2473 lines
85 KiB
JSON
2473 lines
85 KiB
JSON
|
{
|
||
|
"Event": {
|
||
|
"analysis": "2",
|
||
|
"date": "2019-06-06",
|
||
|
"extends_uuid": "",
|
||
|
"info": "OSINT - Gaining New Visibility into Financial Threats",
|
||
|
"publish_timestamp": "1559823389",
|
||
|
"published": true,
|
||
|
"threat_level_id": "3",
|
||
|
"timestamp": "1559823376",
|
||
|
"uuid": "5cf900bc-28e0-4bed-93a9-5225950d210f",
|
||
|
"Orgc": {
|
||
|
"name": "CIRCL",
|
||
|
"uuid": "55f6ea5e-2c60-40e5-964f-47a8950d210f"
|
||
|
},
|
||
|
"Tag": [
|
||
|
{
|
||
|
"colour": "#004646",
|
||
|
"name": "type:OSINT"
|
||
|
},
|
||
|
{
|
||
|
"colour": "#0071c3",
|
||
|
"name": "osint:lifetime=\"perpetual\""
|
||
|
},
|
||
|
{
|
||
|
"colour": "#0087e8",
|
||
|
"name": "osint:certainty=\"50\""
|
||
|
},
|
||
|
{
|
||
|
"colour": "#ffffff",
|
||
|
"name": "tlp:white"
|
||
|
},
|
||
|
{
|
||
|
"colour": "#12e400",
|
||
|
"name": "misp-galaxy:threat-actor=\"Anunak\""
|
||
|
},
|
||
|
{
|
||
|
"colour": "#6edb00",
|
||
|
"name": "circl:topic=\"finance\""
|
||
|
}
|
||
|
],
|
||
|
"Attribute": [
|
||
|
{
|
||
|
"category": "Network activity",
|
||
|
"comment": "",
|
||
|
"deleted": false,
|
||
|
"disable_correlation": false,
|
||
|
"timestamp": "1559822567",
|
||
|
"to_ids": true,
|
||
|
"type": "url",
|
||
|
"uuid": "5cf900e7-bcf4-4373-a0ea-7a17950d210f",
|
||
|
"value": "swift-fraud.com/documents/94563784.doc"
|
||
|
},
|
||
|
{
|
||
|
"category": "Network activity",
|
||
|
"comment": "",
|
||
|
"deleted": false,
|
||
|
"disable_correlation": false,
|
||
|
"timestamp": "1559822568",
|
||
|
"to_ids": true,
|
||
|
"type": "url",
|
||
|
"uuid": "5cf900e8-2f1c-4894-a23c-7a17950d210f",
|
||
|
"value": "cloud.yourdocument.biz/robots.txt"
|
||
|
},
|
||
|
{
|
||
|
"category": "Network activity",
|
||
|
"comment": "",
|
||
|
"deleted": false,
|
||
|
"disable_correlation": false,
|
||
|
"timestamp": "1559822568",
|
||
|
"to_ids": true,
|
||
|
"type": "ip-dst",
|
||
|
"uuid": "5cf900e8-6870-498d-84d9-7a17950d210f",
|
||
|
"value": "94.140.116.69"
|
||
|
},
|
||
|
{
|
||
|
"category": "Network activity",
|
||
|
"comment": "",
|
||
|
"deleted": false,
|
||
|
"disable_correlation": false,
|
||
|
"timestamp": "1559822568",
|
||
|
"to_ids": true,
|
||
|
"type": "ip-dst",
|
||
|
"uuid": "5cf900e8-e61c-44fb-ac10-7a17950d210f",
|
||
|
"value": "185.206.145.227"
|
||
|
},
|
||
|
{
|
||
|
"category": "Network activity",
|
||
|
"comment": "",
|
||
|
"deleted": false,
|
||
|
"disable_correlation": false,
|
||
|
"timestamp": "1559822568",
|
||
|
"to_ids": true,
|
||
|
"type": "ip-dst",
|
||
|
"uuid": "5cf900e8-1334-490c-a730-7a17950d210f",
|
||
|
"value": "45.56.162.8"
|
||
|
},
|
||
|
{
|
||
|
"category": "Network activity",
|
||
|
"comment": "",
|
||
|
"deleted": false,
|
||
|
"disable_correlation": false,
|
||
|
"timestamp": "1559822568",
|
||
|
"to_ids": true,
|
||
|
"type": "ip-dst",
|
||
|
"uuid": "5cf900e8-bbe4-4902-af9f-7a17950d210f",
|
||
|
"value": "94.156.35.118"
|
||
|
},
|
||
|
{
|
||
|
"category": "Network activity",
|
||
|
"comment": "",
|
||
|
"deleted": false,
|
||
|
"disable_correlation": false,
|
||
|
"timestamp": "1559822568",
|
||
|
"to_ids": true,
|
||
|
"type": "ip-dst",
|
||
|
"uuid": "5cf900e8-5b20-46d5-a4a2-7a17950d210f",
|
||
|
"value": "185.243.115.28"
|
||
|
},
|
||
|
{
|
||
|
"category": "Network activity",
|
||
|
"comment": "",
|
||
|
"deleted": false,
|
||
|
"disable_correlation": false,
|
||
|
"timestamp": "1559822568",
|
||
|
"to_ids": true,
|
||
|
"type": "ip-dst",
|
||
|
"uuid": "5cf900e8-ddbc-470a-947b-7a17950d210f",
|
||
|
"value": "185.206.146.226"
|
||
|
},
|
||
|
{
|
||
|
"category": "Network activity",
|
||
|
"comment": "",
|
||
|
"deleted": false,
|
||
|
"disable_correlation": false,
|
||
|
"timestamp": "1559822568",
|
||
|
"to_ids": true,
|
||
|
"type": "ip-dst",
|
||
|
"uuid": "5cf900e8-f670-48ab-bb14-7a17950d210f",
|
||
|
"value": "94.140.116.176"
|
||
|
},
|
||
|
{
|
||
|
"category": "Payload delivery",
|
||
|
"comment": "smrs.exe",
|
||
|
"deleted": false,
|
||
|
"disable_correlation": false,
|
||
|
"timestamp": "1559822907",
|
||
|
"to_ids": true,
|
||
|
"type": "md5",
|
||
|
"uuid": "5cf9023b-6d44-4c14-bcef-c66a950d210f",
|
||
|
"value": "d68351f754a508a386c06946c8e79088"
|
||
|
},
|
||
|
{
|
||
|
"category": "Payload delivery",
|
||
|
"comment": "smrs.exe",
|
||
|
"deleted": false,
|
||
|
"disable_correlation": false,
|
||
|
"timestamp": "1559822907",
|
||
|
"to_ids": true,
|
||
|
"type": "md5",
|
||
|
"uuid": "5cf9023b-81c0-4707-ba3c-c66a950d210f",
|
||
|
"value": "341917d17440ee8a334b202eb0378108"
|
||
|
},
|
||
|
{
|
||
|
"category": "Payload delivery",
|
||
|
"comment": "java.exe",
|
||
|
"deleted": false,
|
||
|
"disable_correlation": false,
|
||
|
"timestamp": "1559822907",
|
||
|
"to_ids": true,
|
||
|
"type": "md5",
|
||
|
"uuid": "5cf9023b-0f88-4640-8a7a-c66a950d210f",
|
||
|
"value": "d90ecd6c825ce236838112898e1c4a2e"
|
||
|
},
|
||
|
{
|
||
|
"category": "Payload delivery",
|
||
|
"comment": "94563784.doc",
|
||
|
"deleted": false,
|
||
|
"disable_correlation": false,
|
||
|
"timestamp": "1559822907",
|
||
|
"to_ids": true,
|
||
|
"type": "md5",
|
||
|
"uuid": "5cf9023b-9cfc-4ca1-b965-c66a950d210f",
|
||
|
"value": "d117c73e353193118a6383c30e42a95f"
|
||
|
},
|
||
|
{
|
||
|
"category": "Payload delivery",
|
||
|
"comment": "WRF{8F0C5F8E-18A3-48CE-A2F4-2F4DB1B14E94}.tmp",
|
||
|
"deleted": false,
|
||
|
"disable_correlation": false,
|
||
|
"timestamp": "1559822907",
|
||
|
"to_ids": true,
|
||
|
"type": "md5",
|
||
|
"uuid": "5cf9023b-3068-452b-bf0c-c66a950d210f",
|
||
|
"value": "b8fc470b9665b33d2071034fdfd6629c"
|
||
|
},
|
||
|
{
|
||
|
"category": "Payload delivery",
|
||
|
"comment": "KbhpQIcahFCuZwq.sct",
|
||
|
"deleted": false,
|
||
|
"disable_correlation": false,
|
||
|
"timestamp": "1559822908",
|
||
|
"to_ids": true,
|
||
|
"type": "md5",
|
||
|
"uuid": "5cf9023c-9060-4187-820f-c66a950d210f",
|
||
|
"value": "bb784d55895db10b67b1b4f1f5b0be16"
|
||
|
},
|
||
|
{
|
||
|
"category": "Payload delivery",
|
||
|
"comment": "MGsCOxPSNK.txt",
|
||
|
"deleted": false,
|
||
|
"disable_correlation": false,
|
||
|
"timestamp": "1559822908",
|
||
|
"to_ids": true,
|
||
|
"type": "md5",
|
||
|
"uuid": "5cf9023c-40f0-4df2-93c9-c66a950d210f",
|
||
|
"value": "4bee6ff39103ffe31118260f9b1c4884"
|
||
|
},
|
||
|
{
|
||
|
"category": "Payload delivery",
|
||
|
"comment": "cqHfjCkTtMwG.doc",
|
||
|
"deleted": false,
|
||
|
"disable_correlation": false,
|
||
|
"timestamp": "1559822908",
|
||
|
"to_ids": true,
|
||
|
"type": "md5",
|
||
|
"uuid": "5cf9023c-12c4-4c92-a77f-c66a950d210f",
|
||
|
"value": "c2a9443aac258a60d8cace43e839cf9f"
|
||
|
},
|
||
|
{
|
||
|
"category": "Payload delivery",
|
||
|
"comment": "tCrrDqBQoCcEkbnK.txt",
|
||
|
"deleted": false,
|
||
|
"disable_correlation": false,
|
||
|
"timestamp": "1559822908",
|
||
|
"to_ids": true,
|
||
|
"type": "md5",
|
||
|
"uuid": "5cf9023c-1f94-40f5-a8a6-c66a950d210f",
|
||
|
"value": "581c2a76b382deedb48d1df077e5bdf1"
|
||
|
},
|
||
|
{
|
||
|
"category": "Payload delivery",
|
||
|
"comment": "DLL dropper",
|
||
|
"deleted": false,
|
||
|
"disable_correlation": false,
|
||
|
"timestamp": "1559822908",
|
||
|
"to_ids": true,
|
||
|
"type": "md5",
|
||
|
"uuid": "5cf9023c-3880-4332-8439-c66a950d210f",
|
||
|
"value": "f0645bd9367faf4e21a9c5e8c132bed7"
|
||
|
},
|
||
|
{
|
||
|
"category": "Payload delivery",
|
||
|
"comment": "DLL dropper",
|
||
|
"deleted": false,
|
||
|
"disable_correlation": false,
|
||
|
"timestamp": "1559822908",
|
||
|
"to_ids": true,
|
||
|
"type": "md5",
|
||
|
"uuid": "5cf9023c-444c-4673-9cb4-c66a950d210f",
|
||
|
"value": "34a58e62866e5c17db61ee5f95d52c58"
|
||
|
},
|
||
|
{
|
||
|
"category": "Payload delivery",
|
||
|
"comment": "DLL dropper",
|
||
|
"deleted": false,
|
||
|
"disable_correlation": false,
|
||
|
"timestamp": "1559822908",
|
||
|
"to_ids": true,
|
||
|
"type": "md5",
|
||
|
"uuid": "5cf9023c-f954-4501-a996-c66a950d210f",
|
||
|
"value": "38242fb29d7cb82a4ffd651189d9821e"
|
||
|
},
|
||
|
{
|
||
|
"category": "Payload delivery",
|
||
|
"comment": "DLL dropper",
|
||
|
"deleted": false,
|
||
|
"disable_correlation": false,
|
||
|
"timestamp": "1559822908",
|
||
|
"to_ids": true,
|
||
|
"type": "md5",
|
||
|
"uuid": "5cf9023c-4834-4e22-bec8-c66a950d210f",
|
||
|
"value": "f0e52df398b938bf82d9e71ce754ab34"
|
||
|
},
|
||
|
{
|
||
|
"category": "Payload delivery",
|
||
|
"comment": "303F1428C3F",
|
||
|
"deleted": false,
|
||
|
"disable_correlation": false,
|
||
|
"timestamp": "1559822908",
|
||
|
"to_ids": true,
|
||
|
"type": "md5",
|
||
|
"uuid": "5cf9023c-7518-4541-bb00-c66a950d210f",
|
||
|
"value": "eb561d46c6283c632df88bd20ade6df4"
|
||
|
},
|
||
|
{
|
||
|
"category": "Payload delivery",
|
||
|
"comment": "9D01CA.txt",
|
||
|
"deleted": false,
|
||
|
"disable_correlation": false,
|
||
|
"timestamp": "1559822908",
|
||
|
"to_ids": true,
|
||
|
"type": "md5",
|
||
|
"uuid": "5cf9023c-4630-43f1-9026-c66a950d210f",
|
||
|
"value": "bbaee5d936a3809f46fd409b8442f753"
|
||
|
},
|
||
|
{
|
||
|
"category": "Payload delivery",
|
||
|
"comment": "rad353F7.tmp",
|
||
|
"deleted": false,
|
||
|
"disable_correlation": false,
|
||
|
"timestamp": "1559822908",
|
||
|
"to_ids": true,
|
||
|
"type": "md5",
|
||
|
"uuid": "5cf9023c-f7b4-4686-9de1-c66a950d210f",
|
||
|
"value": "63c98b8c34ee9261c0068c7f0435a9f9"
|
||
|
},
|
||
|
{
|
||
|
"category": "Payload delivery",
|
||
|
"comment": "nusb1mon.exe",
|
||
|
"deleted": false,
|
||
|
"disable_correlation": false,
|
||
|
"timestamp": "1559822908",
|
||
|
"to_ids": true,
|
||
|
"type": "md5",
|
||
|
"uuid": "5cf9023c-3fa0-4002-b6c1-c66a950d210f",
|
||
|
"value": "ddb9553c6e4e4908b5c7fbbdc4795d6c"
|
||
|
},
|
||
|
{
|
||
|
"category": "Payload delivery",
|
||
|
"comment": "netscan.exe",
|
||
|
"deleted": false,
|
||
|
"disable_correlation": false,
|
||
|
"timestamp": "1559822908",
|
||
|
"to_ids": true,
|
||
|
"type": "md5",
|
||
|
"uuid": "5cf9023c-19bc-4207-81e4-c66a950d210f",
|
||
|
"value": "1e94f1fdf5ace5e57d8b7832ea2da22e"
|
||
|
},
|
||
|
{
|
||
|
"category": "Payload delivery",
|
||
|
"comment": "netscan.exe",
|
||
|
"deleted": false,
|
||
|
"disable_correlation": false,
|
||
|
"timestamp": "1559822908",
|
||
|
"to_ids": true,
|
||
|
"type": "md5",
|
||
|
"uuid": "5cf9023c-12ec-48c3-8418-c66a950d210f",
|
||
|
"value": "e7aa5608c81ba4fcd8d166501b90fc06"
|
||
|
},
|
||
|
{
|
||
|
"category": "Payload delivery",
|
||
|
"comment": "psexec.exe",
|
||
|
"deleted": false,
|
||
|
"disable_correlation": false,
|
||
|
"timestamp": "1559822908",
|
||
|
"to_ids": true,
|
||
|
"type": "md5",
|
||
|
"uuid": "5cf9023c-a274-460e-921b-c66a950d210f",
|
||
|
"value": "27304b246c7d5b4e149124d5f93c5b01"
|
||
|
},
|
||
|
{
|
||
|
"category": "Payload delivery",
|
||
|
"comment": "psexec.exe",
|
||
|
"deleted": false,
|
||
|
"disable_correlation": false,
|
||
|
"timestamp": "1559822908",
|
||
|
"to_ids": true,
|
||
|
"type": "md5",
|
||
|
"uuid": "5cf9023c-5220-44d5-9984-c66a950d210f",
|
||
|
"value": "75b55bb34dac9d02740b9ad6b6820360"
|
||
|
},
|
||
|
{
|
||
|
"category": "Payload delivery",
|
||
|
"comment": "psexesvc.exe",
|
||
|
"deleted": false,
|
||
|
"disable_correlation": false,
|
||
|
"timestamp": "1559822908",
|
||
|
"to_ids": true,
|
||
|
"type": "md5",
|
||
|
"uuid": "5cf9023c-b7c0-4260-987d-c66a950d210f",
|
||
|
"value": "a7f7a0f74c8b48f1699858b3b6c11eda"
|
||
|
},
|
||
|
{
|
||
|
"category": "Payload delivery",
|
||
|
"comment": "psexesvc.exe",
|
||
|
"deleted": false,
|
||
|
"disable_correlation": false,
|
||
|
"timestamp": "1559822908",
|
||
|
"to_ids": true,
|
||
|
"type": "md5",
|
||
|
"uuid": "5cf9023c-f174-48fa-a207-c66a950d210f",
|
||
|
"value": "87dfac39f577e5f52f0724455e8832a8"
|
||
|
},
|
||
|
{
|
||
|
"category": "External analysis",
|
||
|
"comment": "",
|
||
|
"deleted": false,
|
||
|
"disable_correlation": false,
|
||
|
"timestamp": "1559823204",
|
||
|
"to_ids": false,
|
||
|
"type": "link",
|
||
|
"uuid": "5cf90364-3014-4df3-b302-4a48950d210f",
|
||
|
"value": "https://www.bitdefender.com/files/News/CaseStudies/study/262/Bitdefender-WhitePaper-An-APT-Blueprint-Gaining-New-Visibility-into-Financial-Threats-interactive.pdf"
|
||
|
},
|
||
|
{
|
||
|
"category": "External analysis",
|
||
|
"comment": "",
|
||
|
"deleted": false,
|
||
|
"disable_correlation": false,
|
||
|
"timestamp": "1559823270",
|
||
|
"to_ids": false,
|
||
|
"type": "link",
|
||
|
"uuid": "5cf903a6-fe08-49aa-8375-77d4950d210f",
|
||
|
"value": "https://pastebin.com/FdNVb77d"
|
||
|
}
|
||
|
],
|
||
|
"Object": [
|
||
|
{
|
||
|
"comment": "",
|
||
|
"deleted": false,
|
||
|
"description": "File object describing a file with meta-information",
|
||
|
"meta-category": "file",
|
||
|
"name": "file",
|
||
|
"template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215",
|
||
|
"template_version": "17",
|
||
|
"timestamp": "1559822999",
|
||
|
"uuid": "ea848d2e-65da-4deb-af74-a9d0e3a0ebea",
|
||
|
"ObjectReference": [
|
||
|
{
|
||
|
"comment": "",
|
||
|
"object_uuid": "ea848d2e-65da-4deb-af74-a9d0e3a0ebea",
|
||
|
"referenced_uuid": "de47fb74-8512-47da-86f7-e8d0cc93cdc7",
|
||
|
"relationship_type": "analysed-with",
|
||
|
"timestamp": "1559823005",
|
||
|
"uuid": "5cf9029d-5980-4160-903e-4151950d210f"
|
||
|
}
|
||
|
],
|
||
|
"Attribute": [
|
||
|
{
|
||
|
"category": "Payload delivery",
|
||
|
"comment": "psexesvc.exe",
|
||
|
"deleted": false,
|
||
|
"disable_correlation": false,
|
||
|
"object_relation": "md5",
|
||
|
"timestamp": "1559822908",
|
||
|
"to_ids": true,
|
||
|
"type": "md5",
|
||
|
"uuid": "f53abdb3-746f-425c-8cf7-2708633a3ec1",
|
||
|
"value": "87dfac39f577e5f52f0724455e8832a8"
|
||
|
},
|
||
|
{
|
||
|
"category": "Payload delivery",
|
||
|
"comment": "psexesvc.exe",
|
||
|
"deleted": false,
|
||
|
"disable_correlation": false,
|
||
|
"object_relation": "sha1",
|
||
|
"timestamp": "1559822908",
|
||
|
"to_ids": true,
|
||
|
"type": "sha1",
|
||
|
"uuid": "accb477e-c573-47d8-99e5-71b4794121a5",
|
||
|
"value": "0c5a8a0c11b9fcad622b884d48c5f0f379e054ff"
|
||
|
},
|
||
|
{
|
||
|
"category": "Payload delivery",
|
||
|
"comment": "psexesvc.exe",
|
||
|
"deleted": false,
|
||
|
"disable_correlation": false,
|
||
|
"object_relation": "sha256",
|
||
|
"timestamp": "1559822908",
|
||
|
"to_ids": true,
|
||
|
"type": "sha256",
|
||
|
"uuid": "04920cdc-c53f-4e62-95e7-1ac0acd284a7",
|
||
|
"value": "6a6a9aa6ed43eb3f857392459c7b05a5a0df89e00a3214d333949a561bcff368"
|
||
|
}
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"comment": "",
|
||
|
"deleted": false,
|
||
|
"description": "VirusTotal report",
|
||
|
"meta-category": "misc",
|
||
|
"name": "virustotal-report",
|
||
|
"template_uuid": "d7dd0154-e04f-4c34-a2fb-79f3a3a52aa4",
|
||
|
"template_version": "2",
|
||
|
"timestamp": "1559822999",
|
||
|
"uuid": "de47fb74-8512-47da-86f7-e8d0cc93cdc7",
|
||
|
"Attribute": [
|
||
|
{
|
||
|
"category": "Other",
|
||
|
"comment": "psexesvc.exe",
|
||
|
"deleted": false,
|
||
|
"disable_correlation": false,
|
||
|
"object_relation": "last-submission",
|
||
|
"timestamp": "1559822908",
|
||
|
"to_ids": false,
|
||
|
"type": "datetime",
|
||
|
"uuid": "edb4fa20-2435-47a1-930f-681799b0e215",
|
||
|
"value": "2019-06-06T00:05:45"
|
||
|
},
|
||
|
{
|
||
|
"category": "Payload delivery",
|
||
|
"comment": "psexesvc.exe",
|
||
|
"deleted": false,
|
||
|
"disable_correlation": false,
|
||
|
"object_relation": "permalink",
|
||
|
"timestamp": "1559822908",
|
||
|
"to_ids": false,
|
||
|
"type": "link",
|
||
|
"uuid": "a8857c21-1482-43b7-82a6-ddb1e08d56e1",
|
||
|
"value": "https://www.virustotal.com/file/6a6a9aa6ed43eb3f857392459c7b05a5a0df89e00a3214d333949a561bcff368/analysis/1559779545/"
|
||
|
},
|
||
|
{
|
||
|
"category": "Payload delivery",
|
||
|
"comment": "psexesvc.exe",
|
||
|
"deleted": false,
|
||
|
"disable_correlation": true,
|
||
|
"object_relation": "detection-ratio",
|
||
|
"timestamp": "1559822908",
|
||
|
"to_ids": false,
|
||
|
"type": "text",
|
||
|
"uuid": "359d9cd1-3274-43bf-8cb7-342610cdba6f",
|
||
|
"value": "1/73"
|
||
|
}
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"comment": "",
|
||
|
"deleted": false,
|
||
|
"description": "File object describing a file with meta-information",
|
||
|
"meta-category": "file",
|
||
|
"name": "file",
|
||
|
"template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215",
|
||
|
"template_version": "17",
|
||
|
"timestamp": "1559822999",
|
||
|
"uuid": "57e3c16f-67f4-468d-9d9e-b2ee77fce921",
|
||
|
"ObjectReference": [
|
||
|
{
|
||
|
"comment": "",
|
||
|
"object_uuid": "57e3c16f-67f4-468d-9d9e-b2ee77fce921",
|
||
|
"referenced_uuid": "3a75d429-6e69-4e61-a8f9-cb53975d839f",
|
||
|
"relationship_type": "analysed-with",
|
||
|
"timestamp": "1559823005",
|
||
|
"uuid": "5cf9029d-d5f8-468e-b74c-4cb0950d210f"
|
||
|
}
|
||
|
],
|
||
|
"Attribute": [
|
||
|
{
|
||
|
"category": "Payload delivery",
|
||
|
"comment": "rad353F7.tmp",
|
||
|
"deleted": false,
|
||
|
"disable_correlation": false,
|
||
|
"object_relation": "md5",
|
||
|
"timestamp": "1559822908",
|
||
|
"to_ids": true,
|
||
|
"type": "md5",
|
||
|
"uuid": "40a202f7-d47e-4a30-bdda-fbc9c8174112",
|
||
|
"value": "63c98b8c34ee9261c0068c7f0435a9f9"
|
||
|
},
|
||
|
{
|
||
|
"category": "Payload delivery",
|
||
|
"comment": "rad353F7.tmp",
|
||
|
"deleted": false,
|
||
|
"disable_correlation": false,
|
||
|
"object_relation": "sha1",
|
||
|
"timestamp": "1559822908",
|
||
|
"to_ids": true,
|
||
|
"type": "sha1",
|
||
|
"uuid": "f9cfd007-00ab-4307-8285-802edbefae3d",
|
||
|
"value": "c673cdac0a0edb70c7a649f9d7ef08ceaa16bd2d"
|
||
|
},
|
||
|
{
|
||
|
"category": "Payload delivery",
|
||
|
"comment": "rad353F7.tmp",
|
||
|
"deleted": false,
|
||
|
"disable_correlation": false,
|
||
|
"object_relation": "sha256",
|
||
|
"timestamp": "1559822908",
|
||
|
"to_ids": true,
|
||
|
"type": "sha256",
|
||
|
"uuid": "0a91d1ad-8f35-4f11-93ec-29fadaab5475",
|
||
|
"value": "28dd81de1a5fa5ca2009abb0daa60e7ff3b9ffba4b8a397147d55b543bc20484"
|
||
|
}
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"comment": "",
|
||
|
"deleted": false,
|
||
|
"description": "VirusTotal report",
|
||
|
"meta-category": "misc",
|
||
|
"name": "virustotal-report",
|
||
|
"template_uuid": "d7dd0154-e04f-4c34-a2fb-79f3a3a52aa4",
|
||
|
"template_version": "2",
|
||
|
"timestamp": "1559823000",
|
||
|
"uuid": "3a75d429-6e69-4e61-a8f9-cb53975d839f",
|
||
|
"Attribute": [
|
||
|
{
|
||
|
"category": "Other",
|
||
|
"comment": "rad353F7.tmp",
|
||
|
"deleted": false,
|
||
|
"disable_correlation": false,
|
||
|
"object_relation": "last-submission",
|
||
|
"timestamp": "1559822908",
|
||
|
"to_ids": false,
|
||
|
"type": "datetime",
|
||
|
"uuid": "a8cb3636-92dd-47cc-83d3-25182cdbd9c7",
|
||
|
"value": "2019-06-05T16:39:16"
|
||
|
},
|
||
|
{
|
||
|
"category": "Payload delivery",
|
||
|
"comment": "rad353F7.tmp",
|
||
|
"deleted": false,
|
||
|
"disable_correlation": false,
|
||
|
"object_relation": "permalink",
|
||
|
"timestamp": "1559822908",
|
||
|
"to_ids": false,
|
||
|
"type": "link",
|
||
|
"uuid": "010f4707-c282-4a50-b6fe-c198e6abe3b5",
|
||
|
"value": "https://www.virustotal.com/file/28dd81de1a5fa5ca2009abb0daa60e7ff3b9ffba4b8a397147d55b543bc20484/analysis/1559752756/"
|
||
|
},
|
||
|
{
|
||
|
"category": "Payload delivery",
|
||
|
"comment": "rad353F7.tmp",
|
||
|
"deleted": false,
|
||
|
"disable_correlation": true,
|
||
|
"object_relation": "detection-ratio",
|
||
|
"timestamp": "1559822908",
|
||
|
"to_ids": false,
|
||
|
"type": "text",
|
||
|
"uuid": "b223286d-7c10-4ef3-84cc-45af8741323a",
|
||
|
"value": "48/73"
|
||
|
}
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"comment": "",
|
||
|
"deleted": false,
|
||
|
"description": "File object describing a file with meta-information",
|
||
|
"meta-category": "file",
|
||
|
"name": "file",
|
||
|
"template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215",
|
||
|
"template_version": "17",
|
||
|
"timestamp": "1559823000",
|
||
|
"uuid": "2f8c8c8a-924b-4a0e-a78c-eae52f1ba8a7",
|
||
|
"ObjectReference": [
|
||
|
{
|
||
|
"comment": "",
|
||
|
"object_uuid": "2f8c8c8a-924b-4a0e-a78c-eae52f1ba8a7",
|
||
|
"referenced_uuid": "a575205e-629c-4238-ae69-d22e6a64b163",
|
||
|
"relationship_type": "analysed-with",
|
||
|
"timestamp": "1559823005",
|
||
|
"uuid": "5cf9029d-fbf8-460a-9d87-4fd3950d210f"
|
||
|
}
|
||
|
],
|
||
|
"Attribute": [
|
||
|
{
|
||
|
"category": "Payload delivery",
|
||
|
"comment": "DLL dropper",
|
||
|
"deleted": false,
|
||
|
"disable_correlation": false,
|
||
|
"object_relation": "md5",
|
||
|
"timestamp": "1559822908",
|
||
|
"to_ids": true,
|
||
|
"type": "md5",
|
||
|
"uuid": "bf3f5103-66af-4da9-9781-b59997e1059d",
|
||
|
"value": "38242fb29d7cb82a4ffd651189d9821e"
|
||
|
},
|
||
|
{
|
||
|
"category": "Payload delivery",
|
||
|
"comment": "DLL dropper",
|
||
|
"deleted": false,
|
||
|
"disable_correlation": false,
|
||
|
"object_relation": "sha1",
|
||
|
"timestamp": "1559822908",
|
||
|
"to_ids": true,
|
||
|
"type": "sha1",
|
||
|
"uuid": "deddb3ce-c064-4d73-8651-1700c1106ffe",
|
||
|
"value": "7ae97baa869d7ed416b773cc72973255a50fa579"
|
||
|
},
|
||
|
{
|
||
|
"category": "Payload delivery",
|
||
|
"comment": "DLL dropper",
|
||
|
"deleted": false,
|
||
|
"disable_correlation": false,
|
||
|
"object_relation": "sha256",
|
||
|
"timestamp": "1559822908",
|
||
|
"to_ids": true,
|
||
|
"type": "sha256",
|
||
|
"uuid": "0a3ebaee-3566-48b8-9cdf-e0ebbe1cc3dc",
|
||
|
"value": "0fef1863af0d7da7ddcfd3727f8fa08d66cd2d9ab4d5300dd3c57e908144edb6"
|
||
|
}
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"comment": "",
|
||
|
"deleted": false,
|
||
|
"description": "VirusTotal report",
|
||
|
"meta-category": "misc",
|
||
|
"name": "virustotal-report",
|
||
|
"template_uuid": "d7dd0154-e04f-4c34-a2fb-79f3a3a52aa4",
|
||
|
"template_version": "2",
|
||
|
"timestamp": "1559823000",
|
||
|
"uuid": "a575205e-629c-4238-ae69-d22e6a64b163",
|
||
|
"Attribute": [
|
||
|
{
|
||
|
"category": "Other",
|
||
|
"comment": "DLL dropper",
|
||
|
"deleted": false,
|
||
|
"disable_correlation": false,
|
||
|
"object_relation": "last-submission",
|
||
|
"timestamp": "1559822908",
|
||
|
"to_ids": false,
|
||
|
"type": "datetime",
|
||
|
"uuid": "4732126c-2568-42c3-9064-1deb92dc6b18",
|
||
|
"value": "2019-06-06T09:50:59"
|
||
|
},
|
||
|
{
|
||
|
"category": "Payload delivery",
|
||
|
"comment": "DLL dropper",
|
||
|
"deleted": false,
|
||
|
"disable_correlation": false,
|
||
|
"object_relation": "permalink",
|
||
|
"timestamp": "1559822908",
|
||
|
"to_ids": false,
|
||
|
"type": "link",
|
||
|
"uuid": "ef6ddc96-9d46-404d-b6ba-78e8bc713108",
|
||
|
"value": "https://www.virustotal.com/file/0fef1863af0d7da7ddcfd3727f8fa08d66cd2d9ab4d5300dd3c57e908144edb6/analysis/1559814659/"
|
||
|
},
|
||
|
{
|
||
|
"category": "Payload delivery",
|
||
|
"comment": "DLL dropper",
|
||
|
"deleted": false,
|
||
|
"disable_correlation": true,
|
||
|
"object_relation": "detection-ratio",
|
||
|
"timestamp": "1559822908",
|
||
|
"to_ids": false,
|
||
|
"type": "text",
|
||
|
"uuid": "f0fb56ae-dd12-4b0e-8014-18c839783a45",
|
||
|
"value": "40/68"
|
||
|
}
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"comment": "",
|
||
|
"deleted": false,
|
||
|
"description": "File object describing a file with meta-information",
|
||
|
"meta-category": "file",
|
||
|
"name": "file",
|
||
|
"template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215",
|
||
|
"template_version": "17",
|
||
|
"timestamp": "1559823000",
|
||
|
"uuid": "33492163-b362-476c-9869-f601ff4b0211",
|
||
|
"ObjectReference": [
|
||
|
{
|
||
|
"comment": "",
|
||
|
"object_uuid": "33492163-b362-476c-9869-f601ff4b0211",
|
||
|
"referenced_uuid": "cd0334f3-67d3-4324-9b30-28951aabe6c6",
|
||
|
"relationship_type": "analysed-with",
|
||
|
"timestamp": "1559823005",
|
||
|
"uuid": "5cf9029d-950c-4227-bbf1-4259950d210f"
|
||
|
}
|
||
|
],
|
||
|
"Attribute": [
|
||
|
{
|
||
|
"category": "Payload delivery",
|
||
|
"comment": "DLL dropper",
|
||
|
"deleted": false,
|
||
|
"disable_correlation": false,
|
||
|
"object_relation": "md5",
|
||
|
"timestamp": "1559822908",
|
||
|
"to_ids": true,
|
||
|
"type": "md5",
|
||
|
"uuid": "e055bf1a-4bb4-4afa-92a8-f30566d75b18",
|
||
|
"value": "34a58e62866e5c17db61ee5f95d52c58"
|
||
|
},
|
||
|
{
|
||
|
"category": "Payload delivery",
|
||
|
"comment": "DLL dropper",
|
||
|
"deleted": false,
|
||
|
"disable_correlation": false,
|
||
|
"object_relation": "sha1",
|
||
|
"timestamp": "1559822908",
|
||
|
"to_ids": true,
|
||
|
"type": "sha1",
|
||
|
"uuid": "f37d5986-f6be-40da-aa3e-7e8e91fc18bc",
|
||
|
"value": "8c0c273d458a85f38dd35d868cc734119773edbe"
|
||
|
},
|
||
|
{
|
||
|
"category": "Payload delivery",
|
||
|
"comment": "DLL dropper",
|
||
|
"deleted": false,
|
||
|
"disable_correlation": false,
|
||
|
"object_relation": "sha256",
|
||
|
"timestamp": "1559822908",
|
||
|
"to_ids": true,
|
||
|
"type": "sha256",
|
||
|
"uuid": "a9ccb1cb-0129-45b4-aef9-cddf650ea75a",
|
||
|
"value": "74af98fb016bf3adb51f49dff0a88c27bf4437e625a0c7557215a618a7b469a1"
|
||
|
}
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"comment": "",
|
||
|
"deleted": false,
|
||
|
"description": "VirusTotal report",
|
||
|
"meta-category": "misc",
|
||
|
"name": "virustotal-report",
|
||
|
"template_uuid": "d7dd0154-e04f-4c34-a2fb-79f3a3a52aa4",
|
||
|
"template_version": "2",
|
||
|
"timestamp": "1559823000",
|
||
|
"uuid": "cd0334f3-67d3-4324-9b30-28951aabe6c6",
|
||
|
"Attribute": [
|
||
|
{
|
||
|
"category": "Other",
|
||
|
"comment": "DLL dropper",
|
||
|
"deleted": false,
|
||
|
"disable_correlation": false,
|
||
|
"object_relation": "last-submission",
|
||
|
"timestamp": "1559822908",
|
||
|
"to_ids": false,
|
||
|
"type": "datetime",
|
||
|
"uuid": "a5f8849e-c2eb-48e8-9c38-248d2e440c76",
|
||
|
"value": "2019-06-06T09:59:20"
|
||
|
},
|
||
|
{
|
||
|
"category": "Payload delivery",
|
||
|
"comment": "DLL dropper",
|
||
|
"deleted": false,
|
||
|
"disable_correlation": false,
|
||
|
"object_relation": "permalink",
|
||
|
"timestamp": "1559822908",
|
||
|
"to_ids": false,
|
||
|
"type": "link",
|
||
|
"uuid": "b58a6671-028a-40fc-9131-40f3cab08675",
|
||
|
"value": "https://www.virustotal.com/file/74af98fb016bf3adb51f49dff0a88c27bf4437e625a0c7557215a618a7b469a1/analysis/1559815160/"
|
||
|
},
|
||
|
{
|
||
|
"category": "Payload delivery",
|
||
|
"comment": "DLL dropper",
|
||
|
"deleted": false,
|
||
|
"disable_correlation": true,
|
||
|
"object_relation": "detection-ratio",
|
||
|
"timestamp": "1559822908",
|
||
|
"to_ids": false,
|
||
|
"type": "text",
|
||
|
"uuid": "1ff8f77d-f171-49dc-9428-b80758e28b65",
|
||
|
"value": "43/71"
|
||
|
}
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"comment": "",
|
||
|
"deleted": false,
|
||
|
"description": "File object describing a file with meta-information",
|
||
|
"meta-category": "file",
|
||
|
"name": "file",
|
||
|
"template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215",
|
||
|
"template_version": "17",
|
||
|
"timestamp": "1559823000",
|
||
|
"uuid": "11184fc9-fcec-4ee2-8097-94d0024f38fc",
|
||
|
"ObjectReference": [
|
||
|
{
|
||
|
"comment": "",
|
||
|
"object_uuid": "11184fc9-fcec-4ee2-8097-94d0024f38fc",
|
||
|
"referenced_uuid": "7ae2d99e-26b2-4879-a4e2-caec2c6ac680",
|
||
|
"relationship_type": "analysed-with",
|
||
|
"timestamp": "1559823006",
|
||
|
"uuid": "5cf9029e-9490-4b4f-b2d8-4c03950d210f"
|
||
|
}
|
||
|
],
|
||
|
"Attribute": [
|
||
|
{
|
||
|
"category": "Payload delivery",
|
||
|
"comment": "KbhpQIcahFCuZwq.sct",
|
||
|
"deleted": false,
|
||
|
"disable_correlation": false,
|
||
|
"object_relation": "md5",
|
||
|
"timestamp": "1559822908",
|
||
|
"to_ids": true,
|
||
|
"type": "md5",
|
||
|
"uuid": "ac9e0ee6-9a0b-4295-a07a-1b84fb6b098e",
|
||
|
"value": "bb784d55895db10b67b1b4f1f5b0be16"
|
||
|
},
|
||
|
{
|
||
|
"category": "Payload delivery",
|
||
|
"comment": "KbhpQIcahFCuZwq.sct",
|
||
|
"deleted": false,
|
||
|
"disable_correlation": false,
|
||
|
"object_relation": "sha1",
|
||
|
"timestamp": "1559822908",
|
||
|
"to_ids": true,
|
||
|
"type": "sha1",
|
||
|
"uuid": "fe3727ed-c881-4a7c-b67c-614b7f93df20",
|
||
|
"value": "3d29fac679c5ce41cacd4510b455dbcbfc33a95e"
|
||
|
},
|
||
|
{
|
||
|
"category": "Payload delivery",
|
||
|
"comment": "KbhpQIcahFCuZwq.sct",
|
||
|
"deleted": false,
|
||
|
"disable_correlation": false,
|
||
|
"object_relation": "sha256",
|
||
|
"timestamp": "1559822908",
|
||
|
"to_ids": true,
|
||
|
"type": "sha256",
|
||
|
"uuid": "d0b53f57-5d79-4c71-816c-0a58b30fa264",
|
||
|
"value": "340025fc4a857bad96a037c6acaaa4d61e03b0fd13f56b724cee46dfcf020bd4"
|
||
|
}
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"comment": "",
|
||
|
"deleted": false,
|
||
|
"description": "VirusTotal report",
|
||
|
"meta-category": "misc",
|
||
|
"name": "virustotal-report",
|
||
|
"template_uuid": "d7dd0154-e04f-4c34-a2fb-79f3a3a52aa4",
|
||
|
"template_version": "2",
|
||
|
"timestamp": "1559823001",
|
||
|
"uuid": "7ae2d99e-26b2-4879-a4e2-caec2c6ac680",
|
||
|
"Attribute": [
|
||
|
{
|
||
|
"category": "Other",
|
||
|
"comment": "KbhpQIcahFCuZwq.sct",
|
||
|
"deleted": false,
|
||
|
"disable_correlation": false,
|
||
|
"object_relation": "last-submission",
|
||
|
"timestamp": "1559822908",
|
||
|
"to_ids": false,
|
||
|
"type": "datetime",
|
||
|
"uuid": "7e6cf628-7384-4e39-9e01-973a74927d29",
|
||
|
"value": "2019-06-05T18:34:57"
|
||
|
},
|
||
|
{
|
||
|
"category": "Payload delivery",
|
||
|
"comment": "KbhpQIcahFCuZwq.sct",
|
||
|
"deleted": false,
|
||
|
"disable_correlation": false,
|
||
|
"object_relation": "permalink",
|
||
|
"timestamp": "1559822908",
|
||
|
"to_ids": false,
|
||
|
"type": "link",
|
||
|
"uuid": "db2ad86f-6749-4397-a9a0-2c6635bbe918",
|
||
|
"value": "https://www.virustotal.com/file/340025fc4a857bad96a037c6acaaa4d61e03b0fd13f56b724cee46dfcf020bd4/analysis/1559759697/"
|
||
|
},
|
||
|
{
|
||
|
"category": "Payload delivery",
|
||
|
"comment": "KbhpQIcahFCuZwq.sct",
|
||
|
"deleted": false,
|
||
|
"disable_correlation": true,
|
||
|
"object_relation": "detection-ratio",
|
||
|
"timestamp": "1559822908",
|
||
|
"to_ids": false,
|
||
|
"type": "text",
|
||
|
"uuid": "d1214470-81bb-4d00-9d3b-4cf4f6a3644d",
|
||
|
"value": "21/56"
|
||
|
}
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"comment": "",
|
||
|
"deleted": false,
|
||
|
"description": "File object describing a file with meta-information",
|
||
|
"meta-category": "file",
|
||
|
"name": "file",
|
||
|
"template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215",
|
||
|
"template_version": "17",
|
||
|
"timestamp": "1559823001",
|
||
|
"uuid": "b62a4ac4-4b20-4eb5-81d5-f9a3fee32519",
|
||
|
"ObjectReference": [
|
||
|
{
|
||
|
"comment": "",
|
||
|
"object_uuid": "b62a4ac4-4b20-4eb5-81d5-f9a3fee32519",
|
||
|
"referenced_uuid": "20f86c50-ab0b-42c5-a22a-4a0b861dd753",
|
||
|
"relationship_type": "analysed-with",
|
||
|
"timestamp": "1559823006",
|
||
|
"uuid": "5cf9029e-08d0-45ba-bae0-4f46950d210f"
|
||
|
}
|
||
|
],
|
||
|
"Attribute": [
|
||
|
{
|
||
|
"category": "Payload delivery",
|
||
|
"comment": "DLL dropper",
|
||
|
"deleted": false,
|
||
|
"disable_correlation": false,
|
||
|
"object_relation": "md5",
|
||
|
"timestamp": "1559822908",
|
||
|
"to_ids": true,
|
||
|
"type": "md5",
|
||
|
"uuid": "6b985700-998a-4d91-aec3-88181f48f1ce",
|
||
|
"value": "f0645bd9367faf4e21a9c5e8c132bed7"
|
||
|
},
|
||
|
{
|
||
|
"category": "Payload delivery",
|
||
|
"comment": "DLL dropper",
|
||
|
"deleted": false,
|
||
|
"disable_correlation": false,
|
||
|
"object_relation": "sha1",
|
||
|
"timestamp": "1559822908",
|
||
|
"to_ids": true,
|
||
|
"type": "sha1",
|
||
|
"uuid": "0ee11c1c-a4f6-491a-899a-340a0cf2f6b2",
|
||
|
"value": "8245fca43d35c309fa64532b03ec20a31014572f"
|
||
|
},
|
||
|
{
|
||
|
"category": "Payload delivery",
|
||
|
"comment": "DLL dropper",
|
||
|
"deleted": false,
|
||
|
"disable_correlation": false,
|
||
|
"object_relation": "sha256",
|
||
|
"timestamp": "1559822908",
|
||
|
"to_ids": true,
|
||
|
"type": "sha256",
|
||
|
"uuid": "232b294e-4159-4102-b46b-cd8a6b5a3066",
|
||
|
"value": "cc2e9c6d8bce799829351bd25a64c9b332958038365195e054411b136be61a4f"
|
||
|
}
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"comment": "",
|
||
|
"deleted": false,
|
||
|
"description": "VirusTotal report",
|
||
|
"meta-category": "misc",
|
||
|
"name": "virustotal-report",
|
||
|
"template_uuid": "d7dd0154-e04f-4c34-a2fb-79f3a3a52aa4",
|
||
|
"template_version": "2",
|
||
|
"timestamp": "1559823001",
|
||
|
"uuid": "20f86c50-ab0b-42c5-a22a-4a0b861dd753",
|
||
|
"Attribute": [
|
||
|
{
|
||
|
"category": "Other",
|
||
|
"comment": "DLL dropper",
|
||
|
"deleted": false,
|
||
|
"disable_correlation": false,
|
||
|
"object_relation": "last-submission",
|
||
|
"timestamp": "1559822908",
|
||
|
"to_ids": false,
|
||
|
"type": "datetime",
|
||
|
"uuid": "cc6e41d6-0011-4337-9cd1-21936ff90bbf",
|
||
|
"value": "2019-06-05T18:34:38"
|
||
|
},
|
||
|
{
|
||
|
"category": "Payload delivery",
|
||
|
"comment": "DLL dropper",
|
||
|
"deleted": false,
|
||
|
"disable_correlation": false,
|
||
|
"object_relation": "permalink",
|
||
|
"timestamp": "1559822908",
|
||
|
"to_ids": false,
|
||
|
"type": "link",
|
||
|
"uuid": "f63df462-3a2d-4bf4-be13-d2960864cf7e",
|
||
|
"value": "https://www.virustotal.com/file/cc2e9c6d8bce799829351bd25a64c9b332958038365195e054411b136be61a4f/analysis/1559759678/"
|
||
|
},
|
||
|
{
|
||
|
"category": "Payload delivery",
|
||
|
"comment": "DLL dropper",
|
||
|
"deleted": false,
|
||
|
"disable_correlation": true,
|
||
|
"object_relation": "detection-ratio",
|
||
|
"timestamp": "1559822908",
|
||
|
"to_ids": false,
|
||
|
"type": "text",
|
||
|
"uuid": "11d7631b-1d40-42cb-979c-949d49db670d",
|
||
|
"value": "43/70"
|
||
|
}
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"comment": "",
|
||
|
"deleted": false,
|
||
|
"description": "File object describing a file with meta-information",
|
||
|
"meta-category": "file",
|
||
|
"name": "file",
|
||
|
"template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215",
|
||
|
"template_version": "17",
|
||
|
"timestamp": "1559823001",
|
||
|
"uuid": "8c139391-532c-41a3-a222-634a8c601a87",
|
||
|
"ObjectReference": [
|
||
|
{
|
||
|
"comment": "",
|
||
|
"object_uuid": "8c139391-532c-41a3-a222-634a8c601a87",
|
||
|
"referenced_uuid": "b6acbebe-39e8-4a6a-8781-7a22d00272b0",
|
||
|
"relationship_type": "analysed-with",
|
||
|
"timestamp": "1559823006",
|
||
|
"uuid": "5cf9029e-74c0-4e0b-bcf4-47a9950d210f"
|
||
|
}
|
||
|
],
|
||
|
"Attribute": [
|
||
|
{
|
||
|
"category": "Payload delivery",
|
||
|
"comment": "psexec.exe",
|
||
|
"deleted": false,
|
||
|
"disable_correlation": false,
|
||
|
"object_relation": "md5",
|
||
|
"timestamp": "1559822908",
|
||
|
"to_ids": true,
|
||
|
"type": "md5",
|
||
|
"uuid": "ac84b2e4-c92c-4871-b2e6-e5803d279a45",
|
||
|
"value": "27304b246c7d5b4e149124d5f93c5b01"
|
||
|
},
|
||
|
{
|
||
|
"category": "Payload delivery",
|
||
|
"comment": "psexec.exe",
|
||
|
"deleted": false,
|
||
|
"disable_correlation": false,
|
||
|
"object_relation": "sha1",
|
||
|
"timestamp": "1559822908",
|
||
|
"to_ids": true,
|
||
|
"type": "sha1",
|
||
|
"uuid": "42b5f9bc-f2f3-4ae4-94f7-5973a989b33e",
|
||
|
"value": "e50d9e3bd91908e13a26b3e23edeaf577fb3a095"
|
||
|
},
|
||
|
{
|
||
|
"category": "Payload delivery",
|
||
|
"comment": "psexec.exe",
|
||
|
"deleted": false,
|
||
|
"disable_correlation": false,
|
||
|
"object_relation": "sha256",
|
||
|
"timestamp": "1559822908",
|
||
|
"to_ids": true,
|
||
|
"type": "sha256",
|
||
|
"uuid": "fdbb1b0d-f581-42f1-b6b0-c99d16a7500d",
|
||
|
"value": "3337e3875b05e0bfba69ab926532e3f179e8cfbf162ebb60ce58a0281437a7ef"
|
||
|
}
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"comment": "",
|
||
|
"deleted": false,
|
||
|
"description": "VirusTotal report",
|
||
|
"meta-category": "misc",
|
||
|
"name": "virustotal-report",
|
||
|
"template_uuid": "d7dd0154-e04f-4c34-a2fb-79f3a3a52aa4",
|
||
|
"template_version": "2",
|
||
|
"timestamp": "1559823001",
|
||
|
"uuid": "b6acbebe-39e8-4a6a-8781-7a22d00272b0",
|
||
|
"Attribute": [
|
||
|
{
|
||
|
"category": "Other",
|
||
|
"comment": "psexec.exe",
|
||
|
"deleted": false,
|
||
|
"disable_correlation": false,
|
||
|
"object_relation": "last-submission",
|
||
|
"timestamp": "1559822908",
|
||
|
"to_ids": false,
|
||
|
"type": "datetime",
|
||
|
"uuid": "a54e618c-709f-4c4c-96f8-475a27c9ba36",
|
||
|
"value": "2019-06-05T23:56:48"
|
||
|
},
|
||
|
{
|
||
|
"category": "Payload delivery",
|
||
|
"comment": "psexec.exe",
|
||
|
"deleted": false,
|
||
|
"disable_correlation": false,
|
||
|
"object_relation": "permalink",
|
||
|
"timestamp": "1559822908",
|
||
|
"to_ids": false,
|
||
|
"type": "link",
|
||
|
"uuid": "181a1c58-4800-43e6-a903-009a1f96f197",
|
||
|
"value": "https://www.virustotal.com/file/3337e3875b05e0bfba69ab926532e3f179e8cfbf162ebb60ce58a0281437a7ef/analysis/1559779008/"
|
||
|
},
|
||
|
{
|
||
|
"category": "Payload delivery",
|
||
|
"comment": "psexec.exe",
|
||
|
"deleted": false,
|
||
|
"disable_correlation": true,
|
||
|
"object_relation": "detection-ratio",
|
||
|
"timestamp": "1559822908",
|
||
|
"to_ids": false,
|
||
|
"type": "text",
|
||
|
"uuid": "9e26cdbd-8e6e-4a39-930d-987d58e8e85e",
|
||
|
"value": "2/73"
|
||
|
}
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"comment": "",
|
||
|
"deleted": false,
|
||
|
"description": "File object describing a file with meta-information",
|
||
|
"meta-category": "file",
|
||
|
"name": "file",
|
||
|
"template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215",
|
||
|
"template_version": "17",
|
||
|
"timestamp": "1559823001",
|
||
|
"uuid": "c7d41beb-3fba-4a5c-8f1b-1776eac57521",
|
||
|
"ObjectReference": [
|
||
|
{
|
||
|
"comment": "",
|
||
|
"object_uuid": "c7d41beb-3fba-4a5c-8f1b-1776eac57521",
|
||
|
"referenced_uuid": "76cd75eb-9363-4a7a-8a23-568bb8cf2bb7",
|
||
|
"relationship_type": "analysed-with",
|
||
|
"timestamp": "1559823006",
|
||
|
"uuid": "5cf9029e-0ff0-4d7a-99f1-42e5950d210f"
|
||
|
}
|
||
|
],
|
||
|
"Attribute": [
|
||
|
{
|
||
|
"category": "Payload delivery",
|
||
|
"comment": "tCrrDqBQoCcEkbnK.txt",
|
||
|
"deleted": false,
|
||
|
"disable_correlation": false,
|
||
|
"object_relation": "md5",
|
||
|
"timestamp": "1559822908",
|
||
|
"to_ids": true,
|
||
|
"type": "md5",
|
||
|
"uuid": "c0777261-9d54-45f8-987e-4f06cd8eb782",
|
||
|
"value": "581c2a76b382deedb48d1df077e5bdf1"
|
||
|
},
|
||
|
{
|
||
|
"category": "Payload delivery",
|
||
|
"comment": "tCrrDqBQoCcEkbnK.txt",
|
||
|
"deleted": false,
|
||
|
"disable_correlation": false,
|
||
|
"object_relation": "sha1",
|
||
|
"timestamp": "1559822908",
|
||
|
"to_ids": true,
|
||
|
"type": "sha1",
|
||
|
"uuid": "962db6c2-c3ce-450e-a499-413af66123a5",
|
||
|
"value": "8b7b20d1a81af09a42e7dd1b3e02f2fa8038413c"
|
||
|
},
|
||
|
{
|
||
|
"category": "Payload delivery",
|
||
|
"comment": "tCrrDqBQoCcEkbnK.txt",
|
||
|
"deleted": false,
|
||
|
"disable_correlation": false,
|
||
|
"object_relation": "sha256",
|
||
|
"timestamp": "1559822908",
|
||
|
"to_ids": true,
|
||
|
"type": "sha256",
|
||
|
"uuid": "b9bc88ae-7606-4b57-a78a-545ea9131397",
|
||
|
"value": "b6ab9705591e9066df9ce4ab79ff532eff4adff88d899522cddc814158f95663"
|
||
|
}
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"comment": "",
|
||
|
"deleted": false,
|
||
|
"description": "VirusTotal report",
|
||
|
"meta-category": "misc",
|
||
|
"name": "virustotal-report",
|
||
|
"template_uuid": "d7dd0154-e04f-4c34-a2fb-79f3a3a52aa4",
|
||
|
"template_version": "2",
|
||
|
"timestamp": "1559823002",
|
||
|
"uuid": "76cd75eb-9363-4a7a-8a23-568bb8cf2bb7",
|
||
|
"Attribute": [
|
||
|
{
|
||
|
"category": "Other",
|
||
|
"comment": "tCrrDqBQoCcEkbnK.txt",
|
||
|
"deleted": false,
|
||
|
"disable_correlation": false,
|
||
|
"object_relation": "last-submission",
|
||
|
"timestamp": "1559822908",
|
||
|
"to_ids": false,
|
||
|
"type": "datetime",
|
||
|
"uuid": "1bcfe86d-7072-4afe-a20f-9f9e11cb6d36",
|
||
|
"value": "2019-06-05T16:39:41"
|
||
|
},
|
||
|
{
|
||
|
"category": "Payload delivery",
|
||
|
"comment": "tCrrDqBQoCcEkbnK.txt",
|
||
|
"deleted": false,
|
||
|
"disable_correlation": false,
|
||
|
"object_relation": "permalink",
|
||
|
"timestamp": "1559822908",
|
||
|
"to_ids": false,
|
||
|
"type": "link",
|
||
|
"uuid": "e1e7432c-c31a-405a-a881-ec4c7f7c92dd",
|
||
|
"value": "https://www.virustotal.com/file/b6ab9705591e9066df9ce4ab79ff532eff4adff88d899522cddc814158f95663/analysis/1559752781/"
|
||
|
},
|
||
|
{
|
||
|
"category": "Payload delivery",
|
||
|
"comment": "tCrrDqBQoCcEkbnK.txt",
|
||
|
"deleted": false,
|
||
|
"disable_correlation": true,
|
||
|
"object_relation": "detection-ratio",
|
||
|
"timestamp": "1559822908",
|
||
|
"to_ids": false,
|
||
|
"type": "text",
|
||
|
"uuid": "c78bfbb2-cfc8-4c52-bfd1-b7a2c97b01ad",
|
||
|
"value": "28/59"
|
||
|
}
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"comment": "",
|
||
|
"deleted": false,
|
||
|
"description": "File object describing a file with meta-information",
|
||
|
"meta-category": "file",
|
||
|
"name": "file",
|
||
|
"template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215",
|
||
|
"template_version": "17",
|
||
|
"timestamp": "1559823002",
|
||
|
"uuid": "2635adb7-eec5-421d-8084-7b415519ee42",
|
||
|
"ObjectReference": [
|
||
|
{
|
||
|
"comment": "",
|
||
|
"object_uuid": "2635adb7-eec5-421d-8084-7b415519ee42",
|
||
|
"referenced_uuid": "d317b55c-3b25-4466-8fac-5ab9a70a2ef2",
|
||
|
"relationship_type": "analysed-with",
|
||
|
"timestamp": "1559823006",
|
||
|
"uuid": "5cf9029e-cbcc-4bef-8336-494f950d210f"
|
||
|
}
|
||
|
],
|
||
|
"Attribute": [
|
||
|
{
|
||
|
"category": "Payload delivery",
|
||
|
"comment": "DLL dropper",
|
||
|
"deleted": false,
|
||
|
"disable_correlation": false,
|
||
|
"object_relation": "md5",
|
||
|
"timestamp": "1559822908",
|
||
|
"to_ids": true,
|
||
|
"type": "md5",
|
||
|
"uuid": "efecabc7-a7da-4b62-a15d-34c94cc22bf5",
|
||
|
"value": "f0e52df398b938bf82d9e71ce754ab34"
|
||
|
},
|
||
|
{
|
||
|
"category": "Payload delivery",
|
||
|
"comment": "DLL dropper",
|
||
|
"deleted": false,
|
||
|
"disable_correlation": false,
|
||
|
"object_relation": "sha1",
|
||
|
"timestamp": "1559822908",
|
||
|
"to_ids": true,
|
||
|
"type": "sha1",
|
||
|
"uuid": "a35de310-be67-4351-80a4-efe6756d13f3",
|
||
|
"value": "b58b6e2049fbaae7eb0c7aa14564604813c9e06b"
|
||
|
},
|
||
|
{
|
||
|
"category": "Payload delivery",
|
||
|
"comment": "DLL dropper",
|
||
|
"deleted": false,
|
||
|
"disable_correlation": false,
|
||
|
"object_relation": "sha256",
|
||
|
"timestamp": "1559822908",
|
||
|
"to_ids": true,
|
||
|
"type": "sha256",
|
||
|
"uuid": "da7bce24-8e9d-4d96-b4e0-dce84e4a4dbc",
|
||
|
"value": "69f7822cac20a27c4fe955c0864a9fe9b3798f54f39ac3ebdba12b0ab4a9cdbd"
|
||
|
}
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"comment": "",
|
||
|
"deleted": false,
|
||
|
"description": "VirusTotal report",
|
||
|
"meta-category": "misc",
|
||
|
"name": "virustotal-report",
|
||
|
"template_uuid": "d7dd0154-e04f-4c34-a2fb-79f3a3a52aa4",
|
||
|
"template_version": "2",
|
||
|
"timestamp": "1559823002",
|
||
|
"uuid": "d317b55c-3b25-4466-8fac-5ab9a70a2ef2",
|
||
|
"Attribute": [
|
||
|
{
|
||
|
"category": "Other",
|
||
|
"comment": "DLL dropper",
|
||
|
"deleted": false,
|
||
|
"disable_correlation": false,
|
||
|
"object_relation": "last-submission",
|
||
|
"timestamp": "1559822908",
|
||
|
"to_ids": false,
|
||
|
"type": "datetime",
|
||
|
"uuid": "35f48480-2d3c-4845-9a0b-e4302f6dfd1c",
|
||
|
"value": "2019-06-05T16:39:26"
|
||
|
},
|
||
|
{
|
||
|
"category": "Payload delivery",
|
||
|
"comment": "DLL dropper",
|
||
|
"deleted": false,
|
||
|
"disable_correlation": false,
|
||
|
"object_relation": "permalink",
|
||
|
"timestamp": "1559822908",
|
||
|
"to_ids": false,
|
||
|
"type": "link",
|
||
|
"uuid": "b8ddf93c-d397-4187-a061-f2317b8a4aa3",
|
||
|
"value": "https://www.virustotal.com/file/69f7822cac20a27c4fe955c0864a9fe9b3798f54f39ac3ebdba12b0ab4a9cdbd/analysis/1559752766/"
|
||
|
},
|
||
|
{
|
||
|
"category": "Payload delivery",
|
||
|
"comment": "DLL dropper",
|
||
|
"deleted": false,
|
||
|
"disable_correlation": true,
|
||
|
"object_relation": "detection-ratio",
|
||
|
"timestamp": "1559822908",
|
||
|
"to_ids": false,
|
||
|
"type": "text",
|
||
|
"uuid": "787821f0-07d0-49da-a0be-c875035086ca",
|
||
|
"value": "51/73"
|
||
|
}
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"comment": "",
|
||
|
"deleted": false,
|
||
|
"description": "File object describing a file with meta-information",
|
||
|
"meta-category": "file",
|
||
|
"name": "file",
|
||
|
"template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215",
|
||
|
"template_version": "17",
|
||
|
"timestamp": "1559823002",
|
||
|
"uuid": "c730930e-72e0-45e5-a3cb-e040521971a3",
|
||
|
"ObjectReference": [
|
||
|
{
|
||
|
"comment": "",
|
||
|
"object_uuid": "c730930e-72e0-45e5-a3cb-e040521971a3",
|
||
|
"referenced_uuid": "7bc4f11b-34a5-4929-9f93-75081f6a60b4",
|
||
|
"relationship_type": "analysed-with",
|
||
|
"timestamp": "1559823006",
|
||
|
"uuid": "5cf9029e-5114-42c6-b294-40cc950d210f"
|
||
|
}
|
||
|
],
|
||
|
"Attribute": [
|
||
|
{
|
||
|
"category": "Payload delivery",
|
||
|
"comment": "MGsCOxPSNK.txt",
|
||
|
"deleted": false,
|
||
|
"disable_correlation": false,
|
||
|
"object_relation": "md5",
|
||
|
"timestamp": "1559822908",
|
||
|
"to_ids": true,
|
||
|
"type": "md5",
|
||
|
"uuid": "6acb9c83-8a68-4533-8599-2b96caca71b4",
|
||
|
"value": "4bee6ff39103ffe31118260f9b1c4884"
|
||
|
},
|
||
|
{
|
||
|
"category": "Payload delivery",
|
||
|
"comment": "MGsCOxPSNK.txt",
|
||
|
"deleted": false,
|
||
|
"disable_correlation": false,
|
||
|
"object_relation": "sha1",
|
||
|
"timestamp": "1559822908",
|
||
|
"to_ids": true,
|
||
|
"type": "sha1",
|
||
|
"uuid": "45fc1115-cffb-4f25-9c31-062cc3ed2251",
|
||
|
"value": "ae9ee7088142c9c13427f9cac6b604d04dea4db4"
|
||
|
},
|
||
|
{
|
||
|
"category": "Payload delivery",
|
||
|
"comment": "MGsCOxPSNK.txt",
|
||
|
"deleted": false,
|
||
|
"disable_correlation": false,
|
||
|
"object_relation": "sha256",
|
||
|
"timestamp": "1559822908",
|
||
|
"to_ids": true,
|
||
|
"type": "sha256",
|
||
|
"uuid": "39296f72-b102-4e81-aff5-8d53cf7205b8",
|
||
|
"value": "127e185dc7308e6a7bfa9c91601c9dfc8b0b2ce410e4e6157992e995169c1699"
|
||
|
}
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"comment": "",
|
||
|
"deleted": false,
|
||
|
"description": "VirusTotal report",
|
||
|
"meta-category": "misc",
|
||
|
"name": "virustotal-report",
|
||
|
"template_uuid": "d7dd0154-e04f-4c34-a2fb-79f3a3a52aa4",
|
||
|
"template_version": "2",
|
||
|
"timestamp": "1559823002",
|
||
|
"uuid": "7bc4f11b-34a5-4929-9f93-75081f6a60b4",
|
||
|
"Attribute": [
|
||
|
{
|
||
|
"category": "Other",
|
||
|
"comment": "MGsCOxPSNK.txt",
|
||
|
"deleted": false,
|
||
|
"disable_correlation": false,
|
||
|
"object_relation": "last-submission",
|
||
|
"timestamp": "1559822908",
|
||
|
"to_ids": false,
|
||
|
"type": "datetime",
|
||
|
"uuid": "24d4b68b-979f-40a2-8ae3-7fbab006b695",
|
||
|
"value": "2019-06-05T16:39:11"
|
||
|
},
|
||
|
{
|
||
|
"category": "Payload delivery",
|
||
|
"comment": "MGsCOxPSNK.txt",
|
||
|
"deleted": false,
|
||
|
"disable_correlation": false,
|
||
|
"object_relation": "permalink",
|
||
|
"timestamp": "1559822908",
|
||
|
"to_ids": false,
|
||
|
"type": "link",
|
||
|
"uuid": "7eab0bbb-e934-4101-8725-255aeebcc24c",
|
||
|
"value": "https://www.virustotal.com/file/127e185dc7308e6a7bfa9c91601c9dfc8b0b2ce410e4e6157992e995169c1699/analysis/1559752751/"
|
||
|
},
|
||
|
{
|
||
|
"category": "Payload delivery",
|
||
|
"comment": "MGsCOxPSNK.txt",
|
||
|
"deleted": false,
|
||
|
"disable_correlation": true,
|
||
|
"object_relation": "detection-ratio",
|
||
|
"timestamp": "1559822908",
|
||
|
"to_ids": false,
|
||
|
"type": "text",
|
||
|
"uuid": "7a5f5574-3b98-4b2e-9453-13d93cfad79f",
|
||
|
"value": "25/60"
|
||
|
}
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"comment": "",
|
||
|
"deleted": false,
|
||
|
"description": "File object describing a file with meta-information",
|
||
|
"meta-category": "file",
|
||
|
"name": "file",
|
||
|
"template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215",
|
||
|
"template_version": "17",
|
||
|
"timestamp": "1559823003",
|
||
|
"uuid": "654cf3c0-e403-415e-8dde-d210c2a32c68",
|
||
|
"ObjectReference": [
|
||
|
{
|
||
|
"comment": "",
|
||
|
"object_uuid": "654cf3c0-e403-415e-8dde-d210c2a32c68",
|
||
|
"referenced_uuid": "80f85328-d4bb-4113-a164-a4e080ef8d80",
|
||
|
"relationship_type": "analysed-with",
|
||
|
"timestamp": "1559823006",
|
||
|
"uuid": "5cf9029e-14a4-4118-8351-4217950d210f"
|
||
|
}
|
||
|
],
|
||
|
"Attribute": [
|
||
|
{
|
||
|
"category": "Payload delivery",
|
||
|
"comment": "psexec.exe",
|
||
|
"deleted": false,
|
||
|
"disable_correlation": false,
|
||
|
"object_relation": "md5",
|
||
|
"timestamp": "1559822908",
|
||
|
"to_ids": true,
|
||
|
"type": "md5",
|
||
|
"uuid": "a90eb07a-fc0f-44fc-b55c-fcceeb9e341a",
|
||
|
"value": "75b55bb34dac9d02740b9ad6b6820360"
|
||
|
},
|
||
|
{
|
||
|
"category": "Payload delivery",
|
||
|
"comment": "psexec.exe",
|
||
|
"deleted": false,
|
||
|
"disable_correlation": false,
|
||
|
"object_relation": "sha1",
|
||
|
"timestamp": "1559822908",
|
||
|
"to_ids": true,
|
||
|
"type": "sha1",
|
||
|
"uuid": "78f9e7cc-a9d7-43fa-85eb-ac155c3177ab",
|
||
|
"value": "a17c21b909c56d93d978014e63fb06926eaea8e7"
|
||
|
},
|
||
|
{
|
||
|
"category": "Payload delivery",
|
||
|
"comment": "psexec.exe",
|
||
|
"deleted": false,
|
||
|
"disable_correlation": false,
|
||
|
"object_relation": "sha256",
|
||
|
"timestamp": "1559822908",
|
||
|
"to_ids": true,
|
||
|
"type": "sha256",
|
||
|
"uuid": "b82311c7-b1d1-4537-8801-14c7d4c719c3",
|
||
|
"value": "141b2190f51397dbd0dfde0e3904b264c91b6f81febc823ff0c33da980b69944"
|
||
|
}
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"comment": "",
|
||
|
"deleted": false,
|
||
|
"description": "VirusTotal report",
|
||
|
"meta-category": "misc",
|
||
|
"name": "virustotal-report",
|
||
|
"template_uuid": "d7dd0154-e04f-4c34-a2fb-79f3a3a52aa4",
|
||
|
"template_version": "2",
|
||
|
"timestamp": "1559823003",
|
||
|
"uuid": "80f85328-d4bb-4113-a164-a4e080ef8d80",
|
||
|
"Attribute": [
|
||
|
{
|
||
|
"category": "Other",
|
||
|
"comment": "psexec.exe",
|
||
|
"deleted": false,
|
||
|
"disable_correlation": false,
|
||
|
"object_relation": "last-submission",
|
||
|
"timestamp": "1559822908",
|
||
|
"to_ids": false,
|
||
|
"type": "datetime",
|
||
|
"uuid": "a6d55295-0037-48dd-8cdc-9618997f3d83",
|
||
|
"value": "2019-06-05T18:30:17"
|
||
|
},
|
||
|
{
|
||
|
"category": "Payload delivery",
|
||
|
"comment": "psexec.exe",
|
||
|
"deleted": false,
|
||
|
"disable_correlation": false,
|
||
|
"object_relation": "permalink",
|
||
|
"timestamp": "1559822908",
|
||
|
"to_ids": false,
|
||
|
"type": "link",
|
||
|
"uuid": "8f93c372-fb61-4b5f-b72d-0bb26c38e3a2",
|
||
|
"value": "https://www.virustotal.com/file/141b2190f51397dbd0dfde0e3904b264c91b6f81febc823ff0c33da980b69944/analysis/1559759417/"
|
||
|
},
|
||
|
{
|
||
|
"category": "Payload delivery",
|
||
|
"comment": "psexec.exe",
|
||
|
"deleted": false,
|
||
|
"disable_correlation": true,
|
||
|
"object_relation": "detection-ratio",
|
||
|
"timestamp": "1559822908",
|
||
|
"to_ids": false,
|
||
|
"type": "text",
|
||
|
"uuid": "9637d4d7-f3dd-43e2-b1e8-cc524e61425b",
|
||
|
"value": "1/74"
|
||
|
}
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"comment": "",
|
||
|
"deleted": false,
|
||
|
"description": "File object describing a file with meta-information",
|
||
|
"meta-category": "file",
|
||
|
"name": "file",
|
||
|
"template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215",
|
||
|
"template_version": "17",
|
||
|
"timestamp": "1559823003",
|
||
|
"uuid": "978cc9ef-f291-4f48-b98d-7d6ac96c6e00",
|
||
|
"ObjectReference": [
|
||
|
{
|
||
|
"comment": "",
|
||
|
"object_uuid": "978cc9ef-f291-4f48-b98d-7d6ac96c6e00",
|
||
|
"referenced_uuid": "1e23c045-091f-4acd-a090-9b8d21b602ec",
|
||
|
"relationship_type": "analysed-with",
|
||
|
"timestamp": "1559823006",
|
||
|
"uuid": "5cf9029e-eb2c-4c2f-94f5-4ac9950d210f"
|
||
|
}
|
||
|
],
|
||
|
"Attribute": [
|
||
|
{
|
||
|
"category": "Payload delivery",
|
||
|
"comment": "94563784.doc",
|
||
|
"deleted": false,
|
||
|
"disable_correlation": false,
|
||
|
"object_relation": "md5",
|
||
|
"timestamp": "1559822907",
|
||
|
"to_ids": true,
|
||
|
"type": "md5",
|
||
|
"uuid": "5c15976a-70fc-4931-909f-cacd23b26100",
|
||
|
"value": "d117c73e353193118a6383c30e42a95f"
|
||
|
},
|
||
|
{
|
||
|
"category": "Payload delivery",
|
||
|
"comment": "94563784.doc",
|
||
|
"deleted": false,
|
||
|
"disable_correlation": false,
|
||
|
"object_relation": "sha1",
|
||
|
"timestamp": "1559822907",
|
||
|
"to_ids": true,
|
||
|
"type": "sha1",
|
||
|
"uuid": "986c20d9-e565-4e21-98e2-94bad1474958",
|
||
|
"value": "fa191c27a162589ba54f0e7a30ffb23623f3872c"
|
||
|
},
|
||
|
{
|
||
|
"category": "Payload delivery",
|
||
|
"comment": "94563784.doc",
|
||
|
"deleted": false,
|
||
|
"disable_correlation": false,
|
||
|
"object_relation": "sha256",
|
||
|
"timestamp": "1559822907",
|
||
|
"to_ids": true,
|
||
|
"type": "sha256",
|
||
|
"uuid": "8107e78a-d2cc-462a-8e42-95685ed2ddcc",
|
||
|
"value": "bebd4cd9aece49fbe6e7024e239638004358ff87d02f9bd4328993409da9e17c"
|
||
|
}
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"comment": "",
|
||
|
"deleted": false,
|
||
|
"description": "VirusTotal report",
|
||
|
"meta-category": "misc",
|
||
|
"name": "virustotal-report",
|
||
|
"template_uuid": "d7dd0154-e04f-4c34-a2fb-79f3a3a52aa4",
|
||
|
"template_version": "2",
|
||
|
"timestamp": "1559823003",
|
||
|
"uuid": "1e23c045-091f-4acd-a090-9b8d21b602ec",
|
||
|
"Attribute": [
|
||
|
{
|
||
|
"category": "Other",
|
||
|
"comment": "94563784.doc",
|
||
|
"deleted": false,
|
||
|
"disable_correlation": false,
|
||
|
"object_relation": "last-submission",
|
||
|
"timestamp": "1559822907",
|
||
|
"to_ids": false,
|
||
|
"type": "datetime",
|
||
|
"uuid": "740acfa3-9fa9-48c9-8754-14166e8d67ed",
|
||
|
"value": "2019-06-05T10:41:17"
|
||
|
},
|
||
|
{
|
||
|
"category": "Payload delivery",
|
||
|
"comment": "94563784.doc",
|
||
|
"deleted": false,
|
||
|
"disable_correlation": false,
|
||
|
"object_relation": "permalink",
|
||
|
"timestamp": "1559822907",
|
||
|
"to_ids": false,
|
||
|
"type": "link",
|
||
|
"uuid": "77c482d6-0a9c-4f2b-9294-1c3f91493103",
|
||
|
"value": "https://www.virustotal.com/file/bebd4cd9aece49fbe6e7024e239638004358ff87d02f9bd4328993409da9e17c/analysis/1559731277/"
|
||
|
},
|
||
|
{
|
||
|
"category": "Payload delivery",
|
||
|
"comment": "94563784.doc",
|
||
|
"deleted": false,
|
||
|
"disable_correlation": true,
|
||
|
"object_relation": "detection-ratio",
|
||
|
"timestamp": "1559822907",
|
||
|
"to_ids": false,
|
||
|
"type": "text",
|
||
|
"uuid": "7e4241d3-c145-40c1-b7ca-0b512993b4e4",
|
||
|
"value": "39/59"
|
||
|
}
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"comment": "",
|
||
|
"deleted": false,
|
||
|
"description": "File object describing a file with meta-information",
|
||
|
"meta-category": "file",
|
||
|
"name": "file",
|
||
|
"template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215",
|
||
|
"template_version": "17",
|
||
|
"timestamp": "1559823003",
|
||
|
"uuid": "8b5a1799-619f-4570-9aa6-ac54205c81f4",
|
||
|
"ObjectReference": [
|
||
|
{
|
||
|
"comment": "",
|
||
|
"object_uuid": "8b5a1799-619f-4570-9aa6-ac54205c81f4",
|
||
|
"referenced_uuid": "dce4a646-5ab4-4c54-88ea-a2c5a6683155",
|
||
|
"relationship_type": "analysed-with",
|
||
|
"timestamp": "1559823006",
|
||
|
"uuid": "5cf9029e-5524-4915-a649-4d3d950d210f"
|
||
|
}
|
||
|
],
|
||
|
"Attribute": [
|
||
|
{
|
||
|
"category": "Payload delivery",
|
||
|
"comment": "303F1428C3F",
|
||
|
"deleted": false,
|
||
|
"disable_correlation": false,
|
||
|
"object_relation": "md5",
|
||
|
"timestamp": "1559822908",
|
||
|
"to_ids": true,
|
||
|
"type": "md5",
|
||
|
"uuid": "c9e41f8f-2687-4c55-805f-cccb7ab96173",
|
||
|
"value": "eb561d46c6283c632df88bd20ade6df4"
|
||
|
},
|
||
|
{
|
||
|
"category": "Payload delivery",
|
||
|
"comment": "303F1428C3F",
|
||
|
"deleted": false,
|
||
|
"disable_correlation": false,
|
||
|
"object_relation": "sha1",
|
||
|
"timestamp": "1559822908",
|
||
|
"to_ids": true,
|
||
|
"type": "sha1",
|
||
|
"uuid": "84d340a3-08e3-4683-9078-2a905d5a905b",
|
||
|
"value": "1313dadf5e3a1dc414798dc746e32509766dcd70"
|
||
|
},
|
||
|
{
|
||
|
"category": "Payload delivery",
|
||
|
"comment": "303F1428C3F",
|
||
|
"deleted": false,
|
||
|
"disable_correlation": false,
|
||
|
"object_relation": "sha256",
|
||
|
"timestamp": "1559822908",
|
||
|
"to_ids": true,
|
||
|
"type": "sha256",
|
||
|
"uuid": "3dcccf42-ece0-4aa1-8cb5-a2a479273f8c",
|
||
|
"value": "2169cc5e019acf1825025603651055481fb0dc82927a371016efc974634b784c"
|
||
|
}
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"comment": "",
|
||
|
"deleted": false,
|
||
|
"description": "VirusTotal report",
|
||
|
"meta-category": "misc",
|
||
|
"name": "virustotal-report",
|
||
|
"template_uuid": "d7dd0154-e04f-4c34-a2fb-79f3a3a52aa4",
|
||
|
"template_version": "2",
|
||
|
"timestamp": "1559823003",
|
||
|
"uuid": "dce4a646-5ab4-4c54-88ea-a2c5a6683155",
|
||
|
"Attribute": [
|
||
|
{
|
||
|
"category": "Other",
|
||
|
"comment": "303F1428C3F",
|
||
|
"deleted": false,
|
||
|
"disable_correlation": false,
|
||
|
"object_relation": "last-submission",
|
||
|
"timestamp": "1559822908",
|
||
|
"to_ids": false,
|
||
|
"type": "datetime",
|
||
|
"uuid": "6d0b1b34-a70f-4b78-bca5-40357670d29a",
|
||
|
"value": "2019-06-06T10:01:38"
|
||
|
},
|
||
|
{
|
||
|
"category": "Payload delivery",
|
||
|
"comment": "303F1428C3F",
|
||
|
"deleted": false,
|
||
|
"disable_correlation": false,
|
||
|
"object_relation": "permalink",
|
||
|
"timestamp": "1559822908",
|
||
|
"to_ids": false,
|
||
|
"type": "link",
|
||
|
"uuid": "54560188-5647-47cb-800a-54622b884041",
|
||
|
"value": "https://www.virustotal.com/file/2169cc5e019acf1825025603651055481fb0dc82927a371016efc974634b784c/analysis/1559815298/"
|
||
|
},
|
||
|
{
|
||
|
"category": "Payload delivery",
|
||
|
"comment": "303F1428C3F",
|
||
|
"deleted": false,
|
||
|
"disable_correlation": true,
|
||
|
"object_relation": "detection-ratio",
|
||
|
"timestamp": "1559822908",
|
||
|
"to_ids": false,
|
||
|
"type": "text",
|
||
|
"uuid": "a04712ac-3b5c-4576-ab6d-bfae097f9fc3",
|
||
|
"value": "22/59"
|
||
|
}
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"comment": "",
|
||
|
"deleted": false,
|
||
|
"description": "File object describing a file with meta-information",
|
||
|
"meta-category": "file",
|
||
|
"name": "file",
|
||
|
"template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215",
|
||
|
"template_version": "17",
|
||
|
"timestamp": "1559823004",
|
||
|
"uuid": "d92702b0-6916-4c5b-a9d7-e035ed8a604a",
|
||
|
"ObjectReference": [
|
||
|
{
|
||
|
"comment": "",
|
||
|
"object_uuid": "d92702b0-6916-4c5b-a9d7-e035ed8a604a",
|
||
|
"referenced_uuid": "9660acc8-ba12-424d-8085-21d4eb1aae63",
|
||
|
"relationship_type": "analysed-with",
|
||
|
"timestamp": "1559823006",
|
||
|
"uuid": "5cf9029e-8314-416c-bc6e-4c5a950d210f"
|
||
|
}
|
||
|
],
|
||
|
"Attribute": [
|
||
|
{
|
||
|
"category": "Payload delivery",
|
||
|
"comment": "psexesvc.exe",
|
||
|
"deleted": false,
|
||
|
"disable_correlation": false,
|
||
|
"object_relation": "md5",
|
||
|
"timestamp": "1559822908",
|
||
|
"to_ids": true,
|
||
|
"type": "md5",
|
||
|
"uuid": "9903aa0b-355d-47b8-b774-7b8da189791e",
|
||
|
"value": "a7f7a0f74c8b48f1699858b3b6c11eda"
|
||
|
},
|
||
|
{
|
||
|
"category": "Payload delivery",
|
||
|
"comment": "psexesvc.exe",
|
||
|
"deleted": false,
|
||
|
"disable_correlation": false,
|
||
|
"object_relation": "sha1",
|
||
|
"timestamp": "1559822908",
|
||
|
"to_ids": true,
|
||
|
"type": "sha1",
|
||
|
"uuid": "c2e77482-a92a-4ed2-a2aa-33e78ebe0b41",
|
||
|
"value": "b5c62d79eda4f7e4b60a9caa5736a3fdc2f1b27e"
|
||
|
},
|
||
|
{
|
||
|
"category": "Payload delivery",
|
||
|
"comment": "psexesvc.exe",
|
||
|
"deleted": false,
|
||
|
"disable_correlation": false,
|
||
|
"object_relation": "sha256",
|
||
|
"timestamp": "1559822908",
|
||
|
"to_ids": true,
|
||
|
"type": "sha256",
|
||
|
"uuid": "3f40f40a-5cee-4d21-a2af-bcc60617f2bf",
|
||
|
"value": "3b08535b4add194f5661e1131c8e81af373ca322cf669674cf1272095e5cab95"
|
||
|
}
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"comment": "",
|
||
|
"deleted": false,
|
||
|
"description": "VirusTotal report",
|
||
|
"meta-category": "misc",
|
||
|
"name": "virustotal-report",
|
||
|
"template_uuid": "d7dd0154-e04f-4c34-a2fb-79f3a3a52aa4",
|
||
|
"template_version": "2",
|
||
|
"timestamp": "1559823004",
|
||
|
"uuid": "9660acc8-ba12-424d-8085-21d4eb1aae63",
|
||
|
"Attribute": [
|
||
|
{
|
||
|
"category": "Other",
|
||
|
"comment": "psexesvc.exe",
|
||
|
"deleted": false,
|
||
|
"disable_correlation": false,
|
||
|
"object_relation": "last-submission",
|
||
|
"timestamp": "1559822908",
|
||
|
"to_ids": false,
|
||
|
"type": "datetime",
|
||
|
"uuid": "4c862820-246b-42f4-be45-74f6e17253cd",
|
||
|
"value": "2019-06-06T00:08:36"
|
||
|
},
|
||
|
{
|
||
|
"category": "Payload delivery",
|
||
|
"comment": "psexesvc.exe",
|
||
|
"deleted": false,
|
||
|
"disable_correlation": false,
|
||
|
"object_relation": "permalink",
|
||
|
"timestamp": "1559822908",
|
||
|
"to_ids": false,
|
||
|
"type": "link",
|
||
|
"uuid": "983fc4e8-8c61-4b03-b5de-c41a52edc523",
|
||
|
"value": "https://www.virustotal.com/file/3b08535b4add194f5661e1131c8e81af373ca322cf669674cf1272095e5cab95/analysis/1559779716/"
|
||
|
},
|
||
|
{
|
||
|
"category": "Payload delivery",
|
||
|
"comment": "psexesvc.exe",
|
||
|
"deleted": false,
|
||
|
"disable_correlation": true,
|
||
|
"object_relation": "detection-ratio",
|
||
|
"timestamp": "1559822908",
|
||
|
"to_ids": false,
|
||
|
"type": "text",
|
||
|
"uuid": "975d0ecd-96f1-4945-a935-c9cbaf9487ec",
|
||
|
"value": "1/73"
|
||
|
}
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"comment": "",
|
||
|
"deleted": false,
|
||
|
"description": "File object describing a file with meta-information",
|
||
|
"meta-category": "file",
|
||
|
"name": "file",
|
||
|
"template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215",
|
||
|
"template_version": "17",
|
||
|
"timestamp": "1559823004",
|
||
|
"uuid": "a0bddce4-2ca6-457b-bce3-61b9599ce66c",
|
||
|
"ObjectReference": [
|
||
|
{
|
||
|
"comment": "",
|
||
|
"object_uuid": "a0bddce4-2ca6-457b-bce3-61b9599ce66c",
|
||
|
"referenced_uuid": "76b07ec6-98ae-4501-a62f-d2e22a7d9152",
|
||
|
"relationship_type": "analysed-with",
|
||
|
"timestamp": "1559823007",
|
||
|
"uuid": "5cf9029f-a658-47ec-a8e3-4e0a950d210f"
|
||
|
}
|
||
|
],
|
||
|
"Attribute": [
|
||
|
{
|
||
|
"category": "Payload delivery",
|
||
|
"comment": "netscan.exe",
|
||
|
"deleted": false,
|
||
|
"disable_correlation": false,
|
||
|
"object_relation": "md5",
|
||
|
"timestamp": "1559822908",
|
||
|
"to_ids": true,
|
||
|
"type": "md5",
|
||
|
"uuid": "9f981d00-c2fb-4043-8b23-04716814bf0e",
|
||
|
"value": "1e94f1fdf5ace5e57d8b7832ea2da22e"
|
||
|
},
|
||
|
{
|
||
|
"category": "Payload delivery",
|
||
|
"comment": "netscan.exe",
|
||
|
"deleted": false,
|
||
|
"disable_correlation": false,
|
||
|
"object_relation": "sha1",
|
||
|
"timestamp": "1559822908",
|
||
|
"to_ids": true,
|
||
|
"type": "sha1",
|
||
|
"uuid": "680e6a3a-da6a-4019-9e49-5189467e4407",
|
||
|
"value": "f03ca4748433d0e1067ae05fcd2e1abec5e0c5e0"
|
||
|
},
|
||
|
{
|
||
|
"category": "Payload delivery",
|
||
|
"comment": "netscan.exe",
|
||
|
"deleted": false,
|
||
|
"disable_correlation": false,
|
||
|
"object_relation": "sha256",
|
||
|
"timestamp": "1559822908",
|
||
|
"to_ids": true,
|
||
|
"type": "sha256",
|
||
|
"uuid": "ca1d56f3-176e-4c28-899a-9675a4de7c4e",
|
||
|
"value": "08ecf6450d83904a15674148b78b531b930b658a401cd193c0fa91f29cde5ca8"
|
||
|
}
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"comment": "",
|
||
|
"deleted": false,
|
||
|
"description": "VirusTotal report",
|
||
|
"meta-category": "misc",
|
||
|
"name": "virustotal-report",
|
||
|
"template_uuid": "d7dd0154-e04f-4c34-a2fb-79f3a3a52aa4",
|
||
|
"template_version": "2",
|
||
|
"timestamp": "1559823004",
|
||
|
"uuid": "76b07ec6-98ae-4501-a62f-d2e22a7d9152",
|
||
|
"Attribute": [
|
||
|
{
|
||
|
"category": "Other",
|
||
|
"comment": "netscan.exe",
|
||
|
"deleted": false,
|
||
|
"disable_correlation": false,
|
||
|
"object_relation": "last-submission",
|
||
|
"timestamp": "1559822908",
|
||
|
"to_ids": false,
|
||
|
"type": "datetime",
|
||
|
"uuid": "a9f7e2da-7733-4985-83a4-3e4b6119061e",
|
||
|
"value": "2019-06-05T16:39:07"
|
||
|
},
|
||
|
{
|
||
|
"category": "Payload delivery",
|
||
|
"comment": "netscan.exe",
|
||
|
"deleted": false,
|
||
|
"disable_correlation": false,
|
||
|
"object_relation": "permalink",
|
||
|
"timestamp": "1559822908",
|
||
|
"to_ids": false,
|
||
|
"type": "link",
|
||
|
"uuid": "577a9a9d-aa41-48a8-956b-4ff92654ceb7",
|
||
|
"value": "https://www.virustotal.com/file/08ecf6450d83904a15674148b78b531b930b658a401cd193c0fa91f29cde5ca8/analysis/1559752747/"
|
||
|
},
|
||
|
{
|
||
|
"category": "Payload delivery",
|
||
|
"comment": "netscan.exe",
|
||
|
"deleted": false,
|
||
|
"disable_correlation": true,
|
||
|
"object_relation": "detection-ratio",
|
||
|
"timestamp": "1559822908",
|
||
|
"to_ids": false,
|
||
|
"type": "text",
|
||
|
"uuid": "13c7acd4-b4da-4f21-b684-231919426afd",
|
||
|
"value": "0/73"
|
||
|
}
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"comment": "",
|
||
|
"deleted": false,
|
||
|
"description": "File object describing a file with meta-information",
|
||
|
"meta-category": "file",
|
||
|
"name": "file",
|
||
|
"template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215",
|
||
|
"template_version": "17",
|
||
|
"timestamp": "1559823004",
|
||
|
"uuid": "4954412e-840b-4d4f-8489-6cb21726714b",
|
||
|
"ObjectReference": [
|
||
|
{
|
||
|
"comment": "",
|
||
|
"object_uuid": "4954412e-840b-4d4f-8489-6cb21726714b",
|
||
|
"referenced_uuid": "161cae50-743b-45ad-a792-d2570dc1e75f",
|
||
|
"relationship_type": "analysed-with",
|
||
|
"timestamp": "1559823007",
|
||
|
"uuid": "5cf9029f-68fc-46cf-86d5-4761950d210f"
|
||
|
}
|
||
|
],
|
||
|
"Attribute": [
|
||
|
{
|
||
|
"category": "Payload delivery",
|
||
|
"comment": "smrs.exe",
|
||
|
"deleted": false,
|
||
|
"disable_correlation": false,
|
||
|
"object_relation": "md5",
|
||
|
"timestamp": "1559822907",
|
||
|
"to_ids": true,
|
||
|
"type": "md5",
|
||
|
"uuid": "d730db19-b6d4-47fb-aeb5-a614e2903498",
|
||
|
"value": "d68351f754a508a386c06946c8e79088"
|
||
|
},
|
||
|
{
|
||
|
"category": "Payload delivery",
|
||
|
"comment": "smrs.exe",
|
||
|
"deleted": false,
|
||
|
"disable_correlation": false,
|
||
|
"object_relation": "sha1",
|
||
|
"timestamp": "1559822907",
|
||
|
"to_ids": true,
|
||
|
"type": "sha1",
|
||
|
"uuid": "d8722bb1-356b-45ae-bbb2-5016cfc1fc39",
|
||
|
"value": "dcb3231b004c2fbfc2a74c4c64b130210ca5103b"
|
||
|
},
|
||
|
{
|
||
|
"category": "Payload delivery",
|
||
|
"comment": "smrs.exe",
|
||
|
"deleted": false,
|
||
|
"disable_correlation": false,
|
||
|
"object_relation": "sha256",
|
||
|
"timestamp": "1559822907",
|
||
|
"to_ids": true,
|
||
|
"type": "sha256",
|
||
|
"uuid": "c7c36334-3d8c-4a8c-9836-7f7a1265b752",
|
||
|
"value": "6b47df30b5773c35e77204d7a8e49777aea489876d48de455fd533ae27da668b"
|
||
|
}
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"comment": "",
|
||
|
"deleted": false,
|
||
|
"description": "VirusTotal report",
|
||
|
"meta-category": "misc",
|
||
|
"name": "virustotal-report",
|
||
|
"template_uuid": "d7dd0154-e04f-4c34-a2fb-79f3a3a52aa4",
|
||
|
"template_version": "2",
|
||
|
"timestamp": "1559823004",
|
||
|
"uuid": "161cae50-743b-45ad-a792-d2570dc1e75f",
|
||
|
"Attribute": [
|
||
|
{
|
||
|
"category": "Other",
|
||
|
"comment": "smrs.exe",
|
||
|
"deleted": false,
|
||
|
"disable_correlation": false,
|
||
|
"object_relation": "last-submission",
|
||
|
"timestamp": "1559822907",
|
||
|
"to_ids": false,
|
||
|
"type": "datetime",
|
||
|
"uuid": "761a3d84-fe38-4cd0-95e2-861dedb0b0b4",
|
||
|
"value": "2019-06-05T16:39:27"
|
||
|
},
|
||
|
{
|
||
|
"category": "Payload delivery",
|
||
|
"comment": "smrs.exe",
|
||
|
"deleted": false,
|
||
|
"disable_correlation": false,
|
||
|
"object_relation": "permalink",
|
||
|
"timestamp": "1559822907",
|
||
|
"to_ids": false,
|
||
|
"type": "link",
|
||
|
"uuid": "14ee7223-8496-41eb-886f-c781abc2609e",
|
||
|
"value": "https://www.virustotal.com/file/6b47df30b5773c35e77204d7a8e49777aea489876d48de455fd533ae27da668b/analysis/1559752767/"
|
||
|
},
|
||
|
{
|
||
|
"category": "Payload delivery",
|
||
|
"comment": "smrs.exe",
|
||
|
"deleted": false,
|
||
|
"disable_correlation": true,
|
||
|
"object_relation": "detection-ratio",
|
||
|
"timestamp": "1559822907",
|
||
|
"to_ids": false,
|
||
|
"type": "text",
|
||
|
"uuid": "5e9898a2-d06d-47b5-b3b6-7033867044a2",
|
||
|
"value": "47/74"
|
||
|
}
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"comment": "",
|
||
|
"deleted": false,
|
||
|
"description": "File object describing a file with meta-information",
|
||
|
"meta-category": "file",
|
||
|
"name": "file",
|
||
|
"template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215",
|
||
|
"template_version": "17",
|
||
|
"timestamp": "1559823004",
|
||
|
"uuid": "7e91b7fe-21de-467e-8896-aec026eb81b6",
|
||
|
"ObjectReference": [
|
||
|
{
|
||
|
"comment": "",
|
||
|
"object_uuid": "7e91b7fe-21de-467e-8896-aec026eb81b6",
|
||
|
"referenced_uuid": "4fe9f431-3164-4395-9430-6836d9203a7a",
|
||
|
"relationship_type": "analysed-with",
|
||
|
"timestamp": "1559823007",
|
||
|
"uuid": "5cf9029f-a518-4b10-ba5a-4d8d950d210f"
|
||
|
}
|
||
|
],
|
||
|
"Attribute": [
|
||
|
{
|
||
|
"category": "Payload delivery",
|
||
|
"comment": "cqHfjCkTtMwG.doc",
|
||
|
"deleted": false,
|
||
|
"disable_correlation": false,
|
||
|
"object_relation": "md5",
|
||
|
"timestamp": "1559822908",
|
||
|
"to_ids": true,
|
||
|
"type": "md5",
|
||
|
"uuid": "7e57832a-e8d6-4a92-902b-d4393a10b5ee",
|
||
|
"value": "c2a9443aac258a60d8cace43e839cf9f"
|
||
|
},
|
||
|
{
|
||
|
"category": "Payload delivery",
|
||
|
"comment": "cqHfjCkTtMwG.doc",
|
||
|
"deleted": false,
|
||
|
"disable_correlation": false,
|
||
|
"object_relation": "sha1",
|
||
|
"timestamp": "1559822908",
|
||
|
"to_ids": true,
|
||
|
"type": "sha1",
|
||
|
"uuid": "bdab64e7-c903-44e4-9764-d4f1cdf71e36",
|
||
|
"value": "fa1340e1a9aea1fceb4b5c1b015029476c26b985"
|
||
|
},
|
||
|
{
|
||
|
"category": "Payload delivery",
|
||
|
"comment": "cqHfjCkTtMwG.doc",
|
||
|
"deleted": false,
|
||
|
"disable_correlation": false,
|
||
|
"object_relation": "sha256",
|
||
|
"timestamp": "1559822908",
|
||
|
"to_ids": true,
|
||
|
"type": "sha256",
|
||
|
"uuid": "3ba74b82-3dbe-48cd-b780-e481d4906231",
|
||
|
"value": "1c56f98778fb741ef2a8f050070f2d8c33f05ce8e3f069ae131060c70c4e2e3d"
|
||
|
}
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"comment": "",
|
||
|
"deleted": false,
|
||
|
"description": "VirusTotal report",
|
||
|
"meta-category": "misc",
|
||
|
"name": "virustotal-report",
|
||
|
"template_uuid": "d7dd0154-e04f-4c34-a2fb-79f3a3a52aa4",
|
||
|
"template_version": "2",
|
||
|
"timestamp": "1559823005",
|
||
|
"uuid": "4fe9f431-3164-4395-9430-6836d9203a7a",
|
||
|
"Attribute": [
|
||
|
{
|
||
|
"category": "Other",
|
||
|
"comment": "cqHfjCkTtMwG.doc",
|
||
|
"deleted": false,
|
||
|
"disable_correlation": false,
|
||
|
"object_relation": "last-submission",
|
||
|
"timestamp": "1559822908",
|
||
|
"to_ids": false,
|
||
|
"type": "datetime",
|
||
|
"uuid": "033b37c1-c433-462b-b3e1-9a6c4c558718",
|
||
|
"value": "2019-06-04T12:12:15"
|
||
|
},
|
||
|
{
|
||
|
"category": "Payload delivery",
|
||
|
"comment": "cqHfjCkTtMwG.doc",
|
||
|
"deleted": false,
|
||
|
"disable_correlation": false,
|
||
|
"object_relation": "permalink",
|
||
|
"timestamp": "1559822908",
|
||
|
"to_ids": false,
|
||
|
"type": "link",
|
||
|
"uuid": "df393102-f192-4bc5-b474-8b2882101f43",
|
||
|
"value": "https://www.virustotal.com/file/1c56f98778fb741ef2a8f050070f2d8c33f05ce8e3f069ae131060c70c4e2e3d/analysis/1559650335/"
|
||
|
},
|
||
|
{
|
||
|
"category": "Payload delivery",
|
||
|
"comment": "cqHfjCkTtMwG.doc",
|
||
|
"deleted": false,
|
||
|
"disable_correlation": true,
|
||
|
"object_relation": "detection-ratio",
|
||
|
"timestamp": "1559822908",
|
||
|
"to_ids": false,
|
||
|
"type": "text",
|
||
|
"uuid": "198ebd11-937c-49ab-bc7b-ddf56fa2ff89",
|
||
|
"value": "0/59"
|
||
|
}
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"comment": "",
|
||
|
"deleted": false,
|
||
|
"description": "File object describing a file with meta-information",
|
||
|
"meta-category": "file",
|
||
|
"name": "file",
|
||
|
"template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215",
|
||
|
"template_version": "17",
|
||
|
"timestamp": "1559823005",
|
||
|
"uuid": "401965ce-213d-4b3c-8adc-827b3b088b7d",
|
||
|
"ObjectReference": [
|
||
|
{
|
||
|
"comment": "",
|
||
|
"object_uuid": "401965ce-213d-4b3c-8adc-827b3b088b7d",
|
||
|
"referenced_uuid": "5a645eb9-b060-42a4-9edc-f0dcc184e949",
|
||
|
"relationship_type": "analysed-with",
|
||
|
"timestamp": "1559823007",
|
||
|
"uuid": "5cf9029f-b8e0-4a9a-a554-4ecf950d210f"
|
||
|
}
|
||
|
],
|
||
|
"Attribute": [
|
||
|
{
|
||
|
"category": "Payload delivery",
|
||
|
"comment": "netscan.exe",
|
||
|
"deleted": false,
|
||
|
"disable_correlation": false,
|
||
|
"object_relation": "md5",
|
||
|
"timestamp": "1559822908",
|
||
|
"to_ids": true,
|
||
|
"type": "md5",
|
||
|
"uuid": "63ed8977-da19-4316-9021-8d2707f7e5b5",
|
||
|
"value": "e7aa5608c81ba4fcd8d166501b90fc06"
|
||
|
},
|
||
|
{
|
||
|
"category": "Payload delivery",
|
||
|
"comment": "netscan.exe",
|
||
|
"deleted": false,
|
||
|
"disable_correlation": false,
|
||
|
"object_relation": "sha1",
|
||
|
"timestamp": "1559822908",
|
||
|
"to_ids": true,
|
||
|
"type": "sha1",
|
||
|
"uuid": "e0ed5893-e9ac-438f-b9a5-b2ae59ecb5c0",
|
||
|
"value": "5c714fda5b78726541301672a44eaf886728f88c"
|
||
|
},
|
||
|
{
|
||
|
"category": "Payload delivery",
|
||
|
"comment": "netscan.exe",
|
||
|
"deleted": false,
|
||
|
"disable_correlation": false,
|
||
|
"object_relation": "sha256",
|
||
|
"timestamp": "1559822908",
|
||
|
"to_ids": true,
|
||
|
"type": "sha256",
|
||
|
"uuid": "39f1c247-e180-4586-97fc-c0d46ef81988",
|
||
|
"value": "5748bfb17e662fb6d197886a69df47f1071052c3381eb1c609a2bc5dba8c2992"
|
||
|
}
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"comment": "",
|
||
|
"deleted": false,
|
||
|
"description": "VirusTotal report",
|
||
|
"meta-category": "misc",
|
||
|
"name": "virustotal-report",
|
||
|
"template_uuid": "d7dd0154-e04f-4c34-a2fb-79f3a3a52aa4",
|
||
|
"template_version": "2",
|
||
|
"timestamp": "1559823005",
|
||
|
"uuid": "5a645eb9-b060-42a4-9edc-f0dcc184e949",
|
||
|
"Attribute": [
|
||
|
{
|
||
|
"category": "Other",
|
||
|
"comment": "netscan.exe",
|
||
|
"deleted": false,
|
||
|
"disable_correlation": false,
|
||
|
"object_relation": "last-submission",
|
||
|
"timestamp": "1559822908",
|
||
|
"to_ids": false,
|
||
|
"type": "datetime",
|
||
|
"uuid": "5339b7e7-46f7-4c42-9ef6-db60704d36f8",
|
||
|
"value": "2019-06-05T16:39:24"
|
||
|
},
|
||
|
{
|
||
|
"category": "Payload delivery",
|
||
|
"comment": "netscan.exe",
|
||
|
"deleted": false,
|
||
|
"disable_correlation": false,
|
||
|
"object_relation": "permalink",
|
||
|
"timestamp": "1559822908",
|
||
|
"to_ids": false,
|
||
|
"type": "link",
|
||
|
"uuid": "49a26e6b-b3b6-4676-9bb2-be3ada41ef7c",
|
||
|
"value": "https://www.virustotal.com/file/5748bfb17e662fb6d197886a69df47f1071052c3381eb1c609a2bc5dba8c2992/analysis/1559752764/"
|
||
|
},
|
||
|
{
|
||
|
"category": "Payload delivery",
|
||
|
"comment": "netscan.exe",
|
||
|
"deleted": false,
|
||
|
"disable_correlation": true,
|
||
|
"object_relation": "detection-ratio",
|
||
|
"timestamp": "1559822908",
|
||
|
"to_ids": false,
|
||
|
"type": "text",
|
||
|
"uuid": "101ab576-3119-445d-9166-c808284d63c2",
|
||
|
"value": "1/74"
|
||
|
}
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"comment": "",
|
||
|
"deleted": false,
|
||
|
"description": "File object describing a file with meta-information",
|
||
|
"meta-category": "file",
|
||
|
"name": "file",
|
||
|
"template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215",
|
||
|
"template_version": "17",
|
||
|
"timestamp": "1559823005",
|
||
|
"uuid": "06a3f94e-a2d3-4af6-8942-eec7ad961249",
|
||
|
"ObjectReference": [
|
||
|
{
|
||
|
"comment": "",
|
||
|
"object_uuid": "06a3f94e-a2d3-4af6-8942-eec7ad961249",
|
||
|
"referenced_uuid": "be23a287-3e5a-4a11-9869-f4b80896c730",
|
||
|
"relationship_type": "analysed-with",
|
||
|
"timestamp": "1559823007",
|
||
|
"uuid": "5cf9029f-3b0c-4b97-9ed6-44b7950d210f"
|
||
|
}
|
||
|
],
|
||
|
"Attribute": [
|
||
|
{
|
||
|
"category": "Payload delivery",
|
||
|
"comment": "9D01CA.txt",
|
||
|
"deleted": false,
|
||
|
"disable_correlation": false,
|
||
|
"object_relation": "md5",
|
||
|
"timestamp": "1559822908",
|
||
|
"to_ids": true,
|
||
|
"type": "md5",
|
||
|
"uuid": "0bbdbb84-946f-4531-8bc0-b0fa249536eb",
|
||
|
"value": "bbaee5d936a3809f46fd409b8442f753"
|
||
|
},
|
||
|
{
|
||
|
"category": "Payload delivery",
|
||
|
"comment": "9D01CA.txt",
|
||
|
"deleted": false,
|
||
|
"disable_correlation": false,
|
||
|
"object_relation": "sha1",
|
||
|
"timestamp": "1559822908",
|
||
|
"to_ids": true,
|
||
|
"type": "sha1",
|
||
|
"uuid": "d58f2aa6-2000-42d7-b345-112dd46c6688",
|
||
|
"value": "a59d5a1e78b2db7405cd2182aca80d4d932bc792"
|
||
|
},
|
||
|
{
|
||
|
"category": "Payload delivery",
|
||
|
"comment": "9D01CA.txt",
|
||
|
"deleted": false,
|
||
|
"disable_correlation": false,
|
||
|
"object_relation": "sha256",
|
||
|
"timestamp": "1559822908",
|
||
|
"to_ids": true,
|
||
|
"type": "sha256",
|
||
|
"uuid": "e485a56b-17f2-4560-8534-8d1d3d3cd78f",
|
||
|
"value": "41978d7c5a1bb909f1f0f4db0c927f98fb67b3dcf61907f0404418510e1eabff"
|
||
|
}
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"comment": "",
|
||
|
"deleted": false,
|
||
|
"description": "VirusTotal report",
|
||
|
"meta-category": "misc",
|
||
|
"name": "virustotal-report",
|
||
|
"template_uuid": "d7dd0154-e04f-4c34-a2fb-79f3a3a52aa4",
|
||
|
"template_version": "2",
|
||
|
"timestamp": "1559823005",
|
||
|
"uuid": "be23a287-3e5a-4a11-9869-f4b80896c730",
|
||
|
"Attribute": [
|
||
|
{
|
||
|
"category": "Other",
|
||
|
"comment": "9D01CA.txt",
|
||
|
"deleted": false,
|
||
|
"disable_correlation": false,
|
||
|
"object_relation": "last-submission",
|
||
|
"timestamp": "1559822908",
|
||
|
"to_ids": false,
|
||
|
"type": "datetime",
|
||
|
"uuid": "77ec3ffb-528d-44ad-a9d8-f2168c9fd9c6",
|
||
|
"value": "2019-06-05T18:36:14"
|
||
|
},
|
||
|
{
|
||
|
"category": "Payload delivery",
|
||
|
"comment": "9D01CA.txt",
|
||
|
"deleted": false,
|
||
|
"disable_correlation": false,
|
||
|
"object_relation": "permalink",
|
||
|
"timestamp": "1559822908",
|
||
|
"to_ids": false,
|
||
|
"type": "link",
|
||
|
"uuid": "c57d774a-98bc-4946-86ed-67b2a1b85334",
|
||
|
"value": "https://www.virustotal.com/file/41978d7c5a1bb909f1f0f4db0c927f98fb67b3dcf61907f0404418510e1eabff/analysis/1559759774/"
|
||
|
},
|
||
|
{
|
||
|
"category": "Payload delivery",
|
||
|
"comment": "9D01CA.txt",
|
||
|
"deleted": false,
|
||
|
"disable_correlation": true,
|
||
|
"object_relation": "detection-ratio",
|
||
|
"timestamp": "1559822908",
|
||
|
"to_ids": false,
|
||
|
"type": "text",
|
||
|
"uuid": "d244f0ab-f2f0-4b6b-88fe-35a4c8dd7b80",
|
||
|
"value": "19/57"
|
||
|
}
|
||
|
]
|
||
|
}
|
||
|
]
|
||
|
}
|
||
|
}
|