misp-circl-feed/feeds/circl/misp/5af150f7-bd58-4f06-9228-89a8950d210f.json

672 lines
652 KiB
JSON
Raw Normal View History

2023-04-21 13:25:09 +00:00
{
"Event": {
"analysis": "2",
"date": "2017-02-03",
"extends_uuid": "",
"info": "OSINT - APT28 malicious NATO document",
"publish_timestamp": "1525782504",
"published": true,
"threat_level_id": "3",
"timestamp": "1525782502",
"uuid": "5af150f7-bd58-4f06-9228-89a8950d210f",
"Orgc": {
"name": "CIRCL",
"uuid": "55f6ea5e-2c60-40e5-964f-47a8950d210f"
},
"Tag": [
{
"colour": "#0088cc",
2023-05-19 09:05:37 +00:00
"local": "0",
"name": "misp-galaxy:mitre-enterprise-attack-intrusion-set=\"APT28\"",
"relationship_type": ""
2023-04-21 13:25:09 +00:00
},
{
"colour": "#0088cc",
2023-05-19 09:05:37 +00:00
"local": "0",
"name": "misp-galaxy:microsoft-activity-group=\"STRONTIUM\"",
"relationship_type": ""
2023-04-21 13:25:09 +00:00
},
{
"colour": "#ffffff",
2023-05-19 09:05:37 +00:00
"local": "0",
"name": "tlp:white",
"relationship_type": ""
2023-04-21 13:25:09 +00:00
},
{
"colour": "#00223b",
2023-05-19 09:05:37 +00:00
"local": "0",
"name": "osint:source-type=\"blog-post\"",
"relationship_type": ""
2023-04-21 13:25:09 +00:00
},
{
"colour": "#3b7500",
2023-05-19 09:05:37 +00:00
"local": "0",
"name": "circl:incident-classification=\"malware\"",
"relationship_type": ""
2023-04-21 13:25:09 +00:00
},
{
"colour": "#12e000",
2023-05-19 09:05:37 +00:00
"local": "0",
"name": "misp-galaxy:threat-actor=\"Sofacy\"",
"relationship_type": ""
2023-04-21 13:25:09 +00:00
},
{
"colour": "#0088cc",
2023-05-19 09:05:37 +00:00
"local": "0",
"name": "misp-galaxy:mitre-mobile-attack-intrusion-set=\"APT28 - G0007\"",
"relationship_type": ""
2023-04-21 13:25:09 +00:00
}
],
"Attribute": [
{
"category": "External analysis",
"comment": "",
"deleted": false,
"disable_correlation": false,
"timestamp": "1525782470",
"to_ids": false,
"type": "link",
"uuid": "5af1511a-333c-4fdd-9825-8a40950d210f",
"value": "https://threatreconblog.com/2017/02/03/apt28-malicious-document/",
"Tag": [
{
"colour": "#00223b",
2023-05-19 09:05:37 +00:00
"local": "0",
"name": "osint:source-type=\"blog-post\"",
"relationship_type": ""
2023-04-21 13:25:09 +00:00
},
{
"colour": "#0026eb",
2023-05-19 09:05:37 +00:00
"local": "0",
"name": "estimative-language:confidence-in-analytic-judgment=\"moderate\"",
"relationship_type": ""
2023-04-21 13:25:09 +00:00
}
]
},
{
"category": "External analysis",
"comment": "NATO Secretary meeting.doc",
"data": "iVBORw0KGgoAAAANSUhEUgAABAkAAAMHCAIAAADUyJkoAAABfGlDQ1BJQ0MgUHJvZmlsZQAAKJFjYGAqSSwoyGFhYGDIzSspCnJ3UoiIjFJgv8PAzcDDIMRgxSCemFxc4BgQ4MOAE3y7xsAIoi/rgsxK8/x506a1fP4WNq+ZclYlOrj1gQF3SmpxMgMDIweQnZxSnJwLZOcA2TrJBUUlQPYMIFu3vKQAxD4BZIsUAR0IZN8BsdMh7A8gdhKYzcQCVhMS5AxkSwDZAkkQtgaInQ5hW4DYyRmJKUC2B8guiBvAgNPDRcHcwFLXkYC7SQa5OaUwO0ChxZOaFxoMcgcQyzB4MLgwKDCYMxgwWDLoMjiWpFaUgBQ65xdUFmWmZ5QoOAJDNlXBOT+3oLQktUhHwTMvWU9HwcjA0ACkDhRnEKM/B4FNZxQ7jxDLX8jAYKnMwMDcgxBLmsbAsH0PA4PEKYSYyjwGBn5rBoZt5woSixLhDmf8xkKIX5xmbARh8zgxMLDe+///sxoDA/skBoa/E////73o//+/i4H2A+PsQA4AJHdp4IxrEg8AAAGeaVRYdFhNTDpjb20uYWRvYmUueG1wAAAAAAA8eDp4bXBtZXRhIHhtbG5zOng9ImFkb2JlOm5zOm1ldGEvIiB4OnhtcHRrPSJYTVAgQ29yZSA1LjQuMCI+CiAgIDxyZGY6UkRGIHhtbG5zOnJkZj0iaHR0cDovL3d3dy53My5vcmcvMTk5OS8wMi8yMi1yZGYtc3ludGF4LW5zIyI+CiAgICAgIDxyZGY6RGVzY3JpcHRpb24gcmRmOmFib3V0PSIiCiAgICAgICAgICAgIHhtbG5zOmV4aWY9Imh0dHA6Ly9ucy5hZG9iZS5jb20vZXhpZi8xLjAvIj4KICAgICAgICAgPGV4aWY6UGl4ZWxYRGltZW5zaW9uPjEwMzM8L2V4aWY6UGl4ZWxYRGltZW5zaW9uPgogICAgICAgICA8ZXhpZjpQaXhlbFlEaW1lbnNpb24+Nzc1PC9leGlmOlBpeGVsWURpbWVuc2lvbj4KICAgICAgPC9yZGY6RGVzY3JpcHRpb24+CiAgIDwvcmRmOlJERj4KPC94OnhtcG1ldGE+CnnoY4AAB2CESURBVHja7N13tCRneS76usv2ufcs+5IXHGyDbRzAJvmAAWOTjRBgMDmDyRkBigjJBCHARgIJIZQ1ykgwSqM4I43SKEckgcLkmT1hzw4dK3z5fZ/7x1fdu/fWyL73rONrCT2/VSxGvburq6urq97n+76qKs4857xbbr9n6/bZdZu2rdu4be3GqbUbt27Ysm3j1m0bt05NThu2bB1PG7dObZraxokTJ06cOHHixIkTp0fItKR6f8i07YH1mx9Yv2XT1ukH129du3Fq89SuDVt2rNu4bd3GbRu27Lj8imuLc5av2LhlJwABERERERH9xvICl5Arfx09qIACCbjtzl8Vp5x+9v3rNgfBsInGwwTULkUgceLEiRMnTpw4ceLE6TdoarzUThLgBUGQAJ8QFAIEweprbixOXHbG2g1bMfpDUARBxH8wcc1y4sSJEydOnDhx4vSImv7DAt4n+IQEuAgX4RNqm1yEAgJcfd1NxQknn7Z+49bcszA55TcY/1sWv7Fw4sSJEydOnDhx4sTpETYtqdsnHxQgKST3EiSEiBBhvYTYDiu67vpbihNOOnX9xs2T2UAnpkn6kGFJnDhx4sSJEydOnDhxekRNeEgx/9CqHoAqUj73QCAKAGuuv6U44aRTJrKBClShunQORERERET0G0EBQAWSAIUItM0GNxcnnHjK+o2bsBAMcj8DswERERER0W9iMPh3ssHxJy4bZQOMsgH7DYiIiIiIfnPjAbMBERERERH9f8gG0p6NwGxARERERPSYyga3FMefcPI4G2jOBpqYDYiIiIiIHlvZ4IZbiuOOf0g2ALMBERERERGzAbMBEREREdFjMxsce/xJHFNERERERPQYzwbX33BLcdwJJ6/fMD4XWQSJ5yITERERET0Ws8FJy05bt2FjzgZRYtSoi26xTEREREREj41scPKy09etn8gGwmxARERERPQYzQanMRsQERERETEbMBsQERERETEbMBsQERERETEbMBsQERERETEbMBsQERERETEbMBsQERERETEb/EfZQJkNiIiIiIiYDdhvQERERETEbLCQDVKUpAwGRERERESP0WywYZwNJIowGRARERERPTazwakT/QYaRZkNiIiIiIiYDZgNiIiIiIiYDZgNiIiIiIiYDZgNiIiIiIiYDZgNiIiIiIiYDZgNiIiIiIiYDZgNiIiIiIiYDZgNiIiIiIiYDZgNiIiIiIiYDZgNiIiIiIiYDXafDU5adsq6DeNsgCTQ9vlERERERPRYygYnnrxs3YZNORskRVJmAyIiIiKix2g2OIXZgIiIiIiI2YDZgIiIiIiI2YDZgIiIiIiI2YDZgIiIiIiI2YDZgIiIiIiI2YDZgIiIiIiI2YDZgIiIiIiI2YDZgIiIiIiImA2IiIiIiIjZgIiIiIiImA2IiIiIiIjZgIiIiIiImA2IiIiIiIjZgIiIiIiImA2IiIiIiIjZgIiIiIiImA2IiIiIiIjZgIiIiIiImA2IiIiIiIjZgIiIiIiImA2IiIiIiIjZgIiIiIiImA2IiIiIiIjZgIiIiIiImA2IiIiIiIjZgIiIiIiImA2IiIiIiIjZgIiIiIiImA2IiIiIiIjZgIiIiIiImA2IiIiIiOi/MBssW7dhY5sNhNmAiIiIiOixmg1OXnbqxk1bcjYQQBSizAZERERERI+9bLDslNM2bZnK2UBH8YDZgIiIiIjoMZcNTmY2ICIiIiJiNmA2ICIiIiJiNmA2ICIiIiJiNmA2ICIiIiJiNmA2ICIiIiJiNmA2ICIiIiJiNmA2ICIiIiIiZgMiIiIiImI2ICIiIiIiZgMiIiIiImI2ICIiIiIiZgMiIiIiImI2ICIiIiIiZgMiIiIiImI2ICIiIiIiZgMiIiIiImI2ICIiIiIiZgMiIiIiImI2ICIiIiIiZgMiIiIiImI2ICIiIiIiZgMiIiIiImI2ICIiIiIiZgMiIiIiImI2ICIiIiIiZgMiIiIiImI2ICIiIiIiZgMiIiIiImI2ICIiIiIiZgMiIiIiIvovygbLmA2IiIiIiJgN2G9ARERERMRsMMoGy07duHnrQjZQJFFmAyIiIiKix1w2OGnZqRs3b1maDRgOiIiIiIiYDdhvQERERETEbMBsQERERETEbMBsQERERETEbMBsQERERETEbMBsQERERETEbMBsQERERETEbMBsQERERETEbMBsQERERETEbMBs8F/yBejoa4AqRJHaVT7xp9FzFUhon5Aw+jYUqkgKaWcokzNMigik8UPtDPUhkyxZGEj7mIzeVB9+2QXjxX6YpzzcH5YsgkAFsvBZJpZD8ZBFWfL6h10MIiIiImI2eFQEAwESUoJTF+AEFvBAhAIREhATGo/SekEUNMF3fT2HVAMChQvJq09wAp+soAECkPKMJcEm1ALbPvQw9XhbcVtVE/P3HQEPeGhEUBjAKOJCma9taBBAIIAHHOBzaT4RCASaoLIQWFTz/xLayDJ+/wgEwCN6uIjQvkF+NAIJCfCABRqkMpokkp8gFgh5hXrRWtQgRwsiIiIiYjZ4NK39UfkbI4zUDlXAMKFUtRAgIFqEiNKgV9kAG7XvzM6mvwWuC00QGJuMNgFVgol1wgBwQIQIPILHMKCbUAJhUeeALE4FOQoMVYceCSK5BEcD8bCKUlEqnIyzgQA6ru8TYIAaMEBQiOYEALTdAKq6uDF/suaPC6kgv6kzaDysQto04NpPFIAGqIA+4qwbhJhyKpEKsHnuTdJ+0nK3vRxERERExGzwyCYQD0QASHABQysdEzouVClCEyRCEkSRFDZUCX2gK2FGfAfR5UI/wDr0E5q2fDZAgA+oY91g3mNOMFjIBkumcYu9BWqgARKCT3WKFVAhORjBABj+O9lA26I99y2MA8dkd4FAE6BLugviRI+DByy0hq1Ru8lsYDVnAw9UwADoI/XURJ
"deleted": false,
"disable_correlation": false,
"timestamp": "1525782018",
"to_ids": false,
"type": "attachment",
"uuid": "5af156a0-9630-4c40-b48a-86a0950d210f",
"value": "screen1.png"
},
{
"category": "External analysis",
"comment": "",
"deleted": false,
"disable_correlation": false,
"timestamp": "1525782471",
"to_ids": false,
"type": "link",
"uuid": "5af156c5-dac4-4740-8470-8a10950d210f",
"value": "http://malware.prevenity.com/2017/01/ataki-na-instytucje-rzadowe-grudzien.html",
"Tag": [
{
"colour": "#00223b",
2023-05-19 09:05:37 +00:00
"local": "0",
"name": "osint:source-type=\"blog-post\"",
"relationship_type": ""
2023-04-21 13:25:09 +00:00
},
{
"colour": "#0026eb",
2023-05-19 09:05:37 +00:00
"local": "0",
"name": "estimative-language:confidence-in-analytic-judgment=\"moderate\"",
"relationship_type": ""
2023-04-21 13:25:09 +00:00
}
]
},
{
"category": "External analysis",
"comment": "",
"deleted": false,
"disable_correlation": false,
"timestamp": "1525782017",
"to_ids": false,
"type": "text",
"uuid": "5af156d8-c22c-4488-9446-bc7c950d210f",
"value": "In our quest to track criminals and expose their misconduct, we regularly monitor the threat actor that goes by the name APT28, Fancy Bear, STRONTIUM, Pawn Storm, Sednit. Granted some of these names are toolsets used by the criminals a name for a group. If tomorrow, they\u00e2\u20ac\u2122d come to use different toolsets these names would have no real meaning. I\u00e2\u20ac\u2122d prefer to use the term APT28 because it is easier than making up ours, and there are enough already. Sofacy/Sednit are the toolsets used by APT28 among others such as XAgent.",
"Tag": [
{
"colour": "#00223b",
2023-05-19 09:05:37 +00:00
"local": "0",
"name": "osint:source-type=\"blog-post\"",
"relationship_type": ""
2023-04-21 13:25:09 +00:00
}
]
},
{
"category": "Payload delivery",
"comment": "",
"deleted": false,
"disable_correlation": false,
"timestamp": "1525782021",
"to_ids": true,
"type": "hostname",
"uuid": "5af16243-724c-44a5-b3eb-89b8950d210f",
"value": "ulli_neu80.mail.com"
},
{
"category": "Payload delivery",
"comment": "",
"deleted": false,
"disable_correlation": false,
"timestamp": "1525782020",
"to_ids": true,
"type": "email-src",
"uuid": "5af16244-2650-4b7a-95b3-89b8950d210f",
"value": "ulli_neu80@mail.com"
},
{
"category": "Payload delivery",
"comment": "",
"deleted": false,
"disable_correlation": false,
"timestamp": "1525782020",
"to_ids": true,
"type": "hostname",
"uuid": "5af16245-58cc-4991-9b0e-89b8950d210f",
"value": "wee7_nim.centrum.cz"
},
{
"category": "Payload delivery",
"comment": "",
"deleted": false,
"disable_correlation": false,
"timestamp": "1525782019",
"to_ids": true,
"type": "email-src",
"uuid": "5af16246-2858-4dba-b44f-89b8950d210f",
"value": "wee7_nim@centrum.cz"
},
{
"category": "Network activity",
"comment": "",
"deleted": false,
"disable_correlation": false,
"timestamp": "1525782019",
"to_ids": true,
"type": "hostname",
"uuid": "5af16247-9004-4e6c-a4dc-89b8950d210f",
"value": "info.bacloud.com"
},
{
"category": "Payload delivery",
"comment": "",
"deleted": false,
"disable_correlation": false,
"timestamp": "1525782019",
"to_ids": true,
"type": "email-src",
"uuid": "5af16248-7084-4076-a2fe-89b8950d210f",
"value": "olavi_nieminen@suomi24.fi"
},
{
"category": "Network activity",
"comment": "",
"deleted": false,
"disable_correlation": false,
"timestamp": "1525782022",
"to_ids": true,
"type": "domain",
"uuid": "5af16af4-09fc-4123-80dc-4e9d950d210f",
"value": "lxwo.org"
},
{
"category": "Network activity",
"comment": "",
"deleted": false,
"disable_correlation": false,
"timestamp": "1525782022",
"to_ids": true,
"type": "hostname",
"uuid": "5af16af5-97fc-4555-a7bc-4f62950d210f",
"value": "mail.lxwo.org"
},
{
"category": "Payload delivery",
"comment": "",
"deleted": false,
"disable_correlation": false,
"timestamp": "1525782021",
"to_ids": true,
"type": "email-src",
"uuid": "5af16af5-bd34-482f-a3d7-4cec950d210f",
"value": "ter_bafian@centrum.cz"
},
{
"category": "Network activity",
"comment": "",
"deleted": false,
"disable_correlation": false,
"timestamp": "1525782022",
"to_ids": true,
"type": "domain",
"uuid": "5af16af5-fa40-45b4-acb6-472c950d210f",
"value": "rolstug.com"
},
{
"category": "Payload delivery",
"comment": "",
"deleted": false,
"disable_correlation": false,
"timestamp": "1525782023",
"to_ids": true,
"type": "email-src",
"uuid": "5af16af6-2e68-46b9-aed6-4e01950d210f",
"value": "nemolin1@gmx.com"
}
],
"Object": [
{
"comment": "",
"deleted": false,
"description": "File object describing a file with meta-information",
"meta-category": "file",
"name": "file",
"template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215",
"template_version": "11",
"timestamp": "1525766118",
"uuid": "5af15388-01e8-4295-a1a9-869f950d210f",
"ObjectReference": [
{
"comment": "",
"object_uuid": "5af15388-01e8-4295-a1a9-869f950d210f",
"referenced_uuid": "5af15557-07bc-460e-a2f5-8a40950d210f",
"relationship_type": "related-to",
"timestamp": "1525765520",
"uuid": "5af15590-9e4c-4663-b0f8-bc7c950d210f"
}
],
"Attribute": [
{
"category": "Payload delivery",
"comment": "",
"deleted": false,
"disable_correlation": true,
"object_relation": "filename",
"timestamp": "1525766115",
"to_ids": true,
"type": "filename",
"uuid": "5af15389-8e98-423c-9c74-869f950d210f",
"value": "NATO Secretary meeting.doc"
},
{
"category": "Other",
"comment": "",
"deleted": false,
"disable_correlation": true,
"object_relation": "state",
"timestamp": "1525766115",
"to_ids": false,
"type": "text",
"uuid": "5af15389-83e0-48ee-afbf-869f950d210f",
"value": "Malicious"
},
{
"category": "Payload delivery",
"comment": "",
"deleted": false,
"disable_correlation": false,
"object_relation": "md5",
"timestamp": "1525766115",
"to_ids": true,
"type": "md5",
"uuid": "5af157e3-5784-42af-85a2-8a10950d210f",
"value": "9fe3a0fb3304d749aeed2c3e2e5787eb"
}
]
},
{
"comment": "",
"deleted": false,
"description": "A domain and IP address seen as a tuple in a specific time frame.",
"meta-category": "network",
"name": "domain-ip",
"template_uuid": "43b3b146-77eb-4931-b4cc-b66c60f28734",
"template_version": "5",
"timestamp": "1525769677",
"uuid": "5af15557-07bc-460e-a2f5-8a40950d210f",
"ObjectReference": [
{
"comment": "",
"object_uuid": "5af15557-07bc-460e-a2f5-8a40950d210f",
"referenced_uuid": "5af16243-724c-44a5-b3eb-89b8950d210f",
"relationship_type": "related-to",
"timestamp": "1525769664",
"uuid": "5af165c0-038c-4c9f-9877-d121950d210f"
},
{
"comment": "",
"object_uuid": "5af15557-07bc-460e-a2f5-8a40950d210f",
"referenced_uuid": "5af16244-2650-4b7a-95b3-89b8950d210f",
"relationship_type": "related-to",
"timestamp": "1525769673",
"uuid": "5af165c9-c3e4-4641-bae7-869f950d210f"
}
],
"Attribute": [
{
"category": "Network activity",
"comment": "",
"deleted": false,
"disable_correlation": false,
"object_relation": "ip",
"timestamp": "1525765463",
"to_ids": true,
"type": "ip-dst",
"uuid": "5af15557-7ee8-44e1-887d-8a40950d210f",
"value": "86.106.131.43"
},
{
"category": "Network activity",
"comment": "",
"deleted": false,
"disable_correlation": false,
"object_relation": "domain",
"timestamp": "1525765464",
"to_ids": true,
"type": "domain",
"uuid": "5af15558-049c-47fe-bfcf-8a40950d210f",
"value": "miropc.org"
}
]
},
{
"comment": "",
"deleted": false,
"description": "File object describing a file with meta-information",
"meta-category": "file",
"name": "file",
"template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215",
"template_version": "11",
"timestamp": "1525767998",
"uuid": "5af15f3e-209c-41ad-b60a-865b950d210f",
"Attribute": [
{
"category": "Payload delivery",
"comment": "",
"deleted": false,
"disable_correlation": false,
"object_relation": "md5",
"timestamp": "1525767998",
"to_ids": true,
"type": "md5",
"uuid": "5af15f3e-9988-478a-8a55-865b950d210f",
"value": "58d7585cc7decec9cf046aa0d8ffcc4d"
},
{
"category": "Payload delivery",
"comment": "",
"deleted": false,
"disable_correlation": true,
"object_relation": "filename",
"timestamp": "1525767998",
"to_ids": true,
"type": "filename",
"uuid": "5af15f3e-ba28-4ec6-9600-865b950d210f",
"value": "prtray.dll"
},
{
"category": "Other",
"comment": "",
"deleted": false,
"disable_correlation": true,
"object_relation": "state",
"timestamp": "1525767998",
"to_ids": false,
"type": "text",
"uuid": "5af15f3e-1f84-4889-b5c7-865b950d210f",
"value": "Malicious"
}
]
},
{
"comment": "",
"deleted": false,
"description": "A domain and IP address seen as a tuple in a specific time frame.",
"meta-category": "network",
"name": "domain-ip",
"template_uuid": "43b3b146-77eb-4931-b4cc-b66c60f28734",
"template_version": "5",
"timestamp": "1525769705",
"uuid": "5af16169-1004-4119-afde-d122950d210f",
"ObjectReference": [
{
"comment": "",
"object_uuid": "5af16169-1004-4119-afde-d122950d210f",
"referenced_uuid": "5af16246-2858-4dba-b44f-89b8950d210f",
"relationship_type": "related-to",
"timestamp": "1525769690",
"uuid": "5af165da-6c48-4583-9926-869f950d210f"
},
{
"comment": "",
"object_uuid": "5af16169-1004-4119-afde-d122950d210f",
"referenced_uuid": "5af16245-58cc-4991-9b0e-89b8950d210f",
"relationship_type": "related-to",
"timestamp": "1525769702",
"uuid": "5af165e6-4654-4a42-9e1f-bc7c950d210f"
}
],
"Attribute": [
{
"category": "Network activity",
"comment": "",
"deleted": false,
"disable_correlation": false,
"object_relation": "ip",
"timestamp": "1525768553",
"to_ids": true,
"type": "ip-dst",
"uuid": "5af16169-a764-41e7-a0cc-d122950d210f",
"value": "89.42.212.141"
},
{
"category": "Network activity",
"comment": "",
"deleted": false,
"disable_correlation": false,
"object_relation": "domain",
"timestamp": "1525768553",
"to_ids": true,
"type": "domain",
"uuid": "5af16169-f328-422e-a30b-d122950d210f",
"value": "gtranm.com"
}
]
},
{
"comment": "",
"deleted": false,
"description": "A domain and IP address seen as a tuple in a specific time frame.",
"meta-category": "network",
"name": "domain-ip",
"template_uuid": "43b3b146-77eb-4931-b4cc-b66c60f28734",
"template_version": "5",
"timestamp": "1525770653",
"uuid": "5af1617f-d9b8-4ccf-b74a-c50b950d210f",
"ObjectReference": [
{
"comment": "",
"object_uuid": "5af1617f-d9b8-4ccf-b74a-c50b950d210f",
"referenced_uuid": "5af16248-7084-4076-a2fe-89b8950d210f",
"relationship_type": "related-to",
"timestamp": "1525769484",
"uuid": "5af1650c-0ba4-438c-955c-429b950d210f"
},
{
"comment": "",
"object_uuid": "5af1617f-d9b8-4ccf-b74a-c50b950d210f",
"referenced_uuid": "5af16247-9004-4e6c-a4dc-89b8950d210f",
"relationship_type": "related-to",
"timestamp": "1525769494",
"uuid": "5af16516-06d8-4fe4-9b32-d121950d210f"
}
],
"Attribute": [
{
"category": "Network activity",
"comment": "",
"deleted": false,
"disable_correlation": false,
"object_relation": "ip",
"timestamp": "1525770650",
"to_ids": true,
"type": "ip-dst",
"uuid": "5af1617f-e130-4713-925b-c50b950d210f",
"value": "94.177.12.74"
},
{
"category": "Network activity",
"comment": "",
"deleted": false,
"disable_correlation": false,
"object_relation": "domain",
"timestamp": "1525770650",
"to_ids": true,
"type": "domain",
"uuid": "5af1617f-c4e0-4ac5-90f0-c50b950d210f",
"value": "zpfgr.com"
},
{
"category": "Network activity",
"comment": "",
"deleted": false,
"disable_correlation": false,
"object_relation": "ip",
"timestamp": "1525770650",
"to_ids": true,
"type": "ip-dst",
"uuid": "5af16982-df88-4e80-835f-bcf3950d210f",
"value": "91.216.163.80"
},
{
"category": "Network activity",
"comment": "",
"deleted": false,
"disable_correlation": false,
"object_relation": "ip",
"timestamp": "1525770651",
"to_ids": true,
"type": "ip-dst",
"uuid": "5af1699b-dcf0-4679-99a9-4a9f950d210f",
"value": "185.86.149.54"
}
]
},
{
"comment": "",
"deleted": false,
"description": "File object describing a file with meta-information",
"meta-category": "file",
"name": "file",
"template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215",
"template_version": "7",
"timestamp": "1525782026",
"uuid": "7a42f9fb-8627-4774-b30c-6e1c6bd191ab",
"ObjectReference": [
{
"comment": "",
"object_uuid": "7a42f9fb-8627-4774-b30c-6e1c6bd191ab",
"referenced_uuid": "0872ca3b-4554-460d-9ee7-a6c35c63275f",
"relationship_type": "analysed-with",
"timestamp": "1525782026",
"uuid": "5af1960a-7924-44c6-ac88-4cb202de0b81"
}
],
"Attribute": [
{
"category": "Payload delivery",
"comment": "",
"deleted": false,
"disable_correlation": false,
"object_relation": "md5",
"timestamp": "1525782023",
"to_ids": true,
"type": "md5",
"uuid": "5af19607-7210-4c36-be2b-4ab802de0b81",
"value": "9fe3a0fb3304d749aeed2c3e2e5787eb"
},
{
"category": "Payload delivery",
"comment": "",
"deleted": false,
"disable_correlation": false,
"object_relation": "sha1",
"timestamp": "1525782024",
"to_ids": true,
"type": "sha1",
"uuid": "5af19608-4ad0-41a4-a6f7-42ce02de0b81",
"value": "9001f4cfe62367a282efc08b072a13a5e2e403db"
},
{
"category": "Payload delivery",
"comment": "",
"deleted": false,
"disable_correlation": false,
"object_relation": "sha256",
"timestamp": "1525782024",
"to_ids": true,
"type": "sha256",
"uuid": "5af19608-eb44-4b82-ac8e-44b302de0b81",
"value": "ffd5bd7548ab35c97841c31cf83ad2ea5ec02c741560317fc9602a49ce36a763"
}
]
},
{
"comment": "",
"deleted": false,
"description": "VirusTotal report",
"meta-category": "misc",
"name": "virustotal-report",
"template_uuid": "d7dd0154-e04f-4c34-a2fb-79f3a3a52aa4",
"template_version": "1",
"timestamp": "1525782025",
"uuid": "0872ca3b-4554-460d-9ee7-a6c35c63275f",
"Attribute": [
{
"category": "Other",
"comment": "",
"deleted": false,
"disable_correlation": false,
"object_relation": "last-submission",
"timestamp": "1525782025",
"to_ids": false,
"type": "datetime",
"uuid": "5af19609-132c-4341-8984-4f3002de0b81",
"value": "2018-03-01T10:40:02"
},
{
"category": "Other",
"comment": "",
"deleted": false,
"disable_correlation": true,
"object_relation": "detection-ratio",
"timestamp": "1525782025",
"to_ids": false,
"type": "text",
"uuid": "5af19609-8000-4f84-b71c-426f02de0b81",
"value": "30/58"
},
{
"category": "External analysis",
"comment": "",
"deleted": false,
"disable_correlation": false,
"object_relation": "permalink",
"timestamp": "1525782025",
"to_ids": false,
"type": "link",
"uuid": "5af19609-de80-4ba9-936c-425902de0b81",
"value": "https://www.virustotal.com/file/ffd5bd7548ab35c97841c31cf83ad2ea5ec02c741560317fc9602a49ce36a763/analysis/1519900802/"
}
]
}
]
}
}