{ "Event": { "analysis": "0", "date": "2019-01-21", "extends_uuid": "", "info": "2019-01-21: APT28 Autoit Zebrocy Progression", "publish_timestamp": "1622020049", "published": true, "threat_level_id": "2", "timestamp": "1621849993", "uuid": "5c463bd0-63bc-41f1-91dc-622168f8e8cf", "Orgc": { "name": "VK-Intel", "uuid": "5bfa439e-c978-4dcd-b474-73f568f8e8cf" }, "Tag": [ { "colour": "#aa6c53", "local": false, "name": "Actor: APT28", "relationship_type": "" }, { "colour": "#ab875e", "local": false, "name": "Autoit", "relationship_type": "" }, { "colour": "#671079", "local": false, "name": "Actor: Sofacy", "relationship_type": "" }, { "colour": "#0dcd05", "local": false, "name": "Downloader", "relationship_type": "" }, { "colour": "#89a9b6", "local": false, "name": "Malware: Zebrocy", "relationship_type": "" }, { "colour": "#0088cc", "local": false, "name": "misp-galaxy:mitre-enterprise-attack-attack-pattern=\"Command-Line Interface - T1059\"", "relationship_type": "" }, { "colour": "#0088cc", "local": false, "name": "misp-galaxy:mitre-enterprise-attack-attack-pattern=\"Scripting - T1064\"", "relationship_type": "" }, { "colour": "#0088cc", "local": false, "name": "misp-galaxy:mitre-enterprise-attack-attack-pattern=\"Registry Run Keys / Start Folder - T1060\"", "relationship_type": "" }, { "colour": "#0088cc", "local": false, "name": "misp-galaxy:mitre-enterprise-attack-attack-pattern=\"System Information Discovery - T1082\"", "relationship_type": "" }, { "colour": "#0088cc", "local": false, "name": "misp-galaxy:mitre-enterprise-attack-attack-pattern=\"Exfiltration Over Command and Control Channel - T1041\"", "relationship_type": "" }, { "colour": "#0088cc", "local": false, "name": "misp-galaxy:mitre-enterprise-attack-attack-pattern=\"Standard Application Layer Protocol - T1071\"", "relationship_type": "" }, { "colour": "#0088cc", "local": false, "name": "misp-galaxy:mitre-enterprise-attack-attack-pattern=\"Windows Management Instrumentation - T1047\"", "relationship_type": "" }, { "colour": "#12e000", "local": false, "name": "misp-galaxy:threat-actor=\"Sofacy\"", "relationship_type": "" }, { "colour": "#004646", "local": false, "name": "type:OSINT", "relationship_type": "" }, { "colour": "#0071c3", "local": false, "name": "osint:lifetime=\"perpetual\"", "relationship_type": "" }, { "colour": "#0087e8", "local": false, "name": "osint:certainty=\"50\"", "relationship_type": "" }, { "colour": "#ffffff", "local": false, "name": "tlp:white", "relationship_type": "" } ], "Attribute": [ { "category": "Payload delivery", "comment": "APT28 Zebrocy Autoit Samples", "deleted": false, "disable_correlation": false, "timestamp": "1548106781", "to_ids": true, "type": "md5", "uuid": "5c463bd0-a7c8-4670-8a27-622168f8e8cf", "value": "d6751b148461e0f863548be84020b879" }, { "category": "External analysis", "comment": "APT28 Zebrocy Autoit C2 AS9009 M247, GB @m247.com", "deleted": false, "disable_correlation": false, "timestamp": "1548132590", "to_ids": true, "type": "url", "uuid": "5c463bd0-2174-48b9-bfe3-622168f8e8cf", "value": "http://194.187.249.126" }, { "category": "Payload installation", "comment": "APT28 Zebrocy Autoit Samples", "deleted": false, "disable_correlation": false, "timestamp": "1548106762", "to_ids": true, "type": "md5", "uuid": "5c463c0a-0f30-4502-9cf3-79aa68f8e8cf", "value": "311f24eb2dda26c26f572c727a25503b" }, { "category": "Payload installation", "comment": "APT28 Zebrocy Autoit Samples", "deleted": false, "disable_correlation": false, "timestamp": "1548106762", "to_ids": true, "type": "md5", "uuid": "5c463c0a-de14-441b-8ec9-79aa68f8e8cf", "value": "7b1974e61795e84b6aacf33571320c2a" }, { "category": "Payload installation", "comment": "APT28 Zebrocy Autoit Samples", "deleted": false, "disable_correlation": false, "timestamp": "1548106762", "to_ids": true, "type": "md5", "uuid": "5c463c0a-eb38-4d29-9bf5-79aa68f8e8cf", "value": "c2e1f2cf18ca987ebb3e8f4c09a4ef7e" }, { "category": "Network activity", "comment": "APT28 Zebrocy C2 AS201011 NETZBETRIEB-GMBH, DE @core-backbone.com", "deleted": false, "disable_correlation": false, "timestamp": "1548132452", "to_ids": true, "type": "url", "uuid": "5c463c55-d144-426e-a69c-622168f8e8cf", "value": "http://80.255.6.5" }, { "category": "Network activity", "comment": "APT28 Zebrocy C2 AS49544 I3DNET, NL Qhoster", "deleted": false, "disable_correlation": false, "timestamp": "1548132475", "to_ids": true, "type": "url", "uuid": "5c463c55-ee08-441f-bd1a-622168f8e8cf", "value": "http://220.158.216.127" }, { "category": "Network activity", "comment": "APT28 Zebrocy C2 AS29073 QUASINETWORKS, NL @libertyvps.net", "deleted": false, "disable_correlation": false, "timestamp": "1548132418", "to_ids": true, "type": "url", "uuid": "5c463c55-d868-4e4b-9235-622168f8e8cf", "value": "https://145.249.106.198/" }, { "category": "Attribution", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1548220887", "to_ids": false, "type": "threat-actor", "uuid": "5c47f9d7-5f30-4893-a12d-1cfe68f8e8cf", "value": "APT28" }, { "category": "Payload installation", "comment": "Zebrocy AutoIt Jan 16, 2019", "deleted": false, "disable_correlation": false, "timestamp": "1548313502", "to_ids": true, "type": "md5", "uuid": "5c49639e-7110-4d64-8050-631968f8e8cf", "value": "ec57bb4980ea0190f4ad05d0ea9c9447" }, { "category": "Network activity", "comment": "Zebrocy January 16, 2019 URL", "deleted": false, "disable_correlation": false, "timestamp": "1548313552", "to_ids": true, "type": "url", "uuid": "5c4963d0-3650-436c-b82e-631868f8e8cf", "value": "http://185.236.203.53" }, { "category": "Other", "comment": "7b1974e61795e84b6aacf33571320c2a: Enriched", "deleted": false, "disable_correlation": false, "timestamp": "1549569107", "to_ids": false, "type": "text", "uuid": "5c5c8b3e-49cc-4e88-9a48-0ff9354b4518", "value": "virus (suspicious);AVG;" }, { "category": "Other", "comment": "7b1974e61795e84b6aacf33571320c2a: Enriched", "deleted": false, "disable_correlation": false, "timestamp": "1549569190", "to_ids": false, "type": "text", "uuid": "5c5c8b3e-fcc8-4845-8bcd-0ff9354b4518", "value": "PUA.Win.Packer.AcprotectUltraprotect-1;ClamAV;" }, { "category": "Other", "comment": "7b1974e61795e84b6aacf33571320c2a: Enriched", "deleted": false, "disable_correlation": false, "timestamp": "1549569100", "to_ids": false, "type": "text", "uuid": "5c5c8b3e-b370-4841-863a-0ff9354b4518", "value": "Win32/Spy.Autoit.EK trojan;ESETnod32;" }, { "category": "Other", "comment": "7b1974e61795e84b6aacf33571320c2a: Enriched", "deleted": false, "disable_correlation": false, "timestamp": "1549569200", "to_ids": false, "type": "text", "uuid": "5c5c8b3e-807c-4433-93b2-0ff9354b4518", "value": "W32/Autoit.EK!tr.spy;Fortinet;" }, { "category": "Other", "comment": "7b1974e61795e84b6aacf33571320c2a: Enriched", "deleted": false, "disable_correlation": false, "timestamp": "1549568995", "to_ids": false, "type": "size-in-bytes", "uuid": "5c5c8b3f-6948-461b-bd88-0ff9354b4518", "value": "1150976" }, { "category": "Payload type", "comment": "7b1974e61795e84b6aacf33571320c2a: Enriched", "deleted": false, "disable_correlation": false, "timestamp": "1549569143", "to_ids": false, "type": "text", "uuid": "5c5c8b3f-f40c-409c-bb03-0ff9354b4518", "value": "9ea0c70001000000f1c6cd0033000000f1c6ce00ae000000f1c6cf003200000009788300090000000978930025000000000001001402000066eed8004d00000066eecd000200000066eec90001000000000097000100000066eecc0001000000;0;" }, { "category": "Payload type", "comment": "7b1974e61795e84b6aacf33571320c2a: Enriched", "deleted": false, "disable_correlation": true, "timestamp": "1549569185", "to_ids": false, "type": "text", "uuid": "5c5c8b3f-3110-4eed-af28-0ff9354b4518", "value": "VC8 -> Microsoft Corporation" }, { "category": "Payload delivery", "comment": "7b1974e61795e84b6aacf33571320c2a: Enriched", "deleted": false, "disable_correlation": false, "timestamp": "1549568974", "to_ids": false, "type": "sha256", "uuid": "5c5c8b3f-ffa8-4e17-91a3-0ff9354b4518", "value": "121407a9bced8297fbbdfb76ae79f16fe9fa0574deee21a44dfb56d5b1deb999" }, { "category": "Payload delivery", "comment": "7b1974e61795e84b6aacf33571320c2a: Enriched", "deleted": false, "disable_correlation": false, "timestamp": "1549568969", "to_ids": false, "type": "text", "uuid": "5c5c8b40-e5a0-453c-80a6-0ff9354b4518", "value": "MS certificate checker 3.3.12.0 12.5.34.0 Certificate verify checker Certificate verify checker" }, { "category": "Payload delivery", "comment": "7b1974e61795e84b6aacf33571320c2a: Enriched", "deleted": false, "disable_correlation": false, "timestamp": "1549568931", "to_ids": false, "type": "imphash", "uuid": "5c5c8b40-94cc-4c28-ad64-0ff9354b4518", "value": "c1d258acab237961164a925272293413" }, { "category": "Other", "comment": "7b1974e61795e84b6aacf33571320c2a: Enriched", "deleted": false, "disable_correlation": false, "timestamp": "1549568961", "to_ids": false, "type": "text", "uuid": "5c5c8b40-4604-4e08-a5b0-0ff9354b4518", "value": "%WINDIR%\\temp\\Invoice-59947267.exe" }, { "category": "Payload delivery", "comment": "7b1974e61795e84b6aacf33571320c2a: Enriched", "deleted": false, "disable_correlation": false, "timestamp": "1549568953", "to_ids": false, "type": "sha1", "uuid": "5c5c8b40-0508-4724-9882-0ff9354b4518", "value": "ce3b60fbad031c9bd5a10779cc8beb185035d407" }, { "category": "Attribution", "comment": "7b1974e61795e84b6aacf33571320c2a: Enriched", "deleted": false, "disable_correlation": true, "timestamp": "1549568938", "to_ids": false, "type": "text", "uuid": "5c5c8b40-d5bc-4e51-8a0f-0ff9354b4518", "value": "LANG_ENGLISH/SUBLANG_ENGLISH_UK" }, { "category": "Other", "comment": "7b1974e61795e84b6aacf33571320c2a: Enriched", "deleted": false, "disable_correlation": false, "timestamp": "1549568922", "to_ids": false, "type": "datetime", "uuid": "5c5c8b41-8ee0-4dd4-af84-0ff9354b4518", "value": "2018-03-02T01:31:48" }, { "category": "Payload delivery", "comment": "7b1974e61795e84b6aacf33571320c2a: Enriched", "deleted": false, "disable_correlation": false, "timestamp": "1549568911", "to_ids": false, "type": "pehash", "uuid": "5c5c8b41-ff7c-4eef-82f2-0ff9354b4518", "value": "791574aad9b238c5093e3c83a5db553ef45b01f1" } ], "Object": [ { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "11", "timestamp": "1548365888", "uuid": "b800728f-5a34-4730-a91b-f138e14c98c7", "ObjectReference": [ { "comment": "", "object_uuid": "b800728f-5a34-4730-a91b-f138e14c98c7", "referenced_uuid": "99c1af3e-6e2a-4e7e-ae0d-785719b629de", "relationship_type": "analysed-with", "timestamp": "1621849993", "uuid": "5c4a3042-49e8-4d9d-80c5-78ef02de0b81" } ], "Attribute": [ { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1548365889", "to_ids": true, "type": "md5", "uuid": "6cb2100b-1854-4c31-b7f5-9e66e5531142", "value": "d6751b148461e0f863548be84020b879" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1548365889", "to_ids": true, "type": "sha1", "uuid": "12bee859-b960-4113-b4cb-689c7cfaf1cf", "value": "bab1d2c668e597d19f9ee9395944c1ce0f34f279" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1548365889", "to_ids": true, "type": "sha256", "uuid": "dfc3c0a2-2185-4733-896b-f784580ea4ed", "value": "1aa4ad5a3f8929d61f559df656c84326d1fe0ca82a4be299fa758a26e14b1b27" } ] }, { "comment": "", "deleted": false, "description": "VirusTotal report", "meta-category": "misc", "name": "virustotal-report", "template_uuid": "d7dd0154-e04f-4c34-a2fb-79f3a3a52aa4", "template_version": "2", "timestamp": "1548365889", "uuid": "99c1af3e-6e2a-4e7e-ae0d-785719b629de", "Attribute": [ { "category": "Other", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "last-submission", "timestamp": "1548365889", "to_ids": false, "type": "datetime", "uuid": "2fe07c1b-96ab-4f81-987a-8db6f28c9942", "value": "2019-01-24T11:36:53" }, { "category": "External analysis", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "permalink", "timestamp": "1548365889", "to_ids": false, "type": "link", "uuid": "5b56cfbc-246d-4782-b0bf-8fe1c528f788", "value": "https://www.virustotal.com/file/1aa4ad5a3f8929d61f559df656c84326d1fe0ca82a4be299fa758a26e14b1b27/analysis/1548329813/" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "detection-ratio", "timestamp": "1548365889", "to_ids": false, "type": "text", "uuid": "792b941e-1e36-488a-bc89-bfd79ada3391", "value": "43/69" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "11", "timestamp": "1548365889", "uuid": "d89b9e2c-fbdb-4504-858e-2cac4f989268", "ObjectReference": [ { "comment": "", "object_uuid": "d89b9e2c-fbdb-4504-858e-2cac4f989268", "referenced_uuid": "4b15b1fa-1951-422f-8212-1f96c5f99af3", "relationship_type": "analysed-with", "timestamp": "1621849993", "uuid": "5c4a3043-b82c-442a-9f6d-78ef02de0b81" } ], "Attribute": [ { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1548365889", "to_ids": true, "type": "md5", "uuid": "c5402abf-a94a-4da9-916b-a6b82850e76f", "value": "c2e1f2cf18ca987ebb3e8f4c09a4ef7e" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1548365889", "to_ids": true, "type": "sha1", "uuid": "c9808069-4bd1-4542-b208-89fc033256b8", "value": "e757ea599a1d6f1d06d90589d7f19dd1c1bf8b7b" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1548365889", "to_ids": true, "type": "sha256", "uuid": "ed9e6dcd-25bc-4de8-8fef-490203cbf2b4", "value": "5b52bc196bfc207d43eedfe585df96fcfabbdead087ff79fcdcdd4d08c7806db" } ] }, { "comment": "", "deleted": false, "description": "VirusTotal report", "meta-category": "misc", "name": "virustotal-report", "template_uuid": "d7dd0154-e04f-4c34-a2fb-79f3a3a52aa4", "template_version": "2", "timestamp": "1548365889", "uuid": "4b15b1fa-1951-422f-8212-1f96c5f99af3", "Attribute": [ { "category": "Other", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "last-submission", "timestamp": "1548365889", "to_ids": false, "type": "datetime", "uuid": "6da72563-3cc7-4780-a07e-55ff265b9308", "value": "2018-10-25T17:04:30" }, { "category": "External analysis", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "permalink", "timestamp": "1548365889", "to_ids": false, "type": "link", "uuid": "71f1982a-d31f-42ea-8e9f-ef485841b836", "value": "https://www.virustotal.com/file/5b52bc196bfc207d43eedfe585df96fcfabbdead087ff79fcdcdd4d08c7806db/analysis/1540487070/" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "detection-ratio", "timestamp": "1548365889", "to_ids": false, "type": "text", "uuid": "3ec5fc33-7d0b-4ae9-a429-670577bea696", "value": "40/65" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "11", "timestamp": "1548365889", "uuid": "14b16764-ddf9-4007-b47e-3aef5cc6f36a", "ObjectReference": [ { "comment": "", "object_uuid": "14b16764-ddf9-4007-b47e-3aef5cc6f36a", "referenced_uuid": "587de82f-4aae-4200-b88f-a8d0fcfc24ed", "relationship_type": "analysed-with", "timestamp": "1621849993", "uuid": "5c4a3043-a5c8-494b-8aba-78ef02de0b81" } ], "Attribute": [ { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1548365889", "to_ids": true, "type": "md5", "uuid": "03a94d3c-789d-4b1b-a96b-e8f9cff24235", "value": "ec57bb4980ea0190f4ad05d0ea9c9447" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1548365889", "to_ids": true, "type": "sha1", "uuid": "b6fae6a7-72d5-46ce-9723-d00b73cf0cac", "value": "6b300486d17d07a02365d32b673cd6638bd384f3" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1548365889", "to_ids": true, "type": "sha256", "uuid": "01935c35-da34-4f6c-8c80-97ccb807d69a", "value": "e6e93c7744d20e2cac2c2b257868686c861d43c6cf3de146b8812778c8283f7d" } ] }, { "comment": "", "deleted": false, "description": "VirusTotal report", "meta-category": "misc", "name": "virustotal-report", "template_uuid": "d7dd0154-e04f-4c34-a2fb-79f3a3a52aa4", "template_version": "2", "timestamp": "1548365890", "uuid": "587de82f-4aae-4200-b88f-a8d0fcfc24ed", "Attribute": [ { "category": "Other", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "last-submission", "timestamp": "1548365890", "to_ids": false, "type": "datetime", "uuid": "5a292dc8-ad4d-40ac-8462-bc25b6767fb9", "value": "2019-01-23T17:12:32" }, { "category": "External analysis", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "permalink", "timestamp": "1548365890", "to_ids": false, "type": "link", "uuid": "8c6e54b1-8393-4723-9851-47466fe07a81", "value": "https://www.virustotal.com/file/e6e93c7744d20e2cac2c2b257868686c861d43c6cf3de146b8812778c8283f7d/analysis/1548263552/" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "detection-ratio", "timestamp": "1548365890", "to_ids": false, "type": "text", "uuid": "0028b781-c4c6-4957-846f-b9a97cd4afe9", "value": "34/70" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "11", "timestamp": "1548365890", "uuid": "63b96bc9-33bc-4ac2-b26b-077bf4180ab3", "ObjectReference": [ { "comment": "", "object_uuid": "63b96bc9-33bc-4ac2-b26b-077bf4180ab3", "referenced_uuid": "80a7973b-8573-413c-a2be-73b4062f2654", "relationship_type": "analysed-with", "timestamp": "1621849993", "uuid": "5c4a3043-7310-4841-896d-78ef02de0b81" } ], "Attribute": [ { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1548365890", "to_ids": true, "type": "md5", "uuid": "13d0182a-a372-441d-9acd-284d8b3cbbd1", "value": "311f24eb2dda26c26f572c727a25503b" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1548365890", "to_ids": true, "type": "sha1", "uuid": "cdb778cc-5cf0-4934-b90a-0ad50ca0ab5c", "value": "74e12fbcac14b2f1b2d83cabb057f8e059c95d68" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1548365890", "to_ids": true, "type": "sha256", "uuid": "d107115d-7f07-4897-98cc-cfe62f7a0f51", "value": "01bca6481a3a55dc5de5bfa4124bba47d37018d8ee93e5dbb80a60a14f243889" } ] }, { "comment": "", "deleted": false, "description": "VirusTotal report", "meta-category": "misc", "name": "virustotal-report", "template_uuid": "d7dd0154-e04f-4c34-a2fb-79f3a3a52aa4", "template_version": "2", "timestamp": "1548365890", "uuid": "80a7973b-8573-413c-a2be-73b4062f2654", "Attribute": [ { "category": "Other", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "last-submission", "timestamp": "1548365890", "to_ids": false, "type": "datetime", "uuid": "fc0041a5-dc4f-4fcf-a5b6-6a9fcb978a7f", "value": "2018-11-06T17:34:50" }, { "category": "External analysis", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "permalink", "timestamp": "1548365890", "to_ids": false, "type": "link", "uuid": "3640584d-273d-4d8f-8976-37156c0a0593", "value": "https://www.virustotal.com/file/01bca6481a3a55dc5de5bfa4124bba47d37018d8ee93e5dbb80a60a14f243889/analysis/1541525690/" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "detection-ratio", "timestamp": "1548365890", "to_ids": false, "type": "text", "uuid": "89221de2-e8a5-433e-93aa-ee73006ae663", "value": "33/67" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "11", "timestamp": "1548365890", "uuid": "18ba115d-3fa8-4ea6-b0aa-b84d71f314c5", "ObjectReference": [ { "comment": "", "object_uuid": "18ba115d-3fa8-4ea6-b0aa-b84d71f314c5", "referenced_uuid": "ad488ad1-01c8-4a0e-80ee-a7f7257b1f13", "relationship_type": "analysed-with", "timestamp": "1621849993", "uuid": "5c4a3043-0878-4e69-83b7-78ef02de0b81" } ], "Attribute": [ { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1548365890", "to_ids": true, "type": "md5", "uuid": "5d15cac4-cba5-49ae-ba7e-52912d6452d0", "value": "7b1974e61795e84b6aacf33571320c2a" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1548365890", "to_ids": true, "type": "sha1", "uuid": "9b7709c9-a002-4553-8a02-f5fd6b975584", "value": "ce3b60fbad031c9bd5a10779cc8beb185035d407" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1548365890", "to_ids": true, "type": "sha256", "uuid": "9632ae25-37d4-4daf-869b-886795d6bce1", "value": "121407a9bced8297fbbdfb76ae79f16fe9fa0574deee21a44dfb56d5b1deb999" } ] }, { "comment": "", "deleted": false, "description": "VirusTotal report", "meta-category": "misc", "name": "virustotal-report", "template_uuid": "d7dd0154-e04f-4c34-a2fb-79f3a3a52aa4", "template_version": "2", "timestamp": "1548365890", "uuid": "ad488ad1-01c8-4a0e-80ee-a7f7257b1f13", "Attribute": [ { "category": "Other", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "last-submission", "timestamp": "1548365890", "to_ids": false, "type": "datetime", "uuid": "ea4f7140-d3c9-46cb-8d71-627dc47ee8e1", "value": "2019-01-12T06:28:05" }, { "category": "External analysis", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "permalink", "timestamp": "1548365890", "to_ids": false, "type": "link", "uuid": "3897fb76-7663-4961-8bc6-27bd0f697402", "value": "https://www.virustotal.com/file/121407a9bced8297fbbdfb76ae79f16fe9fa0574deee21a44dfb56d5b1deb999/analysis/1547274485/" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "detection-ratio", "timestamp": "1548365890", "to_ids": false, "type": "text", "uuid": "d7b594d5-8ae7-4c4e-bb62-9d0a9f402523", "value": "47/69" } ] } ] } }