2023-04-21 13:25:09 +00:00
{
"Event" : {
"analysis" : "2" ,
"date" : "2017-02-03" ,
"extends_uuid" : "" ,
"info" : "OSINT - APT28 malicious NATO document" ,
"publish_timestamp" : "1525782504" ,
"published" : true ,
"threat_level_id" : "3" ,
"timestamp" : "1525782502" ,
"uuid" : "5af150f7-bd58-4f06-9228-89a8950d210f" ,
"Orgc" : {
"name" : "CIRCL" ,
"uuid" : "55f6ea5e-2c60-40e5-964f-47a8950d210f"
} ,
"Tag" : [
{
"colour" : "#0088cc" ,
2023-05-19 09:05:37 +00:00
"local" : "0" ,
"name" : "misp-galaxy:mitre-enterprise-attack-intrusion-set=\"APT28\"" ,
"relationship_type" : ""
2023-04-21 13:25:09 +00:00
} ,
{
"colour" : "#0088cc" ,
2023-05-19 09:05:37 +00:00
"local" : "0" ,
"name" : "misp-galaxy:microsoft-activity-group=\"STRONTIUM\"" ,
"relationship_type" : ""
2023-04-21 13:25:09 +00:00
} ,
{
"colour" : "#ffffff" ,
2023-05-19 09:05:37 +00:00
"local" : "0" ,
"name" : "tlp:white" ,
"relationship_type" : ""
2023-04-21 13:25:09 +00:00
} ,
{
"colour" : "#00223b" ,
2023-05-19 09:05:37 +00:00
"local" : "0" ,
"name" : "osint:source-type=\"blog-post\"" ,
"relationship_type" : ""
2023-04-21 13:25:09 +00:00
} ,
{
"colour" : "#3b7500" ,
2023-05-19 09:05:37 +00:00
"local" : "0" ,
"name" : "circl:incident-classification=\"malware\"" ,
"relationship_type" : ""
2023-04-21 13:25:09 +00:00
} ,
{
"colour" : "#12e000" ,
2023-05-19 09:05:37 +00:00
"local" : "0" ,
"name" : "misp-galaxy:threat-actor=\"Sofacy\"" ,
"relationship_type" : ""
2023-04-21 13:25:09 +00:00
} ,
{
"colour" : "#0088cc" ,
2023-05-19 09:05:37 +00:00
"local" : "0" ,
"name" : "misp-galaxy:mitre-mobile-attack-intrusion-set=\"APT28 - G0007\"" ,
"relationship_type" : ""
2023-04-21 13:25:09 +00:00
}
] ,
"Attribute" : [
{
"category" : "External analysis" ,
"comment" : "" ,
"deleted" : false ,
"disable_correlation" : false ,
"timestamp" : "1525782470" ,
"to_ids" : false ,
"type" : "link" ,
"uuid" : "5af1511a-333c-4fdd-9825-8a40950d210f" ,
"value" : "https://threatreconblog.com/2017/02/03/apt28-malicious-document/" ,
"Tag" : [
{
"colour" : "#00223b" ,
2023-05-19 09:05:37 +00:00
"local" : "0" ,
"name" : "osint:source-type=\"blog-post\"" ,
"relationship_type" : ""
2023-04-21 13:25:09 +00:00
} ,
{
"colour" : "#0026eb" ,
2023-05-19 09:05:37 +00:00
"local" : "0" ,
"name" : "estimative-language:confidence-in-analytic-judgment=\"moderate\"" ,
"relationship_type" : ""
2023-04-21 13:25:09 +00:00
}
]
} ,
{
"category" : "External analysis" ,
"comment" : "NATO Secretary meeting.doc" ,
"data" : " i V B O R w 0 K G g o A A A A N S U h E U g A A B A k A A A M H C A I A A A D U y J k o A A A B f G l D Q 1 B J Q 0 M g U H J v Z m l s Z Q A A K J F j Y G A q S S w o y G F h Y G D I z S s p C n J 3 U o i I j F J g v 8 P A z c D D I M R g x S C e m F x c 4 B g Q 4 M O A E 3 y 7 x s A I o i / r g s x K 8 / x 506 a 1 f P 4 W N q + Z c l Y l O r j 1 g Q F 3 S m p x M g M D I w e Q n Z x S n J w L Z O c A 2 T r J B U U l Q P Y M I F u 3 v K Q A x D 4 B Z I s U A R 0 I Z N 8 B s d M h 7 A 8 g d h K Y z c Q C V h M S 5 A x k S w D Z A k k Q t g a I n Q 5 h W 4 D Y y R m J K U C 2 B 8 g u i B v A g N P D R c H c w F L X k Y C 7 S Q a 5 O a U w O 0 C h x Z O a F x o M c g c Q y z B 4 M L g w K D C Y M x g w W D L o M j i W p F a U g B Q 65 x d U F m W m Z 5 Q o O A J D N l X B O T + 3 o L Q k t U h H w T M v W U 9 H w c j A 0 A C k D h R n E K M / B 4 F N Z x Q 7 j x D L X 8 j A Y K n M w M D c g x B L m s b A s H 0 P A 4 P E K Y S Y y j w G B n 5 r B o Z t 5 w o S i x L h D m f 8 x k K I X 5 x m b A R h 8 z g x M L D e + ///sxoDA/skBoa/E////73o//+/i4H2A+PsQA4AJHdp4IxrEg8AAAGeaVRYdFhNTDpjb20uYWRvYmUueG1wAAAAAAA8eDp4bXBtZXRhIHhtbG5zOng9ImFkb2JlOm5zOm1ldGEvIiB4OnhtcHRrPSJYTVAgQ29yZSA1LjQuMCI+CiAgIDxyZGY6UkRGIHhtbG5zOnJkZj0iaHR0cDovL3d3dy53My5vcmcvMTk5OS8wMi8yMi1yZGYtc3ludGF4LW5zIyI+CiAgICAgIDxyZGY6RGVzY3JpcHRpb24gcmRmOmFib3V0PSIiCiAgICAgICAgICAgIHhtbG5zOmV4aWY9Imh0dHA6Ly9ucy5hZG9iZS5jb20vZXhpZi8xLjAvIj4KICAgICAgICAgPGV4aWY6UGl4ZWxYRGltZW5zaW9uPjEwMzM8L2V4aWY6UGl4ZWxYRGltZW5zaW9uPgogICAgICAgICA8ZXhpZjpQaXhlbFlEaW1lbnNpb24+Nzc1PC9leGlmOlBpeGVsWURpbWVuc2lvbj4KICAgICAgPC9yZGY6RGVzY3JpcHRpb24+CiAgIDwvcmRmOlJERj4KPC94OnhtcG1ldGE+CnnoY4AAB2CESURBVHja7N13tCRneS76usv2ufcs+5IXHGyDbRzAJvmAAWOTjRBgMDmDyRkBigjJBCHARgIJIZQ1ykgwSqM4I43SKEckgcLkmT1hzw4dK3z5fZ/7x1fdu/fWyL73rONrCT2/VSxGvburq6urq97n+76qKs4857xbbr9n6/bZdZu2rdu4be3GqbUbt27Ysm3j1m0bt05NThu2bB1PG7dObZraxokTJ06cOHHixIkTp0fItKR6f8i07YH1mx9Yv2XT1ukH129du3Fq89SuDVt2rNu4bd3GbRu27Lj8imuLc5av2LhlJwABERERERH9xvICl5Arfx09qIACCbjtzl8Vp5x+9v3rNgfBsInGwwTULkUgceLEiRMnTpw4ceLE6TdoarzUThLgBUGQAJ8QFAIEweprbixOXHbG2g1bMfpDUARBxH8wcc1y4sSJEydOnDhx4vSImv7DAt4n+IQEuAgX4RNqm1yEAgJcfd1NxQknn7Z+49bcszA55TcY/1sWv7Fw4sSJEydOnDhx4sTpETYtqdsnHxQgKST3EiSEiBBhvYTYDiu67vpbihNOOnX9xs2T2UAnpkn6kGFJnDhx4sSJEydOnDhxekRNeEgx/9CqHoAqUj73QCAKAGuuv6U44aRTJrKBClShunQORERERET0G0EBQAWSAIUItM0GNxcnnHjK+o2bsBAMcj8DswERERER0W9iMPh3ssHxJy4bZQOMsgH7DYiIiIiIfnPjAbMBERERERH9f8gG0p6NwGxARERERPSYyga3FMefcPI4G2jOBpqYDYiIiIiIHlvZ4IZbiuOOf0g2ALMBERERERGzAbMBEREREdFjMxsce/xJHFNERERERPQYzwbX33BLcdwJJ6/fMD4XWQSJ5yITERERET0Ws8FJy05bt2FjzgZRYtSoi26xTEREREREj41scPKy09etn8gGwmxARERERPQYzQanMRsQERERETEbMBsQERERETEbMBsQERERETEbMBsQERERETEbMBsQERERETEbMBsQERERETEb/EfZQJkNiIiIiIiYDdhvQERERETEbLCQDVKUpAwGRERERESP0WywYZwNJIowGRARERERPTazwakT/QYaRZkNiIiIiIiYDZgNiIiIiIiYDZgNiIiIiIiYDZgNiIiIiIiYDZgNiIiIiIiYDZgNiIiIiIiYDZgNiIiIiIiYDZgNiIiIiIiYDZgNiIiIiIiYDZgNiIiIiIiYDXafDU5adsq6DeNsgCTQ9vlERERERPRYygYnnrxs3YZNORskRVJmAyIiIiKix2g2OIXZgIiIiIiI2YDZgIiIiIiI2YDZgIiIiIiI2YDZgIiIiIiI2YDZgIiIiIiI2YDZgIiIiIiI2YDZgIiIiIiI2YDZgIiIiIiImA2IiIiIiIjZgIiIiIiImA2IiIiIiIjZgIiIiIiImA2IiIiIiIjZgIiIiIiImA2IiIiIiIjZgIiIiIiImA2IiIiIiIjZgIiIiIiImA2IiIiIiIjZgIiIiIiImA2IiIiIiIjZgIiIiIiImA2IiIiIiIjZgIiIiIiImA2IiIiIiIjZgIiIiIiImA2IiIiIiIjZgIiIiIiImA2IiIiIiIjZgIiIiIiImA2IiIiIiOi/MBssW7dhY5sNhNmAiIiIiOixmg1OXnbqxk1bcjYQQBSizAZERERERI+9bLDslNM2bZnK2UBH8YDZgIiIiIjoMZcNTmY2ICIiIiJiNmA2ICIiIiJiNmA2ICIiIiJiNmA2ICIiIiJiNmA2ICIiIiJiNmA2ICIiIiJiNmA2ICIiIiIiZgMiIiIiImI2ICIiIiIiZgMiIiIiImI2ICIiIiIiZgMiIiIiImI2ICIiIiIiZgMiIiIiImI2ICIiIiIiZgMiIiIiImI2ICIiIiIiZgMiIiIiImI2ICIiIiIiZgMiIiIiImI2ICIiIiIiZgMiIiIiImI2ICIiIiIiZgMiIiIiImI2ICIiIiIiZgMiIiIiImI2ICIiIiIiZgMiIiIiImI2ICIiIiIiZgMiIiIiIvovygbLmA2IiIiIiJgN2G9ARERERMRsMMoGy07duHnrQjZQJFFmAyIiIiKix1w2OGnZqRs3b1maDRgOiIiIiIiYDdhvQERERETEbMBsQERERETEbMBsQERERETEbMBsQERERETEbMBsQERERETEbMBsQERERETEbMBsQERERETEbMBsQERERETEbMBs8F/yBejoa4AqRJHaVT7xp9FzFUhon5Aw+jYUqkgKaWcokzNMigik8UPtDPUhkyxZGEj7mIzeVB9+2QXjxX6YpzzcH5YsgkAFsvBZJpZD8ZBFWfL6h10MIiIiImI2eFQEAwESUoJTF+AEFvBAhAIREhATGo/SekEUNMF3fT2HVAMChQvJq09wAp+soAECkPKMJcEm1ALbPvQw9XhbcVtVE/P3HQEPeGhEUBjAKOJCma9taBBAIIAHHOBzaT4RCASaoLIQWFTz/xLayDJ+/wgEwCN6uIjQvkF+NAIJCfCABRqkMpokkp8gFgh5hXrRWtQgRwsiIiIiYjZ4NK39UfkbI4zUDlXAMKFUtRAgIFqEiNKgV9kAG7XvzM6mvwWuC00QGJuMNgFVgol1wgBwQIQIPILHMKCbUAJhUeeALE4FOQoMVYceCSK5BEcD8bCKUlEqnIyzgQA6ru8TYIAaMEBQiOYEALTdAKq6uDF/suaPC6kgv6kzaDysQto04NpPFIAGqIA+4qwbhJhyKpEKsHnuTdJ+0nK3vRxERERExGzwyCYQD0QASHABQysdEzouVClCEyRCEkSRFDZUCX2gK2FGfAfR5UI/wDr0E5q2fDZAgA+oY91g3mNOMFjIBkumcYu9BWqgARKCT3WKFVAhORjBABj+O9lA26I99y2MA8dkd4FAE6BLugviRI+DByy0hq1Ru8lsYDVnAw9UwADoI/XURJ
"deleted" : false ,
"disable_correlation" : false ,
"timestamp" : "1525782018" ,
"to_ids" : false ,
"type" : "attachment" ,
"uuid" : "5af156a0-9630-4c40-b48a-86a0950d210f" ,
"value" : "screen1.png"
} ,
{
"category" : "External analysis" ,
"comment" : "" ,
"deleted" : false ,
"disable_correlation" : false ,
"timestamp" : "1525782471" ,
"to_ids" : false ,
"type" : "link" ,
"uuid" : "5af156c5-dac4-4740-8470-8a10950d210f" ,
"value" : "http://malware.prevenity.com/2017/01/ataki-na-instytucje-rzadowe-grudzien.html" ,
"Tag" : [
{
"colour" : "#00223b" ,
2023-05-19 09:05:37 +00:00
"local" : "0" ,
"name" : "osint:source-type=\"blog-post\"" ,
"relationship_type" : ""
2023-04-21 13:25:09 +00:00
} ,
{
"colour" : "#0026eb" ,
2023-05-19 09:05:37 +00:00
"local" : "0" ,
"name" : "estimative-language:confidence-in-analytic-judgment=\"moderate\"" ,
"relationship_type" : ""
2023-04-21 13:25:09 +00:00
}
]
} ,
{
"category" : "External analysis" ,
"comment" : "" ,
"deleted" : false ,
"disable_correlation" : false ,
"timestamp" : "1525782017" ,
"to_ids" : false ,
"type" : "text" ,
"uuid" : "5af156d8-c22c-4488-9446-bc7c950d210f" ,
"value" : "In our quest to track criminals and expose their misconduct, we regularly monitor the threat actor that goes by the name APT28, Fancy Bear, STRONTIUM, Pawn Storm, Sednit. Granted some of these names are toolsets used by the criminals a name for a group. If tomorrow, they\u00e2\u20ac\u2122d come to use different toolsets these names would have no real meaning. I\u00e2\u20ac\u2122d prefer to use the term APT28 because it is easier than making up ours, and there are enough already. Sofacy/Sednit are the toolsets used by APT28 among others such as XAgent." ,
"Tag" : [
{
"colour" : "#00223b" ,
2023-05-19 09:05:37 +00:00
"local" : "0" ,
"name" : "osint:source-type=\"blog-post\"" ,
"relationship_type" : ""
2023-04-21 13:25:09 +00:00
}
]
} ,
{
"category" : "Payload delivery" ,
"comment" : "" ,
"deleted" : false ,
"disable_correlation" : false ,
"timestamp" : "1525782021" ,
"to_ids" : true ,
"type" : "hostname" ,
"uuid" : "5af16243-724c-44a5-b3eb-89b8950d210f" ,
"value" : "ulli_neu80.mail.com"
} ,
{
"category" : "Payload delivery" ,
"comment" : "" ,
"deleted" : false ,
"disable_correlation" : false ,
"timestamp" : "1525782020" ,
"to_ids" : true ,
"type" : "email-src" ,
"uuid" : "5af16244-2650-4b7a-95b3-89b8950d210f" ,
"value" : "ulli_neu80@mail.com"
} ,
{
"category" : "Payload delivery" ,
"comment" : "" ,
"deleted" : false ,
"disable_correlation" : false ,
"timestamp" : "1525782020" ,
"to_ids" : true ,
"type" : "hostname" ,
"uuid" : "5af16245-58cc-4991-9b0e-89b8950d210f" ,
"value" : "wee7_nim.centrum.cz"
} ,
{
"category" : "Payload delivery" ,
"comment" : "" ,
"deleted" : false ,
"disable_correlation" : false ,
"timestamp" : "1525782019" ,
"to_ids" : true ,
"type" : "email-src" ,
"uuid" : "5af16246-2858-4dba-b44f-89b8950d210f" ,
"value" : "wee7_nim@centrum.cz"
} ,
{
"category" : "Network activity" ,
"comment" : "" ,
"deleted" : false ,
"disable_correlation" : false ,
"timestamp" : "1525782019" ,
"to_ids" : true ,
"type" : "hostname" ,
"uuid" : "5af16247-9004-4e6c-a4dc-89b8950d210f" ,
"value" : "info.bacloud.com"
} ,
{
"category" : "Payload delivery" ,
"comment" : "" ,
"deleted" : false ,
"disable_correlation" : false ,
"timestamp" : "1525782019" ,
"to_ids" : true ,
"type" : "email-src" ,
"uuid" : "5af16248-7084-4076-a2fe-89b8950d210f" ,
"value" : "olavi_nieminen@suomi24.fi"
} ,
{
"category" : "Network activity" ,
"comment" : "" ,
"deleted" : false ,
"disable_correlation" : false ,
"timestamp" : "1525782022" ,
"to_ids" : true ,
"type" : "domain" ,
"uuid" : "5af16af4-09fc-4123-80dc-4e9d950d210f" ,
"value" : "lxwo.org"
} ,
{
"category" : "Network activity" ,
"comment" : "" ,
"deleted" : false ,
"disable_correlation" : false ,
"timestamp" : "1525782022" ,
"to_ids" : true ,
"type" : "hostname" ,
"uuid" : "5af16af5-97fc-4555-a7bc-4f62950d210f" ,
"value" : "mail.lxwo.org"
} ,
{
"category" : "Payload delivery" ,
"comment" : "" ,
"deleted" : false ,
"disable_correlation" : false ,
"timestamp" : "1525782021" ,
"to_ids" : true ,
"type" : "email-src" ,
"uuid" : "5af16af5-bd34-482f-a3d7-4cec950d210f" ,
"value" : "ter_bafian@centrum.cz"
} ,
{
"category" : "Network activity" ,
"comment" : "" ,
"deleted" : false ,
"disable_correlation" : false ,
"timestamp" : "1525782022" ,
"to_ids" : true ,
"type" : "domain" ,
"uuid" : "5af16af5-fa40-45b4-acb6-472c950d210f" ,
"value" : "rolstug.com"
} ,
{
"category" : "Payload delivery" ,
"comment" : "" ,
"deleted" : false ,
"disable_correlation" : false ,
"timestamp" : "1525782023" ,
"to_ids" : true ,
"type" : "email-src" ,
"uuid" : "5af16af6-2e68-46b9-aed6-4e01950d210f" ,
"value" : "nemolin1@gmx.com"
}
] ,
"Object" : [
{
"comment" : "" ,
"deleted" : false ,
"description" : "File object describing a file with meta-information" ,
"meta-category" : "file" ,
"name" : "file" ,
"template_uuid" : "688c46fb-5edb-40a3-8273-1af7923e2215" ,
"template_version" : "11" ,
"timestamp" : "1525766118" ,
"uuid" : "5af15388-01e8-4295-a1a9-869f950d210f" ,
"ObjectReference" : [
{
"comment" : "" ,
"object_uuid" : "5af15388-01e8-4295-a1a9-869f950d210f" ,
"referenced_uuid" : "5af15557-07bc-460e-a2f5-8a40950d210f" ,
"relationship_type" : "related-to" ,
"timestamp" : "1525765520" ,
"uuid" : "5af15590-9e4c-4663-b0f8-bc7c950d210f"
}
] ,
"Attribute" : [
{
"category" : "Payload delivery" ,
"comment" : "" ,
"deleted" : false ,
"disable_correlation" : true ,
"object_relation" : "filename" ,
"timestamp" : "1525766115" ,
"to_ids" : true ,
"type" : "filename" ,
"uuid" : "5af15389-8e98-423c-9c74-869f950d210f" ,
"value" : "NATO Secretary meeting.doc"
} ,
{
"category" : "Other" ,
"comment" : "" ,
"deleted" : false ,
"disable_correlation" : true ,
"object_relation" : "state" ,
"timestamp" : "1525766115" ,
"to_ids" : false ,
"type" : "text" ,
"uuid" : "5af15389-83e0-48ee-afbf-869f950d210f" ,
"value" : "Malicious"
} ,
{
"category" : "Payload delivery" ,
"comment" : "" ,
"deleted" : false ,
"disable_correlation" : false ,
"object_relation" : "md5" ,
"timestamp" : "1525766115" ,
"to_ids" : true ,
"type" : "md5" ,
"uuid" : "5af157e3-5784-42af-85a2-8a10950d210f" ,
"value" : "9fe3a0fb3304d749aeed2c3e2e5787eb"
}
]
} ,
{
"comment" : "" ,
"deleted" : false ,
"description" : "A domain and IP address seen as a tuple in a specific time frame." ,
"meta-category" : "network" ,
"name" : "domain-ip" ,
"template_uuid" : "43b3b146-77eb-4931-b4cc-b66c60f28734" ,
"template_version" : "5" ,
"timestamp" : "1525769677" ,
"uuid" : "5af15557-07bc-460e-a2f5-8a40950d210f" ,
"ObjectReference" : [
{
"comment" : "" ,
"object_uuid" : "5af15557-07bc-460e-a2f5-8a40950d210f" ,
"referenced_uuid" : "5af16243-724c-44a5-b3eb-89b8950d210f" ,
"relationship_type" : "related-to" ,
"timestamp" : "1525769664" ,
"uuid" : "5af165c0-038c-4c9f-9877-d121950d210f"
} ,
{
"comment" : "" ,
"object_uuid" : "5af15557-07bc-460e-a2f5-8a40950d210f" ,
"referenced_uuid" : "5af16244-2650-4b7a-95b3-89b8950d210f" ,
"relationship_type" : "related-to" ,
"timestamp" : "1525769673" ,
"uuid" : "5af165c9-c3e4-4641-bae7-869f950d210f"
}
] ,
"Attribute" : [
{
"category" : "Network activity" ,
"comment" : "" ,
"deleted" : false ,
"disable_correlation" : false ,
"object_relation" : "ip" ,
"timestamp" : "1525765463" ,
"to_ids" : true ,
"type" : "ip-dst" ,
"uuid" : "5af15557-7ee8-44e1-887d-8a40950d210f" ,
"value" : "86.106.131.43"
} ,
{
"category" : "Network activity" ,
"comment" : "" ,
"deleted" : false ,
"disable_correlation" : false ,
"object_relation" : "domain" ,
"timestamp" : "1525765464" ,
"to_ids" : true ,
"type" : "domain" ,
"uuid" : "5af15558-049c-47fe-bfcf-8a40950d210f" ,
"value" : "miropc.org"
}
]
} ,
{
"comment" : "" ,
"deleted" : false ,
"description" : "File object describing a file with meta-information" ,
"meta-category" : "file" ,
"name" : "file" ,
"template_uuid" : "688c46fb-5edb-40a3-8273-1af7923e2215" ,
"template_version" : "11" ,
"timestamp" : "1525767998" ,
"uuid" : "5af15f3e-209c-41ad-b60a-865b950d210f" ,
"Attribute" : [
{
"category" : "Payload delivery" ,
"comment" : "" ,
"deleted" : false ,
"disable_correlation" : false ,
"object_relation" : "md5" ,
"timestamp" : "1525767998" ,
"to_ids" : true ,
"type" : "md5" ,
"uuid" : "5af15f3e-9988-478a-8a55-865b950d210f" ,
"value" : "58d7585cc7decec9cf046aa0d8ffcc4d"
} ,
{
"category" : "Payload delivery" ,
"comment" : "" ,
"deleted" : false ,
"disable_correlation" : true ,
"object_relation" : "filename" ,
"timestamp" : "1525767998" ,
"to_ids" : true ,
"type" : "filename" ,
"uuid" : "5af15f3e-ba28-4ec6-9600-865b950d210f" ,
"value" : "prtray.dll"
} ,
{
"category" : "Other" ,
"comment" : "" ,
"deleted" : false ,
"disable_correlation" : true ,
"object_relation" : "state" ,
"timestamp" : "1525767998" ,
"to_ids" : false ,
"type" : "text" ,
"uuid" : "5af15f3e-1f84-4889-b5c7-865b950d210f" ,
"value" : "Malicious"
}
]
} ,
{
"comment" : "" ,
"deleted" : false ,
"description" : "A domain and IP address seen as a tuple in a specific time frame." ,
"meta-category" : "network" ,
"name" : "domain-ip" ,
"template_uuid" : "43b3b146-77eb-4931-b4cc-b66c60f28734" ,
"template_version" : "5" ,
"timestamp" : "1525769705" ,
"uuid" : "5af16169-1004-4119-afde-d122950d210f" ,
"ObjectReference" : [
{
"comment" : "" ,
"object_uuid" : "5af16169-1004-4119-afde-d122950d210f" ,
"referenced_uuid" : "5af16246-2858-4dba-b44f-89b8950d210f" ,
"relationship_type" : "related-to" ,
"timestamp" : "1525769690" ,
"uuid" : "5af165da-6c48-4583-9926-869f950d210f"
} ,
{
"comment" : "" ,
"object_uuid" : "5af16169-1004-4119-afde-d122950d210f" ,
"referenced_uuid" : "5af16245-58cc-4991-9b0e-89b8950d210f" ,
"relationship_type" : "related-to" ,
"timestamp" : "1525769702" ,
"uuid" : "5af165e6-4654-4a42-9e1f-bc7c950d210f"
}
] ,
"Attribute" : [
{
"category" : "Network activity" ,
"comment" : "" ,
"deleted" : false ,
"disable_correlation" : false ,
"object_relation" : "ip" ,
"timestamp" : "1525768553" ,
"to_ids" : true ,
"type" : "ip-dst" ,
"uuid" : "5af16169-a764-41e7-a0cc-d122950d210f" ,
"value" : "89.42.212.141"
} ,
{
"category" : "Network activity" ,
"comment" : "" ,
"deleted" : false ,
"disable_correlation" : false ,
"object_relation" : "domain" ,
"timestamp" : "1525768553" ,
"to_ids" : true ,
"type" : "domain" ,
"uuid" : "5af16169-f328-422e-a30b-d122950d210f" ,
"value" : "gtranm.com"
}
]
} ,
{
"comment" : "" ,
"deleted" : false ,
"description" : "A domain and IP address seen as a tuple in a specific time frame." ,
"meta-category" : "network" ,
"name" : "domain-ip" ,
"template_uuid" : "43b3b146-77eb-4931-b4cc-b66c60f28734" ,
"template_version" : "5" ,
"timestamp" : "1525770653" ,
"uuid" : "5af1617f-d9b8-4ccf-b74a-c50b950d210f" ,
"ObjectReference" : [
{
"comment" : "" ,
"object_uuid" : "5af1617f-d9b8-4ccf-b74a-c50b950d210f" ,
"referenced_uuid" : "5af16248-7084-4076-a2fe-89b8950d210f" ,
"relationship_type" : "related-to" ,
"timestamp" : "1525769484" ,
"uuid" : "5af1650c-0ba4-438c-955c-429b950d210f"
} ,
{
"comment" : "" ,
"object_uuid" : "5af1617f-d9b8-4ccf-b74a-c50b950d210f" ,
"referenced_uuid" : "5af16247-9004-4e6c-a4dc-89b8950d210f" ,
"relationship_type" : "related-to" ,
"timestamp" : "1525769494" ,
"uuid" : "5af16516-06d8-4fe4-9b32-d121950d210f"
}
] ,
"Attribute" : [
{
"category" : "Network activity" ,
"comment" : "" ,
"deleted" : false ,
"disable_correlation" : false ,
"object_relation" : "ip" ,
"timestamp" : "1525770650" ,
"to_ids" : true ,
"type" : "ip-dst" ,
"uuid" : "5af1617f-e130-4713-925b-c50b950d210f" ,
"value" : "94.177.12.74"
} ,
{
"category" : "Network activity" ,
"comment" : "" ,
"deleted" : false ,
"disable_correlation" : false ,
"object_relation" : "domain" ,
"timestamp" : "1525770650" ,
"to_ids" : true ,
"type" : "domain" ,
"uuid" : "5af1617f-c4e0-4ac5-90f0-c50b950d210f" ,
"value" : "zpfgr.com"
} ,
{
"category" : "Network activity" ,
"comment" : "" ,
"deleted" : false ,
"disable_correlation" : false ,
"object_relation" : "ip" ,
"timestamp" : "1525770650" ,
"to_ids" : true ,
"type" : "ip-dst" ,
"uuid" : "5af16982-df88-4e80-835f-bcf3950d210f" ,
"value" : "91.216.163.80"
} ,
{
"category" : "Network activity" ,
"comment" : "" ,
"deleted" : false ,
"disable_correlation" : false ,
"object_relation" : "ip" ,
"timestamp" : "1525770651" ,
"to_ids" : true ,
"type" : "ip-dst" ,
"uuid" : "5af1699b-dcf0-4679-99a9-4a9f950d210f" ,
"value" : "185.86.149.54"
}
]
} ,
{
"comment" : "" ,
"deleted" : false ,
"description" : "File object describing a file with meta-information" ,
"meta-category" : "file" ,
"name" : "file" ,
"template_uuid" : "688c46fb-5edb-40a3-8273-1af7923e2215" ,
"template_version" : "7" ,
"timestamp" : "1525782026" ,
"uuid" : "7a42f9fb-8627-4774-b30c-6e1c6bd191ab" ,
"ObjectReference" : [
{
"comment" : "" ,
"object_uuid" : "7a42f9fb-8627-4774-b30c-6e1c6bd191ab" ,
"referenced_uuid" : "0872ca3b-4554-460d-9ee7-a6c35c63275f" ,
"relationship_type" : "analysed-with" ,
"timestamp" : "1525782026" ,
"uuid" : "5af1960a-7924-44c6-ac88-4cb202de0b81"
}
] ,
"Attribute" : [
{
"category" : "Payload delivery" ,
"comment" : "" ,
"deleted" : false ,
"disable_correlation" : false ,
"object_relation" : "md5" ,
"timestamp" : "1525782023" ,
"to_ids" : true ,
"type" : "md5" ,
"uuid" : "5af19607-7210-4c36-be2b-4ab802de0b81" ,
"value" : "9fe3a0fb3304d749aeed2c3e2e5787eb"
} ,
{
"category" : "Payload delivery" ,
"comment" : "" ,
"deleted" : false ,
"disable_correlation" : false ,
"object_relation" : "sha1" ,
"timestamp" : "1525782024" ,
"to_ids" : true ,
"type" : "sha1" ,
"uuid" : "5af19608-4ad0-41a4-a6f7-42ce02de0b81" ,
"value" : "9001f4cfe62367a282efc08b072a13a5e2e403db"
} ,
{
"category" : "Payload delivery" ,
"comment" : "" ,
"deleted" : false ,
"disable_correlation" : false ,
"object_relation" : "sha256" ,
"timestamp" : "1525782024" ,
"to_ids" : true ,
"type" : "sha256" ,
"uuid" : "5af19608-eb44-4b82-ac8e-44b302de0b81" ,
"value" : "ffd5bd7548ab35c97841c31cf83ad2ea5ec02c741560317fc9602a49ce36a763"
}
]
} ,
{
"comment" : "" ,
"deleted" : false ,
"description" : "VirusTotal report" ,
"meta-category" : "misc" ,
"name" : "virustotal-report" ,
"template_uuid" : "d7dd0154-e04f-4c34-a2fb-79f3a3a52aa4" ,
"template_version" : "1" ,
"timestamp" : "1525782025" ,
"uuid" : "0872ca3b-4554-460d-9ee7-a6c35c63275f" ,
"Attribute" : [
{
"category" : "Other" ,
"comment" : "" ,
"deleted" : false ,
"disable_correlation" : false ,
"object_relation" : "last-submission" ,
"timestamp" : "1525782025" ,
"to_ids" : false ,
"type" : "datetime" ,
"uuid" : "5af19609-132c-4341-8984-4f3002de0b81" ,
"value" : "2018-03-01T10:40:02"
} ,
{
"category" : "Other" ,
"comment" : "" ,
"deleted" : false ,
"disable_correlation" : true ,
"object_relation" : "detection-ratio" ,
"timestamp" : "1525782025" ,
"to_ids" : false ,
"type" : "text" ,
"uuid" : "5af19609-8000-4f84-b71c-426f02de0b81" ,
"value" : "30/58"
} ,
{
"category" : "External analysis" ,
"comment" : "" ,
"deleted" : false ,
"disable_correlation" : false ,
"object_relation" : "permalink" ,
"timestamp" : "1525782025" ,
"to_ids" : false ,
"type" : "link" ,
"uuid" : "5af19609-de80-4ba9-936c-425902de0b81" ,
"value" : "https://www.virustotal.com/file/ffd5bd7548ab35c97841c31cf83ad2ea5ec02c741560317fc9602a49ce36a763/analysis/1519900802/"
}
]
}
]
}
}