misp-circl-feed/feeds/circl/misp/5c481c61-a718-4051-aacf-4f19950d210f.json

1851 lines
62 KiB
JSON
Raw Normal View History

2023-04-21 13:25:09 +00:00
{
"Event": {
"analysis": "2",
"date": "2019-01-18",
"extends_uuid": "",
"info": "OSINT - DarkHydrus delivers new Trojan that can use Google Drive for C2 communications",
"publish_timestamp": "1566552968",
"published": true,
"threat_level_id": "3",
"timestamp": "1566552967",
"uuid": "5c481c61-a718-4051-aacf-4f19950d210f",
"Orgc": {
"name": "CIRCL",
"uuid": "55f6ea5e-2c60-40e5-964f-47a8950d210f"
},
"Tag": [
{
"colour": "#0088cc",
2023-05-19 09:05:37 +00:00
"local": "0",
"name": "misp-galaxy:mitre-intrusion-set=\"DarkHydrus - G0079\"",
"relationship_type": ""
2023-04-21 13:25:09 +00:00
},
{
"colour": "#0088cc",
2023-05-19 09:05:37 +00:00
"local": "0",
"name": "misp-galaxy:threat-actor=\"DarkHydrus\"",
"relationship_type": ""
2023-04-21 13:25:09 +00:00
},
{
"colour": "#004646",
2023-05-19 09:05:37 +00:00
"local": "0",
"name": "type:OSINT",
"relationship_type": ""
2023-04-21 13:25:09 +00:00
},
{
"colour": "#0071c3",
2023-05-19 09:05:37 +00:00
"local": "0",
"name": "osint:lifetime=\"perpetual\"",
"relationship_type": ""
2023-04-21 13:25:09 +00:00
},
{
"colour": "#0087e8",
2023-05-19 09:05:37 +00:00
"local": "0",
"name": "osint:certainty=\"50\"",
"relationship_type": ""
2023-04-21 13:25:09 +00:00
},
{
"colour": "#ffffff",
2023-05-19 09:05:37 +00:00
"local": "0",
"name": "tlp:white",
"relationship_type": ""
2023-04-21 13:25:09 +00:00
},
{
"colour": "#004f4f",
2023-05-19 09:05:37 +00:00
"local": "0",
"name": "ecsirt:malicious-code=\"trojan\"",
"relationship_type": ""
2023-04-21 13:25:09 +00:00
},
{
"colour": "#0088cc",
2023-05-19 09:05:37 +00:00
"local": "0",
"name": "misp-galaxy:malpedia=\"RogueRobin\"",
"relationship_type": ""
2023-04-21 13:25:09 +00:00
},
{
"colour": "#0088cc",
2023-05-19 09:05:37 +00:00
"local": "0",
"name": "misp-galaxy:mitre-malware=\"RogueRobin - S0270\"",
"relationship_type": ""
2023-04-21 13:25:09 +00:00
},
{
"colour": "#3b0020",
2023-05-19 09:05:37 +00:00
"local": "0",
"name": "workflow:todo=\"expansion\"",
"relationship_type": ""
2023-04-21 13:25:09 +00:00
}
],
"Attribute": [
{
"category": "External analysis",
"comment": "",
"deleted": false,
"disable_correlation": false,
"timestamp": "1548230884",
"to_ids": false,
"type": "text",
"uuid": "5c481e62-1938-485c-8568-4f7a950d210f",
"value": "In the summer of 2018, Unit 42 released reporting regarding activity in the Middle East surrounding a cluster of activity using similar tactics, tools, and procedures (TTPs) in which we named the adversary group DarkHydrus. This group was observed using tactics such as registering typosquatting domains for security or technology vendors, abusing open-source penetration testing tools, and leveraging novel file types as anti-analysis techniques.\r\n\r\nSince that initial reporting, we had not observed new activity from DarkHydrus until recently, when 360TIC published a tweet and subsequent research discussing delivery documents that appeared to be attributed to DarkHydrus. In the process of analyzing the delivery documents, we were able to collect additional associated samples, uncover additional functionality of the payloads including the use of Google Drive API, and confirm the strong likelihood of attribution to DarkHydrus. We have notified Google of our findings.",
"Tag": [
{
"colour": "#00223b",
2023-05-19 09:05:37 +00:00
"local": "0",
"name": "osint:source-type=\"blog-post\"",
"relationship_type": ""
2023-04-21 13:25:09 +00:00
}
]
},
{
"category": "External analysis",
"comment": "",
"deleted": false,
"disable_correlation": false,
"timestamp": "1548230883",
"to_ids": false,
"type": "link",
"uuid": "5c481e72-4c40-47cf-97bf-46d6950d210f",
"value": "https://unit42.paloaltonetworks.com/darkhydrus-delivers-new-trojan-that-can-use-google-drive-for-c2-communications/",
"Tag": [
{
"colour": "#00223b",
2023-05-19 09:05:37 +00:00
"local": "0",
"name": "osint:source-type=\"blog-post\"",
"relationship_type": ""
2023-04-21 13:25:09 +00:00
}
]
},
{
"category": "Network activity",
"comment": "Related Domains",
"deleted": false,
"disable_correlation": false,
"timestamp": "1548235119",
"to_ids": true,
"type": "domain",
"uuid": "5c48316f-f314-4da1-834a-4f6c950d210f",
"value": "iecvlist-microsoft.live"
},
{
"category": "Network activity",
"comment": "Related Domains",
"deleted": false,
"disable_correlation": false,
"timestamp": "1548235120",
"to_ids": true,
"type": "domain",
"uuid": "5c483170-9c94-4ebc-9686-4c7e950d210f",
"value": "data-microsoft.services"
},
{
"category": "Network activity",
"comment": "Related Domains",
"deleted": false,
"disable_correlation": false,
"timestamp": "1548235120",
"to_ids": true,
"type": "domain",
"uuid": "5c483170-35e0-4e23-aaf8-4098950d210f",
"value": "asimov-win-microsoft.services"
},
{
"category": "Network activity",
"comment": "Related Domains",
"deleted": false,
"disable_correlation": false,
"timestamp": "1548235122",
"to_ids": true,
"type": "domain",
"uuid": "5c483172-aedc-49b2-9bf1-4440950d210f",
"value": "onecs-live.services"
},
{
"category": "Network activity",
"comment": "Related Domains",
"deleted": false,
"disable_correlation": false,
"timestamp": "1548235122",
"to_ids": true,
"type": "domain",
"uuid": "5c483172-81f8-4d83-a3ee-40fc950d210f",
"value": "akamaiedge.services"
},
{
"category": "Network activity",
"comment": "Related Domains",
"deleted": false,
"disable_correlation": false,
"timestamp": "1548235123",
"to_ids": true,
"type": "domain",
"uuid": "5c483173-587c-452a-93c5-4617950d210f",
"value": "phicdn.world"
},
{
"category": "Network activity",
"comment": "Related Domains",
"deleted": false,
"disable_correlation": false,
"timestamp": "1548235123",
"to_ids": true,
"type": "domain",
"uuid": "5c483173-f400-4801-aca2-411d950d210f",
"value": "azureedge.today"
},
{
"category": "Network activity",
"comment": "Related Domains",
"deleted": false,
"disable_correlation": false,
"timestamp": "1548235124",
"to_ids": true,
"type": "domain",
"uuid": "5c483174-a6c4-45e1-baa0-44f3950d210f",
"value": "nsatc.agency"
},
{
"category": "Network activity",
"comment": "Related Domains",
"deleted": false,
"disable_correlation": false,
"timestamp": "1548235124",
"to_ids": true,
"type": "domain",
"uuid": "5c483174-7744-4ebf-9483-405a950d210f",
"value": "akamai.agency"
},
{
"category": "Network activity",
"comment": "Related Domains",
"deleted": false,
"disable_correlation": false,
"timestamp": "1548235125",
"to_ids": true,
"type": "domain",
"uuid": "5c483175-aa8c-4bae-b758-477f950d210f",
"value": "t-msedge.world"
},
{
"category": "Network activity",
"comment": "Nameservers",
"deleted": false,
"disable_correlation": false,
"timestamp": "1548235356",
"to_ids": true,
"type": "hostname",
"uuid": "5c48325c-9fe8-4617-b287-4f66950d210f",
"value": "tvs1.trafficmanager.live"
},
{
"category": "Network activity",
"comment": "Nameservers",
"deleted": false,
"disable_correlation": false,
"timestamp": "1548235357",
"to_ids": true,
"type": "hostname",
"uuid": "5c48325d-9d64-4b8d-bf8a-4f27950d210f",
"value": "tvs2.trafficmanager.live"
},
{
"category": "Network activity",
"comment": "Nameservers",
"deleted": false,
"disable_correlation": false,
"timestamp": "1548235358",
"to_ids": true,
"type": "hostname",
"uuid": "5c48325e-9d04-4346-8104-4cc0950d210f",
"value": "tbs1.microsoftonline.services"
},
{
"category": "Network activity",
"comment": "Nameservers",
"deleted": false,
"disable_correlation": false,
"timestamp": "1548235358",
"to_ids": true,
"type": "hostname",
"uuid": "5c48325e-0934-44e0-9ad9-477a950d210f",
"value": "tbs2.microsoftonline.services"
},
{
"category": "Network activity",
"comment": "Nameservers",
"deleted": false,
"disable_correlation": false,
"timestamp": "1548235359",
"to_ids": true,
"type": "hostname",
"uuid": "5c48325f-6798-444c-ad46-47df950d210f",
"value": "brit.ns.cloudfronts.services"
},
{
"category": "Network activity",
"comment": "Nameservers",
"deleted": false,
"disable_correlation": false,
"timestamp": "1548235359",
"to_ids": true,
"type": "hostname",
"uuid": "5c48325f-858c-4e35-aacf-4cd3950d210f",
"value": "dns.cloudfronts.services"
},
{
"category": "Network activity",
"comment": "Nameservers",
"deleted": false,
"disable_correlation": false,
"timestamp": "1548235360",
"to_ids": true,
"type": "hostname",
"uuid": "5c483260-b464-4eac-ac1e-44b9950d210f",
"value": "ns2.akadns.services"
},
{
"category": "Network activity",
"comment": "Nameservers",
"deleted": false,
"disable_correlation": false,
"timestamp": "1548235360",
"to_ids": true,
"type": "hostname",
"uuid": "5c483260-1338-48d2-b149-4bdf950d210f",
"value": "britns.akadns.services"
},
{
"category": "Network activity",
"comment": "Nameservers",
"deleted": false,
"disable_correlation": false,
"timestamp": "1548235361",
"to_ids": true,
"type": "hostname",
"uuid": "5c483261-6914-4112-a413-4747950d210f",
"value": "britns.akadns.live"
},
{
"category": "Network activity",
"comment": "Nameservers",
"deleted": false,
"disable_correlation": false,
"timestamp": "1548235361",
"to_ids": true,
"type": "hostname",
"uuid": "5c483261-e880-47fe-bad3-484e950d210f",
"value": "ns2.akadns.live"
},
{
"category": "Network activity",
"comment": "RogueRobin C2s",
"deleted": false,
"disable_correlation": false,
"timestamp": "1548236275",
"to_ids": true,
"type": "domain",
"uuid": "5c4835f3-9d18-401f-9251-4f45950d210f",
"value": "akdns.live"
},
{
"category": "Network activity",
"comment": "RogueRobin C2s",
"deleted": false,
"disable_correlation": false,
"timestamp": "1548236277",
"to_ids": true,
"type": "domain",
"uuid": "5c4835f5-3844-4367-a71c-49f0950d210f",
"value": "akamaiedge.live"
},
{
"category": "Network activity",
"comment": "RogueRobin C2s",
"deleted": false,
"disable_correlation": false,
"timestamp": "1548236278",
"to_ids": true,
"type": "domain",
"uuid": "5c4835f6-13e8-4f1d-9f65-4b9f950d210f",
"value": "edgekey.live"
},
{
"category": "Network activity",
"comment": "RogueRobin C2s",
"deleted": false,
"disable_correlation": false,
"timestamp": "1548236279",
"to_ids": true,
"type": "domain",
"uuid": "5c4835f7-efb8-4192-b81f-4d0f950d210f",
"value": "akamaized.live"
},
{
"category": "Network activity",
"comment": "RogueRobin C2s",
"deleted": false,
"disable_correlation": false,
"timestamp": "1548236281",
"to_ids": true,
"type": "domain",
"uuid": "5c4835f9-2e84-4a97-a0ba-4e9d950d210f",
"value": "0ffice365.agency"
},
{
"category": "Network activity",
"comment": "RogueRobin C2s",
"deleted": false,
"disable_correlation": false,
"timestamp": "1548236282",
"to_ids": true,
"type": "domain",
"uuid": "5c4835fa-a824-4d63-9d1e-461d950d210f",
"value": "0nedrive.agency"
},
{
"category": "Network activity",
"comment": "RogueRobin C2s",
"deleted": false,
"disable_correlation": false,
"timestamp": "1548236284",
"to_ids": true,
"type": "domain",
"uuid": "5c4835fc-6794-4e1d-b444-4864950d210f",
"value": "corewindows.agency"
},
{
"category": "Network activity",
"comment": "RogueRobin C2s",
"deleted": false,
"disable_correlation": false,
"timestamp": "1548236285",
"to_ids": true,
"type": "domain",
"uuid": "5c4835fd-b274-467b-be08-4a1d950d210f",
"value": "microsoftonline.agency"
},
{
"category": "Network activity",
"comment": "RogueRobin C2s",
"deleted": false,
"disable_correlation": false,
"timestamp": "1548236286",
"to_ids": true,
"type": "domain",
"uuid": "5c4835fe-96bc-48cc-a839-47fb950d210f",
"value": "onedrive.agency"
},
{
"category": "Network activity",
"comment": "RogueRobin C2s",
"deleted": false,
"disable_correlation": false,
"timestamp": "1548236288",
"to_ids": true,
"type": "domain",
"uuid": "5c483600-af84-48d6-88a0-4660950d210f",
"value": "sharepoint.agency"
},
{
"category": "Network activity",
"comment": "RogueRobin C2s",
"deleted": false,
"disable_correlation": false,
"timestamp": "1548236289",
"to_ids": true,
"type": "domain",
"uuid": "5c483601-9e10-4856-ac87-4d5b950d210f",
"value": "skydrive.agency"
},
{
"category": "Network activity",
"comment": "RogueRobin C2s",
"deleted": false,
"disable_correlation": false,
"timestamp": "1548236290",
"to_ids": true,
"type": "domain",
"uuid": "5c483602-daa8-49b1-8dea-4474950d210f",
"value": "0ffice365.life"
},
{
"category": "Network activity",
"comment": "RogueRobin C2s",
"deleted": false,
"disable_correlation": false,
"timestamp": "1548236292",
"to_ids": true,
"type": "domain",
"uuid": "5c483604-b4a0-4ec5-a6c7-4b3a950d210f",
"value": "0ffice365.services"
},
{
"category": "Network activity",
"comment": "RogueRobin C2s",
"deleted": false,
"disable_correlation": false,
"timestamp": "1548236293",
"to_ids": true,
"type": "domain",
"uuid": "5c483605-8240-4688-a606-4d49950d210f",
"value": "skydrive.services"
},
{
"category": "Network activity",
"comment": "",
"deleted": false,
"disable_correlation": false,
"timestamp": "1548240368",
"to_ids": true,
"type": "hostname",
"uuid": "5c4845f0-d0d4-4afa-8147-1869950d210f",
"value": "676f6f646c75636b.gogle.co"
},
{
"category": "Network activity",
"comment": "",
"deleted": false,
"disable_correlation": false,
"timestamp": "1548241130",
"to_ids": true,
"type": "url",
"uuid": "5c4848ea-3b90-404a-a249-0941950d210f",
"value": "tbs1/tbs2.microsoftonline.services"
}
],
"Object": [
{
"comment": "RogueRobin",
"deleted": false,
"description": "File object describing a file with meta-information",
"meta-category": "file",
"name": "file",
"template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215",
"template_version": "15",
"timestamp": "1548236351",
"uuid": "5c48363f-b894-4693-96e9-4429950d210f",
"Attribute": [
{
"category": "Payload delivery",
"comment": "",
"deleted": false,
"disable_correlation": false,
"object_relation": "sha256",
"timestamp": "1548236351",
"to_ids": true,
"type": "sha256",
"uuid": "5c48363f-f8c4-45ee-9a9b-42bc950d210f",
"value": "eb33a96726a34dd60b053d3d1048137dffb1bba68a1ad6f56d33f5d6efb12b97"
},
{
"category": "Other",
"comment": "",
"deleted": false,
"disable_correlation": true,
"object_relation": "state",
"timestamp": "1548236353",
"to_ids": false,
"type": "text",
"uuid": "5c483641-69d0-4210-9b69-4e94950d210f",
"value": "Malicious"
}
]
},
{
"comment": "RogueRobin",
"deleted": false,
"description": "File object describing a file with meta-information",
"meta-category": "file",
"name": "file",
"template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215",
"template_version": "15",
"timestamp": "1548236371",
"uuid": "5c483653-dc5c-4ce5-9fb4-457b950d210f",
"Attribute": [
{
"category": "Payload delivery",
"comment": "",
"deleted": false,
"disable_correlation": false,
"object_relation": "sha256",
"timestamp": "1548236372",
"to_ids": true,
"type": "sha256",
"uuid": "5c483654-61c4-4cda-97f5-4e3f950d210f",
"value": "f1b2bc0831445903c0d51b390b1987597009cc0fade009e07d792e8d455f6db0"
},
{
"category": "Other",
"comment": "",
"deleted": false,
"disable_correlation": true,
"object_relation": "state",
"timestamp": "1548236373",
"to_ids": false,
"type": "text",
"uuid": "5c483655-7c7c-452c-afc2-4d70950d210f",
"value": "Malicious"
}
]
},
{
"comment": "RogueRobin",
"deleted": false,
"description": "File object describing a file with meta-information",
"meta-category": "file",
"name": "file",
"template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215",
"template_version": "15",
"timestamp": "1548236399",
"uuid": "5c48366f-5060-4b4d-a8ee-48df950d210f",
"Attribute": [
{
"category": "Payload delivery",
"comment": "",
"deleted": false,
"disable_correlation": false,
"object_relation": "sha256",
"timestamp": "1548236399",
"to_ids": true,
"type": "sha256",
"uuid": "5c48366f-d978-4eeb-b92f-4ddf950d210f",
"value": "5cc62ad6baf572dbae925f701526310778f032bb4a54b205bada78b1eb8c479c"
},
{
"category": "Other",
"comment": "",
"deleted": false,
"disable_correlation": true,
"object_relation": "state",
"timestamp": "1548236402",
"to_ids": false,
"type": "text",
"uuid": "5c483672-9090-461d-9b0b-4d9e950d210f",
"value": "Malicious"
}
]
},
{
"comment": "Delivery Document",
"deleted": false,
"description": "File object describing a file with meta-information",
"meta-category": "file",
"name": "file",
"template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215",
"template_version": "15",
"timestamp": "1548237023",
"uuid": "5c4838df-1140-4d70-9ed3-4cbd950d210f",
"Attribute": [
{
"category": "Payload delivery",
"comment": "",
"deleted": false,
"disable_correlation": false,
"object_relation": "sha256",
"timestamp": "1548237023",
"to_ids": true,
"type": "sha256",
"uuid": "5c4838df-45a4-40bf-9229-41a2950d210f",
"value": "513813af1590bc9edeb91845b454d42bbce6a5e2d43a9b0afa7692e4e500b4c8"
},
{
"category": "Other",
"comment": "",
"deleted": false,
"disable_correlation": true,
"object_relation": "state",
"timestamp": "1548237024",
"to_ids": false,
"type": "text",
"uuid": "5c4838e0-531c-4203-8124-4ce1950d210f",
"value": "Malicious"
}
]
},
{
"comment": "Delivery Document",
"deleted": false,
"description": "File object describing a file with meta-information",
"meta-category": "file",
"name": "file",
"template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215",
"template_version": "15",
"timestamp": "1548237044",
"uuid": "5c4838f4-8218-400b-b63e-4de1950d210f",
"Attribute": [
{
"category": "Payload delivery",
"comment": "",
"deleted": false,
"disable_correlation": false,
"object_relation": "sha256",
"timestamp": "1548237044",
"to_ids": true,
"type": "sha256",
"uuid": "5c4838f4-8630-4b99-b443-479a950d210f",
"value": "e068c6536bf353abe249ad0464c58fb85d7de25223442dd220d64116dbf1e022"
},
{
"category": "Other",
"comment": "",
"deleted": false,
"disable_correlation": true,
"object_relation": "state",
"timestamp": "1548237045",
"to_ids": false,
"type": "text",
"uuid": "5c4838f5-3f04-4361-94ee-4b2f950d210f",
"value": "Malicious"
}
]
},
{
"comment": "Delivery Document",
"deleted": false,
"description": "File object describing a file with meta-information",
"meta-category": "file",
"name": "file",
"template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215",
"template_version": "15",
"timestamp": "1548237076",
"uuid": "5c483914-2a64-4525-ac9e-454c950d210f",
"Attribute": [
{
"category": "Payload delivery",
"comment": "",
"deleted": false,
"disable_correlation": false,
"object_relation": "sha256",
"timestamp": "1548237076",
"to_ids": true,
"type": "sha256",
"uuid": "5c483914-911c-47e7-8887-40d4950d210f",
"value": "4e40f80114e5bd44a762f6066a3e56ccdc0d01ab2a18397ea12e0bc5508215b8"
},
{
"category": "Other",
"comment": "",
"deleted": false,
"disable_correlation": true,
"object_relation": "state",
"timestamp": "1548237077",
"to_ids": false,
"type": "text",
"uuid": "5c483915-98b0-4250-94e2-4a6f950d210f",
"value": "Malicious"
}
]
},
{
"comment": "",
"deleted": false,
"description": "File object describing a file with meta-information",
"meta-category": "file",
"name": "file",
"template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215",
"template_version": "15",
"timestamp": "1548239281",
"uuid": "5c4841b1-2610-4eb9-8972-0941950d210f",
"Attribute": [
{
"category": "Payload delivery",
"comment": "",
"deleted": false,
"disable_correlation": false,
"object_relation": "filename",
"timestamp": "1548239281",
"to_ids": true,
"type": "filename",
"uuid": "5c4841b1-769c-4a6f-bf3c-0941950d210f",
"value": "12-B-366.txt"
},
{
"category": "Other",
"comment": "",
"deleted": false,
"disable_correlation": true,
"object_relation": "state",
"timestamp": "1548239281",
"to_ids": false,
"type": "text",
"uuid": "5c4841b1-9b80-4d68-94c6-0941950d210f",
"value": "Malicious"
},
{
"category": "Other",
"comment": "",
"deleted": false,
"disable_correlation": false,
"object_relation": "fullpath",
"timestamp": "1548239281",
"to_ids": false,
"type": "text",
"uuid": "5c4841b1-804c-4eb5-bafe-0941950d210f",
"value": "%TEMP%\\12-B-366.txt"
},
{
"category": "Other",
"comment": "",
"deleted": false,
"disable_correlation": true,
"object_relation": "path",
"timestamp": "1548239282",
"to_ids": false,
"type": "text",
"uuid": "5c4841b2-0c8c-4e8c-9984-0941950d210f",
"value": "%TEMP%"
}
]
},
{
"comment": "",
"deleted": false,
"description": "File object describing a file with meta-information",
"meta-category": "file",
"name": "file",
"template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215",
"template_version": "15",
"timestamp": "1548239950",
"uuid": "5c48444e-3888-4e23-8358-0a80950d210f",
"Attribute": [
{
"category": "Payload delivery",
"comment": "",
"deleted": false,
"disable_correlation": true,
"object_relation": "filename",
"timestamp": "1548239950",
"to_ids": true,
"type": "filename",
"uuid": "5c48444e-4758-425d-9cf5-0a80950d210f",
"value": "WindowsTemplate.exe"
},
{
"category": "Other",
"comment": "",
"deleted": false,
"disable_correlation": true,
"object_relation": "state",
"timestamp": "1548239950",
"to_ids": false,
"type": "text",
"uuid": "5c48444e-3720-4e38-9ec4-0a80950d210f",
"value": "Malicious"
},
{
"category": "Other",
"comment": "",
"deleted": false,
"disable_correlation": false,
"object_relation": "fullpath",
"timestamp": "1548239950",
"to_ids": false,
"type": "text",
"uuid": "5c48444e-6bd8-4f9e-98dd-0a80950d210f",
"value": "%APPDATA%\\Microsoft\\Windows\\Templates\\WindowsTemplate.exe"
},
{
"category": "Other",
"comment": "",
"deleted": false,
"disable_correlation": true,
"object_relation": "path",
"timestamp": "1548239951",
"to_ids": false,
"type": "text",
"uuid": "5c48444f-f5a4-446b-a01b-0a80950d210f",
"value": "%APPDATA%\\Microsoft\\Windows\\Templates\\"
}
]
},
{
"comment": "",
"deleted": false,
"description": "File object describing a file with meta-information",
"meta-category": "file",
"name": "file",
"template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215",
"template_version": "17",
"timestamp": "1566552964",
"uuid": "d9d74a92-d5e9-44cf-951c-9209e089e4a9",
"ObjectReference": [
{
"comment": "",
"object_uuid": "d9d74a92-d5e9-44cf-951c-9209e089e4a9",
"referenced_uuid": "5c97ffbd-d966-4fd3-a37b-32ef937013b2",
"relationship_type": "analysed-with",
"timestamp": "1563528191",
"uuid": "5d318bff-a3f4-466c-b471-4b8302de0b81"
},
{
"comment": "",
"object_uuid": "d9d74a92-d5e9-44cf-951c-9209e089e4a9",
"referenced_uuid": "2d2efd04-087d-4dec-9b15-0466b3f048e2",
"relationship_type": "analysed-with",
"timestamp": "1566552967",
"uuid": "5d5fb387-e3e8-4f7e-84e0-4f5c950d210f"
}
],
"Attribute": [
{
"category": "Payload delivery",
"comment": "",
"deleted": false,
"disable_correlation": false,
"object_relation": "md5",
"timestamp": "1548237044",
"to_ids": true,
"type": "md5",
"uuid": "0a6da508-9f82-4c33-bb46-661a69fd22f4",
"value": "8dc9f5450402ae799f5f8afd5c0a8352"
},
{
"category": "Payload delivery",
"comment": "",
"deleted": false,
"disable_correlation": false,
"object_relation": "sha1",
"timestamp": "1548237044",
"to_ids": true,
"type": "sha1",
"uuid": "38f7f9a2-35cd-4bac-b735-0ad1d6ffa6ad",
"value": "58ea259ea8231175140f03993d57b91b67465bf0"
},
{
"category": "Payload delivery",
"comment": "",
"deleted": false,
"disable_correlation": false,
"object_relation": "sha256",
"timestamp": "1548237044",
"to_ids": true,
"type": "sha256",
"uuid": "6648950d-4255-45a7-a389-ac120c43716d",
"value": "e068c6536bf353abe249ad0464c58fb85d7de25223442dd220d64116dbf1e022"
}
]
},
{
"comment": "",
"deleted": false,
"description": "VirusTotal report",
"meta-category": "misc",
"name": "virustotal-report",
"template_uuid": "d7dd0154-e04f-4c34-a2fb-79f3a3a52aa4",
"template_version": "2",
"timestamp": "1563528189",
"uuid": "5c97ffbd-d966-4fd3-a37b-32ef937013b2",
"Attribute": [
{
"category": "Other",
"comment": "",
"deleted": false,
"disable_correlation": false,
"object_relation": "last-submission",
"timestamp": "1548237044",
"to_ids": false,
"type": "datetime",
"uuid": "cc65fe50-4173-4c03-bd6f-c38d960f8f84",
"value": "2019-03-27T13:49:58"
},
{
"category": "Payload delivery",
"comment": "",
"deleted": false,
"disable_correlation": false,
"object_relation": "permalink",
"timestamp": "1548237044",
"to_ids": false,
"type": "link",
"uuid": "bd3e1921-525a-4355-8079-580e19772ebc",
"value": "https://www.virustotal.com/file/e068c6536bf353abe249ad0464c58fb85d7de25223442dd220d64116dbf1e022/analysis/1553694598/"
},
{
"category": "Payload delivery",
"comment": "",
"deleted": false,
"disable_correlation": true,
"object_relation": "detection-ratio",
"timestamp": "1548237044",
"to_ids": false,
"type": "text",
"uuid": "d2c8ac9a-094d-4b87-b546-ff424b2d88c2",
"value": "41/62"
}
]
},
{
"comment": "",
"deleted": false,
"description": "File object describing a file with meta-information",
"meta-category": "file",
"name": "file",
"template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215",
"template_version": "17",
"timestamp": "1566552964",
"uuid": "daa1f647-6100-4717-8f02-db83000e128e",
"ObjectReference": [
{
"comment": "",
"object_uuid": "daa1f647-6100-4717-8f02-db83000e128e",
"referenced_uuid": "b8cf49aa-c9f6-4b8f-836e-14ef60a806d7",
"relationship_type": "analysed-with",
"timestamp": "1563528192",
"uuid": "5d318c00-c134-4d66-8c10-469202de0b81"
},
{
"comment": "",
"object_uuid": "daa1f647-6100-4717-8f02-db83000e128e",
"referenced_uuid": "6a4446ed-949a-42d5-8975-db3f4994de64",
"relationship_type": "analysed-with",
"timestamp": "1566552967",
"uuid": "5d5fb387-eb0c-4e8a-ab20-4d43950d210f"
}
],
"Attribute": [
{
"category": "Payload delivery",
"comment": "",
"deleted": false,
"disable_correlation": false,
"object_relation": "md5",
"timestamp": "1548237023",
"to_ids": true,
"type": "md5",
"uuid": "13bf56e9-a568-4a5b-b9fc-0f6d3bba70c3",
"value": "5c3f96ade0ea67eef9d25161c64e6f3e"
},
{
"category": "Payload delivery",
"comment": "",
"deleted": false,
"disable_correlation": false,
"object_relation": "sha1",
"timestamp": "1548237023",
"to_ids": true,
"type": "sha1",
"uuid": "81135f4e-cd64-4478-bc75-bbf01afd570c",
"value": "524f2c9f62703027b1ebbf1fc16a4a7506d6ff20"
},
{
"category": "Payload delivery",
"comment": "",
"deleted": false,
"disable_correlation": false,
"object_relation": "sha256",
"timestamp": "1548237023",
"to_ids": true,
"type": "sha256",
"uuid": "9d4ca030-4950-4e41-8c98-01fcbe32cd84",
"value": "513813af1590bc9edeb91845b454d42bbce6a5e2d43a9b0afa7692e4e500b4c8"
}
]
},
{
"comment": "",
"deleted": false,
"description": "VirusTotal report",
"meta-category": "misc",
"name": "virustotal-report",
"template_uuid": "d7dd0154-e04f-4c34-a2fb-79f3a3a52aa4",
"template_version": "2",
"timestamp": "1563528189",
"uuid": "b8cf49aa-c9f6-4b8f-836e-14ef60a806d7",
"Attribute": [
{
"category": "Other",
"comment": "",
"deleted": false,
"disable_correlation": false,
"object_relation": "last-submission",
"timestamp": "1548237023",
"to_ids": false,
"type": "datetime",
"uuid": "ac8ba530-cefe-4a6d-ab7c-2acd514ae349",
"value": "2019-06-04T23:57:46"
},
{
"category": "Payload delivery",
"comment": "",
"deleted": false,
"disable_correlation": false,
"object_relation": "permalink",
"timestamp": "1548237023",
"to_ids": false,
"type": "link",
"uuid": "0e8ac8eb-6bee-45cf-a90c-83403a8f84f5",
"value": "https://www.virustotal.com/file/513813af1590bc9edeb91845b454d42bbce6a5e2d43a9b0afa7692e4e500b4c8/analysis/1559692666/"
},
{
"category": "Payload delivery",
"comment": "",
"deleted": false,
"disable_correlation": true,
"object_relation": "detection-ratio",
"timestamp": "1548237023",
"to_ids": false,
"type": "text",
"uuid": "c99901fc-603a-47be-ad92-25b8e49afdb1",
"value": "45/62"
}
]
},
{
"comment": "",
"deleted": false,
"description": "File object describing a file with meta-information",
"meta-category": "file",
"name": "file",
"template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215",
"template_version": "17",
"timestamp": "1566552964",
"uuid": "eb1071b4-d800-4cde-83f6-7a6035d85171",
"ObjectReference": [
{
"comment": "",
"object_uuid": "eb1071b4-d800-4cde-83f6-7a6035d85171",
"referenced_uuid": "114f3f73-824d-4ecd-b931-ecfa06cd315b",
"relationship_type": "analysed-with",
"timestamp": "1563528193",
"uuid": "5d318c01-9268-40c8-a529-4bcd02de0b81"
},
{
"comment": "",
"object_uuid": "eb1071b4-d800-4cde-83f6-7a6035d85171",
"referenced_uuid": "97c71d46-4c70-4a75-b908-50bf2d41983d",
"relationship_type": "analysed-with",
"timestamp": "1566552967",
"uuid": "5d5fb387-c690-4f2e-b16f-48a7950d210f"
}
],
"Attribute": [
{
"category": "Payload delivery",
"comment": "",
"deleted": false,
"disable_correlation": false,
"object_relation": "md5",
"timestamp": "1548236372",
"to_ids": true,
"type": "md5",
"uuid": "cba14bea-4e01-4b82-8e80-15f76ffd84f6",
"value": "039bd47f0fdb6bb7d68a2428c71f317d"
},
{
"category": "Payload delivery",
"comment": "",
"deleted": false,
"disable_correlation": false,
"object_relation": "sha1",
"timestamp": "1548236372",
"to_ids": true,
"type": "sha1",
"uuid": "bceba550-6cf2-435e-9673-029206786bf2",
"value": "1d73611c6d77a07de90199864c6341d58657db43"
},
{
"category": "Payload delivery",
"comment": "",
"deleted": false,
"disable_correlation": false,
"object_relation": "sha256",
"timestamp": "1548236372",
"to_ids": true,
"type": "sha256",
"uuid": "1e6d6579-d354-4f34-96ab-ab5738eba388",
"value": "f1b2bc0831445903c0d51b390b1987597009cc0fade009e07d792e8d455f6db0"
}
]
},
{
"comment": "",
"deleted": false,
"description": "VirusTotal report",
"meta-category": "misc",
"name": "virustotal-report",
"template_uuid": "d7dd0154-e04f-4c34-a2fb-79f3a3a52aa4",
"template_version": "2",
"timestamp": "1563528190",
"uuid": "114f3f73-824d-4ecd-b931-ecfa06cd315b",
"Attribute": [
{
"category": "Other",
"comment": "",
"deleted": false,
"disable_correlation": false,
"object_relation": "last-submission",
"timestamp": "1548236372",
"to_ids": false,
"type": "datetime",
"uuid": "290047a1-8f60-4237-9499-25930aafaf87",
"value": "2019-04-30T00:54:00"
},
{
"category": "Payload delivery",
"comment": "",
"deleted": false,
"disable_correlation": false,
"object_relation": "permalink",
"timestamp": "1548236372",
"to_ids": false,
"type": "link",
"uuid": "ae08342d-d69b-4806-8f9a-23456e8988b7",
"value": "https://www.virustotal.com/file/f1b2bc0831445903c0d51b390b1987597009cc0fade009e07d792e8d455f6db0/analysis/1556585640/"
},
{
"category": "Payload delivery",
"comment": "",
"deleted": false,
"disable_correlation": true,
"object_relation": "detection-ratio",
"timestamp": "1548236372",
"to_ids": false,
"type": "text",
"uuid": "9c359b30-75e6-4541-b307-6580f7f8ca8a",
"value": "51/72"
}
]
},
{
"comment": "",
"deleted": false,
"description": "File object describing a file with meta-information",
"meta-category": "file",
"name": "file",
"template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215",
"template_version": "17",
"timestamp": "1566552964",
"uuid": "0c348258-2cce-41e4-bf8f-67555be3f925",
"ObjectReference": [
{
"comment": "",
"object_uuid": "0c348258-2cce-41e4-bf8f-67555be3f925",
"referenced_uuid": "64a6d64f-7061-4953-9693-334ea5bea2ec",
"relationship_type": "analysed-with",
"timestamp": "1563528193",
"uuid": "5d318c01-2044-4bf1-a700-4cc202de0b81"
},
{
"comment": "",
"object_uuid": "0c348258-2cce-41e4-bf8f-67555be3f925",
"referenced_uuid": "7ff87175-d1e6-4b91-9371-6b3e0da19395",
"relationship_type": "analysed-with",
"timestamp": "1566552967",
"uuid": "5d5fb387-0ac4-4d64-af1b-46a4950d210f"
}
],
"Attribute": [
{
"category": "Payload delivery",
"comment": "",
"deleted": false,
"disable_correlation": false,
"object_relation": "md5",
"timestamp": "1548236399",
"to_ids": true,
"type": "md5",
"uuid": "0e879862-bfd8-466e-b051-0fd47c47d19b",
"value": "c3b1bd4e3e159591d84e77452a09851d"
},
{
"category": "Payload delivery",
"comment": "",
"deleted": false,
"disable_correlation": false,
"object_relation": "sha1",
"timestamp": "1548236399",
"to_ids": true,
"type": "sha1",
"uuid": "f981c086-d12e-47ea-8301-1081ead385a5",
"value": "0fece8a649e88635c35222fbc8ce49d6ef2e77c1"
},
{
"category": "Payload delivery",
"comment": "",
"deleted": false,
"disable_correlation": false,
"object_relation": "sha256",
"timestamp": "1548236399",
"to_ids": true,
"type": "sha256",
"uuid": "0b043490-9382-4985-aed7-525203bbfc5a",
"value": "5cc62ad6baf572dbae925f701526310778f032bb4a54b205bada78b1eb8c479c"
}
]
},
{
"comment": "",
"deleted": false,
"description": "VirusTotal report",
"meta-category": "misc",
"name": "virustotal-report",
"template_uuid": "d7dd0154-e04f-4c34-a2fb-79f3a3a52aa4",
"template_version": "2",
"timestamp": "1563528190",
"uuid": "64a6d64f-7061-4953-9693-334ea5bea2ec",
"Attribute": [
{
"category": "Other",
"comment": "",
"deleted": false,
"disable_correlation": false,
"object_relation": "last-submission",
"timestamp": "1548236399",
"to_ids": false,
"type": "datetime",
"uuid": "365e0979-45c2-48ff-b067-8427c971a484",
"value": "2019-06-25T16:23:56"
},
{
"category": "Payload delivery",
"comment": "",
"deleted": false,
"disable_correlation": false,
"object_relation": "permalink",
"timestamp": "1548236399",
"to_ids": false,
"type": "link",
"uuid": "cca113a9-1a86-4416-9965-6a8147c59c98",
"value": "https://www.virustotal.com/file/5cc62ad6baf572dbae925f701526310778f032bb4a54b205bada78b1eb8c479c/analysis/1561479836/"
},
{
"category": "Payload delivery",
"comment": "",
"deleted": false,
"disable_correlation": true,
"object_relation": "detection-ratio",
"timestamp": "1548236399",
"to_ids": false,
"type": "text",
"uuid": "6e5fbe1c-0986-44d0-b675-60639a24dc26",
"value": "56/72"
}
]
},
{
"comment": "",
"deleted": false,
"description": "File object describing a file with meta-information",
"meta-category": "file",
"name": "file",
"template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215",
"template_version": "17",
"timestamp": "1566552965",
"uuid": "46c359c7-edb0-4b18-a34d-9b06ce21aad5",
"ObjectReference": [
{
"comment": "",
"object_uuid": "46c359c7-edb0-4b18-a34d-9b06ce21aad5",
"referenced_uuid": "a2dbe480-0cac-43dd-808e-b6a735543ea5",
"relationship_type": "analysed-with",
"timestamp": "1563528193",
"uuid": "5d318c01-c410-4782-bbcf-405302de0b81"
},
{
"comment": "",
"object_uuid": "46c359c7-edb0-4b18-a34d-9b06ce21aad5",
"referenced_uuid": "17aca456-82a1-47f5-9b5f-dcf90c512882",
"relationship_type": "analysed-with",
"timestamp": "1566552967",
"uuid": "5d5fb387-faf8-4c27-b9e2-432a950d210f"
}
],
"Attribute": [
{
"category": "Payload delivery",
"comment": "",
"deleted": false,
"disable_correlation": false,
"object_relation": "md5",
"timestamp": "1548237076",
"to_ids": true,
"type": "md5",
"uuid": "b6e0a0f0-dec2-44bc-a8f7-93f1b13afcc9",
"value": "89e50d52e498c34f1e976cf9a1017a39"
},
{
"category": "Payload delivery",
"comment": "",
"deleted": false,
"disable_correlation": false,
"object_relation": "sha1",
"timestamp": "1548237076",
"to_ids": true,
"type": "sha1",
"uuid": "9ce90955-5e24-43d8-b8b2-b653455cbd6e",
"value": "1b8fe1d2194e685c0cce2f00c33e7f069f3a4d54"
},
{
"category": "Payload delivery",
"comment": "",
"deleted": false,
"disable_correlation": false,
"object_relation": "sha256",
"timestamp": "1548237076",
"to_ids": true,
"type": "sha256",
"uuid": "fef621c8-a45a-46b2-b08d-a2d5d2ea4811",
"value": "4e40f80114e5bd44a762f6066a3e56ccdc0d01ab2a18397ea12e0bc5508215b8"
}
]
},
{
"comment": "",
"deleted": false,
"description": "VirusTotal report",
"meta-category": "misc",
"name": "virustotal-report",
"template_uuid": "d7dd0154-e04f-4c34-a2fb-79f3a3a52aa4",
"template_version": "2",
"timestamp": "1563528191",
"uuid": "a2dbe480-0cac-43dd-808e-b6a735543ea5",
"Attribute": [
{
"category": "Other",
"comment": "",
"deleted": false,
"disable_correlation": false,
"object_relation": "last-submission",
"timestamp": "1548237076",
"to_ids": false,
"type": "datetime",
"uuid": "2b56458b-80ca-4d60-abbe-7133142c0cd0",
"value": "2019-06-06T23:48:31"
},
{
"category": "Payload delivery",
"comment": "",
"deleted": false,
"disable_correlation": false,
"object_relation": "permalink",
"timestamp": "1548237076",
"to_ids": false,
"type": "link",
"uuid": "a8b28daa-01c7-4049-a0ec-9da443fbe78e",
"value": "https://www.virustotal.com/file/4e40f80114e5bd44a762f6066a3e56ccdc0d01ab2a18397ea12e0bc5508215b8/analysis/1559864911/"
},
{
"category": "Payload delivery",
"comment": "",
"deleted": false,
"disable_correlation": true,
"object_relation": "detection-ratio",
"timestamp": "1548237076",
"to_ids": false,
"type": "text",
"uuid": "9489327d-b04a-4b82-86c6-4cb0fbd1fc19",
"value": "44/62"
}
]
},
{
"comment": "",
"deleted": false,
"description": "File object describing a file with meta-information",
"meta-category": "file",
"name": "file",
"template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215",
"template_version": "17",
"timestamp": "1566552965",
"uuid": "7708439c-37ac-4fce-ac9f-36a1a26a84df",
"ObjectReference": [
{
"comment": "",
"object_uuid": "7708439c-37ac-4fce-ac9f-36a1a26a84df",
"referenced_uuid": "eda93bd4-a0f9-40d1-9216-3ea538389e62",
"relationship_type": "analysed-with",
"timestamp": "1563528193",
"uuid": "5d318c01-6560-4ca4-b1ee-4cf702de0b81"
},
{
"comment": "",
"object_uuid": "7708439c-37ac-4fce-ac9f-36a1a26a84df",
"referenced_uuid": "9e0c7cec-9ce2-4efb-a881-9b86cc097610",
"relationship_type": "analysed-with",
"timestamp": "1566552967",
"uuid": "5d5fb387-023c-4dfc-8620-49b6950d210f"
}
],
"Attribute": [
{
"category": "Payload delivery",
"comment": "",
"deleted": false,
"disable_correlation": false,
"object_relation": "md5",
"timestamp": "1548236351",
"to_ids": true,
"type": "md5",
"uuid": "3561e506-97bf-4807-9f97-1451ff9a4b75",
"value": "b108412f1cdc0602d82d3e6b318dc634"
},
{
"category": "Payload delivery",
"comment": "",
"deleted": false,
"disable_correlation": false,
"object_relation": "sha1",
"timestamp": "1548236351",
"to_ids": true,
"type": "sha1",
"uuid": "c2e11d18-d34e-4c84-b711-81cf4137f4ef",
"value": "0681f2abe5c6d7e80afe27b8aba08abac43c39d8"
},
{
"category": "Payload delivery",
"comment": "",
"deleted": false,
"disable_correlation": false,
"object_relation": "sha256",
"timestamp": "1548236351",
"to_ids": true,
"type": "sha256",
"uuid": "30ba5c1b-17b2-4ce3-a056-485d4a882942",
"value": "eb33a96726a34dd60b053d3d1048137dffb1bba68a1ad6f56d33f5d6efb12b97"
}
]
},
{
"comment": "",
"deleted": false,
"description": "VirusTotal report",
"meta-category": "misc",
"name": "virustotal-report",
"template_uuid": "d7dd0154-e04f-4c34-a2fb-79f3a3a52aa4",
"template_version": "2",
"timestamp": "1563528191",
"uuid": "eda93bd4-a0f9-40d1-9216-3ea538389e62",
"Attribute": [
{
"category": "Other",
"comment": "",
"deleted": false,
"disable_correlation": false,
"object_relation": "last-submission",
"timestamp": "1548236351",
"to_ids": false,
"type": "datetime",
"uuid": "1de46e79-770f-4323-9920-92bcd8e6158f",
"value": "2019-07-09T02:11:15"
},
{
"category": "Payload delivery",
"comment": "",
"deleted": false,
"disable_correlation": false,
"object_relation": "permalink",
"timestamp": "1548236351",
"to_ids": false,
"type": "link",
"uuid": "2f0ff0fb-59af-4c85-a29f-74e0d9800836",
"value": "https://www.virustotal.com/file/eb33a96726a34dd60b053d3d1048137dffb1bba68a1ad6f56d33f5d6efb12b97/analysis/1562638275/"
},
{
"category": "Payload delivery",
"comment": "",
"deleted": false,
"disable_correlation": true,
"object_relation": "detection-ratio",
"timestamp": "1548236351",
"to_ids": false,
"type": "text",
"uuid": "ff7e98c4-e38f-4559-82cf-f51c124c34f5",
"value": "53/71"
}
]
},
{
"comment": "",
"deleted": false,
"description": "VirusTotal report",
"meta-category": "misc",
"name": "virustotal-report",
"template_uuid": "d7dd0154-e04f-4c34-a2fb-79f3a3a52aa4",
"template_version": "2",
"timestamp": "1566552965",
"uuid": "2d2efd04-087d-4dec-9b15-0466b3f048e2",
"Attribute": [
{
"category": "Other",
"comment": "",
"deleted": false,
"disable_correlation": false,
"object_relation": "last-submission",
"timestamp": "1548237044",
"to_ids": false,
"type": "datetime",
"uuid": "a14c6c4d-58f8-44f9-98a7-11ce52b45ad4",
"value": "2019-03-27T13:49:58"
},
{
"category": "Payload delivery",
"comment": "",
"deleted": false,
"disable_correlation": false,
"object_relation": "permalink",
"timestamp": "1548237044",
"to_ids": false,
"type": "link",
"uuid": "91031c7d-821b-4a78-9f41-991e362b0c21",
"value": "https://www.virustotal.com/file/e068c6536bf353abe249ad0464c58fb85d7de25223442dd220d64116dbf1e022/analysis/1553694598/"
},
{
"category": "Payload delivery",
"comment": "",
"deleted": false,
"disable_correlation": true,
"object_relation": "detection-ratio",
"timestamp": "1548237044",
"to_ids": false,
"type": "text",
"uuid": "94c21631-20b1-47cb-b6bc-1abccd4c2297",
"value": "41/62"
}
]
},
{
"comment": "",
"deleted": false,
"description": "VirusTotal report",
"meta-category": "misc",
"name": "virustotal-report",
"template_uuid": "d7dd0154-e04f-4c34-a2fb-79f3a3a52aa4",
"template_version": "2",
"timestamp": "1566552965",
"uuid": "97c71d46-4c70-4a75-b908-50bf2d41983d",
"Attribute": [
{
"category": "Other",
"comment": "",
"deleted": false,
"disable_correlation": false,
"object_relation": "last-submission",
"timestamp": "1548236372",
"to_ids": false,
"type": "datetime",
"uuid": "07d3c689-845e-4b8e-b450-f1641896f608",
"value": "2019-04-30T00:54:00"
},
{
"category": "Payload delivery",
"comment": "",
"deleted": false,
"disable_correlation": false,
"object_relation": "permalink",
"timestamp": "1548236372",
"to_ids": false,
"type": "link",
"uuid": "67e32e8b-6fb6-49f4-af4a-7f8aa958cf8d",
"value": "https://www.virustotal.com/file/f1b2bc0831445903c0d51b390b1987597009cc0fade009e07d792e8d455f6db0/analysis/1556585640/"
},
{
"category": "Payload delivery",
"comment": "",
"deleted": false,
"disable_correlation": true,
"object_relation": "detection-ratio",
"timestamp": "1548236372",
"to_ids": false,
"type": "text",
"uuid": "3e4563f0-98ab-4d5a-9df1-9070de5e14ff",
"value": "51/72"
}
]
},
{
"comment": "",
"deleted": false,
"description": "VirusTotal report",
"meta-category": "misc",
"name": "virustotal-report",
"template_uuid": "d7dd0154-e04f-4c34-a2fb-79f3a3a52aa4",
"template_version": "2",
"timestamp": "1566552966",
"uuid": "17aca456-82a1-47f5-9b5f-dcf90c512882",
"Attribute": [
{
"category": "Other",
"comment": "",
"deleted": false,
"disable_correlation": false,
"object_relation": "last-submission",
"timestamp": "1548237076",
"to_ids": false,
"type": "datetime",
"uuid": "a5633be9-d191-4586-bfcc-f257ef119285",
"value": "2019-08-19T23:33:04"
},
{
"category": "Payload delivery",
"comment": "",
"deleted": false,
"disable_correlation": false,
"object_relation": "permalink",
"timestamp": "1548237076",
"to_ids": false,
"type": "link",
"uuid": "c4c400c7-e486-4e6d-afcb-d925083cd18c",
"value": "https://www.virustotal.com/file/4e40f80114e5bd44a762f6066a3e56ccdc0d01ab2a18397ea12e0bc5508215b8/analysis/1566257584/"
},
{
"category": "Payload delivery",
"comment": "",
"deleted": false,
"disable_correlation": true,
"object_relation": "detection-ratio",
"timestamp": "1548237076",
"to_ids": false,
"type": "text",
"uuid": "d397fd9c-03ea-4acf-bdb5-3db0dc518e8b",
"value": "42/58"
}
]
},
{
"comment": "",
"deleted": false,
"description": "VirusTotal report",
"meta-category": "misc",
"name": "virustotal-report",
"template_uuid": "d7dd0154-e04f-4c34-a2fb-79f3a3a52aa4",
"template_version": "2",
"timestamp": "1566552966",
"uuid": "7ff87175-d1e6-4b91-9371-6b3e0da19395",
"Attribute": [
{
"category": "Other",
"comment": "",
"deleted": false,
"disable_correlation": false,
"object_relation": "last-submission",
"timestamp": "1548236399",
"to_ids": false,
"type": "datetime",
"uuid": "c816cc5c-d424-4486-a978-ea0bee21b276",
"value": "2019-08-19T23:36:42"
},
{
"category": "Payload delivery",
"comment": "",
"deleted": false,
"disable_correlation": false,
"object_relation": "permalink",
"timestamp": "1548236399",
"to_ids": false,
"type": "link",
"uuid": "9d02a0a8-944e-4573-99a3-f3055339dadf",
"value": "https://www.virustotal.com/file/5cc62ad6baf572dbae925f701526310778f032bb4a54b205bada78b1eb8c479c/analysis/1566257802/"
},
{
"category": "Payload delivery",
"comment": "",
"deleted": false,
"disable_correlation": true,
"object_relation": "detection-ratio",
"timestamp": "1548236399",
"to_ids": false,
"type": "text",
"uuid": "6939b75d-20a9-4b70-9b30-e54671f34750",
"value": "51/66"
}
]
},
{
"comment": "",
"deleted": false,
"description": "VirusTotal report",
"meta-category": "misc",
"name": "virustotal-report",
"template_uuid": "d7dd0154-e04f-4c34-a2fb-79f3a3a52aa4",
"template_version": "2",
"timestamp": "1566552966",
"uuid": "9e0c7cec-9ce2-4efb-a881-9b86cc097610",
"Attribute": [
{
"category": "Other",
"comment": "",
"deleted": false,
"disable_correlation": false,
"object_relation": "last-submission",
"timestamp": "1548236351",
"to_ids": false,
"type": "datetime",
"uuid": "77f9cbd1-61e7-40c4-a680-813aa29103b5",
"value": "2019-08-22T23:42:21"
},
{
"category": "Payload delivery",
"comment": "",
"deleted": false,
"disable_correlation": false,
"object_relation": "permalink",
"timestamp": "1548236351",
"to_ids": false,
"type": "link",
"uuid": "d0d353b6-0be4-4210-877b-b037b7176a29",
"value": "https://www.virustotal.com/file/eb33a96726a34dd60b053d3d1048137dffb1bba68a1ad6f56d33f5d6efb12b97/analysis/1566517341/"
},
{
"category": "Payload delivery",
"comment": "",
"deleted": false,
"disable_correlation": true,
"object_relation": "detection-ratio",
"timestamp": "1548236351",
"to_ids": false,
"type": "text",
"uuid": "7eefc615-e3fc-40dd-b723-78f71492885b",
"value": "52/66"
}
]
},
{
"comment": "",
"deleted": false,
"description": "VirusTotal report",
"meta-category": "misc",
"name": "virustotal-report",
"template_uuid": "d7dd0154-e04f-4c34-a2fb-79f3a3a52aa4",
"template_version": "2",
"timestamp": "1566552966",
"uuid": "6a4446ed-949a-42d5-8975-db3f4994de64",
"Attribute": [
{
"category": "Other",
"comment": "",
"deleted": false,
"disable_correlation": false,
"object_relation": "last-submission",
"timestamp": "1548237023",
"to_ids": false,
"type": "datetime",
"uuid": "01e94ff0-197f-41d2-b036-84dfd9a3ecd0",
"value": "2019-08-22T23:34:02"
},
{
"category": "Payload delivery",
"comment": "",
"deleted": false,
"disable_correlation": false,
"object_relation": "permalink",
"timestamp": "1548237023",
"to_ids": false,
"type": "link",
"uuid": "68d380af-15c6-4ecb-9ded-89093bec151b",
"value": "https://www.virustotal.com/file/513813af1590bc9edeb91845b454d42bbce6a5e2d43a9b0afa7692e4e500b4c8/analysis/1566516842/"
},
{
"category": "Payload delivery",
"comment": "",
"deleted": false,
"disable_correlation": true,
"object_relation": "detection-ratio",
"timestamp": "1548237023",
"to_ids": false,
"type": "text",
"uuid": "4dec3344-b3e0-45ae-b019-caaacf098c69",
"value": "40/55"
}
]
}
]
}
}