misp-circl-feed/feeds/circl/misp/5c5d6a71-da60-46ba-bc18-42d4950d210f.json

755 lines
114 KiB
JSON
Raw Normal View History

2023-04-21 13:25:09 +00:00
{
"Event": {
"analysis": "0",
"date": "2019-02-08",
"extends_uuid": "",
"info": "OSINT - DanaBot updated with new C&C communication",
"publish_timestamp": "1549626595",
"published": true,
"threat_level_id": "3",
"timestamp": "1549626558",
"uuid": "5c5d6a71-da60-46ba-bc18-42d4950d210f",
"Orgc": {
"name": "CIRCL",
"uuid": "55f6ea5e-2c60-40e5-964f-47a8950d210f"
},
"Tag": [
{
"colour": "#0088cc",
"name": "misp-galaxy:banker=\"DanaBot\""
},
{
"colour": "#0088cc",
"name": "misp-galaxy:malpedia=\"DanaBot\""
},
{
"colour": "#004646",
"name": "type:OSINT"
},
{
"colour": "#0071c3",
"name": "osint:lifetime=\"perpetual\""
},
{
"colour": "#0087e8",
"name": "osint:certainty=\"50\""
},
{
"colour": "#ffffff",
"name": "tlp:white"
}
],
"Attribute": [
{
"category": "Network activity",
"comment": "C&C servers used by the new version of DanaBot",
"deleted": false,
"disable_correlation": false,
"timestamp": "1549626117",
"to_ids": true,
"type": "ip-dst",
"uuid": "5c5d6b05-4c10-4a17-8463-4198950d210f",
"value": "84.54.37.102"
},
{
"category": "Network activity",
"comment": "C&C servers used by the new version of DanaBot",
"deleted": false,
"disable_correlation": false,
"timestamp": "1549626117",
"to_ids": true,
"type": "ip-dst",
"uuid": "5c5d6b05-1788-4af2-b0d1-4dd4950d210f",
"value": "89.144.25.243"
},
{
"category": "Network activity",
"comment": "C&C servers used by the new version of DanaBot",
"deleted": false,
"disable_correlation": false,
"timestamp": "1549626117",
"to_ids": true,
"type": "ip-dst",
"uuid": "5c5d6b05-5b50-4f2e-be1c-40d4950d210f",
"value": "89.144.25.104"
},
{
"category": "Network activity",
"comment": "C&C servers used by the new version of DanaBot",
"deleted": false,
"disable_correlation": false,
"timestamp": "1549626117",
"to_ids": true,
"type": "ip-dst",
"uuid": "5c5d6b05-418c-4d37-85a4-49cb950d210f",
"value": "178.209.51.211"
},
{
"category": "Network activity",
"comment": "C&C servers used by the new version of DanaBot",
"deleted": false,
"disable_correlation": false,
"timestamp": "1549626117",
"to_ids": true,
"type": "ip-dst",
"uuid": "5c5d6b05-66c4-4ec8-b52d-43b1950d210f",
"value": "185.92.222.238"
},
{
"category": "Network activity",
"comment": "C&C servers used by the new version of DanaBot",
"deleted": false,
"disable_correlation": false,
"timestamp": "1549626117",
"to_ids": true,
"type": "ip-dst",
"uuid": "5c5d6b05-0de8-48de-961e-4589950d210f",
"value": "192.71.249.51"
},
{
"category": "Network activity",
"comment": "Webinject and redirect servers",
"deleted": false,
"disable_correlation": false,
"timestamp": "1549626145",
"to_ids": true,
"type": "ip-dst",
"uuid": "5c5d6b21-de34-4dde-9244-4e7f950d210f",
"value": "47.74.249.106"
},
{
"category": "Network activity",
"comment": "Webinject and redirect servers",
"deleted": false,
"disable_correlation": false,
"timestamp": "1549626145",
"to_ids": true,
"type": "ip-dst",
"uuid": "5c5d6b21-4928-4656-b206-4d03950d210f",
"value": "95.179.227.160"
},
{
"category": "Network activity",
"comment": "Webinject and redirect servers",
"deleted": false,
"disable_correlation": false,
"timestamp": "1549626145",
"to_ids": true,
"type": "ip-dst",
"uuid": "5c5d6b21-2890-4a6c-8d62-4c45950d210f",
"value": "185.158.249.144"
},
{
"category": "Payload delivery",
"comment": "Win32/TrojanDropper.Danabot.O",
"deleted": false,
"disable_correlation": false,
"timestamp": "1549626231",
"to_ids": true,
"type": "sha1",
"uuid": "5c5d6b77-3c20-4699-8d35-4190950d210f",
"value": "98c70361ea611ba33ee3a79816a88b2500ed7844"
},
{
"category": "Payload delivery",
"comment": "Win32/Spy.Danabot.L",
"deleted": false,
"disable_correlation": false,
"timestamp": "1549626231",
"to_ids": true,
"type": "sha1",
"uuid": "5c5d6b77-a534-47c3-8984-4b58950d210f",
"value": "0df17562844b7a0a0170c9830921c3442d59c73c"
},
{
"category": "Payload delivery",
"comment": "Win64/Spy.Danabot.G",
"deleted": false,
"disable_correlation": false,
"timestamp": "1549626231",
"to_ids": true,
"type": "sha1",
"uuid": "5c5d6b77-15e8-4e3e-b76e-4c49950d210f",
"value": "b816e90e9b71c85539ea3bb897e4f234a0422f85"
},
{
"category": "Payload delivery",
"comment": "Win32/Spy.Danabot.I",
"deleted": false,
"disable_correlation": false,
"timestamp": "1549626231",
"to_ids": true,
"type": "sha1",
"uuid": "5c5d6b77-a27c-4527-a7b0-4a24950d210f",
"value": "5f085b19657d2511a89f3172b7887ce29fc70792"
},
{
"category": "Payload delivery",
"comment": "Win64/Spy.Danabot.F",
"deleted": false,
"disable_correlation": false,
"timestamp": "1549626231",
"to_ids": true,
"type": "sha1",
"uuid": "5c5d6b77-d664-44e7-9e7a-43a3950d210f",
"value": "4075375a08273e65c223116ecd2cef903ba97b1e"
},
{
"category": "Payload delivery",
"comment": "Win32/Spy.Danabot.K",
"deleted": false,
"disable_correlation": false,
"timestamp": "1549626231",
"to_ids": true,
"type": "sha1",
"uuid": "5c5d6b77-78d8-4a6c-a2aa-4672950d210f",
"value": "28139782562b0e4cab7f7885eca75dfca5e1d570"
},
{
"category": "Payload delivery",
"comment": "Win64/Spy.Danabot.C",
"deleted": false,
"disable_correlation": false,
"timestamp": "1549626231",
"to_ids": true,
"type": "sha1",
"uuid": "5c5d6b77-d060-4077-9ee8-4ae1950d210f",
"value": "b1ff7285b49f36fe8d65e7b896fccdb1618eaa4b"
},
{
"category": "Payload delivery",
"comment": "Win32/Spy.Danabot.H",
"deleted": false,
"disable_correlation": false,
"timestamp": "1549626309",
"to_ids": true,
"type": "sha1",
"uuid": "5c5d6bc5-5ce4-41ce-84d8-438a950d210f",
"value": "890b5473b419057f89802e0b6da011b315f3ef94"
},
{
"category": "Payload delivery",
"comment": "Win32/Spy.Danabot.C",
"deleted": false,
"disable_correlation": false,
"timestamp": "1549626309",
"to_ids": true,
"type": "sha1",
"uuid": "5c5d6bc5-44e4-455f-a85b-4619950d210f",
"value": "e50a03d12ddac6ea626718286650b9bb858b2e69"
},
{
"category": "Payload delivery",
"comment": "Win64/Spy.Danabot.E",
"deleted": false,
"disable_correlation": false,
"timestamp": "1549626309",
"to_ids": true,
"type": "sha1",
"uuid": "5c5d6bc5-7b48-4c19-92c8-4ff6950d210f",
"value": "9b0ec454401023df6d3d4903735301ba669aadd1"
},
{
"category": "Payload delivery",
"comment": "Win32/Spy.Danabot.B",
"deleted": false,
"disable_correlation": false,
"timestamp": "1549626309",
"to_ids": true,
"type": "sha1",
"uuid": "5c5d6bc6-1144-4b60-a261-4cec950d210f",
"value": "dbfd8553c66275694fc4b32f9df16adea74145e6"
},
{
"category": "Payload delivery",
"comment": "Win32/Spy.Danabot.D",
"deleted": false,
"disable_correlation": false,
"timestamp": "1549626310",
"to_ids": true,
"type": "sha1",
"uuid": "5c5d6bc6-9d20-4dda-b223-4dc3950d210f",
"value": "e0880dcfcb1724790dfeb7dfe01a5d54b33d80b6"
},
{
"category": "Payload delivery",
"comment": "Win32/Spy.Danabot.G",
"deleted": false,
"disable_correlation": false,
"timestamp": "1549626310",
"to_ids": true,
"type": "sha1",
"uuid": "5c5d6bc6-a804-4ef2-8ead-494d950d210f",
"value": "73a5b0bee8c9fb4703a206608ed277a06aa1e384"
},
{
"category": "External analysis",
"comment": "",
"data": "iVBORw0KGgoAAAANSUhEUgAABdwAAAKbCAIAAABgrd9pAAAAAXNSR0IArs4c6QAAAARnQU1BAACxjwv8YQUAAAAJcEhZcwAADsMAAA7DAcdvqGQAAP+lSURBVHhe7P0JnBTVvTf+T+/bzLAMmwHCIuICcUh+ETXGLWj8yaNkMWi8iZAouZE8LvmJ2TRiXG9MxCcuT0xy1QS8eQwSTaK+8DGKawyK/iNjcEMQuGAEhoFhZnrf/p/qc6Yourp7urtOr3zeqWCdmurau6rOt89iS6fTLUREREREREREVF12+V8iIiIiIiIiIqoiBmWIiIiIiIiIiGqAQRkiIiIiIiIiohpgUIaIiIiIiIiIqAYYlCEiIiIiIiIiqgEGZYiIiIiIiIiIaoBBGSIiIiIiIiKiGmBQhoiIiIiIiIioBhiUISIiIiIiIiKqAQZliIiIiIiIiIhqgEEZIiIiIiIiIqIaYFCGiIiIiIiIiKgGGJQhIiIiIiIiIqoBBmWIiIiIiIiIiGqAQRkiIiIiIiIiohpgUIaIiIiIiIiIqAYYlCEiIiIiIiIiqgEGZYiIiIiIiIiIaoBBGSIiIiIiIiKiGmBQhoiIiIiIiIioBhiUISIiIiIiIiKqAVs6nZajZE3XP99ev+EtmcgYN2b0WXNOkwlqOssfWiXHBuF046TLBBEREREREVFBDMoogyz6iof+KBMZnZ845o5brpcJajpz5l0gxwbhdOOkywQRERERERFRQay+RERERERERERUA4pLyjy15vmdu7tlIo9pUyaPHTN62tTJMt0sWFLmUMOSMkRERERERGSF4qDMVdfe0PXPt2WioHFjRn9+zqnnzZvbGgjISQ2OQZlDDYMyREREREREZEXNqi/t3N294qE/fm3R5S+/8pqcRERERERERER0yKhZSRmj71+5mL0UEREREREREdEhpS4a+v3ZnfeWEcohIiIiIiIiImpcFS8p0/mJYzpnHmhlY/OWbTnrK7H5FSIiIiIiIiI6pFQ8KLPgwq8svHC+TGRs+mDrz++6F//K9KBf/+I20SXTzt3dT615XkzUiYUMBIMvv/Lay6++jhEkp02Z/J1FCzN/P0DM07XhnZ27dweDIayoNRA4fOokzNw585iTTjhOzpeBmR95bLVMDJo1c0a+5lpzbptorhg7vn7DW3JSxrgxowtUyxKL6trw9uYPtondARyBw7XtPDrfBwscnCzmnrDy7RcO0V+ffWHTlq3Gc4c5sVM4YhiG7CoLBxwfl4lBObdKMG8bzk7WqYHMeXxbLFlsG7Zq3JgxOD6YOWcT0QXOAtaYuXhkTPCsz52adZDFpbV5y1b94hRXjlhj5ydmYFFiurD8oVVybBAWmDWPUeZ0v2NePo5wgQ8W2CNcNk+teQF7JC4hTB87dvRJxx931pxTcx4cIiIiIiIiqis1CMoA5sGcMjFInzPnX9c8thJZ2etvvd2Ymc8qX4N86YqH/mgOshhNmzr5e1csNkYZvrbosqwAATL8N15ztUwc7Jf3Lc9aPnLCv7/vHowU3/sStvOX960wx1aMkKnGATlv3lyZHpTv4MgxgyIDZL+8f3nWbGY5T6IR9uVnd94rE4P0KFsW7P4XLrxYJgZltSuEg4yDiTll2gTHBx8xx3HynQVsIY65cYHGnXr5lddwZrMuA7OszpWK732pmOXjg9+/8jvm0EzOPcL1WeBSx8FZdsvSIUNpREREREREVFu1aVMGuUpz5nPzlm1yLBdkqr/93R9kZWuNxQGQ315y7Y2FIzKw6YOtmE0vqgA5C2jIMZOn1rwgxwZ92RQ3KQyr/tqiywtHZCATuFlujnQoJA7FkBEZmDVzhhzLw3wMQS+TksV8DHEejREZ7DX2vUBEBvDXpbfePuRhFLBADFkL1C8eLASLGjIiAzkDLkPCqotZPk7Et6/8gfHKzGfXrm5cQgUudfFdKHwAiYiIiIiIqOZq1tDv2LHZQZnCechf3rdCjhkcPmWSHGtpyQq1FIAVXX/r7TKRJ6qSMy6DieaNPGvOqXKsCCIOUnxu+ak1z5vryCghDkKRWzJkMCIrqiL8/dXX5djB/vpsdlDGeAx/ed/yIkMt8LM77x0y2LH5g205FzhtilaQBGcECxFTCis7IlP87uB0FHN5YJeHnAczmINfREREREREVFfqovelYuTMhYp8NSDfa47IIBf9/SsX33HL9eZ4AbK1ekGDcWNGmyt6vJwroGCemK9lk3x+fld2eY0hrXjoj8UU4ijVy6+8VuRiiwxGnHT8p+XYIJwR8yowxXymPv85GZQxnhcdTtB3Fi3EeVxw4VfMR/uX9y2XY3nkO+CHT9Uieo8+/qRIDsnYXnWRcJCLj8gI2Nqc8ccydG0YugwUERERERER1VDNgjKbP8iurKRHWAqYNnUycub6MHawDlRWoxtw1pzTRDhGhGYws/zDIGN5DT0ooMtXUkaODTrL9MECckaOTjrhuN/fd8+ax1ZiwIg5fgTmvbPOHGDCsdW3RAw4gN9ZtLDIfcwZnzIfMfMUrFcPipn3FH/69Z23nTdvLs7jwgvnm9v6wQKLjHNhC/UrR7TNjIk5zumc0/7y0AP6QcC4iAcNWYfLzBwwwkpxNeoLx+6YDxquk2LiZWJ3sG3iNJmXs6sCsTwiIiIiIiJSqDZBmUceW23OSBcuiSCCF7/+xW3ImeuDyMznLJHxnUUL5FgGZpZjg/ApfRvMVZDwp6zGVsyZ/3FjRmOrZKII5kIZ+Diy5XrzOhjJ2XitOXBgnfn4jx0zWt8SofMTx5w3b27OOFFO5sNoblbGXHfpy+eeLcdy7emCrx5UOgabZC65U0xDxX956AEcav3K0TvtMh+Hw6dMMq4R4yIeZF5vYdgX82W57JalxuOJc40pMmFQ+Izjstd3RxwQnCbso/zzIHMEkIiIiIiIiOpKDYIyjzy2OmcJgsIBDmPwIou5mgayqeaCA+ZMtV5aJ+faswIKOesuybEiIPNvziQv+Gp2RhpydvKtPIM9bswYOTbo5Vdeu+raG55a87w5TlEkc4Gjrn++bVxazrpL+mE0hsl05oNsDt6Ze+M2wnlfeOF88/UgmC8qXJw/u/Ne64Ew82WJfdHLBOkwxRz2KlzzKBDwm3enmIJmREREREREVFcqHpRB9nL5Q6vEsPTW27+26LKcjYB8/8rFcqx05pz8rl3d+kr1ARPlnwcZM/PmJlGysuXmXHpJ/S6Zq2shX23OosO4MaPNWW7lVVE6Zx4txwy6/vn2z+689wsXXlxeVAK7Y45xGJdjXuZZc07TdzYYDIkRo6yTiMEcsCjcb1dhnZ/IUSnpqUx/TDgOuFbLDoeZQ0X5yoIZ26sWWPOIiIiIiIjoUFD5oMw/317x0B/FgDx5zsYykDMvqdRJFnMuHWvRV6oP5lUboznYgKxQiLFYh7n8SGeuXr0LWL/hLTk2SDQ0m5P5T4ULg5QBx7zA9ouoxNcWXVZqaObzOWowHShh9KipEV9jgzXmQwRZJxGDubKSOSpXPHOtHx0W+8hjq7/93R9cde0NZYRmzNuZrzCLeXrZkSAiIiIiIiJqIDVr6Fd33ry5VorJqNKaqwaTHu4x110qqYnf+nRDrlZmjXbu7l566+1F9hgt5KiJMxib2GRq+mfcmNHmOmVVhm0Y8vLDLnz7uz94qsR+lIiIiIiIiIgKq2VQZtrUyaLjGJmuNXMNJtEq7UAwmFVgpDUQMEcfGg6O/6/vvG3IsMhTa57PWeMsp3Gm/sX1o5ejid9S6n9VDk4lrsMhyz0paWiGiIiIiIiISFeDoAwy7efNm/vrX9yGQUlBCXNxDyx2gaHn7HxDVifHJ51wXFbOfFOm6VlzPZQyKluZN9Lcxo3O3LpKhZpxxf7eccv1OBGFazPl7C0rH2NvSoIocGSuZZZ1GM2HCJuUdcpyDtZLLeGC+f1999x4zdXmWmxGK/5QQt/k5uXs3L1bjh3MfGyzAltERERERETUlCoelBHFEMSAfO+ax1b++he3fWfRQoXZTnM7qdOmTBY9HxcezCGhHDWY/vm2ue6SOe4wJHNUZefu7pyRDkw0NykytpT2a0qFc/
"deleted": false,
"disable_correlation": false,
"timestamp": "1549626445",
"to_ids": false,
"type": "attachment",
"uuid": "5c5d6c4d-fddc-4889-9442-4da9950d210f",
"value": "Figure5a.png"
},
{
"category": "External analysis",
"comment": "",
"deleted": false,
"disable_correlation": false,
"timestamp": "1549626519",
"to_ids": false,
"type": "link",
"uuid": "5c5d6c97-41a8-4b1b-a0ad-4482950d210f",
"value": "https://www.welivesecurity.com/2019/02/07/danabot-updated-new-cc-communication/"
},
{
"category": "External analysis",
"comment": "",
"deleted": false,
"disable_correlation": false,
"timestamp": "1549626544",
"to_ids": false,
"type": "text",
"uuid": "5c5d6cb0-c3f4-4a8f-a32d-4139950d210f",
"value": "The fast-evolving, modular Trojan DanaBot has undergone further changes, with the latest version featuring an entirely new communication protocol. The protocol, introduced to DanaBot at the end of January 2019, adds several layers of encryption to DanaBot\u00e2\u20ac\u2122s C&C communication.\r\n\r\nBesides the changes in communication, DanaBot\u00e2\u20ac\u2122s architecture and campaign IDs have also been modified.\r\nThe evolution of DanaBot\r\n\r\nAfter being discovered in May 2018 as part of Australia-targeted spam campaigns, DanaBot has had an eventful time since, appearing in malspam campaigns in Poland, Italy, Germany, Austria and Ukraine, as well as in the United States. The European campaigns have seen the Trojan expanding its capabilities with new plugins and spam-sending features.\r\n\r\nIn ESET telemetry on January 25, 2019, we noticed unusual DanaBot-related executables. Upon further inspection, these binaries were, indeed, revealed to be DanaBot variants, but using a different communication protocol to communicate with the C&C server. Starting January 26, 2019, DanaBot operators stopped building binaries with the old protocol."
}
],
"Object": [
{
"comment": "",
"deleted": false,
"description": "File object describing a file with meta-information",
"meta-category": "file",
"name": "file",
"template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215",
"template_version": "11",
"timestamp": "1549626488",
"uuid": "809364d9-f8ed-485e-92db-60638ead238f",
"ObjectReference": [
{
"comment": "",
"object_uuid": "809364d9-f8ed-485e-92db-60638ead238f",
"referenced_uuid": "1e3059fc-984b-493e-bc29-fc20bd3b0995",
"relationship_type": "analysed-with",
"timestamp": "1549626489",
"uuid": "5c5d6c79-893c-4d78-a0e3-49ec02de0b81"
}
],
"Attribute": [
{
"category": "Payload delivery",
"comment": "",
"deleted": false,
"disable_correlation": false,
"object_relation": "md5",
"timestamp": "1549626489",
"to_ids": true,
"type": "md5",
"uuid": "f614a1d9-3a1f-403d-9272-c92647d8a134",
"value": "42ed833c083f6f3815b2e38c30751220"
},
{
"category": "Payload delivery",
"comment": "",
"deleted": false,
"disable_correlation": false,
"object_relation": "sha1",
"timestamp": "1549626489",
"to_ids": true,
"type": "sha1",
"uuid": "f6f8874b-e754-4ca8-8160-fcaefc9a9e13",
"value": "5f085b19657d2511a89f3172b7887ce29fc70792"
},
{
"category": "Payload delivery",
"comment": "",
"deleted": false,
"disable_correlation": false,
"object_relation": "sha256",
"timestamp": "1549626489",
"to_ids": true,
"type": "sha256",
"uuid": "95af90a1-64e5-480a-81d1-12f88ba356a8",
"value": "2b7483856431572f7db06cc34d1deee58fa79b5ca93920107df3822f794d572a"
}
]
},
{
"comment": "",
"deleted": false,
"description": "VirusTotal report",
"meta-category": "misc",
"name": "virustotal-report",
"template_uuid": "d7dd0154-e04f-4c34-a2fb-79f3a3a52aa4",
"template_version": "2",
"timestamp": "1549626489",
"uuid": "1e3059fc-984b-493e-bc29-fc20bd3b0995",
"Attribute": [
{
"category": "Other",
"comment": "",
"deleted": false,
"disable_correlation": false,
"object_relation": "last-submission",
"timestamp": "1549626489",
"to_ids": false,
"type": "datetime",
"uuid": "00879520-be39-4ca6-b9f7-6f01319e2bfc",
"value": "2019-02-08T11:09:24"
},
{
"category": "External analysis",
"comment": "",
"deleted": false,
"disable_correlation": false,
"object_relation": "permalink",
"timestamp": "1549626489",
"to_ids": false,
"type": "link",
"uuid": "d447f1ca-ea38-4c9e-ba11-4eb7d36d7e7e",
"value": "https://www.virustotal.com/file/2b7483856431572f7db06cc34d1deee58fa79b5ca93920107df3822f794d572a/analysis/1549624164/"
},
{
"category": "Other",
"comment": "",
"deleted": false,
"disable_correlation": true,
"object_relation": "detection-ratio",
"timestamp": "1549626489",
"to_ids": false,
"type": "text",
"uuid": "d60b9ed1-315c-484f-9336-4952fae37989",
"value": "33/69"
}
]
},
{
"comment": "",
"deleted": false,
"description": "File object describing a file with meta-information",
"meta-category": "file",
"name": "file",
"template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215",
"template_version": "11",
"timestamp": "1549626489",
"uuid": "a8e983ae-06de-41b1-a289-064ea6badeeb",
"ObjectReference": [
{
"comment": "",
"object_uuid": "a8e983ae-06de-41b1-a289-064ea6badeeb",
"referenced_uuid": "b74bed56-8cd2-45ce-8d22-8172c7243e6f",
"relationship_type": "analysed-with",
"timestamp": "1549626490",
"uuid": "5c5d6c7a-c60c-4181-b656-44cc02de0b81"
}
],
"Attribute": [
{
"category": "Payload delivery",
"comment": "",
"deleted": false,
"disable_correlation": false,
"object_relation": "md5",
"timestamp": "1549626489",
"to_ids": true,
"type": "md5",
"uuid": "2a703556-9aa7-423d-816c-8a7d6006c540",
"value": "8c310a91aba32fd60df859896d5a2f2d"
},
{
"category": "Payload delivery",
"comment": "",
"deleted": false,
"disable_correlation": false,
"object_relation": "sha1",
"timestamp": "1549626489",
"to_ids": true,
"type": "sha1",
"uuid": "db5a9bd7-7cd3-4a40-baa9-3fc7c31d70f6",
"value": "0df17562844b7a0a0170c9830921c3442d59c73c"
},
{
"category": "Payload delivery",
"comment": "",
"deleted": false,
"disable_correlation": false,
"object_relation": "sha256",
"timestamp": "1549626489",
"to_ids": true,
"type": "sha256",
"uuid": "14264f90-f437-469c-8281-081ac5b34a0d",
"value": "31fafbc37dd3bc55e4dae9c3ffee48dfb132827a3adf836b33c205c6164fbecf"
}
]
},
{
"comment": "",
"deleted": false,
"description": "VirusTotal report",
"meta-category": "misc",
"name": "virustotal-report",
"template_uuid": "d7dd0154-e04f-4c34-a2fb-79f3a3a52aa4",
"template_version": "2",
"timestamp": "1549626489",
"uuid": "b74bed56-8cd2-45ce-8d22-8172c7243e6f",
"Attribute": [
{
"category": "Other",
"comment": "",
"deleted": false,
"disable_correlation": false,
"object_relation": "last-submission",
"timestamp": "1549626489",
"to_ids": false,
"type": "datetime",
"uuid": "b629437e-6ddd-481e-8507-49843cd47a2b",
"value": "2019-02-08T11:09:24"
},
{
"category": "External analysis",
"comment": "",
"deleted": false,
"disable_correlation": false,
"object_relation": "permalink",
"timestamp": "1549626489",
"to_ids": false,
"type": "link",
"uuid": "c94e94a1-ffed-4b8d-be27-d3560d66f9db",
"value": "https://www.virustotal.com/file/31fafbc37dd3bc55e4dae9c3ffee48dfb132827a3adf836b33c205c6164fbecf/analysis/1549624164/"
},
{
"category": "Other",
"comment": "",
"deleted": false,
"disable_correlation": true,
"object_relation": "detection-ratio",
"timestamp": "1549626489",
"to_ids": false,
"type": "text",
"uuid": "e1fa2f15-90a3-43db-8950-7e7a94753eae",
"value": "42/69"
}
]
},
{
"comment": "",
"deleted": false,
"description": "File object describing a file with meta-information",
"meta-category": "file",
"name": "file",
"template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215",
"template_version": "11",
"timestamp": "1549626489",
"uuid": "11ab22da-a5e0-4a38-8fc3-9f9aaf44346a",
"ObjectReference": [
{
"comment": "",
"object_uuid": "11ab22da-a5e0-4a38-8fc3-9f9aaf44346a",
"referenced_uuid": "9368ef9c-5fcc-49f5-b13a-258fdafe4b15",
"relationship_type": "analysed-with",
"timestamp": "1549626490",
"uuid": "5c5d6c7a-4d94-4afe-a1ba-482e02de0b81"
}
],
"Attribute": [
{
"category": "Payload delivery",
"comment": "",
"deleted": false,
"disable_correlation": false,
"object_relation": "md5",
"timestamp": "1549626489",
"to_ids": true,
"type": "md5",
"uuid": "5692a0e4-164e-41b8-b0f1-264ab875f58d",
"value": "6b83c0cd765311d2144f7e7d5885e013"
},
{
"category": "Payload delivery",
"comment": "",
"deleted": false,
"disable_correlation": false,
"object_relation": "sha1",
"timestamp": "1549626489",
"to_ids": true,
"type": "sha1",
"uuid": "0b0b26ba-c301-47ce-8272-d9f14cd5dfce",
"value": "98c70361ea611ba33ee3a79816a88b2500ed7844"
},
{
"category": "Payload delivery",
"comment": "",
"deleted": false,
"disable_correlation": false,
"object_relation": "sha256",
"timestamp": "1549626489",
"to_ids": true,
"type": "sha256",
"uuid": "a7db9263-33a0-4d59-a5ff-937c63674a4e",
"value": "ef613c0b16f054289f1dc9791502306fced588a36183fa4b9625356dbe42af26"
}
]
},
{
"comment": "",
"deleted": false,
"description": "VirusTotal report",
"meta-category": "misc",
"name": "virustotal-report",
"template_uuid": "d7dd0154-e04f-4c34-a2fb-79f3a3a52aa4",
"template_version": "2",
"timestamp": "1549626489",
"uuid": "9368ef9c-5fcc-49f5-b13a-258fdafe4b15",
"Attribute": [
{
"category": "Other",
"comment": "",
"deleted": false,
"disable_correlation": false,
"object_relation": "last-submission",
"timestamp": "1549626489",
"to_ids": false,
"type": "datetime",
"uuid": "c71ec83e-f0b9-4acc-8afe-1922f0069167",
"value": "2019-02-08T11:09:27"
},
{
"category": "External analysis",
"comment": "",
"deleted": false,
"disable_correlation": false,
"object_relation": "permalink",
"timestamp": "1549626489",
"to_ids": false,
"type": "link",
"uuid": "9eb655e9-c49b-4626-baca-84a98b02d581",
"value": "https://www.virustotal.com/file/ef613c0b16f054289f1dc9791502306fced588a36183fa4b9625356dbe42af26/analysis/1549624167/"
},
{
"category": "Other",
"comment": "",
"deleted": false,
"disable_correlation": true,
"object_relation": "detection-ratio",
"timestamp": "1549626489",
"to_ids": false,
"type": "text",
"uuid": "d8dc19bf-e978-45f6-89db-8edb60a7ea37",
"value": "43/70"
}
]
},
{
"comment": "",
"deleted": false,
"description": "File object describing a file with meta-information",
"meta-category": "file",
"name": "file",
"template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215",
"template_version": "11",
"timestamp": "1549626489",
"uuid": "46b1753f-048d-42c6-ad26-3ecc56d33076",
"ObjectReference": [
{
"comment": "",
"object_uuid": "46b1753f-048d-42c6-ad26-3ecc56d33076",
"referenced_uuid": "07554fd7-f152-4243-805d-c359f5334102",
"relationship_type": "analysed-with",
"timestamp": "1549626490",
"uuid": "5c5d6c7a-4150-419c-865b-487602de0b81"
}
],
"Attribute": [
{
"category": "Payload delivery",
"comment": "",
"deleted": false,
"disable_correlation": false,
"object_relation": "md5",
"timestamp": "1549626489",
"to_ids": true,
"type": "md5",
"uuid": "4d2d442c-6d82-4da7-a0a7-a81866932629",
"value": "3e63651c8ee9143db65c6c1f12936437"
},
{
"category": "Payload delivery",
"comment": "",
"deleted": false,
"disable_correlation": false,
"object_relation": "sha1",
"timestamp": "1549626489",
"to_ids": true,
"type": "sha1",
"uuid": "008da795-367d-45a5-9e9f-f28dba63d99f",
"value": "4075375a08273e65c223116ecd2cef903ba97b1e"
},
{
"category": "Payload delivery",
"comment": "",
"deleted": false,
"disable_correlation": false,
"object_relation": "sha256",
"timestamp": "1549626489",
"to_ids": true,
"type": "sha256",
"uuid": "56adbf34-d38d-4846-8728-f693ada83a06",
"value": "4054ca079a1c1af7a9531c160be7025930e45e739af847b264ca6a49b0ea0571"
}
]
},
{
"comment": "",
"deleted": false,
"description": "VirusTotal report",
"meta-category": "misc",
"name": "virustotal-report",
"template_uuid": "d7dd0154-e04f-4c34-a2fb-79f3a3a52aa4",
"template_version": "2",
"timestamp": "1549626489",
"uuid": "07554fd7-f152-4243-805d-c359f5334102",
"Attribute": [
{
"category": "Other",
"comment": "",
"deleted": false,
"disable_correlation": false,
"object_relation": "last-submission",
"timestamp": "1549626489",
"to_ids": false,
"type": "datetime",
"uuid": "117cbced-d0e7-4fa6-8cf9-1296a2c59163",
"value": "2019-02-08T11:09:24"
},
{
"category": "External analysis",
"comment": "",
"deleted": false,
"disable_correlation": false,
"object_relation": "permalink",
"timestamp": "1549626489",
"to_ids": false,
"type": "link",
"uuid": "4602b191-b961-4bb4-9acd-9a09b91bc4f8",
"value": "https://www.virustotal.com/file/4054ca079a1c1af7a9531c160be7025930e45e739af847b264ca6a49b0ea0571/analysis/1549624164/"
},
{
"category": "Other",
"comment": "",
"deleted": false,
"disable_correlation": true,
"object_relation": "detection-ratio",
"timestamp": "1549626489",
"to_ids": false,
"type": "text",
"uuid": "3c574c96-6ad6-47c2-b95c-aa1fa77c96b2",
"value": "29/69"
}
]
}
]
}
}