2023-04-21 13:25:09 +00:00
{
"Event" : {
"analysis" : "2" ,
"date" : "2019-11-13" ,
"extends_uuid" : "" ,
"info" : "OSINT - More than a Dozen Obfuscated APT33 Botnets Used for Extreme Narrow Targeting" ,
"publish_timestamp" : "1579535914" ,
"published" : true ,
"threat_level_id" : "1" ,
"timestamp" : "1579534868" ,
"uuid" : "5de6335d-e128-4bc0-87e2-4db4950d210f" ,
"Orgc" : {
"name" : "CIRCL" ,
"uuid" : "55f6ea5e-2c60-40e5-964f-47a8950d210f"
} ,
"Tag" : [
{
"colour" : "#22681c" ,
2023-05-19 09:05:37 +00:00
"local" : "0" ,
"name" : "\tmalware_classification:malware-category=\"Botnet\"" ,
"relationship_type" : ""
2023-04-21 13:25:09 +00:00
} ,
{
"colour" : "#22681c" ,
2023-05-19 09:05:37 +00:00
"local" : "0" ,
"name" : "malware_classification:malware-category=\"Botnet\"" ,
"relationship_type" : ""
2023-04-21 13:25:09 +00:00
} ,
{
"colour" : "#0088cc" ,
2023-05-19 09:05:37 +00:00
"local" : "0" ,
"name" : "misp-galaxy:mitre-enterprise-attack-intrusion-set=\"APT33 - G0064\"" ,
"relationship_type" : ""
2023-04-21 13:25:09 +00:00
} ,
{
"colour" : "#0088cc" ,
2023-05-19 09:05:37 +00:00
"local" : "0" ,
"name" : "misp-galaxy:mitre-intrusion-set=\"APT33 - G0064\"" ,
"relationship_type" : ""
2023-04-21 13:25:09 +00:00
} ,
{
"colour" : "#0088cc" ,
2023-05-19 09:05:37 +00:00
"local" : "0" ,
"name" : "misp-galaxy:threat-actor=\"APT33\"" ,
"relationship_type" : ""
2023-04-21 13:25:09 +00:00
} ,
{
"colour" : "#0088cc" ,
2023-05-19 09:05:37 +00:00
"local" : "0" ,
"name" : "misp-galaxy:threat-actor=\"MAGNALLIUM\"" ,
"relationship_type" : ""
2023-04-21 13:25:09 +00:00
} ,
{
"colour" : "#004646" ,
2023-05-19 09:05:37 +00:00
"local" : "0" ,
"name" : "type:OSINT" ,
"relationship_type" : ""
2023-04-21 13:25:09 +00:00
} ,
{
"colour" : "#0071c3" ,
2023-05-19 09:05:37 +00:00
"local" : "0" ,
"name" : "osint:lifetime=\"perpetual\"" ,
"relationship_type" : ""
2023-04-21 13:25:09 +00:00
} ,
{
"colour" : "#0087e8" ,
2023-05-19 09:05:37 +00:00
"local" : "0" ,
"name" : "osint:certainty=\"50\"" ,
"relationship_type" : ""
2023-04-21 13:25:09 +00:00
} ,
{
"colour" : "#ffffff" ,
2023-05-19 09:05:37 +00:00
"local" : "0" ,
"name" : "tlp:white" ,
"relationship_type" : ""
2023-04-21 13:25:09 +00:00
}
] ,
"Attribute" : [
{
"category" : "External analysis" ,
"comment" : "" ,
"deleted" : false ,
"disable_correlation" : false ,
"timestamp" : "1575373999" ,
"to_ids" : false ,
"type" : "link" ,
"uuid" : "5de6382a-2234-43eb-bff9-4682950d210f" ,
"value" : "https://blog.trendmicro.com/trendlabs-security-intelligence/more-than-a-dozen-obfuscated-apt33-botnets-used-for-extreme-narrow-targeting/" ,
"Tag" : [
{
"colour" : "#004646" ,
2023-05-19 09:05:37 +00:00
"local" : "0" ,
"name" : "type:OSINT" ,
"relationship_type" : ""
2023-04-21 13:25:09 +00:00
} ,
{
"colour" : "#0071c3" ,
2023-05-19 09:05:37 +00:00
"local" : "0" ,
"name" : "osint:lifetime=\"perpetual\"" ,
"relationship_type" : ""
2023-04-21 13:25:09 +00:00
} ,
{
"colour" : "#0087e8" ,
2023-05-19 09:05:37 +00:00
"local" : "0" ,
"name" : "osint:certainty=\"50\"" ,
"relationship_type" : ""
2023-04-21 13:25:09 +00:00
} ,
{
"colour" : "#ffffff" ,
2023-05-19 09:05:37 +00:00
"local" : "0" ,
"name" : "tlp:white" ,
"relationship_type" : ""
2023-04-21 13:25:09 +00:00
} ,
{
"colour" : "#00223b" ,
2023-05-19 09:05:37 +00:00
"local" : "0" ,
"name" : "osint:source-type=\"blog-post\"" ,
"relationship_type" : ""
2023-04-21 13:25:09 +00:00
}
]
} ,
{
"category" : "External analysis" ,
"comment" : "" ,
"deleted" : false ,
"disable_correlation" : false ,
"timestamp" : "1575374016" ,
"to_ids" : false ,
"type" : "text" ,
"uuid" : "5de64234-f680-4632-8685-4637950d210f" ,
"value" : "The threat group regularly referred to as APT33 is known to target the oil and aviation industries aggressively. This threat group has been reported on consistently for years, but our recent findings show that the group has been using about a dozen live Command and Control (C&C) servers for extremely narrow targeting. The group puts up multiple layers of obfuscation to run these C&C servers in extremely targeted malware campaigns against organizations in the Middle East, the U.S., and Asia." ,
"Tag" : [
{
"colour" : "#00223b" ,
2023-05-19 09:05:37 +00:00
"local" : "0" ,
"name" : "osint:source-type=\"blog-post\"" ,
"relationship_type" : ""
2023-04-21 13:25:09 +00:00
} ,
{
"colour" : "#004646" ,
2023-05-19 09:05:37 +00:00
"local" : "0" ,
"name" : "type:OSINT" ,
"relationship_type" : ""
2023-04-21 13:25:09 +00:00
} ,
{
"colour" : "#0071c3" ,
2023-05-19 09:05:37 +00:00
"local" : "0" ,
"name" : "osint:lifetime=\"perpetual\"" ,
"relationship_type" : ""
2023-04-21 13:25:09 +00:00
} ,
{
"colour" : "#0087e8" ,
2023-05-19 09:05:37 +00:00
"local" : "0" ,
"name" : "osint:certainty=\"50\"" ,
"relationship_type" : ""
2023-04-21 13:25:09 +00:00
} ,
{
"colour" : "#ffffff" ,
2023-05-19 09:05:37 +00:00
"local" : "0" ,
"name" : "tlp:white" ,
"relationship_type" : ""
2023-04-21 13:25:09 +00:00
}
]
} ,
{
"category" : "Network activity" ,
"comment" : "APT33 C&C domains for extreme narrow targeting" ,
"deleted" : false ,
"disable_correlation" : false ,
"timestamp" : "1575383102" ,
"to_ids" : true ,
"type" : "domain" ,
"uuid" : "5de66ed7-e800-4ad9-b5b0-3e72950d210f" ,
"value" : "oorgans.com"
} ,
{
"category" : "Network activity" ,
"comment" : "APT33 C&C domains for extreme narrow targeting" ,
"deleted" : false ,
"disable_correlation" : false ,
"timestamp" : "1575383102" ,
"to_ids" : true ,
"type" : "domain" ,
"uuid" : "5de66ed7-5638-4021-91e9-3e72950d210f" ,
"value" : "suncocity.com"
} ,
{
"category" : "Network activity" ,
"comment" : "APT33 C&C domains for extreme narrow targeting" ,
"deleted" : false ,
"disable_correlation" : false ,
"timestamp" : "1575383102" ,
"to_ids" : true ,
"type" : "domain" ,
"uuid" : "5de66ed7-42b8-43e5-8e6e-3e72950d210f" ,
"value" : "zandelshop.com"
} ,
{
"category" : "Network activity" ,
"comment" : "APT33 C&C domains for extreme narrow targeting" ,
"deleted" : false ,
"disable_correlation" : false ,
"timestamp" : "1575383102" ,
"to_ids" : true ,
"type" : "domain" ,
"uuid" : "5de66ed7-3438-48ee-973c-3e72950d210f" ,
"value" : "simsoshop.com"
} ,
{
"category" : "Network activity" ,
"comment" : "APT33 C&C domains for extreme narrow targeting" ,
"deleted" : false ,
"disable_correlation" : false ,
"timestamp" : "1575383102" ,
"to_ids" : true ,
"type" : "domain" ,
"uuid" : "5de66ed7-8bec-4c8b-acb0-3e72950d210f" ,
"value" : "zeverco.com"
} ,
{
"category" : "Network activity" ,
"comment" : "APT33 C&C domains for extreme narrow targeting" ,
"deleted" : false ,
"disable_correlation" : false ,
"timestamp" : "1575383102" ,
"to_ids" : true ,
"type" : "domain" ,
"uuid" : "5de66ed7-9a94-4a54-815b-3e72950d210f" ,
"value" : "qualitweb.com"
} ,
{
"category" : "Network activity" ,
"comment" : "APT33 C&C domains for extreme narrow targeting" ,
"deleted" : false ,
"disable_correlation" : false ,
"timestamp" : "1575383102" ,
"to_ids" : true ,
"type" : "domain" ,
"uuid" : "5de66ed7-8ae8-4c2b-8222-3e72950d210f" ,
"value" : "service-explorer.com"
} ,
{
"category" : "Network activity" ,
"comment" : "APT33 C&C domains for extreme narrow targeting" ,
"deleted" : false ,
"disable_correlation" : false ,
"timestamp" : "1575383102" ,
"to_ids" : true ,
"type" : "domain" ,
"uuid" : "5de66ed7-0670-4133-b94e-3e72950d210f" ,
"value" : "service-norton.com"
} ,
{
"category" : "Network activity" ,
"comment" : "APT33 C&C domains for extreme narrow targeting" ,
"deleted" : false ,
"disable_correlation" : false ,
"timestamp" : "1575383102" ,
"to_ids" : true ,
"type" : "domain" ,
"uuid" : "5de66ed7-fd84-4e19-b86d-3e72950d210f" ,
"value" : "service-eset.com"
} ,
{
"category" : "Network activity" ,
"comment" : "APT33 C&C domains for extreme narrow targeting" ,
"deleted" : false ,
"disable_correlation" : false ,
"timestamp" : "1575383102" ,
"to_ids" : true ,
"type" : "domain" ,
"uuid" : "5de66ed7-1bcc-48fa-b76a-3e72950d210f" ,
"value" : "service-essential.com"
} ,
{
"category" : "Network activity" ,
"comment" : "APT33 C&C domains for extreme narrow targeting" ,
"deleted" : false ,
"disable_correlation" : false ,
"timestamp" : "1575383102" ,
"to_ids" : true ,
"type" : "domain" ,
"uuid" : "5de66ed7-3118-4d36-8eb9-3e72950d210f" ,
"value" : "update-symantec.com"
}
] ,
"Object" : [
{
"comment" : "" ,
"deleted" : false ,
"description" : "Email object describing an email with meta-information" ,
"first_seen" : "2016-12-31T07:00:00+00:00" ,
"meta-category" : "network" ,
"name" : "email" ,
"template_uuid" : "a0c666e0-fc65-4be8-b48f-3423d788b552" ,
"template_version" : "13" ,
"timestamp" : "1579534624" ,
"uuid" : "5de6523d-de58-472f-9156-4d3e950d210f" ,
"Attribute" : [
{
"category" : "Payload delivery" ,
"comment" : "" ,
"deleted" : false ,
"disable_correlation" : false ,
"first_seen" : "2016-12-31T07:00:00+00:00" ,
"object_relation" : "from" ,
"timestamp" : "1579534624" ,
"to_ids" : true ,
"type" : "email-src" ,
"uuid" : "5de6523d-c1b0-45d0-a3c4-479c950d210f" ,
"value" : "recruitment@alsalam.aero"
} ,
{
"category" : "Payload delivery" ,
"comment" : "" ,
"deleted" : false ,
"disable_correlation" : false ,
"first_seen" : "2016-12-31T07:00:00+00:00" ,
"object_relation" : "subject" ,
"timestamp" : "1579534624" ,
"to_ids" : false ,
"type" : "email-subject" ,
"uuid" : "5de6523d-baec-4bbb-93bb-42a0950d210f" ,
"value" : "Job Opportunity"
} ,
{
"category" : "Other" ,
"comment" : "" ,
"deleted" : false ,
"disable_correlation" : true ,
"first_seen" : "2016-12-31T07:00:00+00:00" ,
"object_relation" : "send-date" ,
"timestamp" : "1579534624" ,
"to_ids" : false ,
"type" : "datetime" ,
"uuid" : "5de6523d-ac10-4b95-992a-46ef950d210f" ,
"value" : "2016-12-31T00:00:00"
}
]
} ,
{
"comment" : "" ,
"deleted" : false ,
"description" : "Email object describing an email with meta-information" ,
"first_seen" : "2017-04-17T07:00:00+00:00" ,
"meta-category" : "network" ,
"name" : "email" ,
"template_uuid" : "a0c666e0-fc65-4be8-b48f-3423d788b552" ,
"template_version" : "13" ,
"timestamp" : "1579534756" ,
"uuid" : "5de65459-590c-4181-98d5-4efa950d210f" ,
"Attribute" : [
{
"category" : "Other" ,
"comment" : "" ,
"deleted" : false ,
"disable_correlation" : false ,
"first_seen" : "2017-04-17T07:00:00+00:00" ,
"object_relation" : "send-date" ,
"timestamp" : "1579534756" ,
"to_ids" : false ,
"type" : "datetime" ,
"uuid" : "5de65459-9274-4633-86b4-43cf950d210f" ,
"value" : "2017-04-17T00:00:00"
} ,
{
"category" : "Payload delivery" ,
"comment" : "" ,
"deleted" : false ,
"disable_correlation" : false ,
"first_seen" : "2017-04-17T07:00:00+00:00" ,
"object_relation" : "from" ,
"timestamp" : "1579534756" ,
"to_ids" : false ,
"type" : "email-src" ,
"uuid" : "5de65459-f94c-482e-b180-456c950d210f" ,
"value" : "recruitment@alsalam.aero"
} ,
{
"category" : "Payload delivery" ,
"comment" : "" ,
"deleted" : false ,
"disable_correlation" : false ,
"first_seen" : "2017-04-17T07:00:00+00:00" ,
"object_relation" : "subject" ,
"timestamp" : "1579534756" ,
"to_ids" : false ,
"type" : "email-subject" ,
"uuid" : "5de65459-fd54-479b-9d39-40d8950d210f" ,
"value" : "Vacancy Announcement"
}
]
} ,
{
"comment" : "" ,
"deleted" : false ,
"description" : "Email object describing an email with meta-information" ,
"first_seen" : "2018-09-25T07:00:00+00:00" ,
"meta-category" : "network" ,
"name" : "email" ,
"template_uuid" : "a0c666e0-fc65-4be8-b48f-3423d788b552" ,
"template_version" : "13" ,
"timestamp" : "1579534731" ,
"uuid" : "5de654b1-2f18-4646-9819-4f1b950d210f" ,
"Attribute" : [
{
"category" : "Other" ,
"comment" : "" ,
"deleted" : false ,
"disable_correlation" : false ,
"first_seen" : "2018-09-25T07:00:00+00:00" ,
"object_relation" : "send-date" ,
"timestamp" : "1579534731" ,
"to_ids" : false ,
"type" : "datetime" ,
"uuid" : "5de654b2-1880-4812-90b5-4e4b950d210f" ,
"value" : "2018-09-25T00:00:00"
} ,
{
"category" : "Payload delivery" ,
"comment" : "" ,
"deleted" : false ,
"disable_correlation" : false ,
"first_seen" : "2018-09-25T07:00:00+00:00" ,
"object_relation" : "from" ,
"timestamp" : "1579534731" ,
"to_ids" : false ,
"type" : "email-src" ,
"uuid" : "5de654b2-3690-4be9-abf9-431b950d210f" ,
"value" : "careers@aramcojobs.ga"
} ,
{
"category" : "Payload delivery" ,
"comment" : "" ,
"deleted" : false ,
"disable_correlation" : false ,
"first_seen" : "2018-09-25T07:00:00+00:00" ,
"object_relation" : "subject" ,
"timestamp" : "1579534731" ,
"to_ids" : false ,
"type" : "email-subject" ,
"uuid" : "5de654b2-8ab4-4849-a24d-4292950d210f" ,
"value" : "AramCo Jobs"
}
]
} ,
{
"comment" : "" ,
"deleted" : false ,
"description" : "Email object describing an email with meta-information" ,
"first_seen" : "2018-10-22T07:00:00+00:00" ,
"meta-category" : "network" ,
"name" : "email" ,
"template_uuid" : "a0c666e0-fc65-4be8-b48f-3423d788b552" ,
"template_version" : "13" ,
"timestamp" : "1579534710" ,
"uuid" : "5de65f8c-c9d0-4a61-99e6-4c6e950d210f" ,
"Attribute" : [
{
"category" : "Other" ,
"comment" : "" ,
"deleted" : false ,
"disable_correlation" : false ,
"first_seen" : "2018-10-22T07:00:00+00:00" ,
"object_relation" : "send-date" ,
"timestamp" : "1579534710" ,
"to_ids" : false ,
"type" : "datetime" ,
"uuid" : "5de65f8c-bdcc-4eee-8861-484a950d210f" ,
"value" : "2018-10-22T00:00:00"
} ,
{
"category" : "Payload delivery" ,
"comment" : "" ,
"deleted" : false ,
"disable_correlation" : false ,
"first_seen" : "2018-10-22T07:00:00+00:00" ,
"object_relation" : "from" ,
"timestamp" : "1579534710" ,
"to_ids" : false ,
"type" : "email-src" ,
"uuid" : "5de65f8c-46b0-4f42-9c4a-48a0950d210f" ,
"value" : "jobs@samref.ga"
} ,
{
"category" : "Payload delivery" ,
"comment" : "" ,
"deleted" : false ,
"disable_correlation" : false ,
"first_seen" : "2018-10-22T07:00:00+00:00" ,
"object_relation" : "subject" ,
"timestamp" : "1579534710" ,
"to_ids" : false ,
"type" : "email-subject" ,
"uuid" : "5de65f8c-b300-4adf-bcc9-4f69950d210f" ,
"value" : "Job Openning at SAMREF"
}
]
} ,
{
"comment" : "" ,
"deleted" : false ,
"description" : "Email object describing an email with meta-information" ,
"first_seen" : "2018-07-02T07:00:00+00:00" ,
"meta-category" : "network" ,
"name" : "email" ,
"template_uuid" : "a0c666e0-fc65-4be8-b48f-3423d788b552" ,
"template_version" : "13" ,
"timestamp" : "1579534684" ,
"uuid" : "5de66884-3dac-4677-a9a7-226f950d210f" ,
"Attribute" : [
{
"category" : "Other" ,
"comment" : "" ,
"deleted" : false ,
"disable_correlation" : false ,
"first_seen" : "2018-07-02T07:00:00+00:00" ,
"object_relation" : "send-date" ,
"timestamp" : "1579534684" ,
"to_ids" : false ,
"type" : "datetime" ,
"uuid" : "5de66884-5f60-49f4-a1cc-226f950d210f" ,
"value" : "2018-07-02T00:00:00"
} ,
{
"category" : "Payload delivery" ,
"comment" : "" ,
"deleted" : false ,
"disable_correlation" : false ,
"first_seen" : "2018-07-02T07:00:00+00:00" ,
"object_relation" : "from" ,
"timestamp" : "1579534684" ,
"to_ids" : false ,
"type" : "email-src" ,
"uuid" : "5de66884-dbc4-4977-bbf5-226f950d210f" ,
"value" : "careers@sipchem.ga"
} ,
{
"category" : "Payload delivery" ,
"comment" : "" ,
"deleted" : false ,
"disable_correlation" : false ,
"first_seen" : "2018-07-02T07:00:00+00:00" ,
"object_relation" : "subject" ,
"timestamp" : "1579534684" ,
"to_ids" : false ,
"type" : "email-subject" ,
"uuid" : "5de66884-116c-4f82-b7ae-226f950d210f" ,
"value" : "Job Opportunity SIPCHEM"
}
]
} ,
{
"comment" : "" ,
"deleted" : false ,
"description" : "Email object describing an email with meta-information" ,
"first_seen" : "2017-09-11T07:00:00+00:00" ,
"meta-category" : "network" ,
"name" : "email" ,
"template_uuid" : "a0c666e0-fc65-4be8-b48f-3423d788b552" ,
"template_version" : "13" ,
"timestamp" : "1579534648" ,
"uuid" : "5de668b6-6da0-4e21-a3ed-1e9a950d210f" ,
"Attribute" : [
{
"category" : "Other" ,
"comment" : "" ,
"deleted" : false ,
"disable_correlation" : false ,
"first_seen" : "2017-09-11T07:00:00+00:00" ,
"object_relation" : "send-date" ,
"timestamp" : "1579534648" ,
"to_ids" : false ,
"type" : "datetime" ,
"uuid" : "5de668b7-87e0-4990-a80d-1e9a950d210f" ,
"value" : "2017-09-11T00:00:00"
} ,
{
"category" : "Payload delivery" ,
"comment" : "" ,
"deleted" : false ,
"disable_correlation" : false ,
"first_seen" : "2017-09-11T07:00:00+00:00" ,
"object_relation" : "from" ,
"timestamp" : "1579534648" ,
"to_ids" : false ,
"type" : "email-src" ,
"uuid" : "5de668b7-3984-4c0d-9f8e-1e9a950d210f" ,
"value" : "jobs@ngaaksa.ga"
} ,
{
"category" : "Payload delivery" ,
"comment" : "" ,
"deleted" : false ,
"disable_correlation" : false ,
"first_seen" : "2017-09-11T07:00:00+00:00" ,
"object_relation" : "subject" ,
"timestamp" : "1579534648" ,
"to_ids" : false ,
"type" : "email-subject" ,
"uuid" : "5de668b7-a770-470e-b915-1e9a950d210f" ,
"value" : "Job Opportunity"
}
]
} ,
{
"comment" : "" ,
"deleted" : false ,
"description" : "Email object describing an email with meta-information" ,
"first_seen" : "2018-08-28T07:00:00+00:00" ,
"meta-category" : "network" ,
"name" : "email" ,
"template_uuid" : "a0c666e0-fc65-4be8-b48f-3423d788b552" ,
"template_version" : "13" ,
"timestamp" : "1579534605" ,
"uuid" : "5de66aa6-89f8-4ef4-9464-4ae2950d210f" ,
"Attribute" : [
{
"category" : "Other" ,
"comment" : "" ,
"deleted" : false ,
"disable_correlation" : false ,
"first_seen" : "2018-08-28T07:00:00+00:00" ,
"object_relation" : "send-date" ,
"timestamp" : "1579534605" ,
"to_ids" : false ,
"type" : "datetime" ,
"uuid" : "5de66aa7-1db8-48d6-bb65-4ae2950d210f" ,
"value" : "2018-08-28T00:00:00"
} ,
{
"category" : "Payload delivery" ,
"comment" : "" ,
"deleted" : false ,
"disable_correlation" : false ,
"first_seen" : "2018-08-28T07:00:00+00:00" ,
"object_relation" : "subject" ,
"timestamp" : "1579534605" ,
"to_ids" : false ,
"type" : "email-subject" ,
"uuid" : "5de66aa7-f008-4f1e-b244-4ae2950d210f" ,
"value" : "Latest Vacancy"
} ,
{
"category" : "Payload delivery" ,
"comment" : "" ,
"deleted" : false ,
"disable_correlation" : false ,
"first_seen" : "2018-08-28T07:00:00+00:00" ,
"object_relation" : "from" ,
"timestamp" : "1579534605" ,
"to_ids" : false ,
"type" : "email-src" ,
"uuid" : "5de66aa7-f6e4-45b1-8346-4ae2950d210f" ,
"value" : "careers@aramcojobs.ga"
}
]
} ,
{
"comment" : "" ,
"deleted" : false ,
"description" : "Email object describing an email with meta-information" ,
"first_seen" : "2018-08-26T07:00:00+00:00" ,
"meta-category" : "network" ,
"name" : "email" ,
"template_uuid" : "a0c666e0-fc65-4be8-b48f-3423d788b552" ,
"template_version" : "13" ,
"timestamp" : "1579534568" ,
"uuid" : "5de66b15-8000-4f4f-82f4-3e63950d210f" ,
"Attribute" : [
{
"category" : "Payload delivery" ,
"comment" : "" ,
"deleted" : false ,
"disable_correlation" : false ,
"first_seen" : "2018-08-26T07:00:00+00:00" ,
"object_relation" : "from" ,
"timestamp" : "1579534568" ,
"to_ids" : true ,
"type" : "email-src" ,
"uuid" : "5de66b15-b3bc-4c79-8ae8-3e63950d210f" ,
"value" : "careers@aramcojobs.ga"
} ,
{
"category" : "Payload delivery" ,
"comment" : "" ,
"deleted" : false ,
"disable_correlation" : false ,
"first_seen" : "2018-08-26T07:00:00+00:00" ,
"object_relation" : "subject" ,
"timestamp" : "1579534568" ,
"to_ids" : false ,
"type" : "email-subject" ,
"uuid" : "5de66b15-ea74-4305-90d4-3e63950d210f" ,
"value" : "Latest Vacancy"
} ,
{
"category" : "Other" ,
"comment" : "" ,
"deleted" : false ,
"disable_correlation" : true ,
"first_seen" : "2018-08-26T07:00:00+00:00" ,
"object_relation" : "send-date" ,
"timestamp" : "1579534568" ,
"to_ids" : false ,
"type" : "datetime" ,
"uuid" : "5de66b15-f804-48c8-9d8c-3e63950d210f" ,
"value" : "2018-08-26T00:00:00"
}
]
} ,
{
"comment" : "" ,
"deleted" : false ,
"description" : "Email object describing an email with meta-information" ,
"first_seen" : "2017-07-17T07:00:00+00:00" ,
"meta-category" : "network" ,
"name" : "email" ,
"template_uuid" : "a0c666e0-fc65-4be8-b48f-3423d788b552" ,
"template_version" : "13" ,
"timestamp" : "1579534281" ,
"uuid" : "5de66b98-18b4-4a53-924a-1179950d210f" ,
"Attribute" : [
{
"category" : "Other" ,
"comment" : "" ,
"deleted" : false ,
"disable_correlation" : false ,
"first_seen" : "2017-07-17T07:00:00+00:00" ,
"object_relation" : "send-date" ,
"timestamp" : "1579534281" ,
"to_ids" : false ,
"type" : "datetime" ,
"uuid" : "5de66b98-fdcc-460e-bf3c-1179950d210f" ,
"value" : "2017-07-17T00:00:00"
} ,
{
"category" : "Payload delivery" ,
"comment" : "" ,
"deleted" : false ,
"disable_correlation" : false ,
"first_seen" : "2017-07-17T07:00:00+00:00" ,
"object_relation" : "from" ,
"timestamp" : "1579534281" ,
"to_ids" : false ,
"type" : "email-src" ,
"uuid" : "5de66b98-b8f0-4c32-bde2-1179950d210f" ,
"value" : "careers@ngaaksa.com"
} ,
{
"category" : "Payload delivery" ,
"comment" : "" ,
"deleted" : false ,
"disable_correlation" : false ,
"first_seen" : "2017-07-17T07:00:00+00:00" ,
"object_relation" : "subject" ,
"timestamp" : "1579534281" ,
"to_ids" : false ,
"type" : "email-subject" ,
"uuid" : "5de66b98-ca74-4bb7-8a24-1179950d210f" ,
"value" : "Job Openning"
}
]
} ,
{
"comment" : "" ,
"deleted" : false ,
"description" : "Email object describing an email with meta-information" ,
"first_seen" : "2017-11-20T07:00:00+00:00" ,
"meta-category" : "network" ,
"name" : "email" ,
"template_uuid" : "a0c666e0-fc65-4be8-b48f-3423d788b552" ,
"template_version" : "13" ,
"timestamp" : "1579534253" ,
"uuid" : "5de66bc8-ea38-4b6f-866b-3e74950d210f" ,
"Attribute" : [
{
"category" : "Payload delivery" ,
"comment" : "" ,
"deleted" : false ,
"disable_correlation" : false ,
"first_seen" : "2017-11-20T07:00:00+00:00" ,
"object_relation" : "from" ,
"timestamp" : "1579534253" ,
"to_ids" : true ,
"type" : "email-src" ,
"uuid" : "5de66bc8-a578-4058-a898-3e74950d210f" ,
"value" : "jobs@dyn-intl.ga"
} ,
{
"category" : "Payload delivery" ,
"comment" : "" ,
"deleted" : false ,
"disable_correlation" : false ,
"first_seen" : "2017-11-20T07:00:00+00:00" ,
"object_relation" : "subject" ,
"timestamp" : "1579534253" ,
"to_ids" : false ,
"type" : "email-subject" ,
"uuid" : "5de66bca-46b8-47be-a5af-3e74950d210f" ,
"value" : "Job Openning"
} ,
{
"category" : "Other" ,
"comment" : "" ,
"deleted" : false ,
"disable_correlation" : true ,
"first_seen" : "2017-11-20T07:00:00+00:00" ,
"object_relation" : "send-date" ,
"timestamp" : "1579534253" ,
"to_ids" : false ,
"type" : "datetime" ,
"uuid" : "5de66bca-32c8-4aca-9acc-3e74950d210f" ,
"value" : "2017-11-20T00:00:00"
}
]
} ,
{
"comment" : "" ,
"deleted" : false ,
"description" : "Email object describing an email with meta-information" ,
"first_seen" : "2017-11-28T07:00:00+00:00" ,
"meta-category" : "network" ,
"name" : "email" ,
"template_uuid" : "a0c666e0-fc65-4be8-b48f-3423d788b552" ,
"template_version" : "13" ,
"timestamp" : "1579534220" ,
"uuid" : "5de66be7-3a30-4ec6-b560-3e72950d210f" ,
"Attribute" : [
{
"category" : "Payload delivery" ,
"comment" : "" ,
"deleted" : false ,
"disable_correlation" : false ,
"first_seen" : "2017-11-28T07:00:00+00:00" ,
"object_relation" : "subject" ,
"timestamp" : "1579534220" ,
"to_ids" : false ,
"type" : "email-subject" ,
"uuid" : "5de66be8-b4ec-49d5-ab22-3e72950d210f" ,
"value" : "Job Openning"
} ,
{
"category" : "Other" ,
"comment" : "" ,
"deleted" : false ,
"disable_correlation" : true ,
"first_seen" : "2017-11-28T07:00:00+00:00" ,
"object_relation" : "send-date" ,
"timestamp" : "1579534220" ,
"to_ids" : false ,
"type" : "datetime" ,
"uuid" : "5de66be8-a318-434b-8445-3e72950d210f" ,
"value" : "2017-11-28T00:00:00"
}
]
} ,
{
"comment" : "" ,
"deleted" : false ,
"description" : "Email object describing an email with meta-information" ,
"first_seen" : "2018-03-05T00:00:00+00:00" ,
"meta-category" : "network" ,
"name" : "email" ,
"template_uuid" : "a0c666e0-fc65-4be8-b48f-3423d788b552" ,
"template_version" : "13" ,
"timestamp" : "1579534800" ,
"uuid" : "5de66e18-37bc-4d03-80a3-0458950d210f" ,
"Attribute" : [
{
"category" : "Payload delivery" ,
"comment" : "" ,
"deleted" : false ,
"disable_correlation" : false ,
"first_seen" : "2018-03-05T00:00:00+00:00" ,
"object_relation" : "from" ,
"timestamp" : "1579534800" ,
"to_ids" : true ,
"type" : "email-src" ,
"uuid" : "5de66e18-2360-42df-a37c-0458950d210f" ,
"value" : "jobs@mail.dyn-corp.ga"
} ,
{
"category" : "Payload delivery" ,
"comment" : "" ,
"deleted" : false ,
"disable_correlation" : false ,
"first_seen" : "2018-03-05T00:00:00+00:00" ,
"object_relation" : "subject" ,
"timestamp" : "1579534800" ,
"to_ids" : false ,
"type" : "email-subject" ,
"uuid" : "5de66e19-89a4-4df5-8dcb-0458950d210f" ,
"value" : "Job Openning"
} ,
{
"category" : "Other" ,
"comment" : "" ,
"deleted" : false ,
"disable_correlation" : true ,
"first_seen" : "2018-03-05T00:00:00+00:00" ,
"object_relation" : "send-date" ,
"timestamp" : "1579534800" ,
"to_ids" : false ,
"type" : "datetime" ,
"uuid" : "5de66e19-4330-4f09-9fc2-0458950d210f" ,
"value" : "2018-03-05T00:00:00"
}
]
} ,
{
"comment" : "" ,
"deleted" : false ,
"description" : "Email object describing an email with meta-information" ,
"first_seen" : "2018-07-30T00:00:00+00:00" ,
"meta-category" : "network" ,
"name" : "email" ,
"template_uuid" : "a0c666e0-fc65-4be8-b48f-3423d788b552" ,
"template_version" : "13" ,
"timestamp" : "1579534832" ,
"uuid" : "5de66e3e-1334-4add-95d9-1bc6950d210f" ,
"Attribute" : [
{
"category" : "Payload delivery" ,
"comment" : "" ,
"deleted" : false ,
"disable_correlation" : false ,
"first_seen" : "2018-07-30T00:00:00+00:00" ,
"object_relation" : "from" ,
"timestamp" : "1579534832" ,
"to_ids" : true ,
"type" : "email-src" ,
"uuid" : "5de66e3e-2e7c-419a-81fa-1bc6950d210f" ,
"value" : "jobs@sipchem.ga"
} ,
{
"category" : "Payload delivery" ,
"comment" : "" ,
"deleted" : false ,
"disable_correlation" : false ,
"first_seen" : "2018-07-30T00:00:00+00:00" ,
"object_relation" : "subject" ,
"timestamp" : "1579534832" ,
"to_ids" : false ,
"type" : "email-subject" ,
"uuid" : "5de66e3e-7af8-4336-99fc-1bc6950d210f" ,
"value" : "Job Openning"
} ,
{
"category" : "Other" ,
"comment" : "" ,
"deleted" : false ,
"disable_correlation" : true ,
"first_seen" : "2018-07-30T00:00:00+00:00" ,
"object_relation" : "send-date" ,
"timestamp" : "1579534832" ,
"to_ids" : false ,
"type" : "datetime" ,
"uuid" : "5de66e3e-9ad0-4c00-bbd0-1bc6950d210f" ,
"value" : "2018-07-30T00:00:00"
}
]
} ,
{
"comment" : "" ,
"deleted" : false ,
"description" : "Email object describing an email with meta-information" ,
"first_seen" : "2018-08-14T00:00:00+00:00" ,
"meta-category" : "network" ,
"name" : "email" ,
"template_uuid" : "a0c666e0-fc65-4be8-b48f-3423d788b552" ,
"template_version" : "13" ,
"timestamp" : "1579534867" ,
"uuid" : "5de66e5d-2724-41ec-8491-7ac9950d210f" ,
"Attribute" : [
{
"category" : "Payload delivery" ,
"comment" : "" ,
"deleted" : false ,
"disable_correlation" : false ,
"first_seen" : "2018-08-14T00:00:00+00:00" ,
"object_relation" : "from" ,
"timestamp" : "1579534867" ,
"to_ids" : true ,
"type" : "email-src" ,
"uuid" : "5de66e5d-9a98-4c87-b1d4-7ac9950d210f" ,
"value" : "jobs@sipchem.ga"
} ,
{
"category" : "Payload delivery" ,
"comment" : "" ,
"deleted" : false ,
"disable_correlation" : false ,
"first_seen" : "2018-08-14T00:00:00+00:00" ,
"object_relation" : "subject" ,
"timestamp" : "1579534867" ,
"to_ids" : false ,
"type" : "email-subject" ,
"uuid" : "5de66e5d-e128-4c20-bcf2-7ac9950d210f" ,
"value" : "Job Openning"
} ,
{
"category" : "Other" ,
"comment" : "" ,
"deleted" : false ,
"disable_correlation" : true ,
"first_seen" : "2018-08-14T00:00:00+00:00" ,
"object_relation" : "send-date" ,
"timestamp" : "1579534867" ,
"to_ids" : false ,
"type" : "datetime" ,
"uuid" : "5de66e5d-2c70-4b88-98ec-7ac9950d210f" ,
"value" : "2018-08-14T00:00:00"
}
]
} ,
{
"comment" : "" ,
"deleted" : false ,
"description" : "An IP address (or domain or hostname) and a port seen as a tuple (or as a triple) in a specific time frame." ,
"meta-category" : "network" ,
"name" : "ip-port" ,
"template_uuid" : "9f8cea74-16fe-4968-a2b4-026676949ac6" ,
"template_version" : "7" ,
"timestamp" : "1575384026" ,
"uuid" : "c69e95e9-9f4a-47bd-9cca-df70112bf4ba" ,
"Attribute" : [
{
"category" : "Network activity" ,
"comment" : "" ,
"deleted" : false ,
"disable_correlation" : false ,
"object_relation" : "ip" ,
"timestamp" : "1575384026" ,
"to_ids" : true ,
"type" : "ip-dst" ,
"uuid" : "b089e2e8-accd-43cb-91ac-c2681f0c065d" ,
"value" : "5.135.120.57"
} ,
{
"category" : "Other" ,
"comment" : "" ,
"deleted" : false ,
"disable_correlation" : true ,
"object_relation" : "first-seen" ,
"timestamp" : "1575384026" ,
"to_ids" : false ,
"type" : "datetime" ,
"uuid" : "dc0fcf25-1d48-44ce-b46e-493ce19094da" ,
"value" : "2018-12-04T00:00:00"
} ,
{
"category" : "Other" ,
"comment" : "" ,
"deleted" : false ,
"disable_correlation" : true ,
"object_relation" : "last-seen" ,
"timestamp" : "1575384026" ,
"to_ids" : false ,
"type" : "datetime" ,
"uuid" : "6cd20d4b-5c77-4c2b-b744-0145554c0ea5" ,
"value" : "2019-01-24T00:00:00"
}
]
} ,
{
"comment" : "" ,
"deleted" : false ,
"description" : "An IP address (or domain or hostname) and a port seen as a tuple (or as a triple) in a specific time frame." ,
"meta-category" : "network" ,
"name" : "ip-port" ,
"template_uuid" : "9f8cea74-16fe-4968-a2b4-026676949ac6" ,
"template_version" : "7" ,
"timestamp" : "1575384027" ,
"uuid" : "14ce7404-1d9e-489b-91c1-62bd49ac088a" ,
"Attribute" : [
{
"category" : "Network activity" ,
"comment" : "" ,
"deleted" : false ,
"disable_correlation" : false ,
"object_relation" : "ip" ,
"timestamp" : "1575384027" ,
"to_ids" : true ,
"type" : "ip-dst" ,
"uuid" : "8034e87b-78c7-4d75-8d4a-1e170196dd82" ,
"value" : "5.135.199.25"
} ,
{
"category" : "Other" ,
"comment" : "" ,
"deleted" : false ,
"disable_correlation" : true ,
"object_relation" : "first-seen" ,
"timestamp" : "1575384027" ,
"to_ids" : false ,
"type" : "datetime" ,
"uuid" : "145ee2c3-1102-417f-823a-1962a5a5152a" ,
"value" : "2019-03-03T00:00:00"
} ,
{
"category" : "Other" ,
"comment" : "" ,
"deleted" : false ,
"disable_correlation" : true ,
"object_relation" : "last-seen" ,
"timestamp" : "1575384027" ,
"to_ids" : false ,
"type" : "datetime" ,
"uuid" : "532fe8ca-8814-4860-81a9-2c0dc0861591" ,
"value" : "2019-03-03T00:00:00"
}
]
} ,
{
"comment" : "" ,
"deleted" : false ,
"description" : "An IP address (or domain or hostname) and a port seen as a tuple (or as a triple) in a specific time frame." ,
"meta-category" : "network" ,
"name" : "ip-port" ,
"template_uuid" : "9f8cea74-16fe-4968-a2b4-026676949ac6" ,
"template_version" : "7" ,
"timestamp" : "1575384027" ,
"uuid" : "33757eab-39f8-4dd3-bdc3-abe31bdb329e" ,
"Attribute" : [
{
"category" : "Network activity" ,
"comment" : "" ,
"deleted" : false ,
"disable_correlation" : false ,
"object_relation" : "ip" ,
"timestamp" : "1575384027" ,
"to_ids" : true ,
"type" : "ip-dst" ,
"uuid" : "ef19bdbb-8e5b-43f1-b261-5d82537fb2eb" ,
"value" : "31.7.62.48"
} ,
{
"category" : "Other" ,
"comment" : "" ,
"deleted" : false ,
"disable_correlation" : true ,
"object_relation" : "first-seen" ,
"timestamp" : "1575384027" ,
"to_ids" : false ,
"type" : "datetime" ,
"uuid" : "75e4a9e9-0970-472b-8a8c-900bc4138c13" ,
"value" : "2018-09-26T00:00:00"
} ,
{
"category" : "Other" ,
"comment" : "" ,
"deleted" : false ,
"disable_correlation" : true ,
"object_relation" : "last-seen" ,
"timestamp" : "1575384027" ,
"to_ids" : false ,
"type" : "datetime" ,
"uuid" : "4c67ac8c-ce0f-4f41-9da0-053abf269cca" ,
"value" : "2018-09-29T00:00:00"
}
]
} ,
{
"comment" : "" ,
"deleted" : false ,
"description" : "An IP address (or domain or hostname) and a port seen as a tuple (or as a triple) in a specific time frame." ,
"meta-category" : "network" ,
"name" : "ip-port" ,
"template_uuid" : "9f8cea74-16fe-4968-a2b4-026676949ac6" ,
"template_version" : "7" ,
"timestamp" : "1575384028" ,
"uuid" : "dbf15608-73c3-4fdd-abec-cbd4abf42b9b" ,
"Attribute" : [
{
"category" : "Network activity" ,
"comment" : "" ,
"deleted" : false ,
"disable_correlation" : false ,
"object_relation" : "ip" ,
"timestamp" : "1575384028" ,
"to_ids" : true ,
"type" : "ip-dst" ,
"uuid" : "4026c957-9ca6-4a39-91cf-fcb3db0e6cab" ,
"value" : "51.77.11.46"
} ,
{
"category" : "Other" ,
"comment" : "" ,
"deleted" : false ,
"disable_correlation" : true ,
"object_relation" : "first-seen" ,
"timestamp" : "1575384028" ,
"to_ids" : false ,
"type" : "datetime" ,
"uuid" : "9e0f64d9-188e-4ccc-b3b9-80ad46a8e71a" ,
"value" : "2019-07-01T00:00:00"
} ,
{
"category" : "Other" ,
"comment" : "" ,
"deleted" : false ,
"disable_correlation" : true ,
"object_relation" : "last-seen" ,
"timestamp" : "1575384028" ,
"to_ids" : false ,
"type" : "datetime" ,
"uuid" : "1ce08a70-8433-4b17-9fb8-2adf50544de3" ,
"value" : "2019-07-02T00:00:00"
}
]
} ,
{
"comment" : "" ,
"deleted" : false ,
"description" : "An IP address (or domain or hostname) and a port seen as a tuple (or as a triple) in a specific time frame." ,
"meta-category" : "network" ,
"name" : "ip-port" ,
"template_uuid" : "9f8cea74-16fe-4968-a2b4-026676949ac6" ,
"template_version" : "7" ,
"timestamp" : "1575384028" ,
"uuid" : "825ee3e8-ec27-47b1-93fd-800aac6cb009" ,
"Attribute" : [
{
"category" : "Network activity" ,
"comment" : "" ,
"deleted" : false ,
"disable_correlation" : false ,
"object_relation" : "ip" ,
"timestamp" : "1575384029" ,
"to_ids" : true ,
"type" : "ip-dst" ,
"uuid" : "29ad40f6-9ad2-4a27-8feb-bba192e9ac66" ,
"value" : "54.36.73.108"
} ,
{
"category" : "Other" ,
"comment" : "" ,
"deleted" : false ,
"disable_correlation" : true ,
"object_relation" : "first-seen" ,
"timestamp" : "1575384029" ,
"to_ids" : false ,
"type" : "datetime" ,
"uuid" : "a444322f-b1a2-4d6a-a916-766c88093df7" ,
"value" : "2019-07-22T00:00:00"
} ,
{
"category" : "Other" ,
"comment" : "" ,
"deleted" : false ,
"disable_correlation" : true ,
"object_relation" : "last-seen" ,
"timestamp" : "1575384029" ,
"to_ids" : false ,
"type" : "datetime" ,
"uuid" : "d408a77b-d5a5-4d19-ba5c-b12f50f8b82a" ,
"value" : "2019-10-05T00:00:00"
}
]
} ,
{
"comment" : "" ,
"deleted" : false ,
"description" : "An IP address (or domain or hostname) and a port seen as a tuple (or as a triple) in a specific time frame." ,
"meta-category" : "network" ,
"name" : "ip-port" ,
"template_uuid" : "9f8cea74-16fe-4968-a2b4-026676949ac6" ,
"template_version" : "7" ,
"timestamp" : "1575384029" ,
"uuid" : "286489c4-fc1a-4722-a1d2-0a2cef367629" ,
"Attribute" : [
{
"category" : "Network activity" ,
"comment" : "" ,
"deleted" : false ,
"disable_correlation" : false ,
"object_relation" : "ip" ,
"timestamp" : "1575384029" ,
"to_ids" : true ,
"type" : "ip-dst" ,
"uuid" : "0db0cea5-9f4b-42f0-9ea0-d7947a2d5380" ,
"value" : "54.37.48.172"
} ,
{
"category" : "Other" ,
"comment" : "" ,
"deleted" : false ,
"disable_correlation" : true ,
"object_relation" : "first-seen" ,
"timestamp" : "1575384029" ,
"to_ids" : false ,
"type" : "datetime" ,
"uuid" : "9e3b96a1-c562-478c-b2f7-5c8343c27f16" ,
"value" : "2019-10-22T00:00:00"
} ,
{
"category" : "Other" ,
"comment" : "" ,
"deleted" : false ,
"disable_correlation" : true ,
"object_relation" : "last-seen" ,
"timestamp" : "1575384029" ,
"to_ids" : false ,
"type" : "datetime" ,
"uuid" : "5ee5910f-8fc8-4bb7-b619-8e80917a62a9" ,
"value" : "2019-11-05T00:00:00"
}
]
} ,
{
"comment" : "" ,
"deleted" : false ,
"description" : "An IP address (or domain or hostname) and a port seen as a tuple (or as a triple) in a specific time frame." ,
"meta-category" : "network" ,
"name" : "ip-port" ,
"template_uuid" : "9f8cea74-16fe-4968-a2b4-026676949ac6" ,
"template_version" : "7" ,
"timestamp" : "1575384029" ,
"uuid" : "0bdc7720-3ac3-40ae-bcc3-d6db34735dbd" ,
"Attribute" : [
{
"category" : "Network activity" ,
"comment" : "" ,
"deleted" : false ,
"disable_correlation" : false ,
"object_relation" : "ip" ,
"timestamp" : "1575384030" ,
"to_ids" : true ,
"type" : "ip-dst" ,
"uuid" : "722829f8-0af4-47a8-a2f6-3b83b9d263bc" ,
"value" : "54.38.124.150"
} ,
{
"category" : "Other" ,
"comment" : "" ,
"deleted" : false ,
"disable_correlation" : true ,
"object_relation" : "first-seen" ,
"timestamp" : "1575384030" ,
"to_ids" : false ,
"type" : "datetime" ,
"uuid" : "52227600-1a1c-445c-843a-7831eaebd476" ,
"value" : "2018-10-28T00:00:00"
} ,
{
"category" : "Other" ,
"comment" : "" ,
"deleted" : false ,
"disable_correlation" : true ,
"object_relation" : "last-seen" ,
"timestamp" : "1575384030" ,
"to_ids" : false ,
"type" : "datetime" ,
"uuid" : "f98a307b-3c09-4c0b-953a-1daef0fdbe2a" ,
"value" : "2018-11-17T00:00:00"
}
]
} ,
{
"comment" : "" ,
"deleted" : false ,
"description" : "An IP address (or domain or hostname) and a port seen as a tuple (or as a triple) in a specific time frame." ,
"meta-category" : "network" ,
"name" : "ip-port" ,
"template_uuid" : "9f8cea74-16fe-4968-a2b4-026676949ac6" ,
"template_version" : "7" ,
"timestamp" : "1575384030" ,
"uuid" : "c2fc02ff-1e36-4f10-8b9f-684ebdc9854b" ,
"Attribute" : [
{
"category" : "Network activity" ,
"comment" : "" ,
"deleted" : false ,
"disable_correlation" : false ,
"object_relation" : "ip" ,
"timestamp" : "1575384030" ,
"to_ids" : true ,
"type" : "ip-dst" ,
"uuid" : "7e2bb4d3-cca0-4377-b24a-d6f9438df0de" ,
"value" : "88.150.221.107"
} ,
{
"category" : "Other" ,
"comment" : "" ,
"deleted" : false ,
"disable_correlation" : true ,
"object_relation" : "first-seen" ,
"timestamp" : "1575384031" ,
"to_ids" : false ,
"type" : "datetime" ,
"uuid" : "d4f0be23-ce0f-4cce-9402-a869307ed373" ,
"value" : "2019-09-26T00:00:00"
} ,
{
"category" : "Other" ,
"comment" : "" ,
"deleted" : false ,
"disable_correlation" : true ,
"object_relation" : "last-seen" ,
"timestamp" : "1575384031" ,
"to_ids" : false ,
"type" : "datetime" ,
"uuid" : "f9107db9-e0f9-45d8-a694-55d0c68f56ab" ,
"value" : "2019-11-07T00:00:00"
}
]
} ,
{
"comment" : "" ,
"deleted" : false ,
"description" : "An IP address (or domain or hostname) and a port seen as a tuple (or as a triple) in a specific time frame." ,
"meta-category" : "network" ,
"name" : "ip-port" ,
"template_uuid" : "9f8cea74-16fe-4968-a2b4-026676949ac6" ,
"template_version" : "7" ,
"timestamp" : "1575384031" ,
"uuid" : "043a1485-d6a4-45dc-b086-c3ff04371713" ,
"Attribute" : [
{
"category" : "Network activity" ,
"comment" : "" ,
"deleted" : false ,
"disable_correlation" : false ,
"object_relation" : "ip" ,
"timestamp" : "1575384031" ,
"to_ids" : true ,
"type" : "ip-dst" ,
"uuid" : "6b16c646-75fd-466f-83c3-876231fafb41" ,
"value" : "91.134.203.59"
} ,
{
"category" : "Other" ,
"comment" : "" ,
"deleted" : false ,
"disable_correlation" : true ,
"object_relation" : "first-seen" ,
"timestamp" : "1575384031" ,
"to_ids" : false ,
"type" : "datetime" ,
"uuid" : "176650f2-b2e6-4bbe-8f33-911942b7f90a" ,
"value" : "2018-09-26T00:00:00"
} ,
{
"category" : "Other" ,
"comment" : "" ,
"deleted" : false ,
"disable_correlation" : true ,
"object_relation" : "last-seen" ,
"timestamp" : "1575384031" ,
"to_ids" : false ,
"type" : "datetime" ,
"uuid" : "3c2e8593-e233-4b69-b627-2d1758b585c7" ,
"value" : "2018-12-04T00:00:00"
}
]
} ,
{
"comment" : "" ,
"deleted" : false ,
"description" : "An IP address (or domain or hostname) and a port seen as a tuple (or as a triple) in a specific time frame." ,
"meta-category" : "network" ,
"name" : "ip-port" ,
"template_uuid" : "9f8cea74-16fe-4968-a2b4-026676949ac6" ,
"template_version" : "7" ,
"timestamp" : "1575384032" ,
"uuid" : "fbd5daea-0454-4809-9ce2-9b1bf3898953" ,
"Attribute" : [
{
"category" : "Network activity" ,
"comment" : "" ,
"deleted" : false ,
"disable_correlation" : false ,
"object_relation" : "ip" ,
"timestamp" : "1575384032" ,
"to_ids" : true ,
"type" : "ip-dst" ,
"uuid" : "b7d28cec-ff12-4ef5-87e4-bb8f1727cce8" ,
"value" : "109.169.89.103"
} ,
{
"category" : "Other" ,
"comment" : "" ,
"deleted" : false ,
"disable_correlation" : true ,
"object_relation" : "first-seen" ,
"timestamp" : "1575384032" ,
"to_ids" : false ,
"type" : "datetime" ,
"uuid" : "017c3aa7-d28e-4128-852c-901131eceb85" ,
"value" : "2018-12-02T00:00:00"
} ,
{
"category" : "Other" ,
"comment" : "" ,
"deleted" : false ,
"disable_correlation" : true ,
"object_relation" : "last-seen" ,
"timestamp" : "1575384032" ,
"to_ids" : false ,
"type" : "datetime" ,
"uuid" : "9fc4bb22-fd6e-4100-a66b-a87002f9cba8" ,
"value" : "2018-12-14T00:00:00"
}
]
} ,
{
"comment" : "" ,
"deleted" : false ,
"description" : "An IP address (or domain or hostname) and a port seen as a tuple (or as a triple) in a specific time frame." ,
"meta-category" : "network" ,
"name" : "ip-port" ,
"template_uuid" : "9f8cea74-16fe-4968-a2b4-026676949ac6" ,
"template_version" : "7" ,
"timestamp" : "1575384032" ,
"uuid" : "54702d2c-5a8a-4a1f-8ab0-793464fc828f" ,
"Attribute" : [
{
"category" : "Network activity" ,
"comment" : "" ,
"deleted" : false ,
"disable_correlation" : false ,
"object_relation" : "ip" ,
"timestamp" : "1575384032" ,
"to_ids" : true ,
"type" : "ip-dst" ,
"uuid" : "efa7bf03-6950-4785-925c-c6f5bcbe67fc" ,
"value" : "109.200.24.114"
} ,
{
"category" : "Other" ,
"comment" : "" ,
"deleted" : false ,
"disable_correlation" : true ,
"object_relation" : "first-seen" ,
"timestamp" : "1575384032" ,
"to_ids" : false ,
"type" : "datetime" ,
"uuid" : "6e1d89cc-73a2-41ff-90ad-a03d9019ec24" ,
"value" : "2018-11-19T00:00:00"
} ,
{
"category" : "Other" ,
"comment" : "" ,
"deleted" : false ,
"disable_correlation" : true ,
"object_relation" : "last-seen" ,
"timestamp" : "1575384032" ,
"to_ids" : false ,
"type" : "datetime" ,
"uuid" : "508892cc-4557-41af-beb0-8661041fafb0" ,
"value" : "2018-12-25T00:00:00"
}
]
} ,
{
"comment" : "" ,
"deleted" : false ,
"description" : "An IP address (or domain or hostname) and a port seen as a tuple (or as a triple) in a specific time frame." ,
"meta-category" : "network" ,
"name" : "ip-port" ,
"template_uuid" : "9f8cea74-16fe-4968-a2b4-026676949ac6" ,
"template_version" : "7" ,
"timestamp" : "1575384033" ,
"uuid" : "2db4134a-4d62-4ebe-b3f1-6c1c15437ff8" ,
"Attribute" : [
{
"category" : "Network activity" ,
"comment" : "" ,
"deleted" : false ,
"disable_correlation" : false ,
"object_relation" : "ip" ,
"timestamp" : "1575384033" ,
"to_ids" : true ,
"type" : "ip-dst" ,
"uuid" : "cc8cc669-5a79-4802-9243-a31825b906cb" ,
"value" : "137.74.80.220"
} ,
{
"category" : "Other" ,
"comment" : "" ,
"deleted" : false ,
"disable_correlation" : true ,
"object_relation" : "first-seen" ,
"timestamp" : "1575384033" ,
"to_ids" : false ,
"type" : "datetime" ,
"uuid" : "7ace6caa-73ec-4ffb-a42b-1721411cadee" ,
"value" : "2018-09-29T00:00:00"
} ,
{
"category" : "Other" ,
"comment" : "" ,
"deleted" : false ,
"disable_correlation" : true ,
"object_relation" : "last-seen" ,
"timestamp" : "1575384033" ,
"to_ids" : false ,
"type" : "datetime" ,
"uuid" : "ac0dd37c-5af2-413b-b393-e819934a83fa" ,
"value" : "2018-10-23T00:00:00"
}
]
} ,
{
"comment" : "" ,
"deleted" : false ,
"description" : "An IP address (or domain or hostname) and a port seen as a tuple (or as a triple) in a specific time frame." ,
"meta-category" : "network" ,
"name" : "ip-port" ,
"template_uuid" : "9f8cea74-16fe-4968-a2b4-026676949ac6" ,
"template_version" : "7" ,
"timestamp" : "1575384033" ,
"uuid" : "4cf21017-f924-403b-ab8e-380573ea512e" ,
"Attribute" : [
{
"category" : "Network activity" ,
"comment" : "" ,
"deleted" : false ,
"disable_correlation" : false ,
"object_relation" : "ip" ,
"timestamp" : "1575384033" ,
"to_ids" : true ,
"type" : "ip-dst" ,
"uuid" : "56ab451d-53fd-4877-a010-a9756a3124c7" ,
"value" : "137.74.157.84"
} ,
{
"category" : "Other" ,
"comment" : "" ,
"deleted" : false ,
"disable_correlation" : true ,
"object_relation" : "first-seen" ,
"timestamp" : "1575384033" ,
"to_ids" : false ,
"type" : "datetime" ,
"uuid" : "615b565d-fe75-4cab-bedd-ebc6747908e2" ,
"value" : "2018-12-18T00:00:00"
} ,
{
"category" : "Other" ,
"comment" : "" ,
"deleted" : false ,
"disable_correlation" : true ,
"object_relation" : "last-seen" ,
"timestamp" : "1575384033" ,
"to_ids" : false ,
"type" : "datetime" ,
"uuid" : "a7b5f8c7-eb74-4776-a505-1c988a6d02c4" ,
"value" : "2019-10-21T00:00:00"
}
]
} ,
{
"comment" : "" ,
"deleted" : false ,
"description" : "An IP address (or domain or hostname) and a port seen as a tuple (or as a triple) in a specific time frame." ,
"meta-category" : "network" ,
"name" : "ip-port" ,
"template_uuid" : "9f8cea74-16fe-4968-a2b4-026676949ac6" ,
"template_version" : "7" ,
"timestamp" : "1575384034" ,
"uuid" : "94a30556-2476-4fd2-94d6-06a151831884" ,
"Attribute" : [
{
"category" : "Network activity" ,
"comment" : "" ,
"deleted" : false ,
"disable_correlation" : false ,
"object_relation" : "ip" ,
"timestamp" : "1575384034" ,
"to_ids" : true ,
"type" : "ip-dst" ,
"uuid" : "f1191ce9-4066-4be0-bb1f-fd8de9f612ef" ,
"value" : "185.122.56.232"
} ,
{
"category" : "Other" ,
"comment" : "" ,
"deleted" : false ,
"disable_correlation" : true ,
"object_relation" : "first-seen" ,
"timestamp" : "1575384034" ,
"to_ids" : false ,
"type" : "datetime" ,
"uuid" : "0ebff068-786b-4024-ae25-591da41d7697" ,
"value" : "2018-09-29T00:00:00"
} ,
{
"category" : "Other" ,
"comment" : "" ,
"deleted" : false ,
"disable_correlation" : true ,
"object_relation" : "last-seen" ,
"timestamp" : "1575384034" ,
"to_ids" : false ,
"type" : "datetime" ,
"uuid" : "ef6e7ae3-7ffd-4f08-ba35-669ab8546ff0" ,
"value" : "2018-11-04T00:00:00"
}
]
} ,
{
"comment" : "" ,
"deleted" : false ,
"description" : "An IP address (or domain or hostname) and a port seen as a tuple (or as a triple) in a specific time frame." ,
"meta-category" : "network" ,
"name" : "ip-port" ,
"template_uuid" : "9f8cea74-16fe-4968-a2b4-026676949ac6" ,
"template_version" : "7" ,
"timestamp" : "1575384034" ,
"uuid" : "87d3ad19-a9e7-4e25-a695-ea5b4a1b8c5d" ,
"Attribute" : [
{
"category" : "Network activity" ,
"comment" : "" ,
"deleted" : false ,
"disable_correlation" : false ,
"object_relation" : "ip" ,
"timestamp" : "1575384034" ,
"to_ids" : true ,
"type" : "ip-dst" ,
"uuid" : "98a29ae5-070e-4ef9-bf79-be08db43c311" ,
"value" : "185.125.204.57"
} ,
{
"category" : "Other" ,
"comment" : "" ,
"deleted" : false ,
"disable_correlation" : true ,
"object_relation" : "first-seen" ,
"timestamp" : "1575384034" ,
"to_ids" : false ,
"type" : "datetime" ,
"uuid" : "aaabe5b8-b435-40fd-b9bf-22c5f0937348" ,
"value" : "2018-10-25T00:00:00"
} ,
{
"category" : "Other" ,
"comment" : "" ,
"deleted" : false ,
"disable_correlation" : true ,
"object_relation" : "last-seen" ,
"timestamp" : "1575384034" ,
"to_ids" : false ,
"type" : "datetime" ,
"uuid" : "7fceb1c4-9508-40d9-b215-9c989fd9e4f3" ,
"value" : "2019-01-14T00:00:00"
}
]
} ,
{
"comment" : "" ,
"deleted" : false ,
"description" : "An IP address (or domain or hostname) and a port seen as a tuple (or as a triple) in a specific time frame." ,
"meta-category" : "network" ,
"name" : "ip-port" ,
"template_uuid" : "9f8cea74-16fe-4968-a2b4-026676949ac6" ,
"template_version" : "7" ,
"timestamp" : "1575384035" ,
"uuid" : "ee15f4bd-db1d-4297-a53b-9ab11ab65716" ,
"Attribute" : [
{
"category" : "Network activity" ,
"comment" : "" ,
"deleted" : false ,
"disable_correlation" : false ,
"object_relation" : "ip" ,
"timestamp" : "1575384035" ,
"to_ids" : true ,
"type" : "ip-dst" ,
"uuid" : "c4c92cdc-6368-4f85-a2e6-ddd6a3b57854" ,
"value" : "185.175.138.173"
} ,
{
"category" : "Other" ,
"comment" : "" ,
"deleted" : false ,
"disable_correlation" : true ,
"object_relation" : "first-seen" ,
"timestamp" : "1575384035" ,
"to_ids" : false ,
"type" : "datetime" ,
"uuid" : "9ebdc9ee-000b-4766-b253-5afbb53788e7" ,
"value" : "2019-01-19T00:00:00"
} ,
{
"category" : "Other" ,
"comment" : "" ,
"deleted" : false ,
"disable_correlation" : true ,
"object_relation" : "last-seen" ,
"timestamp" : "1575384035" ,
"to_ids" : false ,
"type" : "datetime" ,
"uuid" : "7605eeb1-a765-4a95-8e0b-f4ccd3f5f6df" ,
"value" : "2019-01-22T00:00:00"
}
]
} ,
{
"comment" : "" ,
"deleted" : false ,
"description" : "An IP address (or domain or hostname) and a port seen as a tuple (or as a triple) in a specific time frame." ,
"meta-category" : "network" ,
"name" : "ip-port" ,
"template_uuid" : "9f8cea74-16fe-4968-a2b4-026676949ac6" ,
"template_version" : "7" ,
"timestamp" : "1575384035" ,
"uuid" : "a846ef5e-c63a-4068-984b-8cdc38ef617b" ,
"Attribute" : [
{
"category" : "Network activity" ,
"comment" : "" ,
"deleted" : false ,
"disable_correlation" : false ,
"object_relation" : "ip" ,
"timestamp" : "1575384035" ,
"to_ids" : true ,
"type" : "ip-dst" ,
"uuid" : "7e8fdaf4-efdd-4a7f-b9dd-8a3125b5dd81" ,
"value" : "188.165.119.138"
} ,
{
"category" : "Other" ,
"comment" : "" ,
"deleted" : false ,
"disable_correlation" : true ,
"object_relation" : "first-seen" ,
"timestamp" : "1575384035" ,
"to_ids" : false ,
"type" : "datetime" ,
"uuid" : "8d2ddecc-9120-44e9-bdc3-e692e51f7bc3" ,
"value" : "2018-10-08T00:00:00"
} ,
{
"category" : "Other" ,
"comment" : "" ,
"deleted" : false ,
"disable_correlation" : true ,
"object_relation" : "last-seen" ,
"timestamp" : "1575384035" ,
"to_ids" : false ,
"type" : "datetime" ,
"uuid" : "d618d17a-f95d-4826-b99b-31eb46051891" ,
"value" : "2018-11-19T00:00:00"
}
]
} ,
{
"comment" : "" ,
"deleted" : false ,
"description" : "An IP address (or domain or hostname) and a port seen as a tuple (or as a triple) in a specific time frame." ,
"meta-category" : "network" ,
"name" : "ip-port" ,
"template_uuid" : "9f8cea74-16fe-4968-a2b4-026676949ac6" ,
"template_version" : "7" ,
"timestamp" : "1575384036" ,
"uuid" : "1b6633ee-60c0-48fb-8b49-6fcc7d411309" ,
"Attribute" : [
{
"category" : "Network activity" ,
"comment" : "" ,
"deleted" : false ,
"disable_correlation" : false ,
"object_relation" : "ip" ,
"timestamp" : "1575384036" ,
"to_ids" : true ,
"type" : "ip-dst" ,
"uuid" : "33ec373d-51b6-4613-b640-7f6c8c690d48" ,
"value" : "193.70.71.112"
} ,
{
"category" : "Other" ,
"comment" : "" ,
"deleted" : false ,
"disable_correlation" : true ,
"object_relation" : "first-seen" ,
"timestamp" : "1575384037" ,
"to_ids" : false ,
"type" : "datetime" ,
"uuid" : "13085793-c0a5-4aa2-8169-549ab1e16d44" ,
"value" : "2019-03-07T00:00:00"
} ,
{
"category" : "Other" ,
"comment" : "" ,
"deleted" : false ,
"disable_correlation" : true ,
"object_relation" : "last-seen" ,
"timestamp" : "1575384037" ,
"to_ids" : false ,
"type" : "datetime" ,
"uuid" : "9fb50416-4ad0-494b-8b15-b9b29d21d500" ,
"value" : "2019-03-17T00:00:00"
}
]
} ,
{
"comment" : "" ,
"deleted" : false ,
"description" : "An IP address (or domain or hostname) and a port seen as a tuple (or as a triple) in a specific time frame." ,
"meta-category" : "network" ,
"name" : "ip-port" ,
"template_uuid" : "9f8cea74-16fe-4968-a2b4-026676949ac6" ,
"template_version" : "7" ,
"timestamp" : "1575384037" ,
"uuid" : "c3feb2d0-0ebe-47e6-b0da-ad419ea6aee7" ,
"Attribute" : [
{
"category" : "Network activity" ,
"comment" : "" ,
"deleted" : false ,
"disable_correlation" : false ,
"object_relation" : "ip" ,
"timestamp" : "1575384037" ,
"to_ids" : true ,
"type" : "ip-dst" ,
"uuid" : "b5cba2c3-a666-4310-b87e-b4f72185bdf8" ,
"value" : "195.154.41.72"
} ,
{
"category" : "Other" ,
"comment" : "" ,
"deleted" : false ,
"disable_correlation" : true ,
"object_relation" : "first-seen" ,
"timestamp" : "1575384037" ,
"to_ids" : false ,
"type" : "datetime" ,
"uuid" : "625f33ae-bcd2-4c50-bf9c-100509774ff1" ,
"value" : "2019-01-13T00:00:00"
} ,
{
"category" : "Other" ,
"comment" : "" ,
"deleted" : false ,
"disable_correlation" : true ,
"object_relation" : "last-seen" ,
"timestamp" : "1575384037" ,
"to_ids" : false ,
"type" : "datetime" ,
"uuid" : "de5cc7ac-06cb-4af3-8bff-843db303d59c" ,
"value" : "2019-01-20T00:00:00"
}
]
} ,
{
"comment" : "" ,
"deleted" : false ,
"description" : "An IP address (or domain or hostname) and a port seen as a tuple (or as a triple) in a specific time frame." ,
"meta-category" : "network" ,
"name" : "ip-port" ,
"template_uuid" : "9f8cea74-16fe-4968-a2b4-026676949ac6" ,
"template_version" : "7" ,
"timestamp" : "1575384037" ,
"uuid" : "e0c182b5-2961-461b-bc17-36cc4ff11dc5" ,
"Attribute" : [
{
"category" : "Network activity" ,
"comment" : "" ,
"deleted" : false ,
"disable_correlation" : false ,
"object_relation" : "ip" ,
"timestamp" : "1575384037" ,
"to_ids" : true ,
"type" : "ip-dst" ,
"uuid" : "c28668c7-b7f6-4b7b-8740-6acbb6fbbe00" ,
"value" : "213.32.113.159"
} ,
{
"category" : "Other" ,
"comment" : "" ,
"deleted" : false ,
"disable_correlation" : true ,
"object_relation" : "first-seen" ,
"timestamp" : "1575384037" ,
"to_ids" : false ,
"type" : "datetime" ,
"uuid" : "d0b1af5f-fd30-4cc2-b805-b42b1b6d5005" ,
"value" : "2019-06-30T00:00:00"
} ,
{
"category" : "Other" ,
"comment" : "" ,
"deleted" : false ,
"disable_correlation" : true ,
"object_relation" : "last-seen" ,
"timestamp" : "1575384037" ,
"to_ids" : false ,
"type" : "datetime" ,
"uuid" : "19e0ef4f-9069-46d7-b8ff-350150b0f86d" ,
"value" : "2019-09-16T00:00:00"
}
]
} ,
{
"comment" : "" ,
"deleted" : false ,
"description" : "An IP address (or domain or hostname) and a port seen as a tuple (or as a triple) in a specific time frame." ,
"meta-category" : "network" ,
"name" : "ip-port" ,
"template_uuid" : "9f8cea74-16fe-4968-a2b4-026676949ac6" ,
"template_version" : "7" ,
"timestamp" : "1575384038" ,
"uuid" : "fd1343f2-286e-4036-b9a8-1adff8eb2479" ,
"Attribute" : [
{
"category" : "Network activity" ,
"comment" : "" ,
"deleted" : false ,
"disable_correlation" : false ,
"object_relation" : "ip" ,
"timestamp" : "1575384038" ,
"to_ids" : true ,
"type" : "ip-dst" ,
"uuid" : "66c94b5a-646a-42ea-b710-c7ee7aed53d6" ,
"value" : "216.244.93.137"
} ,
{
"category" : "Other" ,
"comment" : "" ,
"deleted" : false ,
"disable_correlation" : true ,
"object_relation" : "first-seen" ,
"timestamp" : "1575384038" ,
"to_ids" : false ,
"type" : "datetime" ,
"uuid" : "d50162e0-988b-490b-99f0-f14f9a1e3487" ,
"value" : "2018-12-10T00:00:00"
} ,
{
"category" : "Other" ,
"comment" : "" ,
"deleted" : false ,
"disable_correlation" : true ,
"object_relation" : "last-seen" ,
"timestamp" : "1575384038" ,
"to_ids" : false ,
"type" : "datetime" ,
"uuid" : "676883e3-d9c4-47f1-97a1-a2eb63e78e62" ,
"value" : "2018-12-21T00:00:00"
}
]
} ,
{
"comment" : "" ,
"deleted" : false ,
"description" : "File object describing a file with meta-information" ,
"meta-category" : "file" ,
"name" : "file" ,
"template_uuid" : "688c46fb-5edb-40a3-8273-1af7923e2215" ,
"template_version" : "16" ,
"timestamp" : "1575384285" ,
"uuid" : "e9693797-9115-4631-972d-7a8e0e3a1e9e" ,
"Attribute" : [
{
"category" : "Payload delivery" ,
"comment" : "" ,
"deleted" : false ,
"disable_correlation" : true ,
"object_relation" : "filename" ,
"timestamp" : "1575384285" ,
"to_ids" : true ,
"type" : "filename" ,
"uuid" : "fff6f6c5-596d-4486-bebf-cf9b18bf7017" ,
"value" : "MsdUpdate.exe"
} ,
{
"category" : "Payload delivery" ,
"comment" : "" ,
"deleted" : false ,
"disable_correlation" : false ,
"object_relation" : "sha256" ,
"timestamp" : "1575384291" ,
"to_ids" : true ,
"type" : "sha256" ,
"uuid" : "263322c7-646d-4a7f-9dfb-1d6f590635ca" ,
"value" : "e954ff741baebb173ba45fbcfdea7499d00d8cfa2933b69f6cc0970b294f9ffd"
}
]
} ,
{
"comment" : "" ,
"deleted" : false ,
"description" : "File object describing a file with meta-information" ,
"meta-category" : "file" ,
"name" : "file" ,
"template_uuid" : "688c46fb-5edb-40a3-8273-1af7923e2215" ,
"template_version" : "16" ,
"timestamp" : "1575384291" ,
"uuid" : "82666f1d-b22b-436e-979d-5d75e303e141" ,
"Attribute" : [
{
"category" : "Payload delivery" ,
"comment" : "" ,
"deleted" : false ,
"disable_correlation" : true ,
"object_relation" : "filename" ,
"timestamp" : "1575384291" ,
"to_ids" : true ,
"type" : "filename" ,
"uuid" : "a838a207-fea3-4f4c-9602-4e163f9df78a" ,
"value" : "MsdUpdate.exe"
} ,
{
"category" : "Payload delivery" ,
"comment" : "" ,
"deleted" : false ,
"disable_correlation" : false ,
"object_relation" : "sha256" ,
"timestamp" : "1575384291" ,
"to_ids" : true ,
"type" : "sha256" ,
"uuid" : "a80176aa-6020-4cfc-807e-28bbef18d8c4" ,
"value" : "b58a2ef01af65d32ca4ba555bd72931dc68728e6d96d8808afca029b4c75d31e"
}
]
} ,
{
"comment" : "" ,
"deleted" : false ,
"description" : "File object describing a file with meta-information" ,
"meta-category" : "file" ,
"name" : "file" ,
"template_uuid" : "688c46fb-5edb-40a3-8273-1af7923e2215" ,
"template_version" : "16" ,
"timestamp" : "1575384291" ,
"uuid" : "5ac505ff-4ea6-4dbd-8dd8-75a55c32741e" ,
"Attribute" : [
{
"category" : "Payload delivery" ,
"comment" : "" ,
"deleted" : false ,
"disable_correlation" : true ,
"object_relation" : "filename" ,
"timestamp" : "1575384292" ,
"to_ids" : true ,
"type" : "filename" ,
"uuid" : "6250d5cd-efe1-46f0-ac3a-494203ea1dd7" ,
"value" : "MsdUpdate.exe"
} ,
{
"category" : "Payload delivery" ,
"comment" : "" ,
"deleted" : false ,
"disable_correlation" : false ,
"object_relation" : "sha256" ,
"timestamp" : "1575384292" ,
"to_ids" : true ,
"type" : "sha256" ,
"uuid" : "be41826f-0a04-48e5-9e1f-928b98568414" ,
"value" : "a67461a0c14fc1528ad83b9bd874f53b7616cfed99656442fb4d9cdd7d09e449"
}
]
} ,
{
"comment" : "" ,
"deleted" : false ,
"description" : "File object describing a file with meta-information" ,
"meta-category" : "file" ,
"name" : "file" ,
"template_uuid" : "688c46fb-5edb-40a3-8273-1af7923e2215" ,
"template_version" : "16" ,
"timestamp" : "1575384292" ,
"uuid" : "71915c2b-eb82-44d7-90d4-566307cca0a5" ,
"Attribute" : [
{
"category" : "Payload delivery" ,
"comment" : "" ,
"deleted" : false ,
"disable_correlation" : true ,
"object_relation" : "filename" ,
"timestamp" : "1575384292" ,
"to_ids" : true ,
"type" : "filename" ,
"uuid" : "15bcb98d-43ab-4f3e-8e5b-4ef5d5cf7c2b" ,
"value" : "MsdUpdate.exe"
} ,
{
"category" : "Payload delivery" ,
"comment" : "" ,
"deleted" : false ,
"disable_correlation" : false ,
"object_relation" : "sha256" ,
"timestamp" : "1575384292" ,
"to_ids" : true ,
"type" : "sha256" ,
"uuid" : "6a0fd476-12ed-4ab8-a0f3-7d405186873d" ,
"value" : "c303454efb21c0bf0df6fb6c2a14e401efeb57c1c574f63cdae74ef74a3b01f2"
}
]
} ,
{
"comment" : "" ,
"deleted" : false ,
"description" : "File object describing a file with meta-information" ,
"meta-category" : "file" ,
"name" : "file" ,
"template_uuid" : "688c46fb-5edb-40a3-8273-1af7923e2215" ,
"template_version" : "16" ,
"timestamp" : "1575384293" ,
"uuid" : "96669752-aadb-43b9-8c29-7ccec173980d" ,
"Attribute" : [
{
"category" : "Payload delivery" ,
"comment" : "" ,
"deleted" : false ,
"disable_correlation" : true ,
"object_relation" : "filename" ,
"timestamp" : "1575384293" ,
"to_ids" : true ,
"type" : "filename" ,
"uuid" : "bfc17797-b941-4352-8260-f2ef0384a86a" ,
"value" : "MsdUpdate.exe"
} ,
{
"category" : "Payload delivery" ,
"comment" : "" ,
"deleted" : false ,
"disable_correlation" : false ,
"object_relation" : "sha256" ,
"timestamp" : "1575384293" ,
"to_ids" : true ,
"type" : "sha256" ,
"uuid" : "f96a6943-1b79-4bc3-a585-b69a9fb82b90" ,
"value" : "75e6bafc4fa496b418df0208f12e688b16e7afdb94a7b30e3eca532717beb9ba"
}
]
} ,
{
"comment" : "" ,
"deleted" : false ,
"description" : "File object describing a file with meta-information" ,
"meta-category" : "file" ,
"name" : "file" ,
"template_uuid" : "688c46fb-5edb-40a3-8273-1af7923e2215" ,
"template_version" : "16" ,
"timestamp" : "1575384294" ,
"uuid" : "ad36a520-c695-43b7-8ad2-a7de2481e6da" ,
"Attribute" : [
{
"category" : "Payload delivery" ,
"comment" : "" ,
"deleted" : false ,
"disable_correlation" : true ,
"object_relation" : "filename" ,
"timestamp" : "1575384294" ,
"to_ids" : true ,
"type" : "filename" ,
"uuid" : "a4b882af-d0bf-4b2f-ba28-f5ee73df4510" ,
"value" : "MsdUpdate.exe"
} ,
{
"category" : "Payload delivery" ,
"comment" : "" ,
"deleted" : false ,
"disable_correlation" : false ,
"object_relation" : "sha256" ,
"timestamp" : "1575384295" ,
"to_ids" : true ,
"type" : "sha256" ,
"uuid" : "fbfb454d-5705-4a25-8130-5c4a45404c55" ,
"value" : "8fb6cbf6f6b6a897bf0ee1217dbf738bce7a3000507b89ea30049fd670018b46"
}
]
} ,
{
"comment" : "" ,
"deleted" : false ,
"description" : "File object describing a file with meta-information" ,
"meta-category" : "file" ,
"name" : "file" ,
"template_uuid" : "688c46fb-5edb-40a3-8273-1af7923e2215" ,
"template_version" : "16" ,
"timestamp" : "1575384295" ,
"uuid" : "62f6f45e-a6b4-4dd4-9d7f-3ffb6a7c194d" ,
"Attribute" : [
{
"category" : "Payload delivery" ,
"comment" : "" ,
"deleted" : false ,
"disable_correlation" : true ,
"object_relation" : "filename" ,
"timestamp" : "1575384295" ,
"to_ids" : true ,
"type" : "filename" ,
"uuid" : "31ed3a7e-afff-4efb-ad69-3b6d8d305923" ,
"value" : "DysonPart.exe"
} ,
{
"category" : "Payload delivery" ,
"comment" : "" ,
"deleted" : false ,
"disable_correlation" : false ,
"object_relation" : "sha256" ,
"timestamp" : "1575384296" ,
"to_ids" : true ,
"type" : "sha256" ,
"uuid" : "7197cdc9-6f50-4079-843e-586648f50c28" ,
"value" : "ba9d76cca6b5c7308961cfe3739dc1328f3dad9a824417fad73b842b043daa1a"
}
]
} ,
{
"comment" : "" ,
"deleted" : false ,
"description" : "File object describing a file with meta-information" ,
"meta-category" : "file" ,
"name" : "file" ,
"template_uuid" : "688c46fb-5edb-40a3-8273-1af7923e2215" ,
"template_version" : "16" ,
"timestamp" : "1575384296" ,
"uuid" : "9cf77da3-bde0-4a41-874f-60c45953b1e0" ,
"Attribute" : [
{
"category" : "Payload delivery" ,
"comment" : "" ,
"deleted" : false ,
"disable_correlation" : false ,
"object_relation" : "sha256" ,
"timestamp" : "1575384296" ,
"to_ids" : true ,
"type" : "sha256" ,
"uuid" : "80ae4483-76ad-435b-84de-a779eb71e75d" ,
"value" : "07e1baf1d0207a139bcf39c60354666496e4331381d36eef9359120b1d8497f1"
}
]
}
]
}
}