7413 lines
251 KiB
JSON
7413 lines
251 KiB
JSON
|
{
|
||
|
"Event": {
|
||
|
"analysis": "2",
|
||
|
"date": "2018-01-11",
|
||
|
"extends_uuid": "",
|
||
|
"info": "OSINT - Mac Malware of 2017",
|
||
|
"publish_timestamp": "1518771610",
|
||
|
"published": true,
|
||
|
"threat_level_id": "3",
|
||
|
"timestamp": "1518231708",
|
||
|
"uuid": "5a5724c6-5e20-4d61-9ccb-4191950d210f",
|
||
|
"Orgc": {
|
||
|
"name": "CIRCL",
|
||
|
"uuid": "55f6ea5e-2c60-40e5-964f-47a8950d210f"
|
||
|
},
|
||
|
"Tag": [
|
||
|
{
|
||
|
"colour": "#0088cc",
|
||
|
"name": "misp-galaxy:tool=\"FruitFly\""
|
||
|
},
|
||
|
{
|
||
|
"colour": "#0088cc",
|
||
|
"name": "misp-galaxy:tool=\"MacDownloader\""
|
||
|
},
|
||
|
{
|
||
|
"colour": "#0088cc",
|
||
|
"name": "misp-galaxy:ransomware=\"MacRansom\""
|
||
|
},
|
||
|
{
|
||
|
"colour": "#0088cc",
|
||
|
"name": "misp-galaxy:rat=\"MacSpy\""
|
||
|
},
|
||
|
{
|
||
|
"colour": "#0088cc",
|
||
|
"name": "misp-galaxy:tool=\"Empyre\""
|
||
|
},
|
||
|
{
|
||
|
"colour": "#0088cc",
|
||
|
"name": "misp-galaxy:tool=\"Proton\""
|
||
|
},
|
||
|
{
|
||
|
"colour": "#0088cc",
|
||
|
"name": "misp-galaxy:tool=\"Mughthesec\""
|
||
|
},
|
||
|
{
|
||
|
"colour": "#0088cc",
|
||
|
"name": "misp-galaxy:tool=\"Pwnet\""
|
||
|
},
|
||
|
{
|
||
|
"colour": "#0088cc",
|
||
|
"name": "misp-galaxy:tool=\"CpuMeaner\""
|
||
|
},
|
||
|
{
|
||
|
"colour": "#0088cc",
|
||
|
"name": "misp-galaxy:ransomware=\"FileCoder\""
|
||
|
},
|
||
|
{
|
||
|
"colour": "#0088cc",
|
||
|
"name": "misp-galaxy:banker=\"Dok\""
|
||
|
},
|
||
|
{
|
||
|
"colour": "#0088cc",
|
||
|
"name": "misp-galaxy:mitre-malware=\"XAgentOSX\""
|
||
|
},
|
||
|
{
|
||
|
"colour": "#0c9800",
|
||
|
"name": "misp-galaxy:tool=\"X-Agent\""
|
||
|
},
|
||
|
{
|
||
|
"colour": "#065100",
|
||
|
"name": "misp-galaxy:tool=\"Turla\""
|
||
|
},
|
||
|
{
|
||
|
"colour": "#00223b",
|
||
|
"name": "osint:source-type=\"blog-post\""
|
||
|
},
|
||
|
{
|
||
|
"colour": "#002b4a",
|
||
|
"name": "osint:source-type=\"technical-report\""
|
||
|
},
|
||
|
{
|
||
|
"colour": "#ffffff",
|
||
|
"name": "tlp:white"
|
||
|
},
|
||
|
{
|
||
|
"colour": "#2c4f00",
|
||
|
"name": "malware_classification:malware-category=\"Ransomware\""
|
||
|
},
|
||
|
{
|
||
|
"colour": "#002f76",
|
||
|
"name": "ms-caro-malware-full:malware-family=\"Banker\""
|
||
|
},
|
||
|
{
|
||
|
"colour": "#3b7500",
|
||
|
"name": "circl:incident-classification=\"malware\""
|
||
|
},
|
||
|
{
|
||
|
"colour": "#284800",
|
||
|
"name": "malware_classification:malware-category=\"Trojan\""
|
||
|
}
|
||
|
],
|
||
|
"Attribute": [
|
||
|
{
|
||
|
"category": "External analysis",
|
||
|
"comment": "",
|
||
|
"deleted": false,
|
||
|
"disable_correlation": false,
|
||
|
"timestamp": "1518185582",
|
||
|
"to_ids": false,
|
||
|
"type": "link",
|
||
|
"uuid": "5a5725af-c85c-4245-9e36-442b950d210f",
|
||
|
"value": "https://objective-see.com/blog/blog_0x25.html",
|
||
|
"Tag": [
|
||
|
{
|
||
|
"colour": "#00223b",
|
||
|
"name": "osint:source-type=\"blog-post\""
|
||
|
}
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"category": "External analysis",
|
||
|
"comment": "",
|
||
|
"deleted": false,
|
||
|
"disable_correlation": false,
|
||
|
"timestamp": "1518185582",
|
||
|
"to_ids": false,
|
||
|
"type": "comment",
|
||
|
"uuid": "5a5726ab-e594-48e0-9f19-099b950d210f",
|
||
|
"value": "For the second year in a row, I've decided to post a blog that comprehensively covers all the new Mac malware that appeared during the course of the year. While the specimens may have been briefly reported on before (i.e. by the AV company that discovered them), this blog aims to cumulatively cover all new Mac malware of 2017 - in one place. For each, we'll dive into various technical details such as identifying the malware's infection vector, persistence mechanism, features & goals, and describe how to clean an infected system.",
|
||
|
"Tag": [
|
||
|
{
|
||
|
"colour": "#00223b",
|
||
|
"name": "osint:source-type=\"blog-post\""
|
||
|
}
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"category": "External analysis",
|
||
|
"comment": "",
|
||
|
"deleted": false,
|
||
|
"disable_correlation": false,
|
||
|
"timestamp": "1518185582",
|
||
|
"to_ids": false,
|
||
|
"type": "link",
|
||
|
"uuid": "5a58693b-6748-42fb-8b4e-4507950d210f",
|
||
|
"value": "https://www.virusbulletin.com/uploads/pdf/magazine/2017/VB2017-Wardle.pdf",
|
||
|
"Tag": [
|
||
|
{
|
||
|
"colour": "#002b4a",
|
||
|
"name": "osint:source-type=\"technical-report\""
|
||
|
}
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"category": "External analysis",
|
||
|
"comment": "",
|
||
|
"deleted": false,
|
||
|
"disable_correlation": false,
|
||
|
"timestamp": "1518185582",
|
||
|
"to_ids": false,
|
||
|
"type": "link",
|
||
|
"uuid": "5a58693c-6350-40a4-9cf2-4b13950d210f",
|
||
|
"value": "https://www.cybersixgill.com/wp-content/uploads/2017/02/02072017%20-%20Proton%20-%20A%20New%20MAC%20OS%20RAT%20-%20Sixgill%20Threat%20Report.pdf",
|
||
|
"Tag": [
|
||
|
{
|
||
|
"colour": "#002b4a",
|
||
|
"name": "osint:source-type=\"technical-report\""
|
||
|
}
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"category": "External analysis",
|
||
|
"comment": "",
|
||
|
"deleted": false,
|
||
|
"disable_correlation": false,
|
||
|
"timestamp": "1518185583",
|
||
|
"to_ids": false,
|
||
|
"type": "link",
|
||
|
"uuid": "5a586a6e-9420-44eb-9341-420d950d210f",
|
||
|
"value": "https://blog.malwarebytes.com/threat-analysis/2017/01/new-mac-backdoor-using-antiquated-code/"
|
||
|
},
|
||
|
{
|
||
|
"category": "External analysis",
|
||
|
"comment": "",
|
||
|
"deleted": false,
|
||
|
"disable_correlation": false,
|
||
|
"timestamp": "1518185583",
|
||
|
"to_ids": false,
|
||
|
"type": "link",
|
||
|
"uuid": "5a586a6f-c7e0-4330-a459-4a3f950d210f",
|
||
|
"value": "https://objective-see.com/blog/blog_0x17.html"
|
||
|
},
|
||
|
{
|
||
|
"category": "External analysis",
|
||
|
"comment": "",
|
||
|
"deleted": false,
|
||
|
"disable_correlation": false,
|
||
|
"timestamp": "1518185584",
|
||
|
"to_ids": false,
|
||
|
"type": "link",
|
||
|
"uuid": "5a586a6f-7aa0-4a57-bad2-4a74950d210f",
|
||
|
"value": "https://blog.malwarebytes.com/threat-analysis/mac-threat-analysis/2017/11/osx-proton-spreading-through-fake-symantec-blog/"
|
||
|
},
|
||
|
{
|
||
|
"category": "External analysis",
|
||
|
"comment": "",
|
||
|
"deleted": false,
|
||
|
"disable_correlation": false,
|
||
|
"timestamp": "1518185584",
|
||
|
"to_ids": false,
|
||
|
"type": "link",
|
||
|
"uuid": "5a586a6f-b1f0-4118-a840-4916950d210f",
|
||
|
"value": "https://iranthreats.github.io/resources/macdownloader-macos-malware/"
|
||
|
},
|
||
|
{
|
||
|
"category": "External analysis",
|
||
|
"comment": "",
|
||
|
"deleted": false,
|
||
|
"disable_correlation": false,
|
||
|
"timestamp": "1518185584",
|
||
|
"to_ids": false,
|
||
|
"type": "link",
|
||
|
"uuid": "5a586a6f-bdc0-4812-a215-4367950d210f",
|
||
|
"value": "https://www.welivesecurity.com/2017/10/20/osx-proton-supply-chain-attack-elmedia/",
|
||
|
"Tag": [
|
||
|
{
|
||
|
"colour": "#00223b",
|
||
|
"name": "osint:source-type=\"blog-post\""
|
||
|
}
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"category": "External analysis",
|
||
|
"comment": "",
|
||
|
"deleted": false,
|
||
|
"disable_correlation": false,
|
||
|
"timestamp": "1518185585",
|
||
|
"to_ids": false,
|
||
|
"type": "link",
|
||
|
"uuid": "5a586a6f-5334-4881-9275-4493950d210f",
|
||
|
"value": "https://objective-see.com/blog/blog_0x1F.html",
|
||
|
"Tag": [
|
||
|
{
|
||
|
"colour": "#00223b",
|
||
|
"name": "osint:source-type=\"blog-post\""
|
||
|
}
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"category": "External analysis",
|
||
|
"comment": "",
|
||
|
"deleted": false,
|
||
|
"disable_correlation": false,
|
||
|
"timestamp": "1518185585",
|
||
|
"to_ids": false,
|
||
|
"type": "link",
|
||
|
"uuid": "5a586a6f-8e08-456a-95b3-44ca950d210f",
|
||
|
"value": "https://researchcenter.paloaltonetworks.com/2017/02/unit42-xagentosx-sofacys-xagent-macos-tool/",
|
||
|
"Tag": [
|
||
|
{
|
||
|
"colour": "#00223b",
|
||
|
"name": "osint:source-type=\"blog-post\""
|
||
|
}
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"category": "External analysis",
|
||
|
"comment": "",
|
||
|
"deleted": false,
|
||
|
"disable_correlation": false,
|
||
|
"timestamp": "1518185586",
|
||
|
"to_ids": false,
|
||
|
"type": "link",
|
||
|
"uuid": "5a586a6f-387c-4485-90b5-420b950d210f",
|
||
|
"value": "https://www.welivesecurity.com/2017/02/22/new-crypto-ransomware-hits-macos/",
|
||
|
"Tag": [
|
||
|
{
|
||
|
"colour": "#00223b",
|
||
|
"name": "osint:source-type=\"blog-post\""
|
||
|
}
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"category": "External analysis",
|
||
|
"comment": "",
|
||
|
"deleted": false,
|
||
|
"disable_correlation": false,
|
||
|
"timestamp": "1518185586",
|
||
|
"to_ids": false,
|
||
|
"type": "link",
|
||
|
"uuid": "5a586a6f-6ee0-4bb2-9ea3-41e5950d210f",
|
||
|
"value": "https://blog.checkpoint.com/2017/04/27/osx-malware-catching-wants-read-https-traffic/",
|
||
|
"Tag": [
|
||
|
{
|
||
|
"colour": "#00223b",
|
||
|
"name": "osint:source-type=\"blog-post\""
|
||
|
}
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"category": "External analysis",
|
||
|
"comment": "",
|
||
|
"deleted": false,
|
||
|
"disable_correlation": false,
|
||
|
"timestamp": "1518185586",
|
||
|
"to_ids": false,
|
||
|
"type": "link",
|
||
|
"uuid": "5a586a6f-1b60-43b2-88a3-4966950d210f",
|
||
|
"value": "https://blog.malwarebytes.com/threat-analysis/2017/04/new-osx-dok-malware-intercepts-web-traffic/",
|
||
|
"Tag": [
|
||
|
{
|
||
|
"colour": "#00223b",
|
||
|
"name": "osint:source-type=\"blog-post\""
|
||
|
}
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"category": "External analysis",
|
||
|
"comment": "",
|
||
|
"deleted": false,
|
||
|
"disable_correlation": false,
|
||
|
"timestamp": "1518185587",
|
||
|
"to_ids": false,
|
||
|
"type": "link",
|
||
|
"uuid": "5a586a6f-8dac-4932-9d31-40e3950d210f",
|
||
|
"value": "https://objective-see.com/blog/blog_0x18.html",
|
||
|
"Tag": [
|
||
|
{
|
||
|
"colour": "#00223b",
|
||
|
"name": "osint:source-type=\"blog-post\""
|
||
|
}
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"category": "External analysis",
|
||
|
"comment": "",
|
||
|
"deleted": false,
|
||
|
"disable_correlation": false,
|
||
|
"timestamp": "1518185587",
|
||
|
"to_ids": false,
|
||
|
"type": "link",
|
||
|
"uuid": "5a586a6f-3130-4211-9d3e-47e1950d210f",
|
||
|
"value": "https://blog.malwarebytes.com/threat-analysis/2017/05/snake-malware-ported-windows-mac/",
|
||
|
"Tag": [
|
||
|
{
|
||
|
"colour": "#00223b",
|
||
|
"name": "osint:source-type=\"blog-post\""
|
||
|
}
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"category": "External analysis",
|
||
|
"comment": "",
|
||
|
"deleted": false,
|
||
|
"disable_correlation": false,
|
||
|
"timestamp": "1518185588",
|
||
|
"to_ids": false,
|
||
|
"type": "link",
|
||
|
"uuid": "5a586a6f-d9c8-45d5-9a8d-4246950d210f",
|
||
|
"value": "https://blog.fox-it.com/2017/05/03/snake-coming-soon-in-mac-os-x-flavour/",
|
||
|
"Tag": [
|
||
|
{
|
||
|
"colour": "#00223b",
|
||
|
"name": "osint:source-type=\"blog-post\""
|
||
|
}
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"category": "Network activity",
|
||
|
"comment": "command and control (C&C) servers",
|
||
|
"deleted": false,
|
||
|
"disable_correlation": false,
|
||
|
"timestamp": "1518185588",
|
||
|
"to_ids": true,
|
||
|
"type": "ip-dst",
|
||
|
"uuid": "5a586d3d-d860-4ac4-83d1-4457950d210f",
|
||
|
"value": "99.153.29.240"
|
||
|
},
|
||
|
{
|
||
|
"category": "Network activity",
|
||
|
"comment": "command and control (C&C) servers",
|
||
|
"deleted": false,
|
||
|
"disable_correlation": false,
|
||
|
"timestamp": "1518185588",
|
||
|
"to_ids": true,
|
||
|
"type": "hostname",
|
||
|
"uuid": "5a586d3d-d274-479d-83c9-4b8f950d210f",
|
||
|
"value": "eidk.hopto.org"
|
||
|
},
|
||
|
{
|
||
|
"category": "Payload delivery",
|
||
|
"comment": "",
|
||
|
"deleted": false,
|
||
|
"disable_correlation": false,
|
||
|
"timestamp": "1515745492",
|
||
|
"to_ids": true,
|
||
|
"type": "sha256",
|
||
|
"uuid": "5a5870d4-b0a0-42b8-85d7-45c3950d210f",
|
||
|
"value": "94cc470c0fdd60570e58682aa7619d665eb710e3407d1f9685b7b00bf26f9647"
|
||
|
},
|
||
|
{
|
||
|
"category": "Payload delivery",
|
||
|
"comment": "",
|
||
|
"deleted": false,
|
||
|
"disable_correlation": false,
|
||
|
"timestamp": "1515745492",
|
||
|
"to_ids": true,
|
||
|
"type": "sha256",
|
||
|
"uuid": "5a5870d4-673c-4b17-a384-46df950d210f",
|
||
|
"value": "694b15d69264062e82d43e8ddb4a5efe4435574f8d91e29523c4298894b70c26"
|
||
|
},
|
||
|
{
|
||
|
"category": "Payload delivery",
|
||
|
"comment": "OSX/FruitFly, variant \u00e2\u20ac\u02dcB\u00e2\u20ac\u2122",
|
||
|
"deleted": false,
|
||
|
"disable_correlation": false,
|
||
|
"timestamp": "1515745704",
|
||
|
"to_ids": true,
|
||
|
"type": "sha256",
|
||
|
"uuid": "5a5871a8-b690-4501-9bb8-43cf950d210f",
|
||
|
"value": "befa9bfe488244c64db096522b4fad73fc01ea8c4cd0323f1cbdee81ba008271"
|
||
|
},
|
||
|
{
|
||
|
"category": "Network activity",
|
||
|
"comment": "",
|
||
|
"deleted": false,
|
||
|
"disable_correlation": false,
|
||
|
"timestamp": "1518185589",
|
||
|
"to_ids": true,
|
||
|
"type": "ip-dst",
|
||
|
"uuid": "5a5874a6-93e4-40c1-bcad-405b950d210f",
|
||
|
"value": "67.188.230.50"
|
||
|
},
|
||
|
{
|
||
|
"category": "Payload delivery",
|
||
|
"comment": "",
|
||
|
"deleted": false,
|
||
|
"disable_correlation": false,
|
||
|
"timestamp": "1518185589",
|
||
|
"to_ids": true,
|
||
|
"type": "filename",
|
||
|
"uuid": "5a5874a6-5d4c-46e9-a090-4ec9950d210f",
|
||
|
"value": "gro.otpoh.kdie"
|
||
|
},
|
||
|
{
|
||
|
"category": "Payload delivery",
|
||
|
"comment": "",
|
||
|
"deleted": false,
|
||
|
"disable_correlation": false,
|
||
|
"timestamp": "1518185590",
|
||
|
"to_ids": true,
|
||
|
"type": "filename",
|
||
|
"uuid": "5a5874a6-0fbc-4bcd-b43b-4a09950d210f",
|
||
|
"value": "gro.sndkcud.kdie"
|
||
|
},
|
||
|
{
|
||
|
"category": "Network activity",
|
||
|
"comment": "",
|
||
|
"deleted": false,
|
||
|
"disable_correlation": false,
|
||
|
"timestamp": "1518185590",
|
||
|
"to_ids": true,
|
||
|
"type": "hostname",
|
||
|
"uuid": "5a5874a6-8290-4544-9472-4222950d210f",
|
||
|
"value": "eidk.duckdns.org"
|
||
|
},
|
||
|
{
|
||
|
"category": "Payload delivery",
|
||
|
"comment": "",
|
||
|
"deleted": false,
|
||
|
"disable_correlation": false,
|
||
|
"timestamp": "1518185591",
|
||
|
"to_ids": true,
|
||
|
"type": "filename",
|
||
|
"uuid": "5a587b98-1324-48ec-bc3e-4949950d210f",
|
||
|
"value": "checkadr.txt"
|
||
|
},
|
||
|
{
|
||
|
"category": "Network activity",
|
||
|
"comment": "",
|
||
|
"deleted": false,
|
||
|
"disable_correlation": false,
|
||
|
"timestamp": "1518185591",
|
||
|
"to_ids": true,
|
||
|
"type": "url",
|
||
|
"uuid": "5a587b98-616c-412d-9933-4c69950d210f",
|
||
|
"value": "http://46.17.97.37/Servermac.php"
|
||
|
},
|
||
|
{
|
||
|
"category": "Payload delivery",
|
||
|
"comment": "",
|
||
|
"deleted": false,
|
||
|
"disable_correlation": false,
|
||
|
"timestamp": "1518185591",
|
||
|
"to_ids": true,
|
||
|
"type": "filename",
|
||
|
"uuid": "5a587b98-265c-4f10-91f4-4f9e950d210f",
|
||
|
"value": "eula-help.txt"
|
||
|
},
|
||
|
{
|
||
|
"category": "Network activity",
|
||
|
"comment": "",
|
||
|
"deleted": false,
|
||
|
"disable_correlation": false,
|
||
|
"timestamp": "1518185592",
|
||
|
"to_ids": true,
|
||
|
"type": "url",
|
||
|
"uuid": "5a587b98-3eec-4e65-b45e-4364950d210f",
|
||
|
"value": "http://192.168.3.217/DroperTest"
|
||
|
},
|
||
|
{
|
||
|
"category": "Payload delivery",
|
||
|
"comment": "",
|
||
|
"deleted": false,
|
||
|
"disable_correlation": false,
|
||
|
"timestamp": "1518185592",
|
||
|
"to_ids": true,
|
||
|
"type": "filename",
|
||
|
"uuid": "5a587b98-8cdc-4b4c-9072-4f66950d210f",
|
||
|
"value": "appId.txt"
|
||
|
},
|
||
|
{
|
||
|
"category": "Network activity",
|
||
|
"comment": "",
|
||
|
"deleted": false,
|
||
|
"disable_correlation": false,
|
||
|
"timestamp": "1518185592",
|
||
|
"to_ids": true,
|
||
|
"type": "ip-dst",
|
||
|
"uuid": "5a587d0d-e7cc-4f45-8596-4575950d210f",
|
||
|
"value": "46.17.97.37"
|
||
|
},
|
||
|
{
|
||
|
"category": "Network activity",
|
||
|
"comment": "",
|
||
|
"deleted": false,
|
||
|
"disable_correlation": false,
|
||
|
"timestamp": "1518185593",
|
||
|
"to_ids": true,
|
||
|
"type": "domain",
|
||
|
"uuid": "5a587d0d-7858-424b-aa19-4dc1950d210f",
|
||
|
"value": "officialswebsites.info"
|
||
|
},
|
||
|
{
|
||
|
"category": "Network activity",
|
||
|
"comment": "",
|
||
|
"deleted": false,
|
||
|
"disable_correlation": false,
|
||
|
"timestamp": "1518185593",
|
||
|
"to_ids": true,
|
||
|
"type": "hostname",
|
||
|
"uuid": "5a587d0d-abc0-4374-9497-4376950d210f",
|
||
|
"value": "utc.officialswebsites.info"
|
||
|
},
|
||
|
{
|
||
|
"category": "Network activity",
|
||
|
"comment": "",
|
||
|
"deleted": false,
|
||
|
"disable_correlation": false,
|
||
|
"timestamp": "1518185594",
|
||
|
"to_ids": true,
|
||
|
"type": "url",
|
||
|
"uuid": "5a587f73-26fc-49f3-bb30-4c1a950d210f",
|
||
|
"value": "https://www.securitychecking.org:443/index.asp"
|
||
|
},
|
||
|
{
|
||
|
"category": "Payload delivery",
|
||
|
"comment": "",
|
||
|
"deleted": false,
|
||
|
"disable_correlation": false,
|
||
|
"timestamp": "1515751831",
|
||
|
"to_ids": true,
|
||
|
"type": "sha256",
|
||
|
"uuid": "5a588997-15ac-4228-967b-4a1c950d210f",
|
||
|
"value": "128814f2b057aef1dd3e00f3749aed2a81e5ed03737311f2b1faab4ab2e6e2fe"
|
||
|
},
|
||
|
{
|
||
|
"category": "Network activity",
|
||
|
"comment": "command and control server",
|
||
|
"deleted": false,
|
||
|
"disable_correlation": false,
|
||
|
"timestamp": "1518185594",
|
||
|
"to_ids": true,
|
||
|
"type": "domain",
|
||
|
"uuid": "5a588b7d-77b4-43bb-a98f-4df2950d210f",
|
||
|
"value": "handbrake.biz"
|
||
|
},
|
||
|
{
|
||
|
"category": "Network activity",
|
||
|
"comment": "command and control server",
|
||
|
"deleted": false,
|
||
|
"disable_correlation": false,
|
||
|
"timestamp": "1518185594",
|
||
|
"to_ids": true,
|
||
|
"type": "domain",
|
||
|
"uuid": "5a588b7d-78e4-451b-997f-45ee950d210f",
|
||
|
"value": "handbrakestore.com"
|
||
|
},
|
||
|
{
|
||
|
"category": "Network activity",
|
||
|
"comment": "command and control server",
|
||
|
"deleted": false,
|
||
|
"disable_correlation": false,
|
||
|
"timestamp": "1518185595",
|
||
|
"to_ids": true,
|
||
|
"type": "domain",
|
||
|
"uuid": "5a588b7d-1500-4e04-b20a-41e7950d210f",
|
||
|
"value": "handbrake.cc"
|
||
|
},
|
||
|
{
|
||
|
"category": "Network activity",
|
||
|
"comment": "C2",
|
||
|
"deleted": false,
|
||
|
"disable_correlation": false,
|
||
|
"timestamp": "1518185595",
|
||
|
"to_ids": true,
|
||
|
"type": "url",
|
||
|
"uuid": "5a588c8c-c138-4cc7-84b9-421a950d210f",
|
||
|
"value": "http://23.227.196.215/"
|
||
|
},
|
||
|
{
|
||
|
"category": "Network activity",
|
||
|
"comment": "C2",
|
||
|
"deleted": false,
|
||
|
"disable_correlation": false,
|
||
|
"timestamp": "1518185596",
|
||
|
"to_ids": true,
|
||
|
"type": "url",
|
||
|
"uuid": "5a588c8d-f950-4fc4-aa8a-4942950d210f",
|
||
|
"value": "http://apple-iclods.org/"
|
||
|
},
|
||
|
{
|
||
|
"category": "Network activity",
|
||
|
"comment": "C2",
|
||
|
"deleted": false,
|
||
|
"disable_correlation": false,
|
||
|
"timestamp": "1518185596",
|
||
|
"to_ids": true,
|
||
|
"type": "url",
|
||
|
"uuid": "5a588c8d-2f50-4f57-bdeb-48bf950d210f",
|
||
|
"value": "http://apple-checker.org/"
|
||
|
},
|
||
|
{
|
||
|
"category": "Network activity",
|
||
|
"comment": "C2",
|
||
|
"deleted": false,
|
||
|
"disable_correlation": false,
|
||
|
"timestamp": "1518185596",
|
||
|
"to_ids": true,
|
||
|
"type": "url",
|
||
|
"uuid": "5a588c8d-0c00-4303-b758-4d53950d210f",
|
||
|
"value": "http://apple-uptoday.org/"
|
||
|
},
|
||
|
{
|
||
|
"category": "Network activity",
|
||
|
"comment": "C2",
|
||
|
"deleted": false,
|
||
|
"disable_correlation": false,
|
||
|
"timestamp": "1518185597",
|
||
|
"to_ids": true,
|
||
|
"type": "url",
|
||
|
"uuid": "5a588c8d-4ba8-4400-84dd-47e9950d210f",
|
||
|
"value": "http://apple-search.info"
|
||
|
},
|
||
|
{
|
||
|
"category": "Network activity",
|
||
|
"comment": "",
|
||
|
"deleted": false,
|
||
|
"disable_correlation": false,
|
||
|
"timestamp": "1518185597",
|
||
|
"to_ids": true,
|
||
|
"type": "ip-dst",
|
||
|
"uuid": "5a588cd4-2674-48e6-ba6d-4936950d210f",
|
||
|
"value": "23.227.196.215"
|
||
|
},
|
||
|
{
|
||
|
"category": "Network activity",
|
||
|
"comment": "",
|
||
|
"deleted": false,
|
||
|
"disable_correlation": false,
|
||
|
"timestamp": "1518185597",
|
||
|
"to_ids": true,
|
||
|
"type": "domain",
|
||
|
"uuid": "5a588cd4-296c-4c6b-b525-447d950d210f",
|
||
|
"value": "apple-iclods.org"
|
||
|
},
|
||
|
{
|
||
|
"category": "Network activity",
|
||
|
"comment": "",
|
||
|
"deleted": false,
|
||
|
"disable_correlation": false,
|
||
|
"timestamp": "1518185598",
|
||
|
"to_ids": true,
|
||
|
"type": "domain",
|
||
|
"uuid": "5a588cd4-0e2c-4f16-9612-4c46950d210f",
|
||
|
"value": "apple-checker.org"
|
||
|
},
|
||
|
{
|
||
|
"category": "Network activity",
|
||
|
"comment": "",
|
||
|
"deleted": false,
|
||
|
"disable_correlation": false,
|
||
|
"timestamp": "1518185598",
|
||
|
"to_ids": true,
|
||
|
"type": "domain",
|
||
|
"uuid": "5a588cd4-1bd4-4974-80cc-46b5950d210f",
|
||
|
"value": "apple-uptoday.org"
|
||
|
},
|
||
|
{
|
||
|
"category": "Network activity",
|
||
|
"comment": "",
|
||
|
"deleted": false,
|
||
|
"disable_correlation": false,
|
||
|
"timestamp": "1518185599",
|
||
|
"to_ids": true,
|
||
|
"type": "domain",
|
||
|
"uuid": "5a588cd4-83a8-4070-85fe-4751950d210f",
|
||
|
"value": "apple-search.info"
|
||
|
},
|
||
|
{
|
||
|
"category": "Network activity",
|
||
|
"comment": "",
|
||
|
"deleted": false,
|
||
|
"disable_correlation": false,
|
||
|
"timestamp": "1518185599",
|
||
|
"to_ids": true,
|
||
|
"type": "ip-dst",
|
||
|
"uuid": "5a588cd4-dcc0-4d12-b524-4832950d210f",
|
||
|
"value": "23.227.196.217"
|
||
|
},
|
||
|
{
|
||
|
"category": "Payload delivery",
|
||
|
"comment": "",
|
||
|
"deleted": false,
|
||
|
"disable_correlation": false,
|
||
|
"timestamp": "1515752681",
|
||
|
"to_ids": true,
|
||
|
"type": "sha256",
|
||
|
"uuid": "5a588ce9-3f18-41de-a8f3-6247950d210f",
|
||
|
"value": "2a854997a44f4ba7e307d408ea2d9c1d84dde035c5dab830689aa45c5b5746ea"
|
||
|
},
|
||
|
{
|
||
|
"category": "Network activity",
|
||
|
"comment": "Proton C2 domain",
|
||
|
"deleted": false,
|
||
|
"disable_correlation": false,
|
||
|
"timestamp": "1518185600",
|
||
|
"to_ids": true,
|
||
|
"type": "domain",
|
||
|
"uuid": "5a588edc-55c8-4142-9d86-40aa950d210f",
|
||
|
"value": "eltima.in"
|
||
|
},
|
||
|
{
|
||
|
"category": "Network activity",
|
||
|
"comment": "URL distributing the trojanized application at the time of discovery.",
|
||
|
"deleted": false,
|
||
|
"disable_correlation": false,
|
||
|
"timestamp": "1518185600",
|
||
|
"to_ids": true,
|
||
|
"type": "url",
|
||
|
"uuid": "5a588efe-f068-422e-8209-4f30950d210f",
|
||
|
"value": "https://mac.eltima.com/download/elmediaplayer.dmg"
|
||
|
},
|
||
|
{
|
||
|
"category": "Network activity",
|
||
|
"comment": "URL distributing the trojanized application at the time of discovery.",
|
||
|
"deleted": false,
|
||
|
"disable_correlation": false,
|
||
|
"timestamp": "1518185600",
|
||
|
"to_ids": true,
|
||
|
"type": "url",
|
||
|
"uuid": "5a588efe-b770-4240-918f-40d0950d210f",
|
||
|
"value": "http://www.elmedia-video-player.com/download/elmediaplayer.dmg"
|
||
|
},
|
||
|
{
|
||
|
"category": "Network activity",
|
||
|
"comment": "URL distributing the trojanized application at the time of discovery.",
|
||
|
"deleted": false,
|
||
|
"disable_correlation": false,
|
||
|
"timestamp": "1518185601",
|
||
|
"to_ids": true,
|
||
|
"type": "url",
|
||
|
"uuid": "5a588efe-6e7c-49fa-88b0-4926950d210f",
|
||
|
"value": "https://mac.eltima.com/download/downloader_mac.dmg"
|
||
|
},
|
||
|
{
|
||
|
"category": "Payload delivery",
|
||
|
"comment": "ZIP archive with the Proton malware and Python scripts",
|
||
|
"deleted": false,
|
||
|
"disable_correlation": false,
|
||
|
"timestamp": "1515753408",
|
||
|
"to_ids": true,
|
||
|
"type": "sha1",
|
||
|
"uuid": "5a588fc0-2f8c-44e1-8bc0-4901950d210f",
|
||
|
"value": "10a09c09fd5dd76202e308718a357abc7de291b5"
|
||
|
},
|
||
|
{
|
||
|
"category": "Payload delivery",
|
||
|
"comment": "Launcher (or wrapper)",
|
||
|
"deleted": false,
|
||
|
"disable_correlation": false,
|
||
|
"timestamp": "1515754046",
|
||
|
"to_ids": true,
|
||
|
"type": "sha1",
|
||
|
"uuid": "5a58923e-99bc-4f6e-871e-4f47950d210f",
|
||
|
"value": "30d77908ac9d37c4c14d32ea3e0b8df4c7e75464"
|
||
|
},
|
||
|
{
|
||
|
"category": "Payload delivery",
|
||
|
"comment": "Proton malware, not signed",
|
||
|
"deleted": false,
|
||
|
"disable_correlation": false,
|
||
|
"timestamp": "1515754107",
|
||
|
"to_ids": true,
|
||
|
"type": "sha1",
|
||
|
"uuid": "5a58927b-3168-4cc8-8adb-45d5950d210f",
|
||
|
"value": "ef5a11a1bb5b2423554309688aa7947f4afa5388"
|
||
|
},
|
||
|
{
|
||
|
"category": "Network activity",
|
||
|
"comment": "",
|
||
|
"deleted": false,
|
||
|
"disable_correlation": false,
|
||
|
"timestamp": "1518185601",
|
||
|
"to_ids": true,
|
||
|
"type": "domain",
|
||
|
"uuid": "5a5892db-aadc-434f-b8d2-4545950d210f",
|
||
|
"value": "symantecblog.com"
|
||
|
},
|
||
|
{
|
||
|
"category": "Network activity",
|
||
|
"comment": "",
|
||
|
"deleted": false,
|
||
|
"disable_correlation": false,
|
||
|
"timestamp": "1518185602",
|
||
|
"to_ids": true,
|
||
|
"type": "domain",
|
||
|
"uuid": "5a58b14a-6e58-4ce3-8c6d-408b950d210f",
|
||
|
"value": "apple-iclods.net"
|
||
|
},
|
||
|
{
|
||
|
"category": "Network activity",
|
||
|
"comment": "",
|
||
|
"deleted": false,
|
||
|
"disable_correlation": false,
|
||
|
"timestamp": "1518185602",
|
||
|
"to_ids": true,
|
||
|
"type": "url",
|
||
|
"uuid": "5a58b167-75d4-4ae8-b97e-49b6950d210f",
|
||
|
"value": "http://23.227.196.215"
|
||
|
},
|
||
|
{
|
||
|
"category": "Network activity",
|
||
|
"comment": "",
|
||
|
"deleted": false,
|
||
|
"disable_correlation": false,
|
||
|
"timestamp": "1518185602",
|
||
|
"to_ids": true,
|
||
|
"type": "url",
|
||
|
"uuid": "5a58b167-8a0c-444d-b52f-4b59950d210f",
|
||
|
"value": "http://apple-iclods.org"
|
||
|
},
|
||
|
{
|
||
|
"category": "Network activity",
|
||
|
"comment": "",
|
||
|
"deleted": false,
|
||
|
"disable_correlation": false,
|
||
|
"timestamp": "1518185603",
|
||
|
"to_ids": true,
|
||
|
"type": "url",
|
||
|
"uuid": "5a58b167-c74c-41ef-9ae2-4f42950d210f",
|
||
|
"value": "http://apple-checker.org"
|
||
|
},
|
||
|
{
|
||
|
"category": "Network activity",
|
||
|
"comment": "",
|
||
|
"deleted": false,
|
||
|
"disable_correlation": false,
|
||
|
"timestamp": "1518185603",
|
||
|
"to_ids": true,
|
||
|
"type": "url",
|
||
|
"uuid": "5a58b167-1de8-4feb-a032-477d950d210f",
|
||
|
"value": "http://apple-uptoday.org"
|
||
|
},
|
||
|
{
|
||
|
"category": "Payload delivery",
|
||
|
"comment": "Dok",
|
||
|
"deleted": false,
|
||
|
"disable_correlation": false,
|
||
|
"timestamp": "1515765093",
|
||
|
"to_ids": true,
|
||
|
"type": "sha256",
|
||
|
"uuid": "5a58bd65-4eb8-43e1-9555-4f95950d210f",
|
||
|
"value": "3f0130cfd7bf61b8e8226dd4775319c7376a08ec019f9df12875e9ea55992e94"
|
||
|
},
|
||
|
{
|
||
|
"category": "Payload delivery",
|
||
|
"comment": "Dok",
|
||
|
"deleted": false,
|
||
|
"disable_correlation": false,
|
||
|
"timestamp": "1515765093",
|
||
|
"to_ids": true,
|
||
|
"type": "sha256",
|
||
|
"uuid": "5a58bd65-ec78-4531-82ff-439a950d210f",
|
||
|
"value": "cd93142f1e0bac1d73235515bc127f5f9634eafde0bea2d6c294bf3549d612b7"
|
||
|
},
|
||
|
{
|
||
|
"category": "Payload delivery",
|
||
|
"comment": "Dok",
|
||
|
"deleted": false,
|
||
|
"disable_correlation": false,
|
||
|
"timestamp": "1515765093",
|
||
|
"to_ids": true,
|
||
|
"type": "sha256",
|
||
|
"uuid": "5a58bd65-b0bc-4851-8266-4e43950d210f",
|
||
|
"value": "4252e482c9801463e6f684c71f70cb64a17ae74957ed8986f2401c653acae1d7"
|
||
|
},
|
||
|
{
|
||
|
"category": "Payload delivery",
|
||
|
"comment": "",
|
||
|
"deleted": false,
|
||
|
"disable_correlation": false,
|
||
|
"timestamp": "1515765454",
|
||
|
"to_ids": true,
|
||
|
"type": "sha256",
|
||
|
"uuid": "5a58bece-2560-4d95-bfdc-4996950d210f",
|
||
|
"value": "7819ae7d72fa045baa77e9c8e063a69df439146b27f9c3bb10aef52dcc77c145"
|
||
|
},
|
||
|
{
|
||
|
"category": "Payload delivery",
|
||
|
"comment": "",
|
||
|
"deleted": false,
|
||
|
"disable_correlation": false,
|
||
|
"timestamp": "1515765455",
|
||
|
"to_ids": true,
|
||
|
"type": "sha256",
|
||
|
"uuid": "5a58becf-33ac-4d37-bbee-4aaf950d210f",
|
||
|
"value": "4131d4737fe8dfe66d407bfd0a0df18a4a77b89347471cc012da8efc93c661a5"
|
||
|
},
|
||
|
{
|
||
|
"category": "Payload delivery",
|
||
|
"comment": "",
|
||
|
"deleted": false,
|
||
|
"disable_correlation": false,
|
||
|
"timestamp": "1518185604",
|
||
|
"to_ids": true,
|
||
|
"type": "filename",
|
||
|
"uuid": "5a58bfe5-fcf4-4b2f-a229-4f94950d210f",
|
||
|
"value": "/Library/LaunchDaemons/com.adobe.update.plist"
|
||
|
},
|
||
|
{
|
||
|
"category": "Payload delivery",
|
||
|
"comment": "",
|
||
|
"deleted": false,
|
||
|
"disable_correlation": false,
|
||
|
"timestamp": "1518185604",
|
||
|
"to_ids": true,
|
||
|
"type": "filename",
|
||
|
"uuid": "5a58bfe6-3008-4b03-90dc-41e0950d210f",
|
||
|
"value": "/Library/Scripts/installd.sh"
|
||
|
},
|
||
|
{
|
||
|
"category": "Network activity",
|
||
|
"comment": "",
|
||
|
"deleted": false,
|
||
|
"disable_correlation": false,
|
||
|
"timestamp": "1518185604",
|
||
|
"to_ids": true,
|
||
|
"type": "hostname",
|
||
|
"uuid": "5a58c0fb-5c08-4a71-94fc-4dcd950d210f",
|
||
|
"value": "car-service.effers.com"
|
||
|
},
|
||
|
{
|
||
|
"category": "Network activity",
|
||
|
"comment": "",
|
||
|
"deleted": false,
|
||
|
"disable_correlation": false,
|
||
|
"timestamp": "1518185605",
|
||
|
"to_ids": true,
|
||
|
"type": "ip-dst",
|
||
|
"uuid": "5a58c0fb-3e30-4946-b9e9-449c950d210f",
|
||
|
"value": "83.229.87.11"
|
||
|
}
|
||
|
],
|
||
|
"Object": [
|
||
|
{
|
||
|
"comment": "",
|
||
|
"deleted": false,
|
||
|
"description": "File object describing a file with meta-information",
|
||
|
"meta-category": "file",
|
||
|
"name": "file",
|
||
|
"template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215",
|
||
|
"template_version": "9",
|
||
|
"timestamp": "1515745222",
|
||
|
"uuid": "5a586fc6-e0fc-4f06-b55a-46a7950d210f",
|
||
|
"Attribute": [
|
||
|
{
|
||
|
"category": "Payload delivery",
|
||
|
"comment": "",
|
||
|
"deleted": false,
|
||
|
"disable_correlation": true,
|
||
|
"object_relation": "filename",
|
||
|
"timestamp": "1515745222",
|
||
|
"to_ids": true,
|
||
|
"type": "filename",
|
||
|
"uuid": "5a586fc6-b6e4-4592-9da3-4168950d210f",
|
||
|
"value": "macsvc"
|
||
|
},
|
||
|
{
|
||
|
"category": "Payload delivery",
|
||
|
"comment": "",
|
||
|
"deleted": false,
|
||
|
"disable_correlation": false,
|
||
|
"object_relation": "sha256",
|
||
|
"timestamp": "1515745222",
|
||
|
"to_ids": true,
|
||
|
"type": "sha256",
|
||
|
"uuid": "5a586fc6-7f60-47f1-bab8-4130950d210f",
|
||
|
"value": "b556c04c768d57af104716386fe4f23b01aa9d707cbc60385895e2b4fc08c9b0"
|
||
|
},
|
||
|
{
|
||
|
"category": "Other",
|
||
|
"comment": "",
|
||
|
"deleted": false,
|
||
|
"disable_correlation": true,
|
||
|
"object_relation": "state",
|
||
|
"timestamp": "1515745222",
|
||
|
"to_ids": false,
|
||
|
"type": "text",
|
||
|
"uuid": "5a586fc6-c494-406e-8723-4e75950d210f",
|
||
|
"value": "Malicious"
|
||
|
}
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"comment": "",
|
||
|
"deleted": false,
|
||
|
"description": "File object describing a file with meta-information",
|
||
|
"meta-category": "file",
|
||
|
"name": "file",
|
||
|
"template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215",
|
||
|
"template_version": "9",
|
||
|
"timestamp": "1515745460",
|
||
|
"uuid": "5a5870b4-5c68-4077-8cce-4138950d210f",
|
||
|
"Attribute": [
|
||
|
{
|
||
|
"category": "Payload delivery",
|
||
|
"comment": "",
|
||
|
"deleted": false,
|
||
|
"disable_correlation": true,
|
||
|
"object_relation": "filename",
|
||
|
"timestamp": "1515745460",
|
||
|
"to_ids": true,
|
||
|
"type": "filename",
|
||
|
"uuid": "5a5870b4-53bc-433b-8954-48d8950d210f",
|
||
|
"value": "afpscan"
|
||
|
},
|
||
|
{
|
||
|
"category": "Payload delivery",
|
||
|
"comment": "",
|
||
|
"deleted": false,
|
||
|
"disable_correlation": false,
|
||
|
"object_relation": "sha256",
|
||
|
"timestamp": "1515745460",
|
||
|
"to_ids": true,
|
||
|
"type": "sha256",
|
||
|
"uuid": "5a5870b4-46a4-4880-9100-4d2a950d210f",
|
||
|
"value": "bbbf73741078d1e74ab7281189b13f13b50308cf03d3df34bc9f6a90065a4a55"
|
||
|
},
|
||
|
{
|
||
|
"category": "Other",
|
||
|
"comment": "",
|
||
|
"deleted": false,
|
||
|
"disable_correlation": true,
|
||
|
"object_relation": "state",
|
||
|
"timestamp": "1515745460",
|
||
|
"to_ids": false,
|
||
|
"type": "text",
|
||
|
"uuid": "5a5870b4-2690-4b0b-be50-4734950d210f",
|
||
|
"value": "Malicious"
|
||
|
}
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"comment": "",
|
||
|
"deleted": false,
|
||
|
"description": "File object describing a file with meta-information",
|
||
|
"meta-category": "file",
|
||
|
"name": "file",
|
||
|
"template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215",
|
||
|
"template_version": "9",
|
||
|
"timestamp": "1515748111",
|
||
|
"uuid": "5a587b0f-b46c-4403-be5e-423d950d210f",
|
||
|
"Attribute": [
|
||
|
{
|
||
|
"category": "Payload delivery",
|
||
|
"comment": "",
|
||
|
"deleted": false,
|
||
|
"disable_correlation": true,
|
||
|
"object_relation": "filename",
|
||
|
"timestamp": "1515748111",
|
||
|
"to_ids": true,
|
||
|
"type": "filename",
|
||
|
"uuid": "5a587b0f-82c0-4f13-8ec7-4e5d950d210f",
|
||
|
"value": "addone flashplayer.app.zip"
|
||
|
},
|
||
|
{
|
||
|
"category": "Payload delivery",
|
||
|
"comment": "",
|
||
|
"deleted": false,
|
||
|
"disable_correlation": false,
|
||
|
"object_relation": "sha256",
|
||
|
"timestamp": "1515748310",
|
||
|
"to_ids": true,
|
||
|
"type": "sha256",
|
||
|
"uuid": "5a587b0f-7b54-4973-94b3-40f8950d210f",
|
||
|
"value": "52efcfe30f96a85c9c068880c20663db64f0e08346e0f3b59c2e5bbcb41ba73c"
|
||
|
},
|
||
|
{
|
||
|
"category": "Other",
|
||
|
"comment": "",
|
||
|
"deleted": false,
|
||
|
"disable_correlation": true,
|
||
|
"object_relation": "state",
|
||
|
"timestamp": "1515748111",
|
||
|
"to_ids": false,
|
||
|
"type": "text",
|
||
|
"uuid": "5a587b0f-0060-413b-b677-40b9950d210f",
|
||
|
"value": "Malicious"
|
||
|
}
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"comment": "",
|
||
|
"deleted": false,
|
||
|
"description": "File object describing a file with meta-information",
|
||
|
"meta-category": "file",
|
||
|
"name": "file",
|
||
|
"template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215",
|
||
|
"template_version": "9",
|
||
|
"timestamp": "1515748604",
|
||
|
"uuid": "5a587cfc-3568-4d8d-bcc1-4920950d210f",
|
||
|
"Attribute": [
|
||
|
{
|
||
|
"category": "Payload delivery",
|
||
|
"comment": "",
|
||
|
"deleted": false,
|
||
|
"disable_correlation": true,
|
||
|
"object_relation": "filename",
|
||
|
"timestamp": "1515748604",
|
||
|
"to_ids": true,
|
||
|
"type": "filename",
|
||
|
"uuid": "5a587cfc-75d8-475f-ae78-44c1950d210f",
|
||
|
"value": "Bitdefender Adware Removal Tool"
|
||
|
},
|
||
|
{
|
||
|
"category": "Payload delivery",
|
||
|
"comment": "",
|
||
|
"deleted": false,
|
||
|
"disable_correlation": false,
|
||
|
"object_relation": "sha256",
|
||
|
"timestamp": "1515748604",
|
||
|
"to_ids": true,
|
||
|
"type": "sha256",
|
||
|
"uuid": "5a587cfc-6930-4c61-97f0-472f950d210f",
|
||
|
"value": "7a9cdb9d608b88bd7afce001cb285c2bb2ae76f5027977e8635aa04bd064ffb7"
|
||
|
},
|
||
|
{
|
||
|
"category": "Other",
|
||
|
"comment": "",
|
||
|
"deleted": false,
|
||
|
"disable_correlation": true,
|
||
|
"object_relation": "state",
|
||
|
"timestamp": "1515748604",
|
||
|
"to_ids": false,
|
||
|
"type": "text",
|
||
|
"uuid": "5a587cfc-4534-4097-ac9d-416e950d210f",
|
||
|
"value": "Malicious"
|
||
|
}
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"comment": "",
|
||
|
"deleted": false,
|
||
|
"description": "File object describing a file with meta-information",
|
||
|
"meta-category": "file",
|
||
|
"name": "file",
|
||
|
"template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215",
|
||
|
"template_version": "9",
|
||
|
"timestamp": "1515748916",
|
||
|
"uuid": "5a587e34-dc78-4406-897c-4cff950d210f",
|
||
|
"Attribute": [
|
||
|
{
|
||
|
"category": "Payload delivery",
|
||
|
"comment": "",
|
||
|
"deleted": false,
|
||
|
"disable_correlation": true,
|
||
|
"object_relation": "filename",
|
||
|
"timestamp": "1515748916",
|
||
|
"to_ids": true,
|
||
|
"type": "filename",
|
||
|
"uuid": "5a587e34-dc60-4178-952c-4bfd950d210f",
|
||
|
"value": "U.S. Allies and Rivals Digest Trump's Victory - Carnegie Endowment for International Peace.docm"
|
||
|
},
|
||
|
{
|
||
|
"category": "Payload delivery",
|
||
|
"comment": "",
|
||
|
"deleted": false,
|
||
|
"disable_correlation": false,
|
||
|
"object_relation": "sha256",
|
||
|
"timestamp": "1515748916",
|
||
|
"to_ids": true,
|
||
|
"type": "sha256",
|
||
|
"uuid": "5a587e34-ee34-4bd2-a6e8-4157950d210f",
|
||
|
"value": "07adb8253ccc6fee20940de04c1bf4a54a4455525b2ac33f9c95713a8a102f3d"
|
||
|
},
|
||
|
{
|
||
|
"category": "Other",
|
||
|
"comment": "",
|
||
|
"deleted": false,
|
||
|
"disable_correlation": true,
|
||
|
"object_relation": "state",
|
||
|
"timestamp": "1515748916",
|
||
|
"to_ids": false,
|
||
|
"type": "text",
|
||
|
"uuid": "5a587e34-fd00-4f5e-817c-433d950d210f",
|
||
|
"value": "Malicious"
|
||
|
}
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"comment": "",
|
||
|
"deleted": false,
|
||
|
"description": "A domain and IP address seen as a tuple in a specific time frame.",
|
||
|
"meta-category": "network",
|
||
|
"name": "domain-ip",
|
||
|
"template_uuid": "43b3b146-77eb-4931-b4cc-b66c60f28734",
|
||
|
"template_version": "5",
|
||
|
"timestamp": "1515749433",
|
||
|
"uuid": "5a588039-c95c-4895-ad28-43ff950d210f",
|
||
|
"Attribute": [
|
||
|
{
|
||
|
"category": "Network activity",
|
||
|
"comment": "",
|
||
|
"deleted": false,
|
||
|
"disable_correlation": false,
|
||
|
"object_relation": "ip",
|
||
|
"timestamp": "1515749433",
|
||
|
"to_ids": true,
|
||
|
"type": "ip-dst",
|
||
|
"uuid": "5a588039-1678-47a6-910b-4763950d210f",
|
||
|
"value": "185.22.174.37"
|
||
|
},
|
||
|
{
|
||
|
"category": "Network activity",
|
||
|
"comment": "",
|
||
|
"deleted": false,
|
||
|
"disable_correlation": false,
|
||
|
"object_relation": "domain",
|
||
|
"timestamp": "1515749433",
|
||
|
"to_ids": true,
|
||
|
"type": "domain",
|
||
|
"uuid": "5a588039-5050-4ad7-beae-497c950d210f",
|
||
|
"value": "www.securitychecking.org"
|
||
|
}
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"comment": "",
|
||
|
"deleted": false,
|
||
|
"description": "File object describing a file with meta-information",
|
||
|
"meta-category": "file",
|
||
|
"name": "file",
|
||
|
"template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215",
|
||
|
"template_version": "9",
|
||
|
"timestamp": "1515753074",
|
||
|
"uuid": "5a588e6f-c80c-4f1e-ab63-5fa4950d210f",
|
||
|
"ObjectReference": [
|
||
|
{
|
||
|
"comment": "",
|
||
|
"object_uuid": "5a588e6f-c80c-4f1e-ab63-5fa4950d210f",
|
||
|
"referenced_uuid": "c484d968-23eb-42f0-95b4-c646ff1c4a46",
|
||
|
"relationship_type": "analysed-with",
|
||
|
"timestamp": "1518771603",
|
||
|
"uuid": "5a7dacb6-8444-4a82-9a60-7f0002de0b81"
|
||
|
}
|
||
|
],
|
||
|
"Attribute": [
|
||
|
{
|
||
|
"category": "Payload delivery",
|
||
|
"comment": "",
|
||
|
"deleted": false,
|
||
|
"disable_correlation": false,
|
||
|
"object_relation": "sha1",
|
||
|
"timestamp": "1515753071",
|
||
|
"to_ids": true,
|
||
|
"type": "sha1",
|
||
|
"uuid": "5a588e6f-f5e4-4e74-956b-5fa4950d210f",
|
||
|
"value": "0603353852e174fc0337642e3957c7423f182a8c"
|
||
|
},
|
||
|
{
|
||
|
"category": "Other",
|
||
|
"comment": "",
|
||
|
"deleted": false,
|
||
|
"disable_correlation": true,
|
||
|
"object_relation": "state",
|
||
|
"timestamp": "1515753071",
|
||
|
"to_ids": false,
|
||
|
"type": "text",
|
||
|
"uuid": "5a588e6f-47c8-4eb1-a79b-5fa4950d210f",
|
||
|
"value": "Harmless"
|
||
|
}
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"comment": "",
|
||
|
"deleted": false,
|
||
|
"description": "File object describing a file with meta-information",
|
||
|
"meta-category": "file",
|
||
|
"name": "file",
|
||
|
"template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215",
|
||
|
"template_version": "9",
|
||
|
"timestamp": "1515753094",
|
||
|
"uuid": "5a588e83-b4f8-44e1-8e4c-5f67950d210f",
|
||
|
"ObjectReference": [
|
||
|
{
|
||
|
"comment": "",
|
||
|
"object_uuid": "5a588e83-b4f8-44e1-8e4c-5f67950d210f",
|
||
|
"referenced_uuid": "c54a631e-db6e-4cc7-856d-07a974bfc25a",
|
||
|
"relationship_type": "analysed-with",
|
||
|
"timestamp": "1518771603",
|
||
|
"uuid": "5a7dacb6-edb0-4941-a6e1-7f0002de0b81"
|
||
|
}
|
||
|
],
|
||
|
"Attribute": [
|
||
|
{
|
||
|
"category": "Payload delivery",
|
||
|
"comment": "",
|
||
|
"deleted": false,
|
||
|
"disable_correlation": false,
|
||
|
"object_relation": "sha1",
|
||
|
"timestamp": "1515753092",
|
||
|
"to_ids": true,
|
||
|
"type": "sha1",
|
||
|
"uuid": "5a588e84-d19c-4f9d-8684-5f67950d210f",
|
||
|
"value": "e9dcdae1406ab1132dc9d507fd63503e5c4d41d9"
|
||
|
},
|
||
|
{
|
||
|
"category": "Other",
|
||
|
"comment": "",
|
||
|
"deleted": false,
|
||
|
"disable_correlation": true,
|
||
|
"object_relation": "state",
|
||
|
"timestamp": "1515753092",
|
||
|
"to_ids": false,
|
||
|
"type": "text",
|
||
|
"uuid": "5a588e84-9364-4216-8827-5f67950d210f",
|
||
|
"value": "Malicious"
|
||
|
}
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"comment": "",
|
||
|
"deleted": false,
|
||
|
"description": "File object describing a file with meta-information",
|
||
|
"meta-category": "file",
|
||
|
"name": "file",
|
||
|
"template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215",
|
||
|
"template_version": "9",
|
||
|
"timestamp": "1515753110",
|
||
|
"uuid": "5a588e93-5dfc-45e3-b6a4-4456950d210f",
|
||
|
"ObjectReference": [
|
||
|
{
|
||
|
"comment": "",
|
||
|
"object_uuid": "5a588e93-5dfc-45e3-b6a4-4456950d210f",
|
||
|
"referenced_uuid": "672456f3-351d-4587-8114-0c562fcb6082",
|
||
|
"relationship_type": "analysed-with",
|
||
|
"timestamp": "1518771603",
|
||
|
"uuid": "5a7dacb7-b1a0-454e-87b1-7f0002de0b81"
|
||
|
}
|
||
|
],
|
||
|
"Attribute": [
|
||
|
{
|
||
|
"category": "Payload delivery",
|
||
|
"comment": "",
|
||
|
"deleted": false,
|
||
|
"disable_correlation": false,
|
||
|
"object_relation": "sha1",
|
||
|
"timestamp": "1515753107",
|
||
|
"to_ids": true,
|
||
|
"type": "sha1",
|
||
|
"uuid": "5a588e93-3608-4a94-b664-4c11950d210f",
|
||
|
"value": "8cfa551d15320f0157ece3bdf30b1c62765a93a5"
|
||
|
},
|
||
|
{
|
||
|
"category": "Other",
|
||
|
"comment": "",
|
||
|
"deleted": false,
|
||
|
"disable_correlation": true,
|
||
|
"object_relation": "state",
|
||
|
"timestamp": "1515753107",
|
||
|
"to_ids": false,
|
||
|
"type": "text",
|
||
|
"uuid": "5a588e93-5a18-40e8-8964-48f5950d210f",
|
||
|
"value": "Malicious"
|
||
|
}
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"comment": "",
|
||
|
"deleted": false,
|
||
|
"description": "File object describing a file with meta-information",
|
||
|
"meta-category": "file",
|
||
|
"name": "file",
|
||
|
"template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215",
|
||
|
"template_version": "9",
|
||
|
"timestamp": "1515753127",
|
||
|
"uuid": "5a588ea4-afa0-4611-bfb8-5f67950d210f",
|
||
|
"ObjectReference": [
|
||
|
{
|
||
|
"comment": "",
|
||
|
"object_uuid": "5a588ea4-afa0-4611-bfb8-5f67950d210f",
|
||
|
"referenced_uuid": "a41b07c7-d703-4a24-95e3-7d4c50770c9b",
|
||
|
"relationship_type": "analysed-with",
|
||
|
"timestamp": "1518771603",
|
||
|
"uuid": "5a7dacb7-ae7c-4487-8d82-7f0002de0b81"
|
||
|
}
|
||
|
],
|
||
|
"Attribute": [
|
||
|
{
|
||
|
"category": "Payload delivery",
|
||
|
"comment": "",
|
||
|
"deleted": false,
|
||
|
"disable_correlation": false,
|
||
|
"object_relation": "sha1",
|
||
|
"timestamp": "1515753124",
|
||
|
"to_ids": true,
|
||
|
"type": "sha1",
|
||
|
"uuid": "5a588ea4-2050-4eb8-93a1-5f67950d210f",
|
||
|
"value": "0400b35d703d872adc64aa7ef914a260903998ca"
|
||
|
},
|
||
|
{
|
||
|
"category": "Other",
|
||
|
"comment": "",
|
||
|
"deleted": false,
|
||
|
"disable_correlation": true,
|
||
|
"object_relation": "state",
|
||
|
"timestamp": "1515753124",
|
||
|
"to_ids": false,
|
||
|
"type": "text",
|
||
|
"uuid": "5a588ea4-ac28-4cbb-a3a1-5f67950d210f",
|
||
|
"value": "Malicious"
|
||
|
}
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"comment": "ZIP archive with the Proton malware and Python scripts",
|
||
|
"deleted": false,
|
||
|
"description": "File object describing a file with meta-information",
|
||
|
"meta-category": "file",
|
||
|
"name": "file",
|
||
|
"template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215",
|
||
|
"template_version": "9",
|
||
|
"timestamp": "1515753308",
|
||
|
"uuid": "5a588f59-6d78-49a5-994d-47b5950d210f",
|
||
|
"ObjectReference": [
|
||
|
{
|
||
|
"comment": "",
|
||
|
"object_uuid": "5a588f59-6d78-49a5-994d-47b5950d210f",
|
||
|
"referenced_uuid": "77a6bb0a-b55e-4b33-ae86-c7ae2004d914",
|
||
|
"relationship_type": "analysed-with",
|
||
|
"timestamp": "1518771604",
|
||
|
"uuid": "5a7dacb7-8344-487f-9540-7f0002de0b81"
|
||
|
}
|
||
|
],
|
||
|
"Attribute": [
|
||
|
{
|
||
|
"category": "Payload delivery",
|
||
|
"comment": "",
|
||
|
"deleted": false,
|
||
|
"disable_correlation": true,
|
||
|
"object_relation": "filename",
|
||
|
"timestamp": "1515753305",
|
||
|
"to_ids": true,
|
||
|
"type": "filename",
|
||
|
"uuid": "5a588f59-a6c4-45cb-b63a-4d76950d210f",
|
||
|
"value": "Elmedia Player.app/Contents/Resources/.pl.zip"
|
||
|
},
|
||
|
{
|
||
|
"category": "Payload delivery",
|
||
|
"comment": "",
|
||
|
"deleted": false,
|
||
|
"disable_correlation": false,
|
||
|
"object_relation": "sha1",
|
||
|
"timestamp": "1515753306",
|
||
|
"to_ids": true,
|
||
|
"type": "sha1",
|
||
|
"uuid": "5a588f5a-a5d4-474b-ac23-4620950d210f",
|
||
|
"value": "9e5378165bb20e9a7f74a7fcc73b528f7b231a75"
|
||
|
},
|
||
|
{
|
||
|
"category": "Other",
|
||
|
"comment": "",
|
||
|
"deleted": false,
|
||
|
"disable_correlation": true,
|
||
|
"object_relation": "state",
|
||
|
"timestamp": "1515753306",
|
||
|
"to_ids": false,
|
||
|
"type": "text",
|
||
|
"uuid": "5a588f5a-7ca0-4e95-bbe7-4a8a950d210f",
|
||
|
"value": "Malicious"
|
||
|
}
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"comment": "Launcher (or wrapper)",
|
||
|
"deleted": false,
|
||
|
"description": "File object describing a file with meta-information",
|
||
|
"meta-category": "file",
|
||
|
"name": "file",
|
||
|
"template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215",
|
||
|
"template_version": "9",
|
||
|
"timestamp": "1515754027",
|
||
|
"uuid": "5a589228-91e8-4b7e-a099-4ccd950d210f",
|
||
|
"ObjectReference": [
|
||
|
{
|
||
|
"comment": "",
|
||
|
"object_uuid": "5a589228-91e8-4b7e-a099-4ccd950d210f",
|
||
|
"referenced_uuid": "cde25116-2c43-45fe-90a9-9d17cf9e4e7c",
|
||
|
"relationship_type": "analysed-with",
|
||
|
"timestamp": "1518771604",
|
||
|
"uuid": "5a7dacb7-2504-4f38-87ea-7f0002de0b81"
|
||
|
}
|
||
|
],
|
||
|
"Attribute": [
|
||
|
{
|
||
|
"category": "Payload delivery",
|
||
|
"comment": "",
|
||
|
"deleted": false,
|
||
|
"disable_correlation": true,
|
||
|
"object_relation": "filename",
|
||
|
"timestamp": "1515754024",
|
||
|
"to_ids": true,
|
||
|
"type": "filename",
|
||
|
"uuid": "5a589228-56cc-40a5-b57c-4ebd950d210f",
|
||
|
"value": "Elmedia Player.app/Contents/MacOS/Elmedia Player"
|
||
|
},
|
||
|
{
|
||
|
"category": "Payload delivery",
|
||
|
"comment": "",
|
||
|
"deleted": false,
|
||
|
"disable_correlation": false,
|
||
|
"object_relation": "sha1",
|
||
|
"timestamp": "1515754025",
|
||
|
"to_ids": true,
|
||
|
"type": "sha1",
|
||
|
"uuid": "5a589229-2a54-43f5-9914-421e950d210f",
|
||
|
"value": "c9472d791c076a10dce5ff0d3ab6e7706524b741"
|
||
|
},
|
||
|
{
|
||
|
"category": "Other",
|
||
|
"comment": "",
|
||
|
"deleted": false,
|
||
|
"disable_correlation": true,
|
||
|
"object_relation": "state",
|
||
|
"timestamp": "1515754025",
|
||
|
"to_ids": false,
|
||
|
"type": "text",
|
||
|
"uuid": "5a589229-bfdc-40d0-abaa-439c950d210f",
|
||
|
"value": "Malicious"
|
||
|
}
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"comment": "Proton malware, not signed",
|
||
|
"deleted": false,
|
||
|
"description": "File object describing a file with meta-information",
|
||
|
"meta-category": "file",
|
||
|
"name": "file",
|
||
|
"template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215",
|
||
|
"template_version": "9",
|
||
|
"timestamp": "1515754085",
|
||
|
"uuid": "5a589262-4dd4-4e98-8159-6247950d210f",
|
||
|
"ObjectReference": [
|
||
|
{
|
||
|
"comment": "",
|
||
|
"object_uuid": "5a589262-4dd4-4e98-8159-6247950d210f",
|
||
|
"referenced_uuid": "e71d92c3-fb0b-4408-95c7-c3afe71baae7",
|
||
|
"relationship_type": "analysed-with",
|
||
|
"timestamp": "1518771604",
|
||
|
"uuid": "5a7dacb7-d228-429f-9a58-7f0002de0b81"
|
||
|
}
|
||
|
],
|
||
|
"Attribute": [
|
||
|
{
|
||
|
"category": "Payload delivery",
|
||
|
"comment": "",
|
||
|
"deleted": false,
|
||
|
"disable_correlation": true,
|
||
|
"object_relation": "filename",
|
||
|
"timestamp": "1515754082",
|
||
|
"to_ids": true,
|
||
|
"type": "filename",
|
||
|
"uuid": "5a589262-e680-4ed2-b3ca-6247950d210f",
|
||
|
"value": "Updater.app/Contents/MacOS/Updater"
|
||
|
},
|
||
|
{
|
||
|
"category": "Payload delivery",
|
||
|
"comment": "",
|
||
|
"deleted": false,
|
||
|
"disable_correlation": false,
|
||
|
"object_relation": "sha1",
|
||
|
"timestamp": "1515754083",
|
||
|
"to_ids": true,
|
||
|
"type": "sha1",
|
||
|
"uuid": "5a589263-428c-4b6f-bce7-6247950d210f",
|
||
|
"value": "3ef34e2581937babd2b7ce63ab1d92cd9440181a"
|
||
|
},
|
||
|
{
|
||
|
"category": "Other",
|
||
|
"comment": "",
|
||
|
"deleted": false,
|
||
|
"disable_correlation": true,
|
||
|
"object_relation": "state",
|
||
|
"timestamp": "1515754083",
|
||
|
"to_ids": false,
|
||
|
"type": "text",
|
||
|
"uuid": "5a589263-8808-4386-bc65-6247950d210f",
|
||
|
"value": "Malicious"
|
||
|
}
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"comment": "ZIP of App bundle",
|
||
|
"deleted": false,
|
||
|
"description": "File object describing a file with meta-information",
|
||
|
"meta-category": "file",
|
||
|
"name": "file",
|
||
|
"template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215",
|
||
|
"template_version": "9",
|
||
|
"timestamp": "1515764445",
|
||
|
"uuid": "5a58bada-0930-472d-8af6-4307950d210f",
|
||
|
"ObjectReference": [
|
||
|
{
|
||
|
"comment": "",
|
||
|
"object_uuid": "5a58bada-0930-472d-8af6-4307950d210f",
|
||
|
"referenced_uuid": "5c4cd601-a2bf-4e3e-b43c-3ee6dbee5ae0",
|
||
|
"relationship_type": "analysed-with",
|
||
|
"timestamp": "1518771604",
|
||
|
"uuid": "5a7dacb7-6698-46e3-a7cb-7f0002de0b81"
|
||
|
}
|
||
|
],
|
||
|
"Attribute": [
|
||
|
{
|
||
|
"category": "Payload delivery",
|
||
|
"comment": "",
|
||
|
"deleted": false,
|
||
|
"disable_correlation": true,
|
||
|
"object_relation": "filename",
|
||
|
"timestamp": "1515764443",
|
||
|
"to_ids": true,
|
||
|
"type": "filename",
|
||
|
"uuid": "5a58badb-2ae4-4e9f-b619-41b3950d210f",
|
||
|
"value": "Office 2016 Patcher.zip"
|
||
|
},
|
||
|
{
|
||
|
"category": "Payload delivery",
|
||
|
"comment": "",
|
||
|
"deleted": false,
|
||
|
"disable_correlation": false,
|
||
|
"object_relation": "sha1",
|
||
|
"timestamp": "1515764443",
|
||
|
"to_ids": true,
|
||
|
"type": "sha1",
|
||
|
"uuid": "5a58badb-66f0-484c-8c08-4d4c950d210f",
|
||
|
"value": "1b7380d283ceebcabb683464ba0bb6dd73d6e886"
|
||
|
},
|
||
|
{
|
||
|
"category": "Other",
|
||
|
"comment": "",
|
||
|
"deleted": false,
|
||
|
"disable_correlation": true,
|
||
|
"object_relation": "state",
|
||
|
"timestamp": "1515764443",
|
||
|
"to_ids": false,
|
||
|
"type": "text",
|
||
|
"uuid": "5a58badb-872c-4b35-81d5-46e1950d210f",
|
||
|
"value": "Malicious"
|
||
|
}
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"comment": "ZIP of App bundle",
|
||
|
"deleted": false,
|
||
|
"description": "File object describing a file with meta-information",
|
||
|
"meta-category": "file",
|
||
|
"name": "file",
|
||
|
"template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215",
|
||
|
"template_version": "9",
|
||
|
"timestamp": "1515764957",
|
||
|
"uuid": "5a58bcda-a8f8-43a6-acb8-4fbc950d210f",
|
||
|
"ObjectReference": [
|
||
|
{
|
||
|
"comment": "",
|
||
|
"object_uuid": "5a58bcda-a8f8-43a6-acb8-4fbc950d210f",
|
||
|
"referenced_uuid": "e72fba22-ef47-4486-b345-e02af2e3f2ba",
|
||
|
"relationship_type": "analysed-with",
|
||
|
"timestamp": "1518771604",
|
||
|
"uuid": "5a7dacb7-d0e4-4785-8aee-7f0002de0b81"
|
||
|
}
|
||
|
],
|
||
|
"Attribute": [
|
||
|
{
|
||
|
"category": "Payload delivery",
|
||
|
"comment": "",
|
||
|
"deleted": false,
|
||
|
"disable_correlation": true,
|
||
|
"object_relation": "filename",
|
||
|
"timestamp": "1515764954",
|
||
|
"to_ids": true,
|
||
|
"type": "filename",
|
||
|
"uuid": "5a58bcda-da50-4dfe-916c-4aac950d210f",
|
||
|
"value": "Adobe Premiere Pro CC 2017 Patcher.zip"
|
||
|
},
|
||
|
{
|
||
|
"category": "Payload delivery",
|
||
|
"comment": "",
|
||
|
"deleted": false,
|
||
|
"disable_correlation": false,
|
||
|
"object_relation": "sha1",
|
||
|
"timestamp": "1515764954",
|
||
|
"to_ids": true,
|
||
|
"type": "sha1",
|
||
|
"uuid": "5a58bcda-db14-46d4-ac8c-44f0950d210f",
|
||
|
"value": "a91a529f89b1ab8792c345f823e101b55d656a08"
|
||
|
},
|
||
|
{
|
||
|
"category": "Other",
|
||
|
"comment": "",
|
||
|
"deleted": false,
|
||
|
"disable_correlation": true,
|
||
|
"object_relation": "state",
|
||
|
"timestamp": "1515764954",
|
||
|
"to_ids": false,
|
||
|
"type": "text",
|
||
|
"uuid": "5a58bcda-8fbc-4e5f-8ac2-437f950d210f",
|
||
|
"value": "Malicious"
|
||
|
}
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"comment": "Mach-O",
|
||
|
"deleted": false,
|
||
|
"description": "File object describing a file with meta-information",
|
||
|
"meta-category": "file",
|
||
|
"name": "file",
|
||
|
"template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215",
|
||
|
"template_version": "9",
|
||
|
"timestamp": "1515764988",
|
||
|
"uuid": "5a58bcf9-4efc-4891-99c0-4a32950d210f",
|
||
|
"ObjectReference": [
|
||
|
{
|
||
|
"comment": "",
|
||
|
"object_uuid": "5a58bcf9-4efc-4891-99c0-4a32950d210f",
|
||
|
"referenced_uuid": "10efb953-d0cc-4219-8b64-fd1aea48048d",
|
||
|
"relationship_type": "analysed-with",
|
||
|
"timestamp": "1518771604",
|
||
|
"uuid": "5a7dacb7-0214-4bd2-a4f4-7f0002de0b81"
|
||
|
}
|
||
|
],
|
||
|
"Attribute": [
|
||
|
{
|
||
|
"category": "Payload delivery",
|
||
|
"comment": "",
|
||
|
"deleted": false,
|
||
|
"disable_correlation": true,
|
||
|
"object_relation": "filename",
|
||
|
"timestamp": "1515764985",
|
||
|
"to_ids": true,
|
||
|
"type": "filename",
|
||
|
"uuid": "5a58bcf9-7538-4300-865a-4603950d210f",
|
||
|
"value": "Office 2016 Patcher"
|
||
|
},
|
||
|
{
|
||
|
"category": "Payload delivery",
|
||
|
"comment": "",
|
||
|
"deleted": false,
|
||
|
"disable_correlation": false,
|
||
|
"object_relation": "sha1",
|
||
|
"timestamp": "1515764985",
|
||
|
"to_ids": true,
|
||
|
"type": "sha1",
|
||
|
"uuid": "5a58bcf9-bc34-4675-935f-452b950d210f",
|
||
|
"value": "e55fe159e6e3a8459e9363401fcc864335fee321"
|
||
|
},
|
||
|
{
|
||
|
"category": "Other",
|
||
|
"comment": "",
|
||
|
"deleted": false,
|
||
|
"disable_correlation": true,
|
||
|
"object_relation": "state",
|
||
|
"timestamp": "1515764985",
|
||
|
"to_ids": false,
|
||
|
"type": "text",
|
||
|
"uuid": "5a58bcf9-a6dc-4eca-b641-486f950d210f",
|
||
|
"value": "Malicious"
|
||
|
}
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"comment": "Mach-O",
|
||
|
"deleted": false,
|
||
|
"description": "File object describing a file with meta-information",
|
||
|
"meta-category": "file",
|
||
|
"name": "file",
|
||
|
"template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215",
|
||
|
"template_version": "9",
|
||
|
"timestamp": "1515765016",
|
||
|
"uuid": "5a58bd15-e480-4b26-b998-45da950d210f",
|
||
|
"ObjectReference": [
|
||
|
{
|
||
|
"comment": "",
|
||
|
"object_uuid": "5a58bd15-e480-4b26-b998-45da950d210f",
|
||
|
"referenced_uuid": "a643b2e6-13d0-4844-bb44-3708ee4f1430",
|
||
|
"relationship_type": "analysed-with",
|
||
|
"timestamp": "1518771604",
|
||
|
"uuid": "5a7dacb8-77e4-41c2-9ee7-7f0002de0b81"
|
||
|
}
|
||
|
],
|
||
|
"Attribute": [
|
||
|
{
|
||
|
"category": "Payload delivery",
|
||
|
"comment": "",
|
||
|
"deleted": false,
|
||
|
"disable_correlation": true,
|
||
|
"object_relation": "filename",
|
||
|
"timestamp": "1515765013",
|
||
|
"to_ids": true,
|
||
|
"type": "filename",
|
||
|
"uuid": "5a58bd15-e76c-41d8-a1f6-423c950d210f",
|
||
|
"value": "Adobe Premiere Pro CC 2017 Patcher"
|
||
|
},
|
||
|
{
|
||
|
"category": "Payload delivery",
|
||
|
"comment": "",
|
||
|
"deleted": false,
|
||
|
"disable_correlation": false,
|
||
|
"object_relation": "sha1",
|
||
|
"timestamp": "1515765013",
|
||
|
"to_ids": true,
|
||
|
"type": "sha1",
|
||
|
"uuid": "5a58bd15-b5bc-4ce8-9ebf-4ef1950d210f",
|
||
|
"value": "3820b23c1057f8c3522c47737f25183a3c15e4db"
|
||
|
},
|
||
|
{
|
||
|
"category": "Other",
|
||
|
"comment": "",
|
||
|
"deleted": false,
|
||
|
"disable_correlation": true,
|
||
|
"object_relation": "state",
|
||
|
"timestamp": "1515765013",
|
||
|
"to_ids": false,
|
||
|
"type": "text",
|
||
|
"uuid": "5a58bd15-b388-42a0-9e9e-48da950d210f",
|
||
|
"value": "Malicious"
|
||
|
}
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"comment": "",
|
||
|
"deleted": false,
|
||
|
"description": "File object describing a file with meta-information",
|
||
|
"meta-category": "file",
|
||
|
"name": "file",
|
||
|
"template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215",
|
||
|
"template_version": "9",
|
||
|
"timestamp": "1515765788",
|
||
|
"uuid": "5a58c01c-b8f4-40e3-98cd-4936950d210f",
|
||
|
"Attribute": [
|
||
|
{
|
||
|
"category": "Payload delivery",
|
||
|
"comment": "",
|
||
|
"deleted": false,
|
||
|
"disable_correlation": true,
|
||
|
"object_relation": "filename",
|
||
|
"timestamp": "1515765788",
|
||
|
"to_ids": true,
|
||
|
"type": "filename",
|
||
|
"uuid": "5a58c01c-c9cc-4a5f-a77d-4cc9950d210f",
|
||
|
"value": "Install Adobe Flash Player.app.zip"
|
||
|
},
|
||
|
{
|
||
|
"category": "Payload delivery",
|
||
|
"comment": "",
|
||
|
"deleted": false,
|
||
|
"disable_correlation": false,
|
||
|
"object_relation": "sha256",
|
||
|
"timestamp": "1515765788",
|
||
|
"to_ids": true,
|
||
|
"type": "sha256",
|
||
|
"uuid": "5a58c01c-daac-4b25-b4de-4759950d210f",
|
||
|
"value": "b8ee4556dc09b28826359b98343a4e00680971a6f8c6602747bd5d723d26eaea"
|
||
|
},
|
||
|
{
|
||
|
"category": "Other",
|
||
|
"comment": "",
|
||
|
"deleted": false,
|
||
|
"disable_correlation": true,
|
||
|
"object_relation": "state",
|
||
|
"timestamp": "1515765788",
|
||
|
"to_ids": false,
|
||
|
"type": "text",
|
||
|
"uuid": "5a58c01c-8638-4eab-a2fa-45ce950d210f",
|
||
|
"value": "Malicious"
|
||
|
}
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"comment": "",
|
||
|
"deleted": false,
|
||
|
"description": "File object describing a file with meta-information",
|
||
|
"meta-category": "file",
|
||
|
"name": "file",
|
||
|
"template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215",
|
||
|
"template_version": "9",
|
||
|
"timestamp": "1515765814",
|
||
|
"uuid": "5a58c036-a548-4862-a538-446a950d210f",
|
||
|
"Attribute": [
|
||
|
{
|
||
|
"category": "Payload delivery",
|
||
|
"comment": "",
|
||
|
"deleted": false,
|
||
|
"disable_correlation": true,
|
||
|
"object_relation": "filename",
|
||
|
"timestamp": "1515765814",
|
||
|
"to_ids": true,
|
||
|
"type": "filename",
|
||
|
"uuid": "5a58c036-fb6c-46fb-94a4-44d6950d210f",
|
||
|
"value": "Install"
|
||
|
},
|
||
|
{
|
||
|
"category": "Payload delivery",
|
||
|
"comment": "",
|
||
|
"deleted": false,
|
||
|
"disable_correlation": false,
|
||
|
"object_relation": "sha256",
|
||
|
"timestamp": "1515765814",
|
||
|
"to_ids": true,
|
||
|
"type": "sha256",
|
||
|
"uuid": "5a58c036-bf74-4920-8c74-401a950d210f",
|
||
|
"value": "5b7792a16c6b7978fca389882c6aeeb2c792352076bf6a064e7b8b90eace8060"
|
||
|
},
|
||
|
{
|
||
|
"category": "Other",
|
||
|
"comment": "",
|
||
|
"deleted": false,
|
||
|
"disable_correlation": true,
|
||
|
"object_relation": "state",
|
||
|
"timestamp": "1515765814",
|
||
|
"to_ids": false,
|
||
|
"type": "text",
|
||
|
"uuid": "5a58c036-a95c-4106-8b20-4ed7950d210f",
|
||
|
"value": "Malicious"
|
||
|
}
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"comment": "",
|
||
|
"deleted": false,
|
||
|
"description": "File object describing a file with meta-information",
|
||
|
"meta-category": "file",
|
||
|
"name": "file",
|
||
|
"template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215",
|
||
|
"template_version": "9",
|
||
|
"timestamp": "1515765840",
|
||
|
"uuid": "5a58c050-7084-4c75-9670-400a950d210f",
|
||
|
"Attribute": [
|
||
|
{
|
||
|
"category": "Payload delivery",
|
||
|
"comment": "",
|
||
|
"deleted": false,
|
||
|
"disable_correlation": true,
|
||
|
"object_relation": "filename",
|
||
|
"timestamp": "1515765840",
|
||
|
"to_ids": true,
|
||
|
"type": "filename",
|
||
|
"uuid": "5a58c050-fa54-46ad-9570-4513950d210f",
|
||
|
"value": "install.sh"
|
||
|
},
|
||
|
{
|
||
|
"category": "Payload delivery",
|
||
|
"comment": "",
|
||
|
"deleted": false,
|
||
|
"disable_correlation": false,
|
||
|
"object_relation": "sha256",
|
||
|
"timestamp": "1515765840",
|
||
|
"to_ids": true,
|
||
|
"type": "sha256",
|
||
|
"uuid": "5a58c050-e1b4-41e4-aed9-45f9950d210f",
|
||
|
"value": "0a77f1b59c829a83d91a12c871fbd30c5c9d04b455f497e0c231cd21104bfea9"
|
||
|
},
|
||
|
{
|
||
|
"category": "Other",
|
||
|
"comment": "",
|
||
|
"deleted": false,
|
||
|
"disable_correlation": true,
|
||
|
"object_relation": "state",
|
||
|
"timestamp": "1515765840",
|
||
|
"to_ids": false,
|
||
|
"type": "text",
|
||
|
"uuid": "5a58c050-892c-42ca-9eb2-4b2a950d210f",
|
||
|
"value": "Malicious"
|
||
|
}
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"comment": "",
|
||
|
"deleted": false,
|
||
|
"description": "File object describing a file with meta-information",
|
||
|
"meta-category": "file",
|
||
|
"name": "file",
|
||
|
"template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215",
|
||
|
"template_version": "9",
|
||
|
"timestamp": "1515765877",
|
||
|
"uuid": "5a58c075-f7d4-4c8b-8e4b-4bb9950d210f",
|
||
|
"Attribute": [
|
||
|
{
|
||
|
"category": "Payload delivery",
|
||
|
"comment": "",
|
||
|
"deleted": false,
|
||
|
"disable_correlation": true,
|
||
|
"object_relation": "filename",
|
||
|
"timestamp": "1515765877",
|
||
|
"to_ids": true,
|
||
|
"type": "filename",
|
||
|
"uuid": "5a58c075-02e8-4f97-bef4-4869950d210f",
|
||
|
"value": "Install Adobe Flash Player"
|
||
|
},
|
||
|
{
|
||
|
"category": "Payload delivery",
|
||
|
"comment": "",
|
||
|
"deleted": false,
|
||
|
"disable_correlation": false,
|
||
|
"object_relation": "sha256",
|
||
|
"timestamp": "1515765878",
|
||
|
"to_ids": true,
|
||
|
"type": "sha256",
|
||
|
"uuid": "5a58c076-2d90-4c80-9afb-44ec950d210f",
|
||
|
"value": "7848f7808af02ba0466f3a0687cf949c4d29a2d94b035481a3299ec519aaaa30"
|
||
|
},
|
||
|
{
|
||
|
"category": "Other",
|
||
|
"comment": "",
|
||
|
"deleted": false,
|
||
|
"disable_correlation": true,
|
||
|
"object_relation": "state",
|
||
|
"timestamp": "1515765878",
|
||
|
"to_ids": false,
|
||
|
"type": "text",
|
||
|
"uuid": "5a58c076-01c8-403d-a6ef-481e950d210f",
|
||
|
"value": "Malicious"
|
||
|
}
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"comment": "",
|
||
|
"deleted": false,
|
||
|
"description": "File object describing a file with meta-information",
|
||
|
"meta-category": "file",
|
||
|
"name": "file",
|
||
|
"template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215",
|
||
|
"template_version": "9",
|
||
|
"timestamp": "1515765907",
|
||
|
"uuid": "5a58c093-809c-40dc-b89c-4465950d210f",
|
||
|
"Attribute": [
|
||
|
{
|
||
|
"category": "Payload delivery",
|
||
|
"comment": "",
|
||
|
"deleted": false,
|
||
|
"disable_correlation": true,
|
||
|
"object_relation": "filename",
|
||
|
"timestamp": "1515765907",
|
||
|
"to_ids": true,
|
||
|
"type": "filename",
|
||
|
"uuid": "5a58c093-7938-4404-9b02-4742950d210f",
|
||
|
"value": "Installdp"
|
||
|
},
|
||
|
{
|
||
|
"category": "Payload delivery",
|
||
|
"comment": "",
|
||
|
"deleted": false,
|
||
|
"disable_correlation": false,
|
||
|
"object_relation": "sha256",
|
||
|
"timestamp": "1515765907",
|
||
|
"to_ids": true,
|
||
|
"type": "sha256",
|
||
|
"uuid": "5a58c093-d9a8-4ecb-84ed-4a64950d210f",
|
||
|
"value": "d5ea79632a1a67abbf9fb1c2813b899c90a5fb9442966ed4f530e92715087ee2"
|
||
|
},
|
||
|
{
|
||
|
"category": "Other",
|
||
|
"comment": "",
|
||
|
"deleted": false,
|
||
|
"disable_correlation": true,
|
||
|
"object_relation": "state",
|
||
|
"timestamp": "1515765907",
|
||
|
"to_ids": false,
|
||
|
"type": "text",
|
||
|
"uuid": "5a58c093-8a40-4c24-98ab-454c950d210f",
|
||
|
"value": "Malicious"
|
||
|
}
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"comment": "",
|
||
|
"deleted": false,
|
||
|
"description": "File object describing a file with meta-information",
|
||
|
"meta-category": "file",
|
||
|
"name": "file",
|
||
|
"template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215",
|
||
|
"template_version": "9",
|
||
|
"timestamp": "1515765934",
|
||
|
"uuid": "5a58c0ae-c4dc-4e61-adac-4746950d210f",
|
||
|
"Attribute": [
|
||
|
{
|
||
|
"category": "Payload delivery",
|
||
|
"comment": "",
|
||
|
"deleted": false,
|
||
|
"disable_correlation": true,
|
||
|
"object_relation": "filename",
|
||
|
"timestamp": "1515765934",
|
||
|
"to_ids": true,
|
||
|
"type": "filename",
|
||
|
"uuid": "5a58c0ae-bdc0-43d2-9dba-4c04950d210f",
|
||
|
"value": "com.adobe.update"
|
||
|
},
|
||
|
{
|
||
|
"category": "Payload delivery",
|
||
|
"comment": "",
|
||
|
"deleted": false,
|
||
|
"disable_correlation": false,
|
||
|
"object_relation": "sha256",
|
||
|
"timestamp": "1515765934",
|
||
|
"to_ids": true,
|
||
|
"type": "sha256",
|
||
|
"uuid": "5a58c0ae-05c4-42fc-8bdf-48c3950d210f",
|
||
|
"value": "b6df610aa5c1254c3af5b2ff806562c4937704e4ac248577cdcd3e7e7b3578a0"
|
||
|
},
|
||
|
{
|
||
|
"category": "Other",
|
||
|
"comment": "",
|
||
|
"deleted": false,
|
||
|
"disable_correlation": true,
|
||
|
"object_relation": "state",
|
||
|
"timestamp": "1515765934",
|
||
|
"to_ids": false,
|
||
|
"type": "text",
|
||
|
"uuid": "5a58c0ae-6e68-4d91-b7b2-4d47950d210f",
|
||
|
"value": "Malicious"
|
||
|
}
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"comment": "",
|
||
|
"deleted": false,
|
||
|
"description": "File object describing a file with meta-information",
|
||
|
"meta-category": "file",
|
||
|
"name": "file",
|
||
|
"template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215",
|
||
|
"template_version": "9",
|
||
|
"timestamp": "1515765955",
|
||
|
"uuid": "5a58c0c3-26d0-4a90-8753-4cf7950d210f",
|
||
|
"Attribute": [
|
||
|
{
|
||
|
"category": "Payload delivery",
|
||
|
"comment": "",
|
||
|
"deleted": false,
|
||
|
"disable_correlation": true,
|
||
|
"object_relation": "filename",
|
||
|
"timestamp": "1515765956",
|
||
|
"to_ids": true,
|
||
|
"type": "filename",
|
||
|
"uuid": "5a58c0c4-364c-499e-be36-484e950d210f",
|
||
|
"value": "installd.sh"
|
||
|
},
|
||
|
{
|
||
|
"category": "Payload delivery",
|
||
|
"comment": "",
|
||
|
"deleted": false,
|
||
|
"disable_correlation": false,
|
||
|
"object_relation": "sha256",
|
||
|
"timestamp": "1515765956",
|
||
|
"to_ids": true,
|
||
|
"type": "sha256",
|
||
|
"uuid": "5a58c0c4-c408-4a9d-b139-4423950d210f",
|
||
|
"value": "6e207a375782e3c9d86a3e426cfa38eddcf4898b3556abc75889f7e01cc49506"
|
||
|
},
|
||
|
{
|
||
|
"category": "Other",
|
||
|
"comment": "",
|
||
|
"deleted": false,
|
||
|
"disable_correlation": true,
|
||
|
"object_relation": "state",
|
||
|
"timestamp": "1515765956",
|
||
|
"to_ids": false,
|
||
|
"type": "text",
|
||
|
"uuid": "5a58c0c4-eb0c-44b4-b762-424f950d210f",
|
||
|
"value": "Malicious"
|
||
|
}
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"comment": "",
|
||
|
"deleted": false,
|
||
|
"description": "File object describing a file with meta-information",
|
||
|
"meta-category": "file",
|
||
|
"name": "file",
|
||
|
"template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215",
|
||
|
"template_version": "9",
|
||
|
"timestamp": "1515765977",
|
||
|
"uuid": "5a58c0d9-822c-4fc7-96ad-4dbc950d210f",
|
||
|
"Attribute": [
|
||
|
{
|
||
|
"category": "Payload delivery",
|
||
|
"comment": "",
|
||
|
"deleted": false,
|
||
|
"disable_correlation": true,
|
||
|
"object_relation": "filename",
|
||
|
"timestamp": "1515765978",
|
||
|
"to_ids": true,
|
||
|
"type": "filename",
|
||
|
"uuid": "5a58c0da-b2f8-4669-a747-4d6b950d210f",
|
||
|
"value": "queue"
|
||
|
},
|
||
|
{
|
||
|
"category": "Payload delivery",
|
||
|
"comment": "",
|
||
|
"deleted": false,
|
||
|
"disable_correlation": false,
|
||
|
"object_relation": "sha256",
|
||
|
"timestamp": "1515765978",
|
||
|
"to_ids": true,
|
||
|
"type": "sha256",
|
||
|
"uuid": "5a58c0da-bbbc-4637-81cd-4af2950d210f",
|
||
|
"value": "92721d719b8085748fb66366d202457f6d38bfa108a2ecda71eee7e68f43a387"
|
||
|
},
|
||
|
{
|
||
|
"category": "Other",
|
||
|
"comment": "",
|
||
|
"deleted": false,
|
||
|
"disable_correlation": true,
|
||
|
"object_relation": "state",
|
||
|
"timestamp": "1515765978",
|
||
|
"to_ids": false,
|
||
|
"type": "text",
|
||
|
"uuid": "5a58c0da-02c8-4480-a7f8-4430950d210f",
|
||
|
"value": "Malicious"
|
||
|
}
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"comment": "",
|
||
|
"deleted": false,
|
||
|
"description": "File object describing a file with meta-information",
|
||
|
"meta-category": "file",
|
||
|
"name": "file",
|
||
|
"template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215",
|
||
|
"template_version": "7",
|
||
|
"timestamp": "1515766055",
|
||
|
"uuid": "1a0ee044-7122-498a-9723-2e6a34cfe282",
|
||
|
"ObjectReference": [
|
||
|
{
|
||
|
"comment": "",
|
||
|
"object_uuid": "1a0ee044-7122-498a-9723-2e6a34cfe282",
|
||
|
"referenced_uuid": "2721e4a4-3fa7-48d6-a1c5-82c6072fe9cb",
|
||
|
"relationship_type": "analysed-with",
|
||
|
"timestamp": "1518771604",
|
||
|
"uuid": "5a58c12a-42d0-4a1a-85a0-4b4702de0b81"
|
||
|
}
|
||
|
],
|
||
|
"Attribute": [
|
||
|
{
|
||
|
"category": "Payload delivery",
|
||
|
"comment": "",
|
||
|
"deleted": false,
|
||
|
"disable_correlation": false,
|
||
|
"object_relation": "sha1",
|
||
|
"timestamp": "1515766052",
|
||
|
"to_ids": true,
|
||
|
"type": "sha1",
|
||
|
"uuid": "5a58c124-c884-4712-8129-44cc02de0b81",
|
||
|
"value": "a91a529f89b1ab8792c345f823e101b55d656a08"
|
||
|
},
|
||
|
{
|
||
|
"category": "Payload delivery",
|
||
|
"comment": "",
|
||
|
"deleted": false,
|
||
|
"disable_correlation": false,
|
||
|
"object_relation": "md5",
|
||
|
"timestamp": "1515766052",
|
||
|
"to_ids": true,
|
||
|
"type": "md5",
|
||
|
"uuid": "5a58c124-43a8-424b-bcef-4fc302de0b81",
|
||
|
"value": "766f058837b08f890bb97198c21b6cc1"
|
||
|
},
|
||
|
{
|
||
|
"category": "Payload delivery",
|
||
|
"comment": "",
|
||
|
"deleted": false,
|
||
|
"disable_correlation": false,
|
||
|
"object_relation": "sha256",
|
||
|
"timestamp": "1515766052",
|
||
|
"to_ids": true,
|
||
|
"type": "sha256",
|
||
|
"uuid": "5a58c124-1a34-4cbf-88d6-434402de0b81",
|
||
|
"value": "c68814901d0af5de410c152e62a06a51c16ec7fe118f1e5251bbcdbb27364709"
|
||
|
}
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"comment": "",
|
||
|
"deleted": false,
|
||
|
"description": "VirusTotal report",
|
||
|
"meta-category": "misc",
|
||
|
"name": "virustotal-report",
|
||
|
"template_uuid": "d7dd0154-e04f-4c34-a2fb-79f3a3a52aa4",
|
||
|
"template_version": "1",
|
||
|
"timestamp": "1515766052",
|
||
|
"uuid": "2721e4a4-3fa7-48d6-a1c5-82c6072fe9cb",
|
||
|
"Attribute": [
|
||
|
{
|
||
|
"category": "External analysis",
|
||
|
"comment": "",
|
||
|
"deleted": false,
|
||
|
"disable_correlation": false,
|
||
|
"object_relation": "permalink",
|
||
|
"timestamp": "1515766052",
|
||
|
"to_ids": false,
|
||
|
"type": "link",
|
||
|
"uuid": "5a58c124-f528-425a-945d-401002de0b81",
|
||
|
"value": "https://www.virustotal.com/file/c68814901d0af5de410c152e62a06a51c16ec7fe118f1e5251bbcdbb27364709/analysis/1501703565/"
|
||
|
},
|
||
|
{
|
||
|
"category": "Other",
|
||
|
"comment": "",
|
||
|
"deleted": false,
|
||
|
"disable_correlation": true,
|
||
|
"object_relation": "detection-ratio",
|
||
|
"timestamp": "1515766052",
|
||
|
"to_ids": false,
|
||
|
"type": "text",
|
||
|
"uuid": "5a58c124-1cd0-4c4d-8d7c-4db102de0b81",
|
||
|
"value": "31/59"
|
||
|
},
|
||
|
{
|
||
|
"category": "Other",
|
||
|
"comment": "",
|
||
|
"deleted": false,
|
||
|
"disable_correlation": false,
|
||
|
"object_relation": "last-submission",
|
||
|
"timestamp": "1515766052",
|
||
|
"to_ids": false,
|
||
|
"type": "datetime",
|
||
|
"uuid": "5a58c124-83a4-409a-93a3-474702de0b81",
|
||
|
"value": "2017-08-02T19:52:45"
|
||
|
}
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"comment": "",
|
||
|
"deleted": false,
|
||
|
"description": "File object describing a file with meta-information",
|
||
|
"meta-category": "file",
|
||
|
"name": "file",
|
||
|
"template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215",
|
||
|
"template_version": "7",
|
||
|
"timestamp": "1515766055",
|
||
|
"uuid": "dd355e08-3cf3-4834-aff2-942c4d631ef8",
|
||
|
"ObjectReference": [
|
||
|
{
|
||
|
"comment": "",
|
||
|
"object_uuid": "dd355e08-3cf3-4834-aff2-942c4d631ef8",
|
||
|
"referenced_uuid": "d553ed19-0a19-4bff-a1cb-29a2174a1504",
|
||
|
"relationship_type": "analysed-with",
|
||
|
"timestamp": "1518771604",
|
||
|
"uuid": "5a58c12a-599c-4042-9075-4d3c02de0b81"
|
||
|
}
|
||
|
],
|
||
|
"Attribute": [
|
||
|
{
|
||
|
"category": "Payload delivery",
|
||
|
"comment": "",
|
||
|
"deleted": false,
|
||
|
"disable_correlation": false,
|
||
|
"object_relation": "sha1",
|
||
|
"timestamp": "1515766052",
|
||
|
"to_ids": true,
|
||
|
"type": "sha1",
|
||
|
"uuid": "5a58c124-3010-485b-9908-499602de0b81",
|
||
|
"value": "8cfa551d15320f0157ece3bdf30b1c62765a93a5"
|
||
|
},
|
||
|
{
|
||
|
"category": "Payload delivery",
|
||
|
"comment": "",
|
||
|
"deleted": false,
|
||
|
"disable_correlation": false,
|
||
|
"object_relation": "md5",
|
||
|
"timestamp": "1515766052",
|
||
|
"to_ids": true,
|
||
|
"type": "md5",
|
||
|
"uuid": "5a58c124-42e4-4fa2-b210-4faa02de0b81",
|
||
|
"value": "29fb77664fc4f13ea5f65cfe01b292af"
|
||
|
},
|
||
|
{
|
||
|
"category": "Payload delivery",
|
||
|
"comment": "",
|
||
|
"deleted": false,
|
||
|
"disable_correlation": false,
|
||
|
"object_relation": "sha256",
|
||
|
"timestamp": "1515766052",
|
||
|
"to_ids": true,
|
||
|
"type": "sha256",
|
||
|
"uuid": "5a58c124-4850-4113-9274-473102de0b81",
|
||
|
"value": "c9140c869123e0c7a4d064a9e82bb1549c3e382cdcf2c119bcbe78911915208b"
|
||
|
}
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"comment": "",
|
||
|
"deleted": false,
|
||
|
"description": "VirusTotal report",
|
||
|
"meta-category": "misc",
|
||
|
"name": "virustotal-report",
|
||
|
"template_uuid": "d7dd0154-e04f-4c34-a2fb-79f3a3a52aa4",
|
||
|
"template_version": "1",
|
||
|
"timestamp": "1515766052",
|
||
|
"uuid": "d553ed19-0a19-4bff-a1cb-29a2174a1504",
|
||
|
"Attribute": [
|
||
|
{
|
||
|
"category": "External analysis",
|
||
|
"comment": "",
|
||
|
"deleted": false,
|
||
|
"disable_correlation": false,
|
||
|
"object_relation": "permalink",
|
||
|
"timestamp": "1515766052",
|
||
|
"to_ids": false,
|
||
|
"type": "link",
|
||
|
"uuid": "5a58c124-4378-4212-99ee-435c02de0b81",
|
||
|
"value": "https://www.virustotal.com/file/c9140c869123e0c7a4d064a9e82bb1549c3e382cdcf2c119bcbe78911915208b/analysis/1508668992/"
|
||
|
},
|
||
|
{
|
||
|
"category": "Other",
|
||
|
"comment": "",
|
||
|
"deleted": false,
|
||
|
"disable_correlation": true,
|
||
|
"object_relation": "detection-ratio",
|
||
|
"timestamp": "1515766052",
|
||
|
"to_ids": false,
|
||
|
"type": "text",
|
||
|
"uuid": "5a58c124-bc04-4d71-89f6-4c7c02de0b81",
|
||
|
"value": "16/58"
|
||
|
},
|
||
|
{
|
||
|
"category": "Other",
|
||
|
"comment": "",
|
||
|
"deleted": false,
|
||
|
"disable_correlation": false,
|
||
|
"object_relation": "last-submission",
|
||
|
"timestamp": "1515766052",
|
||
|
"to_ids": false,
|
||
|
"type": "datetime",
|
||
|
"uuid": "5a58c125-baf8-4e35-93df-4ada02de0b81",
|
||
|
"value": "2017-10-22T10:43:12"
|
||
|
}
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"comment": "",
|
||
|
"deleted": false,
|
||
|
"description": "File object describing a file with meta-information",
|
||
|
"meta-category": "file",
|
||
|
"name": "file",
|
||
|
"template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215",
|
||
|
"template_version": "7",
|
||
|
"timestamp": "1515766056",
|
||
|
"uuid": "607b7d37-5391-4828-9785-747ca987e6d0",
|
||
|
"ObjectReference": [
|
||
|
{
|
||
|
"comment": "",
|
||
|
"object_uuid": "607b7d37-5391-4828-9785-747ca987e6d0",
|
||
|
"referenced_uuid": "c962297e-54fe-479d-bc30-24c2e4425ad9",
|
||
|
"relationship_type": "analysed-with",
|
||
|
"timestamp": "1518771604",
|
||
|
"uuid": "5a58c12b-eb30-44d6-a2f7-416f02de0b81"
|
||
|
}
|
||
|
],
|
||
|
"Attribute": [
|
||
|
{
|
||
|
"category": "Payload delivery",
|
||
|
"comment": "Proton malware, not signed",
|
||
|
"deleted": false,
|
||
|
"disable_correlation": false,
|
||
|
"object_relation": "sha1",
|
||
|
"timestamp": "1515766053",
|
||
|
"to_ids": true,
|
||
|
"type": "sha1",
|
||
|
"uuid": "5a58c125-ea24-4144-9e4a-486402de0b81",
|
||
|
"value": "ef5a11a1bb5b2423554309688aa7947f4afa5388"
|
||
|
},
|
||
|
{
|
||
|
"category": "Payload delivery",
|
||
|
"comment": "Proton malware, not signed",
|
||
|
"deleted": false,
|
||
|
"disable_correlation": false,
|
||
|
"object_relation": "md5",
|
||
|
"timestamp": "1515766053",
|
||
|
"to_ids": true,
|
||
|
"type": "md5",
|
||
|
"uuid": "5a58c125-ff7c-4cf3-a74d-42a802de0b81",
|
||
|
"value": "ff44372fce42ffe13222e7237d4cdef1"
|
||
|
},
|
||
|
{
|
||
|
"category": "Payload delivery",
|
||
|
"comment": "Proton malware, not signed",
|
||
|
"deleted": false,
|
||
|
"disable_correlation": false,
|
||
|
"object_relation": "sha256",
|
||
|
"timestamp": "1515766053",
|
||
|
"to_ids": true,
|
||
|
"type": "sha256",
|
||
|
"uuid": "5a58c125-5698-4581-b8b8-459802de0b81",
|
||
|
"value": "061f056338e00d38cdfb6b1f40d8e4f8d3f1d7214f6d9a48d0d91d766b7574b7"
|
||
|
}
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"comment": "",
|
||
|
"deleted": false,
|
||
|
"description": "VirusTotal report",
|
||
|
"meta-category": "misc",
|
||
|
"name": "virustotal-report",
|
||
|
"template_uuid": "d7dd0154-e04f-4c34-a2fb-79f3a3a52aa4",
|
||
|
"template_version": "1",
|
||
|
"timestamp": "1515766053",
|
||
|
"uuid": "c962297e-54fe-479d-bc30-24c2e4425ad9",
|
||
|
"Attribute": [
|
||
|
{
|
||
|
"category": "External analysis",
|
||
|
"comment": "Proton malware, not signed",
|
||
|
"deleted": false,
|
||
|
"disable_correlation": false,
|
||
|
"object_relation": "permalink",
|
||
|
"timestamp": "1515766053",
|
||
|
"to_ids": false,
|
||
|
"type": "link",
|
||
|
"uuid": "5a58c125-5db4-4da5-9a07-4a9902de0b81",
|
||
|
"value": "https://www.virustotal.com/file/061f056338e00d38cdfb6b1f40d8e4f8d3f1d7214f6d9a48d0d91d766b7574b7/analysis/1511177323/"
|
||
|
},
|
||
|
{
|
||
|
"category": "Other",
|
||
|
"comment": "Proton malware, not signed",
|
||
|
"deleted": false,
|
||
|
"disable_correlation": true,
|
||
|
"object_relation": "detection-ratio",
|
||
|
"timestamp": "1515766053",
|
||
|
"to_ids": false,
|
||
|
"type": "text",
|
||
|
"uuid": "5a58c125-b6dc-4beb-bc75-4e4002de0b81",
|
||
|
"value": "32/58"
|
||
|
},
|
||
|
{
|
||
|
"category": "Other",
|
||
|
"comment": "Proton malware, not signed",
|
||
|
"deleted": false,
|
||
|
"disable_correlation": false,
|
||
|
"object_relation": "last-submission",
|
||
|
"timestamp": "1515766053",
|
||
|
"to_ids": false,
|
||
|
"type": "datetime",
|
||
|
"uuid": "5a58c125-9158-43b5-9839-45a602de0b81",
|
||
|
"value": "2017-11-20T11:28:43"
|
||
|
}
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"comment": "",
|
||
|
"deleted": false,
|
||
|
"description": "File object describing a file with meta-information",
|
||
|
"meta-category": "file",
|
||
|
"name": "file",
|
||
|
"template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215",
|
||
|
"template_version": "7",
|
||
|
"timestamp": "1515766056",
|
||
|
"uuid": "845b2d47-0368-4a40-91d0-479d97eacda4",
|
||
|
"ObjectReference": [
|
||
|
{
|
||
|
"comment": "",
|
||
|
"object_uuid": "845b2d47-0368-4a40-91d0-479d97eacda4",
|
||
|
"referenced_uuid": "22650c01-93d0-43cb-9b39-9e6b3db474eb",
|
||
|
"relationship_type": "analysed-with",
|
||
|
"timestamp": "1518771605",
|
||
|
"uuid": "5a58c12b-2eec-4e09-83f6-418102de0b81"
|
||
|
}
|
||
|
],
|
||
|
"Attribute": [
|
||
|
{
|
||
|
"category": "Payload delivery",
|
||
|
"comment": "",
|
||
|
"deleted": false,
|
||
|
"disable_correlation": false,
|
||
|
"object_relation": "sha1",
|
||
|
"timestamp": "1515766053",
|
||
|
"to_ids": true,
|
||
|
"type": "sha1",
|
||
|
"uuid": "5a58c125-f670-4f66-a233-497c02de0b81",
|
||
|
"value": "e9dcdae1406ab1132dc9d507fd63503e5c4d41d9"
|
||
|
},
|
||
|
{
|
||
|
"category": "Payload delivery",
|
||
|
"comment": "",
|
||
|
"deleted": false,
|
||
|
"disable_correlation": false,
|
||
|
"object_relation": "md5",
|
||
|
"timestamp": "1515766053",
|
||
|
"to_ids": true,
|
||
|
"type": "md5",
|
||
|
"uuid": "5a58c125-9ba8-4d19-8173-4e0802de0b81",
|
||
|
"value": "c7a2a5c0fbe4df3afd9dbedecf8321da"
|
||
|
},
|
||
|
{
|
||
|
"category": "Payload delivery",
|
||
|
"comment": "",
|
||
|
"deleted": false,
|
||
|
"disable_correlation": false,
|
||
|
"object_relation": "sha256",
|
||
|
"timestamp": "1515766053",
|
||
|
"to_ids": true,
|
||
|
"type": "sha256",
|
||
|
"uuid": "5a58c125-b7c4-4523-b954-45d902de0b81",
|
||
|
"value": "b9432b91a112ed2bfcbf0530a04406390c854a7c9f8afea17e9e94fe43242ce1"
|
||
|
}
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"comment": "",
|
||
|
"deleted": false,
|
||
|
"description": "VirusTotal report",
|
||
|
"meta-category": "misc",
|
||
|
"name": "virustotal-report",
|
||
|
"template_uuid": "d7dd0154-e04f-4c34-a2fb-79f3a3a52aa4",
|
||
|
"template_version": "1",
|
||
|
"timestamp": "1515766053",
|
||
|
"uuid": "22650c01-93d0-43cb-9b39-9e6b3db474eb",
|
||
|
"Attribute": [
|
||
|
{
|
||
|
"category": "External analysis",
|
||
|
"comment": "",
|
||
|
"deleted": false,
|
||
|
"disable_correlation": false,
|
||
|
"object_relation": "permalink",
|
||
|
"timestamp": "1515766053",
|
||
|
"to_ids": false,
|
||
|
"type": "link",
|
||
|
"uuid": "5a58c125-7bfc-4172-995d-492d02de0b81",
|
||
|
"value": "https://www.virustotal.com/file/b9432b91a112ed2bfcbf0530a04406390c854a7c9f8afea17e9e94fe43242ce1/analysis/1508922137/"
|
||
|
},
|
||
|
{
|
||
|
"category": "Other",
|
||
|
"comment": "",
|
||
|
"deleted": false,
|
||
|
"disable_correlation": true,
|
||
|
"object_relation": "detection-ratio",
|
||
|
"timestamp": "1515766053",
|
||
|
"to_ids": false,
|
||
|
"type": "text",
|
||
|
"uuid": "5a58c125-bbcc-43e0-b20b-485102de0b81",
|
||
|
"value": "18/59"
|
||
|
},
|
||
|
{
|
||
|
"category": "Other",
|
||
|
"comment": "",
|
||
|
"deleted": false,
|
||
|
"disable_correlation": false,
|
||
|
"object_relation": "last-submission",
|
||
|
"timestamp": "1515766053",
|
||
|
"to_ids": false,
|
||
|
"type": "datetime",
|
||
|
"uuid": "5a58c125-579c-4620-a593-4efc02de0b81",
|
||
|
"value": "2017-10-25T09:02:17"
|
||
|
}
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"comment": "",
|
||
|
"deleted": false,
|
||
|
"description": "File object describing a file with meta-information",
|
||
|
"meta-category": "file",
|
||
|
"name": "file",
|
||
|
"template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215",
|
||
|
"template_version": "7",
|
||
|
"timestamp": "1515766056",
|
||
|
"uuid": "8cb5ebee-fcb0-4f05-a707-708b1eaddd59",
|
||
|
"ObjectReference": [
|
||
|
{
|
||
|
"comment": "",
|
||
|
"object_uuid": "8cb5ebee-fcb0-4f05-a707-708b1eaddd59",
|
||
|
"referenced_uuid": "9f51aaa1-7f34-4b9a-b4a4-34413e3295e3",
|
||
|
"relationship_type": "analysed-with",
|
||
|
"timestamp": "1518771605",
|
||
|
"uuid": "5a58c12b-ff60-45ec-93e8-49ef02de0b81"
|
||
|
}
|
||
|
],
|
||
|
"Attribute": [
|
||
|
{
|
||
|
"category": "Payload delivery",
|
||
|
"comment": "",
|
||
|
"deleted": false,
|
||
|
"disable_correlation": false,
|
||
|
"object_relation": "sha1",
|
||
|
"timestamp": "1515766053",
|
||
|
"to_ids": true,
|
||
|
"type": "sha1",
|
||
|
"uuid": "5a58c125-70a8-4f02-9bef-4e7202de0b81",
|
||
|
"value": "9e5378165bb20e9a7f74a7fcc73b528f7b231a75"
|
||
|
},
|
||
|
{
|
||
|
"category": "Payload delivery",
|
||
|
"comment": "",
|
||
|
"deleted": false,
|
||
|
"disable_correlation": false,
|
||
|
"object_relation": "md5",
|
||
|
"timestamp": "1515766053",
|
||
|
"to_ids": true,
|
||
|
"type": "md5",
|
||
|
"uuid": "5a58c125-2744-4006-9990-45b002de0b81",
|
||
|
"value": "0ca749b61c7e76e6ec07c33aab01aab3"
|
||
|
},
|
||
|
{
|
||
|
"category": "Payload delivery",
|
||
|
"comment": "",
|
||
|
"deleted": false,
|
||
|
"disable_correlation": false,
|
||
|
"object_relation": "sha256",
|
||
|
"timestamp": "1515766053",
|
||
|
"to_ids": true,
|
||
|
"type": "sha256",
|
||
|
"uuid": "5a58c125-b6bc-48c6-9722-437002de0b81",
|
||
|
"value": "553496aa878821295de7acdd20d6377d39e304651bdd1281c7a7ff15b8f43cad"
|
||
|
}
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"comment": "",
|
||
|
"deleted": false,
|
||
|
"description": "VirusTotal report",
|
||
|
"meta-category": "misc",
|
||
|
"name": "virustotal-report",
|
||
|
"template_uuid": "d7dd0154-e04f-4c34-a2fb-79f3a3a52aa4",
|
||
|
"template_version": "1",
|
||
|
"timestamp": "1515766053",
|
||
|
"uuid": "9f51aaa1-7f34-4b9a-b4a4-34413e3295e3",
|
||
|
"Attribute": [
|
||
|
{
|
||
|
"category": "External analysis",
|
||
|
"comment": "",
|
||
|
"deleted": false,
|
||
|
"disable_correlation": false,
|
||
|
"object_relation": "permalink",
|
||
|
"timestamp": "1515766053",
|
||
|
"to_ids": false,
|
||
|
"type": "link",
|
||
|
"uuid": "5a58c125-2dd4-4e08-a8eb-40ac02de0b81",
|
||
|
"value": "https://www.virustotal.com/file/553496aa878821295de7acdd20d6377d39e304651bdd1281c7a7ff15b8f43cad/analysis/1511207074/"
|
||
|
},
|
||
|
{
|
||
|
"category": "Other",
|
||
|
"comment": "",
|
||
|
"deleted": false,
|
||
|
"disable_correlation": true,
|
||
|
"object_relation": "detection-ratio",
|
||
|
"timestamp": "1515766053",
|
||
|
"to_ids": false,
|
||
|
"type": "text",
|
||
|
"uuid": "5a58c125-e1e0-4a1d-a360-460d02de0b81",
|
||
|
"value": "34/60"
|
||
|
},
|
||
|
{
|
||
|
"category": "Other",
|
||
|
"comment": "",
|
||
|
"deleted": false,
|
||
|
"disable_correlation": false,
|
||
|
"object_relation": "last-submission",
|
||
|
"timestamp": "1515766053",
|
||
|
"to_ids": false,
|
||
|
"type": "datetime",
|
||
|
"uuid": "5a58c125-06bc-43be-aab6-4d6d02de0b81",
|
||
|
"value": "2017-11-20T19:44:34"
|
||
|
}
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"comment": "",
|
||
|
"deleted": false,
|
||
|
"description": "File object describing a file with meta-information",
|
||
|
"meta-category": "file",
|
||
|
"name": "file",
|
||
|
"template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215",
|
||
|
"template_version": "7",
|
||
|
"timestamp": "1515766056",
|
||
|
"uuid": "193ddc06-7e30-4bb9-a2e8-48fbfd5c7f4b",
|
||
|
"ObjectReference": [
|
||
|
{
|
||
|
"comment": "",
|
||
|
"object_uuid": "193ddc06-7e30-4bb9-a2e8-48fbfd5c7f4b",
|
||
|
"referenced_uuid": "21ee3580-cfc9-41d7-99c2-00615d045962",
|
||
|
"relationship_type": "analysed-with",
|
||
|
"timestamp": "1518771605",
|
||
|
"uuid": "5a58c12b-cd7c-401d-a1da-448502de0b81"
|
||
|
}
|
||
|
],
|
||
|
"Attribute": [
|
||
|
{
|
||
|
"category": "Payload delivery",
|
||
|
"comment": "",
|
||
|
"deleted": false,
|
||
|
"disable_correlation": false,
|
||
|
"object_relation": "sha1",
|
||
|
"timestamp": "1515766053",
|
||
|
"to_ids": true,
|
||
|
"type": "sha1",
|
||
|
"uuid": "5a58c125-670c-48f3-b9f8-492902de0b81",
|
||
|
"value": "3ef34e2581937babd2b7ce63ab1d92cd9440181a"
|
||
|
},
|
||
|
{
|
||
|
"category": "Payload delivery",
|
||
|
"comment": "",
|
||
|
"deleted": false,
|
||
|
"disable_correlation": false,
|
||
|
"object_relation": "md5",
|
||
|
"timestamp": "1515766053",
|
||
|
"to_ids": true,
|
||
|
"type": "md5",
|
||
|
"uuid": "5a58c125-ae5c-4a39-ac9e-4e7102de0b81",
|
||
|
"value": "9f5013e080d628a35ba190621e0998c2"
|
||
|
},
|
||
|
{
|
||
|
"category": "Payload delivery",
|
||
|
"comment": "",
|
||
|
"deleted": false,
|
||
|
"disable_correlation": false,
|
||
|
"object_relation": "sha256",
|
||
|
"timestamp": "1515766053",
|
||
|
"to_ids": true,
|
||
|
"type": "sha256",
|
||
|
"uuid": "5a58c125-0dc8-44dc-ae76-42e902de0b81",
|
||
|
"value": "cb3be20d5de9ae45ec959bc9afa93018ec5f4dd80368a707bc654fab87378452"
|
||
|
}
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"comment": "",
|
||
|
"deleted": false,
|
||
|
"description": "VirusTotal report",
|
||
|
"meta-category": "misc",
|
||
|
"name": "virustotal-report",
|
||
|
"template_uuid": "d7dd0154-e04f-4c34-a2fb-79f3a3a52aa4",
|
||
|
"template_version": "1",
|
||
|
"timestamp": "1515766053",
|
||
|
"uuid": "21ee3580-cfc9-41d7-99c2-00615d045962",
|
||
|
"Attribute": [
|
||
|
{
|
||
|
"category": "External analysis",
|
||
|
"comment": "",
|
||
|
"deleted": false,
|
||
|
"disable_correlation": false,
|
||
|
"object_relation": "permalink",
|
||
|
"timestamp": "1515766053",
|
||
|
"to_ids": false,
|
||
|
"type": "link",
|
||
|
"uuid": "5a58c125-56c4-4949-b3c5-416f02de0b81",
|
||
|
"value": "https://www.virustotal.com/file/cb3be20d5de9ae45ec959bc9afa93018ec5f4dd80368a707bc654fab87378452/analysis/1511178355/"
|
||
|
},
|
||
|
{
|
||
|
"category": "Other",
|
||
|
"comment": "",
|
||
|
"deleted": false,
|
||
|
"disable_correlation": true,
|
||
|
"object_relation": "detection-ratio",
|
||
|
"timestamp": "1515766053",
|
||
|
"to_ids": false,
|
||
|
"type": "text",
|
||
|
"uuid": "5a58c125-c294-4611-8b13-42e002de0b81",
|
||
|
"value": "32/59"
|
||
|
},
|
||
|
{
|
||
|
"category": "Other",
|
||
|
"comment": "",
|
||
|
"deleted": false,
|
||
|
"disable_correlation": false,
|
||
|
"object_relation": "last-submission",
|
||
|
"timestamp": "1515766053",
|
||
|
"to_ids": false,
|
||
|
"type": "datetime",
|
||
|
"uuid": "5a58c125-8914-456b-b452-404802de0b81",
|
||
|
"value": "2017-11-20T11:45:55"
|
||
|
}
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"comment": "",
|
||
|
"deleted": false,
|
||
|
"description": "File object describing a file with meta-information",
|
||
|
"meta-category": "file",
|
||
|
"name": "file",
|
||
|
"template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215",
|
||
|
"template_version": "7",
|
||
|
"timestamp": "1515766056",
|
||
|
"uuid": "f2fc9d46-6d9a-497c-b6ba-0b5e6b9210ea",
|
||
|
"ObjectReference": [
|
||
|
{
|
||
|
"comment": "",
|
||
|
"object_uuid": "f2fc9d46-6d9a-497c-b6ba-0b5e6b9210ea",
|
||
|
"referenced_uuid": "eb9962e1-8c34-45bf-b7be-9ce7bc3fec07",
|
||
|
"relationship_type": "analysed-with",
|
||
|
"timestamp": "1518771605",
|
||
|
"uuid": "5a58c12b-72f8-469c-864c-4e1f02de0b81"
|
||
|
}
|
||
|
],
|
||
|
"Attribute": [
|
||
|
{
|
||
|
"category": "Payload delivery",
|
||
|
"comment": "ZIP archive with the Proton malware and Python scripts",
|
||
|
"deleted": false,
|
||
|
"disable_correlation": false,
|
||
|
"object_relation": "sha1",
|
||
|
"timestamp": "1515766053",
|
||
|
"to_ids": true,
|
||
|
"type": "sha1",
|
||
|
"uuid": "5a58c125-a534-4234-aa4e-4a4702de0b81",
|
||
|
"value": "10a09c09fd5dd76202e308718a357abc7de291b5"
|
||
|
},
|
||
|
{
|
||
|
"category": "Payload delivery",
|
||
|
"comment": "ZIP archive with the Proton malware and Python scripts",
|
||
|
"deleted": false,
|
||
|
"disable_correlation": false,
|
||
|
"object_relation": "md5",
|
||
|
"timestamp": "1515766053",
|
||
|
"to_ids": true,
|
||
|
"type": "md5",
|
||
|
"uuid": "5a58c125-f00c-42c3-90ef-46d502de0b81",
|
||
|
"value": "5f145ed27ec88add379676729cbad15f"
|
||
|
},
|
||
|
{
|
||
|
"category": "Payload delivery",
|
||
|
"comment": "ZIP archive with the Proton malware and Python scripts",
|
||
|
"deleted": false,
|
||
|
"disable_correlation": false,
|
||
|
"object_relation": "sha256",
|
||
|
"timestamp": "1515766054",
|
||
|
"to_ids": true,
|
||
|
"type": "sha256",
|
||
|
"uuid": "5a58c126-b0c0-4b50-9c51-491302de0b81",
|
||
|
"value": "2ec4b1705b690ab8c558e3e8ead8bbd34b1fb1b260a27f40b34718be3b71a3a7"
|
||
|
}
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"comment": "",
|
||
|
"deleted": false,
|
||
|
"description": "VirusTotal report",
|
||
|
"meta-category": "misc",
|
||
|
"name": "virustotal-report",
|
||
|
"template_uuid": "d7dd0154-e04f-4c34-a2fb-79f3a3a52aa4",
|
||
|
"template_version": "1",
|
||
|
"timestamp": "1515766054",
|
||
|
"uuid": "eb9962e1-8c34-45bf-b7be-9ce7bc3fec07",
|
||
|
"Attribute": [
|
||
|
{
|
||
|
"category": "External analysis",
|
||
|
"comment": "ZIP archive with the Proton malware and Python scripts",
|
||
|
"deleted": false,
|
||
|
"disable_correlation": false,
|
||
|
"object_relation": "permalink",
|
||
|
"timestamp": "1515766054",
|
||
|
"to_ids": false,
|
||
|
"type": "link",
|
||
|
"uuid": "5a58c126-08b0-47d4-b924-4cf202de0b81",
|
||
|
"value": "https://www.virustotal.com/file/2ec4b1705b690ab8c558e3e8ead8bbd34b1fb1b260a27f40b34718be3b71a3a7/analysis/1511434500/"
|
||
|
},
|
||
|
{
|
||
|
"category": "Other",
|
||
|
"comment": "ZIP archive with the Proton malware and Python scripts",
|
||
|
"deleted": false,
|
||
|
"disable_correlation": true,
|
||
|
"object_relation": "detection-ratio",
|
||
|
"timestamp": "1515766054",
|
||
|
"to_ids": false,
|
||
|
"type": "text",
|
||
|
"uuid": "5a58c126-dac8-4d6e-9d75-48a902de0b81",
|
||
|
"value": "33/60"
|
||
|
},
|
||
|
{
|
||
|
"category": "Other",
|
||
|
"comment": "ZIP archive with the Proton malware and Python scripts",
|
||
|
"deleted": false,
|
||
|
"disable_correlation": false,
|
||
|
"object_relation": "last-submission",
|
||
|
"timestamp": "1515766054",
|
||
|
"to_ids": false,
|
||
|
"type": "datetime",
|
||
|
"uuid": "5a58c126-4d14-42b2-9895-4fb802de0b81",
|
||
|
"value": "2017-11-23T10:55:00"
|
||
|
}
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"comment": "",
|
||
|
"deleted": false,
|
||
|
"description": "File object describing a file with meta-information",
|
||
|
"meta-category": "file",
|
||
|
"name": "file",
|
||
|
"template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215",
|
||
|
"template_version": "7",
|
||
|
"timestamp": "1515766057",
|
||
|
"uuid": "a10445d8-f9e8-485b-8d4a-167ce8bea45d",
|
||
|
"ObjectReference": [
|
||
|
{
|
||
|
"comment": "",
|
||
|
"object_uuid": "a10445d8-f9e8-485b-8d4a-167ce8bea45d",
|
||
|
"referenced_uuid": "cb259893-8a4b-4847-b19a-50a9bb705885",
|
||
|
"relationship_type": "analysed-with",
|
||
|
"timestamp": "1518771605",
|
||
|
"uuid": "5a58c12b-0a88-4281-97c4-411202de0b81"
|
||
|
}
|
||
|
],
|
||
|
"Attribute": [
|
||
|
{
|
||
|
"category": "Payload delivery",
|
||
|
"comment": "",
|
||
|
"deleted": false,
|
||
|
"disable_correlation": false,
|
||
|
"object_relation": "sha1",
|
||
|
"timestamp": "1515766054",
|
||
|
"to_ids": true,
|
||
|
"type": "sha1",
|
||
|
"uuid": "5a58c126-2694-427d-8e18-400802de0b81",
|
||
|
"value": "3820b23c1057f8c3522c47737f25183a3c15e4db"
|
||
|
},
|
||
|
{
|
||
|
"category": "Payload delivery",
|
||
|
"comment": "",
|
||
|
"deleted": false,
|
||
|
"disable_correlation": false,
|
||
|
"object_relation": "md5",
|
||
|
"timestamp": "1515766054",
|
||
|
"to_ids": true,
|
||
|
"type": "md5",
|
||
|
"uuid": "5a58c126-8bc0-45ba-ac1e-41cc02de0b81",
|
||
|
"value": "20f20918149fa3a972a87b3364248772"
|
||
|
},
|
||
|
{
|
||
|
"category": "Payload delivery",
|
||
|
"comment": "",
|
||
|
"deleted": false,
|
||
|
"disable_correlation": false,
|
||
|
"object_relation": "sha256",
|
||
|
"timestamp": "1515766054",
|
||
|
"to_ids": true,
|
||
|
"type": "sha256",
|
||
|
"uuid": "5a58c126-f980-4f61-892d-4eff02de0b81",
|
||
|
"value": "c9e1fe6a32356a823f3dc36851bc8dfd5c601481c109229bd21883bffee10f5e"
|
||
|
}
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"comment": "",
|
||
|
"deleted": false,
|
||
|
"description": "VirusTotal report",
|
||
|
"meta-category": "misc",
|
||
|
"name": "virustotal-report",
|
||
|
"template_uuid": "d7dd0154-e04f-4c34-a2fb-79f3a3a52aa4",
|
||
|
"template_version": "1",
|
||
|
"timestamp": "1515766054",
|
||
|
"uuid": "cb259893-8a4b-4847-b19a-50a9bb705885",
|
||
|
"Attribute": [
|
||
|
{
|
||
|
"category": "External analysis",
|
||
|
"comment": "",
|
||
|
"deleted": false,
|
||
|
"disable_correlation": false,
|
||
|
"object_relation": "permalink",
|
||
|
"timestamp": "1515766054",
|
||
|
"to_ids": false,
|
||
|
"type": "link",
|
||
|
"uuid": "5a58c126-08ac-404d-a0ae-4ea102de0b81",
|
||
|
"value": "https://www.virustotal.com/file/c9e1fe6a32356a823f3dc36851bc8dfd5c601481c109229bd21883bffee10f5e/analysis/1509667740/"
|
||
|
},
|
||
|
{
|
||
|
"category": "Other",
|
||
|
"comment": "",
|
||
|
"deleted": false,
|
||
|
"disable_correlation": true,
|
||
|
"object_relation": "detection-ratio",
|
||
|
"timestamp": "1515766054",
|
||
|
"to_ids": false,
|
||
|
"type": "text",
|
||
|
"uuid": "5a58c126-aa14-43ec-87e2-482702de0b81",
|
||
|
"value": "33/59"
|
||
|
},
|
||
|
{
|
||
|
"category": "Other",
|
||
|
"comment": "",
|
||
|
"deleted": false,
|
||
|
"disable_correlation": false,
|
||
|
"object_relation": "last-submission",
|
||
|
"timestamp": "1515766054",
|
||
|
"to_ids": false,
|
||
|
"type": "datetime",
|
||
|
"uuid": "5a58c126-0764-4002-afca-4c5c02de0b81",
|
||
|
"value": "2017-11-03T00:09:00"
|
||
|
}
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"comment": "",
|
||
|
"deleted": false,
|
||
|
"description": "File object describing a file with meta-information",
|
||
|
"meta-category": "file",
|
||
|
"name": "file",
|
||
|
"template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215",
|
||
|
"template_version": "7",
|
||
|
"timestamp": "1515766057",
|
||
|
"uuid": "f41bbf4c-5ca3-4e62-af09-e1a9145ee05e",
|
||
|
"ObjectReference": [
|
||
|
{
|
||
|
"comment": "",
|
||
|
"object_uuid": "f41bbf4c-5ca3-4e62-af09-e1a9145ee05e",
|
||
|
"referenced_uuid": "bf3e1c52-bd79-4344-beed-865e505b5210",
|
||
|
"relationship_type": "analysed-with",
|
||
|
"timestamp": "1518771605",
|
||
|
"uuid": "5a58c12b-ab4c-43c4-8041-4c1c02de0b81"
|
||
|
}
|
||
|
],
|
||
|
"Attribute": [
|
||
|
{
|
||
|
"category": "Payload delivery",
|
||
|
"comment": "",
|
||
|
"deleted": false,
|
||
|
"disable_correlation": false,
|
||
|
"object_relation": "sha1",
|
||
|
"timestamp": "1515766054",
|
||
|
"to_ids": true,
|
||
|
"type": "sha1",
|
||
|
"uuid": "5a58c126-7954-456b-bae6-42f102de0b81",
|
||
|
"value": "1b7380d283ceebcabb683464ba0bb6dd73d6e886"
|
||
|
},
|
||
|
{
|
||
|
"category": "Payload delivery",
|
||
|
"comment": "",
|
||
|
"deleted": false,
|
||
|
"disable_correlation": false,
|
||
|
"object_relation": "md5",
|
||
|
"timestamp": "1515766054",
|
||
|
"to_ids": true,
|
||
|
"type": "md5",
|
||
|
"uuid": "5a58c126-a290-4af4-adbe-447e02de0b81",
|
||
|
"value": "1b8be665af7729618d70bad773aac423"
|
||
|
},
|
||
|
{
|
||
|
"category": "Payload delivery",
|
||
|
"comment": "",
|
||
|
"deleted": false,
|
||
|
"disable_correlation": false,
|
||
|
"object_relation": "sha256",
|
||
|
"timestamp": "1515766054",
|
||
|
"to_ids": true,
|
||
|
"type": "sha256",
|
||
|
"uuid": "5a58c126-89e0-4588-853a-463802de0b81",
|
||
|
"value": "d19b903adbd0f8c119d0d8f25b194bdd24b737357a517f23ca5cdc6c75b35038"
|
||
|
}
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"comment": "",
|
||
|
"deleted": false,
|
||
|
"description": "VirusTotal report",
|
||
|
"meta-category": "misc",
|
||
|
"name": "virustotal-report",
|
||
|
"template_uuid": "d7dd0154-e04f-4c34-a2fb-79f3a3a52aa4",
|
||
|
"template_version": "1",
|
||
|
"timestamp": "1515766054",
|
||
|
"uuid": "bf3e1c52-bd79-4344-beed-865e505b5210",
|
||
|
"Attribute": [
|
||
|
{
|
||
|
"category": "External analysis",
|
||
|
"comment": "",
|
||
|
"deleted": false,
|
||
|
"disable_correlation": false,
|
||
|
"object_relation": "permalink",
|
||
|
"timestamp": "1515766054",
|
||
|
"to_ids": false,
|
||
|
"type": "link",
|
||
|
"uuid": "5a58c126-33a8-4741-976e-440402de0b81",
|
||
|
"value": "https://www.virustotal.com/file/d19b903adbd0f8c119d0d8f25b194bdd24b737357a517f23ca5cdc6c75b35038/analysis/1508798227/"
|
||
|
},
|
||
|
{
|
||
|
"category": "Other",
|
||
|
"comment": "",
|
||
|
"deleted": false,
|
||
|
"disable_correlation": true,
|
||
|
"object_relation": "detection-ratio",
|
||
|
"timestamp": "1515766054",
|
||
|
"to_ids": false,
|
||
|
"type": "text",
|
||
|
"uuid": "5a58c126-c5f0-4350-a0c0-47d602de0b81",
|
||
|
"value": "32/60"
|
||
|
},
|
||
|
{
|
||
|
"category": "Other",
|
||
|
"comment": "",
|
||
|
"deleted": false,
|
||
|
"disable_correlation": false,
|
||
|
"object_relation": "last-submission",
|
||
|
"timestamp": "1515766054",
|
||
|
"to_ids": false,
|
||
|
"type": "datetime",
|
||
|
"uuid": "5a58c126-9664-463a-bb7a-46e102de0b81",
|
||
|
"value": "2017-10-23T22:37:07"
|
||
|
}
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"comment": "",
|
||
|
"deleted": false,
|
||
|
"description": "File object describing a file with meta-information",
|
||
|
"meta-category": "file",
|
||
|
"name": "file",
|
||
|
"template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215",
|
||
|
"template_version": "7",
|
||
|
"timestamp": "1515766057",
|
||
|
"uuid": "44885bf0-1f38-4d25-b9d9-80c3b47bed40",
|
||
|
"ObjectReference": [
|
||
|
{
|
||
|
"comment": "",
|
||
|
"object_uuid": "44885bf0-1f38-4d25-b9d9-80c3b47bed40",
|
||
|
"referenced_uuid": "e4dd2223-b1b9-40d2-b87b-9e819a6a68fb",
|
||
|
"relationship_type": "analysed-with",
|
||
|
"timestamp": "1518771605",
|
||
|
"uuid": "5a58c12b-bafc-4e52-9e5b-420602de0b81"
|
||
|
}
|
||
|
],
|
||
|
"Attribute": [
|
||
|
{
|
||
|
"category": "Payload delivery",
|
||
|
"comment": "",
|
||
|
"deleted": false,
|
||
|
"disable_correlation": false,
|
||
|
"object_relation": "sha1",
|
||
|
"timestamp": "1515766054",
|
||
|
"to_ids": true,
|
||
|
"type": "sha1",
|
||
|
"uuid": "5a58c126-fbf4-4a70-9efa-445a02de0b81",
|
||
|
"value": "c9472d791c076a10dce5ff0d3ab6e7706524b741"
|
||
|
},
|
||
|
{
|
||
|
"category": "Payload delivery",
|
||
|
"comment": "",
|
||
|
"deleted": false,
|
||
|
"disable_correlation": false,
|
||
|
"object_relation": "md5",
|
||
|
"timestamp": "1515766054",
|
||
|
"to_ids": true,
|
||
|
"type": "md5",
|
||
|
"uuid": "5a58c126-bac4-4010-b9d2-423d02de0b81",
|
||
|
"value": "cc3297083ad89cabfd58d251cbbe3ca9"
|
||
|
},
|
||
|
{
|
||
|
"category": "Payload delivery",
|
||
|
"comment": "",
|
||
|
"deleted": false,
|
||
|
"disable_correlation": false,
|
||
|
"object_relation": "sha256",
|
||
|
"timestamp": "1515766054",
|
||
|
"to_ids": true,
|
||
|
"type": "sha256",
|
||
|
"uuid": "5a58c126-9a74-43cf-be3b-4a9002de0b81",
|
||
|
"value": "2e6bb8fd7f983dd06fa0c5314a7b105354888f63c60a3205ade6d467cc620dc5"
|
||
|
}
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"comment": "",
|
||
|
"deleted": false,
|
||
|
"description": "VirusTotal report",
|
||
|
"meta-category": "misc",
|
||
|
"name": "virustotal-report",
|
||
|
"template_uuid": "d7dd0154-e04f-4c34-a2fb-79f3a3a52aa4",
|
||
|
"template_version": "1",
|
||
|
"timestamp": "1515766054",
|
||
|
"uuid": "e4dd2223-b1b9-40d2-b87b-9e819a6a68fb",
|
||
|
"Attribute": [
|
||
|
{
|
||
|
"category": "External analysis",
|
||
|
"comment": "",
|
||
|
"deleted": false,
|
||
|
"disable_correlation": false,
|
||
|
"object_relation": "permalink",
|
||
|
"timestamp": "1515766054",
|
||
|
"to_ids": false,
|
||
|
"type": "link",
|
||
|
"uuid": "5a58c126-b024-4447-a928-4c8c02de0b81",
|
||
|
"value": "https://www.virustotal.com/file/2e6bb8fd7f983dd06fa0c5314a7b105354888f63c60a3205ade6d467cc620dc5/analysis/1511177410/"
|
||
|
},
|
||
|
{
|
||
|
"category": "Other",
|
||
|
"comment": "",
|
||
|
"deleted": false,
|
||
|
"disable_correlation": true,
|
||
|
"object_relation": "detection-ratio",
|
||
|
"timestamp": "1515766054",
|
||
|
"to_ids": false,
|
||
|
"type": "text",
|
||
|
"uuid": "5a58c126-5fec-48c6-b0af-4df102de0b81",
|
||
|
"value": "33/60"
|
||
|
},
|
||
|
{
|
||
|
"category": "Other",
|
||
|
"comment": "",
|
||
|
"deleted": false,
|
||
|
"disable_correlation": false,
|
||
|
"object_relation": "last-submission",
|
||
|
"timestamp": "1515766054",
|
||
|
"to_ids": false,
|
||
|
"type": "datetime",
|
||
|
"uuid": "5a58c126-7388-4421-a4e6-4b7a02de0b81",
|
||
|
"value": "2017-11-20T11:30:10"
|
||
|
}
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"comment": "",
|
||
|
"deleted": false,
|
||
|
"description": "File object describing a file with meta-information",
|
||
|
"meta-category": "file",
|
||
|
"name": "file",
|
||
|
"template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215",
|
||
|
"template_version": "7",
|
||
|
"timestamp": "1515766057",
|
||
|
"uuid": "bf5df298-de3c-4398-9e6d-833e38d5c81f",
|
||
|
"ObjectReference": [
|
||
|
{
|
||
|
"comment": "",
|
||
|
"object_uuid": "bf5df298-de3c-4398-9e6d-833e38d5c81f",
|
||
|
"referenced_uuid": "ddd10108-2f29-4846-bea0-1e80d1c62981",
|
||
|
"relationship_type": "analysed-with",
|
||
|
"timestamp": "1518771605",
|
||
|
"uuid": "5a58c12b-daf0-434a-9a60-413d02de0b81"
|
||
|
}
|
||
|
],
|
||
|
"Attribute": [
|
||
|
{
|
||
|
"category": "Payload delivery",
|
||
|
"comment": "",
|
||
|
"deleted": false,
|
||
|
"disable_correlation": false,
|
||
|
"object_relation": "sha1",
|
||
|
"timestamp": "1515766054",
|
||
|
"to_ids": true,
|
||
|
"type": "sha1",
|
||
|
"uuid": "5a58c126-2df0-4127-9ec6-49cf02de0b81",
|
||
|
"value": "0400b35d703d872adc64aa7ef914a260903998ca"
|
||
|
},
|
||
|
{
|
||
|
"category": "Payload delivery",
|
||
|
"comment": "",
|
||
|
"deleted": false,
|
||
|
"disable_correlation": false,
|
||
|
"object_relation": "md5",
|
||
|
"timestamp": "1515766054",
|
||
|
"to_ids": true,
|
||
|
"type": "md5",
|
||
|
"uuid": "5a58c126-77ac-40b3-be1e-41f002de0b81",
|
||
|
"value": "1a6f74f29c985259fe1f6c4821c51373"
|
||
|
},
|
||
|
{
|
||
|
"category": "Payload delivery",
|
||
|
"comment": "",
|
||
|
"deleted": false,
|
||
|
"disable_correlation": false,
|
||
|
"object_relation": "sha256",
|
||
|
"timestamp": "1515766054",
|
||
|
"to_ids": true,
|
||
|
"type": "sha256",
|
||
|
"uuid": "5a58c126-0358-477a-924a-41af02de0b81",
|
||
|
"value": "247eb9cfc0f9ea2c0ba1824381380e3354ee1fb2f0521f8a6fff2baeacc541ff"
|
||
|
}
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"comment": "",
|
||
|
"deleted": false,
|
||
|
"description": "VirusTotal report",
|
||
|
"meta-category": "misc",
|
||
|
"name": "virustotal-report",
|
||
|
"template_uuid": "d7dd0154-e04f-4c34-a2fb-79f3a3a52aa4",
|
||
|
"template_version": "1",
|
||
|
"timestamp": "1515766054",
|
||
|
"uuid": "ddd10108-2f29-4846-bea0-1e80d1c62981",
|
||
|
"Attribute": [
|
||
|
{
|
||
|
"category": "External analysis",
|
||
|
"comment": "",
|
||
|
"deleted": false,
|
||
|
"disable_correlation": false,
|
||
|
"object_relation": "permalink",
|
||
|
"timestamp": "1515766054",
|
||
|
"to_ids": false,
|
||
|
"type": "link",
|
||
|
"uuid": "5a58c126-a598-4cee-b6d2-4cca02de0b81",
|
||
|
"value": "https://www.virustotal.com/file/247eb9cfc0f9ea2c0ba1824381380e3354ee1fb2f0521f8a6fff2baeacc541ff/analysis/1515612036/"
|
||
|
},
|
||
|
{
|
||
|
"category": "Other",
|
||
|
"comment": "",
|
||
|
"deleted": false,
|
||
|
"disable_correlation": true,
|
||
|
"object_relation": "detection-ratio",
|
||
|
"timestamp": "1515766054",
|
||
|
"to_ids": false,
|
||
|
"type": "text",
|
||
|
"uuid": "5a58c126-5fc4-4512-ac9a-47c602de0b81",
|
||
|
"value": "26/59"
|
||
|
},
|
||
|
{
|
||
|
"category": "Other",
|
||
|
"comment": "",
|
||
|
"deleted": false,
|
||
|
"disable_correlation": false,
|
||
|
"object_relation": "last-submission",
|
||
|
"timestamp": "1515766055",
|
||
|
"to_ids": false,
|
||
|
"type": "datetime",
|
||
|
"uuid": "5a58c127-03d4-4cdd-afd4-466302de0b81",
|
||
|
"value": "2018-01-10T19:20:36"
|
||
|
}
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"comment": "",
|
||
|
"deleted": false,
|
||
|
"description": "File object describing a file with meta-information",
|
||
|
"meta-category": "file",
|
||
|
"name": "file",
|
||
|
"template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215",
|
||
|
"template_version": "7",
|
||
|
"timestamp": "1515766058",
|
||
|
"uuid": "4451bac1-bdc3-4bbd-a01d-ec5902aea71d",
|
||
|
"ObjectReference": [
|
||
|
{
|
||
|
"comment": "",
|
||
|
"object_uuid": "4451bac1-bdc3-4bbd-a01d-ec5902aea71d",
|
||
|
"referenced_uuid": "3efc2992-b363-4793-87b3-5ec2032cdd31",
|
||
|
"relationship_type": "analysed-with",
|
||
|
"timestamp": "1518771605",
|
||
|
"uuid": "5a58c12b-ab84-4ce6-b26a-462202de0b81"
|
||
|
}
|
||
|
],
|
||
|
"Attribute": [
|
||
|
{
|
||
|
"category": "Payload delivery",
|
||
|
"comment": "Launcher (or wrapper)",
|
||
|
"deleted": false,
|
||
|
"disable_correlation": false,
|
||
|
"object_relation": "sha1",
|
||
|
"timestamp": "1515766055",
|
||
|
"to_ids": true,
|
||
|
"type": "sha1",
|
||
|
"uuid": "5a58c127-d5e8-4fcf-9633-4a6802de0b81",
|
||
|
"value": "30d77908ac9d37c4c14d32ea3e0b8df4c7e75464"
|
||
|
},
|
||
|
{
|
||
|
"category": "Payload delivery",
|
||
|
"comment": "Launcher (or wrapper)",
|
||
|
"deleted": false,
|
||
|
"disable_correlation": false,
|
||
|
"object_relation": "md5",
|
||
|
"timestamp": "1515766055",
|
||
|
"to_ids": true,
|
||
|
"type": "md5",
|
||
|
"uuid": "5a58c127-c780-4611-a0fb-4d9002de0b81",
|
||
|
"value": "ff80d97674e148687affd6a4e3ccf00a"
|
||
|
},
|
||
|
{
|
||
|
"category": "Payload delivery",
|
||
|
"comment": "Launcher (or wrapper)",
|
||
|
"deleted": false,
|
||
|
"disable_correlation": false,
|
||
|
"object_relation": "sha256",
|
||
|
"timestamp": "1515766055",
|
||
|
"to_ids": true,
|
||
|
"type": "sha256",
|
||
|
"uuid": "5a58c127-1ddc-4e0a-9842-493502de0b81",
|
||
|
"value": "4d33f4a3c1cbf9cded6a3a096025d0b44905e0308bd3662a496a0701f2ec942d"
|
||
|
}
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"comment": "",
|
||
|
"deleted": false,
|
||
|
"description": "VirusTotal report",
|
||
|
"meta-category": "misc",
|
||
|
"name": "virustotal-report",
|
||
|
"template_uuid": "d7dd0154-e04f-4c34-a2fb-79f3a3a52aa4",
|
||
|
"template_version": "1",
|
||
|
"timestamp": "1515766055",
|
||
|
"uuid": "3efc2992-b363-4793-87b3-5ec2032cdd31",
|
||
|
"Attribute": [
|
||
|
{
|
||
|
"category": "External analysis",
|
||
|
"comment": "Launcher (or wrapper)",
|
||
|
"deleted": false,
|
||
|
"disable_correlation": false,
|
||
|
"object_relation": "permalink",
|
||
|
"timestamp": "1515766055",
|
||
|
"to_ids": false,
|
||
|
"type": "link",
|
||
|
"uuid": "5a58c127-e140-45dd-9460-462d02de0b81",
|
||
|
"value": "https://www.virustotal.com/file/4d33f4a3c1cbf9cded6a3a096025d0b44905e0308bd3662a496a0701f2ec942d/analysis/1511434515/"
|
||
|
},
|
||
|
{
|
||
|
"category": "Other",
|
||
|
"comment": "Launcher (or wrapper)",
|
||
|
"deleted": false,
|
||
|
"disable_correlation": true,
|
||
|
"object_relation": "detection-ratio",
|
||
|
"timestamp": "1515766055",
|
||
|
"to_ids": false,
|
||
|
"type": "text",
|
||
|
"uuid": "5a58c127-9e20-4ff5-860f-428b02de0b81",
|
||
|
"value": "30/56"
|
||
|
},
|
||
|
{
|
||
|
"category": "Other",
|
||
|
"comment": "Launcher (or wrapper)",
|
||
|
"deleted": false,
|
||
|
"disable_correlation": false,
|
||
|
"object_relation": "last-submission",
|
||
|
"timestamp": "1515766055",
|
||
|
"to_ids": false,
|
||
|
"type": "datetime",
|
||
|
"uuid": "5a58c127-f8f4-467f-9072-4c6602de0b81",
|
||
|
"value": "2017-11-23T10:55:15"
|
||
|
}
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"comment": "",
|
||
|
"deleted": false,
|
||
|
"description": "File object describing a file with meta-information",
|
||
|
"meta-category": "file",
|
||
|
"name": "file",
|
||
|
"template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215",
|
||
|
"template_version": "7",
|
||
|
"timestamp": "1515766058",
|
||
|
"uuid": "f9086285-81ea-4ede-b4d3-0c086cd67629",
|
||
|
"ObjectReference": [
|
||
|
{
|
||
|
"comment": "",
|
||
|
"object_uuid": "f9086285-81ea-4ede-b4d3-0c086cd67629",
|
||
|
"referenced_uuid": "bb34db62-0780-4909-ad47-8d825362d6cf",
|
||
|
"relationship_type": "analysed-with",
|
||
|
"timestamp": "1518771606",
|
||
|
"uuid": "5a58c12b-0284-4478-9bc3-449402de0b81"
|
||
|
}
|
||
|
],
|
||
|
"Attribute": [
|
||
|
{
|
||
|
"category": "Payload delivery",
|
||
|
"comment": "",
|
||
|
"deleted": false,
|
||
|
"disable_correlation": false,
|
||
|
"object_relation": "sha1",
|
||
|
"timestamp": "1515766055",
|
||
|
"to_ids": true,
|
||
|
"type": "sha1",
|
||
|
"uuid": "5a58c127-bdcc-49d3-afb1-468402de0b81",
|
||
|
"value": "e55fe159e6e3a8459e9363401fcc864335fee321"
|
||
|
},
|
||
|
{
|
||
|
"category": "Payload delivery",
|
||
|
"comment": "",
|
||
|
"deleted": false,
|
||
|
"disable_correlation": false,
|
||
|
"object_relation": "md5",
|
||
|
"timestamp": "1515766055",
|
||
|
"to_ids": true,
|
||
|
"type": "md5",
|
||
|
"uuid": "5a58c127-07f8-46a6-9df2-425202de0b81",
|
||
|
"value": "fc22fbe8dda4258a9f0ceb7e15a04fc2"
|
||
|
},
|
||
|
{
|
||
|
"category": "Payload delivery",
|
||
|
"comment": "",
|
||
|
"deleted": false,
|
||
|
"disable_correlation": false,
|
||
|
"object_relation": "sha256",
|
||
|
"timestamp": "1515766055",
|
||
|
"to_ids": true,
|
||
|
"type": "sha256",
|
||
|
"uuid": "5a58c127-5bb4-4de8-ba97-40b002de0b81",
|
||
|
"value": "91af9a4c0091f8e97641660c66d414fa13ee69473f5692d2aecb1d1101ed34b8"
|
||
|
}
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"comment": "",
|
||
|
"deleted": false,
|
||
|
"description": "VirusTotal report",
|
||
|
"meta-category": "misc",
|
||
|
"name": "virustotal-report",
|
||
|
"template_uuid": "d7dd0154-e04f-4c34-a2fb-79f3a3a52aa4",
|
||
|
"template_version": "1",
|
||
|
"timestamp": "1515766055",
|
||
|
"uuid": "bb34db62-0780-4909-ad47-8d825362d6cf",
|
||
|
"Attribute": [
|
||
|
{
|
||
|
"category": "External analysis",
|
||
|
"comment": "",
|
||
|
"deleted": false,
|
||
|
"disable_correlation": false,
|
||
|
"object_relation": "permalink",
|
||
|
"timestamp": "1515766055",
|
||
|
"to_ids": false,
|
||
|
"type": "link",
|
||
|
"uuid": "5a58c127-bffc-4d77-a7b4-4ac202de0b81",
|
||
|
"value": "https://www.virustotal.com/file/91af9a4c0091f8e97641660c66d414fa13ee69473f5692d2aecb1d1101ed34b8/analysis/1509667741/"
|
||
|
},
|
||
|
{
|
||
|
"category": "Other",
|
||
|
"comment": "",
|
||
|
"deleted": false,
|
||
|
"disable_correlation": true,
|
||
|
"object_relation": "detection-ratio",
|
||
|
"timestamp": "1515766055",
|
||
|
"to_ids": false,
|
||
|
"type": "text",
|
||
|
"uuid": "5a58c127-35d0-41dd-9c8a-406402de0b81",
|
||
|
"value": "33/60"
|
||
|
},
|
||
|
{
|
||
|
"category": "Other",
|
||
|
"comment": "",
|
||
|
"deleted": false,
|
||
|
"disable_correlation": false,
|
||
|
"object_relation": "last-submission",
|
||
|
"timestamp": "1515766055",
|
||
|
"to_ids": false,
|
||
|
"type": "datetime",
|
||
|
"uuid": "5a58c127-9b88-42e8-be0e-4a4602de0b81",
|
||
|
"value": "2017-11-03T00:09:01"
|
||
|
}
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"comment": "",
|
||
|
"deleted": false,
|
||
|
"description": "File object describing a file with meta-information",
|
||
|
"meta-category": "file",
|
||
|
"name": "file",
|
||
|
"template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215",
|
||
|
"template_version": "7",
|
||
|
"timestamp": "1515766058",
|
||
|
"uuid": "49b4e424-a863-47c4-907c-e282e6e65df3",
|
||
|
"ObjectReference": [
|
||
|
{
|
||
|
"comment": "",
|
||
|
"object_uuid": "49b4e424-a863-47c4-907c-e282e6e65df3",
|
||
|
"referenced_uuid": "b5786be9-5a78-4df3-b021-1dec3dec8d55",
|
||
|
"relationship_type": "analysed-with",
|
||
|
"timestamp": "1518771606",
|
||
|
"uuid": "5a58c12b-05e8-429c-9c26-468c02de0b81"
|
||
|
}
|
||
|
],
|
||
|
"Attribute": [
|
||
|
{
|
||
|
"category": "Payload delivery",
|
||
|
"comment": "",
|
||
|
"deleted": false,
|
||
|
"disable_correlation": false,
|
||
|
"object_relation": "sha1",
|
||
|
"timestamp": "1515766055",
|
||
|
"to_ids": true,
|
||
|
"type": "sha1",
|
||
|
"uuid": "5a58c127-a510-41d5-a905-4dd102de0b81",
|
||
|
"value": "0603353852e174fc0337642e3957c7423f182a8c"
|
||
|
},
|
||
|
{
|
||
|
"category": "Payload delivery",
|
||
|
"comment": "",
|
||
|
"deleted": false,
|
||
|
"disable_correlation": false,
|
||
|
"object_relation": "md5",
|
||
|
"timestamp": "1515766055",
|
||
|
"to_ids": true,
|
||
|
"type": "md5",
|
||
|
"uuid": "5a58c127-14bc-480c-97ca-492502de0b81",
|
||
|
"value": "c411c46b480e84aae81abbe47c628dae"
|
||
|
},
|
||
|
{
|
||
|
"category": "Payload delivery",
|
||
|
"comment": "",
|
||
|
"deleted": false,
|
||
|
"disable_correlation": false,
|
||
|
"object_relation": "sha256",
|
||
|
"timestamp": "1515766055",
|
||
|
"to_ids": true,
|
||
|
"type": "sha256",
|
||
|
"uuid": "5a58c127-5dbc-4421-abea-488602de0b81",
|
||
|
"value": "c30a11eda8745543b8513f62deee872869f5ab9ca20804052d5b64150219ec88"
|
||
|
}
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"comment": "",
|
||
|
"deleted": false,
|
||
|
"description": "VirusTotal report",
|
||
|
"meta-category": "misc",
|
||
|
"name": "virustotal-report",
|
||
|
"template_uuid": "d7dd0154-e04f-4c34-a2fb-79f3a3a52aa4",
|
||
|
"template_version": "1",
|
||
|
"timestamp": "1515766055",
|
||
|
"uuid": "b5786be9-5a78-4df3-b021-1dec3dec8d55",
|
||
|
"Attribute": [
|
||
|
{
|
||
|
"category": "External analysis",
|
||
|
"comment": "",
|
||
|
"deleted": false,
|
||
|
"disable_correlation": false,
|
||
|
"object_relation": "permalink",
|
||
|
"timestamp": "1515766055",
|
||
|
"to_ids": false,
|
||
|
"type": "link",
|
||
|
"uuid": "5a58c127-cf20-45a3-8d13-409f02de0b81",
|
||
|
"value": "https://www.virustotal.com/file/c30a11eda8745543b8513f62deee872869f5ab9ca20804052d5b64150219ec88/analysis/1515612033/"
|
||
|
},
|
||
|
{
|
||
|
"category": "Other",
|
||
|
"comment": "",
|
||
|
"deleted": false,
|
||
|
"disable_correlation": true,
|
||
|
"object_relation": "detection-ratio",
|
||
|
"timestamp": "1515766055",
|
||
|
"to_ids": false,
|
||
|
"type": "text",
|
||
|
"uuid": "5a58c127-e0e8-456a-814b-41b902de0b81",
|
||
|
"value": "4/59"
|
||
|
},
|
||
|
{
|
||
|
"category": "Other",
|
||
|
"comment": "",
|
||
|
"deleted": false,
|
||
|
"disable_correlation": false,
|
||
|
"object_relation": "last-submission",
|
||
|
"timestamp": "1515766055",
|
||
|
"to_ids": false,
|
||
|
"type": "datetime",
|
||
|
"uuid": "5a58c127-a940-41c2-9e04-4bde02de0b81",
|
||
|
"value": "2018-01-10T19:20:33"
|
||
|
}
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"comment": "",
|
||
|
"deleted": false,
|
||
|
"description": "File object describing a file with meta-information",
|
||
|
"meta-category": "file",
|
||
|
"name": "file",
|
||
|
"template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215",
|
||
|
"template_version": "7",
|
||
|
"timestamp": "1515766058",
|
||
|
"uuid": "5c4fe5fd-d899-4e20-b4b5-e39398733757",
|
||
|
"ObjectReference": [
|
||
|
{
|
||
|
"comment": "",
|
||
|
"object_uuid": "5c4fe5fd-d899-4e20-b4b5-e39398733757",
|
||
|
"referenced_uuid": "4f4b9b57-b256-4d40-ae26-c8602137bfb6",
|
||
|
"relationship_type": "analysed-with",
|
||
|
"timestamp": "1518771606",
|
||
|
"uuid": "5a58c12b-1b3c-406d-9503-4e5302de0b81"
|
||
|
}
|
||
|
],
|
||
|
"Attribute": [
|
||
|
{
|
||
|
"category": "Payload delivery",
|
||
|
"comment": "Dok",
|
||
|
"deleted": false,
|
||
|
"disable_correlation": false,
|
||
|
"object_relation": "sha1",
|
||
|
"timestamp": "1515766055",
|
||
|
"to_ids": true,
|
||
|
"type": "sha1",
|
||
|
"uuid": "5a58c127-1200-4186-b78d-4e9302de0b81",
|
||
|
"value": "db3f0426f6e434555e6b6bb4053e508f74580387"
|
||
|
},
|
||
|
{
|
||
|
"category": "Payload delivery",
|
||
|
"comment": "Dok",
|
||
|
"deleted": false,
|
||
|
"disable_correlation": false,
|
||
|
"object_relation": "md5",
|
||
|
"timestamp": "1515766055",
|
||
|
"to_ids": true,
|
||
|
"type": "md5",
|
||
|
"uuid": "5a58c127-1bd4-496f-8fd5-413502de0b81",
|
||
|
"value": "2ee232b1a56f21bdd0b46ba0acd12a22"
|
||
|
},
|
||
|
{
|
||
|
"category": "Payload delivery",
|
||
|
"comment": "Dok",
|
||
|
"deleted": false,
|
||
|
"disable_correlation": false,
|
||
|
"object_relation": "sha256",
|
||
|
"timestamp": "1515766055",
|
||
|
"to_ids": true,
|
||
|
"type": "sha256",
|
||
|
"uuid": "5a58c127-dfe0-4390-9700-4a9002de0b81",
|
||
|
"value": "cd93142f1e0bac1d73235515bc127f5f9634eafde0bea2d6c294bf3549d612b7"
|
||
|
}
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"comment": "",
|
||
|
"deleted": false,
|
||
|
"description": "VirusTotal report",
|
||
|
"meta-category": "misc",
|
||
|
"name": "virustotal-report",
|
||
|
"template_uuid": "d7dd0154-e04f-4c34-a2fb-79f3a3a52aa4",
|
||
|
"template_version": "1",
|
||
|
"timestamp": "1515766055",
|
||
|
"uuid": "4f4b9b57-b256-4d40-ae26-c8602137bfb6",
|
||
|
"Attribute": [
|
||
|
{
|
||
|
"category": "External analysis",
|
||
|
"comment": "Dok",
|
||
|
"deleted": false,
|
||
|
"disable_correlation": false,
|
||
|
"object_relation": "permalink",
|
||
|
"timestamp": "1515766055",
|
||
|
"to_ids": false,
|
||
|
"type": "link",
|
||
|
"uuid": "5a58c127-a370-4e4c-ae0b-466b02de0b81",
|
||
|
"value": "https://www.virustotal.com/file/cd93142f1e0bac1d73235515bc127f5f9634eafde0bea2d6c294bf3549d612b7/analysis/1495101805/"
|
||
|
},
|
||
|
{
|
||
|
"category": "Other",
|
||
|
"comment": "Dok",
|
||
|
"deleted": false,
|
||
|
"disable_correlation": true,
|
||
|
"object_relation": "detection-ratio",
|
||
|
"timestamp": "1515766055",
|
||
|
"to_ids": false,
|
||
|
"type": "text",
|
||
|
"uuid": "5a58c127-2fe0-4b75-9436-471902de0b81",
|
||
|
"value": "19/57"
|
||
|
},
|
||
|
{
|
||
|
"category": "Other",
|
||
|
"comment": "Dok",
|
||
|
"deleted": false,
|
||
|
"disable_correlation": false,
|
||
|
"object_relation": "last-submission",
|
||
|
"timestamp": "1515766055",
|
||
|
"to_ids": false,
|
||
|
"type": "datetime",
|
||
|
"uuid": "5a58c127-6b98-4802-9762-400802de0b81",
|
||
|
"value": "2017-05-18T10:03:25"
|
||
|
}
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"comment": "",
|
||
|
"deleted": false,
|
||
|
"description": "File object describing a file with meta-information",
|
||
|
"meta-category": "file",
|
||
|
"name": "file",
|
||
|
"template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215",
|
||
|
"template_version": "7",
|
||
|
"timestamp": "1515766058",
|
||
|
"uuid": "a49ac8ee-df74-445f-9d00-eff900554eb8",
|
||
|
"ObjectReference": [
|
||
|
{
|
||
|
"comment": "",
|
||
|
"object_uuid": "a49ac8ee-df74-445f-9d00-eff900554eb8",
|
||
|
"referenced_uuid": "d0d53aff-2f5b-4e9e-aca7-1fc077a1edfd",
|
||
|
"relationship_type": "analysed-with",
|
||
|
"timestamp": "1518771606",
|
||
|
"uuid": "5a58c12b-0300-490f-8f26-4f0402de0b81"
|
||
|
}
|
||
|
],
|
||
|
"Attribute": [
|
||
|
{
|
||
|
"category": "Payload delivery",
|
||
|
"comment": "",
|
||
|
"deleted": false,
|
||
|
"disable_correlation": false,
|
||
|
"object_relation": "sha1",
|
||
|
"timestamp": "1515766055",
|
||
|
"to_ids": true,
|
||
|
"type": "sha1",
|
||
|
"uuid": "5a58c127-1bfc-45c1-9385-433802de0b81",
|
||
|
"value": "f5d3425482dc4f4f738277ff3ba315b496894899"
|
||
|
},
|
||
|
{
|
||
|
"category": "Payload delivery",
|
||
|
"comment": "",
|
||
|
"deleted": false,
|
||
|
"disable_correlation": false,
|
||
|
"object_relation": "md5",
|
||
|
"timestamp": "1515766055",
|
||
|
"to_ids": true,
|
||
|
"type": "md5",
|
||
|
"uuid": "5a58c127-2378-4d9a-a5d9-4a7702de0b81",
|
||
|
"value": "e8bdde90574d5bf285d9abb0c8a113a8"
|
||
|
},
|
||
|
{
|
||
|
"category": "Payload delivery",
|
||
|
"comment": "",
|
||
|
"deleted": false,
|
||
|
"disable_correlation": false,
|
||
|
"object_relation": "sha256",
|
||
|
"timestamp": "1515766055",
|
||
|
"to_ids": true,
|
||
|
"type": "sha256",
|
||
|
"uuid": "5a58c127-a218-4a36-9580-4f2b02de0b81",
|
||
|
"value": "7819ae7d72fa045baa77e9c8e063a69df439146b27f9c3bb10aef52dcc77c145"
|
||
|
}
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"comment": "",
|
||
|
"deleted": false,
|
||
|
"description": "VirusTotal report",
|
||
|
"meta-category": "misc",
|
||
|
"name": "virustotal-report",
|
||
|
"template_uuid": "d7dd0154-e04f-4c34-a2fb-79f3a3a52aa4",
|
||
|
"template_version": "1",
|
||
|
"timestamp": "1515766055",
|
||
|
"uuid": "d0d53aff-2f5b-4e9e-aca7-1fc077a1edfd",
|
||
|
"Attribute": [
|
||
|
{
|
||
|
"category": "External analysis",
|
||
|
"comment": "",
|
||
|
"deleted": false,
|
||
|
"disable_correlation": false,
|
||
|
"object_relation": "permalink",
|
||
|
"timestamp": "1515766056",
|
||
|
"to_ids": false,
|
||
|
"type": "link",
|
||
|
"uuid": "5a58c128-10a0-4988-b743-418602de0b81",
|
||
|
"value": "https://www.virustotal.com/file/7819ae7d72fa045baa77e9c8e063a69df439146b27f9c3bb10aef52dcc77c145/analysis/1494408249/"
|
||
|
},
|
||
|
{
|
||
|
"category": "Other",
|
||
|
"comment": "",
|
||
|
"deleted": false,
|
||
|
"disable_correlation": true,
|
||
|
"object_relation": "detection-ratio",
|
||
|
"timestamp": "1515766056",
|
||
|
"to_ids": false,
|
||
|
"type": "text",
|
||
|
"uuid": "5a58c128-c720-4ebb-8203-472b02de0b81",
|
||
|
"value": "28/57"
|
||
|
},
|
||
|
{
|
||
|
"category": "Other",
|
||
|
"comment": "",
|
||
|
"deleted": false,
|
||
|
"disable_correlation": false,
|
||
|
"object_relation": "last-submission",
|
||
|
"timestamp": "1515766056",
|
||
|
"to_ids": false,
|
||
|
"type": "datetime",
|
||
|
"uuid": "5a58c128-a12c-4f6c-b6dc-469202de0b81",
|
||
|
"value": "2017-05-10T09:24:09"
|
||
|
}
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"comment": "",
|
||
|
"deleted": false,
|
||
|
"description": "File object describing a file with meta-information",
|
||
|
"meta-category": "file",
|
||
|
"name": "file",
|
||
|
"template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215",
|
||
|
"template_version": "7",
|
||
|
"timestamp": "1515766059",
|
||
|
"uuid": "96fcaf45-1bba-4a72-be42-a90d1c2052e2",
|
||
|
"ObjectReference": [
|
||
|
{
|
||
|
"comment": "",
|
||
|
"object_uuid": "96fcaf45-1bba-4a72-be42-a90d1c2052e2",
|
||
|
"referenced_uuid": "84bccfef-2072-49f1-b605-8bca7e67be2f",
|
||
|
"relationship_type": "analysed-with",
|
||
|
"timestamp": "1518771606",
|
||
|
"uuid": "5a58c12b-61e8-40d1-992b-4f5a02de0b81"
|
||
|
},
|
||
|
{
|
||
|
"comment": "",
|
||
|
"object_uuid": "96fcaf45-1bba-4a72-be42-a90d1c2052e2",
|
||
|
"referenced_uuid": "85b2b880-d3e8-4dea-bea6-10c2a491856b",
|
||
|
"relationship_type": "analysed-with",
|
||
|
"timestamp": "1518771606",
|
||
|
"uuid": "5a7dacb8-e5f8-4f8d-b3e9-7f0002de0b81"
|
||
|
}
|
||
|
],
|
||
|
"Attribute": [
|
||
|
{
|
||
|
"category": "Payload delivery",
|
||
|
"comment": "",
|
||
|
"deleted": false,
|
||
|
"disable_correlation": false,
|
||
|
"object_relation": "sha1",
|
||
|
"timestamp": "1515766056",
|
||
|
"to_ids": true,
|
||
|
"type": "sha1",
|
||
|
"uuid": "5a58c128-0054-4432-b47f-429702de0b81",
|
||
|
"value": "66e520e18accd92abb4722a6cd6a285981ac5bd1"
|
||
|
},
|
||
|
{
|
||
|
"category": "Payload delivery",
|
||
|
"comment": "",
|
||
|
"deleted": false,
|
||
|
"disable_correlation": false,
|
||
|
"object_relation": "md5",
|
||
|
"timestamp": "1515766056",
|
||
|
"to_ids": true,
|
||
|
"type": "md5",
|
||
|
"uuid": "5a58c128-9808-4261-afe6-48ab02de0b81",
|
||
|
"value": "7bb4f5d962a5b3bb18db9ce08c0b6cbf"
|
||
|
},
|
||
|
{
|
||
|
"category": "Payload delivery",
|
||
|
"comment": "",
|
||
|
"deleted": false,
|
||
|
"disable_correlation": false,
|
||
|
"object_relation": "sha256",
|
||
|
"timestamp": "1515766056",
|
||
|
"to_ids": true,
|
||
|
"type": "sha256",
|
||
|
"uuid": "5a58c128-34d8-44a4-aeb1-45b502de0b81",
|
||
|
"value": "bbbf73741078d1e74ab7281189b13f13b50308cf03d3df34bc9f6a90065a4a55"
|
||
|
}
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"comment": "",
|
||
|
"deleted": false,
|
||
|
"description": "VirusTotal report",
|
||
|
"meta-category": "misc",
|
||
|
"name": "virustotal-report",
|
||
|
"template_uuid": "d7dd0154-e04f-4c34-a2fb-79f3a3a52aa4",
|
||
|
"template_version": "1",
|
||
|
"timestamp": "1515766056",
|
||
|
"uuid": "84bccfef-2072-49f1-b605-8bca7e67be2f",
|
||
|
"Attribute": [
|
||
|
{
|
||
|
"category": "External analysis",
|
||
|
"comment": "",
|
||
|
"deleted": false,
|
||
|
"disable_correlation": false,
|
||
|
"object_relation": "permalink",
|
||
|
"timestamp": "1515766056",
|
||
|
"to_ids": false,
|
||
|
"type": "link",
|
||
|
"uuid": "5a58c128-1c0c-453e-afe1-432602de0b81",
|
||
|
"value": "https://www.virustotal.com/file/bbbf73741078d1e74ab7281189b13f13b50308cf03d3df34bc9f6a90065a4a55/analysis/1514646319/"
|
||
|
},
|
||
|
{
|
||
|
"category": "Other",
|
||
|
"comment": "",
|
||
|
"deleted": false,
|
||
|
"disable_correlation": true,
|
||
|
"object_relation": "detection-ratio",
|
||
|
"timestamp": "1515766056",
|
||
|
"to_ids": false,
|
||
|
"type": "text",
|
||
|
"uuid": "5a58c128-2de0-4e78-9e87-4fb602de0b81",
|
||
|
"value": "30/59"
|
||
|
},
|
||
|
{
|
||
|
"category": "Other",
|
||
|
"comment": "",
|
||
|
"deleted": false,
|
||
|
"disable_correlation": false,
|
||
|
"object_relation": "last-submission",
|
||
|
"timestamp": "1515766056",
|
||
|
"to_ids": false,
|
||
|
"type": "datetime",
|
||
|
"uuid": "5a58c128-f8f4-45ca-b414-404c02de0b81",
|
||
|
"value": "2017-12-30T15:05:19"
|
||
|
}
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"comment": "",
|
||
|
"deleted": false,
|
||
|
"description": "File object describing a file with meta-information",
|
||
|
"meta-category": "file",
|
||
|
"name": "file",
|
||
|
"template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215",
|
||
|
"template_version": "7",
|
||
|
"timestamp": "1515766059",
|
||
|
"uuid": "25d83980-fd95-481d-a330-6e969b0253eb",
|
||
|
"ObjectReference": [
|
||
|
{
|
||
|
"comment": "",
|
||
|
"object_uuid": "25d83980-fd95-481d-a330-6e969b0253eb",
|
||
|
"referenced_uuid": "0f57df59-7f2e-4538-ad44-9198ae1eb7e7",
|
||
|
"relationship_type": "analysed-with",
|
||
|
"timestamp": "1518771606",
|
||
|
"uuid": "5a58c12b-c118-4186-a609-428002de0b81"
|
||
|
}
|
||
|
],
|
||
|
"Attribute": [
|
||
|
{
|
||
|
"category": "Payload delivery",
|
||
|
"comment": "Dok",
|
||
|
"deleted": false,
|
||
|
"disable_correlation": false,
|
||
|
"object_relation": "sha1",
|
||
|
"timestamp": "1515766056",
|
||
|
"to_ids": true,
|
||
|
"type": "sha1",
|
||
|
"uuid": "5a58c128-a514-4791-bc01-49b602de0b81",
|
||
|
"value": "fb4a50ae8a4a5e76a3f88935e4374d4287a53b7d"
|
||
|
},
|
||
|
{
|
||
|
"category": "Payload delivery",
|
||
|
"comment": "Dok",
|
||
|
"deleted": false,
|
||
|
"disable_correlation": false,
|
||
|
"object_relation": "md5",
|
||
|
"timestamp": "1515766056",
|
||
|
"to_ids": true,
|
||
|
"type": "md5",
|
||
|
"uuid": "5a58c128-5214-41bd-bf2e-4b6002de0b81",
|
||
|
"value": "473c6a0b2af67c241a29d87e7fd33634"
|
||
|
},
|
||
|
{
|
||
|
"category": "Payload delivery",
|
||
|
"comment": "Dok",
|
||
|
"deleted": false,
|
||
|
"disable_correlation": false,
|
||
|
"object_relation": "sha256",
|
||
|
"timestamp": "1515766056",
|
||
|
"to_ids": true,
|
||
|
"type": "sha256",
|
||
|
"uuid": "5a58c128-e8ac-4bb3-b040-431902de0b81",
|
||
|
"value": "4252e482c9801463e6f684c71f70cb64a17ae74957ed8986f2401c653acae1d7"
|
||
|
}
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"comment": "",
|
||
|
"deleted": false,
|
||
|
"description": "VirusTotal report",
|
||
|
"meta-category": "misc",
|
||
|
"name": "virustotal-report",
|
||
|
"template_uuid": "d7dd0154-e04f-4c34-a2fb-79f3a3a52aa4",
|
||
|
"template_version": "1",
|
||
|
"timestamp": "1515766056",
|
||
|
"uuid": "0f57df59-7f2e-4538-ad44-9198ae1eb7e7",
|
||
|
"Attribute": [
|
||
|
{
|
||
|
"category": "External analysis",
|
||
|
"comment": "Dok",
|
||
|
"deleted": false,
|
||
|
"disable_correlation": false,
|
||
|
"object_relation": "permalink",
|
||
|
"timestamp": "1515766056",
|
||
|
"to_ids": false,
|
||
|
"type": "link",
|
||
|
"uuid": "5a58c128-5100-44bd-81b1-420602de0b81",
|
||
|
"value": "https://www.virustotal.com/file/4252e482c9801463e6f684c71f70cb64a17ae74957ed8986f2401c653acae1d7/analysis/1506371408/"
|
||
|
},
|
||
|
{
|
||
|
"category": "Other",
|
||
|
"comment": "Dok",
|
||
|
"deleted": false,
|
||
|
"disable_correlation": true,
|
||
|
"object_relation": "detection-ratio",
|
||
|
"timestamp": "1515766056",
|
||
|
"to_ids": false,
|
||
|
"type": "text",
|
||
|
"uuid": "5a58c128-ad88-447c-b50d-441802de0b81",
|
||
|
"value": "26/59"
|
||
|
},
|
||
|
{
|
||
|
"category": "Other",
|
||
|
"comment": "Dok",
|
||
|
"deleted": false,
|
||
|
"disable_correlation": false,
|
||
|
"object_relation": "last-submission",
|
||
|
"timestamp": "1515766056",
|
||
|
"to_ids": false,
|
||
|
"type": "datetime",
|
||
|
"uuid": "5a58c128-3fb8-4d31-a6d9-432302de0b81",
|
||
|
"value": "2017-09-25T20:30:08"
|
||
|
}
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"comment": "",
|
||
|
"deleted": false,
|
||
|
"description": "File object describing a file with meta-information",
|
||
|
"meta-category": "file",
|
||
|
"name": "file",
|
||
|
"template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215",
|
||
|
"template_version": "7",
|
||
|
"timestamp": "1515766059",
|
||
|
"uuid": "9f4c7ec0-65cf-4610-a8ea-c5ee4df70fbf",
|
||
|
"ObjectReference": [
|
||
|
{
|
||
|
"comment": "",
|
||
|
"object_uuid": "9f4c7ec0-65cf-4610-a8ea-c5ee4df70fbf",
|
||
|
"referenced_uuid": "5d8a7de0-a5d1-4ecb-ac93-60a186a8f4e2",
|
||
|
"relationship_type": "analysed-with",
|
||
|
"timestamp": "1518771606",
|
||
|
"uuid": "5a58c12c-94f8-4909-9a60-459902de0b81"
|
||
|
},
|
||
|
{
|
||
|
"comment": "",
|
||
|
"object_uuid": "9f4c7ec0-65cf-4610-a8ea-c5ee4df70fbf",
|
||
|
"referenced_uuid": "0840973f-94a7-411c-9c35-bebd86da7b47",
|
||
|
"relationship_type": "analysed-with",
|
||
|
"timestamp": "1518771606",
|
||
|
"uuid": "5a7dacb8-28c4-4bc3-9b1f-7f0002de0b81"
|
||
|
}
|
||
|
],
|
||
|
"Attribute": [
|
||
|
{
|
||
|
"category": "Payload delivery",
|
||
|
"comment": "",
|
||
|
"deleted": false,
|
||
|
"disable_correlation": false,
|
||
|
"object_relation": "sha1",
|
||
|
"timestamp": "1515766056",
|
||
|
"to_ids": true,
|
||
|
"type": "sha1",
|
||
|
"uuid": "5a58c128-dc2c-456c-875d-417d02de0b81",
|
||
|
"value": "598ebb19bf9fbc17c0bf85ce4ece91fa061f74a6"
|
||
|
},
|
||
|
{
|
||
|
"category": "Payload delivery",
|
||
|
"comment": "",
|
||
|
"deleted": false,
|
||
|
"disable_correlation": false,
|
||
|
"object_relation": "md5",
|
||
|
"timestamp": "1515766056",
|
||
|
"to_ids": true,
|
||
|
"type": "md5",
|
||
|
"uuid": "5a58c128-f200-40d1-bdae-4d5002de0b81",
|
||
|
"value": "1de4838f13c49d9f959d04b363326ac1"
|
||
|
},
|
||
|
{
|
||
|
"category": "Payload delivery",
|
||
|
"comment": "",
|
||
|
"deleted": false,
|
||
|
"disable_correlation": false,
|
||
|
"object_relation": "sha256",
|
||
|
"timestamp": "1515766056",
|
||
|
"to_ids": true,
|
||
|
"type": "sha256",
|
||
|
"uuid": "5a58c128-6e50-4986-9da0-4fa502de0b81",
|
||
|
"value": "07adb8253ccc6fee20940de04c1bf4a54a4455525b2ac33f9c95713a8a102f3d"
|
||
|
}
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"comment": "",
|
||
|
"deleted": false,
|
||
|
"description": "VirusTotal report",
|
||
|
"meta-category": "misc",
|
||
|
"name": "virustotal-report",
|
||
|
"template_uuid": "d7dd0154-e04f-4c34-a2fb-79f3a3a52aa4",
|
||
|
"template_version": "1",
|
||
|
"timestamp": "1515766056",
|
||
|
"uuid": "5d8a7de0-a5d1-4ecb-ac93-60a186a8f4e2",
|
||
|
"Attribute": [
|
||
|
{
|
||
|
"category": "External analysis",
|
||
|
"comment": "",
|
||
|
"deleted": false,
|
||
|
"disable_correlation": false,
|
||
|
"object_relation": "permalink",
|
||
|
"timestamp": "1515766056",
|
||
|
"to_ids": false,
|
||
|
"type": "link",
|
||
|
"uuid": "5a58c128-94c8-4d37-8f35-48d702de0b81",
|
||
|
"value": "https://www.virustotal.com/file/07adb8253ccc6fee20940de04c1bf4a54a4455525b2ac33f9c95713a8a102f3d/analysis/1510646898/"
|
||
|
},
|
||
|
{
|
||
|
"category": "Other",
|
||
|
"comment": "",
|
||
|
"deleted": false,
|
||
|
"disable_correlation": true,
|
||
|
"object_relation": "detection-ratio",
|
||
|
"timestamp": "1515766056",
|
||
|
"to_ids": false,
|
||
|
"type": "text",
|
||
|
"uuid": "5a58c128-8470-4abc-9828-48aa02de0b81",
|
||
|
"value": "36/61"
|
||
|
},
|
||
|
{
|
||
|
"category": "Other",
|
||
|
"comment": "",
|
||
|
"deleted": false,
|
||
|
"disable_correlation": false,
|
||
|
"object_relation": "last-submission",
|
||
|
"timestamp": "1515766056",
|
||
|
"to_ids": false,
|
||
|
"type": "datetime",
|
||
|
"uuid": "5a58c128-6f04-4358-81ca-4fe902de0b81",
|
||
|
"value": "2017-11-14T08:08:18"
|
||
|
}
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"comment": "",
|
||
|
"deleted": false,
|
||
|
"description": "File object describing a file with meta-information",
|
||
|
"meta-category": "file",
|
||
|
"name": "file",
|
||
|
"template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215",
|
||
|
"template_version": "7",
|
||
|
"timestamp": "1515766059",
|
||
|
"uuid": "2c61724f-2d3f-4083-854a-6c9cb42784f3",
|
||
|
"ObjectReference": [
|
||
|
{
|
||
|
"comment": "",
|
||
|
"object_uuid": "2c61724f-2d3f-4083-854a-6c9cb42784f3",
|
||
|
"referenced_uuid": "1de4ff44-ee71-4017-a208-7510bc2224ab",
|
||
|
"relationship_type": "analysed-with",
|
||
|
"timestamp": "1518771607",
|
||
|
"uuid": "5a58c12c-b520-4b84-8136-495d02de0b81"
|
||
|
},
|
||
|
{
|
||
|
"comment": "",
|
||
|
"object_uuid": "2c61724f-2d3f-4083-854a-6c9cb42784f3",
|
||
|
"referenced_uuid": "01b8d2c8-326f-4555-a514-65bbf934d953",
|
||
|
"relationship_type": "analysed-with",
|
||
|
"timestamp": "1518771607",
|
||
|
"uuid": "5a7dacb8-b2bc-4b38-8c98-7f0002de0b81"
|
||
|
}
|
||
|
],
|
||
|
"Attribute": [
|
||
|
{
|
||
|
"category": "Payload delivery",
|
||
|
"comment": "",
|
||
|
"deleted": false,
|
||
|
"disable_correlation": false,
|
||
|
"object_relation": "sha1",
|
||
|
"timestamp": "1515766056",
|
||
|
"to_ids": true,
|
||
|
"type": "sha1",
|
||
|
"uuid": "5a58c128-6cc4-48ad-b6fd-495502de0b81",
|
||
|
"value": "a323168f95d1a1c65186888c6dd16cd2f9f8539a"
|
||
|
},
|
||
|
{
|
||
|
"category": "Payload delivery",
|
||
|
"comment": "",
|
||
|
"deleted": false,
|
||
|
"disable_correlation": false,
|
||
|
"object_relation": "md5",
|
||
|
"timestamp": "1515766056",
|
||
|
"to_ids": true,
|
||
|
"type": "md5",
|
||
|
"uuid": "5a58c128-a15c-4a01-b0eb-4a2702de0b81",
|
||
|
"value": "787d664e842961f2a335139407f91a70"
|
||
|
},
|
||
|
{
|
||
|
"category": "Payload delivery",
|
||
|
"comment": "",
|
||
|
"deleted": false,
|
||
|
"disable_correlation": false,
|
||
|
"object_relation": "sha256",
|
||
|
"timestamp": "1515766056",
|
||
|
"to_ids": true,
|
||
|
"type": "sha256",
|
||
|
"uuid": "5a58c128-1218-48ff-b21c-497902de0b81",
|
||
|
"value": "52efcfe30f96a85c9c068880c20663db64f0e08346e0f3b59c2e5bbcb41ba73c"
|
||
|
}
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"comment": "",
|
||
|
"deleted": false,
|
||
|
"description": "VirusTotal report",
|
||
|
"meta-category": "misc",
|
||
|
"name": "virustotal-report",
|
||
|
"template_uuid": "d7dd0154-e04f-4c34-a2fb-79f3a3a52aa4",
|
||
|
"template_version": "1",
|
||
|
"timestamp": "1515766056",
|
||
|
"uuid": "1de4ff44-ee71-4017-a208-7510bc2224ab",
|
||
|
"Attribute": [
|
||
|
{
|
||
|
"category": "External analysis",
|
||
|
"comment": "",
|
||
|
"deleted": false,
|
||
|
"disable_correlation": false,
|
||
|
"object_relation": "permalink",
|
||
|
"timestamp": "1515766056",
|
||
|
"to_ids": false,
|
||
|
"type": "link",
|
||
|
"uuid": "5a58c128-1f14-43ba-9f74-48d802de0b81",
|
||
|
"value": "https://www.virustotal.com/file/52efcfe30f96a85c9c068880c20663db64f0e08346e0f3b59c2e5bbcb41ba73c/analysis/1512899518/"
|
||
|
},
|
||
|
{
|
||
|
"category": "Other",
|
||
|
"comment": "",
|
||
|
"deleted": false,
|
||
|
"disable_correlation": true,
|
||
|
"object_relation": "detection-ratio",
|
||
|
"timestamp": "1515766056",
|
||
|
"to_ids": false,
|
||
|
"type": "text",
|
||
|
"uuid": "5a58c128-ded4-439e-a6d2-48f302de0b81",
|
||
|
"value": "30/59"
|
||
|
},
|
||
|
{
|
||
|
"category": "Other",
|
||
|
"comment": "",
|
||
|
"deleted": false,
|
||
|
"disable_correlation": false,
|
||
|
"object_relation": "last-submission",
|
||
|
"timestamp": "1515766056",
|
||
|
"to_ids": false,
|
||
|
"type": "datetime",
|
||
|
"uuid": "5a58c128-e378-46d6-915f-417602de0b81",
|
||
|
"value": "2017-12-10T09:51:58"
|
||
|
}
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"comment": "",
|
||
|
"deleted": false,
|
||
|
"description": "File object describing a file with meta-information",
|
||
|
"meta-category": "file",
|
||
|
"name": "file",
|
||
|
"template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215",
|
||
|
"template_version": "7",
|
||
|
"timestamp": "1515766059",
|
||
|
"uuid": "7bcab0bd-20d4-4b42-b5f1-268637d54d58",
|
||
|
"ObjectReference": [
|
||
|
{
|
||
|
"comment": "",
|
||
|
"object_uuid": "7bcab0bd-20d4-4b42-b5f1-268637d54d58",
|
||
|
"referenced_uuid": "76a37ccf-a61f-4466-b91b-dfb81cd4087d",
|
||
|
"relationship_type": "analysed-with",
|
||
|
"timestamp": "1518771607",
|
||
|
"uuid": "5a58c12c-c070-4222-90c5-463102de0b81"
|
||
|
},
|
||
|
{
|
||
|
"comment": "",
|
||
|
"object_uuid": "7bcab0bd-20d4-4b42-b5f1-268637d54d58",
|
||
|
"referenced_uuid": "5c2bd08b-1259-4095-9c9e-3b74506b1585",
|
||
|
"relationship_type": "analysed-with",
|
||
|
"timestamp": "1518771607",
|
||
|
"uuid": "5a7dacb8-39bc-4126-aefa-7f0002de0b81"
|
||
|
}
|
||
|
],
|
||
|
"Attribute": [
|
||
|
{
|
||
|
"category": "Payload delivery",
|
||
|
"comment": "",
|
||
|
"deleted": false,
|
||
|
"disable_correlation": false,
|
||
|
"object_relation": "sha1",
|
||
|
"timestamp": "1515766056",
|
||
|
"to_ids": true,
|
||
|
"type": "sha1",
|
||
|
"uuid": "5a58c128-fd80-4fa4-bec8-43a602de0b81",
|
||
|
"value": "cd42b88569faa946a4b9d6f7408b958dcbcf7554"
|
||
|
},
|
||
|
{
|
||
|
"category": "Payload delivery",
|
||
|
"comment": "",
|
||
|
"deleted": false,
|
||
|
"disable_correlation": false,
|
||
|
"object_relation": "md5",
|
||
|
"timestamp": "1515766056",
|
||
|
"to_ids": true,
|
||
|
"type": "md5",
|
||
|
"uuid": "5a58c128-3f78-427a-8cab-472302de0b81",
|
||
|
"value": "9d9cca200dd0e5f9d59225131d5269b0"
|
||
|
},
|
||
|
{
|
||
|
"category": "Payload delivery",
|
||
|
"comment": "",
|
||
|
"deleted": false,
|
||
|
"disable_correlation": false,
|
||
|
"object_relation": "sha256",
|
||
|
"timestamp": "1515766056",
|
||
|
"to_ids": true,
|
||
|
"type": "sha256",
|
||
|
"uuid": "5a58c128-c358-4a3e-b3ec-4b8d02de0b81",
|
||
|
"value": "83b712ec6b0b2d093d75c4553c66b95a3d1a1ca43e01c5e47aae49effce31ee3"
|
||
|
}
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"comment": "",
|
||
|
"deleted": false,
|
||
|
"description": "VirusTotal report",
|
||
|
"meta-category": "misc",
|
||
|
"name": "virustotal-report",
|
||
|
"template_uuid": "d7dd0154-e04f-4c34-a2fb-79f3a3a52aa4",
|
||
|
"template_version": "1",
|
||
|
"timestamp": "1515766056",
|
||
|
"uuid": "76a37ccf-a61f-4466-b91b-dfb81cd4087d",
|
||
|
"Attribute": [
|
||
|
{
|
||
|
"category": "External analysis",
|
||
|
"comment": "",
|
||
|
"deleted": false,
|
||
|
"disable_correlation": false,
|
||
|
"object_relation": "permalink",
|
||
|
"timestamp": "1515766057",
|
||
|
"to_ids": false,
|
||
|
"type": "link",
|
||
|
"uuid": "5a58c129-dd54-4313-8925-4f4f02de0b81",
|
||
|
"value": "https://www.virustotal.com/file/83b712ec6b0b2d093d75c4553c66b95a3d1a1ca43e01c5e47aae49effce31ee3/analysis/1514646249/"
|
||
|
},
|
||
|
{
|
||
|
"category": "Other",
|
||
|
"comment": "",
|
||
|
"deleted": false,
|
||
|
"disable_correlation": true,
|
||
|
"object_relation": "detection-ratio",
|
||
|
"timestamp": "1515766057",
|
||
|
"to_ids": false,
|
||
|
"type": "text",
|
||
|
"uuid": "5a58c129-b444-48e8-a098-4cba02de0b81",
|
||
|
"value": "26/59"
|
||
|
},
|
||
|
{
|
||
|
"category": "Other",
|
||
|
"comment": "",
|
||
|
"deleted": false,
|
||
|
"disable_correlation": false,
|
||
|
"object_relation": "last-submission",
|
||
|
"timestamp": "1515766057",
|
||
|
"to_ids": false,
|
||
|
"type": "datetime",
|
||
|
"uuid": "5a58c129-b744-45c2-a5c1-47b202de0b81",
|
||
|
"value": "2017-12-30T15:04:09"
|
||
|
}
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"comment": "",
|
||
|
"deleted": false,
|
||
|
"description": "File object describing a file with meta-information",
|
||
|
"meta-category": "file",
|
||
|
"name": "file",
|
||
|
"template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215",
|
||
|
"template_version": "7",
|
||
|
"timestamp": "1515766060",
|
||
|
"uuid": "edd54722-ac7d-4351-ad66-d4961e9e23ed",
|
||
|
"ObjectReference": [
|
||
|
{
|
||
|
"comment": "",
|
||
|
"object_uuid": "edd54722-ac7d-4351-ad66-d4961e9e23ed",
|
||
|
"referenced_uuid": "98ea29fa-c6f3-4bb1-89c7-551a3f1ec0fb",
|
||
|
"relationship_type": "analysed-with",
|
||
|
"timestamp": "1518771607",
|
||
|
"uuid": "5a58c12c-2558-40f5-8ea8-425302de0b81"
|
||
|
},
|
||
|
{
|
||
|
"comment": "",
|
||
|
"object_uuid": "edd54722-ac7d-4351-ad66-d4961e9e23ed",
|
||
|
"referenced_uuid": "e5e57871-79b1-4440-95b3-49bc62c724e5",
|
||
|
"relationship_type": "analysed-with",
|
||
|
"timestamp": "1518771607",
|
||
|
"uuid": "5a7dacb8-94ac-4175-abcc-7f0002de0b81"
|
||
|
}
|
||
|
],
|
||
|
"Attribute": [
|
||
|
{
|
||
|
"category": "Payload delivery",
|
||
|
"comment": "",
|
||
|
"deleted": false,
|
||
|
"disable_correlation": false,
|
||
|
"object_relation": "sha1",
|
||
|
"timestamp": "1515766057",
|
||
|
"to_ids": true,
|
||
|
"type": "sha1",
|
||
|
"uuid": "5a58c129-4488-4239-a6c1-407702de0b81",
|
||
|
"value": "18957d7549b4e296fcaeb122ff241d9799804fa3"
|
||
|
},
|
||
|
{
|
||
|
"category": "Payload delivery",
|
||
|
"comment": "",
|
||
|
"deleted": false,
|
||
|
"disable_correlation": false,
|
||
|
"object_relation": "md5",
|
||
|
"timestamp": "1515766057",
|
||
|
"to_ids": true,
|
||
|
"type": "md5",
|
||
|
"uuid": "5a58c129-0c3c-450d-875a-463402de0b81",
|
||
|
"value": "e4744b9f927dc8048a19dca15590660c"
|
||
|
},
|
||
|
{
|
||
|
"category": "Payload delivery",
|
||
|
"comment": "",
|
||
|
"deleted": false,
|
||
|
"disable_correlation": false,
|
||
|
"object_relation": "sha256",
|
||
|
"timestamp": "1515766057",
|
||
|
"to_ids": true,
|
||
|
"type": "sha256",
|
||
|
"uuid": "5a58c129-3964-4edf-81fc-4bd502de0b81",
|
||
|
"value": "ce07d208a2d89b4e0134f5282d9df580960d5c81412965a6d1a0786b27e7f044"
|
||
|
}
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"comment": "",
|
||
|
"deleted": false,
|
||
|
"description": "VirusTotal report",
|
||
|
"meta-category": "misc",
|
||
|
"name": "virustotal-report",
|
||
|
"template_uuid": "d7dd0154-e04f-4c34-a2fb-79f3a3a52aa4",
|
||
|
"template_version": "1",
|
||
|
"timestamp": "1515766057",
|
||
|
"uuid": "98ea29fa-c6f3-4bb1-89c7-551a3f1ec0fb",
|
||
|
"Attribute": [
|
||
|
{
|
||
|
"category": "External analysis",
|
||
|
"comment": "",
|
||
|
"deleted": false,
|
||
|
"disable_correlation": false,
|
||
|
"object_relation": "permalink",
|
||
|
"timestamp": "1515766057",
|
||
|
"to_ids": false,
|
||
|
"type": "link",
|
||
|
"uuid": "5a58c129-53f8-4fe7-80be-4cf002de0b81",
|
||
|
"value": "https://www.virustotal.com/file/ce07d208a2d89b4e0134f5282d9df580960d5c81412965a6d1a0786b27e7f044/analysis/1514646222/"
|
||
|
},
|
||
|
{
|
||
|
"category": "Other",
|
||
|
"comment": "",
|
||
|
"deleted": false,
|
||
|
"disable_correlation": true,
|
||
|
"object_relation": "detection-ratio",
|
||
|
"timestamp": "1515766057",
|
||
|
"to_ids": false,
|
||
|
"type": "text",
|
||
|
"uuid": "5a58c129-237c-400c-930b-465f02de0b81",
|
||
|
"value": "33/59"
|
||
|
},
|
||
|
{
|
||
|
"category": "Other",
|
||
|
"comment": "",
|
||
|
"deleted": false,
|
||
|
"disable_correlation": false,
|
||
|
"object_relation": "last-submission",
|
||
|
"timestamp": "1515766057",
|
||
|
"to_ids": false,
|
||
|
"type": "datetime",
|
||
|
"uuid": "5a58c129-ab20-4015-aa35-474802de0b81",
|
||
|
"value": "2017-12-30T15:03:42"
|
||
|
}
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"comment": "",
|
||
|
"deleted": false,
|
||
|
"description": "File object describing a file with meta-information",
|
||
|
"meta-category": "file",
|
||
|
"name": "file",
|
||
|
"template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215",
|
||
|
"template_version": "7",
|
||
|
"timestamp": "1515766060",
|
||
|
"uuid": "dd110c76-6e54-48c4-badb-b901a57b7bc8",
|
||
|
"ObjectReference": [
|
||
|
{
|
||
|
"comment": "",
|
||
|
"object_uuid": "dd110c76-6e54-48c4-badb-b901a57b7bc8",
|
||
|
"referenced_uuid": "d7545769-a98f-47ac-89e1-9074f18b2266",
|
||
|
"relationship_type": "analysed-with",
|
||
|
"timestamp": "1518771607",
|
||
|
"uuid": "5a58c12c-0140-45a2-bf12-4cc702de0b81"
|
||
|
},
|
||
|
{
|
||
|
"comment": "",
|
||
|
"object_uuid": "dd110c76-6e54-48c4-badb-b901a57b7bc8",
|
||
|
"referenced_uuid": "f2c6fa6f-7d6b-407a-8e98-3a0e9bcea365",
|
||
|
"relationship_type": "analysed-with",
|
||
|
"timestamp": "1518771607",
|
||
|
"uuid": "5a7dacb8-4f74-4cf5-b920-7f0002de0b81"
|
||
|
}
|
||
|
],
|
||
|
"Attribute": [
|
||
|
{
|
||
|
"category": "Payload delivery",
|
||
|
"comment": "",
|
||
|
"deleted": false,
|
||
|
"disable_correlation": false,
|
||
|
"object_relation": "sha1",
|
||
|
"timestamp": "1515766057",
|
||
|
"to_ids": true,
|
||
|
"type": "sha1",
|
||
|
"uuid": "5a58c129-2918-4e24-ba08-41cd02de0b81",
|
||
|
"value": "3c4904832392e70e415b0520d45ff7a1c93c2c4e"
|
||
|
},
|
||
|
{
|
||
|
"category": "Payload delivery",
|
||
|
"comment": "",
|
||
|
"deleted": false,
|
||
|
"disable_correlation": false,
|
||
|
"object_relation": "md5",
|
||
|
"timestamp": "1515766057",
|
||
|
"to_ids": true,
|
||
|
"type": "md5",
|
||
|
"uuid": "5a58c129-3990-4e84-8c82-4c7d02de0b81",
|
||
|
"value": "f8e3c8e43593ecbd9b62f6e18c8d6474"
|
||
|
},
|
||
|
{
|
||
|
"category": "Payload delivery",
|
||
|
"comment": "",
|
||
|
"deleted": false,
|
||
|
"disable_correlation": false,
|
||
|
"object_relation": "sha256",
|
||
|
"timestamp": "1515766057",
|
||
|
"to_ids": true,
|
||
|
"type": "sha256",
|
||
|
"uuid": "5a58c129-c2bc-4920-8f73-4ca902de0b81",
|
||
|
"value": "b556c04c768d57af104716386fe4f23b01aa9d707cbc60385895e2b4fc08c9b0"
|
||
|
}
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"comment": "",
|
||
|
"deleted": false,
|
||
|
"description": "VirusTotal report",
|
||
|
"meta-category": "misc",
|
||
|
"name": "virustotal-report",
|
||
|
"template_uuid": "d7dd0154-e04f-4c34-a2fb-79f3a3a52aa4",
|
||
|
"template_version": "1",
|
||
|
"timestamp": "1515766057",
|
||
|
"uuid": "d7545769-a98f-47ac-89e1-9074f18b2266",
|
||
|
"Attribute": [
|
||
|
{
|
||
|
"category": "External analysis",
|
||
|
"comment": "",
|
||
|
"deleted": false,
|
||
|
"disable_correlation": false,
|
||
|
"object_relation": "permalink",
|
||
|
"timestamp": "1515766057",
|
||
|
"to_ids": false,
|
||
|
"type": "link",
|
||
|
"uuid": "5a58c129-c95c-4d21-b95c-428a02de0b81",
|
||
|
"value": "https://www.virustotal.com/file/b556c04c768d57af104716386fe4f23b01aa9d707cbc60385895e2b4fc08c9b0/analysis/1514646306/"
|
||
|
},
|
||
|
{
|
||
|
"category": "Other",
|
||
|
"comment": "",
|
||
|
"deleted": false,
|
||
|
"disable_correlation": true,
|
||
|
"object_relation": "detection-ratio",
|
||
|
"timestamp": "1515766057",
|
||
|
"to_ids": false,
|
||
|
"type": "text",
|
||
|
"uuid": "5a58c129-fd44-44ab-91ab-43bb02de0b81",
|
||
|
"value": "31/59"
|
||
|
},
|
||
|
{
|
||
|
"category": "Other",
|
||
|
"comment": "",
|
||
|
"deleted": false,
|
||
|
"disable_correlation": false,
|
||
|
"object_relation": "last-submission",
|
||
|
"timestamp": "1515766057",
|
||
|
"to_ids": false,
|
||
|
"type": "datetime",
|
||
|
"uuid": "5a58c129-2424-40da-9197-49e602de0b81",
|
||
|
"value": "2017-12-30T15:05:06"
|
||
|
}
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"comment": "",
|
||
|
"deleted": false,
|
||
|
"description": "File object describing a file with meta-information",
|
||
|
"meta-category": "file",
|
||
|
"name": "file",
|
||
|
"template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215",
|
||
|
"template_version": "7",
|
||
|
"timestamp": "1515766060",
|
||
|
"uuid": "2c1cfefa-96a0-4099-a720-69b64d16fe5f",
|
||
|
"ObjectReference": [
|
||
|
{
|
||
|
"comment": "",
|
||
|
"object_uuid": "2c1cfefa-96a0-4099-a720-69b64d16fe5f",
|
||
|
"referenced_uuid": "2beed4ba-5af8-427c-8270-b6a6456df65c",
|
||
|
"relationship_type": "analysed-with",
|
||
|
"timestamp": "1518771607",
|
||
|
"uuid": "5a58c12c-bfb0-4e59-93e5-475c02de0b81"
|
||
|
}
|
||
|
],
|
||
|
"Attribute": [
|
||
|
{
|
||
|
"category": "Payload delivery",
|
||
|
"comment": "Dok",
|
||
|
"deleted": false,
|
||
|
"disable_correlation": false,
|
||
|
"object_relation": "sha1",
|
||
|
"timestamp": "1515766057",
|
||
|
"to_ids": true,
|
||
|
"type": "sha1",
|
||
|
"uuid": "5a58c129-eed4-4f07-850c-4c3c02de0b81",
|
||
|
"value": "7cf55e0de9f191dc16a10de1e47fb25aa0a79856"
|
||
|
},
|
||
|
{
|
||
|
"category": "Payload delivery",
|
||
|
"comment": "Dok",
|
||
|
"deleted": false,
|
||
|
"disable_correlation": false,
|
||
|
"object_relation": "md5",
|
||
|
"timestamp": "1515766057",
|
||
|
"to_ids": true,
|
||
|
"type": "md5",
|
||
|
"uuid": "5a58c129-30cc-442d-988e-4be502de0b81",
|
||
|
"value": "87a4bff26626ccf022bda7373241275c"
|
||
|
},
|
||
|
{
|
||
|
"category": "Payload delivery",
|
||
|
"comment": "Dok",
|
||
|
"deleted": false,
|
||
|
"disable_correlation": false,
|
||
|
"object_relation": "sha256",
|
||
|
"timestamp": "1515766057",
|
||
|
"to_ids": true,
|
||
|
"type": "sha256",
|
||
|
"uuid": "5a58c129-e430-488a-a185-414802de0b81",
|
||
|
"value": "3f0130cfd7bf61b8e8226dd4775319c7376a08ec019f9df12875e9ea55992e94"
|
||
|
}
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"comment": "",
|
||
|
"deleted": false,
|
||
|
"description": "VirusTotal report",
|
||
|
"meta-category": "misc",
|
||
|
"name": "virustotal-report",
|
||
|
"template_uuid": "d7dd0154-e04f-4c34-a2fb-79f3a3a52aa4",
|
||
|
"template_version": "1",
|
||
|
"timestamp": "1515766057",
|
||
|
"uuid": "2beed4ba-5af8-427c-8270-b6a6456df65c",
|
||
|
"Attribute": [
|
||
|
{
|
||
|
"category": "External analysis",
|
||
|
"comment": "Dok",
|
||
|
"deleted": false,
|
||
|
"disable_correlation": false,
|
||
|
"object_relation": "permalink",
|
||
|
"timestamp": "1515766057",
|
||
|
"to_ids": false,
|
||
|
"type": "link",
|
||
|
"uuid": "5a58c129-ae58-4973-8304-472102de0b81",
|
||
|
"value": "https://www.virustotal.com/file/3f0130cfd7bf61b8e8226dd4775319c7376a08ec019f9df12875e9ea55992e94/analysis/1501706972/"
|
||
|
},
|
||
|
{
|
||
|
"category": "Other",
|
||
|
"comment": "Dok",
|
||
|
"deleted": false,
|
||
|
"disable_correlation": true,
|
||
|
"object_relation": "detection-ratio",
|
||
|
"timestamp": "1515766057",
|
||
|
"to_ids": false,
|
||
|
"type": "text",
|
||
|
"uuid": "5a58c129-8524-49dd-a159-44ac02de0b81",
|
||
|
"value": "25/59"
|
||
|
},
|
||
|
{
|
||
|
"category": "Other",
|
||
|
"comment": "Dok",
|
||
|
"deleted": false,
|
||
|
"disable_correlation": false,
|
||
|
"object_relation": "last-submission",
|
||
|
"timestamp": "1515766057",
|
||
|
"to_ids": false,
|
||
|
"type": "datetime",
|
||
|
"uuid": "5a58c129-2d98-493d-a833-463902de0b81",
|
||
|
"value": "2017-08-02T20:49:32"
|
||
|
}
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"comment": "",
|
||
|
"deleted": false,
|
||
|
"description": "File object describing a file with meta-information",
|
||
|
"meta-category": "file",
|
||
|
"name": "file",
|
||
|
"template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215",
|
||
|
"template_version": "7",
|
||
|
"timestamp": "1515766060",
|
||
|
"uuid": "9cb63957-a223-4016-bf62-7eac015b02a4",
|
||
|
"ObjectReference": [
|
||
|
{
|
||
|
"comment": "",
|
||
|
"object_uuid": "9cb63957-a223-4016-bf62-7eac015b02a4",
|
||
|
"referenced_uuid": "83cea96d-ea16-4220-b8d5-88ca68baf4d5",
|
||
|
"relationship_type": "analysed-with",
|
||
|
"timestamp": "1518771608",
|
||
|
"uuid": "5a58c12d-3084-4c5f-a78f-4b6402de0b81"
|
||
|
}
|
||
|
],
|
||
|
"Attribute": [
|
||
|
{
|
||
|
"category": "Payload delivery",
|
||
|
"comment": "OSX/FruitFly, variant \u00e2\u20ac\u02dcB\u00e2\u20ac\u2122",
|
||
|
"deleted": false,
|
||
|
"disable_correlation": false,
|
||
|
"object_relation": "sha1",
|
||
|
"timestamp": "1515766057",
|
||
|
"to_ids": true,
|
||
|
"type": "sha1",
|
||
|
"uuid": "5a58c129-f77c-4c85-81ab-46c802de0b81",
|
||
|
"value": "794bcba867307bdbd5f947f6c939eb4df1d2c9b8"
|
||
|
},
|
||
|
{
|
||
|
"category": "Payload delivery",
|
||
|
"comment": "OSX/FruitFly, variant \u00e2\u20ac\u02dcB\u00e2\u20ac\u2122",
|
||
|
"deleted": false,
|
||
|
"disable_correlation": false,
|
||
|
"object_relation": "md5",
|
||
|
"timestamp": "1515766057",
|
||
|
"to_ids": true,
|
||
|
"type": "md5",
|
||
|
"uuid": "5a58c129-08a0-406a-9111-46eb02de0b81",
|
||
|
"value": "72d4d364ed91dd9418d144a2db837a6d"
|
||
|
},
|
||
|
{
|
||
|
"category": "Payload delivery",
|
||
|
"comment": "OSX/FruitFly, variant \u00e2\u20ac\u02dcB\u00e2\u20ac\u2122",
|
||
|
"deleted": false,
|
||
|
"disable_correlation": false,
|
||
|
"object_relation": "sha256",
|
||
|
"timestamp": "1515766057",
|
||
|
"to_ids": true,
|
||
|
"type": "sha256",
|
||
|
"uuid": "5a58c129-6910-4875-9617-464e02de0b81",
|
||
|
"value": "befa9bfe488244c64db096522b4fad73fc01ea8c4cd0323f1cbdee81ba008271"
|
||
|
}
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"comment": "",
|
||
|
"deleted": false,
|
||
|
"description": "VirusTotal report",
|
||
|
"meta-category": "misc",
|
||
|
"name": "virustotal-report",
|
||
|
"template_uuid": "d7dd0154-e04f-4c34-a2fb-79f3a3a52aa4",
|
||
|
"template_version": "1",
|
||
|
"timestamp": "1515766057",
|
||
|
"uuid": "83cea96d-ea16-4220-b8d5-88ca68baf4d5",
|
||
|
"Attribute": [
|
||
|
{
|
||
|
"category": "External analysis",
|
||
|
"comment": "OSX/FruitFly, variant \u00e2\u20ac\u02dcB\u00e2\u20ac\u2122",
|
||
|
"deleted": false,
|
||
|
"disable_correlation": false,
|
||
|
"object_relation": "permalink",
|
||
|
"timestamp": "1515766057",
|
||
|
"to_ids": false,
|
||
|
"type": "link",
|
||
|
"uuid": "5a58c129-08e8-4d94-b754-49a702de0b81",
|
||
|
"value": "https://www.virustotal.com/file/befa9bfe488244c64db096522b4fad73fc01ea8c4cd0323f1cbdee81ba008271/analysis/1514807982/"
|
||
|
},
|
||
|
{
|
||
|
"category": "Other",
|
||
|
"comment": "OSX/FruitFly, variant \u00e2\u20ac\u02dcB\u00e2\u20ac\u2122",
|
||
|
"deleted": false,
|
||
|
"disable_correlation": true,
|
||
|
"object_relation": "detection-ratio",
|
||
|
"timestamp": "1515766057",
|
||
|
"to_ids": false,
|
||
|
"type": "text",
|
||
|
"uuid": "5a58c129-957c-4b15-a39b-487e02de0b81",
|
||
|
"value": "29/58"
|
||
|
},
|
||
|
{
|
||
|
"category": "Other",
|
||
|
"comment": "OSX/FruitFly, variant \u00e2\u20ac\u02dcB\u00e2\u20ac\u2122",
|
||
|
"deleted": false,
|
||
|
"disable_correlation": false,
|
||
|
"object_relation": "last-submission",
|
||
|
"timestamp": "1515766057",
|
||
|
"to_ids": false,
|
||
|
"type": "datetime",
|
||
|
"uuid": "5a58c129-f0d8-4d88-a99c-437c02de0b81",
|
||
|
"value": "2018-01-01T11:59:42"
|
||
|
}
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"comment": "",
|
||
|
"deleted": false,
|
||
|
"description": "File object describing a file with meta-information",
|
||
|
"meta-category": "file",
|
||
|
"name": "file",
|
||
|
"template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215",
|
||
|
"template_version": "7",
|
||
|
"timestamp": "1515766060",
|
||
|
"uuid": "90395b9d-bff0-4af6-adaf-a864379542da",
|
||
|
"ObjectReference": [
|
||
|
{
|
||
|
"comment": "",
|
||
|
"object_uuid": "90395b9d-bff0-4af6-adaf-a864379542da",
|
||
|
"referenced_uuid": "494c3c26-d774-4f6a-aa08-5eba8f2211db",
|
||
|
"relationship_type": "analysed-with",
|
||
|
"timestamp": "1518771608",
|
||
|
"uuid": "5a58c12d-5730-4073-948d-45bf02de0b81"
|
||
|
},
|
||
|
{
|
||
|
"comment": "",
|
||
|
"object_uuid": "90395b9d-bff0-4af6-adaf-a864379542da",
|
||
|
"referenced_uuid": "7e1bd57e-b8fe-46ce-acd5-c763793f28c5",
|
||
|
"relationship_type": "analysed-with",
|
||
|
"timestamp": "1518771608",
|
||
|
"uuid": "5a7dacb9-6e60-496d-b735-7f0002de0b81"
|
||
|
}
|
||
|
],
|
||
|
"Attribute": [
|
||
|
{
|
||
|
"category": "Payload delivery",
|
||
|
"comment": "",
|
||
|
"deleted": false,
|
||
|
"disable_correlation": false,
|
||
|
"object_relation": "sha1",
|
||
|
"timestamp": "1515766057",
|
||
|
"to_ids": true,
|
||
|
"type": "sha1",
|
||
|
"uuid": "5a58c129-7578-4e3d-b32a-48d302de0b81",
|
||
|
"value": "5b5a34dfc102f0c18b0b0e83c6fda431969e7957"
|
||
|
},
|
||
|
{
|
||
|
"category": "Payload delivery",
|
||
|
"comment": "",
|
||
|
"deleted": false,
|
||
|
"disable_correlation": false,
|
||
|
"object_relation": "md5",
|
||
|
"timestamp": "1515766057",
|
||
|
"to_ids": true,
|
||
|
"type": "md5",
|
||
|
"uuid": "5a58c129-7804-47ea-aaee-4b0c02de0b81",
|
||
|
"value": "f8e4cab429263406fbf11b41fd539839"
|
||
|
},
|
||
|
{
|
||
|
"category": "Payload delivery",
|
||
|
"comment": "",
|
||
|
"deleted": false,
|
||
|
"disable_correlation": false,
|
||
|
"object_relation": "sha256",
|
||
|
"timestamp": "1515766057",
|
||
|
"to_ids": true,
|
||
|
"type": "sha256",
|
||
|
"uuid": "5a58c129-3828-499a-a7fc-427d02de0b81",
|
||
|
"value": "7a9cdb9d608b88bd7afce001cb285c2bb2ae76f5027977e8635aa04bd064ffb7"
|
||
|
}
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"comment": "",
|
||
|
"deleted": false,
|
||
|
"description": "VirusTotal report",
|
||
|
"meta-category": "misc",
|
||
|
"name": "virustotal-report",
|
||
|
"template_uuid": "d7dd0154-e04f-4c34-a2fb-79f3a3a52aa4",
|
||
|
"template_version": "1",
|
||
|
"timestamp": "1515766057",
|
||
|
"uuid": "494c3c26-d774-4f6a-aa08-5eba8f2211db",
|
||
|
"Attribute": [
|
||
|
{
|
||
|
"category": "External analysis",
|
||
|
"comment": "",
|
||
|
"deleted": false,
|
||
|
"disable_correlation": false,
|
||
|
"object_relation": "permalink",
|
||
|
"timestamp": "1515766057",
|
||
|
"to_ids": false,
|
||
|
"type": "link",
|
||
|
"uuid": "5a58c129-9c80-42c7-9549-46a102de0b81",
|
||
|
"value": "https://www.virustotal.com/file/7a9cdb9d608b88bd7afce001cb285c2bb2ae76f5027977e8635aa04bd064ffb7/analysis/1499769912/"
|
||
|
},
|
||
|
{
|
||
|
"category": "Other",
|
||
|
"comment": "",
|
||
|
"deleted": false,
|
||
|
"disable_correlation": true,
|
||
|
"object_relation": "detection-ratio",
|
||
|
"timestamp": "1515766057",
|
||
|
"to_ids": false,
|
||
|
"type": "text",
|
||
|
"uuid": "5a58c129-9440-40d5-b718-4ec402de0b81",
|
||
|
"value": "30/56"
|
||
|
},
|
||
|
{
|
||
|
"category": "Other",
|
||
|
"comment": "",
|
||
|
"deleted": false,
|
||
|
"disable_correlation": false,
|
||
|
"object_relation": "last-submission",
|
||
|
"timestamp": "1515766058",
|
||
|
"to_ids": false,
|
||
|
"type": "datetime",
|
||
|
"uuid": "5a58c12a-cb2c-48d7-9fbb-4fa102de0b81",
|
||
|
"value": "2017-07-11T10:45:12"
|
||
|
}
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"comment": "",
|
||
|
"deleted": false,
|
||
|
"description": "File object describing a file with meta-information",
|
||
|
"meta-category": "file",
|
||
|
"name": "file",
|
||
|
"template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215",
|
||
|
"template_version": "7",
|
||
|
"timestamp": "1515766061",
|
||
|
"uuid": "41a354b8-fbc4-48fc-8976-bd9a3593a07c",
|
||
|
"ObjectReference": [
|
||
|
{
|
||
|
"comment": "",
|
||
|
"object_uuid": "41a354b8-fbc4-48fc-8976-bd9a3593a07c",
|
||
|
"referenced_uuid": "77040fb6-0d6c-459f-986f-92b37cffe118",
|
||
|
"relationship_type": "analysed-with",
|
||
|
"timestamp": "1518771608",
|
||
|
"uuid": "5a58c12d-a56c-4c7e-94f5-4ded02de0b81"
|
||
|
}
|
||
|
],
|
||
|
"Attribute": [
|
||
|
{
|
||
|
"category": "Payload delivery",
|
||
|
"comment": "",
|
||
|
"deleted": false,
|
||
|
"disable_correlation": false,
|
||
|
"object_relation": "sha1",
|
||
|
"timestamp": "1515766058",
|
||
|
"to_ids": true,
|
||
|
"type": "sha1",
|
||
|
"uuid": "5a58c12a-7928-4c31-80d1-45ca02de0b81",
|
||
|
"value": "d9685bea995e57ae89d10122cb76022554179ff7"
|
||
|
},
|
||
|
{
|
||
|
"category": "Payload delivery",
|
||
|
"comment": "",
|
||
|
"deleted": false,
|
||
|
"disable_correlation": false,
|
||
|
"object_relation": "md5",
|
||
|
"timestamp": "1515766058",
|
||
|
"to_ids": true,
|
||
|
"type": "md5",
|
||
|
"uuid": "5a58c12a-08c8-400c-a4c8-434802de0b81",
|
||
|
"value": "14c1cd9c5f263d5ba988838e0c3e3cf6"
|
||
|
},
|
||
|
{
|
||
|
"category": "Payload delivery",
|
||
|
"comment": "",
|
||
|
"deleted": false,
|
||
|
"disable_correlation": false,
|
||
|
"object_relation": "sha256",
|
||
|
"timestamp": "1515766058",
|
||
|
"to_ids": true,
|
||
|
"type": "sha256",
|
||
|
"uuid": "5a58c12a-6eac-413d-9e64-41d902de0b81",
|
||
|
"value": "4131d4737fe8dfe66d407bfd0a0df18a4a77b89347471cc012da8efc93c661a5"
|
||
|
}
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"comment": "",
|
||
|
"deleted": false,
|
||
|
"description": "VirusTotal report",
|
||
|
"meta-category": "misc",
|
||
|
"name": "virustotal-report",
|
||
|
"template_uuid": "d7dd0154-e04f-4c34-a2fb-79f3a3a52aa4",
|
||
|
"template_version": "1",
|
||
|
"timestamp": "1515766058",
|
||
|
"uuid": "77040fb6-0d6c-459f-986f-92b37cffe118",
|
||
|
"Attribute": [
|
||
|
{
|
||
|
"category": "External analysis",
|
||
|
"comment": "",
|
||
|
"deleted": false,
|
||
|
"disable_correlation": false,
|
||
|
"object_relation": "permalink",
|
||
|
"timestamp": "1515766058",
|
||
|
"to_ids": false,
|
||
|
"type": "link",
|
||
|
"uuid": "5a58c12a-f260-4da2-ac1a-4cc602de0b81",
|
||
|
"value": "https://www.virustotal.com/file/4131d4737fe8dfe66d407bfd0a0df18a4a77b89347471cc012da8efc93c661a5/analysis/1512340695/"
|
||
|
},
|
||
|
{
|
||
|
"category": "Other",
|
||
|
"comment": "",
|
||
|
"deleted": false,
|
||
|
"disable_correlation": true,
|
||
|
"object_relation": "detection-ratio",
|
||
|
"timestamp": "1515766058",
|
||
|
"to_ids": false,
|
||
|
"type": "text",
|
||
|
"uuid": "5a58c12a-3350-4b41-a95a-431c02de0b81",
|
||
|
"value": "34/59"
|
||
|
},
|
||
|
{
|
||
|
"category": "Other",
|
||
|
"comment": "",
|
||
|
"deleted": false,
|
||
|
"disable_correlation": false,
|
||
|
"object_relation": "last-submission",
|
||
|
"timestamp": "1515766058",
|
||
|
"to_ids": false,
|
||
|
"type": "datetime",
|
||
|
"uuid": "5a58c12a-2a2c-4aeb-b525-4b6b02de0b81",
|
||
|
"value": "2017-12-03T22:38:15"
|
||
|
}
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"comment": "",
|
||
|
"deleted": false,
|
||
|
"description": "File object describing a file with meta-information",
|
||
|
"meta-category": "file",
|
||
|
"name": "file",
|
||
|
"template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215",
|
||
|
"template_version": "7",
|
||
|
"timestamp": "1515766061",
|
||
|
"uuid": "480e2ec8-94b2-4682-a591-c2e86c390ead",
|
||
|
"ObjectReference": [
|
||
|
{
|
||
|
"comment": "",
|
||
|
"object_uuid": "480e2ec8-94b2-4682-a591-c2e86c390ead",
|
||
|
"referenced_uuid": "e6e5e5d4-0dc1-4dca-a921-aa923f455fcf",
|
||
|
"relationship_type": "analysed-with",
|
||
|
"timestamp": "1518771608",
|
||
|
"uuid": "5a58c12d-7180-4687-afa4-446a02de0b81"
|
||
|
}
|
||
|
],
|
||
|
"Attribute": [
|
||
|
{
|
||
|
"category": "Payload delivery",
|
||
|
"comment": "",
|
||
|
"deleted": false,
|
||
|
"disable_correlation": false,
|
||
|
"object_relation": "sha1",
|
||
|
"timestamp": "1515766058",
|
||
|
"to_ids": true,
|
||
|
"type": "sha1",
|
||
|
"uuid": "5a58c12a-a7f0-4b50-b2eb-402102de0b81",
|
||
|
"value": "03ab5fdb40db260dbc35aadba202e920e57eb348"
|
||
|
},
|
||
|
{
|
||
|
"category": "Payload delivery",
|
||
|
"comment": "",
|
||
|
"deleted": false,
|
||
|
"disable_correlation": false,
|
||
|
"object_relation": "md5",
|
||
|
"timestamp": "1515766058",
|
||
|
"to_ids": true,
|
||
|
"type": "md5",
|
||
|
"uuid": "5a58c12a-57d4-43c6-a1ba-4df102de0b81",
|
||
|
"value": "3adf6025eb710f2bf1918ee2f116153d"
|
||
|
},
|
||
|
{
|
||
|
"category": "Payload delivery",
|
||
|
"comment": "",
|
||
|
"deleted": false,
|
||
|
"disable_correlation": false,
|
||
|
"object_relation": "sha256",
|
||
|
"timestamp": "1515766058",
|
||
|
"to_ids": true,
|
||
|
"type": "sha256",
|
||
|
"uuid": "5a58c12a-6598-4aa7-b98c-4d9502de0b81",
|
||
|
"value": "94cc470c0fdd60570e58682aa7619d665eb710e3407d1f9685b7b00bf26f9647"
|
||
|
}
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"comment": "",
|
||
|
"deleted": false,
|
||
|
"description": "VirusTotal report",
|
||
|
"meta-category": "misc",
|
||
|
"name": "virustotal-report",
|
||
|
"template_uuid": "d7dd0154-e04f-4c34-a2fb-79f3a3a52aa4",
|
||
|
"template_version": "1",
|
||
|
"timestamp": "1515766058",
|
||
|
"uuid": "e6e5e5d4-0dc1-4dca-a921-aa923f455fcf",
|
||
|
"Attribute": [
|
||
|
{
|
||
|
"category": "External analysis",
|
||
|
"comment": "",
|
||
|
"deleted": false,
|
||
|
"disable_correlation": false,
|
||
|
"object_relation": "permalink",
|
||
|
"timestamp": "1515766058",
|
||
|
"to_ids": false,
|
||
|
"type": "link",
|
||
|
"uuid": "5a58c12a-1c30-410f-85d5-417502de0b81",
|
||
|
"value": "https://www.virustotal.com/file/94cc470c0fdd60570e58682aa7619d665eb710e3407d1f9685b7b00bf26f9647/analysis/1507843547/"
|
||
|
},
|
||
|
{
|
||
|
"category": "Other",
|
||
|
"comment": "",
|
||
|
"deleted": false,
|
||
|
"disable_correlation": true,
|
||
|
"object_relation": "detection-ratio",
|
||
|
"timestamp": "1515766058",
|
||
|
"to_ids": false,
|
||
|
"type": "text",
|
||
|
"uuid": "5a58c12a-59d4-44b7-bc9d-484b02de0b81",
|
||
|
"value": "46/64"
|
||
|
},
|
||
|
{
|
||
|
"category": "Other",
|
||
|
"comment": "",
|
||
|
"deleted": false,
|
||
|
"disable_correlation": false,
|
||
|
"object_relation": "last-submission",
|
||
|
"timestamp": "1515766058",
|
||
|
"to_ids": false,
|
||
|
"type": "datetime",
|
||
|
"uuid": "5a58c12a-ec04-4bff-b537-48b002de0b81",
|
||
|
"value": "2017-10-12T21:25:47"
|
||
|
}
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"comment": "",
|
||
|
"deleted": false,
|
||
|
"description": "File object describing a file with meta-information",
|
||
|
"meta-category": "file",
|
||
|
"name": "file",
|
||
|
"template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215",
|
||
|
"template_version": "7",
|
||
|
"timestamp": "1515766061",
|
||
|
"uuid": "74bef4c3-487c-4941-b138-c8c0e3413b50",
|
||
|
"ObjectReference": [
|
||
|
{
|
||
|
"comment": "",
|
||
|
"object_uuid": "74bef4c3-487c-4941-b138-c8c0e3413b50",
|
||
|
"referenced_uuid": "78a04ae2-f33b-4b5a-b0ad-64f842d70385",
|
||
|
"relationship_type": "analysed-with",
|
||
|
"timestamp": "1518771608",
|
||
|
"uuid": "5a58c12d-30c8-424f-92bf-42ed02de0b81"
|
||
|
}
|
||
|
],
|
||
|
"Attribute": [
|
||
|
{
|
||
|
"category": "Payload delivery",
|
||
|
"comment": "",
|
||
|
"deleted": false,
|
||
|
"disable_correlation": false,
|
||
|
"object_relation": "sha1",
|
||
|
"timestamp": "1515766058",
|
||
|
"to_ids": true,
|
||
|
"type": "sha1",
|
||
|
"uuid": "5a58c12a-113c-4119-b37e-4e1e02de0b81",
|
||
|
"value": "70a1c4ed3a09a44a41d54c4fd4b409a5fc3159f6"
|
||
|
},
|
||
|
{
|
||
|
"category": "Payload delivery",
|
||
|
"comment": "",
|
||
|
"deleted": false,
|
||
|
"disable_correlation": false,
|
||
|
"object_relation": "md5",
|
||
|
"timestamp": "1515766058",
|
||
|
"to_ids": true,
|
||
|
"type": "md5",
|
||
|
"uuid": "5a58c12a-4454-419a-92be-4a8702de0b81",
|
||
|
"value": "4fe4b9560e99e33dabca553e2eeee510"
|
||
|
},
|
||
|
{
|
||
|
"category": "Payload delivery",
|
||
|
"comment": "",
|
||
|
"deleted": false,
|
||
|
"disable_correlation": false,
|
||
|
"object_relation": "sha256",
|
||
|
"timestamp": "1515766058",
|
||
|
"to_ids": true,
|
||
|
"type": "sha256",
|
||
|
"uuid": "5a58c12a-fa80-4d87-9f33-4c9e02de0b81",
|
||
|
"value": "2a854997a44f4ba7e307d408ea2d9c1d84dde035c5dab830689aa45c5b5746ea"
|
||
|
}
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"comment": "",
|
||
|
"deleted": false,
|
||
|
"description": "VirusTotal report",
|
||
|
"meta-category": "misc",
|
||
|
"name": "virustotal-report",
|
||
|
"template_uuid": "d7dd0154-e04f-4c34-a2fb-79f3a3a52aa4",
|
||
|
"template_version": "1",
|
||
|
"timestamp": "1515766058",
|
||
|
"uuid": "78a04ae2-f33b-4b5a-b0ad-64f842d70385",
|
||
|
"Attribute": [
|
||
|
{
|
||
|
"category": "External analysis",
|
||
|
"comment": "",
|
||
|
"deleted": false,
|
||
|
"disable_correlation": false,
|
||
|
"object_relation": "permalink",
|
||
|
"timestamp": "1515766058",
|
||
|
"to_ids": false,
|
||
|
"type": "link",
|
||
|
"uuid": "5a58c12a-58c8-4f7f-98bf-402b02de0b81",
|
||
|
"value": "https://www.virustotal.com/file/2a854997a44f4ba7e307d408ea2d9c1d84dde035c5dab830689aa45c5b5746ea/analysis/1513289308/"
|
||
|
},
|
||
|
{
|
||
|
"category": "Other",
|
||
|
"comment": "",
|
||
|
"deleted": false,
|
||
|
"disable_correlation": true,
|
||
|
"object_relation": "detection-ratio",
|
||
|
"timestamp": "1515766058",
|
||
|
"to_ids": false,
|
||
|
"type": "text",
|
||
|
"uuid": "5a58c12a-9834-4b50-8cae-4e8902de0b81",
|
||
|
"value": "35/59"
|
||
|
},
|
||
|
{
|
||
|
"category": "Other",
|
||
|
"comment": "",
|
||
|
"deleted": false,
|
||
|
"disable_correlation": false,
|
||
|
"object_relation": "last-submission",
|
||
|
"timestamp": "1515766058",
|
||
|
"to_ids": false,
|
||
|
"type": "datetime",
|
||
|
"uuid": "5a58c12a-1c8c-4b5e-bde2-4e1d02de0b81",
|
||
|
"value": "2017-12-14T22:08:28"
|
||
|
}
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"comment": "",
|
||
|
"deleted": false,
|
||
|
"description": "File object describing a file with meta-information",
|
||
|
"meta-category": "file",
|
||
|
"name": "file",
|
||
|
"template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215",
|
||
|
"template_version": "7",
|
||
|
"timestamp": "1515766061",
|
||
|
"uuid": "1f840571-741e-4096-92d6-78e58c49109c",
|
||
|
"ObjectReference": [
|
||
|
{
|
||
|
"comment": "",
|
||
|
"object_uuid": "1f840571-741e-4096-92d6-78e58c49109c",
|
||
|
"referenced_uuid": "268e55cb-3597-4e16-8007-a8b36cf61376",
|
||
|
"relationship_type": "analysed-with",
|
||
|
"timestamp": "1518771608",
|
||
|
"uuid": "5a58c12d-7eac-431a-b3ac-4c0b02de0b81"
|
||
|
}
|
||
|
],
|
||
|
"Attribute": [
|
||
|
{
|
||
|
"category": "Payload delivery",
|
||
|
"comment": "",
|
||
|
"deleted": false,
|
||
|
"disable_correlation": false,
|
||
|
"object_relation": "sha1",
|
||
|
"timestamp": "1515766058",
|
||
|
"to_ids": true,
|
||
|
"type": "sha1",
|
||
|
"uuid": "5a58c12a-7f38-4ddb-a9ec-48af02de0b81",
|
||
|
"value": "1e493ebde7fa77d5ae503aa7758fac87d11da116"
|
||
|
},
|
||
|
{
|
||
|
"category": "Payload delivery",
|
||
|
"comment": "",
|
||
|
"deleted": false,
|
||
|
"disable_correlation": false,
|
||
|
"object_relation": "md5",
|
||
|
"timestamp": "1515766058",
|
||
|
"to_ids": true,
|
||
|
"type": "md5",
|
||
|
"uuid": "5a58c12a-b188-45a6-80bd-43ed02de0b81",
|
||
|
"value": "d4a14a1516d5ec9452a29de24ba85d0e"
|
||
|
},
|
||
|
{
|
||
|
"category": "Payload delivery",
|
||
|
"comment": "",
|
||
|
"deleted": false,
|
||
|
"disable_correlation": false,
|
||
|
"object_relation": "sha256",
|
||
|
"timestamp": "1515766058",
|
||
|
"to_ids": true,
|
||
|
"type": "sha256",
|
||
|
"uuid": "5a58c12a-9b5c-42e5-a881-4c8302de0b81",
|
||
|
"value": "694b15d69264062e82d43e8ddb4a5efe4435574f8d91e29523c4298894b70c26"
|
||
|
}
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"comment": "",
|
||
|
"deleted": false,
|
||
|
"description": "VirusTotal report",
|
||
|
"meta-category": "misc",
|
||
|
"name": "virustotal-report",
|
||
|
"template_uuid": "d7dd0154-e04f-4c34-a2fb-79f3a3a52aa4",
|
||
|
"template_version": "1",
|
||
|
"timestamp": "1515766058",
|
||
|
"uuid": "268e55cb-3597-4e16-8007-a8b36cf61376",
|
||
|
"Attribute": [
|
||
|
{
|
||
|
"category": "External analysis",
|
||
|
"comment": "",
|
||
|
"deleted": false,
|
||
|
"disable_correlation": false,
|
||
|
"object_relation": "permalink",
|
||
|
"timestamp": "1515766058",
|
||
|
"to_ids": false,
|
||
|
"type": "link",
|
||
|
"uuid": "5a58c12a-c3cc-4fbb-a5e8-471102de0b81",
|
||
|
"value": "https://www.virustotal.com/file/694b15d69264062e82d43e8ddb4a5efe4435574f8d91e29523c4298894b70c26/analysis/1490814542/"
|
||
|
},
|
||
|
{
|
||
|
"category": "Other",
|
||
|
"comment": "",
|
||
|
"deleted": false,
|
||
|
"disable_correlation": true,
|
||
|
"object_relation": "detection-ratio",
|
||
|
"timestamp": "1515766058",
|
||
|
"to_ids": false,
|
||
|
"type": "text",
|
||
|
"uuid": "5a58c12a-004c-4834-bc4d-4d1f02de0b81",
|
||
|
"value": "45/61"
|
||
|
},
|
||
|
{
|
||
|
"category": "Other",
|
||
|
"comment": "",
|
||
|
"deleted": false,
|
||
|
"disable_correlation": false,
|
||
|
"object_relation": "last-submission",
|
||
|
"timestamp": "1515766058",
|
||
|
"to_ids": false,
|
||
|
"type": "datetime",
|
||
|
"uuid": "5a58c12a-eb88-4d06-b8f2-418c02de0b81",
|
||
|
"value": "2017-03-29T19:09:02"
|
||
|
}
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"comment": "",
|
||
|
"deleted": false,
|
||
|
"description": "VirusTotal report",
|
||
|
"meta-category": "misc",
|
||
|
"name": "virustotal-report",
|
||
|
"template_uuid": "d7dd0154-e04f-4c34-a2fb-79f3a3a52aa4",
|
||
|
"template_version": "1",
|
||
|
"timestamp": "1518185605",
|
||
|
"uuid": "10efb953-d0cc-4219-8b64-fd1aea48048d",
|
||
|
"Attribute": [
|
||
|
{
|
||
|
"category": "External analysis",
|
||
|
"comment": "",
|
||
|
"deleted": false,
|
||
|
"disable_correlation": false,
|
||
|
"object_relation": "permalink",
|
||
|
"timestamp": "1518185605",
|
||
|
"to_ids": false,
|
||
|
"type": "link",
|
||
|
"uuid": "5a7dac85-b2ac-41f6-b740-7f0002de0b81",
|
||
|
"value": "https://www.virustotal.com/file/91af9a4c0091f8e97641660c66d414fa13ee69473f5692d2aecb1d1101ed34b8/analysis/1509667741/"
|
||
|
},
|
||
|
{
|
||
|
"category": "Other",
|
||
|
"comment": "",
|
||
|
"deleted": false,
|
||
|
"disable_correlation": true,
|
||
|
"object_relation": "detection-ratio",
|
||
|
"timestamp": "1518185606",
|
||
|
"to_ids": false,
|
||
|
"type": "text",
|
||
|
"uuid": "5a7dac86-9a60-4639-8728-7f0002de0b81",
|
||
|
"value": "33/60"
|
||
|
},
|
||
|
{
|
||
|
"category": "Other",
|
||
|
"comment": "",
|
||
|
"deleted": false,
|
||
|
"disable_correlation": false,
|
||
|
"object_relation": "last-submission",
|
||
|
"timestamp": "1518185606",
|
||
|
"to_ids": false,
|
||
|
"type": "datetime",
|
||
|
"uuid": "5a7dac86-78c8-4dde-995a-7f0002de0b81",
|
||
|
"value": "2017-11-03T00:09:01"
|
||
|
}
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"comment": "",
|
||
|
"deleted": false,
|
||
|
"description": "VirusTotal report",
|
||
|
"meta-category": "misc",
|
||
|
"name": "virustotal-report",
|
||
|
"template_uuid": "d7dd0154-e04f-4c34-a2fb-79f3a3a52aa4",
|
||
|
"template_version": "1",
|
||
|
"timestamp": "1518185607",
|
||
|
"uuid": "e72fba22-ef47-4486-b345-e02af2e3f2ba",
|
||
|
"Attribute": [
|
||
|
{
|
||
|
"category": "External analysis",
|
||
|
"comment": "",
|
||
|
"deleted": false,
|
||
|
"disable_correlation": false,
|
||
|
"object_relation": "permalink",
|
||
|
"timestamp": "1518185607",
|
||
|
"to_ids": false,
|
||
|
"type": "link",
|
||
|
"uuid": "5a7dac87-ab30-4a0f-a272-7f0002de0b81",
|
||
|
"value": "https://www.virustotal.com/file/c68814901d0af5de410c152e62a06a51c16ec7fe118f1e5251bbcdbb27364709/analysis/1501703565/"
|
||
|
},
|
||
|
{
|
||
|
"category": "Other",
|
||
|
"comment": "",
|
||
|
"deleted": false,
|
||
|
"disable_correlation": true,
|
||
|
"object_relation": "detection-ratio",
|
||
|
"timestamp": "1518185607",
|
||
|
"to_ids": false,
|
||
|
"type": "text",
|
||
|
"uuid": "5a7dac87-37d0-4aea-8fc1-7f0002de0b81",
|
||
|
"value": "31/59"
|
||
|
},
|
||
|
{
|
||
|
"category": "Other",
|
||
|
"comment": "",
|
||
|
"deleted": false,
|
||
|
"disable_correlation": false,
|
||
|
"object_relation": "last-submission",
|
||
|
"timestamp": "1518185608",
|
||
|
"to_ids": false,
|
||
|
"type": "datetime",
|
||
|
"uuid": "5a7dac88-374c-486c-b8e4-7f0002de0b81",
|
||
|
"value": "2017-08-02T19:52:45"
|
||
|
}
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"comment": "",
|
||
|
"deleted": false,
|
||
|
"description": "VirusTotal report",
|
||
|
"meta-category": "misc",
|
||
|
"name": "virustotal-report",
|
||
|
"template_uuid": "d7dd0154-e04f-4c34-a2fb-79f3a3a52aa4",
|
||
|
"template_version": "1",
|
||
|
"timestamp": "1518185608",
|
||
|
"uuid": "c484d968-23eb-42f0-95b4-c646ff1c4a46",
|
||
|
"Attribute": [
|
||
|
{
|
||
|
"category": "External analysis",
|
||
|
"comment": "",
|
||
|
"deleted": false,
|
||
|
"disable_correlation": false,
|
||
|
"object_relation": "permalink",
|
||
|
"timestamp": "1518185608",
|
||
|
"to_ids": false,
|
||
|
"type": "link",
|
||
|
"uuid": "5a7dac88-529c-43c9-b17f-7f0002de0b81",
|
||
|
"value": "https://www.virustotal.com/file/c30a11eda8745543b8513f62deee872869f5ab9ca20804052d5b64150219ec88/analysis/1515612033/"
|
||
|
},
|
||
|
{
|
||
|
"category": "Other",
|
||
|
"comment": "",
|
||
|
"deleted": false,
|
||
|
"disable_correlation": true,
|
||
|
"object_relation": "detection-ratio",
|
||
|
"timestamp": "1518185609",
|
||
|
"to_ids": false,
|
||
|
"type": "text",
|
||
|
"uuid": "5a7dac89-ebc8-432d-b5c8-7f0002de0b81",
|
||
|
"value": "4/59"
|
||
|
},
|
||
|
{
|
||
|
"category": "Other",
|
||
|
"comment": "",
|
||
|
"deleted": false,
|
||
|
"disable_correlation": false,
|
||
|
"object_relation": "last-submission",
|
||
|
"timestamp": "1518185609",
|
||
|
"to_ids": false,
|
||
|
"type": "datetime",
|
||
|
"uuid": "5a7dac89-c4f4-428d-8287-7f0002de0b81",
|
||
|
"value": "2018-01-10T19:20:33"
|
||
|
}
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"comment": "",
|
||
|
"deleted": false,
|
||
|
"description": "VirusTotal report",
|
||
|
"meta-category": "misc",
|
||
|
"name": "virustotal-report",
|
||
|
"template_uuid": "d7dd0154-e04f-4c34-a2fb-79f3a3a52aa4",
|
||
|
"template_version": "1",
|
||
|
"timestamp": "1518185609",
|
||
|
"uuid": "672456f3-351d-4587-8114-0c562fcb6082",
|
||
|
"Attribute": [
|
||
|
{
|
||
|
"category": "External analysis",
|
||
|
"comment": "",
|
||
|
"deleted": false,
|
||
|
"disable_correlation": false,
|
||
|
"object_relation": "permalink",
|
||
|
"timestamp": "1518185609",
|
||
|
"to_ids": false,
|
||
|
"type": "link",
|
||
|
"uuid": "5a7dac89-a63c-4489-a367-7f0002de0b81",
|
||
|
"value": "https://www.virustotal.com/file/c9140c869123e0c7a4d064a9e82bb1549c3e382cdcf2c119bcbe78911915208b/analysis/1517291247/"
|
||
|
},
|
||
|
{
|
||
|
"category": "Other",
|
||
|
"comment": "",
|
||
|
"deleted": false,
|
||
|
"disable_correlation": true,
|
||
|
"object_relation": "detection-ratio",
|
||
|
"timestamp": "1518185610",
|
||
|
"to_ids": false,
|
||
|
"type": "text",
|
||
|
"uuid": "5a7dac8a-7ff8-48e9-a679-7f0002de0b81",
|
||
|
"value": "25/57"
|
||
|
},
|
||
|
{
|
||
|
"category": "Other",
|
||
|
"comment": "",
|
||
|
"deleted": false,
|
||
|
"disable_correlation": false,
|
||
|
"object_relation": "last-submission",
|
||
|
"timestamp": "1518185610",
|
||
|
"to_ids": false,
|
||
|
"type": "datetime",
|
||
|
"uuid": "5a7dac8a-4064-4004-8980-7f0002de0b81",
|
||
|
"value": "2018-01-30T05:47:27"
|
||
|
}
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"comment": "",
|
||
|
"deleted": false,
|
||
|
"description": "VirusTotal report",
|
||
|
"meta-category": "misc",
|
||
|
"name": "virustotal-report",
|
||
|
"template_uuid": "d7dd0154-e04f-4c34-a2fb-79f3a3a52aa4",
|
||
|
"template_version": "1",
|
||
|
"timestamp": "1518185611",
|
||
|
"uuid": "a643b2e6-13d0-4844-bb44-3708ee4f1430",
|
||
|
"Attribute": [
|
||
|
{
|
||
|
"category": "External analysis",
|
||
|
"comment": "",
|
||
|
"deleted": false,
|
||
|
"disable_correlation": false,
|
||
|
"object_relation": "permalink",
|
||
|
"timestamp": "1518185611",
|
||
|
"to_ids": false,
|
||
|
"type": "link",
|
||
|
"uuid": "5a7dac8b-8cf8-4255-86ff-7f0002de0b81",
|
||
|
"value": "https://www.virustotal.com/file/c9e1fe6a32356a823f3dc36851bc8dfd5c601481c109229bd21883bffee10f5e/analysis/1509667740/"
|
||
|
},
|
||
|
{
|
||
|
"category": "Other",
|
||
|
"comment": "",
|
||
|
"deleted": false,
|
||
|
"disable_correlation": true,
|
||
|
"object_relation": "detection-ratio",
|
||
|
"timestamp": "1518185611",
|
||
|
"to_ids": false,
|
||
|
"type": "text",
|
||
|
"uuid": "5a7dac8b-c124-442a-a439-7f0002de0b81",
|
||
|
"value": "33/59"
|
||
|
},
|
||
|
{
|
||
|
"category": "Other",
|
||
|
"comment": "",
|
||
|
"deleted": false,
|
||
|
"disable_correlation": false,
|
||
|
"object_relation": "last-submission",
|
||
|
"timestamp": "1518185612",
|
||
|
"to_ids": false,
|
||
|
"type": "datetime",
|
||
|
"uuid": "5a7dac8c-5b90-4234-b8fd-7f0002de0b81",
|
||
|
"value": "2017-11-03T00:09:00"
|
||
|
}
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"comment": "",
|
||
|
"deleted": false,
|
||
|
"description": "VirusTotal report",
|
||
|
"meta-category": "misc",
|
||
|
"name": "virustotal-report",
|
||
|
"template_uuid": "d7dd0154-e04f-4c34-a2fb-79f3a3a52aa4",
|
||
|
"template_version": "1",
|
||
|
"timestamp": "1518185612",
|
||
|
"uuid": "cde25116-2c43-45fe-90a9-9d17cf9e4e7c",
|
||
|
"Attribute": [
|
||
|
{
|
||
|
"category": "External analysis",
|
||
|
"comment": "",
|
||
|
"deleted": false,
|
||
|
"disable_correlation": false,
|
||
|
"object_relation": "permalink",
|
||
|
"timestamp": "1518185612",
|
||
|
"to_ids": false,
|
||
|
"type": "link",
|
||
|
"uuid": "5a7dac8c-323c-403a-9a56-7f0002de0b81",
|
||
|
"value": "https://www.virustotal.com/file/2e6bb8fd7f983dd06fa0c5314a7b105354888f63c60a3205ade6d467cc620dc5/analysis/1511177410/"
|
||
|
},
|
||
|
{
|
||
|
"category": "Other",
|
||
|
"comment": "",
|
||
|
"deleted": false,
|
||
|
"disable_correlation": true,
|
||
|
"object_relation": "detection-ratio",
|
||
|
"timestamp": "1518185613",
|
||
|
"to_ids": false,
|
||
|
"type": "text",
|
||
|
"uuid": "5a7dac8d-d7f8-4a96-95f5-7f0002de0b81",
|
||
|
"value": "33/60"
|
||
|
},
|
||
|
{
|
||
|
"category": "Other",
|
||
|
"comment": "",
|
||
|
"deleted": false,
|
||
|
"disable_correlation": false,
|
||
|
"object_relation": "last-submission",
|
||
|
"timestamp": "1518185613",
|
||
|
"to_ids": false,
|
||
|
"type": "datetime",
|
||
|
"uuid": "5a7dac8d-725c-499e-b7f4-7f0002de0b81",
|
||
|
"value": "2017-11-20T11:30:10"
|
||
|
}
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"comment": "",
|
||
|
"deleted": false,
|
||
|
"description": "VirusTotal report",
|
||
|
"meta-category": "misc",
|
||
|
"name": "virustotal-report",
|
||
|
"template_uuid": "d7dd0154-e04f-4c34-a2fb-79f3a3a52aa4",
|
||
|
"template_version": "1",
|
||
|
"timestamp": "1518185613",
|
||
|
"uuid": "a41b07c7-d703-4a24-95e3-7d4c50770c9b",
|
||
|
"Attribute": [
|
||
|
{
|
||
|
"category": "External analysis",
|
||
|
"comment": "",
|
||
|
"deleted": false,
|
||
|
"disable_correlation": false,
|
||
|
"object_relation": "permalink",
|
||
|
"timestamp": "1518185614",
|
||
|
"to_ids": false,
|
||
|
"type": "link",
|
||
|
"uuid": "5a7dac8e-07e0-4c33-9b6a-7f0002de0b81",
|
||
|
"value": "https://www.virustotal.com/file/247eb9cfc0f9ea2c0ba1824381380e3354ee1fb2f0521f8a6fff2baeacc541ff/analysis/1515612036/"
|
||
|
},
|
||
|
{
|
||
|
"category": "Other",
|
||
|
"comment": "",
|
||
|
"deleted": false,
|
||
|
"disable_correlation": true,
|
||
|
"object_relation": "detection-ratio",
|
||
|
"timestamp": "1518185614",
|
||
|
"to_ids": false,
|
||
|
"type": "text",
|
||
|
"uuid": "5a7dac8e-a368-417b-b760-7f0002de0b81",
|
||
|
"value": "26/59"
|
||
|
},
|
||
|
{
|
||
|
"category": "Other",
|
||
|
"comment": "",
|
||
|
"deleted": false,
|
||
|
"disable_correlation": false,
|
||
|
"object_relation": "last-submission",
|
||
|
"timestamp": "1518185614",
|
||
|
"to_ids": false,
|
||
|
"type": "datetime",
|
||
|
"uuid": "5a7dac8e-33c8-46cf-a13e-7f0002de0b81",
|
||
|
"value": "2018-01-10T19:20:36"
|
||
|
}
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"comment": "",
|
||
|
"deleted": false,
|
||
|
"description": "VirusTotal report",
|
||
|
"meta-category": "misc",
|
||
|
"name": "virustotal-report",
|
||
|
"template_uuid": "d7dd0154-e04f-4c34-a2fb-79f3a3a52aa4",
|
||
|
"template_version": "1",
|
||
|
"timestamp": "1518185615",
|
||
|
"uuid": "e71d92c3-fb0b-4408-95c7-c3afe71baae7",
|
||
|
"Attribute": [
|
||
|
{
|
||
|
"category": "External analysis",
|
||
|
"comment": "",
|
||
|
"deleted": false,
|
||
|
"disable_correlation": false,
|
||
|
"object_relation": "permalink",
|
||
|
"timestamp": "1518185615",
|
||
|
"to_ids": false,
|
||
|
"type": "link",
|
||
|
"uuid": "5a7dac8f-7b34-4b78-8bd4-7f0002de0b81",
|
||
|
"value": "https://www.virustotal.com/file/cb3be20d5de9ae45ec959bc9afa93018ec5f4dd80368a707bc654fab87378452/analysis/1511178355/"
|
||
|
},
|
||
|
{
|
||
|
"category": "Other",
|
||
|
"comment": "",
|
||
|
"deleted": false,
|
||
|
"disable_correlation": true,
|
||
|
"object_relation": "detection-ratio",
|
||
|
"timestamp": "1518185615",
|
||
|
"to_ids": false,
|
||
|
"type": "text",
|
||
|
"uuid": "5a7dac8f-f828-45bf-b4df-7f0002de0b81",
|
||
|
"value": "32/59"
|
||
|
},
|
||
|
{
|
||
|
"category": "Other",
|
||
|
"comment": "",
|
||
|
"deleted": false,
|
||
|
"disable_correlation": false,
|
||
|
"object_relation": "last-submission",
|
||
|
"timestamp": "1518185616",
|
||
|
"to_ids": false,
|
||
|
"type": "datetime",
|
||
|
"uuid": "5a7dac90-3068-4807-84b7-7f0002de0b81",
|
||
|
"value": "2017-11-20T11:45:55"
|
||
|
}
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"comment": "",
|
||
|
"deleted": false,
|
||
|
"description": "VirusTotal report",
|
||
|
"meta-category": "misc",
|
||
|
"name": "virustotal-report",
|
||
|
"template_uuid": "d7dd0154-e04f-4c34-a2fb-79f3a3a52aa4",
|
||
|
"template_version": "1",
|
||
|
"timestamp": "1518185616",
|
||
|
"uuid": "5c4cd601-a2bf-4e3e-b43c-3ee6dbee5ae0",
|
||
|
"Attribute": [
|
||
|
{
|
||
|
"category": "External analysis",
|
||
|
"comment": "",
|
||
|
"deleted": false,
|
||
|
"disable_correlation": false,
|
||
|
"object_relation": "permalink",
|
||
|
"timestamp": "1518185616",
|
||
|
"to_ids": false,
|
||
|
"type": "link",
|
||
|
"uuid": "5a7dac90-6f48-4a9e-8db0-7f0002de0b81",
|
||
|
"value": "https://www.virustotal.com/file/d19b903adbd0f8c119d0d8f25b194bdd24b737357a517f23ca5cdc6c75b35038/analysis/1508798227/"
|
||
|
},
|
||
|
{
|
||
|
"category": "Other",
|
||
|
"comment": "",
|
||
|
"deleted": false,
|
||
|
"disable_correlation": true,
|
||
|
"object_relation": "detection-ratio",
|
||
|
"timestamp": "1518185617",
|
||
|
"to_ids": false,
|
||
|
"type": "text",
|
||
|
"uuid": "5a7dac91-22a8-49a5-b55b-7f0002de0b81",
|
||
|
"value": "32/60"
|
||
|
},
|
||
|
{
|
||
|
"category": "Other",
|
||
|
"comment": "",
|
||
|
"deleted": false,
|
||
|
"disable_correlation": false,
|
||
|
"object_relation": "last-submission",
|
||
|
"timestamp": "1518185617",
|
||
|
"to_ids": false,
|
||
|
"type": "datetime",
|
||
|
"uuid": "5a7dac91-2880-45a8-aa36-7f0002de0b81",
|
||
|
"value": "2017-10-23T22:37:07"
|
||
|
}
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"comment": "",
|
||
|
"deleted": false,
|
||
|
"description": "VirusTotal report",
|
||
|
"meta-category": "misc",
|
||
|
"name": "virustotal-report",
|
||
|
"template_uuid": "d7dd0154-e04f-4c34-a2fb-79f3a3a52aa4",
|
||
|
"template_version": "1",
|
||
|
"timestamp": "1518185617",
|
||
|
"uuid": "77a6bb0a-b55e-4b33-ae86-c7ae2004d914",
|
||
|
"Attribute": [
|
||
|
{
|
||
|
"category": "External analysis",
|
||
|
"comment": "",
|
||
|
"deleted": false,
|
||
|
"disable_correlation": false,
|
||
|
"object_relation": "permalink",
|
||
|
"timestamp": "1518185617",
|
||
|
"to_ids": false,
|
||
|
"type": "link",
|
||
|
"uuid": "5a7dac91-e6a4-4c17-a91f-7f0002de0b81",
|
||
|
"value": "https://www.virustotal.com/file/553496aa878821295de7acdd20d6377d39e304651bdd1281c7a7ff15b8f43cad/analysis/1511207074/"
|
||
|
},
|
||
|
{
|
||
|
"category": "Other",
|
||
|
"comment": "",
|
||
|
"deleted": false,
|
||
|
"disable_correlation": true,
|
||
|
"object_relation": "detection-ratio",
|
||
|
"timestamp": "1518185618",
|
||
|
"to_ids": false,
|
||
|
"type": "text",
|
||
|
"uuid": "5a7dac92-6310-4a33-b91a-7f0002de0b81",
|
||
|
"value": "34/60"
|
||
|
},
|
||
|
{
|
||
|
"category": "Other",
|
||
|
"comment": "",
|
||
|
"deleted": false,
|
||
|
"disable_correlation": false,
|
||
|
"object_relation": "last-submission",
|
||
|
"timestamp": "1518185618",
|
||
|
"to_ids": false,
|
||
|
"type": "datetime",
|
||
|
"uuid": "5a7dac92-e444-4b6d-9955-7f0002de0b81",
|
||
|
"value": "2017-11-20T19:44:34"
|
||
|
}
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"comment": "",
|
||
|
"deleted": false,
|
||
|
"description": "VirusTotal report",
|
||
|
"meta-category": "misc",
|
||
|
"name": "virustotal-report",
|
||
|
"template_uuid": "d7dd0154-e04f-4c34-a2fb-79f3a3a52aa4",
|
||
|
"template_version": "1",
|
||
|
"timestamp": "1518185619",
|
||
|
"uuid": "c54a631e-db6e-4cc7-856d-07a974bfc25a",
|
||
|
"Attribute": [
|
||
|
{
|
||
|
"category": "External analysis",
|
||
|
"comment": "",
|
||
|
"deleted": false,
|
||
|
"disable_correlation": false,
|
||
|
"object_relation": "permalink",
|
||
|
"timestamp": "1518185619",
|
||
|
"to_ids": false,
|
||
|
"type": "link",
|
||
|
"uuid": "5a7dac93-7824-4f8e-bd52-7f0002de0b81",
|
||
|
"value": "https://www.virustotal.com/file/b9432b91a112ed2bfcbf0530a04406390c854a7c9f8afea17e9e94fe43242ce1/analysis/1508922137/"
|
||
|
},
|
||
|
{
|
||
|
"category": "Other",
|
||
|
"comment": "",
|
||
|
"deleted": false,
|
||
|
"disable_correlation": true,
|
||
|
"object_relation": "detection-ratio",
|
||
|
"timestamp": "1518185619",
|
||
|
"to_ids": false,
|
||
|
"type": "text",
|
||
|
"uuid": "5a7dac93-360c-40e2-84e1-7f0002de0b81",
|
||
|
"value": "18/59"
|
||
|
},
|
||
|
{
|
||
|
"category": "Other",
|
||
|
"comment": "",
|
||
|
"deleted": false,
|
||
|
"disable_correlation": false,
|
||
|
"object_relation": "last-submission",
|
||
|
"timestamp": "1518185620",
|
||
|
"to_ids": false,
|
||
|
"type": "datetime",
|
||
|
"uuid": "5a7dac94-b604-42a2-b52f-7f0002de0b81",
|
||
|
"value": "2017-10-25T09:02:17"
|
||
|
}
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"comment": "",
|
||
|
"deleted": false,
|
||
|
"description": "VirusTotal report",
|
||
|
"meta-category": "misc",
|
||
|
"name": "virustotal-report",
|
||
|
"template_uuid": "d7dd0154-e04f-4c34-a2fb-79f3a3a52aa4",
|
||
|
"template_version": "1",
|
||
|
"timestamp": "1518185620",
|
||
|
"uuid": "0840973f-94a7-411c-9c35-bebd86da7b47",
|
||
|
"Attribute": [
|
||
|
{
|
||
|
"category": "External analysis",
|
||
|
"comment": "",
|
||
|
"deleted": false,
|
||
|
"disable_correlation": false,
|
||
|
"object_relation": "permalink",
|
||
|
"timestamp": "1518185620",
|
||
|
"to_ids": false,
|
||
|
"type": "link",
|
||
|
"uuid": "5a7dac94-0788-4ac3-b2cd-7f0002de0b81",
|
||
|
"value": "https://www.virustotal.com/file/07adb8253ccc6fee20940de04c1bf4a54a4455525b2ac33f9c95713a8a102f3d/analysis/1510646898/"
|
||
|
},
|
||
|
{
|
||
|
"category": "Other",
|
||
|
"comment": "",
|
||
|
"deleted": false,
|
||
|
"disable_correlation": true,
|
||
|
"object_relation": "detection-ratio",
|
||
|
"timestamp": "1518185621",
|
||
|
"to_ids": false,
|
||
|
"type": "text",
|
||
|
"uuid": "5a7dac95-d758-489d-8de5-7f0002de0b81",
|
||
|
"value": "36/61"
|
||
|
},
|
||
|
{
|
||
|
"category": "Other",
|
||
|
"comment": "",
|
||
|
"deleted": false,
|
||
|
"disable_correlation": false,
|
||
|
"object_relation": "last-submission",
|
||
|
"timestamp": "1518185621",
|
||
|
"to_ids": false,
|
||
|
"type": "datetime",
|
||
|
"uuid": "5a7dac95-1268-470f-b2e9-7f0002de0b81",
|
||
|
"value": "2017-11-14T08:08:18"
|
||
|
}
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"comment": "",
|
||
|
"deleted": false,
|
||
|
"description": "VirusTotal report",
|
||
|
"meta-category": "misc",
|
||
|
"name": "virustotal-report",
|
||
|
"template_uuid": "d7dd0154-e04f-4c34-a2fb-79f3a3a52aa4",
|
||
|
"template_version": "1",
|
||
|
"timestamp": "1518185622",
|
||
|
"uuid": "7e1bd57e-b8fe-46ce-acd5-c763793f28c5",
|
||
|
"Attribute": [
|
||
|
{
|
||
|
"category": "External analysis",
|
||
|
"comment": "",
|
||
|
"deleted": false,
|
||
|
"disable_correlation": false,
|
||
|
"object_relation": "permalink",
|
||
|
"timestamp": "1518185622",
|
||
|
"to_ids": false,
|
||
|
"type": "link",
|
||
|
"uuid": "5a7dac96-fa78-4f88-9729-7f0002de0b81",
|
||
|
"value": "https://www.virustotal.com/file/7a9cdb9d608b88bd7afce001cb285c2bb2ae76f5027977e8635aa04bd064ffb7/analysis/1499769912/"
|
||
|
},
|
||
|
{
|
||
|
"category": "Other",
|
||
|
"comment": "",
|
||
|
"deleted": false,
|
||
|
"disable_correlation": true,
|
||
|
"object_relation": "detection-ratio",
|
||
|
"timestamp": "1518185622",
|
||
|
"to_ids": false,
|
||
|
"type": "text",
|
||
|
"uuid": "5a7dac96-a828-424a-9fa2-7f0002de0b81",
|
||
|
"value": "30/56"
|
||
|
},
|
||
|
{
|
||
|
"category": "Other",
|
||
|
"comment": "",
|
||
|
"deleted": false,
|
||
|
"disable_correlation": false,
|
||
|
"object_relation": "last-submission",
|
||
|
"timestamp": "1518185622",
|
||
|
"to_ids": false,
|
||
|
"type": "datetime",
|
||
|
"uuid": "5a7dac96-5e3c-4566-9d7f-7f0002de0b81",
|
||
|
"value": "2017-07-11T10:45:12"
|
||
|
}
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"comment": "",
|
||
|
"deleted": false,
|
||
|
"description": "VirusTotal report",
|
||
|
"meta-category": "misc",
|
||
|
"name": "virustotal-report",
|
||
|
"template_uuid": "d7dd0154-e04f-4c34-a2fb-79f3a3a52aa4",
|
||
|
"template_version": "1",
|
||
|
"timestamp": "1518185623",
|
||
|
"uuid": "01b8d2c8-326f-4555-a514-65bbf934d953",
|
||
|
"Attribute": [
|
||
|
{
|
||
|
"category": "External analysis",
|
||
|
"comment": "",
|
||
|
"deleted": false,
|
||
|
"disable_correlation": false,
|
||
|
"object_relation": "permalink",
|
||
|
"timestamp": "1518185623",
|
||
|
"to_ids": false,
|
||
|
"type": "link",
|
||
|
"uuid": "5a7dac97-3a78-48c9-8423-7f0002de0b81",
|
||
|
"value": "https://www.virustotal.com/file/52efcfe30f96a85c9c068880c20663db64f0e08346e0f3b59c2e5bbcb41ba73c/analysis/1512899518/"
|
||
|
},
|
||
|
{
|
||
|
"category": "Other",
|
||
|
"comment": "",
|
||
|
"deleted": false,
|
||
|
"disable_correlation": true,
|
||
|
"object_relation": "detection-ratio",
|
||
|
"timestamp": "1518185624",
|
||
|
"to_ids": false,
|
||
|
"type": "text",
|
||
|
"uuid": "5a7dac98-7c80-4d0c-8310-7f0002de0b81",
|
||
|
"value": "30/59"
|
||
|
},
|
||
|
{
|
||
|
"category": "Other",
|
||
|
"comment": "",
|
||
|
"deleted": false,
|
||
|
"disable_correlation": false,
|
||
|
"object_relation": "last-submission",
|
||
|
"timestamp": "1518185624",
|
||
|
"to_ids": false,
|
||
|
"type": "datetime",
|
||
|
"uuid": "5a7dac98-e9a4-4565-a4ea-7f0002de0b81",
|
||
|
"value": "2017-12-10T09:51:58"
|
||
|
}
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"comment": "",
|
||
|
"deleted": false,
|
||
|
"description": "File object describing a file with meta-information",
|
||
|
"meta-category": "file",
|
||
|
"name": "file",
|
||
|
"template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215",
|
||
|
"template_version": "7",
|
||
|
"timestamp": "1518185627",
|
||
|
"uuid": "2835626e-b913-4889-a9d9-fdbe227feadb",
|
||
|
"ObjectReference": [
|
||
|
{
|
||
|
"comment": "",
|
||
|
"object_uuid": "2835626e-b913-4889-a9d9-fdbe227feadb",
|
||
|
"referenced_uuid": "a28ef769-5398-4eb7-9b00-fab900d14c43",
|
||
|
"relationship_type": "analysed-with",
|
||
|
"timestamp": "1518771608",
|
||
|
"uuid": "5a7dacb9-6004-4677-b8e3-7f0002de0b81"
|
||
|
}
|
||
|
],
|
||
|
"Attribute": [
|
||
|
{
|
||
|
"category": "Payload delivery",
|
||
|
"comment": "",
|
||
|
"deleted": false,
|
||
|
"disable_correlation": false,
|
||
|
"object_relation": "sha1",
|
||
|
"timestamp": "1518185624",
|
||
|
"to_ids": true,
|
||
|
"type": "sha1",
|
||
|
"uuid": "5a7dac99-6cb4-4bcf-b342-7f0002de0b81",
|
||
|
"value": "d20482372f9e63a54854d639cc79d0b65bc8382b"
|
||
|
},
|
||
|
{
|
||
|
"category": "Payload delivery",
|
||
|
"comment": "",
|
||
|
"deleted": false,
|
||
|
"disable_correlation": false,
|
||
|
"object_relation": "sha256",
|
||
|
"timestamp": "1518185625",
|
||
|
"to_ids": true,
|
||
|
"type": "sha256",
|
||
|
"uuid": "5a7dac99-f2e0-4804-9737-7f0002de0b81",
|
||
|
"value": "b8ee4556dc09b28826359b98343a4e00680971a6f8c6602747bd5d723d26eaea"
|
||
|
},
|
||
|
{
|
||
|
"category": "Payload delivery",
|
||
|
"comment": "",
|
||
|
"deleted": false,
|
||
|
"disable_correlation": false,
|
||
|
"object_relation": "md5",
|
||
|
"timestamp": "1518185625",
|
||
|
"to_ids": true,
|
||
|
"type": "md5",
|
||
|
"uuid": "5a7dac99-f35c-43a6-abcb-7f0002de0b81",
|
||
|
"value": "77b4ffe73491d534946d010bfca138f7"
|
||
|
}
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"comment": "",
|
||
|
"deleted": false,
|
||
|
"description": "VirusTotal report",
|
||
|
"meta-category": "misc",
|
||
|
"name": "virustotal-report",
|
||
|
"template_uuid": "d7dd0154-e04f-4c34-a2fb-79f3a3a52aa4",
|
||
|
"template_version": "1",
|
||
|
"timestamp": "1518185626",
|
||
|
"uuid": "a28ef769-5398-4eb7-9b00-fab900d14c43",
|
||
|
"Attribute": [
|
||
|
{
|
||
|
"category": "External analysis",
|
||
|
"comment": "",
|
||
|
"deleted": false,
|
||
|
"disable_correlation": false,
|
||
|
"object_relation": "permalink",
|
||
|
"timestamp": "1518185626",
|
||
|
"to_ids": false,
|
||
|
"type": "link",
|
||
|
"uuid": "5a7dac9a-7b60-4984-bad7-7f0002de0b81",
|
||
|
"value": "https://www.virustotal.com/file/b8ee4556dc09b28826359b98343a4e00680971a6f8c6602747bd5d723d26eaea/analysis/1511755782/"
|
||
|
},
|
||
|
{
|
||
|
"category": "Other",
|
||
|
"comment": "",
|
||
|
"deleted": false,
|
||
|
"disable_correlation": true,
|
||
|
"object_relation": "detection-ratio",
|
||
|
"timestamp": "1518185626",
|
||
|
"to_ids": false,
|
||
|
"type": "text",
|
||
|
"uuid": "5a7dac9a-0944-420b-9074-7f0002de0b81",
|
||
|
"value": "26/57"
|
||
|
},
|
||
|
{
|
||
|
"category": "Other",
|
||
|
"comment": "",
|
||
|
"deleted": false,
|
||
|
"disable_correlation": false,
|
||
|
"object_relation": "last-submission",
|
||
|
"timestamp": "1518185627",
|
||
|
"to_ids": false,
|
||
|
"type": "datetime",
|
||
|
"uuid": "5a7dac9b-1724-4270-8e32-7f0002de0b81",
|
||
|
"value": "2017-11-27T04:09:42"
|
||
|
}
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"comment": "",
|
||
|
"deleted": false,
|
||
|
"description": "VirusTotal report",
|
||
|
"meta-category": "misc",
|
||
|
"name": "virustotal-report",
|
||
|
"template_uuid": "d7dd0154-e04f-4c34-a2fb-79f3a3a52aa4",
|
||
|
"template_version": "1",
|
||
|
"timestamp": "1518185627",
|
||
|
"uuid": "5c2bd08b-1259-4095-9c9e-3b74506b1585",
|
||
|
"Attribute": [
|
||
|
{
|
||
|
"category": "External analysis",
|
||
|
"comment": "",
|
||
|
"deleted": false,
|
||
|
"disable_correlation": false,
|
||
|
"object_relation": "permalink",
|
||
|
"timestamp": "1518185627",
|
||
|
"to_ids": false,
|
||
|
"type": "link",
|
||
|
"uuid": "5a7dac9b-b914-4fe7-b2a2-7f0002de0b81",
|
||
|
"value": "https://www.virustotal.com/file/83b712ec6b0b2d093d75c4553c66b95a3d1a1ca43e01c5e47aae49effce31ee3/analysis/1514646249/"
|
||
|
},
|
||
|
{
|
||
|
"category": "Other",
|
||
|
"comment": "",
|
||
|
"deleted": false,
|
||
|
"disable_correlation": true,
|
||
|
"object_relation": "detection-ratio",
|
||
|
"timestamp": "1518185628",
|
||
|
"to_ids": false,
|
||
|
"type": "text",
|
||
|
"uuid": "5a7dac9c-3468-45b3-94be-7f0002de0b81",
|
||
|
"value": "26/59"
|
||
|
},
|
||
|
{
|
||
|
"category": "Other",
|
||
|
"comment": "",
|
||
|
"deleted": false,
|
||
|
"disable_correlation": false,
|
||
|
"object_relation": "last-submission",
|
||
|
"timestamp": "1518185628",
|
||
|
"to_ids": false,
|
||
|
"type": "datetime",
|
||
|
"uuid": "5a7dac9c-a888-46c1-9692-7f0002de0b81",
|
||
|
"value": "2017-12-30T15:04:09"
|
||
|
}
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"comment": "",
|
||
|
"deleted": false,
|
||
|
"description": "VirusTotal report",
|
||
|
"meta-category": "misc",
|
||
|
"name": "virustotal-report",
|
||
|
"template_uuid": "d7dd0154-e04f-4c34-a2fb-79f3a3a52aa4",
|
||
|
"template_version": "1",
|
||
|
"timestamp": "1518185628",
|
||
|
"uuid": "85b2b880-d3e8-4dea-bea6-10c2a491856b",
|
||
|
"Attribute": [
|
||
|
{
|
||
|
"category": "External analysis",
|
||
|
"comment": "",
|
||
|
"deleted": false,
|
||
|
"disable_correlation": false,
|
||
|
"object_relation": "permalink",
|
||
|
"timestamp": "1518185628",
|
||
|
"to_ids": false,
|
||
|
"type": "link",
|
||
|
"uuid": "5a7dac9d-c880-4055-b1d5-7f0002de0b81",
|
||
|
"value": "https://www.virustotal.com/file/bbbf73741078d1e74ab7281189b13f13b50308cf03d3df34bc9f6a90065a4a55/analysis/1514646319/"
|
||
|
},
|
||
|
{
|
||
|
"category": "Other",
|
||
|
"comment": "",
|
||
|
"deleted": false,
|
||
|
"disable_correlation": true,
|
||
|
"object_relation": "detection-ratio",
|
||
|
"timestamp": "1518185629",
|
||
|
"to_ids": false,
|
||
|
"type": "text",
|
||
|
"uuid": "5a7dac9d-8c18-4c2f-9d02-7f0002de0b81",
|
||
|
"value": "30/59"
|
||
|
},
|
||
|
{
|
||
|
"category": "Other",
|
||
|
"comment": "",
|
||
|
"deleted": false,
|
||
|
"disable_correlation": false,
|
||
|
"object_relation": "last-submission",
|
||
|
"timestamp": "1518185629",
|
||
|
"to_ids": false,
|
||
|
"type": "datetime",
|
||
|
"uuid": "5a7dac9d-11f0-4b60-9bfe-7f0002de0b81",
|
||
|
"value": "2017-12-30T15:05:19"
|
||
|
}
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"comment": "",
|
||
|
"deleted": false,
|
||
|
"description": "File object describing a file with meta-information",
|
||
|
"meta-category": "file",
|
||
|
"name": "file",
|
||
|
"template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215",
|
||
|
"template_version": "7",
|
||
|
"timestamp": "1518185633",
|
||
|
"uuid": "fb3000f4-1ebc-42d4-8e4a-2275d659efe6",
|
||
|
"ObjectReference": [
|
||
|
{
|
||
|
"comment": "",
|
||
|
"object_uuid": "fb3000f4-1ebc-42d4-8e4a-2275d659efe6",
|
||
|
"referenced_uuid": "5cbeb48f-30a6-478a-bea9-9928524630c6",
|
||
|
"relationship_type": "analysed-with",
|
||
|
"timestamp": "1518771609",
|
||
|
"uuid": "5a7dacb9-5700-4a96-8673-7f0002de0b81"
|
||
|
}
|
||
|
],
|
||
|
"Attribute": [
|
||
|
{
|
||
|
"category": "Payload delivery",
|
||
|
"comment": "",
|
||
|
"deleted": false,
|
||
|
"disable_correlation": false,
|
||
|
"object_relation": "sha1",
|
||
|
"timestamp": "1518185630",
|
||
|
"to_ids": true,
|
||
|
"type": "sha1",
|
||
|
"uuid": "5a7dac9e-bdb0-4532-88b7-7f0002de0b81",
|
||
|
"value": "087aa8d2fcfffa85707214928d9f4ca16e8af5ac"
|
||
|
},
|
||
|
{
|
||
|
"category": "Payload delivery",
|
||
|
"comment": "",
|
||
|
"deleted": false,
|
||
|
"disable_correlation": false,
|
||
|
"object_relation": "sha256",
|
||
|
"timestamp": "1518185630",
|
||
|
"to_ids": true,
|
||
|
"type": "sha256",
|
||
|
"uuid": "5a7dac9e-3e24-44f3-9fdb-7f0002de0b81",
|
||
|
"value": "6e207a375782e3c9d86a3e426cfa38eddcf4898b3556abc75889f7e01cc49506"
|
||
|
},
|
||
|
{
|
||
|
"category": "Payload delivery",
|
||
|
"comment": "",
|
||
|
"deleted": false,
|
||
|
"disable_correlation": false,
|
||
|
"object_relation": "md5",
|
||
|
"timestamp": "1518185631",
|
||
|
"to_ids": true,
|
||
|
"type": "md5",
|
||
|
"uuid": "5a7dac9f-1df0-485a-ada5-7f0002de0b81",
|
||
|
"value": "f48ee47a79d5da606e9eff0401971075"
|
||
|
}
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"comment": "",
|
||
|
"deleted": false,
|
||
|
"description": "VirusTotal report",
|
||
|
"meta-category": "misc",
|
||
|
"name": "virustotal-report",
|
||
|
"template_uuid": "d7dd0154-e04f-4c34-a2fb-79f3a3a52aa4",
|
||
|
"template_version": "1",
|
||
|
"timestamp": "1518185631",
|
||
|
"uuid": "5cbeb48f-30a6-478a-bea9-9928524630c6",
|
||
|
"Attribute": [
|
||
|
{
|
||
|
"category": "External analysis",
|
||
|
"comment": "",
|
||
|
"deleted": false,
|
||
|
"disable_correlation": false,
|
||
|
"object_relation": "permalink",
|
||
|
"timestamp": "1518185631",
|
||
|
"to_ids": false,
|
||
|
"type": "link",
|
||
|
"uuid": "5a7dac9f-46b8-4185-b9a5-7f0002de0b81",
|
||
|
"value": "https://www.virustotal.com/file/6e207a375782e3c9d86a3e426cfa38eddcf4898b3556abc75889f7e01cc49506/analysis/1494501354/"
|
||
|
},
|
||
|
{
|
||
|
"category": "Other",
|
||
|
"comment": "",
|
||
|
"deleted": false,
|
||
|
"disable_correlation": true,
|
||
|
"object_relation": "detection-ratio",
|
||
|
"timestamp": "1518185632",
|
||
|
"to_ids": false,
|
||
|
"type": "text",
|
||
|
"uuid": "5a7daca0-fca0-44dc-8b88-7f0002de0b81",
|
||
|
"value": "21/56"
|
||
|
},
|
||
|
{
|
||
|
"category": "Other",
|
||
|
"comment": "",
|
||
|
"deleted": false,
|
||
|
"disable_correlation": false,
|
||
|
"object_relation": "last-submission",
|
||
|
"timestamp": "1518185632",
|
||
|
"to_ids": false,
|
||
|
"type": "datetime",
|
||
|
"uuid": "5a7daca0-6900-4a96-b16b-7f0002de0b81",
|
||
|
"value": "2017-05-11T11:15:54"
|
||
|
}
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"comment": "",
|
||
|
"deleted": false,
|
||
|
"description": "File object describing a file with meta-information",
|
||
|
"meta-category": "file",
|
||
|
"name": "file",
|
||
|
"template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215",
|
||
|
"template_version": "7",
|
||
|
"timestamp": "1518185636",
|
||
|
"uuid": "f53a44f1-158b-4212-bc9e-8e257362a32c",
|
||
|
"ObjectReference": [
|
||
|
{
|
||
|
"comment": "",
|
||
|
"object_uuid": "f53a44f1-158b-4212-bc9e-8e257362a32c",
|
||
|
"referenced_uuid": "3bd1c560-3b57-4248-b95c-72723eebd90c",
|
||
|
"relationship_type": "analysed-with",
|
||
|
"timestamp": "1518771609",
|
||
|
"uuid": "5a7dacb9-4218-445b-bf5b-7f0002de0b81"
|
||
|
}
|
||
|
],
|
||
|
"Attribute": [
|
||
|
{
|
||
|
"category": "Payload delivery",
|
||
|
"comment": "",
|
||
|
"deleted": false,
|
||
|
"disable_correlation": false,
|
||
|
"object_relation": "sha1",
|
||
|
"timestamp": "1518185633",
|
||
|
"to_ids": true,
|
||
|
"type": "sha1",
|
||
|
"uuid": "5a7daca1-4c7c-49ef-8ccb-7f0002de0b81",
|
||
|
"value": "73994f62dfac62e32968abeb5206043464eb4792"
|
||
|
},
|
||
|
{
|
||
|
"category": "Payload delivery",
|
||
|
"comment": "",
|
||
|
"deleted": false,
|
||
|
"disable_correlation": false,
|
||
|
"object_relation": "sha256",
|
||
|
"timestamp": "1518185633",
|
||
|
"to_ids": true,
|
||
|
"type": "sha256",
|
||
|
"uuid": "5a7daca1-1b98-4838-9f34-7f0002de0b81",
|
||
|
"value": "92721d719b8085748fb66366d202457f6d38bfa108a2ecda71eee7e68f43a387"
|
||
|
},
|
||
|
{
|
||
|
"category": "Payload delivery",
|
||
|
"comment": "",
|
||
|
"deleted": false,
|
||
|
"disable_correlation": false,
|
||
|
"object_relation": "md5",
|
||
|
"timestamp": "1518185633",
|
||
|
"to_ids": true,
|
||
|
"type": "md5",
|
||
|
"uuid": "5a7daca1-6124-4607-9cb9-7f0002de0b81",
|
||
|
"value": "5e996bcbb6f15d345a4a59758dc4d75f"
|
||
|
}
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"comment": "",
|
||
|
"deleted": false,
|
||
|
"description": "VirusTotal report",
|
||
|
"meta-category": "misc",
|
||
|
"name": "virustotal-report",
|
||
|
"template_uuid": "d7dd0154-e04f-4c34-a2fb-79f3a3a52aa4",
|
||
|
"template_version": "1",
|
||
|
"timestamp": "1518185634",
|
||
|
"uuid": "3bd1c560-3b57-4248-b95c-72723eebd90c",
|
||
|
"Attribute": [
|
||
|
{
|
||
|
"category": "External analysis",
|
||
|
"comment": "",
|
||
|
"deleted": false,
|
||
|
"disable_correlation": false,
|
||
|
"object_relation": "permalink",
|
||
|
"timestamp": "1518185634",
|
||
|
"to_ids": false,
|
||
|
"type": "link",
|
||
|
"uuid": "5a7daca2-3940-4dc5-992d-7f0002de0b81",
|
||
|
"value": "https://www.virustotal.com/file/92721d719b8085748fb66366d202457f6d38bfa108a2ecda71eee7e68f43a387/analysis/1517417420/"
|
||
|
},
|
||
|
{
|
||
|
"category": "Other",
|
||
|
"comment": "",
|
||
|
"deleted": false,
|
||
|
"disable_correlation": true,
|
||
|
"object_relation": "detection-ratio",
|
||
|
"timestamp": "1518185635",
|
||
|
"to_ids": false,
|
||
|
"type": "text",
|
||
|
"uuid": "5a7daca3-b854-4cf7-92a4-7f0002de0b81",
|
||
|
"value": "13/57"
|
||
|
},
|
||
|
{
|
||
|
"category": "Other",
|
||
|
"comment": "",
|
||
|
"deleted": false,
|
||
|
"disable_correlation": false,
|
||
|
"object_relation": "last-submission",
|
||
|
"timestamp": "1518185635",
|
||
|
"to_ids": false,
|
||
|
"type": "datetime",
|
||
|
"uuid": "5a7daca3-0674-4c54-904f-7f0002de0b81",
|
||
|
"value": "2018-01-31T16:50:20"
|
||
|
}
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"comment": "",
|
||
|
"deleted": false,
|
||
|
"description": "File object describing a file with meta-information",
|
||
|
"meta-category": "file",
|
||
|
"name": "file",
|
||
|
"template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215",
|
||
|
"template_version": "7",
|
||
|
"timestamp": "1518185638",
|
||
|
"uuid": "edc8ba48-d186-4b7f-a8e4-54fdfee91503",
|
||
|
"ObjectReference": [
|
||
|
{
|
||
|
"comment": "",
|
||
|
"object_uuid": "edc8ba48-d186-4b7f-a8e4-54fdfee91503",
|
||
|
"referenced_uuid": "cf7832e0-5495-4a89-95df-cb4dd915842e",
|
||
|
"relationship_type": "analysed-with",
|
||
|
"timestamp": "1518771609",
|
||
|
"uuid": "5a7dacb9-76cc-4f50-b90a-7f0002de0b81"
|
||
|
}
|
||
|
],
|
||
|
"Attribute": [
|
||
|
{
|
||
|
"category": "Payload delivery",
|
||
|
"comment": "",
|
||
|
"deleted": false,
|
||
|
"disable_correlation": false,
|
||
|
"object_relation": "sha1",
|
||
|
"timestamp": "1518185635",
|
||
|
"to_ids": true,
|
||
|
"type": "sha1",
|
||
|
"uuid": "5a7daca3-e564-4606-9521-7f0002de0b81",
|
||
|
"value": "d972e12685591b71432faaf70c71ced4b6e522a0"
|
||
|
},
|
||
|
{
|
||
|
"category": "Payload delivery",
|
||
|
"comment": "",
|
||
|
"deleted": false,
|
||
|
"disable_correlation": false,
|
||
|
"object_relation": "sha256",
|
||
|
"timestamp": "1518185636",
|
||
|
"to_ids": true,
|
||
|
"type": "sha256",
|
||
|
"uuid": "5a7daca4-cf6c-48f5-ba2d-7f0002de0b81",
|
||
|
"value": "7848f7808af02ba0466f3a0687cf949c4d29a2d94b035481a3299ec519aaaa30"
|
||
|
},
|
||
|
{
|
||
|
"category": "Payload delivery",
|
||
|
"comment": "",
|
||
|
"deleted": false,
|
||
|
"disable_correlation": false,
|
||
|
"object_relation": "md5",
|
||
|
"timestamp": "1518185636",
|
||
|
"to_ids": true,
|
||
|
"type": "md5",
|
||
|
"uuid": "5a7daca4-f240-430b-a950-7f0002de0b81",
|
||
|
"value": "3a5fc199189cf39ec58ec6fb2c3c7d93"
|
||
|
}
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"comment": "",
|
||
|
"deleted": false,
|
||
|
"description": "VirusTotal report",
|
||
|
"meta-category": "misc",
|
||
|
"name": "virustotal-report",
|
||
|
"template_uuid": "d7dd0154-e04f-4c34-a2fb-79f3a3a52aa4",
|
||
|
"template_version": "1",
|
||
|
"timestamp": "1518185637",
|
||
|
"uuid": "cf7832e0-5495-4a89-95df-cb4dd915842e",
|
||
|
"Attribute": [
|
||
|
{
|
||
|
"category": "External analysis",
|
||
|
"comment": "",
|
||
|
"deleted": false,
|
||
|
"disable_correlation": false,
|
||
|
"object_relation": "permalink",
|
||
|
"timestamp": "1518185637",
|
||
|
"to_ids": false,
|
||
|
"type": "link",
|
||
|
"uuid": "5a7daca5-a77c-46db-a274-7f0002de0b81",
|
||
|
"value": "https://www.virustotal.com/file/7848f7808af02ba0466f3a0687cf949c4d29a2d94b035481a3299ec519aaaa30/analysis/1518176286/"
|
||
|
},
|
||
|
{
|
||
|
"category": "Other",
|
||
|
"comment": "",
|
||
|
"deleted": false,
|
||
|
"disable_correlation": true,
|
||
|
"object_relation": "detection-ratio",
|
||
|
"timestamp": "1518185637",
|
||
|
"to_ids": false,
|
||
|
"type": "text",
|
||
|
"uuid": "5a7daca5-aafc-4d39-ba71-7f0002de0b81",
|
||
|
"value": "0/59"
|
||
|
},
|
||
|
{
|
||
|
"category": "Other",
|
||
|
"comment": "",
|
||
|
"deleted": false,
|
||
|
"disable_correlation": false,
|
||
|
"object_relation": "last-submission",
|
||
|
"timestamp": "1518185638",
|
||
|
"to_ids": false,
|
||
|
"type": "datetime",
|
||
|
"uuid": "5a7daca6-e190-46bd-88c9-7f0002de0b81",
|
||
|
"value": "2018-02-09T11:38:06"
|
||
|
}
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"comment": "",
|
||
|
"deleted": false,
|
||
|
"description": "File object describing a file with meta-information",
|
||
|
"meta-category": "file",
|
||
|
"name": "file",
|
||
|
"template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215",
|
||
|
"template_version": "7",
|
||
|
"timestamp": "1518185641",
|
||
|
"uuid": "f8e43169-3421-43af-8b25-be605a3ea859",
|
||
|
"ObjectReference": [
|
||
|
{
|
||
|
"comment": "",
|
||
|
"object_uuid": "f8e43169-3421-43af-8b25-be605a3ea859",
|
||
|
"referenced_uuid": "2e77adf4-a30d-4dcf-9fcd-9a263b1971c7",
|
||
|
"relationship_type": "analysed-with",
|
||
|
"timestamp": "1518771609",
|
||
|
"uuid": "5a7dacb9-d740-48f9-b264-7f0002de0b81"
|
||
|
}
|
||
|
],
|
||
|
"Attribute": [
|
||
|
{
|
||
|
"category": "Payload delivery",
|
||
|
"comment": "",
|
||
|
"deleted": false,
|
||
|
"disable_correlation": false,
|
||
|
"object_relation": "sha1",
|
||
|
"timestamp": "1518185638",
|
||
|
"to_ids": true,
|
||
|
"type": "sha1",
|
||
|
"uuid": "5a7daca6-271c-4597-bee3-7f0002de0b81",
|
||
|
"value": "a201f1760ca4f99dff682a4e5c656f149f5d8e7c"
|
||
|
},
|
||
|
{
|
||
|
"category": "Payload delivery",
|
||
|
"comment": "",
|
||
|
"deleted": false,
|
||
|
"disable_correlation": false,
|
||
|
"object_relation": "sha256",
|
||
|
"timestamp": "1518185639",
|
||
|
"to_ids": true,
|
||
|
"type": "sha256",
|
||
|
"uuid": "5a7daca7-6c84-4003-a567-7f0002de0b81",
|
||
|
"value": "5b7792a16c6b7978fca389882c6aeeb2c792352076bf6a064e7b8b90eace8060"
|
||
|
},
|
||
|
{
|
||
|
"category": "Payload delivery",
|
||
|
"comment": "",
|
||
|
"deleted": false,
|
||
|
"disable_correlation": false,
|
||
|
"object_relation": "md5",
|
||
|
"timestamp": "1518185639",
|
||
|
"to_ids": true,
|
||
|
"type": "md5",
|
||
|
"uuid": "5a7daca7-bde0-478c-90b4-7f0002de0b81",
|
||
|
"value": "6c74ff2cc39b5362ee5dec576ece211b"
|
||
|
}
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"comment": "",
|
||
|
"deleted": false,
|
||
|
"description": "VirusTotal report",
|
||
|
"meta-category": "misc",
|
||
|
"name": "virustotal-report",
|
||
|
"template_uuid": "d7dd0154-e04f-4c34-a2fb-79f3a3a52aa4",
|
||
|
"template_version": "1",
|
||
|
"timestamp": "1518185639",
|
||
|
"uuid": "2e77adf4-a30d-4dcf-9fcd-9a263b1971c7",
|
||
|
"Attribute": [
|
||
|
{
|
||
|
"category": "External analysis",
|
||
|
"comment": "",
|
||
|
"deleted": false,
|
||
|
"disable_correlation": false,
|
||
|
"object_relation": "permalink",
|
||
|
"timestamp": "1518185639",
|
||
|
"to_ids": false,
|
||
|
"type": "link",
|
||
|
"uuid": "5a7daca7-2690-4c19-9ad1-7f0002de0b81",
|
||
|
"value": "https://www.virustotal.com/file/5b7792a16c6b7978fca389882c6aeeb2c792352076bf6a064e7b8b90eace8060/analysis/1511748584/"
|
||
|
},
|
||
|
{
|
||
|
"category": "Other",
|
||
|
"comment": "",
|
||
|
"deleted": false,
|
||
|
"disable_correlation": true,
|
||
|
"object_relation": "detection-ratio",
|
||
|
"timestamp": "1518185640",
|
||
|
"to_ids": false,
|
||
|
"type": "text",
|
||
|
"uuid": "5a7daca8-efc0-48bf-82c4-7f0002de0b81",
|
||
|
"value": "26/57"
|
||
|
},
|
||
|
{
|
||
|
"category": "Other",
|
||
|
"comment": "",
|
||
|
"deleted": false,
|
||
|
"disable_correlation": false,
|
||
|
"object_relation": "last-submission",
|
||
|
"timestamp": "1518185640",
|
||
|
"to_ids": false,
|
||
|
"type": "datetime",
|
||
|
"uuid": "5a7daca8-f524-4e70-83ce-7f0002de0b81",
|
||
|
"value": "2017-11-27T02:09:44"
|
||
|
}
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"comment": "",
|
||
|
"deleted": false,
|
||
|
"description": "File object describing a file with meta-information",
|
||
|
"meta-category": "file",
|
||
|
"name": "file",
|
||
|
"template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215",
|
||
|
"template_version": "7",
|
||
|
"timestamp": "1518185644",
|
||
|
"uuid": "770417f7-66d8-4c14-a590-25829420ef72",
|
||
|
"ObjectReference": [
|
||
|
{
|
||
|
"comment": "",
|
||
|
"object_uuid": "770417f7-66d8-4c14-a590-25829420ef72",
|
||
|
"referenced_uuid": "d250cbbd-0387-4477-9487-647ba7f369ed",
|
||
|
"relationship_type": "analysed-with",
|
||
|
"timestamp": "1518771609",
|
||
|
"uuid": "5a7dacb9-b5ec-4ce8-848c-7f0002de0b81"
|
||
|
}
|
||
|
],
|
||
|
"Attribute": [
|
||
|
{
|
||
|
"category": "Payload delivery",
|
||
|
"comment": "",
|
||
|
"deleted": false,
|
||
|
"disable_correlation": false,
|
||
|
"object_relation": "sha1",
|
||
|
"timestamp": "1518185641",
|
||
|
"to_ids": true,
|
||
|
"type": "sha1",
|
||
|
"uuid": "5a7daca9-5c9c-4cde-a219-7f0002de0b81",
|
||
|
"value": "26f1dc4618b87b52ff1c5e27a5ba260d5f034a0f"
|
||
|
},
|
||
|
{
|
||
|
"category": "Payload delivery",
|
||
|
"comment": "",
|
||
|
"deleted": false,
|
||
|
"disable_correlation": false,
|
||
|
"object_relation": "sha256",
|
||
|
"timestamp": "1518185641",
|
||
|
"to_ids": true,
|
||
|
"type": "sha256",
|
||
|
"uuid": "5a7daca9-6808-4a2f-a931-7f0002de0b81",
|
||
|
"value": "0a77f1b59c829a83d91a12c871fbd30c5c9d04b455f497e0c231cd21104bfea9"
|
||
|
},
|
||
|
{
|
||
|
"category": "Payload delivery",
|
||
|
"comment": "",
|
||
|
"deleted": false,
|
||
|
"disable_correlation": false,
|
||
|
"object_relation": "md5",
|
||
|
"timestamp": "1518185642",
|
||
|
"to_ids": true,
|
||
|
"type": "md5",
|
||
|
"uuid": "5a7dacaa-a9dc-4351-b0d0-7f0002de0b81",
|
||
|
"value": "a90379e02cf9b66c3863131730a4b099"
|
||
|
}
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"comment": "",
|
||
|
"deleted": false,
|
||
|
"description": "VirusTotal report",
|
||
|
"meta-category": "misc",
|
||
|
"name": "virustotal-report",
|
||
|
"template_uuid": "d7dd0154-e04f-4c34-a2fb-79f3a3a52aa4",
|
||
|
"template_version": "1",
|
||
|
"timestamp": "1518185642",
|
||
|
"uuid": "d250cbbd-0387-4477-9487-647ba7f369ed",
|
||
|
"Attribute": [
|
||
|
{
|
||
|
"category": "External analysis",
|
||
|
"comment": "",
|
||
|
"deleted": false,
|
||
|
"disable_correlation": false,
|
||
|
"object_relation": "permalink",
|
||
|
"timestamp": "1518185642",
|
||
|
"to_ids": false,
|
||
|
"type": "link",
|
||
|
"uuid": "5a7dacaa-53c0-407f-a48e-7f0002de0b81",
|
||
|
"value": "https://www.virustotal.com/file/0a77f1b59c829a83d91a12c871fbd30c5c9d04b455f497e0c231cd21104bfea9/analysis/1493992385/"
|
||
|
},
|
||
|
{
|
||
|
"category": "Other",
|
||
|
"comment": "",
|
||
|
"deleted": false,
|
||
|
"disable_correlation": true,
|
||
|
"object_relation": "detection-ratio",
|
||
|
"timestamp": "1518185643",
|
||
|
"to_ids": false,
|
||
|
"type": "text",
|
||
|
"uuid": "5a7dacab-a424-4aaf-8a77-7f0002de0b81",
|
||
|
"value": "17/56"
|
||
|
},
|
||
|
{
|
||
|
"category": "Other",
|
||
|
"comment": "",
|
||
|
"deleted": false,
|
||
|
"disable_correlation": false,
|
||
|
"object_relation": "last-submission",
|
||
|
"timestamp": "1518185643",
|
||
|
"to_ids": false,
|
||
|
"type": "datetime",
|
||
|
"uuid": "5a7dacab-3264-4ca4-aaa3-7f0002de0b81",
|
||
|
"value": "2017-05-05T13:53:05"
|
||
|
}
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"comment": "",
|
||
|
"deleted": false,
|
||
|
"description": "File object describing a file with meta-information",
|
||
|
"meta-category": "file",
|
||
|
"name": "file",
|
||
|
"template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215",
|
||
|
"template_version": "7",
|
||
|
"timestamp": "1518185646",
|
||
|
"uuid": "18939e64-0afb-4ae4-8995-189b92423b98",
|
||
|
"ObjectReference": [
|
||
|
{
|
||
|
"comment": "",
|
||
|
"object_uuid": "18939e64-0afb-4ae4-8995-189b92423b98",
|
||
|
"referenced_uuid": "55b685d6-7fdc-4538-b113-d253384b213a",
|
||
|
"relationship_type": "analysed-with",
|
||
|
"timestamp": "1518771609",
|
||
|
"uuid": "5a7dacba-e40c-47f2-aa5f-7f0002de0b81"
|
||
|
}
|
||
|
],
|
||
|
"Attribute": [
|
||
|
{
|
||
|
"category": "Payload delivery",
|
||
|
"comment": "",
|
||
|
"deleted": false,
|
||
|
"disable_correlation": false,
|
||
|
"object_relation": "sha1",
|
||
|
"timestamp": "1518185643",
|
||
|
"to_ids": true,
|
||
|
"type": "sha1",
|
||
|
"uuid": "5a7dacab-624c-4e34-b926-7f0002de0b81",
|
||
|
"value": "0a0ae94f92a50937d920bf02dd26b477c840a915"
|
||
|
},
|
||
|
{
|
||
|
"category": "Payload delivery",
|
||
|
"comment": "",
|
||
|
"deleted": false,
|
||
|
"disable_correlation": false,
|
||
|
"object_relation": "sha256",
|
||
|
"timestamp": "1518185644",
|
||
|
"to_ids": true,
|
||
|
"type": "sha256",
|
||
|
"uuid": "5a7dacac-ded0-48e8-b095-7f0002de0b81",
|
||
|
"value": "d5ea79632a1a67abbf9fb1c2813b899c90a5fb9442966ed4f530e92715087ee2"
|
||
|
},
|
||
|
{
|
||
|
"category": "Payload delivery",
|
||
|
"comment": "",
|
||
|
"deleted": false,
|
||
|
"disable_correlation": false,
|
||
|
"object_relation": "md5",
|
||
|
"timestamp": "1518185644",
|
||
|
"to_ids": true,
|
||
|
"type": "md5",
|
||
|
"uuid": "5a7dacac-1100-4608-b5f2-7f0002de0b81",
|
||
|
"value": "000e4225f382f9eee675dcaf3cbf9c7e"
|
||
|
}
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"comment": "",
|
||
|
"deleted": false,
|
||
|
"description": "VirusTotal report",
|
||
|
"meta-category": "misc",
|
||
|
"name": "virustotal-report",
|
||
|
"template_uuid": "d7dd0154-e04f-4c34-a2fb-79f3a3a52aa4",
|
||
|
"template_version": "1",
|
||
|
"timestamp": "1518185645",
|
||
|
"uuid": "55b685d6-7fdc-4538-b113-d253384b213a",
|
||
|
"Attribute": [
|
||
|
{
|
||
|
"category": "External analysis",
|
||
|
"comment": "",
|
||
|
"deleted": false,
|
||
|
"disable_correlation": false,
|
||
|
"object_relation": "permalink",
|
||
|
"timestamp": "1518185645",
|
||
|
"to_ids": false,
|
||
|
"type": "link",
|
||
|
"uuid": "5a7dacad-3ff4-46ee-b49a-7f0002de0b81",
|
||
|
"value": "https://www.virustotal.com/file/d5ea79632a1a67abbf9fb1c2813b899c90a5fb9442966ed4f530e92715087ee2/analysis/1503971137/"
|
||
|
},
|
||
|
{
|
||
|
"category": "Other",
|
||
|
"comment": "",
|
||
|
"deleted": false,
|
||
|
"disable_correlation": true,
|
||
|
"object_relation": "detection-ratio",
|
||
|
"timestamp": "1518185645",
|
||
|
"to_ids": false,
|
||
|
"type": "text",
|
||
|
"uuid": "5a7dacad-5b28-4055-9bec-7f0002de0b81",
|
||
|
"value": "31/59"
|
||
|
},
|
||
|
{
|
||
|
"category": "Other",
|
||
|
"comment": "",
|
||
|
"deleted": false,
|
||
|
"disable_correlation": false,
|
||
|
"object_relation": "last-submission",
|
||
|
"timestamp": "1518185646",
|
||
|
"to_ids": false,
|
||
|
"type": "datetime",
|
||
|
"uuid": "5a7dacae-2d68-4151-bd0e-7f0002de0b81",
|
||
|
"value": "2017-08-29T01:45:37"
|
||
|
}
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"comment": "",
|
||
|
"deleted": false,
|
||
|
"description": "VirusTotal report",
|
||
|
"meta-category": "misc",
|
||
|
"name": "virustotal-report",
|
||
|
"template_uuid": "d7dd0154-e04f-4c34-a2fb-79f3a3a52aa4",
|
||
|
"template_version": "1",
|
||
|
"timestamp": "1518185646",
|
||
|
"uuid": "e5e57871-79b1-4440-95b3-49bc62c724e5",
|
||
|
"Attribute": [
|
||
|
{
|
||
|
"category": "External analysis",
|
||
|
"comment": "",
|
||
|
"deleted": false,
|
||
|
"disable_correlation": false,
|
||
|
"object_relation": "permalink",
|
||
|
"timestamp": "1518185646",
|
||
|
"to_ids": false,
|
||
|
"type": "link",
|
||
|
"uuid": "5a7dacae-4ec8-4dc8-aec5-7f0002de0b81",
|
||
|
"value": "https://www.virustotal.com/file/ce07d208a2d89b4e0134f5282d9df580960d5c81412965a6d1a0786b27e7f044/analysis/1515766221/"
|
||
|
},
|
||
|
{
|
||
|
"category": "Other",
|
||
|
"comment": "",
|
||
|
"deleted": false,
|
||
|
"disable_correlation": true,
|
||
|
"object_relation": "detection-ratio",
|
||
|
"timestamp": "1518185647",
|
||
|
"to_ids": false,
|
||
|
"type": "text",
|
||
|
"uuid": "5a7dacaf-824c-45b4-8c23-7f0002de0b81",
|
||
|
"value": "33/59"
|
||
|
},
|
||
|
{
|
||
|
"category": "Other",
|
||
|
"comment": "",
|
||
|
"deleted": false,
|
||
|
"disable_correlation": false,
|
||
|
"object_relation": "last-submission",
|
||
|
"timestamp": "1518185647",
|
||
|
"to_ids": false,
|
||
|
"type": "datetime",
|
||
|
"uuid": "5a7dacaf-84f0-4857-9453-7f0002de0b81",
|
||
|
"value": "2018-01-12T14:10:21"
|
||
|
}
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"comment": "",
|
||
|
"deleted": false,
|
||
|
"description": "File object describing a file with meta-information",
|
||
|
"meta-category": "file",
|
||
|
"name": "file",
|
||
|
"template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215",
|
||
|
"template_version": "7",
|
||
|
"timestamp": "1518185650",
|
||
|
"uuid": "8d7a2d17-30f8-46c6-aa2c-c99caf8b8208",
|
||
|
"ObjectReference": [
|
||
|
{
|
||
|
"comment": "",
|
||
|
"object_uuid": "8d7a2d17-30f8-46c6-aa2c-c99caf8b8208",
|
||
|
"referenced_uuid": "ece0181f-f705-463f-bea6-08263cc535ba",
|
||
|
"relationship_type": "analysed-with",
|
||
|
"timestamp": "1518771609",
|
||
|
"uuid": "5a7dacba-56a0-4ed6-a58c-7f0002de0b81"
|
||
|
}
|
||
|
],
|
||
|
"Attribute": [
|
||
|
{
|
||
|
"category": "Payload delivery",
|
||
|
"comment": "",
|
||
|
"deleted": false,
|
||
|
"disable_correlation": false,
|
||
|
"object_relation": "sha1",
|
||
|
"timestamp": "1518185647",
|
||
|
"to_ids": true,
|
||
|
"type": "sha1",
|
||
|
"uuid": "5a7dacaf-16c8-44d4-a960-7f0002de0b81",
|
||
|
"value": "d6a09a1c2964b228143092e200d17531a8aefc9d"
|
||
|
},
|
||
|
{
|
||
|
"category": "Payload delivery",
|
||
|
"comment": "",
|
||
|
"deleted": false,
|
||
|
"disable_correlation": false,
|
||
|
"object_relation": "sha256",
|
||
|
"timestamp": "1518185648",
|
||
|
"to_ids": true,
|
||
|
"type": "sha256",
|
||
|
"uuid": "5a7dacb0-ee74-4bb8-9649-7f0002de0b81",
|
||
|
"value": "b6df610aa5c1254c3af5b2ff806562c4937704e4ac248577cdcd3e7e7b3578a0"
|
||
|
},
|
||
|
{
|
||
|
"category": "Payload delivery",
|
||
|
"comment": "",
|
||
|
"deleted": false,
|
||
|
"disable_correlation": false,
|
||
|
"object_relation": "md5",
|
||
|
"timestamp": "1518185648",
|
||
|
"to_ids": true,
|
||
|
"type": "md5",
|
||
|
"uuid": "5a7dacb0-1360-41bd-9c29-7f0002de0b81",
|
||
|
"value": "a79ac543b0836b53a3623e0b4cb6a6f7"
|
||
|
}
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"comment": "",
|
||
|
"deleted": false,
|
||
|
"description": "VirusTotal report",
|
||
|
"meta-category": "misc",
|
||
|
"name": "virustotal-report",
|
||
|
"template_uuid": "d7dd0154-e04f-4c34-a2fb-79f3a3a52aa4",
|
||
|
"template_version": "1",
|
||
|
"timestamp": "1518185649",
|
||
|
"uuid": "ece0181f-f705-463f-bea6-08263cc535ba",
|
||
|
"Attribute": [
|
||
|
{
|
||
|
"category": "External analysis",
|
||
|
"comment": "",
|
||
|
"deleted": false,
|
||
|
"disable_correlation": false,
|
||
|
"object_relation": "permalink",
|
||
|
"timestamp": "1518185649",
|
||
|
"to_ids": false,
|
||
|
"type": "link",
|
||
|
"uuid": "5a7dacb1-a620-4047-a010-7f0002de0b81",
|
||
|
"value": "https://www.virustotal.com/file/b6df610aa5c1254c3af5b2ff806562c4937704e4ac248577cdcd3e7e7b3578a0/analysis/1494500661/"
|
||
|
},
|
||
|
{
|
||
|
"category": "Other",
|
||
|
"comment": "",
|
||
|
"deleted": false,
|
||
|
"disable_correlation": true,
|
||
|
"object_relation": "detection-ratio",
|
||
|
"timestamp": "1518185649",
|
||
|
"to_ids": false,
|
||
|
"type": "text",
|
||
|
"uuid": "5a7dacb1-d0d4-4978-a631-7f0002de0b81",
|
||
|
"value": "16/56"
|
||
|
},
|
||
|
{
|
||
|
"category": "Other",
|
||
|
"comment": "",
|
||
|
"deleted": false,
|
||
|
"disable_correlation": false,
|
||
|
"object_relation": "last-submission",
|
||
|
"timestamp": "1518185650",
|
||
|
"to_ids": false,
|
||
|
"type": "datetime",
|
||
|
"uuid": "5a7dacb2-ccc8-449d-9e9c-7f0002de0b81",
|
||
|
"value": "2017-05-11T11:04:21"
|
||
|
}
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"comment": "",
|
||
|
"deleted": false,
|
||
|
"description": "File object describing a file with meta-information",
|
||
|
"meta-category": "file",
|
||
|
"name": "file",
|
||
|
"template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215",
|
||
|
"template_version": "7",
|
||
|
"timestamp": "1518185653",
|
||
|
"uuid": "87463bc1-9173-4071-827c-db9c3d3396bc",
|
||
|
"ObjectReference": [
|
||
|
{
|
||
|
"comment": "",
|
||
|
"object_uuid": "87463bc1-9173-4071-827c-db9c3d3396bc",
|
||
|
"referenced_uuid": "f31cc4ab-1875-4f2d-87c9-04b8673ddbe8",
|
||
|
"relationship_type": "analysed-with",
|
||
|
"timestamp": "1518771609",
|
||
|
"uuid": "5a7dacba-e448-44ac-a8d4-7f0002de0b81"
|
||
|
}
|
||
|
],
|
||
|
"Attribute": [
|
||
|
{
|
||
|
"category": "Payload delivery",
|
||
|
"comment": "",
|
||
|
"deleted": false,
|
||
|
"disable_correlation": false,
|
||
|
"object_relation": "sha1",
|
||
|
"timestamp": "1518185650",
|
||
|
"to_ids": true,
|
||
|
"type": "sha1",
|
||
|
"uuid": "5a7dacb2-9638-4701-a60a-7f0002de0b81",
|
||
|
"value": "af9b9164d6f3616bf31fb98acf8a0cb72c312774"
|
||
|
},
|
||
|
{
|
||
|
"category": "Payload delivery",
|
||
|
"comment": "",
|
||
|
"deleted": false,
|
||
|
"disable_correlation": false,
|
||
|
"object_relation": "sha256",
|
||
|
"timestamp": "1518185651",
|
||
|
"to_ids": true,
|
||
|
"type": "sha256",
|
||
|
"uuid": "5a7dacb3-6ed0-4cb2-8b08-7f0002de0b81",
|
||
|
"value": "128814f2b057aef1dd3e00f3749aed2a81e5ed03737311f2b1faab4ab2e6e2fe"
|
||
|
},
|
||
|
{
|
||
|
"category": "Payload delivery",
|
||
|
"comment": "",
|
||
|
"deleted": false,
|
||
|
"disable_correlation": false,
|
||
|
"object_relation": "md5",
|
||
|
"timestamp": "1518185651",
|
||
|
"to_ids": true,
|
||
|
"type": "md5",
|
||
|
"uuid": "5a7dacb3-58d4-4f5e-ba7e-7f0002de0b81",
|
||
|
"value": "5b3e0b74cdb0622074fd997af51161dd"
|
||
|
}
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"comment": "",
|
||
|
"deleted": false,
|
||
|
"description": "VirusTotal report",
|
||
|
"meta-category": "misc",
|
||
|
"name": "virustotal-report",
|
||
|
"template_uuid": "d7dd0154-e04f-4c34-a2fb-79f3a3a52aa4",
|
||
|
"template_version": "1",
|
||
|
"timestamp": "1518185651",
|
||
|
"uuid": "f31cc4ab-1875-4f2d-87c9-04b8673ddbe8",
|
||
|
"Attribute": [
|
||
|
{
|
||
|
"category": "External analysis",
|
||
|
"comment": "",
|
||
|
"deleted": false,
|
||
|
"disable_correlation": false,
|
||
|
"object_relation": "permalink",
|
||
|
"timestamp": "1518185652",
|
||
|
"to_ids": false,
|
||
|
"type": "link",
|
||
|
"uuid": "5a7dacb4-7fc8-40bd-929a-7f0002de0b81",
|
||
|
"value": "https://www.virustotal.com/file/128814f2b057aef1dd3e00f3749aed2a81e5ed03737311f2b1faab4ab2e6e2fe/analysis/1517416889/"
|
||
|
},
|
||
|
{
|
||
|
"category": "Other",
|
||
|
"comment": "",
|
||
|
"deleted": false,
|
||
|
"disable_correlation": true,
|
||
|
"object_relation": "detection-ratio",
|
||
|
"timestamp": "1518185652",
|
||
|
"to_ids": false,
|
||
|
"type": "text",
|
||
|
"uuid": "5a7dacb4-0fc8-43af-a265-7f0002de0b81",
|
||
|
"value": "9/56"
|
||
|
},
|
||
|
{
|
||
|
"category": "Other",
|
||
|
"comment": "",
|
||
|
"deleted": false,
|
||
|
"disable_correlation": false,
|
||
|
"object_relation": "last-submission",
|
||
|
"timestamp": "1518185652",
|
||
|
"to_ids": false,
|
||
|
"type": "datetime",
|
||
|
"uuid": "5a7dacb4-9a34-49d6-992c-7f0002de0b81",
|
||
|
"value": "2018-01-31T16:41:29"
|
||
|
}
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"comment": "",
|
||
|
"deleted": false,
|
||
|
"description": "VirusTotal report",
|
||
|
"meta-category": "misc",
|
||
|
"name": "virustotal-report",
|
||
|
"template_uuid": "d7dd0154-e04f-4c34-a2fb-79f3a3a52aa4",
|
||
|
"template_version": "1",
|
||
|
"timestamp": "1518185653",
|
||
|
"uuid": "f2c6fa6f-7d6b-407a-8e98-3a0e9bcea365",
|
||
|
"Attribute": [
|
||
|
{
|
||
|
"category": "External analysis",
|
||
|
"comment": "",
|
||
|
"deleted": false,
|
||
|
"disable_correlation": false,
|
||
|
"object_relation": "permalink",
|
||
|
"timestamp": "1518185653",
|
||
|
"to_ids": false,
|
||
|
"type": "link",
|
||
|
"uuid": "5a7dacb5-5a14-45a2-8173-7f0002de0b81",
|
||
|
"value": "https://www.virustotal.com/file/b556c04c768d57af104716386fe4f23b01aa9d707cbc60385895e2b4fc08c9b0/analysis/1514646306/"
|
||
|
},
|
||
|
{
|
||
|
"category": "Other",
|
||
|
"comment": "",
|
||
|
"deleted": false,
|
||
|
"disable_correlation": true,
|
||
|
"object_relation": "detection-ratio",
|
||
|
"timestamp": "1518185653",
|
||
|
"to_ids": false,
|
||
|
"type": "text",
|
||
|
"uuid": "5a7dacb5-5968-4307-821f-7f0002de0b81",
|
||
|
"value": "31/59"
|
||
|
},
|
||
|
{
|
||
|
"category": "Other",
|
||
|
"comment": "",
|
||
|
"deleted": false,
|
||
|
"disable_correlation": false,
|
||
|
"object_relation": "last-submission",
|
||
|
"timestamp": "1518185654",
|
||
|
"to_ids": false,
|
||
|
"type": "datetime",
|
||
|
"uuid": "5a7dacb6-050c-4529-bf24-7f0002de0b81",
|
||
|
"value": "2017-12-30T15:05:06"
|
||
|
}
|
||
|
]
|
||
|
}
|
||
|
]
|
||
|
}
|
||
|
}
|