2023-04-21 13:25:09 +00:00
{
"Event" : {
"analysis" : "0" ,
"date" : "2018-12-12" ,
"extends_uuid" : "" ,
"info" : "OSINT - \u00e2\u20ac\u02dcOperation Sharpshooter\u00e2\u20ac\u2122 Targets Global Defense, Critical Infrastructure" ,
"publish_timestamp" : "1544734098" ,
"published" : true ,
"threat_level_id" : "3" ,
"timestamp" : "1544734085" ,
"uuid" : "5c125ad1-a1a8-495e-ae07-48bd950d210f" ,
"Orgc" : {
"name" : "CIRCL" ,
"uuid" : "55f6ea5e-2c60-40e5-964f-47a8950d210f"
} ,
"Tag" : [
{
"colour" : "#0088cc" ,
2023-05-19 09:05:37 +00:00
"local" : "0" ,
"name" : "misp-galaxy:mitre-enterprise-attack-attack-pattern=\"Account Discovery - T1087\"" ,
"relationship_type" : ""
2023-04-21 13:25:09 +00:00
} ,
{
"colour" : "#0088cc" ,
2023-05-19 09:05:37 +00:00
"local" : "0" ,
"name" : "misp-galaxy:mitre-enterprise-attack-attack-pattern=\"File and Directory Discovery - T1083\"" ,
"relationship_type" : ""
2023-04-21 13:25:09 +00:00
} ,
{
"colour" : "#0088cc" ,
2023-05-19 09:05:37 +00:00
"local" : "0" ,
"name" : "misp-galaxy:mitre-enterprise-attack-attack-pattern=\"Process Discovery - T1057\"" ,
"relationship_type" : ""
2023-04-21 13:25:09 +00:00
} ,
{
"colour" : "#0088cc" ,
2023-05-19 09:05:37 +00:00
"local" : "0" ,
"name" : "misp-galaxy:mitre-enterprise-attack-attack-pattern=\"System Information Discovery - T1082\"" ,
"relationship_type" : ""
2023-04-21 13:25:09 +00:00
} ,
{
"colour" : "#0088cc" ,
2023-05-19 09:05:37 +00:00
"local" : "0" ,
"name" : "misp-galaxy:mitre-enterprise-attack-attack-pattern=\"System Network Configuration Discovery - T1016\"" ,
"relationship_type" : ""
2023-04-21 13:25:09 +00:00
} ,
{
"colour" : "#0088cc" ,
2023-05-19 09:05:37 +00:00
"local" : "0" ,
"name" : "misp-galaxy:mitre-enterprise-attack-attack-pattern=\"System Network Connections Discovery - T1049\"" ,
"relationship_type" : ""
2023-04-21 13:25:09 +00:00
} ,
{
"colour" : "#0088cc" ,
2023-05-19 09:05:37 +00:00
"local" : "0" ,
"name" : "misp-galaxy:mitre-enterprise-attack-attack-pattern=\"System Time Discovery - T1124\"" ,
"relationship_type" : ""
2023-04-21 13:25:09 +00:00
} ,
{
"colour" : "#0088cc" ,
2023-05-19 09:05:37 +00:00
"local" : "0" ,
"name" : "misp-galaxy:mitre-enterprise-attack-attack-pattern=\"Automated Exfiltration - T1020\"" ,
"relationship_type" : ""
2023-04-21 13:25:09 +00:00
} ,
{
"colour" : "#0088cc" ,
2023-05-19 09:05:37 +00:00
"local" : "0" ,
"name" : "misp-galaxy:mitre-enterprise-attack-attack-pattern=\"Data Encrypted - T1022\"" ,
"relationship_type" : ""
2023-04-21 13:25:09 +00:00
} ,
{
"colour" : "#0088cc" ,
2023-05-19 09:05:37 +00:00
"local" : "0" ,
"name" : "misp-galaxy:mitre-enterprise-attack-attack-pattern=\"Exfiltration Over Command and Control Channel - T1041\"" ,
"relationship_type" : ""
2023-04-21 13:25:09 +00:00
} ,
{
"colour" : "#0088cc" ,
2023-05-19 09:05:37 +00:00
"local" : "0" ,
"name" : "misp-galaxy:mitre-enterprise-attack-attack-pattern=\"Commonly Used Port - T1043\"" ,
"relationship_type" : ""
2023-04-21 13:25:09 +00:00
} ,
{
"colour" : "#0088cc" ,
2023-05-19 09:05:37 +00:00
"local" : "0" ,
"name" : "misp-galaxy:mitre-enterprise-attack-attack-pattern=\"Process Injection - T1055\"" ,
"relationship_type" : ""
2023-04-21 13:25:09 +00:00
} ,
{
"colour" : "#ffffff" ,
2023-05-19 09:05:37 +00:00
"local" : "0" ,
"name" : "tlp:white" ,
"relationship_type" : ""
2023-04-21 13:25:09 +00:00
} ,
{
"colour" : "#004646" ,
2023-05-19 09:05:37 +00:00
"local" : "0" ,
"name" : "type:OSINT" ,
"relationship_type" : ""
2023-04-21 13:25:09 +00:00
} ,
{
"colour" : "#00223b" ,
2023-05-19 09:05:37 +00:00
"local" : "0" ,
"name" : "osint:source-type=\"blog-post\"" ,
"relationship_type" : ""
2023-04-21 13:25:09 +00:00
} ,
{
"colour" : "#0088cc" ,
2023-05-19 09:05:37 +00:00
"local" : "0" ,
"name" : "misp-galaxy:threat-actor=\"Operation Sharpshooter\"" ,
"relationship_type" : ""
2023-04-21 13:25:09 +00:00
}
] ,
"Attribute" : [
{
"category" : "External analysis" ,
"comment" : "" ,
"deleted" : false ,
"disable_correlation" : false ,
"timestamp" : "1544707005" ,
"to_ids" : false ,
"type" : "link" ,
"uuid" : "5c125bbd-4cd4-483a-97d1-64d4950d210f" ,
"value" : "https://securingtomorrow.mcafee.com/other-blogs/mcafee-labs/operation-sharpshooter-targets-global-defense-critical-infrastructure/"
} ,
{
"category" : "External analysis" ,
"comment" : "" ,
"deleted" : false ,
"disable_correlation" : false ,
"timestamp" : "1544707033" ,
"to_ids" : false ,
"type" : "text" ,
"uuid" : "5c125bd9-6bc0-4b84-ba4d-46ef950d210f" ,
"value" : "The McAfee Advanced Threat Research team and McAfee Labs Malware Operations Group have discovered a new global campaign targeting nuclear, defense, energy, and financial companies, based on McAfee\u00c2\u00ae Global Threat Intelligence. This campaign, Operation Sharpshooter, leverages an in-memory implant to download and retrieve a second-stage implant\u00e2\u20ac\u201dwhich we call Rising Sun\u00e2\u20ac\u201dfor further exploitation. According to our analysis, the Rising Sun implant uses source code from the Lazarus Group\u00e2\u20ac\u2122s 2015 backdoor Trojan Duuzer in a new framework to infiltrate these key industries.\r\n\r\nOperation Sharpshooter\u00e2\u20ac\u2122s numerous technical links to the Lazarus Group seem too obvious to immediately draw the conclusion that they are responsible for the attacks, and instead indicate a potential for false flags. Our research focuses on how this actor operates, the global impact, and how to detect the attack. We shall leave attribution to the broader security community."
} ,
{
"category" : "External analysis" ,
"comment" : "Impacted organisations" ,
"data" : " i V B O R w 0 K G g o A A A A N S U h E U g A A B S w A A A M 6 C A Y A A A H 8 s z 3 O A A A A A X N S R 0 I A r s 4 c 6 Q A A A A R n Q U 1 B A A C x j w v 8 Y Q U A A A A J c E h Z c w A A D s Q A A A 7 E A Z U r D h s A A P + l S U R B V H h e 7 J 0 F f B w 39 s f N F D M z M 9 u x w 5 z Y Y W y Y G d o w c 8 N l 5 j Z J k z b p l e H a f / n K v S v 3 r t d r e 2 V u r 70 y 0 73 //LTRWjurXS97dy1/Pl/PrKTRaGY0b56enqQA7S9FY4RC4WWwf6RQeBmqYlrjiy++oI8//pjOOOMMSktLY2G7du2i+Ph4ti/+/fjjj/Tll1/SU089Ra+//jp98MEHdN9999G+ffvo+uuvp7Vr11JsbCwVFRXR3LlzTc6jMENVTGv85z//Ydu33nrLWBkDAwONlZTHJyUlsS3+rrvuOrb/7rvv0jvvvEOffPIJq8wHDhxgFfPVV1+lyspKlkZhEVUxFV6JqpgKr0RVTIVrGbXrLaoeuZtmzJghjbcRVTEVrqW4z2JKLRlAs2bNYo281NRUabp2UBVT4ZWoiqlwLXRGM10+Lo/uuusuaTznzDPPZNvMzEyzOA1VMRWupU9eNJWnRFBwcDD7nZGRwbaRkZEUFRVF6enpFBERQQkJCSwuLCzM5PgTqIqp8EpUxVS4lgceeIBWrFhBEydONAkfN24cPfvssyZhVlAVU+Fapk+fTj169KAhQ4Ywk9GECRPYdsyYMXTSSSdJj5Hg2xUzpaiByobMpPLBM2nW4ddpxlX/Yiy4/mMavfcuiomJoZSUFOrSpQvrNiwoKKDS0lJGVlYW6yKE7oNuRuTHt64iJixIGq5oF++vmIGBhoc777oPjWGj995J846/T3GZxVQ1fCGrjHEZhSwOrbyysjJjBbQVWyol8i0uLqbo6GhpvDN00Srxyl5pRKc1U1p0qDSNL0D/DKBrtwWweyqLtxHvqpjFfSdSxdD5lFbWzH7PPPQa22bV9KMplzxPRX1OotlXv87C0sq7GY/j5OTkMAcLOFzoK5413FHRRGrSImnX4Ez6cHOdNJ6TEBmivSAB9Nn2evpiRwN9v7sr/bqvSZrWWxnSFEC1hYZ9CAl8tUJDQ9lXC18o/qXSH6fDOypmfFYJk3oLbzB463AyKnuy7eA1B6nbrJ1apXyDQsKjKDGvgiq1Clw9colJepHy8nJpJdSDz7vseFfxn231FBdhMJ1wQoPbpHN4SCBtHZjBKqKMb3Y10qjyOFrRM41GVxg8nEBlaqRxn3PtZMNXww9wX8WMCrVNv+Kf6rpxKzQ98d9GPXH49ptYeFRiOk089wm2H5dRRDMPvmpMA8bsv8eYl572PumILykpkR5rC5BuKfHyOM6TSyto/9BskzBUuDtmF9OXOxtoYXMKfadVPn2FtJVf9jZRXnwY/bjHIF3FuA9OSOiCxHCT84scm1JI4ysTpHGOsOS2b6jPknOYbi+LtxHXVMzj2sX9pN0Y8aaIvLmykFWi6Vf+U/s8t1UsfKqx7b3oLJbPhLMepujkbAoOxY0MpJqRS9lnHGnGnfkQSzPjqpeN523ddIzFxaaZSz0YcfUVUQS6ov4YW8hICqB/X6tVyPpZdPKsKFp9y1B2jV9plQwVTEy7ZYDBuAwStc/0LTOKWNqrJuSzSjm8LI7+qlXc/wr3ylOgIr+8uprto+wDCtv9vNpE09QtVNB9JNXW1tLJJ58sTWMDzlfMnYMyaXJtotmFcwbM3MQqj7OgQvect9/k3Lxiz7nmHRYvxukrIoCEFNM4Aj2h5T1kM6Nk8HZWMUetqaNvTm2kkdonl+uEZckRmo5oXRJePCZXGt6RPLigjH7Qyv3L3q5m1+5BnK+Yr6wxvHUyZhx916yC2QsqHz7h2B+z7252zvisUuqjSVmeRl8mYGuF5J97KOiyeBH6RwBNGpZqrJgIQ8XkUhMgTLwHvgb//DvKtofG0LBVNXT22WdL423EsYq5TftEyS4Knye+L+qLjqCXgCC9ogeTjsibh5UOmm6ShiPql7J4eyjJ1irlIwZklRJ8qT1Q8V74AldPLGDbnzXpKIbrr98e8htTKKUglvWBFxYWUlxcHGVnZ9v04gs4LjH5Rdw0vZgeWlhuEjevazLNckJazr32HZP8RHgaXjnnHnvfLI2rCQ81VMoFI9oqZnSqqRQWH6y3gnYAKuEFo3OZmsHLfssMx/RtN+J4xbxjVjFtH9Sm3Ot5c32NSWWzF1megUHBNqd1Bphw0KDTh8M7hlfM/B4LjOHJycnSiuBtiNci0l68PVSNPp0yqsfSsGHDpPE2Yl/FrE4zt51ZAra7WScaJ46Cz7aYpywNENO4goTIYPpW18IGubm5FNbFMCKSA1UB4VAdxEpgD0u6p0vDXclc7SsmllsPT4d9mMH08baSWj6UYjOqmSNHt26GTpC//e1vZunaof2KmRlrf/fYxPOeoOz6gdJKZC9VIwxGdFmcSHbdALNyOMIf2icbW9gX0dLm4cUD1hilpXjeOde+a9RlgVgZ2kM8DmTm5rOt3h5pL/fNL6OUrDwtH7kJb12fdON1iSAuyIlK6UIc/5S3R/OMnSYP0Bnaa0gFh0idTZ2ipTjWaJfcvm2rsVKCxokbTM6PygSJifEt2EeF1lcGNAxzC4tpx+Bs+s/WOqbjZeXkGiulnsMnFdAPu00r1o8nfielZVJxqXUJzfNJzJCbpM4YnmN2za7g1nHxtLg2kpYtW0Z9+vRhY+tl6dppDLmvYrZuPk7Dtt9Erdtv1riFMfTE1pybaX2vJJOHbZGDrxjPkaa10rE19Aa1Gd5dxX3z2iRgXf0AVinLWrbS1EtfpLnHP6bmCeVUPniaSYUSeU0wpcnibaWsvJxKtIooi+MU5aRTdkGxNK5Ue2lmNpmqC/do1/abG/rhG1JDKT8umPWT19XVMTUH3cM8HuXhwyny8/MpKEjaQ+i+ionGkXgj7OHnPY3mFVJj+pUv05FJhVpFbKucIDw6nsYeuNckzBWIZTrtnPOZ8wFMH7i56C1BOCQXfkNi4iHwyoA+eNF8BhAORxOexhaQD4YgYD8vL88s3hFQFvT84BrR0NNftxfgvoopPhBHeGZRvrFC9l55kEbP38IeNCptUHAIzdV0O9l5XQn6uXl5ktPS2UNFBUQc3npUsoqKCuMDh90OcUhzqa5Xh6sFSB8SEsK8bAA/1hJiZQfog0b+YpgIulp5RZaRm26wILy1oZaVJzQ6kW1dxerVq2nQoEE0ePBgaTzn5ZetfuHcUzHFB+Ios65+nZrWXGcidWTncjVXrAugQxsD6OrNAfThpnp2fjEeDxdb+G/iEyV6MYnpOPi8fn1qW/nx6UJaSF6xgmGQFt9HBcdnDhNwWapkOFZ/fiC+KDLwQh2bbOpbUDrnIkrqOtYkzFGgV+I869evpy1bthjnfOK0trayLZ9Y7NdffzWJP4H3VkyRqXWufautgZuKyskR47KyDQ0GfF4hyViYJvUwSRZsmZBm2CIPLlmRDiMCeUVEGD7JqHRIJ0pEribwSsobU86CSo4temGwRRlEItP9yMBuCegussrlKLJzuJOysraKefla0zjRy527y/HKBkdYsTLoGVQYTcdGtnnw6ONR2UUJqpeEjsIbGhyubuhJaZ4gDbeXG3YF0PwRAXThhRey38eOHTNLYwOur5iLml3XC/L+JuccChwBfbyolEe3mIbDvAFJxvfFOIBKi88WdDxUCFQyAIkISdoztwsdHhZL142KY+lvHRvHfl/eEmOsREiPCo889J96Z4B0RkXnZUUY3weZAxdT6dyLTcIcpWup9kXJaBtPjnvG7xfUjCVLLDt3C3j3p/zgBPd6l1sCFQKSRv+A9Q9UBJ9rvo9PNbb6Y1ERZTTnGj6xelAOjAFCpZfF2wMvG0C+2IZ0SaDSeZdSaveJFJ5o6szcwbinYoL2fBGtIfa4eBrZQxWxZygG0ouf5FMaIqUVszpbqyAn0gCua/5jRSWt65NGXWJiTeIdxax8cy8xC3OWylOOU3r/uTRggOWeOD7RrRXcVzFTo0NZJcPAqi+17f/NKTGrgJaQ5ecJ8MmVPVCO+GnlUodXvA821dBzyyvp4YVl9F/tmp
"deleted" : false ,
"disable_correlation" : false ,
"timestamp" : "1544708438" ,
"to_ids" : false ,
"type" : "attachment" ,
"uuid" : "5c126156-a2b8-4a54-8f69-4194950d210f" ,
"value" : "20181210-Sharpshooter-1.png"
} ,
{
"category" : "Network activity" ,
"comment" : "Control servers" ,
"deleted" : false ,
"disable_correlation" : false ,
"timestamp" : "1544710936" ,
"to_ids" : true ,
"type" : "url" ,
"uuid" : "5c126b18-c97c-4e7d-83cb-a888950d210f" ,
"value" : "34.214.99.20/view_style.php"
} ,
{
"category" : "Network activity" ,
"comment" : "Control servers" ,
"deleted" : false ,
"disable_correlation" : false ,
"timestamp" : "1544710937" ,
"to_ids" : true ,
"type" : "url" ,
"uuid" : "5c126b19-e450-4088-8f8f-a888950d210f" ,
"value" : "137.74.41.56/board.php"
} ,
{
"category" : "Network activity" ,
"comment" : "Control servers" ,
"deleted" : false ,
"disable_correlation" : false ,
"timestamp" : "1544710937" ,
"to_ids" : true ,
"type" : "url" ,
"uuid" : "5c126b19-142c-4031-9abe-a888950d210f" ,
"value" : "kingkoil.com.sg/board.php"
} ,
{
"category" : "Network activity" ,
"comment" : "Document URLs" ,
"deleted" : false ,
"disable_correlation" : false ,
"timestamp" : "1544711492" ,
"to_ids" : true ,
"type" : "url" ,
"uuid" : "5c126d44-d118-499a-bd9e-4461950d210f" ,
"value" : "http://208.117.44.112/document/Strategic Planning Manager.doc"
} ,
{
"category" : "Network activity" ,
"comment" : "Document URLs" ,
"deleted" : false ,
"disable_correlation" : false ,
"timestamp" : "1544711492" ,
"to_ids" : true ,
"type" : "url" ,
"uuid" : "5c126d44-be2c-4844-8cba-4967950d210f" ,
"value" : "http://208.117.44.112/document/Business Intelligence Administrator.doc"
} ,
{
"category" : "Network activity" ,
"comment" : "Document URLs" ,
"deleted" : false ,
"disable_correlation" : false ,
"timestamp" : "1544711492" ,
"to_ids" : true ,
"type" : "url" ,
"uuid" : "5c126d44-6b94-4c6d-8529-472d950d210f" ,
"value" : "http://www.dropbox.com/s/2shp23ogs113hnd/Customer Service Representative.doc?dl=1"
} ,
{
"category" : "Network activity" ,
"comment" : "Control servers" ,
"deleted" : false ,
"disable_correlation" : false ,
"timestamp" : "1544711781" ,
"to_ids" : true ,
"type" : "url" ,
"uuid" : "5c126e65-7fac-4f8f-9baf-a990950d210f" ,
"value" : "kingkoil.com.sg/query.php"
}
] ,
"Object" : [
{
"comment" : "" ,
"deleted" : false ,
"description" : "File object describing a file with meta-information" ,
"meta-category" : "file" ,
"name" : "file" ,
"template_uuid" : "688c46fb-5edb-40a3-8273-1af7923e2215" ,
"template_version" : "15" ,
"timestamp" : "1544710002" ,
"uuid" : "5c126772-3754-43c8-b207-a987950d210f" ,
"Attribute" : [
{
"category" : "Payload delivery" ,
"comment" : "" ,
"deleted" : false ,
"disable_correlation" : false ,
"object_relation" : "sha1" ,
"timestamp" : "1544710002" ,
"to_ids" : true ,
"type" : "sha1" ,
"uuid" : "5c126772-9058-4f3a-8268-a987950d210f" ,
"value" : "8106a30bd35526bded384627d8eebce15da35d17"
} ,
{
"category" : "Other" ,
"comment" : "" ,
"deleted" : false ,
"disable_correlation" : true ,
"object_relation" : "state" ,
"timestamp" : "1544710003" ,
"to_ids" : false ,
"type" : "text" ,
"uuid" : "5c126773-aca0-4b60-8f8f-a987950d210f" ,
"value" : "Malicious"
}
]
} ,
{
"comment" : "" ,
"deleted" : false ,
"description" : "File object describing a file with meta-information" ,
"meta-category" : "file" ,
"name" : "file" ,
"template_uuid" : "688c46fb-5edb-40a3-8273-1af7923e2215" ,
"template_version" : "15" ,
"timestamp" : "1544710028" ,
"uuid" : "5c12678c-09d8-44f1-9577-4e00950d210f" ,
"Attribute" : [
{
"category" : "Payload delivery" ,
"comment" : "" ,
"deleted" : false ,
"disable_correlation" : false ,
"object_relation" : "sha1" ,
"timestamp" : "1544710028" ,
"to_ids" : true ,
"type" : "sha1" ,
"uuid" : "5c12678c-257c-4995-a582-4b9e950d210f" ,
"value" : "31e79093d452426247a56ca0eff860b0ecc86009"
} ,
{
"category" : "Other" ,
"comment" : "" ,
"deleted" : false ,
"disable_correlation" : true ,
"object_relation" : "state" ,
"timestamp" : "1544710029" ,
"to_ids" : false ,
"type" : "text" ,
"uuid" : "5c12678d-6f1c-4ca5-9b5b-4cc8950d210f" ,
"value" : "Malicious"
}
]
} ,
{
"comment" : "" ,
"deleted" : false ,
"description" : "File object describing a file with meta-information" ,
"meta-category" : "file" ,
"name" : "file" ,
"template_uuid" : "688c46fb-5edb-40a3-8273-1af7923e2215" ,
"template_version" : "15" ,
"timestamp" : "1544710046" ,
"uuid" : "5c12679e-ce18-4784-b08d-4edb950d210f" ,
"Attribute" : [
{
"category" : "Payload delivery" ,
"comment" : "" ,
"deleted" : false ,
"disable_correlation" : false ,
"object_relation" : "sha1" ,
"timestamp" : "1544710047" ,
"to_ids" : true ,
"type" : "sha1" ,
"uuid" : "5c12679f-1350-48c4-ab45-4e79950d210f" ,
"value" : "9b0f22e129c73ce4c21be4122182f6dcbc351c95"
} ,
{
"category" : "Other" ,
"comment" : "" ,
"deleted" : false ,
"disable_correlation" : true ,
"object_relation" : "state" ,
"timestamp" : "1544710047" ,
"to_ids" : false ,
"type" : "text" ,
"uuid" : "5c12679f-1958-48de-b38a-4d99950d210f" ,
"value" : "Malicious"
}
]
} ,
{
"comment" : "" ,
"deleted" : false ,
"description" : "File object describing a file with meta-information" ,
"meta-category" : "file" ,
"name" : "file" ,
"template_uuid" : "688c46fb-5edb-40a3-8273-1af7923e2215" ,
"template_version" : "15" ,
"timestamp" : "1544710063" ,
"uuid" : "5c1267af-ceb0-43dc-bc4e-abe5950d210f" ,
"Attribute" : [
{
"category" : "Payload delivery" ,
"comment" : "" ,
"deleted" : false ,
"disable_correlation" : false ,
"object_relation" : "sha1" ,
"timestamp" : "1544710063" ,
"to_ids" : true ,
"type" : "sha1" ,
"uuid" : "5c1267af-8690-4015-80da-abe5950d210f" ,
"value" : "668b0df94c6d12ae86711ce24ce79dbe0ee2d463"
} ,
{
"category" : "Other" ,
"comment" : "" ,
"deleted" : false ,
"disable_correlation" : true ,
"object_relation" : "state" ,
"timestamp" : "1544710063" ,
"to_ids" : false ,
"type" : "text" ,
"uuid" : "5c1267af-4510-4064-b08f-abe5950d210f" ,
"value" : "Malicious"
}
]
} ,
{
"comment" : "" ,
"deleted" : false ,
"description" : "File object describing a file with meta-information" ,
"meta-category" : "file" ,
"name" : "file" ,
"template_uuid" : "688c46fb-5edb-40a3-8273-1af7923e2215" ,
"template_version" : "15" ,
"timestamp" : "1544710080" ,
"uuid" : "5c1267c0-6b40-4204-8386-a9b9950d210f" ,
"Attribute" : [
{
"category" : "Payload delivery" ,
"comment" : "" ,
"deleted" : false ,
"disable_correlation" : false ,
"object_relation" : "sha1" ,
"timestamp" : "1544710080" ,
"to_ids" : true ,
"type" : "sha1" ,
"uuid" : "5c1267c0-17a4-438b-92cf-a9b9950d210f" ,
"value" : "66776c50bcc79bbcecdbe99960e6ee39c8a31181"
} ,
{
"category" : "Other" ,
"comment" : "" ,
"deleted" : false ,
"disable_correlation" : true ,
"object_relation" : "state" ,
"timestamp" : "1544710080" ,
"to_ids" : false ,
"type" : "text" ,
"uuid" : "5c1267c0-6600-4221-aa0f-a9b9950d210f" ,
"value" : "Malicious"
}
]
} ,
{
"comment" : "" ,
"deleted" : false ,
"description" : "File object describing a file with meta-information" ,
"meta-category" : "file" ,
"name" : "file" ,
"template_uuid" : "688c46fb-5edb-40a3-8273-1af7923e2215" ,
"template_version" : "11" ,
"timestamp" : "1544733562" ,
"uuid" : "01b4e240-92ee-4abd-9dc7-e651a9c56369" ,
"Attribute" : [
{
"category" : "Payload delivery" ,
"comment" : "" ,
"deleted" : false ,
"disable_correlation" : false ,
"object_relation" : "md5" ,
"timestamp" : "1544733563" ,
"to_ids" : true ,
"type" : "md5" ,
"uuid" : "ded4acde-c1e3-47ec-b127-854d02cb9731" ,
"value" : "a82cdb9f5bffcb24708e66eb52cce2af"
} ,
{
"category" : "Payload delivery" ,
"comment" : "" ,
"deleted" : false ,
"disable_correlation" : false ,
"object_relation" : "sha1" ,
"timestamp" : "1544733563" ,
"to_ids" : true ,
"type" : "sha1" ,
"uuid" : "b44b8be9-25e7-43ea-97da-fb1dc0b83d71" ,
"value" : "8106a30bd35526bded384627d8eebce15da35d17"
} ,
{
"category" : "Payload delivery" ,
"comment" : "" ,
"deleted" : false ,
"disable_correlation" : false ,
"object_relation" : "sha256" ,
"timestamp" : "1544733563" ,
"to_ids" : true ,
"type" : "sha256" ,
"uuid" : "24dce754-8a69-48b2-8458-4d0b01ba55a8" ,
"value" : "4135f92055dba1fedafe70a8e094623889a2a53f173a8913b016667e5bc7d264"
}
]
} ,
{
"comment" : "" ,
"deleted" : false ,
"description" : "VirusTotal report" ,
"meta-category" : "misc" ,
"name" : "virustotal-report" ,
"template_uuid" : "d7dd0154-e04f-4c34-a2fb-79f3a3a52aa4" ,
"template_version" : "2" ,
"timestamp" : "1544733564" ,
"uuid" : "4ac47589-4bd9-4247-95ce-5350273ed603" ,
"Attribute" : [
{
"category" : "Other" ,
"comment" : "" ,
"deleted" : false ,
"disable_correlation" : false ,
"object_relation" : "last-submission" ,
"timestamp" : "1544733564" ,
"to_ids" : false ,
"type" : "datetime" ,
"uuid" : "da335c3b-b482-436b-8e20-fab2fcc54513" ,
"value" : "2018-12-13T19:12:29"
} ,
{
"category" : "External analysis" ,
"comment" : "" ,
"deleted" : false ,
"disable_correlation" : false ,
"object_relation" : "permalink" ,
"timestamp" : "1544733564" ,
"to_ids" : false ,
"type" : "link" ,
"uuid" : "2fe77aa9-c3f3-4300-8991-2b6e9f92ec77" ,
"value" : "https://www.virustotal.com/file/4135f92055dba1fedafe70a8e094623889a2a53f173a8913b016667e5bc7d264/analysis/1544728349/"
} ,
{
"category" : "Other" ,
"comment" : "" ,
"deleted" : false ,
"disable_correlation" : true ,
"object_relation" : "detection-ratio" ,
"timestamp" : "1544733565" ,
"to_ids" : false ,
"type" : "text" ,
"uuid" : "2097472e-75fe-4683-a088-82f9bb0977fa" ,
"value" : "35/60"
}
]
} ,
{
"comment" : "" ,
"deleted" : false ,
"description" : "File object describing a file with meta-information" ,
"meta-category" : "file" ,
"name" : "file" ,
"template_uuid" : "688c46fb-5edb-40a3-8273-1af7923e2215" ,
"template_version" : "11" ,
"timestamp" : "1544733565" ,
"uuid" : "ed7d8444-7cfb-4c9a-a436-041beb725059" ,
"Attribute" : [
{
"category" : "Payload delivery" ,
"comment" : "" ,
"deleted" : false ,
"disable_correlation" : false ,
"object_relation" : "md5" ,
"timestamp" : "1544733565" ,
"to_ids" : true ,
"type" : "md5" ,
"uuid" : "4982c337-0a69-46e0-942e-4ca813885b00" ,
"value" : "2e17b048c7e317da9024a86d9439c74b"
} ,
{
"category" : "Payload delivery" ,
"comment" : "" ,
"deleted" : false ,
"disable_correlation" : false ,
"object_relation" : "sha1" ,
"timestamp" : "1544733566" ,
"to_ids" : true ,
"type" : "sha1" ,
"uuid" : "d98f401b-8648-43bf-9951-baf27fc43358" ,
"value" : "31e79093d452426247a56ca0eff860b0ecc86009"
} ,
{
"category" : "Payload delivery" ,
"comment" : "" ,
"deleted" : false ,
"disable_correlation" : false ,
"object_relation" : "sha256" ,
"timestamp" : "1544733566" ,
"to_ids" : true ,
"type" : "sha256" ,
"uuid" : "aea27a9c-f75f-44a7-a4b0-471bea1920ce" ,
"value" : "37b04dcdcfdcaa885df0f392524db7ae7b73806ad8a8e76fbc6a2df4db064e71"
}
]
} ,
{
"comment" : "" ,
"deleted" : false ,
"description" : "VirusTotal report" ,
"meta-category" : "misc" ,
"name" : "virustotal-report" ,
"template_uuid" : "d7dd0154-e04f-4c34-a2fb-79f3a3a52aa4" ,
"template_version" : "2" ,
"timestamp" : "1544733566" ,
"uuid" : "53d6207d-b0b8-48d1-90c5-f9134729de63" ,
"Attribute" : [
{
"category" : "Other" ,
"comment" : "" ,
"deleted" : false ,
"disable_correlation" : false ,
"object_relation" : "last-submission" ,
"timestamp" : "1544733567" ,
"to_ids" : false ,
"type" : "datetime" ,
"uuid" : "7550d696-ca00-4938-8624-eabfa3d242d9" ,
"value" : "2018-12-13T19:12:25"
} ,
{
"category" : "External analysis" ,
"comment" : "" ,
"deleted" : false ,
"disable_correlation" : false ,
"object_relation" : "permalink" ,
"timestamp" : "1544733567" ,
"to_ids" : false ,
"type" : "link" ,
"uuid" : "b7eb41fe-1ac2-45e7-b51c-7a35ea75b6c7" ,
"value" : "https://www.virustotal.com/file/37b04dcdcfdcaa885df0f392524db7ae7b73806ad8a8e76fbc6a2df4db064e71/analysis/1544728345/"
} ,
{
"category" : "Other" ,
"comment" : "" ,
"deleted" : false ,
"disable_correlation" : true ,
"object_relation" : "detection-ratio" ,
"timestamp" : "1544733567" ,
"to_ids" : false ,
"type" : "text" ,
"uuid" : "ba73dcb4-0807-423f-956b-4337f0ae984d" ,
"value" : "37/70"
}
]
} ,
{
"comment" : "" ,
"deleted" : false ,
"description" : "File object describing a file with meta-information" ,
"meta-category" : "file" ,
"name" : "file" ,
"template_uuid" : "688c46fb-5edb-40a3-8273-1af7923e2215" ,
"template_version" : "11" ,
"timestamp" : "1544733568" ,
"uuid" : "cb7c776c-3e25-4929-b398-0ce77563fa7f" ,
"Attribute" : [
{
"category" : "Payload delivery" ,
"comment" : "" ,
"deleted" : false ,
"disable_correlation" : false ,
"object_relation" : "md5" ,
"timestamp" : "1544733568" ,
"to_ids" : true ,
"type" : "md5" ,
"uuid" : "57afdfa6-c0d8-42f8-a126-de844ecf402a" ,
"value" : "20594c33c2d59544a3e8ef5b7a547e71"
} ,
{
"category" : "Payload delivery" ,
"comment" : "" ,
"deleted" : false ,
"disable_correlation" : false ,
"object_relation" : "sha1" ,
"timestamp" : "1544733568" ,
"to_ids" : true ,
"type" : "sha1" ,
"uuid" : "86bf7e16-ef34-4f28-8f51-d170c865f8df" ,
"value" : "66776c50bcc79bbcecdbe99960e6ee39c8a31181"
} ,
{
"category" : "Payload delivery" ,
"comment" : "" ,
"deleted" : false ,
"disable_correlation" : false ,
"object_relation" : "sha256" ,
"timestamp" : "1544733569" ,
"to_ids" : true ,
"type" : "sha256" ,
"uuid" : "e8e60ee2-c4c5-4be9-9afc-8a3787214d66" ,
"value" : "876886c8963e4f46e52de9a243f2225a632a06817811e325a8cd63c2defbea03"
}
]
} ,
{
"comment" : "" ,
"deleted" : false ,
"description" : "VirusTotal report" ,
"meta-category" : "misc" ,
"name" : "virustotal-report" ,
"template_uuid" : "d7dd0154-e04f-4c34-a2fb-79f3a3a52aa4" ,
"template_version" : "2" ,
"timestamp" : "1544733569" ,
"uuid" : "32186bb1-e22d-4822-a776-a0950c0f79f8" ,
"Attribute" : [
{
"category" : "Other" ,
"comment" : "" ,
"deleted" : false ,
"disable_correlation" : false ,
"object_relation" : "last-submission" ,
"timestamp" : "1544733569" ,
"to_ids" : false ,
"type" : "datetime" ,
"uuid" : "e2c39223-070f-4a0c-9625-3693f08c6832" ,
"value" : "2018-12-13T19:13:07"
} ,
{
"category" : "External analysis" ,
"comment" : "" ,
"deleted" : false ,
"disable_correlation" : false ,
"object_relation" : "permalink" ,
"timestamp" : "1544733570" ,
"to_ids" : false ,
"type" : "link" ,
"uuid" : "d5033847-94c7-424b-952e-3c257464bb87" ,
"value" : "https://www.virustotal.com/file/876886c8963e4f46e52de9a243f2225a632a06817811e325a8cd63c2defbea03/analysis/1544728387/"
} ,
{
"category" : "Other" ,
"comment" : "" ,
"deleted" : false ,
"disable_correlation" : true ,
"object_relation" : "detection-ratio" ,
"timestamp" : "1544733570" ,
"to_ids" : false ,
"type" : "text" ,
"uuid" : "7fc077d6-0d98-4c82-b55c-3c3dc3404f86" ,
"value" : "36/60"
}
]
} ,
{
"comment" : "" ,
"deleted" : false ,
"description" : "File object describing a file with meta-information" ,
"meta-category" : "file" ,
"name" : "file" ,
"template_uuid" : "688c46fb-5edb-40a3-8273-1af7923e2215" ,
"template_version" : "11" ,
"timestamp" : "1544733570" ,
"uuid" : "c9ea439c-5d53-4ec3-92bf-c8117af4c85c" ,
"Attribute" : [
{
"category" : "Payload delivery" ,
"comment" : "" ,
"deleted" : false ,
"disable_correlation" : false ,
"object_relation" : "md5" ,
"timestamp" : "1544733570" ,
"to_ids" : true ,
"type" : "md5" ,
"uuid" : "ff4a7cf8-08de-4f6c-b0cc-d0334418d1b0" ,
"value" : "f3bd9e1c01f2145eb475a98c87f94a25"
} ,
{
"category" : "Payload delivery" ,
"comment" : "" ,
"deleted" : false ,
"disable_correlation" : false ,
"object_relation" : "sha1" ,
"timestamp" : "1544733571" ,
"to_ids" : true ,
"type" : "sha1" ,
"uuid" : "37d15a3b-6c02-409f-b19e-4d6f0b432c64" ,
"value" : "9b0f22e129c73ce4c21be4122182f6dcbc351c95"
} ,
{
"category" : "Payload delivery" ,
"comment" : "" ,
"deleted" : false ,
"disable_correlation" : false ,
"object_relation" : "sha256" ,
"timestamp" : "1544733571" ,
"to_ids" : true ,
"type" : "sha256" ,
"uuid" : "078e505c-87ed-4ff0-a1c3-eb48ecb3449c" ,
"value" : "88a5287b6e9879e79240660408e2e868d9d332e3c37c753a05a40b87f1549646"
}
]
} ,
{
"comment" : "" ,
"deleted" : false ,
"description" : "VirusTotal report" ,
"meta-category" : "misc" ,
"name" : "virustotal-report" ,
"template_uuid" : "d7dd0154-e04f-4c34-a2fb-79f3a3a52aa4" ,
"template_version" : "2" ,
"timestamp" : "1544733572" ,
"uuid" : "bd24b025-5401-4279-8325-8152c67f94f8" ,
"Attribute" : [
{
"category" : "Other" ,
"comment" : "" ,
"deleted" : false ,
"disable_correlation" : false ,
"object_relation" : "last-submission" ,
"timestamp" : "1544733572" ,
"to_ids" : false ,
"type" : "datetime" ,
"uuid" : "8b7b7fd9-ffa8-429e-87a1-707f07448a86" ,
"value" : "2018-12-13T19:13:09"
} ,
{
"category" : "External analysis" ,
"comment" : "" ,
"deleted" : false ,
"disable_correlation" : false ,
"object_relation" : "permalink" ,
"timestamp" : "1544733572" ,
"to_ids" : false ,
"type" : "link" ,
"uuid" : "4963e282-7e10-406d-acf6-65c59626cf2f" ,
"value" : "https://www.virustotal.com/file/88a5287b6e9879e79240660408e2e868d9d332e3c37c753a05a40b87f1549646/analysis/1544728389/"
} ,
{
"category" : "Other" ,
"comment" : "" ,
"deleted" : false ,
"disable_correlation" : true ,
"object_relation" : "detection-ratio" ,
"timestamp" : "1544733573" ,
"to_ids" : false ,
"type" : "text" ,
"uuid" : "80862ebc-3c21-45a0-b8b9-47f8df1ba5f3" ,
"value" : "37/68"
}
]
} ,
{
"comment" : "" ,
"deleted" : false ,
"description" : "File object describing a file with meta-information" ,
"meta-category" : "file" ,
"name" : "file" ,
"template_uuid" : "688c46fb-5edb-40a3-8273-1af7923e2215" ,
"template_version" : "11" ,
"timestamp" : "1544733573" ,
"uuid" : "a52369be-f657-4192-a4dc-bed0d0e14079" ,
"Attribute" : [
{
"category" : "Payload delivery" ,
"comment" : "" ,
"deleted" : false ,
"disable_correlation" : false ,
"object_relation" : "md5" ,
"timestamp" : "1544733573" ,
"to_ids" : true ,
"type" : "md5" ,
"uuid" : "18ae9ce7-4670-4f32-bdbd-214b95d2ed45" ,
"value" : "fa27a81d0109653e67019f387bad2494"
} ,
{
"category" : "Payload delivery" ,
"comment" : "" ,
"deleted" : false ,
"disable_correlation" : false ,
"object_relation" : "sha1" ,
"timestamp" : "1544733573" ,
"to_ids" : true ,
"type" : "sha1" ,
"uuid" : "9f226fed-8fb5-4ea7-97a9-40eb7a7dd842" ,
"value" : "668b0df94c6d12ae86711ce24ce79dbe0ee2d463"
} ,
{
"category" : "Payload delivery" ,
"comment" : "" ,
"deleted" : false ,
"disable_correlation" : false ,
"object_relation" : "sha256" ,
"timestamp" : "1544733574" ,
"to_ids" : true ,
"type" : "sha256" ,
"uuid" : "49c7a8f0-a48a-497a-94ee-6f1292a128c4" ,
"value" : "f5d561e80808f32402321ba76cae6b93f8141d152796efacfdae08e94b5b1b11"
}
]
} ,
{
"comment" : "" ,
"deleted" : false ,
"description" : "VirusTotal report" ,
"meta-category" : "misc" ,
"name" : "virustotal-report" ,
"template_uuid" : "d7dd0154-e04f-4c34-a2fb-79f3a3a52aa4" ,
"template_version" : "2" ,
"timestamp" : "1544733574" ,
"uuid" : "953c11fd-3bc6-44ae-98de-8d091f84f732" ,
"Attribute" : [
{
"category" : "Other" ,
"comment" : "" ,
"deleted" : false ,
"disable_correlation" : false ,
"object_relation" : "last-submission" ,
"timestamp" : "1544733574" ,
"to_ids" : false ,
"type" : "datetime" ,
"uuid" : "69bd825c-7d76-474a-92f7-976cfbf8fddf" ,
"value" : "2018-12-13T19:14:06"
} ,
{
"category" : "External analysis" ,
"comment" : "" ,
"deleted" : false ,
"disable_correlation" : false ,
"object_relation" : "permalink" ,
"timestamp" : "1544733575" ,
"to_ids" : false ,
"type" : "link" ,
"uuid" : "3ff05754-f3f2-40f0-b8a7-fc7756abc603" ,
"value" : "https://www.virustotal.com/file/f5d561e80808f32402321ba76cae6b93f8141d152796efacfdae08e94b5b1b11/analysis/1544728446/"
} ,
{
"category" : "Other" ,
"comment" : "" ,
"deleted" : false ,
"disable_correlation" : true ,
"object_relation" : "detection-ratio" ,
"timestamp" : "1544733575" ,
"to_ids" : false ,
"type" : "text" ,
"uuid" : "bd15cc1f-3d97-42cc-a6e2-06b725553164" ,
"value" : "36/59"
}
]
}
]
}
}