2023-04-21 13:25:09 +00:00
|
|
|
{
|
|
|
|
"Event": {
|
|
|
|
"analysis": "2",
|
|
|
|
"date": "2019-02-01",
|
|
|
|
"extends_uuid": "",
|
|
|
|
"info": "Financial - socgen-compliance.com fake website delivering malicious documents",
|
|
|
|
"publish_timestamp": "1550562634",
|
|
|
|
"published": true,
|
|
|
|
"threat_level_id": "3",
|
|
|
|
"timestamp": "1550562629",
|
|
|
|
"uuid": "5c6baef6-fca0-446e-b0b1-ac45950d210f",
|
|
|
|
"Orgc": {
|
|
|
|
"name": "CIRCL",
|
|
|
|
"uuid": "55f6ea5e-2c60-40e5-964f-47a8950d210f"
|
|
|
|
},
|
|
|
|
"Tag": [
|
|
|
|
{
|
|
|
|
"colour": "#0088cc",
|
2023-05-19 09:05:37 +00:00
|
|
|
"local": "0",
|
|
|
|
"name": "misp-galaxy:mitre-attack-pattern=\"Uncommonly Used Port - T1065\"",
|
|
|
|
"relationship_type": ""
|
2023-04-21 13:25:09 +00:00
|
|
|
},
|
|
|
|
{
|
|
|
|
"colour": "#0088cc",
|
2023-05-19 09:05:37 +00:00
|
|
|
"local": "0",
|
|
|
|
"name": "misp-galaxy:mitre-attack-pattern=\"Process Injection - T1055\"",
|
|
|
|
"relationship_type": ""
|
2023-04-21 13:25:09 +00:00
|
|
|
},
|
|
|
|
{
|
|
|
|
"colour": "#0088cc",
|
2023-05-19 09:05:37 +00:00
|
|
|
"local": "0",
|
|
|
|
"name": "misp-galaxy:mitre-attack-pattern=\"Hooking - T1179\"",
|
|
|
|
"relationship_type": ""
|
2023-04-21 13:25:09 +00:00
|
|
|
},
|
|
|
|
{
|
|
|
|
"colour": "#0088cc",
|
2023-05-19 09:05:37 +00:00
|
|
|
"local": "0",
|
|
|
|
"name": "misp-galaxy:mitre-attack-pattern=\"Office Application Startup - T1137\"",
|
|
|
|
"relationship_type": ""
|
2023-04-21 13:25:09 +00:00
|
|
|
},
|
|
|
|
{
|
|
|
|
"colour": "#0088cc",
|
2023-05-19 09:05:37 +00:00
|
|
|
"local": "0",
|
|
|
|
"name": "misp-galaxy:mitre-attack-pattern=\"Modify Registry - T1112\"",
|
|
|
|
"relationship_type": ""
|
2023-04-21 13:25:09 +00:00
|
|
|
},
|
|
|
|
{
|
|
|
|
"colour": "#004646",
|
2023-05-19 09:05:37 +00:00
|
|
|
"local": "0",
|
|
|
|
"name": "type:OSINT",
|
|
|
|
"relationship_type": ""
|
2023-04-21 13:25:09 +00:00
|
|
|
},
|
|
|
|
{
|
|
|
|
"colour": "#0071c3",
|
2023-05-19 09:05:37 +00:00
|
|
|
"local": "0",
|
|
|
|
"name": "osint:lifetime=\"perpetual\"",
|
|
|
|
"relationship_type": ""
|
2023-04-21 13:25:09 +00:00
|
|
|
},
|
|
|
|
{
|
|
|
|
"colour": "#0087e8",
|
2023-05-19 09:05:37 +00:00
|
|
|
"local": "0",
|
|
|
|
"name": "osint:certainty=\"50\"",
|
|
|
|
"relationship_type": ""
|
2023-04-21 13:25:09 +00:00
|
|
|
},
|
|
|
|
{
|
|
|
|
"colour": "#ffffff",
|
2023-05-19 09:05:37 +00:00
|
|
|
"local": "0",
|
|
|
|
"name": "tlp:white",
|
|
|
|
"relationship_type": ""
|
2023-04-21 13:25:09 +00:00
|
|
|
},
|
|
|
|
{
|
|
|
|
"colour": "#6edb00",
|
2023-05-19 09:05:37 +00:00
|
|
|
"local": "0",
|
|
|
|
"name": "circl:topic=\"finance\"",
|
|
|
|
"relationship_type": ""
|
2023-04-21 13:25:09 +00:00
|
|
|
}
|
|
|
|
],
|
|
|
|
"Attribute": [
|
|
|
|
{
|
|
|
|
"category": "Payload delivery",
|
|
|
|
"comment": "",
|
|
|
|
"deleted": false,
|
|
|
|
"disable_correlation": false,
|
|
|
|
"timestamp": "1550561050",
|
|
|
|
"to_ids": true,
|
|
|
|
"type": "sha256",
|
|
|
|
"uuid": "5c6baf1a-0d34-43dc-bdee-acf5950d210f",
|
|
|
|
"value": "25ae00c80a4ec85cb548c891598cf76d131b168a70116a84cb62b4defa3f698c"
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"category": "Network activity",
|
|
|
|
"comment": "",
|
|
|
|
"deleted": false,
|
|
|
|
"disable_correlation": false,
|
|
|
|
"timestamp": "1550561051",
|
|
|
|
"to_ids": true,
|
|
|
|
"type": "ip-dst",
|
|
|
|
"uuid": "5c6baf1b-3680-46d3-8327-acf5950d210f",
|
|
|
|
"value": "185.10.68.204"
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"category": "Network activity",
|
|
|
|
"comment": "",
|
|
|
|
"deleted": false,
|
|
|
|
"disable_correlation": false,
|
|
|
|
"timestamp": "1550561051",
|
|
|
|
"to_ids": true,
|
|
|
|
"type": "domain",
|
|
|
|
"uuid": "5c6baf1b-cd08-40f3-b990-acf5950d210f",
|
|
|
|
"value": "socgen-compliance.com"
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"category": "Payload delivery",
|
|
|
|
"comment": "",
|
|
|
|
"deleted": false,
|
|
|
|
"disable_correlation": false,
|
|
|
|
"timestamp": "1550561051",
|
|
|
|
"to_ids": true,
|
|
|
|
"type": "sha256",
|
|
|
|
"uuid": "5c6baf1b-0a6c-49e7-8915-acf5950d210f",
|
|
|
|
"value": "b991288ecd158e84076f7cc38d4ecbcd18cccc580f1971b0dfdd7c88b78e0794"
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"category": "Network activity",
|
|
|
|
"comment": "",
|
|
|
|
"deleted": false,
|
|
|
|
"disable_correlation": false,
|
|
|
|
"timestamp": "1550561051",
|
|
|
|
"to_ids": true,
|
|
|
|
"type": "url",
|
|
|
|
"uuid": "5c6baf1b-43e8-4e4e-ae66-acf5950d210f",
|
|
|
|
"value": "https://socgen-compliance.com/documents/PO-54789.doc"
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"category": "External analysis",
|
|
|
|
"comment": "",
|
|
|
|
"data": "JVBERi0xLjQKMSAwIG9iago8PAovVGl0bGUgKP7/AEEAdQB0AG8AbQBhAHQAZQBkACAATQBhAGwAdwBhAHIAZQAgAEEAbgBhAGwAeQBzAGkAcwAgAFIAZQBwAG8AcgB0ACAAZgBvAHIAIABQAE8ALQA1ADQANwA4ADkALgBkAG8AYwAgAC0AIABHAGUAbgBlAHIAYQB0AGUAZAAgAGIAeQAgAEoAbwBlACAAUwBhAG4AZABiAG8AeCkKL0NyZWF0b3IgKP7/AHcAawBoAHQAbQBsAHQAbwBwAGQAZgAgADAALgAxADIALgAyKQovUHJvZHVjZXIgKP7/AFEAdAAgADQALgA4AC4ANikKL0NyZWF0aW9uRGF0ZSAoRDoyMDE5MDIwNDExMDkyNyswMScwMCcpCj4+CmVuZG9iagozIDAgb2JqCjw8Ci9UeXBlIC9FeHRHU3RhdGUKL1NBIHRydWUKL1NNIDAuMDIKL2NhIDEuMAovQ0EgMS4wCi9BSVMgZmFsc2UKL1NNYXNrIC9Ob25lPj4KZW5kb2JqCjQgMCBvYmoKWy9QYXR0ZXJuIC9EZXZpY2VSR0JdCmVuZG9iago2IDAgb2JqCjw8Ci9UeXBlIC9YT2JqZWN0Ci9TdWJ0eXBlIC9JbWFnZQovV2lkdGggMTA2MAovSGVpZ2h0IDI2MQovSW1hZ2VNYXNrIHRydWUKL0RlY29kZSBbMSAwXQovTGVuZ3RoIDcgMCBSCi9GaWx0ZXIgL0ZsYXRlRGVjb2RlCj4+CnN0cmVhbQp4nM2dTY7cuBWAKSiAstM2i0GYI2SZhTG8yhwhBwiGGszCu8wRfBUZXniZIwwbXngZDbyIBlGK4fshRYms7rK79FTEjKFmSeJXJN8PyUeWUtLJ+FG8zH3S/nyI1j8AhHkACKiI0yH0I0D4B4DoHgHCPAKEfwCI7hEg9CNA2AeAaPwDQFCXmM9E4C6xnMtAXWI4l6F5gMYgCzqcDNE/QI9Aw+HOhrAP0BrNI7QG9MtpmzWKQ/RFazRT/c4DU9CXl21OK680TKGpWvkuUgpo56UZmlJAe3GJBeHAiy7R9OKeRcdaAs0Y9VC9F9nDU89agvxMB5dG3KYaKpldvAtlSYuHpZ7Qsp/pMOvy/DN3T9wvI8SycsmlhvtlhPDENYpCtKwvo9sf2qMR9y86LjBBzHgpK6M9V32CuGDLyMqojp0wQvihE/dyTBTHBOE6Xxj3g5ONXzpBzL2P5kQqpeZPEJdeehzSJEGwieIX6RF6m1TCCvEhWTKh1KXvbH1Um795YUXRpdY3AIPdYbbCiqJPcvAG/8WeaYQh9E4jYFVoYW21919Qe38U1lZ2X+/QFJ+EtZXdi0EfxWOQgygUArTHLAvRlKoxyOdiRVVmW35jzeLhJCH2WR1bDzmV2ZWi2LKMykH0FaXEMiqnMmsQhmRUTmXqyhfWJKNyKtNUmr4jGZWEcOpPu7zQMy9WUm/boJPe7PJAZxpJCFCMP+4zQzW8k9TbUFQBYUhbjUIMDVR6IYuatJUkRFMIaU/ayglBtDD8LSCCeHwRhOiCXuwKTRHq53dB44EQrsgO2krQePShpH4ssi2qTDmISemhyDaoMqUsmK5DaFSZchBOmTK7RwdPyoKB/SoUJkK8k4SomA405v+Ss2BgRGPTd2sfaElvi0EMSWvbVUUGbfVZzoz6FaLNxYH0thiEalk793n9k6s7ykE4ujR5qRaNhwxEE8Swc5Ens5sG/W1BiJEvc5Ol0YK5K4/dN7WhL7L9wnm71DM1WjBBiAEvMcAo6cgeLdjGoWiPg5ij/cIJsyQeHc7gTZtbj4LoAIIutc9nZzo0ozmEORBiikbU+HxCu0Uzmns1xylx8Gm+p0ua2Xb87Vs0oxlEZTLlnhBsRGlq/TOX1eDwZ87vPMzF6YMU/iOHSC3i/a8b18pkzsVf7gvRBIiFr2KaVqaFPwhZmP1H4rm3JjWjmncQBGXjJUX9NCg33/Gdd26ZLkKk9WFWWDZeEkR7UZoFaWNt75PGZg9BJZgI0SFEN8OEpxkUKZTxzhQczdStEEMFop9grcxC4faAAWIJASWxAlVU+2FsMkJXsO5rwybDs21xt/aj3XTA6NNkEK4CYYaGJSdZ2wLFTtbtioO3/lyD2HbACNGvEFlsC79qUjbVAGh6+KAvukYFAhr1wzdBzOvfCSLcPFIAEEQ/6fC/8Xt/owJhb4Rgx6oOMTBEs9ArwzP6ArUx4vtfqgmsvW+DwAK7DQRN5uCanZlJ0fobINqvhNDPQ0ycB0WFq3tDsHeXQVxKiO5pULxAgx3BTM0tEN0rIUiDjgzRf8K7EALy9HwTBLbxLSJaQmQBTwniIxXjR7Jk/XIIhH8WQr/Fi2DEyd8FiMKUlhD6Vgjyc7s9RLOF+Cc/7VrqMZe2NGKvhshbAyt8C2G+ixA0idEeAmHqEG4LEVzSjgPD2nLeoITAmKGqAatC+Ochvv8bXfip/zqI6TaIPyuVO3cRQm0gfiSINkCwC/rzbRCOIbIoU7uUEN/T25+HePNXhpi3ELzIrZdwNQGEwQLHBDEyBBTXQwAXKJh3dYjuBYg//F1Rhc2asixBhFvCWxVMMIQR9GSfQLRCXkf63UYIjP4lCCyqCtG/AKF+2EO8jxBBY0BYjvbg/n0KV7CMBxDh4QQB73cE0V+F0CWErUIsmqravMc6h9c0MGodDUL8O1xBKT+TkbHwKhz5w6cvQZgNxJggpghBNMovZg/hGxi/MwRwQ4HvQb+PKwR8OhOErkG8SSWmtJQQYwkxMcRPWGU2QkyGIECGEwR8sBCEqUBkJW7b4xrEECGWDYTfQLig378GInawPLlrEDZCaIetVoPAf6A8tUJgec9BwI07iGkPEZfJNhBB/H8Iwvce3ulA9kL5g5/tgjrjGoStQ7idwiRX12wglgQRK8tGa/s+vMk/gSxM9qLsbEOZk5n7ywoR3v92hQjKZDf4qUIsN0CYGPf+Htr8CWRhskvwg8NDdg4QywYi/BchBr2zwE0V4nIDhKYKA4gpQYTx4gJrSbNe9AYiVNZLEO0Owt8A0XODgjgmCLdCgBWpQ6gbIYaXIeKuEA8KPEAMG4j+kkPAnK1lCH9PiBjvTxCfEsT/Qgl67i4wPnkdxHgdYoiPctB5FWLpPPgWW4hfDoBoqGPUISjy93UQ7gYIcHvNMxDjURA+h2hJRW8heoJojoC4JIjs+WAirkGQTXodxLSDaBOEzp63v12FaI6DaF6G0NvmGO8J4bkXRB+TIL6Etz0vHcdA9BmE+QKu5DN6wtwHwhMETQjAQlEcd7wEgRozDn7uDMEjsCZClLaD1DbZjjgMzNX27VZ0CxEKpseyAfFViNyKwoC4/wBWdEErGrx+gLA3+RMrhB0YArtCGFHGqQHumCtENOVz5k9oeMeH1ZTPPnpWr4Aw6yRJhGh2EIYgyLNiiEv0rLyPPuYGou7erRoT5/W1o4nDDALrw3+BjVIRAtxbl9y7CXxMhoAIhLcvQuy9bZJxgDBQA8bhFCpPnGHnmLGbfoFOxhCuRQh2dMnbxmI/eVLvtJOIXf4CYroFgpfDgnKCBtLkxX8BtxkhHHS6UDRUB7j8NO74Ogh7DULjEGTEGe1yMhWiTSKE3w1+YATW5RBL9wKE2UGMEQLrPfyJO5vXaWXrEOJphUjlo4/xRAPiNkLYFUJ/AwTOfA20s1kDBDRMA2U8BxEUaIJ44q8/J4j/1CH0DmKIENCy9P+yWWqghSAYzVmCCMX8ihAjvOsDtVskxa8/QeQQzk98rkP0VyAcTFdq2po1tLzogjn4/gHWxRLEO4QY4F1vaaYGX+J4nx8MEiasj48ViHk/ZxU3z4YHG1J3UZMsFO0QcjAD9uowhPYXjRAqThdZbubQUtgS0IIO7EhA3EFYhNgZj0uCUFw0C3G8deEzK4KvyxAwBxOkFO6Fb86rMzhhZnAwesFpCPxOxWwwQexU5rJCWCqahTjOzsy8k249k6DBF1tog9xI4sJuyMR5TEMTMvu51Qix01Ypx6X1No1hu45xXPGeVyWbzUakNK3TynHlsceVyJFw7r1Mbany9Q
|
|
|
|
"deleted": false,
|
|
|
|
"disable_correlation": false,
|
|
|
|
"timestamp": "1550561394",
|
|
|
|
"to_ids": false,
|
|
|
|
"type": "attachment",
|
|
|
|
"uuid": "5c6bb072-76bc-49df-bb81-acf5950d210f",
|
|
|
|
"value": "report-a7e5ee61098748ffb9c42e65cdad6505.pdf"
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"category": "Network activity",
|
|
|
|
"comment": "On port 49190",
|
|
|
|
"deleted": false,
|
|
|
|
"disable_correlation": false,
|
|
|
|
"timestamp": "1550561559",
|
|
|
|
"to_ids": true,
|
|
|
|
"type": "ip-dst|port",
|
|
|
|
"uuid": "5c6bb117-e894-4061-9f71-ac45950d210f",
|
|
|
|
"value": "185.10.68.204|49190"
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"category": "Network activity",
|
|
|
|
"comment": "",
|
|
|
|
"deleted": false,
|
|
|
|
"disable_correlation": false,
|
|
|
|
"timestamp": "1550561954",
|
|
|
|
"to_ids": true,
|
|
|
|
"type": "ip-dst",
|
|
|
|
"uuid": "5c6bb2a2-9284-4346-ae45-ac4a950d210f",
|
|
|
|
"value": "80.82.64.126"
|
|
|
|
}
|
|
|
|
],
|
|
|
|
"Object": [
|
|
|
|
{
|
|
|
|
"comment": "",
|
|
|
|
"deleted": false,
|
|
|
|
"description": "File object describing a file with meta-information",
|
|
|
|
"meta-category": "file",
|
|
|
|
"name": "file",
|
|
|
|
"template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215",
|
|
|
|
"template_version": "11",
|
|
|
|
"timestamp": "1550561090",
|
|
|
|
"uuid": "b81aa1ad-3fb3-4474-b131-de9ac363b46d",
|
|
|
|
"ObjectReference": [
|
|
|
|
{
|
|
|
|
"comment": "",
|
|
|
|
"object_uuid": "b81aa1ad-3fb3-4474-b131-de9ac363b46d",
|
|
|
|
"referenced_uuid": "1dd93d82-899d-47d1-b05b-74ea871bd098",
|
|
|
|
"relationship_type": "analysed-with",
|
|
|
|
"timestamp": "1550561091",
|
|
|
|
"uuid": "5c6baf43-fee8-4817-ad6a-ac4a02de0b81"
|
|
|
|
}
|
|
|
|
],
|
|
|
|
"Attribute": [
|
|
|
|
{
|
|
|
|
"category": "Payload delivery",
|
|
|
|
"comment": "",
|
|
|
|
"deleted": false,
|
|
|
|
"disable_correlation": false,
|
|
|
|
"object_relation": "md5",
|
|
|
|
"timestamp": "1550561090",
|
|
|
|
"to_ids": true,
|
|
|
|
"type": "md5",
|
|
|
|
"uuid": "57ca24b7-40a2-41ae-90a5-090ccec54f91",
|
|
|
|
"value": "a7e5ee61098748ffb9c42e65cdad6505"
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"category": "Payload delivery",
|
|
|
|
"comment": "",
|
|
|
|
"deleted": false,
|
|
|
|
"disable_correlation": false,
|
|
|
|
"object_relation": "sha1",
|
|
|
|
"timestamp": "1550561090",
|
|
|
|
"to_ids": true,
|
|
|
|
"type": "sha1",
|
|
|
|
"uuid": "5836c4ce-cc3c-434d-a19f-8435bcb9cdef",
|
|
|
|
"value": "ed6bf6587c8ff529e26e5736856ecb606e6ca636"
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"category": "Payload delivery",
|
|
|
|
"comment": "",
|
|
|
|
"deleted": false,
|
|
|
|
"disable_correlation": false,
|
|
|
|
"object_relation": "sha256",
|
|
|
|
"timestamp": "1550561090",
|
|
|
|
"to_ids": true,
|
|
|
|
"type": "sha256",
|
|
|
|
"uuid": "20c925e7-d339-4951-a635-d8fcbf2415e3",
|
|
|
|
"value": "25ae00c80a4ec85cb548c891598cf76d131b168a70116a84cb62b4defa3f698c"
|
|
|
|
}
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"comment": "",
|
|
|
|
"deleted": false,
|
|
|
|
"description": "VirusTotal report",
|
|
|
|
"meta-category": "misc",
|
|
|
|
"name": "virustotal-report",
|
|
|
|
"template_uuid": "d7dd0154-e04f-4c34-a2fb-79f3a3a52aa4",
|
|
|
|
"template_version": "2",
|
|
|
|
"timestamp": "1550561091",
|
|
|
|
"uuid": "1dd93d82-899d-47d1-b05b-74ea871bd098",
|
|
|
|
"Attribute": [
|
|
|
|
{
|
|
|
|
"category": "Other",
|
|
|
|
"comment": "",
|
|
|
|
"deleted": false,
|
|
|
|
"disable_correlation": false,
|
|
|
|
"object_relation": "last-submission",
|
|
|
|
"timestamp": "1550561091",
|
|
|
|
"to_ids": false,
|
|
|
|
"type": "datetime",
|
|
|
|
"uuid": "3e03edc4-4ccd-41fc-be8c-78f1ca25f67e",
|
|
|
|
"value": "2019-02-15T07:07:21"
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"category": "External analysis",
|
|
|
|
"comment": "",
|
|
|
|
"deleted": false,
|
|
|
|
"disable_correlation": false,
|
|
|
|
"object_relation": "permalink",
|
|
|
|
"timestamp": "1550561091",
|
|
|
|
"to_ids": false,
|
|
|
|
"type": "link",
|
|
|
|
"uuid": "a8bec84f-7082-4195-bdde-200a74be62d6",
|
|
|
|
"value": "https://www.virustotal.com/file/25ae00c80a4ec85cb548c891598cf76d131b168a70116a84cb62b4defa3f698c/analysis/1550214441/"
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"category": "Other",
|
|
|
|
"comment": "",
|
|
|
|
"deleted": false,
|
|
|
|
"disable_correlation": true,
|
|
|
|
"object_relation": "detection-ratio",
|
|
|
|
"timestamp": "1550561091",
|
|
|
|
"to_ids": false,
|
|
|
|
"type": "text",
|
|
|
|
"uuid": "2811beef-8535-4378-a294-f91c2e6bae7e",
|
|
|
|
"value": "30/58"
|
|
|
|
}
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"comment": "",
|
|
|
|
"deleted": false,
|
|
|
|
"description": "File object describing a file with meta-information",
|
|
|
|
"meta-category": "file",
|
|
|
|
"name": "file",
|
|
|
|
"template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215",
|
|
|
|
"template_version": "11",
|
|
|
|
"timestamp": "1550561091",
|
|
|
|
"uuid": "9c164e47-4a79-4799-9a25-5fe94823c10b",
|
|
|
|
"ObjectReference": [
|
|
|
|
{
|
|
|
|
"comment": "",
|
|
|
|
"object_uuid": "9c164e47-4a79-4799-9a25-5fe94823c10b",
|
|
|
|
"referenced_uuid": "a217b961-07ab-4154-8be6-1ed62ccb44d5",
|
|
|
|
"relationship_type": "analysed-with",
|
|
|
|
"timestamp": "1550561091",
|
|
|
|
"uuid": "5c6baf43-eb88-4fa0-b3bb-ac4a02de0b81"
|
|
|
|
}
|
|
|
|
],
|
|
|
|
"Attribute": [
|
|
|
|
{
|
|
|
|
"category": "Payload delivery",
|
|
|
|
"comment": "",
|
|
|
|
"deleted": false,
|
|
|
|
"disable_correlation": false,
|
|
|
|
"object_relation": "md5",
|
|
|
|
"timestamp": "1550561091",
|
|
|
|
"to_ids": true,
|
|
|
|
"type": "md5",
|
|
|
|
"uuid": "777a1197-e42b-4ab5-bc4a-07db6bba8973",
|
|
|
|
"value": "dc496a639e8856b7525e33af2756d68c"
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"category": "Payload delivery",
|
|
|
|
"comment": "",
|
|
|
|
"deleted": false,
|
|
|
|
"disable_correlation": false,
|
|
|
|
"object_relation": "sha1",
|
|
|
|
"timestamp": "1550561091",
|
|
|
|
"to_ids": true,
|
|
|
|
"type": "sha1",
|
|
|
|
"uuid": "bd03b21d-08db-4a9d-b3f4-bb694e24b71b",
|
|
|
|
"value": "7989837cbbeebe195cdea3f038b962eec9cd2e5d"
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"category": "Payload delivery",
|
|
|
|
"comment": "",
|
|
|
|
"deleted": false,
|
|
|
|
"disable_correlation": false,
|
|
|
|
"object_relation": "sha256",
|
|
|
|
"timestamp": "1550561091",
|
|
|
|
"to_ids": true,
|
|
|
|
"type": "sha256",
|
|
|
|
"uuid": "f4b31527-0c76-457e-b487-c999a0c97fec",
|
|
|
|
"value": "b991288ecd158e84076f7cc38d4ecbcd18cccc580f1971b0dfdd7c88b78e0794"
|
|
|
|
}
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"comment": "",
|
|
|
|
"deleted": false,
|
|
|
|
"description": "VirusTotal report",
|
|
|
|
"meta-category": "misc",
|
|
|
|
"name": "virustotal-report",
|
|
|
|
"template_uuid": "d7dd0154-e04f-4c34-a2fb-79f3a3a52aa4",
|
|
|
|
"template_version": "2",
|
|
|
|
"timestamp": "1550561091",
|
|
|
|
"uuid": "a217b961-07ab-4154-8be6-1ed62ccb44d5",
|
|
|
|
"Attribute": [
|
|
|
|
{
|
|
|
|
"category": "Other",
|
|
|
|
"comment": "",
|
|
|
|
"deleted": false,
|
|
|
|
"disable_correlation": false,
|
|
|
|
"object_relation": "last-submission",
|
|
|
|
"timestamp": "1550561091",
|
|
|
|
"to_ids": false,
|
|
|
|
"type": "datetime",
|
|
|
|
"uuid": "1ec68942-f455-4253-9d51-b9b677d6ca0d",
|
|
|
|
"value": "2019-02-04T09:57:14"
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"category": "External analysis",
|
|
|
|
"comment": "",
|
|
|
|
"deleted": false,
|
|
|
|
"disable_correlation": false,
|
|
|
|
"object_relation": "permalink",
|
|
|
|
"timestamp": "1550561091",
|
|
|
|
"to_ids": false,
|
|
|
|
"type": "link",
|
|
|
|
"uuid": "eefe361b-1372-478b-9538-fa7c47f9b588",
|
|
|
|
"value": "https://www.virustotal.com/file/b991288ecd158e84076f7cc38d4ecbcd18cccc580f1971b0dfdd7c88b78e0794/analysis/1549274234/"
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"category": "Other",
|
|
|
|
"comment": "",
|
|
|
|
"deleted": false,
|
|
|
|
"disable_correlation": true,
|
|
|
|
"object_relation": "detection-ratio",
|
|
|
|
"timestamp": "1550561091",
|
|
|
|
"to_ids": false,
|
|
|
|
"type": "text",
|
|
|
|
"uuid": "442339ae-a446-4768-8881-d8e42feaa3e7",
|
|
|
|
"value": "1/58"
|
|
|
|
}
|
|
|
|
]
|
|
|
|
}
|
|
|
|
]
|
|
|
|
}
|
|
|
|
}
|