misp-circl-feed/feeds/circl/misp/5d0c8dcc-eae0-4020-b1d0-5526950d210f.json

921 lines
32 KiB
JSON
Raw Normal View History

2023-04-21 13:25:09 +00:00
{
"Event": {
"analysis": "2",
"date": "2019-06-17",
"extends_uuid": "",
"info": "OSINT - Hide \u00e2\u20ac\u02dcN Seek Botnet Updates Arsenal with Exploits Against Nexus Repository Manager & ThinkPHP",
"publish_timestamp": "1561132409",
"published": true,
"threat_level_id": "3",
"timestamp": "1561132394",
"uuid": "5d0c8dcc-eae0-4020-b1d0-5526950d210f",
"Orgc": {
"name": "CIRCL",
"uuid": "55f6ea5e-2c60-40e5-964f-47a8950d210f"
},
"Tag": [
{
"colour": "#0088cc",
"name": "misp-galaxy:botnet=\"Hide and Seek\""
},
{
"colour": "#0088cc",
"name": "misp-galaxy:malpedia=\"Hide and Seek\""
},
{
"colour": "#004646",
"name": "type:OSINT"
},
{
"colour": "#0071c3",
"name": "osint:lifetime=\"perpetual\""
},
{
"colour": "#0087e8",
"name": "osint:certainty=\"50\""
},
{
"colour": "#ffffff",
"name": "tlp:white"
},
{
"colour": "#22681c",
"name": "\tmalware_classification:malware-category=\"Botnet\""
}
],
"Attribute": [
{
"category": "External analysis",
"comment": "",
"deleted": false,
"disable_correlation": false,
"timestamp": "1561106436",
"to_ids": false,
"type": "text",
"uuid": "5d0c9804-7248-45ae-ab57-47fa950d210f",
"value": "The Hide \u00e2\u20ac\u02dcN Seek botnet was first discovered in January 2018 and is known for its unique use of Peer-to-Peer communication between bots.\r\n\r\nSince its discovery, the malware family has seen a couple of upgrades, from the addition of persistence and new exploits, to targeting Android devices via the Android Debug Bridge (ADB).\r\n\r\nThis post details a variant of the family first seen on the 21st of February 2019, incorporating two new exploits \u00e2\u20ac\u201c CVE-2018-20062 which targets ThinkPHP installations, and CVE-2019-7238, a Remote Code Execution (RCE) vulnerability in Sonatype Nexus Repository Manager (NXRM) 3 software installations.\r\n\r\nWhile the ThinkPHP exploit has already been seen employed by several Mirai variants, the only other instance of the CVE-2019-7238 vulnerability being exploited in the wild has been by the DDG botnet. Our research, outlined below, shows that the Hide \u00e2\u20ac\u02dcN Seek botnet incorporated this exploit back in February 2019, even before the DDG botnet."
},
{
"category": "External analysis",
"comment": "",
"deleted": false,
"disable_correlation": false,
"timestamp": "1561107995",
"to_ids": false,
"type": "link",
"uuid": "5d0c9e1b-623c-4552-9a6c-41e1950d210f",
"value": "https://unit42.paloaltonetworks.com/hide-n-seek-botnet-updates-arsenal-with-exploits-against-nexus-repository-manager-thinkphp/"
}
],
"Object": [
{
"comment": "",
"deleted": false,
"description": "File object describing a file with meta-information",
"meta-category": "file",
"name": "file",
"template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215",
"template_version": "17",
"timestamp": "1561112162",
"uuid": "5d0cae62-69cc-495e-932c-478e950d210f",
"Attribute": [
{
"category": "Payload delivery",
"comment": "",
"deleted": false,
"disable_correlation": false,
"object_relation": "sha256",
"timestamp": "1561112162",
"to_ids": true,
"type": "sha256",
"uuid": "5d0cae62-65d0-453e-b1f9-4604950d210f",
"value": "49495c9aa08d7859fec1f99f487560b59d8a8914811746181e4e7edbee85341f"
}
]
},
{
"comment": "",
"deleted": false,
"description": "File object describing a file with meta-information",
"meta-category": "file",
"name": "file",
"template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215",
"template_version": "17",
"timestamp": "1561112184",
"uuid": "5d0cae78-e888-4c47-b54e-42b5950d210f",
"Attribute": [
{
"category": "Payload delivery",
"comment": "",
"deleted": false,
"disable_correlation": false,
"object_relation": "sha256",
"timestamp": "1561112184",
"to_ids": true,
"type": "sha256",
"uuid": "5d0cae78-f5ec-409b-bccd-45c3950d210f",
"value": "d068e8f781879774f0bcc1f2a116211d41194b67024fe45966c8272a8038a7a1"
}
]
},
{
"comment": "",
"deleted": false,
"description": "File object describing a file with meta-information",
"meta-category": "file",
"name": "file",
"template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215",
"template_version": "17",
"timestamp": "1561112390",
"uuid": "5d0caf46-8778-4c85-b528-41cf950d210f",
"Attribute": [
{
"category": "Payload delivery",
"comment": "",
"deleted": false,
"disable_correlation": false,
"object_relation": "sha256",
"timestamp": "1561112390",
"to_ids": true,
"type": "sha256",
"uuid": "5d0caf46-08d4-444f-b7e4-4dbd950d210f",
"value": "1583fd1c6607b77f51411c4ad7c9225324fd1b069645062a348cd885de0ac382"
}
]
},
{
"comment": "",
"deleted": false,
"description": "File object describing a file with meta-information",
"meta-category": "file",
"name": "file",
"template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215",
"template_version": "17",
"timestamp": "1561113057",
"uuid": "5d0cb1e1-86b0-4d8c-8c6b-4283950d210f",
"Attribute": [
{
"category": "Payload delivery",
"comment": "",
"deleted": false,
"disable_correlation": false,
"object_relation": "sha256",
"timestamp": "1561113057",
"to_ids": true,
"type": "sha256",
"uuid": "5d0cb1e1-9448-4b04-8d83-4ba5950d210f",
"value": "c082c39e595c7f23c04ce0d6597657d6e649585d5da49b5bd896e664b712e60d"
}
]
},
{
"comment": "",
"deleted": false,
"description": "File object describing a file with meta-information",
"meta-category": "file",
"name": "file",
"template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215",
"template_version": "17",
"timestamp": "1561113085",
"uuid": "5d0cb1fd-b8a8-44a1-bde0-4b6e950d210f",
"Attribute": [
{
"category": "Payload delivery",
"comment": "",
"deleted": false,
"disable_correlation": false,
"object_relation": "sha256",
"timestamp": "1561113085",
"to_ids": true,
"type": "sha256",
"uuid": "5d0cb1fd-1ae4-4ccc-9499-4fad950d210f",
"value": "0b05202f4da9bbe1af1811707a76544453282c4f3c0ac9b353759c86742f4369"
}
]
},
{
"comment": "",
"deleted": false,
"description": "File object describing a file with meta-information",
"meta-category": "file",
"name": "file",
"template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215",
"template_version": "17",
"timestamp": "1561113111",
"uuid": "5d0cb217-01d4-460f-bb99-20b8950d210f",
"Attribute": [
{
"category": "Payload delivery",
"comment": "",
"deleted": false,
"disable_correlation": false,
"object_relation": "sha256",
"timestamp": "1561113112",
"to_ids": true,
"type": "sha256",
"uuid": "5d0cb218-551c-4b90-b098-20b8950d210f",
"value": "73df4e952c581afc427fa18fa2d0bcfa409c1814cd872a3ccf05d44f934ce780"
}
]
},
{
"comment": "",
"deleted": false,
"description": "File object describing a file with meta-information",
"meta-category": "file",
"name": "file",
"template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215",
"template_version": "17",
"timestamp": "1561113814",
"uuid": "5d0cb4d6-883c-4e2b-89b6-4bc1950d210f",
"Attribute": [
{
"category": "Payload delivery",
"comment": "",
"deleted": false,
"disable_correlation": false,
"object_relation": "sha256",
"timestamp": "1561113814",
"to_ids": true,
"type": "sha256",
"uuid": "5d0cb4d6-e79c-4887-b3e7-4432950d210f",
"value": "500dd4c1a5c24495c3bb8173ce5c7b15ba3344aef855090b9b9585b2bfeea974"
}
]
},
{
"comment": "",
"deleted": false,
"description": "File object describing a file with meta-information",
"meta-category": "file",
"name": "file",
"template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215",
"template_version": "17",
"timestamp": "1561113832",
"uuid": "5d0cb4e8-48d8-492e-88e4-48bf950d210f",
"Attribute": [
{
"category": "Payload delivery",
"comment": "",
"deleted": false,
"disable_correlation": false,
"object_relation": "sha256",
"timestamp": "1561113832",
"to_ids": true,
"type": "sha256",
"uuid": "5d0cb4e8-dba8-48ca-bb59-4336950d210f",
"value": "7e20c6cea88ade6a6c4a08ce48fe4ac2451069b7662a8dda4362a304b4854ec7"
}
]
},
{
"comment": "",
"deleted": false,
"description": "File object describing a file with meta-information",
"meta-category": "file",
"name": "file",
"template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215",
"template_version": "17",
"timestamp": "1561132367",
"uuid": "6f9865b9-4cb9-42cc-9351-1fb8fd4f3b2b",
"ObjectReference": [
{
"comment": "",
"object_uuid": "6f9865b9-4cb9-42cc-9351-1fb8fd4f3b2b",
"referenced_uuid": "360b84b9-09a3-414f-a88d-558b8503d0eb",
"relationship_type": "analysed-with",
"timestamp": "1561132369",
"uuid": "5d0cfd51-0db0-47fc-994d-60ae950d210f"
}
],
"Attribute": [
{
"category": "Payload delivery",
"comment": "",
"deleted": false,
"disable_correlation": false,
"object_relation": "md5",
"timestamp": "1561112390",
"to_ids": true,
"type": "md5",
"uuid": "0dd3e75e-87f4-4211-936b-91c59e2cbacd",
"value": "cc4662e589e8fa58d26f1a8d1c0da21f"
},
{
"category": "Payload delivery",
"comment": "",
"deleted": false,
"disable_correlation": false,
"object_relation": "sha1",
"timestamp": "1561112390",
"to_ids": true,
"type": "sha1",
"uuid": "ba72e8b1-0e47-454c-b40d-7233e9fe506d",
"value": "15c5554d24169096e756beee8c15e96c6708f06c"
},
{
"category": "Payload delivery",
"comment": "",
"deleted": false,
"disable_correlation": false,
"object_relation": "sha256",
"timestamp": "1561112390",
"to_ids": true,
"type": "sha256",
"uuid": "1ea9a5f5-6ca6-411f-b059-f65ca9f01a3b",
"value": "1583fd1c6607b77f51411c4ad7c9225324fd1b069645062a348cd885de0ac382"
}
]
},
{
"comment": "",
"deleted": false,
"description": "VirusTotal report",
"meta-category": "misc",
"name": "virustotal-report",
"template_uuid": "d7dd0154-e04f-4c34-a2fb-79f3a3a52aa4",
"template_version": "2",
"timestamp": "1561132368",
"uuid": "360b84b9-09a3-414f-a88d-558b8503d0eb",
"Attribute": [
{
"category": "Other",
"comment": "",
"deleted": false,
"disable_correlation": false,
"object_relation": "last-submission",
"timestamp": "1561112390",
"to_ids": false,
"type": "datetime",
"uuid": "56d8e60e-215c-4291-8f44-dfeb61084447",
"value": "2019-06-13T22:39:35"
},
{
"category": "Payload delivery",
"comment": "",
"deleted": false,
"disable_correlation": false,
"object_relation": "permalink",
"timestamp": "1561112390",
"to_ids": false,
"type": "link",
"uuid": "c1da88a6-b89a-436f-90a0-dac5f2040c94",
"value": "https://www.virustotal.com/file/1583fd1c6607b77f51411c4ad7c9225324fd1b069645062a348cd885de0ac382/analysis/1560465575/"
},
{
"category": "Payload delivery",
"comment": "",
"deleted": false,
"disable_correlation": true,
"object_relation": "detection-ratio",
"timestamp": "1561112390",
"to_ids": false,
"type": "text",
"uuid": "fa401d1d-e971-4d5b-96d4-5f9a142d1c6f",
"value": "34/57"
}
]
},
{
"comment": "",
"deleted": false,
"description": "File object describing a file with meta-information",
"meta-category": "file",
"name": "file",
"template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215",
"template_version": "17",
"timestamp": "1561132368",
"uuid": "c3d5088e-84f5-4ef5-b213-67beb35b4e23",
"ObjectReference": [
{
"comment": "",
"object_uuid": "c3d5088e-84f5-4ef5-b213-67beb35b4e23",
"referenced_uuid": "46bcd5b2-85e1-4961-ad0c-add96cfc111c",
"relationship_type": "analysed-with",
"timestamp": "1561132369",
"uuid": "5d0cfd51-fde0-41bb-9d22-60ae950d210f"
}
],
"Attribute": [
{
"category": "Payload delivery",
"comment": "",
"deleted": false,
"disable_correlation": false,
"object_relation": "md5",
"timestamp": "1561113832",
"to_ids": true,
"type": "md5",
"uuid": "bc2d4f7f-4253-4279-8f85-ab2f89a5f773",
"value": "01a9c99b6c8b812b61ddda76ee5c1899"
},
{
"category": "Payload delivery",
"comment": "",
"deleted": false,
"disable_correlation": false,
"object_relation": "sha1",
"timestamp": "1561113832",
"to_ids": true,
"type": "sha1",
"uuid": "369ecf8c-c9d9-4fd4-8fd4-baee049c1d2a",
"value": "e919ad0e40298f1f79d67c2e8ccdbb0acdde5a2b"
},
{
"category": "Payload delivery",
"comment": "",
"deleted": false,
"disable_correlation": false,
"object_relation": "sha256",
"timestamp": "1561113832",
"to_ids": true,
"type": "sha256",
"uuid": "2d444e91-7de6-4b3b-9ab0-6dcf3149ad3b",
"value": "7e20c6cea88ade6a6c4a08ce48fe4ac2451069b7662a8dda4362a304b4854ec7"
}
]
},
{
"comment": "",
"deleted": false,
"description": "VirusTotal report",
"meta-category": "misc",
"name": "virustotal-report",
"template_uuid": "d7dd0154-e04f-4c34-a2fb-79f3a3a52aa4",
"template_version": "2",
"timestamp": "1561132368",
"uuid": "46bcd5b2-85e1-4961-ad0c-add96cfc111c",
"Attribute": [
{
"category": "Other",
"comment": "",
"deleted": false,
"disable_correlation": false,
"object_relation": "last-submission",
"timestamp": "1561113832",
"to_ids": false,
"type": "datetime",
"uuid": "a9cd7679-ab30-44f0-a181-a34756f08f3f",
"value": "2019-06-18T19:16:22"
},
{
"category": "Payload delivery",
"comment": "",
"deleted": false,
"disable_correlation": false,
"object_relation": "permalink",
"timestamp": "1561113832",
"to_ids": false,
"type": "link",
"uuid": "052fb771-186d-402c-8be5-02ea4657c5ae",
"value": "https://www.virustotal.com/file/7e20c6cea88ade6a6c4a08ce48fe4ac2451069b7662a8dda4362a304b4854ec7/analysis/1560885382/"
},
{
"category": "Payload delivery",
"comment": "",
"deleted": false,
"disable_correlation": true,
"object_relation": "detection-ratio",
"timestamp": "1561113832",
"to_ids": false,
"type": "text",
"uuid": "22f740bd-ce13-43d6-b566-5d09c5cfd814",
"value": "31/55"
}
]
},
{
"comment": "",
"deleted": false,
"description": "File object describing a file with meta-information",
"meta-category": "file",
"name": "file",
"template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215",
"template_version": "17",
"timestamp": "1561132368",
"uuid": "50675af8-63e6-45fc-8705-fe07a29bcf6a",
"ObjectReference": [
{
"comment": "",
"object_uuid": "50675af8-63e6-45fc-8705-fe07a29bcf6a",
"referenced_uuid": "5fc7be9f-fde9-45be-a619-1952b90e8506",
"relationship_type": "analysed-with",
"timestamp": "1561132369",
"uuid": "5d0cfd51-f6a8-4fa3-b00f-60ae950d210f"
}
],
"Attribute": [
{
"category": "Payload delivery",
"comment": "",
"deleted": false,
"disable_correlation": false,
"object_relation": "md5",
"timestamp": "1561112162",
"to_ids": true,
"type": "md5",
"uuid": "0824e839-dfc1-468f-961c-3ea2b0f4cb85",
"value": "6de70812923df430cff73fcf66830e6d"
},
{
"category": "Payload delivery",
"comment": "",
"deleted": false,
"disable_correlation": false,
"object_relation": "sha1",
"timestamp": "1561112162",
"to_ids": true,
"type": "sha1",
"uuid": "846bc2b3-784a-4ca7-8fa4-74deb362a890",
"value": "13cc834fbf30e32146ae1be4a6bbba5b7be41ae3"
},
{
"category": "Payload delivery",
"comment": "",
"deleted": false,
"disable_correlation": false,
"object_relation": "sha256",
"timestamp": "1561112162",
"to_ids": true,
"type": "sha256",
"uuid": "5a49370f-91f6-4d48-a8bc-da2288c5c840",
"value": "49495c9aa08d7859fec1f99f487560b59d8a8914811746181e4e7edbee85341f"
}
]
},
{
"comment": "",
"deleted": false,
"description": "VirusTotal report",
"meta-category": "misc",
"name": "virustotal-report",
"template_uuid": "d7dd0154-e04f-4c34-a2fb-79f3a3a52aa4",
"template_version": "2",
"timestamp": "1561132368",
"uuid": "5fc7be9f-fde9-45be-a619-1952b90e8506",
"Attribute": [
{
"category": "Other",
"comment": "",
"deleted": false,
"disable_correlation": false,
"object_relation": "last-submission",
"timestamp": "1561112162",
"to_ids": false,
"type": "datetime",
"uuid": "3c70bbea-cf02-4b93-8295-b3b4a116c77c",
"value": "2019-06-13T22:39:35"
},
{
"category": "Payload delivery",
"comment": "",
"deleted": false,
"disable_correlation": false,
"object_relation": "permalink",
"timestamp": "1561112162",
"to_ids": false,
"type": "link",
"uuid": "a330507d-9192-4e56-ad08-eeb3401a64ab",
"value": "https://www.virustotal.com/file/49495c9aa08d7859fec1f99f487560b59d8a8914811746181e4e7edbee85341f/analysis/1560465575/"
},
{
"category": "Payload delivery",
"comment": "",
"deleted": false,
"disable_correlation": true,
"object_relation": "detection-ratio",
"timestamp": "1561112162",
"to_ids": false,
"type": "text",
"uuid": "0ef769b9-de75-41b6-86d4-e97d6edef792",
"value": "29/58"
}
]
},
{
"comment": "",
"deleted": false,
"description": "File object describing a file with meta-information",
"meta-category": "file",
"name": "file",
"template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215",
"template_version": "17",
"timestamp": "1561132368",
"uuid": "9803a8e8-e8b7-4708-9565-3f261694a5cb",
"ObjectReference": [
{
"comment": "",
"object_uuid": "9803a8e8-e8b7-4708-9565-3f261694a5cb",
"referenced_uuid": "20480301-47fb-4a64-81c9-8aa80a18dc89",
"relationship_type": "analysed-with",
"timestamp": "1561132369",
"uuid": "5d0cfd51-1fe8-4c8c-b957-60ae950d210f"
}
],
"Attribute": [
{
"category": "Payload delivery",
"comment": "",
"deleted": false,
"disable_correlation": false,
"object_relation": "md5",
"timestamp": "1561113085",
"to_ids": true,
"type": "md5",
"uuid": "2cf55722-c2ee-43e6-af5c-64e5559b2d34",
"value": "f54c7e19bc1db3b3897b6fe81a403db0"
},
{
"category": "Payload delivery",
"comment": "",
"deleted": false,
"disable_correlation": false,
"object_relation": "sha1",
"timestamp": "1561113085",
"to_ids": true,
"type": "sha1",
"uuid": "e76e3d12-005c-48d0-9653-6001c04dcd78",
"value": "20ee3e5634a7a826a68ec858474f65cd58190870"
},
{
"category": "Payload delivery",
"comment": "",
"deleted": false,
"disable_correlation": false,
"object_relation": "sha256",
"timestamp": "1561113085",
"to_ids": true,
"type": "sha256",
"uuid": "7993a25c-189d-4554-afd1-985a7203d623",
"value": "0b05202f4da9bbe1af1811707a76544453282c4f3c0ac9b353759c86742f4369"
}
]
},
{
"comment": "",
"deleted": false,
"description": "VirusTotal report",
"meta-category": "misc",
"name": "virustotal-report",
"template_uuid": "d7dd0154-e04f-4c34-a2fb-79f3a3a52aa4",
"template_version": "2",
"timestamp": "1561132369",
"uuid": "20480301-47fb-4a64-81c9-8aa80a18dc89",
"Attribute": [
{
"category": "Other",
"comment": "",
"deleted": false,
"disable_correlation": false,
"object_relation": "last-submission",
"timestamp": "1561113085",
"to_ids": false,
"type": "datetime",
"uuid": "ad41b356-c3b3-4dcd-855e-7bd45c6d2891",
"value": "2019-06-14T16:31:05"
},
{
"category": "Payload delivery",
"comment": "",
"deleted": false,
"disable_correlation": false,
"object_relation": "permalink",
"timestamp": "1561113085",
"to_ids": false,
"type": "link",
"uuid": "4f643b42-1af6-49d6-b5e8-43f72941844a",
"value": "https://www.virustotal.com/file/0b05202f4da9bbe1af1811707a76544453282c4f3c0ac9b353759c86742f4369/analysis/1560529865/"
},
{
"category": "Payload delivery",
"comment": "",
"deleted": false,
"disable_correlation": true,
"object_relation": "detection-ratio",
"timestamp": "1561113085",
"to_ids": false,
"type": "text",
"uuid": "baa30bab-f182-4eb5-bba6-db9551c005d1",
"value": "24/50"
}
]
},
{
"comment": "",
"deleted": false,
"description": "File object describing a file with meta-information",
"meta-category": "file",
"name": "file",
"template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215",
"template_version": "17",
"timestamp": "1561132369",
"uuid": "4e6b8d5b-af14-4a65-833d-5e41861d39a3",
"ObjectReference": [
{
"comment": "",
"object_uuid": "4e6b8d5b-af14-4a65-833d-5e41861d39a3",
"referenced_uuid": "599d8b4a-50a0-4a83-a25a-dd8b2879fe32",
"relationship_type": "analysed-with",
"timestamp": "1561132370",
"uuid": "5d0cfd52-9d50-414f-b8c0-60ae950d210f"
}
],
"Attribute": [
{
"category": "Payload delivery",
"comment": "",
"deleted": false,
"disable_correlation": false,
"object_relation": "md5",
"timestamp": "1561112184",
"to_ids": true,
"type": "md5",
"uuid": "cb308925-fac4-4d04-90d6-8121eaefc9d9",
"value": "7c48b82ee08fbf7b4f4190b0973dfd5c"
},
{
"category": "Payload delivery",
"comment": "",
"deleted": false,
"disable_correlation": false,
"object_relation": "sha1",
"timestamp": "1561112184",
"to_ids": true,
"type": "sha1",
"uuid": "a99018bc-7015-4cdb-b361-e179640ab153",
"value": "1b278755efb2fefde2c32be6d0aa329ae35a9fc6"
},
{
"category": "Payload delivery",
"comment": "",
"deleted": false,
"disable_correlation": false,
"object_relation": "sha256",
"timestamp": "1561112184",
"to_ids": true,
"type": "sha256",
"uuid": "33312d2c-3757-48fd-acfc-28c1f54aa006",
"value": "d068e8f781879774f0bcc1f2a116211d41194b67024fe45966c8272a8038a7a1"
}
]
},
{
"comment": "",
"deleted": false,
"description": "VirusTotal report",
"meta-category": "misc",
"name": "virustotal-report",
"template_uuid": "d7dd0154-e04f-4c34-a2fb-79f3a3a52aa4",
"template_version": "2",
"timestamp": "1561132369",
"uuid": "599d8b4a-50a0-4a83-a25a-dd8b2879fe32",
"Attribute": [
{
"category": "Other",
"comment": "",
"deleted": false,
"disable_correlation": false,
"object_relation": "last-submission",
"timestamp": "1561112184",
"to_ids": false,
"type": "datetime",
"uuid": "e850ba03-ed6c-474a-ae87-db0f0c31551d",
"value": "2019-06-13T22:39:39"
},
{
"category": "Payload delivery",
"comment": "",
"deleted": false,
"disable_correlation": false,
"object_relation": "permalink",
"timestamp": "1561112184",
"to_ids": false,
"type": "link",
"uuid": "4ed5c275-ec23-49f5-accf-23d17dfd73b8",
"value": "https://www.virustotal.com/file/d068e8f781879774f0bcc1f2a116211d41194b67024fe45966c8272a8038a7a1/analysis/1560465579/"
},
{
"category": "Payload delivery",
"comment": "",
"deleted": false,
"disable_correlation": true,
"object_relation": "detection-ratio",
"timestamp": "1561112184",
"to_ids": false,
"type": "text",
"uuid": "6aeb3a94-650e-4c76-99da-75e53081eaba",
"value": "31/55"
}
]
},
{
"comment": "",
"deleted": false,
"description": "File object describing a file with meta-information",
"meta-category": "file",
"name": "file",
"template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215",
"template_version": "17",
"timestamp": "1561132369",
"uuid": "40227e50-2444-4a4a-80fe-fe4eeddd8a0c",
"ObjectReference": [
{
"comment": "",
"object_uuid": "40227e50-2444-4a4a-80fe-fe4eeddd8a0c",
"referenced_uuid": "4aaab1e9-b177-41dc-b0a3-891174e327a5",
"relationship_type": "analysed-with",
"timestamp": "1561132370",
"uuid": "5d0cfd52-f5f8-4b7e-883c-60ae950d210f"
}
],
"Attribute": [
{
"category": "Payload delivery",
"comment": "",
"deleted": false,
"disable_correlation": false,
"object_relation": "md5",
"timestamp": "1561113057",
"to_ids": true,
"type": "md5",
"uuid": "d88e8b56-d529-43d3-8c31-c3f270fe4a98",
"value": "784ab23904c34c2033b8ab3fbb18645d"
},
{
"category": "Payload delivery",
"comment": "",
"deleted": false,
"disable_correlation": false,
"object_relation": "sha1",
"timestamp": "1561113057",
"to_ids": true,
"type": "sha1",
"uuid": "6f1f6c25-2b58-4555-9488-e418516de2d8",
"value": "75374fe86e63b1c60b02be4ebe3770a58a4423e1"
},
{
"category": "Payload delivery",
"comment": "",
"deleted": false,
"disable_correlation": false,
"object_relation": "sha256",
"timestamp": "1561113057",
"to_ids": true,
"type": "sha256",
"uuid": "66169ca8-b034-495d-97f1-f8926aff712b",
"value": "c082c39e595c7f23c04ce0d6597657d6e649585d5da49b5bd896e664b712e60d"
}
]
},
{
"comment": "",
"deleted": false,
"description": "VirusTotal report",
"meta-category": "misc",
"name": "virustotal-report",
"template_uuid": "d7dd0154-e04f-4c34-a2fb-79f3a3a52aa4",
"template_version": "2",
"timestamp": "1561132369",
"uuid": "4aaab1e9-b177-41dc-b0a3-891174e327a5",
"Attribute": [
{
"category": "Other",
"comment": "",
"deleted": false,
"disable_correlation": false,
"object_relation": "last-submission",
"timestamp": "1561113057",
"to_ids": false,
"type": "datetime",
"uuid": "67e1c498-a970-46de-8907-61e496935893",
"value": "2019-06-21T08:57:11"
},
{
"category": "Payload delivery",
"comment": "",
"deleted": false,
"disable_correlation": false,
"object_relation": "permalink",
"timestamp": "1561113057",
"to_ids": false,
"type": "link",
"uuid": "e57632b1-769b-4c66-bd28-0c73fdb20fa5",
"value": "https://www.virustotal.com/file/c082c39e595c7f23c04ce0d6597657d6e649585d5da49b5bd896e664b712e60d/analysis/1561107431/"
},
{
"category": "Payload delivery",
"comment": "",
"deleted": false,
"disable_correlation": true,
"object_relation": "detection-ratio",
"timestamp": "1561113057",
"to_ids": false,
"type": "text",
"uuid": "528491e6-7f21-401a-9749-cb93d8c6fa29",
"value": "31/57"
}
]
}
]
}
}