misp-circl-feed/feeds/circl/misp/5aec6eea-74a4-43f9-8910-498d950d210f.json

967 lines
34 KiB
JSON
Raw Normal View History

2023-04-21 13:25:09 +00:00
{
"Event": {
"analysis": "2",
"date": "2018-05-04",
"extends_uuid": "",
"info": "OSINT - Lojack Becomes a Double-Agent",
"publish_timestamp": "1525782978",
"published": true,
"threat_level_id": "3",
"timestamp": "1525782957",
"uuid": "5aec6eea-74a4-43f9-8910-498d950d210f",
"Orgc": {
"name": "CIRCL",
"uuid": "55f6ea5e-2c60-40e5-964f-47a8950d210f"
},
"Tag": [
{
"colour": "#0088cc",
"name": "misp-galaxy:mitre-enterprise-attack-intrusion-set=\"APT28\""
},
{
"colour": "#ffffff",
"name": "tlp:white"
},
{
"colour": "#00223b",
"name": "osint:source-type=\"blog-post\""
}
],
"Attribute": [
{
"category": "External analysis",
"comment": "",
"deleted": false,
"disable_correlation": false,
"timestamp": "1525762636",
"to_ids": false,
"type": "link",
"uuid": "5aec6ef5-5a7c-4347-831f-74f2950d210f",
"value": "https://asert.arbornetworks.com/lojack-becomes-a-double-agent/"
},
{
"category": "External analysis",
"comment": "",
"deleted": false,
"disable_correlation": false,
"timestamp": "1525762637",
"to_ids": false,
"type": "text",
"uuid": "5af00b50-fc10-4c75-9377-4bbd950d210f",
"value": "ASERT recently discovered Lojack agents containing malicious C2s. These hijacked agents pointed to suspected Fancy Bear (a.k.a. APT28, Pawn Storm) domains. The InfoSec community and the U.S. government have both attributed Fancy Bear activity to Russian espionage activity. Fancy Bear actors typically choose geopolitical targets, such as governments and international organizations. They also target industries that do business with such organizations, such as defense contractors. Lojack, formally known as Computrace, is a legitimate laptop recovery solution used by a number of companies to protect their assets should they be stolen. Lojack makes an excellent double-agent due to appearing as legit software while natively allowing remote code execution. Although the initial intrusion vector for this activity remains unknown, Fancy Bear often utilizes phishing email to deliver payloads."
},
{
"category": "Payload delivery",
"comment": "",
"deleted": false,
"disable_correlation": false,
"timestamp": "1525681445",
"to_ids": true,
"type": "md5",
"uuid": "5af00d25-a910-4e88-a867-426e950d210f",
"value": "cf45ec807321d12f8df35fa434591460"
},
{
"category": "Payload delivery",
"comment": "",
"deleted": false,
"disable_correlation": false,
"timestamp": "1525681555",
"to_ids": true,
"type": "md5",
"uuid": "5af00d93-a6b4-4b8f-9fb1-43ca950d210f",
"value": "f1df1a795eb784f7bfc3ba9a7e3b00ac"
},
{
"category": "Network activity",
"comment": "Rogue C2 Servers",
"deleted": false,
"disable_correlation": false,
"timestamp": "1525762637",
"to_ids": true,
"type": "domain",
"uuid": "5af00d94-ffd8-4907-918e-4383950d210f",
"value": "sysanalyticweb.com"
},
{
"category": "Payload delivery",
"comment": "",
"deleted": false,
"disable_correlation": false,
"timestamp": "1525681556",
"to_ids": true,
"type": "md5",
"uuid": "5af00d94-6300-43dd-ba35-4b40950d210f",
"value": "6eaa1ff5f33df3169c209f98cc5012d0"
},
{
"category": "Payload delivery",
"comment": "",
"deleted": false,
"disable_correlation": false,
"timestamp": "1525681556",
"to_ids": true,
"type": "md5",
"uuid": "5af00d94-9d14-48f9-8270-47f7950d210f",
"value": "f3c6e16f0dd2b0e55a7dad365c3877d4"
},
{
"category": "Network activity",
"comment": "Rogue C2 Servers",
"deleted": false,
"disable_correlation": false,
"timestamp": "1525762638",
"to_ids": true,
"type": "domain",
"uuid": "5af00d95-e6a8-4e88-96c9-419c950d210f",
"value": "elaxo.org"
},
{
"category": "Network activity",
"comment": "Rogue C2 Servers",
"deleted": false,
"disable_correlation": false,
"timestamp": "1525762638",
"to_ids": true,
"type": "domain",
"uuid": "5af00d95-7908-4212-8d24-4172950d210f",
"value": "ikmtrust.com"
},
{
"category": "Payload delivery",
"comment": "",
"deleted": false,
"disable_correlation": false,
"timestamp": "1525681558",
"to_ids": true,
"type": "md5",
"uuid": "5af00d96-edac-43fa-be4f-4e88950d210f",
"value": "f391556d9f89499fa8ee757cb3472710"
},
{
"category": "Network activity",
"comment": "Rogue C2 Servers",
"deleted": false,
"disable_correlation": false,
"timestamp": "1525762639",
"to_ids": true,
"type": "domain",
"uuid": "5af00d96-5b48-4c5b-9e1d-4883950d210f",
"value": "lxwo.org"
},
{
"category": "Network activity",
"comment": "",
"deleted": false,
"disable_correlation": false,
"timestamp": "1525762639",
"to_ids": true,
"type": "hostname",
"uuid": "5af01102-533c-4841-929e-47b9950d210f",
"value": "search.namequery.com"
},
{
"category": "Payload delivery",
"comment": "Clean samples",
"deleted": false,
"disable_correlation": false,
"timestamp": "1525682560",
"to_ids": false,
"type": "md5",
"uuid": "5af01180-185c-49e1-9d78-4cb0950d210f",
"value": "e78e3b0171b189074d2539c7baaa0719"
},
{
"category": "Payload delivery",
"comment": "Clean samples",
"deleted": false,
"disable_correlation": false,
"timestamp": "1525682560",
"to_ids": false,
"type": "md5",
"uuid": "5af01180-6ba0-4139-922a-4e95950d210f",
"value": "ac1a85d3ca1b6265cad4ed41b696f9b7"
},
{
"category": "Artifacts dropped",
"comment": "",
"deleted": false,
"disable_correlation": false,
"timestamp": "1525762639",
"to_ids": false,
"type": "yara",
"uuid": "5af015d7-9b54-4085-9086-4b65950d210f",
"value": "rule ComputraceAgent\r\n{\r\n meta:\r\n description = \"Absolute Computrace Agent Executable\"\r\n thread_level = 3\r\n in_the_wild = true\r\n strings:\r\n $a = {D1 E0 F5 8B 4D 0C 83 D1 00 8B EC FF 33 83 C3 04}\r\n $mz = {4d 5a}\r\n $b1 = {72 70 63 6E 65 74 70 2E 65 78 65 00 72 70 63 6E 65 74 70 00}\r\n $b2 = {54 61 67 49 64 00}\r\n condition:\r\n ($mz at 0 ) and ($a or ($b1 and $b2))\r\n}"
},
{
"category": "External analysis",
"comment": "The agent achieves this persistence through a modular design as noted by Vitaliy Kamlyuk, Sergey Belov, and Anibal Sacco in a presentation at Blackhat, 2014",
"deleted": false,
"disable_correlation": false,
"timestamp": "1525782879",
"to_ids": false,
"type": "link",
"uuid": "5af1995f-cdb4-416c-a13f-48fd950d210f",
"value": "https://www.blackhat.com/docs/us-14/materials/us-14-Kamluk-Computrace-Backdoor-Revisited-WP.pdf"
}
],
"Object": [
{
"comment": "",
"deleted": false,
"description": "File object describing a file with meta-information",
"meta-category": "file",
"name": "file",
"template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215",
"template_version": "7",
"timestamp": "1525762643",
"uuid": "74089204-8a39-410d-b274-c63a7c6edd93",
"ObjectReference": [
{
"comment": "",
"object_uuid": "74089204-8a39-410d-b274-c63a7c6edd93",
"referenced_uuid": "9c973c81-cfc7-45f9-895d-ce12cb73e25f",
"relationship_type": "analysed-with",
"timestamp": "1525762657",
"uuid": "5af14a61-ef2c-40c5-97d7-44bb02de0b81"
}
],
"Attribute": [
{
"category": "Payload delivery",
"comment": "",
"deleted": false,
"disable_correlation": false,
"object_relation": "md5",
"timestamp": "1525762640",
"to_ids": true,
"type": "md5",
"uuid": "5af14a50-67a8-44c2-bf21-46a002de0b81",
"value": "f391556d9f89499fa8ee757cb3472710"
},
{
"category": "Payload delivery",
"comment": "",
"deleted": false,
"disable_correlation": false,
"object_relation": "sha1",
"timestamp": "1525762640",
"to_ids": true,
"type": "sha1",
"uuid": "5af14a50-5904-4f75-9108-41a402de0b81",
"value": "2529f6eda28d54490119d2123d22da56783c704f"
},
{
"category": "Payload delivery",
"comment": "",
"deleted": false,
"disable_correlation": false,
"object_relation": "sha256",
"timestamp": "1525762641",
"to_ids": true,
"type": "sha256",
"uuid": "5af14a51-655c-49ea-bc19-462e02de0b81",
"value": "060448ffd71fe2edbb5fe7c6298ad2b077e57fa6ed6d4250fbd799dd85488843"
}
]
},
{
"comment": "",
"deleted": false,
"description": "VirusTotal report",
"meta-category": "misc",
"name": "virustotal-report",
"template_uuid": "d7dd0154-e04f-4c34-a2fb-79f3a3a52aa4",
"template_version": "1",
"timestamp": "1525762641",
"uuid": "9c973c81-cfc7-45f9-895d-ce12cb73e25f",
"Attribute": [
{
"category": "Other",
"comment": "",
"deleted": false,
"disable_correlation": false,
"object_relation": "last-submission",
"timestamp": "1525762641",
"to_ids": false,
"type": "datetime",
"uuid": "5af14a51-af7c-4242-938c-4a6502de0b81",
"value": "2018-05-07T19:19:38"
},
{
"category": "Other",
"comment": "",
"deleted": false,
"disable_correlation": true,
"object_relation": "detection-ratio",
"timestamp": "1525762642",
"to_ids": false,
"type": "text",
"uuid": "5af14a52-a9ac-44c6-a47c-45bd02de0b81",
"value": "37/66"
},
{
"category": "External analysis",
"comment": "",
"deleted": false,
"disable_correlation": false,
"object_relation": "permalink",
"timestamp": "1525762642",
"to_ids": false,
"type": "link",
"uuid": "5af14a52-4f74-4dc9-bc66-476e02de0b81",
"value": "https://www.virustotal.com/file/060448ffd71fe2edbb5fe7c6298ad2b077e57fa6ed6d4250fbd799dd85488843/analysis/1525720778/"
}
]
},
{
"comment": "",
"deleted": false,
"description": "File object describing a file with meta-information",
"meta-category": "file",
"name": "file",
"template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215",
"template_version": "7",
"timestamp": "1525762645",
"uuid": "c24f479b-83fb-41c6-8f0d-8ccf53b431c1",
"ObjectReference": [
{
"comment": "",
"object_uuid": "c24f479b-83fb-41c6-8f0d-8ccf53b431c1",
"referenced_uuid": "2f9fccfb-465f-406c-aeef-3e329a966f34",
"relationship_type": "analysed-with",
"timestamp": "1525762657",
"uuid": "5af14a61-fc18-4169-a78b-425902de0b81"
}
],
"Attribute": [
{
"category": "Payload delivery",
"comment": "",
"deleted": false,
"disable_correlation": false,
"object_relation": "md5",
"timestamp": "1525762642",
"to_ids": true,
"type": "md5",
"uuid": "5af14a52-3f50-44ac-9355-4a7102de0b81",
"value": "6eaa1ff5f33df3169c209f98cc5012d0"
},
{
"category": "Payload delivery",
"comment": "",
"deleted": false,
"disable_correlation": false,
"object_relation": "sha1",
"timestamp": "1525762643",
"to_ids": true,
"type": "sha1",
"uuid": "5af14a53-81a4-4f29-b074-425802de0b81",
"value": "10d571d66d3ab7b9ddf6a850cb9b8e38b07623c0"
},
{
"category": "Payload delivery",
"comment": "",
"deleted": false,
"disable_correlation": false,
"object_relation": "sha256",
"timestamp": "1525762643",
"to_ids": true,
"type": "sha256",
"uuid": "5af14a53-e474-4d3d-8163-496902de0b81",
"value": "27dd9de09e22efa2ef12e9e2f462fa9da83684bdb4ec900dd86439c5758107d9"
}
]
},
{
"comment": "",
"deleted": false,
"description": "VirusTotal report",
"meta-category": "misc",
"name": "virustotal-report",
"template_uuid": "d7dd0154-e04f-4c34-a2fb-79f3a3a52aa4",
"template_version": "1",
"timestamp": "1525762643",
"uuid": "2f9fccfb-465f-406c-aeef-3e329a966f34",
"Attribute": [
{
"category": "Other",
"comment": "",
"deleted": false,
"disable_correlation": false,
"object_relation": "last-submission",
"timestamp": "1525762643",
"to_ids": false,
"type": "datetime",
"uuid": "5af14a53-4c14-41f6-a7e4-40d402de0b81",
"value": "2018-05-07T19:19:25"
},
{
"category": "Other",
"comment": "",
"deleted": false,
"disable_correlation": true,
"object_relation": "detection-ratio",
"timestamp": "1525762644",
"to_ids": false,
"type": "text",
"uuid": "5af14a54-aea0-4d40-b51d-4b0a02de0b81",
"value": "39/66"
},
{
"category": "External analysis",
"comment": "",
"deleted": false,
"disable_correlation": false,
"object_relation": "permalink",
"timestamp": "1525762644",
"to_ids": false,
"type": "link",
"uuid": "5af14a54-2e64-444f-995b-477d02de0b81",
"value": "https://www.virustotal.com/file/27dd9de09e22efa2ef12e9e2f462fa9da83684bdb4ec900dd86439c5758107d9/analysis/1525720765/"
}
]
},
{
"comment": "",
"deleted": false,
"description": "File object describing a file with meta-information",
"meta-category": "file",
"name": "file",
"template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215",
"template_version": "7",
"timestamp": "1525762647",
"uuid": "dd0cab48-6f62-4bd6-b10a-18200635fb54",
"ObjectReference": [
{
"comment": "",
"object_uuid": "dd0cab48-6f62-4bd6-b10a-18200635fb54",
"referenced_uuid": "c01bde93-91b5-4cfe-82f2-35da847471b9",
"relationship_type": "analysed-with",
"timestamp": "1525762657",
"uuid": "5af14a61-30c8-420a-a536-47f702de0b81"
}
],
"Attribute": [
{
"category": "Payload delivery",
"comment": "",
"deleted": false,
"disable_correlation": false,
"object_relation": "md5",
"timestamp": "1525762644",
"to_ids": true,
"type": "md5",
"uuid": "5af14a54-ac70-449a-8f8a-404b02de0b81",
"value": "cf45ec807321d12f8df35fa434591460"
},
{
"category": "Payload delivery",
"comment": "",
"deleted": false,
"disable_correlation": false,
"object_relation": "sha1",
"timestamp": "1525762645",
"to_ids": true,
"type": "sha1",
"uuid": "5af14a55-ee20-4a25-8c7d-463d02de0b81",
"value": "ddaa06a4021baf980a08caea899f2904609410b9"
},
{
"category": "Payload delivery",
"comment": "",
"deleted": false,
"disable_correlation": false,
"object_relation": "sha256",
"timestamp": "1525762645",
"to_ids": true,
"type": "sha256",
"uuid": "5af14a55-8384-4c7a-8775-450802de0b81",
"value": "0860f29226069a732f988cb70ea6d51057d204d421bb709b8e759376b0c4d201"
}
]
},
{
"comment": "",
"deleted": false,
"description": "VirusTotal report",
"meta-category": "misc",
"name": "virustotal-report",
"template_uuid": "d7dd0154-e04f-4c34-a2fb-79f3a3a52aa4",
"template_version": "1",
"timestamp": "1525762646",
"uuid": "c01bde93-91b5-4cfe-82f2-35da847471b9",
"Attribute": [
{
"category": "Other",
"comment": "",
"deleted": false,
"disable_correlation": false,
"object_relation": "last-submission",
"timestamp": "1525762646",
"to_ids": false,
"type": "datetime",
"uuid": "5af14a56-0e3c-4e31-986e-412d02de0b81",
"value": "2018-05-07T19:19:42"
},
{
"category": "Other",
"comment": "",
"deleted": false,
"disable_correlation": true,
"object_relation": "detection-ratio",
"timestamp": "1525762646",
"to_ids": false,
"type": "text",
"uuid": "5af14a56-5194-443a-9a91-40e202de0b81",
"value": "38/66"
},
{
"category": "External analysis",
"comment": "",
"deleted": false,
"disable_correlation": false,
"object_relation": "permalink",
"timestamp": "1525762646",
"to_ids": false,
"type": "link",
"uuid": "5af14a56-8afc-4bf6-ada7-45e802de0b81",
"value": "https://www.virustotal.com/file/0860f29226069a732f988cb70ea6d51057d204d421bb709b8e759376b0c4d201/analysis/1525720782/"
}
]
},
{
"comment": "",
"deleted": false,
"description": "File object describing a file with meta-information",
"meta-category": "file",
"name": "file",
"template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215",
"template_version": "7",
"timestamp": "1525762650",
"uuid": "5eda63ae-1893-42e5-846a-e9995000bde9",
"ObjectReference": [
{
"comment": "",
"object_uuid": "5eda63ae-1893-42e5-846a-e9995000bde9",
"referenced_uuid": "669adb50-5e7d-4c8d-8510-38a08aea3ba7",
"relationship_type": "analysed-with",
"timestamp": "1525762657",
"uuid": "5af14a61-fd38-4698-a9b7-424802de0b81"
}
],
"Attribute": [
{
"category": "Payload delivery",
"comment": "",
"deleted": false,
"disable_correlation": false,
"object_relation": "md5",
"timestamp": "1525762647",
"to_ids": true,
"type": "md5",
"uuid": "5af14a57-0628-400a-84c7-4c7502de0b81",
"value": "f1df1a795eb784f7bfc3ba9a7e3b00ac"
},
{
"category": "Payload delivery",
"comment": "",
"deleted": false,
"disable_correlation": false,
"object_relation": "sha1",
"timestamp": "1525762647",
"to_ids": true,
"type": "sha1",
"uuid": "5af14a57-1228-47a2-b8de-487102de0b81",
"value": "1470995de2278ae79646d524e7c311dad29aee17"
},
{
"category": "Payload delivery",
"comment": "",
"deleted": false,
"disable_correlation": false,
"object_relation": "sha256",
"timestamp": "1525762648",
"to_ids": true,
"type": "sha256",
"uuid": "5af14a58-e0f8-4cfa-8522-4a7902de0b81",
"value": "e029ed8cfe34185c94b15c74f52d6fdf9bf9b635853c466b2589c1d9f3639200"
}
]
},
{
"comment": "",
"deleted": false,
"description": "VirusTotal report",
"meta-category": "misc",
"name": "virustotal-report",
"template_uuid": "d7dd0154-e04f-4c34-a2fb-79f3a3a52aa4",
"template_version": "1",
"timestamp": "1525762648",
"uuid": "669adb50-5e7d-4c8d-8510-38a08aea3ba7",
"Attribute": [
{
"category": "Other",
"comment": "",
"deleted": false,
"disable_correlation": false,
"object_relation": "last-submission",
"timestamp": "1525762648",
"to_ids": false,
"type": "datetime",
"uuid": "5af14a58-552c-4cec-a7b2-4cb802de0b81",
"value": "2018-05-07T19:19:47"
},
{
"category": "Other",
"comment": "",
"deleted": false,
"disable_correlation": true,
"object_relation": "detection-ratio",
"timestamp": "1525762649",
"to_ids": false,
"type": "text",
"uuid": "5af14a59-2cc0-4f38-a25d-447602de0b81",
"value": "40/65"
},
{
"category": "External analysis",
"comment": "",
"deleted": false,
"disable_correlation": false,
"object_relation": "permalink",
"timestamp": "1525762649",
"to_ids": false,
"type": "link",
"uuid": "5af14a59-8ae8-48a9-9ffa-4fcd02de0b81",
"value": "https://www.virustotal.com/file/e029ed8cfe34185c94b15c74f52d6fdf9bf9b635853c466b2589c1d9f3639200/analysis/1525720787/"
}
]
},
{
"comment": "",
"deleted": false,
"description": "File object describing a file with meta-information",
"meta-category": "file",
"name": "file",
"template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215",
"template_version": "7",
"timestamp": "1525762652",
"uuid": "41d7368a-bbcc-4b09-8db4-959a210b2e52",
"ObjectReference": [
{
"comment": "",
"object_uuid": "41d7368a-bbcc-4b09-8db4-959a210b2e52",
"referenced_uuid": "14781af2-cede-4e8a-b613-76a5eb9bd981",
"relationship_type": "analysed-with",
"timestamp": "1525762657",
"uuid": "5af14a61-542c-443c-b59a-41c002de0b81"
}
],
"Attribute": [
{
"category": "Payload delivery",
"comment": "Clean samples",
"deleted": false,
"disable_correlation": false,
"object_relation": "md5",
"timestamp": "1525762649",
"to_ids": true,
"type": "md5",
"uuid": "5af14a59-d550-444c-b37d-46d202de0b81",
"value": "e78e3b0171b189074d2539c7baaa0719"
},
{
"category": "Payload delivery",
"comment": "Clean samples",
"deleted": false,
"disable_correlation": false,
"object_relation": "sha1",
"timestamp": "1525762650",
"to_ids": true,
"type": "sha1",
"uuid": "5af14a5a-5288-45cd-bc78-40a902de0b81",
"value": "5f45bf0f57aa1f7c9d676740989b58cbffaf0ceb"
},
{
"category": "Payload delivery",
"comment": "Clean samples",
"deleted": false,
"disable_correlation": false,
"object_relation": "sha256",
"timestamp": "1525762650",
"to_ids": true,
"type": "sha256",
"uuid": "5af14a5a-4c18-442c-9ee0-43b002de0b81",
"value": "998aa45b4cd6ca30610c3f7dc1603c2c1feb49b0e2d968d29f64f1658f4d40d5"
}
]
},
{
"comment": "",
"deleted": false,
"description": "VirusTotal report",
"meta-category": "misc",
"name": "virustotal-report",
"template_uuid": "d7dd0154-e04f-4c34-a2fb-79f3a3a52aa4",
"template_version": "1",
"timestamp": "1525762650",
"uuid": "14781af2-cede-4e8a-b613-76a5eb9bd981",
"Attribute": [
{
"category": "Other",
"comment": "Clean samples",
"deleted": false,
"disable_correlation": false,
"object_relation": "last-submission",
"timestamp": "1525762651",
"to_ids": false,
"type": "datetime",
"uuid": "5af14a5b-431c-4912-8b73-4f4a02de0b81",
"value": "2018-05-07T10:10:04"
},
{
"category": "Other",
"comment": "Clean samples",
"deleted": false,
"disable_correlation": true,
"object_relation": "detection-ratio",
"timestamp": "1525762651",
"to_ids": false,
"type": "text",
"uuid": "5af14a5b-1414-4b04-837f-467d02de0b81",
"value": "12/66"
},
{
"category": "External analysis",
"comment": "Clean samples",
"deleted": false,
"disable_correlation": false,
"object_relation": "permalink",
"timestamp": "1525762651",
"to_ids": false,
"type": "link",
"uuid": "5af14a5b-f6e8-4eee-8b26-407b02de0b81",
"value": "https://www.virustotal.com/file/998aa45b4cd6ca30610c3f7dc1603c2c1feb49b0e2d968d29f64f1658f4d40d5/analysis/1525687804/"
}
]
},
{
"comment": "",
"deleted": false,
"description": "File object describing a file with meta-information",
"meta-category": "file",
"name": "file",
"template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215",
"template_version": "7",
"timestamp": "1525762654",
"uuid": "e7b0d6ff-7062-460a-baaa-2f1387ae9eda",
"ObjectReference": [
{
"comment": "",
"object_uuid": "e7b0d6ff-7062-460a-baaa-2f1387ae9eda",
"referenced_uuid": "e8a84d77-4552-4789-9fff-c5b4d1f21c0b",
"relationship_type": "analysed-with",
"timestamp": "1525762658",
"uuid": "5af14a62-0e70-4de0-ba1b-420702de0b81"
}
],
"Attribute": [
{
"category": "Payload delivery",
"comment": "",
"deleted": false,
"disable_correlation": false,
"object_relation": "md5",
"timestamp": "1525762651",
"to_ids": true,
"type": "md5",
"uuid": "5af14a5b-c5bc-4fb1-b15c-469802de0b81",
"value": "f3c6e16f0dd2b0e55a7dad365c3877d4"
},
{
"category": "Payload delivery",
"comment": "",
"deleted": false,
"disable_correlation": false,
"object_relation": "sha1",
"timestamp": "1525762652",
"to_ids": true,
"type": "sha1",
"uuid": "5af14a5c-9200-4848-96bc-45f302de0b81",
"value": "397d97e278110a48bd2cb11bb5632b99a9100dbd"
},
{
"category": "Payload delivery",
"comment": "",
"deleted": false,
"disable_correlation": false,
"object_relation": "sha256",
"timestamp": "1525762652",
"to_ids": true,
"type": "sha256",
"uuid": "5af14a5c-a190-467d-be5d-456302de0b81",
"value": "fa8de430fb491d898ee4e557977f036f2aae5f019c3b0552c9e0223da748fc27"
}
]
},
{
"comment": "",
"deleted": false,
"description": "VirusTotal report",
"meta-category": "misc",
"name": "virustotal-report",
"template_uuid": "d7dd0154-e04f-4c34-a2fb-79f3a3a52aa4",
"template_version": "1",
"timestamp": "1525762653",
"uuid": "e8a84d77-4552-4789-9fff-c5b4d1f21c0b",
"Attribute": [
{
"category": "Other",
"comment": "",
"deleted": false,
"disable_correlation": false,
"object_relation": "last-submission",
"timestamp": "1525762653",
"to_ids": false,
"type": "datetime",
"uuid": "5af14a5d-f2e8-40ca-8c36-4c1f02de0b81",
"value": "2018-05-07T19:19:32"
},
{
"category": "Other",
"comment": "",
"deleted": false,
"disable_correlation": true,
"object_relation": "detection-ratio",
"timestamp": "1525762653",
"to_ids": false,
"type": "text",
"uuid": "5af14a5d-144c-4b96-995e-4be302de0b81",
"value": "41/66"
},
{
"category": "External analysis",
"comment": "",
"deleted": false,
"disable_correlation": false,
"object_relation": "permalink",
"timestamp": "1525762653",
"to_ids": false,
"type": "link",
"uuid": "5af14a5d-e504-4fec-a7e5-4ca802de0b81",
"value": "https://www.virustotal.com/file/fa8de430fb491d898ee4e557977f036f2aae5f019c3b0552c9e0223da748fc27/analysis/1525720772/"
}
]
},
{
"comment": "",
"deleted": false,
"description": "File object describing a file with meta-information",
"meta-category": "file",
"name": "file",
"template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215",
"template_version": "7",
"timestamp": "1525762657",
"uuid": "f8bd20cd-39f4-4edd-b539-348389f5df61",
"ObjectReference": [
{
"comment": "",
"object_uuid": "f8bd20cd-39f4-4edd-b539-348389f5df61",
"referenced_uuid": "1015a558-4051-4d03-9a34-a0c9448ee953",
"relationship_type": "analysed-with",
"timestamp": "1525762658",
"uuid": "5af14a62-c714-4da2-bfa9-4f8c02de0b81"
}
],
"Attribute": [
{
"category": "Payload delivery",
"comment": "Clean samples",
"deleted": false,
"disable_correlation": false,
"object_relation": "md5",
"timestamp": "1525762654",
"to_ids": true,
"type": "md5",
"uuid": "5af14a5e-982c-4118-a164-40c002de0b81",
"value": "ac1a85d3ca1b6265cad4ed41b696f9b7"
},
{
"category": "Payload delivery",
"comment": "Clean samples",
"deleted": false,
"disable_correlation": false,
"object_relation": "sha1",
"timestamp": "1525762655",
"to_ids": true,
"type": "sha1",
"uuid": "5af14a5f-a228-4461-a712-408e02de0b81",
"value": "8ff7b74efffadb3a102ed0ec614c918526d0ea6b"
},
{
"category": "Payload delivery",
"comment": "Clean samples",
"deleted": false,
"disable_correlation": false,
"object_relation": "sha256",
"timestamp": "1525762655",
"to_ids": true,
"type": "sha256",
"uuid": "5af14a5f-9bf4-491b-b1fe-4b6902de0b81",
"value": "32d8c36c829be1cdbed56201a0e663227fe74d479f1732a7974fb50fdf09c02e"
}
]
},
{
"comment": "",
"deleted": false,
"description": "VirusTotal report",
"meta-category": "misc",
"name": "virustotal-report",
"template_uuid": "d7dd0154-e04f-4c34-a2fb-79f3a3a52aa4",
"template_version": "1",
"timestamp": "1525762655",
"uuid": "1015a558-4051-4d03-9a34-a0c9448ee953",
"Attribute": [
{
"category": "Other",
"comment": "Clean samples",
"deleted": false,
"disable_correlation": false,
"object_relation": "last-submission",
"timestamp": "1525762656",
"to_ids": false,
"type": "datetime",
"uuid": "5af14a60-7864-4f9e-9808-499c02de0b81",
"value": "2018-05-07T01:42:42"
},
{
"category": "Other",
"comment": "Clean samples",
"deleted": false,
"disable_correlation": true,
"object_relation": "detection-ratio",
"timestamp": "1525762656",
"to_ids": false,
"type": "text",
"uuid": "5af14a60-6228-4a34-aaf8-48bc02de0b81",
"value": "8/65"
},
{
"category": "External analysis",
"comment": "Clean samples",
"deleted": false,
"disable_correlation": false,
"object_relation": "permalink",
"timestamp": "1525762656",
"to_ids": false,
"type": "link",
"uuid": "5af14a60-3b6c-4561-aba5-47b102de0b81",
"value": "https://www.virustotal.com/file/32d8c36c829be1cdbed56201a0e663227fe74d479f1732a7974fb50fdf09c02e/analysis/1525657362/"
}
]
}
]
}
}