2023-04-21 13:25:09 +00:00
{
"Event" : {
"analysis" : "2" ,
"date" : "2018-07-25" ,
"extends_uuid" : "" ,
"info" : "OSINT - Leafminer: New Espionage Campaigns Targeting Middle Eastern Regions" ,
"publish_timestamp" : "1533219022" ,
"published" : true ,
"threat_level_id" : "3" ,
"timestamp" : "1533219022" ,
"uuid" : "5b58e29a-cb98-42a6-8b3b-4a6802de0b81" ,
"Orgc" : {
"name" : "CIRCL" ,
"uuid" : "55f6ea5e-2c60-40e5-964f-47a8950d210f"
} ,
"Tag" : [
{
"colour" : "#ffffff" ,
2023-05-19 09:05:37 +00:00
"local" : "0" ,
"name" : "tlp:white" ,
"relationship_type" : ""
2023-04-21 13:25:09 +00:00
} ,
{
"colour" : "#0026eb" ,
2023-05-19 09:05:37 +00:00
"local" : "0" ,
"name" : "estimative-language:confidence-in-analytic-judgment=\"moderate\"" ,
"relationship_type" : ""
2023-04-21 13:25:09 +00:00
} ,
{
"colour" : "#00223b" ,
2023-05-19 09:05:37 +00:00
"local" : "0" ,
"name" : "osint:source-type=\"blog-post\"" ,
"relationship_type" : ""
2023-04-21 13:25:09 +00:00
} ,
{
"colour" : "#0088cc" ,
2023-05-19 09:05:37 +00:00
"local" : "0" ,
"name" : "misp-galaxy:threat-actor=\"RASPITE\"" ,
"relationship_type" : ""
2023-04-21 13:25:09 +00:00
}
] ,
"Attribute" : [
{
"category" : "Payload delivery" ,
"comment" : "" ,
"deleted" : false ,
"disable_correlation" : false ,
"timestamp" : "1532551918" ,
"to_ids" : true ,
"type" : "sha256" ,
"uuid" : "5b58e2ee-97bc-4e70-8b0f-4f1502de0b81" ,
"value" : "09653415084e64caed272f089610c5218a60372e17755ba71176785736e71c0d"
} ,
{
"category" : "Payload delivery" ,
"comment" : "" ,
"deleted" : false ,
"disable_correlation" : false ,
"timestamp" : "1532551919" ,
"to_ids" : true ,
"type" : "sha256" ,
"uuid" : "5b58e2ef-80b4-4b9c-a511-4db702de0b81" ,
"value" : "09a20ca2db5b75f4ee55874929dec64acfffa46d54a4ed561b9c3f04baa91d52"
} ,
{
"category" : "Payload delivery" ,
"comment" : "" ,
"deleted" : false ,
"disable_correlation" : false ,
"timestamp" : "1532551919" ,
"to_ids" : true ,
"type" : "sha256" ,
"uuid" : "5b58e2ef-6df8-4c94-a941-4e9902de0b81" ,
"value" : "1e4f56a1999ffa5376ef0acaaa5da0993f07e9c5aa1c222e297db7a4117d04b1"
} ,
{
"category" : "Payload delivery" ,
"comment" : "" ,
"deleted" : false ,
"disable_correlation" : false ,
"timestamp" : "1532551921" ,
"to_ids" : true ,
"type" : "sha256" ,
"uuid" : "5b58e2f1-f5a8-48bb-b820-4e4602de0b81" ,
"value" : "200ec4e8f16ed205cf94c02fcd73ee43ee511fa44ce34c458a1fca195c4bc737"
} ,
{
"category" : "Payload delivery" ,
"comment" : "" ,
"deleted" : false ,
"disable_correlation" : false ,
"timestamp" : "1532551922" ,
"to_ids" : true ,
"type" : "sha256" ,
"uuid" : "5b58e2f2-73bc-41e5-b021-490b02de0b81" ,
"value" : "2591b50355ed8053c8ed2e122f0b5769dd52c6d0b658cd0f2847f39056c6ac8c"
} ,
{
"category" : "Payload delivery" ,
"comment" : "" ,
"deleted" : false ,
"disable_correlation" : false ,
"timestamp" : "1532551923" ,
"to_ids" : true ,
"type" : "sha256" ,
"uuid" : "5b58e2f3-86b0-4c1f-963d-471c02de0b81" ,
"value" : "332762804dd17f9b81620ea60ca8962daa493df24f6d98799d784d50fd4d0108"
} ,
{
"category" : "Payload delivery" ,
"comment" : "" ,
"deleted" : false ,
"disable_correlation" : false ,
"timestamp" : "1532551924" ,
"to_ids" : true ,
"type" : "sha256" ,
"uuid" : "5b58e2f4-c574-4942-9ac3-415502de0b81" ,
"value" : "3373d81a74c1ea75c794244b2c6d4e5fb246224128412b9348291e2f68994d83"
} ,
{
"category" : "Payload delivery" ,
"comment" : "" ,
"deleted" : false ,
"disable_correlation" : false ,
"timestamp" : "1532551925" ,
"to_ids" : true ,
"type" : "sha256" ,
"uuid" : "5b58e2f5-0c10-4ead-ac47-402502de0b81" ,
"value" : "36e9c95b65692b110f4fe2ed27aa6066368c07525c020ec081b59bad272e6172"
} ,
{
"category" : "Payload delivery" ,
"comment" : "" ,
"deleted" : false ,
"disable_correlation" : false ,
"timestamp" : "1532551926" ,
"to_ids" : true ,
"type" : "sha256" ,
"uuid" : "5b58e2f6-f818-4b97-bdff-473f02de0b81" ,
"value" : "48529fc232a99b8cfa14cdc1b982615e9a96942b4e0a79e4a88d504faac74c7c"
} ,
{
"category" : "Payload delivery" ,
"comment" : "" ,
"deleted" : false ,
"disable_correlation" : false ,
"timestamp" : "1532551927" ,
"to_ids" : true ,
"type" : "sha256" ,
"uuid" : "5b58e2f7-f9e0-4e9f-a2ce-4f4b02de0b81" ,
"value" : "4b16cb8b0eaeb8449d35290edb00beb3002852ad0225f52e5476e16c853447c5"
} ,
{
"category" : "Payload delivery" ,
"comment" : "" ,
"deleted" : false ,
"disable_correlation" : false ,
"timestamp" : "1532551928" ,
"to_ids" : true ,
"type" : "sha256" ,
"uuid" : "5b58e2f8-f90c-4fed-941a-431202de0b81" ,
"value" : "58c9e11a2cd18bc6762753b27225423257b0d8e84592a7fe8b1c9bdd97129546"
} ,
{
"category" : "Payload delivery" ,
"comment" : "" ,
"deleted" : false ,
"disable_correlation" : false ,
"timestamp" : "1532551929" ,
"to_ids" : true ,
"type" : "sha256" ,
"uuid" : "5b58e2f9-6164-4f59-aeb1-4bff02de0b81" ,
"value" : "670dc0a8182503b272f8a0f5cf93ea1e9f12fd46afdf4930249bc0fa588bac2d"
} ,
{
"category" : "Payload delivery" ,
"comment" : "" ,
"deleted" : false ,
"disable_correlation" : false ,
"timestamp" : "1532551930" ,
"to_ids" : true ,
"type" : "sha256" ,
"uuid" : "5b58e2fa-0614-46bf-b24a-43f702de0b81" ,
"value" : "6f5b1269175d3937a5f92c62ff3ef1dd693827705d0d41456d93d5243c1dbaad"
} ,
{
"category" : "Payload delivery" ,
"comment" : "" ,
"deleted" : false ,
"disable_correlation" : false ,
"timestamp" : "1532551931" ,
"to_ids" : true ,
"type" : "sha256" ,
"uuid" : "5b58e2fb-62b8-416a-a4a7-48f602de0b81" ,
"value" : "70c30b4cc6a9a420bec3ad25a0147c7ff91535a04ece95036334cb23044eda4e"
} ,
{
"category" : "Payload delivery" ,
"comment" : "" ,
"deleted" : false ,
"disable_correlation" : false ,
"timestamp" : "1532551932" ,
"to_ids" : true ,
"type" : "sha256" ,
"uuid" : "5b58e2fc-e124-4d97-84e7-4a5802de0b81" ,
"value" : "7897406109e2454e4d99044e24a2d4fe5902473c2c76b82c2569336805989482"
} ,
{
"category" : "Payload delivery" ,
"comment" : "" ,
"deleted" : false ,
"disable_correlation" : false ,
"timestamp" : "1532551933" ,
"to_ids" : true ,
"type" : "sha256" ,
"uuid" : "5b58e2fd-f4f8-478b-ad66-41e402de0b81" ,
"value" : "7b06957c6b8450953967eb9c5f762e389a92fcf761b6885b7cb6dd2407641f3a"
} ,
{
"category" : "Payload delivery" ,
"comment" : "" ,
"deleted" : false ,
"disable_correlation" : false ,
"timestamp" : "1532551934" ,
"to_ids" : true ,
"type" : "sha256" ,
"uuid" : "5b58e2fe-e8a4-4624-9775-4a2a02de0b81" ,
"value" : "7b8d27bfd5f2199e984c3038ce7625069f9ee0ec57dbfd7998e37afbe18011f3"
} ,
{
"category" : "Payload delivery" ,
"comment" : "" ,
"deleted" : false ,
"disable_correlation" : false ,
"timestamp" : "1532551935" ,
"to_ids" : true ,
"type" : "sha256" ,
"uuid" : "5b58e2ff-5d54-49f4-a53b-466402de0b81" ,
"value" : "7d829abe26b30ced467513e95f3448bc9f30de2fdced81c20b0d7699bd69c644"
} ,
{
"category" : "Payload delivery" ,
"comment" : "" ,
"deleted" : false ,
"disable_correlation" : false ,
"timestamp" : "1532551936" ,
"to_ids" : true ,
"type" : "sha256" ,
"uuid" : "5b58e300-8750-4e1d-9511-4d4d02de0b81" ,
"value" : "84803151c5b73a53de91844968f377e6ee33ba82910aa1f612595a19aeb7e529"
} ,
{
"category" : "Payload delivery" ,
"comment" : "" ,
"deleted" : false ,
"disable_correlation" : false ,
"timestamp" : "1532551937" ,
"to_ids" : true ,
"type" : "sha256" ,
"uuid" : "5b58e301-2f44-4654-876b-41c202de0b81" ,
"value" : "85e9b5c3bd88a0c2b535c8d89ed0e9f875895e758228da16b5a46f6ff70e7e77"
} ,
{
"category" : "Payload delivery" ,
"comment" : "" ,
"deleted" : false ,
"disable_correlation" : false ,
"timestamp" : "1532551938" ,
"to_ids" : true ,
"type" : "sha256" ,
"uuid" : "5b58e302-a1c0-4b65-a8c3-46a002de0b81" ,
"value" : "9aa8f2d9245d0e6cef375ed999da6a3c9715fbe2a20589fdb388a8687707133a"
} ,
{
"category" : "Payload delivery" ,
"comment" : "" ,
"deleted" : false ,
"disable_correlation" : false ,
"timestamp" : "1532551939" ,
"to_ids" : true ,
"type" : "sha256" ,
"uuid" : "5b58e303-38d4-46e0-8920-4a0702de0b81" ,
"value" : "9d3801af7f8270ee550f0e3bb31e2ead903c45849e099c80d3c34b0076ca7e6f"
} ,
{
"category" : "Payload delivery" ,
"comment" : "" ,
"deleted" : false ,
"disable_correlation" : false ,
"timestamp" : "1532551941" ,
"to_ids" : true ,
"type" : "sha256" ,
"uuid" : "5b58e305-37f0-40fe-b781-428902de0b81" ,
"value" : "a115a2a704386293f4c5e7108b9dab6afc42d4647cbff47023f2d2039c6b72ae"
} ,
{
"category" : "Payload delivery" ,
"comment" : "" ,
"deleted" : false ,
"disable_correlation" : false ,
"timestamp" : "1532551942" ,
"to_ids" : true ,
"type" : "sha256" ,
"uuid" : "5b58e306-3dc0-4301-b514-434302de0b81" ,
"value" : "a2155e4dd281ef7b01a1490943b7fb06706d7ef02c0f955611e941d06b6e3ccf"
} ,
{
"category" : "Payload delivery" ,
"comment" : "" ,
"deleted" : false ,
"disable_correlation" : false ,
"timestamp" : "1532551943" ,
"to_ids" : true ,
"type" : "sha256" ,
"uuid" : "5b58e307-0818-493f-9bb7-4a0c02de0b81" ,
"value" : "a36fc0d9cb5b415fa8d6fe89434aca931bc4d0f9ac56ada7b7b9a9e601966860"
} ,
{
"category" : "Payload delivery" ,
"comment" : "" ,
"deleted" : false ,
"disable_correlation" : false ,
"timestamp" : "1532551944" ,
"to_ids" : true ,
"type" : "sha256" ,
"uuid" : "5b58e308-1024-4231-a377-4cdf02de0b81" ,
"value" : "a4ec0964b115cdc7c3e2fd2bd60651a5105981485a4cd9a1ce5e3d29222f6303"
} ,
{
"category" : "Payload delivery" ,
"comment" : "" ,
"deleted" : false ,
"disable_correlation" : false ,
"timestamp" : "1532551944" ,
"to_ids" : true ,
"type" : "sha256" ,
"uuid" : "5b58e308-63d0-4db2-8c0a-44b102de0b81" ,
"value" : "ac33d303a9903f8a181e323eff6f0053234546e9b963f6bd1a2867bbb70ce2f9"
} ,
{
"category" : "Payload delivery" ,
"comment" : "" ,
"deleted" : false ,
"disable_correlation" : false ,
"timestamp" : "1532551945" ,
"to_ids" : true ,
"type" : "sha256" ,
"uuid" : "5b58e309-845c-41bb-bc1c-4bfe02de0b81" ,
"value" : "b13ce2692d7ea4ebf343916d1f4c6de8a73376d486d96f3e7ceddecab5068ccf"
} ,
{
"category" : "Payload delivery" ,
"comment" : "" ,
"deleted" : false ,
"disable_correlation" : false ,
"timestamp" : "1532551945" ,
"to_ids" : true ,
"type" : "sha256" ,
"uuid" : "5b58e309-12e0-4928-9c49-4bd202de0b81" ,
"value" : "c05205771d1cb9bfbfd7139a7ec8f8364c2820d6de3bbb93806530f1dc7a4283"
} ,
{
"category" : "Payload delivery" ,
"comment" : "" ,
"deleted" : false ,
"disable_correlation" : false ,
"timestamp" : "1532551945" ,
"to_ids" : true ,
"type" : "sha256" ,
"uuid" : "5b58e309-b644-4688-866d-426702de0b81" ,
"value" : "c402e570ea5e69c42898cb6a1a6be39fa9f5a90e909c2d1a4a2276df80abca97"
} ,
{
"category" : "Payload delivery" ,
"comment" : "" ,
"deleted" : false ,
"disable_correlation" : false ,
"timestamp" : "1532551946" ,
"to_ids" : true ,
"type" : "sha256" ,
"uuid" : "5b58e30a-1f44-43cf-b9bd-4e2002de0b81" ,
"value" : "caa2bd3596cf15d4d09fad3d110052460bc05933587a16e13f879fe1469a1377"
} ,
{
"category" : "Payload delivery" ,
"comment" : "" ,
"deleted" : false ,
"disable_correlation" : false ,
"timestamp" : "1532551946" ,
"to_ids" : true ,
"type" : "sha256" ,
"uuid" : "5b58e30a-c74c-4dff-bfd9-4a6702de0b81" ,
"value" : "cb34a8f0dacb1ddccd89e0f40822dbdb0a3e32bb22c0801325be53bff55afd85"
} ,
{
"category" : "Payload delivery" ,
"comment" : "" ,
"deleted" : false ,
"disable_correlation" : false ,
"timestamp" : "1532551947" ,
"to_ids" : true ,
"type" : "sha256" ,
"uuid" : "5b58e30b-abbc-4d93-9cb7-4cc002de0b81" ,
"value" : "d01f01cc4832786c2821bb51d1abf40efbdf5127cd1d11e674c76996f1f1b145"
} ,
{
"category" : "Payload delivery" ,
"comment" : "" ,
"deleted" : false ,
"disable_correlation" : false ,
"timestamp" : "1532551947" ,
"to_ids" : true ,
"type" : "sha256" ,
"uuid" : "5b58e30b-41c0-464a-978c-4de702de0b81" ,
"value" : "d152da24739964acc8cc9fbd8f60a8ae7b8f7903c37168ce53e01b451d4aba5d"
} ,
{
"category" : "Payload delivery" ,
"comment" : "" ,
"deleted" : false ,
"disable_correlation" : false ,
"timestamp" : "1532551948" ,
"to_ids" : true ,
"type" : "sha256" ,
"uuid" : "5b58e30c-80e4-4de1-84b9-4a0702de0b81" ,
"value" : "d1e4081b5fdeb09b280674e0c34f5495527a621bb4f42601f97f123761c514c0"
} ,
{
"category" : "Payload delivery" ,
"comment" : "" ,
"deleted" : false ,
"disable_correlation" : false ,
"timestamp" : "1532551948" ,
"to_ids" : true ,
"type" : "sha256" ,
"uuid" : "5b58e30c-ebb4-4f85-a816-4ff902de0b81" ,
"value" : "d1ee0cf551e5fc37d482484d3de1c5718a5b8c9cfadd907b7b3ccf9324a599fe"
} ,
{
"category" : "Payload delivery" ,
"comment" : "" ,
"deleted" : false ,
"disable_correlation" : false ,
"timestamp" : "1532551948" ,
"to_ids" : true ,
"type" : "sha256" ,
"uuid" : "5b58e30c-8a90-4753-b5dd-438802de0b81" ,
"value" : "d94c5bd51cdbdd87ee4eb8005022be2ed763c791660416212a8e6a6b18576ac8"
} ,
{
"category" : "Payload delivery" ,
"comment" : "" ,
"deleted" : false ,
"disable_correlation" : false ,
"timestamp" : "1532551949" ,
"to_ids" : true ,
"type" : "sha256" ,
"uuid" : "5b58e30d-c3f8-41fe-9a8d-430d02de0b81" ,
"value" : "de481b765df8a44dc7b8528bf4822332cbd6105bce780e3c99da2cc67ab1263b"
} ,
{
"category" : "Payload delivery" ,
"comment" : "" ,
"deleted" : false ,
"disable_correlation" : false ,
"timestamp" : "1532551949" ,
"to_ids" : true ,
"type" : "sha256" ,
"uuid" : "5b58e30d-9f6c-4178-ac25-467f02de0b81" ,
"value" : "e3612f7e389695f6f4184cbdc5dc9512e370f3f3863afcb38a17d59d6ead8dc0"
} ,
{
"category" : "Payload delivery" ,
"comment" : "" ,
"deleted" : false ,
"disable_correlation" : false ,
"timestamp" : "1532551950" ,
"to_ids" : true ,
"type" : "sha256" ,
"uuid" : "5b58e30e-6ac8-4dbf-abd1-459602de0b81" ,
"value" : "e8f409387c6df73c201776633d44ac97d4fc1958bf79b1b36659e4bf904ccf28"
} ,
{
"category" : "Payload delivery" ,
"comment" : "" ,
"deleted" : false ,
"disable_correlation" : false ,
"timestamp" : "1532551950" ,
"to_ids" : true ,
"type" : "sha256" ,
"uuid" : "5b58e30e-ad60-44af-910c-414102de0b81" ,
"value" : "e931848dd6e5914e8ed0b287ef27544bf6c444fae05590a174307b437a1ea866"
} ,
{
"category" : "Payload delivery" ,
"comment" : "" ,
"deleted" : false ,
"disable_correlation" : false ,
"timestamp" : "1532551950" ,
"to_ids" : true ,
"type" : "sha256" ,
"uuid" : "5b58e30e-8464-4e83-89a5-4d5502de0b81" ,
"value" : "ebd01e75c633c212265fe883e869b543b27c34819d8501a52dbd21fc2cb533fc"
} ,
{
"category" : "Payload delivery" ,
"comment" : "" ,
"deleted" : false ,
"disable_correlation" : false ,
"timestamp" : "1532551951" ,
"to_ids" : true ,
"type" : "sha256" ,
"uuid" : "5b58e30f-b0b4-464d-a382-4cdd02de0b81" ,
"value" : "efb340cf61009acc14b8463c185340bae0269b957143469dc7270af85ee2092d"
} ,
{
"category" : "Payload delivery" ,
"comment" : "" ,
"deleted" : false ,
"disable_correlation" : false ,
"timestamp" : "1532551951" ,
"to_ids" : true ,
"type" : "sha256" ,
"uuid" : "5b58e30f-2c54-4980-ac88-426a02de0b81" ,
"value" : "f67d378140f4aca98d4bd427eda7052ad1205dab8b6028a7fa00254d0c60aeea"
} ,
{
"category" : "Payload delivery" ,
"comment" : "" ,
"deleted" : false ,
"disable_correlation" : false ,
"timestamp" : "1532551952" ,
"to_ids" : true ,
"type" : "sha256" ,
"uuid" : "5b58e310-bd40-4f18-8626-490702de0b81" ,
"value" : "fd026f5f3995b0664cde644da0d21b7488f5baabe0467dcec14092624b86b900"
} ,
{
"category" : "Payload delivery" ,
"comment" : "" ,
"deleted" : false ,
"disable_correlation" : false ,
"timestamp" : "1532551952" ,
"to_ids" : true ,
"type" : "sha256" ,
"uuid" : "5b58e310-c520-4489-8a06-487d02de0b81" ,
"value" : "ff8c9d8c6f16a466d8e598c25829ec0c2fb4503b74d17f307e13c28fd2e99b93"
} ,
{
"category" : "Payload delivery" ,
"comment" : "" ,
"deleted" : false ,
"disable_correlation" : false ,
"timestamp" : "1532551952" ,
"to_ids" : true ,
"type" : "sha256" ,
"uuid" : "5b58e310-1644-4ac5-9187-469302de0b81" ,
"value" : "ffb6acd2715dd988fe3c3fdbd7d45159f8e5b529eea506a856109a8696e93a80"
} ,
{
"category" : "Network activity" ,
"comment" : "" ,
"deleted" : false ,
"disable_correlation" : false ,
"timestamp" : "1532551971" ,
"to_ids" : true ,
"type" : "domain" ,
"uuid" : "5b58e323-e58c-4b68-9a15-489d02de0b81" ,
"value" : "adobe-flash.us"
} ,
{
"category" : "Network activity" ,
"comment" : "" ,
"deleted" : false ,
"disable_correlation" : false ,
"timestamp" : "1532551972" ,
"to_ids" : true ,
"type" : "domain" ,
"uuid" : "5b58e324-23e8-4481-9f77-4f5502de0b81" ,
"value" : "ilhost.in"
} ,
{
"category" : "Network activity" ,
"comment" : "" ,
"deleted" : false ,
"disable_correlation" : false ,
"timestamp" : "1532551972" ,
"to_ids" : true ,
"type" : "domain" ,
"uuid" : "5b58e324-6a38-4570-b95f-411002de0b81" ,
"value" : "iqhost.us"
} ,
{
"category" : "Network activity" ,
"comment" : "" ,
"deleted" : false ,
"disable_correlation" : false ,
"timestamp" : "1532551973" ,
"to_ids" : true ,
"type" : "domain" ,
"uuid" : "5b58e325-8cdc-4058-acf6-446502de0b81" ,
"value" : "offiice365.us"
} ,
{
"category" : "Network activity" ,
"comment" : "" ,
"deleted" : false ,
"disable_correlation" : false ,
"timestamp" : "1532551973" ,
"to_ids" : true ,
"type" : "domain" ,
"uuid" : "5b58e325-fccc-4093-b3bf-4a4702de0b81" ,
"value" : "adobe-plugin.bid"
} ,
{
"category" : "Network activity" ,
"comment" : "" ,
"deleted" : false ,
"disable_correlation" : false ,
"timestamp" : "1532551973" ,
"to_ids" : true ,
"type" : "domain" ,
"uuid" : "5b58e325-d9a0-4f1a-922b-45b702de0b81" ,
"value" : "microsoft-office-free-templates.in"
} ,
{
"category" : "Network activity" ,
"comment" : "" ,
"deleted" : false ,
"disable_correlation" : false ,
"timestamp" : "1532551974" ,
"to_ids" : true ,
"type" : "hostname" ,
"uuid" : "5b58e326-69fc-48f0-8d01-491a02de0b81" ,
"value" : "microsoft-office-free-templates-download.btc-int.in"
} ,
{
"category" : "Network activity" ,
"comment" : "Watering Hole SMB URLs" ,
"deleted" : false ,
"disable_correlation" : false ,
"timestamp" : "1532551994" ,
"to_ids" : true ,
"type" : "url" ,
"uuid" : "5b58e33a-5904-4967-998a-4def02de0b81" ,
"value" : "51.254.173.240/file.gif"
} ,
{
"category" : "Network activity" ,
"comment" : "Watering Hole SMB URLs" ,
"deleted" : false ,
"disable_correlation" : false ,
"timestamp" : "1532551994" ,
"to_ids" : true ,
"type" : "url" ,
"uuid" : "5b58e33a-a1b0-4f4a-8c4c-433d02de0b81" ,
"value" : "adobe-plugin.bid/file.gif"
} ,
{
"category" : "Network activity" ,
"comment" : "Watering Hole SMB URLs" ,
"deleted" : false ,
"disable_correlation" : false ,
"timestamp" : "1532551995" ,
"to_ids" : true ,
"type" : "url" ,
"uuid" : "5b58e33b-e894-4db9-8753-401002de0b81" ,
"value" : "188.165.187.235/file.gif"
} ,
{
"category" : "External analysis" ,
"comment" : "" ,
"deleted" : false ,
"disable_correlation" : false ,
"timestamp" : "1532552133" ,
"to_ids" : false ,
"type" : "link" ,
"uuid" : "5b58e3c5-2c90-4941-9b8f-479a02de0b81" ,
"value" : "https://www.symantec.com/blogs/threat-intelligence/leafminer-espionage-middle-east"
} ,
{
"category" : "External analysis" ,
"comment" : "" ,
"deleted" : false ,
"disable_correlation" : false ,
"timestamp" : "1532552153" ,
"to_ids" : false ,
"type" : "text" ,
"uuid" : "5b58e3d9-bd80-43a1-a4c7-4f0702de0b81" ,
"value" : "Symantec has uncovered the operations of a threat actor named Leafminer that is targeting a broad list of government organizations and business verticals in various regions in the Middle East since at least early 2017. The group tends to adapt publicly available techniques and tools for their attacks and experiments with published proof-of-concept exploits. Leafminer attempts to infiltrate target networks through various means of intrusion: watering hole websites, vulnerability scans of network services on the internet, and brute-force/dictionary login attempts. The actor\u00e2\u20ac\u2122s post-compromise toolkit suggests that the group is looking for email data, files, and database servers on compromised target systems."
}
] ,
"Object" : [
{
"comment" : "" ,
"deleted" : false ,
"description" : "File object describing a file with meta-information" ,
"meta-category" : "file" ,
"name" : "file" ,
"template_uuid" : "688c46fb-5edb-40a3-8273-1af7923e2215" ,
"template_version" : "11" ,
"timestamp" : "1532552051" ,
"uuid" : "b4137388-e6d6-4ad5-9279-cf94b064002a" ,
"ObjectReference" : [
{
"comment" : "" ,
"object_uuid" : "b4137388-e6d6-4ad5-9279-cf94b064002a" ,
"referenced_uuid" : "7e43aced-7d72-4b63-831b-c9fb69c79ec5" ,
"relationship_type" : "analysed-with" ,
"timestamp" : "1532552382" ,
"uuid" : "5b58e4be-7398-4c40-a878-b5e402de0b81"
}
] ,
"Attribute" : [ ]
} ,
{
"comment" : "" ,
"deleted" : false ,
"description" : "VirusTotal report" ,
"meta-category" : "misc" ,
"name" : "virustotal-report" ,
"template_uuid" : "d7dd0154-e04f-4c34-a2fb-79f3a3a52aa4" ,
"template_version" : "2" ,
"timestamp" : "1532552049" ,
"uuid" : "7e43aced-7d72-4b63-831b-c9fb69c79ec5" ,
"Attribute" : [ ]
} ,
{
"comment" : "" ,
"deleted" : false ,
"description" : "File object describing a file with meta-information" ,
"meta-category" : "file" ,
"name" : "file" ,
"template_uuid" : "688c46fb-5edb-40a3-8273-1af7923e2215" ,
"template_version" : "11" ,
"timestamp" : "1532552053" ,
"uuid" : "2fcc008b-3b14-4ba4-8b42-a7b810102a7c" ,
"ObjectReference" : [
{
"comment" : "" ,
"object_uuid" : "2fcc008b-3b14-4ba4-8b42-a7b810102a7c" ,
"referenced_uuid" : "ad25b1d7-45f7-47ed-a474-a63310ffc5a7" ,
"relationship_type" : "analysed-with" ,
"timestamp" : "1532552382" ,
"uuid" : "5b58e4be-13d4-4462-9adb-b5e402de0b81"
}
] ,
"Attribute" : [ ]
} ,
{
"comment" : "" ,
"deleted" : false ,
"description" : "VirusTotal report" ,
"meta-category" : "misc" ,
"name" : "virustotal-report" ,
"template_uuid" : "d7dd0154-e04f-4c34-a2fb-79f3a3a52aa4" ,
"template_version" : "2" ,
"timestamp" : "1532552052" ,
"uuid" : "ad25b1d7-45f7-47ed-a474-a63310ffc5a7" ,
"Attribute" : [ ]
} ,
{
"comment" : "" ,
"deleted" : false ,
"description" : "File object describing a file with meta-information" ,
"meta-category" : "file" ,
"name" : "file" ,
"template_uuid" : "688c46fb-5edb-40a3-8273-1af7923e2215" ,
"template_version" : "11" ,
"timestamp" : "1532552056" ,
"uuid" : "40e176cd-33bf-428f-8dc7-e7eb0657ccc4" ,
"ObjectReference" : [
{
"comment" : "" ,
"object_uuid" : "40e176cd-33bf-428f-8dc7-e7eb0657ccc4" ,
"referenced_uuid" : "30652bda-a360-426f-89ae-f6257c566381" ,
"relationship_type" : "analysed-with" ,
"timestamp" : "1532552382" ,
"uuid" : "5b58e4be-62d0-41db-962c-b5e402de0b81"
}
] ,
"Attribute" : [ ]
} ,
{
"comment" : "" ,
"deleted" : false ,
"description" : "VirusTotal report" ,
"meta-category" : "misc" ,
"name" : "virustotal-report" ,
"template_uuid" : "d7dd0154-e04f-4c34-a2fb-79f3a3a52aa4" ,
"template_version" : "2" ,
"timestamp" : "1532552055" ,
"uuid" : "30652bda-a360-426f-89ae-f6257c566381" ,
"Attribute" : [ ]
} ,
{
"comment" : "" ,
"deleted" : false ,
"description" : "File object describing a file with meta-information" ,
"meta-category" : "file" ,
"name" : "file" ,
"template_uuid" : "688c46fb-5edb-40a3-8273-1af7923e2215" ,
"template_version" : "11" ,
"timestamp" : "1532552061" ,
"uuid" : "c8a57b71-f1b8-491b-91df-f591fcd2c841" ,
"ObjectReference" : [
{
"comment" : "" ,
"object_uuid" : "c8a57b71-f1b8-491b-91df-f591fcd2c841" ,
"referenced_uuid" : "922c585b-1cba-463b-9a0b-6b995bf2c886" ,
"relationship_type" : "analysed-with" ,
"timestamp" : "1532552383" ,
"uuid" : "5b58e4bf-fd14-4d95-9e49-b5e402de0b81"
}
] ,
"Attribute" : [ ]
} ,
{
"comment" : "" ,
"deleted" : false ,
"description" : "VirusTotal report" ,
"meta-category" : "misc" ,
"name" : "virustotal-report" ,
"template_uuid" : "d7dd0154-e04f-4c34-a2fb-79f3a3a52aa4" ,
"template_version" : "2" ,
"timestamp" : "1532552061" ,
"uuid" : "922c585b-1cba-463b-9a0b-6b995bf2c886" ,
"Attribute" : [ ]
} ,
{
"comment" : "" ,
"deleted" : false ,
"description" : "File object describing a file with meta-information" ,
"meta-category" : "file" ,
"name" : "file" ,
"template_uuid" : "688c46fb-5edb-40a3-8273-1af7923e2215" ,
"template_version" : "11" ,
"timestamp" : "1532552066" ,
"uuid" : "4d4867f5-58bd-476d-bbb6-880d35895c1c" ,
"ObjectReference" : [
{
"comment" : "" ,
"object_uuid" : "4d4867f5-58bd-476d-bbb6-880d35895c1c" ,
"referenced_uuid" : "910ea1f7-d0cf-4776-8d22-d14dbb5b0d3c" ,
"relationship_type" : "analysed-with" ,
"timestamp" : "1532552383" ,
"uuid" : "5b58e4bf-9840-4969-a403-b5e402de0b81"
}
] ,
"Attribute" : [ ]
} ,
{
"comment" : "" ,
"deleted" : false ,
"description" : "VirusTotal report" ,
"meta-category" : "misc" ,
"name" : "virustotal-report" ,
"template_uuid" : "d7dd0154-e04f-4c34-a2fb-79f3a3a52aa4" ,
"template_version" : "2" ,
"timestamp" : "1532552066" ,
"uuid" : "910ea1f7-d0cf-4776-8d22-d14dbb5b0d3c" ,
"Attribute" : [ ]
} ,
{
"comment" : "" ,
"deleted" : false ,
"description" : "File object describing a file with meta-information" ,
"meta-category" : "file" ,
"name" : "file" ,
"template_uuid" : "688c46fb-5edb-40a3-8273-1af7923e2215" ,
"template_version" : "11" ,
"timestamp" : "1532552072" ,
"uuid" : "44037150-0f77-4e34-9b1b-f932434486ea" ,
"ObjectReference" : [
{
"comment" : "" ,
"object_uuid" : "44037150-0f77-4e34-9b1b-f932434486ea" ,
"referenced_uuid" : "1d1bbb27-8c0f-4c25-811b-e406e8056538" ,
"relationship_type" : "analysed-with" ,
"timestamp" : "1532552383" ,
"uuid" : "5b58e4bf-41bc-4c8a-af6f-b5e402de0b81"
}
] ,
"Attribute" : [ ]
} ,
{
"comment" : "" ,
"deleted" : false ,
"description" : "VirusTotal report" ,
"meta-category" : "misc" ,
"name" : "virustotal-report" ,
"template_uuid" : "d7dd0154-e04f-4c34-a2fb-79f3a3a52aa4" ,
"template_version" : "2" ,
"timestamp" : "1532552072" ,
"uuid" : "1d1bbb27-8c0f-4c25-811b-e406e8056538" ,
"Attribute" : [ ]
} ,
{
"comment" : "" ,
"deleted" : false ,
"description" : "File object describing a file with meta-information" ,
"meta-category" : "file" ,
"name" : "file" ,
"template_uuid" : "688c46fb-5edb-40a3-8273-1af7923e2215" ,
"template_version" : "11" ,
"timestamp" : "1532552077" ,
"uuid" : "1bfe243a-d171-4eb6-b5a8-6f750ae94dd5" ,
"ObjectReference" : [
{
"comment" : "" ,
"object_uuid" : "1bfe243a-d171-4eb6-b5a8-6f750ae94dd5" ,
"referenced_uuid" : "ca66551a-7048-493e-a8c4-23455d756628" ,
"relationship_type" : "analysed-with" ,
"timestamp" : "1532552383" ,
"uuid" : "5b58e4bf-aaa8-4da0-9b51-b5e402de0b81"
}
] ,
"Attribute" : [ ]
} ,
{
"comment" : "" ,
"deleted" : false ,
"description" : "VirusTotal report" ,
"meta-category" : "misc" ,
"name" : "virustotal-report" ,
"template_uuid" : "d7dd0154-e04f-4c34-a2fb-79f3a3a52aa4" ,
"template_version" : "2" ,
"timestamp" : "1532552077" ,
"uuid" : "ca66551a-7048-493e-a8c4-23455d756628" ,
"Attribute" : [ ]
} ,
{
"comment" : "" ,
"deleted" : false ,
"description" : "File object describing a file with meta-information" ,
"meta-category" : "file" ,
"name" : "file" ,
"template_uuid" : "688c46fb-5edb-40a3-8273-1af7923e2215" ,
"template_version" : "11" ,
"timestamp" : "1532552082" ,
"uuid" : "d5bf8c36-3135-4442-8fa6-c8f7b46462dd" ,
"ObjectReference" : [
{
"comment" : "" ,
"object_uuid" : "d5bf8c36-3135-4442-8fa6-c8f7b46462dd" ,
"referenced_uuid" : "675a3865-7c5e-42bc-abf6-1051b955ca9a" ,
"relationship_type" : "analysed-with" ,
"timestamp" : "1532552384" ,
"uuid" : "5b58e4c0-d734-4027-8e1d-b5e402de0b81"
}
] ,
"Attribute" : [ ]
} ,
{
"comment" : "" ,
"deleted" : false ,
"description" : "VirusTotal report" ,
"meta-category" : "misc" ,
"name" : "virustotal-report" ,
"template_uuid" : "d7dd0154-e04f-4c34-a2fb-79f3a3a52aa4" ,
"template_version" : "2" ,
"timestamp" : "1532552083" ,
"uuid" : "675a3865-7c5e-42bc-abf6-1051b955ca9a" ,
"Attribute" : [ ]
} ,
{
"comment" : "" ,
"deleted" : false ,
"description" : "File object describing a file with meta-information" ,
"meta-category" : "file" ,
"name" : "file" ,
"template_uuid" : "688c46fb-5edb-40a3-8273-1af7923e2215" ,
"template_version" : "11" ,
"timestamp" : "1532552088" ,
"uuid" : "4ca44390-aea3-4649-b947-87e3382d214e" ,
"ObjectReference" : [
{
"comment" : "" ,
"object_uuid" : "4ca44390-aea3-4649-b947-87e3382d214e" ,
"referenced_uuid" : "27f2127a-9dd0-4d0d-b321-fa1c3e5a3abc" ,
"relationship_type" : "analysed-with" ,
"timestamp" : "1532552384" ,
"uuid" : "5b58e4c0-ad94-4053-89ea-b5e402de0b81"
}
] ,
"Attribute" : [ ]
} ,
{
"comment" : "" ,
"deleted" : false ,
"description" : "VirusTotal report" ,
"meta-category" : "misc" ,
"name" : "virustotal-report" ,
"template_uuid" : "d7dd0154-e04f-4c34-a2fb-79f3a3a52aa4" ,
"template_version" : "2" ,
"timestamp" : "1532552089" ,
"uuid" : "27f2127a-9dd0-4d0d-b321-fa1c3e5a3abc" ,
"Attribute" : [ ]
} ,
{
"comment" : "" ,
"deleted" : false ,
"description" : "File object describing a file with meta-information" ,
"meta-category" : "file" ,
"name" : "file" ,
"template_uuid" : "688c46fb-5edb-40a3-8273-1af7923e2215" ,
"template_version" : "11" ,
"timestamp" : "1532552094" ,
"uuid" : "87c335c3-8aad-426d-9e25-50b8d69359bc" ,
"ObjectReference" : [
{
"comment" : "" ,
"object_uuid" : "87c335c3-8aad-426d-9e25-50b8d69359bc" ,
"referenced_uuid" : "fa4c3080-e422-4c59-9329-fd4ad1fabae0" ,
"relationship_type" : "analysed-with" ,
"timestamp" : "1532552384" ,
"uuid" : "5b58e4c0-a190-47b6-a05d-b5e402de0b81"
}
] ,
"Attribute" : [ ]
} ,
{
"comment" : "" ,
"deleted" : false ,
"description" : "VirusTotal report" ,
"meta-category" : "misc" ,
"name" : "virustotal-report" ,
"template_uuid" : "d7dd0154-e04f-4c34-a2fb-79f3a3a52aa4" ,
"template_version" : "2" ,
"timestamp" : "1532552094" ,
"uuid" : "fa4c3080-e422-4c59-9329-fd4ad1fabae0" ,
"Attribute" : [ ]
} ,
{
"comment" : "" ,
"deleted" : false ,
"description" : "File object describing a file with meta-information" ,
"meta-category" : "file" ,
"name" : "file" ,
"template_uuid" : "688c46fb-5edb-40a3-8273-1af7923e2215" ,
"template_version" : "11" ,
"timestamp" : "1532552100" ,
"uuid" : "1d29953f-0ac9-4077-ae2c-78f16d033b15" ,
"ObjectReference" : [
{
"comment" : "" ,
"object_uuid" : "1d29953f-0ac9-4077-ae2c-78f16d033b15" ,
"referenced_uuid" : "712090b0-f46c-4bd2-9c47-1546ec19f1f7" ,
"relationship_type" : "analysed-with" ,
"timestamp" : "1532552384" ,
"uuid" : "5b58e4c0-3940-4a1b-bac7-b5e402de0b81"
}
] ,
"Attribute" : [ ]
} ,
{
"comment" : "" ,
"deleted" : false ,
"description" : "VirusTotal report" ,
"meta-category" : "misc" ,
"name" : "virustotal-report" ,
"template_uuid" : "d7dd0154-e04f-4c34-a2fb-79f3a3a52aa4" ,
"template_version" : "2" ,
"timestamp" : "1532552100" ,
"uuid" : "712090b0-f46c-4bd2-9c47-1546ec19f1f7" ,
"Attribute" : [ ]
} ,
{
"comment" : "" ,
"deleted" : false ,
"description" : "File object describing a file with meta-information" ,
"meta-category" : "file" ,
"name" : "file" ,
"template_uuid" : "688c46fb-5edb-40a3-8273-1af7923e2215" ,
"template_version" : "11" ,
"timestamp" : "1532552106" ,
"uuid" : "efb30889-667b-4c76-b0ad-f26d45ab1aad" ,
"ObjectReference" : [
{
"comment" : "" ,
"object_uuid" : "efb30889-667b-4c76-b0ad-f26d45ab1aad" ,
"referenced_uuid" : "e1ce1e3e-6474-41ab-b48d-ec7fccfd8d1d" ,
"relationship_type" : "analysed-with" ,
"timestamp" : "1532552384" ,
"uuid" : "5b58e4c0-5788-4d71-a656-b5e402de0b81"
}
] ,
"Attribute" : [ ]
} ,
{
"comment" : "" ,
"deleted" : false ,
"description" : "VirusTotal report" ,
"meta-category" : "misc" ,
"name" : "virustotal-report" ,
"template_uuid" : "d7dd0154-e04f-4c34-a2fb-79f3a3a52aa4" ,
"template_version" : "2" ,
"timestamp" : "1532552106" ,
"uuid" : "e1ce1e3e-6474-41ab-b48d-ec7fccfd8d1d" ,
"Attribute" : [ ]
} ,
{
"comment" : "" ,
"deleted" : false ,
"description" : "File object describing a file with meta-information" ,
"meta-category" : "file" ,
"name" : "file" ,
"template_uuid" : "688c46fb-5edb-40a3-8273-1af7923e2215" ,
"template_version" : "11" ,
"timestamp" : "1532552111" ,
"uuid" : "0c937616-7955-4a82-ad51-7343884f4b4a" ,
"ObjectReference" : [
{
"comment" : "" ,
"object_uuid" : "0c937616-7955-4a82-ad51-7343884f4b4a" ,
"referenced_uuid" : "9a9a003c-ee07-4826-8ed5-801368161b7b" ,
"relationship_type" : "analysed-with" ,
"timestamp" : "1532552385" ,
"uuid" : "5b58e4c1-fe8c-4b2b-a4ec-b5e402de0b81"
}
] ,
"Attribute" : [ ]
} ,
{
"comment" : "" ,
"deleted" : false ,
"description" : "VirusTotal report" ,
"meta-category" : "misc" ,
"name" : "virustotal-report" ,
"template_uuid" : "d7dd0154-e04f-4c34-a2fb-79f3a3a52aa4" ,
"template_version" : "2" ,
"timestamp" : "1532552111" ,
"uuid" : "9a9a003c-ee07-4826-8ed5-801368161b7b" ,
"Attribute" : [ ]
} ,
{
"comment" : "" ,
"deleted" : false ,
"description" : "File object describing a file with meta-information" ,
"meta-category" : "file" ,
"name" : "file" ,
"template_uuid" : "688c46fb-5edb-40a3-8273-1af7923e2215" ,
"template_version" : "11" ,
"timestamp" : "1532552116" ,
"uuid" : "65f0ff96-312c-4873-846a-15494be2de1e" ,
"ObjectReference" : [
{
"comment" : "" ,
"object_uuid" : "65f0ff96-312c-4873-846a-15494be2de1e" ,
"referenced_uuid" : "880f0101-1add-48aa-b31c-a93caa161553" ,
"relationship_type" : "analysed-with" ,
"timestamp" : "1532552385" ,
"uuid" : "5b58e4c1-48ec-4553-a385-b5e402de0b81"
}
] ,
"Attribute" : [ ]
} ,
{
"comment" : "" ,
"deleted" : false ,
"description" : "VirusTotal report" ,
"meta-category" : "misc" ,
"name" : "virustotal-report" ,
"template_uuid" : "d7dd0154-e04f-4c34-a2fb-79f3a3a52aa4" ,
"template_version" : "2" ,
"timestamp" : "1532552117" ,
"uuid" : "880f0101-1add-48aa-b31c-a93caa161553" ,
"Attribute" : [ ]
} ,
{
"comment" : "" ,
"deleted" : false ,
"description" : "File object describing a file with meta-information" ,
"meta-category" : "file" ,
"name" : "file" ,
"template_uuid" : "688c46fb-5edb-40a3-8273-1af7923e2215" ,
"template_version" : "11" ,
"timestamp" : "1532552122" ,
"uuid" : "b97ff240-fb02-48ac-a995-cfe470d09cb0" ,
"ObjectReference" : [
{
"comment" : "" ,
"object_uuid" : "b97ff240-fb02-48ac-a995-cfe470d09cb0" ,
"referenced_uuid" : "122569c6-a777-4b6d-b825-92590b0b85c8" ,
"relationship_type" : "analysed-with" ,
"timestamp" : "1532552385" ,
"uuid" : "5b58e4c1-080c-4ea0-b9e0-b5e402de0b81"
}
] ,
"Attribute" : [ ]
} ,
{
"comment" : "" ,
"deleted" : false ,
"description" : "VirusTotal report" ,
"meta-category" : "misc" ,
"name" : "virustotal-report" ,
"template_uuid" : "d7dd0154-e04f-4c34-a2fb-79f3a3a52aa4" ,
"template_version" : "2" ,
"timestamp" : "1532552122" ,
"uuid" : "122569c6-a777-4b6d-b825-92590b0b85c8" ,
"Attribute" : [ ]
} ,
{
"comment" : "" ,
"deleted" : false ,
"description" : "File object describing a file with meta-information" ,
"meta-category" : "file" ,
"name" : "file" ,
"template_uuid" : "688c46fb-5edb-40a3-8273-1af7923e2215" ,
"template_version" : "11" ,
"timestamp" : "1532552127" ,
"uuid" : "1301207f-edce-4810-b7f6-00084264ce54" ,
"ObjectReference" : [
{
"comment" : "" ,
"object_uuid" : "1301207f-edce-4810-b7f6-00084264ce54" ,
"referenced_uuid" : "5048a4e7-752a-4639-93da-136abb92ce3b" ,
"relationship_type" : "analysed-with" ,
"timestamp" : "1532552386" ,
"uuid" : "5b58e4c2-23c4-4400-843c-b5e402de0b81"
}
] ,
"Attribute" : [ ]
} ,
{
"comment" : "" ,
"deleted" : false ,
"description" : "VirusTotal report" ,
"meta-category" : "misc" ,
"name" : "virustotal-report" ,
"template_uuid" : "d7dd0154-e04f-4c34-a2fb-79f3a3a52aa4" ,
"template_version" : "2" ,
"timestamp" : "1532552128" ,
"uuid" : "5048a4e7-752a-4639-93da-136abb92ce3b" ,
"Attribute" : [ ]
} ,
{
"comment" : "" ,
"deleted" : false ,
"description" : "File object describing a file with meta-information" ,
"meta-category" : "file" ,
"name" : "file" ,
"template_uuid" : "688c46fb-5edb-40a3-8273-1af7923e2215" ,
"template_version" : "11" ,
"timestamp" : "1532552133" ,
"uuid" : "6e967f61-6604-4932-bd83-7e54a2862b86" ,
"ObjectReference" : [
{
"comment" : "" ,
"object_uuid" : "6e967f61-6604-4932-bd83-7e54a2862b86" ,
"referenced_uuid" : "1f3ec55a-7cd1-41d6-ad73-ea62a64a6efd" ,
"relationship_type" : "analysed-with" ,
"timestamp" : "1532552387" ,
"uuid" : "5b58e4c3-30e0-456d-913f-b5e402de0b81"
}
] ,
"Attribute" : [ ]
} ,
{
"comment" : "" ,
"deleted" : false ,
"description" : "VirusTotal report" ,
"meta-category" : "misc" ,
"name" : "virustotal-report" ,
"template_uuid" : "d7dd0154-e04f-4c34-a2fb-79f3a3a52aa4" ,
"template_version" : "2" ,
"timestamp" : "1532552133" ,
"uuid" : "1f3ec55a-7cd1-41d6-ad73-ea62a64a6efd" ,
"Attribute" : [ ]
} ,
{
"comment" : "" ,
"deleted" : false ,
"description" : "File object describing a file with meta-information" ,
"meta-category" : "file" ,
"name" : "file" ,
"template_uuid" : "688c46fb-5edb-40a3-8273-1af7923e2215" ,
"template_version" : "11" ,
"timestamp" : "1532552140" ,
"uuid" : "81ee6e30-8a76-4f90-a300-c1cc5375b3f6" ,
"ObjectReference" : [
{
"comment" : "" ,
"object_uuid" : "81ee6e30-8a76-4f90-a300-c1cc5375b3f6" ,
"referenced_uuid" : "6751acd9-30f4-4045-ae06-746005d73a99" ,
"relationship_type" : "analysed-with" ,
"timestamp" : "1532552387" ,
"uuid" : "5b58e4c3-5b48-4749-8c7a-b5e402de0b81"
}
] ,
"Attribute" : [ ]
} ,
{
"comment" : "" ,
"deleted" : false ,
"description" : "VirusTotal report" ,
"meta-category" : "misc" ,
"name" : "virustotal-report" ,
"template_uuid" : "d7dd0154-e04f-4c34-a2fb-79f3a3a52aa4" ,
"template_version" : "2" ,
"timestamp" : "1532552140" ,
"uuid" : "6751acd9-30f4-4045-ae06-746005d73a99" ,
"Attribute" : [ ]
} ,
{
"comment" : "" ,
"deleted" : false ,
"description" : "File object describing a file with meta-information" ,
"meta-category" : "file" ,
"name" : "file" ,
"template_uuid" : "688c46fb-5edb-40a3-8273-1af7923e2215" ,
"template_version" : "11" ,
"timestamp" : "1532552145" ,
"uuid" : "3bd7d553-2d5d-44c9-83fb-bd5ff9ba553d" ,
"ObjectReference" : [
{
"comment" : "" ,
"object_uuid" : "3bd7d553-2d5d-44c9-83fb-bd5ff9ba553d" ,
"referenced_uuid" : "2a9bd36d-b91f-483d-8b2f-9a5dd2d56d4a" ,
"relationship_type" : "analysed-with" ,
"timestamp" : "1532552387" ,
"uuid" : "5b58e4c3-bcb8-4fb4-add9-b5e402de0b81"
}
] ,
"Attribute" : [ ]
} ,
{
"comment" : "" ,
"deleted" : false ,
"description" : "VirusTotal report" ,
"meta-category" : "misc" ,
"name" : "virustotal-report" ,
"template_uuid" : "d7dd0154-e04f-4c34-a2fb-79f3a3a52aa4" ,
"template_version" : "2" ,
"timestamp" : "1532552145" ,
"uuid" : "2a9bd36d-b91f-483d-8b2f-9a5dd2d56d4a" ,
"Attribute" : [ ]
} ,
{
"comment" : "" ,
"deleted" : false ,
"description" : "File object describing a file with meta-information" ,
"meta-category" : "file" ,
"name" : "file" ,
"template_uuid" : "688c46fb-5edb-40a3-8273-1af7923e2215" ,
"template_version" : "11" ,
"timestamp" : "1532552151" ,
"uuid" : "c3416779-cdc1-49f7-bb9b-55eb69abf547" ,
"ObjectReference" : [
{
"comment" : "" ,
"object_uuid" : "c3416779-cdc1-49f7-bb9b-55eb69abf547" ,
"referenced_uuid" : "d26d5a46-004a-4da7-a1db-6d34c0a84d65" ,
"relationship_type" : "analysed-with" ,
"timestamp" : "1532552388" ,
"uuid" : "5b58e4c4-d37c-4241-acf2-b5e402de0b81"
}
] ,
"Attribute" : [ ]
} ,
{
"comment" : "" ,
"deleted" : false ,
"description" : "VirusTotal report" ,
"meta-category" : "misc" ,
"name" : "virustotal-report" ,
"template_uuid" : "d7dd0154-e04f-4c34-a2fb-79f3a3a52aa4" ,
"template_version" : "2" ,
"timestamp" : "1532552151" ,
"uuid" : "d26d5a46-004a-4da7-a1db-6d34c0a84d65" ,
"Attribute" : [ ]
} ,
{
"comment" : "" ,
"deleted" : false ,
"description" : "File object describing a file with meta-information" ,
"meta-category" : "file" ,
"name" : "file" ,
"template_uuid" : "688c46fb-5edb-40a3-8273-1af7923e2215" ,
"template_version" : "11" ,
"timestamp" : "1532552156" ,
"uuid" : "341215a7-a4f6-4c73-91c6-bce2fb47563e" ,
"ObjectReference" : [
{
"comment" : "" ,
"object_uuid" : "341215a7-a4f6-4c73-91c6-bce2fb47563e" ,
"referenced_uuid" : "66670f5f-0a18-48fb-9fa8-8a0557dfe6d7" ,
"relationship_type" : "analysed-with" ,
"timestamp" : "1532552388" ,
"uuid" : "5b58e4c4-4010-47e9-9246-b5e402de0b81"
}
] ,
"Attribute" : [ ]
} ,
{
"comment" : "" ,
"deleted" : false ,
"description" : "VirusTotal report" ,
"meta-category" : "misc" ,
"name" : "virustotal-report" ,
"template_uuid" : "d7dd0154-e04f-4c34-a2fb-79f3a3a52aa4" ,
"template_version" : "2" ,
"timestamp" : "1532552157" ,
"uuid" : "66670f5f-0a18-48fb-9fa8-8a0557dfe6d7" ,
"Attribute" : [ ]
} ,
{
"comment" : "" ,
"deleted" : false ,
"description" : "File object describing a file with meta-information" ,
"meta-category" : "file" ,
"name" : "file" ,
"template_uuid" : "688c46fb-5edb-40a3-8273-1af7923e2215" ,
"template_version" : "11" ,
"timestamp" : "1532552163" ,
"uuid" : "d3986e5a-1831-4613-9ded-a8bd4117673c" ,
"ObjectReference" : [
{
"comment" : "" ,
"object_uuid" : "d3986e5a-1831-4613-9ded-a8bd4117673c" ,
"referenced_uuid" : "c92a8a8b-12ca-42df-9edb-08a5e3cfa48c" ,
"relationship_type" : "analysed-with" ,
"timestamp" : "1532552388" ,
"uuid" : "5b58e4c4-f54c-4439-8ef3-b5e402de0b81"
}
] ,
"Attribute" : [ ]
} ,
{
"comment" : "" ,
"deleted" : false ,
"description" : "VirusTotal report" ,
"meta-category" : "misc" ,
"name" : "virustotal-report" ,
"template_uuid" : "d7dd0154-e04f-4c34-a2fb-79f3a3a52aa4" ,
"template_version" : "2" ,
"timestamp" : "1532552163" ,
"uuid" : "c92a8a8b-12ca-42df-9edb-08a5e3cfa48c" ,
"Attribute" : [ ]
} ,
{
"comment" : "" ,
"deleted" : false ,
"description" : "File object describing a file with meta-information" ,
"meta-category" : "file" ,
"name" : "file" ,
"template_uuid" : "688c46fb-5edb-40a3-8273-1af7923e2215" ,
"template_version" : "11" ,
"timestamp" : "1532552168" ,
"uuid" : "8bf0ce4c-f54d-442b-a9e4-92a693e079a8" ,
"ObjectReference" : [
{
"comment" : "" ,
"object_uuid" : "8bf0ce4c-f54d-442b-a9e4-92a693e079a8" ,
"referenced_uuid" : "23845d4a-e174-4592-bafd-a4ea6e7bda43" ,
"relationship_type" : "analysed-with" ,
"timestamp" : "1532552388" ,
"uuid" : "5b58e4c4-4ae0-44bf-82bb-b5e402de0b81"
}
] ,
"Attribute" : [ ]
} ,
{
"comment" : "" ,
"deleted" : false ,
"description" : "VirusTotal report" ,
"meta-category" : "misc" ,
"name" : "virustotal-report" ,
"template_uuid" : "d7dd0154-e04f-4c34-a2fb-79f3a3a52aa4" ,
"template_version" : "2" ,
"timestamp" : "1532552168" ,
"uuid" : "23845d4a-e174-4592-bafd-a4ea6e7bda43" ,
"Attribute" : [ ]
} ,
{
"comment" : "" ,
"deleted" : false ,
"description" : "File object describing a file with meta-information" ,
"meta-category" : "file" ,
"name" : "file" ,
"template_uuid" : "688c46fb-5edb-40a3-8273-1af7923e2215" ,
"template_version" : "11" ,
"timestamp" : "1532552174" ,
"uuid" : "5bdc4683-2cc9-40c4-8a31-2b4d6b0f7688" ,
"ObjectReference" : [
{
"comment" : "" ,
"object_uuid" : "5bdc4683-2cc9-40c4-8a31-2b4d6b0f7688" ,
"referenced_uuid" : "6108bce3-e69a-4b39-82c3-39257a7cdb82" ,
"relationship_type" : "analysed-with" ,
"timestamp" : "1532552388" ,
"uuid" : "5b58e4c4-1014-47d3-af7c-b5e402de0b81"
}
] ,
"Attribute" : [ ]
} ,
{
"comment" : "" ,
"deleted" : false ,
"description" : "VirusTotal report" ,
"meta-category" : "misc" ,
"name" : "virustotal-report" ,
"template_uuid" : "d7dd0154-e04f-4c34-a2fb-79f3a3a52aa4" ,
"template_version" : "2" ,
"timestamp" : "1532552174" ,
"uuid" : "6108bce3-e69a-4b39-82c3-39257a7cdb82" ,
"Attribute" : [ ]
} ,
{
"comment" : "" ,
"deleted" : false ,
"description" : "File object describing a file with meta-information" ,
"meta-category" : "file" ,
"name" : "file" ,
"template_uuid" : "688c46fb-5edb-40a3-8273-1af7923e2215" ,
"template_version" : "11" ,
"timestamp" : "1532552179" ,
"uuid" : "948044e2-5ce6-422b-944b-539b9512caf1" ,
"ObjectReference" : [
{
"comment" : "" ,
"object_uuid" : "948044e2-5ce6-422b-944b-539b9512caf1" ,
"referenced_uuid" : "c854e3e3-b985-43bb-a4ce-691f06c5677d" ,
"relationship_type" : "analysed-with" ,
"timestamp" : "1532552389" ,
"uuid" : "5b58e4c5-1904-4091-bfff-b5e402de0b81"
}
] ,
"Attribute" : [ ]
} ,
{
"comment" : "" ,
"deleted" : false ,
"description" : "VirusTotal report" ,
"meta-category" : "misc" ,
"name" : "virustotal-report" ,
"template_uuid" : "d7dd0154-e04f-4c34-a2fb-79f3a3a52aa4" ,
"template_version" : "2" ,
"timestamp" : "1532552180" ,
"uuid" : "c854e3e3-b985-43bb-a4ce-691f06c5677d" ,
"Attribute" : [ ]
} ,
{
"comment" : "" ,
"deleted" : false ,
"description" : "File object describing a file with meta-information" ,
"meta-category" : "file" ,
"name" : "file" ,
"template_uuid" : "688c46fb-5edb-40a3-8273-1af7923e2215" ,
"template_version" : "11" ,
"timestamp" : "1532552185" ,
"uuid" : "1c646e8e-6ee8-4c11-8199-aa1060dc6b9e" ,
"ObjectReference" : [
{
"comment" : "" ,
"object_uuid" : "1c646e8e-6ee8-4c11-8199-aa1060dc6b9e" ,
"referenced_uuid" : "db181660-68fa-4e97-bf75-86295ba46f1d" ,
"relationship_type" : "analysed-with" ,
"timestamp" : "1532552389" ,
"uuid" : "5b58e4c5-5be8-42d6-8740-b5e402de0b81"
}
] ,
"Attribute" : [ ]
} ,
{
"comment" : "" ,
"deleted" : false ,
"description" : "VirusTotal report" ,
"meta-category" : "misc" ,
"name" : "virustotal-report" ,
"template_uuid" : "d7dd0154-e04f-4c34-a2fb-79f3a3a52aa4" ,
"template_version" : "2" ,
"timestamp" : "1532552185" ,
"uuid" : "db181660-68fa-4e97-bf75-86295ba46f1d" ,
"Attribute" : [ ]
} ,
{
"comment" : "" ,
"deleted" : false ,
"description" : "File object describing a file with meta-information" ,
"meta-category" : "file" ,
"name" : "file" ,
"template_uuid" : "688c46fb-5edb-40a3-8273-1af7923e2215" ,
"template_version" : "11" ,
"timestamp" : "1532552191" ,
"uuid" : "af26c4fe-952f-482e-b1c7-64e8ec4587dd" ,
"ObjectReference" : [
{
"comment" : "" ,
"object_uuid" : "af26c4fe-952f-482e-b1c7-64e8ec4587dd" ,
"referenced_uuid" : "3cc8e8c8-8a37-43dc-ad1b-a3fe8178a358" ,
"relationship_type" : "analysed-with" ,
"timestamp" : "1532552389" ,
"uuid" : "5b58e4c5-e390-4731-aca7-b5e402de0b81"
}
] ,
"Attribute" : [ ]
} ,
{
"comment" : "" ,
"deleted" : false ,
"description" : "VirusTotal report" ,
"meta-category" : "misc" ,
"name" : "virustotal-report" ,
"template_uuid" : "d7dd0154-e04f-4c34-a2fb-79f3a3a52aa4" ,
"template_version" : "2" ,
"timestamp" : "1532552191" ,
"uuid" : "3cc8e8c8-8a37-43dc-ad1b-a3fe8178a358" ,
"Attribute" : [ ]
} ,
{
"comment" : "" ,
"deleted" : false ,
"description" : "File object describing a file with meta-information" ,
"meta-category" : "file" ,
"name" : "file" ,
"template_uuid" : "688c46fb-5edb-40a3-8273-1af7923e2215" ,
"template_version" : "11" ,
"timestamp" : "1532552196" ,
"uuid" : "cb8c1f90-8fa5-40a3-9fa3-dc1415a2be70" ,
"ObjectReference" : [
{
"comment" : "" ,
"object_uuid" : "cb8c1f90-8fa5-40a3-9fa3-dc1415a2be70" ,
"referenced_uuid" : "37d37c7c-c665-4cc0-b7d2-75a5bae96999" ,
"relationship_type" : "analysed-with" ,
"timestamp" : "1532552389" ,
"uuid" : "5b58e4c5-ebf0-44e4-92d6-b5e402de0b81"
}
] ,
"Attribute" : [ ]
} ,
{
"comment" : "" ,
"deleted" : false ,
"description" : "VirusTotal report" ,
"meta-category" : "misc" ,
"name" : "virustotal-report" ,
"template_uuid" : "d7dd0154-e04f-4c34-a2fb-79f3a3a52aa4" ,
"template_version" : "2" ,
"timestamp" : "1532552196" ,
"uuid" : "37d37c7c-c665-4cc0-b7d2-75a5bae96999" ,
"Attribute" : [ ]
} ,
{
"comment" : "" ,
"deleted" : false ,
"description" : "File object describing a file with meta-information" ,
"meta-category" : "file" ,
"name" : "file" ,
"template_uuid" : "688c46fb-5edb-40a3-8273-1af7923e2215" ,
"template_version" : "11" ,
"timestamp" : "1532552201" ,
"uuid" : "2809ae6d-0f07-46c0-a476-dfeec3076b23" ,
"ObjectReference" : [
{
"comment" : "" ,
"object_uuid" : "2809ae6d-0f07-46c0-a476-dfeec3076b23" ,
"referenced_uuid" : "b1df06cf-64e3-4cf9-b7d0-7b7107d06abf" ,
"relationship_type" : "analysed-with" ,
"timestamp" : "1532552390" ,
"uuid" : "5b58e4c6-a8a4-4028-ae95-b5e402de0b81"
}
] ,
"Attribute" : [ ]
} ,
{
"comment" : "" ,
"deleted" : false ,
"description" : "VirusTotal report" ,
"meta-category" : "misc" ,
"name" : "virustotal-report" ,
"template_uuid" : "d7dd0154-e04f-4c34-a2fb-79f3a3a52aa4" ,
"template_version" : "2" ,
"timestamp" : "1532552202" ,
"uuid" : "b1df06cf-64e3-4cf9-b7d0-7b7107d06abf" ,
"Attribute" : [ ]
} ,
{
"comment" : "" ,
"deleted" : false ,
"description" : "File object describing a file with meta-information" ,
"meta-category" : "file" ,
"name" : "file" ,
"template_uuid" : "688c46fb-5edb-40a3-8273-1af7923e2215" ,
"template_version" : "11" ,
"timestamp" : "1532552207" ,
"uuid" : "fd9e918c-a015-42aa-8c06-18d603937354" ,
"ObjectReference" : [
{
"comment" : "" ,
"object_uuid" : "fd9e918c-a015-42aa-8c06-18d603937354" ,
"referenced_uuid" : "ca56de15-15e7-4dea-b035-1d253f952c52" ,
"relationship_type" : "analysed-with" ,
"timestamp" : "1532552390" ,
"uuid" : "5b58e4c6-3ca4-4951-8192-b5e402de0b81"
}
] ,
"Attribute" : [ ]
} ,
{
"comment" : "" ,
"deleted" : false ,
"description" : "VirusTotal report" ,
"meta-category" : "misc" ,
"name" : "virustotal-report" ,
"template_uuid" : "d7dd0154-e04f-4c34-a2fb-79f3a3a52aa4" ,
"template_version" : "2" ,
"timestamp" : "1532552207" ,
"uuid" : "ca56de15-15e7-4dea-b035-1d253f952c52" ,
"Attribute" : [ ]
} ,
{
"comment" : "" ,
"deleted" : false ,
"description" : "File object describing a file with meta-information" ,
"meta-category" : "file" ,
"name" : "file" ,
"template_uuid" : "688c46fb-5edb-40a3-8273-1af7923e2215" ,
"template_version" : "11" ,
"timestamp" : "1532552213" ,
"uuid" : "2ab6ee33-dce7-4fe2-8fc1-9a352a6b58c7" ,
"ObjectReference" : [
{
"comment" : "" ,
"object_uuid" : "2ab6ee33-dce7-4fe2-8fc1-9a352a6b58c7" ,
"referenced_uuid" : "d3dbfdd6-7eae-4dae-953b-6d8d56c6a82d" ,
"relationship_type" : "analysed-with" ,
"timestamp" : "1532552390" ,
"uuid" : "5b58e4c6-d21c-4163-8341-b5e402de0b81"
}
] ,
"Attribute" : [ ]
} ,
{
"comment" : "" ,
"deleted" : false ,
"description" : "VirusTotal report" ,
"meta-category" : "misc" ,
"name" : "virustotal-report" ,
"template_uuid" : "d7dd0154-e04f-4c34-a2fb-79f3a3a52aa4" ,
"template_version" : "2" ,
"timestamp" : "1532552213" ,
"uuid" : "d3dbfdd6-7eae-4dae-953b-6d8d56c6a82d" ,
"Attribute" : [ ]
} ,
{
"comment" : "" ,
"deleted" : false ,
"description" : "File object describing a file with meta-information" ,
"meta-category" : "file" ,
"name" : "file" ,
"template_uuid" : "688c46fb-5edb-40a3-8273-1af7923e2215" ,
"template_version" : "11" ,
"timestamp" : "1532552218" ,
"uuid" : "5e34ef7e-4080-4342-a2ed-a45eaa252537" ,
"ObjectReference" : [
{
"comment" : "" ,
"object_uuid" : "5e34ef7e-4080-4342-a2ed-a45eaa252537" ,
"referenced_uuid" : "e409b3d9-42dc-4f10-8b9a-ee88f8b8ad3f" ,
"relationship_type" : "analysed-with" ,
"timestamp" : "1532552390" ,
"uuid" : "5b58e4c6-d718-4298-8102-b5e402de0b81"
}
] ,
"Attribute" : [ ]
} ,
{
"comment" : "" ,
"deleted" : false ,
"description" : "VirusTotal report" ,
"meta-category" : "misc" ,
"name" : "virustotal-report" ,
"template_uuid" : "d7dd0154-e04f-4c34-a2fb-79f3a3a52aa4" ,
"template_version" : "2" ,
"timestamp" : "1532552373" ,
"uuid" : "e409b3d9-42dc-4f10-8b9a-ee88f8b8ad3f" ,
"Attribute" : [ ]
} ,
{
"comment" : "" ,
"deleted" : false ,
"description" : "File object describing a file with meta-information" ,
"meta-category" : "file" ,
"name" : "file" ,
"template_uuid" : "688c46fb-5edb-40a3-8273-1af7923e2215" ,
"template_version" : "11" ,
"timestamp" : "1532552379" ,
"uuid" : "c3d921b7-e61e-4056-aa56-8d697f5768b8" ,
"ObjectReference" : [
{
"comment" : "" ,
"object_uuid" : "c3d921b7-e61e-4056-aa56-8d697f5768b8" ,
"referenced_uuid" : "464d3928-33d4-43f4-9685-3fdc23ba76a3" ,
"relationship_type" : "analysed-with" ,
"timestamp" : "1532552390" ,
"uuid" : "5b58e4c7-ac7c-4edc-b35e-b5e402de0b81"
}
] ,
"Attribute" : [ ]
} ,
{
"comment" : "" ,
"deleted" : false ,
"description" : "VirusTotal report" ,
"meta-category" : "misc" ,
"name" : "virustotal-report" ,
"template_uuid" : "d7dd0154-e04f-4c34-a2fb-79f3a3a52aa4" ,
"template_version" : "2" ,
"timestamp" : "1532552379" ,
"uuid" : "464d3928-33d4-43f4-9685-3fdc23ba76a3" ,
"Attribute" : [ ]
}
]
}
}