adulau/misp-circl-feed
1
0
Fork 0
Code Issues 1 Pull requests Projects 1 Releases Packages Wiki Activity Actions
misp-circl-feed/feeds/circl/misp/5bec8d43-b990-4129-a9f4-45d08064ab0b.json

1368 lines
43 KiB
JSON
Raw Normal View History

chg: [feed] added
2023-04-21 13:25:09 +00:00
{
chg: [gen] updated
2023-12-14 14:30:15 +00:00
"Event": {
"analysis": "1",
"date": "2019-09-24",
"extends_uuid": "",
"info": "MISSING LINK: Tibetan Groups Targeted with Mobile Exploits",
"publish_timestamp": "1622031713",
"published": true,
"threat_level_id": "1",
"timestamp": "1621850373",
"uuid": "5bec8d43-b990-4129-a9f4-45d08064ab0b",
"Orgc": {
"name": "citizenlab",
"uuid": "581b5fea-818c-441a-bd1d-49798e96ca05"
},
"Tag": [
{
"colour": "#004646",
chg: [feed] updated
2024-04-05 12:15:17 +00:00
"local": false,
chg: [gen] updated
2023-12-14 14:30:15 +00:00
"name": "type:OSINT",
"relationship_type": ""
},
{
"colour": "#0071c3",
chg: [feed] updated
2024-04-05 12:15:17 +00:00
"local": false,
chg: [gen] updated
2023-12-14 14:30:15 +00:00
"name": "osint:lifetime=\"perpetual\"",
"relationship_type": ""
},
{
"colour": "#0087e8",
chg: [feed] updated
2024-04-05 12:15:17 +00:00
"local": false,
chg: [gen] updated
2023-12-14 14:30:15 +00:00
"name": "osint:certainty=\"50\"",
"relationship_type": ""
},
{
"colour": "#ffffff",
chg: [feed] updated
2024-04-05 12:15:17 +00:00
"local": false,
chg: [gen] updated
2023-12-14 14:30:15 +00:00
"name": "tlp:white",
"relationship_type": ""
}
],
"Attribute": [
{
"category": "Artifacts dropped",
"comment": "iOS payload",
"deleted": false,
"disable_correlation": false,
"timestamp": "1568072031",
"to_ids": true,
"type": "sha256",
"uuid": "5d76dfaf-574c-4253-b1f1-67578064ab0b",
"value": "0d2ee9ade24163613772fdda201af985d852ab506e3d3e7f07fb3fa8b0853560"
},
{
"category": "Attribution",
"comment": "",
"deleted": false,
"disable_correlation": false,
"timestamp": "1568065970",
"to_ids": false,
"type": "whois-registrant-email",
"uuid": "5d76c9b2-8b24-4fb2-8ff3-61dc8064ab0b",
"value": "dashenqu832@outlook.com"
},
{
"category": "Attribution",
"comment": "",
"deleted": false,
"disable_correlation": false,
"timestamp": "1568065970",
"to_ids": false,
"type": "whois-registrant-email",
"uuid": "5d76c9b2-5654-4b42-a28f-61dc8064ab0b",
"value": "ornaments798@outlook.com"
},
{
"category": "Network activity",
"comment": "",
"deleted": false,
"disable_correlation": false,
"timestamp": "1568072039",
"to_ids": true,
"type": "domain",
"uuid": "5d76c70f-df94-4cd0-b977-4cea8064ab0b",
"value": "www.energy-mail.org"
},
{
"category": "Network activity",
"comment": "",
"deleted": false,
"disable_correlation": false,
"timestamp": "1568065932",
"to_ids": true,
"type": "domain",
"uuid": "5d76c98c-95a0-4186-9d08-61de8064ab0b",
"value": "antmoving.online"
},
{
"category": "Network activity",
"comment": "",
"deleted": false,
"disable_correlation": false,
"timestamp": "1568065932",
"to_ids": true,
"type": "domain",
"uuid": "5d76c98c-be94-4716-9cc3-61de8064ab0b",
"value": "beemail.online"
},
{
"category": "Network activity",
"comment": "",
"deleted": false,
"disable_correlation": false,
"timestamp": "1568065932",
"to_ids": true,
"type": "domain",
"uuid": "5d76c98c-0998-4c3d-94fa-61de8064ab0b",
"value": "bf.mk"
},
{
"category": "Network activity",
"comment": "",
"deleted": false,
"disable_correlation": false,
"timestamp": "1568065932",
"to_ids": true,
"type": "domain",
"uuid": "5d76c98c-77cc-4a32-b989-61de8064ab0b",
"value": "energy-mail.org"
},
{
"category": "Network activity",
"comment": "",
"deleted": false,
"disable_correlation": false,
"timestamp": "1568065932",
"to_ids": true,
"type": "domain",
"uuid": "5d76c98c-a620-4e86-969b-61de8064ab0b",
"value": "gmailapp.me"
},
{
"category": "Network activity",
"comment": "",
"deleted": false,
"disable_correlation": false,
"timestamp": "1568065932",
"to_ids": true,
"type": "domain",
"uuid": "5d76c98c-8960-4e6c-be1c-61de8064ab0b",
"value": "izelense.com"
},
{
"category": "Network activity",
"comment": "",
"deleted": false,
"disable_correlation": false,
"timestamp": "1568065932",
"to_ids": true,
"type": "domain",
"uuid": "5d76c98c-52b4-4bb9-b61b-61de8064ab0b",
"value": "mailanalysis.services"
},
{
"category": "Network activity",
"comment": "",
"deleted": false,
"disable_correlation": false,
"timestamp": "1568065932",
"to_ids": true,
"type": "domain",
"uuid": "5d76c98c-1b78-4933-98f8-61de8064ab0b",
"value": "mailcontactanalysis.online"
},
{
"category": "Network activity",
"comment": "",
"deleted": false,
"disable_correlation": false,
"timestamp": "1568065932",
"to_ids": true,
"type": "domain",
"uuid": "5d76c98c-3358-4897-a52b-61de8064ab0b",
"value": "mailnotes.online"
},
{
"category": "Network activity",
"comment": "",
"deleted": false,
"disable_correlation": false,
"timestamp": "1568065932",
"to_ids": true,
"type": "domain",
"uuid": "5d76c98c-6be4-4b4a-9a37-61de8064ab0b",
"value": "polarismail.services"
},
{
"category": "Network activity",
"comment": "",
"deleted": false,
"disable_correlation": false,
"timestamp": "1568065932",
"to_ids": true,
"type": "domain",
"uuid": "5d76c98c-0cb4-4be5-b3d6-61de8064ab0b",
"value": "rf.mk"
},
{
"category": "Network activity",
"comment": "",
"deleted": false,
"disable_correlation": false,
"timestamp": "1568065932",
"to_ids": true,
"type": "domain",
"uuid": "5d76c98c-f230-436d-a69f-61de8064ab0b",
"value": "walkingnote.online"
},
{
"category": "Network activity",
"comment": "",
"deleted": false,
"disable_correlation": false,
"timestamp": "1542229375",
"to_ids": true,
"type": "domain",
"uuid": "5bec8d6d-71e0-40b6-add8-171c8064ab0b",
"value": "www.msap.services"
},
{
"category": "Network activity",
"comment": "",
"deleted": false,
"disable_correlation": false,
"timestamp": "1542229378",
"to_ids": true,
"type": "domain",
"uuid": "5bec8d6d-6cc8-4aef-b8c9-171c8064ab0b",
"value": "msap.services"
},
{
"category": "Network activity",
"comment": "",
"deleted": false,
"disable_correlation": false,
"timestamp": "1568065440",
"to_ids": true,
"type": "ip-dst",
"uuid": "5d76c7a0-2dac-4e65-a0ca-67208064ab0b",
"value": "45.32.75.217"
},
{
"category": "Network activity",
"comment": "Android exploit server",
"deleted": false,
"disable_correlation": false,
"timestamp": "1569015557",
"to_ids": true,
"type": "ip-dst",
"uuid": "5d76c7a0-3c28-4110-aa88-67208064ab0b",
"value": "45.76.149.154"
},
{
"category": "Network activity",
"comment": "",
"deleted": false,
"disable_correlation": false,
"timestamp": "1568072048",
"to_ids": true,
"type": "ip-dst",
"uuid": "5d76cc33-7aac-4eb8-a1be-66c48064ab0b",
"value": "45.78.79.100"
},
{
"category": "Network activity",
"comment": "",
"deleted": false,
"disable_correlation": false,
"timestamp": "1568067414",
"to_ids": true,
"type": "ip-dst",
"uuid": "5d76cf56-94f8-4a16-84d5-67af8064ab0b",
"value": "149.28.93.11"
},
{
"category": "Network activity",
"comment": "",
"deleted": false,
"disable_correlation": false,
"timestamp": "1568072087",
"to_ids": true,
"type": "ip-dst",
"uuid": "5d76d19b-0704-42fa-95c5-61df8064ab0b",
"value": "95.169.2.57"
},
{
"category": "Network activity",
"comment": "",
"deleted": false,
"disable_correlation": false,
"timestamp": "1568069362",
"to_ids": true,
"type": "ip-dst",
"uuid": "5d76d6f2-f44c-4b21-ba2d-67578064ab0b",
"value": "206.189.65.198"
},
{
"category": "Network activity",
"comment": "",
"deleted": false,
"disable_correlation": false,
"timestamp": "1568070374",
"to_ids": true,
"type": "ip-dst",
"uuid": "5d76dae6-bdc4-4cca-8161-61de8064ab0b",
"value": "140.82.17.222"
},
{
"category": "Network activity",
"comment": "",
"deleted": false,
"disable_correlation": false,
"timestamp": "1568072101",
"to_ids": true,
"type": "ip-dst",
"uuid": "5d76dcf6-f094-47a0-8fd4-4cea8064ab0b",
"value": "45.76.53.26"
},
{
"category": "Network activity",
"comment": "",
"deleted": false,
"disable_correlation": false,
"timestamp": "1568071189",
"to_ids": true,
"type": "ip-dst",
"uuid": "5d76de15-2544-4f39-baed-61db8064ab0b",
"value": "45.32.91.137"
},
{
"category": "Network activity",
"comment": "iOS exploit server",
"deleted": false,
"disable_correlation": false,
"timestamp": "1569015678",
"to_ids": true,
"type": "ip-dst",
"uuid": "5bec8d7b-b658-4050-8b3c-45cc8064ab0b",
"value": "144.202.59.23"
},
{
"category": "Network activity",
"comment": "iOS C2",
"deleted": false,
"disable_correlation": false,
"timestamp": "1569015608",
"to_ids": true,
"type": "ip-dst",
"uuid": "5bed8343-d968-4c72-a106-2b328064ab0b",
"value": "66.42.58.59"
},
{
"category": "Network activity",
"comment": "",
"deleted": false,
"disable_correlation": false,
"timestamp": "1542292671",
"to_ids": true,
"type": "ip-dst",
"uuid": "5bed84bf-8710-4cba-b9eb-05688064ab0b",
"value": "43.251.16.87"
},
{
"category": "Network activity",
"comment": "",
"deleted": false,
"disable_correlation": false,
"timestamp": "1568065235",
"to_ids": false,
"type": "url",
"uuid": "5d76c6d3-b878-442a-b476-61de8064ab0b",
"value": "http://bit.ly/2z1WayM"
},
{
"category": "Network activity",
"comment": "",
"deleted": false,
"disable_correlation": false,
"timestamp": "1568065235",
"to_ids": false,
"type": "url",
"uuid": "5d76c6d3-b644-45e2-a9d7-61de8064ab0b",
"value": "http://www.msap.services/1R7mqD"
},
{
"category": "Network activity",
"comment": "",
"deleted": false,
"disable_correlation": false,
"timestamp": "1568065235",
"to_ids": false,
"type": "url",
"uuid": "5d76c6d3-14c4-4b77-85be-61de8064ab0b",
"value": "http://bit.ly/2AYy61a"
},
{
"category": "Network activity",
"comment": "",
"deleted": false,
"disable_correlation": false,
"timestamp": "1568065235",
"to_ids": false,
"type": "url",
"uuid": "5d76c6d3-f8f0-4399-a2ae-61de8064ab0b",
"value": "http//www.msap.services/2bKr8Z"
},
{
"category": "Network activity",
"comment": "",
"deleted": false,
"disable_correlation": false,
"timestamp": "1568065235",
"to_ids": false,
"type": "url",
"uuid": "5d76c6d3-a174-4130-a62c-61de8064ab0b",
"value": "http://www.msap.services/6FeBOy"
},
{
"category": "Network activity",
"comment": "",
"deleted": false,
"disable_correlation": false,
"timestamp": "1568065235",
"to_ids": false,
"type": "url",
"uuid": "5d76c6d3-ce00-497f-9284-61de8064ab0b",
"value": "http://suo.im/5ot25j"
},
{
"category": "Network activity",
"comment": "",
"deleted": false,
"disable_correlation": false,
"timestamp": "1568065235",
"to_ids": false,
"type": "url",
"uuid": "5d76c6d3-1708-4847-8b18-61de8064ab0b",
"value": "http://news.cmitcsubs.tk:5000/web/info?org=aHR0cHM6Ly9kcml2ZS5nb29nbGUuY29tL29wZW4/aWQ9MUlTakl2eFoxX1g5YkdJSnQtMlpKeDRDRWwzdVVhRmlv"
},
{
"category": "Network activity",
"comment": "",
"deleted": false,
"disable_correlation": false,
"timestamp": "1568065235",
"to_ids": false,
"type": "url",
"uuid": "5d76c6d3-bb64-4b8d-b773-61de8064ab0b",
"value": "http://www.msap.services/yHJbS6"
},
{
"category": "Network activity",
"comment": "",
"deleted": false,
"disable_correlation": false,
"timestamp": "1568065235",
"to_ids": false,
"type": "url",
"uuid": "5d76c6d3-d218-49a3-96f3-61de8064ab0b",
"value": "http://bit.ly/2qHg3Xt"
},
{
"category": "Network activity",
"comment": "",
"deleted": false,
"disable_correlation": false,
"timestamp": "1568065235",
"to_ids": false,
"type": "url",
"uuid": "5d76c6d3-0658-494c-afb4-61de8064ab0b",
"value": "http://www.msap.services/S5gDoN"
},
{
"category": "Network activity",
"comment": "",
"deleted": false,
"disable_correlation": false,
"timestamp": "1568065235",
"to_ids": false,
"type": "url",
"uuid": "5d76c6d3-8624-44df-8338-61de8064ab0b",
"value": "http://bit.ly/2T2CoeX"
},
{
"category": "Network activity",
"comment": "",
"deleted": false,
"disable_correlation": false,
"timestamp": "1568065235",
"to_ids": false,
"type": "url",
"uuid": "5d76c6d3-1170-4f0e-ade3-61de8064ab0b",
"value": "http://www.msap.services/EzpOhU"
},
{
"category": "Network activity",
"comment": "",
"deleted": false,
"disable_correlation": false,
"timestamp": "1568065235",
"to_ids": false,
"type": "url",
"uuid": "5d76c6d3-578c-4a96-88fe-61de8064ab0b",
"value": "http://bit.ly/2PSvdau"
},
{
"category": "Network activity",
"comment": "",
"deleted": false,
"disable_correlation": false,
"timestamp": "1568065235",
"to_ids": false,
"type": "url",
"uuid": "5d76c6d3-7058-403d-a9b1-61de8064ab0b",
"value": "http://www.msap.services/GfHuRi"
},
{
"category": "Network activity",
"comment": "",
"deleted": false,
"disable_correlation": false,
"timestamp": "1568065235",
"to_ids": false,
"type": "url",
"uuid": "5d76c6d3-5824-4b00-8dda-61de8064ab0b",
"value": "http://suo.im/5okeFb"
},
{
"category": "Network activity",
"comment": "",
"deleted": false,
"disable_correlation": false,
"timestamp": "1568065235",
"to_ids": false,
"type": "url",
"uuid": "5d76c6d3-b8ec-438c-8161-61de8064ab0b",
"value": "http://news.cmitcsubs.tk:5000/web/info?org=aHR0cHM6Ly93d3cubnl0aW1lcy5jb20vMjAxOC8xMS8wMi9vYml0dWFyaWVzL2xvZGktZ3lhcmktZGVhZC5odG1s"
},
{
"category": "Network activity",
"comment": "",
"deleted": false,
"disable_correlation": false,
"timestamp": "1568065235",
"to_ids": false,
"type": "url",
"uuid": "5d76c6d3-a530-4671-8fab-61de8064ab0b",
"value": "http://bit.ly/2SVPqdY"
},
{
"category": "Network activity",
"comment": "",
"deleted": false,
"disable_correlation": false,
"timestamp": "1568065235",
"to_ids": false,
"type": "url",
"uuid": "5d76c6d3-bd08-4528-9fab-61de8064ab0b",
"value": "http://www.msap.services/F8XGNe"
},
{
"category": "Network activity",
"comment": "",
"deleted": false,
"disable_correlation": false,
"timestamp": "1568065235",
"to_ids": false,
"type": "url",
"uuid": "5d76c6d3-936c-411b-a0c9-61de8064ab0b",
"value": "http://bit.ly/2QroNMt"
},
{
"category": "Network activity",
"comment": "",
"deleted": false,
"disable_correlation": false,
"timestamp": "1568065235",
"to_ids": false,
"type": "url",
"uuid": "5d76c6d3-2f9c-40b2-8cd5-61de8064ab0b",
"value": "http://www.msap.services/70FtQX"
},
{
"category": "Network activity",
"comment": "",
"deleted": false,
"disable_correlation": false,
"timestamp": "1568065235",
"to_ids": false,
"type": "url",
"uuid": "5d76c6d3-2150-4f97-80c4-61de8064ab0b",
"value": "http://msap.services/yHJbS6"
},
{
"category": "Network activity",
"comment": "",
"deleted": false,
"disable_correlation": false,
"timestamp": "1568065235",
"to_ids": false,
"type": "url",
"uuid": "5d76c6d3-0d28-4b27-9ac6-61de8064ab0b",
"value": "http://bit.ly/2B4GwEf"
},
{
"category": "Network activity",
"comment": "",
"deleted": false,
"disable_correlation": false,
"timestamp": "1568065235",
"to_ids": false,
"type": "url",
"uuid": "5d76c6d3-8604-4125-b369-61de8064ab0b",
"value": "http://www.msap.services/XgL5A9"
},
{
"category": "Network activity",
"comment": "",
"deleted": false,
"disable_correlation": false,
"timestamp": "1568065235",
"to_ids": false,
"type": "url",
"uuid": "5d76c6d4-7398-45b0-b5e9-61de8064ab0b",
"value": "http://bit.ly/2T6pCMf"
},
{
"category": "Network activity",
"comment": "",
"deleted": false,
"disable_correlation": false,
"timestamp": "1568065236",
"to_ids": false,
"type": "url",
"uuid": "5d76c6d4-0854-4d51-8fb7-61de8064ab0b",
"value": "http://www.msap.services/ZpzstM"
},
{
"category": "Network activity",
"comment": "",
"deleted": false,
"disable_correlation": false,
"timestamp": "1568065236",
"to_ids": false,
"type": "url",
"uuid": "5d76c6d4-2fb8-46f2-a589-61de8064ab0b",
"value": "http://bit.ly/2Drl90q"
},
{
"category": "Network activity",
"comment": "",
"deleted": false,
"disable_correlation": false,
"timestamp": "1568065236",
"to_ids": false,
"type": "url",
"uuid": "5d76c6d4-12f0-4f58-9a9b-61de8064ab0b",
"value": "http://www.msap.services/ZQfqzs"
},
{
"category": "Network activity",
"comment": "",
"deleted": false,
"disable_correlation": false,
"timestamp": "1568065236",
"to_ids": false,
"type": "url",
"uuid": "5d76c6d4-c2a8-4ee3-bf3d-61de8064ab0b",
"value": "https://bit.ly/2MgSRwL"
},
{
"category": "Network activity",
"comment": "",
"deleted": false,
"disable_correlation": false,
"timestamp": "1568065236",
"to_ids": false,
"type": "url",
"uuid": "5d76c6d4-52b4-413f-bf04-61de8064ab0b",
"value": "https://www.energy-mail.org/B20V54"
},
{
"category": "Network activity",
"comment": "",
"deleted": false,
"disable_correlation": false,
"timestamp": "1568065236",
"to_ids": false,
"type": "url",
"uuid": "5d76c6d4-dde0-484e-ac13-61de8064ab0b",
"value": "https://bit.ly/2XePmYt"
},
{
"category": "Network activity",
"comment": "",
"deleted": false,
"disable_correlation": false,
"timestamp": "1568065236",
"to_ids": false,
"type": "url",
"uuid": "5d76c6d4-3b64-4591-b0df-61de8064ab0b",
"value": "http://45.76.149.154:5000/web/info?org=aHR0cDovL3d3dy5waGF5dWwuY29tL25ld3MvYXJ0aWNsZS5hc3B4P2lkPTQxNDc0JmZiY2xpZD1Jd0FSM1RadGdjanppUkhNZFJuOEdhZ1RMUV9iMHFrX0VBZWY2YldxRU5SanhaZkkzRFdPNFpsRExPcFdz"
},
{
"category": "Network activity",
"comment": "",
"deleted": false,
"disable_correlation": false,
"timestamp": "1568065328",
"to_ids": false,
"type": "url",
"uuid": "5d76c730-b4c0-4746-af7e-61db8064ab0b",
"value": "http://43.251.16.87:5000//dev/loader"
},
{
"category": "Network activity",
"comment": "Scotch user agent",
"deleted": false,
"disable_correlation": false,
"timestamp": "1569270996",
"to_ids": true,
"type": "user-agent",
"uuid": "5d892cd4-fba0-4c21-90d9-0b328064ab0b",
"value": "hots scot"
},
{
"category": "Payload delivery",
"comment": "OAuth email addresses",
"deleted": false,
"disable_correlation": false,
"timestamp": "1568072427",
"to_ids": false,
"type": "email-src",
"uuid": "5d76e2eb-abe8-44bb-8dbf-67578064ab0b",
"value": "antmoving.online@gmail.com"
},
{
"category": "Payload delivery",
"comment": "OAuth email addresses",
"deleted": false,
"disable_correlation": false,
"timestamp": "1568072427",
"to_ids": false,
"type": "email-src",
"uuid": "5d76e2eb-df2c-4913-b458-67578064ab0b",
"value": "energymail.org@gmail.com"
},
{
"category": "Payload delivery",
"comment": "OAuth email addresses",
"deleted": false,
"disable_correlation": false,
"timestamp": "1568072427",
"to_ids": false,
"type": "email-src",
"uuid": "5d76e2eb-e004-41d8-bc9d-67578064ab0b",
"value": "jameslewis199106@gmail.com"
},
{
"category": "Payload delivery",
"comment": "OAuth email addresses",
"deleted": false,
"disable_correlation": false,
"timestamp": "1568072427",
"to_ids": false,
"type": "email-src",
"uuid": "5d76e2eb-37c8-4b75-b5d7-67578064ab0b",
"value": "touchxun658@gmail.com"
},
{
"category": "Payload delivery",
"comment": "libbourbon",
"deleted": false,
"disable_correlation": false,
"timestamp": "1569015231",
"to_ids": false,
"type": "sha256",
"uuid": "5d8545bf-ec98-4d0c-a8a3-55038064ab0b",
"value": "6977e6098815cd91016be9d76f194ed4622640d03c6cdd66b1032306a2190af7"
},
{
"category": "Payload delivery",
"comment": "Whisky",
"deleted": false,
"disable_correlation": false,
"timestamp": "1569015252",
"to_ids": false,
"type": "sha256",
"uuid": "5d8545d4-ee30-435b-827e-55078064ab0b",
"value": "e510c361c8101384277dd95cc2c8e76715dd241f58553f592245b620422beaf3"
},
{
"category": "Payload delivery",
"comment": "Scotch",
"deleted": false,
"disable_correlation": false,
"timestamp": "1569015267",
"to_ids": false,
"type": "sha256",
"uuid": "5d8545e3-c264-43d8-9666-55068064ab0b",
"value": "0d13e403303b52edae6beb76a6fe7ed454f340aae1246b9a3f55ca728da2d6aa"
},
{
"category": "Payload delivery",
"comment": "Loader",
"deleted": false,
"disable_correlation": false,
"timestamp": "1569015299",
"to_ids": false,
"type": "sha256",
"uuid": "5d854603-8bf4-44fe-96ae-47ce8064ab0b",
"value": "b85fe634f3c5b1022a1adbc21f3b85b58451ca2b89e9380fc5f22b9340a18b88"
}
],
"Object": [
{
"comment": "",
"deleted": false,
"description": "File object describing a file with meta-information",
"meta-category": "file",
"name": "file",
"template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215",
"template_version": "17",
"timestamp": "1569407547",
"uuid": "bf16e26f-a501-48ec-850c-b1e55711bbcb",
"ObjectReference": [
{
"comment": "",
"object_uuid": "bf16e26f-a501-48ec-850c-b1e55711bbcb",
"referenced_uuid": "7b247766-cfe9-4dbf-9d65-7511b9033460",
chg: [feed] added
2023-04-21 13:25:09 +00:00
"relationship_type": "analysed-with",
chg: [gen] updated
2023-12-14 14:30:15 +00:00
"timestamp": "1621850373",
"uuid": "5d8b423e-6128-4130-94a6-4f87950d210f"
}
],
"Attribute": [
{
"category": "Payload delivery",
"comment": "Loader",
"deleted": false,
"disable_correlation": false,
"object_relation": "md5",
"timestamp": "1569015299",
"to_ids": true,
"type": "md5",
"uuid": "d6a330b3-ce2d-4763-b26c-570caa5c14db",
"value": "fb7bab3571e557ee7f88309dc472f748"
},
{
"category": "Payload delivery",
"comment": "Loader",
"deleted": false,
"disable_correlation": false,
"object_relation": "sha1",
"timestamp": "1569015299",
"to_ids": true,
"type": "sha1",
"uuid": "b6525cc8-055f-442b-992a-90ca08b84f50",
"value": "68533858c90515369a1d2f36d72cb3537de58437"
},
{
"category": "Payload delivery",
"comment": "Loader",
"deleted": false,
"disable_correlation": false,
"object_relation": "sha256",
"timestamp": "1569015299",
"to_ids": true,
"type": "sha256",
"uuid": "1ad928f0-5891-4a19-bf1a-2e1c6567c178",
"value": "b85fe634f3c5b1022a1adbc21f3b85b58451ca2b89e9380fc5f22b9340a18b88"
}
]
},
{
"comment": "",
"deleted": false,
"description": "VirusTotal report",
"meta-category": "misc",
"name": "virustotal-report",
"template_uuid": "d7dd0154-e04f-4c34-a2fb-79f3a3a52aa4",
"template_version": "2",
"timestamp": "1569407547",
"uuid": "7b247766-cfe9-4dbf-9d65-7511b9033460",
"Attribute": [
{
"category": "Other",
"comment": "Loader",
"deleted": false,
"disable_correlation": false,
"object_relation": "last-submission",
"timestamp": "1569015299",
"to_ids": false,
"type": "datetime",
"uuid": "4462e200-9d40-4c54-9e90-5d20c74e6bfd",
"value": "2019-09-24T22:38:19"
},
{
"category": "Payload delivery",
"comment": "Loader",
"deleted": false,
"disable_correlation": false,
"object_relation": "permalink",
"timestamp": "1569015299",
"to_ids": false,
"type": "link",
"uuid": "8d1378f4-ea14-4387-8d7a-d85ca5b071de",
"value": "https://www.virustotal.com/file/b85fe634f3c5b1022a1adbc21f3b85b58451ca2b89e9380fc5f22b9340a18b88/analysis/1569364699/"
},
{
"category": "Payload delivery",
"comment": "Loader",
"deleted": false,
"disable_correlation": true,
"object_relation": "detection-ratio",
"timestamp": "1569015299",
"to_ids": false,
"type": "text",
"uuid": "8b05523a-b753-4eba-81e0-b89f5a6ab696",
"value": "1/57"
}
]
},
{
"comment": "",
"deleted": false,
"description": "File object describing a file with meta-information",
"meta-category": "file",
"name": "file",
"template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215",
"template_version": "17",
"timestamp": "1569407548",
"uuid": "07e42fa1-5891-414c-9d6a-7628f55a1d1f",
"ObjectReference": [
{
"comment": "",
"object_uuid": "07e42fa1-5891-414c-9d6a-7628f55a1d1f",
"referenced_uuid": "e29771d7-c7aa-41b6-8c87-6ebb84ed0786",
chg: [feed] added
2023-04-21 13:25:09 +00:00
"relationship_type": "analysed-with",
chg: [gen] updated
2023-12-14 14:30:15 +00:00
"timestamp": "1621850373",
"uuid": "5d8b423e-a24c-4ae5-84f8-46b3950d210f"
}
],
"Attribute": [
{
"category": "Payload delivery",
"comment": "Whisky",
"deleted": false,
"disable_correlation": false,
"object_relation": "md5",
"timestamp": "1569015252",
"to_ids": true,
"type": "md5",
"uuid": "3ca54e5b-4596-4626-aae3-5a60b8fe151e",
"value": "111ba6564931fccb7f4d0e940b492520"
},
{
"category": "Payload delivery",
"comment": "Whisky",
"deleted": false,
"disable_correlation": false,
"object_relation": "sha1",
"timestamp": "1569015252",
"to_ids": true,
"type": "sha1",
"uuid": "05d753af-5e96-434a-9b4f-3435822a5205",
"value": "33ea7c4ad4f6d0b59b7b4de906735483e6e8cff7"
},
{
"category": "Payload delivery",
"comment": "Whisky",
"deleted": false,
"disable_correlation": false,
"object_relation": "sha256",
"timestamp": "1569015252",
"to_ids": true,
"type": "sha256",
"uuid": "7b272f90-3d57-45fa-ac8b-e4d09dd779a7",
"value": "e510c361c8101384277dd95cc2c8e76715dd241f58553f592245b620422beaf3"
}
]
},
{
"comment": "",
"deleted": false,
"description": "VirusTotal report",
"meta-category": "misc",
"name": "virustotal-report",
"template_uuid": "d7dd0154-e04f-4c34-a2fb-79f3a3a52aa4",
"template_version": "2",
"timestamp": "1569407548",
"uuid": "e29771d7-c7aa-41b6-8c87-6ebb84ed0786",
"Attribute": [
{
"category": "Other",
"comment": "Whisky",
"deleted": false,
"disable_correlation": false,
"object_relation": "last-submission",
"timestamp": "1569015252",
"to_ids": false,
"type": "datetime",
"uuid": "d5e4a39f-9daa-4aa4-aba5-8c71ae50e624",
"value": "2019-09-25T04:23:12"
},
{
"category": "Payload delivery",
"comment": "Whisky",
"deleted": false,
"disable_correlation": false,
"object_relation": "permalink",
"timestamp": "1569015252",
"to_ids": false,
"type": "link",
"uuid": "271b9e9f-9c1b-4d87-a122-3ecacf84a57b",
"value": "https://www.virustotal.com/file/e510c361c8101384277dd95cc2c8e76715dd241f58553f592245b620422beaf3/analysis/1569385392/"
},
{
"category": "Payload delivery",
"comment": "Whisky",
"deleted": false,
"disable_correlation": true,
"object_relation": "detection-ratio",
"timestamp": "1569015252",
"to_ids": false,
"type": "text",
"uuid": "c4751a17-01e5-4b62-8e6c-576d2aab11cf",
"value": "2/56"
}
]
},
{
"comment": "",
"deleted": false,
"description": "File object describing a file with meta-information",
"meta-category": "file",
"name": "file",
"template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215",
"template_version": "17",
"timestamp": "1569407548",
"uuid": "6ff6b2b5-97ef-4ef1-b90f-242ed5049581",
"ObjectReference": [
{
"comment": "",
"object_uuid": "6ff6b2b5-97ef-4ef1-b90f-242ed5049581",
"referenced_uuid": "53bad3c7-cc5b-4539-892d-470596a8998f",
chg: [feed] added
2023-04-21 13:25:09 +00:00
"relationship_type": "analysed-with",
chg: [gen] updated
2023-12-14 14:30:15 +00:00
"timestamp": "1621850373",
"uuid": "5d8b423e-4700-4cc0-acbb-4c43950d210f"
}
],
"Attribute": [
{
"category": "Payload delivery",
"comment": "libbourbon",
"deleted": false,
"disable_correlation": false,
"object_relation": "md5",
"timestamp": "1569015231",
"to_ids": true,
"type": "md5",
"uuid": "5fdd5887-d483-4280-bc2d-b7e587e5bd98",
"value": "0d5158b33dc32cfd3c020f9dd13bde55"
},
{
"category": "Payload delivery",
"comment": "libbourbon",
"deleted": false,
"disable_correlation": false,
"object_relation": "sha1",
"timestamp": "1569015231",
"to_ids": true,
"type": "sha1",
"uuid": "0399a67b-5e1a-4e66-82d0-06efdc25cecb",
"value": "df4c6cd8e046d7072cd833575593069f28a02674"
},
{
"category": "Payload delivery",
"comment": "libbourbon",
"deleted": false,
"disable_correlation": false,
"object_relation": "sha256",
"timestamp": "1569015231",
"to_ids": true,
"type": "sha256",
"uuid": "32d0cba0-7ad4-4975-9419-5018d0ee5464",
"value": "6977e6098815cd91016be9d76f194ed4622640d03c6cdd66b1032306a2190af7"
}
]
},
{
"comment": "",
"deleted": false,
"description": "VirusTotal report",
"meta-category": "misc",
"name": "virustotal-report",
"template_uuid": "d7dd0154-e04f-4c34-a2fb-79f3a3a52aa4",
"template_version": "2",
"timestamp": "1569407548",
"uuid": "53bad3c7-cc5b-4539-892d-470596a8998f",
"Attribute": [
{
"category": "Other",
"comment": "libbourbon",
"deleted": false,
"disable_correlation": false,
"object_relation": "last-submission",
"timestamp": "1569015231",
"to_ids": false,
"type": "datetime",
"uuid": "a9483f0b-b532-4933-8cf6-cfd2109189e6",
"value": "2019-09-25T04:23:29"
},
{
"category": "Payload delivery",
"comment": "libbourbon",
"deleted": false,
"disable_correlation": false,
"object_relation": "permalink",
"timestamp": "1569015231",
"to_ids": false,
"type": "link",
"uuid": "7b7d7f13-40a7-4906-91fc-d315674418f3",
"value": "https://www.virustotal.com/file/6977e6098815cd91016be9d76f194ed4622640d03c6cdd66b1032306a2190af7/analysis/1569385409/"
},
{
"category": "Payload delivery",
"comment": "libbourbon",
"deleted": false,
"disable_correlation": true,
"object_relation": "detection-ratio",
"timestamp": "1569015231",
"to_ids": false,
"type": "text",
"uuid": "0bbfca68-2eb1-4495-86ec-ab68a0d267c9",
"value": "2/55"
}
]
},
{
"comment": "",
"deleted": false,
"description": "File object describing a file with meta-information",
"meta-category": "file",
"name": "file",
"template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215",
"template_version": "17",
"timestamp": "1569407548",
"uuid": "de8d9fd8-b456-4b2d-b62e-118637749f2b",
"ObjectReference": [
{
"comment": "",
"object_uuid": "de8d9fd8-b456-4b2d-b62e-118637749f2b",
"referenced_uuid": "2317431c-4652-4dfc-b063-499e9e627c8f",
chg: [feed] added
2023-04-21 13:25:09 +00:00
"relationship_type": "analysed-with",
chg: [gen] updated
2023-12-14 14:30:15 +00:00
"timestamp": "1621850373",
"uuid": "5d8b423e-b2ac-4a85-828f-41ea950d210f"
}
],
"Attribute": [
{
"category": "Payload delivery",
"comment": "Scotch",
"deleted": false,
"disable_correlation": false,
"object_relation": "md5",
"timestamp": "1569015267",
"to_ids": true,
"type": "md5",
"uuid": "0b93fbb0-d9f0-4383-a86d-1f472fea5e26",
"value": "fb713151159601eef43226aadd7bb5a6"
},
{
"category": "Payload delivery",
"comment": "Scotch",
"deleted": false,
"disable_correlation": false,
"object_relation": "sha1",
"timestamp": "1569015267",
"to_ids": true,
"type": "sha1",
"uuid": "923c0e1f-a99b-4fb4-af9c-e3762aba0050",
"value": "fedb77270570b8c401577b65595a9b32e2fa368a"
},
{
"category": "Payload delivery",
"comment": "Scotch",
"deleted": false,
"disable_correlation": false,
"object_relation": "sha256",
"timestamp": "1569015267",
"to_ids": true,
"type": "sha256",
"uuid": "bd0c5cfa-0dd9-4daa-a374-7c2362fd5930",
"value": "0d13e403303b52edae6beb76a6fe7ed454f340aae1246b9a3f55ca728da2d6aa"
}
]
},
{
"comment": "",
"deleted": false,
"description": "VirusTotal report",
"meta-category": "misc",
"name": "virustotal-report",
"template_uuid": "d7dd0154-e04f-4c34-a2fb-79f3a3a52aa4",
"template_version": "2",
"timestamp": "1569407549",
"uuid": "2317431c-4652-4dfc-b063-499e9e627c8f",
"Attribute": [
{
"category": "Other",
"comment": "Scotch",
"deleted": false,
"disable_correlation": false,
"object_relation": "last-submission",
"timestamp": "1569015267",
"to_ids": false,
"type": "datetime",
"uuid": "9c01d4ea-e2be-4494-94a3-e63a19dd0abe",
"value": "2019-09-24T22:38:17"
},
{
"category": "Payload delivery",
"comment": "Scotch",
"deleted": false,
"disable_correlation": false,
"object_relation": "permalink",
"timestamp": "1569015267",
"to_ids": false,
"type": "link",
"uuid": "4350a59c-0d18-4044-9956-66634701dbc3",
"value": "https://www.virustotal.com/file/0d13e403303b52edae6beb76a6fe7ed454f340aae1246b9a3f55ca728da2d6aa/analysis/1569364697/"
},
{
"category": "Payload delivery",
"comment": "Scotch",
"deleted": false,
"disable_correlation": true,
"object_relation": "detection-ratio",
"timestamp": "1569015267",
"to_ids": false,
"type": "text",
"uuid": "5634a47e-9a8c-483f-af69-13deaf6d152a",
"value": "1/58"
}
]
},
{
"comment": "",
"deleted": false,
"description": "File object describing a file with meta-information",
"meta-category": "file",
"name": "file",
"template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215",
"template_version": "17",
"timestamp": "1569407550",
"uuid": "d6592ce4-117e-4cd7-9969-abe216690882",
"ObjectReference": [
{
"comment": "",
"object_uuid": "d6592ce4-117e-4cd7-9969-abe216690882",
"referenced_uuid": "5b8d4815-cde6-498e-9914-3b4a785000f9",
chg: [feed] added
2023-04-21 13:25:09 +00:00
"relationship_type": "analysed-with",
chg: [gen] updated
2023-12-14 14:30:15 +00:00
"timestamp": "1621850373",
"uuid": "5d8b423f-8858-43f9-bf68-42bd950d210f"
}
],
"Attribute": [
{
"category": "Artifacts dropped",
"comment": "iOS payload",
"deleted": false,
"disable_correlation": false,
"object_relation": "md5",
"timestamp": "1568072031",
"to_ids": true,
"type": "md5",
"uuid": "3fa80123-0c5f-4bba-b46e-a76305e1465d",
"value": "fa3aeb8ce67077e54b09e0e4c80e3814"
},
{
"category": "Artifacts dropped",
"comment": "iOS payload",
"deleted": false,
"disable_correlation": false,
"object_relation": "sha1",
"timestamp": "1568072031",
"to_ids": true,
"type": "sha1",
"uuid": "e4261fff-7d43-41d1-aa4f-bf5d234be488",
"value": "24ef2efdb2348cf9db3fb5bf79555e1ffe411c68"
},
{
"category": "Artifacts dropped",
"comment": "iOS payload",
"deleted": false,
"disable_correlation": false,
"object_relation": "sha256",
"timestamp": "1568072031",
"to_ids": true,
"type": "sha256",
"uuid": "4e722f47-ed47-4f50-a2b7-4bbdd1fffa6c",
"value": "0d2ee9ade24163613772fdda201af985d852ab506e3d3e7f07fb3fa8b0853560"
}
]
},
{
"comment": "",
"deleted": false,
"description": "VirusTotal report",
"meta-category": "misc",
"name": "virustotal-report",
"template_uuid": "d7dd0154-e04f-4c34-a2fb-79f3a3a52aa4",
"template_version": "2",
"timestamp": "1569407550",
"uuid": "5b8d4815-cde6-498e-9914-3b4a785000f9",
"Attribute": [
{
"category": "Other",
"comment": "iOS payload",
"deleted": false,
"disable_correlation": false,
"object_relation": "last-submission",
"timestamp": "1568072031",
"to_ids": false,
"type": "datetime",
"uuid": "98623fdf-dc92-4290-bc36-de3d32dff2e4",
"value": "2019-09-25T10:00:33"
},
{
"category": "External analysis",
"comment": "iOS payload",
"deleted": false,
"disable_correlation": false,
"object_relation": "permalink",
"timestamp": "1568072031",
"to_ids": false,
"type": "link",
"uuid": "14f169f7-d2c4-4be0-bef3-adc7ff0e345d",
"value": "https://www.virustotal.com/file/0d2ee9ade24163613772fdda201af985d852ab506e3d3e7f07fb3fa8b0853560/analysis/1569405633/"
},
{
"category": "Artifacts dropped",
"comment": "iOS payload",
"deleted": false,
"disable_correlation": true,
"object_relation": "detection-ratio",
"timestamp": "1568072031",
"to_ids": false,
"type": "text",
"uuid": "bbd53242-0d06-4119-ad7b-2884119a5c84",
"value": "18/55"
}
]
}
chg: [feed] added
2023-04-21 13:25:09 +00:00
]
chg: [gen] updated
2023-12-14 14:30:15 +00:00
}
chg: [feed] added
2023-04-21 13:25:09 +00:00
}
Reference in a new issue Copy permalink