2023-04-21 13:25:09 +00:00
{
"Event" : {
"analysis" : "2" ,
"date" : "2018-07-31" ,
"extends_uuid" : "" ,
"info" : "OSINT - Malicious document targets Vietnamese officials" ,
"publish_timestamp" : "1533301059" ,
"published" : true ,
"threat_level_id" : "3" ,
"timestamp" : "1533301051" ,
"uuid" : "5b60b046-c0c8-49ce-aa97-437a02de0b81" ,
"Orgc" : {
"name" : "CIRCL" ,
"uuid" : "55f6ea5e-2c60-40e5-964f-47a8950d210f"
} ,
"Tag" : [
{
"colour" : "#ffffff" ,
2023-05-19 09:05:37 +00:00
"local" : "0" ,
"name" : "tlp:white" ,
"relationship_type" : ""
2023-04-21 13:25:09 +00:00
} ,
{
"colour" : "#00223b" ,
2023-05-19 09:05:37 +00:00
"local" : "0" ,
"name" : "osint:source-type=\"blog-post\"" ,
"relationship_type" : ""
2023-04-21 13:25:09 +00:00
} ,
{
"colour" : "#10ca00" ,
2023-05-19 09:05:37 +00:00
"local" : "0" ,
"name" : "misp-galaxy:threat-actor=\"Hellsing\"" ,
"relationship_type" : ""
2023-04-21 13:25:09 +00:00
}
] ,
"Attribute" : [
{
"category" : "External analysis" ,
"comment" : "" ,
"deleted" : false ,
"disable_correlation" : false ,
"timestamp" : "1533063262" ,
"to_ids" : false ,
"type" : "text" ,
"uuid" : "5b60b05e-a498-4fbf-989a-415f02de0b81" ,
"value" : "After our investigation of APT SideWinder, we\u00e2\u20ac\u2122ve done a yara rule for hunting RTF document exploiting the CVE-2017\u00e2\u20ac\u201c11882.\r\n\r\nWe found a document written in Vietnamese dealing with a summary about differents projects in the district H\u00e1\u00ba\u00a3i Ch\u00c3\u00a2u of \u00c4\u0090\u00c3\u00a0 N\u00e1\u00ba\u00b5ng."
} ,
{
"category" : "External analysis" ,
"comment" : "" ,
"deleted" : false ,
"disable_correlation" : false ,
"timestamp" : "1533063293" ,
"to_ids" : false ,
"type" : "link" ,
"uuid" : "5b60b07d-2a4c-4a69-bf54-45c902de0b81" ,
"value" : "https://medium.com/@Sebdraven/malicious-document-targets-vietnamese-officials-acb3b9d8b80a"
} ,
{
"category" : "Network activity" ,
"comment" : "" ,
"deleted" : false ,
"disable_correlation" : false ,
"timestamp" : "1533063338" ,
"to_ids" : true ,
"type" : "hostname" ,
"uuid" : "5b60b0aa-8804-41de-b5f9-4b1502de0b81" ,
"value" : "dn.dulichbiendao.org"
} ,
{
"category" : "Network activity" ,
"comment" : "" ,
"deleted" : false ,
"disable_correlation" : false ,
"timestamp" : "1533063338" ,
"to_ids" : true ,
"type" : "hostname" ,
"uuid" : "5b60b0aa-8ffc-4f81-b727-4f7a02de0b81" ,
"value" : "gateway.vietbaotinmoi.com"
} ,
{
"category" : "Network activity" ,
"comment" : "" ,
"deleted" : false ,
"disable_correlation" : false ,
"timestamp" : "1533063339" ,
"to_ids" : true ,
"type" : "hostname" ,
"uuid" : "5b60b0ab-35c8-4772-a501-457402de0b81" ,
"value" : "fis.malware-sinkhole.net"
} ,
{
"category" : "Network activity" ,
"comment" : "" ,
"deleted" : false ,
"disable_correlation" : false ,
"timestamp" : "1533063339" ,
"to_ids" : true ,
"type" : "hostname" ,
"uuid" : "5b60b0ab-ffb8-4dbb-8955-4acb02de0b81" ,
"value" : "hn.dulichbiendao.org"
} ,
{
"category" : "Network activity" ,
"comment" : "" ,
"deleted" : false ,
"disable_correlation" : false ,
"timestamp" : "1533063340" ,
"to_ids" : true ,
"type" : "hostname" ,
"uuid" : "5b60b0ac-0c6c-46bc-87ca-46ab02de0b81" ,
"value" : "halong.dulichculao.com"
} ,
{
"category" : "Network activity" ,
"comment" : "" ,
"deleted" : false ,
"disable_correlation" : false ,
"timestamp" : "1533063340" ,
"to_ids" : true ,
"type" : "hostname" ,
"uuid" : "5b60b0ac-42b0-4015-8080-4c3e02de0b81" ,
"value" : "news.malware-sinkhole.net"
} ,
{
"category" : "Network activity" ,
"comment" : "" ,
"deleted" : false ,
"disable_correlation" : false ,
"timestamp" : "1533063341" ,
"to_ids" : true ,
"type" : "hostname" ,
"uuid" : "5b60b0ad-fc20-44d6-864e-403502de0b81" ,
"value" : "cat.toonganuh.com"
} ,
{
"category" : "Network activity" ,
"comment" : "" ,
"deleted" : false ,
"disable_correlation" : false ,
"timestamp" : "1533063341" ,
"to_ids" : true ,
"type" : "hostname" ,
"uuid" : "5b60b0ad-8620-4f8e-9fe9-491902de0b81" ,
"value" : "new.sggpnews.com"
} ,
{
"category" : "Network activity" ,
"comment" : "" ,
"deleted" : false ,
"disable_correlation" : false ,
"timestamp" : "1533063342" ,
"to_ids" : true ,
"type" : "domain" ,
"uuid" : "5b60b0ae-342c-442f-86ae-45ae02de0b81" ,
"value" : "dulichculao.com"
} ,
{
"category" : "Network activity" ,
"comment" : "" ,
"deleted" : false ,
"disable_correlation" : false ,
"timestamp" : "1533063342" ,
"to_ids" : true ,
"type" : "hostname" ,
"uuid" : "5b60b0ae-bd04-4ad5-80a3-416b02de0b81" ,
"value" : "coco.sodexoa.com"
} ,
{
"category" : "Network activity" ,
"comment" : "" ,
"deleted" : false ,
"disable_correlation" : false ,
"timestamp" : "1533063342" ,
"to_ids" : true ,
"type" : "hostname" ,
"uuid" : "5b60b0ae-1190-4c13-8312-4c1d02de0b81" ,
"value" : "thoitiet.malware-sinkhole.net"
} ,
{
"category" : "Network activity" ,
"comment" : "" ,
"deleted" : false ,
"disable_correlation" : false ,
"timestamp" : "1533063343" ,
"to_ids" : true ,
"type" : "hostname" ,
"uuid" : "5b60b0af-f70c-4cdb-ad89-426f02de0b81" ,
"value" : "wouderfulu.impresstravel.ga"
} ,
{
"category" : "Network activity" ,
"comment" : "" ,
"deleted" : false ,
"disable_correlation" : false ,
"timestamp" : "1533063343" ,
"to_ids" : true ,
"type" : "domain" ,
"uuid" : "5b60b0af-e20c-4100-b7ac-43ae02de0b81" ,
"value" : "toonganuh.com"
} ,
{
"category" : "Network activity" ,
"comment" : "" ,
"deleted" : false ,
"disable_correlation" : false ,
"timestamp" : "1533063412" ,
"to_ids" : true ,
"type" : "ip-dst" ,
"uuid" : "5b60b0f4-223c-4110-86b9-40d302de0b81" ,
"value" : "192.99.181.14"
} ,
{
"category" : "Network activity" ,
"comment" : "" ,
"deleted" : false ,
"disable_correlation" : false ,
"timestamp" : "1533063413" ,
"to_ids" : true ,
"type" : "ip-dst" ,
"uuid" : "5b60b0f5-fc4c-4bdf-b0e0-492a02de0b81" ,
"value" : "176.223.165.122"
} ,
{
"category" : "Payload delivery" ,
"comment" : "RTF" ,
"deleted" : false ,
"disable_correlation" : false ,
"timestamp" : "1533063446" ,
"to_ids" : true ,
"type" : "sha256" ,
"uuid" : "5b60b116-c4b8-4db1-a759-488602de0b81" ,
"value" : "42162c495e835cdf28670661a53d47d12255d9c791c1c5653673b25fb587ffed"
} ,
{
"category" : "Payload delivery" ,
"comment" : "8.t" ,
"deleted" : false ,
"disable_correlation" : false ,
"timestamp" : "1533063466" ,
"to_ids" : true ,
"type" : "sha256" ,
"uuid" : "5b60b12a-7f14-4224-b16a-46f702de0b81" ,
"value" : "2c60d4312e4416745e56048ee35e694a79e1bc77e7e4d0b5811e64c84a72d2d7"
} ,
{
"category" : "Payload delivery" ,
"comment" : "exe" ,
"deleted" : false ,
"disable_correlation" : false ,
"timestamp" : "1533063501" ,
"to_ids" : true ,
"type" : "sha256" ,
"uuid" : "5b60b14d-4b2c-46aa-83a7-4e2902de0b81" ,
"value" : "f9ebf6aeb3f0fb0c29bd8f3d652476cd1fe8bd9a0c11cb15c43de33bbce0bf68"
} ,
{
"category" : "Payload delivery" ,
"comment" : "dll" ,
"deleted" : false ,
"disable_correlation" : false ,
"timestamp" : "1533063501" ,
"to_ids" : true ,
"type" : "sha256" ,
"uuid" : "5b60b14d-82a0-49a6-8fad-49ce02de0b81" ,
"value" : "9f5da7524817736cd85d87dae93fdbe478385baac1c0aa3102b6ad50d7e5e368"
} ,
{
"category" : "External analysis" ,
"comment" : "joe sandbox overview" ,
"data" : " i V B O R w 0 K G g o A A A A N S U h E U g A A B P k A A A O g C A I A A A D A n T T n A A C A A E l E Q V R 42 u z d B 1 Q U 1 / 4 H 8 J n t s E v v V a S s A i I 2 s G J v J F Y U e 401 s T 0 1 x m g S S z S J R p + J v h g 1 J k a N E j V 2 j b 0 X w E Z R B O l I E 2 m 7 l O 0 7 O / 8 T 5 r 39E1 Q k C r L A 93 M 4 n N 3 Z O 3 f u 3 N m d n d / e O / d y a J o m A A A A A A A A o C H Q a D R y u R z 18 F I k S Z a W l j o 7 O x M E w U J 1 A A A A A A A A Q C O D W B c A A A A A A A A Q 6 w I A A A A A A A A g 1 g U A A A A A A A B A r A s A A A A A A A A 1 c j c 6 I T Y + p c r C B w 8 T H z x M Z B 6 f u 3 q n S F L 64 o o R 9 + M y s p 7 V f E M R 9 + P i n q Q Z y F 6 / t v C I d Q E A A A A A A B o w m q Z J g q w m g Y u j L Z / H f c m K x D + b l o c m D G g S n 9 c W H r E u A A A A A A B A Y + b b o r l I a K R / q l J r d D r d S 1 P q d D q 1 W v P G G 3 r V 6 u p X b L H 6 z a k 1 L 1 m r m s J X w c G B B w A A A A A A a M S u 3 o 5 q 0 8 r L w s x E W l r + K C G t X C Z n s V g u j r a V 20 W 1 W i o u M S 0 v v 5 i m a S M B 37 d F c x s r 85 p v 4 l W r l 8 s U s f E p p W U y N p v l 0 c x J W l r u 7 G B j Z 2 N Z z e Z u 3 n k o 9 n B J z c g p K S 0 n S d L N x a G l p y t B E N U U H r E u A A A A A A B A I 6 R S q y X S s s p L N B o t l / v f c E + p U u s q R D 1 K E g m N 2 v i 2 J g g i 7 k l a a Z n M 0 c 6 a S R O X m F 5 W L u / U 3 p f P 46 Z n P o t 6 l N Q t 0E9 o b F T D A r x 0 d W M j Q X R c k r G R o I 2 v p 0 5 H P 0 x I L Z c p H G y t q t + c S q V K S M r w b d H c 0 t w 0 J 6 / g c W K 6 g 62 l i c i 4 m s I j 1 g U A A A A A A G i E C o t L C o t L q i y 0 t b a o / P R Z f p F G o 23 j 68 W r i I H 9 f T 1 v R M Y y L y m U q m f P C 7 s E + J m Z C A m C 8 B G 7 F U t L c 54 V i j 1 c a r L 1 V 61 u b i Z S K F U d 2 / k y W 2 z V 0 j 383 q O a b M 7 B z o p p 5 n V 1 s n u S k q l Q q c v l i l c V H r E u A A A A A A B A 4 + R g Z 93 G 17 P y E v 0 g z H r l 5 Q o z E y H v f 429 x k Y C A Z / H P C 4 r l x M E k Z t X + O x 5 I b O E p u l y u a K G W 3 / V 6 h w O 29 h I o N + i m Y m Q x W L V Z H M m Q m P 9 Y 3 b F K t U U H r E u A E D j R 1 G U T q f 7 Z y M q A l S L J E k 2 m 81 c m g A A Q I N G E z R J / m 24 Z v 3 p n a J 0 L B Z L H 0 k S B O F o Z 21 k x K / x F c j L V 5 f J l F W + Q Z j t v 3 Z z L D a r 5 o V H r A s A 0 J h p t V q N R o M o F + q C R q P 564 q E x 0 P E C w D Q o B k b C X L y C n U 6 H X M + 12 o p h V L F v G R k x N f p d C 5 O t j z u f 6 c m y i + U v L b h V O 9 V q 9 M 0 L c 9 R 0 v R / w 1 S l S k 1 R u j f b X D W F f x V 8 a Q E A N G w 0 T S u V S g S 6 U K d 0 O h 3 z N k N V A A A 0 X M z o x 0 l p W X S F h O Q M / e Q 9 Z i Z C k d A 4 L i G N W V J U X B L 1 K I l 62 d Q + K r V G I i 2 r / F f N 6 j Z W F g R N p z 3 N Z a 5 Y k l I z / + n m a l L 4 V 0 G 7 L g B A w w 50 V S o V c 9 J H b U B d Y 35 S 4 f F 4 q A o A g I a I z + O 2 a t E 8 L j E 9 K y e f I A i R 0 E g / z Q 9 J k v 4 + H l G P k q 7 c e s D l c p U q l Z e 7 s 4 W Z y Y u Z 5 B d K 8 g s l l Z c M 6 B n I Y r F e t b q f j 2 f s 4 + S n 2 X k 0 Q d j b W P J 4 X B a L V f P N 1 a T w r 0 L i 8 g g A o O F S q V Q U R a E e 4 J 0 h S Z L L 5 X I 4 + K 0 c A K D e a D Q a u V z + 5 h c P a k 1 J a T m X y z E 3 F V W 5 A 1 a n 0 0 m k Z Z R O Z 2 o i r H k H 5 m p W 1 + l 0 G i 3 F T I 0 r 4 H F N R M Y X b 9 w L b O v D h L V v s L l q C q //niotLXV2dka7LgBAA8aMRIV6gHeJpmmNRsNms196hQEAAIaPz+NWmYtIj8ViWVmavXHOL66uUKpvRMZ0bOdjV7HFtMxcNpvNzDP0ZpurpvAvKQ8ONgBAA9VE7tE9e/asewUfH59ly5ZVeXXnzp1z5sypST41T7lr1y4fHx8bG5vRo0dLJJLazbxxQG8CAACoCaGxQOzucj/2ya07D6+FR6dl5LT29nhnIx2iXRcAoEGiabqJNOqqVCoOh3Pt2rXs7Ow+ffpMnjw5u8LQoUMtLCwUCoVUKj158iSLxRo0aJBGozl16lRhYeGAAQMePXrk4+Pj7u5++PDhrl27+vv729jYEATx4MGDmJiYrl27tmzZMi4urqSkpLi4ePDgwczmbt68uWzZssOHD4vF4vnz569evXr69OlMmoEDB+ozl0gkMpksOzvb0dExKCioSjEa/XtPo9GgGzMAANSEh5uTi5OdTKbgcNlCI8G7HNKfvWrVKhwAAIAGR1ehKezpkydPjhw5olQqr1y5IhQKuVzuli1bBALB8uXLp0+f/uDBg99//10kEn355ZeBgYEHKlAUtXbtWjabHRUV5efnN3DgwI8//vjPP/+8ePEii8WaPn26s7PzokWLevToceHChc8++ywtLW3ChAnM5n788UcXF5d58+aVlZV16tQpKCjo+PHjTJrs7Gx95iwW69NPP7WwsFi5cqWPj09xcXHlYri5uTXug8LctYuPIQBAfVGr1Q2otGw2y0jA5/O47+D+F5IkVSqVqakp2nUBABqqJjWyIJvNdnJyMjIyCg8PP3z4sLm5uU6ny8rKevz4MUEQXbt2/fe//x0XF/f06dOxY8fSNH3nzp3c3NzQ0NAZM2b4+/v37dvX3Py/QzUePXp09uzZn3zyiUwmO3r0qLm5eevWrY8fP67fllKpZFosf/nll/379zs7O/fr149Jk5aWps+cIIg+ffps2rSJx+OdOXNGLBZXLgbefgAAUKdfi2w2G7eTvBbu1wUAAENnamo6Z86c+fPnkySpVCp79eo1bdq077//nmk+ZUJT5qfipUuXSiSSf/3rXwRBdO7cmaKobdu2hYaG6rMyMjKSSqUEQUgkEmNjY4IgrKysKm8rKCjozJkzmZmZn3/+ub43MpOmcuYEQTD5FBcXi0SiKsUAAACoU8bGxvjGeS206wIAgKHLzMw0NTXl8Xjdu3efPHny0qVLT58+bWVlNWXKlCopXVxcTpw4ER8fT1GUVCoNDQ3dtm3be++9p08wZ86coUOH3rhxo7i4+Ouvv96/f3+VHEaMGHH16lV/f38zM7Nu3bq9KnOlUpmSktKxY8dnz55dvnz57NmzOEwAAPDOsFgskUikUqm0Wi0mZXgVzK8LANAgabXaJjIO84tKSkqKiorc3d1ffImm6YyMDBcXl2pGTlIqldnZ2c2aNavmjlOJRKJSqezt7XU6nX4UjcqZr1ixoqio6LPPPjMzMxMKhU3wKDCt4gBN55Qrk8lQDwANIL7F/LoAANBwmVV41Tdc8+bNq19dIBB4enpWn8bC4r9z91UeLrJy5q6urubm5o6OjjgcAAAABhr3ol0XAKAhasrtumAI0K4LTe2Ui3ZdgIYR31Zq18XYVAAAAAAAANDYINYFAAAAAAAAxLoAAAAAAAAAiHUBAAAAAAAAEOsCAAAAAAAAvDnMOQQA0AilpaVpNJrS0lJzc3MvLy9UCAAAACDWBQCABu+rr77S6XQ0TVMU5e7uvmrVKpqmK08VW4/Ky8uFQiFJkmVlZSYmJgRBKBQKIyMj5lWZTCYUCvUvAQAAACDWBQCAvxk5cmRwcHC7du26deuWmJg4d+7cei/SiRMnnj59KpVKrayseDyeRCIJDQ1dtGjR4cOH2Wz27t27KYpSKpXMS5988gkOIgAYpi1btsTGxvr4+CxevNgAi3fx4sUDBw44ODisXbsWBwuaLNyvCwDQmCkUCi6X269fP0MIdAmCuHnzJkmSffr0yczMnDZtWmpqqoODg6+vL0EQ8fHx5eXlBEHoX8LhAwCDlZ+fn5GRkZeXZ5jFKysry8jIyMnJwZECxLoAANAIff311/3791+yZMn58+e3bNliCEWSy+WzZ88+ffr05MmTN23aRFGUQCAwNjYmCGL9+vWlpaXXrl2bNGkS8xKOIAAAALwx9GEGAGiEfvnllypLBgwYYAgF69ixY1hYGI/He/DggZWVVatWrfQv7dq1Kycn59y5c1FRUVVeAgBoWHQ63fHjx69cuSKRSFxcXAYNGtStWzf9qxcvXjx27Fh5eXmfPn3EYvGBAwfc3NwWLlxY/YoLFy7U6XSTJ0+OrGBsbNyrV6/Q0FD9WAxnzpw5depUWVlZp06dLC
"deleted" : false ,
"disable_correlation" : false ,
"timestamp" : "1533063549" ,
"to_ids" : false ,
"type" : "attachment" ,
"uuid" : "5b60b17d-48b8-4f9c-a13c-484602de0b81" ,
"value" : "joe.png"
} ,
{
"category" : "Payload delivery" ,
"comment" : "" ,
"deleted" : false ,
"disable_correlation" : false ,
"timestamp" : "1533299300" ,
"to_ids" : true ,
"type" : "sha256" ,
"uuid" : "5b644a64-8644-4576-a851-41b7950d210f" ,
"value" : "dd89d33e275e99e288e4c50bdafbb4584a9565189491af0a66f8a506eaf53859"
}
] ,
"Object" : [
{
"comment" : "" ,
"deleted" : false ,
"description" : "File object describing a file with meta-information" ,
"meta-category" : "file" ,
"name" : "file" ,
"template_uuid" : "688c46fb-5edb-40a3-8273-1af7923e2215" ,
"template_version" : "11" ,
"timestamp" : "1533063618" ,
"uuid" : "440c258f-8bb9-488f-9ba4-11d2d4a0c491" ,
"ObjectReference" : [
{
"comment" : "" ,
"object_uuid" : "440c258f-8bb9-488f-9ba4-11d2d4a0c491" ,
"referenced_uuid" : "28410a9f-3d9e-4e02-ab8a-9ad909a615fd" ,
"relationship_type" : "analysed-with" ,
"timestamp" : "1533063623" ,
"uuid" : "5b60b1c7-7628-475b-9fc3-4e0802de0b81"
}
] ,
"Attribute" : [
{
"category" : "Payload delivery" ,
"comment" : "" ,
"deleted" : false ,
"disable_correlation" : false ,
"object_relation" : "md5" ,
"timestamp" : "1533063616" ,
"to_ids" : true ,
"type" : "md5" ,
"uuid" : "60de8c92-819b-4061-a51e-cb08953e1d2b" ,
"value" : "56c52e6a3dede484b44d1dbfed8a92f0"
} ,
{
"category" : "Payload delivery" ,
"comment" : "" ,
"deleted" : false ,
"disable_correlation" : false ,
"object_relation" : "sha1" ,
"timestamp" : "1533063616" ,
"to_ids" : true ,
"type" : "sha1" ,
"uuid" : "52ab0739-b144-437d-a5c1-ab7e73ecea17" ,
"value" : "505bd0f307da1efe9785044fa7dfbe655da231a5"
} ,
{
"category" : "Payload delivery" ,
"comment" : "" ,
"deleted" : false ,
"disable_correlation" : false ,
"object_relation" : "sha256" ,
"timestamp" : "1533063617" ,
"to_ids" : true ,
"type" : "sha256" ,
"uuid" : "f8c86aa7-3fb9-4483-b168-1021b1c07e04" ,
"value" : "9f5da7524817736cd85d87dae93fdbe478385baac1c0aa3102b6ad50d7e5e368"
}
]
} ,
{
"comment" : "" ,
"deleted" : false ,
"description" : "VirusTotal report" ,
"meta-category" : "misc" ,
"name" : "virustotal-report" ,
"template_uuid" : "d7dd0154-e04f-4c34-a2fb-79f3a3a52aa4" ,
"template_version" : "2" ,
"timestamp" : "1533063617" ,
"uuid" : "28410a9f-3d9e-4e02-ab8a-9ad909a615fd" ,
"Attribute" : [
{
"category" : "Other" ,
"comment" : "" ,
"deleted" : false ,
"disable_correlation" : false ,
"object_relation" : "last-submission" ,
"timestamp" : "1533063617" ,
"to_ids" : false ,
"type" : "datetime" ,
"uuid" : "5c2b8366-1836-4e0c-8a19-501a98245585" ,
"value" : "2018-07-29T07:48:40"
} ,
{
"category" : "External analysis" ,
"comment" : "" ,
"deleted" : false ,
"disable_correlation" : false ,
"object_relation" : "permalink" ,
"timestamp" : "1533063618" ,
"to_ids" : false ,
"type" : "link" ,
"uuid" : "cbe263b6-e9d2-4432-a74f-ed814315b04f" ,
"value" : "https://www.virustotal.com/file/9f5da7524817736cd85d87dae93fdbe478385baac1c0aa3102b6ad50d7e5e368/analysis/1532850520/"
} ,
{
"category" : "Other" ,
"comment" : "" ,
"deleted" : false ,
"disable_correlation" : true ,
"object_relation" : "detection-ratio" ,
"timestamp" : "1533063618" ,
"to_ids" : false ,
"type" : "text" ,
"uuid" : "a4e00129-18fa-483c-a624-c460ecf18ec2" ,
"value" : "40/65"
}
]
} ,
{
"comment" : "" ,
"deleted" : false ,
"description" : "File object describing a file with meta-information" ,
"meta-category" : "file" ,
"name" : "file" ,
"template_uuid" : "688c46fb-5edb-40a3-8273-1af7923e2215" ,
"template_version" : "11" ,
"timestamp" : "1533063621" ,
"uuid" : "28ff01c4-0217-4836-a385-3e490837c712" ,
"ObjectReference" : [
{
"comment" : "" ,
"object_uuid" : "28ff01c4-0217-4836-a385-3e490837c712" ,
"referenced_uuid" : "dbc74363-ad91-41ec-9380-a91ae88b02e0" ,
"relationship_type" : "analysed-with" ,
"timestamp" : "1533063623" ,
"uuid" : "5b60b1c7-fb40-4374-be4f-4ac702de0b81"
}
] ,
"Attribute" : [
{
"category" : "Payload delivery" ,
"comment" : "" ,
"deleted" : false ,
"disable_correlation" : false ,
"object_relation" : "md5" ,
"timestamp" : "1533063618" ,
"to_ids" : true ,
"type" : "md5" ,
"uuid" : "5237bfe4-38e6-4276-9d2b-617c2007b861" ,
"value" : "d64161db327f4ec91d458a00293c62b0"
} ,
{
"category" : "Payload delivery" ,
"comment" : "" ,
"deleted" : false ,
"disable_correlation" : false ,
"object_relation" : "sha1" ,
"timestamp" : "1533063619" ,
"to_ids" : true ,
"type" : "sha1" ,
"uuid" : "5d921359-e535-4598-9b2b-f748396683b2" ,
"value" : "364570ca28e004bed1d9d4e5853befd77b88465f"
} ,
{
"category" : "Payload delivery" ,
"comment" : "" ,
"deleted" : false ,
"disable_correlation" : false ,
"object_relation" : "sha256" ,
"timestamp" : "1533063619" ,
"to_ids" : true ,
"type" : "sha256" ,
"uuid" : "4b717a77-36a6-43ca-9a9d-21f209c32981" ,
"value" : "42162c495e835cdf28670661a53d47d12255d9c791c1c5653673b25fb587ffed"
}
]
} ,
{
"comment" : "" ,
"deleted" : false ,
"description" : "VirusTotal report" ,
"meta-category" : "misc" ,
"name" : "virustotal-report" ,
"template_uuid" : "d7dd0154-e04f-4c34-a2fb-79f3a3a52aa4" ,
"template_version" : "2" ,
"timestamp" : "1533063620" ,
"uuid" : "dbc74363-ad91-41ec-9380-a91ae88b02e0" ,
"Attribute" : [
{
"category" : "Other" ,
"comment" : "" ,
"deleted" : false ,
"disable_correlation" : false ,
"object_relation" : "last-submission" ,
"timestamp" : "1533063620" ,
"to_ids" : false ,
"type" : "datetime" ,
"uuid" : "aca159f6-9481-42db-a2c2-42ac503fa261" ,
"value" : "2018-07-23T15:44:31"
} ,
{
"category" : "External analysis" ,
"comment" : "" ,
"deleted" : false ,
"disable_correlation" : false ,
"object_relation" : "permalink" ,
"timestamp" : "1533063620" ,
"to_ids" : false ,
"type" : "link" ,
"uuid" : "19e1bc6e-a9ea-4bbb-bfac-e27af4df4921" ,
"value" : "https://www.virustotal.com/file/42162c495e835cdf28670661a53d47d12255d9c791c1c5653673b25fb587ffed/analysis/1532360671/"
} ,
{
"category" : "Other" ,
"comment" : "" ,
"deleted" : false ,
"disable_correlation" : true ,
"object_relation" : "detection-ratio" ,
"timestamp" : "1533063621" ,
"to_ids" : false ,
"type" : "text" ,
"uuid" : "9a0e8dc2-5f70-4f8f-9279-116ae36d69de" ,
"value" : "24/60"
}
]
} ,
{
"comment" : "" ,
"deleted" : false ,
"description" : "File object describing a file with meta-information" ,
"meta-category" : "file" ,
"name" : "file" ,
"template_uuid" : "688c46fb-5edb-40a3-8273-1af7923e2215" ,
"template_version" : "11" ,
"timestamp" : "1533063624" ,
"uuid" : "341880ea-3069-4d12-bd1e-9e855ee3edb7" ,
"ObjectReference" : [
{
"comment" : "" ,
"object_uuid" : "341880ea-3069-4d12-bd1e-9e855ee3edb7" ,
"referenced_uuid" : "97460a0b-9f53-4f2d-afa1-b3eccf30fd47" ,
"relationship_type" : "analysed-with" ,
"timestamp" : "1533063624" ,
"uuid" : "5b60b1c8-32b4-4a77-b05a-4ba402de0b81"
}
] ,
"Attribute" : [
{
"category" : "Payload delivery" ,
"comment" : "" ,
"deleted" : false ,
"disable_correlation" : false ,
"object_relation" : "md5" ,
"timestamp" : "1533063621" ,
"to_ids" : true ,
"type" : "md5" ,
"uuid" : "1ec9f3b2-54ac-4ab2-926c-0e4aa6353183" ,
"value" : "62944e26b36b1dcace429ae26ba66164"
} ,
{
"category" : "Payload delivery" ,
"comment" : "" ,
"deleted" : false ,
"disable_correlation" : false ,
"object_relation" : "sha1" ,
"timestamp" : "1533063621" ,
"to_ids" : true ,
"type" : "sha1" ,
"uuid" : "177dfc38-b61b-4294-8084-782fa8389001" ,
"value" : "2616da1697f7c764ee7fb558887a6a3279861fac"
} ,
{
"category" : "Payload delivery" ,
"comment" : "" ,
"deleted" : false ,
"disable_correlation" : false ,
"object_relation" : "sha256" ,
"timestamp" : "1533063622" ,
"to_ids" : true ,
"type" : "sha256" ,
"uuid" : "9bfaa9d6-795b-4e61-8e16-f537107e50bc" ,
"value" : "f9ebf6aeb3f0fb0c29bd8f3d652476cd1fe8bd9a0c11cb15c43de33bbce0bf68"
}
]
} ,
{
"comment" : "" ,
"deleted" : false ,
"description" : "VirusTotal report" ,
"meta-category" : "misc" ,
"name" : "virustotal-report" ,
"template_uuid" : "d7dd0154-e04f-4c34-a2fb-79f3a3a52aa4" ,
"template_version" : "2" ,
"timestamp" : "1533063622" ,
"uuid" : "97460a0b-9f53-4f2d-afa1-b3eccf30fd47" ,
"Attribute" : [
{
"category" : "Other" ,
"comment" : "" ,
"deleted" : false ,
"disable_correlation" : false ,
"object_relation" : "last-submission" ,
"timestamp" : "1533063622" ,
"to_ids" : false ,
"type" : "datetime" ,
"uuid" : "01d43de5-edc2-4275-a5b2-b42e76b5544d" ,
"value" : "2018-07-24T09:20:59"
} ,
{
"category" : "External analysis" ,
"comment" : "" ,
"deleted" : false ,
"disable_correlation" : false ,
"object_relation" : "permalink" ,
"timestamp" : "1533063623" ,
"to_ids" : false ,
"type" : "link" ,
"uuid" : "8835b84d-dad7-4cbc-afde-ed46122a4768" ,
"value" : "https://www.virustotal.com/file/f9ebf6aeb3f0fb0c29bd8f3d652476cd1fe8bd9a0c11cb15c43de33bbce0bf68/analysis/1532424059/"
} ,
{
"category" : "Other" ,
"comment" : "" ,
"deleted" : false ,
"disable_correlation" : true ,
"object_relation" : "detection-ratio" ,
"timestamp" : "1533063623" ,
"to_ids" : false ,
"type" : "text" ,
"uuid" : "fe6851a5-9f11-4ce3-9725-7b452118a065" ,
"value" : "0/67"
}
]
} ,
{
"comment" : "" ,
"deleted" : false ,
"description" : "File object describing a file with meta-information" ,
"meta-category" : "file" ,
"name" : "file" ,
"template_uuid" : "688c46fb-5edb-40a3-8273-1af7923e2215" ,
"template_version" : "11" ,
"timestamp" : "1533213232" ,
"uuid" : "5b62fa30-d240-4632-b970-4eb802de0b81" ,
"Attribute" : [
{
"category" : "Payload delivery" ,
"comment" : "" ,
"deleted" : false ,
"disable_correlation" : false ,
"object_relation" : "sha256" ,
"timestamp" : "1533213232" ,
"to_ids" : true ,
"type" : "sha256" ,
"uuid" : "5b62fa30-ae14-40ed-bb93-42a402de0b81" ,
"value" : "597c0c6f397eefb06155abdf5aa9a7476c977c44ef8bd9575b01359e96273486"
} ,
{
"category" : "Payload delivery" ,
"comment" : "" ,
"deleted" : false ,
"disable_correlation" : true ,
"object_relation" : "filename" ,
"timestamp" : "1533213233" ,
"to_ids" : true ,
"type" : "filename" ,
"uuid" : "5b62fa31-4d48-4181-b132-453b02de0b81" ,
"value" : "59.rtf"
} ,
{
"category" : "Other" ,
"comment" : "" ,
"deleted" : false ,
"disable_correlation" : true ,
"object_relation" : "state" ,
"timestamp" : "1533213233" ,
"to_ids" : false ,
"type" : "text" ,
"uuid" : "5b62fa31-4a78-4804-9f3e-485e02de0b81" ,
"value" : "Malicious"
}
]
} ,
{
"comment" : "" ,
"deleted" : false ,
"description" : "File object describing a file with meta-information" ,
"meta-category" : "file" ,
"name" : "file" ,
"template_uuid" : "688c46fb-5edb-40a3-8273-1af7923e2215" ,
"template_version" : "11" ,
"timestamp" : "1533213270" ,
"uuid" : "5b62fa56-9f74-4086-b0f6-48f002de0b81" ,
"Attribute" : [
{
"category" : "Payload delivery" ,
"comment" : "" ,
"deleted" : false ,
"disable_correlation" : false ,
"object_relation" : "sha256" ,
"timestamp" : "1533213271" ,
"to_ids" : true ,
"type" : "sha256" ,
"uuid" : "5b62fa57-33d8-488b-9a64-4a8902de0b81" ,
"value" : "11f38b6a69978dad95c9b1479db9a8729ca57329855998bd41befc364657d654"
} ,
{
"category" : "Payload delivery" ,
"comment" : "" ,
"deleted" : false ,
"disable_correlation" : true ,
"object_relation" : "filename" ,
"timestamp" : "1533213271" ,
"to_ids" : true ,
"type" : "filename" ,
"uuid" : "5b62fa57-6754-40c0-b8f1-4e0402de0b81" ,
"value" : "RasTls.dll"
} ,
{
"category" : "Other" ,
"comment" : "" ,
"deleted" : false ,
"disable_correlation" : true ,
"object_relation" : "state" ,
"timestamp" : "1533213271" ,
"to_ids" : false ,
"type" : "text" ,
"uuid" : "5b62fa57-d024-4689-a2a3-442b02de0b81" ,
"value" : "Malicious"
}
]
} ,
{
"comment" : "" ,
"deleted" : false ,
"description" : "File object describing a file with meta-information" ,
"meta-category" : "file" ,
"name" : "file" ,
"template_uuid" : "688c46fb-5edb-40a3-8273-1af7923e2215" ,
"template_version" : "11" ,
"timestamp" : "1533213304" ,
"uuid" : "5b62fa78-2388-4104-80f1-4b6a02de0b81" ,
"Attribute" : [
{
"category" : "Payload delivery" ,
"comment" : "" ,
"deleted" : false ,
"disable_correlation" : false ,
"object_relation" : "sha256" ,
"timestamp" : "1533213304" ,
"to_ids" : true ,
"type" : "sha256" ,
"uuid" : "5b62fa78-0f5c-46b1-9b01-458e02de0b81" ,
"value" : "f9ebf6aeb3f0fb0c29bd8f3d652476cd1fe8bd9a0c11cb15c43de33bbce0bf68"
} ,
{
"category" : "Payload delivery" ,
"comment" : "" ,
"deleted" : false ,
"disable_correlation" : true ,
"object_relation" : "filename" ,
"timestamp" : "1533213305" ,
"to_ids" : true ,
"type" : "filename" ,
"uuid" : "5b62fa79-6d64-48ce-b17c-437602de0b81" ,
"value" : "RasTls.exe"
} ,
{
"category" : "Other" ,
"comment" : "" ,
"deleted" : false ,
"disable_correlation" : true ,
"object_relation" : "state" ,
"timestamp" : "1533213305" ,
"to_ids" : false ,
"type" : "text" ,
"uuid" : "5b62fa79-92c4-4e71-a768-496402de0b81" ,
"value" : "Malicious"
}
]
} ,
{
"comment" : "" ,
"deleted" : false ,
"description" : "File object describing a file with meta-information" ,
"meta-category" : "file" ,
"name" : "file" ,
"template_uuid" : "688c46fb-5edb-40a3-8273-1af7923e2215" ,
"template_version" : "11" ,
"timestamp" : "1533213337" ,
"uuid" : "5b62fa99-c394-40ff-8bca-447402de0b81" ,
"Attribute" : [
{
"category" : "Payload delivery" ,
"comment" : "" ,
"deleted" : false ,
"disable_correlation" : false ,
"object_relation" : "sha256" ,
"timestamp" : "1533213337" ,
"to_ids" : true ,
"type" : "sha256" ,
"uuid" : "5b62fa99-68c0-43fc-9c85-4cd802de0b81" ,
"value" : "b70069e1c8e829bfd7090ba3dfbf0e256fc7dfcefc6acafb3b53abcf2caa2253"
} ,
{
"category" : "Payload delivery" ,
"comment" : "" ,
"deleted" : false ,
"disable_correlation" : true ,
"object_relation" : "filename" ,
"timestamp" : "1533213338" ,
"to_ids" : true ,
"type" : "filename" ,
"uuid" : "5b62fa9a-7524-4ad9-9327-4dd302de0b81" ,
"value" : "b7.rtf"
} ,
{
"category" : "Other" ,
"comment" : "" ,
"deleted" : false ,
"disable_correlation" : true ,
"object_relation" : "state" ,
"timestamp" : "1533213338" ,
"to_ids" : false ,
"type" : "text" ,
"uuid" : "5b62fa9a-f338-4d62-9a2a-4c2d02de0b81" ,
"value" : "Malicious"
}
]
} ,
{
"comment" : "" ,
"deleted" : false ,
"description" : "File object describing a file with meta-information" ,
"meta-category" : "file" ,
"name" : "file" ,
"template_uuid" : "688c46fb-5edb-40a3-8273-1af7923e2215" ,
"template_version" : "11" ,
"timestamp" : "1533213363" ,
"uuid" : "5b62fab3-512c-40ac-bd39-45c802de0b81" ,
"Attribute" : [
{
"category" : "Payload delivery" ,
"comment" : "" ,
"deleted" : false ,
"disable_correlation" : false ,
"object_relation" : "sha256" ,
"timestamp" : "1533213363" ,
"to_ids" : true ,
"type" : "sha256" ,
"uuid" : "5b62fab3-0664-48b7-9ffa-400502de0b81" ,
"value" : "77361b1ca09d6857d68cea052a0bb857e03d776d3e1943897315a80a19f20fc2"
} ,
{
"category" : "Payload delivery" ,
"comment" : "" ,
"deleted" : false ,
"disable_correlation" : true ,
"object_relation" : "filename" ,
"timestamp" : "1533213363" ,
"to_ids" : true ,
"type" : "filename" ,
"uuid" : "5b62fab3-8710-41be-aa9e-45d302de0b81" ,
"value" : "spoolsver.exe"
} ,
{
"category" : "Other" ,
"comment" : "" ,
"deleted" : false ,
"disable_correlation" : true ,
"object_relation" : "state" ,
"timestamp" : "1533213363" ,
"to_ids" : false ,
"type" : "text" ,
"uuid" : "5b62fab3-cd7c-4622-b501-499402de0b81" ,
"value" : "Malicious"
}
]
} ,
{
"comment" : "" ,
"deleted" : false ,
"description" : "File object describing a file with meta-information" ,
"meta-category" : "file" ,
"name" : "file" ,
"template_uuid" : "688c46fb-5edb-40a3-8273-1af7923e2215" ,
"template_version" : "11" ,
"timestamp" : "1533213396" ,
"uuid" : "5b62fad4-270c-4ffc-8aff-4ee002de0b81" ,
"Attribute" : [
{
"category" : "Payload delivery" ,
"comment" : "" ,
"deleted" : false ,
"disable_correlation" : false ,
"object_relation" : "sha256" ,
"timestamp" : "1533213396" ,
"to_ids" : true ,
"type" : "sha256" ,
"uuid" : "5b62fad4-bb60-4e4e-8cda-4c8402de0b81" ,
"value" : "9fba998ab2c1b7fec39da9817b27768ba7892c0613c4be7c525989161981d2e2"
} ,
{
"category" : "Payload delivery" ,
"comment" : "" ,
"deleted" : false ,
"disable_correlation" : true ,
"object_relation" : "filename" ,
"timestamp" : "1533213397" ,
"to_ids" : true ,
"type" : "filename" ,
"uuid" : "5b62fad5-6cd4-4351-ab26-430002de0b81" ,
"value" : "vsodscpl.dll"
} ,
{
"category" : "Other" ,
"comment" : "" ,
"deleted" : false ,
"disable_correlation" : true ,
"object_relation" : "state" ,
"timestamp" : "1533213397" ,
"to_ids" : false ,
"type" : "text" ,
"uuid" : "5b62fad5-64e4-44bc-8370-465c02de0b81" ,
"value" : "Malicious"
}
]
} ,
{
"comment" : "" ,
"deleted" : false ,
"description" : "File object describing a file with meta-information" ,
"meta-category" : "file" ,
"name" : "file" ,
"template_uuid" : "688c46fb-5edb-40a3-8273-1af7923e2215" ,
"template_version" : "11" ,
"timestamp" : "1533213437" ,
"uuid" : "5b62fafd-f4b0-409c-aba6-4ae602de0b81" ,
"Attribute" : [
{
"category" : "Payload delivery" ,
"comment" : "" ,
"deleted" : false ,
"disable_correlation" : false ,
"object_relation" : "sha256" ,
"timestamp" : "1533213437" ,
"to_ids" : true ,
"type" : "sha256" ,
"uuid" : "5b62fafd-94f0-4f55-beaa-4fc502de0b81" ,
"value" : "9d239ddd4c925d14e00b5a95827e9191bfda7d59858f141f6f5dcc52329838f0"
} ,
{
"category" : "Payload delivery" ,
"comment" : "" ,
"deleted" : false ,
"disable_correlation" : true ,
"object_relation" : "filename" ,
"timestamp" : "1533213438" ,
"to_ids" : true ,
"type" : "filename" ,
"uuid" : "5b62fafe-7540-47f3-933d-4ce202de0b81" ,
"value" : "9d.rtf"
} ,
{
"category" : "Other" ,
"comment" : "" ,
"deleted" : false ,
"disable_correlation" : true ,
"object_relation" : "state" ,
"timestamp" : "1533213438" ,
"to_ids" : false ,
"type" : "text" ,
"uuid" : "5b62fafe-7388-4b2d-a98e-4b1602de0b81" ,
"value" : "Malicious"
}
]
} ,
{
"comment" : "" ,
"deleted" : false ,
"description" : "File object describing a file with meta-information" ,
"meta-category" : "file" ,
"name" : "file" ,
"template_uuid" : "688c46fb-5edb-40a3-8273-1af7923e2215" ,
"template_version" : "11" ,
"timestamp" : "1533213461" ,
"uuid" : "5b62fb15-ba10-4e32-ba11-49ba02de0b81" ,
"Attribute" : [
{
"category" : "Payload delivery" ,
"comment" : "" ,
"deleted" : false ,
"disable_correlation" : false ,
"object_relation" : "sha256" ,
"timestamp" : "1533213462" ,
"to_ids" : true ,
"type" : "sha256" ,
"uuid" : "5b62fb16-3a64-4729-be2e-442f02de0b81" ,
"value" : "087d8bee1db61273a7cd533d52b63265d3a8a8b897526d7849c48bcdba4b22ec"
} ,
{
"category" : "Payload delivery" ,
"comment" : "" ,
"deleted" : false ,
"disable_correlation" : true ,
"object_relation" : "filename" ,
"timestamp" : "1533213462" ,
"to_ids" : true ,
"type" : "filename" ,
"uuid" : "5b62fb16-9d34-4b12-bc18-4d4002de0b81" ,
"value" : "RasTls.dll"
} ,
{
"category" : "Other" ,
"comment" : "" ,
"deleted" : false ,
"disable_correlation" : true ,
"object_relation" : "state" ,
"timestamp" : "1533213462" ,
"to_ids" : false ,
"type" : "text" ,
"uuid" : "5b62fb16-2d70-4b01-b304-4e4802de0b81" ,
"value" : "Malicious"
}
]
} ,
{
"comment" : "" ,
"deleted" : false ,
"description" : "File object describing a file with meta-information" ,
"meta-category" : "file" ,
"name" : "file" ,
"template_uuid" : "688c46fb-5edb-40a3-8273-1af7923e2215" ,
"template_version" : "11" ,
"timestamp" : "1533213494" ,
"uuid" : "5b62fb36-9314-4c86-b3eb-484202de0b81" ,
"Attribute" : [
{
"category" : "Payload delivery" ,
"comment" : "" ,
"deleted" : false ,
"disable_correlation" : false ,
"object_relation" : "sha256" ,
"timestamp" : "1533213495" ,
"to_ids" : true ,
"type" : "sha256" ,
"uuid" : "5b62fb37-9be4-41f9-92e7-49d302de0b81" ,
"value" : "f9ebf6aeb3f0fb0c29bd8f3d652476cd1fe8bd9a0c11cb15c43de33bbce0bf68"
} ,
{
"category" : "Payload delivery" ,
"comment" : "" ,
"deleted" : false ,
"disable_correlation" : true ,
"object_relation" : "filename" ,
"timestamp" : "1533213495" ,
"to_ids" : true ,
"type" : "filename" ,
"uuid" : "5b62fb37-54f0-4c02-be7f-499b02de0b81" ,
"value" : "RasTls.exe"
} ,
{
"category" : "Other" ,
"comment" : "" ,
"deleted" : false ,
"disable_correlation" : true ,
"object_relation" : "state" ,
"timestamp" : "1533213495" ,
"to_ids" : false ,
"type" : "text" ,
"uuid" : "5b62fb37-a504-4a9d-bc2c-4c2d02de0b81" ,
"value" : "Malicious"
}
]
} ,
{
"comment" : "" ,
"deleted" : false ,
"description" : "File object describing a file with meta-information" ,
"meta-category" : "file" ,
"name" : "file" ,
"template_uuid" : "688c46fb-5edb-40a3-8273-1af7923e2215" ,
"template_version" : "11" ,
"timestamp" : "1533213513" ,
"uuid" : "f2b65487-b330-43d5-b152-9d8e7ab9fa86" ,
"ObjectReference" : [
{
"comment" : "" ,
"object_uuid" : "f2b65487-b330-43d5-b152-9d8e7ab9fa86" ,
"referenced_uuid" : "081c7113-f184-47ac-bcc8-85e42c98a503" ,
"relationship_type" : "analysed-with" ,
"timestamp" : "1533213519" ,
"uuid" : "5b62fb4f-a0c4-487e-88f5-4a3502de0b81"
}
] ,
"Attribute" : [
{
"category" : "Payload delivery" ,
"comment" : "" ,
"deleted" : false ,
"disable_correlation" : false ,
"object_relation" : "md5" ,
"timestamp" : "1533213510" ,
"to_ids" : true ,
"type" : "md5" ,
"uuid" : "dbe9ecf5-ccb6-42cc-a264-e3a272331f23" ,
"value" : "88d667cc01c4d8ee32e9de116f3bfdeb"
} ,
{
"category" : "Payload delivery" ,
"comment" : "" ,
"deleted" : false ,
"disable_correlation" : false ,
"object_relation" : "sha1" ,
"timestamp" : "1533213510" ,
"to_ids" : true ,
"type" : "sha1" ,
"uuid" : "a5537a01-fe33-4f0e-98d6-658a329a9908" ,
"value" : "5ca26b6eae6bdf038c4ec61b174a3825bcde95fd"
} ,
{
"category" : "Payload delivery" ,
"comment" : "" ,
"deleted" : false ,
"disable_correlation" : false ,
"object_relation" : "sha256" ,
"timestamp" : "1533213511" ,
"to_ids" : true ,
"type" : "sha256" ,
"uuid" : "590b25bf-c2f7-44bc-967c-df868566aefe" ,
"value" : "597c0c6f397eefb06155abdf5aa9a7476c977c44ef8bd9575b01359e96273486"
}
]
} ,
{
"comment" : "" ,
"deleted" : false ,
"description" : "VirusTotal report" ,
"meta-category" : "misc" ,
"name" : "virustotal-report" ,
"template_uuid" : "d7dd0154-e04f-4c34-a2fb-79f3a3a52aa4" ,
"template_version" : "2" ,
"timestamp" : "1533213511" ,
"uuid" : "081c7113-f184-47ac-bcc8-85e42c98a503" ,
"Attribute" : [
{
"category" : "Other" ,
"comment" : "" ,
"deleted" : false ,
"disable_correlation" : false ,
"object_relation" : "last-submission" ,
"timestamp" : "1533213511" ,
"to_ids" : false ,
"type" : "datetime" ,
"uuid" : "30ab8a9f-fae7-49f2-a665-8b44627f1b16" ,
"value" : "2018-07-23T13:07:30"
} ,
{
"category" : "External analysis" ,
"comment" : "" ,
"deleted" : false ,
"disable_correlation" : false ,
"object_relation" : "permalink" ,
"timestamp" : "1533213512" ,
"to_ids" : false ,
"type" : "link" ,
"uuid" : "89a4f45a-ff7c-4db1-a3a2-3336464ca4ec" ,
"value" : "https://www.virustotal.com/file/597c0c6f397eefb06155abdf5aa9a7476c977c44ef8bd9575b01359e96273486/analysis/1532351250/"
} ,
{
"category" : "Other" ,
"comment" : "" ,
"deleted" : false ,
"disable_correlation" : true ,
"object_relation" : "detection-ratio" ,
"timestamp" : "1533213512" ,
"to_ids" : false ,
"type" : "text" ,
"uuid" : "c3d87ac0-c1c7-45bc-97cc-c3798f16b5d2" ,
"value" : "25/59"
}
]
} ,
{
"comment" : "" ,
"deleted" : false ,
"description" : "File object describing a file with meta-information" ,
"meta-category" : "file" ,
"name" : "file" ,
"template_uuid" : "688c46fb-5edb-40a3-8273-1af7923e2215" ,
"template_version" : "11" ,
"timestamp" : "1533213515" ,
"uuid" : "22279826-2833-439c-831b-2d754ad300e5" ,
"ObjectReference" : [
{
"comment" : "" ,
"object_uuid" : "22279826-2833-439c-831b-2d754ad300e5" ,
"referenced_uuid" : "c45609ff-9cc7-4d9c-8647-8b500b1b3379" ,
"relationship_type" : "analysed-with" ,
"timestamp" : "1533213519" ,
"uuid" : "5b62fb4f-15dc-4d82-84e3-409902de0b81"
}
] ,
"Attribute" : [
{
"category" : "Payload delivery" ,
"comment" : "" ,
"deleted" : false ,
"disable_correlation" : false ,
"object_relation" : "md5" ,
"timestamp" : "1533213512" ,
"to_ids" : true ,
"type" : "md5" ,
"uuid" : "665f78ac-fe42-4fc0-ac4e-06287940b6f4" ,
"value" : "9c7297f032b5c1cfbc2d819815f72f80"
} ,
{
"category" : "Payload delivery" ,
"comment" : "" ,
"deleted" : false ,
"disable_correlation" : false ,
"object_relation" : "sha1" ,
"timestamp" : "1533213513" ,
"to_ids" : true ,
"type" : "sha1" ,
"uuid" : "18355d9a-9a30-48ab-9a7e-9a9dac6e521f" ,
"value" : "f2bad341629f6e4397158e5a66a94e5f5aea5d48"
} ,
{
"category" : "Payload delivery" ,
"comment" : "" ,
"deleted" : false ,
"disable_correlation" : false ,
"object_relation" : "sha256" ,
"timestamp" : "1533213513" ,
"to_ids" : true ,
"type" : "sha256" ,
"uuid" : "08efd87d-3d46-4c82-a3ac-9eeaa3475162" ,
"value" : "b70069e1c8e829bfd7090ba3dfbf0e256fc7dfcefc6acafb3b53abcf2caa2253"
}
]
} ,
{
"comment" : "" ,
"deleted" : false ,
"description" : "VirusTotal report" ,
"meta-category" : "misc" ,
"name" : "virustotal-report" ,
"template_uuid" : "d7dd0154-e04f-4c34-a2fb-79f3a3a52aa4" ,
"template_version" : "2" ,
"timestamp" : "1533213513" ,
"uuid" : "c45609ff-9cc7-4d9c-8647-8b500b1b3379" ,
"Attribute" : [
{
"category" : "Other" ,
"comment" : "" ,
"deleted" : false ,
"disable_correlation" : false ,
"object_relation" : "last-submission" ,
"timestamp" : "1533213513" ,
"to_ids" : false ,
"type" : "datetime" ,
"uuid" : "b1241a90-9dc5-437c-abd3-f3355401c57a" ,
"value" : "2018-07-24T01:00:29"
} ,
{
"category" : "External analysis" ,
"comment" : "" ,
"deleted" : false ,
"disable_correlation" : false ,
"object_relation" : "permalink" ,
"timestamp" : "1533213514" ,
"to_ids" : false ,
"type" : "link" ,
"uuid" : "ae05b8e6-8d3d-441f-ab3e-877be4a23ad1" ,
"value" : "https://www.virustotal.com/file/b70069e1c8e829bfd7090ba3dfbf0e256fc7dfcefc6acafb3b53abcf2caa2253/analysis/1532394029/"
} ,
{
"category" : "Other" ,
"comment" : "" ,
"deleted" : false ,
"disable_correlation" : true ,
"object_relation" : "detection-ratio" ,
"timestamp" : "1533213514" ,
"to_ids" : false ,
"type" : "text" ,
"uuid" : "8e84a1a9-3b35-484e-99c2-c66b03b21fdc" ,
"value" : "26/59"
}
]
} ,
{
"comment" : "" ,
"deleted" : false ,
"description" : "File object describing a file with meta-information" ,
"meta-category" : "file" ,
"name" : "file" ,
"template_uuid" : "688c46fb-5edb-40a3-8273-1af7923e2215" ,
"template_version" : "11" ,
"timestamp" : "1533213517" ,
"uuid" : "db3fbbf0-53b2-43de-8b00-e1950b22026b" ,
"ObjectReference" : [
{
"comment" : "" ,
"object_uuid" : "db3fbbf0-53b2-43de-8b00-e1950b22026b" ,
"referenced_uuid" : "08289608-6e5c-4d58-8899-6e53368135e8" ,
"relationship_type" : "analysed-with" ,
"timestamp" : "1533213519" ,
"uuid" : "5b62fb4f-1230-4516-87c3-4de202de0b81"
}
] ,
"Attribute" : [
{
"category" : "Payload delivery" ,
"comment" : "" ,
"deleted" : false ,
"disable_correlation" : false ,
"object_relation" : "md5" ,
"timestamp" : "1533213514" ,
"to_ids" : true ,
"type" : "md5" ,
"uuid" : "389907ed-b053-4912-8712-eebc5c7ce4ed" ,
"value" : "bd19302a58133803622e119080a5ceda"
} ,
{
"category" : "Payload delivery" ,
"comment" : "" ,
"deleted" : false ,
"disable_correlation" : false ,
"object_relation" : "sha1" ,
"timestamp" : "1533213515" ,
"to_ids" : true ,
"type" : "sha1" ,
"uuid" : "de1a3931-bf30-474f-8061-871c6cb35f2c" ,
"value" : "2c0b6a27dd227d18b312c4a42b3e3fbc233ae996"
} ,
{
"category" : "Payload delivery" ,
"comment" : "" ,
"deleted" : false ,
"disable_correlation" : false ,
"object_relation" : "sha256" ,
"timestamp" : "1533213515" ,
"to_ids" : true ,
"type" : "sha256" ,
"uuid" : "c4aa42a9-64a0-441b-99d3-0587c5a98f7f" ,
"value" : "77361b1ca09d6857d68cea052a0bb857e03d776d3e1943897315a80a19f20fc2"
}
]
} ,
{
"comment" : "" ,
"deleted" : false ,
"description" : "VirusTotal report" ,
"meta-category" : "misc" ,
"name" : "virustotal-report" ,
"template_uuid" : "d7dd0154-e04f-4c34-a2fb-79f3a3a52aa4" ,
"template_version" : "2" ,
"timestamp" : "1533213516" ,
"uuid" : "08289608-6e5c-4d58-8899-6e53368135e8" ,
"Attribute" : [
{
"category" : "Other" ,
"comment" : "" ,
"deleted" : false ,
"disable_correlation" : false ,
"object_relation" : "last-submission" ,
"timestamp" : "1533213516" ,
"to_ids" : false ,
"type" : "datetime" ,
"uuid" : "24e8ba59-3a65-464c-b611-840d0d554777" ,
"value" : "2018-06-20T08:14:35"
} ,
{
"category" : "External analysis" ,
"comment" : "" ,
"deleted" : false ,
"disable_correlation" : false ,
"object_relation" : "permalink" ,
"timestamp" : "1533213516" ,
"to_ids" : false ,
"type" : "link" ,
"uuid" : "d9548805-42a2-4119-b35b-0d979e8c0c52" ,
"value" : "https://www.virustotal.com/file/77361b1ca09d6857d68cea052a0bb857e03d776d3e1943897315a80a19f20fc2/analysis/1529482475/"
} ,
{
"category" : "Other" ,
"comment" : "" ,
"deleted" : false ,
"disable_correlation" : true ,
"object_relation" : "detection-ratio" ,
"timestamp" : "1533213517" ,
"to_ids" : false ,
"type" : "text" ,
"uuid" : "daff5ae1-4274-45e3-a522-141a42c8ab50" ,
"value" : "0/68"
}
]
} ,
{
"comment" : "" ,
"deleted" : false ,
"description" : "File object describing a file with meta-information" ,
"meta-category" : "file" ,
"name" : "file" ,
"template_uuid" : "688c46fb-5edb-40a3-8273-1af7923e2215" ,
"template_version" : "11" ,
"timestamp" : "1533213520" ,
"uuid" : "13d8c40b-9f39-424e-b9fa-369a41b15415" ,
"ObjectReference" : [
{
"comment" : "" ,
"object_uuid" : "13d8c40b-9f39-424e-b9fa-369a41b15415" ,
"referenced_uuid" : "74e8e845-1d59-4a37-8932-1132e84831e4" ,
"relationship_type" : "analysed-with" ,
"timestamp" : "1533213519" ,
"uuid" : "5b62fb4f-9c00-4adc-b53d-47e402de0b81"
}
] ,
"Attribute" : [
{
"category" : "Payload delivery" ,
"comment" : "" ,
"deleted" : false ,
"disable_correlation" : false ,
"object_relation" : "md5" ,
"timestamp" : "1533213517" ,
"to_ids" : true ,
"type" : "md5" ,
"uuid" : "3ad6a485-1943-48a2-a286-4d5f76ea2864" ,
"value" : "9ca6d45643f89bf233f08b7d74910346"
} ,
{
"category" : "Payload delivery" ,
"comment" : "" ,
"deleted" : false ,
"disable_correlation" : false ,
"object_relation" : "sha1" ,
"timestamp" : "1533213517" ,
"to_ids" : true ,
"type" : "sha1" ,
"uuid" : "deca4d00-eebe-4d04-9c88-6bbd558c4bd5" ,
"value" : "16163b8182d5d55a75f87c10eacb9240fa2de9af"
} ,
{
"category" : "Payload delivery" ,
"comment" : "" ,
"deleted" : false ,
"disable_correlation" : false ,
"object_relation" : "sha256" ,
"timestamp" : "1533213517" ,
"to_ids" : true ,
"type" : "sha256" ,
"uuid" : "d6e8edbb-bbcb-4c32-a314-54bc7e00ceef" ,
"value" : "9d239ddd4c925d14e00b5a95827e9191bfda7d59858f141f6f5dcc52329838f0"
}
]
} ,
{
"comment" : "" ,
"deleted" : false ,
"description" : "VirusTotal report" ,
"meta-category" : "misc" ,
"name" : "virustotal-report" ,
"template_uuid" : "d7dd0154-e04f-4c34-a2fb-79f3a3a52aa4" ,
"template_version" : "2" ,
"timestamp" : "1533213518" ,
"uuid" : "74e8e845-1d59-4a37-8932-1132e84831e4" ,
"Attribute" : [
{
"category" : "Other" ,
"comment" : "" ,
"deleted" : false ,
"disable_correlation" : false ,
"object_relation" : "last-submission" ,
"timestamp" : "1533213518" ,
"to_ids" : false ,
"type" : "datetime" ,
"uuid" : "8efd1b93-8d49-46f4-8b29-c8cc33fcdf7c" ,
"value" : "2018-08-01T16:48:13"
} ,
{
"category" : "External analysis" ,
"comment" : "" ,
"deleted" : false ,
"disable_correlation" : false ,
"object_relation" : "permalink" ,
"timestamp" : "1533213518" ,
"to_ids" : false ,
"type" : "link" ,
"uuid" : "95843f4e-383d-4bf4-8f8c-9ce96cc1819e" ,
"value" : "https://www.virustotal.com/file/9d239ddd4c925d14e00b5a95827e9191bfda7d59858f141f6f5dcc52329838f0/analysis/1533142093/"
} ,
{
"category" : "Other" ,
"comment" : "" ,
"deleted" : false ,
"disable_correlation" : true ,
"object_relation" : "detection-ratio" ,
"timestamp" : "1533213519" ,
"to_ids" : false ,
"type" : "text" ,
"uuid" : "bdb347e0-ded3-4f72-8360-06865baf1f77" ,
"value" : "23/59"
}
]
}
]
}
}