2023-04-21 13:25:09 +00:00
|
|
|
{
|
|
|
|
"Event": {
|
|
|
|
"analysis": "2",
|
|
|
|
"date": "2020-06-08",
|
|
|
|
"extends_uuid": "",
|
|
|
|
"info": "OSINT - TA505 IoC - 2020-06-06",
|
|
|
|
"publish_timestamp": "1591603212",
|
|
|
|
"published": true,
|
|
|
|
"threat_level_id": "2",
|
|
|
|
"timestamp": "1591603181",
|
|
|
|
"uuid": "5eddeee6-22ec-419b-8634-429602de0b81",
|
|
|
|
"Orgc": {
|
|
|
|
"name": "CIRCL",
|
|
|
|
"uuid": "55f6ea5e-2c60-40e5-964f-47a8950d210f"
|
|
|
|
},
|
|
|
|
"Tag": [
|
|
|
|
{
|
|
|
|
"colour": "#0088cc",
|
2023-05-19 09:05:37 +00:00
|
|
|
"local": "0",
|
|
|
|
"name": "misp-galaxy:threat-actor=\"TA505\"",
|
|
|
|
"relationship_type": ""
|
2023-04-21 13:25:09 +00:00
|
|
|
},
|
|
|
|
{
|
|
|
|
"colour": "#004646",
|
2023-05-19 09:05:37 +00:00
|
|
|
"local": "0",
|
|
|
|
"name": "type:OSINT",
|
|
|
|
"relationship_type": ""
|
2023-04-21 13:25:09 +00:00
|
|
|
},
|
|
|
|
{
|
|
|
|
"colour": "#0071c3",
|
2023-05-19 09:05:37 +00:00
|
|
|
"local": "0",
|
|
|
|
"name": "osint:lifetime=\"perpetual\"",
|
|
|
|
"relationship_type": ""
|
2023-04-21 13:25:09 +00:00
|
|
|
},
|
|
|
|
{
|
|
|
|
"colour": "#0087e8",
|
2023-05-19 09:05:37 +00:00
|
|
|
"local": "0",
|
|
|
|
"name": "osint:certainty=\"50\"",
|
|
|
|
"relationship_type": ""
|
2023-04-21 13:25:09 +00:00
|
|
|
},
|
|
|
|
{
|
|
|
|
"colour": "#ffffff",
|
2023-05-19 09:05:37 +00:00
|
|
|
"local": "0",
|
|
|
|
"name": "tlp:white",
|
|
|
|
"relationship_type": ""
|
2023-04-21 13:25:09 +00:00
|
|
|
}
|
|
|
|
],
|
|
|
|
"Attribute": [
|
|
|
|
{
|
|
|
|
"category": "Payload delivery",
|
|
|
|
"comment": "# get2 c2: shr-links.com",
|
|
|
|
"deleted": false,
|
|
|
|
"disable_correlation": false,
|
|
|
|
"timestamp": "1591602949",
|
|
|
|
"to_ids": true,
|
|
|
|
"type": "sha256",
|
|
|
|
"uuid": "5eddef05-7d64-4882-a6da-4ec9e387cbd9",
|
|
|
|
"value": "da69f29433079fd3362a44205288037e92a51649aee0dbdb7a004af979c1a2c0"
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"category": "Payload delivery",
|
|
|
|
"comment": "# get2 c2: shr-links.com",
|
|
|
|
"deleted": false,
|
|
|
|
"disable_correlation": false,
|
|
|
|
"timestamp": "1591602949",
|
|
|
|
"to_ids": true,
|
|
|
|
"type": "sha256",
|
|
|
|
"uuid": "5eddef05-a724-4102-b43f-4bade387cbd9",
|
|
|
|
"value": "ffa5704e0d8f90d2ff614a13a8592cc9214dd43ee63bfe55130406f0fe3d99f1"
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"category": "Payload delivery",
|
|
|
|
"comment": "# get2 c2: shr-links.com",
|
|
|
|
"deleted": false,
|
|
|
|
"disable_correlation": false,
|
|
|
|
"timestamp": "1591602949",
|
|
|
|
"to_ids": true,
|
|
|
|
"type": "sha256",
|
|
|
|
"uuid": "5eddef05-fa94-4b07-88f4-4bb2e387cbd9",
|
|
|
|
"value": "8d14795b20647bf8ff806f9c9ea796f22fb4bca206451a4e099fc91a3b4b51da"
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"category": "Payload delivery",
|
|
|
|
"comment": "# get2 c2: shr-links.com",
|
|
|
|
"deleted": false,
|
|
|
|
"disable_correlation": false,
|
|
|
|
"timestamp": "1591602949",
|
|
|
|
"to_ids": true,
|
|
|
|
"type": "sha256",
|
|
|
|
"uuid": "5eddef05-d594-4069-a104-4ca4e387cbd9",
|
|
|
|
"value": "99e358f5cb421f5b27d6e6a25fd0d02c68dc91d9f35545109499210d3ebc09af"
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"category": "Payload delivery",
|
|
|
|
"comment": "# get2 c2: shr-links.com",
|
|
|
|
"deleted": false,
|
|
|
|
"disable_correlation": false,
|
|
|
|
"timestamp": "1591602949",
|
|
|
|
"to_ids": true,
|
|
|
|
"type": "sha256",
|
|
|
|
"uuid": "5eddef05-f810-4a19-b4e2-4600e387cbd9",
|
|
|
|
"value": "729cac7c82d789304b4433aaf4954e5702ca51e4e33d1d7540bbd1d3db682aa1"
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"category": "Payload delivery",
|
|
|
|
"comment": "# get2 c2: shr-links.com",
|
|
|
|
"deleted": false,
|
|
|
|
"disable_correlation": false,
|
|
|
|
"timestamp": "1591602949",
|
|
|
|
"to_ids": true,
|
|
|
|
"type": "sha256",
|
|
|
|
"uuid": "5eddef05-7ac4-48d6-b5c7-47efe387cbd9",
|
|
|
|
"value": "11c4d7d1295a5dd6a2e75d5ca9e63d17b860d85a4b536bb3261ecc7971ef1160"
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"category": "Payload delivery",
|
|
|
|
"comment": "# get2 c2: shr-links.com",
|
|
|
|
"deleted": false,
|
|
|
|
"disable_correlation": false,
|
|
|
|
"timestamp": "1591602949",
|
|
|
|
"to_ids": true,
|
|
|
|
"type": "sha256",
|
|
|
|
"uuid": "5eddef05-09fc-4f16-ba36-4ee4e387cbd9",
|
|
|
|
"value": "d83c4504b995d83d26e5d38154aadfd143e5c4f2ba4db74702ef1d9b23653a8a"
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"category": "Payload delivery",
|
|
|
|
"comment": "# get2 c2: shr-links.com",
|
|
|
|
"deleted": false,
|
|
|
|
"disable_correlation": false,
|
|
|
|
"timestamp": "1591602949",
|
|
|
|
"to_ids": true,
|
|
|
|
"type": "sha256",
|
|
|
|
"uuid": "5eddef06-8da0-4c5b-a82d-40d3e387cbd9",
|
|
|
|
"value": "c9852bc298d391e6e505c779f66f56ee2bc1c798a165c755400d7f53eef32af1"
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"category": "Payload delivery",
|
|
|
|
"comment": "# get2 c2: shr-links.com",
|
|
|
|
"deleted": false,
|
|
|
|
"disable_correlation": false,
|
|
|
|
"timestamp": "1591602950",
|
|
|
|
"to_ids": true,
|
|
|
|
"type": "sha256",
|
|
|
|
"uuid": "5eddef06-9910-47b5-a9f0-43b3e387cbd9",
|
|
|
|
"value": "fb7a62b777cc0e8ef85881def16d3fbbda37623550834a75fe18211114a58348"
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"category": "Payload delivery",
|
|
|
|
"comment": "# get2 c2: shr-links.com",
|
|
|
|
"deleted": false,
|
|
|
|
"disable_correlation": false,
|
|
|
|
"timestamp": "1591602950",
|
|
|
|
"to_ids": true,
|
|
|
|
"type": "sha256",
|
|
|
|
"uuid": "5eddef06-8c48-4fc7-a3d3-450ce387cbd9",
|
|
|
|
"value": "1aa9ff62b7c1443151a9fa3222fa6dbcb80e03cf605c35b0e6b89bba64395f09"
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"category": "Payload delivery",
|
|
|
|
"comment": "# get2 c2: shr-links.com",
|
|
|
|
"deleted": false,
|
|
|
|
"disable_correlation": false,
|
|
|
|
"timestamp": "1591602950",
|
|
|
|
"to_ids": true,
|
|
|
|
"type": "sha256",
|
|
|
|
"uuid": "5eddef06-3930-4074-81ff-4306e387cbd9",
|
|
|
|
"value": "68297165307bba31cc24147b26619d464e9651ef9dc640e08017432fdc5d558c"
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"category": "Payload delivery",
|
|
|
|
"comment": "# get2 c2: shr-links.com",
|
|
|
|
"deleted": false,
|
|
|
|
"disable_correlation": false,
|
|
|
|
"timestamp": "1591602950",
|
|
|
|
"to_ids": true,
|
|
|
|
"type": "sha256",
|
|
|
|
"uuid": "5eddef06-e588-4634-a9bb-42d7e387cbd9",
|
|
|
|
"value": "f5bd2dfa0d751b21727043afd1f0d264391d539e39e5859afc9f746b9d254815"
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"category": "Payload delivery",
|
|
|
|
"comment": "# get2 c2: shr-links.com",
|
|
|
|
"deleted": false,
|
|
|
|
"disable_correlation": false,
|
|
|
|
"timestamp": "1591602950",
|
|
|
|
"to_ids": true,
|
|
|
|
"type": "sha256",
|
|
|
|
"uuid": "5eddef06-d5dc-4336-b683-403de387cbd9",
|
|
|
|
"value": "7e63e4191deaec39a8876a53afba51f7422ab46452916eab894f4884b70d82f6"
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"category": "Payload delivery",
|
|
|
|
"comment": "# get2 c2: shr-links.com",
|
|
|
|
"deleted": false,
|
|
|
|
"disable_correlation": false,
|
|
|
|
"timestamp": "1591602950",
|
|
|
|
"to_ids": true,
|
|
|
|
"type": "sha256",
|
|
|
|
"uuid": "5eddef06-6d88-4106-b238-412be387cbd9",
|
|
|
|
"value": "beabc893191a149e7a8977a494a07b6afba1e2427609e7b19ba5037d25b00f65"
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"category": "Payload delivery",
|
|
|
|
"comment": "# get2 c2: shr-links.com",
|
|
|
|
"deleted": false,
|
|
|
|
"disable_correlation": false,
|
|
|
|
"timestamp": "1591602950",
|
|
|
|
"to_ids": true,
|
|
|
|
"type": "sha256",
|
|
|
|
"uuid": "5eddef06-3158-4a24-8839-41d5e387cbd9",
|
|
|
|
"value": "fff1078e1fd6595676a83b18639c6426daf5a78aab1295e185f5fa1d5b448106"
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"category": "Payload delivery",
|
|
|
|
"comment": "# get2 c2: shr-links.com",
|
|
|
|
"deleted": false,
|
|
|
|
"disable_correlation": false,
|
|
|
|
"timestamp": "1591602950",
|
|
|
|
"to_ids": true,
|
|
|
|
"type": "sha256",
|
|
|
|
"uuid": "5eddef06-fc9c-4ee3-945c-42a3e387cbd9",
|
|
|
|
"value": "57f40bc3fe0c0fe4bb253a802a23b56601ded98a432f865859cdb5027c88fc9c"
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"category": "Payload delivery",
|
|
|
|
"comment": "# get2 c2: shr-links.com",
|
|
|
|
"deleted": false,
|
|
|
|
"disable_correlation": false,
|
|
|
|
"timestamp": "1591602951",
|
|
|
|
"to_ids": true,
|
|
|
|
"type": "sha256",
|
|
|
|
"uuid": "5eddef07-0af4-47d1-92b8-417ce387cbd9",
|
|
|
|
"value": "477dce007f475e7709fd1f57d0a839857f0f0bfe9efd539fec6aef873bcfffc0"
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"category": "Payload delivery",
|
|
|
|
"comment": "# get2 c2: shr-links.com",
|
|
|
|
"deleted": false,
|
|
|
|
"disable_correlation": false,
|
|
|
|
"timestamp": "1591602951",
|
|
|
|
"to_ids": true,
|
|
|
|
"type": "sha256",
|
|
|
|
"uuid": "5eddef07-ae90-478a-a1fe-4107e387cbd9",
|
|
|
|
"value": "ba627162e299061e1ec7d15f06bb722d4c0dc7dfb52f503e46f45f401decf7e9"
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"category": "Payload delivery",
|
|
|
|
"comment": "# get2 c2: shr-links.com",
|
|
|
|
"deleted": false,
|
|
|
|
"disable_correlation": false,
|
|
|
|
"timestamp": "1591602951",
|
|
|
|
"to_ids": true,
|
|
|
|
"type": "sha256",
|
|
|
|
"uuid": "5eddef07-5ef8-42ee-872b-49b1e387cbd9",
|
|
|
|
"value": "74b502f9181fc1dcdcdf1751bd878a62752eff2069c258a422cfcbcd27ffc0db"
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"category": "Payload delivery",
|
|
|
|
"comment": "# get2 c2: shr-links.com",
|
|
|
|
"deleted": false,
|
|
|
|
"disable_correlation": false,
|
|
|
|
"timestamp": "1591602951",
|
|
|
|
"to_ids": true,
|
|
|
|
"type": "sha256",
|
|
|
|
"uuid": "5eddef07-dff8-43b1-8e0d-4c3ce387cbd9",
|
|
|
|
"value": "976f3e9c2f7c8eaff5daf9214707eb06b2aee4e9a1c38c110d7680ec58303dec"
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"category": "Payload delivery",
|
|
|
|
"comment": "# get2 c2: shr-links.com",
|
|
|
|
"deleted": false,
|
|
|
|
"disable_correlation": false,
|
|
|
|
"timestamp": "1591602951",
|
|
|
|
"to_ids": true,
|
|
|
|
"type": "sha256",
|
|
|
|
"uuid": "5eddef07-07c8-4e4b-8c1f-433be387cbd9",
|
|
|
|
"value": "3fb29a8d9260d17d55e68d7a94dce24195bf8659bd4ced4ee5a338208df162bb"
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"category": "Payload delivery",
|
|
|
|
"comment": "# get2 c2: shr-links.com",
|
|
|
|
"deleted": false,
|
|
|
|
"disable_correlation": false,
|
|
|
|
"timestamp": "1591602951",
|
|
|
|
"to_ids": true,
|
|
|
|
"type": "sha256",
|
|
|
|
"uuid": "5eddef07-26f0-49d5-b067-46e5e387cbd9",
|
|
|
|
"value": "b4deb3f933ef379e07a770692d228114f159a9e709b1a7ea1a03530d5931d621"
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"category": "Payload delivery",
|
|
|
|
"comment": "# get2 c2: shr-links.com",
|
|
|
|
"deleted": false,
|
|
|
|
"disable_correlation": false,
|
|
|
|
"timestamp": "1591602952",
|
|
|
|
"to_ids": true,
|
|
|
|
"type": "sha256",
|
|
|
|
"uuid": "5eddef08-7018-4d8f-b2ee-41eae387cbd9",
|
|
|
|
"value": "4e06ffed085764b0356faed9c1337724bd7ac6520fd4f1f8c161b3fd99b9cbba"
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"category": "Payload delivery",
|
|
|
|
"comment": "# get2 c2: shr-links.com",
|
|
|
|
"deleted": false,
|
|
|
|
"disable_correlation": false,
|
|
|
|
"timestamp": "1591602952",
|
|
|
|
"to_ids": true,
|
|
|
|
"type": "sha256",
|
|
|
|
"uuid": "5eddef08-c1b4-432b-abee-4e8de387cbd9",
|
|
|
|
"value": "3785d529e4658e035205791c2d2165ba9075d3e0da14ec214da53cbb0a686f27"
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"category": "External analysis",
|
|
|
|
"comment": "",
|
|
|
|
"deleted": false,
|
|
|
|
"disable_correlation": false,
|
|
|
|
"timestamp": "1591602969",
|
|
|
|
"to_ids": false,
|
|
|
|
"type": "link",
|
|
|
|
"uuid": "5eddef19-98fc-41ba-8c4a-472a02de0b81",
|
|
|
|
"value": "https://github.com/MalwareLab-pl/ioc/blob/master/ta505.txt"
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"category": "Payload delivery",
|
|
|
|
"comment": "",
|
|
|
|
"deleted": false,
|
|
|
|
"disable_correlation": false,
|
|
|
|
"timestamp": "1591603160",
|
|
|
|
"to_ids": true,
|
|
|
|
"type": "url",
|
|
|
|
"uuid": "5eddefd8-45c0-44f9-ada9-466802de0b81",
|
|
|
|
"value": "https://shr-links.com/syscap/upt64/"
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"category": "Network activity",
|
|
|
|
"comment": "",
|
|
|
|
"deleted": false,
|
|
|
|
"disable_correlation": false,
|
|
|
|
"timestamp": "1591603180",
|
|
|
|
"to_ids": false,
|
|
|
|
"type": "ip-dst",
|
|
|
|
"uuid": "5eddefec-d324-49f1-9b9d-4af302de0b81",
|
|
|
|
"value": "92.38.163.14"
|
|
|
|
}
|
|
|
|
],
|
|
|
|
"Object": [
|
|
|
|
{
|
|
|
|
"comment": "",
|
|
|
|
"deleted": false,
|
|
|
|
"description": "File object describing a file with meta-information",
|
|
|
|
"meta-category": "file",
|
|
|
|
"name": "file",
|
|
|
|
"template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215",
|
|
|
|
"template_version": "17",
|
|
|
|
"timestamp": "1591603065",
|
|
|
|
"uuid": "dee9331f-94e5-4b35-a3c8-c7f101c355ea",
|
|
|
|
"ObjectReference": [
|
|
|
|
{
|
|
|
|
"comment": "",
|
|
|
|
"object_uuid": "dee9331f-94e5-4b35-a3c8-c7f101c355ea",
|
|
|
|
"referenced_uuid": "6ce562e6-9c27-4a76-8849-b8eb1aa8f3f8",
|
|
|
|
"relationship_type": "analysed-with",
|
|
|
|
"timestamp": "1591603078",
|
|
|
|
"uuid": "5eddef86-869c-4530-a73e-481c02de0b81"
|
|
|
|
}
|
|
|
|
],
|
|
|
|
"Attribute": [
|
|
|
|
{
|
|
|
|
"category": "Payload delivery",
|
|
|
|
"comment": "# get2 c2: shr-links.com",
|
|
|
|
"deleted": false,
|
|
|
|
"disable_correlation": false,
|
|
|
|
"object_relation": "md5",
|
|
|
|
"timestamp": "1591602949",
|
|
|
|
"to_ids": true,
|
|
|
|
"type": "md5",
|
|
|
|
"uuid": "52c4155c-6803-41a1-9388-b093f52120ed",
|
|
|
|
"value": "76d4d9710105e77f11023127c4603202"
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"category": "Payload delivery",
|
|
|
|
"comment": "# get2 c2: shr-links.com",
|
|
|
|
"deleted": false,
|
|
|
|
"disable_correlation": false,
|
|
|
|
"object_relation": "sha1",
|
|
|
|
"timestamp": "1591602949",
|
|
|
|
"to_ids": true,
|
|
|
|
"type": "sha1",
|
|
|
|
"uuid": "9289f9f3-9110-40c0-9829-2a023577172a",
|
|
|
|
"value": "5c9a006de991acb9c1eaa25ccd690a5969103613"
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"category": "Payload delivery",
|
|
|
|
"comment": "# get2 c2: shr-links.com",
|
|
|
|
"deleted": false,
|
|
|
|
"disable_correlation": false,
|
|
|
|
"object_relation": "sha256",
|
|
|
|
"timestamp": "1591602949",
|
|
|
|
"to_ids": true,
|
|
|
|
"type": "sha256",
|
|
|
|
"uuid": "f1338a81-7d2b-4162-80e1-a4bb5d998590",
|
|
|
|
"value": "11c4d7d1295a5dd6a2e75d5ca9e63d17b860d85a4b536bb3261ecc7971ef1160"
|
|
|
|
}
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"comment": "",
|
|
|
|
"deleted": false,
|
|
|
|
"description": "VirusTotal report",
|
|
|
|
"meta-category": "misc",
|
|
|
|
"name": "virustotal-report",
|
|
|
|
"template_uuid": "d7dd0154-e04f-4c34-a2fb-79f3a3a52aa4",
|
|
|
|
"template_version": "2",
|
|
|
|
"timestamp": "1591603065",
|
|
|
|
"uuid": "6ce562e6-9c27-4a76-8849-b8eb1aa8f3f8",
|
|
|
|
"Attribute": [
|
|
|
|
{
|
|
|
|
"category": "Other",
|
|
|
|
"comment": "# get2 c2: shr-links.com",
|
|
|
|
"deleted": false,
|
|
|
|
"disable_correlation": false,
|
|
|
|
"object_relation": "last-submission",
|
|
|
|
"timestamp": "1591602949",
|
|
|
|
"to_ids": false,
|
|
|
|
"type": "datetime",
|
|
|
|
"uuid": "1fdd6331-ff4d-4297-941f-a64a53237e08",
|
|
|
|
"value": "2020-06-05T15:56:50+00:00"
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"category": "Payload delivery",
|
|
|
|
"comment": "# get2 c2: shr-links.com",
|
|
|
|
"deleted": false,
|
|
|
|
"disable_correlation": false,
|
|
|
|
"object_relation": "permalink",
|
|
|
|
"timestamp": "1591602949",
|
|
|
|
"to_ids": false,
|
|
|
|
"type": "link",
|
|
|
|
"uuid": "14cdf452-752e-4903-bd8f-801aba33518f",
|
|
|
|
"value": "https://www.virustotal.com/gui/file/11c4d7d1295a5dd6a2e75d5ca9e63d17b860d85a4b536bb3261ecc7971ef1160/detection/f-11c4d7d1295a5dd6a2e75d5ca9e63d17b860d85a4b536bb3261ecc7971ef1160-1591372610"
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"category": "Payload delivery",
|
|
|
|
"comment": "# get2 c2: shr-links.com",
|
|
|
|
"deleted": false,
|
|
|
|
"disable_correlation": true,
|
|
|
|
"object_relation": "detection-ratio",
|
|
|
|
"timestamp": "1591602949",
|
|
|
|
"to_ids": false,
|
|
|
|
"type": "text",
|
|
|
|
"uuid": "2d1e2fc7-3336-44ab-afb0-25d26eaef621",
|
|
|
|
"value": "23/59"
|
|
|
|
}
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"comment": "",
|
|
|
|
"deleted": false,
|
|
|
|
"description": "File object describing a file with meta-information",
|
|
|
|
"meta-category": "file",
|
|
|
|
"name": "file",
|
|
|
|
"template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215",
|
|
|
|
"template_version": "17",
|
|
|
|
"timestamp": "1591603065",
|
|
|
|
"uuid": "1fe2e4e7-fb84-4231-a075-bf404e6d7a17",
|
|
|
|
"ObjectReference": [
|
|
|
|
{
|
|
|
|
"comment": "",
|
|
|
|
"object_uuid": "1fe2e4e7-fb84-4231-a075-bf404e6d7a17",
|
|
|
|
"referenced_uuid": "65ff6606-102a-44c9-b8cc-5d8fb120c488",
|
|
|
|
"relationship_type": "analysed-with",
|
|
|
|
"timestamp": "1591603078",
|
|
|
|
"uuid": "5eddef86-6d04-4c5d-b648-4be902de0b81"
|
|
|
|
}
|
|
|
|
],
|
|
|
|
"Attribute": [
|
|
|
|
{
|
|
|
|
"category": "Payload delivery",
|
|
|
|
"comment": "# get2 c2: shr-links.com",
|
|
|
|
"deleted": false,
|
|
|
|
"disable_correlation": false,
|
|
|
|
"object_relation": "md5",
|
|
|
|
"timestamp": "1591602949",
|
|
|
|
"to_ids": true,
|
|
|
|
"type": "md5",
|
|
|
|
"uuid": "76afe72c-d4ac-4e39-a1e6-aaaf4c292a21",
|
|
|
|
"value": "7922dd7e868d11720447d92d055b5f41"
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"category": "Payload delivery",
|
|
|
|
"comment": "# get2 c2: shr-links.com",
|
|
|
|
"deleted": false,
|
|
|
|
"disable_correlation": false,
|
|
|
|
"object_relation": "sha1",
|
|
|
|
"timestamp": "1591602949",
|
|
|
|
"to_ids": true,
|
|
|
|
"type": "sha1",
|
|
|
|
"uuid": "0d194613-fb40-4a06-9831-2a3eb350d907",
|
|
|
|
"value": "588fa2d1a8365c6730d5c38e60c031c22c9c7a6d"
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"category": "Payload delivery",
|
|
|
|
"comment": "# get2 c2: shr-links.com",
|
|
|
|
"deleted": false,
|
|
|
|
"disable_correlation": false,
|
|
|
|
"object_relation": "sha256",
|
|
|
|
"timestamp": "1591602949",
|
|
|
|
"to_ids": true,
|
|
|
|
"type": "sha256",
|
|
|
|
"uuid": "43dcb202-703d-4306-83e7-a8e03394b1cc",
|
|
|
|
"value": "c9852bc298d391e6e505c779f66f56ee2bc1c798a165c755400d7f53eef32af1"
|
|
|
|
}
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"comment": "",
|
|
|
|
"deleted": false,
|
|
|
|
"description": "VirusTotal report",
|
|
|
|
"meta-category": "misc",
|
|
|
|
"name": "virustotal-report",
|
|
|
|
"template_uuid": "d7dd0154-e04f-4c34-a2fb-79f3a3a52aa4",
|
|
|
|
"template_version": "2",
|
|
|
|
"timestamp": "1591603065",
|
|
|
|
"uuid": "65ff6606-102a-44c9-b8cc-5d8fb120c488",
|
|
|
|
"Attribute": [
|
|
|
|
{
|
|
|
|
"category": "Other",
|
|
|
|
"comment": "# get2 c2: shr-links.com",
|
|
|
|
"deleted": false,
|
|
|
|
"disable_correlation": false,
|
|
|
|
"object_relation": "last-submission",
|
|
|
|
"timestamp": "1591602949",
|
|
|
|
"to_ids": false,
|
|
|
|
"type": "datetime",
|
|
|
|
"uuid": "3f2e29b5-230f-4147-bdb1-9061518a1870",
|
|
|
|
"value": "2020-06-05T15:41:00+00:00"
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"category": "Payload delivery",
|
|
|
|
"comment": "# get2 c2: shr-links.com",
|
|
|
|
"deleted": false,
|
|
|
|
"disable_correlation": false,
|
|
|
|
"object_relation": "permalink",
|
|
|
|
"timestamp": "1591602949",
|
|
|
|
"to_ids": false,
|
|
|
|
"type": "link",
|
|
|
|
"uuid": "a95580cc-f81c-47c6-af1f-88aa2cbcb411",
|
|
|
|
"value": "https://www.virustotal.com/gui/file/c9852bc298d391e6e505c779f66f56ee2bc1c798a165c755400d7f53eef32af1/detection/f-c9852bc298d391e6e505c779f66f56ee2bc1c798a165c755400d7f53eef32af1-1591371660"
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"category": "Payload delivery",
|
|
|
|
"comment": "# get2 c2: shr-links.com",
|
|
|
|
"deleted": false,
|
|
|
|
"disable_correlation": true,
|
|
|
|
"object_relation": "detection-ratio",
|
|
|
|
"timestamp": "1591602949",
|
|
|
|
"to_ids": false,
|
|
|
|
"type": "text",
|
|
|
|
"uuid": "1e197331-39b3-4198-bcee-2305ce133286",
|
|
|
|
"value": "24/61"
|
|
|
|
}
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"comment": "",
|
|
|
|
"deleted": false,
|
|
|
|
"description": "File object describing a file with meta-information",
|
|
|
|
"meta-category": "file",
|
|
|
|
"name": "file",
|
|
|
|
"template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215",
|
|
|
|
"template_version": "17",
|
|
|
|
"timestamp": "1591603065",
|
|
|
|
"uuid": "2ea7eb0c-30dc-4563-988e-90411d1b2a9b",
|
|
|
|
"ObjectReference": [
|
|
|
|
{
|
|
|
|
"comment": "",
|
|
|
|
"object_uuid": "2ea7eb0c-30dc-4563-988e-90411d1b2a9b",
|
|
|
|
"referenced_uuid": "0f66e100-c09c-4169-9721-dea1e1b88985",
|
|
|
|
"relationship_type": "analysed-with",
|
|
|
|
"timestamp": "1591603078",
|
|
|
|
"uuid": "5eddef86-7e94-4d9b-8053-416902de0b81"
|
|
|
|
}
|
|
|
|
],
|
|
|
|
"Attribute": [
|
|
|
|
{
|
|
|
|
"category": "Payload delivery",
|
|
|
|
"comment": "# get2 c2: shr-links.com",
|
|
|
|
"deleted": false,
|
|
|
|
"disable_correlation": false,
|
|
|
|
"object_relation": "md5",
|
|
|
|
"timestamp": "1591602949",
|
|
|
|
"to_ids": true,
|
|
|
|
"type": "md5",
|
|
|
|
"uuid": "f73fda5e-30ee-4284-a456-2be548854a30",
|
|
|
|
"value": "be1c1c8e84f203611ff89262c516d3eb"
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"category": "Payload delivery",
|
|
|
|
"comment": "# get2 c2: shr-links.com",
|
|
|
|
"deleted": false,
|
|
|
|
"disable_correlation": false,
|
|
|
|
"object_relation": "sha1",
|
|
|
|
"timestamp": "1591602949",
|
|
|
|
"to_ids": true,
|
|
|
|
"type": "sha1",
|
|
|
|
"uuid": "fdd5af7b-d260-465b-a458-810d053f3634",
|
|
|
|
"value": "b6ade2071fbf76d3813b203d1169298a2affeecc"
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"category": "Payload delivery",
|
|
|
|
"comment": "# get2 c2: shr-links.com",
|
|
|
|
"deleted": false,
|
|
|
|
"disable_correlation": false,
|
|
|
|
"object_relation": "sha256",
|
|
|
|
"timestamp": "1591602949",
|
|
|
|
"to_ids": true,
|
|
|
|
"type": "sha256",
|
|
|
|
"uuid": "f2e31bc0-5430-4512-a05f-30771f1e3fca",
|
|
|
|
"value": "ffa5704e0d8f90d2ff614a13a8592cc9214dd43ee63bfe55130406f0fe3d99f1"
|
|
|
|
}
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"comment": "",
|
|
|
|
"deleted": false,
|
|
|
|
"description": "VirusTotal report",
|
|
|
|
"meta-category": "misc",
|
|
|
|
"name": "virustotal-report",
|
|
|
|
"template_uuid": "d7dd0154-e04f-4c34-a2fb-79f3a3a52aa4",
|
|
|
|
"template_version": "2",
|
|
|
|
"timestamp": "1591603066",
|
|
|
|
"uuid": "0f66e100-c09c-4169-9721-dea1e1b88985",
|
|
|
|
"Attribute": [
|
|
|
|
{
|
|
|
|
"category": "Other",
|
|
|
|
"comment": "# get2 c2: shr-links.com",
|
|
|
|
"deleted": false,
|
|
|
|
"disable_correlation": false,
|
|
|
|
"object_relation": "last-submission",
|
|
|
|
"timestamp": "1591602949",
|
|
|
|
"to_ids": false,
|
|
|
|
"type": "datetime",
|
|
|
|
"uuid": "6833f344-e2a7-4280-b198-47a75d199857",
|
|
|
|
"value": "2020-06-07T08:47:46+00:00"
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"category": "Payload delivery",
|
|
|
|
"comment": "# get2 c2: shr-links.com",
|
|
|
|
"deleted": false,
|
|
|
|
"disable_correlation": false,
|
|
|
|
"object_relation": "permalink",
|
|
|
|
"timestamp": "1591602949",
|
|
|
|
"to_ids": false,
|
|
|
|
"type": "link",
|
|
|
|
"uuid": "45239fbd-1a86-43df-93a9-db84c1c5e9d0",
|
|
|
|
"value": "https://www.virustotal.com/gui/file/ffa5704e0d8f90d2ff614a13a8592cc9214dd43ee63bfe55130406f0fe3d99f1/detection/f-ffa5704e0d8f90d2ff614a13a8592cc9214dd43ee63bfe55130406f0fe3d99f1-1591519666"
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"category": "Payload delivery",
|
|
|
|
"comment": "# get2 c2: shr-links.com",
|
|
|
|
"deleted": false,
|
|
|
|
"disable_correlation": true,
|
|
|
|
"object_relation": "detection-ratio",
|
|
|
|
"timestamp": "1591602949",
|
|
|
|
"to_ids": false,
|
|
|
|
"type": "text",
|
|
|
|
"uuid": "d8cf9e2f-4ca1-4f76-b51d-35fafc15fcfb",
|
|
|
|
"value": "35/61"
|
|
|
|
}
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"comment": "",
|
|
|
|
"deleted": false,
|
|
|
|
"description": "File object describing a file with meta-information",
|
|
|
|
"meta-category": "file",
|
|
|
|
"name": "file",
|
|
|
|
"template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215",
|
|
|
|
"template_version": "17",
|
|
|
|
"timestamp": "1591603066",
|
|
|
|
"uuid": "54543b80-50d7-43ec-8397-a10ac8511d08",
|
|
|
|
"ObjectReference": [
|
|
|
|
{
|
|
|
|
"comment": "",
|
|
|
|
"object_uuid": "54543b80-50d7-43ec-8397-a10ac8511d08",
|
|
|
|
"referenced_uuid": "0ce483d5-1756-4a8e-bcd4-a82ee44c7a9e",
|
|
|
|
"relationship_type": "analysed-with",
|
|
|
|
"timestamp": "1591603078",
|
|
|
|
"uuid": "5eddef86-8d08-44a1-acf5-447f02de0b81"
|
|
|
|
}
|
|
|
|
],
|
|
|
|
"Attribute": [
|
|
|
|
{
|
|
|
|
"category": "Payload delivery",
|
|
|
|
"comment": "# get2 c2: shr-links.com",
|
|
|
|
"deleted": false,
|
|
|
|
"disable_correlation": false,
|
|
|
|
"object_relation": "md5",
|
|
|
|
"timestamp": "1591602950",
|
|
|
|
"to_ids": true,
|
|
|
|
"type": "md5",
|
|
|
|
"uuid": "3a5dfc6e-f490-4043-adc7-7f820da1078a",
|
|
|
|
"value": "192850f198984a57f3379aca25071fe5"
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"category": "Payload delivery",
|
|
|
|
"comment": "# get2 c2: shr-links.com",
|
|
|
|
"deleted": false,
|
|
|
|
"disable_correlation": false,
|
|
|
|
"object_relation": "sha1",
|
|
|
|
"timestamp": "1591602950",
|
|
|
|
"to_ids": true,
|
|
|
|
"type": "sha1",
|
|
|
|
"uuid": "38f11e84-b428-4e6c-b9dc-4c83dc1a88c5",
|
|
|
|
"value": "a43b96ec81b6f59be3c7ea84116150f22522b6a7"
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"category": "Payload delivery",
|
|
|
|
"comment": "# get2 c2: shr-links.com",
|
|
|
|
"deleted": false,
|
|
|
|
"disable_correlation": false,
|
|
|
|
"object_relation": "sha256",
|
|
|
|
"timestamp": "1591602950",
|
|
|
|
"to_ids": true,
|
|
|
|
"type": "sha256",
|
|
|
|
"uuid": "42e717bb-6bad-418f-aae9-6244dbb1c666",
|
|
|
|
"value": "f5bd2dfa0d751b21727043afd1f0d264391d539e39e5859afc9f746b9d254815"
|
|
|
|
}
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"comment": "",
|
|
|
|
"deleted": false,
|
|
|
|
"description": "VirusTotal report",
|
|
|
|
"meta-category": "misc",
|
|
|
|
"name": "virustotal-report",
|
|
|
|
"template_uuid": "d7dd0154-e04f-4c34-a2fb-79f3a3a52aa4",
|
|
|
|
"template_version": "2",
|
|
|
|
"timestamp": "1591603066",
|
|
|
|
"uuid": "0ce483d5-1756-4a8e-bcd4-a82ee44c7a9e",
|
|
|
|
"Attribute": [
|
|
|
|
{
|
|
|
|
"category": "Other",
|
|
|
|
"comment": "# get2 c2: shr-links.com",
|
|
|
|
"deleted": false,
|
|
|
|
"disable_correlation": false,
|
|
|
|
"object_relation": "last-submission",
|
|
|
|
"timestamp": "1591602950",
|
|
|
|
"to_ids": false,
|
|
|
|
"type": "datetime",
|
|
|
|
"uuid": "1bfeae79-4f56-4d89-8527-17dd64c8b903",
|
|
|
|
"value": "2020-06-07T08:47:19+00:00"
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"category": "Payload delivery",
|
|
|
|
"comment": "# get2 c2: shr-links.com",
|
|
|
|
"deleted": false,
|
|
|
|
"disable_correlation": false,
|
|
|
|
"object_relation": "permalink",
|
|
|
|
"timestamp": "1591602950",
|
|
|
|
"to_ids": false,
|
|
|
|
"type": "link",
|
|
|
|
"uuid": "df0d70e7-7d26-481b-a6c4-6833698f22b7",
|
|
|
|
"value": "https://www.virustotal.com/gui/file/f5bd2dfa0d751b21727043afd1f0d264391d539e39e5859afc9f746b9d254815/detection/f-f5bd2dfa0d751b21727043afd1f0d264391d539e39e5859afc9f746b9d254815-1591519639"
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"category": "Payload delivery",
|
|
|
|
"comment": "# get2 c2: shr-links.com",
|
|
|
|
"deleted": false,
|
|
|
|
"disable_correlation": true,
|
|
|
|
"object_relation": "detection-ratio",
|
|
|
|
"timestamp": "1591602950",
|
|
|
|
"to_ids": false,
|
|
|
|
"type": "text",
|
|
|
|
"uuid": "e7f7ce4a-6e98-41c0-b47f-8a4b3895d3ef",
|
|
|
|
"value": "33/61"
|
|
|
|
}
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"comment": "",
|
|
|
|
"deleted": false,
|
|
|
|
"description": "File object describing a file with meta-information",
|
|
|
|
"meta-category": "file",
|
|
|
|
"name": "file",
|
|
|
|
"template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215",
|
|
|
|
"template_version": "17",
|
|
|
|
"timestamp": "1591603066",
|
|
|
|
"uuid": "6dc37399-d3d3-464f-a2c1-8ee320d37e6a",
|
|
|
|
"ObjectReference": [
|
|
|
|
{
|
|
|
|
"comment": "",
|
|
|
|
"object_uuid": "6dc37399-d3d3-464f-a2c1-8ee320d37e6a",
|
|
|
|
"referenced_uuid": "9e193b62-9c44-4e8b-9c97-9f408bfb6f0c",
|
|
|
|
"relationship_type": "analysed-with",
|
|
|
|
"timestamp": "1591603078",
|
|
|
|
"uuid": "5eddef86-39d0-47ac-900e-49a602de0b81"
|
|
|
|
}
|
|
|
|
],
|
|
|
|
"Attribute": [
|
|
|
|
{
|
|
|
|
"category": "Payload delivery",
|
|
|
|
"comment": "# get2 c2: shr-links.com",
|
|
|
|
"deleted": false,
|
|
|
|
"disable_correlation": false,
|
|
|
|
"object_relation": "md5",
|
|
|
|
"timestamp": "1591602949",
|
|
|
|
"to_ids": true,
|
|
|
|
"type": "md5",
|
|
|
|
"uuid": "dce9dd83-fb65-4216-85ed-1aa5eb460a56",
|
|
|
|
"value": "72734bd6dae49c29c75c3d620569b240"
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"category": "Payload delivery",
|
|
|
|
"comment": "# get2 c2: shr-links.com",
|
|
|
|
"deleted": false,
|
|
|
|
"disable_correlation": false,
|
|
|
|
"object_relation": "sha1",
|
|
|
|
"timestamp": "1591602949",
|
|
|
|
"to_ids": true,
|
|
|
|
"type": "sha1",
|
|
|
|
"uuid": "a921a2a8-0071-442c-a711-ad52ddb11954",
|
|
|
|
"value": "ced97bb4810cd20ee8c34d66eabe9ebe198a4fbd"
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"category": "Payload delivery",
|
|
|
|
"comment": "# get2 c2: shr-links.com",
|
|
|
|
"deleted": false,
|
|
|
|
"disable_correlation": false,
|
|
|
|
"object_relation": "sha256",
|
|
|
|
"timestamp": "1591602949",
|
|
|
|
"to_ids": true,
|
|
|
|
"type": "sha256",
|
|
|
|
"uuid": "d2eba698-a17b-4ffa-8ecf-5b563237e04b",
|
|
|
|
"value": "99e358f5cb421f5b27d6e6a25fd0d02c68dc91d9f35545109499210d3ebc09af"
|
|
|
|
}
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"comment": "",
|
|
|
|
"deleted": false,
|
|
|
|
"description": "VirusTotal report",
|
|
|
|
"meta-category": "misc",
|
|
|
|
"name": "virustotal-report",
|
|
|
|
"template_uuid": "d7dd0154-e04f-4c34-a2fb-79f3a3a52aa4",
|
|
|
|
"template_version": "2",
|
|
|
|
"timestamp": "1591603067",
|
|
|
|
"uuid": "9e193b62-9c44-4e8b-9c97-9f408bfb6f0c",
|
|
|
|
"Attribute": [
|
|
|
|
{
|
|
|
|
"category": "Other",
|
|
|
|
"comment": "# get2 c2: shr-links.com",
|
|
|
|
"deleted": false,
|
|
|
|
"disable_correlation": false,
|
|
|
|
"object_relation": "last-submission",
|
|
|
|
"timestamp": "1591602949",
|
|
|
|
"to_ids": false,
|
|
|
|
"type": "datetime",
|
|
|
|
"uuid": "40c8948d-6614-4976-aa32-a23371194de8",
|
|
|
|
"value": "2020-06-05T16:18:04+00:00"
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"category": "Payload delivery",
|
|
|
|
"comment": "# get2 c2: shr-links.com",
|
|
|
|
"deleted": false,
|
|
|
|
"disable_correlation": false,
|
|
|
|
"object_relation": "permalink",
|
|
|
|
"timestamp": "1591602949",
|
|
|
|
"to_ids": false,
|
|
|
|
"type": "link",
|
|
|
|
"uuid": "356d5fdf-d9fe-4686-8a3e-a50c7271b51e",
|
|
|
|
"value": "https://www.virustotal.com/gui/file/99e358f5cb421f5b27d6e6a25fd0d02c68dc91d9f35545109499210d3ebc09af/detection/f-99e358f5cb421f5b27d6e6a25fd0d02c68dc91d9f35545109499210d3ebc09af-1591373884"
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"category": "Payload delivery",
|
|
|
|
"comment": "# get2 c2: shr-links.com",
|
|
|
|
"deleted": false,
|
|
|
|
"disable_correlation": true,
|
|
|
|
"object_relation": "detection-ratio",
|
|
|
|
"timestamp": "1591602949",
|
|
|
|
"to_ids": false,
|
|
|
|
"type": "text",
|
|
|
|
"uuid": "3771134e-7d5d-43c3-857c-86c5a66e4cc9",
|
|
|
|
"value": "24/61"
|
|
|
|
}
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"comment": "",
|
|
|
|
"deleted": false,
|
|
|
|
"description": "File object describing a file with meta-information",
|
|
|
|
"meta-category": "file",
|
|
|
|
"name": "file",
|
|
|
|
"template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215",
|
|
|
|
"template_version": "17",
|
|
|
|
"timestamp": "1591603067",
|
|
|
|
"uuid": "862a3bc0-848b-45a2-ac9b-3e3e4e3b912b",
|
|
|
|
"ObjectReference": [
|
|
|
|
{
|
|
|
|
"comment": "",
|
|
|
|
"object_uuid": "862a3bc0-848b-45a2-ac9b-3e3e4e3b912b",
|
|
|
|
"referenced_uuid": "ab56250c-f14d-4617-b00e-139aa46f76f0",
|
|
|
|
"relationship_type": "analysed-with",
|
|
|
|
"timestamp": "1591603078",
|
|
|
|
"uuid": "5eddef86-dc2c-40c2-9f4b-493102de0b81"
|
|
|
|
}
|
|
|
|
],
|
|
|
|
"Attribute": [
|
|
|
|
{
|
|
|
|
"category": "Payload delivery",
|
|
|
|
"comment": "# get2 c2: shr-links.com",
|
|
|
|
"deleted": false,
|
|
|
|
"disable_correlation": false,
|
|
|
|
"object_relation": "md5",
|
|
|
|
"timestamp": "1591602951",
|
|
|
|
"to_ids": true,
|
|
|
|
"type": "md5",
|
|
|
|
"uuid": "cec2b03e-a3d7-49da-96a9-cde9c279b657",
|
|
|
|
"value": "8ba0e2bfcf76a6e29451ef6246f88027"
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"category": "Payload delivery",
|
|
|
|
"comment": "# get2 c2: shr-links.com",
|
|
|
|
"deleted": false,
|
|
|
|
"disable_correlation": false,
|
|
|
|
"object_relation": "sha1",
|
|
|
|
"timestamp": "1591602951",
|
|
|
|
"to_ids": true,
|
|
|
|
"type": "sha1",
|
|
|
|
"uuid": "6789597d-03bb-4e36-a25a-91b907f79828",
|
|
|
|
"value": "ca96f20bdfbb5966735b2b2919d05201d8171eff"
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"category": "Payload delivery",
|
|
|
|
"comment": "# get2 c2: shr-links.com",
|
|
|
|
"deleted": false,
|
|
|
|
"disable_correlation": false,
|
|
|
|
"object_relation": "sha256",
|
|
|
|
"timestamp": "1591602951",
|
|
|
|
"to_ids": true,
|
|
|
|
"type": "sha256",
|
|
|
|
"uuid": "763111bc-4a37-4f39-9f3a-bc0972812215",
|
|
|
|
"value": "3fb29a8d9260d17d55e68d7a94dce24195bf8659bd4ced4ee5a338208df162bb"
|
|
|
|
}
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"comment": "",
|
|
|
|
"deleted": false,
|
|
|
|
"description": "VirusTotal report",
|
|
|
|
"meta-category": "misc",
|
|
|
|
"name": "virustotal-report",
|
|
|
|
"template_uuid": "d7dd0154-e04f-4c34-a2fb-79f3a3a52aa4",
|
|
|
|
"template_version": "2",
|
|
|
|
"timestamp": "1591603068",
|
|
|
|
"uuid": "ab56250c-f14d-4617-b00e-139aa46f76f0",
|
|
|
|
"Attribute": [
|
|
|
|
{
|
|
|
|
"category": "Other",
|
|
|
|
"comment": "# get2 c2: shr-links.com",
|
|
|
|
"deleted": false,
|
|
|
|
"disable_correlation": false,
|
|
|
|
"object_relation": "last-submission",
|
|
|
|
"timestamp": "1591602951",
|
|
|
|
"to_ids": false,
|
|
|
|
"type": "datetime",
|
|
|
|
"uuid": "7f2df9c6-80c7-4ff5-8dda-47a8818733d5",
|
|
|
|
"value": "2020-06-07T08:47:36+00:00"
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"category": "Payload delivery",
|
|
|
|
"comment": "# get2 c2: shr-links.com",
|
|
|
|
"deleted": false,
|
|
|
|
"disable_correlation": false,
|
|
|
|
"object_relation": "permalink",
|
|
|
|
"timestamp": "1591602951",
|
|
|
|
"to_ids": false,
|
|
|
|
"type": "link",
|
|
|
|
"uuid": "ca836505-845e-43d3-921b-c07749c2c3f7",
|
|
|
|
"value": "https://www.virustotal.com/gui/file/3fb29a8d9260d17d55e68d7a94dce24195bf8659bd4ced4ee5a338208df162bb/detection/f-3fb29a8d9260d17d55e68d7a94dce24195bf8659bd4ced4ee5a338208df162bb-1591519656"
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"category": "Payload delivery",
|
|
|
|
"comment": "# get2 c2: shr-links.com",
|
|
|
|
"deleted": false,
|
|
|
|
"disable_correlation": true,
|
|
|
|
"object_relation": "detection-ratio",
|
|
|
|
"timestamp": "1591602951",
|
|
|
|
"to_ids": false,
|
|
|
|
"type": "text",
|
|
|
|
"uuid": "b278da30-02c7-4f3b-bc21-62d8e66dc3b2",
|
|
|
|
"value": "36/62"
|
|
|
|
}
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"comment": "",
|
|
|
|
"deleted": false,
|
|
|
|
"description": "File object describing a file with meta-information",
|
|
|
|
"meta-category": "file",
|
|
|
|
"name": "file",
|
|
|
|
"template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215",
|
|
|
|
"template_version": "17",
|
|
|
|
"timestamp": "1591603068",
|
|
|
|
"uuid": "add66139-1066-43d1-9c3e-e3f604aee8ef",
|
|
|
|
"ObjectReference": [
|
|
|
|
{
|
|
|
|
"comment": "",
|
|
|
|
"object_uuid": "add66139-1066-43d1-9c3e-e3f604aee8ef",
|
|
|
|
"referenced_uuid": "8531a9ba-484d-4a6b-acfe-908c8345e3ae",
|
|
|
|
"relationship_type": "analysed-with",
|
|
|
|
"timestamp": "1591603079",
|
|
|
|
"uuid": "5eddef87-fc60-4f2d-afa6-4f1f02de0b81"
|
|
|
|
}
|
|
|
|
],
|
|
|
|
"Attribute": [
|
|
|
|
{
|
|
|
|
"category": "Payload delivery",
|
|
|
|
"comment": "# get2 c2: shr-links.com",
|
|
|
|
"deleted": false,
|
|
|
|
"disable_correlation": false,
|
|
|
|
"object_relation": "md5",
|
|
|
|
"timestamp": "1591602950",
|
|
|
|
"to_ids": true,
|
|
|
|
"type": "md5",
|
|
|
|
"uuid": "1405785c-73a4-4faf-a62d-9820439d2f57",
|
|
|
|
"value": "8e0362dc80fe13c0516269629917a5c6"
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"category": "Payload delivery",
|
|
|
|
"comment": "# get2 c2: shr-links.com",
|
|
|
|
"deleted": false,
|
|
|
|
"disable_correlation": false,
|
|
|
|
"object_relation": "sha1",
|
|
|
|
"timestamp": "1591602950",
|
|
|
|
"to_ids": true,
|
|
|
|
"type": "sha1",
|
|
|
|
"uuid": "1c2ec47d-23d9-41aa-9ea1-a84416bf0fa4",
|
|
|
|
"value": "877efed5d8335226013748d5c2c4bbb1f54c3f4c"
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"category": "Payload delivery",
|
|
|
|
"comment": "# get2 c2: shr-links.com",
|
|
|
|
"deleted": false,
|
|
|
|
"disable_correlation": false,
|
|
|
|
"object_relation": "sha256",
|
|
|
|
"timestamp": "1591602950",
|
|
|
|
"to_ids": true,
|
|
|
|
"type": "sha256",
|
|
|
|
"uuid": "0e6f52d5-1607-4bce-8ed7-7de25c20aa65",
|
|
|
|
"value": "beabc893191a149e7a8977a494a07b6afba1e2427609e7b19ba5037d25b00f65"
|
|
|
|
}
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"comment": "",
|
|
|
|
"deleted": false,
|
|
|
|
"description": "VirusTotal report",
|
|
|
|
"meta-category": "misc",
|
|
|
|
"name": "virustotal-report",
|
|
|
|
"template_uuid": "d7dd0154-e04f-4c34-a2fb-79f3a3a52aa4",
|
|
|
|
"template_version": "2",
|
|
|
|
"timestamp": "1591603068",
|
|
|
|
"uuid": "8531a9ba-484d-4a6b-acfe-908c8345e3ae",
|
|
|
|
"Attribute": [
|
|
|
|
{
|
|
|
|
"category": "Other",
|
|
|
|
"comment": "# get2 c2: shr-links.com",
|
|
|
|
"deleted": false,
|
|
|
|
"disable_correlation": false,
|
|
|
|
"object_relation": "last-submission",
|
|
|
|
"timestamp": "1591602950",
|
|
|
|
"to_ids": false,
|
|
|
|
"type": "datetime",
|
|
|
|
"uuid": "515a5a31-88b5-45ef-9a05-013d31b4ae1f",
|
|
|
|
"value": "2020-06-07T08:47:37+00:00"
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"category": "Payload delivery",
|
|
|
|
"comment": "# get2 c2: shr-links.com",
|
|
|
|
"deleted": false,
|
|
|
|
"disable_correlation": false,
|
|
|
|
"object_relation": "permalink",
|
|
|
|
"timestamp": "1591602950",
|
|
|
|
"to_ids": false,
|
|
|
|
"type": "link",
|
|
|
|
"uuid": "91601410-732c-47e2-9341-a36ae721a7ae",
|
|
|
|
"value": "https://www.virustotal.com/gui/file/beabc893191a149e7a8977a494a07b6afba1e2427609e7b19ba5037d25b00f65/detection/f-beabc893191a149e7a8977a494a07b6afba1e2427609e7b19ba5037d25b00f65-1591519657"
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"category": "Payload delivery",
|
|
|
|
"comment": "# get2 c2: shr-links.com",
|
|
|
|
"deleted": false,
|
|
|
|
"disable_correlation": true,
|
|
|
|
"object_relation": "detection-ratio",
|
|
|
|
"timestamp": "1591602950",
|
|
|
|
"to_ids": false,
|
|
|
|
"type": "text",
|
|
|
|
"uuid": "b42b001b-2d9f-4762-b043-11202a366225",
|
|
|
|
"value": "36/62"
|
|
|
|
}
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"comment": "",
|
|
|
|
"deleted": false,
|
|
|
|
"description": "File object describing a file with meta-information",
|
|
|
|
"meta-category": "file",
|
|
|
|
"name": "file",
|
|
|
|
"template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215",
|
|
|
|
"template_version": "17",
|
|
|
|
"timestamp": "1591603069",
|
|
|
|
"uuid": "13abf8d1-76f3-49cb-8f2f-60b0e36b15bb",
|
|
|
|
"ObjectReference": [
|
|
|
|
{
|
|
|
|
"comment": "",
|
|
|
|
"object_uuid": "13abf8d1-76f3-49cb-8f2f-60b0e36b15bb",
|
|
|
|
"referenced_uuid": "44854537-aa4d-4f5e-8787-ddd17e735df1",
|
|
|
|
"relationship_type": "analysed-with",
|
|
|
|
"timestamp": "1591603079",
|
|
|
|
"uuid": "5eddef87-7a64-4d5d-ab24-4ffd02de0b81"
|
|
|
|
}
|
|
|
|
],
|
|
|
|
"Attribute": [
|
|
|
|
{
|
|
|
|
"category": "Payload delivery",
|
|
|
|
"comment": "# get2 c2: shr-links.com",
|
|
|
|
"deleted": false,
|
|
|
|
"disable_correlation": false,
|
|
|
|
"object_relation": "md5",
|
|
|
|
"timestamp": "1591602949",
|
|
|
|
"to_ids": true,
|
|
|
|
"type": "md5",
|
|
|
|
"uuid": "efecf508-f03a-40b9-bde3-8d2a27bee4e7",
|
|
|
|
"value": "0371319d18d95c62224f9f00f0c5f559"
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"category": "Payload delivery",
|
|
|
|
"comment": "# get2 c2: shr-links.com",
|
|
|
|
"deleted": false,
|
|
|
|
"disable_correlation": false,
|
|
|
|
"object_relation": "sha1",
|
|
|
|
"timestamp": "1591602949",
|
|
|
|
"to_ids": true,
|
|
|
|
"type": "sha1",
|
|
|
|
"uuid": "0ffc1767-8a47-4068-95cb-d3b232828479",
|
|
|
|
"value": "61ad9193b0d4d16c819e0c3a910a31503003911b"
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"category": "Payload delivery",
|
|
|
|
"comment": "# get2 c2: shr-links.com",
|
|
|
|
"deleted": false,
|
|
|
|
"disable_correlation": false,
|
|
|
|
"object_relation": "sha256",
|
|
|
|
"timestamp": "1591602949",
|
|
|
|
"to_ids": true,
|
|
|
|
"type": "sha256",
|
|
|
|
"uuid": "6928a5dc-30e3-40b9-a9b5-b214a80110cc",
|
|
|
|
"value": "729cac7c82d789304b4433aaf4954e5702ca51e4e33d1d7540bbd1d3db682aa1"
|
|
|
|
}
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"comment": "",
|
|
|
|
"deleted": false,
|
|
|
|
"description": "VirusTotal report",
|
|
|
|
"meta-category": "misc",
|
|
|
|
"name": "virustotal-report",
|
|
|
|
"template_uuid": "d7dd0154-e04f-4c34-a2fb-79f3a3a52aa4",
|
|
|
|
"template_version": "2",
|
|
|
|
"timestamp": "1591603069",
|
|
|
|
"uuid": "44854537-aa4d-4f5e-8787-ddd17e735df1",
|
|
|
|
"Attribute": [
|
|
|
|
{
|
|
|
|
"category": "Other",
|
|
|
|
"comment": "# get2 c2: shr-links.com",
|
|
|
|
"deleted": false,
|
|
|
|
"disable_correlation": false,
|
|
|
|
"object_relation": "last-submission",
|
|
|
|
"timestamp": "1591602949",
|
|
|
|
"to_ids": false,
|
|
|
|
"type": "datetime",
|
|
|
|
"uuid": "99dd132e-72ae-4421-acaf-c0c75faa54f6",
|
|
|
|
"value": "2020-06-07T14:33:48+00:00"
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"category": "Payload delivery",
|
|
|
|
"comment": "# get2 c2: shr-links.com",
|
|
|
|
"deleted": false,
|
|
|
|
"disable_correlation": false,
|
|
|
|
"object_relation": "permalink",
|
|
|
|
"timestamp": "1591602949",
|
|
|
|
"to_ids": false,
|
|
|
|
"type": "link",
|
|
|
|
"uuid": "9e8e65fa-f34a-40df-a77f-65da0c6be470",
|
|
|
|
"value": "https://www.virustotal.com/gui/file/729cac7c82d789304b4433aaf4954e5702ca51e4e33d1d7540bbd1d3db682aa1/detection/f-729cac7c82d789304b4433aaf4954e5702ca51e4e33d1d7540bbd1d3db682aa1-1591540428"
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"category": "Payload delivery",
|
|
|
|
"comment": "# get2 c2: shr-links.com",
|
|
|
|
"deleted": false,
|
|
|
|
"disable_correlation": true,
|
|
|
|
"object_relation": "detection-ratio",
|
|
|
|
"timestamp": "1591602949",
|
|
|
|
"to_ids": false,
|
|
|
|
"type": "text",
|
|
|
|
"uuid": "70b96532-6c53-44fc-8946-92662ccf3088",
|
|
|
|
"value": "35/61"
|
|
|
|
}
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"comment": "",
|
|
|
|
"deleted": false,
|
|
|
|
"description": "File object describing a file with meta-information",
|
|
|
|
"meta-category": "file",
|
|
|
|
"name": "file",
|
|
|
|
"template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215",
|
|
|
|
"template_version": "17",
|
|
|
|
"timestamp": "1591603069",
|
|
|
|
"uuid": "1c14d80d-eef5-4b0f-a9b7-c182f7f5efe7",
|
|
|
|
"ObjectReference": [
|
|
|
|
{
|
|
|
|
"comment": "",
|
|
|
|
"object_uuid": "1c14d80d-eef5-4b0f-a9b7-c182f7f5efe7",
|
|
|
|
"referenced_uuid": "d0c82af9-405c-4ee4-a72f-564fb3a00f0b",
|
|
|
|
"relationship_type": "analysed-with",
|
|
|
|
"timestamp": "1591603080",
|
|
|
|
"uuid": "5eddef88-163c-49a5-89af-4c7f02de0b81"
|
|
|
|
}
|
|
|
|
],
|
|
|
|
"Attribute": [
|
|
|
|
{
|
|
|
|
"category": "Payload delivery",
|
|
|
|
"comment": "# get2 c2: shr-links.com",
|
|
|
|
"deleted": false,
|
|
|
|
"disable_correlation": false,
|
|
|
|
"object_relation": "md5",
|
|
|
|
"timestamp": "1591602951",
|
|
|
|
"to_ids": true,
|
|
|
|
"type": "md5",
|
|
|
|
"uuid": "9b47c229-ede9-4635-94c5-3f47527a83d5",
|
|
|
|
"value": "a7befa28b5b2677ed603642e68e71f14"
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"category": "Payload delivery",
|
|
|
|
"comment": "# get2 c2: shr-links.com",
|
|
|
|
"deleted": false,
|
|
|
|
"disable_correlation": false,
|
|
|
|
"object_relation": "sha1",
|
|
|
|
"timestamp": "1591602951",
|
|
|
|
"to_ids": true,
|
|
|
|
"type": "sha1",
|
|
|
|
"uuid": "c0f3c5a9-3a62-45d3-b122-a94cc6f2238d",
|
|
|
|
"value": "b0e7d5bddc5be96b5d19f37acd6d8b9c0bba98d4"
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"category": "Payload delivery",
|
|
|
|
"comment": "# get2 c2: shr-links.com",
|
|
|
|
"deleted": false,
|
|
|
|
"disable_correlation": false,
|
|
|
|
"object_relation": "sha256",
|
|
|
|
"timestamp": "1591602951",
|
|
|
|
"to_ids": true,
|
|
|
|
"type": "sha256",
|
|
|
|
"uuid": "11e5f770-098c-45a3-84f8-99eb1d0f3fe2",
|
|
|
|
"value": "477dce007f475e7709fd1f57d0a839857f0f0bfe9efd539fec6aef873bcfffc0"
|
|
|
|
}
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"comment": "",
|
|
|
|
"deleted": false,
|
|
|
|
"description": "VirusTotal report",
|
|
|
|
"meta-category": "misc",
|
|
|
|
"name": "virustotal-report",
|
|
|
|
"template_uuid": "d7dd0154-e04f-4c34-a2fb-79f3a3a52aa4",
|
|
|
|
"template_version": "2",
|
|
|
|
"timestamp": "1591603070",
|
|
|
|
"uuid": "d0c82af9-405c-4ee4-a72f-564fb3a00f0b",
|
|
|
|
"Attribute": [
|
|
|
|
{
|
|
|
|
"category": "Other",
|
|
|
|
"comment": "# get2 c2: shr-links.com",
|
|
|
|
"deleted": false,
|
|
|
|
"disable_correlation": false,
|
|
|
|
"object_relation": "last-submission",
|
|
|
|
"timestamp": "1591602951",
|
|
|
|
"to_ids": false,
|
|
|
|
"type": "datetime",
|
|
|
|
"uuid": "9419db48-279d-47fd-975c-557af6be78d6",
|
|
|
|
"value": "2020-06-07T08:47:43+00:00"
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"category": "Payload delivery",
|
|
|
|
"comment": "# get2 c2: shr-links.com",
|
|
|
|
"deleted": false,
|
|
|
|
"disable_correlation": false,
|
|
|
|
"object_relation": "permalink",
|
|
|
|
"timestamp": "1591602951",
|
|
|
|
"to_ids": false,
|
|
|
|
"type": "link",
|
|
|
|
"uuid": "babbf339-5a98-413c-98d3-b6820d4fb03c",
|
|
|
|
"value": "https://www.virustotal.com/gui/file/477dce007f475e7709fd1f57d0a839857f0f0bfe9efd539fec6aef873bcfffc0/detection/f-477dce007f475e7709fd1f57d0a839857f0f0bfe9efd539fec6aef873bcfffc0-1591519663"
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"category": "Payload delivery",
|
|
|
|
"comment": "# get2 c2: shr-links.com",
|
|
|
|
"deleted": false,
|
|
|
|
"disable_correlation": true,
|
|
|
|
"object_relation": "detection-ratio",
|
|
|
|
"timestamp": "1591602951",
|
|
|
|
"to_ids": false,
|
|
|
|
"type": "text",
|
|
|
|
"uuid": "45281b4e-bd25-42bc-8440-26c6161aece7",
|
|
|
|
"value": "35/62"
|
|
|
|
}
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"comment": "",
|
|
|
|
"deleted": false,
|
|
|
|
"description": "File object describing a file with meta-information",
|
|
|
|
"meta-category": "file",
|
|
|
|
"name": "file",
|
|
|
|
"template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215",
|
|
|
|
"template_version": "17",
|
|
|
|
"timestamp": "1591603070",
|
|
|
|
"uuid": "491b64b2-a655-439b-9349-b7918038440c",
|
|
|
|
"ObjectReference": [
|
|
|
|
{
|
|
|
|
"comment": "",
|
|
|
|
"object_uuid": "491b64b2-a655-439b-9349-b7918038440c",
|
|
|
|
"referenced_uuid": "c22bad23-ed8b-4d83-b725-3519dcee10e9",
|
|
|
|
"relationship_type": "analysed-with",
|
|
|
|
"timestamp": "1591603080",
|
|
|
|
"uuid": "5eddef88-824c-454e-af92-455702de0b81"
|
|
|
|
}
|
|
|
|
],
|
|
|
|
"Attribute": [
|
|
|
|
{
|
|
|
|
"category": "Payload delivery",
|
|
|
|
"comment": "# get2 c2: shr-links.com",
|
|
|
|
"deleted": false,
|
|
|
|
"disable_correlation": false,
|
|
|
|
"object_relation": "md5",
|
|
|
|
"timestamp": "1591602952",
|
|
|
|
"to_ids": true,
|
|
|
|
"type": "md5",
|
|
|
|
"uuid": "94c23359-8af8-4448-8011-5b4adff04ca1",
|
|
|
|
"value": "0b7efd2e4625db9aa96790b1b1ff0606"
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"category": "Payload delivery",
|
|
|
|
"comment": "# get2 c2: shr-links.com",
|
|
|
|
"deleted": false,
|
|
|
|
"disable_correlation": false,
|
|
|
|
"object_relation": "sha1",
|
|
|
|
"timestamp": "1591602952",
|
|
|
|
"to_ids": true,
|
|
|
|
"type": "sha1",
|
|
|
|
"uuid": "39d0661e-8b4d-4212-a9ce-99a6137a540c",
|
|
|
|
"value": "665814a856d2cc5bb8c384abe6c8e3e86bbe457a"
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"category": "Payload delivery",
|
|
|
|
"comment": "# get2 c2: shr-links.com",
|
|
|
|
"deleted": false,
|
|
|
|
"disable_correlation": false,
|
|
|
|
"object_relation": "sha256",
|
|
|
|
"timestamp": "1591602952",
|
|
|
|
"to_ids": true,
|
|
|
|
"type": "sha256",
|
|
|
|
"uuid": "cf11b346-3876-4c6e-99be-baccca99b8c4",
|
|
|
|
"value": "4e06ffed085764b0356faed9c1337724bd7ac6520fd4f1f8c161b3fd99b9cbba"
|
|
|
|
}
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"comment": "",
|
|
|
|
"deleted": false,
|
|
|
|
"description": "VirusTotal report",
|
|
|
|
"meta-category": "misc",
|
|
|
|
"name": "virustotal-report",
|
|
|
|
"template_uuid": "d7dd0154-e04f-4c34-a2fb-79f3a3a52aa4",
|
|
|
|
"template_version": "2",
|
|
|
|
"timestamp": "1591603070",
|
|
|
|
"uuid": "c22bad23-ed8b-4d83-b725-3519dcee10e9",
|
|
|
|
"Attribute": [
|
|
|
|
{
|
|
|
|
"category": "Other",
|
|
|
|
"comment": "# get2 c2: shr-links.com",
|
|
|
|
"deleted": false,
|
|
|
|
"disable_correlation": false,
|
|
|
|
"object_relation": "last-submission",
|
|
|
|
"timestamp": "1591602952",
|
|
|
|
"to_ids": false,
|
|
|
|
"type": "datetime",
|
|
|
|
"uuid": "52ee6462-065b-447b-9108-d74c736d22e4",
|
|
|
|
"value": "2020-06-07T08:47:17+00:00"
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"category": "Payload delivery",
|
|
|
|
"comment": "# get2 c2: shr-links.com",
|
|
|
|
"deleted": false,
|
|
|
|
"disable_correlation": false,
|
|
|
|
"object_relation": "permalink",
|
|
|
|
"timestamp": "1591602952",
|
|
|
|
"to_ids": false,
|
|
|
|
"type": "link",
|
|
|
|
"uuid": "c7707771-aab7-4227-995d-5ffc4a7c1e26",
|
|
|
|
"value": "https://www.virustotal.com/gui/file/4e06ffed085764b0356faed9c1337724bd7ac6520fd4f1f8c161b3fd99b9cbba/detection/f-4e06ffed085764b0356faed9c1337724bd7ac6520fd4f1f8c161b3fd99b9cbba-1591519637"
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"category": "Payload delivery",
|
|
|
|
"comment": "# get2 c2: shr-links.com",
|
|
|
|
"deleted": false,
|
|
|
|
"disable_correlation": true,
|
|
|
|
"object_relation": "detection-ratio",
|
|
|
|
"timestamp": "1591602952",
|
|
|
|
"to_ids": false,
|
|
|
|
"type": "text",
|
|
|
|
"uuid": "085fe616-54fb-456f-8dca-f4beb4209ed1",
|
|
|
|
"value": "36/62"
|
|
|
|
}
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"comment": "",
|
|
|
|
"deleted": false,
|
|
|
|
"description": "File object describing a file with meta-information",
|
|
|
|
"meta-category": "file",
|
|
|
|
"name": "file",
|
|
|
|
"template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215",
|
|
|
|
"template_version": "17",
|
|
|
|
"timestamp": "1591603070",
|
|
|
|
"uuid": "9805faa4-9533-433c-a902-6ab3d94b0c61",
|
|
|
|
"ObjectReference": [
|
|
|
|
{
|
|
|
|
"comment": "",
|
|
|
|
"object_uuid": "9805faa4-9533-433c-a902-6ab3d94b0c61",
|
|
|
|
"referenced_uuid": "7492e92b-1b44-4581-992f-1f8aae6a883c",
|
|
|
|
"relationship_type": "analysed-with",
|
|
|
|
"timestamp": "1591603080",
|
|
|
|
"uuid": "5eddef88-2ad4-433e-9988-407d02de0b81"
|
|
|
|
}
|
|
|
|
],
|
|
|
|
"Attribute": [
|
|
|
|
{
|
|
|
|
"category": "Payload delivery",
|
|
|
|
"comment": "# get2 c2: shr-links.com",
|
|
|
|
"deleted": false,
|
|
|
|
"disable_correlation": false,
|
|
|
|
"object_relation": "md5",
|
|
|
|
"timestamp": "1591602950",
|
|
|
|
"to_ids": true,
|
|
|
|
"type": "md5",
|
|
|
|
"uuid": "8d27c8da-1d99-4708-bd11-338263ebeed9",
|
|
|
|
"value": "e42530cdf26863a64cf3e2a36ce453a0"
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"category": "Payload delivery",
|
|
|
|
"comment": "# get2 c2: shr-links.com",
|
|
|
|
"deleted": false,
|
|
|
|
"disable_correlation": false,
|
|
|
|
"object_relation": "sha1",
|
|
|
|
"timestamp": "1591602950",
|
|
|
|
"to_ids": true,
|
|
|
|
"type": "sha1",
|
|
|
|
"uuid": "05ef8348-05a0-47d5-9eab-ff8381f5c901",
|
|
|
|
"value": "9ac036fce02324247d814248545698728c6801fa"
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"category": "Payload delivery",
|
|
|
|
"comment": "# get2 c2: shr-links.com",
|
|
|
|
"deleted": false,
|
|
|
|
"disable_correlation": false,
|
|
|
|
"object_relation": "sha256",
|
|
|
|
"timestamp": "1591602950",
|
|
|
|
"to_ids": true,
|
|
|
|
"type": "sha256",
|
|
|
|
"uuid": "317afa09-8a4f-49fd-b75e-f762d7ff7256",
|
|
|
|
"value": "1aa9ff62b7c1443151a9fa3222fa6dbcb80e03cf605c35b0e6b89bba64395f09"
|
|
|
|
}
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"comment": "",
|
|
|
|
"deleted": false,
|
|
|
|
"description": "VirusTotal report",
|
|
|
|
"meta-category": "misc",
|
|
|
|
"name": "virustotal-report",
|
|
|
|
"template_uuid": "d7dd0154-e04f-4c34-a2fb-79f3a3a52aa4",
|
|
|
|
"template_version": "2",
|
|
|
|
"timestamp": "1591603070",
|
|
|
|
"uuid": "7492e92b-1b44-4581-992f-1f8aae6a883c",
|
|
|
|
"Attribute": [
|
|
|
|
{
|
|
|
|
"category": "Other",
|
|
|
|
"comment": "# get2 c2: shr-links.com",
|
|
|
|
"deleted": false,
|
|
|
|
"disable_correlation": false,
|
|
|
|
"object_relation": "last-submission",
|
|
|
|
"timestamp": "1591602950",
|
|
|
|
"to_ids": false,
|
|
|
|
"type": "datetime",
|
|
|
|
"uuid": "8f74f52a-bfbd-48d5-a552-7016c382f96e",
|
|
|
|
"value": "2020-06-07T08:47:53+00:00"
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"category": "Payload delivery",
|
|
|
|
"comment": "# get2 c2: shr-links.com",
|
|
|
|
"deleted": false,
|
|
|
|
"disable_correlation": false,
|
|
|
|
"object_relation": "permalink",
|
|
|
|
"timestamp": "1591602950",
|
|
|
|
"to_ids": false,
|
|
|
|
"type": "link",
|
|
|
|
"uuid": "ab991e99-4970-47bc-ab42-a0bdd5541c39",
|
|
|
|
"value": "https://www.virustotal.com/gui/file/1aa9ff62b7c1443151a9fa3222fa6dbcb80e03cf605c35b0e6b89bba64395f09/detection/f-1aa9ff62b7c1443151a9fa3222fa6dbcb80e03cf605c35b0e6b89bba64395f09-1591519673"
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"category": "Payload delivery",
|
|
|
|
"comment": "# get2 c2: shr-links.com",
|
|
|
|
"deleted": false,
|
|
|
|
"disable_correlation": true,
|
|
|
|
"object_relation": "detection-ratio",
|
|
|
|
"timestamp": "1591602950",
|
|
|
|
"to_ids": false,
|
|
|
|
"type": "text",
|
|
|
|
"uuid": "854b42cd-7311-4dff-a3e6-75c82784757d",
|
|
|
|
"value": "36/62"
|
|
|
|
}
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"comment": "",
|
|
|
|
"deleted": false,
|
|
|
|
"description": "File object describing a file with meta-information",
|
|
|
|
"meta-category": "file",
|
|
|
|
"name": "file",
|
|
|
|
"template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215",
|
|
|
|
"template_version": "17",
|
|
|
|
"timestamp": "1591603071",
|
|
|
|
"uuid": "17527ddf-7bda-4305-9dc1-9a1d6014333c",
|
|
|
|
"ObjectReference": [
|
|
|
|
{
|
|
|
|
"comment": "",
|
|
|
|
"object_uuid": "17527ddf-7bda-4305-9dc1-9a1d6014333c",
|
|
|
|
"referenced_uuid": "b704d83d-20ec-4a74-ade0-6cb55496a9eb",
|
|
|
|
"relationship_type": "analysed-with",
|
|
|
|
"timestamp": "1591603080",
|
|
|
|
"uuid": "5eddef88-b8c0-4f11-8fec-46e202de0b81"
|
|
|
|
}
|
|
|
|
],
|
|
|
|
"Attribute": [
|
|
|
|
{
|
|
|
|
"category": "Payload delivery",
|
|
|
|
"comment": "# get2 c2: shr-links.com",
|
|
|
|
"deleted": false,
|
|
|
|
"disable_correlation": false,
|
|
|
|
"object_relation": "md5",
|
|
|
|
"timestamp": "1591602951",
|
|
|
|
"to_ids": true,
|
|
|
|
"type": "md5",
|
|
|
|
"uuid": "57a7db68-0b37-4cbd-ae86-7091e8ac1bb4",
|
|
|
|
"value": "5ef8996aa04140bdb8b2cc06dcf9295b"
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"category": "Payload delivery",
|
|
|
|
"comment": "# get2 c2: shr-links.com",
|
|
|
|
"deleted": false,
|
|
|
|
"disable_correlation": false,
|
|
|
|
"object_relation": "sha1",
|
|
|
|
"timestamp": "1591602951",
|
|
|
|
"to_ids": true,
|
|
|
|
"type": "sha1",
|
|
|
|
"uuid": "9e8f41a1-d66e-4665-97e1-94e0dbb2efee",
|
|
|
|
"value": "7c96dd8b7c2db3d73a49cf2f89d2ac2039d4cc13"
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"category": "Payload delivery",
|
|
|
|
"comment": "# get2 c2: shr-links.com",
|
|
|
|
"deleted": false,
|
|
|
|
"disable_correlation": false,
|
|
|
|
"object_relation": "sha256",
|
|
|
|
"timestamp": "1591602951",
|
|
|
|
"to_ids": true,
|
|
|
|
"type": "sha256",
|
|
|
|
"uuid": "e658b16a-dca5-4523-b41d-761a7c527535",
|
|
|
|
"value": "74b502f9181fc1dcdcdf1751bd878a62752eff2069c258a422cfcbcd27ffc0db"
|
|
|
|
}
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"comment": "",
|
|
|
|
"deleted": false,
|
|
|
|
"description": "VirusTotal report",
|
|
|
|
"meta-category": "misc",
|
|
|
|
"name": "virustotal-report",
|
|
|
|
"template_uuid": "d7dd0154-e04f-4c34-a2fb-79f3a3a52aa4",
|
|
|
|
"template_version": "2",
|
|
|
|
"timestamp": "1591603071",
|
|
|
|
"uuid": "b704d83d-20ec-4a74-ade0-6cb55496a9eb",
|
|
|
|
"Attribute": [
|
|
|
|
{
|
|
|
|
"category": "Other",
|
|
|
|
"comment": "# get2 c2: shr-links.com",
|
|
|
|
"deleted": false,
|
|
|
|
"disable_correlation": false,
|
|
|
|
"object_relation": "last-submission",
|
|
|
|
"timestamp": "1591602951",
|
|
|
|
"to_ids": false,
|
|
|
|
"type": "datetime",
|
|
|
|
"uuid": "a896a8ed-3a1c-45fa-808f-8406c7a21237",
|
|
|
|
"value": "2020-06-07T08:47:31+00:00"
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"category": "Payload delivery",
|
|
|
|
"comment": "# get2 c2: shr-links.com",
|
|
|
|
"deleted": false,
|
|
|
|
"disable_correlation": false,
|
|
|
|
"object_relation": "permalink",
|
|
|
|
"timestamp": "1591602951",
|
|
|
|
"to_ids": false,
|
|
|
|
"type": "link",
|
|
|
|
"uuid": "cfaba998-2eec-4a08-9e52-308dca8c1592",
|
|
|
|
"value": "https://www.virustotal.com/gui/file/74b502f9181fc1dcdcdf1751bd878a62752eff2069c258a422cfcbcd27ffc0db/detection/f-74b502f9181fc1dcdcdf1751bd878a62752eff2069c258a422cfcbcd27ffc0db-1591519651"
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"category": "Payload delivery",
|
|
|
|
"comment": "# get2 c2: shr-links.com",
|
|
|
|
"deleted": false,
|
|
|
|
"disable_correlation": true,
|
|
|
|
"object_relation": "detection-ratio",
|
|
|
|
"timestamp": "1591602951",
|
|
|
|
"to_ids": false,
|
|
|
|
"type": "text",
|
|
|
|
"uuid": "d0145397-3745-4bda-ba5e-188a10a91ed0",
|
|
|
|
"value": "35/62"
|
|
|
|
}
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"comment": "",
|
|
|
|
"deleted": false,
|
|
|
|
"description": "File object describing a file with meta-information",
|
|
|
|
"meta-category": "file",
|
|
|
|
"name": "file",
|
|
|
|
"template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215",
|
|
|
|
"template_version": "17",
|
|
|
|
"timestamp": "1591603071",
|
|
|
|
"uuid": "845d1e34-80da-4996-a2c2-53ab6156afeb",
|
|
|
|
"ObjectReference": [
|
|
|
|
{
|
|
|
|
"comment": "",
|
|
|
|
"object_uuid": "845d1e34-80da-4996-a2c2-53ab6156afeb",
|
|
|
|
"referenced_uuid": "121e7969-0ade-4d2b-aa20-065e70cad490",
|
|
|
|
"relationship_type": "analysed-with",
|
|
|
|
"timestamp": "1591603080",
|
|
|
|
"uuid": "5eddef88-1b2c-4eef-9759-432b02de0b81"
|
|
|
|
}
|
|
|
|
],
|
|
|
|
"Attribute": [
|
|
|
|
{
|
|
|
|
"category": "Payload delivery",
|
|
|
|
"comment": "# get2 c2: shr-links.com",
|
|
|
|
"deleted": false,
|
|
|
|
"disable_correlation": false,
|
|
|
|
"object_relation": "md5",
|
|
|
|
"timestamp": "1591602949",
|
|
|
|
"to_ids": true,
|
|
|
|
"type": "md5",
|
|
|
|
"uuid": "b72f68fe-631d-4fde-b890-7866d68e1328",
|
|
|
|
"value": "70bee4614d6feed54067b2326dac0d8c"
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"category": "Payload delivery",
|
|
|
|
"comment": "# get2 c2: shr-links.com",
|
|
|
|
"deleted": false,
|
|
|
|
"disable_correlation": false,
|
|
|
|
"object_relation": "sha1",
|
|
|
|
"timestamp": "1591602949",
|
|
|
|
"to_ids": true,
|
|
|
|
"type": "sha1",
|
|
|
|
"uuid": "3fa3ccf7-9a04-4c83-b278-9eb6eb4ac5e2",
|
|
|
|
"value": "6226b2ef35896bbab2024a574efd0bbae60a2f95"
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"category": "Payload delivery",
|
|
|
|
"comment": "# get2 c2: shr-links.com",
|
|
|
|
"deleted": false,
|
|
|
|
"disable_correlation": false,
|
|
|
|
"object_relation": "sha256",
|
|
|
|
"timestamp": "1591602949",
|
|
|
|
"to_ids": true,
|
|
|
|
"type": "sha256",
|
|
|
|
"uuid": "369f0286-58ab-4aa9-9d22-b97be83c8408",
|
|
|
|
"value": "8d14795b20647bf8ff806f9c9ea796f22fb4bca206451a4e099fc91a3b4b51da"
|
|
|
|
}
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"comment": "",
|
|
|
|
"deleted": false,
|
|
|
|
"description": "VirusTotal report",
|
|
|
|
"meta-category": "misc",
|
|
|
|
"name": "virustotal-report",
|
|
|
|
"template_uuid": "d7dd0154-e04f-4c34-a2fb-79f3a3a52aa4",
|
|
|
|
"template_version": "2",
|
|
|
|
"timestamp": "1591603072",
|
|
|
|
"uuid": "121e7969-0ade-4d2b-aa20-065e70cad490",
|
|
|
|
"Attribute": [
|
|
|
|
{
|
|
|
|
"category": "Other",
|
|
|
|
"comment": "# get2 c2: shr-links.com",
|
|
|
|
"deleted": false,
|
|
|
|
"disable_correlation": false,
|
|
|
|
"object_relation": "last-submission",
|
|
|
|
"timestamp": "1591602949",
|
|
|
|
"to_ids": false,
|
|
|
|
"type": "datetime",
|
|
|
|
"uuid": "ca9043e8-3334-4d51-8b43-01f35223d908",
|
|
|
|
"value": "2020-06-05T17:25:24+00:00"
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"category": "Payload delivery",
|
|
|
|
"comment": "# get2 c2: shr-links.com",
|
|
|
|
"deleted": false,
|
|
|
|
"disable_correlation": false,
|
|
|
|
"object_relation": "permalink",
|
|
|
|
"timestamp": "1591602949",
|
|
|
|
"to_ids": false,
|
|
|
|
"type": "link",
|
|
|
|
"uuid": "05daf9e6-e7ec-4f99-aa77-bc91adb2f0d3",
|
|
|
|
"value": "https://www.virustotal.com/gui/file/8d14795b20647bf8ff806f9c9ea796f22fb4bca206451a4e099fc91a3b4b51da/detection/f-8d14795b20647bf8ff806f9c9ea796f22fb4bca206451a4e099fc91a3b4b51da-1591377924"
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"category": "Payload delivery",
|
|
|
|
"comment": "# get2 c2: shr-links.com",
|
|
|
|
"deleted": false,
|
|
|
|
"disable_correlation": true,
|
|
|
|
"object_relation": "detection-ratio",
|
|
|
|
"timestamp": "1591602949",
|
|
|
|
"to_ids": false,
|
|
|
|
"type": "text",
|
|
|
|
"uuid": "7d18973d-862f-42ca-b60f-f54a2711274d",
|
|
|
|
"value": "27/61"
|
|
|
|
}
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"comment": "",
|
|
|
|
"deleted": false,
|
|
|
|
"description": "File object describing a file with meta-information",
|
|
|
|
"meta-category": "file",
|
|
|
|
"name": "file",
|
|
|
|
"template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215",
|
|
|
|
"template_version": "17",
|
|
|
|
"timestamp": "1591603072",
|
|
|
|
"uuid": "503b0035-f2c9-4c2e-a76c-99abe658009e",
|
|
|
|
"ObjectReference": [
|
|
|
|
{
|
|
|
|
"comment": "",
|
|
|
|
"object_uuid": "503b0035-f2c9-4c2e-a76c-99abe658009e",
|
|
|
|
"referenced_uuid": "82718f7a-fb06-4364-8feb-aff1934fda91",
|
|
|
|
"relationship_type": "analysed-with",
|
|
|
|
"timestamp": "1591603080",
|
|
|
|
"uuid": "5eddef88-4af4-46ac-9d8e-49ae02de0b81"
|
|
|
|
}
|
|
|
|
],
|
|
|
|
"Attribute": [
|
|
|
|
{
|
|
|
|
"category": "Payload delivery",
|
|
|
|
"comment": "# get2 c2: shr-links.com",
|
|
|
|
"deleted": false,
|
|
|
|
"disable_correlation": false,
|
|
|
|
"object_relation": "md5",
|
|
|
|
"timestamp": "1591602950",
|
|
|
|
"to_ids": true,
|
|
|
|
"type": "md5",
|
|
|
|
"uuid": "5d202b27-bd28-4082-8990-d43df9592c19",
|
|
|
|
"value": "3db430270c732bd63b2fdbe9f261418c"
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"category": "Payload delivery",
|
|
|
|
"comment": "# get2 c2: shr-links.com",
|
|
|
|
"deleted": false,
|
|
|
|
"disable_correlation": false,
|
|
|
|
"object_relation": "sha1",
|
|
|
|
"timestamp": "1591602950",
|
|
|
|
"to_ids": true,
|
|
|
|
"type": "sha1",
|
|
|
|
"uuid": "8956b2be-bfed-483e-81f8-045af50dd093",
|
|
|
|
"value": "018f669a416c7e70faf667bc00bdbd28589688c4"
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"category": "Payload delivery",
|
|
|
|
"comment": "# get2 c2: shr-links.com",
|
|
|
|
"deleted": false,
|
|
|
|
"disable_correlation": false,
|
|
|
|
"object_relation": "sha256",
|
|
|
|
"timestamp": "1591602950",
|
|
|
|
"to_ids": true,
|
|
|
|
"type": "sha256",
|
|
|
|
"uuid": "61c8e641-810d-4d65-a981-23683a77fd71",
|
|
|
|
"value": "68297165307bba31cc24147b26619d464e9651ef9dc640e08017432fdc5d558c"
|
|
|
|
}
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"comment": "",
|
|
|
|
"deleted": false,
|
|
|
|
"description": "VirusTotal report",
|
|
|
|
"meta-category": "misc",
|
|
|
|
"name": "virustotal-report",
|
|
|
|
"template_uuid": "d7dd0154-e04f-4c34-a2fb-79f3a3a52aa4",
|
|
|
|
"template_version": "2",
|
|
|
|
"timestamp": "1591603072",
|
|
|
|
"uuid": "82718f7a-fb06-4364-8feb-aff1934fda91",
|
|
|
|
"Attribute": [
|
|
|
|
{
|
|
|
|
"category": "Other",
|
|
|
|
"comment": "# get2 c2: shr-links.com",
|
|
|
|
"deleted": false,
|
|
|
|
"disable_correlation": false,
|
|
|
|
"object_relation": "last-submission",
|
|
|
|
"timestamp": "1591602950",
|
|
|
|
"to_ids": false,
|
|
|
|
"type": "datetime",
|
|
|
|
"uuid": "0357388c-8398-4468-8afe-0e6b8ad4cef7",
|
|
|
|
"value": "2020-06-07T08:47:26+00:00"
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"category": "Payload delivery",
|
|
|
|
"comment": "# get2 c2: shr-links.com",
|
|
|
|
"deleted": false,
|
|
|
|
"disable_correlation": false,
|
|
|
|
"object_relation": "permalink",
|
|
|
|
"timestamp": "1591602950",
|
|
|
|
"to_ids": false,
|
|
|
|
"type": "link",
|
|
|
|
"uuid": "87c06057-44be-40a4-ad64-3a02a9f9aaf8",
|
|
|
|
"value": "https://www.virustotal.com/gui/file/68297165307bba31cc24147b26619d464e9651ef9dc640e08017432fdc5d558c/detection/f-68297165307bba31cc24147b26619d464e9651ef9dc640e08017432fdc5d558c-1591519646"
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"category": "Payload delivery",
|
|
|
|
"comment": "# get2 c2: shr-links.com",
|
|
|
|
"deleted": false,
|
|
|
|
"disable_correlation": true,
|
|
|
|
"object_relation": "detection-ratio",
|
|
|
|
"timestamp": "1591602950",
|
|
|
|
"to_ids": false,
|
|
|
|
"type": "text",
|
|
|
|
"uuid": "d1d57e65-5449-489f-b35b-8939cbbfb5a8",
|
|
|
|
"value": "35/62"
|
|
|
|
}
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"comment": "",
|
|
|
|
"deleted": false,
|
|
|
|
"description": "File object describing a file with meta-information",
|
|
|
|
"meta-category": "file",
|
|
|
|
"name": "file",
|
|
|
|
"template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215",
|
|
|
|
"template_version": "17",
|
|
|
|
"timestamp": "1591603072",
|
|
|
|
"uuid": "f28eb254-2198-44f2-a79b-472d19d978d8",
|
|
|
|
"ObjectReference": [
|
|
|
|
{
|
|
|
|
"comment": "",
|
|
|
|
"object_uuid": "f28eb254-2198-44f2-a79b-472d19d978d8",
|
|
|
|
"referenced_uuid": "3a4c2108-0a5f-4836-9f0d-bb44c228d818",
|
|
|
|
"relationship_type": "analysed-with",
|
|
|
|
"timestamp": "1591603080",
|
|
|
|
"uuid": "5eddef88-2de4-4e13-be22-42ce02de0b81"
|
|
|
|
}
|
|
|
|
],
|
|
|
|
"Attribute": [
|
|
|
|
{
|
|
|
|
"category": "Payload delivery",
|
|
|
|
"comment": "# get2 c2: shr-links.com",
|
|
|
|
"deleted": false,
|
|
|
|
"disable_correlation": false,
|
|
|
|
"object_relation": "md5",
|
|
|
|
"timestamp": "1591602950",
|
|
|
|
"to_ids": true,
|
|
|
|
"type": "md5",
|
|
|
|
"uuid": "496fea06-ab3b-4089-9083-bb53379d4f84",
|
|
|
|
"value": "2a00e6a23e50628c3a14bf899cd90fb3"
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"category": "Payload delivery",
|
|
|
|
"comment": "# get2 c2: shr-links.com",
|
|
|
|
"deleted": false,
|
|
|
|
"disable_correlation": false,
|
|
|
|
"object_relation": "sha1",
|
|
|
|
"timestamp": "1591602950",
|
|
|
|
"to_ids": true,
|
|
|
|
"type": "sha1",
|
|
|
|
"uuid": "4ade397e-8d5b-4041-be59-1e6a5cf90bad",
|
|
|
|
"value": "915e6c4ec3a8ba5c5840818c4dfd7264d223af0d"
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"category": "Payload delivery",
|
|
|
|
"comment": "# get2 c2: shr-links.com",
|
|
|
|
"deleted": false,
|
|
|
|
"disable_correlation": false,
|
|
|
|
"object_relation": "sha256",
|
|
|
|
"timestamp": "1591602950",
|
|
|
|
"to_ids": true,
|
|
|
|
"type": "sha256",
|
|
|
|
"uuid": "66b70b37-aa74-4d26-ae12-c43908c0ee20",
|
|
|
|
"value": "fb7a62b777cc0e8ef85881def16d3fbbda37623550834a75fe18211114a58348"
|
|
|
|
}
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"comment": "",
|
|
|
|
"deleted": false,
|
|
|
|
"description": "VirusTotal report",
|
|
|
|
"meta-category": "misc",
|
|
|
|
"name": "virustotal-report",
|
|
|
|
"template_uuid": "d7dd0154-e04f-4c34-a2fb-79f3a3a52aa4",
|
|
|
|
"template_version": "2",
|
|
|
|
"timestamp": "1591603072",
|
|
|
|
"uuid": "3a4c2108-0a5f-4836-9f0d-bb44c228d818",
|
|
|
|
"Attribute": [
|
|
|
|
{
|
|
|
|
"category": "Other",
|
|
|
|
"comment": "# get2 c2: shr-links.com",
|
|
|
|
"deleted": false,
|
|
|
|
"disable_correlation": false,
|
|
|
|
"object_relation": "last-submission",
|
|
|
|
"timestamp": "1591602950",
|
|
|
|
"to_ids": false,
|
|
|
|
"type": "datetime",
|
|
|
|
"uuid": "b0e049e0-3fe2-48da-bbde-76fe8a49f113",
|
|
|
|
"value": "2020-06-05T15:22:51+00:00"
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"category": "Payload delivery",
|
|
|
|
"comment": "# get2 c2: shr-links.com",
|
|
|
|
"deleted": false,
|
|
|
|
"disable_correlation": false,
|
|
|
|
"object_relation": "permalink",
|
|
|
|
"timestamp": "1591602950",
|
|
|
|
"to_ids": false,
|
|
|
|
"type": "link",
|
|
|
|
"uuid": "1055b4f0-8f6e-4db8-a050-4806b3610663",
|
|
|
|
"value": "https://www.virustotal.com/gui/file/fb7a62b777cc0e8ef85881def16d3fbbda37623550834a75fe18211114a58348/detection/f-fb7a62b777cc0e8ef85881def16d3fbbda37623550834a75fe18211114a58348-1591370571"
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"category": "Payload delivery",
|
|
|
|
"comment": "# get2 c2: shr-links.com",
|
|
|
|
"deleted": false,
|
|
|
|
"disable_correlation": true,
|
|
|
|
"object_relation": "detection-ratio",
|
|
|
|
"timestamp": "1591602950",
|
|
|
|
"to_ids": false,
|
|
|
|
"type": "text",
|
|
|
|
"uuid": "5d042d8b-6f50-4e39-9f4d-aab333ac0c02",
|
|
|
|
"value": "24/61"
|
|
|
|
}
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"comment": "",
|
|
|
|
"deleted": false,
|
|
|
|
"description": "File object describing a file with meta-information",
|
|
|
|
"meta-category": "file",
|
|
|
|
"name": "file",
|
|
|
|
"template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215",
|
|
|
|
"template_version": "17",
|
|
|
|
"timestamp": "1591603073",
|
|
|
|
"uuid": "0b36973b-ccff-4649-ad19-058d5fd6c82d",
|
|
|
|
"ObjectReference": [
|
|
|
|
{
|
|
|
|
"comment": "",
|
|
|
|
"object_uuid": "0b36973b-ccff-4649-ad19-058d5fd6c82d",
|
|
|
|
"referenced_uuid": "dbff2910-5abc-4777-a810-a30526aa06d1",
|
|
|
|
"relationship_type": "analysed-with",
|
|
|
|
"timestamp": "1591603080",
|
|
|
|
"uuid": "5eddef88-9204-4cbf-ab26-430f02de0b81"
|
|
|
|
}
|
|
|
|
],
|
|
|
|
"Attribute": [
|
|
|
|
{
|
|
|
|
"category": "Payload delivery",
|
|
|
|
"comment": "# get2 c2: shr-links.com",
|
|
|
|
"deleted": false,
|
|
|
|
"disable_correlation": false,
|
|
|
|
"object_relation": "md5",
|
|
|
|
"timestamp": "1591602951",
|
|
|
|
"to_ids": true,
|
|
|
|
"type": "md5",
|
|
|
|
"uuid": "9d0541b5-16b1-493d-843e-8f4e81ae0019",
|
|
|
|
"value": "03d2595f08bf26294c85ef4a323cce6b"
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"category": "Payload delivery",
|
|
|
|
"comment": "# get2 c2: shr-links.com",
|
|
|
|
"deleted": false,
|
|
|
|
"disable_correlation": false,
|
|
|
|
"object_relation": "sha1",
|
|
|
|
"timestamp": "1591602951",
|
|
|
|
"to_ids": true,
|
|
|
|
"type": "sha1",
|
|
|
|
"uuid": "4b36f4ab-7d62-4817-a5e2-37ecdc5f8ccb",
|
|
|
|
"value": "58564d5b674408cd945101fc51016f34f5cdcf0b"
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"category": "Payload delivery",
|
|
|
|
"comment": "# get2 c2: shr-links.com",
|
|
|
|
"deleted": false,
|
|
|
|
"disable_correlation": false,
|
|
|
|
"object_relation": "sha256",
|
|
|
|
"timestamp": "1591602951",
|
|
|
|
"to_ids": true,
|
|
|
|
"type": "sha256",
|
|
|
|
"uuid": "22ae4025-adda-475a-a0f1-44c870f8c1a9",
|
|
|
|
"value": "ba627162e299061e1ec7d15f06bb722d4c0dc7dfb52f503e46f45f401decf7e9"
|
|
|
|
}
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"comment": "",
|
|
|
|
"deleted": false,
|
|
|
|
"description": "VirusTotal report",
|
|
|
|
"meta-category": "misc",
|
|
|
|
"name": "virustotal-report",
|
|
|
|
"template_uuid": "d7dd0154-e04f-4c34-a2fb-79f3a3a52aa4",
|
|
|
|
"template_version": "2",
|
|
|
|
"timestamp": "1591603073",
|
|
|
|
"uuid": "dbff2910-5abc-4777-a810-a30526aa06d1",
|
|
|
|
"Attribute": [
|
|
|
|
{
|
|
|
|
"category": "Other",
|
|
|
|
"comment": "# get2 c2: shr-links.com",
|
|
|
|
"deleted": false,
|
|
|
|
"disable_correlation": false,
|
|
|
|
"object_relation": "last-submission",
|
|
|
|
"timestamp": "1591602951",
|
|
|
|
"to_ids": false,
|
|
|
|
"type": "datetime",
|
|
|
|
"uuid": "33a45a30-5d2f-48c1-9aa8-7cbe12c7e561",
|
|
|
|
"value": "2020-06-07T08:47:16+00:00"
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"category": "Payload delivery",
|
|
|
|
"comment": "# get2 c2: shr-links.com",
|
|
|
|
"deleted": false,
|
|
|
|
"disable_correlation": false,
|
|
|
|
"object_relation": "permalink",
|
|
|
|
"timestamp": "1591602951",
|
|
|
|
"to_ids": false,
|
|
|
|
"type": "link",
|
|
|
|
"uuid": "6252048c-cb84-4c47-bb5e-e17e3af8ebc9",
|
|
|
|
"value": "https://www.virustotal.com/gui/file/ba627162e299061e1ec7d15f06bb722d4c0dc7dfb52f503e46f45f401decf7e9/detection/f-ba627162e299061e1ec7d15f06bb722d4c0dc7dfb52f503e46f45f401decf7e9-1591519636"
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"category": "Payload delivery",
|
|
|
|
"comment": "# get2 c2: shr-links.com",
|
|
|
|
"deleted": false,
|
|
|
|
"disable_correlation": true,
|
|
|
|
"object_relation": "detection-ratio",
|
|
|
|
"timestamp": "1591602951",
|
|
|
|
"to_ids": false,
|
|
|
|
"type": "text",
|
|
|
|
"uuid": "1091ec45-7e5b-4e6c-8352-a27e97d7ed41",
|
|
|
|
"value": "35/61"
|
|
|
|
}
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"comment": "",
|
|
|
|
"deleted": false,
|
|
|
|
"description": "File object describing a file with meta-information",
|
|
|
|
"meta-category": "file",
|
|
|
|
"name": "file",
|
|
|
|
"template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215",
|
|
|
|
"template_version": "17",
|
|
|
|
"timestamp": "1591603073",
|
|
|
|
"uuid": "f25ad18e-4427-4664-b4f4-7420739f3b01",
|
|
|
|
"ObjectReference": [
|
|
|
|
{
|
|
|
|
"comment": "",
|
|
|
|
"object_uuid": "f25ad18e-4427-4664-b4f4-7420739f3b01",
|
|
|
|
"referenced_uuid": "a1a0d38e-fbd0-4fbd-9d72-8acb71be2318",
|
|
|
|
"relationship_type": "analysed-with",
|
|
|
|
"timestamp": "1591603080",
|
|
|
|
"uuid": "5eddef88-f59c-4836-9e72-4a2f02de0b81"
|
|
|
|
}
|
|
|
|
],
|
|
|
|
"Attribute": [
|
|
|
|
{
|
|
|
|
"category": "Payload delivery",
|
|
|
|
"comment": "# get2 c2: shr-links.com",
|
|
|
|
"deleted": false,
|
|
|
|
"disable_correlation": false,
|
|
|
|
"object_relation": "md5",
|
|
|
|
"timestamp": "1591602951",
|
|
|
|
"to_ids": true,
|
|
|
|
"type": "md5",
|
|
|
|
"uuid": "745a0b62-4381-4f36-9084-5f591e5818d2",
|
|
|
|
"value": "23d54d1cbcf95f8ced8e0bfc30d297f4"
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"category": "Payload delivery",
|
|
|
|
"comment": "# get2 c2: shr-links.com",
|
|
|
|
"deleted": false,
|
|
|
|
"disable_correlation": false,
|
|
|
|
"object_relation": "sha1",
|
|
|
|
"timestamp": "1591602951",
|
|
|
|
"to_ids": true,
|
|
|
|
"type": "sha1",
|
|
|
|
"uuid": "842a3e41-eaca-4391-9c9f-0b6bfcb67cf6",
|
|
|
|
"value": "29e23e8490b68c749c302650e9779e54d976ea15"
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"category": "Payload delivery",
|
|
|
|
"comment": "# get2 c2: shr-links.com",
|
|
|
|
"deleted": false,
|
|
|
|
"disable_correlation": false,
|
|
|
|
"object_relation": "sha256",
|
|
|
|
"timestamp": "1591602951",
|
|
|
|
"to_ids": true,
|
|
|
|
"type": "sha256",
|
|
|
|
"uuid": "1d6855b3-630d-4e5d-a08e-b299773c25b3",
|
|
|
|
"value": "976f3e9c2f7c8eaff5daf9214707eb06b2aee4e9a1c38c110d7680ec58303dec"
|
|
|
|
}
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"comment": "",
|
|
|
|
"deleted": false,
|
|
|
|
"description": "VirusTotal report",
|
|
|
|
"meta-category": "misc",
|
|
|
|
"name": "virustotal-report",
|
|
|
|
"template_uuid": "d7dd0154-e04f-4c34-a2fb-79f3a3a52aa4",
|
|
|
|
"template_version": "2",
|
|
|
|
"timestamp": "1591603073",
|
|
|
|
"uuid": "a1a0d38e-fbd0-4fbd-9d72-8acb71be2318",
|
|
|
|
"Attribute": [
|
|
|
|
{
|
|
|
|
"category": "Other",
|
|
|
|
"comment": "# get2 c2: shr-links.com",
|
|
|
|
"deleted": false,
|
|
|
|
"disable_correlation": false,
|
|
|
|
"object_relation": "last-submission",
|
|
|
|
"timestamp": "1591602951",
|
|
|
|
"to_ids": false,
|
|
|
|
"type": "datetime",
|
|
|
|
"uuid": "92458287-b089-4e52-b42e-5115cbfabb46",
|
|
|
|
"value": "2020-06-05T13:04:11+00:00"
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"category": "Payload delivery",
|
|
|
|
"comment": "# get2 c2: shr-links.com",
|
|
|
|
"deleted": false,
|
|
|
|
"disable_correlation": false,
|
|
|
|
"object_relation": "permalink",
|
|
|
|
"timestamp": "1591602951",
|
|
|
|
"to_ids": false,
|
|
|
|
"type": "link",
|
|
|
|
"uuid": "c6f39e52-05c1-412d-9f5d-23b6843329c0",
|
|
|
|
"value": "https://www.virustotal.com/gui/file/976f3e9c2f7c8eaff5daf9214707eb06b2aee4e9a1c38c110d7680ec58303dec/detection/f-976f3e9c2f7c8eaff5daf9214707eb06b2aee4e9a1c38c110d7680ec58303dec-1591362251"
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"category": "Payload delivery",
|
|
|
|
"comment": "# get2 c2: shr-links.com",
|
|
|
|
"deleted": false,
|
|
|
|
"disable_correlation": true,
|
|
|
|
"object_relation": "detection-ratio",
|
|
|
|
"timestamp": "1591602951",
|
|
|
|
"to_ids": false,
|
|
|
|
"type": "text",
|
|
|
|
"uuid": "ad786d93-1948-4923-9370-2958f4846a13",
|
|
|
|
"value": "8/60"
|
|
|
|
}
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"comment": "",
|
|
|
|
"deleted": false,
|
|
|
|
"description": "File object describing a file with meta-information",
|
|
|
|
"meta-category": "file",
|
|
|
|
"name": "file",
|
|
|
|
"template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215",
|
|
|
|
"template_version": "17",
|
|
|
|
"timestamp": "1591603073",
|
|
|
|
"uuid": "ff74d4fc-812b-4a6b-b37d-a1970f81236a",
|
|
|
|
"ObjectReference": [
|
|
|
|
{
|
|
|
|
"comment": "",
|
|
|
|
"object_uuid": "ff74d4fc-812b-4a6b-b37d-a1970f81236a",
|
|
|
|
"referenced_uuid": "c4497b36-95d2-4c4c-aea5-8f5e21f9b9a9",
|
|
|
|
"relationship_type": "analysed-with",
|
|
|
|
"timestamp": "1591603080",
|
|
|
|
"uuid": "5eddef88-059c-4f97-b2cb-4f2f02de0b81"
|
|
|
|
}
|
|
|
|
],
|
|
|
|
"Attribute": [
|
|
|
|
{
|
|
|
|
"category": "Payload delivery",
|
|
|
|
"comment": "# get2 c2: shr-links.com",
|
|
|
|
"deleted": false,
|
|
|
|
"disable_correlation": false,
|
|
|
|
"object_relation": "md5",
|
|
|
|
"timestamp": "1591602951",
|
|
|
|
"to_ids": true,
|
|
|
|
"type": "md5",
|
|
|
|
"uuid": "adb9de9f-3166-409f-afe7-98e42a2e4d05",
|
|
|
|
"value": "095b95375b6710664b72eef48d7e3af1"
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"category": "Payload delivery",
|
|
|
|
"comment": "# get2 c2: shr-links.com",
|
|
|
|
"deleted": false,
|
|
|
|
"disable_correlation": false,
|
|
|
|
"object_relation": "sha1",
|
|
|
|
"timestamp": "1591602951",
|
|
|
|
"to_ids": true,
|
|
|
|
"type": "sha1",
|
|
|
|
"uuid": "6b544461-48c7-4a6f-b390-82d1e72fc8cb",
|
|
|
|
"value": "8c0479901702cbab4e90e3c974277a38621e9fe9"
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"category": "Payload delivery",
|
|
|
|
"comment": "# get2 c2: shr-links.com",
|
|
|
|
"deleted": false,
|
|
|
|
"disable_correlation": false,
|
|
|
|
"object_relation": "sha256",
|
|
|
|
"timestamp": "1591602951",
|
|
|
|
"to_ids": true,
|
|
|
|
"type": "sha256",
|
|
|
|
"uuid": "c67dbd0e-bfd0-4079-b147-c978fe8e6f3d",
|
|
|
|
"value": "b4deb3f933ef379e07a770692d228114f159a9e709b1a7ea1a03530d5931d621"
|
|
|
|
}
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"comment": "",
|
|
|
|
"deleted": false,
|
|
|
|
"description": "VirusTotal report",
|
|
|
|
"meta-category": "misc",
|
|
|
|
"name": "virustotal-report",
|
|
|
|
"template_uuid": "d7dd0154-e04f-4c34-a2fb-79f3a3a52aa4",
|
|
|
|
"template_version": "2",
|
|
|
|
"timestamp": "1591603074",
|
|
|
|
"uuid": "c4497b36-95d2-4c4c-aea5-8f5e21f9b9a9",
|
|
|
|
"Attribute": [
|
|
|
|
{
|
|
|
|
"category": "Other",
|
|
|
|
"comment": "# get2 c2: shr-links.com",
|
|
|
|
"deleted": false,
|
|
|
|
"disable_correlation": false,
|
|
|
|
"object_relation": "last-submission",
|
|
|
|
"timestamp": "1591602951",
|
|
|
|
"to_ids": false,
|
|
|
|
"type": "datetime",
|
|
|
|
"uuid": "a535713e-a2d3-4441-be11-fef1b74c90c5",
|
|
|
|
"value": "2020-06-07T08:47:17+00:00"
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"category": "Payload delivery",
|
|
|
|
"comment": "# get2 c2: shr-links.com",
|
|
|
|
"deleted": false,
|
|
|
|
"disable_correlation": false,
|
|
|
|
"object_relation": "permalink",
|
|
|
|
"timestamp": "1591602951",
|
|
|
|
"to_ids": false,
|
|
|
|
"type": "link",
|
|
|
|
"uuid": "e8849eaa-290c-492d-a2a0-1ed7709b47b8",
|
|
|
|
"value": "https://www.virustotal.com/gui/file/b4deb3f933ef379e07a770692d228114f159a9e709b1a7ea1a03530d5931d621/detection/f-b4deb3f933ef379e07a770692d228114f159a9e709b1a7ea1a03530d5931d621-1591519637"
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"category": "Payload delivery",
|
|
|
|
"comment": "# get2 c2: shr-links.com",
|
|
|
|
"deleted": false,
|
|
|
|
"disable_correlation": true,
|
|
|
|
"object_relation": "detection-ratio",
|
|
|
|
"timestamp": "1591602951",
|
|
|
|
"to_ids": false,
|
|
|
|
"type": "text",
|
|
|
|
"uuid": "56708db8-6296-4092-9485-636bceab85db",
|
|
|
|
"value": "35/62"
|
|
|
|
}
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"comment": "",
|
|
|
|
"deleted": false,
|
|
|
|
"description": "File object describing a file with meta-information",
|
|
|
|
"meta-category": "file",
|
|
|
|
"name": "file",
|
|
|
|
"template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215",
|
|
|
|
"template_version": "17",
|
|
|
|
"timestamp": "1591603074",
|
|
|
|
"uuid": "5c6d098d-9a42-456a-8a8c-3d26c85f6153",
|
|
|
|
"ObjectReference": [
|
|
|
|
{
|
|
|
|
"comment": "",
|
|
|
|
"object_uuid": "5c6d098d-9a42-456a-8a8c-3d26c85f6153",
|
|
|
|
"referenced_uuid": "43c17ad3-51df-44b1-9716-ebeed4fdca80",
|
|
|
|
"relationship_type": "analysed-with",
|
|
|
|
"timestamp": "1591603080",
|
|
|
|
"uuid": "5eddef88-8bd8-4c7e-97c9-454302de0b81"
|
|
|
|
}
|
|
|
|
],
|
|
|
|
"Attribute": [
|
|
|
|
{
|
|
|
|
"category": "Payload delivery",
|
|
|
|
"comment": "# get2 c2: shr-links.com",
|
|
|
|
"deleted": false,
|
|
|
|
"disable_correlation": false,
|
|
|
|
"object_relation": "md5",
|
|
|
|
"timestamp": "1591602949",
|
|
|
|
"to_ids": true,
|
|
|
|
"type": "md5",
|
|
|
|
"uuid": "c6a417fb-f1eb-4bfb-91f5-99c98c402133",
|
|
|
|
"value": "176b9dcdae46842e45ec7d6498c1e632"
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"category": "Payload delivery",
|
|
|
|
"comment": "# get2 c2: shr-links.com",
|
|
|
|
"deleted": false,
|
|
|
|
"disable_correlation": false,
|
|
|
|
"object_relation": "sha1",
|
|
|
|
"timestamp": "1591602949",
|
|
|
|
"to_ids": true,
|
|
|
|
"type": "sha1",
|
|
|
|
"uuid": "cfc72910-cb96-433a-8bfe-0c67443c0a0e",
|
|
|
|
"value": "857a5b9974c0f14e9e6545fca74ce5752d81b8c5"
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"category": "Payload delivery",
|
|
|
|
"comment": "# get2 c2: shr-links.com",
|
|
|
|
"deleted": false,
|
|
|
|
"disable_correlation": false,
|
|
|
|
"object_relation": "sha256",
|
|
|
|
"timestamp": "1591602949",
|
|
|
|
"to_ids": true,
|
|
|
|
"type": "sha256",
|
|
|
|
"uuid": "ee87c8eb-8cf7-4399-be43-c618209531c2",
|
|
|
|
"value": "d83c4504b995d83d26e5d38154aadfd143e5c4f2ba4db74702ef1d9b23653a8a"
|
|
|
|
}
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"comment": "",
|
|
|
|
"deleted": false,
|
|
|
|
"description": "VirusTotal report",
|
|
|
|
"meta-category": "misc",
|
|
|
|
"name": "virustotal-report",
|
|
|
|
"template_uuid": "d7dd0154-e04f-4c34-a2fb-79f3a3a52aa4",
|
|
|
|
"template_version": "2",
|
|
|
|
"timestamp": "1591603074",
|
|
|
|
"uuid": "43c17ad3-51df-44b1-9716-ebeed4fdca80",
|
|
|
|
"Attribute": [
|
|
|
|
{
|
|
|
|
"category": "Other",
|
|
|
|
"comment": "# get2 c2: shr-links.com",
|
|
|
|
"deleted": false,
|
|
|
|
"disable_correlation": false,
|
|
|
|
"object_relation": "last-submission",
|
|
|
|
"timestamp": "1591602949",
|
|
|
|
"to_ids": false,
|
|
|
|
"type": "datetime",
|
|
|
|
"uuid": "47458e2b-088c-480b-8f7b-63f9839ccc29",
|
|
|
|
"value": "2020-06-07T08:47:18+00:00"
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"category": "Payload delivery",
|
|
|
|
"comment": "# get2 c2: shr-links.com",
|
|
|
|
"deleted": false,
|
|
|
|
"disable_correlation": false,
|
|
|
|
"object_relation": "permalink",
|
|
|
|
"timestamp": "1591602949",
|
|
|
|
"to_ids": false,
|
|
|
|
"type": "link",
|
|
|
|
"uuid": "4b70e53f-ab09-40c9-93b2-115bc3ba2fd1",
|
|
|
|
"value": "https://www.virustotal.com/gui/file/d83c4504b995d83d26e5d38154aadfd143e5c4f2ba4db74702ef1d9b23653a8a/detection/f-d83c4504b995d83d26e5d38154aadfd143e5c4f2ba4db74702ef1d9b23653a8a-1591519638"
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"category": "Payload delivery",
|
|
|
|
"comment": "# get2 c2: shr-links.com",
|
|
|
|
"deleted": false,
|
|
|
|
"disable_correlation": true,
|
|
|
|
"object_relation": "detection-ratio",
|
|
|
|
"timestamp": "1591602949",
|
|
|
|
"to_ids": false,
|
|
|
|
"type": "text",
|
|
|
|
"uuid": "fcf5c120-3a86-4919-90a4-48a0c7dedaa7",
|
|
|
|
"value": "35/62"
|
|
|
|
}
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"comment": "",
|
|
|
|
"deleted": false,
|
|
|
|
"description": "File object describing a file with meta-information",
|
|
|
|
"meta-category": "file",
|
|
|
|
"name": "file",
|
|
|
|
"template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215",
|
|
|
|
"template_version": "17",
|
|
|
|
"timestamp": "1591603074",
|
|
|
|
"uuid": "7926acdf-7590-476e-8b14-8ecd14feb445",
|
|
|
|
"ObjectReference": [
|
|
|
|
{
|
|
|
|
"comment": "",
|
|
|
|
"object_uuid": "7926acdf-7590-476e-8b14-8ecd14feb445",
|
|
|
|
"referenced_uuid": "0ec19e42-4e5a-4ca6-886d-dbb5ba8cc309",
|
|
|
|
"relationship_type": "analysed-with",
|
|
|
|
"timestamp": "1591603080",
|
|
|
|
"uuid": "5eddef88-8c18-4b1a-920d-493d02de0b81"
|
|
|
|
}
|
|
|
|
],
|
|
|
|
"Attribute": [
|
|
|
|
{
|
|
|
|
"category": "Payload delivery",
|
|
|
|
"comment": "# get2 c2: shr-links.com",
|
|
|
|
"deleted": false,
|
|
|
|
"disable_correlation": false,
|
|
|
|
"object_relation": "md5",
|
|
|
|
"timestamp": "1591602952",
|
|
|
|
"to_ids": true,
|
|
|
|
"type": "md5",
|
|
|
|
"uuid": "4a046ace-333e-4e76-9156-cfb0f821457c",
|
|
|
|
"value": "8e4c6545134b1f950f4994c3117e938a"
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"category": "Payload delivery",
|
|
|
|
"comment": "# get2 c2: shr-links.com",
|
|
|
|
"deleted": false,
|
|
|
|
"disable_correlation": false,
|
|
|
|
"object_relation": "sha1",
|
|
|
|
"timestamp": "1591602952",
|
|
|
|
"to_ids": true,
|
|
|
|
"type": "sha1",
|
|
|
|
"uuid": "f3182acb-781b-426d-9ab3-a981add216e2",
|
|
|
|
"value": "7d283592694c9cfdb8f4bdde6bfccda74cf576bf"
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"category": "Payload delivery",
|
|
|
|
"comment": "# get2 c2: shr-links.com",
|
|
|
|
"deleted": false,
|
|
|
|
"disable_correlation": false,
|
|
|
|
"object_relation": "sha256",
|
|
|
|
"timestamp": "1591602952",
|
|
|
|
"to_ids": true,
|
|
|
|
"type": "sha256",
|
|
|
|
"uuid": "a5720340-354c-4600-81a1-fd18254d43a8",
|
|
|
|
"value": "3785d529e4658e035205791c2d2165ba9075d3e0da14ec214da53cbb0a686f27"
|
|
|
|
}
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"comment": "",
|
|
|
|
"deleted": false,
|
|
|
|
"description": "VirusTotal report",
|
|
|
|
"meta-category": "misc",
|
|
|
|
"name": "virustotal-report",
|
|
|
|
"template_uuid": "d7dd0154-e04f-4c34-a2fb-79f3a3a52aa4",
|
|
|
|
"template_version": "2",
|
|
|
|
"timestamp": "1591603074",
|
|
|
|
"uuid": "0ec19e42-4e5a-4ca6-886d-dbb5ba8cc309",
|
|
|
|
"Attribute": [
|
|
|
|
{
|
|
|
|
"category": "Other",
|
|
|
|
"comment": "# get2 c2: shr-links.com",
|
|
|
|
"deleted": false,
|
|
|
|
"disable_correlation": false,
|
|
|
|
"object_relation": "last-submission",
|
|
|
|
"timestamp": "1591602952",
|
|
|
|
"to_ids": false,
|
|
|
|
"type": "datetime",
|
|
|
|
"uuid": "598fe168-f012-4539-957d-5cae40b382d1",
|
|
|
|
"value": "2020-06-07T08:47:37+00:00"
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"category": "Payload delivery",
|
|
|
|
"comment": "# get2 c2: shr-links.com",
|
|
|
|
"deleted": false,
|
|
|
|
"disable_correlation": false,
|
|
|
|
"object_relation": "permalink",
|
|
|
|
"timestamp": "1591602952",
|
|
|
|
"to_ids": false,
|
|
|
|
"type": "link",
|
|
|
|
"uuid": "95c84958-d569-4e5d-8eb1-4582e919891c",
|
|
|
|
"value": "https://www.virustotal.com/gui/file/3785d529e4658e035205791c2d2165ba9075d3e0da14ec214da53cbb0a686f27/detection/f-3785d529e4658e035205791c2d2165ba9075d3e0da14ec214da53cbb0a686f27-1591519657"
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"category": "Payload delivery",
|
|
|
|
"comment": "# get2 c2: shr-links.com",
|
|
|
|
"deleted": false,
|
|
|
|
"disable_correlation": true,
|
|
|
|
"object_relation": "detection-ratio",
|
|
|
|
"timestamp": "1591602952",
|
|
|
|
"to_ids": false,
|
|
|
|
"type": "text",
|
|
|
|
"uuid": "46335177-5271-4c06-8aa2-2cca56220291",
|
|
|
|
"value": "35/62"
|
|
|
|
}
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"comment": "",
|
|
|
|
"deleted": false,
|
|
|
|
"description": "File object describing a file with meta-information",
|
|
|
|
"meta-category": "file",
|
|
|
|
"name": "file",
|
|
|
|
"template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215",
|
|
|
|
"template_version": "17",
|
|
|
|
"timestamp": "1591603075",
|
|
|
|
"uuid": "24536190-0343-4ec2-9728-1ff56f1a2c9d",
|
|
|
|
"ObjectReference": [
|
|
|
|
{
|
|
|
|
"comment": "",
|
|
|
|
"object_uuid": "24536190-0343-4ec2-9728-1ff56f1a2c9d",
|
|
|
|
"referenced_uuid": "1c780620-104e-4a42-ac75-837f0b290646",
|
|
|
|
"relationship_type": "analysed-with",
|
|
|
|
"timestamp": "1591603080",
|
|
|
|
"uuid": "5eddef88-6274-41b9-a647-445002de0b81"
|
|
|
|
}
|
|
|
|
],
|
|
|
|
"Attribute": [
|
|
|
|
{
|
|
|
|
"category": "Payload delivery",
|
|
|
|
"comment": "# get2 c2: shr-links.com",
|
|
|
|
"deleted": false,
|
|
|
|
"disable_correlation": false,
|
|
|
|
"object_relation": "md5",
|
|
|
|
"timestamp": "1591602949",
|
|
|
|
"to_ids": true,
|
|
|
|
"type": "md5",
|
|
|
|
"uuid": "a680c325-1e0f-4046-8920-ba99dd0ecafb",
|
|
|
|
"value": "5f827d1c77e743a1afc97a5116f6dc8d"
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"category": "Payload delivery",
|
|
|
|
"comment": "# get2 c2: shr-links.com",
|
|
|
|
"deleted": false,
|
|
|
|
"disable_correlation": false,
|
|
|
|
"object_relation": "sha1",
|
|
|
|
"timestamp": "1591602949",
|
|
|
|
"to_ids": true,
|
|
|
|
"type": "sha1",
|
|
|
|
"uuid": "fbbeb0b2-4823-494b-a8fd-2ec6b296b2ab",
|
|
|
|
"value": "472ab52d68e82d8a26ebf2692dd8939b29297097"
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"category": "Payload delivery",
|
|
|
|
"comment": "# get2 c2: shr-links.com",
|
|
|
|
"deleted": false,
|
|
|
|
"disable_correlation": false,
|
|
|
|
"object_relation": "sha256",
|
|
|
|
"timestamp": "1591602949",
|
|
|
|
"to_ids": true,
|
|
|
|
"type": "sha256",
|
|
|
|
"uuid": "ed087e34-4586-4465-9245-63e9ac2f6ed6",
|
|
|
|
"value": "da69f29433079fd3362a44205288037e92a51649aee0dbdb7a004af979c1a2c0"
|
|
|
|
}
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"comment": "",
|
|
|
|
"deleted": false,
|
|
|
|
"description": "VirusTotal report",
|
|
|
|
"meta-category": "misc",
|
|
|
|
"name": "virustotal-report",
|
|
|
|
"template_uuid": "d7dd0154-e04f-4c34-a2fb-79f3a3a52aa4",
|
|
|
|
"template_version": "2",
|
|
|
|
"timestamp": "1591603075",
|
|
|
|
"uuid": "1c780620-104e-4a42-ac75-837f0b290646",
|
|
|
|
"Attribute": [
|
|
|
|
{
|
|
|
|
"category": "Other",
|
|
|
|
"comment": "# get2 c2: shr-links.com",
|
|
|
|
"deleted": false,
|
|
|
|
"disable_correlation": false,
|
|
|
|
"object_relation": "last-submission",
|
|
|
|
"timestamp": "1591602949",
|
|
|
|
"to_ids": false,
|
|
|
|
"type": "datetime",
|
|
|
|
"uuid": "c8cf2c1b-489d-459a-939f-826574315b65",
|
|
|
|
"value": "2020-06-07T08:47:31+00:00"
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"category": "Payload delivery",
|
|
|
|
"comment": "# get2 c2: shr-links.com",
|
|
|
|
"deleted": false,
|
|
|
|
"disable_correlation": false,
|
|
|
|
"object_relation": "permalink",
|
|
|
|
"timestamp": "1591602949",
|
|
|
|
"to_ids": false,
|
|
|
|
"type": "link",
|
|
|
|
"uuid": "0a09c9b9-7608-4d51-b6dd-5387eb5be2ad",
|
|
|
|
"value": "https://www.virustotal.com/gui/file/da69f29433079fd3362a44205288037e92a51649aee0dbdb7a004af979c1a2c0/detection/f-da69f29433079fd3362a44205288037e92a51649aee0dbdb7a004af979c1a2c0-1591519651"
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"category": "Payload delivery",
|
|
|
|
"comment": "# get2 c2: shr-links.com",
|
|
|
|
"deleted": false,
|
|
|
|
"disable_correlation": true,
|
|
|
|
"object_relation": "detection-ratio",
|
|
|
|
"timestamp": "1591602949",
|
|
|
|
"to_ids": false,
|
|
|
|
"type": "text",
|
|
|
|
"uuid": "afe1d847-4704-48b7-83d5-672fe4fe8a7d",
|
|
|
|
"value": "35/62"
|
|
|
|
}
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"comment": "",
|
|
|
|
"deleted": false,
|
|
|
|
"description": "File object describing a file with meta-information",
|
|
|
|
"meta-category": "file",
|
|
|
|
"name": "file",
|
|
|
|
"template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215",
|
|
|
|
"template_version": "17",
|
|
|
|
"timestamp": "1591603075",
|
|
|
|
"uuid": "13e37bd1-ffe5-47a1-aa0b-132a24d9f2a2",
|
|
|
|
"ObjectReference": [
|
|
|
|
{
|
|
|
|
"comment": "",
|
|
|
|
"object_uuid": "13e37bd1-ffe5-47a1-aa0b-132a24d9f2a2",
|
|
|
|
"referenced_uuid": "41242f7f-0530-439c-9a3b-619ebf227d4b",
|
|
|
|
"relationship_type": "analysed-with",
|
|
|
|
"timestamp": "1591603081",
|
|
|
|
"uuid": "5eddef89-d29c-41f4-a746-42bb02de0b81"
|
|
|
|
}
|
|
|
|
],
|
|
|
|
"Attribute": [
|
|
|
|
{
|
|
|
|
"category": "Payload delivery",
|
|
|
|
"comment": "# get2 c2: shr-links.com",
|
|
|
|
"deleted": false,
|
|
|
|
"disable_correlation": false,
|
|
|
|
"object_relation": "md5",
|
|
|
|
"timestamp": "1591602950",
|
|
|
|
"to_ids": true,
|
|
|
|
"type": "md5",
|
|
|
|
"uuid": "fb2cb859-2ee7-46b5-a7cf-1c2a752737e0",
|
|
|
|
"value": "27d945c488031ba6b3fde4969ee497b7"
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"category": "Payload delivery",
|
|
|
|
"comment": "# get2 c2: shr-links.com",
|
|
|
|
"deleted": false,
|
|
|
|
"disable_correlation": false,
|
|
|
|
"object_relation": "sha1",
|
|
|
|
"timestamp": "1591602950",
|
|
|
|
"to_ids": true,
|
|
|
|
"type": "sha1",
|
|
|
|
"uuid": "8925d4cc-635d-428b-8b6e-26fd7e7a4855",
|
|
|
|
"value": "e44ec2d2ecc92399644f8b2121b5ad0d477be989"
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"category": "Payload delivery",
|
|
|
|
"comment": "# get2 c2: shr-links.com",
|
|
|
|
"deleted": false,
|
|
|
|
"disable_correlation": false,
|
|
|
|
"object_relation": "sha256",
|
|
|
|
"timestamp": "1591602950",
|
|
|
|
"to_ids": true,
|
|
|
|
"type": "sha256",
|
|
|
|
"uuid": "b9f3c4a7-e90a-44b5-97f8-ae5ccc9c4f42",
|
|
|
|
"value": "57f40bc3fe0c0fe4bb253a802a23b56601ded98a432f865859cdb5027c88fc9c"
|
|
|
|
}
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"comment": "",
|
|
|
|
"deleted": false,
|
|
|
|
"description": "VirusTotal report",
|
|
|
|
"meta-category": "misc",
|
|
|
|
"name": "virustotal-report",
|
|
|
|
"template_uuid": "d7dd0154-e04f-4c34-a2fb-79f3a3a52aa4",
|
|
|
|
"template_version": "2",
|
|
|
|
"timestamp": "1591603075",
|
|
|
|
"uuid": "41242f7f-0530-439c-9a3b-619ebf227d4b",
|
|
|
|
"Attribute": [
|
|
|
|
{
|
|
|
|
"category": "Other",
|
|
|
|
"comment": "# get2 c2: shr-links.com",
|
|
|
|
"deleted": false,
|
|
|
|
"disable_correlation": false,
|
|
|
|
"object_relation": "last-submission",
|
|
|
|
"timestamp": "1591602950",
|
|
|
|
"to_ids": false,
|
|
|
|
"type": "datetime",
|
|
|
|
"uuid": "08c8d0c5-a165-426e-9d47-115f7ecb509c",
|
|
|
|
"value": "2020-06-07T08:47:22+00:00"
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"category": "Payload delivery",
|
|
|
|
"comment": "# get2 c2: shr-links.com",
|
|
|
|
"deleted": false,
|
|
|
|
"disable_correlation": false,
|
|
|
|
"object_relation": "permalink",
|
|
|
|
"timestamp": "1591602950",
|
|
|
|
"to_ids": false,
|
|
|
|
"type": "link",
|
|
|
|
"uuid": "516ba4c2-9c7a-425d-b1ed-b5c1e93609f3",
|
|
|
|
"value": "https://www.virustotal.com/gui/file/57f40bc3fe0c0fe4bb253a802a23b56601ded98a432f865859cdb5027c88fc9c/detection/f-57f40bc3fe0c0fe4bb253a802a23b56601ded98a432f865859cdb5027c88fc9c-1591519642"
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"category": "Payload delivery",
|
|
|
|
"comment": "# get2 c2: shr-links.com",
|
|
|
|
"deleted": false,
|
|
|
|
"disable_correlation": true,
|
|
|
|
"object_relation": "detection-ratio",
|
|
|
|
"timestamp": "1591602950",
|
|
|
|
"to_ids": false,
|
|
|
|
"type": "text",
|
|
|
|
"uuid": "0fb1ef36-db6b-4d1c-a020-72253c2aef7c",
|
|
|
|
"value": "35/62"
|
|
|
|
}
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"comment": "",
|
|
|
|
"deleted": false,
|
|
|
|
"description": "File object describing a file with meta-information",
|
|
|
|
"meta-category": "file",
|
|
|
|
"name": "file",
|
|
|
|
"template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215",
|
|
|
|
"template_version": "17",
|
|
|
|
"timestamp": "1591603076",
|
|
|
|
"uuid": "4da1b519-23b0-402a-8b34-d437762fad79",
|
|
|
|
"ObjectReference": [
|
|
|
|
{
|
|
|
|
"comment": "",
|
|
|
|
"object_uuid": "4da1b519-23b0-402a-8b34-d437762fad79",
|
|
|
|
"referenced_uuid": "13c32f52-9300-41ee-a3a5-737aadb8b84c",
|
|
|
|
"relationship_type": "analysed-with",
|
|
|
|
"timestamp": "1591603081",
|
|
|
|
"uuid": "5eddef89-a43c-4d4a-a1d2-42d702de0b81"
|
|
|
|
}
|
|
|
|
],
|
|
|
|
"Attribute": [
|
|
|
|
{
|
|
|
|
"category": "Payload delivery",
|
|
|
|
"comment": "# get2 c2: shr-links.com",
|
|
|
|
"deleted": false,
|
|
|
|
"disable_correlation": false,
|
|
|
|
"object_relation": "md5",
|
|
|
|
"timestamp": "1591602950",
|
|
|
|
"to_ids": true,
|
|
|
|
"type": "md5",
|
|
|
|
"uuid": "2d0ef5b9-6410-48bf-bdfc-87931e643c8e",
|
|
|
|
"value": "b8e872c70a524be967a7433da70cb290"
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"category": "Payload delivery",
|
|
|
|
"comment": "# get2 c2: shr-links.com",
|
|
|
|
"deleted": false,
|
|
|
|
"disable_correlation": false,
|
|
|
|
"object_relation": "sha1",
|
|
|
|
"timestamp": "1591602950",
|
|
|
|
"to_ids": true,
|
|
|
|
"type": "sha1",
|
|
|
|
"uuid": "be1161b1-1233-4f4f-87a7-697c70268978",
|
|
|
|
"value": "6fa99b401074456c2c2780031f0f468645049b0e"
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"category": "Payload delivery",
|
|
|
|
"comment": "# get2 c2: shr-links.com",
|
|
|
|
"deleted": false,
|
|
|
|
"disable_correlation": false,
|
|
|
|
"object_relation": "sha256",
|
|
|
|
"timestamp": "1591602950",
|
|
|
|
"to_ids": true,
|
|
|
|
"type": "sha256",
|
|
|
|
"uuid": "4fa5dbff-5dce-415f-9d2a-ba593c96b726",
|
|
|
|
"value": "fff1078e1fd6595676a83b18639c6426daf5a78aab1295e185f5fa1d5b448106"
|
|
|
|
}
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"comment": "",
|
|
|
|
"deleted": false,
|
|
|
|
"description": "VirusTotal report",
|
|
|
|
"meta-category": "misc",
|
|
|
|
"name": "virustotal-report",
|
|
|
|
"template_uuid": "d7dd0154-e04f-4c34-a2fb-79f3a3a52aa4",
|
|
|
|
"template_version": "2",
|
|
|
|
"timestamp": "1591603076",
|
|
|
|
"uuid": "13c32f52-9300-41ee-a3a5-737aadb8b84c",
|
|
|
|
"Attribute": [
|
|
|
|
{
|
|
|
|
"category": "Other",
|
|
|
|
"comment": "# get2 c2: shr-links.com",
|
|
|
|
"deleted": false,
|
|
|
|
"disable_correlation": false,
|
|
|
|
"object_relation": "last-submission",
|
|
|
|
"timestamp": "1591602950",
|
|
|
|
"to_ids": false,
|
|
|
|
"type": "datetime",
|
|
|
|
"uuid": "70c5c217-da64-4d8b-ad32-ea765fff96e9",
|
|
|
|
"value": "2020-06-07T08:47:46+00:00"
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"category": "Payload delivery",
|
|
|
|
"comment": "# get2 c2: shr-links.com",
|
|
|
|
"deleted": false,
|
|
|
|
"disable_correlation": false,
|
|
|
|
"object_relation": "permalink",
|
|
|
|
"timestamp": "1591602950",
|
|
|
|
"to_ids": false,
|
|
|
|
"type": "link",
|
|
|
|
"uuid": "24c19c1f-0394-4edf-bc80-4f6b742913fd",
|
|
|
|
"value": "https://www.virustotal.com/gui/file/fff1078e1fd6595676a83b18639c6426daf5a78aab1295e185f5fa1d5b448106/detection/f-fff1078e1fd6595676a83b18639c6426daf5a78aab1295e185f5fa1d5b448106-1591519666"
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"category": "Payload delivery",
|
|
|
|
"comment": "# get2 c2: shr-links.com",
|
|
|
|
"deleted": false,
|
|
|
|
"disable_correlation": true,
|
|
|
|
"object_relation": "detection-ratio",
|
|
|
|
"timestamp": "1591602950",
|
|
|
|
"to_ids": false,
|
|
|
|
"type": "text",
|
|
|
|
"uuid": "f2408b91-7234-424a-a2db-41446bc8b8bc",
|
|
|
|
"value": "36/62"
|
|
|
|
}
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"comment": "",
|
|
|
|
"deleted": false,
|
|
|
|
"description": "File object describing a file with meta-information",
|
|
|
|
"meta-category": "file",
|
|
|
|
"name": "file",
|
|
|
|
"template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215",
|
|
|
|
"template_version": "17",
|
|
|
|
"timestamp": "1591603076",
|
|
|
|
"uuid": "98449839-4254-41f0-ba02-1a917d2d76d0",
|
|
|
|
"ObjectReference": [
|
|
|
|
{
|
|
|
|
"comment": "",
|
|
|
|
"object_uuid": "98449839-4254-41f0-ba02-1a917d2d76d0",
|
|
|
|
"referenced_uuid": "f872ca96-df69-4655-8c09-8dd8cc8e0af8",
|
|
|
|
"relationship_type": "analysed-with",
|
|
|
|
"timestamp": "1591603081",
|
|
|
|
"uuid": "5eddef89-a3f4-4045-84f6-410102de0b81"
|
|
|
|
}
|
|
|
|
],
|
|
|
|
"Attribute": [
|
|
|
|
{
|
|
|
|
"category": "Payload delivery",
|
|
|
|
"comment": "# get2 c2: shr-links.com",
|
|
|
|
"deleted": false,
|
|
|
|
"disable_correlation": false,
|
|
|
|
"object_relation": "md5",
|
|
|
|
"timestamp": "1591602950",
|
|
|
|
"to_ids": true,
|
|
|
|
"type": "md5",
|
|
|
|
"uuid": "4856a4d8-d3e2-4b8d-aef7-582a718d5449",
|
|
|
|
"value": "e249d3d1c0832edf6420f57d74a22a6a"
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"category": "Payload delivery",
|
|
|
|
"comment": "# get2 c2: shr-links.com",
|
|
|
|
"deleted": false,
|
|
|
|
"disable_correlation": false,
|
|
|
|
"object_relation": "sha1",
|
|
|
|
"timestamp": "1591602950",
|
|
|
|
"to_ids": true,
|
|
|
|
"type": "sha1",
|
|
|
|
"uuid": "e1270199-d16f-4e44-bfe4-ba55e65e4aa7",
|
|
|
|
"value": "46526876907d34bc399578045e1fbce8d4e90cc3"
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"category": "Payload delivery",
|
|
|
|
"comment": "# get2 c2: shr-links.com",
|
|
|
|
"deleted": false,
|
|
|
|
"disable_correlation": false,
|
|
|
|
"object_relation": "sha256",
|
|
|
|
"timestamp": "1591602950",
|
|
|
|
"to_ids": true,
|
|
|
|
"type": "sha256",
|
|
|
|
"uuid": "19078fde-1bb7-4726-8583-1ee0e98bd471",
|
|
|
|
"value": "7e63e4191deaec39a8876a53afba51f7422ab46452916eab894f4884b70d82f6"
|
|
|
|
}
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"comment": "",
|
|
|
|
"deleted": false,
|
|
|
|
"description": "VirusTotal report",
|
|
|
|
"meta-category": "misc",
|
|
|
|
"name": "virustotal-report",
|
|
|
|
"template_uuid": "d7dd0154-e04f-4c34-a2fb-79f3a3a52aa4",
|
|
|
|
"template_version": "2",
|
|
|
|
"timestamp": "1591603078",
|
|
|
|
"uuid": "f872ca96-df69-4655-8c09-8dd8cc8e0af8",
|
|
|
|
"Attribute": [
|
|
|
|
{
|
|
|
|
"category": "Other",
|
|
|
|
"comment": "# get2 c2: shr-links.com",
|
|
|
|
"deleted": false,
|
|
|
|
"disable_correlation": false,
|
|
|
|
"object_relation": "last-submission",
|
|
|
|
"timestamp": "1591602950",
|
|
|
|
"to_ids": false,
|
|
|
|
"type": "datetime",
|
|
|
|
"uuid": "c24c82a6-0d66-4ac2-b0d5-fc0e8ad59b40",
|
|
|
|
"value": "2020-06-07T08:47:53+00:00"
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"category": "Payload delivery",
|
|
|
|
"comment": "# get2 c2: shr-links.com",
|
|
|
|
"deleted": false,
|
|
|
|
"disable_correlation": false,
|
|
|
|
"object_relation": "permalink",
|
|
|
|
"timestamp": "1591602950",
|
|
|
|
"to_ids": false,
|
|
|
|
"type": "link",
|
|
|
|
"uuid": "858539ae-143a-4f38-aba6-735c7e6ce953",
|
|
|
|
"value": "https://www.virustotal.com/gui/file/7e63e4191deaec39a8876a53afba51f7422ab46452916eab894f4884b70d82f6/detection/f-7e63e4191deaec39a8876a53afba51f7422ab46452916eab894f4884b70d82f6-1591519673"
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"category": "Payload delivery",
|
|
|
|
"comment": "# get2 c2: shr-links.com",
|
|
|
|
"deleted": false,
|
|
|
|
"disable_correlation": true,
|
|
|
|
"object_relation": "detection-ratio",
|
|
|
|
"timestamp": "1591602950",
|
|
|
|
"to_ids": false,
|
|
|
|
"type": "text",
|
|
|
|
"uuid": "5870e31f-b2b0-49ac-913e-c1ad3bf4e5c2",
|
|
|
|
"value": "35/61"
|
|
|
|
}
|
|
|
|
]
|
|
|
|
}
|
|
|
|
]
|
|
|
|
}
|
|
|
|
}
|