2023-04-21 13:25:09 +00:00
{
"Event" : {
"analysis" : "0" ,
"date" : "2018-06-26" ,
"extends_uuid" : "" ,
"info" : "OSINT - RANCOR: Targeted Attacks in South East Asia Using PLAINTEE and DDKONG Malware Families" ,
"publish_timestamp" : "1530610129" ,
"published" : true ,
"threat_level_id" : "3" ,
"timestamp" : "1530610086" ,
"uuid" : "5b325da8-0434-48ad-8b27-48de950d210f" ,
"Orgc" : {
"name" : "CIRCL" ,
"uuid" : "55f6ea5e-2c60-40e5-964f-47a8950d210f"
} ,
"Tag" : [
{
"colour" : "#0088cc" ,
2023-05-19 09:05:37 +00:00
"local" : "0" ,
"name" : "misp-galaxy:tool=\"KHRAT\"" ,
"relationship_type" : ""
2023-04-21 13:25:09 +00:00
} ,
{
"colour" : "#0088cc" ,
2023-05-19 09:05:37 +00:00
"local" : "0" ,
"name" : "misp-galaxy:rat=\"KhRAT\"" ,
"relationship_type" : ""
2023-04-21 13:25:09 +00:00
} ,
{
"colour" : "#ffffff" ,
2023-05-19 09:05:37 +00:00
"local" : "0" ,
"name" : "tlp:white" ,
"relationship_type" : ""
2023-04-21 13:25:09 +00:00
} ,
{
"colour" : "#3b7500" ,
2023-05-19 09:05:37 +00:00
"local" : "0" ,
"name" : "circl:incident-classification=\"malware\"" ,
"relationship_type" : ""
2023-04-21 13:25:09 +00:00
} ,
{
"colour" : "#00223b" ,
2023-05-19 09:05:37 +00:00
"local" : "0" ,
"name" : "osint:source-type=\"blog-post\"" ,
"relationship_type" : ""
2023-04-21 13:25:09 +00:00
} ,
{
"colour" : "#0088cc" ,
2023-05-19 09:05:37 +00:00
"local" : "0" ,
"name" : "misp-galaxy:threat-actor=\"RANCOR\"" ,
"relationship_type" : ""
2023-04-21 13:25:09 +00:00
} ,
{
"colour" : "#0088cc" ,
2023-05-19 09:05:37 +00:00
"local" : "0" ,
"name" : "misp-galaxy:mitre-enterprise-attack-attack-pattern=\"Spearphishing Attachment - T1193\"" ,
"relationship_type" : ""
2023-04-21 13:25:09 +00:00
}
] ,
"Attribute" : [
{
"category" : "External analysis" ,
"comment" : "" ,
"deleted" : false ,
"disable_correlation" : false ,
"timestamp" : "1530093820" ,
"to_ids" : false ,
"type" : "text" ,
"uuid" : "5b325dc2-90c0-4944-9e86-4072950d210f" ,
"value" : "Throughout 2017 and 2018 Unit 42 has been tracking and observing a series of highly targeted attacks focused in South East Asia, building on our research into the KHRAT Trojan. Based on the evidence, these attacks appear to be conducted by the same set of attackers using previously unknown malware families. In addition, these attacks appear to be highly targeted in their distribution of the malware used, as well as the targets chosen. Based on these factors, Unit 42 believes the attackers behind these attacks are conducting their campaigns for espionage purposes.\r\n\r\nWe believe this group is previously unidentified and therefore have we have dubbed it \u00e2\u20ac\u0153RANCOR\u00e2\u20ac\u009d. The Rancor group\u00e2\u20ac\u2122s attacks use two primary malware families which we describe in depth later in this blog and are naming DDKONG and PLAINTEE. DDKONG is used throughout the campaign and PLAINTEE appears to be new addition to these attackers\u00e2\u20ac\u2122 toolkit. Countries Unit 42 has identified as targeted by Rancor with these malware families include, but are not limited to:\r\n\r\n Singapore\r\n Cambodia\r\n\r\nWe identified decoy files which indicate these attacks began with spear phishing messages but have not observed the actual messages. These decoys contain details from public news articles focused primarily on political news and events. Based on this, we believe the Rancor attackers were targeting political entities. Additionally, these decoy documents are hosted on legitimate websites including a government website belonging to the Cambodia Government and in at least once case, Facebook.\r\n\r\nThe malware and infrastructure used in these attacks falls into two distinct clusters, which we are labeling A and B, that are linked through their use of the PLAINTEE malware and several \u00e2\u20ac\u0153softer\u00e2\u20ac\u009d linkages." ,
"Tag" : [
{
"colour" : "#00223b" ,
2023-05-19 09:05:37 +00:00
"local" : "0" ,
"name" : "osint:source-type=\"blog-post\"" ,
"relationship_type" : ""
2023-04-21 13:25:09 +00:00
}
]
} ,
{
"category" : "External analysis" ,
"comment" : "" ,
"deleted" : false ,
"disable_correlation" : false ,
"timestamp" : "1530093831" ,
"to_ids" : false ,
"type" : "link" ,
"uuid" : "5b325dd5-5a74-419b-bc1a-41d7950d210f" ,
"value" : "https://researchcenter.paloaltonetworks.com/2018/06/unit42-rancor-targeted-attacks-south-east-asia-using-plaintee-ddkong-malware-families/" ,
"Tag" : [
{
"colour" : "#00223b" ,
2023-05-19 09:05:37 +00:00
"local" : "0" ,
"name" : "osint:source-type=\"blog-post\"" ,
"relationship_type" : ""
2023-04-21 13:25:09 +00:00
}
]
} ,
{
"category" : "Network activity" ,
"comment" : "Loader" ,
"deleted" : false ,
"disable_correlation" : false ,
"timestamp" : "1530086619" ,
"to_ids" : true ,
"type" : "hostname" ,
"uuid" : "5b3344db-0f88-4bec-b454-422a950d210f" ,
"value" : "www.facebook-apps.com"
} ,
{
"category" : "Network activity" ,
"comment" : "Loader" ,
"deleted" : false ,
"disable_correlation" : false ,
"timestamp" : "1530086620" ,
"to_ids" : true ,
"type" : "hostname" ,
"uuid" : "5b3344dc-bedc-4624-8b60-4f7b950d210f" ,
"value" : "dlj40s.jdanief.xyz"
} ,
{
"category" : "Network activity" ,
"comment" : "Loader" ,
"deleted" : false ,
"disable_correlation" : false ,
"timestamp" : "1530087538" ,
"to_ids" : true ,
"type" : "ip-dst" ,
"uuid" : "5b334872-9e80-4ce8-80c8-49df950d210f" ,
"value" : "89.46.222.97"
} ,
{
"category" : "Artifacts dropped" ,
"comment" : "PLAINTEE" ,
"deleted" : false ,
"disable_correlation" : false ,
"timestamp" : "1530088211" ,
"to_ids" : false ,
"type" : "mutex" ,
"uuid" : "5b334b13-a7cc-48de-9517-4db9950d210f" ,
"value" : "microsoftfuckedupb"
} ,
{
"category" : "Artifacts dropped" ,
"comment" : "PLAINTEE" ,
"deleted" : false ,
"disable_correlation" : false ,
"timestamp" : "1530088286" ,
"to_ids" : false ,
"type" : "mutex" ,
"uuid" : "5b334b5e-3568-42d1-98f3-4f63950d210f" ,
"value" : "Microsoftfuckedup"
} ,
{
"category" : "Network activity" ,
"comment" : "PLAINTEE" ,
"deleted" : false ,
"disable_correlation" : false ,
"timestamp" : "1530089821" ,
"to_ids" : true ,
"type" : "ip-dst" ,
"uuid" : "5b33515d-58b4-42bd-9440-4d80950d210f" ,
"value" : "199.247.6.253"
} ,
{
"category" : "Network activity" ,
"comment" : "PLAINTEE" ,
"deleted" : false ,
"disable_correlation" : false ,
"timestamp" : "1530089822" ,
"to_ids" : true ,
"type" : "ip-dst" ,
"uuid" : "5b33515e-eef0-41af-82e3-4542950d210f" ,
"value" : "45.76.176.236"
} ,
{
"category" : "Network activity" ,
"comment" : "PLAINTEE - DDKONG" ,
"deleted" : false ,
"disable_correlation" : false ,
"timestamp" : "1530090480" ,
"to_ids" : true ,
"type" : "hostname" ,
"uuid" : "5b33515f-86a4-4d15-81eb-4878950d210f" ,
"value" : "goole.authorizeddns.us"
} ,
{
"category" : "Network activity" ,
"comment" : "PLAINTEE - DDKONG" ,
"deleted" : false ,
"disable_correlation" : false ,
"timestamp" : "1530090500" ,
"to_ids" : true ,
"type" : "ip-dst" ,
"uuid" : "5b33515f-a7e4-455a-83e1-41af950d210f" ,
"value" : "103.75.189.74"
} ,
{
"category" : "Network activity" ,
"comment" : "PLAINTEE" ,
"deleted" : false ,
"disable_correlation" : false ,
"timestamp" : "1530089824" ,
"to_ids" : true ,
"type" : "ip-dst" ,
"uuid" : "5b335160-6560-4bbf-b10a-47c9950d210f" ,
"value" : "131.153.48.146"
} ,
{
"category" : "Network activity" ,
"comment" : "DDKONG" ,
"deleted" : false ,
"disable_correlation" : false ,
"timestamp" : "1530090468" ,
"to_ids" : true ,
"type" : "hostname" ,
"uuid" : "5b3353b3-0db4-4cbf-a6a8-4578950d210f" ,
"value" : "microsoft.authorizeddns.us"
} ,
{
"category" : "Payload delivery" ,
"comment" : "DDKONG" ,
"deleted" : false ,
"disable_correlation" : false ,
"timestamp" : "1530090483" ,
"to_ids" : true ,
"type" : "filename" ,
"uuid" : "5b3353b4-8968-45b6-9874-4b21950d210f" ,
"value" : "www.google_ssl.onmypc.org"
} ,
{
"category" : "Network activity" ,
"comment" : "DDKONG" ,
"deleted" : false ,
"disable_correlation" : false ,
"timestamp" : "1530090446" ,
"to_ids" : true ,
"type" : "hostname" ,
"uuid" : "5b3353b5-a744-4a97-99f1-4219950d210f" ,
"value" : "ftp.chinhphu.ddns.ms"
} ,
{
"category" : "Network activity" ,
"comment" : "DDKONG" ,
"deleted" : false ,
"disable_correlation" : false ,
"timestamp" : "1530090472" ,
"to_ids" : true ,
"type" : "hostname" ,
"uuid" : "5b3353b5-c0b8-468f-b5b7-4156950d210f" ,
"value" : "www.microsoft.https443.org"
} ,
{
"category" : "Network activity" ,
"comment" : "DDKONG" ,
"deleted" : false ,
"disable_correlation" : false ,
"timestamp" : "1530090464" ,
"to_ids" : true ,
"type" : "hostname" ,
"uuid" : "5b3353b6-6d70-4c7d-ad9e-40bc950d210f" ,
"value" : "msdns.otzo.com"
} ,
{
"category" : "Network activity" ,
"comment" : "DDKONG" ,
"deleted" : false ,
"disable_correlation" : false ,
"timestamp" : "1530090515" ,
"to_ids" : true ,
"type" : "ip-dst" ,
"uuid" : "5b3353b6-ea54-49bb-8b4d-42bf950d210f" ,
"value" : "103.75.191.177"
} ,
{
"category" : "Network activity" ,
"comment" : "DDKONG" ,
"deleted" : false ,
"disable_correlation" : false ,
"timestamp" : "1530090508" ,
"to_ids" : true ,
"type" : "ip-dst" ,
"uuid" : "5b3353b6-d9c4-4e9a-bfbf-41ad950d210f" ,
"value" : "103.75.191.75"
} ,
{
"category" : "Network activity" ,
"comment" : "DDKONG" ,
"deleted" : false ,
"disable_correlation" : false ,
"timestamp" : "1530090512" ,
"to_ids" : true ,
"type" : "ip-dst" ,
"uuid" : "5b3353b7-7b08-4e4c-9806-4b78950d210f" ,
"value" : "45.121.146.26"
}
] ,
"Object" : [
{
"comment" : "PLAINTEE older variant" ,
"deleted" : false ,
"description" : "File object describing a file with meta-information" ,
"meta-category" : "file" ,
"name" : "file" ,
"template_uuid" : "688c46fb-5edb-40a3-8273-1af7923e2215" ,
"template_version" : "11" ,
"timestamp" : "1530085277" ,
"uuid" : "5b333f9d-538c-44ae-af71-405a950d210f" ,
"Attribute" : [
{
"category" : "Payload delivery" ,
"comment" : "" ,
"deleted" : false ,
"disable_correlation" : false ,
"object_relation" : "sha256" ,
"timestamp" : "1530085278" ,
"to_ids" : true ,
"type" : "sha256" ,
"uuid" : "5b333f9e-7d48-458b-97c7-4e11950d210f" ,
"value" : "bcd37f1d625772c162350e5383903fe8dbed341ebf0dc38035be5078624c039e"
} ,
{
"category" : "Other" ,
"comment" : "" ,
"deleted" : false ,
"disable_correlation" : true ,
"object_relation" : "state" ,
"timestamp" : "1530085278" ,
"to_ids" : false ,
"type" : "text" ,
"uuid" : "5b333f9e-a574-4b2b-ba1a-4474950d210f" ,
"value" : "Malicious"
}
]
} ,
{
"comment" : "PLAINTEE older variant" ,
"deleted" : false ,
"description" : "File object describing a file with meta-information" ,
"meta-category" : "file" ,
"name" : "file" ,
"template_uuid" : "688c46fb-5edb-40a3-8273-1af7923e2215" ,
"template_version" : "11" ,
"timestamp" : "1530085323" ,
"uuid" : "5b333fcb-7060-4d26-8dc5-4970950d210f" ,
"Attribute" : [
{
"category" : "Payload delivery" ,
"comment" : "" ,
"deleted" : false ,
"disable_correlation" : false ,
"object_relation" : "sha256" ,
"timestamp" : "1530085323" ,
"to_ids" : true ,
"type" : "sha256" ,
"uuid" : "5b333fcb-6a2c-4c56-b413-45a6950d210f" ,
"value" : "6aad1408a72e7adc88c2e60631a6eee3d77f18a70e4eee868623588612efdd31"
} ,
{
"category" : "Other" ,
"comment" : "" ,
"deleted" : false ,
"disable_correlation" : true ,
"object_relation" : "state" ,
"timestamp" : "1530085324" ,
"to_ids" : false ,
"type" : "text" ,
"uuid" : "5b333fcc-d750-492b-b4da-4fb5950d210f" ,
"value" : "Malicious"
}
]
} ,
{
"comment" : "Loader - Delivery via HTA Loader" ,
"deleted" : false ,
"description" : "File object describing a file with meta-information" ,
"meta-category" : "file" ,
"name" : "file" ,
"template_uuid" : "688c46fb-5edb-40a3-8273-1af7923e2215" ,
"template_version" : "11" ,
"timestamp" : "1530091740" ,
"uuid" : "5b334422-f2f8-4b4e-8873-47b4950d210f" ,
"Attribute" : [
{
"category" : "Payload delivery" ,
"comment" : "" ,
"deleted" : false ,
"disable_correlation" : false ,
"object_relation" : "sha256" ,
"timestamp" : "1530091740" ,
"to_ids" : true ,
"type" : "sha256" ,
"uuid" : "5b334423-c998-4b87-979b-491c950d210f" ,
"value" : "1dc5966572e94afc2fbcf8e93e3382eef4e4d7b5bc02f24069c403a28fa6a458"
} ,
{
"category" : "Other" ,
"comment" : "" ,
"deleted" : false ,
"disable_correlation" : true ,
"object_relation" : "state" ,
"timestamp" : "1530091740" ,
"to_ids" : false ,
"type" : "text" ,
"uuid" : "5b334424-42f0-4ca5-9dab-4495950d210f" ,
"value" : "Malicious"
}
]
} ,
{
"comment" : "Loader - Delivery via document property macro" ,
"deleted" : false ,
"description" : "File object describing a file with meta-information" ,
"meta-category" : "file" ,
"name" : "file" ,
"template_uuid" : "688c46fb-5edb-40a3-8273-1af7923e2215" ,
"template_version" : "11" ,
"timestamp" : "1530091095" ,
"uuid" : "5b3349f9-6a74-42cd-a80f-4c15950d210f" ,
"Attribute" : [
{
"category" : "Payload delivery" ,
"comment" : "" ,
"deleted" : false ,
"disable_correlation" : false ,
"object_relation" : "sha256" ,
"timestamp" : "1530091095" ,
"to_ids" : true ,
"type" : "sha256" ,
"uuid" : "5b3349f9-ae18-4fd9-a70b-428e950d210f" ,
"value" : "a789a282e0d65a050cccae66c56632245af1c8a589ace2ca5ca79572289fd483"
} ,
{
"category" : "Other" ,
"comment" : "" ,
"deleted" : false ,
"disable_correlation" : true ,
"object_relation" : "state" ,
"timestamp" : "1530091095" ,
"to_ids" : false ,
"type" : "text" ,
"uuid" : "5b3349f9-8038-4e5d-8acf-40d2950d210f" ,
"value" : "Malicious"
}
]
} ,
{
"comment" : "PLAINTEE" ,
"deleted" : false ,
"description" : "File object describing a file with meta-information" ,
"meta-category" : "file" ,
"name" : "file" ,
"template_uuid" : "688c46fb-5edb-40a3-8273-1af7923e2215" ,
"template_version" : "11" ,
"timestamp" : "1530090088" ,
"uuid" : "5b335268-0f64-4354-a783-4b2d950d210f" ,
"Attribute" : [
{
"category" : "Payload delivery" ,
"comment" : "" ,
"deleted" : false ,
"disable_correlation" : false ,
"object_relation" : "sha256" ,
"timestamp" : "1530090089" ,
"to_ids" : true ,
"type" : "sha256" ,
"uuid" : "5b335269-8de4-45a6-9a32-4edc950d210f" ,
"value" : "863a9199decf36895d5d7d148ce9fd622e825f393d7ebe7591b4d37ef3f5f677"
} ,
{
"category" : "Other" ,
"comment" : "" ,
"deleted" : false ,
"disable_correlation" : true ,
"object_relation" : "state" ,
"timestamp" : "1530090089" ,
"to_ids" : false ,
"type" : "text" ,
"uuid" : "5b335269-f780-463b-a6ee-4f82950d210f" ,
"value" : "Malicious"
}
]
} ,
{
"comment" : "PLAINTEE" ,
"deleted" : false ,
"description" : "File object describing a file with meta-information" ,
"meta-category" : "file" ,
"name" : "file" ,
"template_uuid" : "688c46fb-5edb-40a3-8273-1af7923e2215" ,
"template_version" : "11" ,
"timestamp" : "1530090105" ,
"uuid" : "5b335279-2d7c-47dd-a880-40af950d210f" ,
"Attribute" : [
{
"category" : "Payload delivery" ,
"comment" : "" ,
"deleted" : false ,
"disable_correlation" : false ,
"object_relation" : "sha256" ,
"timestamp" : "1530090106" ,
"to_ids" : true ,
"type" : "sha256" ,
"uuid" : "5b33527a-61c4-4832-945c-4e0f950d210f" ,
"value" : "22a5bd54f15f33f4218454e53679d7cfae32c03ddb6ec186fb5e6f8b7f7c098b"
} ,
{
"category" : "Other" ,
"comment" : "" ,
"deleted" : false ,
"disable_correlation" : true ,
"object_relation" : "state" ,
"timestamp" : "1530090107" ,
"to_ids" : false ,
"type" : "text" ,
"uuid" : "5b33527b-e118-4033-86c2-406e950d210f" ,
"value" : "Malicious"
}
]
} ,
{
"comment" : "PLAINTEE - PE32 executable (DLL) (GUI) Intel 80386, for MS Windows" ,
"deleted" : false ,
"description" : "File object describing a file with meta-information" ,
"meta-category" : "file" ,
"name" : "file" ,
"template_uuid" : "688c46fb-5edb-40a3-8273-1af7923e2215" ,
"template_version" : "11" ,
"timestamp" : "1530093649" ,
"uuid" : "5b3352a3-669c-429e-93c5-4079950d210f" ,
"ObjectReference" : [
{
"comment" : "" ,
"object_uuid" : "5b3352a3-669c-429e-93c5-4079950d210f" ,
"referenced_uuid" : "5b334872-9e80-4ce8-80c8-49df950d210f" ,
"relationship_type" : "connected-to" ,
"timestamp" : "1530091056" ,
"uuid" : "5b335630-cb00-4433-be5c-4ee0950d210f"
}
] ,
"Attribute" : [
{
"category" : "Payload delivery" ,
"comment" : "" ,
"deleted" : false ,
"disable_correlation" : false ,
"object_relation" : "sha256" ,
"timestamp" : "1530093646" ,
"to_ids" : true ,
"type" : "sha256" ,
"uuid" : "5b3352a3-381c-4964-9c1a-4f99950d210f" ,
"value" : "c35609822e6239934606a99cb3dbc925f4768f0b0654d6a2adc35eca473c505d"
} ,
{
"category" : "Other" ,
"comment" : "" ,
"deleted" : false ,
"disable_correlation" : true ,
"object_relation" : "state" ,
"timestamp" : "1530093646" ,
"to_ids" : false ,
"type" : "text" ,
"uuid" : "5b3352a5-5e30-49cd-808f-4200950d210f" ,
"value" : "Malicious"
} ,
{
"category" : "Payload delivery" ,
"comment" : "" ,
"deleted" : false ,
"disable_correlation" : false ,
"object_relation" : "md5" ,
"timestamp" : "1530093646" ,
"to_ids" : true ,
"type" : "md5" ,
"uuid" : "5b33604e-234c-4b17-99cf-47b5950d210f" ,
"value" : "d5679158937ce288837efe62bc1d9693"
} ,
{
"category" : "Payload delivery" ,
"comment" : "" ,
"deleted" : false ,
"disable_correlation" : false ,
"object_relation" : "sha1" ,
"timestamp" : "1530093647" ,
"to_ids" : true ,
"type" : "sha1" ,
"uuid" : "5b33604f-4450-4809-85ae-4bb1950d210f" ,
"value" : "0bdb44255e9472d80ee0197d0bfad7d8eb4a18e9"
}
]
} ,
{
"comment" : "PLAINTEE" ,
"deleted" : false ,
"description" : "File object describing a file with meta-information" ,
"meta-category" : "file" ,
"name" : "file" ,
"template_uuid" : "688c46fb-5edb-40a3-8273-1af7923e2215" ,
"template_version" : "11" ,
"timestamp" : "1530090171" ,
"uuid" : "5b3352bb-b844-43d1-ad06-4b7f950d210f" ,
"Attribute" : [
{
"category" : "Payload delivery" ,
"comment" : "" ,
"deleted" : false ,
"disable_correlation" : false ,
"object_relation" : "sha256" ,
"timestamp" : "1530090171" ,
"to_ids" : true ,
"type" : "sha256" ,
"uuid" : "5b3352bb-8a1c-4b9e-9d7f-4de5950d210f" ,
"value" : "6aad1408a72e7adc88c2e60631a6eee3d77f18a70e4eee868623588612efdd31"
} ,
{
"category" : "Other" ,
"comment" : "" ,
"deleted" : false ,
"disable_correlation" : true ,
"object_relation" : "state" ,
"timestamp" : "1530090171" ,
"to_ids" : false ,
"type" : "text" ,
"uuid" : "5b3352bb-4c54-462d-a66a-4a20950d210f" ,
"value" : "Malicious"
}
]
} ,
{
"comment" : "PLAINTEE - PE32 executable (DLL) (GUI) Intel 80386, for MS Windows" ,
"deleted" : false ,
"description" : "File object describing a file with meta-information" ,
"meta-category" : "file" ,
"name" : "file" ,
"template_uuid" : "688c46fb-5edb-40a3-8273-1af7923e2215" ,
"template_version" : "11" ,
"timestamp" : "1530093695" ,
"uuid" : "5b3352e8-2f2c-4dbd-9eff-457f950d210f" ,
"Attribute" : [
{
"category" : "Payload delivery" ,
"comment" : "" ,
"deleted" : false ,
"disable_correlation" : false ,
"object_relation" : "sha256" ,
"timestamp" : "1530093695" ,
"to_ids" : true ,
"type" : "sha256" ,
"uuid" : "5b3352e8-f3fc-4f85-9988-4160950d210f" ,
"value" : "b099c31515947f0e86eed0c26c76805b13ca2d47ecbdb61fd07917732e38ae78"
} ,
{
"category" : "Other" ,
"comment" : "" ,
"deleted" : false ,
"disable_correlation" : true ,
"object_relation" : "state" ,
"timestamp" : "1530093695" ,
"to_ids" : false ,
"type" : "text" ,
"uuid" : "5b3352e8-df14-44a0-8701-4335950d210f" ,
"value" : "Malicious"
} ,
{
"category" : "Payload delivery" ,
"comment" : "" ,
"deleted" : false ,
"disable_correlation" : false ,
"object_relation" : "md5" ,
"timestamp" : "1530093696" ,
"to_ids" : true ,
"type" : "md5" ,
"uuid" : "5b336080-25ec-468b-9a14-4ac2950d210f" ,
"value" : "7c65565dcf5b40bd8358472d032bc8fb"
} ,
{
"category" : "Payload delivery" ,
"comment" : "" ,
"deleted" : false ,
"disable_correlation" : false ,
"object_relation" : "sha1" ,
"timestamp" : "1530093697" ,
"to_ids" : true ,
"type" : "sha1" ,
"uuid" : "5b336081-726c-454a-b365-4159950d210f" ,
"value" : "ac3f20ddc2567af0b050c672ecd59dddab1fe55e"
}
]
} ,
{
"comment" : "PLAINTEE" ,
"deleted" : false ,
"description" : "File object describing a file with meta-information" ,
"meta-category" : "file" ,
"name" : "file" ,
"template_uuid" : "688c46fb-5edb-40a3-8273-1af7923e2215" ,
"template_version" : "11" ,
"timestamp" : "1530090233" ,
"uuid" : "5b3352f9-5c88-4d97-b859-4b93950d210f" ,
"Attribute" : [
{
"category" : "Payload delivery" ,
"comment" : "" ,
"deleted" : false ,
"disable_correlation" : false ,
"object_relation" : "sha256" ,
"timestamp" : "1530090233" ,
"to_ids" : true ,
"type" : "sha256" ,
"uuid" : "5b3352f9-1348-45c7-ad80-4fa3950d210f" ,
"value" : "bcd37f1d625772c162350e5383903fe8dbed341ebf0dc38035be5078624c039e"
} ,
{
"category" : "Other" ,
"comment" : "" ,
"deleted" : false ,
"disable_correlation" : true ,
"object_relation" : "state" ,
"timestamp" : "1530090235" ,
"to_ids" : false ,
"type" : "text" ,
"uuid" : "5b3352fb-4950-47c8-91fb-4491950d210f" ,
"value" : "Malicious"
}
]
} ,
{
"comment" : "PLAINTEE" ,
"deleted" : false ,
"description" : "File object describing a file with meta-information" ,
"meta-category" : "file" ,
"name" : "file" ,
"template_uuid" : "688c46fb-5edb-40a3-8273-1af7923e2215" ,
"template_version" : "11" ,
"timestamp" : "1530090253" ,
"uuid" : "5b33530d-aa10-4f2b-b024-449f950d210f" ,
"Attribute" : [
{
"category" : "Payload delivery" ,
"comment" : "" ,
"deleted" : false ,
"disable_correlation" : false ,
"object_relation" : "sha256" ,
"timestamp" : "1530090253" ,
"to_ids" : true ,
"type" : "sha256" ,
"uuid" : "5b33530d-3518-4c76-8c99-4947950d210f" ,
"value" : "9f779d920443d50ef48d4abfa40b43f5cb2c4eb769205b973b115e04f3b978f5"
} ,
{
"category" : "Other" ,
"comment" : "" ,
"deleted" : false ,
"disable_correlation" : true ,
"object_relation" : "state" ,
"timestamp" : "1530090254" ,
"to_ids" : false ,
"type" : "text" ,
"uuid" : "5b33530e-2114-46c5-9980-42fd950d210f" ,
"value" : "Malicious"
}
]
} ,
{
"comment" : "Loader - Delivery via DLL Loader" ,
"deleted" : false ,
"description" : "File object describing a file with meta-information" ,
"meta-category" : "file" ,
"name" : "file" ,
"template_uuid" : "688c46fb-5edb-40a3-8273-1af7923e2215" ,
"template_version" : "11" ,
"timestamp" : "1530092253" ,
"uuid" : "5b3354cd-2058-4b73-9df3-4133950d210f" ,
"ObjectReference" : [
{
"comment" : "" ,
"object_uuid" : "5b3354cd-2058-4b73-9df3-4133950d210f" ,
"referenced_uuid" : "5b3354fd-c4c4-482f-a3e3-4bdb950d210f" ,
"relationship_type" : "connected-to" ,
"timestamp" : "1530090769" ,
"uuid" : "5b335511-3890-48d5-aee6-4c14950d210f"
}
] ,
"Attribute" : [
{
"category" : "Payload delivery" ,
"comment" : "" ,
"deleted" : false ,
"disable_correlation" : false ,
"object_relation" : "sha256" ,
"timestamp" : "1530092250" ,
"to_ids" : true ,
"type" : "sha256" ,
"uuid" : "5b3354cd-3df8-402d-b26d-491c950d210f" ,
"value" : "0bb20a9570a9b1e3a72203951268ffe83af6dcae7342a790fe195a2ef109d855"
} ,
{
"category" : "Other" ,
"comment" : "" ,
"deleted" : false ,
"disable_correlation" : true ,
"object_relation" : "state" ,
"timestamp" : "1530092250" ,
"to_ids" : false ,
"type" : "text" ,
"uuid" : "5b3354cf-5da8-42dc-9313-4695950d210f" ,
"value" : "Malicious"
}
]
} ,
{
"comment" : "C2" ,
"deleted" : false ,
"description" : "A domain and IP address seen as a tuple in a specific time frame." ,
"meta-category" : "network" ,
"name" : "domain-ip" ,
"template_uuid" : "43b3b146-77eb-4931-b4cc-b66c60f28734" ,
"template_version" : "5" ,
"timestamp" : "1530090749" ,
"uuid" : "5b3354fd-c4c4-482f-a3e3-4bdb950d210f" ,
"Attribute" : [
{
"category" : "Network activity" ,
"comment" : "" ,
"deleted" : false ,
"disable_correlation" : false ,
"object_relation" : "ip" ,
"timestamp" : "1530090749" ,
"to_ids" : true ,
"type" : "ip-dst" ,
"uuid" : "5b3354fd-ae14-42be-9280-46e4950d210f" ,
"value" : "89.46.222.97"
} ,
{
"category" : "Network activity" ,
"comment" : "" ,
"deleted" : false ,
"disable_correlation" : false ,
"object_relation" : "domain" ,
"timestamp" : "1530090749" ,
"to_ids" : true ,
"type" : "domain" ,
"uuid" : "5b3354fd-dc04-4a21-85ec-4395950d210f" ,
"value" : "facebook-apps.com"
}
]
} ,
{
"comment" : "DDKONg - PE32 executable (DLL) (GUI) Intel 80386, for MS Windows" ,
"deleted" : false ,
"description" : "File object describing a file with meta-information" ,
"meta-category" : "file" ,
"name" : "file" ,
"template_uuid" : "688c46fb-5edb-40a3-8273-1af7923e2215" ,
"template_version" : "11" ,
"timestamp" : "1530092327" ,
"uuid" : "5b335b27-0e54-43fb-970a-4c73950d210f" ,
"Attribute" : [
{
"category" : "Payload delivery" ,
"comment" : "" ,
"deleted" : false ,
"disable_correlation" : false ,
"object_relation" : "md5" ,
"timestamp" : "1530092327" ,
"to_ids" : true ,
"type" : "md5" ,
"uuid" : "5b335b27-eda4-4aa3-b0e4-42d1950d210f" ,
"value" : "6fa5bcedaf124cdaccfa5548eed7f4b0"
} ,
{
"category" : "Payload delivery" ,
"comment" : "" ,
"deleted" : false ,
"disable_correlation" : false ,
"object_relation" : "sha1" ,
"timestamp" : "1530092328" ,
"to_ids" : true ,
"type" : "sha1" ,
"uuid" : "5b335b28-0708-4dd8-8cd2-4499950d210f" ,
"value" : "25ba920cb440b4a1c127c8eb0fb23ee783c9e01a"
} ,
{
"category" : "Payload delivery" ,
"comment" : "" ,
"deleted" : false ,
"disable_correlation" : false ,
"object_relation" : "sha256" ,
"timestamp" : "1530092328" ,
"to_ids" : true ,
"type" : "sha256" ,
"uuid" : "5b335b28-d834-4321-9ff8-4b29950d210f" ,
"value" : "119572fafe502907e1d036cdf76f62b0308b2676ebdfc3a51dbab614d92bc7d0"
} ,
{
"category" : "Other" ,
"comment" : "" ,
"deleted" : false ,
"disable_correlation" : true ,
"object_relation" : "state" ,
"timestamp" : "1530092328" ,
"to_ids" : false ,
"type" : "text" ,
"uuid" : "5b335b28-4f2c-42c3-be89-40a4950d210f" ,
"value" : "Malicious"
}
]
} ,
{
"comment" : "Plugin downloaded during runtime for DDKong sample.DDKong sample - PE32 executable (DLL) (GUI) Intel 80386, for MS Windows" ,
"deleted" : false ,
"description" : "File object describing a file with meta-information" ,
"meta-category" : "file" ,
"name" : "file" ,
"template_uuid" : "688c46fb-5edb-40a3-8273-1af7923e2215" ,
"template_version" : "11" ,
"timestamp" : "1530092635" ,
"uuid" : "5b335c5b-9a8c-4f72-a350-4591950d210f" ,
"Attribute" : [
{
"category" : "Payload delivery" ,
"comment" : "" ,
"deleted" : false ,
"disable_correlation" : false ,
"object_relation" : "md5" ,
"timestamp" : "1530092635" ,
"to_ids" : true ,
"type" : "md5" ,
"uuid" : "5b335c5b-4fe0-4894-80b8-4906950d210f" ,
"value" : "a5164c686c405734b7362bc6b02488cb"
} ,
{
"category" : "Payload delivery" ,
"comment" : "" ,
"deleted" : false ,
"disable_correlation" : false ,
"object_relation" : "sha1" ,
"timestamp" : "1530092635" ,
"to_ids" : true ,
"type" : "sha1" ,
"uuid" : "5b335c5b-8600-4030-b8f7-43c4950d210f" ,
"value" : "03defdda9397e7536cf39951246483a0339ccd35"
} ,
{
"category" : "Payload delivery" ,
"comment" : "" ,
"deleted" : false ,
"disable_correlation" : false ,
"object_relation" : "sha256" ,
"timestamp" : "1530092636" ,
"to_ids" : true ,
"type" : "sha256" ,
"uuid" : "5b335c5c-7f2c-4d32-94ce-4330950d210f" ,
"value" : "0517b62233c9574cb24b78fb533f6e92d35bc6451770f9f6001487ff9c154ad7"
} ,
{
"category" : "Other" ,
"comment" : "" ,
"deleted" : false ,
"disable_correlation" : true ,
"object_relation" : "state" ,
"timestamp" : "1530092636" ,
"to_ids" : false ,
"type" : "text" ,
"uuid" : "5b335c5c-0a20-40cb-9607-4ef8950d210f" ,
"value" : "Malicious"
}
]
} ,
{
"comment" : "DDKONG" ,
"deleted" : false ,
"description" : "File object describing a file with meta-information" ,
"meta-category" : "file" ,
"name" : "file" ,
"template_uuid" : "688c46fb-5edb-40a3-8273-1af7923e2215" ,
"template_version" : "11" ,
"timestamp" : "1530105077" ,
"uuid" : "5b338cf5-09c4-49a2-9488-6911950d210f" ,
"Attribute" : [
{
"category" : "Payload delivery" ,
"comment" : "" ,
"deleted" : false ,
"disable_correlation" : false ,
"object_relation" : "sha256" ,
"timestamp" : "1530105077" ,
"to_ids" : true ,
"type" : "sha256" ,
"uuid" : "5b338cf5-f044-4b3e-80f9-6911950d210f" ,
"value" : "c78fef9ef931ffc559ea416d45dc6f43574f524ba073713fddb79e4f8ec1a319"
} ,
{
"category" : "Other" ,
"comment" : "" ,
"deleted" : false ,
"disable_correlation" : true ,
"object_relation" : "state" ,
"timestamp" : "1530105078" ,
"to_ids" : false ,
"type" : "text" ,
"uuid" : "5b338cf6-86c8-4488-b869-6911950d210f" ,
"value" : "Malicious"
}
]
} ,
{
"comment" : "DDKONG" ,
"deleted" : false ,
"description" : "File object describing a file with meta-information" ,
"meta-category" : "file" ,
"name" : "file" ,
"template_uuid" : "688c46fb-5edb-40a3-8273-1af7923e2215" ,
"template_version" : "11" ,
"timestamp" : "1530105123" ,
"uuid" : "5b338d23-d4e0-4283-b2a1-6911950d210f" ,
"Attribute" : [
{
"category" : "Payload delivery" ,
"comment" : "" ,
"deleted" : false ,
"disable_correlation" : false ,
"object_relation" : "sha256" ,
"timestamp" : "1530105123" ,
"to_ids" : true ,
"type" : "sha256" ,
"uuid" : "5b338d23-1584-4bce-8a9a-6911950d210f" ,
"value" : "0f102e66bc2df4d14dc493ba8b93a88f6b622c168e0c2b63d0ceb7589910999d"
} ,
{
"category" : "Other" ,
"comment" : "" ,
"deleted" : false ,
"disable_correlation" : true ,
"object_relation" : "state" ,
"timestamp" : "1530105125" ,
"to_ids" : false ,
"type" : "text" ,
"uuid" : "5b338d25-f5e8-42a9-a93c-6911950d210f" ,
"value" : "Malicious"
}
]
} ,
{
"comment" : "DDKONG" ,
"deleted" : false ,
"description" : "File object describing a file with meta-information" ,
"meta-category" : "file" ,
"name" : "file" ,
"template_uuid" : "688c46fb-5edb-40a3-8273-1af7923e2215" ,
"template_version" : "11" ,
"timestamp" : "1530105149" ,
"uuid" : "5b338d3d-b4a8-4b78-9ec1-6911950d210f" ,
"Attribute" : [
{
"category" : "Payload delivery" ,
"comment" : "" ,
"deleted" : false ,
"disable_correlation" : false ,
"object_relation" : "sha256" ,
"timestamp" : "1530105149" ,
"to_ids" : true ,
"type" : "sha256" ,
"uuid" : "5b338d3d-e6d8-46c0-a764-6911950d210f" ,
"value" : "82e1e296403be99129aced295e1c12fbb23f871c6fa2acafab9e08d9a728cb96"
} ,
{
"category" : "Other" ,
"comment" : "" ,
"deleted" : false ,
"disable_correlation" : true ,
"object_relation" : "state" ,
"timestamp" : "1530105150" ,
"to_ids" : false ,
"type" : "text" ,
"uuid" : "5b338d3e-422c-4953-8a54-6911950d210f" ,
"value" : "Malicious"
}
]
} ,
{
"comment" : "" ,
"deleted" : false ,
"description" : "File object describing a file with meta-information" ,
"meta-category" : "file" ,
"name" : "file" ,
"template_uuid" : "688c46fb-5edb-40a3-8273-1af7923e2215" ,
"template_version" : "11" ,
"timestamp" : "1530609106" ,
"uuid" : "48ba6e13-09f5-446b-9696-dd43ff1924a7" ,
"ObjectReference" : [
{
"comment" : "" ,
"object_uuid" : "48ba6e13-09f5-446b-9696-dd43ff1924a7" ,
"referenced_uuid" : "3b010446-7afc-4607-bdf2-7d1e0f550f4a" ,
"relationship_type" : "analysed-with" ,
"timestamp" : "1530105522" ,
"uuid" : "5b338eb2-bf60-4c5e-821c-43f602de0b81"
} ,
{
"comment" : "" ,
"object_uuid" : "48ba6e13-09f5-446b-9696-dd43ff1924a7" ,
"referenced_uuid" : "d51eb0b4-51f1-4cda-868d-8ff1024de0bc" ,
"relationship_type" : "analysed-with" ,
"timestamp" : "1530609142" ,
"uuid" : "5b3b3df6-0340-454a-be92-4b1102de0b81"
}
] ,
"Attribute" : [ ]
} ,
{
"comment" : "" ,
"deleted" : false ,
"description" : "VirusTotal report" ,
"meta-category" : "misc" ,
"name" : "virustotal-report" ,
"template_uuid" : "d7dd0154-e04f-4c34-a2fb-79f3a3a52aa4" ,
"template_version" : "2" ,
"timestamp" : "1530105482" ,
"uuid" : "3b010446-7afc-4607-bdf2-7d1e0f550f4a" ,
"Attribute" : [ ]
} ,
{
"comment" : "" ,
"deleted" : false ,
"description" : "File object describing a file with meta-information" ,
"meta-category" : "file" ,
"name" : "file" ,
"template_uuid" : "688c46fb-5edb-40a3-8273-1af7923e2215" ,
"template_version" : "11" ,
"timestamp" : "1530609106" ,
"uuid" : "2191df90-0868-4154-9da7-ebb1fc04afb8" ,
"ObjectReference" : [
{
"comment" : "" ,
"object_uuid" : "2191df90-0868-4154-9da7-ebb1fc04afb8" ,
"referenced_uuid" : "4b87e0fc-b38b-40a1-bb46-402498c0e827" ,
"relationship_type" : "analysed-with" ,
"timestamp" : "1530105523" ,
"uuid" : "5b338eb3-2c24-475a-8142-4f2302de0b81"
} ,
{
"comment" : "" ,
"object_uuid" : "2191df90-0868-4154-9da7-ebb1fc04afb8" ,
"referenced_uuid" : "8e02a81e-6121-45f2-ba18-dc8c17897ffc" ,
"relationship_type" : "analysed-with" ,
"timestamp" : "1530609143" ,
"uuid" : "5b3b3df7-e2f8-4e40-a5bc-408a02de0b81"
}
] ,
"Attribute" : [ ]
} ,
{
"comment" : "" ,
"deleted" : false ,
"description" : "VirusTotal report" ,
"meta-category" : "misc" ,
"name" : "virustotal-report" ,
"template_uuid" : "d7dd0154-e04f-4c34-a2fb-79f3a3a52aa4" ,
"template_version" : "2" ,
"timestamp" : "1530105487" ,
"uuid" : "4b87e0fc-b38b-40a1-bb46-402498c0e827" ,
"Attribute" : [ ]
} ,
{
"comment" : "" ,
"deleted" : false ,
"description" : "File object describing a file with meta-information" ,
"meta-category" : "file" ,
"name" : "file" ,
"template_uuid" : "688c46fb-5edb-40a3-8273-1af7923e2215" ,
"template_version" : "11" ,
"timestamp" : "1530609106" ,
"uuid" : "56bba473-0d45-4b8c-8d1d-b722ebc2aefa" ,
"ObjectReference" : [
{
"comment" : "" ,
"object_uuid" : "56bba473-0d45-4b8c-8d1d-b722ebc2aefa" ,
"referenced_uuid" : "3791a2f2-8068-4583-845d-d0a38d0d5f11" ,
"relationship_type" : "analysed-with" ,
"timestamp" : "1530105523" ,
"uuid" : "5b338eb3-0610-4928-9595-4db502de0b81"
} ,
{
"comment" : "" ,
"object_uuid" : "56bba473-0d45-4b8c-8d1d-b722ebc2aefa" ,
"referenced_uuid" : "b5ecdf79-2bac-4362-afb7-f4b77f08754a" ,
"relationship_type" : "analysed-with" ,
"timestamp" : "1530609143" ,
"uuid" : "5b3b3df7-22b4-4a86-8398-49c602de0b81"
}
] ,
"Attribute" : [ ]
} ,
{
"comment" : "" ,
"deleted" : false ,
"description" : "VirusTotal report" ,
"meta-category" : "misc" ,
"name" : "virustotal-report" ,
"template_uuid" : "d7dd0154-e04f-4c34-a2fb-79f3a3a52aa4" ,
"template_version" : "2" ,
"timestamp" : "1530105491" ,
"uuid" : "3791a2f2-8068-4583-845d-d0a38d0d5f11" ,
"Attribute" : [ ]
} ,
{
"comment" : "" ,
"deleted" : false ,
"description" : "File object describing a file with meta-information" ,
"meta-category" : "file" ,
"name" : "file" ,
"template_uuid" : "688c46fb-5edb-40a3-8273-1af7923e2215" ,
"template_version" : "11" ,
"timestamp" : "1530609106" ,
"uuid" : "2e2c8997-8848-4d46-8f1d-172737e258ce" ,
"ObjectReference" : [
{
"comment" : "" ,
"object_uuid" : "2e2c8997-8848-4d46-8f1d-172737e258ce" ,
"referenced_uuid" : "994f5e7a-bbff-4ccd-b521-4af728076b9b" ,
"relationship_type" : "analysed-with" ,
"timestamp" : "1530105523" ,
"uuid" : "5b338eb3-fe9c-4066-896a-4a5102de0b81"
} ,
{
"comment" : "" ,
"object_uuid" : "2e2c8997-8848-4d46-8f1d-172737e258ce" ,
"referenced_uuid" : "8866a1fa-79e0-43a0-8436-bf77275639ea" ,
"relationship_type" : "analysed-with" ,
"timestamp" : "1530609143" ,
"uuid" : "5b3b3df7-599c-404c-81f8-40bb02de0b81"
}
] ,
"Attribute" : [ ]
} ,
{
"comment" : "" ,
"deleted" : false ,
"description" : "VirusTotal report" ,
"meta-category" : "misc" ,
"name" : "virustotal-report" ,
"template_uuid" : "d7dd0154-e04f-4c34-a2fb-79f3a3a52aa4" ,
"template_version" : "2" ,
"timestamp" : "1530105494" ,
"uuid" : "994f5e7a-bbff-4ccd-b521-4af728076b9b" ,
"Attribute" : [ ]
} ,
{
"comment" : "" ,
"deleted" : false ,
"description" : "File object describing a file with meta-information" ,
"meta-category" : "file" ,
"name" : "file" ,
"template_uuid" : "688c46fb-5edb-40a3-8273-1af7923e2215" ,
"template_version" : "11" ,
"timestamp" : "1530609107" ,
"uuid" : "bad2cd96-e6c3-487a-8935-28ef07751b2d" ,
"ObjectReference" : [
{
"comment" : "" ,
"object_uuid" : "bad2cd96-e6c3-487a-8935-28ef07751b2d" ,
"referenced_uuid" : "fa8aae14-51ae-4de9-9813-238d85ffcc42" ,
"relationship_type" : "analysed-with" ,
"timestamp" : "1530105523" ,
"uuid" : "5b338eb3-5ac8-4763-804d-47b002de0b81"
} ,
{
"comment" : "" ,
"object_uuid" : "bad2cd96-e6c3-487a-8935-28ef07751b2d" ,
"referenced_uuid" : "6ec36b69-0386-41e6-92de-711b8a0842ac" ,
"relationship_type" : "analysed-with" ,
"timestamp" : "1530609143" ,
"uuid" : "5b3b3df7-f57c-4cd1-a160-40cd02de0b81"
}
] ,
"Attribute" : [ ]
} ,
{
"comment" : "" ,
"deleted" : false ,
"description" : "VirusTotal report" ,
"meta-category" : "misc" ,
"name" : "virustotal-report" ,
"template_uuid" : "d7dd0154-e04f-4c34-a2fb-79f3a3a52aa4" ,
"template_version" : "2" ,
"timestamp" : "1530105497" ,
"uuid" : "fa8aae14-51ae-4de9-9813-238d85ffcc42" ,
"Attribute" : [ ]
} ,
{
"comment" : "" ,
"deleted" : false ,
"description" : "File object describing a file with meta-information" ,
"meta-category" : "file" ,
"name" : "file" ,
"template_uuid" : "688c46fb-5edb-40a3-8273-1af7923e2215" ,
"template_version" : "11" ,
"timestamp" : "1530609107" ,
"uuid" : "5e7b0cd5-84eb-4c69-beb2-7f7db2ad6101" ,
"ObjectReference" : [
{
"comment" : "" ,
"object_uuid" : "5e7b0cd5-84eb-4c69-beb2-7f7db2ad6101" ,
"referenced_uuid" : "bed6e009-2d42-47a0-84f1-12427f4ff522" ,
"relationship_type" : "analysed-with" ,
"timestamp" : "1530105523" ,
"uuid" : "5b338eb3-3c28-4113-84ea-456d02de0b81"
} ,
{
"comment" : "" ,
"object_uuid" : "5e7b0cd5-84eb-4c69-beb2-7f7db2ad6101" ,
"referenced_uuid" : "bf35ad2e-603c-492e-bc00-549bdd9481fe" ,
"relationship_type" : "analysed-with" ,
"timestamp" : "1530609143" ,
"uuid" : "5b3b3df7-ccd0-436a-af14-4e3702de0b81"
}
] ,
"Attribute" : [ ]
} ,
{
"comment" : "" ,
"deleted" : false ,
"description" : "VirusTotal report" ,
"meta-category" : "misc" ,
"name" : "virustotal-report" ,
"template_uuid" : "d7dd0154-e04f-4c34-a2fb-79f3a3a52aa4" ,
"template_version" : "2" ,
"timestamp" : "1530105501" ,
"uuid" : "bed6e009-2d42-47a0-84f1-12427f4ff522" ,
"Attribute" : [ ]
} ,
{
"comment" : "" ,
"deleted" : false ,
"description" : "File object describing a file with meta-information" ,
"meta-category" : "file" ,
"name" : "file" ,
"template_uuid" : "688c46fb-5edb-40a3-8273-1af7923e2215" ,
"template_version" : "11" ,
"timestamp" : "1530609107" ,
"uuid" : "365db456-80ba-443a-b956-843a1a4cb7a8" ,
"ObjectReference" : [
{
"comment" : "" ,
"object_uuid" : "365db456-80ba-443a-b956-843a1a4cb7a8" ,
"referenced_uuid" : "84129c9d-378e-477f-90b6-c754134a86a1" ,
"relationship_type" : "analysed-with" ,
"timestamp" : "1530105523" ,
"uuid" : "5b338eb3-5dbc-41e4-8bc2-4e2302de0b81"
} ,
{
"comment" : "" ,
"object_uuid" : "365db456-80ba-443a-b956-843a1a4cb7a8" ,
"referenced_uuid" : "89c0d58c-2092-4c1e-89c8-9a4707e4a740" ,
"relationship_type" : "analysed-with" ,
"timestamp" : "1530609143" ,
"uuid" : "5b3b3df7-9c7c-44b0-b45a-42dd02de0b81"
}
] ,
"Attribute" : [ ]
} ,
{
"comment" : "" ,
"deleted" : false ,
"description" : "VirusTotal report" ,
"meta-category" : "misc" ,
"name" : "virustotal-report" ,
"template_uuid" : "d7dd0154-e04f-4c34-a2fb-79f3a3a52aa4" ,
"template_version" : "2" ,
"timestamp" : "1530105510" ,
"uuid" : "84129c9d-378e-477f-90b6-c754134a86a1" ,
"Attribute" : [ ]
} ,
{
"comment" : "" ,
"deleted" : false ,
"description" : "File object describing a file with meta-information" ,
"meta-category" : "file" ,
"name" : "file" ,
"template_uuid" : "688c46fb-5edb-40a3-8273-1af7923e2215" ,
"template_version" : "11" ,
"timestamp" : "1530609107" ,
"uuid" : "3deff8a7-8e00-4b54-a4bf-1fcdd7bf387f" ,
"ObjectReference" : [
{
"comment" : "" ,
"object_uuid" : "3deff8a7-8e00-4b54-a4bf-1fcdd7bf387f" ,
"referenced_uuid" : "2e6a29ad-5626-4495-bbfd-35acdee329e0" ,
"relationship_type" : "analysed-with" ,
"timestamp" : "1530105523" ,
"uuid" : "5b338eb3-bbdc-4412-bbe5-484102de0b81"
} ,
{
"comment" : "" ,
"object_uuid" : "3deff8a7-8e00-4b54-a4bf-1fcdd7bf387f" ,
"referenced_uuid" : "7d2748ea-c864-4b20-b149-1466153ddd37" ,
"relationship_type" : "analysed-with" ,
"timestamp" : "1530609143" ,
"uuid" : "5b3b3df7-bb34-410d-8bd6-474c02de0b81"
}
] ,
"Attribute" : [ ]
} ,
{
"comment" : "" ,
"deleted" : false ,
"description" : "VirusTotal report" ,
"meta-category" : "misc" ,
"name" : "virustotal-report" ,
"template_uuid" : "d7dd0154-e04f-4c34-a2fb-79f3a3a52aa4" ,
"template_version" : "2" ,
"timestamp" : "1530105516" ,
"uuid" : "2e6a29ad-5626-4495-bbfd-35acdee329e0" ,
"Attribute" : [ ]
} ,
{
"comment" : "" ,
"deleted" : false ,
"description" : "File object describing a file with meta-information" ,
"meta-category" : "file" ,
"name" : "file" ,
"template_uuid" : "688c46fb-5edb-40a3-8273-1af7923e2215" ,
"template_version" : "11" ,
"timestamp" : "1530609107" ,
"uuid" : "5a837ade-bafe-45f2-816f-03095c0e0135" ,
"ObjectReference" : [
{
"comment" : "" ,
"object_uuid" : "5a837ade-bafe-45f2-816f-03095c0e0135" ,
"referenced_uuid" : "34f23e73-32cb-434e-837b-f4d22a714360" ,
"relationship_type" : "analysed-with" ,
"timestamp" : "1530105523" ,
"uuid" : "5b338eb3-361c-44eb-80ac-4eb702de0b81"
} ,
{
"comment" : "" ,
"object_uuid" : "5a837ade-bafe-45f2-816f-03095c0e0135" ,
"referenced_uuid" : "61f7e371-94d9-483c-91da-e3947752185b" ,
"relationship_type" : "analysed-with" ,
"timestamp" : "1530609143" ,
"uuid" : "5b3b3df7-9508-4f62-afab-4ef802de0b81"
}
] ,
"Attribute" : [ ]
} ,
{
"comment" : "" ,
"deleted" : false ,
"description" : "VirusTotal report" ,
"meta-category" : "misc" ,
"name" : "virustotal-report" ,
"template_uuid" : "d7dd0154-e04f-4c34-a2fb-79f3a3a52aa4" ,
"template_version" : "2" ,
"timestamp" : "1530105519" ,
"uuid" : "34f23e73-32cb-434e-837b-f4d22a714360" ,
"Attribute" : [ ]
} ,
{
"comment" : "DDKONG" ,
"deleted" : false ,
"description" : "File object describing a file with meta-information" ,
"meta-category" : "file" ,
"name" : "file" ,
"template_uuid" : "688c46fb-5edb-40a3-8273-1af7923e2215" ,
"template_version" : "11" ,
"timestamp" : "1530106048" ,
"uuid" : "5b3390c0-6268-40af-9ab0-68df950d210f" ,
"Attribute" : [
{
"category" : "Payload delivery" ,
"comment" : "" ,
"deleted" : false ,
"disable_correlation" : false ,
"object_relation" : "sha256" ,
"timestamp" : "1530106049" ,
"to_ids" : true ,
"type" : "sha256" ,
"uuid" : "5b3390c1-5c88-41db-8ce8-68df950d210f" ,
"value" : "84607a2abfd64d61299b0313337e85dd371642e9654b12288c8a1fc7c8c1cf0a"
} ,
{
"category" : "Other" ,
"comment" : "" ,
"deleted" : false ,
"disable_correlation" : true ,
"object_relation" : "state" ,
"timestamp" : "1530106049" ,
"to_ids" : false ,
"type" : "text" ,
"uuid" : "5b3390c1-5a6c-4bbf-be0b-68df950d210f" ,
"value" : "Malicious"
}
]
} ,
{
"comment" : "DDKONG" ,
"deleted" : false ,
"description" : "File object describing a file with meta-information" ,
"meta-category" : "file" ,
"name" : "file" ,
"template_uuid" : "688c46fb-5edb-40a3-8273-1af7923e2215" ,
"template_version" : "11" ,
"timestamp" : "1530106070" ,
"uuid" : "5b3390d6-42fc-46d2-b142-6861950d210f" ,
"Attribute" : [
{
"category" : "Payload delivery" ,
"comment" : "" ,
"deleted" : false ,
"disable_correlation" : false ,
"object_relation" : "sha256" ,
"timestamp" : "1530106070" ,
"to_ids" : true ,
"type" : "sha256" ,
"uuid" : "5b3390d6-2b08-4989-9d8a-6861950d210f" ,
"value" : "a725abb8fe76939f0e0532978eacd7d4afb4459bb6797ec32a7a9f670778bd7e"
} ,
{
"category" : "Other" ,
"comment" : "" ,
"deleted" : false ,
"disable_correlation" : true ,
"object_relation" : "state" ,
"timestamp" : "1530106071" ,
"to_ids" : false ,
"type" : "text" ,
"uuid" : "5b3390d7-7834-45b5-b55b-6861950d210f" ,
"value" : "Malicious"
}
]
} ,
{
"comment" : "DDKONG" ,
"deleted" : false ,
"description" : "File object describing a file with meta-information" ,
"meta-category" : "file" ,
"name" : "file" ,
"template_uuid" : "688c46fb-5edb-40a3-8273-1af7923e2215" ,
"template_version" : "11" ,
"timestamp" : "1530106087" ,
"uuid" : "5b3390e7-57f0-4f04-879a-4bb9950d210f" ,
"Attribute" : [
{
"category" : "Payload delivery" ,
"comment" : "" ,
"deleted" : false ,
"disable_correlation" : false ,
"object_relation" : "sha256" ,
"timestamp" : "1530106087" ,
"to_ids" : true ,
"type" : "sha256" ,
"uuid" : "5b3390e7-be90-4ebd-9201-4a51950d210f" ,
"value" : "15f4c0a589dff62200fd7c885f1e7aa8863b8efa91e23c020de271061f4918eb"
} ,
{
"category" : "Other" ,
"comment" : "" ,
"deleted" : false ,
"disable_correlation" : true ,
"object_relation" : "state" ,
"timestamp" : "1530106087" ,
"to_ids" : false ,
"type" : "text" ,
"uuid" : "5b3390e7-39d4-4df9-b1e6-427c950d210f" ,
"value" : "Malicious"
}
]
} ,
{
"comment" : "DDKONG" ,
"deleted" : false ,
"description" : "File object describing a file with meta-information" ,
"meta-category" : "file" ,
"name" : "file" ,
"template_uuid" : "688c46fb-5edb-40a3-8273-1af7923e2215" ,
"template_version" : "11" ,
"timestamp" : "1530106103" ,
"uuid" : "5b3390f7-4030-4aa5-b421-3027950d210f" ,
"Attribute" : [
{
"category" : "Payload delivery" ,
"comment" : "" ,
"deleted" : false ,
"disable_correlation" : false ,
"object_relation" : "sha256" ,
"timestamp" : "1530106103" ,
"to_ids" : true ,
"type" : "sha256" ,
"uuid" : "5b3390f7-9204-4473-9734-3027950d210f" ,
"value" : "9996e108ade2ef3911d5d38e9f3c1deb0300aa0a82d33e36d376c6927e3ee5af"
} ,
{
"category" : "Other" ,
"comment" : "" ,
"deleted" : false ,
"disable_correlation" : true ,
"object_relation" : "state" ,
"timestamp" : "1530106104" ,
"to_ids" : false ,
"type" : "text" ,
"uuid" : "5b3390f8-b53c-4527-929e-3027950d210f" ,
"value" : "Malicious"
}
]
} ,
{
"comment" : "DDKONG" ,
"deleted" : false ,
"description" : "File object describing a file with meta-information" ,
"meta-category" : "file" ,
"name" : "file" ,
"template_uuid" : "688c46fb-5edb-40a3-8273-1af7923e2215" ,
"template_version" : "11" ,
"timestamp" : "1530106149" ,
"uuid" : "5b339125-37a4-4213-bc65-4e4c950d210f" ,
"Attribute" : [
{
"category" : "Payload delivery" ,
"comment" : "" ,
"deleted" : false ,
"disable_correlation" : false ,
"object_relation" : "sha256" ,
"timestamp" : "1530106149" ,
"to_ids" : true ,
"type" : "sha256" ,
"uuid" : "5b339125-ae04-4d04-a67a-4fb0950d210f" ,
"value" : "18e102201409237547ab2754daa212cc1454f32c993b6e10a0297b0e6a980823"
} ,
{
"category" : "Other" ,
"comment" : "" ,
"deleted" : false ,
"disable_correlation" : true ,
"object_relation" : "state" ,
"timestamp" : "1530106149" ,
"to_ids" : false ,
"type" : "text" ,
"uuid" : "5b339125-18c4-4008-990a-47c9950d210f" ,
"value" : "Malicious"
}
]
} ,
{
"comment" : "DDKONG" ,
"deleted" : false ,
"description" : "File object describing a file with meta-information" ,
"meta-category" : "file" ,
"name" : "file" ,
"template_uuid" : "688c46fb-5edb-40a3-8273-1af7923e2215" ,
"template_version" : "11" ,
"timestamp" : "1530106173" ,
"uuid" : "5b33913d-8114-4770-a12b-68df950d210f" ,
"Attribute" : [
{
"category" : "Payload delivery" ,
"comment" : "" ,
"deleted" : false ,
"disable_correlation" : false ,
"object_relation" : "sha256" ,
"timestamp" : "1530106173" ,
"to_ids" : true ,
"type" : "sha256" ,
"uuid" : "5b33913d-5234-499b-a1ea-68df950d210f" ,
"value" : "b8528c8e325db76b139d46e9f29835382a1b48d8941c47060076f367539c2559"
} ,
{
"category" : "Other" ,
"comment" : "" ,
"deleted" : false ,
"disable_correlation" : true ,
"object_relation" : "state" ,
"timestamp" : "1530106174" ,
"to_ids" : false ,
"type" : "text" ,
"uuid" : "5b33913e-6518-45bf-bbaf-68df950d210f" ,
"value" : "Malicious"
}
]
} ,
{
"comment" : "DDKONG" ,
"deleted" : false ,
"description" : "File object describing a file with meta-information" ,
"meta-category" : "file" ,
"name" : "file" ,
"template_uuid" : "688c46fb-5edb-40a3-8273-1af7923e2215" ,
"template_version" : "11" ,
"timestamp" : "1530106193" ,
"uuid" : "5b339151-0254-4c6c-a8a6-44fb950d210f" ,
"Attribute" : [
{
"category" : "Payload delivery" ,
"comment" : "" ,
"deleted" : false ,
"disable_correlation" : false ,
"object_relation" : "sha256" ,
"timestamp" : "1530106194" ,
"to_ids" : true ,
"type" : "sha256" ,
"uuid" : "5b339152-f184-43f7-b786-4d75950d210f" ,
"value" : "01315e211bac543195f2c703033ba31b229001f844854b147c4b2a0973a7d17b"
} ,
{
"category" : "Other" ,
"comment" : "" ,
"deleted" : false ,
"disable_correlation" : true ,
"object_relation" : "state" ,
"timestamp" : "1530106194" ,
"to_ids" : false ,
"type" : "text" ,
"uuid" : "5b339152-c358-4e13-a064-496a950d210f" ,
"value" : "Malicious"
}
]
} ,
{
"comment" : "DDKONG" ,
"deleted" : false ,
"description" : "File object describing a file with meta-information" ,
"meta-category" : "file" ,
"name" : "file" ,
"template_uuid" : "688c46fb-5edb-40a3-8273-1af7923e2215" ,
"template_version" : "11" ,
"timestamp" : "1530106211" ,
"uuid" : "5b339163-3204-4054-bb53-4e3d950d210f" ,
"Attribute" : [
{
"category" : "Payload delivery" ,
"comment" : "" ,
"deleted" : false ,
"disable_correlation" : false ,
"object_relation" : "sha256" ,
"timestamp" : "1530106211" ,
"to_ids" : true ,
"type" : "sha256" ,
"uuid" : "5b339163-177c-4327-8fcb-4b32950d210f" ,
"value" : "df14de6b43f902ac8c35ecf0582ddb33e12e682700eb55dc4706b73f5aed40f6"
} ,
{
"category" : "Other" ,
"comment" : "" ,
"deleted" : false ,
"disable_correlation" : true ,
"object_relation" : "state" ,
"timestamp" : "1530106212" ,
"to_ids" : false ,
"type" : "text" ,
"uuid" : "5b339164-6248-4606-81a3-4f26950d210f" ,
"value" : "Malicious"
}
]
} ,
{
"comment" : "DDKONG" ,
"deleted" : false ,
"description" : "File object describing a file with meta-information" ,
"meta-category" : "file" ,
"name" : "file" ,
"template_uuid" : "688c46fb-5edb-40a3-8273-1af7923e2215" ,
"template_version" : "11" ,
"timestamp" : "1530106228" ,
"uuid" : "5b339174-eafc-4de2-873a-da6b950d210f" ,
"Attribute" : [
{
"category" : "Payload delivery" ,
"comment" : "" ,
"deleted" : false ,
"disable_correlation" : false ,
"object_relation" : "sha256" ,
"timestamp" : "1530106228" ,
"to_ids" : true ,
"type" : "sha256" ,
"uuid" : "5b339174-2814-4420-8f87-da6b950d210f" ,
"value" : "177906cb9170adc26082e44d9ad1b3fbdcba7c0b57e28b614c1b66cc4a99f906"
} ,
{
"category" : "Other" ,
"comment" : "" ,
"deleted" : false ,
"disable_correlation" : true ,
"object_relation" : "state" ,
"timestamp" : "1530106230" ,
"to_ids" : false ,
"type" : "text" ,
"uuid" : "5b339176-74f0-4547-825f-da6b950d210f" ,
"value" : "Malicious"
}
]
} ,
{
"comment" : "DDKONG" ,
"deleted" : false ,
"description" : "File object describing a file with meta-information" ,
"meta-category" : "file" ,
"name" : "file" ,
"template_uuid" : "688c46fb-5edb-40a3-8273-1af7923e2215" ,
"template_version" : "11" ,
"timestamp" : "1530106249" ,
"uuid" : "5b339189-bcf4-44cc-908a-6911950d210f" ,
"Attribute" : [
{
"category" : "Payload delivery" ,
"comment" : "" ,
"deleted" : false ,
"disable_correlation" : false ,
"object_relation" : "sha256" ,
"timestamp" : "1530106249" ,
"to_ids" : true ,
"type" : "sha256" ,
"uuid" : "5b339189-db80-480f-9c7d-6911950d210f" ,
"value" : "113ae6f4d6a2963d5c9a7f42f782b176da096d17296f5a546433f7f27f260895"
} ,
{
"category" : "Other" ,
"comment" : "" ,
"deleted" : false ,
"disable_correlation" : true ,
"object_relation" : "state" ,
"timestamp" : "1530106251" ,
"to_ids" : false ,
"type" : "text" ,
"uuid" : "5b33918b-02dc-4431-b8ad-6911950d210f" ,
"value" : "Malicious"
}
]
} ,
{
"comment" : "DDKONG" ,
"deleted" : false ,
"description" : "File object describing a file with meta-information" ,
"meta-category" : "file" ,
"name" : "file" ,
"template_uuid" : "688c46fb-5edb-40a3-8273-1af7923e2215" ,
"template_version" : "11" ,
"timestamp" : "1530106267" ,
"uuid" : "5b33919b-c95c-4f0b-ac98-689c950d210f" ,
"Attribute" : [
{
"category" : "Payload delivery" ,
"comment" : "" ,
"deleted" : false ,
"disable_correlation" : false ,
"object_relation" : "sha256" ,
"timestamp" : "1530106267" ,
"to_ids" : true ,
"type" : "sha256" ,
"uuid" : "5b33919b-6ecc-4fa5-b9f3-689c950d210f" ,
"value" : "119572fafe502907e1d036cdf76f62b0308b2676ebdfc3a51dbab614d92bc7d0"
} ,
{
"category" : "Other" ,
"comment" : "" ,
"deleted" : false ,
"disable_correlation" : true ,
"object_relation" : "state" ,
"timestamp" : "1530106268" ,
"to_ids" : false ,
"type" : "text" ,
"uuid" : "5b33919c-e25c-458f-884f-689c950d210f" ,
"value" : "Malicious"
}
]
} ,
{
"comment" : "DDKONG" ,
"deleted" : false ,
"description" : "File object describing a file with meta-information" ,
"meta-category" : "file" ,
"name" : "file" ,
"template_uuid" : "688c46fb-5edb-40a3-8273-1af7923e2215" ,
"template_version" : "11" ,
"timestamp" : "1530106295" ,
"uuid" : "5b3391b7-53c8-4a3a-aceb-dee7950d210f" ,
"Attribute" : [
{
"category" : "Payload delivery" ,
"comment" : "" ,
"deleted" : false ,
"disable_correlation" : false ,
"object_relation" : "sha256" ,
"timestamp" : "1530106295" ,
"to_ids" : true ,
"type" : "sha256" ,
"uuid" : "5b3391b7-1be0-4b8a-8338-dee7950d210f" ,
"value" : "5afbee76af2a09c173cf782fd5e51b5076b87f19b709577ddae1c8e5455fc642"
} ,
{
"category" : "Other" ,
"comment" : "" ,
"deleted" : false ,
"disable_correlation" : true ,
"object_relation" : "state" ,
"timestamp" : "1530106296" ,
"to_ids" : false ,
"type" : "text" ,
"uuid" : "5b3391b8-c930-470d-8eb5-dee7950d210f" ,
"value" : "Malicious"
}
]
} ,
{
"comment" : "DDKONG" ,
"deleted" : false ,
"description" : "File object describing a file with meta-information" ,
"meta-category" : "file" ,
"name" : "file" ,
"template_uuid" : "688c46fb-5edb-40a3-8273-1af7923e2215" ,
"template_version" : "11" ,
"timestamp" : "1530106312" ,
"uuid" : "5b3391c8-0bf4-4091-bff9-da6b950d210f" ,
"Attribute" : [
{
"category" : "Payload delivery" ,
"comment" : "" ,
"deleted" : false ,
"disable_correlation" : false ,
"object_relation" : "sha256" ,
"timestamp" : "1530106312" ,
"to_ids" : true ,
"type" : "sha256" ,
"uuid" : "5b3391c8-7d50-471f-a254-da6b950d210f" ,
"value" : "128adaba3e6251d1af305a85ebfaafb2a8028eed3b9b031c54176ca7cef539d2"
} ,
{
"category" : "Other" ,
"comment" : "" ,
"deleted" : false ,
"disable_correlation" : true ,
"object_relation" : "state" ,
"timestamp" : "1530106313" ,
"to_ids" : false ,
"type" : "text" ,
"uuid" : "5b3391c9-42f4-41f9-8376-da6b950d210f" ,
"value" : "Malicious"
}
]
} ,
{
"comment" : "" ,
"deleted" : false ,
"description" : "File object describing a file with meta-information" ,
"meta-category" : "file" ,
"name" : "file" ,
"template_uuid" : "688c46fb-5edb-40a3-8273-1af7923e2215" ,
"template_version" : "11" ,
"timestamp" : "1530609107" ,
"uuid" : "019a94d0-c591-4b83-94aa-daff7409c321" ,
"ObjectReference" : [
{
"comment" : "" ,
"object_uuid" : "019a94d0-c591-4b83-94aa-daff7409c321" ,
"referenced_uuid" : "db6b617b-49c8-43b4-8908-afe5af51cee7" ,
"relationship_type" : "analysed-with" ,
"timestamp" : "1530609143" ,
"uuid" : "5b3b3df7-7354-4668-98a0-413b02de0b81"
}
] ,
"Attribute" : [ ]
} ,
{
"comment" : "" ,
"deleted" : false ,
"description" : "VirusTotal report" ,
"meta-category" : "misc" ,
"name" : "virustotal-report" ,
"template_uuid" : "d7dd0154-e04f-4c34-a2fb-79f3a3a52aa4" ,
"template_version" : "2" ,
"timestamp" : "1530609105" ,
"uuid" : "db6b617b-49c8-43b4-8908-afe5af51cee7" ,
"Attribute" : [ ]
} ,
{
"comment" : "" ,
"deleted" : false ,
"description" : "File object describing a file with meta-information" ,
"meta-category" : "file" ,
"name" : "file" ,
"template_uuid" : "688c46fb-5edb-40a3-8273-1af7923e2215" ,
"template_version" : "11" ,
"timestamp" : "1530609114" ,
"uuid" : "d828cbe9-16af-4937-ada0-720c7367914b" ,
"ObjectReference" : [
{
"comment" : "" ,
"object_uuid" : "d828cbe9-16af-4937-ada0-720c7367914b" ,
"referenced_uuid" : "c92cf1ba-27fb-41a2-8ca0-cce941a58606" ,
"relationship_type" : "analysed-with" ,
"timestamp" : "1530609143" ,
"uuid" : "5b3b3df7-ef00-4325-8de5-4dc602de0b81"
}
] ,
"Attribute" : [ ]
} ,
{
"comment" : "" ,
"deleted" : false ,
"description" : "VirusTotal report" ,
"meta-category" : "misc" ,
"name" : "virustotal-report" ,
"template_uuid" : "d7dd0154-e04f-4c34-a2fb-79f3a3a52aa4" ,
"template_version" : "2" ,
"timestamp" : "1530609113" ,
"uuid" : "c92cf1ba-27fb-41a2-8ca0-cce941a58606" ,
"Attribute" : [ ]
} ,
{
"comment" : "" ,
"deleted" : false ,
"description" : "File object describing a file with meta-information" ,
"meta-category" : "file" ,
"name" : "file" ,
"template_uuid" : "688c46fb-5edb-40a3-8273-1af7923e2215" ,
"template_version" : "11" ,
"timestamp" : "1530609117" ,
"uuid" : "ea16e710-32df-4c89-b829-35a82d88c511" ,
"ObjectReference" : [
{
"comment" : "" ,
"object_uuid" : "ea16e710-32df-4c89-b829-35a82d88c511" ,
"referenced_uuid" : "c0504c9d-3f68-4187-b5ab-c27a322a30e9" ,
"relationship_type" : "analysed-with" ,
"timestamp" : "1530609143" ,
"uuid" : "5b3b3df7-9970-4132-a7c2-486502de0b81"
}
] ,
"Attribute" : [ ]
} ,
{
"comment" : "" ,
"deleted" : false ,
"description" : "VirusTotal report" ,
"meta-category" : "misc" ,
"name" : "virustotal-report" ,
"template_uuid" : "d7dd0154-e04f-4c34-a2fb-79f3a3a52aa4" ,
"template_version" : "2" ,
"timestamp" : "1530609115" ,
"uuid" : "c0504c9d-3f68-4187-b5ab-c27a322a30e9" ,
"Attribute" : [ ]
} ,
{
"comment" : "" ,
"deleted" : false ,
"description" : "File object describing a file with meta-information" ,
"meta-category" : "file" ,
"name" : "file" ,
"template_uuid" : "688c46fb-5edb-40a3-8273-1af7923e2215" ,
"template_version" : "11" ,
"timestamp" : "1530609120" ,
"uuid" : "095c3d91-1477-4199-89d0-a8eae5dc7c40" ,
"ObjectReference" : [
{
"comment" : "" ,
"object_uuid" : "095c3d91-1477-4199-89d0-a8eae5dc7c40" ,
"referenced_uuid" : "4968cfb4-ca59-44f4-bdbf-694750b99d4c" ,
"relationship_type" : "analysed-with" ,
"timestamp" : "1530609143" ,
"uuid" : "5b3b3df7-b43c-4292-a899-420102de0b81"
}
] ,
"Attribute" : [ ]
} ,
{
"comment" : "" ,
"deleted" : false ,
"description" : "VirusTotal report" ,
"meta-category" : "misc" ,
"name" : "virustotal-report" ,
"template_uuid" : "d7dd0154-e04f-4c34-a2fb-79f3a3a52aa4" ,
"template_version" : "2" ,
"timestamp" : "1530609118" ,
"uuid" : "4968cfb4-ca59-44f4-bdbf-694750b99d4c" ,
"Attribute" : [ ]
} ,
{
"comment" : "" ,
"deleted" : false ,
"description" : "File object describing a file with meta-information" ,
"meta-category" : "file" ,
"name" : "file" ,
"template_uuid" : "688c46fb-5edb-40a3-8273-1af7923e2215" ,
"template_version" : "11" ,
"timestamp" : "1530609123" ,
"uuid" : "de4c3619-8744-47c3-b8cd-6fda495bd942" ,
"ObjectReference" : [
{
"comment" : "" ,
"object_uuid" : "de4c3619-8744-47c3-b8cd-6fda495bd942" ,
"referenced_uuid" : "df29dca7-7156-4cfe-a8ba-3ccd39c0cec5" ,
"relationship_type" : "analysed-with" ,
"timestamp" : "1530609143" ,
"uuid" : "5b3b3df7-9a2c-4619-a5a7-4c8702de0b81"
}
] ,
"Attribute" : [ ]
} ,
{
"comment" : "" ,
"deleted" : false ,
"description" : "VirusTotal report" ,
"meta-category" : "misc" ,
"name" : "virustotal-report" ,
"template_uuid" : "d7dd0154-e04f-4c34-a2fb-79f3a3a52aa4" ,
"template_version" : "2" ,
"timestamp" : "1530609121" ,
"uuid" : "df29dca7-7156-4cfe-a8ba-3ccd39c0cec5" ,
"Attribute" : [ ]
} ,
{
"comment" : "" ,
"deleted" : false ,
"description" : "File object describing a file with meta-information" ,
"meta-category" : "file" ,
"name" : "file" ,
"template_uuid" : "688c46fb-5edb-40a3-8273-1af7923e2215" ,
"template_version" : "11" ,
"timestamp" : "1530609126" ,
"uuid" : "7b66e013-aa3e-47f4-8332-2b066e66a6e6" ,
"ObjectReference" : [
{
"comment" : "" ,
"object_uuid" : "7b66e013-aa3e-47f4-8332-2b066e66a6e6" ,
"referenced_uuid" : "a1cacbf6-59f6-415f-baff-edff18badf81" ,
"relationship_type" : "analysed-with" ,
"timestamp" : "1530609143" ,
"uuid" : "5b3b3df7-bab8-4fc5-880c-4cf802de0b81"
}
] ,
"Attribute" : [ ]
} ,
{
"comment" : "" ,
"deleted" : false ,
"description" : "VirusTotal report" ,
"meta-category" : "misc" ,
"name" : "virustotal-report" ,
"template_uuid" : "d7dd0154-e04f-4c34-a2fb-79f3a3a52aa4" ,
"template_version" : "2" ,
"timestamp" : "1530609125" ,
"uuid" : "a1cacbf6-59f6-415f-baff-edff18badf81" ,
"Attribute" : [ ]
} ,
{
"comment" : "" ,
"deleted" : false ,
"description" : "File object describing a file with meta-information" ,
"meta-category" : "file" ,
"name" : "file" ,
"template_uuid" : "688c46fb-5edb-40a3-8273-1af7923e2215" ,
"template_version" : "11" ,
"timestamp" : "1530609130" ,
"uuid" : "0f4fd687-aa8e-457d-84fd-42c38b4c82a3" ,
"ObjectReference" : [
{
"comment" : "" ,
"object_uuid" : "0f4fd687-aa8e-457d-84fd-42c38b4c82a3" ,
"referenced_uuid" : "303af87f-901c-403e-9f6d-1d3d82fdaa16" ,
"relationship_type" : "analysed-with" ,
"timestamp" : "1530609144" ,
"uuid" : "5b3b3df8-1fe8-4ef0-98bc-4d2b02de0b81"
}
] ,
"Attribute" : [ ]
} ,
{
"comment" : "" ,
"deleted" : false ,
"description" : "VirusTotal report" ,
"meta-category" : "misc" ,
"name" : "virustotal-report" ,
"template_uuid" : "d7dd0154-e04f-4c34-a2fb-79f3a3a52aa4" ,
"template_version" : "2" ,
"timestamp" : "1530609128" ,
"uuid" : "303af87f-901c-403e-9f6d-1d3d82fdaa16" ,
"Attribute" : [ ]
} ,
{
"comment" : "" ,
"deleted" : false ,
"description" : "File object describing a file with meta-information" ,
"meta-category" : "file" ,
"name" : "file" ,
"template_uuid" : "688c46fb-5edb-40a3-8273-1af7923e2215" ,
"template_version" : "11" ,
"timestamp" : "1530609132" ,
"uuid" : "90d4404c-2895-4d88-ab4e-d996ba26c724" ,
"ObjectReference" : [
{
"comment" : "" ,
"object_uuid" : "90d4404c-2895-4d88-ab4e-d996ba26c724" ,
"referenced_uuid" : "6ec49067-5762-48e9-9fbd-28092708d5ba" ,
"relationship_type" : "analysed-with" ,
"timestamp" : "1530609144" ,
"uuid" : "5b3b3df8-abbc-4210-b753-400f02de0b81"
}
] ,
"Attribute" : [ ]
} ,
{
"comment" : "" ,
"deleted" : false ,
"description" : "VirusTotal report" ,
"meta-category" : "misc" ,
"name" : "virustotal-report" ,
"template_uuid" : "d7dd0154-e04f-4c34-a2fb-79f3a3a52aa4" ,
"template_version" : "2" ,
"timestamp" : "1530609130" ,
"uuid" : "6ec49067-5762-48e9-9fbd-28092708d5ba" ,
"Attribute" : [ ]
} ,
{
"comment" : "" ,
"deleted" : false ,
"description" : "File object describing a file with meta-information" ,
"meta-category" : "file" ,
"name" : "file" ,
"template_uuid" : "688c46fb-5edb-40a3-8273-1af7923e2215" ,
"template_version" : "11" ,
"timestamp" : "1530609135" ,
"uuid" : "1e424c4b-7b22-435e-bbee-376e02c27c01" ,
"ObjectReference" : [
{
"comment" : "" ,
"object_uuid" : "1e424c4b-7b22-435e-bbee-376e02c27c01" ,
"referenced_uuid" : "20ddb2fc-05bf-41a5-840f-987eb82ed0c4" ,
"relationship_type" : "analysed-with" ,
"timestamp" : "1530609144" ,
"uuid" : "5b3b3df8-e498-4f2a-8e6b-496f02de0b81"
}
] ,
"Attribute" : [ ]
} ,
{
"comment" : "" ,
"deleted" : false ,
"description" : "VirusTotal report" ,
"meta-category" : "misc" ,
"name" : "virustotal-report" ,
"template_uuid" : "d7dd0154-e04f-4c34-a2fb-79f3a3a52aa4" ,
"template_version" : "2" ,
"timestamp" : "1530609133" ,
"uuid" : "20ddb2fc-05bf-41a5-840f-987eb82ed0c4" ,
"Attribute" : [ ]
} ,
{
"comment" : "" ,
"deleted" : false ,
"description" : "File object describing a file with meta-information" ,
"meta-category" : "file" ,
"name" : "file" ,
"template_uuid" : "688c46fb-5edb-40a3-8273-1af7923e2215" ,
"template_version" : "11" ,
"timestamp" : "1530609137" ,
"uuid" : "a6f4384b-c7bb-466b-bd50-905a7c5ae4c8" ,
"ObjectReference" : [
{
"comment" : "" ,
"object_uuid" : "a6f4384b-c7bb-466b-bd50-905a7c5ae4c8" ,
"referenced_uuid" : "e281f0e7-57ca-4348-ae1c-79b7de45d17f" ,
"relationship_type" : "analysed-with" ,
"timestamp" : "1530609144" ,
"uuid" : "5b3b3df8-350c-43f2-9c53-45c702de0b81"
}
] ,
"Attribute" : [ ]
} ,
{
"comment" : "" ,
"deleted" : false ,
"description" : "VirusTotal report" ,
"meta-category" : "misc" ,
"name" : "virustotal-report" ,
"template_uuid" : "d7dd0154-e04f-4c34-a2fb-79f3a3a52aa4" ,
"template_version" : "2" ,
"timestamp" : "1530609135" ,
"uuid" : "e281f0e7-57ca-4348-ae1c-79b7de45d17f" ,
"Attribute" : [ ]
} ,
{
"comment" : "" ,
"deleted" : false ,
"description" : "File object describing a file with meta-information" ,
"meta-category" : "file" ,
"name" : "file" ,
"template_uuid" : "688c46fb-5edb-40a3-8273-1af7923e2215" ,
"template_version" : "11" ,
"timestamp" : "1530609139" ,
"uuid" : "9942331c-fb6a-48ca-8a9d-8c088b87eceb" ,
"ObjectReference" : [
{
"comment" : "" ,
"object_uuid" : "9942331c-fb6a-48ca-8a9d-8c088b87eceb" ,
"referenced_uuid" : "91446d13-bed9-4a80-9b2f-b2fed41ef4c8" ,
"relationship_type" : "analysed-with" ,
"timestamp" : "1530609144" ,
"uuid" : "5b3b3df8-a374-4515-b322-4baf02de0b81"
}
] ,
"Attribute" : [ ]
} ,
{
"comment" : "" ,
"deleted" : false ,
"description" : "VirusTotal report" ,
"meta-category" : "misc" ,
"name" : "virustotal-report" ,
"template_uuid" : "d7dd0154-e04f-4c34-a2fb-79f3a3a52aa4" ,
"template_version" : "2" ,
"timestamp" : "1530609138" ,
"uuid" : "91446d13-bed9-4a80-9b2f-b2fed41ef4c8" ,
"Attribute" : [ ]
} ,
{
"comment" : "" ,
"deleted" : false ,
"description" : "File object describing a file with meta-information" ,
"meta-category" : "file" ,
"name" : "file" ,
"template_uuid" : "688c46fb-5edb-40a3-8273-1af7923e2215" ,
"template_version" : "11" ,
"timestamp" : "1530609142" ,
"uuid" : "442da37d-2272-45e1-b75c-ef0ca6c63019" ,
"ObjectReference" : [
{
"comment" : "" ,
"object_uuid" : "442da37d-2272-45e1-b75c-ef0ca6c63019" ,
"referenced_uuid" : "a833bc24-8211-4579-86d9-4f756414083c" ,
"relationship_type" : "analysed-with" ,
"timestamp" : "1530609144" ,
"uuid" : "5b3b3df8-49b8-483d-bc57-4d3102de0b81"
}
] ,
"Attribute" : [ ]
} ,
{
"comment" : "" ,
"deleted" : false ,
"description" : "VirusTotal report" ,
"meta-category" : "misc" ,
"name" : "virustotal-report" ,
"template_uuid" : "d7dd0154-e04f-4c34-a2fb-79f3a3a52aa4" ,
"template_version" : "2" ,
"timestamp" : "1530609140" ,
"uuid" : "a833bc24-8211-4579-86d9-4f756414083c" ,
"Attribute" : [ ]
}
]
}
}