{ "Event": { "analysis": "2", "date": "2019-11-13", "extends_uuid": "", "info": "OSINT - More than a Dozen Obfuscated APT33 Botnets Used for Extreme Narrow Targeting", "publish_timestamp": "1579535914", "published": true, "threat_level_id": "1", "timestamp": "1579534868", "uuid": "5de6335d-e128-4bc0-87e2-4db4950d210f", "Orgc": { "name": "CIRCL", "uuid": "55f6ea5e-2c60-40e5-964f-47a8950d210f" }, "Tag": [ { "colour": "#22681c", "local": false, "name": "\tmalware_classification:malware-category=\"Botnet\"", "relationship_type": "" }, { "colour": "#22681c", "local": false, "name": "malware_classification:malware-category=\"Botnet\"", "relationship_type": "" }, { "colour": "#0088cc", "local": false, "name": "misp-galaxy:mitre-enterprise-attack-intrusion-set=\"APT33 - G0064\"", "relationship_type": "" }, { "colour": "#0088cc", "local": false, "name": "misp-galaxy:mitre-intrusion-set=\"APT33 - G0064\"", "relationship_type": "" }, { "colour": "#0088cc", "local": false, "name": "misp-galaxy:threat-actor=\"APT33\"", "relationship_type": "" }, { "colour": "#0088cc", "local": false, "name": "misp-galaxy:threat-actor=\"MAGNALLIUM\"", "relationship_type": "" }, { "colour": "#004646", "local": false, "name": "type:OSINT", "relationship_type": "" }, { "colour": "#0071c3", "local": false, "name": "osint:lifetime=\"perpetual\"", "relationship_type": "" }, { "colour": "#0087e8", "local": false, "name": "osint:certainty=\"50\"", "relationship_type": "" }, { "colour": "#ffffff", "local": false, "name": "tlp:white", "relationship_type": "" } ], "Attribute": [ { "category": "External analysis", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1575373999", "to_ids": false, "type": "link", "uuid": "5de6382a-2234-43eb-bff9-4682950d210f", "value": "https://blog.trendmicro.com/trendlabs-security-intelligence/more-than-a-dozen-obfuscated-apt33-botnets-used-for-extreme-narrow-targeting/", "Tag": [ { "colour": "#004646", "local": false, "name": "type:OSINT", "relationship_type": "" }, { "colour": "#0071c3", "local": false, "name": "osint:lifetime=\"perpetual\"", "relationship_type": "" }, { "colour": "#0087e8", "local": false, "name": "osint:certainty=\"50\"", "relationship_type": "" }, { "colour": "#ffffff", "local": false, "name": "tlp:white", "relationship_type": "" }, { "colour": "#00223b", "local": false, "name": "osint:source-type=\"blog-post\"", "relationship_type": "" } ] }, { "category": "External analysis", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1575374016", "to_ids": false, "type": "text", "uuid": "5de64234-f680-4632-8685-4637950d210f", "value": "The threat group regularly referred to as APT33 is known to target the oil and aviation industries aggressively. This threat group has been reported on consistently for years, but our recent findings show that the group has been using about a dozen live Command and Control (C&C) servers for extremely narrow targeting. The group puts up multiple layers of obfuscation to run these C&C servers in extremely targeted malware campaigns against organizations in the Middle East, the U.S., and Asia.", "Tag": [ { "colour": "#00223b", "local": false, "name": "osint:source-type=\"blog-post\"", "relationship_type": "" }, { "colour": "#004646", "local": false, "name": "type:OSINT", "relationship_type": "" }, { "colour": "#0071c3", "local": false, "name": "osint:lifetime=\"perpetual\"", "relationship_type": "" }, { "colour": "#0087e8", "local": false, "name": "osint:certainty=\"50\"", "relationship_type": "" }, { "colour": "#ffffff", "local": false, "name": "tlp:white", "relationship_type": "" } ] }, { "category": "Network activity", "comment": "APT33 C&C domains for extreme narrow targeting", "deleted": false, "disable_correlation": false, "timestamp": "1575383102", "to_ids": true, "type": "domain", "uuid": "5de66ed7-e800-4ad9-b5b0-3e72950d210f", "value": "oorgans.com" }, { "category": "Network activity", "comment": "APT33 C&C domains for extreme narrow targeting", "deleted": false, "disable_correlation": false, "timestamp": "1575383102", "to_ids": true, "type": "domain", "uuid": "5de66ed7-5638-4021-91e9-3e72950d210f", "value": "suncocity.com" }, { "category": "Network activity", "comment": "APT33 C&C domains for extreme narrow targeting", "deleted": false, "disable_correlation": false, "timestamp": "1575383102", "to_ids": true, "type": "domain", "uuid": "5de66ed7-42b8-43e5-8e6e-3e72950d210f", "value": "zandelshop.com" }, { "category": "Network activity", "comment": "APT33 C&C domains for extreme narrow targeting", "deleted": false, "disable_correlation": false, "timestamp": "1575383102", "to_ids": true, "type": "domain", "uuid": "5de66ed7-3438-48ee-973c-3e72950d210f", "value": "simsoshop.com" }, { "category": "Network activity", "comment": "APT33 C&C domains for extreme narrow targeting", "deleted": false, "disable_correlation": false, "timestamp": "1575383102", "to_ids": true, "type": "domain", "uuid": "5de66ed7-8bec-4c8b-acb0-3e72950d210f", "value": "zeverco.com" }, { "category": "Network activity", "comment": "APT33 C&C domains for extreme narrow targeting", "deleted": false, "disable_correlation": false, "timestamp": "1575383102", "to_ids": true, "type": "domain", "uuid": "5de66ed7-9a94-4a54-815b-3e72950d210f", "value": "qualitweb.com" }, { "category": "Network activity", "comment": "APT33 C&C domains for extreme narrow targeting", "deleted": false, "disable_correlation": false, "timestamp": "1575383102", "to_ids": true, "type": "domain", "uuid": "5de66ed7-8ae8-4c2b-8222-3e72950d210f", "value": "service-explorer.com" }, { "category": "Network activity", "comment": "APT33 C&C domains for extreme narrow targeting", "deleted": false, "disable_correlation": false, "timestamp": "1575383102", "to_ids": true, "type": "domain", "uuid": "5de66ed7-0670-4133-b94e-3e72950d210f", "value": "service-norton.com" }, { "category": "Network activity", "comment": "APT33 C&C domains for extreme narrow targeting", "deleted": false, "disable_correlation": false, "timestamp": "1575383102", "to_ids": true, "type": "domain", "uuid": "5de66ed7-fd84-4e19-b86d-3e72950d210f", "value": "service-eset.com" }, { "category": "Network activity", "comment": "APT33 C&C domains for extreme narrow targeting", "deleted": false, "disable_correlation": false, "timestamp": "1575383102", "to_ids": true, "type": "domain", "uuid": "5de66ed7-1bcc-48fa-b76a-3e72950d210f", "value": "service-essential.com" }, { "category": "Network activity", "comment": "APT33 C&C domains for extreme narrow targeting", "deleted": false, "disable_correlation": false, "timestamp": "1575383102", "to_ids": true, "type": "domain", "uuid": "5de66ed7-3118-4d36-8eb9-3e72950d210f", "value": "update-symantec.com" } ], "Object": [ { "comment": "", "deleted": false, "description": "Email object describing an email with meta-information", "first_seen": "2016-12-31T07:00:00+00:00", "meta-category": "network", "name": "email", "template_uuid": "a0c666e0-fc65-4be8-b48f-3423d788b552", "template_version": "13", "timestamp": "1579534624", "uuid": "5de6523d-de58-472f-9156-4d3e950d210f", "Attribute": [ { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "first_seen": "2016-12-31T07:00:00+00:00", "object_relation": "from", "timestamp": "1579534624", "to_ids": true, "type": "email-src", "uuid": "5de6523d-c1b0-45d0-a3c4-479c950d210f", "value": "recruitment@alsalam.aero" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "first_seen": "2016-12-31T07:00:00+00:00", "object_relation": "subject", "timestamp": "1579534624", "to_ids": false, "type": "email-subject", "uuid": "5de6523d-baec-4bbb-93bb-42a0950d210f", "value": "Job Opportunity" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "first_seen": "2016-12-31T07:00:00+00:00", "object_relation": "send-date", "timestamp": "1579534624", "to_ids": false, "type": "datetime", "uuid": "5de6523d-ac10-4b95-992a-46ef950d210f", "value": "2016-12-31T00:00:00" } ] }, { "comment": "", "deleted": false, "description": "Email object describing an email with meta-information", "first_seen": "2017-04-17T07:00:00+00:00", "meta-category": "network", "name": "email", "template_uuid": "a0c666e0-fc65-4be8-b48f-3423d788b552", "template_version": "13", "timestamp": "1579534756", "uuid": "5de65459-590c-4181-98d5-4efa950d210f", "Attribute": [ { "category": "Other", "comment": "", "deleted": false, "disable_correlation": false, "first_seen": "2017-04-17T07:00:00+00:00", "object_relation": "send-date", "timestamp": "1579534756", "to_ids": false, "type": "datetime", "uuid": "5de65459-9274-4633-86b4-43cf950d210f", "value": "2017-04-17T00:00:00" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "first_seen": "2017-04-17T07:00:00+00:00", "object_relation": "from", "timestamp": "1579534756", "to_ids": false, "type": "email-src", "uuid": "5de65459-f94c-482e-b180-456c950d210f", "value": "recruitment@alsalam.aero" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "first_seen": "2017-04-17T07:00:00+00:00", "object_relation": "subject", "timestamp": "1579534756", "to_ids": false, "type": "email-subject", "uuid": "5de65459-fd54-479b-9d39-40d8950d210f", "value": "Vacancy Announcement" } ] }, { "comment": "", "deleted": false, "description": "Email object describing an email with meta-information", "first_seen": "2018-09-25T07:00:00+00:00", "meta-category": "network", "name": "email", "template_uuid": "a0c666e0-fc65-4be8-b48f-3423d788b552", "template_version": "13", "timestamp": "1579534731", "uuid": "5de654b1-2f18-4646-9819-4f1b950d210f", "Attribute": [ { "category": "Other", "comment": "", "deleted": false, "disable_correlation": false, "first_seen": "2018-09-25T07:00:00+00:00", "object_relation": "send-date", "timestamp": "1579534731", "to_ids": false, "type": "datetime", "uuid": "5de654b2-1880-4812-90b5-4e4b950d210f", "value": "2018-09-25T00:00:00" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "first_seen": "2018-09-25T07:00:00+00:00", "object_relation": "from", "timestamp": "1579534731", "to_ids": false, "type": "email-src", "uuid": "5de654b2-3690-4be9-abf9-431b950d210f", "value": "careers@aramcojobs.ga" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "first_seen": "2018-09-25T07:00:00+00:00", "object_relation": "subject", "timestamp": "1579534731", "to_ids": false, "type": "email-subject", "uuid": "5de654b2-8ab4-4849-a24d-4292950d210f", "value": "AramCo Jobs" } ] }, { "comment": "", "deleted": false, "description": "Email object describing an email with meta-information", "first_seen": "2018-10-22T07:00:00+00:00", "meta-category": "network", "name": "email", "template_uuid": "a0c666e0-fc65-4be8-b48f-3423d788b552", "template_version": "13", "timestamp": "1579534710", "uuid": "5de65f8c-c9d0-4a61-99e6-4c6e950d210f", "Attribute": [ { "category": "Other", "comment": "", "deleted": false, "disable_correlation": false, "first_seen": "2018-10-22T07:00:00+00:00", "object_relation": "send-date", "timestamp": "1579534710", "to_ids": false, "type": "datetime", "uuid": "5de65f8c-bdcc-4eee-8861-484a950d210f", "value": "2018-10-22T00:00:00" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "first_seen": "2018-10-22T07:00:00+00:00", "object_relation": "from", "timestamp": "1579534710", "to_ids": false, "type": "email-src", "uuid": "5de65f8c-46b0-4f42-9c4a-48a0950d210f", "value": "jobs@samref.ga" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "first_seen": "2018-10-22T07:00:00+00:00", "object_relation": "subject", "timestamp": "1579534710", "to_ids": false, "type": "email-subject", "uuid": "5de65f8c-b300-4adf-bcc9-4f69950d210f", "value": "Job Openning at SAMREF" } ] }, { "comment": "", "deleted": false, "description": "Email object describing an email with meta-information", "first_seen": "2018-07-02T07:00:00+00:00", "meta-category": "network", "name": "email", "template_uuid": "a0c666e0-fc65-4be8-b48f-3423d788b552", "template_version": "13", "timestamp": "1579534684", "uuid": "5de66884-3dac-4677-a9a7-226f950d210f", "Attribute": [ { "category": "Other", "comment": "", "deleted": false, "disable_correlation": false, "first_seen": "2018-07-02T07:00:00+00:00", "object_relation": "send-date", "timestamp": "1579534684", "to_ids": false, "type": "datetime", "uuid": "5de66884-5f60-49f4-a1cc-226f950d210f", "value": "2018-07-02T00:00:00" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "first_seen": "2018-07-02T07:00:00+00:00", "object_relation": "from", "timestamp": "1579534684", "to_ids": false, "type": "email-src", "uuid": "5de66884-dbc4-4977-bbf5-226f950d210f", "value": "careers@sipchem.ga" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "first_seen": "2018-07-02T07:00:00+00:00", "object_relation": "subject", "timestamp": "1579534684", "to_ids": false, "type": "email-subject", "uuid": "5de66884-116c-4f82-b7ae-226f950d210f", "value": "Job Opportunity SIPCHEM" } ] }, { "comment": "", "deleted": false, "description": "Email object describing an email with meta-information", "first_seen": "2017-09-11T07:00:00+00:00", "meta-category": "network", "name": "email", "template_uuid": "a0c666e0-fc65-4be8-b48f-3423d788b552", "template_version": "13", "timestamp": "1579534648", "uuid": "5de668b6-6da0-4e21-a3ed-1e9a950d210f", "Attribute": [ { "category": "Other", "comment": "", "deleted": false, "disable_correlation": false, "first_seen": "2017-09-11T07:00:00+00:00", "object_relation": "send-date", "timestamp": "1579534648", "to_ids": false, "type": "datetime", "uuid": "5de668b7-87e0-4990-a80d-1e9a950d210f", "value": "2017-09-11T00:00:00" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "first_seen": "2017-09-11T07:00:00+00:00", "object_relation": "from", "timestamp": "1579534648", "to_ids": false, "type": "email-src", "uuid": "5de668b7-3984-4c0d-9f8e-1e9a950d210f", "value": "jobs@ngaaksa.ga" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "first_seen": "2017-09-11T07:00:00+00:00", "object_relation": "subject", "timestamp": "1579534648", "to_ids": false, "type": "email-subject", "uuid": "5de668b7-a770-470e-b915-1e9a950d210f", "value": "Job Opportunity" } ] }, { "comment": "", "deleted": false, "description": "Email object describing an email with meta-information", "first_seen": "2018-08-28T07:00:00+00:00", "meta-category": "network", "name": "email", "template_uuid": "a0c666e0-fc65-4be8-b48f-3423d788b552", "template_version": "13", "timestamp": "1579534605", "uuid": "5de66aa6-89f8-4ef4-9464-4ae2950d210f", "Attribute": [ { "category": "Other", "comment": "", "deleted": false, "disable_correlation": false, "first_seen": "2018-08-28T07:00:00+00:00", "object_relation": "send-date", "timestamp": "1579534605", "to_ids": false, "type": "datetime", "uuid": "5de66aa7-1db8-48d6-bb65-4ae2950d210f", "value": "2018-08-28T00:00:00" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "first_seen": "2018-08-28T07:00:00+00:00", "object_relation": "subject", "timestamp": "1579534605", "to_ids": false, "type": "email-subject", "uuid": "5de66aa7-f008-4f1e-b244-4ae2950d210f", "value": "Latest Vacancy" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "first_seen": "2018-08-28T07:00:00+00:00", "object_relation": "from", "timestamp": "1579534605", "to_ids": false, "type": "email-src", "uuid": "5de66aa7-f6e4-45b1-8346-4ae2950d210f", "value": "careers@aramcojobs.ga" } ] }, { "comment": "", "deleted": false, "description": "Email object describing an email with meta-information", "first_seen": "2018-08-26T07:00:00+00:00", "meta-category": "network", "name": "email", "template_uuid": "a0c666e0-fc65-4be8-b48f-3423d788b552", "template_version": "13", "timestamp": "1579534568", "uuid": "5de66b15-8000-4f4f-82f4-3e63950d210f", "Attribute": [ { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "first_seen": "2018-08-26T07:00:00+00:00", "object_relation": "from", "timestamp": "1579534568", "to_ids": true, "type": "email-src", "uuid": "5de66b15-b3bc-4c79-8ae8-3e63950d210f", "value": "careers@aramcojobs.ga" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "first_seen": "2018-08-26T07:00:00+00:00", "object_relation": "subject", "timestamp": "1579534568", "to_ids": false, "type": "email-subject", "uuid": "5de66b15-ea74-4305-90d4-3e63950d210f", "value": "Latest Vacancy" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "first_seen": "2018-08-26T07:00:00+00:00", "object_relation": "send-date", "timestamp": "1579534568", "to_ids": false, "type": "datetime", "uuid": "5de66b15-f804-48c8-9d8c-3e63950d210f", "value": "2018-08-26T00:00:00" } ] }, { "comment": "", "deleted": false, "description": "Email object describing an email with meta-information", "first_seen": "2017-07-17T07:00:00+00:00", "meta-category": "network", "name": "email", "template_uuid": "a0c666e0-fc65-4be8-b48f-3423d788b552", "template_version": "13", "timestamp": "1579534281", "uuid": "5de66b98-18b4-4a53-924a-1179950d210f", "Attribute": [ { "category": "Other", "comment": "", "deleted": false, "disable_correlation": false, "first_seen": "2017-07-17T07:00:00+00:00", "object_relation": "send-date", "timestamp": "1579534281", "to_ids": false, "type": "datetime", "uuid": "5de66b98-fdcc-460e-bf3c-1179950d210f", "value": "2017-07-17T00:00:00" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "first_seen": "2017-07-17T07:00:00+00:00", "object_relation": "from", "timestamp": "1579534281", "to_ids": false, "type": "email-src", "uuid": "5de66b98-b8f0-4c32-bde2-1179950d210f", "value": "careers@ngaaksa.com" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "first_seen": "2017-07-17T07:00:00+00:00", "object_relation": "subject", "timestamp": "1579534281", "to_ids": false, "type": "email-subject", "uuid": "5de66b98-ca74-4bb7-8a24-1179950d210f", "value": "Job Openning" } ] }, { "comment": "", "deleted": false, "description": "Email object describing an email with meta-information", "first_seen": "2017-11-20T07:00:00+00:00", "meta-category": "network", "name": "email", "template_uuid": "a0c666e0-fc65-4be8-b48f-3423d788b552", "template_version": "13", "timestamp": "1579534253", "uuid": "5de66bc8-ea38-4b6f-866b-3e74950d210f", "Attribute": [ { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "first_seen": "2017-11-20T07:00:00+00:00", "object_relation": "from", "timestamp": "1579534253", "to_ids": true, "type": "email-src", "uuid": "5de66bc8-a578-4058-a898-3e74950d210f", "value": "jobs@dyn-intl.ga" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "first_seen": "2017-11-20T07:00:00+00:00", "object_relation": "subject", "timestamp": "1579534253", "to_ids": false, "type": "email-subject", "uuid": "5de66bca-46b8-47be-a5af-3e74950d210f", "value": "Job Openning" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "first_seen": "2017-11-20T07:00:00+00:00", "object_relation": "send-date", "timestamp": "1579534253", "to_ids": false, "type": "datetime", "uuid": "5de66bca-32c8-4aca-9acc-3e74950d210f", "value": "2017-11-20T00:00:00" } ] }, { "comment": "", "deleted": false, "description": "Email object describing an email with meta-information", "first_seen": "2017-11-28T07:00:00+00:00", "meta-category": "network", "name": "email", "template_uuid": "a0c666e0-fc65-4be8-b48f-3423d788b552", "template_version": "13", "timestamp": "1579534220", "uuid": "5de66be7-3a30-4ec6-b560-3e72950d210f", "Attribute": [ { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "first_seen": "2017-11-28T07:00:00+00:00", "object_relation": "subject", "timestamp": "1579534220", "to_ids": false, "type": "email-subject", "uuid": "5de66be8-b4ec-49d5-ab22-3e72950d210f", "value": "Job Openning" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "first_seen": "2017-11-28T07:00:00+00:00", "object_relation": "send-date", "timestamp": "1579534220", "to_ids": false, "type": "datetime", "uuid": "5de66be8-a318-434b-8445-3e72950d210f", "value": "2017-11-28T00:00:00" } ] }, { "comment": "", "deleted": false, "description": "Email object describing an email with meta-information", "first_seen": "2018-03-05T00:00:00+00:00", "meta-category": "network", "name": "email", "template_uuid": "a0c666e0-fc65-4be8-b48f-3423d788b552", "template_version": "13", "timestamp": "1579534800", "uuid": "5de66e18-37bc-4d03-80a3-0458950d210f", "Attribute": [ { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "first_seen": "2018-03-05T00:00:00+00:00", "object_relation": "from", "timestamp": "1579534800", "to_ids": true, "type": "email-src", "uuid": "5de66e18-2360-42df-a37c-0458950d210f", "value": "jobs@mail.dyn-corp.ga" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "first_seen": "2018-03-05T00:00:00+00:00", "object_relation": "subject", "timestamp": "1579534800", "to_ids": false, "type": "email-subject", "uuid": "5de66e19-89a4-4df5-8dcb-0458950d210f", "value": "Job Openning" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "first_seen": "2018-03-05T00:00:00+00:00", "object_relation": "send-date", "timestamp": "1579534800", "to_ids": false, "type": "datetime", "uuid": "5de66e19-4330-4f09-9fc2-0458950d210f", "value": "2018-03-05T00:00:00" } ] }, { "comment": "", "deleted": false, "description": "Email object describing an email with meta-information", "first_seen": "2018-07-30T00:00:00+00:00", "meta-category": "network", "name": "email", "template_uuid": "a0c666e0-fc65-4be8-b48f-3423d788b552", "template_version": "13", "timestamp": "1579534832", "uuid": "5de66e3e-1334-4add-95d9-1bc6950d210f", "Attribute": [ { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "first_seen": "2018-07-30T00:00:00+00:00", "object_relation": "from", "timestamp": "1579534832", "to_ids": true, "type": "email-src", "uuid": "5de66e3e-2e7c-419a-81fa-1bc6950d210f", "value": "jobs@sipchem.ga" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "first_seen": "2018-07-30T00:00:00+00:00", "object_relation": "subject", "timestamp": "1579534832", "to_ids": false, "type": "email-subject", "uuid": "5de66e3e-7af8-4336-99fc-1bc6950d210f", "value": "Job Openning" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "first_seen": "2018-07-30T00:00:00+00:00", "object_relation": "send-date", "timestamp": "1579534832", "to_ids": false, "type": "datetime", "uuid": "5de66e3e-9ad0-4c00-bbd0-1bc6950d210f", "value": "2018-07-30T00:00:00" } ] }, { "comment": "", "deleted": false, "description": "Email object describing an email with meta-information", "first_seen": "2018-08-14T00:00:00+00:00", "meta-category": "network", "name": "email", "template_uuid": "a0c666e0-fc65-4be8-b48f-3423d788b552", "template_version": "13", "timestamp": "1579534867", "uuid": "5de66e5d-2724-41ec-8491-7ac9950d210f", "Attribute": [ { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "first_seen": "2018-08-14T00:00:00+00:00", "object_relation": "from", "timestamp": "1579534867", "to_ids": true, "type": "email-src", "uuid": "5de66e5d-9a98-4c87-b1d4-7ac9950d210f", "value": "jobs@sipchem.ga" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "first_seen": "2018-08-14T00:00:00+00:00", "object_relation": "subject", "timestamp": "1579534867", "to_ids": false, "type": "email-subject", "uuid": "5de66e5d-e128-4c20-bcf2-7ac9950d210f", "value": "Job Openning" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "first_seen": "2018-08-14T00:00:00+00:00", "object_relation": "send-date", "timestamp": "1579534867", "to_ids": false, "type": "datetime", "uuid": "5de66e5d-2c70-4b88-98ec-7ac9950d210f", "value": "2018-08-14T00:00:00" } ] }, { "comment": "", "deleted": false, "description": "An IP address (or domain or hostname) and a port seen as a tuple (or as a triple) in a specific time frame.", "meta-category": "network", "name": "ip-port", "template_uuid": "9f8cea74-16fe-4968-a2b4-026676949ac6", "template_version": "7", "timestamp": "1575384026", "uuid": "c69e95e9-9f4a-47bd-9cca-df70112bf4ba", "Attribute": [ { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ip", "timestamp": "1575384026", "to_ids": true, "type": "ip-dst", "uuid": "b089e2e8-accd-43cb-91ac-c2681f0c065d", "value": "5.135.120.57" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "first-seen", "timestamp": "1575384026", "to_ids": false, "type": "datetime", "uuid": "dc0fcf25-1d48-44ce-b46e-493ce19094da", "value": "2018-12-04T00:00:00" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "last-seen", "timestamp": "1575384026", "to_ids": false, "type": "datetime", "uuid": "6cd20d4b-5c77-4c2b-b744-0145554c0ea5", "value": "2019-01-24T00:00:00" } ] }, { "comment": "", "deleted": false, "description": "An IP address (or domain or hostname) and a port seen as a tuple (or as a triple) in a specific time frame.", "meta-category": "network", "name": "ip-port", "template_uuid": "9f8cea74-16fe-4968-a2b4-026676949ac6", "template_version": "7", "timestamp": "1575384027", "uuid": "14ce7404-1d9e-489b-91c1-62bd49ac088a", "Attribute": [ { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ip", "timestamp": "1575384027", "to_ids": true, "type": "ip-dst", "uuid": "8034e87b-78c7-4d75-8d4a-1e170196dd82", "value": "5.135.199.25" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "first-seen", "timestamp": "1575384027", "to_ids": false, "type": "datetime", "uuid": "145ee2c3-1102-417f-823a-1962a5a5152a", "value": "2019-03-03T00:00:00" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "last-seen", "timestamp": "1575384027", "to_ids": false, "type": "datetime", "uuid": "532fe8ca-8814-4860-81a9-2c0dc0861591", "value": "2019-03-03T00:00:00" } ] }, { "comment": "", "deleted": false, "description": "An IP address (or domain or hostname) and a port seen as a tuple (or as a triple) in a specific time frame.", "meta-category": "network", "name": "ip-port", "template_uuid": "9f8cea74-16fe-4968-a2b4-026676949ac6", "template_version": "7", "timestamp": "1575384027", "uuid": "33757eab-39f8-4dd3-bdc3-abe31bdb329e", "Attribute": [ { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ip", "timestamp": "1575384027", "to_ids": true, "type": "ip-dst", "uuid": "ef19bdbb-8e5b-43f1-b261-5d82537fb2eb", "value": "31.7.62.48" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "first-seen", "timestamp": "1575384027", "to_ids": false, "type": "datetime", "uuid": "75e4a9e9-0970-472b-8a8c-900bc4138c13", "value": "2018-09-26T00:00:00" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "last-seen", "timestamp": "1575384027", "to_ids": false, "type": "datetime", "uuid": "4c67ac8c-ce0f-4f41-9da0-053abf269cca", "value": "2018-09-29T00:00:00" } ] }, { "comment": "", "deleted": false, "description": "An IP address (or domain or hostname) and a port seen as a tuple (or as a triple) in a specific time frame.", "meta-category": "network", "name": "ip-port", "template_uuid": "9f8cea74-16fe-4968-a2b4-026676949ac6", "template_version": "7", "timestamp": "1575384028", "uuid": "dbf15608-73c3-4fdd-abec-cbd4abf42b9b", "Attribute": [ { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ip", "timestamp": "1575384028", "to_ids": true, "type": "ip-dst", "uuid": "4026c957-9ca6-4a39-91cf-fcb3db0e6cab", "value": "51.77.11.46" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "first-seen", "timestamp": "1575384028", "to_ids": false, "type": "datetime", "uuid": "9e0f64d9-188e-4ccc-b3b9-80ad46a8e71a", "value": "2019-07-01T00:00:00" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "last-seen", "timestamp": "1575384028", "to_ids": false, "type": "datetime", "uuid": "1ce08a70-8433-4b17-9fb8-2adf50544de3", "value": "2019-07-02T00:00:00" } ] }, { "comment": "", "deleted": false, "description": "An IP address (or domain or hostname) and a port seen as a tuple (or as a triple) in a specific time frame.", "meta-category": "network", "name": "ip-port", "template_uuid": "9f8cea74-16fe-4968-a2b4-026676949ac6", "template_version": "7", "timestamp": "1575384028", "uuid": "825ee3e8-ec27-47b1-93fd-800aac6cb009", "Attribute": [ { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ip", "timestamp": "1575384029", "to_ids": true, "type": "ip-dst", "uuid": "29ad40f6-9ad2-4a27-8feb-bba192e9ac66", "value": "54.36.73.108" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "first-seen", "timestamp": "1575384029", "to_ids": false, "type": "datetime", "uuid": "a444322f-b1a2-4d6a-a916-766c88093df7", "value": "2019-07-22T00:00:00" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "last-seen", "timestamp": "1575384029", "to_ids": false, "type": "datetime", "uuid": "d408a77b-d5a5-4d19-ba5c-b12f50f8b82a", "value": "2019-10-05T00:00:00" } ] }, { "comment": "", "deleted": false, "description": "An IP address (or domain or hostname) and a port seen as a tuple (or as a triple) in a specific time frame.", "meta-category": "network", "name": "ip-port", "template_uuid": "9f8cea74-16fe-4968-a2b4-026676949ac6", "template_version": "7", "timestamp": "1575384029", "uuid": "286489c4-fc1a-4722-a1d2-0a2cef367629", "Attribute": [ { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ip", "timestamp": "1575384029", "to_ids": true, "type": "ip-dst", "uuid": "0db0cea5-9f4b-42f0-9ea0-d7947a2d5380", "value": "54.37.48.172" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "first-seen", "timestamp": "1575384029", "to_ids": false, "type": "datetime", "uuid": "9e3b96a1-c562-478c-b2f7-5c8343c27f16", "value": "2019-10-22T00:00:00" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "last-seen", "timestamp": "1575384029", "to_ids": false, "type": "datetime", "uuid": "5ee5910f-8fc8-4bb7-b619-8e80917a62a9", "value": "2019-11-05T00:00:00" } ] }, { "comment": "", "deleted": false, "description": "An IP address (or domain or hostname) and a port seen as a tuple (or as a triple) in a specific time frame.", "meta-category": "network", "name": "ip-port", "template_uuid": "9f8cea74-16fe-4968-a2b4-026676949ac6", "template_version": "7", "timestamp": "1575384029", "uuid": "0bdc7720-3ac3-40ae-bcc3-d6db34735dbd", "Attribute": [ { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ip", "timestamp": "1575384030", "to_ids": true, "type": "ip-dst", "uuid": "722829f8-0af4-47a8-a2f6-3b83b9d263bc", "value": "54.38.124.150" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "first-seen", "timestamp": "1575384030", "to_ids": false, "type": "datetime", "uuid": "52227600-1a1c-445c-843a-7831eaebd476", "value": "2018-10-28T00:00:00" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "last-seen", "timestamp": "1575384030", "to_ids": false, "type": "datetime", "uuid": "f98a307b-3c09-4c0b-953a-1daef0fdbe2a", "value": "2018-11-17T00:00:00" } ] }, { "comment": "", "deleted": false, "description": "An IP address (or domain or hostname) and a port seen as a tuple (or as a triple) in a specific time frame.", "meta-category": "network", "name": "ip-port", "template_uuid": "9f8cea74-16fe-4968-a2b4-026676949ac6", "template_version": "7", "timestamp": "1575384030", "uuid": "c2fc02ff-1e36-4f10-8b9f-684ebdc9854b", "Attribute": [ { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ip", "timestamp": "1575384030", "to_ids": true, "type": "ip-dst", "uuid": "7e2bb4d3-cca0-4377-b24a-d6f9438df0de", "value": "88.150.221.107" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "first-seen", "timestamp": "1575384031", "to_ids": false, "type": "datetime", "uuid": "d4f0be23-ce0f-4cce-9402-a869307ed373", "value": "2019-09-26T00:00:00" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "last-seen", "timestamp": "1575384031", "to_ids": false, "type": "datetime", "uuid": "f9107db9-e0f9-45d8-a694-55d0c68f56ab", "value": "2019-11-07T00:00:00" } ] }, { "comment": "", "deleted": false, "description": "An IP address (or domain or hostname) and a port seen as a tuple (or as a triple) in a specific time frame.", "meta-category": "network", "name": "ip-port", "template_uuid": "9f8cea74-16fe-4968-a2b4-026676949ac6", "template_version": "7", "timestamp": "1575384031", "uuid": "043a1485-d6a4-45dc-b086-c3ff04371713", "Attribute": [ { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ip", "timestamp": "1575384031", "to_ids": true, "type": "ip-dst", "uuid": "6b16c646-75fd-466f-83c3-876231fafb41", "value": "91.134.203.59" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "first-seen", "timestamp": "1575384031", "to_ids": false, "type": "datetime", "uuid": "176650f2-b2e6-4bbe-8f33-911942b7f90a", "value": "2018-09-26T00:00:00" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "last-seen", "timestamp": "1575384031", "to_ids": false, "type": "datetime", "uuid": "3c2e8593-e233-4b69-b627-2d1758b585c7", "value": "2018-12-04T00:00:00" } ] }, { "comment": "", "deleted": false, "description": "An IP address (or domain or hostname) and a port seen as a tuple (or as a triple) in a specific time frame.", "meta-category": "network", "name": "ip-port", "template_uuid": "9f8cea74-16fe-4968-a2b4-026676949ac6", "template_version": "7", "timestamp": "1575384032", "uuid": "fbd5daea-0454-4809-9ce2-9b1bf3898953", "Attribute": [ { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ip", "timestamp": "1575384032", "to_ids": true, "type": "ip-dst", "uuid": "b7d28cec-ff12-4ef5-87e4-bb8f1727cce8", "value": "109.169.89.103" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "first-seen", "timestamp": "1575384032", "to_ids": false, "type": "datetime", "uuid": "017c3aa7-d28e-4128-852c-901131eceb85", "value": "2018-12-02T00:00:00" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "last-seen", "timestamp": "1575384032", "to_ids": false, "type": "datetime", "uuid": "9fc4bb22-fd6e-4100-a66b-a87002f9cba8", "value": "2018-12-14T00:00:00" } ] }, { "comment": "", "deleted": false, "description": "An IP address (or domain or hostname) and a port seen as a tuple (or as a triple) in a specific time frame.", "meta-category": "network", "name": "ip-port", "template_uuid": "9f8cea74-16fe-4968-a2b4-026676949ac6", "template_version": "7", "timestamp": "1575384032", "uuid": "54702d2c-5a8a-4a1f-8ab0-793464fc828f", "Attribute": [ { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ip", "timestamp": "1575384032", "to_ids": true, "type": "ip-dst", "uuid": "efa7bf03-6950-4785-925c-c6f5bcbe67fc", "value": "109.200.24.114" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "first-seen", "timestamp": "1575384032", "to_ids": false, "type": "datetime", "uuid": "6e1d89cc-73a2-41ff-90ad-a03d9019ec24", "value": "2018-11-19T00:00:00" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "last-seen", "timestamp": "1575384032", "to_ids": false, "type": "datetime", "uuid": "508892cc-4557-41af-beb0-8661041fafb0", "value": "2018-12-25T00:00:00" } ] }, { "comment": "", "deleted": false, "description": "An IP address (or domain or hostname) and a port seen as a tuple (or as a triple) in a specific time frame.", "meta-category": "network", "name": "ip-port", "template_uuid": "9f8cea74-16fe-4968-a2b4-026676949ac6", "template_version": "7", "timestamp": "1575384033", "uuid": "2db4134a-4d62-4ebe-b3f1-6c1c15437ff8", "Attribute": [ { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ip", "timestamp": "1575384033", "to_ids": true, "type": "ip-dst", "uuid": "cc8cc669-5a79-4802-9243-a31825b906cb", "value": "137.74.80.220" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "first-seen", "timestamp": "1575384033", "to_ids": false, "type": "datetime", "uuid": "7ace6caa-73ec-4ffb-a42b-1721411cadee", "value": "2018-09-29T00:00:00" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "last-seen", "timestamp": "1575384033", "to_ids": false, "type": "datetime", "uuid": "ac0dd37c-5af2-413b-b393-e819934a83fa", "value": "2018-10-23T00:00:00" } ] }, { "comment": "", "deleted": false, "description": "An IP address (or domain or hostname) and a port seen as a tuple (or as a triple) in a specific time frame.", "meta-category": "network", "name": "ip-port", "template_uuid": "9f8cea74-16fe-4968-a2b4-026676949ac6", "template_version": "7", "timestamp": "1575384033", "uuid": "4cf21017-f924-403b-ab8e-380573ea512e", "Attribute": [ { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ip", "timestamp": "1575384033", "to_ids": true, "type": "ip-dst", "uuid": "56ab451d-53fd-4877-a010-a9756a3124c7", "value": "137.74.157.84" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "first-seen", "timestamp": "1575384033", "to_ids": false, "type": "datetime", "uuid": "615b565d-fe75-4cab-bedd-ebc6747908e2", "value": "2018-12-18T00:00:00" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "last-seen", "timestamp": "1575384033", "to_ids": false, "type": "datetime", "uuid": "a7b5f8c7-eb74-4776-a505-1c988a6d02c4", "value": "2019-10-21T00:00:00" } ] }, { "comment": "", "deleted": false, "description": "An IP address (or domain or hostname) and a port seen as a tuple (or as a triple) in a specific time frame.", "meta-category": "network", "name": "ip-port", "template_uuid": "9f8cea74-16fe-4968-a2b4-026676949ac6", "template_version": "7", "timestamp": "1575384034", "uuid": "94a30556-2476-4fd2-94d6-06a151831884", "Attribute": [ { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ip", "timestamp": "1575384034", "to_ids": true, "type": "ip-dst", "uuid": "f1191ce9-4066-4be0-bb1f-fd8de9f612ef", "value": "185.122.56.232" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "first-seen", "timestamp": "1575384034", "to_ids": false, "type": "datetime", "uuid": "0ebff068-786b-4024-ae25-591da41d7697", "value": "2018-09-29T00:00:00" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "last-seen", "timestamp": "1575384034", "to_ids": false, "type": "datetime", "uuid": "ef6e7ae3-7ffd-4f08-ba35-669ab8546ff0", "value": "2018-11-04T00:00:00" } ] }, { "comment": "", "deleted": false, "description": "An IP address (or domain or hostname) and a port seen as a tuple (or as a triple) in a specific time frame.", "meta-category": "network", "name": "ip-port", "template_uuid": "9f8cea74-16fe-4968-a2b4-026676949ac6", "template_version": "7", "timestamp": "1575384034", "uuid": "87d3ad19-a9e7-4e25-a695-ea5b4a1b8c5d", "Attribute": [ { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ip", "timestamp": "1575384034", "to_ids": true, "type": "ip-dst", "uuid": "98a29ae5-070e-4ef9-bf79-be08db43c311", "value": "185.125.204.57" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "first-seen", "timestamp": "1575384034", "to_ids": false, "type": "datetime", "uuid": "aaabe5b8-b435-40fd-b9bf-22c5f0937348", "value": "2018-10-25T00:00:00" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "last-seen", "timestamp": "1575384034", "to_ids": false, "type": "datetime", "uuid": "7fceb1c4-9508-40d9-b215-9c989fd9e4f3", "value": "2019-01-14T00:00:00" } ] }, { "comment": "", "deleted": false, "description": "An IP address (or domain or hostname) and a port seen as a tuple (or as a triple) in a specific time frame.", "meta-category": "network", "name": "ip-port", "template_uuid": "9f8cea74-16fe-4968-a2b4-026676949ac6", "template_version": "7", "timestamp": "1575384035", "uuid": "ee15f4bd-db1d-4297-a53b-9ab11ab65716", "Attribute": [ { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ip", "timestamp": "1575384035", "to_ids": true, "type": "ip-dst", "uuid": "c4c92cdc-6368-4f85-a2e6-ddd6a3b57854", "value": "185.175.138.173" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "first-seen", "timestamp": "1575384035", "to_ids": false, "type": "datetime", "uuid": "9ebdc9ee-000b-4766-b253-5afbb53788e7", "value": "2019-01-19T00:00:00" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "last-seen", "timestamp": "1575384035", "to_ids": false, "type": "datetime", "uuid": "7605eeb1-a765-4a95-8e0b-f4ccd3f5f6df", "value": "2019-01-22T00:00:00" } ] }, { "comment": "", "deleted": false, "description": "An IP address (or domain or hostname) and a port seen as a tuple (or as a triple) in a specific time frame.", "meta-category": "network", "name": "ip-port", "template_uuid": "9f8cea74-16fe-4968-a2b4-026676949ac6", "template_version": "7", "timestamp": "1575384035", "uuid": "a846ef5e-c63a-4068-984b-8cdc38ef617b", "Attribute": [ { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ip", "timestamp": "1575384035", "to_ids": true, "type": "ip-dst", "uuid": "7e8fdaf4-efdd-4a7f-b9dd-8a3125b5dd81", "value": "188.165.119.138" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "first-seen", "timestamp": "1575384035", "to_ids": false, "type": "datetime", "uuid": "8d2ddecc-9120-44e9-bdc3-e692e51f7bc3", "value": "2018-10-08T00:00:00" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "last-seen", "timestamp": "1575384035", "to_ids": false, "type": "datetime", "uuid": "d618d17a-f95d-4826-b99b-31eb46051891", "value": "2018-11-19T00:00:00" } ] }, { "comment": "", "deleted": false, "description": "An IP address (or domain or hostname) and a port seen as a tuple (or as a triple) in a specific time frame.", "meta-category": "network", "name": "ip-port", "template_uuid": "9f8cea74-16fe-4968-a2b4-026676949ac6", "template_version": "7", "timestamp": "1575384036", "uuid": "1b6633ee-60c0-48fb-8b49-6fcc7d411309", "Attribute": [ { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ip", "timestamp": "1575384036", "to_ids": true, "type": "ip-dst", "uuid": "33ec373d-51b6-4613-b640-7f6c8c690d48", "value": "193.70.71.112" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "first-seen", "timestamp": "1575384037", "to_ids": false, "type": "datetime", "uuid": "13085793-c0a5-4aa2-8169-549ab1e16d44", "value": "2019-03-07T00:00:00" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "last-seen", "timestamp": "1575384037", "to_ids": false, "type": "datetime", "uuid": "9fb50416-4ad0-494b-8b15-b9b29d21d500", "value": "2019-03-17T00:00:00" } ] }, { "comment": "", "deleted": false, "description": "An IP address (or domain or hostname) and a port seen as a tuple (or as a triple) in a specific time frame.", "meta-category": "network", "name": "ip-port", "template_uuid": "9f8cea74-16fe-4968-a2b4-026676949ac6", "template_version": "7", "timestamp": "1575384037", "uuid": "c3feb2d0-0ebe-47e6-b0da-ad419ea6aee7", "Attribute": [ { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ip", "timestamp": "1575384037", "to_ids": true, "type": "ip-dst", "uuid": "b5cba2c3-a666-4310-b87e-b4f72185bdf8", "value": "195.154.41.72" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "first-seen", "timestamp": "1575384037", "to_ids": false, "type": "datetime", "uuid": "625f33ae-bcd2-4c50-bf9c-100509774ff1", "value": "2019-01-13T00:00:00" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "last-seen", "timestamp": "1575384037", "to_ids": false, "type": "datetime", "uuid": "de5cc7ac-06cb-4af3-8bff-843db303d59c", "value": "2019-01-20T00:00:00" } ] }, { "comment": "", "deleted": false, "description": "An IP address (or domain or hostname) and a port seen as a tuple (or as a triple) in a specific time frame.", "meta-category": "network", "name": "ip-port", "template_uuid": "9f8cea74-16fe-4968-a2b4-026676949ac6", "template_version": "7", "timestamp": "1575384037", "uuid": "e0c182b5-2961-461b-bc17-36cc4ff11dc5", "Attribute": [ { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ip", "timestamp": "1575384037", "to_ids": true, "type": "ip-dst", "uuid": "c28668c7-b7f6-4b7b-8740-6acbb6fbbe00", "value": "213.32.113.159" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "first-seen", "timestamp": "1575384037", "to_ids": false, "type": "datetime", "uuid": "d0b1af5f-fd30-4cc2-b805-b42b1b6d5005", "value": "2019-06-30T00:00:00" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "last-seen", "timestamp": "1575384037", "to_ids": false, "type": "datetime", "uuid": "19e0ef4f-9069-46d7-b8ff-350150b0f86d", "value": "2019-09-16T00:00:00" } ] }, { "comment": "", "deleted": false, "description": "An IP address (or domain or hostname) and a port seen as a tuple (or as a triple) in a specific time frame.", "meta-category": "network", "name": "ip-port", "template_uuid": "9f8cea74-16fe-4968-a2b4-026676949ac6", "template_version": "7", "timestamp": "1575384038", "uuid": "fd1343f2-286e-4036-b9a8-1adff8eb2479", "Attribute": [ { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ip", "timestamp": "1575384038", "to_ids": true, "type": "ip-dst", "uuid": "66c94b5a-646a-42ea-b710-c7ee7aed53d6", "value": "216.244.93.137" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "first-seen", "timestamp": "1575384038", "to_ids": false, "type": "datetime", "uuid": "d50162e0-988b-490b-99f0-f14f9a1e3487", "value": "2018-12-10T00:00:00" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "last-seen", "timestamp": "1575384038", "to_ids": false, "type": "datetime", "uuid": "676883e3-d9c4-47f1-97a1-a2eb63e78e62", "value": "2018-12-21T00:00:00" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "16", "timestamp": "1575384285", "uuid": "e9693797-9115-4631-972d-7a8e0e3a1e9e", "Attribute": [ { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1575384285", "to_ids": true, "type": "filename", "uuid": "fff6f6c5-596d-4486-bebf-cf9b18bf7017", "value": "MsdUpdate.exe" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1575384291", "to_ids": true, "type": "sha256", "uuid": "263322c7-646d-4a7f-9dfb-1d6f590635ca", "value": "e954ff741baebb173ba45fbcfdea7499d00d8cfa2933b69f6cc0970b294f9ffd" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "16", "timestamp": "1575384291", "uuid": "82666f1d-b22b-436e-979d-5d75e303e141", "Attribute": [ { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1575384291", "to_ids": true, "type": "filename", "uuid": "a838a207-fea3-4f4c-9602-4e163f9df78a", "value": "MsdUpdate.exe" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1575384291", "to_ids": true, "type": "sha256", "uuid": "a80176aa-6020-4cfc-807e-28bbef18d8c4", "value": "b58a2ef01af65d32ca4ba555bd72931dc68728e6d96d8808afca029b4c75d31e" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "16", "timestamp": "1575384291", "uuid": "5ac505ff-4ea6-4dbd-8dd8-75a55c32741e", "Attribute": [ { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1575384292", "to_ids": true, "type": "filename", "uuid": "6250d5cd-efe1-46f0-ac3a-494203ea1dd7", "value": "MsdUpdate.exe" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1575384292", "to_ids": true, "type": "sha256", "uuid": "be41826f-0a04-48e5-9e1f-928b98568414", "value": "a67461a0c14fc1528ad83b9bd874f53b7616cfed99656442fb4d9cdd7d09e449" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "16", "timestamp": "1575384292", "uuid": "71915c2b-eb82-44d7-90d4-566307cca0a5", "Attribute": [ { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1575384292", "to_ids": true, "type": "filename", "uuid": "15bcb98d-43ab-4f3e-8e5b-4ef5d5cf7c2b", "value": "MsdUpdate.exe" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1575384292", "to_ids": true, "type": "sha256", "uuid": "6a0fd476-12ed-4ab8-a0f3-7d405186873d", "value": "c303454efb21c0bf0df6fb6c2a14e401efeb57c1c574f63cdae74ef74a3b01f2" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "16", "timestamp": "1575384293", "uuid": "96669752-aadb-43b9-8c29-7ccec173980d", "Attribute": [ { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1575384293", "to_ids": true, "type": "filename", "uuid": "bfc17797-b941-4352-8260-f2ef0384a86a", "value": "MsdUpdate.exe" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1575384293", "to_ids": true, "type": "sha256", "uuid": "f96a6943-1b79-4bc3-a585-b69a9fb82b90", "value": "75e6bafc4fa496b418df0208f12e688b16e7afdb94a7b30e3eca532717beb9ba" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "16", "timestamp": "1575384294", "uuid": "ad36a520-c695-43b7-8ad2-a7de2481e6da", "Attribute": [ { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1575384294", "to_ids": true, "type": "filename", "uuid": "a4b882af-d0bf-4b2f-ba28-f5ee73df4510", "value": "MsdUpdate.exe" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1575384295", "to_ids": true, "type": "sha256", "uuid": "fbfb454d-5705-4a25-8130-5c4a45404c55", "value": "8fb6cbf6f6b6a897bf0ee1217dbf738bce7a3000507b89ea30049fd670018b46" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "16", "timestamp": "1575384295", "uuid": "62f6f45e-a6b4-4dd4-9d7f-3ffb6a7c194d", "Attribute": [ { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1575384295", "to_ids": true, "type": "filename", "uuid": "31ed3a7e-afff-4efb-ad69-3b6d8d305923", "value": "DysonPart.exe" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1575384296", "to_ids": true, "type": "sha256", "uuid": "7197cdc9-6f50-4079-843e-586648f50c28", "value": "ba9d76cca6b5c7308961cfe3739dc1328f3dad9a824417fad73b842b043daa1a" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "16", "timestamp": "1575384296", "uuid": "9cf77da3-bde0-4a41-874f-60c45953b1e0", "Attribute": [ { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1575384296", "to_ids": true, "type": "sha256", "uuid": "80ae4483-76ad-435b-84de-a779eb71e75d", "value": "07e1baf1d0207a139bcf39c60354666496e4331381d36eef9359120b1d8497f1" } ] } ] } }