4179 lines
146 KiB
JSON
4179 lines
146 KiB
JSON
|
{
|
||
|
"Event": {
|
||
|
"analysis": "2",
|
||
|
"date": "2017-12-19",
|
||
|
"extends_uuid": "",
|
||
|
"info": "OSINT - North Korea Bitten by Bitcoin Bug: Financially motivated campaigns reveal new dimension of the Lazarus Group",
|
||
|
"publish_timestamp": "1514468225",
|
||
|
"published": true,
|
||
|
"threat_level_id": "3",
|
||
|
"timestamp": "1513911661",
|
||
|
"uuid": "5a3b6be0-1924-4671-8829-d895950d210f",
|
||
|
"Orgc": {
|
||
|
"name": "CIRCL",
|
||
|
"uuid": "55f6ea5e-2c60-40e5-964f-47a8950d210f"
|
||
|
},
|
||
|
"Tag": [
|
||
|
{
|
||
|
"colour": "#0088cc",
|
||
|
"name": "misp-galaxy:rat=\"Gh0st RAT\""
|
||
|
},
|
||
|
{
|
||
|
"colour": "#075800",
|
||
|
"name": "misp-galaxy:tool=\"Gh0st Rat\""
|
||
|
},
|
||
|
{
|
||
|
"colour": "#0088cc",
|
||
|
"name": "misp-galaxy:tool=\"gh0st\""
|
||
|
},
|
||
|
{
|
||
|
"colour": "#13eb00",
|
||
|
"name": "misp-galaxy:threat-actor=\"Lazarus Group\""
|
||
|
},
|
||
|
{
|
||
|
"colour": "#00223b",
|
||
|
"name": "osint:source-type=\"blog-post\""
|
||
|
},
|
||
|
{
|
||
|
"colour": "#002b4a",
|
||
|
"name": "osint:source-type=\"technical-report\""
|
||
|
},
|
||
|
{
|
||
|
"colour": "#ffffff",
|
||
|
"name": "tlp:white"
|
||
|
},
|
||
|
{
|
||
|
"colour": "#0088cc",
|
||
|
"name": "misp-galaxy:tool=\"PowerRatankba\""
|
||
|
},
|
||
|
{
|
||
|
"colour": "#0088cc",
|
||
|
"name": "misp-galaxy:tool=\"PowerSpritz\""
|
||
|
}
|
||
|
],
|
||
|
"Attribute": [
|
||
|
{
|
||
|
"category": "External analysis",
|
||
|
"comment": "",
|
||
|
"deleted": false,
|
||
|
"disable_correlation": false,
|
||
|
"timestamp": "1513852263",
|
||
|
"to_ids": false,
|
||
|
"type": "link",
|
||
|
"uuid": "5a3b6d7d-f078-4a39-a907-d89c950d210f",
|
||
|
"value": "https://www.proofpoint.com/us/threat-insight/post/north-korea-bitten-bitcoin-bug-financially-motivated-campaigns-reveal-new",
|
||
|
"Tag": [
|
||
|
{
|
||
|
"colour": "#00223b",
|
||
|
"name": "osint:source-type=\"blog-post\""
|
||
|
}
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"category": "External analysis",
|
||
|
"comment": "",
|
||
|
"deleted": false,
|
||
|
"disable_correlation": false,
|
||
|
"timestamp": "1513852263",
|
||
|
"to_ids": false,
|
||
|
"type": "link",
|
||
|
"uuid": "5a3b6d7d-3ea4-4753-a1d2-d89c950d210f",
|
||
|
"value": "https://www.proofpoint.com/sites/default/files/pfpt-us-wp-north-korea-bitten-by-bitcoin-bug.pdf",
|
||
|
"Tag": [
|
||
|
{
|
||
|
"colour": "#002b4a",
|
||
|
"name": "osint:source-type=\"technical-report\""
|
||
|
}
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"category": "Network activity",
|
||
|
"comment": "PowerSpritz ITW URL",
|
||
|
"deleted": false,
|
||
|
"disable_correlation": false,
|
||
|
"timestamp": "1513852263",
|
||
|
"to_ids": true,
|
||
|
"type": "url",
|
||
|
"uuid": "5a3b6e62-ce88-4719-8e60-4768950d210f",
|
||
|
"value": "http://skype.2.vu/1"
|
||
|
},
|
||
|
{
|
||
|
"category": "Network activity",
|
||
|
"comment": "PowerSpritz ITW URL",
|
||
|
"deleted": false,
|
||
|
"disable_correlation": false,
|
||
|
"timestamp": "1513852263",
|
||
|
"to_ids": true,
|
||
|
"type": "url",
|
||
|
"uuid": "5a3b6e62-102c-477c-8786-40b8950d210f",
|
||
|
"value": "http://skype.2.vu/k"
|
||
|
},
|
||
|
{
|
||
|
"category": "Network activity",
|
||
|
"comment": "PowerSpritz ITW URL",
|
||
|
"deleted": false,
|
||
|
"disable_correlation": false,
|
||
|
"timestamp": "1513852263",
|
||
|
"to_ids": true,
|
||
|
"type": "url",
|
||
|
"uuid": "5a3b6e62-9f68-400a-a279-4c1c950d210f",
|
||
|
"value": "http://skypeupdate.2.vu/1"
|
||
|
},
|
||
|
{
|
||
|
"category": "Network activity",
|
||
|
"comment": "PowerSpritz ITW URL",
|
||
|
"deleted": false,
|
||
|
"disable_correlation": false,
|
||
|
"timestamp": "1513852263",
|
||
|
"to_ids": true,
|
||
|
"type": "url",
|
||
|
"uuid": "5a3b6e62-c5fc-47b1-ac3a-4939950d210f",
|
||
|
"value": "http://telegramupdate.2.vu/5"
|
||
|
},
|
||
|
{
|
||
|
"category": "Network activity",
|
||
|
"comment": "PowerSpritz ITW URL",
|
||
|
"deleted": false,
|
||
|
"disable_correlation": false,
|
||
|
"timestamp": "1513852263",
|
||
|
"to_ids": true,
|
||
|
"type": "url",
|
||
|
"uuid": "5a3b6e62-3b0c-4dfb-8a92-4920950d210f",
|
||
|
"value": "https://doc-00-64-docs.googleusercontent.com/docs/securesc/ha0ro937gcuc7l7deffksulhg5h7mbp1/39cbphg8k5qve4q5rr6nonee1bueiu8o/1499428800000/13030420262846080952/*/0B63J1WTZC49hX1JnZUo4Y1pnRG8?e=download"
|
||
|
},
|
||
|
{
|
||
|
"category": "Network activity",
|
||
|
"comment": "PowerSpritz ITW URL",
|
||
|
"deleted": false,
|
||
|
"disable_correlation": false,
|
||
|
"timestamp": "1513852263",
|
||
|
"to_ids": true,
|
||
|
"type": "url",
|
||
|
"uuid": "5a3b6e62-84f8-45b2-8ce3-4cfa950d210f",
|
||
|
"value": "https://drive.google.com/uc?export=download&id=0B63J1WTZC49hdDR0clR3cFpITVE"
|
||
|
},
|
||
|
{
|
||
|
"category": "Network activity",
|
||
|
"comment": "PowerSpritz ITW URL",
|
||
|
"deleted": false,
|
||
|
"disable_correlation": false,
|
||
|
"timestamp": "1513852263",
|
||
|
"to_ids": true,
|
||
|
"type": "url",
|
||
|
"uuid": "5a3b6e62-aa2c-45b3-ab64-4852950d210f",
|
||
|
"value": "http://201.211.183.215:8080/update.php?t=Skype&r=update"
|
||
|
},
|
||
|
{
|
||
|
"category": "Network activity",
|
||
|
"comment": "PowerSpritz ITW URL",
|
||
|
"deleted": false,
|
||
|
"disable_correlation": false,
|
||
|
"timestamp": "1513852263",
|
||
|
"to_ids": true,
|
||
|
"type": "url",
|
||
|
"uuid": "5a3b6e62-b95c-48de-a86f-40d3950d210f",
|
||
|
"value": "http://122.248.34.23/lndex.php?t=SkypeSetup&r=mail_new"
|
||
|
},
|
||
|
{
|
||
|
"category": "Network activity",
|
||
|
"comment": "PowerSpritz ITW URL",
|
||
|
"deleted": false,
|
||
|
"disable_correlation": false,
|
||
|
"timestamp": "1513852263",
|
||
|
"to_ids": true,
|
||
|
"type": "url",
|
||
|
"uuid": "5a3b6e63-c8b0-46af-8b48-435d950d210f",
|
||
|
"value": "http://122.248.34.23/lndex.php?t=Telegram&r=1.1.9"
|
||
|
},
|
||
|
{
|
||
|
"category": "Payload delivery",
|
||
|
"comment": "PowerSpritz",
|
||
|
"deleted": false,
|
||
|
"disable_correlation": false,
|
||
|
"timestamp": "1513844465",
|
||
|
"to_ids": true,
|
||
|
"type": "sha256",
|
||
|
"uuid": "5a3b6ef1-1190-4a1f-b820-41e6950d210f",
|
||
|
"value": "cbebafb2f4d77967ffb1a74aac09633b5af616046f31dddf899019ba78a55411"
|
||
|
},
|
||
|
{
|
||
|
"category": "Payload delivery",
|
||
|
"comment": "PowerSpritz",
|
||
|
"deleted": false,
|
||
|
"disable_correlation": false,
|
||
|
"timestamp": "1513844465",
|
||
|
"to_ids": true,
|
||
|
"type": "sha256",
|
||
|
"uuid": "5a3b6ef1-38d4-4c1e-aa75-40aa950d210f",
|
||
|
"value": "9ca3e56dcb2d1b92e88a0d09d8cab2207ee6d1f55bada744ef81e8b8cf155453"
|
||
|
},
|
||
|
{
|
||
|
"category": "Payload delivery",
|
||
|
"comment": "PowerSpritz",
|
||
|
"deleted": false,
|
||
|
"disable_correlation": false,
|
||
|
"timestamp": "1513844465",
|
||
|
"to_ids": true,
|
||
|
"type": "sha256",
|
||
|
"uuid": "5a3b6ef1-0614-40e6-b027-44a4950d210f",
|
||
|
"value": "5a162898a38601e41d538f067eaf81d6a038268bc52a86cf13c2e43ca2487c07"
|
||
|
},
|
||
|
{
|
||
|
"category": "Network activity",
|
||
|
"comment": "PowerSpritz C&C",
|
||
|
"deleted": false,
|
||
|
"disable_correlation": false,
|
||
|
"timestamp": "1513852263",
|
||
|
"to_ids": true,
|
||
|
"type": "url",
|
||
|
"uuid": "5a3b7017-6038-4a51-aa3d-4155950d210f",
|
||
|
"value": "http://dogecoin.deaftone.com:8080/mainls.cs"
|
||
|
},
|
||
|
{
|
||
|
"category": "Network activity",
|
||
|
"comment": "PowerSpritz C&C",
|
||
|
"deleted": false,
|
||
|
"disable_correlation": false,
|
||
|
"timestamp": "1513852264",
|
||
|
"to_ids": true,
|
||
|
"type": "url",
|
||
|
"uuid": "5a3b7017-0d8c-4ceb-a36d-4e5c950d210f",
|
||
|
"value": "http://macintosh.linkpc.net:8080/mainls.cs"
|
||
|
},
|
||
|
{
|
||
|
"category": "Payload delivery",
|
||
|
"comment": "Microsoft Compiled HTML Help (CHM)",
|
||
|
"deleted": false,
|
||
|
"disable_correlation": false,
|
||
|
"timestamp": "1513844829",
|
||
|
"to_ids": true,
|
||
|
"type": "sha256",
|
||
|
"uuid": "5a3b705d-b038-42db-8077-48d2950d210f",
|
||
|
"value": "81617bd4fa5d6c1a703c40157fbe16c55c11260723b7f63de022fd5dd241bdbf"
|
||
|
},
|
||
|
{
|
||
|
"category": "Payload delivery",
|
||
|
"comment": "Microsoft Compiled HTML Help (CHM)",
|
||
|
"deleted": false,
|
||
|
"disable_correlation": false,
|
||
|
"timestamp": "1513844829",
|
||
|
"to_ids": true,
|
||
|
"type": "sha256",
|
||
|
"uuid": "5a3b705d-feb0-48aa-8aa9-43b0950d210f",
|
||
|
"value": "d5f9a81df5061c69be9c0ed55fba7d796e1a8ebab7c609ae437c574bd7b30b48"
|
||
|
},
|
||
|
{
|
||
|
"category": "Payload delivery",
|
||
|
"comment": "Microsoft Compiled HTML Help (CHM)",
|
||
|
"deleted": false,
|
||
|
"disable_correlation": false,
|
||
|
"timestamp": "1513844829",
|
||
|
"to_ids": true,
|
||
|
"type": "sha256",
|
||
|
"uuid": "5a3b705d-d3dc-4e70-9962-4366950d210f",
|
||
|
"value": "4eb2dd5e90bda6da5efbd213c8472775bdd16e67bcf559f58802a8c371848212"
|
||
|
},
|
||
|
{
|
||
|
"category": "Payload delivery",
|
||
|
"comment": "Microsoft Compiled HTML Help (CHM)",
|
||
|
"deleted": false,
|
||
|
"disable_correlation": false,
|
||
|
"timestamp": "1513844829",
|
||
|
"to_ids": true,
|
||
|
"type": "sha256",
|
||
|
"uuid": "5a3b705d-cba0-44f4-95e7-401f950d210f",
|
||
|
"value": "01b047e0f3b49f8ab6ebf6795bc72ba7f63d7acbc68f65f1f8f66e34de827e49"
|
||
|
},
|
||
|
{
|
||
|
"category": "Payload delivery",
|
||
|
"comment": "Microsoft Compiled HTML Help (CHM)",
|
||
|
"deleted": false,
|
||
|
"disable_correlation": false,
|
||
|
"timestamp": "1513844829",
|
||
|
"to_ids": true,
|
||
|
"type": "sha256",
|
||
|
"uuid": "5a3b705d-536c-4957-b446-49cc950d210f",
|
||
|
"value": "9d10911a7bbf26f58b5e39342540761885422b878617f864bfdb16195b7cd0f5"
|
||
|
},
|
||
|
{
|
||
|
"category": "Payload delivery",
|
||
|
"comment": "Microsoft Compiled HTML Help (CHM)",
|
||
|
"deleted": false,
|
||
|
"disable_correlation": false,
|
||
|
"timestamp": "1513844829",
|
||
|
"to_ids": true,
|
||
|
"type": "sha256",
|
||
|
"uuid": "5a3b705d-4ee4-4fc2-be34-4175950d210f",
|
||
|
"value": "85a263fc34883fc514be48da2d814f1b43525e63049c6b180c73c8ec00920f51"
|
||
|
},
|
||
|
{
|
||
|
"category": "Payload delivery",
|
||
|
"comment": "Microsoft Compiled HTML Help (CHM)",
|
||
|
"deleted": false,
|
||
|
"disable_correlation": false,
|
||
|
"timestamp": "1513844829",
|
||
|
"to_ids": true,
|
||
|
"type": "sha256",
|
||
|
"uuid": "5a3b705d-f974-4f08-a635-4a22950d210f",
|
||
|
"value": "6cb1e9850dd853880bbaf68ea23243bac9c430df576fa1e679d7f26d56785984"
|
||
|
},
|
||
|
{
|
||
|
"category": "Payload delivery",
|
||
|
"comment": "Microsoft Compiled HTML Help (CHM)",
|
||
|
"deleted": false,
|
||
|
"disable_correlation": false,
|
||
|
"timestamp": "1513844829",
|
||
|
"to_ids": true,
|
||
|
"type": "sha256",
|
||
|
"uuid": "5a3b705d-ec48-4de3-916a-4ed7950d210f",
|
||
|
"value": "772b9b873100375c9696d87724f8efa2c8c1484853d40b52c6dc6f7759f5db01"
|
||
|
},
|
||
|
{
|
||
|
"category": "Payload delivery",
|
||
|
"comment": "Microsoft Compiled HTML Help (CHM)",
|
||
|
"deleted": false,
|
||
|
"disable_correlation": false,
|
||
|
"timestamp": "1513844829",
|
||
|
"to_ids": true,
|
||
|
"type": "sha256",
|
||
|
"uuid": "5a3b705d-1bb0-45e3-9392-44c7950d210f",
|
||
|
"value": "6d4415a2cbedc960c7c7055626c61842b3a3ca4718e2ac0e3d2ac0c7ef41b84d"
|
||
|
},
|
||
|
{
|
||
|
"category": "Payload delivery",
|
||
|
"comment": "Microsoft Compiled HTML Help (CHM)",
|
||
|
"deleted": false,
|
||
|
"disable_correlation": false,
|
||
|
"timestamp": "1513844829",
|
||
|
"to_ids": true,
|
||
|
"type": "sha256",
|
||
|
"uuid": "5a3b705d-2674-42df-acfe-44f9950d210f",
|
||
|
"value": "030b4525558f2c411f972d91b144870b388380b59372e1798926cc2958242863"
|
||
|
},
|
||
|
{
|
||
|
"category": "Network activity",
|
||
|
"comment": "Microsoft Compiled HTML Help (CHM) C&C",
|
||
|
"deleted": false,
|
||
|
"disable_correlation": false,
|
||
|
"timestamp": "1513852264",
|
||
|
"to_ids": true,
|
||
|
"type": "url",
|
||
|
"uuid": "5a3b7225-3578-4cc8-9805-4eaa950d210f",
|
||
|
"value": "http://92.222.106.229/theme.gif"
|
||
|
},
|
||
|
{
|
||
|
"category": "Network activity",
|
||
|
"comment": "Microsoft Compiled HTML Help (CHM) C&C",
|
||
|
"deleted": false,
|
||
|
"disable_correlation": false,
|
||
|
"timestamp": "1513852264",
|
||
|
"to_ids": true,
|
||
|
"type": "url",
|
||
|
"uuid": "5a3b7225-6db0-41a5-980c-452e950d210f",
|
||
|
"value": "http://www.businesshop.net/hide.gif"
|
||
|
},
|
||
|
{
|
||
|
"category": "Payload delivery",
|
||
|
"comment": "MS Shortcut Link (LNK)",
|
||
|
"deleted": false,
|
||
|
"disable_correlation": false,
|
||
|
"timestamp": "1513845330",
|
||
|
"to_ids": true,
|
||
|
"type": "sha256",
|
||
|
"uuid": "5a3b7252-a444-404d-8f58-d89a950d210f",
|
||
|
"value": "beecb33ef8adec99bbba3b64245c7230986c3c1a7f3246b0d26c641887387bfe"
|
||
|
},
|
||
|
{
|
||
|
"category": "Payload delivery",
|
||
|
"comment": "MS Shortcut Link (LNK)",
|
||
|
"deleted": false,
|
||
|
"disable_correlation": false,
|
||
|
"timestamp": "1513845330",
|
||
|
"to_ids": true,
|
||
|
"type": "sha256",
|
||
|
"uuid": "5a3b7252-0bd0-4158-a789-d89a950d210f",
|
||
|
"value": "8f0b83d4ff6d8720e134b467b34728c2823c4d75313ef6dce717b06f414bdf5c"
|
||
|
},
|
||
|
{
|
||
|
"category": "Network activity",
|
||
|
"comment": "MS Shortcut Link (LNK) C&C",
|
||
|
"deleted": false,
|
||
|
"disable_correlation": false,
|
||
|
"timestamp": "1513852264",
|
||
|
"to_ids": true,
|
||
|
"type": "url",
|
||
|
"uuid": "5a3b7252-2954-4669-b2af-d89a950d210f",
|
||
|
"value": "http://tinyurl.com/y9jbk8cg"
|
||
|
},
|
||
|
{
|
||
|
"category": "Network activity",
|
||
|
"comment": "MS Shortcut Link (LNK) C&C",
|
||
|
"deleted": false,
|
||
|
"disable_correlation": false,
|
||
|
"timestamp": "1513852264",
|
||
|
"to_ids": true,
|
||
|
"type": "url",
|
||
|
"uuid": "5a3b7252-ed2c-4cd7-9f37-d89a950d210f",
|
||
|
"value": "http://201.211.183.215:8080/pdfviewer.php?o=0&t=report&m=0"
|
||
|
},
|
||
|
{
|
||
|
"category": "Payload delivery",
|
||
|
"comment": "JavaScript",
|
||
|
"deleted": false,
|
||
|
"disable_correlation": false,
|
||
|
"timestamp": "1513845819",
|
||
|
"to_ids": true,
|
||
|
"type": "sha256",
|
||
|
"uuid": "5a3b743b-55e8-4e64-a5c8-4a82950d210f",
|
||
|
"value": "e7581e1f112edc7e9fbb0383dd5780c4f2dd9923c4acc09b407f718ab6f7753d"
|
||
|
},
|
||
|
{
|
||
|
"category": "Payload delivery",
|
||
|
"comment": "JavaScript",
|
||
|
"deleted": false,
|
||
|
"disable_correlation": false,
|
||
|
"timestamp": "1513845819",
|
||
|
"to_ids": true,
|
||
|
"type": "sha256",
|
||
|
"uuid": "5a3b743b-cbcc-41e3-9a05-4217950d210f",
|
||
|
"value": "7975c09dd436fededd38acee9769ad367bfe07c769770bd152f33a10ed36529e"
|
||
|
},
|
||
|
{
|
||
|
"category": "Payload delivery",
|
||
|
"comment": "JavaScript",
|
||
|
"deleted": false,
|
||
|
"disable_correlation": false,
|
||
|
"timestamp": "1513845819",
|
||
|
"to_ids": true,
|
||
|
"type": "sha256",
|
||
|
"uuid": "5a3b743b-3c9c-4600-a3e8-4871950d210f",
|
||
|
"value": "100c6400331fa1919958bed122b88f1599a61b3bb113d98b218a535443ebc3a7"
|
||
|
},
|
||
|
{
|
||
|
"category": "Payload delivery",
|
||
|
"comment": "JavaScript",
|
||
|
"deleted": false,
|
||
|
"disable_correlation": false,
|
||
|
"timestamp": "1513845819",
|
||
|
"to_ids": true,
|
||
|
"type": "sha256",
|
||
|
"uuid": "5a3b743b-0104-4f3b-a337-4744950d210f",
|
||
|
"value": "8ff100ca86cb62117f1290e71d5f9c0519661d6c955d9fcfb71f0bbdf75b51b3"
|
||
|
},
|
||
|
{
|
||
|
"category": "Payload delivery",
|
||
|
"comment": "JavaScript",
|
||
|
"deleted": false,
|
||
|
"disable_correlation": false,
|
||
|
"timestamp": "1513845819",
|
||
|
"to_ids": true,
|
||
|
"type": "sha256",
|
||
|
"uuid": "5a3b743b-312c-4091-bc28-4408950d210f",
|
||
|
"value": "97c6c69405ed721a64c158f18ab4386e3ade19841b0dea3dcce6b521faf3a660"
|
||
|
},
|
||
|
{
|
||
|
"category": "Payload delivery",
|
||
|
"comment": "JavaScript",
|
||
|
"deleted": false,
|
||
|
"disable_correlation": false,
|
||
|
"timestamp": "1513845819",
|
||
|
"to_ids": true,
|
||
|
"type": "sha256",
|
||
|
"uuid": "5a3b743b-0550-4eb6-b378-4b26950d210f",
|
||
|
"value": "41ee2947356b26e4d8aca826ae392be932cd8800476840713e9b6c630972604f"
|
||
|
},
|
||
|
{
|
||
|
"category": "Payload delivery",
|
||
|
"comment": "JavaScript",
|
||
|
"deleted": false,
|
||
|
"disable_correlation": false,
|
||
|
"timestamp": "1513845819",
|
||
|
"to_ids": true,
|
||
|
"type": "sha256",
|
||
|
"uuid": "5a3b743b-7ea8-444e-b7da-41b0950d210f",
|
||
|
"value": "25f13dca780bafb0001d521ea6e76a3bd4dd74ce137596b948d41794ece59a66"
|
||
|
},
|
||
|
{
|
||
|
"category": "Network activity",
|
||
|
"comment": "JavaScript C&C",
|
||
|
"deleted": false,
|
||
|
"disable_correlation": false,
|
||
|
"timestamp": "1513852263",
|
||
|
"to_ids": true,
|
||
|
"type": "url",
|
||
|
"uuid": "5a3b74a3-e1f0-4a5d-8e55-47a7950d210f",
|
||
|
"value": "http://51.255.219.82/files/download/falconcoin.zip"
|
||
|
},
|
||
|
{
|
||
|
"category": "Network activity",
|
||
|
"comment": "JavaScript C&C",
|
||
|
"deleted": false,
|
||
|
"disable_correlation": false,
|
||
|
"timestamp": "1513852263",
|
||
|
"to_ids": true,
|
||
|
"type": "url",
|
||
|
"uuid": "5a3b74a3-fd30-42dc-aaeb-4f6c950d210f",
|
||
|
"value": "http://51.255.219.82/theme.gif"
|
||
|
},
|
||
|
{
|
||
|
"category": "Network activity",
|
||
|
"comment": "JavaScript C&C",
|
||
|
"deleted": false,
|
||
|
"disable_correlation": false,
|
||
|
"timestamp": "1513852263",
|
||
|
"to_ids": true,
|
||
|
"type": "url",
|
||
|
"uuid": "5a3b74a3-5ae4-4707-a8d3-4406950d210f",
|
||
|
"value": "http://51.255.219.82/files/download/falconcoin.pdf"
|
||
|
},
|
||
|
{
|
||
|
"category": "Network activity",
|
||
|
"comment": "JavaScript C&C",
|
||
|
"deleted": false,
|
||
|
"disable_correlation": false,
|
||
|
"timestamp": "1513852263",
|
||
|
"to_ids": true,
|
||
|
"type": "url",
|
||
|
"uuid": "5a3b74a3-8634-4291-83b4-4384950d210f",
|
||
|
"value": "http://apps.got-game.org/images/character.gif"
|
||
|
},
|
||
|
{
|
||
|
"category": "Network activity",
|
||
|
"comment": "JavaScript C&C",
|
||
|
"deleted": false,
|
||
|
"disable_correlation": false,
|
||
|
"timestamp": "1513852263",
|
||
|
"to_ids": true,
|
||
|
"type": "url",
|
||
|
"uuid": "5a3b74a3-bc10-4329-8905-4240950d210f",
|
||
|
"value": "http://apps.got-game.org/files/download/transaction.pdf"
|
||
|
},
|
||
|
{
|
||
|
"category": "Network activity",
|
||
|
"comment": "JavaScript C&C",
|
||
|
"deleted": false,
|
||
|
"disable_correlation": false,
|
||
|
"timestamp": "1513852263",
|
||
|
"to_ids": true,
|
||
|
"type": "url",
|
||
|
"uuid": "5a3b74a3-d248-477e-894a-44fb950d210f",
|
||
|
"value": "http://www.energydonate.com/files/download/bithumb.zip"
|
||
|
},
|
||
|
{
|
||
|
"category": "Network activity",
|
||
|
"comment": "JavaScript C&C",
|
||
|
"deleted": false,
|
||
|
"disable_correlation": false,
|
||
|
"timestamp": "1513852263",
|
||
|
"to_ids": true,
|
||
|
"type": "url",
|
||
|
"uuid": "5a3b74a3-aeb0-4f70-977c-48fe950d210f",
|
||
|
"value": "http://www.energydonate.com/images/character.gif"
|
||
|
},
|
||
|
{
|
||
|
"category": "Network activity",
|
||
|
"comment": "JavaScript C&C",
|
||
|
"deleted": false,
|
||
|
"disable_correlation": false,
|
||
|
"timestamp": "1513852263",
|
||
|
"to_ids": true,
|
||
|
"type": "url",
|
||
|
"uuid": "5a3b74a3-dd20-4a97-b5b5-4f28950d210f",
|
||
|
"value": "http://www.energydonate.com/files/download/bithumb.pdf"
|
||
|
},
|
||
|
{
|
||
|
"category": "Payload delivery",
|
||
|
"comment": "MS Office Docs",
|
||
|
"deleted": false,
|
||
|
"disable_correlation": false,
|
||
|
"timestamp": "1513846618",
|
||
|
"to_ids": true,
|
||
|
"type": "sha256",
|
||
|
"uuid": "5a3b775a-2584-41ea-a2fe-40ac950d210f",
|
||
|
"value": "b3235a703026b2077ccfa20b3dabd82d65c6b5645f7f15e7bbad1ce8173c7960"
|
||
|
},
|
||
|
{
|
||
|
"category": "Payload delivery",
|
||
|
"comment": "MS Office Docs",
|
||
|
"deleted": false,
|
||
|
"disable_correlation": false,
|
||
|
"timestamp": "1513846618",
|
||
|
"to_ids": true,
|
||
|
"type": "sha256",
|
||
|
"uuid": "5a3b775a-38f4-4a8f-9baf-42d4950d210f",
|
||
|
"value": "b9cf1cba0f626668793b9624e55c76e2dab56893b21239523f2a2a0281844c6d"
|
||
|
},
|
||
|
{
|
||
|
"category": "Payload delivery",
|
||
|
"comment": "MS Office Docs",
|
||
|
"deleted": false,
|
||
|
"disable_correlation": false,
|
||
|
"timestamp": "1513846618",
|
||
|
"to_ids": true,
|
||
|
"type": "sha256",
|
||
|
"uuid": "5a3b775a-3798-4861-9fdb-4685950d210f",
|
||
|
"value": "972b598d709b66b35900dc21c5225e5f0d474f241fefa890b381089afd7d44ee"
|
||
|
},
|
||
|
{
|
||
|
"category": "Network activity",
|
||
|
"comment": "MS Office Docs C&C",
|
||
|
"deleted": false,
|
||
|
"disable_correlation": false,
|
||
|
"timestamp": "1513852264",
|
||
|
"to_ids": true,
|
||
|
"type": "ip-dst",
|
||
|
"uuid": "5a3b775a-8868-491f-a074-41b4950d210f",
|
||
|
"value": "198.100.157.239"
|
||
|
},
|
||
|
{
|
||
|
"category": "Payload delivery",
|
||
|
"comment": "PyInstaller",
|
||
|
"deleted": false,
|
||
|
"disable_correlation": false,
|
||
|
"timestamp": "1513846778",
|
||
|
"to_ids": true,
|
||
|
"type": "sha256",
|
||
|
"uuid": "5a3b77fa-96cc-4e05-939c-4b90950d210f",
|
||
|
"value": "b530de08530d1ba19a94bc075e74e2236c106466dedc92be3abdee9908e8cf7e"
|
||
|
},
|
||
|
{
|
||
|
"category": "Payload delivery",
|
||
|
"comment": "PyInstaller",
|
||
|
"deleted": false,
|
||
|
"disable_correlation": false,
|
||
|
"timestamp": "1513846778",
|
||
|
"to_ids": true,
|
||
|
"type": "sha256",
|
||
|
"uuid": "5a3b77fa-ba64-412b-873a-4ef0950d210f",
|
||
|
"value": "eab612e333baaec0709f3f213f73388607e495d8af9a2851f352481e996283f1"
|
||
|
},
|
||
|
{
|
||
|
"category": "Payload delivery",
|
||
|
"comment": "PyInstaller",
|
||
|
"deleted": false,
|
||
|
"disable_correlation": false,
|
||
|
"timestamp": "1513846778",
|
||
|
"to_ids": true,
|
||
|
"type": "sha256",
|
||
|
"uuid": "5a3b77fa-8e24-4966-ab98-40cf950d210f",
|
||
|
"value": "eb372423e4dcd4665cc03ffc384ff625ae4afd13f6d0589e4568354be271f86e"
|
||
|
},
|
||
|
{
|
||
|
"category": "Network activity",
|
||
|
"comment": "PyInstaller Hosting or Email IDNA",
|
||
|
"deleted": false,
|
||
|
"disable_correlation": false,
|
||
|
"timestamp": "1513852264",
|
||
|
"to_ids": true,
|
||
|
"type": "domain",
|
||
|
"uuid": "5a3b7813-ca8c-414b-8d85-4a56950d210f",
|
||
|
"value": "xn--bitcin-zxa.org"
|
||
|
},
|
||
|
{
|
||
|
"category": "Network activity",
|
||
|
"comment": "PyInstaller Hosting or Email IDNA",
|
||
|
"deleted": false,
|
||
|
"disable_correlation": false,
|
||
|
"timestamp": "1513852264",
|
||
|
"to_ids": true,
|
||
|
"type": "domain",
|
||
|
"uuid": "5a3b7813-9918-42db-986a-4523950d210f",
|
||
|
"value": "xn--electrm-s2a.org"
|
||
|
},
|
||
|
{
|
||
|
"category": "Network activity",
|
||
|
"comment": "PyInstaller Hosting or Email IDNA",
|
||
|
"deleted": false,
|
||
|
"disable_correlation": false,
|
||
|
"timestamp": "1513852264",
|
||
|
"to_ids": true,
|
||
|
"type": "domain",
|
||
|
"uuid": "5a3b7813-814c-4ca4-92d3-4f59950d210f",
|
||
|
"value": "xn--bitcingold-hcb.org"
|
||
|
},
|
||
|
{
|
||
|
"category": "Network activity",
|
||
|
"comment": "PyInstaller Hosting or Email IDNA",
|
||
|
"deleted": false,
|
||
|
"disable_correlation": false,
|
||
|
"timestamp": "1513852264",
|
||
|
"to_ids": true,
|
||
|
"type": "domain",
|
||
|
"uuid": "5a3b7813-5540-4536-b2c0-4e56950d210f",
|
||
|
"value": "xn--bitcoigold-o1b.com"
|
||
|
},
|
||
|
{
|
||
|
"category": "Network activity",
|
||
|
"comment": "PyInstaller Hosting or Email IDNA",
|
||
|
"deleted": false,
|
||
|
"disable_correlation": false,
|
||
|
"timestamp": "1513852264",
|
||
|
"to_ids": true,
|
||
|
"type": "domain",
|
||
|
"uuid": "5a3b7813-9dc0-44ba-8081-4b2b950d210f",
|
||
|
"value": "xn--bitcoingld-lcb.com"
|
||
|
},
|
||
|
{
|
||
|
"category": "Network activity",
|
||
|
"comment": "PyInstaller Hosting or Email IDNA",
|
||
|
"deleted": false,
|
||
|
"disable_correlation": false,
|
||
|
"timestamp": "1513852264",
|
||
|
"to_ids": true,
|
||
|
"type": "domain",
|
||
|
"uuid": "5a3b7813-6e54-4dc6-ba00-43b3950d210f",
|
||
|
"value": "xn--bitcoingld-lcb.org"
|
||
|
},
|
||
|
{
|
||
|
"category": "Network activity",
|
||
|
"comment": "PyInstaller Hosting or Email IDNA",
|
||
|
"deleted": false,
|
||
|
"disable_correlation": false,
|
||
|
"timestamp": "1513852264",
|
||
|
"to_ids": true,
|
||
|
"type": "domain",
|
||
|
"uuid": "5a3b7813-6e2c-41c4-9107-4aca950d210f",
|
||
|
"value": "xn--bitcoingod-8yb.com"
|
||
|
},
|
||
|
{
|
||
|
"category": "Network activity",
|
||
|
"comment": "PyInstaller Hosting or Email IDNA",
|
||
|
"deleted": false,
|
||
|
"disable_correlation": false,
|
||
|
"timestamp": "1513852264",
|
||
|
"to_ids": true,
|
||
|
"type": "domain",
|
||
|
"uuid": "5a3b7813-d160-4a5b-88ae-459f950d210f",
|
||
|
"value": "xn--btcongold-54ad.com"
|
||
|
},
|
||
|
{
|
||
|
"category": "Network activity",
|
||
|
"comment": "PyInstaller Hosting or Email IDNA",
|
||
|
"deleted": false,
|
||
|
"disable_correlation": false,
|
||
|
"timestamp": "1513852264",
|
||
|
"to_ids": true,
|
||
|
"type": "domain",
|
||
|
"uuid": "5a3b7813-7a80-412c-8f49-4188950d210f",
|
||
|
"value": "xn--btcongold-g5ad.com"
|
||
|
},
|
||
|
{
|
||
|
"category": "Network activity",
|
||
|
"comment": "Likely Related IDNA",
|
||
|
"deleted": false,
|
||
|
"disable_correlation": false,
|
||
|
"timestamp": "1513852264",
|
||
|
"to_ids": true,
|
||
|
"type": "domain",
|
||
|
"uuid": "5a3b7866-992c-4c27-b1bd-4a22950d210f",
|
||
|
"value": "xn--6fgp.com"
|
||
|
},
|
||
|
{
|
||
|
"category": "Network activity",
|
||
|
"comment": "Likely Related IDNA",
|
||
|
"deleted": false,
|
||
|
"disable_correlation": false,
|
||
|
"timestamp": "1513852264",
|
||
|
"to_ids": true,
|
||
|
"type": "domain",
|
||
|
"uuid": "5a3b7866-f09c-405e-9b03-4498950d210f",
|
||
|
"value": "xn--bitcingold-jbb.com"
|
||
|
},
|
||
|
{
|
||
|
"category": "Network activity",
|
||
|
"comment": "Likely Related IDNA",
|
||
|
"deleted": false,
|
||
|
"disable_correlation": false,
|
||
|
"timestamp": "1513852264",
|
||
|
"to_ids": true,
|
||
|
"type": "domain",
|
||
|
"uuid": "5a3b7866-c288-492e-9fbd-4f30950d210f",
|
||
|
"value": "xn--bitcingold-t3b.com"
|
||
|
},
|
||
|
{
|
||
|
"category": "Network activity",
|
||
|
"comment": "Likely Related IDNA",
|
||
|
"deleted": false,
|
||
|
"disable_correlation": false,
|
||
|
"timestamp": "1513852264",
|
||
|
"to_ids": true,
|
||
|
"type": "domain",
|
||
|
"uuid": "5a3b7866-05c4-46dc-9a1c-4a00950d210f",
|
||
|
"value": "xn--bitcoingol-4kb.com"
|
||
|
},
|
||
|
{
|
||
|
"category": "Network activity",
|
||
|
"comment": "Likely Related IDNA",
|
||
|
"deleted": false,
|
||
|
"disable_correlation": false,
|
||
|
"timestamp": "1513852264",
|
||
|
"to_ids": true,
|
||
|
"type": "domain",
|
||
|
"uuid": "5a3b7866-1d3c-4c6c-9341-4964950d210f",
|
||
|
"value": "xn--bitoingold-1ib.com"
|
||
|
},
|
||
|
{
|
||
|
"category": "Network activity",
|
||
|
"comment": "Likely Related IDNA",
|
||
|
"deleted": false,
|
||
|
"disable_correlation": false,
|
||
|
"timestamp": "1513852264",
|
||
|
"to_ids": true,
|
||
|
"type": "domain",
|
||
|
"uuid": "5a3b7866-1b50-4b5c-9cdb-499c950d210f",
|
||
|
"value": "xn--btcoingold-v8a.com"
|
||
|
},
|
||
|
{
|
||
|
"category": "Network activity",
|
||
|
"comment": "Likely Related IDNA",
|
||
|
"deleted": false,
|
||
|
"disable_correlation": false,
|
||
|
"timestamp": "1513852264",
|
||
|
"to_ids": true,
|
||
|
"type": "domain",
|
||
|
"uuid": "5a3b7866-f014-4528-b170-45bd950d210f",
|
||
|
"value": "xn--bitcoingldwallet-twb.org"
|
||
|
},
|
||
|
{
|
||
|
"category": "Network activity",
|
||
|
"comment": "PyInstaller C&C",
|
||
|
"deleted": false,
|
||
|
"disable_correlation": false,
|
||
|
"timestamp": "1513852264",
|
||
|
"to_ids": true,
|
||
|
"type": "url",
|
||
|
"uuid": "5a3b7883-d7f4-489a-9bf1-4586950d210f",
|
||
|
"value": "http://www.btc-gold.us/images/top_bar.gif"
|
||
|
},
|
||
|
{
|
||
|
"category": "Network activity",
|
||
|
"comment": "PyInstaller C&C",
|
||
|
"deleted": false,
|
||
|
"disable_correlation": false,
|
||
|
"timestamp": "1513852264",
|
||
|
"to_ids": true,
|
||
|
"type": "url",
|
||
|
"uuid": "5a3b7883-7a50-4c6f-9ed8-4fa4950d210f",
|
||
|
"value": "http://trade.publicvm.com/images/top_bar.gif"
|
||
|
},
|
||
|
{
|
||
|
"category": "Payload delivery",
|
||
|
"comment": "PowerRatankba",
|
||
|
"deleted": false,
|
||
|
"disable_correlation": false,
|
||
|
"timestamp": "1513846981",
|
||
|
"to_ids": true,
|
||
|
"type": "sha256",
|
||
|
"uuid": "5a3b78c5-cc40-4c48-a9d5-468b950d210f",
|
||
|
"value": "41f155f039448edb42c3a566e7b8e150829b97d83109c0c394d199cdcfd20f9b"
|
||
|
},
|
||
|
{
|
||
|
"category": "Payload delivery",
|
||
|
"comment": "PowerRatankba",
|
||
|
"deleted": false,
|
||
|
"disable_correlation": false,
|
||
|
"timestamp": "1513846981",
|
||
|
"to_ids": true,
|
||
|
"type": "sha256",
|
||
|
"uuid": "5a3b78c5-8710-4016-bd90-48e6950d210f",
|
||
|
"value": "20f7e342a5f3224cab8f0439e2ba02bb051cd3e1afcd603142a60ac8af9699ba"
|
||
|
},
|
||
|
{
|
||
|
"category": "Payload delivery",
|
||
|
"comment": "PowerRatankba",
|
||
|
"deleted": false,
|
||
|
"disable_correlation": false,
|
||
|
"timestamp": "1513846981",
|
||
|
"to_ids": true,
|
||
|
"type": "sha256",
|
||
|
"uuid": "5a3b78c5-42dc-48ed-bd98-4d49950d210f",
|
||
|
"value": "db8163d054a35522d0dec35743cfd2c9872e0eb446467b573a79f84d61761471"
|
||
|
},
|
||
|
{
|
||
|
"category": "Payload delivery",
|
||
|
"comment": "PowerRatankba",
|
||
|
"deleted": false,
|
||
|
"disable_correlation": false,
|
||
|
"timestamp": "1513846981",
|
||
|
"to_ids": true,
|
||
|
"type": "sha256",
|
||
|
"uuid": "5a3b78c5-6718-43c8-93b1-44b0950d210f",
|
||
|
"value": "3cd0689b2bae5109caedeb2cf9dd4b3a975ab277fadbbb26065e489565470a5c"
|
||
|
},
|
||
|
{
|
||
|
"category": "Payload delivery",
|
||
|
"comment": "PowerRatankba",
|
||
|
"deleted": false,
|
||
|
"disable_correlation": false,
|
||
|
"timestamp": "1513846981",
|
||
|
"to_ids": true,
|
||
|
"type": "sha256",
|
||
|
"uuid": "5a3b78c5-5728-45aa-ae7e-49d4950d210f",
|
||
|
"value": "b265a5d984c4654ac0b25ddcf8048d0aabc28e36d3e2439d1c08468842857f46"
|
||
|
},
|
||
|
{
|
||
|
"category": "Payload delivery",
|
||
|
"comment": "PowerRatankba",
|
||
|
"deleted": false,
|
||
|
"disable_correlation": false,
|
||
|
"timestamp": "1513846981",
|
||
|
"to_ids": true,
|
||
|
"type": "sha256",
|
||
|
"uuid": "5a3b78c5-3c7c-45c1-96af-4d68950d210f",
|
||
|
"value": "1768f2e9cea5f8c97007c6f822531c1c9043c151187c54ebfb289980ff63d666"
|
||
|
},
|
||
|
{
|
||
|
"category": "Payload delivery",
|
||
|
"comment": "PowerRatankba",
|
||
|
"deleted": false,
|
||
|
"disable_correlation": false,
|
||
|
"timestamp": "1513846981",
|
||
|
"to_ids": true,
|
||
|
"type": "sha256",
|
||
|
"uuid": "5a3b78c5-1ca0-4ad0-8150-40b4950d210f",
|
||
|
"value": "99ad06cca4910c62e8d6b68801c6122137cf8458083bb58cbc767eebc220180d"
|
||
|
},
|
||
|
{
|
||
|
"category": "Payload delivery",
|
||
|
"comment": "PowerRatankba",
|
||
|
"deleted": false,
|
||
|
"disable_correlation": false,
|
||
|
"timestamp": "1513846981",
|
||
|
"to_ids": true,
|
||
|
"type": "sha256",
|
||
|
"uuid": "5a3b78c5-ae1c-44e3-8cda-4e69950d210f",
|
||
|
"value": "f7f2dd674532056c0d67ef1fb7c8ae8dd0484768604b551ee9b6c4405008fe6b"
|
||
|
},
|
||
|
{
|
||
|
"category": "Payload delivery",
|
||
|
"comment": "PowerRatankba",
|
||
|
"deleted": false,
|
||
|
"disable_correlation": false,
|
||
|
"timestamp": "1513846981",
|
||
|
"to_ids": true,
|
||
|
"type": "sha256",
|
||
|
"uuid": "5a3b78c5-7494-4a75-b733-4906950d210f",
|
||
|
"value": "d844777dcafcde8622b9472b6cd442c50c3747579868a53a505ef2f5a4f0e26a"
|
||
|
}
|
||
|
],
|
||
|
"Object": [
|
||
|
{
|
||
|
"comment": "",
|
||
|
"deleted": false,
|
||
|
"description": "Microblog post like a Twitter tweet or a post on a Facebook wall.",
|
||
|
"meta-category": "misc",
|
||
|
"name": "microblog",
|
||
|
"template_uuid": "8ec8c911-ddbe-4f5b-895b-fbff70c42a60",
|
||
|
"template_version": "3",
|
||
|
"timestamp": "1513844060",
|
||
|
"uuid": "5a3b6d4c-b11c-45f6-b5e3-d89b950d210f",
|
||
|
"Attribute": [
|
||
|
{
|
||
|
"category": "Other",
|
||
|
"comment": "",
|
||
|
"deleted": false,
|
||
|
"disable_correlation": false,
|
||
|
"object_relation": "post",
|
||
|
"timestamp": "1513844060",
|
||
|
"to_ids": false,
|
||
|
"type": "text",
|
||
|
"uuid": "5a3b6d4c-ce18-4291-b614-d89b950d210f",
|
||
|
"value": "Just published my paper on largely undocumented #LazarusGroup/#DPRK campaigns targeting cryptocurrency individuals/orgs (both big and small). The research covers new implants/tactics not currently covered in the media regarding 'fake jobs' campaigns. (link: https://www.proofpoint.com/us/threat-insight/post/north-korea-bitten-bitcoin-bug-financially-motivated-campaigns-reveal-new) proofpoint.com/us/threat-insi\u00e2\u20ac\u00a6"
|
||
|
},
|
||
|
{
|
||
|
"category": "Other",
|
||
|
"comment": "",
|
||
|
"deleted": false,
|
||
|
"disable_correlation": true,
|
||
|
"object_relation": "type",
|
||
|
"timestamp": "1513844060",
|
||
|
"to_ids": false,
|
||
|
"type": "text",
|
||
|
"uuid": "5a3b6d4d-90c4-489c-9302-d89b950d210f",
|
||
|
"value": "Twitter"
|
||
|
},
|
||
|
{
|
||
|
"category": "External analysis",
|
||
|
"comment": "",
|
||
|
"deleted": false,
|
||
|
"disable_correlation": false,
|
||
|
"object_relation": "url",
|
||
|
"timestamp": "1513844060",
|
||
|
"to_ids": true,
|
||
|
"type": "url",
|
||
|
"uuid": "5a3b6d4d-9cb0-4312-9b63-d89b950d210f",
|
||
|
"value": "https://mobile.twitter.com/darienhuss/status/943300245554958337"
|
||
|
},
|
||
|
{
|
||
|
"category": "External analysis",
|
||
|
"comment": "",
|
||
|
"deleted": false,
|
||
|
"disable_correlation": false,
|
||
|
"object_relation": "link",
|
||
|
"timestamp": "1513844060",
|
||
|
"to_ids": true,
|
||
|
"type": "url",
|
||
|
"uuid": "5a3b6d4d-488c-4acd-9e92-d89b950d210f",
|
||
|
"value": "https://www.proofpoint.com/us/threat-insight/post/north-korea-bitten-bitcoin-bug-financially-motivated-campaigns-reveal-new"
|
||
|
},
|
||
|
{
|
||
|
"category": "Other",
|
||
|
"comment": "",
|
||
|
"deleted": false,
|
||
|
"disable_correlation": false,
|
||
|
"object_relation": "username",
|
||
|
"timestamp": "1513844060",
|
||
|
"to_ids": false,
|
||
|
"type": "text",
|
||
|
"uuid": "5a3b6d4d-c010-43e6-af1e-d89b950d210f",
|
||
|
"value": "@darienhuss"
|
||
|
},
|
||
|
{
|
||
|
"category": "Other",
|
||
|
"comment": "",
|
||
|
"deleted": false,
|
||
|
"disable_correlation": false,
|
||
|
"object_relation": "creation-date",
|
||
|
"timestamp": "1513844060",
|
||
|
"to_ids": false,
|
||
|
"type": "datetime",
|
||
|
"uuid": "5a3b6d5c-9334-4586-bbf3-d898950d210f",
|
||
|
"value": "2017-12-20T03:01:00"
|
||
|
}
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"comment": "",
|
||
|
"deleted": false,
|
||
|
"description": "File object describing a file with meta-information",
|
||
|
"meta-category": "file",
|
||
|
"name": "file",
|
||
|
"template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215",
|
||
|
"template_version": "7",
|
||
|
"timestamp": "1513852267",
|
||
|
"uuid": "88c0c9e5-6f55-4434-86f5-57ccf1ab779e",
|
||
|
"ObjectReference": [
|
||
|
{
|
||
|
"comment": "",
|
||
|
"object_uuid": "88c0c9e5-6f55-4434-86f5-57ccf1ab779e",
|
||
|
"referenced_uuid": "551d26ea-0d49-4a3d-8b80-61f1c2d46b4c",
|
||
|
"relationship_type": "analysed-with",
|
||
|
"timestamp": "1514468222",
|
||
|
"uuid": "5a3b8d72-c6d0-418c-8866-43d602de0b81"
|
||
|
}
|
||
|
],
|
||
|
"Attribute": [
|
||
|
{
|
||
|
"category": "Payload delivery",
|
||
|
"comment": "MS Shortcut Link (LNK)",
|
||
|
"deleted": false,
|
||
|
"disable_correlation": false,
|
||
|
"object_relation": "sha1",
|
||
|
"timestamp": "1513852265",
|
||
|
"to_ids": true,
|
||
|
"type": "sha1",
|
||
|
"uuid": "5a3b8d69-209c-41ed-b860-440c02de0b81",
|
||
|
"value": "2ef42ad9c43fc58c48de409414568c27b904fd79"
|
||
|
},
|
||
|
{
|
||
|
"category": "Payload delivery",
|
||
|
"comment": "MS Shortcut Link (LNK)",
|
||
|
"deleted": false,
|
||
|
"disable_correlation": false,
|
||
|
"object_relation": "md5",
|
||
|
"timestamp": "1513852265",
|
||
|
"to_ids": true,
|
||
|
"type": "md5",
|
||
|
"uuid": "5a3b8d69-7014-4c04-9bc6-453902de0b81",
|
||
|
"value": "d2a565e6c31ee18380c410e8cc4abbb0"
|
||
|
},
|
||
|
{
|
||
|
"category": "Payload delivery",
|
||
|
"comment": "MS Shortcut Link (LNK)",
|
||
|
"deleted": false,
|
||
|
"disable_correlation": false,
|
||
|
"object_relation": "sha256",
|
||
|
"timestamp": "1513852265",
|
||
|
"to_ids": true,
|
||
|
"type": "sha256",
|
||
|
"uuid": "5a3b8d69-6410-45e5-96f0-45f702de0b81",
|
||
|
"value": "8f0b83d4ff6d8720e134b467b34728c2823c4d75313ef6dce717b06f414bdf5c"
|
||
|
}
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"comment": "",
|
||
|
"deleted": false,
|
||
|
"description": "VirusTotal report",
|
||
|
"meta-category": "misc",
|
||
|
"name": "virustotal-report",
|
||
|
"template_uuid": "d7dd0154-e04f-4c34-a2fb-79f3a3a52aa4",
|
||
|
"template_version": "1",
|
||
|
"timestamp": "1513852265",
|
||
|
"uuid": "551d26ea-0d49-4a3d-8b80-61f1c2d46b4c",
|
||
|
"Attribute": [
|
||
|
{
|
||
|
"category": "External analysis",
|
||
|
"comment": "MS Shortcut Link (LNK)",
|
||
|
"deleted": false,
|
||
|
"disable_correlation": false,
|
||
|
"object_relation": "permalink",
|
||
|
"timestamp": "1513852265",
|
||
|
"to_ids": false,
|
||
|
"type": "link",
|
||
|
"uuid": "5a3b8d69-51a4-489c-89d2-45bc02de0b81",
|
||
|
"value": "https://www.virustotal.com/file/8f0b83d4ff6d8720e134b467b34728c2823c4d75313ef6dce717b06f414bdf5c/analysis/1513817274/"
|
||
|
},
|
||
|
{
|
||
|
"category": "Other",
|
||
|
"comment": "MS Shortcut Link (LNK)",
|
||
|
"deleted": false,
|
||
|
"disable_correlation": true,
|
||
|
"object_relation": "detection-ratio",
|
||
|
"timestamp": "1513852265",
|
||
|
"to_ids": false,
|
||
|
"type": "text",
|
||
|
"uuid": "5a3b8d69-db68-412e-a182-49dd02de0b81",
|
||
|
"value": "26/58"
|
||
|
},
|
||
|
{
|
||
|
"category": "Other",
|
||
|
"comment": "MS Shortcut Link (LNK)",
|
||
|
"deleted": false,
|
||
|
"disable_correlation": false,
|
||
|
"object_relation": "last-submission",
|
||
|
"timestamp": "1513852265",
|
||
|
"to_ids": false,
|
||
|
"type": "datetime",
|
||
|
"uuid": "5a3b8d69-43cc-44f0-adfe-47f802de0b81",
|
||
|
"value": "2017-12-21T00:47:54"
|
||
|
}
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"comment": "",
|
||
|
"deleted": false,
|
||
|
"description": "File object describing a file with meta-information",
|
||
|
"meta-category": "file",
|
||
|
"name": "file",
|
||
|
"template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215",
|
||
|
"template_version": "7",
|
||
|
"timestamp": "1513852268",
|
||
|
"uuid": "e831a382-f6bf-43db-b38c-421df1ea3875",
|
||
|
"ObjectReference": [
|
||
|
{
|
||
|
"comment": "",
|
||
|
"object_uuid": "e831a382-f6bf-43db-b38c-421df1ea3875",
|
||
|
"referenced_uuid": "ef5cfba8-a647-4887-8626-5b716d830d90",
|
||
|
"relationship_type": "analysed-with",
|
||
|
"timestamp": "1514468222",
|
||
|
"uuid": "5a3b8d72-d09c-479d-bf3e-49d302de0b81"
|
||
|
}
|
||
|
],
|
||
|
"Attribute": [
|
||
|
{
|
||
|
"category": "Payload delivery",
|
||
|
"comment": "Microsoft Compiled HTML Help (CHM)",
|
||
|
"deleted": false,
|
||
|
"disable_correlation": false,
|
||
|
"object_relation": "sha1",
|
||
|
"timestamp": "1513852265",
|
||
|
"to_ids": true,
|
||
|
"type": "sha1",
|
||
|
"uuid": "5a3b8d69-1584-46d4-9676-4e6402de0b81",
|
||
|
"value": "de201a51f96af1405f58ec02b7802088ecae6a2d"
|
||
|
},
|
||
|
{
|
||
|
"category": "Payload delivery",
|
||
|
"comment": "Microsoft Compiled HTML Help (CHM)",
|
||
|
"deleted": false,
|
||
|
"disable_correlation": false,
|
||
|
"object_relation": "md5",
|
||
|
"timestamp": "1513852265",
|
||
|
"to_ids": true,
|
||
|
"type": "md5",
|
||
|
"uuid": "5a3b8d69-1a68-4649-8ee0-492602de0b81",
|
||
|
"value": "a3487b13cbda458bf91c7e802a1ea4f5"
|
||
|
},
|
||
|
{
|
||
|
"category": "Payload delivery",
|
||
|
"comment": "Microsoft Compiled HTML Help (CHM)",
|
||
|
"deleted": false,
|
||
|
"disable_correlation": false,
|
||
|
"object_relation": "sha256",
|
||
|
"timestamp": "1513852265",
|
||
|
"to_ids": true,
|
||
|
"type": "sha256",
|
||
|
"uuid": "5a3b8d69-8e84-4c36-8324-43ae02de0b81",
|
||
|
"value": "030b4525558f2c411f972d91b144870b388380b59372e1798926cc2958242863"
|
||
|
}
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"comment": "",
|
||
|
"deleted": false,
|
||
|
"description": "VirusTotal report",
|
||
|
"meta-category": "misc",
|
||
|
"name": "virustotal-report",
|
||
|
"template_uuid": "d7dd0154-e04f-4c34-a2fb-79f3a3a52aa4",
|
||
|
"template_version": "1",
|
||
|
"timestamp": "1513852265",
|
||
|
"uuid": "ef5cfba8-a647-4887-8626-5b716d830d90",
|
||
|
"Attribute": [
|
||
|
{
|
||
|
"category": "External analysis",
|
||
|
"comment": "Microsoft Compiled HTML Help (CHM)",
|
||
|
"deleted": false,
|
||
|
"disable_correlation": false,
|
||
|
"object_relation": "permalink",
|
||
|
"timestamp": "1513852266",
|
||
|
"to_ids": false,
|
||
|
"type": "link",
|
||
|
"uuid": "5a3b8d6a-d570-4c24-a644-4ea302de0b81",
|
||
|
"value": "https://www.virustotal.com/file/030b4525558f2c411f972d91b144870b388380b59372e1798926cc2958242863/analysis/1513799414/"
|
||
|
},
|
||
|
{
|
||
|
"category": "Other",
|
||
|
"comment": "Microsoft Compiled HTML Help (CHM)",
|
||
|
"deleted": false,
|
||
|
"disable_correlation": true,
|
||
|
"object_relation": "detection-ratio",
|
||
|
"timestamp": "1513852266",
|
||
|
"to_ids": false,
|
||
|
"type": "text",
|
||
|
"uuid": "5a3b8d6a-d444-4801-a69e-407802de0b81",
|
||
|
"value": "7/60"
|
||
|
},
|
||
|
{
|
||
|
"category": "Other",
|
||
|
"comment": "Microsoft Compiled HTML Help (CHM)",
|
||
|
"deleted": false,
|
||
|
"disable_correlation": false,
|
||
|
"object_relation": "last-submission",
|
||
|
"timestamp": "1513852266",
|
||
|
"to_ids": false,
|
||
|
"type": "datetime",
|
||
|
"uuid": "5a3b8d6a-ec4c-4cd8-8150-4d9302de0b81",
|
||
|
"value": "2017-12-20T19:50:14"
|
||
|
}
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"comment": "",
|
||
|
"deleted": false,
|
||
|
"description": "File object describing a file with meta-information",
|
||
|
"meta-category": "file",
|
||
|
"name": "file",
|
||
|
"template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215",
|
||
|
"template_version": "7",
|
||
|
"timestamp": "1513852269",
|
||
|
"uuid": "4b8c3132-e355-4ee4-91c9-e06a69a36da1",
|
||
|
"ObjectReference": [
|
||
|
{
|
||
|
"comment": "",
|
||
|
"object_uuid": "4b8c3132-e355-4ee4-91c9-e06a69a36da1",
|
||
|
"referenced_uuid": "b1b7f438-e55c-4b57-b42d-503d60b57d4f",
|
||
|
"relationship_type": "analysed-with",
|
||
|
"timestamp": "1514468222",
|
||
|
"uuid": "5a3b8d72-9b5c-4b74-9c80-478c02de0b81"
|
||
|
}
|
||
|
],
|
||
|
"Attribute": [
|
||
|
{
|
||
|
"category": "Payload delivery",
|
||
|
"comment": "MS Shortcut Link (LNK)",
|
||
|
"deleted": false,
|
||
|
"disable_correlation": false,
|
||
|
"object_relation": "sha1",
|
||
|
"timestamp": "1513852266",
|
||
|
"to_ids": true,
|
||
|
"type": "sha1",
|
||
|
"uuid": "5a3b8d6a-7030-4c2d-a5b2-43dd02de0b81",
|
||
|
"value": "5d796909d5da1f6f86cfe37962cc9c69d76836c5"
|
||
|
},
|
||
|
{
|
||
|
"category": "Payload delivery",
|
||
|
"comment": "MS Shortcut Link (LNK)",
|
||
|
"deleted": false,
|
||
|
"disable_correlation": false,
|
||
|
"object_relation": "md5",
|
||
|
"timestamp": "1513852266",
|
||
|
"to_ids": true,
|
||
|
"type": "md5",
|
||
|
"uuid": "5a3b8d6a-62f4-4635-9e31-460d02de0b81",
|
||
|
"value": "6431f46fd8353cb30cd573fc887d8aa8"
|
||
|
},
|
||
|
{
|
||
|
"category": "Payload delivery",
|
||
|
"comment": "MS Shortcut Link (LNK)",
|
||
|
"deleted": false,
|
||
|
"disable_correlation": false,
|
||
|
"object_relation": "sha256",
|
||
|
"timestamp": "1513852266",
|
||
|
"to_ids": true,
|
||
|
"type": "sha256",
|
||
|
"uuid": "5a3b8d6a-d02c-4e31-965b-41ba02de0b81",
|
||
|
"value": "beecb33ef8adec99bbba3b64245c7230986c3c1a7f3246b0d26c641887387bfe"
|
||
|
}
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"comment": "",
|
||
|
"deleted": false,
|
||
|
"description": "VirusTotal report",
|
||
|
"meta-category": "misc",
|
||
|
"name": "virustotal-report",
|
||
|
"template_uuid": "d7dd0154-e04f-4c34-a2fb-79f3a3a52aa4",
|
||
|
"template_version": "1",
|
||
|
"timestamp": "1513852266",
|
||
|
"uuid": "b1b7f438-e55c-4b57-b42d-503d60b57d4f",
|
||
|
"Attribute": [
|
||
|
{
|
||
|
"category": "External analysis",
|
||
|
"comment": "MS Shortcut Link (LNK)",
|
||
|
"deleted": false,
|
||
|
"disable_correlation": false,
|
||
|
"object_relation": "permalink",
|
||
|
"timestamp": "1513852266",
|
||
|
"to_ids": false,
|
||
|
"type": "link",
|
||
|
"uuid": "5a3b8d6a-21a8-4ce7-a915-433f02de0b81",
|
||
|
"value": "https://www.virustotal.com/file/beecb33ef8adec99bbba3b64245c7230986c3c1a7f3246b0d26c641887387bfe/analysis/1513838639/"
|
||
|
},
|
||
|
{
|
||
|
"category": "Other",
|
||
|
"comment": "MS Shortcut Link (LNK)",
|
||
|
"deleted": false,
|
||
|
"disable_correlation": true,
|
||
|
"object_relation": "detection-ratio",
|
||
|
"timestamp": "1513852266",
|
||
|
"to_ids": false,
|
||
|
"type": "text",
|
||
|
"uuid": "5a3b8d6a-54d4-46b0-aa20-4ed702de0b81",
|
||
|
"value": "21/60"
|
||
|
},
|
||
|
{
|
||
|
"category": "Other",
|
||
|
"comment": "MS Shortcut Link (LNK)",
|
||
|
"deleted": false,
|
||
|
"disable_correlation": false,
|
||
|
"object_relation": "last-submission",
|
||
|
"timestamp": "1513852266",
|
||
|
"to_ids": false,
|
||
|
"type": "datetime",
|
||
|
"uuid": "5a3b8d6a-c26c-4bf2-999f-48f502de0b81",
|
||
|
"value": "2017-12-21T06:43:59"
|
||
|
}
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"comment": "",
|
||
|
"deleted": false,
|
||
|
"description": "File object describing a file with meta-information",
|
||
|
"meta-category": "file",
|
||
|
"name": "file",
|
||
|
"template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215",
|
||
|
"template_version": "7",
|
||
|
"timestamp": "1513852269",
|
||
|
"uuid": "1f87943e-6f0e-4b12-87b5-3116a0f725c0",
|
||
|
"ObjectReference": [
|
||
|
{
|
||
|
"comment": "",
|
||
|
"object_uuid": "1f87943e-6f0e-4b12-87b5-3116a0f725c0",
|
||
|
"referenced_uuid": "789535f0-ec61-4de1-9988-165ac6c1ba5c",
|
||
|
"relationship_type": "analysed-with",
|
||
|
"timestamp": "1514468223",
|
||
|
"uuid": "5a3b8d72-fef4-4384-b9fb-456002de0b81"
|
||
|
}
|
||
|
],
|
||
|
"Attribute": [
|
||
|
{
|
||
|
"category": "Payload delivery",
|
||
|
"comment": "Microsoft Compiled HTML Help (CHM)",
|
||
|
"deleted": false,
|
||
|
"disable_correlation": false,
|
||
|
"object_relation": "sha1",
|
||
|
"timestamp": "1513852266",
|
||
|
"to_ids": true,
|
||
|
"type": "sha1",
|
||
|
"uuid": "5a3b8d6a-5004-4ccc-8a80-467a02de0b81",
|
||
|
"value": "53b079072c81f7c879ea1f808c18dcd6134afc5c"
|
||
|
},
|
||
|
{
|
||
|
"category": "Payload delivery",
|
||
|
"comment": "Microsoft Compiled HTML Help (CHM)",
|
||
|
"deleted": false,
|
||
|
"disable_correlation": false,
|
||
|
"object_relation": "md5",
|
||
|
"timestamp": "1513852266",
|
||
|
"to_ids": true,
|
||
|
"type": "md5",
|
||
|
"uuid": "5a3b8d6a-07f4-4aa2-a173-4ca702de0b81",
|
||
|
"value": "7a27da13bbdfc34118a30ecd83a75614"
|
||
|
},
|
||
|
{
|
||
|
"category": "Payload delivery",
|
||
|
"comment": "Microsoft Compiled HTML Help (CHM)",
|
||
|
"deleted": false,
|
||
|
"disable_correlation": false,
|
||
|
"object_relation": "sha256",
|
||
|
"timestamp": "1513852266",
|
||
|
"to_ids": true,
|
||
|
"type": "sha256",
|
||
|
"uuid": "5a3b8d6a-0a64-4a9b-9133-4af402de0b81",
|
||
|
"value": "01b047e0f3b49f8ab6ebf6795bc72ba7f63d7acbc68f65f1f8f66e34de827e49"
|
||
|
}
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"comment": "",
|
||
|
"deleted": false,
|
||
|
"description": "VirusTotal report",
|
||
|
"meta-category": "misc",
|
||
|
"name": "virustotal-report",
|
||
|
"template_uuid": "d7dd0154-e04f-4c34-a2fb-79f3a3a52aa4",
|
||
|
"template_version": "1",
|
||
|
"timestamp": "1513852266",
|
||
|
"uuid": "789535f0-ec61-4de1-9988-165ac6c1ba5c",
|
||
|
"Attribute": [
|
||
|
{
|
||
|
"category": "External analysis",
|
||
|
"comment": "Microsoft Compiled HTML Help (CHM)",
|
||
|
"deleted": false,
|
||
|
"disable_correlation": false,
|
||
|
"object_relation": "permalink",
|
||
|
"timestamp": "1513852267",
|
||
|
"to_ids": false,
|
||
|
"type": "link",
|
||
|
"uuid": "5a3b8d6b-1590-40bb-a85d-44f502de0b81",
|
||
|
"value": "https://www.virustotal.com/file/01b047e0f3b49f8ab6ebf6795bc72ba7f63d7acbc68f65f1f8f66e34de827e49/analysis/1513817106/"
|
||
|
},
|
||
|
{
|
||
|
"category": "Other",
|
||
|
"comment": "Microsoft Compiled HTML Help (CHM)",
|
||
|
"deleted": false,
|
||
|
"disable_correlation": true,
|
||
|
"object_relation": "detection-ratio",
|
||
|
"timestamp": "1513852267",
|
||
|
"to_ids": false,
|
||
|
"type": "text",
|
||
|
"uuid": "5a3b8d6b-7afc-4547-8c18-44a402de0b81",
|
||
|
"value": "1/58"
|
||
|
},
|
||
|
{
|
||
|
"category": "Other",
|
||
|
"comment": "Microsoft Compiled HTML Help (CHM)",
|
||
|
"deleted": false,
|
||
|
"disable_correlation": false,
|
||
|
"object_relation": "last-submission",
|
||
|
"timestamp": "1513852267",
|
||
|
"to_ids": false,
|
||
|
"type": "datetime",
|
||
|
"uuid": "5a3b8d6b-b87c-462f-b376-488002de0b81",
|
||
|
"value": "2017-12-21T00:45:06"
|
||
|
}
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"comment": "",
|
||
|
"deleted": false,
|
||
|
"description": "File object describing a file with meta-information",
|
||
|
"meta-category": "file",
|
||
|
"name": "file",
|
||
|
"template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215",
|
||
|
"template_version": "7",
|
||
|
"timestamp": "1513852270",
|
||
|
"uuid": "cb269eaa-70e8-4564-b7f8-902352959fe6",
|
||
|
"ObjectReference": [
|
||
|
{
|
||
|
"comment": "",
|
||
|
"object_uuid": "cb269eaa-70e8-4564-b7f8-902352959fe6",
|
||
|
"referenced_uuid": "9296c8a4-2d34-48e4-af42-15e57470eb84",
|
||
|
"relationship_type": "analysed-with",
|
||
|
"timestamp": "1514468223",
|
||
|
"uuid": "5a3b8d72-2344-4dc7-bcf6-415302de0b81"
|
||
|
}
|
||
|
],
|
||
|
"Attribute": [
|
||
|
{
|
||
|
"category": "Payload delivery",
|
||
|
"comment": "Microsoft Compiled HTML Help (CHM)",
|
||
|
"deleted": false,
|
||
|
"disable_correlation": false,
|
||
|
"object_relation": "sha1",
|
||
|
"timestamp": "1513852267",
|
||
|
"to_ids": true,
|
||
|
"type": "sha1",
|
||
|
"uuid": "5a3b8d6b-dee4-4e54-b8e8-428e02de0b81",
|
||
|
"value": "8fe0adbc9024c6fa8872bfe30d71e780ca2e21a4"
|
||
|
},
|
||
|
{
|
||
|
"category": "Payload delivery",
|
||
|
"comment": "Microsoft Compiled HTML Help (CHM)",
|
||
|
"deleted": false,
|
||
|
"disable_correlation": false,
|
||
|
"object_relation": "md5",
|
||
|
"timestamp": "1513852267",
|
||
|
"to_ids": true,
|
||
|
"type": "md5",
|
||
|
"uuid": "5a3b8d6b-c84c-4b2c-8c16-4bd002de0b81",
|
||
|
"value": "4ed7389843781268f9dbf8d222be52ba"
|
||
|
},
|
||
|
{
|
||
|
"category": "Payload delivery",
|
||
|
"comment": "Microsoft Compiled HTML Help (CHM)",
|
||
|
"deleted": false,
|
||
|
"disable_correlation": false,
|
||
|
"object_relation": "sha256",
|
||
|
"timestamp": "1513852267",
|
||
|
"to_ids": true,
|
||
|
"type": "sha256",
|
||
|
"uuid": "5a3b8d6b-a194-45cd-8ef4-4a8902de0b81",
|
||
|
"value": "85a263fc34883fc514be48da2d814f1b43525e63049c6b180c73c8ec00920f51"
|
||
|
}
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"comment": "",
|
||
|
"deleted": false,
|
||
|
"description": "VirusTotal report",
|
||
|
"meta-category": "misc",
|
||
|
"name": "virustotal-report",
|
||
|
"template_uuid": "d7dd0154-e04f-4c34-a2fb-79f3a3a52aa4",
|
||
|
"template_version": "1",
|
||
|
"timestamp": "1513852267",
|
||
|
"uuid": "9296c8a4-2d34-48e4-af42-15e57470eb84",
|
||
|
"Attribute": [
|
||
|
{
|
||
|
"category": "External analysis",
|
||
|
"comment": "Microsoft Compiled HTML Help (CHM)",
|
||
|
"deleted": false,
|
||
|
"disable_correlation": false,
|
||
|
"object_relation": "permalink",
|
||
|
"timestamp": "1513852267",
|
||
|
"to_ids": false,
|
||
|
"type": "link",
|
||
|
"uuid": "5a3b8d6b-7040-4974-82f5-4cdc02de0b81",
|
||
|
"value": "https://www.virustotal.com/file/85a263fc34883fc514be48da2d814f1b43525e63049c6b180c73c8ec00920f51/analysis/1513817183/"
|
||
|
},
|
||
|
{
|
||
|
"category": "Other",
|
||
|
"comment": "Microsoft Compiled HTML Help (CHM)",
|
||
|
"deleted": false,
|
||
|
"disable_correlation": true,
|
||
|
"object_relation": "detection-ratio",
|
||
|
"timestamp": "1513852267",
|
||
|
"to_ids": false,
|
||
|
"type": "text",
|
||
|
"uuid": "5a3b8d6b-a9d0-47fe-ba6e-4e2e02de0b81",
|
||
|
"value": "0/59"
|
||
|
},
|
||
|
{
|
||
|
"category": "Other",
|
||
|
"comment": "Microsoft Compiled HTML Help (CHM)",
|
||
|
"deleted": false,
|
||
|
"disable_correlation": false,
|
||
|
"object_relation": "last-submission",
|
||
|
"timestamp": "1513852267",
|
||
|
"to_ids": false,
|
||
|
"type": "datetime",
|
||
|
"uuid": "5a3b8d6b-4520-4710-a59e-47ec02de0b81",
|
||
|
"value": "2017-12-21T00:46:23"
|
||
|
}
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"comment": "",
|
||
|
"deleted": false,
|
||
|
"description": "File object describing a file with meta-information",
|
||
|
"meta-category": "file",
|
||
|
"name": "file",
|
||
|
"template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215",
|
||
|
"template_version": "7",
|
||
|
"timestamp": "1513852270",
|
||
|
"uuid": "1bae070e-81ad-4cfb-a316-00f6dd358a7d",
|
||
|
"ObjectReference": [
|
||
|
{
|
||
|
"comment": "",
|
||
|
"object_uuid": "1bae070e-81ad-4cfb-a316-00f6dd358a7d",
|
||
|
"referenced_uuid": "4117fdf6-6c7c-4e4c-b695-d2b7214b42f4",
|
||
|
"relationship_type": "analysed-with",
|
||
|
"timestamp": "1514468223",
|
||
|
"uuid": "5a3b8d72-f160-4dbb-bd25-43c602de0b81"
|
||
|
}
|
||
|
],
|
||
|
"Attribute": [
|
||
|
{
|
||
|
"category": "Payload delivery",
|
||
|
"comment": "JavaScript",
|
||
|
"deleted": false,
|
||
|
"disable_correlation": false,
|
||
|
"object_relation": "sha1",
|
||
|
"timestamp": "1513852268",
|
||
|
"to_ids": true,
|
||
|
"type": "sha1",
|
||
|
"uuid": "5a3b8d6c-eb34-41ea-8ba8-43f202de0b81",
|
||
|
"value": "2abfd795397a343596c9f95ecb721250f80eda61"
|
||
|
},
|
||
|
{
|
||
|
"category": "Payload delivery",
|
||
|
"comment": "JavaScript",
|
||
|
"deleted": false,
|
||
|
"disable_correlation": false,
|
||
|
"object_relation": "md5",
|
||
|
"timestamp": "1513852268",
|
||
|
"to_ids": true,
|
||
|
"type": "md5",
|
||
|
"uuid": "5a3b8d6c-2f1c-4cbf-9d22-402102de0b81",
|
||
|
"value": "980272269926a187ec4fe17ec9505a5f"
|
||
|
},
|
||
|
{
|
||
|
"category": "Payload delivery",
|
||
|
"comment": "JavaScript",
|
||
|
"deleted": false,
|
||
|
"disable_correlation": false,
|
||
|
"object_relation": "sha256",
|
||
|
"timestamp": "1513852268",
|
||
|
"to_ids": true,
|
||
|
"type": "sha256",
|
||
|
"uuid": "5a3b8d6c-f218-49e9-8a61-443802de0b81",
|
||
|
"value": "25f13dca780bafb0001d521ea6e76a3bd4dd74ce137596b948d41794ece59a66"
|
||
|
}
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"comment": "",
|
||
|
"deleted": false,
|
||
|
"description": "VirusTotal report",
|
||
|
"meta-category": "misc",
|
||
|
"name": "virustotal-report",
|
||
|
"template_uuid": "d7dd0154-e04f-4c34-a2fb-79f3a3a52aa4",
|
||
|
"template_version": "1",
|
||
|
"timestamp": "1513852268",
|
||
|
"uuid": "4117fdf6-6c7c-4e4c-b695-d2b7214b42f4",
|
||
|
"Attribute": [
|
||
|
{
|
||
|
"category": "External analysis",
|
||
|
"comment": "JavaScript",
|
||
|
"deleted": false,
|
||
|
"disable_correlation": false,
|
||
|
"object_relation": "permalink",
|
||
|
"timestamp": "1513852268",
|
||
|
"to_ids": false,
|
||
|
"type": "link",
|
||
|
"uuid": "5a3b8d6c-6a0c-4316-b58f-4c5302de0b81",
|
||
|
"value": "https://www.virustotal.com/file/25f13dca780bafb0001d521ea6e76a3bd4dd74ce137596b948d41794ece59a66/analysis/1513799416/"
|
||
|
},
|
||
|
{
|
||
|
"category": "Other",
|
||
|
"comment": "JavaScript",
|
||
|
"deleted": false,
|
||
|
"disable_correlation": true,
|
||
|
"object_relation": "detection-ratio",
|
||
|
"timestamp": "1513852268",
|
||
|
"to_ids": false,
|
||
|
"type": "text",
|
||
|
"uuid": "5a3b8d6c-2d54-4a48-8945-4fa402de0b81",
|
||
|
"value": "11/60"
|
||
|
},
|
||
|
{
|
||
|
"category": "Other",
|
||
|
"comment": "JavaScript",
|
||
|
"deleted": false,
|
||
|
"disable_correlation": false,
|
||
|
"object_relation": "last-submission",
|
||
|
"timestamp": "1513852268",
|
||
|
"to_ids": false,
|
||
|
"type": "datetime",
|
||
|
"uuid": "5a3b8d6c-2790-4efd-ae32-4ef502de0b81",
|
||
|
"value": "2017-12-20T19:50:16"
|
||
|
}
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"comment": "",
|
||
|
"deleted": false,
|
||
|
"description": "File object describing a file with meta-information",
|
||
|
"meta-category": "file",
|
||
|
"name": "file",
|
||
|
"template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215",
|
||
|
"template_version": "7",
|
||
|
"timestamp": "1513852271",
|
||
|
"uuid": "08352cd7-5beb-4bdf-b9df-3ae69f4f3084",
|
||
|
"ObjectReference": [
|
||
|
{
|
||
|
"comment": "",
|
||
|
"object_uuid": "08352cd7-5beb-4bdf-b9df-3ae69f4f3084",
|
||
|
"referenced_uuid": "7151d2df-fc05-4f72-8afe-b5c9db8e893e",
|
||
|
"relationship_type": "analysed-with",
|
||
|
"timestamp": "1514468223",
|
||
|
"uuid": "5a3b8d72-b4f0-4921-9ecc-45ee02de0b81"
|
||
|
}
|
||
|
],
|
||
|
"Attribute": [
|
||
|
{
|
||
|
"category": "Payload delivery",
|
||
|
"comment": "MS Office Docs",
|
||
|
"deleted": false,
|
||
|
"disable_correlation": false,
|
||
|
"object_relation": "sha1",
|
||
|
"timestamp": "1513852268",
|
||
|
"to_ids": true,
|
||
|
"type": "sha1",
|
||
|
"uuid": "5a3b8d6c-1494-473a-b2a0-413802de0b81",
|
||
|
"value": "1983b60d923b01fcb14ba813532b2f41f2d6c2fe"
|
||
|
},
|
||
|
{
|
||
|
"category": "Payload delivery",
|
||
|
"comment": "MS Office Docs",
|
||
|
"deleted": false,
|
||
|
"disable_correlation": false,
|
||
|
"object_relation": "md5",
|
||
|
"timestamp": "1513852268",
|
||
|
"to_ids": true,
|
||
|
"type": "md5",
|
||
|
"uuid": "5a3b8d6c-9120-407b-aea6-4e5402de0b81",
|
||
|
"value": "d253d65adf4285fa5004cd96e647a11f"
|
||
|
},
|
||
|
{
|
||
|
"category": "Payload delivery",
|
||
|
"comment": "MS Office Docs",
|
||
|
"deleted": false,
|
||
|
"disable_correlation": false,
|
||
|
"object_relation": "sha256",
|
||
|
"timestamp": "1513852268",
|
||
|
"to_ids": true,
|
||
|
"type": "sha256",
|
||
|
"uuid": "5a3b8d6c-9714-4c63-8a79-40d602de0b81",
|
||
|
"value": "972b598d709b66b35900dc21c5225e5f0d474f241fefa890b381089afd7d44ee"
|
||
|
}
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"comment": "",
|
||
|
"deleted": false,
|
||
|
"description": "VirusTotal report",
|
||
|
"meta-category": "misc",
|
||
|
"name": "virustotal-report",
|
||
|
"template_uuid": "d7dd0154-e04f-4c34-a2fb-79f3a3a52aa4",
|
||
|
"template_version": "1",
|
||
|
"timestamp": "1513852268",
|
||
|
"uuid": "7151d2df-fc05-4f72-8afe-b5c9db8e893e",
|
||
|
"Attribute": [
|
||
|
{
|
||
|
"category": "External analysis",
|
||
|
"comment": "MS Office Docs",
|
||
|
"deleted": false,
|
||
|
"disable_correlation": false,
|
||
|
"object_relation": "permalink",
|
||
|
"timestamp": "1513852269",
|
||
|
"to_ids": false,
|
||
|
"type": "link",
|
||
|
"uuid": "5a3b8d6d-ed08-4dcb-a63f-427302de0b81",
|
||
|
"value": "https://www.virustotal.com/file/972b598d709b66b35900dc21c5225e5f0d474f241fefa890b381089afd7d44ee/analysis/1513818403/"
|
||
|
},
|
||
|
{
|
||
|
"category": "Other",
|
||
|
"comment": "MS Office Docs",
|
||
|
"deleted": false,
|
||
|
"disable_correlation": true,
|
||
|
"object_relation": "detection-ratio",
|
||
|
"timestamp": "1513852269",
|
||
|
"to_ids": false,
|
||
|
"type": "text",
|
||
|
"uuid": "5a3b8d6d-9964-40b2-ad0f-49c402de0b81",
|
||
|
"value": "32/59"
|
||
|
},
|
||
|
{
|
||
|
"category": "Other",
|
||
|
"comment": "MS Office Docs",
|
||
|
"deleted": false,
|
||
|
"disable_correlation": false,
|
||
|
"object_relation": "last-submission",
|
||
|
"timestamp": "1513852269",
|
||
|
"to_ids": false,
|
||
|
"type": "datetime",
|
||
|
"uuid": "5a3b8d6d-8bd0-44b1-801c-4cb402de0b81",
|
||
|
"value": "2017-12-21T01:06:43"
|
||
|
}
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"comment": "",
|
||
|
"deleted": false,
|
||
|
"description": "File object describing a file with meta-information",
|
||
|
"meta-category": "file",
|
||
|
"name": "file",
|
||
|
"template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215",
|
||
|
"template_version": "7",
|
||
|
"timestamp": "1513852272",
|
||
|
"uuid": "fa7170ec-f0f6-4900-922c-fce4d2eef064",
|
||
|
"ObjectReference": [
|
||
|
{
|
||
|
"comment": "",
|
||
|
"object_uuid": "fa7170ec-f0f6-4900-922c-fce4d2eef064",
|
||
|
"referenced_uuid": "27d3ea8e-4cae-4f1a-96c8-fcf4a788439f",
|
||
|
"relationship_type": "analysed-with",
|
||
|
"timestamp": "1514468223",
|
||
|
"uuid": "5a3b8d72-55bc-4ac5-928b-49ca02de0b81"
|
||
|
}
|
||
|
],
|
||
|
"Attribute": [
|
||
|
{
|
||
|
"category": "Payload delivery",
|
||
|
"comment": "Microsoft Compiled HTML Help (CHM)",
|
||
|
"deleted": false,
|
||
|
"disable_correlation": false,
|
||
|
"object_relation": "sha1",
|
||
|
"timestamp": "1513852269",
|
||
|
"to_ids": true,
|
||
|
"type": "sha1",
|
||
|
"uuid": "5a3b8d6d-fdbc-44cd-a881-416602de0b81",
|
||
|
"value": "be2e900c64cd985cde9e8515fb4e5b5d70c853f0"
|
||
|
},
|
||
|
{
|
||
|
"category": "Payload delivery",
|
||
|
"comment": "Microsoft Compiled HTML Help (CHM)",
|
||
|
"deleted": false,
|
||
|
"disable_correlation": false,
|
||
|
"object_relation": "md5",
|
||
|
"timestamp": "1513852269",
|
||
|
"to_ids": true,
|
||
|
"type": "md5",
|
||
|
"uuid": "5a3b8d6d-3680-468e-aa66-487d02de0b81",
|
||
|
"value": "ddabaa2740f590ac964996fd4b691880"
|
||
|
},
|
||
|
{
|
||
|
"category": "Payload delivery",
|
||
|
"comment": "Microsoft Compiled HTML Help (CHM)",
|
||
|
"deleted": false,
|
||
|
"disable_correlation": false,
|
||
|
"object_relation": "sha256",
|
||
|
"timestamp": "1513852269",
|
||
|
"to_ids": true,
|
||
|
"type": "sha256",
|
||
|
"uuid": "5a3b8d6d-c104-42f0-9a8f-41c502de0b81",
|
||
|
"value": "6d4415a2cbedc960c7c7055626c61842b3a3ca4718e2ac0e3d2ac0c7ef41b84d"
|
||
|
}
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"comment": "",
|
||
|
"deleted": false,
|
||
|
"description": "VirusTotal report",
|
||
|
"meta-category": "misc",
|
||
|
"name": "virustotal-report",
|
||
|
"template_uuid": "d7dd0154-e04f-4c34-a2fb-79f3a3a52aa4",
|
||
|
"template_version": "1",
|
||
|
"timestamp": "1513852269",
|
||
|
"uuid": "27d3ea8e-4cae-4f1a-96c8-fcf4a788439f",
|
||
|
"Attribute": [
|
||
|
{
|
||
|
"category": "External analysis",
|
||
|
"comment": "Microsoft Compiled HTML Help (CHM)",
|
||
|
"deleted": false,
|
||
|
"disable_correlation": false,
|
||
|
"object_relation": "permalink",
|
||
|
"timestamp": "1513852270",
|
||
|
"to_ids": false,
|
||
|
"type": "link",
|
||
|
"uuid": "5a3b8d6e-b944-42a1-a2dc-421402de0b81",
|
||
|
"value": "https://www.virustotal.com/file/6d4415a2cbedc960c7c7055626c61842b3a3ca4718e2ac0e3d2ac0c7ef41b84d/analysis/1513838568/"
|
||
|
},
|
||
|
{
|
||
|
"category": "Other",
|
||
|
"comment": "Microsoft Compiled HTML Help (CHM)",
|
||
|
"deleted": false,
|
||
|
"disable_correlation": true,
|
||
|
"object_relation": "detection-ratio",
|
||
|
"timestamp": "1513852270",
|
||
|
"to_ids": false,
|
||
|
"type": "text",
|
||
|
"uuid": "5a3b8d6e-9c08-402b-a774-492d02de0b81",
|
||
|
"value": "5/58"
|
||
|
},
|
||
|
{
|
||
|
"category": "Other",
|
||
|
"comment": "Microsoft Compiled HTML Help (CHM)",
|
||
|
"deleted": false,
|
||
|
"disable_correlation": false,
|
||
|
"object_relation": "last-submission",
|
||
|
"timestamp": "1513852270",
|
||
|
"to_ids": false,
|
||
|
"type": "datetime",
|
||
|
"uuid": "5a3b8d6e-51ac-4ac0-a07c-4eb602de0b81",
|
||
|
"value": "2017-12-21T06:42:48"
|
||
|
}
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"comment": "",
|
||
|
"deleted": false,
|
||
|
"description": "File object describing a file with meta-information",
|
||
|
"meta-category": "file",
|
||
|
"name": "file",
|
||
|
"template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215",
|
||
|
"template_version": "7",
|
||
|
"timestamp": "1513852273",
|
||
|
"uuid": "37b63b78-21dd-47c0-9d23-3630e7cf8646",
|
||
|
"ObjectReference": [
|
||
|
{
|
||
|
"comment": "",
|
||
|
"object_uuid": "37b63b78-21dd-47c0-9d23-3630e7cf8646",
|
||
|
"referenced_uuid": "e69882c0-3bc4-47cc-a0bb-c0656d6b9d56",
|
||
|
"relationship_type": "analysed-with",
|
||
|
"timestamp": "1514468223",
|
||
|
"uuid": "5a3b8d72-dacc-4d9c-9a62-4d1f02de0b81"
|
||
|
}
|
||
|
],
|
||
|
"Attribute": [
|
||
|
{
|
||
|
"category": "Payload delivery",
|
||
|
"comment": "PyInstaller",
|
||
|
"deleted": false,
|
||
|
"disable_correlation": false,
|
||
|
"object_relation": "sha1",
|
||
|
"timestamp": "1513852270",
|
||
|
"to_ids": true,
|
||
|
"type": "sha1",
|
||
|
"uuid": "5a3b8d6e-e4d0-413c-adea-4ab002de0b81",
|
||
|
"value": "d9476b3018be277da1aa2b03543166a1a8d1ff03"
|
||
|
},
|
||
|
{
|
||
|
"category": "Payload delivery",
|
||
|
"comment": "PyInstaller",
|
||
|
"deleted": false,
|
||
|
"disable_correlation": false,
|
||
|
"object_relation": "md5",
|
||
|
"timestamp": "1513852270",
|
||
|
"to_ids": true,
|
||
|
"type": "md5",
|
||
|
"uuid": "5a3b8d6e-33d0-441a-aadb-414d02de0b81",
|
||
|
"value": "2dfebcb60dfa706e2a9c6e73709ebff5"
|
||
|
},
|
||
|
{
|
||
|
"category": "Payload delivery",
|
||
|
"comment": "PyInstaller",
|
||
|
"deleted": false,
|
||
|
"disable_correlation": false,
|
||
|
"object_relation": "sha256",
|
||
|
"timestamp": "1513852270",
|
||
|
"to_ids": true,
|
||
|
"type": "sha256",
|
||
|
"uuid": "5a3b8d6e-3f3c-47b9-a64c-4b4802de0b81",
|
||
|
"value": "eab612e333baaec0709f3f213f73388607e495d8af9a2851f352481e996283f1"
|
||
|
}
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"comment": "",
|
||
|
"deleted": false,
|
||
|
"description": "VirusTotal report",
|
||
|
"meta-category": "misc",
|
||
|
"name": "virustotal-report",
|
||
|
"template_uuid": "d7dd0154-e04f-4c34-a2fb-79f3a3a52aa4",
|
||
|
"template_version": "1",
|
||
|
"timestamp": "1513852270",
|
||
|
"uuid": "e69882c0-3bc4-47cc-a0bb-c0656d6b9d56",
|
||
|
"Attribute": [
|
||
|
{
|
||
|
"category": "External analysis",
|
||
|
"comment": "PyInstaller",
|
||
|
"deleted": false,
|
||
|
"disable_correlation": false,
|
||
|
"object_relation": "permalink",
|
||
|
"timestamp": "1513852270",
|
||
|
"to_ids": false,
|
||
|
"type": "link",
|
||
|
"uuid": "5a3b8d6e-6c80-4b21-b06d-4fea02de0b81",
|
||
|
"value": "https://www.virustotal.com/file/eab612e333baaec0709f3f213f73388607e495d8af9a2851f352481e996283f1/analysis/1513817527/"
|
||
|
},
|
||
|
{
|
||
|
"category": "Other",
|
||
|
"comment": "PyInstaller",
|
||
|
"deleted": false,
|
||
|
"disable_correlation": true,
|
||
|
"object_relation": "detection-ratio",
|
||
|
"timestamp": "1513852270",
|
||
|
"to_ids": false,
|
||
|
"type": "text",
|
||
|
"uuid": "5a3b8d6e-f208-4343-8b16-4e0e02de0b81",
|
||
|
"value": "5/67"
|
||
|
},
|
||
|
{
|
||
|
"category": "Other",
|
||
|
"comment": "PyInstaller",
|
||
|
"deleted": false,
|
||
|
"disable_correlation": false,
|
||
|
"object_relation": "last-submission",
|
||
|
"timestamp": "1513852270",
|
||
|
"to_ids": false,
|
||
|
"type": "datetime",
|
||
|
"uuid": "5a3b8d6e-b7ec-4657-9534-422a02de0b81",
|
||
|
"value": "2017-12-21T00:52:07"
|
||
|
}
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"comment": "",
|
||
|
"deleted": false,
|
||
|
"description": "File object describing a file with meta-information",
|
||
|
"meta-category": "file",
|
||
|
"name": "file",
|
||
|
"template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215",
|
||
|
"template_version": "7",
|
||
|
"timestamp": "1513852273",
|
||
|
"uuid": "c126b790-4339-4aae-ae09-8907102e1a25",
|
||
|
"ObjectReference": [
|
||
|
{
|
||
|
"comment": "",
|
||
|
"object_uuid": "c126b790-4339-4aae-ae09-8907102e1a25",
|
||
|
"referenced_uuid": "2b6f8da3-f975-46ce-b203-b6a2f7db28ff",
|
||
|
"relationship_type": "analysed-with",
|
||
|
"timestamp": "1514468223",
|
||
|
"uuid": "5a3b8d72-8174-48c1-a73d-4bc502de0b81"
|
||
|
}
|
||
|
],
|
||
|
"Attribute": [
|
||
|
{
|
||
|
"category": "Payload delivery",
|
||
|
"comment": "JavaScript",
|
||
|
"deleted": false,
|
||
|
"disable_correlation": false,
|
||
|
"object_relation": "sha1",
|
||
|
"timestamp": "1513852270",
|
||
|
"to_ids": true,
|
||
|
"type": "sha1",
|
||
|
"uuid": "5a3b8d6e-733c-453f-8b79-412d02de0b81",
|
||
|
"value": "2e344cb889843233ff54e95dd0c5956489d07b7d"
|
||
|
},
|
||
|
{
|
||
|
"category": "Payload delivery",
|
||
|
"comment": "JavaScript",
|
||
|
"deleted": false,
|
||
|
"disable_correlation": false,
|
||
|
"object_relation": "md5",
|
||
|
"timestamp": "1513852270",
|
||
|
"to_ids": true,
|
||
|
"type": "md5",
|
||
|
"uuid": "5a3b8d6e-2930-4e59-a960-453402de0b81",
|
||
|
"value": "239aaff9c0c7b0317df0d0c409780d11"
|
||
|
},
|
||
|
{
|
||
|
"category": "Payload delivery",
|
||
|
"comment": "JavaScript",
|
||
|
"deleted": false,
|
||
|
"disable_correlation": false,
|
||
|
"object_relation": "sha256",
|
||
|
"timestamp": "1513852270",
|
||
|
"to_ids": true,
|
||
|
"type": "sha256",
|
||
|
"uuid": "5a3b8d6e-ace8-4ac9-9760-4c3402de0b81",
|
||
|
"value": "e7581e1f112edc7e9fbb0383dd5780c4f2dd9923c4acc09b407f718ab6f7753d"
|
||
|
}
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"comment": "",
|
||
|
"deleted": false,
|
||
|
"description": "VirusTotal report",
|
||
|
"meta-category": "misc",
|
||
|
"name": "virustotal-report",
|
||
|
"template_uuid": "d7dd0154-e04f-4c34-a2fb-79f3a3a52aa4",
|
||
|
"template_version": "1",
|
||
|
"timestamp": "1513852270",
|
||
|
"uuid": "2b6f8da3-f975-46ce-b203-b6a2f7db28ff",
|
||
|
"Attribute": [
|
||
|
{
|
||
|
"category": "External analysis",
|
||
|
"comment": "JavaScript",
|
||
|
"deleted": false,
|
||
|
"disable_correlation": false,
|
||
|
"object_relation": "permalink",
|
||
|
"timestamp": "1513852270",
|
||
|
"to_ids": false,
|
||
|
"type": "link",
|
||
|
"uuid": "5a3b8d6e-4490-4dc7-aba8-4b3f02de0b81",
|
||
|
"value": "https://www.virustotal.com/file/e7581e1f112edc7e9fbb0383dd5780c4f2dd9923c4acc09b407f718ab6f7753d/analysis/1513838712/"
|
||
|
},
|
||
|
{
|
||
|
"category": "Other",
|
||
|
"comment": "JavaScript",
|
||
|
"deleted": false,
|
||
|
"disable_correlation": true,
|
||
|
"object_relation": "detection-ratio",
|
||
|
"timestamp": "1513852270",
|
||
|
"to_ids": false,
|
||
|
"type": "text",
|
||
|
"uuid": "5a3b8d6e-45e8-4092-81fb-47ec02de0b81",
|
||
|
"value": "13/60"
|
||
|
},
|
||
|
{
|
||
|
"category": "Other",
|
||
|
"comment": "JavaScript",
|
||
|
"deleted": false,
|
||
|
"disable_correlation": false,
|
||
|
"object_relation": "last-submission",
|
||
|
"timestamp": "1513852270",
|
||
|
"to_ids": false,
|
||
|
"type": "datetime",
|
||
|
"uuid": "5a3b8d6e-7044-4462-82ac-4c3b02de0b81",
|
||
|
"value": "2017-12-21T06:45:12"
|
||
|
}
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"comment": "",
|
||
|
"deleted": false,
|
||
|
"description": "File object describing a file with meta-information",
|
||
|
"meta-category": "file",
|
||
|
"name": "file",
|
||
|
"template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215",
|
||
|
"template_version": "7",
|
||
|
"timestamp": "1513852273",
|
||
|
"uuid": "4abea3bf-4859-444d-9735-ef6c73e34c7f",
|
||
|
"ObjectReference": [
|
||
|
{
|
||
|
"comment": "",
|
||
|
"object_uuid": "4abea3bf-4859-444d-9735-ef6c73e34c7f",
|
||
|
"referenced_uuid": "b3041cbd-a853-482a-af11-4b0b34855339",
|
||
|
"relationship_type": "analysed-with",
|
||
|
"timestamp": "1514468223",
|
||
|
"uuid": "5a3b8d72-4310-4b8b-81dc-4a0f02de0b81"
|
||
|
}
|
||
|
],
|
||
|
"Attribute": [
|
||
|
{
|
||
|
"category": "Payload delivery",
|
||
|
"comment": "Microsoft Compiled HTML Help (CHM)",
|
||
|
"deleted": false,
|
||
|
"disable_correlation": false,
|
||
|
"object_relation": "sha1",
|
||
|
"timestamp": "1513852270",
|
||
|
"to_ids": true,
|
||
|
"type": "sha1",
|
||
|
"uuid": "5a3b8d6e-c598-42bd-8a4a-418602de0b81",
|
||
|
"value": "46a1d019c1069a8da16224ba6e964d929f42f204"
|
||
|
},
|
||
|
{
|
||
|
"category": "Payload delivery",
|
||
|
"comment": "Microsoft Compiled HTML Help (CHM)",
|
||
|
"deleted": false,
|
||
|
"disable_correlation": false,
|
||
|
"object_relation": "md5",
|
||
|
"timestamp": "1513852270",
|
||
|
"to_ids": true,
|
||
|
"type": "md5",
|
||
|
"uuid": "5a3b8d6e-ea60-4ea8-815b-432f02de0b81",
|
||
|
"value": "e3fc2fbc512b90c54d81989cf42bb885"
|
||
|
},
|
||
|
{
|
||
|
"category": "Payload delivery",
|
||
|
"comment": "Microsoft Compiled HTML Help (CHM)",
|
||
|
"deleted": false,
|
||
|
"disable_correlation": false,
|
||
|
"object_relation": "sha256",
|
||
|
"timestamp": "1513852270",
|
||
|
"to_ids": true,
|
||
|
"type": "sha256",
|
||
|
"uuid": "5a3b8d6e-6364-4736-8513-445602de0b81",
|
||
|
"value": "6cb1e9850dd853880bbaf68ea23243bac9c430df576fa1e679d7f26d56785984"
|
||
|
}
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"comment": "",
|
||
|
"deleted": false,
|
||
|
"description": "VirusTotal report",
|
||
|
"meta-category": "misc",
|
||
|
"name": "virustotal-report",
|
||
|
"template_uuid": "d7dd0154-e04f-4c34-a2fb-79f3a3a52aa4",
|
||
|
"template_version": "1",
|
||
|
"timestamp": "1513852270",
|
||
|
"uuid": "b3041cbd-a853-482a-af11-4b0b34855339",
|
||
|
"Attribute": [
|
||
|
{
|
||
|
"category": "External analysis",
|
||
|
"comment": "Microsoft Compiled HTML Help (CHM)",
|
||
|
"deleted": false,
|
||
|
"disable_correlation": false,
|
||
|
"object_relation": "permalink",
|
||
|
"timestamp": "1513852270",
|
||
|
"to_ids": false,
|
||
|
"type": "link",
|
||
|
"uuid": "5a3b8d6e-5b08-4536-9383-406602de0b81",
|
||
|
"value": "https://www.virustotal.com/file/6cb1e9850dd853880bbaf68ea23243bac9c430df576fa1e679d7f26d56785984/analysis/1513799413/"
|
||
|
},
|
||
|
{
|
||
|
"category": "Other",
|
||
|
"comment": "Microsoft Compiled HTML Help (CHM)",
|
||
|
"deleted": false,
|
||
|
"disable_correlation": true,
|
||
|
"object_relation": "detection-ratio",
|
||
|
"timestamp": "1513852270",
|
||
|
"to_ids": false,
|
||
|
"type": "text",
|
||
|
"uuid": "5a3b8d6e-06dc-40b3-a095-430002de0b81",
|
||
|
"value": "1/60"
|
||
|
},
|
||
|
{
|
||
|
"category": "Other",
|
||
|
"comment": "Microsoft Compiled HTML Help (CHM)",
|
||
|
"deleted": false,
|
||
|
"disable_correlation": false,
|
||
|
"object_relation": "last-submission",
|
||
|
"timestamp": "1513852270",
|
||
|
"to_ids": false,
|
||
|
"type": "datetime",
|
||
|
"uuid": "5a3b8d6e-b828-4f2b-967d-406902de0b81",
|
||
|
"value": "2017-12-20T19:50:13"
|
||
|
}
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"comment": "",
|
||
|
"deleted": false,
|
||
|
"description": "File object describing a file with meta-information",
|
||
|
"meta-category": "file",
|
||
|
"name": "file",
|
||
|
"template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215",
|
||
|
"template_version": "7",
|
||
|
"timestamp": "1513852273",
|
||
|
"uuid": "1c816f49-c77c-4c10-8f5a-c738b2f91fd2",
|
||
|
"ObjectReference": [
|
||
|
{
|
||
|
"comment": "",
|
||
|
"object_uuid": "1c816f49-c77c-4c10-8f5a-c738b2f91fd2",
|
||
|
"referenced_uuid": "a15c3c61-18d5-4e2c-a4e6-f783b2dbb325",
|
||
|
"relationship_type": "analysed-with",
|
||
|
"timestamp": "1514468223",
|
||
|
"uuid": "5a3b8d73-35a4-4181-89f3-465202de0b81"
|
||
|
}
|
||
|
],
|
||
|
"Attribute": [
|
||
|
{
|
||
|
"category": "Payload delivery",
|
||
|
"comment": "Microsoft Compiled HTML Help (CHM)",
|
||
|
"deleted": false,
|
||
|
"disable_correlation": false,
|
||
|
"object_relation": "sha1",
|
||
|
"timestamp": "1513852270",
|
||
|
"to_ids": true,
|
||
|
"type": "sha1",
|
||
|
"uuid": "5a3b8d6e-a964-486c-ba41-4e9002de0b81",
|
||
|
"value": "88554b0b8066cb059f9fc06d2620d84737251a29"
|
||
|
},
|
||
|
{
|
||
|
"category": "Payload delivery",
|
||
|
"comment": "Microsoft Compiled HTML Help (CHM)",
|
||
|
"deleted": false,
|
||
|
"disable_correlation": false,
|
||
|
"object_relation": "md5",
|
||
|
"timestamp": "1513852270",
|
||
|
"to_ids": true,
|
||
|
"type": "md5",
|
||
|
"uuid": "5a3b8d6e-4d8c-491b-b485-46a202de0b81",
|
||
|
"value": "9e36b094d9769025699804f10c9a6523"
|
||
|
},
|
||
|
{
|
||
|
"category": "Payload delivery",
|
||
|
"comment": "Microsoft Compiled HTML Help (CHM)",
|
||
|
"deleted": false,
|
||
|
"disable_correlation": false,
|
||
|
"object_relation": "sha256",
|
||
|
"timestamp": "1513852270",
|
||
|
"to_ids": true,
|
||
|
"type": "sha256",
|
||
|
"uuid": "5a3b8d6e-15a4-433b-ad8b-420202de0b81",
|
||
|
"value": "d5f9a81df5061c69be9c0ed55fba7d796e1a8ebab7c609ae437c574bd7b30b48"
|
||
|
}
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"comment": "",
|
||
|
"deleted": false,
|
||
|
"description": "VirusTotal report",
|
||
|
"meta-category": "misc",
|
||
|
"name": "virustotal-report",
|
||
|
"template_uuid": "d7dd0154-e04f-4c34-a2fb-79f3a3a52aa4",
|
||
|
"template_version": "1",
|
||
|
"timestamp": "1513852270",
|
||
|
"uuid": "a15c3c61-18d5-4e2c-a4e6-f783b2dbb325",
|
||
|
"Attribute": [
|
||
|
{
|
||
|
"category": "External analysis",
|
||
|
"comment": "Microsoft Compiled HTML Help (CHM)",
|
||
|
"deleted": false,
|
||
|
"disable_correlation": false,
|
||
|
"object_relation": "permalink",
|
||
|
"timestamp": "1513852270",
|
||
|
"to_ids": false,
|
||
|
"type": "link",
|
||
|
"uuid": "5a3b8d6e-ea9c-4bfb-b455-4ce102de0b81",
|
||
|
"value": "https://www.virustotal.com/file/d5f9a81df5061c69be9c0ed55fba7d796e1a8ebab7c609ae437c574bd7b30b48/analysis/1513838389/"
|
||
|
},
|
||
|
{
|
||
|
"category": "Other",
|
||
|
"comment": "Microsoft Compiled HTML Help (CHM)",
|
||
|
"deleted": false,
|
||
|
"disable_correlation": true,
|
||
|
"object_relation": "detection-ratio",
|
||
|
"timestamp": "1513852270",
|
||
|
"to_ids": false,
|
||
|
"type": "text",
|
||
|
"uuid": "5a3b8d6e-51d4-49fd-90c6-4f9102de0b81",
|
||
|
"value": "2/58"
|
||
|
},
|
||
|
{
|
||
|
"category": "Other",
|
||
|
"comment": "Microsoft Compiled HTML Help (CHM)",
|
||
|
"deleted": false,
|
||
|
"disable_correlation": false,
|
||
|
"object_relation": "last-submission",
|
||
|
"timestamp": "1513852270",
|
||
|
"to_ids": false,
|
||
|
"type": "datetime",
|
||
|
"uuid": "5a3b8d6e-5724-489a-b982-418e02de0b81",
|
||
|
"value": "2017-12-21T06:39:49"
|
||
|
}
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"comment": "",
|
||
|
"deleted": false,
|
||
|
"description": "File object describing a file with meta-information",
|
||
|
"meta-category": "file",
|
||
|
"name": "file",
|
||
|
"template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215",
|
||
|
"template_version": "7",
|
||
|
"timestamp": "1513852273",
|
||
|
"uuid": "179729f6-02e1-4594-b57f-f7db7e366b4b",
|
||
|
"ObjectReference": [
|
||
|
{
|
||
|
"comment": "",
|
||
|
"object_uuid": "179729f6-02e1-4594-b57f-f7db7e366b4b",
|
||
|
"referenced_uuid": "6271f662-ebe5-449b-a28c-21625cb04c44",
|
||
|
"relationship_type": "analysed-with",
|
||
|
"timestamp": "1514468223",
|
||
|
"uuid": "5a3b8d73-c474-4c0d-901f-4f7702de0b81"
|
||
|
}
|
||
|
],
|
||
|
"Attribute": [
|
||
|
{
|
||
|
"category": "Payload delivery",
|
||
|
"comment": "PowerSpritz",
|
||
|
"deleted": false,
|
||
|
"disable_correlation": false,
|
||
|
"object_relation": "sha1",
|
||
|
"timestamp": "1513852271",
|
||
|
"to_ids": true,
|
||
|
"type": "sha1",
|
||
|
"uuid": "5a3b8d6f-8544-462a-ba97-4c4902de0b81",
|
||
|
"value": "cc90c650a08de597b12620627dd89cc83741a889"
|
||
|
},
|
||
|
{
|
||
|
"category": "Payload delivery",
|
||
|
"comment": "PowerSpritz",
|
||
|
"deleted": false,
|
||
|
"disable_correlation": false,
|
||
|
"object_relation": "md5",
|
||
|
"timestamp": "1513852271",
|
||
|
"to_ids": true,
|
||
|
"type": "md5",
|
||
|
"uuid": "5a3b8d6f-15e4-4d43-b9e5-459302de0b81",
|
||
|
"value": "b82f3e54bb97d4f92dc7c777f2e765ab"
|
||
|
},
|
||
|
{
|
||
|
"category": "Payload delivery",
|
||
|
"comment": "PowerSpritz",
|
||
|
"deleted": false,
|
||
|
"disable_correlation": false,
|
||
|
"object_relation": "sha256",
|
||
|
"timestamp": "1513852271",
|
||
|
"to_ids": true,
|
||
|
"type": "sha256",
|
||
|
"uuid": "5a3b8d6f-0764-458a-aae0-414e02de0b81",
|
||
|
"value": "5a162898a38601e41d538f067eaf81d6a038268bc52a86cf13c2e43ca2487c07"
|
||
|
}
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"comment": "",
|
||
|
"deleted": false,
|
||
|
"description": "VirusTotal report",
|
||
|
"meta-category": "misc",
|
||
|
"name": "virustotal-report",
|
||
|
"template_uuid": "d7dd0154-e04f-4c34-a2fb-79f3a3a52aa4",
|
||
|
"template_version": "1",
|
||
|
"timestamp": "1513852271",
|
||
|
"uuid": "6271f662-ebe5-449b-a28c-21625cb04c44",
|
||
|
"Attribute": [
|
||
|
{
|
||
|
"category": "External analysis",
|
||
|
"comment": "PowerSpritz",
|
||
|
"deleted": false,
|
||
|
"disable_correlation": false,
|
||
|
"object_relation": "permalink",
|
||
|
"timestamp": "1513852271",
|
||
|
"to_ids": false,
|
||
|
"type": "link",
|
||
|
"uuid": "5a3b8d6f-7efc-47e1-be51-4cbc02de0b81",
|
||
|
"value": "https://www.virustotal.com/file/5a162898a38601e41d538f067eaf81d6a038268bc52a86cf13c2e43ca2487c07/analysis/1513817159/"
|
||
|
},
|
||
|
{
|
||
|
"category": "Other",
|
||
|
"comment": "PowerSpritz",
|
||
|
"deleted": false,
|
||
|
"disable_correlation": true,
|
||
|
"object_relation": "detection-ratio",
|
||
|
"timestamp": "1513852271",
|
||
|
"to_ids": false,
|
||
|
"type": "text",
|
||
|
"uuid": "5a3b8d6f-2e30-4086-a21b-4f7f02de0b81",
|
||
|
"value": "20/67"
|
||
|
},
|
||
|
{
|
||
|
"category": "Other",
|
||
|
"comment": "PowerSpritz",
|
||
|
"deleted": false,
|
||
|
"disable_correlation": false,
|
||
|
"object_relation": "last-submission",
|
||
|
"timestamp": "1513852271",
|
||
|
"to_ids": false,
|
||
|
"type": "datetime",
|
||
|
"uuid": "5a3b8d6f-5c18-4049-adc0-4f3502de0b81",
|
||
|
"value": "2017-12-21T00:45:59"
|
||
|
}
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"comment": "",
|
||
|
"deleted": false,
|
||
|
"description": "File object describing a file with meta-information",
|
||
|
"meta-category": "file",
|
||
|
"name": "file",
|
||
|
"template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215",
|
||
|
"template_version": "7",
|
||
|
"timestamp": "1513852274",
|
||
|
"uuid": "0b7d5bd6-9d5e-45e3-8ae5-ed7a9cf4f4ea",
|
||
|
"ObjectReference": [
|
||
|
{
|
||
|
"comment": "",
|
||
|
"object_uuid": "0b7d5bd6-9d5e-45e3-8ae5-ed7a9cf4f4ea",
|
||
|
"referenced_uuid": "75f57830-e3b2-4daf-bd31-5b69941c370d",
|
||
|
"relationship_type": "analysed-with",
|
||
|
"timestamp": "1514468223",
|
||
|
"uuid": "5a3b8d73-7288-44b8-be2e-4b3502de0b81"
|
||
|
}
|
||
|
],
|
||
|
"Attribute": [
|
||
|
{
|
||
|
"category": "Payload delivery",
|
||
|
"comment": "Microsoft Compiled HTML Help (CHM)",
|
||
|
"deleted": false,
|
||
|
"disable_correlation": false,
|
||
|
"object_relation": "sha1",
|
||
|
"timestamp": "1513852271",
|
||
|
"to_ids": true,
|
||
|
"type": "sha1",
|
||
|
"uuid": "5a3b8d6f-dd38-41ee-8df9-499502de0b81",
|
||
|
"value": "8fd089df71a5f48098dc41886631ea6604f108e9"
|
||
|
},
|
||
|
{
|
||
|
"category": "Payload delivery",
|
||
|
"comment": "Microsoft Compiled HTML Help (CHM)",
|
||
|
"deleted": false,
|
||
|
"disable_correlation": false,
|
||
|
"object_relation": "md5",
|
||
|
"timestamp": "1513852271",
|
||
|
"to_ids": true,
|
||
|
"type": "md5",
|
||
|
"uuid": "5a3b8d6f-8480-47ec-a9e6-4ebf02de0b81",
|
||
|
"value": "dc688e6ddd3a1298dd372ec7d0ccb1fb"
|
||
|
},
|
||
|
{
|
||
|
"category": "Payload delivery",
|
||
|
"comment": "Microsoft Compiled HTML Help (CHM)",
|
||
|
"deleted": false,
|
||
|
"disable_correlation": false,
|
||
|
"object_relation": "sha256",
|
||
|
"timestamp": "1513852271",
|
||
|
"to_ids": true,
|
||
|
"type": "sha256",
|
||
|
"uuid": "5a3b8d6f-c678-4461-b51c-4f7802de0b81",
|
||
|
"value": "9d10911a7bbf26f58b5e39342540761885422b878617f864bfdb16195b7cd0f5"
|
||
|
}
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"comment": "",
|
||
|
"deleted": false,
|
||
|
"description": "VirusTotal report",
|
||
|
"meta-category": "misc",
|
||
|
"name": "virustotal-report",
|
||
|
"template_uuid": "d7dd0154-e04f-4c34-a2fb-79f3a3a52aa4",
|
||
|
"template_version": "1",
|
||
|
"timestamp": "1513852271",
|
||
|
"uuid": "75f57830-e3b2-4daf-bd31-5b69941c370d",
|
||
|
"Attribute": [
|
||
|
{
|
||
|
"category": "External analysis",
|
||
|
"comment": "Microsoft Compiled HTML Help (CHM)",
|
||
|
"deleted": false,
|
||
|
"disable_correlation": false,
|
||
|
"object_relation": "permalink",
|
||
|
"timestamp": "1513852271",
|
||
|
"to_ids": false,
|
||
|
"type": "link",
|
||
|
"uuid": "5a3b8d6f-0184-44c0-826a-4d4202de0b81",
|
||
|
"value": "https://www.virustotal.com/file/9d10911a7bbf26f58b5e39342540761885422b878617f864bfdb16195b7cd0f5/analysis/1513817043/"
|
||
|
},
|
||
|
{
|
||
|
"category": "Other",
|
||
|
"comment": "Microsoft Compiled HTML Help (CHM)",
|
||
|
"deleted": false,
|
||
|
"disable_correlation": true,
|
||
|
"object_relation": "detection-ratio",
|
||
|
"timestamp": "1513852271",
|
||
|
"to_ids": false,
|
||
|
"type": "text",
|
||
|
"uuid": "5a3b8d6f-3270-4051-bd93-4f5702de0b81",
|
||
|
"value": "1/59"
|
||
|
},
|
||
|
{
|
||
|
"category": "Other",
|
||
|
"comment": "Microsoft Compiled HTML Help (CHM)",
|
||
|
"deleted": false,
|
||
|
"disable_correlation": false,
|
||
|
"object_relation": "last-submission",
|
||
|
"timestamp": "1513852271",
|
||
|
"to_ids": false,
|
||
|
"type": "datetime",
|
||
|
"uuid": "5a3b8d6f-07d0-4732-bb27-404d02de0b81",
|
||
|
"value": "2017-12-21T00:44:03"
|
||
|
}
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"comment": "",
|
||
|
"deleted": false,
|
||
|
"description": "File object describing a file with meta-information",
|
||
|
"meta-category": "file",
|
||
|
"name": "file",
|
||
|
"template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215",
|
||
|
"template_version": "7",
|
||
|
"timestamp": "1513852274",
|
||
|
"uuid": "3529ee04-a201-4e52-a164-1e5c4a096897",
|
||
|
"ObjectReference": [
|
||
|
{
|
||
|
"comment": "",
|
||
|
"object_uuid": "3529ee04-a201-4e52-a164-1e5c4a096897",
|
||
|
"referenced_uuid": "24b51380-5e74-4cc3-9d40-a9bf23181402",
|
||
|
"relationship_type": "analysed-with",
|
||
|
"timestamp": "1514468223",
|
||
|
"uuid": "5a3b8d73-d7f4-4610-959c-44e602de0b81"
|
||
|
}
|
||
|
],
|
||
|
"Attribute": [
|
||
|
{
|
||
|
"category": "Payload delivery",
|
||
|
"comment": "PowerRatankba",
|
||
|
"deleted": false,
|
||
|
"disable_correlation": false,
|
||
|
"object_relation": "sha1",
|
||
|
"timestamp": "1513852271",
|
||
|
"to_ids": true,
|
||
|
"type": "sha1",
|
||
|
"uuid": "5a3b8d6f-c2fc-4d0e-aff0-4bff02de0b81",
|
||
|
"value": "d851ff7b371d15bf03a670e45ec5df327406ab45"
|
||
|
},
|
||
|
{
|
||
|
"category": "Payload delivery",
|
||
|
"comment": "PowerRatankba",
|
||
|
"deleted": false,
|
||
|
"disable_correlation": false,
|
||
|
"object_relation": "md5",
|
||
|
"timestamp": "1513852271",
|
||
|
"to_ids": true,
|
||
|
"type": "md5",
|
||
|
"uuid": "5a3b8d6f-b1c0-4667-8fe6-44d002de0b81",
|
||
|
"value": "6c360e9a6f933bf172591a81881ca79b"
|
||
|
},
|
||
|
{
|
||
|
"category": "Payload delivery",
|
||
|
"comment": "PowerRatankba",
|
||
|
"deleted": false,
|
||
|
"disable_correlation": false,
|
||
|
"object_relation": "sha256",
|
||
|
"timestamp": "1513852271",
|
||
|
"to_ids": true,
|
||
|
"type": "sha256",
|
||
|
"uuid": "5a3b8d6f-9dc8-4dda-86f6-480902de0b81",
|
||
|
"value": "f7f2dd674532056c0d67ef1fb7c8ae8dd0484768604b551ee9b6c4405008fe6b"
|
||
|
}
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"comment": "",
|
||
|
"deleted": false,
|
||
|
"description": "VirusTotal report",
|
||
|
"meta-category": "misc",
|
||
|
"name": "virustotal-report",
|
||
|
"template_uuid": "d7dd0154-e04f-4c34-a2fb-79f3a3a52aa4",
|
||
|
"template_version": "1",
|
||
|
"timestamp": "1513852271",
|
||
|
"uuid": "24b51380-5e74-4cc3-9d40-a9bf23181402",
|
||
|
"Attribute": [
|
||
|
{
|
||
|
"category": "External analysis",
|
||
|
"comment": "PowerRatankba",
|
||
|
"deleted": false,
|
||
|
"disable_correlation": false,
|
||
|
"object_relation": "permalink",
|
||
|
"timestamp": "1513852271",
|
||
|
"to_ids": false,
|
||
|
"type": "link",
|
||
|
"uuid": "5a3b8d6f-6bb4-4ed4-b0db-447202de0b81",
|
||
|
"value": "https://www.virustotal.com/file/f7f2dd674532056c0d67ef1fb7c8ae8dd0484768604b551ee9b6c4405008fe6b/analysis/1513799419/"
|
||
|
},
|
||
|
{
|
||
|
"category": "Other",
|
||
|
"comment": "PowerRatankba",
|
||
|
"deleted": false,
|
||
|
"disable_correlation": true,
|
||
|
"object_relation": "detection-ratio",
|
||
|
"timestamp": "1513852271",
|
||
|
"to_ids": false,
|
||
|
"type": "text",
|
||
|
"uuid": "5a3b8d6f-4e5c-4ba9-a6bc-41e902de0b81",
|
||
|
"value": "1/60"
|
||
|
},
|
||
|
{
|
||
|
"category": "Other",
|
||
|
"comment": "PowerRatankba",
|
||
|
"deleted": false,
|
||
|
"disable_correlation": false,
|
||
|
"object_relation": "last-submission",
|
||
|
"timestamp": "1513852271",
|
||
|
"to_ids": false,
|
||
|
"type": "datetime",
|
||
|
"uuid": "5a3b8d6f-22f4-49de-b3a4-4fa202de0b81",
|
||
|
"value": "2017-12-20T19:50:19"
|
||
|
}
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"comment": "",
|
||
|
"deleted": false,
|
||
|
"description": "File object describing a file with meta-information",
|
||
|
"meta-category": "file",
|
||
|
"name": "file",
|
||
|
"template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215",
|
||
|
"template_version": "7",
|
||
|
"timestamp": "1513852274",
|
||
|
"uuid": "685f8167-ca1f-4f25-8ba4-cdf2aa6dae57",
|
||
|
"ObjectReference": [
|
||
|
{
|
||
|
"comment": "",
|
||
|
"object_uuid": "685f8167-ca1f-4f25-8ba4-cdf2aa6dae57",
|
||
|
"referenced_uuid": "c1983f91-67eb-48b3-a8dc-df000704bef3",
|
||
|
"relationship_type": "analysed-with",
|
||
|
"timestamp": "1514468223",
|
||
|
"uuid": "5a3b8d73-ae44-4540-b4ff-425102de0b81"
|
||
|
}
|
||
|
],
|
||
|
"Attribute": [
|
||
|
{
|
||
|
"category": "Payload delivery",
|
||
|
"comment": "PowerRatankba",
|
||
|
"deleted": false,
|
||
|
"disable_correlation": false,
|
||
|
"object_relation": "sha1",
|
||
|
"timestamp": "1513852271",
|
||
|
"to_ids": true,
|
||
|
"type": "sha1",
|
||
|
"uuid": "5a3b8d6f-b4fc-4a72-b66a-48f502de0b81",
|
||
|
"value": "9cc396887f57d1d266644cbefed48f33880fb218"
|
||
|
},
|
||
|
{
|
||
|
"category": "Payload delivery",
|
||
|
"comment": "PowerRatankba",
|
||
|
"deleted": false,
|
||
|
"disable_correlation": false,
|
||
|
"object_relation": "md5",
|
||
|
"timestamp": "1513852271",
|
||
|
"to_ids": true,
|
||
|
"type": "md5",
|
||
|
"uuid": "5a3b8d6f-8b88-4c30-a87a-4d5d02de0b81",
|
||
|
"value": "ed2cace34381b6bbeb98af31e73e7904"
|
||
|
},
|
||
|
{
|
||
|
"category": "Payload delivery",
|
||
|
"comment": "PowerRatankba",
|
||
|
"deleted": false,
|
||
|
"disable_correlation": false,
|
||
|
"object_relation": "sha256",
|
||
|
"timestamp": "1513852271",
|
||
|
"to_ids": true,
|
||
|
"type": "sha256",
|
||
|
"uuid": "5a3b8d6f-ab60-4697-8347-4bf402de0b81",
|
||
|
"value": "db8163d054a35522d0dec35743cfd2c9872e0eb446467b573a79f84d61761471"
|
||
|
}
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"comment": "",
|
||
|
"deleted": false,
|
||
|
"description": "VirusTotal report",
|
||
|
"meta-category": "misc",
|
||
|
"name": "virustotal-report",
|
||
|
"template_uuid": "d7dd0154-e04f-4c34-a2fb-79f3a3a52aa4",
|
||
|
"template_version": "1",
|
||
|
"timestamp": "1513852271",
|
||
|
"uuid": "c1983f91-67eb-48b3-a8dc-df000704bef3",
|
||
|
"Attribute": [
|
||
|
{
|
||
|
"category": "External analysis",
|
||
|
"comment": "PowerRatankba",
|
||
|
"deleted": false,
|
||
|
"disable_correlation": false,
|
||
|
"object_relation": "permalink",
|
||
|
"timestamp": "1513852271",
|
||
|
"to_ids": false,
|
||
|
"type": "link",
|
||
|
"uuid": "5a3b8d6f-4c64-4ff9-8527-482d02de0b81",
|
||
|
"value": "https://www.virustotal.com/file/db8163d054a35522d0dec35743cfd2c9872e0eb446467b573a79f84d61761471/analysis/1513799418/"
|
||
|
},
|
||
|
{
|
||
|
"category": "Other",
|
||
|
"comment": "PowerRatankba",
|
||
|
"deleted": false,
|
||
|
"disable_correlation": true,
|
||
|
"object_relation": "detection-ratio",
|
||
|
"timestamp": "1513852271",
|
||
|
"to_ids": false,
|
||
|
"type": "text",
|
||
|
"uuid": "5a3b8d6f-f958-4988-a7fb-449202de0b81",
|
||
|
"value": "2/60"
|
||
|
},
|
||
|
{
|
||
|
"category": "Other",
|
||
|
"comment": "PowerRatankba",
|
||
|
"deleted": false,
|
||
|
"disable_correlation": false,
|
||
|
"object_relation": "last-submission",
|
||
|
"timestamp": "1513852271",
|
||
|
"to_ids": false,
|
||
|
"type": "datetime",
|
||
|
"uuid": "5a3b8d6f-86e4-4884-96da-434202de0b81",
|
||
|
"value": "2017-12-20T19:50:18"
|
||
|
}
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"comment": "",
|
||
|
"deleted": false,
|
||
|
"description": "File object describing a file with meta-information",
|
||
|
"meta-category": "file",
|
||
|
"name": "file",
|
||
|
"template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215",
|
||
|
"template_version": "7",
|
||
|
"timestamp": "1513852274",
|
||
|
"uuid": "4d916fb6-5ac9-487a-a45a-b2b5a2a8bd36",
|
||
|
"ObjectReference": [
|
||
|
{
|
||
|
"comment": "",
|
||
|
"object_uuid": "4d916fb6-5ac9-487a-a45a-b2b5a2a8bd36",
|
||
|
"referenced_uuid": "42454a41-4382-4b9b-bfb4-41c779793cd0",
|
||
|
"relationship_type": "analysed-with",
|
||
|
"timestamp": "1514468224",
|
||
|
"uuid": "5a3b8d73-5a00-4e7d-8980-4f3b02de0b81"
|
||
|
}
|
||
|
],
|
||
|
"Attribute": [
|
||
|
{
|
||
|
"category": "Payload delivery",
|
||
|
"comment": "PowerRatankba",
|
||
|
"deleted": false,
|
||
|
"disable_correlation": false,
|
||
|
"object_relation": "sha1",
|
||
|
"timestamp": "1513852271",
|
||
|
"to_ids": true,
|
||
|
"type": "sha1",
|
||
|
"uuid": "5a3b8d6f-e688-4200-b11d-42ba02de0b81",
|
||
|
"value": "97936a1225622bf61f916c629882aab19ff1f1a6"
|
||
|
},
|
||
|
{
|
||
|
"category": "Payload delivery",
|
||
|
"comment": "PowerRatankba",
|
||
|
"deleted": false,
|
||
|
"disable_correlation": false,
|
||
|
"object_relation": "md5",
|
||
|
"timestamp": "1513852271",
|
||
|
"to_ids": true,
|
||
|
"type": "md5",
|
||
|
"uuid": "5a3b8d6f-a798-4a03-8609-487302de0b81",
|
||
|
"value": "5d06ff8f43f631cd2a71a565dd10b7a5"
|
||
|
},
|
||
|
{
|
||
|
"category": "Payload delivery",
|
||
|
"comment": "PowerRatankba",
|
||
|
"deleted": false,
|
||
|
"disable_correlation": false,
|
||
|
"object_relation": "sha256",
|
||
|
"timestamp": "1513852271",
|
||
|
"to_ids": true,
|
||
|
"type": "sha256",
|
||
|
"uuid": "5a3b8d6f-a020-4005-8bd5-4ccb02de0b81",
|
||
|
"value": "d844777dcafcde8622b9472b6cd442c50c3747579868a53a505ef2f5a4f0e26a"
|
||
|
}
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"comment": "",
|
||
|
"deleted": false,
|
||
|
"description": "VirusTotal report",
|
||
|
"meta-category": "misc",
|
||
|
"name": "virustotal-report",
|
||
|
"template_uuid": "d7dd0154-e04f-4c34-a2fb-79f3a3a52aa4",
|
||
|
"template_version": "1",
|
||
|
"timestamp": "1513852271",
|
||
|
"uuid": "42454a41-4382-4b9b-bfb4-41c779793cd0",
|
||
|
"Attribute": [
|
||
|
{
|
||
|
"category": "External analysis",
|
||
|
"comment": "PowerRatankba",
|
||
|
"deleted": false,
|
||
|
"disable_correlation": false,
|
||
|
"object_relation": "permalink",
|
||
|
"timestamp": "1513852271",
|
||
|
"to_ids": false,
|
||
|
"type": "link",
|
||
|
"uuid": "5a3b8d6f-1174-4c32-aa95-45ba02de0b81",
|
||
|
"value": "https://www.virustotal.com/file/d844777dcafcde8622b9472b6cd442c50c3747579868a53a505ef2f5a4f0e26a/analysis/1513799419/"
|
||
|
},
|
||
|
{
|
||
|
"category": "Other",
|
||
|
"comment": "PowerRatankba",
|
||
|
"deleted": false,
|
||
|
"disable_correlation": true,
|
||
|
"object_relation": "detection-ratio",
|
||
|
"timestamp": "1513852271",
|
||
|
"to_ids": false,
|
||
|
"type": "text",
|
||
|
"uuid": "5a3b8d6f-ce28-432d-8ddf-4cda02de0b81",
|
||
|
"value": "1/60"
|
||
|
},
|
||
|
{
|
||
|
"category": "Other",
|
||
|
"comment": "PowerRatankba",
|
||
|
"deleted": false,
|
||
|
"disable_correlation": false,
|
||
|
"object_relation": "last-submission",
|
||
|
"timestamp": "1513852271",
|
||
|
"to_ids": false,
|
||
|
"type": "datetime",
|
||
|
"uuid": "5a3b8d6f-cdcc-4677-83af-44bc02de0b81",
|
||
|
"value": "2017-12-20T19:50:19"
|
||
|
}
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"comment": "",
|
||
|
"deleted": false,
|
||
|
"description": "File object describing a file with meta-information",
|
||
|
"meta-category": "file",
|
||
|
"name": "file",
|
||
|
"template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215",
|
||
|
"template_version": "7",
|
||
|
"timestamp": "1513852274",
|
||
|
"uuid": "a6e3a25b-f46a-4ed8-b0ac-d15d4772c156",
|
||
|
"ObjectReference": [
|
||
|
{
|
||
|
"comment": "",
|
||
|
"object_uuid": "a6e3a25b-f46a-4ed8-b0ac-d15d4772c156",
|
||
|
"referenced_uuid": "e26a7bae-50f5-4b9f-a908-c09d124b96d5",
|
||
|
"relationship_type": "analysed-with",
|
||
|
"timestamp": "1514468224",
|
||
|
"uuid": "5a3b8d73-0238-46ee-ba04-4b8102de0b81"
|
||
|
}
|
||
|
],
|
||
|
"Attribute": [
|
||
|
{
|
||
|
"category": "Payload delivery",
|
||
|
"comment": "PowerRatankba",
|
||
|
"deleted": false,
|
||
|
"disable_correlation": false,
|
||
|
"object_relation": "sha1",
|
||
|
"timestamp": "1513852272",
|
||
|
"to_ids": true,
|
||
|
"type": "sha1",
|
||
|
"uuid": "5a3b8d70-60e0-462c-9ba8-4aaa02de0b81",
|
||
|
"value": "3d34eb23728f443e930885e89485cfc78cc34e07"
|
||
|
},
|
||
|
{
|
||
|
"category": "Payload delivery",
|
||
|
"comment": "PowerRatankba",
|
||
|
"deleted": false,
|
||
|
"disable_correlation": false,
|
||
|
"object_relation": "md5",
|
||
|
"timestamp": "1513852272",
|
||
|
"to_ids": true,
|
||
|
"type": "md5",
|
||
|
"uuid": "5a3b8d70-1c14-44a2-be35-45cd02de0b81",
|
||
|
"value": "cba175498af45dca6970aeee83a6d9f4"
|
||
|
},
|
||
|
{
|
||
|
"category": "Payload delivery",
|
||
|
"comment": "PowerRatankba",
|
||
|
"deleted": false,
|
||
|
"disable_correlation": false,
|
||
|
"object_relation": "sha256",
|
||
|
"timestamp": "1513852272",
|
||
|
"to_ids": true,
|
||
|
"type": "sha256",
|
||
|
"uuid": "5a3b8d70-3b6c-4207-a94f-401b02de0b81",
|
||
|
"value": "41f155f039448edb42c3a566e7b8e150829b97d83109c0c394d199cdcfd20f9b"
|
||
|
}
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"comment": "",
|
||
|
"deleted": false,
|
||
|
"description": "VirusTotal report",
|
||
|
"meta-category": "misc",
|
||
|
"name": "virustotal-report",
|
||
|
"template_uuid": "d7dd0154-e04f-4c34-a2fb-79f3a3a52aa4",
|
||
|
"template_version": "1",
|
||
|
"timestamp": "1513852272",
|
||
|
"uuid": "e26a7bae-50f5-4b9f-a908-c09d124b96d5",
|
||
|
"Attribute": [
|
||
|
{
|
||
|
"category": "External analysis",
|
||
|
"comment": "PowerRatankba",
|
||
|
"deleted": false,
|
||
|
"disable_correlation": false,
|
||
|
"object_relation": "permalink",
|
||
|
"timestamp": "1513852272",
|
||
|
"to_ids": false,
|
||
|
"type": "link",
|
||
|
"uuid": "5a3b8d70-0120-4008-a176-46a002de0b81",
|
||
|
"value": "https://www.virustotal.com/file/41f155f039448edb42c3a566e7b8e150829b97d83109c0c394d199cdcfd20f9b/analysis/1513817542/"
|
||
|
},
|
||
|
{
|
||
|
"category": "Other",
|
||
|
"comment": "PowerRatankba",
|
||
|
"deleted": false,
|
||
|
"disable_correlation": true,
|
||
|
"object_relation": "detection-ratio",
|
||
|
"timestamp": "1513852272",
|
||
|
"to_ids": false,
|
||
|
"type": "text",
|
||
|
"uuid": "5a3b8d70-8ce4-4780-a75e-487102de0b81",
|
||
|
"value": "0/59"
|
||
|
},
|
||
|
{
|
||
|
"category": "Other",
|
||
|
"comment": "PowerRatankba",
|
||
|
"deleted": false,
|
||
|
"disable_correlation": false,
|
||
|
"object_relation": "last-submission",
|
||
|
"timestamp": "1513852272",
|
||
|
"to_ids": false,
|
||
|
"type": "datetime",
|
||
|
"uuid": "5a3b8d70-ec8c-4775-8013-4ea402de0b81",
|
||
|
"value": "2017-12-21T00:52:22"
|
||
|
}
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"comment": "",
|
||
|
"deleted": false,
|
||
|
"description": "File object describing a file with meta-information",
|
||
|
"meta-category": "file",
|
||
|
"name": "file",
|
||
|
"template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215",
|
||
|
"template_version": "7",
|
||
|
"timestamp": "1513852275",
|
||
|
"uuid": "7d9cca50-8758-408a-8b14-ed4a9a4d430c",
|
||
|
"ObjectReference": [
|
||
|
{
|
||
|
"comment": "",
|
||
|
"object_uuid": "7d9cca50-8758-408a-8b14-ed4a9a4d430c",
|
||
|
"referenced_uuid": "ab3d3480-cd31-477a-b4ea-86c6b2c6b49e",
|
||
|
"relationship_type": "analysed-with",
|
||
|
"timestamp": "1514468224",
|
||
|
"uuid": "5a3b8d73-97b0-4b3f-b1f1-4c7102de0b81"
|
||
|
}
|
||
|
],
|
||
|
"Attribute": [
|
||
|
{
|
||
|
"category": "Payload delivery",
|
||
|
"comment": "PyInstaller",
|
||
|
"deleted": false,
|
||
|
"disable_correlation": false,
|
||
|
"object_relation": "sha1",
|
||
|
"timestamp": "1513852272",
|
||
|
"to_ids": true,
|
||
|
"type": "sha1",
|
||
|
"uuid": "5a3b8d70-4ca0-490a-be44-475302de0b81",
|
||
|
"value": "537cf4311fb66b3740c0a1dc9ba073132d9e0d04"
|
||
|
},
|
||
|
{
|
||
|
"category": "Payload delivery",
|
||
|
"comment": "PyInstaller",
|
||
|
"deleted": false,
|
||
|
"disable_correlation": false,
|
||
|
"object_relation": "md5",
|
||
|
"timestamp": "1513852272",
|
||
|
"to_ids": true,
|
||
|
"type": "md5",
|
||
|
"uuid": "5a3b8d70-697c-4b7e-9451-4a2102de0b81",
|
||
|
"value": "f3dd79ffb45d226dd029da7c61192e26"
|
||
|
},
|
||
|
{
|
||
|
"category": "Payload delivery",
|
||
|
"comment": "PyInstaller",
|
||
|
"deleted": false,
|
||
|
"disable_correlation": false,
|
||
|
"object_relation": "sha256",
|
||
|
"timestamp": "1513852272",
|
||
|
"to_ids": true,
|
||
|
"type": "sha256",
|
||
|
"uuid": "5a3b8d70-76dc-4c67-bb67-4b2c02de0b81",
|
||
|
"value": "b530de08530d1ba19a94bc075e74e2236c106466dedc92be3abdee9908e8cf7e"
|
||
|
}
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"comment": "",
|
||
|
"deleted": false,
|
||
|
"description": "VirusTotal report",
|
||
|
"meta-category": "misc",
|
||
|
"name": "virustotal-report",
|
||
|
"template_uuid": "d7dd0154-e04f-4c34-a2fb-79f3a3a52aa4",
|
||
|
"template_version": "1",
|
||
|
"timestamp": "1513852272",
|
||
|
"uuid": "ab3d3480-cd31-477a-b4ea-86c6b2c6b49e",
|
||
|
"Attribute": [
|
||
|
{
|
||
|
"category": "External analysis",
|
||
|
"comment": "PyInstaller",
|
||
|
"deleted": false,
|
||
|
"disable_correlation": false,
|
||
|
"object_relation": "permalink",
|
||
|
"timestamp": "1513852272",
|
||
|
"to_ids": false,
|
||
|
"type": "link",
|
||
|
"uuid": "5a3b8d70-ce14-4855-b70d-4cf502de0b81",
|
||
|
"value": "https://www.virustotal.com/file/b530de08530d1ba19a94bc075e74e2236c106466dedc92be3abdee9908e8cf7e/analysis/1513817428/"
|
||
|
},
|
||
|
{
|
||
|
"category": "Other",
|
||
|
"comment": "PyInstaller",
|
||
|
"deleted": false,
|
||
|
"disable_correlation": true,
|
||
|
"object_relation": "detection-ratio",
|
||
|
"timestamp": "1513852272",
|
||
|
"to_ids": false,
|
||
|
"type": "text",
|
||
|
"uuid": "5a3b8d70-fb58-45a6-9234-456702de0b81",
|
||
|
"value": "9/66"
|
||
|
},
|
||
|
{
|
||
|
"category": "Other",
|
||
|
"comment": "PyInstaller",
|
||
|
"deleted": false,
|
||
|
"disable_correlation": false,
|
||
|
"object_relation": "last-submission",
|
||
|
"timestamp": "1513852272",
|
||
|
"to_ids": false,
|
||
|
"type": "datetime",
|
||
|
"uuid": "5a3b8d70-1858-4553-a6f7-468802de0b81",
|
||
|
"value": "2017-12-21T00:50:28"
|
||
|
}
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"comment": "",
|
||
|
"deleted": false,
|
||
|
"description": "File object describing a file with meta-information",
|
||
|
"meta-category": "file",
|
||
|
"name": "file",
|
||
|
"template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215",
|
||
|
"template_version": "7",
|
||
|
"timestamp": "1513852275",
|
||
|
"uuid": "6eb3baa6-0a6b-49d7-bedd-38b80630776a",
|
||
|
"ObjectReference": [
|
||
|
{
|
||
|
"comment": "",
|
||
|
"object_uuid": "6eb3baa6-0a6b-49d7-bedd-38b80630776a",
|
||
|
"referenced_uuid": "95dea47f-9eef-42d6-96c9-ac3d27d67d27",
|
||
|
"relationship_type": "analysed-with",
|
||
|
"timestamp": "1514468224",
|
||
|
"uuid": "5a3b8d73-15b8-4148-acbb-4be802de0b81"
|
||
|
}
|
||
|
],
|
||
|
"Attribute": [
|
||
|
{
|
||
|
"category": "Payload delivery",
|
||
|
"comment": "Microsoft Compiled HTML Help (CHM)",
|
||
|
"deleted": false,
|
||
|
"disable_correlation": false,
|
||
|
"object_relation": "sha1",
|
||
|
"timestamp": "1513852272",
|
||
|
"to_ids": true,
|
||
|
"type": "sha1",
|
||
|
"uuid": "5a3b8d70-e85c-45a8-a7ae-493402de0b81",
|
||
|
"value": "e57713866a28487098d6b735a55468a1570d00a1"
|
||
|
},
|
||
|
{
|
||
|
"category": "Payload delivery",
|
||
|
"comment": "Microsoft Compiled HTML Help (CHM)",
|
||
|
"deleted": false,
|
||
|
"disable_correlation": false,
|
||
|
"object_relation": "md5",
|
||
|
"timestamp": "1513852272",
|
||
|
"to_ids": true,
|
||
|
"type": "md5",
|
||
|
"uuid": "5a3b8d70-9db0-4894-aaea-46a802de0b81",
|
||
|
"value": "985d627f638bbd89ba48676625ec9073"
|
||
|
},
|
||
|
{
|
||
|
"category": "Payload delivery",
|
||
|
"comment": "Microsoft Compiled HTML Help (CHM)",
|
||
|
"deleted": false,
|
||
|
"disable_correlation": false,
|
||
|
"object_relation": "sha256",
|
||
|
"timestamp": "1513852272",
|
||
|
"to_ids": true,
|
||
|
"type": "sha256",
|
||
|
"uuid": "5a3b8d70-3e7c-4521-96e1-408902de0b81",
|
||
|
"value": "4eb2dd5e90bda6da5efbd213c8472775bdd16e67bcf559f58802a8c371848212"
|
||
|
}
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"comment": "",
|
||
|
"deleted": false,
|
||
|
"description": "VirusTotal report",
|
||
|
"meta-category": "misc",
|
||
|
"name": "virustotal-report",
|
||
|
"template_uuid": "d7dd0154-e04f-4c34-a2fb-79f3a3a52aa4",
|
||
|
"template_version": "1",
|
||
|
"timestamp": "1513852272",
|
||
|
"uuid": "95dea47f-9eef-42d6-96c9-ac3d27d67d27",
|
||
|
"Attribute": [
|
||
|
{
|
||
|
"category": "External analysis",
|
||
|
"comment": "Microsoft Compiled HTML Help (CHM)",
|
||
|
"deleted": false,
|
||
|
"disable_correlation": false,
|
||
|
"object_relation": "permalink",
|
||
|
"timestamp": "1513852272",
|
||
|
"to_ids": false,
|
||
|
"type": "link",
|
||
|
"uuid": "5a3b8d70-e83c-4834-9b37-4cf302de0b81",
|
||
|
"value": "https://www.virustotal.com/file/4eb2dd5e90bda6da5efbd213c8472775bdd16e67bcf559f58802a8c371848212/analysis/1513838441/"
|
||
|
},
|
||
|
{
|
||
|
"category": "Other",
|
||
|
"comment": "Microsoft Compiled HTML Help (CHM)",
|
||
|
"deleted": false,
|
||
|
"disable_correlation": true,
|
||
|
"object_relation": "detection-ratio",
|
||
|
"timestamp": "1513852272",
|
||
|
"to_ids": false,
|
||
|
"type": "text",
|
||
|
"uuid": "5a3b8d70-ce40-435e-a877-433e02de0b81",
|
||
|
"value": "2/59"
|
||
|
},
|
||
|
{
|
||
|
"category": "Other",
|
||
|
"comment": "Microsoft Compiled HTML Help (CHM)",
|
||
|
"deleted": false,
|
||
|
"disable_correlation": false,
|
||
|
"object_relation": "last-submission",
|
||
|
"timestamp": "1513852272",
|
||
|
"to_ids": false,
|
||
|
"type": "datetime",
|
||
|
"uuid": "5a3b8d70-ebf0-4628-a2e6-4cef02de0b81",
|
||
|
"value": "2017-12-21T06:40:41"
|
||
|
}
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"comment": "",
|
||
|
"deleted": false,
|
||
|
"description": "File object describing a file with meta-information",
|
||
|
"meta-category": "file",
|
||
|
"name": "file",
|
||
|
"template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215",
|
||
|
"template_version": "7",
|
||
|
"timestamp": "1513852275",
|
||
|
"uuid": "4923113d-bb45-4277-8e0f-4bcfd995292d",
|
||
|
"ObjectReference": [
|
||
|
{
|
||
|
"comment": "",
|
||
|
"object_uuid": "4923113d-bb45-4277-8e0f-4bcfd995292d",
|
||
|
"referenced_uuid": "b9d97deb-ca5d-4825-b6ff-084898e27f88",
|
||
|
"relationship_type": "analysed-with",
|
||
|
"timestamp": "1514468224",
|
||
|
"uuid": "5a3b8d73-d308-455c-921e-4eba02de0b81"
|
||
|
}
|
||
|
],
|
||
|
"Attribute": [
|
||
|
{
|
||
|
"category": "Payload delivery",
|
||
|
"comment": "PowerSpritz",
|
||
|
"deleted": false,
|
||
|
"disable_correlation": false,
|
||
|
"object_relation": "sha1",
|
||
|
"timestamp": "1513852272",
|
||
|
"to_ids": true,
|
||
|
"type": "sha1",
|
||
|
"uuid": "5a3b8d70-40b4-49ed-a54a-4aa702de0b81",
|
||
|
"value": "0d64b1157efb689f75a0c92d475e960ecd139304"
|
||
|
},
|
||
|
{
|
||
|
"category": "Payload delivery",
|
||
|
"comment": "PowerSpritz",
|
||
|
"deleted": false,
|
||
|
"disable_correlation": false,
|
||
|
"object_relation": "md5",
|
||
|
"timestamp": "1513852272",
|
||
|
"to_ids": true,
|
||
|
"type": "md5",
|
||
|
"uuid": "5a3b8d70-dd70-4ad0-be00-47c302de0b81",
|
||
|
"value": "ad99fd5711dbec2520f62385a595ee3b"
|
||
|
},
|
||
|
{
|
||
|
"category": "Payload delivery",
|
||
|
"comment": "PowerSpritz",
|
||
|
"deleted": false,
|
||
|
"disable_correlation": false,
|
||
|
"object_relation": "sha256",
|
||
|
"timestamp": "1513852272",
|
||
|
"to_ids": true,
|
||
|
"type": "sha256",
|
||
|
"uuid": "5a3b8d70-482c-42f5-be9f-4d8302de0b81",
|
||
|
"value": "cbebafb2f4d77967ffb1a74aac09633b5af616046f31dddf899019ba78a55411"
|
||
|
}
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"comment": "",
|
||
|
"deleted": false,
|
||
|
"description": "VirusTotal report",
|
||
|
"meta-category": "misc",
|
||
|
"name": "virustotal-report",
|
||
|
"template_uuid": "d7dd0154-e04f-4c34-a2fb-79f3a3a52aa4",
|
||
|
"template_version": "1",
|
||
|
"timestamp": "1513852272",
|
||
|
"uuid": "b9d97deb-ca5d-4825-b6ff-084898e27f88",
|
||
|
"Attribute": [
|
||
|
{
|
||
|
"category": "External analysis",
|
||
|
"comment": "PowerSpritz",
|
||
|
"deleted": false,
|
||
|
"disable_correlation": false,
|
||
|
"object_relation": "permalink",
|
||
|
"timestamp": "1513852272",
|
||
|
"to_ids": false,
|
||
|
"type": "link",
|
||
|
"uuid": "5a3b8d70-a6a0-4633-a1cd-46cf02de0b81",
|
||
|
"value": "https://www.virustotal.com/file/cbebafb2f4d77967ffb1a74aac09633b5af616046f31dddf899019ba78a55411/analysis/1513838218/"
|
||
|
},
|
||
|
{
|
||
|
"category": "Other",
|
||
|
"comment": "PowerSpritz",
|
||
|
"deleted": false,
|
||
|
"disable_correlation": true,
|
||
|
"object_relation": "detection-ratio",
|
||
|
"timestamp": "1513852272",
|
||
|
"to_ids": false,
|
||
|
"type": "text",
|
||
|
"uuid": "5a3b8d70-7d90-40d0-8f35-4c0902de0b81",
|
||
|
"value": "11/67"
|
||
|
},
|
||
|
{
|
||
|
"category": "Other",
|
||
|
"comment": "PowerSpritz",
|
||
|
"deleted": false,
|
||
|
"disable_correlation": false,
|
||
|
"object_relation": "last-submission",
|
||
|
"timestamp": "1513852272",
|
||
|
"to_ids": false,
|
||
|
"type": "datetime",
|
||
|
"uuid": "5a3b8d70-b308-4584-8dee-436302de0b81",
|
||
|
"value": "2017-12-21T06:36:58"
|
||
|
}
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"comment": "",
|
||
|
"deleted": false,
|
||
|
"description": "File object describing a file with meta-information",
|
||
|
"meta-category": "file",
|
||
|
"name": "file",
|
||
|
"template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215",
|
||
|
"template_version": "7",
|
||
|
"timestamp": "1513852275",
|
||
|
"uuid": "499ec873-7210-418a-ac7a-9c473e7cee8f",
|
||
|
"ObjectReference": [
|
||
|
{
|
||
|
"comment": "",
|
||
|
"object_uuid": "499ec873-7210-418a-ac7a-9c473e7cee8f",
|
||
|
"referenced_uuid": "dbff892b-e51d-4ce6-ba0b-e0bbdc82c787",
|
||
|
"relationship_type": "analysed-with",
|
||
|
"timestamp": "1514468224",
|
||
|
"uuid": "5a3b8d73-5664-4b03-9c15-42f102de0b81"
|
||
|
}
|
||
|
],
|
||
|
"Attribute": [
|
||
|
{
|
||
|
"category": "Payload delivery",
|
||
|
"comment": "PowerRatankba",
|
||
|
"deleted": false,
|
||
|
"disable_correlation": false,
|
||
|
"object_relation": "sha1",
|
||
|
"timestamp": "1513852272",
|
||
|
"to_ids": true,
|
||
|
"type": "sha1",
|
||
|
"uuid": "5a3b8d70-7fec-4da9-99f6-4cb402de0b81",
|
||
|
"value": "234600a43a957672b8145ea6566f9613a1906899"
|
||
|
},
|
||
|
{
|
||
|
"category": "Payload delivery",
|
||
|
"comment": "PowerRatankba",
|
||
|
"deleted": false,
|
||
|
"disable_correlation": false,
|
||
|
"object_relation": "md5",
|
||
|
"timestamp": "1513852272",
|
||
|
"to_ids": true,
|
||
|
"type": "md5",
|
||
|
"uuid": "5a3b8d70-3418-419d-98e9-463902de0b81",
|
||
|
"value": "ec264b9c938355f1a7d1dc97c73fa9a6"
|
||
|
},
|
||
|
{
|
||
|
"category": "Payload delivery",
|
||
|
"comment": "PowerRatankba",
|
||
|
"deleted": false,
|
||
|
"disable_correlation": false,
|
||
|
"object_relation": "sha256",
|
||
|
"timestamp": "1513852272",
|
||
|
"to_ids": true,
|
||
|
"type": "sha256",
|
||
|
"uuid": "5a3b8d70-c260-470b-8391-45cf02de0b81",
|
||
|
"value": "1768f2e9cea5f8c97007c6f822531c1c9043c151187c54ebfb289980ff63d666"
|
||
|
}
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"comment": "",
|
||
|
"deleted": false,
|
||
|
"description": "VirusTotal report",
|
||
|
"meta-category": "misc",
|
||
|
"name": "virustotal-report",
|
||
|
"template_uuid": "d7dd0154-e04f-4c34-a2fb-79f3a3a52aa4",
|
||
|
"template_version": "1",
|
||
|
"timestamp": "1513852272",
|
||
|
"uuid": "dbff892b-e51d-4ce6-ba0b-e0bbdc82c787",
|
||
|
"Attribute": [
|
||
|
{
|
||
|
"category": "External analysis",
|
||
|
"comment": "PowerRatankba",
|
||
|
"deleted": false,
|
||
|
"disable_correlation": false,
|
||
|
"object_relation": "permalink",
|
||
|
"timestamp": "1513852272",
|
||
|
"to_ids": false,
|
||
|
"type": "link",
|
||
|
"uuid": "5a3b8d70-2010-4867-bece-42a102de0b81",
|
||
|
"value": "https://www.virustotal.com/file/1768f2e9cea5f8c97007c6f822531c1c9043c151187c54ebfb289980ff63d666/analysis/1513799418/"
|
||
|
},
|
||
|
{
|
||
|
"category": "Other",
|
||
|
"comment": "PowerRatankba",
|
||
|
"deleted": false,
|
||
|
"disable_correlation": true,
|
||
|
"object_relation": "detection-ratio",
|
||
|
"timestamp": "1513852272",
|
||
|
"to_ids": false,
|
||
|
"type": "text",
|
||
|
"uuid": "5a3b8d70-8248-4966-9e4c-462302de0b81",
|
||
|
"value": "1/60"
|
||
|
},
|
||
|
{
|
||
|
"category": "Other",
|
||
|
"comment": "PowerRatankba",
|
||
|
"deleted": false,
|
||
|
"disable_correlation": false,
|
||
|
"object_relation": "last-submission",
|
||
|
"timestamp": "1513852272",
|
||
|
"to_ids": false,
|
||
|
"type": "datetime",
|
||
|
"uuid": "5a3b8d70-f2e0-425c-8ee3-477402de0b81",
|
||
|
"value": "2017-12-20T19:50:18"
|
||
|
}
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"comment": "",
|
||
|
"deleted": false,
|
||
|
"description": "File object describing a file with meta-information",
|
||
|
"meta-category": "file",
|
||
|
"name": "file",
|
||
|
"template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215",
|
||
|
"template_version": "7",
|
||
|
"timestamp": "1513852275",
|
||
|
"uuid": "1a66fd87-8b0c-4eae-b17e-c03d830646ea",
|
||
|
"ObjectReference": [
|
||
|
{
|
||
|
"comment": "",
|
||
|
"object_uuid": "1a66fd87-8b0c-4eae-b17e-c03d830646ea",
|
||
|
"referenced_uuid": "3fc5fed1-7742-4f62-86d7-18a0b15c6b67",
|
||
|
"relationship_type": "analysed-with",
|
||
|
"timestamp": "1514468224",
|
||
|
"uuid": "5a3b8d73-99d4-48ff-949e-44d702de0b81"
|
||
|
}
|
||
|
],
|
||
|
"Attribute": [
|
||
|
{
|
||
|
"category": "Payload delivery",
|
||
|
"comment": "Microsoft Compiled HTML Help (CHM)",
|
||
|
"deleted": false,
|
||
|
"disable_correlation": false,
|
||
|
"object_relation": "sha1",
|
||
|
"timestamp": "1513852272",
|
||
|
"to_ids": true,
|
||
|
"type": "sha1",
|
||
|
"uuid": "5a3b8d70-1fa4-4bdc-861b-41ef02de0b81",
|
||
|
"value": "6ab10bd838f9b060f2380caafdea5ff09080f536"
|
||
|
},
|
||
|
{
|
||
|
"category": "Payload delivery",
|
||
|
"comment": "Microsoft Compiled HTML Help (CHM)",
|
||
|
"deleted": false,
|
||
|
"disable_correlation": false,
|
||
|
"object_relation": "md5",
|
||
|
"timestamp": "1513852272",
|
||
|
"to_ids": true,
|
||
|
"type": "md5",
|
||
|
"uuid": "5a3b8d70-c06c-4e4f-a086-4bd102de0b81",
|
||
|
"value": "43f7512685e72de1e8c0201ee4e189a7"
|
||
|
},
|
||
|
{
|
||
|
"category": "Payload delivery",
|
||
|
"comment": "Microsoft Compiled HTML Help (CHM)",
|
||
|
"deleted": false,
|
||
|
"disable_correlation": false,
|
||
|
"object_relation": "sha256",
|
||
|
"timestamp": "1513852272",
|
||
|
"to_ids": true,
|
||
|
"type": "sha256",
|
||
|
"uuid": "5a3b8d70-7a74-4aa4-ae9f-40de02de0b81",
|
||
|
"value": "81617bd4fa5d6c1a703c40157fbe16c55c11260723b7f63de022fd5dd241bdbf"
|
||
|
}
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"comment": "",
|
||
|
"deleted": false,
|
||
|
"description": "VirusTotal report",
|
||
|
"meta-category": "misc",
|
||
|
"name": "virustotal-report",
|
||
|
"template_uuid": "d7dd0154-e04f-4c34-a2fb-79f3a3a52aa4",
|
||
|
"template_version": "1",
|
||
|
"timestamp": "1513852272",
|
||
|
"uuid": "3fc5fed1-7742-4f62-86d7-18a0b15c6b67",
|
||
|
"Attribute": [
|
||
|
{
|
||
|
"category": "External analysis",
|
||
|
"comment": "Microsoft Compiled HTML Help (CHM)",
|
||
|
"deleted": false,
|
||
|
"disable_correlation": false,
|
||
|
"object_relation": "permalink",
|
||
|
"timestamp": "1513852273",
|
||
|
"to_ids": false,
|
||
|
"type": "link",
|
||
|
"uuid": "5a3b8d71-e804-44c4-b574-417302de0b81",
|
||
|
"value": "https://www.virustotal.com/file/81617bd4fa5d6c1a703c40157fbe16c55c11260723b7f63de022fd5dd241bdbf/analysis/1513838347/"
|
||
|
},
|
||
|
{
|
||
|
"category": "Other",
|
||
|
"comment": "Microsoft Compiled HTML Help (CHM)",
|
||
|
"deleted": false,
|
||
|
"disable_correlation": true,
|
||
|
"object_relation": "detection-ratio",
|
||
|
"timestamp": "1513852273",
|
||
|
"to_ids": false,
|
||
|
"type": "text",
|
||
|
"uuid": "5a3b8d71-dd6c-416c-aef4-43ee02de0b81",
|
||
|
"value": "2/60"
|
||
|
},
|
||
|
{
|
||
|
"category": "Other",
|
||
|
"comment": "Microsoft Compiled HTML Help (CHM)",
|
||
|
"deleted": false,
|
||
|
"disable_correlation": false,
|
||
|
"object_relation": "last-submission",
|
||
|
"timestamp": "1513852273",
|
||
|
"to_ids": false,
|
||
|
"type": "datetime",
|
||
|
"uuid": "5a3b8d71-d52c-4c0c-b61c-46e202de0b81",
|
||
|
"value": "2017-12-21T06:39:07"
|
||
|
}
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"comment": "",
|
||
|
"deleted": false,
|
||
|
"description": "File object describing a file with meta-information",
|
||
|
"meta-category": "file",
|
||
|
"name": "file",
|
||
|
"template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215",
|
||
|
"template_version": "7",
|
||
|
"timestamp": "1513852276",
|
||
|
"uuid": "12376fcf-03df-4dd3-b86d-f205b2cd0333",
|
||
|
"ObjectReference": [
|
||
|
{
|
||
|
"comment": "",
|
||
|
"object_uuid": "12376fcf-03df-4dd3-b86d-f205b2cd0333",
|
||
|
"referenced_uuid": "c798e259-325d-43d9-b3c5-080f027612e0",
|
||
|
"relationship_type": "analysed-with",
|
||
|
"timestamp": "1514468224",
|
||
|
"uuid": "5a3b8d73-7e98-492f-b8d1-4b3602de0b81"
|
||
|
}
|
||
|
],
|
||
|
"Attribute": [
|
||
|
{
|
||
|
"category": "Payload delivery",
|
||
|
"comment": "PowerSpritz",
|
||
|
"deleted": false,
|
||
|
"disable_correlation": false,
|
||
|
"object_relation": "sha1",
|
||
|
"timestamp": "1513852273",
|
||
|
"to_ids": true,
|
||
|
"type": "sha1",
|
||
|
"uuid": "5a3b8d71-8088-4998-93b6-4ae202de0b81",
|
||
|
"value": "4a084d8245706683d4e4cd5797a2a9f35fa89749"
|
||
|
},
|
||
|
{
|
||
|
"category": "Payload delivery",
|
||
|
"comment": "PowerSpritz",
|
||
|
"deleted": false,
|
||
|
"disable_correlation": false,
|
||
|
"object_relation": "md5",
|
||
|
"timestamp": "1513852273",
|
||
|
"to_ids": true,
|
||
|
"type": "md5",
|
||
|
"uuid": "5a3b8d71-637c-4443-8c46-4b3602de0b81",
|
||
|
"value": "0518ca7a8bd6d93bbafc6022669d5459"
|
||
|
},
|
||
|
{
|
||
|
"category": "Payload delivery",
|
||
|
"comment": "PowerSpritz",
|
||
|
"deleted": false,
|
||
|
"disable_correlation": false,
|
||
|
"object_relation": "sha256",
|
||
|
"timestamp": "1513852273",
|
||
|
"to_ids": true,
|
||
|
"type": "sha256",
|
||
|
"uuid": "5a3b8d71-b664-4dbd-b2dd-487002de0b81",
|
||
|
"value": "9ca3e56dcb2d1b92e88a0d09d8cab2207ee6d1f55bada744ef81e8b8cf155453"
|
||
|
}
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"comment": "",
|
||
|
"deleted": false,
|
||
|
"description": "VirusTotal report",
|
||
|
"meta-category": "misc",
|
||
|
"name": "virustotal-report",
|
||
|
"template_uuid": "d7dd0154-e04f-4c34-a2fb-79f3a3a52aa4",
|
||
|
"template_version": "1",
|
||
|
"timestamp": "1513852273",
|
||
|
"uuid": "c798e259-325d-43d9-b3c5-080f027612e0",
|
||
|
"Attribute": [
|
||
|
{
|
||
|
"category": "External analysis",
|
||
|
"comment": "PowerSpritz",
|
||
|
"deleted": false,
|
||
|
"disable_correlation": false,
|
||
|
"object_relation": "permalink",
|
||
|
"timestamp": "1513852273",
|
||
|
"to_ids": false,
|
||
|
"type": "link",
|
||
|
"uuid": "5a3b8d71-f348-471f-8ceb-4c0602de0b81",
|
||
|
"value": "https://www.virustotal.com/file/9ca3e56dcb2d1b92e88a0d09d8cab2207ee6d1f55bada744ef81e8b8cf155453/analysis/1513838282/"
|
||
|
},
|
||
|
{
|
||
|
"category": "Other",
|
||
|
"comment": "PowerSpritz",
|
||
|
"deleted": false,
|
||
|
"disable_correlation": true,
|
||
|
"object_relation": "detection-ratio",
|
||
|
"timestamp": "1513852273",
|
||
|
"to_ids": false,
|
||
|
"type": "text",
|
||
|
"uuid": "5a3b8d71-3090-496d-bf48-452402de0b81",
|
||
|
"value": "12/67"
|
||
|
},
|
||
|
{
|
||
|
"category": "Other",
|
||
|
"comment": "PowerSpritz",
|
||
|
"deleted": false,
|
||
|
"disable_correlation": false,
|
||
|
"object_relation": "last-submission",
|
||
|
"timestamp": "1513852273",
|
||
|
"to_ids": false,
|
||
|
"type": "datetime",
|
||
|
"uuid": "5a3b8d71-9ccc-4e71-8385-47d602de0b81",
|
||
|
"value": "2017-12-21T06:38:02"
|
||
|
}
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"comment": "",
|
||
|
"deleted": false,
|
||
|
"description": "File object describing a file with meta-information",
|
||
|
"meta-category": "file",
|
||
|
"name": "file",
|
||
|
"template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215",
|
||
|
"template_version": "7",
|
||
|
"timestamp": "1513852276",
|
||
|
"uuid": "05d3637e-62f6-4c54-b66a-3eac1319941a",
|
||
|
"ObjectReference": [
|
||
|
{
|
||
|
"comment": "",
|
||
|
"object_uuid": "05d3637e-62f6-4c54-b66a-3eac1319941a",
|
||
|
"referenced_uuid": "4df96f45-1a2b-4ce4-99c7-4e004dd6e8a8",
|
||
|
"relationship_type": "analysed-with",
|
||
|
"timestamp": "1514468224",
|
||
|
"uuid": "5a3b8d73-e1ac-432d-bc9e-48d102de0b81"
|
||
|
}
|
||
|
],
|
||
|
"Attribute": [
|
||
|
{
|
||
|
"category": "Payload delivery",
|
||
|
"comment": "JavaScript",
|
||
|
"deleted": false,
|
||
|
"disable_correlation": false,
|
||
|
"object_relation": "sha1",
|
||
|
"timestamp": "1513852273",
|
||
|
"to_ids": true,
|
||
|
"type": "sha1",
|
||
|
"uuid": "5a3b8d71-9558-42ba-80af-454802de0b81",
|
||
|
"value": "50420970d17af649affaee6be801968aa4c01e46"
|
||
|
},
|
||
|
{
|
||
|
"category": "Payload delivery",
|
||
|
"comment": "JavaScript",
|
||
|
"deleted": false,
|
||
|
"disable_correlation": false,
|
||
|
"object_relation": "md5",
|
||
|
"timestamp": "1513852273",
|
||
|
"to_ids": true,
|
||
|
"type": "md5",
|
||
|
"uuid": "5a3b8d71-c490-4c18-9ce6-42b702de0b81",
|
||
|
"value": "23cbc415d94b1841a8a737295dc651ce"
|
||
|
},
|
||
|
{
|
||
|
"category": "Payload delivery",
|
||
|
"comment": "JavaScript",
|
||
|
"deleted": false,
|
||
|
"disable_correlation": false,
|
||
|
"object_relation": "sha256",
|
||
|
"timestamp": "1513852273",
|
||
|
"to_ids": true,
|
||
|
"type": "sha256",
|
||
|
"uuid": "5a3b8d71-a2b4-412f-85eb-43c002de0b81",
|
||
|
"value": "8ff100ca86cb62117f1290e71d5f9c0519661d6c955d9fcfb71f0bbdf75b51b3"
|
||
|
}
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"comment": "",
|
||
|
"deleted": false,
|
||
|
"description": "VirusTotal report",
|
||
|
"meta-category": "misc",
|
||
|
"name": "virustotal-report",
|
||
|
"template_uuid": "d7dd0154-e04f-4c34-a2fb-79f3a3a52aa4",
|
||
|
"template_version": "1",
|
||
|
"timestamp": "1513852273",
|
||
|
"uuid": "4df96f45-1a2b-4ce4-99c7-4e004dd6e8a8",
|
||
|
"Attribute": [
|
||
|
{
|
||
|
"category": "External analysis",
|
||
|
"comment": "JavaScript",
|
||
|
"deleted": false,
|
||
|
"disable_correlation": false,
|
||
|
"object_relation": "permalink",
|
||
|
"timestamp": "1513852273",
|
||
|
"to_ids": false,
|
||
|
"type": "link",
|
||
|
"uuid": "5a3b8d71-7164-42ea-a052-437502de0b81",
|
||
|
"value": "https://www.virustotal.com/file/8ff100ca86cb62117f1290e71d5f9c0519661d6c955d9fcfb71f0bbdf75b51b3/analysis/1513776239/"
|
||
|
},
|
||
|
{
|
||
|
"category": "Other",
|
||
|
"comment": "JavaScript",
|
||
|
"deleted": false,
|
||
|
"disable_correlation": true,
|
||
|
"object_relation": "detection-ratio",
|
||
|
"timestamp": "1513852273",
|
||
|
"to_ids": false,
|
||
|
"type": "text",
|
||
|
"uuid": "5a3b8d71-d878-4b50-92d5-426202de0b81",
|
||
|
"value": "12/59"
|
||
|
},
|
||
|
{
|
||
|
"category": "Other",
|
||
|
"comment": "JavaScript",
|
||
|
"deleted": false,
|
||
|
"disable_correlation": false,
|
||
|
"object_relation": "last-submission",
|
||
|
"timestamp": "1513852273",
|
||
|
"to_ids": false,
|
||
|
"type": "datetime",
|
||
|
"uuid": "5a3b8d71-1c64-41fb-8817-43d702de0b81",
|
||
|
"value": "2017-12-20T13:23:59"
|
||
|
}
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"comment": "",
|
||
|
"deleted": false,
|
||
|
"description": "File object describing a file with meta-information",
|
||
|
"meta-category": "file",
|
||
|
"name": "file",
|
||
|
"template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215",
|
||
|
"template_version": "7",
|
||
|
"timestamp": "1513852276",
|
||
|
"uuid": "5ea86c44-3d9c-471f-a447-cc02b208592c",
|
||
|
"ObjectReference": [
|
||
|
{
|
||
|
"comment": "",
|
||
|
"object_uuid": "5ea86c44-3d9c-471f-a447-cc02b208592c",
|
||
|
"referenced_uuid": "d098ecd3-4e1e-4602-92b9-45f53956eead",
|
||
|
"relationship_type": "analysed-with",
|
||
|
"timestamp": "1514468224",
|
||
|
"uuid": "5a3b8d73-83a4-4a41-ac49-4cf502de0b81"
|
||
|
}
|
||
|
],
|
||
|
"Attribute": [
|
||
|
{
|
||
|
"category": "Payload delivery",
|
||
|
"comment": "JavaScript",
|
||
|
"deleted": false,
|
||
|
"disable_correlation": false,
|
||
|
"object_relation": "sha1",
|
||
|
"timestamp": "1513852273",
|
||
|
"to_ids": true,
|
||
|
"type": "sha1",
|
||
|
"uuid": "5a3b8d71-5b54-4646-a2d8-4ed802de0b81",
|
||
|
"value": "a07dc261645c7b3ff5f37f5ae7ee0b629ab8f109"
|
||
|
},
|
||
|
{
|
||
|
"category": "Payload delivery",
|
||
|
"comment": "JavaScript",
|
||
|
"deleted": false,
|
||
|
"disable_correlation": false,
|
||
|
"object_relation": "md5",
|
||
|
"timestamp": "1513852273",
|
||
|
"to_ids": true,
|
||
|
"type": "md5",
|
||
|
"uuid": "5a3b8d71-d6b8-4e2e-af51-4bec02de0b81",
|
||
|
"value": "01118e4cd8adec69c84e0311ec677971"
|
||
|
},
|
||
|
{
|
||
|
"category": "Payload delivery",
|
||
|
"comment": "JavaScript",
|
||
|
"deleted": false,
|
||
|
"disable_correlation": false,
|
||
|
"object_relation": "sha256",
|
||
|
"timestamp": "1513852273",
|
||
|
"to_ids": true,
|
||
|
"type": "sha256",
|
||
|
"uuid": "5a3b8d71-ea90-49d2-82b0-4e4a02de0b81",
|
||
|
"value": "7975c09dd436fededd38acee9769ad367bfe07c769770bd152f33a10ed36529e"
|
||
|
}
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"comment": "",
|
||
|
"deleted": false,
|
||
|
"description": "VirusTotal report",
|
||
|
"meta-category": "misc",
|
||
|
"name": "virustotal-report",
|
||
|
"template_uuid": "d7dd0154-e04f-4c34-a2fb-79f3a3a52aa4",
|
||
|
"template_version": "1",
|
||
|
"timestamp": "1513852273",
|
||
|
"uuid": "d098ecd3-4e1e-4602-92b9-45f53956eead",
|
||
|
"Attribute": [
|
||
|
{
|
||
|
"category": "External analysis",
|
||
|
"comment": "JavaScript",
|
||
|
"deleted": false,
|
||
|
"disable_correlation": false,
|
||
|
"object_relation": "permalink",
|
||
|
"timestamp": "1513852273",
|
||
|
"to_ids": false,
|
||
|
"type": "link",
|
||
|
"uuid": "5a3b8d71-4590-4fa4-a7d2-489902de0b81",
|
||
|
"value": "https://www.virustotal.com/file/7975c09dd436fededd38acee9769ad367bfe07c769770bd152f33a10ed36529e/analysis/1513838753/"
|
||
|
},
|
||
|
{
|
||
|
"category": "Other",
|
||
|
"comment": "JavaScript",
|
||
|
"deleted": false,
|
||
|
"disable_correlation": true,
|
||
|
"object_relation": "detection-ratio",
|
||
|
"timestamp": "1513852273",
|
||
|
"to_ids": false,
|
||
|
"type": "text",
|
||
|
"uuid": "5a3b8d71-69b0-41dd-9a3a-4d9f02de0b81",
|
||
|
"value": "10/58"
|
||
|
},
|
||
|
{
|
||
|
"category": "Other",
|
||
|
"comment": "JavaScript",
|
||
|
"deleted": false,
|
||
|
"disable_correlation": false,
|
||
|
"object_relation": "last-submission",
|
||
|
"timestamp": "1513852273",
|
||
|
"to_ids": false,
|
||
|
"type": "datetime",
|
||
|
"uuid": "5a3b8d71-78fc-465c-9dba-473302de0b81",
|
||
|
"value": "2017-12-21T06:45:53"
|
||
|
}
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"comment": "",
|
||
|
"deleted": false,
|
||
|
"description": "File object describing a file with meta-information",
|
||
|
"meta-category": "file",
|
||
|
"name": "file",
|
||
|
"template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215",
|
||
|
"template_version": "7",
|
||
|
"timestamp": "1513852276",
|
||
|
"uuid": "95eca2e7-7290-4557-8b1c-72a9e7b68da4",
|
||
|
"ObjectReference": [
|
||
|
{
|
||
|
"comment": "",
|
||
|
"object_uuid": "95eca2e7-7290-4557-8b1c-72a9e7b68da4",
|
||
|
"referenced_uuid": "a4526f04-cb6e-4349-ab34-5587cf9dbf19",
|
||
|
"relationship_type": "analysed-with",
|
||
|
"timestamp": "1514468224",
|
||
|
"uuid": "5a3b8d73-be34-49a7-a331-447502de0b81"
|
||
|
}
|
||
|
],
|
||
|
"Attribute": [
|
||
|
{
|
||
|
"category": "Payload delivery",
|
||
|
"comment": "JavaScript",
|
||
|
"deleted": false,
|
||
|
"disable_correlation": false,
|
||
|
"object_relation": "sha1",
|
||
|
"timestamp": "1513852273",
|
||
|
"to_ids": true,
|
||
|
"type": "sha1",
|
||
|
"uuid": "5a3b8d71-1b78-4729-9bc6-41c102de0b81",
|
||
|
"value": "688183a9b36993c6dcc93d7be7a3e96a364447c9"
|
||
|
},
|
||
|
{
|
||
|
"category": "Payload delivery",
|
||
|
"comment": "JavaScript",
|
||
|
"deleted": false,
|
||
|
"disable_correlation": false,
|
||
|
"object_relation": "md5",
|
||
|
"timestamp": "1513852273",
|
||
|
"to_ids": true,
|
||
|
"type": "md5",
|
||
|
"uuid": "5a3b8d71-6cec-4cf9-9e05-4f4802de0b81",
|
||
|
"value": "9ed66ef9fba9984fe7788eb1ec09d4ba"
|
||
|
},
|
||
|
{
|
||
|
"category": "Payload delivery",
|
||
|
"comment": "JavaScript",
|
||
|
"deleted": false,
|
||
|
"disable_correlation": false,
|
||
|
"object_relation": "sha256",
|
||
|
"timestamp": "1513852273",
|
||
|
"to_ids": true,
|
||
|
"type": "sha256",
|
||
|
"uuid": "5a3b8d71-6380-453e-861c-453502de0b81",
|
||
|
"value": "100c6400331fa1919958bed122b88f1599a61b3bb113d98b218a535443ebc3a7"
|
||
|
}
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"comment": "",
|
||
|
"deleted": false,
|
||
|
"description": "VirusTotal report",
|
||
|
"meta-category": "misc",
|
||
|
"name": "virustotal-report",
|
||
|
"template_uuid": "d7dd0154-e04f-4c34-a2fb-79f3a3a52aa4",
|
||
|
"template_version": "1",
|
||
|
"timestamp": "1513852273",
|
||
|
"uuid": "a4526f04-cb6e-4349-ab34-5587cf9dbf19",
|
||
|
"Attribute": [
|
||
|
{
|
||
|
"category": "External analysis",
|
||
|
"comment": "JavaScript",
|
||
|
"deleted": false,
|
||
|
"disable_correlation": false,
|
||
|
"object_relation": "permalink",
|
||
|
"timestamp": "1513852273",
|
||
|
"to_ids": false,
|
||
|
"type": "link",
|
||
|
"uuid": "5a3b8d71-55e8-418d-8a37-446202de0b81",
|
||
|
"value": "https://www.virustotal.com/file/100c6400331fa1919958bed122b88f1599a61b3bb113d98b218a535443ebc3a7/analysis/1513838920/"
|
||
|
},
|
||
|
{
|
||
|
"category": "Other",
|
||
|
"comment": "JavaScript",
|
||
|
"deleted": false,
|
||
|
"disable_correlation": true,
|
||
|
"object_relation": "detection-ratio",
|
||
|
"timestamp": "1513852273",
|
||
|
"to_ids": false,
|
||
|
"type": "text",
|
||
|
"uuid": "5a3b8d71-81fc-48ff-b858-477402de0b81",
|
||
|
"value": "14/60"
|
||
|
},
|
||
|
{
|
||
|
"category": "Other",
|
||
|
"comment": "JavaScript",
|
||
|
"deleted": false,
|
||
|
"disable_correlation": false,
|
||
|
"object_relation": "last-submission",
|
||
|
"timestamp": "1513852273",
|
||
|
"to_ids": false,
|
||
|
"type": "datetime",
|
||
|
"uuid": "5a3b8d71-09bc-4555-ad45-441502de0b81",
|
||
|
"value": "2017-12-21T06:48:40"
|
||
|
}
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"comment": "",
|
||
|
"deleted": false,
|
||
|
"description": "File object describing a file with meta-information",
|
||
|
"meta-category": "file",
|
||
|
"name": "file",
|
||
|
"template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215",
|
||
|
"template_version": "7",
|
||
|
"timestamp": "1513852276",
|
||
|
"uuid": "b593d6b3-0289-4c29-8448-2bb4d2de9d5e",
|
||
|
"ObjectReference": [
|
||
|
{
|
||
|
"comment": "",
|
||
|
"object_uuid": "b593d6b3-0289-4c29-8448-2bb4d2de9d5e",
|
||
|
"referenced_uuid": "2c9f7b5e-b7c1-45ee-bb59-facc1784a78f",
|
||
|
"relationship_type": "analysed-with",
|
||
|
"timestamp": "1514468224",
|
||
|
"uuid": "5a3b8d73-8cbc-476e-b945-42d602de0b81"
|
||
|
}
|
||
|
],
|
||
|
"Attribute": [
|
||
|
{
|
||
|
"category": "Payload delivery",
|
||
|
"comment": "Microsoft Compiled HTML Help (CHM)",
|
||
|
"deleted": false,
|
||
|
"disable_correlation": false,
|
||
|
"object_relation": "sha1",
|
||
|
"timestamp": "1513852273",
|
||
|
"to_ids": true,
|
||
|
"type": "sha1",
|
||
|
"uuid": "5a3b8d71-eb5c-4a51-a15d-42e602de0b81",
|
||
|
"value": "fb17a710aa690d939d74a6687ae04787fb6324ca"
|
||
|
},
|
||
|
{
|
||
|
"category": "Payload delivery",
|
||
|
"comment": "Microsoft Compiled HTML Help (CHM)",
|
||
|
"deleted": false,
|
||
|
"disable_correlation": false,
|
||
|
"object_relation": "md5",
|
||
|
"timestamp": "1513852273",
|
||
|
"to_ids": true,
|
||
|
"type": "md5",
|
||
|
"uuid": "5a3b8d71-6210-4c65-a11c-4aa102de0b81",
|
||
|
"value": "878ececefc811b91361b69ff25290a6e"
|
||
|
},
|
||
|
{
|
||
|
"category": "Payload delivery",
|
||
|
"comment": "Microsoft Compiled HTML Help (CHM)",
|
||
|
"deleted": false,
|
||
|
"disable_correlation": false,
|
||
|
"object_relation": "sha256",
|
||
|
"timestamp": "1513852273",
|
||
|
"to_ids": true,
|
||
|
"type": "sha256",
|
||
|
"uuid": "5a3b8d72-4dd8-47fc-9d5c-452102de0b81",
|
||
|
"value": "772b9b873100375c9696d87724f8efa2c8c1484853d40b52c6dc6f7759f5db01"
|
||
|
}
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"comment": "",
|
||
|
"deleted": false,
|
||
|
"description": "VirusTotal report",
|
||
|
"meta-category": "misc",
|
||
|
"name": "virustotal-report",
|
||
|
"template_uuid": "d7dd0154-e04f-4c34-a2fb-79f3a3a52aa4",
|
||
|
"template_version": "1",
|
||
|
"timestamp": "1513852274",
|
||
|
"uuid": "2c9f7b5e-b7c1-45ee-bb59-facc1784a78f",
|
||
|
"Attribute": [
|
||
|
{
|
||
|
"category": "External analysis",
|
||
|
"comment": "Microsoft Compiled HTML Help (CHM)",
|
||
|
"deleted": false,
|
||
|
"disable_correlation": false,
|
||
|
"object_relation": "permalink",
|
||
|
"timestamp": "1513852274",
|
||
|
"to_ids": false,
|
||
|
"type": "link",
|
||
|
"uuid": "5a3b8d72-8988-43a0-b1c4-488302de0b81",
|
||
|
"value": "https://www.virustotal.com/file/772b9b873100375c9696d87724f8efa2c8c1484853d40b52c6dc6f7759f5db01/analysis/1513799414/"
|
||
|
},
|
||
|
{
|
||
|
"category": "Other",
|
||
|
"comment": "Microsoft Compiled HTML Help (CHM)",
|
||
|
"deleted": false,
|
||
|
"disable_correlation": true,
|
||
|
"object_relation": "detection-ratio",
|
||
|
"timestamp": "1513852274",
|
||
|
"to_ids": false,
|
||
|
"type": "text",
|
||
|
"uuid": "5a3b8d72-cea0-44c3-929e-461602de0b81",
|
||
|
"value": "1/60"
|
||
|
},
|
||
|
{
|
||
|
"category": "Other",
|
||
|
"comment": "Microsoft Compiled HTML Help (CHM)",
|
||
|
"deleted": false,
|
||
|
"disable_correlation": false,
|
||
|
"object_relation": "last-submission",
|
||
|
"timestamp": "1513852274",
|
||
|
"to_ids": false,
|
||
|
"type": "datetime",
|
||
|
"uuid": "5a3b8d72-a658-47d9-996e-443602de0b81",
|
||
|
"value": "2017-12-20T19:50:14"
|
||
|
}
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"comment": "",
|
||
|
"deleted": false,
|
||
|
"description": "File object describing a file with meta-information",
|
||
|
"meta-category": "file",
|
||
|
"name": "file",
|
||
|
"template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215",
|
||
|
"template_version": "7",
|
||
|
"timestamp": "1513852277",
|
||
|
"uuid": "5dc053d0-4cc0-4b36-b940-2552b8c9ec30",
|
||
|
"ObjectReference": [
|
||
|
{
|
||
|
"comment": "",
|
||
|
"object_uuid": "5dc053d0-4cc0-4b36-b940-2552b8c9ec30",
|
||
|
"referenced_uuid": "50c5355f-02d7-4b0b-8116-332325c74894",
|
||
|
"relationship_type": "analysed-with",
|
||
|
"timestamp": "1514468224",
|
||
|
"uuid": "5a3b8d74-adcc-418a-9992-41ba02de0b81"
|
||
|
}
|
||
|
],
|
||
|
"Attribute": [
|
||
|
{
|
||
|
"category": "Payload delivery",
|
||
|
"comment": "MS Office Docs",
|
||
|
"deleted": false,
|
||
|
"disable_correlation": false,
|
||
|
"object_relation": "sha1",
|
||
|
"timestamp": "1513852274",
|
||
|
"to_ids": true,
|
||
|
"type": "sha1",
|
||
|
"uuid": "5a3b8d72-1658-4801-92aa-4aa202de0b81",
|
||
|
"value": "ef263466563037c4f358e6467157194eb0752bdf"
|
||
|
},
|
||
|
{
|
||
|
"category": "Payload delivery",
|
||
|
"comment": "MS Office Docs",
|
||
|
"deleted": false,
|
||
|
"disable_correlation": false,
|
||
|
"object_relation": "md5",
|
||
|
"timestamp": "1513852274",
|
||
|
"to_ids": true,
|
||
|
"type": "md5",
|
||
|
"uuid": "5a3b8d72-6660-4479-8eff-4a5702de0b81",
|
||
|
"value": "157074713fc886e3632acc6f040982dd"
|
||
|
},
|
||
|
{
|
||
|
"category": "Payload delivery",
|
||
|
"comment": "MS Office Docs",
|
||
|
"deleted": false,
|
||
|
"disable_correlation": false,
|
||
|
"object_relation": "sha256",
|
||
|
"timestamp": "1513852274",
|
||
|
"to_ids": true,
|
||
|
"type": "sha256",
|
||
|
"uuid": "5a3b8d72-6bcc-4f0c-a841-401a02de0b81",
|
||
|
"value": "b9cf1cba0f626668793b9624e55c76e2dab56893b21239523f2a2a0281844c6d"
|
||
|
}
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"comment": "",
|
||
|
"deleted": false,
|
||
|
"description": "VirusTotal report",
|
||
|
"meta-category": "misc",
|
||
|
"name": "virustotal-report",
|
||
|
"template_uuid": "d7dd0154-e04f-4c34-a2fb-79f3a3a52aa4",
|
||
|
"template_version": "1",
|
||
|
"timestamp": "1513852274",
|
||
|
"uuid": "50c5355f-02d7-4b0b-8116-332325c74894",
|
||
|
"Attribute": [
|
||
|
{
|
||
|
"category": "External analysis",
|
||
|
"comment": "MS Office Docs",
|
||
|
"deleted": false,
|
||
|
"disable_correlation": false,
|
||
|
"object_relation": "permalink",
|
||
|
"timestamp": "1513852274",
|
||
|
"to_ids": false,
|
||
|
"type": "link",
|
||
|
"uuid": "5a3b8d72-f83c-4200-8813-47e402de0b81",
|
||
|
"value": "https://www.virustotal.com/file/b9cf1cba0f626668793b9624e55c76e2dab56893b21239523f2a2a0281844c6d/analysis/1513839053/"
|
||
|
},
|
||
|
{
|
||
|
"category": "Other",
|
||
|
"comment": "MS Office Docs",
|
||
|
"deleted": false,
|
||
|
"disable_correlation": true,
|
||
|
"object_relation": "detection-ratio",
|
||
|
"timestamp": "1513852274",
|
||
|
"to_ids": false,
|
||
|
"type": "text",
|
||
|
"uuid": "5a3b8d72-1408-4805-b520-48d002de0b81",
|
||
|
"value": "26/61"
|
||
|
},
|
||
|
{
|
||
|
"category": "Other",
|
||
|
"comment": "MS Office Docs",
|
||
|
"deleted": false,
|
||
|
"disable_correlation": false,
|
||
|
"object_relation": "last-submission",
|
||
|
"timestamp": "1513852274",
|
||
|
"to_ids": false,
|
||
|
"type": "datetime",
|
||
|
"uuid": "5a3b8d72-e134-4dbc-894e-419202de0b81",
|
||
|
"value": "2017-12-21T06:50:53"
|
||
|
}
|
||
|
]
|
||
|
}
|
||
|
]
|
||
|
}
|
||
|
}
|