2023-04-21 13:25:09 +00:00
{
2023-12-14 14:30:15 +00:00
"Event" : {
"analysis" : "2" ,
"date" : "2019-04-03" ,
"extends_uuid" : "" ,
"info" : "Malware Analysis Report (AR19-100A) MAR-10135536-8 \u00e2\u20ac\u201c North Korean Trojan: HOPLIGHT MAR-10135536.r8.v1" ,
"publish_timestamp" : "1631185292" ,
"published" : true ,
"threat_level_id" : "3" ,
"timestamp" : "1631185208" ,
"uuid" : "5cae46c1-c198-49cb-9036-4a34950d210f" ,
"Orgc" : {
"name" : "CIRCL" ,
"uuid" : "55f6ea5e-2c60-40e5-964f-47a8950d210f"
} ,
"Tag" : [
{
"colour" : "#ffffff" ,
"local" : "0" ,
"name" : "tlp:white" ,
"relationship_type" : ""
} ,
{
"colour" : "#004646" ,
"local" : "0" ,
"name" : "type:OSINT" ,
"relationship_type" : ""
} ,
{
"colour" : "#0071c3" ,
"local" : "0" ,
"name" : "osint:lifetime=\"perpetual\"" ,
"relationship_type" : ""
} ,
{
"colour" : "#0087e8" ,
"local" : "0" ,
"name" : "osint:certainty=\"50\"" ,
"relationship_type" : ""
} ,
{
"colour" : "#0088cc" ,
"local" : "0" ,
"name" : "misp-galaxy:mitre-enterprise-attack-intrusion-set=\"Lazarus Group\"" ,
"relationship_type" : ""
} ,
{
"colour" : "#0088cc" ,
"local" : "0" ,
"name" : "misp-galaxy:mitre-intrusion-set=\"Lazarus Group\"" ,
"relationship_type" : ""
} ,
{
"colour" : "#0088cc" ,
"local" : "0" ,
"name" : "misp-galaxy:threat-actor=\"COVELLITE\"" ,
"relationship_type" : ""
} ,
{
"colour" : "#13eb00" ,
"local" : "0" ,
"name" : "misp-galaxy:threat-actor=\"Lazarus Group\"" ,
"relationship_type" : ""
}
] ,
"Attribute" : [
{
"category" : "Network activity" ,
"comment" : "" ,
"deleted" : false ,
"disable_correlation" : false ,
"timestamp" : "1554925249" ,
"to_ids" : false ,
"type" : "port" ,
"uuid" : "5e467348-32d1-47d4-9a18-f52265ff5294" ,
"value" : "7443"
} ,
{
"category" : "Network activity" ,
"comment" : "" ,
"deleted" : false ,
"disable_correlation" : false ,
"timestamp" : "1554925249" ,
"to_ids" : false ,
"type" : "port" ,
"uuid" : "7cc187fb-ca19-4786-bc4c-902f8197c54a" ,
"value" : "443"
} ,
{
"category" : "Network activity" ,
"comment" : "" ,
"deleted" : false ,
"disable_correlation" : false ,
"timestamp" : "1554925249" ,
"to_ids" : false ,
"type" : "port" ,
"uuid" : "c8a6e23e-304b-4bc4-a895-0856488ba1e5" ,
"value" : "23164"
} ,
{
"category" : "Network activity" ,
"comment" : "" ,
"deleted" : false ,
"disable_correlation" : false ,
"timestamp" : "1554925249" ,
"to_ids" : false ,
"type" : "port" ,
"uuid" : "aef17f31-c143-4862-8e5e-afb944ec51d6" ,
"value" : "59681"
} ,
{
"category" : "Network activity" ,
"comment" : "" ,
"deleted" : false ,
"disable_correlation" : false ,
"timestamp" : "1554925249" ,
"to_ids" : false ,
"type" : "port" ,
"uuid" : "4205f3b8-0878-4286-9fc0-b98718e3a838" ,
"value" : "23397"
} ,
{
"category" : "Network activity" ,
"comment" : "" ,
"deleted" : false ,
"disable_correlation" : false ,
"timestamp" : "1554925249" ,
"to_ids" : false ,
"type" : "port" ,
"uuid" : "8c604b84-78ae-40cc-af41-6a39ccf913dc" ,
"value" : "59067"
} ,
{
"category" : "Network activity" ,
"comment" : "" ,
"deleted" : false ,
"disable_correlation" : false ,
"timestamp" : "1554925249" ,
"to_ids" : false ,
"type" : "port" ,
"uuid" : "66c7ad51-1cfe-413e-8697-a15d695c883c" ,
"value" : "17770"
} ,
{
"category" : "Network activity" ,
"comment" : "" ,
"deleted" : false ,
"disable_correlation" : false ,
"timestamp" : "1554925249" ,
"to_ids" : false ,
"type" : "port" ,
"uuid" : "ccf4f3c2-365f-4c77-a640-d7f86a8e8244" ,
"value" : "2248"
} ,
{
"category" : "Network activity" ,
"comment" : "" ,
"deleted" : false ,
"disable_correlation" : false ,
"timestamp" : "1554925249" ,
"to_ids" : false ,
"type" : "port" ,
"uuid" : "13b173ea-f663-487b-962c-68c963883a85" ,
"value" : "64694"
} ,
{
"category" : "Network activity" ,
"comment" : "" ,
"deleted" : false ,
"disable_correlation" : false ,
"timestamp" : "1554925249" ,
"to_ids" : false ,
"type" : "port" ,
"uuid" : "18c83f34-ed5a-4e61-a1dd-ef01bfd7e82e" ,
"value" : "37120"
} ,
{
"category" : "Network activity" ,
"comment" : "" ,
"deleted" : false ,
"disable_correlation" : false ,
"timestamp" : "1554925249" ,
"to_ids" : false ,
"type" : "port" ,
"uuid" : "4fc843e5-e45e-4727-b4f4-5b377860c252" ,
"value" : "52884"
} ,
{
"category" : "Network activity" ,
"comment" : "" ,
"deleted" : false ,
"disable_correlation" : false ,
"timestamp" : "1554925249" ,
"to_ids" : false ,
"type" : "port" ,
"uuid" : "47f96d91-741d-4458-a13b-9d2f57bdf6ed" ,
"value" : "65292"
} ,
{
"category" : "Network activity" ,
"comment" : "" ,
"deleted" : false ,
"disable_correlation" : false ,
"timestamp" : "1554925249" ,
"to_ids" : false ,
"type" : "ip-dst" ,
"uuid" : "5e64eddb-9dc7-4976-9c08-4884f931c92e" ,
"value" : "112.175.92.57"
} ,
{
"category" : "Network activity" ,
"comment" : "" ,
"deleted" : false ,
"disable_correlation" : false ,
"timestamp" : "1554925249" ,
"to_ids" : false ,
"type" : "ip-dst" ,
"uuid" : "0031ec2d-46ed-4835-93ef-e6b868a26e40" ,
"value" : "84.49.242.125"
} ,
{
"category" : "Network activity" ,
"comment" : "" ,
"deleted" : false ,
"disable_correlation" : false ,
"timestamp" : "1554925249" ,
"to_ids" : false ,
"type" : "ip-dst" ,
"uuid" : "9b5d58a8-fedd-424b-9e95-1fa9dee6113b" ,
"value" : "81.94.192.147"
} ,
{
"category" : "Network activity" ,
"comment" : "" ,
"deleted" : false ,
"disable_correlation" : false ,
"timestamp" : "1554925249" ,
"to_ids" : false ,
"type" : "ip-dst" ,
"uuid" : "a7455d44-d858-472a-96ee-edea677be659" ,
"value" : "128.200.115.228"
} ,
{
"category" : "Network activity" ,
"comment" : "" ,
"deleted" : false ,
"disable_correlation" : false ,
"timestamp" : "1554925249" ,
"to_ids" : false ,
"type" : "ip-dst" ,
"uuid" : "aa8e532e-3b80-47e4-bb04-22d666a10bd7" ,
"value" : "47.206.4.145"
} ,
{
"category" : "Network activity" ,
"comment" : "" ,
"deleted" : false ,
"disable_correlation" : false ,
"timestamp" : "1554925249" ,
"to_ids" : false ,
"type" : "ip-dst" ,
"uuid" : "3d25e903-29f5-4b88-bf80-bd6bd8a9616b" ,
"value" : "70.224.36.194"
} ,
{
"category" : "Network activity" ,
"comment" : "" ,
"deleted" : false ,
"disable_correlation" : false ,
"timestamp" : "1554925249" ,
"to_ids" : false ,
"type" : "ip-dst" ,
"uuid" : "bc976e66-b5d6-464d-9adc-0d53da3ec01a" ,
"value" : "197.211.212.59"
} ,
{
"category" : "Network activity" ,
"comment" : "" ,
"deleted" : false ,
"disable_correlation" : false ,
"timestamp" : "1554925249" ,
"to_ids" : false ,
"type" : "ip-dst" ,
"uuid" : "93e7d27b-c857-4785-9eb2-3f1a21ab3ac3" ,
"value" : "113.114.117.122"
} ,
{
"category" : "Network activity" ,
"comment" : "" ,
"deleted" : false ,
"disable_correlation" : false ,
"timestamp" : "1554925249" ,
"to_ids" : false ,
"type" : "ip-dst" ,
"uuid" : "dfa5812c-f91e-42b8-811d-718121a46fd9" ,
"value" : "21.252.107.198"
} ,
{
"category" : "Network activity" ,
"comment" : "" ,
"deleted" : false ,
"disable_correlation" : false ,
"timestamp" : "1554925249" ,
"to_ids" : false ,
"type" : "ip-dst" ,
"uuid" : "930261a1-dfbe-4f99-957b-27f14a50a397" ,
"value" : "81.94.192.10"
} ,
{
"category" : "Network activity" ,
"comment" : "" ,
"deleted" : false ,
"disable_correlation" : false ,
"timestamp" : "1554925249" ,
"to_ids" : false ,
"type" : "ip-dst" ,
"uuid" : "4fb3c39a-2c59-46d9-be12-028f54e577c9" ,
"value" : "186.169.2.237"
} ,
{
"category" : "Network activity" ,
"comment" : "" ,
"deleted" : false ,
"disable_correlation" : false ,
"timestamp" : "1554925249" ,
"to_ids" : false ,
"type" : "ip-dst" ,
"uuid" : "e773193c-a490-442a-a41f-63e402cf3865" ,
"value" : "181.39.135.126"
} ,
{
"category" : "Network activity" ,
"comment" : "" ,
"deleted" : false ,
"disable_correlation" : false ,
"timestamp" : "1554925249" ,
"to_ids" : false ,
"type" : "ip-dst" ,
"uuid" : "d959b41a-72bb-478a-b453-5dfac6fe0dc1" ,
"value" : "97.90.44.200"
} ,
{
"category" : "Network activity" ,
"comment" : "" ,
"deleted" : false ,
"disable_correlation" : false ,
"timestamp" : "1554925249" ,
"to_ids" : false ,
"type" : "ip-dst" ,
"uuid" : "378c38f0-377c-4626-949c-5eaa0a6367ae" ,
"value" : "26.165.218.44"
} ,
{
"category" : "Network activity" ,
"comment" : "" ,
"deleted" : false ,
"disable_correlation" : false ,
"timestamp" : "1554925249" ,
"to_ids" : false ,
"type" : "ip-dst" ,
"uuid" : "206ae99c-1cda-41e0-a81f-8e0e8c433156" ,
"value" : "137.139.135.151"
}
] ,
"Object" : [
{
"comment" : "" ,
"deleted" : false ,
"description" : "File object describing a file with meta-information" ,
"meta-category" : "file" ,
"name" : "file" ,
"template_uuid" : "688c46fb-5edb-40a3-8273-1af7923e2215" ,
"template_version" : "16" ,
"timestamp" : "1554925249" ,
"uuid" : "eea5fb73-96a6-4aae-9d36-74cdbefbe4e7" ,
"Attribute" : [
{
"category" : "Payload delivery" ,
"comment" : "" ,
"deleted" : false ,
"disable_correlation" : false ,
"object_relation" : "md5" ,
"timestamp" : "1554925249" ,
"to_ids" : true ,
"type" : "md5" ,
"uuid" : "54f964ed-68a9-4a9d-8679-e048ffdc6648" ,
"value" : "23e27e5482e3f55bf828dab885569033"
} ,
{
"category" : "Payload delivery" ,
"comment" : "" ,
"deleted" : false ,
"disable_correlation" : false ,
"object_relation" : "sha1" ,
"timestamp" : "1554925249" ,
"to_ids" : true ,
"type" : "sha1" ,
"uuid" : "2143d9e1-5c0b-4e66-b765-d8564c18bc81" ,
"value" : "139b25e1ae32a8768238935a8c878bfbe2f89ef4"
} ,
{
"category" : "Payload delivery" ,
"comment" : "" ,
"deleted" : false ,
"disable_correlation" : false ,
"object_relation" : "sha256" ,
"timestamp" : "1554925249" ,
"to_ids" : true ,
"type" : "sha256" ,
"uuid" : "8f8c9a7e-247a-4c92-8a28-b275e2b300a3" ,
"value" : "05feed9762bc46b47a7dc5c469add9f163c16df4ddaafe81983a628da5714461"
}
]
} ,
{
"comment" : "" ,
"deleted" : false ,
"description" : "File object describing a file with meta-information" ,
"meta-category" : "file" ,
"name" : "file" ,
"template_uuid" : "688c46fb-5edb-40a3-8273-1af7923e2215" ,
"template_version" : "16" ,
"timestamp" : "1554925249" ,
"uuid" : "adad988c-643d-4c25-a6fb-50d3e07c62e6" ,
"Attribute" : [
{
"category" : "Payload delivery" ,
"comment" : "" ,
"deleted" : false ,
"disable_correlation" : false ,
"object_relation" : "md5" ,
"timestamp" : "1554925249" ,
"to_ids" : true ,
"type" : "md5" ,
"uuid" : "8ea76fd7-8e51-4228-a1d2-e333c6f381aa" ,
"value" : "5c3898ac7670da30cf0b22075f3e8ed6"
} ,
{
"category" : "Payload delivery" ,
"comment" : "" ,
"deleted" : false ,
"disable_correlation" : false ,
"object_relation" : "sha1" ,
"timestamp" : "1554925249" ,
"to_ids" : true ,
"type" : "sha1" ,
"uuid" : "25662089-edd6-46ed-a1a6-387a2315c5eb" ,
"value" : "91110c569a48b3ba92d771c5666a05781fdd6a57"
} ,
{
"category" : "Payload delivery" ,
"comment" : "" ,
"deleted" : false ,
"disable_correlation" : false ,
"object_relation" : "sha256" ,
"timestamp" : "1554925249" ,
"to_ids" : true ,
"type" : "sha256" ,
"uuid" : "914f5dd0-b6f1-49e5-869d-9a9ba06fc747" ,
"value" : "2151c1977b4555a1761c12f151969f8e853e26c396fa1a7b74ccbaf3a48f4525"
}
]
} ,
{
"comment" : "" ,
"deleted" : false ,
"description" : "File object describing a file with meta-information" ,
"meta-category" : "file" ,
"name" : "file" ,
"template_uuid" : "688c46fb-5edb-40a3-8273-1af7923e2215" ,
"template_version" : "16" ,
"timestamp" : "1554925249" ,
"uuid" : "7e8543c5-336f-4337-a217-c88bf569d8c6" ,
"Attribute" : [
{
"category" : "Payload delivery" ,
"comment" : "" ,
"deleted" : false ,
"disable_correlation" : false ,
"object_relation" : "md5" ,
"timestamp" : "1554925249" ,
"to_ids" : true ,
"type" : "md5" ,
"uuid" : "4b5fd507-ed07-4fa7-8b10-3e8b7ae25d73" ,
"value" : "c5dc53a540abe95e02008a04a0d56d6c"
} ,
{
"category" : "Payload delivery" ,
"comment" : "" ,
"deleted" : false ,
"disable_correlation" : false ,
"object_relation" : "sha1" ,
"timestamp" : "1554925249" ,
"to_ids" : true ,
"type" : "sha1" ,
"uuid" : "912e411c-7e92-4664-a205-456901c2b120" ,
"value" : "4cfe9e353b1a91a2add627873846a3ad912ea96b"
} ,
{
"category" : "Payload delivery" ,
"comment" : "" ,
"deleted" : false ,
"disable_correlation" : false ,
"object_relation" : "sha256" ,
"timestamp" : "1554925249" ,
"to_ids" : true ,
"type" : "sha256" ,
"uuid" : "fabb5dbb-9040-4ad7-a032-8a3231862b22" ,
"value" : "4c372df691fc699552f81c3d3937729f1dde2a2393f36c92ccc2bd2a033a0818"
}
]
} ,
{
"comment" : "" ,
"deleted" : false ,
"description" : "File object describing a file with meta-information" ,
"meta-category" : "file" ,
"name" : "file" ,
"template_uuid" : "688c46fb-5edb-40a3-8273-1af7923e2215" ,
"template_version" : "16" ,
"timestamp" : "1554925249" ,
"uuid" : "70971c87-fa69-4300-882e-5ce6e256496f" ,
"Attribute" : [
{
"category" : "Payload delivery" ,
"comment" : "" ,
"deleted" : false ,
"disable_correlation" : false ,
"object_relation" : "md5" ,
"timestamp" : "1554925250" ,
"to_ids" : true ,
"type" : "md5" ,
"uuid" : "e7583576-4611-480a-8b20-249c21817017" ,
"value" : "be588cd29b9dc6f8cfc4d0aa5e5c79aa"
} ,
{
"category" : "Payload delivery" ,
"comment" : "" ,
"deleted" : false ,
"disable_correlation" : false ,
"object_relation" : "sha1" ,
"timestamp" : "1554925250" ,
"to_ids" : true ,
"type" : "sha1" ,
"uuid" : "d4ab3639-3755-4eff-840a-882634604a99" ,
"value" : "06be4fe1f26bc3e4bef057ec83ae81bd3199c7fc"
} ,
{
"category" : "Payload delivery" ,
"comment" : "" ,
"deleted" : false ,
"disable_correlation" : false ,
"object_relation" : "sha256" ,
"timestamp" : "1554925250" ,
"to_ids" : true ,
"type" : "sha256" ,
"uuid" : "93ae6ff3-a60f-4c32-aab0-93e96f9f5235" ,
"value" : "ddea408e178f0412ae78ff5d5adf2439251f68cad4fd853ee466a3c74649642d"
}
]
} ,
{
"comment" : "" ,
"deleted" : false ,
"description" : "File object describing a file with meta-information" ,
"meta-category" : "file" ,
"name" : "file" ,
"template_uuid" : "688c46fb-5edb-40a3-8273-1af7923e2215" ,
"template_version" : "16" ,
"timestamp" : "1554925250" ,
"uuid" : "6e32e619-e0ca-4e75-b7dc-01f5d1917d9a" ,
"Attribute" : [
{
"category" : "Payload delivery" ,
"comment" : "" ,
"deleted" : false ,
"disable_correlation" : false ,
"object_relation" : "md5" ,
"timestamp" : "1554925250" ,
"to_ids" : true ,
"type" : "md5" ,
"uuid" : "9c61325c-6778-40e5-b7e9-df44e9831ae5" ,
"value" : "868036e102df4ce414b0e6700825b319"
} ,
{
"category" : "Payload delivery" ,
"comment" : "" ,
"deleted" : false ,
"disable_correlation" : false ,
"object_relation" : "sha1" ,
"timestamp" : "1554925250" ,
"to_ids" : true ,
"type" : "sha1" ,
"uuid" : "ee06f6cb-9254-4617-bd36-5f9cf9c06e5f" ,
"value" : "7f1e68d78e455aa14de9020abd2293c3b8ec6cf8"
} ,
{
"category" : "Payload delivery" ,
"comment" : "" ,
"deleted" : false ,
"disable_correlation" : false ,
"object_relation" : "sha256" ,
"timestamp" : "1554925250" ,
"to_ids" : true ,
"type" : "sha256" ,
"uuid" : "78a54597-2984-4776-bee4-c10b60d370b8" ,
"value" : "12480585e08855109c5972e85d99cda7701fe992bc1754f1a0736f1eebcb004d"
}
]
} ,
{
"comment" : "" ,
"deleted" : false ,
"description" : "File object describing a file with meta-information" ,
"meta-category" : "file" ,
"name" : "file" ,
"template_uuid" : "688c46fb-5edb-40a3-8273-1af7923e2215" ,
"template_version" : "16" ,
"timestamp" : "1554925250" ,
"uuid" : "2dd85ad6-0987-4542-822b-df9e89eb9e65" ,
"Attribute" : [
{
"category" : "Payload delivery" ,
"comment" : "" ,
"deleted" : false ,
"disable_correlation" : false ,
"object_relation" : "md5" ,
"timestamp" : "1554925250" ,
"to_ids" : true ,
"type" : "md5" ,
"uuid" : "848c7463-703d-465b-b65c-5167b6d0b09b" ,
"value" : "dc268b166fe4c1d1c8595dccf857c476"
} ,
{
"category" : "Payload delivery" ,
"comment" : "" ,
"deleted" : false ,
"disable_correlation" : false ,
"object_relation" : "sha1" ,
"timestamp" : "1554925250" ,
"to_ids" : true ,
"type" : "sha1" ,
"uuid" : "17bbae6e-534c-4646-b451-9732d8c5a0ed" ,
"value" : "8264556c8a6e460760dc6bb72ecc6f0f966a16b8"
} ,
{
"category" : "Payload delivery" ,
"comment" : "" ,
"deleted" : false ,
"disable_correlation" : false ,
"object_relation" : "sha256" ,
"timestamp" : "1554925250" ,
"to_ids" : true ,
"type" : "sha256" ,
"uuid" : "c7a71e13-ae6b-4a8c-87eb-fb0f8fa79508" ,
"value" : "49757cf85657757704656c079785c072bbc233cab942418d99d1f63d43f28359"
}
]
} ,
{
"comment" : "" ,
"deleted" : false ,
"description" : "File object describing a file with meta-information" ,
"meta-category" : "file" ,
"name" : "file" ,
"template_uuid" : "688c46fb-5edb-40a3-8273-1af7923e2215" ,
"template_version" : "16" ,
"timestamp" : "1554925250" ,
"uuid" : "2612714e-52b6-481c-8fb6-75d5b889548b" ,
"Attribute" : [
{
"category" : "Payload delivery" ,
"comment" : "" ,
"deleted" : false ,
"disable_correlation" : false ,
"object_relation" : "md5" ,
"timestamp" : "1554925250" ,
"to_ids" : true ,
"type" : "md5" ,
"uuid" : "112919f7-96aa-4d04-9004-d878d11cb78d" ,
"value" : "42682d4a78fe5c2eda988185a344637d"
} ,
{
"category" : "Payload delivery" ,
"comment" : "" ,
"deleted" : false ,
"disable_correlation" : false ,
"object_relation" : "sha1" ,
"timestamp" : "1554925250" ,
"to_ids" : true ,
"type" : "sha1" ,
"uuid" : "1af91125-b624-472d-b663-37d5c9e215df" ,
"value" : "4975de2be0a1f7202037f5a504d738fe512191b7"
} ,
{
"category" : "Payload delivery" ,
"comment" : "" ,
"deleted" : false ,
"disable_correlation" : false ,
"object_relation" : "sha256" ,
"timestamp" : "1554925250" ,
"to_ids" : true ,
"type" : "sha256" ,
"uuid" : "68788a94-02e0-456e-bbd9-13b97784349f" ,
"value" : "4a74a9fd40b63218f7504f806fce71dffefc1b1d6ca4bbaadd720b6a89d47761"
}
]
} ,
{
"comment" : "" ,
"deleted" : false ,
"description" : "File object describing a file with meta-information" ,
"meta-category" : "file" ,
"name" : "file" ,
"template_uuid" : "688c46fb-5edb-40a3-8273-1af7923e2215" ,
"template_version" : "16" ,
"timestamp" : "1554925250" ,
"uuid" : "6ab25fb7-8818-49cc-9ace-c227806fe342" ,
"Attribute" : [
{
"category" : "Payload delivery" ,
"comment" : "" ,
"deleted" : false ,
"disable_correlation" : false ,
"object_relation" : "md5" ,
"timestamp" : "1554925250" ,
"to_ids" : true ,
"type" : "md5" ,
"uuid" : "ed9d5817-84c0-4d18-a35a-dc8f7d26f775" ,
"value" : "3021b9ef74c7bddf59656a035f94fd08"
} ,
{
"category" : "Payload delivery" ,
"comment" : "" ,
"deleted" : false ,
"disable_correlation" : false ,
"object_relation" : "sha1" ,
"timestamp" : "1554925250" ,
"to_ids" : true ,
"type" : "sha1" ,
"uuid" : "d165b976-9ff9-445c-b6a1-eda0cbf7579d" ,
"value" : "05ad5f346d0282e43360965373eb2a8d39735137"
} ,
{
"category" : "Payload delivery" ,
"comment" : "" ,
"deleted" : false ,
"disable_correlation" : false ,
"object_relation" : "sha256" ,
"timestamp" : "1554925250" ,
"to_ids" : true ,
"type" : "sha256" ,
"uuid" : "7a73058f-426c-4794-9b57-ff6c0e59ea26" ,
"value" : "83228075a604e955d59edc760e4c4ed16eedabfc8f6ac291cf21b4fcbcd1f70a"
}
]
} ,
{
"comment" : "" ,
"deleted" : false ,
"description" : "File object describing a file with meta-information" ,
"meta-category" : "file" ,
"name" : "file" ,
"template_uuid" : "688c46fb-5edb-40a3-8273-1af7923e2215" ,
"template_version" : "16" ,
"timestamp" : "1554925250" ,
"uuid" : "27db0397-2a1b-429b-8bae-d0427d55c164" ,
"Attribute" : [
{
"category" : "Payload delivery" ,
"comment" : "" ,
"deleted" : false ,
"disable_correlation" : false ,
"object_relation" : "md5" ,
"timestamp" : "1554925250" ,
"to_ids" : true ,
"type" : "md5" ,
"uuid" : "ed3709f0-2f35-4356-84b0-be32671ae6f1" ,
"value" : "61e3571b8d9b2e9ccfadc3dde10fb6e1"
} ,
{
"category" : "Payload delivery" ,
"comment" : "" ,
"deleted" : false ,
"disable_correlation" : false ,
"object_relation" : "sha1" ,
"timestamp" : "1554925250" ,
"to_ids" : true ,
"type" : "sha1" ,
"uuid" : "1e400601-2e47-4228-80cf-42fe312228e0" ,
"value" : "55daa1fca210ebf66b1a1d2db1aa3373b06da680"
} ,
{
"category" : "Payload delivery" ,
"comment" : "" ,
"deleted" : false ,
"disable_correlation" : false ,
"object_relation" : "sha256" ,
"timestamp" : "1554925250" ,
"to_ids" : true ,
"type" : "sha256" ,
"uuid" : "9a62aefa-26f5-4b87-8cc6-339b84597615" ,
"value" : "70034b33f59c6698403293cdc28676c7daa8c49031089efa6eefce41e22dccb3"
}
]
} ,
{
"comment" : "" ,
"deleted" : false ,
"description" : "File object describing a file with meta-information" ,
"meta-category" : "file" ,
"name" : "file" ,
"template_uuid" : "688c46fb-5edb-40a3-8273-1af7923e2215" ,
"template_version" : "16" ,
"timestamp" : "1554925250" ,
"uuid" : "f431fcf2-94fe-495a-8fe2-f39c15e442f2" ,
"Attribute" : [
{
"category" : "Payload delivery" ,
"comment" : "" ,
"deleted" : false ,
"disable_correlation" : false ,
"object_relation" : "md5" ,
"timestamp" : "1554925250" ,
"to_ids" : true ,
"type" : "md5" ,
"uuid" : "9cf78cc6-478d-42a3-8e64-6f59f195e6a8" ,
"value" : "0893e206274cb98189d51a284c2a8c83"
} ,
{
"category" : "Payload delivery" ,
"comment" : "" ,
"deleted" : false ,
"disable_correlation" : false ,
"object_relation" : "sha1" ,
"timestamp" : "1554925250" ,
"to_ids" : true ,
"type" : "sha1" ,
"uuid" : "49adb98f-d2de-400e-abce-933d31d961bc" ,
"value" : "d1f4cf4250e7ba186c1d0c6d8876f5a644f457a4"
} ,
{
"category" : "Payload delivery" ,
"comment" : "" ,
"deleted" : false ,
"disable_correlation" : false ,
"object_relation" : "sha256" ,
"timestamp" : "1554925250" ,
"to_ids" : true ,
"type" : "sha256" ,
"uuid" : "343e8786-8ca0-4bb1-8fcf-fc70d5a0a567" ,
"value" : "cd5ff67ff773cc60c98c35f9e9d514b597cbd148789547ba152ba67bfc0fec8f"
}
]
} ,
{
"comment" : "" ,
"deleted" : false ,
"description" : "File object describing a file with meta-information" ,
"meta-category" : "file" ,
"name" : "file" ,
"template_uuid" : "688c46fb-5edb-40a3-8273-1af7923e2215" ,
"template_version" : "16" ,
"timestamp" : "1554925250" ,
"uuid" : "9379eade-cf5a-477a-a8b4-6eb2199c340b" ,
"Attribute" : [
{
"category" : "Payload delivery" ,
"comment" : "" ,
"deleted" : false ,
"disable_correlation" : false ,
"object_relation" : "md5" ,
"timestamp" : "1631185195" ,
"to_ids" : false ,
"type" : "md5" ,
"uuid" : "21dcee4a-fed1-4cd4-b337-f495fca9faa9" ,
"value" : "c4103f122d27677c9db144cae1394a66"
} ,
{
"category" : "Payload delivery" ,
"comment" : "" ,
"deleted" : false ,
"disable_correlation" : false ,
"object_relation" : "sha1" ,
"timestamp" : "1631185198" ,
"to_ids" : false ,
"type" : "sha1" ,
"uuid" : "81c63c38-43de-4922-b35d-4aecb27ff9bb" ,
"value" : "1489f923c4dca729178b3e3233458550d8dddf29"
} ,
{
"category" : "Payload delivery" ,
"comment" : "" ,
"deleted" : false ,
"disable_correlation" : false ,
"object_relation" : "sha256" ,
"timestamp" : "1631185208" ,
"to_ids" : false ,
"type" : "sha256" ,
"uuid" : "49104f78-ef07-4ae8-a9c8-a48f7b04c5bc" ,
"value" : "96a296d224f285c67bee93c30f8a309157f0daa35dc5b87e410b78630a09cfc7"
}
]
} ,
{
"comment" : "" ,
"deleted" : false ,
"description" : "Object describing a section of a Portable Executable" ,
"meta-category" : "file" ,
"name" : "pe-section" ,
"template_uuid" : "198a17d2-a135-4b25-9a32-5aa4e632014a" ,
"template_version" : "2" ,
"timestamp" : "1554925250" ,
"uuid" : "6a82a81c-cc1c-4568-95e8-65da2aa8a8ec" ,
"Attribute" : [
{
"category" : "Other" ,
"comment" : "" ,
"deleted" : false ,
"disable_correlation" : true ,
"object_relation" : "entropy" ,
"timestamp" : "1554925250" ,
"to_ids" : false ,
"type" : "float" ,
"uuid" : "026bccf0-af5e-4d04-ba13-941a2b97c9fd" ,
"value" : "2.542817"
} ,
{
"category" : "Payload delivery" ,
"comment" : "" ,
"deleted" : false ,
"disable_correlation" : false ,
"object_relation" : "md5" ,
"timestamp" : "1554925250" ,
"to_ids" : true ,
"type" : "md5" ,
"uuid" : "61eab12c-88a3-4fec-bff1-1f0cea073fb0" ,
"value" : "c06924120c87e2cb79505e4ab0c2e192"
} ,
{
"category" : "Other" ,
"comment" : "" ,
"deleted" : false ,
"disable_correlation" : true ,
"object_relation" : "size-in-bytes" ,
"timestamp" : "1554925250" ,
"to_ids" : false ,
"type" : "size-in-bytes" ,
"uuid" : "98e8e9d7-8239-498d-9068-2f72767e6848" ,
"value" : "1024"
}
]
} ,
{
"comment" : "" ,
"deleted" : false ,
"description" : "Object describing a section of a Portable Executable" ,
"meta-category" : "file" ,
"name" : "pe-section" ,
"template_uuid" : "198a17d2-a135-4b25-9a32-5aa4e632014a" ,
"template_version" : "2" ,
"timestamp" : "1554925250" ,
"uuid" : "132d7802-77e5-432c-8cf6-7648b90e7acd" ,
"Attribute" : [
{
"category" : "Payload delivery" ,
"comment" : "" ,
"deleted" : false ,
"disable_correlation" : false ,
"object_relation" : "md5" ,
"timestamp" : "1554925250" ,
"to_ids" : true ,
"type" : "md5" ,
"uuid" : "b8f8095e-4611-4431-b56c-73bd427ffc79" ,
"value" : "3368eda2d5820605a055596c7c438f0f"
} ,
{
"category" : "Other" ,
"comment" : "" ,
"deleted" : false ,
"disable_correlation" : true ,
"object_relation" : "entropy" ,
"timestamp" : "1554925250" ,
"to_ids" : false ,
"type" : "float" ,
"uuid" : "22f6639e-4e1c-4c21-9e66-4c6f2dd58e8e" ,
"value" : "6.441545"
} ,
{
"category" : "Other" ,
"comment" : "" ,
"deleted" : false ,
"disable_correlation" : true ,
"object_relation" : "name" ,
"timestamp" : "1554925250" ,
"to_ids" : false ,
"type" : "text" ,
"uuid" : "10ae0529-05da-4c1a-9647-e674df77194a" ,
"value" : ".text"
} ,
{
"category" : "Other" ,
"comment" : "" ,
"deleted" : false ,
"disable_correlation" : true ,
"object_relation" : "size-in-bytes" ,
"timestamp" : "1554925250" ,
"to_ids" : false ,
"type" : "size-in-bytes" ,
"uuid" : "c89bb820-7efd-49de-987e-0466ab07af24" ,
"value" : "197120"
}
]
} ,
{
"comment" : "" ,
"deleted" : false ,
"description" : "Object describing a section of a Portable Executable" ,
"meta-category" : "file" ,
"name" : "pe-section" ,
"template_uuid" : "198a17d2-a135-4b25-9a32-5aa4e632014a" ,
"template_version" : "2" ,
"timestamp" : "1554925250" ,
"uuid" : "51c3c827-4e60-4f91-b6b4-b1e99fab0df8" ,
"Attribute" : [
{
"category" : "Payload delivery" ,
"comment" : "" ,
"deleted" : false ,
"disable_correlation" : false ,
"object_relation" : "md5" ,
"timestamp" : "1554925251" ,
"to_ids" : true ,
"type" : "md5" ,
"uuid" : "4da7482c-3d35-4d8f-88f6-e73a14c294dd" ,
"value" : "ec1f06839fa9bc10ad8e183b6bf7c1b5"
} ,
{
"category" : "Other" ,
"comment" : "" ,
"deleted" : false ,
"disable_correlation" : true ,
"object_relation" : "entropy" ,
"timestamp" : "1554925251" ,
"to_ids" : false ,
"type" : "float" ,
"uuid" : "10b07ecf-448e-4c7a-8349-19241d4f640d" ,
"value" : "5.956914"
} ,
{
"category" : "Other" ,
"comment" : "" ,
"deleted" : false ,
"disable_correlation" : true ,
"object_relation" : "name" ,
"timestamp" : "1554925251" ,
"to_ids" : false ,
"type" : "text" ,
"uuid" : "9040e2be-7b8c-4c63-a13d-7e273b3f6a93" ,
"value" : ".rdata"
} ,
{
"category" : "Other" ,
"comment" : "" ,
"deleted" : false ,
"disable_correlation" : true ,
"object_relation" : "size-in-bytes" ,
"timestamp" : "1554925251" ,
"to_ids" : false ,
"type" : "size-in-bytes" ,
"uuid" : "d4d042f6-ffa1-4314-81d7-4d5dc65e75d7" ,
"value" : "27136"
}
]
} ,
{
"comment" : "" ,
"deleted" : false ,
"description" : "Object describing a section of a Portable Executable" ,
"meta-category" : "file" ,
"name" : "pe-section" ,
"template_uuid" : "198a17d2-a135-4b25-9a32-5aa4e632014a" ,
"template_version" : "2" ,
"timestamp" : "1554925251" ,
"uuid" : "a4f1d6f8-842e-42f9-8d2c-b69a2d04a1ea" ,
"Attribute" : [
{
"category" : "Payload delivery" ,
"comment" : "" ,
"deleted" : false ,
"disable_correlation" : false ,
"object_relation" : "md5" ,
"timestamp" : "1554925251" ,
"to_ids" : true ,
"type" : "md5" ,
"uuid" : "d520e839-76ab-4991-bcfc-4f67bb4fd738" ,
"value" : "1e62b7d9f7cc48162e0651f7de314c8a"
} ,
{
"category" : "Other" ,
"comment" : "" ,
"deleted" : false ,
"disable_correlation" : true ,
"object_relation" : "entropy" ,
"timestamp" : "1554925251" ,
"to_ids" : false ,
"type" : "float" ,
"uuid" : "5eec8273-6d98-4ef8-ad6a-d00a95b2092b" ,
"value" : "4.147893"
} ,
{
"category" : "Other" ,
"comment" : "" ,
"deleted" : false ,
"disable_correlation" : true ,
"object_relation" : "name" ,
"timestamp" : "1554925251" ,
"to_ids" : false ,
"type" : "text" ,
"uuid" : "63afbe8b-03ca-46bc-82c7-7b6669057e5c" ,
"value" : ".data"
} ,
{
"category" : "Other" ,
"comment" : "" ,
"deleted" : false ,
"disable_correlation" : true ,
"object_relation" : "size-in-bytes" ,
"timestamp" : "1554925251" ,
"to_ids" : false ,
"type" : "size-in-bytes" ,
"uuid" : "c7ab30e9-837a-4262-8acd-a7d3b3dfd3c4" ,
"value" : "8192"
}
]
} ,
{
"comment" : "" ,
"deleted" : false ,
"description" : "Object describing a section of a Portable Executable" ,
"meta-category" : "file" ,
"name" : "pe-section" ,
"template_uuid" : "198a17d2-a135-4b25-9a32-5aa4e632014a" ,
"template_version" : "2" ,
"timestamp" : "1554925251" ,
"uuid" : "a61f2333-075a-4f7e-9145-b7e624c99d43" ,
"Attribute" : [
{
"category" : "Payload delivery" ,
"comment" : "" ,
"deleted" : false ,
"disable_correlation" : false ,
"object_relation" : "md5" ,
"timestamp" : "1554925251" ,
"to_ids" : true ,
"type" : "md5" ,
"uuid" : "5aa67187-ff2d-4c6d-bf7e-56ba932ae292" ,
"value" : "980effd28a6c674865537f313318733a"
} ,
{
"category" : "Other" ,
"comment" : "" ,
"deleted" : false ,
"disable_correlation" : true ,
"object_relation" : "entropy" ,
"timestamp" : "1554925251" ,
"to_ids" : false ,
"type" : "float" ,
"uuid" : "e4739013-d1f6-4da4-8d81-af28aaafe34d" ,
"value" : "5.090362"
} ,
{
"category" : "Other" ,
"comment" : "" ,
"deleted" : false ,
"disable_correlation" : true ,
"object_relation" : "name" ,
"timestamp" : "1554925251" ,
"to_ids" : false ,
"type" : "text" ,
"uuid" : "d0be3f42-d87b-4da7-9113-6d7829fd1676" ,
"value" : ".rsrc"
} ,
{
"category" : "Other" ,
"comment" : "" ,
"deleted" : false ,
"disable_correlation" : true ,
"object_relation" : "size-in-bytes" ,
"timestamp" : "1554925251" ,
"to_ids" : false ,
"type" : "size-in-bytes" ,
"uuid" : "959005d0-0b35-495e-8681-16f0eadcb7b2" ,
"value" : "512"
}
]
} ,
{
"comment" : "" ,
"deleted" : false ,
"description" : "Object describing a section of a Portable Executable" ,
"meta-category" : "file" ,
"name" : "pe-section" ,
"template_uuid" : "198a17d2-a135-4b25-9a32-5aa4e632014a" ,
"template_version" : "2" ,
"timestamp" : "1554925251" ,
"uuid" : "904eab59-fca8-4005-ae01-fa802500e52c" ,
"Attribute" : [
{
"category" : "Payload delivery" ,
"comment" : "" ,
"deleted" : false ,
"disable_correlation" : false ,
"object_relation" : "md5" ,
"timestamp" : "1554925251" ,
"to_ids" : true ,
"type" : "md5" ,
"uuid" : "edfedbf3-79b4-4209-8df0-98687d42d22b" ,
"value" : "696fd5cac6e744f336e8ab68a4708fcf"
} ,
{
"category" : "Other" ,
"comment" : "" ,
"deleted" : false ,
"disable_correlation" : true ,
"object_relation" : "entropy" ,
"timestamp" : "1554925251" ,
"to_ids" : false ,
"type" : "float" ,
"uuid" : "4ef97107-db6e-40f9-a63c-1a574c8f1b28" ,
"value" : "5.247502"
} ,
{
"category" : "Other" ,
"comment" : "" ,
"deleted" : false ,
"disable_correlation" : true ,
"object_relation" : "name" ,
"timestamp" : "1554925251" ,
"to_ids" : false ,
"type" : "text" ,
"uuid" : "fbf5d6fd-a566-4bda-bddf-f6ef93f7ca1f" ,
"value" : ".reloc"
} ,
{
"category" : "Other" ,
"comment" : "" ,
"deleted" : false ,
"disable_correlation" : true ,
"object_relation" : "size-in-bytes" ,
"timestamp" : "1554925251" ,
"to_ids" : false ,
"type" : "size-in-bytes" ,
"uuid" : "0cc130d4-bada-4e9f-8cfc-46a5c5451d89" ,
"value" : "8704"
}
]
} ,
{
"comment" : "" ,
"deleted" : false ,
"description" : "Object describing a Portable Executable" ,
"meta-category" : "file" ,
"name" : "pe" ,
"template_uuid" : "cf7adecc-d4f0-4e88-9d90-f978ee151a07" ,
"template_version" : "3" ,
"timestamp" : "1554925251" ,
"uuid" : "a10931bb-7045-47ad-bc16-e2684051e353" ,
"ObjectReference" : [
{
"comment" : "" ,
"object_uuid" : "a10931bb-7045-47ad-bc16-e2684051e353" ,
"referenced_uuid" : "6a82a81c-cc1c-4568-95e8-65da2aa8a8ec" ,
"relationship_type" : "header-of" ,
"timestamp" : "1554925262" ,
"uuid" : "5cae46ce-90a4-4483-bee9-412f950d210f"
} ,
{
"comment" : "" ,
"object_uuid" : "a10931bb-7045-47ad-bc16-e2684051e353" ,
"referenced_uuid" : "132d7802-77e5-432c-8cf6-7648b90e7acd" ,
"relationship_type" : "included-in" ,
"timestamp" : "1554925262" ,
"uuid" : "5cae46ce-fd3c-47b9-8ced-4ce8950d210f"
} ,
{
"comment" : "" ,
"object_uuid" : "a10931bb-7045-47ad-bc16-e2684051e353" ,
"referenced_uuid" : "51c3c827-4e60-4f91-b6b4-b1e99fab0df8" ,
"relationship_type" : "included-in" ,
"timestamp" : "1554925263" ,
"uuid" : "5cae46cf-85ec-431a-ba56-4a32950d210f"
} ,
{
"comment" : "" ,
"object_uuid" : "a10931bb-7045-47ad-bc16-e2684051e353" ,
"referenced_uuid" : "a4f1d6f8-842e-42f9-8d2c-b69a2d04a1ea" ,
"relationship_type" : "included-in" ,
"timestamp" : "1554925263" ,
"uuid" : "5cae46cf-ab08-455c-b3ca-4fb4950d210f"
} ,
{
"comment" : "" ,
"object_uuid" : "a10931bb-7045-47ad-bc16-e2684051e353" ,
"referenced_uuid" : "a61f2333-075a-4f7e-9145-b7e624c99d43" ,
"relationship_type" : "included-in" ,
"timestamp" : "1554925263" ,
"uuid" : "5cae46cf-75e4-41ae-9187-40b4950d210f"
} ,
{
"comment" : "" ,
"object_uuid" : "a10931bb-7045-47ad-bc16-e2684051e353" ,
"referenced_uuid" : "904eab59-fca8-4005-ae01-fa802500e52c" ,
"relationship_type" : "included-in" ,
"timestamp" : "1554925263" ,
"uuid" : "5cae46cf-a010-46bd-937a-445b950d210f"
}
] ,
"Attribute" : [
{
"category" : "Payload delivery" ,
"comment" : "" ,
"deleted" : false ,
"disable_correlation" : true ,
"object_relation" : "internal-filename" ,
"timestamp" : "1554925251" ,
"to_ids" : true ,
"type" : "filename" ,
"uuid" : "93a9958e-fb09-4e95-a860-f7be260daaa3" ,
"value" : "23E27E5482E3F55BF828DAB885569033"
} ,
{
"category" : "Payload delivery" ,
"comment" : "" ,
"deleted" : false ,
"disable_correlation" : true ,
"object_relation" : "original-filename" ,
"timestamp" : "1554925251" ,
"to_ids" : true ,
"type" : "filename" ,
"uuid" : "a6632d8f-1907-4100-bbb1-19f6e553ce8c" ,
"value" : "23E27E5482E3F55BF828DAB885569033"
} ,
{
"category" : "Other" ,
"comment" : "" ,
"deleted" : false ,
"disable_correlation" : true ,
"object_relation" : "number-sections" ,
"timestamp" : "1554925251" ,
"to_ids" : false ,
"type" : "counter" ,
"uuid" : "66e4e39a-7aa9-45d2-8bbf-391640e00b5e" ,
"value" : "6"
}
]
} ,
{
"comment" : "" ,
"deleted" : false ,
"description" : "File object describing a file with meta-information" ,
"meta-category" : "file" ,
"name" : "file" ,
"template_uuid" : "688c46fb-5edb-40a3-8273-1af7923e2215" ,
"template_version" : "16" ,
"timestamp" : "1555061895" ,
"uuid" : "22effacf-e4e2-4e50-b638-8246fd0e093e" ,
"ObjectReference" : [
{
"comment" : "" ,
"object_uuid" : "22effacf-e4e2-4e50-b638-8246fd0e093e" ,
"referenced_uuid" : "a10931bb-7045-47ad-bc16-e2684051e353" ,
"relationship_type" : "included-in" ,
"timestamp" : "1554925263" ,
"uuid" : "5cae46cf-9e18-4bc2-9aff-46cc950d210f"
} ,
{
"comment" : "" ,
"object_uuid" : "22effacf-e4e2-4e50-b638-8246fd0e093e" ,
"referenced_uuid" : "b2d62cb5-8052-47f2-997e-dd4238004f97" ,
2023-04-21 13:25:09 +00:00
"relationship_type" : "analysed-with" ,
2023-12-14 14:30:15 +00:00
"timestamp" : "1555061900" ,
"uuid" : "5cb05c8c-2e64-4b34-923a-205c950d210f"
}
] ,
"Attribute" : [
{
"category" : "Payload delivery" ,
"comment" : "" ,
"deleted" : false ,
"disable_correlation" : false ,
"object_relation" : "md5" ,
"timestamp" : "1554925251" ,
"to_ids" : false ,
"type" : "md5" ,
"uuid" : "048bf7ed-3af0-4f2e-b8e8-51846ce55dc3" ,
"value" : "23e27e5482e3f55bf828dab885569033"
} ,
{
"category" : "Payload delivery" ,
"comment" : "" ,
"deleted" : false ,
"disable_correlation" : false ,
"object_relation" : "sha1" ,
"timestamp" : "1554925251" ,
"to_ids" : false ,
"type" : "sha1" ,
"uuid" : "3ef11c00-bc34-4a97-8b79-a5477ba37c96" ,
"value" : "139b25e1ae32a8768238935a8c878bfbe2f89ef4"
} ,
{
"category" : "Payload delivery" ,
"comment" : "" ,
"deleted" : false ,
"disable_correlation" : false ,
"object_relation" : "sha256" ,
"timestamp" : "1554925251" ,
"to_ids" : false ,
"type" : "sha256" ,
"uuid" : "5a1868ca-d07b-46e2-9f5d-8d2701d7f966" ,
"value" : "05feed9762bc46b47a7dc5c469add9f163c16df4ddaafe81983a628da5714461"
} ,
{
"category" : "Payload delivery" ,
"comment" : "" ,
"deleted" : false ,
"disable_correlation" : false ,
"object_relation" : "sha512" ,
"timestamp" : "1554925251" ,
"to_ids" : false ,
"type" : "sha512" ,
"uuid" : "0fffbfb1-7eb7-4caa-94be-c68f85d2d892" ,
"value" : "2c481ef42dfc9a7a30575293d09a6f81943e307836ec5b8a346354ab5832c15046dd4015a65201311e33f944763fc55dd44fbe390245be5be7a216026ecfb28b"
} ,
{
"category" : "Payload delivery" ,
"comment" : "" ,
"deleted" : false ,
"disable_correlation" : false ,
"object_relation" : "ssdeep" ,
"timestamp" : "1554925251" ,
"to_ids" : false ,
"type" : "ssdeep" ,
"uuid" : "1dda2a18-029d-4eaf-9533-c3a8fb159b90" ,
"value" : "6144:YnDlYMzUvLFOL9wqk6+pqC8iooIBgajvQlm/Z0cp1:alYiXiooIKajvQeZ3"
} ,
{
"category" : "Payload delivery" ,
"comment" : "" ,
"deleted" : false ,
"disable_correlation" : true ,
"object_relation" : "filename" ,
"timestamp" : "1554925251" ,
"to_ids" : false ,
"type" : "filename" ,
"uuid" : "769cabe7-ecd6-40a0-a243-f6a719a33411" ,
"value" : "23E27E5482E3F55BF828DAB885569033"
} ,
{
"category" : "Other" ,
"comment" : "" ,
"deleted" : false ,
"disable_correlation" : true ,
"object_relation" : "size-in-bytes" ,
"timestamp" : "1554925251" ,
"to_ids" : false ,
"type" : "size-in-bytes" ,
"uuid" : "139c0157-aeeb-4349-87ef-c4f2f9b4dc92" ,
"value" : "242688"
} ,
{
"category" : "Other" ,
"comment" : "" ,
"deleted" : false ,
"disable_correlation" : true ,
"object_relation" : "entropy" ,
"timestamp" : "1554925251" ,
"to_ids" : false ,
"type" : "float" ,
"uuid" : "ddc4e984-d55e-42a0-9ac3-e97ddfb27f43" ,
"value" : "6.537337"
} ,
{
"category" : "Artifacts dropped" ,
"comment" : "" ,
"deleted" : false ,
"disable_correlation" : true ,
"object_relation" : "mimetype" ,
"timestamp" : "1554925251" ,
"to_ids" : false ,
"type" : "mime-type" ,
"uuid" : "7d5d9274-342d-475e-b284-87881cc5ee09" ,
"value" : "PE32 executable (GUI) Intel 80386, for MS Windows"
}
]
} ,
{
"comment" : "" ,
"deleted" : false ,
"description" : "Object describing a section of a Portable Executable" ,
"meta-category" : "file" ,
"name" : "pe-section" ,
"template_uuid" : "198a17d2-a135-4b25-9a32-5aa4e632014a" ,
"template_version" : "2" ,
"timestamp" : "1554925251" ,
"uuid" : "e02bda87-4522-4849-b60b-cd07a598b48f" ,
"Attribute" : [
{
"category" : "Other" ,
"comment" : "" ,
"deleted" : false ,
"disable_correlation" : true ,
"object_relation" : "entropy" ,
"timestamp" : "1554925251" ,
"to_ids" : false ,
"type" : "float" ,
"uuid" : "f37c7c4b-d577-45fd-9b5a-8e329adc6efb" ,
"value" : "0.69566"
} ,
{
"category" : "Payload delivery" ,
"comment" : "" ,
"deleted" : false ,
"disable_correlation" : false ,
"object_relation" : "md5" ,
"timestamp" : "1554925251" ,
"to_ids" : true ,
"type" : "md5" ,
"uuid" : "ac76124e-2c79-469d-9bfd-e7757a82ab72" ,
"value" : "adb596d3ceae66510778e3bf5d4d9582"
} ,
{
"category" : "Other" ,
"comment" : "" ,
"deleted" : false ,
"disable_correlation" : true ,
"object_relation" : "size-in-bytes" ,
"timestamp" : "1554925251" ,
"to_ids" : false ,
"type" : "size-in-bytes" ,
"uuid" : "2b01230e-a2b5-4db5-be8f-11385fab0af6" ,
"value" : "4096"
}
]
} ,
{
"comment" : "" ,
"deleted" : false ,
"description" : "Object describing a section of a Portable Executable" ,
"meta-category" : "file" ,
"name" : "pe-section" ,
"template_uuid" : "198a17d2-a135-4b25-9a32-5aa4e632014a" ,
"template_version" : "2" ,
"timestamp" : "1554925251" ,
"uuid" : "21bbfcf1-6d03-46ab-926e-8c513e3c9c6f" ,
"Attribute" : [
{
"category" : "Payload delivery" ,
"comment" : "" ,
"deleted" : false ,
"disable_correlation" : false ,
"object_relation" : "md5" ,
"timestamp" : "1554925251" ,
"to_ids" : true ,
"type" : "md5" ,
"uuid" : "35ecbbc7-b2c8-4899-973d-5e7aa032cff1" ,
"value" : "6453931a0b6192e0bbd6476e736ca63f"
} ,
{
"category" : "Other" ,
"comment" : "" ,
"deleted" : false ,
"disable_correlation" : true ,
"object_relation" : "entropy" ,
"timestamp" : "1554925251" ,
"to_ids" : false ,
"type" : "float" ,
"uuid" : "8f2641a0-9602-41b2-8fff-1fabf68ba6e5" ,
"value" : "6.343388"
} ,
{
"category" : "Other" ,
"comment" : "" ,
"deleted" : false ,
"disable_correlation" : true ,
"object_relation" : "name" ,
"timestamp" : "1554925251" ,
"to_ids" : false ,
"type" : "text" ,
"uuid" : "7bacab93-e050-4b5e-9f1f-faa1ef0edc7f" ,
"value" : ".text"
} ,
{
"category" : "Other" ,
"comment" : "" ,
"deleted" : false ,
"disable_correlation" : true ,
"object_relation" : "size-in-bytes" ,
"timestamp" : "1554925251" ,
"to_ids" : false ,
"type" : "size-in-bytes" ,
"uuid" : "cf5634c9-4d41-4bae-976f-90f3af3f5239" ,
"value" : "184320"
}
]
} ,
{
"comment" : "" ,
"deleted" : false ,
"description" : "Object describing a section of a Portable Executable" ,
"meta-category" : "file" ,
"name" : "pe-section" ,
"template_uuid" : "198a17d2-a135-4b25-9a32-5aa4e632014a" ,
"template_version" : "2" ,
"timestamp" : "1554925251" ,
"uuid" : "23520dbd-c625-44d0-816a-fff60adf8c08" ,
"Attribute" : [
{
"category" : "Payload delivery" ,
"comment" : "" ,
"deleted" : false ,
"disable_correlation" : false ,
"object_relation" : "md5" ,
"timestamp" : "1554925251" ,
"to_ids" : true ,
"type" : "md5" ,
"uuid" : "f28e5c61-c02f-4c96-849f-8bc5bbd65493" ,
"value" : "0ba1433cc62ba7903ada2f1e57603e83"
} ,
{
"category" : "Other" ,
"comment" : "" ,
"deleted" : false ,
"disable_correlation" : true ,
"object_relation" : "entropy" ,
"timestamp" : "1554925251" ,
"to_ids" : false ,
"type" : "float" ,
"uuid" : "d17e2071-59be-42fc-85a8-20b4ef814576" ,
"value" : "6.246206"
} ,
{
"category" : "Other" ,
"comment" : "" ,
"deleted" : false ,
"disable_correlation" : true ,
"object_relation" : "name" ,
"timestamp" : "1554925251" ,
"to_ids" : false ,
"type" : "text" ,
"uuid" : "3a25c314-d3b4-482a-ab56-5553ef8dbb97" ,
"value" : ".rdata"
} ,
{
"category" : "Other" ,
"comment" : "" ,
"deleted" : false ,
"disable_correlation" : true ,
"object_relation" : "size-in-bytes" ,
"timestamp" : "1554925251" ,
"to_ids" : false ,
"type" : "size-in-bytes" ,
"uuid" : "53662898-0a16-4d57-b8b7-0553c2fb83aa" ,
"value" : "16384"
}
]
} ,
{
"comment" : "" ,
"deleted" : false ,
"description" : "Object describing a section of a Portable Executable" ,
"meta-category" : "file" ,
"name" : "pe-section" ,
"template_uuid" : "198a17d2-a135-4b25-9a32-5aa4e632014a" ,
"template_version" : "2" ,
"timestamp" : "1554925251" ,
"uuid" : "8c51db87-a216-44c0-bd75-69239348d2a1" ,
"Attribute" : [
{
"category" : "Payload delivery" ,
"comment" : "" ,
"deleted" : false ,
"disable_correlation" : false ,
"object_relation" : "md5" ,
"timestamp" : "1554925252" ,
"to_ids" : true ,
"type" : "md5" ,
"uuid" : "95db93c0-facd-405f-8631-382bb0f6bb90" ,
"value" : "76a08265777f68f08e5e6ed2102cb31d"
} ,
{
"category" : "Other" ,
"comment" : "" ,
"deleted" : false ,
"disable_correlation" : true ,
"object_relation" : "entropy" ,
"timestamp" : "1554925252" ,
"to_ids" : false ,
"type" : "float" ,
"uuid" : "c1d0f8d4-dc5a-42fa-b143-f45763e3812f" ,
"value" : "4.050945"
} ,
{
"category" : "Other" ,
"comment" : "" ,
"deleted" : false ,
"disable_correlation" : true ,
"object_relation" : "name" ,
"timestamp" : "1554925252" ,
"to_ids" : false ,
"type" : "text" ,
"uuid" : "c0404d60-1075-4886-8265-5065d61c3412" ,
"value" : ".data"
} ,
{
"category" : "Other" ,
"comment" : "" ,
"deleted" : false ,
"disable_correlation" : true ,
"object_relation" : "size-in-bytes" ,
"timestamp" : "1554925252" ,
"to_ids" : false ,
"type" : "size-in-bytes" ,
"uuid" : "8041a49e-2e44-46bd-9cde-5aa2e51df8b6" ,
"value" : "12288"
}
]
} ,
{
"comment" : "" ,
"deleted" : false ,
"description" : "Object describing a section of a Portable Executable" ,
"meta-category" : "file" ,
"name" : "pe-section" ,
"template_uuid" : "198a17d2-a135-4b25-9a32-5aa4e632014a" ,
"template_version" : "2" ,
"timestamp" : "1554925252" ,
"uuid" : "b4eb4fd7-5fee-43e6-8ecd-63c87632d4c0" ,
"Attribute" : [
{
"category" : "Payload delivery" ,
"comment" : "" ,
"deleted" : false ,
"disable_correlation" : false ,
"object_relation" : "md5" ,
"timestamp" : "1554925252" ,
"to_ids" : true ,
"type" : "md5" ,
"uuid" : "cb311e88-2f90-47d9-89c0-f054fa6e8f5b" ,
"value" : "cb8939d6bc1cd076acd850c3850bdf78"
} ,
{
"category" : "Other" ,
"comment" : "" ,
"deleted" : false ,
"disable_correlation" : true ,
"object_relation" : "entropy" ,
"timestamp" : "1554925252" ,
"to_ids" : false ,
"type" : "float" ,
"uuid" : "51d75451-596f-46ec-b8da-a3448f8d96ec" ,
"value" : "3.289605"
} ,
{
"category" : "Other" ,
"comment" : "" ,
"deleted" : false ,
"disable_correlation" : true ,
"object_relation" : "name" ,
"timestamp" : "1554925252" ,
"to_ids" : false ,
"type" : "text" ,
"uuid" : "7f9cea95-46bb-4e9f-a65f-28c1ce230732" ,
"value" : ".rsrc"
} ,
{
"category" : "Other" ,
"comment" : "" ,
"deleted" : false ,
"disable_correlation" : true ,
"object_relation" : "size-in-bytes" ,
"timestamp" : "1554925252" ,
"to_ids" : false ,
"type" : "size-in-bytes" ,
"uuid" : "f8eb93ea-77d3-4237-8084-2bfb1d5a3ee5" ,
"value" : "4096"
}
]
} ,
{
"comment" : "" ,
"deleted" : false ,
"description" : "Object describing a Portable Executable" ,
"meta-category" : "file" ,
"name" : "pe" ,
"template_uuid" : "cf7adecc-d4f0-4e88-9d90-f978ee151a07" ,
"template_version" : "3" ,
"timestamp" : "1554925252" ,
"uuid" : "335302ab-5969-43ef-aae3-ded36c7331b5" ,
"ObjectReference" : [
{
"comment" : "" ,
"object_uuid" : "335302ab-5969-43ef-aae3-ded36c7331b5" ,
"referenced_uuid" : "e02bda87-4522-4849-b60b-cd07a598b48f" ,
"relationship_type" : "header-of" ,
"timestamp" : "1554925263" ,
"uuid" : "5cae46cf-8c18-474b-9f10-4275950d210f"
} ,
{
"comment" : "" ,
"object_uuid" : "335302ab-5969-43ef-aae3-ded36c7331b5" ,
"referenced_uuid" : "21bbfcf1-6d03-46ab-926e-8c513e3c9c6f" ,
"relationship_type" : "included-in" ,
"timestamp" : "1554925263" ,
"uuid" : "5cae46cf-de1c-4474-92ac-492e950d210f"
} ,
{
"comment" : "" ,
"object_uuid" : "335302ab-5969-43ef-aae3-ded36c7331b5" ,
"referenced_uuid" : "23520dbd-c625-44d0-816a-fff60adf8c08" ,
"relationship_type" : "included-in" ,
"timestamp" : "1554925263" ,
"uuid" : "5cae46cf-e540-4cf7-ba01-4ffc950d210f"
} ,
{
"comment" : "" ,
"object_uuid" : "335302ab-5969-43ef-aae3-ded36c7331b5" ,
"referenced_uuid" : "8c51db87-a216-44c0-bd75-69239348d2a1" ,
"relationship_type" : "included-in" ,
"timestamp" : "1554925263" ,
"uuid" : "5cae46cf-2de4-4bfe-a609-49e0950d210f"
} ,
{
"comment" : "" ,
"object_uuid" : "335302ab-5969-43ef-aae3-ded36c7331b5" ,
"referenced_uuid" : "b4eb4fd7-5fee-43e6-8ecd-63c87632d4c0" ,
"relationship_type" : "included-in" ,
"timestamp" : "1554925263" ,
"uuid" : "5cae46cf-4c58-4829-a633-46f1950d210f"
}
] ,
"Attribute" : [
{
"category" : "Payload delivery" ,
"comment" : "" ,
"deleted" : false ,
"disable_correlation" : true ,
"object_relation" : "internal-filename" ,
"timestamp" : "1554925252" ,
"to_ids" : true ,
"type" : "filename" ,
"uuid" : "3899c808-cca2-47fb-934d-9b2bdc7aec6d" ,
"value" : "5C3898AC7670DA30CF0B22075F3E8ED6"
} ,
{
"category" : "Payload delivery" ,
"comment" : "" ,
"deleted" : false ,
"disable_correlation" : true ,
"object_relation" : "original-filename" ,
"timestamp" : "1554925252" ,
"to_ids" : true ,
"type" : "filename" ,
"uuid" : "0e6c9879-7f1a-45f8-bdc0-1120d8d1488d" ,
"value" : "5C3898AC7670DA30CF0B22075F3E8ED6"
} ,
{
"category" : "Other" ,
"comment" : "" ,
"deleted" : false ,
"disable_correlation" : true ,
"object_relation" : "number-sections" ,
"timestamp" : "1554925252" ,
"to_ids" : false ,
"type" : "counter" ,
"uuid" : "8d5b0498-20b4-4199-9456-bd6dc304b198" ,
"value" : "5"
}
]
} ,
{
"comment" : "" ,
"deleted" : false ,
"description" : "File object describing a file with meta-information" ,
"meta-category" : "file" ,
"name" : "file" ,
"template_uuid" : "688c46fb-5edb-40a3-8273-1af7923e2215" ,
"template_version" : "16" ,
"timestamp" : "1555061895" ,
"uuid" : "dca04ffe-c8b2-4b22-ba30-6a1eecf47ec9" ,
"ObjectReference" : [
{
"comment" : "" ,
"object_uuid" : "dca04ffe-c8b2-4b22-ba30-6a1eecf47ec9" ,
"referenced_uuid" : "335302ab-5969-43ef-aae3-ded36c7331b5" ,
"relationship_type" : "included-in" ,
"timestamp" : "1554925263" ,
"uuid" : "5cae46cf-a4bc-4749-99c0-4363950d210f"
} ,
{
"comment" : "" ,
"object_uuid" : "dca04ffe-c8b2-4b22-ba30-6a1eecf47ec9" ,
"referenced_uuid" : "9b5d58a8-fedd-424b-9e95-1fa9dee6113b" ,
2023-04-21 13:25:09 +00:00
"relationship_type" : "connected-to" ,
2023-12-14 14:30:15 +00:00
"timestamp" : "1554925263" ,
"uuid" : "5cae46cf-7954-45ff-9082-4ff7950d210f"
} ,
{
"comment" : "" ,
"object_uuid" : "dca04ffe-c8b2-4b22-ba30-6a1eecf47ec9" ,
"referenced_uuid" : "5e64eddb-9dc7-4976-9c08-4884f931c92e" ,
2023-04-21 13:25:09 +00:00
"relationship_type" : "connected-to" ,
2023-12-14 14:30:15 +00:00
"timestamp" : "1554925263" ,
"uuid" : "5cae46cf-1f00-4ffd-afb2-4fcb950d210f"
} ,
{
"comment" : "" ,
"object_uuid" : "dca04ffe-c8b2-4b22-ba30-6a1eecf47ec9" ,
"referenced_uuid" : "e773193c-a490-442a-a41f-63e402cf3865" ,
2023-04-21 13:25:09 +00:00
"relationship_type" : "related-to" ,
2023-12-14 14:30:15 +00:00
"timestamp" : "1554925263" ,
"uuid" : "5cae46cf-cd88-4098-aaa6-448e950d210f"
} ,
{
"comment" : "" ,
"object_uuid" : "dca04ffe-c8b2-4b22-ba30-6a1eecf47ec9" ,
"referenced_uuid" : "bc976e66-b5d6-464d-9adc-0d53da3ec01a" ,
2023-04-21 13:25:09 +00:00
"relationship_type" : "related-to" ,
2023-12-14 14:30:15 +00:00
"timestamp" : "1554925264" ,
"uuid" : "5cae46d0-63bc-462e-a09b-48f4950d210f"
} ,
{
"comment" : "" ,
"object_uuid" : "dca04ffe-c8b2-4b22-ba30-6a1eecf47ec9" ,
"referenced_uuid" : "f7d0f16d-6367-4770-ae6e-db03c68a82ca" ,
2023-04-21 13:25:09 +00:00
"relationship_type" : "related-to" ,
2023-12-14 14:30:15 +00:00
"timestamp" : "1554925264" ,
"uuid" : "5cae46d0-33c0-4255-95e1-41b3950d210f"
} ,
{
"comment" : "" ,
"object_uuid" : "dca04ffe-c8b2-4b22-ba30-6a1eecf47ec9" ,
"referenced_uuid" : "03272933-d90e-4e38-87fa-5490bd1c37d8" ,
2023-04-21 13:25:09 +00:00
"relationship_type" : "dropped" ,
2023-12-14 14:30:15 +00:00
"timestamp" : "1554925264" ,
"uuid" : "5cae46d0-a3cc-46b6-aa3b-465a950d210f"
} ,
{
"comment" : "" ,
"object_uuid" : "dca04ffe-c8b2-4b22-ba30-6a1eecf47ec9" ,
"referenced_uuid" : "603e0902-44f7-4457-9d0e-6246e8fce379" ,
2023-04-21 13:25:09 +00:00
"relationship_type" : "analysed-with" ,
2023-12-14 14:30:15 +00:00
"timestamp" : "1555061900" ,
"uuid" : "5cb05c8c-a1e0-4098-b39a-205c950d210f"
}
] ,
"Attribute" : [
{
"category" : "Payload delivery" ,
"comment" : "" ,
"deleted" : false ,
"disable_correlation" : false ,
"object_relation" : "md5" ,
"timestamp" : "1554925252" ,
"to_ids" : false ,
"type" : "md5" ,
"uuid" : "cdf0476e-4050-4014-9548-57270e238bff" ,
"value" : "5c3898ac7670da30cf0b22075f3e8ed6"
} ,
{
"category" : "Payload delivery" ,
"comment" : "" ,
"deleted" : false ,
"disable_correlation" : false ,
"object_relation" : "sha1" ,
"timestamp" : "1554925252" ,
"to_ids" : false ,
"type" : "sha1" ,
"uuid" : "25c0ebd5-1011-4094-9ee3-c43e706c366f" ,
"value" : "91110c569a48b3ba92d771c5666a05781fdd6a57"
} ,
{
"category" : "Payload delivery" ,
"comment" : "" ,
"deleted" : false ,
"disable_correlation" : false ,
"object_relation" : "sha256" ,
"timestamp" : "1554925252" ,
"to_ids" : false ,
"type" : "sha256" ,
"uuid" : "1139dd4b-b129-4d50-8d07-e3400cf3475f" ,
"value" : "2151c1977b4555a1761c12f151969f8e853e26c396fa1a7b74ccbaf3a48f4525"
} ,
{
"category" : "Payload delivery" ,
"comment" : "" ,
"deleted" : false ,
"disable_correlation" : false ,
"object_relation" : "sha512" ,
"timestamp" : "1554925252" ,
"to_ids" : false ,
"type" : "sha512" ,
"uuid" : "00bb1f65-505f-4869-b4f1-2a1a84e4658b" ,
"value" : "700ec4d923cf0090f4428ac3d4d205b551c3e48368cf90d37f9831d8a57e73c73eb507d1731662321c723362c9318c3f019716991073dc9a4cc829ce01540337"
} ,
{
"category" : "Payload delivery" ,
"comment" : "" ,
"deleted" : false ,
"disable_correlation" : false ,
"object_relation" : "ssdeep" ,
"timestamp" : "1554925252" ,
"to_ids" : false ,
"type" : "ssdeep" ,
"uuid" : "fa512e18-a707-40d1-be36-8e61afa46775" ,
"value" : "3072:nKBzqEHcJw0sqz7vLFOLBAqui1mqLK1VaU9BzNRyHmdMaF0QqWN0Qjpthmu:nKg0cJ19z7vLFOLSqp0q7syHeFhnhm"
} ,
{
"category" : "Payload delivery" ,
"comment" : "" ,
"deleted" : false ,
"disable_correlation" : true ,
"object_relation" : "filename" ,
"timestamp" : "1554925252" ,
"to_ids" : false ,
"type" : "filename" ,
"uuid" : "c13e70a2-b0e8-4cb5-9e3f-ca7c096835a3" ,
"value" : "5C3898AC7670DA30CF0B22075F3E8ED6"
} ,
{
"category" : "Other" ,
"comment" : "" ,
"deleted" : false ,
"disable_correlation" : true ,
"object_relation" : "size-in-bytes" ,
"timestamp" : "1554925252" ,
"to_ids" : false ,
"type" : "size-in-bytes" ,
"uuid" : "4c8d5e1b-8575-483a-8dc7-53133d199a8e" ,
"value" : "221184"
} ,
{
"category" : "Other" ,
"comment" : "" ,
"deleted" : false ,
"disable_correlation" : true ,
"object_relation" : "entropy" ,
"timestamp" : "1554925252" ,
"to_ids" : false ,
"type" : "float" ,
"uuid" : "c4640063-6f1c-4084-8b06-866bf7f58ad3" ,
"value" : "6.346504"
} ,
{
"category" : "Artifacts dropped" ,
"comment" : "" ,
"deleted" : false ,
"disable_correlation" : true ,
"object_relation" : "mimetype" ,
"timestamp" : "1554925252" ,
"to_ids" : false ,
"type" : "mime-type" ,
"uuid" : "b437a966-9b67-4390-832e-a4cb2c36bbe9" ,
"value" : "PE32 executable (GUI) Intel 80386, for MS Windows"
}
]
} ,
{
"comment" : "" ,
"deleted" : false ,
"description" : "Whois records information for a domain name or an IP address." ,
"meta-category" : "network" ,
"name" : "whois" ,
"template_uuid" : "429faea1-34ff-47af-8a00-7c62d3be5a6a" ,
"template_version" : "10" ,
"timestamp" : "1554925252" ,
"uuid" : "3dacf4c2-9dfc-46e4-8617-4786537e8ae8" ,
"Attribute" : [
{
"category" : "Other" ,
"comment" : "" ,
"deleted" : false ,
"disable_correlation" : true ,
"object_relation" : "text" ,
"timestamp" : "1554925252" ,
"to_ids" : false ,
"type" : "text" ,
"uuid" : "82790198-9c25-4f4b-9a46-3b13150e6b81" ,
"value" : "inetnum: 197.211.208.0 - 197.211.215.255\nnetname: ZOL-16e-MOBILE-CUSTOMERS\ndescr: ZOL Customers on ZTE Mobile WiMAX Platform\ncountry: ZW\nadmin-c: BS10-AFRINIC\nadmin-c: GJ1-AFRINIC\nadmin-c: JHM1-AFRINIC\ntech-c: BS10-AFRINIC\ntech-c: GJ1-AFRINIC\ntech-c: JHM1-AFRINIC\nstatus: ASSIGNED PA\nmnt-by: LIQUID-TOL-MNT\nsource: AFRINIC # Filtered\nparent: 197.211.192.0 - 197.211.255.255\n\nperson: B Siwela\naddress: 3rd Floor Greenbridge South\naddress: Eastgate Center\naddress: R. Mugabe Road\naddress: Harare\naddress: Zimbabwe\nphone: +263774673452\nfax-no: +2634702375\nnic-hdl: BS10-AFRINIC\nmnt-by: GENERATED-DVCNVXWBH3VN3XZXTRPHOT0OJ77GUNN3-MNT\nsource: AFRINIC # Filtered\n\nperson: G Jaya\naddress: 3rd Floor Greenbridge South\naddress: Eastgate Center\naddress: R. Mugabe Road\naddress: Harare\naddress: Zimbabwe\nphone: +263773373135\nfax-no: +2634702375\nnic-hdl: GJ1-AFRINIC\nmnt-by: GENERATED-QPEEUIPPW1WPRZ5HLHRXAVHDOKWLC9UC-MNT\nsource: AFRINIC # Filtered\n\nperson: John H Mwangi\naddress: Liquid Telecom Kenya\naddress: P.O.Box 62499 - 00200\naddress: Nairobi Kenya\naddress: Nairobi, Kenya\naddress: Kenya\nphone: + 254 20 556 755"
}
]
} ,
{
"comment" : "" ,
"deleted" : false ,
"description" : "Whois records information for a domain name or an IP address." ,
"meta-category" : "network" ,
"name" : "whois" ,
"template_uuid" : "429faea1-34ff-47af-8a00-7c62d3be5a6a" ,
"template_version" : "10" ,
"timestamp" : "1554925252" ,
"uuid" : "fca17017-c7b9-4985-ae07-bf616a36f172" ,
"Attribute" : [
{
"category" : "Other" ,
"comment" : "" ,
"deleted" : false ,
"disable_correlation" : true ,
"object_relation" : "text" ,
"timestamp" : "1554925252" ,
"to_ids" : false ,
"type" : "text" ,
"uuid" : "35e253e4-588e-4e66-b8bd-fe491f62b43c" ,
"value" : "inetnum: 181.39.135.120/29\nstatus: reallocated\nowner: Clientes Guayaquil\nownerid: EC-CLGU1-LACNIC\nresponsible: Tomislav Topic\naddress: Kennedy Norte Mz. 109 Solar 21, 5, Piso 2\naddress: 5934 - Guayaquil - GY\ncountry: EC\nphone: +593 4 2680555 [101]\nowner-c: SEL\ntech-c: SEL\nabuse-c: SEL\ncreated: 20160720\nchanged: 20160720\ninetnum-up: 181.39/16\n\nnic-hdl: SEL\nperson: Carlos Montero\ne-mail: networking@TELCONET.EC\naddress: Kennedy Norte MZ, 109, Solar 21\naddress: 59342 - Guayaquil - \ncountry: EC\nphone: +593 42680555 [4601]\ncreated: 20021004\nchanged: 20170323"
}
]
} ,
{
"comment" : "" ,
"deleted" : false ,
"description" : "Whois records information for a domain name or an IP address." ,
"meta-category" : "network" ,
"name" : "whois" ,
"template_uuid" : "429faea1-34ff-47af-8a00-7c62d3be5a6a" ,
"template_version" : "10" ,
"timestamp" : "1554925252" ,
"uuid" : "16d9cbf2-43e4-4e6f-adf5-ec883d2e5091" ,
"Attribute" : [
{
"category" : "Other" ,
"comment" : "" ,
"deleted" : false ,
"disable_correlation" : true ,
"object_relation" : "text" ,
"timestamp" : "1554925252" ,
"to_ids" : false ,
"type" : "text" ,
"uuid" : "45b63232-b1a0-4e64-ab06-b46e02bcb55a" ,
"value" : "inetnum: 112.160.0.0 - 112.191.255.255\nnetname: KORNET\ndescr: Korea Telecom\nadmin-c: IM667-AP\ntech-c: IM667-AP\ncountry: KR\nstatus: ALLOCATED PORTABLE\nmnt-by: MNT-KRNIC-AP\nmnt-irt: IRT-KRNIC-KR\nlast-modified: 2017-02-03T02:21:58Z\nsource: APNIC\n\nirt: IRT-KRNIC-KR\naddress: Seocho-ro 398, Seocho-gu, Seoul, Korea\ne-mail: hostmaster@nic.or.kr\nabuse-mailbox: hostmaster@nic.or.kr\nadmin-c: IM574-AP\ntech-c: IM574-AP\nauth: # Filtered\nmnt-by: MNT-KRNIC-AP\nlast-modified: 2017-10-19T07:36:36Z\nsource: APNIC\n\nperson: IP Manager\naddress: Gyeonggi-do Bundang-gu, Seongnam-si Buljeong-ro 90\ncountry: KR\nphone: +82-2-500-6630\ne-mail: kornet_ip@kt.com\nnic-hdl: IM667-AP\nmnt-by: MNT-KRNIC-AP\nlast-modified: 2017-03-28T06:37:04Z\nsource: APNIC"
}
]
} ,
{
"comment" : "" ,
"deleted" : false ,
"description" : "Whois records information for a domain name or an IP address." ,
"meta-category" : "network" ,
"name" : "whois" ,
"template_uuid" : "429faea1-34ff-47af-8a00-7c62d3be5a6a" ,
"template_version" : "10" ,
"timestamp" : "1554925252" ,
"uuid" : "2c63c35f-d552-4324-a60b-ecf98f7cfd99" ,
"Attribute" : [
{
"category" : "Other" ,
"comment" : "" ,
"deleted" : false ,
"disable_correlation" : true ,
"object_relation" : "text" ,
"timestamp" : "1554925252" ,
"to_ids" : false ,
"type" : "text" ,
"uuid" : "e7ab133f-dd4d-47ae-9a68-6127ff4539ae" ,
"value" : "inetnum: 81.94.192.0 - 81.94.192.255\nnetname: IOMARTHOSTING\ndescr: iomart Hosting Limited\ncountry: GB\nadmin-c: RA1415-RIPE\ntech-c: RA1415-RIPE\nstatus: ASSIGNED PA\nremarks: ABUSE REPORTS: abuse@redstation.com\nmnt-by: REDSTATION-MNT\nmnt-domains: REDSTATION-MNT\nmnt-routes: REDSTATION-MNT\ncreated: 2016-02-14T11:44:25Z\nlast-modified: 2016-02-14T11:44:25Z\nsource: RIPE\n\nrole: Redstation Admin Role\naddress: Redstation Limited\naddress: 2 Frater Gate Business Park\naddress: Aerodrome Road\naddress: Gosport\naddress: Hampshire\naddress: PO13 0GW\naddress: UNITED KINGDOM\nabuse-mailbox: abuse@redstation.com\ne-mail: abuse@redstation.com\nnic-hdl: RA1415-RIPE\nmnt-by: REDSTATION-MNT\ncreated: 2005-04-22T17:34:33Z\nlast-modified: 2017-05-02T09:47:13Z\nsource: RIPE\n\n% Information related to '81.94.192.0/24AS20860'\n\nroute: 81.94.192.0/24\ndescr: Wayne Dalton - Redstation Ltd\norigin: AS20860\nmnt-by: GB10488-RIPE-MNT\ncreated: 2015-11-03T12:58:00Z\nlast-modified: 2015-11-03T12:58:00Z\nsource: RIPE"
}
]
} ,
{
"comment" : "" ,
"deleted" : false ,
"description" : "File object describing a file with meta-information" ,
"meta-category" : "file" ,
"name" : "file" ,
"template_uuid" : "688c46fb-5edb-40a3-8273-1af7923e2215" ,
"template_version" : "16" ,
"timestamp" : "1555061895" ,
"uuid" : "f7d0f16d-6367-4770-ae6e-db03c68a82ca" ,
"ObjectReference" : [
{
"comment" : "" ,
"object_uuid" : "f7d0f16d-6367-4770-ae6e-db03c68a82ca" ,
"referenced_uuid" : "ec166754-a5ff-4729-ac26-ac79ce02133c" ,
2023-04-21 13:25:09 +00:00
"relationship_type" : "dropped-by" ,
2023-12-14 14:30:15 +00:00
"timestamp" : "1554925264" ,
"uuid" : "5cae46d0-03ac-48f2-a1ff-4fd3950d210f"
} ,
{
"comment" : "" ,
"object_uuid" : "f7d0f16d-6367-4770-ae6e-db03c68a82ca" ,
"referenced_uuid" : "ebf0b816-7fdf-425a-8298-134f91e7cdf2" ,
2023-04-21 13:25:09 +00:00
"relationship_type" : "related-to" ,
2023-12-14 14:30:15 +00:00
"timestamp" : "1554925264" ,
"uuid" : "5cae46d0-f950-4df2-b5b2-4a19950d210f"
} ,
{
"comment" : "" ,
"object_uuid" : "f7d0f16d-6367-4770-ae6e-db03c68a82ca" ,
"referenced_uuid" : "dca04ffe-c8b2-4b22-ba30-6a1eecf47ec9" ,
2023-04-21 13:25:09 +00:00
"relationship_type" : "related-to" ,
2023-12-14 14:30:15 +00:00
"timestamp" : "1554925264" ,
"uuid" : "5cae46d0-c17c-461f-8683-4744950d210f"
} ,
{
"comment" : "" ,
"object_uuid" : "f7d0f16d-6367-4770-ae6e-db03c68a82ca" ,
"referenced_uuid" : "ec166754-a5ff-4729-ac26-ac79ce02133c" ,
2023-04-21 13:25:09 +00:00
"relationship_type" : "related-to" ,
2023-12-14 14:30:15 +00:00
"timestamp" : "1554925264" ,
"uuid" : "5cae46d0-acb8-4978-bdde-49ec950d210f"
} ,
{
"comment" : "" ,
"object_uuid" : "f7d0f16d-6367-4770-ae6e-db03c68a82ca" ,
"referenced_uuid" : "6c10ee1b-a1c9-414d-92cc-8574decc8af4" ,
2023-04-21 13:25:09 +00:00
"relationship_type" : "related-to" ,
2023-12-14 14:30:15 +00:00
"timestamp" : "1554925264" ,
"uuid" : "5cae46d0-6a58-4c63-afbf-4c06950d210f"
} ,
{
"comment" : "" ,
"object_uuid" : "f7d0f16d-6367-4770-ae6e-db03c68a82ca" ,
"referenced_uuid" : "c8b6f1f2-e727-4120-8d78-62dabe459c41" ,
2023-04-21 13:25:09 +00:00
"relationship_type" : "analysed-with" ,
2023-12-14 14:30:15 +00:00
"timestamp" : "1555061900" ,
"uuid" : "5cb05c8c-a72c-43b5-9c14-205c950d210f"
}
] ,
"Attribute" : [
{
"category" : "Payload delivery" ,
"comment" : "" ,
"deleted" : false ,
"disable_correlation" : false ,
"object_relation" : "md5" ,
"timestamp" : "1554925253" ,
"to_ids" : false ,
"type" : "md5" ,
"uuid" : "ee2e0010-ee06-40a8-884d-f0a403d0b805" ,
"value" : "ae829f55db0198a0a36b227addcdeeff"
} ,
{
"category" : "Payload delivery" ,
"comment" : "" ,
"deleted" : false ,
"disable_correlation" : false ,
"object_relation" : "sha1" ,
"timestamp" : "1554925253" ,
"to_ids" : false ,
"type" : "sha1" ,
"uuid" : "b3af9b7a-11ca-4ed0-acc9-9b1da53ea14c" ,
"value" : "04833210fa57ea70a209520f4f2a99d049e537f2"
} ,
{
"category" : "Payload delivery" ,
"comment" : "" ,
"deleted" : false ,
"disable_correlation" : false ,
"object_relation" : "sha256" ,
"timestamp" : "1554925253" ,
"to_ids" : false ,
"type" : "sha256" ,
"uuid" : "27c242f1-2841-4a08-93c1-28463ccf0f1e" ,
"value" : "70902623c9cd0cccc8513850072b70732d02c266c7b7e96d2d5b2ed4f5edc289"
} ,
{
"category" : "Payload delivery" ,
"comment" : "" ,
"deleted" : false ,
"disable_correlation" : false ,
"object_relation" : "sha512" ,
"timestamp" : "1554925253" ,
"to_ids" : false ,
"type" : "sha512" ,
"uuid" : "2ef774ea-239a-48dc-b79c-02dd2ba3956d" ,
"value" : "1b4509102ac734ce310b6f8631b1bedd772a38582b4feda9fee09f1edd096006cf5ba528435c844effa97f95984b07bd2c111aa480bb22f4bcfbc751f069868d"
} ,
{
"category" : "Payload delivery" ,
"comment" : "" ,
"deleted" : false ,
"disable_correlation" : false ,
"object_relation" : "ssdeep" ,
"timestamp" : "1554925253" ,
"to_ids" : false ,
"type" : "ssdeep" ,
"uuid" : "61d832eb-7422-443a-a812-bbc7a736681b" ,
"value" : "3:ElclFUl8GlFcmzkXIil23X1ll:ElcUXmQkXQ3"
} ,
{
"category" : "Payload delivery" ,
"comment" : "" ,
"deleted" : false ,
"disable_correlation" : true ,
"object_relation" : "filename" ,
"timestamp" : "1554925253" ,
"to_ids" : false ,
"type" : "filename" ,
"uuid" : "ce874dbb-edd6-4ac8-a8c0-8b8580177674" ,
"value" : "udbcgiut.dat"
} ,
{
"category" : "Other" ,
"comment" : "" ,
"deleted" : false ,
"disable_correlation" : true ,
"object_relation" : "size-in-bytes" ,
"timestamp" : "1554925253" ,
"to_ids" : false ,
"type" : "size-in-bytes" ,
"uuid" : "75bde2bb-8388-46b0-9937-696d17f3cddf" ,
"value" : "1171"
} ,
{
"category" : "Other" ,
"comment" : "" ,
"deleted" : false ,
"disable_correlation" : true ,
"object_relation" : "entropy" ,
"timestamp" : "1554925253" ,
"to_ids" : false ,
"type" : "float" ,
"uuid" : "92b48b66-3ea9-4cab-900e-108023c1813d" ,
"value" : "0.395693"
} ,
{
"category" : "Artifacts dropped" ,
"comment" : "" ,
"deleted" : false ,
"disable_correlation" : true ,
"object_relation" : "mimetype" ,
"timestamp" : "1554925253" ,
"to_ids" : false ,
"type" : "mime-type" ,
"uuid" : "35b6a34c-6ee2-49e7-a16b-330f6c0022fd" ,
"value" : "data"
}
]
} ,
{
"comment" : "" ,
"deleted" : false ,
"description" : "Object describing a section of a Portable Executable" ,
"meta-category" : "file" ,
"name" : "pe-section" ,
"template_uuid" : "198a17d2-a135-4b25-9a32-5aa4e632014a" ,
"template_version" : "2" ,
"timestamp" : "1554925253" ,
"uuid" : "d7d9f6b7-4b64-49a9-843a-a675d8130f4b" ,
"Attribute" : [
{
"category" : "Other" ,
"comment" : "" ,
"deleted" : false ,
"disable_correlation" : true ,
"object_relation" : "entropy" ,
"timestamp" : "1554925253" ,
"to_ids" : false ,
"type" : "float" ,
"uuid" : "1f81d0b9-4e31-4c6a-bd10-80c9785ee32e" ,
"value" : "2.625229"
} ,
{
"category" : "Payload delivery" ,
"comment" : "" ,
"deleted" : false ,
"disable_correlation" : false ,
"object_relation" : "md5" ,
"timestamp" : "1554925253" ,
"to_ids" : true ,
"type" : "md5" ,
"uuid" : "37634b09-9c3d-45d6-8005-444aa186e704" ,
"value" : "64cb3246aafa83129f7fd6b25d572a9f"
} ,
{
"category" : "Other" ,
"comment" : "" ,
"deleted" : false ,
"disable_correlation" : true ,
"object_relation" : "size-in-bytes" ,
"timestamp" : "1554925253" ,
"to_ids" : false ,
"type" : "size-in-bytes" ,
"uuid" : "0a15b2f9-e41c-4482-ae9d-af5bdd042ab1" ,
"value" : "1024"
}
]
} ,
{
"comment" : "" ,
"deleted" : false ,
"description" : "Object describing a section of a Portable Executable" ,
"meta-category" : "file" ,
"name" : "pe-section" ,
"template_uuid" : "198a17d2-a135-4b25-9a32-5aa4e632014a" ,
"template_version" : "2" ,
"timestamp" : "1554925253" ,
"uuid" : "b6b3a355-04df-468c-b334-3553062b12c7" ,
"Attribute" : [
{
"category" : "Payload delivery" ,
"comment" : "" ,
"deleted" : false ,
"disable_correlation" : false ,
"object_relation" : "md5" ,
"timestamp" : "1554925253" ,
"to_ids" : true ,
"type" : "md5" ,
"uuid" : "258993a2-b254-4071-b133-cb5dde33da2e" ,
"value" : "e8c15e136370c12020eb23545085b9f6"
} ,
{
"category" : "Other" ,
"comment" : "" ,
"deleted" : false ,
"disable_correlation" : true ,
"object_relation" : "entropy" ,
"timestamp" : "1554925253" ,
"to_ids" : false ,
"type" : "float" ,
"uuid" : "b6d6ca82-504b-4c7d-b143-600efa72354d" ,
"value" : "6.431942"
} ,
{
"category" : "Other" ,
"comment" : "" ,
"deleted" : false ,
"disable_correlation" : true ,
"object_relation" : "name" ,
"timestamp" : "1554925253" ,
"to_ids" : false ,
"type" : "text" ,
"uuid" : "c81e9ee1-deb7-4ba8-bf6c-166939c37b5d" ,
"value" : ".text"
} ,
{
"category" : "Other" ,
"comment" : "" ,
"deleted" : false ,
"disable_correlation" : true ,
"object_relation" : "size-in-bytes" ,
"timestamp" : "1554925253" ,
"to_ids" : false ,
"type" : "size-in-bytes" ,
"uuid" : "6a19d2df-7ce7-4818-b01a-f40617f79ba9" ,
"value" : "196096"
}
]
} ,
{
"comment" : "" ,
"deleted" : false ,
"description" : "Object describing a section of a Portable Executable" ,
"meta-category" : "file" ,
"name" : "pe-section" ,
"template_uuid" : "198a17d2-a135-4b25-9a32-5aa4e632014a" ,
"template_version" : "2" ,
"timestamp" : "1554925253" ,
"uuid" : "99a21cae-aca7-4dc5-a057-c31d995c3de7" ,
"Attribute" : [
{
"category" : "Payload delivery" ,
"comment" : "" ,
"deleted" : false ,
"disable_correlation" : false ,
"object_relation" : "md5" ,
"timestamp" : "1554925253" ,
"to_ids" : true ,
"type" : "md5" ,
"uuid" : "597380cc-7507-4998-b3a8-45dd517520dd" ,
"value" : "cf0eb4ad22ac1ca687b87a0094999ac8"
} ,
{
"category" : "Other" ,
"comment" : "" ,
"deleted" : false ,
"disable_correlation" : true ,
"object_relation" : "entropy" ,
"timestamp" : "1554925253" ,
"to_ids" : false ,
"type" : "float" ,
"uuid" : "3d0b10a1-d06f-49ba-a9dc-7290e8750906" ,
"value" : "5.990247"
} ,
{
"category" : "Other" ,
"comment" : "" ,
"deleted" : false ,
"disable_correlation" : true ,
"object_relation" : "name" ,
"timestamp" : "1554925253" ,
"to_ids" : false ,
"type" : "text" ,
"uuid" : "7d0c309a-d05b-4889-87b8-45f628def06c" ,
"value" : ".rdata"
} ,
{
"category" : "Other" ,
"comment" : "" ,
"deleted" : false ,
"disable_correlation" : true ,
"object_relation" : "size-in-bytes" ,
"timestamp" : "1554925253" ,
"to_ids" : false ,
"type" : "size-in-bytes" ,
"uuid" : "7655cba8-e280-43fb-b777-6b972ec4e8df" ,
"value" : "26624"
}
]
} ,
{
"comment" : "" ,
"deleted" : false ,
"description" : "Object describing a section of a Portable Executable" ,
"meta-category" : "file" ,
"name" : "pe-section" ,
"template_uuid" : "198a17d2-a135-4b25-9a32-5aa4e632014a" ,
"template_version" : "2" ,
"timestamp" : "1554925253" ,
"uuid" : "81b7d5fc-2afa-4313-b589-1773e410cd85" ,
"Attribute" : [
{
"category" : "Payload delivery" ,
"comment" : "" ,
"deleted" : false ,
"disable_correlation" : false ,
"object_relation" : "md5" ,
"timestamp" : "1554925253" ,
"to_ids" : true ,
"type" : "md5" ,
"uuid" : "86206141-3aa8-4886-8e2a-3222156bb54e" ,
"value" : "b246681e20b3c8ff43e1fcf6c0335287"
} ,
{
"category" : "Other" ,
"comment" : "" ,
"deleted" : false ,
"disable_correlation" : true ,
"object_relation" : "entropy" ,
"timestamp" : "1554925253" ,
"to_ids" : false ,
"type" : "float" ,
"uuid" : "cf0de307-928e-41b2-899f-df59d845d57a" ,
"value" : "4.116777"
} ,
{
"category" : "Other" ,
"comment" : "" ,
"deleted" : false ,
"disable_correlation" : true ,
"object_relation" : "name" ,
"timestamp" : "1554925253" ,
"to_ids" : false ,
"type" : "text" ,
"uuid" : "2a18117d-c785-41a1-9892-4ddc3bc79b92" ,
"value" : ".data"
} ,
{
"category" : "Other" ,
"comment" : "" ,
"deleted" : false ,
"disable_correlation" : true ,
"object_relation" : "size-in-bytes" ,
"timestamp" : "1554925253" ,
"to_ids" : false ,
"type" : "size-in-bytes" ,
"uuid" : "5273e830-5273-4de5-bea8-0ba4505390e5" ,
"value" : "8192"
}
]
} ,
{
"comment" : "" ,
"deleted" : false ,
"description" : "Object describing a section of a Portable Executable" ,
"meta-category" : "file" ,
"name" : "pe-section" ,
"template_uuid" : "198a17d2-a135-4b25-9a32-5aa4e632014a" ,
"template_version" : "2" ,
"timestamp" : "1554925253" ,
"uuid" : "b0039524-0831-4150-9367-0c01132e1f6d" ,
"Attribute" : [
{
"category" : "Payload delivery" ,
"comment" : "" ,
"deleted" : false ,
"disable_correlation" : false ,
"object_relation" : "md5" ,
"timestamp" : "1554925253" ,
"to_ids" : true ,
"type" : "md5" ,
"uuid" : "0c0c80fe-1642-485b-983a-19f311bcc4f9" ,
"value" : "6545248a1e3449e95314cbc874837096"
} ,
{
"category" : "Other" ,
"comment" : "" ,
"deleted" : false ,
"disable_correlation" : true ,
"object_relation" : "entropy" ,
"timestamp" : "1554925253" ,
"to_ids" : false ,
"type" : "float" ,
"uuid" : "6410bfcc-e96b-4d8d-8111-d6652828a391" ,
"value" : "5.112624"
} ,
{
"category" : "Other" ,
"comment" : "" ,
"deleted" : false ,
"disable_correlation" : true ,
"object_relation" : "name" ,
"timestamp" : "1554925254" ,
"to_ids" : false ,
"type" : "text" ,
"uuid" : "1afb96a6-68c2-43bf-ba04-abab50a34d9c" ,
"value" : ".rsrc"
} ,
{
"category" : "Other" ,
"comment" : "" ,
"deleted" : false ,
"disable_correlation" : true ,
"object_relation" : "size-in-bytes" ,
"timestamp" : "1554925254" ,
"to_ids" : false ,
"type" : "size-in-bytes" ,
"uuid" : "98c12a6a-6401-44ce-98c3-e3e07ac92d6c" ,
"value" : "512"
}
]
} ,
{
"comment" : "" ,
"deleted" : false ,
"description" : "Object describing a section of a Portable Executable" ,
"meta-category" : "file" ,
"name" : "pe-section" ,
"template_uuid" : "198a17d2-a135-4b25-9a32-5aa4e632014a" ,
"template_version" : "2" ,
"timestamp" : "1554925254" ,
"uuid" : "dbc2c668-6778-40ee-a1d2-0a8eed89d382" ,
"Attribute" : [
{
"category" : "Payload delivery" ,
"comment" : "" ,
"deleted" : false ,
"disable_correlation" : false ,
"object_relation" : "md5" ,
"timestamp" : "1554925254" ,
"to_ids" : true ,
"type" : "md5" ,
"uuid" : "3893e4f3-e5a9-45c5-b83c-247b16b3d1de" ,
"value" : "31a7ab6f707799d327b8425f6693c220"
} ,
{
"category" : "Other" ,
"comment" : "" ,
"deleted" : false ,
"disable_correlation" : true ,
"object_relation" : "entropy" ,
"timestamp" : "1554925254" ,
"to_ids" : false ,
"type" : "float" ,
"uuid" : "3f641459-6fb8-4335-a615-d74c599119fc" ,
"value" : "5.176231"
} ,
{
"category" : "Other" ,
"comment" : "" ,
"deleted" : false ,
"disable_correlation" : true ,
"object_relation" : "name" ,
"timestamp" : "1554925254" ,
"to_ids" : false ,
"type" : "text" ,
"uuid" : "2ed36d70-6684-4085-812c-1a0d0f194ca8" ,
"value" : ".reloc"
} ,
{
"category" : "Other" ,
"comment" : "" ,
"deleted" : false ,
"disable_correlation" : true ,
"object_relation" : "size-in-bytes" ,
"timestamp" : "1554925254" ,
"to_ids" : false ,
"type" : "size-in-bytes" ,
"uuid" : "501634fd-b6bd-48fc-b476-269bb07d6134" ,
"value" : "8704"
}
]
} ,
{
"comment" : "" ,
"deleted" : false ,
"description" : "Object describing a Portable Executable" ,
"meta-category" : "file" ,
"name" : "pe" ,
"template_uuid" : "cf7adecc-d4f0-4e88-9d90-f978ee151a07" ,
"template_version" : "3" ,
"timestamp" : "1554925254" ,
"uuid" : "d047f984-e129-4e7d-95f7-b3883eb4d380" ,
"ObjectReference" : [
{
"comment" : "" ,
"object_uuid" : "d047f984-e129-4e7d-95f7-b3883eb4d380" ,
"referenced_uuid" : "d7d9f6b7-4b64-49a9-843a-a675d8130f4b" ,
"relationship_type" : "header-of" ,
"timestamp" : "1554925264" ,
"uuid" : "5cae46d0-c940-4eb8-9042-4120950d210f"
} ,
{
"comment" : "" ,
"object_uuid" : "d047f984-e129-4e7d-95f7-b3883eb4d380" ,
"referenced_uuid" : "b6b3a355-04df-468c-b334-3553062b12c7" ,
"relationship_type" : "included-in" ,
"timestamp" : "1554925264" ,
"uuid" : "5cae46d0-817c-4b6c-84ba-4d87950d210f"
} ,
{
"comment" : "" ,
"object_uuid" : "d047f984-e129-4e7d-95f7-b3883eb4d380" ,
"referenced_uuid" : "99a21cae-aca7-4dc5-a057-c31d995c3de7" ,
"relationship_type" : "included-in" ,
"timestamp" : "1554925264" ,
"uuid" : "5cae46d0-b8c4-482c-a64e-45ab950d210f"
} ,
{
"comment" : "" ,
"object_uuid" : "d047f984-e129-4e7d-95f7-b3883eb4d380" ,
"referenced_uuid" : "81b7d5fc-2afa-4313-b589-1773e410cd85" ,
"relationship_type" : "included-in" ,
"timestamp" : "1554925264" ,
"uuid" : "5cae46d0-0944-41e2-a0e9-44a1950d210f"
} ,
{
"comment" : "" ,
"object_uuid" : "d047f984-e129-4e7d-95f7-b3883eb4d380" ,
"referenced_uuid" : "b0039524-0831-4150-9367-0c01132e1f6d" ,
"relationship_type" : "included-in" ,
"timestamp" : "1554925264" ,
"uuid" : "5cae46d0-deac-4451-92f5-461e950d210f"
} ,
{
"comment" : "" ,
"object_uuid" : "d047f984-e129-4e7d-95f7-b3883eb4d380" ,
"referenced_uuid" : "dbc2c668-6778-40ee-a1d2-0a8eed89d382" ,
"relationship_type" : "included-in" ,
"timestamp" : "1554925264" ,
"uuid" : "5cae46d0-16dc-4790-afb4-4028950d210f"
}
] ,
"Attribute" : [
{
"category" : "Payload delivery" ,
"comment" : "" ,
"deleted" : false ,
"disable_correlation" : true ,
"object_relation" : "internal-filename" ,
"timestamp" : "1554925254" ,
"to_ids" : true ,
"type" : "filename" ,
"uuid" : "50641979-14b0-498e-a7a4-8d2376977453" ,
"value" : "C5DC53A540ABE95E02008A04A0D56D6C"
} ,
{
"category" : "Payload delivery" ,
"comment" : "" ,
"deleted" : false ,
"disable_correlation" : true ,
"object_relation" : "original-filename" ,
"timestamp" : "1554925254" ,
"to_ids" : true ,
"type" : "filename" ,
"uuid" : "2a11aba2-1f33-4e62-9e1a-08c66918a676" ,
"value" : "C5DC53A540ABE95E02008A04A0D56D6C"
} ,
{
"category" : "Other" ,
"comment" : "" ,
"deleted" : false ,
"disable_correlation" : true ,
"object_relation" : "number-sections" ,
"timestamp" : "1554925254" ,
"to_ids" : false ,
"type" : "counter" ,
"uuid" : "fe87e1ef-a961-462c-bd1a-d2b6db9d872c" ,
"value" : "6"
}
]
} ,
{
"comment" : "" ,
"deleted" : false ,
"description" : "File object describing a file with meta-information" ,
"meta-category" : "file" ,
"name" : "file" ,
"template_uuid" : "688c46fb-5edb-40a3-8273-1af7923e2215" ,
"template_version" : "16" ,
"timestamp" : "1555061895" ,
"uuid" : "e245ed73-c585-4e0b-9190-38647d7f215d" ,
"ObjectReference" : [
{
"comment" : "" ,
"object_uuid" : "e245ed73-c585-4e0b-9190-38647d7f215d" ,
"referenced_uuid" : "d047f984-e129-4e7d-95f7-b3883eb4d380" ,
"relationship_type" : "included-in" ,
"timestamp" : "1554925264" ,
"uuid" : "5cae46d0-8e6c-40f1-b56f-4ec9950d210f"
} ,
{
"comment" : "" ,
"object_uuid" : "e245ed73-c585-4e0b-9190-38647d7f215d" ,
"referenced_uuid" : "42d5dff2-e1f0-428f-a415-b83a757b7768" ,
2023-04-21 13:25:09 +00:00
"relationship_type" : "analysed-with" ,
2023-12-14 14:30:15 +00:00
"timestamp" : "1555061900" ,
"uuid" : "5cb05c8c-9720-4de6-a0c2-205c950d210f"
}
] ,
"Attribute" : [
{
"category" : "Payload delivery" ,
"comment" : "" ,
"deleted" : false ,
"disable_correlation" : false ,
"object_relation" : "md5" ,
"timestamp" : "1554925254" ,
"to_ids" : false ,
"type" : "md5" ,
"uuid" : "1cd4ccb8-0842-409c-be7b-37a0f8ca52a3" ,
"value" : "c5dc53a540abe95e02008a04a0d56d6c"
} ,
{
"category" : "Payload delivery" ,
"comment" : "" ,
"deleted" : false ,
"disable_correlation" : false ,
"object_relation" : "sha1" ,
"timestamp" : "1554925254" ,
"to_ids" : false ,
"type" : "sha1" ,
"uuid" : "bab92836-90a7-4a83-a45e-c4bed9ca5927" ,
"value" : "4cfe9e353b1a91a2add627873846a3ad912ea96b"
} ,
{
"category" : "Payload delivery" ,
"comment" : "" ,
"deleted" : false ,
"disable_correlation" : false ,
"object_relation" : "sha256" ,
"timestamp" : "1554925254" ,
"to_ids" : false ,
"type" : "sha256" ,
"uuid" : "c7d291b8-3438-4050-8672-8dc55674a09a" ,
"value" : "4c372df691fc699552f81c3d3937729f1dde2a2393f36c92ccc2bd2a033a0818"
} ,
{
"category" : "Payload delivery" ,
"comment" : "" ,
"deleted" : false ,
"disable_correlation" : false ,
"object_relation" : "sha512" ,
"timestamp" : "1554925254" ,
"to_ids" : false ,
"type" : "sha512" ,
"uuid" : "9b701495-4200-49a4-8cfd-f3b9e5fca5b5" ,
"value" : "fc33c99facfbc98d164e63167353bdcff7c1704810e4bb64f7e56812412d84099b224086c04aea66e321cd546d8cf6f14196f5b58d5e931c68064d659c33b6a2"
} ,
{
"category" : "Payload delivery" ,
"comment" : "" ,
"deleted" : false ,
"disable_correlation" : false ,
"object_relation" : "ssdeep" ,
"timestamp" : "1554925254" ,
"to_ids" : false ,
"type" : "ssdeep" ,
"uuid" : "286fe58a-dce9-44c1-8ea0-ba9a26557948" ,
"value" : "6144:LA5cWD93YuzTvLFOLoqbWbnuX7ZEAV6efA/Pawzq:Xc93YbLZEAV6mX"
} ,
{
"category" : "Payload delivery" ,
"comment" : "" ,
"deleted" : false ,
"disable_correlation" : true ,
"object_relation" : "filename" ,
"timestamp" : "1554925254" ,
"to_ids" : false ,
"type" : "filename" ,
"uuid" : "9c8564f5-380a-4305-b83d-e1f28c6104f9" ,
"value" : "C5DC53A540ABE95E02008A04A0D56D6C"
} ,
{
"category" : "Other" ,
"comment" : "" ,
"deleted" : false ,
"disable_correlation" : true ,
"object_relation" : "size-in-bytes" ,
"timestamp" : "1554925254" ,
"to_ids" : false ,
"type" : "size-in-bytes" ,
"uuid" : "a9f20cf4-066d-4dfe-b9a8-f49c71564635" ,
"value" : "241152"
} ,
{
"category" : "Other" ,
"comment" : "" ,
"deleted" : false ,
"disable_correlation" : true ,
"object_relation" : "entropy" ,
"timestamp" : "1554925254" ,
"to_ids" : false ,
"type" : "float" ,
"uuid" : "d370b25a-a1cd-4fe8-af9a-687d136b6706" ,
"value" : "6.534884"
} ,
{
"category" : "Artifacts dropped" ,
"comment" : "" ,
"deleted" : false ,
"disable_correlation" : true ,
"object_relation" : "mimetype" ,
"timestamp" : "1554925254" ,
"to_ids" : false ,
"type" : "mime-type" ,
"uuid" : "0e531f16-9dfe-4cb5-93c5-5fa3a7c8cdef" ,
"value" : "PE32 executable (GUI) Intel 80386, for MS Windows"
}
]
} ,
{
"comment" : "" ,
"deleted" : false ,
"description" : "Object describing a section of a Portable Executable" ,
"meta-category" : "file" ,
"name" : "pe-section" ,
"template_uuid" : "198a17d2-a135-4b25-9a32-5aa4e632014a" ,
"template_version" : "2" ,
"timestamp" : "1554925254" ,
"uuid" : "08b33dc6-0d4c-4441-85b9-19177bfce17f" ,
"Attribute" : [
{
"category" : "Other" ,
"comment" : "" ,
"deleted" : false ,
"disable_correlation" : true ,
"object_relation" : "entropy" ,
"timestamp" : "1554925254" ,
"to_ids" : false ,
"type" : "float" ,
"uuid" : "f00fe537-cd14-47b8-b6df-b8d7ccb8e6d4" ,
"value" : "2.658486"
} ,
{
"category" : "Payload delivery" ,
"comment" : "" ,
"deleted" : false ,
"disable_correlation" : false ,
"object_relation" : "md5" ,
"timestamp" : "1554925254" ,
"to_ids" : true ,
"type" : "md5" ,
"uuid" : "24e2ea0e-520b-4a6b-b877-9d2f01ed84b2" ,
"value" : "59b5d567b9b7b9da0ca0936675fd95fe"
} ,
{
"category" : "Other" ,
"comment" : "" ,
"deleted" : false ,
"disable_correlation" : true ,
"object_relation" : "size-in-bytes" ,
"timestamp" : "1554925254" ,
"to_ids" : false ,
"type" : "size-in-bytes" ,
"uuid" : "7e807666-5bbb-4405-ac7a-4bef7a82fb39" ,
"value" : "1024"
}
]
} ,
{
"comment" : "" ,
"deleted" : false ,
"description" : "Object describing a section of a Portable Executable" ,
"meta-category" : "file" ,
"name" : "pe-section" ,
"template_uuid" : "198a17d2-a135-4b25-9a32-5aa4e632014a" ,
"template_version" : "2" ,
"timestamp" : "1554925254" ,
"uuid" : "cf24fa43-ec76-41ac-a2c9-c76a86ccd334" ,
"Attribute" : [
{
"category" : "Payload delivery" ,
"comment" : "" ,
"deleted" : false ,
"disable_correlation" : false ,
"object_relation" : "md5" ,
"timestamp" : "1554925254" ,
"to_ids" : true ,
"type" : "md5" ,
"uuid" : "c02b02bf-849a-4907-b494-430749daae3a" ,
"value" : "c0b6929e0f01a7b61bde3d7400a801e0"
} ,
{
"category" : "Other" ,
"comment" : "" ,
"deleted" : false ,
"disable_correlation" : true ,
"object_relation" : "entropy" ,
"timestamp" : "1554925254" ,
"to_ids" : false ,
"type" : "float" ,
"uuid" : "4d8fa4ef-96e9-45d2-8bde-428a80c7ccb5" ,
"value" : "6.470188"
} ,
{
"category" : "Other" ,
"comment" : "" ,
"deleted" : false ,
"disable_correlation" : true ,
"object_relation" : "name" ,
"timestamp" : "1554925254" ,
"to_ids" : false ,
"type" : "text" ,
"uuid" : "efcc600f-6886-45e6-84d3-aad00c22a98d" ,
"value" : ".text"
} ,
{
"category" : "Other" ,
"comment" : "" ,
"deleted" : false ,
"disable_correlation" : true ,
"object_relation" : "size-in-bytes" ,
"timestamp" : "1554925254" ,
"to_ids" : false ,
"type" : "size-in-bytes" ,
"uuid" : "bb55c1f6-41dc-4ed7-9a69-3da4204317dc" ,
"value" : "218624"
}
]
} ,
{
"comment" : "" ,
"deleted" : false ,
"description" : "Object describing a section of a Portable Executable" ,
"meta-category" : "file" ,
"name" : "pe-section" ,
"template_uuid" : "198a17d2-a135-4b25-9a32-5aa4e632014a" ,
"template_version" : "2" ,
"timestamp" : "1554925254" ,
"uuid" : "06b00c8c-78e4-4833-a79a-c70ac79d8b25" ,
"Attribute" : [
{
"category" : "Payload delivery" ,
"comment" : "" ,
"deleted" : false ,
"disable_correlation" : false ,
"object_relation" : "md5" ,
"timestamp" : "1554925254" ,
"to_ids" : true ,
"type" : "md5" ,
"uuid" : "2a4ab050-8faf-4fb7-85b5-1dbb1d2a9713" ,
"value" : "ce1e5ab830fcfaa2d7bea92f56e9026e"
} ,
{
"category" : "Other" ,
"comment" : "" ,
"deleted" : false ,
"disable_correlation" : true ,
"object_relation" : "entropy" ,
"timestamp" : "1554925254" ,
"to_ids" : false ,
"type" : "float" ,
"uuid" : "10d55f20-9e31-4f11-abdd-af997378272b" ,
"value" : "5.962575"
} ,
{
"category" : "Other" ,
"comment" : "" ,
"deleted" : false ,
"disable_correlation" : true ,
"object_relation" : "name" ,
"timestamp" : "1554925254" ,
"to_ids" : false ,
"type" : "text" ,
"uuid" : "eb6d6bc4-a200-42cd-b20c-4e10d1101aa4" ,
"value" : ".rdata"
} ,
{
"category" : "Other" ,
"comment" : "" ,
"deleted" : false ,
"disable_correlation" : true ,
"object_relation" : "size-in-bytes" ,
"timestamp" : "1554925254" ,
"to_ids" : false ,
"type" : "size-in-bytes" ,
"uuid" : "5993ae0b-3a39-4f4a-96c0-3635d726430d" ,
"value" : "27136"
}
]
} ,
{
"comment" : "" ,
"deleted" : false ,
"description" : "Object describing a section of a Portable Executable" ,
"meta-category" : "file" ,
"name" : "pe-section" ,
"template_uuid" : "198a17d2-a135-4b25-9a32-5aa4e632014a" ,
"template_version" : "2" ,
"timestamp" : "1554925254" ,
"uuid" : "7b055b6f-f844-470b-958f-918ada8231bc" ,
"Attribute" : [
{
"category" : "Payload delivery" ,
"comment" : "" ,
"deleted" : false ,
"disable_correlation" : false ,
"object_relation" : "md5" ,
"timestamp" : "1554925254" ,
"to_ids" : true ,
"type" : "md5" ,
"uuid" : "bb646ce2-6204-44d1-93e7-d1e3db024e50" ,
"value" : "006bad003b65738ed203a576205cc546"
} ,
{
"category" : "Other" ,
"comment" : "" ,
"deleted" : false ,
"disable_correlation" : true ,
"object_relation" : "entropy" ,
"timestamp" : "1554925254" ,
"to_ids" : false ,
"type" : "float" ,
"uuid" : "788ceb35-b02b-4c4e-840b-28c8c33e341b" ,
"value" : "4.157373"
} ,
{
"category" : "Other" ,
"comment" : "" ,
"deleted" : false ,
"disable_correlation" : true ,
"object_relation" : "name" ,
"timestamp" : "1554925254" ,
"to_ids" : false ,
"type" : "text" ,
"uuid" : "8cda33eb-b153-4886-9057-9bcaee63ec25" ,
"value" : ".data"
} ,
{
"category" : "Other" ,
"comment" : "" ,
"deleted" : false ,
"disable_correlation" : true ,
"object_relation" : "size-in-bytes" ,
"timestamp" : "1554925254" ,
"to_ids" : false ,
"type" : "size-in-bytes" ,
"uuid" : "d77b76f2-16b7-4585-8a8f-cc476e3934a2" ,
"value" : "8192"
}
]
} ,
{
"comment" : "" ,
"deleted" : false ,
"description" : "Object describing a section of a Portable Executable" ,
"meta-category" : "file" ,
"name" : "pe-section" ,
"template_uuid" : "198a17d2-a135-4b25-9a32-5aa4e632014a" ,
"template_version" : "2" ,
"timestamp" : "1554925254" ,
"uuid" : "3014952d-8c6c-47f4-9e95-a2e07d248668" ,
"Attribute" : [
{
"category" : "Payload delivery" ,
"comment" : "" ,
"deleted" : false ,
"disable_correlation" : false ,
"object_relation" : "md5" ,
"timestamp" : "1554925254" ,
"to_ids" : true ,
"type" : "md5" ,
"uuid" : "4103dce2-1897-412a-abcd-38a36bfcbb02" ,
"value" : "992987e022da39fcdbeede8ddd48f226"
} ,
{
"category" : "Other" ,
"comment" : "" ,
"deleted" : false ,
"disable_correlation" : true ,
"object_relation" : "entropy" ,
"timestamp" : "1554925254" ,
"to_ids" : false ,
"type" : "float" ,
"uuid" : "ea603899-a8a5-4bd6-8a79-1ddf566188d9" ,
"value" : "5.51187"
} ,
{
"category" : "Other" ,
"comment" : "" ,
"deleted" : false ,
"disable_correlation" : true ,
"object_relation" : "name" ,
"timestamp" : "1554925254" ,
"to_ids" : false ,
"type" : "text" ,
"uuid" : "7bf18fef-03c0-4d57-817d-d766ac8edb97" ,
"value" : ".rsrc"
} ,
{
"category" : "Other" ,
"comment" : "" ,
"deleted" : false ,
"disable_correlation" : true ,
"object_relation" : "size-in-bytes" ,
"timestamp" : "1554925254" ,
"to_ids" : false ,
"type" : "size-in-bytes" ,
"uuid" : "daf93f17-ff50-49e0-a4d8-16a5ca8304ca" ,
"value" : "3072"
}
]
} ,
{
"comment" : "" ,
"deleted" : false ,
"description" : "Object describing a section of a Portable Executable" ,
"meta-category" : "file" ,
"name" : "pe-section" ,
"template_uuid" : "198a17d2-a135-4b25-9a32-5aa4e632014a" ,
"template_version" : "2" ,
"timestamp" : "1554925254" ,
"uuid" : "03f59ed6-d83e-4769-a8ac-611f258d0429" ,
"Attribute" : [
{
"category" : "Payload delivery" ,
"comment" : "" ,
"deleted" : false ,
"disable_correlation" : false ,
"object_relation" : "md5" ,
"timestamp" : "1554925254" ,
"to_ids" : true ,
"type" : "md5" ,
"uuid" : "16ba4695-e9a1-41f9-b742-8f8be584c06f" ,
"value" : "4be460324f0f4dc1f6a0983752094cce"
} ,
{
"category" : "Other" ,
"comment" : "" ,
"deleted" : false ,
"disable_correlation" : true ,
"object_relation" : "entropy" ,
"timestamp" : "1554925254" ,
"to_ids" : false ,
"type" : "float" ,
"uuid" : "027fec2c-9566-42ed-b068-ee943edbf127" ,
"value" : "5.303151"
} ,
{
"category" : "Other" ,
"comment" : "" ,
"deleted" : false ,
"disable_correlation" : true ,
"object_relation" : "name" ,
"timestamp" : "1554925254" ,
"to_ids" : false ,
"type" : "text" ,
"uuid" : "7e444bcf-fd06-47da-919a-cfd945b62f32" ,
"value" : ".reloc"
} ,
{
"category" : "Other" ,
"comment" : "" ,
"deleted" : false ,
"disable_correlation" : true ,
"object_relation" : "size-in-bytes" ,
"timestamp" : "1554925254" ,
"to_ids" : false ,
"type" : "size-in-bytes" ,
"uuid" : "d4cb0580-7068-42db-84e8-f41fc287146d" ,
"value" : "9728"
}
]
} ,
{
"comment" : "" ,
"deleted" : false ,
"description" : "Object describing a Portable Executable" ,
"meta-category" : "file" ,
"name" : "pe" ,
"template_uuid" : "cf7adecc-d4f0-4e88-9d90-f978ee151a07" ,
"template_version" : "3" ,
"timestamp" : "1554925254" ,
"uuid" : "738d6709-4996-4265-b9db-a44258b97eca" ,
"ObjectReference" : [
{
"comment" : "" ,
"object_uuid" : "738d6709-4996-4265-b9db-a44258b97eca" ,
"referenced_uuid" : "08b33dc6-0d4c-4441-85b9-19177bfce17f" ,
"relationship_type" : "header-of" ,
"timestamp" : "1554925264" ,
"uuid" : "5cae46d0-81e8-40c9-bd07-478f950d210f"
} ,
{
"comment" : "" ,
"object_uuid" : "738d6709-4996-4265-b9db-a44258b97eca" ,
"referenced_uuid" : "cf24fa43-ec76-41ac-a2c9-c76a86ccd334" ,
"relationship_type" : "included-in" ,
"timestamp" : "1554925264" ,
"uuid" : "5cae46d0-fce4-4ecf-9f60-4b70950d210f"
} ,
{
"comment" : "" ,
"object_uuid" : "738d6709-4996-4265-b9db-a44258b97eca" ,
"referenced_uuid" : "06b00c8c-78e4-4833-a79a-c70ac79d8b25" ,
"relationship_type" : "included-in" ,
"timestamp" : "1554925264" ,
"uuid" : "5cae46d0-bcf0-486a-aaec-4fdf950d210f"
} ,
{
"comment" : "" ,
"object_uuid" : "738d6709-4996-4265-b9db-a44258b97eca" ,
"referenced_uuid" : "7b055b6f-f844-470b-958f-918ada8231bc" ,
"relationship_type" : "included-in" ,
"timestamp" : "1554925264" ,
"uuid" : "5cae46d0-7d4c-41be-9588-4117950d210f"
} ,
{
"comment" : "" ,
"object_uuid" : "738d6709-4996-4265-b9db-a44258b97eca" ,
"referenced_uuid" : "3014952d-8c6c-47f4-9e95-a2e07d248668" ,
"relationship_type" : "included-in" ,
"timestamp" : "1554925264" ,
"uuid" : "5cae46d0-c5f0-45e2-9e95-4c7c950d210f"
} ,
{
"comment" : "" ,
"object_uuid" : "738d6709-4996-4265-b9db-a44258b97eca" ,
"referenced_uuid" : "03f59ed6-d83e-4769-a8ac-611f258d0429" ,
"relationship_type" : "included-in" ,
"timestamp" : "1554925264" ,
"uuid" : "5cae46d0-4dd0-432b-afd0-4449950d210f"
}
] ,
"Attribute" : [
{
"category" : "Payload delivery" ,
"comment" : "" ,
"deleted" : false ,
"disable_correlation" : true ,
"object_relation" : "internal-filename" ,
"timestamp" : "1554925255" ,
"to_ids" : true ,
"type" : "filename" ,
"uuid" : "c00dc24c-f40b-4a5f-91ed-43068930fbaa" ,
"value" : "BE588CD29B9DC6F8CFC4D0AA5E5C79AA"
} ,
{
"category" : "Payload delivery" ,
"comment" : "" ,
"deleted" : false ,
"disable_correlation" : true ,
"object_relation" : "original-filename" ,
"timestamp" : "1554925255" ,
"to_ids" : true ,
"type" : "filename" ,
"uuid" : "8697256a-089e-40f9-afd7-255a7fcfc600" ,
"value" : "BE588CD29B9DC6F8CFC4D0AA5E5C79AA"
} ,
{
"category" : "Other" ,
"comment" : "" ,
"deleted" : false ,
"disable_correlation" : true ,
"object_relation" : "number-sections" ,
"timestamp" : "1554925255" ,
"to_ids" : false ,
"type" : "counter" ,
"uuid" : "2dcb512a-29e8-4f3e-a4d4-febfae2b987b" ,
"value" : "6"
}
]
} ,
{
"comment" : "" ,
"deleted" : false ,
"description" : "File object describing a file with meta-information" ,
"meta-category" : "file" ,
"name" : "file" ,
"template_uuid" : "688c46fb-5edb-40a3-8273-1af7923e2215" ,
"template_version" : "16" ,
"timestamp" : "1555061895" ,
"uuid" : "ebf0b816-7fdf-425a-8298-134f91e7cdf2" ,
"ObjectReference" : [
{
"comment" : "" ,
"object_uuid" : "ebf0b816-7fdf-425a-8298-134f91e7cdf2" ,
"referenced_uuid" : "738d6709-4996-4265-b9db-a44258b97eca" ,
"relationship_type" : "included-in" ,
"timestamp" : "1554925264" ,
"uuid" : "5cae46d1-20ac-4329-a90c-4659950d210f"
} ,
{
"comment" : "" ,
"object_uuid" : "ebf0b816-7fdf-425a-8298-134f91e7cdf2" ,
"referenced_uuid" : "9b5d58a8-fedd-424b-9e95-1fa9dee6113b" ,
2023-04-21 13:25:09 +00:00
"relationship_type" : "connected-to" ,
2023-12-14 14:30:15 +00:00
"timestamp" : "1554925265" ,
"uuid" : "5cae46d1-0248-4639-96e1-4777950d210f"
} ,
{
"comment" : "" ,
"object_uuid" : "ebf0b816-7fdf-425a-8298-134f91e7cdf2" ,
"referenced_uuid" : "5e64eddb-9dc7-4976-9c08-4884f931c92e" ,
2023-04-21 13:25:09 +00:00
"relationship_type" : "connected-to" ,
2023-12-14 14:30:15 +00:00
"timestamp" : "1554925265" ,
"uuid" : "5cae46d1-fa88-420c-9706-4981950d210f"
} ,
{
"comment" : "" ,
"object_uuid" : "ebf0b816-7fdf-425a-8298-134f91e7cdf2" ,
"referenced_uuid" : "e773193c-a490-442a-a41f-63e402cf3865" ,
2023-04-21 13:25:09 +00:00
"relationship_type" : "connected-to" ,
2023-12-14 14:30:15 +00:00
"timestamp" : "1554925265" ,
"uuid" : "5cae46d1-931c-4746-9b9f-4efc950d210f"
} ,
{
"comment" : "" ,
"object_uuid" : "ebf0b816-7fdf-425a-8298-134f91e7cdf2" ,
"referenced_uuid" : "bc976e66-b5d6-464d-9adc-0d53da3ec01a" ,
2023-04-21 13:25:09 +00:00
"relationship_type" : "connected-to" ,
2023-12-14 14:30:15 +00:00
"timestamp" : "1554925265" ,
"uuid" : "5cae46d1-78dc-4650-afb2-4fa3950d210f"
} ,
{
"comment" : "" ,
"object_uuid" : "ebf0b816-7fdf-425a-8298-134f91e7cdf2" ,
"referenced_uuid" : "f7d0f16d-6367-4770-ae6e-db03c68a82ca" ,
2023-04-21 13:25:09 +00:00
"relationship_type" : "related-to" ,
2023-12-14 14:30:15 +00:00
"timestamp" : "1554925265" ,
"uuid" : "5cae46d1-b1c4-418b-9eb5-419e950d210f"
} ,
{
"comment" : "" ,
"object_uuid" : "ebf0b816-7fdf-425a-8298-134f91e7cdf2" ,
"referenced_uuid" : "930261a1-dfbe-4f99-957b-27f14a50a397" ,
2023-04-21 13:25:09 +00:00
"relationship_type" : "connected-to" ,
2023-12-14 14:30:15 +00:00
"timestamp" : "1554925265" ,
"uuid" : "5cae46d1-474c-453c-b0b5-41c1950d210f"
} ,
{
"comment" : "" ,
"object_uuid" : "ebf0b816-7fdf-425a-8298-134f91e7cdf2" ,
"referenced_uuid" : "a314859d-026b-4b02-bcf5-09d7e3c08026" ,
2023-04-21 13:25:09 +00:00
"relationship_type" : "analysed-with" ,
2023-12-14 14:30:15 +00:00
"timestamp" : "1555061900" ,
"uuid" : "5cb05c8c-99e8-4985-9d6d-205c950d210f"
}
] ,
"Attribute" : [
{
"category" : "Payload delivery" ,
"comment" : "" ,
"deleted" : false ,
"disable_correlation" : false ,
"object_relation" : "md5" ,
"timestamp" : "1554925255" ,
"to_ids" : false ,
"type" : "md5" ,
"uuid" : "af11a36f-3226-4cbd-a054-250591ed11ca" ,
"value" : "be588cd29b9dc6f8cfc4d0aa5e5c79aa"
} ,
{
"category" : "Payload delivery" ,
"comment" : "" ,
"deleted" : false ,
"disable_correlation" : false ,
"object_relation" : "sha1" ,
"timestamp" : "1554925255" ,
"to_ids" : false ,
"type" : "sha1" ,
"uuid" : "46aa10fb-4355-4eac-92e1-1e3b2daa4d3f" ,
"value" : "06be4fe1f26bc3e4bef057ec83ae81bd3199c7fc"
} ,
{
"category" : "Payload delivery" ,
"comment" : "" ,
"deleted" : false ,
"disable_correlation" : false ,
"object_relation" : "sha256" ,
"timestamp" : "1554925255" ,
"to_ids" : false ,
"type" : "sha256" ,
"uuid" : "c515b394-8cad-47cb-88d4-99f50acf5615" ,
"value" : "ddea408e178f0412ae78ff5d5adf2439251f68cad4fd853ee466a3c74649642d"
} ,
{
"category" : "Payload delivery" ,
"comment" : "" ,
"deleted" : false ,
"disable_correlation" : false ,
"object_relation" : "sha512" ,
"timestamp" : "1554925255" ,
"to_ids" : false ,
"type" : "sha512" ,
"uuid" : "03276553-0e00-4efb-9ad7-c29fe084b9a6" ,
"value" : "c074ec876350b3ee3f82208041152c0ecf25cc8600c8277eec389c253c12372e78da59182a6df8331b05e0eefb07c142172951115a582606f68b824e1d48f30d"
} ,
{
"category" : "Payload delivery" ,
"comment" : "" ,
"deleted" : false ,
"disable_correlation" : false ,
"object_relation" : "ssdeep" ,
"timestamp" : "1554925255" ,
"to_ids" : false ,
"type" : "ssdeep" ,
"uuid" : "915eae7c-ecec-4541-8ecd-c13c53957035" ,
"value" : "6144:UEFpmt3md/iA3uiyzOvLFOLYqnHGZlDwf/OYy85eqmJKRPg:/PQ3mJxeigqi/OYy+/g"
} ,
{
"category" : "Payload delivery" ,
"comment" : "" ,
"deleted" : false ,
"disable_correlation" : true ,
"object_relation" : "filename" ,
"timestamp" : "1554925255" ,
"to_ids" : false ,
"type" : "filename" ,
"uuid" : "b17ba2a4-b07f-4bec-8c93-89ad360f3115" ,
"value" : "BE588CD29B9DC6F8CFC4D0AA5E5C79AA"
} ,
{
"category" : "Other" ,
"comment" : "" ,
"deleted" : false ,
"disable_correlation" : true ,
"object_relation" : "size-in-bytes" ,
"timestamp" : "1554925255" ,
"to_ids" : false ,
"type" : "size-in-bytes" ,
"uuid" : "51ea069c-edb0-4183-982c-343a5c5add69" ,
"value" : "267776"
} ,
{
"category" : "Other" ,
"comment" : "" ,
"deleted" : false ,
"disable_correlation" : true ,
"object_relation" : "entropy" ,
"timestamp" : "1554925255" ,
"to_ids" : false ,
"type" : "float" ,
"uuid" : "6ac891f5-288b-428a-ab9f-028c7d45635c" ,
"value" : "6.554499"
} ,
{
"category" : "Artifacts dropped" ,
"comment" : "" ,
"deleted" : false ,
"disable_correlation" : true ,
"object_relation" : "mimetype" ,
"timestamp" : "1554925255" ,
"to_ids" : false ,
"type" : "mime-type" ,
"uuid" : "9c195c3a-8905-4b81-bf29-bd7b5d54555b" ,
"value" : "PE32 executable (GUI) Intel 80386, for MS Windows"
}
]
} ,
{
"comment" : "" ,
"deleted" : false ,
"description" : "Whois records information for a domain name or an IP address." ,
"meta-category" : "network" ,
"name" : "whois" ,
"template_uuid" : "429faea1-34ff-47af-8a00-7c62d3be5a6a" ,
"template_version" : "10" ,
"timestamp" : "1554925255" ,
"uuid" : "26db93d0-b8c2-48c0-9068-e8ddce10b2ac" ,
"Attribute" : [
{
"category" : "Other" ,
"comment" : "" ,
"deleted" : false ,
"disable_correlation" : true ,
"object_relation" : "text" ,
"timestamp" : "1554925255" ,
"to_ids" : false ,
"type" : "text" ,
"uuid" : "4e134e95-f503-4166-8d49-a60a39733d96" ,
"value" : "Domain name:\n redstation.net.uk\n\n Registrant:\n Redstation Limited\n\n Registrant type:\n UK Limited Company, (Company number: 3590745)\n\n Registrant's address:\n 2 Frater Gate Business Park\n Aerodrome Road\n Gosport\n Hampshire\n PO13 0GW\n United Kingdom\n\n Data validation:\n Nominet was able to match the registrant's name and address against a 3rd party data source on 21-Feb-2017\n\n Registrar:\n Easyspace Ltd [Tag = EASYSPACE]\n URL: https://www.easyspace.com/domain-names/extensions/uk\n\n Relevant dates:\n Registered on: 11-Apr-2005\n Expiry date: 11-Apr-2019\n Last updated: 12-Apr-2017\n\n Registration status:\n Registered until expiry date.\n\n Name servers:\n ns1.redstation.com\n ns2.redstation.com"
}
]
} ,
{
"comment" : "" ,
"deleted" : false ,
"description" : "Object describing a section of a Portable Executable" ,
"meta-category" : "file" ,
"name" : "pe-section" ,
"template_uuid" : "198a17d2-a135-4b25-9a32-5aa4e632014a" ,
"template_version" : "2" ,
"timestamp" : "1554925255" ,
"uuid" : "681912d6-af0d-4b11-af8f-576123bb2ef7" ,
"Attribute" : [
{
"category" : "Other" ,
"comment" : "" ,
"deleted" : false ,
"disable_correlation" : true ,
"object_relation" : "entropy" ,
"timestamp" : "1554925255" ,
"to_ids" : false ,
"type" : "float" ,
"uuid" : "50c7c57c-4dfa-4686-9335-81a231fa8d6c" ,
"value" : "2.4864"
} ,
{
"category" : "Payload delivery" ,
"comment" : "" ,
"deleted" : false ,
"disable_correlation" : false ,
"object_relation" : "md5" ,
"timestamp" : "1554925255" ,
"to_ids" : true ,
"type" : "md5" ,
"uuid" : "547b1937-09b0-4973-9534-a614404ff7ad" ,
"value" : "e772c7a04c7e3d53c58fdb8a88bb0c02"
} ,
{
"category" : "Other" ,
"comment" : "" ,
"deleted" : false ,
"disable_correlation" : true ,
"object_relation" : "size-in-bytes" ,
"timestamp" : "1554925255" ,
"to_ids" : false ,
"type" : "size-in-bytes" ,
"uuid" : "514ca7d3-9ed2-430e-8756-e9cb867f4c0c" ,
"value" : "1024"
}
]
} ,
{
"comment" : "" ,
"deleted" : false ,
"description" : "Object describing a section of a Portable Executable" ,
"meta-category" : "file" ,
"name" : "pe-section" ,
"template_uuid" : "198a17d2-a135-4b25-9a32-5aa4e632014a" ,
"template_version" : "2" ,
"timestamp" : "1554925255" ,
"uuid" : "a2dfae6d-1e63-4f17-aa63-b82b363d2000" ,
"Attribute" : [
{
"category" : "Payload delivery" ,
"comment" : "" ,
"deleted" : false ,
"disable_correlation" : false ,
"object_relation" : "md5" ,
"timestamp" : "1554925255" ,
"to_ids" : true ,
"type" : "md5" ,
"uuid" : "71d5ae1c-3f38-4e9b-bfca-9136c7680eac" ,
"value" : "a6a2750e5b57470403299e0327553042"
} ,
{
"category" : "Other" ,
"comment" : "" ,
"deleted" : false ,
"disable_correlation" : true ,
"object_relation" : "entropy" ,
"timestamp" : "1554925255" ,
"to_ids" : false ,
"type" : "float" ,
"uuid" : "0a32cf4f-d40f-4d99-b929-1d7fa681f215" ,
"value" : "6.29743"
} ,
{
"category" : "Other" ,
"comment" : "" ,
"deleted" : false ,
"disable_correlation" : true ,
"object_relation" : "name" ,
"timestamp" : "1554925255" ,
"to_ids" : false ,
"type" : "text" ,
"uuid" : "b1e8091d-8c41-4f1c-a945-9df2404d1e12" ,
"value" : ".text"
} ,
{
"category" : "Other" ,
"comment" : "" ,
"deleted" : false ,
"disable_correlation" : true ,
"object_relation" : "size-in-bytes" ,
"timestamp" : "1554925255" ,
"to_ids" : false ,
"type" : "size-in-bytes" ,
"uuid" : "29c9c5d2-9c05-4ea5-8241-df4da93e68d8" ,
"value" : "34816"
}
]
} ,
{
"comment" : "" ,
"deleted" : false ,
"description" : "Object describing a section of a Portable Executable" ,
"meta-category" : "file" ,
"name" : "pe-section" ,
"template_uuid" : "198a17d2-a135-4b25-9a32-5aa4e632014a" ,
"template_version" : "2" ,
"timestamp" : "1554925255" ,
"uuid" : "cb37303a-fd4b-4a66-a6e8-ff5dffc84ac7" ,
"Attribute" : [
{
"category" : "Payload delivery" ,
"comment" : "" ,
"deleted" : false ,
"disable_correlation" : false ,
"object_relation" : "md5" ,
"timestamp" : "1554925255" ,
"to_ids" : true ,
"type" : "md5" ,
"uuid" : "1fe9839e-bc54-4e3c-9527-4178f7349491" ,
"value" : "cc5d69374e9b0266a4b1119e5274d392"
} ,
{
"category" : "Other" ,
"comment" : "" ,
"deleted" : false ,
"disable_correlation" : true ,
"object_relation" : "entropy" ,
"timestamp" : "1554925255" ,
"to_ids" : false ,
"type" : "float" ,
"uuid" : "44db3c73-4453-4765-ae4a-24ac4ade8e7c" ,
"value" : "4.71565"
} ,
{
"category" : "Other" ,
"comment" : "" ,
"deleted" : false ,
"disable_correlation" : true ,
"object_relation" : "name" ,
"timestamp" : "1554925255" ,
"to_ids" : false ,
"type" : "text" ,
"uuid" : "0b3ef129-e647-4a3d-ba0a-fd1112842f5b" ,
"value" : ".rdata"
} ,
{
"category" : "Other" ,
"comment" : "" ,
"deleted" : false ,
"disable_correlation" : true ,
"object_relation" : "size-in-bytes" ,
"timestamp" : "1554925255" ,
"to_ids" : false ,
"type" : "size-in-bytes" ,
"uuid" : "93d6e715-42d5-430f-9218-6c89a6d6b407" ,
"value" : "12288"
}
]
} ,
{
"comment" : "" ,
"deleted" : false ,
"description" : "Object describing a section of a Portable Executable" ,
"meta-category" : "file" ,
"name" : "pe-section" ,
"template_uuid" : "198a17d2-a135-4b25-9a32-5aa4e632014a" ,
"template_version" : "2" ,
"timestamp" : "1554925255" ,
"uuid" : "737ccfd6-1e0e-494d-bcdc-5cbf6ae072f7" ,
"Attribute" : [
{
"category" : "Payload delivery" ,
"comment" : "" ,
"deleted" : false ,
"disable_correlation" : false ,
"object_relation" : "md5" ,
"timestamp" : "1554925255" ,
"to_ids" : true ,
"type" : "md5" ,
"uuid" : "9577dd42-7be8-4cfe-991e-1fc03c133857" ,
"value" : "ac4ee21fcb2501656efc217d139ec804"
} ,
{
"category" : "Other" ,
"comment" : "" ,
"deleted" : false ,
"disable_correlation" : true ,
"object_relation" : "entropy" ,
"timestamp" : "1554925255" ,
"to_ids" : false ,
"type" : "float" ,
"uuid" : "f95c7a9c-cb91-490a-8433-e1081597f624" ,
"value" : "1.87695"
} ,
{
"category" : "Other" ,
"comment" : "" ,
"deleted" : false ,
"disable_correlation" : true ,
"object_relation" : "name" ,
"timestamp" : "1554925255" ,
"to_ids" : false ,
"type" : "text" ,
"uuid" : "35fdd5fa-da9b-47d4-9173-8bf7d37146d4" ,
"value" : ".data"
} ,
{
"category" : "Other" ,
"comment" : "" ,
"deleted" : false ,
"disable_correlation" : true ,
"object_relation" : "size-in-bytes" ,
"timestamp" : "1554925255" ,
"to_ids" : false ,
"type" : "size-in-bytes" ,
"uuid" : "b14dfab0-e748-473d-8139-6709571fdd82" ,
"value" : "5120"
}
]
} ,
{
"comment" : "" ,
"deleted" : false ,
"description" : "Object describing a section of a Portable Executable" ,
"meta-category" : "file" ,
"name" : "pe-section" ,
"template_uuid" : "198a17d2-a135-4b25-9a32-5aa4e632014a" ,
"template_version" : "2" ,
"timestamp" : "1554925255" ,
"uuid" : "d032374b-36e3-4c4b-895b-c3a776cb60c4" ,
"Attribute" : [
{
"category" : "Payload delivery" ,
"comment" : "" ,
"deleted" : false ,
"disable_correlation" : false ,
"object_relation" : "md5" ,
"timestamp" : "1554925255" ,
"to_ids" : true ,
"type" : "md5" ,
"uuid" : "41865ad4-aa5e-4136-ba7c-75121c62071c" ,
"value" : "359af12d4a14ced423d39736dfec613a"
} ,
{
"category" : "Other" ,
"comment" : "" ,
"deleted" : false ,
"disable_correlation" : true ,
"object_relation" : "entropy" ,
"timestamp" : "1554925255" ,
"to_ids" : false ,
"type" : "float" ,
"uuid" : "adb4a29e-b7ed-4423-a7fd-997974098aad" ,
"value" : "3.878158"
} ,
{
"category" : "Other" ,
"comment" : "" ,
"deleted" : false ,
"disable_correlation" : true ,
"object_relation" : "name" ,
"timestamp" : "1554925255" ,
"to_ids" : false ,
"type" : "text" ,
"uuid" : "4758b794-15c2-4581-826c-123da5633274" ,
"value" : ".pdata"
} ,
{
"category" : "Other" ,
"comment" : "" ,
"deleted" : false ,
"disable_correlation" : true ,
"object_relation" : "size-in-bytes" ,
"timestamp" : "1554925255" ,
"to_ids" : false ,
"type" : "size-in-bytes" ,
"uuid" : "90ac40d2-8e52-4fd9-8365-b59b6dd23e6a" ,
"value" : "2560"
}
]
} ,
{
"comment" : "" ,
"deleted" : false ,
"description" : "Object describing a section of a Portable Executable" ,
"meta-category" : "file" ,
"name" : "pe-section" ,
"template_uuid" : "198a17d2-a135-4b25-9a32-5aa4e632014a" ,
"template_version" : "2" ,
"timestamp" : "1554925255" ,
"uuid" : "9c760cfe-2e23-4e32-b35b-d7097fd4c799" ,
"Attribute" : [
{
"category" : "Payload delivery" ,
"comment" : "" ,
"deleted" : false ,
"disable_correlation" : false ,
"object_relation" : "md5" ,
"timestamp" : "1554925256" ,
"to_ids" : true ,
"type" : "md5" ,
"uuid" : "82e679ce-0fc0-4e34-aef5-6d3d57faecd5" ,
"value" : "097e0e4be076b795a7316f1746bace8a"
} ,
{
"category" : "Other" ,
"comment" : "" ,
"deleted" : false ,
"disable_correlation" : true ,
"object_relation" : "entropy" ,
"timestamp" : "1554925256" ,
"to_ids" : false ,
"type" : "float" ,
"uuid" : "e0bee652-9e86-4116-bbc1-ba2397c1b2cc" ,
"value" : "5.514584"
} ,
{
"category" : "Other" ,
"comment" : "" ,
"deleted" : false ,
"disable_correlation" : true ,
"object_relation" : "name" ,
"timestamp" : "1554925256" ,
"to_ids" : false ,
"type" : "text" ,
"uuid" : "fcfd25bb-b089-4178-818f-4d310fb1d282" ,
"value" : ".rsrc"
} ,
{
"category" : "Other" ,
"comment" : "" ,
"deleted" : false ,
"disable_correlation" : true ,
"object_relation" : "size-in-bytes" ,
"timestamp" : "1554925256" ,
"to_ids" : false ,
"type" : "size-in-bytes" ,
"uuid" : "5370431c-1840-481c-b92a-d10424739227" ,
"value" : "3072"
}
]
} ,
{
"comment" : "" ,
"deleted" : false ,
"description" : "Object describing a section of a Portable Executable" ,
"meta-category" : "file" ,
"name" : "pe-section" ,
"template_uuid" : "198a17d2-a135-4b25-9a32-5aa4e632014a" ,
"template_version" : "2" ,
"timestamp" : "1554925256" ,
"uuid" : "34135ff1-138a-4297-afe6-6e17271fbeec" ,
"Attribute" : [
{
"category" : "Payload delivery" ,
"comment" : "" ,
"deleted" : false ,
"disable_correlation" : false ,
"object_relation" : "md5" ,
"timestamp" : "1554925256" ,
"to_ids" : true ,
"type" : "md5" ,
"uuid" : "3b692804-a934-4dd7-9b14-3942beb53f23" ,
"value" : "5849f380266933d6f3c5c4740334b041"
} ,
{
"category" : "Other" ,
"comment" : "" ,
"deleted" : false ,
"disable_correlation" : true ,
"object_relation" : "entropy" ,
"timestamp" : "1554925256" ,
"to_ids" : false ,
"type" : "float" ,
"uuid" : "8360ac22-47cf-4aa7-b1cb-900c73d04360" ,
"value" : "2.517963"
} ,
{
"category" : "Other" ,
"comment" : "" ,
"deleted" : false ,
"disable_correlation" : true ,
"object_relation" : "name" ,
"timestamp" : "1554925256" ,
"to_ids" : false ,
"type" : "text" ,
"uuid" : "10335091-e394-4085-a76a-fe8f960b2f5d" ,
"value" : ".reloc"
} ,
{
"category" : "Other" ,
"comment" : "" ,
"deleted" : false ,
"disable_correlation" : true ,
"object_relation" : "size-in-bytes" ,
"timestamp" : "1554925256" ,
"to_ids" : false ,
"type" : "size-in-bytes" ,
"uuid" : "2188d52b-4fa7-4da7-8c82-68f51b9506ec" ,
"value" : "1024"
}
]
} ,
{
"comment" : "" ,
"deleted" : false ,
"description" : "Object describing a Portable Executable" ,
"meta-category" : "file" ,
"name" : "pe" ,
"template_uuid" : "cf7adecc-d4f0-4e88-9d90-f978ee151a07" ,
"template_version" : "3" ,
"timestamp" : "1554925256" ,
"uuid" : "d158344a-e9a9-4e03-9832-fb1264c3d1aa" ,
"ObjectReference" : [
{
"comment" : "" ,
"object_uuid" : "d158344a-e9a9-4e03-9832-fb1264c3d1aa" ,
"referenced_uuid" : "681912d6-af0d-4b11-af8f-576123bb2ef7" ,
"relationship_type" : "header-of" ,
"timestamp" : "1554925265" ,
"uuid" : "5cae46d1-783c-4120-bcbe-428e950d210f"
} ,
{
"comment" : "" ,
"object_uuid" : "d158344a-e9a9-4e03-9832-fb1264c3d1aa" ,
"referenced_uuid" : "a2dfae6d-1e63-4f17-aa63-b82b363d2000" ,
"relationship_type" : "included-in" ,
"timestamp" : "1554925265" ,
"uuid" : "5cae46d1-a43c-4a70-9f2f-4581950d210f"
} ,
{
"comment" : "" ,
"object_uuid" : "d158344a-e9a9-4e03-9832-fb1264c3d1aa" ,
"referenced_uuid" : "cb37303a-fd4b-4a66-a6e8-ff5dffc84ac7" ,
"relationship_type" : "included-in" ,
"timestamp" : "1554925265" ,
"uuid" : "5cae46d1-7190-4f44-828d-4e12950d210f"
} ,
{
"comment" : "" ,
"object_uuid" : "d158344a-e9a9-4e03-9832-fb1264c3d1aa" ,
"referenced_uuid" : "737ccfd6-1e0e-494d-bcdc-5cbf6ae072f7" ,
"relationship_type" : "included-in" ,
"timestamp" : "1554925265" ,
"uuid" : "5cae46d1-e4a8-4e26-9a0f-43c1950d210f"
} ,
{
"comment" : "" ,
"object_uuid" : "d158344a-e9a9-4e03-9832-fb1264c3d1aa" ,
"referenced_uuid" : "d032374b-36e3-4c4b-895b-c3a776cb60c4" ,
"relationship_type" : "included-in" ,
"timestamp" : "1554925265" ,
"uuid" : "5cae46d1-4334-461e-8f25-43a2950d210f"
} ,
{
"comment" : "" ,
"object_uuid" : "d158344a-e9a9-4e03-9832-fb1264c3d1aa" ,
"referenced_uuid" : "9c760cfe-2e23-4e32-b35b-d7097fd4c799" ,
"relationship_type" : "included-in" ,
"timestamp" : "1554925265" ,
"uuid" : "5cae46d1-2824-4a3f-8445-4820950d210f"
} ,
{
"comment" : "" ,
"object_uuid" : "d158344a-e9a9-4e03-9832-fb1264c3d1aa" ,
"referenced_uuid" : "34135ff1-138a-4297-afe6-6e17271fbeec" ,
"relationship_type" : "included-in" ,
"timestamp" : "1554925265" ,
"uuid" : "5cae46d1-c804-4f34-bc22-4609950d210f"
}
] ,
"Attribute" : [
{
"category" : "Payload delivery" ,
"comment" : "" ,
"deleted" : false ,
"disable_correlation" : true ,
"object_relation" : "internal-filename" ,
"timestamp" : "1554925256" ,
"to_ids" : true ,
"type" : "filename" ,
"uuid" : "2b23be7c-810f-4af7-9852-4673a0810b7b" ,
"value" : "868036E102DF4CE414B0E6700825B319"
} ,
{
"category" : "Payload delivery" ,
"comment" : "" ,
"deleted" : false ,
"disable_correlation" : true ,
"object_relation" : "original-filename" ,
"timestamp" : "1554925256" ,
"to_ids" : true ,
"type" : "filename" ,
"uuid" : "714205f8-fcff-43f8-93e1-eb15bfd76be0" ,
"value" : "868036E102DF4CE414B0E6700825B319"
} ,
{
"category" : "Other" ,
"comment" : "" ,
"deleted" : false ,
"disable_correlation" : true ,
"object_relation" : "number-sections" ,
"timestamp" : "1554925256" ,
"to_ids" : false ,
"type" : "counter" ,
"uuid" : "0da0af95-1e93-4fc6-ab0a-b784ae1e7a42" ,
"value" : "7"
}
]
} ,
{
"comment" : "" ,
"deleted" : false ,
"description" : "File object describing a file with meta-information" ,
"meta-category" : "file" ,
"name" : "file" ,
"template_uuid" : "688c46fb-5edb-40a3-8273-1af7923e2215" ,
"template_version" : "16" ,
"timestamp" : "1555061896" ,
"uuid" : "6c10ee1b-a1c9-414d-92cc-8574decc8af4" ,
"ObjectReference" : [
{
"comment" : "" ,
"object_uuid" : "6c10ee1b-a1c9-414d-92cc-8574decc8af4" ,
"referenced_uuid" : "d158344a-e9a9-4e03-9832-fb1264c3d1aa" ,
"relationship_type" : "included-in" ,
"timestamp" : "1554925265" ,
"uuid" : "5cae46d1-a750-4fb5-bdeb-4411950d210f"
} ,
{
"comment" : "" ,
"object_uuid" : "6c10ee1b-a1c9-414d-92cc-8574decc8af4" ,
"referenced_uuid" : "f7d0f16d-6367-4770-ae6e-db03c68a82ca" ,
2023-04-21 13:25:09 +00:00
"relationship_type" : "related-to" ,
2023-12-14 14:30:15 +00:00
"timestamp" : "1554925265" ,
"uuid" : "5cae46d1-b578-4d9d-b839-4688950d210f"
} ,
{
"comment" : "" ,
"object_uuid" : "6c10ee1b-a1c9-414d-92cc-8574decc8af4" ,
"referenced_uuid" : "02f5bf02-c1ac-4142-be6b-978554a19a90" ,
2023-04-21 13:25:09 +00:00
"relationship_type" : "dropped" ,
2023-12-14 14:30:15 +00:00
"timestamp" : "1554925265" ,
"uuid" : "5cae46d1-bfec-4489-9546-4fb9950d210f"
} ,
{
"comment" : "" ,
"object_uuid" : "6c10ee1b-a1c9-414d-92cc-8574decc8af4" ,
"referenced_uuid" : "e25a593a-6702-4694-90f3-f0858a21b5e1" ,
2023-04-21 13:25:09 +00:00
"relationship_type" : "analysed-with" ,
2023-12-14 14:30:15 +00:00
"timestamp" : "1555061901" ,
"uuid" : "5cb05c8d-38f0-4387-94a6-205c950d210f"
}
] ,
"Attribute" : [
{
"category" : "Payload delivery" ,
"comment" : "" ,
"deleted" : false ,
"disable_correlation" : false ,
"object_relation" : "md5" ,
"timestamp" : "1554925256" ,
"to_ids" : false ,
"type" : "md5" ,
"uuid" : "76ea531a-49fc-4a82-970e-b210fb019243" ,
"value" : "868036e102df4ce414b0e6700825b319"
} ,
{
"category" : "Payload delivery" ,
"comment" : "" ,
"deleted" : false ,
"disable_correlation" : false ,
"object_relation" : "sha1" ,
"timestamp" : "1554925256" ,
"to_ids" : false ,
"type" : "sha1" ,
"uuid" : "8e9e1f78-5021-4dac-a330-b6e9169c7bc4" ,
"value" : "7f1e68d78e455aa14de9020abd2293c3b8ec6cf8"
} ,
{
"category" : "Payload delivery" ,
"comment" : "" ,
"deleted" : false ,
"disable_correlation" : false ,
"object_relation" : "sha256" ,
"timestamp" : "1554925256" ,
"to_ids" : false ,
"type" : "sha256" ,
"uuid" : "516a297e-c5a1-4dd2-aabd-346cdbe4e2d4" ,
"value" : "12480585e08855109c5972e85d99cda7701fe992bc1754f1a0736f1eebcb004d"
} ,
{
"category" : "Payload delivery" ,
"comment" : "" ,
"deleted" : false ,
"disable_correlation" : false ,
"object_relation" : "sha512" ,
"timestamp" : "1554925256" ,
"to_ids" : false ,
"type" : "sha512" ,
"uuid" : "d782d11c-af27-4f3a-84b8-20747f86b2a2" ,
"value" : "724d83493dbe86cfcee7f655272d2c733baa5470d7da986e956c789aa1b8f518ad94b575e655b4fe5f6f7d426b9aa7d8304fc879b82a385142b8924e0d454363"
} ,
{
"category" : "Payload delivery" ,
"comment" : "" ,
"deleted" : false ,
"disable_correlation" : false ,
"object_relation" : "ssdeep" ,
"timestamp" : "1554925256" ,
"to_ids" : false ,
"type" : "ssdeep" ,
"uuid" : "7a10ab38-0c5a-4f19-9e7f-3b1199a03c9d" ,
"value" : "12288:eb/3G8vg+Rg1cvAHtE0MLa07rt5POui6z:+/3G8vg+pvi9Sa07rt4ui6z"
} ,
{
"category" : "Payload delivery" ,
"comment" : "" ,
"deleted" : false ,
"disable_correlation" : true ,
"object_relation" : "filename" ,
"timestamp" : "1554925256" ,
"to_ids" : false ,
"type" : "filename" ,
"uuid" : "b1c21676-64c5-4ae3-8948-8e2531d38241" ,
"value" : "868036E102DF4CE414B0E6700825B319"
} ,
{
"category" : "Other" ,
"comment" : "" ,
"deleted" : false ,
"disable_correlation" : true ,
"object_relation" : "size-in-bytes" ,
"timestamp" : "1554925256" ,
"to_ids" : false ,
"type" : "size-in-bytes" ,
"uuid" : "aada89ac-b815-4767-b84e-4fe8fbd321ac" ,
"value" : "453791"
} ,
{
"category" : "Other" ,
"comment" : "" ,
"deleted" : false ,
"disable_correlation" : true ,
"object_relation" : "entropy" ,
"timestamp" : "1554925256" ,
"to_ids" : false ,
"type" : "float" ,
"uuid" : "684d920a-0ea8-4a68-89f0-940fcfc6da76" ,
"value" : "7.713852"
} ,
{
"category" : "Artifacts dropped" ,
"comment" : "" ,
"deleted" : false ,
"disable_correlation" : true ,
"object_relation" : "mimetype" ,
"timestamp" : "1554925256" ,
"to_ids" : false ,
"type" : "mime-type" ,
"uuid" : "bc59f58b-f4c7-4776-8f87-118ce55979f3" ,
"value" : "PE32+ executable (GUI) x86-64, for MS Windows"
}
]
} ,
{
"comment" : "" ,
"deleted" : false ,
"description" : "Object describing a section of a Portable Executable" ,
"meta-category" : "file" ,
"name" : "pe-section" ,
"template_uuid" : "198a17d2-a135-4b25-9a32-5aa4e632014a" ,
"template_version" : "2" ,
"timestamp" : "1554925256" ,
"uuid" : "1435e56d-5f38-40c6-a7c7-d85df67a37ea" ,
"Attribute" : [
{
"category" : "Other" ,
"comment" : "" ,
"deleted" : false ,
"disable_correlation" : true ,
"object_relation" : "entropy" ,
"timestamp" : "1554925256" ,
"to_ids" : false ,
"type" : "float" ,
"uuid" : "92189470-ebf6-48eb-b9e1-017745671592" ,
"value" : "2.524087"
} ,
{
"category" : "Payload delivery" ,
"comment" : "" ,
"deleted" : false ,
"disable_correlation" : false ,
"object_relation" : "md5" ,
"timestamp" : "1554925256" ,
"to_ids" : true ,
"type" : "md5" ,
"uuid" : "668ce866-63af-4400-8034-46a423aacdc0" ,
"value" : "3bb2a7d6aab283c82ab853f536157ce2"
} ,
{
"category" : "Other" ,
"comment" : "" ,
"deleted" : false ,
"disable_correlation" : true ,
"object_relation" : "size-in-bytes" ,
"timestamp" : "1554925256" ,
"to_ids" : false ,
"type" : "size-in-bytes" ,
"uuid" : "eaab7e4e-bf2e-4444-843e-e30d6a32dff0" ,
"value" : "1024"
}
]
} ,
{
"comment" : "" ,
"deleted" : false ,
"description" : "Object describing a section of a Portable Executable" ,
"meta-category" : "file" ,
"name" : "pe-section" ,
"template_uuid" : "198a17d2-a135-4b25-9a32-5aa4e632014a" ,
"template_version" : "2" ,
"timestamp" : "1554925256" ,
"uuid" : "b29bf9b8-09d1-41ec-8cf6-1556913a36b7" ,
"Attribute" : [
{
"category" : "Payload delivery" ,
"comment" : "" ,
"deleted" : false ,
"disable_correlation" : false ,
"object_relation" : "md5" ,
"timestamp" : "1554925256" ,
"to_ids" : true ,
"type" : "md5" ,
"uuid" : "cfa05f87-32cb-4909-bbc4-d75395fb29f6" ,
"value" : "b0bf8ec7b067fd3592c0053702e34504"
} ,
{
"category" : "Other" ,
"comment" : "" ,
"deleted" : false ,
"disable_correlation" : true ,
"object_relation" : "entropy" ,
"timestamp" : "1554925256" ,
"to_ids" : false ,
"type" : "float" ,
"uuid" : "2fa44e3b-b752-4a79-b504-ed631a606d80" ,
"value" : "6.180871"
} ,
{
"category" : "Other" ,
"comment" : "" ,
"deleted" : false ,
"disable_correlation" : true ,
"object_relation" : "name" ,
"timestamp" : "1554925256" ,
"to_ids" : false ,
"type" : "text" ,
"uuid" : "48a309fb-c98c-4cdc-b0dd-c0232816918d" ,
"value" : ".text"
} ,
{
"category" : "Other" ,
"comment" : "" ,
"deleted" : false ,
"disable_correlation" : true ,
"object_relation" : "size-in-bytes" ,
"timestamp" : "1554925256" ,
"to_ids" : false ,
"type" : "size-in-bytes" ,
"uuid" : "39d0c30a-cdc5-4d17-81f4-3db9a0103744" ,
"value" : "23552"
}
]
} ,
{
"comment" : "" ,
"deleted" : false ,
"description" : "Object describing a section of a Portable Executable" ,
"meta-category" : "file" ,
"name" : "pe-section" ,
"template_uuid" : "198a17d2-a135-4b25-9a32-5aa4e632014a" ,
"template_version" : "2" ,
"timestamp" : "1554925256" ,
"uuid" : "409a8ca2-3740-4465-be76-e1ebed4570e6" ,
"Attribute" : [
{
"category" : "Payload delivery" ,
"comment" : "" ,
"deleted" : false ,
"disable_correlation" : false ,
"object_relation" : "md5" ,
"timestamp" : "1554925256" ,
"to_ids" : true ,
"type" : "md5" ,
"uuid" : "c7b0a953-b4d4-414b-a877-fbe638908f7e" ,
"value" : "6cc98c5fef3ea1b782262e355b5c5862"
} ,
{
"category" : "Other" ,
"comment" : "" ,
"deleted" : false ,
"disable_correlation" : true ,
"object_relation" : "entropy" ,
"timestamp" : "1554925256" ,
"to_ids" : false ,
"type" : "float" ,
"uuid" : "0348e323-2dbb-4624-aa70-578dbb3f8406" ,
"value" : "4.635336"
} ,
{
"category" : "Other" ,
"comment" : "" ,
"deleted" : false ,
"disable_correlation" : true ,
"object_relation" : "name" ,
"timestamp" : "1554925256" ,
"to_ids" : false ,
"type" : "text" ,
"uuid" : "d26ecbd6-9a8f-4e1c-a5de-2854df69de70" ,
"value" : ".rdata"
} ,
{
"category" : "Other" ,
"comment" : "" ,
"deleted" : false ,
"disable_correlation" : true ,
"object_relation" : "size-in-bytes" ,
"timestamp" : "1554925256" ,
"to_ids" : false ,
"type" : "size-in-bytes" ,
"uuid" : "efe9abd5-8b25-46ce-a86e-9896ee4d00f4" ,
"value" : "10752"
}
]
} ,
{
"comment" : "" ,
"deleted" : false ,
"description" : "Object describing a section of a Portable Executable" ,
"meta-category" : "file" ,
"name" : "pe-section" ,
"template_uuid" : "198a17d2-a135-4b25-9a32-5aa4e632014a" ,
"template_version" : "2" ,
"timestamp" : "1554925256" ,
"uuid" : "855ac261-1c2a-412b-8320-1aa8d22f8c33" ,
"Attribute" : [
{
"category" : "Payload delivery" ,
"comment" : "" ,
"deleted" : false ,
"disable_correlation" : false ,
"object_relation" : "md5" ,
"timestamp" : "1554925256" ,
"to_ids" : true ,
"type" : "md5" ,
"uuid" : "6e59c926-ab16-40b1-adb0-afe8910a3f8a" ,
"value" : "484d4698d46b3b5ad033c1a80ba83acf"
} ,
{
"category" : "Other" ,
"comment" : "" ,
"deleted" : false ,
"disable_correlation" : true ,
"object_relation" : "entropy" ,
"timestamp" : "1554925256" ,
"to_ids" : false ,
"type" : "float" ,
"uuid" : "30d54d2a-b152-44b1-839e-d14bd9c417d1" ,
"value" : "2.145716"
} ,
{
"category" : "Other" ,
"comment" : "" ,
"deleted" : false ,
"disable_correlation" : true ,
"object_relation" : "name" ,
"timestamp" : "1554925256" ,
"to_ids" : false ,
"type" : "text" ,
"uuid" : "cca4242d-3ffb-43a8-aa9f-a2249f5d83e0" ,
"value" : ".data"
} ,
{
"category" : "Other" ,
"comment" : "" ,
"deleted" : false ,
"disable_correlation" : true ,
"object_relation" : "size-in-bytes" ,
"timestamp" : "1554925256" ,
"to_ids" : false ,
"type" : "size-in-bytes" ,
"uuid" : "5048f385-c6b7-41a5-9b37-237f095ea990" ,
"value" : "4096"
}
]
} ,
{
"comment" : "" ,
"deleted" : false ,
"description" : "Object describing a section of a Portable Executable" ,
"meta-category" : "file" ,
"name" : "pe-section" ,
"template_uuid" : "198a17d2-a135-4b25-9a32-5aa4e632014a" ,
"template_version" : "2" ,
"timestamp" : "1554925256" ,
"uuid" : "5760f7f9-6817-48fb-be8f-112dbd443f0a" ,
"Attribute" : [
{
"category" : "Payload delivery" ,
"comment" : "" ,
"deleted" : false ,
"disable_correlation" : false ,
"object_relation" : "md5" ,
"timestamp" : "1554925256" ,
"to_ids" : true ,
"type" : "md5" ,
"uuid" : "03b83675-3bf2-46c5-b2e8-763f307a218f" ,
"value" : "a07c8f17c18c6789a3e757aec183aea6"
} ,
{
"category" : "Other" ,
"comment" : "" ,
"deleted" : false ,
"disable_correlation" : true ,
"object_relation" : "entropy" ,
"timestamp" : "1554925256" ,
"to_ids" : false ,
"type" : "float" ,
"uuid" : "f56959d1-7bc3-4f78-a720-d1d8db5b5658" ,
"value" : "3.729952"
} ,
{
"category" : "Other" ,
"comment" : "" ,
"deleted" : false ,
"disable_correlation" : true ,
"object_relation" : "name" ,
"timestamp" : "1554925256" ,
"to_ids" : false ,
"type" : "text" ,
"uuid" : "617de1d1-ee07-442b-adf7-48cddada1c7c" ,
"value" : ".pdata"
} ,
{
"category" : "Other" ,
"comment" : "" ,
"deleted" : false ,
"disable_correlation" : true ,
"object_relation" : "size-in-bytes" ,
"timestamp" : "1554925256" ,
"to_ids" : false ,
"type" : "size-in-bytes" ,
"uuid" : "2baf96ce-c355-49ba-8f27-27a371939dcd" ,
"value" : "2048"
}
]
} ,
{
"comment" : "" ,
"deleted" : false ,
"description" : "Object describing a section of a Portable Executable" ,
"meta-category" : "file" ,
"name" : "pe-section" ,
"template_uuid" : "198a17d2-a135-4b25-9a32-5aa4e632014a" ,
"template_version" : "2" ,
"timestamp" : "1554925256" ,
"uuid" : "081fda7a-462f-411a-b541-1c85411baee2" ,
"Attribute" : [
{
"category" : "Payload delivery" ,
"comment" : "" ,
"deleted" : false ,
"disable_correlation" : false ,
"object_relation" : "md5" ,
"timestamp" : "1554925256" ,
"to_ids" : true ,
"type" : "md5" ,
"uuid" : "963374ec-28f8-41a7-8ef1-c95b11ca1871" ,
"value" : "fae0d0885944745d98849422bd799457"
} ,
{
"category" : "Other" ,
"comment" : "" ,
"deleted" : false ,
"disable_correlation" : true ,
"object_relation" : "entropy" ,
"timestamp" : "1554925256" ,
"to_ids" : false ,
"type" : "float" ,
"uuid" : "45171fb5-f9e2-401e-ae58-28133036e763" ,
"value" : "7.997488"
} ,
{
"category" : "Other" ,
"comment" : "" ,
"deleted" : false ,
"disable_correlation" : true ,
"object_relation" : "name" ,
"timestamp" : "1554925256" ,
"to_ids" : false ,
"type" : "text" ,
"uuid" : "d4df59cd-c664-4518-a52e-791db071d717" ,
"value" : ".rsrc"
} ,
{
"category" : "Other" ,
"comment" : "" ,
"deleted" : false ,
"disable_correlation" : true ,
"object_relation" : "size-in-bytes" ,
"timestamp" : "1554925256" ,
"to_ids" : false ,
"type" : "size-in-bytes" ,
"uuid" : "edaf8327-0cc0-409d-9da9-f64e17a9fb8b" ,
"value" : "348672"
}
]
} ,
{
"comment" : "" ,
"deleted" : false ,
"description" : "Object describing a section of a Portable Executable" ,
"meta-category" : "file" ,
"name" : "pe-section" ,
"template_uuid" : "198a17d2-a135-4b25-9a32-5aa4e632014a" ,
"template_version" : "2" ,
"timestamp" : "1554925256" ,
"uuid" : "2c3e7740-a7bc-46d7-bed6-5da54b4327f0" ,
"Attribute" : [
{
"category" : "Payload delivery" ,
"comment" : "" ,
"deleted" : false ,
"disable_correlation" : false ,
"object_relation" : "md5" ,
"timestamp" : "1554925257" ,
"to_ids" : true ,
"type" : "md5" ,
"uuid" : "79a36606-0756-4edd-931d-e722b7abb09f" ,
"value" : "0c1c23e1fb129b1b1966f70fc75cf20e"
} ,
{
"category" : "Other" ,
"comment" : "" ,
"deleted" : false ,
"disable_correlation" : true ,
"object_relation" : "entropy" ,
"timestamp" : "1554925257" ,
"to_ids" : false ,
"type" : "float" ,
"uuid" : "bd534413-3c43-4ded-b48b-8d4e8b1364bc" ,
"value" : "1.737829"
} ,
{
"category" : "Other" ,
"comment" : "" ,
"deleted" : false ,
"disable_correlation" : true ,
"object_relation" : "name" ,
"timestamp" : "1554925257" ,
"to_ids" : false ,
"type" : "text" ,
"uuid" : "fef32f0d-fc22-497c-aad3-e38597529c54" ,
"value" : ".reloc"
} ,
{
"category" : "Other" ,
"comment" : "" ,
"deleted" : false ,
"disable_correlation" : true ,
"object_relation" : "size-in-bytes" ,
"timestamp" : "1554925257" ,
"to_ids" : false ,
"type" : "size-in-bytes" ,
"uuid" : "08d78bd6-8f79-4146-9011-77bb8367ad70" ,
"value" : "1536"
}
]
} ,
{
"comment" : "" ,
"deleted" : false ,
"description" : "Object describing a Portable Executable" ,
"meta-category" : "file" ,
"name" : "pe" ,
"template_uuid" : "cf7adecc-d4f0-4e88-9d90-f978ee151a07" ,
"template_version" : "3" ,
"timestamp" : "1554925257" ,
"uuid" : "8ac82864-35d9-4232-ad60-e3e6fab47b66" ,
"ObjectReference" : [
{
"comment" : "" ,
"object_uuid" : "8ac82864-35d9-4232-ad60-e3e6fab47b66" ,
"referenced_uuid" : "1435e56d-5f38-40c6-a7c7-d85df67a37ea" ,
"relationship_type" : "header-of" ,
"timestamp" : "1554925265" ,
"uuid" : "5cae46d1-2868-494e-9f38-4320950d210f"
} ,
{
"comment" : "" ,
"object_uuid" : "8ac82864-35d9-4232-ad60-e3e6fab47b66" ,
"referenced_uuid" : "b29bf9b8-09d1-41ec-8cf6-1556913a36b7" ,
"relationship_type" : "included-in" ,
"timestamp" : "1554925266" ,
"uuid" : "5cae46d2-4fe8-4be0-ac57-431c950d210f"
} ,
{
"comment" : "" ,
"object_uuid" : "8ac82864-35d9-4232-ad60-e3e6fab47b66" ,
"referenced_uuid" : "409a8ca2-3740-4465-be76-e1ebed4570e6" ,
"relationship_type" : "included-in" ,
"timestamp" : "1554925266" ,
"uuid" : "5cae46d2-79b0-41ae-b4ff-419c950d210f"
} ,
{
"comment" : "" ,
"object_uuid" : "8ac82864-35d9-4232-ad60-e3e6fab47b66" ,
"referenced_uuid" : "855ac261-1c2a-412b-8320-1aa8d22f8c33" ,
"relationship_type" : "included-in" ,
"timestamp" : "1554925266" ,
"uuid" : "5cae46d2-14f4-4fd8-9a8b-4be9950d210f"
} ,
{
"comment" : "" ,
"object_uuid" : "8ac82864-35d9-4232-ad60-e3e6fab47b66" ,
"referenced_uuid" : "5760f7f9-6817-48fb-be8f-112dbd443f0a" ,
"relationship_type" : "included-in" ,
"timestamp" : "1554925266" ,
"uuid" : "5cae46d2-5c7c-4944-88ad-4bf9950d210f"
} ,
{
"comment" : "" ,
"object_uuid" : "8ac82864-35d9-4232-ad60-e3e6fab47b66" ,
"referenced_uuid" : "081fda7a-462f-411a-b541-1c85411baee2" ,
"relationship_type" : "included-in" ,
"timestamp" : "1554925266" ,
"uuid" : "5cae46d2-fe30-4231-943a-4034950d210f"
} ,
{
"comment" : "" ,
"object_uuid" : "8ac82864-35d9-4232-ad60-e3e6fab47b66" ,
"referenced_uuid" : "2c3e7740-a7bc-46d7-bed6-5da54b4327f0" ,
"relationship_type" : "included-in" ,
"timestamp" : "1554925266" ,
"uuid" : "5cae46d2-2db0-4578-98b2-457c950d210f"
}
] ,
"Attribute" : [
{
"category" : "Payload delivery" ,
"comment" : "" ,
"deleted" : false ,
"disable_correlation" : true ,
"object_relation" : "internal-filename" ,
"timestamp" : "1554925257" ,
"to_ids" : true ,
"type" : "filename" ,
"uuid" : "fc6bee65-86ef-4b9a-bcab-2b0f747905e9" ,
"value" : "rdpproto.dll"
} ,
{
"category" : "Payload delivery" ,
"comment" : "" ,
"deleted" : false ,
"disable_correlation" : true ,
"object_relation" : "original-filename" ,
"timestamp" : "1554925257" ,
"to_ids" : true ,
"type" : "filename" ,
"uuid" : "f51687f0-f966-4811-9bf9-5ca2f6f882e4" ,
"value" : "rdpproto.dll"
} ,
{
"category" : "Other" ,
"comment" : "" ,
"deleted" : false ,
"disable_correlation" : true ,
"object_relation" : "number-sections" ,
"timestamp" : "1554925257" ,
"to_ids" : false ,
"type" : "counter" ,
"uuid" : "02955ebf-1632-4981-a7ab-39ed4f14fc73" ,
"value" : "7"
}
]
} ,
{
"comment" : "" ,
"deleted" : false ,
"description" : "File object describing a file with meta-information" ,
"meta-category" : "file" ,
"name" : "file" ,
"template_uuid" : "688c46fb-5edb-40a3-8273-1af7923e2215" ,
"template_version" : "16" ,
"timestamp" : "1555061896" ,
"uuid" : "02f5bf02-c1ac-4142-be6b-978554a19a90" ,
"ObjectReference" : [
{
"comment" : "" ,
"object_uuid" : "02f5bf02-c1ac-4142-be6b-978554a19a90" ,
"referenced_uuid" : "8ac82864-35d9-4232-ad60-e3e6fab47b66" ,
"relationship_type" : "included-in" ,
"timestamp" : "1554925266" ,
"uuid" : "5cae46d2-6bc8-4126-b153-4d2d950d210f"
} ,
{
"comment" : "" ,
"object_uuid" : "02f5bf02-c1ac-4142-be6b-978554a19a90" ,
"referenced_uuid" : "6c10ee1b-a1c9-414d-92cc-8574decc8af4" ,
2023-04-21 13:25:09 +00:00
"relationship_type" : "dropped-by" ,
2023-12-14 14:30:15 +00:00
"timestamp" : "1554925266" ,
"uuid" : "5cae46d2-ea54-4c5b-8961-4f1d950d210f"
} ,
{
"comment" : "" ,
"object_uuid" : "02f5bf02-c1ac-4142-be6b-978554a19a90" ,
"referenced_uuid" : "dfa5812c-f91e-42b8-811d-718121a46fd9" ,
2023-04-21 13:25:09 +00:00
"relationship_type" : "connected-to" ,
2023-12-14 14:30:15 +00:00
"timestamp" : "1554925266" ,
"uuid" : "5cae46d2-d8d8-4c30-b9d4-457f950d210f"
} ,
{
"comment" : "" ,
"object_uuid" : "02f5bf02-c1ac-4142-be6b-978554a19a90" ,
"referenced_uuid" : "3d25e903-29f5-4b88-bf80-bd6bd8a9616b" ,
2023-04-21 13:25:09 +00:00
"relationship_type" : "connected-to" ,
2023-12-14 14:30:15 +00:00
"timestamp" : "1554925266" ,
"uuid" : "5cae46d2-3224-49e4-8aee-4fc1950d210f"
} ,
{
"comment" : "" ,
"object_uuid" : "02f5bf02-c1ac-4142-be6b-978554a19a90" ,
"referenced_uuid" : "93e7d27b-c857-4785-9eb2-3f1a21ab3ac3" ,
2023-04-21 13:25:09 +00:00
"relationship_type" : "connected-to" ,
2023-12-14 14:30:15 +00:00
"timestamp" : "1554925266" ,
"uuid" : "5cae46d2-d654-4cbe-9d40-4ded950d210f"
} ,
{
"comment" : "" ,
"object_uuid" : "02f5bf02-c1ac-4142-be6b-978554a19a90" ,
"referenced_uuid" : "aa8e532e-3b80-47e4-bb04-22d666a10bd7" ,
2023-04-21 13:25:09 +00:00
"relationship_type" : "connected-to" ,
2023-12-14 14:30:15 +00:00
"timestamp" : "1554925266" ,
"uuid" : "5cae46d2-0438-48d4-943d-4e31950d210f"
} ,
{
"comment" : "" ,
"object_uuid" : "02f5bf02-c1ac-4142-be6b-978554a19a90" ,
"referenced_uuid" : "0031ec2d-46ed-4835-93ef-e6b868a26e40" ,
2023-04-21 13:25:09 +00:00
"relationship_type" : "connected-to" ,
2023-12-14 14:30:15 +00:00
"timestamp" : "1554925266" ,
"uuid" : "5cae46d2-0db4-4962-a602-4526950d210f"
} ,
{
"comment" : "" ,
"object_uuid" : "02f5bf02-c1ac-4142-be6b-978554a19a90" ,
"referenced_uuid" : "378c38f0-377c-4626-949c-5eaa0a6367ae" ,
2023-04-21 13:25:09 +00:00
"relationship_type" : "connected-to" ,
2023-12-14 14:30:15 +00:00
"timestamp" : "1554925266" ,
"uuid" : "5cae46d2-7ed8-4f90-a00e-4a66950d210f"
} ,
{
"comment" : "" ,
"object_uuid" : "02f5bf02-c1ac-4142-be6b-978554a19a90" ,
"referenced_uuid" : "206ae99c-1cda-41e0-a81f-8e0e8c433156" ,
2023-04-21 13:25:09 +00:00
"relationship_type" : "connected-to" ,
2023-12-14 14:30:15 +00:00
"timestamp" : "1554925266" ,
"uuid" : "5cae46d2-14b4-4eb6-999a-4e2b950d210f"
} ,
{
"comment" : "" ,
"object_uuid" : "02f5bf02-c1ac-4142-be6b-978554a19a90" ,
"referenced_uuid" : "d959b41a-72bb-478a-b453-5dfac6fe0dc1" ,
2023-04-21 13:25:09 +00:00
"relationship_type" : "connected-to" ,
2023-12-14 14:30:15 +00:00
"timestamp" : "1554925266" ,
"uuid" : "5cae46d2-912c-4f3f-9f7a-416b950d210f"
} ,
{
"comment" : "" ,
"object_uuid" : "02f5bf02-c1ac-4142-be6b-978554a19a90" ,
"referenced_uuid" : "a7455d44-d858-472a-96ee-edea677be659" ,
2023-04-21 13:25:09 +00:00
"relationship_type" : "connected-to" ,
2023-12-14 14:30:15 +00:00
"timestamp" : "1554925266" ,
"uuid" : "5cae46d2-b150-433d-8001-4488950d210f"
} ,
{
"comment" : "" ,
"object_uuid" : "02f5bf02-c1ac-4142-be6b-978554a19a90" ,
"referenced_uuid" : "4fb3c39a-2c59-46d9-be12-028f54e577c9" ,
2023-04-21 13:25:09 +00:00
"relationship_type" : "connected-to" ,
2023-12-14 14:30:15 +00:00
"timestamp" : "1554925267" ,
"uuid" : "5cae46d3-0af4-4868-9bcc-4fd0950d210f"
} ,
{
"comment" : "" ,
"object_uuid" : "02f5bf02-c1ac-4142-be6b-978554a19a90" ,
"referenced_uuid" : "1c222ada-8f9b-4a30-9cb1-fc81cd47dee8" ,
2023-04-21 13:25:09 +00:00
"relationship_type" : "analysed-with" ,
2023-12-14 14:30:15 +00:00
"timestamp" : "1555061901" ,
"uuid" : "5cb05c8d-2ff8-40d9-b810-205c950d210f"
}
] ,
"Attribute" : [
{
"category" : "Payload delivery" ,
"comment" : "" ,
"deleted" : false ,
"disable_correlation" : false ,
"object_relation" : "md5" ,
"timestamp" : "1554925257" ,
"to_ids" : false ,
"type" : "md5" ,
"uuid" : "c5319927-f668-4bfa-be15-60044aee1f96" ,
"value" : "dc268b166fe4c1d1c8595dccf857c476"
} ,
{
"category" : "Payload delivery" ,
"comment" : "" ,
"deleted" : false ,
"disable_correlation" : false ,
"object_relation" : "sha1" ,
"timestamp" : "1554925257" ,
"to_ids" : false ,
"type" : "sha1" ,
"uuid" : "63346b0e-b2db-4d16-886c-4daa2b74269f" ,
"value" : "8264556c8a6e460760dc6bb72ecc6f0f966a16b8"
} ,
{
"category" : "Payload delivery" ,
"comment" : "" ,
"deleted" : false ,
"disable_correlation" : false ,
"object_relation" : "sha256" ,
"timestamp" : "1554925257" ,
"to_ids" : false ,
"type" : "sha256" ,
"uuid" : "519f1b51-9071-467b-976a-1ca1eace6d38" ,
"value" : "49757cf85657757704656c079785c072bbc233cab942418d99d1f63d43f28359"
} ,
{
"category" : "Payload delivery" ,
"comment" : "" ,
"deleted" : false ,
"disable_correlation" : false ,
"object_relation" : "sha512" ,
"timestamp" : "1554925257" ,
"to_ids" : false ,
"type" : "sha512" ,
"uuid" : "90f512fb-80e2-41ef-9aa1-6c40217773d9" ,
"value" : "b47c4caa0b5c17c982fcd040c7171d36ec962fe32e9b8bec567ee14b187507fe90e026aa05eec17d36c49a924eeaed55e66c95a111cfa9dcae0e305ab9515cac"
} ,
{
"category" : "Payload delivery" ,
"comment" : "" ,
"deleted" : false ,
"disable_correlation" : false ,
"object_relation" : "ssdeep" ,
"timestamp" : "1554925257" ,
"to_ids" : false ,
"type" : "ssdeep" ,
"uuid" : "c82e30a6-27e1-4df8-81b9-c16f50967298" ,
"value" : "6144:jfsTC8amAXJeZP6BPjIDeLkigDxcvAHjVXjhtBGshMLa1Mj7rtlkiP60dwtudIye:jvg+Rg1cvAHtE0MLa07rt5POui6"
} ,
{
"category" : "Payload delivery" ,
"comment" : "" ,
"deleted" : false ,
"disable_correlation" : true ,
"object_relation" : "filename" ,
"timestamp" : "1554925257" ,
"to_ids" : false ,
"type" : "filename" ,
"uuid" : "565eeaa1-a469-41ff-bec9-258eabcefa3c" ,
"value" : "rdpproto.dll"
} ,
{
"category" : "Other" ,
"comment" : "" ,
"deleted" : false ,
"disable_correlation" : true ,
"object_relation" : "size-in-bytes" ,
"timestamp" : "1554925257" ,
"to_ids" : false ,
"type" : "size-in-bytes" ,
"uuid" : "f4d7e926-6061-4557-9af1-b498c87fdb5f" ,
"value" : "391680"
} ,
{
"category" : "Other" ,
"comment" : "" ,
"deleted" : false ,
"disable_correlation" : true ,
"object_relation" : "entropy" ,
"timestamp" : "1554925257" ,
"to_ids" : false ,
"type" : "float" ,
"uuid" : "03002130-d985-472d-a528-9719d016feec" ,
"value" : "7.893665"
} ,
{
"category" : "Artifacts dropped" ,
"comment" : "" ,
"deleted" : false ,
"disable_correlation" : true ,
"object_relation" : "mimetype" ,
"timestamp" : "1554925257" ,
"to_ids" : false ,
"type" : "mime-type" ,
"uuid" : "ed42d50c-d0b6-4c3c-bdc7-fa1ecdb2f0ee" ,
"value" : "PE32+ executable (DLL) (console) x86-64, for MS Windows"
}
]
} ,
{
"comment" : "" ,
"deleted" : false ,
"description" : "Whois records information for a domain name or an IP address." ,
"meta-category" : "network" ,
"name" : "whois" ,
"template_uuid" : "429faea1-34ff-47af-8a00-7c62d3be5a6a" ,
"template_version" : "10" ,
"timestamp" : "1554925257" ,
"uuid" : "5e26a8e6-9554-46b4-9b95-e31d69198ea6" ,
"Attribute" : [
{
"category" : "Other" ,
"comment" : "" ,
"deleted" : false ,
"disable_correlation" : true ,
"object_relation" : "text" ,
"timestamp" : "1554925257" ,
"to_ids" : false ,
"type" : "text" ,
"uuid" : "06c3dfcd-ff56-433f-b0c4-f0d3f9267690" ,
"value" : "NetRange: 21.0.0.0 - 21.255.255.255\nCIDR: 21.0.0.0/8\nNetName: DNIC-SNET-021\nNetHandle: NET-21-0-0-0-1\nParent: ()\nNetType: Direct Allocation\nOriginAS: \nOrganization: DoD Network Information Center (DNIC)\nRegDate: 1991-06-30\nUpdated: 2009-06-19\nRef: https://whois.arin.net/rest/net/NET-21-0-0-0-1\n\n\nOrgName: DoD Network Information Center\nOrgId: DNIC\nAddress: 3990 E. Broad Street\nCity: Columbus\nStateProv: OH\nPostalCode: 43218\nCountry: US\nRegDate: \nUpdated: 2011-08-17\nRef: https://whois.arin.net/rest/org/DNIC"
}
]
} ,
{
"comment" : "" ,
"deleted" : false ,
"description" : "Whois records information for a domain name or an IP address." ,
"meta-category" : "network" ,
"name" : "whois" ,
"template_uuid" : "429faea1-34ff-47af-8a00-7c62d3be5a6a" ,
"template_version" : "10" ,
"timestamp" : "1554925257" ,
"uuid" : "f08a32dc-ddbc-4164-8f6d-a564d7a7e31c" ,
"Attribute" : [
{
"category" : "Other" ,
"comment" : "" ,
"deleted" : false ,
"disable_correlation" : true ,
"object_relation" : "text" ,
"timestamp" : "1554925257" ,
"to_ids" : false ,
"type" : "text" ,
"uuid" : "d29145ee-e6d4-42f3-a004-5fd763446416" ,
"value" : "Domain Name: AMERITECH.NET\n Registry Domain ID: 81816_DOMAIN_NET-VRSN\n Registrar WHOIS Server: whois.corporatedomains.com\n Registrar URL: http://www.cscglobal.com/global/web/csc/digital-brand-services.html\n Updated Date: 2017-06-09T05:27:34Z\n Creation Date: 1996-06-14T04:00:00Z\n Registry Expiry Date: 2018-06-13T04:00:00Z\n Registrar: CSC Corporate Domains, Inc.\n Registrar IANA ID: 299\n Registrar Abuse Contact Email: domainabuse@cscglobal.com\n Registrar Abuse Contact Phone: 8887802723\n Domain Status: clientTransferProhibited https://icann.org/epp#clientTransferProhibited\n Name Server: NS1.ATTDNS.COM\n Name Server: NS2.ATTDNS.COM\n Name Server: NS3.ATTDNS.COM\n Name Server: NS4.ATTDNS.COM\n DNSSEC: unsigned\n\nDomain Name: ameritech.net\nRegistry Domain ID: 81816_DOMAIN_NET-VRSN\nRegistrar WHOIS Server: whois.corporatedomains.com\nRegistrar URL: www.cscprotectsbrands.com\nUpdated Date: 2017-06-09T05:27:34Z\nCreation Date: 1996-06-14T04:00:00Z\nRegistrar Registration Expiration Date: 2018-06-13T04:00:00Z\nRegistrar: CSC CORPORATE DOMAINS, INC.\nRegistrar IANA ID: 299\nRegistrar Abuse Contact Email: domainabuse@cscglobal.com\nRegistrar Abuse Contact Phone: +1.8887802723\nDomain Status: clientTransferProhibited http://www.icann.org/epp#clientTransferProhibited\nRegistry Registrant ID: \nRegistrant Name: Domain Administrator\nRegistrant Organization: AT&T SERVICES, INC.\nRegistrant Street: 801 Chestnut Street\nRegistrant City: Saint Louis\nRegistrant State/Province: MO\nRegistrant Postal Code: 63101\nRegistrant Country: US\nRegistrant Phone: +1.3142358168\nRegistrant Phone Ext: \nRegistrant Fax: +1.3142358168\nRegistrant Fax Ext: \nRegistrant Email: att-domains@att.com\nRegistry Admin ID: \nAdmin Name: Domain Administrator\nAdmin Organization: AT&T SERVICES, INC.\nAdmin Street: 801 Chestnut Street\nAdmin City: Saint Louis\nAdmin State/Province: MO\nAdmin Postal Code: 63101\nAdmin Country: US\nAdmin Phone: +1.3142358168\nAdmin Phone Ext: \nAdmin Fax: +1.3142358168\nAdmin Fax Ext: \nAdmin Email: att-domains@att.com\nRegistry Tech ID: \nTech Name: Domain Administrator\nTech Organization: AT&T SERVICES, INC.\nTech Street: 801 Chestnut Street\nTech City: Saint Louis\nTech State/Province: MO\nTech Postal Code: 63101\nTech Country: US\nTech Phone: +1.3142358168\nTech Phone Ext: \nTech Fax: +1.3142358168\nTech Fax Ext: \nTech Email: att-domains@att.com\nName Server: ns3.attdns.com\nName Server: ns1.attdns.com\nName Server: ns2.attdns.com\nName Server: ns4.attdns.com\nDNSSEC: unsigned"
}
]
} ,
{
"comment" : "" ,
"deleted" : false ,
"description" : "Whois records information for a domain name or an IP address." ,
"meta-category" : "network" ,
"name" : "whois" ,
"template_uuid" : "429faea1-34ff-47af-8a00-7c62d3be5a6a" ,
"template_version" : "10" ,
"timestamp" : "1554925257" ,
"uuid" : "6e01219a-94b3-47e9-86c4-7f770ccb0fbb" ,
"Attribute" : [
{
"category" : "Other" ,
"comment" : "" ,
"deleted" : false ,
"disable_correlation" : true ,
"object_relation" : "text" ,
"timestamp" : "1554925257" ,
"to_ids" : false ,
"type" : "text" ,
"uuid" : "3c6983a5-708a-4dd9-ac00-19a783aeaf1b" ,
"value" : "inetnum: 113.112.0.0 - 113.119.255.255\nnetname: CHINANET-GD\ndescr: CHINANET Guangdong province network\ndescr: Data Communication Division\ndescr: China Telecom\ncountry: CN\nadmin-c: CH93-AP\ntech-c: IC83-AP\nremarks: service provider\nstatus: ALLOCATED PORTABLE\nmnt-by: APNIC-HM\nmnt-lower: MAINT-CHINANET-GD\nmnt-routes: MAINT-CHINANET-GD\nlast-modified: 2016-05-04T00:15:17Z\nsource: APNIC\nmnt-irt: IRT-CHINANET-CN\n\nirt: IRT-CHINANET-CN\naddress: No.31 ,jingrong street,beijing\naddress: 100032\ne-mail: anti-spam@ns.chinanet.cn.net\nabuse-mailbox: anti-spam@ns.chinanet.cn.net\nadmin-c: CH93-AP\ntech-c: CH93-AP\nauth: # Filtered\nmnt-by: MAINT-CHINANET\nlast-modified: 2010-11-15T00:31:55Z\nsource: APNIC\n\nperson: Chinanet Hostmaster\nnic-hdl: CH93-AP\ne-mail: anti-spam@ns.chinanet.cn.net\naddress: No.31 ,jingrong street,beijing\naddress: 100032\nphone: +86-10-58501724\nfax-no: +86-10-58501724\ncountry: CN\nmnt-by: MAINT-CHINANET\nlast-modified: 2014-02-27T03:37:38Z\nsource: APNIC\n\nperson: IPMASTER CHINANET-GD\nnic-hdl: IC83-AP\ne-mail: gdnoc_HLWI@189.cn\naddress: NO.18,RO. ZHONGSHANER,YUEXIU DISTRIC,GUANGZHOU\nphone: +86-20-87189274\nfax-no: +86-20-87189274\ncountry: CN\nmnt-by: MAINT-CHINANET-GD\nremarks: IPMASTER is not for spam complaint,please send spam complaint to abuse_gdnoc@189.cn\nabuse-mailbox: antispam_gdnoc@189.cn\nlast-modified: 2014-09-22T04:41:26Z\nsource: APNIC"
}
]
} ,
{
"comment" : "" ,
"deleted" : false ,
"description" : "Whois records information for a domain name or an IP address." ,
"meta-category" : "network" ,
"name" : "whois" ,
"template_uuid" : "429faea1-34ff-47af-8a00-7c62d3be5a6a" ,
"template_version" : "10" ,
"timestamp" : "1554925257" ,
"uuid" : "d3914c3e-70f1-4dc8-9748-009b973cacc2" ,
"Attribute" : [
{
"category" : "Other" ,
"comment" : "" ,
"deleted" : false ,
"disable_correlation" : true ,
"object_relation" : "text" ,
"timestamp" : "1554925257" ,
"to_ids" : false ,
"type" : "text" ,
"uuid" : "f4d8f03d-4796-49d5-858b-9e3ae235dc64" ,
"value" : "Domain Name: FRONTIERNET.NET\n Registry Domain ID: 4305589_DOMAIN_NET-VRSN\n Registrar WHOIS Server: whois.register.com\n Registrar URL: http://www.register.com\n Updated Date: 2017-09-14T07:53:05Z\n Creation Date: 1995-10-14T04:00:00Z\n Registry Expiry Date: 2018-10-13T04:00:00Z\n Registrar: Register.com, Inc.\n Registrar IANA ID: 9\n Registrar Abuse Contact Email: abuse@web.com\n Registrar Abuse Contact Phone: +1.8003337680\n Domain Status: clientTransferProhibited https://icann.org/epp#clientTransferProhibited\n Name Server: AUTH.DLLS.PA.FRONTIERNET.NET\n Name Server: AUTH.FRONTIERNET.NET\n Name Server: AUTH.LKVL.MN.FRONTIERNET.NET\n Name Server: AUTH.ROCH.NY.FRONTIERNET.NET\n DNSSEC: unsigned\n\nDomain Name: FRONTIERNET.NET\nRegistry Domain ID: 4305589_DOMAIN_NET-VRSN\nRegistrar WHOIS Server: whois.register.com\nRegistrar URL: www.register.com\nUpdated Date: 2017-09-14T00:53:05.00Z\nCreation Date: 1995-10-14T04:00:00.00Z\nRegistrar Registration Expiration Date: 2018-10-13T04:00:00.00Z\nRegistrar: REGISTER.COM, INC.\nRegistrar IANA ID: 9\nDomain Status: clientTransferProhibited https://www.icann.org/epp#clientTransferProhibited\nRegistry Registrant ID: \nRegistrant Name: FRONTIERNET HOSTMASTER\nRegistrant Organization: \nRegistrant Street: 95 N. FITZHUGH ST.\nRegistrant City: ROCHESTER\nRegistrant State/Province: NY\nRegistrant Postal Code: 14614-1212\nRegistrant Country: US\nRegistrant Phone: +1.8664747662\nRegistrant Phone Ext: \nRegistrant Fax: \nRegistrant Fax Ext:\nRegistrant Email: HOSTMASTER@FRONTIERNET.NET\nRegistry Admin ID: \nAdmin Name: FRONTIERNET HOSTMASTER\nAdmin Organization: \nAdmin Street: 95 N. FITZHUGH ST.\nAdmin City: ROCHESTER\nAdmin State/Province: NY\nAdmin Postal Code: 14614-1212\nAdmin Country: US\nAdmin Phone: +1.8664747662\nAdmin Phone Ext: \nAdmin Fax: \nAdmin Fax Ext:\nAdmin Email: HOSTMASTER@FRONTIERNET.NET\nRegistry Tech ID: \nTech Name: FRONTIERNET HOSTMASTER\nTech Organization: \nTech Street: 95 N. FITZHUGH ST.\nTech City: ROCHESTER\nTech State/Province: NY\nTech Postal Code: 14614-1212\nTech Country: US\nTech Phone: +1.8664747662\nTech Phone Ext: \nTech Fax: \nTech Fax Ext: \nTech Email: HOSTMASTER@FRONTIERNET.NET\nName Server: AUTH.DLLS.PA.FRONTIERNET.NET\nName Server: AUTH.FRONTIERNET.NET\nName Server: AUTH.LKVL.MN.FRONTIERNET.NET\nName Server: AUTH.ROCH.NY.FRONTIERNET.NET\nDNSSEC: unSigned"
}
]
} ,
{
"comment" : "" ,
"deleted" : false ,
"description" : "Whois records information for a domain name or an IP address." ,
"meta-category" : "network" ,
"name" : "whois" ,
"template_uuid" : "429faea1-34ff-47af-8a00-7c62d3be5a6a" ,
"template_version" : "10" ,
"timestamp" : "1554925257" ,
"uuid" : "b5d6f570-a5ec-4760-8d47-ae9c8d2533b6" ,
"Attribute" : [
{
"category" : "Other" ,
"comment" : "" ,
"deleted" : false ,
"disable_correlation" : true ,
"object_relation" : "text" ,
"timestamp" : "1554925257" ,
"to_ids" : false ,
"type" : "text" ,
"uuid" : "43efc76a-063e-402f-95b1-adda61922cc1" ,
"value" : "Domain Name: NEXTGENTEL.COM\n Registry Domain ID: 13395561_DOMAIN_COM-VRSN\n Registrar WHOIS Server: whois.domaininfo.com\n Registrar URL: http://www.ports.domains\n Updated Date: 2017-11-10T23:44:50Z\n Creation Date: 1999-11-17T15:47:51Z\n Registry Expiry Date: 2018-11-17T15:47:51Z\n Registrar: Ports Group AB\n Registrar IANA ID: 73\n Registrar Abuse Contact Email: abuse@portsgroup.se\n Registrar Abuse Contact Phone: +46.707260017\n Domain Status: clientTransferProhibited https://icann.org/epp#clientTransferProhibited\n Name Server: ANYADNS1.NEXTGENTEL.NET\n Name Server: ANYADNS2.NEXTGENTEL.NET\n DNSSEC: unsigned\n\nDomain Name: nextgentel.com\nRegistry Domain ID: 13395561_DOMAIN_COM-VRSN\nRegistrar WHOIS Server: whois.domaininfo.com\nRegistrar URL: ports.domains\nUpdated Date: 2017-11-10T23:44:50Z\nCreation Date: 1999-11-17T15:47:51Z\nRegistrar Registration Expiration Date: 2018-11-17T15:47:51Z\nRegistrar: PortsGroup AB\nRegistrar IANA ID: 73\nRegistrar Abuse Contact Email: abuse@portsgroup.se\nRegistrar Abuse Contact Phone: +46.317202000\nDomain Status: clientTransferProhibited https://icann.org/epp#clientTransferProhibited\nRegistry Registrant ID: \nRegistrant Name: Hostmaster\nRegistrant Organization: NextGenTel AS\nRegistrant Street: Sandslimarka 31\nRegistrant City: SANDSLI\nRegistrant State/Province: \nRegistrant Postal Code: 5254\nRegistrant Country: NO\nRegistrant Phone: +47.55527900\nRegistrant Fax: +47.55527910\nRegistrant Email: hostmaster@nextgentel.com\nRegistry Admin ID: \nAdmin Name: Hostmaster\nAdmin Organization: NextGenTel AS\nAdmin Street: Sandslimarka 31\nAdmin City: Sandsli\nAdmin State/Province: \nAdmin Postal Code: 5254\nAdmin Country: NO\nAdmin Phone: +47.55527900\nAdmin Fax: +47.55527910\nAdmin Email: hostmaster@nextgentel.com\nRegistry Tech ID: \nTech Name: Hostmaster v/ Eivind Olsen\nTech Organization: NextGenTel AS\nTech Street: Postboks 3 Sandsli\nTech City: Bergen\nTech State/Province: \nTech Postal Code: 5861\nTech Country: NO\nTech Phone: +47.41649322\nTech Fax: +47.55527910\nTech Email: hostmaster@nextgentel.com\nName Server: ANYADNS1.NEXTGENTEL.NET\nName Server: ANYADNS2.NEXTGENTEL.NET\nDNSSEC: unsigned"
}
]
} ,
{
"comment" : "" ,
"deleted" : false ,
"description" : "Whois records information for a domain name or an IP address." ,
"meta-category" : "network" ,
"name" : "whois" ,
"template_uuid" : "429faea1-34ff-47af-8a00-7c62d3be5a6a" ,
"template_version" : "10" ,
"timestamp" : "1554925257" ,
"uuid" : "2ba66826-3848-41e9-a0b0-18433680ff80" ,
"Attribute" : [
{
"category" : "Other" ,
"comment" : "" ,
"deleted" : false ,
"disable_correlation" : true ,
"object_relation" : "text" ,
"timestamp" : "1554925257" ,
"to_ids" : false ,
"type" : "text" ,
"uuid" : "7f7c6c2b-9522-48cb-8251-4ebdc47299a4" ,
"value" : "NetRange: 26.0.0.0 - 26.255.255.255\nCIDR: 26.0.0.0/8\nNetName: DISANET26\nNetHandle: NET-26-0-0-0-1\nParent: ()\nNetType: Direct Allocation\nOriginAS: \nOrganization: DoD Network Information Center (DNIC)\nRegDate: 1995-04-30\nUpdated: 2009-06-19\nRef: https://whois.arin.net/rest/net/NET-26-0-0-0-1\n\n\nOrgName: DoD Network Information Center\nOrgId: DNIC\nAddress: 3990 E. Broad Street\nCity: Columbus\nStateProv: OH\nPostalCode: 43218\nCountry: US\nRegDate: \nUpdated: 2011-08-17\nRef: https://whois.arin.net/rest/org/DNIC\n\n\nOrgTechHandle: MIL-HSTMST-ARIN\nOrgTechName: Network DoD\nOrgTechPhone: +1-844-347-2457 \nOrgTechEmail: disa.columbus.ns.mbx.hostmaster-dod-nic@mail.mil\nOrgTechRef: https://whois.arin.net/rest/poc/MIL-HSTMST-ARIN\n\nOrgAbuseHandle: REGIS10-ARIN\nOrgAbuseName: Registration\nOrgAbusePhone: +1-844-347-2457 \nOrgAbuseEmail: disa.columbus.ns.mbx.arin-registrations@mail.mil\nOrgAbuseRef: https://whois.arin.net/rest/poc/REGIS10-ARIN\n\nOrgTechHandle: REGIS10-ARIN\nOrgTechName: Registration\nOrgTechPhone: +1-844-347-2457 \nOrgTechEmail: disa.columbus.ns.mbx.arin-registrations@mail.mil\nOrgTechRef: https://whois.arin.net/rest/poc/REGIS10-ARIN"
}
]
} ,
{
"comment" : "" ,
"deleted" : false ,
"description" : "Whois records information for a domain name or an IP address." ,
"meta-category" : "network" ,
"name" : "whois" ,
"template_uuid" : "429faea1-34ff-47af-8a00-7c62d3be5a6a" ,
"template_version" : "10" ,
"timestamp" : "1554925257" ,
"uuid" : "955a399e-186e-4973-b937-eac9a78c3caa" ,
"Attribute" : [
{
"category" : "Other" ,
"comment" : "" ,
"deleted" : false ,
"disable_correlation" : true ,
"object_relation" : "text" ,
"timestamp" : "1554925257" ,
"to_ids" : false ,
"type" : "text" ,
"uuid" : "7f35fda5-8e4e-4ce1-b8ee-8b13d75f5361" ,
"value" : "NetRange: 137.139.0.0 - 137.139.255.255\nCIDR: 137.139.0.0/16\nNetName: SUC-OLDWEST\nNetHandle: NET-137-139-0-0-1\nParent: NET137 (NET-137-0-0-0-0)\nNetType: Direct Assignment\nOriginAS: \nOrganization: SUNY College at Old Westbury (SCAOW)\nRegDate: 1989-11-29\nUpdated: 2014-02-18\nRef: https://whois.arin.net/rest/net/NET-137-139-0-0-1\n\n\nOrgName: SUNY College at Old Westbury\nOrgId: SCAOW\nAddress: 223 Store Hill Road\nCity: Old Westbury\nStateProv: NY\nPostalCode: 11568\nCountry: US\nRegDate: 1989-11-29\nUpdated: 2011-09-24\nRef: https://whois.arin.net/rest/org/SCAOW\n\n\nOrgTechHandle: SUNYO-ARIN\nOrgTechName: SUNYOWNOC\nOrgTechPhone: +1-516-876-3379 \nOrgTechEmail: sunyownoc@oldwestbury.edu\nOrgTechRef: https://whois.arin.net/rest/poc/SUNYO-ARIN\n\nOrgAbuseHandle: SUNYO-ARIN\nOrgAbuseName: SUNYOWNOC\nOrgAbusePhone: +1-516-876-3379 \nOrgAbuseEmail: sunyownoc@oldwestbury.edu\nOrgAbuseRef: https://whois.arin.net/rest/poc/SUNYO-ARIN\n\nRAbuseHandle: SUNYO-ARIN\nRAbuseName: SUNYOWNOC\nRAbusePhone: +1-516-876-3379 \nRAbuseEmail: sunyownoc@oldwestbury.edu\nRAbuseRef: https://whois.arin.net/rest/poc/SUNYO-ARIN\n\nRTechHandle: SUNYO-ARIN\nRTechName: SUNYOWNOC\nRTechPhone: +1-516-876-3379 \nRTechEmail: sunyownoc@oldwestbury.edu\nRTechRef: https://whois.arin.net/rest/poc/SUNYO-ARIN\n\nRNOCHandle: SUNYO-ARIN\nRNOCName: SUNYOWNOC\nRNOCPhone: +1-516-876-3379 \nRNOCEmail: sunyownoc@oldwestbury.edu\nRNOCRef: https://whois.arin.net/rest/poc/SUNYO-ARIN"
}
]
} ,
{
"comment" : "" ,
"deleted" : false ,
"description" : "Whois records information for a domain name or an IP address." ,
"meta-category" : "network" ,
"name" : "whois" ,
"template_uuid" : "429faea1-34ff-47af-8a00-7c62d3be5a6a" ,
"template_version" : "10" ,
"timestamp" : "1554925257" ,
"uuid" : "a5e80ae2-c3ea-4d96-ae64-9e67bb8823b8" ,
"Attribute" : [
{
"category" : "Other" ,
"comment" : "" ,
"deleted" : false ,
"disable_correlation" : true ,
"object_relation" : "text" ,
"timestamp" : "1554925257" ,
"to_ids" : false ,
"type" : "text" ,
"uuid" : "8d02a0d2-c5f2-4f89-83fc-fd5998ef9bc4" ,
"value" : "Domain Name: CHARTER.COM\n Registry Domain ID: 340223_DOMAIN_COM-VRSN\n Registrar WHOIS Server: whois.markmonitor.com\n Registrar URL: http://www.markmonitor.com\n Updated Date: 2017-07-03T04:22:18Z\n Creation Date: 1994-07-30T04:00:00Z\n Registry Expiry Date: 2019-07-29T04:00:00Z\n Registrar: MarkMonitor Inc.\n Registrar IANA ID: 292\n Registrar Abuse Contact Email: abusecomplaints@markmonitor.com\n Registrar Abuse Contact Phone: +1.2083895740\n Domain Status: clientDeleteProhibited https://icann.org/epp#clientDeleteProhibited\n Domain Status: clientTransferProhibited https://icann.org/epp#clientTransferProhibited\n Domain Status: clientUpdateProhibited https://icann.org/epp#clientUpdateProhibited\n Name Server: NS1.CHARTER.COM\n Name Server: NS2.CHARTER.COM\n Name Server: NS3.CHARTER.COM\n Name Server: NS4.CHARTER.COM\n DNSSEC: unsigned\n\nDomain Name: charter.com\nRegistry Domain ID: 340223_DOMAIN_COM-VRSN\nRegistrar WHOIS Server: whois.markmonitor.com\nRegistrar URL: http://www.markmonitor.com\nUpdated Date: 2017-12-18T04:00:14-0800\nCreation Date: 1994-07-29T21:00:00-0700\nRegistrar Registration Expiration Date: 2019-07-28T21:00:00-0700\nRegistrar: MarkMonitor, Inc.\nRegistrar IANA ID: 292\nRegistrar Abuse Contact Email: abusecomplaints@markmonitor.com\nRegistrar Abuse Contact Phone: +1.2083895740\nDomain Status: clientUpdateProhibited (https://www.icann.org/epp#clientUpdateProhibited)\nDomain Status: clientTransferProhibited (https://www.icann.org/epp#clientTransferProhibited)\nDomain Status: clientDeleteProhibited (https://www.icann.org/epp#clientDeleteProhibited)\nRegistry Registrant ID: \nRegistrant Name: Domain Admin\nRegistrant Organization: Charter Communications Operating, LLC\nRegistrant Street: 12405 Powerscourt Drive, \nRegistrant City: Saint Louis\nRegistrant State/Province: MO\nRegistrant Postal Code: 63131\nRegistrant Country: US\nRegistrant Phone: +1.3149650555\nRegistrant Phone Ext: \nRegistrant Fax: +1.9064010617\nRegistrant Fax Ext: \nRegistrant Email: hostmaster@charter.com\nRegistry Admin ID: \nAdmin Name: Domain Admin\nAdmin Organization: Charter Communications Operating, LLC\nAdmin Street: 12405 Powerscourt Drive, \nAdmin City: Saint Louis\nAdmin State/Province: MO\nAdmin Postal Code: 63131\nAdmin Country: US\nAdmin Phone: +1.3149650555\nAdmin Phone Ext: \nAdmin Fax: +1.9064010617\nAdmin Fax Ext: \nAdmin Email: hostmaster@charter.com\nRegistry Tech ID: \nTech Name: Charter Communications Internet Security and Abuse\nTech Organization: Charter Communications Operating, LLC\nTech Street: 12405 Powerscourt Drive, \nTech City: Saint Louis\nTech State/Province: MO\nTech Postal Code: 63131\nTech Country: US\nTech Phone: +1.3142883111\nTech Phone Ext: \nTech Fax: +1.3149090609\nTech Fax Ext: \nTech Email: abuse@charter.net\nName Server: ns4.charter.com\nName Server: ns3.charter.com\nName Server: ns1.charter.com\nName Server: ns2.charter.com\nDNSSEC: unsigned"
}
]
} ,
{
"comment" : "" ,
"deleted" : false ,
"description" : "Whois records information for a domain name or an IP address." ,
"meta-category" : "network" ,
"name" : "whois" ,
"template_uuid" : "429faea1-34ff-47af-8a00-7c62d3be5a6a" ,
"template_version" : "10" ,
"timestamp" : "1554925257" ,
"uuid" : "476563e7-aac9-4a76-b8d8-c33020d34baf" ,
"Attribute" : [
{
"category" : "Other" ,
"comment" : "" ,
"deleted" : false ,
"disable_correlation" : true ,
"object_relation" : "text" ,
"timestamp" : "1554925258" ,
"to_ids" : false ,
"type" : "text" ,
"uuid" : "29d96991-79d7-4b7d-a669-091ccc08a7cd" ,
"value" : "Domain Name: UCI.EDU\n\nRegistrant:\n University of California, Irvine\n 6366 Ayala Science Library\n Irvine, CA 92697-1175\n UNITED STATES\n\nAdministrative Contact:\n Con Wieland\n University of California, Irvine\n Office of Information Technology\n 6366 Ayala Science Library\n Irvine, CA 92697-1175\n UNITED STATES\n (949) 824-2222\n oit-nsp@uci.edu\n\nTechnical Contact:\n Con Wieland\n University of California, Irvine\n Office of Information Technology\n 6366 Ayala Science Library\n Irvine, CA 92697-1175\n UNITED STATES\n (949) 824-2222\n oit-nsp@uci.edu\n\nName Servers: \n NS4.SERVICE.UCI.EDU 128.200.59.190\n NS5.SERVICE.UCI.EDU 52.26.131.47\n\nDomain record activated: 30-Sep-1985\nDomain record last updated: 07-Jul-2016\nDomain expires: 31-Jul-2018"
}
]
} ,
{
"comment" : "" ,
"deleted" : false ,
"description" : "Whois records information for a domain name or an IP address." ,
"meta-category" : "network" ,
"name" : "whois" ,
"template_uuid" : "429faea1-34ff-47af-8a00-7c62d3be5a6a" ,
"template_version" : "10" ,
"timestamp" : "1554925258" ,
"uuid" : "5053da1b-c011-42ca-b739-3cf3d1a9e05e" ,
"Attribute" : [
{
"category" : "Other" ,
"comment" : "" ,
"deleted" : false ,
"disable_correlation" : true ,
"object_relation" : "text" ,
"timestamp" : "1554925258" ,
"to_ids" : false ,
"type" : "text" ,
"uuid" : "eb87ff45-c8bd-4a00-943a-933c59fd836b" ,
"value" : "inetnum: 186.168/15\nstatus: allocated\naut-num: N/A\nowner: COLOMBIA TELECOMUNICACIONES S.A. ESP\nownerid: CO-CTSE-LACNIC\nresponsible: Administradores Internet\naddress: Transversal 60, 114, A 55\naddress: N - BOGOTA - Cu\ncountry: CO\nphone: +57 1 5339833 []\nowner-c: CTE7\ntech-c: CTE7\nabuse-c: CTE7\ninetrev: 186.169/16\nnserver: DNS5.TELECOM.COM.CO \nnsstat: 20171220 AA\nnslastaa: 20171220\nnserver: DNS.TELECOM.COM.CO \nnsstat: 20171220 AA\nnslastaa: 20171220\ncreated: 20110404\nchanged: 20141111\n\nnic-hdl: CTE7\nperson: Grupo de Administradores Internet\ne-mail: admin.internet@TELECOM.COM.CO\naddress: Transversal, 60, 114 A, 55\naddress: 571111 - BOGOTA DC - CU\ncountry: CO\nphone: +57 1 7050000 [71360]\ncreated: 20140220\nchanged: 20140220"
}
]
} ,
{
"comment" : "" ,
"deleted" : false ,
"description" : "Object describing a section of a Portable Executable" ,
"meta-category" : "file" ,
"name" : "pe-section" ,
"template_uuid" : "198a17d2-a135-4b25-9a32-5aa4e632014a" ,
"template_version" : "2" ,
"timestamp" : "1554925258" ,
"uuid" : "8e875ae8-911f-4dcd-b7bb-8a9072d3644e" ,
"Attribute" : [
{
"category" : "Other" ,
"comment" : "" ,
"deleted" : false ,
"disable_correlation" : true ,
"object_relation" : "entropy" ,
"timestamp" : "1554925258" ,
"to_ids" : false ,
"type" : "float" ,
"uuid" : "2ecc3fc2-c6cf-4b52-9363-9c39b33928ff" ,
"value" : "2.628651"
} ,
{
"category" : "Payload delivery" ,
"comment" : "" ,
"deleted" : false ,
"disable_correlation" : false ,
"object_relation" : "md5" ,
"timestamp" : "1554925258" ,
"to_ids" : true ,
"type" : "md5" ,
"uuid" : "563ab654-eb9d-4c19-94ea-b0b7f774ebcb" ,
"value" : "40d66d1a2f846d7c3bf291c604c9fca3"
} ,
{
"category" : "Other" ,
"comment" : "" ,
"deleted" : false ,
"disable_correlation" : true ,
"object_relation" : "size-in-bytes" ,
"timestamp" : "1554925258" ,
"to_ids" : false ,
"type" : "size-in-bytes" ,
"uuid" : "8ac6a441-1e36-4d9a-894e-3cf3f5332c97" ,
"value" : "1024"
}
]
} ,
{
"comment" : "" ,
"deleted" : false ,
"description" : "Object describing a section of a Portable Executable" ,
"meta-category" : "file" ,
"name" : "pe-section" ,
"template_uuid" : "198a17d2-a135-4b25-9a32-5aa4e632014a" ,
"template_version" : "2" ,
"timestamp" : "1554925258" ,
"uuid" : "f4844fcb-3d68-4d09-8bbb-7619a0942846" ,
"Attribute" : [
{
"category" : "Payload delivery" ,
"comment" : "" ,
"deleted" : false ,
"disable_correlation" : false ,
"object_relation" : "md5" ,
"timestamp" : "1554925258" ,
"to_ids" : true ,
"type" : "md5" ,
"uuid" : "a4ab07b8-96f9-4084-97f2-9b7345af7ef5" ,
"value" : "d061ffec6721133c433386c96520bc55"
} ,
{
"category" : "Other" ,
"comment" : "" ,
"deleted" : false ,
"disable_correlation" : true ,
"object_relation" : "entropy" ,
"timestamp" : "1554925258" ,
"to_ids" : false ,
"type" : "float" ,
"uuid" : "93b3e0f4-a3d4-4020-8575-a13ab52c5119" ,
"value" : "5.999734"
} ,
{
"category" : "Other" ,
"comment" : "" ,
"deleted" : false ,
"disable_correlation" : true ,
"object_relation" : "name" ,
"timestamp" : "1554925258" ,
"to_ids" : false ,
"type" : "text" ,
"uuid" : "0a7b1c24-9d95-4f16-aacd-418ef62ed999" ,
"value" : ".text"
} ,
{
"category" : "Other" ,
"comment" : "" ,
"deleted" : false ,
"disable_correlation" : true ,
"object_relation" : "size-in-bytes" ,
"timestamp" : "1554925258" ,
"to_ids" : false ,
"type" : "size-in-bytes" ,
"uuid" : "fcadb683-a76d-4312-a5e1-6dc74687ddea" ,
"value" : "284160"
}
]
} ,
{
"comment" : "" ,
"deleted" : false ,
"description" : "Object describing a section of a Portable Executable" ,
"meta-category" : "file" ,
"name" : "pe-section" ,
"template_uuid" : "198a17d2-a135-4b25-9a32-5aa4e632014a" ,
"template_version" : "2" ,
"timestamp" : "1554925258" ,
"uuid" : "8da40bf6-a137-4af6-b7d2-4a6fec51aecd" ,
"Attribute" : [
{
"category" : "Payload delivery" ,
"comment" : "" ,
"deleted" : false ,
"disable_correlation" : false ,
"object_relation" : "md5" ,
"timestamp" : "1554925259" ,
"to_ids" : true ,
"type" : "md5" ,
"uuid" : "e1d6425e-ea48-4ae1-a60a-1f2cfe667de7" ,
"value" : "cbbc6550dcbdcaf012bdbf758a377779"
} ,
{
"category" : "Other" ,
"comment" : "" ,
"deleted" : false ,
"disable_correlation" : true ,
"object_relation" : "entropy" ,
"timestamp" : "1554925259" ,
"to_ids" : false ,
"type" : "float" ,
"uuid" : "844ade24-22b9-4573-a4f7-762db4dafa74" ,
"value" : "5.789426"
} ,
{
"category" : "Other" ,
"comment" : "" ,
"deleted" : false ,
"disable_correlation" : true ,
"object_relation" : "name" ,
"timestamp" : "1554925259" ,
"to_ids" : false ,
"type" : "text" ,
"uuid" : "895270ad-3f06-4b36-a994-d1c35f4ac2f2" ,
"value" : ".rdata"
} ,
{
"category" : "Other" ,
"comment" : "" ,
"deleted" : false ,
"disable_correlation" : true ,
"object_relation" : "size-in-bytes" ,
"timestamp" : "1554925259" ,
"to_ids" : false ,
"type" : "size-in-bytes" ,
"uuid" : "0af1ce03-ad1c-4fbd-ab39-178c0fe622fa" ,
"value" : "38912"
}
]
} ,
{
"comment" : "" ,
"deleted" : false ,
"description" : "Object describing a section of a Portable Executable" ,
"meta-category" : "file" ,
"name" : "pe-section" ,
"template_uuid" : "198a17d2-a135-4b25-9a32-5aa4e632014a" ,
"template_version" : "2" ,
"timestamp" : "1554925259" ,
"uuid" : "6f0934e5-279f-4bd3-93e1-b881f5c59504" ,
"Attribute" : [
{
"category" : "Payload delivery" ,
"comment" : "" ,
"deleted" : false ,
"disable_correlation" : false ,
"object_relation" : "md5" ,
"timestamp" : "1554925259" ,
"to_ids" : true ,
"type" : "md5" ,
"uuid" : "07c0c5d4-576b-4e71-8de4-1b8ac6de8207" ,
"value" : "c83bcaab05056d5b84fc609f41eed210"
} ,
{
"category" : "Other" ,
"comment" : "" ,
"deleted" : false ,
"disable_correlation" : true ,
"object_relation" : "entropy" ,
"timestamp" : "1554925259" ,
"to_ids" : false ,
"type" : "float" ,
"uuid" : "69a184b6-4076-4fff-a3ff-5d1b902c2f23" ,
"value" : "3.105496"
} ,
{
"category" : "Other" ,
"comment" : "" ,
"deleted" : false ,
"disable_correlation" : true ,
"object_relation" : "name" ,
"timestamp" : "1554925259" ,
"to_ids" : false ,
"type" : "text" ,
"uuid" : "3fe5fa7d-004c-4a10-be99-64cd94fbbb52" ,
"value" : ".data"
} ,
{
"category" : "Other" ,
"comment" : "" ,
"deleted" : false ,
"disable_correlation" : true ,
"object_relation" : "size-in-bytes" ,
"timestamp" : "1554925259" ,
"to_ids" : false ,
"type" : "size-in-bytes" ,
"uuid" : "0b76128c-6581-41a8-9735-400bfcf05401" ,
"value" : "7680"
}
]
} ,
{
"comment" : "" ,
"deleted" : false ,
"description" : "Object describing a section of a Portable Executable" ,
"meta-category" : "file" ,
"name" : "pe-section" ,
"template_uuid" : "198a17d2-a135-4b25-9a32-5aa4e632014a" ,
"template_version" : "2" ,
"timestamp" : "1554925259" ,
"uuid" : "11f10ac7-5b61-4363-bd6a-59ac0b8fcc9e" ,
"Attribute" : [
{
"category" : "Payload delivery" ,
"comment" : "" ,
"deleted" : false ,
"disable_correlation" : false ,
"object_relation" : "md5" ,
"timestamp" : "1554925259" ,
"to_ids" : true ,
"type" : "md5" ,
"uuid" : "07a02acc-d3c4-4306-a3fa-8e36d31996f4" ,
"value" : "b9fc36206883aa1902566b5d01c27473"
} ,
{
"category" : "Other" ,
"comment" : "" ,
"deleted" : false ,
"disable_correlation" : true ,
"object_relation" : "entropy" ,
"timestamp" : "1554925259" ,
"to_ids" : false ,
"type" : "float" ,
"uuid" : "a09e668c-24aa-440f-ae05-685d59ecfb43" ,
"value" : "5.319307"
} ,
{
"category" : "Other" ,
"comment" : "" ,
"deleted" : false ,
"disable_correlation" : true ,
"object_relation" : "name" ,
"timestamp" : "1554925259" ,
"to_ids" : false ,
"type" : "text" ,
"uuid" : "10921a52-79ef-4432-87e6-f33b55588ff8" ,
"value" : ".pdata"
} ,
{
"category" : "Other" ,
"comment" : "" ,
"deleted" : false ,
"disable_correlation" : true ,
"object_relation" : "size-in-bytes" ,
"timestamp" : "1554925259" ,
"to_ids" : false ,
"type" : "size-in-bytes" ,
"uuid" : "3fd44ca1-7d53-446b-b261-df018a620fb0" ,
"value" : "8704"
}
]
} ,
{
"comment" : "" ,
"deleted" : false ,
"description" : "Object describing a section of a Portable Executable" ,
"meta-category" : "file" ,
"name" : "pe-section" ,
"template_uuid" : "198a17d2-a135-4b25-9a32-5aa4e632014a" ,
"template_version" : "2" ,
"timestamp" : "1554925259" ,
"uuid" : "1b766990-d382-462f-a49c-1f5c53715ed4" ,
"Attribute" : [
{
"category" : "Payload delivery" ,
"comment" : "" ,
"deleted" : false ,
"disable_correlation" : false ,
"object_relation" : "md5" ,
"timestamp" : "1554925259" ,
"to_ids" : true ,
"type" : "md5" ,
"uuid" : "93a4f8d0-362b-4044-98cc-688f8601efd4" ,
"value" : "1c1d46056b4cb4627a5f92112b7e09f7"
} ,
{
"category" : "Other" ,
"comment" : "" ,
"deleted" : false ,
"disable_correlation" : true ,
"object_relation" : "entropy" ,
"timestamp" : "1554925259" ,
"to_ids" : false ,
"type" : "float" ,
"uuid" : "ad08798d-2954-4bb0-95bc-72d35355bcbe" ,
"value" : "5.608168"
} ,
{
"category" : "Other" ,
"comment" : "" ,
"deleted" : false ,
"disable_correlation" : true ,
"object_relation" : "name" ,
"timestamp" : "1554925259" ,
"to_ids" : false ,
"type" : "text" ,
"uuid" : "bd3d6eeb-cc89-4470-adcf-10adcf41ce62" ,
"value" : ".rsrc"
} ,
{
"category" : "Other" ,
"comment" : "" ,
"deleted" : false ,
"disable_correlation" : true ,
"object_relation" : "size-in-bytes" ,
"timestamp" : "1554925259" ,
"to_ids" : false ,
"type" : "size-in-bytes" ,
"uuid" : "a4033d18-8a40-488e-86fd-b1bb3374ef7c" ,
"value" : "4096"
}
]
} ,
{
"comment" : "" ,
"deleted" : false ,
"description" : "Object describing a section of a Portable Executable" ,
"meta-category" : "file" ,
"name" : "pe-section" ,
"template_uuid" : "198a17d2-a135-4b25-9a32-5aa4e632014a" ,
"template_version" : "2" ,
"timestamp" : "1554925259" ,
"uuid" : "eb73eb8b-04c4-4e27-b803-b60d56347fec" ,
"Attribute" : [
{
"category" : "Payload delivery" ,
"comment" : "" ,
"deleted" : false ,
"disable_correlation" : false ,
"object_relation" : "md5" ,
"timestamp" : "1554925259" ,
"to_ids" : true ,
"type" : "md5" ,
"uuid" : "aca886e2-51f8-4835-9211-f22190c5b67c" ,
"value" : "3baedaa3d6b6d6dc9fb0ec4f5c3b007c"
} ,
{
"category" : "Other" ,
"comment" : "" ,
"deleted" : false ,
"disable_correlation" : true ,
"object_relation" : "entropy" ,
"timestamp" : "1554925259" ,
"to_ids" : false ,
"type" : "float" ,
"uuid" : "958a5c3d-aa8d-4777-b150-2baffe03db3b" ,
"value" : "2.331154"
} ,
{
"category" : "Other" ,
"comment" : "" ,
"deleted" : false ,
"disable_correlation" : true ,
"object_relation" : "name" ,
"timestamp" : "1554925259" ,
"to_ids" : false ,
"type" : "text" ,
"uuid" : "59065f07-43bc-439b-93f0-979fb6753c5b" ,
"value" : ".reloc"
} ,
{
"category" : "Other" ,
"comment" : "" ,
"deleted" : false ,
"disable_correlation" : true ,
"object_relation" : "size-in-bytes" ,
"timestamp" : "1554925259" ,
"to_ids" : false ,
"type" : "size-in-bytes" ,
"uuid" : "6edf96a2-b96d-4757-9f8c-ece9fd724147" ,
"value" : "2048"
}
]
} ,
{
"comment" : "" ,
"deleted" : false ,
"description" : "Object describing a Portable Executable" ,
"meta-category" : "file" ,
"name" : "pe" ,
"template_uuid" : "cf7adecc-d4f0-4e88-9d90-f978ee151a07" ,
"template_version" : "3" ,
"timestamp" : "1554925259" ,
"uuid" : "c2881aa4-04fd-45b9-922b-93273fd2f4a7" ,
"ObjectReference" : [
{
"comment" : "" ,
"object_uuid" : "c2881aa4-04fd-45b9-922b-93273fd2f4a7" ,
"referenced_uuid" : "8e875ae8-911f-4dcd-b7bb-8a9072d3644e" ,
"relationship_type" : "header-of" ,
"timestamp" : "1554925267" ,
"uuid" : "5cae46d3-4da0-443b-a7a8-4bae950d210f"
} ,
{
"comment" : "" ,
"object_uuid" : "c2881aa4-04fd-45b9-922b-93273fd2f4a7" ,
"referenced_uuid" : "f4844fcb-3d68-4d09-8bbb-7619a0942846" ,
"relationship_type" : "included-in" ,
"timestamp" : "1554925267" ,
"uuid" : "5cae46d3-99c8-4650-9e73-4f4f950d210f"
} ,
{
"comment" : "" ,
"object_uuid" : "c2881aa4-04fd-45b9-922b-93273fd2f4a7" ,
"referenced_uuid" : "8da40bf6-a137-4af6-b7d2-4a6fec51aecd" ,
"relationship_type" : "included-in" ,
"timestamp" : "1554925267" ,
"uuid" : "5cae46d3-ed5c-46db-b28a-4eb4950d210f"
} ,
{
"comment" : "" ,
"object_uuid" : "c2881aa4-04fd-45b9-922b-93273fd2f4a7" ,
"referenced_uuid" : "6f0934e5-279f-4bd3-93e1-b881f5c59504" ,
"relationship_type" : "included-in" ,
"timestamp" : "1554925267" ,
"uuid" : "5cae46d3-2980-4567-baf4-45ab950d210f"
} ,
{
"comment" : "" ,
"object_uuid" : "c2881aa4-04fd-45b9-922b-93273fd2f4a7" ,
"referenced_uuid" : "11f10ac7-5b61-4363-bd6a-59ac0b8fcc9e" ,
"relationship_type" : "included-in" ,
"timestamp" : "1554925267" ,
"uuid" : "5cae46d3-eb5c-4db9-b9e5-41b0950d210f"
} ,
{
"comment" : "" ,
"object_uuid" : "c2881aa4-04fd-45b9-922b-93273fd2f4a7" ,
"referenced_uuid" : "1b766990-d382-462f-a49c-1f5c53715ed4" ,
"relationship_type" : "included-in" ,
"timestamp" : "1554925267" ,
"uuid" : "5cae46d3-6a2c-4d2f-a6a6-4740950d210f"
} ,
{
"comment" : "" ,
"object_uuid" : "c2881aa4-04fd-45b9-922b-93273fd2f4a7" ,
"referenced_uuid" : "eb73eb8b-04c4-4e27-b803-b60d56347fec" ,
"relationship_type" : "included-in" ,
"timestamp" : "1554925267" ,
"uuid" : "5cae46d3-0e18-4d94-95d6-403a950d210f"
}
] ,
"Attribute" : [
{
"category" : "Payload delivery" ,
"comment" : "" ,
"deleted" : false ,
"disable_correlation" : true ,
"object_relation" : "internal-filename" ,
"timestamp" : "1554925259" ,
"to_ids" : true ,
"type" : "filename" ,
"uuid" : "8cbd08d1-3bf4-41ec-b2d5-e63f763ed4ba" ,
"value" : "42682D4A78FE5C2EDA988185A344637D"
} ,
{
"category" : "Payload delivery" ,
"comment" : "" ,
"deleted" : false ,
"disable_correlation" : true ,
"object_relation" : "original-filename" ,
"timestamp" : "1554925259" ,
"to_ids" : true ,
"type" : "filename" ,
"uuid" : "ce0be99a-072c-406b-8514-c4a77a601ba2" ,
"value" : "42682D4A78FE5C2EDA988185A344637D"
} ,
{
"category" : "Other" ,
"comment" : "" ,
"deleted" : false ,
"disable_correlation" : true ,
"object_relation" : "number-sections" ,
"timestamp" : "1554925259" ,
"to_ids" : false ,
"type" : "counter" ,
"uuid" : "6417335b-0590-4a9b-b12b-ab5b4f61950a" ,
"value" : "7"
}
]
} ,
{
"comment" : "" ,
"deleted" : false ,
"description" : "File object describing a file with meta-information" ,
"meta-category" : "file" ,
"name" : "file" ,
"template_uuid" : "688c46fb-5edb-40a3-8273-1af7923e2215" ,
"template_version" : "16" ,
"timestamp" : "1555061896" ,
"uuid" : "d090d7bd-5ff5-4f00-be49-c6d7436144d2" ,
"ObjectReference" : [
{
"comment" : "" ,
"object_uuid" : "d090d7bd-5ff5-4f00-be49-c6d7436144d2" ,
"referenced_uuid" : "c2881aa4-04fd-45b9-922b-93273fd2f4a7" ,
"relationship_type" : "included-in" ,
"timestamp" : "1554925267" ,
"uuid" : "5cae46d3-7190-41dd-a8fa-4ab7950d210f"
} ,
{
"comment" : "" ,
"object_uuid" : "d090d7bd-5ff5-4f00-be49-c6d7436144d2" ,
"referenced_uuid" : "dfa5812c-f91e-42b8-811d-718121a46fd9" ,
2023-04-21 13:25:09 +00:00
"relationship_type" : "connected-to" ,
2023-12-14 14:30:15 +00:00
"timestamp" : "1554925267" ,
"uuid" : "5cae46d3-32e4-4de3-b0f2-4d37950d210f"
} ,
{
"comment" : "" ,
"object_uuid" : "d090d7bd-5ff5-4f00-be49-c6d7436144d2" ,
"referenced_uuid" : "3d25e903-29f5-4b88-bf80-bd6bd8a9616b" ,
2023-04-21 13:25:09 +00:00
"relationship_type" : "connected-to" ,
2023-12-14 14:30:15 +00:00
"timestamp" : "1554925267" ,
"uuid" : "5cae46d3-efac-43ed-9f39-4634950d210f"
} ,
{
"comment" : "" ,
"object_uuid" : "d090d7bd-5ff5-4f00-be49-c6d7436144d2" ,
"referenced_uuid" : "93e7d27b-c857-4785-9eb2-3f1a21ab3ac3" ,
2023-04-21 13:25:09 +00:00
"relationship_type" : "connected-to" ,
2023-12-14 14:30:15 +00:00
"timestamp" : "1554925268" ,
"uuid" : "5cae46d4-8174-4631-9998-4f52950d210f"
} ,
{
"comment" : "" ,
"object_uuid" : "d090d7bd-5ff5-4f00-be49-c6d7436144d2" ,
"referenced_uuid" : "aa8e532e-3b80-47e4-bb04-22d666a10bd7" ,
2023-04-21 13:25:09 +00:00
"relationship_type" : "connected-to" ,
2023-12-14 14:30:15 +00:00
"timestamp" : "1554925268" ,
"uuid" : "5cae46d4-6570-4aa0-a093-4981950d210f"
} ,
{
"comment" : "" ,
"object_uuid" : "d090d7bd-5ff5-4f00-be49-c6d7436144d2" ,
"referenced_uuid" : "0031ec2d-46ed-4835-93ef-e6b868a26e40" ,
2023-04-21 13:25:09 +00:00
"relationship_type" : "connected-to" ,
2023-12-14 14:30:15 +00:00
"timestamp" : "1554925268" ,
"uuid" : "5cae46d4-f978-4e03-991e-45ab950d210f"
} ,
{
"comment" : "" ,
"object_uuid" : "d090d7bd-5ff5-4f00-be49-c6d7436144d2" ,
"referenced_uuid" : "378c38f0-377c-4626-949c-5eaa0a6367ae" ,
2023-04-21 13:25:09 +00:00
"relationship_type" : "connected-to" ,
2023-12-14 14:30:15 +00:00
"timestamp" : "1554925268" ,
"uuid" : "5cae46d4-42a0-4c91-b427-4caf950d210f"
} ,
{
"comment" : "" ,
"object_uuid" : "d090d7bd-5ff5-4f00-be49-c6d7436144d2" ,
"referenced_uuid" : "206ae99c-1cda-41e0-a81f-8e0e8c433156" ,
2023-04-21 13:25:09 +00:00
"relationship_type" : "connected-to" ,
2023-12-14 14:30:15 +00:00
"timestamp" : "1554925268" ,
"uuid" : "5cae46d4-1208-4e01-b1be-43df950d210f"
} ,
{
"comment" : "" ,
"object_uuid" : "d090d7bd-5ff5-4f00-be49-c6d7436144d2" ,
"referenced_uuid" : "d959b41a-72bb-478a-b453-5dfac6fe0dc1" ,
2023-04-21 13:25:09 +00:00
"relationship_type" : "connected-to" ,
2023-12-14 14:30:15 +00:00
"timestamp" : "1554925268" ,
"uuid" : "5cae46d4-f114-491f-9ff8-4a55950d210f"
} ,
{
"comment" : "" ,
"object_uuid" : "d090d7bd-5ff5-4f00-be49-c6d7436144d2" ,
"referenced_uuid" : "a7455d44-d858-472a-96ee-edea677be659" ,
2023-04-21 13:25:09 +00:00
"relationship_type" : "connected-to" ,
2023-12-14 14:30:15 +00:00
"timestamp" : "1554925268" ,
"uuid" : "5cae46d4-d77c-461c-8c13-4132950d210f"
} ,
{
"comment" : "" ,
"object_uuid" : "d090d7bd-5ff5-4f00-be49-c6d7436144d2" ,
"referenced_uuid" : "4fb3c39a-2c59-46d9-be12-028f54e577c9" ,
2023-04-21 13:25:09 +00:00
"relationship_type" : "connected-to" ,
2023-12-14 14:30:15 +00:00
"timestamp" : "1554925268" ,
"uuid" : "5cae46d4-adf4-420e-b7c0-44ae950d210f"
} ,
{
"comment" : "" ,
"object_uuid" : "d090d7bd-5ff5-4f00-be49-c6d7436144d2" ,
"referenced_uuid" : "c6acfd6b-0a6a-40cc-8f76-c2fdf02f41d9" ,
2023-04-21 13:25:09 +00:00
"relationship_type" : "analysed-with" ,
2023-12-14 14:30:15 +00:00
"timestamp" : "1555061901" ,
"uuid" : "5cb05c8d-8164-4192-bce3-205c950d210f"
}
] ,
"Attribute" : [
{
"category" : "Payload delivery" ,
"comment" : "" ,
"deleted" : false ,
"disable_correlation" : false ,
"object_relation" : "md5" ,
"timestamp" : "1554925259" ,
"to_ids" : false ,
"type" : "md5" ,
"uuid" : "8a712e0a-5e8d-4b3b-a662-2cd14260bd93" ,
"value" : "42682d4a78fe5c2eda988185a344637d"
} ,
{
"category" : "Payload delivery" ,
"comment" : "" ,
"deleted" : false ,
"disable_correlation" : false ,
"object_relation" : "sha1" ,
"timestamp" : "1554925259" ,
"to_ids" : false ,
"type" : "sha1" ,
"uuid" : "7cf6b73b-3029-461a-aee4-29013ff75bbf" ,
"value" : "4975de2be0a1f7202037f5a504d738fe512191b7"
} ,
{
"category" : "Payload delivery" ,
"comment" : "" ,
"deleted" : false ,
"disable_correlation" : false ,
"object_relation" : "sha256" ,
"timestamp" : "1554925259" ,
"to_ids" : false ,
"type" : "sha256" ,
"uuid" : "18049549-17de-42b5-ad8c-ba8048db392c" ,
"value" : "4a74a9fd40b63218f7504f806fce71dffefc1b1d6ca4bbaadd720b6a89d47761"
} ,
{
"category" : "Payload delivery" ,
"comment" : "" ,
"deleted" : false ,
"disable_correlation" : false ,
"object_relation" : "sha512" ,
"timestamp" : "1554925259" ,
"to_ids" : false ,
"type" : "sha512" ,
"uuid" : "31f50370-4a96-4793-ba38-5bf3467d3325" ,
"value" : "213e4a0afbfac0bd884ab262ac87aee7d9a175cff56ba11aa4c75a4feb6a96c5e4e2c26adbe765f637c783df7552a56e4781a3b17be5fda2cf7894e58eb873ec"
} ,
{
"category" : "Payload delivery" ,
"comment" : "" ,
"deleted" : false ,
"disable_correlation" : false ,
"object_relation" : "ssdeep" ,
"timestamp" : "1554925259" ,
"to_ids" : false ,
"type" : "ssdeep" ,
"uuid" : "0104d30b-2632-4ad0-aa8b-0625383bde49" ,
"value" : "6144:nCgsFAkxS1rrtZQXTip12P04nTnvze6lxjWV346vze6lpjWV34Evze6lSjWV34a7:nCgsukxS1vtZ+5nvze6lxjWV346vze6N"
} ,
{
"category" : "Payload delivery" ,
"comment" : "" ,
"deleted" : false ,
"disable_correlation" : true ,
"object_relation" : "filename" ,
"timestamp" : "1554925259" ,
"to_ids" : false ,
"type" : "filename" ,
"uuid" : "227fa328-700a-4e3c-9119-588c192486e2" ,
"value" : "42682D4A78FE5C2EDA988185A344637D"
} ,
{
"category" : "Other" ,
"comment" : "" ,
"deleted" : false ,
"disable_correlation" : true ,
"object_relation" : "size-in-bytes" ,
"timestamp" : "1554925259" ,
"to_ids" : false ,
"type" : "size-in-bytes" ,
"uuid" : "69dd5e48-5a24-47a0-83c0-7a01d5b24543" ,
"value" : "346624"
} ,
{
"category" : "Other" ,
"comment" : "" ,
"deleted" : false ,
"disable_correlation" : true ,
"object_relation" : "entropy" ,
"timestamp" : "1554925259" ,
"to_ids" : false ,
"type" : "float" ,
"uuid" : "9107e919-b160-46e9-b3fb-525521fc263e" ,
"value" : "6.10281"
} ,
{
"category" : "Artifacts dropped" ,
"comment" : "" ,
"deleted" : false ,
"disable_correlation" : true ,
"object_relation" : "mimetype" ,
"timestamp" : "1554925259" ,
"to_ids" : false ,
"type" : "mime-type" ,
"uuid" : "1a8e0e9d-57ea-4c70-84ed-295507df09aa" ,
"value" : "PE32+ executable (DLL) (console) x86-64, for MS Windows"
}
]
} ,
{
"comment" : "" ,
"deleted" : false ,
"description" : "Object describing a section of a Portable Executable" ,
"meta-category" : "file" ,
"name" : "pe-section" ,
"template_uuid" : "198a17d2-a135-4b25-9a32-5aa4e632014a" ,
"template_version" : "2" ,
"timestamp" : "1554925259" ,
"uuid" : "0145ba7f-231a-4fd8-aba1-438b70fae9fa" ,
"Attribute" : [
{
"category" : "Other" ,
"comment" : "" ,
"deleted" : false ,
"disable_correlation" : true ,
"object_relation" : "entropy" ,
"timestamp" : "1554925259" ,
"to_ids" : false ,
"type" : "float" ,
"uuid" : "db437369-40d5-4e00-b6ed-1b9982d76ca8" ,
"value" : "2.790421"
} ,
{
"category" : "Payload delivery" ,
"comment" : "" ,
"deleted" : false ,
"disable_correlation" : false ,
"object_relation" : "md5" ,
"timestamp" : "1554925259" ,
"to_ids" : true ,
"type" : "md5" ,
"uuid" : "65391001-38d1-49da-a085-fe8d94fac44c" ,
"value" : "83ec15e3cf335f784144db4208b328c9"
} ,
{
"category" : "Other" ,
"comment" : "" ,
"deleted" : false ,
"disable_correlation" : true ,
"object_relation" : "size-in-bytes" ,
"timestamp" : "1554925259" ,
"to_ids" : false ,
"type" : "size-in-bytes" ,
"uuid" : "94fb4869-9255-4e12-b8ae-73b14e8c0bdf" ,
"value" : "1024"
}
]
} ,
{
"comment" : "" ,
"deleted" : false ,
"description" : "Object describing a section of a Portable Executable" ,
"meta-category" : "file" ,
"name" : "pe-section" ,
"template_uuid" : "198a17d2-a135-4b25-9a32-5aa4e632014a" ,
"template_version" : "2" ,
"timestamp" : "1554925259" ,
"uuid" : "f20d5f20-e19c-49e3-a2e0-d47a0e0b499e" ,
"Attribute" : [
{
"category" : "Payload delivery" ,
"comment" : "" ,
"deleted" : false ,
"disable_correlation" : false ,
"object_relation" : "md5" ,
"timestamp" : "1554925259" ,
"to_ids" : true ,
"type" : "md5" ,
"uuid" : "85966b57-2605-4b90-8185-1f067b403afb" ,
"value" : "036c57e89ea3a6afa819c242c5816b70"
} ,
{
"category" : "Other" ,
"comment" : "" ,
"deleted" : false ,
"disable_correlation" : true ,
"object_relation" : "entropy" ,
"timestamp" : "1554925259" ,
"to_ids" : false ,
"type" : "float" ,
"uuid" : "5048c911-a599-4242-8e80-643ed510c239" ,
"value" : "5.688491"
} ,
{
"category" : "Other" ,
"comment" : "" ,
"deleted" : false ,
"disable_correlation" : true ,
"object_relation" : "name" ,
"timestamp" : "1554925259" ,
"to_ids" : false ,
"type" : "text" ,
"uuid" : "e1e462b9-3697-4156-b7ff-92def9365b19" ,
"value" : ".text"
} ,
{
"category" : "Other" ,
"comment" : "" ,
"deleted" : false ,
"disable_correlation" : true ,
"object_relation" : "size-in-bytes" ,
"timestamp" : "1554925259" ,
"to_ids" : false ,
"type" : "size-in-bytes" ,
"uuid" : "0146e69e-8919-4bd2-9673-5a00b9eed22e" ,
"value" : "206848"
}
]
} ,
{
"comment" : "" ,
"deleted" : false ,
"description" : "Object describing a section of a Portable Executable" ,
"meta-category" : "file" ,
"name" : "pe-section" ,
"template_uuid" : "198a17d2-a135-4b25-9a32-5aa4e632014a" ,
"template_version" : "2" ,
"timestamp" : "1554925259" ,
"uuid" : "542776ab-dc9a-49f5-8504-4201f4eb85f7" ,
"Attribute" : [
{
"category" : "Payload delivery" ,
"comment" : "" ,
"deleted" : false ,
"disable_correlation" : false ,
"object_relation" : "md5" ,
"timestamp" : "1554925260" ,
"to_ids" : true ,
"type" : "md5" ,
"uuid" : "5e1aa619-0ba2-46bc-9477-fa14a9b12a8e" ,
"value" : "4812d2f39e9a8ae569370d423ba31344"
} ,
{
"category" : "Other" ,
"comment" : "" ,
"deleted" : false ,
"disable_correlation" : true ,
"object_relation" : "entropy" ,
"timestamp" : "1554925260" ,
"to_ids" : false ,
"type" : "float" ,
"uuid" : "0068ee23-e6cb-455c-ac4e-fc2a134bdbc4" ,
"value" : "6.000116"
} ,
{
"category" : "Other" ,
"comment" : "" ,
"deleted" : false ,
"disable_correlation" : true ,
"object_relation" : "name" ,
"timestamp" : "1554925260" ,
"to_ids" : false ,
"type" : "text" ,
"uuid" : "1eb93258-18d5-49bc-87d8-49083789e777" ,
"value" : ".rdata"
} ,
{
"category" : "Other" ,
"comment" : "" ,
"deleted" : false ,
"disable_correlation" : true ,
"object_relation" : "size-in-bytes" ,
"timestamp" : "1554925260" ,
"to_ids" : false ,
"type" : "size-in-bytes" ,
"uuid" : "8f7dfe97-825a-48b1-82db-7f24295e739b" ,
"value" : "26112"
}
]
} ,
{
"comment" : "" ,
"deleted" : false ,
"description" : "Object describing a section of a Portable Executable" ,
"meta-category" : "file" ,
"name" : "pe-section" ,
"template_uuid" : "198a17d2-a135-4b25-9a32-5aa4e632014a" ,
"template_version" : "2" ,
"timestamp" : "1554925260" ,
"uuid" : "001f3b62-1dc5-46b7-a5d1-0d172470284f" ,
"Attribute" : [
{
"category" : "Payload delivery" ,
"comment" : "" ,
"deleted" : false ,
"disable_correlation" : false ,
"object_relation" : "md5" ,
"timestamp" : "1554925260" ,
"to_ids" : true ,
"type" : "md5" ,
"uuid" : "1a677867-4ba8-4281-a03b-6e4d45e2285e" ,
"value" : "cb41e8f63b7c22c401a0634cb4fe1909"
} ,
{
"category" : "Other" ,
"comment" : "" ,
"deleted" : false ,
"disable_correlation" : true ,
"object_relation" : "entropy" ,
"timestamp" : "1554925260" ,
"to_ids" : false ,
"type" : "float" ,
"uuid" : "30879ef1-7c9a-460e-8ad8-b6c0644c831b" ,
"value" : "4.748331"
} ,
{
"category" : "Other" ,
"comment" : "" ,
"deleted" : false ,
"disable_correlation" : true ,
"object_relation" : "name" ,
"timestamp" : "1554925260" ,
"to_ids" : false ,
"type" : "text" ,
"uuid" : "2d888451-fc78-444a-a4cc-24e8b0a28d44" ,
"value" : ".data"
} ,
{
"category" : "Other" ,
"comment" : "" ,
"deleted" : false ,
"disable_correlation" : true ,
"object_relation" : "size-in-bytes" ,
"timestamp" : "1554925260" ,
"to_ids" : false ,
"type" : "size-in-bytes" ,
"uuid" : "86c1f0d6-d21b-4d7f-b657-fd1754ebcf48" ,
"value" : "2048"
}
]
} ,
{
"comment" : "" ,
"deleted" : false ,
"description" : "Object describing a section of a Portable Executable" ,
"meta-category" : "file" ,
"name" : "pe-section" ,
"template_uuid" : "198a17d2-a135-4b25-9a32-5aa4e632014a" ,
"template_version" : "2" ,
"timestamp" : "1554925260" ,
"uuid" : "b144f1bb-4a25-4b2f-9e73-640f10889fec" ,
"Attribute" : [
{
"category" : "Payload delivery" ,
"comment" : "" ,
"deleted" : false ,
"disable_correlation" : false ,
"object_relation" : "md5" ,
"timestamp" : "1554925260" ,
"to_ids" : true ,
"type" : "md5" ,
"uuid" : "554acd1f-4c9c-4c1d-99af-58b7493522d9" ,
"value" : "3cc7651747904bfe94ed18f44354a706"
} ,
{
"category" : "Other" ,
"comment" : "" ,
"deleted" : false ,
"disable_correlation" : true ,
"object_relation" : "entropy" ,
"timestamp" : "1554925260" ,
"to_ids" : false ,
"type" : "float" ,
"uuid" : "485f0bf4-7faf-4d96-b4ee-d871ef6c3f62" ,
"value" : "4.962073"
} ,
{
"category" : "Other" ,
"comment" : "" ,
"deleted" : false ,
"disable_correlation" : true ,
"object_relation" : "name" ,
"timestamp" : "1554925260" ,
"to_ids" : false ,
"type" : "text" ,
"uuid" : "120e916d-363b-4ffe-851d-ee9818ded5e1" ,
"value" : ".pdata"
} ,
{
"category" : "Other" ,
"comment" : "" ,
"deleted" : false ,
"disable_correlation" : true ,
"object_relation" : "size-in-bytes" ,
"timestamp" : "1554925260" ,
"to_ids" : false ,
"type" : "size-in-bytes" ,
"uuid" : "33b99c6d-6c65-4304-b196-797a6db2e55f" ,
"value" : "5120"
}
]
} ,
{
"comment" : "" ,
"deleted" : false ,
"description" : "Object describing a section of a Portable Executable" ,
"meta-category" : "file" ,
"name" : "pe-section" ,
"template_uuid" : "198a17d2-a135-4b25-9a32-5aa4e632014a" ,
"template_version" : "2" ,
"timestamp" : "1554925260" ,
"uuid" : "06738787-de97-4d46-b799-b0492c57d3e5" ,
"Attribute" : [
{
"category" : "Payload delivery" ,
"comment" : "" ,
"deleted" : false ,
"disable_correlation" : false ,
"object_relation" : "md5" ,
"timestamp" : "1554925260" ,
"to_ids" : true ,
"type" : "md5" ,
"uuid" : "1c3aec0a-33b8-47a0-a9a5-5dc05b30c9fb" ,
"value" : "9e92c54604ea67e76210c3c914e9608c"
} ,
{
"category" : "Other" ,
"comment" : "" ,
"deleted" : false ,
"disable_correlation" : true ,
"object_relation" : "entropy" ,
"timestamp" : "1554925260" ,
"to_ids" : false ,
"type" : "float" ,
"uuid" : "a2cf0031-d02f-4fa8-b812-7998b837a54f" ,
"value" : "5.606351"
} ,
{
"category" : "Other" ,
"comment" : "" ,
"deleted" : false ,
"disable_correlation" : true ,
"object_relation" : "name" ,
"timestamp" : "1554925260" ,
"to_ids" : false ,
"type" : "text" ,
"uuid" : "a9255c91-81cc-4d09-8a49-5f6e45a73929" ,
"value" : ".rsrc"
} ,
{
"category" : "Other" ,
"comment" : "" ,
"deleted" : false ,
"disable_correlation" : true ,
"object_relation" : "size-in-bytes" ,
"timestamp" : "1554925260" ,
"to_ids" : false ,
"type" : "size-in-bytes" ,
"uuid" : "a3f1fa7f-70b9-45f4-8426-c15950f11c34" ,
"value" : "4096"
}
]
} ,
{
"comment" : "" ,
"deleted" : false ,
"description" : "Object describing a section of a Portable Executable" ,
"meta-category" : "file" ,
"name" : "pe-section" ,
"template_uuid" : "198a17d2-a135-4b25-9a32-5aa4e632014a" ,
"template_version" : "2" ,
"timestamp" : "1554925260" ,
"uuid" : "6cd4ce4a-6876-4fc6-a865-3a078c3f63e8" ,
"Attribute" : [
{
"category" : "Payload delivery" ,
"comment" : "" ,
"deleted" : false ,
"disable_correlation" : false ,
"object_relation" : "md5" ,
"timestamp" : "1554925260" ,
"to_ids" : true ,
"type" : "md5" ,
"uuid" : "88fadd04-362b-4da3-945c-46123d71b107" ,
"value" : "71dcfb1ec7257ee58dcc20cafb0be691"
} ,
{
"category" : "Other" ,
"comment" : "" ,
"deleted" : false ,
"disable_correlation" : true ,
"object_relation" : "entropy" ,
"timestamp" : "1554925260" ,
"to_ids" : false ,
"type" : "float" ,
"uuid" : "32113860-4289-480d-86df-f54d932dc94d" ,
"value" : "0.673424"
} ,
{
"category" : "Other" ,
"comment" : "" ,
"deleted" : false ,
"disable_correlation" : true ,
"object_relation" : "name" ,
"timestamp" : "1554925260" ,
"to_ids" : false ,
"type" : "text" ,
"uuid" : "20ce954c-9c3a-4f34-8beb-17efb4536d2e" ,
"value" : ".reloc"
} ,
{
"category" : "Other" ,
"comment" : "" ,
"deleted" : false ,
"disable_correlation" : true ,
"object_relation" : "size-in-bytes" ,
"timestamp" : "1554925260" ,
"to_ids" : false ,
"type" : "size-in-bytes" ,
"uuid" : "dd0b1837-0a06-4993-9788-d3ed36dd6202" ,
"value" : "512"
}
]
} ,
{
"comment" : "" ,
"deleted" : false ,
"description" : "Object describing a Portable Executable" ,
"meta-category" : "file" ,
"name" : "pe" ,
"template_uuid" : "cf7adecc-d4f0-4e88-9d90-f978ee151a07" ,
"template_version" : "3" ,
"timestamp" : "1554925260" ,
"uuid" : "ab715c6a-5b26-4280-a328-6d748e83e680" ,
"ObjectReference" : [
{
"comment" : "" ,
"object_uuid" : "ab715c6a-5b26-4280-a328-6d748e83e680" ,
"referenced_uuid" : "0145ba7f-231a-4fd8-aba1-438b70fae9fa" ,
"relationship_type" : "header-of" ,
"timestamp" : "1554925268" ,
"uuid" : "5cae46d4-5f2c-453a-af14-4348950d210f"
} ,
{
"comment" : "" ,
"object_uuid" : "ab715c6a-5b26-4280-a328-6d748e83e680" ,
"referenced_uuid" : "f20d5f20-e19c-49e3-a2e0-d47a0e0b499e" ,
"relationship_type" : "included-in" ,
"timestamp" : "1554925268" ,
"uuid" : "5cae46d4-f8f0-4964-b6d9-4d83950d210f"
} ,
{
"comment" : "" ,
"object_uuid" : "ab715c6a-5b26-4280-a328-6d748e83e680" ,
"referenced_uuid" : "542776ab-dc9a-49f5-8504-4201f4eb85f7" ,
"relationship_type" : "included-in" ,
"timestamp" : "1554925268" ,
"uuid" : "5cae46d4-2ed4-4496-bc95-4dc9950d210f"
} ,
{
"comment" : "" ,
"object_uuid" : "ab715c6a-5b26-4280-a328-6d748e83e680" ,
"referenced_uuid" : "001f3b62-1dc5-46b7-a5d1-0d172470284f" ,
"relationship_type" : "included-in" ,
"timestamp" : "1554925269" ,
"uuid" : "5cae46d5-d9a8-4600-9222-4504950d210f"
} ,
{
"comment" : "" ,
"object_uuid" : "ab715c6a-5b26-4280-a328-6d748e83e680" ,
"referenced_uuid" : "b144f1bb-4a25-4b2f-9e73-640f10889fec" ,
"relationship_type" : "included-in" ,
"timestamp" : "1554925269" ,
"uuid" : "5cae46d5-418c-4f54-bd2e-462e950d210f"
} ,
{
"comment" : "" ,
"object_uuid" : "ab715c6a-5b26-4280-a328-6d748e83e680" ,
"referenced_uuid" : "06738787-de97-4d46-b799-b0492c57d3e5" ,
"relationship_type" : "included-in" ,
"timestamp" : "1554925269" ,
"uuid" : "5cae46d5-6708-4ae7-9b54-4c88950d210f"
} ,
{
"comment" : "" ,
"object_uuid" : "ab715c6a-5b26-4280-a328-6d748e83e680" ,
"referenced_uuid" : "6cd4ce4a-6876-4fc6-a865-3a078c3f63e8" ,
"relationship_type" : "included-in" ,
"timestamp" : "1554925269" ,
"uuid" : "5cae46d5-2414-4874-b6fb-448e950d210f"
}
] ,
"Attribute" : [
{
"category" : "Payload delivery" ,
"comment" : "" ,
"deleted" : false ,
"disable_correlation" : true ,
"object_relation" : "internal-filename" ,
"timestamp" : "1554925260" ,
"to_ids" : true ,
"type" : "filename" ,
"uuid" : "e87bd78d-e4fb-440e-94ff-f9a344a46f0d" ,
"value" : "3021B9EF74c&BDDF59656A035F94FD08"
} ,
{
"category" : "Payload delivery" ,
"comment" : "" ,
"deleted" : false ,
"disable_correlation" : true ,
"object_relation" : "original-filename" ,
"timestamp" : "1554925260" ,
"to_ids" : true ,
"type" : "filename" ,
"uuid" : "8a4242ec-a929-4953-a347-1546cedc5256" ,
"value" : "3021B9EF74c&BDDF59656A035F94FD08"
} ,
{
"category" : "Other" ,
"comment" : "" ,
"deleted" : false ,
"disable_correlation" : true ,
"object_relation" : "number-sections" ,
"timestamp" : "1554925260" ,
"to_ids" : false ,
"type" : "counter" ,
"uuid" : "3281e960-6ec5-4829-80e2-ad0ef59b5e65" ,
"value" : "7"
}
]
} ,
{
"comment" : "" ,
"deleted" : false ,
"description" : "File object describing a file with meta-information" ,
"meta-category" : "file" ,
"name" : "file" ,
"template_uuid" : "688c46fb-5edb-40a3-8273-1af7923e2215" ,
"template_version" : "16" ,
"timestamp" : "1555061896" ,
"uuid" : "454b39cf-332b-4236-8015-6d343c883f40" ,
"ObjectReference" : [
{
"comment" : "" ,
"object_uuid" : "454b39cf-332b-4236-8015-6d343c883f40" ,
"referenced_uuid" : "ab715c6a-5b26-4280-a328-6d748e83e680" ,
"relationship_type" : "included-in" ,
"timestamp" : "1554925269" ,
"uuid" : "5cae46d5-7e4c-4dcf-a0f1-4989950d210f"
} ,
{
"comment" : "" ,
"object_uuid" : "454b39cf-332b-4236-8015-6d343c883f40" ,
"referenced_uuid" : "5e64eddb-9dc7-4976-9c08-4884f931c92e" ,
2023-04-21 13:25:09 +00:00
"relationship_type" : "connected-to" ,
2023-12-14 14:30:15 +00:00
"timestamp" : "1554925269" ,
"uuid" : "5cae46d5-b8fc-42de-b698-4bc2950d210f"
} ,
{
"comment" : "" ,
"object_uuid" : "454b39cf-332b-4236-8015-6d343c883f40" ,
"referenced_uuid" : "ae92ce2a-cac9-4284-8ce9-641e2a6d948b" ,
2023-04-21 13:25:09 +00:00
"relationship_type" : "analysed-with" ,
2023-12-14 14:30:15 +00:00
"timestamp" : "1555061901" ,
"uuid" : "5cb05c8d-feb4-453b-b905-205c950d210f"
}
] ,
"Attribute" : [
{
"category" : "Payload delivery" ,
"comment" : "" ,
"deleted" : false ,
"disable_correlation" : false ,
"object_relation" : "md5" ,
"timestamp" : "1554925260" ,
"to_ids" : false ,
"type" : "md5" ,
"uuid" : "a0031063-4e6c-4694-8aaa-2535d55b161b" ,
"value" : "3021b9ef74c7bddf59656a035f94fd08"
} ,
{
"category" : "Payload delivery" ,
"comment" : "" ,
"deleted" : false ,
"disable_correlation" : false ,
"object_relation" : "sha1" ,
"timestamp" : "1554925260" ,
"to_ids" : false ,
"type" : "sha1" ,
"uuid" : "feb25b80-c568-4dcd-9dab-3353b6508ec4" ,
"value" : "05ad5f346d0282e43360965373eb2a8d39735137"
} ,
{
"category" : "Payload delivery" ,
"comment" : "" ,
"deleted" : false ,
"disable_correlation" : false ,
"object_relation" : "sha256" ,
"timestamp" : "1554925260" ,
"to_ids" : false ,
"type" : "sha256" ,
"uuid" : "762c79b2-f9d0-46ed-8bcd-835fecd88309" ,
"value" : "83228075a604e955d59edc760e4c4ed16eedabfc8f6ac291cf21b4fcbcd1f70a"
} ,
{
"category" : "Payload delivery" ,
"comment" : "" ,
"deleted" : false ,
"disable_correlation" : false ,
"object_relation" : "sha512" ,
"timestamp" : "1554925260" ,
"to_ids" : false ,
"type" : "sha512" ,
"uuid" : "1ecafef2-181f-4d44-a2cb-9b4860d0564d" ,
"value" : "f8fcc5ed34b7bf144fc708d01d9685f0cb2e678c173d014987d6ecbf4a7c3ed539452819237173a2ab14609a913cf46c3bd618cffe7b5990c63cfe805a7144ff"
} ,
{
"category" : "Payload delivery" ,
"comment" : "" ,
"deleted" : false ,
"disable_correlation" : false ,
"object_relation" : "ssdeep" ,
"timestamp" : "1554925260" ,
"to_ids" : false ,
"type" : "ssdeep" ,
"uuid" : "f8ccd477-b357-4e2a-ae99-39a7ee0fc366" ,
"value" : "6144:4+ZmN/ix9bd+Rvze6lxjWV346vze6lpjWV34Evze6lSjWV34avze6lkjWV34z5FT:4+ZmN/ix9b8Rvze6lxjWV346vze6lpjn"
} ,
{
"category" : "Payload delivery" ,
"comment" : "" ,
"deleted" : false ,
"disable_correlation" : true ,
"object_relation" : "filename" ,
"timestamp" : "1554925260" ,
"to_ids" : false ,
"type" : "filename" ,
"uuid" : "185bf6cf-ff68-4e17-9651-512cccd20e33" ,
"value" : "3021B9EF74c&BDDF59656A035F94FD08"
} ,
{
"category" : "Other" ,
"comment" : "" ,
"deleted" : false ,
"disable_correlation" : true ,
"object_relation" : "size-in-bytes" ,
"timestamp" : "1554925260" ,
"to_ids" : false ,
"type" : "size-in-bytes" ,
"uuid" : "264aa925-07af-4433-9f99-d9eb6d1f99d7" ,
"value" : "245760"
} ,
{
"category" : "Other" ,
"comment" : "" ,
"deleted" : false ,
"disable_correlation" : true ,
"object_relation" : "entropy" ,
"timestamp" : "1554925260" ,
"to_ids" : false ,
"type" : "float" ,
"uuid" : "406e1ae7-43d2-4f94-aa90-aea3a23b2c0e" ,
"value" : "5.93339"
} ,
{
"category" : "Artifacts dropped" ,
"comment" : "" ,
"deleted" : false ,
"disable_correlation" : true ,
"object_relation" : "mimetype" ,
"timestamp" : "1554925260" ,
"to_ids" : false ,
"type" : "mime-type" ,
"uuid" : "5c54ec95-7584-40d4-bc94-46d872e9ae7c" ,
"value" : "PE32+ executable (DLL) (console) x86-64, for MS Windows"
}
]
} ,
{
"comment" : "" ,
"deleted" : false ,
"description" : "Object describing a section of a Portable Executable" ,
"meta-category" : "file" ,
"name" : "pe-section" ,
"template_uuid" : "198a17d2-a135-4b25-9a32-5aa4e632014a" ,
"template_version" : "2" ,
"timestamp" : "1554925260" ,
"uuid" : "ac51556a-91c0-4267-9e61-de0a0dbabf05" ,
"Attribute" : [
{
"category" : "Other" ,
"comment" : "" ,
"deleted" : false ,
"disable_correlation" : true ,
"object_relation" : "entropy" ,
"timestamp" : "1554925260" ,
"to_ids" : false ,
"type" : "float" ,
"uuid" : "879e9228-23e9-4d97-8009-e046b91b7aeb" ,
"value" : "0.586304"
} ,
{
"category" : "Payload delivery" ,
"comment" : "" ,
"deleted" : false ,
"disable_correlation" : false ,
"object_relation" : "md5" ,
"timestamp" : "1554925260" ,
"to_ids" : true ,
"type" : "md5" ,
"uuid" : "59e51ead-2783-4216-b44e-90e11857d672" ,
"value" : "84f39a6860555231d60a55c72d07bc5e"
} ,
{
"category" : "Other" ,
"comment" : "" ,
"deleted" : false ,
"disable_correlation" : true ,
"object_relation" : "size-in-bytes" ,
"timestamp" : "1554925260" ,
"to_ids" : false ,
"type" : "size-in-bytes" ,
"uuid" : "ea1ff8d3-922c-4b4a-a44e-7714d6076a12" ,
"value" : "4096"
}
]
} ,
{
"comment" : "" ,
"deleted" : false ,
"description" : "Object describing a section of a Portable Executable" ,
"meta-category" : "file" ,
"name" : "pe-section" ,
"template_uuid" : "198a17d2-a135-4b25-9a32-5aa4e632014a" ,
"template_version" : "2" ,
"timestamp" : "1554925260" ,
"uuid" : "ea7cc58d-1fe6-4a0b-8070-4fe5b38cb690" ,
"Attribute" : [
{
"category" : "Payload delivery" ,
"comment" : "" ,
"deleted" : false ,
"disable_correlation" : false ,
"object_relation" : "md5" ,
"timestamp" : "1554925260" ,
"to_ids" : true ,
"type" : "md5" ,
"uuid" : "6cc732da-7efb-4ebb-9633-3822c5e4a0ff" ,
"value" : "649c24790b60bda1cf2a85516bfc7fa0"
} ,
{
"category" : "Other" ,
"comment" : "" ,
"deleted" : false ,
"disable_correlation" : true ,
"object_relation" : "entropy" ,
"timestamp" : "1554925260" ,
"to_ids" : false ,
"type" : "float" ,
"uuid" : "f00c1d4a-87b9-4472-b6b8-29f642a56a18" ,
"value" : "5.98329"
} ,
{
"category" : "Other" ,
"comment" : "" ,
"deleted" : false ,
"disable_correlation" : true ,
"object_relation" : "name" ,
"timestamp" : "1554925260" ,
"to_ids" : false ,
"type" : "text" ,
"uuid" : "70fe749e-dffd-4d2e-b5a2-9814b70979eb" ,
"value" : ".text"
} ,
{
"category" : "Other" ,
"comment" : "" ,
"deleted" : false ,
"disable_correlation" : true ,
"object_relation" : "size-in-bytes" ,
"timestamp" : "1554925260" ,
"to_ids" : false ,
"type" : "size-in-bytes" ,
"uuid" : "545f156d-000a-4918-a06f-e47c76fe7371" ,
"value" : "24576"
}
]
} ,
{
"comment" : "" ,
"deleted" : false ,
"description" : "Object describing a section of a Portable Executable" ,
"meta-category" : "file" ,
"name" : "pe-section" ,
"template_uuid" : "198a17d2-a135-4b25-9a32-5aa4e632014a" ,
"template_version" : "2" ,
"timestamp" : "1554925260" ,
"uuid" : "c57a6cf7-e544-4364-adba-a72ea3e6573f" ,
"Attribute" : [
{
"category" : "Payload delivery" ,
"comment" : "" ,
"deleted" : false ,
"disable_correlation" : false ,
"object_relation" : "md5" ,
"timestamp" : "1554925260" ,
"to_ids" : true ,
"type" : "md5" ,
"uuid" : "3608a534-9bc9-4ba9-a43f-c61d21088d0d" ,
"value" : "fbd6ca444ef8c0667aed75820cc99dce"
} ,
{
"category" : "Other" ,
"comment" : "" ,
"deleted" : false ,
"disable_correlation" : true ,
"object_relation" : "entropy" ,
"timestamp" : "1554925261" ,
"to_ids" : false ,
"type" : "float" ,
"uuid" : "90bf5690-047d-40fe-ad8b-5c5f1bc77dc1" ,
"value" : "3.520964"
} ,
{
"category" : "Other" ,
"comment" : "" ,
"deleted" : false ,
"disable_correlation" : true ,
"object_relation" : "name" ,
"timestamp" : "1554925261" ,
"to_ids" : false ,
"type" : "text" ,
"uuid" : "38646942-7e2b-49b9-88d7-5e04432cf143" ,
"value" : ".rdata"
} ,
{
"category" : "Other" ,
"comment" : "" ,
"deleted" : false ,
"disable_correlation" : true ,
"object_relation" : "size-in-bytes" ,
"timestamp" : "1554925261" ,
"to_ids" : false ,
"type" : "size-in-bytes" ,
"uuid" : "b9d05716-e01d-40e6-bb96-4f0dfae88e2b" ,
"value" : "4096"
}
]
} ,
{
"comment" : "" ,
"deleted" : false ,
"description" : "Object describing a section of a Portable Executable" ,
"meta-category" : "file" ,
"name" : "pe-section" ,
"template_uuid" : "198a17d2-a135-4b25-9a32-5aa4e632014a" ,
"template_version" : "2" ,
"timestamp" : "1554925261" ,
"uuid" : "1746f20a-4522-4af5-b779-165a2b829958" ,
"Attribute" : [
{
"category" : "Payload delivery" ,
"comment" : "" ,
"deleted" : false ,
"disable_correlation" : false ,
"object_relation" : "md5" ,
"timestamp" : "1554925261" ,
"to_ids" : true ,
"type" : "md5" ,
"uuid" : "24142516-e506-44b7-a682-b34babb0c972" ,
"value" : "0ecb4bcb0a1ef1bf8ea4157fabdd7357"
} ,
{
"category" : "Other" ,
"comment" : "" ,
"deleted" : false ,
"disable_correlation" : true ,
"object_relation" : "entropy" ,
"timestamp" : "1554925261" ,
"to_ids" : false ,
"type" : "float" ,
"uuid" : "b443d7d9-2096-43c3-b1b4-c812fbf7193e" ,
"value" : "3.988157"
} ,
{
"category" : "Other" ,
"comment" : "" ,
"deleted" : false ,
"disable_correlation" : true ,
"object_relation" : "name" ,
"timestamp" : "1554925261" ,
"to_ids" : false ,
"type" : "text" ,
"uuid" : "4baa5798-34b6-4f6a-aa94-3e3b596a2f3b" ,
"value" : ".data"
} ,
{
"category" : "Other" ,
"comment" : "" ,
"deleted" : false ,
"disable_correlation" : true ,
"object_relation" : "size-in-bytes" ,
"timestamp" : "1554925261" ,
"to_ids" : false ,
"type" : "size-in-bytes" ,
"uuid" : "6ff4b78b-140f-4592-9ee3-aa1c2f1f5d03" ,
"value" : "4096"
}
]
} ,
{
"comment" : "" ,
"deleted" : false ,
"description" : "Object describing a Portable Executable" ,
"meta-category" : "file" ,
"name" : "pe" ,
"template_uuid" : "cf7adecc-d4f0-4e88-9d90-f978ee151a07" ,
"template_version" : "3" ,
"timestamp" : "1554925261" ,
"uuid" : "4bef19cc-01f6-4b03-9f08-6b51796cb5ca" ,
"ObjectReference" : [
{
"comment" : "" ,
"object_uuid" : "4bef19cc-01f6-4b03-9f08-6b51796cb5ca" ,
"referenced_uuid" : "ac51556a-91c0-4267-9e61-de0a0dbabf05" ,
"relationship_type" : "header-of" ,
"timestamp" : "1554925269" ,
"uuid" : "5cae46d5-d358-4156-8114-4a1c950d210f"
} ,
{
"comment" : "" ,
"object_uuid" : "4bef19cc-01f6-4b03-9f08-6b51796cb5ca" ,
"referenced_uuid" : "ea7cc58d-1fe6-4a0b-8070-4fe5b38cb690" ,
"relationship_type" : "included-in" ,
"timestamp" : "1554925269" ,
"uuid" : "5cae46d5-5804-4448-9b60-4542950d210f"
} ,
{
"comment" : "" ,
"object_uuid" : "4bef19cc-01f6-4b03-9f08-6b51796cb5ca" ,
"referenced_uuid" : "c57a6cf7-e544-4364-adba-a72ea3e6573f" ,
"relationship_type" : "included-in" ,
"timestamp" : "1554925269" ,
"uuid" : "5cae46d5-4114-4c40-b118-46cb950d210f"
} ,
{
"comment" : "" ,
"object_uuid" : "4bef19cc-01f6-4b03-9f08-6b51796cb5ca" ,
"referenced_uuid" : "1746f20a-4522-4af5-b779-165a2b829958" ,
"relationship_type" : "included-in" ,
"timestamp" : "1554925269" ,
"uuid" : "5cae46d5-d4fc-4c21-a1c3-4767950d210f"
}
] ,
"Attribute" : [
{
"category" : "Payload delivery" ,
"comment" : "" ,
"deleted" : false ,
"disable_correlation" : true ,
"object_relation" : "internal-filename" ,
"timestamp" : "1554925261" ,
"to_ids" : true ,
"type" : "filename" ,
"uuid" : "c4bd93cf-8ff8-46e6-acdb-80e5919b8252" ,
"value" : "61E3571B8D9B2E9CCFADC3DDE10FB6E1"
} ,
{
"category" : "Payload delivery" ,
"comment" : "" ,
"deleted" : false ,
"disable_correlation" : true ,
"object_relation" : "original-filename" ,
"timestamp" : "1554925261" ,
"to_ids" : true ,
"type" : "filename" ,
"uuid" : "3a39acd6-2689-4a52-bd43-0e2b36799005" ,
"value" : "61E3571B8D9B2E9CCFADC3DDE10FB6E1"
} ,
{
"category" : "Other" ,
"comment" : "" ,
"deleted" : false ,
"disable_correlation" : true ,
"object_relation" : "number-sections" ,
"timestamp" : "1554925261" ,
"to_ids" : false ,
"type" : "counter" ,
"uuid" : "8d5136ed-5e61-4de3-87ad-eb6c9a94c868" ,
"value" : "4"
}
]
} ,
{
"comment" : "" ,
"deleted" : false ,
"description" : "File object describing a file with meta-information" ,
"meta-category" : "file" ,
"name" : "file" ,
"template_uuid" : "688c46fb-5edb-40a3-8273-1af7923e2215" ,
"template_version" : "16" ,
"timestamp" : "1555061896" ,
"uuid" : "ec166754-a5ff-4729-ac26-ac79ce02133c" ,
"ObjectReference" : [
{
"comment" : "" ,
"object_uuid" : "ec166754-a5ff-4729-ac26-ac79ce02133c" ,
"referenced_uuid" : "4bef19cc-01f6-4b03-9f08-6b51796cb5ca" ,
"relationship_type" : "included-in" ,
"timestamp" : "1554925269" ,
"uuid" : "5cae46d5-b2b8-4435-bea9-483d950d210f"
} ,
{
"comment" : "" ,
"object_uuid" : "ec166754-a5ff-4729-ac26-ac79ce02133c" ,
"referenced_uuid" : "dc846c76-af3d-4aab-ba62-ccc9a5582e5d" ,
2023-04-21 13:25:09 +00:00
"relationship_type" : "dropped" ,
2023-12-14 14:30:15 +00:00
"timestamp" : "1554925269" ,
"uuid" : "5cae46d5-5c80-431c-b3c6-477c950d210f"
} ,
{
"comment" : "" ,
"object_uuid" : "ec166754-a5ff-4729-ac26-ac79ce02133c" ,
"referenced_uuid" : "f7d0f16d-6367-4770-ae6e-db03c68a82ca" ,
2023-04-21 13:25:09 +00:00
"relationship_type" : "dropped" ,
2023-12-14 14:30:15 +00:00
"timestamp" : "1554925269" ,
"uuid" : "5cae46d5-dd44-4516-815e-49d8950d210f"
} ,
{
"comment" : "" ,
"object_uuid" : "ec166754-a5ff-4729-ac26-ac79ce02133c" ,
"referenced_uuid" : "03272933-d90e-4e38-87fa-5490bd1c37d8" ,
2023-04-21 13:25:09 +00:00
"relationship_type" : "dropped" ,
2023-12-14 14:30:15 +00:00
"timestamp" : "1554925269" ,
"uuid" : "5cae46d5-ac74-404f-a894-418c950d210f"
} ,
{
"comment" : "" ,
"object_uuid" : "ec166754-a5ff-4729-ac26-ac79ce02133c" ,
"referenced_uuid" : "9b5d58a8-fedd-424b-9e95-1fa9dee6113b" ,
2023-04-21 13:25:09 +00:00
"relationship_type" : "connected-to" ,
2023-12-14 14:30:15 +00:00
"timestamp" : "1554925269" ,
"uuid" : "5cae46d5-2b80-4152-b393-4ad1950d210f"
} ,
{
"comment" : "" ,
"object_uuid" : "ec166754-a5ff-4729-ac26-ac79ce02133c" ,
"referenced_uuid" : "5e64eddb-9dc7-4976-9c08-4884f931c92e" ,
2023-04-21 13:25:09 +00:00
"relationship_type" : "connected-to" ,
2023-12-14 14:30:15 +00:00
"timestamp" : "1554925269" ,
"uuid" : "5cae46d5-ac38-4446-8159-4730950d210f"
} ,
{
"comment" : "" ,
"object_uuid" : "ec166754-a5ff-4729-ac26-ac79ce02133c" ,
"referenced_uuid" : "e773193c-a490-442a-a41f-63e402cf3865" ,
2023-04-21 13:25:09 +00:00
"relationship_type" : "connected-to" ,
2023-12-14 14:30:15 +00:00
"timestamp" : "1554925269" ,
"uuid" : "5cae46d5-75a4-45c9-b15c-43f4950d210f"
} ,
{
"comment" : "" ,
"object_uuid" : "ec166754-a5ff-4729-ac26-ac79ce02133c" ,
"referenced_uuid" : "bc976e66-b5d6-464d-9adc-0d53da3ec01a" ,
2023-04-21 13:25:09 +00:00
"relationship_type" : "connected-to" ,
2023-12-14 14:30:15 +00:00
"timestamp" : "1554925269" ,
"uuid" : "5cae46d5-9bf4-4a85-bcda-4ad9950d210f"
} ,
{
"comment" : "" ,
"object_uuid" : "ec166754-a5ff-4729-ac26-ac79ce02133c" ,
"referenced_uuid" : "f7d0f16d-6367-4770-ae6e-db03c68a82ca" ,
2023-04-21 13:25:09 +00:00
"relationship_type" : "related-to" ,
2023-12-14 14:30:15 +00:00
"timestamp" : "1554925270" ,
"uuid" : "5cae46d6-d40c-4da4-b2a2-4ee1950d210f"
} ,
{
"comment" : "" ,
"object_uuid" : "ec166754-a5ff-4729-ac26-ac79ce02133c" ,
"referenced_uuid" : "292b76e3-83c8-4bb0-89c8-8105cf22899d" ,
2023-04-21 13:25:09 +00:00
"relationship_type" : "analysed-with" ,
2023-12-14 14:30:15 +00:00
"timestamp" : "1555061902" ,
"uuid" : "5cb05c8e-ccf4-415b-87c5-205c950d210f"
}
] ,
"Attribute" : [
{
"category" : "Payload delivery" ,
"comment" : "" ,
"deleted" : false ,
"disable_correlation" : false ,
"object_relation" : "md5" ,
"timestamp" : "1554925261" ,
"to_ids" : false ,
"type" : "md5" ,
"uuid" : "a6259ba2-6f4f-4c79-915e-5b034b88af2d" ,
"value" : "61e3571b8d9b2e9ccfadc3dde10fb6e1"
} ,
{
"category" : "Payload delivery" ,
"comment" : "" ,
"deleted" : false ,
"disable_correlation" : false ,
"object_relation" : "sha1" ,
"timestamp" : "1554925261" ,
"to_ids" : false ,
"type" : "sha1" ,
"uuid" : "79e50306-2d57-4c83-9b55-98589ef42a46" ,
"value" : "55daa1fca210ebf66b1a1d2db1aa3373b06da680"
} ,
{
"category" : "Payload delivery" ,
"comment" : "" ,
"deleted" : false ,
"disable_correlation" : false ,
"object_relation" : "sha256" ,
"timestamp" : "1554925261" ,
"to_ids" : false ,
"type" : "sha256" ,
"uuid" : "f04e903b-30d4-4d1a-aa0c-8caa4ac9296f" ,
"value" : "70034b33f59c6698403293cdc28676c7daa8c49031089efa6eefce41e22dccb3"
} ,
{
"category" : "Payload delivery" ,
"comment" : "" ,
"deleted" : false ,
"disable_correlation" : false ,
"object_relation" : "sha512" ,
"timestamp" : "1554925261" ,
"to_ids" : false ,
"type" : "sha512" ,
"uuid" : "be4b9c27-4aaf-4e6a-8c24-23d9d371b00f" ,
"value" : "235f7b920f54c4d316386cbf6cc14db1929029e8053270e730be15acc8e9f333231d2d984681bea26013a1d1cf4670528ba0989337be13ad4ada3eeba33bdfe8"
} ,
{
"category" : "Payload delivery" ,
"comment" : "" ,
"deleted" : false ,
"disable_correlation" : false ,
"object_relation" : "ssdeep" ,
"timestamp" : "1554925261" ,
"to_ids" : false ,
"type" : "ssdeep" ,
"uuid" : "b2a8a54e-3a57-4de6-9f66-0b7540097b2a" ,
"value" : "6144:d71TKN7LBHvS+bujAfrsxwkm1Ka5l7gTtJUGx:dxKHPuj8WR0K6VgTtZx"
} ,
{
"category" : "Payload delivery" ,
"comment" : "" ,
"deleted" : false ,
"disable_correlation" : true ,
"object_relation" : "filename" ,
"timestamp" : "1554925261" ,
"to_ids" : false ,
"type" : "filename" ,
"uuid" : "6af9f081-ade0-43ca-a76d-87973d72fe2f" ,
"value" : "61E3571B8D9B2E9CCFADC3DDE10FB6E1"
} ,
{
"category" : "Other" ,
"comment" : "" ,
"deleted" : false ,
"disable_correlation" : true ,
"object_relation" : "size-in-bytes" ,
"timestamp" : "1554925261" ,
"to_ids" : false ,
"type" : "size-in-bytes" ,
"uuid" : "16913367-f109-4106-95fc-a6aebf7026c2" ,
"value" : "258052"
} ,
{
"category" : "Other" ,
"comment" : "" ,
"deleted" : false ,
"disable_correlation" : true ,
"object_relation" : "entropy" ,
"timestamp" : "1554925261" ,
"to_ids" : false ,
"type" : "float" ,
"uuid" : "4dd0185e-e2c4-4956-bab1-15cc4c8285d2" ,
"value" : "7.82959"
} ,
{
"category" : "Artifacts dropped" ,
"comment" : "" ,
"deleted" : false ,
"disable_correlation" : true ,
"object_relation" : "mimetype" ,
"timestamp" : "1554925261" ,
"to_ids" : false ,
"type" : "mime-type" ,
"uuid" : "b3437b26-6849-417f-b637-07f3733a84bd" ,
"value" : "PE32 executable (GUI) Intel 80386, for MS Windows"
}
]
} ,
{
"comment" : "" ,
"deleted" : false ,
"description" : "Object describing a section of a Portable Executable" ,
"meta-category" : "file" ,
"name" : "pe-section" ,
"template_uuid" : "198a17d2-a135-4b25-9a32-5aa4e632014a" ,
"template_version" : "2" ,
"timestamp" : "1554925261" ,
"uuid" : "9500fb1e-bb08-45d5-a3eb-3b82f649c624" ,
"Attribute" : [
{
"category" : "Other" ,
"comment" : "" ,
"deleted" : false ,
"disable_correlation" : true ,
"object_relation" : "entropy" ,
"timestamp" : "1554925261" ,
"to_ids" : false ,
"type" : "float" ,
"uuid" : "c6cfb719-d72b-4ad4-9a65-3a0ff972a444" ,
"value" : "0.709908"
} ,
{
"category" : "Payload delivery" ,
"comment" : "" ,
"deleted" : false ,
"disable_correlation" : false ,
"object_relation" : "md5" ,
"timestamp" : "1554925261" ,
"to_ids" : true ,
"type" : "md5" ,
"uuid" : "9ad2ded7-a7a2-494b-8aed-219afe98ca52" ,
"value" : "d37b95aa17fa132415b37ec777f439ff"
} ,
{
"category" : "Other" ,
"comment" : "" ,
"deleted" : false ,
"disable_correlation" : true ,
"object_relation" : "size-in-bytes" ,
"timestamp" : "1554925261" ,
"to_ids" : false ,
"type" : "size-in-bytes" ,
"uuid" : "ae4061f1-85ca-455e-a60b-71f835ade07c" ,
"value" : "4096"
}
]
} ,
{
"comment" : "" ,
"deleted" : false ,
"description" : "Object describing a section of a Portable Executable" ,
"meta-category" : "file" ,
"name" : "pe-section" ,
"template_uuid" : "198a17d2-a135-4b25-9a32-5aa4e632014a" ,
"template_version" : "2" ,
"timestamp" : "1554925261" ,
"uuid" : "0f41e5c5-7f40-44a1-885b-7f9597eb99f9" ,
"Attribute" : [
{
"category" : "Payload delivery" ,
"comment" : "" ,
"deleted" : false ,
"disable_correlation" : false ,
"object_relation" : "md5" ,
"timestamp" : "1554925261" ,
"to_ids" : true ,
"type" : "md5" ,
"uuid" : "37b2712d-92e1-4c80-a022-276c885a225f" ,
"value" : "badbc93c35554aec904ab0c34f05fbe0"
} ,
{
"category" : "Other" ,
"comment" : "" ,
"deleted" : false ,
"disable_correlation" : true ,
"object_relation" : "entropy" ,
"timestamp" : "1554925261" ,
"to_ids" : false ,
"type" : "float" ,
"uuid" : "7079daf0-c047-40ea-a6be-b187d0309922" ,
"value" : "6.295472"
} ,
{
"category" : "Other" ,
"comment" : "" ,
"deleted" : false ,
"disable_correlation" : true ,
"object_relation" : "name" ,
"timestamp" : "1554925261" ,
"to_ids" : false ,
"type" : "text" ,
"uuid" : "b93f8d55-2f20-4533-bd95-8adca4c452e6" ,
"value" : ".text"
} ,
{
"category" : "Other" ,
"comment" : "" ,
"deleted" : false ,
"disable_correlation" : true ,
"object_relation" : "size-in-bytes" ,
"timestamp" : "1554925261" ,
"to_ids" : false ,
"type" : "size-in-bytes" ,
"uuid" : "be0569ad-b5e9-481f-85bd-d4ff38268bf2" ,
"value" : "180224"
}
]
} ,
{
"comment" : "" ,
"deleted" : false ,
"description" : "Object describing a section of a Portable Executable" ,
"meta-category" : "file" ,
"name" : "pe-section" ,
"template_uuid" : "198a17d2-a135-4b25-9a32-5aa4e632014a" ,
"template_version" : "2" ,
"timestamp" : "1554925261" ,
"uuid" : "2c0897ef-be21-4b08-a096-899c8545c0a6" ,
"Attribute" : [
{
"category" : "Payload delivery" ,
"comment" : "" ,
"deleted" : false ,
"disable_correlation" : false ,
"object_relation" : "md5" ,
"timestamp" : "1554925261" ,
"to_ids" : true ,
"type" : "md5" ,
"uuid" : "1aabb47b-2cfb-4fa6-9795-44bf2e0822b1" ,
"value" : "64f7a9cafdad34003aba4547bba0e25b"
} ,
{
"category" : "Other" ,
"comment" : "" ,
"deleted" : false ,
"disable_correlation" : true ,
"object_relation" : "entropy" ,
"timestamp" : "1554925261" ,
"to_ids" : false ,
"type" : "float" ,
"uuid" : "b639555c-1b57-4035-9579-1a73c3b3a53c" ,
"value" : "6.372911"
} ,
{
"category" : "Other" ,
"comment" : "" ,
"deleted" : false ,
"disable_correlation" : true ,
"object_relation" : "name" ,
"timestamp" : "1554925261" ,
"to_ids" : false ,
"type" : "text" ,
"uuid" : "a88e067c-fccc-4459-a3e3-09575de7d068" ,
"value" : ".rdata"
} ,
{
"category" : "Other" ,
"comment" : "" ,
"deleted" : false ,
"disable_correlation" : true ,
"object_relation" : "size-in-bytes" ,
"timestamp" : "1554925261" ,
"to_ids" : false ,
"type" : "size-in-bytes" ,
"uuid" : "add355d4-1e45-486e-ac73-b46318451e43" ,
"value" : "16384"
}
]
} ,
{
"comment" : "" ,
"deleted" : false ,
"description" : "Object describing a section of a Portable Executable" ,
"meta-category" : "file" ,
"name" : "pe-section" ,
"template_uuid" : "198a17d2-a135-4b25-9a32-5aa4e632014a" ,
"template_version" : "2" ,
"timestamp" : "1554925261" ,
"uuid" : "6fa43c7f-c294-43cf-8b40-d00655aaa96e" ,
"Attribute" : [
{
"category" : "Payload delivery" ,
"comment" : "" ,
"deleted" : false ,
"disable_correlation" : false ,
"object_relation" : "md5" ,
"timestamp" : "1554925261" ,
"to_ids" : true ,
"type" : "md5" ,
"uuid" : "06af0417-7d0a-4485-9377-1a3c1fd33790" ,
"value" : "c792eb0c57577f4f3649775cbf32b253"
} ,
{
"category" : "Other" ,
"comment" : "" ,
"deleted" : false ,
"disable_correlation" : true ,
"object_relation" : "entropy" ,
"timestamp" : "1554925261" ,
"to_ids" : false ,
"type" : "float" ,
"uuid" : "cdbb482d-f5c6-4212-96fe-3c2d12ef61de" ,
"value" : "3.996008"
} ,
{
"category" : "Other" ,
"comment" : "" ,
"deleted" : false ,
"disable_correlation" : true ,
"object_relation" : "name" ,
"timestamp" : "1554925261" ,
"to_ids" : false ,
"type" : "text" ,
"uuid" : "c7e1a6b2-a4c5-4f90-a690-6732494c6f7e" ,
"value" : ".data"
} ,
{
"category" : "Other" ,
"comment" : "" ,
"deleted" : false ,
"disable_correlation" : true ,
"object_relation" : "size-in-bytes" ,
"timestamp" : "1554925261" ,
"to_ids" : false ,
"type" : "size-in-bytes" ,
"uuid" : "326b7108-c787-4182-9b80-2c64576d2fb5" ,
"value" : "12288"
}
]
} ,
{
"comment" : "" ,
"deleted" : false ,
"description" : "Object describing a section of a Portable Executable" ,
"meta-category" : "file" ,
"name" : "pe-section" ,
"template_uuid" : "198a17d2-a135-4b25-9a32-5aa4e632014a" ,
"template_version" : "2" ,
"timestamp" : "1554925261" ,
"uuid" : "ce21b7c4-404c-4a76-96c8-e50ba9773a30" ,
"Attribute" : [
{
"category" : "Payload delivery" ,
"comment" : "" ,
"deleted" : false ,
"disable_correlation" : false ,
"object_relation" : "md5" ,
"timestamp" : "1554925261" ,
"to_ids" : true ,
"type" : "md5" ,
"uuid" : "f661d161-f743-4ce2-91c6-9bad164daf22" ,
"value" : "8791f715ae89ffe2c7d832c1be821edc"
} ,
{
"category" : "Other" ,
"comment" : "" ,
"deleted" : false ,
"disable_correlation" : true ,
"object_relation" : "entropy" ,
"timestamp" : "1554925262" ,
"to_ids" : false ,
"type" : "float" ,
"uuid" : "74fc1c8e-65fb-49f5-ad8f-190e6cdeda2d" ,
"value" : "5.154376"
} ,
{
"category" : "Other" ,
"comment" : "" ,
"deleted" : false ,
"disable_correlation" : true ,
"object_relation" : "name" ,
"timestamp" : "1554925262" ,
"to_ids" : false ,
"type" : "text" ,
"uuid" : "09bb0227-98c7-4da1-9c08-047314d51f89" ,
"value" : ".reloc"
} ,
{
"category" : "Other" ,
"comment" : "" ,
"deleted" : false ,
"disable_correlation" : true ,
"object_relation" : "size-in-bytes" ,
"timestamp" : "1554925262" ,
"to_ids" : false ,
"type" : "size-in-bytes" ,
"uuid" : "a3f93751-1090-4b2f-ad63-9bc7b55932e5" ,
"value" : "8192"
}
]
} ,
{
"comment" : "" ,
"deleted" : false ,
"description" : "Object describing a Portable Executable" ,
"meta-category" : "file" ,
"name" : "pe" ,
"template_uuid" : "cf7adecc-d4f0-4e88-9d90-f978ee151a07" ,
"template_version" : "3" ,
"timestamp" : "1554925262" ,
"uuid" : "cb4560bb-f70e-44a7-9496-1d7d017e9880" ,
"ObjectReference" : [
{
"comment" : "" ,
"object_uuid" : "cb4560bb-f70e-44a7-9496-1d7d017e9880" ,
"referenced_uuid" : "9500fb1e-bb08-45d5-a3eb-3b82f649c624" ,
"relationship_type" : "header-of" ,
"timestamp" : "1554925270" ,
"uuid" : "5cae46d6-d2fc-41bd-a069-4b10950d210f"
} ,
{
"comment" : "" ,
"object_uuid" : "cb4560bb-f70e-44a7-9496-1d7d017e9880" ,
"referenced_uuid" : "0f41e5c5-7f40-44a1-885b-7f9597eb99f9" ,
"relationship_type" : "included-in" ,
"timestamp" : "1554925270" ,
"uuid" : "5cae46d6-c54c-425d-931f-4a97950d210f"
} ,
{
"comment" : "" ,
"object_uuid" : "cb4560bb-f70e-44a7-9496-1d7d017e9880" ,
"referenced_uuid" : "2c0897ef-be21-4b08-a096-899c8545c0a6" ,
"relationship_type" : "included-in" ,
"timestamp" : "1554925270" ,
"uuid" : "5cae46d6-990c-4ee6-8cd5-435e950d210f"
} ,
{
"comment" : "" ,
"object_uuid" : "cb4560bb-f70e-44a7-9496-1d7d017e9880" ,
"referenced_uuid" : "6fa43c7f-c294-43cf-8b40-d00655aaa96e" ,
"relationship_type" : "included-in" ,
"timestamp" : "1554925270" ,
"uuid" : "5cae46d6-0f7c-4355-829b-4fc9950d210f"
} ,
{
"comment" : "" ,
"object_uuid" : "cb4560bb-f70e-44a7-9496-1d7d017e9880" ,
"referenced_uuid" : "ce21b7c4-404c-4a76-96c8-e50ba9773a30" ,
"relationship_type" : "included-in" ,
"timestamp" : "1554925270" ,
"uuid" : "5cae46d6-a12c-4d80-bb61-46c1950d210f"
}
] ,
"Attribute" : [
{
"category" : "Payload delivery" ,
"comment" : "" ,
"deleted" : false ,
"disable_correlation" : true ,
"object_relation" : "internal-filename" ,
"timestamp" : "1554925262" ,
"to_ids" : true ,
"type" : "filename" ,
"uuid" : "f92cbd7f-2f37-4d68-9375-86c8ce643e4e" ,
"value" : "UDPTrcSvc.dll"
} ,
{
"category" : "Payload delivery" ,
"comment" : "" ,
"deleted" : false ,
"disable_correlation" : true ,
"object_relation" : "original-filename" ,
"timestamp" : "1554925262" ,
"to_ids" : true ,
"type" : "filename" ,
"uuid" : "69bb1c76-be51-45a8-8f6a-4bec88c87e7f" ,
"value" : "UDPTrcSvc.dll"
} ,
{
"category" : "Other" ,
"comment" : "" ,
"deleted" : false ,
"disable_correlation" : true ,
"object_relation" : "number-sections" ,
"timestamp" : "1554925262" ,
"to_ids" : false ,
"type" : "counter" ,
"uuid" : "eccba149-a16e-43a9-9477-13ece419d182" ,
"value" : "5"
}
]
} ,
{
"comment" : "" ,
"deleted" : false ,
"description" : "File object describing a file with meta-information" ,
"meta-category" : "file" ,
"name" : "file" ,
"template_uuid" : "688c46fb-5edb-40a3-8273-1af7923e2215" ,
"template_version" : "16" ,
"timestamp" : "1555061896" ,
"uuid" : "dc846c76-af3d-4aab-ba62-ccc9a5582e5d" ,
"ObjectReference" : [
{
"comment" : "" ,
"object_uuid" : "dc846c76-af3d-4aab-ba62-ccc9a5582e5d" ,
"referenced_uuid" : "cb4560bb-f70e-44a7-9496-1d7d017e9880" ,
"relationship_type" : "included-in" ,
"timestamp" : "1554925270" ,
"uuid" : "5cae46d6-3578-429c-852b-4a59950d210f"
} ,
{
"comment" : "" ,
"object_uuid" : "dc846c76-af3d-4aab-ba62-ccc9a5582e5d" ,
"referenced_uuid" : "ec166754-a5ff-4729-ac26-ac79ce02133c" ,
2023-04-21 13:25:09 +00:00
"relationship_type" : "dropped-by" ,
2023-12-14 14:30:15 +00:00
"timestamp" : "1554925270" ,
"uuid" : "5cae46d6-0248-480c-b7fc-437d950d210f"
} ,
{
"comment" : "" ,
"object_uuid" : "dc846c76-af3d-4aab-ba62-ccc9a5582e5d" ,
"referenced_uuid" : "2fc2e78c-c6e8-424c-9ad7-e166e7737e9c" ,
2023-04-21 13:25:09 +00:00
"relationship_type" : "analysed-with" ,
2023-12-14 14:30:15 +00:00
"timestamp" : "1555061902" ,
"uuid" : "5cb05c8e-0778-4c9e-9fd5-205c950d210f"
}
] ,
"Attribute" : [
{
"category" : "Payload delivery" ,
"comment" : "" ,
"deleted" : false ,
"disable_correlation" : false ,
"object_relation" : "md5" ,
"timestamp" : "1554925262" ,
"to_ids" : false ,
"type" : "md5" ,
"uuid" : "e0f41def-01f8-470d-9d6b-a1fa4b9cfb24" ,
"value" : "0893e206274cb98189d51a284c2a8c83"
} ,
{
"category" : "Payload delivery" ,
"comment" : "" ,
"deleted" : false ,
"disable_correlation" : false ,
"object_relation" : "sha1" ,
"timestamp" : "1554925262" ,
"to_ids" : false ,
"type" : "sha1" ,
"uuid" : "ab0893e1-d9e9-4808-9477-25a64d48f735" ,
"value" : "d1f4cf4250e7ba186c1d0c6d8876f5a644f457a4"
} ,
{
"category" : "Payload delivery" ,
"comment" : "" ,
"deleted" : false ,
"disable_correlation" : false ,
"object_relation" : "sha256" ,
"timestamp" : "1554925262" ,
"to_ids" : false ,
"type" : "sha256" ,
"uuid" : "c87736a8-4dee-4115-be13-ae36fdc81d08" ,
"value" : "cd5ff67ff773cc60c98c35f9e9d514b597cbd148789547ba152ba67bfc0fec8f"
} ,
{
"category" : "Payload delivery" ,
"comment" : "" ,
"deleted" : false ,
"disable_correlation" : false ,
"object_relation" : "sha512" ,
"timestamp" : "1554925262" ,
"to_ids" : false ,
"type" : "sha512" ,
"uuid" : "b40f1001-09ff-458e-953b-f6e6aab2f009" ,
"value" : "8042356ff8dc69fa84f2de10a4c34685c3ffa798d5520382d4fbcdcb43ae17e403a208be9891cca6cf2bc297f767229a57f746ca834f6b79056a0ff1202941cf"
} ,
{
"category" : "Payload delivery" ,
"comment" : "" ,
"deleted" : false ,
"disable_correlation" : false ,
"object_relation" : "ssdeep" ,
"timestamp" : "1554925262" ,
"to_ids" : false ,
"type" : "ssdeep" ,
"uuid" : "f52b3dc3-9d20-4c83-b5d8-1b6b7a12e956" ,
"value" : "3072:WsyjTzEvLFOL8AqCiueLt1VFu9+zcSywy0mcj90nSJ5NatCmtWwNQLK:W/zEvLFOLdq9uebdSwHN9n5wtkwNwK"
} ,
{
"category" : "Payload delivery" ,
"comment" : "" ,
"deleted" : false ,
"disable_correlation" : true ,
"object_relation" : "filename" ,
"timestamp" : "1554925262" ,
"to_ids" : false ,
"type" : "filename" ,
"uuid" : "7118c208-e5a9-4673-8755-ab9d7d61b829" ,
"value" : "UDPTrcSvc.dll"
} ,
{
"category" : "Other" ,
"comment" : "" ,
"deleted" : false ,
"disable_correlation" : true ,
"object_relation" : "size-in-bytes" ,
"timestamp" : "1554925262" ,
"to_ids" : false ,
"type" : "size-in-bytes" ,
"uuid" : "bb2475d2-45d2-4d06-a078-3ab9eded8773" ,
"value" : "221184"
} ,
{
"category" : "Other" ,
"comment" : "" ,
"deleted" : false ,
"disable_correlation" : true ,
"object_relation" : "entropy" ,
"timestamp" : "1554925262" ,
"to_ids" : false ,
"type" : "float" ,
"uuid" : "8ff8f5ec-5b62-4c88-93a5-ddcbf208809c" ,
"value" : "6.359677"
} ,
{
"category" : "Artifacts dropped" ,
"comment" : "" ,
"deleted" : false ,
"disable_correlation" : true ,
"object_relation" : "mimetype" ,
"timestamp" : "1554925262" ,
"to_ids" : false ,
"type" : "mime-type" ,
"uuid" : "e7f39241-0c3a-4744-b949-8a2c4eef4526" ,
"value" : "PE32 executable (DLL) (GUI) Intel 80386, for MS Windows"
}
]
} ,
{
"comment" : "" ,
"deleted" : false ,
"description" : "File object describing a file with meta-information" ,
"meta-category" : "file" ,
"name" : "file" ,
"template_uuid" : "688c46fb-5edb-40a3-8273-1af7923e2215" ,
"template_version" : "16" ,
"timestamp" : "1555061896" ,
"uuid" : "03272933-d90e-4e38-87fa-5490bd1c37d8" ,
"ObjectReference" : [
{
"comment" : "" ,
"object_uuid" : "03272933-d90e-4e38-87fa-5490bd1c37d8" ,
"referenced_uuid" : "ec166754-a5ff-4729-ac26-ac79ce02133c" ,
2023-04-21 13:25:09 +00:00
"relationship_type" : "dropped-by" ,
2023-12-14 14:30:15 +00:00
"timestamp" : "1554925270" ,
"uuid" : "5cae46d6-d7b0-4773-a635-4489950d210f"
} ,
{
"comment" : "" ,
"object_uuid" : "03272933-d90e-4e38-87fa-5490bd1c37d8" ,
"referenced_uuid" : "dca04ffe-c8b2-4b22-ba30-6a1eecf47ec9" ,
2023-04-21 13:25:09 +00:00
"relationship_type" : "dropped-by" ,
2023-12-14 14:30:15 +00:00
"timestamp" : "1554925270" ,
"uuid" : "5cae46d6-8540-4168-895d-45f2950d210f"
} ,
{
"comment" : "" ,
"object_uuid" : "03272933-d90e-4e38-87fa-5490bd1c37d8" ,
"referenced_uuid" : "1cba5ef3-2f91-4b11-855e-9480c7fb943d" ,
2023-04-21 13:25:09 +00:00
"relationship_type" : "analysed-with" ,
2023-12-14 14:30:15 +00:00
"timestamp" : "1555061902" ,
"uuid" : "5cb05c8e-b4f0-4e22-9cca-205c950d210f"
}
] ,
"Attribute" : [
{
"category" : "Payload delivery" ,
"comment" : "" ,
"deleted" : false ,
"disable_correlation" : false ,
"object_relation" : "md5" ,
"timestamp" : "1554925262" ,
"to_ids" : false ,
"type" : "md5" ,
"uuid" : "e8f5105b-58ec-481a-a38a-8c27f9bbbf6f" ,
"value" : "c4103f122d27677c9db144cae1394a66"
} ,
{
"category" : "Payload delivery" ,
"comment" : "" ,
"deleted" : false ,
"disable_correlation" : false ,
"object_relation" : "sha1" ,
"timestamp" : "1554925262" ,
"to_ids" : false ,
"type" : "sha1" ,
"uuid" : "70deb3a8-2b5f-4b30-9cc3-365b527a1328" ,
"value" : "1489f923c4dca729178b3e3233458550d8dddf29"
} ,
{
"category" : "Payload delivery" ,
"comment" : "" ,
"deleted" : false ,
"disable_correlation" : false ,
"object_relation" : "sha256" ,
"timestamp" : "1554925262" ,
"to_ids" : false ,
"type" : "sha256" ,
"uuid" : "63c4da1c-f99c-4d7d-b3d8-ab8343837e74" ,
"value" : "96a296d224f285c67bee93c30f8a309157f0daa35dc5b87e410b78630a09cfc7"
} ,
{
"category" : "Payload delivery" ,
"comment" : "" ,
"deleted" : false ,
"disable_correlation" : false ,
"object_relation" : "sha512" ,
"timestamp" : "1554925262" ,
"to_ids" : false ,
"type" : "sha512" ,
"uuid" : "19cfa74d-ccbd-4aef-a883-db7810e06742" ,
"value" : "5ea71dc6d0b4f57bf39aadd07c208c35f06cd2bac5fde210397f70de11d439c62ec1cdf3183758865fd387fcea0bada2f6c37a4a17851dd1d78fefe6f204ee54"
} ,
{
"category" : "Payload delivery" ,
"comment" : "" ,
"deleted" : false ,
"disable_correlation" : false ,
"object_relation" : "ssdeep" ,
"timestamp" : "1554925262" ,
"to_ids" : false ,
"type" : "ssdeep" ,
"uuid" : "668d2d9e-8d8b-4b5e-9fb1-5026df4110cd" ,
"value" : "3::"
} ,
{
"category" : "Payload delivery" ,
"comment" : "" ,
"deleted" : false ,
"disable_correlation" : true ,
"object_relation" : "filename" ,
"timestamp" : "1554925262" ,
"to_ids" : false ,
"type" : "filename" ,
"uuid" : "4f2b396b-4552-4d59-b672-3c37d15fabb3" ,
"value" : "MSDFMAPI.INI"
} ,
{
"category" : "Other" ,
"comment" : "" ,
"deleted" : false ,
"disable_correlation" : true ,
"object_relation" : "size-in-bytes" ,
"timestamp" : "1554925262" ,
"to_ids" : false ,
"type" : "size-in-bytes" ,
"uuid" : "8d7e6cb2-2bf9-468e-95c6-ba29650f2011" ,
"value" : "2"
} ,
{
"category" : "Other" ,
"comment" : "" ,
"deleted" : false ,
"disable_correlation" : true ,
"object_relation" : "entropy" ,
"timestamp" : "1554925262" ,
"to_ids" : false ,
"type" : "float" ,
"uuid" : "8e6a5d22-458f-4c7a-8778-2ea70ff717be" ,
"value" : "0.0"
} ,
{
"category" : "Artifacts dropped" ,
"comment" : "" ,
"deleted" : false ,
"disable_correlation" : true ,
"object_relation" : "mimetype" ,
"timestamp" : "1554925262" ,
"to_ids" : false ,
"type" : "mime-type" ,
"uuid" : "dc5ebfde-e15d-4355-aff5-6ecc28ac5208" ,
"value" : "data"
}
]
} ,
{
"comment" : "" ,
"deleted" : false ,
"description" : "File object describing a file with meta-information" ,
"meta-category" : "file" ,
"name" : "file" ,
"template_uuid" : "688c46fb-5edb-40a3-8273-1af7923e2215" ,
"template_version" : "16" ,
"timestamp" : "1555061896" ,
"uuid" : "ec5b0828-fc8e-4d29-9a2a-59806d987175" ,
"ObjectReference" : [
{
"comment" : "" ,
"object_uuid" : "ec5b0828-fc8e-4d29-9a2a-59806d987175" ,
"referenced_uuid" : "d0962325-2049-4b8a-9cc0-8597888ef490" ,
2023-04-21 13:25:09 +00:00
"relationship_type" : "analysed-with" ,
2023-12-14 14:30:15 +00:00
"timestamp" : "1555061902" ,
"uuid" : "5cb05c8e-a460-4bb5-ad7f-205c950d210f"
}
] ,
"Attribute" : [
{
"category" : "Payload delivery" ,
"comment" : "" ,
"deleted" : false ,
"disable_correlation" : false ,
"object_relation" : "md5" ,
"timestamp" : "1554925262" ,
"to_ids" : false ,
"type" : "md5" ,
"uuid" : "234f5001-653c-4987-822f-3c3a43c0ba21" ,
"value" : "f8d26f2b8dd2ac4889597e1f2fd1f248"
} ,
{
"category" : "Payload delivery" ,
"comment" : "" ,
"deleted" : false ,
"disable_correlation" : false ,
"object_relation" : "sha1" ,
"timestamp" : "1554925262" ,
"to_ids" : false ,
"type" : "sha1" ,
"uuid" : "1dffb69a-4482-4c6c-9dfd-dd365bd1ed29" ,
"value" : "dd132f76a4aff9862923d6a10e54dca26f26b1b4"
} ,
{
"category" : "Payload delivery" ,
"comment" : "" ,
"deleted" : false ,
"disable_correlation" : false ,
"object_relation" : "sha256" ,
"timestamp" : "1554925262" ,
"to_ids" : false ,
"type" : "sha256" ,
"uuid" : "583b3559-f762-4b10-a7ee-f10236e189ee" ,
"value" : "d77fdabe17cdba62a8e728cbe6c740e2c2e541072501f77988674e07a05dfb39"
} ,
{
"category" : "Payload delivery" ,
"comment" : "" ,
"deleted" : false ,
"disable_correlation" : false ,
"object_relation" : "sha512" ,
"timestamp" : "1554925262" ,
"to_ids" : false ,
"type" : "sha512" ,
"uuid" : "5dab5204-97b6-48ef-b37e-b5131f29a1f8" ,
"value" : "34f8d10ebcab6f10c5140e94cf858761e9fa2e075db971b8e49c7334e1d55237f844ed6cf8ce735e984203f58d6b5032813b55e29a59af4bfff3853b1d07bc44"
} ,
{
"category" : "Payload delivery" ,
"comment" : "" ,
"deleted" : false ,
"disable_correlation" : false ,
"object_relation" : "ssdeep" ,
"timestamp" : "1554925262" ,
"to_ids" : false ,
"type" : "ssdeep" ,
"uuid" : "1b24258e-ecd9-4006-8aaf-41fce6c6ffad" ,
"value" : "12288:MG31DF/ubokxmgF8JsVusikiWxdj3tIQLYe:NlI0UV0ou1kiWvm4Ye"
} ,
{
"category" : "Payload delivery" ,
"comment" : "" ,
"deleted" : false ,
"disable_correlation" : true ,
"object_relation" : "filename" ,
"timestamp" : "1554925262" ,
"to_ids" : false ,
"type" : "filename" ,
"uuid" : "86d268ed-bafa-4da7-bc68-9046d5d445f3" ,
"value" : "F8D26F2B8DD2AC4889597E1F2FD1F248"
} ,
{
"category" : "Other" ,
"comment" : "" ,
"deleted" : false ,
"disable_correlation" : true ,
"object_relation" : "size-in-bytes" ,
"timestamp" : "1554925262" ,
"to_ids" : false ,
"type" : "size-in-bytes" ,
"uuid" : "0146e514-a049-422c-8460-0edf9de36316" ,
"value" : "456241"
} ,
{
"category" : "Other" ,
"comment" : "" ,
"deleted" : false ,
"disable_correlation" : true ,
"object_relation" : "entropy" ,
"timestamp" : "1554925262" ,
"to_ids" : false ,
"type" : "float" ,
"uuid" : "1376b72b-ec8b-4a07-bd46-5d8e7da5c425" ,
"value" : "7.99935"
} ,
{
"category" : "Artifacts dropped" ,
"comment" : "" ,
"deleted" : false ,
"disable_correlation" : true ,
"object_relation" : "mimetype" ,
"timestamp" : "1554925262" ,
"to_ids" : false ,
"type" : "mime-type" ,
"uuid" : "b53ef00f-ce2d-4432-941e-656e5191570a" ,
"value" : "data"
}
]
} ,
{
"comment" : "" ,
"deleted" : false ,
"description" : "Object describing the original file used to import data in MISP." ,
"meta-category" : "file" ,
"name" : "original-imported-file" ,
"template_uuid" : "4cd560e9-2cfe-40a1-9964-7b2e797ecac5" ,
"template_version" : "2" ,
"timestamp" : "1554925270" ,
"uuid" : "5cae46d6-3cf8-4a8c-9ffc-46e0950d210f" ,
"Attribute" : [
{
"category" : "External analysis" ,
"comment" : "" ,
"data" : " P H N 0 a X g 6 U 1 R J W F 9 Q Y W N r Y W d l I H h t b G 5 z O m N 5 Y m 94 Q 29 t b W 9 u P S J o d H R w O i 8 v Y 3 l i b 3 g u b W l 0 c m U u b 3 J n L 2 N v b W 1 v b i 0 y I i B 4 b W x u c z p j e W J v e D 0 i a H R 0 c D o v L 2 N 5 Y m 94 L m 1 p d H J l L m 9 y Z y 9 j e W J v e C 0 y I i B 4 b W x u c z p j e W J v e F Z v Y 2 F i c z 0 i a H R 0 c D o v L 2 N 5 Y m 94 L m 1 p d H J l L m 9 y Z y 9 k Z W Z h d W x 0 X 3 Z v Y 2 F i d W x h c m l l c y 0 y I i B 4 b W x u c z p B Z G R y Z X N z T 2 J q P S J o d H R w O i 8 v Y 3 l i b 3 g u b W l 0 c m U u b 3 J n L 29 i a m V j d H M j Q W R k c m V z c 0 9 i a m V j d C 0 y I i B 4 b W x u c z p G a W x l T 2 J q P S J o d H R w O i 8 v Y 3 l i b 3 g u b W l 0 c m U u b 3 J n L 29 i a m V j d H M j R m l s Z U 9 i a m V j d C 0 y I i B 4 b W x u c z p Q b 3 J 0 T 2 J q P S J o d H R w O i 8 v Y 3 l i b 3 g u b W l 0 c m U u b 3 J n L 29 i a m V j d H M j U G 9 y d E 9 i a m V j d C 0 y I i B 4 b W x u c z p X a G 9 p c 0 9 i a j 0 i a H R 0 c D o v L 2 N 5 Y m 94 L m 1 p d H J l L m 9 y Z y 9 v Y m p l Y 3 R z I 1 d o b 2 l z T 2 J q Z W N 0 L T I i I H h t b G 5 z O l d p b k V 4 Z W N 1 d G F i b G V G a W x l T 2 J q P S J o d H R w O i 8 v Y 3 l i b 3 g u b W l 0 c m U u b 3 J n L 29 i a m V j d H M j V 2 l u R X h l Y 3 V 0 Y W J s Z U Z p b G V P Y m p l Y 3 Q t M i I g e G 1 s b n M 6 V 2 l u R m l s Z U 9 i a j 0 i a H R 0 c D o v L 2 N 5 Y m 94 L m 1 p d H J l L m 9 y Z y 9 v Y m p l Y 3 R z I 1 d p b k Z p b G V P Y m p l Y 3 Q t M i I g e G 1 s b n M 6 b W F y a 2 l u Z z 0 i a H R 0 c D o v L 2 R h d G E t b W F y a 2 l u Z y 5 t a X R y Z S 5 v c m c v T W F y a 2 l u Z y 0 x I i B 4 b W x u c z p 0 b H B N Y X J r a W 5 n P S J o d H R w O i 8 v Z G F 0 Y S 1 t Y X J r a W 5 n L m 1 p d H J l L m 9 y Z y 9 l e H R l b n N p b 25 z L 0 1 h c m t p b m d T d H J 1 Y 3 R 1 c m U j V E x Q L T E i I H h t b G 5 z O l R P V U 1 h c m t p b m c 9 I m h 0 d H A 6 L y 9 k Y X R h L W 1 h c m t p b m c u b W l 0 c m U u b 3 J n L 2 V 4 d G V u c 2 l v b n M v T W F y a 2 l u Z 1 N 0 c n V j d H V y Z S N U Z X J t c 19 P Z l 9 V c 2 U t M S I g e G 1 s b n M 6 b W F l Y 0 J 1 b m R s Z T 0 i a H R 0 c D o v L 21 h Z W M u b W l 0 c m U u b 3 J n L 1 h N T F N j a G V t Y S 9 t Y W V j L W J 1 b m R s Z S 0 0 I i B 4 b W x u c z p t Y W V j U G F j a 2 F n Z T 0 i a H R 0 c D o v L 21 h Z W M u b W l 0 c m U u b 3 J n L 1 h N T F N j a G V t Y S 9 t Y W V j L X B h Y 2 t h Z 2 U t M i I g e G 1 s b n M 6 b W F l Y 1 Z v Y 2 F i c z 0 i a H R 0 c D o v L 21 h Z W M u b W l 0 c m U u b 3 J n L 2 R l Z m F 1 b H R f d m 9 j Y W J 1 b G F y a W V z L T E i I H h t b G 5 z O m l u Y 2 l k Z W 50 P S J o d H R w O i 8 v c 3 R p e C 5 t a X R y Z S 5 v c m c v S W 5 j a W R l b n Q t M S I g e G 1 s b n M 6 a W 5 k a W N h d G 9 y P S J o d H R w O i 8 v c 3 R p e C 5 t a X R y Z S 5 v c m c v S W 5 k a W N h d G 9 y L T I i I H h t b G 5 z O n R 0 c D 0 i a H R 0 c D o v L 3 N 0 a X g u b W l 0 c m U u b 3 J n L 1 R U U C 0 x I i B 4 b W x u c z p z d G l 4 Q 29 t b W 9 u P S J o d H R w O i 8 v c 3 R p e C 5 t a X R y Z S 5 v c m c v Y 29 t b W 9 u L T E i I H h t b G 5 z O n N 0 a X h W b 2 N h Y n M 9 I m h 0 d H A 6 L y 9 z d G l 4 L m 1 p d H J l L m 9 y Z y 9 k Z W Z h d W x 0 X 3 Z v Y 2 F i d W x h c m l l c y 0 x I i B 4 b W x u c z p z d G l 4 L W 1 h Z W M 9 I m h 0 d H A 6 L y 9 z d G l 4 L m 1 p d H J l L m 9 y Z y 9 l e H R l b n N p b 25 z L 0 1 h b H d h c m U j T U F F Q z Q u M S 0 x I i B 4 b W x u c z p 5 Y X J h V E 0 9 I m h 0 d H A 6 L y 9 z d G l 4 L m 1 p d H J l L m 9 y Z y 9 l e H R l b n N p b 25 z L 1 R l c 3 R N Z W N o Y W 5 p c 20 j W U F S Q S 0 x I i B 4 b W x u c z p z d G l 4 P S J o d H R w O i 8 v c 3 R p e C 5 t a X R y Z S 5 v c m c v c 3 R p e C 0 x I i B 4 b W x u c z p O Q 0 N J Q z 0 i a H R 0 c D o v L 3 d 3 d y 51 c y 1 j Z X J 0 L m d v d i 8 i I H h t b G 5 z O n h z a T 0 i a H R 0 c D o v L 3 d 3 d y 53 M y 5 v c m c v M j A w M S 9 Y T U x T Y 2 h l b W E t a W 5 z d G F u Y 2 U i I H h z a T p z Y 2 h l b W F M b 2 N h d G l v b j 0 i I C B o d H R w O i 8 v Y 3 l i b 3 g u b W l 0 c m U u b 3 J n L 2 N v b W 1 v b i 0 y I G h 0 d H A 6 L y 9 j e W J v e C 5 t a X R y Z S 5 v c m c v W E 1 M U 2 N o Z W 1 h L 2 N v b W 1 v b i 8 y L j E v Y 3 l i b 3 h f Y 29 t b W 9 u L n h z Z C A g a H R 0 c D o v L 2 N 5 Y m 94 L m 1 p d H J l L m 9 y Z y 9 j e W J v e C 0 y I G h 0 d H A 6 L y 9 j e W J v e C 5 t a X R y Z S 5 v c m c v W E 1 M U 2 N o Z W 1 h L 2 N v c m U v M i 4 x L 2 N 5 Y m 94 X 2 N v c m U u e H N k I C B o d H R w O i 8 v Y 3 l i b 3 g u b W l 0 c m U u b 3 J n L 2 R l Z m F 1 b H R f d m 9 j Y W J 1 b G F y a W V z L T I g a H R 0 c D o v L 2 N 5 Y m 94 L m 1 p d H J l L m 9 y Z y 9 Y T U x T Y 2 h l b W E v Z G V m Y X V s d F 92 b 2 N h Y n V s Y X J p Z X M v M i 4 x L 2 N 5 Y m 94 X 2 R l Z m F 1 b H R f d m 9 j Y W J 1 b G F y a W V z L n h z Z C A g a H R 0 c D o v L 2 N 5 Y m 94 L m 1 p d H J l L m 9 y Z y 9 v Y m p l Y 3 R z I 0 F k Z H J l c 3 N P Y m p l Y 3 Q t M i B o d H R w O i 8 v Y 3 l i b 3 g u b W l 0 c m U u b 3 J n L 1 h N T F N j a G V t Y S 9 v Y m p l Y 3 R z L 0 F k Z H J l c 3 M v M i 4 x L 0 F k Z H J l c 3 N f T 2 J q Z W N 0 L n h z Z C A g a H R 0 c D o v L 2 N 5 Y m 94 L m 1 p d H J l L m 9 y Z y 9 v Y m p l Y 3 R z I 0 Z p b G V P Y m p l Y 3 Q t M i B o d H R w O i 8 v Y 3 l i b 3 g u b W l 0 c m U u b 3 J n L 1 h N T F N j a G V t Y S 9 v Y m p l Y 3 R z L 0 Z p b G U v M i 4 x L 0 Z p b G V f T 2 J q Z W N 0 L n h z Z C A g a H R 0 c D o v L 2 N 5 Y m 94 L m 1 p d H J l L m 9 y Z y 9 v Y m p l Y 3 R z I 1 B v c n R P Y m p l Y 3 Q t M i B o d H R w O i 8 v Y 3 l i b 3 g u b W l 0 c m U u b 3 J n L 1 h N T F N j a G V t Y S 9 v Y m p l Y 3 R z L 1 B v c n Q v M i 4 x L 1 B v c n R f T 2 J q Z W N 0 L n h z Z C A g a H R 0 c D o v L 2 N 5 Y m 94 L m 1 p d H J l L m 9 y Z y 9 v Y m p l Y 3 R z I 1 d o b 2 l z T 2 J q Z W N 0 L T I g a H R 0 c D o v L 2 N 5 Y m 94 L m 1 p d H J l L m 9 y Z y 9 Y T U x T Y 2 h l b W E v b 2 J q Z W N 0 c y 9 X a G 9 p c y 8 y L j E v V 2 h v a X N f T 2 J q Z W N 0 L n h z Z C A g a H R 0 c D o v L 2 N 5 Y m 94 L m 1 p d H J l L m 9 y Z y 9 v Y m p l Y 3 R z I 1 d p b k V 4 Z W N 1 d G F i b G V G a W x l T 2 J q Z W N 0 L T I g a H R 0 c D o v L 2 N 5 Y m 94 L m 1 p d H J l L m 9 y Z y 9 Y T U x T Y 2 h l b W E v b 2 J q Z W N 0 c y 9 X a W 5 f R X h l Y 3 V 0 Y W J s Z V 9 G a W x l L z I u M S 9 X a W 5 f R X h l Y 3 V 0 Y W J s Z V 9 G a W x l X 0 9 i a m V j d C 54 c 2 Q g I G h 0 d H A 6 L y 9 j e W J v e C 5 t a X R y Z S 5 v c m c v b 2 J q Z W N 0 c y N X a W 5 G a W x l T 2 J q Z W N 0 L T I g a H R 0 c D o v L 2 N 5 Y m 94 L m 1 p d H J l L m 9 y Z y 9 Y T U x T Y 2 h l b W E v b 2 J q Z W N 0 c y 9 X a W 5 f R m l s Z S 8 y L j E v V 2 l u X 0 Z p b G V f T 2 J q Z W N 0 L n h z Z C A g a H R 0 c D o v L 2 R h d G E t b W F y a 2 l u Z y 5 t a X R y Z S 5 v c m c v T W F y a 2 l u Z y 0 x I G h 0 d H A 6 L y 9 z d G l 4 L m 1 p d H J l L m 9 y Z y 9 Y T U x T Y 2 h l b W E v Z G F 0 Y V 9 t Y X J r a W 5 n L z E u M S 4 x L 2 R h d G F f b W F y a 2 l u Z y 54 c 2 Q g I G h 0 d H A 6 L y 9 k Y X R h L W 1 h c m t p b m c u b W l 0 c m U u b 3 J n L 2 V 4 d G V u c 2 l v b n M v T W F y a 2 l u Z 1 N 0 c n V j d H V y Z S N U T F A t M S B o d H R w O i 8 v c 3 R p e C 5 t a X R y Z S 5 v c m c v W E 1 M U 2 N o Z W 1 h L 2 V 4 d G V u c 2 l v b n M v b W F y a 2 l u Z y 90 b H A v M S 4 x L j E v d G x w X 21 h c m t p b m c u e H N k I C B o d H R w O i 8 v Z G F 0 Y S 1 t Y X J r a W 5 n L m 1 p d H J l L m 9 y Z y 9 l e H R l b n N p b 25 z L 0 1 h c m t p b m d T d H J 1 Y 3 R 1 c m U j V G V y b X N f T 2 Z f V X N l L T E g a H R 0 c D o v L 3 N 0 a X g u b W l 0 c m U u b 3 J n L 1 h N T F N j a G V t Y S 9 l e H R l b n N p b 25 z L 21 h c m t p b m c v d G V y b X N f b 2 Z f d X N l L z E u M C 4 x L 3 R l c m 1 z X 29 m X 3 V z Z V 9 t Y X J r a W 5 n L n h z Z C A g a H R 0 c D o v L 21 h Z W M u b W l 0 c m U u b 3 J n L 1 h N T F
"deleted" : false ,
"disable_correlation" : true ,
"object_relation" : "imported-sample" ,
"timestamp" : "1554925270" ,
"to_ids" : false ,
"type" : "attachment" ,
"uuid" : "5cae46d6-58f0-4c3c-9c58-4ff5950d210f" ,
"value" : "MAR-10135536-8.stix.xml"
} ,
{
"category" : "Other" ,
"comment" : "" ,
"deleted" : false ,
"disable_correlation" : true ,
"object_relation" : "format" ,
"timestamp" : "1554925270" ,
"to_ids" : false ,
"type" : "text" ,
"uuid" : "5cae46d6-51a8-4570-bb84-4554950d210f" ,
"value" : "STIX 1.1"
}
]
} ,
{
"comment" : "" ,
"deleted" : false ,
"description" : "VirusTotal report" ,
"meta-category" : "misc" ,
"name" : "virustotal-report" ,
"template_uuid" : "d7dd0154-e04f-4c34-a2fb-79f3a3a52aa4" ,
"template_version" : "2" ,
"timestamp" : "1555061897" ,
"uuid" : "b2d62cb5-8052-47f2-997e-dd4238004f97" ,
"Attribute" : [
{
"category" : "Other" ,
"comment" : "" ,
"deleted" : false ,
"disable_correlation" : false ,
"object_relation" : "last-submission" ,
"timestamp" : "1554925251" ,
"to_ids" : false ,
"type" : "datetime" ,
"uuid" : "93b8dd2e-154d-429c-baa1-1d816c2861b6" ,
"value" : "2019-04-12T06:44:27"
} ,
{
"category" : "Payload delivery" ,
"comment" : "" ,
"deleted" : false ,
"disable_correlation" : false ,
"object_relation" : "permalink" ,
"timestamp" : "1554925251" ,
"to_ids" : false ,
"type" : "link" ,
"uuid" : "4798f052-f860-455d-ad72-5c5675dbc0bc" ,
"value" : "https://www.virustotal.com/file/05feed9762bc46b47a7dc5c469add9f163c16df4ddaafe81983a628da5714461/analysis/1555051467/"
} ,
{
"category" : "Payload delivery" ,
"comment" : "" ,
"deleted" : false ,
"disable_correlation" : true ,
"object_relation" : "detection-ratio" ,
"timestamp" : "1554925251" ,
"to_ids" : false ,
"type" : "text" ,
"uuid" : "e0f10253-c995-4301-9c64-01c080c5b856" ,
"value" : "26/69"
}
]
} ,
{
"comment" : "" ,
"deleted" : false ,
"description" : "VirusTotal report" ,
"meta-category" : "misc" ,
"name" : "virustotal-report" ,
"template_uuid" : "d7dd0154-e04f-4c34-a2fb-79f3a3a52aa4" ,
"template_version" : "2" ,
"timestamp" : "1555061897" ,
"uuid" : "42d5dff2-e1f0-428f-a415-b83a757b7768" ,
"Attribute" : [
{
"category" : "Other" ,
"comment" : "" ,
"deleted" : false ,
"disable_correlation" : false ,
"object_relation" : "last-submission" ,
"timestamp" : "1554925254" ,
"to_ids" : false ,
"type" : "datetime" ,
"uuid" : "a2315c49-5b25-45c9-935a-609ba79bb4ba" ,
"value" : "2019-04-12T06:23:19"
} ,
{
"category" : "Payload delivery" ,
"comment" : "" ,
"deleted" : false ,
"disable_correlation" : false ,
"object_relation" : "permalink" ,
"timestamp" : "1554925254" ,
"to_ids" : false ,
"type" : "link" ,
"uuid" : "62d7f6e0-a7f6-4cf7-a869-21c0c2fa1075" ,
"value" : "https://www.virustotal.com/file/4c372df691fc699552f81c3d3937729f1dde2a2393f36c92ccc2bd2a033a0818/analysis/1555050199/"
} ,
{
"category" : "Payload delivery" ,
"comment" : "" ,
"deleted" : false ,
"disable_correlation" : true ,
"object_relation" : "detection-ratio" ,
"timestamp" : "1554925254" ,
"to_ids" : false ,
"type" : "text" ,
"uuid" : "0040fd7e-fb3e-45e9-abe3-06275410051c" ,
"value" : "20/65"
}
]
} ,
{
"comment" : "" ,
"deleted" : false ,
"description" : "VirusTotal report" ,
"meta-category" : "misc" ,
"name" : "virustotal-report" ,
"template_uuid" : "d7dd0154-e04f-4c34-a2fb-79f3a3a52aa4" ,
"template_version" : "2" ,
"timestamp" : "1555061898" ,
"uuid" : "a314859d-026b-4b02-bcf5-09d7e3c08026" ,
"Attribute" : [
{
"category" : "Other" ,
"comment" : "" ,
"deleted" : false ,
"disable_correlation" : false ,
"object_relation" : "last-submission" ,
"timestamp" : "1554925255" ,
"to_ids" : false ,
"type" : "datetime" ,
"uuid" : "880f50d2-bceb-4345-8793-672b75760927" ,
"value" : "2019-04-12T06:53:02"
} ,
{
"category" : "Payload delivery" ,
"comment" : "" ,
"deleted" : false ,
"disable_correlation" : false ,
"object_relation" : "permalink" ,
"timestamp" : "1554925255" ,
"to_ids" : false ,
"type" : "link" ,
"uuid" : "8bc328ed-c422-47c2-92c7-d9b341cc7ede" ,
"value" : "https://www.virustotal.com/file/ddea408e178f0412ae78ff5d5adf2439251f68cad4fd853ee466a3c74649642d/analysis/1555051982/"
} ,
{
"category" : "Payload delivery" ,
"comment" : "" ,
"deleted" : false ,
"disable_correlation" : true ,
"object_relation" : "detection-ratio" ,
"timestamp" : "1554925255" ,
"to_ids" : false ,
"type" : "text" ,
"uuid" : "46a21555-699d-4092-9486-b14e92c112d7" ,
"value" : "24/71"
}
]
} ,
{
"comment" : "" ,
"deleted" : false ,
"description" : "VirusTotal report" ,
"meta-category" : "misc" ,
"name" : "virustotal-report" ,
"template_uuid" : "d7dd0154-e04f-4c34-a2fb-79f3a3a52aa4" ,
"template_version" : "2" ,
"timestamp" : "1555061898" ,
"uuid" : "2fc2e78c-c6e8-424c-9ad7-e166e7737e9c" ,
"Attribute" : [
{
"category" : "Other" ,
"comment" : "" ,
"deleted" : false ,
"disable_correlation" : false ,
"object_relation" : "last-submission" ,
"timestamp" : "1554925262" ,
"to_ids" : false ,
"type" : "datetime" ,
"uuid" : "d1f5c894-44c4-49c2-a97d-49a37c85698d" ,
"value" : "2019-04-12T00:08:18"
} ,
{
"category" : "Payload delivery" ,
"comment" : "" ,
"deleted" : false ,
"disable_correlation" : false ,
"object_relation" : "permalink" ,
"timestamp" : "1554925262" ,
"to_ids" : false ,
"type" : "link" ,
"uuid" : "58dd4071-eaa2-4fb5-befb-d115f8e03c27" ,
"value" : "https://www.virustotal.com/file/cd5ff67ff773cc60c98c35f9e9d514b597cbd148789547ba152ba67bfc0fec8f/analysis/1555027698/"
} ,
{
"category" : "Payload delivery" ,
"comment" : "" ,
"deleted" : false ,
"disable_correlation" : true ,
"object_relation" : "detection-ratio" ,
"timestamp" : "1554925262" ,
"to_ids" : false ,
"type" : "text" ,
"uuid" : "be07e165-b34e-4e5e-982a-1955428d583c" ,
"value" : "45/71"
}
]
} ,
{
"comment" : "" ,
"deleted" : false ,
"description" : "VirusTotal report" ,
"meta-category" : "misc" ,
"name" : "virustotal-report" ,
"template_uuid" : "d7dd0154-e04f-4c34-a2fb-79f3a3a52aa4" ,
"template_version" : "2" ,
"timestamp" : "1555061898" ,
"uuid" : "603e0902-44f7-4457-9d0e-6246e8fce379" ,
"Attribute" : [
{
"category" : "Other" ,
"comment" : "" ,
"deleted" : false ,
"disable_correlation" : false ,
"object_relation" : "last-submission" ,
"timestamp" : "1554925252" ,
"to_ids" : false ,
"type" : "datetime" ,
"uuid" : "e68c58c8-9662-4509-91a2-f64bd137ce3c" ,
"value" : "2019-04-12T06:23:14"
} ,
{
"category" : "Payload delivery" ,
"comment" : "" ,
"deleted" : false ,
"disable_correlation" : false ,
"object_relation" : "permalink" ,
"timestamp" : "1554925252" ,
"to_ids" : false ,
"type" : "link" ,
"uuid" : "d67172a0-b4e2-4d36-846b-36f234b07ec4" ,
"value" : "https://www.virustotal.com/file/2151c1977b4555a1761c12f151969f8e853e26c396fa1a7b74ccbaf3a48f4525/analysis/1555050194/"
} ,
{
"category" : "Payload delivery" ,
"comment" : "" ,
"deleted" : false ,
"disable_correlation" : true ,
"object_relation" : "detection-ratio" ,
"timestamp" : "1554925252" ,
"to_ids" : false ,
"type" : "text" ,
"uuid" : "0eb206aa-c688-497f-8faf-ed7b99a0e18b" ,
"value" : "25/68"
}
]
} ,
{
"comment" : "" ,
"deleted" : false ,
"description" : "VirusTotal report" ,
"meta-category" : "misc" ,
"name" : "virustotal-report" ,
"template_uuid" : "d7dd0154-e04f-4c34-a2fb-79f3a3a52aa4" ,
"template_version" : "2" ,
"timestamp" : "1555061898" ,
"uuid" : "1c222ada-8f9b-4a30-9cb1-fc81cd47dee8" ,
"Attribute" : [
{
"category" : "Other" ,
"comment" : "" ,
"deleted" : false ,
"disable_correlation" : false ,
"object_relation" : "last-submission" ,
"timestamp" : "1554925257" ,
"to_ids" : false ,
"type" : "datetime" ,
"uuid" : "169375e9-1b58-4214-866d-e2c4a3c5c84e" ,
"value" : "2019-04-12T07:05:39"
} ,
{
"category" : "Payload delivery" ,
"comment" : "" ,
"deleted" : false ,
"disable_correlation" : false ,
"object_relation" : "permalink" ,
"timestamp" : "1554925257" ,
"to_ids" : false ,
"type" : "link" ,
"uuid" : "2f3db7b8-d698-4e25-8daa-32276f0a3898" ,
"value" : "https://www.virustotal.com/file/49757cf85657757704656c079785c072bbc233cab942418d99d1f63d43f28359/analysis/1555052739/"
} ,
{
"category" : "Payload delivery" ,
"comment" : "" ,
"deleted" : false ,
"disable_correlation" : true ,
"object_relation" : "detection-ratio" ,
"timestamp" : "1554925257" ,
"to_ids" : false ,
"type" : "text" ,
"uuid" : "5d7317e9-1b1e-4918-82ab-5d104080f463" ,
"value" : "36/70"
}
]
} ,
{
"comment" : "" ,
"deleted" : false ,
"description" : "VirusTotal report" ,
"meta-category" : "misc" ,
"name" : "virustotal-report" ,
"template_uuid" : "d7dd0154-e04f-4c34-a2fb-79f3a3a52aa4" ,
"template_version" : "2" ,
"timestamp" : "1555061899" ,
"uuid" : "1cba5ef3-2f91-4b11-855e-9480c7fb943d" ,
"Attribute" : [
{
"category" : "Other" ,
"comment" : "" ,
"deleted" : false ,
"disable_correlation" : false ,
"object_relation" : "last-submission" ,
"timestamp" : "1554925262" ,
"to_ids" : false ,
"type" : "datetime" ,
"uuid" : "e6bfbca4-2d0d-43fd-b802-54656eed2ed7" ,
"value" : "2019-04-12T07:13:35"
} ,
{
"category" : "Payload delivery" ,
"comment" : "" ,
"deleted" : false ,
"disable_correlation" : false ,
"object_relation" : "permalink" ,
"timestamp" : "1554925262" ,
"to_ids" : false ,
"type" : "link" ,
"uuid" : "5c7e5387-5ac8-429e-9723-0b09fb85a125" ,
"value" : "https://www.virustotal.com/file/96a296d224f285c67bee93c30f8a309157f0daa35dc5b87e410b78630a09cfc7/analysis/1555053215/"
} ,
{
"category" : "Payload delivery" ,
"comment" : "" ,
"deleted" : false ,
"disable_correlation" : true ,
"object_relation" : "detection-ratio" ,
"timestamp" : "1554925262" ,
"to_ids" : false ,
"type" : "text" ,
"uuid" : "9ab6b257-3660-495e-9b89-4a5e2dd5cd9b" ,
"value" : "0/55"
}
]
} ,
{
"comment" : "" ,
"deleted" : false ,
"description" : "VirusTotal report" ,
"meta-category" : "misc" ,
"name" : "virustotal-report" ,
"template_uuid" : "d7dd0154-e04f-4c34-a2fb-79f3a3a52aa4" ,
"template_version" : "2" ,
"timestamp" : "1555061899" ,
"uuid" : "c8b6f1f2-e727-4120-8d78-62dabe459c41" ,
"Attribute" : [
{
"category" : "Other" ,
"comment" : "" ,
"deleted" : false ,
"disable_correlation" : false ,
"object_relation" : "last-submission" ,
"timestamp" : "1554925253" ,
"to_ids" : false ,
"type" : "datetime" ,
"uuid" : "ca6344f5-5e95-4271-a592-96ccf0314ee7" ,
"value" : "2019-04-12T06:58:29"
} ,
{
"category" : "Payload delivery" ,
"comment" : "" ,
"deleted" : false ,
"disable_correlation" : false ,
"object_relation" : "permalink" ,
"timestamp" : "1554925253" ,
"to_ids" : false ,
"type" : "link" ,
"uuid" : "11acd5c2-b8ea-4c81-a710-332791eafeb2" ,
"value" : "https://www.virustotal.com/file/70902623c9cd0cccc8513850072b70732d02c266c7b7e96d2d5b2ed4f5edc289/analysis/1555052309/"
} ,
{
"category" : "Payload delivery" ,
"comment" : "" ,
"deleted" : false ,
"disable_correlation" : true ,
"object_relation" : "detection-ratio" ,
"timestamp" : "1554925253" ,
"to_ids" : false ,
"type" : "text" ,
"uuid" : "8f3057df-8a46-4914-b1c2-daf7cc935600" ,
"value" : "1/58"
}
]
} ,
{
"comment" : "" ,
"deleted" : false ,
"description" : "VirusTotal report" ,
"meta-category" : "misc" ,
"name" : "virustotal-report" ,
"template_uuid" : "d7dd0154-e04f-4c34-a2fb-79f3a3a52aa4" ,
"template_version" : "2" ,
"timestamp" : "1555061899" ,
"uuid" : "e25a593a-6702-4694-90f3-f0858a21b5e1" ,
"Attribute" : [
{
"category" : "Other" ,
"comment" : "" ,
"deleted" : false ,
"disable_correlation" : false ,
"object_relation" : "last-submission" ,
"timestamp" : "1554925256" ,
"to_ids" : false ,
"type" : "datetime" ,
"uuid" : "60a0984e-0134-4ff8-a960-91448d364c54" ,
"value" : "2019-04-12T06:23:12"
} ,
{
"category" : "Payload delivery" ,
"comment" : "" ,
"deleted" : false ,
"disable_correlation" : false ,
"object_relation" : "permalink" ,
"timestamp" : "1554925256" ,
"to_ids" : false ,
"type" : "link" ,
"uuid" : "4be1742a-c1cb-42d4-acdc-3d3b458b082b" ,
"value" : "https://www.virustotal.com/file/12480585e08855109c5972e85d99cda7701fe992bc1754f1a0736f1eebcb004d/analysis/1555050192/"
} ,
{
"category" : "Payload delivery" ,
"comment" : "" ,
"deleted" : false ,
"disable_correlation" : true ,
"object_relation" : "detection-ratio" ,
"timestamp" : "1554925256" ,
"to_ids" : false ,
"type" : "text" ,
"uuid" : "d0ffa81e-eb31-409d-8fbb-ed9b5b60b2de" ,
"value" : "25/68"
}
]
} ,
{
"comment" : "" ,
"deleted" : false ,
"description" : "VirusTotal report" ,
"meta-category" : "misc" ,
"name" : "virustotal-report" ,
"template_uuid" : "d7dd0154-e04f-4c34-a2fb-79f3a3a52aa4" ,
"template_version" : "2" ,
"timestamp" : "1555061899" ,
"uuid" : "d0962325-2049-4b8a-9cc0-8597888ef490" ,
"Attribute" : [
{
"category" : "Other" ,
"comment" : "" ,
"deleted" : false ,
"disable_correlation" : false ,
"object_relation" : "last-submission" ,
"timestamp" : "1554925262" ,
"to_ids" : false ,
"type" : "datetime" ,
"uuid" : "ec85be6d-aa4e-44a6-88ba-d88198d2618a" ,
"value" : "2019-04-12T07:16:31"
} ,
{
"category" : "Payload delivery" ,
"comment" : "" ,
"deleted" : false ,
"disable_correlation" : false ,
"object_relation" : "permalink" ,
"timestamp" : "1554925262" ,
"to_ids" : false ,
"type" : "link" ,
"uuid" : "69cedfb6-f6a1-4369-9e41-1a7fd072f9fc" ,
"value" : "https://www.virustotal.com/file/d77fdabe17cdba62a8e728cbe6c740e2c2e541072501f77988674e07a05dfb39/analysis/1555053391/"
} ,
{
"category" : "Payload delivery" ,
"comment" : "" ,
"deleted" : false ,
"disable_correlation" : true ,
"object_relation" : "detection-ratio" ,
"timestamp" : "1554925262" ,
"to_ids" : false ,
"type" : "text" ,
"uuid" : "9c254329-ec28-4e83-b7de-de5a3689e449" ,
"value" : "1/58"
}
]
} ,
{
"comment" : "" ,
"deleted" : false ,
"description" : "VirusTotal report" ,
"meta-category" : "misc" ,
"name" : "virustotal-report" ,
"template_uuid" : "d7dd0154-e04f-4c34-a2fb-79f3a3a52aa4" ,
"template_version" : "2" ,
"timestamp" : "1555061899" ,
"uuid" : "c6acfd6b-0a6a-40cc-8f76-c2fdf02f41d9" ,
"Attribute" : [
{
"category" : "Other" ,
"comment" : "" ,
"deleted" : false ,
"disable_correlation" : false ,
"object_relation" : "last-submission" ,
"timestamp" : "1554925259" ,
"to_ids" : false ,
"type" : "datetime" ,
"uuid" : "210beb7e-7b30-4996-bb9c-983da46c984c" ,
"value" : "2019-04-12T07:19:07"
} ,
{
"category" : "Payload delivery" ,
"comment" : "" ,
"deleted" : false ,
"disable_correlation" : false ,
"object_relation" : "permalink" ,
"timestamp" : "1554925259" ,
"to_ids" : false ,
"type" : "link" ,
"uuid" : "8b0d2ddb-72ae-4c60-956d-c33e57acb25a" ,
"value" : "https://www.virustotal.com/file/4a74a9fd40b63218f7504f806fce71dffefc1b1d6ca4bbaadd720b6a89d47761/analysis/1555053547/"
} ,
{
"category" : "Payload delivery" ,
"comment" : "" ,
"deleted" : false ,
"disable_correlation" : true ,
"object_relation" : "detection-ratio" ,
"timestamp" : "1554925259" ,
"to_ids" : false ,
"type" : "text" ,
"uuid" : "848f612d-4a00-4188-adf7-42a0f95a1111" ,
"value" : "22/71"
}
]
} ,
{
"comment" : "" ,
"deleted" : false ,
"description" : "VirusTotal report" ,
"meta-category" : "misc" ,
"name" : "virustotal-report" ,
"template_uuid" : "d7dd0154-e04f-4c34-a2fb-79f3a3a52aa4" ,
"template_version" : "2" ,
"timestamp" : "1555061899" ,
"uuid" : "292b76e3-83c8-4bb0-89c8-8105cf22899d" ,
"Attribute" : [
{
"category" : "Other" ,
"comment" : "" ,
"deleted" : false ,
"disable_correlation" : false ,
"object_relation" : "last-submission" ,
"timestamp" : "1554925261" ,
"to_ids" : false ,
"type" : "datetime" ,
"uuid" : "66962cf2-1f81-405b-a0cc-9c327b5d5e50" ,
"value" : "2019-04-12T06:23:21"
} ,
{
"category" : "Payload delivery" ,
"comment" : "" ,
"deleted" : false ,
"disable_correlation" : false ,
"object_relation" : "permalink" ,
"timestamp" : "1554925261" ,
"to_ids" : false ,
"type" : "link" ,
"uuid" : "c91547fb-0ccd-47ea-b791-305f804ae8df" ,
"value" : "https://www.virustotal.com/file/70034b33f59c6698403293cdc28676c7daa8c49031089efa6eefce41e22dccb3/analysis/1555050201/"
} ,
{
"category" : "Payload delivery" ,
"comment" : "" ,
"deleted" : false ,
"disable_correlation" : true ,
"object_relation" : "detection-ratio" ,
"timestamp" : "1554925261" ,
"to_ids" : false ,
"type" : "text" ,
"uuid" : "0c36ffa3-a0fd-44bd-96bf-13e85d0438b1" ,
"value" : "39/72"
}
]
} ,
{
"comment" : "" ,
"deleted" : false ,
"description" : "VirusTotal report" ,
"meta-category" : "misc" ,
"name" : "virustotal-report" ,
"template_uuid" : "d7dd0154-e04f-4c34-a2fb-79f3a3a52aa4" ,
"template_version" : "2" ,
"timestamp" : "1555061899" ,
"uuid" : "ae92ce2a-cac9-4284-8ce9-641e2a6d948b" ,
"Attribute" : [
{
"category" : "Other" ,
"comment" : "" ,
"deleted" : false ,
"disable_correlation" : false ,
"object_relation" : "last-submission" ,
"timestamp" : "1554925260" ,
"to_ids" : false ,
"type" : "datetime" ,
"uuid" : "7f5f4ca8-184b-4f77-bae9-35bb13903da1" ,
"value" : "2019-04-12T06:59:12"
} ,
{
"category" : "Payload delivery" ,
"comment" : "" ,
"deleted" : false ,
"disable_correlation" : false ,
"object_relation" : "permalink" ,
"timestamp" : "1554925260" ,
"to_ids" : false ,
"type" : "link" ,
"uuid" : "affa8f4f-0bba-4b33-b4fd-8515e13f42dd" ,
"value" : "https://www.virustotal.com/file/83228075a604e955d59edc760e4c4ed16eedabfc8f6ac291cf21b4fcbcd1f70a/analysis/1555052352/"
} ,
{
"category" : "Payload delivery" ,
"comment" : "" ,
"deleted" : false ,
"disable_correlation" : true ,
"object_relation" : "detection-ratio" ,
"timestamp" : "1554925260" ,
"to_ids" : false ,
"type" : "text" ,
"uuid" : "e58118be-80c3-4569-b3a5-441bcd6d7b63" ,
"value" : "8/70"
}
]
}
2023-04-21 13:25:09 +00:00
]
2023-12-14 14:30:15 +00:00
}
2023-04-21 13:25:09 +00:00
}