misp-circl-feed/feeds/circl/misp/5b60b046-c0c8-49ce-aa97-437a02de0b81.json

1492 lines
236 KiB
JSON
Raw Normal View History

2023-04-21 13:25:09 +00:00
{
"Event": {
"analysis": "2",
"date": "2018-07-31",
"extends_uuid": "",
"info": "OSINT - Malicious document targets Vietnamese officials",
"publish_timestamp": "1533301059",
"published": true,
"threat_level_id": "3",
"timestamp": "1533301051",
"uuid": "5b60b046-c0c8-49ce-aa97-437a02de0b81",
"Orgc": {
"name": "CIRCL",
"uuid": "55f6ea5e-2c60-40e5-964f-47a8950d210f"
},
"Tag": [
{
"colour": "#ffffff",
2023-05-19 09:05:37 +00:00
"local": "0",
"name": "tlp:white",
"relationship_type": ""
2023-04-21 13:25:09 +00:00
},
{
"colour": "#00223b",
2023-05-19 09:05:37 +00:00
"local": "0",
"name": "osint:source-type=\"blog-post\"",
"relationship_type": ""
2023-04-21 13:25:09 +00:00
},
{
"colour": "#10ca00",
2023-05-19 09:05:37 +00:00
"local": "0",
"name": "misp-galaxy:threat-actor=\"Hellsing\"",
"relationship_type": ""
2023-04-21 13:25:09 +00:00
}
],
"Attribute": [
{
"category": "External analysis",
"comment": "",
"deleted": false,
"disable_correlation": false,
"timestamp": "1533063262",
"to_ids": false,
"type": "text",
"uuid": "5b60b05e-a498-4fbf-989a-415f02de0b81",
"value": "After our investigation of APT SideWinder, we\u00e2\u20ac\u2122ve done a yara rule for hunting RTF document exploiting the CVE-2017\u00e2\u20ac\u201c11882.\r\n\r\nWe found a document written in Vietnamese dealing with a summary about differents projects in the district H\u00e1\u00ba\u00a3i Ch\u00c3\u00a2u of \u00c4\u0090\u00c3\u00a0 N\u00e1\u00ba\u00b5ng."
},
{
"category": "External analysis",
"comment": "",
"deleted": false,
"disable_correlation": false,
"timestamp": "1533063293",
"to_ids": false,
"type": "link",
"uuid": "5b60b07d-2a4c-4a69-bf54-45c902de0b81",
"value": "https://medium.com/@Sebdraven/malicious-document-targets-vietnamese-officials-acb3b9d8b80a"
},
{
"category": "Network activity",
"comment": "",
"deleted": false,
"disable_correlation": false,
"timestamp": "1533063338",
"to_ids": true,
"type": "hostname",
"uuid": "5b60b0aa-8804-41de-b5f9-4b1502de0b81",
"value": "dn.dulichbiendao.org"
},
{
"category": "Network activity",
"comment": "",
"deleted": false,
"disable_correlation": false,
"timestamp": "1533063338",
"to_ids": true,
"type": "hostname",
"uuid": "5b60b0aa-8ffc-4f81-b727-4f7a02de0b81",
"value": "gateway.vietbaotinmoi.com"
},
{
"category": "Network activity",
"comment": "",
"deleted": false,
"disable_correlation": false,
"timestamp": "1533063339",
"to_ids": true,
"type": "hostname",
"uuid": "5b60b0ab-35c8-4772-a501-457402de0b81",
"value": "fis.malware-sinkhole.net"
},
{
"category": "Network activity",
"comment": "",
"deleted": false,
"disable_correlation": false,
"timestamp": "1533063339",
"to_ids": true,
"type": "hostname",
"uuid": "5b60b0ab-ffb8-4dbb-8955-4acb02de0b81",
"value": "hn.dulichbiendao.org"
},
{
"category": "Network activity",
"comment": "",
"deleted": false,
"disable_correlation": false,
"timestamp": "1533063340",
"to_ids": true,
"type": "hostname",
"uuid": "5b60b0ac-0c6c-46bc-87ca-46ab02de0b81",
"value": "halong.dulichculao.com"
},
{
"category": "Network activity",
"comment": "",
"deleted": false,
"disable_correlation": false,
"timestamp": "1533063340",
"to_ids": true,
"type": "hostname",
"uuid": "5b60b0ac-42b0-4015-8080-4c3e02de0b81",
"value": "news.malware-sinkhole.net"
},
{
"category": "Network activity",
"comment": "",
"deleted": false,
"disable_correlation": false,
"timestamp": "1533063341",
"to_ids": true,
"type": "hostname",
"uuid": "5b60b0ad-fc20-44d6-864e-403502de0b81",
"value": "cat.toonganuh.com"
},
{
"category": "Network activity",
"comment": "",
"deleted": false,
"disable_correlation": false,
"timestamp": "1533063341",
"to_ids": true,
"type": "hostname",
"uuid": "5b60b0ad-8620-4f8e-9fe9-491902de0b81",
"value": "new.sggpnews.com"
},
{
"category": "Network activity",
"comment": "",
"deleted": false,
"disable_correlation": false,
"timestamp": "1533063342",
"to_ids": true,
"type": "domain",
"uuid": "5b60b0ae-342c-442f-86ae-45ae02de0b81",
"value": "dulichculao.com"
},
{
"category": "Network activity",
"comment": "",
"deleted": false,
"disable_correlation": false,
"timestamp": "1533063342",
"to_ids": true,
"type": "hostname",
"uuid": "5b60b0ae-bd04-4ad5-80a3-416b02de0b81",
"value": "coco.sodexoa.com"
},
{
"category": "Network activity",
"comment": "",
"deleted": false,
"disable_correlation": false,
"timestamp": "1533063342",
"to_ids": true,
"type": "hostname",
"uuid": "5b60b0ae-1190-4c13-8312-4c1d02de0b81",
"value": "thoitiet.malware-sinkhole.net"
},
{
"category": "Network activity",
"comment": "",
"deleted": false,
"disable_correlation": false,
"timestamp": "1533063343",
"to_ids": true,
"type": "hostname",
"uuid": "5b60b0af-f70c-4cdb-ad89-426f02de0b81",
"value": "wouderfulu.impresstravel.ga"
},
{
"category": "Network activity",
"comment": "",
"deleted": false,
"disable_correlation": false,
"timestamp": "1533063343",
"to_ids": true,
"type": "domain",
"uuid": "5b60b0af-e20c-4100-b7ac-43ae02de0b81",
"value": "toonganuh.com"
},
{
"category": "Network activity",
"comment": "",
"deleted": false,
"disable_correlation": false,
"timestamp": "1533063412",
"to_ids": true,
"type": "ip-dst",
"uuid": "5b60b0f4-223c-4110-86b9-40d302de0b81",
"value": "192.99.181.14"
},
{
"category": "Network activity",
"comment": "",
"deleted": false,
"disable_correlation": false,
"timestamp": "1533063413",
"to_ids": true,
"type": "ip-dst",
"uuid": "5b60b0f5-fc4c-4bdf-b0e0-492a02de0b81",
"value": "176.223.165.122"
},
{
"category": "Payload delivery",
"comment": "RTF",
"deleted": false,
"disable_correlation": false,
"timestamp": "1533063446",
"to_ids": true,
"type": "sha256",
"uuid": "5b60b116-c4b8-4db1-a759-488602de0b81",
"value": "42162c495e835cdf28670661a53d47d12255d9c791c1c5653673b25fb587ffed"
},
{
"category": "Payload delivery",
"comment": "8.t",
"deleted": false,
"disable_correlation": false,
"timestamp": "1533063466",
"to_ids": true,
"type": "sha256",
"uuid": "5b60b12a-7f14-4224-b16a-46f702de0b81",
"value": "2c60d4312e4416745e56048ee35e694a79e1bc77e7e4d0b5811e64c84a72d2d7"
},
{
"category": "Payload delivery",
"comment": "exe",
"deleted": false,
"disable_correlation": false,
"timestamp": "1533063501",
"to_ids": true,
"type": "sha256",
"uuid": "5b60b14d-4b2c-46aa-83a7-4e2902de0b81",
"value": "f9ebf6aeb3f0fb0c29bd8f3d652476cd1fe8bd9a0c11cb15c43de33bbce0bf68"
},
{
"category": "Payload delivery",
"comment": "dll",
"deleted": false,
"disable_correlation": false,
"timestamp": "1533063501",
"to_ids": true,
"type": "sha256",
"uuid": "5b60b14d-82a0-49a6-8fad-49ce02de0b81",
"value": "9f5da7524817736cd85d87dae93fdbe478385baac1c0aa3102b6ad50d7e5e368"
},
{
"category": "External analysis",
"comment": "joe sandbox overview",
"data": "iVBORw0KGgoAAAANSUhEUgAABPkAAAOgCAIAAADAnTTnAACAAElEQVR42uzdB1QU1/4H8JntsEvvVaSsAiI2sGJvJFYUe401sT01xmgSSzSJRp+Jvhg1JkaNEjV2jb0XwEZRBOlIE2m7lO07O/8T5r39E1QkCrLA93M4nN3ZO3fu3Nmdnd/eO/dyaJomAAAAAAAAoCHQaDRyuRz18FIkSZaWljo7OxMEwUJ1AAAAAAAAQCODWBcAAAAAAAAQ6wIAAAAAAAAg1gUAAAAAAABArAsAAAAAAAA1cjc6ITY+pcrCBw8THzxMZB6fu3qnSFL64ooR9+Mysp7VfEMR9+PinqQZyF6/tvCIdQEAAAAAABowmqZJgqwmgYujLZ/HfcmKxD+blocmDGgSn9cWHrEuAAAAAABAY+bborlIaKR/qlJrdDrdS1PqdDq1WvPGG3rV6upXbLH6zak1L1mrmsJXwcGBBwAAAAAAaMSu3o5q08rLwsxEWlr+KCGtXCZnsVgujraV20W1WiouMS0vv5imaSMB37dFcxsr85pv4lWrl8sUsfEppWUyNpvl0cxJWlru7GBjZ2NZzeZu3nko9nBJzcgpKS0nSdLNxaGlpytBENUUHrEuAAAAAABAI6RSqyXSsspLNBotl/vfcE+pUusqRD1KEgmN2vi2Jggi7klaaZnM0c6aSROXmF5WLu/U3pfP46ZnPot6lNQt0E9obFTDArx0dWMjQXRckrGRoI2vp05HP0xILZcpHGytqt+cSqVKSMrwbdHc0tw0J6/gcWK6g62lici4msIj1gUAAAAAAGiECotLCotLqiy0tbao/PRZfpFGo23j68WriIH9fT1vRMYyLymUqmfPC7sE+JmZCAmC8BG7FUtLc54Vij1carL1V61ubiZSKFUd2/kyW2zV0j383qOabM7Bzopp5nV1snuSkqlQqcvlilcVHrEuAAAAAABA4+RgZ93G17PyEv0gzHrl5QozEyHvf429xkYCAZ/HPC4rlxMEkZtX+Ox5IbOEpulyuaKGW3/V6hwO29hIoN+imYmQxWLVZHMmQmP9Y3bFKtUUHrEuAEDjR1GUTqf7ZyMqAlSLJEk2m81cmgAAQINGEzRJ/m24Zv3pnaJ0LBZLH0kSBOFoZ21kxK/xFcjLV5fJlFW+QZjtv3ZzLDar5oVHrAsA0JhptVqNRoMoF+qCRqP564qEx0PECwDQoBkbCXLyCnU6HXM+12ophVLFvGRkxNfpdC5Otjzuf6cmyi+UvLbhVO9Vq9M0Lc9R0vR/w1SlSk1RujfbXDWFfxV8aQEANGw0TSuVSgS6UKd0Oh3zNkNVAAA0XMzox0lpWXSFhOQM/eQ9ZiZCkdA4LiGNWVJUXBL1KIl62dQ+KrVGIi2r/FfN6jZWFgRNpz3NZa5YklIz/+nmalL4V0G7LgBAww50VSoVc9JHbUBdY35S4fF4qAoAgIaIz+O2atE8LjE9KyefIAiR0Eg/zQ9Jkv4+HlGPkq7cesDlcpUqlZe7s4WZyYuZ5BdK8gsllZcM6BnIYrFetbqfj2fs4+Sn2Xk0QdjbWPJ4XBaLVfPN1aTwr0Li8ggAoOFSqVQURaEe4J0hSZLL5XI4+K0cAKDeaDQauVz+5hcPak1JaTmXyzE3FVW5A1an00mkZZROZ2oirHkH5mpW1+l0Gi3FTI0r4HFNRMYXb9wLbOvDhLVvsLlqCq//niotLXV2dka7LgBAA8aMRIV6gHeJpmmNRsNms196hQEAAIaPz+NWmYtIj8ViWVmavXHOL66uUKpvRMZ0bOdjV7HFtMxcNpvNzDP0ZpurpvAvKQ8ONgBAA9VE7tE9e/asewUfH59ly5ZVeXXnzp1z5sypST41T7lr1y4fHx8bG5vRo0dLJJLazbxxQG8CAACoCaGxQOzucj/2ya07D6+FR6dl5LT29nhnIx2iXRcAoEGiabqJNOqqVCoOh3Pt2rXs7Ow+ffpMnjw5u8LQoUMtLCwUCoVUKj158iSLxRo0aJBGozl16lRhYeGAAQMePXrk4+Pj7u5++PDhrl27+vv729jYEATx4MGDmJiYrl27tmzZMi4urqSkpLi4ePDgwczmbt68uWzZssOHD4vF4vnz569evXr69OlMmoEDB+ozl0gkMpksOzvb0dExKCioSjEa/XtPo9GgGzMAANSEh5uTi5OdTKbgcNlCI8G7HNKfvWrVKhwAAIAGR1ehKezpkydPjhw5olQqr1y5IhQKuVzuli1bBALB8uXLp0+f/uDBg99//10kEn355ZeBgYEHKlAUtXbtWjabHRUV5efnN3DgwI8//vjPP/+8ePEii8WaPn26s7PzokWLevToceHChc8++ywtLW3ChAnM5n788UcXF5d58+aVlZV16tQpKCjo+PHjTJrs7Gx95iwW69NPP7WwsFi5cqWPj09xcXHlYri5uTXug8LctYuPIQBAfVGr1Q2otGw2y0jA5/O47+D+F5IkVSqVqakp2nUBABqqJjWyIJvNdnJyMjIyCg8PP3z4sLm5uU6ny8rKevz4MUEQXbt2/fe//x0XF/f06dOxY8fSNH3nzp3c3NzQ0NAZM2b4+/v37dvX3Py/QzUePXp09uzZn3zyiUwmO3r0qLm5eevWrY8fP67fllKpZFosf/nll/379zs7O/fr149Jk5aWps+cIIg+ffps2rSJx+OdOXNGLBZXLgbefgAAUKdfi2w2G7eTvBbu1wUAAENnamo6Z86c+fPnkySpVCp79eo1bdq077//nmk+ZUJT5qfipUuXSiSSf/3rXwRBdO7cmaKobdu2hYaG6rMyMjKSSqUEQUgkEmNjY4IgrKysKm8rKCjozJkzmZmZn3/+ub43MpOmcuYEQTD5FBcXi0SiKsUAAACoU8bGxvjGeS206wIAgKHLzMw0NTXl8Xjdu3efPHny0qVLT58+bWVlNWXKlCopXVxcTpw4ER8fT1GUVCoNDQ3dtm3be++9p08wZ86coUOH3rhxo7i4+Ouvv96/f3+VHEaMGHH16lV/f38zM7Nu3bq9KnOlUpmSktKxY8dnz55dvnz57NmzOEwAAPDOsFgskUikUqm0Wi0mZXgVzK8LANAgabXaJjIO84tKSkqKiorc3d1ffImm6YyMDBcXl2pGTlIqldnZ2c2aNavmjlOJRKJSqezt7XU6nX4UjcqZr1ixoqio6LPPPjMzMxMKhU3wKDCt4gBN55Qrk8lQDwANIL7F/LoAANBwmVV41Tdc8+bNq19dIBB4enpWn8bC4r9z91UeLrJy5q6urubm5o6OjjgcAAAABhr3ol0XAKAhasrtumAI0K4LTe2Ui3ZdgIYR31Zq18XYVAAAAAAAANDYINYFAAAAAAAAxLoAAAAAAAAAiHUBAAAAAAAAEOsCAAAAAAAAvDnMOQQA0AilpaVpNJrS0lJzc3MvLy9UCAAAACDWBQCABu+rr77S6XQ0TVMU5e7uvmrVKpqmK08VW4/Ky8uFQiFJkmVlZSYmJgRBKBQKIyMj5lWZTCYUCvUvAQAAACDWBQCAvxk5cmRwcHC7du26deuWmJg4d+7cei/SiRMnnj59KpVKrayseDyeRCIJDQ1dtGjR4cOH2Wz27t27KYpSKpXMS5988gkOIgAYpi1btsTGxvr4+CxevNgAi3fx4sUDBw44ODisXbsWBwuaLNyvCwDQmCkUCi6X269fP0MIdAmCuHnzJkmSffr0yczMnDZtWmpqqoODg6+vL0EQ8fHx5eXlBEHoX8LhAwCDlZ+fn5GRkZeXZ5jFKysry8jIyMnJwZECxLoAANAIff311/3791+yZMn58+e3bNliCEWSy+WzZ88+ffr05MmTN23aRFGUQCAwNjYmCGL9+vWlpaXXrl2bNGkS8xKOIAAAALwx9GEGAGiEfvnllypLBgwYYAgF69ixY1hYGI/He/DggZWVVatWrfQv7dq1Kycn59y5c1FRUVVeAgBoWHQ63fHjx69cuSKRSFxcXAYNGtStWzf9qxcvXjx27Fh5eXmfPn3EYvGBAwfc3NwWLlxY/YoLFy7U6XSTJ0+OrGBsbNyrV6/Q0FD9WAxnzpw5depUWVlZp06dLC
"deleted": false,
"disable_correlation": false,
"timestamp": "1533063549",
"to_ids": false,
"type": "attachment",
"uuid": "5b60b17d-48b8-4f9c-a13c-484602de0b81",
"value": "joe.png"
},
{
"category": "Payload delivery",
"comment": "",
"deleted": false,
"disable_correlation": false,
"timestamp": "1533299300",
"to_ids": true,
"type": "sha256",
"uuid": "5b644a64-8644-4576-a851-41b7950d210f",
"value": "dd89d33e275e99e288e4c50bdafbb4584a9565189491af0a66f8a506eaf53859"
}
],
"Object": [
{
"comment": "",
"deleted": false,
"description": "File object describing a file with meta-information",
"meta-category": "file",
"name": "file",
"template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215",
"template_version": "11",
"timestamp": "1533063618",
"uuid": "440c258f-8bb9-488f-9ba4-11d2d4a0c491",
"ObjectReference": [
{
"comment": "",
"object_uuid": "440c258f-8bb9-488f-9ba4-11d2d4a0c491",
"referenced_uuid": "28410a9f-3d9e-4e02-ab8a-9ad909a615fd",
"relationship_type": "analysed-with",
"timestamp": "1533063623",
"uuid": "5b60b1c7-7628-475b-9fc3-4e0802de0b81"
}
],
"Attribute": [
{
"category": "Payload delivery",
"comment": "",
"deleted": false,
"disable_correlation": false,
"object_relation": "md5",
"timestamp": "1533063616",
"to_ids": true,
"type": "md5",
"uuid": "60de8c92-819b-4061-a51e-cb08953e1d2b",
"value": "56c52e6a3dede484b44d1dbfed8a92f0"
},
{
"category": "Payload delivery",
"comment": "",
"deleted": false,
"disable_correlation": false,
"object_relation": "sha1",
"timestamp": "1533063616",
"to_ids": true,
"type": "sha1",
"uuid": "52ab0739-b144-437d-a5c1-ab7e73ecea17",
"value": "505bd0f307da1efe9785044fa7dfbe655da231a5"
},
{
"category": "Payload delivery",
"comment": "",
"deleted": false,
"disable_correlation": false,
"object_relation": "sha256",
"timestamp": "1533063617",
"to_ids": true,
"type": "sha256",
"uuid": "f8c86aa7-3fb9-4483-b168-1021b1c07e04",
"value": "9f5da7524817736cd85d87dae93fdbe478385baac1c0aa3102b6ad50d7e5e368"
}
]
},
{
"comment": "",
"deleted": false,
"description": "VirusTotal report",
"meta-category": "misc",
"name": "virustotal-report",
"template_uuid": "d7dd0154-e04f-4c34-a2fb-79f3a3a52aa4",
"template_version": "2",
"timestamp": "1533063617",
"uuid": "28410a9f-3d9e-4e02-ab8a-9ad909a615fd",
"Attribute": [
{
"category": "Other",
"comment": "",
"deleted": false,
"disable_correlation": false,
"object_relation": "last-submission",
"timestamp": "1533063617",
"to_ids": false,
"type": "datetime",
"uuid": "5c2b8366-1836-4e0c-8a19-501a98245585",
"value": "2018-07-29T07:48:40"
},
{
"category": "External analysis",
"comment": "",
"deleted": false,
"disable_correlation": false,
"object_relation": "permalink",
"timestamp": "1533063618",
"to_ids": false,
"type": "link",
"uuid": "cbe263b6-e9d2-4432-a74f-ed814315b04f",
"value": "https://www.virustotal.com/file/9f5da7524817736cd85d87dae93fdbe478385baac1c0aa3102b6ad50d7e5e368/analysis/1532850520/"
},
{
"category": "Other",
"comment": "",
"deleted": false,
"disable_correlation": true,
"object_relation": "detection-ratio",
"timestamp": "1533063618",
"to_ids": false,
"type": "text",
"uuid": "a4e00129-18fa-483c-a624-c460ecf18ec2",
"value": "40/65"
}
]
},
{
"comment": "",
"deleted": false,
"description": "File object describing a file with meta-information",
"meta-category": "file",
"name": "file",
"template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215",
"template_version": "11",
"timestamp": "1533063621",
"uuid": "28ff01c4-0217-4836-a385-3e490837c712",
"ObjectReference": [
{
"comment": "",
"object_uuid": "28ff01c4-0217-4836-a385-3e490837c712",
"referenced_uuid": "dbc74363-ad91-41ec-9380-a91ae88b02e0",
"relationship_type": "analysed-with",
"timestamp": "1533063623",
"uuid": "5b60b1c7-fb40-4374-be4f-4ac702de0b81"
}
],
"Attribute": [
{
"category": "Payload delivery",
"comment": "",
"deleted": false,
"disable_correlation": false,
"object_relation": "md5",
"timestamp": "1533063618",
"to_ids": true,
"type": "md5",
"uuid": "5237bfe4-38e6-4276-9d2b-617c2007b861",
"value": "d64161db327f4ec91d458a00293c62b0"
},
{
"category": "Payload delivery",
"comment": "",
"deleted": false,
"disable_correlation": false,
"object_relation": "sha1",
"timestamp": "1533063619",
"to_ids": true,
"type": "sha1",
"uuid": "5d921359-e535-4598-9b2b-f748396683b2",
"value": "364570ca28e004bed1d9d4e5853befd77b88465f"
},
{
"category": "Payload delivery",
"comment": "",
"deleted": false,
"disable_correlation": false,
"object_relation": "sha256",
"timestamp": "1533063619",
"to_ids": true,
"type": "sha256",
"uuid": "4b717a77-36a6-43ca-9a9d-21f209c32981",
"value": "42162c495e835cdf28670661a53d47d12255d9c791c1c5653673b25fb587ffed"
}
]
},
{
"comment": "",
"deleted": false,
"description": "VirusTotal report",
"meta-category": "misc",
"name": "virustotal-report",
"template_uuid": "d7dd0154-e04f-4c34-a2fb-79f3a3a52aa4",
"template_version": "2",
"timestamp": "1533063620",
"uuid": "dbc74363-ad91-41ec-9380-a91ae88b02e0",
"Attribute": [
{
"category": "Other",
"comment": "",
"deleted": false,
"disable_correlation": false,
"object_relation": "last-submission",
"timestamp": "1533063620",
"to_ids": false,
"type": "datetime",
"uuid": "aca159f6-9481-42db-a2c2-42ac503fa261",
"value": "2018-07-23T15:44:31"
},
{
"category": "External analysis",
"comment": "",
"deleted": false,
"disable_correlation": false,
"object_relation": "permalink",
"timestamp": "1533063620",
"to_ids": false,
"type": "link",
"uuid": "19e1bc6e-a9ea-4bbb-bfac-e27af4df4921",
"value": "https://www.virustotal.com/file/42162c495e835cdf28670661a53d47d12255d9c791c1c5653673b25fb587ffed/analysis/1532360671/"
},
{
"category": "Other",
"comment": "",
"deleted": false,
"disable_correlation": true,
"object_relation": "detection-ratio",
"timestamp": "1533063621",
"to_ids": false,
"type": "text",
"uuid": "9a0e8dc2-5f70-4f8f-9279-116ae36d69de",
"value": "24/60"
}
]
},
{
"comment": "",
"deleted": false,
"description": "File object describing a file with meta-information",
"meta-category": "file",
"name": "file",
"template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215",
"template_version": "11",
"timestamp": "1533063624",
"uuid": "341880ea-3069-4d12-bd1e-9e855ee3edb7",
"ObjectReference": [
{
"comment": "",
"object_uuid": "341880ea-3069-4d12-bd1e-9e855ee3edb7",
"referenced_uuid": "97460a0b-9f53-4f2d-afa1-b3eccf30fd47",
"relationship_type": "analysed-with",
"timestamp": "1533063624",
"uuid": "5b60b1c8-32b4-4a77-b05a-4ba402de0b81"
}
],
"Attribute": [
{
"category": "Payload delivery",
"comment": "",
"deleted": false,
"disable_correlation": false,
"object_relation": "md5",
"timestamp": "1533063621",
"to_ids": true,
"type": "md5",
"uuid": "1ec9f3b2-54ac-4ab2-926c-0e4aa6353183",
"value": "62944e26b36b1dcace429ae26ba66164"
},
{
"category": "Payload delivery",
"comment": "",
"deleted": false,
"disable_correlation": false,
"object_relation": "sha1",
"timestamp": "1533063621",
"to_ids": true,
"type": "sha1",
"uuid": "177dfc38-b61b-4294-8084-782fa8389001",
"value": "2616da1697f7c764ee7fb558887a6a3279861fac"
},
{
"category": "Payload delivery",
"comment": "",
"deleted": false,
"disable_correlation": false,
"object_relation": "sha256",
"timestamp": "1533063622",
"to_ids": true,
"type": "sha256",
"uuid": "9bfaa9d6-795b-4e61-8e16-f537107e50bc",
"value": "f9ebf6aeb3f0fb0c29bd8f3d652476cd1fe8bd9a0c11cb15c43de33bbce0bf68"
}
]
},
{
"comment": "",
"deleted": false,
"description": "VirusTotal report",
"meta-category": "misc",
"name": "virustotal-report",
"template_uuid": "d7dd0154-e04f-4c34-a2fb-79f3a3a52aa4",
"template_version": "2",
"timestamp": "1533063622",
"uuid": "97460a0b-9f53-4f2d-afa1-b3eccf30fd47",
"Attribute": [
{
"category": "Other",
"comment": "",
"deleted": false,
"disable_correlation": false,
"object_relation": "last-submission",
"timestamp": "1533063622",
"to_ids": false,
"type": "datetime",
"uuid": "01d43de5-edc2-4275-a5b2-b42e76b5544d",
"value": "2018-07-24T09:20:59"
},
{
"category": "External analysis",
"comment": "",
"deleted": false,
"disable_correlation": false,
"object_relation": "permalink",
"timestamp": "1533063623",
"to_ids": false,
"type": "link",
"uuid": "8835b84d-dad7-4cbc-afde-ed46122a4768",
"value": "https://www.virustotal.com/file/f9ebf6aeb3f0fb0c29bd8f3d652476cd1fe8bd9a0c11cb15c43de33bbce0bf68/analysis/1532424059/"
},
{
"category": "Other",
"comment": "",
"deleted": false,
"disable_correlation": true,
"object_relation": "detection-ratio",
"timestamp": "1533063623",
"to_ids": false,
"type": "text",
"uuid": "fe6851a5-9f11-4ce3-9725-7b452118a065",
"value": "0/67"
}
]
},
{
"comment": "",
"deleted": false,
"description": "File object describing a file with meta-information",
"meta-category": "file",
"name": "file",
"template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215",
"template_version": "11",
"timestamp": "1533213232",
"uuid": "5b62fa30-d240-4632-b970-4eb802de0b81",
"Attribute": [
{
"category": "Payload delivery",
"comment": "",
"deleted": false,
"disable_correlation": false,
"object_relation": "sha256",
"timestamp": "1533213232",
"to_ids": true,
"type": "sha256",
"uuid": "5b62fa30-ae14-40ed-bb93-42a402de0b81",
"value": "597c0c6f397eefb06155abdf5aa9a7476c977c44ef8bd9575b01359e96273486"
},
{
"category": "Payload delivery",
"comment": "",
"deleted": false,
"disable_correlation": true,
"object_relation": "filename",
"timestamp": "1533213233",
"to_ids": true,
"type": "filename",
"uuid": "5b62fa31-4d48-4181-b132-453b02de0b81",
"value": "59.rtf"
},
{
"category": "Other",
"comment": "",
"deleted": false,
"disable_correlation": true,
"object_relation": "state",
"timestamp": "1533213233",
"to_ids": false,
"type": "text",
"uuid": "5b62fa31-4a78-4804-9f3e-485e02de0b81",
"value": "Malicious"
}
]
},
{
"comment": "",
"deleted": false,
"description": "File object describing a file with meta-information",
"meta-category": "file",
"name": "file",
"template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215",
"template_version": "11",
"timestamp": "1533213270",
"uuid": "5b62fa56-9f74-4086-b0f6-48f002de0b81",
"Attribute": [
{
"category": "Payload delivery",
"comment": "",
"deleted": false,
"disable_correlation": false,
"object_relation": "sha256",
"timestamp": "1533213271",
"to_ids": true,
"type": "sha256",
"uuid": "5b62fa57-33d8-488b-9a64-4a8902de0b81",
"value": "11f38b6a69978dad95c9b1479db9a8729ca57329855998bd41befc364657d654"
},
{
"category": "Payload delivery",
"comment": "",
"deleted": false,
"disable_correlation": true,
"object_relation": "filename",
"timestamp": "1533213271",
"to_ids": true,
"type": "filename",
"uuid": "5b62fa57-6754-40c0-b8f1-4e0402de0b81",
"value": "RasTls.dll"
},
{
"category": "Other",
"comment": "",
"deleted": false,
"disable_correlation": true,
"object_relation": "state",
"timestamp": "1533213271",
"to_ids": false,
"type": "text",
"uuid": "5b62fa57-d024-4689-a2a3-442b02de0b81",
"value": "Malicious"
}
]
},
{
"comment": "",
"deleted": false,
"description": "File object describing a file with meta-information",
"meta-category": "file",
"name": "file",
"template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215",
"template_version": "11",
"timestamp": "1533213304",
"uuid": "5b62fa78-2388-4104-80f1-4b6a02de0b81",
"Attribute": [
{
"category": "Payload delivery",
"comment": "",
"deleted": false,
"disable_correlation": false,
"object_relation": "sha256",
"timestamp": "1533213304",
"to_ids": true,
"type": "sha256",
"uuid": "5b62fa78-0f5c-46b1-9b01-458e02de0b81",
"value": "f9ebf6aeb3f0fb0c29bd8f3d652476cd1fe8bd9a0c11cb15c43de33bbce0bf68"
},
{
"category": "Payload delivery",
"comment": "",
"deleted": false,
"disable_correlation": true,
"object_relation": "filename",
"timestamp": "1533213305",
"to_ids": true,
"type": "filename",
"uuid": "5b62fa79-6d64-48ce-b17c-437602de0b81",
"value": "RasTls.exe"
},
{
"category": "Other",
"comment": "",
"deleted": false,
"disable_correlation": true,
"object_relation": "state",
"timestamp": "1533213305",
"to_ids": false,
"type": "text",
"uuid": "5b62fa79-92c4-4e71-a768-496402de0b81",
"value": "Malicious"
}
]
},
{
"comment": "",
"deleted": false,
"description": "File object describing a file with meta-information",
"meta-category": "file",
"name": "file",
"template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215",
"template_version": "11",
"timestamp": "1533213337",
"uuid": "5b62fa99-c394-40ff-8bca-447402de0b81",
"Attribute": [
{
"category": "Payload delivery",
"comment": "",
"deleted": false,
"disable_correlation": false,
"object_relation": "sha256",
"timestamp": "1533213337",
"to_ids": true,
"type": "sha256",
"uuid": "5b62fa99-68c0-43fc-9c85-4cd802de0b81",
"value": "b70069e1c8e829bfd7090ba3dfbf0e256fc7dfcefc6acafb3b53abcf2caa2253"
},
{
"category": "Payload delivery",
"comment": "",
"deleted": false,
"disable_correlation": true,
"object_relation": "filename",
"timestamp": "1533213338",
"to_ids": true,
"type": "filename",
"uuid": "5b62fa9a-7524-4ad9-9327-4dd302de0b81",
"value": "b7.rtf"
},
{
"category": "Other",
"comment": "",
"deleted": false,
"disable_correlation": true,
"object_relation": "state",
"timestamp": "1533213338",
"to_ids": false,
"type": "text",
"uuid": "5b62fa9a-f338-4d62-9a2a-4c2d02de0b81",
"value": "Malicious"
}
]
},
{
"comment": "",
"deleted": false,
"description": "File object describing a file with meta-information",
"meta-category": "file",
"name": "file",
"template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215",
"template_version": "11",
"timestamp": "1533213363",
"uuid": "5b62fab3-512c-40ac-bd39-45c802de0b81",
"Attribute": [
{
"category": "Payload delivery",
"comment": "",
"deleted": false,
"disable_correlation": false,
"object_relation": "sha256",
"timestamp": "1533213363",
"to_ids": true,
"type": "sha256",
"uuid": "5b62fab3-0664-48b7-9ffa-400502de0b81",
"value": "77361b1ca09d6857d68cea052a0bb857e03d776d3e1943897315a80a19f20fc2"
},
{
"category": "Payload delivery",
"comment": "",
"deleted": false,
"disable_correlation": true,
"object_relation": "filename",
"timestamp": "1533213363",
"to_ids": true,
"type": "filename",
"uuid": "5b62fab3-8710-41be-aa9e-45d302de0b81",
"value": "spoolsver.exe"
},
{
"category": "Other",
"comment": "",
"deleted": false,
"disable_correlation": true,
"object_relation": "state",
"timestamp": "1533213363",
"to_ids": false,
"type": "text",
"uuid": "5b62fab3-cd7c-4622-b501-499402de0b81",
"value": "Malicious"
}
]
},
{
"comment": "",
"deleted": false,
"description": "File object describing a file with meta-information",
"meta-category": "file",
"name": "file",
"template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215",
"template_version": "11",
"timestamp": "1533213396",
"uuid": "5b62fad4-270c-4ffc-8aff-4ee002de0b81",
"Attribute": [
{
"category": "Payload delivery",
"comment": "",
"deleted": false,
"disable_correlation": false,
"object_relation": "sha256",
"timestamp": "1533213396",
"to_ids": true,
"type": "sha256",
"uuid": "5b62fad4-bb60-4e4e-8cda-4c8402de0b81",
"value": "9fba998ab2c1b7fec39da9817b27768ba7892c0613c4be7c525989161981d2e2"
},
{
"category": "Payload delivery",
"comment": "",
"deleted": false,
"disable_correlation": true,
"object_relation": "filename",
"timestamp": "1533213397",
"to_ids": true,
"type": "filename",
"uuid": "5b62fad5-6cd4-4351-ab26-430002de0b81",
"value": "vsodscpl.dll"
},
{
"category": "Other",
"comment": "",
"deleted": false,
"disable_correlation": true,
"object_relation": "state",
"timestamp": "1533213397",
"to_ids": false,
"type": "text",
"uuid": "5b62fad5-64e4-44bc-8370-465c02de0b81",
"value": "Malicious"
}
]
},
{
"comment": "",
"deleted": false,
"description": "File object describing a file with meta-information",
"meta-category": "file",
"name": "file",
"template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215",
"template_version": "11",
"timestamp": "1533213437",
"uuid": "5b62fafd-f4b0-409c-aba6-4ae602de0b81",
"Attribute": [
{
"category": "Payload delivery",
"comment": "",
"deleted": false,
"disable_correlation": false,
"object_relation": "sha256",
"timestamp": "1533213437",
"to_ids": true,
"type": "sha256",
"uuid": "5b62fafd-94f0-4f55-beaa-4fc502de0b81",
"value": "9d239ddd4c925d14e00b5a95827e9191bfda7d59858f141f6f5dcc52329838f0"
},
{
"category": "Payload delivery",
"comment": "",
"deleted": false,
"disable_correlation": true,
"object_relation": "filename",
"timestamp": "1533213438",
"to_ids": true,
"type": "filename",
"uuid": "5b62fafe-7540-47f3-933d-4ce202de0b81",
"value": "9d.rtf"
},
{
"category": "Other",
"comment": "",
"deleted": false,
"disable_correlation": true,
"object_relation": "state",
"timestamp": "1533213438",
"to_ids": false,
"type": "text",
"uuid": "5b62fafe-7388-4b2d-a98e-4b1602de0b81",
"value": "Malicious"
}
]
},
{
"comment": "",
"deleted": false,
"description": "File object describing a file with meta-information",
"meta-category": "file",
"name": "file",
"template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215",
"template_version": "11",
"timestamp": "1533213461",
"uuid": "5b62fb15-ba10-4e32-ba11-49ba02de0b81",
"Attribute": [
{
"category": "Payload delivery",
"comment": "",
"deleted": false,
"disable_correlation": false,
"object_relation": "sha256",
"timestamp": "1533213462",
"to_ids": true,
"type": "sha256",
"uuid": "5b62fb16-3a64-4729-be2e-442f02de0b81",
"value": "087d8bee1db61273a7cd533d52b63265d3a8a8b897526d7849c48bcdba4b22ec"
},
{
"category": "Payload delivery",
"comment": "",
"deleted": false,
"disable_correlation": true,
"object_relation": "filename",
"timestamp": "1533213462",
"to_ids": true,
"type": "filename",
"uuid": "5b62fb16-9d34-4b12-bc18-4d4002de0b81",
"value": "RasTls.dll"
},
{
"category": "Other",
"comment": "",
"deleted": false,
"disable_correlation": true,
"object_relation": "state",
"timestamp": "1533213462",
"to_ids": false,
"type": "text",
"uuid": "5b62fb16-2d70-4b01-b304-4e4802de0b81",
"value": "Malicious"
}
]
},
{
"comment": "",
"deleted": false,
"description": "File object describing a file with meta-information",
"meta-category": "file",
"name": "file",
"template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215",
"template_version": "11",
"timestamp": "1533213494",
"uuid": "5b62fb36-9314-4c86-b3eb-484202de0b81",
"Attribute": [
{
"category": "Payload delivery",
"comment": "",
"deleted": false,
"disable_correlation": false,
"object_relation": "sha256",
"timestamp": "1533213495",
"to_ids": true,
"type": "sha256",
"uuid": "5b62fb37-9be4-41f9-92e7-49d302de0b81",
"value": "f9ebf6aeb3f0fb0c29bd8f3d652476cd1fe8bd9a0c11cb15c43de33bbce0bf68"
},
{
"category": "Payload delivery",
"comment": "",
"deleted": false,
"disable_correlation": true,
"object_relation": "filename",
"timestamp": "1533213495",
"to_ids": true,
"type": "filename",
"uuid": "5b62fb37-54f0-4c02-be7f-499b02de0b81",
"value": "RasTls.exe"
},
{
"category": "Other",
"comment": "",
"deleted": false,
"disable_correlation": true,
"object_relation": "state",
"timestamp": "1533213495",
"to_ids": false,
"type": "text",
"uuid": "5b62fb37-a504-4a9d-bc2c-4c2d02de0b81",
"value": "Malicious"
}
]
},
{
"comment": "",
"deleted": false,
"description": "File object describing a file with meta-information",
"meta-category": "file",
"name": "file",
"template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215",
"template_version": "11",
"timestamp": "1533213513",
"uuid": "f2b65487-b330-43d5-b152-9d8e7ab9fa86",
"ObjectReference": [
{
"comment": "",
"object_uuid": "f2b65487-b330-43d5-b152-9d8e7ab9fa86",
"referenced_uuid": "081c7113-f184-47ac-bcc8-85e42c98a503",
"relationship_type": "analysed-with",
"timestamp": "1533213519",
"uuid": "5b62fb4f-a0c4-487e-88f5-4a3502de0b81"
}
],
"Attribute": [
{
"category": "Payload delivery",
"comment": "",
"deleted": false,
"disable_correlation": false,
"object_relation": "md5",
"timestamp": "1533213510",
"to_ids": true,
"type": "md5",
"uuid": "dbe9ecf5-ccb6-42cc-a264-e3a272331f23",
"value": "88d667cc01c4d8ee32e9de116f3bfdeb"
},
{
"category": "Payload delivery",
"comment": "",
"deleted": false,
"disable_correlation": false,
"object_relation": "sha1",
"timestamp": "1533213510",
"to_ids": true,
"type": "sha1",
"uuid": "a5537a01-fe33-4f0e-98d6-658a329a9908",
"value": "5ca26b6eae6bdf038c4ec61b174a3825bcde95fd"
},
{
"category": "Payload delivery",
"comment": "",
"deleted": false,
"disable_correlation": false,
"object_relation": "sha256",
"timestamp": "1533213511",
"to_ids": true,
"type": "sha256",
"uuid": "590b25bf-c2f7-44bc-967c-df868566aefe",
"value": "597c0c6f397eefb06155abdf5aa9a7476c977c44ef8bd9575b01359e96273486"
}
]
},
{
"comment": "",
"deleted": false,
"description": "VirusTotal report",
"meta-category": "misc",
"name": "virustotal-report",
"template_uuid": "d7dd0154-e04f-4c34-a2fb-79f3a3a52aa4",
"template_version": "2",
"timestamp": "1533213511",
"uuid": "081c7113-f184-47ac-bcc8-85e42c98a503",
"Attribute": [
{
"category": "Other",
"comment": "",
"deleted": false,
"disable_correlation": false,
"object_relation": "last-submission",
"timestamp": "1533213511",
"to_ids": false,
"type": "datetime",
"uuid": "30ab8a9f-fae7-49f2-a665-8b44627f1b16",
"value": "2018-07-23T13:07:30"
},
{
"category": "External analysis",
"comment": "",
"deleted": false,
"disable_correlation": false,
"object_relation": "permalink",
"timestamp": "1533213512",
"to_ids": false,
"type": "link",
"uuid": "89a4f45a-ff7c-4db1-a3a2-3336464ca4ec",
"value": "https://www.virustotal.com/file/597c0c6f397eefb06155abdf5aa9a7476c977c44ef8bd9575b01359e96273486/analysis/1532351250/"
},
{
"category": "Other",
"comment": "",
"deleted": false,
"disable_correlation": true,
"object_relation": "detection-ratio",
"timestamp": "1533213512",
"to_ids": false,
"type": "text",
"uuid": "c3d87ac0-c1c7-45bc-97cc-c3798f16b5d2",
"value": "25/59"
}
]
},
{
"comment": "",
"deleted": false,
"description": "File object describing a file with meta-information",
"meta-category": "file",
"name": "file",
"template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215",
"template_version": "11",
"timestamp": "1533213515",
"uuid": "22279826-2833-439c-831b-2d754ad300e5",
"ObjectReference": [
{
"comment": "",
"object_uuid": "22279826-2833-439c-831b-2d754ad300e5",
"referenced_uuid": "c45609ff-9cc7-4d9c-8647-8b500b1b3379",
"relationship_type": "analysed-with",
"timestamp": "1533213519",
"uuid": "5b62fb4f-15dc-4d82-84e3-409902de0b81"
}
],
"Attribute": [
{
"category": "Payload delivery",
"comment": "",
"deleted": false,
"disable_correlation": false,
"object_relation": "md5",
"timestamp": "1533213512",
"to_ids": true,
"type": "md5",
"uuid": "665f78ac-fe42-4fc0-ac4e-06287940b6f4",
"value": "9c7297f032b5c1cfbc2d819815f72f80"
},
{
"category": "Payload delivery",
"comment": "",
"deleted": false,
"disable_correlation": false,
"object_relation": "sha1",
"timestamp": "1533213513",
"to_ids": true,
"type": "sha1",
"uuid": "18355d9a-9a30-48ab-9a7e-9a9dac6e521f",
"value": "f2bad341629f6e4397158e5a66a94e5f5aea5d48"
},
{
"category": "Payload delivery",
"comment": "",
"deleted": false,
"disable_correlation": false,
"object_relation": "sha256",
"timestamp": "1533213513",
"to_ids": true,
"type": "sha256",
"uuid": "08efd87d-3d46-4c82-a3ac-9eeaa3475162",
"value": "b70069e1c8e829bfd7090ba3dfbf0e256fc7dfcefc6acafb3b53abcf2caa2253"
}
]
},
{
"comment": "",
"deleted": false,
"description": "VirusTotal report",
"meta-category": "misc",
"name": "virustotal-report",
"template_uuid": "d7dd0154-e04f-4c34-a2fb-79f3a3a52aa4",
"template_version": "2",
"timestamp": "1533213513",
"uuid": "c45609ff-9cc7-4d9c-8647-8b500b1b3379",
"Attribute": [
{
"category": "Other",
"comment": "",
"deleted": false,
"disable_correlation": false,
"object_relation": "last-submission",
"timestamp": "1533213513",
"to_ids": false,
"type": "datetime",
"uuid": "b1241a90-9dc5-437c-abd3-f3355401c57a",
"value": "2018-07-24T01:00:29"
},
{
"category": "External analysis",
"comment": "",
"deleted": false,
"disable_correlation": false,
"object_relation": "permalink",
"timestamp": "1533213514",
"to_ids": false,
"type": "link",
"uuid": "ae05b8e6-8d3d-441f-ab3e-877be4a23ad1",
"value": "https://www.virustotal.com/file/b70069e1c8e829bfd7090ba3dfbf0e256fc7dfcefc6acafb3b53abcf2caa2253/analysis/1532394029/"
},
{
"category": "Other",
"comment": "",
"deleted": false,
"disable_correlation": true,
"object_relation": "detection-ratio",
"timestamp": "1533213514",
"to_ids": false,
"type": "text",
"uuid": "8e84a1a9-3b35-484e-99c2-c66b03b21fdc",
"value": "26/59"
}
]
},
{
"comment": "",
"deleted": false,
"description": "File object describing a file with meta-information",
"meta-category": "file",
"name": "file",
"template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215",
"template_version": "11",
"timestamp": "1533213517",
"uuid": "db3fbbf0-53b2-43de-8b00-e1950b22026b",
"ObjectReference": [
{
"comment": "",
"object_uuid": "db3fbbf0-53b2-43de-8b00-e1950b22026b",
"referenced_uuid": "08289608-6e5c-4d58-8899-6e53368135e8",
"relationship_type": "analysed-with",
"timestamp": "1533213519",
"uuid": "5b62fb4f-1230-4516-87c3-4de202de0b81"
}
],
"Attribute": [
{
"category": "Payload delivery",
"comment": "",
"deleted": false,
"disable_correlation": false,
"object_relation": "md5",
"timestamp": "1533213514",
"to_ids": true,
"type": "md5",
"uuid": "389907ed-b053-4912-8712-eebc5c7ce4ed",
"value": "bd19302a58133803622e119080a5ceda"
},
{
"category": "Payload delivery",
"comment": "",
"deleted": false,
"disable_correlation": false,
"object_relation": "sha1",
"timestamp": "1533213515",
"to_ids": true,
"type": "sha1",
"uuid": "de1a3931-bf30-474f-8061-871c6cb35f2c",
"value": "2c0b6a27dd227d18b312c4a42b3e3fbc233ae996"
},
{
"category": "Payload delivery",
"comment": "",
"deleted": false,
"disable_correlation": false,
"object_relation": "sha256",
"timestamp": "1533213515",
"to_ids": true,
"type": "sha256",
"uuid": "c4aa42a9-64a0-441b-99d3-0587c5a98f7f",
"value": "77361b1ca09d6857d68cea052a0bb857e03d776d3e1943897315a80a19f20fc2"
}
]
},
{
"comment": "",
"deleted": false,
"description": "VirusTotal report",
"meta-category": "misc",
"name": "virustotal-report",
"template_uuid": "d7dd0154-e04f-4c34-a2fb-79f3a3a52aa4",
"template_version": "2",
"timestamp": "1533213516",
"uuid": "08289608-6e5c-4d58-8899-6e53368135e8",
"Attribute": [
{
"category": "Other",
"comment": "",
"deleted": false,
"disable_correlation": false,
"object_relation": "last-submission",
"timestamp": "1533213516",
"to_ids": false,
"type": "datetime",
"uuid": "24e8ba59-3a65-464c-b611-840d0d554777",
"value": "2018-06-20T08:14:35"
},
{
"category": "External analysis",
"comment": "",
"deleted": false,
"disable_correlation": false,
"object_relation": "permalink",
"timestamp": "1533213516",
"to_ids": false,
"type": "link",
"uuid": "d9548805-42a2-4119-b35b-0d979e8c0c52",
"value": "https://www.virustotal.com/file/77361b1ca09d6857d68cea052a0bb857e03d776d3e1943897315a80a19f20fc2/analysis/1529482475/"
},
{
"category": "Other",
"comment": "",
"deleted": false,
"disable_correlation": true,
"object_relation": "detection-ratio",
"timestamp": "1533213517",
"to_ids": false,
"type": "text",
"uuid": "daff5ae1-4274-45e3-a522-141a42c8ab50",
"value": "0/68"
}
]
},
{
"comment": "",
"deleted": false,
"description": "File object describing a file with meta-information",
"meta-category": "file",
"name": "file",
"template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215",
"template_version": "11",
"timestamp": "1533213520",
"uuid": "13d8c40b-9f39-424e-b9fa-369a41b15415",
"ObjectReference": [
{
"comment": "",
"object_uuid": "13d8c40b-9f39-424e-b9fa-369a41b15415",
"referenced_uuid": "74e8e845-1d59-4a37-8932-1132e84831e4",
"relationship_type": "analysed-with",
"timestamp": "1533213519",
"uuid": "5b62fb4f-9c00-4adc-b53d-47e402de0b81"
}
],
"Attribute": [
{
"category": "Payload delivery",
"comment": "",
"deleted": false,
"disable_correlation": false,
"object_relation": "md5",
"timestamp": "1533213517",
"to_ids": true,
"type": "md5",
"uuid": "3ad6a485-1943-48a2-a286-4d5f76ea2864",
"value": "9ca6d45643f89bf233f08b7d74910346"
},
{
"category": "Payload delivery",
"comment": "",
"deleted": false,
"disable_correlation": false,
"object_relation": "sha1",
"timestamp": "1533213517",
"to_ids": true,
"type": "sha1",
"uuid": "deca4d00-eebe-4d04-9c88-6bbd558c4bd5",
"value": "16163b8182d5d55a75f87c10eacb9240fa2de9af"
},
{
"category": "Payload delivery",
"comment": "",
"deleted": false,
"disable_correlation": false,
"object_relation": "sha256",
"timestamp": "1533213517",
"to_ids": true,
"type": "sha256",
"uuid": "d6e8edbb-bbcb-4c32-a314-54bc7e00ceef",
"value": "9d239ddd4c925d14e00b5a95827e9191bfda7d59858f141f6f5dcc52329838f0"
}
]
},
{
"comment": "",
"deleted": false,
"description": "VirusTotal report",
"meta-category": "misc",
"name": "virustotal-report",
"template_uuid": "d7dd0154-e04f-4c34-a2fb-79f3a3a52aa4",
"template_version": "2",
"timestamp": "1533213518",
"uuid": "74e8e845-1d59-4a37-8932-1132e84831e4",
"Attribute": [
{
"category": "Other",
"comment": "",
"deleted": false,
"disable_correlation": false,
"object_relation": "last-submission",
"timestamp": "1533213518",
"to_ids": false,
"type": "datetime",
"uuid": "8efd1b93-8d49-46f4-8b29-c8cc33fcdf7c",
"value": "2018-08-01T16:48:13"
},
{
"category": "External analysis",
"comment": "",
"deleted": false,
"disable_correlation": false,
"object_relation": "permalink",
"timestamp": "1533213518",
"to_ids": false,
"type": "link",
"uuid": "95843f4e-383d-4bf4-8f8c-9ce96cc1819e",
"value": "https://www.virustotal.com/file/9d239ddd4c925d14e00b5a95827e9191bfda7d59858f141f6f5dcc52329838f0/analysis/1533142093/"
},
{
"category": "Other",
"comment": "",
"deleted": false,
"disable_correlation": true,
"object_relation": "detection-ratio",
"timestamp": "1533213519",
"to_ids": false,
"type": "text",
"uuid": "bdb347e0-ded3-4f72-8360-06865baf1f77",
"value": "23/59"
}
]
}
]
}
}