adulau/misp-circl-feed
1
0
Fork 0
Code Issues 1 Pull requests Projects 1 Releases Packages Wiki Activity Actions
misp-circl-feed/feeds/circl/misp/5b991442-a9f0-4b5b-bc56-445f950d210f.json

3416 lines
119 KiB
JSON
Raw Normal View History

chg: [feed] added
2023-04-21 13:25:09 +00:00
{
"Event": {
"analysis": "2",
"date": "2018-09-09",
"extends_uuid": "",
"info": "OSINT - Multi-exploit IoT/Linux Botnets Mirai and Gafgyt Target Apache Struts, SonicWall",
"publish_timestamp": "1536846519",
"published": true,
"threat_level_id": "3",
"timestamp": "1536846498",
"uuid": "5b991442-a9f0-4b5b-bc56-445f950d210f",
"Orgc": {
"name": "CIRCL",
"uuid": "55f6ea5e-2c60-40e5-964f-47a8950d210f"
},
"Tag": [
{
"colour": "#0088cc",
chg: [export] updated
2023-05-19 09:05:37 +00:00
"local": "0",
"name": "misp-galaxy:mitre-enterprise-attack-attack-pattern=\"Exploit Public-Facing Application - T1190\"",
"relationship_type": ""
chg: [feed] added
2023-04-21 13:25:09 +00:00
},
{
"colour": "#ffffff",
chg: [export] updated
2023-05-19 09:05:37 +00:00
"local": "0",
"name": "tlp:white",
"relationship_type": ""
chg: [feed] added
2023-04-21 13:25:09 +00:00
},
{
"colour": "#22681c",
chg: [export] updated
2023-05-19 09:05:37 +00:00
"local": "0",
"name": "malware_classification:malware-category=\"Botnet\"",
"relationship_type": ""
chg: [feed] added
2023-04-21 13:25:09 +00:00
},
{
"colour": "#0088cc",
chg: [export] updated
2023-05-19 09:05:37 +00:00
"local": "0",
"name": "misp-galaxy:botnet=\"Mirai\"",
"relationship_type": ""
chg: [feed] added
2023-04-21 13:25:09 +00:00
},
{
"colour": "#0088cc",
chg: [export] updated
2023-05-19 09:05:37 +00:00
"local": "0",
"name": "misp-galaxy:tool=\"Mirai\"",
"relationship_type": ""
chg: [feed] added
2023-04-21 13:25:09 +00:00
},
{
"colour": "#0da800",
chg: [export] updated
2023-05-19 09:05:37 +00:00
"local": "0",
"name": "misp-galaxy:tool=\"Gafgyt\"",
"relationship_type": ""
chg: [feed] added
2023-04-21 13:25:09 +00:00
},
{
"colour": "#0088cc",
chg: [export] updated
2023-05-19 09:05:37 +00:00
"local": "0",
"name": "misp-galaxy:botnet=\"Gafgyt\"",
"relationship_type": ""
chg: [feed] added
2023-04-21 13:25:09 +00:00
}
],
"Attribute": [
{
"category": "External analysis",
"comment": "",
"deleted": false,
"disable_correlation": false,
"timestamp": "1536758878",
"to_ids": false,
"type": "link",
"uuid": "5b991454-051c-4bd8-a0bd-4e4a950d210f",
"value": "https://researchcenter.paloaltonetworks.com/2018/09/unit42-multi-exploit-iotlinux-botnets-mirai-gafgyt-target-apache-struts-sonicwall/",
"Tag": [
{
"colour": "#00223b",
chg: [export] updated
2023-05-19 09:05:37 +00:00
"local": "0",
"name": "osint:source-type=\"blog-post\"",
"relationship_type": ""
chg: [feed] added
2023-04-21 13:25:09 +00:00
}
]
},
{
"category": "External analysis",
"comment": "",
"deleted": false,
"disable_correlation": false,
"timestamp": "1536758905",
"to_ids": false,
"type": "text",
"uuid": "5b991479-1434-4a91-9224-493c950d210f",
"value": "Unit 42 has uncovered new variants of the well-known IoT botnets Mirai and Gafgyt. These are the IoT botnets associated with unprecedented Distributed Denial of Service attacks in November 2016 and since.\r\n\r\nThese variants are notable for two reasons:\r\n\r\n The new Mirai version targets the same Apache Struts vulnerability associated with the Equifax data breach in 2017.\r\n The new Gafgyt version targets a newly disclosed vulnerability affecting older, unsupported versions of SonicWall\u00e2\u20ac\u2122s Global Management System (GMS).\r\n\r\nThese developments suggest these IOT botnets are increasingly targeting enterprise devices with outdated versions.\r\n\r\nAll organizations should ensure they keep not only their systems up-to-date and patched, but also their IoT devices. For Palo Alto Networks customers, WidlFire detects all related samples with malicious verdicts. Additional protections are noted in the conclusion below."
},
{
"category": "Network activity",
"comment": "",
"deleted": false,
"disable_correlation": false,
"timestamp": "1536825257",
"to_ids": true,
"type": "hostname",
"uuid": "5b9a17a9-46f4-4829-a645-41bb950d210f",
"value": "l.ocalhost.host"
},
{
"category": "Network activity",
"comment": "",
"deleted": false,
"disable_correlation": false,
"timestamp": "1536825258",
"to_ids": true,
"type": "ip-dst",
"uuid": "5b9a17aa-17d8-479d-a049-4e2d950d210f",
"value": "185.10.68.213"
},
{
"category": "Network activity",
"comment": "",
"deleted": false,
"disable_correlation": false,
"timestamp": "1536825258",
"to_ids": true,
"type": "ip-dst",
"uuid": "5b9a17aa-4d98-4ac5-8764-42f4950d210f",
"value": "185.10.68.127"
}
],
"Object": [
{
"comment": "Sample with Apache Struts exploit CVE-2017-5638",
"deleted": false,
"description": "File object describing a file with meta-information",
"meta-category": "file",
"name": "file",
"template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215",
"template_version": "14",
"timestamp": "1536822608",
"uuid": "5b9a0d50-ad90-4793-b2d8-41d2950d210f",
"Attribute": [
{
"category": "Payload delivery",
"comment": "",
"deleted": false,
"disable_correlation": false,
"object_relation": "sha256",
"timestamp": "1536822608",
"to_ids": true,
"type": "sha256",
"uuid": "5b9a0d50-0db8-4b6b-9701-4a98950d210f",
"value": "d6648a36f55d6b8ffd034df7d04156d31411719ce9bc28e6d30c8427feacb397"
},
{
"category": "Other",
"comment": "",
"deleted": false,
"disable_correlation": true,
"object_relation": "state",
"timestamp": "1536822609",
"to_ids": false,
"type": "text",
"uuid": "5b9a0d51-6454-44e9-9ddf-42f2950d210f",
"value": "Malicious"
}
]
},
{
"comment": "Sample with Apache Struts exploit CVE-2017-5638",
"deleted": false,
"description": "File object describing a file with meta-information",
"meta-category": "file",
"name": "file",
"template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215",
"template_version": "14",
"timestamp": "1536823728",
"uuid": "5b9a11b0-9f94-4354-a268-43aa950d210f",
"Attribute": [
{
"category": "Payload delivery",
"comment": "",
"deleted": false,
"disable_correlation": false,
"object_relation": "sha256",
"timestamp": "1536823728",
"to_ids": true,
"type": "sha256",
"uuid": "5b9a11b0-b558-4b1a-9eca-437a950d210f",
"value": "710d56a90b5f61c7ae82fcf305d23d48476e4f237ffff9d68b961171f168f255"
},
{
"category": "Other",
"comment": "",
"deleted": false,
"disable_correlation": true,
"object_relation": "state",
"timestamp": "1536823729",
"to_ids": false,
"type": "text",
"uuid": "5b9a11b1-3b64-466e-ba0e-47d1950d210f",
"value": "Malicious"
}
]
},
{
"comment": "Sample with Apache Struts exploit CVE-2017-5638",
"deleted": false,
"description": "File object describing a file with meta-information",
"meta-category": "file",
"name": "file",
"template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215",
"template_version": "14",
"timestamp": "1536823741",
"uuid": "5b9a11bd-ec9c-4b8b-97d3-4f7a950d210f",
"Attribute": [
{
"category": "Payload delivery",
"comment": "",
"deleted": false,
"disable_correlation": false,
"object_relation": "sha256",
"timestamp": "1536823741",
"to_ids": true,
"type": "sha256",
"uuid": "5b9a11bd-79d8-480d-bbbf-45a1950d210f",
"value": "52274c46933c20aaf64fd4c11557143fcfdc76eef192743fafd1b3a8bed3f4d2"
},
{
"category": "Other",
"comment": "",
"deleted": false,
"disable_correlation": true,
"object_relation": "state",
"timestamp": "1536823742",
"to_ids": false,
"type": "text",
"uuid": "5b9a11be-ddd0-4b74-913f-4d85950d210f",
"value": "Malicious"
}
]
},
{
"comment": "Sample with Apache Struts exploit CVE-2017-5638",
"deleted": false,
"description": "File object describing a file with meta-information",
"meta-category": "file",
"name": "file",
"template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215",
"template_version": "14",
"timestamp": "1536823782",
"uuid": "5b9a11e6-9cdc-41f5-98f9-4912950d210f",
"Attribute": [
{
"category": "Payload delivery",
"comment": "",
"deleted": false,
"disable_correlation": false,
"object_relation": "sha256",
"timestamp": "1536823782",
"to_ids": true,
"type": "sha256",
"uuid": "5b9a11e6-aa50-4ec0-95f1-4b81950d210f",
"value": "078eef70d754e9b64bc783f085846a2e8ae419653a79ed2386c4ade86fde68cb"
},
{
"category": "Other",
"comment": "",
"deleted": false,
"disable_correlation": true,
"object_relation": "state",
"timestamp": "1536823782",
"to_ids": false,
"type": "text",
"uuid": "5b9a11e6-e3b0-4e5c-abd3-4be2950d210f",
"value": "Malicious"
}
]
},
{
"comment": "Sample with Apache Struts exploit CVE-2017-5638",
"deleted": false,
"description": "File object describing a file with meta-information",
"meta-category": "file",
"name": "file",
"template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215",
"template_version": "14",
"timestamp": "1536823792",
"uuid": "5b9a11f0-9c10-492e-9b51-4257950d210f",
"Attribute": [
{
"category": "Payload delivery",
"comment": "",
"deleted": false,
"disable_correlation": false,
"object_relation": "sha256",
"timestamp": "1536823793",
"to_ids": true,
"type": "sha256",
"uuid": "5b9a11f1-36f4-48c9-977b-4ac3950d210f",
"value": "ef090093496ccdab506848166a07554bfa74eb98a0546171b84fc73861f67c79"
},
{
"category": "Other",
"comment": "",
"deleted": false,
"disable_correlation": true,
"object_relation": "state",
"timestamp": "1536823793",
"to_ids": false,
"type": "text",
"uuid": "5b9a11f1-5490-47fa-8ab2-4432950d210f",
"value": "Malicious"
}
]
},
{
"comment": "Sample with Apache Struts exploit CVE-2017-5638",
"deleted": false,
"description": "File object describing a file with meta-information",
"meta-category": "file",
"name": "file",
"template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215",
"template_version": "14",
"timestamp": "1536823880",
"uuid": "5b9a1248-1f28-48ac-be89-45c3950d210f",
"Attribute": [
{
"category": "Payload delivery",
"comment": "",
"deleted": false,
"disable_correlation": false,
"object_relation": "sha256",
"timestamp": "1536823880",
"to_ids": true,
"type": "sha256",
"uuid": "5b9a1248-3270-4c9b-8fcd-416c950d210f",
"value": "49cdb537f5e4081362545532a623f597212c8cea847cf9f2b2f1fe1f3cd0ec2f"
},
{
"category": "Other",
"comment": "",
"deleted": false,
"disable_correlation": true,
"object_relation": "state",
"timestamp": "1536823881",
"to_ids": false,
"type": "text",
"uuid": "5b9a1249-5474-4476-995f-4d90950d210f",
"value": "Malicious"
}
]
},
{
"comment": "Sample with Apache Struts exploit CVE-2017-5638",
"deleted": false,
"description": "File object describing a file with meta-information",
"meta-category": "file",
"name": "file",
"template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215",
"template_version": "14",
"timestamp": "1536823902",
"uuid": "5b9a125e-9f20-423b-b45f-4054950d210f",
"Attribute": [
{
"category": "Payload delivery",
"comment": "",
"deleted": false,
"disable_correlation": false,
"object_relation": "sha256",
"timestamp": "1536823902",
"to_ids": true,
"type": "sha256",
"uuid": "5b9a125e-5db4-4f91-9f4d-441d950d210f",
"value": "99c22a0c0e252ab123fb3167f49d94dc12960b79565ca6dfd28f2ff5b0346348"
},
{
"category": "Other",
"comment": "",
"deleted": false,
"disable_correlation": true,
"object_relation": "state",
"timestamp": "1536823903",
"to_ids": false,
"type": "text",
"uuid": "5b9a125f-e0a0-44d7-a2f0-48bb950d210f",
"value": "Malicious"
}
]
},
{
"comment": "Sample with Apache Struts exploit CVE-2017-5638",
"deleted": false,
"description": "File object describing a file with meta-information",
"meta-category": "file",
"name": "file",
"template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215",
"template_version": "14",
"timestamp": "1536823929",
"uuid": "5b9a1279-20f4-4f5e-b2dc-48ca950d210f",
"Attribute": [
{
"category": "Payload delivery",
"comment": "",
"deleted": false,
"disable_correlation": false,
"object_relation": "sha256",
"timestamp": "1536823929",
"to_ids": true,
"type": "sha256",
"uuid": "5b9a1279-dee0-4810-8cd3-4f08950d210f",
"value": "ae2354a5d8b84fb6ea6fc4b9ca3060959d5c0c77684cd2100731df2a3c7a204e"
},
{
"category": "Other",
"comment": "",
"deleted": false,
"disable_correlation": true,
"object_relation": "state",
"timestamp": "1536823929",
"to_ids": false,
"type": "text",
"uuid": "5b9a1279-b380-44a6-9c25-4416950d210f",
"value": "Malicious"
}
]
},
{
"comment": "Sample with Apache Struts exploit CVE-2017-5638",
"deleted": false,
"description": "File object describing a file with meta-information",
"meta-category": "file",
"name": "file",
"template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215",
"template_version": "14",
"timestamp": "1536823944",
"uuid": "5b9a1288-1af0-4da4-8f3a-447b950d210f",
"Attribute": [
{
"category": "Payload delivery",
"comment": "",
"deleted": false,
"disable_correlation": false,
"object_relation": "sha256",
"timestamp": "1536823944",
"to_ids": true,
"type": "sha256",
"uuid": "5b9a1288-c088-4c25-9f23-493d950d210f",
"value": "1913cf8e65114136cc309e72c384b717f0aeaaeae0c040188648c4afebce1669"
},
{
"category": "Other",
"comment": "",
"deleted": false,
"disable_correlation": true,
"object_relation": "state",
"timestamp": "1536823944",
"to_ids": false,
"type": "text",
"uuid": "5b9a1288-e790-4d03-a460-4cbd950d210f",
"value": "Malicious"
}
]
},
{
"comment": "Sample with Sonicwall GMS exploit CVE-2018-9866",
"deleted": false,
"description": "File object describing a file with meta-information",
"meta-category": "file",
"name": "file",
"template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215",
"template_version": "14",
"timestamp": "1536824082",
"uuid": "5b9a1312-b374-493c-986d-49bd950d210f",
"Attribute": [
{
"category": "Payload delivery",
"comment": "",
"deleted": false,
"disable_correlation": false,
"object_relation": "sha256",
"timestamp": "1536824082",
"to_ids": true,
"type": "sha256",
"uuid": "5b9a1312-6d54-4e1a-be43-4413950d210f",
"value": "1814c010f5e7391c7ea38850f9caf0771866e315f8d0c58c563818e71d30c208"
},
{
"category": "Other",
"comment": "",
"deleted": false,
"disable_correlation": true,
"object_relation": "state",
"timestamp": "1536824083",
"to_ids": false,
"type": "text",
"uuid": "5b9a1313-1324-49af-b8e0-49a2950d210f",
"value": "Malicious"
}
]
},
{
"comment": "Sample with Sonicwall GMS exploit CVE-2018-9866",
"deleted": false,
"description": "File object describing a file with meta-information",
"meta-category": "file",
"name": "file",
"template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215",
"template_version": "14",
"timestamp": "1536824095",
"uuid": "5b9a131f-bec4-4d20-baea-4929950d210f",
"Attribute": [
{
"category": "Payload delivery",
"comment": "",
"deleted": false,
"disable_correlation": false,
"object_relation": "sha256",
"timestamp": "1536824095",
"to_ids": true,
"type": "sha256",
"uuid": "5b9a131f-2c54-4fb5-90ec-417b950d210f",
"value": "29540468514cd48b6c2571722018dffb49d12f99c95b248a44a1455fff01acfb"
},
{
"category": "Other",
"comment": "",
"deleted": false,
"disable_correlation": true,
"object_relation": "state",
"timestamp": "1536824096",
"to_ids": false,
"type": "text",
"uuid": "5b9a1320-889c-4393-b901-4e2c950d210f",
"value": "Malicious"
}
]
},
{
"comment": "Sample with Sonicwall GMS exploit CVE-2018-9866",
"deleted": false,
"description": "File object describing a file with meta-information",
"meta-category": "file",
"name": "file",
"template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215",
"template_version": "14",
"timestamp": "1536824115",
"uuid": "5b9a1333-b508-45d9-9896-4e23950d210f",
"Attribute": [
{
"category": "Payload delivery",
"comment": "",
"deleted": false,
"disable_correlation": false,
"object_relation": "sha256",
"timestamp": "1536824115",
"to_ids": true,
"type": "sha256",
"uuid": "5b9a1333-0614-4a15-af26-42b0950d210f",
"value": "39891a1c13e4e6ec9de410201f697d23c05e83a29ec0010c6c62c6829386e6a6"
},
{
"category": "Other",
"comment": "",
"deleted": false,
"disable_correlation": true,
"object_relation": "state",
"timestamp": "1536824116",
"to_ids": false,
"type": "text",
"uuid": "5b9a1334-4ce4-4227-bd39-4d87950d210f",
"value": "Malicious"
}
]
},
{
"comment": "Sample with Sonicwall GMS exploit CVE-2018-9866",
"deleted": false,
"description": "File object describing a file with meta-information",
"meta-category": "file",
"name": "file",
"template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215",
"template_version": "14",
"timestamp": "1536824134",
"uuid": "5b9a1346-5384-4908-a5a8-4df7950d210f",
"Attribute": [
{
"category": "Payload delivery",
"comment": "",
"deleted": false,
"disable_correlation": false,
"object_relation": "sha256",
"timestamp": "1536824134",
"to_ids": true,
"type": "sha256",
"uuid": "5b9a1346-43dc-4f32-ad9d-4ba6950d210f",
"value": "596270e91ccee3ec04a552bafde586af127ecac7141852edb9707ac6c4779a99"
},
{
"category": "Other",
"comment": "",
"deleted": false,
"disable_correlation": true,
"object_relation": "state",
"timestamp": "1536824134",
"to_ids": false,
"type": "text",
"uuid": "5b9a1346-cb84-4b0b-b65c-4f66950d210f",
"value": "Malicious"
}
]
},
{
"comment": "Sample with Sonicwall GMS exploit CVE-2018-9866",
"deleted": false,
"description": "File object describing a file with meta-information",
"meta-category": "file",
"name": "file",
"template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215",
"template_version": "14",
"timestamp": "1536824538",
"uuid": "5b9a14da-00bc-4f8c-92b4-4c86950d210f",
"Attribute": [
{
"category": "Payload delivery",
"comment": "",
"deleted": false,
"disable_correlation": false,
"object_relation": "sha256",
"timestamp": "1536824538",
"to_ids": true,
"type": "sha256",
"uuid": "5b9a14da-eb80-4afc-9d19-40c6950d210f",
"value": "68b27935c7d064478339f7d95b57ff06ffa1efbd81009b4a2870c5cf3e0b0b35"
},
{
"category": "Other",
"comment": "",
"deleted": false,
"disable_correlation": true,
"object_relation": "state",
"timestamp": "1536824538",
"to_ids": false,
"type": "text",
"uuid": "5b9a14da-3c20-4dc5-b52c-4d69950d210f",
"value": "Malicious"
}
]
},
{
"comment": "Sample with Sonicwall GMS exploit CVE-2018-9866",
"deleted": false,
"description": "File object describing a file with meta-information",
"meta-category": "file",
"name": "file",
"template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215",
"template_version": "14",
"timestamp": "1536824553",
"uuid": "5b9a14e9-221c-4e02-b682-4575950d210f",
"Attribute": [
{
"category": "Payload delivery",
"comment": "",
"deleted": false,
"disable_correlation": false,
"object_relation": "sha256",
"timestamp": "1536824553",
"to_ids": true,
"type": "sha256",
"uuid": "5b9a14e9-da78-4529-9f86-4a12950d210f",
"value": "92a4c6ae034c3a03c21b74bdc00264192e60a85deedd90b99a3e350758eb85c1"
},
{
"category": "Other",
"comment": "",
"deleted": false,
"disable_correlation": true,
"object_relation": "state",
"timestamp": "1536824554",
"to_ids": false,
"type": "text",
"uuid": "5b9a14ea-0698-430d-9436-4d6d950d210f",
"value": "Malicious"
}
]
},
{
"comment": "Sample with Sonicwall GMS exploit CVE-2018-9866",
"deleted": false,
"description": "File object describing a file with meta-information",
"meta-category": "file",
"name": "file",
"template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215",
"template_version": "14",
"timestamp": "1536824577",
"uuid": "5b9a1501-cc14-4764-bf87-46cc950d210f",
"Attribute": [
{
"category": "Payload delivery",
"comment": "",
"deleted": false,
"disable_correlation": false,
"object_relation": "sha256",
"timestamp": "1536824577",
"to_ids": true,
"type": "sha256",
"uuid": "5b9a1501-db4c-4d2d-9b05-435e950d210f",
"value": "aab0ec600cdf57f28f9480ff3a9d3547f699af005c015b74c5c9e39a992570b6"
},
{
"category": "Other",
"comment": "",
"deleted": false,
"disable_correlation": true,
"object_relation": "state",
"timestamp": "1536824578",
"to_ids": false,
"type": "text",
"uuid": "5b9a1502-0664-409b-b961-484c950d210f",
"value": "Malicious"
}
]
},
{
"comment": "Sample with Sonicwall GMS exploit CVE-2018-9866",
"deleted": false,
"description": "File object describing a file with meta-information",
"meta-category": "file",
"name": "file",
"template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215",
"template_version": "14",
"timestamp": "1536824594",
"uuid": "5b9a1512-a77c-4500-a8c9-4481950d210f",
"Attribute": [
{
"category": "Payload delivery",
"comment": "",
"deleted": false,
"disable_correlation": false,
"object_relation": "sha256",
"timestamp": "1536824594",
"to_ids": true,
"type": "sha256",
"uuid": "5b9a1512-8a84-4014-b818-457a950d210f",
"value": "d8fbf6d68993045b4840729c788665ab10c50c42b27246a290031664f3b956eb"
},
{
"category": "Other",
"comment": "",
"deleted": false,
"disable_correlation": true,
"object_relation": "state",
"timestamp": "1536824594",
"to_ids": false,
"type": "text",
"uuid": "5b9a1512-c694-48d1-be93-4469950d210f",
"value": "Malicious"
}
]
},
{
"comment": "Sample with Sonicwall GMS exploit CVE-2018-9866",
"deleted": false,
"description": "File object describing a file with meta-information",
"meta-category": "file",
"name": "file",
"template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215",
"template_version": "14",
"timestamp": "1536824615",
"uuid": "5b9a1527-6be8-4405-8242-44f9950d210f",
"Attribute": [
{
"category": "Payload delivery",
"comment": "",
"deleted": false,
"disable_correlation": false,
"object_relation": "sha256",
"timestamp": "1536824615",
"to_ids": true,
"type": "sha256",
"uuid": "5b9a1527-0a18-425a-97aa-4cbf950d210f",
"value": "dafe1b513183902692c8ba8b2a95fede7c13937e49bf21294de448df05edff18"
},
{
"category": "Other",
"comment": "",
"deleted": false,
"disable_correlation": true,
"object_relation": "state",
"timestamp": "1536824615",
"to_ids": false,
"type": "text",
"uuid": "5b9a1527-8484-4667-9898-43d3950d210f",
"value": "Malicious"
}
]
},
{
"comment": "Sample with Sonicwall GMS exploit CVE-2018-9866",
"deleted": false,
"description": "File object describing a file with meta-information",
"meta-category": "file",
"name": "file",
"template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215",
"template_version": "14",
"timestamp": "1536824628",
"uuid": "5b9a1534-31f8-4c5b-9d0b-4dc8950d210f",
"Attribute": [
{
"category": "Payload delivery",
"comment": "",
"deleted": false,
"disable_correlation": false,
"object_relation": "sha256",
"timestamp": "1536824628",
"to_ids": true,
"type": "sha256",
"uuid": "5b9a1534-62e0-43ad-90c8-4ea9950d210f",
"value": "f89d742c4d3312ac9bd707a9135235482c554e369cb646dcd97f6a14b4210136"
},
{
"category": "Other",
"comment": "",
"deleted": false,
"disable_correlation": true,
"object_relation": "state",
"timestamp": "1536824628",
"to_ids": false,
"type": "text",
"uuid": "5b9a1534-b130-4a35-9437-447e950d210f",
"value": "Malicious"
}
]
},
{
"comment": "Sample with Sonicwall GMS exploit CVE-2018-9866",
"deleted": false,
"description": "File object describing a file with meta-information",
"meta-category": "file",
"name": "file",
"template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215",
"template_version": "14",
"timestamp": "1536824641",
"uuid": "5b9a1541-1924-4272-80b3-4240950d210f",
"Attribute": [
{
"category": "Payload delivery",
"comment": "",
"deleted": false,
"disable_correlation": false,
"object_relation": "sha256",
"timestamp": "1536824641",
"to_ids": true,
"type": "sha256",
"uuid": "5b9a1541-5ee0-45cb-a0bf-453c950d210f",
"value": "fab034d705b3ad7a10101858daf5da93a88f8bfd509dee9b8072678b27290ed3"
},
{
"category": "Other",
"comment": "",
"deleted": false,
"disable_correlation": true,
"object_relation": "state",
"timestamp": "1536824642",
"to_ids": false,
"type": "text",
"uuid": "5b9a1542-12ec-40f5-891e-41a5950d210f",
"value": "Malicious"
}
]
},
{
"comment": "",
"deleted": false,
"description": "Vulnerability object describing a common vulnerability enumeration which can describe published, unpublished, under review or embargo vulnerability for software, equipments or hardware.",
"meta-category": "vulnerability",
"name": "vulnerability",
"template_uuid": "81650945-f186-437b-8945-9f31715d32da",
"template_version": "5",
"timestamp": "1536833646",
"uuid": "5b9a386e-b6e4-47be-8342-4230950d210f",
"Attribute": [
{
"category": "Other",
"comment": "",
"deleted": false,
"disable_correlation": true,
"object_relation": "cvss-score",
"timestamp": "1536833646",
"to_ids": false,
"type": "float",
"uuid": "5b9a386e-e358-4e72-b737-4437950d210f",
"value": "10"
},
{
"category": "External analysis",
"comment": "",
"deleted": false,
"disable_correlation": false,
"object_relation": "references",
"timestamp": "1536833646",
"to_ids": false,
"type": "link",
"uuid": "5b9a386e-1350-4e96-9d52-4468950d210f",
"value": "https://cve.circl.lu/cve/CVE-2017-5638"
},
{
"category": "External analysis",
"comment": "",
"deleted": false,
"disable_correlation": false,
"object_relation": "references",
"timestamp": "1536833646",
"to_ids": false,
"type": "link",
"uuid": "5b9a386e-1078-423f-bf71-4ac2950d210f",
"value": "http://blog.talosintelligence.com/2017/03/apache-0-day-exploited.html"
},
{
"category": "External analysis",
"comment": "",
"deleted": false,
"disable_correlation": false,
"object_relation": "references",
"timestamp": "1536833647",
"to_ids": false,
"type": "link",
"uuid": "5b9a386f-d6ec-4e6c-89ee-4fb4950d210f",
"value": "http://blog.trendmicro.com/trendlabs-security-intelligence/cve-2017-5638-apache-struts-vulnerability-remote-code-execution/"
},
{
"category": "External analysis",
"comment": "",
"deleted": false,
"disable_correlation": false,
"object_relation": "references",
"timestamp": "1536833647",
"to_ids": false,
"type": "link",
"uuid": "5b9a386f-3c84-45e2-b0d8-4f7b950d210f",
"value": "http://www.arubanetworks.com/assets/alert/ARUBA-PSA-2017-002.txt"
},
{
"category": "External analysis",
"comment": "",
"deleted": false,
"disable_correlation": false,
"object_relation": "references",
"timestamp": "1536833648",
"to_ids": false,
"type": "link",
"uuid": "5b9a3870-610c-4c63-a2a4-4e0b950d210f",
"value": "http://www.eweek.com/security/apache-struts-vulnerability-under-attack.html"
},
{
"category": "External analysis",
"comment": "",
"deleted": false,
"disable_correlation": false,
"object_relation": "references",
"timestamp": "1536833648",
"to_ids": false,
"type": "link",
"uuid": "5b9a3870-1788-4488-8fe5-42d2950d210f",
"value": "http://www.oracle.com/technetwork/security-advisory/cpujul2017-3236622.html"
},
{
"category": "Other",
"comment": "",
"deleted": false,
"disable_correlation": true,
"object_relation": "state",
"timestamp": "1536833649",
"to_ids": false,
"type": "text",
"uuid": "5b9a3871-c88c-491f-abdc-4e9d950d210f",
"value": "Published"
},
{
"category": "Other",
"comment": "",
"deleted": false,
"disable_correlation": true,
"object_relation": "published",
"timestamp": "1536833649",
"to_ids": false,
"type": "datetime",
"uuid": "5b9a3871-1048-497a-82ab-449b950d210f",
"value": "2017-10-03T21:59:00"
},
{
"category": "Other",
"comment": "",
"deleted": false,
"disable_correlation": false,
"object_relation": "summary",
"timestamp": "1536833649",
"to_ids": false,
"type": "text",
"uuid": "5b9a3871-689c-4183-8c14-421c950d210f",
"value": "The Jakarta Multipart parser in Apache Struts 2 2.3.x before 2.3.32 and 2.5.x before 2.5.10.1 has incorrect exception handling and error-message generation during file-upload attempts, which allows remote attackers to execute arbitrary commands via a crafted Content-Type, Content-Disposition, or Content-Length HTTP header, as exploited in the wild in March 2017 with a Content-Type header containing a #cmd= string."
},
{
"category": "Other",
"comment": "",
"deleted": false,
"disable_correlation": true,
"object_relation": "modified",
"timestamp": "1536833649",
"to_ids": false,
"type": "datetime",
"uuid": "5b9a3871-4350-449d-82f5-4062950d210f",
"value": "2018-03-03T21:29:00"
},
{
"category": "Other",
"comment": "",
"deleted": false,
"disable_correlation": false,
"object_relation": "id",
"timestamp": "1536833649",
"to_ids": false,
"type": "text",
"uuid": "5b9a3871-b3f4-4491-b702-4741950d210f",
"value": "CVE-2017-5638"
}
]
},
{
"comment": "",
"deleted": false,
"description": "Vulnerability object describing a common vulnerability enumeration which can describe published, unpublished, under review or embargo vulnerability for software, equipments or hardware.",
"meta-category": "vulnerability",
"name": "vulnerability",
"template_uuid": "81650945-f186-437b-8945-9f31715d32da",
"template_version": "5",
"timestamp": "1536833922",
"uuid": "5b9a3982-b92c-4520-9b89-4a5c950d210f",
"Attribute": [
{
"category": "Other",
"comment": "",
"deleted": false,
"disable_correlation": true,
"object_relation": "state",
"timestamp": "1536833922",
"to_ids": false,
"type": "text",
"uuid": "5b9a3982-05b4-4540-8e31-4e43950d210f",
"value": "Published"
},
{
"category": "Other",
"comment": "",
"deleted": false,
"disable_correlation": true,
"object_relation": "published",
"timestamp": "1536833922",
"to_ids": false,
"type": "datetime",
"uuid": "5b9a3982-8998-4f86-af94-4d10950d210f",
"value": "2018-03-08T16:29:00"
},
{
"category": "Other",
"comment": "",
"deleted": false,
"disable_correlation": false,
"object_relation": "summary",
"timestamp": "1536833922",
"to_ids": false,
"type": "text",
"uuid": "5b9a3982-a884-4721-9937-4d5d950d210f",
"value": "A vulnerability in lack of validation of user-supplied parameters pass to XML-RPC calls on SonicWall Global Management System (GMS) virtual appliance's, allow remote user to execute arbitrary code. This vulnerability affected GMS version 8.1 and earlier."
},
{
"category": "Other",
"comment": "",
"deleted": false,
"disable_correlation": true,
"object_relation": "modified",
"timestamp": "1536833923",
"to_ids": false,
"type": "datetime",
"uuid": "5b9a3983-6dc0-48ed-9a27-458b950d210f",
"value": "2018-03-08T16:29:00"
},
{
"category": "Other",
"comment": "",
"deleted": false,
"disable_correlation": false,
"object_relation": "id",
"timestamp": "1536833923",
"to_ids": false,
"type": "text",
"uuid": "5b9a3983-167c-41c6-acf7-4400950d210f",
"value": "CVE-2018-9866"
}
]
},
{
"comment": "",
"deleted": false,
"description": "Vulnerability object describing a common vulnerability enumeration which can describe published, unpublished, under review or embargo vulnerability for software, equipments or hardware.",
"meta-category": "vulnerability",
"name": "vulnerability",
"template_uuid": "81650945-f186-437b-8945-9f31715d32da",
"template_version": "5",
"timestamp": "1536834106",
"uuid": "5b9a3a3a-ed68-4f01-9808-438e950d210f",
"Attribute": [
{
"category": "Other",
"comment": "",
"deleted": false,
"disable_correlation": true,
"object_relation": "cvss-score",
"timestamp": "1536834106",
"to_ids": false,
"type": "float",
"uuid": "5b9a3a3a-0680-4ff7-9864-44b3950d210f",
"value": "9"
},
{
"category": "Other",
"comment": "",
"deleted": false,
"disable_correlation": true,
"object_relation": "state",
"timestamp": "1536834106",
"to_ids": false,
"type": "text",
"uuid": "5b9a3a3a-e6f8-4526-9510-458a950d210f",
"value": "Published"
},
{
"category": "Other",
"comment": "",
"deleted": false,
"disable_correlation": true,
"object_relation": "published",
"timestamp": "1536834106",
"to_ids": false,
"type": "datetime",
"uuid": "5b9a3a3a-988c-42ad-a2d1-40e6950d210f",
"value": "2017-06-04T13:59:00"
},
{
"category": "Other",
"comment": "",
"deleted": false,
"disable_correlation": false,
"object_relation": "summary",
"timestamp": "1536834106",
"to_ids": false,
"type": "text",
"uuid": "5b9a3a3a-e830-4160-83b5-47bf950d210f",
"value": "A command injection vulnerability was discovered on the Zyxel EMG2926 home router with firmware V1.00(AAQT.4)b8. The vulnerability is located in the diagnostic tools, specifically the nslookup function. A malicious user may exploit numerous vectors to execute arbitrary commands on the router, such as the ping_ip parameter to the expert/maintenance/diagnostic/nslookup URI."
},
{
"category": "Other",
"comment": "",
"deleted": false,
"disable_correlation": false,
"object_relation": "id",
"timestamp": "1536834107",
"to_ids": false,
"type": "text",
"uuid": "5b9a3a3b-5c5c-4efb-bdda-4d76950d210f",
"value": "CVE-2017-6884"
}
]
},
{
"comment": "",
"deleted": false,
"description": "Vulnerability object describing a common vulnerability enumeration which can describe published, unpublished, under review or embargo vulnerability for software, equipments or hardware.",
"meta-category": "vulnerability",
"name": "vulnerability",
"template_uuid": "81650945-f186-437b-8945-9f31715d32da",
"template_version": "5",
"timestamp": "1536834355",
"uuid": "5b9a3b33-9c4c-4549-b0e2-4c6e950d210f",
"Attribute": [
{
"category": "Other",
"comment": "",
"deleted": false,
"disable_correlation": true,
"object_relation": "cvss-score",
"timestamp": "1536834355",
"to_ids": false,
"type": "float",
"uuid": "5b9a3b33-fc98-4233-991b-4db5950d210f",
"value": "6.5"
},
{
"category": "Other",
"comment": "",
"deleted": false,
"disable_correlation": true,
"object_relation": "state",
"timestamp": "1536834355",
"to_ids": false,
"type": "text",
"uuid": "5b9a3b33-ac5c-4c93-aaf1-4416950d210f",
"value": "Published"
},
{
"category": "Other",
"comment": "",
"deleted": false,
"disable_correlation": true,
"object_relation": "published",
"timestamp": "1536834355",
"to_ids": false,
"type": "datetime",
"uuid": "5b9a3b33-febc-418d-b535-4ccd950d210f",
"value": "2018-03-20T11:29:00"
},
{
"category": "Other",
"comment": "",
"deleted": false,
"disable_correlation": false,
"object_relation": "summary",
"timestamp": "1536834355",
"to_ids": false,
"type": "text",
"uuid": "5b9a3b33-ed9c-4f5c-971a-4853950d210f",
"value": "Huawei HG532 with some customized versions has a remote code execution vulnerability. An authenticated attacker could send malicious packets to port 37215 to launch attacks. Successful exploit could lead to the remote execution of arbitrary code."
},
{
"category": "Other",
"comment": "",
"deleted": false,
"disable_correlation": true,
"object_relation": "modified",
"timestamp": "1536834356",
"to_ids": false,
"type": "datetime",
"uuid": "5b9a3b34-80a8-4946-910c-4e65950d210f",
"value": "2018-04-19T11:04:00"
},
{
"category": "Other",
"comment": "",
"deleted": false,
"disable_correlation": false,
"object_relation": "id",
"timestamp": "1536834356",
"to_ids": false,
"type": "text",
"uuid": "5b9a3b34-7378-4f86-9184-475d950d210f",
"value": "CVE-2017-17215"
}
]
},
{
"comment": "",
"deleted": false,
"description": "File object describing a file with meta-information",
"meta-category": "file",
"name": "file",
"template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215",
"template_version": "11",
"timestamp": "1536845807",
"uuid": "c9655c57-1760-44de-8ccc-7029b572eae9",
"ObjectReference": [
{
"comment": "",
"object_uuid": "c9655c57-1760-44de-8ccc-7029b572eae9",
"referenced_uuid": "09f198df-da65-491a-b0aa-b776a71ebd10",
"relationship_type": "analysed-with",
"timestamp": "1536845855",
"uuid": "5b9a681f-037c-4f9d-aab3-5c7502de0b81"
}
],
"Attribute": [
{
"category": "Payload delivery",
"comment": "",
"deleted": false,
"disable_correlation": false,
"object_relation": "md5",
"timestamp": "1536845804",
"to_ids": true,
"type": "md5",
"uuid": "3378cba9-9cff-462b-a2fb-16d88106cd44",
"value": "e0b32c133cedca69b05dd3a9dd6e1910"
},
{
"category": "Payload delivery",
"comment": "",
"deleted": false,
"disable_correlation": false,
"object_relation": "sha1",
"timestamp": "1536845804",
"to_ids": true,
"type": "sha1",
"uuid": "540546b5-0c1f-4a0e-a6e8-e5aeae9e1401",
"value": "ff7c182fb460d62195d1bae8c394b2e81182defe"
},
{
"category": "Payload delivery",
"comment": "",
"deleted": false,
"disable_correlation": false,
"object_relation": "sha256",
"timestamp": "1536845805",
"to_ids": true,
"type": "sha256",
"uuid": "2637b721-0f72-4059-b3d5-a9f964620c94",
"value": "710d56a90b5f61c7ae82fcf305d23d48476e4f237ffff9d68b961171f168f255"
}
]
},
{
"comment": "",
"deleted": false,
"description": "VirusTotal report",
"meta-category": "misc",
"name": "virustotal-report",
"template_uuid": "d7dd0154-e04f-4c34-a2fb-79f3a3a52aa4",
"template_version": "2",
"timestamp": "1536845805",
"uuid": "09f198df-da65-491a-b0aa-b776a71ebd10",
"Attribute": [
{
"category": "Other",
"comment": "",
"deleted": false,
"disable_correlation": false,
"object_relation": "last-submission",
"timestamp": "1536845805",
"to_ids": false,
"type": "datetime",
"uuid": "cbaa39a5-ae89-497b-ba65-0901ebe6762b",
"value": "2018-09-13T01:25:45"
},
{
"category": "External analysis",
"comment": "",
"deleted": false,
"disable_correlation": false,
"object_relation": "permalink",
"timestamp": "1536845806",
"to_ids": false,
"type": "link",
"uuid": "279a4f6c-0ce4-4d69-9af0-dc6b013928db",
"value": "https://www.virustotal.com/file/710d56a90b5f61c7ae82fcf305d23d48476e4f237ffff9d68b961171f168f255/analysis/1536801945/"
},
{
"category": "Other",
"comment": "",
"deleted": false,
"disable_correlation": true,
"object_relation": "detection-ratio",
"timestamp": "1536845806",
"to_ids": false,
"type": "text",
"uuid": "75778552-b07e-4f8b-85bf-eaaeee5be422",
"value": "25/58"
}
]
},
{
"comment": "",
"deleted": false,
"description": "File object describing a file with meta-information",
"meta-category": "file",
"name": "file",
"template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215",
"template_version": "11",
"timestamp": "1536845809",
"uuid": "85dcb3db-5f44-45ce-91ed-474e10a184ce",
"ObjectReference": [
{
"comment": "",
"object_uuid": "85dcb3db-5f44-45ce-91ed-474e10a184ce",
"referenced_uuid": "2f799c8d-3791-4020-8203-8f673107e71a",
"relationship_type": "analysed-with",
"timestamp": "1536845855",
"uuid": "5b9a681f-1a7c-4ad1-8d8a-5c7502de0b81"
}
],
"Attribute": [
{
"category": "Payload delivery",
"comment": "",
"deleted": false,
"disable_correlation": false,
"object_relation": "md5",
"timestamp": "1536845806",
"to_ids": true,
"type": "md5",
"uuid": "4e7903a9-92c8-47c5-bc50-e35e4e294668",
"value": "6a77f21e15a0a4763e86d166763dbd05"
},
{
"category": "Payload delivery",
"comment": "",
"deleted": false,
"disable_correlation": false,
"object_relation": "sha1",
"timestamp": "1536845807",
"to_ids": true,
"type": "sha1",
"uuid": "ae854bd2-75aa-4a31-8334-48e3ef021b9e",
"value": "a4a4d892d04f516261c2fa4c56de3ff21afd2812"
},
{
"category": "Payload delivery",
"comment": "",
"deleted": false,
"disable_correlation": false,
"object_relation": "sha256",
"timestamp": "1536845807",
"to_ids": true,
"type": "sha256",
"uuid": "6db1af42-756d-445d-a7bf-a34f5cc20c27",
"value": "29540468514cd48b6c2571722018dffb49d12f99c95b248a44a1455fff01acfb"
}
]
},
{
"comment": "",
"deleted": false,
"description": "VirusTotal report",
"meta-category": "misc",
"name": "virustotal-report",
"template_uuid": "d7dd0154-e04f-4c34-a2fb-79f3a3a52aa4",
"template_version": "2",
"timestamp": "1536845807",
"uuid": "2f799c8d-3791-4020-8203-8f673107e71a",
"Attribute": [
{
"category": "Other",
"comment": "",
"deleted": false,
"disable_correlation": false,
"object_relation": "last-submission",
"timestamp": "1536845807",
"to_ids": false,
"type": "datetime",
"uuid": "ea58763f-c5f9-4765-a316-a8ee71d3fccd",
"value": "2018-09-13T01:25:59"
},
{
"category": "External analysis",
"comment": "",
"deleted": false,
"disable_correlation": false,
"object_relation": "permalink",
"timestamp": "1536845808",
"to_ids": false,
"type": "link",
"uuid": "c949938e-0e64-43e0-944a-40a3b391d0aa",
"value": "https://www.virustotal.com/file/29540468514cd48b6c2571722018dffb49d12f99c95b248a44a1455fff01acfb/analysis/1536801959/"
},
{
"category": "Other",
"comment": "",
"deleted": false,
"disable_correlation": true,
"object_relation": "detection-ratio",
"timestamp": "1536845808",
"to_ids": false,
"type": "text",
"uuid": "70c9ab68-2528-495d-a5a8-78d179b63a00",
"value": "23/58"
}
]
},
{
"comment": "",
"deleted": false,
"description": "File object describing a file with meta-information",
"meta-category": "file",
"name": "file",
"template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215",
"template_version": "11",
"timestamp": "1536845811",
"uuid": "5892a64f-3a60-4d35-b243-5b5ee982d5aa",
"ObjectReference": [
{
"comment": "",
"object_uuid": "5892a64f-3a60-4d35-b243-5b5ee982d5aa",
"referenced_uuid": "c0c775a5-3da7-4a09-b2b3-401164eadeb0",
"relationship_type": "analysed-with",
"timestamp": "1536845855",
"uuid": "5b9a681f-3160-4615-8588-5c7502de0b81"
}
],
"Attribute": [
{
"category": "Payload delivery",
"comment": "",
"deleted": false,
"disable_correlation": false,
"object_relation": "md5",
"timestamp": "1536845808",
"to_ids": true,
"type": "md5",
"uuid": "5902a53a-8b91-4d34-87e6-3d814dbc3d8a",
"value": "1998b2f489c4da5ecafe7fb5cc790575"
},
{
"category": "Payload delivery",
"comment": "",
"deleted": false,
"disable_correlation": false,
"object_relation": "sha1",
"timestamp": "1536845809",
"to_ids": true,
"type": "sha1",
"uuid": "8fc67189-522c-4946-9e14-62c0a08badf6",
"value": "13c72eb4c783b74046aeb53f50173eccfb64c7ca"
},
{
"category": "Payload delivery",
"comment": "",
"deleted": false,
"disable_correlation": false,
"object_relation": "sha256",
"timestamp": "1536845809",
"to_ids": true,
"type": "sha256",
"uuid": "af98ef0d-bb40-4d07-a09c-f2bae9f9c7d4",
"value": "ef090093496ccdab506848166a07554bfa74eb98a0546171b84fc73861f67c79"
}
]
},
{
"comment": "",
"deleted": false,
"description": "VirusTotal report",
"meta-category": "misc",
"name": "virustotal-report",
"template_uuid": "d7dd0154-e04f-4c34-a2fb-79f3a3a52aa4",
"template_version": "2",
"timestamp": "1536845810",
"uuid": "c0c775a5-3da7-4a09-b2b3-401164eadeb0",
"Attribute": [
{
"category": "Other",
"comment": "",
"deleted": false,
"disable_correlation": false,
"object_relation": "last-submission",
"timestamp": "1536845810",
"to_ids": false,
"type": "datetime",
"uuid": "1144ae7f-5675-47d6-97f0-df298c23cbb1",
"value": "2018-09-11T06:12:03"
},
{
"category": "External analysis",
"comment": "",
"deleted": false,
"disable_correlation": false,
"object_relation": "permalink",
"timestamp": "1536845810",
"to_ids": false,
"type": "link",
"uuid": "c4d12609-ad7a-4cff-8bb6-259c956faaf7",
"value": "https://www.virustotal.com/file/ef090093496ccdab506848166a07554bfa74eb98a0546171b84fc73861f67c79/analysis/1536646323/"
},
{
"category": "Other",
"comment": "",
"deleted": false,
"disable_correlation": true,
"object_relation": "detection-ratio",
"timestamp": "1536845811",
"to_ids": false,
"type": "text",
"uuid": "bb80ca2b-f4ce-47e0-949f-c3b0b611c005",
"value": "23/59"
}
]
},
{
"comment": "",
"deleted": false,
"description": "File object describing a file with meta-information",
"meta-category": "file",
"name": "file",
"template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215",
"template_version": "11",
"timestamp": "1536845814",
"uuid": "b8d711a9-9a6e-4659-b9b2-b42dc5fb64bd",
"ObjectReference": [
{
"comment": "",
"object_uuid": "b8d711a9-9a6e-4659-b9b2-b42dc5fb64bd",
"referenced_uuid": "526f5584-f6ca-47e3-9fa6-94a38edeac72",
"relationship_type": "analysed-with",
"timestamp": "1536845855",
"uuid": "5b9a681f-8a08-43ef-ae78-5c7502de0b81"
}
],
"Attribute": [
{
"category": "Payload delivery",
"comment": "",
"deleted": false,
"disable_correlation": false,
"object_relation": "md5",
"timestamp": "1536845811",
"to_ids": true,
"type": "md5",
"uuid": "f7ca2d2f-1a83-40d1-9a30-5b260fcc9677",
"value": "218821892d5d5e460101d6914cfe2a3d"
},
{
"category": "Payload delivery",
"comment": "",
"deleted": false,
"disable_correlation": false,
"object_relation": "sha1",
"timestamp": "1536845811",
"to_ids": true,
"type": "sha1",
"uuid": "017ab2ad-762b-4938-899c-fb88e0fbdf3f",
"value": "1da48a03224df6397f2215cd6b79308dbda7cf86"
},
{
"category": "Payload delivery",
"comment": "",
"deleted": false,
"disable_correlation": false,
"object_relation": "sha256",
"timestamp": "1536845812",
"to_ids": true,
"type": "sha256",
"uuid": "16bdec95-3785-4f1c-90fd-fcbadfb1d962",
"value": "dafe1b513183902692c8ba8b2a95fede7c13937e49bf21294de448df05edff18"
}
]
},
{
"comment": "",
"deleted": false,
"description": "VirusTotal report",
"meta-category": "misc",
"name": "virustotal-report",
"template_uuid": "d7dd0154-e04f-4c34-a2fb-79f3a3a52aa4",
"template_version": "2",
"timestamp": "1536845812",
"uuid": "526f5584-f6ca-47e3-9fa6-94a38edeac72",
"Attribute": [
{
"category": "Other",
"comment": "",
"deleted": false,
"disable_correlation": false,
"object_relation": "last-submission",
"timestamp": "1536845812",
"to_ids": false,
"type": "datetime",
"uuid": "db64872a-34a9-4bf5-adf4-a6aaa45cf956",
"value": "2018-09-10T14:18:14"
},
{
"category": "External analysis",
"comment": "",
"deleted": false,
"disable_correlation": false,
"object_relation": "permalink",
"timestamp": "1536845813",
"to_ids": false,
"type": "link",
"uuid": "0a9bcc4e-e99a-4e38-9585-e27415770029",
"value": "https://www.virustotal.com/file/dafe1b513183902692c8ba8b2a95fede7c13937e49bf21294de448df05edff18/analysis/1536589094/"
},
{
"category": "Other",
"comment": "",
"deleted": false,
"disable_correlation": true,
"object_relation": "detection-ratio",
"timestamp": "1536845813",
"to_ids": false,
"type": "text",
"uuid": "84e65e5c-1e5f-41ac-93c2-97f15f9a571d",
"value": "16/59"
}
]
},
{
"comment": "",
"deleted": false,
"description": "File object describing a file with meta-information",
"meta-category": "file",
"name": "file",
"template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215",
"template_version": "11",
"timestamp": "1536845816",
"uuid": "3bd19fac-4ad2-4d33-b023-7359e714c116",
"ObjectReference": [
{
"comment": "",
"object_uuid": "3bd19fac-4ad2-4d33-b023-7359e714c116",
"referenced_uuid": "c28acd19-e6ca-4fa4-a444-c884b75c7a0a",
"relationship_type": "analysed-with",
"timestamp": "1536845855",
"uuid": "5b9a681f-df90-48f5-ab5d-5c7502de0b81"
}
],
"Attribute": [
{
"category": "Payload delivery",
"comment": "",
"deleted": false,
"disable_correlation": false,
"object_relation": "md5",
"timestamp": "1536845813",
"to_ids": true,
"type": "md5",
"uuid": "5211272c-e45a-4e2a-b7d7-f44dd3a97f2f",
"value": "3df581337af37f4e66be5026062dcfb2"
},
{
"category": "Payload delivery",
"comment": "",
"deleted": false,
"disable_correlation": false,
"object_relation": "sha1",
"timestamp": "1536845814",
"to_ids": true,
"type": "sha1",
"uuid": "02a982dc-3132-4fb9-a438-135834d82ad2",
"value": "61116e2b1614cebeed29b489d699f4bbcf217fa3"
},
{
"category": "Payload delivery",
"comment": "",
"deleted": false,
"disable_correlation": false,
"object_relation": "sha256",
"timestamp": "1536845814",
"to_ids": true,
"type": "sha256",
"uuid": "8318d0ed-0a8b-41fa-bf98-d3bf3def789a",
"value": "52274c46933c20aaf64fd4c11557143fcfdc76eef192743fafd1b3a8bed3f4d2"
}
]
},
{
"comment": "",
"deleted": false,
"description": "VirusTotal report",
"meta-category": "misc",
"name": "virustotal-report",
"template_uuid": "d7dd0154-e04f-4c34-a2fb-79f3a3a52aa4",
"template_version": "2",
"timestamp": "1536845814",
"uuid": "c28acd19-e6ca-4fa4-a444-c884b75c7a0a",
"Attribute": [
{
"category": "Other",
"comment": "",
"deleted": false,
"disable_correlation": false,
"object_relation": "last-submission",
"timestamp": "1536845815",
"to_ids": false,
"type": "datetime",
"uuid": "43e8d1b7-22fd-4ab9-899c-4473ad895757",
"value": "2018-09-13T07:59:15"
},
{
"category": "External analysis",
"comment": "",
"deleted": false,
"disable_correlation": false,
"object_relation": "permalink",
"timestamp": "1536845815",
"to_ids": false,
"type": "link",
"uuid": "01ffe445-591f-4e55-bcb0-8bfbaebf687f",
"value": "https://www.virustotal.com/file/52274c46933c20aaf64fd4c11557143fcfdc76eef192743fafd1b3a8bed3f4d2/analysis/1536825555/"
},
{
"category": "Other",
"comment": "",
"deleted": false,
"disable_correlation": true,
"object_relation": "detection-ratio",
"timestamp": "1536845815",
"to_ids": false,
"type": "text",
"uuid": "5c91c16b-b4f8-4c3a-b62b-236a1c911f46",
"value": "20/57"
}
]
},
{
"comment": "",
"deleted": false,
"description": "File object describing a file with meta-information",
"meta-category": "file",
"name": "file",
"template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215",
"template_version": "11",
"timestamp": "1536845818",
"uuid": "832a413e-bc2f-47a6-b913-d9ae101ea8d0",
"ObjectReference": [
{
"comment": "",
"object_uuid": "832a413e-bc2f-47a6-b913-d9ae101ea8d0",
"referenced_uuid": "ef7a87c9-d339-48a4-a939-93db4c14e085",
"relationship_type": "analysed-with",
"timestamp": "1536845855",
"uuid": "5b9a681f-12b8-4ada-8011-5c7502de0b81"
}
],
"Attribute": [
{
"category": "Payload delivery",
"comment": "",
"deleted": false,
"disable_correlation": false,
"object_relation": "md5",
"timestamp": "1536845816",
"to_ids": true,
"type": "md5",
"uuid": "a1f0d49e-6e68-4c08-be68-f320a0713a8b",
"value": "9387e4ce5b53ee19af2dafcf8c5aedd1"
},
{
"category": "Payload delivery",
"comment": "",
"deleted": false,
"disable_correlation": false,
"object_relation": "sha1",
"timestamp": "1536845816",
"to_ids": true,
"type": "sha1",
"uuid": "406ab928-a441-477a-bed1-6d133db49dd0",
"value": "8588546bc5ca10137fc6d2268085a2173a7638c8"
},
{
"category": "Payload delivery",
"comment": "",
"deleted": false,
"disable_correlation": false,
"object_relation": "sha256",
"timestamp": "1536845816",
"to_ids": true,
"type": "sha256",
"uuid": "4312d2cd-6746-47c2-8402-dc367651e19d",
"value": "ae2354a5d8b84fb6ea6fc4b9ca3060959d5c0c77684cd2100731df2a3c7a204e"
}
]
},
{
"comment": "",
"deleted": false,
"description": "VirusTotal report",
"meta-category": "misc",
"name": "virustotal-report",
"template_uuid": "d7dd0154-e04f-4c34-a2fb-79f3a3a52aa4",
"template_version": "2",
"timestamp": "1536845817",
"uuid": "ef7a87c9-d339-48a4-a939-93db4c14e085",
"Attribute": [
{
"category": "Other",
"comment": "",
"deleted": false,
"disable_correlation": false,
"object_relation": "last-submission",
"timestamp": "1536845817",
"to_ids": false,
"type": "datetime",
"uuid": "ceb2089f-f043-4d4b-84b0-744285914f35",
"value": "2018-09-10T14:15:40"
},
{
"category": "External analysis",
"comment": "",
"deleted": false,
"disable_correlation": false,
"object_relation": "permalink",
"timestamp": "1536845817",
"to_ids": false,
"type": "link",
"uuid": "54a8e308-a2f0-4e97-9ecf-ca11a4f431a0",
"value": "https://www.virustotal.com/file/ae2354a5d8b84fb6ea6fc4b9ca3060959d5c0c77684cd2100731df2a3c7a204e/analysis/1536588940/"
},
{
"category": "Other",
"comment": "",
"deleted": false,
"disable_correlation": true,
"object_relation": "detection-ratio",
"timestamp": "1536845818",
"to_ids": false,
"type": "text",
"uuid": "8387e690-d923-4f33-8cde-768ab505083f",
"value": "18/57"
}
]
},
{
"comment": "",
"deleted": false,
"description": "File object describing a file with meta-information",
"meta-category": "file",
"name": "file",
"template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215",
"template_version": "11",
"timestamp": "1536845821",
"uuid": "fd8a9a4d-bf88-4db4-b070-cda698f7e250",
"ObjectReference": [
{
"comment": "",
"object_uuid": "fd8a9a4d-bf88-4db4-b070-cda698f7e250",
"referenced_uuid": "24952aa6-ab94-4152-af25-3437ccf8a6d4",
"relationship_type": "analysed-with",
"timestamp": "1536845855",
"uuid": "5b9a681f-826c-45ed-955a-5c7502de0b81"
}
],
"Attribute": [
{
"category": "Payload delivery",
"comment": "",
"deleted": false,
"disable_correlation": false,
"object_relation": "md5",
"timestamp": "1536845818",
"to_ids": true,
"type": "md5",
"uuid": "16038725-6ef8-4d9f-bb2d-98553f5a539c",
"value": "75cbd3709696219b94d1355349348e84"
},
{
"category": "Payload delivery",
"comment": "",
"deleted": false,
"disable_correlation": false,
"object_relation": "sha1",
"timestamp": "1536845818",
"to_ids": true,
"type": "sha1",
"uuid": "37f92afb-75b9-4004-8d82-f50e54f1c7bb",
"value": "3a9a06a2f2efdf1fed10793fa7220730bc315af1"
},
{
"category": "Payload delivery",
"comment": "",
"deleted": false,
"disable_correlation": false,
"object_relation": "sha256",
"timestamp": "1536845819",
"to_ids": true,
"type": "sha256",
"uuid": "2591a4c7-8eb8-420c-b803-6ccb85927671",
"value": "49cdb537f5e4081362545532a623f597212c8cea847cf9f2b2f1fe1f3cd0ec2f"
}
]
},
{
"comment": "",
"deleted": false,
"description": "VirusTotal report",
"meta-category": "misc",
"name": "virustotal-report",
"template_uuid": "d7dd0154-e04f-4c34-a2fb-79f3a3a52aa4",
"template_version": "2",
"timestamp": "1536845819",
"uuid": "24952aa6-ab94-4152-af25-3437ccf8a6d4",
"Attribute": [
{
"category": "Other",
"comment": "",
"deleted": false,
"disable_correlation": false,
"object_relation": "last-submission",
"timestamp": "1536845819",
"to_ids": false,
"type": "datetime",
"uuid": "69f9765e-d423-4a90-b910-952b150e503e",
"value": "2018-09-13T01:26:10"
},
{
"category": "External analysis",
"comment": "",
"deleted": false,
"disable_correlation": false,
"object_relation": "permalink",
"timestamp": "1536845820",
"to_ids": false,
"type": "link",
"uuid": "740f1058-5283-4224-8dc0-44d8a81a9214",
"value": "https://www.virustotal.com/file/49cdb537f5e4081362545532a623f597212c8cea847cf9f2b2f1fe1f3cd0ec2f/analysis/1536801970/"
},
{
"category": "Other",
"comment": "",
"deleted": false,
"disable_correlation": true,
"object_relation": "detection-ratio",
"timestamp": "1536845822",
"to_ids": false,
"type": "text",
"uuid": "1c63801e-198c-46e3-9eb9-df05d0b1e755",
"value": "22/57"
}
]
},
{
"comment": "",
"deleted": false,
"description": "File object describing a file with meta-information",
"meta-category": "file",
"name": "file",
"template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215",
"template_version": "11",
"timestamp": "1536845825",
"uuid": "8eff451c-0576-4361-b4a7-a4e2f7949bd5",
"ObjectReference": [
{
"comment": "",
"object_uuid": "8eff451c-0576-4361-b4a7-a4e2f7949bd5",
"referenced_uuid": "5f60eec5-1e31-47a7-a572-3c69ff9cbd7d",
"relationship_type": "analysed-with",
"timestamp": "1536845855",
"uuid": "5b9a681f-f9f0-4ea6-8209-5c7502de0b81"
}
],
"Attribute": [
{
"category": "Payload delivery",
"comment": "",
"deleted": false,
"disable_correlation": false,
"object_relation": "md5",
"timestamp": "1536845822",
"to_ids": true,
"type": "md5",
"uuid": "23052521-d9d0-4f1f-ae41-c7bc85337cef",
"value": "af525f736a3d31837e16575136752d2b"
},
{
"category": "Payload delivery",
"comment": "",
"deleted": false,
"disable_correlation": false,
"object_relation": "sha1",
"timestamp": "1536845822",
"to_ids": true,
"type": "sha1",
"uuid": "f74635f9-c8e6-4bb6-8405-315bf7fc8b0f",
"value": "adde5df82821d40c8821452f38704dc70f378eb9"
},
{
"category": "Payload delivery",
"comment": "",
"deleted": false,
"disable_correlation": false,
"object_relation": "sha256",
"timestamp": "1536845823",
"to_ids": true,
"type": "sha256",
"uuid": "c2db3508-7027-4206-bf7d-790d0de1639d",
"value": "68b27935c7d064478339f7d95b57ff06ffa1efbd81009b4a2870c5cf3e0b0b35"
}
]
},
{
"comment": "",
"deleted": false,
"description": "VirusTotal report",
"meta-category": "misc",
"name": "virustotal-report",
"template_uuid": "d7dd0154-e04f-4c34-a2fb-79f3a3a52aa4",
"template_version": "2",
"timestamp": "1536845823",
"uuid": "5f60eec5-1e31-47a7-a572-3c69ff9cbd7d",
"Attribute": [
{
"category": "Other",
"comment": "",
"deleted": false,
"disable_correlation": false,
"object_relation": "last-submission",
"timestamp": "1536845823",
"to_ids": false,
"type": "datetime",
"uuid": "b91a61f5-ebae-4f5e-9556-0f4f47bebc45",
"value": "2018-09-11T06:00:17"
},
{
"category": "External analysis",
"comment": "",
"deleted": false,
"disable_correlation": false,
"object_relation": "permalink",
"timestamp": "1536845824",
"to_ids": false,
"type": "link",
"uuid": "b64fd84b-850e-4cf1-8608-0e345e8ebaec",
"value": "https://www.virustotal.com/file/68b27935c7d064478339f7d95b57ff06ffa1efbd81009b4a2870c5cf3e0b0b35/analysis/1536645617/"
},
{
"category": "Other",
"comment": "",
"deleted": false,
"disable_correlation": true,
"object_relation": "detection-ratio",
"timestamp": "1536845824",
"to_ids": false,
"type": "text",
"uuid": "e1074a2c-3c90-45e1-aaed-fb41141987b3",
"value": "25/59"
}
]
},
{
"comment": "",
"deleted": false,
"description": "File object describing a file with meta-information",
"meta-category": "file",
"name": "file",
"template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215",
"template_version": "11",
"timestamp": "1536845827",
"uuid": "b93e361e-6457-475a-8466-3229a898dd5d",
"ObjectReference": [
{
"comment": "",
"object_uuid": "b93e361e-6457-475a-8466-3229a898dd5d",
"referenced_uuid": "c0ada5f7-d274-4011-9a05-b1bdb2ebe146",
"relationship_type": "analysed-with",
"timestamp": "1536845855",
"uuid": "5b9a681f-29f8-45cf-9a57-5c7502de0b81"
}
],
"Attribute": [
{
"category": "Payload delivery",
"comment": "",
"deleted": false,
"disable_correlation": false,
"object_relation": "md5",
"timestamp": "1536845824",
"to_ids": true,
"type": "md5",
"uuid": "ef077428-fc14-4761-abd0-a949623e0601",
"value": "6a6307b57a6baf33f9bf148b3fecd9a4"
},
{
"category": "Payload delivery",
"comment": "",
"deleted": false,
"disable_correlation": false,
"object_relation": "sha1",
"timestamp": "1536845825",
"to_ids": true,
"type": "sha1",
"uuid": "fb23f52c-6c92-474e-bfe4-8cb86de4dd29",
"value": "a6a3190afc1c87c98c3ba6b8c82c230b11a02565"
},
{
"category": "Payload delivery",
"comment": "",
"deleted": false,
"disable_correlation": false,
"object_relation": "sha256",
"timestamp": "1536845825",
"to_ids": true,
"type": "sha256",
"uuid": "fced4fb2-9e6c-44ce-a7f8-eebd108e22f0",
"value": "f89d742c4d3312ac9bd707a9135235482c554e369cb646dcd97f6a14b4210136"
}
]
},
{
"comment": "",
"deleted": false,
"description": "VirusTotal report",
"meta-category": "misc",
"name": "virustotal-report",
"template_uuid": "d7dd0154-e04f-4c34-a2fb-79f3a3a52aa4",
"template_version": "2",
"timestamp": "1536845827",
"uuid": "c0ada5f7-d274-4011-9a05-b1bdb2ebe146",
"Attribute": [
{
"category": "Other",
"comment": "",
"deleted": false,
"disable_correlation": false,
"object_relation": "last-submission",
"timestamp": "1536845827",
"to_ids": false,
"type": "datetime",
"uuid": "7431f176-47a0-4aeb-a93a-b5b8aaa3155d",
"value": "2018-09-10T14:19:02"
},
{
"category": "External analysis",
"comment": "",
"deleted": false,
"disable_correlation": false,
"object_relation": "permalink",
"timestamp": "1536845828",
"to_ids": false,
"type": "link",
"uuid": "b9f2a194-9392-41fd-9849-9953d0b6a129",
"value": "https://www.virustotal.com/file/f89d742c4d3312ac9bd707a9135235482c554e369cb646dcd97f6a14b4210136/analysis/1536589142/"
},
{
"category": "Other",
"comment": "",
"deleted": false,
"disable_correlation": true,
"object_relation": "detection-ratio",
"timestamp": "1536845828",
"to_ids": false,
"type": "text",
"uuid": "767f6eaf-08b2-4b5e-929c-9cd867b9bebe",
"value": "16/59"
}
]
},
{
"comment": "",
"deleted": false,
"description": "File object describing a file with meta-information",
"meta-category": "file",
"name": "file",
"template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215",
"template_version": "11",
"timestamp": "1536845831",
"uuid": "5eddfb2f-6cc7-461f-b6ce-136882e44252",
"ObjectReference": [
{
"comment": "",
"object_uuid": "5eddfb2f-6cc7-461f-b6ce-136882e44252",
"referenced_uuid": "50f46239-1bfb-4c67-aa7d-37f5d327db89",
"relationship_type": "analysed-with",
"timestamp": "1536845855",
"uuid": "5b9a681f-a2a8-4169-960b-5c7502de0b81"
}
],
"Attribute": [
{
"category": "Payload delivery",
"comment": "",
"deleted": false,
"disable_correlation": false,
"object_relation": "md5",
"timestamp": "1536845829",
"to_ids": true,
"type": "md5",
"uuid": "c25f357d-4aad-4aba-a3b2-9a73d3c0e3a1",
"value": "9bcf535899fe77d4f3c78f3bd9810e10"
},
{
"category": "Payload delivery",
"comment": "",
"deleted": false,
"disable_correlation": false,
"object_relation": "sha1",
"timestamp": "1536845829",
"to_ids": true,
"type": "sha1",
"uuid": "228aee38-f096-4d22-9f9b-32fbfe5f1bd8",
"value": "0baafb0dc6ecefdda5c131e8128aa6ac698b7c1f"
},
{
"category": "Payload delivery",
"comment": "",
"deleted": false,
"disable_correlation": false,
"object_relation": "sha256",
"timestamp": "1536845829",
"to_ids": true,
"type": "sha256",
"uuid": "7822ca46-7377-482b-b2e8-20c38e08bc48",
"value": "d8fbf6d68993045b4840729c788665ab10c50c42b27246a290031664f3b956eb"
}
]
},
{
"comment": "",
"deleted": false,
"description": "VirusTotal report",
"meta-category": "misc",
"name": "virustotal-report",
"template_uuid": "d7dd0154-e04f-4c34-a2fb-79f3a3a52aa4",
"template_version": "2",
"timestamp": "1536845830",
"uuid": "50f46239-1bfb-4c67-aa7d-37f5d327db89",
"Attribute": [
{
"category": "Other",
"comment": "",
"deleted": false,
"disable_correlation": false,
"object_relation": "last-submission",
"timestamp": "1536845830",
"to_ids": false,
"type": "datetime",
"uuid": "39767421-d6e6-4589-aedd-6988492548f7",
"value": "2018-09-11T06:10:07"
},
{
"category": "External analysis",
"comment": "",
"deleted": false,
"disable_correlation": false,
"object_relation": "permalink",
"timestamp": "1536845830",
"to_ids": false,
"type": "link",
"uuid": "ecc5384b-1a99-472c-a1fa-79c3d4bdb50e",
"value": "https://www.virustotal.com/file/d8fbf6d68993045b4840729c788665ab10c50c42b27246a290031664f3b956eb/analysis/1536646207/"
},
{
"category": "Other",
"comment": "",
"deleted": false,
"disable_correlation": true,
"object_relation": "detection-ratio",
"timestamp": "1536845831",
"to_ids": false,
"type": "text",
"uuid": "2f4bbc93-4fc7-4d0e-9471-159600402a6b",
"value": "23/59"
}
]
},
{
"comment": "",
"deleted": false,
"description": "File object describing a file with meta-information",
"meta-category": "file",
"name": "file",
"template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215",
"template_version": "11",
"timestamp": "1536845834",
"uuid": "1409de38-3c59-48e4-bc96-95e5d351ba78",
"ObjectReference": [
{
"comment": "",
"object_uuid": "1409de38-3c59-48e4-bc96-95e5d351ba78",
"referenced_uuid": "8c3716af-2702-42c0-af1d-ffb02e2e5418",
"relationship_type": "analysed-with",
"timestamp": "1536845855",
"uuid": "5b9a681f-fda8-45e8-8f7a-5c7502de0b81"
}
],
"Attribute": [
{
"category": "Payload delivery",
"comment": "",
"deleted": false,
"disable_correlation": false,
"object_relation": "md5",
"timestamp": "1536845831",
"to_ids": true,
"type": "md5",
"uuid": "3f132559-afa7-45f8-b101-6f2407c1ea01",
"value": "e407843bffcf913dfd4fa816b067c33c"
},
{
"category": "Payload delivery",
"comment": "",
"deleted": false,
"disable_correlation": false,
"object_relation": "sha1",
"timestamp": "1536845831",
"to_ids": true,
"type": "sha1",
"uuid": "b857cd3e-3130-4d71-bf46-79022bfbfb97",
"value": "b73865efa77e07a75eb3bdd24d95a92b301a0a74"
},
{
"category": "Payload delivery",
"comment": "",
"deleted": false,
"disable_correlation": false,
"object_relation": "sha256",
"timestamp": "1536845832",
"to_ids": true,
"type": "sha256",
"uuid": "6814140c-2867-4479-8a11-c5721c3fedc3",
"value": "078eef70d754e9b64bc783f085846a2e8ae419653a79ed2386c4ade86fde68cb"
}
]
},
{
"comment": "",
"deleted": false,
"description": "VirusTotal report",
"meta-category": "misc",
"name": "virustotal-report",
"template_uuid": "d7dd0154-e04f-4c34-a2fb-79f3a3a52aa4",
"template_version": "2",
"timestamp": "1536845832",
"uuid": "8c3716af-2702-42c0-af1d-ffb02e2e5418",
"Attribute": [
{
"category": "Other",
"comment": "",
"deleted": false,
"disable_correlation": false,
"object_relation": "last-submission",
"timestamp": "1536845832",
"to_ids": false,
"type": "datetime",
"uuid": "197fd2f8-187a-4dd4-827c-333abecba11e",
"value": "2018-09-12T10:59:31"
},
{
"category": "External analysis",
"comment": "",
"deleted": false,
"disable_correlation": false,
"object_relation": "permalink",
"timestamp": "1536845833",
"to_ids": false,
"type": "link",
"uuid": "acd59703-f3e3-4fea-b989-174c2f4e44b4",
"value": "https://www.virustotal.com/file/078eef70d754e9b64bc783f085846a2e8ae419653a79ed2386c4ade86fde68cb/analysis/1536749971/"
},
{
"category": "Other",
"comment": "",
"deleted": false,
"disable_correlation": true,
"object_relation": "detection-ratio",
"timestamp": "1536845833",
"to_ids": false,
"type": "text",
"uuid": "cb23a3ca-b153-4074-bb77-1007af2b3d1b",
"value": "22/57"
}
]
},
{
"comment": "",
"deleted": false,
"description": "File object describing a file with meta-information",
"meta-category": "file",
"name": "file",
"template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215",
"template_version": "11",
"timestamp": "1536845836",
"uuid": "a85d42ef-debd-451d-815b-ff5467bd75b2",
"ObjectReference": [
{
"comment": "",
"object_uuid": "a85d42ef-debd-451d-815b-ff5467bd75b2",
"referenced_uuid": "17cf418e-64b5-41ec-922b-54d42d0ee510",
"relationship_type": "analysed-with",
"timestamp": "1536845855",
"uuid": "5b9a681f-f358-469c-9909-5c7502de0b81"
}
],
"Attribute": [
{
"category": "Payload delivery",
"comment": "",
"deleted": false,
"disable_correlation": false,
"object_relation": "md5",
"timestamp": "1536845833",
"to_ids": true,
"type": "md5",
"uuid": "5b674651-7ab2-438c-af65-1fbd085d57cd",
"value": "b324726c2a526fd98b06145b557408f0"
},
{
"category": "Payload delivery",
"comment": "",
"deleted": false,
"disable_correlation": false,
"object_relation": "sha1",
"timestamp": "1536845834",
"to_ids": true,
"type": "sha1",
"uuid": "dd387ce9-ca8b-4771-a574-dc8b145e8273",
"value": "95e7b1213aa808678cd04cd1befdebba8b37ebf7"
},
{
"category": "Payload delivery",
"comment": "",
"deleted": false,
"disable_correlation": false,
"object_relation": "sha256",
"timestamp": "1536845834",
"to_ids": true,
"type": "sha256",
"uuid": "30047801-df88-48a4-9db1-cd5e7e2e0f8d",
"value": "99c22a0c0e252ab123fb3167f49d94dc12960b79565ca6dfd28f2ff5b0346348"
}
]
},
{
"comment": "",
"deleted": false,
"description": "VirusTotal report",
"meta-category": "misc",
"name": "virustotal-report",
"template_uuid": "d7dd0154-e04f-4c34-a2fb-79f3a3a52aa4",
"template_version": "2",
"timestamp": "1536845835",
"uuid": "17cf418e-64b5-41ec-922b-54d42d0ee510",
"Attribute": [
{
"category": "Other",
"comment": "",
"deleted": false,
"disable_correlation": false,
"object_relation": "last-submission",
"timestamp": "1536845835",
"to_ids": false,
"type": "datetime",
"uuid": "c43399fa-212e-4d49-b8e4-16b9c17a87ee",
"value": "2018-09-11T07:55:29"
},
{
"category": "External analysis",
"comment": "",
"deleted": false,
"disable_correlation": false,
"object_relation": "permalink",
"timestamp": "1536845835",
"to_ids": false,
"type": "link",
"uuid": "3b6822a4-4f37-4f1e-91be-01b076bbbbff",
"value": "https://www.virustotal.com/file/99c22a0c0e252ab123fb3167f49d94dc12960b79565ca6dfd28f2ff5b0346348/analysis/1536652529/"
},
{
"category": "Other",
"comment": "",
"deleted": false,
"disable_correlation": true,
"object_relation": "detection-ratio",
"timestamp": "1536845836",
"to_ids": false,
"type": "text",
"uuid": "ba72f04f-02a5-49e6-aa16-29dd0e33b163",
"value": "23/59"
}
]
},
{
"comment": "",
"deleted": false,
"description": "File object describing a file with meta-information",
"meta-category": "file",
"name": "file",
"template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215",
"template_version": "11",
"timestamp": "1536845839",
"uuid": "f04ab39a-7beb-4615-b61f-b246d5530a1d",
"ObjectReference": [
{
"comment": "",
"object_uuid": "f04ab39a-7beb-4615-b61f-b246d5530a1d",
"referenced_uuid": "9b32fc2b-5313-4b24-b254-76b77752b779",
"relationship_type": "analysed-with",
"timestamp": "1536845855",
"uuid": "5b9a681f-5948-4343-9d55-5c7502de0b81"
}
],
"Attribute": [
{
"category": "Payload delivery",
"comment": "",
"deleted": false,
"disable_correlation": false,
"object_relation": "md5",
"timestamp": "1536845836",
"to_ids": true,
"type": "md5",
"uuid": "ed4d5241-3e22-41e0-b358-baab230c5cd3",
"value": "6b33b5c8d7e57e3c1c674eb1ffaf2cb2"
},
{
"category": "Payload delivery",
"comment": "",
"deleted": false,
"disable_correlation": false,
"object_relation": "sha1",
"timestamp": "1536845836",
"to_ids": true,
"type": "sha1",
"uuid": "8bd13ed2-bcfe-47a1-b96c-8f7be1712bcf",
"value": "8606fd59486682c5fe32e3b1d1df622922e734e8"
},
{
"category": "Payload delivery",
"comment": "",
"deleted": false,
"disable_correlation": false,
"object_relation": "sha256",
"timestamp": "1536845837",
"to_ids": true,
"type": "sha256",
"uuid": "3edc73a1-1098-4602-a14d-ff55c548e11a",
"value": "aab0ec600cdf57f28f9480ff3a9d3547f699af005c015b74c5c9e39a992570b6"
}
]
},
{
"comment": "",
"deleted": false,
"description": "VirusTotal report",
"meta-category": "misc",
"name": "virustotal-report",
"template_uuid": "d7dd0154-e04f-4c34-a2fb-79f3a3a52aa4",
"template_version": "2",
"timestamp": "1536845837",
"uuid": "9b32fc2b-5313-4b24-b254-76b77752b779",
"Attribute": [
{
"category": "Other",
"comment": "",
"deleted": false,
"disable_correlation": false,
"object_relation": "last-submission",
"timestamp": "1536845837",
"to_ids": false,
"type": "datetime",
"uuid": "9aae846b-805c-430a-9fc3-855881423ded",
"value": "2018-09-10T09:43:09"
},
{
"category": "External analysis",
"comment": "",
"deleted": false,
"disable_correlation": false,
"object_relation": "permalink",
"timestamp": "1536845838",
"to_ids": false,
"type": "link",
"uuid": "207f6dfe-b3ac-41ec-8363-228ac90d09c7",
"value": "https://www.virustotal.com/file/aab0ec600cdf57f28f9480ff3a9d3547f699af005c015b74c5c9e39a992570b6/analysis/1536572589/"
},
{
"category": "Other",
"comment": "",
"deleted": false,
"disable_correlation": true,
"object_relation": "detection-ratio",
"timestamp": "1536845838",
"to_ids": false,
"type": "text",
"uuid": "0677f378-8f0c-4473-a74b-505cc2a6cad0",
"value": "24/58"
}
]
},
{
"comment": "",
"deleted": false,
"description": "File object describing a file with meta-information",
"meta-category": "file",
"name": "file",
"template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215",
"template_version": "11",
"timestamp": "1536845841",
"uuid": "01a176a0-f1c1-4ead-8cc6-a657d617f57d",
"ObjectReference": [
{
"comment": "",
"object_uuid": "01a176a0-f1c1-4ead-8cc6-a657d617f57d",
"referenced_uuid": "499422cf-0c27-46f7-9926-fbabf396ce2f",
"relationship_type": "analysed-with",
"timestamp": "1536845855",
"uuid": "5b9a681f-b830-4ca9-91da-5c7502de0b81"
}
],
"Attribute": [
{
"category": "Payload delivery",
"comment": "",
"deleted": false,
"disable_correlation": false,
"object_relation": "md5",
"timestamp": "1536845838",
"to_ids": true,
"type": "md5",
"uuid": "6cc764a0-17d7-41b8-8f8e-f00b527fd538",
"value": "d26bf0c4bef27196aae4b0b533877f16"
},
{
"category": "Payload delivery",
"comment": "",
"deleted": false,
"disable_correlation": false,
"object_relation": "sha1",
"timestamp": "1536845839",
"to_ids": true,
"type": "sha1",
"uuid": "85a983e4-cfa1-41d9-8380-b55d3a39a782",
"value": "96575a020408a67d03d0058735090d601df2e1a8"
},
{
"category": "Payload delivery",
"comment": "",
"deleted": false,
"disable_correlation": false,
"object_relation": "sha256",
"timestamp": "1536845839",
"to_ids": true,
"type": "sha256",
"uuid": "e1309772-7098-4488-b7f9-13cf48d42cb4",
"value": "d6648a36f55d6b8ffd034df7d04156d31411719ce9bc28e6d30c8427feacb397"
}
]
},
{
"comment": "",
"deleted": false,
"description": "VirusTotal report",
"meta-category": "misc",
"name": "virustotal-report",
"template_uuid": "d7dd0154-e04f-4c34-a2fb-79f3a3a52aa4",
"template_version": "2",
"timestamp": "1536845840",
"uuid": "499422cf-0c27-46f7-9926-fbabf396ce2f",
"Attribute": [
{
"category": "Other",
"comment": "",
"deleted": false,
"disable_correlation": false,
"object_relation": "last-submission",
"timestamp": "1536845840",
"to_ids": false,
"type": "datetime",
"uuid": "c75451f3-6f0d-436d-a3cf-f526d6f2b115",
"value": "2018-09-10T13:23:05"
},
{
"category": "External analysis",
"comment": "",
"deleted": false,
"disable_correlation": false,
"object_relation": "permalink",
"timestamp": "1536845840",
"to_ids": false,
"type": "link",
"uuid": "9147ab65-176e-4e95-a4ae-1a21d12d51a9",
"value": "https://www.virustotal.com/file/d6648a36f55d6b8ffd034df7d04156d31411719ce9bc28e6d30c8427feacb397/analysis/1536585785/"
},
{
"category": "Other",
"comment": "",
"deleted": false,
"disable_correlation": true,
"object_relation": "detection-ratio",
"timestamp": "1536845840",
"to_ids": false,
"type": "text",
"uuid": "034e3e61-12fc-4acf-8974-1301ef7d8113",
"value": "19/60"
}
]
},
{
"comment": "",
"deleted": false,
"description": "File object describing a file with meta-information",
"meta-category": "file",
"name": "file",
"template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215",
"template_version": "11",
"timestamp": "1536845843",
"uuid": "11eb620d-cf54-4826-a5e1-cd47cf0c42c8",
"ObjectReference": [
{
"comment": "",
"object_uuid": "11eb620d-cf54-4826-a5e1-cd47cf0c42c8",
"referenced_uuid": "3a5d4ca6-6c1c-45c8-b969-f42e24018080",
"relationship_type": "analysed-with",
"timestamp": "1536845855",
"uuid": "5b9a681f-14c0-4ec9-8e36-5c7502de0b81"
}
],
"Attribute": [
{
"category": "Payload delivery",
"comment": "",
"deleted": false,
"disable_correlation": false,
"object_relation": "md5",
"timestamp": "1536845841",
"to_ids": true,
"type": "md5",
"uuid": "8c7dd80b-47b8-4abb-b9e1-3e6b147863d3",
"value": "f8e0ec8a7c6629c2f206c2b8860ded3f"
},
{
"category": "Payload delivery",
"comment": "",
"deleted": false,
"disable_correlation": false,
"object_relation": "sha1",
"timestamp": "1536845841",
"to_ids": true,
"type": "sha1",
"uuid": "514d9ac2-0c72-463d-a9d5-e9ef7a3d940e",
"value": "9d00562ca754411b4158d4e0e953e486cc4b3886"
},
{
"category": "Payload delivery",
"comment": "",
"deleted": false,
"disable_correlation": false,
"object_relation": "sha256",
"timestamp": "1536845841",
"to_ids": true,
"type": "sha256",
"uuid": "2aa6e597-3ddf-4c44-bba5-584e62da9a95",
"value": "596270e91ccee3ec04a552bafde586af127ecac7141852edb9707ac6c4779a99"
}
]
},
{
"comment": "",
"deleted": false,
"description": "VirusTotal report",
"meta-category": "misc",
"name": "virustotal-report",
"template_uuid": "d7dd0154-e04f-4c34-a2fb-79f3a3a52aa4",
"template_version": "2",
"timestamp": "1536845842",
"uuid": "3a5d4ca6-6c1c-45c8-b969-f42e24018080",
"Attribute": [
{
"category": "Other",
"comment": "",
"deleted": false,
"disable_correlation": false,
"object_relation": "last-submission",
"timestamp": "1536845842",
"to_ids": false,
"type": "datetime",
"uuid": "f757360f-d424-412b-9e62-c6c4ef056a61",
"value": "2018-09-11T05:10:56"
},
{
"category": "External analysis",
"comment": "",
"deleted": false,
"disable_correlation": false,
"object_relation": "permalink",
"timestamp": "1536845842",
"to_ids": false,
"type": "link",
"uuid": "164f4b29-d0f9-4c29-adde-2b124d558914",
"value": "https://www.virustotal.com/file/596270e91ccee3ec04a552bafde586af127ecac7141852edb9707ac6c4779a99/analysis/1536642656/"
},
{
"category": "Other",
"comment": "",
"deleted": false,
"disable_correlation": true,
"object_relation": "detection-ratio",
"timestamp": "1536845843",
"to_ids": false,
"type": "text",
"uuid": "fca216f8-84e9-4497-9ad3-090cb3a399ed",
"value": "22/58"
}
]
},
{
"comment": "",
"deleted": false,
"description": "File object describing a file with meta-information",
"meta-category": "file",
"name": "file",
"template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215",
"template_version": "11",
"timestamp": "1536845846",
"uuid": "25927348-f7e5-4c73-bb65-1a697c164887",
"ObjectReference": [
{
"comment": "",
"object_uuid": "25927348-f7e5-4c73-bb65-1a697c164887",
"referenced_uuid": "bd12dbfb-3c97-438b-9431-b91856a77007",
"relationship_type": "analysed-with",
"timestamp": "1536845856",
"uuid": "5b9a6820-7818-48a1-996d-5c7502de0b81"
}
],
"Attribute": [
{
"category": "Payload delivery",
"comment": "",
"deleted": false,
"disable_correlation": false,
"object_relation": "md5",
"timestamp": "1536845843",
"to_ids": true,
"type": "md5",
"uuid": "200b3234-0071-4ea5-b637-91ed9c395374",
"value": "d1dffadb8f075c8d4fe822fa81a3ddb1"
},
{
"category": "Payload delivery",
"comment": "",
"deleted": false,
"disable_correlation": false,
"object_relation": "sha1",
"timestamp": "1536845843",
"to_ids": true,
"type": "sha1",
"uuid": "50ac9f18-7f97-456e-8e90-e693800ba23f",
"value": "c90535a54d0494b981c6a4f09b331762cebbfcc9"
},
{
"category": "Payload delivery",
"comment": "",
"deleted": false,
"disable_correlation": false,
"object_relation": "sha256",
"timestamp": "1536845844",
"to_ids": true,
"type": "sha256",
"uuid": "9d2d0189-c490-46f6-8f74-ac51ad156e1c",
"value": "fab034d705b3ad7a10101858daf5da93a88f8bfd509dee9b8072678b27290ed3"
}
]
},
{
"comment": "",
"deleted": false,
"description": "VirusTotal report",
"meta-category": "misc",
"name": "virustotal-report",
"template_uuid": "d7dd0154-e04f-4c34-a2fb-79f3a3a52aa4",
"template_version": "2",
"timestamp": "1536845844",
"uuid": "bd12dbfb-3c97-438b-9431-b91856a77007",
"Attribute": [
{
"category": "Other",
"comment": "",
"deleted": false,
"disable_correlation": false,
"object_relation": "last-submission",
"timestamp": "1536845844",
"to_ids": false,
"type": "datetime",
"uuid": "4dcd8a36-6411-416b-aba9-64c1818398cb",
"value": "2018-09-11T05:09:31"
},
{
"category": "External analysis",
"comment": "",
"deleted": false,
"disable_correlation": false,
"object_relation": "permalink",
"timestamp": "1536845845",
"to_ids": false,
"type": "link",
"uuid": "aac80e1e-6cdc-467f-8771-7e72effbc129",
"value": "https://www.virustotal.com/file/fab034d705b3ad7a10101858daf5da93a88f8bfd509dee9b8072678b27290ed3/analysis/1536642571/"
},
{
"category": "Other",
"comment": "",
"deleted": false,
"disable_correlation": true,
"object_relation": "detection-ratio",
"timestamp": "1536845845",
"to_ids": false,
"type": "text",
"uuid": "08caff6d-2bd9-48af-8850-d27b75126967",
"value": "24/60"
}
]
},
{
"comment": "",
"deleted": false,
"description": "File object describing a file with meta-information",
"meta-category": "file",
"name": "file",
"template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215",
"template_version": "11",
"timestamp": "1536845848",
"uuid": "cd8a9a3f-2459-42e5-a868-efddc1ea6ac4",
"ObjectReference": [
{
"comment": "",
"object_uuid": "cd8a9a3f-2459-42e5-a868-efddc1ea6ac4",
"referenced_uuid": "bfd604f5-f81f-4c06-a20b-776c02c983e0",
"relationship_type": "analysed-with",
"timestamp": "1536845856",
"uuid": "5b9a6820-f2bc-43d7-98ae-5c7502de0b81"
}
],
"Attribute": [
{
"category": "Payload delivery",
"comment": "",
"deleted": false,
"disable_correlation": false,
"object_relation": "md5",
"timestamp": "1536845845",
"to_ids": true,
"type": "md5",
"uuid": "bd155f2d-f96c-492d-8e9c-5e4adfb48608",
"value": "943aa993dd600b3c8080e7a064cf5568"
},
{
"category": "Payload delivery",
"comment": "",
"deleted": false,
"disable_correlation": false,
"object_relation": "sha1",
"timestamp": "1536845846",
"to_ids": true,
"type": "sha1",
"uuid": "2338e0e8-ce5a-45c1-a35a-1978523eb720",
"value": "9828898850d3e69d16b8ff312635e95ecf4478e9"
},
{
"category": "Payload delivery",
"comment": "",
"deleted": false,
"disable_correlation": false,
"object_relation": "sha256",
"timestamp": "1536845846",
"to_ids": true,
"type": "sha256",
"uuid": "1fe7c59b-3198-41d9-95ce-71a3b1e0134f",
"value": "39891a1c13e4e6ec9de410201f697d23c05e83a29ec0010c6c62c6829386e6a6"
}
]
},
{
"comment": "",
"deleted": false,
"description": "VirusTotal report",
"meta-category": "misc",
"name": "virustotal-report",
"template_uuid": "d7dd0154-e04f-4c34-a2fb-79f3a3a52aa4",
"template_version": "2",
"timestamp": "1536845846",
"uuid": "bfd604f5-f81f-4c06-a20b-776c02c983e0",
"Attribute": [
{
"category": "Other",
"comment": "",
"deleted": false,
"disable_correlation": false,
"object_relation": "last-submission",
"timestamp": "1536845847",
"to_ids": false,
"type": "datetime",
"uuid": "771d6784-63d7-403d-aeb5-a20134c399f2",
"value": "2018-09-11T05:54:54"
},
{
"category": "External analysis",
"comment": "",
"deleted": false,
"disable_correlation": false,
"object_relation": "permalink",
"timestamp": "1536845847",
"to_ids": false,
"type": "link",
"uuid": "b3fa45af-080f-4132-a8de-4c8f487f2a2c",
"value": "https://www.virustotal.com/file/39891a1c13e4e6ec9de410201f697d23c05e83a29ec0010c6c62c6829386e6a6/analysis/1536645294/"
},
{
"category": "Other",
"comment": "",
"deleted": false,
"disable_correlation": true,
"object_relation": "detection-ratio",
"timestamp": "1536845848",
"to_ids": false,
"type": "text",
"uuid": "edc16cb6-6700-4b30-99be-5f415c0f498c",
"value": "23/59"
}
]
},
{
"comment": "",
"deleted": false,
"description": "File object describing a file with meta-information",
"meta-category": "file",
"name": "file",
"template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215",
"template_version": "11",
"timestamp": "1536845851",
"uuid": "41a04017-73fb-4631-887a-0671543e7f41",
"ObjectReference": [
{
"comment": "",
"object_uuid": "41a04017-73fb-4631-887a-0671543e7f41",
"referenced_uuid": "bda04530-cb00-4b96-b39a-8a9f8e68e4b7",
"relationship_type": "analysed-with",
"timestamp": "1536845856",
"uuid": "5b9a6820-e120-474a-83b9-5c7502de0b81"
}
],
"Attribute": [
{
"category": "Payload delivery",
"comment": "",
"deleted": false,
"disable_correlation": false,
"object_relation": "md5",
"timestamp": "1536845848",
"to_ids": true,
"type": "md5",
"uuid": "5e987d5f-9482-43b6-a143-695f249619b1",
"value": "dd0d4d4196735db691a77ad2201fcb2a"
},
{
"category": "Payload delivery",
"comment": "",
"deleted": false,
"disable_correlation": false,
"object_relation": "sha1",
"timestamp": "1536845848",
"to_ids": true,
"type": "sha1",
"uuid": "1e7d6f9b-b5a9-4f4f-8843-3bd6ba414303",
"value": "2e9676699462fbb3b36ad205a8189e93fd68599e"
},
{
"category": "Payload delivery",
"comment": "",
"deleted": false,
"disable_correlation": false,
"object_relation": "sha256",
"timestamp": "1536845849",
"to_ids": true,
"type": "sha256",
"uuid": "d76987d4-a5ea-4263-9d02-fb2f87bf7e59",
"value": "1814c010f5e7391c7ea38850f9caf0771866e315f8d0c58c563818e71d30c208"
}
]
},
{
"comment": "",
"deleted": false,
"description": "VirusTotal report",
"meta-category": "misc",
"name": "virustotal-report",
"template_uuid": "d7dd0154-e04f-4c34-a2fb-79f3a3a52aa4",
"template_version": "2",
"timestamp": "1536845849",
"uuid": "bda04530-cb00-4b96-b39a-8a9f8e68e4b7",
"Attribute": [
{
"category": "Other",
"comment": "",
"deleted": false,
"disable_correlation": false,
"object_relation": "last-submission",
"timestamp": "1536845849",
"to_ids": false,
"type": "datetime",
"uuid": "5d064180-dde6-47df-9e92-52108e0b2c1b",
"value": "2018-09-11T05:50:49"
},
{
"category": "External analysis",
"comment": "",
"deleted": false,
"disable_correlation": false,
"object_relation": "permalink",
"timestamp": "1536845849",
"to_ids": false,
"type": "link",
"uuid": "0a7cb0a0-13d8-40d4-9e47-8f273ce41258",
"value": "https://www.virustotal.com/file/1814c010f5e7391c7ea38850f9caf0771866e315f8d0c58c563818e71d30c208/analysis/1536645049/"
},
{
"category": "Other",
"comment": "",
"deleted": false,
"disable_correlation": true,
"object_relation": "detection-ratio",
"timestamp": "1536845850",
"to_ids": false,
"type": "text",
"uuid": "d0ec1e2b-44aa-4792-9faf-1a294393e2a5",
"value": "21/59"
}
]
},
{
"comment": "",
"deleted": false,
"description": "File object describing a file with meta-information",
"meta-category": "file",
"name": "file",
"template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215",
"template_version": "11",
"timestamp": "1536845853",
"uuid": "a4c7f3b3-28f7-48c2-ba26-e788139df68d",
"ObjectReference": [
{
"comment": "",
"object_uuid": "a4c7f3b3-28f7-48c2-ba26-e788139df68d",
"referenced_uuid": "6aa5bf4e-0751-467c-b327-1883ce155cb3",
"relationship_type": "analysed-with",
"timestamp": "1536845856",
"uuid": "5b9a6820-4708-47e8-aa56-5c7502de0b81"
}
],
"Attribute": [
{
"category": "Payload delivery",
"comment": "",
"deleted": false,
"disable_correlation": false,
"object_relation": "md5",
"timestamp": "1536845850",
"to_ids": true,
"type": "md5",
"uuid": "33a93805-349c-4392-a213-6cb10de17bb5",
"value": "f6388e1650573bac1f933011acda71f2"
},
{
"category": "Payload delivery",
"comment": "",
"deleted": false,
"disable_correlation": false,
"object_relation": "sha1",
"timestamp": "1536845850",
"to_ids": true,
"type": "sha1",
"uuid": "7079eea2-2c3d-452e-a23e-668554d791d6",
"value": "86e7114c21dfdbcefd90f61426b9ce88d2698b12"
},
{
"category": "Payload delivery",
"comment": "",
"deleted": false,
"disable_correlation": false,
"object_relation": "sha256",
"timestamp": "1536845851",
"to_ids": true,
"type": "sha256",
"uuid": "5d0390f9-f8e8-4c16-9d17-8cf726a524be",
"value": "1913cf8e65114136cc309e72c384b717f0aeaaeae0c040188648c4afebce1669"
}
]
},
{
"comment": "",
"deleted": false,
"description": "VirusTotal report",
"meta-category": "misc",
"name": "virustotal-report",
"template_uuid": "d7dd0154-e04f-4c34-a2fb-79f3a3a52aa4",
"template_version": "2",
"timestamp": "1536845851",
"uuid": "6aa5bf4e-0751-467c-b327-1883ce155cb3",
"Attribute": [
{
"category": "Other",
"comment": "",
"deleted": false,
"disable_correlation": false,
"object_relation": "last-submission",
"timestamp": "1536845851",
"to_ids": false,
"type": "datetime",
"uuid": "127ea910-669d-448c-962d-5688970e3f1c",
"value": "2018-09-11T05:50:55"
},
{
"category": "External analysis",
"comment": "",
"deleted": false,
"disable_correlation": false,
"object_relation": "permalink",
"timestamp": "1536845852",
"to_ids": false,
"type": "link",
"uuid": "9e604b76-733e-41a3-a577-cebe99f787b6",
"value": "https://www.virustotal.com/file/1913cf8e65114136cc309e72c384b717f0aeaaeae0c040188648c4afebce1669/analysis/1536645055/"
},
{
"category": "Other",
"comment": "",
"deleted": false,
"disable_correlation": true,
"object_relation": "detection-ratio",
"timestamp": "1536845852",
"to_ids": false,
"type": "text",
"uuid": "5052f9c6-992e-4ea7-a3c0-8c9e1b4c3e16",
"value": "21/59"
}
]
},
{
"comment": "",
"deleted": false,
"description": "File object describing a file with meta-information",
"meta-category": "file",
"name": "file",
"template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215",
"template_version": "11",
"timestamp": "1536845855",
"uuid": "0ac97056-2d5a-45ae-876d-966288ca2ba9",
"ObjectReference": [
{
"comment": "",
"object_uuid": "0ac97056-2d5a-45ae-876d-966288ca2ba9",
"referenced_uuid": "7a81dcbd-cd16-405c-b04c-04b5aab112bf",
"relationship_type": "analysed-with",
"timestamp": "1536845856",
"uuid": "5b9a6820-a974-4109-a59b-5c7502de0b81"
}
],
"Attribute": [
{
"category": "Payload delivery",
"comment": "",
"deleted": false,
"disable_correlation": false,
"object_relation": "md5",
"timestamp": "1536845852",
"to_ids": true,
"type": "md5",
"uuid": "b47f0fe1-6c02-4910-8e9f-4ae22f6bc35f",
"value": "2b0919caab591515af6ff99fb76896e8"
},
{
"category": "Payload delivery",
"comment": "",
"deleted": false,
"disable_correlation": false,
"object_relation": "sha1",
"timestamp": "1536845853",
"to_ids": true,
"type": "sha1",
"uuid": "c2454b24-2987-48af-b70d-18dccf77a3f4",
"value": "99ff9c25bc2e0a874ca4090abb6c612ea984c30c"
},
{
"category": "Payload delivery",
"comment": "",
"deleted": false,
"disable_correlation": false,
"object_relation": "sha256",
"timestamp": "1536845853",
"to_ids": true,
"type": "sha256",
"uuid": "da68a596-5e3a-431c-bf26-a4f92fc63273",
"value": "92a4c6ae034c3a03c21b74bdc00264192e60a85deedd90b99a3e350758eb85c1"
}
]
},
{
"comment": "",
"deleted": false,
"description": "VirusTotal report",
"meta-category": "misc",
"name": "virustotal-report",
"template_uuid": "d7dd0154-e04f-4c34-a2fb-79f3a3a52aa4",
"template_version": "2",
"timestamp": "1536845854",
"uuid": "7a81dcbd-cd16-405c-b04c-04b5aab112bf",
"Attribute": [
{
"category": "Other",
"comment": "",
"deleted": false,
"disable_correlation": false,
"object_relation": "last-submission",
"timestamp": "1536845854",
"to_ids": false,
"type": "datetime",
"uuid": "4f66e666-cc07-49b1-95d4-649d6b094a43",
"value": "2018-09-12T01:40:46"
},
{
"category": "External analysis",
"comment": "",
"deleted": false,
"disable_correlation": false,
"object_relation": "permalink",
"timestamp": "1536845854",
"to_ids": false,
"type": "link",
"uuid": "8ec552cc-d839-4117-a6e0-824ba5d25e68",
"value": "https://www.virustotal.com/file/92a4c6ae034c3a03c21b74bdc00264192e60a85deedd90b99a3e350758eb85c1/analysis/1536716446/"
},
{
"category": "Other",
"comment": "",
"deleted": false,
"disable_correlation": true,
"object_relation": "detection-ratio",
"timestamp": "1536845855",
"to_ids": false,
"type": "text",
"uuid": "26b9502d-8ad2-45bf-b828-6b68cba58d6b",
"value": "23/59"
}
]
}
]
}
}
Reference in a new issue Copy permalink