : "1524596178" ,
"to_ids" : true ,
"type" : "sha1" ,
"uuid" : "5adf7dd2-99bc-4aa0-98eb-4f2602de0b81" ,
"value" : "f63e29621c8becac47ae6eac7bf9577bd0a37b73"
} ,
{
"category" : "Payload delivery" ,
"comment" : "Delphi backdoor" ,
"deleted" : false ,
"disable_correlation" : false ,
"object_relation" : "sha256" ,
"timestamp" : "1524596178" ,
"to_ids" : true ,
"type" : "sha256" ,
"uuid" : "5adf7dd2-8e28-4073-ad1a-49d702de0b81" ,
"value" : "018a3fbea5a8a5c0d2680428ae48ba865c4c88cb809e6875208368f5d016a51b"
}
]
} ,
{
"comment" : "" ,
"deleted" : false ,
"description" : "VirusTotal report" ,
"meta-category" : "misc" ,
"name" : "virustotal-report" ,
"template_uuid" : "d7dd0154-e04f-4c34-a2fb-79f3a3a52aa4" ,
"template_version" : "1" ,
"timestamp" : "1524596178" ,
"uuid" : "694554ff-b6b8-4a69-90b9-e3c221c1178c" ,
"Attribute" : [
{
"category" : "Other" ,
"comment" : "Delphi backdoor" ,
"deleted" : false ,
"disable_correlation" : false ,
"object_relation" : "last-submission" ,
"timestamp" : "1524596179" ,
"to_ids" : false ,
"type" : "datetime" ,
"uuid" : "5adf7dd3-dde0-4da2-8234-490002de0b81" ,
"value" : "2016-11-25T10:59:01"
} ,
{
"category" : "External analysis" ,
"comment" : "Delphi backdoor" ,
"deleted" : false ,
"disable_correlation" : false ,
"object_relation" : "permalink" ,
"timestamp" : "1524596179" ,
"to_ids" : false ,
"type" : "link" ,
"uuid" : "5adf7dd3-0ac4-4b34-adbe-44c702de0b81" ,
"value" : "https://www.virustotal.com/file/018a3fbea5a8a5c0d2680428ae48ba865c4c88cb809e6875208368f5d016a51b/analysis/1480071541/"
} ,
{
"category" : "Other" ,
"comment" : "Delphi backdoor" ,
"deleted" : false ,
"disable_correlation" : true ,
"object_relation" : "detection-ratio" ,
"timestamp" : "1524596179" ,
"to_ids" : false ,
"type" : "text" ,
"uuid" : "5adf7dd3-6acc-4b77-8d19-4ef902de0b81" ,
"value" : "36/56"
}
]
} ,
{
"comment" : "" ,
"deleted" : false ,
"description" : "File object describing a file with meta-information" ,
"meta-category" : "file" ,
"name" : "file" ,
"template_uuid" : "688c46fb-5edb-40a3-8273-1af7923e2215" ,
"template_version" : "7" ,
"timestamp" : "1524596182" ,
"uuid" : "7d6b3b1f-0adf-44cd-bb64-de0239f5b652" ,
"ObjectReference" : [
{
"comment" : "" ,
"object_uuid" : "7d6b3b1f-0adf-44cd-bb64-de0239f5b652" ,
"referenced_uuid" : "7c34a838-84cb-4ebb-9084-3f9cf9a8b891" ,
"relationship_type" : "analysed-with" ,
"timestamp" : "1524596189" ,
"uuid" : "5adf7ddd-b244-42fb-9f94-4a0f02de0b81"
}
] ,
"Attribute" : [
{
"category" : "Payload delivery" ,
"comment" : "AutoIt downloader" ,
"deleted" : false ,
"disable_correlation" : false ,
"object_relation" : "md5" ,
"timestamp" : "1524596179" ,
"to_ids" : true ,
"type" : "md5" ,
"uuid" : "5adf7dd3-4f50-4089-a3c5-476202de0b81" ,
"value" : "783d1d533ba68b0f71902f8cf357c2f0"
} ,
{
"category" : "Payload delivery" ,
"comment" : "AutoIt downloader" ,
"deleted" : false ,
"disable_correlation" : false ,
"object_relation" : "sha1" ,
"timestamp" : "1524596180" ,
"to_ids" : true ,
"type" : "sha1" ,
"uuid" : "5adf7dd4-d43c-4096-b998-453a02de0b81" ,
"value" : "dabeadf0a9af3a8a0802f8445670806cd7671b1d"
} ,
{
"category" : "Payload delivery" ,
"comment" : "AutoIt downloader" ,
"deleted" : false ,
"disable_correlation" : false ,
"object_relation" : "sha256" ,
"timestamp" : "1524596180" ,
"to_ids" : true ,
"type" : "sha256" ,
"uuid" : "5adf7dd4-f818-44e9-b575-491102de0b81" ,
"value" : "7f4e4cc382af5d87b5d74fc7c3226652ee5748bd1de55466b5d36a70018b2460"
}
]
} ,
{
"comment" : "" ,
"deleted" : false ,
"description" : "VirusTotal report" ,
"meta-category" : "misc" ,
"name" : "virustotal-report" ,
"template_uuid" : "d7dd0154-e04f-4c34-a2fb-79f3a3a52aa4" ,
"template_version" : "1" ,
"timestamp" : "1524596181" ,
"uuid" : "7c34a838-84cb-4ebb-9084-3f9cf9a8b891" ,
"Attribute" : [
{
"category" : "Other" ,
"comment" : "AutoIt downloader" ,
"deleted" : false ,
"disable_correlation" : false ,
"object_relation" : "last-submission" ,
"timestamp" : "1524596181" ,
"to_ids" : false ,
"type" : "datetime" ,
"uuid" : "5adf7dd5-70f4-4f55-a3e2-43e802de0b81" ,
"value" : "2016-09-14T11:19:03"
} ,
{
"category" : "External analysis" ,
"comment" : "AutoIt downloader" ,
"deleted" : false ,
"disable_correlation" : false ,
"object_relation" : "permalink" ,
"timestamp" : "1524596181" ,
"to_ids" : false ,
"type" : "link" ,
"uuid" : "5adf7dd5-7d08-4bc9-8e82-466f02de0b81" ,
"value" : "https://www.virustotal.com/file/7f4e4cc382af5d87b5d74fc7c3226652ee5748bd1de55466b5d36a70018b2460/analysis/1473851943/"
} ,
{
"category" : "Other" ,
"comment" : "AutoIt downloader" ,
"deleted" : false ,
"disable_correlation" : true ,
"object_relation" : "detection-ratio" ,
"timestamp" : "1524596182" ,
"to_ids" : false ,
"type" : "text" ,
"uuid" : "5adf7dd6-e860-4e4d-8361-4c0f02de0b81" ,
"value" : "34/58"
}
]
} ,
{
"comment" : "" ,
"deleted" : false ,
"description" : "File object describing a file with meta-information" ,
"meta-category" : "file" ,
"name" : "file" ,
"template_uuid" : "688c46fb-5edb-40a3-8273-1af7923e2215" ,
"template_version" : "7" ,
"timestamp" : "1524596185" ,
"uuid" : "e25631f0-e2b9-4d16-817d-edfcc584a529" ,
"ObjectReference" : [
{
"comment" : "" ,
"object_uuid" : "e25631f0-e2b9-4d16-817d-edfcc584a529" ,
"referenced_uuid" : "4adfc07f-6b19-4fa0-be98-82d35e9a5438" ,
"relationship_type" : "analysed-with" ,
"timestamp" : "1524596189" ,
"uuid" : "5adf7ddd-d43c-4f8b-83b0-4c4702de0b81"
}
] ,
"Attribute" : [
{
"category" : "Payload delivery" ,
"comment" : "Delphi backdoor" ,
"deleted" : false ,
"disable_correlation" : false ,
"object_relation" : "md5" ,
"timestamp" : "1524596182" ,
"to_ids" : true ,
"type" : "md5" ,
"uuid" : "5adf7dd6-321c-406a-a831-478902de0b81" ,
"value" : "87b5f05de6787fae0c48c23e03234502"
} ,
{
"category" : "Payload delivery" ,
"comment" : "Delphi backdoor" ,
"deleted" : false ,
"disable_correlation" : false ,
"object_relation" : "sha1" ,
"timestamp" : "1524596182" ,
"to_ids" : true ,
"type" : "sha1" ,
"uuid" : "5adf7dd6-5eb8-4990-a708-4ac602de0b81" ,
"value" : "8bd56b580974ae195e9f92b3aa525547d33434c1"
} ,
{
"category" : "Payload delivery" ,
"comment" : "Delphi backdoor" ,
"deleted" : false ,
"disable_correlation" : false ,
"object_relation" : "sha256" ,
"timestamp" : "1524596183" ,
"to_ids" : true ,
"type" : "sha256" ,
"uuid" : "5adf7dd7-61f4-4e0f-9d83-4d8b02de0b81" ,
"value" : "1d3970df043761627f2ac63a01550074a0ef137d408c0f029fecb1481b820f93"
}
]
} ,
{
"comment" : "" ,
"deleted" : false ,
"description" : "VirusTotal report" ,
"meta-category" : "misc" ,
"name" : "virustotal-report" ,
"template_uuid" : "d7dd0154-e04f-4c34-a2fb-79f3a3a52aa4" ,
"template_version" : "1" ,
"timestamp" : "1524596183" ,
"uuid" : "4adfc07f-6b19-4fa0-be98-82d35e9a5438" ,
"Attribute" : [
{
"category" : "Other" ,
"comment" : "Delphi backdoor" ,
"deleted" : false ,
"disable_correlation" : false ,
"object_relation" : "last-submission" ,
"timestamp" : "1524596183" ,
"to_ids" : false ,
"type" : "datetime" ,
"uuid" : "5adf7dd7-321c-48e8-b373-4da302de0b81" ,
"value" : "2018-02-05T22:41:32"
} ,
{
"category" : "External analysis" ,
"comment" : "Delphi backdoor" ,
"deleted" : false ,
"disable_correlation" : false ,
"object_relation" : "permalink" ,
"timestamp" : "1524596184" ,
"to_ids" : false ,
"type" : "link" ,
"uuid" : "5adf7dd8-e4ac-46d4-9d72-489f02de0b81" ,
"value" : "https://www.virustotal.com/file/1d3970df043761627f2ac63a01550074a0ef137d408c0f029fecb1481b820f93/analysis/1517870492/"
} ,
{
"category" : "Other" ,
"comment" : "Delphi backdoor" ,
"deleted" : false ,
"disable_correlation" : true ,
"object_relation" : "detection-ratio" ,
"timestamp" : "1524596184" ,
"to_ids" : false ,
"type" : "text" ,
"uuid" : "5adf7dd8-a908-4f0f-aa33-445602de0b81" ,
"value" : "37/58"
}
]
} ,
{
"comment" : "" ,
"deleted" : false ,
"description" : "File object describing a file with meta-information" ,
"meta-category" : "file" ,
"name" : "file" ,
"template_uuid" : "688c46fb-5edb-40a3-8273-1af7923e2215" ,
"template_version" : "7" ,
"timestamp" : "1524596187" ,
"uuid" : "65124dbe-196c-434a-9bd3-3253323b7574" ,
"ObjectReference" : [
{
"comment" : "" ,
"object_uuid" : "65124dbe-196c-434a-9bd3-3253323b7574" ,
"referenced_uuid" : "a81445af-4351-4773-8a6e-db2ad43829d2" ,
"relationship_type" : "analysed-with" ,
"timestamp" : "1524596189" ,
"uuid" : "5adf7ddd-4628-4fe2-a19e-4c4602de0b81"
}
] ,
"Attribute" : [
{
"category" : "Payload delivery" ,
"comment" : "Delphi backdoor" ,
"deleted" : false ,
"disable_correlation" : false ,
"object_relation" : "md5" ,
"timestamp" : "1524596184" ,
"to_ids" : true ,
"type" : "md5" ,
"uuid" : "5adf7dd8-fa38-49b5-8944-470702de0b81" ,
"value" : "39a400477b3289a9b627c1b7fb4af463"
} ,
{
"category" : "Payload delivery" ,
"comment" : "Delphi backdoor" ,
"deleted" : false ,
"disable_correlation" : false ,
"object_relation" : "sha1" ,
"timestamp" : "1524596185" ,
"to_ids" : true ,
"type" : "sha1" ,
"uuid" : "5adf7dd9-2390-47e5-8d25-4dcf02de0b81" ,
"value" : "cdf9c24b86bc9a872035dcf3f53f380c904ed98b"
} ,
{
"category" : "Payload delivery" ,
"comment" : "Delphi backdoor" ,
"deleted" : false ,
"disable_correlation" : false ,
"object_relation" : "sha256" ,
"timestamp" : "1524596185" ,
"to_ids" : true ,
"type" : "sha256" ,
"uuid" : "5adf7dd9-a8c4-49ba-a384-4fcf02de0b81" ,
"value" : "ac9aea57da03206b1df12b5c012537c899bf5d67a5eb8113b4a4d99e0a0eb893"
}
]
} ,
{
"comment" : "" ,
"deleted" : false ,
"description" : "VirusTotal report" ,
"meta-category" : "misc" ,
"name" : "virustotal-report" ,
"template_uuid" : "d7dd0154-e04f-4c34-a2fb-79f3a3a52aa4" ,
"template_version" : "1" ,
"timestamp" : "1524596186" ,
"uuid" : "a81445af-4351-4773-8a6e-db2ad43829d2" ,
"Attribute" : [
{
"category" : "Other" ,
"comment" : "Delphi backdoor" ,
"deleted" : false ,
"disable_correlation" : false ,
"object_relation" : "last-submission" ,
"timestamp" : "1524596186" ,
"to_ids" : false ,
"type" : "datetime" ,
"uuid" : "5adf7dda-ce14-4a7d-83a9-450a02de0b81" ,
"value" : "2018-03-06T13:12:47"
} ,
{
"category" : "External analysis" ,
"comment" : "Delphi backdoor" ,
"deleted" : false ,
"disable_correlation" : false ,
"object_relation" : "permalink" ,
"timestamp" : "1524596186" ,
"to_ids" : false ,
"type" : "link" ,
"uuid" : "5adf7dda-11e8-4867-ae31-473f02de0b81" ,
"value" : "https://www.virustotal.com/file/ac9aea57da03206b1df12b5c012537c899bf5d67a5eb8113b4a4d99e0a0eb893/analysis/1520341967/"
} ,
{
"category" : "Other" ,
"comment" : "Delphi backdoor" ,
"deleted" : false ,
"disable_correlation" : true ,
"object_relation" : "detection-ratio" ,
"timestamp" : "1524596187" ,
"to_ids" : false ,
"type" : "text" ,
"uuid" : "5adf7ddb-7a5c-4814-8334-465502de0b81" ,
"value" : "31/67"
}
]
}
]
}
}