misp-circl-feed/feeds/circl/misp/e82f98b7-0734-44f9-99c4-1ac38805dbad.json

1091 lines
37 KiB
JSON
Raw Normal View History

2023-04-21 13:25:09 +00:00
{
"Event": {
"analysis": "2",
"date": "2021-01-26",
"extends_uuid": "",
"info": "OSINT - New campaign targeting security researchers",
"publish_timestamp": "1611668917",
"published": true,
"threat_level_id": "2",
"timestamp": "1611668896",
"uuid": "e82f98b7-0734-44f9-99c4-1ac38805dbad",
"Orgc": {
"name": "CIRCL",
"uuid": "55f6ea5e-2c60-40e5-964f-47a8950d210f"
},
"Tag": [
{
"colour": "#004646",
"name": "type:OSINT"
},
{
"colour": "#0071c3",
"name": "osint:lifetime=\"perpetual\""
},
{
"colour": "#ffffff",
"name": "tlp:white"
},
{
"colour": "#0088cc",
"name": "misp-galaxy:amitt-misinformation-pattern=\"Create fake Social Media Profiles / Pages / Groups\""
},
{
"colour": "#0088cc",
"name": "misp-galaxy:mitre-attack-pattern=\"Build social network persona - T1341\""
},
{
"colour": "#0088cc",
"name": "misp-galaxy:mitre-attack-pattern=\"Conduct social engineering - T1249\""
}
],
"Attribute": [
{
"category": "External analysis",
"comment": "",
"deleted": false,
"disable_correlation": false,
"timestamp": "1611651427",
"to_ids": false,
"type": "link",
"uuid": "3ddc418c-c483-4997-8583-e168c228cb23",
"value": "https://blog.google/threat-analysis-group/new-campaign-targeting-security-researchers/"
},
{
"category": "Network activity",
"comment": "C2 Domains: Attacker-Owned",
"deleted": false,
"disable_correlation": false,
"timestamp": "1611652315",
"to_ids": true,
"type": "domain",
"uuid": "90703a7a-b168-449b-92ad-892d5a596759",
"value": "angeldonationblog.com"
},
{
"category": "Network activity",
"comment": "C2 Domains: Attacker-Owned",
"deleted": false,
"disable_correlation": false,
"timestamp": "1611652315",
"to_ids": true,
"type": "domain",
"uuid": "bfc356d9-a325-4b9d-8f8d-7e411ab28fa0",
"value": "codevexillium.org"
},
{
"category": "Network activity",
"comment": "C2 Domains: Attacker-Owned",
"deleted": false,
"disable_correlation": false,
"timestamp": "1611652315",
"to_ids": true,
"type": "domain",
"uuid": "15259cb8-80cb-4886-843f-9736ea9e33b7",
"value": "investbooking.de"
},
{
"category": "Network activity",
"comment": "C2 Domains: Attacker-Owned",
"deleted": false,
"disable_correlation": false,
"timestamp": "1611652315",
"to_ids": true,
"type": "domain",
"uuid": "6994061b-3bf9-4bd4-96b9-1cb0cac35b11",
"value": "krakenfolio.com"
},
{
"category": "Network activity",
"comment": "C2 Domains: Attacker-Owned",
"deleted": false,
"disable_correlation": false,
"timestamp": "1611652315",
"to_ids": true,
"type": "domain",
"uuid": "87f6afcb-08be-479d-8a61-333dfd5a8161",
"value": "opsonew3org.sg"
},
{
"category": "Network activity",
"comment": "C2 Domains: Attacker-Owned",
"deleted": false,
"disable_correlation": false,
"timestamp": "1611652315",
"to_ids": true,
"type": "domain",
"uuid": "cb189fbf-7a7e-416b-852c-a87fba7b5306",
"value": "transferwiser.io"
},
{
"category": "Network activity",
"comment": "C2 Domains: Attacker-Owned",
"deleted": false,
"disable_correlation": false,
"timestamp": "1611652315",
"to_ids": true,
"type": "domain",
"uuid": "fd742a3c-0671-49dc-aa15-e4bc6837829b",
"value": "transplugin.io"
},
{
"category": "Network activity",
"comment": "C2 Domains: Legitimate but Compromised",
"deleted": false,
"disable_correlation": false,
"timestamp": "1611652340",
"to_ids": false,
"type": "domain",
"uuid": "93576121-0bdc-438d-bdcf-0157754f9afb",
"value": "trophylab.com"
},
{
"category": "Network activity",
"comment": "C2 Domains: Legitimate but Compromised",
"deleted": false,
"disable_correlation": false,
"timestamp": "1611652340",
"to_ids": false,
"type": "hostname",
"uuid": "8e5c482e-34b5-4f7c-b646-160eda4a05a7",
"value": "www.colasprint.com"
},
{
"category": "Network activity",
"comment": "C2 Domains: Legitimate but Compromised",
"deleted": false,
"disable_correlation": false,
"timestamp": "1611652340",
"to_ids": false,
"type": "hostname",
"uuid": "43a1a468-a130-49af-98f6-e40b30be5bb2",
"value": "www.dronerc.it"
},
{
"category": "Network activity",
"comment": "C2 Domains: Legitimate but Compromised",
"deleted": false,
"disable_correlation": false,
"timestamp": "1611652340",
"to_ids": false,
"type": "hostname",
"uuid": "1a10a76f-b26a-4147-8e60-67c473a9ce3a",
"value": "www.edujikim.com"
},
{
"category": "Network activity",
"comment": "C2 Domains: Legitimate but Compromised",
"deleted": false,
"disable_correlation": false,
"timestamp": "1611652340",
"to_ids": false,
"type": "hostname",
"uuid": "79dc595a-cfa6-4190-8b3a-34cebf4c4374",
"value": "www.fabioluciani.com"
},
{
"category": "Network activity",
"comment": "C2 URLs",
"deleted": false,
"disable_correlation": false,
"timestamp": "1611652370",
"to_ids": true,
"type": "url",
"uuid": "932b0250-5c28-420e-885c-e0351e5feef3",
"value": "https://angeldonationblog.com/image/upload/upload.php"
},
{
"category": "Network activity",
"comment": "C2 URLs",
"deleted": false,
"disable_correlation": false,
"timestamp": "1611652370",
"to_ids": true,
"type": "url",
"uuid": "f463d802-9144-41fc-861e-1cc5719286be",
"value": "https://codevexillium.org/image/download/download.asp"
},
{
"category": "Network activity",
"comment": "C2 URLs",
"deleted": false,
"disable_correlation": false,
"timestamp": "1611652370",
"to_ids": true,
"type": "url",
"uuid": "5eb84f9f-d2cc-4aaa-be04-4a71b4ca6913",
"value": "https://investbooking.de/upload/upload.asp"
},
{
"category": "Network activity",
"comment": "C2 URLs",
"deleted": false,
"disable_correlation": false,
"timestamp": "1611652370",
"to_ids": true,
"type": "url",
"uuid": "3ed9104f-e09a-4848-9062-eb264e1b0af1",
"value": "https://transplugin.io/upload/upload.asp"
},
{
"category": "Network activity",
"comment": "C2 URLs",
"deleted": false,
"disable_correlation": false,
"timestamp": "1611652370",
"to_ids": true,
"type": "url",
"uuid": "e9593349-d51d-4d3d-9589-7c3b96c84d67",
"value": "https://www.dronerc.it/forum/uploads/index.php"
},
{
"category": "Network activity",
"comment": "C2 URLs",
"deleted": false,
"disable_correlation": false,
"timestamp": "1611652371",
"to_ids": true,
"type": "url",
"uuid": "3617f3a2-4306-4fb7-a5ef-73f1626781fb",
"value": "https://www.dronerc.it/shop_testbr/Core/upload.php"
},
{
"category": "Network activity",
"comment": "C2 URLs",
"deleted": false,
"disable_correlation": false,
"timestamp": "1611652371",
"to_ids": true,
"type": "url",
"uuid": "ef7abb3f-5284-4037-acc1-c0660742c554",
"value": "https://www.dronerc.it/shop_testbr/upload/upload.php"
},
{
"category": "Network activity",
"comment": "C2 URLs",
"deleted": false,
"disable_correlation": false,
"timestamp": "1611652371",
"to_ids": true,
"type": "url",
"uuid": "68043e34-4b6c-46f8-a070-b583955b123e",
"value": "https://www.edujikim.com/intro/blue/insert.asp"
},
{
"category": "Network activity",
"comment": "C2 URLs",
"deleted": false,
"disable_correlation": false,
"timestamp": "1611652371",
"to_ids": true,
"type": "url",
"uuid": "af269dea-2782-4ae0-8f3c-b7ca7a8ae8bd",
"value": "https://www.fabioluciani.com/es/include/include.asp"
},
{
"category": "Network activity",
"comment": "C2 URLs",
"deleted": false,
"disable_correlation": false,
"timestamp": "1611652371",
"to_ids": true,
"type": "url",
"uuid": "1b6ec8a8-37db-43e9-8350-9ee65d50fbc8",
"value": "http://trophylab.com/notice/images/renewal/upload.asp"
},
{
"category": "Network activity",
"comment": "C2 URLs",
"deleted": false,
"disable_correlation": false,
"timestamp": "1611652371",
"to_ids": true,
"type": "url",
"uuid": "d6ad5a5c-f1d5-42fb-b847-acf611499b2b",
"value": "http://www.colasprint.com/_vti_log/upload.asp"
},
{
"category": "Payload delivery",
"comment": "",
"deleted": false,
"disable_correlation": false,
"timestamp": "1611652398",
"to_ids": true,
"type": "filename",
"uuid": "b2b87013-7b3d-477d-8d23-d6ea46f07ea6",
"value": "%WINDIR%\\System32\\Nwsapagent.sys"
},
{
"category": "Payload delivery",
"comment": "",
"deleted": false,
"disable_correlation": false,
"timestamp": "1611652398",
"to_ids": true,
"type": "filename",
"uuid": "4a91b975-4f8f-44e8-9383-a7b34548aff7",
"value": "%WINDIR%\\System32\\helpsvc.sys"
},
{
"category": "Payload delivery",
"comment": "",
"deleted": false,
"disable_correlation": false,
"timestamp": "1611652398",
"to_ids": true,
"type": "filename",
"uuid": "d727e503-a054-4d7b-aa97-d6fa32db600c",
"value": "%ALLUSERSPROFILE%\\USOShared\\uso.bin"
},
{
"category": "Payload delivery",
"comment": "",
"deleted": false,
"disable_correlation": false,
"timestamp": "1611652398",
"to_ids": true,
"type": "filename",
"uuid": "ef79f351-a17f-488f-9390-d16bf731c623",
"value": "%ALLUSERSPROFILE%\\VMware\\vmnat-update.bin"
},
{
"category": "Payload delivery",
"comment": "",
"deleted": false,
"disable_correlation": false,
"timestamp": "1611652398",
"to_ids": true,
"type": "filename",
"uuid": "d5b32b6c-6920-4b49-abec-025adb873dcb",
"value": "%ALLUSERSPROFILE%\\VirtualBox\\update.bin"
},
{
"category": "Network activity",
"comment": "LinkedIn Accounts",
"deleted": false,
"disable_correlation": false,
"timestamp": "1611659936",
"to_ids": true,
"type": "url",
"uuid": "c4437d79-4776-4a5f-9922-06b3828f45bf",
"value": "https://www.linkedin.com/in/billy-brown-a6678b1b8/"
},
{
"category": "Network activity",
"comment": "LinkedIn Accounts",
"deleted": false,
"disable_correlation": false,
"timestamp": "1611659936",
"to_ids": true,
"type": "url",
"uuid": "40bb31e3-5630-45bb-8a13-f6f57e455f12",
"value": "https://www.linkedin.com/in/guo-zhang-b152721bb/"
},
{
"category": "Network activity",
"comment": "LinkedIn Accounts",
"deleted": false,
"disable_correlation": false,
"timestamp": "1611659936",
"to_ids": true,
"type": "url",
"uuid": "cab3b3ed-97bd-4dff-93fd-e8cf7f1d9147",
"value": "https://www.linkedin.com/in/hyungwoo-lee-6985501b9/"
},
{
"category": "Network activity",
"comment": "LinkedIn Accounts",
"deleted": false,
"disable_correlation": false,
"timestamp": "1611659936",
"to_ids": true,
"type": "url",
"uuid": "0edbab56-c01e-44ca-8afc-e28f7a7bf584",
"value": "https://www.linkedin.com/in/linshuang-li-aa696391bb/"
},
{
"category": "Network activity",
"comment": "LinkedIn Accounts",
"deleted": false,
"disable_correlation": false,
"timestamp": "1611659936",
"to_ids": true,
"type": "url",
"uuid": "d90f830c-e37b-4495-b0e5-9e2b3396d8e9",
"value": "https://www.linkedin.com/in/rimmer-trajan-2806b21bb/"
},
{
"category": "Payload delivery",
"comment": "",
"deleted": false,
"disable_correlation": false,
"timestamp": "1611660143",
"to_ids": true,
"type": "sha256",
"uuid": "fda032e3-8407-4e7e-842b-30d56a0fdc1c",
"value": "4c3499f3cc4a4fdc7e67417e055891c78540282dccc57e37a01167dfe351b244"
},
{
"category": "Payload delivery",
"comment": "",
"deleted": false,
"disable_correlation": false,
"timestamp": "1611660143",
"to_ids": true,
"type": "sha256",
"uuid": "46921f59-3e20-4a79-8b50-d32a3706e896",
"value": "68e6b9d71c727545095ea6376940027b61734af5c710b2985a628131e47c6af7"
},
{
"category": "Payload delivery",
"comment": "",
"deleted": false,
"disable_correlation": false,
"timestamp": "1611660143",
"to_ids": true,
"type": "sha256",
"uuid": "8e27e1f9-0276-4cf0-a0a6-98c1648a9cf9",
"value": "25d8ae4678c37251e7ffbaeddc252ae2530ef23f66e4c856d98ef60f399fa3dc"
},
{
"category": "Payload delivery",
"comment": "",
"deleted": false,
"disable_correlation": false,
"timestamp": "1611660143",
"to_ids": true,
"type": "sha256",
"uuid": "81ac4f77-b7c7-4d2c-b9e8-f6b3d4266096",
"value": "a75886b016d84c3eaacaf01a3c61e04953a7a3adf38acf77a4a2e3a8f544f855"
},
{
"category": "Payload delivery",
"comment": "",
"deleted": false,
"disable_correlation": false,
"timestamp": "1611660143",
"to_ids": true,
"type": "sha256",
"uuid": "60433c38-74cf-46a6-b604-a1770d74aa0b",
"value": "a4fb20b15efd72f983f0fb3325c0352d8a266a69bb5f6ca2eba0556c3e00bd15"
}
],
"Object": [
{
"comment": "",
"deleted": false,
"description": "Metadata used to generate an executive level report",
"meta-category": "misc",
"name": "report",
"template_uuid": "70a68471-df22-4e3f-aa1a-5a3be19f82df",
"template_version": "1",
"timestamp": "1611651798",
"uuid": "3cd4c249-725a-4f19-acba-86619bf3dbe9",
"Attribute": [
{
"category": "Other",
"comment": "",
"deleted": false,
"disable_correlation": false,
"object_relation": "summary",
"timestamp": "1611651798",
"to_ids": false,
"type": "text",
"uuid": "e593399d-4d56-44ae-aa35-99d1f00a5810",
"value": "Over the past several months, the Threat Analysis Group has identified an ongoing campaign targeting security researchers working on vulnerability research and development at different companies and organizations. The actors behind this campaign, which we attribute to a government-backed entity based in North Korea, have employed a number of means to target researchers which we will outline below. We hope this post will remind those in the security research community that they are targets to government-backed attackers and should remain vigilant when engaging with individuals they have not previously interacted with.\r\n\r\nIn order to build credibility and connect with security researchers, the actors established a research blog and multiple Twitter profiles to interact with potential targets. They've used these Twitter profiles for posting links to their blog, posting videos of their claimed exploits and for amplifying and retweeting posts from other accounts that they control."
}
]
},
{
"comment": "https://keybase.io/zhangguo",
"deleted": false,
"description": "Information related to a keybase account, from API Users Object",
"meta-category": "misc",
"name": "keybase-account",
"template_uuid": "32c29c1c-a6c1-41e9-b1db-8cca88185ecd",
"template_version": "3",
"timestamp": "1611652467",
"uuid": "1476d0bd-4a64-42c4-8454-beaf24730937",
"Attribute": [
{
"category": "Other",
"comment": "",
"deleted": false,
"disable_correlation": false,
"object_relation": "username",
"timestamp": "1611652467",
"to_ids": false,
"type": "text",
"uuid": "f04484b1-68f5-4813-9cd0-43957f449676",
"value": "zhangguo"
}
]
},
{
"comment": "https://t.me/james50d",
"deleted": false,
"description": "Information related to a telegram account",
"meta-category": "misc",
"name": "telegram-account",
"template_uuid": "06f02ecf-5afb-42c5-9cb0-b362e222f52c",
"template_version": "1",
"timestamp": "1611654190",
"uuid": "01cf21c7-6d5c-4fdf-9c9c-04e96ed26571",
"Attribute": [
{
"category": "Other",
"comment": "",
"deleted": false,
"disable_correlation": false,
"object_relation": "username",
"timestamp": "1611654190",
"to_ids": false,
"type": "text",
"uuid": "8fd4d5bc-02a7-442d-9ef5-6715c81a86e7",
"value": "james50d"
}
]
},
{
"comment": "",
"deleted": false,
"description": "File object describing a file with meta-information",
"meta-category": "file",
"name": "file",
"template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215",
"template_version": "22",
"timestamp": "1611660243",
"uuid": "59332375-f44b-4f5e-8229-addcf54061f9",
"ObjectReference": [
{
"comment": "",
"object_uuid": "59332375-f44b-4f5e-8229-addcf54061f9",
"referenced_uuid": "049485c0-eed6-407f-9f4f-93bd021f153b",
"relationship_type": "analysed-with",
"timestamp": "0",
"uuid": "9dfc5354-cb11-4a24-8252-1a18253447dd"
}
],
"Attribute": [
{
"category": "Payload delivery",
"comment": "",
"deleted": false,
"disable_correlation": false,
"object_relation": "md5",
"timestamp": "1611660143",
"to_ids": true,
"type": "md5",
"uuid": "a8ef96b0-ca5f-4451-a6a9-03724401330f",
"value": "b52e05683b15c6ad56cebea4a5a54990"
},
{
"category": "Payload delivery",
"comment": "",
"deleted": false,
"disable_correlation": false,
"object_relation": "sha1",
"timestamp": "1611660143",
"to_ids": true,
"type": "sha1",
"uuid": "d66ae064-2804-4ff2-a1f5-11b23191a3c7",
"value": "baf97d3b9095911fb7c9c8d7152fdc32ca7b33aa"
},
{
"category": "Payload delivery",
"comment": "",
"deleted": false,
"disable_correlation": false,
"object_relation": "sha256",
"timestamp": "1611660143",
"to_ids": true,
"type": "sha256",
"uuid": "49779ba8-faeb-4cf0-b1a2-8e684613333a",
"value": "68e6b9d71c727545095ea6376940027b61734af5c710b2985a628131e47c6af7"
}
]
},
{
"comment": "",
"deleted": false,
"description": "VirusTotal report",
"meta-category": "misc",
"name": "virustotal-report",
"template_uuid": "d7dd0154-e04f-4c34-a2fb-79f3a3a52aa4",
"template_version": "3",
"timestamp": "1611660243",
"uuid": "049485c0-eed6-407f-9f4f-93bd021f153b",
"Attribute": [
{
"category": "Other",
"comment": "",
"deleted": false,
"disable_correlation": false,
"object_relation": "last-submission",
"timestamp": "1611660143",
"to_ids": false,
"type": "datetime",
"uuid": "84f9619c-f70e-4fc6-9dfe-8eac9316a1c9",
"value": "2021-01-26T11:03:02+00:00"
},
{
"category": "Payload delivery",
"comment": "",
"deleted": false,
"disable_correlation": false,
"object_relation": "permalink",
"timestamp": "1611660143",
"to_ids": false,
"type": "link",
"uuid": "94b5a639-8264-4987-9d6c-6c1d49dd4c96",
"value": "https://www.virustotal.com/gui/file/68e6b9d71c727545095ea6376940027b61734af5c710b2985a628131e47c6af7/detection/f-68e6b9d71c727545095ea6376940027b61734af5c710b2985a628131e47c6af7-1611658982"
},
{
"category": "Payload delivery",
"comment": "",
"deleted": false,
"disable_correlation": true,
"object_relation": "detection-ratio",
"timestamp": "1611660143",
"to_ids": false,
"type": "text",
"uuid": "f708ec77-f167-4744-9dd5-329999830dc5",
"value": "24/66"
}
]
},
{
"comment": "",
"deleted": false,
"description": "File object describing a file with meta-information",
"meta-category": "file",
"name": "file",
"template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215",
"template_version": "22",
"timestamp": "1611660243",
"uuid": "72f4f7c1-d888-4f44-848a-077ae461c27f",
"ObjectReference": [
{
"comment": "",
"object_uuid": "72f4f7c1-d888-4f44-848a-077ae461c27f",
"referenced_uuid": "1a387662-9877-4a53-b7e7-574bfe50a465",
"relationship_type": "analysed-with",
"timestamp": "0",
"uuid": "96e93be4-4661-4a7f-bc4f-1941bbcb2119"
}
],
"Attribute": [
{
"category": "Payload delivery",
"comment": "",
"deleted": false,
"disable_correlation": false,
"object_relation": "md5",
"timestamp": "1611660143",
"to_ids": true,
"type": "md5",
"uuid": "65b30158-68d3-408d-9987-a3c41122e4cc",
"value": "56018500f73e3f6cf179d3b853c27912"
},
{
"category": "Payload delivery",
"comment": "",
"deleted": false,
"disable_correlation": false,
"object_relation": "sha1",
"timestamp": "1611660143",
"to_ids": true,
"type": "sha1",
"uuid": "c313ca52-ccf7-48ce-baa0-7065cceed85b",
"value": "a3060a3efb9ac3da444ef8abc99143293076fe32"
},
{
"category": "Payload delivery",
"comment": "",
"deleted": false,
"disable_correlation": false,
"object_relation": "sha256",
"timestamp": "1611660143",
"to_ids": true,
"type": "sha256",
"uuid": "d0f33475-1744-4756-b4e0-88ed1de02b9a",
"value": "4c3499f3cc4a4fdc7e67417e055891c78540282dccc57e37a01167dfe351b244"
}
]
},
{
"comment": "",
"deleted": false,
"description": "VirusTotal report",
"meta-category": "misc",
"name": "virustotal-report",
"template_uuid": "d7dd0154-e04f-4c34-a2fb-79f3a3a52aa4",
"template_version": "3",
"timestamp": "1611660243",
"uuid": "1a387662-9877-4a53-b7e7-574bfe50a465",
"Attribute": [
{
"category": "Other",
"comment": "",
"deleted": false,
"disable_correlation": false,
"object_relation": "last-submission",
"timestamp": "1611660143",
"to_ids": false,
"type": "datetime",
"uuid": "ed766e79-ceed-4899-aace-ce3f51c60485",
"value": "2021-01-26T11:01:49+00:00"
},
{
"category": "Payload delivery",
"comment": "",
"deleted": false,
"disable_correlation": false,
"object_relation": "permalink",
"timestamp": "1611660143",
"to_ids": false,
"type": "link",
"uuid": "598cd307-eb19-4627-ba19-0b985e83f405",
"value": "https://www.virustotal.com/gui/file/4c3499f3cc4a4fdc7e67417e055891c78540282dccc57e37a01167dfe351b244/detection/f-4c3499f3cc4a4fdc7e67417e055891c78540282dccc57e37a01167dfe351b244-1611658909"
},
{
"category": "Payload delivery",
"comment": "",
"deleted": false,
"disable_correlation": true,
"object_relation": "detection-ratio",
"timestamp": "1611660143",
"to_ids": false,
"type": "text",
"uuid": "88620305-53de-49b0-bf92-2862935f1887",
"value": "20/69"
}
]
},
{
"comment": "",
"deleted": false,
"description": "File object describing a file with meta-information",
"meta-category": "file",
"name": "file",
"template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215",
"template_version": "22",
"timestamp": "1611660243",
"uuid": "5c4d1a81-b57c-4506-974a-95e91d2ff10e",
"ObjectReference": [
{
"comment": "",
"object_uuid": "5c4d1a81-b57c-4506-974a-95e91d2ff10e",
"referenced_uuid": "6c767512-a840-4aeb-9ad0-a26b79c64b14",
"relationship_type": "analysed-with",
"timestamp": "0",
"uuid": "e4365f6e-2d48-47b8-9f6b-2d01328b276d"
}
],
"Attribute": [
{
"category": "Payload delivery",
"comment": "",
"deleted": false,
"disable_correlation": false,
"object_relation": "md5",
"timestamp": "1611660143",
"to_ids": true,
"type": "md5",
"uuid": "5dd7394f-e599-49cf-9ec3-564c9eb4590c",
"value": "ae17ce1eb59dd82f38efb9666f279044"
},
{
"category": "Payload delivery",
"comment": "",
"deleted": false,
"disable_correlation": false,
"object_relation": "sha1",
"timestamp": "1611660143",
"to_ids": true,
"type": "sha1",
"uuid": "73332187-d598-4af3-b1e2-990f25c46299",
"value": "3b3acb4a55ba8e2da36223ae59ed420f856b0aaf"
},
{
"category": "Payload delivery",
"comment": "",
"deleted": false,
"disable_correlation": false,
"object_relation": "sha256",
"timestamp": "1611660143",
"to_ids": true,
"type": "sha256",
"uuid": "b4b243b9-6e6a-440f-ac77-027aca9d8361",
"value": "a4fb20b15efd72f983f0fb3325c0352d8a266a69bb5f6ca2eba0556c3e00bd15"
}
]
},
{
"comment": "",
"deleted": false,
"description": "VirusTotal report",
"meta-category": "misc",
"name": "virustotal-report",
"template_uuid": "d7dd0154-e04f-4c34-a2fb-79f3a3a52aa4",
"template_version": "3",
"timestamp": "1611660243",
"uuid": "6c767512-a840-4aeb-9ad0-a26b79c64b14",
"Attribute": [
{
"category": "Other",
"comment": "",
"deleted": false,
"disable_correlation": false,
"object_relation": "last-submission",
"timestamp": "1611660143",
"to_ids": false,
"type": "datetime",
"uuid": "58728f2e-d5c0-4b31-a8ac-8fc302c24385",
"value": "2021-01-26T11:04:20+00:00"
},
{
"category": "Payload delivery",
"comment": "",
"deleted": false,
"disable_correlation": false,
"object_relation": "permalink",
"timestamp": "1611660143",
"to_ids": false,
"type": "link",
"uuid": "577f6c8c-d8e2-468a-bc13-de832dd5ad4e",
"value": "https://www.virustotal.com/gui/file/a4fb20b15efd72f983f0fb3325c0352d8a266a69bb5f6ca2eba0556c3e00bd15/detection/f-a4fb20b15efd72f983f0fb3325c0352d8a266a69bb5f6ca2eba0556c3e00bd15-1611659060"
},
{
"category": "Payload delivery",
"comment": "",
"deleted": false,
"disable_correlation": true,
"object_relation": "detection-ratio",
"timestamp": "1611660143",
"to_ids": false,
"type": "text",
"uuid": "a81b421f-f6ae-4acc-b4fc-378b428064cd",
"value": "18/66"
}
]
},
{
"comment": "",
"deleted": false,
"description": "File object describing a file with meta-information",
"meta-category": "file",
"name": "file",
"template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215",
"template_version": "22",
"timestamp": "1611660243",
"uuid": "0169990c-9b31-46ab-980e-1afe3c03ffba",
"ObjectReference": [
{
"comment": "",
"object_uuid": "0169990c-9b31-46ab-980e-1afe3c03ffba",
"referenced_uuid": "fa61597a-b824-47d0-96c2-47e43c4d71cf",
"relationship_type": "analysed-with",
"timestamp": "0",
"uuid": "e85357be-3f82-4574-9238-2579778cd736"
}
],
"Attribute": [
{
"category": "Payload delivery",
"comment": "",
"deleted": false,
"disable_correlation": false,
"object_relation": "md5",
"timestamp": "1611660143",
"to_ids": true,
"type": "md5",
"uuid": "2c48d85d-1857-42dd-881a-f5c7ab03fff2",
"value": "9e9f69ed56482fff18933c5ec8612063"
},
{
"category": "Payload delivery",
"comment": "",
"deleted": false,
"disable_correlation": false,
"object_relation": "sha1",
"timestamp": "1611660143",
"to_ids": true,
"type": "sha1",
"uuid": "7b609bf4-664c-4dd2-be88-72b271e21141",
"value": "4ff6c02140ab1daf217b6e01ec042460389e2e92"
},
{
"category": "Payload delivery",
"comment": "",
"deleted": false,
"disable_correlation": false,
"object_relation": "sha256",
"timestamp": "1611660143",
"to_ids": true,
"type": "sha256",
"uuid": "a355124f-a4ff-40af-80a2-882da2140dc3",
"value": "25d8ae4678c37251e7ffbaeddc252ae2530ef23f66e4c856d98ef60f399fa3dc"
}
]
},
{
"comment": "",
"deleted": false,
"description": "VirusTotal report",
"meta-category": "misc",
"name": "virustotal-report",
"template_uuid": "d7dd0154-e04f-4c34-a2fb-79f3a3a52aa4",
"template_version": "3",
"timestamp": "1611660243",
"uuid": "fa61597a-b824-47d0-96c2-47e43c4d71cf",
"Attribute": [
{
"category": "Other",
"comment": "",
"deleted": false,
"disable_correlation": false,
"object_relation": "last-submission",
"timestamp": "1611660143",
"to_ids": false,
"type": "datetime",
"uuid": "3082e9c7-6612-40aa-9b58-14b6953928a8",
"value": "2021-01-26T11:03:31+00:00"
},
{
"category": "Payload delivery",
"comment": "",
"deleted": false,
"disable_correlation": false,
"object_relation": "permalink",
"timestamp": "1611660143",
"to_ids": false,
"type": "link",
"uuid": "5cd6e244-cdf7-4dc4-ab13-759ba60dd633",
"value": "https://www.virustotal.com/gui/file/25d8ae4678c37251e7ffbaeddc252ae2530ef23f66e4c856d98ef60f399fa3dc/detection/f-25d8ae4678c37251e7ffbaeddc252ae2530ef23f66e4c856d98ef60f399fa3dc-1611659011"
},
{
"category": "Payload delivery",
"comment": "",
"deleted": false,
"disable_correlation": true,
"object_relation": "detection-ratio",
"timestamp": "1611660143",
"to_ids": false,
"type": "text",
"uuid": "defe416d-b886-49ed-bbc3-4922e59f6318",
"value": "13/70"
}
]
},
{
"comment": "",
"deleted": false,
"description": "File object describing a file with meta-information",
"meta-category": "file",
"name": "file",
"template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215",
"template_version": "22",
"timestamp": "1611660243",
"uuid": "93a7efc9-90a9-4cea-a6fd-a754fca62e27",
"ObjectReference": [
{
"comment": "",
"object_uuid": "93a7efc9-90a9-4cea-a6fd-a754fca62e27",
"referenced_uuid": "aebc3c13-ac5c-41b2-85e3-e1eb16dfad53",
"relationship_type": "analysed-with",
"timestamp": "0",
"uuid": "00c65c12-2cbb-423b-bf94-0fc8fa271ed1"
}
],
"Attribute": [
{
"category": "Payload delivery",
"comment": "",
"deleted": false,
"disable_correlation": false,
"object_relation": "md5",
"timestamp": "1611660143",
"to_ids": true,
"type": "md5",
"uuid": "31fe11d7-75af-495e-a06f-9fb32b4e9fd6",
"value": "f5475608c0126582081e29927424f338"
},
{
"category": "Payload delivery",
"comment": "",
"deleted": false,
"disable_correlation": false,
"object_relation": "sha1",
"timestamp": "1611660143",
"to_ids": true,
"type": "sha1",
"uuid": "b3b4827b-3167-422c-91a4-a52153cbea18",
"value": "8e88fd82378794a17a4211fbf2ee2506b9636b02"
},
{
"category": "Payload delivery",
"comment": "",
"deleted": false,
"disable_correlation": false,
"object_relation": "sha256",
"timestamp": "1611660143",
"to_ids": true,
"type": "sha256",
"uuid": "ea90afe4-da07-4060-964c-1482eb1e3838",
"value": "a75886b016d84c3eaacaf01a3c61e04953a7a3adf38acf77a4a2e3a8f544f855"
}
]
},
{
"comment": "",
"deleted": false,
"description": "VirusTotal report",
"meta-category": "misc",
"name": "virustotal-report",
"template_uuid": "d7dd0154-e04f-4c34-a2fb-79f3a3a52aa4",
"template_version": "3",
"timestamp": "1611660243",
"uuid": "aebc3c13-ac5c-41b2-85e3-e1eb16dfad53",
"Attribute": [
{
"category": "Other",
"comment": "",
"deleted": false,
"disable_correlation": false,
"object_relation": "last-submission",
"timestamp": "1611660143",
"to_ids": false,
"type": "datetime",
"uuid": "98cf22a7-60b7-4ad7-9100-c6f73ccda357",
"value": "2021-01-26T11:03:46+00:00"
},
{
"category": "Payload delivery",
"comment": "",
"deleted": false,
"disable_correlation": false,
"object_relation": "permalink",
"timestamp": "1611660143",
"to_ids": false,
"type": "link",
"uuid": "cc2e28ed-9f1c-4783-9717-4606c54e8f86",
"value": "https://www.virustotal.com/gui/file/a75886b016d84c3eaacaf01a3c61e04953a7a3adf38acf77a4a2e3a8f544f855/detection/f-a75886b016d84c3eaacaf01a3c61e04953a7a3adf38acf77a4a2e3a8f544f855-1611659026"
},
{
"category": "Payload delivery",
"comment": "",
"deleted": false,
"disable_correlation": true,
"object_relation": "detection-ratio",
"timestamp": "1611660143",
"to_ids": false,
"type": "text",
"uuid": "f68a878a-618b-4c60-aa27-e096894602bf",
"value": "15/70"
}
]
}
]
}
}