misp-circl-feed/feeds/circl/misp/5c4a2972-fd10-4470-936d-4d2a02de0b81.json

695 lines
99 KiB
JSON
Raw Normal View History

2023-04-21 13:25:09 +00:00
{
"Event": {
"analysis": "0",
"date": "2019-01-24",
"extends_uuid": "",
"info": "IOCs Associated with DNS Infrastructure Tampering",
"publish_timestamp": "1548364252",
"published": true,
"threat_level_id": "3",
"timestamp": "1548364213",
"uuid": "5c4a2972-fd10-4470-936d-4d2a02de0b81",
"Orgc": {
"name": "CIRCL",
"uuid": "55f6ea5e-2c60-40e5-964f-47a8950d210f"
},
"Tag": [
{
"colour": "#ffffff",
"name": "tlp:white"
},
{
"colour": "#004646",
"name": "type:OSINT"
},
{
"colour": "#0071c3",
"name": "osint:lifetime=\"perpetual\""
}
],
"Attribute": [
{
"category": "Other",
"comment": "Imported from STIX header description",
"deleted": false,
"disable_correlation": false,
"timestamp": "1548364147",
"to_ids": false,
"type": "comment",
"uuid": "95924852-631e-42e7-aa8b-c6a33b8b6f55",
"value": "The National Cybersecurity and Communications Integration Center (NCCIC), part of the Cybersecurity and Infrastructure Security Agency (CISA), is aware of a global Domain Name System (DNS) infrastructure hijacking campaign. Using compromised credentials, an attacker can modify the location to which an organization\u00e2\u20ac\u2122s domain name resources resolve. This enables the attacker to redirect user traffic to attacker-controlled infrastructure and obtain valid encryption certificates for an organization\u00e2\u20ac\u2122s domain names, enabling man-in-the-middle attacks."
},
{
"category": "Network activity",
"comment": "",
"deleted": false,
"disable_correlation": false,
"timestamp": "1548364147",
"to_ids": true,
"type": "url",
"uuid": "e0bc1d90-2009-11e9-82a3-d89ef344f46d",
"value": "http://hr-suncor.com/Suncor_employment_form.doc"
},
{
"category": "Network activity",
"comment": "",
"deleted": false,
"disable_correlation": false,
"timestamp": "1548364147",
"to_ids": true,
"type": "url",
"uuid": "e0bc1d93-2009-11e9-88e3-d89ef344f46d",
"value": "http://hr-wipro.com/Wipro_Working_Conditions.doc"
},
{
"category": "Network activity",
"comment": "",
"deleted": false,
"disable_correlation": false,
"timestamp": "1548364147",
"to_ids": true,
"type": "domain",
"uuid": "e0bc1d96-2009-11e9-9efa-d89ef344f46d",
"value": "hr-wipro.com"
},
{
"category": "Network activity",
"comment": "",
"deleted": false,
"disable_correlation": false,
"timestamp": "1548364147",
"to_ids": true,
"type": "domain",
"uuid": "e0bc1d99-2009-11e9-9294-d89ef344f46d",
"value": "hr-suncor.com"
},
{
"category": "Network activity",
"comment": "",
"deleted": false,
"disable_correlation": false,
"timestamp": "1548364147",
"to_ids": true,
"type": "domain",
"uuid": "e0bc1d9c-2009-11e9-af0f-d89ef344f46d",
"value": "0ffice36o.com"
},
{
"category": "Network activity",
"comment": "",
"deleted": false,
"disable_correlation": false,
"timestamp": "1548364147",
"to_ids": true,
"type": "ip-dst",
"uuid": "e0bc1d9f-2009-11e9-8bc6-d89ef344f46d",
"value": "185.20.184.138"
},
{
"category": "Network activity",
"comment": "",
"deleted": false,
"disable_correlation": false,
"timestamp": "1548364147",
"to_ids": true,
"type": "ip-dst",
"uuid": "e0bc1da2-2009-11e9-9b93-d89ef344f46d",
"value": "185.161.211.72"
},
{
"category": "Network activity",
"comment": "",
"deleted": false,
"disable_correlation": false,
"timestamp": "1548364147",
"to_ids": true,
"type": "ip-dst",
"uuid": "e0bc1db7-2009-11e9-b508-d89ef344f46d",
"value": "107.161.23.204"
},
{
"category": "Network activity",
"comment": "",
"deleted": false,
"disable_correlation": false,
"timestamp": "1548364147",
"to_ids": true,
"type": "ip-dst",
"uuid": "e0bc1da5-2009-11e9-b493-d89ef344f46d",
"value": "185.20.187.8"
},
{
"category": "Network activity",
"comment": "",
"deleted": false,
"disable_correlation": false,
"timestamp": "1548364147",
"to_ids": true,
"type": "ip-dst",
"uuid": "e0bc1da8-2009-11e9-b8b3-d89ef344f46d",
"value": "185.174.101.168"
},
{
"category": "Network activity",
"comment": "",
"deleted": false,
"disable_correlation": false,
"timestamp": "1548364147",
"to_ids": true,
"type": "ip-dst",
"uuid": "e0bc1db1-2009-11e9-8d13-d89ef344f46d",
"value": "192.161.187.200"
},
{
"category": "Network activity",
"comment": "",
"deleted": false,
"disable_correlation": false,
"timestamp": "1548364147",
"to_ids": true,
"type": "ip-dst",
"uuid": "e0bc1dab-2009-11e9-9492-d89ef344f46d",
"value": "185.161.211.79"
},
{
"category": "Network activity",
"comment": "",
"deleted": false,
"disable_correlation": false,
"timestamp": "1548364147",
"to_ids": true,
"type": "ip-dst",
"uuid": "e0bc1dae-2009-11e9-881a-d89ef344f46d",
"value": "185.236.78.63"
},
{
"category": "Network activity",
"comment": "",
"deleted": false,
"disable_correlation": false,
"timestamp": "1548364147",
"to_ids": true,
"type": "ip-dst",
"uuid": "e0bc1db4-2009-11e9-a9d7-d89ef344f46d",
"value": "209.141.38.71"
}
],
"Object": [
{
"comment": "",
"deleted": false,
"description": "File object describing a file with meta-information",
"meta-category": "file",
"name": "file",
"template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215",
"template_version": "15",
"timestamp": "1548364147",
"uuid": "e0bc1dba-2009-11e9-babc-d89ef344f46d",
"Attribute": [
{
"category": "Payload delivery",
"comment": "",
"deleted": false,
"disable_correlation": false,
"object_relation": "md5",
"timestamp": "1548364147",
"to_ids": true,
"type": "md5",
"uuid": "dbcb73a9-0d0d-4f20-bd52-b7d3d1e49f35",
"value": "9c8507a1fd7d2579777723b53fee1f3e"
},
{
"category": "Payload delivery",
"comment": "",
"deleted": false,
"disable_correlation": false,
"object_relation": "sha1",
"timestamp": "1548364147",
"to_ids": true,
"type": "sha1",
"uuid": "4383b10e-f3ad-48c2-b1cc-e35a1677fda3",
"value": "48b620df71087bd333284c91e52f0cfed1f2d00e"
},
{
"category": "Payload delivery",
"comment": "",
"deleted": false,
"disable_correlation": false,
"object_relation": "sha256",
"timestamp": "1548364147",
"to_ids": true,
"type": "sha256",
"uuid": "1361adb9-5eb2-4e86-92c3-5941526bef83",
"value": "82285b6743cc5e3545d8e67740a4d04c5aed138d9f31d7c16bd11188a2042969"
}
]
},
{
"comment": "",
"deleted": false,
"description": "File object describing a file with meta-information",
"meta-category": "file",
"name": "file",
"template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215",
"template_version": "15",
"timestamp": "1548364189",
"uuid": "e0be6782-2009-11e9-b60b-d89ef344f46d",
"ObjectReference": [
{
"comment": "",
"object_uuid": "e0be6782-2009-11e9-b60b-d89ef344f46d",
"referenced_uuid": "d6bc7998-9cad-4353-851f-f31860ed8366",
"relationship_type": "analysed-with",
"timestamp": "1548364190",
"uuid": "5c4a299e-afcc-42d9-99a8-cf2902de0b81"
}
],
"Attribute": [
{
"category": "Payload delivery",
"comment": "",
"deleted": false,
"disable_correlation": false,
"object_relation": "md5",
"timestamp": "1548364147",
"to_ids": true,
"type": "md5",
"uuid": "5f21eaaa-080c-4691-8089-a05353c60139",
"value": "807482efce3397ece64a1ded3d436139"
},
{
"category": "Payload delivery",
"comment": "",
"deleted": false,
"disable_correlation": false,
"object_relation": "sha1",
"timestamp": "1548364147",
"to_ids": true,
"type": "sha1",
"uuid": "52ba1f40-444d-42a9-a65e-e98f5e58f248",
"value": "9ea865e000e3e15cec15efc466801bb181ba40a1"
},
{
"category": "Payload delivery",
"comment": "",
"deleted": false,
"disable_correlation": false,
"object_relation": "sha256",
"timestamp": "1548364147",
"to_ids": true,
"type": "sha256",
"uuid": "a75749b1-7257-4518-b391-d1051acc2d59",
"value": "9ea577a4b3faaf04a3bddbfcb934c9752bed0d0fc579f2152751c5f6923f7e14"
},
{
"category": "Payload delivery",
"comment": "",
"deleted": false,
"disable_correlation": false,
"object_relation": "ssdeep",
"timestamp": "1548364147",
"to_ids": true,
"type": "ssdeep",
"uuid": "eb3b1e93-e901-410b-b868-40e88d36b7d1",
"value": "6144:2LOUuU4uDIOjsHFtXwIUPgTiN13sh/2xWoV/hGkWC92Vr3Lu19RmAMZQzm18IBHf:tU4jdltXwnQ01txj4kB257qmJkm1ldU"
},
{
"category": "Payload delivery",
"comment": "",
"deleted": false,
"disable_correlation": true,
"object_relation": "filename",
"timestamp": "1548364147",
"to_ids": true,
"type": "filename",
"uuid": "f416e4da-0063-4bdc-887d-9a70375865ac",
"value": "Suncor_employment_form.doc"
},
{
"category": "Other",
"comment": "",
"deleted": false,
"disable_correlation": true,
"object_relation": "size-in-bytes",
"timestamp": "1548364147",
"to_ids": true,
"type": "size-in-bytes",
"uuid": "b7ca8d21-53d2-4414-a9c9-a3716fc79d77",
"value": "623616"
}
]
},
{
"comment": "",
"deleted": false,
"description": "File object describing a file with meta-information",
"meta-category": "file",
"name": "file",
"template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215",
"template_version": "15",
"timestamp": "1548364189",
"uuid": "e0be6785-2009-11e9-9867-d89ef344f46d",
"ObjectReference": [
{
"comment": "",
"object_uuid": "e0be6785-2009-11e9-9867-d89ef344f46d",
"referenced_uuid": "a576549e-7bae-4dd1-a5f3-4e0a66209a64",
"relationship_type": "analysed-with",
"timestamp": "1548364190",
"uuid": "5c4a299e-794c-44f7-9897-cf2902de0b81"
}
],
"Attribute": [
{
"category": "Payload delivery",
"comment": "",
"deleted": false,
"disable_correlation": false,
"object_relation": "md5",
"timestamp": "1548364147",
"to_ids": true,
"type": "md5",
"uuid": "d1aac8b5-6e51-4c62-b9c1-8d31dddc3514",
"value": "c00c9f6ebf2979292d524acff19dd306"
},
{
"category": "Payload delivery",
"comment": "",
"deleted": false,
"disable_correlation": false,
"object_relation": "sha1",
"timestamp": "1548364147",
"to_ids": true,
"type": "sha1",
"uuid": "0bce9b59-6af6-4841-9055-efc24a52c639",
"value": "1022620da25db2497dc237adedb53755e6b859e3"
},
{
"category": "Payload delivery",
"comment": "",
"deleted": false,
"disable_correlation": false,
"object_relation": "sha256",
"timestamp": "1548364147",
"to_ids": true,
"type": "sha256",
"uuid": "91a51b5c-475f-48c5-b028-7878ba19fe3f",
"value": "45a9edb24d4174592c69d9d37a534a518fbe2a88d3817fc0cc739e455883b8ff"
},
{
"category": "Payload delivery",
"comment": "",
"deleted": false,
"disable_correlation": false,
"object_relation": "ssdeep",
"timestamp": "1548364147",
"to_ids": true,
"type": "ssdeep",
"uuid": "35956850-ee9f-4d71-a1c1-a84fcb2282e9",
"value": "3072:t3zwUAyRvKFnQStbQQYZrmQC2mCe0t4zu9Cv/QQ3TFnDSF0bNg0+B0tguKtEfT5s:dydXtbiktzu96QItD46NgjA0mFs"
},
{
"category": "Other",
"comment": "",
"deleted": false,
"disable_correlation": true,
"object_relation": "size-in-bytes",
"timestamp": "1548364147",
"to_ids": true,
"type": "size-in-bytes",
"uuid": "35d474a6-33e2-4417-bd09-df305a94d0f4",
"value": "368640"
}
]
},
{
"comment": "",
"deleted": false,
"description": "File object describing a file with meta-information",
"meta-category": "file",
"name": "file",
"template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215",
"template_version": "15",
"timestamp": "1548364189",
"uuid": "e0be6788-2009-11e9-9b1e-d89ef344f46d",
"ObjectReference": [
{
"comment": "",
"object_uuid": "e0be6788-2009-11e9-9b1e-d89ef344f46d",
"referenced_uuid": "1b2a8dae-f9e6-4d7a-bb5a-e5e27d5966e0",
"relationship_type": "analysed-with",
"timestamp": "1548364190",
"uuid": "5c4a299e-3688-4c89-b54d-cf2902de0b81"
}
],
"Attribute": [
{
"category": "Payload delivery",
"comment": "",
"deleted": false,
"disable_correlation": false,
"object_relation": "md5",
"timestamp": "1548364147",
"to_ids": true,
"type": "md5",
"uuid": "a0e34c9c-3527-48d5-a32b-ce8a6a43b2f2",
"value": "d2052cb9016dab6592c532d5ea47cb7e"
},
{
"category": "Payload delivery",
"comment": "",
"deleted": false,
"disable_correlation": false,
"object_relation": "sha1",
"timestamp": "1548364147",
"to_ids": true,
"type": "sha1",
"uuid": "2aa9d360-7963-49c4-989e-4644c03af4c5",
"value": "1c1fbda6ffc4d19be63a630bd2483f3d2f7aa1f5"
},
{
"category": "Payload delivery",
"comment": "",
"deleted": false,
"disable_correlation": false,
"object_relation": "sha256",
"timestamp": "1548364147",
"to_ids": true,
"type": "sha256",
"uuid": "624311a5-630e-4fe5-bc73-9700e7a15168",
"value": "2010f38ef300be4349e7bc287e720b1ecec678cacbf0ea0556bcf765f6e073ec"
},
{
"category": "Payload delivery",
"comment": "",
"deleted": false,
"disable_correlation": false,
"object_relation": "ssdeep",
"timestamp": "1548364147",
"to_ids": true,
"type": "ssdeep",
"uuid": "405ac9d7-8048-4810-882f-45e2c726468e",
"value": "3072:OL1w0Cyf/TYsq6wjRbQC2mCr2v4Q/DfvBgLCOledbqIyWu0jPhVyWxg/MB/RzS:Oz4xI1Q/DxWleNqgu0jpjZS"
},
{
"category": "Other",
"comment": "",
"deleted": false,
"disable_correlation": true,
"object_relation": "size-in-bytes",
"timestamp": "1548364147",
"to_ids": true,
"type": "size-in-bytes",
"uuid": "c5ebf0a0-f8a6-43a0-94ff-f165c17c7ea9",
"value": "372736"
}
]
},
{
"comment": "",
"deleted": false,
"description": "Object describing the original file used to import data in MISP.",
"meta-category": "file",
"name": "original-imported-file",
"template_uuid": "4cd560e9-2cfe-40a1-9964-7b2e797ecac5",
"template_version": "2",
"timestamp": "1548364147",
"uuid": "5c4a2973-421c-4138-9787-4b8902de0b81",
"Attribute": [
{
"category": "External analysis",
"comment": "",
"data": "PCEtLSBHZW5lcmF0ZWQgYnkgSUJUb29sIHYxLjF0IG9uIDAxLzI0LzIwMTkgLS0+CjxzdGl4OlNUSVhfUGFja2FnZSB4bWxuczpjeWJveENvbW1vbj0iaHR0cDovL2N5Ym94Lm1pdHJlLm9yZy9jb21tb24tMiIgeG1sbnM6Y3lib3g9Imh0dHA6Ly9jeWJveC5taXRyZS5vcmcvY3lib3gtMiIgeG1sbnM6Y3lib3hWb2NhYnM9Imh0dHA6Ly9jeWJveC5taXRyZS5vcmcvZGVmYXVsdF92b2NhYnVsYXJpZXMtMiIgeG1sbnM6QWRkcmVzc09iaj0iaHR0cDovL2N5Ym94Lm1pdHJlLm9yZy9vYmplY3RzI0FkZHJlc3NPYmplY3QtMiIgeG1sbnM6RG9tYWluTmFtZU9iaj0iaHR0cDovL2N5Ym94Lm1pdHJlLm9yZy9vYmplY3RzI0RvbWFpbk5hbWVPYmplY3QtMSIgeG1sbnM6RmlsZU9iaj0iaHR0cDovL2N5Ym94Lm1pdHJlLm9yZy9vYmplY3RzI0ZpbGVPYmplY3QtMiIgeG1sbnM6VVJJT2JqPSJodHRwOi8vY3lib3gubWl0cmUub3JnL29iamVjdHMjVVJJT2JqZWN0LTIiIHhtbG5zOm1hcmtpbmc9Imh0dHA6Ly9kYXRhLW1hcmtpbmcubWl0cmUub3JnL01hcmtpbmctMSIgeG1sbnM6dGxwTWFya2luZz0iaHR0cDovL2RhdGEtbWFya2luZy5taXRyZS5vcmcvZXh0ZW5zaW9ucy9NYXJraW5nU3RydWN0dXJlI1RMUC0xIiB4bWxuczpUT1VNYXJraW5nPSJodHRwOi8vZGF0YS1tYXJraW5nLm1pdHJlLm9yZy9leHRlbnNpb25zL01hcmtpbmdTdHJ1Y3R1cmUjVGVybXNfT2ZfVXNlLTEiIHhtbG5zOmluZGljYXRvcj0iaHR0cDovL3N0aXgubWl0cmUub3JnL0luZGljYXRvci0yIiB4bWxuczpzdGl4Q29tbW9uPSJodHRwOi8vc3RpeC5taXRyZS5vcmcvY29tbW9uLTEiIHhtbG5zOnN0aXhWb2NhYnM9Imh0dHA6Ly9zdGl4Lm1pdHJlLm9yZy9kZWZhdWx0X3ZvY2FidWxhcmllcy0xIiB4bWxuczpzdGl4PSJodHRwOi8vc3RpeC5taXRyZS5vcmcvc3RpeC0xIiB4bWxuczpOQ0NJQz0iaHR0cDovL3d3dy51cy1jZXJ0Lmdvdi9uY2NpYyIgeG1sbnM6Q0lTQ1A9Imh0dHA6Ly91cy1jZXJ0Lmdvdi9jaXNjcCIgeG1sbnM6eHNpPSJodHRwOi8vd3d3LnczLm9yZy8yMDAxL1hNTFNjaGVtYS1pbnN0YW5jZSIgeHNpOnNjaGVtYUxvY2F0aW9uPSIgIGh0dHA6Ly9jeWJveC5taXRyZS5vcmcvY29tbW9uLTIgaHR0cDovL2N5Ym94Lm1pdHJlLm9yZy9YTUxTY2hlbWEvY29tbW9uLzIuMS9jeWJveF9jb21tb24ueHNkICBodHRwOi8vY3lib3gubWl0cmUub3JnL2N5Ym94LTIgaHR0cDovL2N5Ym94Lm1pdHJlLm9yZy9YTUxTY2hlbWEvY29yZS8yLjEvY3lib3hfY29yZS54c2QgIGh0dHA6Ly9jeWJveC5taXRyZS5vcmcvZGVmYXVsdF92b2NhYnVsYXJpZXMtMiBodHRwOi8vY3lib3gubWl0cmUub3JnL1hNTFNjaGVtYS9kZWZhdWx0X3ZvY2FidWxhcmllcy8yLjEvY3lib3hfZGVmYXVsdF92b2NhYnVsYXJpZXMueHNkICBodHRwOi8vY3lib3gubWl0cmUub3JnL29iamVjdHMjQWRkcmVzc09iamVjdC0yIGh0dHA6Ly9jeWJveC5taXRyZS5vcmcvWE1MU2NoZW1hL29iamVjdHMvQWRkcmVzcy8yLjEvQWRkcmVzc19PYmplY3QueHNkICBodHRwOi8vY3lib3gubWl0cmUub3JnL29iamVjdHMjRG9tYWluTmFtZU9iamVjdC0xIGh0dHA6Ly9jeWJveC5taXRyZS5vcmcvWE1MU2NoZW1hL29iamVjdHMvRG9tYWluX05hbWUvMS4wL0RvbWFpbl9OYW1lX09iamVjdC54c2QgIGh0dHA6Ly9jeWJveC5taXRyZS5vcmcvb2JqZWN0cyNGaWxlT2JqZWN0LTIgaHR0cDovL2N5Ym94Lm1pdHJlLm9yZy9YTUxTY2hlbWEvb2JqZWN0cy9GaWxlLzIuMS9GaWxlX09iamVjdC54c2QgIGh0dHA6Ly9jeWJveC5taXRyZS5vcmcvb2JqZWN0cyNVUklPYmplY3QtMiBodHRwOi8vY3lib3gubWl0cmUub3JnL1hNTFNjaGVtYS9vYmplY3RzL1VSSS8yLjEvVVJJX09iamVjdC54c2QgIGh0dHA6Ly9kYXRhLW1hcmtpbmcubWl0cmUub3JnL01hcmtpbmctMSBodHRwOi8vc3RpeC5taXRyZS5vcmcvWE1MU2NoZW1hL2RhdGFfbWFya2luZy8xLjEuMS9kYXRhX21hcmtpbmcueHNkICBodHRwOi8vZGF0YS1tYXJraW5nLm1pdHJlLm9yZy9leHRlbnNpb25zL01hcmtpbmdTdHJ1Y3R1cmUjVExQLTEgaHR0cDovL3N0aXgubWl0cmUub3JnL1hNTFNjaGVtYS9leHRlbnNpb25zL21hcmtpbmcvdGxwLzEuMS4xL3RscF9tYXJraW5nLnhzZCAgaHR0cDovL2RhdGEtbWFya2luZy5taXRyZS5vcmcvZXh0ZW5zaW9ucy9NYXJraW5nU3RydWN0dXJlI1Rlcm1zX09mX1VzZS0xIGh0dHA6Ly9zdGl4Lm1pdHJlLm9yZy9YTUxTY2hlbWEvZXh0ZW5zaW9ucy9tYXJraW5nL3Rlcm1zX29mX3VzZS8xLjAuMS90ZXJtc19vZl91c2VfbWFya2luZy54c2QgIGh0dHA6Ly9zdGl4Lm1pdHJlLm9yZy9JbmRpY2F0b3ItMiBodHRwOi8vc3RpeC5taXRyZS5vcmcvWE1MU2NoZW1hL2luZGljYXRvci8yLjEuMS9pbmRpY2F0b3IueHNkICBodHRwOi8vc3RpeC5taXRyZS5vcmcvY29tbW9uLTEgaHR0cDovL3N0aXgubWl0cmUub3JnL1hNTFNjaGVtYS9jb21tb24vMS4xLjEvc3RpeF9jb21tb24ueHNkICBodHRwOi8vc3RpeC5taXRyZS5vcmcvZGVmYXVsdF92b2NhYnVsYXJpZXMtMSBodHRwOi8vc3RpeC5taXRyZS5vcmcvWE1MU2NoZW1hL2RlZmF1bHRfdm9jYWJ1bGFyaWVzLzEuMS4xL3N0aXhfZGVmYXVsdF92b2NhYnVsYXJpZXMueHNkICBodHRwOi8vc3RpeC5taXRyZS5vcmcvc3RpeC0xIGh0dHA6Ly9zdGl4Lm1pdHJlLm9yZy9YTUxTY2hlbWEvY29yZS8xLjEuMS9zdGl4X2NvcmUueHNkICAgICBodHRwOi8vdXMtY2VydC5nb3YvY2lzY3AgaHR0cDovL3d3dy51cy1jZXJ0Lmdvdi9zaXRlcy9kZWZhdWx0L2ZpbGVzL1NUSVhfTmFtZXNwYWNlL2Npc2NwX3ZvY2FiX3YxLjEuMS54c2QiIGlkPSJBQTE5LTAyNCIgdmVyc2lvbj0iMS4xLjEiIHRpbWVzdGFtcD0iMjAxOS0wMS0yNFQxOTowODozNi4yMTAwMDArMDA6MDAiPgogICAgPHN0aXg6U1RJWF9IZWFkZXI+CiAgICAgICAgPHN0aXg6VGl0bGU+SU9DcyBBc3NvY2lhdGVkIHdpdGggRE5TIEluZnJhc3RydWN0dXJlIFRhbXBlcmluZzwvc3RpeDpUaXRsZT4KICAgICAgICA8c3RpeDpQYWNrYWdlX0ludGVudCB4c2k6dHlwZT0ic3RpeFZvY2FiczpQYWNrYWdlSW
"deleted": false,
"disable_correlation": false,
"object_relation": "imported-sample",
"timestamp": "1548364148",
"to_ids": false,
"type": "attachment",
"uuid": "5c4a2974-2724-4cc3-a3f4-44a402de0b81",
"value": "AA19-024_IOCs.stix.xml"
},
{
"category": "Other",
"comment": "",
"deleted": false,
"disable_correlation": false,
"object_relation": "format",
"timestamp": "1548364148",
"to_ids": false,
"type": "text",
"uuid": "5c4a2974-7748-4706-8091-4c4802de0b81",
"value": "STIX 1.1"
}
]
},
{
"comment": "",
"deleted": false,
"description": "VirusTotal report",
"meta-category": "misc",
"name": "virustotal-report",
"template_uuid": "d7dd0154-e04f-4c34-a2fb-79f3a3a52aa4",
"template_version": "2",
"timestamp": "1548364189",
"uuid": "1b2a8dae-f9e6-4d7a-bb5a-e5e27d5966e0",
"Attribute": [
{
"category": "Other",
"comment": "",
"deleted": false,
"disable_correlation": false,
"object_relation": "last-submission",
"timestamp": "1548364189",
"to_ids": false,
"type": "datetime",
"uuid": "cfe9477f-3ede-4bce-8564-222ef3d4cda5",
"value": "2018-12-21T08:26:28"
},
{
"category": "External analysis",
"comment": "",
"deleted": false,
"disable_correlation": false,
"object_relation": "permalink",
"timestamp": "1548364190",
"to_ids": false,
"type": "link",
"uuid": "f20424f6-7426-4b05-888f-29ecb1ba2442",
"value": "https://www.virustotal.com/file/2010f38ef300be4349e7bc287e720b1ecec678cacbf0ea0556bcf765f6e073ec/analysis/1545380788/"
},
{
"category": "Other",
"comment": "",
"deleted": false,
"disable_correlation": true,
"object_relation": "detection-ratio",
"timestamp": "1548364190",
"to_ids": false,
"type": "text",
"uuid": "255ad5e5-bbea-4778-9210-91b1f6dc2b55",
"value": "47/69"
}
]
},
{
"comment": "",
"deleted": false,
"description": "VirusTotal report",
"meta-category": "misc",
"name": "virustotal-report",
"template_uuid": "d7dd0154-e04f-4c34-a2fb-79f3a3a52aa4",
"template_version": "2",
"timestamp": "1548364190",
"uuid": "a576549e-7bae-4dd1-a5f3-4e0a66209a64",
"Attribute": [
{
"category": "Other",
"comment": "",
"deleted": false,
"disable_correlation": false,
"object_relation": "last-submission",
"timestamp": "1548364190",
"to_ids": false,
"type": "datetime",
"uuid": "a7fc880f-5658-46fb-93f5-d846f65d468b",
"value": "2019-01-24T11:12:00"
},
{
"category": "External analysis",
"comment": "",
"deleted": false,
"disable_correlation": false,
"object_relation": "permalink",
"timestamp": "1548364190",
"to_ids": false,
"type": "link",
"uuid": "8565d497-f3c7-4a33-9e07-9188424467be",
"value": "https://www.virustotal.com/file/45a9edb24d4174592c69d9d37a534a518fbe2a88d3817fc0cc739e455883b8ff/analysis/1548328320/"
},
{
"category": "Other",
"comment": "",
"deleted": false,
"disable_correlation": true,
"object_relation": "detection-ratio",
"timestamp": "1548364190",
"to_ids": false,
"type": "text",
"uuid": "949483e4-f6f1-423e-8a7a-1401a5ff37a4",
"value": "45/68"
}
]
},
{
"comment": "",
"deleted": false,
"description": "VirusTotal report",
"meta-category": "misc",
"name": "virustotal-report",
"template_uuid": "d7dd0154-e04f-4c34-a2fb-79f3a3a52aa4",
"template_version": "2",
"timestamp": "1548364190",
"uuid": "d6bc7998-9cad-4353-851f-f31860ed8366",
"Attribute": [
{
"category": "Other",
"comment": "",
"deleted": false,
"disable_correlation": false,
"object_relation": "last-submission",
"timestamp": "1548364190",
"to_ids": false,
"type": "datetime",
"uuid": "7fb9f7c7-be46-49b9-a7c3-f8138f713052",
"value": "2018-12-22T03:41:06"
},
{
"category": "External analysis",
"comment": "",
"deleted": false,
"disable_correlation": false,
"object_relation": "permalink",
"timestamp": "1548364190",
"to_ids": false,
"type": "link",
"uuid": "ccb14e9f-f755-496f-be9a-ec2bbb0f74e4",
"value": "https://www.virustotal.com/file/9ea577a4b3faaf04a3bddbfcb934c9752bed0d0fc579f2152751c5f6923f7e14/analysis/1545450066/"
},
{
"category": "Other",
"comment": "",
"deleted": false,
"disable_correlation": true,
"object_relation": "detection-ratio",
"timestamp": "1548364190",
"to_ids": false,
"type": "text",
"uuid": "6777c875-4914-40a7-a8ab-1e0d02b1f494",
"value": "36/60"
}
]
}
]
}
}