3139 lines
556 KiB
JSON
3139 lines
556 KiB
JSON
|
{
|
||
|
|
"Event": {
|
||
|
|
"analysis": "2",
|
||
|
|
"date": "2018-08-03",
|
||
|
|
"extends_uuid": "",
|
||
|
|
"info": "OSINT - Attacks on industrial enterprises using RMS and TeamViewer",
|
||
|
|
"publish_timestamp": "1533281224",
|
||
|
|
"published": true,
|
||
|
|
"threat_level_id": "2",
|
||
|
|
"timestamp": "1533279935",
|
||
|
|
"uuid": "5b63f5e4-bf24-4f46-8340-48fc02de0b81",
|
||
|
|
"Orgc": {
|
||
|
|
"name": "CIRCL",
|
||
|
|
"uuid": "55f6ea5e-2c60-40e5-964f-47a8950d210f"
|
||
|
|
},
|
||
|
|
"Tag": [
|
||
|
|
{
|
||
|
|
"colour": "#0088cc",
|
||
|
|
"name": "misp-galaxy:rat=\"Babylon\""
|
||
|
|
},
|
||
|
|
{
|
||
|
|
"colour": "#0088cc",
|
||
|
|
"name": "misp-galaxy:botnet=\"BetaBot\""
|
||
|
|
},
|
||
|
|
{
|
||
|
|
"colour": "#0088cc",
|
||
|
|
"name": "misp-galaxy:stealer=\"AZORult\""
|
||
|
|
},
|
||
|
|
{
|
||
|
|
"colour": "#0088cc",
|
||
|
|
"name": "misp-galaxy:sector=\"Manufacturing\""
|
||
|
|
},
|
||
|
|
{
|
||
|
|
"colour": "#0088cc",
|
||
|
|
"name": "misp-galaxy:sector=\"Oil\""
|
||
|
|
},
|
||
|
|
{
|
||
|
|
"colour": "#0088cc",
|
||
|
|
"name": "misp-galaxy:sector=\"Energy\""
|
||
|
|
},
|
||
|
|
{
|
||
|
|
"colour": "#0088cc",
|
||
|
|
"name": "misp-galaxy:sector=\"Mining\""
|
||
|
|
},
|
||
|
|
{
|
||
|
|
"colour": "#0088cc",
|
||
|
|
"name": "misp-galaxy:sector=\"Construction\""
|
||
|
|
},
|
||
|
|
{
|
||
|
|
"colour": "#0088cc",
|
||
|
|
"name": "misp-galaxy:sector=\"Logistic\""
|
||
|
|
},
|
||
|
|
{
|
||
|
|
"colour": "#ffffff",
|
||
|
|
"name": "tlp:white"
|
||
|
|
},
|
||
|
|
{
|
||
|
|
"colour": "#00223b",
|
||
|
|
"name": "osint:source-type=\"blog-post\""
|
||
|
|
},
|
||
|
|
{
|
||
|
|
"colour": "#0026eb",
|
||
|
|
"name": "estimative-language:confidence-in-analytic-judgment=\"moderate\""
|
||
|
|
}
|
||
|
|
],
|
||
|
|
"Attribute": [
|
||
|
|
{
|
||
|
|
"category": "External analysis",
|
||
|
|
"comment": "",
|
||
|
|
"deleted": false,
|
||
|
|
"disable_correlation": false,
|
||
|
|
"timestamp": "1533277679",
|
||
|
|
"to_ids": false,
|
||
|
|
"type": "link",
|
||
|
|
"uuid": "5b63f5ef-b2ac-46ba-a801-44ce02de0b81",
|
||
|
|
"value": "https://securelist.com/attacks-on-industrial-enterprises-using-rms-and-teamviewer/87104/"
|
||
|
|
},
|
||
|
|
{
|
||
|
|
"category": "External analysis",
|
||
|
|
"comment": "",
|
||
|
|
"deleted": false,
|
||
|
|
"disable_correlation": false,
|
||
|
|
"timestamp": "1533277704",
|
||
|
|
"to_ids": false,
|
||
|
|
"type": "text",
|
||
|
|
"uuid": "5b63f608-97e4-4125-9e7b-457d02de0b81",
|
||
|
|
"value": "Kaspersky Lab ICS CERT has identified a new wave of phishing emails with malicious attachments targeting primarily companies and organizations that are, in one way or another, associated with industrial production.\r\n\r\nThe phishing emails are disguised as legitimate commercial offers and are sent mainly to industrial companies located in Russia. The content of each email reflects the activity of the organization under attack and the type of work performed by the employee to whom the email is sent.\r\n\r\nAccording to the data that we have collected, this series of attacks started in November 2017 and is currently in progress. Notably, the first similar attacks were recorded as far back as 2015.\r\n\r\nThe malware used in these attacks installs legitimate remote administration software \u00e2\u20ac\u201c TeamViewer or Remote Manipulator System/Remote Utilities (RMS). This enables the attackers to gain remote control of infected systems. The threat actor uses various techniques to mask the infection and the activity of malware installed in the system.\r\n\r\nAccording to the data available, the attackers\u00e2\u20ac\u2122 main goal is to steal money from victim organizations\u00e2\u20ac\u2122 accounts. When attackers connect to a victim\u00e2\u20ac\u2122s computer, they search for and analyze purchase documents, as well as the financial and accounting software used. After that, the attackers look for various ways in which they can commit financial fraud, such as spoofing the bank details used to make payments.\r\n\r\nIn cases where the cybercriminals need additional data or capabilities after infecting a system, such as privilege escalation and obtaining local administrator privileges, the theft of user authentication data for financial software and services, or Windows accounts for lateral movement, the attackers download an additional pack of malware to the system, which is specifically tailored to the attack on each individual victim. The malware pack can include spyware, additional remote administration utilities that extend the attackers\u00e2\u20ac\u2122 control on infected systems, malware for exploiting operating system and application software vulnerabilities, as well as the Mimikatz utility, which provides the attackers with Windows account data.\r\n\r\nApparently, among other methods, the attackers obtain the information they need to perpetrate their criminal activity by analyzing the correspondence of employees at the enterprises attacked. They may also use the information found in these emails to prepare new attacks \u00e2\u20ac\u201c against companies that partner with the current victim.\r\n\r\nClearly, on top of the financial losses, these attacks result in leaks of the victim organizations\u00e2\u20ac\u2122 sensitive data."
|
||
|
|
},
|
||
|
|
{
|
||
|
|
"category": "Antivirus detection",
|
||
|
|
"comment": "",
|
||
|
|
"deleted": false,
|
||
|
|
"disable_correlation": false,
|
||
|
|
"timestamp": "1533278405",
|
||
|
|
"to_ids": false,
|
||
|
|
"type": "text",
|
||
|
|
"uuid": "5b63f8c5-a258-4e3e-a5d7-46d602de0b81",
|
||
|
|
"value": "Trojan.BAT.Starter"
|
||
|
|
},
|
||
|
|
{
|
||
|
|
"category": "Antivirus detection",
|
||
|
|
"comment": "",
|
||
|
|
"deleted": false,
|
||
|
|
"disable_correlation": false,
|
||
|
|
"timestamp": "1533278405",
|
||
|
|
"to_ids": false,
|
||
|
|
"type": "text",
|
||
|
|
"uuid": "5b63f8c5-6240-4b67-a5d9-4b2d02de0b81",
|
||
|
|
"value": "Trojan.Win32.Dllhijack"
|
||
|
|
},
|
||
|
|
{
|
||
|
|
"category": "Antivirus detection",
|
||
|
|
"comment": "",
|
||
|
|
"deleted": false,
|
||
|
|
"disable_correlation": false,
|
||
|
|
"timestamp": "1533278405",
|
||
|
|
"to_ids": false,
|
||
|
|
"type": "text",
|
||
|
|
"uuid": "5b63f8c5-322c-4d68-9493-44ce02de0b81",
|
||
|
|
"value": "Trojan.Win32.Waldek"
|
||
|
|
},
|
||
|
|
{
|
||
|
|
"category": "Antivirus detection",
|
||
|
|
"comment": "",
|
||
|
|
"deleted": false,
|
||
|
|
"disable_correlation": false,
|
||
|
|
"timestamp": "1533278405",
|
||
|
|
"to_ids": false,
|
||
|
|
"type": "text",
|
||
|
|
"uuid": "5b63f8c5-be84-4d86-9781-45ef02de0b81",
|
||
|
|
"value": "Backdoor.Win32.RA-based"
|
||
|
|
},
|
||
|
|
{
|
||
|
|
"category": "Antivirus detection",
|
||
|
|
"comment": "",
|
||
|
|
"deleted": false,
|
||
|
|
"disable_correlation": false,
|
||
|
|
"timestamp": "1533278405",
|
||
|
|
"to_ids": false,
|
||
|
|
"type": "text",
|
||
|
|
"uuid": "5b63f8c5-818c-4271-a487-4e7b02de0b81",
|
||
|
|
"value": "Backdoor.Win32.Agent"
|
||
|
|
},
|
||
|
|
{
|
||
|
|
"category": "Artifacts dropped",
|
||
|
|
"comment": "",
|
||
|
|
"deleted": false,
|
||
|
|
"disable_correlation": false,
|
||
|
|
"timestamp": "1533278951",
|
||
|
|
"to_ids": true,
|
||
|
|
"type": "yara",
|
||
|
|
"uuid": "5b63fae7-0148-448a-bb4c-44f002de0b81",
|
||
|
|
"value": "rule TeamViewer_msimg32_dllhijack {\r\nmeta:\r\ndescription = \"msimg32.dll malicious file used in TeamViewer\"\r\nhash = \"16b4ebfdf74db8f730f2fb4d03e86d27\"\r\nhash = \"8c4e9016b9b4db809dd312f971a275b\r\n1\"\r\nversion = \"1.1\" \r\nstrings:\r\n$a1=\"msimg32.dll\" fullword\r\ncondition:\r\nuint16(0) == 0x5A4D\r\nand any of ($a*)\r\nand pe.exports(\"SvcMain\")\r\nand pe.number_of_exports >6\r\nand filesize > 50000 \r\nand filesize < 200000 \r\n}"
|
||
|
|
},
|
||
|
|
{
|
||
|
|
"category": "Artifacts dropped",
|
||
|
|
"comment": "",
|
||
|
|
"deleted": false,
|
||
|
|
"disable_correlation": false,
|
||
|
|
"timestamp": "1533278994",
|
||
|
|
"to_ids": true,
|
||
|
|
"type": "yara",
|
||
|
|
"uuid": "5b63fb12-b55c-4d94-b9dd-4dc202de0b81",
|
||
|
|
"value": "import \"pe\"\r\n\r\nrule RMS_winspooldrv_dllhijack {\r\nmeta:\r\ndescription = \"winspool.drv malicious file used in RMS RAT\"\r\nhash = \"5a6efa2921d3174bb9808fa3a3400d13\" \r\nhash\r\n= \"bb188e1e92e2be8a1ff009fe22f58f7f\" \r\nversion = \"1.1\" \r\nstrings:\r\n$a1= \"Password.rcfg\" fullword\r\n$a2 = \"Password.rcfg\" wide fullword\r\n$b1= \"winspool.drv\" fullword\r\n$b2= \"killrms\" wide fullword\r\ncondition:\r\nuint16(0) == 0x5A4D\r\nand\r\nany of ($a*)\r\nand all of ($b*)\r\nand filesize < 100000 \r\n}"
|
||
|
|
},
|
||
|
|
{
|
||
|
|
"category": "Network activity",
|
||
|
|
"comment": "Email addresses to which the malware sends messages",
|
||
|
|
"deleted": false,
|
||
|
|
"disable_correlation": false,
|
||
|
|
"timestamp": "1533279128",
|
||
|
|
"to_ids": true,
|
||
|
|
"type": "email-dst",
|
||
|
|
"uuid": "5b63fb98-a0c0-42dd-910a-4ad602de0b81",
|
||
|
|
"value": "barinovbb2018@yandex.ru"
|
||
|
|
},
|
||
|
|
{
|
||
|
|
"category": "Network activity",
|
||
|
|
"comment": "Email addresses to which the malware sends messages",
|
||
|
|
"deleted": false,
|
||
|
|
"disable_correlation": false,
|
||
|
|
"timestamp": "1533279128",
|
||
|
|
"to_ids": true,
|
||
|
|
"type": "email-dst",
|
||
|
|
"uuid": "5b63fb98-79a8-4232-9aed-470502de0b81",
|
||
|
|
"value": "drozd04m@gmail.com"
|
||
|
|
},
|
||
|
|
{
|
||
|
|
"category": "Network activity",
|
||
|
|
"comment": "Email addresses to which the malware sends messages",
|
||
|
|
"deleted": false,
|
||
|
|
"disable_correlation": false,
|
||
|
|
"timestamp": "1533279128",
|
||
|
|
"to_ids": true,
|
||
|
|
"type": "email-dst",
|
||
|
|
"uuid": "5b63fb98-42f0-4c8a-956b-40f002de0b81",
|
||
|
|
"value": "barinovbb@yandex.ru"
|
||
|
|
},
|
||
|
|
{
|
||
|
|
"category": "Network activity",
|
||
|
|
"comment": "Email addresses to which the malware sends messages",
|
||
|
|
"deleted": false,
|
||
|
|
"disable_correlation": false,
|
||
|
|
"timestamp": "1533279128",
|
||
|
|
"to_ids": true,
|
||
|
|
"type": "email-dst",
|
||
|
|
"uuid": "5b63fb98-23a8-48b4-b711-4e2802de0b81",
|
||
|
|
"value": "barinovbb101@yandex.ru"
|
||
|
|
},
|
||
|
|
{
|
||
|
|
"category": "Network activity",
|
||
|
|
"comment": "The web resources listed below are not associated with any real - world organizations; the attackers chose some of the domain names to disguise their resources as the resources of well - known companies",
|
||
|
|
"deleted": false,
|
||
|
|
"disable_correlation": false,
|
||
|
|
"timestamp": "1533279231",
|
||
|
|
"to_ids": true,
|
||
|
|
"type": "domain",
|
||
|
|
"uuid": "5b63fbff-76c4-4c00-a466-433802de0b81",
|
||
|
|
"value": "rosatomgov.ru"
|
||
|
|
},
|
||
|
|
{
|
||
|
|
"category": "Network activity",
|
||
|
|
"comment": "The web resources listed below are not associated with any real - world organizations; the attackers chose some of the domain names to disguise their resources as the resources of well - known companies",
|
||
|
|
"deleted": false,
|
||
|
|
"disable_correlation": false,
|
||
|
|
"timestamp": "1533279231",
|
||
|
|
"to_ids": true,
|
||
|
|
"type": "ip-dst",
|
||
|
|
"uuid": "5b63fbff-7078-4f05-a045-4d9502de0b81",
|
||
|
|
"value": "81.177.141.15"
|
||
|
|
},
|
||
|
|
{
|
||
|
|
"category": "Network activity",
|
||
|
|
"comment": "The web resources listed below are not associated with any real - world organizations; the attackers chose some of the domain names to disguise their resources as the resources of well - known companies",
|
||
|
|
"deleted": false,
|
||
|
|
"disable_correlation": false,
|
||
|
|
"timestamp": "1533279232",
|
||
|
|
"to_ids": true,
|
||
|
|
"type": "domain",
|
||
|
|
"uuid": "5b63fc00-24f0-4eaa-a4ea-451f02de0b81",
|
||
|
|
"value": "micorsoft.info"
|
||
|
|
},
|
||
|
|
{
|
||
|
|
"category": "Network activity",
|
||
|
|
"comment": "The web resources listed below are not associated with any real - world organizations; the attackers chose some of the domain names to disguise their resources as the resources of well - known companies",
|
||
|
|
"deleted": false,
|
||
|
|
"disable_correlation": false,
|
||
|
|
"timestamp": "1533279232",
|
||
|
|
"to_ids": true,
|
||
|
|
"type": "ip-dst",
|
||
|
|
"uuid": "5b63fc00-d590-4678-8fbb-4b0d02de0b81",
|
||
|
|
"value": "208.91.198.93"
|
||
|
|
},
|
||
|
|
{
|
||
|
|
"category": "Network activity",
|
||
|
|
"comment": "The web resources listed below are not associated with any real - world organizations; the attackers chose some of the domain names to disguise their resources as the resources of well - known companies",
|
||
|
|
"deleted": false,
|
||
|
|
"disable_correlation": false,
|
||
|
|
"timestamp": "1533279233",
|
||
|
|
"to_ids": true,
|
||
|
|
"type": "domain",
|
||
|
|
"uuid": "5b63fc01-0e4c-459d-9aa5-4b2802de0b81",
|
||
|
|
"value": "buhuchetooo.ru"
|
||
|
|
},
|
||
|
|
{
|
||
|
|
"category": "Network activity",
|
||
|
|
"comment": "The web resources listed below are not associated with any real - world organizations; the attackers chose some of the domain names to disguise their resources as the resources of well - known companies",
|
||
|
|
"deleted": false,
|
||
|
|
"disable_correlation": false,
|
||
|
|
"timestamp": "1533279233",
|
||
|
|
"to_ids": true,
|
||
|
|
"type": "ip-dst",
|
||
|
|
"uuid": "5b63fc01-36c8-42e1-b9bb-4f1d02de0b81",
|
||
|
|
"value": "185.51.247.125"
|
||
|
|
},
|
||
|
|
{
|
||
|
|
"category": "Network activity",
|
||
|
|
"comment": "The web resources listed below are not associated with any real - world organizations; the attackers chose some of the domain names to disguise their resources as the resources of well - known companies",
|
||
|
|
"deleted": false,
|
||
|
|
"disable_correlation": false,
|
||
|
|
"timestamp": "1533279234",
|
||
|
|
"to_ids": true,
|
||
|
|
"type": "hostname",
|
||
|
|
"uuid": "5b63fc02-c7c4-4406-acbd-424302de0b81",
|
||
|
|
"value": "barinovbb.had.su"
|
||
|
|
},
|
||
|
|
{
|
||
|
|
"category": "Network activity",
|
||
|
|
"comment": "The web resources listed below are not associated with any real - world organizations; the attackers chose some of the domain names to disguise their resources as the resources of well - known companies",
|
||
|
|
"deleted": false,
|
||
|
|
"disable_correlation": false,
|
||
|
|
"timestamp": "1533279234",
|
||
|
|
"to_ids": true,
|
||
|
|
"type": "ip-dst",
|
||
|
|
"uuid": "5b63fc02-3994-454f-91a3-471e02de0b81",
|
||
|
|
"value": "185.51.247.169"
|
||
|
|
},
|
||
|
|
{
|
||
|
|
"category": "Network activity",
|
||
|
|
"comment": "The web resources listed below are not associated with any real - world organizations; the attackers chose some of the domain names to disguise their resources as the resources of well - known companies",
|
||
|
|
"deleted": false,
|
||
|
|
"disable_correlation": false,
|
||
|
|
"timestamp": "1533279235",
|
||
|
|
"to_ids": true,
|
||
|
|
"type": "hostname",
|
||
|
|
"uuid": "5b63fc03-d9a4-487e-9f6a-434102de0b81",
|
||
|
|
"value": "barinoh9.beget.tech"
|
||
|
|
},
|
||
|
|
{
|
||
|
|
"category": "Network activity",
|
||
|
|
"comment": "The web resources listed below are not associated with any real - world organizations; the attackers chose some of the domain names to disguise their resources as the resources of well - known companies",
|
||
|
|
"deleted": false,
|
||
|
|
"disable_correlation": false,
|
||
|
|
"timestamp": "1533279235",
|
||
|
|
"to_ids": true,
|
||
|
|
"type": "ip-dst",
|
||
|
|
"uuid": "5b63fc03-23fc-4d52-ad37-4c3c02de0b81",
|
||
|
|
"value": "87.236.19.244"
|
||
|
|
},
|
||
|
|
{
|
||
|
|
"category": "Network activity",
|
||
|
|
"comment": "The web resources listed below are not associated with any real - world organizations; the attackers chose some of the domain names to disguise their resources as the resources of well - known companies",
|
||
|
|
"deleted": false,
|
||
|
|
"disable_correlation": false,
|
||
|
|
"timestamp": "1533279236",
|
||
|
|
"to_ids": true,
|
||
|
|
"type": "domain",
|
||
|
|
"uuid": "5b63fc04-be90-4410-b7a9-4d2302de0b81",
|
||
|
|
"value": "papaninili.temp.swtest.ru"
|
||
|
|
},
|
||
|
|
{
|
||
|
|
"category": "Network activity",
|
||
|
|
"comment": "The web resources listed below are not associated with any real - world organizations; the attackers chose some of the domain names to disguise their resources as the resources of well - known companies",
|
||
|
|
"deleted": false,
|
||
|
|
"disable_correlation": false,
|
||
|
|
"timestamp": "1533279236",
|
||
|
|
"to_ids": true,
|
||
|
|
"type": "ip-dst",
|
||
|
|
"uuid": "5b63fc04-ed58-450f-b839-41da02de0b81",
|
||
|
|
"value": "77.222.57.247"
|
||
|
|
},
|
||
|
|
{
|
||
|
|
"category": "Network activity",
|
||
|
|
"comment": "The web resources listed below are not associated with any real - world organizations; the attackers chose some of the domain names to disguise their resources as the resources of well - known companies",
|
||
|
|
"deleted": false,
|
||
|
|
"disable_correlation": false,
|
||
|
|
"timestamp": "1533279236",
|
||
|
|
"to_ids": true,
|
||
|
|
"type": "hostname",
|
||
|
|
"uuid": "5b63fc04-6064-4772-a747-462602de0b81",
|
||
|
|
"value": "mts2015stm.myjino.ru"
|
||
|
|
},
|
||
|
|
{
|
||
|
|
"category": "Network activity",
|
||
|
|
"comment": "The web resources listed below are not associated with any real - world organizations; the attackers chose some of the domain names to disguise their resources as the resources of well - known companies",
|
||
|
|
"deleted": false,
|
||
|
|
"disable_correlation": false,
|
||
|
|
"timestamp": "1533279237",
|
||
|
|
"to_ids": true,
|
||
|
|
"type": "ip-dst",
|
||
|
|
"uuid": "5b63fc05-d124-4f85-b57d-42eb02de0b81",
|
||
|
|
"value": "81.177.135.151"
|
||
|
|
},
|
||
|
|
{
|
||
|
|
"category": "Network activity",
|
||
|
|
"comment": "The web resources listed below are not associated with any real - world organizations; the attackers chose some of the domain names to disguise their resources as the resources of well - known companies",
|
||
|
|
"deleted": false,
|
||
|
|
"disable_correlation": false,
|
||
|
|
"timestamp": "1533279237",
|
||
|
|
"to_ids": true,
|
||
|
|
"type": "domain",
|
||
|
|
"uuid": "5b63fc05-ed94-4549-adbc-45d502de0b81",
|
||
|
|
"value": "document-buh.com"
|
||
|
|
},
|
||
|
|
{
|
||
|
|
"category": "Network activity",
|
||
|
|
"comment": "The web resources listed below are not associated with any real - world organizations; the attackers chose some of the domain names to disguise their resources as the resources of well - known companies",
|
||
|
|
"deleted": false,
|
||
|
|
"disable_correlation": false,
|
||
|
|
"timestamp": "1533279238",
|
||
|
|
"to_ids": true,
|
||
|
|
"type": "ip-dst",
|
||
|
|
"uuid": "5b63fc06-97d0-4776-947b-435202de0b81",
|
||
|
|
"value": "191.101.245.101"
|
||
|
|
},
|
||
|
|
{
|
||
|
|
"category": "Payload delivery",
|
||
|
|
"comment": "AzoRult",
|
||
|
|
"deleted": false,
|
||
|
|
"disable_correlation": false,
|
||
|
|
"timestamp": "1533279383",
|
||
|
|
"to_ids": true,
|
||
|
|
"type": "md5",
|
||
|
|
"uuid": "5b63fc97-9664-44ad-b08f-449d02de0b81",
|
||
|
|
"value": "3463d4a1dea003b9904674f21904f04b"
|
||
|
|
},
|
||
|
|
{
|
||
|
|
"category": "Payload delivery",
|
||
|
|
"comment": "BabylonRAT",
|
||
|
|
"deleted": false,
|
||
|
|
"disable_correlation": false,
|
||
|
|
"timestamp": "1533279383",
|
||
|
|
"to_ids": true,
|
||
|
|
"type": "md5",
|
||
|
|
"uuid": "5b63fc97-0a8c-495d-bacc-484d02de0b81",
|
||
|
|
"value": "075ff2fb2e33a319e56a8955fade154e"
|
||
|
|
},
|
||
|
|
{
|
||
|
|
"category": "Payload delivery",
|
||
|
|
"comment": "BabylonRAT",
|
||
|
|
"deleted": false,
|
||
|
|
"disable_correlation": false,
|
||
|
|
"timestamp": "1533279384",
|
||
|
|
"to_ids": true,
|
||
|
|
"type": "md5",
|
||
|
|
"uuid": "5b63fc98-824c-429d-acd0-463902de0b81",
|
||
|
|
"value": "aa6797ec4d23a39f91ddd222a31ddd1e"
|
||
|
|
},
|
||
|
|
{
|
||
|
|
"category": "Payload delivery",
|
||
|
|
"comment": "Betabot",
|
||
|
|
"deleted": false,
|
||
|
|
"disable_correlation": false,
|
||
|
|
"timestamp": "1533279384",
|
||
|
|
"to_ids": true,
|
||
|
|
"type": "md5",
|
||
|
|
"uuid": "5b63fc98-1bb4-4b68-9353-4cd302de0b81",
|
||
|
|
"value": "ba9747658aa8263b446bc29b99c0071f"
|
||
|
|
},
|
||
|
|
{
|
||
|
|
"category": "Payload delivery",
|
||
|
|
"comment": "AzoRult",
|
||
|
|
"deleted": false,
|
||
|
|
"disable_correlation": false,
|
||
|
|
"timestamp": "1533279385",
|
||
|
|
"to_ids": true,
|
||
|
|
"type": "md5",
|
||
|
|
"uuid": "5b63fc99-34ac-43a7-83aa-40c202de0b81",
|
||
|
|
"value": "61aecb3e037e01bc0ad1062e6ff557e6"
|
||
|
|
},
|
||
|
|
{
|
||
|
|
"category": "Payload delivery",
|
||
|
|
"comment": "AzoRult",
|
||
|
|
"deleted": false,
|
||
|
|
"disable_correlation": false,
|
||
|
|
"timestamp": "1533279385",
|
||
|
|
"to_ids": true,
|
||
|
|
"type": "md5",
|
||
|
|
"uuid": "5b63fc99-4c68-452a-a241-4e2602de0b81",
|
||
|
|
"value": "4fd16e0e8bf3ae4ff155e461b2eccb79"
|
||
|
|
},
|
||
|
|
{
|
||
|
|
"category": "Payload delivery",
|
||
|
|
"comment": "Betabot",
|
||
|
|
"deleted": false,
|
||
|
|
"disable_correlation": false,
|
||
|
|
"timestamp": "1533279385",
|
||
|
|
"to_ids": true,
|
||
|
|
"type": "md5",
|
||
|
|
"uuid": "5b63fc99-1b1c-4342-abd2-4ee502de0b81",
|
||
|
|
"value": "db0954a2f9c95737d1e54a1f9cf01404"
|
||
|
|
},
|
||
|
|
{
|
||
|
|
"category": "Payload delivery",
|
||
|
|
"comment": "Delphi Keylogger",
|
||
|
|
"deleted": false,
|
||
|
|
"disable_correlation": false,
|
||
|
|
"timestamp": "1533279386",
|
||
|
|
"to_ids": true,
|
||
|
|
"type": "md5",
|
||
|
|
"uuid": "5b63fc9a-cf44-4116-be6e-40ec02de0b81",
|
||
|
|
"value": "ccb184bbb7d257f02e2f69790d33f3b6"
|
||
|
|
},
|
||
|
|
{
|
||
|
|
"category": "Payload delivery",
|
||
|
|
"comment": "BabylonRAT",
|
||
|
|
"deleted": false,
|
||
|
|
"disable_correlation": false,
|
||
|
|
"timestamp": "1533279386",
|
||
|
|
"to_ids": true,
|
||
|
|
"type": "md5",
|
||
|
|
"uuid": "5b63fc9a-922c-4066-9966-464b02de0b81",
|
||
|
|
"value": "5f19025a2ac2afeb331d4a0971507131"
|
||
|
|
},
|
||
|
|
{
|
||
|
|
"category": "Payload delivery",
|
||
|
|
"comment": "Betabot",
|
||
|
|
"deleted": false,
|
||
|
|
"disable_correlation": false,
|
||
|
|
"timestamp": "1533279387",
|
||
|
|
"to_ids": true,
|
||
|
|
"type": "md5",
|
||
|
|
"uuid": "5b63fc9b-f500-4352-acb2-49f802de0b81",
|
||
|
|
"value": "579a5233fe9580e83fb20c2addb1a303"
|
||
|
|
},
|
||
|
|
{
|
||
|
|
"category": "Payload delivery",
|
||
|
|
"comment": "Hallaj PRO Rat",
|
||
|
|
"deleted": false,
|
||
|
|
"disable_correlation": false,
|
||
|
|
"timestamp": "1533279387",
|
||
|
|
"to_ids": true,
|
||
|
|
"type": "md5",
|
||
|
|
"uuid": "5b63fc9b-2dcc-4b46-92f2-456202de0b81",
|
||
|
|
"value": "567157989551a5c6926c375eb0652804"
|
||
|
|
},
|
||
|
|
{
|
||
|
|
"category": "Payload delivery",
|
||
|
|
"comment": "AzoRult",
|
||
|
|
"deleted": false,
|
||
|
|
"disable_correlation": false,
|
||
|
|
"timestamp": "1533279388",
|
||
|
|
"to_ids": true,
|
||
|
|
"type": "md5",
|
||
|
|
"uuid": "5b63fc9c-b8b0-4a56-ba31-4a0a02de0b81",
|
||
|
|
"value": "5a610962baf6081eb809a9e460599871"
|
||
|
|
},
|
||
|
|
{
|
||
|
|
"category": "Payload delivery",
|
||
|
|
"comment": "\u00d0\u017e\u00d1\u201a\u00d1\u20ac\u00d0\u00b0\u00d1\u0081\u00d0\u00bb\u00d0\u00b5\u00d0\u00b2\u00d0\u00b0\u00d1\u008f \u00d0\u00bf\u00d1\u20ac\u00d0\u00be\u00d0\u00b3\u00d1\u20ac\u00d0\u00b0\u00d0\u00bc\u00d0\u00bc\u00d0\u00b0 \u00d0\u00b7\u00d0\u00b0\u00d0\u00ba\u00d1\u0192\u00d0\u00bf\u00d0\u00be\u00d0\u00ba \u00d0\u0178\u00d0\u0090\u00d0\u017e \u00d0\u00a0\u00d0\u017e\u00d0\u00a1\u00d0\u0090\u00d0\u00a2\u00d0\u017e\u00d0\u0153.exe",
|
||
|
|
"deleted": false,
|
||
|
|
"disable_correlation": false,
|
||
|
|
"timestamp": "1533279590",
|
||
|
|
"to_ids": true,
|
||
|
|
"type": "md5",
|
||
|
|
"uuid": "5b63fd66-cdb8-4bc0-a818-470002de0b81",
|
||
|
|
"value": "34a1e9fcc84adc4ab2ec364845f64220"
|
||
|
|
},
|
||
|
|
{
|
||
|
|
"category": "Payload delivery",
|
||
|
|
"comment": "\u00d0\u017e\u00d1\u201a\u00d1\u20ac\u00d0\u00b0\u00d1\u0081\u00d0\u00bb\u00d0\u00b5\u00d0\u00b2\u00d0\u00b0\u00d1\u008f \u00d0\u00bf\u00d1\u20ac\u00d0\u00be\u00d0\u00b3\u00d1\u20ac\u00d0\u00b0\u00d0\u00bc\u00d0\u00bc\u00d0\u00b0 \u00d0\u00b7\u00d0\u00b0\u00d0\u00ba\u00d1\u0192\u00d0\u00bf\u00d0\u00be\u00d0\u00ba \u00d0\u0178\u00d0\u0090\u00d0\u017e \u00d0\u00a0\u00d0\u017e\u00d0\u00a1\u00d0\u0090\u00d0\u00a2\u00d0\u017e\u00d0\u0153 (\u00d0\u00ba\u00d0\u00be\u00d0\u00b4 917815).rar",
|
||
|
|
"deleted": false,
|
||
|
|
"disable_correlation": false,
|
||
|
|
"timestamp": "1533279591",
|
||
|
|
"to_ids": true,
|
||
|
|
"type": "md5",
|
||
|
|
"uuid": "5b63fd67-eefc-4c2f-9ce5-49a102de0b81",
|
||
|
|
"value": "59e172ec7d73a5c41d4dbb218ca1af66"
|
||
|
|
},
|
||
|
|
{
|
||
|
|
"category": "Payload delivery",
|
||
|
|
"comment": "OPLATA REESTR skrin dogovor.doc.com doc.pdf.oplat 27.12.2017.rar 1\u00d1\u0081 \u00d0\u00bf\u00d0\u00bf.pdf",
|
||
|
|
"deleted": false,
|
||
|
|
"disable_correlation": false,
|
||
|
|
"timestamp": "1533279591",
|
||
|
|
"to_ids": true,
|
||
|
|
"type": "md5",
|
||
|
|
"uuid": "5b63fd67-2da4-4702-9b89-4d4402de0b81",
|
||
|
|
"value": "ddcd67b7b83e73426b4d35881789e7dc"
|
||
|
|
},
|
||
|
|
{
|
||
|
|
"category": "Payload delivery",
|
||
|
|
"comment": "(No 444.pdf.com",
|
||
|
|
"deleted": false,
|
||
|
|
"disable_correlation": false,
|
||
|
|
"timestamp": "1533279591",
|
||
|
|
"to_ids": true,
|
||
|
|
"type": "md5",
|
||
|
|
"uuid": "5b63fd67-b584-4a05-8b22-480702de0b81",
|
||
|
|
"value": "2374c93efbe32199b177eb12f96b6166"
|
||
|
|
},
|
||
|
|
{
|
||
|
|
"category": "Payload delivery",
|
||
|
|
"comment": "\u00d0\u00bd\u00d0\u00be\u00d0\u00b2\u00d1\u2039\u00d0\u00b9 \u00d1\u201a\u00d0\u00b5\u00d0\u00ba\u00d1\u0081\u00d1\u201a\u00d0\u00be\u00d0\u00b2\u00d1\u2039\u00d0\u00b9.txt.com - oplata022018rm.rar",
|
||
|
|
"deleted": false,
|
||
|
|
"disable_correlation": false,
|
||
|
|
"timestamp": "1533279592",
|
||
|
|
"to_ids": true,
|
||
|
|
"type": "md5",
|
||
|
|
"uuid": "5b63fd68-a048-457f-bd35-437202de0b81",
|
||
|
|
"value": "c531c45b08b692d84cf0699ef92f0134"
|
||
|
|
},
|
||
|
|
{
|
||
|
|
"category": "Payload delivery",
|
||
|
|
"comment": "oplata 1\u00d1\u0081_2 scan.pdf.com - reestr oplat 1c \u00d0\u00be\u00d1\u201a 01.12.2017.rar",
|
||
|
|
"deleted": false,
|
||
|
|
"disable_correlation": false,
|
||
|
|
"timestamp": "1533279592",
|
||
|
|
"to_ids": true,
|
||
|
|
"type": "md5",
|
||
|
|
"uuid": "5b63fd68-63cc-4a17-b1b6-403002de0b81",
|
||
|
|
"value": "e5562389a49680c25e67b750b2c368eb"
|
||
|
|
},
|
||
|
|
{
|
||
|
|
"category": "Payload delivery",
|
||
|
|
"comment": "1C tshetim.rar",
|
||
|
|
"deleted": false,
|
||
|
|
"disable_correlation": false,
|
||
|
|
"timestamp": "1533279593",
|
||
|
|
"to_ids": true,
|
||
|
|
"type": "md5",
|
||
|
|
"uuid": "5b63fd69-6dc4-4a45-9a9c-4d4102de0b81",
|
||
|
|
"value": "3a636038a3d893e441f25696bcbf2c73"
|
||
|
|
},
|
||
|
|
{
|
||
|
|
"category": "Payload delivery",
|
||
|
|
"comment": "1C kopiya No5.pdf.scr",
|
||
|
|
"deleted": false,
|
||
|
|
"disable_correlation": false,
|
||
|
|
"timestamp": "1533279593",
|
||
|
|
"to_ids": true,
|
||
|
|
"type": "md5",
|
||
|
|
"uuid": "5b63fd69-3470-4837-89db-49bc02de0b81",
|
||
|
|
"value": "f9b14393b995a655e72731c8b6ce78fd"
|
||
|
|
},
|
||
|
|
{
|
||
|
|
"category": "Payload delivery",
|
||
|
|
"comment": "WinRAR pp.rar",
|
||
|
|
"deleted": false,
|
||
|
|
"disable_correlation": false,
|
||
|
|
"timestamp": "1533279594",
|
||
|
|
"to_ids": true,
|
||
|
|
"type": "md5",
|
||
|
|
"uuid": "5b63fd6a-0fbc-47b7-aad6-471102de0b81",
|
||
|
|
"value": "6e10bc85be5d330e9aed5b5c87ccee38"
|
||
|
|
},
|
||
|
|
{
|
||
|
|
"category": "Payload delivery",
|
||
|
|
"comment": "kopiya WinRAR.docx.scr",
|
||
|
|
"deleted": false,
|
||
|
|
"disable_correlation": false,
|
||
|
|
"timestamp": "1533279594",
|
||
|
|
"to_ids": true,
|
||
|
|
"type": "md5",
|
||
|
|
"uuid": "5b63fd6a-b0c4-4cd1-9769-46ea02de0b81",
|
||
|
|
"value": "f8ec2d059d937723becd92eae050a097"
|
||
|
|
},
|
||
|
|
{
|
||
|
|
"category": "Payload delivery",
|
||
|
|
"comment": "act sverki 09.10.2017 crbarin.pdf.com",
|
||
|
|
"deleted": false,
|
||
|
|
"disable_correlation": false,
|
||
|
|
"timestamp": "1533279594",
|
||
|
|
"to_ids": true,
|
||
|
|
"type": "md5",
|
||
|
|
"uuid": "5b63fd6a-9b48-4aa5-9970-4b8b02de0b81",
|
||
|
|
"value": "21089b34d8f9cb7910f521e30aa55908"
|
||
|
|
},
|
||
|
|
{
|
||
|
|
"category": "External analysis",
|
||
|
|
"comment": "",
|
||
|
|
"data": "JVBERi0xLjUNCiW1tbW1DQoxIDAgb2JqDQo8PC9UeXBlL0NhdGFsb2cvUGFnZXMgMiAwIFIvTGFuZyhydS1SVSkgPj4NCmVuZG9iag0KMiAwIG9iag0KPDwvVHlwZS9QYWdlcy9Db3VudCA1L0tpZHNbIDMgMCBSIDIzIDAgUiAyNSAwIFIgMjcgMCBSIDMzIDAgUl0gPj4NCmVuZG9iag0KMyAwIG9iag0KPDwvVHlwZS9QYWdlL1BhcmVudCAyIDAgUi9SZXNvdXJjZXM8PC9Gb250PDwvRjEgNSAwIFIvRjIgOSAwIFIvRjMgMTQgMCBSL0Y0IDE2IDAgUi9GNSAxOCAwIFI+Pi9FeHRHU3RhdGU8PC9HUzcgNyAwIFIvR1M4IDggMCBSPj4vUHJvY1NldFsvUERGL1RleHQvSW1hZ2VCL0ltYWdlQy9JbWFnZUldID4+L01lZGlhQm94WyAwIDAgNTk1LjMyIDg0MS45Ml0gL0NvbnRlbnRzIDQgMCBSL0dyb3VwPDwvVHlwZS9Hcm91cC9TL1RyYW5zcGFyZW5jeS9DUy9EZXZpY2VSR0I+Pi9UYWJzL1M+Pg0KZW5kb2JqDQo0IDAgb2JqDQo8PC9GaWx0ZXIvRmxhdGVEZWNvZGUvTGVuZ3RoIDU2MDI+Pg0Kc3RyZWFtDQp4nN1dWW8kN5J+b6D/Q70MoBpAOTyTmYAhoFSSBrtz2T0N+MHeB1WV1BbcUmkkeWZ6f/1G8EpmJYN5aJ7Whkt5RAaDQcYXEbx8+fnjhz/c8JVQq8/3Hz/wFYN/+UrWK2PqisHTRyD449/N6svrxw/wslLCwK+UcvXyxb5qMq8+/fHjh5/ONs/Pd0+Hh38Dw/X/rD7/98cP11DcpS1SnBbJtapMWupP3zF2KS5OPxzIyuumMqr35dlpeZHWqAHtf4GI+9u348vr6ni/2h4fn1+Oa3X2+PC6PhdndwQnJVWlDF3qPz5++CGILFdcDNSreaXdh6g6ARSs4jW3Wu0/ccrMM085SlnVtRfl5ojCfz3crc/1GdRs/wJVght5dos/b+vG3R3wZwV3O7z4tubsbPWGl7/gz114+7g+r92XX/+15spdvlC6EUxV3PQFonSjVpxbDZ6ohzedeqxGrBJ+t/l+fa7OvgeRrjYow+e1Ptv8jpCjlZUG1gmvn85+/pkiNpWqT4g/oT6Ot48PoLynL1SfknUlxMRSuII2bfrEf8Wm+rzm9dmf1/XZcX8LpX2F/zbPWMPnK3yNz95uKX1zWYm2z3S8uzBZsdA6y/SachjVa0o8S6+TSgl6TYmdNtecnwWNXt2+Qb3wzuucYNbqqtZ9ZqP6rBsD+PUOdaYMxrSZ0s5R5qQyvC5TWqqLBoUW9ZgymgORda0r2cyAyL+sPbx9RV3sH46/Ifq9rm7xz9vb2kPY/he4sohm8e0J7t5eSY+hG+wEiSy5SsAvKhgaBnRnzEqAM1MAbS3+vtx9/PDj71dPp2SNI9MDMhoZuRKVxM/bqrXCgNJe0OeC95Srf/XB8gbU8eAb6g7bbvW05g3oAAD80TqArhqDOiwRroEP6onCrQaF/xAuRMvRfQRVKlO1JqfKlK6h6GhxFXgp3U4U9y9oymvBzvRA7veKIXRl+Du1ZmkkMMKeytDSIRpr3A8Kcf/78deu7d1r3/Y9AtGyqm5TBozxUxKnCs/EqaJHoWVbcdVnomaT+Ko4jds3nb5TUTsCFLVPE4pJadQJTWcSglWNHjdrJKvLlqNzfYBX+DH0gOY05PmOicsrJsXNxbn4Dv5umWTwn8Bn8kLBI15faPjDbuwd29o/iuMfBvdSbNxnogFaFlhcSOSmLbH/4z613/DNxbl2j7il4ExK7kXYOF7wDGnF5c1FC1JulJUUHl00cLtl9lZsuXu1tcLaR5ebC86AkW4uzuEZ59dYAb6tbZl4S+DSBO3mLEwYU0Hz5/U7BYh8448CkZdvLgKItoakiZJPoo9S+LNZt2ccL64xpmnxCiF+uwUX3Dgqc7a5wqvtmoePLgU8vd5K+LgORJFaByY13Fh6pBZ4wUigW1hNBc3QUt2cbIbO1GUHWmjNJ7hlCRLYSkkSOJA94OoTRRiXKXSlNAlmyB4y9QRyEjstFcCpI6DBKaUhwUlDfKVizCFF1bQ6h04pnUa6ls2BJ85CNPz/HZ4ClTTXFqEsfyufuuDSyjCAqB/mKjprIqhoDXCg24GBWHvnYJ0GLxq4sFig4eLnNWYbFcSxL7cvRFC3WCbITmpBSjWOnqFgZ1G53kkRTpUw4Ceka5IPJLQQ17rRDN0pUIQnkCAK9+gAEGkvpBsnUe5bS6CCvg8Kvjns4HYH5CI0ikVUSIu0o8KP76E9EFZrCkgXV1jVjUXSfIVHkBQgRTZFKHUUI1jasSmBqWdVRtOUFQWnXldW7ERTiUQJBX5+QuTL6hGpU6LOWGpT6fFwLyWbE5A4Mzd1VZtB6/3t+z9jtrr5vEEnv/p0jZm3dfh/DwMJn3BE7hXvfkW7f3nADvq0sr3zCK++HPHBP4Hy+IIPK6Q6HPfQX+3l/ojsHimgWFgpwXXFWqpaE3BCGMyDfF/RbSWaPEwU6UZRQmuQTw7ku7KjbNsr1JwNkywQXGIY5a4a0J7FhWsDNi1DAGUBoI60NoS6sqQ+uGoCOPSgu42crrYkPCysqGqgewmqomV00E1dtW0JHTxFGR0SNgV0CKyK6NBjRaKD67N0sJUQkMFWj4YOtkDaWibQIEUWGhIyPSAbg4Z804EJV+BXng/Qbe6dx4efIw7/PX9F1/O2EtiLsVthMMBDPG/p8IL1OqINGNaNdVZk2LCwHjgpI+qFnRAagpnYCU3bno5SeIquE/ZokjZnJu2EPaqk1ZlJ+1e/PCeR00Khf3UEdP9Kaej+5a1+rH8lZFS7kKG8Bh5mEDhAnHt9dXFuA++rJDbf2FgckvUakvOmhQR9c2HgUjREnj5FtlyfaSA2FJR0Y30GlMt1EbgcxQhwdWxywJW0JNdjmOS0UOgzHQHdZ1Iaus8wgz53NFxJyGaPTmkOrTKI/5Mc6bK2eRHncH3DXD+Cvya5zfYh+3EcCgJNmCvLhBtN9a8J9chiElcWk7I1mRKh+HLHxoHKdOMRSl4+4TITj90qjvK0MWO5xoGcy2t8KAP0c5f9+IjjktsUx/O4tiELj9kQft7ahAVJazva5O/oHGZhXRVOxM9tis6whCy6B0cx4h46Njn3kARhIh0PyvqQlBXpQ5ymAh7oeiBQR+DxIKEJJaU06oQmGojCCbfx9CUlm40HCjprM4jz0XfU3oc0OOjDpNwyybcOG3DUF4eKknEhO7RiR5DwE/cpu3HDOv5Tiw4IHO3GPo8jxe0G3yFqWNaAHAXUmFLbLGpog/MQ+fpOQA0FAUYTexA0o6yzqFGmG0UNhXHy0GtutQyR4FaBRduc5JLBVROtvI0IcGWf+5Hg7Q18yZz1e/xoPcxwlXxkb2Nk6TMjAi6WVlIZjbM0RCVH8AJshrdFvHAUI3jRsSnhhWdVxouUFYUXvr/S8UNCQMYPPRoyfgitMoYXCdns4Q5loOn0oOmOPnO5DdlJMv/gvRd2yJdH6Is2jaFHOJeKxyUDV0TIV+5aqF5hSlGnpyhHnQmbQtTZo6KiTq+EQq/pCOhek9LQvQb7OB/vNQnZfC8D4MsG+aOHeowj6xvGmbjw3gAvjZ8jwFxGu1xGGj/jeH1tHQy+5y1zTgVDTviM47WprbNR/4EgdUq18+5GVbohKj7F3UAs0tYpwrZ5dyMsQULXzIpSsX5s6A9xRF27eQnvOGLc2kQPYlegqBCZ1sHIWRxtF5ED8qtDwLrz0at2+OCfiPiZDGU24dMd6YiWVl8ZgYvsiOqPwAXYldQlT+Qpyp4oYVPwRIFV0RP1WJGeyHXlAqZ0BDSmpDQ0pvje22GKyWKKb73OuOo5oCINjlQPQaXZ4uoDuwIB7b51aasFlmbrUMPhjsOB2k5pIngoR2VjXNGNoyBSuHGUBucgQ+iLZHh7vXXhLlCbDl7CrccqnzTHW/jIJCM1NzL91taACfxLwdIUzeUXd9W2GbO6G+v30P
|
||
|
|
"deleted": false,
|
||
|
|
"disable_correlation": false,
|
||
|
|
"timestamp": "1533279738",
|
||
|
|
"to_ids": false,
|
||
|
|
"type": "attachment",
|
||
|
|
"uuid": "5b63fdfa-9d30-4d83-9783-40d402de0b81",
|
||
|
|
"value": "TV_RMS_IoC_eng.pdf"
|
||
|
|
}
|
||
|
|
],
|
||
|
|
"Object": [
|
||
|
|
{
|
||
|
|
"comment": "",
|
||
|
|
"deleted": false,
|
||
|
|
"description": "File object describing a file with meta-information",
|
||
|
|
"meta-category": "file",
|
||
|
|
"name": "file",
|
||
|
|
"template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215",
|
||
|
|
"template_version": "11",
|
||
|
|
"timestamp": "1533279869",
|
||
|
|
"uuid": "76d54bf8-8a5c-4d15-99a5-60099d75f33c",
|
||
|
|
"ObjectReference": [
|
||
|
|
{
|
||
|
|
"comment": "",
|
||
|
|
"object_uuid": "76d54bf8-8a5c-4d15-99a5-60099d75f33c",
|
||
|
|
"referenced_uuid": "85c6f32f-13fd-45fc-b553-04eea230334d",
|
||
|
|
"relationship_type": "analysed-with",
|
||
|
|
"timestamp": "1533279933",
|
||
|
|
"uuid": "5b63febd-62dc-4be4-925c-6c4102de0b81"
|
||
|
|
}
|
||
|
|
],
|
||
|
|
"Attribute": [
|
||
|
|
{
|
||
|
|
"category": "Payload delivery",
|
||
|
|
"comment": "",
|
||
|
|
"deleted": false,
|
||
|
|
"disable_correlation": false,
|
||
|
|
"object_relation": "md5",
|
||
|
|
"timestamp": "1533279867",
|
||
|
|
"to_ids": true,
|
||
|
|
"type": "md5",
|
||
|
|
"uuid": "d452c81d-6a13-4da7-8607-2b3f3dbb8a88",
|
||
|
|
"value": "f8ec2d059d937723becd92eae050a097"
|
||
|
|
},
|
||
|
|
{
|
||
|
|
"category": "Payload delivery",
|
||
|
|
"comment": "",
|
||
|
|
"deleted": false,
|
||
|
|
"disable_correlation": false,
|
||
|
|
"object_relation": "sha1",
|
||
|
|
"timestamp": "1533279867",
|
||
|
|
"to_ids": true,
|
||
|
|
"type": "sha1",
|
||
|
|
"uuid": "292a8c2d-f067-4d70-88a8-ba5d16e3949c",
|
||
|
|
"value": "3ac6e16b8c127575cfc73bc94e519fc3a58fa7b5"
|
||
|
|
},
|
||
|
|
{
|
||
|
|
"category": "Payload delivery",
|
||
|
|
"comment": "",
|
||
|
|
"deleted": false,
|
||
|
|
"disable_correlation": false,
|
||
|
|
"object_relation": "sha256",
|
||
|
|
"timestamp": "1533279868",
|
||
|
|
"to_ids": true,
|
||
|
|
"type": "sha256",
|
||
|
|
"uuid": "b0eed3e2-1882-48fa-93ca-0607e1def374",
|
||
|
|
"value": "b785a79bb13d88e0ba3b704d626d4ee66070ca4ddfab095315bc3d75e4783d72"
|
||
|
|
}
|
||
|
|
]
|
||
|
|
},
|
||
|
|
{
|
||
|
|
"comment": "",
|
||
|
|
"deleted": false,
|
||
|
|
"description": "VirusTotal report",
|
||
|
|
"meta-category": "misc",
|
||
|
|
"name": "virustotal-report",
|
||
|
|
"template_uuid": "d7dd0154-e04f-4c34-a2fb-79f3a3a52aa4",
|
||
|
|
"template_version": "2",
|
||
|
|
"timestamp": "1533279868",
|
||
|
|
"uuid": "85c6f32f-13fd-45fc-b553-04eea230334d",
|
||
|
|
"Attribute": [
|
||
|
|
{
|
||
|
|
"category": "Other",
|
||
|
|
"comment": "",
|
||
|
|
"deleted": false,
|
||
|
|
"disable_correlation": false,
|
||
|
|
"object_relation": "last-submission",
|
||
|
|
"timestamp": "1533279868",
|
||
|
|
"to_ids": false,
|
||
|
|
"type": "datetime",
|
||
|
|
"uuid": "610f905b-3e22-476b-b85d-fa2950cd9e9f",
|
||
|
|
"value": "2018-05-16T08:12:04"
|
||
|
|
},
|
||
|
|
{
|
||
|
|
"category": "External analysis",
|
||
|
|
"comment": "",
|
||
|
|
"deleted": false,
|
||
|
|
"disable_correlation": false,
|
||
|
|
"object_relation": "permalink",
|
||
|
|
"timestamp": "1533279869",
|
||
|
|
"to_ids": false,
|
||
|
|
"type": "link",
|
||
|
|
"uuid": "04078969-96c3-4849-b011-4443f045c926",
|
||
|
|
"value": "https://www.virustotal.com/file/b785a79bb13d88e0ba3b704d626d4ee66070ca4ddfab095315bc3d75e4783d72/analysis/1526458324/"
|
||
|
|
},
|
||
|
|
{
|
||
|
|
"category": "Other",
|
||
|
|
"comment": "",
|
||
|
|
"deleted": false,
|
||
|
|
"disable_correlation": true,
|
||
|
|
"object_relation": "detection-ratio",
|
||
|
|
"timestamp": "1533279869",
|
||
|
|
"to_ids": false,
|
||
|
|
"type": "text",
|
||
|
|
"uuid": "ffd3d4b5-ffc4-47f1-b6fb-29115afa07ae",
|
||
|
|
"value": "15/66"
|
||
|
|
}
|
||
|
|
]
|
||
|
|
},
|
||
|
|
{
|
||
|
|
"comment": "",
|
||
|
|
"deleted": false,
|
||
|
|
"description": "File object describing a file with meta-information",
|
||
|
|
"meta-category": "file",
|
||
|
|
"name": "file",
|
||
|
|
"template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215",
|
||
|
|
"template_version": "11",
|
||
|
|
"timestamp": "1533279872",
|
||
|
|
"uuid": "8fbcce78-3cbc-4071-b67d-dfe531d27c00",
|
||
|
|
"ObjectReference": [
|
||
|
|
{
|
||
|
|
"comment": "",
|
||
|
|
"object_uuid": "8fbcce78-3cbc-4071-b67d-dfe531d27c00",
|
||
|
|
"referenced_uuid": "19c2defe-70e2-4b45-9834-a0d0c63c4611",
|
||
|
|
"relationship_type": "analysed-with",
|
||
|
|
"timestamp": "1533279933",
|
||
|
|
"uuid": "5b63febd-5d80-4660-906f-6c4102de0b81"
|
||
|
|
}
|
||
|
|
],
|
||
|
|
"Attribute": [
|
||
|
|
{
|
||
|
|
"category": "Payload delivery",
|
||
|
|
"comment": "",
|
||
|
|
"deleted": false,
|
||
|
|
"disable_correlation": false,
|
||
|
|
"object_relation": "md5",
|
||
|
|
"timestamp": "1533279869",
|
||
|
|
"to_ids": true,
|
||
|
|
"type": "md5",
|
||
|
|
"uuid": "95409609-3ae7-4e07-96f7-6e540e584311",
|
||
|
|
"value": "6e10bc85be5d330e9aed5b5c87ccee38"
|
||
|
|
},
|
||
|
|
{
|
||
|
|
"category": "Payload delivery",
|
||
|
|
"comment": "",
|
||
|
|
"deleted": false,
|
||
|
|
"disable_correlation": false,
|
||
|
|
"object_relation": "sha1",
|
||
|
|
"timestamp": "1533279870",
|
||
|
|
"to_ids": true,
|
||
|
|
"type": "sha1",
|
||
|
|
"uuid": "19ca916b-395e-481b-9e26-c798e0de4611",
|
||
|
|
"value": "63d796f57f7e72ac85766034320ef01863f4a22e"
|
||
|
|
},
|
||
|
|
{
|
||
|
|
"category": "Payload delivery",
|
||
|
|
"comment": "",
|
||
|
|
"deleted": false,
|
||
|
|
"disable_correlation": false,
|
||
|
|
"object_relation": "sha256",
|
||
|
|
"timestamp": "1533279870",
|
||
|
|
"to_ids": true,
|
||
|
|
"type": "sha256",
|
||
|
|
"uuid": "4ce7bc21-4dd4-459e-973c-b21f6e9c0788",
|
||
|
|
"value": "31553b0529512139e1cb22feb71885a6fb9b3dcc55418f874dd64162e5bb2557"
|
||
|
|
}
|
||
|
|
]
|
||
|
|
},
|
||
|
|
{
|
||
|
|
"comment": "",
|
||
|
|
"deleted": false,
|
||
|
|
"description": "VirusTotal report",
|
||
|
|
"meta-category": "misc",
|
||
|
|
"name": "virustotal-report",
|
||
|
|
"template_uuid": "d7dd0154-e04f-4c34-a2fb-79f3a3a52aa4",
|
||
|
|
"template_version": "2",
|
||
|
|
"timestamp": "1533279871",
|
||
|
|
"uuid": "19c2defe-70e2-4b45-9834-a0d0c63c4611",
|
||
|
|
"Attribute": [
|
||
|
|
{
|
||
|
|
"category": "Other",
|
||
|
|
"comment": "",
|
||
|
|
"deleted": false,
|
||
|
|
"disable_correlation": false,
|
||
|
|
"object_relation": "last-submission",
|
||
|
|
"timestamp": "1533279871",
|
||
|
|
"to_ids": false,
|
||
|
|
"type": "datetime",
|
||
|
|
"uuid": "c186b0ec-baf5-41f5-9fe1-abf706268da3",
|
||
|
|
"value": "2018-07-09T11:24:58"
|
||
|
|
},
|
||
|
|
{
|
||
|
|
"category": "External analysis",
|
||
|
|
"comment": "",
|
||
|
|
"deleted": false,
|
||
|
|
"disable_correlation": false,
|
||
|
|
"object_relation": "permalink",
|
||
|
|
"timestamp": "1533279871",
|
||
|
|
"to_ids": false,
|
||
|
|
"type": "link",
|
||
|
|
"uuid": "c8b29c08-2711-4f6c-bef9-e7e4d4c29548",
|
||
|
|
"value": "https://www.virustotal.com/file/31553b0529512139e1cb22feb71885a6fb9b3dcc55418f874dd64162e5bb2557/analysis/1531135498/"
|
||
|
|
},
|
||
|
|
{
|
||
|
|
"category": "Other",
|
||
|
|
"comment": "",
|
||
|
|
"deleted": false,
|
||
|
|
"disable_correlation": true,
|
||
|
|
"object_relation": "detection-ratio",
|
||
|
|
"timestamp": "1533279872",
|
||
|
|
"to_ids": false,
|
||
|
|
"type": "text",
|
||
|
|
"uuid": "e873be03-a3dd-417a-8531-219d41271e1d",
|
||
|
|
"value": "20/61"
|
||
|
|
}
|
||
|
|
]
|
||
|
|
},
|
||
|
|
{
|
||
|
|
"comment": "",
|
||
|
|
"deleted": false,
|
||
|
|
"description": "File object describing a file with meta-information",
|
||
|
|
"meta-category": "file",
|
||
|
|
"name": "file",
|
||
|
|
"template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215",
|
||
|
|
"template_version": "11",
|
||
|
|
"timestamp": "1533279875",
|
||
|
|
"uuid": "18222cee-2ac0-47a1-8791-6744df043aad",
|
||
|
|
"ObjectReference": [
|
||
|
|
{
|
||
|
|
"comment": "",
|
||
|
|
"object_uuid": "18222cee-2ac0-47a1-8791-6744df043aad",
|
||
|
|
"referenced_uuid": "89416cc5-db81-4f92-9523-398c9f71e800",
|
||
|
|
"relationship_type": "analysed-with",
|
||
|
|
"timestamp": "1533279934",
|
||
|
|
"uuid": "5b63febe-458c-49dc-bc45-6c4102de0b81"
|
||
|
|
}
|
||
|
|
],
|
||
|
|
"Attribute": [
|
||
|
|
{
|
||
|
|
"category": "Payload delivery",
|
||
|
|
"comment": "",
|
||
|
|
"deleted": false,
|
||
|
|
"disable_correlation": false,
|
||
|
|
"object_relation": "md5",
|
||
|
|
"timestamp": "1533279872",
|
||
|
|
"to_ids": true,
|
||
|
|
"type": "md5",
|
||
|
|
"uuid": "f8d5dd0f-65b6-4c11-a457-0d4525d007a8",
|
||
|
|
"value": "3463d4a1dea003b9904674f21904f04b"
|
||
|
|
},
|
||
|
|
{
|
||
|
|
"category": "Payload delivery",
|
||
|
|
"comment": "",
|
||
|
|
"deleted": false,
|
||
|
|
"disable_correlation": false,
|
||
|
|
"object_relation": "sha1",
|
||
|
|
"timestamp": "1533279872",
|
||
|
|
"to_ids": true,
|
||
|
|
"type": "sha1",
|
||
|
|
"uuid": "f8dc1f67-e85c-444b-93d3-edcddbef3e58",
|
||
|
|
"value": "ea09ca011157ff09743e07f2273291c91e81e925"
|
||
|
|
},
|
||
|
|
{
|
||
|
|
"category": "Payload delivery",
|
||
|
|
"comment": "",
|
||
|
|
"deleted": false,
|
||
|
|
"disable_correlation": false,
|
||
|
|
"object_relation": "sha256",
|
||
|
|
"timestamp": "1533279873",
|
||
|
|
"to_ids": true,
|
||
|
|
"type": "sha256",
|
||
|
|
"uuid": "2e056369-4db0-4fcd-be61-0ff6675314c3",
|
||
|
|
"value": "d89168411b7d7bfa9fb402978c553d88ff50bcbbbb10c06a15cbbe6b48ab852f"
|
||
|
|
}
|
||
|
|
]
|
||
|
|
},
|
||
|
|
{
|
||
|
|
"comment": "",
|
||
|
|
"deleted": false,
|
||
|
|
"description": "VirusTotal report",
|
||
|
|
"meta-category": "misc",
|
||
|
|
"name": "virustotal-report",
|
||
|
|
"template_uuid": "d7dd0154-e04f-4c34-a2fb-79f3a3a52aa4",
|
||
|
|
"template_version": "2",
|
||
|
|
"timestamp": "1533279873",
|
||
|
|
"uuid": "89416cc5-db81-4f92-9523-398c9f71e800",
|
||
|
|
"Attribute": [
|
||
|
|
{
|
||
|
|
"category": "Other",
|
||
|
|
"comment": "",
|
||
|
|
"deleted": false,
|
||
|
|
"disable_correlation": false,
|
||
|
|
"object_relation": "last-submission",
|
||
|
|
"timestamp": "1533279873",
|
||
|
|
"to_ids": false,
|
||
|
|
"type": "datetime",
|
||
|
|
"uuid": "38fe2f48-7f55-46b6-8a8b-9be8a5c6ea62",
|
||
|
|
"value": "2018-07-28T21:30:50"
|
||
|
|
},
|
||
|
|
{
|
||
|
|
"category": "External analysis",
|
||
|
|
"comment": "",
|
||
|
|
"deleted": false,
|
||
|
|
"disable_correlation": false,
|
||
|
|
"object_relation": "permalink",
|
||
|
|
"timestamp": "1533279874",
|
||
|
|
"to_ids": false,
|
||
|
|
"type": "link",
|
||
|
|
"uuid": "ef4a3a56-dbdb-45f2-a922-fcf3954be4ce",
|
||
|
|
"value": "https://www.virustotal.com/file/d89168411b7d7bfa9fb402978c553d88ff50bcbbbb10c06a15cbbe6b48ab852f/analysis/1532813450/"
|
||
|
|
},
|
||
|
|
{
|
||
|
|
"category": "Other",
|
||
|
|
"comment": "",
|
||
|
|
"deleted": false,
|
||
|
|
"disable_correlation": true,
|
||
|
|
"object_relation": "detection-ratio",
|
||
|
|
"timestamp": "1533279874",
|
||
|
|
"to_ids": false,
|
||
|
|
"type": "text",
|
||
|
|
"uuid": "0434626c-bef4-45f0-97b3-921d7637fb62",
|
||
|
|
"value": "51/68"
|
||
|
|
}
|
||
|
|
]
|
||
|
|
},
|
||
|
|
{
|
||
|
|
"comment": "",
|
||
|
|
"deleted": false,
|
||
|
|
"description": "File object describing a file with meta-information",
|
||
|
|
"meta-category": "file",
|
||
|
|
"name": "file",
|
||
|
|
"template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215",
|
||
|
|
"template_version": "11",
|
||
|
|
"timestamp": "1533279877",
|
||
|
|
"uuid": "0e9b4bd9-14db-4902-9991-a206bcacc6f1",
|
||
|
|
"ObjectReference": [
|
||
|
|
{
|
||
|
|
"comment": "",
|
||
|
|
"object_uuid": "0e9b4bd9-14db-4902-9991-a206bcacc6f1",
|
||
|
|
"referenced_uuid": "b0a6a50d-3304-4eaf-9802-eb197d2ad89d",
|
||
|
|
"relationship_type": "analysed-with",
|
||
|
|
"timestamp": "1533279934",
|
||
|
|
"uuid": "5b63febe-ede4-4a15-a8da-6c4102de0b81"
|
||
|
|
}
|
||
|
|
],
|
||
|
|
"Attribute": [
|
||
|
|
{
|
||
|
|
"category": "Payload delivery",
|
||
|
|
"comment": "",
|
||
|
|
"deleted": false,
|
||
|
|
"disable_correlation": false,
|
||
|
|
"object_relation": "md5",
|
||
|
|
"timestamp": "1533279874",
|
||
|
|
"to_ids": true,
|
||
|
|
"type": "md5",
|
||
|
|
"uuid": "a54491ab-2bbb-4d14-9da2-9d14dc7c9ef8",
|
||
|
|
"value": "ba9747658aa8263b446bc29b99c0071f"
|
||
|
|
},
|
||
|
|
{
|
||
|
|
"category": "Payload delivery",
|
||
|
|
"comment": "",
|
||
|
|
"deleted": false,
|
||
|
|
"disable_correlation": false,
|
||
|
|
"object_relation": "sha1",
|
||
|
|
"timestamp": "1533279875",
|
||
|
|
"to_ids": true,
|
||
|
|
"type": "sha1",
|
||
|
|
"uuid": "fe7d2891-15fb-4d06-9394-5bd3f378eecd",
|
||
|
|
"value": "a67eeb92cee5691eb022b0583c33684f3a893e48"
|
||
|
|
},
|
||
|
|
{
|
||
|
|
"category": "Payload delivery",
|
||
|
|
"comment": "",
|
||
|
|
"deleted": false,
|
||
|
|
"disable_correlation": false,
|
||
|
|
"object_relation": "sha256",
|
||
|
|
"timestamp": "1533279875",
|
||
|
|
"to_ids": true,
|
||
|
|
"type": "sha256",
|
||
|
|
"uuid": "a35ff82c-5e94-4bd6-88b8-05fd5d1cb0b2",
|
||
|
|
"value": "dbd77affbcef98e8814411a7fb713254f06c21fe5fe7697e75824c60a7ebcbcd"
|
||
|
|
}
|
||
|
|
]
|
||
|
|
},
|
||
|
|
{
|
||
|
|
"comment": "",
|
||
|
|
"deleted": false,
|
||
|
|
"description": "VirusTotal report",
|
||
|
|
"meta-category": "misc",
|
||
|
|
"name": "virustotal-report",
|
||
|
|
"template_uuid": "d7dd0154-e04f-4c34-a2fb-79f3a3a52aa4",
|
||
|
|
"template_version": "2",
|
||
|
|
"timestamp": "1533279876",
|
||
|
|
"uuid": "b0a6a50d-3304-4eaf-9802-eb197d2ad89d",
|
||
|
|
"Attribute": [
|
||
|
|
{
|
||
|
|
"category": "Other",
|
||
|
|
"comment": "",
|
||
|
|
"deleted": false,
|
||
|
|
"disable_correlation": false,
|
||
|
|
"object_relation": "last-submission",
|
||
|
|
"timestamp": "1533279876",
|
||
|
|
"to_ids": false,
|
||
|
|
"type": "datetime",
|
||
|
|
"uuid": "2fdc44f1-fb8a-4844-9997-79a94b8e0b8b",
|
||
|
|
"value": "2018-07-20T21:20:18"
|
||
|
|
},
|
||
|
|
{
|
||
|
|
"category": "External analysis",
|
||
|
|
"comment": "",
|
||
|
|
"deleted": false,
|
||
|
|
"disable_correlation": false,
|
||
|
|
"object_relation": "permalink",
|
||
|
|
"timestamp": "1533279876",
|
||
|
|
"to_ids": false,
|
||
|
|
"type": "link",
|
||
|
|
"uuid": "e0252f8c-f6bf-4562-afdf-649685561b34",
|
||
|
|
"value": "https://www.virustotal.com/file/dbd77affbcef98e8814411a7fb713254f06c21fe5fe7697e75824c60a7ebcbcd/analysis/1532121618/"
|
||
|
|
},
|
||
|
|
{
|
||
|
|
"category": "Other",
|
||
|
|
"comment": "",
|
||
|
|
"deleted": false,
|
||
|
|
"disable_correlation": true,
|
||
|
|
"object_relation": "detection-ratio",
|
||
|
|
"timestamp": "1533279877",
|
||
|
|
"to_ids": false,
|
||
|
|
"type": "text",
|
||
|
|
"uuid": "4d5f0a98-9bed-4300-8c25-064eae706677",
|
||
|
|
"value": "49/68"
|
||
|
|
}
|
||
|
|
]
|
||
|
|
},
|
||
|
|
{
|
||
|
|
"comment": "",
|
||
|
|
"deleted": false,
|
||
|
|
"description": "File object describing a file with meta-information",
|
||
|
|
"meta-category": "file",
|
||
|
|
"name": "file",
|
||
|
|
"template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215",
|
||
|
|
"template_version": "11",
|
||
|
|
"timestamp": "1533279880",
|
||
|
|
"uuid": "d4cb5445-b513-432b-97e4-b95f612ab3d4",
|
||
|
|
"ObjectReference": [
|
||
|
|
{
|
||
|
|
"comment": "",
|
||
|
|
"object_uuid": "d4cb5445-b513-432b-97e4-b95f612ab3d4",
|
||
|
|
"referenced_uuid": "2b6f9fe6-6e77-420e-ad70-57285e0091df",
|
||
|
|
"relationship_type": "analysed-with",
|
||
|
|
"timestamp": "1533279934",
|
||
|
|
"uuid": "5b63febe-89bc-4ac5-9ab1-6c4102de0b81"
|
||
|
|
}
|
||
|
|
],
|
||
|
|
"Attribute": [
|
||
|
|
{
|
||
|
|
"category": "Payload delivery",
|
||
|
|
"comment": "",
|
||
|
|
"deleted": false,
|
||
|
|
"disable_correlation": false,
|
||
|
|
"object_relation": "md5",
|
||
|
|
"timestamp": "1533279877",
|
||
|
|
"to_ids": true,
|
||
|
|
"type": "md5",
|
||
|
|
"uuid": "8729a7ba-dd0f-49fc-b8b7-0ce181fc09d4",
|
||
|
|
"value": "2374c93efbe32199b177eb12f96b6166"
|
||
|
|
},
|
||
|
|
{
|
||
|
|
"category": "Payload delivery",
|
||
|
|
"comment": "",
|
||
|
|
"deleted": false,
|
||
|
|
"disable_correlation": false,
|
||
|
|
"object_relation": "sha1",
|
||
|
|
"timestamp": "1533279877",
|
||
|
|
"to_ids": true,
|
||
|
|
"type": "sha1",
|
||
|
|
"uuid": "0411ce5e-1db7-4165-ba3e-276a4483c402",
|
||
|
|
"value": "ca948caa972a756d57260a2bd3f0b3bc7c8cf5da"
|
||
|
|
},
|
||
|
|
{
|
||
|
|
"category": "Payload delivery",
|
||
|
|
"comment": "",
|
||
|
|
"deleted": false,
|
||
|
|
"disable_correlation": false,
|
||
|
|
"object_relation": "sha256",
|
||
|
|
"timestamp": "1533279878",
|
||
|
|
"to_ids": true,
|
||
|
|
"type": "sha256",
|
||
|
|
"uuid": "1a3ffc20-dc4b-4868-8d99-1d76a4793eb1",
|
||
|
|
"value": "50833fa57ef4bbb0d8f516df8d7b8419df1d81bd1166f2c6846590d5f6c45c41"
|
||
|
|
}
|
||
|
|
]
|
||
|
|
},
|
||
|
|
{
|
||
|
|
"comment": "",
|
||
|
|
"deleted": false,
|
||
|
|
"description": "VirusTotal report",
|
||
|
|
"meta-category": "misc",
|
||
|
|
"name": "virustotal-report",
|
||
|
|
"template_uuid": "d7dd0154-e04f-4c34-a2fb-79f3a3a52aa4",
|
||
|
|
"template_version": "2",
|
||
|
|
"timestamp": "1533279879",
|
||
|
|
"uuid": "2b6f9fe6-6e77-420e-ad70-57285e0091df",
|
||
|
|
"Attribute": [
|
||
|
|
{
|
||
|
|
"category": "Other",
|
||
|
|
"comment": "",
|
||
|
|
"deleted": false,
|
||
|
|
"disable_correlation": false,
|
||
|
|
"object_relation": "last-submission",
|
||
|
|
"timestamp": "1533279879",
|
||
|
|
"to_ids": false,
|
||
|
|
"type": "datetime",
|
||
|
|
"uuid": "c339bb60-e470-4bac-bd9d-27485a79a6c0",
|
||
|
|
"value": "2018-01-26T15:44:18"
|
||
|
|
},
|
||
|
|
{
|
||
|
|
"category": "External analysis",
|
||
|
|
"comment": "",
|
||
|
|
"deleted": false,
|
||
|
|
"disable_correlation": false,
|
||
|
|
"object_relation": "permalink",
|
||
|
|
"timestamp": "1533279880",
|
||
|
|
"to_ids": false,
|
||
|
|
"type": "link",
|
||
|
|
"uuid": "d656dce0-c353-44d4-963d-c38b1d4ebd2d",
|
||
|
|
"value": "https://www.virustotal.com/file/50833fa57ef4bbb0d8f516df8d7b8419df1d81bd1166f2c6846590d5f6c45c41/analysis/1516981458/"
|
||
|
|
},
|
||
|
|
{
|
||
|
|
"category": "Other",
|
||
|
|
"comment": "",
|
||
|
|
"deleted": false,
|
||
|
|
"disable_correlation": true,
|
||
|
|
"object_relation": "detection-ratio",
|
||
|
|
"timestamp": "1533279880",
|
||
|
|
"to_ids": false,
|
||
|
|
"type": "text",
|
||
|
|
"uuid": "f77f523a-23dd-4882-bc54-3180141cca05",
|
||
|
|
"value": "23/65"
|
||
|
|
}
|
||
|
|
]
|
||
|
|
},
|
||
|
|
{
|
||
|
|
"comment": "",
|
||
|
|
"deleted": false,
|
||
|
|
"description": "File object describing a file with meta-information",
|
||
|
|
"meta-category": "file",
|
||
|
|
"name": "file",
|
||
|
|
"template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215",
|
||
|
|
"template_version": "11",
|
||
|
|
"timestamp": "1533279883",
|
||
|
|
"uuid": "7c801ac7-ea1e-463d-91c4-d0cbd23b3109",
|
||
|
|
"ObjectReference": [
|
||
|
|
{
|
||
|
|
"comment": "",
|
||
|
|
"object_uuid": "7c801ac7-ea1e-463d-91c4-d0cbd23b3109",
|
||
|
|
"referenced_uuid": "f3f2eb44-2a5c-4d1c-b9bd-1edfe18dfc2d",
|
||
|
|
"relationship_type": "analysed-with",
|
||
|
|
"timestamp": "1533279934",
|
||
|
|
"uuid": "5b63febe-a6e0-4a8d-9a33-6c4102de0b81"
|
||
|
|
}
|
||
|
|
],
|
||
|
|
"Attribute": [
|
||
|
|
{
|
||
|
|
"category": "Payload delivery",
|
||
|
|
"comment": "",
|
||
|
|
"deleted": false,
|
||
|
|
"disable_correlation": false,
|
||
|
|
"object_relation": "md5",
|
||
|
|
"timestamp": "1533279880",
|
||
|
|
"to_ids": true,
|
||
|
|
"type": "md5",
|
||
|
|
"uuid": "29dec0fa-842b-4987-a62c-e86645d8e33f",
|
||
|
|
"value": "579a5233fe9580e83fb20c2addb1a303"
|
||
|
|
},
|
||
|
|
{
|
||
|
|
"category": "Payload delivery",
|
||
|
|
"comment": "",
|
||
|
|
"deleted": false,
|
||
|
|
"disable_correlation": false,
|
||
|
|
"object_relation": "sha1",
|
||
|
|
"timestamp": "1533279881",
|
||
|
|
"to_ids": true,
|
||
|
|
"type": "sha1",
|
||
|
|
"uuid": "f822d218-6634-4e8f-a529-c7d1a26d88d6",
|
||
|
|
"value": "713d542f516b7ec679f7d3a4090a7d9e07e137ef"
|
||
|
|
},
|
||
|
|
{
|
||
|
|
"category": "Payload delivery",
|
||
|
|
"comment": "",
|
||
|
|
"deleted": false,
|
||
|
|
"disable_correlation": false,
|
||
|
|
"object_relation": "sha256",
|
||
|
|
"timestamp": "1533279881",
|
||
|
|
"to_ids": true,
|
||
|
|
"type": "sha256",
|
||
|
|
"uuid": "c06a1a83-0e09-4ed1-af92-e1631a7ff39d",
|
||
|
|
"value": "8250a6d411738754452284f21e7db1cb3228bcd128a7867023d19509aedbc18b"
|
||
|
|
}
|
||
|
|
]
|
||
|
|
},
|
||
|
|
{
|
||
|
|
"comment": "",
|
||
|
|
"deleted": false,
|
||
|
|
"description": "VirusTotal report",
|
||
|
|
"meta-category": "misc",
|
||
|
|
"name": "virustotal-report",
|
||
|
|
"template_uuid": "d7dd0154-e04f-4c34-a2fb-79f3a3a52aa4",
|
||
|
|
"template_version": "2",
|
||
|
|
"timestamp": "1533279882",
|
||
|
|
"uuid": "f3f2eb44-2a5c-4d1c-b9bd-1edfe18dfc2d",
|
||
|
|
"Attribute": [
|
||
|
|
{
|
||
|
|
"category": "Other",
|
||
|
|
"comment": "",
|
||
|
|
"deleted": false,
|
||
|
|
"disable_correlation": false,
|
||
|
|
"object_relation": "last-submission",
|
||
|
|
"timestamp": "1533279882",
|
||
|
|
"to_ids": false,
|
||
|
|
"type": "datetime",
|
||
|
|
"uuid": "6ea8c0c4-cd43-48de-b920-40a6206e20a2",
|
||
|
|
"value": "2017-11-18T02:11:25"
|
||
|
|
},
|
||
|
|
{
|
||
|
|
"category": "External analysis",
|
||
|
|
"comment": "",
|
||
|
|
"deleted": false,
|
||
|
|
"disable_correlation": false,
|
||
|
|
"object_relation": "permalink",
|
||
|
|
"timestamp": "1533279882",
|
||
|
|
"to_ids": false,
|
||
|
|
"type": "link",
|
||
|
|
"uuid": "734c6a95-e688-431b-b864-a2309cc8c1ea",
|
||
|
|
"value": "https://www.virustotal.com/file/8250a6d411738754452284f21e7db1cb3228bcd128a7867023d19509aedbc18b/analysis/1510971085/"
|
||
|
|
},
|
||
|
|
{
|
||
|
|
"category": "Other",
|
||
|
|
"comment": "",
|
||
|
|
"deleted": false,
|
||
|
|
"disable_correlation": true,
|
||
|
|
"object_relation": "detection-ratio",
|
||
|
|
"timestamp": "1533279883",
|
||
|
|
"to_ids": false,
|
||
|
|
"type": "text",
|
||
|
|
"uuid": "863452d8-d122-4270-aa19-d3cc9cc82be3",
|
||
|
|
"value": "53/67"
|
||
|
|
}
|
||
|
|
]
|
||
|
|
},
|
||
|
|
{
|
||
|
|
"comment": "",
|
||
|
|
"deleted": false,
|
||
|
|
"description": "File object describing a file with meta-information",
|
||
|
|
"meta-category": "file",
|
||
|
|
"name": "file",
|
||
|
|
"template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215",
|
||
|
|
"template_version": "11",
|
||
|
|
"timestamp": "1533279886",
|
||
|
|
"uuid": "7afe7225-8811-485e-8937-ab7bad8e74f0",
|
||
|
|
"ObjectReference": [
|
||
|
|
{
|
||
|
|
"comment": "",
|
||
|
|
"object_uuid": "7afe7225-8811-485e-8937-ab7bad8e74f0",
|
||
|
|
"referenced_uuid": "7d927d9b-6bc5-4668-9595-b58885c9cc0b",
|
||
|
|
"relationship_type": "analysed-with",
|
||
|
|
"timestamp": "1533279934",
|
||
|
|
"uuid": "5b63febe-478c-439e-a2ed-6c4102de0b81"
|
||
|
|
}
|
||
|
|
],
|
||
|
|
"Attribute": [
|
||
|
|
{
|
||
|
|
"category": "Payload delivery",
|
||
|
|
"comment": "",
|
||
|
|
"deleted": false,
|
||
|
|
"disable_correlation": false,
|
||
|
|
"object_relation": "md5",
|
||
|
|
"timestamp": "1533279883",
|
||
|
|
"to_ids": true,
|
||
|
|
"type": "md5",
|
||
|
|
"uuid": "453f7534-cea4-4b4c-af8b-1562defe3a08",
|
||
|
|
"value": "3a636038a3d893e441f25696bcbf2c73"
|
||
|
|
},
|
||
|
|
{
|
||
|
|
"category": "Payload delivery",
|
||
|
|
"comment": "",
|
||
|
|
"deleted": false,
|
||
|
|
"disable_correlation": false,
|
||
|
|
"object_relation": "sha1",
|
||
|
|
"timestamp": "1533279883",
|
||
|
|
"to_ids": true,
|
||
|
|
"type": "sha1",
|
||
|
|
"uuid": "81e3f978-d0a1-403e-8657-4ae281c7e5cc",
|
||
|
|
"value": "b331c97c29abde694cde08850ec0dae039f2101b"
|
||
|
|
},
|
||
|
|
{
|
||
|
|
"category": "Payload delivery",
|
||
|
|
"comment": "",
|
||
|
|
"deleted": false,
|
||
|
|
"disable_correlation": false,
|
||
|
|
"object_relation": "sha256",
|
||
|
|
"timestamp": "1533279884",
|
||
|
|
"to_ids": true,
|
||
|
|
"type": "sha256",
|
||
|
|
"uuid": "131dfdc3-aa77-4dd5-9436-04d78cddccb8",
|
||
|
|
"value": "267f7279400b61335e940b1312026dbd6e3cdc900efe0d8ba88ffd470030cfa2"
|
||
|
|
}
|
||
|
|
]
|
||
|
|
},
|
||
|
|
{
|
||
|
|
"comment": "",
|
||
|
|
"deleted": false,
|
||
|
|
"description": "VirusTotal report",
|
||
|
|
"meta-category": "misc",
|
||
|
|
"name": "virustotal-report",
|
||
|
|
"template_uuid": "d7dd0154-e04f-4c34-a2fb-79f3a3a52aa4",
|
||
|
|
"template_version": "2",
|
||
|
|
"timestamp": "1533279884",
|
||
|
|
"uuid": "7d927d9b-6bc5-4668-9595-b58885c9cc0b",
|
||
|
|
"Attribute": [
|
||
|
|
{
|
||
|
|
"category": "Other",
|
||
|
|
"comment": "",
|
||
|
|
"deleted": false,
|
||
|
|
"disable_correlation": false,
|
||
|
|
"object_relation": "last-submission",
|
||
|
|
"timestamp": "1533279884",
|
||
|
|
"to_ids": false,
|
||
|
|
"type": "datetime",
|
||
|
|
"uuid": "f7afa361-998b-4276-9212-d7781cb0d73e",
|
||
|
|
"value": "2018-05-30T00:06:21"
|
||
|
|
},
|
||
|
|
{
|
||
|
|
"category": "External analysis",
|
||
|
|
"comment": "",
|
||
|
|
"deleted": false,
|
||
|
|
"disable_correlation": false,
|
||
|
|
"object_relation": "permalink",
|
||
|
|
"timestamp": "1533279885",
|
||
|
|
"to_ids": false,
|
||
|
|
"type": "link",
|
||
|
|
"uuid": "87df4eca-62ab-41ee-adbe-0d6c6e819db1",
|
||
|
|
"value": "https://www.virustotal.com/file/267f7279400b61335e940b1312026dbd6e3cdc900efe0d8ba88ffd470030cfa2/analysis/1527638781/"
|
||
|
|
},
|
||
|
|
{
|
||
|
|
"category": "Other",
|
||
|
|
"comment": "",
|
||
|
|
"deleted": false,
|
||
|
|
"disable_correlation": true,
|
||
|
|
"object_relation": "detection-ratio",
|
||
|
|
"timestamp": "1533279885",
|
||
|
|
"to_ids": false,
|
||
|
|
"type": "text",
|
||
|
|
"uuid": "e2d8429a-4bae-4223-96cc-02a05cf8d5e4",
|
||
|
|
"value": "30/60"
|
||
|
|
}
|
||
|
|
]
|
||
|
|
},
|
||
|
|
{
|
||
|
|
"comment": "",
|
||
|
|
"deleted": false,
|
||
|
|
"description": "File object describing a file with meta-information",
|
||
|
|
"meta-category": "file",
|
||
|
|
"name": "file",
|
||
|
|
"template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215",
|
||
|
|
"template_version": "11",
|
||
|
|
"timestamp": "1533279888",
|
||
|
|
"uuid": "294d1429-59cd-4ad7-95d9-fc5b3661475a",
|
||
|
|
"ObjectReference": [
|
||
|
|
{
|
||
|
|
"comment": "",
|
||
|
|
"object_uuid": "294d1429-59cd-4ad7-95d9-fc5b3661475a",
|
||
|
|
"referenced_uuid": "240a9164-aac0-4a1d-9f8c-ac58688889dd",
|
||
|
|
"relationship_type": "analysed-with",
|
||
|
|
"timestamp": "1533279934",
|
||
|
|
"uuid": "5b63febe-cb90-4059-985a-6c4102de0b81"
|
||
|
|
}
|
||
|
|
],
|
||
|
|
"Attribute": [
|
||
|
|
{
|
||
|
|
"category": "Payload delivery",
|
||
|
|
"comment": "",
|
||
|
|
"deleted": false,
|
||
|
|
"disable_correlation": false,
|
||
|
|
"object_relation": "md5",
|
||
|
|
"timestamp": "1533279885",
|
||
|
|
"to_ids": true,
|
||
|
|
"type": "md5",
|
||
|
|
"uuid": "5bb9404f-7f68-402b-9bcb-971370358a09",
|
||
|
|
"value": "4fd16e0e8bf3ae4ff155e461b2eccb79"
|
||
|
|
},
|
||
|
|
{
|
||
|
|
"category": "Payload delivery",
|
||
|
|
"comment": "",
|
||
|
|
"deleted": false,
|
||
|
|
"disable_correlation": false,
|
||
|
|
"object_relation": "sha1",
|
||
|
|
"timestamp": "1533279886",
|
||
|
|
"to_ids": true,
|
||
|
|
"type": "sha1",
|
||
|
|
"uuid": "1aad1bd9-e20e-4673-bf39-1f41d39e425a",
|
||
|
|
"value": "19eae97bb8ceac18bb02bcd3450458ed0e59c406"
|
||
|
|
},
|
||
|
|
{
|
||
|
|
"category": "Payload delivery",
|
||
|
|
"comment": "",
|
||
|
|
"deleted": false,
|
||
|
|
"disable_correlation": false,
|
||
|
|
"object_relation": "sha256",
|
||
|
|
"timestamp": "1533279887",
|
||
|
|
"to_ids": true,
|
||
|
|
"type": "sha256",
|
||
|
|
"uuid": "815ad9cb-e303-43f1-ae9d-4e9eb4d2d25f",
|
||
|
|
"value": "863ee32ff078261823874c12e38e8b76d0cd5bfc6d0edaad010db9d618136c4c"
|
||
|
|
}
|
||
|
|
]
|
||
|
|
},
|
||
|
|
{
|
||
|
|
"comment": "",
|
||
|
|
"deleted": false,
|
||
|
|
"description": "VirusTotal report",
|
||
|
|
"meta-category": "misc",
|
||
|
|
"name": "virustotal-report",
|
||
|
|
"template_uuid": "d7dd0154-e04f-4c34-a2fb-79f3a3a52aa4",
|
||
|
|
"template_version": "2",
|
||
|
|
"timestamp": "1533279887",
|
||
|
|
"uuid": "240a9164-aac0-4a1d-9f8c-ac58688889dd",
|
||
|
|
"Attribute": [
|
||
|
|
{
|
||
|
|
"category": "Other",
|
||
|
|
"comment": "",
|
||
|
|
"deleted": false,
|
||
|
|
"disable_correlation": false,
|
||
|
|
"object_relation": "last-submission",
|
||
|
|
"timestamp": "1533279887",
|
||
|
|
"to_ids": false,
|
||
|
|
"type": "datetime",
|
||
|
|
"uuid": "5697742a-38ef-4e5f-8b5b-c4f1264b5c50",
|
||
|
|
"value": "2018-07-23T00:12:21"
|
||
|
|
},
|
||
|
|
{
|
||
|
|
"category": "External analysis",
|
||
|
|
"comment": "",
|
||
|
|
"deleted": false,
|
||
|
|
"disable_correlation": false,
|
||
|
|
"object_relation": "permalink",
|
||
|
|
"timestamp": "1533279888",
|
||
|
|
"to_ids": false,
|
||
|
|
"type": "link",
|
||
|
|
"uuid": "31aab7a7-f01b-4d9a-b9dd-09c8c2e7b0b9",
|
||
|
|
"value": "https://www.virustotal.com/file/863ee32ff078261823874c12e38e8b76d0cd5bfc6d0edaad010db9d618136c4c/analysis/1532304741/"
|
||
|
|
},
|
||
|
|
{
|
||
|
|
"category": "Other",
|
||
|
|
"comment": "",
|
||
|
|
"deleted": false,
|
||
|
|
"disable_correlation": true,
|
||
|
|
"object_relation": "detection-ratio",
|
||
|
|
"timestamp": "1533279888",
|
||
|
|
"to_ids": false,
|
||
|
|
"type": "text",
|
||
|
|
"uuid": "8a7c447f-f278-4541-bca7-37bef818c827",
|
||
|
|
"value": "53/68"
|
||
|
|
}
|
||
|
|
]
|
||
|
|
},
|
||
|
|
{
|
||
|
|
"comment": "",
|
||
|
|
"deleted": false,
|
||
|
|
"description": "File object describing a file with meta-information",
|
||
|
|
"meta-category": "file",
|
||
|
|
"name": "file",
|
||
|
|
"template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215",
|
||
|
|
"template_version": "11",
|
||
|
|
"timestamp": "1533279891",
|
||
|
|
"uuid": "0bf17bb7-e694-4e30-ae93-44dad8b167dc",
|
||
|
|
"ObjectReference": [
|
||
|
|
{
|
||
|
|
"comment": "",
|
||
|
|
"object_uuid": "0bf17bb7-e694-4e30-ae93-44dad8b167dc",
|
||
|
|
"referenced_uuid": "f600d536-ac39-4588-9ff8-63621d6d372b",
|
||
|
|
"relationship_type": "analysed-with",
|
||
|
|
"timestamp": "1533279934",
|
||
|
|
"uuid": "5b63febe-1fcc-497b-9d4b-6c4102de0b81"
|
||
|
|
}
|
||
|
|
],
|
||
|
|
"Attribute": [
|
||
|
|
{
|
||
|
|
"category": "Payload delivery",
|
||
|
|
"comment": "",
|
||
|
|
"deleted": false,
|
||
|
|
"disable_correlation": false,
|
||
|
|
"object_relation": "md5",
|
||
|
|
"timestamp": "1533279889",
|
||
|
|
"to_ids": true,
|
||
|
|
"type": "md5",
|
||
|
|
"uuid": "9953ce88-5511-4190-9860-115cf91dba95",
|
||
|
|
"value": "61aecb3e037e01bc0ad1062e6ff557e6"
|
||
|
|
},
|
||
|
|
{
|
||
|
|
"category": "Payload delivery",
|
||
|
|
"comment": "",
|
||
|
|
"deleted": false,
|
||
|
|
"disable_correlation": false,
|
||
|
|
"object_relation": "sha1",
|
||
|
|
"timestamp": "1533279889",
|
||
|
|
"to_ids": true,
|
||
|
|
"type": "sha1",
|
||
|
|
"uuid": "8dae3de5-ca8c-452b-9042-ddaba92389fc",
|
||
|
|
"value": "9bbd38502f32dccf4ec8f5c6b0a52a96f2b7825b"
|
||
|
|
},
|
||
|
|
{
|
||
|
|
"category": "Payload delivery",
|
||
|
|
"comment": "",
|
||
|
|
"deleted": false,
|
||
|
|
"disable_correlation": false,
|
||
|
|
"object_relation": "sha256",
|
||
|
|
"timestamp": "1533279889",
|
||
|
|
"to_ids": true,
|
||
|
|
"type": "sha256",
|
||
|
|
"uuid": "6426b1af-f59d-4530-8bc0-928e96d10057",
|
||
|
|
"value": "ec6c35822895fd3f431d4b56552fbcdfff6a336dfd8fb086688a50f354edab54"
|
||
|
|
}
|
||
|
|
]
|
||
|
|
},
|
||
|
|
{
|
||
|
|
"comment": "",
|
||
|
|
"deleted": false,
|
||
|
|
"description": "VirusTotal report",
|
||
|
|
"meta-category": "misc",
|
||
|
|
"name": "virustotal-report",
|
||
|
|
"template_uuid": "d7dd0154-e04f-4c34-a2fb-79f3a3a52aa4",
|
||
|
|
"template_version": "2",
|
||
|
|
"timestamp": "1533279890",
|
||
|
|
"uuid": "f600d536-ac39-4588-9ff8-63621d6d372b",
|
||
|
|
"Attribute": [
|
||
|
|
{
|
||
|
|
"category": "Other",
|
||
|
|
"comment": "",
|
||
|
|
"deleted": false,
|
||
|
|
"disable_correlation": false,
|
||
|
|
"object_relation": "last-submission",
|
||
|
|
"timestamp": "1533279890",
|
||
|
|
"to_ids": false,
|
||
|
|
"type": "datetime",
|
||
|
|
"uuid": "48756df7-573d-42ac-85cd-8fe3c5788ee6",
|
||
|
|
"value": "2017-11-17T07:51:06"
|
||
|
|
},
|
||
|
|
{
|
||
|
|
"category": "External analysis",
|
||
|
|
"comment": "",
|
||
|
|
"deleted": false,
|
||
|
|
"disable_correlation": false,
|
||
|
|
"object_relation": "permalink",
|
||
|
|
"timestamp": "1533279891",
|
||
|
|
"to_ids": false,
|
||
|
|
"type": "link",
|
||
|
|
"uuid": "282bfdc9-157e-4210-bb84-0a1777506956",
|
||
|
|
"value": "https://www.virustotal.com/file/ec6c35822895fd3f431d4b56552fbcdfff6a336dfd8fb086688a50f354edab54/analysis/1510905066/"
|
||
|
|
},
|
||
|
|
{
|
||
|
|
"category": "Other",
|
||
|
|
"comment": "",
|
||
|
|
"deleted": false,
|
||
|
|
"disable_correlation": true,
|
||
|
|
"object_relation": "detection-ratio",
|
||
|
|
"timestamp": "1533279891",
|
||
|
|
"to_ids": false,
|
||
|
|
"type": "text",
|
||
|
|
"uuid": "43993ef1-d625-4106-82d4-d6118f0c4cfd",
|
||
|
|
"value": "40/61"
|
||
|
|
}
|
||
|
|
]
|
||
|
|
},
|
||
|
|
{
|
||
|
|
"comment": "",
|
||
|
|
"deleted": false,
|
||
|
|
"description": "File object describing a file with meta-information",
|
||
|
|
"meta-category": "file",
|
||
|
|
"name": "file",
|
||
|
|
"template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215",
|
||
|
|
"template_version": "11",
|
||
|
|
"timestamp": "1533279894",
|
||
|
|
"uuid": "95ac7141-73a2-4887-a57b-703e4ae18c8f",
|
||
|
|
"ObjectReference": [
|
||
|
|
{
|
||
|
|
"comment": "",
|
||
|
|
"object_uuid": "95ac7141-73a2-4887-a57b-703e4ae18c8f",
|
||
|
|
"referenced_uuid": "8afbb632-1a98-404c-bde5-89b01c882fda",
|
||
|
|
"relationship_type": "analysed-with",
|
||
|
|
"timestamp": "1533279934",
|
||
|
|
"uuid": "5b63febe-9bbc-4f05-a28e-6c4102de0b81"
|
||
|
|
}
|
||
|
|
],
|
||
|
|
"Attribute": [
|
||
|
|
{
|
||
|
|
"category": "Payload delivery",
|
||
|
|
"comment": "",
|
||
|
|
"deleted": false,
|
||
|
|
"disable_correlation": false,
|
||
|
|
"object_relation": "md5",
|
||
|
|
"timestamp": "1533279891",
|
||
|
|
"to_ids": true,
|
||
|
|
"type": "md5",
|
||
|
|
"uuid": "fe011b69-ef8e-440e-94db-cb6ec26a85c6",
|
||
|
|
"value": "ddcd67b7b83e73426b4d35881789e7dc"
|
||
|
|
},
|
||
|
|
{
|
||
|
|
"category": "Payload delivery",
|
||
|
|
"comment": "",
|
||
|
|
"deleted": false,
|
||
|
|
"disable_correlation": false,
|
||
|
|
"object_relation": "sha1",
|
||
|
|
"timestamp": "1533279892",
|
||
|
|
"to_ids": true,
|
||
|
|
"type": "sha1",
|
||
|
|
"uuid": "6d65379c-1985-46b5-8426-6ed30e062032",
|
||
|
|
"value": "bf3eac9a7808d3ee75e8018397cde1d8d6628b43"
|
||
|
|
},
|
||
|
|
{
|
||
|
|
"category": "Payload delivery",
|
||
|
|
"comment": "",
|
||
|
|
"deleted": false,
|
||
|
|
"disable_correlation": false,
|
||
|
|
"object_relation": "sha256",
|
||
|
|
"timestamp": "1533279893",
|
||
|
|
"to_ids": true,
|
||
|
|
"type": "sha256",
|
||
|
|
"uuid": "1582ae01-0477-4a03-9475-fffbdd6c7f4d",
|
||
|
|
"value": "cd6d64e96821f0d1e3e19e0da8403298e69dbcb5c0f44c83d04ca2d0e2ae80a1"
|
||
|
|
}
|
||
|
|
]
|
||
|
|
},
|
||
|
|
{
|
||
|
|
"comment": "",
|
||
|
|
"deleted": false,
|
||
|
|
"description": "VirusTotal report",
|
||
|
|
"meta-category": "misc",
|
||
|
|
"name": "virustotal-report",
|
||
|
|
"template_uuid": "d7dd0154-e04f-4c34-a2fb-79f3a3a52aa4",
|
||
|
|
"template_version": "2",
|
||
|
|
"timestamp": "1533279893",
|
||
|
|
"uuid": "8afbb632-1a98-404c-bde5-89b01c882fda",
|
||
|
|
"Attribute": [
|
||
|
|
{
|
||
|
|
"category": "Other",
|
||
|
|
"comment": "",
|
||
|
|
"deleted": false,
|
||
|
|
"disable_correlation": false,
|
||
|
|
"object_relation": "last-submission",
|
||
|
|
"timestamp": "1533279893",
|
||
|
|
"to_ids": false,
|
||
|
|
"type": "datetime",
|
||
|
|
"uuid": "463f05bc-f341-41db-85db-1bb6014384bc",
|
||
|
|
"value": "2018-01-08T11:15:14"
|
||
|
|
},
|
||
|
|
{
|
||
|
|
"category": "External analysis",
|
||
|
|
"comment": "",
|
||
|
|
"deleted": false,
|
||
|
|
"disable_correlation": false,
|
||
|
|
"object_relation": "permalink",
|
||
|
|
"timestamp": "1533279894",
|
||
|
|
"to_ids": false,
|
||
|
|
"type": "link",
|
||
|
|
"uuid": "7a4b99ac-2a67-44e8-88a7-10beb23f0bb3",
|
||
|
|
"value": "https://www.virustotal.com/file/cd6d64e96821f0d1e3e19e0da8403298e69dbcb5c0f44c83d04ca2d0e2ae80a1/analysis/1515410114/"
|
||
|
|
},
|
||
|
|
{
|
||
|
|
"category": "Other",
|
||
|
|
"comment": "",
|
||
|
|
"deleted": false,
|
||
|
|
"disable_correlation": true,
|
||
|
|
"object_relation": "detection-ratio",
|
||
|
|
"timestamp": "1533279895",
|
||
|
|
"to_ids": false,
|
||
|
|
"type": "text",
|
||
|
|
"uuid": "920a9729-3f24-4669-a705-32bb7a85aac1",
|
||
|
|
"value": "25/66"
|
||
|
|
}
|
||
|
|
]
|
||
|
|
},
|
||
|
|
{
|
||
|
|
"comment": "",
|
||
|
|
"deleted": false,
|
||
|
|
"description": "File object describing a file with meta-information",
|
||
|
|
"meta-category": "file",
|
||
|
|
"name": "file",
|
||
|
|
"template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215",
|
||
|
|
"template_version": "11",
|
||
|
|
"timestamp": "1533279898",
|
||
|
|
"uuid": "1b004d6a-4eaa-4144-80db-7ddfed3e1672",
|
||
|
|
"ObjectReference": [
|
||
|
|
{
|
||
|
|
"comment": "",
|
||
|
|
"object_uuid": "1b004d6a-4eaa-4144-80db-7ddfed3e1672",
|
||
|
|
"referenced_uuid": "1f8e9d51-4bc9-466f-ad49-357294ada4d8",
|
||
|
|
"relationship_type": "analysed-with",
|
||
|
|
"timestamp": "1533279934",
|
||
|
|
"uuid": "5b63febe-b7b4-4ed0-b573-6c4102de0b81"
|
||
|
|
}
|
||
|
|
],
|
||
|
|
"Attribute": [
|
||
|
|
{
|
||
|
|
"category": "Payload delivery",
|
||
|
|
"comment": "",
|
||
|
|
"deleted": false,
|
||
|
|
"disable_correlation": false,
|
||
|
|
"object_relation": "md5",
|
||
|
|
"timestamp": "1533279895",
|
||
|
|
"to_ids": true,
|
||
|
|
"type": "md5",
|
||
|
|
"uuid": "028bc5b0-0dfe-4f87-a6dd-58f1110bfc07",
|
||
|
|
"value": "db0954a2f9c95737d1e54a1f9cf01404"
|
||
|
|
},
|
||
|
|
{
|
||
|
|
"category": "Payload delivery",
|
||
|
|
"comment": "",
|
||
|
|
"deleted": false,
|
||
|
|
"disable_correlation": false,
|
||
|
|
"object_relation": "sha1",
|
||
|
|
"timestamp": "1533279895",
|
||
|
|
"to_ids": true,
|
||
|
|
"type": "sha1",
|
||
|
|
"uuid": "d0708a59-ed96-4795-9c70-32062888c539",
|
||
|
|
"value": "4533f0c5b799f92fcecda88bf2c94b16eb554878"
|
||
|
|
},
|
||
|
|
{
|
||
|
|
"category": "Payload delivery",
|
||
|
|
"comment": "",
|
||
|
|
"deleted": false,
|
||
|
|
"disable_correlation": false,
|
||
|
|
"object_relation": "sha256",
|
||
|
|
"timestamp": "1533279896",
|
||
|
|
"to_ids": true,
|
||
|
|
"type": "sha256",
|
||
|
|
"uuid": "341a584d-31e4-4ff6-8812-94c0f716068d",
|
||
|
|
"value": "dfb34ac6b3a5242a7c35e074bd1348e24f4e31b58bd6e901a639838524d0760b"
|
||
|
|
}
|
||
|
|
]
|
||
|
|
},
|
||
|
|
{
|
||
|
|
"comment": "",
|
||
|
|
"deleted": false,
|
||
|
|
"description": "VirusTotal report",
|
||
|
|
"meta-category": "misc",
|
||
|
|
"name": "virustotal-report",
|
||
|
|
"template_uuid": "d7dd0154-e04f-4c34-a2fb-79f3a3a52aa4",
|
||
|
|
"template_version": "2",
|
||
|
|
"timestamp": "1533279896",
|
||
|
|
"uuid": "1f8e9d51-4bc9-466f-ad49-357294ada4d8",
|
||
|
|
"Attribute": [
|
||
|
|
{
|
||
|
|
"category": "Other",
|
||
|
|
"comment": "",
|
||
|
|
"deleted": false,
|
||
|
|
"disable_correlation": false,
|
||
|
|
"object_relation": "last-submission",
|
||
|
|
"timestamp": "1533279896",
|
||
|
|
"to_ids": false,
|
||
|
|
"type": "datetime",
|
||
|
|
"uuid": "00e0002d-aad3-4985-8589-b123f93e726d",
|
||
|
|
"value": "2017-11-14T18:51:32"
|
||
|
|
},
|
||
|
|
{
|
||
|
|
"category": "External analysis",
|
||
|
|
"comment": "",
|
||
|
|
"deleted": false,
|
||
|
|
"disable_correlation": false,
|
||
|
|
"object_relation": "permalink",
|
||
|
|
"timestamp": "1533279897",
|
||
|
|
"to_ids": false,
|
||
|
|
"type": "link",
|
||
|
|
"uuid": "ae882f60-63c1-4df4-bd99-5b54ba427c6a",
|
||
|
|
"value": "https://www.virustotal.com/file/dfb34ac6b3a5242a7c35e074bd1348e24f4e31b58bd6e901a639838524d0760b/analysis/1510685492/"
|
||
|
|
},
|
||
|
|
{
|
||
|
|
"category": "Other",
|
||
|
|
"comment": "",
|
||
|
|
"deleted": false,
|
||
|
|
"disable_correlation": true,
|
||
|
|
"object_relation": "detection-ratio",
|
||
|
|
"timestamp": "1533279897",
|
||
|
|
"to_ids": false,
|
||
|
|
"type": "text",
|
||
|
|
"uuid": "b29f8bde-8a2d-4d09-9b0c-c270df68e58f",
|
||
|
|
"value": "35/60"
|
||
|
|
}
|
||
|
|
]
|
||
|
|
},
|
||
|
|
{
|
||
|
|
"comment": "",
|
||
|
|
"deleted": false,
|
||
|
|
"description": "File object describing a file with meta-information",
|
||
|
|
"meta-category": "file",
|
||
|
|
"name": "file",
|
||
|
|
"template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215",
|
||
|
|
"template_version": "11",
|
||
|
|
"timestamp": "1533279900",
|
||
|
|
"uuid": "764f0fcd-1ab1-4784-8f89-476df01f9e82",
|
||
|
|
"ObjectReference": [
|
||
|
|
{
|
||
|
|
"comment": "",
|
||
|
|
"object_uuid": "764f0fcd-1ab1-4784-8f89-476df01f9e82",
|
||
|
|
"referenced_uuid": "4d24cad3-2421-48ad-9b73-2624715cd5dd",
|
||
|
|
"relationship_type": "analysed-with",
|
||
|
|
"timestamp": "1533279934",
|
||
|
|
"uuid": "5b63febe-7e68-49dc-b96e-6c4102de0b81"
|
||
|
|
}
|
||
|
|
],
|
||
|
|
"Attribute": [
|
||
|
|
{
|
||
|
|
"category": "Payload delivery",
|
||
|
|
"comment": "",
|
||
|
|
"deleted": false,
|
||
|
|
"disable_correlation": false,
|
||
|
|
"object_relation": "md5",
|
||
|
|
"timestamp": "1533279897",
|
||
|
|
"to_ids": true,
|
||
|
|
"type": "md5",
|
||
|
|
"uuid": "3360c649-133f-481b-b1b5-e06d8379629f",
|
||
|
|
"value": "075ff2fb2e33a319e56a8955fade154e"
|
||
|
|
},
|
||
|
|
{
|
||
|
|
"category": "Payload delivery",
|
||
|
|
"comment": "",
|
||
|
|
"deleted": false,
|
||
|
|
"disable_correlation": false,
|
||
|
|
"object_relation": "sha1",
|
||
|
|
"timestamp": "1533279898",
|
||
|
|
"to_ids": true,
|
||
|
|
"type": "sha1",
|
||
|
|
"uuid": "c675fb69-aa4b-496c-abde-64576b10de92",
|
||
|
|
"value": "ec11b96059609d9e253b5ec977a2bc358f82db44"
|
||
|
|
},
|
||
|
|
{
|
||
|
|
"category": "Payload delivery",
|
||
|
|
"comment": "",
|
||
|
|
"deleted": false,
|
||
|
|
"disable_correlation": false,
|
||
|
|
"object_relation": "sha256",
|
||
|
|
"timestamp": "1533279898",
|
||
|
|
"to_ids": true,
|
||
|
|
"type": "sha256",
|
||
|
|
"uuid": "223abe11-4c5c-4bf7-871b-a4cd27bce80c",
|
||
|
|
"value": "1de36f02cfb965b411465afe6299d4e6696a3bdc8b4f41417847da1ee7edc52e"
|
||
|
|
}
|
||
|
|
]
|
||
|
|
},
|
||
|
|
{
|
||
|
|
"comment": "",
|
||
|
|
"deleted": false,
|
||
|
|
"description": "VirusTotal report",
|
||
|
|
"meta-category": "misc",
|
||
|
|
"name": "virustotal-report",
|
||
|
|
"template_uuid": "d7dd0154-e04f-4c34-a2fb-79f3a3a52aa4",
|
||
|
|
"template_version": "2",
|
||
|
|
"timestamp": "1533279899",
|
||
|
|
"uuid": "4d24cad3-2421-48ad-9b73-2624715cd5dd",
|
||
|
|
"Attribute": [
|
||
|
|
{
|
||
|
|
"category": "Other",
|
||
|
|
"comment": "",
|
||
|
|
"deleted": false,
|
||
|
|
"disable_correlation": false,
|
||
|
|
"object_relation": "last-submission",
|
||
|
|
"timestamp": "1533279899",
|
||
|
|
"to_ids": false,
|
||
|
|
"type": "datetime",
|
||
|
|
"uuid": "9f65d903-d08d-4947-9754-6f9a1c667fd4",
|
||
|
|
"value": "2017-11-21T09:17:59"
|
||
|
|
},
|
||
|
|
{
|
||
|
|
"category": "External analysis",
|
||
|
|
"comment": "",
|
||
|
|
"deleted": false,
|
||
|
|
"disable_correlation": false,
|
||
|
|
"object_relation": "permalink",
|
||
|
|
"timestamp": "1533279899",
|
||
|
|
"to_ids": false,
|
||
|
|
"type": "link",
|
||
|
|
"uuid": "0089de46-5fe9-4655-9b15-ccc24ce0d162",
|
||
|
|
"value": "https://www.virustotal.com/file/1de36f02cfb965b411465afe6299d4e6696a3bdc8b4f41417847da1ee7edc52e/analysis/1511255879/"
|
||
|
|
},
|
||
|
|
{
|
||
|
|
"category": "Other",
|
||
|
|
"comment": "",
|
||
|
|
"deleted": false,
|
||
|
|
"disable_correlation": true,
|
||
|
|
"object_relation": "detection-ratio",
|
||
|
|
"timestamp": "1533279900",
|
||
|
|
"to_ids": false,
|
||
|
|
"type": "text",
|
||
|
|
"uuid": "0a1f957d-dbb3-4f70-bfa6-3bdce0a9309a",
|
||
|
|
"value": "50/68"
|
||
|
|
}
|
||
|
|
]
|
||
|
|
},
|
||
|
|
{
|
||
|
|
"comment": "",
|
||
|
|
"deleted": false,
|
||
|
|
"description": "File object describing a file with meta-information",
|
||
|
|
"meta-category": "file",
|
||
|
|
"name": "file",
|
||
|
|
"template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215",
|
||
|
|
"template_version": "11",
|
||
|
|
"timestamp": "1533279903",
|
||
|
|
"uuid": "d5094d86-5aa2-4930-be67-590b666faf24",
|
||
|
|
"ObjectReference": [
|
||
|
|
{
|
||
|
|
"comment": "",
|
||
|
|
"object_uuid": "d5094d86-5aa2-4930-be67-590b666faf24",
|
||
|
|
"referenced_uuid": "68f98b66-dfff-4879-a93e-23798294887a",
|
||
|
|
"relationship_type": "analysed-with",
|
||
|
|
"timestamp": "1533279934",
|
||
|
|
"uuid": "5b63febe-28dc-42ca-ac0f-6c4102de0b81"
|
||
|
|
}
|
||
|
|
],
|
||
|
|
"Attribute": [
|
||
|
|
{
|
||
|
|
"category": "Payload delivery",
|
||
|
|
"comment": "",
|
||
|
|
"deleted": false,
|
||
|
|
"disable_correlation": false,
|
||
|
|
"object_relation": "md5",
|
||
|
|
"timestamp": "1533279900",
|
||
|
|
"to_ids": true,
|
||
|
|
"type": "md5",
|
||
|
|
"uuid": "13099554-1f07-47b3-ab0e-9bd58064bfe4",
|
||
|
|
"value": "567157989551a5c6926c375eb0652804"
|
||
|
|
},
|
||
|
|
{
|
||
|
|
"category": "Payload delivery",
|
||
|
|
"comment": "",
|
||
|
|
"deleted": false,
|
||
|
|
"disable_correlation": false,
|
||
|
|
"object_relation": "sha1",
|
||
|
|
"timestamp": "1533279901",
|
||
|
|
"to_ids": true,
|
||
|
|
"type": "sha1",
|
||
|
|
"uuid": "91859f8c-3dd0-497f-813c-f94e3f496da1",
|
||
|
|
"value": "e9d03f2e60ba16636291bf1e75ed088caf9c0e23"
|
||
|
|
},
|
||
|
|
{
|
||
|
|
"category": "Payload delivery",
|
||
|
|
"comment": "",
|
||
|
|
"deleted": false,
|
||
|
|
"disable_correlation": false,
|
||
|
|
"object_relation": "sha256",
|
||
|
|
"timestamp": "1533279903",
|
||
|
|
"to_ids": true,
|
||
|
|
"type": "sha256",
|
||
|
|
"uuid": "db14fa10-2016-4d0b-9699-15bf051927c3",
|
||
|
|
"value": "c3fd90b9152952b04e9b991710f31e235f41027c32fcc90a1809bd80e1326d46"
|
||
|
|
}
|
||
|
|
]
|
||
|
|
},
|
||
|
|
{
|
||
|
|
"comment": "",
|
||
|
|
"deleted": false,
|
||
|
|
"description": "VirusTotal report",
|
||
|
|
"meta-category": "misc",
|
||
|
|
"name": "virustotal-report",
|
||
|
|
"template_uuid": "d7dd0154-e04f-4c34-a2fb-79f3a3a52aa4",
|
||
|
|
"template_version": "2",
|
||
|
|
"timestamp": "1533279904",
|
||
|
|
"uuid": "68f98b66-dfff-4879-a93e-23798294887a",
|
||
|
|
"Attribute": [
|
||
|
|
{
|
||
|
|
"category": "Other",
|
||
|
|
"comment": "",
|
||
|
|
"deleted": false,
|
||
|
|
"disable_correlation": false,
|
||
|
|
"object_relation": "last-submission",
|
||
|
|
"timestamp": "1533279904",
|
||
|
|
"to_ids": false,
|
||
|
|
"type": "datetime",
|
||
|
|
"uuid": "ef1c04a8-d4b6-4ea6-b2ea-52902c39abee",
|
||
|
|
"value": "2018-07-22T16:30:27"
|
||
|
|
},
|
||
|
|
{
|
||
|
|
"category": "External analysis",
|
||
|
|
"comment": "",
|
||
|
|
"deleted": false,
|
||
|
|
"disable_correlation": false,
|
||
|
|
"object_relation": "permalink",
|
||
|
|
"timestamp": "1533279904",
|
||
|
|
"to_ids": false,
|
||
|
|
"type": "link",
|
||
|
|
"uuid": "211bf203-36e3-42c8-9ff8-3f8c7de10da2",
|
||
|
|
"value": "https://www.virustotal.com/file/c3fd90b9152952b04e9b991710f31e235f41027c32fcc90a1809bd80e1326d46/analysis/1532277027/"
|
||
|
|
},
|
||
|
|
{
|
||
|
|
"category": "Other",
|
||
|
|
"comment": "",
|
||
|
|
"deleted": false,
|
||
|
|
"disable_correlation": true,
|
||
|
|
"object_relation": "detection-ratio",
|
||
|
|
"timestamp": "1533279905",
|
||
|
|
"to_ids": false,
|
||
|
|
"type": "text",
|
||
|
|
"uuid": "1e55e3b2-8535-47ce-83e0-db826ea05c79",
|
||
|
|
"value": "59/68"
|
||
|
|
}
|
||
|
|
]
|
||
|
|
},
|
||
|
|
{
|
||
|
|
"comment": "",
|
||
|
|
"deleted": false,
|
||
|
|
"description": "File object describing a file with meta-information",
|
||
|
|
"meta-category": "file",
|
||
|
|
"name": "file",
|
||
|
|
"template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215",
|
||
|
|
"template_version": "11",
|
||
|
|
"timestamp": "1533279908",
|
||
|
|
"uuid": "52674802-1516-419a-bc3b-01dae5b5746f",
|
||
|
|
"ObjectReference": [
|
||
|
|
{
|
||
|
|
"comment": "",
|
||
|
|
"object_uuid": "52674802-1516-419a-bc3b-01dae5b5746f",
|
||
|
|
"referenced_uuid": "2b1648e9-577e-46f9-bdb3-f70186927dc3",
|
||
|
|
"relationship_type": "analysed-with",
|
||
|
|
"timestamp": "1533279934",
|
||
|
|
"uuid": "5b63febe-1cb4-46b3-9307-6c4102de0b81"
|
||
|
|
}
|
||
|
|
],
|
||
|
|
"Attribute": [
|
||
|
|
{
|
||
|
|
"category": "Payload delivery",
|
||
|
|
"comment": "",
|
||
|
|
"deleted": false,
|
||
|
|
"disable_correlation": false,
|
||
|
|
"object_relation": "md5",
|
||
|
|
"timestamp": "1533279905",
|
||
|
|
"to_ids": true,
|
||
|
|
"type": "md5",
|
||
|
|
"uuid": "1ea8fd0a-95c3-47b7-b373-db71030633c6",
|
||
|
|
"value": "aa6797ec4d23a39f91ddd222a31ddd1e"
|
||
|
|
},
|
||
|
|
{
|
||
|
|
"category": "Payload delivery",
|
||
|
|
"comment": "",
|
||
|
|
"deleted": false,
|
||
|
|
"disable_correlation": false,
|
||
|
|
"object_relation": "sha1",
|
||
|
|
"timestamp": "1533279906",
|
||
|
|
"to_ids": true,
|
||
|
|
"type": "sha1",
|
||
|
|
"uuid": "b232a70c-92ad-44cf-af95-0e0d1b409825",
|
||
|
|
"value": "3d38d65a1306d9d85514585c8b01f347c1067a79"
|
||
|
|
},
|
||
|
|
{
|
||
|
|
"category": "Payload delivery",
|
||
|
|
"comment": "",
|
||
|
|
"deleted": false,
|
||
|
|
"disable_correlation": false,
|
||
|
|
"object_relation": "sha256",
|
||
|
|
"timestamp": "1533279906",
|
||
|
|
"to_ids": true,
|
||
|
|
"type": "sha256",
|
||
|
|
"uuid": "f7ddafb1-60ba-4501-bfee-f9d4ba2aeb23",
|
||
|
|
"value": "7cf208b9fdfe820f9d9224f42183d5d62fd3c6a2a3662931cb399f55eed5a699"
|
||
|
|
}
|
||
|
|
]
|
||
|
|
},
|
||
|
|
{
|
||
|
|
"comment": "",
|
||
|
|
"deleted": false,
|
||
|
|
"description": "VirusTotal report",
|
||
|
|
"meta-category": "misc",
|
||
|
|
"name": "virustotal-report",
|
||
|
|
"template_uuid": "d7dd0154-e04f-4c34-a2fb-79f3a3a52aa4",
|
||
|
|
"template_version": "2",
|
||
|
|
"timestamp": "1533279906",
|
||
|
|
"uuid": "2b1648e9-577e-46f9-bdb3-f70186927dc3",
|
||
|
|
"Attribute": [
|
||
|
|
{
|
||
|
|
"category": "Other",
|
||
|
|
"comment": "",
|
||
|
|
"deleted": false,
|
||
|
|
"disable_correlation": false,
|
||
|
|
"object_relation": "last-submission",
|
||
|
|
"timestamp": "1533279907",
|
||
|
|
"to_ids": false,
|
||
|
|
"type": "datetime",
|
||
|
|
"uuid": "eb279efe-855d-4375-87c6-b02ad41efcd1",
|
||
|
|
"value": "2018-06-23T06:30:59"
|
||
|
|
},
|
||
|
|
{
|
||
|
|
"category": "External analysis",
|
||
|
|
"comment": "",
|
||
|
|
"deleted": false,
|
||
|
|
"disable_correlation": false,
|
||
|
|
"object_relation": "permalink",
|
||
|
|
"timestamp": "1533279907",
|
||
|
|
"to_ids": false,
|
||
|
|
"type": "link",
|
||
|
|
"uuid": "6f700c7e-96f3-41e7-8a0f-24053157b240",
|
||
|
|
"value": "https://www.virustotal.com/file/7cf208b9fdfe820f9d9224f42183d5d62fd3c6a2a3662931cb399f55eed5a699/analysis/1529735459/"
|
||
|
|
},
|
||
|
|
{
|
||
|
|
"category": "Other",
|
||
|
|
"comment": "",
|
||
|
|
"deleted": false,
|
||
|
|
"disable_correlation": true,
|
||
|
|
"object_relation": "detection-ratio",
|
||
|
|
"timestamp": "1533279908",
|
||
|
|
"to_ids": false,
|
||
|
|
"type": "text",
|
||
|
|
"uuid": "53125897-66d9-42fd-bf74-3885aaed354f",
|
||
|
|
"value": "54/68"
|
||
|
|
}
|
||
|
|
]
|
||
|
|
},
|
||
|
|
{
|
||
|
|
"comment": "",
|
||
|
|
"deleted": false,
|
||
|
|
"description": "File object describing a file with meta-information",
|
||
|
|
"meta-category": "file",
|
||
|
|
"name": "file",
|
||
|
|
"template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215",
|
||
|
|
"template_version": "11",
|
||
|
|
"timestamp": "1533279911",
|
||
|
|
"uuid": "096da749-1936-41dd-96f3-cbdd247f2548",
|
||
|
|
"ObjectReference": [
|
||
|
|
{
|
||
|
|
"comment": "",
|
||
|
|
"object_uuid": "096da749-1936-41dd-96f3-cbdd247f2548",
|
||
|
|
"referenced_uuid": "bee97d03-cf53-441d-b24e-be6fe5aff6fe",
|
||
|
|
"relationship_type": "analysed-with",
|
||
|
|
"timestamp": "1533279934",
|
||
|
|
"uuid": "5b63febe-5d0c-46a4-a028-6c4102de0b81"
|
||
|
|
}
|
||
|
|
],
|
||
|
|
"Attribute": [
|
||
|
|
{
|
||
|
|
"category": "Payload delivery",
|
||
|
|
"comment": "",
|
||
|
|
"deleted": false,
|
||
|
|
"disable_correlation": false,
|
||
|
|
"object_relation": "md5",
|
||
|
|
"timestamp": "1533279908",
|
||
|
|
"to_ids": true,
|
||
|
|
"type": "md5",
|
||
|
|
"uuid": "34751530-0ab1-438c-9d19-76943031eb3d",
|
||
|
|
"value": "21089b34d8f9cb7910f521e30aa55908"
|
||
|
|
},
|
||
|
|
{
|
||
|
|
"category": "Payload delivery",
|
||
|
|
"comment": "",
|
||
|
|
"deleted": false,
|
||
|
|
"disable_correlation": false,
|
||
|
|
"object_relation": "sha1",
|
||
|
|
"timestamp": "1533279908",
|
||
|
|
"to_ids": true,
|
||
|
|
"type": "sha1",
|
||
|
|
"uuid": "d14575c4-099e-4cb1-93cd-80b429d91aa9",
|
||
|
|
"value": "5e0d7f6a8f88decf4ed2107adeeb0f2d805dbc6d"
|
||
|
|
},
|
||
|
|
{
|
||
|
|
"category": "Payload delivery",
|
||
|
|
"comment": "",
|
||
|
|
"deleted": false,
|
||
|
|
"disable_correlation": false,
|
||
|
|
"object_relation": "sha256",
|
||
|
|
"timestamp": "1533279909",
|
||
|
|
"to_ids": true,
|
||
|
|
"type": "sha256",
|
||
|
|
"uuid": "05c5bd12-2c7e-494f-a12a-bc1d70f8b166",
|
||
|
|
"value": "a60254d5a636021fdd9d71a88c10d8cca7889f96acf80cd81098b0015c96a79a"
|
||
|
|
}
|
||
|
|
]
|
||
|
|
},
|
||
|
|
{
|
||
|
|
"comment": "",
|
||
|
|
"deleted": false,
|
||
|
|
"description": "VirusTotal report",
|
||
|
|
"meta-category": "misc",
|
||
|
|
"name": "virustotal-report",
|
||
|
|
"template_uuid": "d7dd0154-e04f-4c34-a2fb-79f3a3a52aa4",
|
||
|
|
"template_version": "2",
|
||
|
|
"timestamp": "1533279909",
|
||
|
|
"uuid": "bee97d03-cf53-441d-b24e-be6fe5aff6fe",
|
||
|
|
"Attribute": [
|
||
|
|
{
|
||
|
|
"category": "Other",
|
||
|
|
"comment": "",
|
||
|
|
"deleted": false,
|
||
|
|
"disable_correlation": false,
|
||
|
|
"object_relation": "last-submission",
|
||
|
|
"timestamp": "1533279910",
|
||
|
|
"to_ids": false,
|
||
|
|
"type": "datetime",
|
||
|
|
"uuid": "1a37dc13-68a5-419e-8593-c80aad983a0f",
|
||
|
|
"value": "2018-01-31T06:44:56"
|
||
|
|
},
|
||
|
|
{
|
||
|
|
"category": "External analysis",
|
||
|
|
"comment": "",
|
||
|
|
"deleted": false,
|
||
|
|
"disable_correlation": false,
|
||
|
|
"object_relation": "permalink",
|
||
|
|
"timestamp": "1533279910",
|
||
|
|
"to_ids": false,
|
||
|
|
"type": "link",
|
||
|
|
"uuid": "dbdf7ee7-d96e-43df-99ec-f1a7d56df6c4",
|
||
|
|
"value": "https://www.virustotal.com/file/a60254d5a636021fdd9d71a88c10d8cca7889f96acf80cd81098b0015c96a79a/analysis/1517381096/"
|
||
|
|
},
|
||
|
|
{
|
||
|
|
"category": "Other",
|
||
|
|
"comment": "",
|
||
|
|
"deleted": false,
|
||
|
|
"disable_correlation": true,
|
||
|
|
"object_relation": "detection-ratio",
|
||
|
|
"timestamp": "1533279911",
|
||
|
|
"to_ids": false,
|
||
|
|
"type": "text",
|
||
|
|
"uuid": "0e6c3ab0-31fe-4ac6-861a-86117f7610eb",
|
||
|
|
"value": "24/66"
|
||
|
|
}
|
||
|
|
]
|
||
|
|
},
|
||
|
|
{
|
||
|
|
"comment": "",
|
||
|
|
"deleted": false,
|
||
|
|
"description": "File object describing a file with meta-information",
|
||
|
|
"meta-category": "file",
|
||
|
|
"name": "file",
|
||
|
|
"template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215",
|
||
|
|
"template_version": "11",
|
||
|
|
"timestamp": "1533279914",
|
||
|
|
"uuid": "fe9ff2db-3990-4476-af1f-4ea5fd9455ec",
|
||
|
|
"ObjectReference": [
|
||
|
|
{
|
||
|
|
"comment": "",
|
||
|
|
"object_uuid": "fe9ff2db-3990-4476-af1f-4ea5fd9455ec",
|
||
|
|
"referenced_uuid": "3a3d31fe-1599-4535-8de1-073d022ac421",
|
||
|
|
"relationship_type": "analysed-with",
|
||
|
|
"timestamp": "1533279934",
|
||
|
|
"uuid": "5b63febe-2ddc-4cc7-97aa-6c4102de0b81"
|
||
|
|
}
|
||
|
|
],
|
||
|
|
"Attribute": [
|
||
|
|
{
|
||
|
|
"category": "Payload delivery",
|
||
|
|
"comment": "",
|
||
|
|
"deleted": false,
|
||
|
|
"disable_correlation": false,
|
||
|
|
"object_relation": "md5",
|
||
|
|
"timestamp": "1533279911",
|
||
|
|
"to_ids": true,
|
||
|
|
"type": "md5",
|
||
|
|
"uuid": "91a71d02-5ada-4b37-ad1e-03e38a98d5e7",
|
||
|
|
"value": "59e172ec7d73a5c41d4dbb218ca1af66"
|
||
|
|
},
|
||
|
|
{
|
||
|
|
"category": "Payload delivery",
|
||
|
|
"comment": "",
|
||
|
|
"deleted": false,
|
||
|
|
"disable_correlation": false,
|
||
|
|
"object_relation": "sha1",
|
||
|
|
"timestamp": "1533279912",
|
||
|
|
"to_ids": true,
|
||
|
|
"type": "sha1",
|
||
|
|
"uuid": "e0eded88-f760-44c1-81ca-e00b77f13ffd",
|
||
|
|
"value": "f116b6360951036814e9ce2a35fcdf467307d2c6"
|
||
|
|
},
|
||
|
|
{
|
||
|
|
"category": "Payload delivery",
|
||
|
|
"comment": "",
|
||
|
|
"deleted": false,
|
||
|
|
"disable_correlation": false,
|
||
|
|
"object_relation": "sha256",
|
||
|
|
"timestamp": "1533279913",
|
||
|
|
"to_ids": true,
|
||
|
|
"type": "sha256",
|
||
|
|
"uuid": "8f630c81-70df-4b55-a3f7-c820b62839bd",
|
||
|
|
"value": "21fa492145115aef1fb2fc686ad09e5769b6730764eea1d9a90c1ca64ac8f5a0"
|
||
|
|
}
|
||
|
|
]
|
||
|
|
},
|
||
|
|
{
|
||
|
|
"comment": "",
|
||
|
|
"deleted": false,
|
||
|
|
"description": "VirusTotal report",
|
||
|
|
"meta-category": "misc",
|
||
|
|
"name": "virustotal-report",
|
||
|
|
"template_uuid": "d7dd0154-e04f-4c34-a2fb-79f3a3a52aa4",
|
||
|
|
"template_version": "2",
|
||
|
|
"timestamp": "1533279913",
|
||
|
|
"uuid": "3a3d31fe-1599-4535-8de1-073d022ac421",
|
||
|
|
"Attribute": [
|
||
|
|
{
|
||
|
|
"category": "Other",
|
||
|
|
"comment": "",
|
||
|
|
"deleted": false,
|
||
|
|
"disable_correlation": false,
|
||
|
|
"object_relation": "last-submission",
|
||
|
|
"timestamp": "1533279913",
|
||
|
|
"to_ids": false,
|
||
|
|
"type": "datetime",
|
||
|
|
"uuid": "730fa964-2173-4469-80e6-038e28bd3b6f",
|
||
|
|
"value": "2018-08-01T11:55:50"
|
||
|
|
},
|
||
|
|
{
|
||
|
|
"category": "External analysis",
|
||
|
|
"comment": "",
|
||
|
|
"deleted": false,
|
||
|
|
"disable_correlation": false,
|
||
|
|
"object_relation": "permalink",
|
||
|
|
"timestamp": "1533279914",
|
||
|
|
"to_ids": false,
|
||
|
|
"type": "link",
|
||
|
|
"uuid": "434cb613-2d0b-4e78-ad7d-15cf7bc2c0b9",
|
||
|
|
"value": "https://www.virustotal.com/file/21fa492145115aef1fb2fc686ad09e5769b6730764eea1d9a90c1ca64ac8f5a0/analysis/1533124550/"
|
||
|
|
},
|
||
|
|
{
|
||
|
|
"category": "Other",
|
||
|
|
"comment": "",
|
||
|
|
"deleted": false,
|
||
|
|
"disable_correlation": true,
|
||
|
|
"object_relation": "detection-ratio",
|
||
|
|
"timestamp": "1533279914",
|
||
|
|
"to_ids": false,
|
||
|
|
"type": "text",
|
||
|
|
"uuid": "9ae1bfb8-ee0a-42a2-b254-cd8d65cee0b6",
|
||
|
|
"value": "0/59"
|
||
|
|
}
|
||
|
|
]
|
||
|
|
},
|
||
|
|
{
|
||
|
|
"comment": "",
|
||
|
|
"deleted": false,
|
||
|
|
"description": "File object describing a file with meta-information",
|
||
|
|
"meta-category": "file",
|
||
|
|
"name": "file",
|
||
|
|
"template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215",
|
||
|
|
"template_version": "11",
|
||
|
|
"timestamp": "1533279917",
|
||
|
|
"uuid": "2c0a000b-4cb5-444e-b6e8-f5ce047774bc",
|
||
|
|
"ObjectReference": [
|
||
|
|
{
|
||
|
|
"comment": "",
|
||
|
|
"object_uuid": "2c0a000b-4cb5-444e-b6e8-f5ce047774bc",
|
||
|
|
"referenced_uuid": "6a699fff-9d42-4ebc-835c-7063f752908c",
|
||
|
|
"relationship_type": "analysed-with",
|
||
|
|
"timestamp": "1533279934",
|
||
|
|
"uuid": "5b63febe-db6c-4c22-94fc-6c4102de0b81"
|
||
|
|
}
|
||
|
|
],
|
||
|
|
"Attribute": [
|
||
|
|
{
|
||
|
|
"category": "Payload delivery",
|
||
|
|
"comment": "",
|
||
|
|
"deleted": false,
|
||
|
|
"disable_correlation": false,
|
||
|
|
"object_relation": "md5",
|
||
|
|
"timestamp": "1533279914",
|
||
|
|
"to_ids": true,
|
||
|
|
"type": "md5",
|
||
|
|
"uuid": "c14f2fa0-dabd-4fad-ab70-1490bda156a2",
|
||
|
|
"value": "c531c45b08b692d84cf0699ef92f0134"
|
||
|
|
},
|
||
|
|
{
|
||
|
|
"category": "Payload delivery",
|
||
|
|
"comment": "",
|
||
|
|
"deleted": false,
|
||
|
|
"disable_correlation": false,
|
||
|
|
"object_relation": "sha1",
|
||
|
|
"timestamp": "1533279915",
|
||
|
|
"to_ids": true,
|
||
|
|
"type": "sha1",
|
||
|
|
"uuid": "dac5d65d-573c-4ded-b665-44b31ee88447",
|
||
|
|
"value": "fc1ee56c51e8367e07c7d382b2251f460292b3cf"
|
||
|
|
},
|
||
|
|
{
|
||
|
|
"category": "Payload delivery",
|
||
|
|
"comment": "",
|
||
|
|
"deleted": false,
|
||
|
|
"disable_correlation": false,
|
||
|
|
"object_relation": "sha256",
|
||
|
|
"timestamp": "1533279915",
|
||
|
|
"to_ids": true,
|
||
|
|
"type": "sha256",
|
||
|
|
"uuid": "c77aad31-d77d-4e54-86f7-3a5e60cd3863",
|
||
|
|
"value": "3998b264f947f3e70986c831a1f776790f96b0d8c72685a9ca3c6dea6f14bf6e"
|
||
|
|
}
|
||
|
|
]
|
||
|
|
},
|
||
|
|
{
|
||
|
|
"comment": "",
|
||
|
|
"deleted": false,
|
||
|
|
"description": "VirusTotal report",
|
||
|
|
"meta-category": "misc",
|
||
|
|
"name": "virustotal-report",
|
||
|
|
"template_uuid": "d7dd0154-e04f-4c34-a2fb-79f3a3a52aa4",
|
||
|
|
"template_version": "2",
|
||
|
|
"timestamp": "1533279916",
|
||
|
|
"uuid": "6a699fff-9d42-4ebc-835c-7063f752908c",
|
||
|
|
"Attribute": [
|
||
|
|
{
|
||
|
|
"category": "Other",
|
||
|
|
"comment": "",
|
||
|
|
"deleted": false,
|
||
|
|
"disable_correlation": false,
|
||
|
|
"object_relation": "last-submission",
|
||
|
|
"timestamp": "1533279916",
|
||
|
|
"to_ids": false,
|
||
|
|
"type": "datetime",
|
||
|
|
"uuid": "62d26141-e9b0-4349-a720-5ed0d4d7e834",
|
||
|
|
"value": "2018-03-01T07:21:24"
|
||
|
|
},
|
||
|
|
{
|
||
|
|
"category": "External analysis",
|
||
|
|
"comment": "",
|
||
|
|
"deleted": false,
|
||
|
|
"disable_correlation": false,
|
||
|
|
"object_relation": "permalink",
|
||
|
|
"timestamp": "1533279917",
|
||
|
|
"to_ids": false,
|
||
|
|
"type": "link",
|
||
|
|
"uuid": "786c71b7-e87c-44d1-97e0-932131116732",
|
||
|
|
"value": "https://www.virustotal.com/file/3998b264f947f3e70986c831a1f776790f96b0d8c72685a9ca3c6dea6f14bf6e/analysis/1519888884/"
|
||
|
|
},
|
||
|
|
{
|
||
|
|
"category": "Other",
|
||
|
|
"comment": "",
|
||
|
|
"deleted": false,
|
||
|
|
"disable_correlation": true,
|
||
|
|
"object_relation": "detection-ratio",
|
||
|
|
"timestamp": "1533279917",
|
||
|
|
"to_ids": false,
|
||
|
|
"type": "text",
|
||
|
|
"uuid": "aded9a20-962a-4e46-a2c5-c26f10d0334d",
|
||
|
|
"value": "11/68"
|
||
|
|
}
|
||
|
|
]
|
||
|
|
},
|
||
|
|
{
|
||
|
|
"comment": "",
|
||
|
|
"deleted": false,
|
||
|
|
"description": "File object describing a file with meta-information",
|
||
|
|
"meta-category": "file",
|
||
|
|
"name": "file",
|
||
|
|
"template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215",
|
||
|
|
"template_version": "11",
|
||
|
|
"timestamp": "1533279920",
|
||
|
|
"uuid": "b41fba7b-7e99-46be-b244-3749274d6511",
|
||
|
|
"ObjectReference": [
|
||
|
|
{
|
||
|
|
"comment": "",
|
||
|
|
"object_uuid": "b41fba7b-7e99-46be-b244-3749274d6511",
|
||
|
|
"referenced_uuid": "2643e936-cbd4-4080-bf24-897926886b9c",
|
||
|
|
"relationship_type": "analysed-with",
|
||
|
|
"timestamp": "1533279934",
|
||
|
|
"uuid": "5b63febe-fa44-4359-a5f7-6c4102de0b81"
|
||
|
|
}
|
||
|
|
],
|
||
|
|
"Attribute": [
|
||
|
|
{
|
||
|
|
"category": "Payload delivery",
|
||
|
|
"comment": "",
|
||
|
|
"deleted": false,
|
||
|
|
"disable_correlation": false,
|
||
|
|
"object_relation": "md5",
|
||
|
|
"timestamp": "1533279917",
|
||
|
|
"to_ids": true,
|
||
|
|
"type": "md5",
|
||
|
|
"uuid": "67504e45-924b-47c0-9cdd-1b8098c21f36",
|
||
|
|
"value": "34a1e9fcc84adc4ab2ec364845f64220"
|
||
|
|
},
|
||
|
|
{
|
||
|
|
"category": "Payload delivery",
|
||
|
|
"comment": "",
|
||
|
|
"deleted": false,
|
||
|
|
"disable_correlation": false,
|
||
|
|
"object_relation": "sha1",
|
||
|
|
"timestamp": "1533279918",
|
||
|
|
"to_ids": true,
|
||
|
|
"type": "sha1",
|
||
|
|
"uuid": "15b9f771-8f52-46e4-9da9-26f8d0d4460f",
|
||
|
|
"value": "7ef53e5a9a67e7f932ad53bf3a85c2ae91026f34"
|
||
|
|
},
|
||
|
|
{
|
||
|
|
"category": "Payload delivery",
|
||
|
|
"comment": "",
|
||
|
|
"deleted": false,
|
||
|
|
"disable_correlation": false,
|
||
|
|
"object_relation": "sha256",
|
||
|
|
"timestamp": "1533279918",
|
||
|
|
"to_ids": true,
|
||
|
|
"type": "sha256",
|
||
|
|
"uuid": "52fd6b55-46b4-4085-94ac-b4e446875034",
|
||
|
|
"value": "65e062b0ad6af49772988645f07d9bf890ed1310cf76630e6536762943115529"
|
||
|
|
}
|
||
|
|
]
|
||
|
|
},
|
||
|
|
{
|
||
|
|
"comment": "",
|
||
|
|
"deleted": false,
|
||
|
|
"description": "VirusTotal report",
|
||
|
|
"meta-category": "misc",
|
||
|
|
"name": "virustotal-report",
|
||
|
|
"template_uuid": "d7dd0154-e04f-4c34-a2fb-79f3a3a52aa4",
|
||
|
|
"template_version": "2",
|
||
|
|
"timestamp": "1533279919",
|
||
|
|
"uuid": "2643e936-cbd4-4080-bf24-897926886b9c",
|
||
|
|
"Attribute": [
|
||
|
|
{
|
||
|
|
"category": "Other",
|
||
|
|
"comment": "",
|
||
|
|
"deleted": false,
|
||
|
|
"disable_correlation": false,
|
||
|
|
"object_relation": "last-submission",
|
||
|
|
"timestamp": "1533279919",
|
||
|
|
"to_ids": false,
|
||
|
|
"type": "datetime",
|
||
|
|
"uuid": "d6cc19a3-2f99-4d78-8fe2-7bf2bcfb4d90",
|
||
|
|
"value": "2018-08-01T11:55:11"
|
||
|
|
},
|
||
|
|
{
|
||
|
|
"category": "External analysis",
|
||
|
|
"comment": "",
|
||
|
|
"deleted": false,
|
||
|
|
"disable_correlation": false,
|
||
|
|
"object_relation": "permalink",
|
||
|
|
"timestamp": "1533279919",
|
||
|
|
"to_ids": false,
|
||
|
|
"type": "link",
|
||
|
|
"uuid": "08b25fe3-52e6-4aa1-a598-efb51d3856be",
|
||
|
|
"value": "https://www.virustotal.com/file/65e062b0ad6af49772988645f07d9bf890ed1310cf76630e6536762943115529/analysis/1533124511/"
|
||
|
|
},
|
||
|
|
{
|
||
|
|
"category": "Other",
|
||
|
|
"comment": "",
|
||
|
|
"deleted": false,
|
||
|
|
"disable_correlation": true,
|
||
|
|
"object_relation": "detection-ratio",
|
||
|
|
"timestamp": "1533279920",
|
||
|
|
"to_ids": false,
|
||
|
|
"type": "text",
|
||
|
|
"uuid": "76b329b7-f2f5-472a-b3aa-39a5e8896201",
|
||
|
|
"value": "39/66"
|
||
|
|
}
|
||
|
|
]
|
||
|
|
},
|
||
|
|
{
|
||
|
|
"comment": "",
|
||
|
|
"deleted": false,
|
||
|
|
"description": "File object describing a file with meta-information",
|
||
|
|
"meta-category": "file",
|
||
|
|
"name": "file",
|
||
|
|
"template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215",
|
||
|
|
"template_version": "11",
|
||
|
|
"timestamp": "1533279923",
|
||
|
|
"uuid": "4024aa3c-18df-4452-a3b9-9f3e62fa105c",
|
||
|
|
"ObjectReference": [
|
||
|
|
{
|
||
|
|
"comment": "",
|
||
|
|
"object_uuid": "4024aa3c-18df-4452-a3b9-9f3e62fa105c",
|
||
|
|
"referenced_uuid": "242889dc-9946-48f0-bb16-b6044a619b37",
|
||
|
|
"relationship_type": "analysed-with",
|
||
|
|
"timestamp": "1533279934",
|
||
|
|
"uuid": "5b63febe-b664-4c79-9dd9-6c4102de0b81"
|
||
|
|
}
|
||
|
|
],
|
||
|
|
"Attribute": [
|
||
|
|
{
|
||
|
|
"category": "Payload delivery",
|
||
|
|
"comment": "",
|
||
|
|
"deleted": false,
|
||
|
|
"disable_correlation": false,
|
||
|
|
"object_relation": "md5",
|
||
|
|
"timestamp": "1533279920",
|
||
|
|
"to_ids": true,
|
||
|
|
"type": "md5",
|
||
|
|
"uuid": "fd5ecdad-e69c-4f2a-ad9c-a75c1c3a10b6",
|
||
|
|
"value": "5f19025a2ac2afeb331d4a0971507131"
|
||
|
|
},
|
||
|
|
{
|
||
|
|
"category": "Payload delivery",
|
||
|
|
"comment": "",
|
||
|
|
"deleted": false,
|
||
|
|
"disable_correlation": false,
|
||
|
|
"object_relation": "sha1",
|
||
|
|
"timestamp": "1533279920",
|
||
|
|
"to_ids": true,
|
||
|
|
"type": "sha1",
|
||
|
|
"uuid": "e3460133-2741-4531-bfd8-3c1e27e169e5",
|
||
|
|
"value": "1b58d0832448414d830bfb065b9f020d3c5fe64b"
|
||
|
|
},
|
||
|
|
{
|
||
|
|
"category": "Payload delivery",
|
||
|
|
"comment": "",
|
||
|
|
"deleted": false,
|
||
|
|
"disable_correlation": false,
|
||
|
|
"object_relation": "sha256",
|
||
|
|
"timestamp": "1533279921",
|
||
|
|
"to_ids": true,
|
||
|
|
"type": "sha256",
|
||
|
|
"uuid": "2a2f4293-2aa7-442a-9436-c9dd5fc7b779",
|
||
|
|
"value": "b2ebda9b727b66fc5538b90745328a5b4fb26135e7254e2c0ddcc2d3b43d1882"
|
||
|
|
}
|
||
|
|
]
|
||
|
|
},
|
||
|
|
{
|
||
|
|
"comment": "",
|
||
|
|
"deleted": false,
|
||
|
|
"description": "VirusTotal report",
|
||
|
|
"meta-category": "misc",
|
||
|
|
"name": "virustotal-report",
|
||
|
|
"template_uuid": "d7dd0154-e04f-4c34-a2fb-79f3a3a52aa4",
|
||
|
|
"template_version": "2",
|
||
|
|
"timestamp": "1533279921",
|
||
|
|
"uuid": "242889dc-9946-48f0-bb16-b6044a619b37",
|
||
|
|
"Attribute": [
|
||
|
|
{
|
||
|
|
"category": "Other",
|
||
|
|
"comment": "",
|
||
|
|
"deleted": false,
|
||
|
|
"disable_correlation": false,
|
||
|
|
"object_relation": "last-submission",
|
||
|
|
"timestamp": "1533279921",
|
||
|
|
"to_ids": false,
|
||
|
|
"type": "datetime",
|
||
|
|
"uuid": "bc6de473-2ba3-4e5c-81f2-9b43c4129c97",
|
||
|
|
"value": "2018-07-23T22:35:44"
|
||
|
|
},
|
||
|
|
{
|
||
|
|
"category": "External analysis",
|
||
|
|
"comment": "",
|
||
|
|
"deleted": false,
|
||
|
|
"disable_correlation": false,
|
||
|
|
"object_relation": "permalink",
|
||
|
|
"timestamp": "1533279922",
|
||
|
|
"to_ids": false,
|
||
|
|
"type": "link",
|
||
|
|
"uuid": "fd14bb8e-738c-47f7-a804-16e0358c56e6",
|
||
|
|
"value": "https://www.virustotal.com/file/b2ebda9b727b66fc5538b90745328a5b4fb26135e7254e2c0ddcc2d3b43d1882/analysis/1532385344/"
|
||
|
|
},
|
||
|
|
{
|
||
|
|
"category": "Other",
|
||
|
|
"comment": "",
|
||
|
|
"deleted": false,
|
||
|
|
"disable_correlation": true,
|
||
|
|
"object_relation": "detection-ratio",
|
||
|
|
"timestamp": "1533279922",
|
||
|
|
"to_ids": false,
|
||
|
|
"type": "text",
|
||
|
|
"uuid": "1f4d5c0d-7cf0-45a5-b727-e53dad1d2436",
|
||
|
|
"value": "51/68"
|
||
|
|
}
|
||
|
|
]
|
||
|
|
},
|
||
|
|
{
|
||
|
|
"comment": "",
|
||
|
|
"deleted": false,
|
||
|
|
"description": "File object describing a file with meta-information",
|
||
|
|
"meta-category": "file",
|
||
|
|
"name": "file",
|
||
|
|
"template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215",
|
||
|
|
"template_version": "11",
|
||
|
|
"timestamp": "1533279925",
|
||
|
|
"uuid": "818160f4-21c2-45b6-be21-dd9eec574074",
|
||
|
|
"ObjectReference": [
|
||
|
|
{
|
||
|
|
"comment": "",
|
||
|
|
"object_uuid": "818160f4-21c2-45b6-be21-dd9eec574074",
|
||
|
|
"referenced_uuid": "250c1137-3bfa-446e-b1e3-9ac17421a058",
|
||
|
|
"relationship_type": "analysed-with",
|
||
|
|
"timestamp": "1533279934",
|
||
|
|
"uuid": "5b63febe-22a8-449a-94c4-6c4102de0b81"
|
||
|
|
}
|
||
|
|
],
|
||
|
|
"Attribute": [
|
||
|
|
{
|
||
|
|
"category": "Payload delivery",
|
||
|
|
"comment": "",
|
||
|
|
"deleted": false,
|
||
|
|
"disable_correlation": false,
|
||
|
|
"object_relation": "md5",
|
||
|
|
"timestamp": "1533279922",
|
||
|
|
"to_ids": true,
|
||
|
|
"type": "md5",
|
||
|
|
"uuid": "df90358f-e642-4255-8a25-992d1b3a6c48",
|
||
|
|
"value": "5a610962baf6081eb809a9e460599871"
|
||
|
|
},
|
||
|
|
{
|
||
|
|
"category": "Payload delivery",
|
||
|
|
"comment": "",
|
||
|
|
"deleted": false,
|
||
|
|
"disable_correlation": false,
|
||
|
|
"object_relation": "sha1",
|
||
|
|
"timestamp": "1533279923",
|
||
|
|
"to_ids": true,
|
||
|
|
"type": "sha1",
|
||
|
|
"uuid": "7deafec8-9972-4763-83cc-e79fc3a2a678",
|
||
|
|
"value": "6290a0dca10e063fc8913cfccc7057356e082e3b"
|
||
|
|
},
|
||
|
|
{
|
||
|
|
"category": "Payload delivery",
|
||
|
|
"comment": "",
|
||
|
|
"deleted": false,
|
||
|
|
"disable_correlation": false,
|
||
|
|
"object_relation": "sha256",
|
||
|
|
"timestamp": "1533279923",
|
||
|
|
"to_ids": true,
|
||
|
|
"type": "sha256",
|
||
|
|
"uuid": "fe6d2c37-c407-4bf8-9d4e-e78eb418dcb0",
|
||
|
|
"value": "bc598b8327d9bbffdf96e2f972f2be0794e4e994771c6b0c84d9326921604db7"
|
||
|
|
}
|
||
|
|
]
|
||
|
|
},
|
||
|
|
{
|
||
|
|
"comment": "",
|
||
|
|
"deleted": false,
|
||
|
|
"description": "VirusTotal report",
|
||
|
|
"meta-category": "misc",
|
||
|
|
"name": "virustotal-report",
|
||
|
|
"template_uuid": "d7dd0154-e04f-4c34-a2fb-79f3a3a52aa4",
|
||
|
|
"template_version": "2",
|
||
|
|
"timestamp": "1533279924",
|
||
|
|
"uuid": "250c1137-3bfa-446e-b1e3-9ac17421a058",
|
||
|
|
"Attribute": [
|
||
|
|
{
|
||
|
|
"category": "Other",
|
||
|
|
"comment": "",
|
||
|
|
"deleted": false,
|
||
|
|
"disable_correlation": false,
|
||
|
|
"object_relation": "last-submission",
|
||
|
|
"timestamp": "1533279924",
|
||
|
|
"to_ids": false,
|
||
|
|
"type": "datetime",
|
||
|
|
"uuid": "0f7f6908-09c7-4a86-b090-1fbf58b67e96",
|
||
|
|
"value": "2018-07-25T17:57:11"
|
||
|
|
},
|
||
|
|
{
|
||
|
|
"category": "External analysis",
|
||
|
|
"comment": "",
|
||
|
|
"deleted": false,
|
||
|
|
"disable_correlation": false,
|
||
|
|
"object_relation": "permalink",
|
||
|
|
"timestamp": "1533279925",
|
||
|
|
"to_ids": false,
|
||
|
|
"type": "link",
|
||
|
|
"uuid": "46ad717a-4b50-42b1-bedd-6cdd7e03a1e8",
|
||
|
|
"value": "https://www.virustotal.com/file/bc598b8327d9bbffdf96e2f972f2be0794e4e994771c6b0c84d9326921604db7/analysis/1532541431/"
|
||
|
|
},
|
||
|
|
{
|
||
|
|
"category": "Other",
|
||
|
|
"comment": "",
|
||
|
|
"deleted": false,
|
||
|
|
"disable_correlation": true,
|
||
|
|
"object_relation": "detection-ratio",
|
||
|
|
"timestamp": "1533279925",
|
||
|
|
"to_ids": false,
|
||
|
|
"type": "text",
|
||
|
|
"uuid": "cd23483c-b1f7-4346-a0da-5544b45f3f8e",
|
||
|
|
"value": "53/68"
|
||
|
|
}
|
||
|
|
]
|
||
|
|
},
|
||
|
|
{
|
||
|
|
"comment": "",
|
||
|
|
"deleted": false,
|
||
|
|
"description": "File object describing a file with meta-information",
|
||
|
|
"meta-category": "file",
|
||
|
|
"name": "file",
|
||
|
|
"template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215",
|
||
|
|
"template_version": "11",
|
||
|
|
"timestamp": "1533279928",
|
||
|
|
"uuid": "1267f609-b45b-4b55-a0d1-ea1ae7db562d",
|
||
|
|
"ObjectReference": [
|
||
|
|
{
|
||
|
|
"comment": "",
|
||
|
|
"object_uuid": "1267f609-b45b-4b55-a0d1-ea1ae7db562d",
|
||
|
|
"referenced_uuid": "df4f13dc-e7db-4896-a560-3f428553d305",
|
||
|
|
"relationship_type": "analysed-with",
|
||
|
|
"timestamp": "1533279935",
|
||
|
|
"uuid": "5b63febf-2c0c-47af-af79-6c4102de0b81"
|
||
|
|
}
|
||
|
|
],
|
||
|
|
"Attribute": [
|
||
|
|
{
|
||
|
|
"category": "Payload delivery",
|
||
|
|
"comment": "",
|
||
|
|
"deleted": false,
|
||
|
|
"disable_correlation": false,
|
||
|
|
"object_relation": "md5",
|
||
|
|
"timestamp": "1533279925",
|
||
|
|
"to_ids": true,
|
||
|
|
"type": "md5",
|
||
|
|
"uuid": "766253bd-94d0-413a-bf3a-965cfa345d06",
|
||
|
|
"value": "ccb184bbb7d257f02e2f69790d33f3b6"
|
||
|
|
},
|
||
|
|
{
|
||
|
|
"category": "Payload delivery",
|
||
|
|
"comment": "",
|
||
|
|
"deleted": false,
|
||
|
|
"disable_correlation": false,
|
||
|
|
"object_relation": "sha1",
|
||
|
|
"timestamp": "1533279926",
|
||
|
|
"to_ids": true,
|
||
|
|
"type": "sha1",
|
||
|
|
"uuid": "9eff8458-9907-4635-a8d6-c2c6f37a7cff",
|
||
|
|
"value": "69b016cdcbbdbee85333fe04d2d81f8c1bc76f11"
|
||
|
|
},
|
||
|
|
{
|
||
|
|
"category": "Payload delivery",
|
||
|
|
"comment": "",
|
||
|
|
"deleted": false,
|
||
|
|
"disable_correlation": false,
|
||
|
|
"object_relation": "sha256",
|
||
|
|
"timestamp": "1533279926",
|
||
|
|
"to_ids": true,
|
||
|
|
"type": "sha256",
|
||
|
|
"uuid": "88b0049a-83f0-49a1-b346-4f92d1ffdd8c",
|
||
|
|
"value": "e93cc654eb2b17bbd4b760e27d45fc0078c0a8f9b7be6b7a2c11cc78114f31aa"
|
||
|
|
}
|
||
|
|
]
|
||
|
|
},
|
||
|
|
{
|
||
|
|
"comment": "",
|
||
|
|
"deleted": false,
|
||
|
|
"description": "VirusTotal report",
|
||
|
|
"meta-category": "misc",
|
||
|
|
"name": "virustotal-report",
|
||
|
|
"template_uuid": "d7dd0154-e04f-4c34-a2fb-79f3a3a52aa4",
|
||
|
|
"template_version": "2",
|
||
|
|
"timestamp": "1533279927",
|
||
|
|
"uuid": "df4f13dc-e7db-4896-a560-3f428553d305",
|
||
|
|
"Attribute": [
|
||
|
|
{
|
||
|
|
"category": "Other",
|
||
|
|
"comment": "",
|
||
|
|
"deleted": false,
|
||
|
|
"disable_correlation": false,
|
||
|
|
"object_relation": "last-submission",
|
||
|
|
"timestamp": "1533279927",
|
||
|
|
"to_ids": false,
|
||
|
|
"type": "datetime",
|
||
|
|
"uuid": "6497fe78-a309-4e69-9687-96c6c24db053",
|
||
|
|
"value": "2018-08-02T20:47:19"
|
||
|
|
},
|
||
|
|
{
|
||
|
|
"category": "External analysis",
|
||
|
|
"comment": "",
|
||
|
|
"deleted": false,
|
||
|
|
"disable_correlation": false,
|
||
|
|
"object_relation": "permalink",
|
||
|
|
"timestamp": "1533279927",
|
||
|
|
"to_ids": false,
|
||
|
|
"type": "link",
|
||
|
|
"uuid": "8fd07da2-cc82-42ed-9fa4-a9ce5dad548e",
|
||
|
|
"value": "https://www.virustotal.com/file/e93cc654eb2b17bbd4b760e27d45fc0078c0a8f9b7be6b7a2c11cc78114f31aa/analysis/1533242839/"
|
||
|
|
},
|
||
|
|
{
|
||
|
|
"category": "Other",
|
||
|
|
"comment": "",
|
||
|
|
"deleted": false,
|
||
|
|
"disable_correlation": true,
|
||
|
|
"object_relation": "detection-ratio",
|
||
|
|
"timestamp": "1533279928",
|
||
|
|
"to_ids": false,
|
||
|
|
"type": "text",
|
||
|
|
"uuid": "d358f6e8-44d6-4401-839b-d5f52d134dcc",
|
||
|
|
"value": "47/67"
|
||
|
|
}
|
||
|
|
]
|
||
|
|
},
|
||
|
|
{
|
||
|
|
"comment": "",
|
||
|
|
"deleted": false,
|
||
|
|
"description": "File object describing a file with meta-information",
|
||
|
|
"meta-category": "file",
|
||
|
|
"name": "file",
|
||
|
|
"template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215",
|
||
|
|
"template_version": "11",
|
||
|
|
"timestamp": "1533279931",
|
||
|
|
"uuid": "6745208f-c8c8-4274-b672-890fb2779a26",
|
||
|
|
"ObjectReference": [
|
||
|
|
{
|
||
|
|
"comment": "",
|
||
|
|
"object_uuid": "6745208f-c8c8-4274-b672-890fb2779a26",
|
||
|
|
"referenced_uuid": "5f713e33-c562-4370-87c0-17a7a79034be",
|
||
|
|
"relationship_type": "analysed-with",
|
||
|
|
"timestamp": "1533279935",
|
||
|
|
"uuid": "5b63febf-60c0-45d4-876d-6c4102de0b81"
|
||
|
|
}
|
||
|
|
],
|
||
|
|
"Attribute": [
|
||
|
|
{
|
||
|
|
"category": "Payload delivery",
|
||
|
|
"comment": "",
|
||
|
|
"deleted": false,
|
||
|
|
"disable_correlation": false,
|
||
|
|
"object_relation": "md5",
|
||
|
|
"timestamp": "1533279928",
|
||
|
|
"to_ids": true,
|
||
|
|
"type": "md5",
|
||
|
|
"uuid": "61e9162f-3cbd-410d-b9c5-728df53e459e",
|
||
|
|
"value": "e5562389a49680c25e67b750b2c368eb"
|
||
|
|
},
|
||
|
|
{
|
||
|
|
"category": "Payload delivery",
|
||
|
|
"comment": "",
|
||
|
|
"deleted": false,
|
||
|
|
"disable_correlation": false,
|
||
|
|
"object_relation": "sha1",
|
||
|
|
"timestamp": "1533279928",
|
||
|
|
"to_ids": true,
|
||
|
|
"type": "sha1",
|
||
|
|
"uuid": "22e905fa-3ee3-4615-af2f-096b90b4b690",
|
||
|
|
"value": "962574ed4d0aaa3479d24d44dcf77ea4ed558bb9"
|
||
|
|
},
|
||
|
|
{
|
||
|
|
"category": "Payload delivery",
|
||
|
|
"comment": "",
|
||
|
|
"deleted": false,
|
||
|
|
"disable_correlation": false,
|
||
|
|
"object_relation": "sha256",
|
||
|
|
"timestamp": "1533279929",
|
||
|
|
"to_ids": true,
|
||
|
|
"type": "sha256",
|
||
|
|
"uuid": "4c748301-2642-4530-9d56-6f29083c00c9",
|
||
|
|
"value": "32275a574511f28ebe2efebb9f9830f30219ca42f438428da04243ccbe76d477"
|
||
|
|
}
|
||
|
|
]
|
||
|
|
},
|
||
|
|
{
|
||
|
|
"comment": "",
|
||
|
|
"deleted": false,
|
||
|
|
"description": "VirusTotal report",
|
||
|
|
"meta-category": "misc",
|
||
|
|
"name": "virustotal-report",
|
||
|
|
"template_uuid": "d7dd0154-e04f-4c34-a2fb-79f3a3a52aa4",
|
||
|
|
"template_version": "2",
|
||
|
|
"timestamp": "1533279929",
|
||
|
|
"uuid": "5f713e33-c562-4370-87c0-17a7a79034be",
|
||
|
|
"Attribute": [
|
||
|
|
{
|
||
|
|
"category": "Other",
|
||
|
|
"comment": "",
|
||
|
|
"deleted": false,
|
||
|
|
"disable_correlation": false,
|
||
|
|
"object_relation": "last-submission",
|
||
|
|
"timestamp": "1533279930",
|
||
|
|
"to_ids": false,
|
||
|
|
"type": "datetime",
|
||
|
|
"uuid": "f53903a9-0918-41d3-9e5f-c001c2fa17d4",
|
||
|
|
"value": "2018-01-08T11:14:25"
|
||
|
|
},
|
||
|
|
{
|
||
|
|
"category": "External analysis",
|
||
|
|
"comment": "",
|
||
|
|
"deleted": false,
|
||
|
|
"disable_correlation": false,
|
||
|
|
"object_relation": "permalink",
|
||
|
|
"timestamp": "1533279930",
|
||
|
|
"to_ids": false,
|
||
|
|
"type": "link",
|
||
|
|
"uuid": "a1fc6f3d-377c-4ed9-bcad-5cbcbebd14f4",
|
||
|
|
"value": "https://www.virustotal.com/file/32275a574511f28ebe2efebb9f9830f30219ca42f438428da04243ccbe76d477/analysis/1515410065/"
|
||
|
|
},
|
||
|
|
{
|
||
|
|
"category": "Other",
|
||
|
|
"comment": "",
|
||
|
|
"deleted": false,
|
||
|
|
"disable_correlation": true,
|
||
|
|
"object_relation": "detection-ratio",
|
||
|
|
"timestamp": "1533279931",
|
||
|
|
"to_ids": false,
|
||
|
|
"type": "text",
|
||
|
|
"uuid": "9ce6141a-8d24-4744-923b-38704f43271b",
|
||
|
|
"value": "28/67"
|
||
|
|
}
|
||
|
|
]
|
||
|
|
},
|
||
|
|
{
|
||
|
|
"comment": "",
|
||
|
|
"deleted": false,
|
||
|
|
"description": "File object describing a file with meta-information",
|
||
|
|
"meta-category": "file",
|
||
|
|
"name": "file",
|
||
|
|
"template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215",
|
||
|
|
"template_version": "11",
|
||
|
|
"timestamp": "1533279934",
|
||
|
|
"uuid": "7d5de9ae-0701-4641-b1dd-6db94f8b0ad6",
|
||
|
|
"ObjectReference": [
|
||
|
|
{
|
||
|
|
"comment": "",
|
||
|
|
"object_uuid": "7d5de9ae-0701-4641-b1dd-6db94f8b0ad6",
|
||
|
|
"referenced_uuid": "d9a9cd7a-cc40-41c7-ab06-8ca0b166726f",
|
||
|
|
"relationship_type": "analysed-with",
|
||
|
|
"timestamp": "1533279935",
|
||
|
|
"uuid": "5b63febf-d910-426d-bd76-6c4102de0b81"
|
||
|
|
}
|
||
|
|
],
|
||
|
|
"Attribute": [
|
||
|
|
{
|
||
|
|
"category": "Payload delivery",
|
||
|
|
"comment": "",
|
||
|
|
"deleted": false,
|
||
|
|
"disable_correlation": false,
|
||
|
|
"object_relation": "md5",
|
||
|
|
"timestamp": "1533279931",
|
||
|
|
"to_ids": true,
|
||
|
|
"type": "md5",
|
||
|
|
"uuid": "ac0c2f4c-9298-434d-97d9-f7faabb10876",
|
||
|
|
"value": "f9b14393b995a655e72731c8b6ce78fd"
|
||
|
|
},
|
||
|
|
{
|
||
|
|
"category": "Payload delivery",
|
||
|
|
"comment": "",
|
||
|
|
"deleted": false,
|
||
|
|
"disable_correlation": false,
|
||
|
|
"object_relation": "sha1",
|
||
|
|
"timestamp": "1533279931",
|
||
|
|
"to_ids": true,
|
||
|
|
"type": "sha1",
|
||
|
|
"uuid": "27d8b929-23ff-4c75-8f6a-cbb33c9aeaef",
|
||
|
|
"value": "fa9ab8fe04781041f49597c218324f358fc8d661"
|
||
|
|
},
|
||
|
|
{
|
||
|
|
"category": "Payload delivery",
|
||
|
|
"comment": "",
|
||
|
|
"deleted": false,
|
||
|
|
"disable_correlation": false,
|
||
|
|
"object_relation": "sha256",
|
||
|
|
"timestamp": "1533279932",
|
||
|
|
"to_ids": true,
|
||
|
|
"type": "sha256",
|
||
|
|
"uuid": "5569a1c2-015c-4698-8a72-d0237ccf3ba8",
|
||
|
|
"value": "b82535078c14e1ce98a2e2461af8fb378e56bb2625056fe1dd5a316b3f0365f8"
|
||
|
|
}
|
||
|
|
]
|
||
|
|
},
|
||
|
|
{
|
||
|
|
"comment": "",
|
||
|
|
"deleted": false,
|
||
|
|
"description": "VirusTotal report",
|
||
|
|
"meta-category": "misc",
|
||
|
|
"name": "virustotal-report",
|
||
|
|
"template_uuid": "d7dd0154-e04f-4c34-a2fb-79f3a3a52aa4",
|
||
|
|
"template_version": "2",
|
||
|
|
"timestamp": "1533279932",
|
||
|
|
"uuid": "d9a9cd7a-cc40-41c7-ab06-8ca0b166726f",
|
||
|
|
"Attribute": [
|
||
|
|
{
|
||
|
|
"category": "Other",
|
||
|
|
"comment": "",
|
||
|
|
"deleted": false,
|
||
|
|
"disable_correlation": false,
|
||
|
|
"object_relation": "last-submission",
|
||
|
|
"timestamp": "1533279932",
|
||
|
|
"to_ids": false,
|
||
|
|
"type": "datetime",
|
||
|
|
"uuid": "ed7c1a62-02d3-41ff-a561-8a97c33a37ad",
|
||
|
|
"value": "2018-03-22T02:30:18"
|
||
|
|
},
|
||
|
|
{
|
||
|
|
"category": "External analysis",
|
||
|
|
"comment": "",
|
||
|
|
"deleted": false,
|
||
|
|
"disable_correlation": false,
|
||
|
|
"object_relation": "permalink",
|
||
|
|
"timestamp": "1533279933",
|
||
|
|
"to_ids": false,
|
||
|
|
"type": "link",
|
||
|
|
"uuid": "af4be266-5fb0-4cb9-88db-918da4d6e9bf",
|
||
|
|
"value": "https://www.virustotal.com/file/b82535078c14e1ce98a2e2461af8fb378e56bb2625056fe1dd5a316b3f0365f8/analysis/1521685818/"
|
||
|
|
},
|
||
|
|
{
|
||
|
|
"category": "Other",
|
||
|
|
"comment": "",
|
||
|
|
"deleted": false,
|
||
|
|
"disable_correlation": true,
|
||
|
|
"object_relation": "detection-ratio",
|
||
|
|
"timestamp": "1533279933",
|
||
|
|
"to_ids": false,
|
||
|
|
"type": "text",
|
||
|
|
"uuid": "a54ba07e-36cd-4fbd-9ec5-9d613d889d00",
|
||
|
|
"value": "9/62"
|
||
|
|
}
|
||
|
|
]
|
||
|
|
}
|
||
|
|
]
|
||
|
|
}
|
||
|
|
}
|