misp-circl-feed/feeds/circl/misp/58aafac5-c984-43f3-a1b9-493e950d210f.json

{
  "Event": {
    "analysis": "2",
    "date": "2017-02-20",
    "extends_uuid": "",
    "info": "OSINT - LAZARUS\u00e2\u20ac\u2122 FALSE FLAG MALWARE",
    "publish_timestamp": "1487601138",
    "published": true,
    "threat_level_id": "3",
    "timestamp": "1487600957",
    "uuid": "58aafac5-c984-43f3-a1b9-493e950d210f",
    "Orgc": {
      "name": "CIRCL",
      "uuid": "55f6ea5e-2c60-40e5-964f-47a8950d210f"
    },
    "Tag": [
      {
        "colour": "#ffffff",
        "name": "tlp:white"
      }
    ],
    "Attribute": [
      {
        "category": "External analysis",
        "comment": "",
        "deleted": false,
        "disable_correlation": false,
        "timestamp": "1487600858",
        "to_ids": false,
        "type": "link",
        "uuid": "58aafaf8-405c-4b7d-8f4e-4357950d210f",
        "value": "http://baesystemsai.blogspot.com/2017/02/lazarus-false-flag-malware.html",
        "Tag": [
          {
            "colour": "#075200",
            "name": "admiralty-scale:source-reliability=\"b\""
          },
          {
            "colour": "#00223b",
            "name": "osint:source-type=\"blog-post\""
          }
        ]
      },
      {
        "category": "External analysis",
        "comment": "",
        "deleted": false,
        "disable_correlation": false,
        "timestamp": "1487600858",
        "to_ids": false,
        "type": "comment",
        "uuid": "58aafb3a-9b70-48a9-b715-4dab950d210f",
        "value": "We continue to investigate the recent wave of attacks on banks using watering-holes on at least two financial regulator websites as well as others. Our initial analysis of malware disclosed in the BadCyber blog hinted at the involvement of the 'Lazarus' threat actor. Since the release of our report, more samples have come to light, most notably those described in the Polish language niebezpiecznik.pl blog on 7 February 2017.",
        "Tag": [
          {
            "colour": "#00223b",
            "name": "osint:source-type=\"blog-post\""
          }
        ]
      },
      {
        "category": "Payload delivery",
        "comment": "srservice.chm",
        "deleted": false,
        "disable_correlation": false,
        "timestamp": "1487600858",
        "to_ids": true,
        "type": "md5",
        "uuid": "58aafb6d-f0b0-4362-9eb4-4ced950d210f",
        "value": "9216b29114fb6713ef228370cbfe4045"
      },
      {
        "category": "Payload delivery",
        "comment": "srservice.hlp",
        "deleted": false,
        "disable_correlation": false,
        "timestamp": "1487600858",
        "to_ids": true,
        "type": "md5",
        "uuid": "58aafb6e-427c-4e7a-8919-4c2d950d210f",
        "value": "8e32fccd70cec634d13795bcb1da85ff"
      },
      {
        "category": "Payload delivery",
        "comment": "srservice.dll",
        "deleted": false,
        "disable_correlation": false,
        "timestamp": "1487600858",
        "to_ids": true,
        "type": "md5",
        "uuid": "58aafb6f-8294-45f2-bacc-4de2950d210f",
        "value": "e29fe3c181ac9ddbb242688b151f3310"
      },
      {
        "category": "Payload delivery",
        "comment": "fdsvc.exe",
        "deleted": false,
        "disable_correlation": false,
        "timestamp": "1487600858",
        "to_ids": true,
        "type": "md5",
        "uuid": "58aafb70-5898-4011-b1e4-48d8950d210f",
        "value": "9914075cc687bdc352ee136ac6579707"
      },
      {
        "category": "Payload delivery",
        "comment": "fdsvc.dll",
        "deleted": false,
        "disable_correlation": false,
        "timestamp": "1487600858",
        "to_ids": true,
        "type": "md5",
        "uuid": "58aafb70-b22c-4584-8088-456d950d210f",
        "value": "9cc6854bc5e217104734043c89dc4ff8"
      },
      {
        "category": "Payload delivery",
        "comment": "cambio.swf",
        "deleted": false,
        "disable_correlation": false,
        "timestamp": "1487600858",
        "to_ids": true,
        "type": "md5",
        "uuid": "58aafb91-71a4-476f-981d-41e1950d210f",
        "value": "6dffcfa68433f886b2e88fd984b4995a"
      },
      {
        "category": "External analysis",
        "comment": "",
        "data": "iVBORw0KGgoAAAANSUhEUgAABkAAAAT2CAIAAAD1YvixAAAAA3NCSVQICAjb4U/gAAAAlnpUWHRSYXcgcHJvZmlsZSB0eXBlIEFQUDEAAHicVY5BDsMgDATvvIInjG0w8BxUkSpS1Vb5/6EHSNvsZaVZa9fhPp7j2G/xfby2/TFCjDFGkRpSS007UJlSMEFQoCzk073VQgJk8cFFGW9uLsV8XhhAmz2JhUxNDaTPfHV9PXf+N/L51yldmf46s1qzuth1S2w+AUD4AOdVNXTvLP3VAAAgAElEQVR4nOzdd1xTVxsH8CcJYe+wkSGg7A1uARe4J25bt3XWUWuXdVutbV/rrK27ratat3WPinsvBLfsPRJCyL7vH9emaQKIbRGsv+9f+Zxz7r3PTSImT55zDodhGAIAAAAAAAAAAKivuHUdAAAAAAAAAAAAQHWQwAIAAAAAAAAAgHoNCSwAAAAAAAAAAKjXkMACAAAAAAAAAIB6DQksAAAAAAAAAACo15DAAgAAAAAAAACAeg0JLAAAAAAAAAAAqNeQwAIAAAAAAAAAgHoNCSwAAAAAAAAAAKjXkMACAAAAAAAAAIB6DQksAAAAAAAAAACo15DAAgAAAAAAAACAes2grgMAAIDXSqVS5eTkpKam8ni8uo4FAACgVqhUqoCAACcnJy4XP9gDAPxHIIEFAPB2kUgkBw4cGD9+fF0HAgAAUIvWrl07cOBAMzOzug4EAAD+HfhFAgDg7cLhcAwNDes6CgAAgNplaGjI4XDqOgoAAPjXIIEFAAAAAAAAAAD1GhJYAAAAAAAAAABQryGBBQAAAAAAAAAA9RoWcQcAeNt1iO84deo0V1cXtVpd17EAAAC8Mi6Xm5GZ9dWSL38/c6quYwEAgNqCBBYAwNvOysoywN/Pw8OtrgMBAAD4mywszC0tzOs6CgAAqEWYQggA8LZjGLVKparrKAAAAP4+lUrFMExdRwEAALUICSwAAAAAAAAAAKjXkMACAAAAAAAAAIB6DQksAAAAAAAAAACo15DAAgAAAAAAAACAeg0JLAAAAAAAAAAAqNeQwAIAAAAAAAAAgHoNCSwAAAAAAAAAAKjXkMACAAAAAAAAAIB6DQksAAAAAAAAAACo15DAAgAAAAAAAACAeg0JLAAAAAAAAAAAqNeQwAIAAAAAAAAAgHoNCSwAAAAAAAAAAKjXkMACAAAAAAAAAIB6DQksAAAAAAAAAACo15DAAgAAAAAAAACAeg0JLAAAAAAAAAAAqNeQwAIAAAAAAAAAgHoNCSwAAAAAAAAAAKjXkMACAAAAAAAAAIB6DQksAAAAAAAAAACo15DAAgAAAAAAAACAeg0JLAAAAAAAAAAAqNeQwAIAAAAAAAAAgHoNCSwAAAAAAAAAAKjXkMACAAAAAAAAAIB6DQksAAAAAAAAAACo15DAAgAAAAAAAACAeg0JLAAAAAAAAAAAqNeQwAIAAAAAAAAAgHoNCSwAAAAAAAAAAKjXkMACAAAAAAAAAIB6DQksAAAAAAAAAACo15DAAgAAAAAAAACAeg0JLAAAAAAAAAAAqNeQwAIAAAAAAAAAgHrNoK4DAAAAAIAXxOJytVrFMIyVlVVdx1IJhmHKy8vVajWXyzU3N6/rcAAAAOAtggosAAAAgPoisV9/Kysra2vrug6kciUlpZ26dLOysoqPj6/rWAAAAODtggosAACA102pVCkUCrVapVKpGIYhIg6Hw+VyeTwDPt/AwAD/O78+crlCKq2oP/VE1lb1NHXF4nI5AltbIhIIBP/6yRmGkcpkCrnc0NDQ2Nj4Xz9/zcnl8oqKCmNjYyMjIyJSKpUSicTAwMDU1LSqQ1QqtUwmVSgUHA7H2NjY0NDwNcYLAADwVkAFFgAAwOujVKqKiouPnzw1Z+78Hj17s7U21tbWVlZW7drHfz577pnfk8rE4roO8y2yZdsOKyur7j16ZWXn1HUsb7vi4pK58xZaWVkt/nJJpf8KlEqlQqms7TBUKtX+/Qesra137vqVbbl167aHp8+cuXNUarX+eLVaLRSJzl+48N7YCdbW1u6eXgcOHKztIAEAAN5C+I0XAADgdWCIRELh70nnV65YefzYYSIyNjZp4Ob+R70V8+jhgyuXLxYVFno19LSoH9VAb4P5c2cT0elTJ3bs/HXa5Il1Hc5braSk+MtFC4ho//79zZq16JjQXtOlUqlyc/Pu3Es2NTWJbd2qVsMQCkXP0zMCg4I1EznLykSlJQVOjs48ru5Pv2Kx+PrNW+vWrf/5x01si5enJ8qvAAAAagMSWAAAAK/D8+dpmzZuWvbtt0JRqYenZ0R4RGRUtGfDhsbGxgxDXC43KzPjt0MH4+M7ODk51XWwb5E+fRJ/2fmLSCQMDgyo61jediYmpol9+505c6Zx48Zu7g20u1JTU4OCgrgGhiuXL6vtBJZCqRSLy5ydXezs7DUtZmaWLi4uOiMrpNJdv+4ePmwoEbVr38HI0PC33w7VamwAAABvMySwAAAAal1BYeHq1au//moJEQ0e8s6AAQPbtm1jaqK7ys+IEcP4BnxDQ35dxPiWWvzloqbNm9vZ2cXF1G5aBF7K1dVlxYrl5y9c8vfzC/D31e7icDhE1NDTg1f7K8RJpdKC/EIDAx6XyyWiouLi23fuOTjaGxoZ6Yw0NjISCGxdXRsMGjxk2LBh6WnPkMACAACoPUhgAQAA1LoD+w/8uPlHIho/YdJHMz50d3erdJhZ1UtEQy3hcbmJvXvWdRTwgpOjY59ePfTb2VwS549MVq1iGEahVDg6OTk6Or5oUavt7R2sLK10RnI4nODgkN179jaJjiSizIy02o4NAADgbYYEFgAAQO26eu36vgMH8/NzR48Z++GHH1SVvaqGWq2Wy+VKpVKpVKrVag6HY2BgwOcbGhkZ6n+fr6iokEqlfD7f1NSUy+XKZDL2WIZhDAwMjIyMjYz+XKBHKpXK5XJ2M0QDA76RsZGR3vI9EolEJpPxDAzMzcy4XK5CoZDJ5AqFnGEYDofD5/ONjIz5fN1PFOXl5TKZzNDIyNzMjGFIKq2QyWQqlcrGxob714WElCqV4o+7Y1v4fEM+38BIr+CFiMRisVwuNzI2NjM1ZRhGKpUqFAo2fj7f0MjYyJD/on6NYZiKigqlUvmi19DQ2MiIz9etbisrK1MoFAzD6G+rJ5PJFEqlXCZjn2Q+n29gYFDp7njsMPZaL54TY2N+tbVCUqlUqVTK5XIi4vF4BgZ8IyPDmm9AWVpayr4TbGxs9HuFQqFKpTIwMLC0tNTvLSoq4nK5BgYGFhYW2u1yuUIul6tUSpVKxeVy2bsw4PGqj6SiQqpQyJVKJYfD4XA4hkZGRoaGvKqPqqiQKpUKdrc+DofL5xvw+YZs1aFKpRKLxdqRq9VqiUSiUqlKSkqISKVWl4vFYrFYoVAQkZGxsamJic752Tcn+4bncrns687VW7uqGuKysju3b4eEBLMvh1hc/uz5c4FAYGmlm8AiIk8Pd08Pd/Yxu6MoAAAA1BLsQggAAFC77ty+ferECWtr2759+3h6eLzq4QqF4sbN2999v3bkyDE2NjYCgcDW1vbdd4d/v3bd4ydPVSqVzvgff/rZ1tZ22vSPsnNy0zMy1m/c3Cexv62trUAg6NU78ceft+Tk5hGRSqV68vTpipWru3XvyfYm9u3785Ztefn5OidcvXqNra3tiBGjCwoKFArF/oO/TXp/CnuIra3tmPfGHzx0uKSkVOeob/63VCAQLPziS6FQ9OTp06+/+dbXN8DOzi43N1d7mFwuP5t07pulywcMGGz7h0nvT9n805b8/AL9jMDns+YIBIIvl3wjlckePHz0zdLl7dsnsMGMGDlqz9794vJyIlIolPdTUmfPmR8X147tHTVqzN79ByWSCp0Tvj95qkAgsLOz07mWXC7fsOmnyZOnsbdpa2s7bvzEVd+t1X+BpFLp4SPHPvr4s+bNW7GDx42fePjIMZlMVtVrWlYmXvPDhvETJgkEAoFA0LpV7Ceffn70+Em1Ws3jvfyzmUql6ty5O3stUZnubn0SiSQ6uplAIOjbt7/+sQUFBXZ2dr
        "deleted": false,
        "disable_correlation": false,
        "timestamp": "1487600858",
        "to_ids": false,
        "type": "attachment",
        "uuid": "58aafbc7-9d18-43b7-b027-4018950d210f",
        "value": "schema.png",
        "Tag": [
          {
            "colour": "#00223b",
            "name": "osint:source-type=\"blog-post\""
          }
        ]
      },
      {
        "category": "Payload delivery",
        "comment": "The file fdsvc.dll is an encrypted file, successfully decrypted into a valid DLL (MD5: 889e320cf66520485e1a0475107d7419) by the aforementioned executable fdsvc.exe.",
        "deleted": false,
        "disable_correlation": false,
        "timestamp": "1487600858",
        "to_ids": true,
        "type": "md5",
        "uuid": "58aafc38-87f4-4f3e-b6b7-457c950d210f",
        "value": "889e320cf66520485e1a0475107d7419"
      },
      {
        "category": "Payload delivery",
        "comment": "srservice.dll - Xchecked via VT: e29fe3c181ac9ddbb242688b151f3310",
        "deleted": false,
        "disable_correlation": false,
        "timestamp": "1487600865",
        "to_ids": true,
        "type": "sha256",
        "uuid": "58aafce1-a080-4233-ab2e-41c002de0b81",
        "value": "6c1d8c4afbc7f85f05fb2e4d17e5553255b0195a0b56ba5309e362e2156debfc"
      },
      {
        "category": "Payload delivery",
        "comment": "srservice.dll - Xchecked via VT: e29fe3c181ac9ddbb242688b151f3310",
        "deleted": false,
        "disable_correlation": false,
        "timestamp": "1487600865",
        "to_ids": true,
        "type": "sha1",
        "uuid": "58aafce1-0978-4c1f-a438-485d02de0b81",
        "value": "7260340b7d7b08b7a9c7e27d9226e17b7170a436"
      },
      {
        "category": "External analysis",
        "comment": "srservice.dll - Xchecked via VT: e29fe3c181ac9ddbb242688b151f3310",
        "deleted": false,
        "disable_correlation": false,
        "timestamp": "1487600866",
        "to_ids": false,
        "type": "link",
        "uuid": "58aafce2-9380-439a-9174-4bcd02de0b81",
        "value": "https://www.virustotal.com/file/6c1d8c4afbc7f85f05fb2e4d17e5553255b0195a0b56ba5309e362e2156debfc/analysis/1487239802/"
      },
      {
        "category": "Payload delivery",
        "comment": "fdsvc.exe - Xchecked via VT: 9914075cc687bdc352ee136ac6579707",
        "deleted": false,
        "disable_correlation": false,
        "timestamp": "1487600867",
        "to_ids": true,
        "type": "sha256",
        "uuid": "58aafce3-0740-4625-91da-452f02de0b81",
        "value": "cd10ffb7a88f0d2ec69326e7a13f00b9ed211a3a719f89a755a29494ff1142e6"
      },
      {
        "category": "Payload delivery",
        "comment": "fdsvc.exe - Xchecked via VT: 9914075cc687bdc352ee136ac6579707",
        "deleted": false,
        "disable_correlation": false,
        "timestamp": "1487600868",
        "to_ids": true,
        "type": "sha1",
        "uuid": "58aafce4-cf48-49f6-86f7-45b902de0b81",
        "value": "fa4f2e3f7c56210d1e380ec6d74a0b6dd776994b"
      },
      {
        "category": "External analysis",
        "comment": "fdsvc.exe - Xchecked via VT: 9914075cc687bdc352ee136ac6579707",
        "deleted": false,
        "disable_correlation": false,
        "timestamp": "1487600868",
        "to_ids": false,
        "type": "link",
        "uuid": "58aafce4-a3dc-4f76-b51e-4a8a02de0b81",
        "value": "https://www.virustotal.com/file/cd10ffb7a88f0d2ec69326e7a13f00b9ed211a3a719f89a755a29494ff1142e6/analysis/1487564884/"
      },
      {
        "category": "Payload delivery",
        "comment": "fdsvc.dll - Xchecked via VT: 9cc6854bc5e217104734043c89dc4ff8",
        "deleted": false,
        "disable_correlation": false,
        "timestamp": "1487600869",
        "to_ids": true,
        "type": "sha256",
        "uuid": "58aafce5-02c4-4787-aac4-499f02de0b81",
        "value": "752b8e93a8f6803b265dd3a7cd39df86997cf99900426635b1b97dd665bd7f9f"
      },
      {
        "category": "Payload delivery",
        "comment": "fdsvc.dll - Xchecked via VT: 9cc6854bc5e217104734043c89dc4ff8",
        "deleted": false,
        "disable_correlation": false,
        "timestamp": "1487600870",
        "to_ids": true,
        "type": "sha1",
        "uuid": "58aafce6-bfe4-42e1-9581-498702de0b81",
        "value": "11568dffd6325ade217fbe49ce56a3ee5001cbcc"
      },
      {
        "category": "External analysis",
        "comment": "fdsvc.dll - Xchecked via VT: 9cc6854bc5e217104734043c89dc4ff8",
        "deleted": false,
        "disable_correlation": false,
        "timestamp": "1487600871",
        "to_ids": false,
        "type": "link",
        "uuid": "58aafce7-bfa4-433b-a122-40b702de0b81",
        "value": "https://www.virustotal.com/file/752b8e93a8f6803b265dd3a7cd39df86997cf99900426635b1b97dd665bd7f9f/analysis/1487229167/"
      },
      {
        "category": "Payload delivery",
        "comment": "cambio.swf - Xchecked via VT: 6dffcfa68433f886b2e88fd984b4995a",
        "deleted": false,
        "disable_correlation": false,
        "timestamp": "1487600871",
        "to_ids": true,
        "type": "sha256",
        "uuid": "58aafce7-0964-457a-bfd5-4fdc02de0b81",
        "value": "c1b29afcfddb79cfd57545b8600922150843ae2b170fff9aeacdeaa17adbf792"
      },
      {
        "category": "Payload delivery",
        "comment": "cambio.swf - Xchecked via VT: 6dffcfa68433f886b2e88fd984b4995a",
        "deleted": false,
        "disable_correlation": false,
        "timestamp": "1487600872",
        "to_ids": true,
        "type": "sha1",
        "uuid": "58aafce8-a700-4de1-9e84-475f02de0b81",
        "value": "ba5a2230ff2068b7fb22de3b83031457d18c3298"
      },
      {
        "category": "External analysis",
        "comment": "cambio.swf - Xchecked via VT: 6dffcfa68433f886b2e88fd984b4995a",
        "deleted": false,
        "disable_correlation": false,
        "timestamp": "1487600873",
        "to_ids": false,
        "type": "link",
        "uuid": "58aafce9-8adc-4463-8c5a-467a02de0b81",
        "value": "https://www.virustotal.com/file/c1b29afcfddb79cfd57545b8600922150843ae2b170fff9aeacdeaa17adbf792/analysis/1487563770/"
      },
      {
        "category": "Payload delivery",
        "comment": "The file fdsvc.dll is an encrypted file, successfully decrypted into a valid DLL (MD5: 889e320cf66520485e1a0475107d7419) by the aforementioned executable fdsvc.exe. - Xchecked via VT: 889e320cf66520485e1a0475107d7419",
        "deleted": false,
        "disable_correlation": false,
        "timestamp": "1487600874",
        "to_ids": true,
        "type": "sha256",
        "uuid": "58aafcea-8700-4a01-99c5-4ed902de0b81",
        "value": "8cad61422d032119219f465331308c5a61e21c9a3a431b88e1f8b25129b7e2a1"
      },
      {
        "category": "Payload delivery",
        "comment": "The file fdsvc.dll is an encrypted file, successfully decrypted into a valid DLL (MD5: 889e320cf66520485e1a0475107d7419) by the aforementioned executable fdsvc.exe. - Xchecked via VT: 889e320cf66520485e1a0475107d7419",
        "deleted": false,
        "disable_correlation": false,
        "timestamp": "1487600874",
        "to_ids": true,
        "type": "sha1",
        "uuid": "58aafcea-c968-4940-9c36-44d902de0b81",
        "value": "f5fc9d893ae99f97e43adcef49801782daced2d7"
      },
      {
        "category": "External analysis",
        "comment": "The file fdsvc.dll is an encrypted file, successfully decrypted into a valid DLL (MD5: 889e320cf66520485e1a0475107d7419) by the aforementioned executable fdsvc.exe. - Xchecked via VT: 889e320cf66520485e1a0475107d7419",
        "deleted": false,
        "disable_correlation": false,
        "timestamp": "1487600875",
        "to_ids": false,
        "type": "link",
        "uuid": "58aafceb-7740-4c6c-97b2-4bce02de0b81",
        "value": "https://www.virustotal.com/file/8cad61422d032119219f465331308c5a61e21c9a3a431b88e1f8b25129b7e2a1/analysis/1487179033/"
      },
      {
        "category": "Artifacts dropped",
        "comment": "",
        "deleted": false,
        "disable_correlation": false,
        "timestamp": "1487600922",
        "to_ids": true,
        "type": "filename",
        "uuid": "58aafd1a-be48-4ca5-af2e-482f950d210f",
        "value": "cambio.xap"
      },
      {
        "category": "Artifacts dropped",
        "comment": "",
        "deleted": false,
        "disable_correlation": false,
        "timestamp": "1487600922",
        "to_ids": true,
        "type": "filename",
        "uuid": "58aafd1a-e8e8-4275-a0b3-4ceb950d210f",
        "value": "mark180789172360.ico"
      },
      {
        "category": "Artifacts dropped",
        "comment": "",
        "deleted": false,
        "disable_correlation": false,
        "timestamp": "1487600923",
        "to_ids": true,
        "type": "filename",
        "uuid": "58aafd1b-7ca8-4258-a429-4787950d210f",
        "value": "meml102783047891.dat"
      },
      {
        "category": "Artifacts dropped",
        "comment": "",
        "deleted": false,
        "disable_correlation": false,
        "timestamp": "1487600924",
        "to_ids": true,
        "type": "filename",
        "uuid": "58aafd1c-cc98-4a0c-9c3c-40b0950d210f",
        "value": "back283671047171.dat"
      },
      {
        "category": "Network activity",
        "comment": "",
        "deleted": false,
        "disable_correlation": false,
        "timestamp": "1487600957",
        "to_ids": false,
        "type": "pattern-in-traffic",
        "uuid": "58aafd3d-a418-4a76-9462-4dcb950d210f",
        "value": "view.jsp?pagenum=1"
      },
      {
        "category": "Network activity",
        "comment": "",
        "deleted": false,
        "disable_correlation": false,
        "timestamp": "1487600958",
        "to_ids": false,
        "type": "pattern-in-traffic",
        "uuid": "58aafd3e-eb98-4596-96f1-4b43950d210f",
        "value": "view.jsp?uid="
      }
    ]
  }
}
chg: [feed] added 2023-04-21 13:25:09 +00:00			`{`
			`"Event": {`
			`"analysis": "2",`
			`"date": "2017-02-20",`
			`"extends_uuid": "",`
			`"info": "OSINT - LAZARUS\u00e2\u20ac\u2122 FALSE FLAG MALWARE",`
			`"publish_timestamp": "1487601138",`
			`"published": true,`
			`"threat_level_id": "3",`
			`"timestamp": "1487600957",`
			`"uuid": "58aafac5-c984-43f3-a1b9-493e950d210f",`
			`"Orgc": {`
			`"name": "CIRCL",`
			`"uuid": "55f6ea5e-2c60-40e5-964f-47a8950d210f"`
			`},`
			`"Tag": [`
			`{`
			`"colour": "#ffffff",`
			`"name": "tlp:white"`
			`}`
			`],`
			`"Attribute": [`
			`{`
			`"category": "External analysis",`
			`"comment": "",`
			`"deleted": false,`
			`"disable_correlation": false,`
			`"timestamp": "1487600858",`
			`"to_ids": false,`
			`"type": "link",`
			`"uuid": "58aafaf8-405c-4b7d-8f4e-4357950d210f",`
			`"value": "http://baesystemsai.blogspot.com/2017/02/lazarus-false-flag-malware.html",`
			`"Tag": [`
			`{`
			`"colour": "#075200",`
			`"name": "admiralty-scale:source-reliability=\"b\""`
			`},`
			`{`
			`"colour": "#00223b",`
			`"name": "osint:source-type=\"blog-post\""`
			`}`
			`]`
			`},`
			`{`
			`"category": "External analysis",`
			`"comment": "",`
			`"deleted": false,`
			`"disable_correlation": false,`
			`"timestamp": "1487600858",`
			`"to_ids": false,`
			`"type": "comment",`
			`"uuid": "58aafb3a-9b70-48a9-b715-4dab950d210f",`
			`"value": "We continue to investigate the recent wave of attacks on banks using watering-holes on at least two financial regulator websites as well as others. Our initial analysis of malware disclosed in the BadCyber blog hinted at the involvement of the 'Lazarus' threat actor. Since the release of our report, more samples have come to light, most notably those described in the Polish language niebezpiecznik.pl blog on 7 February 2017.",`
			`"Tag": [`
			`{`
			`"colour": "#00223b",`
			`"name": "osint:source-type=\"blog-post\""`
			`}`
			`]`
			`},`
			`{`
			`"category": "Payload delivery",`
			`"comment": "srservice.chm",`
			`"deleted": false,`
			`"disable_correlation": false,`
			`"timestamp": "1487600858",`
			`"to_ids": true,`
			`"type": "md5",`
			`"uuid": "58aafb6d-f0b0-4362-9eb4-4ced950d210f",`
			`"value": "9216b29114fb6713ef228370cbfe4045"`
			`},`
			`{`
			`"category": "Payload delivery",`
			`"comment": "srservice.hlp",`
			`"deleted": false,`
			`"disable_correlation": false,`
			`"timestamp": "1487600858",`
			`"to_ids": true,`
			`"type": "md5",`
			`"uuid": "58aafb6e-427c-4e7a-8919-4c2d950d210f",`
			`"value": "8e32fccd70cec634d13795bcb1da85ff"`
			`},`
			`{`
			`"category": "Payload delivery",`
			`"comment": "srservice.dll",`
			`"deleted": false,`
			`"disable_correlation": false,`
			`"timestamp": "1487600858",`
			`"to_ids": true,`
			`"type": "md5",`
			`"uuid": "58aafb6f-8294-45f2-bacc-4de2950d210f",`
			`"value": "e29fe3c181ac9ddbb242688b151f3310"`
			`},`
			`{`
			`"category": "Payload delivery",`
			`"comment": "fdsvc.exe",`
			`"deleted": false,`
			`"disable_correlation": false,`
			`"timestamp": "1487600858",`
			`"to_ids": true,`
			`"type": "md5",`
			`"uuid": "58aafb70-5898-4011-b1e4-48d8950d210f",`
			`"value": "9914075cc687bdc352ee136ac6579707"`
			`},`
			`{`
			`"category": "Payload delivery",`
			`"comment": "fdsvc.dll",`
			`"deleted": false,`
			`"disable_correlation": false,`
			`"timestamp": "1487600858",`
			`"to_ids": true,`
			`"type": "md5",`
			`"uuid": "58aafb70-b22c-4584-8088-456d950d210f",`
			`"value": "9cc6854bc5e217104734043c89dc4ff8"`
			`},`
			`{`
			`"category": "Payload delivery",`
			`"comment": "cambio.swf",`
			`"deleted": false,`
			`"disable_correlation": false,`
			`"timestamp": "1487600858",`
			`"to_ids": true,`
			`"type": "md5",`
			`"uuid": "58aafb91-71a4-476f-981d-41e1950d210f",`
			`"value": "6dffcfa68433f886b2e88fd984b4995a"`
			`},`
			`{`
			`"category": "External analysis",`
			`"comment": "",`
			"data": "iVBORw0KGgoAAAANSUhEUgAABkAAAAT2CAIAAAD1YvixAAAAA3NCSVQICAjb4U/gAAAAlnpUWHRSYXcgcHJvZmlsZSB0eXBlIEFQUDEAAHicVY5BDsMgDATvvIInjG0w8BxUkSpS1Vb5/6EHSNvsZaVZa9fhPp7j2G/xfby2/TFCjDFGkRpSS007UJlSMEFQoCzk073VQgJk8cFFGW9uLsV8XhhAmz2JhUxNDaTPfHV9PXf+N/L51yldmf46s1qzuth1S2w+AUD4AOdVNXTvLP3VAAAgAElEQVR4nOzdd1xTVxsH8CcJYe+wkSGg7A1uARe4J25bt3XWUWuXdVutbV/rrK27ratat3WPinsvBLfsPRJCyL7vH9emaQKIbRGsv+9f+Zxz7r3PTSImT55zDodhGAIAAAAAAAAAAKivuHUdAAAAAAAAAAAAQHWQwAIAAAAAAAAAgHoNCSwAAAAAAAAAAKjXkMACAAAAAAAAAIB6DQksAAAAAAAAAACo15DAAgAAAAAAAACAeg0JLAAAAAAAAAAAqNeQwAIAAAAAAAAAgHoNCSwAAAAAAAAAAKjXkMACAAAAAAAAAIB6DQksAAAAAAAAAACo15DAAgAAAAAAAACAes2grgMAAIDXSqVS5eTkpKam8ni8uo4FAACgVqhUqoCAACcnJy4XP9gDAPxHIIEFAPB2kUgkBw4cGD9+fF0HAgAAUIvWrl07cOBAMzOzug4EAAD+HfhFAgDg7cLhcAwNDes6CgAAgNplaGjI4XDqOgoAAPjXIIEFAAAAAAAAAAD1GhJYAAAAAAAAAABQryGBBQAAAAAAAAAA9RoWcQcAeNt1iO84deo0V1cXtVpd17EAAAC8Mi6Xm5GZ9dWSL38/c6quYwEAgNqCBBYAwNvOysoywN/Pw8OtrgMBAAD4mywszC0tzOs6CgAAqEWYQggA8LZjGLVKparrKAAAAP4+lUrFMExdRwEAALUICSwAAAAAAAAAAKjXkMACAAAAAAAAAIB6DQksAAAAAAAAAACo15DAAgAAAAAAAACAeg0JLAAAAAAAAAAAqNeQwAIAAAAAAAAAgHoNCSwAAAAAAAAAAKjXkMACAAAAAAAAAIB6DQksAAAAAAAAAACo15DAAgAAAAAAAACAeg0JLAAAAAAAAAAAqNeQwAIAAAAAAAAAgHoNCSwAAAAAAAAAAKjXkMACAAAAAAAAAIB6DQksAAAAAAAAAACo15DAAgAAAAAAAACAeg0JLAAAAAAAAAAAqNeQwAIAAAAAAAAAgHoNCSwAAAAAAAAAAKjXkMACAAAAAAAAAIB6DQksAAAAAAAAAACo15DAAgAAAAAAAACAeg0JLAAAAAAAAAAAqNeQwAIAAAAAAAAAgHoNCSwAAAAAAAAAAKjXkMACAAAAAAAAAIB6DQksAAAAAAAAAACo15DAAgAAAAAAAACAeg0JLAAAAAAAAAAAqNeQwAIAAAAAAAAAgHoNCSwAAAAAAAAAAKjXkMACAAAAAAAAAIB6DQksAAAAAAAAAACo15DAAgAAAAAAAACAeg0JLAAAAAAAAAAAqNeQwAIAAAAAAAAAgHrNoK4DAAAAAIAXxOJytVrFMIyVlVVdx1IJhmHKy8vVajWXyzU3N6/rcAAAAOAtggosAAAAgPoisV9/Kysra2vrug6kciUlpZ26dLOysoqPj6/rWAAAAODtggosAACA102pVCkUCrVapVKpGIYhIg6Hw+VyeTwDPt/AwAD/O78+crlCKq2oP/VE1lb1NHXF4nI5AltbIhIIBP/6yRmGkcpkCrnc0NDQ2Nj4Xz9/zcnl8oqKCmNjYyMjIyJSKpUSicTAwMDU1LSqQ1QqtUwmVSgUHA7H2NjY0NDwNcYLAADwVkAFFgAAwOujVKqKiouPnzw1Z+78Hj17s7U21tbWVlZW7drHfz577pnfk8rE4roO8y2yZdsOKyur7j16ZWXn1HUsb7vi4pK58xZaWVkt/nJJpf8KlEqlQqms7TBUKtX+/Qesra137vqVbbl167aHp8+cuXNUarX+eLVaLRSJzl+48N7YCdbW1u6eXgcOHKztIAEAAN5C+I0XAADgdWCIRELh70nnV65YefzYYSIyNjZp4Ob+R70V8+jhgyuXLxYVFno19LSoH9VAb4P5c2cT0elTJ3bs/HXa5Il1Hc5braSk+MtFC4ho//79zZq16JjQXtOlUqlyc/Pu3Es2NTWJbd2qVsMQCkXP0zMCg4I1EznLykSlJQVOjs48ru5Pv2Kx+PrNW+vWrf/5x01si5enJ8qvAAAAagMSWAAAAK/D8+dpmzZuWvbtt0JRqYenZ0R4RGRUtGfDhsbGxgxDXC43KzPjt0MH4+M7ODk51XWwb5E+fRJ/2fmLSCQMDgyo61jediYmpol9+505c6Zx48Zu7g20u1JTU4OCgrgGhiuXL6vtBJZCqRSLy5ydXezs7DUtZmaWLi4uOiMrpNJdv+4ePmwoEbVr38HI0PC33w7VamwAAABvMySwAAAAal1BYeHq1au//moJEQ0e8s6AAQPbtm1jaqK7ys+IEcP4BnxDQ35dxPiWWvzloqbNm9vZ2cXF1G5aBF7K1dVlxYrl5y9c8vfzC/D31e7icDhE1NDTg1f7K8RJpdKC/EIDAx6XyyWiouLi23fuOTjaGxoZ6Yw0NjISCGxdXRsMGjxk2LBh6WnPkMACAACoPUhgAQAA1LoD+w/8uPlHIho/YdJHMz50d3erdJhZ1UtEQy3hcbmJvXvWdRTwgpOjY59ePfTb2VwS549MVq1iGEahVDg6OTk6Or5oUavt7R2sLK10RnI4nODgkN179jaJjiSizIy02o4NAADgbYYEFgAAQO26eu36vgMH8/NzR48Z++GHH1SVvaqGWq2Wy+VKpVKpVKrVag6HY2BgwOcbGhkZ6n+fr6iokEqlfD7f1NSUy+XKZDL2WIZhDAwMjIyMjYz+XKBHKpXK5XJ2M0QDA76RsZGR3vI9EolEJpPxDAzMzcy4XK5CoZDJ5AqFnGEYDofD5/ONjIz5fN1PFOXl5TKZzNDIyNzMjGFIKq2QyWQqlcrGxob714WElCqV4o+7Y1v4fEM+38BIr+CFiMRisVwuNzI2NjM1ZRhGKpUqFAo2fj7f0MjYyJD/on6NYZiKigqlUvmi19DQ2MiIz9etbisrK1MoFAzD6G+rJ5PJFEqlXCZjn2Q+n29gYFDp7njsMPZaL54TY2N+tbVCUqlUqVTK5XIi4vF4BgZ8IyPDmm9AWVpayr4TbGxs9HuFQqFKpTIwMLC0tNTvLSoq4nK5BgYGFhYW2u1yuUIul6tUSpVKxeVy2bsw4PGqj6SiQqpQyJVKJYfD4XA4hkZGRoaGvKqPqqiQKpUKdrc+DofL5xvw+YZs1aFKpRKLxdqRq9VqiUSiUqlKSkqISKVWl4vFYrFYoVAQkZGxsamJic752Tcn+4bncrns687VW7uqGuKysju3b4eEBLMvh1hc/uz5c4FAYGmlm8AiIk8Pd08Pd/Yxu6MoAAAA1BLsQggAAFC77ty+ferECWtr2759+3h6eLzq4QqF4sbN2999v3bkyDE2NjYCgcDW1vbdd4d/v3bd4ydPVSqVzvgff/rZ1tZ22vSPsnNy0zMy1m/c3Cexv62trUAg6NU78ceft+Tk5hGRSqV68vTpipWru3XvyfYm9u3785Ztefn5OidcvXqNra3tiBGjCwoKFArF/oO/TXp/CnuIra3tmPfGHzx0uKSkVOeob/63VCAQLPziS6FQ9OTp06+/+dbXN8DOzi43N1d7mFwuP5t07pulywcMGGz7h0nvT9n805b8/AL9jMDns+YIBIIvl3wjlckePHz0zdLl7dsnsMGMGDlqz9794vJyIlIolPdTUmfPmR8X147tHTVqzN79ByWSCp0Tvj95qkAgsLOz07mWXC7fsOmnyZOnsbdpa2s7bvzEVd+t1X+BpFLp4SPHPvr4s+bNW7GDx42fePjIMZlMVtVrWlYmXvPDhvETJgkEAoFA0LpV7Ceffn70+Em1Ws3jvfyzmUql6ty5O3stUZnubn0SiSQ6uplAIOjbt7/+sQUFBXZ2dr
			`"deleted": false,`
			`"disable_correlation": false,`
			`"timestamp": "1487600858",`
			`"to_ids": false,`
			`"type": "attachment",`
			`"uuid": "58aafbc7-9d18-43b7-b027-4018950d210f",`
			`"value": "schema.png",`
			`"Tag": [`
			`{`
			`"colour": "#00223b",`
			`"name": "osint:source-type=\"blog-post\""`
			`}`
			`]`
			`},`
			`{`
			`"category": "Payload delivery",`
			`"comment": "The file fdsvc.dll is an encrypted file, successfully decrypted into a valid DLL (MD5: 889e320cf66520485e1a0475107d7419) by the aforementioned executable fdsvc.exe.",`
			`"deleted": false,`
			`"disable_correlation": false,`
			`"timestamp": "1487600858",`
			`"to_ids": true,`
			`"type": "md5",`
			`"uuid": "58aafc38-87f4-4f3e-b6b7-457c950d210f",`
			`"value": "889e320cf66520485e1a0475107d7419"`
			`},`
			`{`
			`"category": "Payload delivery",`
			`"comment": "srservice.dll - Xchecked via VT: e29fe3c181ac9ddbb242688b151f3310",`
			`"deleted": false,`
			`"disable_correlation": false,`
			`"timestamp": "1487600865",`
			`"to_ids": true,`
			`"type": "sha256",`
			`"uuid": "58aafce1-a080-4233-ab2e-41c002de0b81",`
			`"value": "6c1d8c4afbc7f85f05fb2e4d17e5553255b0195a0b56ba5309e362e2156debfc"`
			`},`
			`{`
			`"category": "Payload delivery",`
			`"comment": "srservice.dll - Xchecked via VT: e29fe3c181ac9ddbb242688b151f3310",`
			`"deleted": false,`
			`"disable_correlation": false,`
			`"timestamp": "1487600865",`
			`"to_ids": true,`
			`"type": "sha1",`
			`"uuid": "58aafce1-0978-4c1f-a438-485d02de0b81",`
			`"value": "7260340b7d7b08b7a9c7e27d9226e17b7170a436"`
			`},`
			`{`
			`"category": "External analysis",`
			`"comment": "srservice.dll - Xchecked via VT: e29fe3c181ac9ddbb242688b151f3310",`
			`"deleted": false,`
			`"disable_correlation": false,`
			`"timestamp": "1487600866",`
			`"to_ids": false,`
			`"type": "link",`
			`"uuid": "58aafce2-9380-439a-9174-4bcd02de0b81",`
			`"value": "https://www.virustotal.com/file/6c1d8c4afbc7f85f05fb2e4d17e5553255b0195a0b56ba5309e362e2156debfc/analysis/1487239802/"`
			`},`
			`{`
			`"category": "Payload delivery",`
			`"comment": "fdsvc.exe - Xchecked via VT: 9914075cc687bdc352ee136ac6579707",`
			`"deleted": false,`
			`"disable_correlation": false,`
			`"timestamp": "1487600867",`
			`"to_ids": true,`
			`"type": "sha256",`
			`"uuid": "58aafce3-0740-4625-91da-452f02de0b81",`
			`"value": "cd10ffb7a88f0d2ec69326e7a13f00b9ed211a3a719f89a755a29494ff1142e6"`
			`},`
			`{`
			`"category": "Payload delivery",`
			`"comment": "fdsvc.exe - Xchecked via VT: 9914075cc687bdc352ee136ac6579707",`
			`"deleted": false,`
			`"disable_correlation": false,`
			`"timestamp": "1487600868",`
			`"to_ids": true,`
			`"type": "sha1",`
			`"uuid": "58aafce4-cf48-49f6-86f7-45b902de0b81",`
			`"value": "fa4f2e3f7c56210d1e380ec6d74a0b6dd776994b"`
			`},`
			`{`
			`"category": "External analysis",`
			`"comment": "fdsvc.exe - Xchecked via VT: 9914075cc687bdc352ee136ac6579707",`
			`"deleted": false,`
			`"disable_correlation": false,`
			`"timestamp": "1487600868",`
			`"to_ids": false,`
			`"type": "link",`
			`"uuid": "58aafce4-a3dc-4f76-b51e-4a8a02de0b81",`
			`"value": "https://www.virustotal.com/file/cd10ffb7a88f0d2ec69326e7a13f00b9ed211a3a719f89a755a29494ff1142e6/analysis/1487564884/"`
			`},`
			`{`
			`"category": "Payload delivery",`
			`"comment": "fdsvc.dll - Xchecked via VT: 9cc6854bc5e217104734043c89dc4ff8",`
			`"deleted": false,`
			`"disable_correlation": false,`
			`"timestamp": "1487600869",`
			`"to_ids": true,`
			`"type": "sha256",`
			`"uuid": "58aafce5-02c4-4787-aac4-499f02de0b81",`
			`"value": "752b8e93a8f6803b265dd3a7cd39df86997cf99900426635b1b97dd665bd7f9f"`
			`},`
			`{`
			`"category": "Payload delivery",`
			`"comment": "fdsvc.dll - Xchecked via VT: 9cc6854bc5e217104734043c89dc4ff8",`
			`"deleted": false,`
			`"disable_correlation": false,`
			`"timestamp": "1487600870",`
			`"to_ids": true,`
			`"type": "sha1",`
			`"uuid": "58aafce6-bfe4-42e1-9581-498702de0b81",`
			`"value": "11568dffd6325ade217fbe49ce56a3ee5001cbcc"`
			`},`
			`{`
			`"category": "External analysis",`
			`"comment": "fdsvc.dll - Xchecked via VT: 9cc6854bc5e217104734043c89dc4ff8",`
			`"deleted": false,`
			`"disable_correlation": false,`
			`"timestamp": "1487600871",`
			`"to_ids": false,`
			`"type": "link",`
			`"uuid": "58aafce7-bfa4-433b-a122-40b702de0b81",`
			`"value": "https://www.virustotal.com/file/752b8e93a8f6803b265dd3a7cd39df86997cf99900426635b1b97dd665bd7f9f/analysis/1487229167/"`
			`},`
			`{`
			`"category": "Payload delivery",`
			`"comment": "cambio.swf - Xchecked via VT: 6dffcfa68433f886b2e88fd984b4995a",`
			`"deleted": false,`
			`"disable_correlation": false,`
			`"timestamp": "1487600871",`
			`"to_ids": true,`
			`"type": "sha256",`
			`"uuid": "58aafce7-0964-457a-bfd5-4fdc02de0b81",`
			`"value": "c1b29afcfddb79cfd57545b8600922150843ae2b170fff9aeacdeaa17adbf792"`
			`},`
			`{`
			`"category": "Payload delivery",`
			`"comment": "cambio.swf - Xchecked via VT: 6dffcfa68433f886b2e88fd984b4995a",`
			`"deleted": false,`
			`"disable_correlation": false,`
			`"timestamp": "1487600872",`
			`"to_ids": true,`
			`"type": "sha1",`
			`"uuid": "58aafce8-a700-4de1-9e84-475f02de0b81",`
			`"value": "ba5a2230ff2068b7fb22de3b83031457d18c3298"`
			`},`
			`{`
			`"category": "External analysis",`
			`"comment": "cambio.swf - Xchecked via VT: 6dffcfa68433f886b2e88fd984b4995a",`
			`"deleted": false,`
			`"disable_correlation": false,`
			`"timestamp": "1487600873",`
			`"to_ids": false,`
			`"type": "link",`
			`"uuid": "58aafce9-8adc-4463-8c5a-467a02de0b81",`
			`"value": "https://www.virustotal.com/file/c1b29afcfddb79cfd57545b8600922150843ae2b170fff9aeacdeaa17adbf792/analysis/1487563770/"`
			`},`
			`{`
			`"category": "Payload delivery",`
			`"comment": "The file fdsvc.dll is an encrypted file, successfully decrypted into a valid DLL (MD5: 889e320cf66520485e1a0475107d7419) by the aforementioned executable fdsvc.exe. - Xchecked via VT: 889e320cf66520485e1a0475107d7419",`
			`"deleted": false,`
			`"disable_correlation": false,`
			`"timestamp": "1487600874",`
			`"to_ids": true,`
			`"type": "sha256",`
			`"uuid": "58aafcea-8700-4a01-99c5-4ed902de0b81",`
			`"value": "8cad61422d032119219f465331308c5a61e21c9a3a431b88e1f8b25129b7e2a1"`
			`},`
			`{`
			`"category": "Payload delivery",`
			`"comment": "The file fdsvc.dll is an encrypted file, successfully decrypted into a valid DLL (MD5: 889e320cf66520485e1a0475107d7419) by the aforementioned executable fdsvc.exe. - Xchecked via VT: 889e320cf66520485e1a0475107d7419",`
			`"deleted": false,`
			`"disable_correlation": false,`
			`"timestamp": "1487600874",`
			`"to_ids": true,`
			`"type": "sha1",`
			`"uuid": "58aafcea-c968-4940-9c36-44d902de0b81",`
			`"value": "f5fc9d893ae99f97e43adcef49801782daced2d7"`
			`},`
			`{`
			`"category": "External analysis",`
			`"comment": "The file fdsvc.dll is an encrypted file, successfully decrypted into a valid DLL (MD5: 889e320cf66520485e1a0475107d7419) by the aforementioned executable fdsvc.exe. - Xchecked via VT: 889e320cf66520485e1a0475107d7419",`
			`"deleted": false,`
			`"disable_correlation": false,`
			`"timestamp": "1487600875",`
			`"to_ids": false,`
			`"type": "link",`
			`"uuid": "58aafceb-7740-4c6c-97b2-4bce02de0b81",`
			`"value": "https://www.virustotal.com/file/8cad61422d032119219f465331308c5a61e21c9a3a431b88e1f8b25129b7e2a1/analysis/1487179033/"`
			`},`
			`{`
			`"category": "Artifacts dropped",`
			`"comment": "",`
			`"deleted": false,`
			`"disable_correlation": false,`
			`"timestamp": "1487600922",`
			`"to_ids": true,`
			`"type": "filename",`
			`"uuid": "58aafd1a-be48-4ca5-af2e-482f950d210f",`
			`"value": "cambio.xap"`
			`},`
			`{`
			`"category": "Artifacts dropped",`
			`"comment": "",`
			`"deleted": false,`
			`"disable_correlation": false,`
			`"timestamp": "1487600922",`
			`"to_ids": true,`
			`"type": "filename",`
			`"uuid": "58aafd1a-e8e8-4275-a0b3-4ceb950d210f",`
			`"value": "mark180789172360.ico"`
			`},`
			`{`
			`"category": "Artifacts dropped",`
			`"comment": "",`
			`"deleted": false,`
			`"disable_correlation": false,`
			`"timestamp": "1487600923",`
			`"to_ids": true,`
			`"type": "filename",`
			`"uuid": "58aafd1b-7ca8-4258-a429-4787950d210f",`
			`"value": "meml102783047891.dat"`
			`},`
			`{`
			`"category": "Artifacts dropped",`
			`"comment": "",`
			`"deleted": false,`
			`"disable_correlation": false,`
			`"timestamp": "1487600924",`
			`"to_ids": true,`
			`"type": "filename",`
			`"uuid": "58aafd1c-cc98-4a0c-9c3c-40b0950d210f",`
			`"value": "back283671047171.dat"`
			`},`
			`{`
			`"category": "Network activity",`
			`"comment": "",`
			`"deleted": false,`
			`"disable_correlation": false,`
			`"timestamp": "1487600957",`
			`"to_ids": false,`
			`"type": "pattern-in-traffic",`
			`"uuid": "58aafd3d-a418-4a76-9462-4dcb950d210f",`
			`"value": "view.jsp?pagenum=1"`
			`},`
			`{`
			`"category": "Network activity",`
			`"comment": "",`
			`"deleted": false,`
			`"disable_correlation": false,`
			`"timestamp": "1487600958",`
			`"to_ids": false,`
			`"type": "pattern-in-traffic",`
			`"uuid": "58aafd3e-eb98-4596-96f1-4b43950d210f",`
			`"value": "view.jsp?uid="`
			`}`
			`]`
			`}`
			`}`