647 lines
20 KiB
JSON
647 lines
20 KiB
JSON
|
{
|
||
|
"Event": {
|
||
|
"analysis": "0",
|
||
|
"date": "2019-09-19",
|
||
|
"extends_uuid": "",
|
||
|
"info": "OSINT - New Gootkit Banking Trojan campaign against Italian Companies and Users.",
|
||
|
"publish_timestamp": "1568898584",
|
||
|
"published": true,
|
||
|
"threat_level_id": "3",
|
||
|
"timestamp": "1568897957",
|
||
|
"uuid": "5d832991-f5e4-4623-945f-4bf6950d210f",
|
||
|
"Orgc": {
|
||
|
"name": "CIRCL",
|
||
|
"uuid": "55f6ea5e-2c60-40e5-964f-47a8950d210f"
|
||
|
},
|
||
|
"Tag": [
|
||
|
{
|
||
|
"colour": "#6edb00",
|
||
|
"name": "circl:topic=\"finance\""
|
||
|
},
|
||
|
{
|
||
|
"colour": "#004646",
|
||
|
"name": "type:OSINT"
|
||
|
},
|
||
|
{
|
||
|
"colour": "#0071c3",
|
||
|
"name": "osint:lifetime=\"perpetual\""
|
||
|
},
|
||
|
{
|
||
|
"colour": "#0087e8",
|
||
|
"name": "osint:certainty=\"50\""
|
||
|
},
|
||
|
{
|
||
|
"colour": "#ffffff",
|
||
|
"name": "tlp:white"
|
||
|
},
|
||
|
{
|
||
|
"colour": "#0088cc",
|
||
|
"name": "misp-galaxy:tool=\"GootKit\""
|
||
|
},
|
||
|
{
|
||
|
"colour": "#0088cc",
|
||
|
"name": "misp-galaxy:malpedia=\"GootKit\""
|
||
|
},
|
||
|
{
|
||
|
"colour": "#0088cc",
|
||
|
"name": "misp-galaxy:financial-fraud=\"Malware\""
|
||
|
}
|
||
|
],
|
||
|
"Attribute": [
|
||
|
{
|
||
|
"category": "Targeting data",
|
||
|
"comment": "",
|
||
|
"deleted": false,
|
||
|
"disable_correlation": false,
|
||
|
"timestamp": "1568897461",
|
||
|
"to_ids": false,
|
||
|
"type": "target-org",
|
||
|
"uuid": "5d8379b5-a06c-4378-92f3-c1bb950d210f",
|
||
|
"value": "Unicredit"
|
||
|
},
|
||
|
{
|
||
|
"category": "Targeting data",
|
||
|
"comment": "",
|
||
|
"deleted": false,
|
||
|
"disable_correlation": false,
|
||
|
"timestamp": "1568897461",
|
||
|
"to_ids": false,
|
||
|
"type": "target-org",
|
||
|
"uuid": "5d8379b5-9278-44d9-ba81-c1bb950d210f",
|
||
|
"value": "In-Bank"
|
||
|
},
|
||
|
{
|
||
|
"category": "Targeting data",
|
||
|
"comment": "",
|
||
|
"deleted": false,
|
||
|
"disable_correlation": false,
|
||
|
"timestamp": "1568897461",
|
||
|
"to_ids": false,
|
||
|
"type": "target-org",
|
||
|
"uuid": "5d8379b5-8ca4-42bf-a750-c1bb950d210f",
|
||
|
"value": "Cedacri"
|
||
|
},
|
||
|
{
|
||
|
"category": "Targeting data",
|
||
|
"comment": "",
|
||
|
"deleted": false,
|
||
|
"disable_correlation": false,
|
||
|
"timestamp": "1568897461",
|
||
|
"to_ids": false,
|
||
|
"type": "target-org",
|
||
|
"uuid": "5d8379b5-6ce8-44b5-861c-c1bb950d210f",
|
||
|
"value": "Intesa Sanpaolo"
|
||
|
},
|
||
|
{
|
||
|
"category": "Targeting data",
|
||
|
"comment": "",
|
||
|
"deleted": false,
|
||
|
"disable_correlation": false,
|
||
|
"timestamp": "1568897461",
|
||
|
"to_ids": false,
|
||
|
"type": "target-org",
|
||
|
"uuid": "5d8379b5-a79c-4138-bd9b-c1bb950d210f",
|
||
|
"value": "Groupe Banque Populaire"
|
||
|
},
|
||
|
{
|
||
|
"category": "Targeting data",
|
||
|
"comment": "",
|
||
|
"deleted": false,
|
||
|
"disable_correlation": false,
|
||
|
"timestamp": "1568897461",
|
||
|
"to_ids": false,
|
||
|
"type": "target-org",
|
||
|
"uuid": "5d8379b5-a554-4a3c-a460-c1bb950d210f",
|
||
|
"value": "Poste Italiane"
|
||
|
},
|
||
|
{
|
||
|
"category": "Targeting data",
|
||
|
"comment": "",
|
||
|
"deleted": false,
|
||
|
"disable_correlation": false,
|
||
|
"timestamp": "1568897461",
|
||
|
"to_ids": false,
|
||
|
"type": "target-org",
|
||
|
"uuid": "5d8379b5-bb98-40a1-9f0d-c1bb950d210f",
|
||
|
"value": "Cr\u00c3\u00a9dit Agricole"
|
||
|
},
|
||
|
{
|
||
|
"category": "Targeting data",
|
||
|
"comment": "",
|
||
|
"deleted": false,
|
||
|
"disable_correlation": false,
|
||
|
"timestamp": "1568897461",
|
||
|
"to_ids": false,
|
||
|
"type": "target-org",
|
||
|
"uuid": "5d8379b5-ffd8-421c-86ff-c1bb950d210f",
|
||
|
"value": "CariParma"
|
||
|
},
|
||
|
{
|
||
|
"category": "Targeting data",
|
||
|
"comment": "",
|
||
|
"deleted": false,
|
||
|
"disable_correlation": false,
|
||
|
"timestamp": "1568897461",
|
||
|
"to_ids": false,
|
||
|
"type": "target-org",
|
||
|
"uuid": "5d8379b5-a01c-4e29-aff6-c1bb950d210f",
|
||
|
"value": "Cr\u00c3\u00a9dit Coop\u00c3\u00a9ratif"
|
||
|
},
|
||
|
{
|
||
|
"category": "Targeting data",
|
||
|
"comment": "",
|
||
|
"deleted": false,
|
||
|
"disable_correlation": false,
|
||
|
"timestamp": "1568897461",
|
||
|
"to_ids": false,
|
||
|
"type": "target-org",
|
||
|
"uuid": "5d8379b5-7d04-4b3e-ba6f-c1bb950d210f",
|
||
|
"value": "BNP Paribas"
|
||
|
},
|
||
|
{
|
||
|
"category": "Targeting data",
|
||
|
"comment": "",
|
||
|
"deleted": false,
|
||
|
"disable_correlation": false,
|
||
|
"timestamp": "1568897461",
|
||
|
"to_ids": false,
|
||
|
"type": "target-org",
|
||
|
"uuid": "5d8379b5-0ef4-4904-881d-c1bb950d210f",
|
||
|
"value": "Caisse D'Epargne"
|
||
|
},
|
||
|
{
|
||
|
"category": "Targeting data",
|
||
|
"comment": "",
|
||
|
"deleted": false,
|
||
|
"disable_correlation": false,
|
||
|
"timestamp": "1568897461",
|
||
|
"to_ids": false,
|
||
|
"type": "target-org",
|
||
|
"uuid": "5d8379b5-eef0-42d9-9f25-c1bb950d210f",
|
||
|
"value": "Banco BPM"
|
||
|
},
|
||
|
{
|
||
|
"category": "Targeting data",
|
||
|
"comment": "",
|
||
|
"deleted": false,
|
||
|
"disable_correlation": false,
|
||
|
"timestamp": "1568897461",
|
||
|
"to_ids": false,
|
||
|
"type": "target-org",
|
||
|
"uuid": "5d8379b5-b3b0-4eab-86a2-c1bb950d210f",
|
||
|
"value": "Raiffeisen"
|
||
|
},
|
||
|
{
|
||
|
"category": "Network activity",
|
||
|
"comment": "Dropurl",
|
||
|
"deleted": false,
|
||
|
"disable_correlation": false,
|
||
|
"timestamp": "1568897684",
|
||
|
"to_ids": true,
|
||
|
"type": "url",
|
||
|
"uuid": "5d837a94-cb00-4865-b2c8-c1c3950d210f",
|
||
|
"value": "https://itp.surfpapara.com/b807112.bin"
|
||
|
},
|
||
|
{
|
||
|
"category": "Network activity",
|
||
|
"comment": "",
|
||
|
"deleted": false,
|
||
|
"disable_correlation": false,
|
||
|
"timestamp": "1568897684",
|
||
|
"to_ids": true,
|
||
|
"type": "hostname",
|
||
|
"uuid": "5d837a94-7960-4cb7-a565-c1c3950d210f",
|
||
|
"value": "itp.surfpapara.com"
|
||
|
},
|
||
|
{
|
||
|
"category": "Network activity",
|
||
|
"comment": "C2 (gootkit)",
|
||
|
"deleted": false,
|
||
|
"disable_correlation": false,
|
||
|
"timestamp": "1568897684",
|
||
|
"to_ids": true,
|
||
|
"type": "url",
|
||
|
"uuid": "5d837a94-b35c-4ba9-80d4-c1c3950d210f",
|
||
|
"value": "https://web.mavensd.org/200"
|
||
|
},
|
||
|
{
|
||
|
"category": "Network activity",
|
||
|
"comment": "",
|
||
|
"deleted": false,
|
||
|
"disable_correlation": false,
|
||
|
"timestamp": "1568897684",
|
||
|
"to_ids": true,
|
||
|
"type": "hostname",
|
||
|
"uuid": "5d837a94-af68-40ed-85e3-c1c3950d210f",
|
||
|
"value": "web.mavensd.org"
|
||
|
},
|
||
|
{
|
||
|
"category": "Network activity",
|
||
|
"comment": "",
|
||
|
"deleted": false,
|
||
|
"disable_correlation": false,
|
||
|
"timestamp": "1568897684",
|
||
|
"to_ids": true,
|
||
|
"type": "hostname",
|
||
|
"uuid": "5d837a94-be98-448c-9a29-c1c3950d210f",
|
||
|
"value": "cdn.areascans.com"
|
||
|
},
|
||
|
{
|
||
|
"category": "Network activity",
|
||
|
"comment": "",
|
||
|
"deleted": false,
|
||
|
"disable_correlation": false,
|
||
|
"timestamp": "1568897684",
|
||
|
"to_ids": true,
|
||
|
"type": "ip-dst",
|
||
|
"uuid": "5d837a94-2fd4-407b-99f3-c1c3950d210f",
|
||
|
"value": "185.141.27.101"
|
||
|
},
|
||
|
{
|
||
|
"category": "Network activity",
|
||
|
"comment": "Attribute #7619842 enriched by dns.",
|
||
|
"deleted": false,
|
||
|
"disable_correlation": false,
|
||
|
"timestamp": "1568897713",
|
||
|
"to_ids": false,
|
||
|
"type": "ip-src",
|
||
|
"uuid": "5d837ab1-3664-49ea-aca3-4514e387cbd9",
|
||
|
"value": "89.238.181.100"
|
||
|
},
|
||
|
{
|
||
|
"category": "Network activity",
|
||
|
"comment": "Attribute #7619844 enriched by dns.",
|
||
|
"deleted": false,
|
||
|
"disable_correlation": false,
|
||
|
"timestamp": "1568897713",
|
||
|
"to_ids": false,
|
||
|
"type": "ip-src",
|
||
|
"uuid": "5d837ab1-bf58-441a-ac3e-418fe387cbd9",
|
||
|
"value": "46.166.176.152"
|
||
|
}
|
||
|
],
|
||
|
"Object": [
|
||
|
{
|
||
|
"comment": "",
|
||
|
"deleted": false,
|
||
|
"description": "Microblog post like a Twitter tweet or a post on a Facebook wall.",
|
||
|
"meta-category": "misc",
|
||
|
"name": "microblog",
|
||
|
"template_uuid": "8ec8c911-ddbe-4f5b-895b-fbff70c42a60",
|
||
|
"template_version": "7",
|
||
|
"timestamp": "1568878187",
|
||
|
"uuid": "5d832cb5-cc3c-43b6-ad5c-4c04950d210f",
|
||
|
"Attribute": [
|
||
|
{
|
||
|
"category": "Other",
|
||
|
"comment": "",
|
||
|
"deleted": false,
|
||
|
"disable_correlation": false,
|
||
|
"object_relation": "post",
|
||
|
"timestamp": "1568878187",
|
||
|
"to_ids": false,
|
||
|
"type": "text",
|
||
|
"uuid": "5d832cb5-4318-4aa8-a51e-4e22950d210f",
|
||
|
"value": "New Gootkit Banking Trojan campaign against Italian Companies and Users.\r\nhttps://blog.yoroi.company/warning/nuove-operazioni-di-attacco-gootkit/\r\nIOCs:\r\nhttps://pastebin.com/6P5NWa1U\r\n#Gootkit #Banking #Trojan #Malware"
|
||
|
},
|
||
|
{
|
||
|
"category": "Other",
|
||
|
"comment": "",
|
||
|
"deleted": false,
|
||
|
"disable_correlation": true,
|
||
|
"object_relation": "type",
|
||
|
"timestamp": "1568878187",
|
||
|
"to_ids": false,
|
||
|
"type": "text",
|
||
|
"uuid": "5d832cb5-5874-420a-92bd-4fb4950d210f",
|
||
|
"value": "Twitter"
|
||
|
},
|
||
|
{
|
||
|
"category": "Network activity",
|
||
|
"comment": "",
|
||
|
"deleted": false,
|
||
|
"disable_correlation": false,
|
||
|
"object_relation": "embedded-link",
|
||
|
"timestamp": "1568878187",
|
||
|
"to_ids": true,
|
||
|
"type": "url",
|
||
|
"uuid": "5d832cb5-a7bc-4969-8d1d-4dab950d210f",
|
||
|
"value": "https://t.co/3yyykFMc1R?amp=1"
|
||
|
},
|
||
|
{
|
||
|
"category": "Other",
|
||
|
"comment": "",
|
||
|
"deleted": false,
|
||
|
"disable_correlation": false,
|
||
|
"object_relation": "username",
|
||
|
"timestamp": "1568878187",
|
||
|
"to_ids": false,
|
||
|
"type": "text",
|
||
|
"uuid": "5d832cb5-b220-45ea-9690-4d2f950d210f",
|
||
|
"value": "Bank_Security"
|
||
|
},
|
||
|
{
|
||
|
"category": "External analysis",
|
||
|
"comment": "",
|
||
|
"deleted": false,
|
||
|
"disable_correlation": false,
|
||
|
"object_relation": "link",
|
||
|
"timestamp": "1568878187",
|
||
|
"to_ids": false,
|
||
|
"type": "link",
|
||
|
"uuid": "5d832cb5-c344-49e8-a1a4-47b4950d210f",
|
||
|
"value": "https://mobile.twitter.com/Bank_Security/status/1174556512980819968"
|
||
|
},
|
||
|
{
|
||
|
"category": "Other",
|
||
|
"comment": "",
|
||
|
"deleted": false,
|
||
|
"disable_correlation": true,
|
||
|
"object_relation": "state",
|
||
|
"timestamp": "1568878187",
|
||
|
"to_ids": false,
|
||
|
"type": "text",
|
||
|
"uuid": "5d832cdd-7090-4089-88f3-46ca950d210f",
|
||
|
"value": "Informative"
|
||
|
},
|
||
|
{
|
||
|
"category": "Other",
|
||
|
"comment": "",
|
||
|
"deleted": false,
|
||
|
"disable_correlation": false,
|
||
|
"object_relation": "creation-date",
|
||
|
"timestamp": "1568878187",
|
||
|
"to_ids": false,
|
||
|
"type": "datetime",
|
||
|
"uuid": "5d832cdd-6b08-4374-8c0f-4d43950d210f",
|
||
|
"value": "2019-09-19T07:31:00"
|
||
|
},
|
||
|
{
|
||
|
"category": "Network activity",
|
||
|
"comment": "",
|
||
|
"deleted": false,
|
||
|
"disable_correlation": false,
|
||
|
"object_relation": "embedded-link",
|
||
|
"timestamp": "1568878187",
|
||
|
"to_ids": true,
|
||
|
"type": "url",
|
||
|
"uuid": "5d832e6b-6108-463f-9d4d-46ea950d210f",
|
||
|
"value": "https://t.co/9luSvWSO2e?amp=1"
|
||
|
},
|
||
|
{
|
||
|
"category": "External analysis",
|
||
|
"comment": "",
|
||
|
"deleted": false,
|
||
|
"disable_correlation": false,
|
||
|
"object_relation": "embedded-link",
|
||
|
"timestamp": "1568897942",
|
||
|
"to_ids": true,
|
||
|
"type": "link",
|
||
|
"uuid": "5d832e6b-010c-4433-b25e-470c950d210f",
|
||
|
"value": "https://blog.yoroi.company/warning/nuove-operazioni-di-attacco-gootkit/",
|
||
|
"Tag": [
|
||
|
{
|
||
|
"colour": "#00223b",
|
||
|
"name": "osint:source-type=\"blog-post\""
|
||
|
}
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"category": "External analysis",
|
||
|
"comment": "",
|
||
|
"deleted": false,
|
||
|
"disable_correlation": false,
|
||
|
"object_relation": "embedded-link",
|
||
|
"timestamp": "1568897957",
|
||
|
"to_ids": true,
|
||
|
"type": "link",
|
||
|
"uuid": "5d832e6b-abfc-4b0c-b672-465c950d210f",
|
||
|
"value": "https://pastebin.com/6P5NWa1U",
|
||
|
"Tag": [
|
||
|
{
|
||
|
"colour": "#003860",
|
||
|
"name": "osint:source-type=\"pastie-website\""
|
||
|
}
|
||
|
]
|
||
|
}
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"comment": "",
|
||
|
"deleted": false,
|
||
|
"description": "File object describing a file with meta-information",
|
||
|
"meta-category": "file",
|
||
|
"name": "file",
|
||
|
"template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215",
|
||
|
"template_version": "17",
|
||
|
"timestamp": "1568897524",
|
||
|
"uuid": "6bbf9a7d-6542-429f-ac4a-333de70ae74b",
|
||
|
"ObjectReference": [
|
||
|
{
|
||
|
"comment": "",
|
||
|
"object_uuid": "6bbf9a7d-6542-429f-ac4a-333de70ae74b",
|
||
|
"referenced_uuid": "3434304f-aa8f-4e7a-ac4a-4bce602af10e",
|
||
|
"relationship_type": "analysed-with",
|
||
|
"timestamp": "1568897525",
|
||
|
"uuid": "5d8379f5-2a0c-405a-8cde-c1c8950d210f"
|
||
|
}
|
||
|
],
|
||
|
"Attribute": [
|
||
|
{
|
||
|
"category": "Payload delivery",
|
||
|
"comment": "vbs",
|
||
|
"deleted": false,
|
||
|
"disable_correlation": false,
|
||
|
"object_relation": "md5",
|
||
|
"timestamp": "1568897511",
|
||
|
"to_ids": true,
|
||
|
"type": "md5",
|
||
|
"uuid": "f47aa0eb-61ff-4702-ab17-1190bedea230",
|
||
|
"value": "eb2a050f3c7b6fa0dc1d455232e786f3"
|
||
|
},
|
||
|
{
|
||
|
"category": "Payload delivery",
|
||
|
"comment": "vbs",
|
||
|
"deleted": false,
|
||
|
"disable_correlation": false,
|
||
|
"object_relation": "sha1",
|
||
|
"timestamp": "1568897511",
|
||
|
"to_ids": true,
|
||
|
"type": "sha1",
|
||
|
"uuid": "0a79bfac-971d-47db-9a80-1c94de72e0d3",
|
||
|
"value": "da03a783b590c9c998b593b9701cb227322856b9"
|
||
|
},
|
||
|
{
|
||
|
"category": "Payload delivery",
|
||
|
"comment": "vbs",
|
||
|
"deleted": false,
|
||
|
"disable_correlation": false,
|
||
|
"object_relation": "sha256",
|
||
|
"timestamp": "1568897511",
|
||
|
"to_ids": true,
|
||
|
"type": "sha256",
|
||
|
"uuid": "7dfbacd5-7d00-4817-8731-4e6d1382ed25",
|
||
|
"value": "67a96b2a5657bf39971c50e1b0e7f08f742b62bb1dffe45398298806d2e9fdba"
|
||
|
}
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"comment": "",
|
||
|
"deleted": false,
|
||
|
"description": "VirusTotal report",
|
||
|
"meta-category": "misc",
|
||
|
"name": "virustotal-report",
|
||
|
"template_uuid": "d7dd0154-e04f-4c34-a2fb-79f3a3a52aa4",
|
||
|
"template_version": "2",
|
||
|
"timestamp": "1568897524",
|
||
|
"uuid": "3434304f-aa8f-4e7a-ac4a-4bce602af10e",
|
||
|
"Attribute": [
|
||
|
{
|
||
|
"category": "Other",
|
||
|
"comment": "vbs",
|
||
|
"deleted": false,
|
||
|
"disable_correlation": false,
|
||
|
"object_relation": "last-submission",
|
||
|
"timestamp": "1568897511",
|
||
|
"to_ids": false,
|
||
|
"type": "datetime",
|
||
|
"uuid": "a7a82bfa-e573-4fe9-8ce4-a1c1b03717f4",
|
||
|
"value": "2019-09-19T05:45:56"
|
||
|
},
|
||
|
{
|
||
|
"category": "Payload delivery",
|
||
|
"comment": "vbs",
|
||
|
"deleted": false,
|
||
|
"disable_correlation": false,
|
||
|
"object_relation": "permalink",
|
||
|
"timestamp": "1568897511",
|
||
|
"to_ids": false,
|
||
|
"type": "link",
|
||
|
"uuid": "603f9363-bbf0-4a65-8917-3251a4739791",
|
||
|
"value": "https://www.virustotal.com/file/67a96b2a5657bf39971c50e1b0e7f08f742b62bb1dffe45398298806d2e9fdba/analysis/1568871956/"
|
||
|
},
|
||
|
{
|
||
|
"category": "Payload delivery",
|
||
|
"comment": "vbs",
|
||
|
"deleted": false,
|
||
|
"disable_correlation": true,
|
||
|
"object_relation": "detection-ratio",
|
||
|
"timestamp": "1568897511",
|
||
|
"to_ids": false,
|
||
|
"type": "text",
|
||
|
"uuid": "4c4adb3b-c544-4ec3-b57f-4343cabfb5d7",
|
||
|
"value": "12/56"
|
||
|
}
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"comment": "",
|
||
|
"deleted": false,
|
||
|
"description": "File object describing a file with meta-information",
|
||
|
"meta-category": "file",
|
||
|
"name": "file",
|
||
|
"template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215",
|
||
|
"template_version": "17",
|
||
|
"timestamp": "1568897524",
|
||
|
"uuid": "2d9d2fde-e283-457f-af6a-c2ed2d413a2b",
|
||
|
"ObjectReference": [
|
||
|
{
|
||
|
"comment": "",
|
||
|
"object_uuid": "2d9d2fde-e283-457f-af6a-c2ed2d413a2b",
|
||
|
"referenced_uuid": "5e753062-9287-4953-9bdb-0dd05bbbffa7",
|
||
|
"relationship_type": "analysed-with",
|
||
|
"timestamp": "1568897525",
|
||
|
"uuid": "5d8379f5-2298-44db-9aee-c1c8950d210f"
|
||
|
}
|
||
|
],
|
||
|
"Attribute": [
|
||
|
{
|
||
|
"category": "Payload delivery",
|
||
|
"comment": "exe",
|
||
|
"deleted": false,
|
||
|
"disable_correlation": false,
|
||
|
"object_relation": "md5",
|
||
|
"timestamp": "1568897512",
|
||
|
"to_ids": true,
|
||
|
"type": "md5",
|
||
|
"uuid": "ed21a624-0d43-40e4-8856-c12a16b81c74",
|
||
|
"value": "41db936a62634ba98b33051da243632a"
|
||
|
},
|
||
|
{
|
||
|
"category": "Payload delivery",
|
||
|
"comment": "exe",
|
||
|
"deleted": false,
|
||
|
"disable_correlation": false,
|
||
|
"object_relation": "sha1",
|
||
|
"timestamp": "1568897512",
|
||
|
"to_ids": true,
|
||
|
"type": "sha1",
|
||
|
"uuid": "d73aaea1-9f79-4d8d-a158-0364d47488bf",
|
||
|
"value": "f074c230441a9b682fb5cc4dae8615d4ad1a3fa5"
|
||
|
},
|
||
|
{
|
||
|
"category": "Payload delivery",
|
||
|
"comment": "exe",
|
||
|
"deleted": false,
|
||
|
"disable_correlation": false,
|
||
|
"object_relation": "sha256",
|
||
|
"timestamp": "1568897512",
|
||
|
"to_ids": true,
|
||
|
"type": "sha256",
|
||
|
"uuid": "f5493cf8-2c69-4cab-8901-b4a2dcbb2101",
|
||
|
"value": "c18c2e2636ebf84eec95f59b16c3091d02d57ac9f1b9d79fb61e160fb1a32a73"
|
||
|
}
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"comment": "",
|
||
|
"deleted": false,
|
||
|
"description": "VirusTotal report",
|
||
|
"meta-category": "misc",
|
||
|
"name": "virustotal-report",
|
||
|
"template_uuid": "d7dd0154-e04f-4c34-a2fb-79f3a3a52aa4",
|
||
|
"template_version": "2",
|
||
|
"timestamp": "1568897525",
|
||
|
"uuid": "5e753062-9287-4953-9bdb-0dd05bbbffa7",
|
||
|
"Attribute": [
|
||
|
{
|
||
|
"category": "Other",
|
||
|
"comment": "exe",
|
||
|
"deleted": false,
|
||
|
"disable_correlation": false,
|
||
|
"object_relation": "last-submission",
|
||
|
"timestamp": "1568897512",
|
||
|
"to_ids": false,
|
||
|
"type": "datetime",
|
||
|
"uuid": "72ea703a-87e2-421b-9abe-f5c5cc0fe8f1",
|
||
|
"value": "2019-09-18T13:39:42"
|
||
|
},
|
||
|
{
|
||
|
"category": "Payload delivery",
|
||
|
"comment": "exe",
|
||
|
"deleted": false,
|
||
|
"disable_correlation": false,
|
||
|
"object_relation": "permalink",
|
||
|
"timestamp": "1568897512",
|
||
|
"to_ids": false,
|
||
|
"type": "link",
|
||
|
"uuid": "e4eeee01-bbc4-41e0-816b-381eb061278f",
|
||
|
"value": "https://www.virustotal.com/file/c18c2e2636ebf84eec95f59b16c3091d02d57ac9f1b9d79fb61e160fb1a32a73/analysis/1568813982/"
|
||
|
},
|
||
|
{
|
||
|
"category": "Payload delivery",
|
||
|
"comment": "exe",
|
||
|
"deleted": false,
|
||
|
"disable_correlation": true,
|
||
|
"object_relation": "detection-ratio",
|
||
|
"timestamp": "1568897512",
|
||
|
"to_ids": false,
|
||
|
"type": "text",
|
||
|
"uuid": "ebd702a3-5b3b-4264-a959-8e9bebc5db73",
|
||
|
"value": "39/69"
|
||
|
}
|
||
|
]
|
||
|
}
|
||
|
]
|
||
|
}
|
||
|
}
|