1051 lines
2.3 MiB
JSON
1051 lines
2.3 MiB
JSON
|
{
|
||
|
"Event": {
|
||
|
"analysis": "1",
|
||
|
"date": "2019-07-04",
|
||
|
"extends_uuid": "5d1b047f-92fc-4d44-b2ce-4a300a2b115a",
|
||
|
"info": "OSINT - Threat Spotlight: Ratsnif - New Network Vermin from OceanLotus",
|
||
|
"publish_timestamp": "1562355129",
|
||
|
"published": true,
|
||
|
"threat_level_id": "3",
|
||
|
"timestamp": "1562354801",
|
||
|
"uuid": "5d1dc7d2-8c8c-40d8-9eb9-ba1d950d210f",
|
||
|
"Orgc": {
|
||
|
"name": "CIRCL",
|
||
|
"uuid": "55f6ea5e-2c60-40e5-964f-47a8950d210f"
|
||
|
},
|
||
|
"Tag": [
|
||
|
{
|
||
|
"colour": "#0088cc",
|
||
|
"name": "misp-galaxy:threat-actor=\"APT32\""
|
||
|
},
|
||
|
{
|
||
|
"colour": "#0088cc",
|
||
|
"name": "misp-galaxy:mitre-attack-pattern=\"Commonly Used Port - T1043\""
|
||
|
},
|
||
|
{
|
||
|
"colour": "#0088cc",
|
||
|
"name": "misp-galaxy:mitre-attack-pattern=\"Custom Command and Control Protocol - T1094\""
|
||
|
},
|
||
|
{
|
||
|
"colour": "#004646",
|
||
|
"name": "type:OSINT"
|
||
|
},
|
||
|
{
|
||
|
"colour": "#0071c3",
|
||
|
"name": "osint:lifetime=\"perpetual\""
|
||
|
},
|
||
|
{
|
||
|
"colour": "#ffffff",
|
||
|
"name": "tlp:white"
|
||
|
},
|
||
|
{
|
||
|
"colour": "#00223b",
|
||
|
"name": "osint:source-type=\"blog-post\""
|
||
|
},
|
||
|
{
|
||
|
"colour": "#007ed9",
|
||
|
"name": "osint:certainty=\"93\""
|
||
|
},
|
||
|
{
|
||
|
"colour": "#0029ff",
|
||
|
"name": "estimative-language:confidence-in-analytic-judgment=\"high\""
|
||
|
},
|
||
|
{
|
||
|
"colour": "#4a0028",
|
||
|
"name": "workflow:todo=\"review-for-privacy\""
|
||
|
}
|
||
|
],
|
||
|
"Attribute": [
|
||
|
{
|
||
|
"category": "External analysis",
|
||
|
"comment": "",
|
||
|
"deleted": false,
|
||
|
"disable_correlation": false,
|
||
|
"timestamp": "1562232819",
|
||
|
"to_ids": false,
|
||
|
"type": "link",
|
||
|
"uuid": "5d1dc7f3-78b0-49da-9208-e66f950d210f",
|
||
|
"value": "https://threatvector.cylance.com/en_us/home/threat-spotlight-ratsnif-new-network-vermin-from-oceanlotus.html"
|
||
|
},
|
||
|
{
|
||
|
"category": "External analysis",
|
||
|
"comment": "",
|
||
|
"deleted": false,
|
||
|
"disable_correlation": false,
|
||
|
"timestamp": "1562232843",
|
||
|
"to_ids": false,
|
||
|
"type": "text",
|
||
|
"uuid": "5d1dc80b-001c-4988-86d3-d815950d210f",
|
||
|
"value": "The OceanLotus Group (aka APT32, CobaltKitty | previous reports: The SpyRATs of OceanLotus; OceanLotus APT Group Leveraging Steganography) is using a suite of remote access trojans dubbed \"Ratsnif\" to leverage new network attack capabilities. Blackberry Cylance threat researchers have analyzed the Ratsnif trojans, which offer a veritable swiss-army knife of network attack techniques. The trojans, under active development since 2016, combine capabilities like packet sniffing, gateway/device ARP poisoning, DNS poisoning, HTTP injection, and MAC spoofing. \r\n\r\nWe delved into four distinct Ratsnif samples, three of them developed in 2016, the fourth created during the latter half of 2018."
|
||
|
},
|
||
|
{
|
||
|
"category": "Payload delivery",
|
||
|
"comment": "",
|
||
|
"deleted": false,
|
||
|
"disable_correlation": false,
|
||
|
"timestamp": "1562233043",
|
||
|
"to_ids": true,
|
||
|
"type": "md5",
|
||
|
"uuid": "5d1dc8d3-d704-4379-8cb9-ef2d950d210f",
|
||
|
"value": "516ad28f8fa161f086be7ca122351edf"
|
||
|
},
|
||
|
{
|
||
|
"category": "Payload delivery",
|
||
|
"comment": "Passive total",
|
||
|
"data": "/9j/4AAQSkZJRgABAQEASABIAAD/2wCEAAYEBQYFBAYGBQYHBwYIChAKCgkJChQODwwQFxQYGBcUFhYaHSUfGhsjHBYWICwgIyYnKSopGR8tMC0oMCUoKSgBBwcHCggKEwoKEygaFhooKCgoKCgoKCgoKCgoKCgoKCgoKCgoKCgoKCgoKCgoKCgoKCgoKCgoKCgoKCgoKCgoKP/AABEIAOUBXwMBIgACEQEDEQH/xAC0AAEAAgIDAQAAAAAAAAAAAAAABQYDBAECCAcQAAEDAwADBwwNCgYCAgMAAAEAAgMEBREGEiETMUFRUrLSFBUWIjU2VGFzkpTRBzJTVoGDkZOVobPB0xg3QkNVcXJ0daMIFyOCseEzRTTwRGLCAQEBAQEBAQAAAAAAAAAAAAAAAgEDBAURAAIBAgMGBAYCAwEAAAAAAAABAgMREiFRBBQxQYGxImFx8BMyM6HB0ULhBSORYv/aAAwDAQACEQMRAD8A9UoigtPaiWk0G0iqKd7o54bdUyRvacFrhE4gj4UAqtMdGaSofBVaRWaGeM6r45K6JrmniILshYuznRP30WL6Qh6S8IogPd3Zzon76LF9IQ9JOznRP30WL6Qh6S8IogPd3Zzon76LF9IQ9JOznRP30WL6Qh6S8IogPd3Zzon76LF9IQ9JOznRP30WL6Qh6S8IogPd3Zzon76LF9IQ9JOznRP30WL6Qh6S8IogPd3Zzon76LF9IQ9JOznRP30WL6Qh6S8IogPd3Zzon76LF9IQ9JOznRP30WL6Qh6S8IogPd3Zzon76LF9IQ9JOznRP30WL6Qh6S8IogPd3Zzon76LF9IQ9JOznRP30WL6Qh6S8IogPd3Zzon76LF9IQ9JOznRP30WL6Qh6S8IogPd3Zzon76LF9IQ9JOznRP30WL6Qh6S8IogPd3Zzon76LF9IQ9JOznRP30WL6Qh6S8IogPflq0isl3mdDabxba6Vo1iymqmSuA48NJUovC3sYVEtN7I2jL4JHRvdcaeMlp32ukDXD4QSPhXulAEREAREQBERAEREAREQBERAEREAREQBV32R/zeaUf0uq+xcrEq77I/5vNKP6XVfYuQHhJpAcC4ZGdo419FtNitN6htD5raLWaytLYo453vdPTtYXPJ1ieEAawA395fPIniOVjyxrw0glrs4d4jjgVlqtMqie4w3Bltt8FdBqCGaIzDcw3ea1pkLAMbMavCVphIdQWKeCzXWWglpqWoqZaaWlp5XEPc0gs7Z5JAIdhxB4NgCz0+jtrZeNK5p207KK1zblDFUSyNjBc8tGsWZeQAN4bScbVWrnpDUVzqINpqSlgo3uligp2uDNZzg5xOXE7SBw7w2YWRmk1V1fdaiempKiO5u16imka7c3HW1gRhwcMHe2p77f2br0/P9EiNELhLpXHSVFvdBQuqY4pJqVsj4GNdq+1e7O+HDGTnaFPWzR+x3aphmZbTTxR189E6JsshZIGxlzHPJJc0DHbEEfAqLXXutrL713e9rKwSNkYY24awtxqgDiGB8imDpxXtkBho7fDA50r5qdkbtzndIMPL8uJ3uIjHAs5e/L+zOZm0u0akiuFLHZbZLITRsmqOomyTw6xJ7ZjjkluANuSM5UxPo3ZjV19sFMIZLbHSyyVjpnjdQ4s3TWBOqBh+zAGMb6pN5vEt0bSRugp6anpY9zhggDg1gJJPtiSSSd8lb8umVVU0zoJKegke9sTKiXVcXzsjOWtf22MbBnABON9EHn79P7NjTW2tpJHTUNsooLWah8cFVS1LpxKBvBx3R4BxtxgFVVS9zvklbbY7fDR0lFRslM5ipw/tnkY1iXucd7Zv4UQd5YimMhMhBvJhaYMhMhMJhAMrHu8fK+orv+ko5VFXJk7G9u8fK+opu8fK+orRTBxnGxVhROJm9u8fK+opu8fK+orRRMKGJm+6VjcZdvjI2Ljd4+V9RWrP+r/gCxrFFGuTN7d4+V9RTd4+V9RWiBk4CLcKMxMtvse1cEWn2jUkj8MZc6Zzjg7AJWr3HFfLdLTzzx1GYodXdHajtmTgcC8D6Gd+Fi/n4PtGr2FbO969fEc8rrToxlG71RynWlGVloy4dktp8L/tv9Sdktp8L/tv9S+bovTucNWcN7noj6R2S2nwv+2/1J2S2nwv+2/1L50+N7A0vY5ocMtJGMjjC6JucNWN7noj6XDpBbJpo4oqnWke4NaNzcMk7BwJNpBbIZpIpanVkY4tcNzccEbDwKgWbuxQ+Xj5wS892K7y8nOKndYYrXZW9Tw3si+dktp8L/tv9Sdktp8L/tv9S+bru2N72ucxjnNaMuIGcDxqtzhqyd7noj6L2S2nwv8Atv8AUnZLafC/7b/Uvm6JucNWN7noj6dLfLdFTwTyVGIptbc3ajtuDg8Cw9ktp8L/ALb/AFKn3Pvesvx/PCh1MNlhJXu+fcqW1TTtZcj6R2S2nwv+2/1J2S2nwv8Atv8AUvnDWlzg1oJcTgAcK5e1zHua9pa5pwQRggqtzhqyd7noj6N2S2nwv+2/1LZoLvQ18xipJ90kDdYjUcNmwcI8YXy5WTQPuxN5A85q51NlhCLkmy6e0ylJRZfFXfZH/N5pR/S6r7FysSrvsj/m80o/pdV9i5eE9p4RRcgZICmJbBM2WeGGqpZ54HBj449cEOLwwDLmgb540sCGRSjrFXs3QvZA0MOq4uqIxg4yRtdvgb43wuX2Oqju7bc6Sn3Zw1tZsgc0DGTnGSNg3sZQEUik47LU1EjhRPgqmDVG6MfqNLjvNGvqku2b2MrrFZa+WGOSOAESFoaN0aHbXaoOrnIBOzJGEBHLAHENwwP1W8bSDv8A1qTuFtqrfufVUbWh+Q0tka8ZGwjtScEcS00B1jdraxwQM7MjHAuyIgOBxLlCMrjaEByi4yeJMcaADjUcpJR+5v5DvkVxIkdVy09q4Z4PvXO5v5DvkTc38h3yKiTqi7bm/kO+RNzfyHfIlxY7T/q/4AsazTMcdTDXHDRwLHub+Q75EQZw04cEd7Y/vXO5v5DvkTc38h3yICW0M78LF/PwfaNXsK2d716+I55XkHQqGV+mVhayN7nGvpwAGkkndGr2PbqCsZYrvG+kqGyP3HUaYyC7DjnAxtXppNYX6rueeqni6PsV5Fuda7h4DVfMu9Sda7h4DVfMu9S9uKOp48MtDislMtNSF0mu8NcHZOSO2OM/AtRbnWu4eA1XzLvUnWu4eA1XzLvUsUormU1J52Fm7sUPl4+cEvPdiu8vJzitu026uZdaN76OpaxszCXGJwAGsNu8l2t1c+61j2UdS5jpnkOETiCNY7d5RiWPjyNwvBw5kQtuilLYaqN0mGOiOGk7C7I4ONc9a7h4DVfMu9Sda7h4DVfMu9Styi+ZkVJO9jTRbnWu4eA1XzLvUnWu4eA1XzLvUtxR1Jwy0Ny5971l+P54UOrDcaCsfYrRGykqHSM3bXaIyS3LhjIxsUV1ruHgNV8y71LnTkrceb7l1Iu/DkuxqxvdG8OY4tdxg4KzXBwfX1LmkOaZXEEHIIyVk613DwGq+Zd6k613DwGq+Zd6leKN73JwytaxpqyaB92JvIHnNUP1ruHgNV8y71KwaFUdVT3WV9RTTRMMJAc+MtGdZuzaudeSdN5nSjF41kXRV32R/wA3mlH9LqvsXKxKu+yP+bzSj+l1X2Ll8k+oeEgcEFT50mqH1tRNOJZo5JGyRxPmJEQEjX4GR/8ArjgUFEx0sjI42lz3kNaBwkq+Xn2N6q33O2WqKSuluFXO2nMklA6GjDiDrBk5dmTVxtwwDAJB2Lc8jG1Z3KzSXlkEda19O+Xqhz3ahl/0+2GzLS05I3wQQVjqrlBU3dtc6nmZkDXayfVOsBjLXava8B4VvaaaOx6OVkVPG66P1wTulbbjRteBjDow5xLm7+0hv7lNXP2Pm0dgkrorjNLUxU9LUOYaMtgkE5ADYptc67hnaNUbxxvFZGN7YfQ18bMieypxEjNyqmRnUIdFVlkpLQRl7w3ts527BvBY49J5BDSNkbVOfTlmwVREbw1wdtZjf2Yznx4W3p7oi3RWcwa14keJnR
|
||
|
"deleted": false,
|
||
|
"disable_correlation": false,
|
||
|
"timestamp": "1562233611",
|
||
|
"to_ids": false,
|
||
|
"type": "attachment",
|
||
|
"uuid": "5d1dcb0b-5ea0-45a5-bcf0-4bdd950d210f",
|
||
|
"value": "Fig0-ratsnif.jpeg"
|
||
|
},
|
||
|
{
|
||
|
"category": "Network activity",
|
||
|
"comment": "",
|
||
|
"deleted": false,
|
||
|
"disable_correlation": false,
|
||
|
"timestamp": "1562234727",
|
||
|
"to_ids": true,
|
||
|
"type": "hostname",
|
||
|
"uuid": "5d1dcf67-39a8-41bb-8d37-49f8950d210f",
|
||
|
"value": "search.webstie.net"
|
||
|
},
|
||
|
{
|
||
|
"category": "Network activity",
|
||
|
"comment": "",
|
||
|
"deleted": false,
|
||
|
"disable_correlation": false,
|
||
|
"timestamp": "1562234728",
|
||
|
"to_ids": true,
|
||
|
"type": "hostname",
|
||
|
"uuid": "5d1dcf68-e2c0-4f95-bb31-448a950d210f",
|
||
|
"value": "dns.domain-resolve.org"
|
||
|
},
|
||
|
{
|
||
|
"category": "Payload delivery",
|
||
|
"comment": "",
|
||
|
"deleted": false,
|
||
|
"disable_correlation": false,
|
||
|
"timestamp": "1562354752",
|
||
|
"to_ids": true,
|
||
|
"type": "sha256",
|
||
|
"uuid": "5d1fa440-8cc0-40e6-a139-4e9702de0b81",
|
||
|
"value": "b20327c03703ebad191c0ba025a3f26494ff12c5908749e33e71589ae1e1f6b3"
|
||
|
},
|
||
|
{
|
||
|
"category": "Payload delivery",
|
||
|
"comment": "",
|
||
|
"deleted": false,
|
||
|
"disable_correlation": false,
|
||
|
"timestamp": "1562354771",
|
||
|
"to_ids": true,
|
||
|
"type": "sha256",
|
||
|
"uuid": "5d1fa453-e900-4dbf-b9ff-fa8202de0b81",
|
||
|
"value": "7fd526e1a190c10c060bac21de17d2c90eb2985633c9ab74020a2b78acd8a4c8"
|
||
|
},
|
||
|
{
|
||
|
"category": "Network activity",
|
||
|
"comment": "Attribute #7545884 enriched by dns.",
|
||
|
"deleted": false,
|
||
|
"disable_correlation": false,
|
||
|
"timestamp": "1562355126",
|
||
|
"to_ids": false,
|
||
|
"type": "ip-src",
|
||
|
"uuid": "5d1fa5b6-653c-45ce-a1aa-4641e387cbd9",
|
||
|
"value": "66.85.185.126"
|
||
|
}
|
||
|
],
|
||
|
"Object": [
|
||
|
{
|
||
|
"comment": "",
|
||
|
"deleted": false,
|
||
|
"description": "File object describing a file with meta-information",
|
||
|
"meta-category": "file",
|
||
|
"name": "file",
|
||
|
"template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215",
|
||
|
"template_version": "17",
|
||
|
"timestamp": "1562235015",
|
||
|
"uuid": "7ccf1784-d672-49a9-a9c1-47571248ecc2",
|
||
|
"ObjectReference": [
|
||
|
{
|
||
|
"comment": "",
|
||
|
"object_uuid": "7ccf1784-d672-49a9-a9c1-47571248ecc2",
|
||
|
"referenced_uuid": "5385bb52-5807-4cd1-9b73-2a477774ecaf",
|
||
|
"relationship_type": "analysed-with",
|
||
|
"timestamp": "1562233125",
|
||
|
"uuid": "5d1dc925-9ea0-48d9-a0e7-b9d3950d210f"
|
||
|
},
|
||
|
{
|
||
|
"comment": "",
|
||
|
"object_uuid": "7ccf1784-d672-49a9-a9c1-47571248ecc2",
|
||
|
"referenced_uuid": "5d1dd042-92e0-47ab-b0c5-4df9950d210f",
|
||
|
"relationship_type": "uses",
|
||
|
"timestamp": "1562235015",
|
||
|
"uuid": "5d1dd087-dd40-48dd-ab30-4d3f950d210f"
|
||
|
}
|
||
|
],
|
||
|
"Attribute": [
|
||
|
{
|
||
|
"category": "Payload delivery",
|
||
|
"comment": "",
|
||
|
"deleted": false,
|
||
|
"disable_correlation": false,
|
||
|
"object_relation": "md5",
|
||
|
"timestamp": "1562233043",
|
||
|
"to_ids": true,
|
||
|
"type": "md5",
|
||
|
"uuid": "e8535cc5-4626-463d-a58b-2f8514a7a055",
|
||
|
"value": "516ad28f8fa161f086be7ca122351edf"
|
||
|
},
|
||
|
{
|
||
|
"category": "Payload delivery",
|
||
|
"comment": "",
|
||
|
"deleted": false,
|
||
|
"disable_correlation": false,
|
||
|
"object_relation": "sha1",
|
||
|
"timestamp": "1562233043",
|
||
|
"to_ids": true,
|
||
|
"type": "sha1",
|
||
|
"uuid": "d59b137f-5a32-44d3-ac55-d14d09a373c5",
|
||
|
"value": "98389cccd15253a56827411b4d7b313b8ab481d6"
|
||
|
},
|
||
|
{
|
||
|
"category": "Payload delivery",
|
||
|
"comment": "",
|
||
|
"deleted": false,
|
||
|
"disable_correlation": false,
|
||
|
"object_relation": "sha256",
|
||
|
"timestamp": "1562233043",
|
||
|
"to_ids": true,
|
||
|
"type": "sha256",
|
||
|
"uuid": "3577edf9-7c71-41a2-bd42-2b3d1ec8f33f",
|
||
|
"value": "b4e3b2a1f1e343d14af8d812d4a29440940b99aaf145b5699dfe277b5bfb8405"
|
||
|
}
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"comment": "",
|
||
|
"deleted": false,
|
||
|
"description": "VirusTotal report",
|
||
|
"meta-category": "misc",
|
||
|
"name": "virustotal-report",
|
||
|
"template_uuid": "d7dd0154-e04f-4c34-a2fb-79f3a3a52aa4",
|
||
|
"template_version": "2",
|
||
|
"timestamp": "1562233125",
|
||
|
"uuid": "5385bb52-5807-4cd1-9b73-2a477774ecaf",
|
||
|
"Attribute": [
|
||
|
{
|
||
|
"category": "Other",
|
||
|
"comment": "",
|
||
|
"deleted": false,
|
||
|
"disable_correlation": false,
|
||
|
"object_relation": "last-submission",
|
||
|
"timestamp": "1562233043",
|
||
|
"to_ids": false,
|
||
|
"type": "datetime",
|
||
|
"uuid": "103ff02d-8c11-46fb-9ec7-32ff39d893ba",
|
||
|
"value": "2019-07-03T15:11:12"
|
||
|
},
|
||
|
{
|
||
|
"category": "Payload delivery",
|
||
|
"comment": "",
|
||
|
"deleted": false,
|
||
|
"disable_correlation": false,
|
||
|
"object_relation": "permalink",
|
||
|
"timestamp": "1562233043",
|
||
|
"to_ids": false,
|
||
|
"type": "link",
|
||
|
"uuid": "359b71bc-eae8-4614-a7a2-3fd8039ef9ab",
|
||
|
"value": "https://www.virustotal.com/file/b4e3b2a1f1e343d14af8d812d4a29440940b99aaf145b5699dfe277b5bfb8405/analysis/1562166672/"
|
||
|
},
|
||
|
{
|
||
|
"category": "Payload delivery",
|
||
|
"comment": "",
|
||
|
"deleted": false,
|
||
|
"disable_correlation": true,
|
||
|
"object_relation": "detection-ratio",
|
||
|
"timestamp": "1562233043",
|
||
|
"to_ids": false,
|
||
|
"type": "text",
|
||
|
"uuid": "3f4dcb8f-2edb-4726-ad9a-85ec722eead0",
|
||
|
"value": "21/69"
|
||
|
}
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"comment": "",
|
||
|
"deleted": false,
|
||
|
"description": "File object describing a file with meta-information",
|
||
|
"meta-category": "file",
|
||
|
"name": "file",
|
||
|
"template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215",
|
||
|
"template_version": "17",
|
||
|
"timestamp": "1562233542",
|
||
|
"uuid": "5d1dca91-67f4-4d72-ae65-404c950d210f",
|
||
|
"ObjectReference": [
|
||
|
{
|
||
|
"comment": "",
|
||
|
"object_uuid": "5d1dca91-67f4-4d72-ae65-404c950d210f",
|
||
|
"referenced_uuid": "5385bb52-5807-4cd1-9b73-2a477774ecaf",
|
||
|
"relationship_type": "analysed-with",
|
||
|
"timestamp": "1562233542",
|
||
|
"uuid": "5d1dcac6-bce0-4adf-9612-4e7d950d210f"
|
||
|
}
|
||
|
],
|
||
|
"Attribute": [
|
||
|
{
|
||
|
"category": "Payload delivery",
|
||
|
"comment": "",
|
||
|
"data": "UEsDBBQACQAIAJlN5E7ackMQXhAGAAAsFQAgABwANTE2YWQyOGY4ZmExNjFmMDg2YmU3Y2ExMjIzNTFlZGZVVAkAA5HKHV2Ryh1ddXgLAAEEIQAAAAQhAAAAjI9DMqANlEKp79c93R0Ec8FJ0qPIOwZAdM6XYcuDPtcXlakGS6QhQM/ssKREeU7Lq5rdWDK+kyAMzYnOoR9zIBN2Cg61X8q1BgtAoMHRM0Ycsx3QwKF0bhFFRlH2ikqph0lQ3Cgq0JUTGkI5QMtn+tLRylPMjnffhxCGpHevds/J3YcLLAN0ITYy7UBE8T9dqsZLE2VMYMvYEdhdJToeekE+la2o38xpLcDluOZX+tzca7g+IKM8+mzP+ly6TSOJ93Wgzk2y1rZ/gP6AfR9V/eD8hnvQAb+Qkz2KP/47PSJJKxeuEKIP1nKXPjm3dB+6JtcRqLDhT1ryt5WHXjhik01CCw9/zuPoKafgP2TR3r2Ofyu1CA2A+AoNGvogC0870Vqht++hXb4VDT9dNkibT4J9qd/3jdwSMXjm6KjF1Qh1z6SmdnxdH/42aduMuERDeJyV/5Mj0bvxGK0UMWUPqlAtsxzLxAlz3d4k4kJBLMlqVuSNGj3POXwu/8gh8ZXPC5gDC+7Ng9QcSzyqHC2QqyV5wV39TqCz/Nnz1tBRl0yEIAOP7mNsDPraNnIEEy0pMfkI8VRyRFaEbUsq2+D+6sj+33IbJdx0zFxM269WZWrEU9l5OpWelzIJa+T2/tTCuWZk48nBLornNZx7zMNV0UudXFYQKWIWIz+WQSjeL9PnDD/jsFUSOI18200GqrmhPqWW6eciHHR3gh8nANQrM3nQgQB3PhH0nROzN9Ki6DdVz9E3kmejwaKNUCEg1B3w1+EDd/46JUhoD/8onGsvHz+MOU81LXaWW4AKKKRZygMpMxYkj/yUkKyBygoBBUZBvuHfUPLzHaiE7u8u79bxNEq+CbN+RDEkL/nF3VG9ZG4tyiyIi1ZlMfc74p618SQC09NfVtZVNOVEZWAVEKdoEa+Agh16eE04QotoiuY1GJqMOEYG5COmkd34mNAPmSwTLsJ8BlvokPCMTKEwDGsBNJV3absOEGeTPF0FeLmiwqKw+EI5yaxEShNABI0vb2Io4Ym5nGXSmCa1OLZvG8Q9oz0r28RWRWYRa373NIcRrMtQG8BNcX/052TMSQfNcgBs3PbbDYoqDoo3cVez4e4cpwzLBapGFgF6L6xaTRWV2lOCZFx/yW+J/sD1vRgQX+y6wNeus77WhuGo+TDPomCyfHHJImG/RX/1kLySupq2OV23ByWqW7TN5gsYD6iKL2ICIkw77S7mJxDVAfcz/S1Ti5lqN1Km5g/ftzeiccIrSJlGYCA/qWRyqXj4AUG2FEnV9PnL7rf7yGp3mCp8jGuyHmawVgLRj9qvDRVcMAfT/djZys9pEiIs59SVjpcP6LTTrILsJrGr8yHrWVRMgVIuTPMhzhproWdcn6FTGhZf6lU94R8BLINT+UZuOfEiAG0adVBSxcKey9yKW5Ekz7+fPwL55rR/1MivffMsqm/FsSWctvpwv94HtlpcxiRjw2FuluMt7Az8qE7qjcC5Iik7ONNrv2GIgTuJX3qjKS8qJ1ihAc88bztNbDqcJVNSH4iT5q0JYcOPKk7FhKH0knB5zwqp4lamsKRpGgJqs4RdQbL80wzRFiLp36Sa4ekD1YFrpnQWFBkFd+TBgGeRzyKm3UZ8xzNbFdQ+apP87wsGEaX2zxehh9rfMYGcnLQEblHwdt1+3cCzbazvIazUp3vbAF1aF1rZquCkO+zvE/obCECf/LFF3onN7RlPQG9zaYQW8H4RM4ZSir88kiVLghXXivAHba5HtGoBGQBn+QEJud8rntssseLvurmoGP0eoWKbV0sAj49f2zSp5FmrxL4Hd4sedOv53h//HLgmbGLr7Usk/A9FQOdmcpYs0PE5+O1DKa1CQwzEocnCeb6MiY2H8LYE0845LIN6kGikpxnI4pgT0nfUHKUEaMnLK2g5vdsMB3SLuNcrgrW3udLr0CZN4+XhfQgavDAY512xbBaK0pmAykfwWYSQLJhFO3A3eFfKSis2UPCgU31r2jabBsJh3JjnrQDUoOWQ1mjLURJt8zn1StMLaJlMsSaLeHEtk6sPaHJkw9aSEqu28VtUCW7+bYzG5xQGGI9I+xGd4P9RMZDX4yjt3J532e8ELhywgofb/fVSI3dBD86zvjydWrnK9IEmgFx95dMefhR43awwZ2BFBeTpWEewD50K1+vV8M+DbOlXE19JxWkFniPu0ciVrCby3KEYyQ+SLIMV5EDSqvkhqfkHqYvrjN6OVqZEoNfNlOYYHLtnS/4LnaH7TBp97cczp89v6sm1E3dWbqq/OPireUSY/W3YdxWwe1CkcXvIBk22ZFGbbhGVrrPH94Svt8qHkO1fxkHdn6OSPLBZlPu+GqesAU7pjsMvMXSqgUCVvjZeqxleCJvdzxgmKHauviyMFnVnh1YHVPiI5Ea9DFxnis8tR5ulzSYycOokVhFXw9GqNEUq6bwAYoYup51Wdnz+x7tjKOuSnTodV0cEg/geweXFdfOAnzOtj9CQBhT2YxWZEJwdGi6B6Y/t4Afwjri0Fl+COmTgHiDptQVU4XKa9h8jn2wUJGCurcrsyLV6K0xAJjNz7+tCHTe6PdwzkkAtOijQK8kyVWym8QMbIrQWCYDxkXLLgd/GYyTBhSEkS09bIyk5jTCIeAO9WdtMlxenrjuvisWR7rRVHY6BWVGNUjMDpVXzCh3f5Xf0ximA9jerjXJlC/2DoKtX47doDFiWwpZSPCJhUcNkbrC2qMhBr0xJzNeLdL8kC6Wh8mGKOjOdbWqfrASJwOpSGQxvrGAferzHlu3ut1uax093mFzP4eyViAHSGSlrNyguruBi0pq4OwhQfXrVTcD02gPP8KAZkv9u3eCUIeT7qHh3nZzOjML931ecJnIW7gtebgwZi+XuzHfOHeNrOWjiwzoKsQc7d1MrAhSiia8wXWfycReKAhZeMFaXp8HzsG2YP9UduPdFA6oPkXfca/RStDGPaKEpoYad3ESid95poPKMCXf/CNB9sPgXDMJmsijcpvzl0aFGrKxrfng4vox6fH/iBx2B0u+j49Yl8/bi4LrRXNYA3dgM3mFqpcsZjpmOYkMQUwfusx+WMXiuXnoiJ2GwUfQaT35ECQcZxDaeD7FxyFfcB+F9dZ6/m57b4MS/K6untqzM6+Wcd09Niw1E2Ek/4FbHewesIr6+oz88QB/PVRaPygS0m6NmBzjLQIM4ckd488SiHVOLQUdCwdPWoZJf6Ih5ntHDdj0wnr+tk+fdn721z4/guoRAnUkgd2jbJAqg9A19o4NMDlYVbXmOw/WOngWE1OgRPuHN/V5GgDayEaQRjG5WwD2lowjfCIV89jG5N9/2Z2Nu0Q27ZPmKH2cMgAtUznMz+PwfLKDUPI0hPrGQzeHB1hQewAJOVxc/EB1EYOPqdPCV0PWSeB/Eye0bI5AqEU30iE3UfXgr44AtXl2gMRUH3Nzt59hdV55zMtTumXFj3LP7gBbhM1WM+4eYYuV6QZ+ITKD5aE7+sKkTGghqUVR9/O2VKAb/vlxwksyD+GXl6cgPG+BEj+atmOvuob2iKvUSA/RcXsWOqFCeeG94/M/pJnvbUKGGyY4ZShvKEIzAQbl8OckVH5395LMQC0GkipBGMWYo1qhyW4M0y/L/o+aG7kkqOzWfKrpyGFQOK04O55X8eFrO4spE9oV8Bo136x0X4czhaVp8P+MBQ7XUkjC+3hOECCGNffbcirW5Y4IArrcJIaOloraH68ERrzQ8hWKvUB42AkXu6emDdhb9ShXXHc5DS9QoEtQTSJvdCyG7hXJDbLf2eMlQRdgt30dUKD3E9oJWma9Se0WO5TYsvaeiaxNyrzcvn9VYAL6S/2McBvdM5R3Uz+6N/nol2jHT4XrHjlGXFAXw2IAuvvI7R3fw11Hdl/Ga2iAu1YncitjCQjRq3gp+SdgLfldafgJwT+4HmZUqyUIn8SCmObceMtOPIW
|
||
|
"deleted": false,
|
||
|
"disable_correlation": false,
|
||
|
"object_relation": "malware-sample",
|
||
|
"timestamp": "1562233489",
|
||
|
"to_ids": true,
|
||
|
"type": "malware-sample",
|
||
|
"uuid": "5d1dca91-9bcc-4c03-a92f-4354950d210f",
|
||
|
"value": "b4e3b2a1f1e343d14af8d812d4a29440940b99aaf145b5699dfe277b5bfb8405|516ad28f8fa161f086be7ca122351edf"
|
||
|
},
|
||
|
{
|
||
|
"category": "Payload delivery",
|
||
|
"comment": "",
|
||
|
"deleted": false,
|
||
|
"disable_correlation": true,
|
||
|
"object_relation": "filename",
|
||
|
"timestamp": "1562233489",
|
||
|
"to_ids": true,
|
||
|
"type": "filename",
|
||
|
"uuid": "5d1dca91-9bd0-4a17-87b0-49d6950d210f",
|
||
|
"value": "javaw.exe"
|
||
|
},
|
||
|
{
|
||
|
"category": "Payload delivery",
|
||
|
"comment": "",
|
||
|
"deleted": false,
|
||
|
"disable_correlation": true,
|
||
|
"object_relation": "filename",
|
||
|
"timestamp": "1562233489",
|
||
|
"to_ids": true,
|
||
|
"type": "filename",
|
||
|
"uuid": "5d1dca91-380c-456b-a35f-492d950d210f",
|
||
|
"value": "Client.exe"
|
||
|
},
|
||
|
{
|
||
|
"category": "Payload delivery",
|
||
|
"comment": "",
|
||
|
"deleted": false,
|
||
|
"disable_correlation": false,
|
||
|
"object_relation": "md5",
|
||
|
"timestamp": "1562233489",
|
||
|
"to_ids": true,
|
||
|
"type": "md5",
|
||
|
"uuid": "5d1dca91-bb00-4b9e-a2a5-4bbf950d210f",
|
||
|
"value": "516ad28f8fa161f086be7ca122351edf"
|
||
|
},
|
||
|
{
|
||
|
"category": "Payload delivery",
|
||
|
"comment": "",
|
||
|
"deleted": false,
|
||
|
"disable_correlation": false,
|
||
|
"object_relation": "sha256",
|
||
|
"timestamp": "1562233489",
|
||
|
"to_ids": true,
|
||
|
"type": "sha256",
|
||
|
"uuid": "5d1dca91-bab4-4c09-96d9-4e3a950d210f",
|
||
|
"value": "b4e3b2a1f1e343d14af8d812d4a29440940b99aaf145b5699dfe277b5bfb8405"
|
||
|
},
|
||
|
{
|
||
|
"category": "Other",
|
||
|
"comment": "",
|
||
|
"deleted": false,
|
||
|
"disable_correlation": false,
|
||
|
"object_relation": "fullpath",
|
||
|
"timestamp": "1562233489",
|
||
|
"to_ids": false,
|
||
|
"type": "text",
|
||
|
"uuid": "5d1dca91-4000-44a7-8a1d-4b2f950d210f",
|
||
|
"value": "X:\\Project\\BotFrame\\Debug\\Client.exe"
|
||
|
},
|
||
|
{
|
||
|
"category": "Other",
|
||
|
"comment": "",
|
||
|
"deleted": false,
|
||
|
"disable_correlation": true,
|
||
|
"object_relation": "size-in-bytes",
|
||
|
"timestamp": "1562233489",
|
||
|
"to_ids": false,
|
||
|
"type": "size-in-bytes",
|
||
|
"uuid": "5d1dca91-bc00-455f-9002-4365950d210f",
|
||
|
"value": "1387520"
|
||
|
}
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"comment": "Second sample",
|
||
|
"deleted": false,
|
||
|
"description": "File object describing a file with meta-information",
|
||
|
"meta-category": "file",
|
||
|
"name": "file",
|
||
|
"template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215",
|
||
|
"template_version": "17",
|
||
|
"timestamp": "1562233704",
|
||
|
"uuid": "5d1dcb68-1c60-41fa-af3d-ae2b950d210f",
|
||
|
"Attribute": [
|
||
|
{
|
||
|
"category": "Payload delivery",
|
||
|
"comment": "",
|
||
|
"data": "UEsDBBQACQAIAAxO5E4vTbLdUxAGAAAsFQAgABwAYjJmOGM5Y2U5NTVkNDE1NWQ0NjZmYmJiNzgzNmUwOGJVVAkAA2jLHV1oyx1ddXgLAAEEIQAAAAQhAAAAdUJrRqOqOyxeXyR6JXM844/6W96+fR4GNBXO+l0k0BV/VwGV5RZQnG8z9OP4Ajs1Bf1jsVaI94Gi+eODNwrm6NB2fzpdyk79udwKa10Pg+Edyqi8ENKgIprfW9damWI6NmfeaSzkJzpTol5vAcjAL3hhE6XJ5iusnh/wxvfVm4FxJ6drwOq01VG8hLlCrjcCDlh57VIRQvaqKSR0taxEdbWQYusfIxulnJtXcxxQgGIe7+PpjfDUpuaNKHG7yDrjXJBc5MV2ocQ8tdzN4IjRTmfOK43nxGqKbT9jQ35l0PMQJNlad2h34SE7e/QJYI8eIUH69W7nHiOWRzM+m/F+NRh5pQnxdxrJK5CRR4FyDv405f6OmHtleSf9Zxdb9km52BgzSf+hoYEsiY2a1ml5ceXVRRrChbnnibSvDUlAi9NPcPkSay5zENlb26gPON/1XfwOLAVwnsbmvB51SXlbaVhOw7IRXa4VuP3U5vDneKRgXcVj7KJgRMtrD1KnG2Rb6i87Cy84gTSXZsG9zZEZwu4mS9R49AAaZ3n0mJk9d+O2m2KGLRxGtRyXjYuRg4SnSRcznXl1DYXZBXpsO3XlRiH6G4N92GRjb6HjdLvcwOYMOp/BdcdovCn46hnTS1IK4l3L3J2Ve0zv5gtvNvJfo1eQqDc4eissMEa+kmk0aYKiyX1plQ8ayW0VmWA/PP9zmteP8DuKQ6Igik62JRGtL3lsrqLxemCJfGaFnkEeSzkGGjbMJ4lF/2smPDJFscHSRiajaYP6wgBhTfN+KC/VX6gsxqV79+zQtUrEBiaXHN/e4010yekfCeLQSvNGqwfeRuQ/doQSoaf78dg2MgnGiw/Yem03Q4V5AgtxTxOgIFhF3NBJdyQ1UMeUK0vcd4kfSncxlsz8rKUcacPLu/iUIrdN3wblrWts1PY6kJ6mVEpqtXt4cezS3TJurTQqvQM4R6EF+D2NjlTWdHYYabKQm4rHKU6YBCWkOv96Kqk7DNY1zEX/5pdW/BVWMSZIMMA4liL+PiR0kylmTSnb1/w7UUOAbHaWcuOWWadFPj6U0dG6YNm4A/Lz6g+/ZdwI0mCVEbo3pKF0FS9OIptpc1aCJIGPIWKCbuj7XSbO9VljG6R+lh4UheQfwIbDraFxOUwZ8CKFl9JgVI0+ajoc74n+iTSVunFjB0Bsa18RLRxy7/3d7RNAr+Vp1u9Xwll4s+rORqY07hmMe7hjUbojx4COVbkIVIhNH/u6cuCYKUPABQexLg4iNJhvxslMA0xsC+APSwESSDdeArXfYSNzoX7M7zv4HSx7PB7sO/WKrCZjZNqp/3MxJ6C9O0ywupZ9Kx5SHBWo1wP1gSNZhUON2WTYeaJM1FfiReDsIpFYk0ZlWHEF+gNgfH9T/fe/UzWuQY5Vbgff1iy2imivro/SuCebqXbVhFbgZEK4rEMRVm8Loi8AsTci8cyHgKqpKYCwnuqgCRQX2NdKqxlDektJtElkUFMm0JjfMz9K7rzpWzH6oAfAAlbMuekuHfSYg4esDEeY9lfgdunGh1R127Qy/DE8M+AHCx1GJkhJGVvx2kCZghJpTDwxIAzQcNCgioa/DAtnXPty50R3egjssi0bOJ7mVLEPhU5rLmQNTBWsP+kQ8MO3HI6Y+R/Vz7i6Yq28SIL71+X+A7F7g0Nub7leoAykek5MRhK+7iiiQVKraPhI/xlWM5uyIR/GfW2bCaTcW66V1twdEUXkZn1HEAX6OkdUUD0tts7MUobHB6jE8mXIBgpQmoGtQUdU+AmIIj8RWPqY32eLdPs+R5i6syZES90RC2SAIB59ocLVbp4cRLl/Rijsw+yu923MbgUthnlEN9QgaEfivU6MNYxNCv0e9D7NILAeM561v6Xu730oyKHqC20POTnoMaluNL/MveP64BnPtiNC6UY7HD8jd3GfJ29i5xbtodVWzaDUP/qO8/1LKhzpsRrMlYf9n18Qg4nLdSutHZ8IouB1TVmT+LtK6+0zPMqAuncVdnoJcJHtnFH6Qhsj/6+IdU9FGIsgTMzy1i3D1VKRcFwRhqjtBmh3LmZcSXJxhsxvzvfWKDdAXH9udbHcpvIpeNlUhI3rGYbylP1JaYK9T6Kr/gS9enJabvtA3FuxU2sbAMzcc/68myNFf3fo9yOJVaJ7WyEXm9nel7qAKb+sSaZrO1Yh5+Nx25A1y2cy6W9D+qavTltnzKU+4knH2xNnGFBOgrQ2/r636fcfPInoqJJY8wS3qKRiJw8J/fivlKRPzkrraU6VFf4MmMwhMxXBtijDqLAyV4tykAmNcVBpPyN3UFSEQzZ/6Exn6shISj28BjI4Swpgvsv7k5Y9SXcCvsjFGUXtXzCxb/QFGx+IKpoXund7OWgEI8o1npYllZenMFAywSSfNp4Vb1toEmb4exWnK5kmM4ZMX1oOeeS4fo1bSB2mNYP7yhIdIAxBQxZBfbjLlwMRG5VbhPVFaMk4DK6JsbjN6BAWI3tCzg4q91vWc6vasBwjnCAmSXL6n1pmtu9/8dT2ArJe7tIwpYY1mBa1t4gjQ0Ie2rHCcvsYpwqN9yanMqcl/rch0xS73cGtiZljzcZj9ucUs5Ipn8Oal7KwhCy7GOu/qotD1niLOgoJnpu0OQYztJfBGXTWPFACRFcCCxoq+g5FBDBIxWkh37mr1WeETRXmV8E1jreDbNgJNdLagcYUK1g3Pl6/rQayWlOLOwz0X/mx8vYbJYB8rKC9Lr3uJ/9uZ1BgLqXBHBfwgXgiqzMoknRLP0WUJxcPb/8WMH2Iomnpp34YvlFKtVmj6VuQfhQ+qx+Vvmp55Sw5PGUhPsEA0d60jbqOT+M/8D3GkqgNvkm617QEa8IyNtKUL8AFETxj1VvgqDObbw6GtZA769ZU9iZk1qQ3uO9IiPLRBmFmHfWHN9GSJJ1tWXSjuiswAsJlv/Bu7/YHQKZIt9QOcqf1DeGntNz9An0eY1vzm0Y9k7CtlhrDZVGVMYzE6Ty9K4DsyEhflxc5oYFnlK+sqnCsvEuWXUWTkajJxAWCRKO+sRAsrmJazap+SrejwLe48agACUB4GUh8uf45ZG4NIN2aUxEc7v4KbBAEeK2pyAxpJBWQmydSuALMKriWGi4aNEl/Fxx+2zxLy/POY9kq9wv89V55iwkrO/P9wEdfYhj861WEQDfbWXg8ATwKXUHFpXCGnN/+eFUj9bFo+aoB2FY8tLDdeSdQwEOIAoSMwRk4l+zkM/oWrVsfefpjBbgLBNfdhlPCIq6/rJh1jL2u6PaVeKBz+jPLATBwZSpaRu6pE0685SMqDqEdRi1lAFUA4WpHVs72bieHkJX+p+F8xS9V7d63G0V+VyTwinh2bLfnkTHT9BHhqO72mlkeRnaoNmwFYWSEcC/41gRKZcyGLJsBEx+6aPodsQlu3FvFiUQGbRh7WvpANlU5qWokMahfandJ+SBgdGEPT52UVWGK4mtY9AHI5GCbGtxkJLr2Yfa/6y6N3Rbyeeow16Z/8JDlcZaoEckLtjQa8gPBxv3PCHSnHG3R6P/CSS7Ph+VojAljGIY+DtycFYs5PFK47dNU7QY+ov6b2G1RxYtBzDEg4uK7qGewRIrHl+gc/fe7MGgee2m2u3t8/64HQn1SPVmYbLM6cZomTCGTdX6ImT91Ku+xIM/eVsMOscGH1LaVegaURR7IX6bE3ikQstB0BGdDeneI2lPDw1K+9KsXHT1ZXTpUY/KuOm6nyZe3yVO+Rb/ZyxBHeeKK9Y2mDT85j6YbQiIAVsiruPk+1UjuLt6HJRCiWVfLM1dGd05PqSOqZJzevSXa8AsU+jhtaItfML1Y2BBSs0Uk95xK06+K8j85ZQGjpX6/0noJnijgSEvR2Byu0YzfH34vWqEbgkIO0nHgxYSB6KYX2FTqs2IpQgGpf72MKyJOcvClm62OKgwlFRSCFodnntDd/OxttD
|
||
|
"deleted": false,
|
||
|
"disable_correlation": false,
|
||
|
"object_relation": "malware-sample",
|
||
|
"timestamp": "1562233719",
|
||
|
"to_ids": true,
|
||
|
"type": "malware-sample",
|
||
|
"uuid": "5d1dcb77-658c-4b34-ad02-ae2b950d210f",
|
||
|
"value": "b214c7a127cb669a523791806353da5c5c04832f123a0a6df118642eee1632a3|b2f8c9ce955d4155d466fbbb7836e08b"
|
||
|
},
|
||
|
{
|
||
|
"category": "Payload delivery",
|
||
|
"comment": "",
|
||
|
"deleted": false,
|
||
|
"disable_correlation": false,
|
||
|
"object_relation": "filename",
|
||
|
"timestamp": "1562233765",
|
||
|
"to_ids": false,
|
||
|
"type": "filename",
|
||
|
"uuid": "5d1dcba5-c3e0-42a6-b869-ae2b950d210f",
|
||
|
"value": "b214c7a127cb669a523791806353da5c5c04832f123a0a6df118642eee1632a3"
|
||
|
},
|
||
|
{
|
||
|
"category": "Payload delivery",
|
||
|
"comment": "",
|
||
|
"deleted": false,
|
||
|
"disable_correlation": false,
|
||
|
"object_relation": "md5",
|
||
|
"timestamp": "1562233766",
|
||
|
"to_ids": true,
|
||
|
"type": "md5",
|
||
|
"uuid": "5d1dcba6-fc68-423d-ba8e-ae2b950d210f",
|
||
|
"value": "b2f8c9ce955d4155d466fbbb7836e08b"
|
||
|
},
|
||
|
{
|
||
|
"category": "Payload delivery",
|
||
|
"comment": "",
|
||
|
"deleted": false,
|
||
|
"disable_correlation": false,
|
||
|
"object_relation": "sha1",
|
||
|
"timestamp": "1562233862",
|
||
|
"to_ids": true,
|
||
|
"type": "sha1",
|
||
|
"uuid": "5d1dcc06-c620-471a-926a-ae2b950d210f",
|
||
|
"value": "f31bc350cf533e166aed46ee69b4a6d16523b88a"
|
||
|
},
|
||
|
{
|
||
|
"category": "Payload delivery",
|
||
|
"comment": "",
|
||
|
"deleted": false,
|
||
|
"disable_correlation": false,
|
||
|
"object_relation": "sha256",
|
||
|
"timestamp": "1562233866",
|
||
|
"to_ids": true,
|
||
|
"type": "sha256",
|
||
|
"uuid": "5d1dcc0a-6880-4294-a612-ae2b950d210f",
|
||
|
"value": "b214c7a127cb669a523791806353da5c5c04832f123a0a6df118642eee1632a3"
|
||
|
},
|
||
|
{
|
||
|
"category": "Other",
|
||
|
"comment": "",
|
||
|
"deleted": false,
|
||
|
"disable_correlation": true,
|
||
|
"object_relation": "size-in-bytes",
|
||
|
"timestamp": "1562233938",
|
||
|
"to_ids": false,
|
||
|
"type": "size-in-bytes",
|
||
|
"uuid": "5d1dcc52-6d18-46c0-ae9b-ae2b950d210f",
|
||
|
"value": "1387520"
|
||
|
}
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"comment": "",
|
||
|
"deleted": false,
|
||
|
"description": "File object describing a file with meta-information",
|
||
|
"meta-category": "file",
|
||
|
"name": "file",
|
||
|
"template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215",
|
||
|
"template_version": "17",
|
||
|
"timestamp": "1562233809",
|
||
|
"uuid": "5d1dcbd1-1ecc-49cb-9581-4560950d210f",
|
||
|
"Attribute": [
|
||
|
{
|
||
|
"category": "Payload delivery",
|
||
|
"comment": "",
|
||
|
"data": "UEsDBBQACQAIAEVO5E4vTbLdUxAGAAAsFQAgABwAYjJmOGM5Y2U5NTVkNDE1NWQ0NjZmYmJiNzgzNmUwOGJVVAkAA9HLHV3Ryx1ddXgLAAEEIQAAAAQhAAAAotmbJ09rAsegh8JYq/3d8OtwqiGweo6xYa2zrKMfgLVJXpJ5ubUJQYu74faT3qf7qpX1j4yoictmLZeM1jxg0i2OKUNl977h5xa6HUgyCK5czrTy00CpKoE2lmMtyV4nYtNwe1obCcLXS2KuZiaXWUWw5Eoc3FFSKxaRWgmXYmLmO3FVg974Q4uHqunt+S7m8YJOBxQ5+MdoKaKz6Y9gL0eOepc7wJvz/TB+6/oEuNkulqDHa5lnc/Q/+RLbeF5gMwEgBjXSrjaEsuEI3rrp0gQVv0rxBpNqVQ8/+kB/4rvDyQQ519yWT40SZgjguMHDBDeEcNAqVfFOCR9MlnMH02ZM4Q9pjfJPny/Pt6nCoeyvUwbh1TMmEnV1G1TsQxtyTwzvx0qBMCEbd+R0tp1b8/uuO++5zLi1SZ5Q9e8R0o/l+4gl1P2cUXB7bMoKe8+aURz+K561eU3UVHBE9u2S6aEp0wEvloPRk+/mEU8h8nmCOeJsbSz1j7NVaDOZykvS2ihfAsGGaYjvdCmm+xdLd1erNIn+abqEZgfV3UtDwkabAyshebNrsE8380ShqrBXOc8xBry0fC3619roG7qiQ3kB/QS+3HftdKtB8iFSMypzqppWr2z5i6ZuJ6CunAxFkD+M446bMQGoEkk8PoNnqfjxfr3c2e74PVRWXAzWZ87vr9PudQIC539U9Y/48Xu1VQEBQT+ZV0matq5D9FO9xjW46CtT7HZ9v9C+BJDVhh5l0kZiTQ+pLjZdz3W6GoovX0aTPsW3d5YH1f4q42GOAyhOwBgPDuRTniSC0McvwlZeCn8D2KwI8pRB6z+lglDWzUrRXHqXK8uVJ6TS5m44mXNH+DrIEbMnnUgHRu+R6+En7wHpiVhgQU1VHEt0zLf5ZJxKkhdMKR0qdDBo/hRgjz40d6s93xRa/ZtAMDlQ+eSeObrwqW/miMxguLWl+20KngtY3GX2+jVZ0o2/ZK3DJxk698gPyefG/cTb64Q8zxAY5EPt5zeT4n1hzZ3+CaghjJ/2rNVFHoUt8bZg3V1FxVXFJRCD9yn6SkSd1N1ht7pUMl9Mqq12pEzFuSIZBfmKylmi0Q0DJQ9l9yRzk5vrPCFbrkgsViuS/nxM+O4rdlV6Y+ha5TYsF6hVlExp064v06jyNZ51l5nbdPRPqhoYcO9iZINE4x3gtnsUCEw+bMe9h6afLwEM2V7EeN5OW7qcs5fVZMk9HPoQHVV6FPfy2Y4Ze7AptbKHKFJx89YGA4Xkf1UasjzZdXbWpcZfedeuAZOxSyENoR2C2ImDH0CtaFR++khrdp1ZRU42N8pJzta49RoNiz2Toj2LYeBfvj+2VaixqOSyMHUlKZG4AP7n7SsAXy+H9G3f80W80V4uvxY50bvB9RJ5NL24aYLQWXEnlccM2a0e7D5OXDDl+r3bO4Ixvv3+7TISVc0aqWsp6kxWHyspHrbVwEmZDkDtV2hCPgd9cnQOKanPKTTw8BIY5J4Y2hxtKBk450VQcgVIm1l1kFc1+pFipgitKoriNKIDB8JaxdFnJVoXdJQRWBJ0+BQg9LT6t0oOuPjmHUWRasC9WOGclSUoDPMv5U+zxxO5NpyXcMTs07zB4wiIYZUK17J5a6oViDO+D7WeyOnnnJRMinY36FV59DgL1+0EI4rf/uKKLlGQE1bM1hJlUBkjyySkP9TnO1hPhagkeXmyc8fgbdliupRSZO8LKqHH9H1kkUuhNkpZcCR0AanN7dnPo7xLAg0zFVzB4Ntf3r8R3/bYKfhb0nYpRc3wys/B0IOYPYB8/9d4s2JL+PClW3LhHjyUNJvy6ahVbdbxDAxkOo28PL5Ls0MGY5KxtZTFgj2WIDD1tBosqfCSLIRZGBHwfp4X/ytsWfi94dHe2ji2VDgntpD7DpwDL1gC8tgc/FUSVp/XMJhvfEgjR+XoWXuE7wARgRc5kq4g+4FruHQ1xNcLxzW8GIGPRcWihL1mzA+osWoqd2fo1VavFAxC1hkrjl7SdXTkzPkh2ccIAROwUPckYmVV3KR1HT5dsx5d37Yh9liUKydVVeTffLElOXWY4+ln4BP99FK0YhAmQaTXz8xdwgwfNesQsYH84LDWGNasJHsWrDJJ7+SH16I3q8zV/YJqWi9BFRFC2kwMSRaDCGWlGdHRJtpfHZif3hnx2v9vHAPwHuR4xOCt+cnd2QmFESnEQ7IUdUCS7TUFMaiMnI1O5ur+woaXXeapCHUXwI0Bk/cr9v+fWfD0bpfwCb/3nCp4u2Bh5aRjjJau0fEykRGT0ps2TOrHut8m1ofcI0ExTFYwGIQb3vwq9hJgmC5DJPRSSRQ9sjOEx2U/KC+X98Lyk4RjQvSJ4w1u0CcmZkGSwqOrrwQVdTBkLokb8xvO3dPZWyljcpVRScnjcRDfeY1o8abUQVHwfmxH3JnHgBlmQBqk6OB+uXq/I+V97tqczyx43r7nfj7z8pL0+XREYTRgcxqdId4WYf0NR1JoxmybT4Jdy+o6juxutPChEXVmdw8G1QSDhnL2WGOAZNuXjmno9HkRBaAPrBGIFX/s4v+kYo5HpnGGQi/8zM780yr7LDq9oh9S57uDsQt3eDBqyVG+UexBnfPaLtODKPul3KxUTeFargVkYETCOg6wti4kCLh8gpnuWtc1F1VJRDM0RWD5rDWgi7sYct7SfQ6GhQfm/2uq/RCoNJ8sxAiy9j4XQiDhM8BynIQwfk+Fmp+J+/UUU//mAiuMgLwvJEW6P58xHoCZH96U8JEGywKhmSRiBjVePSAykD2RosovY83lFWrkHREWdLEfjktiKZnsZ3rKKl72Pd0o2OkquKkE4LbW3OjeOnuWsiQt2K9e33jHfB9dJeenrEQKgvBc+5IxkpcIUsn4XFV8XoLKr9QYTYDW8i/bpmfgmlTORcjffup44aSfYVVHtPF/gzl7SdFoy3U+VC8zGtVf/NModN4i2ONJRmgqB/5uEiVwYMGyTYGog18ua2dzztgnAuFHn0jcRqalP59QxbximYp/b1CJ31cDcV3opZX3rEN4zOAJT1Aw2y8W7YiQCwmaCy5gTxGxAK7XbaG5uGa3BPoiJY0amHfVWp1boLIETAM1Uw6y3+I6YQQExpwg6TJ7l1KfssBZZZXy/Tu1khNVs08zsUvPT1OCasKjKcArAZ2H5t1o58Um9/n1WQQVjK25MONFj+UtQ7CMwEKVSfDH6h5s0h0bgnWXGMUNrAJt8ozOascawEFrAehaaa3/HyTBPpGBGT6ICRiO1r4BS9PtKsnfMbvx30cRK5hLieBt+oOj33wUhcklTtN50HPulCUjubfFpKqZxR+yVdSNktsyl48VsO726Roeal0+alCCSEO8l9ifO9vBdWtn3ZCqNBCyo15eLG1fSzUyRXgipCdjn0QMlpSn/7o12E4kGN3SyalfX2jOAWepyEeHq/EwGrAZA7n3piUIUNyJw4m5vduJFnqy8+YsjfvVL/NS0gN4zskg7I+KUzSKwE3ssxMWPedtwXI1Nhdf7HVsWGjemciDEGV+riYtxPQjh2cNcFhp8K4DBadUyoG0QyjJmdYZU/2AfQnLOli+bLYArVmtHudXJuAjFZzEeGaJLwBgICYxvEzZ5egFJ8jeazFs45Sd06zdwIBFswjRzKnsb5rYNCHBqoWDmtIE4dmJ2ZzV1057UEKUj9lznrP8Jnw7VHQHtHWYtlV83CCKpCxB85sjbAfSctv6+gxwegWx0t//nDRx3UAd3EMrdUzBjTJ2QqCEYI1OQjHu9Ndnsa3iNkMiXY/D8wPh/x9UiLe/KmTOdSSHL5wNpkq8yKlY2CDAFwqJC+qI+BQeYlmMZqWxuOwLa4SpYL+pbYZXT1hkQ86pKhg/NCKtyZ8QeolyZCumuIoJvtOkb5R5J9NGjzq2DvT++anr5qbFTSaBlqexb+drUhmghJoVaY9kpBOuHMKjDGTyGf
|
||
|
"deleted": false,
|
||
|
"disable_correlation": false,
|
||
|
"object_relation": "malware-sample",
|
||
|
"timestamp": "1562233816",
|
||
|
"to_ids": true,
|
||
|
"type": "malware-sample",
|
||
|
"uuid": "5d1dcbd8-27a8-431b-8a98-4db3950d210f",
|
||
|
"value": "b214c7a127cb669a523791806353da5c5c04832f123a0a6df118642eee1632a3|b2f8c9ce955d4155d466fbbb7836e08b"
|
||
|
},
|
||
|
{
|
||
|
"category": "Payload delivery",
|
||
|
"comment": "",
|
||
|
"deleted": false,
|
||
|
"disable_correlation": false,
|
||
|
"object_relation": "filename",
|
||
|
"timestamp": "1562233902",
|
||
|
"to_ids": false,
|
||
|
"type": "filename",
|
||
|
"uuid": "5d1dcc2e-74a4-4b93-b751-46ee950d210f",
|
||
|
"value": "b214c7a127cb669a523791806353da5c5c04832f123a0a6df118642eee1632a3"
|
||
|
},
|
||
|
{
|
||
|
"category": "Payload delivery",
|
||
|
"comment": "",
|
||
|
"deleted": false,
|
||
|
"disable_correlation": false,
|
||
|
"object_relation": "md5",
|
||
|
"timestamp": "1562233906",
|
||
|
"to_ids": true,
|
||
|
"type": "md5",
|
||
|
"uuid": "5d1dcc32-9068-43e9-9095-4c5f950d210f",
|
||
|
"value": "b2f8c9ce955d4155d466fbbb7836e08b"
|
||
|
}
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"comment": "",
|
||
|
"deleted": false,
|
||
|
"description": "File object describing a file with meta-information",
|
||
|
"meta-category": "file",
|
||
|
"name": "file",
|
||
|
"template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215",
|
||
|
"template_version": "17",
|
||
|
"timestamp": "1562354801",
|
||
|
"uuid": "5d1dcc9f-4ff4-4a67-9d55-4c50950d210f",
|
||
|
"ObjectReference": [
|
||
|
{
|
||
|
"comment": "",
|
||
|
"object_uuid": "5d1dcc9f-4ff4-4a67-9d55-4c50950d210f",
|
||
|
"referenced_uuid": "b9d123b3-6e49-44dc-9650-cba9b90be445",
|
||
|
"relationship_type": "analysed-with",
|
||
|
"timestamp": "1562234568",
|
||
|
"uuid": "5d1dcec8-60c0-469c-bdb2-4e25950d210f"
|
||
|
},
|
||
|
{
|
||
|
"comment": "",
|
||
|
"object_uuid": "5d1dcc9f-4ff4-4a67-9d55-4c50950d210f",
|
||
|
"referenced_uuid": "ad843e55-3218-4fb9-9acb-1e1bd2b9946e",
|
||
|
"relationship_type": "analysed-with",
|
||
|
"timestamp": "1562354802",
|
||
|
"uuid": "5d1fa472-10c0-48fc-a3f0-4f6d02de0b81"
|
||
|
}
|
||
|
],
|
||
|
"Attribute": [
|
||
|
{
|
||
|
"category": "Payload delivery",
|
||
|
"comment": "",
|
||
|
"data": "UEsDBBQACQAIALJO5E4vTbLdUxAGAAAsFQAgABwAYjJmOGM5Y2U5NTVkNDE1NWQ0NjZmYmJiNzgzNmUwOGJVVAkAA5/MHV2fzB1ddXgLAAEEIQAAAAQhAAAAPrBQ2PVogGiXLwEkhwBY8Tzq9A1LB3o6xZuVhoOjmajxwA1vVDhowLucHdlhuK+h7xqeVsgJXtKsl5NUsXF0VjCMzvt+HlOjdgPNAbzpNOLbqBUIGAb2NwzWeLG2dcUzBlhzQZIES3BsRPaP2iKkniHGT+J9Leu7zfcaFtLJIn7jb14tkFuE2t1f4KwQzKb6tTlKrCiXPMhwsrjpVBNvgzC5YpAaYelqLbp+3I2RNDYfEJOkxapITlA9Lhlcx2qW2N8TvI4ddjT2oxwk76fIZ4UKgzOXL+BGnPvrOfAoDo0f76zl8eyYohm62L2ANiMocyD/0K5gWvLZSpBi2r16djtYyQfxSpm17BfHubeLODREmbqDb/cVXk6a+8jQPC5qJ61jNDClKvqY5lOXP4dIIe1l1syAojOglwkDxdb28rYd0WU0vo0oRZjnzdx6Xq6PgNDLHaAKA+yd1P3d95IbpYk4nEnoLQWtALJ8/0qwhdwlRFDnWFgunbVAvL5n2kwzFzkdIgO4Ap8hVcP5GYF2ccoHT35wPjx9enLxU90QqGsgQnS31t34F+KWmMWUa1m5YqMXc28wNmDGPpAIrUDYJuHGcZtYUQQwbMWqAZeBziJWjQnL7D0D4AW9rI5zROqCsV/M0ugCK0JoEkh2Ss7vTluC2kszr8JeiwAlXxg7WJFIIfIsNw15kpe/ukGVLj3XCyf6n/3EPFTYpYDH1V2/LfEqc+udCWTgL0A2IbJ7Ve8tpTANyEPDMMRRQbqoi6mEi4rmYZhyYB4jOy1Ud8b9++ex9DzLAIZZ4BAOYlB87ESw1YtNf3hZ2EtEK7eP1ckXpJ390Gq6OqVu7f1Tdkyvni/Zxv6W9+iXm+p5Wefd2nuIkFU9MoWPK+yaAa+vkhW1JmdoLE4WfWcyaU/Rw6xVgeS5U2Qqv4944vmNKom+TKrUPnvm/5R8PV9/mFarX61SvPB4XBEQ+3mRxui+t8aj0xoGtxTIaSIGBoJ1bACI6Hpz/Ab8ncJ3s+CmcY87TeU/3CHwUeg1C5UbXXiSCjXVsupUtzkAyS8MUkBHxxsDsXfkz1PIO15Mh58czojy5pGlUqrtebFUnSlUvsQ0ir/E6ozfYAUr5q3jJPiT3mr2YOjB1gp4FS6qLkFnQhFoogZ0TBZGvvt08DousJfyB8quLJb3y/ARz0/e7mR1PD0aBYkBkfhqlziimZ8bIwe48wvJoAeNZlyhOtbMKcPHBVR+0+JaO3t6xLg7lyjmksrg0TB3ZGAw7MQoFP9lcRUXQRmv0RWOlXnZ50epUROaRh7nN0Rrl7QAngnnSSjOMVWAkPrrfsFXIucjWI9jC6FC81/wkU2i8kUewS9ftWUDCw92cZFglvMZvgiXQsgbDNJQth/I9zWCICsoHf3r8B0KUPnnxaR219YeZh2XJ4MJmoURusZ4yWPenDDYPNtvrKIyQBQ6Iz/PZ0QOl9LS+t1otzhzSab1323wH2N4k01xciNWsJlkQOnNZ4MwSIOv85xSeTIG+iXfS1abCRw/WN2aEXJmDAjLvBwQpJBF8NpS/EHmnPM2LxhphM2aZkqEWZrtezczw+9/+pqhkcGIBcVcvpCpwcuBWztJTNhhVReC5ryM3DFJIiA6AVkKpwspDBKSSddgogTD7knza2u9SLGySZVSuGBs5tJBxwLkjB0YWR8uk5CK9mMYkFB2lMqKdq5n7rQmGhxMefT9s1Myx/IJZEyfubgiauUnruyr/TbmD7TDQKZOar4FoJsSMe3d2bdHLPEXDXRtaaEDKg5cDZCYaQ3PX8rZDKXw5YR7RGosyL8IYhgheM6RrTaRYzn29yDnz2hmJ7+6toybB0WW6bDzubbCWScgJsfWqSjm+zD2yhWd+E7hKHoTCZkgo5aT2WkdcSyvqC3CSytVPqR6uwoikHELc5fV7REp2ztOohP6Qece+8TfH+RdFcVNxylRM7bnErbhUy1kthv/Fo/HXhD1TLotTkqveqgcQcP6cdw+UJ4I/9AKxLDa0iKH4nXI6dJbXdGMY+UV2Y7QIbvWFm0luwyTp1iWdDME2NpEIELYmZ3JoAk7MOvPSeBoEenzwc2dHppO29yHF7LygWIBEI7QxehlQ/QyqRv4GuFkTjFZzbWz0d8yd2UEBMUhmuP041EjCfqCdiNuj84m6hr05OiywvaWecoc9YxaiknIua2OsYZ0bfBvmeXryIM87mepxYKBLQVpOloXsfMi5caHf2KHLNaPt35vAo+6//NpcjEgmTF68N6gm7BC8m8PBc+tHB6vOwWZQPRHbOPAJPcxImSotG0LdUfvFz9O2kjGLkGD/DZdIpi+8eMYrnHb9BojMkadwHW1K7tlrbJMu1uX9K7oJ2/VbA6bGW0kD4fs/TZw9Y/mrT+8KhRZuk5mAjYuNswoWbLKSC06rtKW0Qot0ULe8+YU+np0Cie92kthjj7KEGIIDSdzs8j5daMa5LkHeshKpSFABh7YZptoKoqvC8K6jRA2z24hFAs4vXjh5sxpM5zKXz/FNVeZSbm2P9NHNh0lBka/4jLTsoOe/l7Wx890qfNbwAeWKKd+65jVR9AUMSiPpQLx9osMSDTCH9QmgrL4yxCVrTl/przGXOGlPzj6WF3yOKe2V3Elo9wgRZuz2ADhW2ke6ffMzTMxw8G51pex0gvuRPut8BmNFsGy9vQwVgjbI+I2QMWJwp1hCjTwqNPwD6J42KA+gueFM6KcBUhAdrU5YcZFzWRch05zivfpUVUvvILkFvscfWFhSJaVNfJ9Od7k4gTWiMh7lI8slMtf4d8+auD9q4gnaPO/kI+jGipYzdkp+sTsJSY5IDyQoP3Ga+QDF3aRuELzPcRW41u9TxU54jvdvKFGU+HDRMvcxfJDFyNHjfreFplPhdOHHRobWunm8uNU9E4rChBuZ/QswmdoqLO/Ilw21ZQYvLsICq1I2YTb1iWyl0ECK+JsaP9ufUBaJo5yXjII2olqH68suB1oq7OoPL6e4nWrSBIoRxE3OaE0dorVVgT6/MWRjJJI5ixi5R8ZY844KGsvyLX3lOpBs6zrMC31geE0r/tOtwTWs6sNiLcoGwndU1FMm93DBIgoorVXXCusPYNtUsZATKa0K5EyN0Je56V2/k2SbCtSWvi+WcWSmlV8qJ0g1K4C8rz5uF7wSbfjcy4z1jfjcw6kBYFGHAuM1bx+LH9+nymzRtv+0RL606yRArEaEA6N+kP6JDtXRs5ZsaAXrq30dv3PjxUWwEjs9NHSpTKYRCykMVzhZYXrd4xVCe/coKtHVYZJUoWOL2nBZOCW5GTgDBnbyTUp8BWf+NYAHlThRWMu8dE/s+H+P2qNb2+86fwjSY0UeWN2+0gkNguVH6qqiyN7kydRvjK8Z/1/HMrHATftk0PJbyXByCoSz3bO0aahl/Gxfsb67bgDiiAWOvaFWzxmgfUqJNf3/Bur/TlnP1yK9EOW5dTAIsDbu6HAVGQtKM8JQ01TMpHRjIhpy21802lcNB+/4hEVr5Pbe5yIepWNfkvwO+h7HS4yXn8z95+/Fcn6QYMes33iftNCSFke54j4t9LvrOYwPrQpor6bPATGY7vr/81eKGxMX6aNextJKsGGbp7OLBRlRuEGnjWkDNBUsC5AowDeh0u+Sdri305l86/chmi/89RfH/dG5gASCTADerfkFCWvxVot8l0k549Qvlp8NxNmSSGniHZPdzmxPG7+wjtbPoGN+k19m5i1sqYzvDD1l7jZUO/t0abTlL6eWP4QAo1x4De7nWZJDBwJL32zHiXvaG/zg5OLPg00e+RKGLC5GVsLkZVvnsgYc7BeKwwMgg++NX3Mpntuuu5fLX7oIdb92/kbf0hXU1ZMjfvY17d1ZpFzD3RjdRrbZyBs4nmMkEcYq6/hq/4Jkd5Xt2v1cXhVYQ6UwUR0O4qmg8mbbGWEF82nyrIKNt3jhcL5R2LxsM
|
||
|
"deleted": false,
|
||
|
"disable_correlation": false,
|
||
|
"object_relation": "malware-sample",
|
||
|
"timestamp": "1562234015",
|
||
|
"to_ids": true,
|
||
|
"type": "malware-sample",
|
||
|
"uuid": "5d1dcc9f-00d0-4d3f-aca6-4d38950d210f",
|
||
|
"value": "b214c7a127cb669a523791806353da5c5c04832f123a0a6df118642eee1632a3|b2f8c9ce955d4155d466fbbb7836e08b"
|
||
|
},
|
||
|
{
|
||
|
"category": "Payload delivery",
|
||
|
"comment": "",
|
||
|
"deleted": false,
|
||
|
"disable_correlation": false,
|
||
|
"object_relation": "filename",
|
||
|
"timestamp": "1562234015",
|
||
|
"to_ids": false,
|
||
|
"type": "filename",
|
||
|
"uuid": "5d1dcc9f-aaf4-45af-a0e8-4095950d210f",
|
||
|
"value": "b214c7a127cb669a523791806353da5c5c04832f123a0a6df118642eee1632a3"
|
||
|
},
|
||
|
{
|
||
|
"category": "Payload delivery",
|
||
|
"comment": "",
|
||
|
"deleted": false,
|
||
|
"disable_correlation": false,
|
||
|
"object_relation": "md5",
|
||
|
"timestamp": "1562234015",
|
||
|
"to_ids": true,
|
||
|
"type": "md5",
|
||
|
"uuid": "5d1dcc9f-b560-4f7f-b048-4775950d210f",
|
||
|
"value": "b2f8c9ce955d4155d466fbbb7836e08b"
|
||
|
},
|
||
|
{
|
||
|
"category": "Payload delivery",
|
||
|
"comment": "",
|
||
|
"deleted": false,
|
||
|
"disable_correlation": false,
|
||
|
"object_relation": "sha1",
|
||
|
"timestamp": "1562234015",
|
||
|
"to_ids": true,
|
||
|
"type": "sha1",
|
||
|
"uuid": "5d1dcc9f-2748-4cc2-9d08-4ee5950d210f",
|
||
|
"value": "f31bc350cf533e166aed46ee69b4a6d16523b88a"
|
||
|
},
|
||
|
{
|
||
|
"category": "Payload delivery",
|
||
|
"comment": "",
|
||
|
"deleted": false,
|
||
|
"disable_correlation": false,
|
||
|
"object_relation": "sha256",
|
||
|
"timestamp": "1562234016",
|
||
|
"to_ids": true,
|
||
|
"type": "sha256",
|
||
|
"uuid": "5d1dcca0-aedc-4709-8bae-4067950d210f",
|
||
|
"value": "b214c7a127cb669a523791806353da5c5c04832f123a0a6df118642eee1632a3"
|
||
|
},
|
||
|
{
|
||
|
"category": "Other",
|
||
|
"comment": "",
|
||
|
"deleted": false,
|
||
|
"disable_correlation": true,
|
||
|
"object_relation": "size-in-bytes",
|
||
|
"timestamp": "1562234016",
|
||
|
"to_ids": false,
|
||
|
"type": "size-in-bytes",
|
||
|
"uuid": "5d1dcca0-77e0-4f19-9519-42f4950d210f",
|
||
|
"value": "1387520"
|
||
|
}
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"comment": "",
|
||
|
"deleted": false,
|
||
|
"description": "File object describing a file with meta-information",
|
||
|
"meta-category": "file",
|
||
|
"name": "file",
|
||
|
"template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215",
|
||
|
"template_version": "17",
|
||
|
"timestamp": "1562234567",
|
||
|
"uuid": "5d1dceb0-5e88-4c96-9198-4be5950d210f",
|
||
|
"ObjectReference": [
|
||
|
{
|
||
|
"comment": "",
|
||
|
"object_uuid": "5d1dceb0-5e88-4c96-9198-4be5950d210f",
|
||
|
"referenced_uuid": "1b2bf589-d1bd-46ec-bdd9-e3377bf59cee",
|
||
|
"relationship_type": "analysed-with",
|
||
|
"timestamp": "1562234568",
|
||
|
"uuid": "5d1dcec8-c798-4914-afb4-4d38950d210f"
|
||
|
}
|
||
|
],
|
||
|
"Attribute": [
|
||
|
{
|
||
|
"category": "Payload delivery",
|
||
|
"comment": "",
|
||
|
"data": "UEsDBBQACQAIAExQ5E7qyUFnoiYDAADCBgAgABwAN2YwYWMxYjRlMTY5ZWRjNjI4NTY3MzE5NTNkYWQxMjZVVAkAA7DOHV2wzh1ddXgLAAEEIQAAAAQhAAAAhsJn4GXVusbBBDSTiUbtlXPhxuVlIA3Xbm2E+dId3ebmbCJksR2lX2/zMAp4fOa2PvfCSZHY8HYJ7kNnGA087ENc/i8EM/tf9Wkx2gdRetN81JRH0nAvhtlpeVA3Nvir8CtO8vJWEpGN4NFNuwFcHZG1AhvrBp6mKMsn8G7oKy/mOQxe9zeNk9FBsFqtSIngGBcx7FXNz3G8M8LSSuPojEve/FxRZum7bBOjWzKDVzTKhTwOVeJqzezdu8WS7toSWCWTQ6S/Lc13reFjLu7b9FNRQUWOFYwLpUQNDhWEiImPCEUf2b7O+gj1fRVy+1xEVKvV3u5i7wS3mvCYV7o4CcpkiED35seebpcVp9/p4r26tpF8QUO2YMkk7Dy2eucGOJp41grJURLzaZfyH62UaAsUQRLfn7a9FLFMjDwCPPeF2NWxdb0AqfiSlSIoiVytBd7d43QPww57P1Ype/1G/qtpLI3rIPJnKxSbwCzRKqyTU7rOz72BBi9USQ7zZIvW3vtuCA8NG40HQ0vVL4S6hv1CfPq1QDC0oarXmDXrJPZuMrfUKceDTNVymtyeeloIXEZ0K8WJ+6i3AAWV5Nu7EjNDMHO0MQ7oWTs7gtOL6NQJct4qN1qbK6rwtf8qFAO/QhTHD0rlNEViUXhit3P7k4GaNz281jVERvqe3PBKcnofgWZV6xr9VieUgUG8HMtHdQhl5Besd5OqUI0dFdzXT4cXJYmrsDfwcogUxVqRsXTsW2YQ0frocmiEy+zL+UlDmRtG7aFUWmsLCMnQTxtHIHyIV382yx+eK5gSdX0PWsaGPd9AEwsXbb/iNeqrAoStZq2J9TIVSGJ5o19AlT6uLBBg47bnN6NgRiKlMG78P/NliWJIbgkWaFTtAjULt0wJ4Y6ABnJXYCKhw5spIj6sltAQwO75cOr/okfsDxbQwf4RegXKFwJK3RR2O1je2vmDjIIV+Cki1rX5KBjuo/mTdE9/xyP0lHRL1av+StOOuPzPqpvRBjfUKa7BvvA2yK4ZOywP9g/KO8q1AQhtHs3BvYVm8rptLbEGAJHX93QuRt4nslwyb4IO0tyOTe1fxN+9+7QDzoWlp0d5IYzJCTceL84iViwmlMQMtOXh+dkhbUZVzb/EVFtUK6Oa7ND/8GvZo2vOAlRXtAkaCqb8DcKv7vvaqOlzQZZQf0H3v8TrZjL0pFWacqZUguPjNaMJClB0h2/I/hrMYd64iqxiTEyBsoNGpE3qwn4sXOGz0mn8PeFe0HtSff5SHzw5zHbqIUqEOMiVfQhNx/rJ1UFdRnPUllujA9yMkv/NBC5xFt4g8k7QiA52uLp8Utfu7NiiyL9+Veqk/hXm9jKMG/Jh0kidL/uHTeLu6I2t/+cJb008grwERKJ19sNFQgkCY5V9LF9ZHnAo0Ukg/N3yX9I426l5TGTUiYEcLg6muNRX85EVydGpIYCPhCYpxh2XETvl+ocq5Nnv4HOSDoof4IP9GbGXgXAmMJzL38Ln1dtxoWvUc1q9kHx9zoJ2gLLBZSAh21oy17r+2FrvMFiEFIFU/QeJ2X/M5GDFnqjmoj0yXzki0hlQ3GuDph0K6xHxwKcu8mzRcpwqCuXvtw24qT8nY4bYgDjRHnnN/393laUlSv/6AFxNK4dpyYE1JX44B3iheon51/8cGJjcNE6+8IEEWFq02KxprhNcsEk2xWgCdRCIoM6iA90HU6IWtnileTHxFjU7TzvDC8TuHfXq4DBYZOXESK3raVYsWXSrfJczKYdBikT782ebVg3GimQw2BB1/nLqtrHy1g8g+ayZcWf80sKJ5UGVAGWYJ+9GbGK6CgXzeGhOqQPP686+njILnKzFsOpKB9+RkBvt9ZdPyOgISrhuy/YXDLTJaAOll2QyStu7XJT8t8Eo449ZCOHV+Kde8BEiwpuWeIRuxZ7OzyAzoqjoq0nBfHIn8dLdEy3Km8SNzlCQAsgQJKtdeyUqQqlcS51rmt69Qi/k3inewBSusl8hlASXBwiGGHYJfXLVDfkQW+gPv92cyynBuB+UPp2BOkqz0WgGgZArtAilyUu7DeIdkLNKy6Phf2zNy47sXAGIdokAKekMvo5yZhsyHbf1vwkkKzIJ490yZcAOkhLKPd3rgHtHFF7MlfIgT0jGdb61VjZlyzPTUHkMH236ObPk+uIkLTAUNJomTRw1u1iqQJe9ozuyxeCa7JDCtEFtIV1E5z5CHMTME/wm3D1FQmpF3ShhW18t49J+jzSey8/bd4s35Bl+5aDFPi2Q1eH1rnsqJXyfcuuDZ0WXsYyvAlFGCrr+EfsmWAZmK++6JQih1gQn4JZP+1yajtLG7AvM6FXUIm8kRjKWBdgx78WpVQWX9L72iysXXiSvze4gvHpvi4BWhlA2DCTy3gRWrHX4FfeLJbpUST+qKSVZ5Dti1jgHRS9vxSSVKBBamKe7MAt8xeVw+XKIZguuPUgQ/o2wroERFKkyUY9vJbi5AWJjE1TBFhTD8ETZIkwV9OJ5P0B1IrL6Uq8wskPD8/YKg/aSkVbFEDdEd1vxthTqfcWh8kpmL5YUcI6orflGP1ipv0+wXYzhxZK1VKWXDPOPFw7NuhIdbDSjxsIIAeDDy+3/DlQHL7zELuhcLtNmD6VNedKC26CTp6Ug9bNBdsz9zsCOAssZ0Gaj+AIpq1jS29NRIX224wyo6eof6SXqbbnDRFnIXyhnxYOn3hZFPncncLnZKKji9KWYwRU9Xe+PDp2YqpBkvI2hznwVJExCVkEyyqjkKcu6P08gkkQ2289YFV1JwDWXvV5FJv6fs1oQwJWAddig+6DAG9VWYv3TZu7tSeYJlMgbBD/+qSE801r+yBN760spjR/fQKYLVblh2TGCAQxylWptBAbzpJrjYAwVNidmPlJHf6rCGEwZTqmY2kBY/a/K8yboVtmNlOI+qYlAELZzzXNl14wHxu5yx/dYPKI4bE4ZCnpFGaRKZeHPmcsxlSxzSiN7pelZWjhDqHylflpFxuvgY1L3moea0IGgP4/Ug9oXhKE9ZwtScvdWyC9lf8kjM81XFH9qaIsv+6HH99WpFyGrSIDBtrLxpX26a51d2QbyzdtD4cJCecIbtCuzzc6UMq7LhjRvINZDWe90S+Fmolc51+bdi8y7hlSDcvqKEN2NUMHO95hWE3s/E4+p2uTEj2QqXd3znDPUrk4hOpCHLt6Ycb4NbTjZ9knwNRTavGf8Clo16GD+GHOWtqAxL4EmrGom7/T+lK+TIEPa9/mwFrxth++bAqcmfcyFJmh9kDV8SlJq8G1MlHMkidO7hUJx7fnYAZzyIqhwBIUd7LD6h/N3j3ir4Gl8kpkuDzRNmTnUITP2GGlEPZmTGZzRHEyXp5K248/EaQxLIPL8yvhPweexyzOGsxw+sR1jdTCrSmzqW55s60r/BaPzTxip8iaCiEWxVAoc3BeM+lcgVRs5ChDFdYL4kiqabIHTR685gXHk/+sl66CdL7SG905VjZtKwo00Z+dFpyIoa0FkDQngEcCj5FboSP5WtEZ0HOed+QALa7nyWGCK7JdRHUoGRqTTBraJ4r7B3RYLY1/DCnv3SXNc61oae3PQ2l1PrxU7RgQrhSROpODwxdgFveWpppibYYGVSmg9PrVIAzDZ5dmV3aNfs3lvfT7o1NsyDXLahAqNGNDwMgZH5HdOUntpxPq7yQUkmF5FHIq2d3uiK/erypijHWE6ihYCi3ZZkxK+Q1H3MbihFozWJZ99sFXO9advdOdcQgLM5hGYPre1G74PdlfKRQ3XdMA7u/pRjp/iczluez246VrvfH7eTU1dVZQq6w0RtiETYMUgzSRdFb3XmQsOYAWgsyuR6cDbT+cWbi3djiTCDSBoJcP9dFR5rEWlpovJXpdidiGLf76/uh+BwY8WCGBS+JacTqWbOiSpKuU4DTS6iv+f6Tbf5mudILvqgMWGIcrG7C
|
||
|
"deleted": false,
|
||
|
"disable_correlation": false,
|
||
|
"object_relation": "malware-sample",
|
||
|
"timestamp": "1562234545",
|
||
|
"to_ids": true,
|
||
|
"type": "malware-sample",
|
||
|
"uuid": "5d1dceb1-3b44-4c3c-a84e-4ff7950d210f",
|
||
|
"value": "b20327c03703ebad191c0ba025a3f26494ff12c5908749e33e71589ae1e1f6b3|7f0ac1b4e169edc62856731953dad126"
|
||
|
},
|
||
|
{
|
||
|
"category": "Payload delivery",
|
||
|
"comment": "",
|
||
|
"deleted": false,
|
||
|
"disable_correlation": false,
|
||
|
"object_relation": "filename",
|
||
|
"timestamp": "1562234545",
|
||
|
"to_ids": false,
|
||
|
"type": "filename",
|
||
|
"uuid": "5d1dceb1-936c-4bf9-a00e-45a5950d210f",
|
||
|
"value": "b20327c03703ebad191c0ba025a3f26494ff12c5908749e33e71589ae1e1f6b3"
|
||
|
},
|
||
|
{
|
||
|
"category": "Payload delivery",
|
||
|
"comment": "",
|
||
|
"deleted": false,
|
||
|
"disable_correlation": false,
|
||
|
"object_relation": "md5",
|
||
|
"timestamp": "1562234545",
|
||
|
"to_ids": true,
|
||
|
"type": "md5",
|
||
|
"uuid": "5d1dceb1-58c4-4aff-81bd-4251950d210f",
|
||
|
"value": "7f0ac1b4e169edc62856731953dad126"
|
||
|
},
|
||
|
{
|
||
|
"category": "Payload delivery",
|
||
|
"comment": "",
|
||
|
"deleted": false,
|
||
|
"disable_correlation": false,
|
||
|
"object_relation": "sha1",
|
||
|
"timestamp": "1562234545",
|
||
|
"to_ids": true,
|
||
|
"type": "sha1",
|
||
|
"uuid": "5d1dceb1-37d8-4b5d-8fb1-4854950d210f",
|
||
|
"value": "1687f9a94aab13b18a105d62745300d8b49b037b"
|
||
|
},
|
||
|
{
|
||
|
"category": "Payload delivery",
|
||
|
"comment": "",
|
||
|
"deleted": false,
|
||
|
"disable_correlation": false,
|
||
|
"object_relation": "sha256",
|
||
|
"timestamp": "1562234545",
|
||
|
"to_ids": true,
|
||
|
"type": "sha256",
|
||
|
"uuid": "5d1dceb1-35a4-4f05-bbbe-4e36950d210f",
|
||
|
"value": "b20327c03703ebad191c0ba025a3f26494ff12c5908749e33e71589ae1e1f6b3"
|
||
|
},
|
||
|
{
|
||
|
"category": "Other",
|
||
|
"comment": "",
|
||
|
"deleted": false,
|
||
|
"disable_correlation": true,
|
||
|
"object_relation": "size-in-bytes",
|
||
|
"timestamp": "1562234545",
|
||
|
"to_ids": false,
|
||
|
"type": "size-in-bytes",
|
||
|
"uuid": "5d1dceb1-aab8-46f7-b8c7-465f950d210f",
|
||
|
"value": "442880"
|
||
|
}
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"comment": "",
|
||
|
"deleted": false,
|
||
|
"description": "VirusTotal report",
|
||
|
"meta-category": "misc",
|
||
|
"name": "virustotal-report",
|
||
|
"template_uuid": "d7dd0154-e04f-4c34-a2fb-79f3a3a52aa4",
|
||
|
"template_version": "2",
|
||
|
"timestamp": "1562234567",
|
||
|
"uuid": "1b2bf589-d1bd-46ec-bdd9-e3377bf59cee",
|
||
|
"Attribute": [
|
||
|
{
|
||
|
"category": "Other",
|
||
|
"comment": "",
|
||
|
"deleted": false,
|
||
|
"disable_correlation": false,
|
||
|
"object_relation": "last-submission",
|
||
|
"timestamp": "1562234545",
|
||
|
"to_ids": false,
|
||
|
"type": "datetime",
|
||
|
"uuid": "cca3eefe-49ec-4842-83d8-baf38d68972e",
|
||
|
"value": "2019-07-03T15:12:45"
|
||
|
},
|
||
|
{
|
||
|
"category": "Payload delivery",
|
||
|
"comment": "",
|
||
|
"deleted": false,
|
||
|
"disable_correlation": false,
|
||
|
"object_relation": "permalink",
|
||
|
"timestamp": "1562234545",
|
||
|
"to_ids": false,
|
||
|
"type": "link",
|
||
|
"uuid": "c3fc986f-c317-46e2-8502-c025de6de496",
|
||
|
"value": "https://www.virustotal.com/file/b20327c03703ebad191c0ba025a3f26494ff12c5908749e33e71589ae1e1f6b3/analysis/1562166765/"
|
||
|
},
|
||
|
{
|
||
|
"category": "Payload delivery",
|
||
|
"comment": "",
|
||
|
"deleted": false,
|
||
|
"disable_correlation": true,
|
||
|
"object_relation": "detection-ratio",
|
||
|
"timestamp": "1562234545",
|
||
|
"to_ids": false,
|
||
|
"type": "text",
|
||
|
"uuid": "a102335b-ecd3-4e79-8d4a-a4e48b974de3",
|
||
|
"value": "27/69"
|
||
|
}
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"comment": "",
|
||
|
"deleted": false,
|
||
|
"description": "VirusTotal report",
|
||
|
"meta-category": "misc",
|
||
|
"name": "virustotal-report",
|
||
|
"template_uuid": "d7dd0154-e04f-4c34-a2fb-79f3a3a52aa4",
|
||
|
"template_version": "2",
|
||
|
"timestamp": "1562234567",
|
||
|
"uuid": "b9d123b3-6e49-44dc-9650-cba9b90be445",
|
||
|
"Attribute": [
|
||
|
{
|
||
|
"category": "Other",
|
||
|
"comment": "",
|
||
|
"deleted": false,
|
||
|
"disable_correlation": false,
|
||
|
"object_relation": "last-submission",
|
||
|
"timestamp": "1562234016",
|
||
|
"to_ids": false,
|
||
|
"type": "datetime",
|
||
|
"uuid": "772c6917-2b8a-4dbb-a9ba-bbef0d772bb8",
|
||
|
"value": "2019-07-03T05:43:22"
|
||
|
},
|
||
|
{
|
||
|
"category": "Payload delivery",
|
||
|
"comment": "",
|
||
|
"deleted": false,
|
||
|
"disable_correlation": false,
|
||
|
"object_relation": "permalink",
|
||
|
"timestamp": "1562234016",
|
||
|
"to_ids": false,
|
||
|
"type": "link",
|
||
|
"uuid": "2883e42f-bc1b-491f-8363-d7be4dc00306",
|
||
|
"value": "https://www.virustotal.com/file/b214c7a127cb669a523791806353da5c5c04832f123a0a6df118642eee1632a3/analysis/1562132602/"
|
||
|
},
|
||
|
{
|
||
|
"category": "Payload delivery",
|
||
|
"comment": "",
|
||
|
"deleted": false,
|
||
|
"disable_correlation": true,
|
||
|
"object_relation": "detection-ratio",
|
||
|
"timestamp": "1562234016",
|
||
|
"to_ids": false,
|
||
|
"type": "text",
|
||
|
"uuid": "0dd22965-bb69-4035-890a-ad7a8916b45d",
|
||
|
"value": "17/67"
|
||
|
}
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"comment": "",
|
||
|
"deleted": false,
|
||
|
"description": "url object describes an url along with its normalized field (like extracted using faup parsing library) and its metadata.",
|
||
|
"meta-category": "network",
|
||
|
"name": "url",
|
||
|
"template_uuid": "60efb77b-40b5-4c46-871b-ed1ed999fce5",
|
||
|
"template_version": "7",
|
||
|
"timestamp": "1562234946",
|
||
|
"uuid": "5d1dd042-92e0-47ab-b0c5-4df9950d210f",
|
||
|
"Attribute": [
|
||
|
{
|
||
|
"category": "Other",
|
||
|
"comment": "",
|
||
|
"deleted": false,
|
||
|
"disable_correlation": true,
|
||
|
"object_relation": "scheme",
|
||
|
"timestamp": "1562234947",
|
||
|
"to_ids": false,
|
||
|
"type": "text",
|
||
|
"uuid": "5d1dd043-2370-4c2c-ad4b-4470950d210f",
|
||
|
"value": "http"
|
||
|
},
|
||
|
{
|
||
|
"category": "Other",
|
||
|
"comment": "POST containing harvested system information",
|
||
|
"deleted": false,
|
||
|
"disable_correlation": false,
|
||
|
"object_relation": "resource_path",
|
||
|
"timestamp": "1562234947",
|
||
|
"to_ids": false,
|
||
|
"type": "text",
|
||
|
"uuid": "5d1dd043-a384-43a9-b3e9-45b9950d210f",
|
||
|
"value": "/cl_client_online.php"
|
||
|
},
|
||
|
{
|
||
|
"category": "Other",
|
||
|
"comment": "GET C2 command",
|
||
|
"deleted": false,
|
||
|
"disable_correlation": false,
|
||
|
"object_relation": "resource_path",
|
||
|
"timestamp": "1562234947",
|
||
|
"to_ids": false,
|
||
|
"type": "text",
|
||
|
"uuid": "5d1dd043-9d04-4442-9f4e-4c37950d210f",
|
||
|
"value": "/cl_client_cmd.php"
|
||
|
},
|
||
|
{
|
||
|
"category": "Other",
|
||
|
"comment": "POST result of C2 command",
|
||
|
"deleted": false,
|
||
|
"disable_correlation": false,
|
||
|
"object_relation": "resource_path",
|
||
|
"timestamp": "1562234947",
|
||
|
"to_ids": false,
|
||
|
"type": "text",
|
||
|
"uuid": "5d1dd043-e630-47ff-9e51-4f70950d210f",
|
||
|
"value": "/cl_client_cmd_res.php"
|
||
|
},
|
||
|
{
|
||
|
"category": "Other",
|
||
|
"comment": "POST log message",
|
||
|
"deleted": false,
|
||
|
"disable_correlation": false,
|
||
|
"object_relation": "resource_path",
|
||
|
"timestamp": "1562234947",
|
||
|
"to_ids": false,
|
||
|
"type": "text",
|
||
|
"uuid": "5d1dd043-1690-44fc-a71a-48ca950d210f",
|
||
|
"value": "/cl_client_logs.php"
|
||
|
}
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"comment": "",
|
||
|
"deleted": false,
|
||
|
"description": "File object describing a file with meta-information",
|
||
|
"meta-category": "file",
|
||
|
"name": "file",
|
||
|
"template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215",
|
||
|
"template_version": "17",
|
||
|
"timestamp": "1562354801",
|
||
|
"uuid": "d4b1b6a9-8ad8-42a3-837d-2657a643fe05",
|
||
|
"ObjectReference": [
|
||
|
{
|
||
|
"comment": "",
|
||
|
"object_uuid": "d4b1b6a9-8ad8-42a3-837d-2657a643fe05",
|
||
|
"referenced_uuid": "24904b19-a810-4f5e-9eb3-ebe8f0c8d4a6",
|
||
|
"relationship_type": "analysed-with",
|
||
|
"timestamp": "1562354802",
|
||
|
"uuid": "5d1fa472-23e8-43c2-886f-463402de0b81"
|
||
|
}
|
||
|
],
|
||
|
"Attribute": [
|
||
|
{
|
||
|
"category": "Payload delivery",
|
||
|
"comment": "",
|
||
|
"deleted": false,
|
||
|
"disable_correlation": false,
|
||
|
"object_relation": "md5",
|
||
|
"timestamp": "1562354771",
|
||
|
"to_ids": true,
|
||
|
"type": "md5",
|
||
|
"uuid": "1e9d1efe-656e-46d5-90c7-d77a28db297c",
|
||
|
"value": "88eae0d31a6c38cfb615dd75918b47b1"
|
||
|
},
|
||
|
{
|
||
|
"category": "Payload delivery",
|
||
|
"comment": "",
|
||
|
"deleted": false,
|
||
|
"disable_correlation": false,
|
||
|
"object_relation": "sha1",
|
||
|
"timestamp": "1562354771",
|
||
|
"to_ids": true,
|
||
|
"type": "sha1",
|
||
|
"uuid": "48099a94-1b34-4dfb-ba2b-7e96e971d462",
|
||
|
"value": "52e7f36c92ffdbe624478a02ac8ac8208436ce8d"
|
||
|
},
|
||
|
{
|
||
|
"category": "Payload delivery",
|
||
|
"comment": "",
|
||
|
"deleted": false,
|
||
|
"disable_correlation": false,
|
||
|
"object_relation": "sha256",
|
||
|
"timestamp": "1562354771",
|
||
|
"to_ids": true,
|
||
|
"type": "sha256",
|
||
|
"uuid": "17350441-9ffa-4f77-9cf7-af23f9745a4b",
|
||
|
"value": "7fd526e1a190c10c060bac21de17d2c90eb2985633c9ab74020a2b78acd8a4c8"
|
||
|
}
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"comment": "",
|
||
|
"deleted": false,
|
||
|
"description": "VirusTotal report",
|
||
|
"meta-category": "misc",
|
||
|
"name": "virustotal-report",
|
||
|
"template_uuid": "d7dd0154-e04f-4c34-a2fb-79f3a3a52aa4",
|
||
|
"template_version": "2",
|
||
|
"timestamp": "1562354801",
|
||
|
"uuid": "24904b19-a810-4f5e-9eb3-ebe8f0c8d4a6",
|
||
|
"Attribute": [
|
||
|
{
|
||
|
"category": "Other",
|
||
|
"comment": "",
|
||
|
"deleted": false,
|
||
|
"disable_correlation": false,
|
||
|
"object_relation": "last-submission",
|
||
|
"timestamp": "1562354771",
|
||
|
"to_ids": false,
|
||
|
"type": "datetime",
|
||
|
"uuid": "75bdea15-901e-4381-a272-cf482842614e",
|
||
|
"value": "2019-07-04T14:54:29"
|
||
|
},
|
||
|
{
|
||
|
"category": "Payload delivery",
|
||
|
"comment": "",
|
||
|
"deleted": false,
|
||
|
"disable_correlation": false,
|
||
|
"object_relation": "permalink",
|
||
|
"timestamp": "1562354771",
|
||
|
"to_ids": false,
|
||
|
"type": "link",
|
||
|
"uuid": "016e8dce-ddda-4e0b-ba96-f75ca87561b7",
|
||
|
"value": "https://www.virustotal.com/file/7fd526e1a190c10c060bac21de17d2c90eb2985633c9ab74020a2b78acd8a4c8/analysis/1562252069/"
|
||
|
},
|
||
|
{
|
||
|
"category": "Payload delivery",
|
||
|
"comment": "",
|
||
|
"deleted": false,
|
||
|
"disable_correlation": true,
|
||
|
"object_relation": "detection-ratio",
|
||
|
"timestamp": "1562354771",
|
||
|
"to_ids": false,
|
||
|
"type": "text",
|
||
|
"uuid": "f9f87943-109c-438f-aba6-964d80e01e3e",
|
||
|
"value": "48/66"
|
||
|
}
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"comment": "",
|
||
|
"deleted": false,
|
||
|
"description": "VirusTotal report",
|
||
|
"meta-category": "misc",
|
||
|
"name": "virustotal-report",
|
||
|
"template_uuid": "d7dd0154-e04f-4c34-a2fb-79f3a3a52aa4",
|
||
|
"template_version": "2",
|
||
|
"timestamp": "1562354801",
|
||
|
"uuid": "ad843e55-3218-4fb9-9acb-1e1bd2b9946e",
|
||
|
"Attribute": [
|
||
|
{
|
||
|
"category": "Other",
|
||
|
"comment": "",
|
||
|
"deleted": false,
|
||
|
"disable_correlation": false,
|
||
|
"object_relation": "last-submission",
|
||
|
"timestamp": "1562234016",
|
||
|
"to_ids": false,
|
||
|
"type": "datetime",
|
||
|
"uuid": "79d8b7cb-0b7d-42dd-8b24-feb157d776b2",
|
||
|
"value": "2019-07-04T14:53:20"
|
||
|
},
|
||
|
{
|
||
|
"category": "Payload delivery",
|
||
|
"comment": "",
|
||
|
"deleted": false,
|
||
|
"disable_correlation": false,
|
||
|
"object_relation": "permalink",
|
||
|
"timestamp": "1562234016",
|
||
|
"to_ids": false,
|
||
|
"type": "link",
|
||
|
"uuid": "eaf4016f-2fd7-4551-a542-149a2e073790",
|
||
|
"value": "https://www.virustotal.com/file/b214c7a127cb669a523791806353da5c5c04832f123a0a6df118642eee1632a3/analysis/1562252000/"
|
||
|
},
|
||
|
{
|
||
|
"category": "Payload delivery",
|
||
|
"comment": "",
|
||
|
"deleted": false,
|
||
|
"disable_correlation": true,
|
||
|
"object_relation": "detection-ratio",
|
||
|
"timestamp": "1562234016",
|
||
|
"to_ids": false,
|
||
|
"type": "text",
|
||
|
"uuid": "14050522-faa7-4d29-b94b-e7cdcd2b435e",
|
||
|
"value": "26/66"
|
||
|
}
|
||
|
]
|
||
|
}
|
||
|
]
|
||
|
}
|
||
|
}
|