2023-04-21 13:25:09 +00:00
{
"Event" : {
"analysis" : "2" ,
"date" : "2018-08-03" ,
"extends_uuid" : "" ,
"info" : "OSINT - Attacks on industrial enterprises using RMS and TeamViewer" ,
"publish_timestamp" : "1533281224" ,
"published" : true ,
"threat_level_id" : "2" ,
"timestamp" : "1533279935" ,
"uuid" : "5b63f5e4-bf24-4f46-8340-48fc02de0b81" ,
"Orgc" : {
"name" : "CIRCL" ,
"uuid" : "55f6ea5e-2c60-40e5-964f-47a8950d210f"
} ,
"Tag" : [
{
"colour" : "#0088cc" ,
2023-05-19 09:05:37 +00:00
"local" : "0" ,
"name" : "misp-galaxy:rat=\"Babylon\"" ,
"relationship_type" : ""
2023-04-21 13:25:09 +00:00
} ,
{
"colour" : "#0088cc" ,
2023-05-19 09:05:37 +00:00
"local" : "0" ,
"name" : "misp-galaxy:botnet=\"BetaBot\"" ,
"relationship_type" : ""
2023-04-21 13:25:09 +00:00
} ,
{
"colour" : "#0088cc" ,
2023-05-19 09:05:37 +00:00
"local" : "0" ,
"name" : "misp-galaxy:stealer=\"AZORult\"" ,
"relationship_type" : ""
2023-04-21 13:25:09 +00:00
} ,
{
"colour" : "#0088cc" ,
2023-05-19 09:05:37 +00:00
"local" : "0" ,
"name" : "misp-galaxy:sector=\"Manufacturing\"" ,
"relationship_type" : ""
2023-04-21 13:25:09 +00:00
} ,
{
"colour" : "#0088cc" ,
2023-05-19 09:05:37 +00:00
"local" : "0" ,
"name" : "misp-galaxy:sector=\"Oil\"" ,
"relationship_type" : ""
2023-04-21 13:25:09 +00:00
} ,
{
"colour" : "#0088cc" ,
2023-05-19 09:05:37 +00:00
"local" : "0" ,
"name" : "misp-galaxy:sector=\"Energy\"" ,
"relationship_type" : ""
2023-04-21 13:25:09 +00:00
} ,
{
"colour" : "#0088cc" ,
2023-05-19 09:05:37 +00:00
"local" : "0" ,
"name" : "misp-galaxy:sector=\"Mining\"" ,
"relationship_type" : ""
2023-04-21 13:25:09 +00:00
} ,
{
"colour" : "#0088cc" ,
2023-05-19 09:05:37 +00:00
"local" : "0" ,
"name" : "misp-galaxy:sector=\"Construction\"" ,
"relationship_type" : ""
2023-04-21 13:25:09 +00:00
} ,
{
"colour" : "#0088cc" ,
2023-05-19 09:05:37 +00:00
"local" : "0" ,
"name" : "misp-galaxy:sector=\"Logistic\"" ,
"relationship_type" : ""
2023-04-21 13:25:09 +00:00
} ,
{
"colour" : "#ffffff" ,
2023-05-19 09:05:37 +00:00
"local" : "0" ,
"name" : "tlp:white" ,
"relationship_type" : ""
2023-04-21 13:25:09 +00:00
} ,
{
"colour" : "#00223b" ,
2023-05-19 09:05:37 +00:00
"local" : "0" ,
"name" : "osint:source-type=\"blog-post\"" ,
"relationship_type" : ""
2023-04-21 13:25:09 +00:00
} ,
{
"colour" : "#0026eb" ,
2023-05-19 09:05:37 +00:00
"local" : "0" ,
"name" : "estimative-language:confidence-in-analytic-judgment=\"moderate\"" ,
"relationship_type" : ""
2023-04-21 13:25:09 +00:00
}
] ,
"Attribute" : [
{
"category" : "External analysis" ,
"comment" : "" ,
"deleted" : false ,
"disable_correlation" : false ,
"timestamp" : "1533277679" ,
"to_ids" : false ,
"type" : "link" ,
"uuid" : "5b63f5ef-b2ac-46ba-a801-44ce02de0b81" ,
"value" : "https://securelist.com/attacks-on-industrial-enterprises-using-rms-and-teamviewer/87104/"
} ,
{
"category" : "External analysis" ,
"comment" : "" ,
"deleted" : false ,
"disable_correlation" : false ,
"timestamp" : "1533277704" ,
"to_ids" : false ,
"type" : "text" ,
"uuid" : "5b63f608-97e4-4125-9e7b-457d02de0b81" ,
"value" : "Kaspersky Lab ICS CERT has identified a new wave of phishing emails with malicious attachments targeting primarily companies and organizations that are, in one way or another, associated with industrial production.\r\n\r\nThe phishing emails are disguised as legitimate commercial offers and are sent mainly to industrial companies located in Russia. The content of each email reflects the activity of the organization under attack and the type of work performed by the employee to whom the email is sent.\r\n\r\nAccording to the data that we have collected, this series of attacks started in November 2017 and is currently in progress. Notably, the first similar attacks were recorded as far back as 2015.\r\n\r\nThe malware used in these attacks installs legitimate remote administration software \u00e2\u20ac\u201c TeamViewer or Remote Manipulator System/Remote Utilities (RMS). This enables the attackers to gain remote control of infected systems. The threat actor uses various techniques to mask the infection and the activity of malware installed in the system.\r\n\r\nAccording to the data available, the attackers\u00e2\u20ac\u2122 main goal is to steal money from victim organizations\u00e2\u20ac\u2122 accounts. When attackers connect to a victim\u00e2\u20ac\u2122s computer, they search for and analyze purchase documents, as well as the financial and accounting software used. After that, the attackers look for various ways in which they can commit financial fraud, such as spoofing the bank details used to make payments.\r\n\r\nIn cases where the cybercriminals need additional data or capabilities after infecting a system, such as privilege escalation and obtaining local administrator privileges, the theft of user authentication data for financial software and services, or Windows accounts for lateral movement, the attackers download an additional pack of malware to the system, which is specifically tailored to the attack on each individual victim. The malware pack can include spyware, additional remote administration utilities that extend the attackers\u00e2\u20ac\u2122 control on infected systems, malware for exploiting operating system and application software vulnerabilities, as well as the Mimikatz utility, which provides the attackers with Windows account data.\r\n\r\nApparently, among other methods, the attackers obtain the information they need to perpetrate their criminal activity by analyzing the correspondence of employees at the enterprises attacked. They may also use the information found in these emails to prepare new attacks \u00e2\u20ac\u201c against companies that partner with the current victim.\r\n\r\nClearly, on top of the financial losses, these attacks result in leaks of the victim organizations\u00e2\u20ac\u2122 sensitive data."
} ,
{
"category" : "Antivirus detection" ,
"comment" : "" ,
"deleted" : false ,
"disable_correlation" : false ,
"timestamp" : "1533278405" ,
"to_ids" : false ,
"type" : "text" ,
"uuid" : "5b63f8c5-a258-4e3e-a5d7-46d602de0b81" ,
"value" : "Trojan.BAT.Starter"
} ,
{
"category" : "Antivirus detection" ,
"comment" : "" ,
"deleted" : false ,
"disable_correlation" : false ,
"timestamp" : "1533278405" ,
"to_ids" : false ,
"type" : "text" ,
"uuid" : "5b63f8c5-6240-4b67-a5d9-4b2d02de0b81" ,
"value" : "Trojan.Win32.Dllhijack"
} ,
{
"category" : "Antivirus detection" ,
"comment" : "" ,
"deleted" : false ,
"disable_correlation" : false ,
"timestamp" : "1533278405" ,
"to_ids" : false ,
"type" : "text" ,
"uuid" : "5b63f8c5-322c-4d68-9493-44ce02de0b81" ,
"value" : "Trojan.Win32.Waldek"
} ,
{
"category" : "Antivirus detection" ,
"comment" : "" ,
"deleted" : false ,
"disable_correlation" : false ,
"timestamp" : "1533278405" ,
"to_ids" : false ,
"type" : "text" ,
"uuid" : "5b63f8c5-be84-4d86-9781-45ef02de0b81" ,
"value" : "Backdoor.Win32.RA-based"
} ,
{
"category" : "Antivirus detection" ,
"comment" : "" ,
"deleted" : false ,
"disable_correlation" : false ,
"timestamp" : "1533278405" ,
"to_ids" : false ,
"type" : "text" ,
"uuid" : "5b63f8c5-818c-4271-a487-4e7b02de0b81" ,
"value" : "Backdoor.Win32.Agent"
} ,
{
"category" : "Artifacts dropped" ,
"comment" : "" ,
"deleted" : false ,
"disable_correlation" : false ,
"timestamp" : "1533278951" ,
"to_ids" : true ,
"type" : "yara" ,
"uuid" : "5b63fae7-0148-448a-bb4c-44f002de0b81" ,
"value" : "rule TeamViewer_msimg32_dllhijack {\r\nmeta:\r\ndescription = \"msimg32.dll malicious file used in TeamViewer\"\r\nhash = \"16b4ebfdf74db8f730f2fb4d03e86d27\"\r\nhash = \"8c4e9016b9b4db809dd312f971a275b\r\n1\"\r\nversion = \"1.1\" \r\nstrings:\r\n$a1=\"msimg32.dll\" fullword\r\ncondition:\r\nuint16(0) == 0x5A4D\r\nand any of ($a*)\r\nand pe.exports(\"SvcMain\")\r\nand pe.number_of_exports >6\r\nand filesize > 50000 \r\nand filesize < 200000 \r\n}"
} ,
{
"category" : "Artifacts dropped" ,
"comment" : "" ,
"deleted" : false ,
"disable_correlation" : false ,
"timestamp" : "1533278994" ,
"to_ids" : true ,
"type" : "yara" ,
"uuid" : "5b63fb12-b55c-4d94-b9dd-4dc202de0b81" ,
"value" : "import \"pe\"\r\n\r\nrule RMS_winspooldrv_dllhijack {\r\nmeta:\r\ndescription = \"winspool.drv malicious file used in RMS RAT\"\r\nhash = \"5a6efa2921d3174bb9808fa3a3400d13\" \r\nhash\r\n= \"bb188e1e92e2be8a1ff009fe22f58f7f\" \r\nversion = \"1.1\" \r\nstrings:\r\n$a1= \"Password.rcfg\" fullword\r\n$a2 = \"Password.rcfg\" wide fullword\r\n$b1= \"winspool.drv\" fullword\r\n$b2= \"killrms\" wide fullword\r\ncondition:\r\nuint16(0) == 0x5A4D\r\nand\r\nany of ($a*)\r\nand all of ($b*)\r\nand filesize < 100000 \r\n}"
} ,
{
"category" : "Network activity" ,
"comment" : "Email addresses to which the malware sends messages" ,
"deleted" : false ,
"disable_correlation" : false ,
"timestamp" : "1533279128" ,
"to_ids" : true ,
"type" : "email-dst" ,
"uuid" : "5b63fb98-a0c0-42dd-910a-4ad602de0b81" ,
"value" : "barinovbb2018@yandex.ru"
} ,
{
"category" : "Network activity" ,
"comment" : "Email addresses to which the malware sends messages" ,
"deleted" : false ,
"disable_correlation" : false ,
"timestamp" : "1533279128" ,
"to_ids" : true ,
"type" : "email-dst" ,
"uuid" : "5b63fb98-79a8-4232-9aed-470502de0b81" ,
"value" : "drozd04m@gmail.com"
} ,
{
"category" : "Network activity" ,
"comment" : "Email addresses to which the malware sends messages" ,
"deleted" : false ,
"disable_correlation" : false ,
"timestamp" : "1533279128" ,
"to_ids" : true ,
"type" : "email-dst" ,
"uuid" : "5b63fb98-42f0-4c8a-956b-40f002de0b81" ,
"value" : "barinovbb@yandex.ru"
} ,
{
"category" : "Network activity" ,
"comment" : "Email addresses to which the malware sends messages" ,
"deleted" : false ,
"disable_correlation" : false ,
"timestamp" : "1533279128" ,
"to_ids" : true ,
"type" : "email-dst" ,
"uuid" : "5b63fb98-23a8-48b4-b711-4e2802de0b81" ,
"value" : "barinovbb101@yandex.ru"
} ,
{
"category" : "Network activity" ,
"comment" : "The web resources listed below are not associated with any real - world organizations; the attackers chose some of the domain names to disguise their resources as the resources of well - known companies" ,
"deleted" : false ,
"disable_correlation" : false ,
"timestamp" : "1533279231" ,
"to_ids" : true ,
"type" : "domain" ,
"uuid" : "5b63fbff-76c4-4c00-a466-433802de0b81" ,
"value" : "rosatomgov.ru"
} ,
{
"category" : "Network activity" ,
"comment" : "The web resources listed below are not associated with any real - world organizations; the attackers chose some of the domain names to disguise their resources as the resources of well - known companies" ,
"deleted" : false ,
"disable_correlation" : false ,
"timestamp" : "1533279231" ,
"to_ids" : true ,
"type" : "ip-dst" ,
"uuid" : "5b63fbff-7078-4f05-a045-4d9502de0b81" ,
"value" : "81.177.141.15"
} ,
{
"category" : "Network activity" ,
"comment" : "The web resources listed below are not associated with any real - world organizations; the attackers chose some of the domain names to disguise their resources as the resources of well - known companies" ,
"deleted" : false ,
"disable_correlation" : false ,
"timestamp" : "1533279232" ,
"to_ids" : true ,
"type" : "domain" ,
"uuid" : "5b63fc00-24f0-4eaa-a4ea-451f02de0b81" ,
"value" : "micorsoft.info"
} ,
{
"category" : "Network activity" ,
"comment" : "The web resources listed below are not associated with any real - world organizations; the attackers chose some of the domain names to disguise their resources as the resources of well - known companies" ,
"deleted" : false ,
"disable_correlation" : false ,
"timestamp" : "1533279232" ,
"to_ids" : true ,
"type" : "ip-dst" ,
"uuid" : "5b63fc00-d590-4678-8fbb-4b0d02de0b81" ,
"value" : "208.91.198.93"
} ,
{
"category" : "Network activity" ,
"comment" : "The web resources listed below are not associated with any real - world organizations; the attackers chose some of the domain names to disguise their resources as the resources of well - known companies" ,
"deleted" : false ,
"disable_correlation" : false ,
"timestamp" : "1533279233" ,
"to_ids" : true ,
"type" : "domain" ,
"uuid" : "5b63fc01-0e4c-459d-9aa5-4b2802de0b81" ,
"value" : "buhuchetooo.ru"
} ,
{
"category" : "Network activity" ,
"comment" : "The web resources listed below are not associated with any real - world organizations; the attackers chose some of the domain names to disguise their resources as the resources of well - known companies" ,
"deleted" : false ,
"disable_correlation" : false ,
"timestamp" : "1533279233" ,
"to_ids" : true ,
"type" : "ip-dst" ,
"uuid" : "5b63fc01-36c8-42e1-b9bb-4f1d02de0b81" ,
"value" : "185.51.247.125"
} ,
{
"category" : "Network activity" ,
"comment" : "The web resources listed below are not associated with any real - world organizations; the attackers chose some of the domain names to disguise their resources as the resources of well - known companies" ,
"deleted" : false ,
"disable_correlation" : false ,
"timestamp" : "1533279234" ,
"to_ids" : true ,
"type" : "hostname" ,
"uuid" : "5b63fc02-c7c4-4406-acbd-424302de0b81" ,
"value" : "barinovbb.had.su"
} ,
{
"category" : "Network activity" ,
"comment" : "The web resources listed below are not associated with any real - world organizations; the attackers chose some of the domain names to disguise their resources as the resources of well - known companies" ,
"deleted" : false ,
"disable_correlation" : false ,
"timestamp" : "1533279234" ,
"to_ids" : true ,
"type" : "ip-dst" ,
"uuid" : "5b63fc02-3994-454f-91a3-471e02de0b81" ,
"value" : "185.51.247.169"
} ,
{
"category" : "Network activity" ,
"comment" : "The web resources listed below are not associated with any real - world organizations; the attackers chose some of the domain names to disguise their resources as the resources of well - known companies" ,
"deleted" : false ,
"disable_correlation" : false ,
"timestamp" : "1533279235" ,
"to_ids" : true ,
"type" : "hostname" ,
"uuid" : "5b63fc03-d9a4-487e-9f6a-434102de0b81" ,
"value" : "barinoh9.beget.tech"
} ,
{
"category" : "Network activity" ,
"comment" : "The web resources listed below are not associated with any real - world organizations; the attackers chose some of the domain names to disguise their resources as the resources of well - known companies" ,
"deleted" : false ,
"disable_correlation" : false ,
"timestamp" : "1533279235" ,
"to_ids" : true ,
"type" : "ip-dst" ,
"uuid" : "5b63fc03-23fc-4d52-ad37-4c3c02de0b81" ,
"value" : "87.236.19.244"
} ,
{
"category" : "Network activity" ,
"comment" : "The web resources listed below are not associated with any real - world organizations; the attackers chose some of the domain names to disguise their resources as the resources of well - known companies" ,
"deleted" : false ,
"disable_correlation" : false ,
"timestamp" : "1533279236" ,
"to_ids" : true ,
"type" : "domain" ,
"uuid" : "5b63fc04-be90-4410-b7a9-4d2302de0b81" ,
"value" : "papaninili.temp.swtest.ru"
} ,
{
"category" : "Network activity" ,
"comment" : "The web resources listed below are not associated with any real - world organizations; the attackers chose some of the domain names to disguise their resources as the resources of well - known companies" ,
"deleted" : false ,
"disable_correlation" : false ,
"timestamp" : "1533279236" ,
"to_ids" : true ,
"type" : "ip-dst" ,
"uuid" : "5b63fc04-ed58-450f-b839-41da02de0b81" ,
"value" : "77.222.57.247"
} ,
{
"category" : "Network activity" ,
"comment" : "The web resources listed below are not associated with any real - world organizations; the attackers chose some of the domain names to disguise their resources as the resources of well - known companies" ,
"deleted" : false ,
"disable_correlation" : false ,
"timestamp" : "1533279236" ,
"to_ids" : true ,
"type" : "hostname" ,
"uuid" : "5b63fc04-6064-4772-a747-462602de0b81" ,
"value" : "mts2015stm.myjino.ru"
} ,
{
"category" : "Network activity" ,
"comment" : "The web resources listed below are not associated with any real - world organizations; the attackers chose some of the domain names to disguise their resources as the resources of well - known companies" ,
"deleted" : false ,
"disable_correlation" : false ,
"timestamp" : "1533279237" ,
"to_ids" : true ,
"type" : "ip-dst" ,
"uuid" : "5b63fc05-d124-4f85-b57d-42eb02de0b81" ,
"value" : "81.177.135.151"
} ,
{
"category" : "Network activity" ,
"comment" : "The web resources listed below are not associated with any real - world organizations; the attackers chose some of the domain names to disguise their resources as the resources of well - known companies" ,
"deleted" : false ,
"disable_correlation" : false ,
"timestamp" : "1533279237" ,
"to_ids" : true ,
"type" : "domain" ,
"uuid" : "5b63fc05-ed94-4549-adbc-45d502de0b81" ,
"value" : "document-buh.com"
} ,
{
"category" : "Network activity" ,
"comment" : "The web resources listed below are not associated with any real - world organizations; the attackers chose some of the domain names to disguise their resources as the resources of well - known companies" ,
"deleted" : false ,
"disable_correlation" : false ,
"timestamp" : "1533279238" ,
"to_ids" : true ,
"type" : "ip-dst" ,
"uuid" : "5b63fc06-97d0-4776-947b-435202de0b81" ,
"value" : "191.101.245.101"
} ,
{
"category" : "Payload delivery" ,
"comment" : "AzoRult" ,
"deleted" : false ,
"disable_correlation" : false ,
"timestamp" : "1533279383" ,
"to_ids" : true ,
"type" : "md5" ,
"uuid" : "5b63fc97-9664-44ad-b08f-449d02de0b81" ,
"value" : "3463d4a1dea003b9904674f21904f04b"
} ,
{
"category" : "Payload delivery" ,
"comment" : "BabylonRAT" ,
"deleted" : false ,
"disable_correlation" : false ,
"timestamp" : "1533279383" ,
"to_ids" : true ,
"type" : "md5" ,
"uuid" : "5b63fc97-0a8c-495d-bacc-484d02de0b81" ,
"value" : "075ff2fb2e33a319e56a8955fade154e"
} ,
{
"category" : "Payload delivery" ,
"comment" : "BabylonRAT" ,
"deleted" : false ,
"disable_correlation" : false ,
"timestamp" : "1533279384" ,
"to_ids" : true ,
"type" : "md5" ,
"uuid" : "5b63fc98-824c-429d-acd0-463902de0b81" ,
"value" : "aa6797ec4d23a39f91ddd222a31ddd1e"
} ,
{
"category" : "Payload delivery" ,
"comment" : "Betabot" ,
"deleted" : false ,
"disable_correlation" : false ,
"timestamp" : "1533279384" ,
"to_ids" : true ,
"type" : "md5" ,
"uuid" : "5b63fc98-1bb4-4b68-9353-4cd302de0b81" ,
"value" : "ba9747658aa8263b446bc29b99c0071f"
} ,
{
"category" : "Payload delivery" ,
"comment" : "AzoRult" ,
"deleted" : false ,
"disable_correlation" : false ,
"timestamp" : "1533279385" ,
"to_ids" : true ,
"type" : "md5" ,
"uuid" : "5b63fc99-34ac-43a7-83aa-40c202de0b81" ,
"value" : "61aecb3e037e01bc0ad1062e6ff557e6"
} ,
{
"category" : "Payload delivery" ,
"comment" : "AzoRult" ,
"deleted" : false ,
"disable_correlation" : false ,
"timestamp" : "1533279385" ,
"to_ids" : true ,
"type" : "md5" ,
"uuid" : "5b63fc99-4c68-452a-a241-4e2602de0b81" ,
"value" : "4fd16e0e8bf3ae4ff155e461b2eccb79"
} ,
{
"category" : "Payload delivery" ,
"comment" : "Betabot" ,
"deleted" : false ,
"disable_correlation" : false ,
"timestamp" : "1533279385" ,
"to_ids" : true ,
"type" : "md5" ,
"uuid" : "5b63fc99-1b1c-4342-abd2-4ee502de0b81" ,
"value" : "db0954a2f9c95737d1e54a1f9cf01404"
} ,
{
"category" : "Payload delivery" ,
"comment" : "Delphi Keylogger" ,
"deleted" : false ,
"disable_correlation" : false ,
"timestamp" : "1533279386" ,
"to_ids" : true ,
"type" : "md5" ,
"uuid" : "5b63fc9a-cf44-4116-be6e-40ec02de0b81" ,
"value" : "ccb184bbb7d257f02e2f69790d33f3b6"
} ,
{
"category" : "Payload delivery" ,
"comment" : "BabylonRAT" ,
"deleted" : false ,
"disable_correlation" : false ,
"timestamp" : "1533279386" ,
"to_ids" : true ,
"type" : "md5" ,
"uuid" : "5b63fc9a-922c-4066-9966-464b02de0b81" ,
"value" : "5f19025a2ac2afeb331d4a0971507131"
} ,
{
"category" : "Payload delivery" ,
"comment" : "Betabot" ,
"deleted" : false ,
"disable_correlation" : false ,
"timestamp" : "1533279387" ,
"to_ids" : true ,
"type" : "md5" ,
"uuid" : "5b63fc9b-f500-4352-acb2-49f802de0b81" ,
"value" : "579a5233fe9580e83fb20c2addb1a303"
} ,
{
"category" : "Payload delivery" ,
"comment" : "Hallaj PRO Rat" ,
"deleted" : false ,
"disable_correlation" : false ,
"timestamp" : "1533279387" ,
"to_ids" : true ,
"type" : "md5" ,
"uuid" : "5b63fc9b-2dcc-4b46-92f2-456202de0b81" ,
"value" : "567157989551a5c6926c375eb0652804"
} ,
{
"category" : "Payload delivery" ,
"comment" : "AzoRult" ,
"deleted" : false ,
"disable_correlation" : false ,
"timestamp" : "1533279388" ,
"to_ids" : true ,
"type" : "md5" ,
"uuid" : "5b63fc9c-b8b0-4a56-ba31-4a0a02de0b81" ,
"value" : "5a610962baf6081eb809a9e460599871"
} ,
{
"category" : "Payload delivery" ,
"comment" : "\u00d0\u017e\u00d1\u201a\u00d1\u20ac\u00d0\u00b0\u00d1\u0081\u00d0\u00bb\u00d0\u00b5\u00d0\u00b2\u00d0\u00b0\u00d1\u008f \u00d0\u00bf\u00d1\u20ac\u00d0\u00be\u00d0\u00b3\u00d1\u20ac\u00d0\u00b0\u00d0\u00bc\u00d0\u00bc\u00d0\u00b0 \u00d0\u00b7\u00d0\u00b0\u00d0\u00ba\u00d1\u0192\u00d0\u00bf\u00d0\u00be\u00d0\u00ba \u00d0\u0178\u00d0\u0090\u00d0\u017e \u00d0\u00a0\u00d0\u017e\u00d0\u00a1\u00d0\u0090\u00d0\u00a2\u00d0\u017e\u00d0\u0153.exe" ,
"deleted" : false ,
"disable_correlation" : false ,
"timestamp" : "1533279590" ,
"to_ids" : true ,
"type" : "md5" ,
"uuid" : "5b63fd66-cdb8-4bc0-a818-470002de0b81" ,
"value" : "34a1e9fcc84adc4ab2ec364845f64220"
} ,
{
"category" : "Payload delivery" ,
"comment" : "\u00d0\u017e\u00d1\u201a\u00d1\u20ac\u00d0\u00b0\u00d1\u0081\u00d0\u00bb\u00d0\u00b5\u00d0\u00b2\u00d0\u00b0\u00d1\u008f \u00d0\u00bf\u00d1\u20ac\u00d0\u00be\u00d0\u00b3\u00d1\u20ac\u00d0\u00b0\u00d0\u00bc\u00d0\u00bc\u00d0\u00b0 \u00d0\u00b7\u00d0\u00b0\u00d0\u00ba\u00d1\u0192\u00d0\u00bf\u00d0\u00be\u00d0\u00ba \u00d0\u0178\u00d0\u0090\u00d0\u017e \u00d0\u00a0\u00d0\u017e\u00d0\u00a1\u00d0\u0090\u00d0\u00a2\u00d0\u017e\u00d0\u0153 (\u00d0\u00ba\u00d0\u00be\u00d0\u00b4 917815).rar" ,
"deleted" : false ,
"disable_correlation" : false ,
"timestamp" : "1533279591" ,
"to_ids" : true ,
"type" : "md5" ,
"uuid" : "5b63fd67-eefc-4c2f-9ce5-49a102de0b81" ,
"value" : "59e172ec7d73a5c41d4dbb218ca1af66"
} ,
{
"category" : "Payload delivery" ,
"comment" : "OPLATA REESTR skrin dogovor.doc.com doc.pdf.oplat 27.12.2017.rar 1\u00d1\u0081 \u00d0\u00bf\u00d0\u00bf.pdf" ,
"deleted" : false ,
"disable_correlation" : false ,
"timestamp" : "1533279591" ,
"to_ids" : true ,
"type" : "md5" ,
"uuid" : "5b63fd67-2da4-4702-9b89-4d4402de0b81" ,
"value" : "ddcd67b7b83e73426b4d35881789e7dc"
} ,
{
"category" : "Payload delivery" ,
"comment" : "(No 444.pdf.com" ,
"deleted" : false ,
"disable_correlation" : false ,
"timestamp" : "1533279591" ,
"to_ids" : true ,
"type" : "md5" ,
"uuid" : "5b63fd67-b584-4a05-8b22-480702de0b81" ,
"value" : "2374c93efbe32199b177eb12f96b6166"
} ,
{
"category" : "Payload delivery" ,
"comment" : "\u00d0\u00bd\u00d0\u00be\u00d0\u00b2\u00d1\u2039\u00d0\u00b9 \u00d1\u201a\u00d0\u00b5\u00d0\u00ba\u00d1\u0081\u00d1\u201a\u00d0\u00be\u00d0\u00b2\u00d1\u2039\u00d0\u00b9.txt.com - oplata022018rm.rar" ,
"deleted" : false ,
"disable_correlation" : false ,
"timestamp" : "1533279592" ,
"to_ids" : true ,
"type" : "md5" ,
"uuid" : "5b63fd68-a048-457f-bd35-437202de0b81" ,
"value" : "c531c45b08b692d84cf0699ef92f0134"
} ,
{
"category" : "Payload delivery" ,
"comment" : "oplata 1\u00d1\u0081_2 scan.pdf.com - reestr oplat 1c \u00d0\u00be\u00d1\u201a 01.12.2017.rar" ,
"deleted" : false ,
"disable_correlation" : false ,
"timestamp" : "1533279592" ,
"to_ids" : true ,
"type" : "md5" ,
"uuid" : "5b63fd68-63cc-4a17-b1b6-403002de0b81" ,
"value" : "e5562389a49680c25e67b750b2c368eb"
} ,
{
"category" : "Payload delivery" ,
"comment" : "1C tshetim.rar" ,
"deleted" : false ,
"disable_correlation" : false ,
"timestamp" : "1533279593" ,
"to_ids" : true ,
"type" : "md5" ,
"uuid" : "5b63fd69-6dc4-4a45-9a9c-4d4102de0b81" ,
"value" : "3a636038a3d893e441f25696bcbf2c73"
} ,
{
"category" : "Payload delivery" ,
"comment" : "1C kopiya No5.pdf.scr" ,
"deleted" : false ,
"disable_correlation" : false ,
"timestamp" : "1533279593" ,
"to_ids" : true ,
"type" : "md5" ,
"uuid" : "5b63fd69-3470-4837-89db-49bc02de0b81" ,
"value" : "f9b14393b995a655e72731c8b6ce78fd"
} ,
{
"category" : "Payload delivery" ,
"comment" : "WinRAR pp.rar" ,
"deleted" : false ,
"disable_correlation" : false ,
"timestamp" : "1533279594" ,
"to_ids" : true ,
"type" : "md5" ,
"uuid" : "5b63fd6a-0fbc-47b7-aad6-471102de0b81" ,
"value" : "6e10bc85be5d330e9aed5b5c87ccee38"
} ,
{
"category" : "Payload delivery" ,
"comment" : "kopiya WinRAR.docx.scr" ,
"deleted" : false ,
"disable_correlation" : false ,
"timestamp" : "1533279594" ,
"to_ids" : true ,
"type" : "md5" ,
"uuid" : "5b63fd6a-b0c4-4cd1-9769-46ea02de0b81" ,
"value" : "f8ec2d059d937723becd92eae050a097"
} ,
{
"category" : "Payload delivery" ,
"comment" : "act sverki 09.10.2017 crbarin.pdf.com" ,
"deleted" : false ,
"disable_correlation" : false ,
"timestamp" : "1533279594" ,
"to_ids" : true ,
"type" : "md5" ,
"uuid" : "5b63fd6a-9b48-4aa5-9970-4b8b02de0b81" ,
"value" : "21089b34d8f9cb7910f521e30aa55908"
} ,
{
"category" : "External analysis" ,
"comment" : "" ,
"data" : " J V B E R i 0 x L j U N C i W 1 t b W 1 D Q o x I D A g b 2 J q D Q o 8 P C 9 U e X B l L 0 N h d G F s b 2 c v U G F n Z X M g M i A w I F I v T G F u Z y h y d S 1 S V S k g P j 4 N C m V u Z G 9 i a g 0 K M i A w I G 9 i a g 0 K P D w v V H l w Z S 9 Q Y W d l c y 9 D b 3 V u d C A 1 L 0 t p Z H N b I D M g M C B S I D I z I D A g U i A y N S A w I F I g M j c g M C B S I D M z I D A g U l 0 g P j 4 N C m V u Z G 9 i a g 0 K M y A w I G 9 i a g 0 K P D w v V H l w Z S 9 Q Y W d l L 1 B h c m V u d C A y I D A g U i 9 S Z X N v d X J j Z X M 8 P C 9 G b 250 P D w v R j E g N S A w I F I v R j I g O S A w I F I v R j M g M T Q g M C B S L 0 Y 0 I D E 2 I D A g U i 9 G N S A x O C A w I F I + P i 9 F e H R H U 3 R h d G U 8 P C 9 H U z c g N y A w I F I v R 1 M 4 I D g g M C B S P j 4 v U H J v Y 1 N l d F s v U E R G L 1 R l e H Q v S W 1 h Z 2 V C L 0 l t Y W d l Q y 9 J b W F n Z U l d I D 4 + L 0 1 l Z G l h Q m 94 W y A w I D A g N T k 1 L j M y I D g 0 M S 45 M l 0 g L 0 N v b n R l b n R z I D Q g M C B S L 0 d y b 3 V w P D w v V H l w Z S 9 H c m 91 c C 9 T L 1 R y Y W 5 z c G F y Z W 5 j e S 9 D U y 9 E Z X Z p Y 2 V S R 0 I + P i 9 U Y W J z L 1 M + P g 0 K Z W 5 k b 2 J q D Q o 0 I D A g b 2 J q D Q o 8 P C 9 G a W x 0 Z X I v R m x h d G V E Z W N v Z G U v T G V u Z 3 R o I D U 2 M D I + P g 0 K c 3 R y Z W F t D Q p 4 n N 1 d W W 8 k N 5 J + b 6 D / Q 70 M o B p A O T y T m Y A h o F S S B r t z 2 T 0 N + M H e B 1 W V 1 B b c U m k k e W Z 6 f / 1 G 8 E p m J Y N 5 a J 7 W h k t 5 R A a D Q c Y X E b x 8 + f n j h z / c 8 J V Q q 8 / 3 H z / w F Y N / + U r W K 2 P q i s H T R y D 449 / N 6 s v r x w / w s l L C w K + U c v X y x b 5 q M q 8 + / f H j h 5 / O N s / P d 0 + H h 38 D w / X / r D 7 / 98 c P 11 D c p S 1 S n B b J t a p M W u p P 3 z F 2 K S 5 O P x z I y u u m M q r 35 d l p e Z H W q A H t f 4 G I + 9 u 348 v r 6 n i / 2 h 4 f n 1 + O a 3 X 2 + P C 6 P h d n d w Q n J V W l D F 3 q P z 5 + + C G I L F d c D N S r e a X d h 6 g 6 A R S s 4 j W 3 W u 0 / c c r M M 0 85 S l n V t R f l 5 o j C f z 3 c r c / 1 G d R s / w J V g h t 5 d o s / b + v G 3 R 3 w Z w V 3 O 7 z 4 t u b s b P W G l 7 / g z 114 + 7 g + r 92 X X / + 15 s p d v l C 6 E U x V 3 P Q F o n S j V p x b D Z 6 o h z e d e q x G r B J + t / l + f a 7 O v g e R r j Y o w + e 1 P t v 8 j p C j l Z U G 1 g m v n 85 + / p k i N p W q T 4 g / o T 6 O t 48 P o L y n L 1 S f k n U l x M R S u I I 2 b f r E f 8 W m + r z m 9 d m f 1 / X Z c X 8 L p X 2 F / z b P W M P n K 3 y N z 95 u K X 1 z W Y m 2 z 3 S 8 u z B Z s d A 6 y / S a c h j V a 0 o 8 S 6 + T S g l 6 T Y m d N t e c n w W N X t 2 + Q b 3 w z u u c Y N b q q t Z 9 Z q P 6 r B s D + P U O d a Y M x r S Z 0 s 5 R 5 q Q y v C 5 T W q q L B o U W 9 Z g y m g O R d a 0 r 2 c y A y L + s P b x 9 R V 3 s H 46 / I f q 9 r m 7 x z 9 v b 2 k P Y / h e 4 s o h m 8e0 J 7 t 5 e S Y + h G + w E i S y 5 S s A v K h g a B n R n z E q A M 1 M A b S 3 + v t x 9 / P D j 71 d P p 2 S N I 9 M D M h o Z u R K V x M / b q r X C g N J e 0 O e C 95 S r f / X B 8 g b U 8 e A b 6 g 7 b b v W 0 5 g 3 o A A D 80 T q A r h q D O i w R r o E P 6 o n C r Q a F / x A u R M v R f Q R V K l O 1 J q f K l K 6 h 6 G h x F X g p 3 U 4 U 9 y 9 o y m v B z v R A 7 v e K I X R l + D u 1 Z m k k M M K e y t D S I R p r 3 A 8 K c f / 78 d e u 7 d 1 r 3 / Y 9 A t G y q m 5 T B o z x U x K n C s / E q a J H o W V b c d V n o m a T + K o 4 j d s 3 n b 5 T U T s C F L V P E 4 p J a d Q J T W c S g l W N H j d r J K v L l q N z f Y B X + D H 0 g O Y 0 5 P m O i c s r J s X N x b n 4 D v 5 u m W T w n 8 B n 8 k L B I 15 f a P j D b u w d 29 o / i u M f B v d S b N x n o g F a F l h c S O S m L b H / 4 z 613 / D N x b l 2 j 7 i l 4 E x K 7 k X Y O F 7 w D G n F 5 c 1 F C 1 J u l J U U H l 0 0 c L t l 9 l Z s u X u 1 t c L a R 5 e b C 86 A k W 4 u z u E Z 59 d Y A b 6 t b Z l 4 S + D S B O 3 m L E w Y U 0 H z 5 / U 7 B Y h 8448 C k Z d v L g K I t o a k i Z J P o o 9 S + L N Z t 2 c c L 64 x p m n x C i F + u w U X 3 D g q c 7 a 5 w q v t m o e P L g U 8 v d 5 K + L g O R J F a B y Y 13 F h 6 p B Z 4 w U i g W 1 h N B c 3 Q U t 2 c b I b O 1 G U H W m j N J 7 h l C R L Y S k k S O J A 94 O o T R R i X K X S l N A l m y B 4 y 9 Q R y E j s t F c C p I 6 D B K a U h w U l D f K V i z C F F 1 b Q 6 h 0 4 p n U a 6 l s 2 B J 85 C N P z / H Z 4 C l T T X F q E s f y u f u u D S y j C A q B / m K j p r I q h o D X C g 24 G B W H v n Y J 0 G L x q 4 s F i g 4 e L n N W Y b F c S x L 7 c v R F C 3 W C b I T m p B S j W O n q F g Z 1 G 53 k k R T p U w 4 C e k a 5 I P J L Q Q 17 r R D N 0 p U I Q n k C A K 9 + g A E G k v p B s n U e 5 b S 6 C C v g 8 K v j n s 4 H Y H 5 C I 0 i k V U S I u 0 o 8 K P 76E9 E F Z r C k g X V 1 j V j U X S f I V H k B Q g R T Z F K H U U I 1 j a s S m B q W d V R t O U F Q W n X l d W 7 E R T i U Q J B X 5 + Q u T L 6 h G p U 6 L O W G p T 6 f F w L y W b E 5 A 4 M z d 1 V Z t B 6 / 3 t + z 9 j t r r 5 v E E n v / p 0 j Z m 3 d f h / D w M J n 3 B E 7 h X v f k W 7 f 3 n A D v q 0 s r 3 z C K + + H P H B P 4 H y + I I P K 6 Q 6 H P f Q X + 3 l / o j s H i m g W F g p w X X F W q p a E 3 B C G M y D f F / R b S W a P E w U 6 U Z R Q m u Q T w 7 k u 7 K j b N s r 1 J w N k y w Q X G I Y 5 a 4 a 0 J 7 F h W s D N i 1 D A G U B o I 60 N o S 6 s q Q + u G o C O P S g u 42 c r r Y k P C y s q G q g e w m q o m V 0 0E1 d t W 0 J H T x F G R 0 S N g V 0 C K y K 6 N B j R a K D 67 N 0 s J U Q k M F W j 4 Y O t k D a W i b Q I E U W G h I y P S A b g 4 Z 804 E J V + B X n g / Q b e 6 d x 4 e f I w 7 / P X 9 F 1 / O 2 E t i L s V t h M M B D P G / p 8 I L 1 O q I N G N a N d V Z k 2 L C w H j g p I + q F n R A a g p n Y C U 3 b n o 5 S e I q u E / Z o k j Z n J u 2 E P a q k 1 Z l J + 1 e / P C e R 0 0 K h f 3 U E d P 9 K a e j + 5 a 1 + r H 8 l Z F S 7 k K G 8 B h 5 m E D h A n H t 9 d X F u A + + r J D b f 2 F g c k v U a k v O m h Q R 9 c 2 H g U j R E n j 5 F t l y f a S A 2 F J R 0 Y 30 G l M t 1 E b g c x Q h w d W x y w J W 0 J N d j m O S 0 U O g z H Q H d Z 1 I a u s 8 w g z 53 N F x J y G a P T m k O r T K I / 5 M c 6 b K 2 e R H n c H 3 D X D + C v y a 5 z f Y h + 3 E c C g J N m C v L h B t N 9 a 8 J 9 c h i E l c W k 7 I 1 m R K h + H L H x o H K d O M R S l 4 + 4 T I T j 90 q j v K 0 M W O 5 x o G c y 2 t 8 K A P 0 c 5 f 9 + I j j k t s U x / O 4 t i E L j 9 k Q f t 7 a h A V J a z v a 5 O / o H G Z h X R V O x M 9 t i s 6 w h C y 6 B 0 c x 4 h 46 N j n 3 k A R h I h 0 P y v q Q l B X p Q 5 y m A h 7 o e i B Q R + D x I K E J J a U 0 6 o Q m G o j C C b f x 9 C U l m 40 H C j p r M 4 j z 0 X f U 3 o c 0 O O j D p N w y y b c O G 3 D U F 4 e K k n E h O 7 R i R 5 D w E / c p u 3 H D O v 5 T i w 4 I H O 3 G P o 8 j x e 0 G 3 y F q W N a A H A X U m F L b L G p o g / M Q + f p O Q A 0 F A U Y T e x A 0 o 6 y z q F G m G 0 U N h X H y 0 G t u t Q y R 4 F a B R d u c 5 J L B V R O t v I 0 I c G W f + 5 H g 7 Q 18 y Z z 1 e / x o P c x w l X x k b 2 N k 6 T M j A i 6 W V l I Z j b M 0 R C V H 8 A J s h r d F v H A U I 3 j R s S n h h W d V x o u U F Y U X v r / S 8 U N C Q M Y P P R o y f g i t M o Y X C d n s 4 Q 5 l o O n 0 o O m O P n O 5 D d l J M v / g v R d 2 y J d H 6 I s 2 j a F H O J e K x y U D V 0 T I V + 5 a q F 5 h S l G n p y h H n Q m b Q t T Z o 6 K i T q + E Q q / p C O h e k 9 L Q v Q b 7 O B / v N Q n Z f C 8 D 4 M s G + a O H e o w j 6 x v G m b j w 3 g A v j Z 8 j w F x G u 1 x G G j / j e H 1 t H Q y + 5 y 1 z T g V D T v i M 47 W p r b N R / 4 E g d U q 18 + 5 G V b o h K j 7 F 3 U A s 0 t Y p w r Z 5 d y M s Q U L X z I p S s X 5 s 6 A 9 x R F 27 e Q n v O G L c 2 k Q P Y l e g q B C Z 1 s H I W R x t F 5 E D 8 q t D w L r z 0 a t 2 + O C f i P i Z D G U 24 d M d 6 Y i W V l 8 Z g Y v s i O q P w A X Y l d Q l T + Q p y p 4 o Y V P w R I F V 0 R P 1 W J G e y H X l A q Z 0 B D S m p D Q 0 p v j e 22 G K y W K K b 73 O u O o 5 o C I N j l Q P Q a X Z 4 u o D u w I B 7 b 51 a a s F l m b r U M P h j s O B 2 k 5 p I n g o R 2 V j X N G N o y B S u H G U B u c g Q + i L Z H h 7 v X X h L l C b D l 7 C r c c q n z T H W / j I J C M 1 N z L 91 t a A C f x L w d I U z e U X d 9 W 2 G b O 6 G + v 30 P
"deleted" : false ,
"disable_correlation" : false ,
"timestamp" : "1533279738" ,
"to_ids" : false ,
"type" : "attachment" ,
"uuid" : "5b63fdfa-9d30-4d83-9783-40d402de0b81" ,
"value" : "TV_RMS_IoC_eng.pdf"
}
] ,
"Object" : [
{
"comment" : "" ,
"deleted" : false ,
"description" : "File object describing a file with meta-information" ,
"meta-category" : "file" ,
"name" : "file" ,
"template_uuid" : "688c46fb-5edb-40a3-8273-1af7923e2215" ,
"template_version" : "11" ,
"timestamp" : "1533279869" ,
"uuid" : "76d54bf8-8a5c-4d15-99a5-60099d75f33c" ,
"ObjectReference" : [
{
"comment" : "" ,
"object_uuid" : "76d54bf8-8a5c-4d15-99a5-60099d75f33c" ,
"referenced_uuid" : "85c6f32f-13fd-45fc-b553-04eea230334d" ,
"relationship_type" : "analysed-with" ,
"timestamp" : "1533279933" ,
"uuid" : "5b63febd-62dc-4be4-925c-6c4102de0b81"
}
] ,
"Attribute" : [
{
"category" : "Payload delivery" ,
"comment" : "" ,
"deleted" : false ,
"disable_correlation" : false ,
"object_relation" : "md5" ,
"timestamp" : "1533279867" ,
"to_ids" : true ,
"type" : "md5" ,
"uuid" : "d452c81d-6a13-4da7-8607-2b3f3dbb8a88" ,
"value" : "f8ec2d059d937723becd92eae050a097"
} ,
{
"category" : "Payload delivery" ,
"comment" : "" ,
"deleted" : false ,
"disable_correlation" : false ,
"object_relation" : "sha1" ,
"timestamp" : "1533279867" ,
"to_ids" : true ,
"type" : "sha1" ,
"uuid" : "292a8c2d-f067-4d70-88a8-ba5d16e3949c" ,
"value" : "3ac6e16b8c127575cfc73bc94e519fc3a58fa7b5"
} ,
{
"category" : "Payload delivery" ,
"comment" : "" ,
"deleted" : false ,
"disable_correlation" : false ,
"object_relation" : "sha256" ,
"timestamp" : "1533279868" ,
"to_ids" : true ,
"type" : "sha256" ,
"uuid" : "b0eed3e2-1882-48fa-93ca-0607e1def374" ,
"value" : "b785a79bb13d88e0ba3b704d626d4ee66070ca4ddfab095315bc3d75e4783d72"
}
]
} ,
{
"comment" : "" ,
"deleted" : false ,
"description" : "VirusTotal report" ,
"meta-category" : "misc" ,
"name" : "virustotal-report" ,
"template_uuid" : "d7dd0154-e04f-4c34-a2fb-79f3a3a52aa4" ,
"template_version" : "2" ,
"timestamp" : "1533279868" ,
"uuid" : "85c6f32f-13fd-45fc-b553-04eea230334d" ,
"Attribute" : [
{
"category" : "Other" ,
"comment" : "" ,
"deleted" : false ,
"disable_correlation" : false ,
"object_relation" : "last-submission" ,
"timestamp" : "1533279868" ,
"to_ids" : false ,
"type" : "datetime" ,
"uuid" : "610f905b-3e22-476b-b85d-fa2950cd9e9f" ,
"value" : "2018-05-16T08:12:04"
} ,
{
"category" : "External analysis" ,
"comment" : "" ,
"deleted" : false ,
"disable_correlation" : false ,
"object_relation" : "permalink" ,
"timestamp" : "1533279869" ,
"to_ids" : false ,
"type" : "link" ,
"uuid" : "04078969-96c3-4849-b011-4443f045c926" ,
"value" : "https://www.virustotal.com/file/b785a79bb13d88e0ba3b704d626d4ee66070ca4ddfab095315bc3d75e4783d72/analysis/1526458324/"
} ,
{
"category" : "Other" ,
"comment" : "" ,
"deleted" : false ,
"disable_correlation" : true ,
"object_relation" : "detection-ratio" ,
"timestamp" : "1533279869" ,
"to_ids" : false ,
"type" : "text" ,
"uuid" : "ffd3d4b5-ffc4-47f1-b6fb-29115afa07ae" ,
"value" : "15/66"
}
]
} ,
{
"comment" : "" ,
"deleted" : false ,
"description" : "File object describing a file with meta-information" ,
"meta-category" : "file" ,
"name" : "file" ,
"template_uuid" : "688c46fb-5edb-40a3-8273-1af7923e2215" ,
"template_version" : "11" ,
"timestamp" : "1533279872" ,
"uuid" : "8fbcce78-3cbc-4071-b67d-dfe531d27c00" ,
"ObjectReference" : [
{
"comment" : "" ,
"object_uuid" : "8fbcce78-3cbc-4071-b67d-dfe531d27c00" ,
"referenced_uuid" : "19c2defe-70e2-4b45-9834-a0d0c63c4611" ,
"relationship_type" : "analysed-with" ,
"timestamp" : "1533279933" ,
"uuid" : "5b63febd-5d80-4660-906f-6c4102de0b81"
}
] ,
"Attribute" : [
{
"category" : "Payload delivery" ,
"comment" : "" ,
"deleted" : false ,
"disable_correlation" : false ,
"object_relation" : "md5" ,
"timestamp" : "1533279869" ,
"to_ids" : true ,
"type" : "md5" ,
"uuid" : "95409609-3ae7-4e07-96f7-6e540e584311" ,
"value" : "6e10bc85be5d330e9aed5b5c87ccee38"
} ,
{
"category" : "Payload delivery" ,
"comment" : "" ,
"deleted" : false ,
"disable_correlation" : false ,
"object_relation" : "sha1" ,
"timestamp" : "1533279870" ,
"to_ids" : true ,
"type" : "sha1" ,
"uuid" : "19ca916b-395e-481b-9e26-c798e0de4611" ,
"value" : "63d796f57f7e72ac85766034320ef01863f4a22e"
} ,
{
"category" : "Payload delivery" ,
"comment" : "" ,
"deleted" : false ,
"disable_correlation" : false ,
"object_relation" : "sha256" ,
"timestamp" : "1533279870" ,
"to_ids" : true ,
"type" : "sha256" ,
"uuid" : "4ce7bc21-4dd4-459e-973c-b21f6e9c0788" ,
"value" : "31553b0529512139e1cb22feb71885a6fb9b3dcc55418f874dd64162e5bb2557"
}
]
} ,
{
"comment" : "" ,
"deleted" : false ,
"description" : "VirusTotal report" ,
"meta-category" : "misc" ,
"name" : "virustotal-report" ,
"template_uuid" : "d7dd0154-e04f-4c34-a2fb-79f3a3a52aa4" ,
"template_version" : "2" ,
"timestamp" : "1533279871" ,
"uuid" : "19c2defe-70e2-4b45-9834-a0d0c63c4611" ,
"Attribute" : [
{
"category" : "Other" ,
"comment" : "" ,
"deleted" : false ,
"disable_correlation" : false ,
"object_relation" : "last-submission" ,
"timestamp" : "1533279871" ,
"to_ids" : false ,
"type" : "datetime" ,
"uuid" : "c186b0ec-baf5-41f5-9fe1-abf706268da3" ,
"value" : "2018-07-09T11:24:58"
} ,
{
"category" : "External analysis" ,
"comment" : "" ,
"deleted" : false ,
"disable_correlation" : false ,
"object_relation" : "permalink" ,
"timestamp" : "1533279871" ,
"to_ids" : false ,
"type" : "link" ,
"uuid" : "c8b29c08-2711-4f6c-bef9-e7e4d4c29548" ,
"value" : "https://www.virustotal.com/file/31553b0529512139e1cb22feb71885a6fb9b3dcc55418f874dd64162e5bb2557/analysis/1531135498/"
} ,
{
"category" : "Other" ,
"comment" : "" ,
"deleted" : false ,
"disable_correlation" : true ,
"object_relation" : "detection-ratio" ,
"timestamp" : "1533279872" ,
"to_ids" : false ,
"type" : "text" ,
"uuid" : "e873be03-a3dd-417a-8531-219d41271e1d" ,
"value" : "20/61"
}
]
} ,
{
"comment" : "" ,
"deleted" : false ,
"description" : "File object describing a file with meta-information" ,
"meta-category" : "file" ,
"name" : "file" ,
"template_uuid" : "688c46fb-5edb-40a3-8273-1af7923e2215" ,
"template_version" : "11" ,
"timestamp" : "1533279875" ,
"uuid" : "18222cee-2ac0-47a1-8791-6744df043aad" ,
"ObjectReference" : [
{
"comment" : "" ,
"object_uuid" : "18222cee-2ac0-47a1-8791-6744df043aad" ,
"referenced_uuid" : "89416cc5-db81-4f92-9523-398c9f71e800" ,
"relationship_type" : "analysed-with" ,
"timestamp" : "1533279934" ,
"uuid" : "5b63febe-458c-49dc-bc45-6c4102de0b81"
}
] ,
"Attribute" : [
{
"category" : "Payload delivery" ,
"comment" : "" ,
"deleted" : false ,
"disable_correlation" : false ,
"object_relation" : "md5" ,
"timestamp" : "1533279872" ,
"to_ids" : true ,
"type" : "md5" ,
"uuid" : "f8d5dd0f-65b6-4c11-a457-0d4525d007a8" ,
"value" : "3463d4a1dea003b9904674f21904f04b"
} ,
{
"category" : "Payload delivery" ,
"comment" : "" ,
"deleted" : false ,
"disable_correlation" : false ,
"object_relation" : "sha1" ,
"timestamp" : "1533279872" ,
"to_ids" : true ,
"type" : "sha1" ,
"uuid" : "f8dc1f67-e85c-444b-93d3-edcddbef3e58" ,
"value" : "ea09ca011157ff09743e07f2273291c91e81e925"
} ,
{
"category" : "Payload delivery" ,
"comment" : "" ,
"deleted" : false ,
"disable_correlation" : false ,
"object_relation" : "sha256" ,
"timestamp" : "1533279873" ,
"to_ids" : true ,
"type" : "sha256" ,
"uuid" : "2e056369-4db0-4fcd-be61-0ff6675314c3" ,
"value" : "d89168411b7d7bfa9fb402978c553d88ff50bcbbbb10c06a15cbbe6b48ab852f"
}
]
} ,
{
"comment" : "" ,
"deleted" : false ,
"description" : "VirusTotal report" ,
"meta-category" : "misc" ,
"name" : "virustotal-report" ,
"template_uuid" : "d7dd0154-e04f-4c34-a2fb-79f3a3a52aa4" ,
"template_version" : "2" ,
"timestamp" : "1533279873" ,
"uuid" : "89416cc5-db81-4f92-9523-398c9f71e800" ,
"Attribute" : [
{
"category" : "Other" ,
"comment" : "" ,
"deleted" : false ,
"disable_correlation" : false ,
"object_relation" : "last-submission" ,
"timestamp" : "1533279873" ,
"to_ids" : false ,
"type" : "datetime" ,
"uuid" : "38fe2f48-7f55-46b6-8a8b-9be8a5c6ea62" ,
"value" : "2018-07-28T21:30:50"
} ,
{
"category" : "External analysis" ,
"comment" : "" ,
"deleted" : false ,
"disable_correlation" : false ,
"object_relation" : "permalink" ,
"timestamp" : "1533279874" ,
"to_ids" : false ,
"type" : "link" ,
"uuid" : "ef4a3a56-dbdb-45f2-a922-fcf3954be4ce" ,
"value" : "https://www.virustotal.com/file/d89168411b7d7bfa9fb402978c553d88ff50bcbbbb10c06a15cbbe6b48ab852f/analysis/1532813450/"
} ,
{
"category" : "Other" ,
"comment" : "" ,
"deleted" : false ,
"disable_correlation" : true ,
"object_relation" : "detection-ratio" ,
"timestamp" : "1533279874" ,
"to_ids" : false ,
"type" : "text" ,
"uuid" : "0434626c-bef4-45f0-97b3-921d7637fb62" ,
"value" : "51/68"
}
]
} ,
{
"comment" : "" ,
"deleted" : false ,
"description" : "File object describing a file with meta-information" ,
"meta-category" : "file" ,
"name" : "file" ,
"template_uuid" : "688c46fb-5edb-40a3-8273-1af7923e2215" ,
"template_version" : "11" ,
"timestamp" : "1533279877" ,
"uuid" : "0e9b4bd9-14db-4902-9991-a206bcacc6f1" ,
"ObjectReference" : [
{
"comment" : "" ,
"object_uuid" : "0e9b4bd9-14db-4902-9991-a206bcacc6f1" ,
"referenced_uuid" : "b0a6a50d-3304-4eaf-9802-eb197d2ad89d" ,
"relationship_type" : "analysed-with" ,
"timestamp" : "1533279934" ,
"uuid" : "5b63febe-ede4-4a15-a8da-6c4102de0b81"
}
] ,
"Attribute" : [
{
"category" : "Payload delivery" ,
"comment" : "" ,
"deleted" : false ,
"disable_correlation" : false ,
"object_relation" : "md5" ,
"timestamp" : "1533279874" ,
"to_ids" : true ,
"type" : "md5" ,
"uuid" : "a54491ab-2bbb-4d14-9da2-9d14dc7c9ef8" ,
"value" : "ba9747658aa8263b446bc29b99c0071f"
} ,
{
"category" : "Payload delivery" ,
"comment" : "" ,
"deleted" : false ,
"disable_correlation" : false ,
"object_relation" : "sha1" ,
"timestamp" : "1533279875" ,
"to_ids" : true ,
"type" : "sha1" ,
"uuid" : "fe7d2891-15fb-4d06-9394-5bd3f378eecd" ,
"value" : "a67eeb92cee5691eb022b0583c33684f3a893e48"
} ,
{
"category" : "Payload delivery" ,
"comment" : "" ,
"deleted" : false ,
"disable_correlation" : false ,
"object_relation" : "sha256" ,
"timestamp" : "1533279875" ,
"to_ids" : true ,
"type" : "sha256" ,
"uuid" : "a35ff82c-5e94-4bd6-88b8-05fd5d1cb0b2" ,
"value" : "dbd77affbcef98e8814411a7fb713254f06c21fe5fe7697e75824c60a7ebcbcd"
}
]
} ,
{
"comment" : "" ,
"deleted" : false ,
"description" : "VirusTotal report" ,
"meta-category" : "misc" ,
"name" : "virustotal-report" ,
"template_uuid" : "d7dd0154-e04f-4c34-a2fb-79f3a3a52aa4" ,
"template_version" : "2" ,
"timestamp" : "1533279876" ,
"uuid" : "b0a6a50d-3304-4eaf-9802-eb197d2ad89d" ,
"Attribute" : [
{
"category" : "Other" ,
"comment" : "" ,
"deleted" : false ,
"disable_correlation" : false ,
"object_relation" : "last-submission" ,
"timestamp" : "1533279876" ,
"to_ids" : false ,
"type" : "datetime" ,
"uuid" : "2fdc44f1-fb8a-4844-9997-79a94b8e0b8b" ,
"value" : "2018-07-20T21:20:18"
} ,
{
"category" : "External analysis" ,
"comment" : "" ,
"deleted" : false ,
"disable_correlation" : false ,
"object_relation" : "permalink" ,
"timestamp" : "1533279876" ,
"to_ids" : false ,
"type" : "link" ,
"uuid" : "e0252f8c-f6bf-4562-afdf-649685561b34" ,
"value" : "https://www.virustotal.com/file/dbd77affbcef98e8814411a7fb713254f06c21fe5fe7697e75824c60a7ebcbcd/analysis/1532121618/"
} ,
{
"category" : "Other" ,
"comment" : "" ,
"deleted" : false ,
"disable_correlation" : true ,
"object_relation" : "detection-ratio" ,
"timestamp" : "1533279877" ,
"to_ids" : false ,
"type" : "text" ,
"uuid" : "4d5f0a98-9bed-4300-8c25-064eae706677" ,
"value" : "49/68"
}
]
} ,
{
"comment" : "" ,
"deleted" : false ,
"description" : "File object describing a file with meta-information" ,
"meta-category" : "file" ,
"name" : "file" ,
"template_uuid" : "688c46fb-5edb-40a3-8273-1af7923e2215" ,
"template_version" : "11" ,
"timestamp" : "1533279880" ,
"uuid" : "d4cb5445-b513-432b-97e4-b95f612ab3d4" ,
"ObjectReference" : [
{
"comment" : "" ,
"object_uuid" : "d4cb5445-b513-432b-97e4-b95f612ab3d4" ,
"referenced_uuid" : "2b6f9fe6-6e77-420e-ad70-57285e0091df" ,
"relationship_type" : "analysed-with" ,
"timestamp" : "1533279934" ,
"uuid" : "5b63febe-89bc-4ac5-9ab1-6c4102de0b81"
}
] ,
"Attribute" : [
{
"category" : "Payload delivery" ,
"comment" : "" ,
"deleted" : false ,
"disable_correlation" : false ,
"object_relation" : "md5" ,
"timestamp" : "1533279877" ,
"to_ids" : true ,
"type" : "md5" ,
"uuid" : "8729a7ba-dd0f-49fc-b8b7-0ce181fc09d4" ,
"value" : "2374c93efbe32199b177eb12f96b6166"
} ,
{
"category" : "Payload delivery" ,
"comment" : "" ,
"deleted" : false ,
"disable_correlation" : false ,
"object_relation" : "sha1" ,
"timestamp" : "1533279877" ,
"to_ids" : true ,
"type" : "sha1" ,
"uuid" : "0411ce5e-1db7-4165-ba3e-276a4483c402" ,
"value" : "ca948caa972a756d57260a2bd3f0b3bc7c8cf5da"
} ,
{
"category" : "Payload delivery" ,
"comment" : "" ,
"deleted" : false ,
"disable_correlation" : false ,
"object_relation" : "sha256" ,
"timestamp" : "1533279878" ,
"to_ids" : true ,
"type" : "sha256" ,
"uuid" : "1a3ffc20-dc4b-4868-8d99-1d76a4793eb1" ,
"value" : "50833fa57ef4bbb0d8f516df8d7b8419df1d81bd1166f2c6846590d5f6c45c41"
}
]
} ,
{
"comment" : "" ,
"deleted" : false ,
"description" : "VirusTotal report" ,
"meta-category" : "misc" ,
"name" : "virustotal-report" ,
"template_uuid" : "d7dd0154-e04f-4c34-a2fb-79f3a3a52aa4" ,
"template_version" : "2" ,
"timestamp" : "1533279879" ,
"uuid" : "2b6f9fe6-6e77-420e-ad70-57285e0091df" ,
"Attribute" : [
{
"category" : "Other" ,
"comment" : "" ,
"deleted" : false ,
"disable_correlation" : false ,
"object_relation" : "last-submission" ,
"timestamp" : "1533279879" ,
"to_ids" : false ,
"type" : "datetime" ,
"uuid" : "c339bb60-e470-4bac-bd9d-27485a79a6c0" ,
"value" : "2018-01-26T15:44:18"
} ,
{
"category" : "External analysis" ,
"comment" : "" ,
"deleted" : false ,
"disable_correlation" : false ,
"object_relation" : "permalink" ,
"timestamp" : "1533279880" ,
"to_ids" : false ,
"type" : "link" ,
"uuid" : "d656dce0-c353-44d4-963d-c38b1d4ebd2d" ,
"value" : "https://www.virustotal.com/file/50833fa57ef4bbb0d8f516df8d7b8419df1d81bd1166f2c6846590d5f6c45c41/analysis/1516981458/"
} ,
{
"category" : "Other" ,
"comment" : "" ,
"deleted" : false ,
"disable_correlation" : true ,
"object_relation" : "detection-ratio" ,
"timestamp" : "1533279880" ,
"to_ids" : false ,
"type" : "text" ,
"uuid" : "f77f523a-23dd-4882-bc54-3180141cca05" ,
"value" : "23/65"
}
]
} ,
{
"comment" : "" ,
"deleted" : false ,
"description" : "File object describing a file with meta-information" ,
"meta-category" : "file" ,
"name" : "file" ,
"template_uuid" : "688c46fb-5edb-40a3-8273-1af7923e2215" ,
"template_version" : "11" ,
"timestamp" : "1533279883" ,
"uuid" : "7c801ac7-ea1e-463d-91c4-d0cbd23b3109" ,
"ObjectReference" : [
{
"comment" : "" ,
"object_uuid" : "7c801ac7-ea1e-463d-91c4-d0cbd23b3109" ,
"referenced_uuid" : "f3f2eb44-2a5c-4d1c-b9bd-1edfe18dfc2d" ,
"relationship_type" : "analysed-with" ,
"timestamp" : "1533279934" ,
"uuid" : "5b63febe-a6e0-4a8d-9a33-6c4102de0b81"
}
] ,
"Attribute" : [
{
"category" : "Payload delivery" ,
"comment" : "" ,
"deleted" : false ,
"disable_correlation" : false ,
"object_relation" : "md5" ,
"timestamp" : "1533279880" ,
"to_ids" : true ,
"type" : "md5" ,
"uuid" : "29dec0fa-842b-4987-a62c-e86645d8e33f" ,
"value" : "579a5233fe9580e83fb20c2addb1a303"
} ,
{
"category" : "Payload delivery" ,
"comment" : "" ,
"deleted" : false ,
"disable_correlation" : false ,
"object_relation" : "sha1" ,
"timestamp" : "1533279881" ,
"to_ids" : true ,
"type" : "sha1" ,
"uuid" : "f822d218-6634-4e8f-a529-c7d1a26d88d6" ,
"value" : "713d542f516b7ec679f7d3a4090a7d9e07e137ef"
} ,
{
"category" : "Payload delivery" ,
"comment" : "" ,
"deleted" : false ,
"disable_correlation" : false ,
"object_relation" : "sha256" ,
"timestamp" : "1533279881" ,
"to_ids" : true ,
"type" : "sha256" ,
"uuid" : "c06a1a83-0e09-4ed1-af92-e1631a7ff39d" ,
"value" : "8250a6d411738754452284f21e7db1cb3228bcd128a7867023d19509aedbc18b"
}
]
} ,
{
"comment" : "" ,
"deleted" : false ,
"description" : "VirusTotal report" ,
"meta-category" : "misc" ,
"name" : "virustotal-report" ,
"template_uuid" : "d7dd0154-e04f-4c34-a2fb-79f3a3a52aa4" ,
"template_version" : "2" ,
"timestamp" : "1533279882" ,
"uuid" : "f3f2eb44-2a5c-4d1c-b9bd-1edfe18dfc2d" ,
"Attribute" : [
{
"category" : "Other" ,
"comment" : "" ,
"deleted" : false ,
"disable_correlation" : false ,
"object_relation" : "last-submission" ,
"timestamp" : "1533279882" ,
"to_ids" : false ,
"type" : "datetime" ,
"uuid" : "6ea8c0c4-cd43-48de-b920-40a6206e20a2" ,
"value" : "2017-11-18T02:11:25"
} ,
{
"category" : "External analysis" ,
"comment" : "" ,
"deleted" : false ,
"disable_correlation" : false ,
"object_relation" : "permalink" ,
"timestamp" : "1533279882" ,
"to_ids" : false ,
"type" : "link" ,
"uuid" : "734c6a95-e688-431b-b864-a2309cc8c1ea" ,
"value" : "https://www.virustotal.com/file/8250a6d411738754452284f21e7db1cb3228bcd128a7867023d19509aedbc18b/analysis/1510971085/"
} ,
{
"category" : "Other" ,
"comment" : "" ,
"deleted" : false ,
"disable_correlation" : true ,
"object_relation" : "detection-ratio" ,
"timestamp" : "1533279883" ,
"to_ids" : false ,
"type" : "text" ,
"uuid" : "863452d8-d122-4270-aa19-d3cc9cc82be3" ,
"value" : "53/67"
}
]
} ,
{
"comment" : "" ,
"deleted" : false ,
"description" : "File object describing a file with meta-information" ,
"meta-category" : "file" ,
"name" : "file" ,
"template_uuid" : "688c46fb-5edb-40a3-8273-1af7923e2215" ,
"template_version" : "11" ,
"timestamp" : "1533279886" ,
"uuid" : "7afe7225-8811-485e-8937-ab7bad8e74f0" ,
"ObjectReference" : [
{
"comment" : "" ,
"object_uuid" : "7afe7225-8811-485e-8937-ab7bad8e74f0" ,
"referenced_uuid" : "7d927d9b-6bc5-4668-9595-b58885c9cc0b" ,
"relationship_type" : "analysed-with" ,
"timestamp" : "1533279934" ,
"uuid" : "5b63febe-478c-439e-a2ed-6c4102de0b81"
}
] ,
"Attribute" : [
{
"category" : "Payload delivery" ,
"comment" : "" ,
"deleted" : false ,
"disable_correlation" : false ,
"object_relation" : "md5" ,
"timestamp" : "1533279883" ,
"to_ids" : true ,
"type" : "md5" ,
"uuid" : "453f7534-cea4-4b4c-af8b-1562defe3a08" ,
"value" : "3a636038a3d893e441f25696bcbf2c73"
} ,
{
"category" : "Payload delivery" ,
"comment" : "" ,
"deleted" : false ,
"disable_correlation" : false ,
"object_relation" : "sha1" ,
"timestamp" : "1533279883" ,
"to_ids" : true ,
"type" : "sha1" ,
"uuid" : "81e3f978-d0a1-403e-8657-4ae281c7e5cc" ,
"value" : "b331c97c29abde694cde08850ec0dae039f2101b"
} ,
{
"category" : "Payload delivery" ,
"comment" : "" ,
"deleted" : false ,
"disable_correlation" : false ,
"object_relation" : "sha256" ,
"timestamp" : "1533279884" ,
"to_ids" : true ,
"type" : "sha256" ,
"uuid" : "131dfdc3-aa77-4dd5-9436-04d78cddccb8" ,
"value" : "267f7279400b61335e940b1312026dbd6e3cdc900efe0d8ba88ffd470030cfa2"
}
]
} ,
{
"comment" : "" ,
"deleted" : false ,
"description" : "VirusTotal report" ,
"meta-category" : "misc" ,
"name" : "virustotal-report" ,
"template_uuid" : "d7dd0154-e04f-4c34-a2fb-79f3a3a52aa4" ,
"template_version" : "2" ,
"timestamp" : "1533279884" ,
"uuid" : "7d927d9b-6bc5-4668-9595-b58885c9cc0b" ,
"Attribute" : [
{
"category" : "Other" ,
"comment" : "" ,
"deleted" : false ,
"disable_correlation" : false ,
"object_relation" : "last-submission" ,
"timestamp" : "1533279884" ,
"to_ids" : false ,
"type" : "datetime" ,
"uuid" : "f7afa361-998b-4276-9212-d7781cb0d73e" ,
"value" : "2018-05-30T00:06:21"
} ,
{
"category" : "External analysis" ,
"comment" : "" ,
"deleted" : false ,
"disable_correlation" : false ,
"object_relation" : "permalink" ,
"timestamp" : "1533279885" ,
"to_ids" : false ,
"type" : "link" ,
"uuid" : "87df4eca-62ab-41ee-adbe-0d6c6e819db1" ,
"value" : "https://www.virustotal.com/file/267f7279400b61335e940b1312026dbd6e3cdc900efe0d8ba88ffd470030cfa2/analysis/1527638781/"
} ,
{
"category" : "Other" ,
"comment" : "" ,
"deleted" : false ,
"disable_correlation" : true ,
"object_relation" : "detection-ratio" ,
"timestamp" : "1533279885" ,
"to_ids" : false ,
"type" : "text" ,
"uuid" : "e2d8429a-4bae-4223-96cc-02a05cf8d5e4" ,
"value" : "30/60"
}
]
} ,
{
"comment" : "" ,
"deleted" : false ,
"description" : "File object describing a file with meta-information" ,
"meta-category" : "file" ,
"name" : "file" ,
"template_uuid" : "688c46fb-5edb-40a3-8273-1af7923e2215" ,
"template_version" : "11" ,
"timestamp" : "1533279888" ,
"uuid" : "294d1429-59cd-4ad7-95d9-fc5b3661475a" ,
"ObjectReference" : [
{
"comment" : "" ,
"object_uuid" : "294d1429-59cd-4ad7-95d9-fc5b3661475a" ,
"referenced_uuid" : "240a9164-aac0-4a1d-9f8c-ac58688889dd" ,
"relationship_type" : "analysed-with" ,
"timestamp" : "1533279934" ,
"uuid" : "5b63febe-cb90-4059-985a-6c4102de0b81"
}
] ,
"Attribute" : [
{
"category" : "Payload delivery" ,
"comment" : "" ,
"deleted" : false ,
"disable_correlation" : false ,
"object_relation" : "md5" ,
"timestamp" : "1533279885" ,
"to_ids" : true ,
"type" : "md5" ,
"uuid" : "5bb9404f-7f68-402b-9bcb-971370358a09" ,
"value" : "4fd16e0e8bf3ae4ff155e461b2eccb79"
} ,
{
"category" : "Payload delivery" ,
"comment" : "" ,
"deleted" : false ,
"disable_correlation" : false ,
"object_relation" : "sha1" ,
"timestamp" : "1533279886" ,
"to_ids" : true ,
"type" : "sha1" ,
"uuid" : "1aad1bd9-e20e-4673-bf39-1f41d39e425a" ,
"value" : "19eae97bb8ceac18bb02bcd3450458ed0e59c406"
} ,
{
"category" : "Payload delivery" ,
"comment" : "" ,
"deleted" : false ,
"disable_correlation" : false ,
"object_relation" : "sha256" ,
"timestamp" : "1533279887" ,
"to_ids" : true ,
"type" : "sha256" ,
"uuid" : "815ad9cb-e303-43f1-ae9d-4e9eb4d2d25f" ,
"value" : "863ee32ff078261823874c12e38e8b76d0cd5bfc6d0edaad010db9d618136c4c"
}
]
} ,
{
"comment" : "" ,
"deleted" : false ,
"description" : "VirusTotal report" ,
"meta-category" : "misc" ,
"name" : "virustotal-report" ,
"template_uuid" : "d7dd0154-e04f-4c34-a2fb-79f3a3a52aa4" ,
"template_version" : "2" ,
"timestamp" : "1533279887" ,
"uuid" : "240a9164-aac0-4a1d-9f8c-ac58688889dd" ,
"Attribute" : [
{
"category" : "Other" ,
"comment" : "" ,
"deleted" : false ,
"disable_correlation" : false ,
"object_relation" : "last-submission" ,
"timestamp" : "1533279887" ,
"to_ids" : false ,
"type" : "datetime" ,
"uuid" : "5697742a-38ef-4e5f-8b5b-c4f1264b5c50" ,
"value" : "2018-07-23T00:12:21"
} ,
{
"category" : "External analysis" ,
"comment" : "" ,
"deleted" : false ,
"disable_correlation" : false ,
"object_relation" : "permalink" ,
"timestamp" : "1533279888" ,
"to_ids" : false ,
"type" : "link" ,
"uuid" : "31aab7a7-f01b-4d9a-b9dd-09c8c2e7b0b9" ,
"value" : "https://www.virustotal.com/file/863ee32ff078261823874c12e38e8b76d0cd5bfc6d0edaad010db9d618136c4c/analysis/1532304741/"
} ,
{
"category" : "Other" ,
"comment" : "" ,
"deleted" : false ,
"disable_correlation" : true ,
"object_relation" : "detection-ratio" ,
"timestamp" : "1533279888" ,
"to_ids" : false ,
"type" : "text" ,
"uuid" : "8a7c447f-f278-4541-bca7-37bef818c827" ,
"value" : "53/68"
}
]
} ,
{
"comment" : "" ,
"deleted" : false ,
"description" : "File object describing a file with meta-information" ,
"meta-category" : "file" ,
"name" : "file" ,
"template_uuid" : "688c46fb-5edb-40a3-8273-1af7923e2215" ,
"template_version" : "11" ,
"timestamp" : "1533279891" ,
"uuid" : "0bf17bb7-e694-4e30-ae93-44dad8b167dc" ,
"ObjectReference" : [
{
"comment" : "" ,
"object_uuid" : "0bf17bb7-e694-4e30-ae93-44dad8b167dc" ,
"referenced_uuid" : "f600d536-ac39-4588-9ff8-63621d6d372b" ,
"relationship_type" : "analysed-with" ,
"timestamp" : "1533279934" ,
"uuid" : "5b63febe-1fcc-497b-9d4b-6c4102de0b81"
}
] ,
"Attribute" : [
{
"category" : "Payload delivery" ,
"comment" : "" ,
"deleted" : false ,
"disable_correlation" : false ,
"object_relation" : "md5" ,
"timestamp" : "1533279889" ,
"to_ids" : true ,
"type" : "md5" ,
"uuid" : "9953ce88-5511-4190-9860-115cf91dba95" ,
"value" : "61aecb3e037e01bc0ad1062e6ff557e6"
} ,
{
"category" : "Payload delivery" ,
"comment" : "" ,
"deleted" : false ,
"disable_correlation" : false ,
"object_relation" : "sha1" ,
"timestamp" : "1533279889" ,
"to_ids" : true ,
"type" : "sha1" ,
"uuid" : "8dae3de5-ca8c-452b-9042-ddaba92389fc" ,
"value" : "9bbd38502f32dccf4ec8f5c6b0a52a96f2b7825b"
} ,
{
"category" : "Payload delivery" ,
"comment" : "" ,
"deleted" : false ,
"disable_correlation" : false ,
"object_relation" : "sha256" ,
"timestamp" : "1533279889" ,
"to_ids" : true ,
"type" : "sha256" ,
"uuid" : "6426b1af-f59d-4530-8bc0-928e96d10057" ,
"value" : "ec6c35822895fd3f431d4b56552fbcdfff6a336dfd8fb086688a50f354edab54"
}
]
} ,
{
"comment" : "" ,
"deleted" : false ,
"description" : "VirusTotal report" ,
"meta-category" : "misc" ,
"name" : "virustotal-report" ,
"template_uuid" : "d7dd0154-e04f-4c34-a2fb-79f3a3a52aa4" ,
"template_version" : "2" ,
"timestamp" : "1533279890" ,
"uuid" : "f600d536-ac39-4588-9ff8-63621d6d372b" ,
"Attribute" : [
{
"category" : "Other" ,
"comment" : "" ,
"deleted" : false ,
"disable_correlation" : false ,
"object_relation" : "last-submission" ,
"timestamp" : "1533279890" ,
"to_ids" : false ,
"type" : "datetime" ,
"uuid" : "48756df7-573d-42ac-85cd-8fe3c5788ee6" ,
"value" : "2017-11-17T07:51:06"
} ,
{
"category" : "External analysis" ,
"comment" : "" ,
"deleted" : false ,
"disable_correlation" : false ,
"object_relation" : "permalink" ,
"timestamp" : "1533279891" ,
"to_ids" : false ,
"type" : "link" ,
"uuid" : "282bfdc9-157e-4210-bb84-0a1777506956" ,
"value" : "https://www.virustotal.com/file/ec6c35822895fd3f431d4b56552fbcdfff6a336dfd8fb086688a50f354edab54/analysis/1510905066/"
} ,
{
"category" : "Other" ,
"comment" : "" ,
"deleted" : false ,
"disable_correlation" : true ,
"object_relation" : "detection-ratio" ,
"timestamp" : "1533279891" ,
"to_ids" : false ,
"type" : "text" ,
"uuid" : "43993ef1-d625-4106-82d4-d6118f0c4cfd" ,
"value" : "40/61"
}
]
} ,
{
"comment" : "" ,
"deleted" : false ,
"description" : "File object describing a file with meta-information" ,
"meta-category" : "file" ,
"name" : "file" ,
"template_uuid" : "688c46fb-5edb-40a3-8273-1af7923e2215" ,
"template_version" : "11" ,
"timestamp" : "1533279894" ,
"uuid" : "95ac7141-73a2-4887-a57b-703e4ae18c8f" ,
"ObjectReference" : [
{
"comment" : "" ,
"object_uuid" : "95ac7141-73a2-4887-a57b-703e4ae18c8f" ,
"referenced_uuid" : "8afbb632-1a98-404c-bde5-89b01c882fda" ,
"relationship_type" : "analysed-with" ,
"timestamp" : "1533279934" ,
"uuid" : "5b63febe-9bbc-4f05-a28e-6c4102de0b81"
}
] ,
"Attribute" : [
{
"category" : "Payload delivery" ,
"comment" : "" ,
"deleted" : false ,
"disable_correlation" : false ,
"object_relation" : "md5" ,
"timestamp" : "1533279891" ,
"to_ids" : true ,
"type" : "md5" ,
"uuid" : "fe011b69-ef8e-440e-94db-cb6ec26a85c6" ,
"value" : "ddcd67b7b83e73426b4d35881789e7dc"
} ,
{
"category" : "Payload delivery" ,
"comment" : "" ,
"deleted" : false ,
"disable_correlation" : false ,
"object_relation" : "sha1" ,
"timestamp" : "1533279892" ,
"to_ids" : true ,
"type" : "sha1" ,
"uuid" : "6d65379c-1985-46b5-8426-6ed30e062032" ,
"value" : "bf3eac9a7808d3ee75e8018397cde1d8d6628b43"
} ,
{
"category" : "Payload delivery" ,
"comment" : "" ,
"deleted" : false ,
"disable_correlation" : false ,
"object_relation" : "sha256" ,
"timestamp" : "1533279893" ,
"to_ids" : true ,
"type" : "sha256" ,
"uuid" : "1582ae01-0477-4a03-9475-fffbdd6c7f4d" ,
"value" : "cd6d64e96821f0d1e3e19e0da8403298e69dbcb5c0f44c83d04ca2d0e2ae80a1"
}
]
} ,
{
"comment" : "" ,
"deleted" : false ,
"description" : "VirusTotal report" ,
"meta-category" : "misc" ,
"name" : "virustotal-report" ,
"template_uuid" : "d7dd0154-e04f-4c34-a2fb-79f3a3a52aa4" ,
"template_version" : "2" ,
"timestamp" : "1533279893" ,
"uuid" : "8afbb632-1a98-404c-bde5-89b01c882fda" ,
"Attribute" : [
{
"category" : "Other" ,
"comment" : "" ,
"deleted" : false ,
"disable_correlation" : false ,
"object_relation" : "last-submission" ,
"timestamp" : "1533279893" ,
"to_ids" : false ,
"type" : "datetime" ,
"uuid" : "463f05bc-f341-41db-85db-1bb6014384bc" ,
"value" : "2018-01-08T11:15:14"
} ,
{
"category" : "External analysis" ,
"comment" : "" ,
"deleted" : false ,
"disable_correlation" : false ,
"object_relation" : "permalink" ,
"timestamp" : "1533279894" ,
"to_ids" : false ,
"type" : "link" ,
"uuid" : "7a4b99ac-2a67-44e8-88a7-10beb23f0bb3" ,
"value" : "https://www.virustotal.com/file/cd6d64e96821f0d1e3e19e0da8403298e69dbcb5c0f44c83d04ca2d0e2ae80a1/analysis/1515410114/"
} ,
{
"category" : "Other" ,
"comment" : "" ,
"deleted" : false ,
"disable_correlation" : true ,
"object_relation" : "detection-ratio" ,
"timestamp" : "1533279895" ,
"to_ids" : false ,
"type" : "text" ,
"uuid" : "920a9729-3f24-4669-a705-32bb7a85aac1" ,
"value" : "25/66"
}
]
} ,
{
"comment" : "" ,
"deleted" : false ,
"description" : "File object describing a file with meta-information" ,
"meta-category" : "file" ,
"name" : "file" ,
"template_uuid" : "688c46fb-5edb-40a3-8273-1af7923e2215" ,
"template_version" : "11" ,
"timestamp" : "1533279898" ,
"uuid" : "1b004d6a-4eaa-4144-80db-7ddfed3e1672" ,
"ObjectReference" : [
{
"comment" : "" ,
"object_uuid" : "1b004d6a-4eaa-4144-80db-7ddfed3e1672" ,
"referenced_uuid" : "1f8e9d51-4bc9-466f-ad49-357294ada4d8" ,
"relationship_type" : "analysed-with" ,
"timestamp" : "1533279934" ,
"uuid" : "5b63febe-b7b4-4ed0-b573-6c4102de0b81"
}
] ,
"Attribute" : [
{
"category" : "Payload delivery" ,
"comment" : "" ,
"deleted" : false ,
"disable_correlation" : false ,
"object_relation" : "md5" ,
"timestamp" : "1533279895" ,
"to_ids" : true ,
"type" : "md5" ,
"uuid" : "028bc5b0-0dfe-4f87-a6dd-58f1110bfc07" ,
"value" : "db0954a2f9c95737d1e54a1f9cf01404"
} ,
{
"category" : "Payload delivery" ,
"comment" : "" ,
"deleted" : false ,
"disable_correlation" : false ,
"object_relation" : "sha1" ,
"timestamp" : "1533279895" ,
"to_ids" : true ,
"type" : "sha1" ,
"uuid" : "d0708a59-ed96-4795-9c70-32062888c539" ,
"value" : "4533f0c5b799f92fcecda88bf2c94b16eb554878"
} ,
{
"category" : "Payload delivery" ,
"comment" : "" ,
"deleted" : false ,
"disable_correlation" : false ,
"object_relation" : "sha256" ,
"timestamp" : "1533279896" ,
"to_ids" : true ,
"type" : "sha256" ,
"uuid" : "341a584d-31e4-4ff6-8812-94c0f716068d" ,
"value" : "dfb34ac6b3a5242a7c35e074bd1348e24f4e31b58bd6e901a639838524d0760b"
}
]
} ,
{
"comment" : "" ,
"deleted" : false ,
"description" : "VirusTotal report" ,
"meta-category" : "misc" ,
"name" : "virustotal-report" ,
"template_uuid" : "d7dd0154-e04f-4c34-a2fb-79f3a3a52aa4" ,
"template_version" : "2" ,
"timestamp" : "1533279896" ,
"uuid" : "1f8e9d51-4bc9-466f-ad49-357294ada4d8" ,
"Attribute" : [
{
"category" : "Other" ,
"comment" : "" ,
"deleted" : false ,
"disable_correlation" : false ,
"object_relation" : "last-submission" ,
"timestamp" : "1533279896" ,
"to_ids" : false ,
"type" : "datetime" ,
"uuid" : "00e0002d-aad3-4985-8589-b123f93e726d" ,
"value" : "2017-11-14T18:51:32"
} ,
{
"category" : "External analysis" ,
"comment" : "" ,
"deleted" : false ,
"disable_correlation" : false ,
"object_relation" : "permalink" ,
"timestamp" : "1533279897" ,
"to_ids" : false ,
"type" : "link" ,
"uuid" : "ae882f60-63c1-4df4-bd99-5b54ba427c6a" ,
"value" : "https://www.virustotal.com/file/dfb34ac6b3a5242a7c35e074bd1348e24f4e31b58bd6e901a639838524d0760b/analysis/1510685492/"
} ,
{
"category" : "Other" ,
"comment" : "" ,
"deleted" : false ,
"disable_correlation" : true ,
"object_relation" : "detection-ratio" ,
"timestamp" : "1533279897" ,
"to_ids" : false ,
"type" : "text" ,
"uuid" : "b29f8bde-8a2d-4d09-9b0c-c270df68e58f" ,
"value" : "35/60"
}
]
} ,
{
"comment" : "" ,
"deleted" : false ,
"description" : "File object describing a file with meta-information" ,
"meta-category" : "file" ,
"name" : "file" ,
"template_uuid" : "688c46fb-5edb-40a3-8273-1af7923e2215" ,
"template_version" : "11" ,
"timestamp" : "1533279900" ,
"uuid" : "764f0fcd-1ab1-4784-8f89-476df01f9e82" ,
"ObjectReference" : [
{
"comment" : "" ,
"object_uuid" : "764f0fcd-1ab1-4784-8f89-476df01f9e82" ,
"referenced_uuid" : "4d24cad3-2421-48ad-9b73-2624715cd5dd" ,
"relationship_type" : "analysed-with" ,
"timestamp" : "1533279934" ,
"uuid" : "5b63febe-7e68-49dc-b96e-6c4102de0b81"
}
] ,
"Attribute" : [
{
"category" : "Payload delivery" ,
"comment" : "" ,
"deleted" : false ,
"disable_correlation" : false ,
"object_relation" : "md5" ,
"timestamp" : "1533279897" ,
"to_ids" : true ,
"type" : "md5" ,
"uuid" : "3360c649-133f-481b-b1b5-e06d8379629f" ,
"value" : "075ff2fb2e33a319e56a8955fade154e"
} ,
{
"category" : "Payload delivery" ,
"comment" : "" ,
"deleted" : false ,
"disable_correlation" : false ,
"object_relation" : "sha1" ,
"timestamp" : "1533279898" ,
"to_ids" : true ,
"type" : "sha1" ,
"uuid" : "c675fb69-aa4b-496c-abde-64576b10de92" ,
"value" : "ec11b96059609d9e253b5ec977a2bc358f82db44"
} ,
{
"category" : "Payload delivery" ,
"comment" : "" ,
"deleted" : false ,
"disable_correlation" : false ,
"object_relation" : "sha256" ,
"timestamp" : "1533279898" ,
"to_ids" : true ,
"type" : "sha256" ,
"uuid" : "223abe11-4c5c-4bf7-871b-a4cd27bce80c" ,
"value" : "1de36f02cfb965b411465afe6299d4e6696a3bdc8b4f41417847da1ee7edc52e"
}
]
} ,
{
"comment" : "" ,
"deleted" : false ,
"description" : "VirusTotal report" ,
"meta-category" : "misc" ,
"name" : "virustotal-report" ,
"template_uuid" : "d7dd0154-e04f-4c34-a2fb-79f3a3a52aa4" ,
"template_version" : "2" ,
"timestamp" : "1533279899" ,
"uuid" : "4d24cad3-2421-48ad-9b73-2624715cd5dd" ,
"Attribute" : [
{
"category" : "Other" ,
"comment" : "" ,
"deleted" : false ,
"disable_correlation" : false ,
"object_relation" : "last-submission" ,
"timestamp" : "1533279899" ,
"to_ids" : false ,
"type" : "datetime" ,
"uuid" : "9f65d903-d08d-4947-9754-6f9a1c667fd4" ,
"value" : "2017-11-21T09:17:59"
} ,
{
"category" : "External analysis" ,
"comment" : "" ,
"deleted" : false ,
"disable_correlation" : false ,
"object_relation" : "permalink" ,
"timestamp" : "1533279899" ,
"to_ids" : false ,
"type" : "link" ,
"uuid" : "0089de46-5fe9-4655-9b15-ccc24ce0d162" ,
"value" : "https://www.virustotal.com/file/1de36f02cfb965b411465afe6299d4e6696a3bdc8b4f41417847da1ee7edc52e/analysis/1511255879/"
} ,
{
"category" : "Other" ,
"comment" : "" ,
"deleted" : false ,
"disable_correlation" : true ,
"object_relation" : "detection-ratio" ,
"timestamp" : "1533279900" ,
"to_ids" : false ,
"type" : "text" ,
"uuid" : "0a1f957d-dbb3-4f70-bfa6-3bdce0a9309a" ,
"value" : "50/68"
}
]
} ,
{
"comment" : "" ,
"deleted" : false ,
"description" : "File object describing a file with meta-information" ,
"meta-category" : "file" ,
"name" : "file" ,
"template_uuid" : "688c46fb-5edb-40a3-8273-1af7923e2215" ,
"template_version" : "11" ,
"timestamp" : "1533279903" ,
"uuid" : "d5094d86-5aa2-4930-be67-590b666faf24" ,
"ObjectReference" : [
{
"comment" : "" ,
"object_uuid" : "d5094d86-5aa2-4930-be67-590b666faf24" ,
"referenced_uuid" : "68f98b66-dfff-4879-a93e-23798294887a" ,
"relationship_type" : "analysed-with" ,
"timestamp" : "1533279934" ,
"uuid" : "5b63febe-28dc-42ca-ac0f-6c4102de0b81"
}
] ,
"Attribute" : [
{
"category" : "Payload delivery" ,
"comment" : "" ,
"deleted" : false ,
"disable_correlation" : false ,
"object_relation" : "md5" ,
"timestamp" : "1533279900" ,
"to_ids" : true ,
"type" : "md5" ,
"uuid" : "13099554-1f07-47b3-ab0e-9bd58064bfe4" ,
"value" : "567157989551a5c6926c375eb0652804"
} ,
{
"category" : "Payload delivery" ,
"comment" : "" ,
"deleted" : false ,
"disable_correlation" : false ,
"object_relation" : "sha1" ,
"timestamp" : "1533279901" ,
"to_ids" : true ,
"type" : "sha1" ,
"uuid" : "91859f8c-3dd0-497f-813c-f94e3f496da1" ,
"value" : "e9d03f2e60ba16636291bf1e75ed088caf9c0e23"
} ,
{
"category" : "Payload delivery" ,
"comment" : "" ,
"deleted" : false ,
"disable_correlation" : false ,
"object_relation" : "sha256" ,
"timestamp" : "1533279903" ,
"to_ids" : true ,
"type" : "sha256" ,
"uuid" : "db14fa10-2016-4d0b-9699-15bf051927c3" ,
"value" : "c3fd90b9152952b04e9b991710f31e235f41027c32fcc90a1809bd80e1326d46"
}
]
} ,
{
"comment" : "" ,
"deleted" : false ,
"description" : "VirusTotal report" ,
"meta-category" : "misc" ,
"name" : "virustotal-report" ,
"template_uuid" : "d7dd0154-e04f-4c34-a2fb-79f3a3a52aa4" ,
"template_version" : "2" ,
"timestamp" : "1533279904" ,
"uuid" : "68f98b66-dfff-4879-a93e-23798294887a" ,
"Attribute" : [
{
"category" : "Other" ,
"comment" : "" ,
"deleted" : false ,
"disable_correlation" : false ,
"object_relation" : "last-submission" ,
"timestamp" : "1533279904" ,
"to_ids" : false ,
"type" : "datetime" ,
"uuid" : "ef1c04a8-d4b6-4ea6-b2ea-52902c39abee" ,
"value" : "2018-07-22T16:30:27"
} ,
{
"category" : "External analysis" ,
"comment" : "" ,
"deleted" : false ,
"disable_correlation" : false ,
"object_relation" : "permalink" ,
"timestamp" : "1533279904" ,
"to_ids" : false ,
"type" : "link" ,
"uuid" : "211bf203-36e3-42c8-9ff8-3f8c7de10da2" ,
"value" : "https://www.virustotal.com/file/c3fd90b9152952b04e9b991710f31e235f41027c32fcc90a1809bd80e1326d46/analysis/1532277027/"
} ,
{
"category" : "Other" ,
"comment" : "" ,
"deleted" : false ,
"disable_correlation" : true ,
"object_relation" : "detection-ratio" ,
"timestamp" : "1533279905" ,
"to_ids" : false ,
"type" : "text" ,
"uuid" : "1e55e3b2-8535-47ce-83e0-db826ea05c79" ,
"value" : "59/68"
}
]
} ,
{
"comment" : "" ,
"deleted" : false ,
"description" : "File object describing a file with meta-information" ,
"meta-category" : "file" ,
"name" : "file" ,
"template_uuid" : "688c46fb-5edb-40a3-8273-1af7923e2215" ,
"template_version" : "11" ,
"timestamp" : "1533279908" ,
"uuid" : "52674802-1516-419a-bc3b-01dae5b5746f" ,
"ObjectReference" : [
{
"comment" : "" ,
"object_uuid" : "52674802-1516-419a-bc3b-01dae5b5746f" ,
"referenced_uuid" : "2b1648e9-577e-46f9-bdb3-f70186927dc3" ,
"relationship_type" : "analysed-with" ,
"timestamp" : "1533279934" ,
"uuid" : "5b63febe-1cb4-46b3-9307-6c4102de0b81"
}
] ,
"Attribute" : [
{
"category" : "Payload delivery" ,
"comment" : "" ,
"deleted" : false ,
"disable_correlation" : false ,
"object_relation" : "md5" ,
"timestamp" : "1533279905" ,
"to_ids" : true ,
"type" : "md5" ,
"uuid" : "1ea8fd0a-95c3-47b7-b373-db71030633c6" ,
"value" : "aa6797ec4d23a39f91ddd222a31ddd1e"
} ,
{
"category" : "Payload delivery" ,
"comment" : "" ,
"deleted" : false ,
"disable_correlation" : false ,
"object_relation" : "sha1" ,
"timestamp" : "1533279906" ,
"to_ids" : true ,
"type" : "sha1" ,
"uuid" : "b232a70c-92ad-44cf-af95-0e0d1b409825" ,
"value" : "3d38d65a1306d9d85514585c8b01f347c1067a79"
} ,
{
"category" : "Payload delivery" ,
"comment" : "" ,
"deleted" : false ,
"disable_correlation" : false ,
"object_relation" : "sha256" ,
"timestamp" : "1533279906" ,
"to_ids" : true ,
"type" : "sha256" ,
"uuid" : "f7ddafb1-60ba-4501-bfee-f9d4ba2aeb23" ,
"value" : "7cf208b9fdfe820f9d9224f42183d5d62fd3c6a2a3662931cb399f55eed5a699"
}
]
} ,
{
"comment" : "" ,
"deleted" : false ,
"description" : "VirusTotal report" ,
"meta-category" : "misc" ,
"name" : "virustotal-report" ,
"template_uuid" : "d7dd0154-e04f-4c34-a2fb-79f3a3a52aa4" ,
"template_version" : "2" ,
"timestamp" : "1533279906" ,
"uuid" : "2b1648e9-577e-46f9-bdb3-f70186927dc3" ,
"Attribute" : [
{
"category" : "Other" ,
"comment" : "" ,
"deleted" : false ,
"disable_correlation" : false ,
"object_relation" : "last-submission" ,
"timestamp" : "1533279907" ,
"to_ids" : false ,
"type" : "datetime" ,
"uuid" : "eb279efe-855d-4375-87c6-b02ad41efcd1" ,
"value" : "2018-06-23T06:30:59"
} ,
{
"category" : "External analysis" ,
"comment" : "" ,
"deleted" : false ,
"disable_correlation" : false ,
"object_relation" : "permalink" ,
"timestamp" : "1533279907" ,
"to_ids" : false ,
"type" : "link" ,
"uuid" : "6f700c7e-96f3-41e7-8a0f-24053157b240" ,
"value" : "https://www.virustotal.com/file/7cf208b9fdfe820f9d9224f42183d5d62fd3c6a2a3662931cb399f55eed5a699/analysis/1529735459/"
} ,
{
"category" : "Other" ,
"comment" : "" ,
"deleted" : false ,
"disable_correlation" : true ,
"object_relation" : "detection-ratio" ,
"timestamp" : "1533279908" ,
"to_ids" : false ,
"type" : "text" ,
"uuid" : "53125897-66d9-42fd-bf74-3885aaed354f" ,
"value" : "54/68"
}
]
} ,
{
"comment" : "" ,
"deleted" : false ,
"description" : "File object describing a file with meta-information" ,
"meta-category" : "file" ,
"name" : "file" ,
"template_uuid" : "688c46fb-5edb-40a3-8273-1af7923e2215" ,
"template_version" : "11" ,
"timestamp" : "1533279911" ,
"uuid" : "096da749-1936-41dd-96f3-cbdd247f2548" ,
"ObjectReference" : [
{
"comment" : "" ,
"object_uuid" : "096da749-1936-41dd-96f3-cbdd247f2548" ,
"referenced_uuid" : "bee97d03-cf53-441d-b24e-be6fe5aff6fe" ,
"relationship_type" : "analysed-with" ,
"timestamp" : "1533279934" ,
"uuid" : "5b63febe-5d0c-46a4-a028-6c4102de0b81"
}
] ,
"Attribute" : [
{
"category" : "Payload delivery" ,
"comment" : "" ,
"deleted" : false ,
"disable_correlation" : false ,
"object_relation" : "md5" ,
"timestamp" : "1533279908" ,
"to_ids" : true ,
"type" : "md5" ,
"uuid" : "34751530-0ab1-438c-9d19-76943031eb3d" ,
"value" : "21089b34d8f9cb7910f521e30aa55908"
} ,
{
"category" : "Payload delivery" ,
"comment" : "" ,
"deleted" : false ,
"disable_correlation" : false ,
"object_relation" : "sha1" ,
"timestamp" : "1533279908" ,
"to_ids" : true ,
"type" : "sha1" ,
"uuid" : "d14575c4-099e-4cb1-93cd-80b429d91aa9" ,
"value" : "5e0d7f6a8f88decf4ed2107adeeb0f2d805dbc6d"
} ,
{
"category" : "Payload delivery" ,
"comment" : "" ,
"deleted" : false ,
"disable_correlation" : false ,
"object_relation" : "sha256" ,
"timestamp" : "1533279909" ,
"to_ids" : true ,
"type" : "sha256" ,
"uuid" : "05c5bd12-2c7e-494f-a12a-bc1d70f8b166" ,
"value" : "a60254d5a636021fdd9d71a88c10d8cca7889f96acf80cd81098b0015c96a79a"
}
]
} ,
{
"comment" : "" ,
"deleted" : false ,
"description" : "VirusTotal report" ,
"meta-category" : "misc" ,
"name" : "virustotal-report" ,
"template_uuid" : "d7dd0154-e04f-4c34-a2fb-79f3a3a52aa4" ,
"template_version" : "2" ,
"timestamp" : "1533279909" ,
"uuid" : "bee97d03-cf53-441d-b24e-be6fe5aff6fe" ,
"Attribute" : [
{
"category" : "Other" ,
"comment" : "" ,
"deleted" : false ,
"disable_correlation" : false ,
"object_relation" : "last-submission" ,
"timestamp" : "1533279910" ,
"to_ids" : false ,
"type" : "datetime" ,
"uuid" : "1a37dc13-68a5-419e-8593-c80aad983a0f" ,
"value" : "2018-01-31T06:44:56"
} ,
{
"category" : "External analysis" ,
"comment" : "" ,
"deleted" : false ,
"disable_correlation" : false ,
"object_relation" : "permalink" ,
"timestamp" : "1533279910" ,
"to_ids" : false ,
"type" : "link" ,
"uuid" : "dbdf7ee7-d96e-43df-99ec-f1a7d56df6c4" ,
"value" : "https://www.virustotal.com/file/a60254d5a636021fdd9d71a88c10d8cca7889f96acf80cd81098b0015c96a79a/analysis/1517381096/"
} ,
{
"category" : "Other" ,
"comment" : "" ,
"deleted" : false ,
"disable_correlation" : true ,
"object_relation" : "detection-ratio" ,
"timestamp" : "1533279911" ,
"to_ids" : false ,
"type" : "text" ,
"uuid" : "0e6c3ab0-31fe-4ac6-861a-86117f7610eb" ,
"value" : "24/66"
}
]
} ,
{
"comment" : "" ,
"deleted" : false ,
"description" : "File object describing a file with meta-information" ,
"meta-category" : "file" ,
"name" : "file" ,
"template_uuid" : "688c46fb-5edb-40a3-8273-1af7923e2215" ,
"template_version" : "11" ,
"timestamp" : "1533279914" ,
"uuid" : "fe9ff2db-3990-4476-af1f-4ea5fd9455ec" ,
"ObjectReference" : [
{
"comment" : "" ,
"object_uuid" : "fe9ff2db-3990-4476-af1f-4ea5fd9455ec" ,
"referenced_uuid" : "3a3d31fe-1599-4535-8de1-073d022ac421" ,
"relationship_type" : "analysed-with" ,
"timestamp" : "1533279934" ,
"uuid" : "5b63febe-2ddc-4cc7-97aa-6c4102de0b81"
}
] ,
"Attribute" : [
{
"category" : "Payload delivery" ,
"comment" : "" ,
"deleted" : false ,
"disable_correlation" : false ,
"object_relation" : "md5" ,
"timestamp" : "1533279911" ,
"to_ids" : true ,
"type" : "md5" ,
"uuid" : "91a71d02-5ada-4b37-ad1e-03e38a98d5e7" ,
"value" : "59e172ec7d73a5c41d4dbb218ca1af66"
} ,
{
"category" : "Payload delivery" ,
"comment" : "" ,
"deleted" : false ,
"disable_correlation" : false ,
"object_relation" : "sha1" ,
"timestamp" : "1533279912" ,
"to_ids" : true ,
"type" : "sha1" ,
"uuid" : "e0eded88-f760-44c1-81ca-e00b77f13ffd" ,
"value" : "f116b6360951036814e9ce2a35fcdf467307d2c6"
} ,
{
"category" : "Payload delivery" ,
"comment" : "" ,
"deleted" : false ,
"disable_correlation" : false ,
"object_relation" : "sha256" ,
"timestamp" : "1533279913" ,
"to_ids" : true ,
"type" : "sha256" ,
"uuid" : "8f630c81-70df-4b55-a3f7-c820b62839bd" ,
"value" : "21fa492145115aef1fb2fc686ad09e5769b6730764eea1d9a90c1ca64ac8f5a0"
}
]
} ,
{
"comment" : "" ,
"deleted" : false ,
"description" : "VirusTotal report" ,
"meta-category" : "misc" ,
"name" : "virustotal-report" ,
"template_uuid" : "d7dd0154-e04f-4c34-a2fb-79f3a3a52aa4" ,
"template_version" : "2" ,
"timestamp" : "1533279913" ,
"uuid" : "3a3d31fe-1599-4535-8de1-073d022ac421" ,
"Attribute" : [
{
"category" : "Other" ,
"comment" : "" ,
"deleted" : false ,
"disable_correlation" : false ,
"object_relation" : "last-submission" ,
"timestamp" : "1533279913" ,
"to_ids" : false ,
"type" : "datetime" ,
"uuid" : "730fa964-2173-4469-80e6-038e28bd3b6f" ,
"value" : "2018-08-01T11:55:50"
} ,
{
"category" : "External analysis" ,
"comment" : "" ,
"deleted" : false ,
"disable_correlation" : false ,
"object_relation" : "permalink" ,
"timestamp" : "1533279914" ,
"to_ids" : false ,
"type" : "link" ,
"uuid" : "434cb613-2d0b-4e78-ad7d-15cf7bc2c0b9" ,
"value" : "https://www.virustotal.com/file/21fa492145115aef1fb2fc686ad09e5769b6730764eea1d9a90c1ca64ac8f5a0/analysis/1533124550/"
} ,
{
"category" : "Other" ,
"comment" : "" ,
"deleted" : false ,
"disable_correlation" : true ,
"object_relation" : "detection-ratio" ,
"timestamp" : "1533279914" ,
"to_ids" : false ,
"type" : "text" ,
"uuid" : "9ae1bfb8-ee0a-42a2-b254-cd8d65cee0b6" ,
"value" : "0/59"
}
]
} ,
{
"comment" : "" ,
"deleted" : false ,
"description" : "File object describing a file with meta-information" ,
"meta-category" : "file" ,
"name" : "file" ,
"template_uuid" : "688c46fb-5edb-40a3-8273-1af7923e2215" ,
"template_version" : "11" ,
"timestamp" : "1533279917" ,
"uuid" : "2c0a000b-4cb5-444e-b6e8-f5ce047774bc" ,
"ObjectReference" : [
{
"comment" : "" ,
"object_uuid" : "2c0a000b-4cb5-444e-b6e8-f5ce047774bc" ,
"referenced_uuid" : "6a699fff-9d42-4ebc-835c-7063f752908c" ,
"relationship_type" : "analysed-with" ,
"timestamp" : "1533279934" ,
"uuid" : "5b63febe-db6c-4c22-94fc-6c4102de0b81"
}
] ,
"Attribute" : [
{
"category" : "Payload delivery" ,
"comment" : "" ,
"deleted" : false ,
"disable_correlation" : false ,
"object_relation" : "md5" ,
"timestamp" : "1533279914" ,
"to_ids" : true ,
"type" : "md5" ,
"uuid" : "c14f2fa0-dabd-4fad-ab70-1490bda156a2" ,
"value" : "c531c45b08b692d84cf0699ef92f0134"
} ,
{
"category" : "Payload delivery" ,
"comment" : "" ,
"deleted" : false ,
"disable_correlation" : false ,
"object_relation" : "sha1" ,
"timestamp" : "1533279915" ,
"to_ids" : true ,
"type" : "sha1" ,
"uuid" : "dac5d65d-573c-4ded-b665-44b31ee88447" ,
"value" : "fc1ee56c51e8367e07c7d382b2251f460292b3cf"
} ,
{
"category" : "Payload delivery" ,
"comment" : "" ,
"deleted" : false ,
"disable_correlation" : false ,
"object_relation" : "sha256" ,
"timestamp" : "1533279915" ,
"to_ids" : true ,
"type" : "sha256" ,
"uuid" : "c77aad31-d77d-4e54-86f7-3a5e60cd3863" ,
"value" : "3998b264f947f3e70986c831a1f776790f96b0d8c72685a9ca3c6dea6f14bf6e"
}
]
} ,
{
"comment" : "" ,
"deleted" : false ,
"description" : "VirusTotal report" ,
"meta-category" : "misc" ,
"name" : "virustotal-report" ,
"template_uuid" : "d7dd0154-e04f-4c34-a2fb-79f3a3a52aa4" ,
"template_version" : "2" ,
"timestamp" : "1533279916" ,
"uuid" : "6a699fff-9d42-4ebc-835c-7063f752908c" ,
"Attribute" : [
{
"category" : "Other" ,
"comment" : "" ,
"deleted" : false ,
"disable_correlation" : false ,
"object_relation" : "last-submission" ,
"timestamp" : "1533279916" ,
"to_ids" : false ,
"type" : "datetime" ,
"uuid" : "62d26141-e9b0-4349-a720-5ed0d4d7e834" ,
"value" : "2018-03-01T07:21:24"
} ,
{
"category" : "External analysis" ,
"comment" : "" ,
"deleted" : false ,
"disable_correlation" : false ,
"object_relation" : "permalink" ,
"timestamp" : "1533279917" ,
"to_ids" : false ,
"type" : "link" ,
"uuid" : "786c71b7-e87c-44d1-97e0-932131116732" ,
"value" : "https://www.virustotal.com/file/3998b264f947f3e70986c831a1f776790f96b0d8c72685a9ca3c6dea6f14bf6e/analysis/1519888884/"
} ,
{
"category" : "Other" ,
"comment" : "" ,
"deleted" : false ,
"disable_correlation" : true ,
"object_relation" : "detection-ratio" ,
"timestamp" : "1533279917" ,
"to_ids" : false ,
"type" : "text" ,
"uuid" : "aded9a20-962a-4e46-a2c5-c26f10d0334d" ,
"value" : "11/68"
}
]
} ,
{
"comment" : "" ,
"deleted" : false ,
"description" : "File object describing a file with meta-information" ,
"meta-category" : "file" ,
"name" : "file" ,
"template_uuid" : "688c46fb-5edb-40a3-8273-1af7923e2215" ,
"template_version" : "11" ,
"timestamp" : "1533279920" ,
"uuid" : "b41fba7b-7e99-46be-b244-3749274d6511" ,
"ObjectReference" : [
{
"comment" : "" ,
"object_uuid" : "b41fba7b-7e99-46be-b244-3749274d6511" ,
"referenced_uuid" : "2643e936-cbd4-4080-bf24-897926886b9c" ,
"relationship_type" : "analysed-with" ,
"timestamp" : "1533279934" ,
"uuid" : "5b63febe-fa44-4359-a5f7-6c4102de0b81"
}
] ,
"Attribute" : [
{
"category" : "Payload delivery" ,
"comment" : "" ,
"deleted" : false ,
"disable_correlation" : false ,
"object_relation" : "md5" ,
"timestamp" : "1533279917" ,
"to_ids" : true ,
"type" : "md5" ,
"uuid" : "67504e45-924b-47c0-9cdd-1b8098c21f36" ,
"value" : "34a1e9fcc84adc4ab2ec364845f64220"
} ,
{
"category" : "Payload delivery" ,
"comment" : "" ,
"deleted" : false ,
"disable_correlation" : false ,
"object_relation" : "sha1" ,
"timestamp" : "1533279918" ,
"to_ids" : true ,
"type" : "sha1" ,
"uuid" : "15b9f771-8f52-46e4-9da9-26f8d0d4460f" ,
"value" : "7ef53e5a9a67e7f932ad53bf3a85c2ae91026f34"
} ,
{
"category" : "Payload delivery" ,
"comment" : "" ,
"deleted" : false ,
"disable_correlation" : false ,
"object_relation" : "sha256" ,
"timestamp" : "1533279918" ,
"to_ids" : true ,
"type" : "sha256" ,
"uuid" : "52fd6b55-46b4-4085-94ac-b4e446875034" ,
"value" : "65e062b0ad6af49772988645f07d9bf890ed1310cf76630e6536762943115529"
}
]
} ,
{
"comment" : "" ,
"deleted" : false ,
"description" : "VirusTotal report" ,
"meta-category" : "misc" ,
"name" : "virustotal-report" ,
"template_uuid" : "d7dd0154-e04f-4c34-a2fb-79f3a3a52aa4" ,
"template_version" : "2" ,
"timestamp" : "1533279919" ,
"uuid" : "2643e936-cbd4-4080-bf24-897926886b9c" ,
"Attribute" : [
{
"category" : "Other" ,
"comment" : "" ,
"deleted" : false ,
"disable_correlation" : false ,
"object_relation" : "last-submission" ,
"timestamp" : "1533279919" ,
"to_ids" : false ,
"type" : "datetime" ,
"uuid" : "d6cc19a3-2f99-4d78-8fe2-7bf2bcfb4d90" ,
"value" : "2018-08-01T11:55:11"
} ,
{
"category" : "External analysis" ,
"comment" : "" ,
"deleted" : false ,
"disable_correlation" : false ,
"object_relation" : "permalink" ,
"timestamp" : "1533279919" ,
"to_ids" : false ,
"type" : "link" ,
"uuid" : "08b25fe3-52e6-4aa1-a598-efb51d3856be" ,
"value" : "https://www.virustotal.com/file/65e062b0ad6af49772988645f07d9bf890ed1310cf76630e6536762943115529/analysis/1533124511/"
} ,
{
"category" : "Other" ,
"comment" : "" ,
"deleted" : false ,
"disable_correlation" : true ,
"object_relation" : "detection-ratio" ,
"timestamp" : "1533279920" ,
"to_ids" : false ,
"type" : "text" ,
"uuid" : "76b329b7-f2f5-472a-b3aa-39a5e8896201" ,
"value" : "39/66"
}
]
} ,
{
"comment" : "" ,
"deleted" : false ,
"description" : "File object describing a file with meta-information" ,
"meta-category" : "file" ,
"name" : "file" ,
"template_uuid" : "688c46fb-5edb-40a3-8273-1af7923e2215" ,
"template_version" : "11" ,
"timestamp" : "1533279923" ,
"uuid" : "4024aa3c-18df-4452-a3b9-9f3e62fa105c" ,
"ObjectReference" : [
{
"comment" : "" ,
"object_uuid" : "4024aa3c-18df-4452-a3b9-9f3e62fa105c" ,
"referenced_uuid" : "242889dc-9946-48f0-bb16-b6044a619b37" ,
"relationship_type" : "analysed-with" ,
"timestamp" : "1533279934" ,
"uuid" : "5b63febe-b664-4c79-9dd9-6c4102de0b81"
}
] ,
"Attribute" : [
{
"category" : "Payload delivery" ,
"comment" : "" ,
"deleted" : false ,
"disable_correlation" : false ,
"object_relation" : "md5" ,
"timestamp" : "1533279920" ,
"to_ids" : true ,
"type" : "md5" ,
"uuid" : "fd5ecdad-e69c-4f2a-ad9c-a75c1c3a10b6" ,
"value" : "5f19025a2ac2afeb331d4a0971507131"
} ,
{
"category" : "Payload delivery" ,
"comment" : "" ,
"deleted" : false ,
"disable_correlation" : false ,
"object_relation" : "sha1" ,
"timestamp" : "1533279920" ,
"to_ids" : true ,
"type" : "sha1" ,
"uuid" : "e3460133-2741-4531-bfd8-3c1e27e169e5" ,
"value" : "1b58d0832448414d830bfb065b9f020d3c5fe64b"
} ,
{
"category" : "Payload delivery" ,
"comment" : "" ,
"deleted" : false ,
"disable_correlation" : false ,
"object_relation" : "sha256" ,
"timestamp" : "1533279921" ,
"to_ids" : true ,
"type" : "sha256" ,
"uuid" : "2a2f4293-2aa7-442a-9436-c9dd5fc7b779" ,
"value" : "b2ebda9b727b66fc5538b90745328a5b4fb26135e7254e2c0ddcc2d3b43d1882"
}
]
} ,
{
"comment" : "" ,
"deleted" : false ,
"description" : "VirusTotal report" ,
"meta-category" : "misc" ,
"name" : "virustotal-report" ,
"template_uuid" : "d7dd0154-e04f-4c34-a2fb-79f3a3a52aa4" ,
"template_version" : "2" ,
"timestamp" : "1533279921" ,
"uuid" : "242889dc-9946-48f0-bb16-b6044a619b37" ,
"Attribute" : [
{
"category" : "Other" ,
"comment" : "" ,
"deleted" : false ,
"disable_correlation" : false ,
"object_relation" : "last-submission" ,
"timestamp" : "1533279921" ,
"to_ids" : false ,
"type" : "datetime" ,
"uuid" : "bc6de473-2ba3-4e5c-81f2-9b43c4129c97" ,
"value" : "2018-07-23T22:35:44"
} ,
{
"category" : "External analysis" ,
"comment" : "" ,
"deleted" : false ,
"disable_correlation" : false ,
"object_relation" : "permalink" ,
"timestamp" : "1533279922" ,
"to_ids" : false ,
"type" : "link" ,
"uuid" : "fd14bb8e-738c-47f7-a804-16e0358c56e6" ,
"value" : "https://www.virustotal.com/file/b2ebda9b727b66fc5538b90745328a5b4fb26135e7254e2c0ddcc2d3b43d1882/analysis/1532385344/"
} ,
{
"category" : "Other" ,
"comment" : "" ,
"deleted" : false ,
"disable_correlation" : true ,
"object_relation" : "detection-ratio" ,
"timestamp" : "1533279922" ,
"to_ids" : false ,
"type" : "text" ,
"uuid" : "1f4d5c0d-7cf0-45a5-b727-e53dad1d2436" ,
"value" : "51/68"
}
]
} ,
{
"comment" : "" ,
"deleted" : false ,
"description" : "File object describing a file with meta-information" ,
"meta-category" : "file" ,
"name" : "file" ,
"template_uuid" : "688c46fb-5edb-40a3-8273-1af7923e2215" ,
"template_version" : "11" ,
"timestamp" : "1533279925" ,
"uuid" : "818160f4-21c2-45b6-be21-dd9eec574074" ,
"ObjectReference" : [
{
"comment" : "" ,
"object_uuid" : "818160f4-21c2-45b6-be21-dd9eec574074" ,
"referenced_uuid" : "250c1137-3bfa-446e-b1e3-9ac17421a058" ,
"relationship_type" : "analysed-with" ,
"timestamp" : "1533279934" ,
"uuid" : "5b63febe-22a8-449a-94c4-6c4102de0b81"
}
] ,
"Attribute" : [
{
"category" : "Payload delivery" ,
"comment" : "" ,
"deleted" : false ,
"disable_correlation" : false ,
"object_relation" : "md5" ,
"timestamp" : "1533279922" ,
"to_ids" : true ,
"type" : "md5" ,
"uuid" : "df90358f-e642-4255-8a25-992d1b3a6c48" ,
"value" : "5a610962baf6081eb809a9e460599871"
} ,
{
"category" : "Payload delivery" ,
"comment" : "" ,
"deleted" : false ,
"disable_correlation" : false ,
"object_relation" : "sha1" ,
"timestamp" : "1533279923" ,
"to_ids" : true ,
"type" : "sha1" ,
"uuid" : "7deafec8-9972-4763-83cc-e79fc3a2a678" ,
"value" : "6290a0dca10e063fc8913cfccc7057356e082e3b"
} ,
{
"category" : "Payload delivery" ,
"comment" : "" ,
"deleted" : false ,
"disable_correlation" : false ,
"object_relation" : "sha256" ,
"timestamp" : "1533279923" ,
"to_ids" : true ,
"type" : "sha256" ,
"uuid" : "fe6d2c37-c407-4bf8-9d4e-e78eb418dcb0" ,
"value" : "bc598b8327d9bbffdf96e2f972f2be0794e4e994771c6b0c84d9326921604db7"
}
]
} ,
{
"comment" : "" ,
"deleted" : false ,
"description" : "VirusTotal report" ,
"meta-category" : "misc" ,
"name" : "virustotal-report" ,
"template_uuid" : "d7dd0154-e04f-4c34-a2fb-79f3a3a52aa4" ,
"template_version" : "2" ,
"timestamp" : "1533279924" ,
"uuid" : "250c1137-3bfa-446e-b1e3-9ac17421a058" ,
"Attribute" : [
{
"category" : "Other" ,
"comment" : "" ,
"deleted" : false ,
"disable_correlation" : false ,
"object_relation" : "last-submission" ,
"timestamp" : "1533279924" ,
"to_ids" : false ,
"type" : "datetime" ,
"uuid" : "0f7f6908-09c7-4a86-b090-1fbf58b67e96" ,
"value" : "2018-07-25T17:57:11"
} ,
{
"category" : "External analysis" ,
"comment" : "" ,
"deleted" : false ,
"disable_correlation" : false ,
"object_relation" : "permalink" ,
"timestamp" : "1533279925" ,
"to_ids" : false ,
"type" : "link" ,
"uuid" : "46ad717a-4b50-42b1-bedd-6cdd7e03a1e8" ,
"value" : "https://www.virustotal.com/file/bc598b8327d9bbffdf96e2f972f2be0794e4e994771c6b0c84d9326921604db7/analysis/1532541431/"
} ,
{
"category" : "Other" ,
"comment" : "" ,
"deleted" : false ,
"disable_correlation" : true ,
"object_relation" : "detection-ratio" ,
"timestamp" : "1533279925" ,
"to_ids" : false ,
"type" : "text" ,
"uuid" : "cd23483c-b1f7-4346-a0da-5544b45f3f8e" ,
"value" : "53/68"
}
]
} ,
{
"comment" : "" ,
"deleted" : false ,
"description" : "File object describing a file with meta-information" ,
"meta-category" : "file" ,
"name" : "file" ,
"template_uuid" : "688c46fb-5edb-40a3-8273-1af7923e2215" ,
"template_version" : "11" ,
"timestamp" : "1533279928" ,
"uuid" : "1267f609-b45b-4b55-a0d1-ea1ae7db562d" ,
"ObjectReference" : [
{
"comment" : "" ,
"object_uuid" : "1267f609-b45b-4b55-a0d1-ea1ae7db562d" ,
"referenced_uuid" : "df4f13dc-e7db-4896-a560-3f428553d305" ,
"relationship_type" : "analysed-with" ,
"timestamp" : "1533279935" ,
"uuid" : "5b63febf-2c0c-47af-af79-6c4102de0b81"
}
] ,
"Attribute" : [
{
"category" : "Payload delivery" ,
"comment" : "" ,
"deleted" : false ,
"disable_correlation" : false ,
"object_relation" : "md5" ,
"timestamp" : "1533279925" ,
"to_ids" : true ,
"type" : "md5" ,
"uuid" : "766253bd-94d0-413a-bf3a-965cfa345d06" ,
"value" : "ccb184bbb7d257f02e2f69790d33f3b6"
} ,
{
"category" : "Payload delivery" ,
"comment" : "" ,
"deleted" : false ,
"disable_correlation" : false ,
"object_relation" : "sha1" ,
"timestamp" : "1533279926" ,
"to_ids" : true ,
"type" : "sha1" ,
"uuid" : "9eff8458-9907-4635-a8d6-c2c6f37a7cff" ,
"value" : "69b016cdcbbdbee85333fe04d2d81f8c1bc76f11"
} ,
{
"category" : "Payload delivery" ,
"comment" : "" ,
"deleted" : false ,
"disable_correlation" : false ,
"object_relation" : "sha256" ,
"timestamp" : "1533279926" ,
"to_ids" : true ,
"type" : "sha256" ,
"uuid" : "88b0049a-83f0-49a1-b346-4f92d1ffdd8c" ,
"value" : "e93cc654eb2b17bbd4b760e27d45fc0078c0a8f9b7be6b7a2c11cc78114f31aa"
}
]
} ,
{
"comment" : "" ,
"deleted" : false ,
"description" : "VirusTotal report" ,
"meta-category" : "misc" ,
"name" : "virustotal-report" ,
"template_uuid" : "d7dd0154-e04f-4c34-a2fb-79f3a3a52aa4" ,
"template_version" : "2" ,
"timestamp" : "1533279927" ,
"uuid" : "df4f13dc-e7db-4896-a560-3f428553d305" ,
"Attribute" : [
{
"category" : "Other" ,
"comment" : "" ,
"deleted" : false ,
"disable_correlation" : false ,
"object_relation" : "last-submission" ,
"timestamp" : "1533279927" ,
"to_ids" : false ,
"type" : "datetime" ,
"uuid" : "6497fe78-a309-4e69-9687-96c6c24db053" ,
"value" : "2018-08-02T20:47:19"
} ,
{
"category" : "External analysis" ,
"comment" : "" ,
"deleted" : false ,
"disable_correlation" : false ,
"object_relation" : "permalink" ,
"timestamp" : "1533279927" ,
"to_ids" : false ,
"type" : "link" ,
"uuid" : "8fd07da2-cc82-42ed-9fa4-a9ce5dad548e" ,
"value" : "https://www.virustotal.com/file/e93cc654eb2b17bbd4b760e27d45fc0078c0a8f9b7be6b7a2c11cc78114f31aa/analysis/1533242839/"
} ,
{
"category" : "Other" ,
"comment" : "" ,
"deleted" : false ,
"disable_correlation" : true ,
"object_relation" : "detection-ratio" ,
"timestamp" : "1533279928" ,
"to_ids" : false ,
"type" : "text" ,
"uuid" : "d358f6e8-44d6-4401-839b-d5f52d134dcc" ,
"value" : "47/67"
}
]
} ,
{
"comment" : "" ,
"deleted" : false ,
"description" : "File object describing a file with meta-information" ,
"meta-category" : "file" ,
"name" : "file" ,
"template_uuid" : "688c46fb-5edb-40a3-8273-1af7923e2215" ,
"template_version" : "11" ,
"timestamp" : "1533279931" ,
"uuid" : "6745208f-c8c8-4274-b672-890fb2779a26" ,
"ObjectReference" : [
{
"comment" : "" ,
"object_uuid" : "6745208f-c8c8-4274-b672-890fb2779a26" ,
"referenced_uuid" : "5f713e33-c562-4370-87c0-17a7a79034be" ,
"relationship_type" : "analysed-with" ,
"timestamp" : "1533279935" ,
"uuid" : "5b63febf-60c0-45d4-876d-6c4102de0b81"
}
] ,
"Attribute" : [
{
"category" : "Payload delivery" ,
"comment" : "" ,
"deleted" : false ,
"disable_correlation" : false ,
"object_relation" : "md5" ,
"timestamp" : "1533279928" ,
"to_ids" : true ,
"type" : "md5" ,
"uuid" : "61e9162f-3cbd-410d-b9c5-728df53e459e" ,
"value" : "e5562389a49680c25e67b750b2c368eb"
} ,
{
"category" : "Payload delivery" ,
"comment" : "" ,
"deleted" : false ,
"disable_correlation" : false ,
"object_relation" : "sha1" ,
"timestamp" : "1533279928" ,
"to_ids" : true ,
"type" : "sha1" ,
"uuid" : "22e905fa-3ee3-4615-af2f-096b90b4b690" ,
"value" : "962574ed4d0aaa3479d24d44dcf77ea4ed558bb9"
} ,
{
"category" : "Payload delivery" ,
"comment" : "" ,
"deleted" : false ,
"disable_correlation" : false ,
"object_relation" : "sha256" ,
"timestamp" : "1533279929" ,
"to_ids" : true ,
"type" : "sha256" ,
"uuid" : "4c748301-2642-4530-9d56-6f29083c00c9" ,
"value" : "32275a574511f28ebe2efebb9f9830f30219ca42f438428da04243ccbe76d477"
}
]
} ,
{
"comment" : "" ,
"deleted" : false ,
"description" : "VirusTotal report" ,
"meta-category" : "misc" ,
"name" : "virustotal-report" ,
"template_uuid" : "d7dd0154-e04f-4c34-a2fb-79f3a3a52aa4" ,
"template_version" : "2" ,
"timestamp" : "1533279929" ,
"uuid" : "5f713e33-c562-4370-87c0-17a7a79034be" ,
"Attribute" : [
{
"category" : "Other" ,
"comment" : "" ,
"deleted" : false ,
"disable_correlation" : false ,
"object_relation" : "last-submission" ,
"timestamp" : "1533279930" ,
"to_ids" : false ,
"type" : "datetime" ,
"uuid" : "f53903a9-0918-41d3-9e5f-c001c2fa17d4" ,
"value" : "2018-01-08T11:14:25"
} ,
{
"category" : "External analysis" ,
"comment" : "" ,
"deleted" : false ,
"disable_correlation" : false ,
"object_relation" : "permalink" ,
"timestamp" : "1533279930" ,
"to_ids" : false ,
"type" : "link" ,
"uuid" : "a1fc6f3d-377c-4ed9-bcad-5cbcbebd14f4" ,
"value" : "https://www.virustotal.com/file/32275a574511f28ebe2efebb9f9830f30219ca42f438428da04243ccbe76d477/analysis/1515410065/"
} ,
{
"category" : "Other" ,
"comment" : "" ,
"deleted" : false ,
"disable_correlation" : true ,
"object_relation" : "detection-ratio" ,
"timestamp" : "1533279931" ,
"to_ids" : false ,
"type" : "text" ,
"uuid" : "9ce6141a-8d24-4744-923b-38704f43271b" ,
"value" : "28/67"
}
]
} ,
{
"comment" : "" ,
"deleted" : false ,
"description" : "File object describing a file with meta-information" ,
"meta-category" : "file" ,
"name" : "file" ,
"template_uuid" : "688c46fb-5edb-40a3-8273-1af7923e2215" ,
"template_version" : "11" ,
"timestamp" : "1533279934" ,
"uuid" : "7d5de9ae-0701-4641-b1dd-6db94f8b0ad6" ,
"ObjectReference" : [
{
"comment" : "" ,
"object_uuid" : "7d5de9ae-0701-4641-b1dd-6db94f8b0ad6" ,
"referenced_uuid" : "d9a9cd7a-cc40-41c7-ab06-8ca0b166726f" ,
"relationship_type" : "analysed-with" ,
"timestamp" : "1533279935" ,
"uuid" : "5b63febf-d910-426d-bd76-6c4102de0b81"
}
] ,
"Attribute" : [
{
"category" : "Payload delivery" ,
"comment" : "" ,
"deleted" : false ,
"disable_correlation" : false ,
"object_relation" : "md5" ,
"timestamp" : "1533279931" ,
"to_ids" : true ,
"type" : "md5" ,
"uuid" : "ac0c2f4c-9298-434d-97d9-f7faabb10876" ,
"value" : "f9b14393b995a655e72731c8b6ce78fd"
} ,
{
"category" : "Payload delivery" ,
"comment" : "" ,
"deleted" : false ,
"disable_correlation" : false ,
"object_relation" : "sha1" ,
"timestamp" : "1533279931" ,
"to_ids" : true ,
"type" : "sha1" ,
"uuid" : "27d8b929-23ff-4c75-8f6a-cbb33c9aeaef" ,
"value" : "fa9ab8fe04781041f49597c218324f358fc8d661"
} ,
{
"category" : "Payload delivery" ,
"comment" : "" ,
"deleted" : false ,
"disable_correlation" : false ,
"object_relation" : "sha256" ,
"timestamp" : "1533279932" ,
"to_ids" : true ,
"type" : "sha256" ,
"uuid" : "5569a1c2-015c-4698-8a72-d0237ccf3ba8" ,
"value" : "b82535078c14e1ce98a2e2461af8fb378e56bb2625056fe1dd5a316b3f0365f8"
}
]
} ,
{
"comment" : "" ,
"deleted" : false ,
"description" : "VirusTotal report" ,
"meta-category" : "misc" ,
"name" : "virustotal-report" ,
"template_uuid" : "d7dd0154-e04f-4c34-a2fb-79f3a3a52aa4" ,
"template_version" : "2" ,
"timestamp" : "1533279932" ,
"uuid" : "d9a9cd7a-cc40-41c7-ab06-8ca0b166726f" ,
"Attribute" : [
{
"category" : "Other" ,
"comment" : "" ,
"deleted" : false ,
"disable_correlation" : false ,
"object_relation" : "last-submission" ,
"timestamp" : "1533279932" ,
"to_ids" : false ,
"type" : "datetime" ,
"uuid" : "ed7c1a62-02d3-41ff-a561-8a97c33a37ad" ,
"value" : "2018-03-22T02:30:18"
} ,
{
"category" : "External analysis" ,
"comment" : "" ,
"deleted" : false ,
"disable_correlation" : false ,
"object_relation" : "permalink" ,
"timestamp" : "1533279933" ,
"to_ids" : false ,
"type" : "link" ,
"uuid" : "af4be266-5fb0-4cb9-88db-918da4d6e9bf" ,
"value" : "https://www.virustotal.com/file/b82535078c14e1ce98a2e2461af8fb378e56bb2625056fe1dd5a316b3f0365f8/analysis/1521685818/"
} ,
{
"category" : "Other" ,
"comment" : "" ,
"deleted" : false ,
"disable_correlation" : true ,
"object_relation" : "detection-ratio" ,
"timestamp" : "1533279933" ,
"to_ids" : false ,
"type" : "text" ,
"uuid" : "a54ba07e-36cd-4fbd-9ec5-9d613d889d00" ,
"value" : "9/62"
}
]
}
]
}
}
