270 lines
8.8 KiB
JSON
270 lines
8.8 KiB
JSON
|
{
|
||
|
"Event": {
|
||
|
"analysis": "1",
|
||
|
"date": "2018-01-12",
|
||
|
"extends_uuid": "",
|
||
|
"info": "OSINT - Suspicious binary delivered as fake jpeg",
|
||
|
"publish_timestamp": "1518770853",
|
||
|
"published": true,
|
||
|
"threat_level_id": "3",
|
||
|
"timestamp": "1515812467",
|
||
|
"uuid": "5a587e74-2218-498e-ba91-4165950d210f",
|
||
|
"Orgc": {
|
||
|
"name": "CIRCL",
|
||
|
"uuid": "55f6ea5e-2c60-40e5-964f-47a8950d210f"
|
||
|
},
|
||
|
"Tag": [
|
||
|
{
|
||
|
"colour": "#ffffff",
|
||
|
"name": "tlp:white"
|
||
|
},
|
||
|
{
|
||
|
"colour": "#002642",
|
||
|
"name": "osint:source-type=\"microblog-post\""
|
||
|
}
|
||
|
],
|
||
|
"Attribute": [
|
||
|
{
|
||
|
"category": "Payload delivery",
|
||
|
"comment": "",
|
||
|
"deleted": false,
|
||
|
"disable_correlation": false,
|
||
|
"timestamp": "1515748991",
|
||
|
"to_ids": true,
|
||
|
"type": "sha256",
|
||
|
"uuid": "5a587e7f-b82c-4292-b9c3-49b5950d210f",
|
||
|
"value": "abaf18fea5fd9f85223eec405fe44246aa8a6a928beb7606b4e5c4afc9bc4045"
|
||
|
}
|
||
|
],
|
||
|
"Object": [
|
||
|
{
|
||
|
"comment": "",
|
||
|
"deleted": false,
|
||
|
"description": "Microblog post like a Twitter tweet or a post on a Facebook wall.",
|
||
|
"meta-category": "misc",
|
||
|
"name": "microblog",
|
||
|
"template_uuid": "8ec8c911-ddbe-4f5b-895b-fbff70c42a60",
|
||
|
"template_version": "4",
|
||
|
"timestamp": "1515749655",
|
||
|
"uuid": "5a587f43-fb74-48b6-8dfa-44fe950d210f",
|
||
|
"ObjectReference": [
|
||
|
{
|
||
|
"comment": "",
|
||
|
"object_uuid": "5a587f43-fb74-48b6-8dfa-44fe950d210f",
|
||
|
"referenced_uuid": "5a588060-95f8-42ed-83aa-4484950d210f",
|
||
|
"relationship_type": "indicates",
|
||
|
"timestamp": "1518770853",
|
||
|
"uuid": "5a588114-6544-4ca9-9b89-41ac950d210f"
|
||
|
}
|
||
|
],
|
||
|
"Attribute": [
|
||
|
{
|
||
|
"category": "Other",
|
||
|
"comment": "",
|
||
|
"deleted": false,
|
||
|
"disable_correlation": false,
|
||
|
"object_relation": "post",
|
||
|
"timestamp": "1515749187",
|
||
|
"to_ids": false,
|
||
|
"type": "text",
|
||
|
"uuid": "5a587f43-eedc-435f-b31f-4a21950d210f",
|
||
|
"value": "Don\u00e2\u20ac\u2122t panic! Stay zen! :) VT Score is only 5/67 btw"
|
||
|
},
|
||
|
{
|
||
|
"category": "Other",
|
||
|
"comment": "",
|
||
|
"deleted": false,
|
||
|
"disable_correlation": true,
|
||
|
"object_relation": "type",
|
||
|
"timestamp": "1515749187",
|
||
|
"to_ids": false,
|
||
|
"type": "text",
|
||
|
"uuid": "5a587f44-8448-42b3-a221-4672950d210f",
|
||
|
"value": "Twitter"
|
||
|
},
|
||
|
{
|
||
|
"category": "External analysis",
|
||
|
"comment": "",
|
||
|
"deleted": false,
|
||
|
"disable_correlation": false,
|
||
|
"object_relation": "link",
|
||
|
"timestamp": "1515749188",
|
||
|
"to_ids": true,
|
||
|
"type": "url",
|
||
|
"uuid": "5a587f44-19d8-430b-9fe1-49b7950d210f",
|
||
|
"value": "https://twitter.com/xme/status/951395985707675649"
|
||
|
}
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"comment": "",
|
||
|
"deleted": false,
|
||
|
"description": "url object describes an url along with its normalized field (like extracted using faup parsing library) and its metadata.",
|
||
|
"meta-category": "network",
|
||
|
"name": "url",
|
||
|
"template_uuid": "60efb77b-40b5-4c46-871b-ed1ed999fce5",
|
||
|
"template_version": "5",
|
||
|
"timestamp": "1515749621",
|
||
|
"uuid": "5a588060-95f8-42ed-83aa-4484950d210f",
|
||
|
"Attribute": [
|
||
|
{
|
||
|
"category": "External analysis",
|
||
|
"comment": "",
|
||
|
"deleted": false,
|
||
|
"disable_correlation": false,
|
||
|
"object_relation": "url",
|
||
|
"timestamp": "1515749621",
|
||
|
"to_ids": true,
|
||
|
"type": "url",
|
||
|
"uuid": "5a588060-4014-4fe0-97f1-4178950d210f",
|
||
|
"value": "http://80.82.67.217/xanax.jpg"
|
||
|
},
|
||
|
{
|
||
|
"category": "Network activity",
|
||
|
"comment": "",
|
||
|
"deleted": false,
|
||
|
"disable_correlation": false,
|
||
|
"object_relation": "host",
|
||
|
"timestamp": "1515749621",
|
||
|
"to_ids": true,
|
||
|
"type": "hostname",
|
||
|
"uuid": "5a588060-9c60-4493-a915-439e950d210f",
|
||
|
"value": "80.82.67.217"
|
||
|
},
|
||
|
{
|
||
|
"category": "Other",
|
||
|
"comment": "",
|
||
|
"deleted": false,
|
||
|
"disable_correlation": true,
|
||
|
"object_relation": "scheme",
|
||
|
"timestamp": "1515749621",
|
||
|
"to_ids": false,
|
||
|
"type": "text",
|
||
|
"uuid": "5a588060-50cc-4638-b4b6-4fcf950d210f",
|
||
|
"value": "http"
|
||
|
},
|
||
|
{
|
||
|
"category": "Other",
|
||
|
"comment": "",
|
||
|
"deleted": false,
|
||
|
"disable_correlation": false,
|
||
|
"object_relation": "resource_path",
|
||
|
"timestamp": "1515749621",
|
||
|
"to_ids": false,
|
||
|
"type": "text",
|
||
|
"uuid": "5a588060-6254-43ed-bb79-405e950d210f",
|
||
|
"value": "xanax.jpg"
|
||
|
}
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"comment": "",
|
||
|
"deleted": false,
|
||
|
"description": "File object describing a file with meta-information",
|
||
|
"meta-category": "file",
|
||
|
"name": "file",
|
||
|
"template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215",
|
||
|
"template_version": "7",
|
||
|
"timestamp": "1515749686",
|
||
|
"uuid": "0fe6c4d6-f582-4098-89d9-d183b03b4b24",
|
||
|
"ObjectReference": [
|
||
|
{
|
||
|
"comment": "",
|
||
|
"object_uuid": "0fe6c4d6-f582-4098-89d9-d183b03b4b24",
|
||
|
"referenced_uuid": "5d071e50-add7-4859-ad1f-38657dee81ce",
|
||
|
"relationship_type": "analysed-with",
|
||
|
"timestamp": "1518770853",
|
||
|
"uuid": "5a588133-c258-4b12-bfa7-481402de0b81"
|
||
|
}
|
||
|
],
|
||
|
"Attribute": [
|
||
|
{
|
||
|
"category": "Payload delivery",
|
||
|
"comment": "",
|
||
|
"deleted": false,
|
||
|
"disable_correlation": false,
|
||
|
"object_relation": "sha1",
|
||
|
"timestamp": "1515749683",
|
||
|
"to_ids": true,
|
||
|
"type": "sha1",
|
||
|
"uuid": "5a588133-da20-485d-80ba-4c2702de0b81",
|
||
|
"value": "9fec9b390a304fb810a5f31644e8003016bf8b45"
|
||
|
},
|
||
|
{
|
||
|
"category": "Payload delivery",
|
||
|
"comment": "",
|
||
|
"deleted": false,
|
||
|
"disable_correlation": false,
|
||
|
"object_relation": "md5",
|
||
|
"timestamp": "1515749683",
|
||
|
"to_ids": true,
|
||
|
"type": "md5",
|
||
|
"uuid": "5a588133-a798-4d4d-8f11-4b2d02de0b81",
|
||
|
"value": "071d734036a4ce8a1913d48715f26001"
|
||
|
},
|
||
|
{
|
||
|
"category": "Payload delivery",
|
||
|
"comment": "",
|
||
|
"deleted": false,
|
||
|
"disable_correlation": false,
|
||
|
"object_relation": "sha256",
|
||
|
"timestamp": "1515749683",
|
||
|
"to_ids": true,
|
||
|
"type": "sha256",
|
||
|
"uuid": "5a588133-1534-4d90-9f06-451102de0b81",
|
||
|
"value": "abaf18fea5fd9f85223eec405fe44246aa8a6a928beb7606b4e5c4afc9bc4045"
|
||
|
}
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"comment": "",
|
||
|
"deleted": false,
|
||
|
"description": "VirusTotal report",
|
||
|
"meta-category": "misc",
|
||
|
"name": "virustotal-report",
|
||
|
"template_uuid": "d7dd0154-e04f-4c34-a2fb-79f3a3a52aa4",
|
||
|
"template_version": "1",
|
||
|
"timestamp": "1515749683",
|
||
|
"uuid": "5d071e50-add7-4859-ad1f-38657dee81ce",
|
||
|
"Attribute": [
|
||
|
{
|
||
|
"category": "External analysis",
|
||
|
"comment": "",
|
||
|
"deleted": false,
|
||
|
"disable_correlation": false,
|
||
|
"object_relation": "permalink",
|
||
|
"timestamp": "1515749683",
|
||
|
"to_ids": false,
|
||
|
"type": "link",
|
||
|
"uuid": "5a588133-e654-4dae-95f5-48ff02de0b81",
|
||
|
"value": "https://www.virustotal.com/file/abaf18fea5fd9f85223eec405fe44246aa8a6a928beb7606b4e5c4afc9bc4045/analysis/1515742614/"
|
||
|
},
|
||
|
{
|
||
|
"category": "Other",
|
||
|
"comment": "",
|
||
|
"deleted": false,
|
||
|
"disable_correlation": true,
|
||
|
"object_relation": "detection-ratio",
|
||
|
"timestamp": "1515749683",
|
||
|
"to_ids": false,
|
||
|
"type": "text",
|
||
|
"uuid": "5a588133-1e18-4c55-87db-4db202de0b81",
|
||
|
"value": "24/67"
|
||
|
},
|
||
|
{
|
||
|
"category": "Other",
|
||
|
"comment": "",
|
||
|
"deleted": false,
|
||
|
"disable_correlation": false,
|
||
|
"object_relation": "last-submission",
|
||
|
"timestamp": "1515749683",
|
||
|
"to_ids": false,
|
||
|
"type": "datetime",
|
||
|
"uuid": "5a588133-f488-40d4-87e7-4c3102de0b81",
|
||
|
"value": "2018-01-12T07:36:54"
|
||
|
}
|
||
|
]
|
||
|
}
|
||
|
]
|
||
|
}
|
||
|
}
|