2514 lines
89 KiB
JSON
2514 lines
89 KiB
JSON
|
{
|
||
|
"Event": {
|
||
|
"analysis": "2",
|
||
|
"date": "2021-01-04",
|
||
|
"extends_uuid": "",
|
||
|
"info": "OSINT - Egregor RaaS Continues the Chaos with Cobalt Strike and Rclone",
|
||
|
"publish_timestamp": "1609779796",
|
||
|
"published": true,
|
||
|
"threat_level_id": "2",
|
||
|
"timestamp": "1609779788",
|
||
|
"uuid": "f42c106c-df01-47f3-bc36-16072ad63856",
|
||
|
"Orgc": {
|
||
|
"name": "CIRCL",
|
||
|
"uuid": "55f6ea5e-2c60-40e5-964f-47a8950d210f"
|
||
|
},
|
||
|
"Tag": [
|
||
|
{
|
||
|
"colour": "#0088cc",
|
||
|
"name": "misp-galaxy:ransomware=\"Egregor\""
|
||
|
},
|
||
|
{
|
||
|
"colour": "#004646",
|
||
|
"name": "type:OSINT"
|
||
|
},
|
||
|
{
|
||
|
"colour": "#0071c3",
|
||
|
"name": "osint:lifetime=\"perpetual\""
|
||
|
},
|
||
|
{
|
||
|
"colour": "#ffffff",
|
||
|
"name": "tlp:white"
|
||
|
}
|
||
|
],
|
||
|
"Attribute": [
|
||
|
{
|
||
|
"category": "Network activity",
|
||
|
"comment": "",
|
||
|
"deleted": false,
|
||
|
"disable_correlation": false,
|
||
|
"timestamp": "1609779321",
|
||
|
"to_ids": true,
|
||
|
"type": "ip-dst",
|
||
|
"uuid": "74cad156-91d4-4974-b45f-7dbeb17136da",
|
||
|
"value": "45.153.242.129"
|
||
|
},
|
||
|
{
|
||
|
"category": "Network activity",
|
||
|
"comment": "",
|
||
|
"deleted": false,
|
||
|
"disable_correlation": false,
|
||
|
"timestamp": "1609779321",
|
||
|
"to_ids": true,
|
||
|
"type": "ip-dst",
|
||
|
"uuid": "ce22c70e-aed4-477b-89e9-c3c934680be5",
|
||
|
"value": "217.8.117.148"
|
||
|
},
|
||
|
{
|
||
|
"category": "Network activity",
|
||
|
"comment": "",
|
||
|
"deleted": false,
|
||
|
"disable_correlation": false,
|
||
|
"timestamp": "1609779321",
|
||
|
"to_ids": true,
|
||
|
"type": "ip-dst",
|
||
|
"uuid": "c10872fb-d88c-4fd9-a771-56df55a78bff",
|
||
|
"value": "45.11.19.70"
|
||
|
},
|
||
|
{
|
||
|
"category": "Network activity",
|
||
|
"comment": "On port 81",
|
||
|
"deleted": false,
|
||
|
"disable_correlation": false,
|
||
|
"timestamp": "1609779321",
|
||
|
"to_ids": true,
|
||
|
"type": "ip-dst|port",
|
||
|
"uuid": "ef97aee5-b10e-44fa-ae8e-8b0a3d19fa07",
|
||
|
"value": "49.12.104.241|81"
|
||
|
},
|
||
|
{
|
||
|
"category": "Network activity",
|
||
|
"comment": "",
|
||
|
"deleted": false,
|
||
|
"disable_correlation": false,
|
||
|
"timestamp": "1609779321",
|
||
|
"to_ids": true,
|
||
|
"type": "ip-dst",
|
||
|
"uuid": "4dd3eeeb-40cf-42c5-83f0-442b5cd71412",
|
||
|
"value": "185.238.0.233"
|
||
|
},
|
||
|
{
|
||
|
"category": "Payload delivery",
|
||
|
"comment": "",
|
||
|
"deleted": false,
|
||
|
"disable_correlation": false,
|
||
|
"timestamp": "1609779346",
|
||
|
"to_ids": true,
|
||
|
"type": "sha256",
|
||
|
"uuid": "97983cdb-aa74-4026-80d9-72b93ef80cd2",
|
||
|
"value": "8483aaf9e1fa5b46486c9f2a14c688c30d2006e88de65d0295a57892de0bf4c9"
|
||
|
},
|
||
|
{
|
||
|
"category": "Payload delivery",
|
||
|
"comment": "",
|
||
|
"deleted": false,
|
||
|
"disable_correlation": false,
|
||
|
"timestamp": "1609779346",
|
||
|
"to_ids": true,
|
||
|
"type": "sha256",
|
||
|
"uuid": "8887629b-f7cb-4078-b0c0-4db1e158bfe1",
|
||
|
"value": "3fd510a3b2e0b0802d57cd5b1cac1e61797d50a08b87d9b5243becd9e2f7073f"
|
||
|
},
|
||
|
{
|
||
|
"category": "Payload delivery",
|
||
|
"comment": "",
|
||
|
"deleted": false,
|
||
|
"disable_correlation": false,
|
||
|
"timestamp": "1609779346",
|
||
|
"to_ids": true,
|
||
|
"type": "sha256",
|
||
|
"uuid": "0001119d-bf8f-4b18-bc94-0551defeee01",
|
||
|
"value": "2b3518937fd231560c7dc4f5af672a033b1c810d7f2f82c8151c025ce75775bf"
|
||
|
},
|
||
|
{
|
||
|
"category": "Payload delivery",
|
||
|
"comment": "",
|
||
|
"deleted": false,
|
||
|
"disable_correlation": false,
|
||
|
"timestamp": "1609779346",
|
||
|
"to_ids": true,
|
||
|
"type": "sha256",
|
||
|
"uuid": "86fd6c5f-646f-456c-98f2-443650a75cbe",
|
||
|
"value": "444a6897058fd4965770167b15a2ab13e6fd559a3e6f6cf5565d4d3282587459"
|
||
|
},
|
||
|
{
|
||
|
"category": "Payload delivery",
|
||
|
"comment": "",
|
||
|
"deleted": false,
|
||
|
"disable_correlation": false,
|
||
|
"timestamp": "1609779346",
|
||
|
"to_ids": true,
|
||
|
"type": "sha256",
|
||
|
"uuid": "d12dbf66-cb05-44b1-bca5-6802702927d9",
|
||
|
"value": "c3c50adcc0a5cd2b39677f17fb5f2efca52cc4e47ccd2cdbbf38815d426be9e1"
|
||
|
},
|
||
|
{
|
||
|
"category": "Payload delivery",
|
||
|
"comment": "",
|
||
|
"deleted": false,
|
||
|
"disable_correlation": false,
|
||
|
"timestamp": "1609779346",
|
||
|
"to_ids": true,
|
||
|
"type": "sha256",
|
||
|
"uuid": "85bd8fad-1b6c-4866-81e5-0eec1fc1fa73",
|
||
|
"value": "004a2dc3ec7b98fa7fe6ae9c23a8b051ec30bcfcd2bc387c440c07ff5180fe9a"
|
||
|
},
|
||
|
{
|
||
|
"category": "Payload delivery",
|
||
|
"comment": "",
|
||
|
"deleted": false,
|
||
|
"disable_correlation": false,
|
||
|
"timestamp": "1609779346",
|
||
|
"to_ids": true,
|
||
|
"type": "sha256",
|
||
|
"uuid": "b750e368-8934-4a0c-bbb0-5b4f6a93ab30",
|
||
|
"value": "608b5bf065f25cd1c6ac145e3bcdf0b1b6dc742a08e59ec0ce136fe5142774e9"
|
||
|
},
|
||
|
{
|
||
|
"category": "Payload delivery",
|
||
|
"comment": "",
|
||
|
"deleted": false,
|
||
|
"disable_correlation": false,
|
||
|
"timestamp": "1609779346",
|
||
|
"to_ids": true,
|
||
|
"type": "sha256",
|
||
|
"uuid": "f3290617-afee-4fcf-962a-68de76943435",
|
||
|
"value": "3e5a6834cf6192a987ca9b0b4c8cb9202660e399ebe387af8c7407b12ae2da63"
|
||
|
},
|
||
|
{
|
||
|
"category": "Payload delivery",
|
||
|
"comment": "",
|
||
|
"deleted": false,
|
||
|
"disable_correlation": false,
|
||
|
"timestamp": "1609779346",
|
||
|
"to_ids": true,
|
||
|
"type": "sha256",
|
||
|
"uuid": "729ab1fc-b1a7-46db-93ae-3bce6e19fe7c",
|
||
|
"value": "4ea8b8c37cfb02ccdba95fe91c12fb68a2b7174fdcbee7ddaadded8ceb0fdf97"
|
||
|
},
|
||
|
{
|
||
|
"category": "Payload delivery",
|
||
|
"comment": "",
|
||
|
"deleted": false,
|
||
|
"disable_correlation": false,
|
||
|
"timestamp": "1609779346",
|
||
|
"to_ids": true,
|
||
|
"type": "sha256",
|
||
|
"uuid": "2e06bc1e-0b19-4ddd-8841-84f4e7c6a663",
|
||
|
"value": "9017c070ad6ac9ac52e361286b3ff24a315f721f488b53b7aaf6ac35de477f44"
|
||
|
},
|
||
|
{
|
||
|
"category": "Payload delivery",
|
||
|
"comment": "",
|
||
|
"deleted": false,
|
||
|
"disable_correlation": false,
|
||
|
"timestamp": "1609779346",
|
||
|
"to_ids": true,
|
||
|
"type": "sha256",
|
||
|
"uuid": "16f9c440-2d03-4db8-892d-5f1aef5295ca",
|
||
|
"value": "ee06c557f1acd5c4948b1df0413e49f3885f8ac96185a9d986b91a1231444541"
|
||
|
},
|
||
|
{
|
||
|
"category": "Payload delivery",
|
||
|
"comment": "",
|
||
|
"deleted": false,
|
||
|
"disable_correlation": false,
|
||
|
"timestamp": "1609779346",
|
||
|
"to_ids": true,
|
||
|
"type": "sha256",
|
||
|
"uuid": "ad87bbda-1151-4032-9c4b-33522697dd8e",
|
||
|
"value": "765327e1dc0888c69c92203d90037c5154db9787f54d3fc8f1097830be8c76ab"
|
||
|
},
|
||
|
{
|
||
|
"category": "Payload delivery",
|
||
|
"comment": "",
|
||
|
"deleted": false,
|
||
|
"disable_correlation": false,
|
||
|
"timestamp": "1609779346",
|
||
|
"to_ids": true,
|
||
|
"type": "sha256",
|
||
|
"uuid": "e6869c8c-a730-4dc9-8516-0fc6a5153563",
|
||
|
"value": "14e547bebaa738b8605ba4182c4379317d121e268f846c0ed3da171375e65fe4"
|
||
|
},
|
||
|
{
|
||
|
"category": "Payload delivery",
|
||
|
"comment": "",
|
||
|
"deleted": false,
|
||
|
"disable_correlation": false,
|
||
|
"timestamp": "1609779346",
|
||
|
"to_ids": true,
|
||
|
"type": "sha256",
|
||
|
"uuid": "5ab2b408-2c9a-42d1-8213-f4b5e20df9ee",
|
||
|
"value": "3fc382ae51ceca3ad6ef5880cdd2d89ef508f368911d3cd41c71a54453004c55"
|
||
|
},
|
||
|
{
|
||
|
"category": "Payload delivery",
|
||
|
"comment": "",
|
||
|
"deleted": false,
|
||
|
"disable_correlation": false,
|
||
|
"timestamp": "1609779346",
|
||
|
"to_ids": true,
|
||
|
"type": "sha256",
|
||
|
"uuid": "398b7b2a-ead6-4110-b27d-3b03a7b99327",
|
||
|
"value": "f0adfd3f89c9268953f93bfdfefb84432532a1e30542fee7bddda14dcb69a76c"
|
||
|
},
|
||
|
{
|
||
|
"category": "Payload delivery",
|
||
|
"comment": "",
|
||
|
"deleted": false,
|
||
|
"disable_correlation": false,
|
||
|
"timestamp": "1609779346",
|
||
|
"to_ids": true,
|
||
|
"type": "sha256",
|
||
|
"uuid": "b5737c7e-c8a6-4bb4-8ac0-d2599667c83e",
|
||
|
"value": "a9d483c0f021b72a94324562068d8164f8cce0aa8f779faea304669390775436"
|
||
|
},
|
||
|
{
|
||
|
"category": "Payload delivery",
|
||
|
"comment": "",
|
||
|
"deleted": false,
|
||
|
"disable_correlation": false,
|
||
|
"timestamp": "1609779346",
|
||
|
"to_ids": true,
|
||
|
"type": "sha256",
|
||
|
"uuid": "1e44deb7-a2ce-4888-9387-cadd1be2becd",
|
||
|
"value": "3aad14d200887119f316be71d71aec11735dd3698a4fcaa50902fce71bdccb07"
|
||
|
},
|
||
|
{
|
||
|
"category": "Payload delivery",
|
||
|
"comment": "",
|
||
|
"deleted": false,
|
||
|
"disable_correlation": false,
|
||
|
"timestamp": "1609779346",
|
||
|
"to_ids": true,
|
||
|
"type": "sha256",
|
||
|
"uuid": "7b24b7dc-2e80-4f03-b3de-eae1bf1613e9",
|
||
|
"value": "6ad7b3e0873c9ff122c32006fdc3675706a03c4778287085a020d839b74cd780"
|
||
|
},
|
||
|
{
|
||
|
"category": "Payload delivery",
|
||
|
"comment": "",
|
||
|
"deleted": false,
|
||
|
"disable_correlation": false,
|
||
|
"timestamp": "1609779346",
|
||
|
"to_ids": true,
|
||
|
"type": "sha256",
|
||
|
"uuid": "5d253cb8-2d35-4f37-b3b7-f49dca5e1c7a",
|
||
|
"value": "932778732711cd18d5c4aabc507a65180bf1d4bd2b7d2d4e5506be4b8193596e"
|
||
|
},
|
||
|
{
|
||
|
"category": "Network activity",
|
||
|
"comment": "",
|
||
|
"deleted": false,
|
||
|
"disable_correlation": false,
|
||
|
"timestamp": "1609779476",
|
||
|
"to_ids": true,
|
||
|
"type": "url",
|
||
|
"uuid": "92fade3e-4fc5-4b67-bc5d-3c72683e3910",
|
||
|
"value": "http://185.238.0.233/p.dll"
|
||
|
},
|
||
|
{
|
||
|
"category": "Network activity",
|
||
|
"comment": "",
|
||
|
"deleted": false,
|
||
|
"disable_correlation": false,
|
||
|
"timestamp": "1609779476",
|
||
|
"to_ids": true,
|
||
|
"type": "url",
|
||
|
"uuid": "78f388e0-1508-4821-95fb-7151f6a14ea0",
|
||
|
"value": "http://185.238.0.233/b.dll"
|
||
|
},
|
||
|
{
|
||
|
"category": "Network activity",
|
||
|
"comment": "",
|
||
|
"deleted": false,
|
||
|
"disable_correlation": false,
|
||
|
"timestamp": "1609779476",
|
||
|
"to_ids": true,
|
||
|
"type": "url",
|
||
|
"uuid": "c38a6e7b-93a2-40a3-9e75-9753ec9ef77e",
|
||
|
"value": "http://185.238.0.233/sed.dll"
|
||
|
},
|
||
|
{
|
||
|
"category": "Network activity",
|
||
|
"comment": "",
|
||
|
"deleted": false,
|
||
|
"disable_correlation": false,
|
||
|
"timestamp": "1609779476",
|
||
|
"to_ids": true,
|
||
|
"type": "url",
|
||
|
"uuid": "4ed9ae76-5fa1-4108-bf9a-a782051b2bd5",
|
||
|
"value": "http://185.238.0.233/hnt.dll"
|
||
|
},
|
||
|
{
|
||
|
"category": "Network activity",
|
||
|
"comment": "",
|
||
|
"deleted": false,
|
||
|
"disable_correlation": false,
|
||
|
"timestamp": "1609779476",
|
||
|
"to_ids": true,
|
||
|
"type": "url",
|
||
|
"uuid": "18f811ca-2711-4885-ac29-67e176a9a05a",
|
||
|
"value": "http://185.238.0.233/88/k057.exe"
|
||
|
},
|
||
|
{
|
||
|
"category": "Network activity",
|
||
|
"comment": "",
|
||
|
"deleted": false,
|
||
|
"disable_correlation": false,
|
||
|
"timestamp": "1609779476",
|
||
|
"to_ids": true,
|
||
|
"type": "url",
|
||
|
"uuid": "01e1230e-fbb8-424e-a362-604526bf2932",
|
||
|
"value": "http://185.238.0.233/newsvc.zip"
|
||
|
},
|
||
|
{
|
||
|
"category": "Network activity",
|
||
|
"comment": "",
|
||
|
"deleted": false,
|
||
|
"disable_correlation": false,
|
||
|
"timestamp": "1609779516",
|
||
|
"to_ids": false,
|
||
|
"type": "url",
|
||
|
"uuid": "0b2ac814-f902-4a9f-aa6a-546adc9359b1",
|
||
|
"value": "http://egregoranrmzapcv.onion"
|
||
|
},
|
||
|
{
|
||
|
"category": "Network activity",
|
||
|
"comment": "",
|
||
|
"deleted": false,
|
||
|
"disable_correlation": false,
|
||
|
"timestamp": "1609779516",
|
||
|
"to_ids": false,
|
||
|
"type": "url",
|
||
|
"uuid": "89476747-0a89-4792-a4a3-e0f76594d982",
|
||
|
"value": "https://egregornews.com/"
|
||
|
},
|
||
|
{
|
||
|
"category": "Network activity",
|
||
|
"comment": "Payment Portal",
|
||
|
"deleted": false,
|
||
|
"disable_correlation": false,
|
||
|
"timestamp": "1609779543",
|
||
|
"to_ids": false,
|
||
|
"type": "url",
|
||
|
"uuid": "cb99b28c-e340-43f6-8a41-7a8bc4697fcf",
|
||
|
"value": "http://egregor4u5ipdzhv.onion/"
|
||
|
},
|
||
|
{
|
||
|
"category": "External analysis",
|
||
|
"comment": "",
|
||
|
"deleted": false,
|
||
|
"disable_correlation": false,
|
||
|
"timestamp": "1609779788",
|
||
|
"to_ids": false,
|
||
|
"type": "link",
|
||
|
"uuid": "5770293d-dd1b-4b28-8d80-f87293a78227",
|
||
|
"value": "https://labs.sentinelone.com/egregor-raas-continues-the-chaos-with-cobalt-strike-and-rclone/"
|
||
|
}
|
||
|
],
|
||
|
"Object": [
|
||
|
{
|
||
|
"comment": "",
|
||
|
"deleted": false,
|
||
|
"description": "File object describing a file with meta-information",
|
||
|
"meta-category": "file",
|
||
|
"name": "file",
|
||
|
"template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215",
|
||
|
"template_version": "22",
|
||
|
"timestamp": "1609779405",
|
||
|
"uuid": "cea95fda-2dd9-4676-8768-f558f0d39e71",
|
||
|
"ObjectReference": [
|
||
|
{
|
||
|
"comment": "",
|
||
|
"object_uuid": "cea95fda-2dd9-4676-8768-f558f0d39e71",
|
||
|
"referenced_uuid": "0b89ad43-fe0f-4a0f-817b-b15a00b1a5a0",
|
||
|
"relationship_type": "analysed-with",
|
||
|
"timestamp": "0",
|
||
|
"uuid": "93ba08c4-6cfc-4f30-ac01-63da189ae130"
|
||
|
}
|
||
|
],
|
||
|
"Attribute": [
|
||
|
{
|
||
|
"category": "Payload delivery",
|
||
|
"comment": "",
|
||
|
"deleted": false,
|
||
|
"disable_correlation": false,
|
||
|
"object_relation": "md5",
|
||
|
"timestamp": "1609779346",
|
||
|
"to_ids": true,
|
||
|
"type": "md5",
|
||
|
"uuid": "5b846bb8-2178-470b-88bf-fadc957edb29",
|
||
|
"value": "6f600974c45eec97016c1259e769a4ef"
|
||
|
},
|
||
|
{
|
||
|
"category": "Payload delivery",
|
||
|
"comment": "",
|
||
|
"deleted": false,
|
||
|
"disable_correlation": false,
|
||
|
"object_relation": "sha1",
|
||
|
"timestamp": "1609779346",
|
||
|
"to_ids": true,
|
||
|
"type": "sha1",
|
||
|
"uuid": "4866f898-8fa4-494c-911e-c9fb664f25fb",
|
||
|
"value": "56eed20ea731d28d621723130518ac00bf50170d"
|
||
|
},
|
||
|
{
|
||
|
"category": "Payload delivery",
|
||
|
"comment": "",
|
||
|
"deleted": false,
|
||
|
"disable_correlation": false,
|
||
|
"object_relation": "sha256",
|
||
|
"timestamp": "1609779346",
|
||
|
"to_ids": true,
|
||
|
"type": "sha256",
|
||
|
"uuid": "126c3939-9b85-435b-a326-5dad4dd139b8",
|
||
|
"value": "9017c070ad6ac9ac52e361286b3ff24a315f721f488b53b7aaf6ac35de477f44"
|
||
|
}
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"comment": "",
|
||
|
"deleted": false,
|
||
|
"description": "VirusTotal report",
|
||
|
"meta-category": "misc",
|
||
|
"name": "virustotal-report",
|
||
|
"template_uuid": "d7dd0154-e04f-4c34-a2fb-79f3a3a52aa4",
|
||
|
"template_version": "3",
|
||
|
"timestamp": "1609779405",
|
||
|
"uuid": "0b89ad43-fe0f-4a0f-817b-b15a00b1a5a0",
|
||
|
"Attribute": [
|
||
|
{
|
||
|
"category": "Other",
|
||
|
"comment": "",
|
||
|
"deleted": false,
|
||
|
"disable_correlation": false,
|
||
|
"object_relation": "last-submission",
|
||
|
"timestamp": "1609779346",
|
||
|
"to_ids": false,
|
||
|
"type": "datetime",
|
||
|
"uuid": "68dc4419-0558-4181-aac0-33425fea6cb1",
|
||
|
"value": "2020-12-10T13:44:49+00:00"
|
||
|
},
|
||
|
{
|
||
|
"category": "Payload delivery",
|
||
|
"comment": "",
|
||
|
"deleted": false,
|
||
|
"disable_correlation": false,
|
||
|
"object_relation": "permalink",
|
||
|
"timestamp": "1609779346",
|
||
|
"to_ids": false,
|
||
|
"type": "link",
|
||
|
"uuid": "a97d258a-9e81-4c9e-9659-07d83003b101",
|
||
|
"value": "https://www.virustotal.com/gui/file/9017c070ad6ac9ac52e361286b3ff24a315f721f488b53b7aaf6ac35de477f44/detection/f-9017c070ad6ac9ac52e361286b3ff24a315f721f488b53b7aaf6ac35de477f44-1607607889"
|
||
|
},
|
||
|
{
|
||
|
"category": "Payload delivery",
|
||
|
"comment": "",
|
||
|
"deleted": false,
|
||
|
"disable_correlation": true,
|
||
|
"object_relation": "detection-ratio",
|
||
|
"timestamp": "1609779346",
|
||
|
"to_ids": false,
|
||
|
"type": "text",
|
||
|
"uuid": "69c54bcd-2fac-4b08-947d-f1880226c469",
|
||
|
"value": "59/70"
|
||
|
}
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"comment": "",
|
||
|
"deleted": false,
|
||
|
"description": "File object describing a file with meta-information",
|
||
|
"meta-category": "file",
|
||
|
"name": "file",
|
||
|
"template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215",
|
||
|
"template_version": "22",
|
||
|
"timestamp": "1609779405",
|
||
|
"uuid": "6417c999-3922-4576-9d5e-b4ae50bbb0bf",
|
||
|
"ObjectReference": [
|
||
|
{
|
||
|
"comment": "",
|
||
|
"object_uuid": "6417c999-3922-4576-9d5e-b4ae50bbb0bf",
|
||
|
"referenced_uuid": "f1901695-8474-4b6a-b9fd-b373c4244b0c",
|
||
|
"relationship_type": "analysed-with",
|
||
|
"timestamp": "0",
|
||
|
"uuid": "6cc7d32b-b196-44f6-b149-0dc0d3c52c54"
|
||
|
}
|
||
|
],
|
||
|
"Attribute": [
|
||
|
{
|
||
|
"category": "Payload delivery",
|
||
|
"comment": "",
|
||
|
"deleted": false,
|
||
|
"disable_correlation": false,
|
||
|
"object_relation": "md5",
|
||
|
"timestamp": "1609779346",
|
||
|
"to_ids": true,
|
||
|
"type": "md5",
|
||
|
"uuid": "cb95672b-bc61-4040-a6da-f1a6ac737ce4",
|
||
|
"value": "666f8d920f85f9afffcf0865a98efe69"
|
||
|
},
|
||
|
{
|
||
|
"category": "Payload delivery",
|
||
|
"comment": "",
|
||
|
"deleted": false,
|
||
|
"disable_correlation": false,
|
||
|
"object_relation": "sha1",
|
||
|
"timestamp": "1609779346",
|
||
|
"to_ids": true,
|
||
|
"type": "sha1",
|
||
|
"uuid": "050158a4-455d-4924-b0ce-c79d7c533fee",
|
||
|
"value": "50c3b800294f7ee4bde577d99f2118fc1c4ba3b9"
|
||
|
},
|
||
|
{
|
||
|
"category": "Payload delivery",
|
||
|
"comment": "",
|
||
|
"deleted": false,
|
||
|
"disable_correlation": false,
|
||
|
"object_relation": "sha256",
|
||
|
"timestamp": "1609779346",
|
||
|
"to_ids": true,
|
||
|
"type": "sha256",
|
||
|
"uuid": "adb1ea6c-dbb6-4233-bdac-60b38cf60155",
|
||
|
"value": "a9d483c0f021b72a94324562068d8164f8cce0aa8f779faea304669390775436"
|
||
|
}
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"comment": "",
|
||
|
"deleted": false,
|
||
|
"description": "VirusTotal report",
|
||
|
"meta-category": "misc",
|
||
|
"name": "virustotal-report",
|
||
|
"template_uuid": "d7dd0154-e04f-4c34-a2fb-79f3a3a52aa4",
|
||
|
"template_version": "3",
|
||
|
"timestamp": "1609779405",
|
||
|
"uuid": "f1901695-8474-4b6a-b9fd-b373c4244b0c",
|
||
|
"Attribute": [
|
||
|
{
|
||
|
"category": "Other",
|
||
|
"comment": "",
|
||
|
"deleted": false,
|
||
|
"disable_correlation": false,
|
||
|
"object_relation": "last-submission",
|
||
|
"timestamp": "1609779346",
|
||
|
"to_ids": false,
|
||
|
"type": "datetime",
|
||
|
"uuid": "0ed85fbd-cdd8-46d4-87f7-3dfb7e70a3a6",
|
||
|
"value": "2021-01-01T01:23:15+00:00"
|
||
|
},
|
||
|
{
|
||
|
"category": "Payload delivery",
|
||
|
"comment": "",
|
||
|
"deleted": false,
|
||
|
"disable_correlation": false,
|
||
|
"object_relation": "permalink",
|
||
|
"timestamp": "1609779346",
|
||
|
"to_ids": false,
|
||
|
"type": "link",
|
||
|
"uuid": "d427a8db-0175-4a1e-bc32-e841722bf97d",
|
||
|
"value": "https://www.virustotal.com/gui/file/a9d483c0f021b72a94324562068d8164f8cce0aa8f779faea304669390775436/detection/f-a9d483c0f021b72a94324562068d8164f8cce0aa8f779faea304669390775436-1609464195"
|
||
|
},
|
||
|
{
|
||
|
"category": "Payload delivery",
|
||
|
"comment": "",
|
||
|
"deleted": false,
|
||
|
"disable_correlation": true,
|
||
|
"object_relation": "detection-ratio",
|
||
|
"timestamp": "1609779346",
|
||
|
"to_ids": false,
|
||
|
"type": "text",
|
||
|
"uuid": "b81fbf40-c112-44b1-9366-0d8c2846bd81",
|
||
|
"value": "54/70"
|
||
|
}
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"comment": "",
|
||
|
"deleted": false,
|
||
|
"description": "File object describing a file with meta-information",
|
||
|
"meta-category": "file",
|
||
|
"name": "file",
|
||
|
"template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215",
|
||
|
"template_version": "22",
|
||
|
"timestamp": "1609779405",
|
||
|
"uuid": "6a026bd8-e76d-4ec8-8dc5-94ad88664df9",
|
||
|
"ObjectReference": [
|
||
|
{
|
||
|
"comment": "",
|
||
|
"object_uuid": "6a026bd8-e76d-4ec8-8dc5-94ad88664df9",
|
||
|
"referenced_uuid": "5f216e8e-983a-4f0c-a17d-370a5cfeb0fc",
|
||
|
"relationship_type": "analysed-with",
|
||
|
"timestamp": "0",
|
||
|
"uuid": "cebab05e-048b-4d27-ba49-364318d45e4c"
|
||
|
}
|
||
|
],
|
||
|
"Attribute": [
|
||
|
{
|
||
|
"category": "Payload delivery",
|
||
|
"comment": "",
|
||
|
"deleted": false,
|
||
|
"disable_correlation": false,
|
||
|
"object_relation": "md5",
|
||
|
"timestamp": "1609779346",
|
||
|
"to_ids": true,
|
||
|
"type": "md5",
|
||
|
"uuid": "2539e5a3-e205-4be6-adeb-23e1d922176a",
|
||
|
"value": "44a7085f729b68073b5c67bbc66829cc"
|
||
|
},
|
||
|
{
|
||
|
"category": "Payload delivery",
|
||
|
"comment": "",
|
||
|
"deleted": false,
|
||
|
"disable_correlation": false,
|
||
|
"object_relation": "sha1",
|
||
|
"timestamp": "1609779346",
|
||
|
"to_ids": true,
|
||
|
"type": "sha1",
|
||
|
"uuid": "662c1b7f-d705-4c57-92df-2a74c12f5047",
|
||
|
"value": "3c03a1c61932bec2b276600ea52bd2803285ec62"
|
||
|
},
|
||
|
{
|
||
|
"category": "Payload delivery",
|
||
|
"comment": "",
|
||
|
"deleted": false,
|
||
|
"disable_correlation": false,
|
||
|
"object_relation": "sha256",
|
||
|
"timestamp": "1609779346",
|
||
|
"to_ids": true,
|
||
|
"type": "sha256",
|
||
|
"uuid": "4fcd1c8e-1c20-434d-be6a-3fee803e7274",
|
||
|
"value": "8483aaf9e1fa5b46486c9f2a14c688c30d2006e88de65d0295a57892de0bf4c9"
|
||
|
}
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"comment": "",
|
||
|
"deleted": false,
|
||
|
"description": "VirusTotal report",
|
||
|
"meta-category": "misc",
|
||
|
"name": "virustotal-report",
|
||
|
"template_uuid": "d7dd0154-e04f-4c34-a2fb-79f3a3a52aa4",
|
||
|
"template_version": "3",
|
||
|
"timestamp": "1609779405",
|
||
|
"uuid": "5f216e8e-983a-4f0c-a17d-370a5cfeb0fc",
|
||
|
"Attribute": [
|
||
|
{
|
||
|
"category": "Other",
|
||
|
"comment": "",
|
||
|
"deleted": false,
|
||
|
"disable_correlation": false,
|
||
|
"object_relation": "last-submission",
|
||
|
"timestamp": "1609779346",
|
||
|
"to_ids": false,
|
||
|
"type": "datetime",
|
||
|
"uuid": "725a8741-821a-4741-a137-0ccb3cbcefc6",
|
||
|
"value": "2020-12-16T04:36:39+00:00"
|
||
|
},
|
||
|
{
|
||
|
"category": "Payload delivery",
|
||
|
"comment": "",
|
||
|
"deleted": false,
|
||
|
"disable_correlation": false,
|
||
|
"object_relation": "permalink",
|
||
|
"timestamp": "1609779346",
|
||
|
"to_ids": false,
|
||
|
"type": "link",
|
||
|
"uuid": "9179348f-4a1a-44ec-9815-a9ea77fbc764",
|
||
|
"value": "https://www.virustotal.com/gui/file/8483aaf9e1fa5b46486c9f2a14c688c30d2006e88de65d0295a57892de0bf4c9/detection/f-8483aaf9e1fa5b46486c9f2a14c688c30d2006e88de65d0295a57892de0bf4c9-1608093399"
|
||
|
},
|
||
|
{
|
||
|
"category": "Payload delivery",
|
||
|
"comment": "",
|
||
|
"deleted": false,
|
||
|
"disable_correlation": true,
|
||
|
"object_relation": "detection-ratio",
|
||
|
"timestamp": "1609779346",
|
||
|
"to_ids": false,
|
||
|
"type": "text",
|
||
|
"uuid": "54d0daea-80c1-4c7b-b699-df7297fda21e",
|
||
|
"value": "54/69"
|
||
|
}
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"comment": "",
|
||
|
"deleted": false,
|
||
|
"description": "File object describing a file with meta-information",
|
||
|
"meta-category": "file",
|
||
|
"name": "file",
|
||
|
"template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215",
|
||
|
"template_version": "22",
|
||
|
"timestamp": "1609779405",
|
||
|
"uuid": "36070fb1-d674-440d-9065-7622c438995e",
|
||
|
"ObjectReference": [
|
||
|
{
|
||
|
"comment": "",
|
||
|
"object_uuid": "36070fb1-d674-440d-9065-7622c438995e",
|
||
|
"referenced_uuid": "2710f1fd-4267-4340-a33d-ff4a6fdc3928",
|
||
|
"relationship_type": "analysed-with",
|
||
|
"timestamp": "0",
|
||
|
"uuid": "7d2d1048-8632-499a-aea6-0aeba6c13de8"
|
||
|
}
|
||
|
],
|
||
|
"Attribute": [
|
||
|
{
|
||
|
"category": "Payload delivery",
|
||
|
"comment": "",
|
||
|
"deleted": false,
|
||
|
"disable_correlation": false,
|
||
|
"object_relation": "md5",
|
||
|
"timestamp": "1609779346",
|
||
|
"to_ids": true,
|
||
|
"type": "md5",
|
||
|
"uuid": "af3f4c7b-f2b1-4dee-8ca1-f50c93e423f9",
|
||
|
"value": "0de24cec66ef9d1042be7cf12b87cfc4"
|
||
|
},
|
||
|
{
|
||
|
"category": "Payload delivery",
|
||
|
"comment": "",
|
||
|
"deleted": false,
|
||
|
"disable_correlation": false,
|
||
|
"object_relation": "sha1",
|
||
|
"timestamp": "1609779346",
|
||
|
"to_ids": true,
|
||
|
"type": "sha1",
|
||
|
"uuid": "ea9c7d37-b761-40c9-a9bc-7ecc136f6ccf",
|
||
|
"value": "f7bf7cea89c6205d78fa42d735d81c1e5c183041"
|
||
|
},
|
||
|
{
|
||
|
"category": "Payload delivery",
|
||
|
"comment": "",
|
||
|
"deleted": false,
|
||
|
"disable_correlation": false,
|
||
|
"object_relation": "sha256",
|
||
|
"timestamp": "1609779346",
|
||
|
"to_ids": true,
|
||
|
"type": "sha256",
|
||
|
"uuid": "2dfd28f4-c897-4538-aec3-1326a00e1b42",
|
||
|
"value": "765327e1dc0888c69c92203d90037c5154db9787f54d3fc8f1097830be8c76ab"
|
||
|
}
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"comment": "",
|
||
|
"deleted": false,
|
||
|
"description": "VirusTotal report",
|
||
|
"meta-category": "misc",
|
||
|
"name": "virustotal-report",
|
||
|
"template_uuid": "d7dd0154-e04f-4c34-a2fb-79f3a3a52aa4",
|
||
|
"template_version": "3",
|
||
|
"timestamp": "1609779405",
|
||
|
"uuid": "2710f1fd-4267-4340-a33d-ff4a6fdc3928",
|
||
|
"Attribute": [
|
||
|
{
|
||
|
"category": "Other",
|
||
|
"comment": "",
|
||
|
"deleted": false,
|
||
|
"disable_correlation": false,
|
||
|
"object_relation": "last-submission",
|
||
|
"timestamp": "1609779346",
|
||
|
"to_ids": false,
|
||
|
"type": "datetime",
|
||
|
"uuid": "ac4775d8-ee5b-4a8e-91d0-03f5b96c4c7d",
|
||
|
"value": "2020-12-30T16:37:33+00:00"
|
||
|
},
|
||
|
{
|
||
|
"category": "Payload delivery",
|
||
|
"comment": "",
|
||
|
"deleted": false,
|
||
|
"disable_correlation": false,
|
||
|
"object_relation": "permalink",
|
||
|
"timestamp": "1609779346",
|
||
|
"to_ids": false,
|
||
|
"type": "link",
|
||
|
"uuid": "b42811b0-e68d-4112-8bef-0f0b2b26d98f",
|
||
|
"value": "https://www.virustotal.com/gui/file/765327e1dc0888c69c92203d90037c5154db9787f54d3fc8f1097830be8c76ab/detection/f-765327e1dc0888c69c92203d90037c5154db9787f54d3fc8f1097830be8c76ab-1609346253"
|
||
|
},
|
||
|
{
|
||
|
"category": "Payload delivery",
|
||
|
"comment": "",
|
||
|
"deleted": false,
|
||
|
"disable_correlation": true,
|
||
|
"object_relation": "detection-ratio",
|
||
|
"timestamp": "1609779346",
|
||
|
"to_ids": false,
|
||
|
"type": "text",
|
||
|
"uuid": "06f4bbfc-4e7d-4970-9ae8-daa558eac376",
|
||
|
"value": "55/70"
|
||
|
}
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"comment": "",
|
||
|
"deleted": false,
|
||
|
"description": "File object describing a file with meta-information",
|
||
|
"meta-category": "file",
|
||
|
"name": "file",
|
||
|
"template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215",
|
||
|
"template_version": "22",
|
||
|
"timestamp": "1609779405",
|
||
|
"uuid": "e121c65e-3dbd-4c3c-ae9e-4d13e2bc61fa",
|
||
|
"ObjectReference": [
|
||
|
{
|
||
|
"comment": "",
|
||
|
"object_uuid": "e121c65e-3dbd-4c3c-ae9e-4d13e2bc61fa",
|
||
|
"referenced_uuid": "6a310603-3817-4d42-9183-709a7188d99c",
|
||
|
"relationship_type": "analysed-with",
|
||
|
"timestamp": "0",
|
||
|
"uuid": "7a9b0e96-152b-402b-a044-4781636e03be"
|
||
|
}
|
||
|
],
|
||
|
"Attribute": [
|
||
|
{
|
||
|
"category": "Payload delivery",
|
||
|
"comment": "",
|
||
|
"deleted": false,
|
||
|
"disable_correlation": false,
|
||
|
"object_relation": "md5",
|
||
|
"timestamp": "1609779346",
|
||
|
"to_ids": true,
|
||
|
"type": "md5",
|
||
|
"uuid": "c6452647-5a3f-4f45-8b72-eb7cdb88d35a",
|
||
|
"value": "de3110dce011088cd4add1950a49182f"
|
||
|
},
|
||
|
{
|
||
|
"category": "Payload delivery",
|
||
|
"comment": "",
|
||
|
"deleted": false,
|
||
|
"disable_correlation": false,
|
||
|
"object_relation": "sha1",
|
||
|
"timestamp": "1609779346",
|
||
|
"to_ids": true,
|
||
|
"type": "sha1",
|
||
|
"uuid": "2ee04d9b-a006-4e4b-9ffe-2c077d773e62",
|
||
|
"value": "c9da06e3dbf406aec50bc145cba1a50b26db853a"
|
||
|
},
|
||
|
{
|
||
|
"category": "Payload delivery",
|
||
|
"comment": "",
|
||
|
"deleted": false,
|
||
|
"disable_correlation": false,
|
||
|
"object_relation": "sha256",
|
||
|
"timestamp": "1609779346",
|
||
|
"to_ids": true,
|
||
|
"type": "sha256",
|
||
|
"uuid": "8e85d44d-27e2-48fb-81eb-2fa7468e159c",
|
||
|
"value": "608b5bf065f25cd1c6ac145e3bcdf0b1b6dc742a08e59ec0ce136fe5142774e9"
|
||
|
}
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"comment": "",
|
||
|
"deleted": false,
|
||
|
"description": "VirusTotal report",
|
||
|
"meta-category": "misc",
|
||
|
"name": "virustotal-report",
|
||
|
"template_uuid": "d7dd0154-e04f-4c34-a2fb-79f3a3a52aa4",
|
||
|
"template_version": "3",
|
||
|
"timestamp": "1609779405",
|
||
|
"uuid": "6a310603-3817-4d42-9183-709a7188d99c",
|
||
|
"Attribute": [
|
||
|
{
|
||
|
"category": "Other",
|
||
|
"comment": "",
|
||
|
"deleted": false,
|
||
|
"disable_correlation": false,
|
||
|
"object_relation": "last-submission",
|
||
|
"timestamp": "1609779346",
|
||
|
"to_ids": false,
|
||
|
"type": "datetime",
|
||
|
"uuid": "bb6ce9f3-8294-4fb8-9753-3a1ae637117e",
|
||
|
"value": "2020-12-21T17:59:21+00:00"
|
||
|
},
|
||
|
{
|
||
|
"category": "Payload delivery",
|
||
|
"comment": "",
|
||
|
"deleted": false,
|
||
|
"disable_correlation": false,
|
||
|
"object_relation": "permalink",
|
||
|
"timestamp": "1609779346",
|
||
|
"to_ids": false,
|
||
|
"type": "link",
|
||
|
"uuid": "60ee03df-ac46-4f1f-aca3-643d09828360",
|
||
|
"value": "https://www.virustotal.com/gui/file/608b5bf065f25cd1c6ac145e3bcdf0b1b6dc742a08e59ec0ce136fe5142774e9/detection/f-608b5bf065f25cd1c6ac145e3bcdf0b1b6dc742a08e59ec0ce136fe5142774e9-1608573561"
|
||
|
},
|
||
|
{
|
||
|
"category": "Payload delivery",
|
||
|
"comment": "",
|
||
|
"deleted": false,
|
||
|
"disable_correlation": true,
|
||
|
"object_relation": "detection-ratio",
|
||
|
"timestamp": "1609779346",
|
||
|
"to_ids": false,
|
||
|
"type": "text",
|
||
|
"uuid": "d21dd424-5f59-48c8-a6ee-eee1e5351484",
|
||
|
"value": "0/59"
|
||
|
}
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"comment": "",
|
||
|
"deleted": false,
|
||
|
"description": "File object describing a file with meta-information",
|
||
|
"meta-category": "file",
|
||
|
"name": "file",
|
||
|
"template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215",
|
||
|
"template_version": "22",
|
||
|
"timestamp": "1609779405",
|
||
|
"uuid": "7ad93f35-96c7-4529-adcc-cc1280740c0e",
|
||
|
"ObjectReference": [
|
||
|
{
|
||
|
"comment": "",
|
||
|
"object_uuid": "7ad93f35-96c7-4529-adcc-cc1280740c0e",
|
||
|
"referenced_uuid": "7aa9a533-360b-4b85-8b54-d39e921b834b",
|
||
|
"relationship_type": "analysed-with",
|
||
|
"timestamp": "0",
|
||
|
"uuid": "dd8f113e-7d4c-4a7e-9ef9-e8e25bb3ec39"
|
||
|
}
|
||
|
],
|
||
|
"Attribute": [
|
||
|
{
|
||
|
"category": "Payload delivery",
|
||
|
"comment": "",
|
||
|
"deleted": false,
|
||
|
"disable_correlation": false,
|
||
|
"object_relation": "md5",
|
||
|
"timestamp": "1609779346",
|
||
|
"to_ids": true,
|
||
|
"type": "md5",
|
||
|
"uuid": "b0ee7a53-da53-4770-9182-3de571d7c793",
|
||
|
"value": "8ba3a9d73903bd252f8d99a682d60858"
|
||
|
},
|
||
|
{
|
||
|
"category": "Payload delivery",
|
||
|
"comment": "",
|
||
|
"deleted": false,
|
||
|
"disable_correlation": false,
|
||
|
"object_relation": "sha1",
|
||
|
"timestamp": "1609779346",
|
||
|
"to_ids": true,
|
||
|
"type": "sha1",
|
||
|
"uuid": "c62663e1-fdfa-4dea-862f-33b26330d543",
|
||
|
"value": "95aea6b24ed28c6ad13ec8d7a6f62652b039765e"
|
||
|
},
|
||
|
{
|
||
|
"category": "Payload delivery",
|
||
|
"comment": "",
|
||
|
"deleted": false,
|
||
|
"disable_correlation": false,
|
||
|
"object_relation": "sha256",
|
||
|
"timestamp": "1609779346",
|
||
|
"to_ids": true,
|
||
|
"type": "sha256",
|
||
|
"uuid": "af489248-f585-40c0-ae25-031ccc723fc8",
|
||
|
"value": "444a6897058fd4965770167b15a2ab13e6fd559a3e6f6cf5565d4d3282587459"
|
||
|
}
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"comment": "",
|
||
|
"deleted": false,
|
||
|
"description": "VirusTotal report",
|
||
|
"meta-category": "misc",
|
||
|
"name": "virustotal-report",
|
||
|
"template_uuid": "d7dd0154-e04f-4c34-a2fb-79f3a3a52aa4",
|
||
|
"template_version": "3",
|
||
|
"timestamp": "1609779405",
|
||
|
"uuid": "7aa9a533-360b-4b85-8b54-d39e921b834b",
|
||
|
"Attribute": [
|
||
|
{
|
||
|
"category": "Other",
|
||
|
"comment": "",
|
||
|
"deleted": false,
|
||
|
"disable_correlation": false,
|
||
|
"object_relation": "last-submission",
|
||
|
"timestamp": "1609779346",
|
||
|
"to_ids": false,
|
||
|
"type": "datetime",
|
||
|
"uuid": "85c93da2-41a1-44b0-8784-988e39573a27",
|
||
|
"value": "2020-12-18T09:52:23+00:00"
|
||
|
},
|
||
|
{
|
||
|
"category": "Payload delivery",
|
||
|
"comment": "",
|
||
|
"deleted": false,
|
||
|
"disable_correlation": false,
|
||
|
"object_relation": "permalink",
|
||
|
"timestamp": "1609779346",
|
||
|
"to_ids": false,
|
||
|
"type": "link",
|
||
|
"uuid": "5f66e7da-826a-4534-bba7-10be772693e4",
|
||
|
"value": "https://www.virustotal.com/gui/file/444a6897058fd4965770167b15a2ab13e6fd559a3e6f6cf5565d4d3282587459/detection/f-444a6897058fd4965770167b15a2ab13e6fd559a3e6f6cf5565d4d3282587459-1608285143"
|
||
|
},
|
||
|
{
|
||
|
"category": "Payload delivery",
|
||
|
"comment": "",
|
||
|
"deleted": false,
|
||
|
"disable_correlation": true,
|
||
|
"object_relation": "detection-ratio",
|
||
|
"timestamp": "1609779346",
|
||
|
"to_ids": false,
|
||
|
"type": "text",
|
||
|
"uuid": "c8292808-01e1-4b7d-90bf-7e5ac0658be6",
|
||
|
"value": "14/60"
|
||
|
}
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"comment": "",
|
||
|
"deleted": false,
|
||
|
"description": "File object describing a file with meta-information",
|
||
|
"meta-category": "file",
|
||
|
"name": "file",
|
||
|
"template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215",
|
||
|
"template_version": "22",
|
||
|
"timestamp": "1609779405",
|
||
|
"uuid": "a17e2776-7f1d-4cad-a29d-9ab5dd2d173b",
|
||
|
"ObjectReference": [
|
||
|
{
|
||
|
"comment": "",
|
||
|
"object_uuid": "a17e2776-7f1d-4cad-a29d-9ab5dd2d173b",
|
||
|
"referenced_uuid": "1d6a338a-3388-4226-85fb-ff12991aa9d4",
|
||
|
"relationship_type": "analysed-with",
|
||
|
"timestamp": "0",
|
||
|
"uuid": "3416b695-7ab3-49b1-85f6-1cda81433e7a"
|
||
|
}
|
||
|
],
|
||
|
"Attribute": [
|
||
|
{
|
||
|
"category": "Payload delivery",
|
||
|
"comment": "",
|
||
|
"deleted": false,
|
||
|
"disable_correlation": false,
|
||
|
"object_relation": "md5",
|
||
|
"timestamp": "1609779346",
|
||
|
"to_ids": true,
|
||
|
"type": "md5",
|
||
|
"uuid": "d9e380fa-23bb-427c-9cfa-f43371e018b3",
|
||
|
"value": "81bc3a2409991325c6e71a06f6b7b881"
|
||
|
},
|
||
|
{
|
||
|
"category": "Payload delivery",
|
||
|
"comment": "",
|
||
|
"deleted": false,
|
||
|
"disable_correlation": false,
|
||
|
"object_relation": "sha1",
|
||
|
"timestamp": "1609779346",
|
||
|
"to_ids": true,
|
||
|
"type": "sha1",
|
||
|
"uuid": "d61baa80-f918-43da-8260-8a4898b17475",
|
||
|
"value": "38c88de0ece0451b0665f3616c02c2bad77a92a2"
|
||
|
},
|
||
|
{
|
||
|
"category": "Payload delivery",
|
||
|
"comment": "",
|
||
|
"deleted": false,
|
||
|
"disable_correlation": false,
|
||
|
"object_relation": "sha256",
|
||
|
"timestamp": "1609779346",
|
||
|
"to_ids": true,
|
||
|
"type": "sha256",
|
||
|
"uuid": "4c059876-03fe-4753-b682-614ca8d9f944",
|
||
|
"value": "2b3518937fd231560c7dc4f5af672a033b1c810d7f2f82c8151c025ce75775bf"
|
||
|
}
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"comment": "",
|
||
|
"deleted": false,
|
||
|
"description": "VirusTotal report",
|
||
|
"meta-category": "misc",
|
||
|
"name": "virustotal-report",
|
||
|
"template_uuid": "d7dd0154-e04f-4c34-a2fb-79f3a3a52aa4",
|
||
|
"template_version": "3",
|
||
|
"timestamp": "1609779405",
|
||
|
"uuid": "1d6a338a-3388-4226-85fb-ff12991aa9d4",
|
||
|
"Attribute": [
|
||
|
{
|
||
|
"category": "Other",
|
||
|
"comment": "",
|
||
|
"deleted": false,
|
||
|
"disable_correlation": false,
|
||
|
"object_relation": "last-submission",
|
||
|
"timestamp": "1609779346",
|
||
|
"to_ids": false,
|
||
|
"type": "datetime",
|
||
|
"uuid": "92bc8035-bb6f-41df-b3f9-e7ff6069e140",
|
||
|
"value": "2020-12-08T20:04:16+00:00"
|
||
|
},
|
||
|
{
|
||
|
"category": "Payload delivery",
|
||
|
"comment": "",
|
||
|
"deleted": false,
|
||
|
"disable_correlation": false,
|
||
|
"object_relation": "permalink",
|
||
|
"timestamp": "1609779346",
|
||
|
"to_ids": false,
|
||
|
"type": "link",
|
||
|
"uuid": "65b1dcd2-5e1b-4719-8227-efe85a684534",
|
||
|
"value": "https://www.virustotal.com/gui/file/2b3518937fd231560c7dc4f5af672a033b1c810d7f2f82c8151c025ce75775bf/detection/f-2b3518937fd231560c7dc4f5af672a033b1c810d7f2f82c8151c025ce75775bf-1607457856"
|
||
|
},
|
||
|
{
|
||
|
"category": "Payload delivery",
|
||
|
"comment": "",
|
||
|
"deleted": false,
|
||
|
"disable_correlation": true,
|
||
|
"object_relation": "detection-ratio",
|
||
|
"timestamp": "1609779346",
|
||
|
"to_ids": false,
|
||
|
"type": "text",
|
||
|
"uuid": "e56f42fc-a7e1-44e9-9414-b15c9b0dc269",
|
||
|
"value": "60/68"
|
||
|
}
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"comment": "",
|
||
|
"deleted": false,
|
||
|
"description": "File object describing a file with meta-information",
|
||
|
"meta-category": "file",
|
||
|
"name": "file",
|
||
|
"template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215",
|
||
|
"template_version": "22",
|
||
|
"timestamp": "1609779405",
|
||
|
"uuid": "cc04c553-5a60-4526-acdc-e6d437440d5b",
|
||
|
"ObjectReference": [
|
||
|
{
|
||
|
"comment": "",
|
||
|
"object_uuid": "cc04c553-5a60-4526-acdc-e6d437440d5b",
|
||
|
"referenced_uuid": "cecdd20d-c7ab-40a7-9ef1-2e633c2ddefa",
|
||
|
"relationship_type": "analysed-with",
|
||
|
"timestamp": "0",
|
||
|
"uuid": "d323b1b2-53d3-4880-8b19-a40e86568fcc"
|
||
|
}
|
||
|
],
|
||
|
"Attribute": [
|
||
|
{
|
||
|
"category": "Payload delivery",
|
||
|
"comment": "",
|
||
|
"deleted": false,
|
||
|
"disable_correlation": false,
|
||
|
"object_relation": "md5",
|
||
|
"timestamp": "1609779346",
|
||
|
"to_ids": true,
|
||
|
"type": "md5",
|
||
|
"uuid": "2f13c68b-0b1e-489c-b99b-3e29674cd633",
|
||
|
"value": "65c320bc5258d8fa86aa9ffd876291d3"
|
||
|
},
|
||
|
{
|
||
|
"category": "Payload delivery",
|
||
|
"comment": "",
|
||
|
"deleted": false,
|
||
|
"disable_correlation": false,
|
||
|
"object_relation": "sha1",
|
||
|
"timestamp": "1609779346",
|
||
|
"to_ids": true,
|
||
|
"type": "sha1",
|
||
|
"uuid": "2f3bc2c4-93d3-44bd-a505-af1d82dfa9f0",
|
||
|
"value": "f0215aac7be36a5fedeea51d34d8f8da2e98bf1b"
|
||
|
},
|
||
|
{
|
||
|
"category": "Payload delivery",
|
||
|
"comment": "",
|
||
|
"deleted": false,
|
||
|
"disable_correlation": false,
|
||
|
"object_relation": "sha256",
|
||
|
"timestamp": "1609779346",
|
||
|
"to_ids": true,
|
||
|
"type": "sha256",
|
||
|
"uuid": "6b1dd57b-3a70-4306-8a9a-7584131fd78a",
|
||
|
"value": "3fd510a3b2e0b0802d57cd5b1cac1e61797d50a08b87d9b5243becd9e2f7073f"
|
||
|
}
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"comment": "",
|
||
|
"deleted": false,
|
||
|
"description": "VirusTotal report",
|
||
|
"meta-category": "misc",
|
||
|
"name": "virustotal-report",
|
||
|
"template_uuid": "d7dd0154-e04f-4c34-a2fb-79f3a3a52aa4",
|
||
|
"template_version": "3",
|
||
|
"timestamp": "1609779405",
|
||
|
"uuid": "cecdd20d-c7ab-40a7-9ef1-2e633c2ddefa",
|
||
|
"Attribute": [
|
||
|
{
|
||
|
"category": "Other",
|
||
|
"comment": "",
|
||
|
"deleted": false,
|
||
|
"disable_correlation": false,
|
||
|
"object_relation": "last-submission",
|
||
|
"timestamp": "1609779346",
|
||
|
"to_ids": false,
|
||
|
"type": "datetime",
|
||
|
"uuid": "4ba34256-f6e3-409d-8332-ba577e0089aa",
|
||
|
"value": "2020-12-30T20:10:05+00:00"
|
||
|
},
|
||
|
{
|
||
|
"category": "Payload delivery",
|
||
|
"comment": "",
|
||
|
"deleted": false,
|
||
|
"disable_correlation": false,
|
||
|
"object_relation": "permalink",
|
||
|
"timestamp": "1609779346",
|
||
|
"to_ids": false,
|
||
|
"type": "link",
|
||
|
"uuid": "4f355ba2-6e10-463c-8a3c-93e2da3801f4",
|
||
|
"value": "https://www.virustotal.com/gui/file/3fd510a3b2e0b0802d57cd5b1cac1e61797d50a08b87d9b5243becd9e2f7073f/detection/f-3fd510a3b2e0b0802d57cd5b1cac1e61797d50a08b87d9b5243becd9e2f7073f-1609359005"
|
||
|
},
|
||
|
{
|
||
|
"category": "Payload delivery",
|
||
|
"comment": "",
|
||
|
"deleted": false,
|
||
|
"disable_correlation": true,
|
||
|
"object_relation": "detection-ratio",
|
||
|
"timestamp": "1609779346",
|
||
|
"to_ids": false,
|
||
|
"type": "text",
|
||
|
"uuid": "22758bee-983d-42b5-baa6-90e1fd51f3d5",
|
||
|
"value": "58/69"
|
||
|
}
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"comment": "",
|
||
|
"deleted": false,
|
||
|
"description": "File object describing a file with meta-information",
|
||
|
"meta-category": "file",
|
||
|
"name": "file",
|
||
|
"template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215",
|
||
|
"template_version": "22",
|
||
|
"timestamp": "1609779405",
|
||
|
"uuid": "63287a79-1c3f-4036-9873-158e0d81f3d4",
|
||
|
"ObjectReference": [
|
||
|
{
|
||
|
"comment": "",
|
||
|
"object_uuid": "63287a79-1c3f-4036-9873-158e0d81f3d4",
|
||
|
"referenced_uuid": "9e4dfeb2-f9a3-46d6-9114-0cc0f2944b1d",
|
||
|
"relationship_type": "analysed-with",
|
||
|
"timestamp": "0",
|
||
|
"uuid": "16c6c226-76b8-4553-a7ce-e99eae97c946"
|
||
|
}
|
||
|
],
|
||
|
"Attribute": [
|
||
|
{
|
||
|
"category": "Payload delivery",
|
||
|
"comment": "",
|
||
|
"deleted": false,
|
||
|
"disable_correlation": false,
|
||
|
"object_relation": "md5",
|
||
|
"timestamp": "1609779346",
|
||
|
"to_ids": true,
|
||
|
"type": "md5",
|
||
|
"uuid": "6f84653b-bf2a-4fd0-a4e6-cbb8248a4c14",
|
||
|
"value": "ac33fea4c2a9bbca3559142838441f84"
|
||
|
},
|
||
|
{
|
||
|
"category": "Payload delivery",
|
||
|
"comment": "",
|
||
|
"deleted": false,
|
||
|
"disable_correlation": false,
|
||
|
"object_relation": "sha1",
|
||
|
"timestamp": "1609779346",
|
||
|
"to_ids": true,
|
||
|
"type": "sha1",
|
||
|
"uuid": "d16544a4-dcde-4a3e-b1a3-4db311d92aeb",
|
||
|
"value": "948ef8caef5c1254be551cab8a64c687ea0faf84"
|
||
|
},
|
||
|
{
|
||
|
"category": "Payload delivery",
|
||
|
"comment": "",
|
||
|
"deleted": false,
|
||
|
"disable_correlation": false,
|
||
|
"object_relation": "sha256",
|
||
|
"timestamp": "1609779346",
|
||
|
"to_ids": true,
|
||
|
"type": "sha256",
|
||
|
"uuid": "22f6ea34-b77b-4c5a-942a-3953110946e8",
|
||
|
"value": "932778732711cd18d5c4aabc507a65180bf1d4bd2b7d2d4e5506be4b8193596e"
|
||
|
}
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"comment": "",
|
||
|
"deleted": false,
|
||
|
"description": "VirusTotal report",
|
||
|
"meta-category": "misc",
|
||
|
"name": "virustotal-report",
|
||
|
"template_uuid": "d7dd0154-e04f-4c34-a2fb-79f3a3a52aa4",
|
||
|
"template_version": "3",
|
||
|
"timestamp": "1609779405",
|
||
|
"uuid": "9e4dfeb2-f9a3-46d6-9114-0cc0f2944b1d",
|
||
|
"Attribute": [
|
||
|
{
|
||
|
"category": "Other",
|
||
|
"comment": "",
|
||
|
"deleted": false,
|
||
|
"disable_correlation": false,
|
||
|
"object_relation": "last-submission",
|
||
|
"timestamp": "1609779346",
|
||
|
"to_ids": false,
|
||
|
"type": "datetime",
|
||
|
"uuid": "baf8c5c4-3ffa-4b3c-8a7b-5db8ecf65cce",
|
||
|
"value": "2020-12-14T11:31:47+00:00"
|
||
|
},
|
||
|
{
|
||
|
"category": "Payload delivery",
|
||
|
"comment": "",
|
||
|
"deleted": false,
|
||
|
"disable_correlation": false,
|
||
|
"object_relation": "permalink",
|
||
|
"timestamp": "1609779346",
|
||
|
"to_ids": false,
|
||
|
"type": "link",
|
||
|
"uuid": "9d7c9c90-3058-4d18-97a6-65208b383b65",
|
||
|
"value": "https://www.virustotal.com/gui/file/932778732711cd18d5c4aabc507a65180bf1d4bd2b7d2d4e5506be4b8193596e/detection/f-932778732711cd18d5c4aabc507a65180bf1d4bd2b7d2d4e5506be4b8193596e-1607945507"
|
||
|
},
|
||
|
{
|
||
|
"category": "Payload delivery",
|
||
|
"comment": "",
|
||
|
"deleted": false,
|
||
|
"disable_correlation": true,
|
||
|
"object_relation": "detection-ratio",
|
||
|
"timestamp": "1609779346",
|
||
|
"to_ids": false,
|
||
|
"type": "text",
|
||
|
"uuid": "133c7204-a320-4187-a1a1-1fa4bd6bf8a6",
|
||
|
"value": "57/69"
|
||
|
}
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"comment": "",
|
||
|
"deleted": false,
|
||
|
"description": "File object describing a file with meta-information",
|
||
|
"meta-category": "file",
|
||
|
"name": "file",
|
||
|
"template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215",
|
||
|
"template_version": "22",
|
||
|
"timestamp": "1609779405",
|
||
|
"uuid": "37ec2791-fa7e-409f-b36c-71f1a301a829",
|
||
|
"ObjectReference": [
|
||
|
{
|
||
|
"comment": "",
|
||
|
"object_uuid": "37ec2791-fa7e-409f-b36c-71f1a301a829",
|
||
|
"referenced_uuid": "bf78eda4-f2d2-4141-a2eb-f3f4a70022be",
|
||
|
"relationship_type": "analysed-with",
|
||
|
"timestamp": "0",
|
||
|
"uuid": "136a97b9-a8f7-47d1-be55-d59195f09b13"
|
||
|
}
|
||
|
],
|
||
|
"Attribute": [
|
||
|
{
|
||
|
"category": "Payload delivery",
|
||
|
"comment": "",
|
||
|
"deleted": false,
|
||
|
"disable_correlation": false,
|
||
|
"object_relation": "md5",
|
||
|
"timestamp": "1609779346",
|
||
|
"to_ids": true,
|
||
|
"type": "md5",
|
||
|
"uuid": "76348c59-01b1-49c8-b66b-54710adc4704",
|
||
|
"value": "dd8e8bfb45fcd5f0621fe7085bfcab94"
|
||
|
},
|
||
|
{
|
||
|
"category": "Payload delivery",
|
||
|
"comment": "",
|
||
|
"deleted": false,
|
||
|
"disable_correlation": false,
|
||
|
"object_relation": "sha1",
|
||
|
"timestamp": "1609779346",
|
||
|
"to_ids": true,
|
||
|
"type": "sha1",
|
||
|
"uuid": "778fc98b-f9a5-4ed7-96ce-c9943255a73c",
|
||
|
"value": "5c99dc80ca69ce0f2d9b4f790ec1b57dba7153c9"
|
||
|
},
|
||
|
{
|
||
|
"category": "Payload delivery",
|
||
|
"comment": "",
|
||
|
"deleted": false,
|
||
|
"disable_correlation": false,
|
||
|
"object_relation": "sha256",
|
||
|
"timestamp": "1609779346",
|
||
|
"to_ids": true,
|
||
|
"type": "sha256",
|
||
|
"uuid": "6c73d1b9-f429-4f68-b8e2-84b50c633f85",
|
||
|
"value": "3aad14d200887119f316be71d71aec11735dd3698a4fcaa50902fce71bdccb07"
|
||
|
}
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"comment": "",
|
||
|
"deleted": false,
|
||
|
"description": "VirusTotal report",
|
||
|
"meta-category": "misc",
|
||
|
"name": "virustotal-report",
|
||
|
"template_uuid": "d7dd0154-e04f-4c34-a2fb-79f3a3a52aa4",
|
||
|
"template_version": "3",
|
||
|
"timestamp": "1609779405",
|
||
|
"uuid": "bf78eda4-f2d2-4141-a2eb-f3f4a70022be",
|
||
|
"Attribute": [
|
||
|
{
|
||
|
"category": "Other",
|
||
|
"comment": "",
|
||
|
"deleted": false,
|
||
|
"disable_correlation": false,
|
||
|
"object_relation": "last-submission",
|
||
|
"timestamp": "1609779346",
|
||
|
"to_ids": false,
|
||
|
"type": "datetime",
|
||
|
"uuid": "f75f6008-fdbd-462d-bdf6-8f7672cac8c9",
|
||
|
"value": "2020-12-08T20:09:40+00:00"
|
||
|
},
|
||
|
{
|
||
|
"category": "Payload delivery",
|
||
|
"comment": "",
|
||
|
"deleted": false,
|
||
|
"disable_correlation": false,
|
||
|
"object_relation": "permalink",
|
||
|
"timestamp": "1609779346",
|
||
|
"to_ids": false,
|
||
|
"type": "link",
|
||
|
"uuid": "0ef96a24-1aae-43c8-8eb2-313fa5da5247",
|
||
|
"value": "https://www.virustotal.com/gui/file/3aad14d200887119f316be71d71aec11735dd3698a4fcaa50902fce71bdccb07/detection/f-3aad14d200887119f316be71d71aec11735dd3698a4fcaa50902fce71bdccb07-1607458180"
|
||
|
},
|
||
|
{
|
||
|
"category": "Payload delivery",
|
||
|
"comment": "",
|
||
|
"deleted": false,
|
||
|
"disable_correlation": true,
|
||
|
"object_relation": "detection-ratio",
|
||
|
"timestamp": "1609779346",
|
||
|
"to_ids": false,
|
||
|
"type": "text",
|
||
|
"uuid": "fef98c19-fc83-4f9e-97e5-8e362c74f5fa",
|
||
|
"value": "55/70"
|
||
|
}
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"comment": "",
|
||
|
"deleted": false,
|
||
|
"description": "File object describing a file with meta-information",
|
||
|
"meta-category": "file",
|
||
|
"name": "file",
|
||
|
"template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215",
|
||
|
"template_version": "22",
|
||
|
"timestamp": "1609779406",
|
||
|
"uuid": "5d6bce96-6c85-4124-a0de-ed5f89f5d956",
|
||
|
"ObjectReference": [
|
||
|
{
|
||
|
"comment": "",
|
||
|
"object_uuid": "5d6bce96-6c85-4124-a0de-ed5f89f5d956",
|
||
|
"referenced_uuid": "0d39fbbc-c621-4cd1-accb-adaa28dc54d1",
|
||
|
"relationship_type": "analysed-with",
|
||
|
"timestamp": "0",
|
||
|
"uuid": "ae23c397-529d-497f-941e-b974762a104f"
|
||
|
}
|
||
|
],
|
||
|
"Attribute": [
|
||
|
{
|
||
|
"category": "Payload delivery",
|
||
|
"comment": "",
|
||
|
"deleted": false,
|
||
|
"disable_correlation": false,
|
||
|
"object_relation": "md5",
|
||
|
"timestamp": "1609779346",
|
||
|
"to_ids": true,
|
||
|
"type": "md5",
|
||
|
"uuid": "09ee90e3-e87e-4ff4-ab2e-4f3543fac06d",
|
||
|
"value": "427105821263afeeccca05b43ea8dac4"
|
||
|
},
|
||
|
{
|
||
|
"category": "Payload delivery",
|
||
|
"comment": "",
|
||
|
"deleted": false,
|
||
|
"disable_correlation": false,
|
||
|
"object_relation": "sha1",
|
||
|
"timestamp": "1609779346",
|
||
|
"to_ids": true,
|
||
|
"type": "sha1",
|
||
|
"uuid": "6d665bcb-3011-4f96-b6c9-045093e4fe78",
|
||
|
"value": "fa33fd577f5eb4813bc69dce891361871cda860c"
|
||
|
},
|
||
|
{
|
||
|
"category": "Payload delivery",
|
||
|
"comment": "",
|
||
|
"deleted": false,
|
||
|
"disable_correlation": false,
|
||
|
"object_relation": "sha256",
|
||
|
"timestamp": "1609779346",
|
||
|
"to_ids": true,
|
||
|
"type": "sha256",
|
||
|
"uuid": "ab2dddce-5cfb-49b1-a61f-d6149d649b93",
|
||
|
"value": "ee06c557f1acd5c4948b1df0413e49f3885f8ac96185a9d986b91a1231444541"
|
||
|
}
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"comment": "",
|
||
|
"deleted": false,
|
||
|
"description": "VirusTotal report",
|
||
|
"meta-category": "misc",
|
||
|
"name": "virustotal-report",
|
||
|
"template_uuid": "d7dd0154-e04f-4c34-a2fb-79f3a3a52aa4",
|
||
|
"template_version": "3",
|
||
|
"timestamp": "1609779406",
|
||
|
"uuid": "0d39fbbc-c621-4cd1-accb-adaa28dc54d1",
|
||
|
"Attribute": [
|
||
|
{
|
||
|
"category": "Other",
|
||
|
"comment": "",
|
||
|
"deleted": false,
|
||
|
"disable_correlation": false,
|
||
|
"object_relation": "last-submission",
|
||
|
"timestamp": "1609779346",
|
||
|
"to_ids": false,
|
||
|
"type": "datetime",
|
||
|
"uuid": "2b9f29fa-7853-4d53-8f1e-4f071446260a",
|
||
|
"value": "2020-12-11T02:01:31+00:00"
|
||
|
},
|
||
|
{
|
||
|
"category": "Payload delivery",
|
||
|
"comment": "",
|
||
|
"deleted": false,
|
||
|
"disable_correlation": false,
|
||
|
"object_relation": "permalink",
|
||
|
"timestamp": "1609779346",
|
||
|
"to_ids": false,
|
||
|
"type": "link",
|
||
|
"uuid": "906ebc1b-79c6-4ff3-8511-7957be0613ac",
|
||
|
"value": "https://www.virustotal.com/gui/file/ee06c557f1acd5c4948b1df0413e49f3885f8ac96185a9d986b91a1231444541/detection/f-ee06c557f1acd5c4948b1df0413e49f3885f8ac96185a9d986b91a1231444541-1607652091"
|
||
|
},
|
||
|
{
|
||
|
"category": "Payload delivery",
|
||
|
"comment": "",
|
||
|
"deleted": false,
|
||
|
"disable_correlation": true,
|
||
|
"object_relation": "detection-ratio",
|
||
|
"timestamp": "1609779346",
|
||
|
"to_ids": false,
|
||
|
"type": "text",
|
||
|
"uuid": "d7057a80-58ca-46bc-9ed9-f963f64db534",
|
||
|
"value": "56/69"
|
||
|
}
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"comment": "",
|
||
|
"deleted": false,
|
||
|
"description": "File object describing a file with meta-information",
|
||
|
"meta-category": "file",
|
||
|
"name": "file",
|
||
|
"template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215",
|
||
|
"template_version": "22",
|
||
|
"timestamp": "1609779406",
|
||
|
"uuid": "127fd835-cce8-4ec3-9081-3d846eb2e59a",
|
||
|
"ObjectReference": [
|
||
|
{
|
||
|
"comment": "",
|
||
|
"object_uuid": "127fd835-cce8-4ec3-9081-3d846eb2e59a",
|
||
|
"referenced_uuid": "61e087cf-2194-4de6-8557-d6cc07ee69d1",
|
||
|
"relationship_type": "analysed-with",
|
||
|
"timestamp": "0",
|
||
|
"uuid": "438a0d4f-53c5-44d3-b597-4a12bf05becd"
|
||
|
}
|
||
|
],
|
||
|
"Attribute": [
|
||
|
{
|
||
|
"category": "Payload delivery",
|
||
|
"comment": "",
|
||
|
"deleted": false,
|
||
|
"disable_correlation": false,
|
||
|
"object_relation": "md5",
|
||
|
"timestamp": "1609779346",
|
||
|
"to_ids": true,
|
||
|
"type": "md5",
|
||
|
"uuid": "0cf4afd0-f290-4907-a6c0-02ebc697c1d1",
|
||
|
"value": "d1aa0f26f557addd45e0d9fa4afecf15"
|
||
|
},
|
||
|
{
|
||
|
"category": "Payload delivery",
|
||
|
"comment": "",
|
||
|
"deleted": false,
|
||
|
"disable_correlation": false,
|
||
|
"object_relation": "sha1",
|
||
|
"timestamp": "1609779346",
|
||
|
"to_ids": true,
|
||
|
"type": "sha1",
|
||
|
"uuid": "f5251c0d-62cc-489e-98a5-7011dabc277c",
|
||
|
"value": "f1603f1ddf52391b16ee9e73e68f5dd405ab06b0"
|
||
|
},
|
||
|
{
|
||
|
"category": "Payload delivery",
|
||
|
"comment": "",
|
||
|
"deleted": false,
|
||
|
"disable_correlation": false,
|
||
|
"object_relation": "sha256",
|
||
|
"timestamp": "1609779346",
|
||
|
"to_ids": true,
|
||
|
"type": "sha256",
|
||
|
"uuid": "e5a10932-36ca-4124-91a6-47dfef32a5fb",
|
||
|
"value": "14e547bebaa738b8605ba4182c4379317d121e268f846c0ed3da171375e65fe4"
|
||
|
}
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"comment": "",
|
||
|
"deleted": false,
|
||
|
"description": "VirusTotal report",
|
||
|
"meta-category": "misc",
|
||
|
"name": "virustotal-report",
|
||
|
"template_uuid": "d7dd0154-e04f-4c34-a2fb-79f3a3a52aa4",
|
||
|
"template_version": "3",
|
||
|
"timestamp": "1609779406",
|
||
|
"uuid": "61e087cf-2194-4de6-8557-d6cc07ee69d1",
|
||
|
"Attribute": [
|
||
|
{
|
||
|
"category": "Other",
|
||
|
"comment": "",
|
||
|
"deleted": false,
|
||
|
"disable_correlation": false,
|
||
|
"object_relation": "last-submission",
|
||
|
"timestamp": "1609779346",
|
||
|
"to_ids": false,
|
||
|
"type": "datetime",
|
||
|
"uuid": "4b0ed049-19e4-4a70-b98c-8546be0bb996",
|
||
|
"value": "2020-12-10T13:38:09+00:00"
|
||
|
},
|
||
|
{
|
||
|
"category": "Payload delivery",
|
||
|
"comment": "",
|
||
|
"deleted": false,
|
||
|
"disable_correlation": false,
|
||
|
"object_relation": "permalink",
|
||
|
"timestamp": "1609779346",
|
||
|
"to_ids": false,
|
||
|
"type": "link",
|
||
|
"uuid": "17a86c25-81fe-4efb-8974-2ec27a3becf5",
|
||
|
"value": "https://www.virustotal.com/gui/file/14e547bebaa738b8605ba4182c4379317d121e268f846c0ed3da171375e65fe4/detection/f-14e547bebaa738b8605ba4182c4379317d121e268f846c0ed3da171375e65fe4-1607607489"
|
||
|
},
|
||
|
{
|
||
|
"category": "Payload delivery",
|
||
|
"comment": "",
|
||
|
"deleted": false,
|
||
|
"disable_correlation": true,
|
||
|
"object_relation": "detection-ratio",
|
||
|
"timestamp": "1609779346",
|
||
|
"to_ids": false,
|
||
|
"type": "text",
|
||
|
"uuid": "45fc5816-e164-4d0c-ad32-7d0a032fff7b",
|
||
|
"value": "57/70"
|
||
|
}
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"comment": "",
|
||
|
"deleted": false,
|
||
|
"description": "File object describing a file with meta-information",
|
||
|
"meta-category": "file",
|
||
|
"name": "file",
|
||
|
"template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215",
|
||
|
"template_version": "22",
|
||
|
"timestamp": "1609779406",
|
||
|
"uuid": "61f03b5a-cae9-483c-a8b9-d9dac895f784",
|
||
|
"ObjectReference": [
|
||
|
{
|
||
|
"comment": "",
|
||
|
"object_uuid": "61f03b5a-cae9-483c-a8b9-d9dac895f784",
|
||
|
"referenced_uuid": "a5610b99-9939-4579-b6f7-0ef544c12c5c",
|
||
|
"relationship_type": "analysed-with",
|
||
|
"timestamp": "0",
|
||
|
"uuid": "7fd04f40-afa4-4f98-acd7-f104f99b48d5"
|
||
|
}
|
||
|
],
|
||
|
"Attribute": [
|
||
|
{
|
||
|
"category": "Payload delivery",
|
||
|
"comment": "",
|
||
|
"deleted": false,
|
||
|
"disable_correlation": false,
|
||
|
"object_relation": "md5",
|
||
|
"timestamp": "1609779346",
|
||
|
"to_ids": true,
|
||
|
"type": "md5",
|
||
|
"uuid": "25916353-7f1a-420d-9e50-f3335174b5a1",
|
||
|
"value": "a922987d1488e2dede7e39a99faf98bb"
|
||
|
},
|
||
|
{
|
||
|
"category": "Payload delivery",
|
||
|
"comment": "",
|
||
|
"deleted": false,
|
||
|
"disable_correlation": false,
|
||
|
"object_relation": "sha1",
|
||
|
"timestamp": "1609779346",
|
||
|
"to_ids": true,
|
||
|
"type": "sha1",
|
||
|
"uuid": "166bebc5-74f5-43de-b3d8-69c45e67ffa0",
|
||
|
"value": "beb48c2a7ff957d467d9199c954b89f8411d3ca8"
|
||
|
},
|
||
|
{
|
||
|
"category": "Payload delivery",
|
||
|
"comment": "",
|
||
|
"deleted": false,
|
||
|
"disable_correlation": false,
|
||
|
"object_relation": "sha256",
|
||
|
"timestamp": "1609779346",
|
||
|
"to_ids": true,
|
||
|
"type": "sha256",
|
||
|
"uuid": "81de40d5-2810-402f-95c9-2fa39dd303d6",
|
||
|
"value": "6ad7b3e0873c9ff122c32006fdc3675706a03c4778287085a020d839b74cd780"
|
||
|
}
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"comment": "",
|
||
|
"deleted": false,
|
||
|
"description": "VirusTotal report",
|
||
|
"meta-category": "misc",
|
||
|
"name": "virustotal-report",
|
||
|
"template_uuid": "d7dd0154-e04f-4c34-a2fb-79f3a3a52aa4",
|
||
|
"template_version": "3",
|
||
|
"timestamp": "1609779406",
|
||
|
"uuid": "a5610b99-9939-4579-b6f7-0ef544c12c5c",
|
||
|
"Attribute": [
|
||
|
{
|
||
|
"category": "Other",
|
||
|
"comment": "",
|
||
|
"deleted": false,
|
||
|
"disable_correlation": false,
|
||
|
"object_relation": "last-submission",
|
||
|
"timestamp": "1609779346",
|
||
|
"to_ids": false,
|
||
|
"type": "datetime",
|
||
|
"uuid": "955783ef-594a-4568-9ee5-2060ea06f5c7",
|
||
|
"value": "2020-12-08T20:11:25+00:00"
|
||
|
},
|
||
|
{
|
||
|
"category": "Payload delivery",
|
||
|
"comment": "",
|
||
|
"deleted": false,
|
||
|
"disable_correlation": false,
|
||
|
"object_relation": "permalink",
|
||
|
"timestamp": "1609779346",
|
||
|
"to_ids": false,
|
||
|
"type": "link",
|
||
|
"uuid": "d9d5b5f4-927b-4fe0-8588-fec22f046b5f",
|
||
|
"value": "https://www.virustotal.com/gui/file/6ad7b3e0873c9ff122c32006fdc3675706a03c4778287085a020d839b74cd780/detection/f-6ad7b3e0873c9ff122c32006fdc3675706a03c4778287085a020d839b74cd780-1607458285"
|
||
|
},
|
||
|
{
|
||
|
"category": "Payload delivery",
|
||
|
"comment": "",
|
||
|
"deleted": false,
|
||
|
"disable_correlation": true,
|
||
|
"object_relation": "detection-ratio",
|
||
|
"timestamp": "1609779346",
|
||
|
"to_ids": false,
|
||
|
"type": "text",
|
||
|
"uuid": "125abda7-c445-4392-9360-90659bc8e334",
|
||
|
"value": "57/67"
|
||
|
}
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"comment": "",
|
||
|
"deleted": false,
|
||
|
"description": "File object describing a file with meta-information",
|
||
|
"meta-category": "file",
|
||
|
"name": "file",
|
||
|
"template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215",
|
||
|
"template_version": "22",
|
||
|
"timestamp": "1609779406",
|
||
|
"uuid": "caf4d1ae-260f-491d-b2e9-415b3dd62938",
|
||
|
"ObjectReference": [
|
||
|
{
|
||
|
"comment": "",
|
||
|
"object_uuid": "caf4d1ae-260f-491d-b2e9-415b3dd62938",
|
||
|
"referenced_uuid": "25fc14c1-06c3-4eba-b8cb-58094ee9649f",
|
||
|
"relationship_type": "analysed-with",
|
||
|
"timestamp": "0",
|
||
|
"uuid": "9971ee6d-9678-43b9-9db9-f0d3cab2061f"
|
||
|
}
|
||
|
],
|
||
|
"Attribute": [
|
||
|
{
|
||
|
"category": "Payload delivery",
|
||
|
"comment": "",
|
||
|
"deleted": false,
|
||
|
"disable_correlation": false,
|
||
|
"object_relation": "md5",
|
||
|
"timestamp": "1609779346",
|
||
|
"to_ids": true,
|
||
|
"type": "md5",
|
||
|
"uuid": "67344c52-2ee0-49e6-ad49-2c2d25b83139",
|
||
|
"value": "5f9fcbdf7ad86583eb2bbcaa5741d88a"
|
||
|
},
|
||
|
{
|
||
|
"category": "Payload delivery",
|
||
|
"comment": "",
|
||
|
"deleted": false,
|
||
|
"disable_correlation": false,
|
||
|
"object_relation": "sha1",
|
||
|
"timestamp": "1609779346",
|
||
|
"to_ids": true,
|
||
|
"type": "sha1",
|
||
|
"uuid": "d10da5ee-0e97-4b26-a0f8-48a5cee7634a",
|
||
|
"value": "03cdec4a0a63a016d0767650cdaf1d4d24669795"
|
||
|
},
|
||
|
{
|
||
|
"category": "Payload delivery",
|
||
|
"comment": "",
|
||
|
"deleted": false,
|
||
|
"disable_correlation": false,
|
||
|
"object_relation": "sha256",
|
||
|
"timestamp": "1609779346",
|
||
|
"to_ids": true,
|
||
|
"type": "sha256",
|
||
|
"uuid": "0c02fae8-e7dc-491e-a3a2-8e9b97180a55",
|
||
|
"value": "004a2dc3ec7b98fa7fe6ae9c23a8b051ec30bcfcd2bc387c440c07ff5180fe9a"
|
||
|
}
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"comment": "",
|
||
|
"deleted": false,
|
||
|
"description": "VirusTotal report",
|
||
|
"meta-category": "misc",
|
||
|
"name": "virustotal-report",
|
||
|
"template_uuid": "d7dd0154-e04f-4c34-a2fb-79f3a3a52aa4",
|
||
|
"template_version": "3",
|
||
|
"timestamp": "1609779406",
|
||
|
"uuid": "25fc14c1-06c3-4eba-b8cb-58094ee9649f",
|
||
|
"Attribute": [
|
||
|
{
|
||
|
"category": "Other",
|
||
|
"comment": "",
|
||
|
"deleted": false,
|
||
|
"disable_correlation": false,
|
||
|
"object_relation": "last-submission",
|
||
|
"timestamp": "1609779346",
|
||
|
"to_ids": false,
|
||
|
"type": "datetime",
|
||
|
"uuid": "b3eaf74a-395b-4275-a76e-34645aa838ef",
|
||
|
"value": "2020-12-11T07:11:00+00:00"
|
||
|
},
|
||
|
{
|
||
|
"category": "Payload delivery",
|
||
|
"comment": "",
|
||
|
"deleted": false,
|
||
|
"disable_correlation": false,
|
||
|
"object_relation": "permalink",
|
||
|
"timestamp": "1609779346",
|
||
|
"to_ids": false,
|
||
|
"type": "link",
|
||
|
"uuid": "1eb92100-b695-4ea4-b11d-30b077c28e35",
|
||
|
"value": "https://www.virustotal.com/gui/file/004a2dc3ec7b98fa7fe6ae9c23a8b051ec30bcfcd2bc387c440c07ff5180fe9a/detection/f-004a2dc3ec7b98fa7fe6ae9c23a8b051ec30bcfcd2bc387c440c07ff5180fe9a-1607670660"
|
||
|
},
|
||
|
{
|
||
|
"category": "Payload delivery",
|
||
|
"comment": "",
|
||
|
"deleted": false,
|
||
|
"disable_correlation": true,
|
||
|
"object_relation": "detection-ratio",
|
||
|
"timestamp": "1609779346",
|
||
|
"to_ids": false,
|
||
|
"type": "text",
|
||
|
"uuid": "cab0b346-6344-4ad3-ba1b-0be27594a40f",
|
||
|
"value": "58/68"
|
||
|
}
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"comment": "",
|
||
|
"deleted": false,
|
||
|
"description": "File object describing a file with meta-information",
|
||
|
"meta-category": "file",
|
||
|
"name": "file",
|
||
|
"template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215",
|
||
|
"template_version": "22",
|
||
|
"timestamp": "1609779406",
|
||
|
"uuid": "7acd8111-ca39-4ca7-8c71-803b109fdbb1",
|
||
|
"ObjectReference": [
|
||
|
{
|
||
|
"comment": "",
|
||
|
"object_uuid": "7acd8111-ca39-4ca7-8c71-803b109fdbb1",
|
||
|
"referenced_uuid": "f5b1ade4-e5a3-4db2-a1a9-0e4040ce3918",
|
||
|
"relationship_type": "analysed-with",
|
||
|
"timestamp": "0",
|
||
|
"uuid": "bc109dd2-4c49-43aa-9d68-be07995faea3"
|
||
|
}
|
||
|
],
|
||
|
"Attribute": [
|
||
|
{
|
||
|
"category": "Payload delivery",
|
||
|
"comment": "",
|
||
|
"deleted": false,
|
||
|
"disable_correlation": false,
|
||
|
"object_relation": "md5",
|
||
|
"timestamp": "1609779346",
|
||
|
"to_ids": true,
|
||
|
"type": "md5",
|
||
|
"uuid": "1c0f7900-8b87-4489-8eb6-d5548c99b907",
|
||
|
"value": "9b7ccaa2ae6a5b96e3110ebcbc4311f6"
|
||
|
},
|
||
|
{
|
||
|
"category": "Payload delivery",
|
||
|
"comment": "",
|
||
|
"deleted": false,
|
||
|
"disable_correlation": false,
|
||
|
"object_relation": "sha1",
|
||
|
"timestamp": "1609779346",
|
||
|
"to_ids": true,
|
||
|
"type": "sha1",
|
||
|
"uuid": "90852b3b-f21b-4e53-8936-2d79b6d20641",
|
||
|
"value": "3cc616d959eb2fe59642102f0565c0e55ee67dbc"
|
||
|
},
|
||
|
{
|
||
|
"category": "Payload delivery",
|
||
|
"comment": "",
|
||
|
"deleted": false,
|
||
|
"disable_correlation": false,
|
||
|
"object_relation": "sha256",
|
||
|
"timestamp": "1609779346",
|
||
|
"to_ids": true,
|
||
|
"type": "sha256",
|
||
|
"uuid": "53dd8d1a-eefc-4c02-ad1e-86ec4eb37ef8",
|
||
|
"value": "c3c50adcc0a5cd2b39677f17fb5f2efca52cc4e47ccd2cdbbf38815d426be9e1"
|
||
|
}
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"comment": "",
|
||
|
"deleted": false,
|
||
|
"description": "VirusTotal report",
|
||
|
"meta-category": "misc",
|
||
|
"name": "virustotal-report",
|
||
|
"template_uuid": "d7dd0154-e04f-4c34-a2fb-79f3a3a52aa4",
|
||
|
"template_version": "3",
|
||
|
"timestamp": "1609779406",
|
||
|
"uuid": "f5b1ade4-e5a3-4db2-a1a9-0e4040ce3918",
|
||
|
"Attribute": [
|
||
|
{
|
||
|
"category": "Other",
|
||
|
"comment": "",
|
||
|
"deleted": false,
|
||
|
"disable_correlation": false,
|
||
|
"object_relation": "last-submission",
|
||
|
"timestamp": "1609779346",
|
||
|
"to_ids": false,
|
||
|
"type": "datetime",
|
||
|
"uuid": "7dc497a6-6dec-4c1d-8716-86e884ee2bc1",
|
||
|
"value": "2020-12-08T20:00:16+00:00"
|
||
|
},
|
||
|
{
|
||
|
"category": "Payload delivery",
|
||
|
"comment": "",
|
||
|
"deleted": false,
|
||
|
"disable_correlation": false,
|
||
|
"object_relation": "permalink",
|
||
|
"timestamp": "1609779346",
|
||
|
"to_ids": false,
|
||
|
"type": "link",
|
||
|
"uuid": "26fbafe0-c40b-4933-81aa-3653f0a2d151",
|
||
|
"value": "https://www.virustotal.com/gui/file/c3c50adcc0a5cd2b39677f17fb5f2efca52cc4e47ccd2cdbbf38815d426be9e1/detection/f-c3c50adcc0a5cd2b39677f17fb5f2efca52cc4e47ccd2cdbbf38815d426be9e1-1607457616"
|
||
|
},
|
||
|
{
|
||
|
"category": "Payload delivery",
|
||
|
"comment": "",
|
||
|
"deleted": false,
|
||
|
"disable_correlation": true,
|
||
|
"object_relation": "detection-ratio",
|
||
|
"timestamp": "1609779346",
|
||
|
"to_ids": false,
|
||
|
"type": "text",
|
||
|
"uuid": "a91bf725-a902-4dc0-8f12-c1f15b39cf96",
|
||
|
"value": "59/70"
|
||
|
}
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"comment": "",
|
||
|
"deleted": false,
|
||
|
"description": "File object describing a file with meta-information",
|
||
|
"meta-category": "file",
|
||
|
"name": "file",
|
||
|
"template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215",
|
||
|
"template_version": "22",
|
||
|
"timestamp": "1609779406",
|
||
|
"uuid": "29426b95-4459-42eb-a768-16505e1b377c",
|
||
|
"ObjectReference": [
|
||
|
{
|
||
|
"comment": "",
|
||
|
"object_uuid": "29426b95-4459-42eb-a768-16505e1b377c",
|
||
|
"referenced_uuid": "849ff98d-f0ec-47fa-9637-45dbb8dc304e",
|
||
|
"relationship_type": "analysed-with",
|
||
|
"timestamp": "0",
|
||
|
"uuid": "d3e56c5e-8452-4253-86dc-cc03c657f7a8"
|
||
|
}
|
||
|
],
|
||
|
"Attribute": [
|
||
|
{
|
||
|
"category": "Payload delivery",
|
||
|
"comment": "",
|
||
|
"deleted": false,
|
||
|
"disable_correlation": false,
|
||
|
"object_relation": "md5",
|
||
|
"timestamp": "1609779346",
|
||
|
"to_ids": true,
|
||
|
"type": "md5",
|
||
|
"uuid": "d7e513a7-9572-4586-a351-27cd4b639d9b",
|
||
|
"value": "1d6aa29e98d3f54b8c891929c34eb426"
|
||
|
},
|
||
|
{
|
||
|
"category": "Payload delivery",
|
||
|
"comment": "",
|
||
|
"deleted": false,
|
||
|
"disable_correlation": false,
|
||
|
"object_relation": "sha1",
|
||
|
"timestamp": "1609779346",
|
||
|
"to_ids": true,
|
||
|
"type": "sha1",
|
||
|
"uuid": "609ecef0-2287-47d3-be21-a6637ff6d77a",
|
||
|
"value": "ceca1a691c736632b3e98f2ed5b028d33c0f3c64"
|
||
|
},
|
||
|
{
|
||
|
"category": "Payload delivery",
|
||
|
"comment": "",
|
||
|
"deleted": false,
|
||
|
"disable_correlation": false,
|
||
|
"object_relation": "sha256",
|
||
|
"timestamp": "1609779346",
|
||
|
"to_ids": true,
|
||
|
"type": "sha256",
|
||
|
"uuid": "9bb0a812-fd87-45be-a227-d90e6638fe35",
|
||
|
"value": "3e5a6834cf6192a987ca9b0b4c8cb9202660e399ebe387af8c7407b12ae2da63"
|
||
|
}
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"comment": "",
|
||
|
"deleted": false,
|
||
|
"description": "VirusTotal report",
|
||
|
"meta-category": "misc",
|
||
|
"name": "virustotal-report",
|
||
|
"template_uuid": "d7dd0154-e04f-4c34-a2fb-79f3a3a52aa4",
|
||
|
"template_version": "3",
|
||
|
"timestamp": "1609779406",
|
||
|
"uuid": "849ff98d-f0ec-47fa-9637-45dbb8dc304e",
|
||
|
"Attribute": [
|
||
|
{
|
||
|
"category": "Other",
|
||
|
"comment": "",
|
||
|
"deleted": false,
|
||
|
"disable_correlation": false,
|
||
|
"object_relation": "last-submission",
|
||
|
"timestamp": "1609779346",
|
||
|
"to_ids": false,
|
||
|
"type": "datetime",
|
||
|
"uuid": "e713fa1f-3407-4696-99ba-846f34eeb4c0",
|
||
|
"value": "2020-12-10T13:40:24+00:00"
|
||
|
},
|
||
|
{
|
||
|
"category": "Payload delivery",
|
||
|
"comment": "",
|
||
|
"deleted": false,
|
||
|
"disable_correlation": false,
|
||
|
"object_relation": "permalink",
|
||
|
"timestamp": "1609779346",
|
||
|
"to_ids": false,
|
||
|
"type": "link",
|
||
|
"uuid": "6fd7add1-2a7a-4097-8eef-8839fe071b96",
|
||
|
"value": "https://www.virustotal.com/gui/file/3e5a6834cf6192a987ca9b0b4c8cb9202660e399ebe387af8c7407b12ae2da63/detection/f-3e5a6834cf6192a987ca9b0b4c8cb9202660e399ebe387af8c7407b12ae2da63-1607607624"
|
||
|
},
|
||
|
{
|
||
|
"category": "Payload delivery",
|
||
|
"comment": "",
|
||
|
"deleted": false,
|
||
|
"disable_correlation": true,
|
||
|
"object_relation": "detection-ratio",
|
||
|
"timestamp": "1609779346",
|
||
|
"to_ids": false,
|
||
|
"type": "text",
|
||
|
"uuid": "68c02290-85de-4630-9b2d-9106a094a6df",
|
||
|
"value": "55/70"
|
||
|
}
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"comment": "",
|
||
|
"deleted": false,
|
||
|
"description": "File object describing a file with meta-information",
|
||
|
"meta-category": "file",
|
||
|
"name": "file",
|
||
|
"template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215",
|
||
|
"template_version": "22",
|
||
|
"timestamp": "1609779406",
|
||
|
"uuid": "e81e457d-a6d4-4660-a30d-436c4a6feed7",
|
||
|
"ObjectReference": [
|
||
|
{
|
||
|
"comment": "",
|
||
|
"object_uuid": "e81e457d-a6d4-4660-a30d-436c4a6feed7",
|
||
|
"referenced_uuid": "462c4e22-eee2-42e5-80c2-0f6a72bb7805",
|
||
|
"relationship_type": "analysed-with",
|
||
|
"timestamp": "0",
|
||
|
"uuid": "20aabeb5-4dd2-4eb0-a9ea-bf7be9ffaf06"
|
||
|
}
|
||
|
],
|
||
|
"Attribute": [
|
||
|
{
|
||
|
"category": "Payload delivery",
|
||
|
"comment": "",
|
||
|
"deleted": false,
|
||
|
"disable_correlation": false,
|
||
|
"object_relation": "md5",
|
||
|
"timestamp": "1609779346",
|
||
|
"to_ids": true,
|
||
|
"type": "md5",
|
||
|
"uuid": "32d657f2-b523-443f-b06c-71277c83d5db",
|
||
|
"value": "c3c7a97da396085eb48953e638c3c9c6"
|
||
|
},
|
||
|
{
|
||
|
"category": "Payload delivery",
|
||
|
"comment": "",
|
||
|
"deleted": false,
|
||
|
"disable_correlation": false,
|
||
|
"object_relation": "sha1",
|
||
|
"timestamp": "1609779346",
|
||
|
"to_ids": true,
|
||
|
"type": "sha1",
|
||
|
"uuid": "5df36794-435c-4001-aa93-84cf36b4464f",
|
||
|
"value": "8768cf56e12a81d838e270dca9b82d30c35d026e"
|
||
|
},
|
||
|
{
|
||
|
"category": "Payload delivery",
|
||
|
"comment": "",
|
||
|
"deleted": false,
|
||
|
"disable_correlation": false,
|
||
|
"object_relation": "sha256",
|
||
|
"timestamp": "1609779346",
|
||
|
"to_ids": true,
|
||
|
"type": "sha256",
|
||
|
"uuid": "372aeecc-54b6-4c4c-b3cd-24654d94f217",
|
||
|
"value": "3fc382ae51ceca3ad6ef5880cdd2d89ef508f368911d3cd41c71a54453004c55"
|
||
|
}
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"comment": "",
|
||
|
"deleted": false,
|
||
|
"description": "VirusTotal report",
|
||
|
"meta-category": "misc",
|
||
|
"name": "virustotal-report",
|
||
|
"template_uuid": "d7dd0154-e04f-4c34-a2fb-79f3a3a52aa4",
|
||
|
"template_version": "3",
|
||
|
"timestamp": "1609779406",
|
||
|
"uuid": "462c4e22-eee2-42e5-80c2-0f6a72bb7805",
|
||
|
"Attribute": [
|
||
|
{
|
||
|
"category": "Other",
|
||
|
"comment": "",
|
||
|
"deleted": false,
|
||
|
"disable_correlation": false,
|
||
|
"object_relation": "last-submission",
|
||
|
"timestamp": "1609779346",
|
||
|
"to_ids": false,
|
||
|
"type": "datetime",
|
||
|
"uuid": "fcb06cd2-9f93-4579-aa43-ef446a3626cb",
|
||
|
"value": "2021-01-04T14:00:43+00:00"
|
||
|
},
|
||
|
{
|
||
|
"category": "Payload delivery",
|
||
|
"comment": "",
|
||
|
"deleted": false,
|
||
|
"disable_correlation": false,
|
||
|
"object_relation": "permalink",
|
||
|
"timestamp": "1609779346",
|
||
|
"to_ids": false,
|
||
|
"type": "link",
|
||
|
"uuid": "e448de8a-c8cf-4672-9eaa-d62bca982226",
|
||
|
"value": "https://www.virustotal.com/gui/file/3fc382ae51ceca3ad6ef5880cdd2d89ef508f368911d3cd41c71a54453004c55/detection/f-3fc382ae51ceca3ad6ef5880cdd2d89ef508f368911d3cd41c71a54453004c55-1609768843"
|
||
|
},
|
||
|
{
|
||
|
"category": "Payload delivery",
|
||
|
"comment": "",
|
||
|
"deleted": false,
|
||
|
"disable_correlation": true,
|
||
|
"object_relation": "detection-ratio",
|
||
|
"timestamp": "1609779346",
|
||
|
"to_ids": false,
|
||
|
"type": "text",
|
||
|
"uuid": "955136df-ae25-4596-922c-3f1b554cb5eb",
|
||
|
"value": "58/70"
|
||
|
}
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"comment": "",
|
||
|
"deleted": false,
|
||
|
"description": "File object describing a file with meta-information",
|
||
|
"meta-category": "file",
|
||
|
"name": "file",
|
||
|
"template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215",
|
||
|
"template_version": "22",
|
||
|
"timestamp": "1609779406",
|
||
|
"uuid": "0a65ede5-747d-473a-965e-b8cfffe90acd",
|
||
|
"ObjectReference": [
|
||
|
{
|
||
|
"comment": "",
|
||
|
"object_uuid": "0a65ede5-747d-473a-965e-b8cfffe90acd",
|
||
|
"referenced_uuid": "945c2cb2-2d0d-431d-a383-2dbf46b0087a",
|
||
|
"relationship_type": "analysed-with",
|
||
|
"timestamp": "0",
|
||
|
"uuid": "c25c8eaa-709b-4ad9-8b8e-d7f44ac21bfe"
|
||
|
}
|
||
|
],
|
||
|
"Attribute": [
|
||
|
{
|
||
|
"category": "Payload delivery",
|
||
|
"comment": "",
|
||
|
"deleted": false,
|
||
|
"disable_correlation": false,
|
||
|
"object_relation": "md5",
|
||
|
"timestamp": "1609779346",
|
||
|
"to_ids": true,
|
||
|
"type": "md5",
|
||
|
"uuid": "3a7b1c0a-22b2-4128-8724-03c100f78f29",
|
||
|
"value": "c96df334b5ed70473ec6a58a545208b6"
|
||
|
},
|
||
|
{
|
||
|
"category": "Payload delivery",
|
||
|
"comment": "",
|
||
|
"deleted": false,
|
||
|
"disable_correlation": false,
|
||
|
"object_relation": "sha1",
|
||
|
"timestamp": "1609779346",
|
||
|
"to_ids": true,
|
||
|
"type": "sha1",
|
||
|
"uuid": "d49b875f-0478-4462-8912-f304c5701bf8",
|
||
|
"value": "f6ad7b0a1d93b7a70e286b87f423119daa4ea4df"
|
||
|
},
|
||
|
{
|
||
|
"category": "Payload delivery",
|
||
|
"comment": "",
|
||
|
"deleted": false,
|
||
|
"disable_correlation": false,
|
||
|
"object_relation": "sha256",
|
||
|
"timestamp": "1609779346",
|
||
|
"to_ids": true,
|
||
|
"type": "sha256",
|
||
|
"uuid": "7eacda7b-484b-4eef-a1a9-f7a15802e09a",
|
||
|
"value": "4ea8b8c37cfb02ccdba95fe91c12fb68a2b7174fdcbee7ddaadded8ceb0fdf97"
|
||
|
}
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"comment": "",
|
||
|
"deleted": false,
|
||
|
"description": "VirusTotal report",
|
||
|
"meta-category": "misc",
|
||
|
"name": "virustotal-report",
|
||
|
"template_uuid": "d7dd0154-e04f-4c34-a2fb-79f3a3a52aa4",
|
||
|
"template_version": "3",
|
||
|
"timestamp": "1609779406",
|
||
|
"uuid": "945c2cb2-2d0d-431d-a383-2dbf46b0087a",
|
||
|
"Attribute": [
|
||
|
{
|
||
|
"category": "Other",
|
||
|
"comment": "",
|
||
|
"deleted": false,
|
||
|
"disable_correlation": false,
|
||
|
"object_relation": "last-submission",
|
||
|
"timestamp": "1609779346",
|
||
|
"to_ids": false,
|
||
|
"type": "datetime",
|
||
|
"uuid": "8da44018-bdf1-4bad-a949-816ad3937766",
|
||
|
"value": "2020-12-26T00:01:37+00:00"
|
||
|
},
|
||
|
{
|
||
|
"category": "Payload delivery",
|
||
|
"comment": "",
|
||
|
"deleted": false,
|
||
|
"disable_correlation": false,
|
||
|
"object_relation": "permalink",
|
||
|
"timestamp": "1609779346",
|
||
|
"to_ids": false,
|
||
|
"type": "link",
|
||
|
"uuid": "ae1dbfb3-805c-40a6-b58e-e0b87b70f693",
|
||
|
"value": "https://www.virustotal.com/gui/file/4ea8b8c37cfb02ccdba95fe91c12fb68a2b7174fdcbee7ddaadded8ceb0fdf97/detection/f-4ea8b8c37cfb02ccdba95fe91c12fb68a2b7174fdcbee7ddaadded8ceb0fdf97-1608940897"
|
||
|
},
|
||
|
{
|
||
|
"category": "Payload delivery",
|
||
|
"comment": "",
|
||
|
"deleted": false,
|
||
|
"disable_correlation": true,
|
||
|
"object_relation": "detection-ratio",
|
||
|
"timestamp": "1609779346",
|
||
|
"to_ids": false,
|
||
|
"type": "text",
|
||
|
"uuid": "9f07ad66-dba8-41ca-8e09-2f9c0d00da46",
|
||
|
"value": "54/69"
|
||
|
}
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"comment": "",
|
||
|
"deleted": false,
|
||
|
"description": "File object describing a file with meta-information",
|
||
|
"meta-category": "file",
|
||
|
"name": "file",
|
||
|
"template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215",
|
||
|
"template_version": "22",
|
||
|
"timestamp": "1609779406",
|
||
|
"uuid": "e01e6532-7d60-4367-aa1f-1a34f155ed9d",
|
||
|
"ObjectReference": [
|
||
|
{
|
||
|
"comment": "",
|
||
|
"object_uuid": "e01e6532-7d60-4367-aa1f-1a34f155ed9d",
|
||
|
"referenced_uuid": "e36355e9-1dae-426d-93bc-662bbd33defc",
|
||
|
"relationship_type": "analysed-with",
|
||
|
"timestamp": "0",
|
||
|
"uuid": "7fed2ed2-e265-4b0b-9cdf-23926d0233ff"
|
||
|
}
|
||
|
],
|
||
|
"Attribute": [
|
||
|
{
|
||
|
"category": "Payload delivery",
|
||
|
"comment": "",
|
||
|
"deleted": false,
|
||
|
"disable_correlation": false,
|
||
|
"object_relation": "md5",
|
||
|
"timestamp": "1609779346",
|
||
|
"to_ids": true,
|
||
|
"type": "md5",
|
||
|
"uuid": "859e0b21-3cc6-456d-a2a5-c9269f658b8e",
|
||
|
"value": "7375083934dd17f0532da3bd6770ab25"
|
||
|
},
|
||
|
{
|
||
|
"category": "Payload delivery",
|
||
|
"comment": "",
|
||
|
"deleted": false,
|
||
|
"disable_correlation": false,
|
||
|
"object_relation": "sha1",
|
||
|
"timestamp": "1609779346",
|
||
|
"to_ids": true,
|
||
|
"type": "sha1",
|
||
|
"uuid": "5bb0f3ad-1c7b-4f99-87a6-504e207d9eec",
|
||
|
"value": "ac6d919b313bbb18624d26745121fca3e4ae0fd3"
|
||
|
},
|
||
|
{
|
||
|
"category": "Payload delivery",
|
||
|
"comment": "",
|
||
|
"deleted": false,
|
||
|
"disable_correlation": false,
|
||
|
"object_relation": "sha256",
|
||
|
"timestamp": "1609779346",
|
||
|
"to_ids": true,
|
||
|
"type": "sha256",
|
||
|
"uuid": "0520a40b-13ae-49bc-b37d-9bdc369e53a7",
|
||
|
"value": "f0adfd3f89c9268953f93bfdfefb84432532a1e30542fee7bddda14dcb69a76c"
|
||
|
}
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"comment": "",
|
||
|
"deleted": false,
|
||
|
"description": "VirusTotal report",
|
||
|
"meta-category": "misc",
|
||
|
"name": "virustotal-report",
|
||
|
"template_uuid": "d7dd0154-e04f-4c34-a2fb-79f3a3a52aa4",
|
||
|
"template_version": "3",
|
||
|
"timestamp": "1609779406",
|
||
|
"uuid": "e36355e9-1dae-426d-93bc-662bbd33defc",
|
||
|
"Attribute": [
|
||
|
{
|
||
|
"category": "Other",
|
||
|
"comment": "",
|
||
|
"deleted": false,
|
||
|
"disable_correlation": false,
|
||
|
"object_relation": "last-submission",
|
||
|
"timestamp": "1609779346",
|
||
|
"to_ids": false,
|
||
|
"type": "datetime",
|
||
|
"uuid": "0a6d34f2-2cae-42ef-bafa-11f877992855",
|
||
|
"value": "2020-12-29T02:03:45+00:00"
|
||
|
},
|
||
|
{
|
||
|
"category": "Payload delivery",
|
||
|
"comment": "",
|
||
|
"deleted": false,
|
||
|
"disable_correlation": false,
|
||
|
"object_relation": "permalink",
|
||
|
"timestamp": "1609779346",
|
||
|
"to_ids": false,
|
||
|
"type": "link",
|
||
|
"uuid": "7a28e9c0-fe81-4c22-9f51-c63b948bfccc",
|
||
|
"value": "https://www.virustotal.com/gui/file/f0adfd3f89c9268953f93bfdfefb84432532a1e30542fee7bddda14dcb69a76c/detection/f-f0adfd3f89c9268953f93bfdfefb84432532a1e30542fee7bddda14dcb69a76c-1609207425"
|
||
|
},
|
||
|
{
|
||
|
"category": "Payload delivery",
|
||
|
"comment": "",
|
||
|
"deleted": false,
|
||
|
"disable_correlation": true,
|
||
|
"object_relation": "detection-ratio",
|
||
|
"timestamp": "1609779346",
|
||
|
"to_ids": false,
|
||
|
"type": "text",
|
||
|
"uuid": "38dc5c8c-cbd8-492c-bf51-a4bea9f621fe",
|
||
|
"value": "25/60"
|
||
|
}
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"comment": "",
|
||
|
"deleted": false,
|
||
|
"description": "Cryptographic materials such as public or/and private keys.",
|
||
|
"meta-category": "misc",
|
||
|
"name": "crypto-material",
|
||
|
"template_uuid": "50677f82-ec9c-4484-bb29-2519cfe56823",
|
||
|
"template_version": "4",
|
||
|
"timestamp": "1609779593",
|
||
|
"uuid": "20f9ac21-e557-46c7-b6a7-014870661f3d",
|
||
|
"Attribute": [
|
||
|
{
|
||
|
"category": "Other",
|
||
|
"comment": "",
|
||
|
"deleted": false,
|
||
|
"disable_correlation": true,
|
||
|
"object_relation": "type",
|
||
|
"timestamp": "1609779593",
|
||
|
"to_ids": false,
|
||
|
"type": "text",
|
||
|
"uuid": "b2776f5a-08af-446f-b299-3653172e3443",
|
||
|
"value": "RSA"
|
||
|
},
|
||
|
{
|
||
|
"category": "Other",
|
||
|
"comment": "",
|
||
|
"deleted": false,
|
||
|
"disable_correlation": false,
|
||
|
"object_relation": "private",
|
||
|
"timestamp": "1609779593",
|
||
|
"to_ids": false,
|
||
|
"type": "text",
|
||
|
"uuid": "02863d35-aab0-4536-88d8-3b04ae1eb74d",
|
||
|
"value": "pWEzuKkw9nY82VRKYfrw4f4wvrnfnKEApQ5JTkf/YQPzxJtJmwKUjXV759aYQnPIZdGN1RUckdpMZWiYGmsWFYzkNJZpsPihvk9c14zLJDJdmpitYvoy22JFox9iBHqhFAjDC37kzpVH6bafVABdUgUdr0r2EzK+ysJBiR0Ge28ToH94wJTXwBC7hi3G42vk4KmLncPm55NUuz9ZzQ+xqovtN/RyDNL8MDbW4lHWe9Lmi5qlNN/ckIgwDh+sI1rO/T+DmS1Uoo62QWeYTgmlRaCp91AfeC7mNFkXvXUVMs3GlqpIrgbMLPBbBi04sra/pmXp9oteZK4b1fAWKgDZ2B0f11AiX9SFIpJn8odT+Z0tVL2H8IKvANB1507SGq3S2JR3a6SLGODy3yjm3vwfnyaVqL1gNNudkDc5dLVx0tavBj2h5v1PMDCFYpuSZ56qYY1VeQfA56bsPKI2J102ztOktaFmU9jI3G3oxBCV9j1JKOJhltPRjyXAmg9o3sqB5VCxPzmMIL+bxJnEelHdBzVdRpY4pPyEPmdrn2mQ5sXwIA1RfdvF9JruxQF/0yl2WKqK0CE4pKazQWdrYdQaLTPCdMxZv7JKO8Dy5vyHBW08+UTJEuEiQa6Q/1qVkGipUPgK4Wpg3iP6xas9SaV1ovy1o2yC0beVhD+Ean6/5/lfIiG1w/ouzyq0Vprhfmr59ftnduimCDgAPi9mv2Fzg1BcGYt5P0qE7Ya0ycGFyvNvS2eoiA5mjvN67R6jeJ8JF0fPnz7O2QMldjZj0uVfAoMHlgaRP74vOKfOzFHCiPhyXwe8V9Wd3xjctlG4PCVMuUvYn7BFSW82AMefXIWTeIhHD4UdoAuZ3sHsgsFyyaTdVo1WCEWJtMMN0FOyhF0m1R5ozQPJSyuaOUzrDU1fKD57v3Cf5T860kath1w+CQAeWXdbXSR0mvN45rPgYN24qVvvB6kle5Vr20x0EZJ4viCERcreKcJqOV/0GwZU4BR8jUGQkokgD3UvJQf0Vu4mIv6vLZUtvRvEl3URsZNWh7nnKR5jjq3Tx911IH+UQznFncGD402REUpyADZpv0aRfyMZzZFecaxlo/EMS8lhkeukkZQJiwXJH2SV77olADcOfnaOQEq+YU23kRJf+YOdKW3E9NsqF1MKLTdn5+31ka4OyN7wed9HVyJj+clXkNT/YJkS/E869Hm1MPBQv+25451tiXgGcKo/9L5BFmmy77TxYuZMjuRVIanXWwK8tQ+kz0gEj1BG4I477yrhqN2yaQQ2cZ7QhpNPFlnsereCoI8rNBRBp/VgxKS+AKqkKj9UyghlABrYlRypEsM7FDC44tvDJILfb+9IL70qEe+BdPmIIv4/HWHJSEI7K9MWLah7cX4OGLG2eqT9pSkLISFvyEM+9ylo3WYWx2G0m5s0r7O+jRAOdZ1Joy5eGx7PPRCnVcEv0IyhNnFpz4HsNibUAR664rZ+Os05SDNitn3t8RgtAcvTdNHAbtNGLZZj/7KFIyGb1f37teR9/oty8BFsaHhRNVHx22+u+AFR/HbucnbY+prvzAWY3dpjQIO2O+3HoCuz2MXx5gFIfJ0pIA6V9px/j4LOPGPfN159CRItKeOy3ZLtKByaD+FwHBzYHpIWgCvL2vWo+eRWF66oYNvDhB5yVtDgXx0LU789ypKu/vjuvo7obGEoF3NoxJhmNS4DfVMzsy4YdBRhHrBfF36a8ahFSBApu9cd0RmuT09hKmV7m+EGGCXr+MNvzlFQSMzt5Ce5Mj9w507PN/IDLQz8h6236WGZSH2iM2PGUq/UF1wADoHSjPXRcfPparHHHPTcZZkil4HMWP6Y+gDlN0BKKl9ntqyd8QiiqDqwcJIZZG4Jm6lRIhvpBZ14P+z83zePzjMNhVkNVnU4sfDRaemkxZFPF+hGM/PEvqFuEOsX4LfWxOpwLAf+OLLpe71+6QdKDAcwf6553t0TOPCqGr3B+flGGAhi0pqCeAsB0KzS28MakLBxJQPkR/E+F0tHmwBYCCl0haxZnBZ9rJVApq2rAAENA2gQLPaStc0DzrdkIRY6r789la7OzAUqvcTyX8fq/xfYJpz+zUt4PUcVWxoO1+1g9+BpCAlPgZEkIKSbqoSNtkeIMz65CthNiCsX817p8nqBb4BdpcuCihoL49fK6fn/WUnj3xaTiQuNDnvcW9NARgIzqu2lvsZa+qvDBW99gsaeLb4feNlGqZUk98zht7GvywgFEAEYASCAAigAOg5QAEgAWABGAFMAMgAAAEIiQgAwADIARAAwAEYAMwAyAEEAMQBDADkAMgBFADAAOAAAAEqQAXwAQQA6AFIAXwAwAC8AMAB8AEMAOgBGAF8ANAA0ADMAMAA4AC8ANwA2ADQANAA3AHwARAA6AEMAXwAwAC8AMAB8AEUAOgBGAF8AMQA3ADEANgA0ADQALwAyADAAOQA3ADEANAA5AHwARgA6AEYAXwAyADkANAA5ADQANQAvADIAMAA0ADcAOAA2ADgAfAAAAFIQagBnAHIAYQBuAGoAYQAAAGgDckBXAGkAbgBkAG8AdwBzACAAUwBlAHIAdgBlAHIAIAAyADAAMQAyACAAUgAyACAAUwB0AGEAbgBkAGEAcgBkAAAAehJJAE0AUABSAEkATQBJAFMAAAA="
|
||
|
},
|
||
|
{
|
||
|
"category": "Other",
|
||
|
"comment": "",
|
||
|
"deleted": false,
|
||
|
"disable_correlation": true,
|
||
|
"object_relation": "origin",
|
||
|
"timestamp": "1609779593",
|
||
|
"to_ids": false,
|
||
|
"type": "text",
|
||
|
"uuid": "8b7fe772-37c8-4029-8805-442991a0c6e3",
|
||
|
"value": "malware-extraction"
|
||
|
}
|
||
|
]
|
||
|
}
|
||
|
]
|
||
|
}
|
||
|
}
|