2023-04-21 13:25:09 +00:00
{
"Event" : {
"analysis" : "0" ,
"date" : "2018-05-11" ,
"extends_uuid" : "" ,
"info" : "Malware Analysis Report (AR18-165A) MAR-10135536-12 \u00e2\u20ac\u201c North Korean Trojan: TYPEFRAME" ,
"publish_timestamp" : "1529240435" ,
"published" : true ,
"threat_level_id" : "3" ,
"timestamp" : "1529239607" ,
"uuid" : "5b265497-b458-4c11-a57c-45db02de0b81" ,
"Orgc" : {
"name" : "CIRCL" ,
"uuid" : "55f6ea5e-2c60-40e5-964f-47a8950d210f"
} ,
"Tag" : [
{
"colour" : "#ffffff" ,
2023-05-19 09:05:37 +00:00
"local" : "0" ,
"name" : "tlp:white" ,
"relationship_type" : ""
2023-04-21 13:25:09 +00:00
} ,
{
"colour" : "#13eb00" ,
2023-05-19 09:05:37 +00:00
"local" : "0" ,
"name" : "misp-galaxy:threat-actor=\"Lazarus Group\"" ,
"relationship_type" : ""
2023-04-21 13:25:09 +00:00
}
] ,
"Attribute" : [
{
"category" : "Network activity" ,
"comment" : "" ,
"deleted" : false ,
"disable_correlation" : false ,
"timestamp" : "1529238828" ,
"to_ids" : true ,
"type" : "ip-dst" ,
"uuid" : "eb2fc06f-a0a1-4f4a-bea3-adab040d70ff" ,
"value" : "181.119.19.56"
} ,
{
"category" : "Network activity" ,
"comment" : "" ,
"deleted" : false ,
"disable_correlation" : false ,
"timestamp" : "1529238828" ,
"to_ids" : true ,
"type" : "ip-dst" ,
"uuid" : "7c86a82b-ba54-4ff1-8705-e11f3f7141e7" ,
"value" : "98.101.211.162"
} ,
{
"category" : "Network activity" ,
"comment" : "" ,
"deleted" : false ,
"disable_correlation" : false ,
"timestamp" : "1529238828" ,
"to_ids" : true ,
"type" : "ip-dst" ,
"uuid" : "7ee15758-a1b1-430e-9c0d-99de31050d3f" ,
"value" : "59.90.93.97"
} ,
{
"category" : "Network activity" ,
"comment" : "" ,
"deleted" : false ,
"disable_correlation" : false ,
"timestamp" : "1529238828" ,
"to_ids" : true ,
"type" : "ip-dst" ,
"uuid" : "2735b91e-6dfa-4588-a0d6-28fb8d167d7e" ,
"value" : "111.207.78.204"
} ,
{
"category" : "Network activity" ,
"comment" : "" ,
"deleted" : false ,
"disable_correlation" : false ,
"timestamp" : "1529238828" ,
"to_ids" : true ,
"type" : "ip-dst" ,
"uuid" : "0987500d-f42e-44f8-95fc-d18c1b1093af" ,
"value" : "80.91.118.45"
} ,
{
"category" : "Network activity" ,
"comment" : "" ,
"deleted" : false ,
"disable_correlation" : false ,
"timestamp" : "1529238828" ,
"to_ids" : true ,
"type" : "ip-dst" ,
"uuid" : "7b0d562b-47d2-442d-b783-db5287da59ac" ,
"value" : "81.0.213.173"
} ,
{
"category" : "Network activity" ,
"comment" : "" ,
"deleted" : false ,
"disable_correlation" : false ,
"timestamp" : "1529238828" ,
"to_ids" : true ,
"type" : "ip-dst" ,
"uuid" : "e4484d7e-0ce1-4aaf-860d-dbbdb89e6aca" ,
"value" : "184.107.209.2"
} ,
{
"category" : "External analysis" ,
"comment" : "" ,
"deleted" : false ,
"disable_correlation" : false ,
"timestamp" : "1529238986" ,
"to_ids" : false ,
"type" : "link" ,
"uuid" : "5b2655ca-0590-41e5-aeec-6a6d02de0b81" ,
"value" : "https://www.us-cert.gov/ncas/analysis-reports/AR18-165A"
} ,
{
"category" : "External analysis" ,
"comment" : "" ,
"deleted" : false ,
"disable_correlation" : false ,
"timestamp" : "1529239098" ,
"to_ids" : false ,
"type" : "text" ,
"uuid" : "5b26563a-5330-43de-aac3-6a6202de0b81" ,
"value" : "This Malware Analysis Report (MAR) is the result of analytic efforts between the Department of Homeland Security (DHS) and the Federal Bureau of Investigation (FBI). Working with U.S. Government partners, DHS and FBI identified Trojan malware variants used by the North Korean government. This malware variant is known as TYPEFRAME. The U.S. Government refers to malicious cyber activity by the North Korean government as HIDDEN COBRA. For more information on HIDDEN COBRA activity, visit https://www.us-cert.gov/hiddencobra.\r\n\r\nDHS and FBI are distributing this MAR to enable network defense and reduce exposure to North Korean government malicious cyber activity.\r\n\r\nThis MAR includes malware descriptions related to HIDDEN COBRA, suggested response actions and recommended mitigation techniques. Users and administrators should flag activity associated with the malware, report the activity to the DHS National Cybersecurity and Communications Integration Center (NCCIC) or the FBI Cyber Watch (CyWatch), and give the activity the highest priority for enhanced mitigation.\r\n\r\nThis malware report contains analysis of 11 malware samples consisting of 32-bit and 64-bit Windows executable files and a malicious Microsoft Word document that contains Visual Basic for Applications (VBA) macros. These files have the capability to download and install malware, install proxy and Remote Access Trojans (RATs), connect to command and control (C2) servers to receive additional instructions, and modify the victim's firewall to allow incoming connections."
} ,
{
"category" : "External analysis" ,
"comment" : "" ,
"deleted" : false ,
"disable_correlation" : false ,
"timestamp" : "1529239195" ,
"to_ids" : false ,
"type" : "text" ,
"uuid" : "5b26569b-4d24-4f80-bfbc-170302de0b81" ,
"value" : "(from CIRCL)\r\nSTIX import of https://www.us-cert.gov/sites/default/files/publications/MAR-10135536-12_WHITE_stix.xml with additional expansions and information from the website (as the STIX original file is not including the meta-data)."
} ,
{
"category" : "External analysis" ,
"comment" : "" ,
"deleted" : false ,
"disable_correlation" : false ,
"timestamp" : "1529239604" ,
"to_ids" : false ,
"type" : "link" ,
"uuid" : "5b265834-3cb0-4d59-a792-6a6d02de0b81" ,
"value" : "https://www.us-cert.gov/sites/default/files/publications/MAR-10135536-12_WHITE_stix.xml"
}
] ,
"Object" : [
{
"comment" : "" ,
"deleted" : false ,
"description" : "File object describing a file with meta-information" ,
"meta-category" : "file" ,
"name" : "file" ,
"template_uuid" : "688c46fb-5edb-40a3-8273-1af7923e2215" ,
"template_version" : "11" ,
"timestamp" : "1529238682" ,
"uuid" : "967ce91b-c8b4-42df-9f74-9e1ac6affd08" ,
"Attribute" : [ ]
} ,
{
"comment" : "" ,
"deleted" : false ,
"description" : "File object describing a file with meta-information" ,
"meta-category" : "file" ,
"name" : "file" ,
"template_uuid" : "688c46fb-5edb-40a3-8273-1af7923e2215" ,
"template_version" : "11" ,
"timestamp" : "1529238684" ,
"uuid" : "0dbb16a9-0269-4682-a179-1d6891ff30b1" ,
"Attribute" : [ ]
} ,
{
"comment" : "" ,
"deleted" : false ,
"description" : "File object describing a file with meta-information" ,
"meta-category" : "file" ,
"name" : "file" ,
"template_uuid" : "688c46fb-5edb-40a3-8273-1af7923e2215" ,
"template_version" : "11" ,
"timestamp" : "1529238685" ,
"uuid" : "ff95cbea-219e-4242-9f7d-a2d16a013a7b" ,
"Attribute" : [ ]
} ,
{
"comment" : "" ,
"deleted" : false ,
"description" : "File object describing a file with meta-information" ,
"meta-category" : "file" ,
"name" : "file" ,
"template_uuid" : "688c46fb-5edb-40a3-8273-1af7923e2215" ,
"template_version" : "11" ,
"timestamp" : "1529238686" ,
"uuid" : "fd483ddd-cdc3-4296-8a89-c467247ede98" ,
"Attribute" : [ ]
} ,
{
"comment" : "" ,
"deleted" : false ,
"description" : "File object describing a file with meta-information" ,
"meta-category" : "file" ,
"name" : "file" ,
"template_uuid" : "688c46fb-5edb-40a3-8273-1af7923e2215" ,
"template_version" : "11" ,
"timestamp" : "1529238688" ,
"uuid" : "7f5198c2-fd93-4401-80fa-e24b6a99bb3c" ,
"Attribute" : [ ]
} ,
{
"comment" : "" ,
"deleted" : false ,
"description" : "File object describing a file with meta-information" ,
"meta-category" : "file" ,
"name" : "file" ,
"template_uuid" : "688c46fb-5edb-40a3-8273-1af7923e2215" ,
"template_version" : "11" ,
"timestamp" : "1529238689" ,
"uuid" : "345a90a3-5de7-44a1-8a57-a1a8999a1af5" ,
"Attribute" : [ ]
} ,
{
"comment" : "" ,
"deleted" : false ,
"description" : "File object describing a file with meta-information" ,
"meta-category" : "file" ,
"name" : "file" ,
"template_uuid" : "688c46fb-5edb-40a3-8273-1af7923e2215" ,
"template_version" : "11" ,
"timestamp" : "1529238690" ,
"uuid" : "b94caa3a-5603-431b-8822-cca2a4ffa678" ,
"Attribute" : [ ]
} ,
{
"comment" : "" ,
"deleted" : false ,
"description" : "File object describing a file with meta-information" ,
"meta-category" : "file" ,
"name" : "file" ,
"template_uuid" : "688c46fb-5edb-40a3-8273-1af7923e2215" ,
"template_version" : "11" ,
"timestamp" : "1529238692" ,
"uuid" : "bfc7f514-369a-40a2-9462-95c6228df9a4" ,
"Attribute" : [ ]
} ,
{
"comment" : "" ,
"deleted" : false ,
"description" : "File object describing a file with meta-information" ,
"meta-category" : "file" ,
"name" : "file" ,
"template_uuid" : "688c46fb-5edb-40a3-8273-1af7923e2215" ,
"template_version" : "11" ,
"timestamp" : "1529238693" ,
"uuid" : "d9231a73-1ae1-4e99-877c-e6080aef6fd5" ,
"Attribute" : [ ]
} ,
{
"comment" : "" ,
"deleted" : false ,
"description" : "File object describing a file with meta-information" ,
"meta-category" : "file" ,
"name" : "file" ,
"template_uuid" : "688c46fb-5edb-40a3-8273-1af7923e2215" ,
"template_version" : "11" ,
"timestamp" : "1529238695" ,
"uuid" : "e60aa2a5-bc11-4df9-9241-defe23af60a1" ,
"Attribute" : [ ]
} ,
{
"comment" : "" ,
"deleted" : false ,
"description" : "File object describing a file with meta-information" ,
"meta-category" : "file" ,
"name" : "file" ,
"template_uuid" : "688c46fb-5edb-40a3-8273-1af7923e2215" ,
"template_version" : "11" ,
"timestamp" : "1529238696" ,
"uuid" : "ba4427c1-fc81-40e9-a10b-d14a0a20711d" ,
"Attribute" : [ ]
} ,
{
"comment" : "" ,
"deleted" : false ,
"description" : "File object describing a file with meta-information" ,
"meta-category" : "file" ,
"name" : "file" ,
"template_uuid" : "688c46fb-5edb-40a3-8273-1af7923e2215" ,
"template_version" : "11" ,
"timestamp" : "1529238697" ,
"uuid" : "ac98153a-ec7f-4c54-b563-7917339cee04" ,
"Attribute" : [ ]
} ,
{
"comment" : "" ,
"deleted" : false ,
"description" : "File object describing a file with meta-information" ,
"meta-category" : "file" ,
"name" : "file" ,
"template_uuid" : "688c46fb-5edb-40a3-8273-1af7923e2215" ,
"template_version" : "11" ,
"timestamp" : "1529238699" ,
"uuid" : "4afa330b-5bde-4778-b833-ba0ccdf53b67" ,
"Attribute" : [ ]
} ,
{
"comment" : "" ,
"deleted" : false ,
"description" : "File object describing a file with meta-information" ,
"meta-category" : "file" ,
"name" : "file" ,
"template_uuid" : "688c46fb-5edb-40a3-8273-1af7923e2215" ,
"template_version" : "11" ,
"timestamp" : "1529238701" ,
"uuid" : "98db396b-fa79-441a-9ac6-f5c4b8ce4709" ,
"Attribute" : [ ]
} ,
{
"comment" : "" ,
"deleted" : false ,
"description" : "Object describing a section of a Portable Executable" ,
"meta-category" : "file" ,
"name" : "pe-section" ,
"template_uuid" : "198a17d2-a135-4b25-9a32-5aa4e632014a" ,
"template_version" : "2" ,
"timestamp" : "1529238702" ,
"uuid" : "7dd632d5-39a8-491a-80cc-c163755c56db" ,
"Attribute" : [ ]
} ,
{
"comment" : "" ,
"deleted" : false ,
"description" : "Object describing a section of a Portable Executable" ,
"meta-category" : "file" ,
"name" : "pe-section" ,
"template_uuid" : "198a17d2-a135-4b25-9a32-5aa4e632014a" ,
"template_version" : "2" ,
"timestamp" : "1529238702" ,
"uuid" : "c22f54ef-0428-4b7e-aab1-c0ba1b6259ea" ,
"Attribute" : [ ]
} ,
{
"comment" : "" ,
"deleted" : false ,
"description" : "Object describing a section of a Portable Executable" ,
"meta-category" : "file" ,
"name" : "pe-section" ,
"template_uuid" : "198a17d2-a135-4b25-9a32-5aa4e632014a" ,
"template_version" : "2" ,
"timestamp" : "1529238703" ,
"uuid" : "be6d670d-923a-411a-97db-bf73901abf56" ,
"Attribute" : [ ]
} ,
{
"comment" : "" ,
"deleted" : false ,
"description" : "Object describing a section of a Portable Executable" ,
"meta-category" : "file" ,
"name" : "pe-section" ,
"template_uuid" : "198a17d2-a135-4b25-9a32-5aa4e632014a" ,
"template_version" : "2" ,
"timestamp" : "1529238703" ,
"uuid" : "b8e7aa5e-5681-4393-8581-a207f6651129" ,
"Attribute" : [ ]
} ,
{
"comment" : "" ,
"deleted" : false ,
"description" : "Object describing a Portable Executable" ,
"meta-category" : "file" ,
"name" : "pe" ,
"template_uuid" : "cf7adecc-d4f0-4e88-9d90-f978ee151a07" ,
"template_version" : "3" ,
"timestamp" : "1529238707" ,
"uuid" : "3a9a5628-14e1-4f29-8722-93e142a93add" ,
"ObjectReference" : [
{
"comment" : "" ,
"object_uuid" : "3a9a5628-14e1-4f29-8722-93e142a93add" ,
"referenced_uuid" : "7dd632d5-39a8-491a-80cc-c163755c56db" ,
"relationship_type" : "included-in" ,
"timestamp" : "1529238781" ,
"uuid" : "5b2654fd-16c8-4061-90c4-4e1202de0b81"
} ,
{
"comment" : "" ,
"object_uuid" : "3a9a5628-14e1-4f29-8722-93e142a93add" ,
"referenced_uuid" : "c22f54ef-0428-4b7e-aab1-c0ba1b6259ea" ,
"relationship_type" : "included-in" ,
"timestamp" : "1529238781" ,
"uuid" : "5b2654fd-6b74-40ce-b051-4c2602de0b81"
} ,
{
"comment" : "" ,
"object_uuid" : "3a9a5628-14e1-4f29-8722-93e142a93add" ,
"referenced_uuid" : "be6d670d-923a-411a-97db-bf73901abf56" ,
"relationship_type" : "included-in" ,
"timestamp" : "1529238781" ,
"uuid" : "5b2654fd-8304-44bc-8bc5-445b02de0b81"
} ,
{
"comment" : "" ,
"object_uuid" : "3a9a5628-14e1-4f29-8722-93e142a93add" ,
"referenced_uuid" : "b8e7aa5e-5681-4393-8581-a207f6651129" ,
"relationship_type" : "included-in" ,
"timestamp" : "1529238781" ,
"uuid" : "5b2654fd-88d8-43ec-aa61-477902de0b81"
}
] ,
"Attribute" : [ ]
} ,
{
"comment" : "" ,
"deleted" : false ,
"description" : "File object describing a file with meta-information" ,
"meta-category" : "file" ,
"name" : "file" ,
"template_uuid" : "688c46fb-5edb-40a3-8273-1af7923e2215" ,
"template_version" : "11" ,
"timestamp" : "1529238707" ,
"uuid" : "331a2fb4-3f10-45ca-89c9-60cf96c9205f" ,
"ObjectReference" : [
{
"comment" : "" ,
"object_uuid" : "331a2fb4-3f10-45ca-89c9-60cf96c9205f" ,
"referenced_uuid" : "3a9a5628-14e1-4f29-8722-93e142a93add" ,
"relationship_type" : "included-in" ,
"timestamp" : "1529238781" ,
"uuid" : "5b2654fd-6b44-4a88-934f-4e4c02de0b81"
} ,
{
"comment" : "" ,
"object_uuid" : "331a2fb4-3f10-45ca-89c9-60cf96c9205f" ,
"referenced_uuid" : "2c6f9016-4377-447f-84df-ddc4c2d59f35" ,
"relationship_type" : "contains" ,
"timestamp" : "1529238781" ,
"uuid" : "5b2654fd-1748-4c75-9e70-4c3602de0b81"
}
] ,
"Attribute" : [ ]
} ,
{
"comment" : "" ,
"deleted" : false ,
"description" : "Object describing a section of a Portable Executable" ,
"meta-category" : "file" ,
"name" : "pe-section" ,
"template_uuid" : "198a17d2-a135-4b25-9a32-5aa4e632014a" ,
"template_version" : "2" ,
"timestamp" : "1529238706" ,
"uuid" : "2e3d47fa-ccc7-4549-8005-9d0b2481219a" ,
"Attribute" : [ ]
} ,
{
"comment" : "" ,
"deleted" : false ,
"description" : "Object describing a section of a Portable Executable" ,
"meta-category" : "file" ,
"name" : "pe-section" ,
"template_uuid" : "198a17d2-a135-4b25-9a32-5aa4e632014a" ,
"template_version" : "2" ,
"timestamp" : "1529238707" ,
"uuid" : "81c54539-acd4-4f39-981f-2c07d8e783df" ,
"Attribute" : [ ]
} ,
{
"comment" : "" ,
"deleted" : false ,
"description" : "Object describing a section of a Portable Executable" ,
"meta-category" : "file" ,
"name" : "pe-section" ,
"template_uuid" : "198a17d2-a135-4b25-9a32-5aa4e632014a" ,
"template_version" : "2" ,
"timestamp" : "1529238707" ,
"uuid" : "6a9e84ce-dc0b-48a5-a1b3-a70f871f6a08" ,
"Attribute" : [ ]
} ,
{
"comment" : "" ,
"deleted" : false ,
"description" : "Object describing a section of a Portable Executable" ,
"meta-category" : "file" ,
"name" : "pe-section" ,
"template_uuid" : "198a17d2-a135-4b25-9a32-5aa4e632014a" ,
"template_version" : "2" ,
"timestamp" : "1529238708" ,
"uuid" : "510ac6ad-b6d5-4be7-9a51-0ad210190eff" ,
"Attribute" : [ ]
} ,
{
"comment" : "" ,
"deleted" : false ,
"description" : "Object describing a section of a Portable Executable" ,
"meta-category" : "file" ,
"name" : "pe-section" ,
"template_uuid" : "198a17d2-a135-4b25-9a32-5aa4e632014a" ,
"template_version" : "2" ,
"timestamp" : "1529238709" ,
"uuid" : "f127c64b-bf6c-4448-a66f-b455d9f0a695" ,
"Attribute" : [ ]
} ,
{
"comment" : "" ,
"deleted" : false ,
"description" : "Object describing a section of a Portable Executable" ,
"meta-category" : "file" ,
"name" : "pe-section" ,
"template_uuid" : "198a17d2-a135-4b25-9a32-5aa4e632014a" ,
"template_version" : "2" ,
"timestamp" : "1529238709" ,
"uuid" : "72f0a63e-d53f-423b-b762-096a7f70ba1c" ,
"Attribute" : [ ]
} ,
{
"comment" : "" ,
"deleted" : false ,
"description" : "Object describing a Portable Executable" ,
"meta-category" : "file" ,
"name" : "pe" ,
"template_uuid" : "cf7adecc-d4f0-4e88-9d90-f978ee151a07" ,
"template_version" : "3" ,
"timestamp" : "1529238713" ,
"uuid" : "f11af508-fb9e-49a3-a5ef-ed176fa9057b" ,
"ObjectReference" : [
{
"comment" : "" ,
"object_uuid" : "f11af508-fb9e-49a3-a5ef-ed176fa9057b" ,
"referenced_uuid" : "2e3d47fa-ccc7-4549-8005-9d0b2481219a" ,
"relationship_type" : "included-in" ,
"timestamp" : "1529238782" ,
"uuid" : "5b2654fe-263c-4c49-9ece-4b1f02de0b81"
} ,
{
"comment" : "" ,
"object_uuid" : "f11af508-fb9e-49a3-a5ef-ed176fa9057b" ,
"referenced_uuid" : "81c54539-acd4-4f39-981f-2c07d8e783df" ,
"relationship_type" : "included-in" ,
"timestamp" : "1529238782" ,
"uuid" : "5b2654fe-c864-4a39-9163-45b802de0b81"
} ,
{
"comment" : "" ,
"object_uuid" : "f11af508-fb9e-49a3-a5ef-ed176fa9057b" ,
"referenced_uuid" : "6a9e84ce-dc0b-48a5-a1b3-a70f871f6a08" ,
"relationship_type" : "included-in" ,
"timestamp" : "1529238782" ,
"uuid" : "5b2654fe-f5d0-4329-89b8-437b02de0b81"
} ,
{
"comment" : "" ,
"object_uuid" : "f11af508-fb9e-49a3-a5ef-ed176fa9057b" ,
"referenced_uuid" : "510ac6ad-b6d5-4be7-9a51-0ad210190eff" ,
"relationship_type" : "included-in" ,
"timestamp" : "1529238782" ,
"uuid" : "5b2654fe-70b8-4c8e-a676-4bc802de0b81"
} ,
{
"comment" : "" ,
"object_uuid" : "f11af508-fb9e-49a3-a5ef-ed176fa9057b" ,
"referenced_uuid" : "f127c64b-bf6c-4448-a66f-b455d9f0a695" ,
"relationship_type" : "included-in" ,
"timestamp" : "1529238782" ,
"uuid" : "5b2654fe-ead8-4812-9c20-407602de0b81"
} ,
{
"comment" : "" ,
"object_uuid" : "f11af508-fb9e-49a3-a5ef-ed176fa9057b" ,
"referenced_uuid" : "72f0a63e-d53f-423b-b762-096a7f70ba1c" ,
"relationship_type" : "included-in" ,
"timestamp" : "1529238782" ,
"uuid" : "5b2654fe-1bc8-4b33-90b3-423002de0b81"
}
] ,
"Attribute" : [ ]
} ,
{
"comment" : "" ,
"deleted" : false ,
"description" : "File object describing a file with meta-information" ,
"meta-category" : "file" ,
"name" : "file" ,
"template_uuid" : "688c46fb-5edb-40a3-8273-1af7923e2215" ,
"template_version" : "11" ,
"timestamp" : "1529238713" ,
"uuid" : "2c6f9016-4377-447f-84df-ddc4c2d59f35" ,
"ObjectReference" : [
{
"comment" : "" ,
"object_uuid" : "2c6f9016-4377-447f-84df-ddc4c2d59f35" ,
"referenced_uuid" : "f11af508-fb9e-49a3-a5ef-ed176fa9057b" ,
"relationship_type" : "included-in" ,
"timestamp" : "1529238782" ,
"uuid" : "5b2654fe-a268-437b-b1af-42fd02de0b81"
} ,
{
"comment" : "" ,
"object_uuid" : "2c6f9016-4377-447f-84df-ddc4c2d59f35" ,
"referenced_uuid" : "331a2fb4-3f10-45ca-89c9-60cf96c9205f" ,
"relationship_type" : "contained-within" ,
"timestamp" : "1529238782" ,
"uuid" : "5b2654fe-12dc-48a8-ad53-4cf902de0b81"
}
] ,
"Attribute" : [ ]
} ,
{
"comment" : "" ,
"deleted" : false ,
"description" : "Object describing a section of a Portable Executable" ,
"meta-category" : "file" ,
"name" : "pe-section" ,
"template_uuid" : "198a17d2-a135-4b25-9a32-5aa4e632014a" ,
"template_version" : "2" ,
"timestamp" : "1529238712" ,
"uuid" : "33e578e5-10bc-4442-9737-ff332c9c2bbd" ,
"Attribute" : [ ]
} ,
{
"comment" : "" ,
"deleted" : false ,
"description" : "Object describing a section of a Portable Executable" ,
"meta-category" : "file" ,
"name" : "pe-section" ,
"template_uuid" : "198a17d2-a135-4b25-9a32-5aa4e632014a" ,
"template_version" : "2" ,
"timestamp" : "1529238713" ,
"uuid" : "d54ec2e8-330d-496a-bd90-c388db285a90" ,
"Attribute" : [ ]
} ,
{
"comment" : "" ,
"deleted" : false ,
"description" : "Object describing a section of a Portable Executable" ,
"meta-category" : "file" ,
"name" : "pe-section" ,
"template_uuid" : "198a17d2-a135-4b25-9a32-5aa4e632014a" ,
"template_version" : "2" ,
"timestamp" : "1529238713" ,
"uuid" : "cad943d1-b772-45d8-8cd1-7e3fde522cf7" ,
"Attribute" : [ ]
} ,
{
"comment" : "" ,
"deleted" : false ,
"description" : "Object describing a section of a Portable Executable" ,
"meta-category" : "file" ,
"name" : "pe-section" ,
"template_uuid" : "198a17d2-a135-4b25-9a32-5aa4e632014a" ,
"template_version" : "2" ,
"timestamp" : "1529238714" ,
"uuid" : "c07156a8-22b8-4496-9173-632a17da707a" ,
"Attribute" : [ ]
} ,
{
"comment" : "" ,
"deleted" : false ,
"description" : "Object describing a Portable Executable" ,
"meta-category" : "file" ,
"name" : "pe" ,
"template_uuid" : "cf7adecc-d4f0-4e88-9d90-f978ee151a07" ,
"template_version" : "3" ,
"timestamp" : "1529238717" ,
"uuid" : "8b080900-6adf-4dd5-a3e3-470c719f6041" ,
"ObjectReference" : [
{
"comment" : "" ,
"object_uuid" : "8b080900-6adf-4dd5-a3e3-470c719f6041" ,
"referenced_uuid" : "33e578e5-10bc-4442-9737-ff332c9c2bbd" ,
"relationship_type" : "included-in" ,
"timestamp" : "1529238782" ,
"uuid" : "5b2654fe-5184-41fe-acec-47f002de0b81"
} ,
{
"comment" : "" ,
"object_uuid" : "8b080900-6adf-4dd5-a3e3-470c719f6041" ,
"referenced_uuid" : "d54ec2e8-330d-496a-bd90-c388db285a90" ,
"relationship_type" : "included-in" ,
"timestamp" : "1529238782" ,
"uuid" : "5b2654fe-dd58-402c-8b13-41d002de0b81"
} ,
{
"comment" : "" ,
"object_uuid" : "8b080900-6adf-4dd5-a3e3-470c719f6041" ,
"referenced_uuid" : "cad943d1-b772-45d8-8cd1-7e3fde522cf7" ,
"relationship_type" : "included-in" ,
"timestamp" : "1529238782" ,
"uuid" : "5b2654fe-7cf8-4b95-99be-40e202de0b81"
} ,
{
"comment" : "" ,
"object_uuid" : "8b080900-6adf-4dd5-a3e3-470c719f6041" ,
"referenced_uuid" : "c07156a8-22b8-4496-9173-632a17da707a" ,
"relationship_type" : "included-in" ,
"timestamp" : "1529238782" ,
"uuid" : "5b2654fe-ddb4-483c-9c29-491202de0b81"
}
] ,
"Attribute" : [ ]
} ,
{
"comment" : "" ,
"deleted" : false ,
"description" : "File object describing a file with meta-information" ,
"meta-category" : "file" ,
"name" : "file" ,
"template_uuid" : "688c46fb-5edb-40a3-8273-1af7923e2215" ,
"template_version" : "11" ,
"timestamp" : "1529238718" ,
"uuid" : "bd2613b3-ef57-4c37-9e55-26e51493ba3a" ,
"ObjectReference" : [
{
"comment" : "" ,
"object_uuid" : "bd2613b3-ef57-4c37-9e55-26e51493ba3a" ,
"referenced_uuid" : "8b080900-6adf-4dd5-a3e3-470c719f6041" ,
"relationship_type" : "included-in" ,
"timestamp" : "1529238782" ,
"uuid" : "5b2654fe-e1b8-497f-abba-435c02de0b81"
} ,
{
"comment" : "" ,
"object_uuid" : "bd2613b3-ef57-4c37-9e55-26e51493ba3a" ,
"referenced_uuid" : "16c183f2-2c3f-4304-ad99-9e19c2323ee0" ,
"relationship_type" : "contains" ,
"timestamp" : "1529238782" ,
"uuid" : "5b2654fe-035c-4d12-b220-4f9602de0b81"
}
] ,
"Attribute" : [ ]
} ,
{
"comment" : "" ,
"deleted" : false ,
"description" : "Object describing a section of a Portable Executable" ,
"meta-category" : "file" ,
"name" : "pe-section" ,
"template_uuid" : "198a17d2-a135-4b25-9a32-5aa4e632014a" ,
"template_version" : "2" ,
"timestamp" : "1529238717" ,
"uuid" : "4d0aac8e-a228-4186-9626-37b23b6e06a3" ,
"Attribute" : [ ]
} ,
{
"comment" : "" ,
"deleted" : false ,
"description" : "Object describing a section of a Portable Executable" ,
"meta-category" : "file" ,
"name" : "pe-section" ,
"template_uuid" : "198a17d2-a135-4b25-9a32-5aa4e632014a" ,
"template_version" : "2" ,
"timestamp" : "1529238717" ,
"uuid" : "d25a50ab-2499-4d07-9ea8-d8db37a2a9ec" ,
"Attribute" : [ ]
} ,
{
"comment" : "" ,
"deleted" : false ,
"description" : "Object describing a section of a Portable Executable" ,
"meta-category" : "file" ,
"name" : "pe-section" ,
"template_uuid" : "198a17d2-a135-4b25-9a32-5aa4e632014a" ,
"template_version" : "2" ,
"timestamp" : "1529238718" ,
"uuid" : "43459484-03b7-4d3a-a023-d25e2950b7c6" ,
"Attribute" : [ ]
} ,
{
"comment" : "" ,
"deleted" : false ,
"description" : "Object describing a section of a Portable Executable" ,
"meta-category" : "file" ,
"name" : "pe-section" ,
"template_uuid" : "198a17d2-a135-4b25-9a32-5aa4e632014a" ,
"template_version" : "2" ,
"timestamp" : "1529238719" ,
"uuid" : "612783c6-7d6a-4f3b-999b-804d7dc94585" ,
"Attribute" : [ ]
} ,
{
"comment" : "" ,
"deleted" : false ,
"description" : "Object describing a section of a Portable Executable" ,
"meta-category" : "file" ,
"name" : "pe-section" ,
"template_uuid" : "198a17d2-a135-4b25-9a32-5aa4e632014a" ,
"template_version" : "2" ,
"timestamp" : "1529238719" ,
"uuid" : "017ac5c4-1f99-40ea-9b0e-845d1536894d" ,
"Attribute" : [ ]
} ,
{
"comment" : "" ,
"deleted" : false ,
"description" : "Object describing a section of a Portable Executable" ,
"meta-category" : "file" ,
"name" : "pe-section" ,
"template_uuid" : "198a17d2-a135-4b25-9a32-5aa4e632014a" ,
"template_version" : "2" ,
"timestamp" : "1529238720" ,
"uuid" : "938b67a4-6ddb-4390-8ba5-11137948a333" ,
"Attribute" : [ ]
} ,
{
"comment" : "" ,
"deleted" : false ,
"description" : "Object describing a Portable Executable" ,
"meta-category" : "file" ,
"name" : "pe" ,
"template_uuid" : "cf7adecc-d4f0-4e88-9d90-f978ee151a07" ,
"template_version" : "3" ,
"timestamp" : "1529238723" ,
"uuid" : "0d3fcd9f-6a98-4566-b99c-941cf97a58c0" ,
"ObjectReference" : [
{
"comment" : "" ,
"object_uuid" : "0d3fcd9f-6a98-4566-b99c-941cf97a58c0" ,
"referenced_uuid" : "4d0aac8e-a228-4186-9626-37b23b6e06a3" ,
"relationship_type" : "included-in" ,
"timestamp" : "1529238782" ,
"uuid" : "5b2654fe-32ec-461e-869d-488702de0b81"
} ,
{
"comment" : "" ,
"object_uuid" : "0d3fcd9f-6a98-4566-b99c-941cf97a58c0" ,
"referenced_uuid" : "d25a50ab-2499-4d07-9ea8-d8db37a2a9ec" ,
"relationship_type" : "included-in" ,
"timestamp" : "1529238782" ,
"uuid" : "5b2654fe-d6f8-47f3-aa4d-4fab02de0b81"
} ,
{
"comment" : "" ,
"object_uuid" : "0d3fcd9f-6a98-4566-b99c-941cf97a58c0" ,
"referenced_uuid" : "43459484-03b7-4d3a-a023-d25e2950b7c6" ,
"relationship_type" : "included-in" ,
"timestamp" : "1529238782" ,
"uuid" : "5b2654fe-d884-482b-b8e9-4cc202de0b81"
} ,
{
"comment" : "" ,
"object_uuid" : "0d3fcd9f-6a98-4566-b99c-941cf97a58c0" ,
"referenced_uuid" : "612783c6-7d6a-4f3b-999b-804d7dc94585" ,
"relationship_type" : "included-in" ,
"timestamp" : "1529238782" ,
"uuid" : "5b2654fe-ed98-4778-976b-426002de0b81"
} ,
{
"comment" : "" ,
"object_uuid" : "0d3fcd9f-6a98-4566-b99c-941cf97a58c0" ,
"referenced_uuid" : "017ac5c4-1f99-40ea-9b0e-845d1536894d" ,
"relationship_type" : "included-in" ,
"timestamp" : "1529238782" ,
"uuid" : "5b2654fe-7418-4b62-a619-48c702de0b81"
} ,
{
"comment" : "" ,
"object_uuid" : "0d3fcd9f-6a98-4566-b99c-941cf97a58c0" ,
"referenced_uuid" : "938b67a4-6ddb-4390-8ba5-11137948a333" ,
"relationship_type" : "included-in" ,
"timestamp" : "1529238783" ,
"uuid" : "5b2654ff-8888-4367-a13a-43ae02de0b81"
}
] ,
"Attribute" : [ ]
} ,
{
"comment" : "" ,
"deleted" : false ,
"description" : "File object describing a file with meta-information" ,
"meta-category" : "file" ,
"name" : "file" ,
"template_uuid" : "688c46fb-5edb-40a3-8273-1af7923e2215" ,
"template_version" : "11" ,
"timestamp" : "1529238724" ,
"uuid" : "16c183f2-2c3f-4304-ad99-9e19c2323ee0" ,
"ObjectReference" : [
{
"comment" : "" ,
"object_uuid" : "16c183f2-2c3f-4304-ad99-9e19c2323ee0" ,
"referenced_uuid" : "0d3fcd9f-6a98-4566-b99c-941cf97a58c0" ,
"relationship_type" : "included-in" ,
"timestamp" : "1529238783" ,
"uuid" : "5b2654ff-7434-4c90-b37a-449802de0b81"
} ,
{
"comment" : "" ,
"object_uuid" : "16c183f2-2c3f-4304-ad99-9e19c2323ee0" ,
"referenced_uuid" : "bd2613b3-ef57-4c37-9e55-26e51493ba3a" ,
"relationship_type" : "contained-within" ,
"timestamp" : "1529238783" ,
"uuid" : "5b2654ff-51d0-45c4-ad5b-4f1302de0b81"
}
] ,
"Attribute" : [ ]
} ,
{
"comment" : "" ,
"deleted" : false ,
"description" : "Object describing a section of a Portable Executable" ,
"meta-category" : "file" ,
"name" : "pe-section" ,
"template_uuid" : "198a17d2-a135-4b25-9a32-5aa4e632014a" ,
"template_version" : "2" ,
"timestamp" : "1529238723" ,
"uuid" : "2071bf37-4d11-4e1c-8a09-222cc01f3222" ,
"Attribute" : [ ]
} ,
{
"comment" : "" ,
"deleted" : false ,
"description" : "Object describing a section of a Portable Executable" ,
"meta-category" : "file" ,
"name" : "pe-section" ,
"template_uuid" : "198a17d2-a135-4b25-9a32-5aa4e632014a" ,
"template_version" : "2" ,
"timestamp" : "1529238724" ,
"uuid" : "5cea7400-2394-4125-a49b-64c020a3b2bf" ,
"Attribute" : [ ]
} ,
{
"comment" : "" ,
"deleted" : false ,
"description" : "Object describing a section of a Portable Executable" ,
"meta-category" : "file" ,
"name" : "pe-section" ,
"template_uuid" : "198a17d2-a135-4b25-9a32-5aa4e632014a" ,
"template_version" : "2" ,
"timestamp" : "1529238724" ,
"uuid" : "93c1fd93-dc41-40fa-8489-d2e820dcf54d" ,
"Attribute" : [ ]
} ,
{
"comment" : "" ,
"deleted" : false ,
"description" : "Object describing a section of a Portable Executable" ,
"meta-category" : "file" ,
"name" : "pe-section" ,
"template_uuid" : "198a17d2-a135-4b25-9a32-5aa4e632014a" ,
"template_version" : "2" ,
"timestamp" : "1529238725" ,
"uuid" : "fc5536a3-c1a4-4d19-aa3c-537ae72c0e37" ,
"Attribute" : [ ]
} ,
{
"comment" : "" ,
"deleted" : false ,
"description" : "Object describing a section of a Portable Executable" ,
"meta-category" : "file" ,
"name" : "pe-section" ,
"template_uuid" : "198a17d2-a135-4b25-9a32-5aa4e632014a" ,
"template_version" : "2" ,
"timestamp" : "1529238725" ,
"uuid" : "77a11458-9cba-4925-9e68-d34ffb6eb580" ,
"Attribute" : [ ]
} ,
{
"comment" : "" ,
"deleted" : false ,
"description" : "Object describing a section of a Portable Executable" ,
"meta-category" : "file" ,
"name" : "pe-section" ,
"template_uuid" : "198a17d2-a135-4b25-9a32-5aa4e632014a" ,
"template_version" : "2" ,
"timestamp" : "1529238726" ,
"uuid" : "d2bf0fa0-fd39-439c-ad04-c4b74103d928" ,
"Attribute" : [ ]
} ,
{
"comment" : "" ,
"deleted" : false ,
"description" : "Object describing a section of a Portable Executable" ,
"meta-category" : "file" ,
"name" : "pe-section" ,
"template_uuid" : "198a17d2-a135-4b25-9a32-5aa4e632014a" ,
"template_version" : "2" ,
"timestamp" : "1529238727" ,
"uuid" : "a68ac63a-c404-4f51-b5c3-a08c64b8c812" ,
"Attribute" : [ ]
} ,
{
"comment" : "" ,
"deleted" : false ,
"description" : "Object describing a section of a Portable Executable" ,
"meta-category" : "file" ,
"name" : "pe-section" ,
"template_uuid" : "198a17d2-a135-4b25-9a32-5aa4e632014a" ,
"template_version" : "2" ,
"timestamp" : "1529238727" ,
"uuid" : "9ed27605-49ae-4ddf-99b5-323110f08166" ,
"Attribute" : [ ]
} ,
{
"comment" : "" ,
"deleted" : false ,
"description" : "Object describing a section of a Portable Executable" ,
"meta-category" : "file" ,
"name" : "pe-section" ,
"template_uuid" : "198a17d2-a135-4b25-9a32-5aa4e632014a" ,
"template_version" : "2" ,
"timestamp" : "1529238728" ,
"uuid" : "c5188fa1-89e6-4034-b190-37d19d99693b" ,
"Attribute" : [ ]
} ,
{
"comment" : "" ,
"deleted" : false ,
"description" : "Object describing a section of a Portable Executable" ,
"meta-category" : "file" ,
"name" : "pe-section" ,
"template_uuid" : "198a17d2-a135-4b25-9a32-5aa4e632014a" ,
"template_version" : "2" ,
"timestamp" : "1529238728" ,
"uuid" : "bc1321a7-4ee5-4a27-8740-e98e3790543e" ,
"Attribute" : [ ]
} ,
{
"comment" : "" ,
"deleted" : false ,
"description" : "Object describing a section of a Portable Executable" ,
"meta-category" : "file" ,
"name" : "pe-section" ,
"template_uuid" : "198a17d2-a135-4b25-9a32-5aa4e632014a" ,
"template_version" : "2" ,
"timestamp" : "1529238729" ,
"uuid" : "6b9a35c8-f016-45f0-bc54-230462e36f3f" ,
"Attribute" : [ ]
} ,
{
"comment" : "" ,
"deleted" : false ,
"description" : "Object describing a Portable Executable" ,
"meta-category" : "file" ,
"name" : "pe" ,
"template_uuid" : "cf7adecc-d4f0-4e88-9d90-f978ee151a07" ,
"template_version" : "3" ,
"timestamp" : "1529238732" ,
"uuid" : "15a888e0-c1b1-46cf-a341-32de4f623862" ,
"ObjectReference" : [
{
"comment" : "" ,
"object_uuid" : "15a888e0-c1b1-46cf-a341-32de4f623862" ,
"referenced_uuid" : "2071bf37-4d11-4e1c-8a09-222cc01f3222" ,
"relationship_type" : "included-in" ,
"timestamp" : "1529238783" ,
"uuid" : "5b2654ff-7e54-46f1-9da2-44fa02de0b81"
} ,
{
"comment" : "" ,
"object_uuid" : "15a888e0-c1b1-46cf-a341-32de4f623862" ,
"referenced_uuid" : "5cea7400-2394-4125-a49b-64c020a3b2bf" ,
"relationship_type" : "included-in" ,
"timestamp" : "1529238783" ,
"uuid" : "5b2654ff-8e54-4c6c-b185-4a7402de0b81"
} ,
{
"comment" : "" ,
"object_uuid" : "15a888e0-c1b1-46cf-a341-32de4f623862" ,
"referenced_uuid" : "93c1fd93-dc41-40fa-8489-d2e820dcf54d" ,
"relationship_type" : "included-in" ,
"timestamp" : "1529238783" ,
"uuid" : "5b2654ff-543c-4cfc-b838-43d702de0b81"
} ,
{
"comment" : "" ,
"object_uuid" : "15a888e0-c1b1-46cf-a341-32de4f623862" ,
"referenced_uuid" : "fc5536a3-c1a4-4d19-aa3c-537ae72c0e37" ,
"relationship_type" : "included-in" ,
"timestamp" : "1529238783" ,
"uuid" : "5b2654ff-f26c-49d7-85d2-4e6a02de0b81"
} ,
{
"comment" : "" ,
"object_uuid" : "15a888e0-c1b1-46cf-a341-32de4f623862" ,
"referenced_uuid" : "77a11458-9cba-4925-9e68-d34ffb6eb580" ,
"relationship_type" : "included-in" ,
"timestamp" : "1529238783" ,
"uuid" : "5b2654ff-c53c-41ad-96b7-446b02de0b81"
} ,
{
"comment" : "" ,
"object_uuid" : "15a888e0-c1b1-46cf-a341-32de4f623862" ,
"referenced_uuid" : "d2bf0fa0-fd39-439c-ad04-c4b74103d928" ,
"relationship_type" : "included-in" ,
"timestamp" : "1529238783" ,
"uuid" : "5b2654ff-5c44-490c-9b30-4a4e02de0b81"
} ,
{
"comment" : "" ,
"object_uuid" : "15a888e0-c1b1-46cf-a341-32de4f623862" ,
"referenced_uuid" : "a68ac63a-c404-4f51-b5c3-a08c64b8c812" ,
"relationship_type" : "included-in" ,
"timestamp" : "1529238783" ,
"uuid" : "5b2654ff-8224-4136-9024-4c2702de0b81"
} ,
{
"comment" : "" ,
"object_uuid" : "15a888e0-c1b1-46cf-a341-32de4f623862" ,
"referenced_uuid" : "9ed27605-49ae-4ddf-99b5-323110f08166" ,
"relationship_type" : "included-in" ,
"timestamp" : "1529238783" ,
"uuid" : "5b2654ff-e3ec-45f4-a295-43f202de0b81"
} ,
{
"comment" : "" ,
"object_uuid" : "15a888e0-c1b1-46cf-a341-32de4f623862" ,
"referenced_uuid" : "c5188fa1-89e6-4034-b190-37d19d99693b" ,
"relationship_type" : "included-in" ,
"timestamp" : "1529238783" ,
"uuid" : "5b2654ff-22b8-4251-a33e-401a02de0b81"
} ,
{
"comment" : "" ,
"object_uuid" : "15a888e0-c1b1-46cf-a341-32de4f623862" ,
"referenced_uuid" : "bc1321a7-4ee5-4a27-8740-e98e3790543e" ,
"relationship_type" : "included-in" ,
"timestamp" : "1529238783" ,
"uuid" : "5b2654ff-c190-4b4c-8e66-4c9b02de0b81"
} ,
{
"comment" : "" ,
"object_uuid" : "15a888e0-c1b1-46cf-a341-32de4f623862" ,
"referenced_uuid" : "6b9a35c8-f016-45f0-bc54-230462e36f3f" ,
"relationship_type" : "included-in" ,
"timestamp" : "1529238783" ,
"uuid" : "5b2654ff-12cc-4490-baa1-44ba02de0b81"
}
] ,
"Attribute" : [ ]
} ,
{
"comment" : "" ,
"deleted" : false ,
"description" : "File object describing a file with meta-information" ,
"meta-category" : "file" ,
"name" : "file" ,
"template_uuid" : "688c46fb-5edb-40a3-8273-1af7923e2215" ,
"template_version" : "11" ,
"timestamp" : "1529239248" ,
"uuid" : "8a65ff90-3aad-4da9-a4be-b8b4a08878d2" ,
"ObjectReference" : [
{
"comment" : "" ,
"object_uuid" : "8a65ff90-3aad-4da9-a4be-b8b4a08878d2" ,
"referenced_uuid" : "15a888e0-c1b1-46cf-a341-32de4f623862" ,
"relationship_type" : "included-in" ,
"timestamp" : "1529238783" ,
"uuid" : "5b2654ff-2e1c-4407-a45f-4b3102de0b81"
} ,
{
"comment" : "" ,
"object_uuid" : "8a65ff90-3aad-4da9-a4be-b8b4a08878d2" ,
"referenced_uuid" : "9dd82afb-73ff-454b-9871-74667f1e28aa" ,
"relationship_type" : "analysed-with" ,
"timestamp" : "1529239250" ,
"uuid" : "5b2656d2-bdc4-4194-b445-409d02de0b81"
}
] ,
"Attribute" : [ ]
} ,
{
"comment" : "" ,
"deleted" : false ,
"description" : "Object describing a section of a Portable Executable" ,
"meta-category" : "file" ,
"name" : "pe-section" ,
"template_uuid" : "198a17d2-a135-4b25-9a32-5aa4e632014a" ,
"template_version" : "2" ,
"timestamp" : "1529238732" ,
"uuid" : "368a60f3-4114-4f9e-ac30-8a6c4c3a15ec" ,
"Attribute" : [ ]
} ,
{
"comment" : "" ,
"deleted" : false ,
"description" : "Object describing a section of a Portable Executable" ,
"meta-category" : "file" ,
"name" : "pe-section" ,
"template_uuid" : "198a17d2-a135-4b25-9a32-5aa4e632014a" ,
"template_version" : "2" ,
"timestamp" : "1529238733" ,
"uuid" : "a615573c-e5d7-49d8-8f56-16b59a758b42" ,
"Attribute" : [ ]
} ,
{
"comment" : "" ,
"deleted" : false ,
"description" : "Object describing a section of a Portable Executable" ,
"meta-category" : "file" ,
"name" : "pe-section" ,
"template_uuid" : "198a17d2-a135-4b25-9a32-5aa4e632014a" ,
"template_version" : "2" ,
"timestamp" : "1529238733" ,
"uuid" : "e9f573b5-0f08-42d6-a8d2-c1078df73115" ,
"Attribute" : [ ]
} ,
{
"comment" : "" ,
"deleted" : false ,
"description" : "Object describing a section of a Portable Executable" ,
"meta-category" : "file" ,
"name" : "pe-section" ,
"template_uuid" : "198a17d2-a135-4b25-9a32-5aa4e632014a" ,
"template_version" : "2" ,
"timestamp" : "1529238734" ,
"uuid" : "3a947450-55ac-48b9-b46c-0b9e70a58cc0" ,
"Attribute" : [ ]
} ,
{
"comment" : "" ,
"deleted" : false ,
"description" : "Object describing a Portable Executable" ,
"meta-category" : "file" ,
"name" : "pe" ,
"template_uuid" : "cf7adecc-d4f0-4e88-9d90-f978ee151a07" ,
"template_version" : "3" ,
"timestamp" : "1529238737" ,
"uuid" : "fc5663b5-c080-45b4-a405-147ca8570626" ,
"ObjectReference" : [
{
"comment" : "" ,
"object_uuid" : "fc5663b5-c080-45b4-a405-147ca8570626" ,
"referenced_uuid" : "368a60f3-4114-4f9e-ac30-8a6c4c3a15ec" ,
"relationship_type" : "included-in" ,
"timestamp" : "1529238783" ,
"uuid" : "5b2654ff-bbc8-4081-9deb-451702de0b81"
} ,
{
"comment" : "" ,
"object_uuid" : "fc5663b5-c080-45b4-a405-147ca8570626" ,
"referenced_uuid" : "a615573c-e5d7-49d8-8f56-16b59a758b42" ,
"relationship_type" : "included-in" ,
"timestamp" : "1529238783" ,
"uuid" : "5b2654ff-1b78-4c39-9629-4cdc02de0b81"
} ,
{
"comment" : "" ,
"object_uuid" : "fc5663b5-c080-45b4-a405-147ca8570626" ,
"referenced_uuid" : "e9f573b5-0f08-42d6-a8d2-c1078df73115" ,
"relationship_type" : "included-in" ,
"timestamp" : "1529238783" ,
"uuid" : "5b2654ff-c6f0-4dc8-88a3-4cbf02de0b81"
} ,
{
"comment" : "" ,
"object_uuid" : "fc5663b5-c080-45b4-a405-147ca8570626" ,
"referenced_uuid" : "3a947450-55ac-48b9-b46c-0b9e70a58cc0" ,
"relationship_type" : "included-in" ,
"timestamp" : "1529238783" ,
"uuid" : "5b2654ff-e050-4764-93ca-425702de0b81"
}
] ,
"Attribute" : [
{
"category" : "Payload delivery" ,
"comment" : "" ,
"deleted" : false ,
"disable_correlation" : true ,
"object_relation" : "internal-filename" ,
"timestamp" : "1529238828" ,
"to_ids" : true ,
"type" : "filename" ,
"uuid" : "c4fb6b8d-a466-4934-b68f-2c666a10459c" ,
"value" : "BF474B8ACD55380B1169BB949D60E9E4"
} ,
{
"category" : "Payload delivery" ,
"comment" : "" ,
"deleted" : false ,
"disable_correlation" : true ,
"object_relation" : "original-filename" ,
"timestamp" : "1529238828" ,
"to_ids" : true ,
"type" : "filename" ,
"uuid" : "57997d2b-6f47-4175-8c8f-9b56148e70e6" ,
"value" : "BF474B8ACD55380B1169BB949D60E9E4"
} ,
{
"category" : "Other" ,
"comment" : "" ,
"deleted" : false ,
"disable_correlation" : true ,
"object_relation" : "number-sections" ,
"timestamp" : "1529238828" ,
"to_ids" : false ,
"type" : "counter" ,
"uuid" : "524ec8fd-591b-477f-9f05-b0e53f06b711" ,
"value" : "4"
}
]
} ,
{
"comment" : "" ,
"deleted" : false ,
"description" : "File object describing a file with meta-information" ,
"meta-category" : "file" ,
"name" : "file" ,
"template_uuid" : "688c46fb-5edb-40a3-8273-1af7923e2215" ,
"template_version" : "11" ,
"timestamp" : "1529238737" ,
"uuid" : "1dd9ce3a-5709-4b5b-9dd2-12d9bf32e1d0" ,
"ObjectReference" : [
{
"comment" : "" ,
"object_uuid" : "1dd9ce3a-5709-4b5b-9dd2-12d9bf32e1d0" ,
"referenced_uuid" : "fc5663b5-c080-45b4-a405-147ca8570626" ,
"relationship_type" : "included-in" ,
"timestamp" : "1529238783" ,
"uuid" : "5b2654ff-7648-46ea-8f9f-4f8f02de0b81"
} ,
{
"comment" : "" ,
"object_uuid" : "1dd9ce3a-5709-4b5b-9dd2-12d9bf32e1d0" ,
"referenced_uuid" : "c2593c36-69f5-4c43-9fcc-b335d606d569" ,
"relationship_type" : "contains" ,
"timestamp" : "1529238784" ,
"uuid" : "5b265500-947c-4aa9-9caa-451d02de0b81"
}
] ,
"Attribute" : [
{
"category" : "Payload delivery" ,
"comment" : "" ,
"deleted" : false ,
"disable_correlation" : false ,
"object_relation" : "md5" ,
"timestamp" : "1529238828" ,
"to_ids" : true ,
"type" : "md5" ,
"uuid" : "ea343cda-831e-4f8e-b00d-275ebe8a8803" ,
"value" : "bf474b8acd55380b1169bb949d60e9e4"
} ,
{
"category" : "Payload delivery" ,
"comment" : "" ,
"deleted" : false ,
"disable_correlation" : false ,
"object_relation" : "sha1" ,
"timestamp" : "1529238828" ,
"to_ids" : true ,
"type" : "sha1" ,
"uuid" : "ba250852-eed0-4450-b35e-571fef39e078" ,
"value" : "c60c18fc0226a53be15637ee3ef0b73b0dabd854"
} ,
{
"category" : "Payload delivery" ,
"comment" : "" ,
"deleted" : false ,
"disable_correlation" : false ,
"object_relation" : "sha256" ,
"timestamp" : "1529238828" ,
"to_ids" : true ,
"type" : "sha256" ,
"uuid" : "c1e69f0f-23e4-4b11-be97-66f8de6a77d9" ,
"value" : "d1d490866d4a4d29306f0d9300bffc1450c41bb8fd62371d29672bf9f747bf92"
} ,
{
"category" : "Payload delivery" ,
"comment" : "" ,
"deleted" : false ,
"disable_correlation" : false ,
"object_relation" : "sha512" ,
"timestamp" : "1529238828" ,
"to_ids" : true ,
"type" : "sha512" ,
"uuid" : "d18ffe4d-90e7-495d-8023-f2f62ac89360" ,
"value" : "46995cf3516c160d2f4fa5957c8c67df75f2768b24562b22de46a5d4ef7ba17fecaef2ad900bc6925e0c4284802864361423653154ad0622af18d049fb0419be"
} ,
{
"category" : "Payload delivery" ,
"comment" : "" ,
"deleted" : false ,
"disable_correlation" : false ,
"object_relation" : "ssdeep" ,
"timestamp" : "1529238828" ,
"to_ids" : true ,
"type" : "ssdeep" ,
"uuid" : "c5483c80-26b4-4cd9-a859-d6c445cf5244" ,
"value" : "12288:G+3/oi/EpRsV97/8Olq3p8YNk5oYEeLxCStEowZVKmZag:Gmoi/EpRsV9S3prgomLE9oVmQg"
} ,
{
"category" : "Artifacts dropped" ,
"comment" : "" ,
"deleted" : false ,
"disable_correlation" : true ,
"object_relation" : "mimetype" ,
"timestamp" : "1529238828" ,
"to_ids" : false ,
"type" : "mime-type" ,
"uuid" : "1018916d-f4eb-4327-aa75-d265e88ffb6b" ,
"value" : "PE32 executable (GUI) Intel 80386, for MS Windows"
} ,
{
"category" : "Payload delivery" ,
"comment" : "" ,
"deleted" : false ,
"disable_correlation" : true ,
"object_relation" : "filename" ,
"timestamp" : "1529238828" ,
"to_ids" : true ,
"type" : "filename" ,
"uuid" : "95e720e8-db10-44ed-a9b2-64b7a3365aeb" ,
"value" : "BF474B8ACD55380B1169BB949D60E9E4"
} ,
{
"category" : "Other" ,
"comment" : "" ,
"deleted" : false ,
"disable_correlation" : true ,
"object_relation" : "size-in-bytes" ,
"timestamp" : "1529238828" ,
"to_ids" : false ,
"type" : "size-in-bytes" ,
"uuid" : "0a0f19ff-d529-44d6-9dd6-00869cc63c09" ,
"value" : "466241"
} ,
{
"category" : "Other" ,
"comment" : "" ,
"deleted" : false ,
"disable_correlation" : true ,
"object_relation" : "entropy" ,
"timestamp" : "1529238828" ,
"to_ids" : false ,
"type" : "float" ,
"uuid" : "9367e79d-9644-4bd0-a2a3-7294d73ac040" ,
"value" : "7.760001"
}
]
} ,
{
"comment" : "" ,
"deleted" : false ,
"description" : "Object describing a section of a Portable Executable" ,
"meta-category" : "file" ,
"name" : "pe-section" ,
"template_uuid" : "198a17d2-a135-4b25-9a32-5aa4e632014a" ,
"template_version" : "2" ,
"timestamp" : "1529238737" ,
"uuid" : "05aff0ac-857c-43b1-af37-a038cca8201b" ,
"Attribute" : [
{
"category" : "Other" ,
"comment" : "" ,
"deleted" : false ,
"disable_correlation" : true ,
"object_relation" : "entropy" ,
"timestamp" : "1529238828" ,
"to_ids" : false ,
"type" : "float" ,
"uuid" : "0c04251f-92e7-4fad-aba4-1f917b2c5a41" ,
"value" : "0.769911"
} ,
{
"category" : "Payload delivery" ,
"comment" : "" ,
"deleted" : false ,
"disable_correlation" : false ,
"object_relation" : "md5" ,
"timestamp" : "1529238828" ,
"to_ids" : true ,
"type" : "md5" ,
"uuid" : "327c22ac-f353-45b7-ba68-f526a9114218" ,
"value" : "5b1f93f0412e9f1c7a7ad42d729b292b"
} ,
{
"category" : "Other" ,
"comment" : "" ,
"deleted" : false ,
"disable_correlation" : true ,
"object_relation" : "size-in-bytes" ,
"timestamp" : "1529238828" ,
"to_ids" : false ,
"type" : "size-in-bytes" ,
"uuid" : "bba942be-afa9-4b4d-b77a-ad3ca5a40a6f" ,
"value" : "4096"
}
]
} ,
{
"comment" : "" ,
"deleted" : false ,
"description" : "Object describing a section of a Portable Executable" ,
"meta-category" : "file" ,
"name" : "pe-section" ,
"template_uuid" : "198a17d2-a135-4b25-9a32-5aa4e632014a" ,
"template_version" : "2" ,
"timestamp" : "1529238737" ,
"uuid" : "7a6e023e-973d-41da-ba8d-5817f5198428" ,
"Attribute" : [
{
"category" : "Payload delivery" ,
"comment" : "" ,
"deleted" : false ,
"disable_correlation" : false ,
"object_relation" : "md5" ,
"timestamp" : "1529238828" ,
"to_ids" : true ,
"type" : "md5" ,
"uuid" : "af79506f-a8b6-4a12-8c44-795328d08ae5" ,
"value" : "e6ea312f762f4df521b229a77f186664"
} ,
{
"category" : "Other" ,
"comment" : "" ,
"deleted" : false ,
"disable_correlation" : true ,
"object_relation" : "entropy" ,
"timestamp" : "1529238828" ,
"to_ids" : false ,
"type" : "float" ,
"uuid" : "507c7d3d-1c65-4d6f-bfa5-85713a2e3c37" ,
"value" : "6.629464"
} ,
{
"category" : "Other" ,
"comment" : "" ,
"deleted" : false ,
"disable_correlation" : true ,
"object_relation" : "name" ,
"timestamp" : "1529238828" ,
"to_ids" : false ,
"type" : "text" ,
"uuid" : "336d1eba-29d1-49dd-adfd-110df231cc6a" ,
"value" : ".text"
} ,
{
"category" : "Other" ,
"comment" : "" ,
"deleted" : false ,
"disable_correlation" : true ,
"object_relation" : "size-in-bytes" ,
"timestamp" : "1529238828" ,
"to_ids" : false ,
"type" : "size-in-bytes" ,
"uuid" : "b711961d-3eb4-497a-a287-bbe5840057fe" ,
"value" : "475136"
}
]
} ,
{
"comment" : "" ,
"deleted" : false ,
"description" : "Object describing a section of a Portable Executable" ,
"meta-category" : "file" ,
"name" : "pe-section" ,
"template_uuid" : "198a17d2-a135-4b25-9a32-5aa4e632014a" ,
"template_version" : "2" ,
"timestamp" : "1529238738" ,
"uuid" : "ff32b7ff-42ae-4b3d-acff-dcd99fb25eaf" ,
"Attribute" : [
{
"category" : "Payload delivery" ,
"comment" : "" ,
"deleted" : false ,
"disable_correlation" : false ,
"object_relation" : "md5" ,
"timestamp" : "1529238828" ,
"to_ids" : true ,
"type" : "md5" ,
"uuid" : "ceeab57a-d8c4-4941-b004-7993466cf5d2" ,
"value" : "b6fa7b267ea19010d44f056ec3cca39d"
} ,
{
"category" : "Other" ,
"comment" : "" ,
"deleted" : false ,
"disable_correlation" : true ,
"object_relation" : "entropy" ,
"timestamp" : "1529238828" ,
"to_ids" : false ,
"type" : "float" ,
"uuid" : "91cf4983-ad20-4646-ad1b-a3ea701dc677" ,
"value" : "5.920344"
} ,
{
"category" : "Other" ,
"comment" : "" ,
"deleted" : false ,
"disable_correlation" : true ,
"object_relation" : "name" ,
"timestamp" : "1529238828" ,
"to_ids" : false ,
"type" : "text" ,
"uuid" : "eb4b62bb-4d86-4f6f-84f8-4059883a520f" ,
"value" : ".rdata"
} ,
{
"category" : "Other" ,
"comment" : "" ,
"deleted" : false ,
"disable_correlation" : true ,
"object_relation" : "size-in-bytes" ,
"timestamp" : "1529238828" ,
"to_ids" : false ,
"type" : "size-in-bytes" ,
"uuid" : "3f816338-d8c0-4f7f-a75a-93597a01605f" ,
"value" : "147456"
}
]
} ,
{
"comment" : "" ,
"deleted" : false ,
"description" : "Object describing a section of a Portable Executable" ,
"meta-category" : "file" ,
"name" : "pe-section" ,
"template_uuid" : "198a17d2-a135-4b25-9a32-5aa4e632014a" ,
"template_version" : "2" ,
"timestamp" : "1529238739" ,
"uuid" : "68f21999-9b07-41fc-9aac-8132f5dfb0c3" ,
"Attribute" : [
{
"category" : "Payload delivery" ,
"comment" : "" ,
"deleted" : false ,
"disable_correlation" : false ,
"object_relation" : "md5" ,
"timestamp" : "1529238828" ,
"to_ids" : true ,
"type" : "md5" ,
"uuid" : "3adf678e-7dbc-417e-89ff-556dfd83242b" ,
"value" : "1076ec3948d21da8d6c5036548880c63"
} ,
{
"category" : "Other" ,
"comment" : "" ,
"deleted" : false ,
"disable_correlation" : true ,
"object_relation" : "entropy" ,
"timestamp" : "1529238828" ,
"to_ids" : false ,
"type" : "float" ,
"uuid" : "00295843-7193-4c2f-b0b4-7b289611ad5a" ,
"value" : "4.972282"
} ,
{
"category" : "Other" ,
"comment" : "" ,
"deleted" : false ,
"disable_correlation" : true ,
"object_relation" : "name" ,
"timestamp" : "1529238828" ,
"to_ids" : false ,
"type" : "text" ,
"uuid" : "c27c2424-2ffa-4e04-9114-70e0a7b43583" ,
"value" : ".data"
} ,
{
"category" : "Other" ,
"comment" : "" ,
"deleted" : false ,
"disable_correlation" : true ,
"object_relation" : "size-in-bytes" ,
"timestamp" : "1529238828" ,
"to_ids" : false ,
"type" : "size-in-bytes" ,
"uuid" : "8bad0807-50b0-4f57-90bb-7f9768e5a8fa" ,
"value" : "77824"
}
]
} ,
{
"comment" : "" ,
"deleted" : false ,
"description" : "Object describing a section of a Portable Executable" ,
"meta-category" : "file" ,
"name" : "pe-section" ,
"template_uuid" : "198a17d2-a135-4b25-9a32-5aa4e632014a" ,
"template_version" : "2" ,
"timestamp" : "1529238739" ,
"uuid" : "a4f99cb3-f450-4b2e-8455-07dfe9e41cb0" ,
"Attribute" : [
{
"category" : "Payload delivery" ,
"comment" : "" ,
"deleted" : false ,
"disable_correlation" : false ,
"object_relation" : "md5" ,
"timestamp" : "1529238828" ,
"to_ids" : true ,
"type" : "md5" ,
"uuid" : "accf6116-8373-4ebc-8661-807d85cbac79" ,
"value" : "77c814f5856057e7a7f6237bbba51a76"
} ,
{
"category" : "Other" ,
"comment" : "" ,
"deleted" : false ,
"disable_correlation" : true ,
"object_relation" : "entropy" ,
"timestamp" : "1529238828" ,
"to_ids" : false ,
"type" : "float" ,
"uuid" : "2ac4db88-5b9b-4133-8908-d00335e8343d" ,
"value" : "7.100017"
} ,
{
"category" : "Other" ,
"comment" : "" ,
"deleted" : false ,
"disable_correlation" : true ,
"object_relation" : "name" ,
"timestamp" : "1529238828" ,
"to_ids" : false ,
"type" : "text" ,
"uuid" : "065e3253-badf-404e-b7b5-933b0bac6264" ,
"value" : ".rsrc"
} ,
{
"category" : "Other" ,
"comment" : "" ,
"deleted" : false ,
"disable_correlation" : true ,
"object_relation" : "size-in-bytes" ,
"timestamp" : "1529238828" ,
"to_ids" : false ,
"type" : "size-in-bytes" ,
"uuid" : "a12e28e9-69bb-4650-b533-3057a2e66004" ,
"value" : "32768"
}
]
} ,
{
"comment" : "" ,
"deleted" : false ,
"description" : "Object describing a section of a Portable Executable" ,
"meta-category" : "file" ,
"name" : "pe-section" ,
"template_uuid" : "198a17d2-a135-4b25-9a32-5aa4e632014a" ,
"template_version" : "2" ,
"timestamp" : "1529238740" ,
"uuid" : "9acc8d38-4f15-4bf6-9c63-71613aaebbf7" ,
"Attribute" : [
{
"category" : "Payload delivery" ,
"comment" : "" ,
"deleted" : false ,
"disable_correlation" : false ,
"object_relation" : "md5" ,
"timestamp" : "1529238828" ,
"to_ids" : true ,
"type" : "md5" ,
"uuid" : "1df50229-64fc-4e6f-abe3-8d8e86233a23" ,
"value" : "3184d0afb653bf0723cadccc14d92071"
} ,
{
"category" : "Other" ,
"comment" : "" ,
"deleted" : false ,
"disable_correlation" : true ,
"object_relation" : "entropy" ,
"timestamp" : "1529238828" ,
"to_ids" : false ,
"type" : "float" ,
"uuid" : "fcca6bfe-3cf2-42ed-aca4-f339d10970b6" ,
"value" : "5.752155"
} ,
{
"category" : "Other" ,
"comment" : "" ,
"deleted" : false ,
"disable_correlation" : true ,
"object_relation" : "name" ,
"timestamp" : "1529238828" ,
"to_ids" : false ,
"type" : "text" ,
"uuid" : "20bb5900-3e62-4064-bbab-304766550092" ,
"value" : ".reloc"
} ,
{
"category" : "Other" ,
"comment" : "" ,
"deleted" : false ,
"disable_correlation" : true ,
"object_relation" : "size-in-bytes" ,
"timestamp" : "1529238828" ,
"to_ids" : false ,
"type" : "size-in-bytes" ,
"uuid" : "84062378-d0f4-4d54-8ddc-ceca715580cf" ,
"value" : "40960"
}
]
} ,
{
"comment" : "" ,
"deleted" : false ,
"description" : "Object describing a Portable Executable" ,
"meta-category" : "file" ,
"name" : "pe" ,
"template_uuid" : "cf7adecc-d4f0-4e88-9d90-f978ee151a07" ,
"template_version" : "3" ,
"timestamp" : "1529238743" ,
"uuid" : "79461c6c-5900-4ecf-90f0-6157212636dd" ,
"ObjectReference" : [
{
"comment" : "" ,
"object_uuid" : "79461c6c-5900-4ecf-90f0-6157212636dd" ,
"referenced_uuid" : "05aff0ac-857c-43b1-af37-a038cca8201b" ,
"relationship_type" : "included-in" ,
"timestamp" : "1529238784" ,
"uuid" : "5b265500-9694-4df5-9d25-4b3a02de0b81"
} ,
{
"comment" : "" ,
"object_uuid" : "79461c6c-5900-4ecf-90f0-6157212636dd" ,
"referenced_uuid" : "7a6e023e-973d-41da-ba8d-5817f5198428" ,
"relationship_type" : "included-in" ,
"timestamp" : "1529238784" ,
"uuid" : "5b265500-20b4-48bd-a30a-4f6802de0b81"
} ,
{
"comment" : "" ,
"object_uuid" : "79461c6c-5900-4ecf-90f0-6157212636dd" ,
"referenced_uuid" : "ff32b7ff-42ae-4b3d-acff-dcd99fb25eaf" ,
"relationship_type" : "included-in" ,
"timestamp" : "1529238784" ,
"uuid" : "5b265500-042c-4b45-b70f-48d802de0b81"
} ,
{
"comment" : "" ,
"object_uuid" : "79461c6c-5900-4ecf-90f0-6157212636dd" ,
"referenced_uuid" : "68f21999-9b07-41fc-9aac-8132f5dfb0c3" ,
"relationship_type" : "included-in" ,
"timestamp" : "1529238784" ,
"uuid" : "5b265500-c838-4962-ac61-403102de0b81"
} ,
{
"comment" : "" ,
"object_uuid" : "79461c6c-5900-4ecf-90f0-6157212636dd" ,
"referenced_uuid" : "a4f99cb3-f450-4b2e-8455-07dfe9e41cb0" ,
"relationship_type" : "included-in" ,
"timestamp" : "1529238784" ,
"uuid" : "5b265500-c20c-4f70-807a-412402de0b81"
} ,
{
"comment" : "" ,
"object_uuid" : "79461c6c-5900-4ecf-90f0-6157212636dd" ,
"referenced_uuid" : "9acc8d38-4f15-4bf6-9c63-71613aaebbf7" ,
"relationship_type" : "included-in" ,
"timestamp" : "1529238784" ,
"uuid" : "5b265500-46fc-4b3c-9d59-428d02de0b81"
}
] ,
"Attribute" : [
{
"category" : "Payload delivery" ,
"comment" : "" ,
"deleted" : false ,
"disable_correlation" : true ,
"object_relation" : "internal-filename" ,
"timestamp" : "1529238828" ,
"to_ids" : true ,
"type" : "filename" ,
"uuid" : "45e7a3fe-e0b6-41c5-948e-910d8d98d69c" ,
"value" : "CA67F84D5A4AC1459934128442C53B03"
} ,
{
"category" : "Payload delivery" ,
"comment" : "" ,
"deleted" : false ,
"disable_correlation" : true ,
"object_relation" : "original-filename" ,
"timestamp" : "1529238828" ,
"to_ids" : true ,
"type" : "filename" ,
"uuid" : "e448c599-998b-4396-af07-2d890b30d172" ,
"value" : "CA67F84D5A4AC1459934128442C53B03"
} ,
{
"category" : "Other" ,
"comment" : "" ,
"deleted" : false ,
"disable_correlation" : true ,
"object_relation" : "number-sections" ,
"timestamp" : "1529238828" ,
"to_ids" : false ,
"type" : "counter" ,
"uuid" : "4739f31c-29e7-4ef5-8785-de394a9040dd" ,
"value" : "6"
}
]
} ,
{
"comment" : "" ,
"deleted" : false ,
"description" : "File object describing a file with meta-information" ,
"meta-category" : "file" ,
"name" : "file" ,
"template_uuid" : "688c46fb-5edb-40a3-8273-1af7923e2215" ,
"template_version" : "11" ,
"timestamp" : "1529238743" ,
"uuid" : "c2593c36-69f5-4c43-9fcc-b335d606d569" ,
"ObjectReference" : [
{
"comment" : "" ,
"object_uuid" : "c2593c36-69f5-4c43-9fcc-b335d606d569" ,
"referenced_uuid" : "79461c6c-5900-4ecf-90f0-6157212636dd" ,
"relationship_type" : "included-in" ,
"timestamp" : "1529238785" ,
"uuid" : "5b265501-1304-4879-9968-47ee02de0b81"
} ,
{
"comment" : "" ,
"object_uuid" : "c2593c36-69f5-4c43-9fcc-b335d606d569" ,
"referenced_uuid" : "1dd9ce3a-5709-4b5b-9dd2-12d9bf32e1d0" ,
"relationship_type" : "contained-within" ,
"timestamp" : "1529238785" ,
"uuid" : "5b265501-fbb0-408a-b372-4d7e02de0b81"
}
] ,
"Attribute" : [
{
"category" : "Payload delivery" ,
"comment" : "" ,
"deleted" : false ,
"disable_correlation" : false ,
"object_relation" : "md5" ,
"timestamp" : "1529238828" ,
"to_ids" : true ,
"type" : "md5" ,
"uuid" : "b9253658-45ec-4a14-99b7-42212592d744" ,
"value" : "ca67f84d5a4ac1459934128442c53b03"
} ,
{
"category" : "Payload delivery" ,
"comment" : "" ,
"deleted" : false ,
"disable_correlation" : false ,
"object_relation" : "sha1" ,
"timestamp" : "1529238828" ,
"to_ids" : true ,
"type" : "sha1" ,
"uuid" : "8f6c4a75-cb22-4057-a46e-c5d7542db51e" ,
"value" : "f4eb6a50c60320edafb3e48c612c6a55560d0684"
} ,
{
"category" : "Payload delivery" ,
"comment" : "" ,
"deleted" : false ,
"disable_correlation" : false ,
"object_relation" : "sha256" ,
"timestamp" : "1529238828" ,
"to_ids" : true ,
"type" : "sha256" ,
"uuid" : "50a387ea-c3e9-488f-ac20-3ba39606c17e" ,
"value" : "40ef57ca2a617f5d24ac624339ba2027b6cf301c28684bf8b2075fc7a2e95116"
} ,
{
"category" : "Payload delivery" ,
"comment" : "" ,
"deleted" : false ,
"disable_correlation" : false ,
"object_relation" : "sha512" ,
"timestamp" : "1529238828" ,
"to_ids" : true ,
"type" : "sha512" ,
"uuid" : "baac6d7b-f03d-4eee-9971-da4878de311e" ,
"value" : "4695cf69e2ae52fc94eab31cbc3bb846022a3e1516d9bc293118f674ea1eb86468cff0a4c0dee8dff8a2d545df153116e8d86669513426e1b32a205041339e45"
} ,
{
"category" : "Payload delivery" ,
"comment" : "" ,
"deleted" : false ,
"disable_correlation" : false ,
"object_relation" : "ssdeep" ,
"timestamp" : "1529238828" ,
"to_ids" : true ,
"type" : "ssdeep" ,
"uuid" : "1f47038d-fc6e-4a8f-b5d8-b5981d10e074" ,
"value" : "12288:drrF4D0d2QKPIyWE8QPnWnGHiS2VcL2ZotSNfpV532/dlZ:x6IGnWntQ2ZvfpvmdlZ"
} ,
{
"category" : "Artifacts dropped" ,
"comment" : "" ,
"deleted" : false ,
"disable_correlation" : true ,
"object_relation" : "mimetype" ,
"timestamp" : "1529238828" ,
"to_ids" : false ,
"type" : "mime-type" ,
"uuid" : "08e1cc2c-21a9-42a0-9f08-cc2b393e5d5a" ,
"value" : "PE32 executable (DLL) (GUI) Intel 80386, for MS Windows"
} ,
{
"category" : "Payload delivery" ,
"comment" : "" ,
"deleted" : false ,
"disable_correlation" : true ,
"object_relation" : "filename" ,
"timestamp" : "1529238828" ,
"to_ids" : true ,
"type" : "filename" ,
"uuid" : "df80eee9-b0d0-440d-952e-107448175d89" ,
"value" : "CA67F84D5A4AC1459934128442C53B03"
} ,
{
"category" : "Other" ,
"comment" : "" ,
"deleted" : false ,
"disable_correlation" : true ,
"object_relation" : "size-in-bytes" ,
"timestamp" : "1529238828" ,
"to_ids" : false ,
"type" : "size-in-bytes" ,
"uuid" : "0443a8c0-bf07-4eb8-a852-f24190e6712c" ,
"value" : "778240"
} ,
{
"category" : "Other" ,
"comment" : "" ,
"deleted" : false ,
"disable_correlation" : true ,
"object_relation" : "entropy" ,
"timestamp" : "1529238828" ,
"to_ids" : false ,
"type" : "float" ,
"uuid" : "2450f4a9-2837-4ad0-b93c-b294385d6355" ,
"value" : "6.710797"
}
]
} ,
{
"comment" : "" ,
"deleted" : false ,
"description" : "Object describing a section of a Portable Executable" ,
"meta-category" : "file" ,
"name" : "pe-section" ,
"template_uuid" : "198a17d2-a135-4b25-9a32-5aa4e632014a" ,
"template_version" : "2" ,
"timestamp" : "1529238743" ,
"uuid" : "b6cd05be-e718-4b54-a890-ed1dd88697cb" ,
"Attribute" : [
{
"category" : "Other" ,
"comment" : "" ,
"deleted" : false ,
"disable_correlation" : true ,
"object_relation" : "entropy" ,
"timestamp" : "1529238828" ,
"to_ids" : false ,
"type" : "float" ,
"uuid" : "cab440f5-5b76-4fcd-99e1-a4a96ec614e1" ,
"value" : "2.821047"
} ,
{
"category" : "Payload delivery" ,
"comment" : "" ,
"deleted" : false ,
"disable_correlation" : false ,
"object_relation" : "md5" ,
"timestamp" : "1529238828" ,
"to_ids" : true ,
"type" : "md5" ,
"uuid" : "346cccc4-2114-4c16-8089-271a5e2e6e5a" ,
"value" : "24baa03194bc78f0184ea606128bc80f"
} ,
{
"category" : "Other" ,
"comment" : "" ,
"deleted" : false ,
"disable_correlation" : true ,
"object_relation" : "size-in-bytes" ,
"timestamp" : "1529238828" ,
"to_ids" : false ,
"type" : "size-in-bytes" ,
"uuid" : "3e562b0c-d7ce-4a70-9447-5f65a1fba640" ,
"value" : "1024"
}
]
} ,
{
"comment" : "" ,
"deleted" : false ,
"description" : "Object describing a section of a Portable Executable" ,
"meta-category" : "file" ,
"name" : "pe-section" ,
"template_uuid" : "198a17d2-a135-4b25-9a32-5aa4e632014a" ,
"template_version" : "2" ,
"timestamp" : "1529238744" ,
"uuid" : "83c72de8-db0e-4c7d-8ea1-3236b485a86f" ,
"Attribute" : [
{
"category" : "Payload delivery" ,
"comment" : "" ,
"deleted" : false ,
"disable_correlation" : false ,
"object_relation" : "md5" ,
"timestamp" : "1529238828" ,
"to_ids" : true ,
"type" : "md5" ,
"uuid" : "4d4455d3-fff7-4faa-a28f-3e1ac431e365" ,
"value" : "170ce86f9a7ffcd242f3903fafe1f302"
} ,
{
"category" : "Other" ,
"comment" : "" ,
"deleted" : false ,
"disable_correlation" : true ,
"object_relation" : "entropy" ,
"timestamp" : "1529238828" ,
"to_ids" : false ,
"type" : "float" ,
"uuid" : "60bb821b-a3da-4be5-8c23-1c094f4a51e2" ,
"value" : "6.433615"
} ,
{
"category" : "Other" ,
"comment" : "" ,
"deleted" : false ,
"disable_correlation" : true ,
"object_relation" : "name" ,
"timestamp" : "1529238828" ,
"to_ids" : false ,
"type" : "text" ,
"uuid" : "a8db3e4f-e864-4379-8286-8c775519f5eb" ,
"value" : ".text"
} ,
{
"category" : "Other" ,
"comment" : "" ,
"deleted" : false ,
"disable_correlation" : true ,
"object_relation" : "size-in-bytes" ,
"timestamp" : "1529238828" ,
"to_ids" : false ,
"type" : "size-in-bytes" ,
"uuid" : "8cb59a2e-6282-4723-a82b-83abab0443b3" ,
"value" : "57856"
}
]
} ,
{
"comment" : "" ,
"deleted" : false ,
"description" : "Object describing a section of a Portable Executable" ,
"meta-category" : "file" ,
"name" : "pe-section" ,
"template_uuid" : "198a17d2-a135-4b25-9a32-5aa4e632014a" ,
"template_version" : "2" ,
"timestamp" : "1529238744" ,
"uuid" : "014c32e7-b639-4a57-a5fb-18309fec2133" ,
"Attribute" : [
{
"category" : "Payload delivery" ,
"comment" : "" ,
"deleted" : false ,
"disable_correlation" : false ,
"object_relation" : "md5" ,
"timestamp" : "1529238828" ,
"to_ids" : true ,
"type" : "md5" ,
"uuid" : "991a8ecd-cbc5-4263-85e5-df75954ac8ea" ,
"value" : "33b066692952c4534ebf0a56ca293085"
} ,
{
"category" : "Other" ,
"comment" : "" ,
"deleted" : false ,
"disable_correlation" : true ,
"object_relation" : "entropy" ,
"timestamp" : "1529238828" ,
"to_ids" : false ,
"type" : "float" ,
"uuid" : "5b93c1ad-3305-404c-a78e-9f8710982bb7" ,
"value" : "5.09521"
} ,
{
"category" : "Other" ,
"comment" : "" ,
"deleted" : false ,
"disable_correlation" : true ,
"object_relation" : "name" ,
"timestamp" : "1529238828" ,
"to_ids" : false ,
"type" : "text" ,
"uuid" : "d3bc8e77-9d1c-46a3-9842-27e9f6a5e750" ,
"value" : ".rdata"
} ,
{
"category" : "Other" ,
"comment" : "" ,
"deleted" : false ,
"disable_correlation" : true ,
"object_relation" : "size-in-bytes" ,
"timestamp" : "1529238828" ,
"to_ids" : false ,
"type" : "size-in-bytes" ,
"uuid" : "ddc25d67-c2e0-42ea-ad82-27bcba32aad5" ,
"value" : "37888"
}
]
} ,
{
"comment" : "" ,
"deleted" : false ,
"description" : "Object describing a section of a Portable Executable" ,
"meta-category" : "file" ,
"name" : "pe-section" ,
"template_uuid" : "198a17d2-a135-4b25-9a32-5aa4e632014a" ,
"template_version" : "2" ,
"timestamp" : "1529238745" ,
"uuid" : "b25804d1-5a0a-42f2-b5ad-0c01925ca1c7" ,
"Attribute" : [
{
"category" : "Payload delivery" ,
"comment" : "" ,
"deleted" : false ,
"disable_correlation" : false ,
"object_relation" : "md5" ,
"timestamp" : "1529238828" ,
"to_ids" : true ,
"type" : "md5" ,
"uuid" : "30b303bd-0864-4f31-9ba4-00d3a3a5bf45" ,
"value" : "b4eed5366c4254a3c7f6c2f021c29efe"
} ,
{
"category" : "Other" ,
"comment" : "" ,
"deleted" : false ,
"disable_correlation" : true ,
"object_relation" : "entropy" ,
"timestamp" : "1529238828" ,
"to_ids" : false ,
"type" : "float" ,
"uuid" : "8efc483e-7488-4dd0-9ad5-f8ad4434e6e5" ,
"value" : "4.916035"
} ,
{
"category" : "Other" ,
"comment" : "" ,
"deleted" : false ,
"disable_correlation" : true ,
"object_relation" : "name" ,
"timestamp" : "1529238828" ,
"to_ids" : false ,
"type" : "text" ,
"uuid" : "b1bd7dcf-9be7-4127-b059-558a181b6431" ,
"value" : ".data"
} ,
{
"category" : "Other" ,
"comment" : "" ,
"deleted" : false ,
"disable_correlation" : true ,
"object_relation" : "size-in-bytes" ,
"timestamp" : "1529238828" ,
"to_ids" : false ,
"type" : "size-in-bytes" ,
"uuid" : "85b3c918-f450-456b-9df8-92a8133524c0" ,
"value" : "156160"
}
]
} ,
{
"comment" : "" ,
"deleted" : false ,
"description" : "Object describing a section of a Portable Executable" ,
"meta-category" : "file" ,
"name" : "pe-section" ,
"template_uuid" : "198a17d2-a135-4b25-9a32-5aa4e632014a" ,
"template_version" : "2" ,
"timestamp" : "1529238745" ,
"uuid" : "b31db49a-0a64-46f6-bf92-7d6d35eb8dfb" ,
"Attribute" : [
{
"category" : "Payload delivery" ,
"comment" : "" ,
"deleted" : false ,
"disable_correlation" : false ,
"object_relation" : "md5" ,
"timestamp" : "1529238828" ,
"to_ids" : true ,
"type" : "md5" ,
"uuid" : "b87f4901-64e2-46ca-8cf1-6dc07af84bff" ,
"value" : "3ad7431aaa87a1e6b6400ca9b273d98a"
} ,
{
"category" : "Other" ,
"comment" : "" ,
"deleted" : false ,
"disable_correlation" : true ,
"object_relation" : "entropy" ,
"timestamp" : "1529238828" ,
"to_ids" : false ,
"type" : "float" ,
"uuid" : "6b0528a6-dc12-4d23-9523-441232dd81e6" ,
"value" : "4.579212"
} ,
{
"category" : "Other" ,
"comment" : "" ,
"deleted" : false ,
"disable_correlation" : true ,
"object_relation" : "name" ,
"timestamp" : "1529238828" ,
"to_ids" : false ,
"type" : "text" ,
"uuid" : "cfd48a77-00cf-4ac1-8c25-7cf9b151d62b" ,
"value" : ".pdata"
} ,
{
"category" : "Other" ,
"comment" : "" ,
"deleted" : false ,
"disable_correlation" : true ,
"object_relation" : "size-in-bytes" ,
"timestamp" : "1529238828" ,
"to_ids" : false ,
"type" : "size-in-bytes" ,
"uuid" : "df3f5ac6-9f80-4dc4-802f-6b0c25ee2d3b" ,
"value" : "4096"
}
]
} ,
{
"comment" : "" ,
"deleted" : false ,
"description" : "Object describing a section of a Portable Executable" ,
"meta-category" : "file" ,
"name" : "pe-section" ,
"template_uuid" : "198a17d2-a135-4b25-9a32-5aa4e632014a" ,
"template_version" : "2" ,
"timestamp" : "1529238746" ,
"uuid" : "2fbfd808-3ed1-4578-8a89-e0aa5d57a8b6" ,
"Attribute" : [
{
"category" : "Payload delivery" ,
"comment" : "" ,
"deleted" : false ,
"disable_correlation" : false ,
"object_relation" : "md5" ,
"timestamp" : "1529238828" ,
"to_ids" : true ,
"type" : "md5" ,
"uuid" : "d43773fe-6170-4988-a5ab-e0089a29ef6e" ,
"value" : "c23d2715b42b072fcf86b2aa58807b56"
} ,
{
"category" : "Other" ,
"comment" : "" ,
"deleted" : false ,
"disable_correlation" : true ,
"object_relation" : "entropy" ,
"timestamp" : "1529238828" ,
"to_ids" : false ,
"type" : "float" ,
"uuid" : "80e3e91c-1b9d-4b82-88eb-881911fcb876" ,
"value" : "4.714485"
} ,
{
"category" : "Other" ,
"comment" : "" ,
"deleted" : false ,
"disable_correlation" : true ,
"object_relation" : "name" ,
"timestamp" : "1529238828" ,
"to_ids" : false ,
"type" : "text" ,
"uuid" : "9143f7c7-cd51-494a-9310-ec97904e65f0" ,
"value" : ".rsrc"
} ,
{
"category" : "Other" ,
"comment" : "" ,
"deleted" : false ,
"disable_correlation" : true ,
"object_relation" : "size-in-bytes" ,
"timestamp" : "1529238828" ,
"to_ids" : false ,
"type" : "size-in-bytes" ,
"uuid" : "73b708ac-40ff-4625-bc96-0c88f1e79986" ,
"value" : "512"
}
]
} ,
{
"comment" : "" ,
"deleted" : false ,
"description" : "Object describing a section of a Portable Executable" ,
"meta-category" : "file" ,
"name" : "pe-section" ,
"template_uuid" : "198a17d2-a135-4b25-9a32-5aa4e632014a" ,
"template_version" : "2" ,
"timestamp" : "1529238746" ,
"uuid" : "9a97fc45-451c-4aee-8940-4a554ebf286f" ,
"Attribute" : [
{
"category" : "Payload delivery" ,
"comment" : "" ,
"deleted" : false ,
"disable_correlation" : false ,
"object_relation" : "md5" ,
"timestamp" : "1529238828" ,
"to_ids" : true ,
"type" : "md5" ,
"uuid" : "385f884a-25f5-4950-88c4-f52210c34aba" ,
"value" : "ad711ec082866631d620286bb36fdb72"
} ,
{
"category" : "Other" ,
"comment" : "" ,
"deleted" : false ,
"disable_correlation" : true ,
"object_relation" : "entropy" ,
"timestamp" : "1529238828" ,
"to_ids" : false ,
"type" : "float" ,
"uuid" : "4a70cc12-33d8-4cc4-98d4-28046dd05380" ,
"value" : "4.752156"
} ,
{
"category" : "Other" ,
"comment" : "" ,
"deleted" : false ,
"disable_correlation" : true ,
"object_relation" : "name" ,
"timestamp" : "1529238828" ,
"to_ids" : false ,
"type" : "text" ,
"uuid" : "83aa42d4-17a8-452c-8a7f-300c6981c0da" ,
"value" : ".reloc"
} ,
{
"category" : "Other" ,
"comment" : "" ,
"deleted" : false ,
"disable_correlation" : true ,
"object_relation" : "size-in-bytes" ,
"timestamp" : "1529238828" ,
"to_ids" : false ,
"type" : "size-in-bytes" ,
"uuid" : "05c7cb56-ea7e-4ec5-9aeb-d04245e98199" ,
"value" : "2048"
}
]
} ,
{
"comment" : "" ,
"deleted" : false ,
"description" : "Object describing a Portable Executable" ,
"meta-category" : "file" ,
"name" : "pe" ,
"template_uuid" : "cf7adecc-d4f0-4e88-9d90-f978ee151a07" ,
"template_version" : "3" ,
"timestamp" : "1529238750" ,
"uuid" : "206825c8-1f31-4ae3-be07-5cb1b63e98a1" ,
"ObjectReference" : [
{
"comment" : "" ,
"object_uuid" : "206825c8-1f31-4ae3-be07-5cb1b63e98a1" ,
"referenced_uuid" : "b6cd05be-e718-4b54-a890-ed1dd88697cb" ,
"relationship_type" : "included-in" ,
"timestamp" : "1529238785" ,
"uuid" : "5b265501-7528-4b33-a0a1-432e02de0b81"
} ,
{
"comment" : "" ,
"object_uuid" : "206825c8-1f31-4ae3-be07-5cb1b63e98a1" ,
"referenced_uuid" : "83c72de8-db0e-4c7d-8ea1-3236b485a86f" ,
"relationship_type" : "included-in" ,
"timestamp" : "1529238785" ,
"uuid" : "5b265501-0228-4278-a980-4d2b02de0b81"
} ,
{
"comment" : "" ,
"object_uuid" : "206825c8-1f31-4ae3-be07-5cb1b63e98a1" ,
"referenced_uuid" : "014c32e7-b639-4a57-a5fb-18309fec2133" ,
"relationship_type" : "included-in" ,
"timestamp" : "1529238785" ,
"uuid" : "5b265501-3c58-44ae-a638-4a7d02de0b81"
} ,
{
"comment" : "" ,
"object_uuid" : "206825c8-1f31-4ae3-be07-5cb1b63e98a1" ,
"referenced_uuid" : "b25804d1-5a0a-42f2-b5ad-0c01925ca1c7" ,
"relationship_type" : "included-in" ,
"timestamp" : "1529238785" ,
"uuid" : "5b265501-4720-44ec-8b6b-42ad02de0b81"
} ,
{
"comment" : "" ,
"object_uuid" : "206825c8-1f31-4ae3-be07-5cb1b63e98a1" ,
"referenced_uuid" : "b31db49a-0a64-46f6-bf92-7d6d35eb8dfb" ,
"relationship_type" : "included-in" ,
"timestamp" : "1529238785" ,
"uuid" : "5b265501-a6d4-4a61-9481-457f02de0b81"
} ,
{
"comment" : "" ,
"object_uuid" : "206825c8-1f31-4ae3-be07-5cb1b63e98a1" ,
"referenced_uuid" : "2fbfd808-3ed1-4578-8a89-e0aa5d57a8b6" ,
"relationship_type" : "included-in" ,
"timestamp" : "1529238785" ,
"uuid" : "5b265501-a754-4867-814c-4eea02de0b81"
} ,
{
"comment" : "" ,
"object_uuid" : "206825c8-1f31-4ae3-be07-5cb1b63e98a1" ,
"referenced_uuid" : "9a97fc45-451c-4aee-8940-4a554ebf286f" ,
"relationship_type" : "included-in" ,
"timestamp" : "1529238785" ,
"uuid" : "5b265501-2fa4-468a-97c1-493902de0b81"
}
] ,
"Attribute" : [
{
"category" : "Payload delivery" ,
"comment" : "" ,
"deleted" : false ,
"disable_correlation" : true ,
"object_relation" : "internal-filename" ,
"timestamp" : "1529238828" ,
"to_ids" : true ,
"type" : "filename" ,
"uuid" : "188dde4a-0525-4be5-8a37-a2af46f37b78" ,
"value" : "6AB301FC3296E1CEB140BF5D294894C5"
} ,
{
"category" : "Payload delivery" ,
"comment" : "" ,
"deleted" : false ,
"disable_correlation" : true ,
"object_relation" : "original-filename" ,
"timestamp" : "1529238828" ,
"to_ids" : true ,
"type" : "filename" ,
"uuid" : "a96b8feb-39a4-45d4-b5c5-e1305ef89187" ,
"value" : "6AB301FC3296E1CEB140BF5D294894C5"
} ,
{
"category" : "Other" ,
"comment" : "" ,
"deleted" : false ,
"disable_correlation" : true ,
"object_relation" : "number-sections" ,
"timestamp" : "1529238828" ,
"to_ids" : false ,
"type" : "counter" ,
"uuid" : "f39a785d-ee57-4546-8dbd-b14a09915104" ,
"value" : "7"
}
]
} ,
{
"comment" : "" ,
"deleted" : false ,
"description" : "File object describing a file with meta-information" ,
"meta-category" : "file" ,
"name" : "file" ,
"template_uuid" : "688c46fb-5edb-40a3-8273-1af7923e2215" ,
"template_version" : "11" ,
"timestamp" : "1529238750" ,
"uuid" : "35046b12-4171-4598-ab66-f6c536f03862" ,
"ObjectReference" : [
{
"comment" : "" ,
"object_uuid" : "35046b12-4171-4598-ab66-f6c536f03862" ,
"referenced_uuid" : "206825c8-1f31-4ae3-be07-5cb1b63e98a1" ,
"relationship_type" : "included-in" ,
"timestamp" : "1529238785" ,
"uuid" : "5b265501-98c4-4842-a370-442102de0b81"
} ,
{
"comment" : "" ,
"object_uuid" : "35046b12-4171-4598-ab66-f6c536f03862" ,
"referenced_uuid" : "36c77c19-8523-4fc0-b1c7-a37fc417137f" ,
"relationship_type" : "contains" ,
"timestamp" : "1529238785" ,
"uuid" : "5b265501-1fa0-45a4-8a23-4df502de0b81"
}
] ,
"Attribute" : [
{
"category" : "Payload delivery" ,
"comment" : "" ,
"deleted" : false ,
"disable_correlation" : false ,
"object_relation" : "md5" ,
"timestamp" : "1529238828" ,
"to_ids" : true ,
"type" : "md5" ,
"uuid" : "6ba8ff80-bf17-4445-a501-f4a5418aca1e" ,
"value" : "6ab301fc3296e1ceb140bf5d294894c5"
} ,
{
"category" : "Payload delivery" ,
"comment" : "" ,
"deleted" : false ,
"disable_correlation" : false ,
"object_relation" : "sha1" ,
"timestamp" : "1529238828" ,
"to_ids" : true ,
"type" : "sha1" ,
"uuid" : "e685bcbd-4a12-4bca-ad3b-6c1b1d63a33a" ,
"value" : "8d62498656db928f987b47bdbcfab5d6032be48a"
} ,
{
"category" : "Payload delivery" ,
"comment" : "" ,
"deleted" : false ,
"disable_correlation" : false ,
"object_relation" : "sha256" ,
"timestamp" : "1529238828" ,
"to_ids" : true ,
"type" : "sha256" ,
"uuid" : "20823d82-8cc7-457a-b609-49ee6d5679eb" ,
"value" : "546dbd370a40c8e46f9b599a414f25000eec5ae6b3e046a035fe6e6cd5d874e1"
} ,
{
"category" : "Payload delivery" ,
"comment" : "" ,
"deleted" : false ,
"disable_correlation" : false ,
"object_relation" : "sha512" ,
"timestamp" : "1529238828" ,
"to_ids" : true ,
"type" : "sha512" ,
"uuid" : "b19e1b98-f097-4af9-8aca-ff3b88c7ebf9" ,
"value" : "3abd7a690d821ace78d8f5e2394f0922308963c7ba8ee63661e9cdb2e36fe8353904346b4b0457c6ace3071505533187d62a41d47473a6a9680cab7fca209ceb"
} ,
{
"category" : "Payload delivery" ,
"comment" : "" ,
"deleted" : false ,
"disable_correlation" : false ,
"object_relation" : "ssdeep" ,
"timestamp" : "1529238828" ,
"to_ids" : true ,
"type" : "ssdeep" ,
"uuid" : "b801101c-7542-42f6-a001-90b1f4be8336" ,
"value" : "3072:JdHh7xVwMPRTxXX0bqkmvA7XKmJLiSi3Ix1DKXrlTNEsuFFCeojbmUkGVcNP+:17xVrxxn0PrWiv8hLnS+"
} ,
{
"category" : "Artifacts dropped" ,
"comment" : "" ,
"deleted" : false ,
"disable_correlation" : true ,
"object_relation" : "mimetype" ,
"timestamp" : "1529238828" ,
"to_ids" : false ,
"type" : "mime-type" ,
"uuid" : "f54d4c27-1d93-4bf4-9bc4-a20e43f4060a" ,
"value" : "PE32+ executable (DLL) (GUI) x86-64, for MS Windows"
} ,
{
"category" : "Payload delivery" ,
"comment" : "" ,
"deleted" : false ,
"disable_correlation" : true ,
"object_relation" : "filename" ,
"timestamp" : "1529238828" ,
"to_ids" : true ,
"type" : "filename" ,
"uuid" : "aa76f829-41cf-4010-a72b-a478b289b38e" ,
"value" : "6AB301FC3296E1CEB140BF5D294894C5"
} ,
{
"category" : "Other" ,
"comment" : "" ,
"deleted" : false ,
"disable_correlation" : true ,
"object_relation" : "size-in-bytes" ,
"timestamp" : "1529238828" ,
"to_ids" : false ,
"type" : "size-in-bytes" ,
"uuid" : "4f9e7ebc-8d9a-42f8-86a0-d95e4d2a0172" ,
"value" : "259584"
} ,
{
"category" : "Other" ,
"comment" : "" ,
"deleted" : false ,
"disable_correlation" : true ,
"object_relation" : "entropy" ,
"timestamp" : "1529238828" ,
"to_ids" : false ,
"type" : "float" ,
"uuid" : "b930b13a-fb5e-40b4-8f95-c327d2303952" ,
"value" : "5.918488"
}
]
} ,
{
"comment" : "" ,
"deleted" : false ,
"description" : "Object describing a section of a Portable Executable" ,
"meta-category" : "file" ,
"name" : "pe-section" ,
"template_uuid" : "198a17d2-a135-4b25-9a32-5aa4e632014a" ,
"template_version" : "2" ,
"timestamp" : "1529238749" ,
"uuid" : "1d79df64-ad7a-4189-a107-1d2f27e8202c" ,
"Attribute" : [
{
"category" : "Other" ,
"comment" : "" ,
"deleted" : false ,
"disable_correlation" : true ,
"object_relation" : "entropy" ,
"timestamp" : "1529238828" ,
"to_ids" : false ,
"type" : "float" ,
"uuid" : "cf335a8c-65a1-4861-87aa-0dc50c6b92e1" ,
"value" : "0.68996"
} ,
{
"category" : "Payload delivery" ,
"comment" : "" ,
"deleted" : false ,
"disable_correlation" : false ,
"object_relation" : "md5" ,
"timestamp" : "1529238828" ,
"to_ids" : true ,
"type" : "md5" ,
"uuid" : "be0e5848-f63f-4a60-b44e-88e691a579e2" ,
"value" : "81c12eb5fc3cbdd06675cd1097363a40"
} ,
{
"category" : "Other" ,
"comment" : "" ,
"deleted" : false ,
"disable_correlation" : true ,
"object_relation" : "size-in-bytes" ,
"timestamp" : "1529238828" ,
"to_ids" : false ,
"type" : "size-in-bytes" ,
"uuid" : "e44574c6-ce7c-4e80-a945-2d93826c6c43" ,
"value" : "4096"
}
]
} ,
{
"comment" : "" ,
"deleted" : false ,
"description" : "Object describing a section of a Portable Executable" ,
"meta-category" : "file" ,
"name" : "pe-section" ,
"template_uuid" : "198a17d2-a135-4b25-9a32-5aa4e632014a" ,
"template_version" : "2" ,
"timestamp" : "1529238750" ,
"uuid" : "b4d6cf82-abf9-40ea-8adf-884cac0b7dca" ,
"Attribute" : [
{
"category" : "Payload delivery" ,
"comment" : "" ,
"deleted" : false ,
"disable_correlation" : false ,
"object_relation" : "md5" ,
"timestamp" : "1529238828" ,
"to_ids" : true ,
"type" : "md5" ,
"uuid" : "8193f910-b6a6-4882-b2db-8953d9005fbc" ,
"value" : "2539474aa6202371abd37a4d66031955"
} ,
{
"category" : "Other" ,
"comment" : "" ,
"deleted" : false ,
"disable_correlation" : true ,
"object_relation" : "entropy" ,
"timestamp" : "1529238828" ,
"to_ids" : false ,
"type" : "float" ,
"uuid" : "a64b04be-5226-480a-bfd6-533d4351210a" ,
"value" : "6.641666"
} ,
{
"category" : "Other" ,
"comment" : "" ,
"deleted" : false ,
"disable_correlation" : true ,
"object_relation" : "name" ,
"timestamp" : "1529238828" ,
"to_ids" : false ,
"type" : "text" ,
"uuid" : "82d7de21-f2e6-4063-8d5b-7706e21afb07" ,
"value" : ".text"
} ,
{
"category" : "Other" ,
"comment" : "" ,
"deleted" : false ,
"disable_correlation" : true ,
"object_relation" : "size-in-bytes" ,
"timestamp" : "1529238828" ,
"to_ids" : false ,
"type" : "size-in-bytes" ,
"uuid" : "cd2231da-2e2b-4e4e-a97f-3f282001bf7a" ,
"value" : "86016"
}
]
} ,
{
"comment" : "" ,
"deleted" : false ,
"description" : "Object describing a section of a Portable Executable" ,
"meta-category" : "file" ,
"name" : "pe-section" ,
"template_uuid" : "198a17d2-a135-4b25-9a32-5aa4e632014a" ,
"template_version" : "2" ,
"timestamp" : "1529238750" ,
"uuid" : "1b2178c0-7302-4bf6-a196-e7088086d1e7" ,
"Attribute" : [
{
"category" : "Payload delivery" ,
"comment" : "" ,
"deleted" : false ,
"disable_correlation" : false ,
"object_relation" : "md5" ,
"timestamp" : "1529238828" ,
"to_ids" : true ,
"type" : "md5" ,
"uuid" : "5a312721-fd48-476c-9654-e8e41472f1c4" ,
"value" : "b97c14b801643b3a61ea28266f3f71b1"
} ,
{
"category" : "Other" ,
"comment" : "" ,
"deleted" : false ,
"disable_correlation" : true ,
"object_relation" : "entropy" ,
"timestamp" : "1529238828" ,
"to_ids" : false ,
"type" : "float" ,
"uuid" : "b74266f1-cd11-4044-8312-00950e9ee312" ,
"value" : "4.735406"
} ,
{
"category" : "Other" ,
"comment" : "" ,
"deleted" : false ,
"disable_correlation" : true ,
"object_relation" : "name" ,
"timestamp" : "1529238828" ,
"to_ids" : false ,
"type" : "text" ,
"uuid" : "875163fd-907d-4d52-a24d-02644bde7c9d" ,
"value" : ".rdata"
} ,
{
"category" : "Other" ,
"comment" : "" ,
"deleted" : false ,
"disable_correlation" : true ,
"object_relation" : "size-in-bytes" ,
"timestamp" : "1529238828" ,
"to_ids" : false ,
"type" : "size-in-bytes" ,
"uuid" : "10bb4ac1-f150-47c4-8ded-aa009ede3f86" ,
"value" : "8192"
}
]
} ,
{
"comment" : "" ,
"deleted" : false ,
"description" : "Object describing a section of a Portable Executable" ,
"meta-category" : "file" ,
"name" : "pe-section" ,
"template_uuid" : "198a17d2-a135-4b25-9a32-5aa4e632014a" ,
"template_version" : "2" ,
"timestamp" : "1529238751" ,
"uuid" : "f6bf304a-cd3f-4bf4-8731-e4ad2e85c5c6" ,
"Attribute" : [
{
"category" : "Payload delivery" ,
"comment" : "" ,
"deleted" : false ,
"disable_correlation" : false ,
"object_relation" : "md5" ,
"timestamp" : "1529238828" ,
"to_ids" : true ,
"type" : "md5" ,
"uuid" : "8f75c9c7-80a2-41fa-b5ab-8735956638d2" ,
"value" : "48eb8a67d4fd42ea24da9dc9029cb101"
} ,
{
"category" : "Other" ,
"comment" : "" ,
"deleted" : false ,
"disable_correlation" : true ,
"object_relation" : "entropy" ,
"timestamp" : "1529238828" ,
"to_ids" : false ,
"type" : "float" ,
"uuid" : "15bc8756-8f47-494f-840b-861e802a419b" ,
"value" : "1.857068"
} ,
{
"category" : "Other" ,
"comment" : "" ,
"deleted" : false ,
"disable_correlation" : true ,
"object_relation" : "name" ,
"timestamp" : "1529238828" ,
"to_ids" : false ,
"type" : "text" ,
"uuid" : "ee33eb1b-d468-4e3e-9864-f0be95463ee9" ,
"value" : ".data"
} ,
{
"category" : "Other" ,
"comment" : "" ,
"deleted" : false ,
"disable_correlation" : true ,
"object_relation" : "size-in-bytes" ,
"timestamp" : "1529238828" ,
"to_ids" : false ,
"type" : "size-in-bytes" ,
"uuid" : "14303c6c-455c-4e90-acf1-bd235be80e5e" ,
"value" : "16384"
}
]
} ,
{
"comment" : "" ,
"deleted" : false ,
"description" : "Object describing a section of a Portable Executable" ,
"meta-category" : "file" ,
"name" : "pe-section" ,
"template_uuid" : "198a17d2-a135-4b25-9a32-5aa4e632014a" ,
"template_version" : "2" ,
"timestamp" : "1529238751" ,
"uuid" : "245d12e0-fda7-41de-935c-5fc5208ea77a" ,
"Attribute" : [
{
"category" : "Payload delivery" ,
"comment" : "" ,
"deleted" : false ,
"disable_correlation" : false ,
"object_relation" : "md5" ,
"timestamp" : "1529238828" ,
"to_ids" : true ,
"type" : "md5" ,
"uuid" : "9382818d-b836-4bce-be05-0dc121894ce4" ,
"value" : "c139ac9cb34e0620a10c15e5d42b85d2"
} ,
{
"category" : "Other" ,
"comment" : "" ,
"deleted" : false ,
"disable_correlation" : true ,
"object_relation" : "entropy" ,
"timestamp" : "1529238828" ,
"to_ids" : false ,
"type" : "float" ,
"uuid" : "6024c08a-0a67-468d-a7ca-5b316029ebde" ,
"value" : "1.174962"
} ,
{
"category" : "Other" ,
"comment" : "" ,
"deleted" : false ,
"disable_correlation" : true ,
"object_relation" : "name" ,
"timestamp" : "1529238828" ,
"to_ids" : false ,
"type" : "text" ,
"uuid" : "1c6d2b79-dc6c-4b92-9132-d8e6c9b6f0a6" ,
"value" : ".rsrc"
} ,
{
"category" : "Other" ,
"comment" : "" ,
"deleted" : false ,
"disable_correlation" : true ,
"object_relation" : "size-in-bytes" ,
"timestamp" : "1529238828" ,
"to_ids" : false ,
"type" : "size-in-bytes" ,
"uuid" : "aa257733-68ee-4822-92e8-a75ff29fed05" ,
"value" : "4096"
}
]
} ,
{
"comment" : "" ,
"deleted" : false ,
"description" : "Object describing a Portable Executable" ,
"meta-category" : "file" ,
"name" : "pe" ,
"template_uuid" : "cf7adecc-d4f0-4e88-9d90-f978ee151a07" ,
"template_version" : "3" ,
"timestamp" : "1529238755" ,
"uuid" : "0522e8ab-595b-46fd-b97c-bded45adfd05" ,
"ObjectReference" : [
{
"comment" : "" ,
"object_uuid" : "0522e8ab-595b-46fd-b97c-bded45adfd05" ,
"referenced_uuid" : "1d79df64-ad7a-4189-a107-1d2f27e8202c" ,
"relationship_type" : "included-in" ,
"timestamp" : "1529238785" ,
"uuid" : "5b265501-7090-4414-87ad-46f602de0b81"
} ,
{
"comment" : "" ,
"object_uuid" : "0522e8ab-595b-46fd-b97c-bded45adfd05" ,
"referenced_uuid" : "b4d6cf82-abf9-40ea-8adf-884cac0b7dca" ,
"relationship_type" : "included-in" ,
"timestamp" : "1529238785" ,
"uuid" : "5b265501-fddc-4eb9-a47d-495102de0b81"
} ,
{
"comment" : "" ,
"object_uuid" : "0522e8ab-595b-46fd-b97c-bded45adfd05" ,
"referenced_uuid" : "1b2178c0-7302-4bf6-a196-e7088086d1e7" ,
"relationship_type" : "included-in" ,
"timestamp" : "1529238785" ,
"uuid" : "5b265501-8540-4e5e-8a22-422202de0b81"
} ,
{
"comment" : "" ,
"object_uuid" : "0522e8ab-595b-46fd-b97c-bded45adfd05" ,
"referenced_uuid" : "f6bf304a-cd3f-4bf4-8731-e4ad2e85c5c6" ,
"relationship_type" : "included-in" ,
"timestamp" : "1529238785" ,
"uuid" : "5b265501-217c-460c-ba6c-46da02de0b81"
} ,
{
"comment" : "" ,
"object_uuid" : "0522e8ab-595b-46fd-b97c-bded45adfd05" ,
"referenced_uuid" : "245d12e0-fda7-41de-935c-5fc5208ea77a" ,
"relationship_type" : "included-in" ,
"timestamp" : "1529238786" ,
"uuid" : "5b265502-8984-4a30-bcef-478502de0b81"
}
] ,
"Attribute" : [
{
"category" : "Payload delivery" ,
"comment" : "" ,
"deleted" : false ,
"disable_correlation" : true ,
"object_relation" : "internal-filename" ,
"timestamp" : "1529238828" ,
"to_ids" : true ,
"type" : "filename" ,
"uuid" : "df8adb3d-62c9-492a-a77f-0b4b21afc451" ,
"value" : "java.exe"
} ,
{
"category" : "Payload delivery" ,
"comment" : "" ,
"deleted" : false ,
"disable_correlation" : true ,
"object_relation" : "original-filename" ,
"timestamp" : "1529238828" ,
"to_ids" : true ,
"type" : "filename" ,
"uuid" : "14d1b57d-58ad-4014-ae9e-00186a54f1cc" ,
"value" : "java.exe"
} ,
{
"category" : "Other" ,
"comment" : "" ,
"deleted" : false ,
"disable_correlation" : true ,
"object_relation" : "number-sections" ,
"timestamp" : "1529238828" ,
"to_ids" : false ,
"type" : "counter" ,
"uuid" : "7dd524b4-cda1-400f-b2cd-88df5476cac8" ,
"value" : "5"
}
]
} ,
{
"comment" : "" ,
"deleted" : false ,
"description" : "File object describing a file with meta-information" ,
"meta-category" : "file" ,
"name" : "file" ,
"template_uuid" : "688c46fb-5edb-40a3-8273-1af7923e2215" ,
"template_version" : "11" ,
"timestamp" : "1529239248" ,
"uuid" : "36c77c19-8523-4fc0-b1c7-a37fc417137f" ,
"ObjectReference" : [
{
"comment" : "" ,
"object_uuid" : "36c77c19-8523-4fc0-b1c7-a37fc417137f" ,
"referenced_uuid" : "0522e8ab-595b-46fd-b97c-bded45adfd05" ,
"relationship_type" : "included-in" ,
"timestamp" : "1529238786" ,
"uuid" : "5b265502-ef10-4c52-a419-449a02de0b81"
} ,
{
"comment" : "" ,
"object_uuid" : "36c77c19-8523-4fc0-b1c7-a37fc417137f" ,
"referenced_uuid" : "35046b12-4171-4598-ab66-f6c536f03862" ,
"relationship_type" : "contained-within" ,
"timestamp" : "1529238786" ,
"uuid" : "5b265502-6350-4497-82f5-480e02de0b81"
} ,
{
"comment" : "" ,
"object_uuid" : "36c77c19-8523-4fc0-b1c7-a37fc417137f" ,
"referenced_uuid" : "450c3377-2c9b-4b69-8381-f51dfe41f149" ,
"relationship_type" : "analysed-with" ,
"timestamp" : "1529239250" ,
"uuid" : "5b2656d2-eebc-4641-aa7d-409d02de0b81"
}
] ,
"Attribute" : [
{
"category" : "Payload delivery" ,
"comment" : "" ,
"deleted" : false ,
"disable_correlation" : false ,
"object_relation" : "md5" ,
"timestamp" : "1529238828" ,
"to_ids" : true ,
"type" : "md5" ,
"uuid" : "45f9c3ee-0e9c-4959-afe3-18a762472bcf" ,
"value" : "77b50bb476a85a7aa30c962a389838aa"
} ,
{
"category" : "Payload delivery" ,
"comment" : "" ,
"deleted" : false ,
"disable_correlation" : false ,
"object_relation" : "sha1" ,
"timestamp" : "1529238828" ,
"to_ids" : true ,
"type" : "sha1" ,
"uuid" : "d963e815-d52a-436f-bba8-fb2e877724a7" ,
"value" : "df466a1f473c7c5eba5f22d90822fd1430b6a244"
} ,
{
"category" : "Payload delivery" ,
"comment" : "" ,
"deleted" : false ,
"disable_correlation" : false ,
"object_relation" : "sha256" ,
"timestamp" : "1529238828" ,
"to_ids" : true ,
"type" : "sha256" ,
"uuid" : "53b62ef9-165d-48be-8446-bbc5667eac68" ,
"value" : "3c809a10106990ba93ec0ed3b63ec8558414c6680f6187066b1aacd4d8c58210"
} ,
{
"category" : "Payload delivery" ,
"comment" : "" ,
"deleted" : false ,
"disable_correlation" : false ,
"object_relation" : "sha512" ,
"timestamp" : "1529238828" ,
"to_ids" : true ,
"type" : "sha512" ,
"uuid" : "336e0e83-d5bf-49bc-9044-52a4dcf5e765" ,
"value" : "33b78e0bc8832958b79292bfebffe32c03b59b92044bb95331ee384f7061f6724c7d10bcf17ee1395dbd437b225c0813ba4bc5de6ef44f4bdd9ee58e446ad143"
} ,
{
"category" : "Payload delivery" ,
"comment" : "" ,
"deleted" : false ,
"disable_correlation" : false ,
"object_relation" : "ssdeep" ,
"timestamp" : "1529238828" ,
"to_ids" : true ,
"type" : "ssdeep" ,
"uuid" : "bf7da242-1d55-44fe-8df4-74e844383c5c" ,
"value" : "3072:sPhrkoI8QYJRMs4y5pe+/a5sN5t4+PXP:Mi/lqpe+/0sa"
} ,
{
"category" : "Artifacts dropped" ,
"comment" : "" ,
"deleted" : false ,
"disable_correlation" : true ,
"object_relation" : "mimetype" ,
"timestamp" : "1529238828" ,
"to_ids" : false ,
"type" : "mime-type" ,
"uuid" : "d74dabe4-41b5-4e30-86be-3b8a26d7a8d2" ,
"value" : "PE32 executable (GUI) Intel 80386, for MS Windows"
} ,
{
"category" : "Payload delivery" ,
"comment" : "" ,
"deleted" : false ,
"disable_correlation" : true ,
"object_relation" : "filename" ,
"timestamp" : "1529238828" ,
"to_ids" : true ,
"type" : "filename" ,
"uuid" : "4608870b-5c76-4c8b-a951-837cb9b8e67b" ,
"value" : "java.exe"
} ,
{
"category" : "Other" ,
"comment" : "" ,
"deleted" : false ,
"disable_correlation" : true ,
"object_relation" : "size-in-bytes" ,
"timestamp" : "1529238828" ,
"to_ids" : false ,
"type" : "size-in-bytes" ,
"uuid" : "f46de574-232c-4930-b616-2f4fd00d0370" ,
"value" : "118784"
} ,
{
"category" : "Other" ,
"comment" : "" ,
"deleted" : false ,
"disable_correlation" : true ,
"object_relation" : "entropy" ,
"timestamp" : "1529238828" ,
"to_ids" : false ,
"type" : "float" ,
"uuid" : "50ad1444-a08f-4946-8ff2-495997f747f9" ,
"value" : "5.880053"
}
]
} ,
{
"comment" : "" ,
"deleted" : false ,
"description" : "File object describing a file with meta-information" ,
"meta-category" : "file" ,
"name" : "file" ,
"template_uuid" : "688c46fb-5edb-40a3-8273-1af7923e2215" ,
"template_version" : "11" ,
"timestamp" : "1529238755" ,
"uuid" : "137d6815-4196-433f-a8be-1fe04add3a5f" ,
"Attribute" : [
{
"category" : "Payload delivery" ,
"comment" : "" ,
"deleted" : false ,
"disable_correlation" : false ,
"object_relation" : "md5" ,
"timestamp" : "1529238828" ,
"to_ids" : true ,
"type" : "md5" ,
"uuid" : "503ea9ef-2f8b-4acc-a3b0-57406172fb9d" ,
"value" : "3229a6cea658b1b3ca5ca9ad7b40d8d4"
} ,
{
"category" : "Payload delivery" ,
"comment" : "" ,
"deleted" : false ,
"disable_correlation" : false ,
"object_relation" : "sha1" ,
"timestamp" : "1529238828" ,
"to_ids" : true ,
"type" : "sha1" ,
"uuid" : "b6ce6c88-2342-4660-b241-102f63ac56ea" ,
"value" : "70730e608e2fcc68ce468ed148e965c5bacfb51c"
} ,
{
"category" : "Payload delivery" ,
"comment" : "" ,
"deleted" : false ,
"disable_correlation" : false ,
"object_relation" : "sha256" ,
"timestamp" : "1529238828" ,
"to_ids" : true ,
"type" : "sha256" ,
"uuid" : "aa012496-d025-4ba5-b3ef-250b2e838740" ,
"value" : "4bd7d801d7ce3fe9c2928dbc834b296e934473f5bbcc9a1fd18af5ebd43192cd"
} ,
{
"category" : "Payload delivery" ,
"comment" : "" ,
"deleted" : false ,
"disable_correlation" : false ,
"object_relation" : "sha512" ,
"timestamp" : "1529238828" ,
"to_ids" : true ,
"type" : "sha512" ,
"uuid" : "274079e2-066d-4b38-9a09-4c2a5e379cdb" ,
"value" : "ff385a9446415412950562cca832eab1d17de56932f3633a86202dea829e8bd25e56864306f2e6c8bb7ff7d2cfe2785acc4261410e38348946baf72d4a0696de"
} ,
{
"category" : "Payload delivery" ,
"comment" : "" ,
"deleted" : false ,
"disable_correlation" : false ,
"object_relation" : "ssdeep" ,
"timestamp" : "1529238828" ,
"to_ids" : true ,
"type" : "ssdeep" ,
"uuid" : "297f6df0-4654-48bf-a8f6-135c6e32a3b7" ,
"value" : "12288:sh+81FiNloAzjMXJ1NPeZ3eMNZtF7fHRRAug0EX7:W1FiNWEYxeV3NfHDe"
} ,
{
"category" : "Artifacts dropped" ,
"comment" : "" ,
"deleted" : false ,
"disable_correlation" : true ,
"object_relation" : "mimetype" ,
"timestamp" : "1529238828" ,
"to_ids" : false ,
"type" : "mime-type" ,
"uuid" : "73bf9f86-33c4-4e0e-9c99-015743e1f520" ,
"value" : "Composite Document File V2 Document, Little Endian, O%WINDIR%\\ Version 6.2, Code page: 949, Author: ISkyISea, Template: Normal, Last Saved By: ISkyISea, Revision Number: 2, Name of Creating Application: Microsoft Office Word, Total Editing Time: 17:00, Create Time/Date: Mon Apr 3 18:36:00 2017, Last Saved Time/Date: Thu Apr 6 00:34:00 2017, Number of Pages: 1, Number of Words: 0, Number of Characters: 1, Security: 0"
} ,
{
"category" : "Payload delivery" ,
"comment" : "" ,
"deleted" : false ,
"disable_correlation" : true ,
"object_relation" : "filename" ,
"timestamp" : "1529238828" ,
"to_ids" : true ,
"type" : "filename" ,
"uuid" : "2ea72644-8c27-4553-aaf3-a9409cb5767a" ,
"value" : "3229A6CEA658B1B3CA5CA9AD7B40D8D4"
} ,
{
"category" : "Other" ,
"comment" : "" ,
"deleted" : false ,
"disable_correlation" : true ,
"object_relation" : "size-in-bytes" ,
"timestamp" : "1529238828" ,
"to_ids" : false ,
"type" : "size-in-bytes" ,
"uuid" : "489f144e-a748-4983-9e8e-654b2eb59300" ,
"value" : "712192"
} ,
{
"category" : "Other" ,
"comment" : "" ,
"deleted" : false ,
"disable_correlation" : true ,
"object_relation" : "entropy" ,
"timestamp" : "1529238828" ,
"to_ids" : false ,
"type" : "float" ,
"uuid" : "cf584d0c-1c6d-4c81-b50d-4b0920ed05ac" ,
"value" : "5.446016"
}
]
} ,
{
"comment" : "" ,
"deleted" : false ,
"description" : "Object describing a section of a Portable Executable" ,
"meta-category" : "file" ,
"name" : "pe-section" ,
"template_uuid" : "198a17d2-a135-4b25-9a32-5aa4e632014a" ,
"template_version" : "2" ,
"timestamp" : "1529238757" ,
"uuid" : "a5bf7615-9482-49f6-9959-55010346971f" ,
"Attribute" : [
{
"category" : "Other" ,
"comment" : "" ,
"deleted" : false ,
"disable_correlation" : true ,
"object_relation" : "entropy" ,
"timestamp" : "1529238828" ,
"to_ids" : false ,
"type" : "float" ,
"uuid" : "6f846829-c071-4357-834a-88d3c908d07d" ,
"value" : "2.558659"
} ,
{
"category" : "Payload delivery" ,
"comment" : "" ,
"deleted" : false ,
"disable_correlation" : false ,
"object_relation" : "md5" ,
"timestamp" : "1529238828" ,
"to_ids" : true ,
"type" : "md5" ,
"uuid" : "12337d08-e2f7-4a13-b25a-9018dc6fb5a3" ,
"value" : "55b6d1ed6d76c7d17cc270bc1843d2cb"
} ,
{
"category" : "Other" ,
"comment" : "" ,
"deleted" : false ,
"disable_correlation" : true ,
"object_relation" : "size-in-bytes" ,
"timestamp" : "1529238828" ,
"to_ids" : false ,
"type" : "size-in-bytes" ,
"uuid" : "00869999-96fa-4094-8e60-8fd9643b04e5" ,
"value" : "1024"
}
]
} ,
{
"comment" : "" ,
"deleted" : false ,
"description" : "Object describing a section of a Portable Executable" ,
"meta-category" : "file" ,
"name" : "pe-section" ,
"template_uuid" : "198a17d2-a135-4b25-9a32-5aa4e632014a" ,
"template_version" : "2" ,
"timestamp" : "1529238757" ,
"uuid" : "e20e89de-dedb-4493-9f39-d19bca906c68" ,
"Attribute" : [
{
"category" : "Payload delivery" ,
"comment" : "" ,
"deleted" : false ,
"disable_correlation" : false ,
"object_relation" : "md5" ,
"timestamp" : "1529238828" ,
"to_ids" : true ,
"type" : "md5" ,
"uuid" : "594249fb-de2c-44c7-9c72-b883b0bbd722" ,
"value" : "6e501513865a783fa945269010ac3785"
} ,
{
"category" : "Other" ,
"comment" : "" ,
"deleted" : false ,
"disable_correlation" : true ,
"object_relation" : "entropy" ,
"timestamp" : "1529238828" ,
"to_ids" : false ,
"type" : "float" ,
"uuid" : "5399e04c-6797-4851-9c02-4498d8fedeb8" ,
"value" : "6.390707"
} ,
{
"category" : "Other" ,
"comment" : "" ,
"deleted" : false ,
"disable_correlation" : true ,
"object_relation" : "name" ,
"timestamp" : "1529238828" ,
"to_ids" : false ,
"type" : "text" ,
"uuid" : "28cf08e9-586f-40ff-88e6-24f58b74ef7b" ,
"value" : ".text"
} ,
{
"category" : "Other" ,
"comment" : "" ,
"deleted" : false ,
"disable_correlation" : true ,
"object_relation" : "size-in-bytes" ,
"timestamp" : "1529238828" ,
"to_ids" : false ,
"type" : "size-in-bytes" ,
"uuid" : "d63e0b10-bf65-429e-a385-577f4a7ca1d4" ,
"value" : "69632"
}
]
} ,
{
"comment" : "" ,
"deleted" : false ,
"description" : "Object describing a section of a Portable Executable" ,
"meta-category" : "file" ,
"name" : "pe-section" ,
"template_uuid" : "198a17d2-a135-4b25-9a32-5aa4e632014a" ,
"template_version" : "2" ,
"timestamp" : "1529238758" ,
"uuid" : "a640c76e-6b15-4f46-bb4a-3c41a62700c5" ,
"Attribute" : [
{
"category" : "Payload delivery" ,
"comment" : "" ,
"deleted" : false ,
"disable_correlation" : false ,
"object_relation" : "md5" ,
"timestamp" : "1529238828" ,
"to_ids" : true ,
"type" : "md5" ,
"uuid" : "2a4a9051-94ca-498b-ace2-73b414564804" ,
"value" : "45584c7afdc086b651d7299673643506"
} ,
{
"category" : "Other" ,
"comment" : "" ,
"deleted" : false ,
"disable_correlation" : true ,
"object_relation" : "entropy" ,
"timestamp" : "1529238828" ,
"to_ids" : false ,
"type" : "float" ,
"uuid" : "7633f9f1-2783-41d6-9348-b190763c9718" ,
"value" : "4.704433"
} ,
{
"category" : "Other" ,
"comment" : "" ,
"deleted" : false ,
"disable_correlation" : true ,
"object_relation" : "name" ,
"timestamp" : "1529238828" ,
"to_ids" : false ,
"type" : "text" ,
"uuid" : "0214cb1a-7528-4f12-bcd6-f954bb7d6323" ,
"value" : ".rdata"
} ,
{
"category" : "Other" ,
"comment" : "" ,
"deleted" : false ,
"disable_correlation" : true ,
"object_relation" : "size-in-bytes" ,
"timestamp" : "1529238828" ,
"to_ids" : false ,
"type" : "size-in-bytes" ,
"uuid" : "7403a39b-afb6-4849-bef1-16b02e384da7" ,
"value" : "24064"
}
]
} ,
{
"comment" : "" ,
"deleted" : false ,
"description" : "Object describing a section of a Portable Executable" ,
"meta-category" : "file" ,
"name" : "pe-section" ,
"template_uuid" : "198a17d2-a135-4b25-9a32-5aa4e632014a" ,
"template_version" : "2" ,
"timestamp" : "1529238758" ,
"uuid" : "940a978d-4e70-4357-a7c1-2e1a9e80b784" ,
"Attribute" : [ ]
} ,
{
"comment" : "" ,
"deleted" : false ,
"description" : "Object describing a section of a Portable Executable" ,
"meta-category" : "file" ,
"name" : "pe-section" ,
"template_uuid" : "198a17d2-a135-4b25-9a32-5aa4e632014a" ,
"template_version" : "2" ,
"timestamp" : "1529238759" ,
"uuid" : "fe2d8b67-f422-4335-be73-542f40ee8559" ,
"Attribute" : [
{
"category" : "Payload delivery" ,
"comment" : "" ,
"deleted" : false ,
"disable_correlation" : false ,
"object_relation" : "md5" ,
"timestamp" : "1529238828" ,
"to_ids" : true ,
"type" : "md5" ,
"uuid" : "26ce7da5-8330-403a-babf-afa9f4e8bbbc" ,
"value" : "de3fe99833797faa77379640174d16c4"
} ,
{
"category" : "Other" ,
"comment" : "" ,
"deleted" : false ,
"disable_correlation" : true ,
"object_relation" : "entropy" ,
"timestamp" : "1529238828" ,
"to_ids" : false ,
"type" : "float" ,
"uuid" : "7fbfbec0-c2a2-4968-beb9-2bcd00bf4234" ,
"value" : "4.786623"
} ,
{
"category" : "Other" ,
"comment" : "" ,
"deleted" : false ,
"disable_correlation" : true ,
"object_relation" : "name" ,
"timestamp" : "1529238828" ,
"to_ids" : false ,
"type" : "text" ,
"uuid" : "4d3c86ab-bd7e-4d16-8645-8faf593a8b0e" ,
"value" : ".pdata"
} ,
{
"category" : "Other" ,
"comment" : "" ,
"deleted" : false ,
"disable_correlation" : true ,
"object_relation" : "size-in-bytes" ,
"timestamp" : "1529238828" ,
"to_ids" : false ,
"type" : "size-in-bytes" ,
"uuid" : "af55cdc6-ae33-4a93-a0f1-183d270362ad" ,
"value" : "4096"
}
]
} ,
{
"comment" : "" ,
"deleted" : false ,
"description" : "Object describing a section of a Portable Executable" ,
"meta-category" : "file" ,
"name" : "pe-section" ,
"template_uuid" : "198a17d2-a135-4b25-9a32-5aa4e632014a" ,
"template_version" : "2" ,
"timestamp" : "1529238759" ,
"uuid" : "c11a828a-e1d5-4299-9329-7908ca5aeea8" ,
"Attribute" : [
{
"category" : "Payload delivery" ,
"comment" : "" ,
"deleted" : false ,
"disable_correlation" : false ,
"object_relation" : "md5" ,
"timestamp" : "1529238828" ,
"to_ids" : true ,
"type" : "md5" ,
"uuid" : "fdac98ce-e37a-4a40-a5fa-6cbae5a0d41d" ,
"value" : "0cc425d0556c63acb7c04b9b1a211d5b"
} ,
{
"category" : "Other" ,
"comment" : "" ,
"deleted" : false ,
"disable_correlation" : true ,
"object_relation" : "entropy" ,
"timestamp" : "1529238828" ,
"to_ids" : false ,
"type" : "float" ,
"uuid" : "fab78eda-b6fc-4db9-9983-f7c622a5b838" ,
"value" : "5.105006"
} ,
{
"category" : "Other" ,
"comment" : "" ,
"deleted" : false ,
"disable_correlation" : true ,
"object_relation" : "name" ,
"timestamp" : "1529238828" ,
"to_ids" : false ,
"type" : "text" ,
"uuid" : "9f7e4bc6-7a0f-4830-9152-696b88b5719d" ,
"value" : ".rsrc"
} ,
{
"category" : "Other" ,
"comment" : "" ,
"deleted" : false ,
"disable_correlation" : true ,
"object_relation" : "size-in-bytes" ,
"timestamp" : "1529238828" ,
"to_ids" : false ,
"type" : "size-in-bytes" ,
"uuid" : "5f0f9cfa-6975-4e6e-bdec-05c056a9b3b2" ,
"value" : "512"
}
]
} ,
{
"comment" : "" ,
"deleted" : false ,
"description" : "Object describing a section of a Portable Executable" ,
"meta-category" : "file" ,
"name" : "pe-section" ,
"template_uuid" : "198a17d2-a135-4b25-9a32-5aa4e632014a" ,
"template_version" : "2" ,
"timestamp" : "1529238760" ,
"uuid" : "f5d96ec9-8867-4032-8088-5c539234665c" ,
"Attribute" : [
{
"category" : "Payload delivery" ,
"comment" : "" ,
"deleted" : false ,
"disable_correlation" : false ,
"object_relation" : "md5" ,
"timestamp" : "1529238828" ,
"to_ids" : true ,
"type" : "md5" ,
"uuid" : "af06b21f-d9a4-44d7-91e4-1e533736ec2d" ,
"value" : "914f25782a74f42e42d7974b13bd01c8"
} ,
{
"category" : "Other" ,
"comment" : "" ,
"deleted" : false ,
"disable_correlation" : true ,
"object_relation" : "entropy" ,
"timestamp" : "1529238828" ,
"to_ids" : false ,
"type" : "float" ,
"uuid" : "2a4ff6aa-6535-4cc3-bb2b-3bcf214b5924" ,
"value" : "2.869845"
} ,
{
"category" : "Other" ,
"comment" : "" ,
"deleted" : false ,
"disable_correlation" : true ,
"object_relation" : "name" ,
"timestamp" : "1529238828" ,
"to_ids" : false ,
"type" : "text" ,
"uuid" : "18e88c8c-0485-4da2-b13b-34bc3ca648b5" ,
"value" : ".reloc"
} ,
{
"category" : "Other" ,
"comment" : "" ,
"deleted" : false ,
"disable_correlation" : true ,
"object_relation" : "size-in-bytes" ,
"timestamp" : "1529238828" ,
"to_ids" : false ,
"type" : "size-in-bytes" ,
"uuid" : "4552ec2e-a15f-4e81-a1ce-ba951b0585ba" ,
"value" : "1536"
}
]
} ,
{
"comment" : "" ,
"deleted" : false ,
"description" : "Object describing a Portable Executable" ,
"meta-category" : "file" ,
"name" : "pe" ,
"template_uuid" : "cf7adecc-d4f0-4e88-9d90-f978ee151a07" ,
"template_version" : "3" ,
"timestamp" : "1529238763" ,
"uuid" : "cffd2eaa-1a45-40de-b9d1-aa6999601750" ,
"ObjectReference" : [
{
"comment" : "" ,
"object_uuid" : "cffd2eaa-1a45-40de-b9d1-aa6999601750" ,
"referenced_uuid" : "a5bf7615-9482-49f6-9959-55010346971f" ,
"relationship_type" : "included-in" ,
"timestamp" : "1529238786" ,
"uuid" : "5b265502-79b0-4805-af99-4cb702de0b81"
} ,
{
"comment" : "" ,
"object_uuid" : "cffd2eaa-1a45-40de-b9d1-aa6999601750" ,
"referenced_uuid" : "e20e89de-dedb-4493-9f39-d19bca906c68" ,
"relationship_type" : "included-in" ,
"timestamp" : "1529238786" ,
"uuid" : "5b265502-e450-4c72-8364-4ca802de0b81"
} ,
{
"comment" : "" ,
"object_uuid" : "cffd2eaa-1a45-40de-b9d1-aa6999601750" ,
"referenced_uuid" : "a640c76e-6b15-4f46-bb4a-3c41a62700c5" ,
"relationship_type" : "included-in" ,
"timestamp" : "1529238786" ,
"uuid" : "5b265502-9a78-4d3a-a2d8-409202de0b81"
} ,
{
"comment" : "" ,
"object_uuid" : "cffd2eaa-1a45-40de-b9d1-aa6999601750" ,
"referenced_uuid" : "940a978d-4e70-4357-a7c1-2e1a9e80b784" ,
"relationship_type" : "included-in" ,
"timestamp" : "1529238786" ,
"uuid" : "5b265502-af68-4f6f-b430-4aeb02de0b81"
} ,
{
"comment" : "" ,
"object_uuid" : "cffd2eaa-1a45-40de-b9d1-aa6999601750" ,
"referenced_uuid" : "fe2d8b67-f422-4335-be73-542f40ee8559" ,
"relationship_type" : "included-in" ,
"timestamp" : "1529238786" ,
"uuid" : "5b265502-d3b8-472b-bbbe-466802de0b81"
} ,
{
"comment" : "" ,
"object_uuid" : "cffd2eaa-1a45-40de-b9d1-aa6999601750" ,
"referenced_uuid" : "c11a828a-e1d5-4299-9329-7908ca5aeea8" ,
"relationship_type" : "included-in" ,
"timestamp" : "1529238786" ,
"uuid" : "5b265502-4ec0-427b-a9e5-4b1602de0b81"
} ,
{
"comment" : "" ,
"object_uuid" : "cffd2eaa-1a45-40de-b9d1-aa6999601750" ,
"referenced_uuid" : "f5d96ec9-8867-4032-8088-5c539234665c" ,
"relationship_type" : "included-in" ,
"timestamp" : "1529238786" ,
"uuid" : "5b265502-57d0-4bfb-84a7-4d6e02de0b81"
}
] ,
"Attribute" : [
{
"category" : "Payload delivery" ,
"comment" : "" ,
"deleted" : false ,
"disable_correlation" : true ,
"object_relation" : "internal-filename" ,
"timestamp" : "1529238828" ,
"to_ids" : true ,
"type" : "filename" ,
"uuid" : "7e6c5286-4fd8-4a7a-a0af-451997707b88" ,
"value" : "BFB41BC0C3856AA0A81A5256B7B8DA51"
} ,
{
"category" : "Payload delivery" ,
"comment" : "" ,
"deleted" : false ,
"disable_correlation" : true ,
"object_relation" : "original-filename" ,
"timestamp" : "1529238828" ,
"to_ids" : true ,
"type" : "filename" ,
"uuid" : "84825e90-0df3-4106-888d-599580d24896" ,
"value" : "BFB41BC0C3856AA0A81A5256B7B8DA51"
} ,
{
"category" : "Other" ,
"comment" : "" ,
"deleted" : false ,
"disable_correlation" : true ,
"object_relation" : "number-sections" ,
"timestamp" : "1529238828" ,
"to_ids" : false ,
"type" : "counter" ,
"uuid" : "d41dc9ad-4d5e-4ea6-b205-0efb3bd7ea62" ,
"value" : "7"
}
]
} ,
{
"comment" : "" ,
"deleted" : false ,
"description" : "File object describing a file with meta-information" ,
"meta-category" : "file" ,
"name" : "file" ,
"template_uuid" : "688c46fb-5edb-40a3-8273-1af7923e2215" ,
"template_version" : "11" ,
"timestamp" : "1529238764" ,
"uuid" : "a84b8d9c-0175-411b-8b89-fc0ac709df56" ,
"ObjectReference" : [
{
"comment" : "" ,
"object_uuid" : "a84b8d9c-0175-411b-8b89-fc0ac709df56" ,
"referenced_uuid" : "cffd2eaa-1a45-40de-b9d1-aa6999601750" ,
"relationship_type" : "included-in" ,
"timestamp" : "1529238786" ,
"uuid" : "5b265502-d5fc-4992-8679-465c02de0b81"
} ,
{
"comment" : "" ,
"object_uuid" : "a84b8d9c-0175-411b-8b89-fc0ac709df56" ,
"referenced_uuid" : "f94d3e39-27ea-4214-bb44-c25505dc2326" ,
"relationship_type" : "contains" ,
"timestamp" : "1529238786" ,
"uuid" : "5b265502-4eec-4d7d-a75f-42db02de0b81"
}
] ,
"Attribute" : [
{
"category" : "Payload delivery" ,
"comment" : "" ,
"deleted" : false ,
"disable_correlation" : false ,
"object_relation" : "md5" ,
"timestamp" : "1529238828" ,
"to_ids" : true ,
"type" : "md5" ,
"uuid" : "8246e29b-e6c4-4112-80a7-da0743a7bc3e" ,
"value" : "bfb41bc0c3856aa0a81a5256b7b8da51"
} ,
{
"category" : "Payload delivery" ,
"comment" : "" ,
"deleted" : false ,
"disable_correlation" : false ,
"object_relation" : "sha1" ,
"timestamp" : "1529238828" ,
"to_ids" : true ,
"type" : "sha1" ,
"uuid" : "16160e3a-15b8-44f0-aaeb-a4bc53c3094a" ,
"value" : "cb96e29332fe94d1a70309837f73daf7bec81284"
} ,
{
"category" : "Payload delivery" ,
"comment" : "" ,
"deleted" : false ,
"disable_correlation" : false ,
"object_relation" : "sha256" ,
"timestamp" : "1529238828" ,
"to_ids" : true ,
"type" : "sha256" ,
"uuid" : "dd7f2a87-8df8-4ce9-9020-e47babc46801" ,
"value" : "c9e3b83d77ce93cc1d70b22e967f049b13515c88572aa78e0a838103e5478777"
} ,
{
"category" : "Payload delivery" ,
"comment" : "" ,
"deleted" : false ,
"disable_correlation" : false ,
"object_relation" : "sha512" ,
"timestamp" : "1529238828" ,
"to_ids" : true ,
"type" : "sha512" ,
"uuid" : "609a43e1-3f2c-49c5-82cc-d8ffafb8ecb8" ,
"value" : "37223163a329ffa7b77a9190aab1da5fbf38c6d76139591d592d695e5caa81b56f6d3769540e2781c87a29de3d39e5e9c8ee70bd9ed6a0bee040917f530bc11a"
} ,
{
"category" : "Payload delivery" ,
"comment" : "" ,
"deleted" : false ,
"disable_correlation" : false ,
"object_relation" : "ssdeep" ,
"timestamp" : "1529238828" ,
"to_ids" : true ,
"type" : "ssdeep" ,
"uuid" : "4b416c9b-00a9-4935-aaec-3af5ee7d2eee" ,
"value" : "12288:jxn1kOPTkEjkHsnCrYHM46QyFgHj+u1XC1GbA/UXAfAGZI3PWM+:jxn1kOLkEQHsYYDdD+u1HbA/Uw47/L+"
} ,
{
"category" : "Artifacts dropped" ,
"comment" : "" ,
"deleted" : false ,
"disable_correlation" : true ,
"object_relation" : "mimetype" ,
"timestamp" : "1529238828" ,
"to_ids" : false ,
"type" : "mime-type" ,
"uuid" : "2f60cfd3-49ff-4c9e-b3a4-35e7c006a4b8" ,
"value" : "PE32+ executable (GUI) x86-64, for MS Windows"
} ,
{
"category" : "Payload delivery" ,
"comment" : "" ,
"deleted" : false ,
"disable_correlation" : true ,
"object_relation" : "filename" ,
"timestamp" : "1529238828" ,
"to_ids" : true ,
"type" : "filename" ,
"uuid" : "8de41543-93d7-4693-8e39-fc895c3772e6" ,
"value" : "BFB41BC0C3856AA0A81A5256B7B8DA51"
} ,
{
"category" : "Other" ,
"comment" : "" ,
"deleted" : false ,
"disable_correlation" : true ,
"object_relation" : "size-in-bytes" ,
"timestamp" : "1529238828" ,
"to_ids" : false ,
"type" : "size-in-bytes" ,
"uuid" : "f261ebc7-3256-4650-86a9-c8acf87cdfbf" ,
"value" : "578174"
} ,
{
"category" : "Other" ,
"comment" : "" ,
"deleted" : false ,
"disable_correlation" : true ,
"object_relation" : "entropy" ,
"timestamp" : "1529238828" ,
"to_ids" : false ,
"type" : "float" ,
"uuid" : "13e7ff85-30d1-43e5-a4fa-f0244dda2b7b" ,
"value" : "7.848313"
}
]
} ,
{
"comment" : "" ,
"deleted" : false ,
"description" : "File object describing a file with meta-information" ,
"meta-category" : "file" ,
"name" : "file" ,
"template_uuid" : "688c46fb-5edb-40a3-8273-1af7923e2215" ,
"template_version" : "11" ,
"timestamp" : "1529238766" ,
"uuid" : "f94d3e39-27ea-4214-bb44-c25505dc2326" ,
"ObjectReference" : [
{
"comment" : "" ,
"object_uuid" : "f94d3e39-27ea-4214-bb44-c25505dc2326" ,
"referenced_uuid" : "a84b8d9c-0175-411b-8b89-fc0ac709df56" ,
"relationship_type" : "contained-within" ,
"timestamp" : "1529238786" ,
"uuid" : "5b265502-1f7c-4113-a3f8-478c02de0b81"
}
] ,
"Attribute" : [
{
"category" : "Payload delivery" ,
"comment" : "" ,
"deleted" : false ,
"disable_correlation" : false ,
"object_relation" : "md5" ,
"timestamp" : "1529238828" ,
"to_ids" : true ,
"type" : "md5" ,
"uuid" : "1e930c2d-1f27-4716-b1cc-53c599408c92" ,
"value" : "9722bc9e0efb4214116066d1ff14094c"
} ,
{
"category" : "Payload delivery" ,
"comment" : "" ,
"deleted" : false ,
"disable_correlation" : false ,
"object_relation" : "sha1" ,
"timestamp" : "1529238828" ,
"to_ids" : true ,
"type" : "sha1" ,
"uuid" : "f5e76bc7-4d35-4b89-9dcf-47073a32518f" ,
"value" : "41a938499048a6ad8034d09e2fbb893da8f13ca9"
} ,
{
"category" : "Payload delivery" ,
"comment" : "" ,
"deleted" : false ,
"disable_correlation" : false ,
"object_relation" : "sha256" ,
"timestamp" : "1529238828" ,
"to_ids" : true ,
"type" : "sha256" ,
"uuid" : "b7e5cfc2-4e71-40c7-b341-8b226aa80091" ,
"value" : "e088c3a0b0f466df5329d9a66ff618de3d468d8a5981715303babb1452631eef"
} ,
{
"category" : "Payload delivery" ,
"comment" : "" ,
"deleted" : false ,
"disable_correlation" : false ,
"object_relation" : "sha512" ,
"timestamp" : "1529238828" ,
"to_ids" : true ,
"type" : "sha512" ,
"uuid" : "36b07729-54e8-427c-9852-412f2628af66" ,
"value" : "8470c240868441093314ebe263028ceef61d900b41aaeed77fd934edf81b9a75f6c96d0fccc0ac87364c8e23e0b8eb19ec8bcd47daf1d50c1182be999475fc4c"
} ,
{
"category" : "Payload delivery" ,
"comment" : "" ,
"deleted" : false ,
"disable_correlation" : false ,
"object_relation" : "ssdeep" ,
"timestamp" : "1529238828" ,
"to_ids" : true ,
"type" : "ssdeep" ,
"uuid" : "9774cbc1-33ad-4cca-aa32-44b4a60a2f4f" ,
"value" : "12288:nqU713B5hV7rJIBBAVbyjRbjSbdSYJ3raxt7o6qRBpDwQmnQ2bqPjD+PmCNVGsPf:nRxJIB7hSZSG37jo/GsPepCdOwy"
} ,
{
"category" : "Artifacts dropped" ,
"comment" : "" ,
"deleted" : false ,
"disable_correlation" : true ,
"object_relation" : "mimetype" ,
"timestamp" : "1529238828" ,
"to_ids" : false ,
"type" : "mime-type" ,
"uuid" : "ca581254-91c2-42dc-87e9-4b7f4cd14932" ,
"value" : "PE32+ executable (DLL) (GUI) x86-64, for MS Windows"
} ,
{
"category" : "Payload delivery" ,
"comment" : "" ,
"deleted" : false ,
"disable_correlation" : true ,
"object_relation" : "filename" ,
"timestamp" : "1529238828" ,
"to_ids" : true ,
"type" : "filename" ,
"uuid" : "3f644d43-931b-4596-855b-f7136d359384" ,
"value" : "dwnhost.dll"
} ,
{
"category" : "Other" ,
"comment" : "" ,
"deleted" : false ,
"disable_correlation" : true ,
"object_relation" : "size-in-bytes" ,
"timestamp" : "1529238828" ,
"to_ids" : false ,
"type" : "size-in-bytes" ,
"uuid" : "991264f0-9316-4a90-9b6c-562ca46812c6" ,
"value" : "1030144"
} ,
{
"category" : "Other" ,
"comment" : "" ,
"deleted" : false ,
"disable_correlation" : true ,
"object_relation" : "entropy" ,
"timestamp" : "1529238828" ,
"to_ids" : false ,
"type" : "float" ,
"uuid" : "5bf0a44a-7e40-4c47-b332-92d08ce32c1c" ,
"value" : "6.424883"
}
]
} ,
{
"comment" : "" ,
"deleted" : false ,
"description" : "Object describing a section of a Portable Executable" ,
"meta-category" : "file" ,
"name" : "pe-section" ,
"template_uuid" : "198a17d2-a135-4b25-9a32-5aa4e632014a" ,
"template_version" : "2" ,
"timestamp" : "1529238766" ,
"uuid" : "90eb0a08-a0d8-49c6-8ec7-dccc20d06199" ,
"Attribute" : [
{
"category" : "Other" ,
"comment" : "" ,
"deleted" : false ,
"disable_correlation" : true ,
"object_relation" : "entropy" ,
"timestamp" : "1529238828" ,
"to_ids" : false ,
"type" : "float" ,
"uuid" : "4f20d754-af06-4bf8-a089-e1604183d051" ,
"value" : "2.623906"
} ,
{
"category" : "Payload delivery" ,
"comment" : "" ,
"deleted" : false ,
"disable_correlation" : false ,
"object_relation" : "md5" ,
"timestamp" : "1529238828" ,
"to_ids" : true ,
"type" : "md5" ,
"uuid" : "77867ffc-adae-4cb2-b0b7-31f5a2fcaf04" ,
"value" : "2082ea5adc4b910e8673c04dc7d962d2"
} ,
{
"category" : "Other" ,
"comment" : "" ,
"deleted" : false ,
"disable_correlation" : true ,
"object_relation" : "size-in-bytes" ,
"timestamp" : "1529238828" ,
"to_ids" : false ,
"type" : "size-in-bytes" ,
"uuid" : "746ff0db-a29c-47e9-b429-a582329f3bee" ,
"value" : "1024"
}
]
} ,
{
"comment" : "" ,
"deleted" : false ,
"description" : "Object describing a section of a Portable Executable" ,
"meta-category" : "file" ,
"name" : "pe-section" ,
"template_uuid" : "198a17d2-a135-4b25-9a32-5aa4e632014a" ,
"template_version" : "2" ,
"timestamp" : "1529238766" ,
"uuid" : "073bfabc-0580-4fde-8659-c3854029937d" ,
"Attribute" : [
{
"category" : "Payload delivery" ,
"comment" : "" ,
"deleted" : false ,
"disable_correlation" : false ,
"object_relation" : "md5" ,
"timestamp" : "1529238828" ,
"to_ids" : true ,
"type" : "md5" ,
"uuid" : "e49319ec-2ee0-40a3-8ff4-3c94373b1bd2" ,
"value" : "e6e5ce270a5e80221a815dbf739883a2"
} ,
{
"category" : "Other" ,
"comment" : "" ,
"deleted" : false ,
"disable_correlation" : true ,
"object_relation" : "entropy" ,
"timestamp" : "1529238828" ,
"to_ids" : false ,
"type" : "float" ,
"uuid" : "efff8e0d-ca3c-482e-909f-517d3b0f429e" ,
"value" : "6.434048"
} ,
{
"category" : "Other" ,
"comment" : "" ,
"deleted" : false ,
"disable_correlation" : true ,
"object_relation" : "name" ,
"timestamp" : "1529238828" ,
"to_ids" : false ,
"type" : "text" ,
"uuid" : "dfb19b82-e9d3-4b43-8eac-c37e3fcfe445" ,
"value" : ".text"
} ,
{
"category" : "Other" ,
"comment" : "" ,
"deleted" : false ,
"disable_correlation" : true ,
"object_relation" : "size-in-bytes" ,
"timestamp" : "1529238828" ,
"to_ids" : false ,
"type" : "size-in-bytes" ,
"uuid" : "9ea0245b-8cf8-4e5d-99d4-f5fb3222d571" ,
"value" : "111616"
}
]
} ,
{
"comment" : "" ,
"deleted" : false ,
"description" : "Object describing a section of a Portable Executable" ,
"meta-category" : "file" ,
"name" : "pe-section" ,
"template_uuid" : "198a17d2-a135-4b25-9a32-5aa4e632014a" ,
"template_version" : "2" ,
"timestamp" : "1529238767" ,
"uuid" : "e5f2a5b2-f9b6-4536-8068-1e610b0a5b17" ,
"Attribute" : [ ]
} ,
{
"comment" : "" ,
"deleted" : false ,
"description" : "Object describing a section of a Portable Executable" ,
"meta-category" : "file" ,
"name" : "pe-section" ,
"template_uuid" : "198a17d2-a135-4b25-9a32-5aa4e632014a" ,
"template_version" : "2" ,
"timestamp" : "1529238767" ,
"uuid" : "592953b3-0474-4ad1-8942-757124e30a99" ,
"Attribute" : [ ]
} ,
{
"comment" : "" ,
"deleted" : false ,
"description" : "Object describing a section of a Portable Executable" ,
"meta-category" : "file" ,
"name" : "pe-section" ,
"template_uuid" : "198a17d2-a135-4b25-9a32-5aa4e632014a" ,
"template_version" : "2" ,
"timestamp" : "1529238768" ,
"uuid" : "d4bf7b4c-7f49-46cd-94a6-c12dc5a471eb" ,
"Attribute" : [ ]
} ,
{
"comment" : "" ,
"deleted" : false ,
"description" : "Object describing a section of a Portable Executable" ,
"meta-category" : "file" ,
"name" : "pe-section" ,
"template_uuid" : "198a17d2-a135-4b25-9a32-5aa4e632014a" ,
"template_version" : "2" ,
"timestamp" : "1529238768" ,
"uuid" : "3a63168f-d604-46d2-80c0-d24afea4639b" ,
"Attribute" : [ ]
} ,
{
"comment" : "" ,
"deleted" : false ,
"description" : "Object describing a section of a Portable Executable" ,
"meta-category" : "file" ,
"name" : "pe-section" ,
"template_uuid" : "198a17d2-a135-4b25-9a32-5aa4e632014a" ,
"template_version" : "2" ,
"timestamp" : "1529238769" ,
"uuid" : "c8df1989-af8f-49db-838c-ef2f8bb96eb5" ,
"Attribute" : [ ]
} ,
{
"comment" : "" ,
"deleted" : false ,
"description" : "Object describing a Portable Executable" ,
"meta-category" : "file" ,
"name" : "pe" ,
"template_uuid" : "cf7adecc-d4f0-4e88-9d90-f978ee151a07" ,
"template_version" : "3" ,
"timestamp" : "1529238772" ,
"uuid" : "14dfc596-3c8f-4d1e-8194-56873bf809f0" ,
"ObjectReference" : [
{
"comment" : "" ,
"object_uuid" : "14dfc596-3c8f-4d1e-8194-56873bf809f0" ,
"referenced_uuid" : "90eb0a08-a0d8-49c6-8ec7-dccc20d06199" ,
"relationship_type" : "included-in" ,
"timestamp" : "1529238786" ,
"uuid" : "5b265502-0104-4dc4-8224-45e702de0b81"
} ,
{
"comment" : "" ,
"object_uuid" : "14dfc596-3c8f-4d1e-8194-56873bf809f0" ,
"referenced_uuid" : "073bfabc-0580-4fde-8659-c3854029937d" ,
"relationship_type" : "included-in" ,
"timestamp" : "1529238787" ,
"uuid" : "5b265503-9f94-4429-80f4-432202de0b81"
} ,
{
"comment" : "" ,
"object_uuid" : "14dfc596-3c8f-4d1e-8194-56873bf809f0" ,
"referenced_uuid" : "e5f2a5b2-f9b6-4536-8068-1e610b0a5b17" ,
"relationship_type" : "included-in" ,
"timestamp" : "1529238787" ,
"uuid" : "5b265503-d064-4762-aeda-473802de0b81"
} ,
{
"comment" : "" ,
"object_uuid" : "14dfc596-3c8f-4d1e-8194-56873bf809f0" ,
"referenced_uuid" : "592953b3-0474-4ad1-8942-757124e30a99" ,
"relationship_type" : "included-in" ,
"timestamp" : "1529238787" ,
"uuid" : "5b265503-4e8c-4bbc-bc8d-417a02de0b81"
} ,
{
"comment" : "" ,
"object_uuid" : "14dfc596-3c8f-4d1e-8194-56873bf809f0" ,
"referenced_uuid" : "d4bf7b4c-7f49-46cd-94a6-c12dc5a471eb" ,
"relationship_type" : "included-in" ,
"timestamp" : "1529238787" ,
"uuid" : "5b265503-88bc-4035-975c-4ebe02de0b81"
} ,
{
"comment" : "" ,
"object_uuid" : "14dfc596-3c8f-4d1e-8194-56873bf809f0" ,
"referenced_uuid" : "3a63168f-d604-46d2-80c0-d24afea4639b" ,
"relationship_type" : "included-in" ,
"timestamp" : "1529238787" ,
"uuid" : "5b265503-0eb4-4e45-b385-494b02de0b81"
} ,
{
"comment" : "" ,
"object_uuid" : "14dfc596-3c8f-4d1e-8194-56873bf809f0" ,
"referenced_uuid" : "c8df1989-af8f-49db-838c-ef2f8bb96eb5" ,
"relationship_type" : "included-in" ,
"timestamp" : "1529238787" ,
"uuid" : "5b265503-f2f4-4edf-8fad-43dc02de0b81"
}
] ,
"Attribute" : [
{
"category" : "Payload delivery" ,
"comment" : "" ,
"deleted" : false ,
"disable_correlation" : true ,
"object_relation" : "internal-filename" ,
"timestamp" : "1529238828" ,
"to_ids" : true ,
"type" : "filename" ,
"uuid" : "5b905993-b9ca-41c3-a565-84539a655d60" ,
"value" : "EF9DB20AB0EEBF0B7C55AF4EC0B7BCED"
} ,
{
"category" : "Payload delivery" ,
"comment" : "" ,
"deleted" : false ,
"disable_correlation" : true ,
"object_relation" : "original-filename" ,
"timestamp" : "1529238828" ,
"to_ids" : true ,
"type" : "filename" ,
"uuid" : "643f1c9e-62cd-4adf-9aeb-fe4d35e52768" ,
"value" : "EF9DB20AB0EEBF0B7C55AF4EC0B7BCED"
} ,
{
"category" : "Other" ,
"comment" : "" ,
"deleted" : false ,
"disable_correlation" : true ,
"object_relation" : "number-sections" ,
"timestamp" : "1529238828" ,
"to_ids" : false ,
"type" : "counter" ,
"uuid" : "30de4de2-4028-4ca5-9b18-08706b255e41" ,
"value" : "7"
}
]
} ,
{
"comment" : "" ,
"deleted" : false ,
"description" : "File object describing a file with meta-information" ,
"meta-category" : "file" ,
"name" : "file" ,
"template_uuid" : "688c46fb-5edb-40a3-8273-1af7923e2215" ,
"template_version" : "11" ,
"timestamp" : "1529238772" ,
"uuid" : "d5b3a29b-484d-4619-b358-e8850a30e3a0" ,
"ObjectReference" : [
{
"comment" : "" ,
"object_uuid" : "d5b3a29b-484d-4619-b358-e8850a30e3a0" ,
"referenced_uuid" : "14dfc596-3c8f-4d1e-8194-56873bf809f0" ,
"relationship_type" : "included-in" ,
"timestamp" : "1529238787" ,
"uuid" : "5b265503-2c80-47a5-8716-43a102de0b81"
}
] ,
"Attribute" : [
{
"category" : "Payload delivery" ,
"comment" : "" ,
"deleted" : false ,
"disable_correlation" : false ,
"object_relation" : "md5" ,
"timestamp" : "1529238828" ,
"to_ids" : true ,
"type" : "md5" ,
"uuid" : "ed44e5cc-0692-4ce4-9f1c-6044d036c40f" ,
"value" : "ef9db20ab0eebf0b7c55af4ec0b7bced"
} ,
{
"category" : "Payload delivery" ,
"comment" : "" ,
"deleted" : false ,
"disable_correlation" : false ,
"object_relation" : "sha1" ,
"timestamp" : "1529238828" ,
"to_ids" : true ,
"type" : "sha1" ,
"uuid" : "51c71701-f59e-426b-832d-2522ab917d32" ,
"value" : "0202942d11c994cece943bb873f3af156d820f59"
} ,
{
"category" : "Payload delivery" ,
"comment" : "" ,
"deleted" : false ,
"disable_correlation" : false ,
"object_relation" : "sha256" ,
"timestamp" : "1529238828" ,
"to_ids" : true ,
"type" : "sha256" ,
"uuid" : "4f422775-2fb9-4e1d-a7a1-320f721d77c1" ,
"value" : "20abb95114de946da7595438e9edf0bf39c85ba8512709db7d5532d37d73bd64"
} ,
{
"category" : "Payload delivery" ,
"comment" : "" ,
"deleted" : false ,
"disable_correlation" : false ,
"object_relation" : "sha512" ,
"timestamp" : "1529238828" ,
"to_ids" : true ,
"type" : "sha512" ,
"uuid" : "126adf24-2f8c-4b43-9dd9-e1768c0b0164" ,
"value" : "85fa80079c59da83e3b2471eab0d2981c92b6c589cbe5052bf438831ae464e6499040ead68d6bc9929edd9f6c08ecc6abf2a0173e31bd361a24fad89ff1f7064"
} ,
{
"category" : "Payload delivery" ,
"comment" : "" ,
"deleted" : false ,
"disable_correlation" : false ,
"object_relation" : "ssdeep" ,
"timestamp" : "1529238828" ,
"to_ids" : true ,
"type" : "ssdeep" ,
"uuid" : "aa832d53-412d-45d8-806c-94ab67314f36" ,
"value" : "3072:qocqUTuIzXblpGxqSDBiiBmLEEjdTIf3TIb9Qw/uAZyerrPabYlQ:qJqUnXKxqSAiBJyTC3TIb9QRL0lQ"
} ,
{
"category" : "Artifacts dropped" ,
"comment" : "" ,
"deleted" : false ,
"disable_correlation" : true ,
"object_relation" : "mimetype" ,
"timestamp" : "1529238828" ,
"to_ids" : false ,
"type" : "mime-type" ,
"uuid" : "d52669bd-fcf6-4df8-8841-6818d965d911" ,
"value" : "PE32+ executable (GUI) x86-64, for MS Windows"
} ,
{
"category" : "Payload delivery" ,
"comment" : "" ,
"deleted" : false ,
"disable_correlation" : true ,
"object_relation" : "filename" ,
"timestamp" : "1529238828" ,
"to_ids" : true ,
"type" : "filename" ,
"uuid" : "884b7edf-38fb-4cb7-bbf2-07c4c46c37c0" ,
"value" : "EF9DB20AB0EEBF0B7C55AF4EC0B7BCED"
} ,
{
"category" : "Other" ,
"comment" : "" ,
"deleted" : false ,
"disable_correlation" : true ,
"object_relation" : "size-in-bytes" ,
"timestamp" : "1529238828" ,
"to_ids" : false ,
"type" : "size-in-bytes" ,
"uuid" : "ae00cf79-0705-4a41-9212-2b03c0779956" ,
"value" : "152064"
} ,
{
"category" : "Other" ,
"comment" : "" ,
"deleted" : false ,
"disable_correlation" : true ,
"object_relation" : "entropy" ,
"timestamp" : "1529238828" ,
"to_ids" : false ,
"type" : "float" ,
"uuid" : "c4120322-a290-4a66-b740-5e6d03f506bf" ,
"value" : "6.269643"
}
]
} ,
{
"comment" : "" ,
"deleted" : false ,
"description" : "Object describing a section of a Portable Executable" ,
"meta-category" : "file" ,
"name" : "pe-section" ,
"template_uuid" : "198a17d2-a135-4b25-9a32-5aa4e632014a" ,
"template_version" : "2" ,
"timestamp" : "1529238772" ,
"uuid" : "81962a81-10c7-4f4d-ba8b-b9df3d5d741d" ,
"Attribute" : [
{
"category" : "Other" ,
"comment" : "" ,
"deleted" : false ,
"disable_correlation" : true ,
"object_relation" : "entropy" ,
"timestamp" : "1529238828" ,
"to_ids" : false ,
"type" : "float" ,
"uuid" : "fc7e52c1-6011-43c6-86de-e8aaab9a61de" ,
"value" : "0.736742"
} ,
{
"category" : "Payload delivery" ,
"comment" : "" ,
"deleted" : false ,
"disable_correlation" : false ,
"object_relation" : "md5" ,
"timestamp" : "1529238828" ,
"to_ids" : true ,
"type" : "md5" ,
"uuid" : "4e34dda4-b9ad-4519-959a-0825f5d71bb3" ,
"value" : "f066de8df54d4f92795472d981374309"
} ,
{
"category" : "Payload delivery" ,
"comment" : "" ,
"deleted" : false ,
"disable_correlation" : false ,
"object_relation" : "md5" ,
"timestamp" : "1529238828" ,
"to_ids" : true ,
"type" : "md5" ,
"uuid" : "d42cac4e-b0d6-46d6-9f8a-f35f08f40a06" ,
"value" : "f066de8df54d4f92795472d981374309"
} ,
{
"category" : "Other" ,
"comment" : "" ,
"deleted" : false ,
"disable_correlation" : true ,
"object_relation" : "size-in-bytes" ,
"timestamp" : "1529238828" ,
"to_ids" : false ,
"type" : "size-in-bytes" ,
"uuid" : "494565ac-b506-4c9a-9af8-7d6b07e59ab3" ,
"value" : "4096"
}
]
} ,
{
"comment" : "" ,
"deleted" : false ,
"description" : "Object describing a section of a Portable Executable" ,
"meta-category" : "file" ,
"name" : "pe-section" ,
"template_uuid" : "198a17d2-a135-4b25-9a32-5aa4e632014a" ,
"template_version" : "2" ,
"timestamp" : "1529238772" ,
"uuid" : "0f3b61d8-1fdd-408b-9710-61e6e3a05220" ,
"Attribute" : [
{
"category" : "Payload delivery" ,
"comment" : "" ,
"deleted" : false ,
"disable_correlation" : false ,
"object_relation" : "md5" ,
"timestamp" : "1529238828" ,
"to_ids" : true ,
"type" : "md5" ,
"uuid" : "6656b273-6c7a-4832-a86c-c2e3f7a660dc" ,
"value" : "e321dba33ae4db3b9e29aa6072b92e77"
} ,
{
"category" : "Other" ,
"comment" : "" ,
"deleted" : false ,
"disable_correlation" : true ,
"object_relation" : "entropy" ,
"timestamp" : "1529238828" ,
"to_ids" : false ,
"type" : "float" ,
"uuid" : "2e222367-ab5f-4682-8801-5e1df46ec400" ,
"value" : "6.464385"
} ,
{
"category" : "Other" ,
"comment" : "" ,
"deleted" : false ,
"disable_correlation" : true ,
"object_relation" : "name" ,
"timestamp" : "1529238828" ,
"to_ids" : false ,
"type" : "text" ,
"uuid" : "0107108d-10f0-43c8-95db-edddeefda13b" ,
"value" : ".text"
} ,
{
"category" : "Other" ,
"comment" : "" ,
"deleted" : false ,
"disable_correlation" : true ,
"object_relation" : "size-in-bytes" ,
"timestamp" : "1529238828" ,
"to_ids" : false ,
"type" : "size-in-bytes" ,
"uuid" : "08610deb-6845-469f-bff4-eb4952548ea2" ,
"value" : "57344"
}
]
} ,
{
"comment" : "" ,
"deleted" : false ,
"description" : "Object describing a section of a Portable Executable" ,
"meta-category" : "file" ,
"name" : "pe-section" ,
"template_uuid" : "198a17d2-a135-4b25-9a32-5aa4e632014a" ,
"template_version" : "2" ,
"timestamp" : "1529238773" ,
"uuid" : "5690876b-7f5b-4032-bb10-3f690b1ce2cd" ,
"Attribute" : [
{
"category" : "Payload delivery" ,
"comment" : "" ,
"deleted" : false ,
"disable_correlation" : false ,
"object_relation" : "md5" ,
"timestamp" : "1529238828" ,
"to_ids" : true ,
"type" : "md5" ,
"uuid" : "0c9f8b24-4858-41b6-84ee-3cdc6d14c88d" ,
"value" : "e321dba33ae4db3b9e29aa6072b92e77"
} ,
{
"category" : "Other" ,
"comment" : "" ,
"deleted" : false ,
"disable_correlation" : true ,
"object_relation" : "entropy" ,
"timestamp" : "1529238828" ,
"to_ids" : false ,
"type" : "float" ,
"uuid" : "57a2e7f2-3dd1-4271-a6ef-f60f642c14ad" ,
"value" : "6.464385"
} ,
{
"category" : "Other" ,
"comment" : "" ,
"deleted" : false ,
"disable_correlation" : true ,
"object_relation" : "name" ,
"timestamp" : "1529238828" ,
"to_ids" : false ,
"type" : "text" ,
"uuid" : "cec5ad39-baa9-4390-953f-f4a921c5c4d4" ,
"value" : ".text"
} ,
{
"category" : "Other" ,
"comment" : "" ,
"deleted" : false ,
"disable_correlation" : true ,
"object_relation" : "size-in-bytes" ,
"timestamp" : "1529238828" ,
"to_ids" : false ,
"type" : "size-in-bytes" ,
"uuid" : "7fcb8b99-d6ed-419b-b839-b59567bbaa05" ,
"value" : "57344"
}
]
} ,
{
"comment" : "" ,
"deleted" : false ,
"description" : "Object describing a section of a Portable Executable" ,
"meta-category" : "file" ,
"name" : "pe-section" ,
"template_uuid" : "198a17d2-a135-4b25-9a32-5aa4e632014a" ,
"template_version" : "2" ,
"timestamp" : "1529238774" ,
"uuid" : "05809cc2-e217-49db-a128-b8b63d1b5171" ,
"Attribute" : [
{
"category" : "Payload delivery" ,
"comment" : "" ,
"deleted" : false ,
"disable_correlation" : false ,
"object_relation" : "md5" ,
"timestamp" : "1529238828" ,
"to_ids" : true ,
"type" : "md5" ,
"uuid" : "080b39a2-0110-4edc-a43c-a9484d0f01d8" ,
"value" : "a256d5f52608331df8545a9d38751462"
} ,
{
"category" : "Other" ,
"comment" : "" ,
"deleted" : false ,
"disable_correlation" : true ,
"object_relation" : "entropy" ,
"timestamp" : "1529238828" ,
"to_ids" : false ,
"type" : "float" ,
"uuid" : "fd32f17e-c693-4ae4-86a9-220e71e8ff3d" ,
"value" : "3.62856"
} ,
{
"category" : "Other" ,
"comment" : "" ,
"deleted" : false ,
"disable_correlation" : true ,
"object_relation" : "name" ,
"timestamp" : "1529238828" ,
"to_ids" : false ,
"type" : "text" ,
"uuid" : "9e32adde-d36d-446c-bec6-c68ce69cd29d" ,
"value" : ".rdata"
} ,
{
"category" : "Other" ,
"comment" : "" ,
"deleted" : false ,
"disable_correlation" : true ,
"object_relation" : "size-in-bytes" ,
"timestamp" : "1529238828" ,
"to_ids" : false ,
"type" : "size-in-bytes" ,
"uuid" : "68d693c4-6d58-4174-a992-04bd071efdeb" ,
"value" : "8192"
}
]
} ,
{
"comment" : "" ,
"deleted" : false ,
"description" : "Object describing a section of a Portable Executable" ,
"meta-category" : "file" ,
"name" : "pe-section" ,
"template_uuid" : "198a17d2-a135-4b25-9a32-5aa4e632014a" ,
"template_version" : "2" ,
"timestamp" : "1529238774" ,
"uuid" : "58af18ac-7fad-4504-85de-90947ece0028" ,
"Attribute" : [
{
"category" : "Payload delivery" ,
"comment" : "" ,
"deleted" : false ,
"disable_correlation" : false ,
"object_relation" : "md5" ,
"timestamp" : "1529238828" ,
"to_ids" : true ,
"type" : "md5" ,
"uuid" : "69c33713-7739-4f5e-a7e3-d58476a58de6" ,
"value" : "a256d5f52608331df8545a9d38751462"
} ,
{
"category" : "Other" ,
"comment" : "" ,
"deleted" : false ,
"disable_correlation" : true ,
"object_relation" : "entropy" ,
"timestamp" : "1529238828" ,
"to_ids" : false ,
"type" : "float" ,
"uuid" : "4311be4a-1510-4945-ae3c-d5bcb855ab5c" ,
"value" : "3.62856"
} ,
{
"category" : "Other" ,
"comment" : "" ,
"deleted" : false ,
"disable_correlation" : true ,
"object_relation" : "name" ,
"timestamp" : "1529238828" ,
"to_ids" : false ,
"type" : "text" ,
"uuid" : "857498ed-6f15-4196-8d87-3b2522567d38" ,
"value" : ".rdata"
} ,
{
"category" : "Other" ,
"comment" : "" ,
"deleted" : false ,
"disable_correlation" : true ,
"object_relation" : "size-in-bytes" ,
"timestamp" : "1529238828" ,
"to_ids" : false ,
"type" : "size-in-bytes" ,
"uuid" : "3ee3d7b1-1268-4b31-b195-679c3fb83b1c" ,
"value" : "8192"
}
]
} ,
{
"comment" : "" ,
"deleted" : false ,
"description" : "Object describing a section of a Portable Executable" ,
"meta-category" : "file" ,
"name" : "pe-section" ,
"template_uuid" : "198a17d2-a135-4b25-9a32-5aa4e632014a" ,
"template_version" : "2" ,
"timestamp" : "1529238775" ,
"uuid" : "75cd1bef-0d6e-4c7f-bc48-293403212159" ,
"Attribute" : [
{
"category" : "Payload delivery" ,
"comment" : "" ,
"deleted" : false ,
"disable_correlation" : false ,
"object_relation" : "md5" ,
"timestamp" : "1529238828" ,
"to_ids" : true ,
"type" : "md5" ,
"uuid" : "8c837b33-91dd-44e1-a433-145918d62c3e" ,
"value" : "1d905ad87919346eb6c8463f61b599e8"
} ,
{
"category" : "Other" ,
"comment" : "" ,
"deleted" : false ,
"disable_correlation" : true ,
"object_relation" : "entropy" ,
"timestamp" : "1529238828" ,
"to_ids" : false ,
"type" : "float" ,
"uuid" : "6d8b2665-bdd9-4b08-98c9-71eff4a95c71" ,
"value" : "1.547483"
} ,
{
"category" : "Other" ,
"comment" : "" ,
"deleted" : false ,
"disable_correlation" : true ,
"object_relation" : "name" ,
"timestamp" : "1529238828" ,
"to_ids" : false ,
"type" : "text" ,
"uuid" : "0d60a67c-0f8e-4dd3-b20e-4ff453638f33" ,
"value" : ".data"
} ,
{
"category" : "Other" ,
"comment" : "" ,
"deleted" : false ,
"disable_correlation" : true ,
"object_relation" : "size-in-bytes" ,
"timestamp" : "1529238828" ,
"to_ids" : false ,
"type" : "size-in-bytes" ,
"uuid" : "2b4024d6-5a16-4d3c-8d50-d142267c9bd5" ,
"value" : "16384"
}
]
} ,
{
"comment" : "" ,
"deleted" : false ,
"description" : "Object describing a section of a Portable Executable" ,
"meta-category" : "file" ,
"name" : "pe-section" ,
"template_uuid" : "198a17d2-a135-4b25-9a32-5aa4e632014a" ,
"template_version" : "2" ,
"timestamp" : "1529238775" ,
"uuid" : "e1eb04f2-bccb-4dd0-9f93-a1f2ccb4e650" ,
"Attribute" : [
{
"category" : "Payload delivery" ,
"comment" : "" ,
"deleted" : false ,
"disable_correlation" : false ,
"object_relation" : "md5" ,
"timestamp" : "1529238828" ,
"to_ids" : true ,
"type" : "md5" ,
"uuid" : "cc978b97-e011-4b39-baa6-83cf5041703f" ,
"value" : "1d905ad87919346eb6c8463f61b599e8"
} ,
{
"category" : "Other" ,
"comment" : "" ,
"deleted" : false ,
"disable_correlation" : true ,
"object_relation" : "entropy" ,
"timestamp" : "1529238828" ,
"to_ids" : false ,
"type" : "float" ,
"uuid" : "5b1c2cd7-1fa1-4f92-b2a2-eae73347d002" ,
"value" : "1.547483"
} ,
{
"category" : "Other" ,
"comment" : "" ,
"deleted" : false ,
"disable_correlation" : true ,
"object_relation" : "name" ,
"timestamp" : "1529238828" ,
"to_ids" : false ,
"type" : "text" ,
"uuid" : "6c3936b8-dd84-4b92-9d71-712e542bd4c5" ,
"value" : ".data"
} ,
{
"category" : "Other" ,
"comment" : "" ,
"deleted" : false ,
"disable_correlation" : true ,
"object_relation" : "size-in-bytes" ,
"timestamp" : "1529238828" ,
"to_ids" : false ,
"type" : "size-in-bytes" ,
"uuid" : "6f514aa7-57c0-49a9-9a7b-2f22321f196a" ,
"value" : "16384"
}
]
} ,
{
"comment" : "" ,
"deleted" : false ,
"description" : "Object describing a section of a Portable Executable" ,
"meta-category" : "file" ,
"name" : "pe-section" ,
"template_uuid" : "198a17d2-a135-4b25-9a32-5aa4e632014a" ,
"template_version" : "2" ,
"timestamp" : "1529238776" ,
"uuid" : "5ddcf5da-400b-4bad-b4f3-9dd0708a6644" ,
"Attribute" : [
{
"category" : "Payload delivery" ,
"comment" : "" ,
"deleted" : false ,
"disable_correlation" : false ,
"object_relation" : "md5" ,
"timestamp" : "1529238828" ,
"to_ids" : true ,
"type" : "md5" ,
"uuid" : "99f5f2f6-5baa-4c45-94e1-ddff00cf07ea" ,
"value" : "afdf2120655e37010482a536d552199e"
} ,
{
"category" : "Other" ,
"comment" : "" ,
"deleted" : false ,
"disable_correlation" : true ,
"object_relation" : "entropy" ,
"timestamp" : "1529238828" ,
"to_ids" : false ,
"type" : "float" ,
"uuid" : "a1e21134-1f3c-4e92-aae6-42379c3da323" ,
"value" : "7.100033"
} ,
{
"category" : "Other" ,
"comment" : "" ,
"deleted" : false ,
"disable_correlation" : true ,
"object_relation" : "name" ,
"timestamp" : "1529238828" ,
"to_ids" : false ,
"type" : "text" ,
"uuid" : "494d887a-1d0f-409f-a595-aaf5caf25c66" ,
"value" : ".rsrc"
} ,
{
"category" : "Other" ,
"comment" : "" ,
"deleted" : false ,
"disable_correlation" : true ,
"object_relation" : "size-in-bytes" ,
"timestamp" : "1529238828" ,
"to_ids" : false ,
"type" : "size-in-bytes" ,
"uuid" : "6124ec92-36cb-438b-a015-afa57fceec91" ,
"value" : "32768"
}
]
} ,
{
"comment" : "" ,
"deleted" : false ,
"description" : "Object describing a section of a Portable Executable" ,
"meta-category" : "file" ,
"name" : "pe-section" ,
"template_uuid" : "198a17d2-a135-4b25-9a32-5aa4e632014a" ,
"template_version" : "2" ,
"timestamp" : "1529238776" ,
"uuid" : "52d6ebd2-4ad3-44c5-9029-ccbff450c8b7" ,
"Attribute" : [
{
"category" : "Payload delivery" ,
"comment" : "" ,
"deleted" : false ,
"disable_correlation" : false ,
"object_relation" : "md5" ,
"timestamp" : "1529238828" ,
"to_ids" : true ,
"type" : "md5" ,
"uuid" : "686fbb2b-c415-4079-9ce3-98c34cf8d5b8" ,
"value" : "afdf2120655e37010482a536d552199e"
} ,
{
"category" : "Other" ,
"comment" : "" ,
"deleted" : false ,
"disable_correlation" : true ,
"object_relation" : "entropy" ,
"timestamp" : "1529238828" ,
"to_ids" : false ,
"type" : "float" ,
"uuid" : "61a03fd9-9828-4b54-b80a-1a73ddcedb89" ,
"value" : "7.100033"
} ,
{
"category" : "Other" ,
"comment" : "" ,
"deleted" : false ,
"disable_correlation" : true ,
"object_relation" : "name" ,
"timestamp" : "1529238828" ,
"to_ids" : false ,
"type" : "text" ,
"uuid" : "e1eb6292-bff0-4bee-8a3d-1801bc5535c6" ,
"value" : ".rsrc"
} ,
{
"category" : "Other" ,
"comment" : "" ,
"deleted" : false ,
"disable_correlation" : true ,
"object_relation" : "size-in-bytes" ,
"timestamp" : "1529238828" ,
"to_ids" : false ,
"type" : "size-in-bytes" ,
"uuid" : "aa9f8684-a9c1-41c5-8cb9-acd831c71bc5" ,
"value" : "32768"
}
]
} ,
{
"comment" : "" ,
"deleted" : false ,
"description" : "Object describing a section of a Portable Executable" ,
"meta-category" : "file" ,
"name" : "pe-section" ,
"template_uuid" : "198a17d2-a135-4b25-9a32-5aa4e632014a" ,
"template_version" : "2" ,
"timestamp" : "1529238777" ,
"uuid" : "59e02386-d00c-417d-b9c1-7a1dce691aad" ,
"Attribute" : [
{
"category" : "Payload delivery" ,
"comment" : "" ,
"deleted" : false ,
"disable_correlation" : false ,
"object_relation" : "md5" ,
"timestamp" : "1529238828" ,
"to_ids" : true ,
"type" : "md5" ,
"uuid" : "8a17878e-ae39-4389-b735-22c96fdb12ac" ,
"value" : "bbeec3983cc5b2094f8311718d327480"
} ,
{
"category" : "Other" ,
"comment" : "" ,
"deleted" : false ,
"disable_correlation" : true ,
"object_relation" : "entropy" ,
"timestamp" : "1529238828" ,
"to_ids" : false ,
"type" : "float" ,
"uuid" : "c4a78694-bbed-4f91-91b0-b95a9d843611" ,
"value" : "3.234713"
} ,
{
"category" : "Other" ,
"comment" : "" ,
"deleted" : false ,
"disable_correlation" : true ,
"object_relation" : "name" ,
"timestamp" : "1529238828" ,
"to_ids" : false ,
"type" : "text" ,
"uuid" : "c261f65c-d412-48de-961e-d515053ab4b2" ,
"value" : ".reloc"
} ,
{
"category" : "Other" ,
"comment" : "" ,
"deleted" : false ,
"disable_correlation" : true ,
"object_relation" : "size-in-bytes" ,
"timestamp" : "1529238828" ,
"to_ids" : false ,
"type" : "size-in-bytes" ,
"uuid" : "211934d9-2206-4993-ae25-72076f830b38" ,
"value" : "8192"
}
]
} ,
{
"comment" : "" ,
"deleted" : false ,
"description" : "Object describing a section of a Portable Executable" ,
"meta-category" : "file" ,
"name" : "pe-section" ,
"template_uuid" : "198a17d2-a135-4b25-9a32-5aa4e632014a" ,
"template_version" : "2" ,
"timestamp" : "1529238778" ,
"uuid" : "dee24e7d-32ac-427d-a6be-952cf291e5f6" ,
"Attribute" : [
{
"category" : "Payload delivery" ,
"comment" : "" ,
"deleted" : false ,
"disable_correlation" : false ,
"object_relation" : "md5" ,
"timestamp" : "1529238828" ,
"to_ids" : true ,
"type" : "md5" ,
"uuid" : "37431fbf-1e5d-4a02-bff9-bb3ecf2d3a0e" ,
"value" : "bbeec3983cc5b2094f8311718d327480"
} ,
{
"category" : "Other" ,
"comment" : "" ,
"deleted" : false ,
"disable_correlation" : true ,
"object_relation" : "entropy" ,
"timestamp" : "1529238828" ,
"to_ids" : false ,
"type" : "float" ,
"uuid" : "5b1f36af-aa43-4bf1-b1f7-3688a70e9bee" ,
"value" : "3.234713"
} ,
{
"category" : "Other" ,
"comment" : "" ,
"deleted" : false ,
"disable_correlation" : true ,
"object_relation" : "name" ,
"timestamp" : "1529238828" ,
"to_ids" : false ,
"type" : "text" ,
"uuid" : "11f28e1c-8719-4b63-8bc0-9bb631db7792" ,
"value" : ".reloc"
} ,
{
"category" : "Other" ,
"comment" : "" ,
"deleted" : false ,
"disable_correlation" : true ,
"object_relation" : "size-in-bytes" ,
"timestamp" : "1529238828" ,
"to_ids" : false ,
"type" : "size-in-bytes" ,
"uuid" : "b0a0607b-0f9c-4442-9b61-bf940e11d278" ,
"value" : "8192"
}
]
} ,
{
"comment" : "" ,
"deleted" : false ,
"description" : "Object describing a Portable Executable" ,
"meta-category" : "file" ,
"name" : "pe" ,
"template_uuid" : "cf7adecc-d4f0-4e88-9d90-f978ee151a07" ,
"template_version" : "3" ,
"timestamp" : "1529238781" ,
"uuid" : "c56a8843-6462-4e48-9354-ff3cea9b393c" ,
"ObjectReference" : [
{
"comment" : "" ,
"object_uuid" : "c56a8843-6462-4e48-9354-ff3cea9b393c" ,
"referenced_uuid" : "81962a81-10c7-4f4d-ba8b-b9df3d5d741d" ,
"relationship_type" : "included-in" ,
"timestamp" : "1529238787" ,
"uuid" : "5b265503-d8ec-4131-894a-424402de0b81"
} ,
{
"comment" : "" ,
"object_uuid" : "c56a8843-6462-4e48-9354-ff3cea9b393c" ,
"referenced_uuid" : "0f3b61d8-1fdd-408b-9710-61e6e3a05220" ,
"relationship_type" : "included-in" ,
"timestamp" : "1529238787" ,
"uuid" : "5b265503-bae4-45f3-bc0c-4c7102de0b81"
} ,
{
"comment" : "" ,
"object_uuid" : "c56a8843-6462-4e48-9354-ff3cea9b393c" ,
"referenced_uuid" : "5690876b-7f5b-4032-bb10-3f690b1ce2cd" ,
"relationship_type" : "included-in" ,
"timestamp" : "1529238787" ,
"uuid" : "5b265503-cb98-45fd-a3c8-4f9f02de0b81"
} ,
{
"comment" : "" ,
"object_uuid" : "c56a8843-6462-4e48-9354-ff3cea9b393c" ,
"referenced_uuid" : "05809cc2-e217-49db-a128-b8b63d1b5171" ,
"relationship_type" : "included-in" ,
"timestamp" : "1529238787" ,
"uuid" : "5b265503-c8f8-4408-9a45-41e102de0b81"
} ,
{
"comment" : "" ,
"object_uuid" : "c56a8843-6462-4e48-9354-ff3cea9b393c" ,
"referenced_uuid" : "58af18ac-7fad-4504-85de-90947ece0028" ,
"relationship_type" : "included-in" ,
"timestamp" : "1529238787" ,
"uuid" : "5b265503-324c-49a2-8ff5-46cc02de0b81"
} ,
{
"comment" : "" ,
"object_uuid" : "c56a8843-6462-4e48-9354-ff3cea9b393c" ,
"referenced_uuid" : "75cd1bef-0d6e-4c7f-bc48-293403212159" ,
"relationship_type" : "included-in" ,
"timestamp" : "1529238787" ,
"uuid" : "5b265503-1600-4b2f-a29a-491302de0b81"
} ,
{
"comment" : "" ,
"object_uuid" : "c56a8843-6462-4e48-9354-ff3cea9b393c" ,
"referenced_uuid" : "e1eb04f2-bccb-4dd0-9f93-a1f2ccb4e650" ,
"relationship_type" : "included-in" ,
"timestamp" : "1529238788" ,
"uuid" : "5b265504-5c50-4b21-95a6-446a02de0b81"
} ,
{
"comment" : "" ,
"object_uuid" : "c56a8843-6462-4e48-9354-ff3cea9b393c" ,
"referenced_uuid" : "5ddcf5da-400b-4bad-b4f3-9dd0708a6644" ,
"relationship_type" : "included-in" ,
"timestamp" : "1529238788" ,
"uuid" : "5b265504-1c9c-400f-a58c-4cb802de0b81"
} ,
{
"comment" : "" ,
"object_uuid" : "c56a8843-6462-4e48-9354-ff3cea9b393c" ,
"referenced_uuid" : "52d6ebd2-4ad3-44c5-9029-ccbff450c8b7" ,
"relationship_type" : "included-in" ,
"timestamp" : "1529238788" ,
"uuid" : "5b265504-6b08-43d9-afe5-47fb02de0b81"
} ,
{
"comment" : "" ,
"object_uuid" : "c56a8843-6462-4e48-9354-ff3cea9b393c" ,
"referenced_uuid" : "59e02386-d00c-417d-b9c1-7a1dce691aad" ,
"relationship_type" : "included-in" ,
"timestamp" : "1529238788" ,
"uuid" : "5b265504-dfb8-42b7-b2cb-486302de0b81"
} ,
{
"comment" : "" ,
"object_uuid" : "c56a8843-6462-4e48-9354-ff3cea9b393c" ,
"referenced_uuid" : "dee24e7d-32ac-427d-a6be-952cf291e5f6" ,
"relationship_type" : "included-in" ,
"timestamp" : "1529238788" ,
"uuid" : "5b265504-1e0c-4129-87f1-455c02de0b81"
}
] ,
"Attribute" : [
{
"category" : "Payload delivery" ,
"comment" : "" ,
"deleted" : false ,
"disable_correlation" : true ,
"object_relation" : "internal-filename" ,
"timestamp" : "1529238828" ,
"to_ids" : true ,
"type" : "filename" ,
"uuid" : "b3454a70-49ae-4779-97aa-6f8c9c01bb5f" ,
"value" : "1C53E7269FE9D84C6DF0A25BA59B822C"
} ,
{
"category" : "Payload delivery" ,
"comment" : "" ,
"deleted" : false ,
"disable_correlation" : true ,
"object_relation" : "original-filename" ,
"timestamp" : "1529238828" ,
"to_ids" : true ,
"type" : "filename" ,
"uuid" : "1ee8e89a-340f-4d95-ad3a-11ade489f172" ,
"value" : "1C53E7269FE9D84C6DF0A25BA59B822C"
} ,
{
"category" : "Other" ,
"comment" : "" ,
"deleted" : false ,
"disable_correlation" : true ,
"object_relation" : "number-sections" ,
"timestamp" : "1529238828" ,
"to_ids" : false ,
"type" : "counter" ,
"uuid" : "880cfedb-e98e-4c4f-a2c2-c92f2cb30cd3" ,
"value" : "12"
}
]
} ,
{
"comment" : "" ,
"deleted" : false ,
"description" : "File object describing a file with meta-information" ,
"meta-category" : "file" ,
"name" : "file" ,
"template_uuid" : "688c46fb-5edb-40a3-8273-1af7923e2215" ,
"template_version" : "11" ,
"timestamp" : "1529238781" ,
"uuid" : "a13cfa83-8fb9-47f5-8bda-430bce2e0f7a" ,
"ObjectReference" : [
{
"comment" : "" ,
"object_uuid" : "a13cfa83-8fb9-47f5-8bda-430bce2e0f7a" ,
"referenced_uuid" : "c56a8843-6462-4e48-9354-ff3cea9b393c" ,
"relationship_type" : "included-in" ,
"timestamp" : "1529238788" ,
"uuid" : "5b265504-d518-4216-b9a2-448d02de0b81"
}
] ,
"Attribute" : [
{
"category" : "Payload delivery" ,
"comment" : "" ,
"deleted" : false ,
"disable_correlation" : false ,
"object_relation" : "md5" ,
"timestamp" : "1529238828" ,
"to_ids" : true ,
"type" : "md5" ,
"uuid" : "e7e725cb-9978-46a6-8ff7-ba9d27266a90" ,
"value" : "1c53e7269fe9d84c6df0a25ba59b822c"
} ,
{
"category" : "Payload delivery" ,
"comment" : "" ,
"deleted" : false ,
"disable_correlation" : false ,
"object_relation" : "sha1" ,
"timestamp" : "1529238828" ,
"to_ids" : true ,
"type" : "sha1" ,
"uuid" : "32c613e9-20ef-4f00-95c3-5f0e3dbe6cdc" ,
"value" : "b775d753671133cbc4919764d2fac0d298166b07"
} ,
{
"category" : "Payload delivery" ,
"comment" : "" ,
"deleted" : false ,
"disable_correlation" : false ,
"object_relation" : "sha256" ,
"timestamp" : "1529238828" ,
"to_ids" : true ,
"type" : "sha256" ,
"uuid" : "4cd88642-7344-4bec-9f7f-5323a66e91bd" ,
"value" : "201c7cd10a2bd50dde0948d14c3c7a0732955c908a3392aee3d08b94470c9d33"
} ,
{
"category" : "Payload delivery" ,
"comment" : "" ,
"deleted" : false ,
"disable_correlation" : false ,
"object_relation" : "sha512" ,
"timestamp" : "1529238828" ,
"to_ids" : true ,
"type" : "sha512" ,
"uuid" : "798a27b0-f8a0-4ce8-8e1e-f798dc4d07d4" ,
"value" : "3d3883b9b29e264d023b7034d980b7c206c9fc82010bf7f5f1dc454fdbd316830fe69e90579406a74afc1fca8e266d10c1b46784bd661dcb2815e370a68acd32"
} ,
{
"category" : "Payload delivery" ,
"comment" : "" ,
"deleted" : false ,
"disable_correlation" : false ,
"object_relation" : "ssdeep" ,
"timestamp" : "1529238828" ,
"to_ids" : true ,
"type" : "ssdeep" ,
"uuid" : "38543843-c911-4a2b-ad56-3fa2c9c7dc01" ,
"value" : "1536:EaMa/KVyD4hv6LLETuA1x+sh2iE1s44tz4qoWYUwnZ7hUOC2:G8YPZ6LLqQFX4tz4quxY"
} ,
{
"category" : "Artifacts dropped" ,
"comment" : "" ,
"deleted" : false ,
"disable_correlation" : true ,
"object_relation" : "mimetype" ,
"timestamp" : "1529238828" ,
"to_ids" : false ,
"type" : "mime-type" ,
"uuid" : "750c2d21-9a80-4466-ad9a-0744f338f694" ,
"value" : "PE32 executable (DLL) (GUI) Intel 80386, for MS Windows"
} ,
{
"category" : "Payload delivery" ,
"comment" : "" ,
"deleted" : false ,
"disable_correlation" : true ,
"object_relation" : "filename" ,
"timestamp" : "1529238828" ,
"to_ids" : true ,
"type" : "filename" ,
"uuid" : "4bc1950a-ac3d-4eec-b1be-bcee64b8792a" ,
"value" : "1C53E7269FE9D84C6DF0A25BA59B822C"
} ,
{
"category" : "Other" ,
"comment" : "" ,
"deleted" : false ,
"disable_correlation" : true ,
"object_relation" : "size-in-bytes" ,
"timestamp" : "1529238828" ,
"to_ids" : false ,
"type" : "size-in-bytes" ,
"uuid" : "4c113ecb-7469-42cd-af87-05be37f4d101" ,
"value" : "126976"
} ,
{
"category" : "Other" ,
"comment" : "" ,
"deleted" : false ,
"disable_correlation" : true ,
"object_relation" : "entropy" ,
"timestamp" : "1529238828" ,
"to_ids" : false ,
"type" : "float" ,
"uuid" : "442a058d-4bbf-4966-b5a5-7ee1aa91a275" ,
"value" : "6.024087"
}
]
} ,
{
"comment" : "" ,
"deleted" : false ,
"description" : "Whois records information for a domain name or an IP address." ,
"meta-category" : "network" ,
"name" : "whois" ,
"template_uuid" : "429faea1-34ff-47af-8a00-7c62d3be5a6a" ,
"template_version" : "10" ,
"timestamp" : "1529238781" ,
"uuid" : "8359531b-5e0a-4fdc-828d-d3901560fe58" ,
"Attribute" : [ ]
} ,
{
"comment" : "" ,
"deleted" : false ,
"description" : "Whois records information for a domain name or an IP address." ,
"meta-category" : "network" ,
"name" : "whois" ,
"template_uuid" : "429faea1-34ff-47af-8a00-7c62d3be5a6a" ,
"template_version" : "10" ,
"timestamp" : "1529238781" ,
"uuid" : "46e93d08-06fb-49ee-a465-b8680a4b04ae" ,
"Attribute" : [ ]
} ,
{
"comment" : "" ,
"deleted" : false ,
"description" : "Whois records information for a domain name or an IP address." ,
"meta-category" : "network" ,
"name" : "whois" ,
"template_uuid" : "429faea1-34ff-47af-8a00-7c62d3be5a6a" ,
"template_version" : "10" ,
"timestamp" : "1529238781" ,
"uuid" : "2543f106-3d8f-4855-a306-1f505ae9ee34" ,
"Attribute" : [ ]
} ,
{
"comment" : "" ,
"deleted" : false ,
"description" : "Whois records information for a domain name or an IP address." ,
"meta-category" : "network" ,
"name" : "whois" ,
"template_uuid" : "429faea1-34ff-47af-8a00-7c62d3be5a6a" ,
"template_version" : "10" ,
"timestamp" : "1529238781" ,
"uuid" : "8d81a602-68f0-470f-8eb3-3422ad8929fb" ,
"Attribute" : [ ]
} ,
{
"comment" : "" ,
"deleted" : false ,
"description" : "Whois records information for a domain name or an IP address." ,
"meta-category" : "network" ,
"name" : "whois" ,
"template_uuid" : "429faea1-34ff-47af-8a00-7c62d3be5a6a" ,
"template_version" : "10" ,
"timestamp" : "1529238781" ,
"uuid" : "1cc483ce-fc42-4c80-af86-6024c10f69f6" ,
"Attribute" : [ ]
} ,
{
"comment" : "" ,
"deleted" : false ,
"description" : "Whois records information for a domain name or an IP address." ,
"meta-category" : "network" ,
"name" : "whois" ,
"template_uuid" : "429faea1-34ff-47af-8a00-7c62d3be5a6a" ,
"template_version" : "10" ,
"timestamp" : "1529238781" ,
"uuid" : "0eb4a04f-9699-4e92-88a0-4a4dec688885" ,
"Attribute" : [ ]
} ,
{
"comment" : "" ,
"deleted" : false ,
"description" : "Whois records information for a domain name or an IP address." ,
"meta-category" : "network" ,
"name" : "whois" ,
"template_uuid" : "429faea1-34ff-47af-8a00-7c62d3be5a6a" ,
"template_version" : "10" ,
"timestamp" : "1529238781" ,
"uuid" : "5899141a-5be5-42de-90af-1e471b7b1d7c" ,
"Attribute" : [ ]
} ,
{
"comment" : "" ,
"deleted" : false ,
"description" : "VirusTotal report" ,
"meta-category" : "misc" ,
"name" : "virustotal-report" ,
"template_uuid" : "d7dd0154-e04f-4c34-a2fb-79f3a3a52aa4" ,
"template_version" : "2" ,
"timestamp" : "1529239247" ,
"uuid" : "450c3377-2c9b-4b69-8381-f51dfe41f149" ,
"Attribute" : [ ]
}
]
}
}