adulau/misp-circl-feed
1
0
Fork 0
Code Issues 1 Pull requests Projects 1 Releases Packages Wiki Activity Actions
misp-circl-feed/feeds/circl/misp/5c125ad1-a1a8-495e-ae07-48bd950d210f.json

873 lines
325 KiB
JSON
Raw Normal View History

chg: [feed] added
2023-04-21 13:25:09 +00:00
{
"Event": {
"analysis": "0",
"date": "2018-12-12",
"extends_uuid": "",
"info": "OSINT - \u00e2\u20ac\u02dcOperation Sharpshooter\u00e2\u20ac\u2122 Targets Global Defense, Critical Infrastructure",
"publish_timestamp": "1544734098",
"published": true,
"threat_level_id": "3",
"timestamp": "1544734085",
"uuid": "5c125ad1-a1a8-495e-ae07-48bd950d210f",
"Orgc": {
"name": "CIRCL",
"uuid": "55f6ea5e-2c60-40e5-964f-47a8950d210f"
},
"Tag": [
{
"colour": "#0088cc",
"name": "misp-galaxy:mitre-enterprise-attack-attack-pattern=\"Account Discovery - T1087\""
},
{
"colour": "#0088cc",
"name": "misp-galaxy:mitre-enterprise-attack-attack-pattern=\"File and Directory Discovery - T1083\""
},
{
"colour": "#0088cc",
"name": "misp-galaxy:mitre-enterprise-attack-attack-pattern=\"Process Discovery - T1057\""
},
{
"colour": "#0088cc",
"name": "misp-galaxy:mitre-enterprise-attack-attack-pattern=\"System Information Discovery - T1082\""
},
{
"colour": "#0088cc",
"name": "misp-galaxy:mitre-enterprise-attack-attack-pattern=\"System Network Configuration Discovery - T1016\""
},
{
"colour": "#0088cc",
"name": "misp-galaxy:mitre-enterprise-attack-attack-pattern=\"System Network Connections Discovery - T1049\""
},
{
"colour": "#0088cc",
"name": "misp-galaxy:mitre-enterprise-attack-attack-pattern=\"System Time Discovery - T1124\""
},
{
"colour": "#0088cc",
"name": "misp-galaxy:mitre-enterprise-attack-attack-pattern=\"Automated Exfiltration - T1020\""
},
{
"colour": "#0088cc",
"name": "misp-galaxy:mitre-enterprise-attack-attack-pattern=\"Data Encrypted - T1022\""
},
{
"colour": "#0088cc",
"name": "misp-galaxy:mitre-enterprise-attack-attack-pattern=\"Exfiltration Over Command and Control Channel - T1041\""
},
{
"colour": "#0088cc",
"name": "misp-galaxy:mitre-enterprise-attack-attack-pattern=\"Commonly Used Port - T1043\""
},
{
"colour": "#0088cc",
"name": "misp-galaxy:mitre-enterprise-attack-attack-pattern=\"Process Injection - T1055\""
},
{
"colour": "#ffffff",
"name": "tlp:white"
},
{
"colour": "#004646",
"name": "type:OSINT"
},
{
"colour": "#00223b",
"name": "osint:source-type=\"blog-post\""
},
{
"colour": "#0088cc",
"name": "misp-galaxy:threat-actor=\"Operation Sharpshooter\""
}
],
"Attribute": [
{
"category": "External analysis",
"comment": "",
"deleted": false,
"disable_correlation": false,
"timestamp": "1544707005",
"to_ids": false,
"type": "link",
"uuid": "5c125bbd-4cd4-483a-97d1-64d4950d210f",
"value": "https://securingtomorrow.mcafee.com/other-blogs/mcafee-labs/operation-sharpshooter-targets-global-defense-critical-infrastructure/"
},
{
"category": "External analysis",
"comment": "",
"deleted": false,
"disable_correlation": false,
"timestamp": "1544707033",
"to_ids": false,
"type": "text",
"uuid": "5c125bd9-6bc0-4b84-ba4d-46ef950d210f",
"value": "The McAfee Advanced Threat Research team and McAfee Labs Malware Operations Group have discovered a new global campaign targeting nuclear, defense, energy, and financial companies, based on McAfee\u00c2\u00ae Global Threat Intelligence. This campaign, Operation Sharpshooter, leverages an in-memory implant to download and retrieve a second-stage implant\u00e2\u20ac\u201dwhich we call Rising Sun\u00e2\u20ac\u201dfor further exploitation. According to our analysis, the Rising Sun implant uses source code from the Lazarus Group\u00e2\u20ac\u2122s 2015 backdoor Trojan Duuzer in a new framework to infiltrate these key industries.\r\n\r\nOperation Sharpshooter\u00e2\u20ac\u2122s numerous technical links to the Lazarus Group seem too obvious to immediately draw the conclusion that they are responsible for the attacks, and instead indicate a potential for false flags. Our research focuses on how this actor operates, the global impact, and how to detect the attack. We shall leave attribution to the broader security community."
},
{
"category": "External analysis",
"comment": "Impacted organisations",
"data": "iVBORw0KGgoAAAANSUhEUgAABSwAAAM6CAYAAAH8sz3OAAAAAXNSR0IArs4c6QAAAARnQU1BAACxjwv8YQUAAAAJcEhZcwAADsQAAA7EAZUrDhsAAP+lSURBVHhe7J0FfBw39sfNFDMzM9uxw5zYYWyYGdowc8Nl5jZJkzbpleHaf/nKvSv3rtdre2Vur70y073//LTRWjurXS97dy1/Pl/PrKTRaGY0b56enqQA7S9FY4RC4WWwf6RQeBmqYlrjiy++oI8//pjOOOMMSktLY2G7du2i+Ph4ti/+/fjjj/Tll1/SU089Ra+//jp98MEHdN9999G+ffvo+uuvp7Vr11JsbCwVFRXR3LlzTc6jMENVTGv85z//Ydu33nrLWBkDAwONlZTHJyUlsS3+rrvuOrb/7rvv0jvvvEOffPIJq8wHDhxgFfPVV1+lyspKlkZhEVUxFV6JqpgKr0RVTIVrGbXrLaoeuZtmzJghjbcRVTEVrqW4z2JKLRlAs2bNYo281NRUabp2UBVT4ZWoiqlwLXRGM10+Lo/uuusuaTznzDPPZNvMzEyzOA1VMRWupU9eNJWnRFBwcDD7nZGRwbaRkZEUFRVF6enpFBERQQkJCSwuLCzM5PgTqIqp8EpUxVS4lgceeIBWrFhBEydONAkfN24cPfvssyZhVlAVU+Fapk+fTj169KAhQ4Ywk9GECRPYdsyYMXTSSSdJj5Hg2xUzpaiByobMpPLBM2nW4ddpxlX/Yiy4/mMavfcuiomJoZSUFOrSpQvrNiwoKKDS0lJGVlYW6yKE7oNuRuTHt64iJixIGq5oF++vmIGBhoc777oPjWGj995J846/T3GZxVQ1fCGrjHEZhSwOrbyysjJjBbQVWyol8i0uLqbo6GhpvDN00Srxyl5pRKc1U1p0qDSNL0D/DKBrtwWweyqLtxHvqpjFfSdSxdD5lFbWzH7PPPQa22bV9KMplzxPRX1OotlXv87C0sq7GY/j5OTkMAcLOFzoK5413FHRRGrSImnX4Ez6cHOdNJ6TEBmivSAB9Nn2evpiRwN9v7sr/bqvSZrWWxnSFEC1hYZ9CAl8tUJDQ9lXC18o/qXSH6fDOypmfFYJk3oLbzB463AyKnuy7eA1B6nbrJ1apXyDQsKjKDGvgiq1Clw9colJepHy8nJpJdSDz7vseFfxn231FBdhMJ1wQoPbpHN4SCBtHZjBKqKMb3Y10qjyOFrRM41GVxg8nEBlaqRxn3PtZMNXww9wX8WMCrVNv+Kf6rpxKzQ98d9GPXH49ptYeFRiOk089wm2H5dRRDMPvmpMA8bsv8eYl572PumILykpkR5rC5BuKfHyOM6TSyto/9BskzBUuDtmF9OXOxtoYXMKfadVPn2FtJVf9jZRXnwY/bjHIF3FuA9OSOiCxHCT84scm1JI4ysTpHGOsOS2b6jPknOYbi+LtxHXVMzj2sX9pN0Y8aaIvLmykFWi6Vf+U/s8t1UsfKqx7b3oLJbPhLMepujkbAoOxY0MpJqRS9lnHGnGnfkQSzPjqpeN523ddIzFxaaZSz0YcfUVUQS6ov4YW8hICqB/X6tVyPpZdPKsKFp9y1B2jV9plQwVTEy7ZYDBuAwStc/0LTOKWNqrJuSzSjm8LI7+qlXc/wr3ylOgIr+8uprto+wDCtv9vNpE09QtVNB9JNXW1tLJJ58sTWMDzlfMnYMyaXJtotmFcwbM3MQqj7OgQvect9/k3Lxiz7nmHRYvxukrIoCEFNM4Aj2h5T1kM6Nk8HZWMUetqaNvTm2kkdonl+uEZckRmo5oXRJePCZXGt6RPLigjH7Qyv3L3q5m1+5BnK+Yr6wxvHUyZhx916yC2QsqHz7h2B+z7252zvisUuqjSVmeRl8mYGuF5J97KOiyeBH6RwBNGpZqrJgIQ8XkUhMgTLwHvgb//DvKtofG0LBVNXT22WdL423EsYq5TftEyS4Knye+L+qLjqCXgCC9ogeTjsibh5UOmm6ShiPql7J4eyjJ1irlIwZklRJ8qT1Q8V74AldPLGDbnzXpKIbrr98e8htTKKUglvWBFxYWUlxcHGVnZ9v04gs4LjH5Rdw0vZgeWlhuEjevazLNckJazr32HZP8RHgaXjnnHnvfLI2rCQ81VMoFI9oqZnSqqRQWH6y3gnYAKuEFo3OZmsHLfssMx/RtN+J4xbxjVjFtH9Sm3Ot5c32NSWWzF1megUHBNqd1Bphw0KDTh8M7hlfM/B4LjOHJycnSiuBtiNci0l68PVSNPp0yqsfSsGHDpPE2Yl/FrE4zt51ZAra7WScaJ46Cz7aYpywNENO4goTIYPpW18IGubm5FNbFMCKSA1UB4VAdxEpgD0u6p0vDXclc7SsmllsPT4d9mMH08baSWj6UYjOqmSNHt26GTpC//e1vZunaof2KmRlrf/fYxPOeoOz6gdJKZC9VIwxGdFmcSHbdALNyOMIf2icbW9gX0dLm4cUD1hilpXjeOde+a9RlgVgZ2kM8DmTm5rOt3h5pL/fNL6OUrDwtH7kJb12fdON1iSAuyIlK6UIc/5S3R/OMnSYP0Bnaa0gFh0idTZ2ipTjWaJfcvm2rsVKCxokbTM6PygSJifEt2EeF1lcGNAxzC4tpx+Bs+s/WOqbjZeXkGiulnsMnFdAPu00r1o8nfielZVJxqXUJzfNJzJCbpM4YnmN2za7g1nHxtLg2kpYtW0Z9+vRhY+tl6dppDLmvYrZuPk7Dtt9Erdtv1riFMfTE1pybaX2vJJOHbZGDrxjPkaa10rE19Aa1Gd5dxX3z2iRgXf0AVinLWrbS1EtfpLnHP6bmCeVUPniaSYUSeU0wpcnibaWsvJxKtIooi+MU5aRTdkGxNK5Ue2lmNpmqC/do1/abG/rhG1JDKT8umPWT19XVMTUH3cM8HuXhwyny8/MpKEjaQ+i+ionGkXgj7OHnPY3mFVJj+pUv05FJhVpFbKucIDw6nsYeuNckzBWIZTrtnPOZ8wFMH7i56C1BOCQXfkNi4iHwyoA+eNF8BhAORxOexhaQD4YgYD8vL88s3hFQFvT84BrR0NNftxfgvoopPhBHeGZRvrFC9l55kEbP38IeNCptUHAIzdV0O9l5XQn6uXl5ktPS2UNFBUQc3npUsoqKCuMDh90OcUhzqa5Xh6sFSB8SEsK8bAA/1hJiZQfog0b+YpgIulp5RZaRm26wILy1oZaVJzQ6kW1dxerVq2nQoEE0ePBgaTzn5ZetfuHcUzHFB+Ios65+nZrWXGcidWTncjVXrAugQxsD6OrNAfThpnp2fjEeDxdb+G/iEyV6MYnpOPi8fn1qW/nx6UJaSF6xgmGQFt9HBcdnDhNwWapkOFZ/fiC+KDLwQh2bbOpbUDrnIkrqOtYkzFGgV+I869evpy1bthjnfOK0trayLZ9Y7NdffzWJP4H3VkyRqXWufautgZuKyskR47KyDQ0GfF4hyViYJvUwSRZsmZBm2CIPLlmRDiMCeUVEGD7JqHRIJ0pEribwSsobU86CSo4temGwRRlEItP9yMBuCegussrlKLJzuJOysraKefla0zjRy527y/HKBkdYsTLoGVQYTcdGtnnw6ONR2UUJqpeEjsIbGhyubuhJaZ4gDbeXG3YF0PwRAXThhRey38eOHTNLYwOur5iLml3XC/L+JuccChwBfbyolEe3mIbDvAFJxvfFOIBKi88WdDxUCFQyAIkISdoztwsdHhZL142KY+lvHRvHfl/eEmOsREiPCo889J96Z4B0RkXnZUUY3weZAxdT6dyLTcIcpWup9kXJaBtPjnvG7xfUjCVLLDt3C3j3p/zgBPd6l1sCFQKSRv+A9Q9UBJ9rvo9PNbb6Y1ERZTTnGj6xelAOjAFCpZfF2wMvG0C+2IZ0SaDSeZdSaveJFJ5o6szcwbinYoL2fBGtIfa4eBrZQxWxZygG0ouf5FMaIqUVszpbqyAn0gCua/5jRSWt65NGXWJiTeIdxax8cy8xC3OWylOOU3r/uTRggOWeOD7RrRXcVzFTo0NZJcPAqi+17f/NKTGrgJaQ5ecJ8MmVPVCO+GnlUodXvA821dBzyyvp4YVl9F/tmp
"deleted": false,
"disable_correlation": false,
"timestamp": "1544708438",
"to_ids": false,
"type": "attachment",
"uuid": "5c126156-a2b8-4a54-8f69-4194950d210f",
"value": "20181210-Sharpshooter-1.png"
},
{
"category": "Network activity",
"comment": "Control servers",
"deleted": false,
"disable_correlation": false,
"timestamp": "1544710936",
"to_ids": true,
"type": "url",
"uuid": "5c126b18-c97c-4e7d-83cb-a888950d210f",
"value": "34.214.99.20/view_style.php"
},
{
"category": "Network activity",
"comment": "Control servers",
"deleted": false,
"disable_correlation": false,
"timestamp": "1544710937",
"to_ids": true,
"type": "url",
"uuid": "5c126b19-e450-4088-8f8f-a888950d210f",
"value": "137.74.41.56/board.php"
},
{
"category": "Network activity",
"comment": "Control servers",
"deleted": false,
"disable_correlation": false,
"timestamp": "1544710937",
"to_ids": true,
"type": "url",
"uuid": "5c126b19-142c-4031-9abe-a888950d210f",
"value": "kingkoil.com.sg/board.php"
},
{
"category": "Network activity",
"comment": "Document URLs",
"deleted": false,
"disable_correlation": false,
"timestamp": "1544711492",
"to_ids": true,
"type": "url",
"uuid": "5c126d44-d118-499a-bd9e-4461950d210f",
"value": "http://208.117.44.112/document/Strategic Planning Manager.doc"
},
{
"category": "Network activity",
"comment": "Document URLs",
"deleted": false,
"disable_correlation": false,
"timestamp": "1544711492",
"to_ids": true,
"type": "url",
"uuid": "5c126d44-be2c-4844-8cba-4967950d210f",
"value": "http://208.117.44.112/document/Business Intelligence Administrator.doc"
},
{
"category": "Network activity",
"comment": "Document URLs",
"deleted": false,
"disable_correlation": false,
"timestamp": "1544711492",
"to_ids": true,
"type": "url",
"uuid": "5c126d44-6b94-4c6d-8529-472d950d210f",
"value": "http://www.dropbox.com/s/2shp23ogs113hnd/Customer Service Representative.doc?dl=1"
},
{
"category": "Network activity",
"comment": "Control servers",
"deleted": false,
"disable_correlation": false,
"timestamp": "1544711781",
"to_ids": true,
"type": "url",
"uuid": "5c126e65-7fac-4f8f-9baf-a990950d210f",
"value": "kingkoil.com.sg/query.php"
}
],
"Object": [
{
"comment": "",
"deleted": false,
"description": "File object describing a file with meta-information",
"meta-category": "file",
"name": "file",
"template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215",
"template_version": "15",
"timestamp": "1544710002",
"uuid": "5c126772-3754-43c8-b207-a987950d210f",
"Attribute": [
{
"category": "Payload delivery",
"comment": "",
"deleted": false,
"disable_correlation": false,
"object_relation": "sha1",
"timestamp": "1544710002",
"to_ids": true,
"type": "sha1",
"uuid": "5c126772-9058-4f3a-8268-a987950d210f",
"value": "8106a30bd35526bded384627d8eebce15da35d17"
},
{
"category": "Other",
"comment": "",
"deleted": false,
"disable_correlation": true,
"object_relation": "state",
"timestamp": "1544710003",
"to_ids": false,
"type": "text",
"uuid": "5c126773-aca0-4b60-8f8f-a987950d210f",
"value": "Malicious"
}
]
},
{
"comment": "",
"deleted": false,
"description": "File object describing a file with meta-information",
"meta-category": "file",
"name": "file",
"template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215",
"template_version": "15",
"timestamp": "1544710028",
"uuid": "5c12678c-09d8-44f1-9577-4e00950d210f",
"Attribute": [
{
"category": "Payload delivery",
"comment": "",
"deleted": false,
"disable_correlation": false,
"object_relation": "sha1",
"timestamp": "1544710028",
"to_ids": true,
"type": "sha1",
"uuid": "5c12678c-257c-4995-a582-4b9e950d210f",
"value": "31e79093d452426247a56ca0eff860b0ecc86009"
},
{
"category": "Other",
"comment": "",
"deleted": false,
"disable_correlation": true,
"object_relation": "state",
"timestamp": "1544710029",
"to_ids": false,
"type": "text",
"uuid": "5c12678d-6f1c-4ca5-9b5b-4cc8950d210f",
"value": "Malicious"
}
]
},
{
"comment": "",
"deleted": false,
"description": "File object describing a file with meta-information",
"meta-category": "file",
"name": "file",
"template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215",
"template_version": "15",
"timestamp": "1544710046",
"uuid": "5c12679e-ce18-4784-b08d-4edb950d210f",
"Attribute": [
{
"category": "Payload delivery",
"comment": "",
"deleted": false,
"disable_correlation": false,
"object_relation": "sha1",
"timestamp": "1544710047",
"to_ids": true,
"type": "sha1",
"uuid": "5c12679f-1350-48c4-ab45-4e79950d210f",
"value": "9b0f22e129c73ce4c21be4122182f6dcbc351c95"
},
{
"category": "Other",
"comment": "",
"deleted": false,
"disable_correlation": true,
"object_relation": "state",
"timestamp": "1544710047",
"to_ids": false,
"type": "text",
"uuid": "5c12679f-1958-48de-b38a-4d99950d210f",
"value": "Malicious"
}
]
},
{
"comment": "",
"deleted": false,
"description": "File object describing a file with meta-information",
"meta-category": "file",
"name": "file",
"template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215",
"template_version": "15",
"timestamp": "1544710063",
"uuid": "5c1267af-ceb0-43dc-bc4e-abe5950d210f",
"Attribute": [
{
"category": "Payload delivery",
"comment": "",
"deleted": false,
"disable_correlation": false,
"object_relation": "sha1",
"timestamp": "1544710063",
"to_ids": true,
"type": "sha1",
"uuid": "5c1267af-8690-4015-80da-abe5950d210f",
"value": "668b0df94c6d12ae86711ce24ce79dbe0ee2d463"
},
{
"category": "Other",
"comment": "",
"deleted": false,
"disable_correlation": true,
"object_relation": "state",
"timestamp": "1544710063",
"to_ids": false,
"type": "text",
"uuid": "5c1267af-4510-4064-b08f-abe5950d210f",
"value": "Malicious"
}
]
},
{
"comment": "",
"deleted": false,
"description": "File object describing a file with meta-information",
"meta-category": "file",
"name": "file",
"template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215",
"template_version": "15",
"timestamp": "1544710080",
"uuid": "5c1267c0-6b40-4204-8386-a9b9950d210f",
"Attribute": [
{
"category": "Payload delivery",
"comment": "",
"deleted": false,
"disable_correlation": false,
"object_relation": "sha1",
"timestamp": "1544710080",
"to_ids": true,
"type": "sha1",
"uuid": "5c1267c0-17a4-438b-92cf-a9b9950d210f",
"value": "66776c50bcc79bbcecdbe99960e6ee39c8a31181"
},
{
"category": "Other",
"comment": "",
"deleted": false,
"disable_correlation": true,
"object_relation": "state",
"timestamp": "1544710080",
"to_ids": false,
"type": "text",
"uuid": "5c1267c0-6600-4221-aa0f-a9b9950d210f",
"value": "Malicious"
}
]
},
{
"comment": "",
"deleted": false,
"description": "File object describing a file with meta-information",
"meta-category": "file",
"name": "file",
"template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215",
"template_version": "11",
"timestamp": "1544733562",
"uuid": "01b4e240-92ee-4abd-9dc7-e651a9c56369",
"Attribute": [
{
"category": "Payload delivery",
"comment": "",
"deleted": false,
"disable_correlation": false,
"object_relation": "md5",
"timestamp": "1544733563",
"to_ids": true,
"type": "md5",
"uuid": "ded4acde-c1e3-47ec-b127-854d02cb9731",
"value": "a82cdb9f5bffcb24708e66eb52cce2af"
},
{
"category": "Payload delivery",
"comment": "",
"deleted": false,
"disable_correlation": false,
"object_relation": "sha1",
"timestamp": "1544733563",
"to_ids": true,
"type": "sha1",
"uuid": "b44b8be9-25e7-43ea-97da-fb1dc0b83d71",
"value": "8106a30bd35526bded384627d8eebce15da35d17"
},
{
"category": "Payload delivery",
"comment": "",
"deleted": false,
"disable_correlation": false,
"object_relation": "sha256",
"timestamp": "1544733563",
"to_ids": true,
"type": "sha256",
"uuid": "24dce754-8a69-48b2-8458-4d0b01ba55a8",
"value": "4135f92055dba1fedafe70a8e094623889a2a53f173a8913b016667e5bc7d264"
}
]
},
{
"comment": "",
"deleted": false,
"description": "VirusTotal report",
"meta-category": "misc",
"name": "virustotal-report",
"template_uuid": "d7dd0154-e04f-4c34-a2fb-79f3a3a52aa4",
"template_version": "2",
"timestamp": "1544733564",
"uuid": "4ac47589-4bd9-4247-95ce-5350273ed603",
"Attribute": [
{
"category": "Other",
"comment": "",
"deleted": false,
"disable_correlation": false,
"object_relation": "last-submission",
"timestamp": "1544733564",
"to_ids": false,
"type": "datetime",
"uuid": "da335c3b-b482-436b-8e20-fab2fcc54513",
"value": "2018-12-13T19:12:29"
},
{
"category": "External analysis",
"comment": "",
"deleted": false,
"disable_correlation": false,
"object_relation": "permalink",
"timestamp": "1544733564",
"to_ids": false,
"type": "link",
"uuid": "2fe77aa9-c3f3-4300-8991-2b6e9f92ec77",
"value": "https://www.virustotal.com/file/4135f92055dba1fedafe70a8e094623889a2a53f173a8913b016667e5bc7d264/analysis/1544728349/"
},
{
"category": "Other",
"comment": "",
"deleted": false,
"disable_correlation": true,
"object_relation": "detection-ratio",
"timestamp": "1544733565",
"to_ids": false,
"type": "text",
"uuid": "2097472e-75fe-4683-a088-82f9bb0977fa",
"value": "35/60"
}
]
},
{
"comment": "",
"deleted": false,
"description": "File object describing a file with meta-information",
"meta-category": "file",
"name": "file",
"template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215",
"template_version": "11",
"timestamp": "1544733565",
"uuid": "ed7d8444-7cfb-4c9a-a436-041beb725059",
"Attribute": [
{
"category": "Payload delivery",
"comment": "",
"deleted": false,
"disable_correlation": false,
"object_relation": "md5",
"timestamp": "1544733565",
"to_ids": true,
"type": "md5",
"uuid": "4982c337-0a69-46e0-942e-4ca813885b00",
"value": "2e17b048c7e317da9024a86d9439c74b"
},
{
"category": "Payload delivery",
"comment": "",
"deleted": false,
"disable_correlation": false,
"object_relation": "sha1",
"timestamp": "1544733566",
"to_ids": true,
"type": "sha1",
"uuid": "d98f401b-8648-43bf-9951-baf27fc43358",
"value": "31e79093d452426247a56ca0eff860b0ecc86009"
},
{
"category": "Payload delivery",
"comment": "",
"deleted": false,
"disable_correlation": false,
"object_relation": "sha256",
"timestamp": "1544733566",
"to_ids": true,
"type": "sha256",
"uuid": "aea27a9c-f75f-44a7-a4b0-471bea1920ce",
"value": "37b04dcdcfdcaa885df0f392524db7ae7b73806ad8a8e76fbc6a2df4db064e71"
}
]
},
{
"comment": "",
"deleted": false,
"description": "VirusTotal report",
"meta-category": "misc",
"name": "virustotal-report",
"template_uuid": "d7dd0154-e04f-4c34-a2fb-79f3a3a52aa4",
"template_version": "2",
"timestamp": "1544733566",
"uuid": "53d6207d-b0b8-48d1-90c5-f9134729de63",
"Attribute": [
{
"category": "Other",
"comment": "",
"deleted": false,
"disable_correlation": false,
"object_relation": "last-submission",
"timestamp": "1544733567",
"to_ids": false,
"type": "datetime",
"uuid": "7550d696-ca00-4938-8624-eabfa3d242d9",
"value": "2018-12-13T19:12:25"
},
{
"category": "External analysis",
"comment": "",
"deleted": false,
"disable_correlation": false,
"object_relation": "permalink",
"timestamp": "1544733567",
"to_ids": false,
"type": "link",
"uuid": "b7eb41fe-1ac2-45e7-b51c-7a35ea75b6c7",
"value": "https://www.virustotal.com/file/37b04dcdcfdcaa885df0f392524db7ae7b73806ad8a8e76fbc6a2df4db064e71/analysis/1544728345/"
},
{
"category": "Other",
"comment": "",
"deleted": false,
"disable_correlation": true,
"object_relation": "detection-ratio",
"timestamp": "1544733567",
"to_ids": false,
"type": "text",
"uuid": "ba73dcb4-0807-423f-956b-4337f0ae984d",
"value": "37/70"
}
]
},
{
"comment": "",
"deleted": false,
"description": "File object describing a file with meta-information",
"meta-category": "file",
"name": "file",
"template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215",
"template_version": "11",
"timestamp": "1544733568",
"uuid": "cb7c776c-3e25-4929-b398-0ce77563fa7f",
"Attribute": [
{
"category": "Payload delivery",
"comment": "",
"deleted": false,
"disable_correlation": false,
"object_relation": "md5",
"timestamp": "1544733568",
"to_ids": true,
"type": "md5",
"uuid": "57afdfa6-c0d8-42f8-a126-de844ecf402a",
"value": "20594c33c2d59544a3e8ef5b7a547e71"
},
{
"category": "Payload delivery",
"comment": "",
"deleted": false,
"disable_correlation": false,
"object_relation": "sha1",
"timestamp": "1544733568",
"to_ids": true,
"type": "sha1",
"uuid": "86bf7e16-ef34-4f28-8f51-d170c865f8df",
"value": "66776c50bcc79bbcecdbe99960e6ee39c8a31181"
},
{
"category": "Payload delivery",
"comment": "",
"deleted": false,
"disable_correlation": false,
"object_relation": "sha256",
"timestamp": "1544733569",
"to_ids": true,
"type": "sha256",
"uuid": "e8e60ee2-c4c5-4be9-9afc-8a3787214d66",
"value": "876886c8963e4f46e52de9a243f2225a632a06817811e325a8cd63c2defbea03"
}
]
},
{
"comment": "",
"deleted": false,
"description": "VirusTotal report",
"meta-category": "misc",
"name": "virustotal-report",
"template_uuid": "d7dd0154-e04f-4c34-a2fb-79f3a3a52aa4",
"template_version": "2",
"timestamp": "1544733569",
"uuid": "32186bb1-e22d-4822-a776-a0950c0f79f8",
"Attribute": [
{
"category": "Other",
"comment": "",
"deleted": false,
"disable_correlation": false,
"object_relation": "last-submission",
"timestamp": "1544733569",
"to_ids": false,
"type": "datetime",
"uuid": "e2c39223-070f-4a0c-9625-3693f08c6832",
"value": "2018-12-13T19:13:07"
},
{
"category": "External analysis",
"comment": "",
"deleted": false,
"disable_correlation": false,
"object_relation": "permalink",
"timestamp": "1544733570",
"to_ids": false,
"type": "link",
"uuid": "d5033847-94c7-424b-952e-3c257464bb87",
"value": "https://www.virustotal.com/file/876886c8963e4f46e52de9a243f2225a632a06817811e325a8cd63c2defbea03/analysis/1544728387/"
},
{
"category": "Other",
"comment": "",
"deleted": false,
"disable_correlation": true,
"object_relation": "detection-ratio",
"timestamp": "1544733570",
"to_ids": false,
"type": "text",
"uuid": "7fc077d6-0d98-4c82-b55c-3c3dc3404f86",
"value": "36/60"
}
]
},
{
"comment": "",
"deleted": false,
"description": "File object describing a file with meta-information",
"meta-category": "file",
"name": "file",
"template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215",
"template_version": "11",
"timestamp": "1544733570",
"uuid": "c9ea439c-5d53-4ec3-92bf-c8117af4c85c",
"Attribute": [
{
"category": "Payload delivery",
"comment": "",
"deleted": false,
"disable_correlation": false,
"object_relation": "md5",
"timestamp": "1544733570",
"to_ids": true,
"type": "md5",
"uuid": "ff4a7cf8-08de-4f6c-b0cc-d0334418d1b0",
"value": "f3bd9e1c01f2145eb475a98c87f94a25"
},
{
"category": "Payload delivery",
"comment": "",
"deleted": false,
"disable_correlation": false,
"object_relation": "sha1",
"timestamp": "1544733571",
"to_ids": true,
"type": "sha1",
"uuid": "37d15a3b-6c02-409f-b19e-4d6f0b432c64",
"value": "9b0f22e129c73ce4c21be4122182f6dcbc351c95"
},
{
"category": "Payload delivery",
"comment": "",
"deleted": false,
"disable_correlation": false,
"object_relation": "sha256",
"timestamp": "1544733571",
"to_ids": true,
"type": "sha256",
"uuid": "078e505c-87ed-4ff0-a1c3-eb48ecb3449c",
"value": "88a5287b6e9879e79240660408e2e868d9d332e3c37c753a05a40b87f1549646"
}
]
},
{
"comment": "",
"deleted": false,
"description": "VirusTotal report",
"meta-category": "misc",
"name": "virustotal-report",
"template_uuid": "d7dd0154-e04f-4c34-a2fb-79f3a3a52aa4",
"template_version": "2",
"timestamp": "1544733572",
"uuid": "bd24b025-5401-4279-8325-8152c67f94f8",
"Attribute": [
{
"category": "Other",
"comment": "",
"deleted": false,
"disable_correlation": false,
"object_relation": "last-submission",
"timestamp": "1544733572",
"to_ids": false,
"type": "datetime",
"uuid": "8b7b7fd9-ffa8-429e-87a1-707f07448a86",
"value": "2018-12-13T19:13:09"
},
{
"category": "External analysis",
"comment": "",
"deleted": false,
"disable_correlation": false,
"object_relation": "permalink",
"timestamp": "1544733572",
"to_ids": false,
"type": "link",
"uuid": "4963e282-7e10-406d-acf6-65c59626cf2f",
"value": "https://www.virustotal.com/file/88a5287b6e9879e79240660408e2e868d9d332e3c37c753a05a40b87f1549646/analysis/1544728389/"
},
{
"category": "Other",
"comment": "",
"deleted": false,
"disable_correlation": true,
"object_relation": "detection-ratio",
"timestamp": "1544733573",
"to_ids": false,
"type": "text",
"uuid": "80862ebc-3c21-45a0-b8b9-47f8df1ba5f3",
"value": "37/68"
}
]
},
{
"comment": "",
"deleted": false,
"description": "File object describing a file with meta-information",
"meta-category": "file",
"name": "file",
"template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215",
"template_version": "11",
"timestamp": "1544733573",
"uuid": "a52369be-f657-4192-a4dc-bed0d0e14079",
"Attribute": [
{
"category": "Payload delivery",
"comment": "",
"deleted": false,
"disable_correlation": false,
"object_relation": "md5",
"timestamp": "1544733573",
"to_ids": true,
"type": "md5",
"uuid": "18ae9ce7-4670-4f32-bdbd-214b95d2ed45",
"value": "fa27a81d0109653e67019f387bad2494"
},
{
"category": "Payload delivery",
"comment": "",
"deleted": false,
"disable_correlation": false,
"object_relation": "sha1",
"timestamp": "1544733573",
"to_ids": true,
"type": "sha1",
"uuid": "9f226fed-8fb5-4ea7-97a9-40eb7a7dd842",
"value": "668b0df94c6d12ae86711ce24ce79dbe0ee2d463"
},
{
"category": "Payload delivery",
"comment": "",
"deleted": false,
"disable_correlation": false,
"object_relation": "sha256",
"timestamp": "1544733574",
"to_ids": true,
"type": "sha256",
"uuid": "49c7a8f0-a48a-497a-94ee-6f1292a128c4",
"value": "f5d561e80808f32402321ba76cae6b93f8141d152796efacfdae08e94b5b1b11"
}
]
},
{
"comment": "",
"deleted": false,
"description": "VirusTotal report",
"meta-category": "misc",
"name": "virustotal-report",
"template_uuid": "d7dd0154-e04f-4c34-a2fb-79f3a3a52aa4",
"template_version": "2",
"timestamp": "1544733574",
"uuid": "953c11fd-3bc6-44ae-98de-8d091f84f732",
"Attribute": [
{
"category": "Other",
"comment": "",
"deleted": false,
"disable_correlation": false,
"object_relation": "last-submission",
"timestamp": "1544733574",
"to_ids": false,
"type": "datetime",
"uuid": "69bd825c-7d76-474a-92f7-976cfbf8fddf",
"value": "2018-12-13T19:14:06"
},
{
"category": "External analysis",
"comment": "",
"deleted": false,
"disable_correlation": false,
"object_relation": "permalink",
"timestamp": "1544733575",
"to_ids": false,
"type": "link",
"uuid": "3ff05754-f3f2-40f0-b8a7-fc7756abc603",
"value": "https://www.virustotal.com/file/f5d561e80808f32402321ba76cae6b93f8141d152796efacfdae08e94b5b1b11/analysis/1544728446/"
},
{
"category": "Other",
"comment": "",
"deleted": false,
"disable_correlation": true,
"object_relation": "detection-ratio",
"timestamp": "1544733575",
"to_ids": false,
"type": "text",
"uuid": "bd15cc1f-3d97-42cc-a6e2-06b725553164",
"value": "36/59"
}
]
}
]
}
}
Reference in a new issue Copy permalink