10888 lines
1.6 MiB
JSON
10888 lines
1.6 MiB
JSON
|
{
|
||
|
"Event": {
|
||
|
"analysis": "0",
|
||
|
"date": "2022-01-28",
|
||
|
"extends_uuid": "",
|
||
|
"info": "Compromised host delivering malware (Mirai)",
|
||
|
"publish_timestamp": "1643380310",
|
||
|
"published": true,
|
||
|
"threat_level_id": "1",
|
||
|
"timestamp": "1643379935",
|
||
|
"uuid": "91a106b2-5ae3-4433-a885-fe3023adb768",
|
||
|
"Orgc": {
|
||
|
"name": "CIRCL",
|
||
|
"uuid": "55f6ea5e-2c60-40e5-964f-47a8950d210f"
|
||
|
},
|
||
|
"Tag": [
|
||
|
{
|
||
|
"colour": "#2d0048",
|
||
|
"name": "adversary:infrastructure-status=\"compromised\""
|
||
|
},
|
||
|
{
|
||
|
"colour": "#004646",
|
||
|
"name": "type:OSINT"
|
||
|
},
|
||
|
{
|
||
|
"colour": "#0071c3",
|
||
|
"name": "osint:lifetime=\"perpetual\""
|
||
|
},
|
||
|
{
|
||
|
"colour": "#0087e8",
|
||
|
"name": "osint:certainty=\"50\""
|
||
|
},
|
||
|
{
|
||
|
"colour": "#ffffff",
|
||
|
"name": "tlp:white"
|
||
|
},
|
||
|
{
|
||
|
"colour": "#0088cc",
|
||
|
"name": "misp-galaxy:botnet=\"Mirai\""
|
||
|
},
|
||
|
{
|
||
|
"colour": "#0088cc",
|
||
|
"name": "misp-galaxy:tool=\"Mirai\""
|
||
|
}
|
||
|
],
|
||
|
"Attribute": [
|
||
|
{
|
||
|
"category": "Network activity",
|
||
|
"comment": "",
|
||
|
"deleted": false,
|
||
|
"disable_correlation": false,
|
||
|
"timestamp": "1643379499",
|
||
|
"to_ids": true,
|
||
|
"type": "url",
|
||
|
"uuid": "dc82a7fa-cd22-468d-8810-2ed1f22ba2eb",
|
||
|
"value": "http://37.49.229.172/file"
|
||
|
},
|
||
|
{
|
||
|
"category": "Network activity",
|
||
|
"comment": "",
|
||
|
"deleted": false,
|
||
|
"disable_correlation": false,
|
||
|
"timestamp": "1643379499",
|
||
|
"to_ids": true,
|
||
|
"type": "url",
|
||
|
"uuid": "c3520808-4ace-4388-9940-1fb577023982",
|
||
|
"value": "https://teknowmuzical.top/"
|
||
|
},
|
||
|
{
|
||
|
"category": "Network activity",
|
||
|
"comment": "",
|
||
|
"deleted": false,
|
||
|
"disable_correlation": false,
|
||
|
"timestamp": "1643379499",
|
||
|
"to_ids": true,
|
||
|
"type": "url",
|
||
|
"uuid": "7fe8013c-5cd2-4359-ae1b-ea7be7583973",
|
||
|
"value": "http://teknowmuzical.top/"
|
||
|
},
|
||
|
{
|
||
|
"category": "Network activity",
|
||
|
"comment": "",
|
||
|
"deleted": false,
|
||
|
"disable_correlation": false,
|
||
|
"timestamp": "1643379499",
|
||
|
"to_ids": true,
|
||
|
"type": "url",
|
||
|
"uuid": "2a7f462b-5bf6-4ff7-a9f7-f9536c9e4982",
|
||
|
"value": "http://teknowmuzical.top/files.gz"
|
||
|
},
|
||
|
{
|
||
|
"category": "Network activity",
|
||
|
"comment": "",
|
||
|
"deleted": false,
|
||
|
"disable_correlation": false,
|
||
|
"timestamp": "1643379499",
|
||
|
"to_ids": true,
|
||
|
"type": "url",
|
||
|
"uuid": "f0aba59e-f6bd-43ce-9fdc-06bffe6f47b0",
|
||
|
"value": "http://teknowmuzical.top/sfiles.gz"
|
||
|
},
|
||
|
{
|
||
|
"category": "Network activity",
|
||
|
"comment": "",
|
||
|
"deleted": false,
|
||
|
"disable_correlation": false,
|
||
|
"timestamp": "1643379499",
|
||
|
"to_ids": true,
|
||
|
"type": "url",
|
||
|
"uuid": "bfc5825b-72f1-47a1-94e1-bb2b6147266b",
|
||
|
"value": "http://37.49.229.172/i.php"
|
||
|
}
|
||
|
],
|
||
|
"Object": [
|
||
|
{
|
||
|
"comment": "",
|
||
|
"deleted": false,
|
||
|
"description": "Object describing a section of an Executable and Linkable Format",
|
||
|
"meta-category": "file",
|
||
|
"name": "elf-section",
|
||
|
"template_uuid": "ca271f32-1234-4e87-b240-6b6e882de5de",
|
||
|
"template_version": "4",
|
||
|
"timestamp": "1643379037",
|
||
|
"uuid": "14c643f9-c048-4601-b355-4101d32e721d",
|
||
|
"Attribute": [
|
||
|
{
|
||
|
"category": "Other",
|
||
|
"comment": "",
|
||
|
"deleted": false,
|
||
|
"disable_correlation": true,
|
||
|
"object_relation": "type",
|
||
|
"timestamp": "1643379037",
|
||
|
"to_ids": false,
|
||
|
"type": "text",
|
||
|
"uuid": "90a2148c-d035-4a5a-afec-2792d14a413c",
|
||
|
"value": "NULL"
|
||
|
},
|
||
|
{
|
||
|
"category": "Other",
|
||
|
"comment": "",
|
||
|
"deleted": false,
|
||
|
"disable_correlation": true,
|
||
|
"object_relation": "size-in-bytes",
|
||
|
"timestamp": "1643379037",
|
||
|
"to_ids": false,
|
||
|
"type": "size-in-bytes",
|
||
|
"uuid": "f7a95758-6d74-4a15-a956-b8ed6b08d329",
|
||
|
"value": "0"
|
||
|
}
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"comment": "",
|
||
|
"deleted": false,
|
||
|
"description": "Object describing a section of an Executable and Linkable Format",
|
||
|
"meta-category": "file",
|
||
|
"name": "elf-section",
|
||
|
"template_uuid": "ca271f32-1234-4e87-b240-6b6e882de5de",
|
||
|
"template_version": "4",
|
||
|
"timestamp": "1643379037",
|
||
|
"uuid": "6d288686-4691-4554-afdb-d06cbc07136b",
|
||
|
"Attribute": [
|
||
|
{
|
||
|
"category": "Other",
|
||
|
"comment": "",
|
||
|
"deleted": false,
|
||
|
"disable_correlation": true,
|
||
|
"object_relation": "name",
|
||
|
"timestamp": "1643379037",
|
||
|
"to_ids": false,
|
||
|
"type": "text",
|
||
|
"uuid": "a55010bf-6b0f-415f-921e-e97fecef4823",
|
||
|
"value": ".note.gnu.build-id"
|
||
|
},
|
||
|
{
|
||
|
"category": "Other",
|
||
|
"comment": "",
|
||
|
"deleted": false,
|
||
|
"disable_correlation": true,
|
||
|
"object_relation": "type",
|
||
|
"timestamp": "1643379037",
|
||
|
"to_ids": false,
|
||
|
"type": "text",
|
||
|
"uuid": "c095fcfe-9cdd-4534-9584-fccfc63e28e2",
|
||
|
"value": "NOTE"
|
||
|
},
|
||
|
{
|
||
|
"category": "Other",
|
||
|
"comment": "",
|
||
|
"deleted": false,
|
||
|
"disable_correlation": true,
|
||
|
"object_relation": "flag",
|
||
|
"timestamp": "1643379037",
|
||
|
"to_ids": false,
|
||
|
"type": "text",
|
||
|
"uuid": "2572358a-c67c-4e7a-8356-6d58c38a7136",
|
||
|
"value": "ALLOC"
|
||
|
},
|
||
|
{
|
||
|
"category": "Other",
|
||
|
"comment": "",
|
||
|
"deleted": false,
|
||
|
"disable_correlation": true,
|
||
|
"object_relation": "size-in-bytes",
|
||
|
"timestamp": "1643379037",
|
||
|
"to_ids": false,
|
||
|
"type": "size-in-bytes",
|
||
|
"uuid": "c9b4fd04-686c-4966-8eed-cc20f0c54b73",
|
||
|
"value": "36"
|
||
|
},
|
||
|
{
|
||
|
"category": "Other",
|
||
|
"comment": "",
|
||
|
"deleted": false,
|
||
|
"disable_correlation": true,
|
||
|
"object_relation": "entropy",
|
||
|
"timestamp": "1643379037",
|
||
|
"to_ids": false,
|
||
|
"type": "float",
|
||
|
"uuid": "7fd4bc6e-9a0b-46fa-bb65-6103ef68ad01",
|
||
|
"value": "4.1360560861958"
|
||
|
},
|
||
|
{
|
||
|
"category": "Payload delivery",
|
||
|
"comment": "",
|
||
|
"deleted": false,
|
||
|
"disable_correlation": false,
|
||
|
"object_relation": "md5",
|
||
|
"timestamp": "1643379037",
|
||
|
"to_ids": true,
|
||
|
"type": "md5",
|
||
|
"uuid": "f4d1ec35-1111-4135-9c08-1df09bc2db1c",
|
||
|
"value": "bf3ea22ac04c8eae8a62485d436c79b9"
|
||
|
},
|
||
|
{
|
||
|
"category": "Payload delivery",
|
||
|
"comment": "",
|
||
|
"deleted": false,
|
||
|
"disable_correlation": false,
|
||
|
"object_relation": "sha1",
|
||
|
"timestamp": "1643379037",
|
||
|
"to_ids": true,
|
||
|
"type": "sha1",
|
||
|
"uuid": "d3725b7a-876e-4bd9-a8df-c72a09a232a1",
|
||
|
"value": "ef08a0f6714663c35104ccbc1428f6ce198a2101"
|
||
|
},
|
||
|
{
|
||
|
"category": "Payload delivery",
|
||
|
"comment": "",
|
||
|
"deleted": false,
|
||
|
"disable_correlation": false,
|
||
|
"object_relation": "sha256",
|
||
|
"timestamp": "1643379037",
|
||
|
"to_ids": true,
|
||
|
"type": "sha256",
|
||
|
"uuid": "4c20c5f5-545a-41be-a1b8-218f81fc30e4",
|
||
|
"value": "709e5cb7547e0b8cb200748b67058ace84f940095fc239d9c69d5774a8639f7a"
|
||
|
},
|
||
|
{
|
||
|
"category": "Payload delivery",
|
||
|
"comment": "",
|
||
|
"deleted": false,
|
||
|
"disable_correlation": false,
|
||
|
"object_relation": "sha512",
|
||
|
"timestamp": "1643379037",
|
||
|
"to_ids": true,
|
||
|
"type": "sha512",
|
||
|
"uuid": "a00f5eab-a372-472d-b423-dca95f6c18c8",
|
||
|
"value": "552272399253e57f8f84e1c17eb54cf29c38bae7d257ef7cc6702e2ad97431e7b8d561410ea75b7abf53e2a9a46cdd5db717249f390c62d6770668c0fb108f9c"
|
||
|
},
|
||
|
{
|
||
|
"category": "Payload delivery",
|
||
|
"comment": "",
|
||
|
"deleted": false,
|
||
|
"disable_correlation": false,
|
||
|
"object_relation": "ssdeep",
|
||
|
"timestamp": "1643379037",
|
||
|
"to_ids": true,
|
||
|
"type": "ssdeep",
|
||
|
"uuid": "0241c8bd-1b8a-4969-8ec9-d2830d743730",
|
||
|
"value": "3:ll/yly/s2rNn:io/Ln"
|
||
|
}
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"comment": "",
|
||
|
"deleted": false,
|
||
|
"description": "Object describing a section of an Executable and Linkable Format",
|
||
|
"meta-category": "file",
|
||
|
"name": "elf-section",
|
||
|
"template_uuid": "ca271f32-1234-4e87-b240-6b6e882de5de",
|
||
|
"template_version": "4",
|
||
|
"timestamp": "1643379037",
|
||
|
"uuid": "620c41d2-3464-44e1-9cc4-ac26810a471d",
|
||
|
"Attribute": [
|
||
|
{
|
||
|
"category": "Other",
|
||
|
"comment": "",
|
||
|
"deleted": false,
|
||
|
"disable_correlation": true,
|
||
|
"object_relation": "name",
|
||
|
"timestamp": "1643379037",
|
||
|
"to_ids": false,
|
||
|
"type": "text",
|
||
|
"uuid": "b835b80f-d58c-4e46-8c1c-e9b7aef91704",
|
||
|
"value": ".note.ABI-tag"
|
||
|
},
|
||
|
{
|
||
|
"category": "Other",
|
||
|
"comment": "",
|
||
|
"deleted": false,
|
||
|
"disable_correlation": true,
|
||
|
"object_relation": "type",
|
||
|
"timestamp": "1643379037",
|
||
|
"to_ids": false,
|
||
|
"type": "text",
|
||
|
"uuid": "458ba5ce-ab86-4509-a40a-5a086a6777fa",
|
||
|
"value": "NOTE"
|
||
|
},
|
||
|
{
|
||
|
"category": "Other",
|
||
|
"comment": "",
|
||
|
"deleted": false,
|
||
|
"disable_correlation": true,
|
||
|
"object_relation": "flag",
|
||
|
"timestamp": "1643379037",
|
||
|
"to_ids": false,
|
||
|
"type": "text",
|
||
|
"uuid": "6b4d0d72-a42e-43cd-8a6e-6b79c3ecfa0d",
|
||
|
"value": "ALLOC"
|
||
|
},
|
||
|
{
|
||
|
"category": "Other",
|
||
|
"comment": "",
|
||
|
"deleted": false,
|
||
|
"disable_correlation": true,
|
||
|
"object_relation": "size-in-bytes",
|
||
|
"timestamp": "1643379037",
|
||
|
"to_ids": false,
|
||
|
"type": "size-in-bytes",
|
||
|
"uuid": "ddb13072-a5f5-463a-ab3c-1af4ca2c2d27",
|
||
|
"value": "32"
|
||
|
},
|
||
|
{
|
||
|
"category": "Other",
|
||
|
"comment": "",
|
||
|
"deleted": false,
|
||
|
"disable_correlation": true,
|
||
|
"object_relation": "entropy",
|
||
|
"timestamp": "1643379037",
|
||
|
"to_ids": false,
|
||
|
"type": "float",
|
||
|
"uuid": "4dca6179-2ae3-4722-8afd-a5a2f3e61072",
|
||
|
"value": "1.5612781244591"
|
||
|
},
|
||
|
{
|
||
|
"category": "Payload delivery",
|
||
|
"comment": "",
|
||
|
"deleted": false,
|
||
|
"disable_correlation": false,
|
||
|
"object_relation": "md5",
|
||
|
"timestamp": "1643379037",
|
||
|
"to_ids": true,
|
||
|
"type": "md5",
|
||
|
"uuid": "441492d6-68c7-4852-8e1b-46cb3695005e",
|
||
|
"value": "3ac31b2ebb8a59ed3542fd7de044fbeb"
|
||
|
},
|
||
|
{
|
||
|
"category": "Payload delivery",
|
||
|
"comment": "",
|
||
|
"deleted": false,
|
||
|
"disable_correlation": false,
|
||
|
"object_relation": "sha1",
|
||
|
"timestamp": "1643379037",
|
||
|
"to_ids": true,
|
||
|
"type": "sha1",
|
||
|
"uuid": "094d2f92-99c6-4ee7-939e-5389eac97e67",
|
||
|
"value": "ff30407c37eea291004a26a28d988eeedd0ea449"
|
||
|
},
|
||
|
{
|
||
|
"category": "Payload delivery",
|
||
|
"comment": "",
|
||
|
"deleted": false,
|
||
|
"disable_correlation": false,
|
||
|
"object_relation": "sha256",
|
||
|
"timestamp": "1643379037",
|
||
|
"to_ids": true,
|
||
|
"type": "sha256",
|
||
|
"uuid": "5c49bdf4-e33e-461d-a080-92aa3ff3d918",
|
||
|
"value": "6e48317ad93a8ac2dc04321465ede06d1274543fc8ab172e68171a9d684bb313"
|
||
|
},
|
||
|
{
|
||
|
"category": "Payload delivery",
|
||
|
"comment": "",
|
||
|
"deleted": false,
|
||
|
"disable_correlation": false,
|
||
|
"object_relation": "sha512",
|
||
|
"timestamp": "1643379037",
|
||
|
"to_ids": true,
|
||
|
"type": "sha512",
|
||
|
"uuid": "bdbce931-d90e-44ac-9862-04077fa0d9b2",
|
||
|
"value": "a4cbd38f6b8bf2cacbdc70c4db792e2a7d2159a36f84d41daec7164b1c435190667dfe16891cb6ef3339c0f0190bd43735b26794734ebe63a39f8694ae01aeb0"
|
||
|
},
|
||
|
{
|
||
|
"category": "Payload delivery",
|
||
|
"comment": "",
|
||
|
"deleted": false,
|
||
|
"disable_correlation": false,
|
||
|
"object_relation": "ssdeep",
|
||
|
"timestamp": "1643379037",
|
||
|
"to_ids": true,
|
||
|
"type": "ssdeep",
|
||
|
"uuid": "40659106-f8aa-4014-a371-6b5911bbc4cf",
|
||
|
"value": "3:hlslqklllsl:wlqk"
|
||
|
}
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"comment": "",
|
||
|
"deleted": false,
|
||
|
"description": "Object describing a section of an Executable and Linkable Format",
|
||
|
"meta-category": "file",
|
||
|
"name": "elf-section",
|
||
|
"template_uuid": "ca271f32-1234-4e87-b240-6b6e882de5de",
|
||
|
"template_version": "4",
|
||
|
"timestamp": "1643379037",
|
||
|
"uuid": "c2f0df16-1c9f-4aee-9bd0-c28f8e7dc46b",
|
||
|
"Attribute": [
|
||
|
{
|
||
|
"category": "Other",
|
||
|
"comment": "",
|
||
|
"deleted": false,
|
||
|
"disable_correlation": true,
|
||
|
"object_relation": "name",
|
||
|
"timestamp": "1643379037",
|
||
|
"to_ids": false,
|
||
|
"type": "text",
|
||
|
"uuid": "985d6ea3-8631-4ce5-9fe7-2c77082e9096",
|
||
|
"value": ".rela.plt"
|
||
|
},
|
||
|
{
|
||
|
"category": "Other",
|
||
|
"comment": "",
|
||
|
"deleted": false,
|
||
|
"disable_correlation": true,
|
||
|
"object_relation": "type",
|
||
|
"timestamp": "1643379037",
|
||
|
"to_ids": false,
|
||
|
"type": "text",
|
||
|
"uuid": "e445e261-59f4-48dd-8fdb-fa8bad437058",
|
||
|
"value": "RELA"
|
||
|
},
|
||
|
{
|
||
|
"category": "Other",
|
||
|
"comment": "",
|
||
|
"deleted": false,
|
||
|
"disable_correlation": true,
|
||
|
"object_relation": "flag",
|
||
|
"timestamp": "1643379037",
|
||
|
"to_ids": false,
|
||
|
"type": "text",
|
||
|
"uuid": "58fcbfd1-24e8-4d1c-929b-de2c3540ffc8",
|
||
|
"value": "INFO_LINK"
|
||
|
},
|
||
|
{
|
||
|
"category": "Other",
|
||
|
"comment": "",
|
||
|
"deleted": false,
|
||
|
"disable_correlation": true,
|
||
|
"object_relation": "flag",
|
||
|
"timestamp": "1643379037",
|
||
|
"to_ids": false,
|
||
|
"type": "text",
|
||
|
"uuid": "bb7cce0c-090e-439a-a44a-760d6ea72323",
|
||
|
"value": "ALLOC"
|
||
|
},
|
||
|
{
|
||
|
"category": "Other",
|
||
|
"comment": "",
|
||
|
"deleted": false,
|
||
|
"disable_correlation": true,
|
||
|
"object_relation": "size-in-bytes",
|
||
|
"timestamp": "1643379037",
|
||
|
"to_ids": false,
|
||
|
"type": "size-in-bytes",
|
||
|
"uuid": "d2811aeb-e353-4810-a07d-057c5f365505",
|
||
|
"value": "720"
|
||
|
},
|
||
|
{
|
||
|
"category": "Other",
|
||
|
"comment": "",
|
||
|
"deleted": false,
|
||
|
"disable_correlation": true,
|
||
|
"object_relation": "entropy",
|
||
|
"timestamp": "1643379037",
|
||
|
"to_ids": false,
|
||
|
"type": "float",
|
||
|
"uuid": "9921f2b7-d67d-446f-9fc7-1036c469d635",
|
||
|
"value": "2.1805033054394"
|
||
|
},
|
||
|
{
|
||
|
"category": "Payload delivery",
|
||
|
"comment": "",
|
||
|
"deleted": false,
|
||
|
"disable_correlation": false,
|
||
|
"object_relation": "md5",
|
||
|
"timestamp": "1643379037",
|
||
|
"to_ids": true,
|
||
|
"type": "md5",
|
||
|
"uuid": "6221fa09-6184-45ee-b055-23cb7d09a9a6",
|
||
|
"value": "9c55b12ecee452dfc4b21363c0f988e8"
|
||
|
},
|
||
|
{
|
||
|
"category": "Payload delivery",
|
||
|
"comment": "",
|
||
|
"deleted": false,
|
||
|
"disable_correlation": false,
|
||
|
"object_relation": "sha1",
|
||
|
"timestamp": "1643379037",
|
||
|
"to_ids": true,
|
||
|
"type": "sha1",
|
||
|
"uuid": "24126647-df13-400c-8558-09c8cdfbc855",
|
||
|
"value": "a9b079210ea566585598ad0e97bc02c90741e657"
|
||
|
},
|
||
|
{
|
||
|
"category": "Payload delivery",
|
||
|
"comment": "",
|
||
|
"deleted": false,
|
||
|
"disable_correlation": false,
|
||
|
"object_relation": "sha256",
|
||
|
"timestamp": "1643379037",
|
||
|
"to_ids": true,
|
||
|
"type": "sha256",
|
||
|
"uuid": "d30aaa22-e1b5-4597-b923-5cd2e75b0a28",
|
||
|
"value": "c63eea6064b2c14f0ccd7a2cb1ded9c0df7a3db79ce8f322fb2c9428476840d1"
|
||
|
},
|
||
|
{
|
||
|
"category": "Payload delivery",
|
||
|
"comment": "",
|
||
|
"deleted": false,
|
||
|
"disable_correlation": false,
|
||
|
"object_relation": "sha512",
|
||
|
"timestamp": "1643379037",
|
||
|
"to_ids": true,
|
||
|
"type": "sha512",
|
||
|
"uuid": "2cb9db86-5063-4a8d-aba0-d80990965fd4",
|
||
|
"value": "673a7cc843eb7b15a461d9b3990dab2586e44814e362f5e41a9a69db21f36625c4f9bd8e10db57f7d32cef4524b63486345545afe18cb710c5ac7d56df9b5c41"
|
||
|
},
|
||
|
{
|
||
|
"category": "Payload delivery",
|
||
|
"comment": "",
|
||
|
"deleted": false,
|
||
|
"disable_correlation": false,
|
||
|
"object_relation": "ssdeep",
|
||
|
"timestamp": "1643379037",
|
||
|
"to_ids": true,
|
||
|
"type": "ssdeep",
|
||
|
"uuid": "bacfbcd4-b4d1-4a57-818d-c1de0ff23b76",
|
||
|
"value": "12:zm01BgUqw8G0IKTXtJOOZVO26pGkw+XiZqm4J:zm01Bxqw83IKTXtJOOZVO26pGkweiZq3"
|
||
|
}
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"comment": "",
|
||
|
"deleted": false,
|
||
|
"description": "Object describing a section of an Executable and Linkable Format",
|
||
|
"meta-category": "file",
|
||
|
"name": "elf-section",
|
||
|
"template_uuid": "ca271f32-1234-4e87-b240-6b6e882de5de",
|
||
|
"template_version": "4",
|
||
|
"timestamp": "1643379037",
|
||
|
"uuid": "7ae73141-0fe0-468b-a637-048283310d7c",
|
||
|
"Attribute": [
|
||
|
{
|
||
|
"category": "Other",
|
||
|
"comment": "",
|
||
|
"deleted": false,
|
||
|
"disable_correlation": true,
|
||
|
"object_relation": "name",
|
||
|
"timestamp": "1643379037",
|
||
|
"to_ids": false,
|
||
|
"type": "text",
|
||
|
"uuid": "c3486c39-8cd9-4a48-ae18-996fdd667788",
|
||
|
"value": ".init"
|
||
|
},
|
||
|
{
|
||
|
"category": "Other",
|
||
|
"comment": "",
|
||
|
"deleted": false,
|
||
|
"disable_correlation": true,
|
||
|
"object_relation": "type",
|
||
|
"timestamp": "1643379037",
|
||
|
"to_ids": false,
|
||
|
"type": "text",
|
||
|
"uuid": "7ac7e518-3005-495f-8b32-f9466959eccc",
|
||
|
"value": "PROGBITS"
|
||
|
},
|
||
|
{
|
||
|
"category": "Other",
|
||
|
"comment": "",
|
||
|
"deleted": false,
|
||
|
"disable_correlation": true,
|
||
|
"object_relation": "flag",
|
||
|
"timestamp": "1643379037",
|
||
|
"to_ids": false,
|
||
|
"type": "text",
|
||
|
"uuid": "9783586f-8f7a-4849-ba9f-c6419f2bf8f2",
|
||
|
"value": "ALLOC"
|
||
|
},
|
||
|
{
|
||
|
"category": "Other",
|
||
|
"comment": "",
|
||
|
"deleted": false,
|
||
|
"disable_correlation": true,
|
||
|
"object_relation": "flag",
|
||
|
"timestamp": "1643379037",
|
||
|
"to_ids": false,
|
||
|
"type": "text",
|
||
|
"uuid": "813fc008-2243-4063-b373-080ffb62f8e8",
|
||
|
"value": "EXECINSTR"
|
||
|
},
|
||
|
{
|
||
|
"category": "Other",
|
||
|
"comment": "",
|
||
|
"deleted": false,
|
||
|
"disable_correlation": true,
|
||
|
"object_relation": "size-in-bytes",
|
||
|
"timestamp": "1643379037",
|
||
|
"to_ids": false,
|
||
|
"type": "size-in-bytes",
|
||
|
"uuid": "b2be0944-a745-4f3f-af03-3ea6e9975910",
|
||
|
"value": "23"
|
||
|
},
|
||
|
{
|
||
|
"category": "Other",
|
||
|
"comment": "",
|
||
|
"deleted": false,
|
||
|
"disable_correlation": true,
|
||
|
"object_relation": "entropy",
|
||
|
"timestamp": "1643379037",
|
||
|
"to_ids": false,
|
||
|
"type": "float",
|
||
|
"uuid": "e448e3c3-f12d-4743-8fb0-ff62243494cc",
|
||
|
"value": "3.5670402169266"
|
||
|
},
|
||
|
{
|
||
|
"category": "Payload delivery",
|
||
|
"comment": "",
|
||
|
"deleted": false,
|
||
|
"disable_correlation": false,
|
||
|
"object_relation": "md5",
|
||
|
"timestamp": "1643379037",
|
||
|
"to_ids": true,
|
||
|
"type": "md5",
|
||
|
"uuid": "8e11a2b4-fe24-4603-b981-f896df19850d",
|
||
|
"value": "f04a7791ce8e0ac844b5836e22a70ef4"
|
||
|
},
|
||
|
{
|
||
|
"category": "Payload delivery",
|
||
|
"comment": "",
|
||
|
"deleted": false,
|
||
|
"disable_correlation": false,
|
||
|
"object_relation": "sha1",
|
||
|
"timestamp": "1643379037",
|
||
|
"to_ids": true,
|
||
|
"type": "sha1",
|
||
|
"uuid": "b0715e62-869e-402c-8958-e9060bc145dc",
|
||
|
"value": "c6856938bdc9fcecb040e17b9c66931cdd56938a"
|
||
|
},
|
||
|
{
|
||
|
"category": "Payload delivery",
|
||
|
"comment": "",
|
||
|
"deleted": false,
|
||
|
"disable_correlation": false,
|
||
|
"object_relation": "sha256",
|
||
|
"timestamp": "1643379037",
|
||
|
"to_ids": true,
|
||
|
"type": "sha256",
|
||
|
"uuid": "b55c31dd-c5c1-40ab-855b-60309519296b",
|
||
|
"value": "6435ea37bcfb4a907f6bbd90fc4846c2aa2ed0605eabd7dc43e3697401c95842"
|
||
|
},
|
||
|
{
|
||
|
"category": "Payload delivery",
|
||
|
"comment": "",
|
||
|
"deleted": false,
|
||
|
"disable_correlation": false,
|
||
|
"object_relation": "sha512",
|
||
|
"timestamp": "1643379037",
|
||
|
"to_ids": true,
|
||
|
"type": "sha512",
|
||
|
"uuid": "82c58a51-7f79-46a6-9a90-badd192b21c6",
|
||
|
"value": "86b816440cb81f67209529f4b9e6b13c2848b07f80233515e909e551cfe7d643c31db1264cebd193b53d3dfd8a79c95aade026b4ae76de867f6a20f660098c89"
|
||
|
},
|
||
|
{
|
||
|
"category": "Payload delivery",
|
||
|
"comment": "",
|
||
|
"deleted": false,
|
||
|
"disable_correlation": false,
|
||
|
"object_relation": "ssdeep",
|
||
|
"timestamp": "1643379037",
|
||
|
"to_ids": true,
|
||
|
"type": "ssdeep",
|
||
|
"uuid": "35153863-6c19-4236-9ab5-5f08558810f3",
|
||
|
"value": "3:4QgRVhU:ngJU"
|
||
|
}
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"comment": "",
|
||
|
"deleted": false,
|
||
|
"description": "Object describing a section of an Executable and Linkable Format",
|
||
|
"meta-category": "file",
|
||
|
"name": "elf-section",
|
||
|
"template_uuid": "ca271f32-1234-4e87-b240-6b6e882de5de",
|
||
|
"template_version": "4",
|
||
|
"timestamp": "1643379037",
|
||
|
"uuid": "605fb316-826f-4791-8595-462693a9c897",
|
||
|
"Attribute": [
|
||
|
{
|
||
|
"category": "Other",
|
||
|
"comment": "",
|
||
|
"deleted": false,
|
||
|
"disable_correlation": true,
|
||
|
"object_relation": "name",
|
||
|
"timestamp": "1643379037",
|
||
|
"to_ids": false,
|
||
|
"type": "text",
|
||
|
"uuid": "b88a680f-f22c-467f-b3d1-9f3480c02105",
|
||
|
"value": ".plt"
|
||
|
},
|
||
|
{
|
||
|
"category": "Other",
|
||
|
"comment": "",
|
||
|
"deleted": false,
|
||
|
"disable_correlation": true,
|
||
|
"object_relation": "type",
|
||
|
"timestamp": "1643379037",
|
||
|
"to_ids": false,
|
||
|
"type": "text",
|
||
|
"uuid": "c7972ff0-b52d-43fa-9366-ffcd1a73fd1f",
|
||
|
"value": "PROGBITS"
|
||
|
},
|
||
|
{
|
||
|
"category": "Other",
|
||
|
"comment": "",
|
||
|
"deleted": false,
|
||
|
"disable_correlation": true,
|
||
|
"object_relation": "flag",
|
||
|
"timestamp": "1643379037",
|
||
|
"to_ids": false,
|
||
|
"type": "text",
|
||
|
"uuid": "ae8bb4ec-53f2-4127-8b86-362313009c1b",
|
||
|
"value": "ALLOC"
|
||
|
},
|
||
|
{
|
||
|
"category": "Other",
|
||
|
"comment": "",
|
||
|
"deleted": false,
|
||
|
"disable_correlation": true,
|
||
|
"object_relation": "flag",
|
||
|
"timestamp": "1643379037",
|
||
|
"to_ids": false,
|
||
|
"type": "text",
|
||
|
"uuid": "ee806079-7fd1-4c3e-93eb-c20060801525",
|
||
|
"value": "EXECINSTR"
|
||
|
},
|
||
|
{
|
||
|
"category": "Other",
|
||
|
"comment": "",
|
||
|
"deleted": false,
|
||
|
"disable_correlation": true,
|
||
|
"object_relation": "size-in-bytes",
|
||
|
"timestamp": "1643379037",
|
||
|
"to_ids": false,
|
||
|
"type": "size-in-bytes",
|
||
|
"uuid": "e0fcb054-2632-4b45-be23-a3509ec47bfb",
|
||
|
"value": "240"
|
||
|
},
|
||
|
{
|
||
|
"category": "Other",
|
||
|
"comment": "",
|
||
|
"deleted": false,
|
||
|
"disable_correlation": true,
|
||
|
"object_relation": "entropy",
|
||
|
"timestamp": "1643379037",
|
||
|
"to_ids": false,
|
||
|
"type": "float",
|
||
|
"uuid": "c904503e-c1b5-4a5f-8427-cab5e838540d",
|
||
|
"value": "3"
|
||
|
},
|
||
|
{
|
||
|
"category": "Payload delivery",
|
||
|
"comment": "",
|
||
|
"deleted": false,
|
||
|
"disable_correlation": false,
|
||
|
"object_relation": "md5",
|
||
|
"timestamp": "1643379037",
|
||
|
"to_ids": true,
|
||
|
"type": "md5",
|
||
|
"uuid": "415ddf61-f9e2-467a-b327-8c0599a655b9",
|
||
|
"value": "71b1324a418e99f531163b6bc2a9b45f"
|
||
|
},
|
||
|
{
|
||
|
"category": "Payload delivery",
|
||
|
"comment": "",
|
||
|
"deleted": false,
|
||
|
"disable_correlation": false,
|
||
|
"object_relation": "sha1",
|
||
|
"timestamp": "1643379037",
|
||
|
"to_ids": true,
|
||
|
"type": "sha1",
|
||
|
"uuid": "ea227c98-bbf1-4888-9fbc-d4ff34210c95",
|
||
|
"value": "44abf51c6235774f8fcab452157b975526b5fdf1"
|
||
|
},
|
||
|
{
|
||
|
"category": "Payload delivery",
|
||
|
"comment": "",
|
||
|
"deleted": false,
|
||
|
"disable_correlation": false,
|
||
|
"object_relation": "sha256",
|
||
|
"timestamp": "1643379037",
|
||
|
"to_ids": true,
|
||
|
"type": "sha256",
|
||
|
"uuid": "9a83c356-89bd-4ece-bc1d-4afaa2a7ea9b",
|
||
|
"value": "85dfb9afda74c54f07857c16630c80d22bf27869242b2e70e69e8e0a30ca2f06"
|
||
|
},
|
||
|
{
|
||
|
"category": "Payload delivery",
|
||
|
"comment": "",
|
||
|
"deleted": false,
|
||
|
"disable_correlation": false,
|
||
|
"object_relation": "sha512",
|
||
|
"timestamp": "1643379037",
|
||
|
"to_ids": true,
|
||
|
"type": "sha512",
|
||
|
"uuid": "6dc6db42-4baa-4a33-8f25-b099b21e74e2",
|
||
|
"value": "eecdd17c872ab7a8daa2f962de564462518908b5adbdd1ad7dfb08ad90b6b6cf85de196176c97eb12e79bb60806b8ad79bfcc1f3d13e7289dc44618a7607b11e"
|
||
|
},
|
||
|
{
|
||
|
"category": "Payload delivery",
|
||
|
"comment": "",
|
||
|
"deleted": false,
|
||
|
"disable_correlation": false,
|
||
|
"object_relation": "ssdeep",
|
||
|
"timestamp": "1643379037",
|
||
|
"to_ids": true,
|
||
|
"type": "ssdeep",
|
||
|
"uuid": "61254583-a3b2-49e9-bdd9-c3be2893d0cf",
|
||
|
"value": "3:LfKP0L0L0L0L0L0L0L0L0L0L0L0L0L0L0L0L0L0L0L0L0L0L0L0L0L0L0L0L0Ln:r/"
|
||
|
}
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"comment": "",
|
||
|
"deleted": false,
|
||
|
"description": "Object describing a section of an Executable and Linkable Format",
|
||
|
"meta-category": "file",
|
||
|
"name": "elf-section",
|
||
|
"template_uuid": "ca271f32-1234-4e87-b240-6b6e882de5de",
|
||
|
"template_version": "4",
|
||
|
"timestamp": "1643379037",
|
||
|
"uuid": "d89db1f3-12a7-406c-b60a-407b435ff6f9",
|
||
|
"Attribute": [
|
||
|
{
|
||
|
"category": "Other",
|
||
|
"comment": "",
|
||
|
"deleted": false,
|
||
|
"disable_correlation": true,
|
||
|
"object_relation": "name",
|
||
|
"timestamp": "1643379037",
|
||
|
"to_ids": false,
|
||
|
"type": "text",
|
||
|
"uuid": "cbc64792-3e6b-4e05-95ed-b6a6072249a9",
|
||
|
"value": ".text"
|
||
|
},
|
||
|
{
|
||
|
"category": "Other",
|
||
|
"comment": "",
|
||
|
"deleted": false,
|
||
|
"disable_correlation": true,
|
||
|
"object_relation": "type",
|
||
|
"timestamp": "1643379037",
|
||
|
"to_ids": false,
|
||
|
"type": "text",
|
||
|
"uuid": "9285265f-cf17-4472-bda3-0ba22c7375ef",
|
||
|
"value": "PROGBITS"
|
||
|
},
|
||
|
{
|
||
|
"category": "Other",
|
||
|
"comment": "",
|
||
|
"deleted": false,
|
||
|
"disable_correlation": true,
|
||
|
"object_relation": "flag",
|
||
|
"timestamp": "1643379037",
|
||
|
"to_ids": false,
|
||
|
"type": "text",
|
||
|
"uuid": "662c5969-efa4-4830-9c6b-3d88de93ab6b",
|
||
|
"value": "ALLOC"
|
||
|
},
|
||
|
{
|
||
|
"category": "Other",
|
||
|
"comment": "",
|
||
|
"deleted": false,
|
||
|
"disable_correlation": true,
|
||
|
"object_relation": "flag",
|
||
|
"timestamp": "1643379037",
|
||
|
"to_ids": false,
|
||
|
"type": "text",
|
||
|
"uuid": "e72464d4-e794-4acb-89a7-9b0293c84f1b",
|
||
|
"value": "EXECINSTR"
|
||
|
},
|
||
|
{
|
||
|
"category": "Other",
|
||
|
"comment": "",
|
||
|
"deleted": false,
|
||
|
"disable_correlation": true,
|
||
|
"object_relation": "size-in-bytes",
|
||
|
"timestamp": "1643379037",
|
||
|
"to_ids": false,
|
||
|
"type": "size-in-bytes",
|
||
|
"uuid": "00ebc3ca-1e45-4df3-9796-0ff3791f4498",
|
||
|
"value": "751920"
|
||
|
},
|
||
|
{
|
||
|
"category": "Other",
|
||
|
"comment": "",
|
||
|
"deleted": false,
|
||
|
"disable_correlation": true,
|
||
|
"object_relation": "entropy",
|
||
|
"timestamp": "1643379037",
|
||
|
"to_ids": false,
|
||
|
"type": "float",
|
||
|
"uuid": "105175fa-1123-4a33-b923-0db5d31e9158",
|
||
|
"value": "6.4136158596844"
|
||
|
},
|
||
|
{
|
||
|
"category": "Payload delivery",
|
||
|
"comment": "",
|
||
|
"deleted": false,
|
||
|
"disable_correlation": false,
|
||
|
"object_relation": "md5",
|
||
|
"timestamp": "1643379037",
|
||
|
"to_ids": true,
|
||
|
"type": "md5",
|
||
|
"uuid": "55fd9542-57d6-4a1d-a014-4f5b4aa819d3",
|
||
|
"value": "13632ccc865f0dcc9e7feeefc846937c"
|
||
|
},
|
||
|
{
|
||
|
"category": "Payload delivery",
|
||
|
"comment": "",
|
||
|
"deleted": false,
|
||
|
"disable_correlation": false,
|
||
|
"object_relation": "sha1",
|
||
|
"timestamp": "1643379038",
|
||
|
"to_ids": true,
|
||
|
"type": "sha1",
|
||
|
"uuid": "89808b70-c367-45e2-aecb-5f06aad9214b",
|
||
|
"value": "bcfdbe37f0c1fe09965ed0167dd6e54bb300edf9"
|
||
|
},
|
||
|
{
|
||
|
"category": "Payload delivery",
|
||
|
"comment": "",
|
||
|
"deleted": false,
|
||
|
"disable_correlation": false,
|
||
|
"object_relation": "sha256",
|
||
|
"timestamp": "1643379038",
|
||
|
"to_ids": true,
|
||
|
"type": "sha256",
|
||
|
"uuid": "3b1d3eea-1b01-4558-8259-61917ef27b64",
|
||
|
"value": "c56a5bd81d3b5c6b297a779215ddf3e61ad8c7821931379c4d8dbdb27cfc9718"
|
||
|
},
|
||
|
{
|
||
|
"category": "Payload delivery",
|
||
|
"comment": "",
|
||
|
"deleted": false,
|
||
|
"disable_correlation": false,
|
||
|
"object_relation": "sha512",
|
||
|
"timestamp": "1643379038",
|
||
|
"to_ids": true,
|
||
|
"type": "sha512",
|
||
|
"uuid": "584d7cd7-8589-4277-b507-d90a4a108302",
|
||
|
"value": "7e98a788963643730ee30a11c1cacf14118453badb7758d9cc3ada72408775ab61a573284e3f770ae7ee20f8e91ed331aad49df4f7cf33af16e07c5605862d71"
|
||
|
},
|
||
|
{
|
||
|
"category": "Payload delivery",
|
||
|
"comment": "",
|
||
|
"deleted": false,
|
||
|
"disable_correlation": false,
|
||
|
"object_relation": "ssdeep",
|
||
|
"timestamp": "1643379038",
|
||
|
"to_ids": true,
|
||
|
"type": "ssdeep",
|
||
|
"uuid": "65588906-fa3a-40c8-869a-a0cf7afeaa6c",
|
||
|
"value": "12288:NUkkhE6pENVm/jwzAtRfYjz09InxIkLkBk:Gkm/jwzAt5koInxIm"
|
||
|
}
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"comment": "",
|
||
|
"deleted": false,
|
||
|
"description": "Object describing a section of an Executable and Linkable Format",
|
||
|
"meta-category": "file",
|
||
|
"name": "elf-section",
|
||
|
"template_uuid": "ca271f32-1234-4e87-b240-6b6e882de5de",
|
||
|
"template_version": "4",
|
||
|
"timestamp": "1643379038",
|
||
|
"uuid": "5b967d2c-daa7-457a-892e-e6eb46927b02",
|
||
|
"Attribute": [
|
||
|
{
|
||
|
"category": "Other",
|
||
|
"comment": "",
|
||
|
"deleted": false,
|
||
|
"disable_correlation": true,
|
||
|
"object_relation": "name",
|
||
|
"timestamp": "1643379038",
|
||
|
"to_ids": false,
|
||
|
"type": "text",
|
||
|
"uuid": "e7f8ffcd-1538-4a0e-b5bc-05a0f2c1198b",
|
||
|
"value": "__libc_freeres_fn"
|
||
|
},
|
||
|
{
|
||
|
"category": "Other",
|
||
|
"comment": "",
|
||
|
"deleted": false,
|
||
|
"disable_correlation": true,
|
||
|
"object_relation": "type",
|
||
|
"timestamp": "1643379038",
|
||
|
"to_ids": false,
|
||
|
"type": "text",
|
||
|
"uuid": "15be0061-d1cd-4331-875f-09db7db3900b",
|
||
|
"value": "PROGBITS"
|
||
|
},
|
||
|
{
|
||
|
"category": "Other",
|
||
|
"comment": "",
|
||
|
"deleted": false,
|
||
|
"disable_correlation": true,
|
||
|
"object_relation": "flag",
|
||
|
"timestamp": "1643379038",
|
||
|
"to_ids": false,
|
||
|
"type": "text",
|
||
|
"uuid": "081bd3aa-49d6-45d1-9f4b-67aa9f53e143",
|
||
|
"value": "ALLOC"
|
||
|
},
|
||
|
{
|
||
|
"category": "Other",
|
||
|
"comment": "",
|
||
|
"deleted": false,
|
||
|
"disable_correlation": true,
|
||
|
"object_relation": "flag",
|
||
|
"timestamp": "1643379038",
|
||
|
"to_ids": false,
|
||
|
"type": "text",
|
||
|
"uuid": "5b49bab9-64fa-4e17-8ee7-3bcaf3063a91",
|
||
|
"value": "EXECINSTR"
|
||
|
},
|
||
|
{
|
||
|
"category": "Other",
|
||
|
"comment": "",
|
||
|
"deleted": false,
|
||
|
"disable_correlation": true,
|
||
|
"object_relation": "size-in-bytes",
|
||
|
"timestamp": "1643379038",
|
||
|
"to_ids": false,
|
||
|
"type": "size-in-bytes",
|
||
|
"uuid": "1c6ff20a-e0d9-4530-8c17-eace550df05c",
|
||
|
"value": "2920"
|
||
|
},
|
||
|
{
|
||
|
"category": "Other",
|
||
|
"comment": "",
|
||
|
"deleted": false,
|
||
|
"disable_correlation": true,
|
||
|
"object_relation": "entropy",
|
||
|
"timestamp": "1643379038",
|
||
|
"to_ids": false,
|
||
|
"type": "float",
|
||
|
"uuid": "4b57977f-d22a-46d4-8b8c-6fa37c5a7c27",
|
||
|
"value": "6.0319278491528"
|
||
|
},
|
||
|
{
|
||
|
"category": "Payload delivery",
|
||
|
"comment": "",
|
||
|
"deleted": false,
|
||
|
"disable_correlation": false,
|
||
|
"object_relation": "md5",
|
||
|
"timestamp": "1643379038",
|
||
|
"to_ids": true,
|
||
|
"type": "md5",
|
||
|
"uuid": "7262268a-0d3f-4e45-9842-e017faa05a4e",
|
||
|
"value": "f00fa594145d046eb63deb1480a06ad5"
|
||
|
},
|
||
|
{
|
||
|
"category": "Payload delivery",
|
||
|
"comment": "",
|
||
|
"deleted": false,
|
||
|
"disable_correlation": false,
|
||
|
"object_relation": "sha1",
|
||
|
"timestamp": "1643379038",
|
||
|
"to_ids": true,
|
||
|
"type": "sha1",
|
||
|
"uuid": "6d5c8efb-2495-4094-8eae-fb460b750e58",
|
||
|
"value": "8d4895ab5aee8b98edc300fc8a1efabe6fee7f3d"
|
||
|
},
|
||
|
{
|
||
|
"category": "Payload delivery",
|
||
|
"comment": "",
|
||
|
"deleted": false,
|
||
|
"disable_correlation": false,
|
||
|
"object_relation": "sha256",
|
||
|
"timestamp": "1643379038",
|
||
|
"to_ids": true,
|
||
|
"type": "sha256",
|
||
|
"uuid": "61aa978a-fc07-4de2-9ca2-3a2f73fe1711",
|
||
|
"value": "e65d50cd4e3d5b752b13dfd83cf247ef2375e072b2a478cf8c2b724984152c87"
|
||
|
},
|
||
|
{
|
||
|
"category": "Payload delivery",
|
||
|
"comment": "",
|
||
|
"deleted": false,
|
||
|
"disable_correlation": false,
|
||
|
"object_relation": "sha512",
|
||
|
"timestamp": "1643379038",
|
||
|
"to_ids": true,
|
||
|
"type": "sha512",
|
||
|
"uuid": "e43a62ab-df62-473d-a5b9-1b2d822e4850",
|
||
|
"value": "38ae36d8907ba3c03707f6ae76cc64527616033f522bd3c51fc078f5a3084eb02f3dbd3237cbdd82814ed53cf19bcb6d1f3821a2d5640ca71987fecf133179a0"
|
||
|
},
|
||
|
{
|
||
|
"category": "Payload delivery",
|
||
|
"comment": "",
|
||
|
"deleted": false,
|
||
|
"disable_correlation": false,
|
||
|
"object_relation": "ssdeep",
|
||
|
"timestamp": "1643379038",
|
||
|
"to_ids": true,
|
||
|
"type": "ssdeep",
|
||
|
"uuid": "886866ea-a0c9-4905-a0d3-02949ac703d9",
|
||
|
"value": "48:B9NQtAzX2ebokMynB2WrkBRA9f4AWMzWc5f64QeobI6wfU11KDpNZb6t1:BPLXtlMoqpCpobI6w8PKNNZba"
|
||
|
}
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"comment": "",
|
||
|
"deleted": false,
|
||
|
"description": "Object describing a section of an Executable and Linkable Format",
|
||
|
"meta-category": "file",
|
||
|
"name": "elf-section",
|
||
|
"template_uuid": "ca271f32-1234-4e87-b240-6b6e882de5de",
|
||
|
"template_version": "4",
|
||
|
"timestamp": "1643379038",
|
||
|
"uuid": "b96b81c1-c42b-4b21-b55e-ae110dcef254",
|
||
|
"Attribute": [
|
||
|
{
|
||
|
"category": "Other",
|
||
|
"comment": "",
|
||
|
"deleted": false,
|
||
|
"disable_correlation": true,
|
||
|
"object_relation": "name",
|
||
|
"timestamp": "1643379038",
|
||
|
"to_ids": false,
|
||
|
"type": "text",
|
||
|
"uuid": "3981397e-ceb5-465e-938e-6ec5547200b2",
|
||
|
"value": ".fini"
|
||
|
},
|
||
|
{
|
||
|
"category": "Other",
|
||
|
"comment": "",
|
||
|
"deleted": false,
|
||
|
"disable_correlation": true,
|
||
|
"object_relation": "type",
|
||
|
"timestamp": "1643379038",
|
||
|
"to_ids": false,
|
||
|
"type": "text",
|
||
|
"uuid": "5d43e89c-e36a-4810-83d5-da4873cb1da8",
|
||
|
"value": "PROGBITS"
|
||
|
},
|
||
|
{
|
||
|
"category": "Other",
|
||
|
"comment": "",
|
||
|
"deleted": false,
|
||
|
"disable_correlation": true,
|
||
|
"object_relation": "flag",
|
||
|
"timestamp": "1643379038",
|
||
|
"to_ids": false,
|
||
|
"type": "text",
|
||
|
"uuid": "a89a4137-a77e-41ec-a708-f437a91b4922",
|
||
|
"value": "ALLOC"
|
||
|
},
|
||
|
{
|
||
|
"category": "Other",
|
||
|
"comment": "",
|
||
|
"deleted": false,
|
||
|
"disable_correlation": true,
|
||
|
"object_relation": "flag",
|
||
|
"timestamp": "1643379038",
|
||
|
"to_ids": false,
|
||
|
"type": "text",
|
||
|
"uuid": "d0426e70-79e4-4ec8-924f-354463d7b71a",
|
||
|
"value": "EXECINSTR"
|
||
|
},
|
||
|
{
|
||
|
"category": "Other",
|
||
|
"comment": "",
|
||
|
"deleted": false,
|
||
|
"disable_correlation": true,
|
||
|
"object_relation": "size-in-bytes",
|
||
|
"timestamp": "1643379038",
|
||
|
"to_ids": false,
|
||
|
"type": "size-in-bytes",
|
||
|
"uuid": "79e63404-0d07-4061-83d9-8ba2b0d9acf8",
|
||
|
"value": "9"
|
||
|
},
|
||
|
{
|
||
|
"category": "Other",
|
||
|
"comment": "",
|
||
|
"deleted": false,
|
||
|
"disable_correlation": true,
|
||
|
"object_relation": "entropy",
|
||
|
"timestamp": "1643379038",
|
||
|
"to_ids": false,
|
||
|
"type": "float",
|
||
|
"uuid": "6ab42e5e-410c-4740-af58-84e2e99692f8",
|
||
|
"value": "2.5032583347756"
|
||
|
},
|
||
|
{
|
||
|
"category": "Payload delivery",
|
||
|
"comment": "",
|
||
|
"deleted": false,
|
||
|
"disable_correlation": false,
|
||
|
"object_relation": "md5",
|
||
|
"timestamp": "1643379038",
|
||
|
"to_ids": true,
|
||
|
"type": "md5",
|
||
|
"uuid": "f823b76b-a897-4f06-b39b-2a217295b5fe",
|
||
|
"value": "c0ebd410fb9cd5628270064c1ed937ed"
|
||
|
},
|
||
|
{
|
||
|
"category": "Payload delivery",
|
||
|
"comment": "",
|
||
|
"deleted": false,
|
||
|
"disable_correlation": false,
|
||
|
"object_relation": "sha1",
|
||
|
"timestamp": "1643379038",
|
||
|
"to_ids": true,
|
||
|
"type": "sha1",
|
||
|
"uuid": "703201e7-4b99-4902-b102-342d627d2e53",
|
||
|
"value": "fa7de3c1bbc31c0cfd7a16048b53b1bce8d2c590"
|
||
|
},
|
||
|
{
|
||
|
"category": "Payload delivery",
|
||
|
"comment": "",
|
||
|
"deleted": false,
|
||
|
"disable_correlation": false,
|
||
|
"object_relation": "sha256",
|
||
|
"timestamp": "1643379038",
|
||
|
"to_ids": true,
|
||
|
"type": "sha256",
|
||
|
"uuid": "18fb9c22-fc49-4bd8-8923-dcb3e7494f1d",
|
||
|
"value": "66e6f54550612182b4ad78f30b140dd08318b968db3878de2db65fef87dc04d7"
|
||
|
},
|
||
|
{
|
||
|
"category": "Payload delivery",
|
||
|
"comment": "",
|
||
|
"deleted": false,
|
||
|
"disable_correlation": false,
|
||
|
"object_relation": "sha512",
|
||
|
"timestamp": "1643379038",
|
||
|
"to_ids": true,
|
||
|
"type": "sha512",
|
||
|
"uuid": "36a32145-de3a-43a2-9a2e-104853c45e88",
|
||
|
"value": "4852df44be27a842795bdc6d623c510b381f027399198ec6d481d90f29dbd6c5a3721460086e1080bb53b9fb5cf852e710f97f1dd4912ad61711150979c9e715"
|
||
|
},
|
||
|
{
|
||
|
"category": "Payload delivery",
|
||
|
"comment": "",
|
||
|
"deleted": false,
|
||
|
"disable_correlation": false,
|
||
|
"object_relation": "ssdeep",
|
||
|
"timestamp": "1643379038",
|
||
|
"to_ids": true,
|
||
|
"type": "ssdeep",
|
||
|
"uuid": "05e4102a-ef2e-41f9-a152-7d26a2c11193",
|
||
|
"value": "3:4Ui:ji"
|
||
|
}
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"comment": "",
|
||
|
"deleted": false,
|
||
|
"description": "Object describing a section of an Executable and Linkable Format",
|
||
|
"meta-category": "file",
|
||
|
"name": "elf-section",
|
||
|
"template_uuid": "ca271f32-1234-4e87-b240-6b6e882de5de",
|
||
|
"template_version": "4",
|
||
|
"timestamp": "1643379038",
|
||
|
"uuid": "37324a84-f710-4d2b-b579-037be8400fd8",
|
||
|
"Attribute": [
|
||
|
{
|
||
|
"category": "Other",
|
||
|
"comment": "",
|
||
|
"deleted": false,
|
||
|
"disable_correlation": true,
|
||
|
"object_relation": "name",
|
||
|
"timestamp": "1643379038",
|
||
|
"to_ids": false,
|
||
|
"type": "text",
|
||
|
"uuid": "5865ae55-592d-4f0e-b4dd-3a8072cfc9c0",
|
||
|
"value": ".rodata"
|
||
|
},
|
||
|
{
|
||
|
"category": "Other",
|
||
|
"comment": "",
|
||
|
"deleted": false,
|
||
|
"disable_correlation": true,
|
||
|
"object_relation": "type",
|
||
|
"timestamp": "1643379038",
|
||
|
"to_ids": false,
|
||
|
"type": "text",
|
||
|
"uuid": "b3b171ab-247d-44c9-be57-c7fcc906260a",
|
||
|
"value": "PROGBITS"
|
||
|
},
|
||
|
{
|
||
|
"category": "Other",
|
||
|
"comment": "",
|
||
|
"deleted": false,
|
||
|
"disable_correlation": true,
|
||
|
"object_relation": "flag",
|
||
|
"timestamp": "1643379038",
|
||
|
"to_ids": false,
|
||
|
"type": "text",
|
||
|
"uuid": "74fb3ae4-f093-4c77-b339-620287e0a7bf",
|
||
|
"value": "ALLOC"
|
||
|
},
|
||
|
{
|
||
|
"category": "Other",
|
||
|
"comment": "",
|
||
|
"deleted": false,
|
||
|
"disable_correlation": true,
|
||
|
"object_relation": "size-in-bytes",
|
||
|
"timestamp": "1643379038",
|
||
|
"to_ids": false,
|
||
|
"type": "size-in-bytes",
|
||
|
"uuid": "84271f38-df77-49c7-a996-be3c486151c1",
|
||
|
"value": "131044"
|
||
|
},
|
||
|
{
|
||
|
"category": "Other",
|
||
|
"comment": "",
|
||
|
"deleted": false,
|
||
|
"disable_correlation": true,
|
||
|
"object_relation": "entropy",
|
||
|
"timestamp": "1643379038",
|
||
|
"to_ids": false,
|
||
|
"type": "float",
|
||
|
"uuid": "7c620605-4e9e-4a76-9936-3215589c3f4a",
|
||
|
"value": "5.1104698168094"
|
||
|
},
|
||
|
{
|
||
|
"category": "Payload delivery",
|
||
|
"comment": "",
|
||
|
"deleted": false,
|
||
|
"disable_correlation": false,
|
||
|
"object_relation": "md5",
|
||
|
"timestamp": "1643379038",
|
||
|
"to_ids": true,
|
||
|
"type": "md5",
|
||
|
"uuid": "07a7e22d-5093-4190-9ac8-6278c47bb7c0",
|
||
|
"value": "15e1a1b46c00913f46ae743a75af34a4"
|
||
|
},
|
||
|
{
|
||
|
"category": "Payload delivery",
|
||
|
"comment": "",
|
||
|
"deleted": false,
|
||
|
"disable_correlation": false,
|
||
|
"object_relation": "sha1",
|
||
|
"timestamp": "1643379038",
|
||
|
"to_ids": true,
|
||
|
"type": "sha1",
|
||
|
"uuid": "fc1ec5e7-4198-4f1d-9420-e25288a0dee4",
|
||
|
"value": "48433bca2f819da39ea903f95f9d654981c85964"
|
||
|
},
|
||
|
{
|
||
|
"category": "Payload delivery",
|
||
|
"comment": "",
|
||
|
"deleted": false,
|
||
|
"disable_correlation": false,
|
||
|
"object_relation": "sha256",
|
||
|
"timestamp": "1643379038",
|
||
|
"to_ids": true,
|
||
|
"type": "sha256",
|
||
|
"uuid": "e82b593e-f8e5-4b74-9229-e1d3bf6a06d7",
|
||
|
"value": "fcf2c653d4fb226e561d4e7916a60f4bfb10c0ec83cccbb410e8b206f122dca9"
|
||
|
},
|
||
|
{
|
||
|
"category": "Payload delivery",
|
||
|
"comment": "",
|
||
|
"deleted": false,
|
||
|
"disable_correlation": false,
|
||
|
"object_relation": "sha512",
|
||
|
"timestamp": "1643379038",
|
||
|
"to_ids": true,
|
||
|
"type": "sha512",
|
||
|
"uuid": "5175174f-1cc7-459a-bdcb-1ad0cc29d5f0",
|
||
|
"value": "c692588d5e8f2a762d5dad71c12650fc977c16105346f0389e5a4dd417b3379eed558586bee9556a6a7a7284b7a99d1ca5d2a11eb7eae168ab844672c4b1d571"
|
||
|
},
|
||
|
{
|
||
|
"category": "Payload delivery",
|
||
|
"comment": "",
|
||
|
"deleted": false,
|
||
|
"disable_correlation": false,
|
||
|
"object_relation": "ssdeep",
|
||
|
"timestamp": "1643379038",
|
||
|
"to_ids": true,
|
||
|
"type": "ssdeep",
|
||
|
"uuid": "0280929c-17a5-40b4-9adc-cecce1949ae1",
|
||
|
"value": "1536:3G5NAhVTxV3T9yyA5Gt057Q42YNzmp1Zuw/QDxHniA1jgMRmzW:iNydyyAEt05d2Y1G1inKMUS"
|
||
|
}
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"comment": "",
|
||
|
"deleted": false,
|
||
|
"description": "Object describing a section of an Executable and Linkable Format",
|
||
|
"meta-category": "file",
|
||
|
"name": "elf-section",
|
||
|
"template_uuid": "ca271f32-1234-4e87-b240-6b6e882de5de",
|
||
|
"template_version": "4",
|
||
|
"timestamp": "1643379038",
|
||
|
"uuid": "9ef9d811-89d5-4acb-bdd3-8ceff6f2e3f1",
|
||
|
"Attribute": [
|
||
|
{
|
||
|
"category": "Other",
|
||
|
"comment": "",
|
||
|
"deleted": false,
|
||
|
"disable_correlation": true,
|
||
|
"object_relation": "name",
|
||
|
"timestamp": "1643379038",
|
||
|
"to_ids": false,
|
||
|
"type": "text",
|
||
|
"uuid": "e41a07c8-b25b-4016-b69e-dd5b731b7ac0",
|
||
|
"value": ".eh_frame"
|
||
|
},
|
||
|
{
|
||
|
"category": "Other",
|
||
|
"comment": "",
|
||
|
"deleted": false,
|
||
|
"disable_correlation": true,
|
||
|
"object_relation": "type",
|
||
|
"timestamp": "1643379038",
|
||
|
"to_ids": false,
|
||
|
"type": "text",
|
||
|
"uuid": "5d1623d5-4aba-4d5c-b208-5a9be347b206",
|
||
|
"value": "PROGBITS"
|
||
|
},
|
||
|
{
|
||
|
"category": "Other",
|
||
|
"comment": "",
|
||
|
"deleted": false,
|
||
|
"disable_correlation": true,
|
||
|
"object_relation": "flag",
|
||
|
"timestamp": "1643379038",
|
||
|
"to_ids": false,
|
||
|
"type": "text",
|
||
|
"uuid": "7418890c-5c4b-4fdb-9a78-8764bd2e1e71",
|
||
|
"value": "ALLOC"
|
||
|
},
|
||
|
{
|
||
|
"category": "Other",
|
||
|
"comment": "",
|
||
|
"deleted": false,
|
||
|
"disable_correlation": true,
|
||
|
"object_relation": "size-in-bytes",
|
||
|
"timestamp": "1643379038",
|
||
|
"to_ids": false,
|
||
|
"type": "size-in-bytes",
|
||
|
"uuid": "bc7dee46-3a1c-44a1-bca7-d35092f89e6a",
|
||
|
"value": "54204"
|
||
|
},
|
||
|
{
|
||
|
"category": "Other",
|
||
|
"comment": "",
|
||
|
"deleted": false,
|
||
|
"disable_correlation": true,
|
||
|
"object_relation": "entropy",
|
||
|
"timestamp": "1643379038",
|
||
|
"to_ids": false,
|
||
|
"type": "float",
|
||
|
"uuid": "5057ab77-12c7-4da4-ba6e-b7d1f5fba658",
|
||
|
"value": "5.1471546712778"
|
||
|
},
|
||
|
{
|
||
|
"category": "Payload delivery",
|
||
|
"comment": "",
|
||
|
"deleted": false,
|
||
|
"disable_correlation": false,
|
||
|
"object_relation": "md5",
|
||
|
"timestamp": "1643379038",
|
||
|
"to_ids": true,
|
||
|
"type": "md5",
|
||
|
"uuid": "8eca9549-291f-45f6-93e5-a382eaac73dd",
|
||
|
"value": "8c4e86ad4302734d629a3b7f84b02811"
|
||
|
},
|
||
|
{
|
||
|
"category": "Payload delivery",
|
||
|
"comment": "",
|
||
|
"deleted": false,
|
||
|
"disable_correlation": false,
|
||
|
"object_relation": "sha1",
|
||
|
"timestamp": "1643379038",
|
||
|
"to_ids": true,
|
||
|
"type": "sha1",
|
||
|
"uuid": "0a7c3bce-74f7-421b-bd62-6ce5436a7a05",
|
||
|
"value": "b29345eae0424ef48d378c1f9a18c2e646f88de4"
|
||
|
},
|
||
|
{
|
||
|
"category": "Payload delivery",
|
||
|
"comment": "",
|
||
|
"deleted": false,
|
||
|
"disable_correlation": false,
|
||
|
"object_relation": "sha256",
|
||
|
"timestamp": "1643379038",
|
||
|
"to_ids": true,
|
||
|
"type": "sha256",
|
||
|
"uuid": "06fc0dda-18cf-4eab-a8dd-0e0d083a42ff",
|
||
|
"value": "fb3eed8684e3558e4f1ebc2c93be55ebdb946d30bc40a1798764372d42763fc0"
|
||
|
},
|
||
|
{
|
||
|
"category": "Payload delivery",
|
||
|
"comment": "",
|
||
|
"deleted": false,
|
||
|
"disable_correlation": false,
|
||
|
"object_relation": "sha512",
|
||
|
"timestamp": "1643379038",
|
||
|
"to_ids": true,
|
||
|
"type": "sha512",
|
||
|
"uuid": "9c26f9a9-a3b5-422a-96be-6aba5b8802c4",
|
||
|
"value": "7560e76d416de1ce7543eb0f65f5c00414c642af401e3d8614dffe934681c71966a1afaf5849053530c198f039491b15015da80b781303198bc4433af708d1c9"
|
||
|
},
|
||
|
{
|
||
|
"category": "Payload delivery",
|
||
|
"comment": "",
|
||
|
"deleted": false,
|
||
|
"disable_correlation": false,
|
||
|
"object_relation": "ssdeep",
|
||
|
"timestamp": "1643379038",
|
||
|
"to_ids": true,
|
||
|
"type": "ssdeep",
|
||
|
"uuid": "87e4cb09-6bc9-49be-8c2b-90cccf95f4f5",
|
||
|
"value": "768:SFg9H3xSafgh+5sfYMn8BXy/jbCYY0Y6y:SFgB3LafDKybbXrB"
|
||
|
}
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"comment": "",
|
||
|
"deleted": false,
|
||
|
"description": "Object describing a section of an Executable and Linkable Format",
|
||
|
"meta-category": "file",
|
||
|
"name": "elf-section",
|
||
|
"template_uuid": "ca271f32-1234-4e87-b240-6b6e882de5de",
|
||
|
"template_version": "4",
|
||
|
"timestamp": "1643379038",
|
||
|
"uuid": "2b76c945-728a-4b11-bcae-4ca9dcfc9b1d",
|
||
|
"Attribute": [
|
||
|
{
|
||
|
"category": "Other",
|
||
|
"comment": "",
|
||
|
"deleted": false,
|
||
|
"disable_correlation": true,
|
||
|
"object_relation": "name",
|
||
|
"timestamp": "1643379038",
|
||
|
"to_ids": false,
|
||
|
"type": "text",
|
||
|
"uuid": "c172122e-bc7a-48f7-93a5-5f99b27e8428",
|
||
|
"value": ".gcc_except_table"
|
||
|
},
|
||
|
{
|
||
|
"category": "Other",
|
||
|
"comment": "",
|
||
|
"deleted": false,
|
||
|
"disable_correlation": true,
|
||
|
"object_relation": "type",
|
||
|
"timestamp": "1643379038",
|
||
|
"to_ids": false,
|
||
|
"type": "text",
|
||
|
"uuid": "56a646cc-9e87-4a7e-b5e9-5f241b928fec",
|
||
|
"value": "PROGBITS"
|
||
|
},
|
||
|
{
|
||
|
"category": "Other",
|
||
|
"comment": "",
|
||
|
"deleted": false,
|
||
|
"disable_correlation": true,
|
||
|
"object_relation": "flag",
|
||
|
"timestamp": "1643379038",
|
||
|
"to_ids": false,
|
||
|
"type": "text",
|
||
|
"uuid": "8913d328-71bd-41f5-ae7d-1e740b9b60cc",
|
||
|
"value": "ALLOC"
|
||
|
},
|
||
|
{
|
||
|
"category": "Other",
|
||
|
"comment": "",
|
||
|
"deleted": false,
|
||
|
"disable_correlation": true,
|
||
|
"object_relation": "size-in-bytes",
|
||
|
"timestamp": "1643379038",
|
||
|
"to_ids": false,
|
||
|
"type": "size-in-bytes",
|
||
|
"uuid": "222f6b0a-6401-46ab-8d83-a0827a0f74c4",
|
||
|
"value": "265"
|
||
|
},
|
||
|
{
|
||
|
"category": "Other",
|
||
|
"comment": "",
|
||
|
"deleted": false,
|
||
|
"disable_correlation": true,
|
||
|
"object_relation": "entropy",
|
||
|
"timestamp": "1643379038",
|
||
|
"to_ids": false,
|
||
|
"type": "float",
|
||
|
"uuid": "5d16b5c1-54db-47dd-af62-f0e597f1b67b",
|
||
|
"value": "4.2159746268458"
|
||
|
},
|
||
|
{
|
||
|
"category": "Payload delivery",
|
||
|
"comment": "",
|
||
|
"deleted": false,
|
||
|
"disable_correlation": false,
|
||
|
"object_relation": "md5",
|
||
|
"timestamp": "1643379038",
|
||
|
"to_ids": true,
|
||
|
"type": "md5",
|
||
|
"uuid": "ca00295c-0bf9-4901-882a-0c98b0f02441",
|
||
|
"value": "07cbd76f4ce2496fb561f1355549bd39"
|
||
|
},
|
||
|
{
|
||
|
"category": "Payload delivery",
|
||
|
"comment": "",
|
||
|
"deleted": false,
|
||
|
"disable_correlation": false,
|
||
|
"object_relation": "sha1",
|
||
|
"timestamp": "1643379038",
|
||
|
"to_ids": true,
|
||
|
"type": "sha1",
|
||
|
"uuid": "1a837fae-8917-40d4-bd1d-d54fc5e67347",
|
||
|
"value": "41bb3fe74080c09fd7213d78fd7a8d9c50a65ba9"
|
||
|
},
|
||
|
{
|
||
|
"category": "Payload delivery",
|
||
|
"comment": "",
|
||
|
"deleted": false,
|
||
|
"disable_correlation": false,
|
||
|
"object_relation": "sha256",
|
||
|
"timestamp": "1643379038",
|
||
|
"to_ids": true,
|
||
|
"type": "sha256",
|
||
|
"uuid": "149f6d5d-51fd-4a55-9aac-1008c234a531",
|
||
|
"value": "596d5221ea646330c9284c4e867b834b7caea738857f00c9e92cdd0e94a2b257"
|
||
|
},
|
||
|
{
|
||
|
"category": "Payload delivery",
|
||
|
"comment": "",
|
||
|
"deleted": false,
|
||
|
"disable_correlation": false,
|
||
|
"object_relation": "sha512",
|
||
|
"timestamp": "1643379038",
|
||
|
"to_ids": true,
|
||
|
"type": "sha512",
|
||
|
"uuid": "b53edf24-0e58-4f26-ba66-8e7728fa1a77",
|
||
|
"value": "89ca53c18286733eff4017a9e05a5cc2439ee213d538a867ef3a8005d64ca6ed877ec4e2ac8b037574baf0db40a7c71a1a324ed9e3b50f3c38360d301df6a720"
|
||
|
},
|
||
|
{
|
||
|
"category": "Payload delivery",
|
||
|
"comment": "",
|
||
|
"deleted": false,
|
||
|
"disable_correlation": false,
|
||
|
"object_relation": "ssdeep",
|
||
|
"timestamp": "1643379038",
|
||
|
"to_ids": true,
|
||
|
"type": "ssdeep",
|
||
|
"uuid": "a1efc4ac-e7d8-41e6-ba85-7d9fb775bc3d",
|
||
|
"value": "6:zM4fH9rsHMER3D07sHFNZNa5tkNm+H5fk0pP7vHg:IuZss4RlNZIqLBpzg"
|
||
|
}
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"comment": "",
|
||
|
"deleted": false,
|
||
|
"description": "Object describing a section of an Executable and Linkable Format",
|
||
|
"meta-category": "file",
|
||
|
"name": "elf-section",
|
||
|
"template_uuid": "ca271f32-1234-4e87-b240-6b6e882de5de",
|
||
|
"template_version": "4",
|
||
|
"timestamp": "1643379038",
|
||
|
"uuid": "2c752589-0653-4e0e-a6ee-0041b4454897",
|
||
|
"Attribute": [
|
||
|
{
|
||
|
"category": "Other",
|
||
|
"comment": "",
|
||
|
"deleted": false,
|
||
|
"disable_correlation": true,
|
||
|
"object_relation": "name",
|
||
|
"timestamp": "1643379038",
|
||
|
"to_ids": false,
|
||
|
"type": "text",
|
||
|
"uuid": "0724c04c-c2fa-468e-aed1-43b43694c3fb",
|
||
|
"value": ".tdata"
|
||
|
},
|
||
|
{
|
||
|
"category": "Other",
|
||
|
"comment": "",
|
||
|
"deleted": false,
|
||
|
"disable_correlation": true,
|
||
|
"object_relation": "type",
|
||
|
"timestamp": "1643379038",
|
||
|
"to_ids": false,
|
||
|
"type": "text",
|
||
|
"uuid": "684cc67c-7eb3-4ad8-9886-909a6595596c",
|
||
|
"value": "PROGBITS"
|
||
|
},
|
||
|
{
|
||
|
"category": "Other",
|
||
|
"comment": "",
|
||
|
"deleted": false,
|
||
|
"disable_correlation": true,
|
||
|
"object_relation": "flag",
|
||
|
"timestamp": "1643379038",
|
||
|
"to_ids": false,
|
||
|
"type": "text",
|
||
|
"uuid": "782998f7-25cc-4b43-8028-a883ff138702",
|
||
|
"value": "TLS"
|
||
|
},
|
||
|
{
|
||
|
"category": "Other",
|
||
|
"comment": "",
|
||
|
"deleted": false,
|
||
|
"disable_correlation": true,
|
||
|
"object_relation": "flag",
|
||
|
"timestamp": "1643379038",
|
||
|
"to_ids": false,
|
||
|
"type": "text",
|
||
|
"uuid": "7c6b9f93-6660-4f39-9c00-6d64690575b1",
|
||
|
"value": "WRITE"
|
||
|
},
|
||
|
{
|
||
|
"category": "Other",
|
||
|
"comment": "",
|
||
|
"deleted": false,
|
||
|
"disable_correlation": true,
|
||
|
"object_relation": "flag",
|
||
|
"timestamp": "1643379038",
|
||
|
"to_ids": false,
|
||
|
"type": "text",
|
||
|
"uuid": "35a4756a-d991-4f51-bad0-775ae9b0f35e",
|
||
|
"value": "ALLOC"
|
||
|
},
|
||
|
{
|
||
|
"category": "Other",
|
||
|
"comment": "",
|
||
|
"deleted": false,
|
||
|
"disable_correlation": true,
|
||
|
"object_relation": "size-in-bytes",
|
||
|
"timestamp": "1643379038",
|
||
|
"to_ids": false,
|
||
|
"type": "size-in-bytes",
|
||
|
"uuid": "46da471a-c344-4f08-b204-4ee74e6fda04",
|
||
|
"value": "32"
|
||
|
},
|
||
|
{
|
||
|
"category": "Other",
|
||
|
"comment": "",
|
||
|
"deleted": false,
|
||
|
"disable_correlation": true,
|
||
|
"object_relation": "entropy",
|
||
|
"timestamp": "1643379038",
|
||
|
"to_ids": false,
|
||
|
"type": "float",
|
||
|
"uuid": "7dd7c503-c68c-441c-aa1b-2ea8d95f6282",
|
||
|
"value": "1.6564514568588"
|
||
|
},
|
||
|
{
|
||
|
"category": "Payload delivery",
|
||
|
"comment": "",
|
||
|
"deleted": false,
|
||
|
"disable_correlation": false,
|
||
|
"object_relation": "md5",
|
||
|
"timestamp": "1643379038",
|
||
|
"to_ids": true,
|
||
|
"type": "md5",
|
||
|
"uuid": "343dc32c-690f-458e-a6a7-6d45a3ce8420",
|
||
|
"value": "d8445c6ea509a0cf49285586b5e798d3"
|
||
|
},
|
||
|
{
|
||
|
"category": "Payload delivery",
|
||
|
"comment": "",
|
||
|
"deleted": false,
|
||
|
"disable_correlation": false,
|
||
|
"object_relation": "sha1",
|
||
|
"timestamp": "1643379038",
|
||
|
"to_ids": true,
|
||
|
"type": "sha1",
|
||
|
"uuid": "90255a6b-a478-4a71-b194-c9fa681cfb9c",
|
||
|
"value": "9d20affdfec75adee4bbf4f387628a4aa47d6917"
|
||
|
},
|
||
|
{
|
||
|
"category": "Payload delivery",
|
||
|
"comment": "",
|
||
|
"deleted": false,
|
||
|
"disable_correlation": false,
|
||
|
"object_relation": "sha256",
|
||
|
"timestamp": "1643379038",
|
||
|
"to_ids": true,
|
||
|
"type": "sha256",
|
||
|
"uuid": "de15f6e2-1a38-4677-8d1d-be114a71cda7",
|
||
|
"value": "8e92fc27dffc21dd34904958c7b11d51bf0c511259a04bcfbc9aa21c05c2f423"
|
||
|
},
|
||
|
{
|
||
|
"category": "Payload delivery",
|
||
|
"comment": "",
|
||
|
"deleted": false,
|
||
|
"disable_correlation": false,
|
||
|
"object_relation": "sha512",
|
||
|
"timestamp": "1643379038",
|
||
|
"to_ids": true,
|
||
|
"type": "sha512",
|
||
|
"uuid": "78c17990-8db6-476a-8e3f-e996ded773a9",
|
||
|
"value": "9153389116697477be8c100dcbbea350b486f5bf869837f05861fdd6b7506b26cc9c516b9de06ed19e0254ceec318d7d2ee2dfcb4e1025bd6cb526a074d7b6b4"
|
||
|
},
|
||
|
{
|
||
|
"category": "Payload delivery",
|
||
|
"comment": "",
|
||
|
"deleted": false,
|
||
|
"disable_correlation": false,
|
||
|
"object_relation": "ssdeep",
|
||
|
"timestamp": "1643379038",
|
||
|
"to_ids": true,
|
||
|
"type": "ssdeep",
|
||
|
"uuid": "75fb5334-3838-4948-afc2-0c97e1ec2ac9",
|
||
|
"value": "3:hlFTlNjlltl8//n:S"
|
||
|
}
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"comment": "",
|
||
|
"deleted": false,
|
||
|
"description": "Object describing a section of an Executable and Linkable Format",
|
||
|
"meta-category": "file",
|
||
|
"name": "elf-section",
|
||
|
"template_uuid": "ca271f32-1234-4e87-b240-6b6e882de5de",
|
||
|
"template_version": "4",
|
||
|
"timestamp": "1643379038",
|
||
|
"uuid": "e3b993ab-3058-409e-81c8-efc495bfddaa",
|
||
|
"Attribute": [
|
||
|
{
|
||
|
"category": "Other",
|
||
|
"comment": "",
|
||
|
"deleted": false,
|
||
|
"disable_correlation": true,
|
||
|
"object_relation": "name",
|
||
|
"timestamp": "1643379038",
|
||
|
"to_ids": false,
|
||
|
"type": "text",
|
||
|
"uuid": "8318f28d-3dff-4bea-a647-f6a5b9325d0f",
|
||
|
"value": ".tbss"
|
||
|
},
|
||
|
{
|
||
|
"category": "Other",
|
||
|
"comment": "",
|
||
|
"deleted": false,
|
||
|
"disable_correlation": true,
|
||
|
"object_relation": "type",
|
||
|
"timestamp": "1643379038",
|
||
|
"to_ids": false,
|
||
|
"type": "text",
|
||
|
"uuid": "e53d4b2c-53c5-4150-8883-593ddd18b4b8",
|
||
|
"value": "NOBITS"
|
||
|
},
|
||
|
{
|
||
|
"category": "Other",
|
||
|
"comment": "",
|
||
|
"deleted": false,
|
||
|
"disable_correlation": true,
|
||
|
"object_relation": "flag",
|
||
|
"timestamp": "1643379038",
|
||
|
"to_ids": false,
|
||
|
"type": "text",
|
||
|
"uuid": "0668fc08-9689-43b7-8eaa-04188eea20d4",
|
||
|
"value": "TLS"
|
||
|
},
|
||
|
{
|
||
|
"category": "Other",
|
||
|
"comment": "",
|
||
|
"deleted": false,
|
||
|
"disable_correlation": true,
|
||
|
"object_relation": "flag",
|
||
|
"timestamp": "1643379038",
|
||
|
"to_ids": false,
|
||
|
"type": "text",
|
||
|
"uuid": "daf2b0aa-9bef-4471-9a3f-090fade3ae05",
|
||
|
"value": "WRITE"
|
||
|
},
|
||
|
{
|
||
|
"category": "Other",
|
||
|
"comment": "",
|
||
|
"deleted": false,
|
||
|
"disable_correlation": true,
|
||
|
"object_relation": "flag",
|
||
|
"timestamp": "1643379038",
|
||
|
"to_ids": false,
|
||
|
"type": "text",
|
||
|
"uuid": "9540445b-3c8f-4551-909c-fe5651464ca4",
|
||
|
"value": "ALLOC"
|
||
|
},
|
||
|
{
|
||
|
"category": "Other",
|
||
|
"comment": "",
|
||
|
"deleted": false,
|
||
|
"disable_correlation": true,
|
||
|
"object_relation": "size-in-bytes",
|
||
|
"timestamp": "1643379038",
|
||
|
"to_ids": false,
|
||
|
"type": "size-in-bytes",
|
||
|
"uuid": "ef312f1c-9762-4c8a-956f-b15bf65d0dbe",
|
||
|
"value": "88"
|
||
|
},
|
||
|
{
|
||
|
"category": "Other",
|
||
|
"comment": "",
|
||
|
"deleted": false,
|
||
|
"disable_correlation": true,
|
||
|
"object_relation": "entropy",
|
||
|
"timestamp": "1643379038",
|
||
|
"to_ids": false,
|
||
|
"type": "float",
|
||
|
"uuid": "967360ef-57d7-4d74-af80-9bfde7d4b491",
|
||
|
"value": "2.1027882315262"
|
||
|
},
|
||
|
{
|
||
|
"category": "Payload delivery",
|
||
|
"comment": "",
|
||
|
"deleted": false,
|
||
|
"disable_correlation": false,
|
||
|
"object_relation": "md5",
|
||
|
"timestamp": "1643379038",
|
||
|
"to_ids": true,
|
||
|
"type": "md5",
|
||
|
"uuid": "732afc57-d829-4655-8e68-c6d3121d1a34",
|
||
|
"value": "07310210869280f3b8d93637b67fec13"
|
||
|
},
|
||
|
{
|
||
|
"category": "Payload delivery",
|
||
|
"comment": "",
|
||
|
"deleted": false,
|
||
|
"disable_correlation": false,
|
||
|
"object_relation": "sha1",
|
||
|
"timestamp": "1643379038",
|
||
|
"to_ids": true,
|
||
|
"type": "sha1",
|
||
|
"uuid": "700ac0cf-15e8-4d65-86f6-ed8eda2937c5",
|
||
|
"value": "9a21a82ee47d2744a5ef3b622a60d48d6a3ea8a3"
|
||
|
},
|
||
|
{
|
||
|
"category": "Payload delivery",
|
||
|
"comment": "",
|
||
|
"deleted": false,
|
||
|
"disable_correlation": false,
|
||
|
"object_relation": "sha256",
|
||
|
"timestamp": "1643379038",
|
||
|
"to_ids": true,
|
||
|
"type": "sha256",
|
||
|
"uuid": "168a3c5d-7c54-44d2-a731-9c963e7e7bbc",
|
||
|
"value": "549004bb6535c38518491cf2d132bc07306edf56e62ee50dfee46a60661404eb"
|
||
|
},
|
||
|
{
|
||
|
"category": "Payload delivery",
|
||
|
"comment": "",
|
||
|
"deleted": false,
|
||
|
"disable_correlation": false,
|
||
|
"object_relation": "sha512",
|
||
|
"timestamp": "1643379039",
|
||
|
"to_ids": true,
|
||
|
"type": "sha512",
|
||
|
"uuid": "381da935-fc51-4c9a-94dd-b8061471ec56",
|
||
|
"value": "0f5666d1a3476d57d0e8b97602acee9943d00446785868da9b470f441574ad88d29adb314fe8c1c65f0efeee2dfe7d26818342d73bdd7c1d62457d993b81163f"
|
||
|
},
|
||
|
{
|
||
|
"category": "Payload delivery",
|
||
|
"comment": "",
|
||
|
"deleted": false,
|
||
|
"disable_correlation": false,
|
||
|
"object_relation": "ssdeep",
|
||
|
"timestamp": "1643379039",
|
||
|
"to_ids": true,
|
||
|
"type": "ssdeep",
|
||
|
"uuid": "f9d345c6-ee89-4e14-b1e2-41cda497185d",
|
||
|
"value": "3:ZllNHllt15Hlll/n/lIwerl6lllsXlZ/l:6x6/W1T"
|
||
|
}
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"comment": "",
|
||
|
"deleted": false,
|
||
|
"description": "Object describing a section of an Executable and Linkable Format",
|
||
|
"meta-category": "file",
|
||
|
"name": "elf-section",
|
||
|
"template_uuid": "ca271f32-1234-4e87-b240-6b6e882de5de",
|
||
|
"template_version": "4",
|
||
|
"timestamp": "1643379039",
|
||
|
"uuid": "1893302e-a4f7-4e28-a8d0-7556e6567756",
|
||
|
"Attribute": [
|
||
|
{
|
||
|
"category": "Other",
|
||
|
"comment": "",
|
||
|
"deleted": false,
|
||
|
"disable_correlation": true,
|
||
|
"object_relation": "name",
|
||
|
"timestamp": "1643379039",
|
||
|
"to_ids": false,
|
||
|
"type": "text",
|
||
|
"uuid": "b7131be8-c61e-47fa-b104-ddd4ee74875a",
|
||
|
"value": ".init_array"
|
||
|
},
|
||
|
{
|
||
|
"category": "Other",
|
||
|
"comment": "",
|
||
|
"deleted": false,
|
||
|
"disable_correlation": true,
|
||
|
"object_relation": "type",
|
||
|
"timestamp": "1643379039",
|
||
|
"to_ids": false,
|
||
|
"type": "text",
|
||
|
"uuid": "48087942-6d4c-4e69-9915-fd611ee8e438",
|
||
|
"value": "INIT_ARRAY"
|
||
|
},
|
||
|
{
|
||
|
"category": "Other",
|
||
|
"comment": "",
|
||
|
"deleted": false,
|
||
|
"disable_correlation": true,
|
||
|
"object_relation": "flag",
|
||
|
"timestamp": "1643379039",
|
||
|
"to_ids": false,
|
||
|
"type": "text",
|
||
|
"uuid": "72ef85f0-2774-4d0f-85cc-810fb104af10",
|
||
|
"value": "WRITE"
|
||
|
},
|
||
|
{
|
||
|
"category": "Other",
|
||
|
"comment": "",
|
||
|
"deleted": false,
|
||
|
"disable_correlation": true,
|
||
|
"object_relation": "flag",
|
||
|
"timestamp": "1643379039",
|
||
|
"to_ids": false,
|
||
|
"type": "text",
|
||
|
"uuid": "516137fb-fc57-4542-861c-da9a77f26b57",
|
||
|
"value": "ALLOC"
|
||
|
},
|
||
|
{
|
||
|
"category": "Other",
|
||
|
"comment": "",
|
||
|
"deleted": false,
|
||
|
"disable_correlation": true,
|
||
|
"object_relation": "size-in-bytes",
|
||
|
"timestamp": "1643379039",
|
||
|
"to_ids": false,
|
||
|
"type": "size-in-bytes",
|
||
|
"uuid": "f67cf431-6bf3-41c5-a30a-9f3f4a65d1c5",
|
||
|
"value": "16"
|
||
|
},
|
||
|
{
|
||
|
"category": "Other",
|
||
|
"comment": "",
|
||
|
"deleted": false,
|
||
|
"disable_correlation": true,
|
||
|
"object_relation": "entropy",
|
||
|
"timestamp": "1643379039",
|
||
|
"to_ids": false,
|
||
|
"type": "float",
|
||
|
"uuid": "e280517a-90f2-4b35-90d6-8e31cf2b060a",
|
||
|
"value": "1.7987949406954"
|
||
|
},
|
||
|
{
|
||
|
"category": "Payload delivery",
|
||
|
"comment": "",
|
||
|
"deleted": false,
|
||
|
"disable_correlation": false,
|
||
|
"object_relation": "md5",
|
||
|
"timestamp": "1643379039",
|
||
|
"to_ids": true,
|
||
|
"type": "md5",
|
||
|
"uuid": "fa5cf51d-e273-4b67-952e-cdc2fa0d5978",
|
||
|
"value": "f4f6ed406a4341622b421a3324a0a026"
|
||
|
},
|
||
|
{
|
||
|
"category": "Payload delivery",
|
||
|
"comment": "",
|
||
|
"deleted": false,
|
||
|
"disable_correlation": false,
|
||
|
"object_relation": "sha1",
|
||
|
"timestamp": "1643379039",
|
||
|
"to_ids": true,
|
||
|
"type": "sha1",
|
||
|
"uuid": "d0eb25a4-587c-450e-a302-f5dc68cf89de",
|
||
|
"value": "d13126772e6c15aa390a6f9be53ac912653d1eac"
|
||
|
},
|
||
|
{
|
||
|
"category": "Payload delivery",
|
||
|
"comment": "",
|
||
|
"deleted": false,
|
||
|
"disable_correlation": false,
|
||
|
"object_relation": "sha256",
|
||
|
"timestamp": "1643379039",
|
||
|
"to_ids": true,
|
||
|
"type": "sha256",
|
||
|
"uuid": "c2103dde-13f4-4cd9-9ebb-84d533d80658",
|
||
|
"value": "92d74ac19135504c8094828fb379927613e0d6b277636e0b2a8151ceb8b6bc6d"
|
||
|
},
|
||
|
{
|
||
|
"category": "Payload delivery",
|
||
|
"comment": "",
|
||
|
"deleted": false,
|
||
|
"disable_correlation": false,
|
||
|
"object_relation": "sha512",
|
||
|
"timestamp": "1643379039",
|
||
|
"to_ids": true,
|
||
|
"type": "sha512",
|
||
|
"uuid": "f1a3ef79-329a-4c92-9115-f873f7cd7919",
|
||
|
"value": "9bc8206330bba2adcc4cc598dfcf5d0d557cb37efbc66368f9c2de19aaf0554c6cc4cd678404d0bcf2498bb23e7c218e97ccc246d0f126a622205e28c2641ff7"
|
||
|
},
|
||
|
{
|
||
|
"category": "Payload delivery",
|
||
|
"comment": "",
|
||
|
"deleted": false,
|
||
|
"disable_correlation": false,
|
||
|
"object_relation": "ssdeep",
|
||
|
"timestamp": "1643379039",
|
||
|
"to_ids": true,
|
||
|
"type": "ssdeep",
|
||
|
"uuid": "eafe9abc-ed12-48ed-bd9b-a13a8e7a0e97",
|
||
|
"value": "3:ZllNHlltn:h"
|
||
|
}
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"comment": "",
|
||
|
"deleted": false,
|
||
|
"description": "Object describing a section of an Executable and Linkable Format",
|
||
|
"meta-category": "file",
|
||
|
"name": "elf-section",
|
||
|
"template_uuid": "ca271f32-1234-4e87-b240-6b6e882de5de",
|
||
|
"template_version": "4",
|
||
|
"timestamp": "1643379039",
|
||
|
"uuid": "dad3f610-d76c-4361-bb4d-41781cad97fd",
|
||
|
"Attribute": [
|
||
|
{
|
||
|
"category": "Other",
|
||
|
"comment": "",
|
||
|
"deleted": false,
|
||
|
"disable_correlation": true,
|
||
|
"object_relation": "name",
|
||
|
"timestamp": "1643379039",
|
||
|
"to_ids": false,
|
||
|
"type": "text",
|
||
|
"uuid": "53eebd03-f3b5-4918-9689-726ebc417326",
|
||
|
"value": ".fini_array"
|
||
|
},
|
||
|
{
|
||
|
"category": "Other",
|
||
|
"comment": "",
|
||
|
"deleted": false,
|
||
|
"disable_correlation": true,
|
||
|
"object_relation": "type",
|
||
|
"timestamp": "1643379039",
|
||
|
"to_ids": false,
|
||
|
"type": "text",
|
||
|
"uuid": "6974c76e-2eb7-454f-9978-99355f7bb109",
|
||
|
"value": "FINI_ARRAY"
|
||
|
},
|
||
|
{
|
||
|
"category": "Other",
|
||
|
"comment": "",
|
||
|
"deleted": false,
|
||
|
"disable_correlation": true,
|
||
|
"object_relation": "flag",
|
||
|
"timestamp": "1643379039",
|
||
|
"to_ids": false,
|
||
|
"type": "text",
|
||
|
"uuid": "b30104f4-3519-4003-8a5a-05dd2898870a",
|
||
|
"value": "WRITE"
|
||
|
},
|
||
|
{
|
||
|
"category": "Other",
|
||
|
"comment": "",
|
||
|
"deleted": false,
|
||
|
"disable_correlation": true,
|
||
|
"object_relation": "flag",
|
||
|
"timestamp": "1643379039",
|
||
|
"to_ids": false,
|
||
|
"type": "text",
|
||
|
"uuid": "2eac4c29-cb82-4d21-81b9-6b5b0de59d37",
|
||
|
"value": "ALLOC"
|
||
|
},
|
||
|
{
|
||
|
"category": "Other",
|
||
|
"comment": "",
|
||
|
"deleted": false,
|
||
|
"disable_correlation": true,
|
||
|
"object_relation": "size-in-bytes",
|
||
|
"timestamp": "1643379039",
|
||
|
"to_ids": false,
|
||
|
"type": "size-in-bytes",
|
||
|
"uuid": "fcb8357c-ed13-4981-b95e-791688d77410",
|
||
|
"value": "16"
|
||
|
},
|
||
|
{
|
||
|
"category": "Other",
|
||
|
"comment": "",
|
||
|
"deleted": false,
|
||
|
"disable_correlation": true,
|
||
|
"object_relation": "entropy",
|
||
|
"timestamp": "1643379039",
|
||
|
"to_ids": false,
|
||
|
"type": "float",
|
||
|
"uuid": "ccaeee12-5402-40e1-b802-807ad12ecf09",
|
||
|
"value": "1.7987949406954"
|
||
|
},
|
||
|
{
|
||
|
"category": "Payload delivery",
|
||
|
"comment": "",
|
||
|
"deleted": false,
|
||
|
"disable_correlation": false,
|
||
|
"object_relation": "md5",
|
||
|
"timestamp": "1643379039",
|
||
|
"to_ids": true,
|
||
|
"type": "md5",
|
||
|
"uuid": "b655e66c-ad0e-43ee-b9b0-2e622820f0c3",
|
||
|
"value": "7f55249ca89e16bbd67cd2212c30887b"
|
||
|
},
|
||
|
{
|
||
|
"category": "Payload delivery",
|
||
|
"comment": "",
|
||
|
"deleted": false,
|
||
|
"disable_correlation": false,
|
||
|
"object_relation": "sha1",
|
||
|
"timestamp": "1643379039",
|
||
|
"to_ids": true,
|
||
|
"type": "sha1",
|
||
|
"uuid": "a7c828f9-6a9a-4ffc-9111-394b88847189",
|
||
|
"value": "35c8f139b12692703a6a7335fe6d2665d8279d35"
|
||
|
},
|
||
|
{
|
||
|
"category": "Payload delivery",
|
||
|
"comment": "",
|
||
|
"deleted": false,
|
||
|
"disable_correlation": false,
|
||
|
"object_relation": "sha256",
|
||
|
"timestamp": "1643379039",
|
||
|
"to_ids": true,
|
||
|
"type": "sha256",
|
||
|
"uuid": "2238657a-1d7b-4a77-bf73-b8b12dc026c6",
|
||
|
"value": "14e4a7583adbec3dea25604af97108567213271b44ba0728901dfb1b7fe69d44"
|
||
|
},
|
||
|
{
|
||
|
"category": "Payload delivery",
|
||
|
"comment": "",
|
||
|
"deleted": false,
|
||
|
"disable_correlation": false,
|
||
|
"object_relation": "sha512",
|
||
|
"timestamp": "1643379039",
|
||
|
"to_ids": true,
|
||
|
"type": "sha512",
|
||
|
"uuid": "43d07c1d-96c0-4985-b63c-8e27a47e2c14",
|
||
|
"value": "f3736cde4c1187e5845bc1a937becfc68e31af62f212f06eb030275be82bdcb983c76cf0856189be384afefd63770bfb4e7e96f316fac87b15714db993182bf2"
|
||
|
},
|
||
|
{
|
||
|
"category": "Payload delivery",
|
||
|
"comment": "",
|
||
|
"deleted": false,
|
||
|
"disable_correlation": false,
|
||
|
"object_relation": "ssdeep",
|
||
|
"timestamp": "1643379039",
|
||
|
"to_ids": true,
|
||
|
"type": "ssdeep",
|
||
|
"uuid": "841b8c69-5f41-418f-a97e-f8d14fcd6bdb",
|
||
|
"value": "3:rHlll/n:h"
|
||
|
}
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"comment": "",
|
||
|
"deleted": false,
|
||
|
"description": "Object describing a section of an Executable and Linkable Format",
|
||
|
"meta-category": "file",
|
||
|
"name": "elf-section",
|
||
|
"template_uuid": "ca271f32-1234-4e87-b240-6b6e882de5de",
|
||
|
"template_version": "4",
|
||
|
"timestamp": "1643379039",
|
||
|
"uuid": "0af6fe82-6f45-40e0-b0f3-2168a9043770",
|
||
|
"Attribute": [
|
||
|
{
|
||
|
"category": "Other",
|
||
|
"comment": "",
|
||
|
"deleted": false,
|
||
|
"disable_correlation": true,
|
||
|
"object_relation": "name",
|
||
|
"timestamp": "1643379039",
|
||
|
"to_ids": false,
|
||
|
"type": "text",
|
||
|
"uuid": "abc9fa0a-8cac-4f4c-a595-e81f7b412b10",
|
||
|
"value": ".data.rel.ro"
|
||
|
},
|
||
|
{
|
||
|
"category": "Other",
|
||
|
"comment": "",
|
||
|
"deleted": false,
|
||
|
"disable_correlation": true,
|
||
|
"object_relation": "type",
|
||
|
"timestamp": "1643379039",
|
||
|
"to_ids": false,
|
||
|
"type": "text",
|
||
|
"uuid": "34267fa5-8b9b-4d24-acda-d05487ef83b5",
|
||
|
"value": "PROGBITS"
|
||
|
},
|
||
|
{
|
||
|
"category": "Other",
|
||
|
"comment": "",
|
||
|
"deleted": false,
|
||
|
"disable_correlation": true,
|
||
|
"object_relation": "flag",
|
||
|
"timestamp": "1643379039",
|
||
|
"to_ids": false,
|
||
|
"type": "text",
|
||
|
"uuid": "44acb11d-6537-4cb0-8058-5d3f489baaea",
|
||
|
"value": "WRITE"
|
||
|
},
|
||
|
{
|
||
|
"category": "Other",
|
||
|
"comment": "",
|
||
|
"deleted": false,
|
||
|
"disable_correlation": true,
|
||
|
"object_relation": "flag",
|
||
|
"timestamp": "1643379039",
|
||
|
"to_ids": false,
|
||
|
"type": "text",
|
||
|
"uuid": "4e05ac1c-4091-472e-a5c8-bee57f1bfa88",
|
||
|
"value": "ALLOC"
|
||
|
},
|
||
|
{
|
||
|
"category": "Other",
|
||
|
"comment": "",
|
||
|
"deleted": false,
|
||
|
"disable_correlation": true,
|
||
|
"object_relation": "size-in-bytes",
|
||
|
"timestamp": "1643379039",
|
||
|
"to_ids": false,
|
||
|
"type": "size-in-bytes",
|
||
|
"uuid": "5d94c89c-1de5-457b-98b2-f8b3a31f3928",
|
||
|
"value": "11860"
|
||
|
},
|
||
|
{
|
||
|
"category": "Other",
|
||
|
"comment": "",
|
||
|
"deleted": false,
|
||
|
"disable_correlation": true,
|
||
|
"object_relation": "entropy",
|
||
|
"timestamp": "1643379039",
|
||
|
"to_ids": false,
|
||
|
"type": "float",
|
||
|
"uuid": "72b8e1f6-ecd8-45fe-b519-dd0f8481bb55",
|
||
|
"value": "2.582065799178"
|
||
|
},
|
||
|
{
|
||
|
"category": "Payload delivery",
|
||
|
"comment": "",
|
||
|
"deleted": false,
|
||
|
"disable_correlation": false,
|
||
|
"object_relation": "md5",
|
||
|
"timestamp": "1643379039",
|
||
|
"to_ids": true,
|
||
|
"type": "md5",
|
||
|
"uuid": "0a2126ae-6ea3-4ddd-a923-3bd1aa79e1fa",
|
||
|
"value": "01ab2a7845109b20c8c13f7ac0d613bd"
|
||
|
},
|
||
|
{
|
||
|
"category": "Payload delivery",
|
||
|
"comment": "",
|
||
|
"deleted": false,
|
||
|
"disable_correlation": false,
|
||
|
"object_relation": "sha1",
|
||
|
"timestamp": "1643379039",
|
||
|
"to_ids": true,
|
||
|
"type": "sha1",
|
||
|
"uuid": "1c640a7f-51f6-49d2-b135-db9c0fcca9ff",
|
||
|
"value": "f8500332f082a6ad3f5062b957e1045599e94b35"
|
||
|
},
|
||
|
{
|
||
|
"category": "Payload delivery",
|
||
|
"comment": "",
|
||
|
"deleted": false,
|
||
|
"disable_correlation": false,
|
||
|
"object_relation": "sha256",
|
||
|
"timestamp": "1643379039",
|
||
|
"to_ids": true,
|
||
|
"type": "sha256",
|
||
|
"uuid": "b9fe7fa7-1ffe-4865-9b54-b5277b7d6b1f",
|
||
|
"value": "e8e6f19f4d67b220cb12f0c57d6df68a621586b268ef3851fa4330f425389c72"
|
||
|
},
|
||
|
{
|
||
|
"category": "Payload delivery",
|
||
|
"comment": "",
|
||
|
"deleted": false,
|
||
|
"disable_correlation": false,
|
||
|
"object_relation": "sha512",
|
||
|
"timestamp": "1643379039",
|
||
|
"to_ids": true,
|
||
|
"type": "sha512",
|
||
|
"uuid": "1822ef5e-8490-4180-bf3f-70a2daf89b2f",
|
||
|
"value": "14faee8f42246cdf660db6a97836fec8c20ee294d6cab6d59a24db8439a367f9d35eca9bef171c0d4aae335cafb31fa7ac2020c4ccffcba163a3a8bc19bfedcb"
|
||
|
},
|
||
|
{
|
||
|
"category": "Payload delivery",
|
||
|
"comment": "",
|
||
|
"deleted": false,
|
||
|
"disable_correlation": false,
|
||
|
"object_relation": "ssdeep",
|
||
|
"timestamp": "1643379039",
|
||
|
"to_ids": true,
|
||
|
"type": "ssdeep",
|
||
|
"uuid": "69186b84-8334-4f23-ae23-8d9aa3d2f73a",
|
||
|
"value": "192:1aQKFKKKKKhZpxRKKKKK2kkkkHIEKKKKKKKKK3KKK5KKTMaKK4QKK3cskMv326Lm:1dKFKKKKKhbHKKKKKijKKKKKKKKK3KKR"
|
||
|
}
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"comment": "",
|
||
|
"deleted": false,
|
||
|
"description": "Object describing a section of an Executable and Linkable Format",
|
||
|
"meta-category": "file",
|
||
|
"name": "elf-section",
|
||
|
"template_uuid": "ca271f32-1234-4e87-b240-6b6e882de5de",
|
||
|
"template_version": "4",
|
||
|
"timestamp": "1643379039",
|
||
|
"uuid": "d29a7e9e-d334-4ca9-8d95-1f25cf320b85",
|
||
|
"Attribute": [
|
||
|
{
|
||
|
"category": "Other",
|
||
|
"comment": "",
|
||
|
"deleted": false,
|
||
|
"disable_correlation": true,
|
||
|
"object_relation": "name",
|
||
|
"timestamp": "1643379039",
|
||
|
"to_ids": false,
|
||
|
"type": "text",
|
||
|
"uuid": "593b964a-c0bb-4b5a-a98f-83d81e796cae",
|
||
|
"value": ".got"
|
||
|
},
|
||
|
{
|
||
|
"category": "Other",
|
||
|
"comment": "",
|
||
|
"deleted": false,
|
||
|
"disable_correlation": true,
|
||
|
"object_relation": "type",
|
||
|
"timestamp": "1643379039",
|
||
|
"to_ids": false,
|
||
|
"type": "text",
|
||
|
"uuid": "3701ae22-0cd6-4471-bfc0-5ea15618df24",
|
||
|
"value": "PROGBITS"
|
||
|
},
|
||
|
{
|
||
|
"category": "Other",
|
||
|
"comment": "",
|
||
|
"deleted": false,
|
||
|
"disable_correlation": true,
|
||
|
"object_relation": "flag",
|
||
|
"timestamp": "1643379039",
|
||
|
"to_ids": false,
|
||
|
"type": "text",
|
||
|
"uuid": "3a5fde3b-bdad-473c-8a75-6abe6f69b6c3",
|
||
|
"value": "WRITE"
|
||
|
},
|
||
|
{
|
||
|
"category": "Other",
|
||
|
"comment": "",
|
||
|
"deleted": false,
|
||
|
"disable_correlation": true,
|
||
|
"object_relation": "flag",
|
||
|
"timestamp": "1643379039",
|
||
|
"to_ids": false,
|
||
|
"type": "text",
|
||
|
"uuid": "2f1ce981-e93c-419f-ac7d-9cf2413dac4c",
|
||
|
"value": "ALLOC"
|
||
|
},
|
||
|
{
|
||
|
"category": "Other",
|
||
|
"comment": "",
|
||
|
"deleted": false,
|
||
|
"disable_correlation": true,
|
||
|
"object_relation": "size-in-bytes",
|
||
|
"timestamp": "1643379039",
|
||
|
"to_ids": false,
|
||
|
"type": "size-in-bytes",
|
||
|
"uuid": "912452b7-0355-43c5-8754-eda65e7bfa69",
|
||
|
"value": "256"
|
||
|
},
|
||
|
{
|
||
|
"category": "Other",
|
||
|
"comment": "",
|
||
|
"deleted": false,
|
||
|
"disable_correlation": true,
|
||
|
"object_relation": "entropy",
|
||
|
"timestamp": "1643379039",
|
||
|
"to_ids": false,
|
||
|
"type": "float",
|
||
|
"uuid": "69637cd0-0892-437d-9721-cbec8130cd91",
|
||
|
"value": "0.51360896470411"
|
||
|
},
|
||
|
{
|
||
|
"category": "Payload delivery",
|
||
|
"comment": "",
|
||
|
"deleted": false,
|
||
|
"disable_correlation": false,
|
||
|
"object_relation": "md5",
|
||
|
"timestamp": "1643379039",
|
||
|
"to_ids": true,
|
||
|
"type": "md5",
|
||
|
"uuid": "66b0c9b1-0203-4ceb-aa28-e8dbd6981dfb",
|
||
|
"value": "1c8c84187d23ee1c8d68f8417b278aca"
|
||
|
},
|
||
|
{
|
||
|
"category": "Payload delivery",
|
||
|
"comment": "",
|
||
|
"deleted": false,
|
||
|
"disable_correlation": false,
|
||
|
"object_relation": "sha1",
|
||
|
"timestamp": "1643379039",
|
||
|
"to_ids": true,
|
||
|
"type": "sha1",
|
||
|
"uuid": "1b3d5487-42a2-42d5-ba6a-b7645568b3ae",
|
||
|
"value": "1bfad37f81b5d6d301446eb49a8deecc23830e97"
|
||
|
},
|
||
|
{
|
||
|
"category": "Payload delivery",
|
||
|
"comment": "",
|
||
|
"deleted": false,
|
||
|
"disable_correlation": false,
|
||
|
"object_relation": "sha256",
|
||
|
"timestamp": "1643379039",
|
||
|
"to_ids": true,
|
||
|
"type": "sha256",
|
||
|
"uuid": "5e691194-3570-41ff-be83-6d7532122600",
|
||
|
"value": "1083d59035c57d50e538c7b411d1530dee4a6a547a7ac6fc7f4f20174ac0aa47"
|
||
|
},
|
||
|
{
|
||
|
"category": "Payload delivery",
|
||
|
"comment": "",
|
||
|
"deleted": false,
|
||
|
"disable_correlation": false,
|
||
|
"object_relation": "sha512",
|
||
|
"timestamp": "1643379039",
|
||
|
"to_ids": true,
|
||
|
"type": "sha512",
|
||
|
"uuid": "6b05a4ac-6ccf-4e55-bc00-6c131299f9c0",
|
||
|
"value": "90c1f9e036cf299ca17a79fbd4d7584ca6f4c7489ad4f095d8ddbcb6768f0efadb5c865a47985401d6a9e4606d8d1be73351fbed273cb659463ec79d9e8d0323"
|
||
|
},
|
||
|
{
|
||
|
"category": "Payload delivery",
|
||
|
"comment": "",
|
||
|
"deleted": false,
|
||
|
"disable_correlation": false,
|
||
|
"object_relation": "ssdeep",
|
||
|
"timestamp": "1643379039",
|
||
|
"to_ids": true,
|
||
|
"type": "ssdeep",
|
||
|
"uuid": "2a4000b3-fe22-40fd-85d9-05e7ce5a79c3",
|
||
|
"value": "3:flvlE/ltE//lvlvlzl:0/"
|
||
|
}
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"comment": "",
|
||
|
"deleted": false,
|
||
|
"description": "Object describing a section of an Executable and Linkable Format",
|
||
|
"meta-category": "file",
|
||
|
"name": "elf-section",
|
||
|
"template_uuid": "ca271f32-1234-4e87-b240-6b6e882de5de",
|
||
|
"template_version": "4",
|
||
|
"timestamp": "1643379039",
|
||
|
"uuid": "eda4b8fa-1906-4263-b685-77c79b9a494b",
|
||
|
"Attribute": [
|
||
|
{
|
||
|
"category": "Other",
|
||
|
"comment": "",
|
||
|
"deleted": false,
|
||
|
"disable_correlation": true,
|
||
|
"object_relation": "name",
|
||
|
"timestamp": "1643379039",
|
||
|
"to_ids": false,
|
||
|
"type": "text",
|
||
|
"uuid": "62796316-a26c-4bda-91b2-dcc463b32228",
|
||
|
"value": ".got.plt"
|
||
|
},
|
||
|
{
|
||
|
"category": "Other",
|
||
|
"comment": "",
|
||
|
"deleted": false,
|
||
|
"disable_correlation": true,
|
||
|
"object_relation": "type",
|
||
|
"timestamp": "1643379039",
|
||
|
"to_ids": false,
|
||
|
"type": "text",
|
||
|
"uuid": "c4af0b07-21a7-46ba-b3f6-db267f21f5f3",
|
||
|
"value": "PROGBITS"
|
||
|
},
|
||
|
{
|
||
|
"category": "Other",
|
||
|
"comment": "",
|
||
|
"deleted": false,
|
||
|
"disable_correlation": true,
|
||
|
"object_relation": "flag",
|
||
|
"timestamp": "1643379039",
|
||
|
"to_ids": false,
|
||
|
"type": "text",
|
||
|
"uuid": "7fff93af-ef81-4213-a4fa-4af17dd3924a",
|
||
|
"value": "WRITE"
|
||
|
},
|
||
|
{
|
||
|
"category": "Other",
|
||
|
"comment": "",
|
||
|
"deleted": false,
|
||
|
"disable_correlation": true,
|
||
|
"object_relation": "flag",
|
||
|
"timestamp": "1643379039",
|
||
|
"to_ids": false,
|
||
|
"type": "text",
|
||
|
"uuid": "13156f16-1b42-4388-b5cb-165b838db2c6",
|
||
|
"value": "ALLOC"
|
||
|
},
|
||
|
{
|
||
|
"category": "Other",
|
||
|
"comment": "",
|
||
|
"deleted": false,
|
||
|
"disable_correlation": true,
|
||
|
"object_relation": "size-in-bytes",
|
||
|
"timestamp": "1643379039",
|
||
|
"to_ids": false,
|
||
|
"type": "size-in-bytes",
|
||
|
"uuid": "14f3295f-16be-4d0c-8096-4a8d83a5eee8",
|
||
|
"value": "264"
|
||
|
},
|
||
|
{
|
||
|
"category": "Other",
|
||
|
"comment": "",
|
||
|
"deleted": false,
|
||
|
"disable_correlation": true,
|
||
|
"object_relation": "entropy",
|
||
|
"timestamp": "1643379039",
|
||
|
"to_ids": false,
|
||
|
"type": "float",
|
||
|
"uuid": "3ffabbe0-3bb2-4e40-b50b-530cab96f39d",
|
||
|
"value": "2.0475746685833"
|
||
|
},
|
||
|
{
|
||
|
"category": "Payload delivery",
|
||
|
"comment": "",
|
||
|
"deleted": false,
|
||
|
"disable_correlation": false,
|
||
|
"object_relation": "md5",
|
||
|
"timestamp": "1643379039",
|
||
|
"to_ids": true,
|
||
|
"type": "md5",
|
||
|
"uuid": "ccbb4c0c-c4c6-49bf-a6c3-48411ee4c5d0",
|
||
|
"value": "3008c9c186720b10ea47fd550a93ab56"
|
||
|
},
|
||
|
{
|
||
|
"category": "Payload delivery",
|
||
|
"comment": "",
|
||
|
"deleted": false,
|
||
|
"disable_correlation": false,
|
||
|
"object_relation": "sha1",
|
||
|
"timestamp": "1643379039",
|
||
|
"to_ids": true,
|
||
|
"type": "sha1",
|
||
|
"uuid": "0e27d112-1f2a-434d-9828-7c1c48cd2a33",
|
||
|
"value": "87ff3f0af51fc81afb013c38d9aa5f19921d079a"
|
||
|
},
|
||
|
{
|
||
|
"category": "Payload delivery",
|
||
|
"comment": "",
|
||
|
"deleted": false,
|
||
|
"disable_correlation": false,
|
||
|
"object_relation": "sha256",
|
||
|
"timestamp": "1643379039",
|
||
|
"to_ids": true,
|
||
|
"type": "sha256",
|
||
|
"uuid": "2ec00033-dce6-4890-86f3-c21ab75b011f",
|
||
|
"value": "e98f9daa553e024fafbcc340c585b4d4552d2af4ea8e5233b38806e4ecc87ca3"
|
||
|
},
|
||
|
{
|
||
|
"category": "Payload delivery",
|
||
|
"comment": "",
|
||
|
"deleted": false,
|
||
|
"disable_correlation": false,
|
||
|
"object_relation": "sha512",
|
||
|
"timestamp": "1643379039",
|
||
|
"to_ids": true,
|
||
|
"type": "sha512",
|
||
|
"uuid": "1539889a-abd9-40a4-9e5d-8928f1f650b1",
|
||
|
"value": "2d3533d887d56bf7ed77df225eb00e22c085102c5045a2340fd4fb400e50bb27a6427821644e635cfcbfe2d84ddbbafdda248c31a22d62e27298a3e52103774d"
|
||
|
},
|
||
|
{
|
||
|
"category": "Payload delivery",
|
||
|
"comment": "",
|
||
|
"deleted": false,
|
||
|
"disable_correlation": false,
|
||
|
"object_relation": "ssdeep",
|
||
|
"timestamp": "1643379039",
|
||
|
"to_ids": true,
|
||
|
"type": "ssdeep",
|
||
|
"uuid": "133256d0-9721-4c46-9132-6496c22a36c6",
|
||
|
"value": "3:7xvB9/lJHpvp9/lxHBvx9/lZH5vZ9/lBHRvh9tpHlzvJ9tRHlbvR9t5Hljv59thi:Sl"
|
||
|
}
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"comment": "",
|
||
|
"deleted": false,
|
||
|
"description": "Object describing a section of an Executable and Linkable Format",
|
||
|
"meta-category": "file",
|
||
|
"name": "elf-section",
|
||
|
"template_uuid": "ca271f32-1234-4e87-b240-6b6e882de5de",
|
||
|
"template_version": "4",
|
||
|
"timestamp": "1643379039",
|
||
|
"uuid": "3cf774f3-432c-4dab-b9a9-5ee8a5c7bf02",
|
||
|
"Attribute": [
|
||
|
{
|
||
|
"category": "Other",
|
||
|
"comment": "",
|
||
|
"deleted": false,
|
||
|
"disable_correlation": true,
|
||
|
"object_relation": "name",
|
||
|
"timestamp": "1643379039",
|
||
|
"to_ids": false,
|
||
|
"type": "text",
|
||
|
"uuid": "17e3df87-4eaf-41c5-891c-c8c899708d83",
|
||
|
"value": ".data"
|
||
|
},
|
||
|
{
|
||
|
"category": "Other",
|
||
|
"comment": "",
|
||
|
"deleted": false,
|
||
|
"disable_correlation": true,
|
||
|
"object_relation": "type",
|
||
|
"timestamp": "1643379039",
|
||
|
"to_ids": false,
|
||
|
"type": "text",
|
||
|
"uuid": "04e55fb7-a835-4a51-8b74-c5868a4c7aa2",
|
||
|
"value": "PROGBITS"
|
||
|
},
|
||
|
{
|
||
|
"category": "Other",
|
||
|
"comment": "",
|
||
|
"deleted": false,
|
||
|
"disable_correlation": true,
|
||
|
"object_relation": "flag",
|
||
|
"timestamp": "1643379039",
|
||
|
"to_ids": false,
|
||
|
"type": "text",
|
||
|
"uuid": "9f7f961b-38a6-4c00-a6d2-c18b5a0243eb",
|
||
|
"value": "WRITE"
|
||
|
},
|
||
|
{
|
||
|
"category": "Other",
|
||
|
"comment": "",
|
||
|
"deleted": false,
|
||
|
"disable_correlation": true,
|
||
|
"object_relation": "flag",
|
||
|
"timestamp": "1643379039",
|
||
|
"to_ids": false,
|
||
|
"type": "text",
|
||
|
"uuid": "73020693-0a1c-47b8-a34e-af2bd56d436d",
|
||
|
"value": "ALLOC"
|
||
|
},
|
||
|
{
|
||
|
"category": "Other",
|
||
|
"comment": "",
|
||
|
"deleted": false,
|
||
|
"disable_correlation": true,
|
||
|
"object_relation": "size-in-bytes",
|
||
|
"timestamp": "1643379039",
|
||
|
"to_ids": false,
|
||
|
"type": "size-in-bytes",
|
||
|
"uuid": "d217f0e5-59dc-4fac-8e7e-c7570a4a8c72",
|
||
|
"value": "7024"
|
||
|
},
|
||
|
{
|
||
|
"category": "Other",
|
||
|
"comment": "",
|
||
|
"deleted": false,
|
||
|
"disable_correlation": true,
|
||
|
"object_relation": "entropy",
|
||
|
"timestamp": "1643379039",
|
||
|
"to_ids": false,
|
||
|
"type": "float",
|
||
|
"uuid": "cc9429fa-5b8c-44a5-b7ed-2c609beaa283",
|
||
|
"value": "1.0430913631884"
|
||
|
},
|
||
|
{
|
||
|
"category": "Payload delivery",
|
||
|
"comment": "",
|
||
|
"deleted": false,
|
||
|
"disable_correlation": false,
|
||
|
"object_relation": "md5",
|
||
|
"timestamp": "1643379039",
|
||
|
"to_ids": true,
|
||
|
"type": "md5",
|
||
|
"uuid": "1fba48e8-7408-4c5c-b96b-f2fb52d0143e",
|
||
|
"value": "4c71995c363a73a808d51ba6952987eb"
|
||
|
},
|
||
|
{
|
||
|
"category": "Payload delivery",
|
||
|
"comment": "",
|
||
|
"deleted": false,
|
||
|
"disable_correlation": false,
|
||
|
"object_relation": "sha1",
|
||
|
"timestamp": "1643379039",
|
||
|
"to_ids": true,
|
||
|
"type": "sha1",
|
||
|
"uuid": "a0a36815-da5d-4e1f-bfde-4d951ba3e438",
|
||
|
"value": "182672579f020a410958b0a60b2bbb7a22899c70"
|
||
|
},
|
||
|
{
|
||
|
"category": "Payload delivery",
|
||
|
"comment": "",
|
||
|
"deleted": false,
|
||
|
"disable_correlation": false,
|
||
|
"object_relation": "sha256",
|
||
|
"timestamp": "1643379039",
|
||
|
"to_ids": true,
|
||
|
"type": "sha256",
|
||
|
"uuid": "ef823879-f898-41b8-8607-56bb5b89636a",
|
||
|
"value": "88d32e252213dda69d8ea169fcc70e05b7e43dc898a8ef5cffa2e0bbd66ccfc5"
|
||
|
},
|
||
|
{
|
||
|
"category": "Payload delivery",
|
||
|
"comment": "",
|
||
|
"deleted": false,
|
||
|
"disable_correlation": false,
|
||
|
"object_relation": "sha512",
|
||
|
"timestamp": "1643379039",
|
||
|
"to_ids": true,
|
||
|
"type": "sha512",
|
||
|
"uuid": "c188667d-3543-475f-8149-12dc411f5e11",
|
||
|
"value": "6b02e688a0cf960626d1a1ef65618359ba997e153bd1b965ded96b0783ad0dcd957c8bfac6510b6e54e5e5dd99350c8da5ba44b452be6992f451a8000079b9c7"
|
||
|
},
|
||
|
{
|
||
|
"category": "Payload delivery",
|
||
|
"comment": "",
|
||
|
"deleted": false,
|
||
|
"disable_correlation": false,
|
||
|
"object_relation": "ssdeep",
|
||
|
"timestamp": "1643379039",
|
||
|
"to_ids": true,
|
||
|
"type": "ssdeep",
|
||
|
"uuid": "9e6f261b-4160-4aaf-b945-40ce9d3593b8",
|
||
|
"value": "12:71+HybSvOH/Yruu8L0WVXsVa+y/HqYWx4ozKjKVCfak1iqE548/X0XaEwHfk1oHH:KLuLRQV47WVCfAOyvmY/mtytmE"
|
||
|
}
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"comment": "",
|
||
|
"deleted": false,
|
||
|
"description": "Object describing a section of an Executable and Linkable Format",
|
||
|
"meta-category": "file",
|
||
|
"name": "elf-section",
|
||
|
"template_uuid": "ca271f32-1234-4e87-b240-6b6e882de5de",
|
||
|
"template_version": "4",
|
||
|
"timestamp": "1643379039",
|
||
|
"uuid": "3cc99722-ce57-4202-be55-fb8b973c88f3",
|
||
|
"Attribute": [
|
||
|
{
|
||
|
"category": "Other",
|
||
|
"comment": "",
|
||
|
"deleted": false,
|
||
|
"disable_correlation": true,
|
||
|
"object_relation": "name",
|
||
|
"timestamp": "1643379039",
|
||
|
"to_ids": false,
|
||
|
"type": "text",
|
||
|
"uuid": "bcf9db11-6786-4549-b3c1-8591f9b9ce34",
|
||
|
"value": "__libc_subfreeres"
|
||
|
},
|
||
|
{
|
||
|
"category": "Other",
|
||
|
"comment": "",
|
||
|
"deleted": false,
|
||
|
"disable_correlation": true,
|
||
|
"object_relation": "type",
|
||
|
"timestamp": "1643379040",
|
||
|
"to_ids": false,
|
||
|
"type": "text",
|
||
|
"uuid": "476d7803-42f7-4813-b439-c8f6036faf8b",
|
||
|
"value": "PROGBITS"
|
||
|
},
|
||
|
{
|
||
|
"category": "Other",
|
||
|
"comment": "",
|
||
|
"deleted": false,
|
||
|
"disable_correlation": true,
|
||
|
"object_relation": "flag",
|
||
|
"timestamp": "1643379040",
|
||
|
"to_ids": false,
|
||
|
"type": "text",
|
||
|
"uuid": "38a44998-0e99-4fdb-ade2-f5025e09356e",
|
||
|
"value": "WRITE"
|
||
|
},
|
||
|
{
|
||
|
"category": "Other",
|
||
|
"comment": "",
|
||
|
"deleted": false,
|
||
|
"disable_correlation": true,
|
||
|
"object_relation": "flag",
|
||
|
"timestamp": "1643379040",
|
||
|
"to_ids": false,
|
||
|
"type": "text",
|
||
|
"uuid": "0df02b4b-9403-4f6b-8c7e-5dc77c9a00b5",
|
||
|
"value": "ALLOC"
|
||
|
},
|
||
|
{
|
||
|
"category": "Other",
|
||
|
"comment": "",
|
||
|
"deleted": false,
|
||
|
"disable_correlation": true,
|
||
|
"object_relation": "size-in-bytes",
|
||
|
"timestamp": "1643379040",
|
||
|
"to_ids": false,
|
||
|
"type": "size-in-bytes",
|
||
|
"uuid": "d3205f99-653e-42c6-afb8-1f5c94f36707",
|
||
|
"value": "88"
|
||
|
},
|
||
|
{
|
||
|
"category": "Other",
|
||
|
"comment": "",
|
||
|
"deleted": false,
|
||
|
"disable_correlation": true,
|
||
|
"object_relation": "entropy",
|
||
|
"timestamp": "1643379040",
|
||
|
"to_ids": false,
|
||
|
"type": "float",
|
||
|
"uuid": "c1881653-71dc-4100-bc6a-e166896f7189",
|
||
|
"value": "2.268710941921"
|
||
|
},
|
||
|
{
|
||
|
"category": "Payload delivery",
|
||
|
"comment": "",
|
||
|
"deleted": false,
|
||
|
"disable_correlation": false,
|
||
|
"object_relation": "md5",
|
||
|
"timestamp": "1643379040",
|
||
|
"to_ids": true,
|
||
|
"type": "md5",
|
||
|
"uuid": "d9b9ac14-20f8-4bae-9fa7-07d275621d90",
|
||
|
"value": "1bd9d95b91e889015d43a1fae7afb599"
|
||
|
},
|
||
|
{
|
||
|
"category": "Payload delivery",
|
||
|
"comment": "",
|
||
|
"deleted": false,
|
||
|
"disable_correlation": false,
|
||
|
"object_relation": "sha1",
|
||
|
"timestamp": "1643379040",
|
||
|
"to_ids": true,
|
||
|
"type": "sha1",
|
||
|
"uuid": "77e101c5-3295-4703-99be-f809abb9cff6",
|
||
|
"value": "75d66019e66e2aec613630d5da16a3710d2dd4f6"
|
||
|
},
|
||
|
{
|
||
|
"category": "Payload delivery",
|
||
|
"comment": "",
|
||
|
"deleted": false,
|
||
|
"disable_correlation": false,
|
||
|
"object_relation": "sha256",
|
||
|
"timestamp": "1643379040",
|
||
|
"to_ids": true,
|
||
|
"type": "sha256",
|
||
|
"uuid": "2bb4c8c4-2c07-4266-bf2b-720999ec56f8",
|
||
|
"value": "a0170dbd1427eb901b50ebdcfbad77699aee60229fa233e0f68ca994f657dcec"
|
||
|
},
|
||
|
{
|
||
|
"category": "Payload delivery",
|
||
|
"comment": "",
|
||
|
"deleted": false,
|
||
|
"disable_correlation": false,
|
||
|
"object_relation": "sha512",
|
||
|
"timestamp": "1643379040",
|
||
|
"to_ids": true,
|
||
|
"type": "sha512",
|
||
|
"uuid": "13346bbd-4fc7-494f-8a2e-2506dfcd95b4",
|
||
|
"value": "89fe13f13a7cf3756334b5e2a98b321a6fe461d8a2214f3ab16a71ca82e8053cffb7ceb56d77b984c2a922b552a1ed52c2fa4d8a15a947a1bc7d6768c9a92153"
|
||
|
},
|
||
|
{
|
||
|
"category": "Payload delivery",
|
||
|
"comment": "",
|
||
|
"deleted": false,
|
||
|
"disable_correlation": false,
|
||
|
"object_relation": "ssdeep",
|
||
|
"timestamp": "1643379040",
|
||
|
"to_ids": true,
|
||
|
"type": "ssdeep",
|
||
|
"uuid": "9e4cf3e9-ee2f-483a-a70a-ce85e3306efc",
|
||
|
"value": "3:kX44jK/C/i/2l8lu/Ft/n:kXjZ0u/3/n"
|
||
|
}
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"comment": "",
|
||
|
"deleted": false,
|
||
|
"description": "Object describing a section of an Executable and Linkable Format",
|
||
|
"meta-category": "file",
|
||
|
"name": "elf-section",
|
||
|
"template_uuid": "ca271f32-1234-4e87-b240-6b6e882de5de",
|
||
|
"template_version": "4",
|
||
|
"timestamp": "1643379040",
|
||
|
"uuid": "083c2484-551f-41ce-ad0e-5dc89744fdd6",
|
||
|
"Attribute": [
|
||
|
{
|
||
|
"category": "Other",
|
||
|
"comment": "",
|
||
|
"deleted": false,
|
||
|
"disable_correlation": true,
|
||
|
"object_relation": "name",
|
||
|
"timestamp": "1643379040",
|
||
|
"to_ids": false,
|
||
|
"type": "text",
|
||
|
"uuid": "fc398b1e-0d5d-4607-bd21-f2476ccc6c9b",
|
||
|
"value": "__libc_IO_vtables"
|
||
|
},
|
||
|
{
|
||
|
"category": "Other",
|
||
|
"comment": "",
|
||
|
"deleted": false,
|
||
|
"disable_correlation": true,
|
||
|
"object_relation": "type",
|
||
|
"timestamp": "1643379040",
|
||
|
"to_ids": false,
|
||
|
"type": "text",
|
||
|
"uuid": "9da0481f-e72c-46bd-984c-c1a819cc0d1c",
|
||
|
"value": "PROGBITS"
|
||
|
},
|
||
|
{
|
||
|
"category": "Other",
|
||
|
"comment": "",
|
||
|
"deleted": false,
|
||
|
"disable_correlation": true,
|
||
|
"object_relation": "flag",
|
||
|
"timestamp": "1643379040",
|
||
|
"to_ids": false,
|
||
|
"type": "text",
|
||
|
"uuid": "abef6cb7-02c8-4a57-8410-0bb55fb4374a",
|
||
|
"value": "WRITE"
|
||
|
},
|
||
|
{
|
||
|
"category": "Other",
|
||
|
"comment": "",
|
||
|
"deleted": false,
|
||
|
"disable_correlation": true,
|
||
|
"object_relation": "flag",
|
||
|
"timestamp": "1643379040",
|
||
|
"to_ids": false,
|
||
|
"type": "text",
|
||
|
"uuid": "3c87759a-27d9-4258-acfb-638503f5b512",
|
||
|
"value": "ALLOC"
|
||
|
},
|
||
|
{
|
||
|
"category": "Other",
|
||
|
"comment": "",
|
||
|
"deleted": false,
|
||
|
"disable_correlation": true,
|
||
|
"object_relation": "size-in-bytes",
|
||
|
"timestamp": "1643379040",
|
||
|
"to_ids": false,
|
||
|
"type": "size-in-bytes",
|
||
|
"uuid": "539d21bd-9270-4993-9d54-1736413d916e",
|
||
|
"value": "2280"
|
||
|
},
|
||
|
{
|
||
|
"category": "Other",
|
||
|
"comment": "",
|
||
|
"deleted": false,
|
||
|
"disable_correlation": true,
|
||
|
"object_relation": "entropy",
|
||
|
"timestamp": "1643379040",
|
||
|
"to_ids": false,
|
||
|
"type": "float",
|
||
|
"uuid": "a01372a6-f3ad-446a-97b2-59ec605e66f6",
|
||
|
"value": "2.2294976354887"
|
||
|
},
|
||
|
{
|
||
|
"category": "Payload delivery",
|
||
|
"comment": "",
|
||
|
"deleted": false,
|
||
|
"disable_correlation": false,
|
||
|
"object_relation": "md5",
|
||
|
"timestamp": "1643379040",
|
||
|
"to_ids": true,
|
||
|
"type": "md5",
|
||
|
"uuid": "cdac9cad-7096-4ece-9a1a-56bc12394b8f",
|
||
|
"value": "ed1d48ef4103b6afcab39d66e62ef738"
|
||
|
},
|
||
|
{
|
||
|
"category": "Payload delivery",
|
||
|
"comment": "",
|
||
|
"deleted": false,
|
||
|
"disable_correlation": false,
|
||
|
"object_relation": "sha1",
|
||
|
"timestamp": "1643379040",
|
||
|
"to_ids": true,
|
||
|
"type": "sha1",
|
||
|
"uuid": "10a75293-1f2f-49cc-bbc6-ff48baa055c8",
|
||
|
"value": "8af062dde822380f0be1cdfbea4de73c24d2f76c"
|
||
|
},
|
||
|
{
|
||
|
"category": "Payload delivery",
|
||
|
"comment": "",
|
||
|
"deleted": false,
|
||
|
"disable_correlation": false,
|
||
|
"object_relation": "sha256",
|
||
|
"timestamp": "1643379040",
|
||
|
"to_ids": true,
|
||
|
"type": "sha256",
|
||
|
"uuid": "f26b7fd4-fbad-4aef-8547-3b24f48b3fd4",
|
||
|
"value": "35c8c325bee01068b3708d272f8d15a202b74b3f02019238fbc4d04ade1eff7e"
|
||
|
},
|
||
|
{
|
||
|
"category": "Payload delivery",
|
||
|
"comment": "",
|
||
|
"deleted": false,
|
||
|
"disable_correlation": false,
|
||
|
"object_relation": "sha512",
|
||
|
"timestamp": "1643379040",
|
||
|
"to_ids": true,
|
||
|
"type": "sha512",
|
||
|
"uuid": "c59e42ab-67d8-48ab-9074-4637869cdeb1",
|
||
|
"value": "5fdb768539ca49508187fc019589a13cdc17daea06ded6ee7f948d2a3cf3dc36c38dcbd2f80849b61ed4398f449774410559694b7aa980ad25c3fb4e0eccfd9c"
|
||
|
},
|
||
|
{
|
||
|
"category": "Payload delivery",
|
||
|
"comment": "",
|
||
|
"deleted": false,
|
||
|
"disable_correlation": false,
|
||
|
"object_relation": "ssdeep",
|
||
|
"timestamp": "1643379040",
|
||
|
"to_ids": true,
|
||
|
"type": "ssdeep",
|
||
|
"uuid": "f687391b-1251-4215-84a5-951b9ee5f8a8",
|
||
|
"value": "24:mO28ThsyHcsyMpsyfcqhsLvosw5sGothh7dCG:u8Th3c8pkqhQvof5ethh70G"
|
||
|
}
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"comment": "",
|
||
|
"deleted": false,
|
||
|
"description": "Object describing a section of an Executable and Linkable Format",
|
||
|
"meta-category": "file",
|
||
|
"name": "elf-section",
|
||
|
"template_uuid": "ca271f32-1234-4e87-b240-6b6e882de5de",
|
||
|
"template_version": "4",
|
||
|
"timestamp": "1643379040",
|
||
|
"uuid": "9ddc2aa3-59cd-4611-829d-6b0f9f82b99c",
|
||
|
"Attribute": [
|
||
|
{
|
||
|
"category": "Other",
|
||
|
"comment": "",
|
||
|
"deleted": false,
|
||
|
"disable_correlation": true,
|
||
|
"object_relation": "name",
|
||
|
"timestamp": "1643379040",
|
||
|
"to_ids": false,
|
||
|
"type": "text",
|
||
|
"uuid": "72f55adc-7ad9-4e41-b2db-bb20a1a8195f",
|
||
|
"value": "__libc_atexit"
|
||
|
},
|
||
|
{
|
||
|
"category": "Other",
|
||
|
"comment": "",
|
||
|
"deleted": false,
|
||
|
"disable_correlation": true,
|
||
|
"object_relation": "type",
|
||
|
"timestamp": "1643379040",
|
||
|
"to_ids": false,
|
||
|
"type": "text",
|
||
|
"uuid": "ce9e2c11-b9dd-4c73-ad3f-05e74cd7cdee",
|
||
|
"value": "PROGBITS"
|
||
|
},
|
||
|
{
|
||
|
"category": "Other",
|
||
|
"comment": "",
|
||
|
"deleted": false,
|
||
|
"disable_correlation": true,
|
||
|
"object_relation": "flag",
|
||
|
"timestamp": "1643379040",
|
||
|
"to_ids": false,
|
||
|
"type": "text",
|
||
|
"uuid": "0890ad50-a09b-44b6-af56-1ed776c5cd5a",
|
||
|
"value": "WRITE"
|
||
|
},
|
||
|
{
|
||
|
"category": "Other",
|
||
|
"comment": "",
|
||
|
"deleted": false,
|
||
|
"disable_correlation": true,
|
||
|
"object_relation": "flag",
|
||
|
"timestamp": "1643379040",
|
||
|
"to_ids": false,
|
||
|
"type": "text",
|
||
|
"uuid": "77195161-58a1-4e9d-a9ab-3d11d91eef37",
|
||
|
"value": "ALLOC"
|
||
|
},
|
||
|
{
|
||
|
"category": "Other",
|
||
|
"comment": "",
|
||
|
"deleted": false,
|
||
|
"disable_correlation": true,
|
||
|
"object_relation": "size-in-bytes",
|
||
|
"timestamp": "1643379040",
|
||
|
"to_ids": false,
|
||
|
"type": "size-in-bytes",
|
||
|
"uuid": "e6520602-6a08-45c6-a745-377df6acb8e5",
|
||
|
"value": "8"
|
||
|
},
|
||
|
{
|
||
|
"category": "Other",
|
||
|
"comment": "",
|
||
|
"deleted": false,
|
||
|
"disable_correlation": true,
|
||
|
"object_relation": "entropy",
|
||
|
"timestamp": "1643379040",
|
||
|
"to_ids": false,
|
||
|
"type": "float",
|
||
|
"uuid": "d4d9a752-736f-4136-aa04-b198ec152996",
|
||
|
"value": "1.5487949406954"
|
||
|
},
|
||
|
{
|
||
|
"category": "Payload delivery",
|
||
|
"comment": "",
|
||
|
"deleted": false,
|
||
|
"disable_correlation": false,
|
||
|
"object_relation": "md5",
|
||
|
"timestamp": "1643379040",
|
||
|
"to_ids": true,
|
||
|
"type": "md5",
|
||
|
"uuid": "fc2ad888-d8bd-48db-9c1b-0eb06d7dd670",
|
||
|
"value": "7153176250fb8d700ef6473ea4ceaa30"
|
||
|
},
|
||
|
{
|
||
|
"category": "Payload delivery",
|
||
|
"comment": "",
|
||
|
"deleted": false,
|
||
|
"disable_correlation": false,
|
||
|
"object_relation": "sha1",
|
||
|
"timestamp": "1643379040",
|
||
|
"to_ids": true,
|
||
|
"type": "sha1",
|
||
|
"uuid": "6572841d-87de-40fd-94c1-8ce43c32283f",
|
||
|
"value": "2c8835a16b5f3b197e689ec77009511ca45fe7ec"
|
||
|
},
|
||
|
{
|
||
|
"category": "Payload delivery",
|
||
|
"comment": "",
|
||
|
"deleted": false,
|
||
|
"disable_correlation": false,
|
||
|
"object_relation": "sha256",
|
||
|
"timestamp": "1643379040",
|
||
|
"to_ids": true,
|
||
|
"type": "sha256",
|
||
|
"uuid": "c18b446e-9850-4a01-9ce7-62c78b2037aa",
|
||
|
"value": "d76d1afcca1bd77506c5746a7790d6451f008fa563d0856b7904100b4bea4c41"
|
||
|
},
|
||
|
{
|
||
|
"category": "Payload delivery",
|
||
|
"comment": "",
|
||
|
"deleted": false,
|
||
|
"disable_correlation": false,
|
||
|
"object_relation": "sha512",
|
||
|
"timestamp": "1643379040",
|
||
|
"to_ids": true,
|
||
|
"type": "sha512",
|
||
|
"uuid": "4312770f-3f88-4668-8bbe-9b62254ae272",
|
||
|
"value": "f762990995d926eb6276446d27c9c4fd454cd8fa69ad1f9308a39c20ab43b597ac6d7c24ed6f47180d7ed5e782e7fba56c4228e41232a273a71946cdd33b4f14"
|
||
|
},
|
||
|
{
|
||
|
"category": "Payload delivery",
|
||
|
"comment": "",
|
||
|
"deleted": false,
|
||
|
"disable_correlation": false,
|
||
|
"object_relation": "ssdeep",
|
||
|
"timestamp": "1643379040",
|
||
|
"to_ids": true,
|
||
|
"type": "ssdeep",
|
||
|
"uuid": "456de831-f310-4a34-b79c-7d40c01e6049",
|
||
|
"value": "3:4n:4"
|
||
|
}
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"comment": "",
|
||
|
"deleted": false,
|
||
|
"description": "Object describing a section of an Executable and Linkable Format",
|
||
|
"meta-category": "file",
|
||
|
"name": "elf-section",
|
||
|
"template_uuid": "ca271f32-1234-4e87-b240-6b6e882de5de",
|
||
|
"template_version": "4",
|
||
|
"timestamp": "1643379040",
|
||
|
"uuid": "f58ab9c8-011c-478a-af44-61d68d02930a",
|
||
|
"Attribute": [
|
||
|
{
|
||
|
"category": "Other",
|
||
|
"comment": "",
|
||
|
"deleted": false,
|
||
|
"disable_correlation": true,
|
||
|
"object_relation": "name",
|
||
|
"timestamp": "1643379040",
|
||
|
"to_ids": false,
|
||
|
"type": "text",
|
||
|
"uuid": "39dad15e-88ea-4e37-9521-8fc4a730e583",
|
||
|
"value": ".bss"
|
||
|
},
|
||
|
{
|
||
|
"category": "Other",
|
||
|
"comment": "",
|
||
|
"deleted": false,
|
||
|
"disable_correlation": true,
|
||
|
"object_relation": "type",
|
||
|
"timestamp": "1643379040",
|
||
|
"to_ids": false,
|
||
|
"type": "text",
|
||
|
"uuid": "a7d011df-bc61-4bea-9b8f-5d0879c229a1",
|
||
|
"value": "NOBITS"
|
||
|
},
|
||
|
{
|
||
|
"category": "Other",
|
||
|
"comment": "",
|
||
|
"deleted": false,
|
||
|
"disable_correlation": true,
|
||
|
"object_relation": "flag",
|
||
|
"timestamp": "1643379040",
|
||
|
"to_ids": false,
|
||
|
"type": "text",
|
||
|
"uuid": "932eb055-7c38-41fc-830b-b0a18e0c034e",
|
||
|
"value": "WRITE"
|
||
|
},
|
||
|
{
|
||
|
"category": "Other",
|
||
|
"comment": "",
|
||
|
"deleted": false,
|
||
|
"disable_correlation": true,
|
||
|
"object_relation": "flag",
|
||
|
"timestamp": "1643379040",
|
||
|
"to_ids": false,
|
||
|
"type": "text",
|
||
|
"uuid": "dcf06998-9a85-4a00-af76-b1862ccc2666",
|
||
|
"value": "ALLOC"
|
||
|
},
|
||
|
{
|
||
|
"category": "Other",
|
||
|
"comment": "",
|
||
|
"deleted": false,
|
||
|
"disable_correlation": true,
|
||
|
"object_relation": "size-in-bytes",
|
||
|
"timestamp": "1643379040",
|
||
|
"to_ids": false,
|
||
|
"type": "size-in-bytes",
|
||
|
"uuid": "8e3864c6-cdbb-40c0-aecc-182bc1b67515",
|
||
|
"value": "25856"
|
||
|
},
|
||
|
{
|
||
|
"category": "Other",
|
||
|
"comment": "",
|
||
|
"deleted": false,
|
||
|
"disable_correlation": true,
|
||
|
"object_relation": "entropy",
|
||
|
"timestamp": "1643379040",
|
||
|
"to_ids": false,
|
||
|
"type": "float",
|
||
|
"uuid": "a02bca27-2983-413e-950b-373dcb212f23",
|
||
|
"value": "4.9527559123953"
|
||
|
},
|
||
|
{
|
||
|
"category": "Payload delivery",
|
||
|
"comment": "",
|
||
|
"deleted": false,
|
||
|
"disable_correlation": false,
|
||
|
"object_relation": "md5",
|
||
|
"timestamp": "1643379040",
|
||
|
"to_ids": true,
|
||
|
"type": "md5",
|
||
|
"uuid": "c4f711d2-9735-42f7-a11a-c490b2f98008",
|
||
|
"value": "5fb32084f0356363c02c7f7b2fb0b500"
|
||
|
},
|
||
|
{
|
||
|
"category": "Payload delivery",
|
||
|
"comment": "",
|
||
|
"deleted": false,
|
||
|
"disable_correlation": false,
|
||
|
"object_relation": "sha1",
|
||
|
"timestamp": "1643379040",
|
||
|
"to_ids": true,
|
||
|
"type": "sha1",
|
||
|
"uuid": "00c6421b-67b0-4bf2-a3e0-5477b3a0eea9",
|
||
|
"value": "37db4047466a9f3af6ac23bdbd026e391621a519"
|
||
|
},
|
||
|
{
|
||
|
"category": "Payload delivery",
|
||
|
"comment": "",
|
||
|
"deleted": false,
|
||
|
"disable_correlation": false,
|
||
|
"object_relation": "sha256",
|
||
|
"timestamp": "1643379040",
|
||
|
"to_ids": true,
|
||
|
"type": "sha256",
|
||
|
"uuid": "d43574f8-c208-46b5-98ca-03e28e103411",
|
||
|
"value": "a6edb30315a56060cc170dda408099d2b915109932ceb78497b4724b4d67297c"
|
||
|
},
|
||
|
{
|
||
|
"category": "Payload delivery",
|
||
|
"comment": "",
|
||
|
"deleted": false,
|
||
|
"disable_correlation": false,
|
||
|
"object_relation": "sha512",
|
||
|
"timestamp": "1643379040",
|
||
|
"to_ids": true,
|
||
|
"type": "sha512",
|
||
|
"uuid": "0747c47e-ef46-4037-b1a5-bf2585b46082",
|
||
|
"value": "996b70e518cf54026a8aa8fe7302b21aaf785d5a0cc72249ef1a874b3509e92e45e29178a296f970c114b579570a14cdd7ab2438488f5a689ff1439114ae3ed0"
|
||
|
},
|
||
|
{
|
||
|
"category": "Payload delivery",
|
||
|
"comment": "",
|
||
|
"deleted": false,
|
||
|
"disable_correlation": false,
|
||
|
"object_relation": "ssdeep",
|
||
|
"timestamp": "1643379040",
|
||
|
"to_ids": true,
|
||
|
"type": "ssdeep",
|
||
|
"uuid": "ec687187-b78e-4ed0-b6ce-836412e43323",
|
||
|
"value": "384:VD6bSde+8gH08xxhinYcLEnkKkDLsyfJxG0f5cJj/1uBxc4OgHE:pCQxrOwkNsoxG0BaQBxc5"
|
||
|
}
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"comment": "",
|
||
|
"deleted": false,
|
||
|
"description": "Object describing a section of an Executable and Linkable Format",
|
||
|
"meta-category": "file",
|
||
|
"name": "elf-section",
|
||
|
"template_uuid": "ca271f32-1234-4e87-b240-6b6e882de5de",
|
||
|
"template_version": "4",
|
||
|
"timestamp": "1643379040",
|
||
|
"uuid": "3d1434a9-7510-4777-9bf3-d9ddeebf09c2",
|
||
|
"Attribute": [
|
||
|
{
|
||
|
"category": "Other",
|
||
|
"comment": "",
|
||
|
"deleted": false,
|
||
|
"disable_correlation": true,
|
||
|
"object_relation": "name",
|
||
|
"timestamp": "1643379040",
|
||
|
"to_ids": false,
|
||
|
"type": "text",
|
||
|
"uuid": "971404ad-243e-4104-8db6-7d883d79d4bb",
|
||
|
"value": "__libc_freeres_ptrs"
|
||
|
},
|
||
|
{
|
||
|
"category": "Other",
|
||
|
"comment": "",
|
||
|
"deleted": false,
|
||
|
"disable_correlation": true,
|
||
|
"object_relation": "type",
|
||
|
"timestamp": "1643379040",
|
||
|
"to_ids": false,
|
||
|
"type": "text",
|
||
|
"uuid": "030743c2-2410-43f8-95db-0d4f9a1ab1d1",
|
||
|
"value": "NOBITS"
|
||
|
},
|
||
|
{
|
||
|
"category": "Other",
|
||
|
"comment": "",
|
||
|
"deleted": false,
|
||
|
"disable_correlation": true,
|
||
|
"object_relation": "flag",
|
||
|
"timestamp": "1643379040",
|
||
|
"to_ids": false,
|
||
|
"type": "text",
|
||
|
"uuid": "702b6143-c905-4b5c-9fcd-855977041837",
|
||
|
"value": "WRITE"
|
||
|
},
|
||
|
{
|
||
|
"category": "Other",
|
||
|
"comment": "",
|
||
|
"deleted": false,
|
||
|
"disable_correlation": true,
|
||
|
"object_relation": "flag",
|
||
|
"timestamp": "1643379040",
|
||
|
"to_ids": false,
|
||
|
"type": "text",
|
||
|
"uuid": "537d4fd9-dde2-49de-b5f2-8226d0fc5187",
|
||
|
"value": "ALLOC"
|
||
|
},
|
||
|
{
|
||
|
"category": "Other",
|
||
|
"comment": "",
|
||
|
"deleted": false,
|
||
|
"disable_correlation": true,
|
||
|
"object_relation": "size-in-bytes",
|
||
|
"timestamp": "1643379040",
|
||
|
"to_ids": false,
|
||
|
"type": "size-in-bytes",
|
||
|
"uuid": "b4811a5d-0d38-45b3-a000-897269f474e8",
|
||
|
"value": "48"
|
||
|
},
|
||
|
{
|
||
|
"category": "Other",
|
||
|
"comment": "",
|
||
|
"deleted": false,
|
||
|
"disable_correlation": true,
|
||
|
"object_relation": "entropy",
|
||
|
"timestamp": "1643379040",
|
||
|
"to_ids": false,
|
||
|
"type": "float",
|
||
|
"uuid": "948d842c-2736-494b-912d-c6f474c8c8f3",
|
||
|
"value": "3.892022398037"
|
||
|
},
|
||
|
{
|
||
|
"category": "Payload delivery",
|
||
|
"comment": "",
|
||
|
"deleted": false,
|
||
|
"disable_correlation": false,
|
||
|
"object_relation": "md5",
|
||
|
"timestamp": "1643379040",
|
||
|
"to_ids": true,
|
||
|
"type": "md5",
|
||
|
"uuid": "03d52093-ded8-4269-be41-779f87d6ba47",
|
||
|
"value": "301cc0554eb03808eb0705bb65b19541"
|
||
|
},
|
||
|
{
|
||
|
"category": "Payload delivery",
|
||
|
"comment": "",
|
||
|
"deleted": false,
|
||
|
"disable_correlation": false,
|
||
|
"object_relation": "sha1",
|
||
|
"timestamp": "1643379040",
|
||
|
"to_ids": true,
|
||
|
"type": "sha1",
|
||
|
"uuid": "d5058fa1-2e01-4711-a926-ab5088f592fc",
|
||
|
"value": "de36384981283a3537c5a2ef3a7fe3612e2da9a4"
|
||
|
},
|
||
|
{
|
||
|
"category": "Payload delivery",
|
||
|
"comment": "",
|
||
|
"deleted": false,
|
||
|
"disable_correlation": false,
|
||
|
"object_relation": "sha256",
|
||
|
"timestamp": "1643379040",
|
||
|
"to_ids": true,
|
||
|
"type": "sha256",
|
||
|
"uuid": "8e3f17e8-1928-4c09-9981-168e856f0e9a",
|
||
|
"value": "5e19d3b85d4510334a65729801a7e198041b513624804eadfe86bb77aa202ff0"
|
||
|
},
|
||
|
{
|
||
|
"category": "Payload delivery",
|
||
|
"comment": "",
|
||
|
"deleted": false,
|
||
|
"disable_correlation": false,
|
||
|
"object_relation": "sha512",
|
||
|
"timestamp": "1643379040",
|
||
|
"to_ids": true,
|
||
|
"type": "sha512",
|
||
|
"uuid": "a097a70c-7e15-469a-9f73-c597d01a36c9",
|
||
|
"value": "661769b327528b01cb420638171726eb058505468e10c6c3e911fb07d76d89dd19f5dd035c49e1ba870aa25f9cd762a72bc98292f6457c4696815b4a1009aace"
|
||
|
},
|
||
|
{
|
||
|
"category": "Payload delivery",
|
||
|
"comment": "",
|
||
|
"deleted": false,
|
||
|
"disable_correlation": false,
|
||
|
"object_relation": "ssdeep",
|
||
|
"timestamp": "1643379040",
|
||
|
"to_ids": true,
|
||
|
"type": "ssdeep",
|
||
|
"uuid": "817f8c36-d941-4080-b02b-5f714ed9fcb6",
|
||
|
"value": "3:cfwFLFUhbUITMaLbUFmBLl:3FLAx3McR"
|
||
|
}
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"comment": "",
|
||
|
"deleted": false,
|
||
|
"description": "Object describing a section of an Executable and Linkable Format",
|
||
|
"meta-category": "file",
|
||
|
"name": "elf-section",
|
||
|
"template_uuid": "ca271f32-1234-4e87-b240-6b6e882de5de",
|
||
|
"template_version": "4",
|
||
|
"timestamp": "1643379040",
|
||
|
"uuid": "f705c834-81fb-47f4-8938-85072ade512c",
|
||
|
"Attribute": [
|
||
|
{
|
||
|
"category": "Other",
|
||
|
"comment": "",
|
||
|
"deleted": false,
|
||
|
"disable_correlation": true,
|
||
|
"object_relation": "name",
|
||
|
"timestamp": "1643379040",
|
||
|
"to_ids": false,
|
||
|
"type": "text",
|
||
|
"uuid": "dd44d3b0-4663-414d-956f-5d5b681e0965",
|
||
|
"value": ".comment"
|
||
|
},
|
||
|
{
|
||
|
"category": "Other",
|
||
|
"comment": "",
|
||
|
"deleted": false,
|
||
|
"disable_correlation": true,
|
||
|
"object_relation": "type",
|
||
|
"timestamp": "1643379040",
|
||
|
"to_ids": false,
|
||
|
"type": "text",
|
||
|
"uuid": "8dd69618-4a0d-4aac-bab9-567973fe777b",
|
||
|
"value": "PROGBITS"
|
||
|
},
|
||
|
{
|
||
|
"category": "Other",
|
||
|
"comment": "",
|
||
|
"deleted": false,
|
||
|
"disable_correlation": true,
|
||
|
"object_relation": "flag",
|
||
|
"timestamp": "1643379040",
|
||
|
"to_ids": false,
|
||
|
"type": "text",
|
||
|
"uuid": "360addb2-f139-497f-93ad-2c2220278ba2",
|
||
|
"value": "MERGE"
|
||
|
},
|
||
|
{
|
||
|
"category": "Other",
|
||
|
"comment": "",
|
||
|
"deleted": false,
|
||
|
"disable_correlation": true,
|
||
|
"object_relation": "flag",
|
||
|
"timestamp": "1643379040",
|
||
|
"to_ids": false,
|
||
|
"type": "text",
|
||
|
"uuid": "25e69c11-2ebd-40c7-9e80-88ccc3d8487b",
|
||
|
"value": "STRINGS"
|
||
|
},
|
||
|
{
|
||
|
"category": "Other",
|
||
|
"comment": "",
|
||
|
"deleted": false,
|
||
|
"disable_correlation": true,
|
||
|
"object_relation": "size-in-bytes",
|
||
|
"timestamp": "1643379040",
|
||
|
"to_ids": false,
|
||
|
"type": "size-in-bytes",
|
||
|
"uuid": "2c80b9fb-1af6-41e3-ba4d-df33ed33513d",
|
||
|
"value": "39"
|
||
|
},
|
||
|
{
|
||
|
"category": "Other",
|
||
|
"comment": "",
|
||
|
"deleted": false,
|
||
|
"disable_correlation": true,
|
||
|
"object_relation": "entropy",
|
||
|
"timestamp": "1643379040",
|
||
|
"to_ids": false,
|
||
|
"type": "float",
|
||
|
"uuid": "2c21d2dd-229a-4222-99ec-23cdb687909e",
|
||
|
"value": "3.8171682463279"
|
||
|
},
|
||
|
{
|
||
|
"category": "Payload delivery",
|
||
|
"comment": "",
|
||
|
"deleted": false,
|
||
|
"disable_correlation": false,
|
||
|
"object_relation": "md5",
|
||
|
"timestamp": "1643379040",
|
||
|
"to_ids": true,
|
||
|
"type": "md5",
|
||
|
"uuid": "17d6ba45-dc8e-4ad1-94be-2ec3b9232980",
|
||
|
"value": "060ee9719872cacdcfc1d1d7d62630cd"
|
||
|
},
|
||
|
{
|
||
|
"category": "Payload delivery",
|
||
|
"comment": "",
|
||
|
"deleted": false,
|
||
|
"disable_correlation": false,
|
||
|
"object_relation": "sha1",
|
||
|
"timestamp": "1643379040",
|
||
|
"to_ids": true,
|
||
|
"type": "sha1",
|
||
|
"uuid": "e84c0ace-3435-41a0-b354-08294e826c8c",
|
||
|
"value": "31dde06263e9efd9c38263e97ecf973572a14dd8"
|
||
|
},
|
||
|
{
|
||
|
"category": "Payload delivery",
|
||
|
"comment": "",
|
||
|
"deleted": false,
|
||
|
"disable_correlation": false,
|
||
|
"object_relation": "sha256",
|
||
|
"timestamp": "1643379040",
|
||
|
"to_ids": true,
|
||
|
"type": "sha256",
|
||
|
"uuid": "7e089697-f9f6-480c-8303-81e1bd168cca",
|
||
|
"value": "b0b5eb242adf04205862f7138af0b804dae204bde28316e127beb1b56c0f44d3"
|
||
|
},
|
||
|
{
|
||
|
"category": "Payload delivery",
|
||
|
"comment": "",
|
||
|
"deleted": false,
|
||
|
"disable_correlation": false,
|
||
|
"object_relation": "sha512",
|
||
|
"timestamp": "1643379040",
|
||
|
"to_ids": true,
|
||
|
"type": "sha512",
|
||
|
"uuid": "1837ada3-784e-44b4-a979-006985608b09",
|
||
|
"value": "7b2b6b7fa80f3d123512f63c15fa977eb74eff09969e021c501f2f8118c14d891586d925bcb92e449db6b3d00f5a8be0061684c6bfec4a279d56562b6948bf9e"
|
||
|
},
|
||
|
{
|
||
|
"category": "Payload delivery",
|
||
|
"comment": "",
|
||
|
"deleted": false,
|
||
|
"disable_correlation": false,
|
||
|
"object_relation": "ssdeep",
|
||
|
"timestamp": "1643379040",
|
||
|
"to_ids": true,
|
||
|
"type": "ssdeep",
|
||
|
"uuid": "587dd955-24ca-4dcd-bcfa-3e65be3a48a3",
|
||
|
"value": "3:cfwFLFUhbUITMaLbUFmBl:3FLAx3Mcl"
|
||
|
}
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"comment": "",
|
||
|
"deleted": false,
|
||
|
"description": "Object describing a section of an Executable and Linkable Format",
|
||
|
"meta-category": "file",
|
||
|
"name": "elf-section",
|
||
|
"template_uuid": "ca271f32-1234-4e87-b240-6b6e882de5de",
|
||
|
"template_version": "4",
|
||
|
"timestamp": "1643379040",
|
||
|
"uuid": "34066ab4-0ce1-4d8d-ac87-937d1668d164",
|
||
|
"Attribute": [
|
||
|
{
|
||
|
"category": "Other",
|
||
|
"comment": "",
|
||
|
"deleted": false,
|
||
|
"disable_correlation": true,
|
||
|
"object_relation": "name",
|
||
|
"timestamp": "1643379040",
|
||
|
"to_ids": false,
|
||
|
"type": "text",
|
||
|
"uuid": "814e3af4-c8b3-43e1-b675-64f26d2eeab2",
|
||
|
"value": ".debug_aranges"
|
||
|
},
|
||
|
{
|
||
|
"category": "Other",
|
||
|
"comment": "",
|
||
|
"deleted": false,
|
||
|
"disable_correlation": true,
|
||
|
"object_relation": "type",
|
||
|
"timestamp": "1643379040",
|
||
|
"to_ids": false,
|
||
|
"type": "text",
|
||
|
"uuid": "574a9f7a-e2af-4ba5-9119-77c8abd86db7",
|
||
|
"value": "PROGBITS"
|
||
|
},
|
||
|
{
|
||
|
"category": "Other",
|
||
|
"comment": "",
|
||
|
"deleted": false,
|
||
|
"disable_correlation": true,
|
||
|
"object_relation": "size-in-bytes",
|
||
|
"timestamp": "1643379040",
|
||
|
"to_ids": false,
|
||
|
"type": "size-in-bytes",
|
||
|
"uuid": "07eb24e1-13c6-4c0a-a8f1-929c65b41365",
|
||
|
"value": "592"
|
||
|
},
|
||
|
{
|
||
|
"category": "Other",
|
||
|
"comment": "",
|
||
|
"deleted": false,
|
||
|
"disable_correlation": true,
|
||
|
"object_relation": "entropy",
|
||
|
"timestamp": "1643379040",
|
||
|
"to_ids": false,
|
||
|
"type": "float",
|
||
|
"uuid": "10de5caa-f8e1-46e3-92c6-71536d69acb9",
|
||
|
"value": "1.7642294641781"
|
||
|
},
|
||
|
{
|
||
|
"category": "Payload delivery",
|
||
|
"comment": "",
|
||
|
"deleted": false,
|
||
|
"disable_correlation": false,
|
||
|
"object_relation": "md5",
|
||
|
"timestamp": "1643379040",
|
||
|
"to_ids": true,
|
||
|
"type": "md5",
|
||
|
"uuid": "c200c723-7bdf-4ae5-9b08-2e2a3b316672",
|
||
|
"value": "b98f825a216283649d9b26adf2dffaab"
|
||
|
},
|
||
|
{
|
||
|
"category": "Payload delivery",
|
||
|
"comment": "",
|
||
|
"deleted": false,
|
||
|
"disable_correlation": false,
|
||
|
"object_relation": "sha1",
|
||
|
"timestamp": "1643379040",
|
||
|
"to_ids": true,
|
||
|
"type": "sha1",
|
||
|
"uuid": "54cfa785-b009-4941-8197-6bf25f0e2f35",
|
||
|
"value": "0c33651ddc6a2b31bd56006c76ec754c0588942c"
|
||
|
},
|
||
|
{
|
||
|
"category": "Payload delivery",
|
||
|
"comment": "",
|
||
|
"deleted": false,
|
||
|
"disable_correlation": false,
|
||
|
"object_relation": "sha256",
|
||
|
"timestamp": "1643379040",
|
||
|
"to_ids": true,
|
||
|
"type": "sha256",
|
||
|
"uuid": "8a39dcf3-ba26-4357-a18c-0a17b847e201",
|
||
|
"value": "ae2a57fe0e5d499db40eceecea2b57b757ce10a175dc8f87cbc514b584939a44"
|
||
|
},
|
||
|
{
|
||
|
"category": "Payload delivery",
|
||
|
"comment": "",
|
||
|
"deleted": false,
|
||
|
"disable_correlation": false,
|
||
|
"object_relation": "sha512",
|
||
|
"timestamp": "1643379040",
|
||
|
"to_ids": true,
|
||
|
"type": "sha512",
|
||
|
"uuid": "4fa32b4e-795f-438f-97e4-bf35ff357519",
|
||
|
"value": "0b9458da56eeb15b37962240cddc1c85e7f4719c125bb83ae6202df1a925a9949b5a942f711a864303854c24c4c907b5442244631ba1c021223a6811d8daf44f"
|
||
|
},
|
||
|
{
|
||
|
"category": "Payload delivery",
|
||
|
"comment": "",
|
||
|
"deleted": false,
|
||
|
"disable_correlation": false,
|
||
|
"object_relation": "ssdeep",
|
||
|
"timestamp": "1643379040",
|
||
|
"to_ids": true,
|
||
|
"type": "ssdeep",
|
||
|
"uuid": "738aa6e3-08d1-4173-902f-3eb6d2c94a90",
|
||
|
"value": "3:xlttlxllhlXLlRlUlllsz/txlm/X/iX3kplplrXtplllP6RsfR/dlBsNlXvLla/Q:O/WMp/SUl/d/YeFFX0f"
|
||
|
}
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"comment": "",
|
||
|
"deleted": false,
|
||
|
"description": "Object describing a section of an Executable and Linkable Format",
|
||
|
"meta-category": "file",
|
||
|
"name": "elf-section",
|
||
|
"template_uuid": "ca271f32-1234-4e87-b240-6b6e882de5de",
|
||
|
"template_version": "4",
|
||
|
"timestamp": "1643379040",
|
||
|
"uuid": "89bebe98-9e8c-4987-9ade-80f48c2086aa",
|
||
|
"Attribute": [
|
||
|
{
|
||
|
"category": "Other",
|
||
|
"comment": "",
|
||
|
"deleted": false,
|
||
|
"disable_correlation": true,
|
||
|
"object_relation": "name",
|
||
|
"timestamp": "1643379040",
|
||
|
"to_ids": false,
|
||
|
"type": "text",
|
||
|
"uuid": "b5b618b5-12ab-487d-ba59-bd30cebc97a3",
|
||
|
"value": ".debug_info"
|
||
|
},
|
||
|
{
|
||
|
"category": "Other",
|
||
|
"comment": "",
|
||
|
"deleted": false,
|
||
|
"disable_correlation": true,
|
||
|
"object_relation": "type",
|
||
|
"timestamp": "1643379040",
|
||
|
"to_ids": false,
|
||
|
"type": "text",
|
||
|
"uuid": "911abf9e-8c3d-4add-920f-9e689da37339",
|
||
|
"value": "PROGBITS"
|
||
|
},
|
||
|
{
|
||
|
"category": "Other",
|
||
|
"comment": "",
|
||
|
"deleted": false,
|
||
|
"disable_correlation": true,
|
||
|
"object_relation": "size-in-bytes",
|
||
|
"timestamp": "1643379040",
|
||
|
"to_ids": false,
|
||
|
"type": "size-in-bytes",
|
||
|
"uuid": "d3fe73e1-6b61-47d2-9fe5-d6e11c8bcdee",
|
||
|
"value": "36952"
|
||
|
},
|
||
|
{
|
||
|
"category": "Other",
|
||
|
"comment": "",
|
||
|
"deleted": false,
|
||
|
"disable_correlation": true,
|
||
|
"object_relation": "entropy",
|
||
|
"timestamp": "1643379040",
|
||
|
"to_ids": false,
|
||
|
"type": "float",
|
||
|
"uuid": "cff4d731-b6b2-4c61-8ad5-b0ee2dc544a8",
|
||
|
"value": "5.0500197744229"
|
||
|
},
|
||
|
{
|
||
|
"category": "Payload delivery",
|
||
|
"comment": "",
|
||
|
"deleted": false,
|
||
|
"disable_correlation": false,
|
||
|
"object_relation": "md5",
|
||
|
"timestamp": "1643379040",
|
||
|
"to_ids": true,
|
||
|
"type": "md5",
|
||
|
"uuid": "ed6d27c9-54dd-420c-9dcd-868800645e1d",
|
||
|
"value": "045fbe4bd619e48f21f0cfcaf57b9e15"
|
||
|
},
|
||
|
{
|
||
|
"category": "Payload delivery",
|
||
|
"comment": "",
|
||
|
"deleted": false,
|
||
|
"disable_correlation": false,
|
||
|
"object_relation": "sha1",
|
||
|
"timestamp": "1643379041",
|
||
|
"to_ids": true,
|
||
|
"type": "sha1",
|
||
|
"uuid": "10448e3a-9022-4bd4-9a0f-7434765060f3",
|
||
|
"value": "74860dd59db5f595449a706d87cad0c5e37b98b7"
|
||
|
},
|
||
|
{
|
||
|
"category": "Payload delivery",
|
||
|
"comment": "",
|
||
|
"deleted": false,
|
||
|
"disable_correlation": false,
|
||
|
"object_relation": "sha256",
|
||
|
"timestamp": "1643379041",
|
||
|
"to_ids": true,
|
||
|
"type": "sha256",
|
||
|
"uuid": "7758b3e6-e859-4ae5-a472-e900ddae02f2",
|
||
|
"value": "ed723a7bcc1d67a2383a6daccb169fd11a77a2082e4fafded8fd5354340ee7cd"
|
||
|
},
|
||
|
{
|
||
|
"category": "Payload delivery",
|
||
|
"comment": "",
|
||
|
"deleted": false,
|
||
|
"disable_correlation": false,
|
||
|
"object_relation": "sha512",
|
||
|
"timestamp": "1643379041",
|
||
|
"to_ids": true,
|
||
|
"type": "sha512",
|
||
|
"uuid": "ff875437-1a7c-4ee4-a9ee-555819d6f019",
|
||
|
"value": "508ba3f6332338a8644dddece3d97cc96ecf2df077781840c1a92e588eb27fdf9da1a0e36067526f75379a546535808593ed859ce3b695f74baf64d47aaf1454"
|
||
|
},
|
||
|
{
|
||
|
"category": "Payload delivery",
|
||
|
"comment": "",
|
||
|
"deleted": false,
|
||
|
"disable_correlation": false,
|
||
|
"object_relation": "ssdeep",
|
||
|
"timestamp": "1643379041",
|
||
|
"to_ids": true,
|
||
|
"type": "ssdeep",
|
||
|
"uuid": "10b56cd3-2cf3-4667-b4c8-43ec60fb6688",
|
||
|
"value": "768:6CQxrOwkNsoxG0BaQBxcp3s7j6TagmDf7Mm2IFm:6ppOPNDDBxtfDf7b2IFm"
|
||
|
}
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"comment": "",
|
||
|
"deleted": false,
|
||
|
"description": "Object describing a section of an Executable and Linkable Format",
|
||
|
"meta-category": "file",
|
||
|
"name": "elf-section",
|
||
|
"template_uuid": "ca271f32-1234-4e87-b240-6b6e882de5de",
|
||
|
"template_version": "4",
|
||
|
"timestamp": "1643379041",
|
||
|
"uuid": "142feb3d-6177-4bc7-9716-f7dfed0d65be",
|
||
|
"Attribute": [
|
||
|
{
|
||
|
"category": "Other",
|
||
|
"comment": "",
|
||
|
"deleted": false,
|
||
|
"disable_correlation": true,
|
||
|
"object_relation": "name",
|
||
|
"timestamp": "1643379041",
|
||
|
"to_ids": false,
|
||
|
"type": "text",
|
||
|
"uuid": "077ee007-9679-43ca-a7b9-32c8a58d87fd",
|
||
|
"value": ".debug_abbrev"
|
||
|
},
|
||
|
{
|
||
|
"category": "Other",
|
||
|
"comment": "",
|
||
|
"deleted": false,
|
||
|
"disable_correlation": true,
|
||
|
"object_relation": "type",
|
||
|
"timestamp": "1643379041",
|
||
|
"to_ids": false,
|
||
|
"type": "text",
|
||
|
"uuid": "c42106fb-6b7d-4814-91e6-3d0464b2785e",
|
||
|
"value": "PROGBITS"
|
||
|
},
|
||
|
{
|
||
|
"category": "Other",
|
||
|
"comment": "",
|
||
|
"deleted": false,
|
||
|
"disable_correlation": true,
|
||
|
"object_relation": "size-in-bytes",
|
||
|
"timestamp": "1643379041",
|
||
|
"to_ids": false,
|
||
|
"type": "size-in-bytes",
|
||
|
"uuid": "e9c015e5-8be7-47cc-a14c-81619f1d3711",
|
||
|
"value": "7226"
|
||
|
},
|
||
|
{
|
||
|
"category": "Other",
|
||
|
"comment": "",
|
||
|
"deleted": false,
|
||
|
"disable_correlation": true,
|
||
|
"object_relation": "entropy",
|
||
|
"timestamp": "1643379041",
|
||
|
"to_ids": false,
|
||
|
"type": "float",
|
||
|
"uuid": "a6308ea2-f275-40d6-a048-67b156f40616",
|
||
|
"value": "4.8066037375965"
|
||
|
},
|
||
|
{
|
||
|
"category": "Payload delivery",
|
||
|
"comment": "",
|
||
|
"deleted": false,
|
||
|
"disable_correlation": false,
|
||
|
"object_relation": "md5",
|
||
|
"timestamp": "1643379041",
|
||
|
"to_ids": true,
|
||
|
"type": "md5",
|
||
|
"uuid": "1c9872d4-5779-43fc-8cdf-2464513e8e5e",
|
||
|
"value": "5d00ec694ac2134234c8bc7467578dbf"
|
||
|
},
|
||
|
{
|
||
|
"category": "Payload delivery",
|
||
|
"comment": "",
|
||
|
"deleted": false,
|
||
|
"disable_correlation": false,
|
||
|
"object_relation": "sha1",
|
||
|
"timestamp": "1643379041",
|
||
|
"to_ids": true,
|
||
|
"type": "sha1",
|
||
|
"uuid": "29aec7ef-886c-4d83-a3c9-94c15513ee1e",
|
||
|
"value": "c5a863fe1dde9cd0d8e9eeff732e2ce44da5d57f"
|
||
|
},
|
||
|
{
|
||
|
"category": "Payload delivery",
|
||
|
"comment": "",
|
||
|
"deleted": false,
|
||
|
"disable_correlation": false,
|
||
|
"object_relation": "sha256",
|
||
|
"timestamp": "1643379041",
|
||
|
"to_ids": true,
|
||
|
"type": "sha256",
|
||
|
"uuid": "6963b7f0-bdda-40ba-8395-c1535885a6bb",
|
||
|
"value": "4ac1ddcde0ddc657785a41acbf30ab2becc1ca9798c6020285a644be9c2414a5"
|
||
|
},
|
||
|
{
|
||
|
"category": "Payload delivery",
|
||
|
"comment": "",
|
||
|
"deleted": false,
|
||
|
"disable_correlation": false,
|
||
|
"object_relation": "sha512",
|
||
|
"timestamp": "1643379041",
|
||
|
"to_ids": true,
|
||
|
"type": "sha512",
|
||
|
"uuid": "b2769571-4a34-497c-82e6-ebb279d22448",
|
||
|
"value": "840312df1852fa7af72d282db2666bbd9e896fde09d6711146274872c587c1f7d3b86e7c00212d68a556e44e775492bd4bfe63351bc19d7206ece04709506cc3"
|
||
|
},
|
||
|
{
|
||
|
"category": "Payload delivery",
|
||
|
"comment": "",
|
||
|
"deleted": false,
|
||
|
"disable_correlation": false,
|
||
|
"object_relation": "ssdeep",
|
||
|
"timestamp": "1643379041",
|
||
|
"to_ids": true,
|
||
|
"type": "ssdeep",
|
||
|
"uuid": "6393472d-f3e9-4b46-8395-0dc93f57afe0",
|
||
|
"value": "192:Jlf9eNOHMASpEbN9thLYs/HcmE9tau/isU+1N1glf5K38a85EZmsZj+DopVNCClw:JlOvST9PcklxFZE8GbK"
|
||
|
}
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"comment": "",
|
||
|
"deleted": false,
|
||
|
"description": "Object describing a section of an Executable and Linkable Format",
|
||
|
"meta-category": "file",
|
||
|
"name": "elf-section",
|
||
|
"template_uuid": "ca271f32-1234-4e87-b240-6b6e882de5de",
|
||
|
"template_version": "4",
|
||
|
"timestamp": "1643379041",
|
||
|
"uuid": "159d2cc9-3205-4a2d-8aa3-5efa0389395e",
|
||
|
"Attribute": [
|
||
|
{
|
||
|
"category": "Other",
|
||
|
"comment": "",
|
||
|
"deleted": false,
|
||
|
"disable_correlation": true,
|
||
|
"object_relation": "name",
|
||
|
"timestamp": "1643379041",
|
||
|
"to_ids": false,
|
||
|
"type": "text",
|
||
|
"uuid": "1252aa5c-ef31-43d6-8a1a-4682fdbe4077",
|
||
|
"value": ".debug_line"
|
||
|
},
|
||
|
{
|
||
|
"category": "Other",
|
||
|
"comment": "",
|
||
|
"deleted": false,
|
||
|
"disable_correlation": true,
|
||
|
"object_relation": "type",
|
||
|
"timestamp": "1643379041",
|
||
|
"to_ids": false,
|
||
|
"type": "text",
|
||
|
"uuid": "a0f13210-6581-460a-85c1-55a5e9f6db8d",
|
||
|
"value": "PROGBITS"
|
||
|
},
|
||
|
{
|
||
|
"category": "Other",
|
||
|
"comment": "",
|
||
|
"deleted": false,
|
||
|
"disable_correlation": true,
|
||
|
"object_relation": "size-in-bytes",
|
||
|
"timestamp": "1643379041",
|
||
|
"to_ids": false,
|
||
|
"type": "size-in-bytes",
|
||
|
"uuid": "7f48d070-c184-4039-89b2-8b2fe21151f0",
|
||
|
"value": "18273"
|
||
|
},
|
||
|
{
|
||
|
"category": "Other",
|
||
|
"comment": "",
|
||
|
"deleted": false,
|
||
|
"disable_correlation": true,
|
||
|
"object_relation": "entropy",
|
||
|
"timestamp": "1643379041",
|
||
|
"to_ids": false,
|
||
|
"type": "float",
|
||
|
"uuid": "b393fea4-f3c7-49cb-86a3-3b13e571b044",
|
||
|
"value": "5.50868915771"
|
||
|
},
|
||
|
{
|
||
|
"category": "Payload delivery",
|
||
|
"comment": "",
|
||
|
"deleted": false,
|
||
|
"disable_correlation": false,
|
||
|
"object_relation": "md5",
|
||
|
"timestamp": "1643379041",
|
||
|
"to_ids": true,
|
||
|
"type": "md5",
|
||
|
"uuid": "e0cccf9c-79e2-46d4-b4f4-6b25c1998537",
|
||
|
"value": "42239062c8f83996d972d4f2a774aeaf"
|
||
|
},
|
||
|
{
|
||
|
"category": "Payload delivery",
|
||
|
"comment": "",
|
||
|
"deleted": false,
|
||
|
"disable_correlation": false,
|
||
|
"object_relation": "sha1",
|
||
|
"timestamp": "1643379041",
|
||
|
"to_ids": true,
|
||
|
"type": "sha1",
|
||
|
"uuid": "cac74480-bd71-472c-b89c-2b6399ad007b",
|
||
|
"value": "d5699ba3a7bf79d5274757ec1c7b4c6a029c3833"
|
||
|
},
|
||
|
{
|
||
|
"category": "Payload delivery",
|
||
|
"comment": "",
|
||
|
"deleted": false,
|
||
|
"disable_correlation": false,
|
||
|
"object_relation": "sha256",
|
||
|
"timestamp": "1643379041",
|
||
|
"to_ids": true,
|
||
|
"type": "sha256",
|
||
|
"uuid": "1e9eb0eb-ffc7-4980-89ba-16572e5b9d6a",
|
||
|
"value": "f152dfc267191bb3ff64806412541af38c083eec6ab7a91a0d214ef8c0af6ad6"
|
||
|
},
|
||
|
{
|
||
|
"category": "Payload delivery",
|
||
|
"comment": "",
|
||
|
"deleted": false,
|
||
|
"disable_correlation": false,
|
||
|
"object_relation": "sha512",
|
||
|
"timestamp": "1643379041",
|
||
|
"to_ids": true,
|
||
|
"type": "sha512",
|
||
|
"uuid": "c8db20c9-65c7-482c-a4d0-f7ffec7d8a0d",
|
||
|
"value": "b3d14782c2794020d1e19ce1d263971c90e06afc20b2f0442afbb3639cf0f9fe6cf4a6c39c3744e5f1980092588fa2849d9aa179e1dde6643597a76fb00d0d7e"
|
||
|
},
|
||
|
{
|
||
|
"category": "Payload delivery",
|
||
|
"comment": "",
|
||
|
"deleted": false,
|
||
|
"disable_correlation": false,
|
||
|
"object_relation": "ssdeep",
|
||
|
"timestamp": "1643379041",
|
||
|
"to_ids": true,
|
||
|
"type": "ssdeep",
|
||
|
"uuid": "28897f6a-30c6-4d97-bb93-996cfd291da1",
|
||
|
"value": "384:T1KBLtqwww+o+wAY1ZfjmoElYdo3rWdKd9umqDAroqnIe:Zwswww+o2Y7JwYd8CAnuFErDnx"
|
||
|
}
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"comment": "",
|
||
|
"deleted": false,
|
||
|
"description": "Object describing a section of an Executable and Linkable Format",
|
||
|
"meta-category": "file",
|
||
|
"name": "elf-section",
|
||
|
"template_uuid": "ca271f32-1234-4e87-b240-6b6e882de5de",
|
||
|
"template_version": "4",
|
||
|
"timestamp": "1643379041",
|
||
|
"uuid": "544a4239-ca3b-4d41-8e55-da5a0c40f195",
|
||
|
"Attribute": [
|
||
|
{
|
||
|
"category": "Other",
|
||
|
"comment": "",
|
||
|
"deleted": false,
|
||
|
"disable_correlation": true,
|
||
|
"object_relation": "name",
|
||
|
"timestamp": "1643379041",
|
||
|
"to_ids": false,
|
||
|
"type": "text",
|
||
|
"uuid": "ac781ebb-1eed-444a-956f-65f56087402e",
|
||
|
"value": ".debug_str"
|
||
|
},
|
||
|
{
|
||
|
"category": "Other",
|
||
|
"comment": "",
|
||
|
"deleted": false,
|
||
|
"disable_correlation": true,
|
||
|
"object_relation": "type",
|
||
|
"timestamp": "1643379041",
|
||
|
"to_ids": false,
|
||
|
"type": "text",
|
||
|
"uuid": "2b733ff7-2267-4811-89fd-8b9299a95ce7",
|
||
|
"value": "PROGBITS"
|
||
|
},
|
||
|
{
|
||
|
"category": "Other",
|
||
|
"comment": "",
|
||
|
"deleted": false,
|
||
|
"disable_correlation": true,
|
||
|
"object_relation": "flag",
|
||
|
"timestamp": "1643379041",
|
||
|
"to_ids": false,
|
||
|
"type": "text",
|
||
|
"uuid": "4a7df149-b536-47ab-9067-e903bbf7657d",
|
||
|
"value": "MERGE"
|
||
|
},
|
||
|
{
|
||
|
"category": "Other",
|
||
|
"comment": "",
|
||
|
"deleted": false,
|
||
|
"disable_correlation": true,
|
||
|
"object_relation": "flag",
|
||
|
"timestamp": "1643379041",
|
||
|
"to_ids": false,
|
||
|
"type": "text",
|
||
|
"uuid": "ecb2502b-22b7-45ae-880a-42315fbc4ae9",
|
||
|
"value": "STRINGS"
|
||
|
},
|
||
|
{
|
||
|
"category": "Other",
|
||
|
"comment": "",
|
||
|
"deleted": false,
|
||
|
"disable_correlation": true,
|
||
|
"object_relation": "size-in-bytes",
|
||
|
"timestamp": "1643379041",
|
||
|
"to_ids": false,
|
||
|
"type": "size-in-bytes",
|
||
|
"uuid": "ea1cefd0-83db-443c-9ded-307bcaa280f6",
|
||
|
"value": "8151"
|
||
|
},
|
||
|
{
|
||
|
"category": "Other",
|
||
|
"comment": "",
|
||
|
"deleted": false,
|
||
|
"disable_correlation": true,
|
||
|
"object_relation": "entropy",
|
||
|
"timestamp": "1643379041",
|
||
|
"to_ids": false,
|
||
|
"type": "float",
|
||
|
"uuid": "06bc4f69-964a-4115-aab4-644be37d6f4c",
|
||
|
"value": "5.1679424031838"
|
||
|
},
|
||
|
{
|
||
|
"category": "Payload delivery",
|
||
|
"comment": "",
|
||
|
"deleted": false,
|
||
|
"disable_correlation": false,
|
||
|
"object_relation": "md5",
|
||
|
"timestamp": "1643379041",
|
||
|
"to_ids": true,
|
||
|
"type": "md5",
|
||
|
"uuid": "ee49dd5c-81aa-4828-83ac-acc312ffce31",
|
||
|
"value": "4f6ed43c0bc1d482aa562f3517fc5893"
|
||
|
},
|
||
|
{
|
||
|
"category": "Payload delivery",
|
||
|
"comment": "",
|
||
|
"deleted": false,
|
||
|
"disable_correlation": false,
|
||
|
"object_relation": "sha1",
|
||
|
"timestamp": "1643379041",
|
||
|
"to_ids": true,
|
||
|
"type": "sha1",
|
||
|
"uuid": "2df6f186-0678-443b-b18d-bd13e0bee7aa",
|
||
|
"value": "db6795da93c7ec68d3b40d74c6763270fb3c8490"
|
||
|
},
|
||
|
{
|
||
|
"category": "Payload delivery",
|
||
|
"comment": "",
|
||
|
"deleted": false,
|
||
|
"disable_correlation": false,
|
||
|
"object_relation": "sha256",
|
||
|
"timestamp": "1643379041",
|
||
|
"to_ids": true,
|
||
|
"type": "sha256",
|
||
|
"uuid": "db55d510-68e4-48de-bca3-eeb17cd81b44",
|
||
|
"value": "c780118a92c61e5a72063b2faeb0f0367dc1a654cae01072f5c8c9c71ef96287"
|
||
|
},
|
||
|
{
|
||
|
"category": "Payload delivery",
|
||
|
"comment": "",
|
||
|
"deleted": false,
|
||
|
"disable_correlation": false,
|
||
|
"object_relation": "sha512",
|
||
|
"timestamp": "1643379041",
|
||
|
"to_ids": true,
|
||
|
"type": "sha512",
|
||
|
"uuid": "c83fd8ec-b59c-473c-ba5e-f460802e9362",
|
||
|
"value": "528cf96cce18a2311836ff31dc4e00a73bdf3c908dcc12a0a8f36b6fe281f144c3c29e7e97228629fd2e9284c388ab1cff750b3af2aca19d98a72c231a5b825e"
|
||
|
},
|
||
|
{
|
||
|
"category": "Payload delivery",
|
||
|
"comment": "",
|
||
|
"deleted": false,
|
||
|
"disable_correlation": false,
|
||
|
"object_relation": "ssdeep",
|
||
|
"timestamp": "1643379041",
|
||
|
"to_ids": true,
|
||
|
"type": "ssdeep",
|
||
|
"uuid": "84004bdf-a01f-4491-9490-c75e272d2149",
|
||
|
"value": "192:TTRjmgBBg/WIDbEq1CalgHykkXXQ+MpovANYBj+nl:P5XEl4SFXXpSmCYR8"
|
||
|
}
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"comment": "",
|
||
|
"deleted": false,
|
||
|
"description": "Object describing a section of an Executable and Linkable Format",
|
||
|
"meta-category": "file",
|
||
|
"name": "elf-section",
|
||
|
"template_uuid": "ca271f32-1234-4e87-b240-6b6e882de5de",
|
||
|
"template_version": "4",
|
||
|
"timestamp": "1643379041",
|
||
|
"uuid": "c2060b89-7937-4fe7-8f27-64813a461fa6",
|
||
|
"Attribute": [
|
||
|
{
|
||
|
"category": "Other",
|
||
|
"comment": "",
|
||
|
"deleted": false,
|
||
|
"disable_correlation": true,
|
||
|
"object_relation": "name",
|
||
|
"timestamp": "1643379041",
|
||
|
"to_ids": false,
|
||
|
"type": "text",
|
||
|
"uuid": "81442012-5b5f-4206-b2b3-2c99f4122542",
|
||
|
"value": ".debug_loc"
|
||
|
},
|
||
|
{
|
||
|
"category": "Other",
|
||
|
"comment": "",
|
||
|
"deleted": false,
|
||
|
"disable_correlation": true,
|
||
|
"object_relation": "type",
|
||
|
"timestamp": "1643379041",
|
||
|
"to_ids": false,
|
||
|
"type": "text",
|
||
|
"uuid": "bf181af7-e10c-4118-b48f-bbd01e705370",
|
||
|
"value": "PROGBITS"
|
||
|
},
|
||
|
{
|
||
|
"category": "Other",
|
||
|
"comment": "",
|
||
|
"deleted": false,
|
||
|
"disable_correlation": true,
|
||
|
"object_relation": "size-in-bytes",
|
||
|
"timestamp": "1643379041",
|
||
|
"to_ids": false,
|
||
|
"type": "size-in-bytes",
|
||
|
"uuid": "522829d9-2525-4a06-a0be-478469ce9658",
|
||
|
"value": "41324"
|
||
|
},
|
||
|
{
|
||
|
"category": "Other",
|
||
|
"comment": "",
|
||
|
"deleted": false,
|
||
|
"disable_correlation": true,
|
||
|
"object_relation": "entropy",
|
||
|
"timestamp": "1643379041",
|
||
|
"to_ids": false,
|
||
|
"type": "float",
|
||
|
"uuid": "7b5e4afc-bb6c-4918-8d71-77d5dc2d9926",
|
||
|
"value": "2.7911258913065"
|
||
|
},
|
||
|
{
|
||
|
"category": "Payload delivery",
|
||
|
"comment": "",
|
||
|
"deleted": false,
|
||
|
"disable_correlation": false,
|
||
|
"object_relation": "md5",
|
||
|
"timestamp": "1643379041",
|
||
|
"to_ids": true,
|
||
|
"type": "md5",
|
||
|
"uuid": "8fcaf113-a377-4eff-a477-8fabea4fa14e",
|
||
|
"value": "75c826b91edea0f0bf83ff807f4ddeeb"
|
||
|
},
|
||
|
{
|
||
|
"category": "Payload delivery",
|
||
|
"comment": "",
|
||
|
"deleted": false,
|
||
|
"disable_correlation": false,
|
||
|
"object_relation": "sha1",
|
||
|
"timestamp": "1643379041",
|
||
|
"to_ids": true,
|
||
|
"type": "sha1",
|
||
|
"uuid": "83b3ac5c-8e26-4f93-863f-3be6f70ee4f2",
|
||
|
"value": "7a17069df1dd38cafeebbf8ea769f303a11656bb"
|
||
|
},
|
||
|
{
|
||
|
"category": "Payload delivery",
|
||
|
"comment": "",
|
||
|
"deleted": false,
|
||
|
"disable_correlation": false,
|
||
|
"object_relation": "sha256",
|
||
|
"timestamp": "1643379041",
|
||
|
"to_ids": true,
|
||
|
"type": "sha256",
|
||
|
"uuid": "39dd9176-f918-4224-ab86-04a2e00feca8",
|
||
|
"value": "c70288a77b2acfbaa35000491b8736ab70743f9ee9f2e0556ca2702d19a3544e"
|
||
|
},
|
||
|
{
|
||
|
"category": "Payload delivery",
|
||
|
"comment": "",
|
||
|
"deleted": false,
|
||
|
"disable_correlation": false,
|
||
|
"object_relation": "sha512",
|
||
|
"timestamp": "1643379041",
|
||
|
"to_ids": true,
|
||
|
"type": "sha512",
|
||
|
"uuid": "4d8ef65f-0708-4636-b885-ee41534f8656",
|
||
|
"value": "c55ae7bf38bdccfe6200be878b8d0adabe7fc86d2ce1844fc2fe043adcc9b45dc6edadd8c73011d3e68234b4cd3911a22a077dc23ee7424a5f01f066198a2686"
|
||
|
},
|
||
|
{
|
||
|
"category": "Payload delivery",
|
||
|
"comment": "",
|
||
|
"deleted": false,
|
||
|
"disable_correlation": false,
|
||
|
"object_relation": "ssdeep",
|
||
|
"timestamp": "1643379041",
|
||
|
"to_ids": true,
|
||
|
"type": "ssdeep",
|
||
|
"uuid": "e4908286-663e-4bad-a819-c773834d7b7d",
|
||
|
"value": "384:gah+ixHUA2JyWngl4+3pdIeRt8jXugN/lANhqTNwLzG1gtHIHbnk8c:gahbxHMJyWmdIqOXugNeNRLzG1/"
|
||
|
}
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"comment": "",
|
||
|
"deleted": false,
|
||
|
"description": "Object describing a section of an Executable and Linkable Format",
|
||
|
"meta-category": "file",
|
||
|
"name": "elf-section",
|
||
|
"template_uuid": "ca271f32-1234-4e87-b240-6b6e882de5de",
|
||
|
"template_version": "4",
|
||
|
"timestamp": "1643379041",
|
||
|
"uuid": "361e875d-e54a-44b5-b9c7-6a9695705213",
|
||
|
"Attribute": [
|
||
|
{
|
||
|
"category": "Other",
|
||
|
"comment": "",
|
||
|
"deleted": false,
|
||
|
"disable_correlation": true,
|
||
|
"object_relation": "name",
|
||
|
"timestamp": "1643379041",
|
||
|
"to_ids": false,
|
||
|
"type": "text",
|
||
|
"uuid": "9e249bff-e708-4618-92b1-a0de5e1d8432",
|
||
|
"value": ".debug_ranges"
|
||
|
},
|
||
|
{
|
||
|
"category": "Other",
|
||
|
"comment": "",
|
||
|
"deleted": false,
|
||
|
"disable_correlation": true,
|
||
|
"object_relation": "type",
|
||
|
"timestamp": "1643379041",
|
||
|
"to_ids": false,
|
||
|
"type": "text",
|
||
|
"uuid": "f27659d3-005d-4e0b-aa35-9aad3f057acd",
|
||
|
"value": "PROGBITS"
|
||
|
},
|
||
|
{
|
||
|
"category": "Other",
|
||
|
"comment": "",
|
||
|
"deleted": false,
|
||
|
"disable_correlation": true,
|
||
|
"object_relation": "size-in-bytes",
|
||
|
"timestamp": "1643379041",
|
||
|
"to_ids": false,
|
||
|
"type": "size-in-bytes",
|
||
|
"uuid": "23453f14-b558-4b6f-b35b-a4d1a62d7a23",
|
||
|
"value": "4192"
|
||
|
},
|
||
|
{
|
||
|
"category": "Other",
|
||
|
"comment": "",
|
||
|
"deleted": false,
|
||
|
"disable_correlation": true,
|
||
|
"object_relation": "entropy",
|
||
|
"timestamp": "1643379041",
|
||
|
"to_ids": false,
|
||
|
"type": "float",
|
||
|
"uuid": "6f4a4829-bc63-48b7-aea8-9cd4be4fbb04",
|
||
|
"value": "1.9426792068377"
|
||
|
},
|
||
|
{
|
||
|
"category": "Payload delivery",
|
||
|
"comment": "",
|
||
|
"deleted": false,
|
||
|
"disable_correlation": false,
|
||
|
"object_relation": "md5",
|
||
|
"timestamp": "1643379041",
|
||
|
"to_ids": true,
|
||
|
"type": "md5",
|
||
|
"uuid": "f5ac1a21-35b9-43e5-bb00-8bb63296fdd5",
|
||
|
"value": "b6ade8eb0c9af365f6abe8aee7703680"
|
||
|
},
|
||
|
{
|
||
|
"category": "Payload delivery",
|
||
|
"comment": "",
|
||
|
"deleted": false,
|
||
|
"disable_correlation": false,
|
||
|
"object_relation": "sha1",
|
||
|
"timestamp": "1643379041",
|
||
|
"to_ids": true,
|
||
|
"type": "sha1",
|
||
|
"uuid": "77369e49-6c44-4663-8f15-c0b97c115b3f",
|
||
|
"value": "e1648face620c760d64ed3f92ffbef8253cbb12f"
|
||
|
},
|
||
|
{
|
||
|
"category": "Payload delivery",
|
||
|
"comment": "",
|
||
|
"deleted": false,
|
||
|
"disable_correlation": false,
|
||
|
"object_relation": "sha256",
|
||
|
"timestamp": "1643379041",
|
||
|
"to_ids": true,
|
||
|
"type": "sha256",
|
||
|
"uuid": "cfe7f0af-b294-442d-a431-cae367357721",
|
||
|
"value": "9d3264bb78a7342b1f0d5b6e54c3e727a07af5b6b3455f45b94c0e24b50055a2"
|
||
|
},
|
||
|
{
|
||
|
"category": "Payload delivery",
|
||
|
"comment": "",
|
||
|
"deleted": false,
|
||
|
"disable_correlation": false,
|
||
|
"object_relation": "sha512",
|
||
|
"timestamp": "1643379041",
|
||
|
"to_ids": true,
|
||
|
"type": "sha512",
|
||
|
"uuid": "907dd008-1343-4597-a30f-c8d7325b8367",
|
||
|
"value": "2aa3305906824e493bc11d2361b2c8591d1bdfe124b6b7c6576b04c031a26135ab1b80cb1757a53a5bf94ff0d09841401fab389f78d74f691d44471087475cc2"
|
||
|
},
|
||
|
{
|
||
|
"category": "Payload delivery",
|
||
|
"comment": "",
|
||
|
"deleted": false,
|
||
|
"disable_correlation": false,
|
||
|
"object_relation": "ssdeep",
|
||
|
"timestamp": "1643379041",
|
||
|
"to_ids": true,
|
||
|
"type": "ssdeep",
|
||
|
"uuid": "32dbc301-add0-4a91-af3d-5c0d4eaed60a",
|
||
|
"value": "48:UvXGHmmdFY4MpIOECv4DXDXDYpOF3mmtv5IO+AH275MD2drLy:UeHmmd6lE04DXDXDrF3mmtvV07Bd"
|
||
|
}
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"comment": "",
|
||
|
"deleted": false,
|
||
|
"description": "Object describing a section of an Executable and Linkable Format",
|
||
|
"meta-category": "file",
|
||
|
"name": "elf-section",
|
||
|
"template_uuid": "ca271f32-1234-4e87-b240-6b6e882de5de",
|
||
|
"template_version": "4",
|
||
|
"timestamp": "1643379041",
|
||
|
"uuid": "af34567c-3eca-4ef6-a4d2-f47302a26efb",
|
||
|
"Attribute": [
|
||
|
{
|
||
|
"category": "Other",
|
||
|
"comment": "",
|
||
|
"deleted": false,
|
||
|
"disable_correlation": true,
|
||
|
"object_relation": "name",
|
||
|
"timestamp": "1643379041",
|
||
|
"to_ids": false,
|
||
|
"type": "text",
|
||
|
"uuid": "66f7ddf6-2ae7-4c9a-983c-3e0eb52c6327",
|
||
|
"value": ".symtab"
|
||
|
},
|
||
|
{
|
||
|
"category": "Other",
|
||
|
"comment": "",
|
||
|
"deleted": false,
|
||
|
"disable_correlation": true,
|
||
|
"object_relation": "type",
|
||
|
"timestamp": "1643379041",
|
||
|
"to_ids": false,
|
||
|
"type": "text",
|
||
|
"uuid": "c55ec9bd-e2d3-439b-b805-7a87040e89d3",
|
||
|
"value": "SYMTAB"
|
||
|
},
|
||
|
{
|
||
|
"category": "Other",
|
||
|
"comment": "",
|
||
|
"deleted": false,
|
||
|
"disable_correlation": true,
|
||
|
"object_relation": "size-in-bytes",
|
||
|
"timestamp": "1643379041",
|
||
|
"to_ids": false,
|
||
|
"type": "size-in-bytes",
|
||
|
"uuid": "9656d762-2c95-4cc1-a8a4-35125d168062",
|
||
|
"value": "58632"
|
||
|
},
|
||
|
{
|
||
|
"category": "Other",
|
||
|
"comment": "",
|
||
|
"deleted": false,
|
||
|
"disable_correlation": true,
|
||
|
"object_relation": "entropy",
|
||
|
"timestamp": "1643379041",
|
||
|
"to_ids": false,
|
||
|
"type": "float",
|
||
|
"uuid": "12c1e68e-8b0d-4412-9441-336c8f585277",
|
||
|
"value": "3.2704167968698"
|
||
|
},
|
||
|
{
|
||
|
"category": "Payload delivery",
|
||
|
"comment": "",
|
||
|
"deleted": false,
|
||
|
"disable_correlation": false,
|
||
|
"object_relation": "md5",
|
||
|
"timestamp": "1643379041",
|
||
|
"to_ids": true,
|
||
|
"type": "md5",
|
||
|
"uuid": "084729e4-ad65-47ae-bc76-b276e3fea1ae",
|
||
|
"value": "ebc7ccebf350980919d1dc66f337b7cc"
|
||
|
},
|
||
|
{
|
||
|
"category": "Payload delivery",
|
||
|
"comment": "",
|
||
|
"deleted": false,
|
||
|
"disable_correlation": false,
|
||
|
"object_relation": "sha1",
|
||
|
"timestamp": "1643379041",
|
||
|
"to_ids": true,
|
||
|
"type": "sha1",
|
||
|
"uuid": "2b6558b6-ff97-40c5-ac64-303fed1b583a",
|
||
|
"value": "306412c77c1b4e74e4054e41ea1407c8fae327ab"
|
||
|
},
|
||
|
{
|
||
|
"category": "Payload delivery",
|
||
|
"comment": "",
|
||
|
"deleted": false,
|
||
|
"disable_correlation": false,
|
||
|
"object_relation": "sha256",
|
||
|
"timestamp": "1643379041",
|
||
|
"to_ids": true,
|
||
|
"type": "sha256",
|
||
|
"uuid": "e4731c91-a510-404c-84b3-d672e39631cf",
|
||
|
"value": "a99f6690c57912ee9b50a824677a0e73a33fe89e81178f1c341ba4cc5c734baa"
|
||
|
},
|
||
|
{
|
||
|
"category": "Payload delivery",
|
||
|
"comment": "",
|
||
|
"deleted": false,
|
||
|
"disable_correlation": false,
|
||
|
"object_relation": "sha512",
|
||
|
"timestamp": "1643379041",
|
||
|
"to_ids": true,
|
||
|
"type": "sha512",
|
||
|
"uuid": "af3ca2e9-0603-48db-8387-0cfc337a49ae",
|
||
|
"value": "cded297ea05912e5cc7bd10375068648289a3476ce8f6de94b9acb8df41739362ae0da6ce1460c3de72f43389d44ecd068a9781ea48fe9548028e710648a83b4"
|
||
|
},
|
||
|
{
|
||
|
"category": "Payload delivery",
|
||
|
"comment": "",
|
||
|
"deleted": false,
|
||
|
"disable_correlation": false,
|
||
|
"object_relation": "ssdeep",
|
||
|
"timestamp": "1643379041",
|
||
|
"to_ids": true,
|
||
|
"type": "ssdeep",
|
||
|
"uuid": "cd87e494-7be6-48e6-bab8-9726fe29f98d",
|
||
|
"value": "768:KSjjf7mk7Az7zEi7vay56R9mnExbIOH5vRBmQDN:vP7NAz7ggdc6ExbIWpBvD"
|
||
|
}
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"comment": "",
|
||
|
"deleted": false,
|
||
|
"description": "Object describing a section of an Executable and Linkable Format",
|
||
|
"meta-category": "file",
|
||
|
"name": "elf-section",
|
||
|
"template_uuid": "ca271f32-1234-4e87-b240-6b6e882de5de",
|
||
|
"template_version": "4",
|
||
|
"timestamp": "1643379041",
|
||
|
"uuid": "aeabb0d9-b3f6-4097-8bb2-37e335e529c3",
|
||
|
"Attribute": [
|
||
|
{
|
||
|
"category": "Other",
|
||
|
"comment": "",
|
||
|
"deleted": false,
|
||
|
"disable_correlation": true,
|
||
|
"object_relation": "name",
|
||
|
"timestamp": "1643379041",
|
||
|
"to_ids": false,
|
||
|
"type": "text",
|
||
|
"uuid": "05015846-1d38-4e25-836f-a91424ba1a23",
|
||
|
"value": ".strtab"
|
||
|
},
|
||
|
{
|
||
|
"category": "Other",
|
||
|
"comment": "",
|
||
|
"deleted": false,
|
||
|
"disable_correlation": true,
|
||
|
"object_relation": "type",
|
||
|
"timestamp": "1643379041",
|
||
|
"to_ids": false,
|
||
|
"type": "text",
|
||
|
"uuid": "3aa8d0a8-a64f-4ea7-9cb4-59b4b88a0349",
|
||
|
"value": "STRTAB"
|
||
|
},
|
||
|
{
|
||
|
"category": "Other",
|
||
|
"comment": "",
|
||
|
"deleted": false,
|
||
|
"disable_correlation": true,
|
||
|
"object_relation": "size-in-bytes",
|
||
|
"timestamp": "1643379041",
|
||
|
"to_ids": false,
|
||
|
"type": "size-in-bytes",
|
||
|
"uuid": "11a0f58c-002f-40c7-aecb-d4dabfc5aa56",
|
||
|
"value": "31843"
|
||
|
},
|
||
|
{
|
||
|
"category": "Other",
|
||
|
"comment": "",
|
||
|
"deleted": false,
|
||
|
"disable_correlation": true,
|
||
|
"object_relation": "entropy",
|
||
|
"timestamp": "1643379041",
|
||
|
"to_ids": false,
|
||
|
"type": "float",
|
||
|
"uuid": "9c0c090e-8660-46a5-bbd2-fe3db6bbc9cf",
|
||
|
"value": "4.6314982295082"
|
||
|
},
|
||
|
{
|
||
|
"category": "Payload delivery",
|
||
|
"comment": "",
|
||
|
"deleted": false,
|
||
|
"disable_correlation": false,
|
||
|
"object_relation": "md5",
|
||
|
"timestamp": "1643379041",
|
||
|
"to_ids": true,
|
||
|
"type": "md5",
|
||
|
"uuid": "74ab40cc-de69-4d46-bfca-93ac013bc53d",
|
||
|
"value": "2b6c9a19e7d219bf597c1fdbf0c5a8fe"
|
||
|
},
|
||
|
{
|
||
|
"category": "Payload delivery",
|
||
|
"comment": "",
|
||
|
"deleted": false,
|
||
|
"disable_correlation": false,
|
||
|
"object_relation": "sha1",
|
||
|
"timestamp": "1643379041",
|
||
|
"to_ids": true,
|
||
|
"type": "sha1",
|
||
|
"uuid": "1ad5f158-4b0e-49aa-a0a9-fd88a5e2a727",
|
||
|
"value": "86c5f200ef1779f5ca0e498f5fccefbfdfd776c1"
|
||
|
},
|
||
|
{
|
||
|
"category": "Payload delivery",
|
||
|
"comment": "",
|
||
|
"deleted": false,
|
||
|
"disable_correlation": false,
|
||
|
"object_relation": "sha256",
|
||
|
"timestamp": "1643379041",
|
||
|
"to_ids": true,
|
||
|
"type": "sha256",
|
||
|
"uuid": "bbff0a30-e005-4677-b07a-c76b29e8da0c",
|
||
|
"value": "c4a486864a5d0de1ef945f7ac7319c18b263a8c21bb512961425898911b8f78f"
|
||
|
},
|
||
|
{
|
||
|
"category": "Payload delivery",
|
||
|
"comment": "",
|
||
|
"deleted": false,
|
||
|
"disable_correlation": false,
|
||
|
"object_relation": "sha512",
|
||
|
"timestamp": "1643379042",
|
||
|
"to_ids": true,
|
||
|
"type": "sha512",
|
||
|
"uuid": "253f29c3-84a3-49e3-920f-83afc845d4f0",
|
||
|
"value": "a28514f9a00d95cd900598ca058de38e2f58f52885c7ed5e9b33464c70afe77e6e5e005d157f16612dc42453599282762fb9705dc22e7565ea70a31079f167c3"
|
||
|
},
|
||
|
{
|
||
|
"category": "Payload delivery",
|
||
|
"comment": "",
|
||
|
"deleted": false,
|
||
|
"disable_correlation": false,
|
||
|
"object_relation": "ssdeep",
|
||
|
"timestamp": "1643379042",
|
||
|
"to_ids": true,
|
||
|
"type": "ssdeep",
|
||
|
"uuid": "48999ac0-fdd1-48f4-897a-3b59fde5d1f2",
|
||
|
"value": "768:EKrlWymHu/gARHNlByMDvnikLTB/nAhs2Xy2zDptDvpMimWycITFE+14zsk2zQFT:EKEycAHNKMDvikos2VltKiXTITv4zUQ9"
|
||
|
}
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"comment": "",
|
||
|
"deleted": false,
|
||
|
"description": "Object describing a section of an Executable and Linkable Format",
|
||
|
"meta-category": "file",
|
||
|
"name": "elf-section",
|
||
|
"template_uuid": "ca271f32-1234-4e87-b240-6b6e882de5de",
|
||
|
"template_version": "4",
|
||
|
"timestamp": "1643379042",
|
||
|
"uuid": "4c5b90c8-dc4b-4aea-a678-0c6c284676ac",
|
||
|
"Attribute": [
|
||
|
{
|
||
|
"category": "Other",
|
||
|
"comment": "",
|
||
|
"deleted": false,
|
||
|
"disable_correlation": true,
|
||
|
"object_relation": "name",
|
||
|
"timestamp": "1643379042",
|
||
|
"to_ids": false,
|
||
|
"type": "text",
|
||
|
"uuid": "9c73b779-b22d-4408-b47a-ad2524fc6580",
|
||
|
"value": ".shstrtab"
|
||
|
},
|
||
|
{
|
||
|
"category": "Other",
|
||
|
"comment": "",
|
||
|
"deleted": false,
|
||
|
"disable_correlation": true,
|
||
|
"object_relation": "type",
|
||
|
"timestamp": "1643379042",
|
||
|
"to_ids": false,
|
||
|
"type": "text",
|
||
|
"uuid": "e07dc6a2-8bb8-47eb-a5ca-d430f9c32517",
|
||
|
"value": "STRTAB"
|
||
|
},
|
||
|
{
|
||
|
"category": "Other",
|
||
|
"comment": "",
|
||
|
"deleted": false,
|
||
|
"disable_correlation": true,
|
||
|
"object_relation": "size-in-bytes",
|
||
|
"timestamp": "1643379042",
|
||
|
"to_ids": false,
|
||
|
"type": "size-in-bytes",
|
||
|
"uuid": "0757dc0b-c15e-47e2-abcc-8cecc95e1266",
|
||
|
"value": "385"
|
||
|
},
|
||
|
{
|
||
|
"category": "Other",
|
||
|
"comment": "",
|
||
|
"deleted": false,
|
||
|
"disable_correlation": true,
|
||
|
"object_relation": "entropy",
|
||
|
"timestamp": "1643379042",
|
||
|
"to_ids": false,
|
||
|
"type": "float",
|
||
|
"uuid": "db9c2a0a-261e-43d0-8687-b2b98401dfff",
|
||
|
"value": "4.317008081308"
|
||
|
},
|
||
|
{
|
||
|
"category": "Payload delivery",
|
||
|
"comment": "",
|
||
|
"deleted": false,
|
||
|
"disable_correlation": false,
|
||
|
"object_relation": "md5",
|
||
|
"timestamp": "1643379042",
|
||
|
"to_ids": true,
|
||
|
"type": "md5",
|
||
|
"uuid": "9a9f3510-32b2-4e4a-ba4e-351213436c37",
|
||
|
"value": "85d1eb6d1e5b292a34cb5cf172d13e4f"
|
||
|
},
|
||
|
{
|
||
|
"category": "Payload delivery",
|
||
|
"comment": "",
|
||
|
"deleted": false,
|
||
|
"disable_correlation": false,
|
||
|
"object_relation": "sha1",
|
||
|
"timestamp": "1643379042",
|
||
|
"to_ids": true,
|
||
|
"type": "sha1",
|
||
|
"uuid": "67eb4641-4b8b-4f24-9678-bf45d3897027",
|
||
|
"value": "7709ffafc8174f3690dc3a4799618dbac4489416"
|
||
|
},
|
||
|
{
|
||
|
"category": "Payload delivery",
|
||
|
"comment": "",
|
||
|
"deleted": false,
|
||
|
"disable_correlation": false,
|
||
|
"object_relation": "sha256",
|
||
|
"timestamp": "1643379042",
|
||
|
"to_ids": true,
|
||
|
"type": "sha256",
|
||
|
"uuid": "0499e966-5240-4921-8a16-ee8b7a99a519",
|
||
|
"value": "599c752bae6979fba10a5bd6241df6eb52ef5856593571aacf0e376906f00d40"
|
||
|
},
|
||
|
{
|
||
|
"category": "Payload delivery",
|
||
|
"comment": "",
|
||
|
"deleted": false,
|
||
|
"disable_correlation": false,
|
||
|
"object_relation": "sha512",
|
||
|
"timestamp": "1643379042",
|
||
|
"to_ids": true,
|
||
|
"type": "sha512",
|
||
|
"uuid": "57fbf199-06c9-40ef-945f-ae067345fcb6",
|
||
|
"value": "aad752254ff78edd1435e42187b747862618454cac5bb5d9567386d55f9e9165df9c3fd00afec1621c41ca95c8592404fce1ec76b968d38e767dfc587375e3d1"
|
||
|
},
|
||
|
{
|
||
|
"category": "Payload delivery",
|
||
|
"comment": "",
|
||
|
"deleted": false,
|
||
|
"disable_correlation": false,
|
||
|
"object_relation": "ssdeep",
|
||
|
"timestamp": "1643379042",
|
||
|
"to_ids": true,
|
||
|
"type": "ssdeep",
|
||
|
"uuid": "c311cb8b-e105-4f8f-b4d0-c0776da435b7",
|
||
|
"value": "12:IELkxo84O6OvXdRAJWlRWi77Iptxh8hc+:X6oujAs7Boph8z"
|
||
|
}
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"comment": "",
|
||
|
"deleted": false,
|
||
|
"description": "Object describing a Executable and Linkable Format",
|
||
|
"meta-category": "file",
|
||
|
"name": "elf",
|
||
|
"template_uuid": "fa6534ae-ad74-4ce0-8f23-15a66c82c7fa",
|
||
|
"template_version": "5",
|
||
|
"timestamp": "1643379042",
|
||
|
"uuid": "7a67d6bd-fc19-44ec-8cb2-bf4cab39d701",
|
||
|
"ObjectReference": [
|
||
|
{
|
||
|
"comment": "Section 0 of ELF",
|
||
|
"object_uuid": "7a67d6bd-fc19-44ec-8cb2-bf4cab39d701",
|
||
|
"referenced_uuid": "14c643f9-c048-4601-b355-4101d32e721d",
|
||
|
"relationship_type": "includes",
|
||
|
"timestamp": "1643379042",
|
||
|
"uuid": "6f6e03f2-3896-4d20-8900-32882225871f"
|
||
|
},
|
||
|
{
|
||
|
"comment": "Section 1 of ELF",
|
||
|
"object_uuid": "7a67d6bd-fc19-44ec-8cb2-bf4cab39d701",
|
||
|
"referenced_uuid": "6d288686-4691-4554-afdb-d06cbc07136b",
|
||
|
"relationship_type": "includes",
|
||
|
"timestamp": "1643379042",
|
||
|
"uuid": "ff6728df-7abd-415e-8d3a-21e06002498a"
|
||
|
},
|
||
|
{
|
||
|
"comment": "Section 2 of ELF",
|
||
|
"object_uuid": "7a67d6bd-fc19-44ec-8cb2-bf4cab39d701",
|
||
|
"referenced_uuid": "620c41d2-3464-44e1-9cc4-ac26810a471d",
|
||
|
"relationship_type": "includes",
|
||
|
"timestamp": "1643379042",
|
||
|
"uuid": "dbe9ad55-e110-4beb-a236-b8e6e669cde7"
|
||
|
},
|
||
|
{
|
||
|
"comment": "Section 3 of ELF",
|
||
|
"object_uuid": "7a67d6bd-fc19-44ec-8cb2-bf4cab39d701",
|
||
|
"referenced_uuid": "c2f0df16-1c9f-4aee-9bd0-c28f8e7dc46b",
|
||
|
"relationship_type": "includes",
|
||
|
"timestamp": "1643379042",
|
||
|
"uuid": "146e240d-fbe6-406a-805c-c490144ec5ac"
|
||
|
},
|
||
|
{
|
||
|
"comment": "Section 4 of ELF",
|
||
|
"object_uuid": "7a67d6bd-fc19-44ec-8cb2-bf4cab39d701",
|
||
|
"referenced_uuid": "7ae73141-0fe0-468b-a637-048283310d7c",
|
||
|
"relationship_type": "includes",
|
||
|
"timestamp": "1643379042",
|
||
|
"uuid": "2fbdd8ad-3d44-485d-b491-718c0a64ee2a"
|
||
|
},
|
||
|
{
|
||
|
"comment": "Section 5 of ELF",
|
||
|
"object_uuid": "7a67d6bd-fc19-44ec-8cb2-bf4cab39d701",
|
||
|
"referenced_uuid": "605fb316-826f-4791-8595-462693a9c897",
|
||
|
"relationship_type": "includes",
|
||
|
"timestamp": "1643379042",
|
||
|
"uuid": "b6135760-7a51-4b90-bae4-8cc6f3160dcf"
|
||
|
},
|
||
|
{
|
||
|
"comment": "Section 6 of ELF",
|
||
|
"object_uuid": "7a67d6bd-fc19-44ec-8cb2-bf4cab39d701",
|
||
|
"referenced_uuid": "d89db1f3-12a7-406c-b60a-407b435ff6f9",
|
||
|
"relationship_type": "includes",
|
||
|
"timestamp": "1643379042",
|
||
|
"uuid": "2b87517c-7bf6-406a-903b-952bf770a72e"
|
||
|
},
|
||
|
{
|
||
|
"comment": "Section 7 of ELF",
|
||
|
"object_uuid": "7a67d6bd-fc19-44ec-8cb2-bf4cab39d701",
|
||
|
"referenced_uuid": "5b967d2c-daa7-457a-892e-e6eb46927b02",
|
||
|
"relationship_type": "includes",
|
||
|
"timestamp": "1643379042",
|
||
|
"uuid": "2be5175c-87fc-4343-9b77-4ea504e97184"
|
||
|
},
|
||
|
{
|
||
|
"comment": "Section 8 of ELF",
|
||
|
"object_uuid": "7a67d6bd-fc19-44ec-8cb2-bf4cab39d701",
|
||
|
"referenced_uuid": "b96b81c1-c42b-4b21-b55e-ae110dcef254",
|
||
|
"relationship_type": "includes",
|
||
|
"timestamp": "1643379042",
|
||
|
"uuid": "8933ce5a-e20b-4bbd-ba12-5cadde0199ed"
|
||
|
},
|
||
|
{
|
||
|
"comment": "Section 9 of ELF",
|
||
|
"object_uuid": "7a67d6bd-fc19-44ec-8cb2-bf4cab39d701",
|
||
|
"referenced_uuid": "37324a84-f710-4d2b-b579-037be8400fd8",
|
||
|
"relationship_type": "includes",
|
||
|
"timestamp": "1643379042",
|
||
|
"uuid": "79b12719-33b7-4944-b1fb-b49cfb5079fc"
|
||
|
},
|
||
|
{
|
||
|
"comment": "Section 10 of ELF",
|
||
|
"object_uuid": "7a67d6bd-fc19-44ec-8cb2-bf4cab39d701",
|
||
|
"referenced_uuid": "9ef9d811-89d5-4acb-bdd3-8ceff6f2e3f1",
|
||
|
"relationship_type": "includes",
|
||
|
"timestamp": "1643379042",
|
||
|
"uuid": "91f56775-b34c-44e3-a4b3-50fc9c28379f"
|
||
|
},
|
||
|
{
|
||
|
"comment": "Section 11 of ELF",
|
||
|
"object_uuid": "7a67d6bd-fc19-44ec-8cb2-bf4cab39d701",
|
||
|
"referenced_uuid": "2b76c945-728a-4b11-bcae-4ca9dcfc9b1d",
|
||
|
"relationship_type": "includes",
|
||
|
"timestamp": "1643379042",
|
||
|
"uuid": "aa84bc04-0392-4d2b-8394-8eaf245fd8b4"
|
||
|
},
|
||
|
{
|
||
|
"comment": "Section 12 of ELF",
|
||
|
"object_uuid": "7a67d6bd-fc19-44ec-8cb2-bf4cab39d701",
|
||
|
"referenced_uuid": "2c752589-0653-4e0e-a6ee-0041b4454897",
|
||
|
"relationship_type": "includes",
|
||
|
"timestamp": "1643379042",
|
||
|
"uuid": "44cd27fc-4001-4e20-b2fc-aa31f1409f5c"
|
||
|
},
|
||
|
{
|
||
|
"comment": "Section 13 of ELF",
|
||
|
"object_uuid": "7a67d6bd-fc19-44ec-8cb2-bf4cab39d701",
|
||
|
"referenced_uuid": "e3b993ab-3058-409e-81c8-efc495bfddaa",
|
||
|
"relationship_type": "includes",
|
||
|
"timestamp": "1643379042",
|
||
|
"uuid": "88282798-a73c-479f-b03f-d14e57786885"
|
||
|
},
|
||
|
{
|
||
|
"comment": "Section 14 of ELF",
|
||
|
"object_uuid": "7a67d6bd-fc19-44ec-8cb2-bf4cab39d701",
|
||
|
"referenced_uuid": "1893302e-a4f7-4e28-a8d0-7556e6567756",
|
||
|
"relationship_type": "includes",
|
||
|
"timestamp": "1643379042",
|
||
|
"uuid": "192826d3-104f-4595-a649-5a0665594440"
|
||
|
},
|
||
|
{
|
||
|
"comment": "Section 15 of ELF",
|
||
|
"object_uuid": "7a67d6bd-fc19-44ec-8cb2-bf4cab39d701",
|
||
|
"referenced_uuid": "dad3f610-d76c-4361-bb4d-41781cad97fd",
|
||
|
"relationship_type": "includes",
|
||
|
"timestamp": "1643379042",
|
||
|
"uuid": "31e76881-f942-42a3-85e9-8cba51aeb5da"
|
||
|
},
|
||
|
{
|
||
|
"comment": "Section 16 of ELF",
|
||
|
"object_uuid": "7a67d6bd-fc19-44ec-8cb2-bf4cab39d701",
|
||
|
"referenced_uuid": "0af6fe82-6f45-40e0-b0f3-2168a9043770",
|
||
|
"relationship_type": "includes",
|
||
|
"timestamp": "1643379042",
|
||
|
"uuid": "bc4a96c8-718e-4a44-bf69-53165435f22e"
|
||
|
},
|
||
|
{
|
||
|
"comment": "Section 17 of ELF",
|
||
|
"object_uuid": "7a67d6bd-fc19-44ec-8cb2-bf4cab39d701",
|
||
|
"referenced_uuid": "d29a7e9e-d334-4ca9-8d95-1f25cf320b85",
|
||
|
"relationship_type": "includes",
|
||
|
"timestamp": "1643379042",
|
||
|
"uuid": "385a4f01-e7f6-4639-87b5-13d075216e5c"
|
||
|
},
|
||
|
{
|
||
|
"comment": "Section 18 of ELF",
|
||
|
"object_uuid": "7a67d6bd-fc19-44ec-8cb2-bf4cab39d701",
|
||
|
"referenced_uuid": "eda4b8fa-1906-4263-b685-77c79b9a494b",
|
||
|
"relationship_type": "includes",
|
||
|
"timestamp": "1643379042",
|
||
|
"uuid": "7163752a-5997-4376-a3e6-7ede2b6ae02c"
|
||
|
},
|
||
|
{
|
||
|
"comment": "Section 19 of ELF",
|
||
|
"object_uuid": "7a67d6bd-fc19-44ec-8cb2-bf4cab39d701",
|
||
|
"referenced_uuid": "3cf774f3-432c-4dab-b9a9-5ee8a5c7bf02",
|
||
|
"relationship_type": "includes",
|
||
|
"timestamp": "1643379042",
|
||
|
"uuid": "6504f08a-1ac7-4af7-bf65-b01ec4bf55fe"
|
||
|
},
|
||
|
{
|
||
|
"comment": "Section 20 of ELF",
|
||
|
"object_uuid": "7a67d6bd-fc19-44ec-8cb2-bf4cab39d701",
|
||
|
"referenced_uuid": "3cc99722-ce57-4202-be55-fb8b973c88f3",
|
||
|
"relationship_type": "includes",
|
||
|
"timestamp": "1643379042",
|
||
|
"uuid": "2c6e9510-4484-4622-9fe6-c7f27b3d9fce"
|
||
|
},
|
||
|
{
|
||
|
"comment": "Section 21 of ELF",
|
||
|
"object_uuid": "7a67d6bd-fc19-44ec-8cb2-bf4cab39d701",
|
||
|
"referenced_uuid": "083c2484-551f-41ce-ad0e-5dc89744fdd6",
|
||
|
"relationship_type": "includes",
|
||
|
"timestamp": "1643379042",
|
||
|
"uuid": "503fc93a-44fd-4bb1-90d9-cb9e4da40c8e"
|
||
|
},
|
||
|
{
|
||
|
"comment": "Section 22 of ELF",
|
||
|
"object_uuid": "7a67d6bd-fc19-44ec-8cb2-bf4cab39d701",
|
||
|
"referenced_uuid": "9ddc2aa3-59cd-4611-829d-6b0f9f82b99c",
|
||
|
"relationship_type": "includes",
|
||
|
"timestamp": "1643379042",
|
||
|
"uuid": "7c82b08a-3b0c-4005-96af-e22a5e90f062"
|
||
|
},
|
||
|
{
|
||
|
"comment": "Section 23 of ELF",
|
||
|
"object_uuid": "7a67d6bd-fc19-44ec-8cb2-bf4cab39d701",
|
||
|
"referenced_uuid": "f58ab9c8-011c-478a-af44-61d68d02930a",
|
||
|
"relationship_type": "includes",
|
||
|
"timestamp": "1643379042",
|
||
|
"uuid": "f9e246f0-452f-4b99-9bd0-f796df00469d"
|
||
|
},
|
||
|
{
|
||
|
"comment": "Section 24 of ELF",
|
||
|
"object_uuid": "7a67d6bd-fc19-44ec-8cb2-bf4cab39d701",
|
||
|
"referenced_uuid": "3d1434a9-7510-4777-9bf3-d9ddeebf09c2",
|
||
|
"relationship_type": "includes",
|
||
|
"timestamp": "1643379042",
|
||
|
"uuid": "38ec02c8-9714-4daf-946e-c4b0cef20553"
|
||
|
},
|
||
|
{
|
||
|
"comment": "Section 25 of ELF",
|
||
|
"object_uuid": "7a67d6bd-fc19-44ec-8cb2-bf4cab39d701",
|
||
|
"referenced_uuid": "f705c834-81fb-47f4-8938-85072ade512c",
|
||
|
"relationship_type": "includes",
|
||
|
"timestamp": "1643379042",
|
||
|
"uuid": "1794decd-e7f4-4d9c-89e2-0feafa032e71"
|
||
|
},
|
||
|
{
|
||
|
"comment": "Section 26 of ELF",
|
||
|
"object_uuid": "7a67d6bd-fc19-44ec-8cb2-bf4cab39d701",
|
||
|
"referenced_uuid": "34066ab4-0ce1-4d8d-ac87-937d1668d164",
|
||
|
"relationship_type": "includes",
|
||
|
"timestamp": "1643379042",
|
||
|
"uuid": "e5890ee6-e0fa-46a2-87a2-b0bcda578c16"
|
||
|
},
|
||
|
{
|
||
|
"comment": "Section 27 of ELF",
|
||
|
"object_uuid": "7a67d6bd-fc19-44ec-8cb2-bf4cab39d701",
|
||
|
"referenced_uuid": "89bebe98-9e8c-4987-9ade-80f48c2086aa",
|
||
|
"relationship_type": "includes",
|
||
|
"timestamp": "1643379042",
|
||
|
"uuid": "9fd80799-2e17-4695-9c54-90ad66cb74ab"
|
||
|
},
|
||
|
{
|
||
|
"comment": "Section 28 of ELF",
|
||
|
"object_uuid": "7a67d6bd-fc19-44ec-8cb2-bf4cab39d701",
|
||
|
"referenced_uuid": "142feb3d-6177-4bc7-9716-f7dfed0d65be",
|
||
|
"relationship_type": "includes",
|
||
|
"timestamp": "1643379042",
|
||
|
"uuid": "a32f0763-fe17-4ce2-aea0-a5db29248dd6"
|
||
|
},
|
||
|
{
|
||
|
"comment": "Section 29 of ELF",
|
||
|
"object_uuid": "7a67d6bd-fc19-44ec-8cb2-bf4cab39d701",
|
||
|
"referenced_uuid": "159d2cc9-3205-4a2d-8aa3-5efa0389395e",
|
||
|
"relationship_type": "includes",
|
||
|
"timestamp": "1643379042",
|
||
|
"uuid": "c7ffca61-2ee8-47fa-b324-29b92f69112b"
|
||
|
},
|
||
|
{
|
||
|
"comment": "Section 30 of ELF",
|
||
|
"object_uuid": "7a67d6bd-fc19-44ec-8cb2-bf4cab39d701",
|
||
|
"referenced_uuid": "544a4239-ca3b-4d41-8e55-da5a0c40f195",
|
||
|
"relationship_type": "includes",
|
||
|
"timestamp": "1643379042",
|
||
|
"uuid": "a087d2a2-5e62-47ce-96ba-0a7531c97c86"
|
||
|
},
|
||
|
{
|
||
|
"comment": "Section 31 of ELF",
|
||
|
"object_uuid": "7a67d6bd-fc19-44ec-8cb2-bf4cab39d701",
|
||
|
"referenced_uuid": "c2060b89-7937-4fe7-8f27-64813a461fa6",
|
||
|
"relationship_type": "includes",
|
||
|
"timestamp": "1643379042",
|
||
|
"uuid": "3804400f-7e9a-479c-930b-748e4b392ffd"
|
||
|
},
|
||
|
{
|
||
|
"comment": "Section 32 of ELF",
|
||
|
"object_uuid": "7a67d6bd-fc19-44ec-8cb2-bf4cab39d701",
|
||
|
"referenced_uuid": "361e875d-e54a-44b5-b9c7-6a9695705213",
|
||
|
"relationship_type": "includes",
|
||
|
"timestamp": "1643379042",
|
||
|
"uuid": "aed36429-ac29-4959-b2f9-61c8686d7029"
|
||
|
},
|
||
|
{
|
||
|
"comment": "Section 33 of ELF",
|
||
|
"object_uuid": "7a67d6bd-fc19-44ec-8cb2-bf4cab39d701",
|
||
|
"referenced_uuid": "af34567c-3eca-4ef6-a4d2-f47302a26efb",
|
||
|
"relationship_type": "includes",
|
||
|
"timestamp": "1643379042",
|
||
|
"uuid": "53ce62a7-405c-455e-bc4f-2ba0d47fd5b6"
|
||
|
},
|
||
|
{
|
||
|
"comment": "Section 34 of ELF",
|
||
|
"object_uuid": "7a67d6bd-fc19-44ec-8cb2-bf4cab39d701",
|
||
|
"referenced_uuid": "aeabb0d9-b3f6-4097-8bb2-37e335e529c3",
|
||
|
"relationship_type": "includes",
|
||
|
"timestamp": "1643379042",
|
||
|
"uuid": "bcd44886-8e04-4a81-9e56-71641d80a7d6"
|
||
|
},
|
||
|
{
|
||
|
"comment": "Section 35 of ELF",
|
||
|
"object_uuid": "7a67d6bd-fc19-44ec-8cb2-bf4cab39d701",
|
||
|
"referenced_uuid": "4c5b90c8-dc4b-4aea-a678-0c6c284676ac",
|
||
|
"relationship_type": "includes",
|
||
|
"timestamp": "1643379042",
|
||
|
"uuid": "e9987986-ccf8-41dd-9b5d-96b4ac769503"
|
||
|
}
|
||
|
],
|
||
|
"Attribute": [
|
||
|
{
|
||
|
"category": "Other",
|
||
|
"comment": "",
|
||
|
"deleted": false,
|
||
|
"disable_correlation": true,
|
||
|
"object_relation": "type",
|
||
|
"timestamp": "1643379042",
|
||
|
"to_ids": false,
|
||
|
"type": "text",
|
||
|
"uuid": "7230f085-c606-4dc5-ba97-748d2ac9f7ec",
|
||
|
"value": "EXECUTABLE"
|
||
|
},
|
||
|
{
|
||
|
"category": "Other",
|
||
|
"comment": "",
|
||
|
"deleted": false,
|
||
|
"disable_correlation": true,
|
||
|
"object_relation": "entrypoint-address",
|
||
|
"timestamp": "1643379042",
|
||
|
"to_ids": false,
|
||
|
"type": "text",
|
||
|
"uuid": "7613fed9-925a-44d1-af46-090b90534d84",
|
||
|
"value": "4201888"
|
||
|
},
|
||
|
{
|
||
|
"category": "Other",
|
||
|
"comment": "",
|
||
|
"deleted": false,
|
||
|
"disable_correlation": true,
|
||
|
"object_relation": "arch",
|
||
|
"timestamp": "1643379042",
|
||
|
"to_ids": false,
|
||
|
"type": "text",
|
||
|
"uuid": "8da4056d-b2fe-40b0-82cf-dbe10269f80e",
|
||
|
"value": "x86_64"
|
||
|
},
|
||
|
{
|
||
|
"category": "Other",
|
||
|
"comment": "",
|
||
|
"deleted": false,
|
||
|
"disable_correlation": true,
|
||
|
"object_relation": "os_abi",
|
||
|
"timestamp": "1643379042",
|
||
|
"to_ids": false,
|
||
|
"type": "text",
|
||
|
"uuid": "c657af58-8cc5-483f-9b42-b97286f096fd",
|
||
|
"value": "LINUX"
|
||
|
},
|
||
|
{
|
||
|
"category": "Other",
|
||
|
"comment": "",
|
||
|
"deleted": false,
|
||
|
"disable_correlation": true,
|
||
|
"object_relation": "number-sections",
|
||
|
"timestamp": "1643379042",
|
||
|
"to_ids": false,
|
||
|
"type": "counter",
|
||
|
"uuid": "cda41629-ce78-44f6-8270-f4f3b390f627",
|
||
|
"value": "36"
|
||
|
}
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"comment": "",
|
||
|
"deleted": false,
|
||
|
"description": "File object describing a file with meta-information",
|
||
|
"meta-category": "file",
|
||
|
"name": "file",
|
||
|
"template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215",
|
||
|
"template_version": "20",
|
||
|
"timestamp": "1643379042",
|
||
|
"uuid": "7d7df874-930d-4b20-8c96-af63f55cbd84",
|
||
|
"ObjectReference": [
|
||
|
{
|
||
|
"comment": "ELF indicators",
|
||
|
"object_uuid": "7d7df874-930d-4b20-8c96-af63f55cbd84",
|
||
|
"referenced_uuid": "7a67d6bd-fc19-44ec-8cb2-bf4cab39d701",
|
||
|
"relationship_type": "includes",
|
||
|
"timestamp": "1643379042",
|
||
|
"uuid": "6238732d-bc8a-47ad-b829-ef28dd5ef446"
|
||
|
}
|
||
|
],
|
||
|
"Attribute": [
|
||
|
{
|
||
|
"category": "Payload delivery",
|
||
|
"comment": "",
|
||
|
"deleted": false,
|
||
|
"disable_correlation": true,
|
||
|
"object_relation": "filename",
|
||
|
"timestamp": "1643379042",
|
||
|
"to_ids": true,
|
||
|
"type": "filename",
|
||
|
"uuid": "3910aef0-5af0-4957-9ebd-456096c642bc",
|
||
|
"value": "file"
|
||
|
},
|
||
|
{
|
||
|
"category": "Other",
|
||
|
"comment": "",
|
||
|
"deleted": false,
|
||
|
"disable_correlation": true,
|
||
|
"object_relation": "size-in-bytes",
|
||
|
"timestamp": "1643379042",
|
||
|
"to_ids": false,
|
||
|
"type": "size-in-bytes",
|
||
|
"uuid": "7e65f0bc-66c9-4a0e-b0d6-1550a91d02bc",
|
||
|
"value": "1182192"
|
||
|
},
|
||
|
{
|
||
|
"category": "Other",
|
||
|
"comment": "",
|
||
|
"deleted": false,
|
||
|
"disable_correlation": true,
|
||
|
"object_relation": "entropy",
|
||
|
"timestamp": "1643379042",
|
||
|
"to_ids": false,
|
||
|
"type": "float",
|
||
|
"uuid": "20b98cab-070c-415f-a7f2-e2b9bef1f831",
|
||
|
"value": "6.1469332699331"
|
||
|
},
|
||
|
{
|
||
|
"category": "Payload delivery",
|
||
|
"comment": "",
|
||
|
"deleted": false,
|
||
|
"disable_correlation": false,
|
||
|
"object_relation": "md5",
|
||
|
"timestamp": "1643379042",
|
||
|
"to_ids": true,
|
||
|
"type": "md5",
|
||
|
"uuid": "ef636738-0394-4620-90ec-3b07776a267f",
|
||
|
"value": "8392208ccce589326e3c72b6a80cfd1d"
|
||
|
},
|
||
|
{
|
||
|
"category": "Payload delivery",
|
||
|
"comment": "",
|
||
|
"deleted": false,
|
||
|
"disable_correlation": false,
|
||
|
"object_relation": "sha1",
|
||
|
"timestamp": "1643379042",
|
||
|
"to_ids": true,
|
||
|
"type": "sha1",
|
||
|
"uuid": "54937fe9-64b4-40d6-b624-788ab185ffa7",
|
||
|
"value": "d532edd89facd147c341a81cb1b8c363c73eb0ae"
|
||
|
},
|
||
|
{
|
||
|
"category": "Payload delivery",
|
||
|
"comment": "",
|
||
|
"deleted": false,
|
||
|
"disable_correlation": false,
|
||
|
"object_relation": "sha256",
|
||
|
"timestamp": "1643379042",
|
||
|
"to_ids": true,
|
||
|
"type": "sha256",
|
||
|
"uuid": "4af5f565-a7f7-4775-8377-09e12407189f",
|
||
|
"value": "40ea141f04339799df7f98732e7f3c6b4591b86d0e3a924dff22c40304995e4f"
|
||
|
},
|
||
|
{
|
||
|
"category": "Payload delivery",
|
||
|
"comment": "",
|
||
|
"deleted": false,
|
||
|
"disable_correlation": false,
|
||
|
"object_relation": "sha512",
|
||
|
"timestamp": "1643379042",
|
||
|
"to_ids": true,
|
||
|
"type": "sha512",
|
||
|
"uuid": "2d093e6f-85a1-4b8c-949b-b50aade2ba54",
|
||
|
"value": "c9cb45f1ef8feb8be6f9d458a1c94a65fc075435c4c312750fb1ba9180095ebe7dfb5a020130d249f00fa59172eea546ccdb0d4737545a36f3bc3b29f47ddb4f"
|
||
|
},
|
||
|
{
|
||
|
"category": "Payload delivery",
|
||
|
"comment": "",
|
||
|
"data": "UEsDBBQACQAIAFVxPFQgbKj1YTMHAPAJEgAgABwAODM5MjIwOGNjY2U1ODkzMjZlM2M3MmI2YTgwY2ZkMWRVVAkAA2L582Fi+fNhdXgLAAEEIQAAAAQhAAAA4gSS16mx44idEOekqiWKlKs+L6UZujJs8nOzbiNUcbM5Oze+3qcV1rpg/LhrJYCnXUoCnQCCQk8hLeB9mwxMeubliqTn+ye2ySZtTqf8rZygqpdJ+Vkk0Io7KWaMtZeOPR8w0b3G2JGusBO9AkrPklDIIHE6xjh/XpLN/HQ5Hh/a2/F+8dpYdEu803OGi2zpqKaQXD4c4/rF8/m/8n16CFCRbr4kEwAUy6eHmst5DVP/bvuIMLhQEOP6aE1Cil2jPbeDF0VFecxIPRbiMhGYA2fzJ79yqAvAmrMPxBWfySofHrvk/WteDycmSiMwAINNVKQ2rILdwx+lU/lXZOxYp/cVwWwbX/dSlagKxAiR0ugJLWXePaVS0A2F/iq78hAUyxdgQOgp7V7CEfwUl30dCl+ALZCyO9v5zzyT0QguJ/jMoZ3aokUUybfuv4Kdxtj/DepXD8vcXottA2dVvcC7H/GjpVSRSVywoQl+zmp0Uto/r5xrOINSDu8KafH4vbrhwtakSySZHMUUbvSM+4tQZ+9mhjMATG4RzJqS+9s3XX2Vd/OYj+uOsuArIMNqxUFd/OMqNbAGYXlN5fxVya7tKqf+Dxz8k4hdUStp4FvzYpDvRt+Di9Rkaj4PTD7n4lJDgxF6nho5MabcYbgLg0OwBCb/aYM4G8rK1muzBmKYX5QV+TIls6qNavAOOmOIn9deYm4ixNmujarm6Ieu/BKtsR78lccoy5huoK8nII5CUiGdacaJFN4cxzetMtDslDCeVIVs8beZ9hqTLr0YEMyMqnX/6XSW76G0D0cc4BlIy93IiB5+Z3hHyhqmUibY4cKQVIdp106eSLKzPDn5MCfPYYXSLLjvxTmwLY48KtRGcP/slfoEFISQdVnTHClli+vZElekqNWxxjW8fD3tiYTQjKxcYPXvESPaolcHs7FhJmGsRimeZOj5EzfuavxxwqVUCsimv4dABjzU1Yv5AQ5PWORzGZwjCYkyLlR1CPfyGXf9DAM8gcAAJmHsRqxWh4AwtJDXjNMECbMFsAdLpnvbTbBAh+OCMgi68+0x8h2t6bLr1P3BLrlcHkiHAK9E34wT6q54Io+lyHB5Zmq6FRmjFmt9Ah2VCz0myQ9bnUD2L09tgF6RsyFAhkrsiZadogcKRKzuqZw2D/Jjc928bASx42Je3iNV2S6AbEzuiPUOQaLDPXROQwF8gQn9HkaewcGcMEZO1wWYm7lakFdqPHbluz0PWZtt86EV8cvnewVVdB/3BWs1Aa2QiYaO4kxB2j42F6iw/EfbCwOzHNEw3u/gZEkJreL/7/FyNtNrxg7lTNwK0ZPLT9vaXbuaZeTX9rklzN3ceGa3A2Vt46oZYZTAb7O+3V1NAOZsFsMAIlj8EA/sHPndthq7o1mc7kbEj6sKj7FceMDGXzCvlrYf5L+bBeCkhO7ZiC9oYDZKQAB2xJNH+d0LU+OTulbHgUsGgiuo4I6Alt3P48FD8fSnaZCsCYXE9awFPoKlavdGskT+NGpi0LdxTkwj/Zj+aLeRrEHavZv61uHy14VaTLq8jemx9VTCuF/IMifR9aKzMi52nz836rkuVGJfLgPAcUkJxxOkpRQRhe2wwdBamu5ZPshXoTBCfN5Wn2p0fvq4bjGJum1+tQNIBprTULY48+HCcWjsVd8P9TlKYhilacT2Tp7XyANvFzqAfHT4D3Tqel1Mr+QUQQg2JsHpUm3nw3TdBYbGXmKlG3In/cENVILz9pus4m1+UU6X7CbatOURuk+U2PwYvpGMcslNXi2B1g8CUKSKWYrCc5Nq0mNbh75VAQcvX6qiEOEqBQEEoXgx8CCuVt4PLpxmpqSSHQ85PRTUiH0nSgqkuzakZlCJdQ2EIEy7267zXJTYXXlRJgv40kuz2DbZqltdcfQqpEMs1vzh4LK6jGEhlUfJBeVOA+p/TlSL5ODaGR5a19xq9vD43DbdV4WUpBNXJMh8PIPmFUw9kW2aMi/Gonq+njg9z3Ltg3JoV0/gRHUHkM2bHT7YmQ+O6tKCYs2s5UsYiPOboe5c0Efqcu21eM2pqCdVmqPbMjNR1PD91J6Wzuy540BjeNiF9AFhtOfM0ldEB1KoSDNm2pdWNI6E98Z75x9z5Fa5sgBL8SucvjI9v9G3bM8oNToGFfVXBOMUcP+DOzh6qclSSUuljZXJr6MIigejWupiwkI3P8Qn7HzPEyDnFd0lO+2YaZZqW8UtcmZTnyKQ8oGjP4gbKS20FUKzVVyxhoM/j2t4ENvkkeQmg8f2xfO01GTpNAFiEk0lXH4bqHYgOhhzy758ZVj33JEXyqpaKGohYeK91bbnajV6qTig8sOOhlWDHY8B8h9n23TNiYLk+itKzFzjLMk0G4ONe+pzpL01MuAcPBdiMyGEX6oGuopLfGKrDipXfFTkPUMjz+PSXRnNNIZGOELksD4dKTig26NU0ISURq6jqbFPiafB4ToDKkwfE8+lDlBmJG64IMktqxai+FYk4bV9lNBoeIL+DxFAQp8drKwOBVZd3EgfAtU1SbOEso42DhtRdd0S+TbJyWZM+JEjIJ+UyFy/marhrGSibynkJSwLverXJEqWKA5rgko15KPBAHuYpjPscOyOY+OCV2CW47PuNkRr/OPKKCVSXYSP+/5n6i9mG7q9J8fPM/qRjIpnBgNGdTwSpLdVoKndPLJWhInREQLzpbtJVfAXNDPVGBPD7X54fbGCxKwilfpw74N+i03ljukawlwZgXi2lGPiEOWRkOsFiUhlzssCgKjhEQFI3+l+vZxcZjF6nUVXXQhgThAJ4sREnfA9Kq+cDeB7iX8OziPZgVRrrxND0yhQOvcHJ1iH+vW6M67NIH2bNCwHZlnXi1nSU4+eeVoDqxz3GH88GNRv3MeBVs/xuKzdaAsTa5SmGKANFrQEFuKnyoIQmrzIl8d8SrLsTRjff7UpdS2RZ7GCf9vx9fLMuryHI49bd7mbyV6qYwIppLCAINhE9ZdFCGLMbvCCEitLjHu1am0wCGF/rP76ePH0tRZBecvQCQgKzxRfX40hA/IaQlIx/xLa3G5lDRHncuFmvwEF1VMF/bKg9TWS6DbZUZAyF7PEr16oTU8or2OWgOzoXI7ryvAEO3nSlQF6PK5KSnLYZpjlkTgYTQGRHQ7Hux+ua9WZpGBAQCgk89yXHYt0G8kIWwTxygivhhR9p8B06c9C9kBPk+FJoBWL+A0G2Lmu5IiS5pZvzlTK6HeSTsUqdqaYho8vbGC746d9Ko1kE4puRnoWa741vA7SRe4DdUE5AVGK6L+/r/6Du3dpL67EXKip5Ym9jGcA2BN36q8Z75B8RE4srsO0zHvYew96kX/FPsQvEFlWroG/jxj8zAQEjvR0x8PA9zcpN7pcZvXS/EgwdMlUvuTyA4AKQLUSm1GOreeBlIgCiBc5PBPtMpQzUsJ0xulIl29OsBvyPrzRPZLcD+q/bAnllv/PsSnT9JVWlcn8CHjfORPP3UxUGIXbcOjNlYqvDfXDmE3CuZPGgwAzFu2d1SAxUa5ssbOrH08o3QPVFGhvdmuywpu9iK6/wAWTcZnOdnnifFLZhrgfd5sUqFkHwf2WpTEQ6uCKfP71KAwyj68DC35Dr+Ep18MURKZhotRdwfh28TZhA8TcO0w079yxog3hmYMNIOFj4SFCX51fZcn69HwjVVge8U0atsFQ4UjhUM6LYpETl6H8YZZhc0C2mK55aDo/PMLAtd/WxgUVYgpvqC3ZdTDkiwhmeTUypuWKH+klMYVTTuEEjGRLq2ioN9Bu1skg8RGtZkpgDC7IfXz99tSKiZYl0qaa0fHpRQ7HAbmSqReco1EvId/khavZwnCWK3vGAacW4K+sdi5096yfQ/qZFFvr/c8chBRFAf466I25Bfer2cNjNhObq73Aw1VhgWJltqfi76vIEb47sMCSWfO/ChIdj/v+P+hbs3yTY7
|
||
|
"deleted": false,
|
||
|
"disable_correlation": false,
|
||
|
"object_relation": "malware-sample",
|
||
|
"timestamp": "1643379042",
|
||
|
"to_ids": true,
|
||
|
"type": "malware-sample",
|
||
|
"uuid": "83226a2c-0d74-4fe9-a07a-c5e1805cd836",
|
||
|
"value": "file|8392208ccce589326e3c72b6a80cfd1d"
|
||
|
},
|
||
|
{
|
||
|
"category": "Artifacts dropped",
|
||
|
"comment": "",
|
||
|
"deleted": false,
|
||
|
"disable_correlation": true,
|
||
|
"object_relation": "mimetype",
|
||
|
"timestamp": "1643379042",
|
||
|
"to_ids": false,
|
||
|
"type": "mime-type",
|
||
|
"uuid": "918f9da5-e30e-44c0-8b74-ad71652aa876",
|
||
|
"value": "ELF 64-bit LSB executable, x86-64, version 1 (GNU/Linux)"
|
||
|
},
|
||
|
{
|
||
|
"category": "Payload delivery",
|
||
|
"comment": "",
|
||
|
"deleted": false,
|
||
|
"disable_correlation": false,
|
||
|
"object_relation": "ssdeep",
|
||
|
"timestamp": "1643379042",
|
||
|
"to_ids": true,
|
||
|
"type": "ssdeep",
|
||
|
"uuid": "3a959007-8db1-421d-a95f-5fa6ab953bfb",
|
||
|
"value": "12288:9UkkhE6pENVm/jwzAtRfYjz09InxIkLkByyyAI05AmRUAmxVSpVWq5ko3VlQQIM:2km/jwzAt5koInxIb6mRXm47F3Vl3"
|
||
|
}
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"comment": "",
|
||
|
"deleted": false,
|
||
|
"description": "Object describing a section of an Executable and Linkable Format",
|
||
|
"meta-category": "file",
|
||
|
"name": "elf-section",
|
||
|
"template_uuid": "ca271f32-1234-4e87-b240-6b6e882de5de",
|
||
|
"template_version": "4",
|
||
|
"timestamp": "1643379810",
|
||
|
"uuid": "332737d8-78a4-43c1-8eea-1672a9c6211e",
|
||
|
"Attribute": [
|
||
|
{
|
||
|
"category": "Other",
|
||
|
"comment": "",
|
||
|
"deleted": false,
|
||
|
"disable_correlation": true,
|
||
|
"object_relation": "type",
|
||
|
"timestamp": "1643379810",
|
||
|
"to_ids": false,
|
||
|
"type": "text",
|
||
|
"uuid": "e04e8457-bb27-419c-8d67-cbd7ddfcab9d",
|
||
|
"value": "NULL"
|
||
|
},
|
||
|
{
|
||
|
"category": "Other",
|
||
|
"comment": "",
|
||
|
"deleted": false,
|
||
|
"disable_correlation": true,
|
||
|
"object_relation": "size-in-bytes",
|
||
|
"timestamp": "1643379810",
|
||
|
"to_ids": false,
|
||
|
"type": "size-in-bytes",
|
||
|
"uuid": "c92ef81e-1f32-4882-bf6e-c775184996d7",
|
||
|
"value": "0"
|
||
|
}
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"comment": "",
|
||
|
"deleted": false,
|
||
|
"description": "Object describing a section of an Executable and Linkable Format",
|
||
|
"meta-category": "file",
|
||
|
"name": "elf-section",
|
||
|
"template_uuid": "ca271f32-1234-4e87-b240-6b6e882de5de",
|
||
|
"template_version": "4",
|
||
|
"timestamp": "1643379810",
|
||
|
"uuid": "86f548c8-b230-4c9a-b370-ab8c763247a4",
|
||
|
"Attribute": [
|
||
|
{
|
||
|
"category": "Other",
|
||
|
"comment": "",
|
||
|
"deleted": false,
|
||
|
"disable_correlation": true,
|
||
|
"object_relation": "name",
|
||
|
"timestamp": "1643379810",
|
||
|
"to_ids": false,
|
||
|
"type": "text",
|
||
|
"uuid": "be46d2bd-3169-4bec-9d7b-ec29d4b3fdb0",
|
||
|
"value": ".note.gnu.build-id"
|
||
|
},
|
||
|
{
|
||
|
"category": "Other",
|
||
|
"comment": "",
|
||
|
"deleted": false,
|
||
|
"disable_correlation": true,
|
||
|
"object_relation": "type",
|
||
|
"timestamp": "1643379810",
|
||
|
"to_ids": false,
|
||
|
"type": "text",
|
||
|
"uuid": "23f9a169-2049-4ea5-be45-996fbc30fd71",
|
||
|
"value": "NOTE"
|
||
|
},
|
||
|
{
|
||
|
"category": "Other",
|
||
|
"comment": "",
|
||
|
"deleted": false,
|
||
|
"disable_correlation": true,
|
||
|
"object_relation": "flag",
|
||
|
"timestamp": "1643379810",
|
||
|
"to_ids": false,
|
||
|
"type": "text",
|
||
|
"uuid": "b04da04a-6d3e-4922-989c-0859c32fb0f4",
|
||
|
"value": "ALLOC"
|
||
|
},
|
||
|
{
|
||
|
"category": "Other",
|
||
|
"comment": "",
|
||
|
"deleted": false,
|
||
|
"disable_correlation": true,
|
||
|
"object_relation": "size-in-bytes",
|
||
|
"timestamp": "1643379810",
|
||
|
"to_ids": false,
|
||
|
"type": "size-in-bytes",
|
||
|
"uuid": "a86f1bc3-ca3d-4956-9817-f08283218b04",
|
||
|
"value": "36"
|
||
|
},
|
||
|
{
|
||
|
"category": "Other",
|
||
|
"comment": "",
|
||
|
"deleted": false,
|
||
|
"disable_correlation": true,
|
||
|
"object_relation": "entropy",
|
||
|
"timestamp": "1643379810",
|
||
|
"to_ids": false,
|
||
|
"type": "float",
|
||
|
"uuid": "008c8967-f970-4af0-9c9a-cd9caa9ffe59",
|
||
|
"value": "4.1360560861958"
|
||
|
},
|
||
|
{
|
||
|
"category": "Payload delivery",
|
||
|
"comment": "",
|
||
|
"deleted": false,
|
||
|
"disable_correlation": false,
|
||
|
"object_relation": "md5",
|
||
|
"timestamp": "1643379810",
|
||
|
"to_ids": true,
|
||
|
"type": "md5",
|
||
|
"uuid": "c452311e-7f2b-47be-af34-581cc2c913d9",
|
||
|
"value": "bf3ea22ac04c8eae8a62485d436c79b9"
|
||
|
},
|
||
|
{
|
||
|
"category": "Payload delivery",
|
||
|
"comment": "",
|
||
|
"deleted": false,
|
||
|
"disable_correlation": false,
|
||
|
"object_relation": "sha1",
|
||
|
"timestamp": "1643379810",
|
||
|
"to_ids": true,
|
||
|
"type": "sha1",
|
||
|
"uuid": "74778584-8755-45d8-8db1-d7837456d0e5",
|
||
|
"value": "ef08a0f6714663c35104ccbc1428f6ce198a2101"
|
||
|
},
|
||
|
{
|
||
|
"category": "Payload delivery",
|
||
|
"comment": "",
|
||
|
"deleted": false,
|
||
|
"disable_correlation": false,
|
||
|
"object_relation": "sha256",
|
||
|
"timestamp": "1643379810",
|
||
|
"to_ids": true,
|
||
|
"type": "sha256",
|
||
|
"uuid": "a2446929-92ad-40af-9657-8ddf609ee4b4",
|
||
|
"value": "709e5cb7547e0b8cb200748b67058ace84f940095fc239d9c69d5774a8639f7a"
|
||
|
},
|
||
|
{
|
||
|
"category": "Payload delivery",
|
||
|
"comment": "",
|
||
|
"deleted": false,
|
||
|
"disable_correlation": false,
|
||
|
"object_relation": "sha512",
|
||
|
"timestamp": "1643379810",
|
||
|
"to_ids": true,
|
||
|
"type": "sha512",
|
||
|
"uuid": "391d58e7-e118-4ebe-8293-0348c110f63d",
|
||
|
"value": "552272399253e57f8f84e1c17eb54cf29c38bae7d257ef7cc6702e2ad97431e7b8d561410ea75b7abf53e2a9a46cdd5db717249f390c62d6770668c0fb108f9c"
|
||
|
},
|
||
|
{
|
||
|
"category": "Payload delivery",
|
||
|
"comment": "",
|
||
|
"deleted": false,
|
||
|
"disable_correlation": false,
|
||
|
"object_relation": "ssdeep",
|
||
|
"timestamp": "1643379810",
|
||
|
"to_ids": true,
|
||
|
"type": "ssdeep",
|
||
|
"uuid": "b755e492-5b5d-4753-8709-efcbe4abc073",
|
||
|
"value": "3:ll/yly/s2rNn:io/Ln"
|
||
|
}
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"comment": "",
|
||
|
"deleted": false,
|
||
|
"description": "Object describing a section of an Executable and Linkable Format",
|
||
|
"meta-category": "file",
|
||
|
"name": "elf-section",
|
||
|
"template_uuid": "ca271f32-1234-4e87-b240-6b6e882de5de",
|
||
|
"template_version": "4",
|
||
|
"timestamp": "1643379810",
|
||
|
"uuid": "6994c40d-0d38-4742-83fa-223ab043ce4f",
|
||
|
"Attribute": [
|
||
|
{
|
||
|
"category": "Other",
|
||
|
"comment": "",
|
||
|
"deleted": false,
|
||
|
"disable_correlation": true,
|
||
|
"object_relation": "name",
|
||
|
"timestamp": "1643379810",
|
||
|
"to_ids": false,
|
||
|
"type": "text",
|
||
|
"uuid": "e4ff3336-b937-42dc-8e2e-7c4ff1a5b579",
|
||
|
"value": ".note.ABI-tag"
|
||
|
},
|
||
|
{
|
||
|
"category": "Other",
|
||
|
"comment": "",
|
||
|
"deleted": false,
|
||
|
"disable_correlation": true,
|
||
|
"object_relation": "type",
|
||
|
"timestamp": "1643379810",
|
||
|
"to_ids": false,
|
||
|
"type": "text",
|
||
|
"uuid": "95934c3a-e127-4310-973c-ff87f362d442",
|
||
|
"value": "NOTE"
|
||
|
},
|
||
|
{
|
||
|
"category": "Other",
|
||
|
"comment": "",
|
||
|
"deleted": false,
|
||
|
"disable_correlation": true,
|
||
|
"object_relation": "flag",
|
||
|
"timestamp": "1643379810",
|
||
|
"to_ids": false,
|
||
|
"type": "text",
|
||
|
"uuid": "1d02c03b-bee7-468a-895f-8f33dbd05574",
|
||
|
"value": "ALLOC"
|
||
|
},
|
||
|
{
|
||
|
"category": "Other",
|
||
|
"comment": "",
|
||
|
"deleted": false,
|
||
|
"disable_correlation": true,
|
||
|
"object_relation": "size-in-bytes",
|
||
|
"timestamp": "1643379810",
|
||
|
"to_ids": false,
|
||
|
"type": "size-in-bytes",
|
||
|
"uuid": "5b26bf2a-e8ab-4f0f-b6f9-dbbf15af5de8",
|
||
|
"value": "32"
|
||
|
},
|
||
|
{
|
||
|
"category": "Other",
|
||
|
"comment": "",
|
||
|
"deleted": false,
|
||
|
"disable_correlation": true,
|
||
|
"object_relation": "entropy",
|
||
|
"timestamp": "1643379810",
|
||
|
"to_ids": false,
|
||
|
"type": "float",
|
||
|
"uuid": "4fb754ab-3f27-499e-884b-ce022858e0a3",
|
||
|
"value": "1.5612781244591"
|
||
|
},
|
||
|
{
|
||
|
"category": "Payload delivery",
|
||
|
"comment": "",
|
||
|
"deleted": false,
|
||
|
"disable_correlation": false,
|
||
|
"object_relation": "md5",
|
||
|
"timestamp": "1643379810",
|
||
|
"to_ids": true,
|
||
|
"type": "md5",
|
||
|
"uuid": "f1a1d586-4804-4257-bca8-6cd6e63f6408",
|
||
|
"value": "3ac31b2ebb8a59ed3542fd7de044fbeb"
|
||
|
},
|
||
|
{
|
||
|
"category": "Payload delivery",
|
||
|
"comment": "",
|
||
|
"deleted": false,
|
||
|
"disable_correlation": false,
|
||
|
"object_relation": "sha1",
|
||
|
"timestamp": "1643379810",
|
||
|
"to_ids": true,
|
||
|
"type": "sha1",
|
||
|
"uuid": "a9775d84-874d-4eb8-bf87-fcdb02ddfc8a",
|
||
|
"value": "ff30407c37eea291004a26a28d988eeedd0ea449"
|
||
|
},
|
||
|
{
|
||
|
"category": "Payload delivery",
|
||
|
"comment": "",
|
||
|
"deleted": false,
|
||
|
"disable_correlation": false,
|
||
|
"object_relation": "sha256",
|
||
|
"timestamp": "1643379810",
|
||
|
"to_ids": true,
|
||
|
"type": "sha256",
|
||
|
"uuid": "24bbd133-92de-4740-b91d-4032bd5cf56b",
|
||
|
"value": "6e48317ad93a8ac2dc04321465ede06d1274543fc8ab172e68171a9d684bb313"
|
||
|
},
|
||
|
{
|
||
|
"category": "Payload delivery",
|
||
|
"comment": "",
|
||
|
"deleted": false,
|
||
|
"disable_correlation": false,
|
||
|
"object_relation": "sha512",
|
||
|
"timestamp": "1643379810",
|
||
|
"to_ids": true,
|
||
|
"type": "sha512",
|
||
|
"uuid": "9c742c03-95b9-41bc-94ec-d7bbc7c159ef",
|
||
|
"value": "a4cbd38f6b8bf2cacbdc70c4db792e2a7d2159a36f84d41daec7164b1c435190667dfe16891cb6ef3339c0f0190bd43735b26794734ebe63a39f8694ae01aeb0"
|
||
|
},
|
||
|
{
|
||
|
"category": "Payload delivery",
|
||
|
"comment": "",
|
||
|
"deleted": false,
|
||
|
"disable_correlation": false,
|
||
|
"object_relation": "ssdeep",
|
||
|
"timestamp": "1643379810",
|
||
|
"to_ids": true,
|
||
|
"type": "ssdeep",
|
||
|
"uuid": "7625057c-f200-4655-89d8-637267f9fa68",
|
||
|
"value": "3:hlslqklllsl:wlqk"
|
||
|
}
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"comment": "",
|
||
|
"deleted": false,
|
||
|
"description": "Object describing a section of an Executable and Linkable Format",
|
||
|
"meta-category": "file",
|
||
|
"name": "elf-section",
|
||
|
"template_uuid": "ca271f32-1234-4e87-b240-6b6e882de5de",
|
||
|
"template_version": "4",
|
||
|
"timestamp": "1643379810",
|
||
|
"uuid": "08bdf6a7-c0ca-4804-b0b0-a85fe7e852dd",
|
||
|
"Attribute": [
|
||
|
{
|
||
|
"category": "Other",
|
||
|
"comment": "",
|
||
|
"deleted": false,
|
||
|
"disable_correlation": true,
|
||
|
"object_relation": "name",
|
||
|
"timestamp": "1643379810",
|
||
|
"to_ids": false,
|
||
|
"type": "text",
|
||
|
"uuid": "87f686d7-56af-4c9c-963a-79c13e8e70f3",
|
||
|
"value": ".rela.plt"
|
||
|
},
|
||
|
{
|
||
|
"category": "Other",
|
||
|
"comment": "",
|
||
|
"deleted": false,
|
||
|
"disable_correlation": true,
|
||
|
"object_relation": "type",
|
||
|
"timestamp": "1643379810",
|
||
|
"to_ids": false,
|
||
|
"type": "text",
|
||
|
"uuid": "d7c84e9e-d0df-4251-a803-281e2516a04d",
|
||
|
"value": "RELA"
|
||
|
},
|
||
|
{
|
||
|
"category": "Other",
|
||
|
"comment": "",
|
||
|
"deleted": false,
|
||
|
"disable_correlation": true,
|
||
|
"object_relation": "flag",
|
||
|
"timestamp": "1643379810",
|
||
|
"to_ids": false,
|
||
|
"type": "text",
|
||
|
"uuid": "ea85a00a-bd1f-439e-996c-b3ff5dda589f",
|
||
|
"value": "INFO_LINK"
|
||
|
},
|
||
|
{
|
||
|
"category": "Other",
|
||
|
"comment": "",
|
||
|
"deleted": false,
|
||
|
"disable_correlation": true,
|
||
|
"object_relation": "flag",
|
||
|
"timestamp": "1643379810",
|
||
|
"to_ids": false,
|
||
|
"type": "text",
|
||
|
"uuid": "c63a5bdc-3ea0-4917-ae75-c63524d382f8",
|
||
|
"value": "ALLOC"
|
||
|
},
|
||
|
{
|
||
|
"category": "Other",
|
||
|
"comment": "",
|
||
|
"deleted": false,
|
||
|
"disable_correlation": true,
|
||
|
"object_relation": "size-in-bytes",
|
||
|
"timestamp": "1643379810",
|
||
|
"to_ids": false,
|
||
|
"type": "size-in-bytes",
|
||
|
"uuid": "f2bd69aa-33c5-437c-8706-e30540b7a9e7",
|
||
|
"value": "720"
|
||
|
},
|
||
|
{
|
||
|
"category": "Other",
|
||
|
"comment": "",
|
||
|
"deleted": false,
|
||
|
"disable_correlation": true,
|
||
|
"object_relation": "entropy",
|
||
|
"timestamp": "1643379810",
|
||
|
"to_ids": false,
|
||
|
"type": "float",
|
||
|
"uuid": "ccf47753-7da2-4d49-a58f-2fe5d8cd325c",
|
||
|
"value": "2.1805033054394"
|
||
|
},
|
||
|
{
|
||
|
"category": "Payload delivery",
|
||
|
"comment": "",
|
||
|
"deleted": false,
|
||
|
"disable_correlation": false,
|
||
|
"object_relation": "md5",
|
||
|
"timestamp": "1643379810",
|
||
|
"to_ids": true,
|
||
|
"type": "md5",
|
||
|
"uuid": "ea692360-0bc5-4591-823e-bb923cbaac33",
|
||
|
"value": "9c55b12ecee452dfc4b21363c0f988e8"
|
||
|
},
|
||
|
{
|
||
|
"category": "Payload delivery",
|
||
|
"comment": "",
|
||
|
"deleted": false,
|
||
|
"disable_correlation": false,
|
||
|
"object_relation": "sha1",
|
||
|
"timestamp": "1643379810",
|
||
|
"to_ids": true,
|
||
|
"type": "sha1",
|
||
|
"uuid": "c0389fe0-daa5-4c8f-9feb-a117f4c7e9d0",
|
||
|
"value": "a9b079210ea566585598ad0e97bc02c90741e657"
|
||
|
},
|
||
|
{
|
||
|
"category": "Payload delivery",
|
||
|
"comment": "",
|
||
|
"deleted": false,
|
||
|
"disable_correlation": false,
|
||
|
"object_relation": "sha256",
|
||
|
"timestamp": "1643379810",
|
||
|
"to_ids": true,
|
||
|
"type": "sha256",
|
||
|
"uuid": "4b6537d6-a48f-46b9-879e-7fed1993064a",
|
||
|
"value": "c63eea6064b2c14f0ccd7a2cb1ded9c0df7a3db79ce8f322fb2c9428476840d1"
|
||
|
},
|
||
|
{
|
||
|
"category": "Payload delivery",
|
||
|
"comment": "",
|
||
|
"deleted": false,
|
||
|
"disable_correlation": false,
|
||
|
"object_relation": "sha512",
|
||
|
"timestamp": "1643379810",
|
||
|
"to_ids": true,
|
||
|
"type": "sha512",
|
||
|
"uuid": "6fe9e7c4-648e-4712-b7de-cd2945aff371",
|
||
|
"value": "673a7cc843eb7b15a461d9b3990dab2586e44814e362f5e41a9a69db21f36625c4f9bd8e10db57f7d32cef4524b63486345545afe18cb710c5ac7d56df9b5c41"
|
||
|
},
|
||
|
{
|
||
|
"category": "Payload delivery",
|
||
|
"comment": "",
|
||
|
"deleted": false,
|
||
|
"disable_correlation": false,
|
||
|
"object_relation": "ssdeep",
|
||
|
"timestamp": "1643379810",
|
||
|
"to_ids": true,
|
||
|
"type": "ssdeep",
|
||
|
"uuid": "51e2547f-cc01-4c69-95ef-a08a21b5590e",
|
||
|
"value": "12:zm01BgUqw8G0IKTXtJOOZVO26pGkw+XiZqm4J:zm01Bxqw83IKTXtJOOZVO26pGkweiZq3"
|
||
|
}
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"comment": "",
|
||
|
"deleted": false,
|
||
|
"description": "Object describing a section of an Executable and Linkable Format",
|
||
|
"meta-category": "file",
|
||
|
"name": "elf-section",
|
||
|
"template_uuid": "ca271f32-1234-4e87-b240-6b6e882de5de",
|
||
|
"template_version": "4",
|
||
|
"timestamp": "1643379810",
|
||
|
"uuid": "04dc6d5f-9f25-4855-8ca7-724299500296",
|
||
|
"Attribute": [
|
||
|
{
|
||
|
"category": "Other",
|
||
|
"comment": "",
|
||
|
"deleted": false,
|
||
|
"disable_correlation": true,
|
||
|
"object_relation": "name",
|
||
|
"timestamp": "1643379810",
|
||
|
"to_ids": false,
|
||
|
"type": "text",
|
||
|
"uuid": "d37371e1-ef36-48d4-8eef-c17dafaeeb5a",
|
||
|
"value": ".init"
|
||
|
},
|
||
|
{
|
||
|
"category": "Other",
|
||
|
"comment": "",
|
||
|
"deleted": false,
|
||
|
"disable_correlation": true,
|
||
|
"object_relation": "type",
|
||
|
"timestamp": "1643379810",
|
||
|
"to_ids": false,
|
||
|
"type": "text",
|
||
|
"uuid": "c66d2eba-76ae-4144-82ae-129edfbf82cb",
|
||
|
"value": "PROGBITS"
|
||
|
},
|
||
|
{
|
||
|
"category": "Other",
|
||
|
"comment": "",
|
||
|
"deleted": false,
|
||
|
"disable_correlation": true,
|
||
|
"object_relation": "flag",
|
||
|
"timestamp": "1643379810",
|
||
|
"to_ids": false,
|
||
|
"type": "text",
|
||
|
"uuid": "50152080-6337-42bc-93b7-114eba9aae05",
|
||
|
"value": "ALLOC"
|
||
|
},
|
||
|
{
|
||
|
"category": "Other",
|
||
|
"comment": "",
|
||
|
"deleted": false,
|
||
|
"disable_correlation": true,
|
||
|
"object_relation": "flag",
|
||
|
"timestamp": "1643379810",
|
||
|
"to_ids": false,
|
||
|
"type": "text",
|
||
|
"uuid": "aef54072-8bc3-4952-8cf7-3237972bc7cd",
|
||
|
"value": "EXECINSTR"
|
||
|
},
|
||
|
{
|
||
|
"category": "Other",
|
||
|
"comment": "",
|
||
|
"deleted": false,
|
||
|
"disable_correlation": true,
|
||
|
"object_relation": "size-in-bytes",
|
||
|
"timestamp": "1643379810",
|
||
|
"to_ids": false,
|
||
|
"type": "size-in-bytes",
|
||
|
"uuid": "fa133dbb-a1fb-48b3-b96f-9b1b071434bc",
|
||
|
"value": "23"
|
||
|
},
|
||
|
{
|
||
|
"category": "Other",
|
||
|
"comment": "",
|
||
|
"deleted": false,
|
||
|
"disable_correlation": true,
|
||
|
"object_relation": "entropy",
|
||
|
"timestamp": "1643379810",
|
||
|
"to_ids": false,
|
||
|
"type": "float",
|
||
|
"uuid": "12acbc4e-49aa-43e3-9a1a-37c9597db9e6",
|
||
|
"value": "3.5670402169266"
|
||
|
},
|
||
|
{
|
||
|
"category": "Payload delivery",
|
||
|
"comment": "",
|
||
|
"deleted": false,
|
||
|
"disable_correlation": false,
|
||
|
"object_relation": "md5",
|
||
|
"timestamp": "1643379810",
|
||
|
"to_ids": true,
|
||
|
"type": "md5",
|
||
|
"uuid": "076cb10b-042b-43cb-9038-e509b3f2be25",
|
||
|
"value": "f04a7791ce8e0ac844b5836e22a70ef4"
|
||
|
},
|
||
|
{
|
||
|
"category": "Payload delivery",
|
||
|
"comment": "",
|
||
|
"deleted": false,
|
||
|
"disable_correlation": false,
|
||
|
"object_relation": "sha1",
|
||
|
"timestamp": "1643379810",
|
||
|
"to_ids": true,
|
||
|
"type": "sha1",
|
||
|
"uuid": "20a37d83-f6a9-4b3c-93a8-b70d958490bc",
|
||
|
"value": "c6856938bdc9fcecb040e17b9c66931cdd56938a"
|
||
|
},
|
||
|
{
|
||
|
"category": "Payload delivery",
|
||
|
"comment": "",
|
||
|
"deleted": false,
|
||
|
"disable_correlation": false,
|
||
|
"object_relation": "sha256",
|
||
|
"timestamp": "1643379810",
|
||
|
"to_ids": true,
|
||
|
"type": "sha256",
|
||
|
"uuid": "ab9b5c1e-b989-4a0f-a9c0-f5c888bc35eb",
|
||
|
"value": "6435ea37bcfb4a907f6bbd90fc4846c2aa2ed0605eabd7dc43e3697401c95842"
|
||
|
},
|
||
|
{
|
||
|
"category": "Payload delivery",
|
||
|
"comment": "",
|
||
|
"deleted": false,
|
||
|
"disable_correlation": false,
|
||
|
"object_relation": "sha512",
|
||
|
"timestamp": "1643379810",
|
||
|
"to_ids": true,
|
||
|
"type": "sha512",
|
||
|
"uuid": "27320a8a-50fc-4792-a9da-9a2f0f93d8ac",
|
||
|
"value": "86b816440cb81f67209529f4b9e6b13c2848b07f80233515e909e551cfe7d643c31db1264cebd193b53d3dfd8a79c95aade026b4ae76de867f6a20f660098c89"
|
||
|
},
|
||
|
{
|
||
|
"category": "Payload delivery",
|
||
|
"comment": "",
|
||
|
"deleted": false,
|
||
|
"disable_correlation": false,
|
||
|
"object_relation": "ssdeep",
|
||
|
"timestamp": "1643379810",
|
||
|
"to_ids": true,
|
||
|
"type": "ssdeep",
|
||
|
"uuid": "f1d2c722-9cea-4628-91bf-7c65abd580da",
|
||
|
"value": "3:4QgRVhU:ngJU"
|
||
|
}
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"comment": "",
|
||
|
"deleted": false,
|
||
|
"description": "Object describing a section of an Executable and Linkable Format",
|
||
|
"meta-category": "file",
|
||
|
"name": "elf-section",
|
||
|
"template_uuid": "ca271f32-1234-4e87-b240-6b6e882de5de",
|
||
|
"template_version": "4",
|
||
|
"timestamp": "1643379810",
|
||
|
"uuid": "8c4d1d56-076b-43f7-9fd4-a5ab61aef707",
|
||
|
"Attribute": [
|
||
|
{
|
||
|
"category": "Other",
|
||
|
"comment": "",
|
||
|
"deleted": false,
|
||
|
"disable_correlation": true,
|
||
|
"object_relation": "name",
|
||
|
"timestamp": "1643379810",
|
||
|
"to_ids": false,
|
||
|
"type": "text",
|
||
|
"uuid": "a02306e0-c952-4541-b522-2dd67b6edd37",
|
||
|
"value": ".plt"
|
||
|
},
|
||
|
{
|
||
|
"category": "Other",
|
||
|
"comment": "",
|
||
|
"deleted": false,
|
||
|
"disable_correlation": true,
|
||
|
"object_relation": "type",
|
||
|
"timestamp": "1643379810",
|
||
|
"to_ids": false,
|
||
|
"type": "text",
|
||
|
"uuid": "715ea5c5-3e7b-4e43-b9ae-50953a7c2f8e",
|
||
|
"value": "PROGBITS"
|
||
|
},
|
||
|
{
|
||
|
"category": "Other",
|
||
|
"comment": "",
|
||
|
"deleted": false,
|
||
|
"disable_correlation": true,
|
||
|
"object_relation": "flag",
|
||
|
"timestamp": "1643379810",
|
||
|
"to_ids": false,
|
||
|
"type": "text",
|
||
|
"uuid": "22191ff0-f12c-479d-b0a2-807b19b36a06",
|
||
|
"value": "ALLOC"
|
||
|
},
|
||
|
{
|
||
|
"category": "Other",
|
||
|
"comment": "",
|
||
|
"deleted": false,
|
||
|
"disable_correlation": true,
|
||
|
"object_relation": "flag",
|
||
|
"timestamp": "1643379810",
|
||
|
"to_ids": false,
|
||
|
"type": "text",
|
||
|
"uuid": "fa9793a2-148f-4b84-9370-718238179012",
|
||
|
"value": "EXECINSTR"
|
||
|
},
|
||
|
{
|
||
|
"category": "Other",
|
||
|
"comment": "",
|
||
|
"deleted": false,
|
||
|
"disable_correlation": true,
|
||
|
"object_relation": "size-in-bytes",
|
||
|
"timestamp": "1643379810",
|
||
|
"to_ids": false,
|
||
|
"type": "size-in-bytes",
|
||
|
"uuid": "1441ea9b-2f27-4728-a40e-3149803bbdb5",
|
||
|
"value": "240"
|
||
|
},
|
||
|
{
|
||
|
"category": "Other",
|
||
|
"comment": "",
|
||
|
"deleted": false,
|
||
|
"disable_correlation": true,
|
||
|
"object_relation": "entropy",
|
||
|
"timestamp": "1643379810",
|
||
|
"to_ids": false,
|
||
|
"type": "float",
|
||
|
"uuid": "3cc9ea66-39aa-462e-bf10-240167ff3b7d",
|
||
|
"value": "3"
|
||
|
},
|
||
|
{
|
||
|
"category": "Payload delivery",
|
||
|
"comment": "",
|
||
|
"deleted": false,
|
||
|
"disable_correlation": false,
|
||
|
"object_relation": "md5",
|
||
|
"timestamp": "1643379810",
|
||
|
"to_ids": true,
|
||
|
"type": "md5",
|
||
|
"uuid": "a3906184-6c04-48c6-b15c-c68fbe770922",
|
||
|
"value": "71b1324a418e99f531163b6bc2a9b45f"
|
||
|
},
|
||
|
{
|
||
|
"category": "Payload delivery",
|
||
|
"comment": "",
|
||
|
"deleted": false,
|
||
|
"disable_correlation": false,
|
||
|
"object_relation": "sha1",
|
||
|
"timestamp": "1643379810",
|
||
|
"to_ids": true,
|
||
|
"type": "sha1",
|
||
|
"uuid": "c06a2edd-1438-4368-a718-80535a9cb1a3",
|
||
|
"value": "44abf51c6235774f8fcab452157b975526b5fdf1"
|
||
|
},
|
||
|
{
|
||
|
"category": "Payload delivery",
|
||
|
"comment": "",
|
||
|
"deleted": false,
|
||
|
"disable_correlation": false,
|
||
|
"object_relation": "sha256",
|
||
|
"timestamp": "1643379810",
|
||
|
"to_ids": true,
|
||
|
"type": "sha256",
|
||
|
"uuid": "93ed3cd6-1161-435b-ad67-93579058786b",
|
||
|
"value": "85dfb9afda74c54f07857c16630c80d22bf27869242b2e70e69e8e0a30ca2f06"
|
||
|
},
|
||
|
{
|
||
|
"category": "Payload delivery",
|
||
|
"comment": "",
|
||
|
"deleted": false,
|
||
|
"disable_correlation": false,
|
||
|
"object_relation": "sha512",
|
||
|
"timestamp": "1643379810",
|
||
|
"to_ids": true,
|
||
|
"type": "sha512",
|
||
|
"uuid": "cf3623da-5840-4304-abbc-bd03bd43edee",
|
||
|
"value": "eecdd17c872ab7a8daa2f962de564462518908b5adbdd1ad7dfb08ad90b6b6cf85de196176c97eb12e79bb60806b8ad79bfcc1f3d13e7289dc44618a7607b11e"
|
||
|
},
|
||
|
{
|
||
|
"category": "Payload delivery",
|
||
|
"comment": "",
|
||
|
"deleted": false,
|
||
|
"disable_correlation": false,
|
||
|
"object_relation": "ssdeep",
|
||
|
"timestamp": "1643379810",
|
||
|
"to_ids": true,
|
||
|
"type": "ssdeep",
|
||
|
"uuid": "6f0a116d-7004-4e45-8e8b-b51fbaade85e",
|
||
|
"value": "3:LfKP0L0L0L0L0L0L0L0L0L0L0L0L0L0L0L0L0L0L0L0L0L0L0L0L0L0L0L0L0Ln:r/"
|
||
|
}
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"comment": "",
|
||
|
"deleted": false,
|
||
|
"description": "Object describing a section of an Executable and Linkable Format",
|
||
|
"meta-category": "file",
|
||
|
"name": "elf-section",
|
||
|
"template_uuid": "ca271f32-1234-4e87-b240-6b6e882de5de",
|
||
|
"template_version": "4",
|
||
|
"timestamp": "1643379810",
|
||
|
"uuid": "477fe223-252c-4506-99cf-d5b0141824c1",
|
||
|
"Attribute": [
|
||
|
{
|
||
|
"category": "Other",
|
||
|
"comment": "",
|
||
|
"deleted": false,
|
||
|
"disable_correlation": true,
|
||
|
"object_relation": "name",
|
||
|
"timestamp": "1643379810",
|
||
|
"to_ids": false,
|
||
|
"type": "text",
|
||
|
"uuid": "f932e5c3-5001-423c-88c2-76292c78d086",
|
||
|
"value": ".text"
|
||
|
},
|
||
|
{
|
||
|
"category": "Other",
|
||
|
"comment": "",
|
||
|
"deleted": false,
|
||
|
"disable_correlation": true,
|
||
|
"object_relation": "type",
|
||
|
"timestamp": "1643379810",
|
||
|
"to_ids": false,
|
||
|
"type": "text",
|
||
|
"uuid": "23247184-0377-4696-93ea-df874e110427",
|
||
|
"value": "PROGBITS"
|
||
|
},
|
||
|
{
|
||
|
"category": "Other",
|
||
|
"comment": "",
|
||
|
"deleted": false,
|
||
|
"disable_correlation": true,
|
||
|
"object_relation": "flag",
|
||
|
"timestamp": "1643379810",
|
||
|
"to_ids": false,
|
||
|
"type": "text",
|
||
|
"uuid": "841ff7d1-6c3c-4e57-ac66-9b59e3ca6dd6",
|
||
|
"value": "ALLOC"
|
||
|
},
|
||
|
{
|
||
|
"category": "Other",
|
||
|
"comment": "",
|
||
|
"deleted": false,
|
||
|
"disable_correlation": true,
|
||
|
"object_relation": "flag",
|
||
|
"timestamp": "1643379810",
|
||
|
"to_ids": false,
|
||
|
"type": "text",
|
||
|
"uuid": "ecc0e96c-f6d5-4301-b40a-ea38d5a9ed0f",
|
||
|
"value": "EXECINSTR"
|
||
|
},
|
||
|
{
|
||
|
"category": "Other",
|
||
|
"comment": "",
|
||
|
"deleted": false,
|
||
|
"disable_correlation": true,
|
||
|
"object_relation": "size-in-bytes",
|
||
|
"timestamp": "1643379810",
|
||
|
"to_ids": false,
|
||
|
"type": "size-in-bytes",
|
||
|
"uuid": "e3b05232-143f-4abf-9322-85c6d17236cf",
|
||
|
"value": "751920"
|
||
|
},
|
||
|
{
|
||
|
"category": "Other",
|
||
|
"comment": "",
|
||
|
"deleted": false,
|
||
|
"disable_correlation": true,
|
||
|
"object_relation": "entropy",
|
||
|
"timestamp": "1643379810",
|
||
|
"to_ids": false,
|
||
|
"type": "float",
|
||
|
"uuid": "11cfd885-b304-4291-8c94-87e2fa009dfe",
|
||
|
"value": "6.4136158596844"
|
||
|
},
|
||
|
{
|
||
|
"category": "Payload delivery",
|
||
|
"comment": "",
|
||
|
"deleted": false,
|
||
|
"disable_correlation": false,
|
||
|
"object_relation": "md5",
|
||
|
"timestamp": "1643379810",
|
||
|
"to_ids": true,
|
||
|
"type": "md5",
|
||
|
"uuid": "1e6aae70-04de-496b-8bcc-fa9aa0a69f0e",
|
||
|
"value": "13632ccc865f0dcc9e7feeefc846937c"
|
||
|
},
|
||
|
{
|
||
|
"category": "Payload delivery",
|
||
|
"comment": "",
|
||
|
"deleted": false,
|
||
|
"disable_correlation": false,
|
||
|
"object_relation": "sha1",
|
||
|
"timestamp": "1643379810",
|
||
|
"to_ids": true,
|
||
|
"type": "sha1",
|
||
|
"uuid": "ea42b660-193c-417c-86ea-53b534ecddb4",
|
||
|
"value": "bcfdbe37f0c1fe09965ed0167dd6e54bb300edf9"
|
||
|
},
|
||
|
{
|
||
|
"category": "Payload delivery",
|
||
|
"comment": "",
|
||
|
"deleted": false,
|
||
|
"disable_correlation": false,
|
||
|
"object_relation": "sha256",
|
||
|
"timestamp": "1643379811",
|
||
|
"to_ids": true,
|
||
|
"type": "sha256",
|
||
|
"uuid": "b4460c08-a460-4663-b31c-485754b3bc28",
|
||
|
"value": "c56a5bd81d3b5c6b297a779215ddf3e61ad8c7821931379c4d8dbdb27cfc9718"
|
||
|
},
|
||
|
{
|
||
|
"category": "Payload delivery",
|
||
|
"comment": "",
|
||
|
"deleted": false,
|
||
|
"disable_correlation": false,
|
||
|
"object_relation": "sha512",
|
||
|
"timestamp": "1643379811",
|
||
|
"to_ids": true,
|
||
|
"type": "sha512",
|
||
|
"uuid": "53ab69ea-7c8f-4912-b61d-64f858c66bc7",
|
||
|
"value": "7e98a788963643730ee30a11c1cacf14118453badb7758d9cc3ada72408775ab61a573284e3f770ae7ee20f8e91ed331aad49df4f7cf33af16e07c5605862d71"
|
||
|
},
|
||
|
{
|
||
|
"category": "Payload delivery",
|
||
|
"comment": "",
|
||
|
"deleted": false,
|
||
|
"disable_correlation": false,
|
||
|
"object_relation": "ssdeep",
|
||
|
"timestamp": "1643379811",
|
||
|
"to_ids": true,
|
||
|
"type": "ssdeep",
|
||
|
"uuid": "615dd661-7a08-4c68-b4af-c2b422b6cc34",
|
||
|
"value": "12288:NUkkhE6pENVm/jwzAtRfYjz09InxIkLkBk:Gkm/jwzAt5koInxIm"
|
||
|
}
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"comment": "",
|
||
|
"deleted": false,
|
||
|
"description": "Object describing a section of an Executable and Linkable Format",
|
||
|
"meta-category": "file",
|
||
|
"name": "elf-section",
|
||
|
"template_uuid": "ca271f32-1234-4e87-b240-6b6e882de5de",
|
||
|
"template_version": "4",
|
||
|
"timestamp": "1643379811",
|
||
|
"uuid": "f6b98e69-863a-453d-b203-4ad6daf96031",
|
||
|
"Attribute": [
|
||
|
{
|
||
|
"category": "Other",
|
||
|
"comment": "",
|
||
|
"deleted": false,
|
||
|
"disable_correlation": true,
|
||
|
"object_relation": "name",
|
||
|
"timestamp": "1643379811",
|
||
|
"to_ids": false,
|
||
|
"type": "text",
|
||
|
"uuid": "4f4c1b18-7f63-48da-9b7f-004119a81d4d",
|
||
|
"value": "__libc_freeres_fn"
|
||
|
},
|
||
|
{
|
||
|
"category": "Other",
|
||
|
"comment": "",
|
||
|
"deleted": false,
|
||
|
"disable_correlation": true,
|
||
|
"object_relation": "type",
|
||
|
"timestamp": "1643379811",
|
||
|
"to_ids": false,
|
||
|
"type": "text",
|
||
|
"uuid": "1e5f22d3-08a3-4975-90c5-44a64008f843",
|
||
|
"value": "PROGBITS"
|
||
|
},
|
||
|
{
|
||
|
"category": "Other",
|
||
|
"comment": "",
|
||
|
"deleted": false,
|
||
|
"disable_correlation": true,
|
||
|
"object_relation": "flag",
|
||
|
"timestamp": "1643379811",
|
||
|
"to_ids": false,
|
||
|
"type": "text",
|
||
|
"uuid": "08bc2e04-41b2-4478-b5cd-433646d649f9",
|
||
|
"value": "ALLOC"
|
||
|
},
|
||
|
{
|
||
|
"category": "Other",
|
||
|
"comment": "",
|
||
|
"deleted": false,
|
||
|
"disable_correlation": true,
|
||
|
"object_relation": "flag",
|
||
|
"timestamp": "1643379811",
|
||
|
"to_ids": false,
|
||
|
"type": "text",
|
||
|
"uuid": "f9e38af2-3e23-4a81-a67f-5481fee84737",
|
||
|
"value": "EXECINSTR"
|
||
|
},
|
||
|
{
|
||
|
"category": "Other",
|
||
|
"comment": "",
|
||
|
"deleted": false,
|
||
|
"disable_correlation": true,
|
||
|
"object_relation": "size-in-bytes",
|
||
|
"timestamp": "1643379811",
|
||
|
"to_ids": false,
|
||
|
"type": "size-in-bytes",
|
||
|
"uuid": "76cffbc0-fbf0-4046-b35f-ed45e8fc3814",
|
||
|
"value": "2920"
|
||
|
},
|
||
|
{
|
||
|
"category": "Other",
|
||
|
"comment": "",
|
||
|
"deleted": false,
|
||
|
"disable_correlation": true,
|
||
|
"object_relation": "entropy",
|
||
|
"timestamp": "1643379811",
|
||
|
"to_ids": false,
|
||
|
"type": "float",
|
||
|
"uuid": "8cb170f7-fbfe-4655-9836-89838af2c503",
|
||
|
"value": "6.0319278491528"
|
||
|
},
|
||
|
{
|
||
|
"category": "Payload delivery",
|
||
|
"comment": "",
|
||
|
"deleted": false,
|
||
|
"disable_correlation": false,
|
||
|
"object_relation": "md5",
|
||
|
"timestamp": "1643379811",
|
||
|
"to_ids": true,
|
||
|
"type": "md5",
|
||
|
"uuid": "31f44f13-372f-4ea8-bdba-e0d6495ae0b8",
|
||
|
"value": "f00fa594145d046eb63deb1480a06ad5"
|
||
|
},
|
||
|
{
|
||
|
"category": "Payload delivery",
|
||
|
"comment": "",
|
||
|
"deleted": false,
|
||
|
"disable_correlation": false,
|
||
|
"object_relation": "sha1",
|
||
|
"timestamp": "1643379811",
|
||
|
"to_ids": true,
|
||
|
"type": "sha1",
|
||
|
"uuid": "6cd8573e-2262-4d88-945e-ea46582d91a8",
|
||
|
"value": "8d4895ab5aee8b98edc300fc8a1efabe6fee7f3d"
|
||
|
},
|
||
|
{
|
||
|
"category": "Payload delivery",
|
||
|
"comment": "",
|
||
|
"deleted": false,
|
||
|
"disable_correlation": false,
|
||
|
"object_relation": "sha256",
|
||
|
"timestamp": "1643379811",
|
||
|
"to_ids": true,
|
||
|
"type": "sha256",
|
||
|
"uuid": "eed9a33d-f7de-4216-9a74-d6d3009c5c96",
|
||
|
"value": "e65d50cd4e3d5b752b13dfd83cf247ef2375e072b2a478cf8c2b724984152c87"
|
||
|
},
|
||
|
{
|
||
|
"category": "Payload delivery",
|
||
|
"comment": "",
|
||
|
"deleted": false,
|
||
|
"disable_correlation": false,
|
||
|
"object_relation": "sha512",
|
||
|
"timestamp": "1643379811",
|
||
|
"to_ids": true,
|
||
|
"type": "sha512",
|
||
|
"uuid": "ab53d12f-8205-4fd0-b96c-5764d911ac80",
|
||
|
"value": "38ae36d8907ba3c03707f6ae76cc64527616033f522bd3c51fc078f5a3084eb02f3dbd3237cbdd82814ed53cf19bcb6d1f3821a2d5640ca71987fecf133179a0"
|
||
|
},
|
||
|
{
|
||
|
"category": "Payload delivery",
|
||
|
"comment": "",
|
||
|
"deleted": false,
|
||
|
"disable_correlation": false,
|
||
|
"object_relation": "ssdeep",
|
||
|
"timestamp": "1643379811",
|
||
|
"to_ids": true,
|
||
|
"type": "ssdeep",
|
||
|
"uuid": "1b608a60-0fad-4e69-9050-db81cdc7528f",
|
||
|
"value": "48:B9NQtAzX2ebokMynB2WrkBRA9f4AWMzWc5f64QeobI6wfU11KDpNZb6t1:BPLXtlMoqpCpobI6w8PKNNZba"
|
||
|
}
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"comment": "",
|
||
|
"deleted": false,
|
||
|
"description": "Object describing a section of an Executable and Linkable Format",
|
||
|
"meta-category": "file",
|
||
|
"name": "elf-section",
|
||
|
"template_uuid": "ca271f32-1234-4e87-b240-6b6e882de5de",
|
||
|
"template_version": "4",
|
||
|
"timestamp": "1643379811",
|
||
|
"uuid": "43f17071-8590-4431-b05a-1ba373f06156",
|
||
|
"Attribute": [
|
||
|
{
|
||
|
"category": "Other",
|
||
|
"comment": "",
|
||
|
"deleted": false,
|
||
|
"disable_correlation": true,
|
||
|
"object_relation": "name",
|
||
|
"timestamp": "1643379811",
|
||
|
"to_ids": false,
|
||
|
"type": "text",
|
||
|
"uuid": "d9f11433-67a9-4629-a1b7-ba819770b8a0",
|
||
|
"value": ".fini"
|
||
|
},
|
||
|
{
|
||
|
"category": "Other",
|
||
|
"comment": "",
|
||
|
"deleted": false,
|
||
|
"disable_correlation": true,
|
||
|
"object_relation": "type",
|
||
|
"timestamp": "1643379811",
|
||
|
"to_ids": false,
|
||
|
"type": "text",
|
||
|
"uuid": "d8527bc9-957e-41db-a891-a0dd94233fa6",
|
||
|
"value": "PROGBITS"
|
||
|
},
|
||
|
{
|
||
|
"category": "Other",
|
||
|
"comment": "",
|
||
|
"deleted": false,
|
||
|
"disable_correlation": true,
|
||
|
"object_relation": "flag",
|
||
|
"timestamp": "1643379811",
|
||
|
"to_ids": false,
|
||
|
"type": "text",
|
||
|
"uuid": "c385068b-4446-4c7c-8a7f-666428e7e94b",
|
||
|
"value": "ALLOC"
|
||
|
},
|
||
|
{
|
||
|
"category": "Other",
|
||
|
"comment": "",
|
||
|
"deleted": false,
|
||
|
"disable_correlation": true,
|
||
|
"object_relation": "flag",
|
||
|
"timestamp": "1643379811",
|
||
|
"to_ids": false,
|
||
|
"type": "text",
|
||
|
"uuid": "fa45f561-9ae0-454c-abe0-141cabfecd29",
|
||
|
"value": "EXECINSTR"
|
||
|
},
|
||
|
{
|
||
|
"category": "Other",
|
||
|
"comment": "",
|
||
|
"deleted": false,
|
||
|
"disable_correlation": true,
|
||
|
"object_relation": "size-in-bytes",
|
||
|
"timestamp": "1643379811",
|
||
|
"to_ids": false,
|
||
|
"type": "size-in-bytes",
|
||
|
"uuid": "3b80da5e-59b0-40f7-95a3-c99d4b1fbec6",
|
||
|
"value": "9"
|
||
|
},
|
||
|
{
|
||
|
"category": "Other",
|
||
|
"comment": "",
|
||
|
"deleted": false,
|
||
|
"disable_correlation": true,
|
||
|
"object_relation": "entropy",
|
||
|
"timestamp": "1643379811",
|
||
|
"to_ids": false,
|
||
|
"type": "float",
|
||
|
"uuid": "95a18e1e-3049-4fda-9316-02d0031aedc6",
|
||
|
"value": "2.5032583347756"
|
||
|
},
|
||
|
{
|
||
|
"category": "Payload delivery",
|
||
|
"comment": "",
|
||
|
"deleted": false,
|
||
|
"disable_correlation": false,
|
||
|
"object_relation": "md5",
|
||
|
"timestamp": "1643379811",
|
||
|
"to_ids": true,
|
||
|
"type": "md5",
|
||
|
"uuid": "2f51308b-48ec-48a8-9f71-0ec08908f016",
|
||
|
"value": "c0ebd410fb9cd5628270064c1ed937ed"
|
||
|
},
|
||
|
{
|
||
|
"category": "Payload delivery",
|
||
|
"comment": "",
|
||
|
"deleted": false,
|
||
|
"disable_correlation": false,
|
||
|
"object_relation": "sha1",
|
||
|
"timestamp": "1643379811",
|
||
|
"to_ids": true,
|
||
|
"type": "sha1",
|
||
|
"uuid": "d780a5b6-a9a7-42e2-932b-bfec53f2b0b3",
|
||
|
"value": "fa7de3c1bbc31c0cfd7a16048b53b1bce8d2c590"
|
||
|
},
|
||
|
{
|
||
|
"category": "Payload delivery",
|
||
|
"comment": "",
|
||
|
"deleted": false,
|
||
|
"disable_correlation": false,
|
||
|
"object_relation": "sha256",
|
||
|
"timestamp": "1643379811",
|
||
|
"to_ids": true,
|
||
|
"type": "sha256",
|
||
|
"uuid": "9c3174f6-d986-4f56-83f4-0ecb88fc5e64",
|
||
|
"value": "66e6f54550612182b4ad78f30b140dd08318b968db3878de2db65fef87dc04d7"
|
||
|
},
|
||
|
{
|
||
|
"category": "Payload delivery",
|
||
|
"comment": "",
|
||
|
"deleted": false,
|
||
|
"disable_correlation": false,
|
||
|
"object_relation": "sha512",
|
||
|
"timestamp": "1643379811",
|
||
|
"to_ids": true,
|
||
|
"type": "sha512",
|
||
|
"uuid": "bc2754ef-81db-4bbb-bab8-7059d2c98bbb",
|
||
|
"value": "4852df44be27a842795bdc6d623c510b381f027399198ec6d481d90f29dbd6c5a3721460086e1080bb53b9fb5cf852e710f97f1dd4912ad61711150979c9e715"
|
||
|
},
|
||
|
{
|
||
|
"category": "Payload delivery",
|
||
|
"comment": "",
|
||
|
"deleted": false,
|
||
|
"disable_correlation": false,
|
||
|
"object_relation": "ssdeep",
|
||
|
"timestamp": "1643379811",
|
||
|
"to_ids": true,
|
||
|
"type": "ssdeep",
|
||
|
"uuid": "a66a19d1-aa1d-4ef3-a46e-0492152392f4",
|
||
|
"value": "3:4Ui:ji"
|
||
|
}
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"comment": "",
|
||
|
"deleted": false,
|
||
|
"description": "Object describing a section of an Executable and Linkable Format",
|
||
|
"meta-category": "file",
|
||
|
"name": "elf-section",
|
||
|
"template_uuid": "ca271f32-1234-4e87-b240-6b6e882de5de",
|
||
|
"template_version": "4",
|
||
|
"timestamp": "1643379811",
|
||
|
"uuid": "988dae6b-7878-45d3-bb52-3483cfaa90ac",
|
||
|
"Attribute": [
|
||
|
{
|
||
|
"category": "Other",
|
||
|
"comment": "",
|
||
|
"deleted": false,
|
||
|
"disable_correlation": true,
|
||
|
"object_relation": "name",
|
||
|
"timestamp": "1643379811",
|
||
|
"to_ids": false,
|
||
|
"type": "text",
|
||
|
"uuid": "3056b32b-4a25-4303-8571-c33249a006f4",
|
||
|
"value": ".rodata"
|
||
|
},
|
||
|
{
|
||
|
"category": "Other",
|
||
|
"comment": "",
|
||
|
"deleted": false,
|
||
|
"disable_correlation": true,
|
||
|
"object_relation": "type",
|
||
|
"timestamp": "1643379811",
|
||
|
"to_ids": false,
|
||
|
"type": "text",
|
||
|
"uuid": "955eb041-7e5b-44db-b414-df5fa6fab44a",
|
||
|
"value": "PROGBITS"
|
||
|
},
|
||
|
{
|
||
|
"category": "Other",
|
||
|
"comment": "",
|
||
|
"deleted": false,
|
||
|
"disable_correlation": true,
|
||
|
"object_relation": "flag",
|
||
|
"timestamp": "1643379811",
|
||
|
"to_ids": false,
|
||
|
"type": "text",
|
||
|
"uuid": "a8a45b73-d343-4665-927c-9c0f4811d353",
|
||
|
"value": "ALLOC"
|
||
|
},
|
||
|
{
|
||
|
"category": "Other",
|
||
|
"comment": "",
|
||
|
"deleted": false,
|
||
|
"disable_correlation": true,
|
||
|
"object_relation": "size-in-bytes",
|
||
|
"timestamp": "1643379811",
|
||
|
"to_ids": false,
|
||
|
"type": "size-in-bytes",
|
||
|
"uuid": "d4fe52e2-4114-46e0-ab0f-1048d630e0bb",
|
||
|
"value": "131044"
|
||
|
},
|
||
|
{
|
||
|
"category": "Other",
|
||
|
"comment": "",
|
||
|
"deleted": false,
|
||
|
"disable_correlation": true,
|
||
|
"object_relation": "entropy",
|
||
|
"timestamp": "1643379811",
|
||
|
"to_ids": false,
|
||
|
"type": "float",
|
||
|
"uuid": "6d4c8c6c-5618-4865-96fd-e62329c2130a",
|
||
|
"value": "5.1104698168094"
|
||
|
},
|
||
|
{
|
||
|
"category": "Payload delivery",
|
||
|
"comment": "",
|
||
|
"deleted": false,
|
||
|
"disable_correlation": false,
|
||
|
"object_relation": "md5",
|
||
|
"timestamp": "1643379811",
|
||
|
"to_ids": true,
|
||
|
"type": "md5",
|
||
|
"uuid": "17157b60-dfd0-4dfa-8f88-98506887b81d",
|
||
|
"value": "15e1a1b46c00913f46ae743a75af34a4"
|
||
|
},
|
||
|
{
|
||
|
"category": "Payload delivery",
|
||
|
"comment": "",
|
||
|
"deleted": false,
|
||
|
"disable_correlation": false,
|
||
|
"object_relation": "sha1",
|
||
|
"timestamp": "1643379811",
|
||
|
"to_ids": true,
|
||
|
"type": "sha1",
|
||
|
"uuid": "2bda0f36-fa45-47a0-8a29-4e2a7785d412",
|
||
|
"value": "48433bca2f819da39ea903f95f9d654981c85964"
|
||
|
},
|
||
|
{
|
||
|
"category": "Payload delivery",
|
||
|
"comment": "",
|
||
|
"deleted": false,
|
||
|
"disable_correlation": false,
|
||
|
"object_relation": "sha256",
|
||
|
"timestamp": "1643379811",
|
||
|
"to_ids": true,
|
||
|
"type": "sha256",
|
||
|
"uuid": "d4c32410-4873-40c9-afed-a77ffaba2825",
|
||
|
"value": "fcf2c653d4fb226e561d4e7916a60f4bfb10c0ec83cccbb410e8b206f122dca9"
|
||
|
},
|
||
|
{
|
||
|
"category": "Payload delivery",
|
||
|
"comment": "",
|
||
|
"deleted": false,
|
||
|
"disable_correlation": false,
|
||
|
"object_relation": "sha512",
|
||
|
"timestamp": "1643379811",
|
||
|
"to_ids": true,
|
||
|
"type": "sha512",
|
||
|
"uuid": "6ab7b8df-76d0-4496-a303-4d17454e8e2f",
|
||
|
"value": "c692588d5e8f2a762d5dad71c12650fc977c16105346f0389e5a4dd417b3379eed558586bee9556a6a7a7284b7a99d1ca5d2a11eb7eae168ab844672c4b1d571"
|
||
|
},
|
||
|
{
|
||
|
"category": "Payload delivery",
|
||
|
"comment": "",
|
||
|
"deleted": false,
|
||
|
"disable_correlation": false,
|
||
|
"object_relation": "ssdeep",
|
||
|
"timestamp": "1643379811",
|
||
|
"to_ids": true,
|
||
|
"type": "ssdeep",
|
||
|
"uuid": "6d44d8cb-0ebe-4ecb-b734-2d29d3d7c935",
|
||
|
"value": "1536:3G5NAhVTxV3T9yyA5Gt057Q42YNzmp1Zuw/QDxHniA1jgMRmzW:iNydyyAEt05d2Y1G1inKMUS"
|
||
|
}
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"comment": "",
|
||
|
"deleted": false,
|
||
|
"description": "Object describing a section of an Executable and Linkable Format",
|
||
|
"meta-category": "file",
|
||
|
"name": "elf-section",
|
||
|
"template_uuid": "ca271f32-1234-4e87-b240-6b6e882de5de",
|
||
|
"template_version": "4",
|
||
|
"timestamp": "1643379811",
|
||
|
"uuid": "ff3dbf25-c91a-4c5e-a307-b09140d1e54d",
|
||
|
"Attribute": [
|
||
|
{
|
||
|
"category": "Other",
|
||
|
"comment": "",
|
||
|
"deleted": false,
|
||
|
"disable_correlation": true,
|
||
|
"object_relation": "name",
|
||
|
"timestamp": "1643379811",
|
||
|
"to_ids": false,
|
||
|
"type": "text",
|
||
|
"uuid": "9f097cd3-6289-4d49-b4d2-3b680b236c09",
|
||
|
"value": ".eh_frame"
|
||
|
},
|
||
|
{
|
||
|
"category": "Other",
|
||
|
"comment": "",
|
||
|
"deleted": false,
|
||
|
"disable_correlation": true,
|
||
|
"object_relation": "type",
|
||
|
"timestamp": "1643379811",
|
||
|
"to_ids": false,
|
||
|
"type": "text",
|
||
|
"uuid": "84c2ba1b-e21d-48f7-9b74-b3f3218db733",
|
||
|
"value": "PROGBITS"
|
||
|
},
|
||
|
{
|
||
|
"category": "Other",
|
||
|
"comment": "",
|
||
|
"deleted": false,
|
||
|
"disable_correlation": true,
|
||
|
"object_relation": "flag",
|
||
|
"timestamp": "1643379811",
|
||
|
"to_ids": false,
|
||
|
"type": "text",
|
||
|
"uuid": "04ec7ca6-125a-4eec-af92-4cd5f57b1333",
|
||
|
"value": "ALLOC"
|
||
|
},
|
||
|
{
|
||
|
"category": "Other",
|
||
|
"comment": "",
|
||
|
"deleted": false,
|
||
|
"disable_correlation": true,
|
||
|
"object_relation": "size-in-bytes",
|
||
|
"timestamp": "1643379811",
|
||
|
"to_ids": false,
|
||
|
"type": "size-in-bytes",
|
||
|
"uuid": "41a36bb8-9bec-4cbc-bd9a-9f92d449debf",
|
||
|
"value": "54204"
|
||
|
},
|
||
|
{
|
||
|
"category": "Other",
|
||
|
"comment": "",
|
||
|
"deleted": false,
|
||
|
"disable_correlation": true,
|
||
|
"object_relation": "entropy",
|
||
|
"timestamp": "1643379811",
|
||
|
"to_ids": false,
|
||
|
"type": "float",
|
||
|
"uuid": "3e6a51dc-4e27-435a-a4eb-43148f0e627d",
|
||
|
"value": "5.1471546712778"
|
||
|
},
|
||
|
{
|
||
|
"category": "Payload delivery",
|
||
|
"comment": "",
|
||
|
"deleted": false,
|
||
|
"disable_correlation": false,
|
||
|
"object_relation": "md5",
|
||
|
"timestamp": "1643379811",
|
||
|
"to_ids": true,
|
||
|
"type": "md5",
|
||
|
"uuid": "d102beed-64ae-4b9f-b275-d644fac0d564",
|
||
|
"value": "8c4e86ad4302734d629a3b7f84b02811"
|
||
|
},
|
||
|
{
|
||
|
"category": "Payload delivery",
|
||
|
"comment": "",
|
||
|
"deleted": false,
|
||
|
"disable_correlation": false,
|
||
|
"object_relation": "sha1",
|
||
|
"timestamp": "1643379811",
|
||
|
"to_ids": true,
|
||
|
"type": "sha1",
|
||
|
"uuid": "f1e480f6-4886-46c8-b16a-95be01106c7f",
|
||
|
"value": "b29345eae0424ef48d378c1f9a18c2e646f88de4"
|
||
|
},
|
||
|
{
|
||
|
"category": "Payload delivery",
|
||
|
"comment": "",
|
||
|
"deleted": false,
|
||
|
"disable_correlation": false,
|
||
|
"object_relation": "sha256",
|
||
|
"timestamp": "1643379811",
|
||
|
"to_ids": true,
|
||
|
"type": "sha256",
|
||
|
"uuid": "8d5d64f1-10fa-4f5c-8690-eee7d3ab09ad",
|
||
|
"value": "fb3eed8684e3558e4f1ebc2c93be55ebdb946d30bc40a1798764372d42763fc0"
|
||
|
},
|
||
|
{
|
||
|
"category": "Payload delivery",
|
||
|
"comment": "",
|
||
|
"deleted": false,
|
||
|
"disable_correlation": false,
|
||
|
"object_relation": "sha512",
|
||
|
"timestamp": "1643379811",
|
||
|
"to_ids": true,
|
||
|
"type": "sha512",
|
||
|
"uuid": "195f1fb4-8cb8-433b-9916-6bb886a45b13",
|
||
|
"value": "7560e76d416de1ce7543eb0f65f5c00414c642af401e3d8614dffe934681c71966a1afaf5849053530c198f039491b15015da80b781303198bc4433af708d1c9"
|
||
|
},
|
||
|
{
|
||
|
"category": "Payload delivery",
|
||
|
"comment": "",
|
||
|
"deleted": false,
|
||
|
"disable_correlation": false,
|
||
|
"object_relation": "ssdeep",
|
||
|
"timestamp": "1643379811",
|
||
|
"to_ids": true,
|
||
|
"type": "ssdeep",
|
||
|
"uuid": "282b4545-6187-4256-bdaf-563c788d0937",
|
||
|
"value": "768:SFg9H3xSafgh+5sfYMn8BXy/jbCYY0Y6y:SFgB3LafDKybbXrB"
|
||
|
}
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"comment": "",
|
||
|
"deleted": false,
|
||
|
"description": "Object describing a section of an Executable and Linkable Format",
|
||
|
"meta-category": "file",
|
||
|
"name": "elf-section",
|
||
|
"template_uuid": "ca271f32-1234-4e87-b240-6b6e882de5de",
|
||
|
"template_version": "4",
|
||
|
"timestamp": "1643379811",
|
||
|
"uuid": "0e101d57-1d90-4076-8374-225d56ec15c6",
|
||
|
"Attribute": [
|
||
|
{
|
||
|
"category": "Other",
|
||
|
"comment": "",
|
||
|
"deleted": false,
|
||
|
"disable_correlation": true,
|
||
|
"object_relation": "name",
|
||
|
"timestamp": "1643379811",
|
||
|
"to_ids": false,
|
||
|
"type": "text",
|
||
|
"uuid": "9b97b14a-6d25-41e1-b354-c83509d8539c",
|
||
|
"value": ".gcc_except_table"
|
||
|
},
|
||
|
{
|
||
|
"category": "Other",
|
||
|
"comment": "",
|
||
|
"deleted": false,
|
||
|
"disable_correlation": true,
|
||
|
"object_relation": "type",
|
||
|
"timestamp": "1643379811",
|
||
|
"to_ids": false,
|
||
|
"type": "text",
|
||
|
"uuid": "25e88d7f-a280-482c-a62a-a1ed81b9ab3c",
|
||
|
"value": "PROGBITS"
|
||
|
},
|
||
|
{
|
||
|
"category": "Other",
|
||
|
"comment": "",
|
||
|
"deleted": false,
|
||
|
"disable_correlation": true,
|
||
|
"object_relation": "flag",
|
||
|
"timestamp": "1643379811",
|
||
|
"to_ids": false,
|
||
|
"type": "text",
|
||
|
"uuid": "535270cc-94bd-4a3b-a5bf-2015ccc540af",
|
||
|
"value": "ALLOC"
|
||
|
},
|
||
|
{
|
||
|
"category": "Other",
|
||
|
"comment": "",
|
||
|
"deleted": false,
|
||
|
"disable_correlation": true,
|
||
|
"object_relation": "size-in-bytes",
|
||
|
"timestamp": "1643379811",
|
||
|
"to_ids": false,
|
||
|
"type": "size-in-bytes",
|
||
|
"uuid": "80c33fc1-1644-40aa-8df0-ed9fd16d7827",
|
||
|
"value": "265"
|
||
|
},
|
||
|
{
|
||
|
"category": "Other",
|
||
|
"comment": "",
|
||
|
"deleted": false,
|
||
|
"disable_correlation": true,
|
||
|
"object_relation": "entropy",
|
||
|
"timestamp": "1643379811",
|
||
|
"to_ids": false,
|
||
|
"type": "float",
|
||
|
"uuid": "2b78a5aa-d2b4-4c01-b61c-eaa9e886dafd",
|
||
|
"value": "4.2159746268458"
|
||
|
},
|
||
|
{
|
||
|
"category": "Payload delivery",
|
||
|
"comment": "",
|
||
|
"deleted": false,
|
||
|
"disable_correlation": false,
|
||
|
"object_relation": "md5",
|
||
|
"timestamp": "1643379811",
|
||
|
"to_ids": true,
|
||
|
"type": "md5",
|
||
|
"uuid": "94c4b26c-697c-4840-a476-e5b9c43713c8",
|
||
|
"value": "07cbd76f4ce2496fb561f1355549bd39"
|
||
|
},
|
||
|
{
|
||
|
"category": "Payload delivery",
|
||
|
"comment": "",
|
||
|
"deleted": false,
|
||
|
"disable_correlation": false,
|
||
|
"object_relation": "sha1",
|
||
|
"timestamp": "1643379811",
|
||
|
"to_ids": true,
|
||
|
"type": "sha1",
|
||
|
"uuid": "d8bdcd8b-9481-4dbd-a033-4b13bd49f9eb",
|
||
|
"value": "41bb3fe74080c09fd7213d78fd7a8d9c50a65ba9"
|
||
|
},
|
||
|
{
|
||
|
"category": "Payload delivery",
|
||
|
"comment": "",
|
||
|
"deleted": false,
|
||
|
"disable_correlation": false,
|
||
|
"object_relation": "sha256",
|
||
|
"timestamp": "1643379811",
|
||
|
"to_ids": true,
|
||
|
"type": "sha256",
|
||
|
"uuid": "8ff11f87-640c-45d7-bdad-5a9ceb8e30d7",
|
||
|
"value": "596d5221ea646330c9284c4e867b834b7caea738857f00c9e92cdd0e94a2b257"
|
||
|
},
|
||
|
{
|
||
|
"category": "Payload delivery",
|
||
|
"comment": "",
|
||
|
"deleted": false,
|
||
|
"disable_correlation": false,
|
||
|
"object_relation": "sha512",
|
||
|
"timestamp": "1643379811",
|
||
|
"to_ids": true,
|
||
|
"type": "sha512",
|
||
|
"uuid": "194d62d4-f9c5-412e-8284-4010d647f653",
|
||
|
"value": "89ca53c18286733eff4017a9e05a5cc2439ee213d538a867ef3a8005d64ca6ed877ec4e2ac8b037574baf0db40a7c71a1a324ed9e3b50f3c38360d301df6a720"
|
||
|
},
|
||
|
{
|
||
|
"category": "Payload delivery",
|
||
|
"comment": "",
|
||
|
"deleted": false,
|
||
|
"disable_correlation": false,
|
||
|
"object_relation": "ssdeep",
|
||
|
"timestamp": "1643379811",
|
||
|
"to_ids": true,
|
||
|
"type": "ssdeep",
|
||
|
"uuid": "129f1b75-ecd4-424b-b590-9d4debb2d131",
|
||
|
"value": "6:zM4fH9rsHMER3D07sHFNZNa5tkNm+H5fk0pP7vHg:IuZss4RlNZIqLBpzg"
|
||
|
}
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"comment": "",
|
||
|
"deleted": false,
|
||
|
"description": "Object describing a section of an Executable and Linkable Format",
|
||
|
"meta-category": "file",
|
||
|
"name": "elf-section",
|
||
|
"template_uuid": "ca271f32-1234-4e87-b240-6b6e882de5de",
|
||
|
"template_version": "4",
|
||
|
"timestamp": "1643379811",
|
||
|
"uuid": "388ec59f-5fd6-4ece-b807-951ba9deab10",
|
||
|
"Attribute": [
|
||
|
{
|
||
|
"category": "Other",
|
||
|
"comment": "",
|
||
|
"deleted": false,
|
||
|
"disable_correlation": true,
|
||
|
"object_relation": "name",
|
||
|
"timestamp": "1643379811",
|
||
|
"to_ids": false,
|
||
|
"type": "text",
|
||
|
"uuid": "30630967-20ad-4503-9db3-3898ba23f766",
|
||
|
"value": ".tdata"
|
||
|
},
|
||
|
{
|
||
|
"category": "Other",
|
||
|
"comment": "",
|
||
|
"deleted": false,
|
||
|
"disable_correlation": true,
|
||
|
"object_relation": "type",
|
||
|
"timestamp": "1643379811",
|
||
|
"to_ids": false,
|
||
|
"type": "text",
|
||
|
"uuid": "4df774b7-8b03-464b-b751-7fc1861082ea",
|
||
|
"value": "PROGBITS"
|
||
|
},
|
||
|
{
|
||
|
"category": "Other",
|
||
|
"comment": "",
|
||
|
"deleted": false,
|
||
|
"disable_correlation": true,
|
||
|
"object_relation": "flag",
|
||
|
"timestamp": "1643379811",
|
||
|
"to_ids": false,
|
||
|
"type": "text",
|
||
|
"uuid": "1abb1b9b-0bf9-4b29-ba1c-e5bff014f639",
|
||
|
"value": "TLS"
|
||
|
},
|
||
|
{
|
||
|
"category": "Other",
|
||
|
"comment": "",
|
||
|
"deleted": false,
|
||
|
"disable_correlation": true,
|
||
|
"object_relation": "flag",
|
||
|
"timestamp": "1643379811",
|
||
|
"to_ids": false,
|
||
|
"type": "text",
|
||
|
"uuid": "7d37c6ed-1e43-4e1a-8aba-8fbda0223c7c",
|
||
|
"value": "WRITE"
|
||
|
},
|
||
|
{
|
||
|
"category": "Other",
|
||
|
"comment": "",
|
||
|
"deleted": false,
|
||
|
"disable_correlation": true,
|
||
|
"object_relation": "flag",
|
||
|
"timestamp": "1643379811",
|
||
|
"to_ids": false,
|
||
|
"type": "text",
|
||
|
"uuid": "0b2dee9a-94ca-4703-aa2d-ab6e04b74095",
|
||
|
"value": "ALLOC"
|
||
|
},
|
||
|
{
|
||
|
"category": "Other",
|
||
|
"comment": "",
|
||
|
"deleted": false,
|
||
|
"disable_correlation": true,
|
||
|
"object_relation": "size-in-bytes",
|
||
|
"timestamp": "1643379811",
|
||
|
"to_ids": false,
|
||
|
"type": "size-in-bytes",
|
||
|
"uuid": "a5d69900-a889-4d52-a3c9-391b6e2735db",
|
||
|
"value": "32"
|
||
|
},
|
||
|
{
|
||
|
"category": "Other",
|
||
|
"comment": "",
|
||
|
"deleted": false,
|
||
|
"disable_correlation": true,
|
||
|
"object_relation": "entropy",
|
||
|
"timestamp": "1643379811",
|
||
|
"to_ids": false,
|
||
|
"type": "float",
|
||
|
"uuid": "e9a7bffc-83ad-458b-a644-7bc910b2c2c9",
|
||
|
"value": "1.6564514568588"
|
||
|
},
|
||
|
{
|
||
|
"category": "Payload delivery",
|
||
|
"comment": "",
|
||
|
"deleted": false,
|
||
|
"disable_correlation": false,
|
||
|
"object_relation": "md5",
|
||
|
"timestamp": "1643379811",
|
||
|
"to_ids": true,
|
||
|
"type": "md5",
|
||
|
"uuid": "35d637a8-1425-42bf-be07-bd9aa5206467",
|
||
|
"value": "d8445c6ea509a0cf49285586b5e798d3"
|
||
|
},
|
||
|
{
|
||
|
"category": "Payload delivery",
|
||
|
"comment": "",
|
||
|
"deleted": false,
|
||
|
"disable_correlation": false,
|
||
|
"object_relation": "sha1",
|
||
|
"timestamp": "1643379811",
|
||
|
"to_ids": true,
|
||
|
"type": "sha1",
|
||
|
"uuid": "52b00a8a-042d-41bd-bc53-b72b3c196636",
|
||
|
"value": "9d20affdfec75adee4bbf4f387628a4aa47d6917"
|
||
|
},
|
||
|
{
|
||
|
"category": "Payload delivery",
|
||
|
"comment": "",
|
||
|
"deleted": false,
|
||
|
"disable_correlation": false,
|
||
|
"object_relation": "sha256",
|
||
|
"timestamp": "1643379812",
|
||
|
"to_ids": true,
|
||
|
"type": "sha256",
|
||
|
"uuid": "fc9aa3dc-59f3-4170-950c-047af750f55e",
|
||
|
"value": "8e92fc27dffc21dd34904958c7b11d51bf0c511259a04bcfbc9aa21c05c2f423"
|
||
|
},
|
||
|
{
|
||
|
"category": "Payload delivery",
|
||
|
"comment": "",
|
||
|
"deleted": false,
|
||
|
"disable_correlation": false,
|
||
|
"object_relation": "sha512",
|
||
|
"timestamp": "1643379812",
|
||
|
"to_ids": true,
|
||
|
"type": "sha512",
|
||
|
"uuid": "564dd6e3-354f-4887-9010-f139ef5adf86",
|
||
|
"value": "9153389116697477be8c100dcbbea350b486f5bf869837f05861fdd6b7506b26cc9c516b9de06ed19e0254ceec318d7d2ee2dfcb4e1025bd6cb526a074d7b6b4"
|
||
|
},
|
||
|
{
|
||
|
"category": "Payload delivery",
|
||
|
"comment": "",
|
||
|
"deleted": false,
|
||
|
"disable_correlation": false,
|
||
|
"object_relation": "ssdeep",
|
||
|
"timestamp": "1643379812",
|
||
|
"to_ids": true,
|
||
|
"type": "ssdeep",
|
||
|
"uuid": "4d872ca1-5197-4c7f-9c05-805cdc2bb480",
|
||
|
"value": "3:hlFTlNjlltl8//n:S"
|
||
|
}
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"comment": "",
|
||
|
"deleted": false,
|
||
|
"description": "Object describing a section of an Executable and Linkable Format",
|
||
|
"meta-category": "file",
|
||
|
"name": "elf-section",
|
||
|
"template_uuid": "ca271f32-1234-4e87-b240-6b6e882de5de",
|
||
|
"template_version": "4",
|
||
|
"timestamp": "1643379812",
|
||
|
"uuid": "95a48a4b-e0cd-4ac8-aa65-1616034ddb4e",
|
||
|
"Attribute": [
|
||
|
{
|
||
|
"category": "Other",
|
||
|
"comment": "",
|
||
|
"deleted": false,
|
||
|
"disable_correlation": true,
|
||
|
"object_relation": "name",
|
||
|
"timestamp": "1643379812",
|
||
|
"to_ids": false,
|
||
|
"type": "text",
|
||
|
"uuid": "80a8f8e9-cdea-4670-9261-d1601e6b0950",
|
||
|
"value": ".tbss"
|
||
|
},
|
||
|
{
|
||
|
"category": "Other",
|
||
|
"comment": "",
|
||
|
"deleted": false,
|
||
|
"disable_correlation": true,
|
||
|
"object_relation": "type",
|
||
|
"timestamp": "1643379812",
|
||
|
"to_ids": false,
|
||
|
"type": "text",
|
||
|
"uuid": "fc0fa68c-0d03-4128-9796-924a24d787d9",
|
||
|
"value": "NOBITS"
|
||
|
},
|
||
|
{
|
||
|
"category": "Other",
|
||
|
"comment": "",
|
||
|
"deleted": false,
|
||
|
"disable_correlation": true,
|
||
|
"object_relation": "flag",
|
||
|
"timestamp": "1643379812",
|
||
|
"to_ids": false,
|
||
|
"type": "text",
|
||
|
"uuid": "8e758b88-da99-4ada-8647-e88938690f01",
|
||
|
"value": "TLS"
|
||
|
},
|
||
|
{
|
||
|
"category": "Other",
|
||
|
"comment": "",
|
||
|
"deleted": false,
|
||
|
"disable_correlation": true,
|
||
|
"object_relation": "flag",
|
||
|
"timestamp": "1643379812",
|
||
|
"to_ids": false,
|
||
|
"type": "text",
|
||
|
"uuid": "ad4a8188-dcc7-4b5a-99e6-a4a9e6cac9e3",
|
||
|
"value": "WRITE"
|
||
|
},
|
||
|
{
|
||
|
"category": "Other",
|
||
|
"comment": "",
|
||
|
"deleted": false,
|
||
|
"disable_correlation": true,
|
||
|
"object_relation": "flag",
|
||
|
"timestamp": "1643379812",
|
||
|
"to_ids": false,
|
||
|
"type": "text",
|
||
|
"uuid": "6dbc19fd-8570-4dcb-a3f1-9f9009311aae",
|
||
|
"value": "ALLOC"
|
||
|
},
|
||
|
{
|
||
|
"category": "Other",
|
||
|
"comment": "",
|
||
|
"deleted": false,
|
||
|
"disable_correlation": true,
|
||
|
"object_relation": "size-in-bytes",
|
||
|
"timestamp": "1643379812",
|
||
|
"to_ids": false,
|
||
|
"type": "size-in-bytes",
|
||
|
"uuid": "d5ed7fab-519e-42fd-920a-b34ca20f6cde",
|
||
|
"value": "88"
|
||
|
},
|
||
|
{
|
||
|
"category": "Other",
|
||
|
"comment": "",
|
||
|
"deleted": false,
|
||
|
"disable_correlation": true,
|
||
|
"object_relation": "entropy",
|
||
|
"timestamp": "1643379812",
|
||
|
"to_ids": false,
|
||
|
"type": "float",
|
||
|
"uuid": "8eb76f65-46a3-41e4-bdee-06950dffe3ac",
|
||
|
"value": "2.1027882315262"
|
||
|
},
|
||
|
{
|
||
|
"category": "Payload delivery",
|
||
|
"comment": "",
|
||
|
"deleted": false,
|
||
|
"disable_correlation": false,
|
||
|
"object_relation": "md5",
|
||
|
"timestamp": "1643379812",
|
||
|
"to_ids": true,
|
||
|
"type": "md5",
|
||
|
"uuid": "266eb1c1-550d-43d7-9040-689879925edf",
|
||
|
"value": "07310210869280f3b8d93637b67fec13"
|
||
|
},
|
||
|
{
|
||
|
"category": "Payload delivery",
|
||
|
"comment": "",
|
||
|
"deleted": false,
|
||
|
"disable_correlation": false,
|
||
|
"object_relation": "sha1",
|
||
|
"timestamp": "1643379812",
|
||
|
"to_ids": true,
|
||
|
"type": "sha1",
|
||
|
"uuid": "a9a70bf6-6408-4753-9817-5e37c9199fac",
|
||
|
"value": "9a21a82ee47d2744a5ef3b622a60d48d6a3ea8a3"
|
||
|
},
|
||
|
{
|
||
|
"category": "Payload delivery",
|
||
|
"comment": "",
|
||
|
"deleted": false,
|
||
|
"disable_correlation": false,
|
||
|
"object_relation": "sha256",
|
||
|
"timestamp": "1643379812",
|
||
|
"to_ids": true,
|
||
|
"type": "sha256",
|
||
|
"uuid": "a90be2fc-a6a1-45a9-ba0f-f6f8ff0222d0",
|
||
|
"value": "549004bb6535c38518491cf2d132bc07306edf56e62ee50dfee46a60661404eb"
|
||
|
},
|
||
|
{
|
||
|
"category": "Payload delivery",
|
||
|
"comment": "",
|
||
|
"deleted": false,
|
||
|
"disable_correlation": false,
|
||
|
"object_relation": "sha512",
|
||
|
"timestamp": "1643379812",
|
||
|
"to_ids": true,
|
||
|
"type": "sha512",
|
||
|
"uuid": "3183bc51-987b-4da7-98d7-3c14d41ddce2",
|
||
|
"value": "0f5666d1a3476d57d0e8b97602acee9943d00446785868da9b470f441574ad88d29adb314fe8c1c65f0efeee2dfe7d26818342d73bdd7c1d62457d993b81163f"
|
||
|
},
|
||
|
{
|
||
|
"category": "Payload delivery",
|
||
|
"comment": "",
|
||
|
"deleted": false,
|
||
|
"disable_correlation": false,
|
||
|
"object_relation": "ssdeep",
|
||
|
"timestamp": "1643379812",
|
||
|
"to_ids": true,
|
||
|
"type": "ssdeep",
|
||
|
"uuid": "739d4b8f-a371-4b7e-a0fc-185590a3c15f",
|
||
|
"value": "3:ZllNHllt15Hlll/n/lIwerl6lllsXlZ/l:6x6/W1T"
|
||
|
}
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"comment": "",
|
||
|
"deleted": false,
|
||
|
"description": "Object describing a section of an Executable and Linkable Format",
|
||
|
"meta-category": "file",
|
||
|
"name": "elf-section",
|
||
|
"template_uuid": "ca271f32-1234-4e87-b240-6b6e882de5de",
|
||
|
"template_version": "4",
|
||
|
"timestamp": "1643379812",
|
||
|
"uuid": "d3d5cf26-3fb5-422a-b09f-bd5608b748b0",
|
||
|
"Attribute": [
|
||
|
{
|
||
|
"category": "Other",
|
||
|
"comment": "",
|
||
|
"deleted": false,
|
||
|
"disable_correlation": true,
|
||
|
"object_relation": "name",
|
||
|
"timestamp": "1643379812",
|
||
|
"to_ids": false,
|
||
|
"type": "text",
|
||
|
"uuid": "c33806fa-067b-468c-b1f4-82f36720e91f",
|
||
|
"value": ".init_array"
|
||
|
},
|
||
|
{
|
||
|
"category": "Other",
|
||
|
"comment": "",
|
||
|
"deleted": false,
|
||
|
"disable_correlation": true,
|
||
|
"object_relation": "type",
|
||
|
"timestamp": "1643379812",
|
||
|
"to_ids": false,
|
||
|
"type": "text",
|
||
|
"uuid": "070664d0-1e8b-4354-916d-294661168ba3",
|
||
|
"value": "INIT_ARRAY"
|
||
|
},
|
||
|
{
|
||
|
"category": "Other",
|
||
|
"comment": "",
|
||
|
"deleted": false,
|
||
|
"disable_correlation": true,
|
||
|
"object_relation": "flag",
|
||
|
"timestamp": "1643379812",
|
||
|
"to_ids": false,
|
||
|
"type": "text",
|
||
|
"uuid": "c756c8bc-ead6-4593-b7b2-4b4195813726",
|
||
|
"value": "WRITE"
|
||
|
},
|
||
|
{
|
||
|
"category": "Other",
|
||
|
"comment": "",
|
||
|
"deleted": false,
|
||
|
"disable_correlation": true,
|
||
|
"object_relation": "flag",
|
||
|
"timestamp": "1643379812",
|
||
|
"to_ids": false,
|
||
|
"type": "text",
|
||
|
"uuid": "70a225ce-129d-4333-8a64-4cddea42c809",
|
||
|
"value": "ALLOC"
|
||
|
},
|
||
|
{
|
||
|
"category": "Other",
|
||
|
"comment": "",
|
||
|
"deleted": false,
|
||
|
"disable_correlation": true,
|
||
|
"object_relation": "size-in-bytes",
|
||
|
"timestamp": "1643379812",
|
||
|
"to_ids": false,
|
||
|
"type": "size-in-bytes",
|
||
|
"uuid": "28e82157-3a47-4a58-8ee8-cc97702d5c6f",
|
||
|
"value": "16"
|
||
|
},
|
||
|
{
|
||
|
"category": "Other",
|
||
|
"comment": "",
|
||
|
"deleted": false,
|
||
|
"disable_correlation": true,
|
||
|
"object_relation": "entropy",
|
||
|
"timestamp": "1643379812",
|
||
|
"to_ids": false,
|
||
|
"type": "float",
|
||
|
"uuid": "e220c0a7-dcd9-44e9-ad0f-98b2e5eb4068",
|
||
|
"value": "1.7987949406954"
|
||
|
},
|
||
|
{
|
||
|
"category": "Payload delivery",
|
||
|
"comment": "",
|
||
|
"deleted": false,
|
||
|
"disable_correlation": false,
|
||
|
"object_relation": "md5",
|
||
|
"timestamp": "1643379812",
|
||
|
"to_ids": true,
|
||
|
"type": "md5",
|
||
|
"uuid": "b0e0c40c-0110-4adf-875b-a2c72ea6ec59",
|
||
|
"value": "f4f6ed406a4341622b421a3324a0a026"
|
||
|
},
|
||
|
{
|
||
|
"category": "Payload delivery",
|
||
|
"comment": "",
|
||
|
"deleted": false,
|
||
|
"disable_correlation": false,
|
||
|
"object_relation": "sha1",
|
||
|
"timestamp": "1643379812",
|
||
|
"to_ids": true,
|
||
|
"type": "sha1",
|
||
|
"uuid": "7de84109-d7d1-4e44-8dac-9c3ecde6dcc8",
|
||
|
"value": "d13126772e6c15aa390a6f9be53ac912653d1eac"
|
||
|
},
|
||
|
{
|
||
|
"category": "Payload delivery",
|
||
|
"comment": "",
|
||
|
"deleted": false,
|
||
|
"disable_correlation": false,
|
||
|
"object_relation": "sha256",
|
||
|
"timestamp": "1643379812",
|
||
|
"to_ids": true,
|
||
|
"type": "sha256",
|
||
|
"uuid": "f4bd050a-7b30-43e3-980a-d955b3c4502a",
|
||
|
"value": "92d74ac19135504c8094828fb379927613e0d6b277636e0b2a8151ceb8b6bc6d"
|
||
|
},
|
||
|
{
|
||
|
"category": "Payload delivery",
|
||
|
"comment": "",
|
||
|
"deleted": false,
|
||
|
"disable_correlation": false,
|
||
|
"object_relation": "sha512",
|
||
|
"timestamp": "1643379812",
|
||
|
"to_ids": true,
|
||
|
"type": "sha512",
|
||
|
"uuid": "3d67c618-4f28-4dcc-9d83-c1d669fde2c1",
|
||
|
"value": "9bc8206330bba2adcc4cc598dfcf5d0d557cb37efbc66368f9c2de19aaf0554c6cc4cd678404d0bcf2498bb23e7c218e97ccc246d0f126a622205e28c2641ff7"
|
||
|
},
|
||
|
{
|
||
|
"category": "Payload delivery",
|
||
|
"comment": "",
|
||
|
"deleted": false,
|
||
|
"disable_correlation": false,
|
||
|
"object_relation": "ssdeep",
|
||
|
"timestamp": "1643379812",
|
||
|
"to_ids": true,
|
||
|
"type": "ssdeep",
|
||
|
"uuid": "90dd5c16-67b9-418c-a40d-c1a83f66de39",
|
||
|
"value": "3:ZllNHlltn:h"
|
||
|
}
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"comment": "",
|
||
|
"deleted": false,
|
||
|
"description": "Object describing a section of an Executable and Linkable Format",
|
||
|
"meta-category": "file",
|
||
|
"name": "elf-section",
|
||
|
"template_uuid": "ca271f32-1234-4e87-b240-6b6e882de5de",
|
||
|
"template_version": "4",
|
||
|
"timestamp": "1643379812",
|
||
|
"uuid": "5ae76e6a-5bde-49ff-ae62-7a7a4f52aaa9",
|
||
|
"Attribute": [
|
||
|
{
|
||
|
"category": "Other",
|
||
|
"comment": "",
|
||
|
"deleted": false,
|
||
|
"disable_correlation": true,
|
||
|
"object_relation": "name",
|
||
|
"timestamp": "1643379812",
|
||
|
"to_ids": false,
|
||
|
"type": "text",
|
||
|
"uuid": "b1467e5f-7c15-4559-9174-08b0f7d10a51",
|
||
|
"value": ".fini_array"
|
||
|
},
|
||
|
{
|
||
|
"category": "Other",
|
||
|
"comment": "",
|
||
|
"deleted": false,
|
||
|
"disable_correlation": true,
|
||
|
"object_relation": "type",
|
||
|
"timestamp": "1643379812",
|
||
|
"to_ids": false,
|
||
|
"type": "text",
|
||
|
"uuid": "77d8ff70-b701-47a5-beef-898e13f1378f",
|
||
|
"value": "FINI_ARRAY"
|
||
|
},
|
||
|
{
|
||
|
"category": "Other",
|
||
|
"comment": "",
|
||
|
"deleted": false,
|
||
|
"disable_correlation": true,
|
||
|
"object_relation": "flag",
|
||
|
"timestamp": "1643379812",
|
||
|
"to_ids": false,
|
||
|
"type": "text",
|
||
|
"uuid": "cf63f135-2cbf-4cb9-953d-5755bf3f990b",
|
||
|
"value": "WRITE"
|
||
|
},
|
||
|
{
|
||
|
"category": "Other",
|
||
|
"comment": "",
|
||
|
"deleted": false,
|
||
|
"disable_correlation": true,
|
||
|
"object_relation": "flag",
|
||
|
"timestamp": "1643379812",
|
||
|
"to_ids": false,
|
||
|
"type": "text",
|
||
|
"uuid": "65a86f43-0421-4bfa-b289-3910c45efc7b",
|
||
|
"value": "ALLOC"
|
||
|
},
|
||
|
{
|
||
|
"category": "Other",
|
||
|
"comment": "",
|
||
|
"deleted": false,
|
||
|
"disable_correlation": true,
|
||
|
"object_relation": "size-in-bytes",
|
||
|
"timestamp": "1643379812",
|
||
|
"to_ids": false,
|
||
|
"type": "size-in-bytes",
|
||
|
"uuid": "85401a12-f82d-48cf-8fa8-c275600b9d8c",
|
||
|
"value": "16"
|
||
|
},
|
||
|
{
|
||
|
"category": "Other",
|
||
|
"comment": "",
|
||
|
"deleted": false,
|
||
|
"disable_correlation": true,
|
||
|
"object_relation": "entropy",
|
||
|
"timestamp": "1643379812",
|
||
|
"to_ids": false,
|
||
|
"type": "float",
|
||
|
"uuid": "0721ca2a-283f-46db-9027-d4688518b2e7",
|
||
|
"value": "1.7987949406954"
|
||
|
},
|
||
|
{
|
||
|
"category": "Payload delivery",
|
||
|
"comment": "",
|
||
|
"deleted": false,
|
||
|
"disable_correlation": false,
|
||
|
"object_relation": "md5",
|
||
|
"timestamp": "1643379812",
|
||
|
"to_ids": true,
|
||
|
"type": "md5",
|
||
|
"uuid": "7fa901cc-66a0-4bb7-ad7b-4339a393b476",
|
||
|
"value": "7f55249ca89e16bbd67cd2212c30887b"
|
||
|
},
|
||
|
{
|
||
|
"category": "Payload delivery",
|
||
|
"comment": "",
|
||
|
"deleted": false,
|
||
|
"disable_correlation": false,
|
||
|
"object_relation": "sha1",
|
||
|
"timestamp": "1643379812",
|
||
|
"to_ids": true,
|
||
|
"type": "sha1",
|
||
|
"uuid": "949dca05-700e-42d5-8672-c6d8cdc2089a",
|
||
|
"value": "35c8f139b12692703a6a7335fe6d2665d8279d35"
|
||
|
},
|
||
|
{
|
||
|
"category": "Payload delivery",
|
||
|
"comment": "",
|
||
|
"deleted": false,
|
||
|
"disable_correlation": false,
|
||
|
"object_relation": "sha256",
|
||
|
"timestamp": "1643379812",
|
||
|
"to_ids": true,
|
||
|
"type": "sha256",
|
||
|
"uuid": "d21b4bcf-f10a-4bce-acfa-0a8fa8e65a57",
|
||
|
"value": "14e4a7583adbec3dea25604af97108567213271b44ba0728901dfb1b7fe69d44"
|
||
|
},
|
||
|
{
|
||
|
"category": "Payload delivery",
|
||
|
"comment": "",
|
||
|
"deleted": false,
|
||
|
"disable_correlation": false,
|
||
|
"object_relation": "sha512",
|
||
|
"timestamp": "1643379812",
|
||
|
"to_ids": true,
|
||
|
"type": "sha512",
|
||
|
"uuid": "2c2fe12c-f8d1-42fe-a618-52546a060e12",
|
||
|
"value": "f3736cde4c1187e5845bc1a937becfc68e31af62f212f06eb030275be82bdcb983c76cf0856189be384afefd63770bfb4e7e96f316fac87b15714db993182bf2"
|
||
|
},
|
||
|
{
|
||
|
"category": "Payload delivery",
|
||
|
"comment": "",
|
||
|
"deleted": false,
|
||
|
"disable_correlation": false,
|
||
|
"object_relation": "ssdeep",
|
||
|
"timestamp": "1643379812",
|
||
|
"to_ids": true,
|
||
|
"type": "ssdeep",
|
||
|
"uuid": "f220869f-7415-4f77-80bd-ba70fe075ab9",
|
||
|
"value": "3:rHlll/n:h"
|
||
|
}
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"comment": "",
|
||
|
"deleted": false,
|
||
|
"description": "Object describing a section of an Executable and Linkable Format",
|
||
|
"meta-category": "file",
|
||
|
"name": "elf-section",
|
||
|
"template_uuid": "ca271f32-1234-4e87-b240-6b6e882de5de",
|
||
|
"template_version": "4",
|
||
|
"timestamp": "1643379812",
|
||
|
"uuid": "bb1bfb74-9f6f-4449-b874-a765554cc9eb",
|
||
|
"Attribute": [
|
||
|
{
|
||
|
"category": "Other",
|
||
|
"comment": "",
|
||
|
"deleted": false,
|
||
|
"disable_correlation": true,
|
||
|
"object_relation": "name",
|
||
|
"timestamp": "1643379812",
|
||
|
"to_ids": false,
|
||
|
"type": "text",
|
||
|
"uuid": "586d2b40-7482-4e35-81aa-7dc6b23388b2",
|
||
|
"value": ".data.rel.ro"
|
||
|
},
|
||
|
{
|
||
|
"category": "Other",
|
||
|
"comment": "",
|
||
|
"deleted": false,
|
||
|
"disable_correlation": true,
|
||
|
"object_relation": "type",
|
||
|
"timestamp": "1643379812",
|
||
|
"to_ids": false,
|
||
|
"type": "text",
|
||
|
"uuid": "16ee798c-bffe-4b0c-9f9d-77c3146cc4fb",
|
||
|
"value": "PROGBITS"
|
||
|
},
|
||
|
{
|
||
|
"category": "Other",
|
||
|
"comment": "",
|
||
|
"deleted": false,
|
||
|
"disable_correlation": true,
|
||
|
"object_relation": "flag",
|
||
|
"timestamp": "1643379812",
|
||
|
"to_ids": false,
|
||
|
"type": "text",
|
||
|
"uuid": "a98bc1fa-3c47-4a72-a6c6-0da0ba815172",
|
||
|
"value": "WRITE"
|
||
|
},
|
||
|
{
|
||
|
"category": "Other",
|
||
|
"comment": "",
|
||
|
"deleted": false,
|
||
|
"disable_correlation": true,
|
||
|
"object_relation": "flag",
|
||
|
"timestamp": "1643379812",
|
||
|
"to_ids": false,
|
||
|
"type": "text",
|
||
|
"uuid": "19a0f28e-b1d0-40c4-ac9b-be8035122838",
|
||
|
"value": "ALLOC"
|
||
|
},
|
||
|
{
|
||
|
"category": "Other",
|
||
|
"comment": "",
|
||
|
"deleted": false,
|
||
|
"disable_correlation": true,
|
||
|
"object_relation": "size-in-bytes",
|
||
|
"timestamp": "1643379812",
|
||
|
"to_ids": false,
|
||
|
"type": "size-in-bytes",
|
||
|
"uuid": "c59d0bbb-b1f5-44ab-be24-ab3bdf6e8bac",
|
||
|
"value": "11860"
|
||
|
},
|
||
|
{
|
||
|
"category": "Other",
|
||
|
"comment": "",
|
||
|
"deleted": false,
|
||
|
"disable_correlation": true,
|
||
|
"object_relation": "entropy",
|
||
|
"timestamp": "1643379812",
|
||
|
"to_ids": false,
|
||
|
"type": "float",
|
||
|
"uuid": "ed8fe5a8-8a5b-4008-9678-3bc3c73bf622",
|
||
|
"value": "2.582065799178"
|
||
|
},
|
||
|
{
|
||
|
"category": "Payload delivery",
|
||
|
"comment": "",
|
||
|
"deleted": false,
|
||
|
"disable_correlation": false,
|
||
|
"object_relation": "md5",
|
||
|
"timestamp": "1643379812",
|
||
|
"to_ids": true,
|
||
|
"type": "md5",
|
||
|
"uuid": "35f84969-92fe-44df-be53-f8dcd3dbac1a",
|
||
|
"value": "01ab2a7845109b20c8c13f7ac0d613bd"
|
||
|
},
|
||
|
{
|
||
|
"category": "Payload delivery",
|
||
|
"comment": "",
|
||
|
"deleted": false,
|
||
|
"disable_correlation": false,
|
||
|
"object_relation": "sha1",
|
||
|
"timestamp": "1643379812",
|
||
|
"to_ids": true,
|
||
|
"type": "sha1",
|
||
|
"uuid": "208e666b-b529-49d1-bbd8-0b39a6965710",
|
||
|
"value": "f8500332f082a6ad3f5062b957e1045599e94b35"
|
||
|
},
|
||
|
{
|
||
|
"category": "Payload delivery",
|
||
|
"comment": "",
|
||
|
"deleted": false,
|
||
|
"disable_correlation": false,
|
||
|
"object_relation": "sha256",
|
||
|
"timestamp": "1643379812",
|
||
|
"to_ids": true,
|
||
|
"type": "sha256",
|
||
|
"uuid": "053d9028-5f4d-475f-a37d-a7af1c737c32",
|
||
|
"value": "e8e6f19f4d67b220cb12f0c57d6df68a621586b268ef3851fa4330f425389c72"
|
||
|
},
|
||
|
{
|
||
|
"category": "Payload delivery",
|
||
|
"comment": "",
|
||
|
"deleted": false,
|
||
|
"disable_correlation": false,
|
||
|
"object_relation": "sha512",
|
||
|
"timestamp": "1643379812",
|
||
|
"to_ids": true,
|
||
|
"type": "sha512",
|
||
|
"uuid": "6f9ed1ef-f7b9-4d93-ae14-f572c96ae582",
|
||
|
"value": "14faee8f42246cdf660db6a97836fec8c20ee294d6cab6d59a24db8439a367f9d35eca9bef171c0d4aae335cafb31fa7ac2020c4ccffcba163a3a8bc19bfedcb"
|
||
|
},
|
||
|
{
|
||
|
"category": "Payload delivery",
|
||
|
"comment": "",
|
||
|
"deleted": false,
|
||
|
"disable_correlation": false,
|
||
|
"object_relation": "ssdeep",
|
||
|
"timestamp": "1643379812",
|
||
|
"to_ids": true,
|
||
|
"type": "ssdeep",
|
||
|
"uuid": "2ed6a5bb-49ff-4d6a-a292-3da96738061b",
|
||
|
"value": "192:1aQKFKKKKKhZpxRKKKKK2kkkkHIEKKKKKKKKK3KKK5KKTMaKK4QKK3cskMv326Lm:1dKFKKKKKhbHKKKKKijKKKKKKKKK3KKR"
|
||
|
}
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"comment": "",
|
||
|
"deleted": false,
|
||
|
"description": "Object describing a section of an Executable and Linkable Format",
|
||
|
"meta-category": "file",
|
||
|
"name": "elf-section",
|
||
|
"template_uuid": "ca271f32-1234-4e87-b240-6b6e882de5de",
|
||
|
"template_version": "4",
|
||
|
"timestamp": "1643379812",
|
||
|
"uuid": "3f774191-fb1e-457e-9d1c-5bc8ad5454b6",
|
||
|
"Attribute": [
|
||
|
{
|
||
|
"category": "Other",
|
||
|
"comment": "",
|
||
|
"deleted": false,
|
||
|
"disable_correlation": true,
|
||
|
"object_relation": "name",
|
||
|
"timestamp": "1643379812",
|
||
|
"to_ids": false,
|
||
|
"type": "text",
|
||
|
"uuid": "eb78402c-f017-4d5c-ac15-28e716b4a4bc",
|
||
|
"value": ".got"
|
||
|
},
|
||
|
{
|
||
|
"category": "Other",
|
||
|
"comment": "",
|
||
|
"deleted": false,
|
||
|
"disable_correlation": true,
|
||
|
"object_relation": "type",
|
||
|
"timestamp": "1643379812",
|
||
|
"to_ids": false,
|
||
|
"type": "text",
|
||
|
"uuid": "05f1e889-4dfd-465d-b58c-4631023dd6b2",
|
||
|
"value": "PROGBITS"
|
||
|
},
|
||
|
{
|
||
|
"category": "Other",
|
||
|
"comment": "",
|
||
|
"deleted": false,
|
||
|
"disable_correlation": true,
|
||
|
"object_relation": "flag",
|
||
|
"timestamp": "1643379812",
|
||
|
"to_ids": false,
|
||
|
"type": "text",
|
||
|
"uuid": "6cfadf96-3c7f-4aa8-9410-35b6572ea197",
|
||
|
"value": "WRITE"
|
||
|
},
|
||
|
{
|
||
|
"category": "Other",
|
||
|
"comment": "",
|
||
|
"deleted": false,
|
||
|
"disable_correlation": true,
|
||
|
"object_relation": "flag",
|
||
|
"timestamp": "1643379812",
|
||
|
"to_ids": false,
|
||
|
"type": "text",
|
||
|
"uuid": "ec2018ca-086f-4675-9442-617e6c3e15a1",
|
||
|
"value": "ALLOC"
|
||
|
},
|
||
|
{
|
||
|
"category": "Other",
|
||
|
"comment": "",
|
||
|
"deleted": false,
|
||
|
"disable_correlation": true,
|
||
|
"object_relation": "size-in-bytes",
|
||
|
"timestamp": "1643379812",
|
||
|
"to_ids": false,
|
||
|
"type": "size-in-bytes",
|
||
|
"uuid": "e4a6ee16-445e-4484-ba85-13f7b83f3a7b",
|
||
|
"value": "256"
|
||
|
},
|
||
|
{
|
||
|
"category": "Other",
|
||
|
"comment": "",
|
||
|
"deleted": false,
|
||
|
"disable_correlation": true,
|
||
|
"object_relation": "entropy",
|
||
|
"timestamp": "1643379812",
|
||
|
"to_ids": false,
|
||
|
"type": "float",
|
||
|
"uuid": "d5e0266c-58ed-4fb5-96ed-f3dc9057ae76",
|
||
|
"value": "0.51360896470411"
|
||
|
},
|
||
|
{
|
||
|
"category": "Payload delivery",
|
||
|
"comment": "",
|
||
|
"deleted": false,
|
||
|
"disable_correlation": false,
|
||
|
"object_relation": "md5",
|
||
|
"timestamp": "1643379812",
|
||
|
"to_ids": true,
|
||
|
"type": "md5",
|
||
|
"uuid": "94ed2d7c-f3f3-410e-8488-f98731e7bfa7",
|
||
|
"value": "1c8c84187d23ee1c8d68f8417b278aca"
|
||
|
},
|
||
|
{
|
||
|
"category": "Payload delivery",
|
||
|
"comment": "",
|
||
|
"deleted": false,
|
||
|
"disable_correlation": false,
|
||
|
"object_relation": "sha1",
|
||
|
"timestamp": "1643379812",
|
||
|
"to_ids": true,
|
||
|
"type": "sha1",
|
||
|
"uuid": "1d17f67c-34c0-455d-8dda-9097dd02fe2a",
|
||
|
"value": "1bfad37f81b5d6d301446eb49a8deecc23830e97"
|
||
|
},
|
||
|
{
|
||
|
"category": "Payload delivery",
|
||
|
"comment": "",
|
||
|
"deleted": false,
|
||
|
"disable_correlation": false,
|
||
|
"object_relation": "sha256",
|
||
|
"timestamp": "1643379812",
|
||
|
"to_ids": true,
|
||
|
"type": "sha256",
|
||
|
"uuid": "3afd98a9-cbf9-47e7-a3f8-d3403d302dc2",
|
||
|
"value": "1083d59035c57d50e538c7b411d1530dee4a6a547a7ac6fc7f4f20174ac0aa47"
|
||
|
},
|
||
|
{
|
||
|
"category": "Payload delivery",
|
||
|
"comment": "",
|
||
|
"deleted": false,
|
||
|
"disable_correlation": false,
|
||
|
"object_relation": "sha512",
|
||
|
"timestamp": "1643379812",
|
||
|
"to_ids": true,
|
||
|
"type": "sha512",
|
||
|
"uuid": "3517d76f-0094-4670-a014-89b93b1b90c8",
|
||
|
"value": "90c1f9e036cf299ca17a79fbd4d7584ca6f4c7489ad4f095d8ddbcb6768f0efadb5c865a47985401d6a9e4606d8d1be73351fbed273cb659463ec79d9e8d0323"
|
||
|
},
|
||
|
{
|
||
|
"category": "Payload delivery",
|
||
|
"comment": "",
|
||
|
"deleted": false,
|
||
|
"disable_correlation": false,
|
||
|
"object_relation": "ssdeep",
|
||
|
"timestamp": "1643379812",
|
||
|
"to_ids": true,
|
||
|
"type": "ssdeep",
|
||
|
"uuid": "08ff3c5e-5097-4c04-ba48-43b426572cbf",
|
||
|
"value": "3:flvlE/ltE//lvlvlzl:0/"
|
||
|
}
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"comment": "",
|
||
|
"deleted": false,
|
||
|
"description": "Object describing a section of an Executable and Linkable Format",
|
||
|
"meta-category": "file",
|
||
|
"name": "elf-section",
|
||
|
"template_uuid": "ca271f32-1234-4e87-b240-6b6e882de5de",
|
||
|
"template_version": "4",
|
||
|
"timestamp": "1643379812",
|
||
|
"uuid": "2d3fc584-84ff-429e-9894-e892146ce7cb",
|
||
|
"Attribute": [
|
||
|
{
|
||
|
"category": "Other",
|
||
|
"comment": "",
|
||
|
"deleted": false,
|
||
|
"disable_correlation": true,
|
||
|
"object_relation": "name",
|
||
|
"timestamp": "1643379812",
|
||
|
"to_ids": false,
|
||
|
"type": "text",
|
||
|
"uuid": "d66abf31-dfa4-468c-93f5-ca9b442cce1b",
|
||
|
"value": ".got.plt"
|
||
|
},
|
||
|
{
|
||
|
"category": "Other",
|
||
|
"comment": "",
|
||
|
"deleted": false,
|
||
|
"disable_correlation": true,
|
||
|
"object_relation": "type",
|
||
|
"timestamp": "1643379812",
|
||
|
"to_ids": false,
|
||
|
"type": "text",
|
||
|
"uuid": "087341ea-723e-43cd-9902-1a5cb0c9e8d2",
|
||
|
"value": "PROGBITS"
|
||
|
},
|
||
|
{
|
||
|
"category": "Other",
|
||
|
"comment": "",
|
||
|
"deleted": false,
|
||
|
"disable_correlation": true,
|
||
|
"object_relation": "flag",
|
||
|
"timestamp": "1643379812",
|
||
|
"to_ids": false,
|
||
|
"type": "text",
|
||
|
"uuid": "5fddf748-2bac-4461-b867-77ab846ebb7d",
|
||
|
"value": "WRITE"
|
||
|
},
|
||
|
{
|
||
|
"category": "Other",
|
||
|
"comment": "",
|
||
|
"deleted": false,
|
||
|
"disable_correlation": true,
|
||
|
"object_relation": "flag",
|
||
|
"timestamp": "1643379812",
|
||
|
"to_ids": false,
|
||
|
"type": "text",
|
||
|
"uuid": "9294d6f1-2857-434a-91db-81443645b820",
|
||
|
"value": "ALLOC"
|
||
|
},
|
||
|
{
|
||
|
"category": "Other",
|
||
|
"comment": "",
|
||
|
"deleted": false,
|
||
|
"disable_correlation": true,
|
||
|
"object_relation": "size-in-bytes",
|
||
|
"timestamp": "1643379812",
|
||
|
"to_ids": false,
|
||
|
"type": "size-in-bytes",
|
||
|
"uuid": "7838ff94-b8d1-46db-a987-1999b55e8613",
|
||
|
"value": "264"
|
||
|
},
|
||
|
{
|
||
|
"category": "Other",
|
||
|
"comment": "",
|
||
|
"deleted": false,
|
||
|
"disable_correlation": true,
|
||
|
"object_relation": "entropy",
|
||
|
"timestamp": "1643379812",
|
||
|
"to_ids": false,
|
||
|
"type": "float",
|
||
|
"uuid": "df6e6bb0-c886-427f-af13-43ffc7a0b750",
|
||
|
"value": "2.0475746685833"
|
||
|
},
|
||
|
{
|
||
|
"category": "Payload delivery",
|
||
|
"comment": "",
|
||
|
"deleted": false,
|
||
|
"disable_correlation": false,
|
||
|
"object_relation": "md5",
|
||
|
"timestamp": "1643379812",
|
||
|
"to_ids": true,
|
||
|
"type": "md5",
|
||
|
"uuid": "2a263fd2-51fa-4966-a374-286e5b24e1ae",
|
||
|
"value": "3008c9c186720b10ea47fd550a93ab56"
|
||
|
},
|
||
|
{
|
||
|
"category": "Payload delivery",
|
||
|
"comment": "",
|
||
|
"deleted": false,
|
||
|
"disable_correlation": false,
|
||
|
"object_relation": "sha1",
|
||
|
"timestamp": "1643379812",
|
||
|
"to_ids": true,
|
||
|
"type": "sha1",
|
||
|
"uuid": "77fe4be6-c783-4ff9-9341-4563b697e1ae",
|
||
|
"value": "87ff3f0af51fc81afb013c38d9aa5f19921d079a"
|
||
|
},
|
||
|
{
|
||
|
"category": "Payload delivery",
|
||
|
"comment": "",
|
||
|
"deleted": false,
|
||
|
"disable_correlation": false,
|
||
|
"object_relation": "sha256",
|
||
|
"timestamp": "1643379812",
|
||
|
"to_ids": true,
|
||
|
"type": "sha256",
|
||
|
"uuid": "1558c367-9875-4ed9-a7a6-3ee3b800d95d",
|
||
|
"value": "e98f9daa553e024fafbcc340c585b4d4552d2af4ea8e5233b38806e4ecc87ca3"
|
||
|
},
|
||
|
{
|
||
|
"category": "Payload delivery",
|
||
|
"comment": "",
|
||
|
"deleted": false,
|
||
|
"disable_correlation": false,
|
||
|
"object_relation": "sha512",
|
||
|
"timestamp": "1643379812",
|
||
|
"to_ids": true,
|
||
|
"type": "sha512",
|
||
|
"uuid": "9c9aabfe-9ec2-4747-bea1-de0ef03e77b5",
|
||
|
"value": "2d3533d887d56bf7ed77df225eb00e22c085102c5045a2340fd4fb400e50bb27a6427821644e635cfcbfe2d84ddbbafdda248c31a22d62e27298a3e52103774d"
|
||
|
},
|
||
|
{
|
||
|
"category": "Payload delivery",
|
||
|
"comment": "",
|
||
|
"deleted": false,
|
||
|
"disable_correlation": false,
|
||
|
"object_relation": "ssdeep",
|
||
|
"timestamp": "1643379812",
|
||
|
"to_ids": true,
|
||
|
"type": "ssdeep",
|
||
|
"uuid": "94a1e2dc-f835-4e5f-8405-cb05e12251ab",
|
||
|
"value": "3:7xvB9/lJHpvp9/lxHBvx9/lZH5vZ9/lBHRvh9tpHlzvJ9tRHlbvR9t5Hljv59thi:Sl"
|
||
|
}
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"comment": "",
|
||
|
"deleted": false,
|
||
|
"description": "Object describing a section of an Executable and Linkable Format",
|
||
|
"meta-category": "file",
|
||
|
"name": "elf-section",
|
||
|
"template_uuid": "ca271f32-1234-4e87-b240-6b6e882de5de",
|
||
|
"template_version": "4",
|
||
|
"timestamp": "1643379812",
|
||
|
"uuid": "22175547-a96b-4ec3-b03f-26f365d45c71",
|
||
|
"Attribute": [
|
||
|
{
|
||
|
"category": "Other",
|
||
|
"comment": "",
|
||
|
"deleted": false,
|
||
|
"disable_correlation": true,
|
||
|
"object_relation": "name",
|
||
|
"timestamp": "1643379812",
|
||
|
"to_ids": false,
|
||
|
"type": "text",
|
||
|
"uuid": "7e78b316-0ba3-485b-b8c3-6dfa90a5d936",
|
||
|
"value": ".data"
|
||
|
},
|
||
|
{
|
||
|
"category": "Other",
|
||
|
"comment": "",
|
||
|
"deleted": false,
|
||
|
"disable_correlation": true,
|
||
|
"object_relation": "type",
|
||
|
"timestamp": "1643379812",
|
||
|
"to_ids": false,
|
||
|
"type": "text",
|
||
|
"uuid": "a194e241-f582-4a42-8a64-7ca72e08983f",
|
||
|
"value": "PROGBITS"
|
||
|
},
|
||
|
{
|
||
|
"category": "Other",
|
||
|
"comment": "",
|
||
|
"deleted": false,
|
||
|
"disable_correlation": true,
|
||
|
"object_relation": "flag",
|
||
|
"timestamp": "1643379812",
|
||
|
"to_ids": false,
|
||
|
"type": "text",
|
||
|
"uuid": "54500a24-2c51-48fa-8a60-ad5754669f90",
|
||
|
"value": "WRITE"
|
||
|
},
|
||
|
{
|
||
|
"category": "Other",
|
||
|
"comment": "",
|
||
|
"deleted": false,
|
||
|
"disable_correlation": true,
|
||
|
"object_relation": "flag",
|
||
|
"timestamp": "1643379812",
|
||
|
"to_ids": false,
|
||
|
"type": "text",
|
||
|
"uuid": "465434be-2754-4585-8889-67317b058e7d",
|
||
|
"value": "ALLOC"
|
||
|
},
|
||
|
{
|
||
|
"category": "Other",
|
||
|
"comment": "",
|
||
|
"deleted": false,
|
||
|
"disable_correlation": true,
|
||
|
"object_relation": "size-in-bytes",
|
||
|
"timestamp": "1643379812",
|
||
|
"to_ids": false,
|
||
|
"type": "size-in-bytes",
|
||
|
"uuid": "284f205c-b47a-406c-a2e2-9cc18fb718be",
|
||
|
"value": "7024"
|
||
|
},
|
||
|
{
|
||
|
"category": "Other",
|
||
|
"comment": "",
|
||
|
"deleted": false,
|
||
|
"disable_correlation": true,
|
||
|
"object_relation": "entropy",
|
||
|
"timestamp": "1643379812",
|
||
|
"to_ids": false,
|
||
|
"type": "float",
|
||
|
"uuid": "8af208f7-8f42-495e-863f-2518413b5e44",
|
||
|
"value": "1.0430913631884"
|
||
|
},
|
||
|
{
|
||
|
"category": "Payload delivery",
|
||
|
"comment": "",
|
||
|
"deleted": false,
|
||
|
"disable_correlation": false,
|
||
|
"object_relation": "md5",
|
||
|
"timestamp": "1643379812",
|
||
|
"to_ids": true,
|
||
|
"type": "md5",
|
||
|
"uuid": "c0224635-ea0a-4eea-8d73-1f0e384bf41a",
|
||
|
"value": "4c71995c363a73a808d51ba6952987eb"
|
||
|
},
|
||
|
{
|
||
|
"category": "Payload delivery",
|
||
|
"comment": "",
|
||
|
"deleted": false,
|
||
|
"disable_correlation": false,
|
||
|
"object_relation": "sha1",
|
||
|
"timestamp": "1643379813",
|
||
|
"to_ids": true,
|
||
|
"type": "sha1",
|
||
|
"uuid": "cfeeae7d-0653-4e64-9471-231ea2d7db8b",
|
||
|
"value": "182672579f020a410958b0a60b2bbb7a22899c70"
|
||
|
},
|
||
|
{
|
||
|
"category": "Payload delivery",
|
||
|
"comment": "",
|
||
|
"deleted": false,
|
||
|
"disable_correlation": false,
|
||
|
"object_relation": "sha256",
|
||
|
"timestamp": "1643379813",
|
||
|
"to_ids": true,
|
||
|
"type": "sha256",
|
||
|
"uuid": "1b12f7a6-cb97-4eab-9b1b-f48385385699",
|
||
|
"value": "88d32e252213dda69d8ea169fcc70e05b7e43dc898a8ef5cffa2e0bbd66ccfc5"
|
||
|
},
|
||
|
{
|
||
|
"category": "Payload delivery",
|
||
|
"comment": "",
|
||
|
"deleted": false,
|
||
|
"disable_correlation": false,
|
||
|
"object_relation": "sha512",
|
||
|
"timestamp": "1643379813",
|
||
|
"to_ids": true,
|
||
|
"type": "sha512",
|
||
|
"uuid": "d7368c00-daf5-44ea-b3d1-934b7bbabc47",
|
||
|
"value": "6b02e688a0cf960626d1a1ef65618359ba997e153bd1b965ded96b0783ad0dcd957c8bfac6510b6e54e5e5dd99350c8da5ba44b452be6992f451a8000079b9c7"
|
||
|
},
|
||
|
{
|
||
|
"category": "Payload delivery",
|
||
|
"comment": "",
|
||
|
"deleted": false,
|
||
|
"disable_correlation": false,
|
||
|
"object_relation": "ssdeep",
|
||
|
"timestamp": "1643379813",
|
||
|
"to_ids": true,
|
||
|
"type": "ssdeep",
|
||
|
"uuid": "cc8bbe2a-ae2c-4545-8834-7b1b43e4c775",
|
||
|
"value": "12:71+HybSvOH/Yruu8L0WVXsVa+y/HqYWx4ozKjKVCfak1iqE548/X0XaEwHfk1oHH:KLuLRQV47WVCfAOyvmY/mtytmE"
|
||
|
}
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"comment": "",
|
||
|
"deleted": false,
|
||
|
"description": "Object describing a section of an Executable and Linkable Format",
|
||
|
"meta-category": "file",
|
||
|
"name": "elf-section",
|
||
|
"template_uuid": "ca271f32-1234-4e87-b240-6b6e882de5de",
|
||
|
"template_version": "4",
|
||
|
"timestamp": "1643379813",
|
||
|
"uuid": "0cbef961-ea90-4e1f-9f8d-3e4d24f62699",
|
||
|
"Attribute": [
|
||
|
{
|
||
|
"category": "Other",
|
||
|
"comment": "",
|
||
|
"deleted": false,
|
||
|
"disable_correlation": true,
|
||
|
"object_relation": "name",
|
||
|
"timestamp": "1643379813",
|
||
|
"to_ids": false,
|
||
|
"type": "text",
|
||
|
"uuid": "870d8265-d117-4a80-a136-b756ead6473d",
|
||
|
"value": "__libc_subfreeres"
|
||
|
},
|
||
|
{
|
||
|
"category": "Other",
|
||
|
"comment": "",
|
||
|
"deleted": false,
|
||
|
"disable_correlation": true,
|
||
|
"object_relation": "type",
|
||
|
"timestamp": "1643379813",
|
||
|
"to_ids": false,
|
||
|
"type": "text",
|
||
|
"uuid": "1148fa2b-8476-4b05-a8bc-23cf0f2cd26e",
|
||
|
"value": "PROGBITS"
|
||
|
},
|
||
|
{
|
||
|
"category": "Other",
|
||
|
"comment": "",
|
||
|
"deleted": false,
|
||
|
"disable_correlation": true,
|
||
|
"object_relation": "flag",
|
||
|
"timestamp": "1643379813",
|
||
|
"to_ids": false,
|
||
|
"type": "text",
|
||
|
"uuid": "cf77475c-6230-440a-ac54-4e49c51e450d",
|
||
|
"value": "WRITE"
|
||
|
},
|
||
|
{
|
||
|
"category": "Other",
|
||
|
"comment": "",
|
||
|
"deleted": false,
|
||
|
"disable_correlation": true,
|
||
|
"object_relation": "flag",
|
||
|
"timestamp": "1643379813",
|
||
|
"to_ids": false,
|
||
|
"type": "text",
|
||
|
"uuid": "eefce197-54de-4809-b2c8-1486a1707d74",
|
||
|
"value": "ALLOC"
|
||
|
},
|
||
|
{
|
||
|
"category": "Other",
|
||
|
"comment": "",
|
||
|
"deleted": false,
|
||
|
"disable_correlation": true,
|
||
|
"object_relation": "size-in-bytes",
|
||
|
"timestamp": "1643379813",
|
||
|
"to_ids": false,
|
||
|
"type": "size-in-bytes",
|
||
|
"uuid": "c356fcd1-08b3-4ab8-8570-7774701103bc",
|
||
|
"value": "88"
|
||
|
},
|
||
|
{
|
||
|
"category": "Other",
|
||
|
"comment": "",
|
||
|
"deleted": false,
|
||
|
"disable_correlation": true,
|
||
|
"object_relation": "entropy",
|
||
|
"timestamp": "1643379813",
|
||
|
"to_ids": false,
|
||
|
"type": "float",
|
||
|
"uuid": "b54dd844-578d-4b4e-9f1d-204eb707758c",
|
||
|
"value": "2.268710941921"
|
||
|
},
|
||
|
{
|
||
|
"category": "Payload delivery",
|
||
|
"comment": "",
|
||
|
"deleted": false,
|
||
|
"disable_correlation": false,
|
||
|
"object_relation": "md5",
|
||
|
"timestamp": "1643379813",
|
||
|
"to_ids": true,
|
||
|
"type": "md5",
|
||
|
"uuid": "3f937952-08d8-4e40-9f21-3f89f7bfe589",
|
||
|
"value": "1bd9d95b91e889015d43a1fae7afb599"
|
||
|
},
|
||
|
{
|
||
|
"category": "Payload delivery",
|
||
|
"comment": "",
|
||
|
"deleted": false,
|
||
|
"disable_correlation": false,
|
||
|
"object_relation": "sha1",
|
||
|
"timestamp": "1643379813",
|
||
|
"to_ids": true,
|
||
|
"type": "sha1",
|
||
|
"uuid": "8e64b275-c0c8-4553-8fbc-8b8ae0ea6a64",
|
||
|
"value": "75d66019e66e2aec613630d5da16a3710d2dd4f6"
|
||
|
},
|
||
|
{
|
||
|
"category": "Payload delivery",
|
||
|
"comment": "",
|
||
|
"deleted": false,
|
||
|
"disable_correlation": false,
|
||
|
"object_relation": "sha256",
|
||
|
"timestamp": "1643379813",
|
||
|
"to_ids": true,
|
||
|
"type": "sha256",
|
||
|
"uuid": "95f8d5c7-8595-470a-a66d-1503a1e47ebc",
|
||
|
"value": "a0170dbd1427eb901b50ebdcfbad77699aee60229fa233e0f68ca994f657dcec"
|
||
|
},
|
||
|
{
|
||
|
"category": "Payload delivery",
|
||
|
"comment": "",
|
||
|
"deleted": false,
|
||
|
"disable_correlation": false,
|
||
|
"object_relation": "sha512",
|
||
|
"timestamp": "1643379813",
|
||
|
"to_ids": true,
|
||
|
"type": "sha512",
|
||
|
"uuid": "24b1d9e1-85c4-4d18-b38a-7eb4542bfd68",
|
||
|
"value": "89fe13f13a7cf3756334b5e2a98b321a6fe461d8a2214f3ab16a71ca82e8053cffb7ceb56d77b984c2a922b552a1ed52c2fa4d8a15a947a1bc7d6768c9a92153"
|
||
|
},
|
||
|
{
|
||
|
"category": "Payload delivery",
|
||
|
"comment": "",
|
||
|
"deleted": false,
|
||
|
"disable_correlation": false,
|
||
|
"object_relation": "ssdeep",
|
||
|
"timestamp": "1643379813",
|
||
|
"to_ids": true,
|
||
|
"type": "ssdeep",
|
||
|
"uuid": "3ed48849-9f5b-46bf-9c5d-58f30506cf5a",
|
||
|
"value": "3:kX44jK/C/i/2l8lu/Ft/n:kXjZ0u/3/n"
|
||
|
}
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"comment": "",
|
||
|
"deleted": false,
|
||
|
"description": "Object describing a section of an Executable and Linkable Format",
|
||
|
"meta-category": "file",
|
||
|
"name": "elf-section",
|
||
|
"template_uuid": "ca271f32-1234-4e87-b240-6b6e882de5de",
|
||
|
"template_version": "4",
|
||
|
"timestamp": "1643379813",
|
||
|
"uuid": "05156594-1bb7-41af-b736-267ad8389d64",
|
||
|
"Attribute": [
|
||
|
{
|
||
|
"category": "Other",
|
||
|
"comment": "",
|
||
|
"deleted": false,
|
||
|
"disable_correlation": true,
|
||
|
"object_relation": "name",
|
||
|
"timestamp": "1643379813",
|
||
|
"to_ids": false,
|
||
|
"type": "text",
|
||
|
"uuid": "d75baec6-c577-4bdc-bc65-9eb6d330dc31",
|
||
|
"value": "__libc_IO_vtables"
|
||
|
},
|
||
|
{
|
||
|
"category": "Other",
|
||
|
"comment": "",
|
||
|
"deleted": false,
|
||
|
"disable_correlation": true,
|
||
|
"object_relation": "type",
|
||
|
"timestamp": "1643379813",
|
||
|
"to_ids": false,
|
||
|
"type": "text",
|
||
|
"uuid": "6e17c22d-d624-47c9-97bf-4de092d0dbb9",
|
||
|
"value": "PROGBITS"
|
||
|
},
|
||
|
{
|
||
|
"category": "Other",
|
||
|
"comment": "",
|
||
|
"deleted": false,
|
||
|
"disable_correlation": true,
|
||
|
"object_relation": "flag",
|
||
|
"timestamp": "1643379813",
|
||
|
"to_ids": false,
|
||
|
"type": "text",
|
||
|
"uuid": "c2899bdc-61c6-47b2-b5a9-92172d54a8d5",
|
||
|
"value": "WRITE"
|
||
|
},
|
||
|
{
|
||
|
"category": "Other",
|
||
|
"comment": "",
|
||
|
"deleted": false,
|
||
|
"disable_correlation": true,
|
||
|
"object_relation": "flag",
|
||
|
"timestamp": "1643379813",
|
||
|
"to_ids": false,
|
||
|
"type": "text",
|
||
|
"uuid": "e6eb5dca-8de4-4a13-94ed-62e245fe493e",
|
||
|
"value": "ALLOC"
|
||
|
},
|
||
|
{
|
||
|
"category": "Other",
|
||
|
"comment": "",
|
||
|
"deleted": false,
|
||
|
"disable_correlation": true,
|
||
|
"object_relation": "size-in-bytes",
|
||
|
"timestamp": "1643379813",
|
||
|
"to_ids": false,
|
||
|
"type": "size-in-bytes",
|
||
|
"uuid": "6617df30-749b-437c-8ad8-2f4545b09793",
|
||
|
"value": "2280"
|
||
|
},
|
||
|
{
|
||
|
"category": "Other",
|
||
|
"comment": "",
|
||
|
"deleted": false,
|
||
|
"disable_correlation": true,
|
||
|
"object_relation": "entropy",
|
||
|
"timestamp": "1643379813",
|
||
|
"to_ids": false,
|
||
|
"type": "float",
|
||
|
"uuid": "34fcbe58-22e1-4464-9280-a1f54b99500d",
|
||
|
"value": "2.2294976354887"
|
||
|
},
|
||
|
{
|
||
|
"category": "Payload delivery",
|
||
|
"comment": "",
|
||
|
"deleted": false,
|
||
|
"disable_correlation": false,
|
||
|
"object_relation": "md5",
|
||
|
"timestamp": "1643379813",
|
||
|
"to_ids": true,
|
||
|
"type": "md5",
|
||
|
"uuid": "53d22076-0e40-40a7-b629-d92a4fadf280",
|
||
|
"value": "ed1d48ef4103b6afcab39d66e62ef738"
|
||
|
},
|
||
|
{
|
||
|
"category": "Payload delivery",
|
||
|
"comment": "",
|
||
|
"deleted": false,
|
||
|
"disable_correlation": false,
|
||
|
"object_relation": "sha1",
|
||
|
"timestamp": "1643379813",
|
||
|
"to_ids": true,
|
||
|
"type": "sha1",
|
||
|
"uuid": "d5829deb-3440-41bc-a2c1-3c81fdb2c6bf",
|
||
|
"value": "8af062dde822380f0be1cdfbea4de73c24d2f76c"
|
||
|
},
|
||
|
{
|
||
|
"category": "Payload delivery",
|
||
|
"comment": "",
|
||
|
"deleted": false,
|
||
|
"disable_correlation": false,
|
||
|
"object_relation": "sha256",
|
||
|
"timestamp": "1643379813",
|
||
|
"to_ids": true,
|
||
|
"type": "sha256",
|
||
|
"uuid": "ae9f0ca6-eec0-4212-8d8b-4adcd5aa27ac",
|
||
|
"value": "35c8c325bee01068b3708d272f8d15a202b74b3f02019238fbc4d04ade1eff7e"
|
||
|
},
|
||
|
{
|
||
|
"category": "Payload delivery",
|
||
|
"comment": "",
|
||
|
"deleted": false,
|
||
|
"disable_correlation": false,
|
||
|
"object_relation": "sha512",
|
||
|
"timestamp": "1643379813",
|
||
|
"to_ids": true,
|
||
|
"type": "sha512",
|
||
|
"uuid": "1613bf56-0747-4801-a368-edd1b136f069",
|
||
|
"value": "5fdb768539ca49508187fc019589a13cdc17daea06ded6ee7f948d2a3cf3dc36c38dcbd2f80849b61ed4398f449774410559694b7aa980ad25c3fb4e0eccfd9c"
|
||
|
},
|
||
|
{
|
||
|
"category": "Payload delivery",
|
||
|
"comment": "",
|
||
|
"deleted": false,
|
||
|
"disable_correlation": false,
|
||
|
"object_relation": "ssdeep",
|
||
|
"timestamp": "1643379813",
|
||
|
"to_ids": true,
|
||
|
"type": "ssdeep",
|
||
|
"uuid": "0c27eb70-9bbc-4cc0-9b7f-5eb3c1ba20af",
|
||
|
"value": "24:mO28ThsyHcsyMpsyfcqhsLvosw5sGothh7dCG:u8Th3c8pkqhQvof5ethh70G"
|
||
|
}
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"comment": "",
|
||
|
"deleted": false,
|
||
|
"description": "Object describing a section of an Executable and Linkable Format",
|
||
|
"meta-category": "file",
|
||
|
"name": "elf-section",
|
||
|
"template_uuid": "ca271f32-1234-4e87-b240-6b6e882de5de",
|
||
|
"template_version": "4",
|
||
|
"timestamp": "1643379813",
|
||
|
"uuid": "0317c886-7db0-4827-a0b8-6dd84576ddb5",
|
||
|
"Attribute": [
|
||
|
{
|
||
|
"category": "Other",
|
||
|
"comment": "",
|
||
|
"deleted": false,
|
||
|
"disable_correlation": true,
|
||
|
"object_relation": "name",
|
||
|
"timestamp": "1643379813",
|
||
|
"to_ids": false,
|
||
|
"type": "text",
|
||
|
"uuid": "60a9886f-de48-4cb3-a01c-5d9b8b7ac3de",
|
||
|
"value": "__libc_atexit"
|
||
|
},
|
||
|
{
|
||
|
"category": "Other",
|
||
|
"comment": "",
|
||
|
"deleted": false,
|
||
|
"disable_correlation": true,
|
||
|
"object_relation": "type",
|
||
|
"timestamp": "1643379813",
|
||
|
"to_ids": false,
|
||
|
"type": "text",
|
||
|
"uuid": "920876ed-348c-4d98-9cc3-ba28f6cc0a9d",
|
||
|
"value": "PROGBITS"
|
||
|
},
|
||
|
{
|
||
|
"category": "Other",
|
||
|
"comment": "",
|
||
|
"deleted": false,
|
||
|
"disable_correlation": true,
|
||
|
"object_relation": "flag",
|
||
|
"timestamp": "1643379813",
|
||
|
"to_ids": false,
|
||
|
"type": "text",
|
||
|
"uuid": "4ae1593e-ed34-433b-8d8f-f0f1de75c347",
|
||
|
"value": "WRITE"
|
||
|
},
|
||
|
{
|
||
|
"category": "Other",
|
||
|
"comment": "",
|
||
|
"deleted": false,
|
||
|
"disable_correlation": true,
|
||
|
"object_relation": "flag",
|
||
|
"timestamp": "1643379813",
|
||
|
"to_ids": false,
|
||
|
"type": "text",
|
||
|
"uuid": "7bf6825f-22aa-4719-81a4-0de9844f614e",
|
||
|
"value": "ALLOC"
|
||
|
},
|
||
|
{
|
||
|
"category": "Other",
|
||
|
"comment": "",
|
||
|
"deleted": false,
|
||
|
"disable_correlation": true,
|
||
|
"object_relation": "size-in-bytes",
|
||
|
"timestamp": "1643379813",
|
||
|
"to_ids": false,
|
||
|
"type": "size-in-bytes",
|
||
|
"uuid": "f13c1fa4-3198-4c9a-9bc4-d1f74b976af0",
|
||
|
"value": "8"
|
||
|
},
|
||
|
{
|
||
|
"category": "Other",
|
||
|
"comment": "",
|
||
|
"deleted": false,
|
||
|
"disable_correlation": true,
|
||
|
"object_relation": "entropy",
|
||
|
"timestamp": "1643379813",
|
||
|
"to_ids": false,
|
||
|
"type": "float",
|
||
|
"uuid": "c9faaa24-39cf-40bc-918d-c1b94c943edf",
|
||
|
"value": "1.5487949406954"
|
||
|
},
|
||
|
{
|
||
|
"category": "Payload delivery",
|
||
|
"comment": "",
|
||
|
"deleted": false,
|
||
|
"disable_correlation": false,
|
||
|
"object_relation": "md5",
|
||
|
"timestamp": "1643379813",
|
||
|
"to_ids": true,
|
||
|
"type": "md5",
|
||
|
"uuid": "a86158a3-b6d3-4604-b486-5ccbadef3558",
|
||
|
"value": "7153176250fb8d700ef6473ea4ceaa30"
|
||
|
},
|
||
|
{
|
||
|
"category": "Payload delivery",
|
||
|
"comment": "",
|
||
|
"deleted": false,
|
||
|
"disable_correlation": false,
|
||
|
"object_relation": "sha1",
|
||
|
"timestamp": "1643379813",
|
||
|
"to_ids": true,
|
||
|
"type": "sha1",
|
||
|
"uuid": "00e507c7-ab20-4a86-bf17-18e2819da277",
|
||
|
"value": "2c8835a16b5f3b197e689ec77009511ca45fe7ec"
|
||
|
},
|
||
|
{
|
||
|
"category": "Payload delivery",
|
||
|
"comment": "",
|
||
|
"deleted": false,
|
||
|
"disable_correlation": false,
|
||
|
"object_relation": "sha256",
|
||
|
"timestamp": "1643379813",
|
||
|
"to_ids": true,
|
||
|
"type": "sha256",
|
||
|
"uuid": "1576ea4a-4ea9-4d1d-9c9f-f8980b1cfae7",
|
||
|
"value": "d76d1afcca1bd77506c5746a7790d6451f008fa563d0856b7904100b4bea4c41"
|
||
|
},
|
||
|
{
|
||
|
"category": "Payload delivery",
|
||
|
"comment": "",
|
||
|
"deleted": false,
|
||
|
"disable_correlation": false,
|
||
|
"object_relation": "sha512",
|
||
|
"timestamp": "1643379813",
|
||
|
"to_ids": true,
|
||
|
"type": "sha512",
|
||
|
"uuid": "afd0f145-faaa-4724-8f31-154a449dcaaa",
|
||
|
"value": "f762990995d926eb6276446d27c9c4fd454cd8fa69ad1f9308a39c20ab43b597ac6d7c24ed6f47180d7ed5e782e7fba56c4228e41232a273a71946cdd33b4f14"
|
||
|
},
|
||
|
{
|
||
|
"category": "Payload delivery",
|
||
|
"comment": "",
|
||
|
"deleted": false,
|
||
|
"disable_correlation": false,
|
||
|
"object_relation": "ssdeep",
|
||
|
"timestamp": "1643379813",
|
||
|
"to_ids": true,
|
||
|
"type": "ssdeep",
|
||
|
"uuid": "01e9c43b-5539-4acb-99a8-27e60450e65e",
|
||
|
"value": "3:4n:4"
|
||
|
}
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"comment": "",
|
||
|
"deleted": false,
|
||
|
"description": "Object describing a section of an Executable and Linkable Format",
|
||
|
"meta-category": "file",
|
||
|
"name": "elf-section",
|
||
|
"template_uuid": "ca271f32-1234-4e87-b240-6b6e882de5de",
|
||
|
"template_version": "4",
|
||
|
"timestamp": "1643379813",
|
||
|
"uuid": "ad40d950-54f9-4ba6-9616-62ec24267483",
|
||
|
"Attribute": [
|
||
|
{
|
||
|
"category": "Other",
|
||
|
"comment": "",
|
||
|
"deleted": false,
|
||
|
"disable_correlation": true,
|
||
|
"object_relation": "name",
|
||
|
"timestamp": "1643379813",
|
||
|
"to_ids": false,
|
||
|
"type": "text",
|
||
|
"uuid": "dd6a309d-3669-44b6-b277-1278a60ed3b1",
|
||
|
"value": ".bss"
|
||
|
},
|
||
|
{
|
||
|
"category": "Other",
|
||
|
"comment": "",
|
||
|
"deleted": false,
|
||
|
"disable_correlation": true,
|
||
|
"object_relation": "type",
|
||
|
"timestamp": "1643379813",
|
||
|
"to_ids": false,
|
||
|
"type": "text",
|
||
|
"uuid": "c75f4091-5565-4e57-a952-637072190e1d",
|
||
|
"value": "NOBITS"
|
||
|
},
|
||
|
{
|
||
|
"category": "Other",
|
||
|
"comment": "",
|
||
|
"deleted": false,
|
||
|
"disable_correlation": true,
|
||
|
"object_relation": "flag",
|
||
|
"timestamp": "1643379813",
|
||
|
"to_ids": false,
|
||
|
"type": "text",
|
||
|
"uuid": "ffcdb95a-b76d-47bc-8708-5c9f2a6ae54d",
|
||
|
"value": "WRITE"
|
||
|
},
|
||
|
{
|
||
|
"category": "Other",
|
||
|
"comment": "",
|
||
|
"deleted": false,
|
||
|
"disable_correlation": true,
|
||
|
"object_relation": "flag",
|
||
|
"timestamp": "1643379813",
|
||
|
"to_ids": false,
|
||
|
"type": "text",
|
||
|
"uuid": "99439c4d-c8f5-448b-87da-20745fb9d9b4",
|
||
|
"value": "ALLOC"
|
||
|
},
|
||
|
{
|
||
|
"category": "Other",
|
||
|
"comment": "",
|
||
|
"deleted": false,
|
||
|
"disable_correlation": true,
|
||
|
"object_relation": "size-in-bytes",
|
||
|
"timestamp": "1643379813",
|
||
|
"to_ids": false,
|
||
|
"type": "size-in-bytes",
|
||
|
"uuid": "b1604d6a-bcd0-43fc-8415-3517527e7868",
|
||
|
"value": "25856"
|
||
|
},
|
||
|
{
|
||
|
"category": "Other",
|
||
|
"comment": "",
|
||
|
"deleted": false,
|
||
|
"disable_correlation": true,
|
||
|
"object_relation": "entropy",
|
||
|
"timestamp": "1643379813",
|
||
|
"to_ids": false,
|
||
|
"type": "float",
|
||
|
"uuid": "8572480c-0edf-4fe9-9456-cf9f6158b519",
|
||
|
"value": "4.9527559123953"
|
||
|
},
|
||
|
{
|
||
|
"category": "Payload delivery",
|
||
|
"comment": "",
|
||
|
"deleted": false,
|
||
|
"disable_correlation": false,
|
||
|
"object_relation": "md5",
|
||
|
"timestamp": "1643379813",
|
||
|
"to_ids": true,
|
||
|
"type": "md5",
|
||
|
"uuid": "cb418769-42b5-494b-9825-7659928c0f90",
|
||
|
"value": "5fb32084f0356363c02c7f7b2fb0b500"
|
||
|
},
|
||
|
{
|
||
|
"category": "Payload delivery",
|
||
|
"comment": "",
|
||
|
"deleted": false,
|
||
|
"disable_correlation": false,
|
||
|
"object_relation": "sha1",
|
||
|
"timestamp": "1643379813",
|
||
|
"to_ids": true,
|
||
|
"type": "sha1",
|
||
|
"uuid": "c1baa6c9-c48f-4873-b3d1-dd03014f4896",
|
||
|
"value": "37db4047466a9f3af6ac23bdbd026e391621a519"
|
||
|
},
|
||
|
{
|
||
|
"category": "Payload delivery",
|
||
|
"comment": "",
|
||
|
"deleted": false,
|
||
|
"disable_correlation": false,
|
||
|
"object_relation": "sha256",
|
||
|
"timestamp": "1643379813",
|
||
|
"to_ids": true,
|
||
|
"type": "sha256",
|
||
|
"uuid": "ce38270b-810c-4b82-8ba1-cf5011339522",
|
||
|
"value": "a6edb30315a56060cc170dda408099d2b915109932ceb78497b4724b4d67297c"
|
||
|
},
|
||
|
{
|
||
|
"category": "Payload delivery",
|
||
|
"comment": "",
|
||
|
"deleted": false,
|
||
|
"disable_correlation": false,
|
||
|
"object_relation": "sha512",
|
||
|
"timestamp": "1643379813",
|
||
|
"to_ids": true,
|
||
|
"type": "sha512",
|
||
|
"uuid": "c3ecfb3f-fd80-41f2-8c48-c0f7f54d96ec",
|
||
|
"value": "996b70e518cf54026a8aa8fe7302b21aaf785d5a0cc72249ef1a874b3509e92e45e29178a296f970c114b579570a14cdd7ab2438488f5a689ff1439114ae3ed0"
|
||
|
},
|
||
|
{
|
||
|
"category": "Payload delivery",
|
||
|
"comment": "",
|
||
|
"deleted": false,
|
||
|
"disable_correlation": false,
|
||
|
"object_relation": "ssdeep",
|
||
|
"timestamp": "1643379813",
|
||
|
"to_ids": true,
|
||
|
"type": "ssdeep",
|
||
|
"uuid": "01868bc5-8edd-4a9b-a62b-6340d892f876",
|
||
|
"value": "384:VD6bSde+8gH08xxhinYcLEnkKkDLsyfJxG0f5cJj/1uBxc4OgHE:pCQxrOwkNsoxG0BaQBxc5"
|
||
|
}
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"comment": "",
|
||
|
"deleted": false,
|
||
|
"description": "Object describing a section of an Executable and Linkable Format",
|
||
|
"meta-category": "file",
|
||
|
"name": "elf-section",
|
||
|
"template_uuid": "ca271f32-1234-4e87-b240-6b6e882de5de",
|
||
|
"template_version": "4",
|
||
|
"timestamp": "1643379813",
|
||
|
"uuid": "0f049f52-42a6-42aa-b98f-6e2cb4e57fd3",
|
||
|
"Attribute": [
|
||
|
{
|
||
|
"category": "Other",
|
||
|
"comment": "",
|
||
|
"deleted": false,
|
||
|
"disable_correlation": true,
|
||
|
"object_relation": "name",
|
||
|
"timestamp": "1643379813",
|
||
|
"to_ids": false,
|
||
|
"type": "text",
|
||
|
"uuid": "601bd170-513b-4167-a58b-35c21daacb35",
|
||
|
"value": "__libc_freeres_ptrs"
|
||
|
},
|
||
|
{
|
||
|
"category": "Other",
|
||
|
"comment": "",
|
||
|
"deleted": false,
|
||
|
"disable_correlation": true,
|
||
|
"object_relation": "type",
|
||
|
"timestamp": "1643379813",
|
||
|
"to_ids": false,
|
||
|
"type": "text",
|
||
|
"uuid": "e0cf4a13-a377-40ab-bd79-47457a46b5fe",
|
||
|
"value": "NOBITS"
|
||
|
},
|
||
|
{
|
||
|
"category": "Other",
|
||
|
"comment": "",
|
||
|
"deleted": false,
|
||
|
"disable_correlation": true,
|
||
|
"object_relation": "flag",
|
||
|
"timestamp": "1643379813",
|
||
|
"to_ids": false,
|
||
|
"type": "text",
|
||
|
"uuid": "6bba33e8-76a5-44cf-aad9-8a79ca2212ec",
|
||
|
"value": "WRITE"
|
||
|
},
|
||
|
{
|
||
|
"category": "Other",
|
||
|
"comment": "",
|
||
|
"deleted": false,
|
||
|
"disable_correlation": true,
|
||
|
"object_relation": "flag",
|
||
|
"timestamp": "1643379813",
|
||
|
"to_ids": false,
|
||
|
"type": "text",
|
||
|
"uuid": "2d077bf0-6730-4e4f-8316-23be77aacd92",
|
||
|
"value": "ALLOC"
|
||
|
},
|
||
|
{
|
||
|
"category": "Other",
|
||
|
"comment": "",
|
||
|
"deleted": false,
|
||
|
"disable_correlation": true,
|
||
|
"object_relation": "size-in-bytes",
|
||
|
"timestamp": "1643379813",
|
||
|
"to_ids": false,
|
||
|
"type": "size-in-bytes",
|
||
|
"uuid": "b4f5aba3-4d7b-4317-bba0-ce75eba8b3f5",
|
||
|
"value": "48"
|
||
|
},
|
||
|
{
|
||
|
"category": "Other",
|
||
|
"comment": "",
|
||
|
"deleted": false,
|
||
|
"disable_correlation": true,
|
||
|
"object_relation": "entropy",
|
||
|
"timestamp": "1643379813",
|
||
|
"to_ids": false,
|
||
|
"type": "float",
|
||
|
"uuid": "0b4ce519-5ba9-47cf-a66a-f6c14b235c54",
|
||
|
"value": "3.892022398037"
|
||
|
},
|
||
|
{
|
||
|
"category": "Payload delivery",
|
||
|
"comment": "",
|
||
|
"deleted": false,
|
||
|
"disable_correlation": false,
|
||
|
"object_relation": "md5",
|
||
|
"timestamp": "1643379813",
|
||
|
"to_ids": true,
|
||
|
"type": "md5",
|
||
|
"uuid": "9ff2e1d0-509d-4e7a-a641-27587dcd1b8a",
|
||
|
"value": "301cc0554eb03808eb0705bb65b19541"
|
||
|
},
|
||
|
{
|
||
|
"category": "Payload delivery",
|
||
|
"comment": "",
|
||
|
"deleted": false,
|
||
|
"disable_correlation": false,
|
||
|
"object_relation": "sha1",
|
||
|
"timestamp": "1643379813",
|
||
|
"to_ids": true,
|
||
|
"type": "sha1",
|
||
|
"uuid": "8fe4b966-e0a6-459c-b7fd-d4c1d98962d6",
|
||
|
"value": "de36384981283a3537c5a2ef3a7fe3612e2da9a4"
|
||
|
},
|
||
|
{
|
||
|
"category": "Payload delivery",
|
||
|
"comment": "",
|
||
|
"deleted": false,
|
||
|
"disable_correlation": false,
|
||
|
"object_relation": "sha256",
|
||
|
"timestamp": "1643379813",
|
||
|
"to_ids": true,
|
||
|
"type": "sha256",
|
||
|
"uuid": "a98628e0-915e-4ea8-b6f0-1bdb994eeca2",
|
||
|
"value": "5e19d3b85d4510334a65729801a7e198041b513624804eadfe86bb77aa202ff0"
|
||
|
},
|
||
|
{
|
||
|
"category": "Payload delivery",
|
||
|
"comment": "",
|
||
|
"deleted": false,
|
||
|
"disable_correlation": false,
|
||
|
"object_relation": "sha512",
|
||
|
"timestamp": "1643379813",
|
||
|
"to_ids": true,
|
||
|
"type": "sha512",
|
||
|
"uuid": "2f7a58ed-5287-4eb0-9f7a-e0b91cc11ae2",
|
||
|
"value": "661769b327528b01cb420638171726eb058505468e10c6c3e911fb07d76d89dd19f5dd035c49e1ba870aa25f9cd762a72bc98292f6457c4696815b4a1009aace"
|
||
|
},
|
||
|
{
|
||
|
"category": "Payload delivery",
|
||
|
"comment": "",
|
||
|
"deleted": false,
|
||
|
"disable_correlation": false,
|
||
|
"object_relation": "ssdeep",
|
||
|
"timestamp": "1643379813",
|
||
|
"to_ids": true,
|
||
|
"type": "ssdeep",
|
||
|
"uuid": "c0aadcfe-c544-487e-abfa-03b8a4614669",
|
||
|
"value": "3:cfwFLFUhbUITMaLbUFmBLl:3FLAx3McR"
|
||
|
}
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"comment": "",
|
||
|
"deleted": false,
|
||
|
"description": "Object describing a section of an Executable and Linkable Format",
|
||
|
"meta-category": "file",
|
||
|
"name": "elf-section",
|
||
|
"template_uuid": "ca271f32-1234-4e87-b240-6b6e882de5de",
|
||
|
"template_version": "4",
|
||
|
"timestamp": "1643379813",
|
||
|
"uuid": "56143abf-cf39-4a32-b7e1-05145c5f4acf",
|
||
|
"Attribute": [
|
||
|
{
|
||
|
"category": "Other",
|
||
|
"comment": "",
|
||
|
"deleted": false,
|
||
|
"disable_correlation": true,
|
||
|
"object_relation": "name",
|
||
|
"timestamp": "1643379813",
|
||
|
"to_ids": false,
|
||
|
"type": "text",
|
||
|
"uuid": "a457ea77-8345-44fa-bcf5-2c228217638f",
|
||
|
"value": ".comment"
|
||
|
},
|
||
|
{
|
||
|
"category": "Other",
|
||
|
"comment": "",
|
||
|
"deleted": false,
|
||
|
"disable_correlation": true,
|
||
|
"object_relation": "type",
|
||
|
"timestamp": "1643379813",
|
||
|
"to_ids": false,
|
||
|
"type": "text",
|
||
|
"uuid": "a144f17b-aa9d-42dd-a839-01e324938ded",
|
||
|
"value": "PROGBITS"
|
||
|
},
|
||
|
{
|
||
|
"category": "Other",
|
||
|
"comment": "",
|
||
|
"deleted": false,
|
||
|
"disable_correlation": true,
|
||
|
"object_relation": "flag",
|
||
|
"timestamp": "1643379813",
|
||
|
"to_ids": false,
|
||
|
"type": "text",
|
||
|
"uuid": "835e0e81-3144-40ce-a6dc-bbd73c7079ea",
|
||
|
"value": "MERGE"
|
||
|
},
|
||
|
{
|
||
|
"category": "Other",
|
||
|
"comment": "",
|
||
|
"deleted": false,
|
||
|
"disable_correlation": true,
|
||
|
"object_relation": "flag",
|
||
|
"timestamp": "1643379813",
|
||
|
"to_ids": false,
|
||
|
"type": "text",
|
||
|
"uuid": "6b5e059e-e965-444a-986d-d8ff227140c5",
|
||
|
"value": "STRINGS"
|
||
|
},
|
||
|
{
|
||
|
"category": "Other",
|
||
|
"comment": "",
|
||
|
"deleted": false,
|
||
|
"disable_correlation": true,
|
||
|
"object_relation": "size-in-bytes",
|
||
|
"timestamp": "1643379813",
|
||
|
"to_ids": false,
|
||
|
"type": "size-in-bytes",
|
||
|
"uuid": "f0cc4987-a6a6-4e1a-8c3b-531a9b93b57a",
|
||
|
"value": "39"
|
||
|
},
|
||
|
{
|
||
|
"category": "Other",
|
||
|
"comment": "",
|
||
|
"deleted": false,
|
||
|
"disable_correlation": true,
|
||
|
"object_relation": "entropy",
|
||
|
"timestamp": "1643379813",
|
||
|
"to_ids": false,
|
||
|
"type": "float",
|
||
|
"uuid": "292a515d-5336-42b0-9c1e-d6abde44a4b6",
|
||
|
"value": "3.8171682463279"
|
||
|
},
|
||
|
{
|
||
|
"category": "Payload delivery",
|
||
|
"comment": "",
|
||
|
"deleted": false,
|
||
|
"disable_correlation": false,
|
||
|
"object_relation": "md5",
|
||
|
"timestamp": "1643379813",
|
||
|
"to_ids": true,
|
||
|
"type": "md5",
|
||
|
"uuid": "bbb4d34e-d9fb-466f-84bd-d22676a708c6",
|
||
|
"value": "060ee9719872cacdcfc1d1d7d62630cd"
|
||
|
},
|
||
|
{
|
||
|
"category": "Payload delivery",
|
||
|
"comment": "",
|
||
|
"deleted": false,
|
||
|
"disable_correlation": false,
|
||
|
"object_relation": "sha1",
|
||
|
"timestamp": "1643379813",
|
||
|
"to_ids": true,
|
||
|
"type": "sha1",
|
||
|
"uuid": "b4a6da24-346a-4f3a-99ef-0e1e93cc7241",
|
||
|
"value": "31dde06263e9efd9c38263e97ecf973572a14dd8"
|
||
|
},
|
||
|
{
|
||
|
"category": "Payload delivery",
|
||
|
"comment": "",
|
||
|
"deleted": false,
|
||
|
"disable_correlation": false,
|
||
|
"object_relation": "sha256",
|
||
|
"timestamp": "1643379813",
|
||
|
"to_ids": true,
|
||
|
"type": "sha256",
|
||
|
"uuid": "54f27d08-b8f5-4bc8-a784-f42d3450ddcc",
|
||
|
"value": "b0b5eb242adf04205862f7138af0b804dae204bde28316e127beb1b56c0f44d3"
|
||
|
},
|
||
|
{
|
||
|
"category": "Payload delivery",
|
||
|
"comment": "",
|
||
|
"deleted": false,
|
||
|
"disable_correlation": false,
|
||
|
"object_relation": "sha512",
|
||
|
"timestamp": "1643379813",
|
||
|
"to_ids": true,
|
||
|
"type": "sha512",
|
||
|
"uuid": "fdde98d0-6c52-45fc-a562-b4ec90c524fa",
|
||
|
"value": "7b2b6b7fa80f3d123512f63c15fa977eb74eff09969e021c501f2f8118c14d891586d925bcb92e449db6b3d00f5a8be0061684c6bfec4a279d56562b6948bf9e"
|
||
|
},
|
||
|
{
|
||
|
"category": "Payload delivery",
|
||
|
"comment": "",
|
||
|
"deleted": false,
|
||
|
"disable_correlation": false,
|
||
|
"object_relation": "ssdeep",
|
||
|
"timestamp": "1643379813",
|
||
|
"to_ids": true,
|
||
|
"type": "ssdeep",
|
||
|
"uuid": "ee0ebf46-1b09-41d9-be34-a87e3b1e65e1",
|
||
|
"value": "3:cfwFLFUhbUITMaLbUFmBl:3FLAx3Mcl"
|
||
|
}
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"comment": "",
|
||
|
"deleted": false,
|
||
|
"description": "Object describing a section of an Executable and Linkable Format",
|
||
|
"meta-category": "file",
|
||
|
"name": "elf-section",
|
||
|
"template_uuid": "ca271f32-1234-4e87-b240-6b6e882de5de",
|
||
|
"template_version": "4",
|
||
|
"timestamp": "1643379813",
|
||
|
"uuid": "0e9e6b1b-69d5-4188-b72c-2736a564e607",
|
||
|
"Attribute": [
|
||
|
{
|
||
|
"category": "Other",
|
||
|
"comment": "",
|
||
|
"deleted": false,
|
||
|
"disable_correlation": true,
|
||
|
"object_relation": "name",
|
||
|
"timestamp": "1643379813",
|
||
|
"to_ids": false,
|
||
|
"type": "text",
|
||
|
"uuid": "3c35d2df-3015-44a1-98c5-a6af9406d2f0",
|
||
|
"value": ".debug_aranges"
|
||
|
},
|
||
|
{
|
||
|
"category": "Other",
|
||
|
"comment": "",
|
||
|
"deleted": false,
|
||
|
"disable_correlation": true,
|
||
|
"object_relation": "type",
|
||
|
"timestamp": "1643379813",
|
||
|
"to_ids": false,
|
||
|
"type": "text",
|
||
|
"uuid": "6d2bd8bd-68f9-48e7-a4df-b4e35aaeda62",
|
||
|
"value": "PROGBITS"
|
||
|
},
|
||
|
{
|
||
|
"category": "Other",
|
||
|
"comment": "",
|
||
|
"deleted": false,
|
||
|
"disable_correlation": true,
|
||
|
"object_relation": "size-in-bytes",
|
||
|
"timestamp": "1643379813",
|
||
|
"to_ids": false,
|
||
|
"type": "size-in-bytes",
|
||
|
"uuid": "fd5bfe27-0a1d-406d-94d4-de02fc8f04e0",
|
||
|
"value": "592"
|
||
|
},
|
||
|
{
|
||
|
"category": "Other",
|
||
|
"comment": "",
|
||
|
"deleted": false,
|
||
|
"disable_correlation": true,
|
||
|
"object_relation": "entropy",
|
||
|
"timestamp": "1643379813",
|
||
|
"to_ids": false,
|
||
|
"type": "float",
|
||
|
"uuid": "e21d5611-e68a-4248-a989-36909096714f",
|
||
|
"value": "1.7642294641781"
|
||
|
},
|
||
|
{
|
||
|
"category": "Payload delivery",
|
||
|
"comment": "",
|
||
|
"deleted": false,
|
||
|
"disable_correlation": false,
|
||
|
"object_relation": "md5",
|
||
|
"timestamp": "1643379813",
|
||
|
"to_ids": true,
|
||
|
"type": "md5",
|
||
|
"uuid": "e8351465-d843-4292-b257-5c5bb065fdfa",
|
||
|
"value": "b98f825a216283649d9b26adf2dffaab"
|
||
|
},
|
||
|
{
|
||
|
"category": "Payload delivery",
|
||
|
"comment": "",
|
||
|
"deleted": false,
|
||
|
"disable_correlation": false,
|
||
|
"object_relation": "sha1",
|
||
|
"timestamp": "1643379813",
|
||
|
"to_ids": true,
|
||
|
"type": "sha1",
|
||
|
"uuid": "2004cfc9-39a4-4b52-8233-df3889c5c86f",
|
||
|
"value": "0c33651ddc6a2b31bd56006c76ec754c0588942c"
|
||
|
},
|
||
|
{
|
||
|
"category": "Payload delivery",
|
||
|
"comment": "",
|
||
|
"deleted": false,
|
||
|
"disable_correlation": false,
|
||
|
"object_relation": "sha256",
|
||
|
"timestamp": "1643379813",
|
||
|
"to_ids": true,
|
||
|
"type": "sha256",
|
||
|
"uuid": "b2819b4e-9d45-4397-990d-9a3b27f3fb96",
|
||
|
"value": "ae2a57fe0e5d499db40eceecea2b57b757ce10a175dc8f87cbc514b584939a44"
|
||
|
},
|
||
|
{
|
||
|
"category": "Payload delivery",
|
||
|
"comment": "",
|
||
|
"deleted": false,
|
||
|
"disable_correlation": false,
|
||
|
"object_relation": "sha512",
|
||
|
"timestamp": "1643379813",
|
||
|
"to_ids": true,
|
||
|
"type": "sha512",
|
||
|
"uuid": "a1468ede-049a-4a05-aed3-9b4c843d2d7a",
|
||
|
"value": "0b9458da56eeb15b37962240cddc1c85e7f4719c125bb83ae6202df1a925a9949b5a942f711a864303854c24c4c907b5442244631ba1c021223a6811d8daf44f"
|
||
|
},
|
||
|
{
|
||
|
"category": "Payload delivery",
|
||
|
"comment": "",
|
||
|
"deleted": false,
|
||
|
"disable_correlation": false,
|
||
|
"object_relation": "ssdeep",
|
||
|
"timestamp": "1643379813",
|
||
|
"to_ids": true,
|
||
|
"type": "ssdeep",
|
||
|
"uuid": "fae891e2-591a-46f1-8473-69cc54219c29",
|
||
|
"value": "3:xlttlxllhlXLlRlUlllsz/txlm/X/iX3kplplrXtplllP6RsfR/dlBsNlXvLla/Q:O/WMp/SUl/d/YeFFX0f"
|
||
|
}
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"comment": "",
|
||
|
"deleted": false,
|
||
|
"description": "Object describing a section of an Executable and Linkable Format",
|
||
|
"meta-category": "file",
|
||
|
"name": "elf-section",
|
||
|
"template_uuid": "ca271f32-1234-4e87-b240-6b6e882de5de",
|
||
|
"template_version": "4",
|
||
|
"timestamp": "1643379813",
|
||
|
"uuid": "89bc1d5f-370c-4b63-8b0d-614340ef1ddd",
|
||
|
"Attribute": [
|
||
|
{
|
||
|
"category": "Other",
|
||
|
"comment": "",
|
||
|
"deleted": false,
|
||
|
"disable_correlation": true,
|
||
|
"object_relation": "name",
|
||
|
"timestamp": "1643379813",
|
||
|
"to_ids": false,
|
||
|
"type": "text",
|
||
|
"uuid": "45d6e0a0-4077-41eb-be79-122eb82fb442",
|
||
|
"value": ".debug_info"
|
||
|
},
|
||
|
{
|
||
|
"category": "Other",
|
||
|
"comment": "",
|
||
|
"deleted": false,
|
||
|
"disable_correlation": true,
|
||
|
"object_relation": "type",
|
||
|
"timestamp": "1643379813",
|
||
|
"to_ids": false,
|
||
|
"type": "text",
|
||
|
"uuid": "a4de7b15-0502-4254-9a93-aba2fcaea0c6",
|
||
|
"value": "PROGBITS"
|
||
|
},
|
||
|
{
|
||
|
"category": "Other",
|
||
|
"comment": "",
|
||
|
"deleted": false,
|
||
|
"disable_correlation": true,
|
||
|
"object_relation": "size-in-bytes",
|
||
|
"timestamp": "1643379813",
|
||
|
"to_ids": false,
|
||
|
"type": "size-in-bytes",
|
||
|
"uuid": "6191e200-a990-4c22-860c-b95d7abd0e54",
|
||
|
"value": "36952"
|
||
|
},
|
||
|
{
|
||
|
"category": "Other",
|
||
|
"comment": "",
|
||
|
"deleted": false,
|
||
|
"disable_correlation": true,
|
||
|
"object_relation": "entropy",
|
||
|
"timestamp": "1643379813",
|
||
|
"to_ids": false,
|
||
|
"type": "float",
|
||
|
"uuid": "a438f935-ec61-4f82-a0c4-28e2c2a627de",
|
||
|
"value": "5.0500197744229"
|
||
|
},
|
||
|
{
|
||
|
"category": "Payload delivery",
|
||
|
"comment": "",
|
||
|
"deleted": false,
|
||
|
"disable_correlation": false,
|
||
|
"object_relation": "md5",
|
||
|
"timestamp": "1643379813",
|
||
|
"to_ids": true,
|
||
|
"type": "md5",
|
||
|
"uuid": "dc3830e9-6b97-4d68-a674-8bf081e3e931",
|
||
|
"value": "045fbe4bd619e48f21f0cfcaf57b9e15"
|
||
|
},
|
||
|
{
|
||
|
"category": "Payload delivery",
|
||
|
"comment": "",
|
||
|
"deleted": false,
|
||
|
"disable_correlation": false,
|
||
|
"object_relation": "sha1",
|
||
|
"timestamp": "1643379813",
|
||
|
"to_ids": true,
|
||
|
"type": "sha1",
|
||
|
"uuid": "4724f4a5-3309-4ece-ab36-0f0cb0f41a3d",
|
||
|
"value": "74860dd59db5f595449a706d87cad0c5e37b98b7"
|
||
|
},
|
||
|
{
|
||
|
"category": "Payload delivery",
|
||
|
"comment": "",
|
||
|
"deleted": false,
|
||
|
"disable_correlation": false,
|
||
|
"object_relation": "sha256",
|
||
|
"timestamp": "1643379813",
|
||
|
"to_ids": true,
|
||
|
"type": "sha256",
|
||
|
"uuid": "d8470fef-6cf6-4711-85b4-60015f19a68e",
|
||
|
"value": "ed723a7bcc1d67a2383a6daccb169fd11a77a2082e4fafded8fd5354340ee7cd"
|
||
|
},
|
||
|
{
|
||
|
"category": "Payload delivery",
|
||
|
"comment": "",
|
||
|
"deleted": false,
|
||
|
"disable_correlation": false,
|
||
|
"object_relation": "sha512",
|
||
|
"timestamp": "1643379813",
|
||
|
"to_ids": true,
|
||
|
"type": "sha512",
|
||
|
"uuid": "221fdd39-0266-4430-bf21-1307fa7b9ea8",
|
||
|
"value": "508ba3f6332338a8644dddece3d97cc96ecf2df077781840c1a92e588eb27fdf9da1a0e36067526f75379a546535808593ed859ce3b695f74baf64d47aaf1454"
|
||
|
},
|
||
|
{
|
||
|
"category": "Payload delivery",
|
||
|
"comment": "",
|
||
|
"deleted": false,
|
||
|
"disable_correlation": false,
|
||
|
"object_relation": "ssdeep",
|
||
|
"timestamp": "1643379813",
|
||
|
"to_ids": true,
|
||
|
"type": "ssdeep",
|
||
|
"uuid": "0b00f404-393e-42cd-bf25-ec97e0b61577",
|
||
|
"value": "768:6CQxrOwkNsoxG0BaQBxcp3s7j6TagmDf7Mm2IFm:6ppOPNDDBxtfDf7b2IFm"
|
||
|
}
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"comment": "",
|
||
|
"deleted": false,
|
||
|
"description": "Object describing a section of an Executable and Linkable Format",
|
||
|
"meta-category": "file",
|
||
|
"name": "elf-section",
|
||
|
"template_uuid": "ca271f32-1234-4e87-b240-6b6e882de5de",
|
||
|
"template_version": "4",
|
||
|
"timestamp": "1643379813",
|
||
|
"uuid": "14b7ac86-f365-4e4b-ac83-cff6b629a56d",
|
||
|
"Attribute": [
|
||
|
{
|
||
|
"category": "Other",
|
||
|
"comment": "",
|
||
|
"deleted": false,
|
||
|
"disable_correlation": true,
|
||
|
"object_relation": "name",
|
||
|
"timestamp": "1643379813",
|
||
|
"to_ids": false,
|
||
|
"type": "text",
|
||
|
"uuid": "ad5dd5c9-769a-4072-acf2-25c69bbe5d2c",
|
||
|
"value": ".debug_abbrev"
|
||
|
},
|
||
|
{
|
||
|
"category": "Other",
|
||
|
"comment": "",
|
||
|
"deleted": false,
|
||
|
"disable_correlation": true,
|
||
|
"object_relation": "type",
|
||
|
"timestamp": "1643379814",
|
||
|
"to_ids": false,
|
||
|
"type": "text",
|
||
|
"uuid": "2769000d-290f-45cf-9a03-4785a274184b",
|
||
|
"value": "PROGBITS"
|
||
|
},
|
||
|
{
|
||
|
"category": "Other",
|
||
|
"comment": "",
|
||
|
"deleted": false,
|
||
|
"disable_correlation": true,
|
||
|
"object_relation": "size-in-bytes",
|
||
|
"timestamp": "1643379814",
|
||
|
"to_ids": false,
|
||
|
"type": "size-in-bytes",
|
||
|
"uuid": "e98aa91c-27e2-4be3-b677-eff829c51519",
|
||
|
"value": "7226"
|
||
|
},
|
||
|
{
|
||
|
"category": "Other",
|
||
|
"comment": "",
|
||
|
"deleted": false,
|
||
|
"disable_correlation": true,
|
||
|
"object_relation": "entropy",
|
||
|
"timestamp": "1643379814",
|
||
|
"to_ids": false,
|
||
|
"type": "float",
|
||
|
"uuid": "57f89db9-c760-453b-ac1a-7cae8acad9b4",
|
||
|
"value": "4.8066037375965"
|
||
|
},
|
||
|
{
|
||
|
"category": "Payload delivery",
|
||
|
"comment": "",
|
||
|
"deleted": false,
|
||
|
"disable_correlation": false,
|
||
|
"object_relation": "md5",
|
||
|
"timestamp": "1643379814",
|
||
|
"to_ids": true,
|
||
|
"type": "md5",
|
||
|
"uuid": "71a516ba-e067-4e7a-bb79-119f32402b80",
|
||
|
"value": "5d00ec694ac2134234c8bc7467578dbf"
|
||
|
},
|
||
|
{
|
||
|
"category": "Payload delivery",
|
||
|
"comment": "",
|
||
|
"deleted": false,
|
||
|
"disable_correlation": false,
|
||
|
"object_relation": "sha1",
|
||
|
"timestamp": "1643379814",
|
||
|
"to_ids": true,
|
||
|
"type": "sha1",
|
||
|
"uuid": "ac98940c-6c23-4398-9c32-794a8b2d007b",
|
||
|
"value": "c5a863fe1dde9cd0d8e9eeff732e2ce44da5d57f"
|
||
|
},
|
||
|
{
|
||
|
"category": "Payload delivery",
|
||
|
"comment": "",
|
||
|
"deleted": false,
|
||
|
"disable_correlation": false,
|
||
|
"object_relation": "sha256",
|
||
|
"timestamp": "1643379814",
|
||
|
"to_ids": true,
|
||
|
"type": "sha256",
|
||
|
"uuid": "021d9fda-6145-41ac-96bf-0598bb58143a",
|
||
|
"value": "4ac1ddcde0ddc657785a41acbf30ab2becc1ca9798c6020285a644be9c2414a5"
|
||
|
},
|
||
|
{
|
||
|
"category": "Payload delivery",
|
||
|
"comment": "",
|
||
|
"deleted": false,
|
||
|
"disable_correlation": false,
|
||
|
"object_relation": "sha512",
|
||
|
"timestamp": "1643379814",
|
||
|
"to_ids": true,
|
||
|
"type": "sha512",
|
||
|
"uuid": "c0371e8d-02ed-4ac8-bf8e-389b38948373",
|
||
|
"value": "840312df1852fa7af72d282db2666bbd9e896fde09d6711146274872c587c1f7d3b86e7c00212d68a556e44e775492bd4bfe63351bc19d7206ece04709506cc3"
|
||
|
},
|
||
|
{
|
||
|
"category": "Payload delivery",
|
||
|
"comment": "",
|
||
|
"deleted": false,
|
||
|
"disable_correlation": false,
|
||
|
"object_relation": "ssdeep",
|
||
|
"timestamp": "1643379814",
|
||
|
"to_ids": true,
|
||
|
"type": "ssdeep",
|
||
|
"uuid": "9779d517-4a90-4b8f-ab33-fa9787602576",
|
||
|
"value": "192:Jlf9eNOHMASpEbN9thLYs/HcmE9tau/isU+1N1glf5K38a85EZmsZj+DopVNCClw:JlOvST9PcklxFZE8GbK"
|
||
|
}
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"comment": "",
|
||
|
"deleted": false,
|
||
|
"description": "Object describing a section of an Executable and Linkable Format",
|
||
|
"meta-category": "file",
|
||
|
"name": "elf-section",
|
||
|
"template_uuid": "ca271f32-1234-4e87-b240-6b6e882de5de",
|
||
|
"template_version": "4",
|
||
|
"timestamp": "1643379814",
|
||
|
"uuid": "92326210-9571-44a8-ba88-4ad34b339337",
|
||
|
"Attribute": [
|
||
|
{
|
||
|
"category": "Other",
|
||
|
"comment": "",
|
||
|
"deleted": false,
|
||
|
"disable_correlation": true,
|
||
|
"object_relation": "name",
|
||
|
"timestamp": "1643379814",
|
||
|
"to_ids": false,
|
||
|
"type": "text",
|
||
|
"uuid": "7257058a-e68e-4720-996d-1890f19be2aa",
|
||
|
"value": ".debug_line"
|
||
|
},
|
||
|
{
|
||
|
"category": "Other",
|
||
|
"comment": "",
|
||
|
"deleted": false,
|
||
|
"disable_correlation": true,
|
||
|
"object_relation": "type",
|
||
|
"timestamp": "1643379814",
|
||
|
"to_ids": false,
|
||
|
"type": "text",
|
||
|
"uuid": "687e15fc-c826-4696-836c-712b052ac6d8",
|
||
|
"value": "PROGBITS"
|
||
|
},
|
||
|
{
|
||
|
"category": "Other",
|
||
|
"comment": "",
|
||
|
"deleted": false,
|
||
|
"disable_correlation": true,
|
||
|
"object_relation": "size-in-bytes",
|
||
|
"timestamp": "1643379814",
|
||
|
"to_ids": false,
|
||
|
"type": "size-in-bytes",
|
||
|
"uuid": "843e622f-dc93-4fb6-9a9c-5efc5196edab",
|
||
|
"value": "18273"
|
||
|
},
|
||
|
{
|
||
|
"category": "Other",
|
||
|
"comment": "",
|
||
|
"deleted": false,
|
||
|
"disable_correlation": true,
|
||
|
"object_relation": "entropy",
|
||
|
"timestamp": "1643379814",
|
||
|
"to_ids": false,
|
||
|
"type": "float",
|
||
|
"uuid": "efef6446-f2fd-4879-894c-639c73dfef6f",
|
||
|
"value": "5.50868915771"
|
||
|
},
|
||
|
{
|
||
|
"category": "Payload delivery",
|
||
|
"comment": "",
|
||
|
"deleted": false,
|
||
|
"disable_correlation": false,
|
||
|
"object_relation": "md5",
|
||
|
"timestamp": "1643379814",
|
||
|
"to_ids": true,
|
||
|
"type": "md5",
|
||
|
"uuid": "22b6deb0-0d9e-4d8a-9fdb-e16b2ea5dafb",
|
||
|
"value": "42239062c8f83996d972d4f2a774aeaf"
|
||
|
},
|
||
|
{
|
||
|
"category": "Payload delivery",
|
||
|
"comment": "",
|
||
|
"deleted": false,
|
||
|
"disable_correlation": false,
|
||
|
"object_relation": "sha1",
|
||
|
"timestamp": "1643379814",
|
||
|
"to_ids": true,
|
||
|
"type": "sha1",
|
||
|
"uuid": "df65707a-fe55-4c5b-b593-af242e90de08",
|
||
|
"value": "d5699ba3a7bf79d5274757ec1c7b4c6a029c3833"
|
||
|
},
|
||
|
{
|
||
|
"category": "Payload delivery",
|
||
|
"comment": "",
|
||
|
"deleted": false,
|
||
|
"disable_correlation": false,
|
||
|
"object_relation": "sha256",
|
||
|
"timestamp": "1643379814",
|
||
|
"to_ids": true,
|
||
|
"type": "sha256",
|
||
|
"uuid": "ba61b3cb-5823-47e7-b17e-7a804f171263",
|
||
|
"value": "f152dfc267191bb3ff64806412541af38c083eec6ab7a91a0d214ef8c0af6ad6"
|
||
|
},
|
||
|
{
|
||
|
"category": "Payload delivery",
|
||
|
"comment": "",
|
||
|
"deleted": false,
|
||
|
"disable_correlation": false,
|
||
|
"object_relation": "sha512",
|
||
|
"timestamp": "1643379814",
|
||
|
"to_ids": true,
|
||
|
"type": "sha512",
|
||
|
"uuid": "7aca66ef-1668-4a3c-a546-2f24e0d3bc64",
|
||
|
"value": "b3d14782c2794020d1e19ce1d263971c90e06afc20b2f0442afbb3639cf0f9fe6cf4a6c39c3744e5f1980092588fa2849d9aa179e1dde6643597a76fb00d0d7e"
|
||
|
},
|
||
|
{
|
||
|
"category": "Payload delivery",
|
||
|
"comment": "",
|
||
|
"deleted": false,
|
||
|
"disable_correlation": false,
|
||
|
"object_relation": "ssdeep",
|
||
|
"timestamp": "1643379814",
|
||
|
"to_ids": true,
|
||
|
"type": "ssdeep",
|
||
|
"uuid": "84ec6a23-43a4-4ee6-85c2-416a5add3193",
|
||
|
"value": "384:T1KBLtqwww+o+wAY1ZfjmoElYdo3rWdKd9umqDAroqnIe:Zwswww+o2Y7JwYd8CAnuFErDnx"
|
||
|
}
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"comment": "",
|
||
|
"deleted": false,
|
||
|
"description": "Object describing a section of an Executable and Linkable Format",
|
||
|
"meta-category": "file",
|
||
|
"name": "elf-section",
|
||
|
"template_uuid": "ca271f32-1234-4e87-b240-6b6e882de5de",
|
||
|
"template_version": "4",
|
||
|
"timestamp": "1643379814",
|
||
|
"uuid": "85a572df-42d4-40a0-bd36-e132c4c83790",
|
||
|
"Attribute": [
|
||
|
{
|
||
|
"category": "Other",
|
||
|
"comment": "",
|
||
|
"deleted": false,
|
||
|
"disable_correlation": true,
|
||
|
"object_relation": "name",
|
||
|
"timestamp": "1643379814",
|
||
|
"to_ids": false,
|
||
|
"type": "text",
|
||
|
"uuid": "49b3293f-e19c-42b5-a067-db8bd6a5d0ae",
|
||
|
"value": ".debug_str"
|
||
|
},
|
||
|
{
|
||
|
"category": "Other",
|
||
|
"comment": "",
|
||
|
"deleted": false,
|
||
|
"disable_correlation": true,
|
||
|
"object_relation": "type",
|
||
|
"timestamp": "1643379814",
|
||
|
"to_ids": false,
|
||
|
"type": "text",
|
||
|
"uuid": "a51a8465-bb25-4e0a-ac70-f4f2650766bc",
|
||
|
"value": "PROGBITS"
|
||
|
},
|
||
|
{
|
||
|
"category": "Other",
|
||
|
"comment": "",
|
||
|
"deleted": false,
|
||
|
"disable_correlation": true,
|
||
|
"object_relation": "flag",
|
||
|
"timestamp": "1643379814",
|
||
|
"to_ids": false,
|
||
|
"type": "text",
|
||
|
"uuid": "28cf549a-7767-44e3-96c5-01031af6cd6e",
|
||
|
"value": "MERGE"
|
||
|
},
|
||
|
{
|
||
|
"category": "Other",
|
||
|
"comment": "",
|
||
|
"deleted": false,
|
||
|
"disable_correlation": true,
|
||
|
"object_relation": "flag",
|
||
|
"timestamp": "1643379814",
|
||
|
"to_ids": false,
|
||
|
"type": "text",
|
||
|
"uuid": "473eca9e-df76-46b8-82c0-d549c6ebf3ba",
|
||
|
"value": "STRINGS"
|
||
|
},
|
||
|
{
|
||
|
"category": "Other",
|
||
|
"comment": "",
|
||
|
"deleted": false,
|
||
|
"disable_correlation": true,
|
||
|
"object_relation": "size-in-bytes",
|
||
|
"timestamp": "1643379814",
|
||
|
"to_ids": false,
|
||
|
"type": "size-in-bytes",
|
||
|
"uuid": "f3363f67-6e2c-424c-9c2c-1d35ccb6a1d7",
|
||
|
"value": "8151"
|
||
|
},
|
||
|
{
|
||
|
"category": "Other",
|
||
|
"comment": "",
|
||
|
"deleted": false,
|
||
|
"disable_correlation": true,
|
||
|
"object_relation": "entropy",
|
||
|
"timestamp": "1643379814",
|
||
|
"to_ids": false,
|
||
|
"type": "float",
|
||
|
"uuid": "58c350e6-fa43-4c84-9d37-55fa458c7ac0",
|
||
|
"value": "5.1679424031838"
|
||
|
},
|
||
|
{
|
||
|
"category": "Payload delivery",
|
||
|
"comment": "",
|
||
|
"deleted": false,
|
||
|
"disable_correlation": false,
|
||
|
"object_relation": "md5",
|
||
|
"timestamp": "1643379814",
|
||
|
"to_ids": true,
|
||
|
"type": "md5",
|
||
|
"uuid": "6778f576-7e73-4b67-a4c2-be83ba6d87b1",
|
||
|
"value": "4f6ed43c0bc1d482aa562f3517fc5893"
|
||
|
},
|
||
|
{
|
||
|
"category": "Payload delivery",
|
||
|
"comment": "",
|
||
|
"deleted": false,
|
||
|
"disable_correlation": false,
|
||
|
"object_relation": "sha1",
|
||
|
"timestamp": "1643379814",
|
||
|
"to_ids": true,
|
||
|
"type": "sha1",
|
||
|
"uuid": "09caac13-44dc-4b83-a231-3c9899afcd8e",
|
||
|
"value": "db6795da93c7ec68d3b40d74c6763270fb3c8490"
|
||
|
},
|
||
|
{
|
||
|
"category": "Payload delivery",
|
||
|
"comment": "",
|
||
|
"deleted": false,
|
||
|
"disable_correlation": false,
|
||
|
"object_relation": "sha256",
|
||
|
"timestamp": "1643379814",
|
||
|
"to_ids": true,
|
||
|
"type": "sha256",
|
||
|
"uuid": "9455d959-0da9-4d48-843c-b9c4bf6ede19",
|
||
|
"value": "c780118a92c61e5a72063b2faeb0f0367dc1a654cae01072f5c8c9c71ef96287"
|
||
|
},
|
||
|
{
|
||
|
"category": "Payload delivery",
|
||
|
"comment": "",
|
||
|
"deleted": false,
|
||
|
"disable_correlation": false,
|
||
|
"object_relation": "sha512",
|
||
|
"timestamp": "1643379814",
|
||
|
"to_ids": true,
|
||
|
"type": "sha512",
|
||
|
"uuid": "e900271f-2da6-47c8-bde2-7ecf134db872",
|
||
|
"value": "528cf96cce18a2311836ff31dc4e00a73bdf3c908dcc12a0a8f36b6fe281f144c3c29e7e97228629fd2e9284c388ab1cff750b3af2aca19d98a72c231a5b825e"
|
||
|
},
|
||
|
{
|
||
|
"category": "Payload delivery",
|
||
|
"comment": "",
|
||
|
"deleted": false,
|
||
|
"disable_correlation": false,
|
||
|
"object_relation": "ssdeep",
|
||
|
"timestamp": "1643379814",
|
||
|
"to_ids": true,
|
||
|
"type": "ssdeep",
|
||
|
"uuid": "3e2e8adc-cc90-49f9-8042-0d41db3da167",
|
||
|
"value": "192:TTRjmgBBg/WIDbEq1CalgHykkXXQ+MpovANYBj+nl:P5XEl4SFXXpSmCYR8"
|
||
|
}
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"comment": "",
|
||
|
"deleted": false,
|
||
|
"description": "Object describing a section of an Executable and Linkable Format",
|
||
|
"meta-category": "file",
|
||
|
"name": "elf-section",
|
||
|
"template_uuid": "ca271f32-1234-4e87-b240-6b6e882de5de",
|
||
|
"template_version": "4",
|
||
|
"timestamp": "1643379814",
|
||
|
"uuid": "5017c265-1aa5-4da9-ac98-f6a822ce6c42",
|
||
|
"Attribute": [
|
||
|
{
|
||
|
"category": "Other",
|
||
|
"comment": "",
|
||
|
"deleted": false,
|
||
|
"disable_correlation": true,
|
||
|
"object_relation": "name",
|
||
|
"timestamp": "1643379814",
|
||
|
"to_ids": false,
|
||
|
"type": "text",
|
||
|
"uuid": "846a7d86-f26a-4ad1-9735-a45aeb77a0bd",
|
||
|
"value": ".debug_loc"
|
||
|
},
|
||
|
{
|
||
|
"category": "Other",
|
||
|
"comment": "",
|
||
|
"deleted": false,
|
||
|
"disable_correlation": true,
|
||
|
"object_relation": "type",
|
||
|
"timestamp": "1643379814",
|
||
|
"to_ids": false,
|
||
|
"type": "text",
|
||
|
"uuid": "ed0e7406-730a-4294-b194-7e20ff7faca4",
|
||
|
"value": "PROGBITS"
|
||
|
},
|
||
|
{
|
||
|
"category": "Other",
|
||
|
"comment": "",
|
||
|
"deleted": false,
|
||
|
"disable_correlation": true,
|
||
|
"object_relation": "size-in-bytes",
|
||
|
"timestamp": "1643379814",
|
||
|
"to_ids": false,
|
||
|
"type": "size-in-bytes",
|
||
|
"uuid": "3a1ae2cf-6e1b-481a-abb2-6b58607da329",
|
||
|
"value": "41324"
|
||
|
},
|
||
|
{
|
||
|
"category": "Other",
|
||
|
"comment": "",
|
||
|
"deleted": false,
|
||
|
"disable_correlation": true,
|
||
|
"object_relation": "entropy",
|
||
|
"timestamp": "1643379814",
|
||
|
"to_ids": false,
|
||
|
"type": "float",
|
||
|
"uuid": "77505c7f-29d9-41f9-ae50-26d2df7daf3a",
|
||
|
"value": "2.7911258913065"
|
||
|
},
|
||
|
{
|
||
|
"category": "Payload delivery",
|
||
|
"comment": "",
|
||
|
"deleted": false,
|
||
|
"disable_correlation": false,
|
||
|
"object_relation": "md5",
|
||
|
"timestamp": "1643379814",
|
||
|
"to_ids": true,
|
||
|
"type": "md5",
|
||
|
"uuid": "a7e10f07-ec92-491f-a3a0-50e586bd4b41",
|
||
|
"value": "75c826b91edea0f0bf83ff807f4ddeeb"
|
||
|
},
|
||
|
{
|
||
|
"category": "Payload delivery",
|
||
|
"comment": "",
|
||
|
"deleted": false,
|
||
|
"disable_correlation": false,
|
||
|
"object_relation": "sha1",
|
||
|
"timestamp": "1643379814",
|
||
|
"to_ids": true,
|
||
|
"type": "sha1",
|
||
|
"uuid": "2eb23ad1-0511-4aec-993c-386565960dcb",
|
||
|
"value": "7a17069df1dd38cafeebbf8ea769f303a11656bb"
|
||
|
},
|
||
|
{
|
||
|
"category": "Payload delivery",
|
||
|
"comment": "",
|
||
|
"deleted": false,
|
||
|
"disable_correlation": false,
|
||
|
"object_relation": "sha256",
|
||
|
"timestamp": "1643379814",
|
||
|
"to_ids": true,
|
||
|
"type": "sha256",
|
||
|
"uuid": "f22cda54-fa81-4b96-aa59-15ded4bfebb0",
|
||
|
"value": "c70288a77b2acfbaa35000491b8736ab70743f9ee9f2e0556ca2702d19a3544e"
|
||
|
},
|
||
|
{
|
||
|
"category": "Payload delivery",
|
||
|
"comment": "",
|
||
|
"deleted": false,
|
||
|
"disable_correlation": false,
|
||
|
"object_relation": "sha512",
|
||
|
"timestamp": "1643379814",
|
||
|
"to_ids": true,
|
||
|
"type": "sha512",
|
||
|
"uuid": "6cb78f0b-a360-4c70-8f2e-9f0507fefb19",
|
||
|
"value": "c55ae7bf38bdccfe6200be878b8d0adabe7fc86d2ce1844fc2fe043adcc9b45dc6edadd8c73011d3e68234b4cd3911a22a077dc23ee7424a5f01f066198a2686"
|
||
|
},
|
||
|
{
|
||
|
"category": "Payload delivery",
|
||
|
"comment": "",
|
||
|
"deleted": false,
|
||
|
"disable_correlation": false,
|
||
|
"object_relation": "ssdeep",
|
||
|
"timestamp": "1643379814",
|
||
|
"to_ids": true,
|
||
|
"type": "ssdeep",
|
||
|
"uuid": "8d38d03a-e4ac-46c0-bc4a-afafa7612f9a",
|
||
|
"value": "384:gah+ixHUA2JyWngl4+3pdIeRt8jXugN/lANhqTNwLzG1gtHIHbnk8c:gahbxHMJyWmdIqOXugNeNRLzG1/"
|
||
|
}
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"comment": "",
|
||
|
"deleted": false,
|
||
|
"description": "Object describing a section of an Executable and Linkable Format",
|
||
|
"meta-category": "file",
|
||
|
"name": "elf-section",
|
||
|
"template_uuid": "ca271f32-1234-4e87-b240-6b6e882de5de",
|
||
|
"template_version": "4",
|
||
|
"timestamp": "1643379814",
|
||
|
"uuid": "20c26b05-2d9c-481b-abc5-ac467675157b",
|
||
|
"Attribute": [
|
||
|
{
|
||
|
"category": "Other",
|
||
|
"comment": "",
|
||
|
"deleted": false,
|
||
|
"disable_correlation": true,
|
||
|
"object_relation": "name",
|
||
|
"timestamp": "1643379814",
|
||
|
"to_ids": false,
|
||
|
"type": "text",
|
||
|
"uuid": "a1421ab9-6145-48f7-94ab-2cb65a9fab43",
|
||
|
"value": ".debug_ranges"
|
||
|
},
|
||
|
{
|
||
|
"category": "Other",
|
||
|
"comment": "",
|
||
|
"deleted": false,
|
||
|
"disable_correlation": true,
|
||
|
"object_relation": "type",
|
||
|
"timestamp": "1643379814",
|
||
|
"to_ids": false,
|
||
|
"type": "text",
|
||
|
"uuid": "fadc84d3-8ee0-4517-b333-d9bd25311535",
|
||
|
"value": "PROGBITS"
|
||
|
},
|
||
|
{
|
||
|
"category": "Other",
|
||
|
"comment": "",
|
||
|
"deleted": false,
|
||
|
"disable_correlation": true,
|
||
|
"object_relation": "size-in-bytes",
|
||
|
"timestamp": "1643379814",
|
||
|
"to_ids": false,
|
||
|
"type": "size-in-bytes",
|
||
|
"uuid": "0a3586b9-c522-4bf6-a601-14fb47becd80",
|
||
|
"value": "4192"
|
||
|
},
|
||
|
{
|
||
|
"category": "Other",
|
||
|
"comment": "",
|
||
|
"deleted": false,
|
||
|
"disable_correlation": true,
|
||
|
"object_relation": "entropy",
|
||
|
"timestamp": "1643379814",
|
||
|
"to_ids": false,
|
||
|
"type": "float",
|
||
|
"uuid": "fc93bf03-e938-406c-b5b5-48809639043e",
|
||
|
"value": "1.9426792068377"
|
||
|
},
|
||
|
{
|
||
|
"category": "Payload delivery",
|
||
|
"comment": "",
|
||
|
"deleted": false,
|
||
|
"disable_correlation": false,
|
||
|
"object_relation": "md5",
|
||
|
"timestamp": "1643379814",
|
||
|
"to_ids": true,
|
||
|
"type": "md5",
|
||
|
"uuid": "0aef7613-566d-4940-a4e6-5a311799ce7a",
|
||
|
"value": "b6ade8eb0c9af365f6abe8aee7703680"
|
||
|
},
|
||
|
{
|
||
|
"category": "Payload delivery",
|
||
|
"comment": "",
|
||
|
"deleted": false,
|
||
|
"disable_correlation": false,
|
||
|
"object_relation": "sha1",
|
||
|
"timestamp": "1643379814",
|
||
|
"to_ids": true,
|
||
|
"type": "sha1",
|
||
|
"uuid": "5c73838a-a1c0-4bc7-838d-77b385b03aeb",
|
||
|
"value": "e1648face620c760d64ed3f92ffbef8253cbb12f"
|
||
|
},
|
||
|
{
|
||
|
"category": "Payload delivery",
|
||
|
"comment": "",
|
||
|
"deleted": false,
|
||
|
"disable_correlation": false,
|
||
|
"object_relation": "sha256",
|
||
|
"timestamp": "1643379814",
|
||
|
"to_ids": true,
|
||
|
"type": "sha256",
|
||
|
"uuid": "2b42b78b-650a-47a6-9578-f0bfe8f73c2e",
|
||
|
"value": "9d3264bb78a7342b1f0d5b6e54c3e727a07af5b6b3455f45b94c0e24b50055a2"
|
||
|
},
|
||
|
{
|
||
|
"category": "Payload delivery",
|
||
|
"comment": "",
|
||
|
"deleted": false,
|
||
|
"disable_correlation": false,
|
||
|
"object_relation": "sha512",
|
||
|
"timestamp": "1643379814",
|
||
|
"to_ids": true,
|
||
|
"type": "sha512",
|
||
|
"uuid": "e9e6ece1-3f7a-4405-b123-420aea21052d",
|
||
|
"value": "2aa3305906824e493bc11d2361b2c8591d1bdfe124b6b7c6576b04c031a26135ab1b80cb1757a53a5bf94ff0d09841401fab389f78d74f691d44471087475cc2"
|
||
|
},
|
||
|
{
|
||
|
"category": "Payload delivery",
|
||
|
"comment": "",
|
||
|
"deleted": false,
|
||
|
"disable_correlation": false,
|
||
|
"object_relation": "ssdeep",
|
||
|
"timestamp": "1643379814",
|
||
|
"to_ids": true,
|
||
|
"type": "ssdeep",
|
||
|
"uuid": "39fed865-44e8-4d9e-9e49-2b009eeba92d",
|
||
|
"value": "48:UvXGHmmdFY4MpIOECv4DXDXDYpOF3mmtv5IO+AH275MD2drLy:UeHmmd6lE04DXDXDrF3mmtvV07Bd"
|
||
|
}
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"comment": "",
|
||
|
"deleted": false,
|
||
|
"description": "Object describing a section of an Executable and Linkable Format",
|
||
|
"meta-category": "file",
|
||
|
"name": "elf-section",
|
||
|
"template_uuid": "ca271f32-1234-4e87-b240-6b6e882de5de",
|
||
|
"template_version": "4",
|
||
|
"timestamp": "1643379814",
|
||
|
"uuid": "fbd07bfb-4432-45f0-b117-169e3c1b30c0",
|
||
|
"Attribute": [
|
||
|
{
|
||
|
"category": "Other",
|
||
|
"comment": "",
|
||
|
"deleted": false,
|
||
|
"disable_correlation": true,
|
||
|
"object_relation": "name",
|
||
|
"timestamp": "1643379814",
|
||
|
"to_ids": false,
|
||
|
"type": "text",
|
||
|
"uuid": "37d2e13e-16a2-49ef-b1e8-f50becd82b1a",
|
||
|
"value": ".symtab"
|
||
|
},
|
||
|
{
|
||
|
"category": "Other",
|
||
|
"comment": "",
|
||
|
"deleted": false,
|
||
|
"disable_correlation": true,
|
||
|
"object_relation": "type",
|
||
|
"timestamp": "1643379814",
|
||
|
"to_ids": false,
|
||
|
"type": "text",
|
||
|
"uuid": "b9a9d717-0c46-4e43-8ade-c1cc53ae06f5",
|
||
|
"value": "SYMTAB"
|
||
|
},
|
||
|
{
|
||
|
"category": "Other",
|
||
|
"comment": "",
|
||
|
"deleted": false,
|
||
|
"disable_correlation": true,
|
||
|
"object_relation": "size-in-bytes",
|
||
|
"timestamp": "1643379814",
|
||
|
"to_ids": false,
|
||
|
"type": "size-in-bytes",
|
||
|
"uuid": "81b6986b-6f1f-4b06-8877-ad6141dc8113",
|
||
|
"value": "58632"
|
||
|
},
|
||
|
{
|
||
|
"category": "Other",
|
||
|
"comment": "",
|
||
|
"deleted": false,
|
||
|
"disable_correlation": true,
|
||
|
"object_relation": "entropy",
|
||
|
"timestamp": "1643379814",
|
||
|
"to_ids": false,
|
||
|
"type": "float",
|
||
|
"uuid": "298a6f62-059b-4e1b-bd1b-e890c9f97fb0",
|
||
|
"value": "3.2704167968698"
|
||
|
},
|
||
|
{
|
||
|
"category": "Payload delivery",
|
||
|
"comment": "",
|
||
|
"deleted": false,
|
||
|
"disable_correlation": false,
|
||
|
"object_relation": "md5",
|
||
|
"timestamp": "1643379814",
|
||
|
"to_ids": true,
|
||
|
"type": "md5",
|
||
|
"uuid": "0c54fc40-2bb3-4e94-b33d-f8fd29a39f1e",
|
||
|
"value": "ebc7ccebf350980919d1dc66f337b7cc"
|
||
|
},
|
||
|
{
|
||
|
"category": "Payload delivery",
|
||
|
"comment": "",
|
||
|
"deleted": false,
|
||
|
"disable_correlation": false,
|
||
|
"object_relation": "sha1",
|
||
|
"timestamp": "1643379814",
|
||
|
"to_ids": true,
|
||
|
"type": "sha1",
|
||
|
"uuid": "bbd07dbc-2e46-4ace-a90b-965e7742b032",
|
||
|
"value": "306412c77c1b4e74e4054e41ea1407c8fae327ab"
|
||
|
},
|
||
|
{
|
||
|
"category": "Payload delivery",
|
||
|
"comment": "",
|
||
|
"deleted": false,
|
||
|
"disable_correlation": false,
|
||
|
"object_relation": "sha256",
|
||
|
"timestamp": "1643379814",
|
||
|
"to_ids": true,
|
||
|
"type": "sha256",
|
||
|
"uuid": "0e9fd7b8-ee8e-4738-bfd3-d01189edc185",
|
||
|
"value": "a99f6690c57912ee9b50a824677a0e73a33fe89e81178f1c341ba4cc5c734baa"
|
||
|
},
|
||
|
{
|
||
|
"category": "Payload delivery",
|
||
|
"comment": "",
|
||
|
"deleted": false,
|
||
|
"disable_correlation": false,
|
||
|
"object_relation": "sha512",
|
||
|
"timestamp": "1643379814",
|
||
|
"to_ids": true,
|
||
|
"type": "sha512",
|
||
|
"uuid": "8a227579-6196-4cf0-b367-60f9111454f9",
|
||
|
"value": "cded297ea05912e5cc7bd10375068648289a3476ce8f6de94b9acb8df41739362ae0da6ce1460c3de72f43389d44ecd068a9781ea48fe9548028e710648a83b4"
|
||
|
},
|
||
|
{
|
||
|
"category": "Payload delivery",
|
||
|
"comment": "",
|
||
|
"deleted": false,
|
||
|
"disable_correlation": false,
|
||
|
"object_relation": "ssdeep",
|
||
|
"timestamp": "1643379814",
|
||
|
"to_ids": true,
|
||
|
"type": "ssdeep",
|
||
|
"uuid": "c05f7bdf-9f85-404e-88bf-99f5b020d59c",
|
||
|
"value": "768:KSjjf7mk7Az7zEi7vay56R9mnExbIOH5vRBmQDN:vP7NAz7ggdc6ExbIWpBvD"
|
||
|
}
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"comment": "",
|
||
|
"deleted": false,
|
||
|
"description": "Object describing a section of an Executable and Linkable Format",
|
||
|
"meta-category": "file",
|
||
|
"name": "elf-section",
|
||
|
"template_uuid": "ca271f32-1234-4e87-b240-6b6e882de5de",
|
||
|
"template_version": "4",
|
||
|
"timestamp": "1643379814",
|
||
|
"uuid": "22b34d51-5a31-483b-af3a-3e8e1957236e",
|
||
|
"Attribute": [
|
||
|
{
|
||
|
"category": "Other",
|
||
|
"comment": "",
|
||
|
"deleted": false,
|
||
|
"disable_correlation": true,
|
||
|
"object_relation": "name",
|
||
|
"timestamp": "1643379814",
|
||
|
"to_ids": false,
|
||
|
"type": "text",
|
||
|
"uuid": "e4ecca63-6afd-4a29-a818-9b1778134067",
|
||
|
"value": ".strtab"
|
||
|
},
|
||
|
{
|
||
|
"category": "Other",
|
||
|
"comment": "",
|
||
|
"deleted": false,
|
||
|
"disable_correlation": true,
|
||
|
"object_relation": "type",
|
||
|
"timestamp": "1643379814",
|
||
|
"to_ids": false,
|
||
|
"type": "text",
|
||
|
"uuid": "12fddd86-ce4c-4ee7-b81e-61300add3bfa",
|
||
|
"value": "STRTAB"
|
||
|
},
|
||
|
{
|
||
|
"category": "Other",
|
||
|
"comment": "",
|
||
|
"deleted": false,
|
||
|
"disable_correlation": true,
|
||
|
"object_relation": "size-in-bytes",
|
||
|
"timestamp": "1643379814",
|
||
|
"to_ids": false,
|
||
|
"type": "size-in-bytes",
|
||
|
"uuid": "6a978f01-c18a-466d-9f30-422a5482c788",
|
||
|
"value": "31843"
|
||
|
},
|
||
|
{
|
||
|
"category": "Other",
|
||
|
"comment": "",
|
||
|
"deleted": false,
|
||
|
"disable_correlation": true,
|
||
|
"object_relation": "entropy",
|
||
|
"timestamp": "1643379814",
|
||
|
"to_ids": false,
|
||
|
"type": "float",
|
||
|
"uuid": "5c517924-b71b-4cb3-84ae-03992f37d830",
|
||
|
"value": "4.6314982295082"
|
||
|
},
|
||
|
{
|
||
|
"category": "Payload delivery",
|
||
|
"comment": "",
|
||
|
"deleted": false,
|
||
|
"disable_correlation": false,
|
||
|
"object_relation": "md5",
|
||
|
"timestamp": "1643379814",
|
||
|
"to_ids": true,
|
||
|
"type": "md5",
|
||
|
"uuid": "d3f18327-5e24-47fe-a3ac-953ed921226f",
|
||
|
"value": "2b6c9a19e7d219bf597c1fdbf0c5a8fe"
|
||
|
},
|
||
|
{
|
||
|
"category": "Payload delivery",
|
||
|
"comment": "",
|
||
|
"deleted": false,
|
||
|
"disable_correlation": false,
|
||
|
"object_relation": "sha1",
|
||
|
"timestamp": "1643379814",
|
||
|
"to_ids": true,
|
||
|
"type": "sha1",
|
||
|
"uuid": "070b41ac-08c9-478e-8966-2b9c93dabdae",
|
||
|
"value": "86c5f200ef1779f5ca0e498f5fccefbfdfd776c1"
|
||
|
},
|
||
|
{
|
||
|
"category": "Payload delivery",
|
||
|
"comment": "",
|
||
|
"deleted": false,
|
||
|
"disable_correlation": false,
|
||
|
"object_relation": "sha256",
|
||
|
"timestamp": "1643379814",
|
||
|
"to_ids": true,
|
||
|
"type": "sha256",
|
||
|
"uuid": "9f04cd80-f9b3-4725-926e-b37770d1093e",
|
||
|
"value": "c4a486864a5d0de1ef945f7ac7319c18b263a8c21bb512961425898911b8f78f"
|
||
|
},
|
||
|
{
|
||
|
"category": "Payload delivery",
|
||
|
"comment": "",
|
||
|
"deleted": false,
|
||
|
"disable_correlation": false,
|
||
|
"object_relation": "sha512",
|
||
|
"timestamp": "1643379814",
|
||
|
"to_ids": true,
|
||
|
"type": "sha512",
|
||
|
"uuid": "e4876d6a-aae9-4c58-a9c2-61435f9cde4a",
|
||
|
"value": "a28514f9a00d95cd900598ca058de38e2f58f52885c7ed5e9b33464c70afe77e6e5e005d157f16612dc42453599282762fb9705dc22e7565ea70a31079f167c3"
|
||
|
},
|
||
|
{
|
||
|
"category": "Payload delivery",
|
||
|
"comment": "",
|
||
|
"deleted": false,
|
||
|
"disable_correlation": false,
|
||
|
"object_relation": "ssdeep",
|
||
|
"timestamp": "1643379814",
|
||
|
"to_ids": true,
|
||
|
"type": "ssdeep",
|
||
|
"uuid": "c783b56f-49b8-4633-ae0a-8d4f2d176a29",
|
||
|
"value": "768:EKrlWymHu/gARHNlByMDvnikLTB/nAhs2Xy2zDptDvpMimWycITFE+14zsk2zQFT:EKEycAHNKMDvikos2VltKiXTITv4zUQ9"
|
||
|
}
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"comment": "",
|
||
|
"deleted": false,
|
||
|
"description": "Object describing a section of an Executable and Linkable Format",
|
||
|
"meta-category": "file",
|
||
|
"name": "elf-section",
|
||
|
"template_uuid": "ca271f32-1234-4e87-b240-6b6e882de5de",
|
||
|
"template_version": "4",
|
||
|
"timestamp": "1643379814",
|
||
|
"uuid": "38e7e306-4dfb-4a52-b44c-03e0e3eadeef",
|
||
|
"Attribute": [
|
||
|
{
|
||
|
"category": "Other",
|
||
|
"comment": "",
|
||
|
"deleted": false,
|
||
|
"disable_correlation": true,
|
||
|
"object_relation": "name",
|
||
|
"timestamp": "1643379814",
|
||
|
"to_ids": false,
|
||
|
"type": "text",
|
||
|
"uuid": "1d21e0d6-1870-45ef-9a59-035137d43187",
|
||
|
"value": ".shstrtab"
|
||
|
},
|
||
|
{
|
||
|
"category": "Other",
|
||
|
"comment": "",
|
||
|
"deleted": false,
|
||
|
"disable_correlation": true,
|
||
|
"object_relation": "type",
|
||
|
"timestamp": "1643379814",
|
||
|
"to_ids": false,
|
||
|
"type": "text",
|
||
|
"uuid": "a8cc3210-8872-498c-963b-5ea7ade732af",
|
||
|
"value": "STRTAB"
|
||
|
},
|
||
|
{
|
||
|
"category": "Other",
|
||
|
"comment": "",
|
||
|
"deleted": false,
|
||
|
"disable_correlation": true,
|
||
|
"object_relation": "size-in-bytes",
|
||
|
"timestamp": "1643379814",
|
||
|
"to_ids": false,
|
||
|
"type": "size-in-bytes",
|
||
|
"uuid": "5deb0fa4-9f1b-43e3-b37a-ccb8fefb1260",
|
||
|
"value": "385"
|
||
|
},
|
||
|
{
|
||
|
"category": "Other",
|
||
|
"comment": "",
|
||
|
"deleted": false,
|
||
|
"disable_correlation": true,
|
||
|
"object_relation": "entropy",
|
||
|
"timestamp": "1643379814",
|
||
|
"to_ids": false,
|
||
|
"type": "float",
|
||
|
"uuid": "460740f2-0171-42ab-aae2-ba6171f86c56",
|
||
|
"value": "4.317008081308"
|
||
|
},
|
||
|
{
|
||
|
"category": "Payload delivery",
|
||
|
"comment": "",
|
||
|
"deleted": false,
|
||
|
"disable_correlation": false,
|
||
|
"object_relation": "md5",
|
||
|
"timestamp": "1643379814",
|
||
|
"to_ids": true,
|
||
|
"type": "md5",
|
||
|
"uuid": "440f4599-4248-4ddf-9369-837bcb6a9995",
|
||
|
"value": "85d1eb6d1e5b292a34cb5cf172d13e4f"
|
||
|
},
|
||
|
{
|
||
|
"category": "Payload delivery",
|
||
|
"comment": "",
|
||
|
"deleted": false,
|
||
|
"disable_correlation": false,
|
||
|
"object_relation": "sha1",
|
||
|
"timestamp": "1643379814",
|
||
|
"to_ids": true,
|
||
|
"type": "sha1",
|
||
|
"uuid": "b1e2f9d7-b608-4c2d-a9db-32fe67876387",
|
||
|
"value": "7709ffafc8174f3690dc3a4799618dbac4489416"
|
||
|
},
|
||
|
{
|
||
|
"category": "Payload delivery",
|
||
|
"comment": "",
|
||
|
"deleted": false,
|
||
|
"disable_correlation": false,
|
||
|
"object_relation": "sha256",
|
||
|
"timestamp": "1643379814",
|
||
|
"to_ids": true,
|
||
|
"type": "sha256",
|
||
|
"uuid": "c2543f0b-1826-48fd-beb7-c3c63be017f3",
|
||
|
"value": "599c752bae6979fba10a5bd6241df6eb52ef5856593571aacf0e376906f00d40"
|
||
|
},
|
||
|
{
|
||
|
"category": "Payload delivery",
|
||
|
"comment": "",
|
||
|
"deleted": false,
|
||
|
"disable_correlation": false,
|
||
|
"object_relation": "sha512",
|
||
|
"timestamp": "1643379814",
|
||
|
"to_ids": true,
|
||
|
"type": "sha512",
|
||
|
"uuid": "f7277bb5-6ab0-4ddb-8460-7d0ea8266490",
|
||
|
"value": "aad752254ff78edd1435e42187b747862618454cac5bb5d9567386d55f9e9165df9c3fd00afec1621c41ca95c8592404fce1ec76b968d38e767dfc587375e3d1"
|
||
|
},
|
||
|
{
|
||
|
"category": "Payload delivery",
|
||
|
"comment": "",
|
||
|
"deleted": false,
|
||
|
"disable_correlation": false,
|
||
|
"object_relation": "ssdeep",
|
||
|
"timestamp": "1643379814",
|
||
|
"to_ids": true,
|
||
|
"type": "ssdeep",
|
||
|
"uuid": "ba659e99-dba6-46ca-ab24-c0d5fbbd939c",
|
||
|
"value": "12:IELkxo84O6OvXdRAJWlRWi77Iptxh8hc+:X6oujAs7Boph8z"
|
||
|
}
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"comment": "",
|
||
|
"deleted": false,
|
||
|
"description": "Object describing a Executable and Linkable Format",
|
||
|
"meta-category": "file",
|
||
|
"name": "elf",
|
||
|
"template_uuid": "fa6534ae-ad74-4ce0-8f23-15a66c82c7fa",
|
||
|
"template_version": "5",
|
||
|
"timestamp": "1643379815",
|
||
|
"uuid": "ddf191cd-db3c-4917-bbc6-be5278589bd5",
|
||
|
"ObjectReference": [
|
||
|
{
|
||
|
"comment": "Section 0 of ELF",
|
||
|
"object_uuid": "ddf191cd-db3c-4917-bbc6-be5278589bd5",
|
||
|
"referenced_uuid": "332737d8-78a4-43c1-8eea-1672a9c6211e",
|
||
|
"relationship_type": "includes",
|
||
|
"timestamp": "1643379815",
|
||
|
"uuid": "78410133-06da-4c16-b98f-26ebeb148f7d"
|
||
|
},
|
||
|
{
|
||
|
"comment": "Section 1 of ELF",
|
||
|
"object_uuid": "ddf191cd-db3c-4917-bbc6-be5278589bd5",
|
||
|
"referenced_uuid": "86f548c8-b230-4c9a-b370-ab8c763247a4",
|
||
|
"relationship_type": "includes",
|
||
|
"timestamp": "1643379815",
|
||
|
"uuid": "f8e71309-8fa5-45cc-9fdf-22860dbd7a67"
|
||
|
},
|
||
|
{
|
||
|
"comment": "Section 2 of ELF",
|
||
|
"object_uuid": "ddf191cd-db3c-4917-bbc6-be5278589bd5",
|
||
|
"referenced_uuid": "6994c40d-0d38-4742-83fa-223ab043ce4f",
|
||
|
"relationship_type": "includes",
|
||
|
"timestamp": "1643379815",
|
||
|
"uuid": "fb7c0ec8-5587-416f-b1a9-0043cb635fae"
|
||
|
},
|
||
|
{
|
||
|
"comment": "Section 3 of ELF",
|
||
|
"object_uuid": "ddf191cd-db3c-4917-bbc6-be5278589bd5",
|
||
|
"referenced_uuid": "08bdf6a7-c0ca-4804-b0b0-a85fe7e852dd",
|
||
|
"relationship_type": "includes",
|
||
|
"timestamp": "1643379815",
|
||
|
"uuid": "21ed11ed-6d06-4ce0-9349-aa28971e95d9"
|
||
|
},
|
||
|
{
|
||
|
"comment": "Section 4 of ELF",
|
||
|
"object_uuid": "ddf191cd-db3c-4917-bbc6-be5278589bd5",
|
||
|
"referenced_uuid": "04dc6d5f-9f25-4855-8ca7-724299500296",
|
||
|
"relationship_type": "includes",
|
||
|
"timestamp": "1643379815",
|
||
|
"uuid": "f2ab2269-dc78-43b6-a39a-80c5bda919f2"
|
||
|
},
|
||
|
{
|
||
|
"comment": "Section 5 of ELF",
|
||
|
"object_uuid": "ddf191cd-db3c-4917-bbc6-be5278589bd5",
|
||
|
"referenced_uuid": "8c4d1d56-076b-43f7-9fd4-a5ab61aef707",
|
||
|
"relationship_type": "includes",
|
||
|
"timestamp": "1643379815",
|
||
|
"uuid": "36847e39-8d18-4d44-b631-7b6a75c28149"
|
||
|
},
|
||
|
{
|
||
|
"comment": "Section 6 of ELF",
|
||
|
"object_uuid": "ddf191cd-db3c-4917-bbc6-be5278589bd5",
|
||
|
"referenced_uuid": "477fe223-252c-4506-99cf-d5b0141824c1",
|
||
|
"relationship_type": "includes",
|
||
|
"timestamp": "1643379815",
|
||
|
"uuid": "062150f6-e85e-45b4-adaf-7d5b3f5ec915"
|
||
|
},
|
||
|
{
|
||
|
"comment": "Section 7 of ELF",
|
||
|
"object_uuid": "ddf191cd-db3c-4917-bbc6-be5278589bd5",
|
||
|
"referenced_uuid": "f6b98e69-863a-453d-b203-4ad6daf96031",
|
||
|
"relationship_type": "includes",
|
||
|
"timestamp": "1643379815",
|
||
|
"uuid": "15b712c2-eb61-47ca-95f5-96a66b4e02ec"
|
||
|
},
|
||
|
{
|
||
|
"comment": "Section 8 of ELF",
|
||
|
"object_uuid": "ddf191cd-db3c-4917-bbc6-be5278589bd5",
|
||
|
"referenced_uuid": "43f17071-8590-4431-b05a-1ba373f06156",
|
||
|
"relationship_type": "includes",
|
||
|
"timestamp": "1643379815",
|
||
|
"uuid": "6c168fb2-0289-4959-9d50-53c052f757a8"
|
||
|
},
|
||
|
{
|
||
|
"comment": "Section 9 of ELF",
|
||
|
"object_uuid": "ddf191cd-db3c-4917-bbc6-be5278589bd5",
|
||
|
"referenced_uuid": "988dae6b-7878-45d3-bb52-3483cfaa90ac",
|
||
|
"relationship_type": "includes",
|
||
|
"timestamp": "1643379815",
|
||
|
"uuid": "ea49d7d3-0378-40ca-9da9-a65b8a843392"
|
||
|
},
|
||
|
{
|
||
|
"comment": "Section 10 of ELF",
|
||
|
"object_uuid": "ddf191cd-db3c-4917-bbc6-be5278589bd5",
|
||
|
"referenced_uuid": "ff3dbf25-c91a-4c5e-a307-b09140d1e54d",
|
||
|
"relationship_type": "includes",
|
||
|
"timestamp": "1643379815",
|
||
|
"uuid": "52d5d605-700a-44ce-beea-3eb9b6d222f3"
|
||
|
},
|
||
|
{
|
||
|
"comment": "Section 11 of ELF",
|
||
|
"object_uuid": "ddf191cd-db3c-4917-bbc6-be5278589bd5",
|
||
|
"referenced_uuid": "0e101d57-1d90-4076-8374-225d56ec15c6",
|
||
|
"relationship_type": "includes",
|
||
|
"timestamp": "1643379815",
|
||
|
"uuid": "9306007b-b481-4ed9-915f-f31d59b76a46"
|
||
|
},
|
||
|
{
|
||
|
"comment": "Section 12 of ELF",
|
||
|
"object_uuid": "ddf191cd-db3c-4917-bbc6-be5278589bd5",
|
||
|
"referenced_uuid": "388ec59f-5fd6-4ece-b807-951ba9deab10",
|
||
|
"relationship_type": "includes",
|
||
|
"timestamp": "1643379815",
|
||
|
"uuid": "4762c143-09bd-49b4-a1ac-3e4a99ec0587"
|
||
|
},
|
||
|
{
|
||
|
"comment": "Section 13 of ELF",
|
||
|
"object_uuid": "ddf191cd-db3c-4917-bbc6-be5278589bd5",
|
||
|
"referenced_uuid": "95a48a4b-e0cd-4ac8-aa65-1616034ddb4e",
|
||
|
"relationship_type": "includes",
|
||
|
"timestamp": "1643379815",
|
||
|
"uuid": "bd7e0168-b110-4eb2-b9df-5ac928439c35"
|
||
|
},
|
||
|
{
|
||
|
"comment": "Section 14 of ELF",
|
||
|
"object_uuid": "ddf191cd-db3c-4917-bbc6-be5278589bd5",
|
||
|
"referenced_uuid": "d3d5cf26-3fb5-422a-b09f-bd5608b748b0",
|
||
|
"relationship_type": "includes",
|
||
|
"timestamp": "1643379815",
|
||
|
"uuid": "784adba5-2ec4-4003-b936-2b689c0d63a0"
|
||
|
},
|
||
|
{
|
||
|
"comment": "Section 15 of ELF",
|
||
|
"object_uuid": "ddf191cd-db3c-4917-bbc6-be5278589bd5",
|
||
|
"referenced_uuid": "5ae76e6a-5bde-49ff-ae62-7a7a4f52aaa9",
|
||
|
"relationship_type": "includes",
|
||
|
"timestamp": "1643379815",
|
||
|
"uuid": "a5dec8c5-5255-41d3-abf3-ad563d1dc291"
|
||
|
},
|
||
|
{
|
||
|
"comment": "Section 16 of ELF",
|
||
|
"object_uuid": "ddf191cd-db3c-4917-bbc6-be5278589bd5",
|
||
|
"referenced_uuid": "bb1bfb74-9f6f-4449-b874-a765554cc9eb",
|
||
|
"relationship_type": "includes",
|
||
|
"timestamp": "1643379815",
|
||
|
"uuid": "2d9f8fce-6b67-4c8d-ab1a-9d20aa26249e"
|
||
|
},
|
||
|
{
|
||
|
"comment": "Section 17 of ELF",
|
||
|
"object_uuid": "ddf191cd-db3c-4917-bbc6-be5278589bd5",
|
||
|
"referenced_uuid": "3f774191-fb1e-457e-9d1c-5bc8ad5454b6",
|
||
|
"relationship_type": "includes",
|
||
|
"timestamp": "1643379815",
|
||
|
"uuid": "94a5f0a9-3b40-4eb8-86b4-6621275ec114"
|
||
|
},
|
||
|
{
|
||
|
"comment": "Section 18 of ELF",
|
||
|
"object_uuid": "ddf191cd-db3c-4917-bbc6-be5278589bd5",
|
||
|
"referenced_uuid": "2d3fc584-84ff-429e-9894-e892146ce7cb",
|
||
|
"relationship_type": "includes",
|
||
|
"timestamp": "1643379815",
|
||
|
"uuid": "1e4ceab5-7c80-4c92-9d4f-b384cd41a857"
|
||
|
},
|
||
|
{
|
||
|
"comment": "Section 19 of ELF",
|
||
|
"object_uuid": "ddf191cd-db3c-4917-bbc6-be5278589bd5",
|
||
|
"referenced_uuid": "22175547-a96b-4ec3-b03f-26f365d45c71",
|
||
|
"relationship_type": "includes",
|
||
|
"timestamp": "1643379815",
|
||
|
"uuid": "03c1fed0-deeb-4720-9b06-f69ef2aa1ee9"
|
||
|
},
|
||
|
{
|
||
|
"comment": "Section 20 of ELF",
|
||
|
"object_uuid": "ddf191cd-db3c-4917-bbc6-be5278589bd5",
|
||
|
"referenced_uuid": "0cbef961-ea90-4e1f-9f8d-3e4d24f62699",
|
||
|
"relationship_type": "includes",
|
||
|
"timestamp": "1643379815",
|
||
|
"uuid": "a6016da0-98a9-4cd7-a904-f00298afb955"
|
||
|
},
|
||
|
{
|
||
|
"comment": "Section 21 of ELF",
|
||
|
"object_uuid": "ddf191cd-db3c-4917-bbc6-be5278589bd5",
|
||
|
"referenced_uuid": "05156594-1bb7-41af-b736-267ad8389d64",
|
||
|
"relationship_type": "includes",
|
||
|
"timestamp": "1643379815",
|
||
|
"uuid": "8f6eb7cd-f877-40dd-8612-014187dab10b"
|
||
|
},
|
||
|
{
|
||
|
"comment": "Section 22 of ELF",
|
||
|
"object_uuid": "ddf191cd-db3c-4917-bbc6-be5278589bd5",
|
||
|
"referenced_uuid": "0317c886-7db0-4827-a0b8-6dd84576ddb5",
|
||
|
"relationship_type": "includes",
|
||
|
"timestamp": "1643379815",
|
||
|
"uuid": "c28895e6-66b9-4847-86d2-174831306894"
|
||
|
},
|
||
|
{
|
||
|
"comment": "Section 23 of ELF",
|
||
|
"object_uuid": "ddf191cd-db3c-4917-bbc6-be5278589bd5",
|
||
|
"referenced_uuid": "ad40d950-54f9-4ba6-9616-62ec24267483",
|
||
|
"relationship_type": "includes",
|
||
|
"timestamp": "1643379815",
|
||
|
"uuid": "93e1b4ed-75c2-43c9-8bc6-ba3863e0039f"
|
||
|
},
|
||
|
{
|
||
|
"comment": "Section 24 of ELF",
|
||
|
"object_uuid": "ddf191cd-db3c-4917-bbc6-be5278589bd5",
|
||
|
"referenced_uuid": "0f049f52-42a6-42aa-b98f-6e2cb4e57fd3",
|
||
|
"relationship_type": "includes",
|
||
|
"timestamp": "1643379815",
|
||
|
"uuid": "bd33c71b-ce88-47f3-84da-2f4d81dfa340"
|
||
|
},
|
||
|
{
|
||
|
"comment": "Section 25 of ELF",
|
||
|
"object_uuid": "ddf191cd-db3c-4917-bbc6-be5278589bd5",
|
||
|
"referenced_uuid": "56143abf-cf39-4a32-b7e1-05145c5f4acf",
|
||
|
"relationship_type": "includes",
|
||
|
"timestamp": "1643379815",
|
||
|
"uuid": "d5624422-7943-42f9-ac1f-a06e3a724d9d"
|
||
|
},
|
||
|
{
|
||
|
"comment": "Section 26 of ELF",
|
||
|
"object_uuid": "ddf191cd-db3c-4917-bbc6-be5278589bd5",
|
||
|
"referenced_uuid": "0e9e6b1b-69d5-4188-b72c-2736a564e607",
|
||
|
"relationship_type": "includes",
|
||
|
"timestamp": "1643379815",
|
||
|
"uuid": "f5828110-6d0d-4292-88d2-3efc5f5b5c3a"
|
||
|
},
|
||
|
{
|
||
|
"comment": "Section 27 of ELF",
|
||
|
"object_uuid": "ddf191cd-db3c-4917-bbc6-be5278589bd5",
|
||
|
"referenced_uuid": "89bc1d5f-370c-4b63-8b0d-614340ef1ddd",
|
||
|
"relationship_type": "includes",
|
||
|
"timestamp": "1643379815",
|
||
|
"uuid": "337b3ede-5443-4916-92b1-93468102470b"
|
||
|
},
|
||
|
{
|
||
|
"comment": "Section 28 of ELF",
|
||
|
"object_uuid": "ddf191cd-db3c-4917-bbc6-be5278589bd5",
|
||
|
"referenced_uuid": "14b7ac86-f365-4e4b-ac83-cff6b629a56d",
|
||
|
"relationship_type": "includes",
|
||
|
"timestamp": "1643379815",
|
||
|
"uuid": "0a297e3b-83a3-4126-a2f8-3e460824aba5"
|
||
|
},
|
||
|
{
|
||
|
"comment": "Section 29 of ELF",
|
||
|
"object_uuid": "ddf191cd-db3c-4917-bbc6-be5278589bd5",
|
||
|
"referenced_uuid": "92326210-9571-44a8-ba88-4ad34b339337",
|
||
|
"relationship_type": "includes",
|
||
|
"timestamp": "1643379815",
|
||
|
"uuid": "a2c930ca-4091-41b7-bdce-cdf01a312763"
|
||
|
},
|
||
|
{
|
||
|
"comment": "Section 30 of ELF",
|
||
|
"object_uuid": "ddf191cd-db3c-4917-bbc6-be5278589bd5",
|
||
|
"referenced_uuid": "85a572df-42d4-40a0-bd36-e132c4c83790",
|
||
|
"relationship_type": "includes",
|
||
|
"timestamp": "1643379815",
|
||
|
"uuid": "13190d27-c779-4dc4-a39d-bfdf0e02e0da"
|
||
|
},
|
||
|
{
|
||
|
"comment": "Section 31 of ELF",
|
||
|
"object_uuid": "ddf191cd-db3c-4917-bbc6-be5278589bd5",
|
||
|
"referenced_uuid": "5017c265-1aa5-4da9-ac98-f6a822ce6c42",
|
||
|
"relationship_type": "includes",
|
||
|
"timestamp": "1643379815",
|
||
|
"uuid": "3afdb6e4-2788-4f1c-93a4-91996c502af8"
|
||
|
},
|
||
|
{
|
||
|
"comment": "Section 32 of ELF",
|
||
|
"object_uuid": "ddf191cd-db3c-4917-bbc6-be5278589bd5",
|
||
|
"referenced_uuid": "20c26b05-2d9c-481b-abc5-ac467675157b",
|
||
|
"relationship_type": "includes",
|
||
|
"timestamp": "1643379815",
|
||
|
"uuid": "1a3ef562-557d-40e1-a2cd-148078b54616"
|
||
|
},
|
||
|
{
|
||
|
"comment": "Section 33 of ELF",
|
||
|
"object_uuid": "ddf191cd-db3c-4917-bbc6-be5278589bd5",
|
||
|
"referenced_uuid": "fbd07bfb-4432-45f0-b117-169e3c1b30c0",
|
||
|
"relationship_type": "includes",
|
||
|
"timestamp": "1643379815",
|
||
|
"uuid": "8fc0722c-20f4-4943-a9a9-d7bb65845a6d"
|
||
|
},
|
||
|
{
|
||
|
"comment": "Section 34 of ELF",
|
||
|
"object_uuid": "ddf191cd-db3c-4917-bbc6-be5278589bd5",
|
||
|
"referenced_uuid": "22b34d51-5a31-483b-af3a-3e8e1957236e",
|
||
|
"relationship_type": "includes",
|
||
|
"timestamp": "1643379815",
|
||
|
"uuid": "f79e627b-ff4e-49e6-8a20-63b78255cb1e"
|
||
|
},
|
||
|
{
|
||
|
"comment": "Section 35 of ELF",
|
||
|
"object_uuid": "ddf191cd-db3c-4917-bbc6-be5278589bd5",
|
||
|
"referenced_uuid": "38e7e306-4dfb-4a52-b44c-03e0e3eadeef",
|
||
|
"relationship_type": "includes",
|
||
|
"timestamp": "1643379815",
|
||
|
"uuid": "79fb6e9e-67a3-4a27-b756-594c4b8fb507"
|
||
|
}
|
||
|
],
|
||
|
"Attribute": [
|
||
|
{
|
||
|
"category": "Other",
|
||
|
"comment": "",
|
||
|
"deleted": false,
|
||
|
"disable_correlation": true,
|
||
|
"object_relation": "type",
|
||
|
"timestamp": "1643379814",
|
||
|
"to_ids": false,
|
||
|
"type": "text",
|
||
|
"uuid": "6c2b815f-ebdd-44f3-9504-1403a589d89f",
|
||
|
"value": "EXECUTABLE"
|
||
|
},
|
||
|
{
|
||
|
"category": "Other",
|
||
|
"comment": "",
|
||
|
"deleted": false,
|
||
|
"disable_correlation": true,
|
||
|
"object_relation": "entrypoint-address",
|
||
|
"timestamp": "1643379814",
|
||
|
"to_ids": false,
|
||
|
"type": "text",
|
||
|
"uuid": "f461100c-e207-474c-a2ae-203e8c77d11c",
|
||
|
"value": "4201888"
|
||
|
},
|
||
|
{
|
||
|
"category": "Other",
|
||
|
"comment": "",
|
||
|
"deleted": false,
|
||
|
"disable_correlation": true,
|
||
|
"object_relation": "arch",
|
||
|
"timestamp": "1643379814",
|
||
|
"to_ids": false,
|
||
|
"type": "text",
|
||
|
"uuid": "6a2bb75a-9393-4b20-b71d-4c3109b7e6d3",
|
||
|
"value": "x86_64"
|
||
|
},
|
||
|
{
|
||
|
"category": "Other",
|
||
|
"comment": "",
|
||
|
"deleted": false,
|
||
|
"disable_correlation": true,
|
||
|
"object_relation": "os_abi",
|
||
|
"timestamp": "1643379814",
|
||
|
"to_ids": false,
|
||
|
"type": "text",
|
||
|
"uuid": "acf49386-9bc2-4471-8b61-f7d08855991f",
|
||
|
"value": "LINUX"
|
||
|
},
|
||
|
{
|
||
|
"category": "Other",
|
||
|
"comment": "",
|
||
|
"deleted": false,
|
||
|
"disable_correlation": true,
|
||
|
"object_relation": "number-sections",
|
||
|
"timestamp": "1643379814",
|
||
|
"to_ids": false,
|
||
|
"type": "counter",
|
||
|
"uuid": "4bbf4e67-f38c-47ca-937e-0f64bbd35168",
|
||
|
"value": "36"
|
||
|
}
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"comment": "",
|
||
|
"deleted": false,
|
||
|
"description": "File object describing a file with meta-information",
|
||
|
"meta-category": "file",
|
||
|
"name": "file",
|
||
|
"template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215",
|
||
|
"template_version": "20",
|
||
|
"timestamp": "1643379815",
|
||
|
"uuid": "ecac3d0b-9083-48ec-b768-6c4931bda03f",
|
||
|
"ObjectReference": [
|
||
|
{
|
||
|
"comment": "ELF indicators",
|
||
|
"object_uuid": "ecac3d0b-9083-48ec-b768-6c4931bda03f",
|
||
|
"referenced_uuid": "ddf191cd-db3c-4917-bbc6-be5278589bd5",
|
||
|
"relationship_type": "includes",
|
||
|
"timestamp": "1643379815",
|
||
|
"uuid": "05e97263-ab5c-441c-8405-84e75856f40d"
|
||
|
}
|
||
|
],
|
||
|
"Attribute": [
|
||
|
{
|
||
|
"category": "Payload delivery",
|
||
|
"comment": "",
|
||
|
"deleted": false,
|
||
|
"disable_correlation": true,
|
||
|
"object_relation": "filename",
|
||
|
"timestamp": "1643379814",
|
||
|
"to_ids": true,
|
||
|
"type": "filename",
|
||
|
"uuid": "45f393fb-51b2-4db0-81ed-c1054eef30e1",
|
||
|
"value": "40ea141f04339799df7f98732e7f3c6b4591b86d0e3a924dff22c40304995e4f"
|
||
|
},
|
||
|
{
|
||
|
"category": "Other",
|
||
|
"comment": "",
|
||
|
"deleted": false,
|
||
|
"disable_correlation": true,
|
||
|
"object_relation": "size-in-bytes",
|
||
|
"timestamp": "1643379814",
|
||
|
"to_ids": false,
|
||
|
"type": "size-in-bytes",
|
||
|
"uuid": "7c4f87e1-4a20-4fd6-b60a-a60b0344e086",
|
||
|
"value": "1182192"
|
||
|
},
|
||
|
{
|
||
|
"category": "Other",
|
||
|
"comment": "",
|
||
|
"deleted": false,
|
||
|
"disable_correlation": true,
|
||
|
"object_relation": "entropy",
|
||
|
"timestamp": "1643379814",
|
||
|
"to_ids": false,
|
||
|
"type": "float",
|
||
|
"uuid": "4ea7475f-3c3a-4fd6-a7b6-519dcca955ae",
|
||
|
"value": "6.1469332699331"
|
||
|
},
|
||
|
{
|
||
|
"category": "Payload delivery",
|
||
|
"comment": "",
|
||
|
"deleted": false,
|
||
|
"disable_correlation": false,
|
||
|
"object_relation": "md5",
|
||
|
"timestamp": "1643379814",
|
||
|
"to_ids": true,
|
||
|
"type": "md5",
|
||
|
"uuid": "25ad1655-78ac-4431-a4f8-012985316054",
|
||
|
"value": "8392208ccce589326e3c72b6a80cfd1d"
|
||
|
},
|
||
|
{
|
||
|
"category": "Payload delivery",
|
||
|
"comment": "",
|
||
|
"deleted": false,
|
||
|
"disable_correlation": false,
|
||
|
"object_relation": "sha1",
|
||
|
"timestamp": "1643379814",
|
||
|
"to_ids": true,
|
||
|
"type": "sha1",
|
||
|
"uuid": "00c617e1-c910-4ba9-b6f0-da6c989a3db7",
|
||
|
"value": "d532edd89facd147c341a81cb1b8c363c73eb0ae"
|
||
|
},
|
||
|
{
|
||
|
"category": "Payload delivery",
|
||
|
"comment": "",
|
||
|
"deleted": false,
|
||
|
"disable_correlation": false,
|
||
|
"object_relation": "sha256",
|
||
|
"timestamp": "1643379814",
|
||
|
"to_ids": true,
|
||
|
"type": "sha256",
|
||
|
"uuid": "f51b1d40-942c-4fb3-a11d-90bce9b26905",
|
||
|
"value": "40ea141f04339799df7f98732e7f3c6b4591b86d0e3a924dff22c40304995e4f"
|
||
|
},
|
||
|
{
|
||
|
"category": "Payload delivery",
|
||
|
"comment": "",
|
||
|
"deleted": false,
|
||
|
"disable_correlation": false,
|
||
|
"object_relation": "sha512",
|
||
|
"timestamp": "1643379814",
|
||
|
"to_ids": true,
|
||
|
"type": "sha512",
|
||
|
"uuid": "21d522f5-6cfa-41f9-bf11-7ffd122ef0d8",
|
||
|
"value": "c9cb45f1ef8feb8be6f9d458a1c94a65fc075435c4c312750fb1ba9180095ebe7dfb5a020130d249f00fa59172eea546ccdb0d4737545a36f3bc3b29f47ddb4f"
|
||
|
},
|
||
|
{
|
||
|
"category": "Payload delivery",
|
||
|
"comment": "",
|
||
|
"data": "UEsDBBQACQAIAPFyPFQgbKj1YTMHAPAJEgAgABwAODM5MjIwOGNjY2U1ODkzMjZlM2M3MmI2YTgwY2ZkMWRVVAkAA2b882Fm/PNhdXgLAAEEIQAAAAQhAAAAASNSs+FUfQPfc7hv4705dIOp/l9v7opV/KDM0hleSy/LH6sUIDEUPfCLTOVByvJEB24EKQeSRTBrlv9F6AHPjFERFxdiYYc9D2PtsMxSWIwk4s+QWAJSru2FU3nhacFSKeMtdYAZFU3Zq62qj8LDpbtkJDtS2XyRmFXzf6zRWjFx1m+kleWJUnwunUlM5zDdLD00BaGVHgnUfL6vXCIeKs+7Q51tVIWkx8ldwe64lK6eB2yW3iQzSfLWpJK+yvVQLonpCAM8DJuByggQ1Atio2cehqpLG41mIdZ4Vo3cWNgv2j/0yvX24SJVIffShjeXN/7qIRmq7vtowSfsbkE7kyF44CRHiVe4zZO0jd4s9fFgpmaphnruLl/umtpNkfH4XlFhdvyicX2hoiv7QKsM1KLnXzveVVJ9EBrxAFgwOeAgJ4uChC1SlyrjoZyaH2C8f8tvtjvjKWgjVZ3XTU2GhROlh75gFaa7guiLKFVPeleFKvweh0tRslCgztdvb8ONOPfvNQXmQyR2VXY6i/WjzeUCKyd05ZdnBtMyvP3VnfAeUQCIaYwxVDEKS1897h7XTkk6kyN4kaikelCoGyxmkfCnBt36RfiPd5nX0lGSRHyBpMckAllSeg4iKK3MwqTLrpMWA7umEy04DvdhxwyNuiIalkGmX9w7EoQvPbEhumgfWHXO3C6t8wa1AWEIE5a2+gPk8ozGI8ChcdMekcuH0fm3TxGxrcuJaBYqgXwIHEHm0LLwIcaX9rJDi6rNFTa0JacaiTgT+6VKSQFVKxcR5rm7b+KHKZ63F/pacIDBGgdstHjb8xu7Oj4Hvsz68Uyy17VDRNKhiA77Z0T8hpOyJ18ecoLWfgCTHQbvls4fQCIyAL2d7oOIg+hvqXR9pQuDCsqgzcEwT6mFS/jDx31+clGFNXYXmHk+NsZVwq/dXDjuiTNlNL4L+03F7eREmB8a0dpM6LmUuany1SlaLtrLnfVVhH1GgOv3bLhfINqQDYoiO1McwHqspHobSQciB5u8hHx9xmeFL5KbjKYnCBzWsJ7To2f19i2jY4Jq9R5v0I1sHidW2PWdwdLVm2kdMXRhAW6XnEDG7wG7diZXS5ZyM5cTk4qgjh8obRlFu2CkgJDM2fN8xCDGgKmqNdVC17a2SGYhh5s2Nx4YiVFdOhx6aF4uU93bPV6ekH4L8dT7eeEc8LOFsppKGi86GIBqAfmfNBRKST7PUlOMiox+oLepyumcD/U+kqYtrxPdFXQf/jNQO+u9p3ndOA33Zoj5C4IHAmcPbb7T8PyCqxsS2aKgY7DO4oBEbI1wWw/S8ypaIWyxbWTYOg9+8JVF0YxOhNdY6YqnpQHX6QMpuVYPh6jmH5U7S3Q3AjclbjBn7dhdQqGfs8bApM9uCowcENR1i0qdk6zc6s8lOu/SmChnKC7tH6NsznS4YLSZ/wt05GS6dcrfqrb18Km+6x03L+uE5Au30mriRid9/YLzOgEGUOpU6Wkb89u/WT6r7D1uihVrQ5/wUskFv7q8rAGtXSeKP82+UrInfHsQ/DzBdWRoDkB62+B8BaBu7zoZY6+td451smBwVEb+sZ34w0kmIDFc+ChRGB6SookqMNebKgXnXNdTHu2dCci8xJHJr8jClwT5ayrH7npNdn1Lqa3cXDzFYDV1s7unV/dUrG+1KXGmFPG2QM87npONvjES2g44jya75ur9FIxgFV4TNQz8+FANQ2eGC/ZiIpEkA8+pTp/E+KkCSJtAPcIZ68NypBG+HaTniCnOFitTUJp8lURsRmNSUVu3VhxIDRhFse3oumOg+SFWtYbc9aeKptE1fJzo0Yp9q2Lw78Snmodkf4d3OMWOH0a5gcqwoGrInX2QIbCOaQUbUEO0dCzRJbdMSXAluIimkjVX4qonxhXkbYCgGkwl/CoyVl7XNywqX/GT086ilQGVU0XX8VhosyrtM3K6ofTv0kAqyFuvdaQmkXi6dj2fIsxvAj3B2UfydfKjrP0kHn9cYnWjDFvvbLL5PkJi5Aujf6wZUyncDBe+/g24wu61k4Px6uZ4tHL2HrGsUIwSvkSoGQeEFJoFub2weFWXZP3SEDPTfgYAxw8pgocJx49Sa09XZl3NB7AkIDJoHAkPT4DtEHakq1ia23xyWZ0jWp9E94isTIWxZ1Gh2iduZ8x0ZzIW6KgJuYQI57XjkB8JhU6SnqMIkczM/0E92Gp8RCfxdsSn2UUjBe236MVZt5MZyoHAHKAm6/iad/HoD9wTUFmPO9CEi2rwqbyk1V+kW8V21DOot54H4ab4ucZq/eXWg/2S3cIp5ZMRkHE+ANAUNmS5WMqcjHTwhr5HqkE50ISqtkN38PVksG1kBW3dZpWuo4KdS+KBpI4fu3oN/Y0wBIg+XmxmVTFXV3tqYXC9fdrPA4wj4tgCRUC+KkTLkbmmuZnNqUqbi9PzPFHk1IhfNhfZUg//Arl7rfqz9G61dS1k6vTprOdZiGqjrWxbBv7gmJoSiZoa+rUqlEcH7siFOgqBTuGUmPTmvMzBqkIz3QXuz/hRzlfwa2xKo4iLhugMtf5DebwKt8Plubo+j8iFr+GQVPvYSvbCP5db0bxh3iIZUhEwIAYSzF7ngOTK4ZakWJVsnYZGvUubQR+fJIHZ9+nJUVkyeTq/Jgyj+p7Uuk7QncD+lBl0ut4KcGaP5j4TjeYimc06+m898NqtaB6TJb/sFfNAt8P8Rcs8MuYoE6ghL8r5s7ubMBJfAQsGvbWnxNzXi4zwV90IO/C1RNTBSz+4eaN6O19PedyGQJpvAdHXnyL1FaDoYEmvECkEzGolf0rn39eND5F+BcRxI/GPq3/8Je1lXkTTwa7d/361t/8IOmNcd6wHLq2MRh36rYNuHKbB1YM+2togikOA/a3ER1b2eVO/dIZB90Jm122QD5TSqJr6tZELcPuKHQoZ5kK48Sy24twfJvjoPpO6bolVCn9K9Hq8zUCod8jkwMIH63Le0P8y8lxhQlLg+rNwtjA/v851qSUP/RJSivlITsOTMR8TFrbMVH/pEtUSESZ1TyjIazFgPfcmU8qRQiV2eHkgjgUtQdAuPPvLGGhsvXQnnZoap4kgsiKpM2no3VR/cvRNghf9ZqlI5gptPQvm8VGgNEOF+aDMlJA4fU/BYiexeNGzm6lo44++DB6V9icivVLVXnX/TgTp3pEjXK8jeimCxHBNYW7EecFEKInzg628xIa2+jbo1sc7WyBvawyxehXVSVFLO9zXyAqRlKsOfMngVkH56Bu08I5J/mka3N/K1J9xg8r7FHjqq7hxQUyTPTilGm418z+dmyMaDG4ydmlwtCTDm+/xAIftbqsABlpWWYYr1e+OAzjXRouF3vzHp2IIcXppKVMSAI/1Dip/N17mB/2mQ6LzQq31F5yF+9DG8Cvm04bAcOmd6rAg+iv6JVNuA3aMHms5wsNVG7DLrQ79n+4moD0mzLMdnN5LyEHlGGVKyhcYwg3w5BULmfsVKvUr+pwAUx6fca7P7RGby7KbcnFfZ5V4Ne0MvGR8SKy7Qnp0Lo02ZuvIfoysJgz0q16db2CtdiWJm7THvX89Nm8U4NhSLKeYVrboDtqP3rTb8bbGBpbLtlMzdZi5Qxk3tgGqFzTiXSL+9UVAbS7WrvOb5vMbfErLzdeZ30/16GEBbtPiGqdPrW7OwLG/oZc20pHS4mAh43tN/dN8PrrxWthtgO+gsSiAnUlOGZXoucKtama5ZdZOfA44ZimN6Tthw5Oy1wL6a9jWKUEU44+PvoTqsDQFkRlUc+tswhOqkT6nq101dxygC7+9jvrsfyCSFJZePL1OISsYy3Kc3X9UAyOzVwSBw8DcC3YMIjvsgDVWR0ukhtarpVik+fh5zJwPP7iiDbC5IDq2Xt8QNhDwiCz9pNi05PArjoMIjXcjxeydG7JwzhouzzeVIWjYbNS1Kca1ZhMnZrYoLv
|
||
|
"deleted": false,
|
||
|
"disable_correlation": false,
|
||
|
"object_relation": "malware-sample",
|
||
|
"timestamp": "1643379814",
|
||
|
"to_ids": true,
|
||
|
"type": "malware-sample",
|
||
|
"uuid": "c58edada-e7ee-4fa0-be50-f18f59390e2d",
|
||
|
"value": "40ea141f04339799df7f98732e7f3c6b4591b86d0e3a924dff22c40304995e4f|8392208ccce589326e3c72b6a80cfd1d"
|
||
|
},
|
||
|
{
|
||
|
"category": "Artifacts dropped",
|
||
|
"comment": "",
|
||
|
"deleted": false,
|
||
|
"disable_correlation": true,
|
||
|
"object_relation": "mimetype",
|
||
|
"timestamp": "1643379815",
|
||
|
"to_ids": false,
|
||
|
"type": "mime-type",
|
||
|
"uuid": "4460bd3a-8527-48d6-b35c-601ed4426896",
|
||
|
"value": "ELF 64-bit LSB executable, x86-64, version 1 (GNU/Linux)"
|
||
|
},
|
||
|
{
|
||
|
"category": "Payload delivery",
|
||
|
"comment": "",
|
||
|
"deleted": false,
|
||
|
"disable_correlation": false,
|
||
|
"object_relation": "ssdeep",
|
||
|
"timestamp": "1643379815",
|
||
|
"to_ids": true,
|
||
|
"type": "ssdeep",
|
||
|
"uuid": "0277121a-ede8-431a-8f36-df5e62ec8f42",
|
||
|
"value": "12288:9UkkhE6pENVm/jwzAtRfYjz09InxIkLkByyyAI05AmRUAmxVSpVWq5ko3VlQQIM:2km/jwzAt5koInxIb6mRXm47F3Vl3"
|
||
|
}
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"comment": "",
|
||
|
"deleted": false,
|
||
|
"description": "A domain/hostname and IP address seen as a tuple in a specific time frame.",
|
||
|
"meta-category": "network",
|
||
|
"name": "domain-ip",
|
||
|
"template_uuid": "43b3b146-77eb-4931-b4cc-b66c60f28734",
|
||
|
"template_version": "10",
|
||
|
"timestamp": "1643379935",
|
||
|
"uuid": "f59db50e-b725-48ea-85bd-90baee6779ba",
|
||
|
"Attribute": [
|
||
|
{
|
||
|
"category": "Network activity",
|
||
|
"comment": "",
|
||
|
"deleted": false,
|
||
|
"disable_correlation": false,
|
||
|
"object_relation": "domain",
|
||
|
"timestamp": "1643379935",
|
||
|
"to_ids": true,
|
||
|
"type": "domain",
|
||
|
"uuid": "4a324076-2810-4ec7-bc4f-1f7156857c9e",
|
||
|
"value": "teknowmuzical.top"
|
||
|
},
|
||
|
{
|
||
|
"category": "Network activity",
|
||
|
"comment": "",
|
||
|
"deleted": false,
|
||
|
"disable_correlation": false,
|
||
|
"object_relation": "ip",
|
||
|
"timestamp": "1643379935",
|
||
|
"to_ids": true,
|
||
|
"type": "ip-dst",
|
||
|
"uuid": "5b74c403-5c90-44c1-88b5-c2d54e8de62c",
|
||
|
"value": "37.49.229.172"
|
||
|
}
|
||
|
]
|
||
|
}
|
||
|
]
|
||
|
}
|
||
|
}
|