adulau/misp-circl-feed
1
0
Fork 0
Code Issues 1 Pull requests Projects 1 Releases Packages Wiki Activity Actions
misp-circl-feed/feeds/circl/misp/5b6edeb7-5088-4fe9-89ab-40e902de0b81.json

552 lines
183 KiB
JSON
Raw Normal View History

chg: [feed] added
2023-04-21 13:25:09 +00:00
{
"Event": {
"analysis": "0",
"date": "2018-07-31",
"extends_uuid": "",
"info": "OSINT - Malware Analysis Report (AR18-221A) MAR-10135536-17 \u00e2\u20ac\u201c North Korean Trojan: KEYMARBLE- MAR-10135536.r17.v1",
"publish_timestamp": "1533997509",
"published": true,
"threat_level_id": "3",
"timestamp": "1533997473",
"uuid": "5b6edeb7-5088-4fe9-89ab-40e902de0b81",
"Orgc": {
"name": "CIRCL",
"uuid": "55f6ea5e-2c60-40e5-964f-47a8950d210f"
},
"Tag": [
{
"colour": "#ffffff",
"name": "tlp:white"
},
{
"colour": "#0029ff",
"name": "estimative-language:confidence-in-analytic-judgment=\"high\""
},
{
"colour": "#0088cc",
"name": "misp-galaxy:tool=\"KEYMARBLE\""
},
{
"colour": "#13eb00",
"name": "misp-galaxy:threat-actor=\"Lazarus Group\""
}
],
"Attribute": [
{
"category": "External analysis",
"comment": "",
"data": "iVBORw0KGgoAAAANSUhEUgAAAcgAAAJYCAYAAADmL3Y0AAAWcWlDQ1BJQ0MgUHJvZmlsZQAAeJyVmAVUVF+3wM+dZIYZaugeYuju7u4OERiG7i4DREUFpaQkFFBBREEpEVTCAJFGQhElRERRMRAElTf6f+L7vvW+9dY7a905v7vn3H33vfvss8++ALD3kSMjQ2EMAISFx0bbm+jzu7q586MXABzAABLQAQkyJSZSz9bWEvzH9nUSQL/6calfuv7zuP+1Mfr6xVAAgGyp7OMbQwmjcjP1GKBERscCAE+lygUTYiN/8QUqM0dTDaRy2y8O+IcHfrHPPzz3e4yjvQGVvwBAgyOTowMAwP26F388JYCqB8cPAIop3DcoHAAmRSprUwLJvgCwU/8DkmFhEb+4gsqiPv9DT8C/6PTZ1UkmB+zyP8/yu9EYBsVEhpKT/p+v4/9uYaFxf+4hQD1wgdGm9tReiPrOLoVEWOxyuI+1zR8O8v09/jcHxpk6/WFKjIH7H/YlG1r84bgQJ70/TI7+e21QrJnjH46OsN/V7xdj5LCr38/McteGUOtd9g8yNvvDyYGOLn84PsjZ+g/HhDhY/B1jsCuPjrPftdk/2nj3GcNi/tpGIf+1ITbQ0fSvba67Nvj6GRrtysOddsdHxurv6owMtd0d7xdqsiuPiXfYvTaWOsH+cDDZ3PavHtvd9wMsgREwBPzAAASBcOAHwgCZemZIPYsBkSCUepYU65f4a84Bg4jIpOiggMBYfj1qBPnxm4VTpCX55WXlVAH4FY//uPuz/e84g1iH/8qiqNerqwEAK/8rI0sA0C5JDYMrf2VCygDQlgLQsUiJi47/R4b49YMEWEAPmAEH4AWCQBRIAXmgDDSALtV6c2ADHIEb8AQUEEi1PxokgP3gEEgHmSAHFIAScA6cB5fAVdAIboBboBs8AI/ACJgAM2AOLIG3YA18BdsQBKEhPESAOCA+SBiSgOQhVUgbMoIsIXvIDfKGAqBwKA7aDx2GMqE8qASqhGqh69BNqBt6CI1CT6B5aAX6BG3B4DAcjBnGAyPBZGCqMD2YBcwRthcWAIuCJcOOwLJgxbAq2BVYK6wb9gg2AZuDvYWtwwGcFs4KJ8Kl4KpwA7gN3B3uD4+GH4RnwAvhVfB6eDu8Fz4On4Ovwr8hUAgCgh8hhdBAmCKcEBREFOIg4iSiBHEJ0Yq4hxhHzCPWED+ReCQ3UgKpjjRDuiIDkAnIdGQhshrZgryPnEAuIb+iUChWlAhKBWWKckMFo/ahTqLKUQ2oLtQoahG1jkajOdASaC20DZqMjkWno8+gr6A70WPoJfQmDS0NH408jTGNO004TRpNIc1lmjs0YzTLNNsYBowwRh1jg/HFJGGyMRcw7ZhhzBJmG8uIFcFqYR2xwdhD2GJsPfY+9hn2My0trQCtGq0dbRBtKm0x7TXaPtp52m84Jpw4zgDngYvDZeFqcF24J7jPeDyehNfFu+Nj8Vn4Wvxd/HP8Jh2BTprOjM6XLoWulK6VbozuPT2GXphej96TPpm+kL6Jfph+lQHDQGIwYCAzHGQoZbjJMMWwzkhglGO0YQxjPMl4mfEh42smNBOJyYjJl+kI03mmu0yLBDhBkGBAoBAOEy4Q7hOWmFHMIsxmzMHMmcxXmYeY11iYWBRZnFkSWUpZbrPMscJZSaxmrKGs2ayNrJOsW2w8bHpsfmwn2OrZxtg22LnYddn92DPYG9gn2Lc4+DmMOEI4cjlucMxyIjjFOe04EzjPct7nXOVi5tLgonBlcDVyPeWGcYtz23Pv4z7PPcC9zsPLY8ITyXOG5y7PKi8rry5vMG8+7x3eFT4CnzZfEF8+XyffG34Wfj3+UP5i/nv8a0RuoikxjlhJHCJuC4gIOAmkCTQIzApiBVUF/QXzBXsE14T4hKyE9gvVCT0VxgirCgcKFwn3Cm+QREgupGOkG6TXIuwiZiLJInUiz0TxojqiUaJVoo/FUGKqYiFi5WIj4jBxJfFA8VLxYQmYhLJEkES5xKgkUlJNMlyySnJKCielJxUvVSc1L80qbSmdJn1D+r2MkIy7TK5Mr8xPWSXZUNkLsjNyTHLmcmly7XKf5MXlKfKl8o8V8ArGCikKbQofFSUU/RTPKk4rEZSslI4p9Sj9UFZRjlauV15REVLxVilTmVJlVrVVPanap4ZU01dLUbul9k1dWT1WvVH9g4aURojGZY3XmiKafpoXNBe1BLTIWpVac9r82t7aFdpzOkQdsk6VzoKuoK6vbrXusp6YXrDeFb33+rL60fot+hsG6gYHDLoM4YYmhhmGQ0ZMRk5GJUbPjQWMA4zrjNdMlEz2mXSZIk0tTHNNp8x4zChmtWZr5irmB8zvWeAsHCxKLBYsxS2jLdutYFbmVqetnlkLW4db37ABNmY2p21mbUVso2w77FB2tnaldq/s5ez32/c6EBy8HC47fHXUd8x2nHESdYpz6nGmd/ZwrnXecDF0yXOZc5VxPeD6yI3TLcitzR3t7uxe7b6+x2hPwZ4lDyWPdI/JvSJ7E/c+9OT0DPW87UXvRfZq8kZ6u3hf9v5OtiFXkdd9zHzKfNYoBpQiyltfXd983xU/Lb88v2V/Lf88/9cBWgGnA1YCdQILA1eDDIJKgj4GmwafC94IsQmpCdkJdQltCKMJ8w67Gc4UHhJ+L4I3IjFiNFIiMj1yLko9qiBqLdoiujoGitkb0xbLTN34DMSJxh2Nm4/Xji+N30xwTmhKZEwMTxxIEk86kbScbJx8cR9iH2Vfz37i/kP75w/oHag8CB30OdiTIphyJGUp1ST10iHsoZBDg2myaXlpXw67HG4/wnMk9cjiUZOjdel06dHpU8c0jp07jjgedHzohMKJMyd+Zvhm9GfKZhZmfj9JOdl/Su5U8amdLP+soWzl7LM5qJzwnMlcndxLeYx5yXmLp61Ot+bz52fkfynwKnhYqFh4rghbFFc0V2xZ3HZG6EzOme8lgSUTpfqlDWXcZSfKNsp9y8fO6p6tP8dzLvPcVkVQxXSlSWVrFamq8DzqfPz5VxecL/ReVL1YW81ZnVn9oya8Zu6S/aV7tSq1tZe5L2fXweri6laueFwZuWp4ta1eqr6ygbUh8xq4FnftzXXv65ONFo09TapN9c3CzWUthJaMVqg1qXXtRuCNuTa3ttGb5jd72jXaWzqkO2puEW+V3ma5nX0He+fInZ3O5M71rsiu1e6A7sUer56Zu653H9+zuzd03+J+3wPjB3d79Xo7+7T6bj1Uf3izX7X/xiPlR60DSgMtg0qDLUPKQ63DKsNtI2oj7aOao3fGdMa6xw3HHzw2e/xownpidNJpcnrKY2pu2nf69ZPQJx+fxj/dnkl9hnyWMcswW/ic+3nVC7EXDXPKc7fnDecHFhwWZhYpi29fxrz8vnTkFf5V4TLfcu1r+de3VoxXRt7sebP0NvLt9mr6O8Z3Ze9F3zd/0P0wsOa6tvQx+uPOp5OfOT7XfFH80rNuu/78a9jX7Y2MTY7NS99Uv/VuuWwtbyd8R38v/iH2o/2nxc9nO2E7O5HkaPLvrQCcesD8/QH4VAMA3g0AwggAWLp/9sv/3eDUzQeM2jtD0tBbWDncEyGGRCM/olbQUzQvMPPYDRwST6KzoI9lqGCcItAya7MkszawLXOIc5K5iriHeZF8Svx+xCyBRsExofckmAidKL0YLXXl+ybxTnJealz6rkyL7AW5HPkDCsGKzkq6yuIqBJXvqktqA+rNGmWah7WCte11tHUl9fj0WQ0YDDFGCKMfxhsma6avzebMpy2GLO9b3bJusrlqe9mu1v6yw1XHBqfrzk0uTa7Nbs3uTXsaPa7vbfBs8Gr0biN3+wxQnvi+8vvivxNIG8QaLBAiEaoUphNuFuEU6ReVEH0qpjq2M246/mMiJok/WWWf9X7KgcSDGSlFqRWHKtPOHS4+kn00PX3fsajj/ifcM6wz9U4qnRLN4s5myqHNxeTRnmbIZy8gFkoUKRZrnTEqsSp1KttTTjkbci62IrUyp6ryfMuF/osvqr9coqnlvixTp3/F6WpAfWLD8WuF16sa65qamttbOl
"deleted": false,
"disable_correlation": false,
"timestamp": "1533992631",
"to_ids": false,
"type": "attachment",
"uuid": "7efc00cd-5af3-43af-b69c-847f4bc9abd2",
"value": "Figure 1"
},
{
"category": "Network activity",
"comment": "",
"deleted": false,
"disable_correlation": false,
"timestamp": "1533992632",
"to_ids": false,
"type": "port",
"uuid": "bfbbf011-8144-4495-98dd-bbbcf0649f53",
"value": "443"
},
{
"category": "Network activity",
"comment": "",
"deleted": false,
"disable_correlation": false,
"timestamp": "1533992632",
"to_ids": true,
"type": "ip-dst",
"uuid": "df0f4d9a-90a4-4abf-a43d-60916a15f563",
"value": "212.143.21.43"
},
{
"category": "Network activity",
"comment": "",
"deleted": false,
"disable_correlation": false,
"timestamp": "1533992633",
"to_ids": true,
"type": "ip-dst",
"uuid": "bbd1ad42-db78-4ebd-9957-74ae70de8b4b",
"value": "100.43.153.60"
},
{
"category": "Network activity",
"comment": "",
"deleted": false,
"disable_correlation": false,
"timestamp": "1533992633",
"to_ids": true,
"type": "ip-dst",
"uuid": "bd1f34eb-d736-4b59-818f-64179291eccc",
"value": "104.194.160.59"
},
{
"category": "External analysis",
"comment": "",
"deleted": false,
"disable_correlation": false,
"timestamp": "1533996680",
"to_ids": false,
"type": "link",
"uuid": "5b6eee88-4620-4b7b-8619-62b802de0b81",
"value": "https://www.us-cert.gov/sites/default/files/publications/MAR-10135536.r17.v1.WHITE_stix.xml"
},
{
"category": "External analysis",
"comment": "",
"deleted": false,
"disable_correlation": false,
"timestamp": "1533997064",
"to_ids": false,
"type": "text",
"uuid": "5b6ef008-dcb8-46bf-8395-f5ee02de0b81",
"value": "This Malware Analysis Report (MAR) is the result of analytic efforts between Department of Homeland Security (DHS) and the Federal Bureau of Investigation (FBI). Working with U.S. Government partners, DHS and FBI identified Trojan malware variants used by the North Korean government. This malware variant has been identified as KEYMARBLE. The U.S. Government refers to malicious cyber activity by the North Korean government as HIDDEN COBRA. For more information on HIDDEN COBRA activity, visit https://www.us-cert.gov/hiddencobra.\r\n\r\nDHS and FBI are distributing this MAR to enable network defense and reduce exposure to North Korean government malicious cyber activity.\r\n\r\nThis MAR includes malware descriptions related to HIDDEN COBRA, suggested response actions and recommended mitigation techniques. Users or administrators should flag activity associated with the malware, report the activity to the DHS National Cybersecurity and Communications Integration Center (NCCIC) or the FBI Cyber Watch (CyWatch), and give the activity the highest priority for enhanced mitigation.\r\n\r\nThis malware report contains analysis of one 32-bit Windows executable file, identified as a Remote Access Trojan (RAT). This malware is capable of accessing device configuration data, downloading additional files, executing commands, modifying the registry, capturing screen shots, and exfiltrating data."
},
{
"category": "Artifacts dropped",
"comment": "",
"deleted": false,
"disable_correlation": false,
"timestamp": "1533997144",
"to_ids": true,
"type": "yara",
"uuid": "5b6ef058-7ff4-456d-a57a-407502de0b81",
"value": "rule rsa_modulus { meta: Author=\"NCCIC trusted 3rd party\" Incident=\"10135536\" Date = \"2018/04/19\" category = \"hidden_cobra\" family = \"n/a\" description = \"n/a\" strings: $n = \"bc9b75a31177587245305cd418b8df78652d1c03e9da0cfc910d6d38ee4191d40\" condition: (uint16(0) == 0x5A4D and uint16(uint32(0x3c)) == 0x4550) and any of them }"
},
{
"category": "External analysis",
"comment": "",
"deleted": false,
"disable_correlation": false,
"timestamp": "1533997470",
"to_ids": false,
"type": "link",
"uuid": "5b6ef19e-08f0-4065-9b61-494f02de0b81",
"value": "https://www.us-cert.gov/ncas/analysis-reports/AR18-221A"
}
],
"Object": [
{
"comment": "",
"deleted": false,
"description": "File object describing a file with meta-information",
"meta-category": "file",
"name": "file",
"template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215",
"template_version": "11",
"timestamp": "1533992633",
"uuid": "16f97fab-0abd-4e4f-92e8-bdd12f54787e",
"Attribute": [
{
"category": "Payload delivery",
"comment": "",
"deleted": false,
"disable_correlation": false,
"object_relation": "md5",
"timestamp": "1533992634",
"to_ids": true,
"type": "md5",
"uuid": "292822ff-8844-4e90-addd-c1fc18be4238",
"value": "704d491c155aad996f16377a35732cb4"
},
{
"category": "Payload delivery",
"comment": "",
"deleted": false,
"disable_correlation": false,
"object_relation": "sha1",
"timestamp": "1533992634",
"to_ids": true,
"type": "sha1",
"uuid": "c1b98bca-ab4d-425c-b03f-8432fb37589b",
"value": "d1410d073a6df8979712dd1b6122983f66d5bef8"
},
{
"category": "Payload delivery",
"comment": "",
"deleted": false,
"disable_correlation": false,
"object_relation": "sha256",
"timestamp": "1533992635",
"to_ids": true,
"type": "sha256",
"uuid": "4506f84a-d53e-4d89-8d3b-28671e2b2481",
"value": "e23900b00ffd67cd8dfa3283d9ced691566df6d63d1d46c95b22569b49011f09"
}
]
},
{
"comment": "",
"deleted": false,
"description": "Object describing a section of a Portable Executable",
"meta-category": "file",
"name": "pe-section",
"template_uuid": "198a17d2-a135-4b25-9a32-5aa4e632014a",
"template_version": "2",
"timestamp": "1533992635",
"uuid": "5b649f38-b13f-4f8f-8883-738637a0d947",
"Attribute": [
{
"category": "Other",
"comment": "",
"deleted": false,
"disable_correlation": true,
"object_relation": "entropy",
"timestamp": "1533992635",
"to_ids": false,
"type": "float",
"uuid": "87501f1e-8070-4c40-86e3-cc5e11549b48",
"value": "0.627182"
},
{
"category": "Payload delivery",
"comment": "",
"deleted": false,
"disable_correlation": false,
"object_relation": "md5",
"timestamp": "1533992635",
"to_ids": true,
"type": "md5",
"uuid": "901c4607-150d-45e4-82da-aa92cb0f71d4",
"value": "47f6fac41465e01dda5eac297ab250db"
},
{
"category": "Other",
"comment": "",
"deleted": false,
"disable_correlation": true,
"object_relation": "size-in-bytes",
"timestamp": "1533992636",
"to_ids": false,
"type": "size-in-bytes",
"uuid": "f904826e-c965-4b92-9469-d54c1c4d8269",
"value": "4096"
}
]
},
{
"comment": "",
"deleted": false,
"description": "Object describing a section of a Portable Executable",
"meta-category": "file",
"name": "pe-section",
"template_uuid": "198a17d2-a135-4b25-9a32-5aa4e632014a",
"template_version": "2",
"timestamp": "1533992636",
"uuid": "ba2275da-03b3-457c-b216-9dfa3bc77834",
"Attribute": [
{
"category": "Payload delivery",
"comment": "",
"deleted": false,
"disable_correlation": false,
"object_relation": "md5",
"timestamp": "1533992636",
"to_ids": true,
"type": "md5",
"uuid": "6e7b2cc6-71ae-44d0-87f1-4398cd9f103b",
"value": "30d34a8f4c29d7c2feb0f6e2b102b0a4"
},
{
"category": "Other",
"comment": "",
"deleted": false,
"disable_correlation": true,
"object_relation": "entropy",
"timestamp": "1533992636",
"to_ids": false,
"type": "float",
"uuid": "aeafa205-6148-41e4-9e4c-b72966d32f36",
"value": "6.633409"
},
{
"category": "Other",
"comment": "",
"deleted": false,
"disable_correlation": true,
"object_relation": "name",
"timestamp": "1533992636",
"to_ids": false,
"type": "text",
"uuid": "7ba5e83a-5400-4b58-9e83-2760aab368a9",
"value": ".text"
},
{
"category": "Other",
"comment": "",
"deleted": false,
"disable_correlation": true,
"object_relation": "size-in-bytes",
"timestamp": "1533992636",
"to_ids": false,
"type": "size-in-bytes",
"uuid": "99d04340-7c40-41f7-888c-cb53b9446aab",
"value": "94208"
}
]
},
{
"comment": "",
"deleted": false,
"description": "Object describing a section of a Portable Executable",
"meta-category": "file",
"name": "pe-section",
"template_uuid": "198a17d2-a135-4b25-9a32-5aa4e632014a",
"template_version": "2",
"timestamp": "1533992637",
"uuid": "f7a867e5-1222-4fa2-87d2-9294cd9575b9",
"Attribute": [
{
"category": "Payload delivery",
"comment": "",
"deleted": false,
"disable_correlation": false,
"object_relation": "md5",
"timestamp": "1533992637",
"to_ids": true,
"type": "md5",
"uuid": "63f56ca4-a8f2-492d-a257-61494657b7b0",
"value": "77f4a11d375f0f35b64a0c43fab947b8"
},
{
"category": "Other",
"comment": "",
"deleted": false,
"disable_correlation": true,
"object_relation": "entropy",
"timestamp": "1533992637",
"to_ids": false,
"type": "float",
"uuid": "c971ad13-75d9-4782-9283-e6c59125a6ee",
"value": "5.054283"
},
{
"category": "Other",
"comment": "",
"deleted": false,
"disable_correlation": true,
"object_relation": "name",
"timestamp": "1533992637",
"to_ids": false,
"type": "text",
"uuid": "6297c420-bea6-453b-8d20-630820579075",
"value": ".rdata"
},
{
"category": "Other",
"comment": "",
"deleted": false,
"disable_correlation": true,
"object_relation": "size-in-bytes",
"timestamp": "1533992637",
"to_ids": false,
"type": "size-in-bytes",
"uuid": "37b0366d-fb15-4803-90b5-76f45a7827b2",
"value": "8192"
}
]
},
{
"comment": "",
"deleted": false,
"description": "Object describing a section of a Portable Executable",
"meta-category": "file",
"name": "pe-section",
"template_uuid": "198a17d2-a135-4b25-9a32-5aa4e632014a",
"template_version": "2",
"timestamp": "1533992637",
"uuid": "47fa919a-9263-4d70-9c4c-7ceab62ae483",
"Attribute": [
{
"category": "Payload delivery",
"comment": "",
"deleted": false,
"disable_correlation": false,
"object_relation": "md5",
"timestamp": "1533992637",
"to_ids": true,
"type": "md5",
"uuid": "94e7e585-a25c-4a6e-9760-5818268ce552",
"value": "d4364f6d2f55a37f0036e9e0dc2c6a2b"
},
{
"category": "Other",
"comment": "",
"deleted": false,
"disable_correlation": true,
"object_relation": "entropy",
"timestamp": "1533992638",
"to_ids": false,
"type": "float",
"uuid": "30a5d30a-a4ff-46eb-989e-79aadec715f7",
"value": "4.41698"
},
{
"category": "Other",
"comment": "",
"deleted": false,
"disable_correlation": true,
"object_relation": "name",
"timestamp": "1533992638",
"to_ids": false,
"type": "text",
"uuid": "f8282f7e-dcfb-4c0c-b93d-3cd1e2df6048",
"value": ".data"
},
{
"category": "Other",
"comment": "",
"deleted": false,
"disable_correlation": true,
"object_relation": "size-in-bytes",
"timestamp": "1533992638",
"to_ids": false,
"type": "size-in-bytes",
"uuid": "f44bb8a1-0fee-45fc-b7f5-5d710418e703",
"value": "20480"
}
]
},
{
"comment": "",
"deleted": false,
"description": "Object describing a Portable Executable",
"meta-category": "file",
"name": "pe",
"template_uuid": "cf7adecc-d4f0-4e88-9d90-f978ee151a07",
"template_version": "3",
"timestamp": "1533992641",
"uuid": "493ad67c-c54a-406b-9c6b-270c30b4bf77",
"ObjectReference": [
{
"comment": "",
"object_uuid": "493ad67c-c54a-406b-9c6b-270c30b4bf77",
"referenced_uuid": "5b649f38-b13f-4f8f-8883-738637a0d947",
"relationship_type": "header-of",
"timestamp": "1533992641",
"uuid": "5b6edec1-b5ec-4cb0-afac-427702de0b81"
},
{
"comment": "",
"object_uuid": "493ad67c-c54a-406b-9c6b-270c30b4bf77",
"referenced_uuid": "ba2275da-03b3-457c-b216-9dfa3bc77834",
"relationship_type": "included-in",
"timestamp": "1533992641",
"uuid": "5b6edec1-b540-43df-be7a-420d02de0b81"
},
{
"comment": "",
"object_uuid": "493ad67c-c54a-406b-9c6b-270c30b4bf77",
"referenced_uuid": "f7a867e5-1222-4fa2-87d2-9294cd9575b9",
"relationship_type": "included-in",
"timestamp": "1533992642",
"uuid": "5b6edec2-3e5c-4b7b-887a-4d9d02de0b81"
},
{
"comment": "",
"object_uuid": "493ad67c-c54a-406b-9c6b-270c30b4bf77",
"referenced_uuid": "47fa919a-9263-4d70-9c4c-7ceab62ae483",
"relationship_type": "included-in",
"timestamp": "1533992642",
"uuid": "5b6edec2-56f8-41f8-9fb6-4dbe02de0b81"
}
],
"Attribute": [
{
"category": "Payload delivery",
"comment": "",
"deleted": false,
"disable_correlation": true,
"object_relation": "internal-filename",
"timestamp": "1533992638",
"to_ids": true,
"type": "filename",
"uuid": "435929fc-94e7-4e1a-9c03-8587f5c068c2",
"value": "704d491c155aad996f16377a35732cb4"
},
{
"category": "Payload delivery",
"comment": "",
"deleted": false,
"disable_correlation": true,
"object_relation": "original-filename",
"timestamp": "1533992638",
"to_ids": true,
"type": "filename",
"uuid": "8612afc4-f7e6-4f9e-b6cf-25915b52bbbb",
"value": "704d491c155aad996f16377a35732cb4"
},
{
"category": "Other",
"comment": "",
"deleted": false,
"disable_correlation": true,
"object_relation": "number-sections",
"timestamp": "1533992638",
"to_ids": false,
"type": "counter",
"uuid": "d82f3787-dc51-40db-88c7-00f214fe75ca",
"value": "4"
}
]
},
{
"comment": "",
"deleted": false,
"description": "VirusTotal report",
"meta-category": "misc",
"name": "virustotal-report",
"template_uuid": "d7dd0154-e04f-4c34-a2fb-79f3a3a52aa4",
"template_version": "2",
"timestamp": "1533997269",
"uuid": "9ea335b7-1fd3-480c-9291-68d0adba0ee4",
"Attribute": [
{
"category": "Other",
"comment": "",
"deleted": false,
"disable_correlation": false,
"object_relation": "last-submission",
"timestamp": "1533997269",
"to_ids": false,
"type": "datetime",
"uuid": "49c46869-358b-4022-af6e-2e868878d88f",
"value": "2018-08-10T21:54:59"
},
{
"category": "External analysis",
"comment": "",
"deleted": false,
"disable_correlation": false,
"object_relation": "permalink",
"timestamp": "1533997269",
"to_ids": false,
"type": "link",
"uuid": "2d41d2f3-9296-4a9c-8554-e2ecaa9835e4",
"value": "https://www.virustotal.com/file/e23900b00ffd67cd8dfa3283d9ced691566df6d63d1d46c95b22569b49011f09/analysis/1533938099/"
},
{
"category": "Other",
"comment": "",
"deleted": false,
"disable_correlation": true,
"object_relation": "detection-ratio",
"timestamp": "1533997270",
"to_ids": false,
"type": "text",
"uuid": "41c8f6e7-7be4-46ff-8c5b-15a3548be032",
"value": "52/66"
}
]
}
]
}
}
Reference in a new issue Copy permalink